The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c

Version: -  FREEBSD  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: head/sys/netipsec/key.c 296303 2016-03-02 05:04:04Z markj $   */
    2 /*      $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 /*
   34  * This code is referd to RFC 2367
   35  */
   36 
   37 #include "opt_inet.h"
   38 #include "opt_inet6.h"
   39 #include "opt_ipsec.h"
   40 
   41 #include <sys/types.h>
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/kernel.h>
   45 #include <sys/lock.h>
   46 #include <sys/mutex.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/rmlock.h>
   52 #include <sys/socket.h>
   53 #include <sys/socketvar.h>
   54 #include <sys/sysctl.h>
   55 #include <sys/errno.h>
   56 #include <sys/proc.h>
   57 #include <sys/queue.h>
   58 #include <sys/refcount.h>
   59 #include <sys/syslog.h>
   60 
   61 #include <net/if.h>
   62 #include <net/if_var.h>
   63 #include <net/vnet.h>
   64 #include <net/raw_cb.h>
   65 
   66 #include <netinet/in.h>
   67 #include <netinet/in_systm.h>
   68 #include <netinet/ip.h>
   69 #include <netinet/in_var.h>
   70 
   71 #ifdef INET6
   72 #include <netinet/ip6.h>
   73 #include <netinet6/in6_var.h>
   74 #include <netinet6/ip6_var.h>
   75 #endif /* INET6 */
   76 
   77 #if defined(INET) || defined(INET6)
   78 #include <netinet/in_pcb.h>
   79 #endif
   80 #ifdef INET6
   81 #include <netinet6/in6_pcb.h>
   82 #endif /* INET6 */
   83 
   84 #include <net/pfkeyv2.h>
   85 #include <netipsec/keydb.h>
   86 #include <netipsec/key.h>
   87 #include <netipsec/keysock.h>
   88 #include <netipsec/key_debug.h>
   89 
   90 #include <netipsec/ipsec.h>
   91 #ifdef INET6
   92 #include <netipsec/ipsec6.h>
   93 #endif
   94 
   95 #include <netipsec/xform.h>
   96 
   97 #include <machine/stdarg.h>
   98 
   99 /* randomness */
  100 #include <sys/random.h>
  101 
  102 #define FULLMASK        0xff
  103 #define _BITS(bytes)    ((bytes) << 3)
  104 
  105 /*
  106  * Note on SA reference counting:
  107  * - SAs that are not in DEAD state will have (total external reference + 1)
  108  *   following value in reference count field.  they cannot be freed and are
  109  *   referenced from SA header.
  110  * - SAs that are in DEAD state will have (total external reference)
  111  *   in reference count field.  they are ready to be freed.  reference from
  112  *   SA header will be removed in key_delsav(), when the reference count
  113  *   field hits 0 (= no external reference other than from SA header.
  114  */
  115 
  116 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
  117 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000;
  118 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100;
  119 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff;     /* XXX */
  120 static VNET_DEFINE(u_int32_t, policy_id) = 0;
  121 /*interval to initialize randseed,1(m)*/
  122 static VNET_DEFINE(u_int, key_int_random) = 60;
  123 /* interval to expire acquiring, 30(s)*/
  124 static VNET_DEFINE(u_int, key_larval_lifetime) = 30;
  125 /* counter for blocking SADB_ACQUIRE.*/
  126 static VNET_DEFINE(int, key_blockacq_count) = 10;
  127 /* lifetime for blocking SADB_ACQUIRE.*/
  128 static VNET_DEFINE(int, key_blockacq_lifetime) = 20;
  129 /* preferred old sa rather than new sa.*/
  130 static VNET_DEFINE(int, key_preferred_oldsa) = 1;
  131 #define V_key_spi_trycnt        VNET(key_spi_trycnt)
  132 #define V_key_spi_minval        VNET(key_spi_minval)
  133 #define V_key_spi_maxval        VNET(key_spi_maxval)
  134 #define V_policy_id             VNET(policy_id)
  135 #define V_key_int_random        VNET(key_int_random)
  136 #define V_key_larval_lifetime   VNET(key_larval_lifetime)
  137 #define V_key_blockacq_count    VNET(key_blockacq_count)
  138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime)
  139 #define V_key_preferred_oldsa   VNET(key_preferred_oldsa)
  140 
  141 static VNET_DEFINE(u_int32_t, acq_seq) = 0;
  142 #define V_acq_seq               VNET(acq_seq)
  143 
  144                                                                 /* SPD */
  145 static VNET_DEFINE(TAILQ_HEAD(_sptree, secpolicy), sptree[IPSEC_DIR_MAX]);
  146 static struct rmlock sptree_lock;
  147 #define V_sptree                VNET(sptree)
  148 #define SPTREE_LOCK_INIT()      rm_init(&sptree_lock, "sptree")
  149 #define SPTREE_LOCK_DESTROY()   rm_destroy(&sptree_lock)
  150 #define SPTREE_RLOCK_TRACKER    struct rm_priotracker sptree_tracker
  151 #define SPTREE_RLOCK()          rm_rlock(&sptree_lock, &sptree_tracker)
  152 #define SPTREE_RUNLOCK()        rm_runlock(&sptree_lock, &sptree_tracker)
  153 #define SPTREE_RLOCK_ASSERT()   rm_assert(&sptree_lock, RA_RLOCKED)
  154 #define SPTREE_WLOCK()          rm_wlock(&sptree_lock)
  155 #define SPTREE_WUNLOCK()        rm_wunlock(&sptree_lock)
  156 #define SPTREE_WLOCK_ASSERT()   rm_assert(&sptree_lock, RA_WLOCKED)
  157 #define SPTREE_UNLOCK_ASSERT()  rm_assert(&sptree_lock, RA_UNLOCKED)
  158 
  159 static VNET_DEFINE(LIST_HEAD(_sahtree, secashead), sahtree);    /* SAD */
  160 #define V_sahtree               VNET(sahtree)
  161 static struct mtx sahtree_lock;
  162 #define SAHTREE_LOCK_INIT() \
  163         mtx_init(&sahtree_lock, "sahtree", \
  164                 "fast ipsec security association database", MTX_DEF)
  165 #define SAHTREE_LOCK_DESTROY()  mtx_destroy(&sahtree_lock)
  166 #define SAHTREE_LOCK()          mtx_lock(&sahtree_lock)
  167 #define SAHTREE_UNLOCK()        mtx_unlock(&sahtree_lock)
  168 #define SAHTREE_LOCK_ASSERT()   mtx_assert(&sahtree_lock, MA_OWNED)
  169 
  170                                                         /* registed list */
  171 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
  172 #define V_regtree               VNET(regtree)
  173 static struct mtx regtree_lock;
  174 #define REGTREE_LOCK_INIT() \
  175         mtx_init(&regtree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
  176 #define REGTREE_LOCK_DESTROY()  mtx_destroy(&regtree_lock)
  177 #define REGTREE_LOCK()          mtx_lock(&regtree_lock)
  178 #define REGTREE_UNLOCK()        mtx_unlock(&regtree_lock)
  179 #define REGTREE_LOCK_ASSERT()   mtx_assert(&regtree_lock, MA_OWNED)
  180 
  181 static VNET_DEFINE(LIST_HEAD(_acqtree, secacq), acqtree); /* acquiring list */
  182 #define V_acqtree               VNET(acqtree)
  183 static struct mtx acq_lock;
  184 #define ACQ_LOCK_INIT() \
  185         mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF)
  186 #define ACQ_LOCK_DESTROY()      mtx_destroy(&acq_lock)
  187 #define ACQ_LOCK()              mtx_lock(&acq_lock)
  188 #define ACQ_UNLOCK()            mtx_unlock(&acq_lock)
  189 #define ACQ_LOCK_ASSERT()       mtx_assert(&acq_lock, MA_OWNED)
  190 
  191                                                         /* SP acquiring list */
  192 static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree);
  193 #define V_spacqtree             VNET(spacqtree)
  194 static struct mtx spacq_lock;
  195 #define SPACQ_LOCK_INIT() \
  196         mtx_init(&spacq_lock, "spacqtree", \
  197                 "fast ipsec security policy acquire list", MTX_DEF)
  198 #define SPACQ_LOCK_DESTROY()    mtx_destroy(&spacq_lock)
  199 #define SPACQ_LOCK()            mtx_lock(&spacq_lock)
  200 #define SPACQ_UNLOCK()          mtx_unlock(&spacq_lock)
  201 #define SPACQ_LOCK_ASSERT()     mtx_assert(&spacq_lock, MA_OWNED)
  202 
  203 /* search order for SAs */
  204 static const u_int saorder_state_valid_prefer_old[] = {
  205         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  206 };
  207 static const u_int saorder_state_valid_prefer_new[] = {
  208         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  209 };
  210 static const u_int saorder_state_alive[] = {
  211         /* except DEAD */
  212         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  213 };
  214 static const u_int saorder_state_any[] = {
  215         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  216         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  217 };
  218 
  219 static const int minsize[] = {
  220         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  221         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  222         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  223         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  224         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  225         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  226         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  227         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  228         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  229         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  230         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  231         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  232         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  233         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  234         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  235         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  236         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  237         0,                              /* SADB_X_EXT_KMPRIVATE */
  238         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  239         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  240         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  241         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  242         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  243         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAI */
  244         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAR */
  245         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  246 };
  247 static const int maxsize[] = {
  248         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  249         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  250         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  251         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  252         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  253         0,                              /* SADB_EXT_ADDRESS_SRC */
  254         0,                              /* SADB_EXT_ADDRESS_DST */
  255         0,                              /* SADB_EXT_ADDRESS_PROXY */
  256         0,                              /* SADB_EXT_KEY_AUTH */
  257         0,                              /* SADB_EXT_KEY_ENCRYPT */
  258         0,                              /* SADB_EXT_IDENTITY_SRC */
  259         0,                              /* SADB_EXT_IDENTITY_DST */
  260         0,                              /* SADB_EXT_SENSITIVITY */
  261         0,                              /* SADB_EXT_PROPOSAL */
  262         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  263         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  264         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  265         0,                              /* SADB_X_EXT_KMPRIVATE */
  266         0,                              /* SADB_X_EXT_POLICY */
  267         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  268         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  269         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  270         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  271         0,                              /* SADB_X_EXT_NAT_T_OAI */
  272         0,                              /* SADB_X_EXT_NAT_T_OAR */
  273         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  274 };
  275 
  276 static VNET_DEFINE(int, ipsec_esp_keymin) = 256;
  277 static VNET_DEFINE(int, ipsec_esp_auth) = 0;
  278 static VNET_DEFINE(int, ipsec_ah_keymin) = 128;
  279 
  280 #define V_ipsec_esp_keymin      VNET(ipsec_esp_keymin)
  281 #define V_ipsec_esp_auth        VNET(ipsec_esp_auth)
  282 #define V_ipsec_ah_keymin       VNET(ipsec_ah_keymin)
  283 
  284 #ifdef SYSCTL_DECL
  285 SYSCTL_DECL(_net_key);
  286 #endif
  287 
  288 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,        debug,
  289         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
  290 
  291 /* max count of trial for the decision of spi value */
  292 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
  293         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
  294 
  295 /* minimum spi value to allocate automatically. */
  296 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval,
  297         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
  298 
  299 /* maximun spi value to allocate automatically. */
  300 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval,
  301         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
  302 
  303 /* interval to initialize randseed */
  304 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,
  305         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
  306 
  307 /* lifetime for larval SA */
  308 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime,
  309         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
  310 
  311 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  312 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count,
  313         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
  314 
  315 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  316 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime,
  317         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
  318 
  319 /* ESP auth */
  320 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
  321         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
  322 
  323 /* minimum ESP key length */
  324 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin,
  325         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
  326 
  327 /* minimum AH key length */
  328 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
  329         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
  330 
  331 /* perfered old SA rather than new SA */
  332 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa,
  333         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
  334 
  335 #define __LIST_CHAINED(elm) \
  336         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  337 #define LIST_INSERT_TAIL(head, elm, type, field) \
  338 do {\
  339         struct type *curelm = LIST_FIRST(head); \
  340         if (curelm == NULL) {\
  341                 LIST_INSERT_HEAD(head, elm, field); \
  342         } else { \
  343                 while (LIST_NEXT(curelm, field)) \
  344                         curelm = LIST_NEXT(curelm, field);\
  345                 LIST_INSERT_AFTER(curelm, elm, field);\
  346         }\
  347 } while (0)
  348 
  349 #define KEY_CHKSASTATE(head, sav, name) \
  350 do { \
  351         if ((head) != (sav)) {                                          \
  352                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
  353                         (name), (head), (sav)));                        \
  354                 continue;                                               \
  355         }                                                               \
  356 } while (0)
  357 
  358 #define KEY_CHKSPDIR(head, sp, name) \
  359 do { \
  360         if ((head) != (sp)) {                                           \
  361                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
  362                         "anyway continue.\n",                           \
  363                         (name), (head), (sp)));                         \
  364         }                                                               \
  365 } while (0)
  366 
  367 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association");
  368 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head");
  369 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy");
  370 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request");
  371 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous");
  372 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire");
  373 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire");
  374 
  375 /*
  376  * set parameters into secpolicyindex buffer.
  377  * Must allocate secpolicyindex buffer passed to this function.
  378  */
  379 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
  380 do { \
  381         bzero((idx), sizeof(struct secpolicyindex));                         \
  382         (idx)->dir = (_dir);                                                 \
  383         (idx)->prefs = (ps);                                                 \
  384         (idx)->prefd = (pd);                                                 \
  385         (idx)->ul_proto = (ulp);                                             \
  386         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  387         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  388 } while (0)
  389 
  390 /*
  391  * set parameters into secasindex buffer.
  392  * Must allocate secasindex buffer before calling this function.
  393  */
  394 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  395 do { \
  396         bzero((idx), sizeof(struct secasindex));                             \
  397         (idx)->proto = (p);                                                  \
  398         (idx)->mode = (m);                                                   \
  399         (idx)->reqid = (r);                                                  \
  400         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  401         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  402 } while (0)
  403 
  404 /* key statistics */
  405 struct _keystat {
  406         u_long getspi_count; /* the avarage of count to try to get new SPI */
  407 } keystat;
  408 
  409 struct sadb_msghdr {
  410         struct sadb_msg *msg;
  411         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  412         int extoff[SADB_EXT_MAX + 1];
  413         int extlen[SADB_EXT_MAX + 1];
  414 };
  415 
  416 #ifndef IPSEC_DEBUG2
  417 static struct callout key_timer;
  418 #endif
  419 
  420 static struct secasvar *key_allocsa_policy(const struct secasindex *);
  421 static void key_freesp_so(struct secpolicy **);
  422 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
  423 static void key_unlink(struct secpolicy *);
  424 static struct secpolicy *key_getsp(struct secpolicyindex *);
  425 static struct secpolicy *key_getspbyid(u_int32_t);
  426 static u_int32_t key_newreqid(void);
  427 static struct mbuf *key_gather_mbuf(struct mbuf *,
  428         const struct sadb_msghdr *, int, int, ...);
  429 static int key_spdadd(struct socket *, struct mbuf *,
  430         const struct sadb_msghdr *);
  431 static u_int32_t key_getnewspid(void);
  432 static int key_spddelete(struct socket *, struct mbuf *,
  433         const struct sadb_msghdr *);
  434 static int key_spddelete2(struct socket *, struct mbuf *,
  435         const struct sadb_msghdr *);
  436 static int key_spdget(struct socket *, struct mbuf *,
  437         const struct sadb_msghdr *);
  438 static int key_spdflush(struct socket *, struct mbuf *,
  439         const struct sadb_msghdr *);
  440 static int key_spddump(struct socket *, struct mbuf *,
  441         const struct sadb_msghdr *);
  442 static struct mbuf *key_setdumpsp(struct secpolicy *,
  443         u_int8_t, u_int32_t, u_int32_t);
  444 static u_int key_getspreqmsglen(struct secpolicy *);
  445 static int key_spdexpire(struct secpolicy *);
  446 static struct secashead *key_newsah(struct secasindex *);
  447 static void key_delsah(struct secashead *);
  448 static struct secasvar *key_newsav(struct mbuf *,
  449         const struct sadb_msghdr *, struct secashead *, int *,
  450         const char*, int);
  451 #define KEY_NEWSAV(m, sadb, sah, e)                             \
  452         key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
  453 static void key_delsav(struct secasvar *);
  454 static struct secashead *key_getsah(struct secasindex *);
  455 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
  456 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
  457 static int key_setsaval(struct secasvar *, struct mbuf *,
  458         const struct sadb_msghdr *);
  459 static int key_mature(struct secasvar *);
  460 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
  461         u_int8_t, u_int32_t, u_int32_t);
  462 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
  463         u_int32_t, pid_t, u_int16_t);
  464 static struct mbuf *key_setsadbsa(struct secasvar *);
  465 static struct mbuf *key_setsadbaddr(u_int16_t,
  466         const struct sockaddr *, u_int8_t, u_int16_t);
  467 #ifdef IPSEC_NAT_T
  468 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
  469 static struct mbuf *key_setsadbxtype(u_int16_t);
  470 #endif
  471 static void key_porttosaddr(struct sockaddr *, u_int16_t);
  472 #define KEY_PORTTOSADDR(saddr, port)                            \
  473         key_porttosaddr((struct sockaddr *)(saddr), (port))
  474 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
  475 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
  476         u_int32_t, u_int32_t);
  477 static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, 
  478                                      struct malloc_type *);
  479 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
  480                                             struct malloc_type *type);
  481 #ifdef INET6
  482 static int key_ismyaddr6(struct sockaddr_in6 *);
  483 #endif
  484 
  485 /* flags for key_cmpsaidx() */
  486 #define CMP_HEAD        1       /* protocol, addresses. */
  487 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  488 #define CMP_REQID       3       /* additionally HEAD, reaid. */
  489 #define CMP_EXACTLY     4       /* all elements. */
  490 static int key_cmpsaidx(const struct secasindex *,
  491     const struct secasindex *, int);
  492 static int key_cmpspidx_exactly(struct secpolicyindex *,
  493     struct secpolicyindex *);
  494 static int key_cmpspidx_withmask(struct secpolicyindex *,
  495     struct secpolicyindex *);
  496 static int key_sockaddrcmp(const struct sockaddr *,
  497     const struct sockaddr *, int);
  498 static int key_bbcmp(const void *, const void *, u_int);
  499 static u_int16_t key_satype2proto(u_int8_t);
  500 static u_int8_t key_proto2satype(u_int16_t);
  501 
  502 static int key_getspi(struct socket *, struct mbuf *,
  503         const struct sadb_msghdr *);
  504 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
  505                                         struct secasindex *);
  506 static int key_update(struct socket *, struct mbuf *,
  507         const struct sadb_msghdr *);
  508 #ifdef IPSEC_DOSEQCHECK
  509 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
  510 #endif
  511 static int key_add(struct socket *, struct mbuf *,
  512         const struct sadb_msghdr *);
  513 static int key_setident(struct secashead *, struct mbuf *,
  514         const struct sadb_msghdr *);
  515 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
  516         const struct sadb_msghdr *);
  517 static int key_delete(struct socket *, struct mbuf *,
  518         const struct sadb_msghdr *);
  519 static int key_delete_all(struct socket *, struct mbuf *,
  520         const struct sadb_msghdr *, u_int16_t);
  521 static int key_get(struct socket *, struct mbuf *,
  522         const struct sadb_msghdr *);
  523 
  524 static void key_getcomb_setlifetime(struct sadb_comb *);
  525 static struct mbuf *key_getcomb_esp(void);
  526 static struct mbuf *key_getcomb_ah(void);
  527 static struct mbuf *key_getcomb_ipcomp(void);
  528 static struct mbuf *key_getprop(const struct secasindex *);
  529 
  530 static int key_acquire(const struct secasindex *, struct secpolicy *);
  531 static struct secacq *key_newacq(const struct secasindex *);
  532 static struct secacq *key_getacq(const struct secasindex *);
  533 static struct secacq *key_getacqbyseq(u_int32_t);
  534 static struct secspacq *key_newspacq(struct secpolicyindex *);
  535 static struct secspacq *key_getspacq(struct secpolicyindex *);
  536 static int key_acquire2(struct socket *, struct mbuf *,
  537         const struct sadb_msghdr *);
  538 static int key_register(struct socket *, struct mbuf *,
  539         const struct sadb_msghdr *);
  540 static int key_expire(struct secasvar *, int);
  541 static int key_flush(struct socket *, struct mbuf *,
  542         const struct sadb_msghdr *);
  543 static int key_dump(struct socket *, struct mbuf *,
  544         const struct sadb_msghdr *);
  545 static int key_promisc(struct socket *, struct mbuf *,
  546         const struct sadb_msghdr *);
  547 static int key_senderror(struct socket *, struct mbuf *, int);
  548 static int key_validate_ext(const struct sadb_ext *, int);
  549 static int key_align(struct mbuf *, struct sadb_msghdr *);
  550 static struct mbuf *key_setlifetime(struct seclifetime *src, 
  551                                      u_int16_t exttype);
  552 static struct mbuf *key_setkey(struct seckey *src, u_int16_t exttype);
  553 
  554 #if 0
  555 static const char *key_getfqdn(void);
  556 static const char *key_getuserfqdn(void);
  557 #endif
  558 static void key_sa_chgstate(struct secasvar *, u_int8_t);
  559 
  560 static __inline void
  561 sa_initref(struct secasvar *sav)
  562 {
  563 
  564         refcount_init(&sav->refcnt, 1);
  565 }
  566 static __inline void
  567 sa_addref(struct secasvar *sav)
  568 {
  569 
  570         refcount_acquire(&sav->refcnt);
  571         IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow"));
  572 }
  573 static __inline int
  574 sa_delref(struct secasvar *sav)
  575 {
  576 
  577         IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow"));
  578         return (refcount_release(&sav->refcnt));
  579 }
  580 
  581 #define SP_ADDREF(p)    refcount_acquire(&(p)->refcnt)
  582 #define SP_DELREF(p)    refcount_release(&(p)->refcnt)
  583 
  584 /*
  585  * Update the refcnt while holding the SPTREE lock.
  586  */
  587 void
  588 key_addref(struct secpolicy *sp)
  589 {
  590 
  591         SP_ADDREF(sp);
  592 }
  593 
  594 /*
  595  * Return 0 when there are known to be no SP's for the specified
  596  * direction.  Otherwise return 1.  This is used by IPsec code
  597  * to optimize performance.
  598  */
  599 int
  600 key_havesp(u_int dir)
  601 {
  602 
  603         return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
  604                 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1);
  605 }
  606 
  607 /* %%% IPsec policy management */
  608 /*
  609  * allocating a SP for OUTBOUND or INBOUND packet.
  610  * Must call key_freesp() later.
  611  * OUT: NULL:   not found
  612  *      others: found and return the pointer.
  613  */
  614 struct secpolicy *
  615 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where,
  616     int tag)
  617 {
  618         SPTREE_RLOCK_TRACKER;
  619         struct secpolicy *sp;
  620 
  621         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
  622         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  623                 ("invalid direction %u", dir));
  624 
  625         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  626                 printf("DP %s from %s:%u\n", __func__, where, tag));
  627 
  628         /* get a SP entry */
  629         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  630                 printf("*** objects\n");
  631                 kdebug_secpolicyindex(spidx));
  632 
  633         SPTREE_RLOCK();
  634         TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
  635                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  636                         printf("*** in SPD\n");
  637                         kdebug_secpolicyindex(&sp->spidx));
  638                 if (key_cmpspidx_withmask(&sp->spidx, spidx))
  639                         goto found;
  640         }
  641         sp = NULL;
  642 found:
  643         if (sp) {
  644                 /* sanity check */
  645                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  646 
  647                 /* found a SPD entry */
  648                 sp->lastused = time_second;
  649                 SP_ADDREF(sp);
  650         }
  651         SPTREE_RUNLOCK();
  652 
  653         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  654                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  655                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  656         return sp;
  657 }
  658 
  659 /*
  660  * allocating a SP for OUTBOUND or INBOUND packet.
  661  * Must call key_freesp() later.
  662  * OUT: NULL:   not found
  663  *      others: found and return the pointer.
  664  */
  665 struct secpolicy *
  666 key_allocsp2(u_int32_t spi, union sockaddr_union *dst, u_int8_t proto,
  667     u_int dir, const char* where, int tag)
  668 {
  669         SPTREE_RLOCK_TRACKER;
  670         struct secpolicy *sp;
  671 
  672         IPSEC_ASSERT(dst != NULL, ("null dst"));
  673         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  674                 ("invalid direction %u", dir));
  675 
  676         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  677                 printf("DP %s from %s:%u\n", __func__, where, tag));
  678 
  679         /* get a SP entry */
  680         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  681                 printf("*** objects\n");
  682                 printf("spi %u proto %u dir %u\n", spi, proto, dir);
  683                 kdebug_sockaddr(&dst->sa));
  684 
  685         SPTREE_RLOCK();
  686         TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
  687                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  688                         printf("*** in SPD\n");
  689                         kdebug_secpolicyindex(&sp->spidx));
  690                 /* compare simple values, then dst address */
  691                 if (sp->spidx.ul_proto != proto)
  692                         continue;
  693                 /* NB: spi's must exist and match */
  694                 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
  695                         continue;
  696                 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
  697                         goto found;
  698         }
  699         sp = NULL;
  700 found:
  701         if (sp) {
  702                 /* sanity check */
  703                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  704 
  705                 /* found a SPD entry */
  706                 sp->lastused = time_second;
  707                 SP_ADDREF(sp);
  708         }
  709         SPTREE_RUNLOCK();
  710 
  711         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  712                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  713                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  714         return sp;
  715 }
  716 
  717 #if 0
  718 /*
  719  * return a policy that matches this particular inbound packet.
  720  * XXX slow
  721  */
  722 struct secpolicy *
  723 key_gettunnel(const struct sockaddr *osrc,
  724               const struct sockaddr *odst,
  725               const struct sockaddr *isrc,
  726               const struct sockaddr *idst,
  727               const char* where, int tag)
  728 {
  729         struct secpolicy *sp;
  730         const int dir = IPSEC_DIR_INBOUND;
  731         struct ipsecrequest *r1, *r2, *p;
  732         struct secpolicyindex spidx;
  733 
  734         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  735                 printf("DP %s from %s:%u\n", __func__, where, tag));
  736 
  737         if (isrc->sa_family != idst->sa_family) {
  738                 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.",
  739                         __func__, isrc->sa_family, idst->sa_family));
  740                 sp = NULL;
  741                 goto done;
  742         }
  743 
  744         SPTREE_LOCK();
  745         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  746                 if (sp->state == IPSEC_SPSTATE_DEAD)
  747                         continue;
  748 
  749                 r1 = r2 = NULL;
  750                 for (p = sp->req; p; p = p->next) {
  751                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  752                                 continue;
  753 
  754                         r1 = r2;
  755                         r2 = p;
  756 
  757                         if (!r1) {
  758                                 /* here we look at address matches only */
  759                                 spidx = sp->spidx;
  760                                 if (isrc->sa_len > sizeof(spidx.src) ||
  761                                     idst->sa_len > sizeof(spidx.dst))
  762                                         continue;
  763                                 bcopy(isrc, &spidx.src, isrc->sa_len);
  764                                 bcopy(idst, &spidx.dst, idst->sa_len);
  765                                 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
  766                                         continue;
  767                         } else {
  768                                 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
  769                                     key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
  770                                         continue;
  771                         }
  772 
  773                         if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
  774                             key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
  775                                 continue;
  776 
  777                         goto found;
  778                 }
  779         }
  780         sp = NULL;
  781 found:
  782         if (sp) {
  783                 sp->lastused = time_second;
  784                 SP_ADDREF(sp);
  785         }
  786         SPTREE_UNLOCK();
  787 done:
  788         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  789                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  790                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  791         return sp;
  792 }
  793 #endif
  794 
  795 /*
  796  * allocating an SA entry for an *OUTBOUND* packet.
  797  * checking each request entries in SP, and acquire an SA if need.
  798  * OUT: 0: there are valid requests.
  799  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  800  */
  801 int
  802 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
  803 {
  804         u_int level;
  805         int error;
  806         struct secasvar *sav;
  807 
  808         IPSEC_ASSERT(isr != NULL, ("null isr"));
  809         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
  810         IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
  811                 saidx->mode == IPSEC_MODE_TUNNEL,
  812                 ("unexpected policy %u", saidx->mode));
  813 
  814         /*
  815          * XXX guard against protocol callbacks from the crypto
  816          * thread as they reference ipsecrequest.sav which we
  817          * temporarily null out below.  Need to rethink how we
  818          * handle bundled SA's in the callback thread.
  819          */
  820         IPSECREQUEST_LOCK_ASSERT(isr);
  821 
  822         /* get current level */
  823         level = ipsec_get_reqlevel(isr);
  824 
  825         /*
  826          * We check new SA in the IPsec request because a different
  827          * SA may be involved each time this request is checked, either
  828          * because new SAs are being configured, or this request is
  829          * associated with an unconnected datagram socket, or this request
  830          * is associated with a system default policy.
  831          *
  832          * key_allocsa_policy should allocate the oldest SA available.
  833          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  834          */
  835         sav = key_allocsa_policy(saidx);
  836         if (sav != isr->sav) {
  837                 /* SA need to be updated. */
  838                 if (!IPSECREQUEST_UPGRADE(isr)) {
  839                         /* Kick everyone off. */
  840                         IPSECREQUEST_UNLOCK(isr);
  841                         IPSECREQUEST_WLOCK(isr);
  842                 }
  843                 if (isr->sav != NULL)
  844                         KEY_FREESAV(&isr->sav);
  845                 isr->sav = sav;
  846                 IPSECREQUEST_DOWNGRADE(isr);
  847         } else if (sav != NULL)
  848                 KEY_FREESAV(&sav);
  849 
  850         /* When there is SA. */
  851         if (isr->sav != NULL) {
  852                 if (isr->sav->state != SADB_SASTATE_MATURE &&
  853                     isr->sav->state != SADB_SASTATE_DYING)
  854                         return EINVAL;
  855                 return 0;
  856         }
  857 
  858         /* there is no SA */
  859         error = key_acquire(saidx, isr->sp);
  860         if (error != 0) {
  861                 /* XXX What should I do ? */
  862                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
  863                         __func__, error));
  864                 return error;
  865         }
  866 
  867         if (level != IPSEC_LEVEL_REQUIRE) {
  868                 /* XXX sigh, the interface to this routine is botched */
  869                 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA"));
  870                 return 0;
  871         } else {
  872                 return ENOENT;
  873         }
  874 }
  875 
  876 /*
  877  * allocating a SA for policy entry from SAD.
  878  * NOTE: searching SAD of aliving state.
  879  * OUT: NULL:   not found.
  880  *      others: found and return the pointer.
  881  */
  882 static struct secasvar *
  883 key_allocsa_policy(const struct secasindex *saidx)
  884 {
  885 #define N(a)    _ARRAYLEN(a)
  886         struct secashead *sah;
  887         struct secasvar *sav;
  888         u_int stateidx, arraysize;
  889         const u_int *state_valid;
  890 
  891         state_valid = NULL;     /* silence gcc */
  892         arraysize = 0;          /* silence gcc */
  893 
  894         SAHTREE_LOCK();
  895         LIST_FOREACH(sah, &V_sahtree, chain) {
  896                 if (sah->state == SADB_SASTATE_DEAD)
  897                         continue;
  898                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) {
  899                         if (V_key_preferred_oldsa) {
  900                                 state_valid = saorder_state_valid_prefer_old;
  901                                 arraysize = N(saorder_state_valid_prefer_old);
  902                         } else {
  903                                 state_valid = saorder_state_valid_prefer_new;
  904                                 arraysize = N(saorder_state_valid_prefer_new);
  905                         }
  906                         break;
  907                 }
  908         }
  909         SAHTREE_UNLOCK();
  910         if (sah == NULL)
  911                 return NULL;
  912 
  913         /* search valid state */
  914         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  915                 sav = key_do_allocsa_policy(sah, state_valid[stateidx]);
  916                 if (sav != NULL)
  917                         return sav;
  918         }
  919 
  920         return NULL;
  921 #undef N
  922 }
  923 
  924 /*
  925  * searching SAD with direction, protocol, mode and state.
  926  * called by key_allocsa_policy().
  927  * OUT:
  928  *      NULL    : not found
  929  *      others  : found, pointer to a SA.
  930  */
  931 static struct secasvar *
  932 key_do_allocsa_policy(struct secashead *sah, u_int state)
  933 {
  934         struct secasvar *sav, *nextsav, *candidate, *d;
  935 
  936         /* initilize */
  937         candidate = NULL;
  938 
  939         SAHTREE_LOCK();
  940         for (sav = LIST_FIRST(&sah->savtree[state]);
  941              sav != NULL;
  942              sav = nextsav) {
  943 
  944                 nextsav = LIST_NEXT(sav, chain);
  945 
  946                 /* sanity check */
  947                 KEY_CHKSASTATE(sav->state, state, __func__);
  948 
  949                 /* initialize */
  950                 if (candidate == NULL) {
  951                         candidate = sav;
  952                         continue;
  953                 }
  954 
  955                 /* Which SA is the better ? */
  956 
  957                 IPSEC_ASSERT(candidate->lft_c != NULL,
  958                         ("null candidate lifetime"));
  959                 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime"));
  960 
  961                 /* What the best method is to compare ? */
  962                 if (V_key_preferred_oldsa) {
  963                         if (candidate->lft_c->addtime >
  964                                         sav->lft_c->addtime) {
  965                                 candidate = sav;
  966                         }
  967                         continue;
  968                         /*NOTREACHED*/
  969                 }
  970 
  971                 /* preferred new sa rather than old sa */
  972                 if (candidate->lft_c->addtime <
  973                                 sav->lft_c->addtime) {
  974                         d = candidate;
  975                         candidate = sav;
  976                 } else
  977                         d = sav;
  978 
  979                 /*
  980                  * prepared to delete the SA when there is more
  981                  * suitable candidate and the lifetime of the SA is not
  982                  * permanent.
  983                  */
  984                 if (d->lft_h->addtime != 0) {
  985                         struct mbuf *m, *result;
  986                         u_int8_t satype;
  987 
  988                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  989 
  990                         IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count"));
  991 
  992                         satype = key_proto2satype(d->sah->saidx.proto);
  993                         if (satype == 0)
  994                                 goto msgfail;
  995 
  996                         m = key_setsadbmsg(SADB_DELETE, 0,
  997                             satype, 0, 0, d->refcnt - 1);
  998                         if (!m)
  999                                 goto msgfail;
 1000                         result = m;
 1001 
 1002                         /* set sadb_address for saidx's. */
 1003                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 1004                                 &d->sah->saidx.src.sa,
 1005                                 d->sah->saidx.src.sa.sa_len << 3,
 1006                                 IPSEC_ULPROTO_ANY);
 1007                         if (!m)
 1008                                 goto msgfail;
 1009                         m_cat(result, m);
 1010 
 1011                         /* set sadb_address for saidx's. */
 1012                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 1013                                 &d->sah->saidx.dst.sa,
 1014                                 d->sah->saidx.dst.sa.sa_len << 3,
 1015                                 IPSEC_ULPROTO_ANY);
 1016                         if (!m)
 1017                                 goto msgfail;
 1018                         m_cat(result, m);
 1019 
 1020                         /* create SA extension */
 1021                         m = key_setsadbsa(d);
 1022                         if (!m)
 1023                                 goto msgfail;
 1024                         m_cat(result, m);
 1025 
 1026                         if (result->m_len < sizeof(struct sadb_msg)) {
 1027                                 result = m_pullup(result,
 1028                                                 sizeof(struct sadb_msg));
 1029                                 if (result == NULL)
 1030                                         goto msgfail;
 1031                         }
 1032 
 1033                         result->m_pkthdr.len = 0;
 1034                         for (m = result; m; m = m->m_next)
 1035                                 result->m_pkthdr.len += m->m_len;
 1036                         mtod(result, struct sadb_msg *)->sadb_msg_len =
 1037                                 PFKEY_UNIT64(result->m_pkthdr.len);
 1038 
 1039                         if (key_sendup_mbuf(NULL, result,
 1040                                         KEY_SENDUP_REGISTERED))
 1041                                 goto msgfail;
 1042                  msgfail:
 1043                         KEY_FREESAV(&d);
 1044                 }
 1045         }
 1046         if (candidate) {
 1047                 sa_addref(candidate);
 1048                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1049                         printf("DP %s cause refcnt++:%d SA:%p\n",
 1050                                 __func__, candidate->refcnt, candidate));
 1051         }
 1052         SAHTREE_UNLOCK();
 1053 
 1054         return candidate;
 1055 }
 1056 
 1057 /*
 1058  * allocating a usable SA entry for a *INBOUND* packet.
 1059  * Must call key_freesav() later.
 1060  * OUT: positive:       pointer to a usable sav (i.e. MATURE or DYING state).
 1061  *      NULL:           not found, or error occured.
 1062  *
 1063  * In the comparison, no source address is used--for RFC2401 conformance.
 1064  * To quote, from section 4.1:
 1065  *      A security association is uniquely identified by a triple consisting
 1066  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
 1067  *      security protocol (AH or ESP) identifier.
 1068  * Note that, however, we do need to keep source address in IPsec SA.
 1069  * IKE specification and PF_KEY specification do assume that we
 1070  * keep source address in IPsec SA.  We see a tricky situation here.
 1071  */
 1072 struct secasvar *
 1073 key_allocsa(union sockaddr_union *dst, u_int proto, u_int32_t spi,
 1074     const char* where, int tag)
 1075 {
 1076         struct secashead *sah;
 1077         struct secasvar *sav;
 1078         u_int stateidx, arraysize, state;
 1079         const u_int *saorder_state_valid;
 1080 #ifdef IPSEC_NAT_T
 1081         int natt_chkport;
 1082 #endif
 1083 
 1084         IPSEC_ASSERT(dst != NULL, ("null dst address"));
 1085 
 1086         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1087                 printf("DP %s from %s:%u\n", __func__, where, tag));
 1088 
 1089 #ifdef IPSEC_NAT_T
 1090         natt_chkport = (dst->sa.sa_family == AF_INET &&
 1091             dst->sa.sa_len == sizeof(struct sockaddr_in) &&
 1092             dst->sin.sin_port != 0);
 1093 #endif
 1094 
 1095         /*
 1096          * searching SAD.
 1097          * XXX: to be checked internal IP header somewhere.  Also when
 1098          * IPsec tunnel packet is received.  But ESP tunnel mode is
 1099          * encrypted so we can't check internal IP header.
 1100          */
 1101         SAHTREE_LOCK();
 1102         if (V_key_preferred_oldsa) {
 1103                 saorder_state_valid = saorder_state_valid_prefer_old;
 1104                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
 1105         } else {
 1106                 saorder_state_valid = saorder_state_valid_prefer_new;
 1107                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
 1108         }
 1109         LIST_FOREACH(sah, &V_sahtree, chain) {
 1110                 int checkport;
 1111 
 1112                 /* search valid state */
 1113                 for (stateidx = 0; stateidx < arraysize; stateidx++) {
 1114                         state = saorder_state_valid[stateidx];
 1115                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 1116                                 /* sanity check */
 1117                                 KEY_CHKSASTATE(sav->state, state, __func__);
 1118                                 /* do not return entries w/ unusable state */
 1119                                 if (sav->state != SADB_SASTATE_MATURE &&
 1120                                     sav->state != SADB_SASTATE_DYING)
 1121                                         continue;
 1122                                 if (proto != sav->sah->saidx.proto)
 1123                                         continue;
 1124                                 if (spi != sav->spi)
 1125                                         continue;
 1126                                 checkport = 0;
 1127 #ifdef IPSEC_NAT_T
 1128                                 /*
 1129                                  * Really only check ports when this is a NAT-T
 1130                                  * SA.  Otherwise other lookups providing ports
 1131                                  * might suffer.
 1132                                  */
 1133                                 if (sav->natt_type && natt_chkport)
 1134                                         checkport = 1;
 1135 #endif
 1136 #if 0   /* don't check src */
 1137                                 /* check src address */
 1138                                 if (key_sockaddrcmp(&src->sa,   
 1139                                     &sav->sah->saidx.src.sa, checkport) != 0)
 1140                                         continue;
 1141 #endif
 1142                                 /* check dst address */
 1143                                 if (key_sockaddrcmp(&dst->sa,
 1144                                     &sav->sah->saidx.dst.sa, checkport) != 0)
 1145                                         continue;
 1146                                 sa_addref(sav);
 1147                                 goto done;
 1148                         }
 1149                 }
 1150         }
 1151         sav = NULL;
 1152 done:
 1153         SAHTREE_UNLOCK();
 1154 
 1155         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1156                 printf("DP %s return SA:%p; refcnt %u\n", __func__,
 1157                         sav, sav ? sav->refcnt : 0));
 1158         return sav;
 1159 }
 1160 
 1161 /*
 1162  * Must be called after calling key_allocsp().
 1163  * For both the packet without socket and key_freeso().
 1164  */
 1165 void
 1166 _key_freesp(struct secpolicy **spp, const char* where, int tag)
 1167 {
 1168         struct ipsecrequest *isr, *nextisr;
 1169         struct secpolicy *sp = *spp;
 1170 
 1171         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1172         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1173                 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
 1174                         __func__, sp, sp->id, where, tag, sp->refcnt));
 1175 
 1176         if (SP_DELREF(sp) == 0)
 1177                 return;
 1178         *spp = NULL;
 1179         for (isr = sp->req; isr != NULL; isr = nextisr) {
 1180                 if (isr->sav != NULL) {
 1181                         KEY_FREESAV(&isr->sav);
 1182                         isr->sav = NULL;
 1183                 }
 1184                 nextisr = isr->next;
 1185                 ipsec_delisr(isr);
 1186         }
 1187         free(sp, M_IPSEC_SP);
 1188 }
 1189 
 1190 static void
 1191 key_unlink(struct secpolicy *sp)
 1192 {
 1193 
 1194         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1195         IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND ||
 1196             sp->spidx.dir == IPSEC_DIR_OUTBOUND,
 1197             ("invalid direction %u", sp->spidx.dir));
 1198         SPTREE_UNLOCK_ASSERT();
 1199 
 1200         SPTREE_WLOCK();
 1201         if (sp->state == IPSEC_SPSTATE_DEAD) {
 1202                 SPTREE_WUNLOCK();
 1203                 return;
 1204         }
 1205         sp->state = IPSEC_SPSTATE_DEAD;
 1206         TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
 1207         SPTREE_WUNLOCK();
 1208         KEY_FREESP(&sp);
 1209 }
 1210 
 1211 /*
 1212  * insert a secpolicy into the SP database. Lower priorities first
 1213  */
 1214 static void
 1215 key_insertsp(struct secpolicy *newsp)
 1216 {
 1217         struct secpolicy *sp;
 1218 
 1219         SPTREE_WLOCK();
 1220         TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) {
 1221                 if (newsp->priority < sp->priority) {
 1222                         TAILQ_INSERT_BEFORE(sp, newsp, chain);
 1223                         goto done;
 1224                 }
 1225         }
 1226 
 1227         TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain);
 1228 
 1229 done:
 1230         newsp->state = IPSEC_SPSTATE_ALIVE;
 1231         SPTREE_WUNLOCK();
 1232 }
 1233 
 1234 /*
 1235  * Must be called after calling key_allocsp().
 1236  * For the packet with socket.
 1237  */
 1238 void
 1239 key_freeso(struct socket *so)
 1240 {
 1241         IPSEC_ASSERT(so != NULL, ("null so"));
 1242 
 1243         switch (so->so_proto->pr_domain->dom_family) {
 1244 #if defined(INET) || defined(INET6)
 1245 #ifdef INET
 1246         case PF_INET:
 1247 #endif
 1248 #ifdef INET6
 1249         case PF_INET6:
 1250 #endif
 1251             {
 1252                 struct inpcb *pcb = sotoinpcb(so);
 1253 
 1254                 /* Does it have a PCB ? */
 1255                 if (pcb == NULL)
 1256                         return;
 1257                 key_freesp_so(&pcb->inp_sp->sp_in);
 1258                 key_freesp_so(&pcb->inp_sp->sp_out);
 1259             }
 1260                 break;
 1261 #endif /* INET || INET6 */
 1262         default:
 1263                 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n",
 1264                     __func__, so->so_proto->pr_domain->dom_family));
 1265                 return;
 1266         }
 1267 }
 1268 
 1269 static void
 1270 key_freesp_so(struct secpolicy **sp)
 1271 {
 1272         IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp"));
 1273 
 1274         if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
 1275             (*sp)->policy == IPSEC_POLICY_BYPASS)
 1276                 return;
 1277 
 1278         IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
 1279                 ("invalid policy %u", (*sp)->policy));
 1280         KEY_FREESP(sp);
 1281 }
 1282 
 1283 void
 1284 key_addrefsa(struct secasvar *sav, const char* where, int tag)
 1285 {
 1286 
 1287         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1288         IPSEC_ASSERT(sav->refcnt > 0, ("refcount must exist"));
 1289 
 1290         sa_addref(sav);
 1291 }
 1292 
 1293 /*
 1294  * Must be called after calling key_allocsa().
 1295  * This function is called by key_freesp() to free some SA allocated
 1296  * for a policy.
 1297  */
 1298 void
 1299 key_freesav(struct secasvar **psav, const char* where, int tag)
 1300 {
 1301         struct secasvar *sav = *psav;
 1302 
 1303         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1304 
 1305         if (sa_delref(sav)) {
 1306                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1307                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1308                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1309                 *psav = NULL;
 1310                 key_delsav(sav);
 1311         } else {
 1312                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1313                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1314                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1315         }
 1316 }
 1317 
 1318 /* %%% SPD management */
 1319 /*
 1320  * search SPD
 1321  * OUT: NULL    : not found
 1322  *      others  : found, pointer to a SP.
 1323  */
 1324 static struct secpolicy *
 1325 key_getsp(struct secpolicyindex *spidx)
 1326 {
 1327         SPTREE_RLOCK_TRACKER;
 1328         struct secpolicy *sp;
 1329 
 1330         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
 1331 
 1332         SPTREE_RLOCK();
 1333         TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) {
 1334                 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
 1335                         SP_ADDREF(sp);
 1336                         break;
 1337                 }
 1338         }
 1339         SPTREE_RUNLOCK();
 1340 
 1341         return sp;
 1342 }
 1343 
 1344 /*
 1345  * get SP by index.
 1346  * OUT: NULL    : not found
 1347  *      others  : found, pointer to a SP.
 1348  */
 1349 static struct secpolicy *
 1350 key_getspbyid(u_int32_t id)
 1351 {
 1352         SPTREE_RLOCK_TRACKER;
 1353         struct secpolicy *sp;
 1354 
 1355         SPTREE_RLOCK();
 1356         TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_INBOUND], chain) {
 1357                 if (sp->id == id) {
 1358                         SP_ADDREF(sp);
 1359                         goto done;
 1360                 }
 1361         }
 1362 
 1363         TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_OUTBOUND], chain) {
 1364                 if (sp->id == id) {
 1365                         SP_ADDREF(sp);
 1366                         goto done;
 1367                 }
 1368         }
 1369 done:
 1370         SPTREE_RUNLOCK();
 1371 
 1372         return sp;
 1373 }
 1374 
 1375 struct secpolicy *
 1376 key_newsp(const char* where, int tag)
 1377 {
 1378         struct secpolicy *newsp = NULL;
 1379 
 1380         newsp = (struct secpolicy *)
 1381                 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO);
 1382         if (newsp)
 1383                 refcount_init(&newsp->refcnt, 1);
 1384 
 1385         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1386                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 1387                         where, tag, newsp));
 1388         return newsp;
 1389 }
 1390 
 1391 /*
 1392  * create secpolicy structure from sadb_x_policy structure.
 1393  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1394  * so must be set properly later.
 1395  */
 1396 struct secpolicy *
 1397 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error)
 1398 {
 1399         struct secpolicy *newsp;
 1400 
 1401         IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
 1402         IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len));
 1403 
 1404         if (len != PFKEY_EXTLEN(xpl0)) {
 1405                 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
 1406                 *error = EINVAL;
 1407                 return NULL;
 1408         }
 1409 
 1410         if ((newsp = KEY_NEWSP()) == NULL) {
 1411                 *error = ENOBUFS;
 1412                 return NULL;
 1413         }
 1414 
 1415         newsp->spidx.dir = xpl0->sadb_x_policy_dir;
 1416         newsp->policy = xpl0->sadb_x_policy_type;
 1417         newsp->priority = xpl0->sadb_x_policy_priority;
 1418 
 1419         /* check policy */
 1420         switch (xpl0->sadb_x_policy_type) {
 1421         case IPSEC_POLICY_DISCARD:
 1422         case IPSEC_POLICY_NONE:
 1423         case IPSEC_POLICY_ENTRUST:
 1424         case IPSEC_POLICY_BYPASS:
 1425                 newsp->req = NULL;
 1426                 break;
 1427 
 1428         case IPSEC_POLICY_IPSEC:
 1429             {
 1430                 int tlen;
 1431                 struct sadb_x_ipsecrequest *xisr;
 1432                 struct ipsecrequest **p_isr = &newsp->req;
 1433 
 1434                 /* validity check */
 1435                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1436                         ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n",
 1437                                 __func__));
 1438                         KEY_FREESP(&newsp);
 1439                         *error = EINVAL;
 1440                         return NULL;
 1441                 }
 1442 
 1443                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1444                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1445 
 1446                 while (tlen > 0) {
 1447                         /* length check */
 1448                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1449                                 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest "
 1450                                         "length.\n", __func__));
 1451                                 KEY_FREESP(&newsp);
 1452                                 *error = EINVAL;
 1453                                 return NULL;
 1454                         }
 1455 
 1456                         /* allocate request buffer */
 1457                         /* NB: data structure is zero'd */
 1458                         *p_isr = ipsec_newisr();
 1459                         if ((*p_isr) == NULL) {
 1460                                 ipseclog((LOG_DEBUG,
 1461                                     "%s: No more memory.\n", __func__));
 1462                                 KEY_FREESP(&newsp);
 1463                                 *error = ENOBUFS;
 1464                                 return NULL;
 1465                         }
 1466 
 1467                         /* set values */
 1468                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1469                         case IPPROTO_ESP:
 1470                         case IPPROTO_AH:
 1471                         case IPPROTO_IPCOMP:
 1472                                 break;
 1473                         default:
 1474                                 ipseclog((LOG_DEBUG,
 1475                                     "%s: invalid proto type=%u\n", __func__,
 1476                                     xisr->sadb_x_ipsecrequest_proto));
 1477                                 KEY_FREESP(&newsp);
 1478                                 *error = EPROTONOSUPPORT;
 1479                                 return NULL;
 1480                         }
 1481                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1482 
 1483                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1484                         case IPSEC_MODE_TRANSPORT:
 1485                         case IPSEC_MODE_TUNNEL:
 1486                                 break;
 1487                         case IPSEC_MODE_ANY:
 1488                         default:
 1489                                 ipseclog((LOG_DEBUG,
 1490                                     "%s: invalid mode=%u\n", __func__,
 1491                                     xisr->sadb_x_ipsecrequest_mode));
 1492                                 KEY_FREESP(&newsp);
 1493                                 *error = EINVAL;
 1494                                 return NULL;
 1495                         }
 1496                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1497 
 1498                         switch (xisr->sadb_x_ipsecrequest_level) {
 1499                         case IPSEC_LEVEL_DEFAULT:
 1500                         case IPSEC_LEVEL_USE:
 1501                         case IPSEC_LEVEL_REQUIRE:
 1502                                 break;
 1503                         case IPSEC_LEVEL_UNIQUE:
 1504                                 /* validity check */
 1505                                 /*
 1506                                  * If range violation of reqid, kernel will
 1507                                  * update it, don't refuse it.
 1508                                  */
 1509                                 if (xisr->sadb_x_ipsecrequest_reqid
 1510                                                 > IPSEC_MANUAL_REQID_MAX) {
 1511                                         ipseclog((LOG_DEBUG,
 1512                                             "%s: reqid=%d range "
 1513                                             "violation, updated by kernel.\n",
 1514                                             __func__,
 1515                                             xisr->sadb_x_ipsecrequest_reqid));
 1516                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1517                                 }
 1518 
 1519                                 /* allocate new reqid id if reqid is zero. */
 1520                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1521                                         u_int32_t reqid;
 1522                                         if ((reqid = key_newreqid()) == 0) {
 1523                                                 KEY_FREESP(&newsp);
 1524                                                 *error = ENOBUFS;
 1525                                                 return NULL;
 1526                                         }
 1527                                         (*p_isr)->saidx.reqid = reqid;
 1528                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1529                                 } else {
 1530                                 /* set it for manual keying. */
 1531                                         (*p_isr)->saidx.reqid =
 1532                                                 xisr->sadb_x_ipsecrequest_reqid;
 1533                                 }
 1534                                 break;
 1535 
 1536                         default:
 1537                                 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n",
 1538                                         __func__,
 1539                                         xisr->sadb_x_ipsecrequest_level));
 1540                                 KEY_FREESP(&newsp);
 1541                                 *error = EINVAL;
 1542                                 return NULL;
 1543                         }
 1544                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1545 
 1546                         /* set IP addresses if there */
 1547                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1548                                 struct sockaddr *paddr;
 1549 
 1550                                 paddr = (struct sockaddr *)(xisr + 1);
 1551 
 1552                                 /* validity check */
 1553                                 if (paddr->sa_len
 1554                                     > sizeof((*p_isr)->saidx.src)) {
 1555                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1556                                                 "request address length.\n",
 1557                                                 __func__));
 1558                                         KEY_FREESP(&newsp);
 1559                                         *error = EINVAL;
 1560                                         return NULL;
 1561                                 }
 1562                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1563                                         paddr->sa_len);
 1564 
 1565                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1566                                                         + paddr->sa_len);
 1567 
 1568                                 /* validity check */
 1569                                 if (paddr->sa_len
 1570                                     > sizeof((*p_isr)->saidx.dst)) {
 1571                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1572                                                 "request address length.\n",
 1573                                                 __func__));
 1574                                         KEY_FREESP(&newsp);
 1575                                         *error = EINVAL;
 1576                                         return NULL;
 1577                                 }
 1578                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1579                                         paddr->sa_len);
 1580                         }
 1581 
 1582                         (*p_isr)->sp = newsp;
 1583 
 1584                         /* initialization for the next. */
 1585                         p_isr = &(*p_isr)->next;
 1586                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1587 
 1588                         /* validity check */
 1589                         if (tlen < 0) {
 1590                                 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n",
 1591                                         __func__));
 1592                                 KEY_FREESP(&newsp);
 1593                                 *error = EINVAL;
 1594                                 return NULL;
 1595                         }
 1596 
 1597                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1598                                          + xisr->sadb_x_ipsecrequest_len);
 1599                 }
 1600             }
 1601                 break;
 1602         default:
 1603                 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
 1604                 KEY_FREESP(&newsp);
 1605                 *error = EINVAL;
 1606                 return NULL;
 1607         }
 1608 
 1609         *error = 0;
 1610         return newsp;
 1611 }
 1612 
 1613 static u_int32_t
 1614 key_newreqid()
 1615 {
 1616         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1617 
 1618         auto_reqid = (auto_reqid == ~0
 1619                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1620 
 1621         /* XXX should be unique check */
 1622 
 1623         return auto_reqid;
 1624 }
 1625 
 1626 /*
 1627  * copy secpolicy struct to sadb_x_policy structure indicated.
 1628  */
 1629 struct mbuf *
 1630 key_sp2msg(struct secpolicy *sp)
 1631 {
 1632         struct sadb_x_policy *xpl;
 1633         int tlen;
 1634         caddr_t p;
 1635         struct mbuf *m;
 1636 
 1637         IPSEC_ASSERT(sp != NULL, ("null policy"));
 1638 
 1639         tlen = key_getspreqmsglen(sp);
 1640 
 1641         m = m_get2(tlen, M_NOWAIT, MT_DATA, 0);
 1642         if (m == NULL)
 1643                 return (NULL);
 1644         m_align(m, tlen);
 1645         m->m_len = tlen;
 1646         xpl = mtod(m, struct sadb_x_policy *);
 1647         bzero(xpl, tlen);
 1648 
 1649         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1650         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1651         xpl->sadb_x_policy_type = sp->policy;
 1652         xpl->sadb_x_policy_dir = sp->spidx.dir;
 1653         xpl->sadb_x_policy_id = sp->id;
 1654         xpl->sadb_x_policy_priority = sp->priority;
 1655         p = (caddr_t)xpl + sizeof(*xpl);
 1656 
 1657         /* if is the policy for ipsec ? */
 1658         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1659                 struct sadb_x_ipsecrequest *xisr;
 1660                 struct ipsecrequest *isr;
 1661 
 1662                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1663 
 1664                         xisr = (struct sadb_x_ipsecrequest *)p;
 1665 
 1666                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1667                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1668                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1669                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1670 
 1671                         p += sizeof(*xisr);
 1672                         bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
 1673                         p += isr->saidx.src.sa.sa_len;
 1674                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
 1675                         p += isr->saidx.src.sa.sa_len;
 1676 
 1677                         xisr->sadb_x_ipsecrequest_len =
 1678                                 PFKEY_ALIGN8(sizeof(*xisr)
 1679                                         + isr->saidx.src.sa.sa_len
 1680                                         + isr->saidx.dst.sa.sa_len);
 1681                 }
 1682         }
 1683 
 1684         return m;
 1685 }
 1686 
 1687 /* m will not be freed nor modified */
 1688 static struct mbuf *
 1689 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1690     int ndeep, int nitem, ...)
 1691 {
 1692         va_list ap;
 1693         int idx;
 1694         int i;
 1695         struct mbuf *result = NULL, *n;
 1696         int len;
 1697 
 1698         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1699         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1700 
 1701         va_start(ap, nitem);
 1702         for (i = 0; i < nitem; i++) {
 1703                 idx = va_arg(ap, int);
 1704                 if (idx < 0 || idx > SADB_EXT_MAX)
 1705                         goto fail;
 1706                 /* don't attempt to pull empty extension */
 1707                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1708                         continue;
 1709                 if (idx != SADB_EXT_RESERVED  &&
 1710                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1711                         continue;
 1712 
 1713                 if (idx == SADB_EXT_RESERVED) {
 1714                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1715 
 1716                         IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
 1717 
 1718                         MGETHDR(n, M_NOWAIT, MT_DATA);
 1719                         if (!n)
 1720                                 goto fail;
 1721                         n->m_len = len;
 1722                         n->m_next = NULL;
 1723                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1724                             mtod(n, caddr_t));
 1725                 } else if (i < ndeep) {
 1726                         len = mhp->extlen[idx];
 1727                         n = m_get2(len, M_NOWAIT, MT_DATA, 0);
 1728                         if (n == NULL)
 1729                                 goto fail;
 1730                         m_align(n, len);
 1731                         n->m_len = len;
 1732                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1733                             mtod(n, caddr_t));
 1734                 } else {
 1735                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1736                             M_NOWAIT);
 1737                 }
 1738                 if (n == NULL)
 1739                         goto fail;
 1740 
 1741                 if (result)
 1742                         m_cat(result, n);
 1743                 else
 1744                         result = n;
 1745         }
 1746         va_end(ap);
 1747 
 1748         if ((result->m_flags & M_PKTHDR) != 0) {
 1749                 result->m_pkthdr.len = 0;
 1750                 for (n = result; n; n = n->m_next)
 1751                         result->m_pkthdr.len += n->m_len;
 1752         }
 1753 
 1754         return result;
 1755 
 1756 fail:
 1757         m_freem(result);
 1758         va_end(ap);
 1759         return NULL;
 1760 }
 1761 
 1762 /*
 1763  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1764  * add an entry to SP database, when received
 1765  *   <base, address(SD), (lifetime(H),) policy>
 1766  * from the user(?).
 1767  * Adding to SP database,
 1768  * and send
 1769  *   <base, address(SD), (lifetime(H),) policy>
 1770  * to the socket which was send.
 1771  *
 1772  * SPDADD set a unique policy entry.
 1773  * SPDSETIDX like SPDADD without a part of policy requests.
 1774  * SPDUPDATE replace a unique policy entry.
 1775  *
 1776  * m will always be freed.
 1777  */
 1778 static int
 1779 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 1780 {
 1781         struct sadb_address *src0, *dst0;
 1782         struct sadb_x_policy *xpl0, *xpl;
 1783         struct sadb_lifetime *lft = NULL;
 1784         struct secpolicyindex spidx;
 1785         struct secpolicy *newsp;
 1786         int error;
 1787 
 1788         IPSEC_ASSERT(so != NULL, ("null socket"));
 1789         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1790         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1791         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 1792 
 1793         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 1794             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 1795             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1796                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1797                 return key_senderror(so, m, EINVAL);
 1798         }
 1799         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 1800             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 1801             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1802                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1803                         __func__));
 1804                 return key_senderror(so, m, EINVAL);
 1805         }
 1806         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1807                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1808                         < sizeof(struct sadb_lifetime)) {
 1809                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1810                                 __func__));
 1811                         return key_senderror(so, m, EINVAL);
 1812                 }
 1813                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1814         }
 1815 
 1816         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1817         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1818         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1819 
 1820         /* 
 1821          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 1822          * we are processing traffic endpoints.
 1823          */
 1824 
 1825         /* make secindex */
 1826         /* XXX boundary check against sa_len */
 1827         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1828                         src0 + 1,
 1829                         dst0 + 1,
 1830                         src0->sadb_address_prefixlen,
 1831                         dst0->sadb_address_prefixlen,
 1832                         src0->sadb_address_proto,
 1833                         &spidx);
 1834 
 1835         /* checking the direciton. */
 1836         switch (xpl0->sadb_x_policy_dir) {
 1837         case IPSEC_DIR_INBOUND:
 1838         case IPSEC_DIR_OUTBOUND:
 1839                 break;
 1840         default:
 1841                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 1842                 mhp->msg->sadb_msg_errno = EINVAL;
 1843                 return 0;
 1844         }
 1845 
 1846         /* check policy */
 1847         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1848         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
 1849          || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1850                 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__));
 1851                 return key_senderror(so, m, EINVAL);
 1852         }
 1853 
 1854         /* policy requests are mandatory when action is ipsec. */
 1855         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
 1856          && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
 1857          && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1858                 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n",
 1859                         __func__));
 1860                 return key_senderror(so, m, EINVAL);
 1861         }
 1862 
 1863         /*
 1864          * checking there is SP already or not.
 1865          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1866          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1867          * then error.
 1868          */
 1869         newsp = key_getsp(&spidx);
 1870         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1871                 if (newsp) {
 1872                         key_unlink(newsp);
 1873                         KEY_FREESP(&newsp);
 1874                 }
 1875         } else {
 1876                 if (newsp != NULL) {
 1877                         KEY_FREESP(&newsp);
 1878                         ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n",
 1879                                 __func__));
 1880                         return key_senderror(so, m, EEXIST);
 1881                 }
 1882         }
 1883 
 1884         /* XXX: there is race between key_getsp and key_msg2sp. */
 1885 
 1886         /* allocation new SP entry */
 1887         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1888                 return key_senderror(so, m, error);
 1889         }
 1890 
 1891         if ((newsp->id = key_getnewspid()) == 0) {
 1892                 KEY_FREESP(&newsp);
 1893                 return key_senderror(so, m, ENOBUFS);
 1894         }
 1895 
 1896         /* XXX boundary check against sa_len */
 1897         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1898                         src0 + 1,
 1899                         dst0 + 1,
 1900                         src0->sadb_address_prefixlen,
 1901                         dst0->sadb_address_prefixlen,
 1902                         src0->sadb_address_proto,
 1903                         &newsp->spidx);
 1904 
 1905         /* sanity check on addr pair */
 1906         if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1907                         ((struct sockaddr *)(dst0+ 1))->sa_family) {
 1908                 KEY_FREESP(&newsp);
 1909                 return key_senderror(so, m, EINVAL);
 1910         }
 1911         if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1912                         ((struct sockaddr *)(dst0+ 1))->sa_len) {
 1913                 KEY_FREESP(&newsp);
 1914                 return key_senderror(so, m, EINVAL);
 1915         }
 1916 #if 1
 1917         if (newsp->req && newsp->req->saidx.src.sa.sa_family &&
 1918             newsp->req->saidx.dst.sa.sa_family) {
 1919                 if (newsp->req->saidx.src.sa.sa_family !=
 1920                     newsp->req->saidx.dst.sa.sa_family) {
 1921                         KEY_FREESP(&newsp);
 1922                         return key_senderror(so, m, EINVAL);
 1923                 }
 1924         }
 1925 #endif
 1926 
 1927         newsp->created = time_second;
 1928         newsp->lastused = newsp->created;
 1929         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1930         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1931 
 1932         key_insertsp(newsp);
 1933 
 1934         /* delete the entry in spacqtree */
 1935         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1936                 struct secspacq *spacq = key_getspacq(&spidx);
 1937                 if (spacq != NULL) {
 1938                         /* reset counter in order to deletion by timehandler. */
 1939                         spacq->created = time_second;
 1940                         spacq->count = 0;
 1941                         SPACQ_UNLOCK();
 1942                 }
 1943         }
 1944 
 1945     {
 1946         struct mbuf *n, *mpolicy;
 1947         struct sadb_msg *newmsg;
 1948         int off;
 1949 
 1950         /*
 1951          * Note: do not send SADB_X_EXT_NAT_T_* here:
 1952          * we are sending traffic endpoints.
 1953          */
 1954 
 1955         /* create new sadb_msg to reply. */
 1956         if (lft) {
 1957                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1958                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1959                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1960         } else {
 1961                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1962                     SADB_X_EXT_POLICY,
 1963                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1964         }
 1965         if (!n)
 1966                 return key_senderror(so, m, ENOBUFS);
 1967 
 1968         if (n->m_len < sizeof(*newmsg)) {
 1969                 n = m_pullup(n, sizeof(*newmsg));
 1970                 if (!n)
 1971                         return key_senderror(so, m, ENOBUFS);
 1972         }
 1973         newmsg = mtod(n, struct sadb_msg *);
 1974         newmsg->sadb_msg_errno = 0;
 1975         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 1976 
 1977         off = 0;
 1978         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 1979             sizeof(*xpl), &off);
 1980         if (mpolicy == NULL) {
 1981                 /* n is already freed */
 1982                 return key_senderror(so, m, ENOBUFS);
 1983         }
 1984         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 1985         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 1986                 m_freem(n);
 1987                 return key_senderror(so, m, EINVAL);
 1988         }
 1989         xpl->sadb_x_policy_id = newsp->id;
 1990 
 1991         m_freem(m);
 1992         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 1993     }
 1994 }
 1995 
 1996 /*
 1997  * get new policy id.
 1998  * OUT:
 1999  *      0:      failure.
 2000  *      others: success.
 2001  */
 2002 static u_int32_t
 2003 key_getnewspid()
 2004 {
 2005         u_int32_t newid = 0;
 2006         int count = V_key_spi_trycnt;   /* XXX */
 2007         struct secpolicy *sp;
 2008 
 2009         /* when requesting to allocate spi ranged */
 2010         while (count--) {
 2011                 newid = (V_policy_id = (V_policy_id == ~0 ? 1 : V_policy_id + 1));
 2012 
 2013                 if ((sp = key_getspbyid(newid)) == NULL)
 2014                         break;
 2015 
 2016                 KEY_FREESP(&sp);
 2017         }
 2018 
 2019         if (count == 0 || newid == 0) {
 2020                 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n",
 2021                         __func__));
 2022                 return 0;
 2023         }
 2024 
 2025         return newid;
 2026 }
 2027 
 2028 /*
 2029  * SADB_SPDDELETE processing
 2030  * receive
 2031  *   <base, address(SD), policy(*)>
 2032  * from the user(?), and set SADB_SASTATE_DEAD,
 2033  * and send,
 2034  *   <base, address(SD), policy(*)>
 2035  * to the ikmpd.
 2036  * policy(*) including direction of policy.
 2037  *
 2038  * m will always be freed.
 2039  */
 2040 static int
 2041 key_spddelete(struct socket *so, struct mbuf *m,
 2042     const struct sadb_msghdr *mhp)
 2043 {
 2044         struct sadb_address *src0, *dst0;
 2045         struct sadb_x_policy *xpl0;
 2046         struct secpolicyindex spidx;
 2047         struct secpolicy *sp;
 2048 
 2049         IPSEC_ASSERT(so != NULL, ("null so"));
 2050         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2051         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2052         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2053 
 2054         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2055             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2056             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2057                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2058                         __func__));
 2059                 return key_senderror(so, m, EINVAL);
 2060         }
 2061         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2062             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2063             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2064                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2065                         __func__));
 2066                 return key_senderror(so, m, EINVAL);
 2067         }
 2068 
 2069         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2070         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2071         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2072 
 2073         /*
 2074          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 2075          * we are processing traffic endpoints.
 2076          */
 2077 
 2078         /* make secindex */
 2079         /* XXX boundary check against sa_len */
 2080         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 2081                         src0 + 1,
 2082                         dst0 + 1,
 2083                         src0->sadb_address_prefixlen,
 2084                         dst0->sadb_address_prefixlen,
 2085                         src0->sadb_address_proto,
 2086                         &spidx);
 2087 
 2088         /* checking the direciton. */
 2089         switch (xpl0->sadb_x_policy_dir) {
 2090         case IPSEC_DIR_INBOUND:
 2091         case IPSEC_DIR_OUTBOUND:
 2092                 break;
 2093         default:
 2094                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 2095                 return key_senderror(so, m, EINVAL);
 2096         }
 2097 
 2098         /* Is there SP in SPD ? */
 2099         if ((sp = key_getsp(&spidx)) == NULL) {
 2100                 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__));
 2101                 return key_senderror(so, m, EINVAL);
 2102         }
 2103 
 2104         /* save policy id to buffer to be returned. */
 2105         xpl0->sadb_x_policy_id = sp->id;
 2106 
 2107         key_unlink(sp);
 2108         KEY_FREESP(&sp);
 2109 
 2110     {
 2111         struct mbuf *n;
 2112         struct sadb_msg *newmsg;
 2113 
 2114         /*
 2115          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2116          * we are sending traffic endpoints.
 2117          */
 2118 
 2119         /* create new sadb_msg to reply. */
 2120         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2121             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2122         if (!n)
 2123                 return key_senderror(so, m, ENOBUFS);
 2124 
 2125         newmsg = mtod(n, struct sadb_msg *);
 2126         newmsg->sadb_msg_errno = 0;
 2127         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2128 
 2129         m_freem(m);
 2130         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2131     }
 2132 }
 2133 
 2134 /*
 2135  * SADB_SPDDELETE2 processing
 2136  * receive
 2137  *   <base, policy(*)>
 2138  * from the user(?), and set SADB_SASTATE_DEAD,
 2139  * and send,
 2140  *   <base, policy(*)>
 2141  * to the ikmpd.
 2142  * policy(*) including direction of policy.
 2143  *
 2144  * m will always be freed.
 2145  */
 2146 static int
 2147 key_spddelete2(struct socket *so, struct mbuf *m,
 2148     const struct sadb_msghdr *mhp)
 2149 {
 2150         u_int32_t id;
 2151         struct secpolicy *sp;
 2152 
 2153         IPSEC_ASSERT(so != NULL, ("null socket"));
 2154         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2155         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2156         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2157 
 2158         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2159             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2160                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__));
 2161                 return key_senderror(so, m, EINVAL);
 2162         }
 2163 
 2164         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2165 
 2166         /* Is there SP in SPD ? */
 2167         if ((sp = key_getspbyid(id)) == NULL) {
 2168                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2169                 return key_senderror(so, m, EINVAL);
 2170         }
 2171 
 2172         key_unlink(sp);
 2173         KEY_FREESP(&sp);
 2174 
 2175     {
 2176         struct mbuf *n, *nn;
 2177         struct sadb_msg *newmsg;
 2178         int off, len;
 2179 
 2180         /* create new sadb_msg to reply. */
 2181         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2182 
 2183         MGETHDR(n, M_NOWAIT, MT_DATA);
 2184         if (n && len > MHLEN) {
 2185                 if (!(MCLGET(n, M_NOWAIT))) {
 2186                         m_freem(n);
 2187                         n = NULL;
 2188                 }
 2189         }
 2190         if (!n)
 2191                 return key_senderror(so, m, ENOBUFS);
 2192 
 2193         n->m_len = len;
 2194         n->m_next = NULL;
 2195         off = 0;
 2196 
 2197         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2198         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2199 
 2200         IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)",
 2201                 off, len));
 2202 
 2203         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2204             mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT);
 2205         if (!n->m_next) {
 2206                 m_freem(n);
 2207                 return key_senderror(so, m, ENOBUFS);
 2208         }
 2209 
 2210         n->m_pkthdr.len = 0;
 2211         for (nn = n; nn; nn = nn->m_next)
 2212                 n->m_pkthdr.len += nn->m_len;
 2213 
 2214         newmsg = mtod(n, struct sadb_msg *);
 2215         newmsg->sadb_msg_errno = 0;
 2216         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2217 
 2218         m_freem(m);
 2219         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2220     }
 2221 }
 2222 
 2223 /*
 2224  * SADB_X_SPDGET processing
 2225  * receive
 2226  *   <base, policy(*)>
 2227  * from the user(?),
 2228  * and send,
 2229  *   <base, address(SD), policy>
 2230  * to the ikmpd.
 2231  * policy(*) including direction of policy.
 2232  *
 2233  * m will always be freed.
 2234  */
 2235 static int
 2236 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 2237 {
 2238         u_int32_t id;
 2239         struct secpolicy *sp;
 2240         struct mbuf *n;
 2241 
 2242         IPSEC_ASSERT(so != NULL, ("null socket"));
 2243         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2244         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2245         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2246 
 2247         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2248             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2249                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2250                         __func__));
 2251                 return key_senderror(so, m, EINVAL);
 2252         }
 2253 
 2254         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2255 
 2256         /* Is there SP in SPD ? */
 2257         if ((sp = key_getspbyid(id)) == NULL) {
 2258                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2259                 return key_senderror(so, m, ENOENT);
 2260         }
 2261 
 2262         n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
 2263             mhp->msg->sadb_msg_pid);
 2264         KEY_FREESP(&sp);
 2265         if (n != NULL) {
 2266                 m_freem(m);
 2267                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2268         } else
 2269                 return key_senderror(so, m, ENOBUFS);
 2270 }
 2271 
 2272 /*
 2273  * SADB_X_SPDACQUIRE processing.
 2274  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2275  * send
 2276  *   <base, policy(*)>
 2277  * to KMD, and expect to receive
 2278  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2279  * or
 2280  *   <base, policy>
 2281  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2282  * policy(*) is without policy requests.
 2283  *
 2284  *    0     : succeed
 2285  *    others: error number
 2286  */
 2287 int
 2288 key_spdacquire(struct secpolicy *sp)
 2289 {
 2290         struct mbuf *result = NULL, *m;
 2291         struct secspacq *newspacq;
 2292 
 2293         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2294         IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
 2295         IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
 2296                 ("policy not IPSEC %u", sp->policy));
 2297 
 2298         /* Get an entry to check whether sent message or not. */
 2299         newspacq = key_getspacq(&sp->spidx);
 2300         if (newspacq != NULL) {
 2301                 if (V_key_blockacq_count < newspacq->count) {
 2302                         /* reset counter and do send message. */
 2303                         newspacq->count = 0;
 2304                 } else {
 2305                         /* increment counter and do nothing. */
 2306                         newspacq->count++;
 2307                         SPACQ_UNLOCK();
 2308                         return (0);
 2309                 }
 2310                 SPACQ_UNLOCK();
 2311         } else {
 2312                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2313                 newspacq = key_newspacq(&sp->spidx);
 2314                 if (newspacq == NULL)
 2315                         return ENOBUFS;
 2316         }
 2317 
 2318         /* create new sadb_msg to reply. */
 2319         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2320         if (!m)
 2321                 return ENOBUFS;
 2322 
 2323         result = m;
 2324 
 2325         result->m_pkthdr.len = 0;
 2326         for (m = result; m; m = m->m_next)
 2327                 result->m_pkthdr.len += m->m_len;
 2328 
 2329         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2330             PFKEY_UNIT64(result->m_pkthdr.len);
 2331 
 2332         return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
 2333 }
 2334 
 2335 /*
 2336  * SADB_SPDFLUSH processing
 2337  * receive
 2338  *   <base>
 2339  * from the user, and free all entries in secpctree.
 2340  * and send,
 2341  *   <base>
 2342  * to the user.
 2343  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2344  *
 2345  * m will always be freed.
 2346  */
 2347 static int
 2348 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 2349 {
 2350         TAILQ_HEAD(, secpolicy) drainq;
 2351         struct sadb_msg *newmsg;
 2352         struct secpolicy *sp, *nextsp;
 2353         u_int dir;
 2354 
 2355         IPSEC_ASSERT(so != NULL, ("null socket"));
 2356         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2357         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2358         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2359 
 2360         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2361                 return key_senderror(so, m, EINVAL);
 2362 
 2363         TAILQ_INIT(&drainq);
 2364         SPTREE_WLOCK();
 2365         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2366                 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain);
 2367         }
 2368         /*
 2369          * We need to set state to DEAD for each policy to be sure,
 2370          * that another thread won't try to unlink it.
 2371          */
 2372         TAILQ_FOREACH(sp, &drainq, chain)
 2373                 sp->state = IPSEC_SPSTATE_DEAD;
 2374         SPTREE_WUNLOCK();
 2375         sp = TAILQ_FIRST(&drainq);
 2376         while (sp != NULL) {
 2377                 nextsp = TAILQ_NEXT(sp, chain);
 2378                 KEY_FREESP(&sp);
 2379                 sp = nextsp;
 2380         }
 2381 
 2382         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2383                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2384                 return key_senderror(so, m, ENOBUFS);
 2385         }
 2386 
 2387         if (m->m_next)
 2388                 m_freem(m->m_next);
 2389         m->m_next = NULL;
 2390         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2391         newmsg = mtod(m, struct sadb_msg *);
 2392         newmsg->sadb_msg_errno = 0;
 2393         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2394 
 2395         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2396 }
 2397 
 2398 /*
 2399  * SADB_SPDDUMP processing
 2400  * receive
 2401  *   <base>
 2402  * from the user, and dump all SP leaves
 2403  * and send,
 2404  *   <base> .....
 2405  * to the ikmpd.
 2406  *
 2407  * m will always be freed.
 2408  */
 2409 static int
 2410 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 2411 {
 2412         SPTREE_RLOCK_TRACKER;
 2413         struct secpolicy *sp;
 2414         int cnt;
 2415         u_int dir;
 2416         struct mbuf *n;
 2417 
 2418         IPSEC_ASSERT(so != NULL, ("null socket"));
 2419         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2420         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2421         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2422 
 2423         /* search SPD entry and get buffer size. */
 2424         cnt = 0;
 2425         SPTREE_RLOCK();
 2426         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2427                 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
 2428                         cnt++;
 2429                 }
 2430         }
 2431 
 2432         if (cnt == 0) {
 2433                 SPTREE_RUNLOCK();
 2434                 return key_senderror(so, m, ENOENT);
 2435         }
 2436 
 2437         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2438                 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
 2439                         --cnt;
 2440                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2441                             mhp->msg->sadb_msg_pid);
 2442 
 2443                         if (n)
 2444                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2445                 }
 2446         }
 2447 
 2448         SPTREE_RUNLOCK();
 2449         m_freem(m);
 2450         return 0;
 2451 }
 2452 
 2453 static struct mbuf *
 2454 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq,
 2455     u_int32_t pid)
 2456 {
 2457         struct mbuf *result = NULL, *m;
 2458         struct seclifetime lt;
 2459 
 2460         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2461         if (!m)
 2462                 goto fail;
 2463         result = m;
 2464 
 2465         /*
 2466          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2467          * we are sending traffic endpoints.
 2468          */
 2469         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2470             &sp->spidx.src.sa, sp->spidx.prefs,
 2471             sp->spidx.ul_proto);
 2472         if (!m)
 2473                 goto fail;
 2474         m_cat(result, m);
 2475 
 2476         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2477             &sp->spidx.dst.sa, sp->spidx.prefd,
 2478             sp->spidx.ul_proto);
 2479         if (!m)
 2480                 goto fail;
 2481         m_cat(result, m);
 2482 
 2483         m = key_sp2msg(sp);
 2484         if (!m)
 2485                 goto fail;
 2486         m_cat(result, m);
 2487 
 2488         if(sp->lifetime){
 2489                 lt.addtime=sp->created;
 2490                 lt.usetime= sp->lastused;
 2491                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_CURRENT);
 2492                 if (!m)
 2493                         goto fail;
 2494                 m_cat(result, m);
 2495                 
 2496                 lt.addtime=sp->lifetime;
 2497                 lt.usetime= sp->validtime;
 2498                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_HARD);
 2499                 if (!m)
 2500                         goto fail;
 2501                 m_cat(result, m);
 2502         }
 2503 
 2504         if ((result->m_flags & M_PKTHDR) == 0)
 2505                 goto fail;
 2506 
 2507         if (result->m_len < sizeof(struct sadb_msg)) {
 2508                 result = m_pullup(result, sizeof(struct sadb_msg));
 2509                 if (result == NULL)
 2510                         goto fail;
 2511         }
 2512 
 2513         result->m_pkthdr.len = 0;
 2514         for (m = result; m; m = m->m_next)
 2515                 result->m_pkthdr.len += m->m_len;
 2516 
 2517         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2518             PFKEY_UNIT64(result->m_pkthdr.len);
 2519 
 2520         return result;
 2521 
 2522 fail:
 2523         m_freem(result);
 2524         return NULL;
 2525 }
 2526 
 2527 /*
 2528  * get PFKEY message length for security policy and request.
 2529  */
 2530 static u_int
 2531 key_getspreqmsglen(struct secpolicy *sp)
 2532 {
 2533         u_int tlen;
 2534 
 2535         tlen = sizeof(struct sadb_x_policy);
 2536 
 2537         /* if is the policy for ipsec ? */
 2538         if (sp->policy != IPSEC_POLICY_IPSEC)
 2539                 return tlen;
 2540 
 2541         /* get length of ipsec requests */
 2542     {
 2543         struct ipsecrequest *isr;
 2544         int len;
 2545 
 2546         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2547                 len = sizeof(struct sadb_x_ipsecrequest)
 2548                         + isr->saidx.src.sa.sa_len
 2549                         + isr->saidx.dst.sa.sa_len;
 2550 
 2551                 tlen += PFKEY_ALIGN8(len);
 2552         }
 2553     }
 2554 
 2555         return tlen;
 2556 }
 2557 
 2558 /*
 2559  * SADB_SPDEXPIRE processing
 2560  * send
 2561  *   <base, address(SD), lifetime(CH), policy>
 2562  * to KMD by PF_KEY.
 2563  *
 2564  * OUT: 0       : succeed
 2565  *      others  : error number
 2566  */
 2567 static int
 2568 key_spdexpire(struct secpolicy *sp)
 2569 {
 2570         struct mbuf *result = NULL, *m;
 2571         int len;
 2572         int error = -1;
 2573         struct sadb_lifetime *lt;
 2574 
 2575         /* XXX: Why do we lock ? */
 2576 
 2577         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2578 
 2579         /* set msg header */
 2580         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2581         if (!m) {
 2582                 error = ENOBUFS;
 2583                 goto fail;
 2584         }
 2585         result = m;
 2586 
 2587         /* create lifetime extension (current and hard) */
 2588         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2589         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 2590         if (m == NULL) {
 2591                 error = ENOBUFS;
 2592                 goto fail;
 2593         }
 2594         m_align(m, len);
 2595         m->m_len = len;
 2596         bzero(mtod(m, caddr_t), len);
 2597         lt = mtod(m, struct sadb_lifetime *);
 2598         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2599         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2600         lt->sadb_lifetime_allocations = 0;
 2601         lt->sadb_lifetime_bytes = 0;
 2602         lt->sadb_lifetime_addtime = sp->created;
 2603         lt->sadb_lifetime_usetime = sp->lastused;
 2604         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2605         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2606         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2607         lt->sadb_lifetime_allocations = 0;
 2608         lt->sadb_lifetime_bytes = 0;
 2609         lt->sadb_lifetime_addtime = sp->lifetime;
 2610         lt->sadb_lifetime_usetime = sp->validtime;
 2611         m_cat(result, m);
 2612 
 2613         /*
 2614          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2615          * we are sending traffic endpoints.
 2616          */
 2617 
 2618         /* set sadb_address for source */
 2619         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2620             &sp->spidx.src.sa,
 2621             sp->spidx.prefs, sp->spidx.ul_proto);
 2622         if (!m) {
 2623                 error = ENOBUFS;
 2624                 goto fail;
 2625         }
 2626         m_cat(result, m);
 2627 
 2628         /* set sadb_address for destination */
 2629         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2630             &sp->spidx.dst.sa,
 2631             sp->spidx.prefd, sp->spidx.ul_proto);
 2632         if (!m) {
 2633                 error = ENOBUFS;
 2634                 goto fail;
 2635         }
 2636         m_cat(result, m);
 2637 
 2638         /* set secpolicy */
 2639         m = key_sp2msg(sp);
 2640         if (!m) {
 2641                 error = ENOBUFS;
 2642                 goto fail;
 2643         }
 2644         m_cat(result, m);
 2645 
 2646         if ((result->m_flags & M_PKTHDR) == 0) {
 2647                 error = EINVAL;
 2648                 goto fail;
 2649         }
 2650 
 2651         if (result->m_len < sizeof(struct sadb_msg)) {
 2652                 result = m_pullup(result, sizeof(struct sadb_msg));
 2653                 if (result == NULL) {
 2654                         error = ENOBUFS;
 2655                         goto fail;
 2656                 }
 2657         }
 2658 
 2659         result->m_pkthdr.len = 0;
 2660         for (m = result; m; m = m->m_next)
 2661                 result->m_pkthdr.len += m->m_len;
 2662 
 2663         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2664             PFKEY_UNIT64(result->m_pkthdr.len);
 2665 
 2666         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2667 
 2668  fail:
 2669         if (result)
 2670                 m_freem(result);
 2671         return error;
 2672 }
 2673 
 2674 /* %%% SAD management */
 2675 /*
 2676  * allocating a memory for new SA head, and copy from the values of mhp.
 2677  * OUT: NULL    : failure due to the lack of memory.
 2678  *      others  : pointer to new SA head.
 2679  */
 2680 static struct secashead *
 2681 key_newsah(struct secasindex *saidx)
 2682 {
 2683         struct secashead *newsah;
 2684 
 2685         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 2686 
 2687         newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO);
 2688         if (newsah != NULL) {
 2689                 int i;
 2690                 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++)
 2691                         LIST_INIT(&newsah->savtree[i]);
 2692                 newsah->saidx = *saidx;
 2693 
 2694                 /* add to saidxtree */
 2695                 newsah->state = SADB_SASTATE_MATURE;
 2696 
 2697                 SAHTREE_LOCK();
 2698                 LIST_INSERT_HEAD(&V_sahtree, newsah, chain);
 2699                 SAHTREE_UNLOCK();
 2700         }
 2701         return(newsah);
 2702 }
 2703 
 2704 /*
 2705  * delete SA index and all SA registerd.
 2706  */
 2707 static void
 2708 key_delsah(struct secashead *sah)
 2709 {
 2710         struct secasvar *sav, *nextsav;
 2711         u_int stateidx;
 2712         int zombie = 0;
 2713 
 2714         IPSEC_ASSERT(sah != NULL, ("NULL sah"));
 2715         SAHTREE_LOCK_ASSERT();
 2716 
 2717         /* searching all SA registerd in the secindex. */
 2718         for (stateidx = 0;
 2719              stateidx < _ARRAYLEN(saorder_state_any);
 2720              stateidx++) {
 2721                 u_int state = saorder_state_any[stateidx];
 2722                 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
 2723                         if (sav->refcnt == 0) {
 2724                                 /* sanity check */
 2725                                 KEY_CHKSASTATE(state, sav->state, __func__);
 2726                                 /* 
 2727                                  * do NOT call KEY_FREESAV here:
 2728                                  * it will only delete the sav if refcnt == 1,
 2729                                  * where we already know that refcnt == 0
 2730                                  */
 2731                                 key_delsav(sav);
 2732                         } else {
 2733                                 /* give up to delete this sa */
 2734                                 zombie++;
 2735                         }
 2736                 }
 2737         }
 2738         if (!zombie) {          /* delete only if there are savs */
 2739                 /* remove from tree of SA index */
 2740                 if (__LIST_CHAINED(sah))
 2741                         LIST_REMOVE(sah, chain);
 2742                 free(sah, M_IPSEC_SAH);
 2743         }
 2744 }
 2745 
 2746 /*
 2747  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2748  * and copy the values of mhp into new buffer.
 2749  * When SAD message type is GETSPI:
 2750  *      to set sequence number from acq_seq++,
 2751  *      to set zero to SPI.
 2752  *      not to call key_setsava().
 2753  * OUT: NULL    : fail
 2754  *      others  : pointer to new secasvar.
 2755  *
 2756  * does not modify mbuf.  does not free mbuf on error.
 2757  */
 2758 static struct secasvar *
 2759 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp,
 2760     struct secashead *sah, int *errp, const char *where, int tag)
 2761 {
 2762         struct secasvar *newsav;
 2763         const struct sadb_sa *xsa;
 2764 
 2765         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2766         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2767         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2768         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 2769 
 2770         newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO);
 2771         if (newsav == NULL) {
 2772                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2773                 *errp = ENOBUFS;
 2774                 goto done;
 2775         }
 2776 
 2777         switch (mhp->msg->sadb_msg_type) {
 2778         case SADB_GETSPI:
 2779                 newsav->spi = 0;
 2780 
 2781 #ifdef IPSEC_DOSEQCHECK
 2782                 /* sync sequence number */
 2783                 if (mhp->msg->sadb_msg_seq == 0)
 2784                         newsav->seq =
 2785                                 (V_acq_seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq));
 2786                 else
 2787 #endif
 2788                         newsav->seq = mhp->msg->sadb_msg_seq;
 2789                 break;
 2790 
 2791         case SADB_ADD:
 2792                 /* sanity check */
 2793                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2794                         free(newsav, M_IPSEC_SA);
 2795                         newsav = NULL;
 2796                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2797                                 __func__));
 2798                         *errp = EINVAL;
 2799                         goto done;
 2800                 }
 2801                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2802                 newsav->spi = xsa->sadb_sa_spi;
 2803                 newsav->seq = mhp->msg->sadb_msg_seq;
 2804                 break;
 2805         default:
 2806                 free(newsav, M_IPSEC_SA);
 2807                 newsav = NULL;
 2808                 *errp = EINVAL;
 2809                 goto done;
 2810         }
 2811 
 2812 
 2813         /* copy sav values */
 2814         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2815                 *errp = key_setsaval(newsav, m, mhp);
 2816                 if (*errp) {
 2817                         free(newsav, M_IPSEC_SA);
 2818                         newsav = NULL;
 2819                         goto done;
 2820                 }
 2821         }
 2822 
 2823         SECASVAR_LOCK_INIT(newsav);
 2824 
 2825         /* reset created */
 2826         newsav->created = time_second;
 2827         newsav->pid = mhp->msg->sadb_msg_pid;
 2828 
 2829         /* add to satree */
 2830         newsav->sah = sah;
 2831         sa_initref(newsav);
 2832         newsav->state = SADB_SASTATE_LARVAL;
 2833 
 2834         SAHTREE_LOCK();
 2835         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2836                         secasvar, chain);
 2837         SAHTREE_UNLOCK();
 2838 done:
 2839         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 2840                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 2841                         where, tag, newsav));
 2842 
 2843         return newsav;
 2844 }
 2845 
 2846 /*
 2847  * free() SA variable entry.
 2848  */
 2849 static void
 2850 key_cleansav(struct secasvar *sav)
 2851 {
 2852         /*
 2853          * Cleanup xform state.  Note that zeroize'ing causes the
 2854          * keys to be cleared; otherwise we must do it ourself.
 2855          */
 2856         if (sav->tdb_xform != NULL) {
 2857                 sav->tdb_xform->xf_zeroize(sav);
 2858                 sav->tdb_xform = NULL;
 2859         } else {
 2860                 if (sav->key_auth != NULL)
 2861                         bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
 2862                 if (sav->key_enc != NULL)
 2863                         bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 2864         }
 2865         if (sav->key_auth != NULL) {
 2866                 if (sav->key_auth->key_data != NULL)
 2867                         free(sav->key_auth->key_data, M_IPSEC_MISC);
 2868                 free(sav->key_auth, M_IPSEC_MISC);
 2869                 sav->key_auth = NULL;
 2870         }
 2871         if (sav->key_enc != NULL) {
 2872                 if (sav->key_enc->key_data != NULL)
 2873                         free(sav->key_enc->key_data, M_IPSEC_MISC);
 2874                 free(sav->key_enc, M_IPSEC_MISC);
 2875                 sav->key_enc = NULL;
 2876         }
 2877         if (sav->sched) {
 2878                 bzero(sav->sched, sav->schedlen);
 2879                 free(sav->sched, M_IPSEC_MISC);
 2880                 sav->sched = NULL;
 2881         }
 2882         if (sav->replay != NULL) {
 2883                 free(sav->replay, M_IPSEC_MISC);
 2884                 sav->replay = NULL;
 2885         }
 2886         if (sav->lft_c != NULL) {
 2887                 free(sav->lft_c, M_IPSEC_MISC);
 2888                 sav->lft_c = NULL;
 2889         }
 2890         if (sav->lft_h != NULL) {
 2891                 free(sav->lft_h, M_IPSEC_MISC);
 2892                 sav->lft_h = NULL;
 2893         }
 2894         if (sav->lft_s != NULL) {
 2895                 free(sav->lft_s, M_IPSEC_MISC);
 2896                 sav->lft_s = NULL;
 2897         }
 2898 }
 2899 
 2900 /*
 2901  * free() SA variable entry.
 2902  */
 2903 static void
 2904 key_delsav(struct secasvar *sav)
 2905 {
 2906         IPSEC_ASSERT(sav != NULL, ("null sav"));
 2907         IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt));
 2908 
 2909         /* remove from SA header */
 2910         if (__LIST_CHAINED(sav))
 2911                 LIST_REMOVE(sav, chain);
 2912         key_cleansav(sav);
 2913         SECASVAR_LOCK_DESTROY(sav);
 2914         free(sav, M_IPSEC_SA);
 2915 }
 2916 
 2917 /*
 2918  * search SAD.
 2919  * OUT:
 2920  *      NULL    : not found
 2921  *      others  : found, pointer to a SA.
 2922  */
 2923 static struct secashead *
 2924 key_getsah(struct secasindex *saidx)
 2925 {
 2926         struct secashead *sah;
 2927 
 2928         SAHTREE_LOCK();
 2929         LIST_FOREACH(sah, &V_sahtree, chain) {
 2930                 if (sah->state == SADB_SASTATE_DEAD)
 2931                         continue;
 2932                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
 2933                         break;
 2934         }
 2935         SAHTREE_UNLOCK();
 2936 
 2937         return sah;
 2938 }
 2939 
 2940 /*
 2941  * check not to be duplicated SPI.
 2942  * NOTE: this function is too slow due to searching all SAD.
 2943  * OUT:
 2944  *      NULL    : not found
 2945  *      others  : found, pointer to a SA.
 2946  */
 2947 static struct secasvar *
 2948 key_checkspidup(struct secasindex *saidx, u_int32_t spi)
 2949 {
 2950         struct secashead *sah;
 2951         struct secasvar *sav;
 2952 
 2953         /* check address family */
 2954         if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
 2955                 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 2956                         __func__));
 2957                 return NULL;
 2958         }
 2959 
 2960         sav = NULL;
 2961         /* check all SAD */
 2962         SAHTREE_LOCK();
 2963         LIST_FOREACH(sah, &V_sahtree, chain) {
 2964                 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
 2965                         continue;
 2966                 sav = key_getsavbyspi(sah, spi);
 2967                 if (sav != NULL)
 2968                         break;
 2969         }
 2970         SAHTREE_UNLOCK();
 2971 
 2972         return sav;
 2973 }
 2974 
 2975 /*
 2976  * search SAD litmited alive SA, protocol, SPI.
 2977  * OUT:
 2978  *      NULL    : not found
 2979  *      others  : found, pointer to a SA.
 2980  */
 2981 static struct secasvar *
 2982 key_getsavbyspi(struct secashead *sah, u_int32_t spi)
 2983 {
 2984         struct secasvar *sav;
 2985         u_int stateidx, state;
 2986 
 2987         sav = NULL;
 2988         SAHTREE_LOCK_ASSERT();
 2989         /* search all status */
 2990         for (stateidx = 0;
 2991              stateidx < _ARRAYLEN(saorder_state_alive);
 2992              stateidx++) {
 2993 
 2994                 state = saorder_state_alive[stateidx];
 2995                 LIST_FOREACH(sav, &sah->savtree[state], chain) {
 2996 
 2997                         /* sanity check */
 2998                         if (sav->state != state) {
 2999                                 ipseclog((LOG_DEBUG, "%s: "
 3000                                     "invalid sav->state (queue: %d SA: %d)\n",
 3001                                     __func__, state, sav->state));
 3002                                 continue;
 3003                         }
 3004 
 3005                         if (sav->spi == spi)
 3006                                 return sav;
 3007                 }
 3008         }
 3009 
 3010         return NULL;
 3011 }
 3012 
 3013 /*
 3014  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 3015  * You must update these if need.
 3016  * OUT: 0:      success.
 3017  *      !0:     failure.
 3018  *
 3019  * does not modify mbuf.  does not free mbuf on error.
 3020  */
 3021 static int
 3022 key_setsaval(struct secasvar *sav, struct mbuf *m,
 3023     const struct sadb_msghdr *mhp)
 3024 {
 3025         int error = 0;
 3026 
 3027         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 3028         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 3029         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 3030 
 3031         /* initialization */
 3032         sav->replay = NULL;
 3033         sav->key_auth = NULL;
 3034         sav->key_enc = NULL;
 3035         sav->sched = NULL;
 3036         sav->schedlen = 0;
 3037         sav->lft_c = NULL;
 3038         sav->lft_h = NULL;
 3039         sav->lft_s = NULL;
 3040         sav->tdb_xform = NULL;          /* transform */
 3041         sav->tdb_encalgxform = NULL;    /* encoding algorithm */
 3042         sav->tdb_authalgxform = NULL;   /* authentication algorithm */
 3043         sav->tdb_compalgxform = NULL;   /* compression algorithm */
 3044         /*  Initialize even if NAT-T not compiled in: */
 3045         sav->natt_type = 0;
 3046         sav->natt_esp_frag_len = 0;
 3047 
 3048         /* SA */
 3049         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3050                 const struct sadb_sa *sa0;
 3051 
 3052                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3053                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3054                         error = EINVAL;
 3055                         goto fail;
 3056                 }
 3057 
 3058                 sav->alg_auth = sa0->sadb_sa_auth;
 3059                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3060                 sav->flags = sa0->sadb_sa_flags;
 3061 
 3062                 /* replay window */
 3063                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3064                         sav->replay = (struct secreplay *)
 3065                                 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO);
 3066                         if (sav->replay == NULL) {
 3067                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3068                                         __func__));
 3069                                 error = ENOBUFS;
 3070                                 goto fail;
 3071                         }
 3072                         if (sa0->sadb_sa_replay != 0)
 3073                                 sav->replay->bitmap = (caddr_t)(sav->replay+1);
 3074                         sav->replay->wsize = sa0->sadb_sa_replay;
 3075                 }
 3076         }
 3077 
 3078         /* Authentication keys */
 3079         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3080                 const struct sadb_key *key0;
 3081                 int len;
 3082 
 3083                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3084                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3085 
 3086                 error = 0;
 3087                 if (len < sizeof(*key0)) {
 3088                         error = EINVAL;
 3089                         goto fail;
 3090                 }
 3091                 switch (mhp->msg->sadb_msg_satype) {
 3092                 case SADB_SATYPE_AH:
 3093                 case SADB_SATYPE_ESP:
 3094                 case SADB_X_SATYPE_TCPSIGNATURE:
 3095                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3096                             sav->alg_auth != SADB_X_AALG_NULL)
 3097                                 error = EINVAL;
 3098                         break;
 3099                 case SADB_X_SATYPE_IPCOMP:
 3100                 default:
 3101                         error = EINVAL;
 3102                         break;
 3103                 }
 3104                 if (error) {
 3105                         ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n",
 3106                                 __func__));
 3107                         goto fail;
 3108                 }
 3109 
 3110                 sav->key_auth = (struct seckey *)key_dup_keymsg(key0, len,
 3111                                                                 M_IPSEC_MISC);
 3112                 if (sav->key_auth == NULL ) {
 3113                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3114                                   __func__));
 3115                         error = ENOBUFS;
 3116                         goto fail;
 3117                 }
 3118         }
 3119 
 3120         /* Encryption key */
 3121         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3122                 const struct sadb_key *key0;
 3123                 int len;
 3124 
 3125                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3126                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3127 
 3128                 error = 0;
 3129                 if (len < sizeof(*key0)) {
 3130                         error = EINVAL;
 3131                         goto fail;
 3132                 }
 3133                 switch (mhp->msg->sadb_msg_satype) {
 3134                 case SADB_SATYPE_ESP:
 3135                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3136                             sav->alg_enc != SADB_EALG_NULL) {
 3137                                 error = EINVAL;
 3138                                 break;
 3139                         }
 3140                         sav->key_enc = (struct seckey *)key_dup_keymsg(key0,
 3141                                                                        len,
 3142                                                                        M_IPSEC_MISC);
 3143                         if (sav->key_enc == NULL) {
 3144                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3145                                         __func__));
 3146                                 error = ENOBUFS;
 3147                                 goto fail;
 3148                         }
 3149                         break;
 3150                 case SADB_X_SATYPE_IPCOMP:
 3151                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3152                                 error = EINVAL;
 3153                         sav->key_enc = NULL;    /*just in case*/
 3154                         break;
 3155                 case SADB_SATYPE_AH:
 3156                 case SADB_X_SATYPE_TCPSIGNATURE:
 3157                 default:
 3158                         error = EINVAL;
 3159                         break;
 3160                 }
 3161                 if (error) {
 3162                         ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n",
 3163                                 __func__));
 3164                         goto fail;
 3165                 }
 3166         }
 3167 
 3168         /* set iv */
 3169         sav->ivlen = 0;
 3170 
 3171         switch (mhp->msg->sadb_msg_satype) {
 3172         case SADB_SATYPE_AH:
 3173                 error = xform_init(sav, XF_AH);
 3174                 break;
 3175         case SADB_SATYPE_ESP:
 3176                 error = xform_init(sav, XF_ESP);
 3177                 break;
 3178         case SADB_X_SATYPE_IPCOMP:
 3179                 error = xform_init(sav, XF_IPCOMP);
 3180                 break;
 3181         case SADB_X_SATYPE_TCPSIGNATURE:
 3182                 error = xform_init(sav, XF_TCPSIGNATURE);
 3183                 break;
 3184         }
 3185         if (error) {
 3186                 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n",
 3187                         __func__, mhp->msg->sadb_msg_satype));
 3188                 goto fail;
 3189         }
 3190 
 3191         /* reset created */
 3192         sav->created = time_second;
 3193 
 3194         /* make lifetime for CURRENT */
 3195         sav->lft_c = malloc(sizeof(struct seclifetime), M_IPSEC_MISC, M_NOWAIT);
 3196         if (sav->lft_c == NULL) {
 3197                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3198                 error = ENOBUFS;
 3199                 goto fail;
 3200         }
 3201 
 3202         sav->lft_c->allocations = 0;
 3203         sav->lft_c->bytes = 0;
 3204         sav->lft_c->addtime = time_second;
 3205         sav->lft_c->usetime = 0;
 3206 
 3207         /* lifetimes for HARD and SOFT */
 3208     {
 3209         const struct sadb_lifetime *lft0;
 3210 
 3211         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3212         if (lft0 != NULL) {
 3213                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3214                         error = EINVAL;
 3215                         goto fail;
 3216                 }
 3217                 sav->lft_h = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3218                 if (sav->lft_h == NULL) {
 3219                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3220                         error = ENOBUFS;
 3221                         goto fail;
 3222                 }
 3223                 /* to be initialize ? */
 3224         }
 3225 
 3226         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3227         if (lft0 != NULL) {
 3228                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3229                         error = EINVAL;
 3230                         goto fail;
 3231                 }
 3232                 sav->lft_s = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3233                 if (sav->lft_s == NULL) {
 3234                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3235                         error = ENOBUFS;
 3236                         goto fail;
 3237                 }
 3238                 /* to be initialize ? */
 3239         }
 3240     }
 3241 
 3242         return 0;
 3243 
 3244  fail:
 3245         /* initialization */
 3246         key_cleansav(sav);
 3247 
 3248         return error;
 3249 }
 3250 
 3251 /*
 3252  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3253  * OUT: 0:      valid
 3254  *      other:  errno
 3255  */
 3256 static int
 3257 key_mature(struct secasvar *sav)
 3258 {
 3259         int error;
 3260 
 3261         /* check SPI value */
 3262         switch (sav->sah->saidx.proto) {
 3263         case IPPROTO_ESP:
 3264         case IPPROTO_AH:
 3265                 /*
 3266                  * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
 3267                  * 1-255 reserved by IANA for future use,
 3268                  * 0 for implementation specific, local use.
 3269                  */
 3270                 if (ntohl(sav->spi) <= 255) {
 3271                         ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
 3272                             __func__, (u_int32_t)ntohl(sav->spi)));
 3273                         return EINVAL;
 3274                 }
 3275                 break;
 3276         }
 3277 
 3278         /* check satype */
 3279         switch (sav->sah->saidx.proto) {
 3280         case IPPROTO_ESP:
 3281                 /* check flags */
 3282                 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
 3283                     (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
 3284                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3285                                 "given to old-esp.\n", __func__));
 3286                         return EINVAL;
 3287                 }
 3288                 error = xform_init(sav, XF_ESP);
 3289                 break;
 3290         case IPPROTO_AH:
 3291                 /* check flags */
 3292                 if (sav->flags & SADB_X_EXT_DERIV) {
 3293                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3294                                 "given to AH SA.\n", __func__));
 3295                         return EINVAL;
 3296                 }
 3297                 if (sav->alg_enc != SADB_EALG_NONE) {
 3298                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3299                                 "mismated.\n", __func__));
 3300                         return(EINVAL);
 3301                 }
 3302                 error = xform_init(sav, XF_AH);
 3303                 break;
 3304         case IPPROTO_IPCOMP:
 3305                 if (sav->alg_auth != SADB_AALG_NONE) {
 3306                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3307                                 "mismated.\n", __func__));
 3308                         return(EINVAL);
 3309                 }
 3310                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
 3311                  && ntohl(sav->spi) >= 0x10000) {
 3312                         ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
 3313                                 __func__));
 3314                         return(EINVAL);
 3315                 }
 3316                 error = xform_init(sav, XF_IPCOMP);
 3317                 break;
 3318         case IPPROTO_TCP:
 3319                 if (sav->alg_enc != SADB_EALG_NONE) {
 3320                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3321                                 "mismated.\n", __func__));
 3322                         return(EINVAL);
 3323                 }
 3324                 error = xform_init(sav, XF_TCPSIGNATURE);
 3325                 break;
 3326         default:
 3327                 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
 3328                 error = EPROTONOSUPPORT;
 3329                 break;
 3330         }
 3331         if (error == 0) {
 3332                 SAHTREE_LOCK();
 3333                 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3334                 SAHTREE_UNLOCK();
 3335         }
 3336         return (error);
 3337 }
 3338 
 3339 /*
 3340  * subroutine for SADB_GET and SADB_DUMP.
 3341  */
 3342 static struct mbuf *
 3343 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
 3344     u_int32_t seq, u_int32_t pid)
 3345 {
 3346         struct mbuf *result = NULL, *tres = NULL, *m;
 3347         int i;
 3348         int dumporder[] = {
 3349                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3350                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3351                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3352                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3353                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3354                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3355 #ifdef IPSEC_NAT_T
 3356                 SADB_X_EXT_NAT_T_TYPE,
 3357                 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
 3358                 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
 3359                 SADB_X_EXT_NAT_T_FRAG,
 3360 #endif
 3361         };
 3362 
 3363         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3364         if (m == NULL)
 3365                 goto fail;
 3366         result = m;
 3367 
 3368         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3369                 m = NULL;
 3370                 switch (dumporder[i]) {
 3371                 case SADB_EXT_SA:
 3372                         m = key_setsadbsa(sav);
 3373                         if (!m)
 3374                                 goto fail;
 3375                         break;
 3376 
 3377                 case SADB_X_EXT_SA2:
 3378                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3379                                         sav->replay ? sav->replay->count : 0,
 3380                                         sav->sah->saidx.reqid);
 3381                         if (!m)
 3382                                 goto fail;
 3383                         break;
 3384 
 3385                 case SADB_EXT_ADDRESS_SRC:
 3386                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3387                             &sav->sah->saidx.src.sa,
 3388                             FULLMASK, IPSEC_ULPROTO_ANY);
 3389                         if (!m)
 3390                                 goto fail;
 3391                         break;
 3392 
 3393                 case SADB_EXT_ADDRESS_DST:
 3394                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3395                             &sav->sah->saidx.dst.sa,
 3396                             FULLMASK, IPSEC_ULPROTO_ANY);
 3397                         if (!m)
 3398                                 goto fail;
 3399                         break;
 3400 
 3401                 case SADB_EXT_KEY_AUTH:
 3402                         if (!sav->key_auth)
 3403                                 continue;
 3404                         m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
 3405                         if (!m)
 3406                                 goto fail;
 3407                         break;
 3408 
 3409                 case SADB_EXT_KEY_ENCRYPT:
 3410                         if (!sav->key_enc)
 3411                                 continue;
 3412                         m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
 3413                         if (!m)
 3414                                 goto fail;
 3415                         break;
 3416 
 3417                 case SADB_EXT_LIFETIME_CURRENT:
 3418                         if (!sav->lft_c)
 3419                                 continue;
 3420                         m = key_setlifetime(sav->lft_c, 
 3421                                             SADB_EXT_LIFETIME_CURRENT);
 3422                         if (!m)
 3423                                 goto fail;
 3424                         break;
 3425 
 3426                 case SADB_EXT_LIFETIME_HARD:
 3427                         if (!sav->lft_h)
 3428                                 continue;
 3429                         m = key_setlifetime(sav->lft_h, 
 3430                                             SADB_EXT_LIFETIME_HARD);
 3431                         if (!m)
 3432                                 goto fail;
 3433                         break;
 3434 
 3435                 case SADB_EXT_LIFETIME_SOFT:
 3436                         if (!sav->lft_s)
 3437                                 continue;
 3438                         m = key_setlifetime(sav->lft_s, 
 3439                                             SADB_EXT_LIFETIME_SOFT);
 3440 
 3441                         if (!m)
 3442                                 goto fail;
 3443                         break;
 3444 
 3445 #ifdef IPSEC_NAT_T
 3446                 case SADB_X_EXT_NAT_T_TYPE:
 3447                         m = key_setsadbxtype(sav->natt_type);
 3448                         if (!m)
 3449                                 goto fail;
 3450                         break;
 3451                 
 3452                 case SADB_X_EXT_NAT_T_DPORT:
 3453                         m = key_setsadbxport(
 3454                             KEY_PORTFROMSADDR(&sav->sah->saidx.dst),
 3455                             SADB_X_EXT_NAT_T_DPORT);
 3456                         if (!m)
 3457                                 goto fail;
 3458                         break;
 3459 
 3460                 case SADB_X_EXT_NAT_T_SPORT:
 3461                         m = key_setsadbxport(
 3462                             KEY_PORTFROMSADDR(&sav->sah->saidx.src),
 3463                             SADB_X_EXT_NAT_T_SPORT);
 3464                         if (!m)
 3465                                 goto fail;
 3466                         break;
 3467 
 3468                 case SADB_X_EXT_NAT_T_OAI:
 3469                 case SADB_X_EXT_NAT_T_OAR:
 3470                 case SADB_X_EXT_NAT_T_FRAG:
 3471                         /* We do not (yet) support those. */
 3472                         continue;
 3473 #endif
 3474 
 3475                 case SADB_EXT_ADDRESS_PROXY:
 3476                 case SADB_EXT_IDENTITY_SRC:
 3477                 case SADB_EXT_IDENTITY_DST:
 3478                         /* XXX: should we brought from SPD ? */
 3479                 case SADB_EXT_SENSITIVITY:
 3480                 default:
 3481                         continue;
 3482                 }
 3483 
 3484                 if (!m)
 3485                         goto fail;
 3486                 if (tres)
 3487                         m_cat(m, tres);
 3488                 tres = m;
 3489                   
 3490         }
 3491 
 3492         m_cat(result, tres);
 3493         tres = NULL;
 3494         if (result->m_len < sizeof(struct sadb_msg)) {
 3495                 result = m_pullup(result, sizeof(struct sadb_msg));
 3496                 if (result == NULL)
 3497                         goto fail;
 3498         }
 3499 
 3500         result->m_pkthdr.len = 0;
 3501         for (m = result; m; m = m->m_next)
 3502                 result->m_pkthdr.len += m->m_len;
 3503 
 3504         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3505             PFKEY_UNIT64(result->m_pkthdr.len);
 3506 
 3507         return result;
 3508 
 3509 fail:
 3510         m_freem(result);
 3511         m_freem(tres);
 3512         return NULL;
 3513 }
 3514 
 3515 /*
 3516  * set data into sadb_msg.
 3517  */
 3518 static struct mbuf *
 3519 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq,
 3520     pid_t pid, u_int16_t reserved)
 3521 {
 3522         struct mbuf *m;
 3523         struct sadb_msg *p;
 3524         int len;
 3525 
 3526         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3527         if (len > MCLBYTES)
 3528                 return NULL;
 3529         MGETHDR(m, M_NOWAIT, MT_DATA);
 3530         if (m && len > MHLEN) {
 3531                 if (!(MCLGET(m, M_NOWAIT))) {
 3532                         m_freem(m);
 3533                         m = NULL;
 3534                 }
 3535         }
 3536         if (!m)
 3537                 return NULL;
 3538         m->m_pkthdr.len = m->m_len = len;
 3539         m->m_next = NULL;
 3540 
 3541         p = mtod(m, struct sadb_msg *);
 3542 
 3543         bzero(p, len);
 3544         p->sadb_msg_version = PF_KEY_V2;
 3545         p->sadb_msg_type = type;
 3546         p->sadb_msg_errno = 0;
 3547         p->sadb_msg_satype = satype;
 3548         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3549         p->sadb_msg_reserved = reserved;
 3550         p->sadb_msg_seq = seq;
 3551         p->sadb_msg_pid = (u_int32_t)pid;
 3552 
 3553         return m;
 3554 }
 3555 
 3556 /*
 3557  * copy secasvar data into sadb_address.
 3558  */
 3559 static struct mbuf *
 3560 key_setsadbsa(struct secasvar *sav)
 3561 {
 3562         struct mbuf *m;
 3563         struct sadb_sa *p;
 3564         int len;
 3565 
 3566         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3567         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3568         if (m == NULL)
 3569                 return (NULL);
 3570         m_align(m, len);
 3571         m->m_len = len;
 3572         p = mtod(m, struct sadb_sa *);
 3573         bzero(p, len);
 3574         p->sadb_sa_len = PFKEY_UNIT64(len);
 3575         p->sadb_sa_exttype = SADB_EXT_SA;
 3576         p->sadb_sa_spi = sav->spi;
 3577         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3578         p->sadb_sa_state = sav->state;
 3579         p->sadb_sa_auth = sav->alg_auth;
 3580         p->sadb_sa_encrypt = sav->alg_enc;
 3581         p->sadb_sa_flags = sav->flags;
 3582 
 3583         return m;
 3584 }
 3585 
 3586 /*
 3587  * set data into sadb_address.
 3588  */
 3589 static struct mbuf *
 3590 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
 3591     u_int8_t prefixlen, u_int16_t ul_proto)
 3592 {
 3593         struct mbuf *m;
 3594         struct sadb_address *p;
 3595         size_t len;
 3596 
 3597         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3598             PFKEY_ALIGN8(saddr->sa_len);
 3599         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3600         if (m == NULL)
 3601                 return (NULL);
 3602         m_align(m, len);
 3603         m->m_len = len;
 3604         p = mtod(m, struct sadb_address *);
 3605 
 3606         bzero(p, len);
 3607         p->sadb_address_len = PFKEY_UNIT64(len);
 3608         p->sadb_address_exttype = exttype;
 3609         p->sadb_address_proto = ul_proto;
 3610         if (prefixlen == FULLMASK) {
 3611                 switch (saddr->sa_family) {
 3612                 case AF_INET:
 3613                         prefixlen = sizeof(struct in_addr) << 3;
 3614                         break;
 3615                 case AF_INET6:
 3616                         prefixlen = sizeof(struct in6_addr) << 3;
 3617                         break;
 3618                 default:
 3619                         ; /*XXX*/
 3620                 }
 3621         }
 3622         p->sadb_address_prefixlen = prefixlen;
 3623         p->sadb_address_reserved = 0;
 3624 
 3625         bcopy(saddr,
 3626             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3627             saddr->sa_len);
 3628 
 3629         return m;
 3630 }
 3631 
 3632 /*
 3633  * set data into sadb_x_sa2.
 3634  */
 3635 static struct mbuf *
 3636 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
 3637 {
 3638         struct mbuf *m;
 3639         struct sadb_x_sa2 *p;
 3640         size_t len;
 3641 
 3642         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3643         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3644         if (m == NULL)
 3645                 return (NULL);
 3646         m_align(m, len);
 3647         m->m_len = len;
 3648         p = mtod(m, struct sadb_x_sa2 *);
 3649 
 3650         bzero(p, len);
 3651         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3652         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3653         p->sadb_x_sa2_mode = mode;
 3654         p->sadb_x_sa2_reserved1 = 0;
 3655         p->sadb_x_sa2_reserved2 = 0;
 3656         p->sadb_x_sa2_sequence = seq;
 3657         p->sadb_x_sa2_reqid = reqid;
 3658 
 3659         return m;
 3660 }
 3661 
 3662 #ifdef IPSEC_NAT_T
 3663 /*
 3664  * Set a type in sadb_x_nat_t_type.
 3665  */
 3666 static struct mbuf *
 3667 key_setsadbxtype(u_int16_t type)
 3668 {
 3669         struct mbuf *m;
 3670         size_t len;
 3671         struct sadb_x_nat_t_type *p;
 3672 
 3673         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
 3674 
 3675         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3676         if (m == NULL)
 3677                 return (NULL);
 3678         m_align(m, len);
 3679         m->m_len = len;
 3680         p = mtod(m, struct sadb_x_nat_t_type *);
 3681 
 3682         bzero(p, len);
 3683         p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
 3684         p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
 3685         p->sadb_x_nat_t_type_type = type;
 3686 
 3687         return (m);
 3688 }
 3689 /*
 3690  * Set a port in sadb_x_nat_t_port.
 3691  * In contrast to default RFC 2367 behaviour, port is in network byte order.
 3692  */
 3693 static struct mbuf *
 3694 key_setsadbxport(u_int16_t port, u_int16_t type)
 3695 {
 3696         struct mbuf *m;
 3697         size_t len;
 3698         struct sadb_x_nat_t_port *p;
 3699 
 3700         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
 3701 
 3702         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3703         if (m == NULL)
 3704                 return (NULL);
 3705         m_align(m, len);
 3706         m->m_len = len;
 3707         p = mtod(m, struct sadb_x_nat_t_port *);
 3708 
 3709         bzero(p, len);
 3710         p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
 3711         p->sadb_x_nat_t_port_exttype = type;
 3712         p->sadb_x_nat_t_port_port = port;
 3713 
 3714         return (m);
 3715 }
 3716 
 3717 /* 
 3718  * Get port from sockaddr. Port is in network byte order.
 3719  */
 3720 u_int16_t
 3721 key_portfromsaddr(struct sockaddr *sa)
 3722 {
 3723 
 3724         switch (sa->sa_family) {
 3725 #ifdef INET
 3726         case AF_INET:
 3727                 return ((struct sockaddr_in *)sa)->sin_port;
 3728 #endif
 3729 #ifdef INET6
 3730         case AF_INET6:
 3731                 return ((struct sockaddr_in6 *)sa)->sin6_port;
 3732 #endif
 3733         }
 3734         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 3735                 printf("DP %s unexpected address family %d\n",
 3736                         __func__, sa->sa_family));
 3737         return (0);
 3738 }
 3739 #endif /* IPSEC_NAT_T */
 3740 
 3741 /*
 3742  * Set port in struct sockaddr. Port is in network byte order.
 3743  */
 3744 static void
 3745 key_porttosaddr(struct sockaddr *sa, u_int16_t port)
 3746 {
 3747 
 3748         switch (sa->sa_family) {
 3749 #ifdef INET
 3750         case AF_INET:
 3751                 ((struct sockaddr_in *)sa)->sin_port = port;
 3752                 break;
 3753 #endif
 3754 #ifdef INET6
 3755         case AF_INET6:
 3756                 ((struct sockaddr_in6 *)sa)->sin6_port = port;
 3757                 break;
 3758 #endif
 3759         default:
 3760                 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n",
 3761                         __func__, sa->sa_family));
 3762                 break;
 3763         }
 3764 }
 3765 
 3766 /*
 3767  * set data into sadb_x_policy
 3768  */
 3769 static struct mbuf *
 3770 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority)
 3771 {
 3772         struct mbuf *m;
 3773         struct sadb_x_policy *p;
 3774         size_t len;
 3775 
 3776         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3777         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3778         if (m == NULL)
 3779                 return (NULL);
 3780         m_align(m, len);
 3781         m->m_len = len;
 3782         p = mtod(m, struct sadb_x_policy *);
 3783 
 3784         bzero(p, len);
 3785         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3786         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3787         p->sadb_x_policy_type = type;
 3788         p->sadb_x_policy_dir = dir;
 3789         p->sadb_x_policy_id = id;
 3790         p->sadb_x_policy_priority = priority;
 3791 
 3792         return m;
 3793 }
 3794 
 3795 /* %%% utilities */
 3796 /* Take a key message (sadb_key) from the socket and turn it into one
 3797  * of the kernel's key structures (seckey).
 3798  *
 3799  * IN: pointer to the src
 3800  * OUT: NULL no more memory
 3801  */
 3802 struct seckey *
 3803 key_dup_keymsg(const struct sadb_key *src, u_int len,
 3804     struct malloc_type *type)
 3805 {
 3806         struct seckey *dst;
 3807         dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT);
 3808         if (dst != NULL) {
 3809                 dst->bits = src->sadb_key_bits;
 3810                 dst->key_data = (char *)malloc(len, type, M_NOWAIT);
 3811                 if (dst->key_data != NULL) {
 3812                         bcopy((const char *)src + sizeof(struct sadb_key), 
 3813                               dst->key_data, len);
 3814                 } else {
 3815                         ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3816                                   __func__));
 3817                         free(dst, type);
 3818                         dst = NULL;
 3819                 }
 3820         } else {
 3821                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3822                           __func__));
 3823 
 3824         }
 3825         return dst;
 3826 }
 3827 
 3828 /* Take a lifetime message (sadb_lifetime) passed in on a socket and
 3829  * turn it into one of the kernel's lifetime structures (seclifetime).
 3830  *
 3831  * IN: pointer to the destination, source and malloc type
 3832  * OUT: NULL, no more memory
 3833  */
 3834 
 3835 static struct seclifetime *
 3836 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type)
 3837 {
 3838         struct seclifetime *dst = NULL;
 3839 
 3840         dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), 
 3841                                            type, M_NOWAIT);
 3842         if (dst == NULL) {
 3843                 /* XXX counter */
 3844                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3845         } else {
 3846                 dst->allocations = src->sadb_lifetime_allocations;
 3847                 dst->bytes = src->sadb_lifetime_bytes;
 3848                 dst->addtime = src->sadb_lifetime_addtime;
 3849                 dst->usetime = src->sadb_lifetime_usetime;
 3850         }
 3851         return dst;
 3852 }
 3853 
 3854 /* compare my own address
 3855  * OUT: 1: true, i.e. my address.
 3856  *      0: false
 3857  */
 3858 int
 3859 key_ismyaddr(struct sockaddr *sa)
 3860 {
 3861 
 3862         IPSEC_ASSERT(sa != NULL, ("null sockaddr"));
 3863         switch (sa->sa_family) {
 3864 #ifdef INET
 3865         case AF_INET:
 3866                 return (in_localip(satosin(sa)->sin_addr));
 3867 #endif
 3868 #ifdef INET6
 3869         case AF_INET6:
 3870                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3871 #endif
 3872         }
 3873 
 3874         return 0;
 3875 }
 3876 
 3877 #ifdef INET6
 3878 /*
 3879  * compare my own address for IPv6.
 3880  * 1: ours
 3881  * 0: other
 3882  */
 3883 static int
 3884 key_ismyaddr6(struct sockaddr_in6 *sin6)
 3885 {
 3886         struct in6_addr in6;
 3887 
 3888         if (!IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr))
 3889                 return (in6_localip(&sin6->sin6_addr));
 3890 
 3891         /* Convert address into kernel-internal form */
 3892         in6 = sin6->sin6_addr;
 3893         in6.s6_addr16[1] = htons(sin6->sin6_scope_id & 0xffff);
 3894         return (in6_localip(&in6));
 3895 }
 3896 #endif /*INET6*/
 3897 
 3898 /*
 3899  * compare two secasindex structure.
 3900  * flag can specify to compare 2 saidxes.
 3901  * compare two secasindex structure without both mode and reqid.
 3902  * don't compare port.
 3903  * IN:  
 3904  *      saidx0: source, it can be in SAD.
 3905  *      saidx1: object.
 3906  * OUT: 
 3907  *      1 : equal
 3908  *      0 : not equal
 3909  */
 3910 static int
 3911 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1,
 3912     int flag)
 3913 {
 3914         int chkport = 0;
 3915 
 3916         /* sanity */
 3917         if (saidx0 == NULL && saidx1 == NULL)
 3918                 return 1;
 3919 
 3920         if (saidx0 == NULL || saidx1 == NULL)
 3921                 return 0;
 3922 
 3923         if (saidx0->proto != saidx1->proto)
 3924                 return 0;
 3925 
 3926         if (flag == CMP_EXACTLY) {
 3927                 if (saidx0->mode != saidx1->mode)
 3928                         return 0;
 3929                 if (saidx0->reqid != saidx1->reqid)
 3930                         return 0;
 3931                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
 3932                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
 3933                         return 0;
 3934         } else {
 3935 
 3936                 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
 3937                 if (flag == CMP_MODE_REQID
 3938                   ||flag == CMP_REQID) {
 3939                         /*
 3940                          * If reqid of SPD is non-zero, unique SA is required.
 3941                          * The result must be of same reqid in this case.
 3942                          */
 3943                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 3944                                 return 0;
 3945                 }
 3946 
 3947                 if (flag == CMP_MODE_REQID) {
 3948                         if (saidx0->mode != IPSEC_MODE_ANY
 3949                          && saidx0->mode != saidx1->mode)
 3950                                 return 0;
 3951                 }
 3952 
 3953 #ifdef IPSEC_NAT_T
 3954                 /*
 3955                  * If NAT-T is enabled, check ports for tunnel mode.
 3956                  * Do not check ports if they are set to zero in the SPD.
 3957                  * Also do not do it for native transport mode, as there
 3958                  * is no port information available in the SP.
 3959                  */
 3960                 if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
 3961                      (saidx1->mode == IPSEC_MODE_TRANSPORT &&
 3962                       saidx1->proto == IPPROTO_ESP)) &&
 3963                     saidx1->src.sa.sa_family == AF_INET &&
 3964                     saidx1->dst.sa.sa_family == AF_INET &&
 3965                     ((const struct sockaddr_in *)(&saidx1->src))->sin_port &&
 3966                     ((const struct sockaddr_in *)(&saidx1->dst))->sin_port)
 3967                         chkport = 1;
 3968 #endif /* IPSEC_NAT_T */
 3969 
 3970                 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, chkport) != 0) {
 3971                         return 0;
 3972                 }
 3973                 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, chkport) != 0) {
 3974                         return 0;
 3975                 }
 3976         }
 3977 
 3978         return 1;
 3979 }
 3980 
 3981 /*
 3982  * compare two secindex structure exactly.
 3983  * IN:
 3984  *      spidx0: source, it is often in SPD.
 3985  *      spidx1: object, it is often from PFKEY message.
 3986  * OUT:
 3987  *      1 : equal
 3988  *      0 : not equal
 3989  */
 3990 static int
 3991 key_cmpspidx_exactly(struct secpolicyindex *spidx0,
 3992     struct secpolicyindex *spidx1)
 3993 {
 3994         /* sanity */
 3995         if (spidx0 == NULL && spidx1 == NULL)
 3996                 return 1;
 3997 
 3998         if (spidx0 == NULL || spidx1 == NULL)
 3999                 return 0;
 4000 
 4001         if (spidx0->prefs != spidx1->prefs
 4002          || spidx0->prefd != spidx1->prefd
 4003          || spidx0->ul_proto != spidx1->ul_proto)
 4004                 return 0;
 4005 
 4006         return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
 4007                key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
 4008 }
 4009 
 4010 /*
 4011  * compare two secindex structure with mask.
 4012  * IN:
 4013  *      spidx0: source, it is often in SPD.
 4014  *      spidx1: object, it is often from IP header.
 4015  * OUT:
 4016  *      1 : equal
 4017  *      0 : not equal
 4018  */
 4019 static int
 4020 key_cmpspidx_withmask(struct secpolicyindex *spidx0,
 4021     struct secpolicyindex *spidx1)
 4022 {
 4023         /* sanity */
 4024         if (spidx0 == NULL && spidx1 == NULL)
 4025                 return 1;
 4026 
 4027         if (spidx0 == NULL || spidx1 == NULL)
 4028                 return 0;
 4029 
 4030         if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
 4031             spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
 4032             spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
 4033             spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
 4034                 return 0;
 4035 
 4036         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4037         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
 4038          && spidx0->ul_proto != spidx1->ul_proto)
 4039                 return 0;
 4040 
 4041         switch (spidx0->src.sa.sa_family) {
 4042         case AF_INET:
 4043                 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
 4044                  && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
 4045                         return 0;
 4046                 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
 4047                     &spidx1->src.sin.sin_addr, spidx0->prefs))
 4048                         return 0;
 4049                 break;
 4050         case AF_INET6:
 4051                 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
 4052                  && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
 4053                         return 0;
 4054                 /*
 4055                  * scope_id check. if sin6_scope_id is 0, we regard it
 4056                  * as a wildcard scope, which matches any scope zone ID. 
 4057                  */
 4058                 if (spidx0->src.sin6.sin6_scope_id &&
 4059                     spidx1->src.sin6.sin6_scope_id &&
 4060                     spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
 4061                         return 0;
 4062                 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
 4063                     &spidx1->src.sin6.sin6_addr, spidx0->prefs))
 4064                         return 0;
 4065                 break;
 4066         default:
 4067                 /* XXX */
 4068                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
 4069                         return 0;
 4070                 break;
 4071         }
 4072 
 4073         switch (spidx0->dst.sa.sa_family) {
 4074         case AF_INET:
 4075                 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
 4076                  && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
 4077                         return 0;
 4078                 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
 4079                     &spidx1->dst.sin.sin_addr, spidx0->prefd))
 4080                         return 0;
 4081                 break;
 4082         case AF_INET6:
 4083                 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
 4084                  && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
 4085                         return 0;
 4086                 /*
 4087                  * scope_id check. if sin6_scope_id is 0, we regard it
 4088                  * as a wildcard scope, which matches any scope zone ID. 
 4089                  */
 4090                 if (spidx0->dst.sin6.sin6_scope_id &&
 4091                     spidx1->dst.sin6.sin6_scope_id &&
 4092                     spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
 4093                         return 0;
 4094                 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
 4095                     &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
 4096                         return 0;
 4097                 break;
 4098         default:
 4099                 /* XXX */
 4100                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
 4101                         return 0;
 4102                 break;
 4103         }
 4104 
 4105         /* XXX Do we check other field ?  e.g. flowinfo */
 4106 
 4107         return 1;
 4108 }
 4109 
 4110 /* returns 0 on match */
 4111 static int
 4112 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2,
 4113     int port)
 4114 {
 4115 #ifdef satosin
 4116 #undef satosin
 4117 #endif
 4118 #define satosin(s) ((const struct sockaddr_in *)s)
 4119 #ifdef satosin6
 4120 #undef satosin6
 4121 #endif
 4122 #define satosin6(s) ((const struct sockaddr_in6 *)s)
 4123         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4124                 return 1;
 4125 
 4126         switch (sa1->sa_family) {
 4127         case AF_INET:
 4128                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4129                         return 1;
 4130                 if (satosin(sa1)->sin_addr.s_addr !=
 4131                     satosin(sa2)->sin_addr.s_addr) {
 4132                         return 1;
 4133                 }
 4134                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4135                         return 1;
 4136                 break;
 4137         case AF_INET6:
 4138                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4139                         return 1;       /*EINVAL*/
 4140                 if (satosin6(sa1)->sin6_scope_id !=
 4141                     satosin6(sa2)->sin6_scope_id) {
 4142                         return 1;
 4143                 }
 4144                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4145                     &satosin6(sa2)->sin6_addr)) {
 4146                         return 1;
 4147                 }
 4148                 if (port &&
 4149                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4150                         return 1;
 4151                 }
 4152                 break;
 4153         default:
 4154                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4155                         return 1;
 4156                 break;
 4157         }
 4158 
 4159         return 0;
 4160 #undef satosin
 4161 #undef satosin6
 4162 }
 4163 
 4164 /*
 4165  * compare two buffers with mask.
 4166  * IN:
 4167  *      addr1: source
 4168  *      addr2: object
 4169  *      bits:  Number of bits to compare
 4170  * OUT:
 4171  *      1 : equal
 4172  *      0 : not equal
 4173  */
 4174 static int
 4175 key_bbcmp(const void *a1, const void *a2, u_int bits)
 4176 {
 4177         const unsigned char *p1 = a1;
 4178         const unsigned char *p2 = a2;
 4179 
 4180         /* XXX: This could be considerably faster if we compare a word
 4181          * at a time, but it is complicated on LSB Endian machines */
 4182 
 4183         /* Handle null pointers */
 4184         if (p1 == NULL || p2 == NULL)
 4185                 return (p1 == p2);
 4186 
 4187         while (bits >= 8) {
 4188                 if (*p1++ != *p2++)
 4189                         return 0;
 4190                 bits -= 8;
 4191         }
 4192 
 4193         if (bits > 0) {
 4194                 u_int8_t mask = ~((1<<(8-bits))-1);
 4195                 if ((*p1 & mask) != (*p2 & mask))
 4196                         return 0;
 4197         }
 4198         return 1;       /* Match! */
 4199 }
 4200 
 4201 static void
 4202 key_flush_spd(time_t now)
 4203 {
 4204         SPTREE_RLOCK_TRACKER;
 4205         struct secpolicy *sp;
 4206         u_int dir;
 4207 
 4208         /* SPD */
 4209         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4210 restart:
 4211                 SPTREE_RLOCK();
 4212                 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
 4213                         if (sp->lifetime == 0 && sp->validtime == 0)
 4214                                 continue;
 4215                         if ((sp->lifetime &&
 4216                             now - sp->created > sp->lifetime) ||
 4217                             (sp->validtime &&
 4218                             now - sp->lastused > sp->validtime)) {
 4219                                 SP_ADDREF(sp);
 4220                                 SPTREE_RUNLOCK();
 4221                                 key_spdexpire(sp);
 4222                                 key_unlink(sp);
 4223                                 KEY_FREESP(&sp);
 4224                                 goto restart;
 4225                         }
 4226                 }
 4227                 SPTREE_RUNLOCK();
 4228         }
 4229 }
 4230 
 4231 static void
 4232 key_flush_sad(time_t now)
 4233 {
 4234         struct secashead *sah, *nextsah;
 4235         struct secasvar *sav, *nextsav;
 4236 
 4237         /* SAD */
 4238         SAHTREE_LOCK();
 4239         LIST_FOREACH_SAFE(sah, &V_sahtree, chain, nextsah) {
 4240                 /* if sah has been dead, then delete it and process next sah. */
 4241                 if (sah->state == SADB_SASTATE_DEAD) {
 4242                         key_delsah(sah);
 4243                         continue;
 4244                 }
 4245 
 4246                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4247                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) {
 4248                         /* Need to also check refcnt for a larval SA ??? */
 4249                         if (now - sav->created > V_key_larval_lifetime)
 4250                                 KEY_FREESAV(&sav);
 4251                 }
 4252 
 4253                 /*
 4254                  * check MATURE entry to start to send expire message
 4255                  * whether or not.
 4256                  */
 4257                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) {
 4258                         /* we don't need to check. */
 4259                         if (sav->lft_s == NULL)
 4260                                 continue;
 4261 
 4262                         /* sanity check */
 4263                         if (sav->lft_c == NULL) {
 4264                                 ipseclog((LOG_DEBUG,"%s: there is no CURRENT "
 4265                                         "time, why?\n", __func__));
 4266                                 continue;
 4267                         }
 4268                         /*
 4269                          * RFC 2367:
 4270                          * HARD lifetimes MUST take precedence over SOFT
 4271                          * lifetimes, meaning if the HARD and SOFT lifetimes
 4272                          * are the same, the HARD lifetime will appear on the
 4273                          * EXPIRE message.
 4274                          */
 4275                         /* check HARD lifetime */
 4276                         if ((sav->lft_h->addtime != 0 &&
 4277                             now - sav->created > sav->lft_h->addtime) ||
 4278                             (sav->lft_h->bytes != 0 &&
 4279                             sav->lft_h->bytes < sav->lft_c->bytes)) {
 4280                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4281                                 key_expire(sav, 1);
 4282                                 KEY_FREESAV(&sav);
 4283                         }
 4284                         /* check SOFT lifetime */
 4285                         else if ((sav->lft_s->addtime != 0 &&
 4286                             now - sav->created > sav->lft_s->addtime) ||
 4287                             (sav->lft_s->bytes != 0 &&
 4288                             sav->lft_s->bytes < sav->lft_c->bytes)) {
 4289                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4290                                 key_expire(sav, 0);
 4291                         }
 4292                 }
 4293 
 4294                 /* check DYING entry to change status to DEAD. */
 4295                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) {
 4296                         /* we don't need to check. */
 4297                         if (sav->lft_h == NULL)
 4298                                 continue;
 4299 
 4300                         /* sanity check */
 4301                         if (sav->lft_c == NULL) {
 4302                                 ipseclog((LOG_DEBUG, "%s: there is no CURRENT "
 4303                                         "time, why?\n", __func__));
 4304                                 continue;
 4305                         }
 4306 
 4307                         if (sav->lft_h->addtime != 0 &&
 4308                             now - sav->created > sav->lft_h->addtime) {
 4309                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4310                                 key_expire(sav, 1);
 4311                                 KEY_FREESAV(&sav);
 4312                         }
 4313 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4314                         else if (sav->lft_s != NULL
 4315                               && sav->lft_s->addtime != 0
 4316                               && now - sav->created > sav->lft_s->addtime) {
 4317                                 /*
 4318                                  * XXX: should be checked to be
 4319                                  * installed the valid SA.
 4320                                  */
 4321 
 4322                                 /*
 4323                                  * If there is no SA then sending
 4324                                  * expire message.
 4325                                  */
 4326                                 key_expire(sav, 0);
 4327                         }
 4328 #endif
 4329                         /* check HARD lifetime by bytes */
 4330                         else if (sav->lft_h->bytes != 0 &&
 4331                             sav->lft_h->bytes < sav->lft_c->bytes) {
 4332                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4333                                 key_expire(sav, 1);
 4334                                 KEY_FREESAV(&sav);
 4335                         }
 4336                 }
 4337 
 4338                 /* delete entry in DEAD */
 4339                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) {
 4340                         /* sanity check */
 4341                         if (sav->state != SADB_SASTATE_DEAD) {
 4342                                 ipseclog((LOG_DEBUG, "%s: invalid sav->state "
 4343                                         "(queue: %d SA: %d): kill it anyway\n",
 4344                                         __func__,
 4345                                         SADB_SASTATE_DEAD, sav->state));
 4346                         }
 4347                         /*
 4348                          * do not call key_freesav() here.
 4349                          * sav should already be freed, and sav->refcnt
 4350                          * shows other references to sav
 4351                          * (such as from SPD).
 4352                          */
 4353                 }
 4354         }
 4355         SAHTREE_UNLOCK();
 4356 }
 4357 
 4358 static void
 4359 key_flush_acq(time_t now)
 4360 {
 4361         struct secacq *acq, *nextacq;
 4362 
 4363         /* ACQ tree */
 4364         ACQ_LOCK();
 4365         for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) {
 4366                 nextacq = LIST_NEXT(acq, chain);
 4367                 if (now - acq->created > V_key_blockacq_lifetime
 4368                  && __LIST_CHAINED(acq)) {
 4369                         LIST_REMOVE(acq, chain);
 4370                         free(acq, M_IPSEC_SAQ);
 4371                 }
 4372         }
 4373         ACQ_UNLOCK();
 4374 }
 4375 
 4376 static void
 4377 key_flush_spacq(time_t now)
 4378 {
 4379         struct secspacq *acq, *nextacq;
 4380 
 4381         /* SP ACQ tree */
 4382         SPACQ_LOCK();
 4383         for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) {
 4384                 nextacq = LIST_NEXT(acq, chain);
 4385                 if (now - acq->created > V_key_blockacq_lifetime
 4386                  && __LIST_CHAINED(acq)) {
 4387                         LIST_REMOVE(acq, chain);
 4388                         free(acq, M_IPSEC_SAQ);
 4389                 }
 4390         }
 4391         SPACQ_UNLOCK();
 4392 }
 4393 
 4394 /*
 4395  * time handler.
 4396  * scanning SPD and SAD to check status for each entries,
 4397  * and do to remove or to expire.
 4398  * XXX: year 2038 problem may remain.
 4399  */
 4400 static void
 4401 key_timehandler(void *arg)
 4402 {
 4403         VNET_ITERATOR_DECL(vnet_iter);
 4404         time_t now = time_second;
 4405 
 4406         VNET_LIST_RLOCK_NOSLEEP();
 4407         VNET_FOREACH(vnet_iter) {
 4408                 CURVNET_SET(vnet_iter);
 4409                 key_flush_spd(now);
 4410                 key_flush_sad(now);
 4411                 key_flush_acq(now);
 4412                 key_flush_spacq(now);
 4413                 CURVNET_RESTORE();
 4414         }
 4415         VNET_LIST_RUNLOCK_NOSLEEP();
 4416 
 4417 #ifndef IPSEC_DEBUG2
 4418         /* do exchange to tick time !! */
 4419         callout_schedule(&key_timer, hz);
 4420 #endif /* IPSEC_DEBUG2 */
 4421 }
 4422 
 4423 u_long
 4424 key_random()
 4425 {
 4426         u_long value;
 4427 
 4428         key_randomfill(&value, sizeof(value));
 4429         return value;
 4430 }
 4431 
 4432 void
 4433 key_randomfill(void *p, size_t l)
 4434 {
 4435         size_t n;
 4436         u_long v;
 4437         static int warn = 1;
 4438 
 4439         n = 0;
 4440         n = (size_t)read_random(p, (u_int)l);
 4441         /* last resort */
 4442         while (n < l) {
 4443                 v = random();
 4444                 bcopy(&v, (u_int8_t *)p + n,
 4445                     l - n < sizeof(v) ? l - n : sizeof(v));
 4446                 n += sizeof(v);
 4447 
 4448                 if (warn) {
 4449                         printf("WARNING: pseudo-random number generator "
 4450                             "used for IPsec processing\n");
 4451                         warn = 0;
 4452                 }
 4453         }
 4454 }
 4455 
 4456 /*
 4457  * map SADB_SATYPE_* to IPPROTO_*.
 4458  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4459  * OUT:
 4460  *      0: invalid satype.
 4461  */
 4462 static u_int16_t
 4463 key_satype2proto(u_int8_t satype)
 4464 {
 4465         switch (satype) {
 4466         case SADB_SATYPE_UNSPEC:
 4467                 return IPSEC_PROTO_ANY;
 4468         case SADB_SATYPE_AH:
 4469                 return IPPROTO_AH;
 4470         case SADB_SATYPE_ESP:
 4471                 return IPPROTO_ESP;
 4472         case SADB_X_SATYPE_IPCOMP:
 4473                 return IPPROTO_IPCOMP;
 4474         case SADB_X_SATYPE_TCPSIGNATURE:
 4475                 return IPPROTO_TCP;
 4476         default:
 4477                 return 0;
 4478         }
 4479         /* NOTREACHED */
 4480 }
 4481 
 4482 /*
 4483  * map IPPROTO_* to SADB_SATYPE_*
 4484  * OUT:
 4485  *      0: invalid protocol type.
 4486  */
 4487 static u_int8_t
 4488 key_proto2satype(u_int16_t proto)
 4489 {
 4490         switch (proto) {
 4491         case IPPROTO_AH:
 4492                 return SADB_SATYPE_AH;
 4493         case IPPROTO_ESP:
 4494                 return SADB_SATYPE_ESP;
 4495         case IPPROTO_IPCOMP:
 4496                 return SADB_X_SATYPE_IPCOMP;
 4497         case IPPROTO_TCP:
 4498                 return SADB_X_SATYPE_TCPSIGNATURE;
 4499         default:
 4500                 return 0;
 4501         }
 4502         /* NOTREACHED */
 4503 }
 4504 
 4505 /* %%% PF_KEY */
 4506 /*
 4507  * SADB_GETSPI processing is to receive
 4508  *      <base, (SA2), src address, dst address, (SPI range)>
 4509  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4510  * tree with the status of LARVAL, and send
 4511  *      <base, SA(*), address(SD)>
 4512  * to the IKMPd.
 4513  *
 4514  * IN:  mhp: pointer to the pointer to each header.
 4515  * OUT: NULL if fail.
 4516  *      other if success, return pointer to the message to send.
 4517  */
 4518 static int
 4519 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 4520 {
 4521         struct sadb_address *src0, *dst0;
 4522         struct secasindex saidx;
 4523         struct secashead *newsah;
 4524         struct secasvar *newsav;
 4525         u_int8_t proto;
 4526         u_int32_t spi;
 4527         u_int8_t mode;
 4528         u_int32_t reqid;
 4529         int error;
 4530 
 4531         IPSEC_ASSERT(so != NULL, ("null socket"));
 4532         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4533         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4534         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4535 
 4536         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4537             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4538                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4539                         __func__));
 4540                 return key_senderror(so, m, EINVAL);
 4541         }
 4542         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4543             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4544                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4545                         __func__));
 4546                 return key_senderror(so, m, EINVAL);
 4547         }
 4548         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4549                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4550                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4551         } else {
 4552                 mode = IPSEC_MODE_ANY;
 4553                 reqid = 0;
 4554         }
 4555 
 4556         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4557         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4558 
 4559         /* map satype to proto */
 4560         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4561                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4562                         __func__));
 4563                 return key_senderror(so, m, EINVAL);
 4564         }
 4565 
 4566         /*
 4567          * Make sure the port numbers are zero.
 4568          * In case of NAT-T we will update them later if needed.
 4569          */
 4570         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4571         case AF_INET:
 4572                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4573                     sizeof(struct sockaddr_in))
 4574                         return key_senderror(so, m, EINVAL);
 4575                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4576                 break;
 4577         case AF_INET6:
 4578                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4579                     sizeof(struct sockaddr_in6))
 4580                         return key_senderror(so, m, EINVAL);
 4581                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4582                 break;
 4583         default:
 4584                 ; /*???*/
 4585         }
 4586         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4587         case AF_INET:
 4588                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4589                     sizeof(struct sockaddr_in))
 4590                         return key_senderror(so, m, EINVAL);
 4591                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4592                 break;
 4593         case AF_INET6:
 4594                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4595                     sizeof(struct sockaddr_in6))
 4596                         return key_senderror(so, m, EINVAL);
 4597                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4598                 break;
 4599         default:
 4600                 ; /*???*/
 4601         }
 4602 
 4603         /* XXX boundary check against sa_len */
 4604         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4605 
 4606 #ifdef IPSEC_NAT_T
 4607         /*
 4608          * Handle NAT-T info if present.
 4609          * We made sure the port numbers are zero above, so we do
 4610          * not have to worry in case we do not update them.
 4611          */
 4612         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
 4613                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi present\n", __func__));
 4614         if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
 4615                 ipseclog((LOG_DEBUG, "%s: NAT-T OAr present\n", __func__));
 4616 
 4617         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 4618             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 4619             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 4620                 struct sadb_x_nat_t_type *type;
 4621                 struct sadb_x_nat_t_port *sport, *dport;
 4622 
 4623                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 4624                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 4625                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 4626                         ipseclog((LOG_DEBUG, "%s: invalid nat-t message "
 4627                             "passed.\n", __func__));
 4628                         return key_senderror(so, m, EINVAL);
 4629                 }
 4630 
 4631                 sport = (struct sadb_x_nat_t_port *)
 4632                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 4633                 dport = (struct sadb_x_nat_t_port *)
 4634                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 4635 
 4636                 if (sport)
 4637                         KEY_PORTTOSADDR(&saidx.src, sport->sadb_x_nat_t_port_port);
 4638                 if (dport)
 4639                         KEY_PORTTOSADDR(&saidx.dst, dport->sadb_x_nat_t_port_port);
 4640         }
 4641 #endif
 4642 
 4643         /* SPI allocation */
 4644         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4645                                &saidx);
 4646         if (spi == 0)
 4647                 return key_senderror(so, m, EINVAL);
 4648 
 4649         /* get a SA index */
 4650         if ((newsah = key_getsah(&saidx)) == NULL) {
 4651                 /* create a new SA index */
 4652                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4653                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 4654                         return key_senderror(so, m, ENOBUFS);
 4655                 }
 4656         }
 4657 
 4658         /* get a new SA */
 4659         /* XXX rewrite */
 4660         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 4661         if (newsav == NULL) {
 4662                 /* XXX don't free new SA index allocated in above. */
 4663                 return key_senderror(so, m, error);
 4664         }
 4665 
 4666         /* set spi */
 4667         newsav->spi = htonl(spi);
 4668 
 4669         /* delete the entry in acqtree */
 4670         if (mhp->msg->sadb_msg_seq != 0) {
 4671                 struct secacq *acq;
 4672                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4673                         /* reset counter in order to deletion by timehandler. */
 4674                         acq->created = time_second;
 4675                         acq->count = 0;
 4676                 }
 4677         }
 4678 
 4679     {
 4680         struct mbuf *n, *nn;
 4681         struct sadb_sa *m_sa;
 4682         struct sadb_msg *newmsg;
 4683         int off, len;
 4684 
 4685         /* create new sadb_msg to reply. */
 4686         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4687             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4688 
 4689         MGETHDR(n, M_NOWAIT, MT_DATA);
 4690         if (len > MHLEN) {
 4691                 if (!(MCLGET(n, M_NOWAIT))) {
 4692                         m_freem(n);
 4693                         n = NULL;
 4694                 }
 4695         }
 4696         if (!n)
 4697                 return key_senderror(so, m, ENOBUFS);
 4698 
 4699         n->m_len = len;
 4700         n->m_next = NULL;
 4701         off = 0;
 4702 
 4703         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4704         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4705 
 4706         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4707         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4708         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4709         m_sa->sadb_sa_spi = htonl(spi);
 4710         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4711 
 4712         IPSEC_ASSERT(off == len,
 4713                 ("length inconsistency (off %u len %u)", off, len));
 4714 
 4715         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4716             SADB_EXT_ADDRESS_DST);
 4717         if (!n->m_next) {
 4718                 m_freem(n);
 4719                 return key_senderror(so, m, ENOBUFS);
 4720         }
 4721 
 4722         if (n->m_len < sizeof(struct sadb_msg)) {
 4723                 n = m_pullup(n, sizeof(struct sadb_msg));
 4724                 if (n == NULL)
 4725                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4726         }
 4727 
 4728         n->m_pkthdr.len = 0;
 4729         for (nn = n; nn; nn = nn->m_next)
 4730                 n->m_pkthdr.len += nn->m_len;
 4731 
 4732         newmsg = mtod(n, struct sadb_msg *);
 4733         newmsg->sadb_msg_seq = newsav->seq;
 4734         newmsg->sadb_msg_errno = 0;
 4735         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4736 
 4737         m_freem(m);
 4738         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4739     }
 4740 }
 4741 
 4742 /*
 4743  * allocating new SPI
 4744  * called by key_getspi().
 4745  * OUT:
 4746  *      0:      failure.
 4747  *      others: success.
 4748  */
 4749 static u_int32_t
 4750 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx)
 4751 {
 4752         u_int32_t newspi;
 4753         u_int32_t min, max;
 4754         int count = V_key_spi_trycnt;
 4755 
 4756         /* set spi range to allocate */
 4757         if (spirange != NULL) {
 4758                 min = spirange->sadb_spirange_min;
 4759                 max = spirange->sadb_spirange_max;
 4760         } else {
 4761                 min = V_key_spi_minval;
 4762                 max = V_key_spi_maxval;
 4763         }
 4764         /* IPCOMP needs 2-byte SPI */
 4765         if (saidx->proto == IPPROTO_IPCOMP) {
 4766                 u_int32_t t;
 4767                 if (min >= 0x10000)
 4768                         min = 0xffff;
 4769                 if (max >= 0x10000)
 4770                         max = 0xffff;
 4771                 if (min > max) {
 4772                         t = min; min = max; max = t;
 4773                 }
 4774         }
 4775 
 4776         if (min == max) {
 4777                 if (key_checkspidup(saidx, min) != NULL) {
 4778                         ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n",
 4779                                 __func__, min));
 4780                         return 0;
 4781                 }
 4782 
 4783                 count--; /* taking one cost. */
 4784                 newspi = min;
 4785 
 4786         } else {
 4787 
 4788                 /* init SPI */
 4789                 newspi = 0;
 4790 
 4791                 /* when requesting to allocate spi ranged */
 4792                 while (count--) {
 4793                         /* generate pseudo-random SPI value ranged. */
 4794                         newspi = min + (key_random() % (max - min + 1));
 4795 
 4796                         if (key_checkspidup(saidx, newspi) == NULL)
 4797                                 break;
 4798                 }
 4799 
 4800                 if (count == 0 || newspi == 0) {
 4801                         ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n",
 4802                                 __func__));
 4803                         return 0;
 4804                 }
 4805         }
 4806 
 4807         /* statistics */
 4808         keystat.getspi_count =
 4809                 (keystat.getspi_count + V_key_spi_trycnt - count) / 2;
 4810 
 4811         return newspi;
 4812 }
 4813 
 4814 /*
 4815  * SADB_UPDATE processing
 4816  * receive
 4817  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4818  *       key(AE), (identity(SD),) (sensitivity)>
 4819  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4820  * and send
 4821  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4822  *       (identity(SD),) (sensitivity)>
 4823  * to the ikmpd.
 4824  *
 4825  * m will always be freed.
 4826  */
 4827 static int
 4828 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 4829 {
 4830         struct sadb_sa *sa0;
 4831         struct sadb_address *src0, *dst0;
 4832 #ifdef IPSEC_NAT_T
 4833         struct sadb_x_nat_t_type *type;
 4834         struct sadb_x_nat_t_port *sport, *dport;
 4835         struct sadb_address *iaddr, *raddr;
 4836         struct sadb_x_nat_t_frag *frag;
 4837 #endif
 4838         struct secasindex saidx;
 4839         struct secashead *sah;
 4840         struct secasvar *sav;
 4841         u_int16_t proto;
 4842         u_int8_t mode;
 4843         u_int32_t reqid;
 4844         int error;
 4845 
 4846         IPSEC_ASSERT(so != NULL, ("null socket"));
 4847         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4848         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4849         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4850 
 4851         /* map satype to proto */
 4852         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4853                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4854                         __func__));
 4855                 return key_senderror(so, m, EINVAL);
 4856         }
 4857 
 4858         if (mhp->ext[SADB_EXT_SA] == NULL ||
 4859             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4860             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 4861             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 4862              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 4863             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 4864              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 4865             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 4866              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 4867             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 4868              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 4869                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4870                         __func__));
 4871                 return key_senderror(so, m, EINVAL);
 4872         }
 4873         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 4874             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4875             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4876                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4877                         __func__));
 4878                 return key_senderror(so, m, EINVAL);
 4879         }
 4880         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4881                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4882                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4883         } else {
 4884                 mode = IPSEC_MODE_ANY;
 4885                 reqid = 0;
 4886         }
 4887         /* XXX boundary checking for other extensions */
 4888 
 4889         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 4890         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4891         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4892 
 4893         /* XXX boundary check against sa_len */
 4894         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4895 
 4896         /*
 4897          * Make sure the port numbers are zero.
 4898          * In case of NAT-T we will update them later if needed.
 4899          */
 4900         KEY_PORTTOSADDR(&saidx.src, 0);
 4901         KEY_PORTTOSADDR(&saidx.dst, 0);
 4902 
 4903 #ifdef IPSEC_NAT_T
 4904         /*
 4905          * Handle NAT-T info if present.
 4906          */
 4907         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 4908             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 4909             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 4910 
 4911                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 4912                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 4913                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 4914                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 4915                             __func__));
 4916                         return key_senderror(so, m, EINVAL);
 4917                 }
 4918 
 4919                 type = (struct sadb_x_nat_t_type *)
 4920                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 4921                 sport = (struct sadb_x_nat_t_port *)
 4922                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 4923                 dport = (struct sadb_x_nat_t_port *)
 4924                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 4925         } else {
 4926                 type = 0;
 4927                 sport = dport = 0;
 4928         }
 4929         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 4930             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 4931                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 4932                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 4933                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 4934                             __func__));
 4935                         return key_senderror(so, m, EINVAL);
 4936                 }
 4937                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 4938                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 4939                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 4940         } else {
 4941                 iaddr = raddr = NULL;
 4942         }
 4943         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 4944                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 4945                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 4946                             __func__));
 4947                         return key_senderror(so, m, EINVAL);
 4948                 }
 4949                 frag = (struct sadb_x_nat_t_frag *)
 4950                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 4951         } else {
 4952                 frag = 0;
 4953         }
 4954 #endif
 4955 
 4956         /* get a SA header */
 4957         if ((sah = key_getsah(&saidx)) == NULL) {
 4958                 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__));
 4959                 return key_senderror(so, m, ENOENT);
 4960         }
 4961 
 4962         /* set spidx if there */
 4963         /* XXX rewrite */
 4964         error = key_setident(sah, m, mhp);
 4965         if (error)
 4966                 return key_senderror(so, m, error);
 4967 
 4968         /* find a SA with sequence number. */
 4969 #ifdef IPSEC_DOSEQCHECK
 4970         if (mhp->msg->sadb_msg_seq != 0
 4971          && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 4972                 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u "
 4973                         "exists.\n", __func__, mhp->msg->sadb_msg_seq));
 4974                 return key_senderror(so, m, ENOENT);
 4975         }
 4976 #else
 4977         SAHTREE_LOCK();
 4978         sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 4979         SAHTREE_UNLOCK();
 4980         if (sav == NULL) {
 4981                 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n",
 4982                         __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 4983                 return key_senderror(so, m, EINVAL);
 4984         }
 4985 #endif
 4986 
 4987         /* validity check */
 4988         if (sav->sah->saidx.proto != proto) {
 4989                 ipseclog((LOG_DEBUG, "%s: protocol mismatched "
 4990                         "(DB=%u param=%u)\n", __func__,
 4991                         sav->sah->saidx.proto, proto));
 4992                 return key_senderror(so, m, EINVAL);
 4993         }
 4994 #ifdef IPSEC_DOSEQCHECK
 4995         if (sav->spi != sa0->sadb_sa_spi) {
 4996                 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n",
 4997                     __func__,
 4998                     (u_int32_t)ntohl(sav->spi),
 4999                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5000                 return key_senderror(so, m, EINVAL);
 5001         }
 5002 #endif
 5003         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5004                 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n",
 5005                     __func__, sav->pid, mhp->msg->sadb_msg_pid));
 5006                 return key_senderror(so, m, EINVAL);
 5007         }
 5008 
 5009         /* copy sav values */
 5010         error = key_setsaval(sav, m, mhp);
 5011         if (error) {
 5012                 KEY_FREESAV(&sav);
 5013                 return key_senderror(so, m, error);
 5014         }
 5015 
 5016 #ifdef IPSEC_NAT_T
 5017         /*
 5018          * Handle more NAT-T info if present,
 5019          * now that we have a sav to fill.
 5020          */
 5021         if (type)
 5022                 sav->natt_type = type->sadb_x_nat_t_type_type;
 5023 
 5024         if (sport)
 5025                 KEY_PORTTOSADDR(&sav->sah->saidx.src,
 5026                     sport->sadb_x_nat_t_port_port);
 5027         if (dport)
 5028                 KEY_PORTTOSADDR(&sav->sah->saidx.dst,
 5029                     dport->sadb_x_nat_t_port_port);
 5030 
 5031 #if 0
 5032         /*
 5033          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5034          * We should actually check for a minimum MTU here, if we
 5035          * want to support it in ip_output.
 5036          */
 5037         if (frag)
 5038                 sav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5039 #endif
 5040 #endif
 5041 
 5042         /* check SA values to be mature. */
 5043         if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
 5044                 KEY_FREESAV(&sav);
 5045                 return key_senderror(so, m, 0);
 5046         }
 5047 
 5048     {
 5049         struct mbuf *n;
 5050 
 5051         /* set msg buf from mhp */
 5052         n = key_getmsgbuf_x1(m, mhp);
 5053         if (n == NULL) {
 5054                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5055                 return key_senderror(so, m, ENOBUFS);
 5056         }
 5057 
 5058         m_freem(m);
 5059         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5060     }
 5061 }
 5062 
 5063 /*
 5064  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5065  * only called by key_update().
 5066  * OUT:
 5067  *      NULL    : not found
 5068  *      others  : found, pointer to a SA.
 5069  */
 5070 #ifdef IPSEC_DOSEQCHECK
 5071 static struct secasvar *
 5072 key_getsavbyseq(struct secashead *sah, u_int32_t seq)
 5073 {
 5074         struct secasvar *sav;
 5075         u_int state;
 5076 
 5077         state = SADB_SASTATE_LARVAL;
 5078 
 5079         /* search SAD with sequence number ? */
 5080         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5081 
 5082                 KEY_CHKSASTATE(state, sav->state, __func__);
 5083 
 5084                 if (sav->seq == seq) {
 5085                         sa_addref(sav);
 5086                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5087                                 printf("DP %s cause refcnt++:%d SA:%p\n",
 5088                                         __func__, sav->refcnt, sav));
 5089                         return sav;
 5090                 }
 5091         }
 5092 
 5093         return NULL;
 5094 }
 5095 #endif
 5096 
 5097 /*
 5098  * SADB_ADD processing
 5099  * add an entry to SA database, when received
 5100  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5101  *       key(AE), (identity(SD),) (sensitivity)>
 5102  * from the ikmpd,
 5103  * and send
 5104  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5105  *       (identity(SD),) (sensitivity)>
 5106  * to the ikmpd.
 5107  *
 5108  * IGNORE identity and sensitivity messages.
 5109  *
 5110  * m will always be freed.
 5111  */
 5112 static int
 5113 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 5114 {
 5115         struct sadb_sa *sa0;
 5116         struct sadb_address *src0, *dst0;
 5117 #ifdef IPSEC_NAT_T
 5118         struct sadb_x_nat_t_type *type;
 5119         struct sadb_address *iaddr, *raddr;
 5120         struct sadb_x_nat_t_frag *frag;
 5121 #endif
 5122         struct secasindex saidx;
 5123         struct secashead *newsah;
 5124         struct secasvar *newsav;
 5125         u_int16_t proto;
 5126         u_int8_t mode;
 5127         u_int32_t reqid;
 5128         int error;
 5129 
 5130         IPSEC_ASSERT(so != NULL, ("null socket"));
 5131         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5132         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5133         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5134 
 5135         /* map satype to proto */
 5136         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5137                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5138                         __func__));
 5139                 return key_senderror(so, m, EINVAL);
 5140         }
 5141 
 5142         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5143             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5144             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5145             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5146              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5147             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5148              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5149             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5150              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5151             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5152              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5153                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5154                         __func__));
 5155                 return key_senderror(so, m, EINVAL);
 5156         }
 5157         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5158             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5159             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5160                 /* XXX need more */
 5161                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5162                         __func__));
 5163                 return key_senderror(so, m, EINVAL);
 5164         }
 5165         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5166                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5167                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5168         } else {
 5169                 mode = IPSEC_MODE_ANY;
 5170                 reqid = 0;
 5171         }
 5172 
 5173         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5174         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5175         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5176 
 5177         /* XXX boundary check against sa_len */
 5178         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5179 
 5180         /*
 5181          * Make sure the port numbers are zero.
 5182          * In case of NAT-T we will update them later if needed.
 5183          */
 5184         KEY_PORTTOSADDR(&saidx.src, 0);
 5185         KEY_PORTTOSADDR(&saidx.dst, 0);
 5186 
 5187 #ifdef IPSEC_NAT_T
 5188         /*
 5189          * Handle NAT-T info if present.
 5190          */
 5191         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 5192             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5193             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5194                 struct sadb_x_nat_t_port *sport, *dport;
 5195 
 5196                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 5197                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5198                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5199                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5200                             __func__));
 5201                         return key_senderror(so, m, EINVAL);
 5202                 }
 5203 
 5204                 type = (struct sadb_x_nat_t_type *)
 5205                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 5206                 sport = (struct sadb_x_nat_t_port *)
 5207                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5208                 dport = (struct sadb_x_nat_t_port *)
 5209                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5210 
 5211                 if (sport)
 5212                         KEY_PORTTOSADDR(&saidx.src,
 5213                             sport->sadb_x_nat_t_port_port);
 5214                 if (dport)
 5215                         KEY_PORTTOSADDR(&saidx.dst,
 5216                             dport->sadb_x_nat_t_port_port);
 5217         } else {
 5218                 type = 0;
 5219         }
 5220         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 5221             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 5222                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 5223                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 5224                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5225                             __func__));
 5226                         return key_senderror(so, m, EINVAL);
 5227                 }
 5228                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 5229                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 5230                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 5231         } else {
 5232                 iaddr = raddr = NULL;
 5233         }
 5234         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 5235                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 5236                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5237                             __func__));
 5238                         return key_senderror(so, m, EINVAL);
 5239                 }
 5240                 frag = (struct sadb_x_nat_t_frag *)
 5241                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 5242         } else {
 5243                 frag = 0;
 5244         }
 5245 #endif
 5246 
 5247         /* get a SA header */
 5248         if ((newsah = key_getsah(&saidx)) == NULL) {
 5249                 /* create a new SA header */
 5250                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5251                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 5252                         return key_senderror(so, m, ENOBUFS);
 5253                 }
 5254         }
 5255 
 5256         /* set spidx if there */
 5257         /* XXX rewrite */
 5258         error = key_setident(newsah, m, mhp);
 5259         if (error) {
 5260                 return key_senderror(so, m, error);
 5261         }
 5262 
 5263         /* create new SA entry. */
 5264         /* We can create new SA only if SPI is differenct. */
 5265         SAHTREE_LOCK();
 5266         newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi);
 5267         SAHTREE_UNLOCK();
 5268         if (newsav != NULL) {
 5269                 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__));
 5270                 return key_senderror(so, m, EEXIST);
 5271         }
 5272         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 5273         if (newsav == NULL) {
 5274                 return key_senderror(so, m, error);
 5275         }
 5276 
 5277 #ifdef IPSEC_NAT_T
 5278         /*
 5279          * Handle more NAT-T info if present,
 5280          * now that we have a sav to fill.
 5281          */
 5282         if (type)
 5283                 newsav->natt_type = type->sadb_x_nat_t_type_type;
 5284 
 5285 #if 0
 5286         /*
 5287          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5288          * We should actually check for a minimum MTU here, if we
 5289          * want to support it in ip_output.
 5290          */
 5291         if (frag)
 5292                 newsav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5293 #endif
 5294 #endif
 5295 
 5296         /* check SA values to be mature. */
 5297         if ((error = key_mature(newsav)) != 0) {
 5298                 KEY_FREESAV(&newsav);
 5299                 return key_senderror(so, m, error);
 5300         }
 5301 
 5302         /*
 5303          * don't call key_freesav() here, as we would like to keep the SA
 5304          * in the database on success.
 5305          */
 5306 
 5307     {
 5308         struct mbuf *n;
 5309 
 5310         /* set msg buf from mhp */
 5311         n = key_getmsgbuf_x1(m, mhp);
 5312         if (n == NULL) {
 5313                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5314                 return key_senderror(so, m, ENOBUFS);
 5315         }
 5316 
 5317         m_freem(m);
 5318         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5319     }
 5320 }
 5321 
 5322 /* m is retained */
 5323 static int
 5324 key_setident(struct secashead *sah, struct mbuf *m,
 5325     const struct sadb_msghdr *mhp)
 5326 {
 5327         const struct sadb_ident *idsrc, *iddst;
 5328         int idsrclen, iddstlen;
 5329 
 5330         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 5331         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5332         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5333         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5334 
 5335         /* don't make buffer if not there */
 5336         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5337             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5338                 sah->idents = NULL;
 5339                 sah->identd = NULL;
 5340                 return 0;
 5341         }
 5342         
 5343         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5344             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5345                 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__));
 5346                 return EINVAL;
 5347         }
 5348 
 5349         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5350         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5351         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5352         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5353 
 5354         /* validity check */
 5355         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5356                 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__));
 5357                 return EINVAL;
 5358         }
 5359 
 5360         switch (idsrc->sadb_ident_type) {
 5361         case SADB_IDENTTYPE_PREFIX:
 5362         case SADB_IDENTTYPE_FQDN:
 5363         case SADB_IDENTTYPE_USERFQDN:
 5364         default:
 5365                 /* XXX do nothing */
 5366                 sah->idents = NULL;
 5367                 sah->identd = NULL;
 5368                 return 0;
 5369         }
 5370 
 5371         /* make structure */
 5372         sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5373         if (sah->idents == NULL) {
 5374                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5375                 return ENOBUFS;
 5376         }
 5377         sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5378         if (sah->identd == NULL) {
 5379                 free(sah->idents, M_IPSEC_MISC);
 5380                 sah->idents = NULL;
 5381                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5382                 return ENOBUFS;
 5383         }
 5384         sah->idents->type = idsrc->sadb_ident_type;
 5385         sah->idents->id = idsrc->sadb_ident_id;
 5386 
 5387         sah->identd->type = iddst->sadb_ident_type;
 5388         sah->identd->id = iddst->sadb_ident_id;
 5389 
 5390         return 0;
 5391 }
 5392 
 5393 /*
 5394  * m will not be freed on return.
 5395  * it is caller's responsibility to free the result. 
 5396  */
 5397 static struct mbuf *
 5398 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
 5399 {
 5400         struct mbuf *n;
 5401 
 5402         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5403         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5404         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5405 
 5406         /* create new sadb_msg to reply. */
 5407         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5408             SADB_EXT_SA, SADB_X_EXT_SA2,
 5409             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5410             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5411             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5412         if (!n)
 5413                 return NULL;
 5414 
 5415         if (n->m_len < sizeof(struct sadb_msg)) {
 5416                 n = m_pullup(n, sizeof(struct sadb_msg));
 5417                 if (n == NULL)
 5418                         return NULL;
 5419         }
 5420         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5421         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5422             PFKEY_UNIT64(n->m_pkthdr.len);
 5423 
 5424         return n;
 5425 }
 5426 
 5427 /*
 5428  * SADB_DELETE processing
 5429  * receive
 5430  *   <base, SA(*), address(SD)>
 5431  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5432  * and send,
 5433  *   <base, SA(*), address(SD)>
 5434  * to the ikmpd.
 5435  *
 5436  * m will always be freed.
 5437  */
 5438 static int
 5439 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 5440 {
 5441         struct sadb_sa *sa0;
 5442         struct sadb_address *src0, *dst0;
 5443         struct secasindex saidx;
 5444         struct secashead *sah;
 5445         struct secasvar *sav = NULL;
 5446         u_int16_t proto;
 5447 
 5448         IPSEC_ASSERT(so != NULL, ("null socket"));
 5449         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5450         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5451         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5452 
 5453         /* map satype to proto */
 5454         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5455                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5456                         __func__));
 5457                 return key_senderror(so, m, EINVAL);
 5458         }
 5459 
 5460         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5461             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5462                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5463                         __func__));
 5464                 return key_senderror(so, m, EINVAL);
 5465         }
 5466 
 5467         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5468             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5469                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5470                         __func__));
 5471                 return key_senderror(so, m, EINVAL);
 5472         }
 5473 
 5474         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5475                 /*
 5476                  * Caller wants us to delete all non-LARVAL SAs
 5477                  * that match the src/dst.  This is used during
 5478                  * IKE INITIAL-CONTACT.
 5479                  */
 5480                 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__));
 5481                 return key_delete_all(so, m, mhp, proto);
 5482         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5483                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5484                         __func__));
 5485                 return key_senderror(so, m, EINVAL);
 5486         }
 5487 
 5488         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5489         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5490         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5491 
 5492         /* XXX boundary check against sa_len */
 5493         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5494 
 5495         /*
 5496          * Make sure the port numbers are zero.
 5497          * In case of NAT-T we will update them later if needed.
 5498          */
 5499         KEY_PORTTOSADDR(&saidx.src, 0);
 5500         KEY_PORTTOSADDR(&saidx.dst, 0);
 5501 
 5502 #ifdef IPSEC_NAT_T
 5503         /*
 5504          * Handle NAT-T info if present.
 5505          */
 5506         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5507             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5508                 struct sadb_x_nat_t_port *sport, *dport;
 5509 
 5510                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5511                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5512                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5513                             __func__));
 5514                         return key_senderror(so, m, EINVAL);
 5515                 }
 5516 
 5517                 sport = (struct sadb_x_nat_t_port *)
 5518                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5519                 dport = (struct sadb_x_nat_t_port *)
 5520                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5521 
 5522                 if (sport)
 5523                         KEY_PORTTOSADDR(&saidx.src,
 5524                             sport->sadb_x_nat_t_port_port);
 5525                 if (dport)
 5526                         KEY_PORTTOSADDR(&saidx.dst,
 5527                             dport->sadb_x_nat_t_port_port);
 5528         }
 5529 #endif
 5530 
 5531         /* get a SA header */
 5532         SAHTREE_LOCK();
 5533         LIST_FOREACH(sah, &V_sahtree, chain) {
 5534                 if (sah->state == SADB_SASTATE_DEAD)
 5535                         continue;
 5536                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5537                         continue;
 5538 
 5539                 /* get a SA with SPI. */
 5540                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5541                 if (sav)
 5542                         break;
 5543         }
 5544         if (sah == NULL) {
 5545                 SAHTREE_UNLOCK();
 5546                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5547                 return key_senderror(so, m, ENOENT);
 5548         }
 5549 
 5550         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5551         KEY_FREESAV(&sav);
 5552         SAHTREE_UNLOCK();
 5553 
 5554     {
 5555         struct mbuf *n;
 5556         struct sadb_msg *newmsg;
 5557 
 5558         /* create new sadb_msg to reply. */
 5559         /* XXX-BZ NAT-T extensions? */
 5560         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5561             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5562         if (!n)
 5563                 return key_senderror(so, m, ENOBUFS);
 5564 
 5565         if (n->m_len < sizeof(struct sadb_msg)) {
 5566                 n = m_pullup(n, sizeof(struct sadb_msg));
 5567                 if (n == NULL)
 5568                         return key_senderror(so, m, ENOBUFS);
 5569         }
 5570         newmsg = mtod(n, struct sadb_msg *);
 5571         newmsg->sadb_msg_errno = 0;
 5572         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5573 
 5574         m_freem(m);
 5575         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5576     }
 5577 }
 5578 
 5579 /*
 5580  * delete all SAs for src/dst.  Called from key_delete().
 5581  */
 5582 static int
 5583 key_delete_all(struct socket *so, struct mbuf *m,
 5584     const struct sadb_msghdr *mhp, u_int16_t proto)
 5585 {
 5586         struct sadb_address *src0, *dst0;
 5587         struct secasindex saidx;
 5588         struct secashead *sah;
 5589         struct secasvar *sav, *nextsav;
 5590         u_int stateidx, state;
 5591 
 5592         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5593         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5594 
 5595         /* XXX boundary check against sa_len */
 5596         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5597 
 5598         /*
 5599          * Make sure the port numbers are zero.
 5600          * In case of NAT-T we will update them later if needed.
 5601          */
 5602         KEY_PORTTOSADDR(&saidx.src, 0);
 5603         KEY_PORTTOSADDR(&saidx.dst, 0);
 5604 
 5605 #ifdef IPSEC_NAT_T
 5606         /*
 5607          * Handle NAT-T info if present.
 5608          */
 5609 
 5610         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5611             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5612                 struct sadb_x_nat_t_port *sport, *dport;
 5613 
 5614                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5615                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5616                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5617                             __func__));
 5618                         return key_senderror(so, m, EINVAL);
 5619                 }
 5620 
 5621                 sport = (struct sadb_x_nat_t_port *)
 5622                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5623                 dport = (struct sadb_x_nat_t_port *)
 5624                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5625 
 5626                 if (sport)
 5627                         KEY_PORTTOSADDR(&saidx.src,
 5628                             sport->sadb_x_nat_t_port_port);
 5629                 if (dport)
 5630                         KEY_PORTTOSADDR(&saidx.dst,
 5631                             dport->sadb_x_nat_t_port_port);
 5632         }
 5633 #endif
 5634 
 5635         SAHTREE_LOCK();
 5636         LIST_FOREACH(sah, &V_sahtree, chain) {
 5637                 if (sah->state == SADB_SASTATE_DEAD)
 5638                         continue;
 5639                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5640                         continue;
 5641 
 5642                 /* Delete all non-LARVAL SAs. */
 5643                 for (stateidx = 0;
 5644                      stateidx < _ARRAYLEN(saorder_state_alive);
 5645                      stateidx++) {
 5646                         state = saorder_state_alive[stateidx];
 5647                         if (state == SADB_SASTATE_LARVAL)
 5648                                 continue;
 5649                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5650                              sav != NULL; sav = nextsav) {
 5651                                 nextsav = LIST_NEXT(sav, chain);
 5652                                 /* sanity check */
 5653                                 if (sav->state != state) {
 5654                                         ipseclog((LOG_DEBUG, "%s: invalid "
 5655                                                 "sav->state (queue %d SA %d)\n",
 5656                                                 __func__, state, sav->state));
 5657                                         continue;
 5658                                 }
 5659                                 
 5660                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5661                                 KEY_FREESAV(&sav);
 5662                         }
 5663                 }
 5664         }
 5665         SAHTREE_UNLOCK();
 5666     {
 5667         struct mbuf *n;
 5668         struct sadb_msg *newmsg;
 5669 
 5670         /* create new sadb_msg to reply. */
 5671         /* XXX-BZ NAT-T extensions? */
 5672         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5673             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5674         if (!n)
 5675                 return key_senderror(so, m, ENOBUFS);
 5676 
 5677         if (n->m_len < sizeof(struct sadb_msg)) {
 5678                 n = m_pullup(n, sizeof(struct sadb_msg));
 5679                 if (n == NULL)
 5680                         return key_senderror(so, m, ENOBUFS);
 5681         }
 5682         newmsg = mtod(n, struct sadb_msg *);
 5683         newmsg->sadb_msg_errno = 0;
 5684         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5685 
 5686         m_freem(m);
 5687         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5688     }
 5689 }
 5690 
 5691 /*
 5692  * SADB_GET processing
 5693  * receive
 5694  *   <base, SA(*), address(SD)>
 5695  * from the ikmpd, and get a SP and a SA to respond,
 5696  * and send,
 5697  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5698  *       (identity(SD),) (sensitivity)>
 5699  * to the ikmpd.
 5700  *
 5701  * m will always be freed.
 5702  */
 5703 static int
 5704 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 5705 {
 5706         struct sadb_sa *sa0;
 5707         struct sadb_address *src0, *dst0;
 5708         struct secasindex saidx;
 5709         struct secashead *sah;
 5710         struct secasvar *sav = NULL;
 5711         u_int16_t proto;
 5712 
 5713         IPSEC_ASSERT(so != NULL, ("null socket"));
 5714         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5715         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5716         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5717 
 5718         /* map satype to proto */
 5719         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5720                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5721                         __func__));
 5722                 return key_senderror(so, m, EINVAL);
 5723         }
 5724 
 5725         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5726             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5727             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5728                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5729                         __func__));
 5730                 return key_senderror(so, m, EINVAL);
 5731         }
 5732         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5733             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5734             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5735                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5736                         __func__));
 5737                 return key_senderror(so, m, EINVAL);
 5738         }
 5739 
 5740         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5741         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5742         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5743 
 5744         /* XXX boundary check against sa_len */
 5745         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5746 
 5747         /*
 5748          * Make sure the port numbers are zero.
 5749          * In case of NAT-T we will update them later if needed.
 5750          */
 5751         KEY_PORTTOSADDR(&saidx.src, 0);
 5752         KEY_PORTTOSADDR(&saidx.dst, 0);
 5753 
 5754 #ifdef IPSEC_NAT_T
 5755         /*
 5756          * Handle NAT-T info if present.
 5757          */
 5758 
 5759         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5760             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5761                 struct sadb_x_nat_t_port *sport, *dport;
 5762 
 5763                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5764                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5765                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5766                             __func__));
 5767                         return key_senderror(so, m, EINVAL);
 5768                 }
 5769 
 5770                 sport = (struct sadb_x_nat_t_port *)
 5771                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5772                 dport = (struct sadb_x_nat_t_port *)
 5773                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5774 
 5775                 if (sport)
 5776                         KEY_PORTTOSADDR(&saidx.src,
 5777                             sport->sadb_x_nat_t_port_port);
 5778                 if (dport)
 5779                         KEY_PORTTOSADDR(&saidx.dst,
 5780                             dport->sadb_x_nat_t_port_port);
 5781         }
 5782 #endif
 5783 
 5784         /* get a SA header */
 5785         SAHTREE_LOCK();
 5786         LIST_FOREACH(sah, &V_sahtree, chain) {
 5787                 if (sah->state == SADB_SASTATE_DEAD)
 5788                         continue;
 5789                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5790                         continue;
 5791 
 5792                 /* get a SA with SPI. */
 5793                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5794                 if (sav)
 5795                         break;
 5796         }
 5797         SAHTREE_UNLOCK();
 5798         if (sah == NULL) {
 5799                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5800                 return key_senderror(so, m, ENOENT);
 5801         }
 5802 
 5803     {
 5804         struct mbuf *n;
 5805         u_int8_t satype;
 5806 
 5807         /* map proto to satype */
 5808         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5809                 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n",
 5810                         __func__));
 5811                 return key_senderror(so, m, EINVAL);
 5812         }
 5813 
 5814         /* create new sadb_msg to reply. */
 5815         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5816             mhp->msg->sadb_msg_pid);
 5817         if (!n)
 5818                 return key_senderror(so, m, ENOBUFS);
 5819 
 5820         m_freem(m);
 5821         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5822     }
 5823 }
 5824 
 5825 /* XXX make it sysctl-configurable? */
 5826 static void
 5827 key_getcomb_setlifetime(struct sadb_comb *comb)
 5828 {
 5829 
 5830         comb->sadb_comb_soft_allocations = 1;
 5831         comb->sadb_comb_hard_allocations = 1;
 5832         comb->sadb_comb_soft_bytes = 0;
 5833         comb->sadb_comb_hard_bytes = 0;
 5834         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5835         comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
 5836         comb->sadb_comb_soft_usetime = 28800;   /* 8 hours */
 5837         comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5838 }
 5839 
 5840 /*
 5841  * XXX reorder combinations by preference
 5842  * XXX no idea if the user wants ESP authentication or not
 5843  */
 5844 static struct mbuf *
 5845 key_getcomb_esp()
 5846 {
 5847         struct sadb_comb *comb;
 5848         struct enc_xform *algo;
 5849         struct mbuf *result = NULL, *m, *n;
 5850         int encmin;
 5851         int i, off, o;
 5852         int totlen;
 5853         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5854 
 5855         m = NULL;
 5856         for (i = 1; i <= SADB_EALG_MAX; i++) {
 5857                 algo = esp_algorithm_lookup(i);
 5858                 if (algo == NULL)
 5859                         continue;
 5860 
 5861                 /* discard algorithms with key size smaller than system min */
 5862                 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin)
 5863                         continue;
 5864                 if (_BITS(algo->minkey) < V_ipsec_esp_keymin)
 5865                         encmin = V_ipsec_esp_keymin;
 5866                 else
 5867                         encmin = _BITS(algo->minkey);
 5868 
 5869                 if (V_ipsec_esp_auth)
 5870                         m = key_getcomb_ah();
 5871                 else {
 5872                         IPSEC_ASSERT(l <= MLEN,
 5873                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 5874                         MGET(m, M_NOWAIT, MT_DATA);
 5875                         if (m) {
 5876                                 M_ALIGN(m, l);
 5877                                 m->m_len = l;
 5878                                 m->m_next = NULL;
 5879                                 bzero(mtod(m, caddr_t), m->m_len);
 5880                         }
 5881                 }
 5882                 if (!m)
 5883                         goto fail;
 5884 
 5885                 totlen = 0;
 5886                 for (n = m; n; n = n->m_next)
 5887                         totlen += n->m_len;
 5888                 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l));
 5889 
 5890                 for (off = 0; off < totlen; off += l) {
 5891                         n = m_pulldown(m, off, l, &o);
 5892                         if (!n) {
 5893                                 /* m is already freed */
 5894                                 goto fail;
 5895                         }
 5896                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 5897                         bzero(comb, sizeof(*comb));
 5898                         key_getcomb_setlifetime(comb);
 5899                         comb->sadb_comb_encrypt = i;
 5900                         comb->sadb_comb_encrypt_minbits = encmin;
 5901                         comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
 5902                 }
 5903 
 5904                 if (!result)
 5905                         result = m;
 5906                 else
 5907                         m_cat(result, m);
 5908         }
 5909 
 5910         return result;
 5911 
 5912  fail:
 5913         if (result)
 5914                 m_freem(result);
 5915         return NULL;
 5916 }
 5917 
 5918 static void
 5919 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min,
 5920     u_int16_t* max)
 5921 {
 5922 
 5923         *min = *max = ah->keysize;
 5924         if (ah->keysize == 0) {
 5925                 /*
 5926                  * Transform takes arbitrary key size but algorithm
 5927                  * key size is restricted.  Enforce this here.
 5928                  */
 5929                 switch (alg) {
 5930                 case SADB_X_AALG_MD5:   *min = *max = 16; break;
 5931                 case SADB_X_AALG_SHA:   *min = *max = 20; break;
 5932                 case SADB_X_AALG_NULL:  *min = 1; *max = 256; break;
 5933                 case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
 5934                 case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
 5935                 case SADB_X_AALG_SHA2_512: *min = *max = 64; break;
 5936                 default:
 5937                         DPRINTF(("%s: unknown AH algorithm %u\n",
 5938                                 __func__, alg));
 5939                         break;
 5940                 }
 5941         }
 5942 }
 5943 
 5944 /*
 5945  * XXX reorder combinations by preference
 5946  */
 5947 static struct mbuf *
 5948 key_getcomb_ah()
 5949 {
 5950         struct sadb_comb *comb;
 5951         struct auth_hash *algo;
 5952         struct mbuf *m;
 5953         u_int16_t minkeysize, maxkeysize;
 5954         int i;
 5955         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5956 
 5957         m = NULL;
 5958         for (i = 1; i <= SADB_AALG_MAX; i++) {
 5959 #if 1
 5960                 /* we prefer HMAC algorithms, not old algorithms */
 5961                 if (i != SADB_AALG_SHA1HMAC &&
 5962                     i != SADB_AALG_MD5HMAC  &&
 5963                     i != SADB_X_AALG_SHA2_256 &&
 5964                     i != SADB_X_AALG_SHA2_384 &&
 5965                     i != SADB_X_AALG_SHA2_512)
 5966                         continue;
 5967 #endif
 5968                 algo = ah_algorithm_lookup(i);
 5969                 if (!algo)
 5970                         continue;
 5971                 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
 5972                 /* discard algorithms with key size smaller than system min */
 5973                 if (_BITS(minkeysize) < V_ipsec_ah_keymin)
 5974                         continue;
 5975 
 5976                 if (!m) {
 5977                         IPSEC_ASSERT(l <= MLEN,
 5978                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 5979                         MGET(m, M_NOWAIT, MT_DATA);
 5980                         if (m) {
 5981                                 M_ALIGN(m, l);
 5982                                 m->m_len = l;
 5983                                 m->m_next = NULL;
 5984                         }
 5985                 } else
 5986                         M_PREPEND(m, l, M_NOWAIT);
 5987                 if (!m)
 5988                         return NULL;
 5989 
 5990                 comb = mtod(m, struct sadb_comb *);
 5991                 bzero(comb, sizeof(*comb));
 5992                 key_getcomb_setlifetime(comb);
 5993                 comb->sadb_comb_auth = i;
 5994                 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
 5995                 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
 5996         }
 5997 
 5998         return m;
 5999 }
 6000 
 6001 /*
 6002  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 6003  * XXX reorder combinations by preference
 6004  */
 6005 static struct mbuf *
 6006 key_getcomb_ipcomp()
 6007 {
 6008         struct sadb_comb *comb;
 6009         struct comp_algo *algo;
 6010         struct mbuf *m;
 6011         int i;
 6012         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6013 
 6014         m = NULL;
 6015         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 6016                 algo = ipcomp_algorithm_lookup(i);
 6017                 if (!algo)
 6018                         continue;
 6019 
 6020                 if (!m) {
 6021                         IPSEC_ASSERT(l <= MLEN,
 6022                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6023                         MGET(m, M_NOWAIT, MT_DATA);
 6024                         if (m) {
 6025                                 M_ALIGN(m, l);
 6026                                 m->m_len = l;
 6027                                 m->m_next = NULL;
 6028                         }
 6029                 } else
 6030                         M_PREPEND(m, l, M_NOWAIT);
 6031                 if (!m)
 6032                         return NULL;
 6033 
 6034                 comb = mtod(m, struct sadb_comb *);
 6035                 bzero(comb, sizeof(*comb));
 6036                 key_getcomb_setlifetime(comb);
 6037                 comb->sadb_comb_encrypt = i;
 6038                 /* what should we set into sadb_comb_*_{min,max}bits? */
 6039         }
 6040 
 6041         return m;
 6042 }
 6043 
 6044 /*
 6045  * XXX no way to pass mode (transport/tunnel) to userland
 6046  * XXX replay checking?
 6047  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 6048  */
 6049 static struct mbuf *
 6050 key_getprop(const struct secasindex *saidx)
 6051 {
 6052         struct sadb_prop *prop;
 6053         struct mbuf *m, *n;
 6054         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 6055         int totlen;
 6056 
 6057         switch (saidx->proto)  {
 6058         case IPPROTO_ESP:
 6059                 m = key_getcomb_esp();
 6060                 break;
 6061         case IPPROTO_AH:
 6062                 m = key_getcomb_ah();
 6063                 break;
 6064         case IPPROTO_IPCOMP:
 6065                 m = key_getcomb_ipcomp();
 6066                 break;
 6067         default:
 6068                 return NULL;
 6069         }
 6070 
 6071         if (!m)
 6072                 return NULL;
 6073         M_PREPEND(m, l, M_NOWAIT);
 6074         if (!m)
 6075                 return NULL;
 6076 
 6077         totlen = 0;
 6078         for (n = m; n; n = n->m_next)
 6079                 totlen += n->m_len;
 6080 
 6081         prop = mtod(m, struct sadb_prop *);
 6082         bzero(prop, sizeof(*prop));
 6083         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 6084         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 6085         prop->sadb_prop_replay = 32;    /* XXX */
 6086 
 6087         return m;
 6088 }
 6089 
 6090 /*
 6091  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 6092  * send
 6093  *   <base, SA, address(SD), (address(P)), x_policy,
 6094  *       (identity(SD),) (sensitivity,) proposal>
 6095  * to KMD, and expect to receive
 6096  *   <base> with SADB_ACQUIRE if error occured,
 6097  * or
 6098  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 6099  * from KMD by PF_KEY.
 6100  *
 6101  * XXX x_policy is outside of RFC2367 (KAME extension).
 6102  * XXX sensitivity is not supported.
 6103  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 6104  * see comment for key_getcomb_ipcomp().
 6105  *
 6106  * OUT:
 6107  *    0     : succeed
 6108  *    others: error number
 6109  */
 6110 static int
 6111 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
 6112 {
 6113         union sockaddr_union addr;
 6114         struct mbuf *result, *m;
 6115         struct secacq *newacq;
 6116         u_int32_t seq;
 6117         int error;
 6118         u_int16_t ul_proto;
 6119         u_int8_t mask, satype;
 6120 
 6121         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 6122         satype = key_proto2satype(saidx->proto);
 6123         IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
 6124 
 6125         error = -1;
 6126         result = NULL;
 6127         ul_proto = IPSEC_ULPROTO_ANY;
 6128         /*
 6129          * We never do anything about acquirng SA.  There is anather
 6130          * solution that kernel blocks to send SADB_ACQUIRE message until
 6131          * getting something message from IKEd.  In later case, to be
 6132          * managed with ACQUIRING list.
 6133          */
 6134         /* Get an entry to check whether sending message or not. */
 6135         if ((newacq = key_getacq(saidx)) != NULL) {
 6136                 if (V_key_blockacq_count < newacq->count) {
 6137                         /* reset counter and do send message. */
 6138                         newacq->count = 0;
 6139                 } else {
 6140                         /* increment counter and do nothing. */
 6141                         newacq->count++;
 6142                         return 0;
 6143                 }
 6144         } else {
 6145                 /* make new entry for blocking to send SADB_ACQUIRE. */
 6146                 if ((newacq = key_newacq(saidx)) == NULL)
 6147                         return ENOBUFS;
 6148         }
 6149 
 6150 
 6151         seq = newacq->seq;
 6152         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 6153         if (!m) {
 6154                 error = ENOBUFS;
 6155                 goto fail;
 6156         }
 6157         result = m;
 6158 
 6159         /*
 6160          * No SADB_X_EXT_NAT_T_* here: we do not know
 6161          * anything related to NAT-T at this time.
 6162          */
 6163 
 6164         /*
 6165          * set sadb_address for saidx's.
 6166          *
 6167          * Note that if sp is supplied, then we're being called from
 6168          * key_checkrequest and should supply port and protocol information.
 6169          */
 6170         if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP ||
 6171             sp->spidx.ul_proto == IPPROTO_UDP))
 6172                 ul_proto = sp->spidx.ul_proto;
 6173 
 6174         addr = saidx->src;
 6175         mask = FULLMASK;
 6176         if (ul_proto != IPSEC_ULPROTO_ANY) {
 6177                 switch (sp->spidx.src.sa.sa_family) {
 6178                 case AF_INET:
 6179                         if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) {
 6180                                 addr.sin.sin_port = sp->spidx.src.sin.sin_port;
 6181                                 mask = sp->spidx.prefs;
 6182                         }
 6183                         break;
 6184                 case AF_INET6:
 6185                         if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) {
 6186                                 addr.sin6.sin6_port = sp->spidx.src.sin6.sin6_port;
 6187                                 mask = sp->spidx.prefs;
 6188                         }
 6189                         break;
 6190                 default:
 6191                         break;
 6192                 }
 6193         }
 6194         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto);
 6195         if (!m) {
 6196                 error = ENOBUFS;
 6197                 goto fail;
 6198         }
 6199         m_cat(result, m);
 6200 
 6201         addr = saidx->dst;
 6202         mask = FULLMASK;
 6203         if (ul_proto != IPSEC_ULPROTO_ANY) {
 6204                 switch (sp->spidx.dst.sa.sa_family) {
 6205                 case AF_INET:
 6206                         if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) {
 6207                                 addr.sin.sin_port = sp->spidx.dst.sin.sin_port;
 6208                                 mask = sp->spidx.prefd;
 6209                         }
 6210                         break;
 6211                 case AF_INET6:
 6212                         if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) {
 6213                                 addr.sin6.sin6_port = sp->spidx.dst.sin6.sin6_port;
 6214                                 mask = sp->spidx.prefd;
 6215                         }
 6216                         break;
 6217                 default:
 6218                         break;
 6219                 }
 6220         }
 6221         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto);
 6222         if (!m) {
 6223                 error = ENOBUFS;
 6224                 goto fail;
 6225         }
 6226         m_cat(result, m);
 6227 
 6228         /* XXX proxy address (optional) */
 6229 
 6230         /* set sadb_x_policy */
 6231         if (sp) {
 6232                 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, sp->priority);
 6233                 if (!m) {
 6234                         error = ENOBUFS;
 6235                         goto fail;
 6236                 }
 6237                 m_cat(result, m);
 6238         }
 6239 
 6240         /* XXX identity (optional) */
 6241 #if 0
 6242         if (idexttype && fqdn) {
 6243                 /* create identity extension (FQDN) */
 6244                 struct sadb_ident *id;
 6245                 int fqdnlen;
 6246 
 6247                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 6248                 id = (struct sadb_ident *)p;
 6249                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6250                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6251                 id->sadb_ident_exttype = idexttype;
 6252                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6253                 bcopy(fqdn, id + 1, fqdnlen);
 6254                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6255         }
 6256 
 6257         if (idexttype) {
 6258                 /* create identity extension (USERFQDN) */
 6259                 struct sadb_ident *id;
 6260                 int userfqdnlen;
 6261 
 6262                 if (userfqdn) {
 6263                         /* +1 for terminating-NUL */
 6264                         userfqdnlen = strlen(userfqdn) + 1;
 6265                 } else
 6266                         userfqdnlen = 0;
 6267                 id = (struct sadb_ident *)p;
 6268                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6269                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6270                 id->sadb_ident_exttype = idexttype;
 6271                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6272                 /* XXX is it correct? */
 6273                 if (curproc && curproc->p_cred)
 6274                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6275                 if (userfqdn && userfqdnlen)
 6276                         bcopy(userfqdn, id + 1, userfqdnlen);
 6277                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6278         }
 6279 #endif
 6280 
 6281         /* XXX sensitivity (optional) */
 6282 
 6283         /* create proposal/combination extension */
 6284         m = key_getprop(saidx);
 6285 #if 0
 6286         /*
 6287          * spec conformant: always attach proposal/combination extension,
 6288          * the problem is that we have no way to attach it for ipcomp,
 6289          * due to the way sadb_comb is declared in RFC2367.
 6290          */
 6291         if (!m) {
 6292                 error = ENOBUFS;
 6293                 goto fail;
 6294         }
 6295         m_cat(result, m);
 6296 #else
 6297         /*
 6298          * outside of spec; make proposal/combination extension optional.
 6299          */
 6300         if (m)
 6301                 m_cat(result, m);
 6302 #endif
 6303 
 6304         if ((result->m_flags & M_PKTHDR) == 0) {
 6305                 error = EINVAL;
 6306                 goto fail;
 6307         }
 6308 
 6309         if (result->m_len < sizeof(struct sadb_msg)) {
 6310                 result = m_pullup(result, sizeof(struct sadb_msg));
 6311                 if (result == NULL) {
 6312                         error = ENOBUFS;
 6313                         goto fail;
 6314                 }
 6315         }
 6316 
 6317         result->m_pkthdr.len = 0;
 6318         for (m = result; m; m = m->m_next)
 6319                 result->m_pkthdr.len += m->m_len;
 6320 
 6321         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6322             PFKEY_UNIT64(result->m_pkthdr.len);
 6323 
 6324         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6325 
 6326  fail:
 6327         if (result)
 6328                 m_freem(result);
 6329         return error;
 6330 }
 6331 
 6332 static struct secacq *
 6333 key_newacq(const struct secasindex *saidx)
 6334 {
 6335         struct secacq *newacq;
 6336 
 6337         /* get new entry */
 6338         newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6339         if (newacq == NULL) {
 6340                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6341                 return NULL;
 6342         }
 6343 
 6344         /* copy secindex */
 6345         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6346         newacq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
 6347         newacq->created = time_second;
 6348         newacq->count = 0;
 6349 
 6350         /* add to acqtree */
 6351         ACQ_LOCK();
 6352         LIST_INSERT_HEAD(&V_acqtree, newacq, chain);
 6353         ACQ_UNLOCK();
 6354 
 6355         return newacq;
 6356 }
 6357 
 6358 static struct secacq *
 6359 key_getacq(const struct secasindex *saidx)
 6360 {
 6361         struct secacq *acq;
 6362 
 6363         ACQ_LOCK();
 6364         LIST_FOREACH(acq, &V_acqtree, chain) {
 6365                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6366                         break;
 6367         }
 6368         ACQ_UNLOCK();
 6369 
 6370         return acq;
 6371 }
 6372 
 6373 static struct secacq *
 6374 key_getacqbyseq(u_int32_t seq)
 6375 {
 6376         struct secacq *acq;
 6377 
 6378         ACQ_LOCK();
 6379         LIST_FOREACH(acq, &V_acqtree, chain) {
 6380                 if (acq->seq == seq)
 6381                         break;
 6382         }
 6383         ACQ_UNLOCK();
 6384 
 6385         return acq;
 6386 }
 6387 
 6388 static struct secspacq *
 6389 key_newspacq(struct secpolicyindex *spidx)
 6390 {
 6391         struct secspacq *acq;
 6392 
 6393         /* get new entry */
 6394         acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6395         if (acq == NULL) {
 6396                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6397                 return NULL;
 6398         }
 6399 
 6400         /* copy secindex */
 6401         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6402         acq->created = time_second;
 6403         acq->count = 0;
 6404 
 6405         /* add to spacqtree */
 6406         SPACQ_LOCK();
 6407         LIST_INSERT_HEAD(&V_spacqtree, acq, chain);
 6408         SPACQ_UNLOCK();
 6409 
 6410         return acq;
 6411 }
 6412 
 6413 static struct secspacq *
 6414 key_getspacq(struct secpolicyindex *spidx)
 6415 {
 6416         struct secspacq *acq;
 6417 
 6418         SPACQ_LOCK();
 6419         LIST_FOREACH(acq, &V_spacqtree, chain) {
 6420                 if (key_cmpspidx_exactly(spidx, &acq->spidx)) {
 6421                         /* NB: return holding spacq_lock */
 6422                         return acq;
 6423                 }
 6424         }
 6425         SPACQ_UNLOCK();
 6426 
 6427         return NULL;
 6428 }
 6429 
 6430 /*
 6431  * SADB_ACQUIRE processing,
 6432  * in first situation, is receiving
 6433  *   <base>
 6434  * from the ikmpd, and clear sequence of its secasvar entry.
 6435  *
 6436  * In second situation, is receiving
 6437  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6438  * from a user land process, and return
 6439  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6440  * to the socket.
 6441  *
 6442  * m will always be freed.
 6443  */
 6444 static int
 6445 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 6446 {
 6447         const struct sadb_address *src0, *dst0;
 6448         struct secasindex saidx;
 6449         struct secashead *sah;
 6450         u_int16_t proto;
 6451         int error;
 6452 
 6453         IPSEC_ASSERT(so != NULL, ("null socket"));
 6454         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6455         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6456         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6457 
 6458         /*
 6459          * Error message from KMd.
 6460          * We assume that if error was occured in IKEd, the length of PFKEY
 6461          * message is equal to the size of sadb_msg structure.
 6462          * We do not raise error even if error occured in this function.
 6463          */
 6464         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6465                 struct secacq *acq;
 6466 
 6467                 /* check sequence number */
 6468                 if (mhp->msg->sadb_msg_seq == 0) {
 6469                         ipseclog((LOG_DEBUG, "%s: must specify sequence "
 6470                                 "number.\n", __func__));
 6471                         m_freem(m);
 6472                         return 0;
 6473                 }
 6474 
 6475                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6476                         /*
 6477                          * the specified larval SA is already gone, or we got
 6478                          * a bogus sequence number.  we can silently ignore it.
 6479                          */
 6480                         m_freem(m);
 6481                         return 0;
 6482                 }
 6483 
 6484                 /* reset acq counter in order to deletion by timehander. */
 6485                 acq->created = time_second;
 6486                 acq->count = 0;
 6487                 m_freem(m);
 6488                 return 0;
 6489         }
 6490 
 6491         /*
 6492          * This message is from user land.
 6493          */
 6494 
 6495         /* map satype to proto */
 6496         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6497                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 6498                         __func__));
 6499                 return key_senderror(so, m, EINVAL);
 6500         }
 6501 
 6502         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6503             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6504             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6505                 /* error */
 6506                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 6507                         __func__));
 6508                 return key_senderror(so, m, EINVAL);
 6509         }
 6510         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6511             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6512             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6513                 /* error */
 6514                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",        
 6515                         __func__));
 6516                 return key_senderror(so, m, EINVAL);
 6517         }
 6518 
 6519         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6520         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6521 
 6522         /* XXX boundary check against sa_len */
 6523         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6524 
 6525         /*
 6526          * Make sure the port numbers are zero.
 6527          * In case of NAT-T we will update them later if needed.
 6528          */
 6529         KEY_PORTTOSADDR(&saidx.src, 0);
 6530         KEY_PORTTOSADDR(&saidx.dst, 0);
 6531 
 6532 #ifndef IPSEC_NAT_T
 6533         /*
 6534          * Handle NAT-T info if present.
 6535          */
 6536 
 6537         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 6538             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 6539                 struct sadb_x_nat_t_port *sport, *dport;
 6540 
 6541                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 6542                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 6543                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 6544                             __func__));
 6545                         return key_senderror(so, m, EINVAL);
 6546                 }
 6547 
 6548                 sport = (struct sadb_x_nat_t_port *)
 6549                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 6550                 dport = (struct sadb_x_nat_t_port *)
 6551                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 6552 
 6553                 if (sport)
 6554                         KEY_PORTTOSADDR(&saidx.src,
 6555                             sport->sadb_x_nat_t_port_port);
 6556                 if (dport)
 6557                         KEY_PORTTOSADDR(&saidx.dst,
 6558                             dport->sadb_x_nat_t_port_port);
 6559         }
 6560 #endif
 6561 
 6562         /* get a SA index */
 6563         SAHTREE_LOCK();
 6564         LIST_FOREACH(sah, &V_sahtree, chain) {
 6565                 if (sah->state == SADB_SASTATE_DEAD)
 6566                         continue;
 6567                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6568                         break;
 6569         }
 6570         SAHTREE_UNLOCK();
 6571         if (sah != NULL) {
 6572                 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__));
 6573                 return key_senderror(so, m, EEXIST);
 6574         }
 6575 
 6576         error = key_acquire(&saidx, NULL);
 6577         if (error != 0) {
 6578                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
 6579                         __func__, mhp->msg->sadb_msg_errno));
 6580                 return key_senderror(so, m, error);
 6581         }
 6582 
 6583         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6584 }
 6585 
 6586 /*
 6587  * SADB_REGISTER processing.
 6588  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6589  * receive
 6590  *   <base>
 6591  * from the ikmpd, and register a socket to send PF_KEY messages,
 6592  * and send
 6593  *   <base, supported>
 6594  * to KMD by PF_KEY.
 6595  * If socket is detached, must free from regnode.
 6596  *
 6597  * m will always be freed.
 6598  */
 6599 static int
 6600 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 6601 {
 6602         struct secreg *reg, *newreg = 0;
 6603 
 6604         IPSEC_ASSERT(so != NULL, ("null socket"));
 6605         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6606         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6607         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6608 
 6609         /* check for invalid register message */
 6610         if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0]))
 6611                 return key_senderror(so, m, EINVAL);
 6612 
 6613         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6614         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6615                 goto setmsg;
 6616 
 6617         /* check whether existing or not */
 6618         REGTREE_LOCK();
 6619         LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) {
 6620                 if (reg->so == so) {
 6621                         REGTREE_UNLOCK();
 6622                         ipseclog((LOG_DEBUG, "%s: socket exists already.\n",
 6623                                 __func__));
 6624                         return key_senderror(so, m, EEXIST);
 6625                 }
 6626         }
 6627 
 6628         /* create regnode */
 6629         newreg =  malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO);
 6630         if (newreg == NULL) {
 6631                 REGTREE_UNLOCK();
 6632                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6633                 return key_senderror(so, m, ENOBUFS);
 6634         }
 6635 
 6636         newreg->so = so;
 6637         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6638 
 6639         /* add regnode to regtree. */
 6640         LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6641         REGTREE_UNLOCK();
 6642 
 6643   setmsg:
 6644     {
 6645         struct mbuf *n;
 6646         struct sadb_msg *newmsg;
 6647         struct sadb_supported *sup;
 6648         u_int len, alen, elen;
 6649         int off;
 6650         int i;
 6651         struct sadb_alg *alg;
 6652 
 6653         /* create new sadb_msg to reply. */
 6654         alen = 0;
 6655         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6656                 if (ah_algorithm_lookup(i))
 6657                         alen += sizeof(struct sadb_alg);
 6658         }
 6659         if (alen)
 6660                 alen += sizeof(struct sadb_supported);
 6661         elen = 0;
 6662         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6663                 if (esp_algorithm_lookup(i))
 6664                         elen += sizeof(struct sadb_alg);
 6665         }
 6666         if (elen)
 6667                 elen += sizeof(struct sadb_supported);
 6668 
 6669         len = sizeof(struct sadb_msg) + alen + elen;
 6670 
 6671         if (len > MCLBYTES)
 6672                 return key_senderror(so, m, ENOBUFS);
 6673 
 6674         MGETHDR(n, M_NOWAIT, MT_DATA);
 6675         if (len > MHLEN) {
 6676                 if (!(MCLGET(n, M_NOWAIT))) {
 6677                         m_freem(n);
 6678                         n = NULL;
 6679                 }
 6680         }
 6681         if (!n)
 6682                 return key_senderror(so, m, ENOBUFS);
 6683 
 6684         n->m_pkthdr.len = n->m_len = len;
 6685         n->m_next = NULL;
 6686         off = 0;
 6687 
 6688         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6689         newmsg = mtod(n, struct sadb_msg *);
 6690         newmsg->sadb_msg_errno = 0;
 6691         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6692         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6693 
 6694         /* for authentication algorithm */
 6695         if (alen) {
 6696                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6697                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6698                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6699                 off += PFKEY_ALIGN8(sizeof(*sup));
 6700 
 6701                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6702                         struct auth_hash *aalgo;
 6703                         u_int16_t minkeysize, maxkeysize;
 6704 
 6705                         aalgo = ah_algorithm_lookup(i);
 6706                         if (!aalgo)
 6707                                 continue;
 6708                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6709                         alg->sadb_alg_id = i;
 6710                         alg->sadb_alg_ivlen = 0;
 6711                         key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
 6712                         alg->sadb_alg_minbits = _BITS(minkeysize);
 6713                         alg->sadb_alg_maxbits = _BITS(maxkeysize);
 6714                         off += PFKEY_ALIGN8(sizeof(*alg));
 6715                 }
 6716         }
 6717 
 6718         /* for encryption algorithm */
 6719         if (elen) {
 6720                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6721                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6722                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6723                 off += PFKEY_ALIGN8(sizeof(*sup));
 6724 
 6725                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6726                         struct enc_xform *ealgo;
 6727 
 6728                         ealgo = esp_algorithm_lookup(i);
 6729                         if (!ealgo)
 6730                                 continue;
 6731                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6732                         alg->sadb_alg_id = i;
 6733                         alg->sadb_alg_ivlen = ealgo->ivsize;
 6734                         alg->sadb_alg_minbits = _BITS(ealgo->minkey);
 6735                         alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
 6736                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6737                 }
 6738         }
 6739 
 6740         IPSEC_ASSERT(off == len,
 6741                 ("length assumption failed (off %u len %u)", off, len));
 6742 
 6743         m_freem(m);
 6744         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6745     }
 6746 }
 6747 
 6748 /*
 6749  * free secreg entry registered.
 6750  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6751  */
 6752 void
 6753 key_freereg(struct socket *so)
 6754 {
 6755         struct secreg *reg;
 6756         int i;
 6757 
 6758         IPSEC_ASSERT(so != NULL, ("NULL so"));
 6759 
 6760         /*
 6761          * check whether existing or not.
 6762          * check all type of SA, because there is a potential that
 6763          * one socket is registered to multiple type of SA.
 6764          */
 6765         REGTREE_LOCK();
 6766         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6767                 LIST_FOREACH(reg, &V_regtree[i], chain) {
 6768                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6769                                 LIST_REMOVE(reg, chain);
 6770                                 free(reg, M_IPSEC_SAR);
 6771                                 break;
 6772                         }
 6773                 }
 6774         }
 6775         REGTREE_UNLOCK();
 6776 }
 6777 
 6778 /*
 6779  * SADB_EXPIRE processing
 6780  * send
 6781  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6782  * to KMD by PF_KEY.
 6783  * NOTE: We send only soft lifetime extension.
 6784  *
 6785  * OUT: 0       : succeed
 6786  *      others  : error number
 6787  */
 6788 static int
 6789 key_expire(struct secasvar *sav, int hard)
 6790 {
 6791         int satype;
 6792         struct mbuf *result = NULL, *m;
 6793         int len;
 6794         int error = -1;
 6795         struct sadb_lifetime *lt;
 6796 
 6797         IPSEC_ASSERT (sav != NULL, ("null sav"));
 6798         IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
 6799 
 6800         /* set msg header */
 6801         satype = key_proto2satype(sav->sah->saidx.proto);
 6802         IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
 6803         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6804         if (!m) {
 6805                 error = ENOBUFS;
 6806                 goto fail;
 6807         }
 6808         result = m;
 6809 
 6810         /* create SA extension */
 6811         m = key_setsadbsa(sav);
 6812         if (!m) {
 6813                 error = ENOBUFS;
 6814                 goto fail;
 6815         }
 6816         m_cat(result, m);
 6817 
 6818         /* create SA extension */
 6819         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6820                         sav->replay ? sav->replay->count : 0,
 6821                         sav->sah->saidx.reqid);
 6822         if (!m) {
 6823                 error = ENOBUFS;
 6824                 goto fail;
 6825         }
 6826         m_cat(result, m);
 6827 
 6828         /* create lifetime extension (current and soft) */
 6829         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6830         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 6831         if (m == NULL) {
 6832                 error = ENOBUFS;
 6833                 goto fail;
 6834         }
 6835         m_align(m, len);
 6836         m->m_len = len;
 6837         bzero(mtod(m, caddr_t), len);
 6838         lt = mtod(m, struct sadb_lifetime *);
 6839         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6840         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6841         lt->sadb_lifetime_allocations = sav->lft_c->allocations;
 6842         lt->sadb_lifetime_bytes = sav->lft_c->bytes;
 6843         lt->sadb_lifetime_addtime = sav->lft_c->addtime;
 6844         lt->sadb_lifetime_usetime = sav->lft_c->usetime;
 6845         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6846         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6847         if (hard) {
 6848                 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 6849                 lt->sadb_lifetime_allocations = sav->lft_h->allocations;
 6850                 lt->sadb_lifetime_bytes = sav->lft_h->bytes;
 6851                 lt->sadb_lifetime_addtime = sav->lft_h->addtime;
 6852                 lt->sadb_lifetime_usetime = sav->lft_h->usetime;
 6853         } else {
 6854                 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
 6855                 lt->sadb_lifetime_allocations = sav->lft_s->allocations;
 6856                 lt->sadb_lifetime_bytes = sav->lft_s->bytes;
 6857                 lt->sadb_lifetime_addtime = sav->lft_s->addtime;
 6858                 lt->sadb_lifetime_usetime = sav->lft_s->usetime;
 6859         }
 6860         m_cat(result, m);
 6861 
 6862         /* set sadb_address for source */
 6863         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6864             &sav->sah->saidx.src.sa,
 6865             FULLMASK, IPSEC_ULPROTO_ANY);
 6866         if (!m) {
 6867                 error = ENOBUFS;
 6868                 goto fail;
 6869         }
 6870         m_cat(result, m);
 6871 
 6872         /* set sadb_address for destination */
 6873         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6874             &sav->sah->saidx.dst.sa,
 6875             FULLMASK, IPSEC_ULPROTO_ANY);
 6876         if (!m) {
 6877                 error = ENOBUFS;
 6878                 goto fail;
 6879         }
 6880         m_cat(result, m);
 6881 
 6882         /*
 6883          * XXX-BZ Handle NAT-T extensions here.
 6884          */
 6885 
 6886         if ((result->m_flags & M_PKTHDR) == 0) {
 6887                 error = EINVAL;
 6888                 goto fail;
 6889         }
 6890 
 6891         if (result->m_len < sizeof(struct sadb_msg)) {
 6892                 result = m_pullup(result, sizeof(struct sadb_msg));
 6893                 if (result == NULL) {
 6894                         error = ENOBUFS;
 6895                         goto fail;
 6896                 }
 6897         }
 6898 
 6899         result->m_pkthdr.len = 0;
 6900         for (m = result; m; m = m->m_next)
 6901                 result->m_pkthdr.len += m->m_len;
 6902 
 6903         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6904             PFKEY_UNIT64(result->m_pkthdr.len);
 6905 
 6906         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6907 
 6908  fail:
 6909         if (result)
 6910                 m_freem(result);
 6911         return error;
 6912 }
 6913 
 6914 /*
 6915  * SADB_FLUSH processing
 6916  * receive
 6917  *   <base>
 6918  * from the ikmpd, and free all entries in secastree.
 6919  * and send,
 6920  *   <base>
 6921  * to the ikmpd.
 6922  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 6923  *
 6924  * m will always be freed.
 6925  */
 6926 static int
 6927 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 6928 {
 6929         struct sadb_msg *newmsg;
 6930         struct secashead *sah, *nextsah;
 6931         struct secasvar *sav, *nextsav;
 6932         u_int16_t proto;
 6933         u_int8_t state;
 6934         u_int stateidx;
 6935 
 6936         IPSEC_ASSERT(so != NULL, ("null socket"));
 6937         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6938         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6939 
 6940         /* map satype to proto */
 6941         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6942                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 6943                         __func__));
 6944                 return key_senderror(so, m, EINVAL);
 6945         }
 6946 
 6947         /* no SATYPE specified, i.e. flushing all SA. */
 6948         SAHTREE_LOCK();
 6949         for (sah = LIST_FIRST(&V_sahtree);
 6950              sah != NULL;
 6951              sah = nextsah) {
 6952                 nextsah = LIST_NEXT(sah, chain);
 6953 
 6954                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 6955                  && proto != sah->saidx.proto)
 6956                         continue;
 6957 
 6958                 for (stateidx = 0;
 6959                      stateidx < _ARRAYLEN(saorder_state_alive);
 6960                      stateidx++) {
 6961                         state = saorder_state_any[stateidx];
 6962                         for (sav = LIST_FIRST(&sah->savtree[state]);
 6963                              sav != NULL;
 6964                              sav = nextsav) {
 6965 
 6966                                 nextsav = LIST_NEXT(sav, chain);
 6967 
 6968                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 6969                                 KEY_FREESAV(&sav);
 6970                         }
 6971                 }
 6972 
 6973                 sah->state = SADB_SASTATE_DEAD;
 6974         }
 6975         SAHTREE_UNLOCK();
 6976 
 6977         if (m->m_len < sizeof(struct sadb_msg) ||
 6978             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 6979                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6980                 return key_senderror(so, m, ENOBUFS);
 6981         }
 6982 
 6983         if (m->m_next)
 6984                 m_freem(m->m_next);
 6985         m->m_next = NULL;
 6986         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 6987         newmsg = mtod(m, struct sadb_msg *);
 6988         newmsg->sadb_msg_errno = 0;
 6989         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 6990 
 6991         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6992 }
 6993 
 6994 /*
 6995  * SADB_DUMP processing
 6996  * dump all entries including status of DEAD in SAD.
 6997  * receive
 6998  *   <base>
 6999  * from the ikmpd, and dump all secasvar leaves
 7000  * and send,
 7001  *   <base> .....
 7002  * to the ikmpd.
 7003  *
 7004  * m will always be freed.
 7005  */
 7006 static int
 7007 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 7008 {
 7009         struct secashead *sah;
 7010         struct secasvar *sav;
 7011         u_int16_t proto;
 7012         u_int stateidx;
 7013         u_int8_t satype;
 7014         u_int8_t state;
 7015         int cnt;
 7016         struct sadb_msg *newmsg;
 7017         struct mbuf *n;
 7018 
 7019         IPSEC_ASSERT(so != NULL, ("null socket"));
 7020         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7021         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7022         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7023 
 7024         /* map satype to proto */
 7025         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 7026                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 7027                         __func__));
 7028                 return key_senderror(so, m, EINVAL);
 7029         }
 7030 
 7031         /* count sav entries to be sent to the userland. */
 7032         cnt = 0;
 7033         SAHTREE_LOCK();
 7034         LIST_FOREACH(sah, &V_sahtree, chain) {
 7035                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7036                  && proto != sah->saidx.proto)
 7037                         continue;
 7038 
 7039                 for (stateidx = 0;
 7040                      stateidx < _ARRAYLEN(saorder_state_any);
 7041                      stateidx++) {
 7042                         state = saorder_state_any[stateidx];
 7043                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7044                                 cnt++;
 7045                         }
 7046                 }
 7047         }
 7048 
 7049         if (cnt == 0) {
 7050                 SAHTREE_UNLOCK();
 7051                 return key_senderror(so, m, ENOENT);
 7052         }
 7053 
 7054         /* send this to the userland, one at a time. */
 7055         newmsg = NULL;
 7056         LIST_FOREACH(sah, &V_sahtree, chain) {
 7057                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7058                  && proto != sah->saidx.proto)
 7059                         continue;
 7060 
 7061                 /* map proto to satype */
 7062                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 7063                         SAHTREE_UNLOCK();
 7064                         ipseclog((LOG_DEBUG, "%s: there was invalid proto in "
 7065                                 "SAD.\n", __func__));
 7066                         return key_senderror(so, m, EINVAL);
 7067                 }
 7068 
 7069                 for (stateidx = 0;
 7070                      stateidx < _ARRAYLEN(saorder_state_any);
 7071                      stateidx++) {
 7072                         state = saorder_state_any[stateidx];
 7073                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7074                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 7075                                     --cnt, mhp->msg->sadb_msg_pid);
 7076                                 if (!n) {
 7077                                         SAHTREE_UNLOCK();
 7078                                         return key_senderror(so, m, ENOBUFS);
 7079                                 }
 7080                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 7081                         }
 7082                 }
 7083         }
 7084         SAHTREE_UNLOCK();
 7085 
 7086         m_freem(m);
 7087         return 0;
 7088 }
 7089 
 7090 /*
 7091  * SADB_X_PROMISC processing
 7092  *
 7093  * m will always be freed.
 7094  */
 7095 static int
 7096 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 7097 {
 7098         int olen;
 7099 
 7100         IPSEC_ASSERT(so != NULL, ("null socket"));
 7101         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7102         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7103         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7104 
 7105         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7106 
 7107         if (olen < sizeof(struct sadb_msg)) {
 7108 #if 1
 7109                 return key_senderror(so, m, EINVAL);
 7110 #else
 7111                 m_freem(m);
 7112                 return 0;
 7113 #endif
 7114         } else if (olen == sizeof(struct sadb_msg)) {
 7115                 /* enable/disable promisc mode */
 7116                 struct keycb *kp;
 7117 
 7118                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 7119                         return key_senderror(so, m, EINVAL);
 7120                 mhp->msg->sadb_msg_errno = 0;
 7121                 switch (mhp->msg->sadb_msg_satype) {
 7122                 case 0:
 7123                 case 1:
 7124                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 7125                         break;
 7126                 default:
 7127                         return key_senderror(so, m, EINVAL);
 7128                 }
 7129 
 7130                 /* send the original message back to everyone */
 7131                 mhp->msg->sadb_msg_errno = 0;
 7132                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7133         } else {
 7134                 /* send packet as is */
 7135 
 7136                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 7137 
 7138                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 7139                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7140         }
 7141 }
 7142 
 7143 static int (*key_typesw[])(struct socket *, struct mbuf *,
 7144                 const struct sadb_msghdr *) = {
 7145         NULL,           /* SADB_RESERVED */
 7146         key_getspi,     /* SADB_GETSPI */
 7147         key_update,     /* SADB_UPDATE */
 7148         key_add,        /* SADB_ADD */
 7149         key_delete,     /* SADB_DELETE */
 7150         key_get,        /* SADB_GET */
 7151         key_acquire2,   /* SADB_ACQUIRE */
 7152         key_register,   /* SADB_REGISTER */
 7153         NULL,           /* SADB_EXPIRE */
 7154         key_flush,      /* SADB_FLUSH */
 7155         key_dump,       /* SADB_DUMP */
 7156         key_promisc,    /* SADB_X_PROMISC */
 7157         NULL,           /* SADB_X_PCHANGE */
 7158         key_spdadd,     /* SADB_X_SPDUPDATE */
 7159         key_spdadd,     /* SADB_X_SPDADD */
 7160         key_spddelete,  /* SADB_X_SPDDELETE */
 7161         key_spdget,     /* SADB_X_SPDGET */
 7162         NULL,           /* SADB_X_SPDACQUIRE */
 7163         key_spddump,    /* SADB_X_SPDDUMP */
 7164         key_spdflush,   /* SADB_X_SPDFLUSH */
 7165         key_spdadd,     /* SADB_X_SPDSETIDX */
 7166         NULL,           /* SADB_X_SPDEXPIRE */
 7167         key_spddelete2, /* SADB_X_SPDDELETE2 */
 7168 };
 7169 
 7170 /*
 7171  * parse sadb_msg buffer to process PFKEYv2,
 7172  * and create a data to response if needed.
 7173  * I think to be dealed with mbuf directly.
 7174  * IN:
 7175  *     msgp  : pointer to pointer to a received buffer pulluped.
 7176  *             This is rewrited to response.
 7177  *     so    : pointer to socket.
 7178  * OUT:
 7179  *    length for buffer to send to user process.
 7180  */
 7181 int
 7182 key_parse(struct mbuf *m, struct socket *so)
 7183 {
 7184         struct sadb_msg *msg;
 7185         struct sadb_msghdr mh;
 7186         u_int orglen;
 7187         int error;
 7188         int target;
 7189 
 7190         IPSEC_ASSERT(so != NULL, ("null socket"));
 7191         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7192 
 7193 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 7194         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 7195                 ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__));
 7196                 kdebug_sadb(msg));
 7197 #endif
 7198 
 7199         if (m->m_len < sizeof(struct sadb_msg)) {
 7200                 m = m_pullup(m, sizeof(struct sadb_msg));
 7201                 if (!m)
 7202                         return ENOBUFS;
 7203         }
 7204         msg = mtod(m, struct sadb_msg *);
 7205         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 7206         target = KEY_SENDUP_ONE;
 7207 
 7208         if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) {
 7209                 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
 7210                 PFKEYSTAT_INC(out_invlen);
 7211                 error = EINVAL;
 7212                 goto senderror;
 7213         }
 7214 
 7215         if (msg->sadb_msg_version != PF_KEY_V2) {
 7216                 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
 7217                     __func__, msg->sadb_msg_version));
 7218                 PFKEYSTAT_INC(out_invver);
 7219                 error = EINVAL;
 7220                 goto senderror;
 7221         }
 7222 
 7223         if (msg->sadb_msg_type > SADB_MAX) {
 7224                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7225                     __func__, msg->sadb_msg_type));
 7226                 PFKEYSTAT_INC(out_invmsgtype);
 7227                 error = EINVAL;
 7228                 goto senderror;
 7229         }
 7230 
 7231         /* for old-fashioned code - should be nuked */
 7232         if (m->m_pkthdr.len > MCLBYTES) {
 7233                 m_freem(m);
 7234                 return ENOBUFS;
 7235         }
 7236         if (m->m_next) {
 7237                 struct mbuf *n;
 7238 
 7239                 MGETHDR(n, M_NOWAIT, MT_DATA);
 7240                 if (n && m->m_pkthdr.len > MHLEN) {
 7241                         if (!(MCLGET(n, M_NOWAIT))) {
 7242                                 m_free(n);
 7243                                 n = NULL;
 7244                         }
 7245                 }
 7246                 if (!n) {
 7247                         m_freem(m);
 7248                         return ENOBUFS;
 7249                 }
 7250                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 7251                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 7252                 n->m_next = NULL;
 7253                 m_freem(m);
 7254                 m = n;
 7255         }
 7256 
 7257         /* align the mbuf chain so that extensions are in contiguous region. */
 7258         error = key_align(m, &mh);
 7259         if (error)
 7260                 return error;
 7261 
 7262         msg = mh.msg;
 7263 
 7264         /* check SA type */
 7265         switch (msg->sadb_msg_satype) {
 7266         case SADB_SATYPE_UNSPEC:
 7267                 switch (msg->sadb_msg_type) {
 7268                 case SADB_GETSPI:
 7269                 case SADB_UPDATE:
 7270                 case SADB_ADD:
 7271                 case SADB_DELETE:
 7272                 case SADB_GET:
 7273                 case SADB_ACQUIRE:
 7274                 case SADB_EXPIRE:
 7275                         ipseclog((LOG_DEBUG, "%s: must specify satype "
 7276                             "when msg type=%u.\n", __func__,
 7277                             msg->sadb_msg_type));
 7278                         PFKEYSTAT_INC(out_invsatype);
 7279                         error = EINVAL;
 7280                         goto senderror;
 7281                 }
 7282                 break;
 7283         case SADB_SATYPE_AH:
 7284         case SADB_SATYPE_ESP:
 7285         case SADB_X_SATYPE_IPCOMP:
 7286         case SADB_X_SATYPE_TCPSIGNATURE:
 7287                 switch (msg->sadb_msg_type) {
 7288                 case SADB_X_SPDADD:
 7289                 case SADB_X_SPDDELETE:
 7290                 case SADB_X_SPDGET:
 7291                 case SADB_X_SPDDUMP:
 7292                 case SADB_X_SPDFLUSH:
 7293                 case SADB_X_SPDSETIDX:
 7294                 case SADB_X_SPDUPDATE:
 7295                 case SADB_X_SPDDELETE2:
 7296                         ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
 7297                                 __func__, msg->sadb_msg_type));
 7298                         PFKEYSTAT_INC(out_invsatype);
 7299                         error = EINVAL;
 7300                         goto senderror;
 7301                 }
 7302                 break;
 7303         case SADB_SATYPE_RSVP:
 7304         case SADB_SATYPE_OSPFV2:
 7305         case SADB_SATYPE_RIPV2:
 7306         case SADB_SATYPE_MIP:
 7307                 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
 7308                         __func__, msg->sadb_msg_satype));
 7309                 PFKEYSTAT_INC(out_invsatype);
 7310                 error = EOPNOTSUPP;
 7311                 goto senderror;
 7312         case 1: /* XXX: What does it do? */
 7313                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7314                         break;
 7315                 /*FALLTHROUGH*/
 7316         default:
 7317                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7318                         __func__, msg->sadb_msg_satype));
 7319                 PFKEYSTAT_INC(out_invsatype);
 7320                 error = EINVAL;
 7321                 goto senderror;
 7322         }
 7323 
 7324         /* check field of upper layer protocol and address family */
 7325         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
 7326          && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7327                 struct sadb_address *src0, *dst0;
 7328                 u_int plen;
 7329 
 7330                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7331                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7332 
 7333                 /* check upper layer protocol */
 7334                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7335                         ipseclog((LOG_DEBUG, "%s: upper layer protocol "
 7336                                 "mismatched.\n", __func__));
 7337                         PFKEYSTAT_INC(out_invaddr);
 7338                         error = EINVAL;
 7339                         goto senderror;
 7340                 }
 7341 
 7342                 /* check family */
 7343                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7344                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7345                         ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 7346                                 __func__));
 7347                         PFKEYSTAT_INC(out_invaddr);
 7348                         error = EINVAL;
 7349                         goto senderror;
 7350                 }
 7351                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7352                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7353                         ipseclog((LOG_DEBUG, "%s: address struct size "
 7354                                 "mismatched.\n", __func__));
 7355                         PFKEYSTAT_INC(out_invaddr);
 7356                         error = EINVAL;
 7357                         goto senderror;
 7358                 }
 7359 
 7360                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7361                 case AF_INET:
 7362                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7363                             sizeof(struct sockaddr_in)) {
 7364                                 PFKEYSTAT_INC(out_invaddr);
 7365                                 error = EINVAL;
 7366                                 goto senderror;
 7367                         }
 7368                         break;
 7369                 case AF_INET6:
 7370                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7371                             sizeof(struct sockaddr_in6)) {
 7372                                 PFKEYSTAT_INC(out_invaddr);
 7373                                 error = EINVAL;
 7374                                 goto senderror;
 7375                         }
 7376                         break;
 7377                 default:
 7378                         ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
 7379                                 __func__));
 7380                         PFKEYSTAT_INC(out_invaddr);
 7381                         error = EAFNOSUPPORT;
 7382                         goto senderror;
 7383                 }
 7384 
 7385                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7386                 case AF_INET:
 7387                         plen = sizeof(struct in_addr) << 3;
 7388                         break;
 7389                 case AF_INET6:
 7390                         plen = sizeof(struct in6_addr) << 3;
 7391                         break;
 7392                 default:
 7393                         plen = 0;       /*fool gcc*/
 7394                         break;
 7395                 }
 7396 
 7397                 /* check max prefix length */
 7398                 if (src0->sadb_address_prefixlen > plen ||
 7399                     dst0->sadb_address_prefixlen > plen) {
 7400                         ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
 7401                                 __func__));
 7402                         PFKEYSTAT_INC(out_invaddr);
 7403                         error = EINVAL;
 7404                         goto senderror;
 7405                 }
 7406 
 7407                 /*
 7408                  * prefixlen == 0 is valid because there can be a case when
 7409                  * all addresses are matched.
 7410                  */
 7411         }
 7412 
 7413         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7414             key_typesw[msg->sadb_msg_type] == NULL) {
 7415                 PFKEYSTAT_INC(out_invmsgtype);
 7416                 error = EINVAL;
 7417                 goto senderror;
 7418         }
 7419 
 7420         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7421 
 7422 senderror:
 7423         msg->sadb_msg_errno = error;
 7424         return key_sendup_mbuf(so, m, target);
 7425 }
 7426 
 7427 static int
 7428 key_senderror(struct socket *so, struct mbuf *m, int code)
 7429 {
 7430         struct sadb_msg *msg;
 7431 
 7432         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7433                 ("mbuf too small, len %u", m->m_len));
 7434 
 7435         msg = mtod(m, struct sadb_msg *);
 7436         msg->sadb_msg_errno = code;
 7437         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7438 }
 7439 
 7440 /*
 7441  * set the pointer to each header into message buffer.
 7442  * m will be freed on error.
 7443  * XXX larger-than-MCLBYTES extension?
 7444  */
 7445 static int
 7446 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
 7447 {
 7448         struct mbuf *n;
 7449         struct sadb_ext *ext;
 7450         size_t off, end;
 7451         int extlen;
 7452         int toff;
 7453 
 7454         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7455         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7456         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7457                 ("mbuf too small, len %u", m->m_len));
 7458 
 7459         /* initialize */
 7460         bzero(mhp, sizeof(*mhp));
 7461 
 7462         mhp->msg = mtod(m, struct sadb_msg *);
 7463         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7464 
 7465         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7466         extlen = end;   /*just in case extlen is not updated*/
 7467         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7468                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7469                 if (!n) {
 7470                         /* m is already freed */
 7471                         return ENOBUFS;
 7472                 }
 7473                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7474 
 7475                 /* set pointer */
 7476                 switch (ext->sadb_ext_type) {
 7477                 case SADB_EXT_SA:
 7478                 case SADB_EXT_ADDRESS_SRC:
 7479                 case SADB_EXT_ADDRESS_DST:
 7480                 case SADB_EXT_ADDRESS_PROXY:
 7481                 case SADB_EXT_LIFETIME_CURRENT:
 7482                 case SADB_EXT_LIFETIME_HARD:
 7483                 case SADB_EXT_LIFETIME_SOFT:
 7484                 case SADB_EXT_KEY_AUTH:
 7485                 case SADB_EXT_KEY_ENCRYPT:
 7486                 case SADB_EXT_IDENTITY_SRC:
 7487                 case SADB_EXT_IDENTITY_DST:
 7488                 case SADB_EXT_SENSITIVITY:
 7489                 case SADB_EXT_PROPOSAL:
 7490                 case SADB_EXT_SUPPORTED_AUTH:
 7491                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7492                 case SADB_EXT_SPIRANGE:
 7493                 case SADB_X_EXT_POLICY:
 7494                 case SADB_X_EXT_SA2:
 7495 #ifdef IPSEC_NAT_T
 7496                 case SADB_X_EXT_NAT_T_TYPE:
 7497                 case SADB_X_EXT_NAT_T_SPORT:
 7498                 case SADB_X_EXT_NAT_T_DPORT:
 7499                 case SADB_X_EXT_NAT_T_OAI:
 7500                 case SADB_X_EXT_NAT_T_OAR:
 7501                 case SADB_X_EXT_NAT_T_FRAG:
 7502 #endif
 7503                         /* duplicate check */
 7504                         /*
 7505                          * XXX Are there duplication payloads of either
 7506                          * KEY_AUTH or KEY_ENCRYPT ?
 7507                          */
 7508                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7509                                 ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
 7510                                         "%u\n", __func__, ext->sadb_ext_type));
 7511                                 m_freem(m);
 7512                                 PFKEYSTAT_INC(out_dupext);
 7513                                 return EINVAL;
 7514                         }
 7515                         break;
 7516                 default:
 7517                         ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
 7518                                 __func__, ext->sadb_ext_type));
 7519                         m_freem(m);
 7520                         PFKEYSTAT_INC(out_invexttype);
 7521                         return EINVAL;
 7522                 }
 7523 
 7524                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7525 
 7526                 if (key_validate_ext(ext, extlen)) {
 7527                         m_freem(m);
 7528                         PFKEYSTAT_INC(out_invlen);
 7529                         return EINVAL;
 7530                 }
 7531 
 7532                 n = m_pulldown(m, off, extlen, &toff);
 7533                 if (!n) {
 7534                         /* m is already freed */
 7535                         return ENOBUFS;
 7536                 }
 7537                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7538 
 7539                 mhp->ext[ext->sadb_ext_type] = ext;
 7540                 mhp->extoff[ext->sadb_ext_type] = off;
 7541                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7542         }
 7543 
 7544         if (off != end) {
 7545                 m_freem(m);
 7546                 PFKEYSTAT_INC(out_invlen);
 7547                 return EINVAL;
 7548         }
 7549 
 7550         return 0;
 7551 }
 7552 
 7553 static int
 7554 key_validate_ext(const struct sadb_ext *ext, int len)
 7555 {
 7556         const struct sockaddr *sa;
 7557         enum { NONE, ADDR } checktype = NONE;
 7558         int baselen = 0;
 7559         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7560 
 7561         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7562                 return EINVAL;
 7563 
 7564         /* if it does not match minimum/maximum length, bail */
 7565         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7566             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7567                 return EINVAL;
 7568         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7569                 return EINVAL;
 7570         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7571                 return EINVAL;
 7572 
 7573         /* more checks based on sadb_ext_type XXX need more */
 7574         switch (ext->sadb_ext_type) {
 7575         case SADB_EXT_ADDRESS_SRC:
 7576         case SADB_EXT_ADDRESS_DST:
 7577         case SADB_EXT_ADDRESS_PROXY:
 7578                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7579                 checktype = ADDR;
 7580                 break;
 7581         case SADB_EXT_IDENTITY_SRC:
 7582         case SADB_EXT_IDENTITY_DST:
 7583                 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
 7584                     SADB_X_IDENTTYPE_ADDR) {
 7585                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7586                         checktype = ADDR;
 7587                 } else
 7588                         checktype = NONE;
 7589                 break;
 7590         default:
 7591                 checktype = NONE;
 7592                 break;
 7593         }
 7594 
 7595         switch (checktype) {
 7596         case NONE:
 7597                 break;
 7598         case ADDR:
 7599                 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
 7600                 if (len < baselen + sal)
 7601                         return EINVAL;
 7602                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7603                         return EINVAL;
 7604                 break;
 7605         }
 7606 
 7607         return 0;
 7608 }
 7609 
 7610 void
 7611 key_init(void)
 7612 {
 7613         int i;
 7614 
 7615         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7616                 TAILQ_INIT(&V_sptree[i]);
 7617 
 7618         LIST_INIT(&V_sahtree);
 7619 
 7620         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7621                 LIST_INIT(&V_regtree[i]);
 7622 
 7623         LIST_INIT(&V_acqtree);
 7624         LIST_INIT(&V_spacqtree);
 7625 
 7626         if (!IS_DEFAULT_VNET(curvnet))
 7627                 return;
 7628 
 7629         SPTREE_LOCK_INIT();
 7630         REGTREE_LOCK_INIT();
 7631         SAHTREE_LOCK_INIT();
 7632         ACQ_LOCK_INIT();
 7633         SPACQ_LOCK_INIT();
 7634 
 7635 #ifndef IPSEC_DEBUG2
 7636         callout_init(&key_timer, 1);
 7637         callout_reset(&key_timer, hz, key_timehandler, NULL);
 7638 #endif /*IPSEC_DEBUG2*/
 7639 
 7640         /* initialize key statistics */
 7641         keystat.getspi_count = 1;
 7642 
 7643         printf("IPsec: Initialized Security Association Processing.\n");
 7644 }
 7645 
 7646 #ifdef VIMAGE
 7647 void
 7648 key_destroy(void)
 7649 {
 7650         TAILQ_HEAD(, secpolicy) drainq;
 7651         struct secpolicy *sp, *nextsp;
 7652         struct secacq *acq, *nextacq;
 7653         struct secspacq *spacq, *nextspacq;
 7654         struct secashead *sah, *nextsah;
 7655         struct secreg *reg;
 7656         int i;
 7657 
 7658         TAILQ_INIT(&drainq);
 7659         SPTREE_WLOCK();
 7660         for (i = 0; i < IPSEC_DIR_MAX; i++) {
 7661                 TAILQ_CONCAT(&drainq, &V_sptree[i], chain);
 7662         }
 7663         SPTREE_WUNLOCK();
 7664         sp = TAILQ_FIRST(&drainq);
 7665         while (sp != NULL) {
 7666                 nextsp = TAILQ_NEXT(sp, chain);
 7667                 KEY_FREESP(&sp);
 7668                 sp = nextsp;
 7669         }
 7670 
 7671         SAHTREE_LOCK();
 7672         for (sah = LIST_FIRST(&V_sahtree); sah != NULL; sah = nextsah) {
 7673                 nextsah = LIST_NEXT(sah, chain);
 7674                 if (__LIST_CHAINED(sah)) {
 7675                         LIST_REMOVE(sah, chain);
 7676                         free(sah, M_IPSEC_SAH);
 7677                 }
 7678         }
 7679         SAHTREE_UNLOCK();
 7680 
 7681         REGTREE_LOCK();
 7682         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 7683                 LIST_FOREACH(reg, &V_regtree[i], chain) {
 7684                         if (__LIST_CHAINED(reg)) {
 7685                                 LIST_REMOVE(reg, chain);
 7686                                 free(reg, M_IPSEC_SAR);
 7687                                 break;
 7688                         }
 7689                 }
 7690         }
 7691         REGTREE_UNLOCK();
 7692 
 7693         ACQ_LOCK();
 7694         for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) {
 7695                 nextacq = LIST_NEXT(acq, chain);
 7696                 if (__LIST_CHAINED(acq)) {
 7697                         LIST_REMOVE(acq, chain);
 7698                         free(acq, M_IPSEC_SAQ);
 7699                 }
 7700         }
 7701         ACQ_UNLOCK();
 7702 
 7703         SPACQ_LOCK();
 7704         for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL;
 7705             spacq = nextspacq) {
 7706                 nextspacq = LIST_NEXT(spacq, chain);
 7707                 if (__LIST_CHAINED(spacq)) {
 7708                         LIST_REMOVE(spacq, chain);
 7709                         free(spacq, M_IPSEC_SAQ);
 7710                 }
 7711         }
 7712         SPACQ_UNLOCK();
 7713 }
 7714 #endif
 7715 
 7716 /*
 7717  * XXX: maybe This function is called after INBOUND IPsec processing.
 7718  *
 7719  * Special check for tunnel-mode packets.
 7720  * We must make some checks for consistency between inner and outer IP header.
 7721  *
 7722  * xxx more checks to be provided
 7723  */
 7724 int
 7725 key_checktunnelsanity(struct secasvar *sav, u_int family, caddr_t src,
 7726     caddr_t dst)
 7727 {
 7728         IPSEC_ASSERT(sav->sah != NULL, ("null SA header"));
 7729 
 7730         /* XXX: check inner IP header */
 7731 
 7732         return 1;
 7733 }
 7734 
 7735 /* record data transfer on SA, and update timestamps */
 7736 void
 7737 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
 7738 {
 7739         IPSEC_ASSERT(sav != NULL, ("Null secasvar"));
 7740         IPSEC_ASSERT(m != NULL, ("Null mbuf"));
 7741         if (!sav->lft_c)
 7742                 return;
 7743 
 7744         /*
 7745          * XXX Currently, there is a difference of bytes size
 7746          * between inbound and outbound processing.
 7747          */
 7748         sav->lft_c->bytes += m->m_pkthdr.len;
 7749         /* to check bytes lifetime is done in key_timehandler(). */
 7750 
 7751         /*
 7752          * We use the number of packets as the unit of
 7753          * allocations.  We increment the variable
 7754          * whenever {esp,ah}_{in,out}put is called.
 7755          */
 7756         sav->lft_c->allocations++;
 7757         /* XXX check for expires? */
 7758 
 7759         /*
 7760          * NOTE: We record CURRENT usetime by using wall clock,
 7761          * in seconds.  HARD and SOFT lifetime are measured by the time
 7762          * difference (again in seconds) from usetime.
 7763          *
 7764          *      usetime
 7765          *      v     expire   expire
 7766          * -----+-----+--------+---> t
 7767          *      <--------------> HARD
 7768          *      <-----> SOFT
 7769          */
 7770         sav->lft_c->usetime = time_second;
 7771         /* XXX check for expires? */
 7772 
 7773         return;
 7774 }
 7775 
 7776 static void
 7777 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
 7778 {
 7779         IPSEC_ASSERT(sav != NULL, ("NULL sav"));
 7780         SAHTREE_LOCK_ASSERT();
 7781 
 7782         if (sav->state != state) {
 7783                 if (__LIST_CHAINED(sav))
 7784                         LIST_REMOVE(sav, chain);
 7785                 sav->state = state;
 7786                 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
 7787         }
 7788 }
 7789 
 7790 /*
 7791  * Take one of the kernel's security keys and convert it into a PF_KEY
 7792  * structure within an mbuf, suitable for sending up to a waiting
 7793  * application in user land.
 7794  * 
 7795  * IN: 
 7796  *    src: A pointer to a kernel security key.
 7797  *    exttype: Which type of key this is. Refer to the PF_KEY data structures.
 7798  * OUT:
 7799  *    a valid mbuf or NULL indicating an error
 7800  *
 7801  */
 7802 
 7803 static struct mbuf *
 7804 key_setkey(struct seckey *src, u_int16_t exttype) 
 7805 {
 7806         struct mbuf *m;
 7807         struct sadb_key *p;
 7808         int len;
 7809 
 7810         if (src == NULL)
 7811                 return NULL;
 7812 
 7813         len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src));
 7814         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 7815         if (m == NULL)
 7816                 return NULL;
 7817         m_align(m, len);
 7818         m->m_len = len;
 7819         p = mtod(m, struct sadb_key *);
 7820         bzero(p, len);
 7821         p->sadb_key_len = PFKEY_UNIT64(len);
 7822         p->sadb_key_exttype = exttype;
 7823         p->sadb_key_bits = src->bits;
 7824         bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src));
 7825 
 7826         return m;
 7827 }
 7828 
 7829 /*
 7830  * Take one of the kernel's lifetime data structures and convert it
 7831  * into a PF_KEY structure within an mbuf, suitable for sending up to
 7832  * a waiting application in user land.
 7833  * 
 7834  * IN: 
 7835  *    src: A pointer to a kernel lifetime structure.
 7836  *    exttype: Which type of lifetime this is. Refer to the PF_KEY 
 7837  *             data structures for more information.
 7838  * OUT:
 7839  *    a valid mbuf or NULL indicating an error
 7840  *
 7841  */
 7842 
 7843 static struct mbuf *
 7844 key_setlifetime(struct seclifetime *src, u_int16_t exttype)
 7845 {
 7846         struct mbuf *m = NULL;
 7847         struct sadb_lifetime *p;
 7848         int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
 7849 
 7850         if (src == NULL)
 7851                 return NULL;
 7852 
 7853         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 7854         if (m == NULL)
 7855                 return m;
 7856         m_align(m, len);
 7857         m->m_len = len;
 7858         p = mtod(m, struct sadb_lifetime *);
 7859 
 7860         bzero(p, len);
 7861         p->sadb_lifetime_len = PFKEY_UNIT64(len);
 7862         p->sadb_lifetime_exttype = exttype;
 7863         p->sadb_lifetime_allocations = src->allocations;
 7864         p->sadb_lifetime_bytes = src->bytes;
 7865         p->sadb_lifetime_addtime = src->addtime;
 7866         p->sadb_lifetime_usetime = src->usetime;
 7867         
 7868         return m;
 7869 
 7870 }

Cache object: 8d35262cbbd36b2ad3524b84ca2423e2


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.