The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System, Second Edition

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c

Version: -  FREEBSD  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  cheribsd  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1  -  FREEBSD-LIBC  -  FREEBSD8-LIBC  -  FREEBSD7-LIBC  -  FREEBSD6-LIBC  -  GLIBC27 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: head/sys/netipsec/key.c 274225 2014-11-07 09:39:05Z glebius $ */
    2 /*      $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 /*
   34  * This code is referd to RFC 2367
   35  */
   36 
   37 #include "opt_inet.h"
   38 #include "opt_inet6.h"
   39 #include "opt_ipsec.h"
   40 
   41 #include <sys/types.h>
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/kernel.h>
   45 #include <sys/lock.h>
   46 #include <sys/mutex.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/socket.h>
   52 #include <sys/socketvar.h>
   53 #include <sys/sysctl.h>
   54 #include <sys/errno.h>
   55 #include <sys/proc.h>
   56 #include <sys/queue.h>
   57 #include <sys/refcount.h>
   58 #include <sys/syslog.h>
   59 
   60 #include <net/if.h>
   61 #include <net/if_var.h>
   62 #include <net/route.h>
   63 #include <net/vnet.h>
   64 #include <net/raw_cb.h>
   65 
   66 #include <netinet/in.h>
   67 #include <netinet/in_systm.h>
   68 #include <netinet/ip.h>
   69 #include <netinet/in_var.h>
   70 
   71 #ifdef INET6
   72 #include <netinet/ip6.h>
   73 #include <netinet6/in6_var.h>
   74 #include <netinet6/ip6_var.h>
   75 #endif /* INET6 */
   76 
   77 #if defined(INET) || defined(INET6)
   78 #include <netinet/in_pcb.h>
   79 #endif
   80 #ifdef INET6
   81 #include <netinet6/in6_pcb.h>
   82 #endif /* INET6 */
   83 
   84 #include <net/pfkeyv2.h>
   85 #include <netipsec/keydb.h>
   86 #include <netipsec/key.h>
   87 #include <netipsec/keysock.h>
   88 #include <netipsec/key_debug.h>
   89 
   90 #include <netipsec/ipsec.h>
   91 #ifdef INET6
   92 #include <netipsec/ipsec6.h>
   93 #endif
   94 
   95 #include <netipsec/xform.h>
   96 
   97 #include <machine/stdarg.h>
   98 
   99 /* randomness */
  100 #include <sys/random.h>
  101 
  102 #define FULLMASK        0xff
  103 #define _BITS(bytes)    ((bytes) << 3)
  104 
  105 /*
  106  * Note on SA reference counting:
  107  * - SAs that are not in DEAD state will have (total external reference + 1)
  108  *   following value in reference count field.  they cannot be freed and are
  109  *   referenced from SA header.
  110  * - SAs that are in DEAD state will have (total external reference)
  111  *   in reference count field.  they are ready to be freed.  reference from
  112  *   SA header will be removed in key_delsav(), when the reference count
  113  *   field hits 0 (= no external reference other than from SA header.
  114  */
  115 
  116 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
  117 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000;
  118 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100;
  119 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff;     /* XXX */
  120 static VNET_DEFINE(u_int32_t, policy_id) = 0;
  121 /*interval to initialize randseed,1(m)*/
  122 static VNET_DEFINE(u_int, key_int_random) = 60;
  123 /* interval to expire acquiring, 30(s)*/
  124 static VNET_DEFINE(u_int, key_larval_lifetime) = 30;
  125 /* counter for blocking SADB_ACQUIRE.*/
  126 static VNET_DEFINE(int, key_blockacq_count) = 10;
  127 /* lifetime for blocking SADB_ACQUIRE.*/
  128 static VNET_DEFINE(int, key_blockacq_lifetime) = 20;
  129 /* preferred old sa rather than new sa.*/
  130 static VNET_DEFINE(int, key_preferred_oldsa) = 1;
  131 #define V_key_spi_trycnt        VNET(key_spi_trycnt)
  132 #define V_key_spi_minval        VNET(key_spi_minval)
  133 #define V_key_spi_maxval        VNET(key_spi_maxval)
  134 #define V_policy_id             VNET(policy_id)
  135 #define V_key_int_random        VNET(key_int_random)
  136 #define V_key_larval_lifetime   VNET(key_larval_lifetime)
  137 #define V_key_blockacq_count    VNET(key_blockacq_count)
  138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime)
  139 #define V_key_preferred_oldsa   VNET(key_preferred_oldsa)
  140 
  141 static VNET_DEFINE(u_int32_t, acq_seq) = 0;
  142 #define V_acq_seq               VNET(acq_seq)
  143 
  144                                                                 /* SPD */
  145 static VNET_DEFINE(LIST_HEAD(_sptree, secpolicy), sptree[IPSEC_DIR_MAX]);
  146 #define V_sptree                VNET(sptree)
  147 static struct mtx sptree_lock;
  148 #define SPTREE_LOCK_INIT() \
  149         mtx_init(&sptree_lock, "sptree", \
  150                 "fast ipsec security policy database", MTX_DEF)
  151 #define SPTREE_LOCK_DESTROY()   mtx_destroy(&sptree_lock)
  152 #define SPTREE_LOCK()           mtx_lock(&sptree_lock)
  153 #define SPTREE_UNLOCK() mtx_unlock(&sptree_lock)
  154 #define SPTREE_LOCK_ASSERT()    mtx_assert(&sptree_lock, MA_OWNED)
  155 
  156 static VNET_DEFINE(LIST_HEAD(_sahtree, secashead), sahtree);    /* SAD */
  157 #define V_sahtree               VNET(sahtree)
  158 static struct mtx sahtree_lock;
  159 #define SAHTREE_LOCK_INIT() \
  160         mtx_init(&sahtree_lock, "sahtree", \
  161                 "fast ipsec security association database", MTX_DEF)
  162 #define SAHTREE_LOCK_DESTROY()  mtx_destroy(&sahtree_lock)
  163 #define SAHTREE_LOCK()          mtx_lock(&sahtree_lock)
  164 #define SAHTREE_UNLOCK()        mtx_unlock(&sahtree_lock)
  165 #define SAHTREE_LOCK_ASSERT()   mtx_assert(&sahtree_lock, MA_OWNED)
  166 
  167                                                         /* registed list */
  168 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
  169 #define V_regtree               VNET(regtree)
  170 static struct mtx regtree_lock;
  171 #define REGTREE_LOCK_INIT() \
  172         mtx_init(&regtree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
  173 #define REGTREE_LOCK_DESTROY()  mtx_destroy(&regtree_lock)
  174 #define REGTREE_LOCK()          mtx_lock(&regtree_lock)
  175 #define REGTREE_UNLOCK()        mtx_unlock(&regtree_lock)
  176 #define REGTREE_LOCK_ASSERT()   mtx_assert(&regtree_lock, MA_OWNED)
  177 
  178 static VNET_DEFINE(LIST_HEAD(_acqtree, secacq), acqtree); /* acquiring list */
  179 #define V_acqtree               VNET(acqtree)
  180 static struct mtx acq_lock;
  181 #define ACQ_LOCK_INIT() \
  182         mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF)
  183 #define ACQ_LOCK_DESTROY()      mtx_destroy(&acq_lock)
  184 #define ACQ_LOCK()              mtx_lock(&acq_lock)
  185 #define ACQ_UNLOCK()            mtx_unlock(&acq_lock)
  186 #define ACQ_LOCK_ASSERT()       mtx_assert(&acq_lock, MA_OWNED)
  187 
  188                                                         /* SP acquiring list */
  189 static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree);
  190 #define V_spacqtree             VNET(spacqtree)
  191 static struct mtx spacq_lock;
  192 #define SPACQ_LOCK_INIT() \
  193         mtx_init(&spacq_lock, "spacqtree", \
  194                 "fast ipsec security policy acquire list", MTX_DEF)
  195 #define SPACQ_LOCK_DESTROY()    mtx_destroy(&spacq_lock)
  196 #define SPACQ_LOCK()            mtx_lock(&spacq_lock)
  197 #define SPACQ_UNLOCK()          mtx_unlock(&spacq_lock)
  198 #define SPACQ_LOCK_ASSERT()     mtx_assert(&spacq_lock, MA_OWNED)
  199 
  200 /* search order for SAs */
  201 static const u_int saorder_state_valid_prefer_old[] = {
  202         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  203 };
  204 static const u_int saorder_state_valid_prefer_new[] = {
  205         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  206 };
  207 static const u_int saorder_state_alive[] = {
  208         /* except DEAD */
  209         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  210 };
  211 static const u_int saorder_state_any[] = {
  212         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  213         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  214 };
  215 
  216 static const int minsize[] = {
  217         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  218         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  219         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  220         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  221         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  222         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  223         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  224         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  225         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  226         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  227         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  228         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  229         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  230         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  231         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  232         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  233         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  234         0,                              /* SADB_X_EXT_KMPRIVATE */
  235         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  236         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  237         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  238         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  239         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  240         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAI */
  241         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAR */
  242         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  243 };
  244 static const int maxsize[] = {
  245         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  246         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  247         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  248         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  249         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  250         0,                              /* SADB_EXT_ADDRESS_SRC */
  251         0,                              /* SADB_EXT_ADDRESS_DST */
  252         0,                              /* SADB_EXT_ADDRESS_PROXY */
  253         0,                              /* SADB_EXT_KEY_AUTH */
  254         0,                              /* SADB_EXT_KEY_ENCRYPT */
  255         0,                              /* SADB_EXT_IDENTITY_SRC */
  256         0,                              /* SADB_EXT_IDENTITY_DST */
  257         0,                              /* SADB_EXT_SENSITIVITY */
  258         0,                              /* SADB_EXT_PROPOSAL */
  259         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  260         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  261         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  262         0,                              /* SADB_X_EXT_KMPRIVATE */
  263         0,                              /* SADB_X_EXT_POLICY */
  264         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  265         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  266         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  267         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  268         0,                              /* SADB_X_EXT_NAT_T_OAI */
  269         0,                              /* SADB_X_EXT_NAT_T_OAR */
  270         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  271 };
  272 
  273 static VNET_DEFINE(int, ipsec_esp_keymin) = 256;
  274 static VNET_DEFINE(int, ipsec_esp_auth) = 0;
  275 static VNET_DEFINE(int, ipsec_ah_keymin) = 128;
  276 
  277 #define V_ipsec_esp_keymin      VNET(ipsec_esp_keymin)
  278 #define V_ipsec_esp_auth        VNET(ipsec_esp_auth)
  279 #define V_ipsec_ah_keymin       VNET(ipsec_ah_keymin)
  280 
  281 #ifdef SYSCTL_DECL
  282 SYSCTL_DECL(_net_key);
  283 #endif
  284 
  285 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,        debug,
  286         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
  287 
  288 /* max count of trial for the decision of spi value */
  289 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
  290         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
  291 
  292 /* minimum spi value to allocate automatically. */
  293 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval,
  294         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
  295 
  296 /* maximun spi value to allocate automatically. */
  297 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval,
  298         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
  299 
  300 /* interval to initialize randseed */
  301 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,
  302         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
  303 
  304 /* lifetime for larval SA */
  305 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime,
  306         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
  307 
  308 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  309 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count,
  310         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
  311 
  312 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  313 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime,
  314         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
  315 
  316 /* ESP auth */
  317 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
  318         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
  319 
  320 /* minimum ESP key length */
  321 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin,
  322         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
  323 
  324 /* minimum AH key length */
  325 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
  326         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
  327 
  328 /* perfered old SA rather than new SA */
  329 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa,
  330         CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
  331 
  332 #define __LIST_CHAINED(elm) \
  333         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  334 #define LIST_INSERT_TAIL(head, elm, type, field) \
  335 do {\
  336         struct type *curelm = LIST_FIRST(head); \
  337         if (curelm == NULL) {\
  338                 LIST_INSERT_HEAD(head, elm, field); \
  339         } else { \
  340                 while (LIST_NEXT(curelm, field)) \
  341                         curelm = LIST_NEXT(curelm, field);\
  342                 LIST_INSERT_AFTER(curelm, elm, field);\
  343         }\
  344 } while (0)
  345 
  346 #define KEY_CHKSASTATE(head, sav, name) \
  347 do { \
  348         if ((head) != (sav)) {                                          \
  349                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
  350                         (name), (head), (sav)));                        \
  351                 continue;                                               \
  352         }                                                               \
  353 } while (0)
  354 
  355 #define KEY_CHKSPDIR(head, sp, name) \
  356 do { \
  357         if ((head) != (sp)) {                                           \
  358                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
  359                         "anyway continue.\n",                           \
  360                         (name), (head), (sp)));                         \
  361         }                                                               \
  362 } while (0)
  363 
  364 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association");
  365 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head");
  366 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy");
  367 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request");
  368 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous");
  369 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire");
  370 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire");
  371 
  372 /*
  373  * set parameters into secpolicyindex buffer.
  374  * Must allocate secpolicyindex buffer passed to this function.
  375  */
  376 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
  377 do { \
  378         bzero((idx), sizeof(struct secpolicyindex));                         \
  379         (idx)->dir = (_dir);                                                 \
  380         (idx)->prefs = (ps);                                                 \
  381         (idx)->prefd = (pd);                                                 \
  382         (idx)->ul_proto = (ulp);                                             \
  383         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  384         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  385 } while (0)
  386 
  387 /*
  388  * set parameters into secasindex buffer.
  389  * Must allocate secasindex buffer before calling this function.
  390  */
  391 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  392 do { \
  393         bzero((idx), sizeof(struct secasindex));                             \
  394         (idx)->proto = (p);                                                  \
  395         (idx)->mode = (m);                                                   \
  396         (idx)->reqid = (r);                                                  \
  397         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  398         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  399 } while (0)
  400 
  401 /* key statistics */
  402 struct _keystat {
  403         u_long getspi_count; /* the avarage of count to try to get new SPI */
  404 } keystat;
  405 
  406 struct sadb_msghdr {
  407         struct sadb_msg *msg;
  408         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  409         int extoff[SADB_EXT_MAX + 1];
  410         int extlen[SADB_EXT_MAX + 1];
  411 };
  412 
  413 #ifndef IPSEC_DEBUG2
  414 static struct callout key_timer;
  415 #endif
  416 
  417 static struct secasvar *key_allocsa_policy __P((const struct secasindex *));
  418 static void key_freesp_so __P((struct secpolicy **));
  419 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
  420 static void key_delsp __P((struct secpolicy *));
  421 static struct secpolicy *key_getsp __P((struct secpolicyindex *));
  422 static void _key_delsp(struct secpolicy *sp);
  423 static struct secpolicy *key_getspbyid __P((u_int32_t));
  424 static u_int32_t key_newreqid __P((void));
  425 static struct mbuf *key_gather_mbuf __P((struct mbuf *,
  426         const struct sadb_msghdr *, int, int, ...));
  427 static int key_spdadd __P((struct socket *, struct mbuf *,
  428         const struct sadb_msghdr *));
  429 static u_int32_t key_getnewspid __P((void));
  430 static int key_spddelete __P((struct socket *, struct mbuf *,
  431         const struct sadb_msghdr *));
  432 static int key_spddelete2 __P((struct socket *, struct mbuf *,
  433         const struct sadb_msghdr *));
  434 static int key_spdget __P((struct socket *, struct mbuf *,
  435         const struct sadb_msghdr *));
  436 static int key_spdflush __P((struct socket *, struct mbuf *,
  437         const struct sadb_msghdr *));
  438 static int key_spddump __P((struct socket *, struct mbuf *,
  439         const struct sadb_msghdr *));
  440 static struct mbuf *key_setdumpsp __P((struct secpolicy *,
  441         u_int8_t, u_int32_t, u_int32_t));
  442 static u_int key_getspreqmsglen __P((struct secpolicy *));
  443 static int key_spdexpire __P((struct secpolicy *));
  444 static struct secashead *key_newsah __P((struct secasindex *));
  445 static void key_delsah __P((struct secashead *));
  446 static struct secasvar *key_newsav __P((struct mbuf *,
  447         const struct sadb_msghdr *, struct secashead *, int *,
  448         const char*, int));
  449 #define KEY_NEWSAV(m, sadb, sah, e)                             \
  450         key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
  451 static void key_delsav __P((struct secasvar *));
  452 static struct secashead *key_getsah __P((struct secasindex *));
  453 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t));
  454 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t));
  455 static int key_setsaval __P((struct secasvar *, struct mbuf *,
  456         const struct sadb_msghdr *));
  457 static int key_mature __P((struct secasvar *));
  458 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t,
  459         u_int8_t, u_int32_t, u_int32_t));
  460 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t,
  461         u_int32_t, pid_t, u_int16_t));
  462 static struct mbuf *key_setsadbsa __P((struct secasvar *));
  463 static struct mbuf *key_setsadbaddr __P((u_int16_t,
  464         const struct sockaddr *, u_int8_t, u_int16_t));
  465 #ifdef IPSEC_NAT_T
  466 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
  467 static struct mbuf *key_setsadbxtype(u_int16_t);
  468 #endif
  469 static void key_porttosaddr(struct sockaddr *, u_int16_t);
  470 #define KEY_PORTTOSADDR(saddr, port)                            \
  471         key_porttosaddr((struct sockaddr *)(saddr), (port))
  472 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t));
  473 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
  474         u_int32_t));
  475 static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, 
  476                                      struct malloc_type *);
  477 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
  478                                             struct malloc_type *type);
  479 #ifdef INET6
  480 static int key_ismyaddr6 __P((struct sockaddr_in6 *));
  481 #endif
  482 
  483 /* flags for key_cmpsaidx() */
  484 #define CMP_HEAD        1       /* protocol, addresses. */
  485 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  486 #define CMP_REQID       3       /* additionally HEAD, reaid. */
  487 #define CMP_EXACTLY     4       /* all elements. */
  488 static int key_cmpsaidx
  489         __P((const struct secasindex *, const struct secasindex *, int));
  490 
  491 static int key_cmpspidx_exactly
  492         __P((struct secpolicyindex *, struct secpolicyindex *));
  493 static int key_cmpspidx_withmask
  494         __P((struct secpolicyindex *, struct secpolicyindex *));
  495 static int key_sockaddrcmp __P((const struct sockaddr *, const struct sockaddr *, int));
  496 static int key_bbcmp __P((const void *, const void *, u_int));
  497 static u_int16_t key_satype2proto __P((u_int8_t));
  498 static u_int8_t key_proto2satype __P((u_int16_t));
  499 
  500 static int key_getspi __P((struct socket *, struct mbuf *,
  501         const struct sadb_msghdr *));
  502 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *,
  503                                         struct secasindex *));
  504 static int key_update __P((struct socket *, struct mbuf *,
  505         const struct sadb_msghdr *));
  506 #ifdef IPSEC_DOSEQCHECK
  507 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t));
  508 #endif
  509 static int key_add __P((struct socket *, struct mbuf *,
  510         const struct sadb_msghdr *));
  511 static int key_setident __P((struct secashead *, struct mbuf *,
  512         const struct sadb_msghdr *));
  513 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *,
  514         const struct sadb_msghdr *));
  515 static int key_delete __P((struct socket *, struct mbuf *,
  516         const struct sadb_msghdr *));
  517 static int key_get __P((struct socket *, struct mbuf *,
  518         const struct sadb_msghdr *));
  519 
  520 static void key_getcomb_setlifetime __P((struct sadb_comb *));
  521 static struct mbuf *key_getcomb_esp __P((void));
  522 static struct mbuf *key_getcomb_ah __P((void));
  523 static struct mbuf *key_getcomb_ipcomp __P((void));
  524 static struct mbuf *key_getprop __P((const struct secasindex *));
  525 
  526 static int key_acquire __P((const struct secasindex *, struct secpolicy *));
  527 static struct secacq *key_newacq __P((const struct secasindex *));
  528 static struct secacq *key_getacq __P((const struct secasindex *));
  529 static struct secacq *key_getacqbyseq __P((u_int32_t));
  530 static struct secspacq *key_newspacq __P((struct secpolicyindex *));
  531 static struct secspacq *key_getspacq __P((struct secpolicyindex *));
  532 static int key_acquire2 __P((struct socket *, struct mbuf *,
  533         const struct sadb_msghdr *));
  534 static int key_register __P((struct socket *, struct mbuf *,
  535         const struct sadb_msghdr *));
  536 static int key_expire __P((struct secasvar *));
  537 static int key_flush __P((struct socket *, struct mbuf *,
  538         const struct sadb_msghdr *));
  539 static int key_dump __P((struct socket *, struct mbuf *,
  540         const struct sadb_msghdr *));
  541 static int key_promisc __P((struct socket *, struct mbuf *,
  542         const struct sadb_msghdr *));
  543 static int key_senderror __P((struct socket *, struct mbuf *, int));
  544 static int key_validate_ext __P((const struct sadb_ext *, int));
  545 static int key_align __P((struct mbuf *, struct sadb_msghdr *));
  546 static struct mbuf *key_setlifetime(struct seclifetime *src, 
  547                                      u_int16_t exttype);
  548 static struct mbuf *key_setkey(struct seckey *src, u_int16_t exttype);
  549 
  550 #if 0
  551 static const char *key_getfqdn __P((void));
  552 static const char *key_getuserfqdn __P((void));
  553 #endif
  554 static void key_sa_chgstate __P((struct secasvar *, u_int8_t));
  555 
  556 static __inline void
  557 sa_initref(struct secasvar *sav)
  558 {
  559 
  560         refcount_init(&sav->refcnt, 1);
  561 }
  562 static __inline void
  563 sa_addref(struct secasvar *sav)
  564 {
  565 
  566         refcount_acquire(&sav->refcnt);
  567         IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow"));
  568 }
  569 static __inline int
  570 sa_delref(struct secasvar *sav)
  571 {
  572 
  573         IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow"));
  574         return (refcount_release(&sav->refcnt));
  575 }
  576 
  577 #define SP_ADDREF(p) do {                                               \
  578         (p)->refcnt++;                                                  \
  579         IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow"));         \
  580 } while (0)
  581 #define SP_DELREF(p) do {                                               \
  582         IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow"));         \
  583         (p)->refcnt--;                                                  \
  584 } while (0)
  585  
  586 
  587 /*
  588  * Update the refcnt while holding the SPTREE lock.
  589  */
  590 void
  591 key_addref(struct secpolicy *sp)
  592 {
  593         SPTREE_LOCK();
  594         SP_ADDREF(sp);
  595         SPTREE_UNLOCK();
  596 }
  597 
  598 /*
  599  * Return 0 when there are known to be no SP's for the specified
  600  * direction.  Otherwise return 1.  This is used by IPsec code
  601  * to optimize performance.
  602  */
  603 int
  604 key_havesp(u_int dir)
  605 {
  606 
  607         return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
  608                 LIST_FIRST(&V_sptree[dir]) != NULL : 1);
  609 }
  610 
  611 /* %%% IPsec policy management */
  612 /*
  613  * allocating a SP for OUTBOUND or INBOUND packet.
  614  * Must call key_freesp() later.
  615  * OUT: NULL:   not found
  616  *      others: found and return the pointer.
  617  */
  618 struct secpolicy *
  619 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
  620 {
  621         struct secpolicy *sp;
  622 
  623         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
  624         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  625                 ("invalid direction %u", dir));
  626 
  627         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  628                 printf("DP %s from %s:%u\n", __func__, where, tag));
  629 
  630         /* get a SP entry */
  631         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  632                 printf("*** objects\n");
  633                 kdebug_secpolicyindex(spidx));
  634 
  635         SPTREE_LOCK();
  636         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  637                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  638                         printf("*** in SPD\n");
  639                         kdebug_secpolicyindex(&sp->spidx));
  640 
  641                 if (sp->state == IPSEC_SPSTATE_DEAD)
  642                         continue;
  643                 if (key_cmpspidx_withmask(&sp->spidx, spidx))
  644                         goto found;
  645         }
  646         sp = NULL;
  647 found:
  648         if (sp) {
  649                 /* sanity check */
  650                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  651 
  652                 /* found a SPD entry */
  653                 sp->lastused = time_second;
  654                 SP_ADDREF(sp);
  655         }
  656         SPTREE_UNLOCK();
  657 
  658         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  659                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  660                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  661         return sp;
  662 }
  663 
  664 /*
  665  * allocating a SP for OUTBOUND or INBOUND packet.
  666  * Must call key_freesp() later.
  667  * OUT: NULL:   not found
  668  *      others: found and return the pointer.
  669  */
  670 struct secpolicy *
  671 key_allocsp2(u_int32_t spi,
  672              union sockaddr_union *dst,
  673              u_int8_t proto,
  674              u_int dir,
  675              const char* where, int tag)
  676 {
  677         struct secpolicy *sp;
  678 
  679         IPSEC_ASSERT(dst != NULL, ("null dst"));
  680         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  681                 ("invalid direction %u", dir));
  682 
  683         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  684                 printf("DP %s from %s:%u\n", __func__, where, tag));
  685 
  686         /* get a SP entry */
  687         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  688                 printf("*** objects\n");
  689                 printf("spi %u proto %u dir %u\n", spi, proto, dir);
  690                 kdebug_sockaddr(&dst->sa));
  691 
  692         SPTREE_LOCK();
  693         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  694                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  695                         printf("*** in SPD\n");
  696                         kdebug_secpolicyindex(&sp->spidx));
  697 
  698                 if (sp->state == IPSEC_SPSTATE_DEAD)
  699                         continue;
  700                 /* compare simple values, then dst address */
  701                 if (sp->spidx.ul_proto != proto)
  702                         continue;
  703                 /* NB: spi's must exist and match */
  704                 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
  705                         continue;
  706                 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
  707                         goto found;
  708         }
  709         sp = NULL;
  710 found:
  711         if (sp) {
  712                 /* sanity check */
  713                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  714 
  715                 /* found a SPD entry */
  716                 sp->lastused = time_second;
  717                 SP_ADDREF(sp);
  718         }
  719         SPTREE_UNLOCK();
  720 
  721         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  722                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  723                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  724         return sp;
  725 }
  726 
  727 #if 0
  728 /*
  729  * return a policy that matches this particular inbound packet.
  730  * XXX slow
  731  */
  732 struct secpolicy *
  733 key_gettunnel(const struct sockaddr *osrc,
  734               const struct sockaddr *odst,
  735               const struct sockaddr *isrc,
  736               const struct sockaddr *idst,
  737               const char* where, int tag)
  738 {
  739         struct secpolicy *sp;
  740         const int dir = IPSEC_DIR_INBOUND;
  741         struct ipsecrequest *r1, *r2, *p;
  742         struct secpolicyindex spidx;
  743 
  744         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  745                 printf("DP %s from %s:%u\n", __func__, where, tag));
  746 
  747         if (isrc->sa_family != idst->sa_family) {
  748                 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.",
  749                         __func__, isrc->sa_family, idst->sa_family));
  750                 sp = NULL;
  751                 goto done;
  752         }
  753 
  754         SPTREE_LOCK();
  755         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  756                 if (sp->state == IPSEC_SPSTATE_DEAD)
  757                         continue;
  758 
  759                 r1 = r2 = NULL;
  760                 for (p = sp->req; p; p = p->next) {
  761                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  762                                 continue;
  763 
  764                         r1 = r2;
  765                         r2 = p;
  766 
  767                         if (!r1) {
  768                                 /* here we look at address matches only */
  769                                 spidx = sp->spidx;
  770                                 if (isrc->sa_len > sizeof(spidx.src) ||
  771                                     idst->sa_len > sizeof(spidx.dst))
  772                                         continue;
  773                                 bcopy(isrc, &spidx.src, isrc->sa_len);
  774                                 bcopy(idst, &spidx.dst, idst->sa_len);
  775                                 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
  776                                         continue;
  777                         } else {
  778                                 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
  779                                     key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
  780                                         continue;
  781                         }
  782 
  783                         if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
  784                             key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
  785                                 continue;
  786 
  787                         goto found;
  788                 }
  789         }
  790         sp = NULL;
  791 found:
  792         if (sp) {
  793                 sp->lastused = time_second;
  794                 SP_ADDREF(sp);
  795         }
  796         SPTREE_UNLOCK();
  797 done:
  798         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  799                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  800                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  801         return sp;
  802 }
  803 #endif
  804 
  805 /*
  806  * allocating an SA entry for an *OUTBOUND* packet.
  807  * checking each request entries in SP, and acquire an SA if need.
  808  * OUT: 0: there are valid requests.
  809  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  810  */
  811 int
  812 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
  813 {
  814         u_int level;
  815         int error;
  816         struct secasvar *sav;
  817 
  818         IPSEC_ASSERT(isr != NULL, ("null isr"));
  819         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
  820         IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
  821                 saidx->mode == IPSEC_MODE_TUNNEL,
  822                 ("unexpected policy %u", saidx->mode));
  823 
  824         /*
  825          * XXX guard against protocol callbacks from the crypto
  826          * thread as they reference ipsecrequest.sav which we
  827          * temporarily null out below.  Need to rethink how we
  828          * handle bundled SA's in the callback thread.
  829          */
  830         IPSECREQUEST_LOCK_ASSERT(isr);
  831 
  832         /* get current level */
  833         level = ipsec_get_reqlevel(isr);
  834 
  835         /*
  836          * We check new SA in the IPsec request because a different
  837          * SA may be involved each time this request is checked, either
  838          * because new SAs are being configured, or this request is
  839          * associated with an unconnected datagram socket, or this request
  840          * is associated with a system default policy.
  841          *
  842          * key_allocsa_policy should allocate the oldest SA available.
  843          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  844          */
  845         sav = key_allocsa_policy(saidx);
  846         if (sav != isr->sav) {
  847                 /* SA need to be updated. */
  848                 if (!IPSECREQUEST_UPGRADE(isr)) {
  849                         /* Kick everyone off. */
  850                         IPSECREQUEST_UNLOCK(isr);
  851                         IPSECREQUEST_WLOCK(isr);
  852                 }
  853                 if (isr->sav != NULL)
  854                         KEY_FREESAV(&isr->sav);
  855                 isr->sav = sav;
  856                 IPSECREQUEST_DOWNGRADE(isr);
  857         } else if (sav != NULL)
  858                 KEY_FREESAV(&sav);
  859 
  860         /* When there is SA. */
  861         if (isr->sav != NULL) {
  862                 if (isr->sav->state != SADB_SASTATE_MATURE &&
  863                     isr->sav->state != SADB_SASTATE_DYING)
  864                         return EINVAL;
  865                 return 0;
  866         }
  867 
  868         /* there is no SA */
  869         error = key_acquire(saidx, isr->sp);
  870         if (error != 0) {
  871                 /* XXX What should I do ? */
  872                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
  873                         __func__, error));
  874                 return error;
  875         }
  876 
  877         if (level != IPSEC_LEVEL_REQUIRE) {
  878                 /* XXX sigh, the interface to this routine is botched */
  879                 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA"));
  880                 return 0;
  881         } else {
  882                 return ENOENT;
  883         }
  884 }
  885 
  886 /*
  887  * allocating a SA for policy entry from SAD.
  888  * NOTE: searching SAD of aliving state.
  889  * OUT: NULL:   not found.
  890  *      others: found and return the pointer.
  891  */
  892 static struct secasvar *
  893 key_allocsa_policy(const struct secasindex *saidx)
  894 {
  895 #define N(a)    _ARRAYLEN(a)
  896         struct secashead *sah;
  897         struct secasvar *sav;
  898         u_int stateidx, arraysize;
  899         const u_int *state_valid;
  900 
  901         state_valid = NULL;     /* silence gcc */
  902         arraysize = 0;          /* silence gcc */
  903 
  904         SAHTREE_LOCK();
  905         LIST_FOREACH(sah, &V_sahtree, chain) {
  906                 if (sah->state == SADB_SASTATE_DEAD)
  907                         continue;
  908                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) {
  909                         if (V_key_preferred_oldsa) {
  910                                 state_valid = saorder_state_valid_prefer_old;
  911                                 arraysize = N(saorder_state_valid_prefer_old);
  912                         } else {
  913                                 state_valid = saorder_state_valid_prefer_new;
  914                                 arraysize = N(saorder_state_valid_prefer_new);
  915                         }
  916                         break;
  917                 }
  918         }
  919         SAHTREE_UNLOCK();
  920         if (sah == NULL)
  921                 return NULL;
  922 
  923         /* search valid state */
  924         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  925                 sav = key_do_allocsa_policy(sah, state_valid[stateidx]);
  926                 if (sav != NULL)
  927                         return sav;
  928         }
  929 
  930         return NULL;
  931 #undef N
  932 }
  933 
  934 /*
  935  * searching SAD with direction, protocol, mode and state.
  936  * called by key_allocsa_policy().
  937  * OUT:
  938  *      NULL    : not found
  939  *      others  : found, pointer to a SA.
  940  */
  941 static struct secasvar *
  942 key_do_allocsa_policy(struct secashead *sah, u_int state)
  943 {
  944         struct secasvar *sav, *nextsav, *candidate, *d;
  945 
  946         /* initilize */
  947         candidate = NULL;
  948 
  949         SAHTREE_LOCK();
  950         for (sav = LIST_FIRST(&sah->savtree[state]);
  951              sav != NULL;
  952              sav = nextsav) {
  953 
  954                 nextsav = LIST_NEXT(sav, chain);
  955 
  956                 /* sanity check */
  957                 KEY_CHKSASTATE(sav->state, state, __func__);
  958 
  959                 /* initialize */
  960                 if (candidate == NULL) {
  961                         candidate = sav;
  962                         continue;
  963                 }
  964 
  965                 /* Which SA is the better ? */
  966 
  967                 IPSEC_ASSERT(candidate->lft_c != NULL,
  968                         ("null candidate lifetime"));
  969                 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime"));
  970 
  971                 /* What the best method is to compare ? */
  972                 if (V_key_preferred_oldsa) {
  973                         if (candidate->lft_c->addtime >
  974                                         sav->lft_c->addtime) {
  975                                 candidate = sav;
  976                         }
  977                         continue;
  978                         /*NOTREACHED*/
  979                 }
  980 
  981                 /* preferred new sa rather than old sa */
  982                 if (candidate->lft_c->addtime <
  983                                 sav->lft_c->addtime) {
  984                         d = candidate;
  985                         candidate = sav;
  986                 } else
  987                         d = sav;
  988 
  989                 /*
  990                  * prepared to delete the SA when there is more
  991                  * suitable candidate and the lifetime of the SA is not
  992                  * permanent.
  993                  */
  994                 if (d->lft_h->addtime != 0) {
  995                         struct mbuf *m, *result;
  996                         u_int8_t satype;
  997 
  998                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  999 
 1000                         IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count"));
 1001 
 1002                         satype = key_proto2satype(d->sah->saidx.proto);
 1003                         if (satype == 0)
 1004                                 goto msgfail;
 1005 
 1006                         m = key_setsadbmsg(SADB_DELETE, 0,
 1007                             satype, 0, 0, d->refcnt - 1);
 1008                         if (!m)
 1009                                 goto msgfail;
 1010                         result = m;
 1011 
 1012                         /* set sadb_address for saidx's. */
 1013                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 1014                                 &d->sah->saidx.src.sa,
 1015                                 d->sah->saidx.src.sa.sa_len << 3,
 1016                                 IPSEC_ULPROTO_ANY);
 1017                         if (!m)
 1018                                 goto msgfail;
 1019                         m_cat(result, m);
 1020 
 1021                         /* set sadb_address for saidx's. */
 1022                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 1023                                 &d->sah->saidx.dst.sa,
 1024                                 d->sah->saidx.dst.sa.sa_len << 3,
 1025                                 IPSEC_ULPROTO_ANY);
 1026                         if (!m)
 1027                                 goto msgfail;
 1028                         m_cat(result, m);
 1029 
 1030                         /* create SA extension */
 1031                         m = key_setsadbsa(d);
 1032                         if (!m)
 1033                                 goto msgfail;
 1034                         m_cat(result, m);
 1035 
 1036                         if (result->m_len < sizeof(struct sadb_msg)) {
 1037                                 result = m_pullup(result,
 1038                                                 sizeof(struct sadb_msg));
 1039                                 if (result == NULL)
 1040                                         goto msgfail;
 1041                         }
 1042 
 1043                         result->m_pkthdr.len = 0;
 1044                         for (m = result; m; m = m->m_next)
 1045                                 result->m_pkthdr.len += m->m_len;
 1046                         mtod(result, struct sadb_msg *)->sadb_msg_len =
 1047                                 PFKEY_UNIT64(result->m_pkthdr.len);
 1048 
 1049                         if (key_sendup_mbuf(NULL, result,
 1050                                         KEY_SENDUP_REGISTERED))
 1051                                 goto msgfail;
 1052                  msgfail:
 1053                         KEY_FREESAV(&d);
 1054                 }
 1055         }
 1056         if (candidate) {
 1057                 sa_addref(candidate);
 1058                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1059                         printf("DP %s cause refcnt++:%d SA:%p\n",
 1060                                 __func__, candidate->refcnt, candidate));
 1061         }
 1062         SAHTREE_UNLOCK();
 1063 
 1064         return candidate;
 1065 }
 1066 
 1067 /*
 1068  * allocating a usable SA entry for a *INBOUND* packet.
 1069  * Must call key_freesav() later.
 1070  * OUT: positive:       pointer to a usable sav (i.e. MATURE or DYING state).
 1071  *      NULL:           not found, or error occured.
 1072  *
 1073  * In the comparison, no source address is used--for RFC2401 conformance.
 1074  * To quote, from section 4.1:
 1075  *      A security association is uniquely identified by a triple consisting
 1076  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
 1077  *      security protocol (AH or ESP) identifier.
 1078  * Note that, however, we do need to keep source address in IPsec SA.
 1079  * IKE specification and PF_KEY specification do assume that we
 1080  * keep source address in IPsec SA.  We see a tricky situation here.
 1081  */
 1082 struct secasvar *
 1083 key_allocsa(
 1084         union sockaddr_union *dst,
 1085         u_int proto,
 1086         u_int32_t spi,
 1087         const char* where, int tag)
 1088 {
 1089         struct secashead *sah;
 1090         struct secasvar *sav;
 1091         u_int stateidx, arraysize, state;
 1092         const u_int *saorder_state_valid;
 1093 #ifdef IPSEC_NAT_T
 1094         int natt_chkport;
 1095 #endif
 1096 
 1097         IPSEC_ASSERT(dst != NULL, ("null dst address"));
 1098 
 1099         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1100                 printf("DP %s from %s:%u\n", __func__, where, tag));
 1101 
 1102 #ifdef IPSEC_NAT_T
 1103         natt_chkport = (dst->sa.sa_family == AF_INET &&
 1104             dst->sa.sa_len == sizeof(struct sockaddr_in) &&
 1105             dst->sin.sin_port != 0);
 1106 #endif
 1107 
 1108         /*
 1109          * searching SAD.
 1110          * XXX: to be checked internal IP header somewhere.  Also when
 1111          * IPsec tunnel packet is received.  But ESP tunnel mode is
 1112          * encrypted so we can't check internal IP header.
 1113          */
 1114         SAHTREE_LOCK();
 1115         if (V_key_preferred_oldsa) {
 1116                 saorder_state_valid = saorder_state_valid_prefer_old;
 1117                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
 1118         } else {
 1119                 saorder_state_valid = saorder_state_valid_prefer_new;
 1120                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
 1121         }
 1122         LIST_FOREACH(sah, &V_sahtree, chain) {
 1123                 int checkport;
 1124 
 1125                 /* search valid state */
 1126                 for (stateidx = 0; stateidx < arraysize; stateidx++) {
 1127                         state = saorder_state_valid[stateidx];
 1128                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 1129                                 /* sanity check */
 1130                                 KEY_CHKSASTATE(sav->state, state, __func__);
 1131                                 /* do not return entries w/ unusable state */
 1132                                 if (sav->state != SADB_SASTATE_MATURE &&
 1133                                     sav->state != SADB_SASTATE_DYING)
 1134                                         continue;
 1135                                 if (proto != sav->sah->saidx.proto)
 1136                                         continue;
 1137                                 if (spi != sav->spi)
 1138                                         continue;
 1139                                 checkport = 0;
 1140 #ifdef IPSEC_NAT_T
 1141                                 /*
 1142                                  * Really only check ports when this is a NAT-T
 1143                                  * SA.  Otherwise other lookups providing ports
 1144                                  * might suffer.
 1145                                  */
 1146                                 if (sav->natt_type && natt_chkport)
 1147                                         checkport = 1;
 1148 #endif
 1149 #if 0   /* don't check src */
 1150                                 /* check src address */
 1151                                 if (key_sockaddrcmp(&src->sa,   
 1152                                     &sav->sah->saidx.src.sa, checkport) != 0)
 1153                                         continue;
 1154 #endif
 1155                                 /* check dst address */
 1156                                 if (key_sockaddrcmp(&dst->sa,
 1157                                     &sav->sah->saidx.dst.sa, checkport) != 0)
 1158                                         continue;
 1159                                 sa_addref(sav);
 1160                                 goto done;
 1161                         }
 1162                 }
 1163         }
 1164         sav = NULL;
 1165 done:
 1166         SAHTREE_UNLOCK();
 1167 
 1168         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1169                 printf("DP %s return SA:%p; refcnt %u\n", __func__,
 1170                         sav, sav ? sav->refcnt : 0));
 1171         return sav;
 1172 }
 1173 
 1174 /*
 1175  * Must be called after calling key_allocsp().
 1176  * For both the packet without socket and key_freeso().
 1177  */
 1178 void
 1179 _key_freesp(struct secpolicy **spp, const char* where, int tag)
 1180 {
 1181         struct secpolicy *sp = *spp;
 1182 
 1183         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1184 
 1185         SPTREE_LOCK();
 1186         SP_DELREF(sp);
 1187 
 1188         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1189                 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
 1190                         __func__, sp, sp->id, where, tag, sp->refcnt));
 1191 
 1192         if (sp->refcnt == 0) {
 1193                 *spp = NULL;
 1194                 key_delsp(sp);
 1195         }
 1196         SPTREE_UNLOCK();
 1197 }
 1198 
 1199 /*
 1200  * Must be called after calling key_allocsp().
 1201  * For the packet with socket.
 1202  */
 1203 void
 1204 key_freeso(struct socket *so)
 1205 {
 1206         IPSEC_ASSERT(so != NULL, ("null so"));
 1207 
 1208         switch (so->so_proto->pr_domain->dom_family) {
 1209 #if defined(INET) || defined(INET6)
 1210 #ifdef INET
 1211         case PF_INET:
 1212 #endif
 1213 #ifdef INET6
 1214         case PF_INET6:
 1215 #endif
 1216             {
 1217                 struct inpcb *pcb = sotoinpcb(so);
 1218 
 1219                 /* Does it have a PCB ? */
 1220                 if (pcb == NULL)
 1221                         return;
 1222                 key_freesp_so(&pcb->inp_sp->sp_in);
 1223                 key_freesp_so(&pcb->inp_sp->sp_out);
 1224             }
 1225                 break;
 1226 #endif /* INET || INET6 */
 1227         default:
 1228                 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n",
 1229                     __func__, so->so_proto->pr_domain->dom_family));
 1230                 return;
 1231         }
 1232 }
 1233 
 1234 static void
 1235 key_freesp_so(struct secpolicy **sp)
 1236 {
 1237         IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp"));
 1238 
 1239         if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
 1240             (*sp)->policy == IPSEC_POLICY_BYPASS)
 1241                 return;
 1242 
 1243         IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
 1244                 ("invalid policy %u", (*sp)->policy));
 1245         KEY_FREESP(sp);
 1246 }
 1247 
 1248 void
 1249 key_addrefsa(struct secasvar *sav, const char* where, int tag)
 1250 {
 1251 
 1252         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1253         IPSEC_ASSERT(sav->refcnt > 0, ("refcount must exist"));
 1254 
 1255         sa_addref(sav);
 1256 }
 1257 
 1258 /*
 1259  * Must be called after calling key_allocsa().
 1260  * This function is called by key_freesp() to free some SA allocated
 1261  * for a policy.
 1262  */
 1263 void
 1264 key_freesav(struct secasvar **psav, const char* where, int tag)
 1265 {
 1266         struct secasvar *sav = *psav;
 1267 
 1268         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1269 
 1270         if (sa_delref(sav)) {
 1271                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1272                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1273                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1274                 *psav = NULL;
 1275                 key_delsav(sav);
 1276         } else {
 1277                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1278                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1279                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1280         }
 1281 }
 1282 
 1283 /* %%% SPD management */
 1284 /*
 1285  * free security policy entry.
 1286  */
 1287 static void
 1288 key_delsp(struct secpolicy *sp)
 1289 {
 1290         struct ipsecrequest *isr, *nextisr;
 1291 
 1292         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1293         SPTREE_LOCK_ASSERT();
 1294 
 1295         sp->state = IPSEC_SPSTATE_DEAD;
 1296 
 1297         IPSEC_ASSERT(sp->refcnt == 0,
 1298                 ("SP with references deleted (refcnt %u)", sp->refcnt));
 1299 
 1300         /* remove from SP index */
 1301         if (__LIST_CHAINED(sp))
 1302                 LIST_REMOVE(sp, chain);
 1303 
 1304         for (isr = sp->req; isr != NULL; isr = nextisr) {
 1305                 if (isr->sav != NULL) {
 1306                         KEY_FREESAV(&isr->sav);
 1307                         isr->sav = NULL;
 1308                 }
 1309 
 1310                 nextisr = isr->next;
 1311                 ipsec_delisr(isr);
 1312         }
 1313         _key_delsp(sp);
 1314 }
 1315 
 1316 /*
 1317  * search SPD
 1318  * OUT: NULL    : not found
 1319  *      others  : found, pointer to a SP.
 1320  */
 1321 static struct secpolicy *
 1322 key_getsp(struct secpolicyindex *spidx)
 1323 {
 1324         struct secpolicy *sp;
 1325 
 1326         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
 1327 
 1328         SPTREE_LOCK();
 1329         LIST_FOREACH(sp, &V_sptree[spidx->dir], chain) {
 1330                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1331                         continue;
 1332                 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
 1333                         SP_ADDREF(sp);
 1334                         break;
 1335                 }
 1336         }
 1337         SPTREE_UNLOCK();
 1338 
 1339         return sp;
 1340 }
 1341 
 1342 /*
 1343  * get SP by index.
 1344  * OUT: NULL    : not found
 1345  *      others  : found, pointer to a SP.
 1346  */
 1347 static struct secpolicy *
 1348 key_getspbyid(u_int32_t id)
 1349 {
 1350         struct secpolicy *sp;
 1351 
 1352         SPTREE_LOCK();
 1353         LIST_FOREACH(sp, &V_sptree[IPSEC_DIR_INBOUND], chain) {
 1354                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1355                         continue;
 1356                 if (sp->id == id) {
 1357                         SP_ADDREF(sp);
 1358                         goto done;
 1359                 }
 1360         }
 1361 
 1362         LIST_FOREACH(sp, &V_sptree[IPSEC_DIR_OUTBOUND], chain) {
 1363                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1364                         continue;
 1365                 if (sp->id == id) {
 1366                         SP_ADDREF(sp);
 1367                         goto done;
 1368                 }
 1369         }
 1370 done:
 1371         SPTREE_UNLOCK();
 1372 
 1373         return sp;
 1374 }
 1375 
 1376 struct secpolicy *
 1377 key_newsp(const char* where, int tag)
 1378 {
 1379         struct secpolicy *newsp = NULL;
 1380 
 1381         newsp = (struct secpolicy *)
 1382                 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO);
 1383         if (newsp) {
 1384                 SECPOLICY_LOCK_INIT(newsp);
 1385                 newsp->refcnt = 1;
 1386                 newsp->req = NULL;
 1387         }
 1388 
 1389         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1390                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 1391                         where, tag, newsp));
 1392         return newsp;
 1393 }
 1394 
 1395 static void
 1396 _key_delsp(struct secpolicy *sp)
 1397 {
 1398         SECPOLICY_LOCK_DESTROY(sp);
 1399         free(sp, M_IPSEC_SP);
 1400 }
 1401 
 1402 /*
 1403  * create secpolicy structure from sadb_x_policy structure.
 1404  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1405  * so must be set properly later.
 1406  */
 1407 struct secpolicy *
 1408 key_msg2sp(xpl0, len, error)
 1409         struct sadb_x_policy *xpl0;
 1410         size_t len;
 1411         int *error;
 1412 {
 1413         struct secpolicy *newsp;
 1414 
 1415         IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
 1416         IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len));
 1417 
 1418         if (len != PFKEY_EXTLEN(xpl0)) {
 1419                 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
 1420                 *error = EINVAL;
 1421                 return NULL;
 1422         }
 1423 
 1424         if ((newsp = KEY_NEWSP()) == NULL) {
 1425                 *error = ENOBUFS;
 1426                 return NULL;
 1427         }
 1428 
 1429         newsp->spidx.dir = xpl0->sadb_x_policy_dir;
 1430         newsp->policy = xpl0->sadb_x_policy_type;
 1431 
 1432         /* check policy */
 1433         switch (xpl0->sadb_x_policy_type) {
 1434         case IPSEC_POLICY_DISCARD:
 1435         case IPSEC_POLICY_NONE:
 1436         case IPSEC_POLICY_ENTRUST:
 1437         case IPSEC_POLICY_BYPASS:
 1438                 newsp->req = NULL;
 1439                 break;
 1440 
 1441         case IPSEC_POLICY_IPSEC:
 1442             {
 1443                 int tlen;
 1444                 struct sadb_x_ipsecrequest *xisr;
 1445                 struct ipsecrequest **p_isr = &newsp->req;
 1446 
 1447                 /* validity check */
 1448                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1449                         ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n",
 1450                                 __func__));
 1451                         KEY_FREESP(&newsp);
 1452                         *error = EINVAL;
 1453                         return NULL;
 1454                 }
 1455 
 1456                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1457                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1458 
 1459                 while (tlen > 0) {
 1460                         /* length check */
 1461                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1462                                 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest "
 1463                                         "length.\n", __func__));
 1464                                 KEY_FREESP(&newsp);
 1465                                 *error = EINVAL;
 1466                                 return NULL;
 1467                         }
 1468 
 1469                         /* allocate request buffer */
 1470                         /* NB: data structure is zero'd */
 1471                         *p_isr = ipsec_newisr();
 1472                         if ((*p_isr) == NULL) {
 1473                                 ipseclog((LOG_DEBUG,
 1474                                     "%s: No more memory.\n", __func__));
 1475                                 KEY_FREESP(&newsp);
 1476                                 *error = ENOBUFS;
 1477                                 return NULL;
 1478                         }
 1479 
 1480                         /* set values */
 1481                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1482                         case IPPROTO_ESP:
 1483                         case IPPROTO_AH:
 1484                         case IPPROTO_IPCOMP:
 1485                                 break;
 1486                         default:
 1487                                 ipseclog((LOG_DEBUG,
 1488                                     "%s: invalid proto type=%u\n", __func__,
 1489                                     xisr->sadb_x_ipsecrequest_proto));
 1490                                 KEY_FREESP(&newsp);
 1491                                 *error = EPROTONOSUPPORT;
 1492                                 return NULL;
 1493                         }
 1494                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1495 
 1496                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1497                         case IPSEC_MODE_TRANSPORT:
 1498                         case IPSEC_MODE_TUNNEL:
 1499                                 break;
 1500                         case IPSEC_MODE_ANY:
 1501                         default:
 1502                                 ipseclog((LOG_DEBUG,
 1503                                     "%s: invalid mode=%u\n", __func__,
 1504                                     xisr->sadb_x_ipsecrequest_mode));
 1505                                 KEY_FREESP(&newsp);
 1506                                 *error = EINVAL;
 1507                                 return NULL;
 1508                         }
 1509                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1510 
 1511                         switch (xisr->sadb_x_ipsecrequest_level) {
 1512                         case IPSEC_LEVEL_DEFAULT:
 1513                         case IPSEC_LEVEL_USE:
 1514                         case IPSEC_LEVEL_REQUIRE:
 1515                                 break;
 1516                         case IPSEC_LEVEL_UNIQUE:
 1517                                 /* validity check */
 1518                                 /*
 1519                                  * If range violation of reqid, kernel will
 1520                                  * update it, don't refuse it.
 1521                                  */
 1522                                 if (xisr->sadb_x_ipsecrequest_reqid
 1523                                                 > IPSEC_MANUAL_REQID_MAX) {
 1524                                         ipseclog((LOG_DEBUG,
 1525                                             "%s: reqid=%d range "
 1526                                             "violation, updated by kernel.\n",
 1527                                             __func__,
 1528                                             xisr->sadb_x_ipsecrequest_reqid));
 1529                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1530                                 }
 1531 
 1532                                 /* allocate new reqid id if reqid is zero. */
 1533                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1534                                         u_int32_t reqid;
 1535                                         if ((reqid = key_newreqid()) == 0) {
 1536                                                 KEY_FREESP(&newsp);
 1537                                                 *error = ENOBUFS;
 1538                                                 return NULL;
 1539                                         }
 1540                                         (*p_isr)->saidx.reqid = reqid;
 1541                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1542                                 } else {
 1543                                 /* set it for manual keying. */
 1544                                         (*p_isr)->saidx.reqid =
 1545                                                 xisr->sadb_x_ipsecrequest_reqid;
 1546                                 }
 1547                                 break;
 1548 
 1549                         default:
 1550                                 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n",
 1551                                         __func__,
 1552                                         xisr->sadb_x_ipsecrequest_level));
 1553                                 KEY_FREESP(&newsp);
 1554                                 *error = EINVAL;
 1555                                 return NULL;
 1556                         }
 1557                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1558 
 1559                         /* set IP addresses if there */
 1560                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1561                                 struct sockaddr *paddr;
 1562 
 1563                                 paddr = (struct sockaddr *)(xisr + 1);
 1564 
 1565                                 /* validity check */
 1566                                 if (paddr->sa_len
 1567                                     > sizeof((*p_isr)->saidx.src)) {
 1568                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1569                                                 "request address length.\n",
 1570                                                 __func__));
 1571                                         KEY_FREESP(&newsp);
 1572                                         *error = EINVAL;
 1573                                         return NULL;
 1574                                 }
 1575                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1576                                         paddr->sa_len);
 1577 
 1578                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1579                                                         + paddr->sa_len);
 1580 
 1581                                 /* validity check */
 1582                                 if (paddr->sa_len
 1583                                     > sizeof((*p_isr)->saidx.dst)) {
 1584                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1585                                                 "request address length.\n",
 1586                                                 __func__));
 1587                                         KEY_FREESP(&newsp);
 1588                                         *error = EINVAL;
 1589                                         return NULL;
 1590                                 }
 1591                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1592                                         paddr->sa_len);
 1593                         }
 1594 
 1595                         (*p_isr)->sp = newsp;
 1596 
 1597                         /* initialization for the next. */
 1598                         p_isr = &(*p_isr)->next;
 1599                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1600 
 1601                         /* validity check */
 1602                         if (tlen < 0) {
 1603                                 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n",
 1604                                         __func__));
 1605                                 KEY_FREESP(&newsp);
 1606                                 *error = EINVAL;
 1607                                 return NULL;
 1608                         }
 1609 
 1610                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1611                                          + xisr->sadb_x_ipsecrequest_len);
 1612                 }
 1613             }
 1614                 break;
 1615         default:
 1616                 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
 1617                 KEY_FREESP(&newsp);
 1618                 *error = EINVAL;
 1619                 return NULL;
 1620         }
 1621 
 1622         *error = 0;
 1623         return newsp;
 1624 }
 1625 
 1626 static u_int32_t
 1627 key_newreqid()
 1628 {
 1629         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1630 
 1631         auto_reqid = (auto_reqid == ~0
 1632                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1633 
 1634         /* XXX should be unique check */
 1635 
 1636         return auto_reqid;
 1637 }
 1638 
 1639 /*
 1640  * copy secpolicy struct to sadb_x_policy structure indicated.
 1641  */
 1642 struct mbuf *
 1643 key_sp2msg(sp)
 1644         struct secpolicy *sp;
 1645 {
 1646         struct sadb_x_policy *xpl;
 1647         int tlen;
 1648         caddr_t p;
 1649         struct mbuf *m;
 1650 
 1651         IPSEC_ASSERT(sp != NULL, ("null policy"));
 1652 
 1653         tlen = key_getspreqmsglen(sp);
 1654 
 1655         m = m_get2(tlen, M_NOWAIT, MT_DATA, 0);
 1656         if (m == NULL)
 1657                 return (NULL);
 1658         m_align(m, tlen);
 1659         m->m_len = tlen;
 1660         xpl = mtod(m, struct sadb_x_policy *);
 1661         bzero(xpl, tlen);
 1662 
 1663         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1664         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1665         xpl->sadb_x_policy_type = sp->policy;
 1666         xpl->sadb_x_policy_dir = sp->spidx.dir;
 1667         xpl->sadb_x_policy_id = sp->id;
 1668         p = (caddr_t)xpl + sizeof(*xpl);
 1669 
 1670         /* if is the policy for ipsec ? */
 1671         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1672                 struct sadb_x_ipsecrequest *xisr;
 1673                 struct ipsecrequest *isr;
 1674 
 1675                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1676 
 1677                         xisr = (struct sadb_x_ipsecrequest *)p;
 1678 
 1679                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1680                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1681                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1682                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1683 
 1684                         p += sizeof(*xisr);
 1685                         bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
 1686                         p += isr->saidx.src.sa.sa_len;
 1687                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
 1688                         p += isr->saidx.src.sa.sa_len;
 1689 
 1690                         xisr->sadb_x_ipsecrequest_len =
 1691                                 PFKEY_ALIGN8(sizeof(*xisr)
 1692                                         + isr->saidx.src.sa.sa_len
 1693                                         + isr->saidx.dst.sa.sa_len);
 1694                 }
 1695         }
 1696 
 1697         return m;
 1698 }
 1699 
 1700 /* m will not be freed nor modified */
 1701 static struct mbuf *
 1702 #ifdef __STDC__
 1703 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1704         int ndeep, int nitem, ...)
 1705 #else
 1706 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
 1707         struct mbuf *m;
 1708         const struct sadb_msghdr *mhp;
 1709         int ndeep;
 1710         int nitem;
 1711         va_dcl
 1712 #endif
 1713 {
 1714         va_list ap;
 1715         int idx;
 1716         int i;
 1717         struct mbuf *result = NULL, *n;
 1718         int len;
 1719 
 1720         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1721         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1722 
 1723         va_start(ap, nitem);
 1724         for (i = 0; i < nitem; i++) {
 1725                 idx = va_arg(ap, int);
 1726                 if (idx < 0 || idx > SADB_EXT_MAX)
 1727                         goto fail;
 1728                 /* don't attempt to pull empty extension */
 1729                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1730                         continue;
 1731                 if (idx != SADB_EXT_RESERVED  &&
 1732                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1733                         continue;
 1734 
 1735                 if (idx == SADB_EXT_RESERVED) {
 1736                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1737 
 1738                         IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
 1739 
 1740                         MGETHDR(n, M_NOWAIT, MT_DATA);
 1741                         if (!n)
 1742                                 goto fail;
 1743                         n->m_len = len;
 1744                         n->m_next = NULL;
 1745                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1746                             mtod(n, caddr_t));
 1747                 } else if (i < ndeep) {
 1748                         len = mhp->extlen[idx];
 1749                         n = m_get2(len, M_NOWAIT, MT_DATA, 0);
 1750                         if (n == NULL)
 1751                                 goto fail;
 1752                         m_align(n, len);
 1753                         n->m_len = len;
 1754                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1755                             mtod(n, caddr_t));
 1756                 } else {
 1757                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1758                             M_NOWAIT);
 1759                 }
 1760                 if (n == NULL)
 1761                         goto fail;
 1762 
 1763                 if (result)
 1764                         m_cat(result, n);
 1765                 else
 1766                         result = n;
 1767         }
 1768         va_end(ap);
 1769 
 1770         if ((result->m_flags & M_PKTHDR) != 0) {
 1771                 result->m_pkthdr.len = 0;
 1772                 for (n = result; n; n = n->m_next)
 1773                         result->m_pkthdr.len += n->m_len;
 1774         }
 1775 
 1776         return result;
 1777 
 1778 fail:
 1779         m_freem(result);
 1780         va_end(ap);
 1781         return NULL;
 1782 }
 1783 
 1784 /*
 1785  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1786  * add an entry to SP database, when received
 1787  *   <base, address(SD), (lifetime(H),) policy>
 1788  * from the user(?).
 1789  * Adding to SP database,
 1790  * and send
 1791  *   <base, address(SD), (lifetime(H),) policy>
 1792  * to the socket which was send.
 1793  *
 1794  * SPDADD set a unique policy entry.
 1795  * SPDSETIDX like SPDADD without a part of policy requests.
 1796  * SPDUPDATE replace a unique policy entry.
 1797  *
 1798  * m will always be freed.
 1799  */
 1800 static int
 1801 key_spdadd(so, m, mhp)
 1802         struct socket *so;
 1803         struct mbuf *m;
 1804         const struct sadb_msghdr *mhp;
 1805 {
 1806         struct sadb_address *src0, *dst0;
 1807         struct sadb_x_policy *xpl0, *xpl;
 1808         struct sadb_lifetime *lft = NULL;
 1809         struct secpolicyindex spidx;
 1810         struct secpolicy *newsp;
 1811         int error;
 1812 
 1813         IPSEC_ASSERT(so != NULL, ("null socket"));
 1814         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1815         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1816         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 1817 
 1818         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 1819             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 1820             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1821                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1822                 return key_senderror(so, m, EINVAL);
 1823         }
 1824         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 1825             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 1826             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1827                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1828                         __func__));
 1829                 return key_senderror(so, m, EINVAL);
 1830         }
 1831         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1832                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1833                         < sizeof(struct sadb_lifetime)) {
 1834                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1835                                 __func__));
 1836                         return key_senderror(so, m, EINVAL);
 1837                 }
 1838                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1839         }
 1840 
 1841         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1842         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1843         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1844 
 1845         /* 
 1846          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 1847          * we are processing traffic endpoints.
 1848          */
 1849 
 1850         /* make secindex */
 1851         /* XXX boundary check against sa_len */
 1852         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1853                         src0 + 1,
 1854                         dst0 + 1,
 1855                         src0->sadb_address_prefixlen,
 1856                         dst0->sadb_address_prefixlen,
 1857                         src0->sadb_address_proto,
 1858                         &spidx);
 1859 
 1860         /* checking the direciton. */
 1861         switch (xpl0->sadb_x_policy_dir) {
 1862         case IPSEC_DIR_INBOUND:
 1863         case IPSEC_DIR_OUTBOUND:
 1864                 break;
 1865         default:
 1866                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 1867                 mhp->msg->sadb_msg_errno = EINVAL;
 1868                 return 0;
 1869         }
 1870 
 1871         /* check policy */
 1872         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1873         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
 1874          || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1875                 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__));
 1876                 return key_senderror(so, m, EINVAL);
 1877         }
 1878 
 1879         /* policy requests are mandatory when action is ipsec. */
 1880         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
 1881          && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
 1882          && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1883                 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n",
 1884                         __func__));
 1885                 return key_senderror(so, m, EINVAL);
 1886         }
 1887 
 1888         /*
 1889          * checking there is SP already or not.
 1890          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1891          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1892          * then error.
 1893          */
 1894         newsp = key_getsp(&spidx);
 1895         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1896                 if (newsp) {
 1897                         SPTREE_LOCK();
 1898                         newsp->state = IPSEC_SPSTATE_DEAD;
 1899                         SPTREE_UNLOCK();
 1900                         KEY_FREESP(&newsp);
 1901                 }
 1902         } else {
 1903                 if (newsp != NULL) {
 1904                         KEY_FREESP(&newsp);
 1905                         ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n",
 1906                                 __func__));
 1907                         return key_senderror(so, m, EEXIST);
 1908                 }
 1909         }
 1910 
 1911         /* allocation new SP entry */
 1912         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1913                 return key_senderror(so, m, error);
 1914         }
 1915 
 1916         if ((newsp->id = key_getnewspid()) == 0) {
 1917                 _key_delsp(newsp);
 1918                 return key_senderror(so, m, ENOBUFS);
 1919         }
 1920 
 1921         /* XXX boundary check against sa_len */
 1922         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1923                         src0 + 1,
 1924                         dst0 + 1,
 1925                         src0->sadb_address_prefixlen,
 1926                         dst0->sadb_address_prefixlen,
 1927                         src0->sadb_address_proto,
 1928                         &newsp->spidx);
 1929 
 1930         /* sanity check on addr pair */
 1931         if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1932                         ((struct sockaddr *)(dst0+ 1))->sa_family) {
 1933                 _key_delsp(newsp);
 1934                 return key_senderror(so, m, EINVAL);
 1935         }
 1936         if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1937                         ((struct sockaddr *)(dst0+ 1))->sa_len) {
 1938                 _key_delsp(newsp);
 1939                 return key_senderror(so, m, EINVAL);
 1940         }
 1941 #if 1
 1942         if (newsp->req && newsp->req->saidx.src.sa.sa_family && newsp->req->saidx.dst.sa.sa_family) {
 1943                 if (newsp->req->saidx.src.sa.sa_family != newsp->req->saidx.dst.sa.sa_family) {
 1944                         _key_delsp(newsp);
 1945                         return key_senderror(so, m, EINVAL);
 1946                 }
 1947         }
 1948 #endif
 1949 
 1950         newsp->created = time_second;
 1951         newsp->lastused = newsp->created;
 1952         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1953         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1954 
 1955         newsp->refcnt = 1;      /* do not reclaim until I say I do */
 1956         newsp->state = IPSEC_SPSTATE_ALIVE;
 1957         LIST_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, secpolicy, chain);
 1958 
 1959         /* delete the entry in spacqtree */
 1960         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1961                 struct secspacq *spacq = key_getspacq(&spidx);
 1962                 if (spacq != NULL) {
 1963                         /* reset counter in order to deletion by timehandler. */
 1964                         spacq->created = time_second;
 1965                         spacq->count = 0;
 1966                         SPACQ_UNLOCK();
 1967                 }
 1968         }
 1969 
 1970     {
 1971         struct mbuf *n, *mpolicy;
 1972         struct sadb_msg *newmsg;
 1973         int off;
 1974 
 1975         /*
 1976          * Note: do not send SADB_X_EXT_NAT_T_* here:
 1977          * we are sending traffic endpoints.
 1978          */
 1979 
 1980         /* create new sadb_msg to reply. */
 1981         if (lft) {
 1982                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1983                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1984                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1985         } else {
 1986                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1987                     SADB_X_EXT_POLICY,
 1988                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1989         }
 1990         if (!n)
 1991                 return key_senderror(so, m, ENOBUFS);
 1992 
 1993         if (n->m_len < sizeof(*newmsg)) {
 1994                 n = m_pullup(n, sizeof(*newmsg));
 1995                 if (!n)
 1996                         return key_senderror(so, m, ENOBUFS);
 1997         }
 1998         newmsg = mtod(n, struct sadb_msg *);
 1999         newmsg->sadb_msg_errno = 0;
 2000         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2001 
 2002         off = 0;
 2003         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 2004             sizeof(*xpl), &off);
 2005         if (mpolicy == NULL) {
 2006                 /* n is already freed */
 2007                 return key_senderror(so, m, ENOBUFS);
 2008         }
 2009         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 2010         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 2011                 m_freem(n);
 2012                 return key_senderror(so, m, EINVAL);
 2013         }
 2014         xpl->sadb_x_policy_id = newsp->id;
 2015 
 2016         m_freem(m);
 2017         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2018     }
 2019 }
 2020 
 2021 /*
 2022  * get new policy id.
 2023  * OUT:
 2024  *      0:      failure.
 2025  *      others: success.
 2026  */
 2027 static u_int32_t
 2028 key_getnewspid()
 2029 {
 2030         u_int32_t newid = 0;
 2031         int count = V_key_spi_trycnt;   /* XXX */
 2032         struct secpolicy *sp;
 2033 
 2034         /* when requesting to allocate spi ranged */
 2035         while (count--) {
 2036                 newid = (V_policy_id = (V_policy_id == ~0 ? 1 : V_policy_id + 1));
 2037 
 2038                 if ((sp = key_getspbyid(newid)) == NULL)
 2039                         break;
 2040 
 2041                 KEY_FREESP(&sp);
 2042         }
 2043 
 2044         if (count == 0 || newid == 0) {
 2045                 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n",
 2046                         __func__));
 2047                 return 0;
 2048         }
 2049 
 2050         return newid;
 2051 }
 2052 
 2053 /*
 2054  * SADB_SPDDELETE processing
 2055  * receive
 2056  *   <base, address(SD), policy(*)>
 2057  * from the user(?), and set SADB_SASTATE_DEAD,
 2058  * and send,
 2059  *   <base, address(SD), policy(*)>
 2060  * to the ikmpd.
 2061  * policy(*) including direction of policy.
 2062  *
 2063  * m will always be freed.
 2064  */
 2065 static int
 2066 key_spddelete(so, m, mhp)
 2067         struct socket *so;
 2068         struct mbuf *m;
 2069         const struct sadb_msghdr *mhp;
 2070 {
 2071         struct sadb_address *src0, *dst0;
 2072         struct sadb_x_policy *xpl0;
 2073         struct secpolicyindex spidx;
 2074         struct secpolicy *sp;
 2075 
 2076         IPSEC_ASSERT(so != NULL, ("null so"));
 2077         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2078         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2079         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2080 
 2081         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2082             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2083             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2084                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2085                         __func__));
 2086                 return key_senderror(so, m, EINVAL);
 2087         }
 2088         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2089             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2090             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2091                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2092                         __func__));
 2093                 return key_senderror(so, m, EINVAL);
 2094         }
 2095 
 2096         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2097         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2098         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2099 
 2100         /*
 2101          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 2102          * we are processing traffic endpoints.
 2103          */
 2104 
 2105         /* make secindex */
 2106         /* XXX boundary check against sa_len */
 2107         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 2108                         src0 + 1,
 2109                         dst0 + 1,
 2110                         src0->sadb_address_prefixlen,
 2111                         dst0->sadb_address_prefixlen,
 2112                         src0->sadb_address_proto,
 2113                         &spidx);
 2114 
 2115         /* checking the direciton. */
 2116         switch (xpl0->sadb_x_policy_dir) {
 2117         case IPSEC_DIR_INBOUND:
 2118         case IPSEC_DIR_OUTBOUND:
 2119                 break;
 2120         default:
 2121                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 2122                 return key_senderror(so, m, EINVAL);
 2123         }
 2124 
 2125         /* Is there SP in SPD ? */
 2126         if ((sp = key_getsp(&spidx)) == NULL) {
 2127                 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__));
 2128                 return key_senderror(so, m, EINVAL);
 2129         }
 2130 
 2131         /* save policy id to buffer to be returned. */
 2132         xpl0->sadb_x_policy_id = sp->id;
 2133 
 2134         SPTREE_LOCK();
 2135         sp->state = IPSEC_SPSTATE_DEAD;
 2136         SPTREE_UNLOCK();
 2137         KEY_FREESP(&sp);
 2138 
 2139     {
 2140         struct mbuf *n;
 2141         struct sadb_msg *newmsg;
 2142 
 2143         /*
 2144          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2145          * we are sending traffic endpoints.
 2146          */
 2147 
 2148         /* create new sadb_msg to reply. */
 2149         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2150             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2151         if (!n)
 2152                 return key_senderror(so, m, ENOBUFS);
 2153 
 2154         newmsg = mtod(n, struct sadb_msg *);
 2155         newmsg->sadb_msg_errno = 0;
 2156         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2157 
 2158         m_freem(m);
 2159         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2160     }
 2161 }
 2162 
 2163 /*
 2164  * SADB_SPDDELETE2 processing
 2165  * receive
 2166  *   <base, policy(*)>
 2167  * from the user(?), and set SADB_SASTATE_DEAD,
 2168  * and send,
 2169  *   <base, policy(*)>
 2170  * to the ikmpd.
 2171  * policy(*) including direction of policy.
 2172  *
 2173  * m will always be freed.
 2174  */
 2175 static int
 2176 key_spddelete2(so, m, mhp)
 2177         struct socket *so;
 2178         struct mbuf *m;
 2179         const struct sadb_msghdr *mhp;
 2180 {
 2181         u_int32_t id;
 2182         struct secpolicy *sp;
 2183 
 2184         IPSEC_ASSERT(so != NULL, ("null socket"));
 2185         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2186         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2187         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2188 
 2189         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2190             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2191                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__));
 2192                 return key_senderror(so, m, EINVAL);
 2193         }
 2194 
 2195         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2196 
 2197         /* Is there SP in SPD ? */
 2198         if ((sp = key_getspbyid(id)) == NULL) {
 2199                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2200                 return key_senderror(so, m, EINVAL);
 2201         }
 2202 
 2203         SPTREE_LOCK();
 2204         sp->state = IPSEC_SPSTATE_DEAD;
 2205         SPTREE_UNLOCK();
 2206         KEY_FREESP(&sp);
 2207 
 2208     {
 2209         struct mbuf *n, *nn;
 2210         struct sadb_msg *newmsg;
 2211         int off, len;
 2212 
 2213         /* create new sadb_msg to reply. */
 2214         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2215 
 2216         MGETHDR(n, M_NOWAIT, MT_DATA);
 2217         if (n && len > MHLEN) {
 2218                 MCLGET(n, M_NOWAIT);
 2219                 if ((n->m_flags & M_EXT) == 0) {
 2220                         m_freem(n);
 2221                         n = NULL;
 2222                 }
 2223         }
 2224         if (!n)
 2225                 return key_senderror(so, m, ENOBUFS);
 2226 
 2227         n->m_len = len;
 2228         n->m_next = NULL;
 2229         off = 0;
 2230 
 2231         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2232         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2233 
 2234         IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)",
 2235                 off, len));
 2236 
 2237         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2238             mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT);
 2239         if (!n->m_next) {
 2240                 m_freem(n);
 2241                 return key_senderror(so, m, ENOBUFS);
 2242         }
 2243 
 2244         n->m_pkthdr.len = 0;
 2245         for (nn = n; nn; nn = nn->m_next)
 2246                 n->m_pkthdr.len += nn->m_len;
 2247 
 2248         newmsg = mtod(n, struct sadb_msg *);
 2249         newmsg->sadb_msg_errno = 0;
 2250         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2251 
 2252         m_freem(m);
 2253         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2254     }
 2255 }
 2256 
 2257 /*
 2258  * SADB_X_GET processing
 2259  * receive
 2260  *   <base, policy(*)>
 2261  * from the user(?),
 2262  * and send,
 2263  *   <base, address(SD), policy>
 2264  * to the ikmpd.
 2265  * policy(*) including direction of policy.
 2266  *
 2267  * m will always be freed.
 2268  */
 2269 static int
 2270 key_spdget(so, m, mhp)
 2271         struct socket *so;
 2272         struct mbuf *m;
 2273         const struct sadb_msghdr *mhp;
 2274 {
 2275         u_int32_t id;
 2276         struct secpolicy *sp;
 2277         struct mbuf *n;
 2278 
 2279         IPSEC_ASSERT(so != NULL, ("null socket"));
 2280         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2281         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2282         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2283 
 2284         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2285             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2286                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2287                         __func__));
 2288                 return key_senderror(so, m, EINVAL);
 2289         }
 2290 
 2291         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2292 
 2293         /* Is there SP in SPD ? */
 2294         if ((sp = key_getspbyid(id)) == NULL) {
 2295                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2296                 return key_senderror(so, m, ENOENT);
 2297         }
 2298 
 2299         n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
 2300         KEY_FREESP(&sp);
 2301         if (n != NULL) {
 2302                 m_freem(m);
 2303                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2304         } else
 2305                 return key_senderror(so, m, ENOBUFS);
 2306 }
 2307 
 2308 /*
 2309  * SADB_X_SPDACQUIRE processing.
 2310  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2311  * send
 2312  *   <base, policy(*)>
 2313  * to KMD, and expect to receive
 2314  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2315  * or
 2316  *   <base, policy>
 2317  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2318  * policy(*) is without policy requests.
 2319  *
 2320  *    0     : succeed
 2321  *    others: error number
 2322  */
 2323 int
 2324 key_spdacquire(sp)
 2325         struct secpolicy *sp;
 2326 {
 2327         struct mbuf *result = NULL, *m;
 2328         struct secspacq *newspacq;
 2329 
 2330         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2331         IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
 2332         IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
 2333                 ("policy not IPSEC %u", sp->policy));
 2334 
 2335         /* Get an entry to check whether sent message or not. */
 2336         newspacq = key_getspacq(&sp->spidx);
 2337         if (newspacq != NULL) {
 2338                 if (V_key_blockacq_count < newspacq->count) {
 2339                         /* reset counter and do send message. */
 2340                         newspacq->count = 0;
 2341                 } else {
 2342                         /* increment counter and do nothing. */
 2343                         newspacq->count++;
 2344                         return 0;
 2345                 }
 2346                 SPACQ_UNLOCK();
 2347         } else {
 2348                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2349                 newspacq = key_newspacq(&sp->spidx);
 2350                 if (newspacq == NULL)
 2351                         return ENOBUFS;
 2352         }
 2353 
 2354         /* create new sadb_msg to reply. */
 2355         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2356         if (!m)
 2357                 return ENOBUFS;
 2358 
 2359         result = m;
 2360 
 2361         result->m_pkthdr.len = 0;
 2362         for (m = result; m; m = m->m_next)
 2363                 result->m_pkthdr.len += m->m_len;
 2364 
 2365         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2366             PFKEY_UNIT64(result->m_pkthdr.len);
 2367 
 2368         return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
 2369 }
 2370 
 2371 /*
 2372  * SADB_SPDFLUSH processing
 2373  * receive
 2374  *   <base>
 2375  * from the user, and free all entries in secpctree.
 2376  * and send,
 2377  *   <base>
 2378  * to the user.
 2379  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2380  *
 2381  * m will always be freed.
 2382  */
 2383 static int
 2384 key_spdflush(so, m, mhp)
 2385         struct socket *so;
 2386         struct mbuf *m;
 2387         const struct sadb_msghdr *mhp;
 2388 {
 2389         struct sadb_msg *newmsg;
 2390         struct secpolicy *sp;
 2391         u_int dir;
 2392 
 2393         IPSEC_ASSERT(so != NULL, ("null socket"));
 2394         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2395         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2396         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2397 
 2398         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2399                 return key_senderror(so, m, EINVAL);
 2400 
 2401         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2402                 SPTREE_LOCK();
 2403                 LIST_FOREACH(sp, &V_sptree[dir], chain)
 2404                         sp->state = IPSEC_SPSTATE_DEAD;
 2405                 SPTREE_UNLOCK();
 2406         }
 2407 
 2408         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2409                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2410                 return key_senderror(so, m, ENOBUFS);
 2411         }
 2412 
 2413         if (m->m_next)
 2414                 m_freem(m->m_next);
 2415         m->m_next = NULL;
 2416         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2417         newmsg = mtod(m, struct sadb_msg *);
 2418         newmsg->sadb_msg_errno = 0;
 2419         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2420 
 2421         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2422 }
 2423 
 2424 /*
 2425  * SADB_SPDDUMP processing
 2426  * receive
 2427  *   <base>
 2428  * from the user, and dump all SP leaves
 2429  * and send,
 2430  *   <base> .....
 2431  * to the ikmpd.
 2432  *
 2433  * m will always be freed.
 2434  */
 2435 static int
 2436 key_spddump(so, m, mhp)
 2437         struct socket *so;
 2438         struct mbuf *m;
 2439         const struct sadb_msghdr *mhp;
 2440 {
 2441         struct secpolicy *sp;
 2442         int cnt;
 2443         u_int dir;
 2444         struct mbuf *n;
 2445 
 2446         IPSEC_ASSERT(so != NULL, ("null socket"));
 2447         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2448         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2449         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2450 
 2451         /* search SPD entry and get buffer size. */
 2452         cnt = 0;
 2453         SPTREE_LOCK();
 2454         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2455                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 2456                         cnt++;
 2457                 }
 2458         }
 2459 
 2460         if (cnt == 0) {
 2461                 SPTREE_UNLOCK();
 2462                 return key_senderror(so, m, ENOENT);
 2463         }
 2464 
 2465         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2466                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 2467                         --cnt;
 2468                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2469                             mhp->msg->sadb_msg_pid);
 2470 
 2471                         if (n)
 2472                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2473                 }
 2474         }
 2475 
 2476         SPTREE_UNLOCK();
 2477         m_freem(m);
 2478         return 0;
 2479 }
 2480 
 2481 static struct mbuf *
 2482 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, u_int32_t pid)
 2483 {
 2484         struct mbuf *result = NULL, *m;
 2485         struct seclifetime lt;
 2486 
 2487         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2488         if (!m)
 2489                 goto fail;
 2490         result = m;
 2491 
 2492         /*
 2493          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2494          * we are sending traffic endpoints.
 2495          */
 2496         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2497             &sp->spidx.src.sa, sp->spidx.prefs,
 2498             sp->spidx.ul_proto);
 2499         if (!m)
 2500                 goto fail;
 2501         m_cat(result, m);
 2502 
 2503         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2504             &sp->spidx.dst.sa, sp->spidx.prefd,
 2505             sp->spidx.ul_proto);
 2506         if (!m)
 2507                 goto fail;
 2508         m_cat(result, m);
 2509 
 2510         m = key_sp2msg(sp);
 2511         if (!m)
 2512                 goto fail;
 2513         m_cat(result, m);
 2514 
 2515         if(sp->lifetime){
 2516                 lt.addtime=sp->created;
 2517                 lt.usetime= sp->lastused;
 2518                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_CURRENT);
 2519                 if (!m)
 2520                         goto fail;
 2521                 m_cat(result, m);
 2522                 
 2523                 lt.addtime=sp->lifetime;
 2524                 lt.usetime= sp->validtime;
 2525                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_HARD);
 2526                 if (!m)
 2527                         goto fail;
 2528                 m_cat(result, m);
 2529         }
 2530 
 2531         if ((result->m_flags & M_PKTHDR) == 0)
 2532                 goto fail;
 2533 
 2534         if (result->m_len < sizeof(struct sadb_msg)) {
 2535                 result = m_pullup(result, sizeof(struct sadb_msg));
 2536                 if (result == NULL)
 2537                         goto fail;
 2538         }
 2539 
 2540         result->m_pkthdr.len = 0;
 2541         for (m = result; m; m = m->m_next)
 2542                 result->m_pkthdr.len += m->m_len;
 2543 
 2544         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2545             PFKEY_UNIT64(result->m_pkthdr.len);
 2546 
 2547         return result;
 2548 
 2549 fail:
 2550         m_freem(result);
 2551         return NULL;
 2552 }
 2553 
 2554 /*
 2555  * get PFKEY message length for security policy and request.
 2556  */
 2557 static u_int
 2558 key_getspreqmsglen(sp)
 2559         struct secpolicy *sp;
 2560 {
 2561         u_int tlen;
 2562 
 2563         tlen = sizeof(struct sadb_x_policy);
 2564 
 2565         /* if is the policy for ipsec ? */
 2566         if (sp->policy != IPSEC_POLICY_IPSEC)
 2567                 return tlen;
 2568 
 2569         /* get length of ipsec requests */
 2570     {
 2571         struct ipsecrequest *isr;
 2572         int len;
 2573 
 2574         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2575                 len = sizeof(struct sadb_x_ipsecrequest)
 2576                         + isr->saidx.src.sa.sa_len
 2577                         + isr->saidx.dst.sa.sa_len;
 2578 
 2579                 tlen += PFKEY_ALIGN8(len);
 2580         }
 2581     }
 2582 
 2583         return tlen;
 2584 }
 2585 
 2586 /*
 2587  * SADB_SPDEXPIRE processing
 2588  * send
 2589  *   <base, address(SD), lifetime(CH), policy>
 2590  * to KMD by PF_KEY.
 2591  *
 2592  * OUT: 0       : succeed
 2593  *      others  : error number
 2594  */
 2595 static int
 2596 key_spdexpire(sp)
 2597         struct secpolicy *sp;
 2598 {
 2599         struct mbuf *result = NULL, *m;
 2600         int len;
 2601         int error = -1;
 2602         struct sadb_lifetime *lt;
 2603 
 2604         /* XXX: Why do we lock ? */
 2605 
 2606         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2607 
 2608         /* set msg header */
 2609         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2610         if (!m) {
 2611                 error = ENOBUFS;
 2612                 goto fail;
 2613         }
 2614         result = m;
 2615 
 2616         /* create lifetime extension (current and hard) */
 2617         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2618         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 2619         if (m == NULL) {
 2620                 error = ENOBUFS;
 2621                 goto fail;
 2622         }
 2623         m_align(m, len);
 2624         m->m_len = len;
 2625         bzero(mtod(m, caddr_t), len);
 2626         lt = mtod(m, struct sadb_lifetime *);
 2627         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2628         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2629         lt->sadb_lifetime_allocations = 0;
 2630         lt->sadb_lifetime_bytes = 0;
 2631         lt->sadb_lifetime_addtime = sp->created;
 2632         lt->sadb_lifetime_usetime = sp->lastused;
 2633         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2634         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2635         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2636         lt->sadb_lifetime_allocations = 0;
 2637         lt->sadb_lifetime_bytes = 0;
 2638         lt->sadb_lifetime_addtime = sp->lifetime;
 2639         lt->sadb_lifetime_usetime = sp->validtime;
 2640         m_cat(result, m);
 2641 
 2642         /*
 2643          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2644          * we are sending traffic endpoints.
 2645          */
 2646 
 2647         /* set sadb_address for source */
 2648         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2649             &sp->spidx.src.sa,
 2650             sp->spidx.prefs, sp->spidx.ul_proto);
 2651         if (!m) {
 2652                 error = ENOBUFS;
 2653                 goto fail;
 2654         }
 2655         m_cat(result, m);
 2656 
 2657         /* set sadb_address for destination */
 2658         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2659             &sp->spidx.dst.sa,
 2660             sp->spidx.prefd, sp->spidx.ul_proto);
 2661         if (!m) {
 2662                 error = ENOBUFS;
 2663                 goto fail;
 2664         }
 2665         m_cat(result, m);
 2666 
 2667         /* set secpolicy */
 2668         m = key_sp2msg(sp);
 2669         if (!m) {
 2670                 error = ENOBUFS;
 2671                 goto fail;
 2672         }
 2673         m_cat(result, m);
 2674 
 2675         if ((result->m_flags & M_PKTHDR) == 0) {
 2676                 error = EINVAL;
 2677                 goto fail;
 2678         }
 2679 
 2680         if (result->m_len < sizeof(struct sadb_msg)) {
 2681                 result = m_pullup(result, sizeof(struct sadb_msg));
 2682                 if (result == NULL) {
 2683                         error = ENOBUFS;
 2684                         goto fail;
 2685                 }
 2686         }
 2687 
 2688         result->m_pkthdr.len = 0;
 2689         for (m = result; m; m = m->m_next)
 2690                 result->m_pkthdr.len += m->m_len;
 2691 
 2692         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2693             PFKEY_UNIT64(result->m_pkthdr.len);
 2694 
 2695         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2696 
 2697  fail:
 2698         if (result)
 2699                 m_freem(result);
 2700         return error;
 2701 }
 2702 
 2703 /* %%% SAD management */
 2704 /*
 2705  * allocating a memory for new SA head, and copy from the values of mhp.
 2706  * OUT: NULL    : failure due to the lack of memory.
 2707  *      others  : pointer to new SA head.
 2708  */
 2709 static struct secashead *
 2710 key_newsah(saidx)
 2711         struct secasindex *saidx;
 2712 {
 2713         struct secashead *newsah;
 2714 
 2715         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 2716 
 2717         newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO);
 2718         if (newsah != NULL) {
 2719                 int i;
 2720                 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++)
 2721                         LIST_INIT(&newsah->savtree[i]);
 2722                 newsah->saidx = *saidx;
 2723 
 2724                 /* add to saidxtree */
 2725                 newsah->state = SADB_SASTATE_MATURE;
 2726 
 2727                 SAHTREE_LOCK();
 2728                 LIST_INSERT_HEAD(&V_sahtree, newsah, chain);
 2729                 SAHTREE_UNLOCK();
 2730         }
 2731         return(newsah);
 2732 }
 2733 
 2734 /*
 2735  * delete SA index and all SA registerd.
 2736  */
 2737 static void
 2738 key_delsah(sah)
 2739         struct secashead *sah;
 2740 {
 2741         struct secasvar *sav, *nextsav;
 2742         u_int stateidx;
 2743         int zombie = 0;
 2744 
 2745         IPSEC_ASSERT(sah != NULL, ("NULL sah"));
 2746         SAHTREE_LOCK_ASSERT();
 2747 
 2748         /* searching all SA registerd in the secindex. */
 2749         for (stateidx = 0;
 2750              stateidx < _ARRAYLEN(saorder_state_any);
 2751              stateidx++) {
 2752                 u_int state = saorder_state_any[stateidx];
 2753                 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
 2754                         if (sav->refcnt == 0) {
 2755                                 /* sanity check */
 2756                                 KEY_CHKSASTATE(state, sav->state, __func__);
 2757                                 /* 
 2758                                  * do NOT call KEY_FREESAV here:
 2759                                  * it will only delete the sav if refcnt == 1,
 2760                                  * where we already know that refcnt == 0
 2761                                  */
 2762                                 key_delsav(sav);
 2763                         } else {
 2764                                 /* give up to delete this sa */
 2765                                 zombie++;
 2766                         }
 2767                 }
 2768         }
 2769         if (!zombie) {          /* delete only if there are savs */
 2770                 /* remove from tree of SA index */
 2771                 if (__LIST_CHAINED(sah))
 2772                         LIST_REMOVE(sah, chain);
 2773                 if (sah->route_cache.sa_route.ro_rt) {
 2774                         RTFREE(sah->route_cache.sa_route.ro_rt);
 2775                         sah->route_cache.sa_route.ro_rt = (struct rtentry *)NULL;
 2776                 }
 2777                 free(sah, M_IPSEC_SAH);
 2778         }
 2779 }
 2780 
 2781 /*
 2782  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2783  * and copy the values of mhp into new buffer.
 2784  * When SAD message type is GETSPI:
 2785  *      to set sequence number from acq_seq++,
 2786  *      to set zero to SPI.
 2787  *      not to call key_setsava().
 2788  * OUT: NULL    : fail
 2789  *      others  : pointer to new secasvar.
 2790  *
 2791  * does not modify mbuf.  does not free mbuf on error.
 2792  */
 2793 static struct secasvar *
 2794 key_newsav(m, mhp, sah, errp, where, tag)
 2795         struct mbuf *m;
 2796         const struct sadb_msghdr *mhp;
 2797         struct secashead *sah;
 2798         int *errp;
 2799         const char* where;
 2800         int tag;
 2801 {
 2802         struct secasvar *newsav;
 2803         const struct sadb_sa *xsa;
 2804 
 2805         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2806         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2807         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2808         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 2809 
 2810         newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO);
 2811         if (newsav == NULL) {
 2812                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2813                 *errp = ENOBUFS;
 2814                 goto done;
 2815         }
 2816 
 2817         switch (mhp->msg->sadb_msg_type) {
 2818         case SADB_GETSPI:
 2819                 newsav->spi = 0;
 2820 
 2821 #ifdef IPSEC_DOSEQCHECK
 2822                 /* sync sequence number */
 2823                 if (mhp->msg->sadb_msg_seq == 0)
 2824                         newsav->seq =
 2825                                 (V_acq_seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq));
 2826                 else
 2827 #endif
 2828                         newsav->seq = mhp->msg->sadb_msg_seq;
 2829                 break;
 2830 
 2831         case SADB_ADD:
 2832                 /* sanity check */
 2833                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2834                         free(newsav, M_IPSEC_SA);
 2835                         newsav = NULL;
 2836                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2837                                 __func__));
 2838                         *errp = EINVAL;
 2839                         goto done;
 2840                 }
 2841                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2842                 newsav->spi = xsa->sadb_sa_spi;
 2843                 newsav->seq = mhp->msg->sadb_msg_seq;
 2844                 break;
 2845         default:
 2846                 free(newsav, M_IPSEC_SA);
 2847                 newsav = NULL;
 2848                 *errp = EINVAL;
 2849                 goto done;
 2850         }
 2851 
 2852 
 2853         /* copy sav values */
 2854         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2855                 *errp = key_setsaval(newsav, m, mhp);
 2856                 if (*errp) {
 2857                         free(newsav, M_IPSEC_SA);
 2858                         newsav = NULL;
 2859                         goto done;
 2860                 }
 2861         }
 2862 
 2863         SECASVAR_LOCK_INIT(newsav);
 2864 
 2865         /* reset created */
 2866         newsav->created = time_second;
 2867         newsav->pid = mhp->msg->sadb_msg_pid;
 2868 
 2869         /* add to satree */
 2870         newsav->sah = sah;
 2871         sa_initref(newsav);
 2872         newsav->state = SADB_SASTATE_LARVAL;
 2873 
 2874         SAHTREE_LOCK();
 2875         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2876                         secasvar, chain);
 2877         SAHTREE_UNLOCK();
 2878 done:
 2879         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 2880                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 2881                         where, tag, newsav));
 2882 
 2883         return newsav;
 2884 }
 2885 
 2886 /*
 2887  * free() SA variable entry.
 2888  */
 2889 static void
 2890 key_cleansav(struct secasvar *sav)
 2891 {
 2892         /*
 2893          * Cleanup xform state.  Note that zeroize'ing causes the
 2894          * keys to be cleared; otherwise we must do it ourself.
 2895          */
 2896         if (sav->tdb_xform != NULL) {
 2897                 sav->tdb_xform->xf_zeroize(sav);
 2898                 sav->tdb_xform = NULL;
 2899         } else {
 2900                 KASSERT(sav->iv == NULL, ("iv but no xform"));
 2901                 if (sav->key_auth != NULL)
 2902                         bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
 2903                 if (sav->key_enc != NULL)
 2904                         bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 2905         }
 2906         if (sav->key_auth != NULL) {
 2907                 if (sav->key_auth->key_data != NULL)
 2908                         free(sav->key_auth->key_data, M_IPSEC_MISC);
 2909                 free(sav->key_auth, M_IPSEC_MISC);
 2910                 sav->key_auth = NULL;
 2911         }
 2912         if (sav->key_enc != NULL) {
 2913                 if (sav->key_enc->key_data != NULL)
 2914                         free(sav->key_enc->key_data, M_IPSEC_MISC);
 2915                 free(sav->key_enc, M_IPSEC_MISC);
 2916                 sav->key_enc = NULL;
 2917         }
 2918         if (sav->sched) {
 2919                 bzero(sav->sched, sav->schedlen);
 2920                 free(sav->sched, M_IPSEC_MISC);
 2921                 sav->sched = NULL;
 2922         }
 2923         if (sav->replay != NULL) {
 2924                 free(sav->replay, M_IPSEC_MISC);
 2925                 sav->replay = NULL;
 2926         }
 2927         if (sav->lft_c != NULL) {
 2928                 free(sav->lft_c, M_IPSEC_MISC);
 2929                 sav->lft_c = NULL;
 2930         }
 2931         if (sav->lft_h != NULL) {
 2932                 free(sav->lft_h, M_IPSEC_MISC);
 2933                 sav->lft_h = NULL;
 2934         }
 2935         if (sav->lft_s != NULL) {
 2936                 free(sav->lft_s, M_IPSEC_MISC);
 2937                 sav->lft_s = NULL;
 2938         }
 2939 }
 2940 
 2941 /*
 2942  * free() SA variable entry.
 2943  */
 2944 static void
 2945 key_delsav(sav)
 2946         struct secasvar *sav;
 2947 {
 2948         IPSEC_ASSERT(sav != NULL, ("null sav"));
 2949         IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt));
 2950 
 2951         /* remove from SA header */
 2952         if (__LIST_CHAINED(sav))
 2953                 LIST_REMOVE(sav, chain);
 2954         key_cleansav(sav);
 2955         SECASVAR_LOCK_DESTROY(sav);
 2956         free(sav, M_IPSEC_SA);
 2957 }
 2958 
 2959 /*
 2960  * search SAD.
 2961  * OUT:
 2962  *      NULL    : not found
 2963  *      others  : found, pointer to a SA.
 2964  */
 2965 static struct secashead *
 2966 key_getsah(saidx)
 2967         struct secasindex *saidx;
 2968 {
 2969         struct secashead *sah;
 2970 
 2971         SAHTREE_LOCK();
 2972         LIST_FOREACH(sah, &V_sahtree, chain) {
 2973                 if (sah->state == SADB_SASTATE_DEAD)
 2974                         continue;
 2975                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
 2976                         break;
 2977         }
 2978         SAHTREE_UNLOCK();
 2979 
 2980         return sah;
 2981 }
 2982 
 2983 /*
 2984  * check not to be duplicated SPI.
 2985  * NOTE: this function is too slow due to searching all SAD.
 2986  * OUT:
 2987  *      NULL    : not found
 2988  *      others  : found, pointer to a SA.
 2989  */
 2990 static struct secasvar *
 2991 key_checkspidup(saidx, spi)
 2992         struct secasindex *saidx;
 2993         u_int32_t spi;
 2994 {
 2995         struct secashead *sah;
 2996         struct secasvar *sav;
 2997 
 2998         /* check address family */
 2999         if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
 3000                 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 3001                         __func__));
 3002                 return NULL;
 3003         }
 3004 
 3005         sav = NULL;
 3006         /* check all SAD */
 3007         SAHTREE_LOCK();
 3008         LIST_FOREACH(sah, &V_sahtree, chain) {
 3009                 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
 3010                         continue;
 3011                 sav = key_getsavbyspi(sah, spi);
 3012                 if (sav != NULL)
 3013                         break;
 3014         }
 3015         SAHTREE_UNLOCK();
 3016 
 3017         return sav;
 3018 }
 3019 
 3020 /*
 3021  * search SAD litmited alive SA, protocol, SPI.
 3022  * OUT:
 3023  *      NULL    : not found
 3024  *      others  : found, pointer to a SA.
 3025  */
 3026 static struct secasvar *
 3027 key_getsavbyspi(sah, spi)
 3028         struct secashead *sah;
 3029         u_int32_t spi;
 3030 {
 3031         struct secasvar *sav;
 3032         u_int stateidx, state;
 3033 
 3034         sav = NULL;
 3035         SAHTREE_LOCK_ASSERT();
 3036         /* search all status */
 3037         for (stateidx = 0;
 3038              stateidx < _ARRAYLEN(saorder_state_alive);
 3039              stateidx++) {
 3040 
 3041                 state = saorder_state_alive[stateidx];
 3042                 LIST_FOREACH(sav, &sah->savtree[state], chain) {
 3043 
 3044                         /* sanity check */
 3045                         if (sav->state != state) {
 3046                                 ipseclog((LOG_DEBUG, "%s: "
 3047                                     "invalid sav->state (queue: %d SA: %d)\n",
 3048                                     __func__, state, sav->state));
 3049                                 continue;
 3050                         }
 3051 
 3052                         if (sav->spi == spi)
 3053                                 return sav;
 3054                 }
 3055         }
 3056 
 3057         return NULL;
 3058 }
 3059 
 3060 /*
 3061  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 3062  * You must update these if need.
 3063  * OUT: 0:      success.
 3064  *      !0:     failure.
 3065  *
 3066  * does not modify mbuf.  does not free mbuf on error.
 3067  */
 3068 static int
 3069 key_setsaval(sav, m, mhp)
 3070         struct secasvar *sav;
 3071         struct mbuf *m;
 3072         const struct sadb_msghdr *mhp;
 3073 {
 3074         int error = 0;
 3075 
 3076         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 3077         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 3078         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 3079 
 3080         /* initialization */
 3081         sav->replay = NULL;
 3082         sav->key_auth = NULL;
 3083         sav->key_enc = NULL;
 3084         sav->sched = NULL;
 3085         sav->schedlen = 0;
 3086         sav->iv = NULL;
 3087         sav->lft_c = NULL;
 3088         sav->lft_h = NULL;
 3089         sav->lft_s = NULL;
 3090         sav->tdb_xform = NULL;          /* transform */
 3091         sav->tdb_encalgxform = NULL;    /* encoding algorithm */
 3092         sav->tdb_authalgxform = NULL;   /* authentication algorithm */
 3093         sav->tdb_compalgxform = NULL;   /* compression algorithm */
 3094         /*  Initialize even if NAT-T not compiled in: */
 3095         sav->natt_type = 0;
 3096         sav->natt_esp_frag_len = 0;
 3097 
 3098         /* SA */
 3099         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3100                 const struct sadb_sa *sa0;
 3101 
 3102                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3103                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3104                         error = EINVAL;
 3105                         goto fail;
 3106                 }
 3107 
 3108                 sav->alg_auth = sa0->sadb_sa_auth;
 3109                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3110                 sav->flags = sa0->sadb_sa_flags;
 3111 
 3112                 /* replay window */
 3113                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3114                         sav->replay = (struct secreplay *)
 3115                                 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO);
 3116                         if (sav->replay == NULL) {
 3117                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3118                                         __func__));
 3119                                 error = ENOBUFS;
 3120                                 goto fail;
 3121                         }
 3122                         if (sa0->sadb_sa_replay != 0)
 3123                                 sav->replay->bitmap = (caddr_t)(sav->replay+1);
 3124                         sav->replay->wsize = sa0->sadb_sa_replay;
 3125                 }
 3126         }
 3127 
 3128         /* Authentication keys */
 3129         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3130                 const struct sadb_key *key0;
 3131                 int len;
 3132 
 3133                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3134                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3135 
 3136                 error = 0;
 3137                 if (len < sizeof(*key0)) {
 3138                         error = EINVAL;
 3139                         goto fail;
 3140                 }
 3141                 switch (mhp->msg->sadb_msg_satype) {
 3142                 case SADB_SATYPE_AH:
 3143                 case SADB_SATYPE_ESP:
 3144                 case SADB_X_SATYPE_TCPSIGNATURE:
 3145                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3146                             sav->alg_auth != SADB_X_AALG_NULL)
 3147                                 error = EINVAL;
 3148                         break;
 3149                 case SADB_X_SATYPE_IPCOMP:
 3150                 default:
 3151                         error = EINVAL;
 3152                         break;
 3153                 }
 3154                 if (error) {
 3155                         ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n",
 3156                                 __func__));
 3157                         goto fail;
 3158                 }
 3159 
 3160                 sav->key_auth = (struct seckey *)key_dup_keymsg(key0, len,
 3161                                                                 M_IPSEC_MISC);
 3162                 if (sav->key_auth == NULL ) {
 3163                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3164                                   __func__));
 3165                         error = ENOBUFS;
 3166                         goto fail;
 3167                 }
 3168         }
 3169 
 3170         /* Encryption key */
 3171         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3172                 const struct sadb_key *key0;
 3173                 int len;
 3174 
 3175                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3176                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3177 
 3178                 error = 0;
 3179                 if (len < sizeof(*key0)) {
 3180                         error = EINVAL;
 3181                         goto fail;
 3182                 }
 3183                 switch (mhp->msg->sadb_msg_satype) {
 3184                 case SADB_SATYPE_ESP:
 3185                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3186                             sav->alg_enc != SADB_EALG_NULL) {
 3187                                 error = EINVAL;
 3188                                 break;
 3189                         }
 3190                         sav->key_enc = (struct seckey *)key_dup_keymsg(key0,
 3191                                                                        len,
 3192                                                                        M_IPSEC_MISC);
 3193                         if (sav->key_enc == NULL) {
 3194                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3195                                         __func__));
 3196                                 error = ENOBUFS;
 3197                                 goto fail;
 3198                         }
 3199                         break;
 3200                 case SADB_X_SATYPE_IPCOMP:
 3201                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3202                                 error = EINVAL;
 3203                         sav->key_enc = NULL;    /*just in case*/
 3204                         break;
 3205                 case SADB_SATYPE_AH:
 3206                 case SADB_X_SATYPE_TCPSIGNATURE:
 3207                 default:
 3208                         error = EINVAL;
 3209                         break;
 3210                 }
 3211                 if (error) {
 3212                         ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n",
 3213                                 __func__));
 3214                         goto fail;
 3215                 }
 3216         }
 3217 
 3218         /* set iv */
 3219         sav->ivlen = 0;
 3220 
 3221         switch (mhp->msg->sadb_msg_satype) {
 3222         case SADB_SATYPE_AH:
 3223                 error = xform_init(sav, XF_AH);
 3224                 break;
 3225         case SADB_SATYPE_ESP:
 3226                 error = xform_init(sav, XF_ESP);
 3227                 break;
 3228         case SADB_X_SATYPE_IPCOMP:
 3229                 error = xform_init(sav, XF_IPCOMP);
 3230                 break;
 3231         case SADB_X_SATYPE_TCPSIGNATURE:
 3232                 error = xform_init(sav, XF_TCPSIGNATURE);
 3233                 break;
 3234         }
 3235         if (error) {
 3236                 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n",
 3237                         __func__, mhp->msg->sadb_msg_satype));
 3238                 goto fail;
 3239         }
 3240 
 3241         /* reset created */
 3242         sav->created = time_second;
 3243 
 3244         /* make lifetime for CURRENT */
 3245         sav->lft_c = malloc(sizeof(struct seclifetime), M_IPSEC_MISC, M_NOWAIT);
 3246         if (sav->lft_c == NULL) {
 3247                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3248                 error = ENOBUFS;
 3249                 goto fail;
 3250         }
 3251 
 3252         sav->lft_c->allocations = 0;
 3253         sav->lft_c->bytes = 0;
 3254         sav->lft_c->addtime = time_second;
 3255         sav->lft_c->usetime = 0;
 3256 
 3257         /* lifetimes for HARD and SOFT */
 3258     {
 3259         const struct sadb_lifetime *lft0;
 3260 
 3261         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3262         if (lft0 != NULL) {
 3263                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3264                         error = EINVAL;
 3265                         goto fail;
 3266                 }
 3267                 sav->lft_h = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3268                 if (sav->lft_h == NULL) {
 3269                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3270                         error = ENOBUFS;
 3271                         goto fail;
 3272                 }
 3273                 /* to be initialize ? */
 3274         }
 3275 
 3276         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3277         if (lft0 != NULL) {
 3278                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3279                         error = EINVAL;
 3280                         goto fail;
 3281                 }
 3282                 sav->lft_s = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3283                 if (sav->lft_s == NULL) {
 3284                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3285                         error = ENOBUFS;
 3286                         goto fail;
 3287                 }
 3288                 /* to be initialize ? */
 3289         }
 3290     }
 3291 
 3292         return 0;
 3293 
 3294  fail:
 3295         /* initialization */
 3296         key_cleansav(sav);
 3297 
 3298         return error;
 3299 }
 3300 
 3301 /*
 3302  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3303  * OUT: 0:      valid
 3304  *      other:  errno
 3305  */
 3306 static int
 3307 key_mature(struct secasvar *sav)
 3308 {
 3309         int error;
 3310 
 3311         /* check SPI value */
 3312         switch (sav->sah->saidx.proto) {
 3313         case IPPROTO_ESP:
 3314         case IPPROTO_AH:
 3315                 /*
 3316                  * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
 3317                  * 1-255 reserved by IANA for future use,
 3318                  * 0 for implementation specific, local use.
 3319                  */
 3320                 if (ntohl(sav->spi) <= 255) {
 3321                         ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
 3322                             __func__, (u_int32_t)ntohl(sav->spi)));
 3323                         return EINVAL;
 3324                 }
 3325                 break;
 3326         }
 3327 
 3328         /* check satype */
 3329         switch (sav->sah->saidx.proto) {
 3330         case IPPROTO_ESP:
 3331                 /* check flags */
 3332                 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
 3333                     (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
 3334                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3335                                 "given to old-esp.\n", __func__));
 3336                         return EINVAL;
 3337                 }
 3338                 error = xform_init(sav, XF_ESP);
 3339                 break;
 3340         case IPPROTO_AH:
 3341                 /* check flags */
 3342                 if (sav->flags & SADB_X_EXT_DERIV) {
 3343                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3344                                 "given to AH SA.\n", __func__));
 3345                         return EINVAL;
 3346                 }
 3347                 if (sav->alg_enc != SADB_EALG_NONE) {
 3348                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3349                                 "mismated.\n", __func__));
 3350                         return(EINVAL);
 3351                 }
 3352                 error = xform_init(sav, XF_AH);
 3353                 break;
 3354         case IPPROTO_IPCOMP:
 3355                 if (sav->alg_auth != SADB_AALG_NONE) {
 3356                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3357                                 "mismated.\n", __func__));
 3358                         return(EINVAL);
 3359                 }
 3360                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
 3361                  && ntohl(sav->spi) >= 0x10000) {
 3362                         ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
 3363                                 __func__));
 3364                         return(EINVAL);
 3365                 }
 3366                 error = xform_init(sav, XF_IPCOMP);
 3367                 break;
 3368         case IPPROTO_TCP:
 3369                 if (sav->alg_enc != SADB_EALG_NONE) {
 3370                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3371                                 "mismated.\n", __func__));
 3372                         return(EINVAL);
 3373                 }
 3374                 error = xform_init(sav, XF_TCPSIGNATURE);
 3375                 break;
 3376         default:
 3377                 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
 3378                 error = EPROTONOSUPPORT;
 3379                 break;
 3380         }
 3381         if (error == 0) {
 3382                 SAHTREE_LOCK();
 3383                 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3384                 SAHTREE_UNLOCK();
 3385         }
 3386         return (error);
 3387 }
 3388 
 3389 /*
 3390  * subroutine for SADB_GET and SADB_DUMP.
 3391  */
 3392 static struct mbuf *
 3393 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
 3394     u_int32_t seq, u_int32_t pid)
 3395 {
 3396         struct mbuf *result = NULL, *tres = NULL, *m;
 3397         int i;
 3398         int dumporder[] = {
 3399                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3400                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3401                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3402                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3403                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3404                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3405 #ifdef IPSEC_NAT_T
 3406                 SADB_X_EXT_NAT_T_TYPE,
 3407                 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
 3408                 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
 3409                 SADB_X_EXT_NAT_T_FRAG,
 3410 #endif
 3411         };
 3412 
 3413         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3414         if (m == NULL)
 3415                 goto fail;
 3416         result = m;
 3417 
 3418         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3419                 m = NULL;
 3420                 switch (dumporder[i]) {
 3421                 case SADB_EXT_SA:
 3422                         m = key_setsadbsa(sav);
 3423                         if (!m)
 3424                                 goto fail;
 3425                         break;
 3426 
 3427                 case SADB_X_EXT_SA2:
 3428                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3429                                         sav->replay ? sav->replay->count : 0,
 3430                                         sav->sah->saidx.reqid);
 3431                         if (!m)
 3432                                 goto fail;
 3433                         break;
 3434 
 3435                 case SADB_EXT_ADDRESS_SRC:
 3436                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3437                             &sav->sah->saidx.src.sa,
 3438                             FULLMASK, IPSEC_ULPROTO_ANY);
 3439                         if (!m)
 3440                                 goto fail;
 3441                         break;
 3442 
 3443                 case SADB_EXT_ADDRESS_DST:
 3444                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3445                             &sav->sah->saidx.dst.sa,
 3446                             FULLMASK, IPSEC_ULPROTO_ANY);
 3447                         if (!m)
 3448                                 goto fail;
 3449                         break;
 3450 
 3451                 case SADB_EXT_KEY_AUTH:
 3452                         if (!sav->key_auth)
 3453                                 continue;
 3454                         m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
 3455                         if (!m)
 3456                                 goto fail;
 3457                         break;
 3458 
 3459                 case SADB_EXT_KEY_ENCRYPT:
 3460                         if (!sav->key_enc)
 3461                                 continue;
 3462                         m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
 3463                         if (!m)
 3464                                 goto fail;
 3465                         break;
 3466 
 3467                 case SADB_EXT_LIFETIME_CURRENT:
 3468                         if (!sav->lft_c)
 3469                                 continue;
 3470                         m = key_setlifetime(sav->lft_c, 
 3471                                             SADB_EXT_LIFETIME_CURRENT);
 3472                         if (!m)
 3473                                 goto fail;
 3474                         break;
 3475 
 3476                 case SADB_EXT_LIFETIME_HARD:
 3477                         if (!sav->lft_h)
 3478                                 continue;
 3479                         m = key_setlifetime(sav->lft_h, 
 3480                                             SADB_EXT_LIFETIME_HARD);
 3481                         if (!m)
 3482                                 goto fail;
 3483                         break;
 3484 
 3485                 case SADB_EXT_LIFETIME_SOFT:
 3486                         if (!sav->lft_s)
 3487                                 continue;
 3488                         m = key_setlifetime(sav->lft_s, 
 3489                                             SADB_EXT_LIFETIME_SOFT);
 3490 
 3491                         if (!m)
 3492                                 goto fail;
 3493                         break;
 3494 
 3495 #ifdef IPSEC_NAT_T
 3496                 case SADB_X_EXT_NAT_T_TYPE:
 3497                         m = key_setsadbxtype(sav->natt_type);
 3498                         if (!m)
 3499                                 goto fail;
 3500                         break;
 3501                 
 3502                 case SADB_X_EXT_NAT_T_DPORT:
 3503                         m = key_setsadbxport(
 3504                             KEY_PORTFROMSADDR(&sav->sah->saidx.dst),
 3505                             SADB_X_EXT_NAT_T_DPORT);
 3506                         if (!m)
 3507                                 goto fail;
 3508                         break;
 3509 
 3510                 case SADB_X_EXT_NAT_T_SPORT:
 3511                         m = key_setsadbxport(
 3512                             KEY_PORTFROMSADDR(&sav->sah->saidx.src),
 3513                             SADB_X_EXT_NAT_T_SPORT);
 3514                         if (!m)
 3515                                 goto fail;
 3516                         break;
 3517 
 3518                 case SADB_X_EXT_NAT_T_OAI:
 3519                 case SADB_X_EXT_NAT_T_OAR:
 3520                 case SADB_X_EXT_NAT_T_FRAG:
 3521                         /* We do not (yet) support those. */
 3522                         continue;
 3523 #endif
 3524 
 3525                 case SADB_EXT_ADDRESS_PROXY:
 3526                 case SADB_EXT_IDENTITY_SRC:
 3527                 case SADB_EXT_IDENTITY_DST:
 3528                         /* XXX: should we brought from SPD ? */
 3529                 case SADB_EXT_SENSITIVITY:
 3530                 default:
 3531                         continue;
 3532                 }
 3533 
 3534                 if (!m)
 3535                         goto fail;
 3536                 if (tres)
 3537                         m_cat(m, tres);
 3538                 tres = m;
 3539                   
 3540         }
 3541 
 3542         m_cat(result, tres);
 3543         if (result->m_len < sizeof(struct sadb_msg)) {
 3544                 result = m_pullup(result, sizeof(struct sadb_msg));
 3545                 if (result == NULL)
 3546                         goto fail;
 3547         }
 3548 
 3549         result->m_pkthdr.len = 0;
 3550         for (m = result; m; m = m->m_next)
 3551                 result->m_pkthdr.len += m->m_len;
 3552 
 3553         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3554             PFKEY_UNIT64(result->m_pkthdr.len);
 3555 
 3556         return result;
 3557 
 3558 fail:
 3559         m_freem(result);
 3560         m_freem(tres);
 3561         return NULL;
 3562 }
 3563 
 3564 /*
 3565  * set data into sadb_msg.
 3566  */
 3567 static struct mbuf *
 3568 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq,
 3569     pid_t pid, u_int16_t reserved)
 3570 {
 3571         struct mbuf *m;
 3572         struct sadb_msg *p;
 3573         int len;
 3574 
 3575         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3576         if (len > MCLBYTES)
 3577                 return NULL;
 3578         MGETHDR(m, M_NOWAIT, MT_DATA);
 3579         if (m && len > MHLEN) {
 3580                 MCLGET(m, M_NOWAIT);
 3581                 if ((m->m_flags & M_EXT) == 0) {
 3582                         m_freem(m);
 3583                         m = NULL;
 3584                 }
 3585         }
 3586         if (!m)
 3587                 return NULL;
 3588         m->m_pkthdr.len = m->m_len = len;
 3589         m->m_next = NULL;
 3590 
 3591         p = mtod(m, struct sadb_msg *);
 3592 
 3593         bzero(p, len);
 3594         p->sadb_msg_version = PF_KEY_V2;
 3595         p->sadb_msg_type = type;
 3596         p->sadb_msg_errno = 0;
 3597         p->sadb_msg_satype = satype;
 3598         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3599         p->sadb_msg_reserved = reserved;
 3600         p->sadb_msg_seq = seq;
 3601         p->sadb_msg_pid = (u_int32_t)pid;
 3602 
 3603         return m;
 3604 }
 3605 
 3606 /*
 3607  * copy secasvar data into sadb_address.
 3608  */
 3609 static struct mbuf *
 3610 key_setsadbsa(sav)
 3611         struct secasvar *sav;
 3612 {
 3613         struct mbuf *m;
 3614         struct sadb_sa *p;
 3615         int len;
 3616 
 3617         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3618         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3619         if (m == NULL)
 3620                 return (NULL);
 3621         m_align(m, len);
 3622         m->m_len = len;
 3623         p = mtod(m, struct sadb_sa *);
 3624         bzero(p, len);
 3625         p->sadb_sa_len = PFKEY_UNIT64(len);
 3626         p->sadb_sa_exttype = SADB_EXT_SA;
 3627         p->sadb_sa_spi = sav->spi;
 3628         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3629         p->sadb_sa_state = sav->state;
 3630         p->sadb_sa_auth = sav->alg_auth;
 3631         p->sadb_sa_encrypt = sav->alg_enc;
 3632         p->sadb_sa_flags = sav->flags;
 3633 
 3634         return m;
 3635 }
 3636 
 3637 /*
 3638  * set data into sadb_address.
 3639  */
 3640 static struct mbuf *
 3641 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, u_int8_t prefixlen, u_int16_t ul_proto)
 3642 {
 3643         struct mbuf *m;
 3644         struct sadb_address *p;
 3645         size_t len;
 3646 
 3647         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3648             PFKEY_ALIGN8(saddr->sa_len);
 3649         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3650         if (m == NULL)
 3651                 return (NULL);
 3652         m_align(m, len);
 3653         m->m_len = len;
 3654         p = mtod(m, struct sadb_address *);
 3655 
 3656         bzero(p, len);
 3657         p->sadb_address_len = PFKEY_UNIT64(len);
 3658         p->sadb_address_exttype = exttype;
 3659         p->sadb_address_proto = ul_proto;
 3660         if (prefixlen == FULLMASK) {
 3661                 switch (saddr->sa_family) {
 3662                 case AF_INET:
 3663                         prefixlen = sizeof(struct in_addr) << 3;
 3664                         break;
 3665                 case AF_INET6:
 3666                         prefixlen = sizeof(struct in6_addr) << 3;
 3667                         break;
 3668                 default:
 3669                         ; /*XXX*/
 3670                 }
 3671         }
 3672         p->sadb_address_prefixlen = prefixlen;
 3673         p->sadb_address_reserved = 0;
 3674 
 3675         bcopy(saddr,
 3676             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3677             saddr->sa_len);
 3678 
 3679         return m;
 3680 }
 3681 
 3682 /*
 3683  * set data into sadb_x_sa2.
 3684  */
 3685 static struct mbuf *
 3686 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
 3687 {
 3688         struct mbuf *m;
 3689         struct sadb_x_sa2 *p;
 3690         size_t len;
 3691 
 3692         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3693         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3694         if (m == NULL)
 3695                 return (NULL);
 3696         m_align(m, len);
 3697         m->m_len = len;
 3698         p = mtod(m, struct sadb_x_sa2 *);
 3699 
 3700         bzero(p, len);
 3701         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3702         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3703         p->sadb_x_sa2_mode = mode;
 3704         p->sadb_x_sa2_reserved1 = 0;
 3705         p->sadb_x_sa2_reserved2 = 0;
 3706         p->sadb_x_sa2_sequence = seq;
 3707         p->sadb_x_sa2_reqid = reqid;
 3708 
 3709         return m;
 3710 }
 3711 
 3712 #ifdef IPSEC_NAT_T
 3713 /*
 3714  * Set a type in sadb_x_nat_t_type.
 3715  */
 3716 static struct mbuf *
 3717 key_setsadbxtype(u_int16_t type)
 3718 {
 3719         struct mbuf *m;
 3720         size_t len;
 3721         struct sadb_x_nat_t_type *p;
 3722 
 3723         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
 3724 
 3725         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3726         if (m == NULL)
 3727                 return (NULL);
 3728         m_align(m, len);
 3729         m->m_len = len;
 3730         p = mtod(m, struct sadb_x_nat_t_type *);
 3731 
 3732         bzero(p, len);
 3733         p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
 3734         p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
 3735         p->sadb_x_nat_t_type_type = type;
 3736 
 3737         return (m);
 3738 }
 3739 /*
 3740  * Set a port in sadb_x_nat_t_port.
 3741  * In contrast to default RFC 2367 behaviour, port is in network byte order.
 3742  */
 3743 static struct mbuf *
 3744 key_setsadbxport(u_int16_t port, u_int16_t type)
 3745 {
 3746         struct mbuf *m;
 3747         size_t len;
 3748         struct sadb_x_nat_t_port *p;
 3749 
 3750         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
 3751 
 3752         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3753         if (m == NULL)
 3754                 return (NULL);
 3755         m_align(m, len);
 3756         m->m_len = len;
 3757         p = mtod(m, struct sadb_x_nat_t_port *);
 3758 
 3759         bzero(p, len);
 3760         p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
 3761         p->sadb_x_nat_t_port_exttype = type;
 3762         p->sadb_x_nat_t_port_port = port;
 3763 
 3764         return (m);
 3765 }
 3766 
 3767 /* 
 3768  * Get port from sockaddr. Port is in network byte order.
 3769  */
 3770 u_int16_t 
 3771 key_portfromsaddr(struct sockaddr *sa)
 3772 {
 3773 
 3774         switch (sa->sa_family) {
 3775 #ifdef INET
 3776         case AF_INET:
 3777                 return ((struct sockaddr_in *)sa)->sin_port;
 3778 #endif
 3779 #ifdef INET6
 3780         case AF_INET6:
 3781                 return ((struct sockaddr_in6 *)sa)->sin6_port;
 3782 #endif
 3783         }
 3784         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 3785                 printf("DP %s unexpected address family %d\n",
 3786                         __func__, sa->sa_family));
 3787         return (0);
 3788 }
 3789 #endif /* IPSEC_NAT_T */
 3790 
 3791 /*
 3792  * Set port in struct sockaddr. Port is in network byte order.
 3793  */
 3794 static void
 3795 key_porttosaddr(struct sockaddr *sa, u_int16_t port)
 3796 {
 3797 
 3798         switch (sa->sa_family) {
 3799 #ifdef INET
 3800         case AF_INET:
 3801                 ((struct sockaddr_in *)sa)->sin_port = port;
 3802                 break;
 3803 #endif
 3804 #ifdef INET6
 3805         case AF_INET6:
 3806                 ((struct sockaddr_in6 *)sa)->sin6_port = port;
 3807                 break;
 3808 #endif
 3809         default:
 3810                 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n",
 3811                         __func__, sa->sa_family));
 3812                 break;
 3813         }
 3814 }
 3815 
 3816 /*
 3817  * set data into sadb_x_policy
 3818  */
 3819 static struct mbuf *
 3820 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
 3821 {
 3822         struct mbuf *m;
 3823         struct sadb_x_policy *p;
 3824         size_t len;
 3825 
 3826         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3827         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 3828         if (m == NULL)
 3829                 return (NULL);
 3830         m_align(m, len);
 3831         m->m_len = len;
 3832         p = mtod(m, struct sadb_x_policy *);
 3833 
 3834         bzero(p, len);
 3835         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3836         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3837         p->sadb_x_policy_type = type;
 3838         p->sadb_x_policy_dir = dir;
 3839         p->sadb_x_policy_id = id;
 3840 
 3841         return m;
 3842 }
 3843 
 3844 /* %%% utilities */
 3845 /* Take a key message (sadb_key) from the socket and turn it into one
 3846  * of the kernel's key structures (seckey).
 3847  *
 3848  * IN: pointer to the src
 3849  * OUT: NULL no more memory
 3850  */
 3851 struct seckey *
 3852 key_dup_keymsg(const struct sadb_key *src, u_int len,
 3853                struct malloc_type *type)
 3854 {
 3855         struct seckey *dst;
 3856         dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT);
 3857         if (dst != NULL) {
 3858                 dst->bits = src->sadb_key_bits;
 3859                 dst->key_data = (char *)malloc(len, type, M_NOWAIT);
 3860                 if (dst->key_data != NULL) {
 3861                         bcopy((const char *)src + sizeof(struct sadb_key), 
 3862                               dst->key_data, len);
 3863                 } else {
 3864                         ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3865                                   __func__));
 3866                         free(dst, type);
 3867                         dst = NULL;
 3868                 }
 3869         } else {
 3870                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3871                           __func__));
 3872 
 3873         }
 3874         return dst;
 3875 }
 3876 
 3877 /* Take a lifetime message (sadb_lifetime) passed in on a socket and
 3878  * turn it into one of the kernel's lifetime structures (seclifetime).
 3879  *
 3880  * IN: pointer to the destination, source and malloc type
 3881  * OUT: NULL, no more memory
 3882  */
 3883 
 3884 static struct seclifetime *
 3885 key_dup_lifemsg(const struct sadb_lifetime *src,
 3886                  struct malloc_type *type)
 3887 {
 3888         struct seclifetime *dst = NULL;
 3889 
 3890         dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), 
 3891                                            type, M_NOWAIT);
 3892         if (dst == NULL) {
 3893                 /* XXX counter */
 3894                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3895         } else {
 3896                 dst->allocations = src->sadb_lifetime_allocations;
 3897                 dst->bytes = src->sadb_lifetime_bytes;
 3898                 dst->addtime = src->sadb_lifetime_addtime;
 3899                 dst->usetime = src->sadb_lifetime_usetime;
 3900         }
 3901         return dst;
 3902 }
 3903 
 3904 /* compare my own address
 3905  * OUT: 1: true, i.e. my address.
 3906  *      0: false
 3907  */
 3908 int
 3909 key_ismyaddr(struct sockaddr *sa)
 3910 {
 3911 
 3912         IPSEC_ASSERT(sa != NULL, ("null sockaddr"));
 3913         switch (sa->sa_family) {
 3914 #ifdef INET
 3915         case AF_INET:
 3916                 return (in_localip(satosin(sa)->sin_addr));
 3917 #endif
 3918 #ifdef INET6
 3919         case AF_INET6:
 3920                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3921 #endif
 3922         }
 3923 
 3924         return 0;
 3925 }
 3926 
 3927 #ifdef INET6
 3928 /*
 3929  * compare my own address for IPv6.
 3930  * 1: ours
 3931  * 0: other
 3932  * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
 3933  */
 3934 #include <netinet6/in6_var.h>
 3935 
 3936 static int
 3937 key_ismyaddr6(sin6)
 3938         struct sockaddr_in6 *sin6;
 3939 {
 3940         struct in6_ifaddr *ia;
 3941 #if 0
 3942         struct in6_multi *in6m;
 3943 #endif
 3944 
 3945         IN6_IFADDR_RLOCK();
 3946         TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
 3947                 if (key_sockaddrcmp((struct sockaddr *)&sin6,
 3948                     (struct sockaddr *)&ia->ia_addr, 0) == 0) {
 3949                         IN6_IFADDR_RUNLOCK();
 3950                         return 1;
 3951                 }
 3952 
 3953 #if 0
 3954                 /*
 3955                  * XXX Multicast
 3956                  * XXX why do we care about multlicast here while we don't care
 3957                  * about IPv4 multicast??
 3958                  * XXX scope
 3959                  */
 3960                 in6m = NULL;
 3961                 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
 3962                 if (in6m) {
 3963                         IN6_IFADDR_RUNLOCK();
 3964                         return 1;
 3965                 }
 3966 #endif
 3967         }
 3968         IN6_IFADDR_RUNLOCK();
 3969 
 3970         /* loopback, just for safety */
 3971         if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
 3972                 return 1;
 3973 
 3974         return 0;
 3975 }
 3976 #endif /*INET6*/
 3977 
 3978 /*
 3979  * compare two secasindex structure.
 3980  * flag can specify to compare 2 saidxes.
 3981  * compare two secasindex structure without both mode and reqid.
 3982  * don't compare port.
 3983  * IN:  
 3984  *      saidx0: source, it can be in SAD.
 3985  *      saidx1: object.
 3986  * OUT: 
 3987  *      1 : equal
 3988  *      0 : not equal
 3989  */
 3990 static int
 3991 key_cmpsaidx(
 3992         const struct secasindex *saidx0,
 3993         const struct secasindex *saidx1,
 3994         int flag)
 3995 {
 3996         int chkport = 0;
 3997 
 3998         /* sanity */
 3999         if (saidx0 == NULL && saidx1 == NULL)
 4000                 return 1;
 4001 
 4002         if (saidx0 == NULL || saidx1 == NULL)
 4003                 return 0;
 4004 
 4005         if (saidx0->proto != saidx1->proto)
 4006                 return 0;
 4007 
 4008         if (flag == CMP_EXACTLY) {
 4009                 if (saidx0->mode != saidx1->mode)
 4010                         return 0;
 4011                 if (saidx0->reqid != saidx1->reqid)
 4012                         return 0;
 4013                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
 4014                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
 4015                         return 0;
 4016         } else {
 4017 
 4018                 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
 4019                 if (flag == CMP_MODE_REQID
 4020                   ||flag == CMP_REQID) {
 4021                         /*
 4022                          * If reqid of SPD is non-zero, unique SA is required.
 4023                          * The result must be of same reqid in this case.
 4024                          */
 4025                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 4026                                 return 0;
 4027                 }
 4028 
 4029                 if (flag == CMP_MODE_REQID) {
 4030                         if (saidx0->mode != IPSEC_MODE_ANY
 4031                          && saidx0->mode != saidx1->mode)
 4032                                 return 0;
 4033                 }
 4034 
 4035 #ifdef IPSEC_NAT_T
 4036                 /*
 4037                  * If NAT-T is enabled, check ports for tunnel mode.
 4038                  * Do not check ports if they are set to zero in the SPD.
 4039                  * Also do not do it for native transport mode, as there
 4040                  * is no port information available in the SP.
 4041                  */
 4042                 if ((saidx1->mode == IPSEC_MODE_TUNNEL ||
 4043                      (saidx1->mode == IPSEC_MODE_TRANSPORT &&
 4044                       saidx1->proto == IPPROTO_ESP)) &&
 4045                     saidx1->src.sa.sa_family == AF_INET &&
 4046                     saidx1->dst.sa.sa_family == AF_INET &&
 4047                     ((const struct sockaddr_in *)(&saidx1->src))->sin_port &&
 4048                     ((const struct sockaddr_in *)(&saidx1->dst))->sin_port)
 4049                         chkport = 1;
 4050 #endif /* IPSEC_NAT_T */
 4051 
 4052                 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, chkport) != 0) {
 4053                         return 0;
 4054                 }
 4055                 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, chkport) != 0) {
 4056                         return 0;
 4057                 }
 4058         }
 4059 
 4060         return 1;
 4061 }
 4062 
 4063 /*
 4064  * compare two secindex structure exactly.
 4065  * IN:
 4066  *      spidx0: source, it is often in SPD.
 4067  *      spidx1: object, it is often from PFKEY message.
 4068  * OUT:
 4069  *      1 : equal
 4070  *      0 : not equal
 4071  */
 4072 static int
 4073 key_cmpspidx_exactly(
 4074         struct secpolicyindex *spidx0,
 4075         struct secpolicyindex *spidx1)
 4076 {
 4077         /* sanity */
 4078         if (spidx0 == NULL && spidx1 == NULL)
 4079                 return 1;
 4080 
 4081         if (spidx0 == NULL || spidx1 == NULL)
 4082                 return 0;
 4083 
 4084         if (spidx0->prefs != spidx1->prefs
 4085          || spidx0->prefd != spidx1->prefd
 4086          || spidx0->ul_proto != spidx1->ul_proto)
 4087                 return 0;
 4088 
 4089         return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
 4090                key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
 4091 }
 4092 
 4093 /*
 4094  * compare two secindex structure with mask.
 4095  * IN:
 4096  *      spidx0: source, it is often in SPD.
 4097  *      spidx1: object, it is often from IP header.
 4098  * OUT:
 4099  *      1 : equal
 4100  *      0 : not equal
 4101  */
 4102 static int
 4103 key_cmpspidx_withmask(
 4104         struct secpolicyindex *spidx0,
 4105         struct secpolicyindex *spidx1)
 4106 {
 4107         /* sanity */
 4108         if (spidx0 == NULL && spidx1 == NULL)
 4109                 return 1;
 4110 
 4111         if (spidx0 == NULL || spidx1 == NULL)
 4112                 return 0;
 4113 
 4114         if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
 4115             spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
 4116             spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
 4117             spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
 4118                 return 0;
 4119 
 4120         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4121         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
 4122          && spidx0->ul_proto != spidx1->ul_proto)
 4123                 return 0;
 4124 
 4125         switch (spidx0->src.sa.sa_family) {
 4126         case AF_INET:
 4127                 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
 4128                  && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
 4129                         return 0;
 4130                 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
 4131                     &spidx1->src.sin.sin_addr, spidx0->prefs))
 4132                         return 0;
 4133                 break;
 4134         case AF_INET6:
 4135                 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
 4136                  && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
 4137                         return 0;
 4138                 /*
 4139                  * scope_id check. if sin6_scope_id is 0, we regard it
 4140                  * as a wildcard scope, which matches any scope zone ID. 
 4141                  */
 4142                 if (spidx0->src.sin6.sin6_scope_id &&
 4143                     spidx1->src.sin6.sin6_scope_id &&
 4144                     spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
 4145                         return 0;
 4146                 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
 4147                     &spidx1->src.sin6.sin6_addr, spidx0->prefs))
 4148                         return 0;
 4149                 break;
 4150         default:
 4151                 /* XXX */
 4152                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
 4153                         return 0;
 4154                 break;
 4155         }
 4156 
 4157         switch (spidx0->dst.sa.sa_family) {
 4158         case AF_INET:
 4159                 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
 4160                  && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
 4161                         return 0;
 4162                 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
 4163                     &spidx1->dst.sin.sin_addr, spidx0->prefd))
 4164                         return 0;
 4165                 break;
 4166         case AF_INET6:
 4167                 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
 4168                  && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
 4169                         return 0;
 4170                 /*
 4171                  * scope_id check. if sin6_scope_id is 0, we regard it
 4172                  * as a wildcard scope, which matches any scope zone ID. 
 4173                  */
 4174                 if (spidx0->dst.sin6.sin6_scope_id &&
 4175                     spidx1->dst.sin6.sin6_scope_id &&
 4176                     spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
 4177                         return 0;
 4178                 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
 4179                     &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
 4180                         return 0;
 4181                 break;
 4182         default:
 4183                 /* XXX */
 4184                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
 4185                         return 0;
 4186                 break;
 4187         }
 4188 
 4189         /* XXX Do we check other field ?  e.g. flowinfo */
 4190 
 4191         return 1;
 4192 }
 4193 
 4194 /* returns 0 on match */
 4195 static int
 4196 key_sockaddrcmp(
 4197         const struct sockaddr *sa1,
 4198         const struct sockaddr *sa2,
 4199         int port)
 4200 {
 4201 #ifdef satosin
 4202 #undef satosin
 4203 #endif
 4204 #define satosin(s) ((const struct sockaddr_in *)s)
 4205 #ifdef satosin6
 4206 #undef satosin6
 4207 #endif
 4208 #define satosin6(s) ((const struct sockaddr_in6 *)s)
 4209         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4210                 return 1;
 4211 
 4212         switch (sa1->sa_family) {
 4213         case AF_INET:
 4214                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4215                         return 1;
 4216                 if (satosin(sa1)->sin_addr.s_addr !=
 4217                     satosin(sa2)->sin_addr.s_addr) {
 4218                         return 1;
 4219                 }
 4220                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4221                         return 1;
 4222                 break;
 4223         case AF_INET6:
 4224                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4225                         return 1;       /*EINVAL*/
 4226                 if (satosin6(sa1)->sin6_scope_id !=
 4227                     satosin6(sa2)->sin6_scope_id) {
 4228                         return 1;
 4229                 }
 4230                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4231                     &satosin6(sa2)->sin6_addr)) {
 4232                         return 1;
 4233                 }
 4234                 if (port &&
 4235                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4236                         return 1;
 4237                 }
 4238                 break;
 4239         default:
 4240                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4241                         return 1;
 4242                 break;
 4243         }
 4244 
 4245         return 0;
 4246 #undef satosin
 4247 #undef satosin6
 4248 }
 4249 
 4250 /*
 4251  * compare two buffers with mask.
 4252  * IN:
 4253  *      addr1: source
 4254  *      addr2: object
 4255  *      bits:  Number of bits to compare
 4256  * OUT:
 4257  *      1 : equal
 4258  *      0 : not equal
 4259  */
 4260 static int
 4261 key_bbcmp(const void *a1, const void *a2, u_int bits)
 4262 {
 4263         const unsigned char *p1 = a1;
 4264         const unsigned char *p2 = a2;
 4265 
 4266         /* XXX: This could be considerably faster if we compare a word
 4267          * at a time, but it is complicated on LSB Endian machines */
 4268 
 4269         /* Handle null pointers */
 4270         if (p1 == NULL || p2 == NULL)
 4271                 return (p1 == p2);
 4272 
 4273         while (bits >= 8) {
 4274                 if (*p1++ != *p2++)
 4275                         return 0;
 4276                 bits -= 8;
 4277         }
 4278 
 4279         if (bits > 0) {
 4280                 u_int8_t mask = ~((1<<(8-bits))-1);
 4281                 if ((*p1 & mask) != (*p2 & mask))
 4282                         return 0;
 4283         }
 4284         return 1;       /* Match! */
 4285 }
 4286 
 4287 static void
 4288 key_flush_spd(time_t now)
 4289 {
 4290         static u_int16_t sptree_scangen = 0;
 4291         u_int16_t gen = sptree_scangen++;
 4292         struct secpolicy *sp;
 4293         u_int dir;
 4294 
 4295         /* SPD */
 4296         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4297 restart:
 4298                 SPTREE_LOCK();
 4299                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 4300                         if (sp->scangen == gen)         /* previously handled */
 4301                                 continue;
 4302                         sp->scangen = gen;
 4303                         if (sp->state == IPSEC_SPSTATE_DEAD &&
 4304                             sp->refcnt == 1) {
 4305                                 /*
 4306                                  * Ensure that we only decrease refcnt once,
 4307                                  * when we're the last consumer.
 4308                                  * Directly call SP_DELREF/key_delsp instead
 4309                                  * of KEY_FREESP to avoid unlocking/relocking
 4310                                  * SPTREE_LOCK before key_delsp: may refcnt
 4311                                  * be increased again during that time ?
 4312                                  * NB: also clean entries created by
 4313                                  * key_spdflush
 4314                                  */
 4315                                 SP_DELREF(sp);
 4316                                 key_delsp(sp);
 4317                                 SPTREE_UNLOCK();
 4318                                 goto restart;
 4319                         }
 4320                         if (sp->lifetime == 0 && sp->validtime == 0)
 4321                                 continue;
 4322                         if ((sp->lifetime && now - sp->created > sp->lifetime)
 4323                          || (sp->validtime && now - sp->lastused > sp->validtime)) {
 4324                                 sp->state = IPSEC_SPSTATE_DEAD;
 4325                                 SPTREE_UNLOCK();
 4326                                 key_spdexpire(sp);
 4327                                 goto restart;
 4328                         }
 4329                 }
 4330                 SPTREE_UNLOCK();
 4331         }
 4332 }
 4333 
 4334 static void
 4335 key_flush_sad(time_t now)
 4336 {
 4337         struct secashead *sah, *nextsah;
 4338         struct secasvar *sav, *nextsav;
 4339 
 4340         /* SAD */
 4341         SAHTREE_LOCK();
 4342         LIST_FOREACH_SAFE(sah, &V_sahtree, chain, nextsah) {
 4343                 /* if sah has been dead, then delete it and process next sah. */
 4344                 if (sah->state == SADB_SASTATE_DEAD) {
 4345                         key_delsah(sah);
 4346                         continue;
 4347                 }
 4348 
 4349                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4350                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) {
 4351                         /* Need to also check refcnt for a larval SA ??? */
 4352                         if (now - sav->created > V_key_larval_lifetime)
 4353                                 KEY_FREESAV(&sav);
 4354                 }
 4355 
 4356                 /*
 4357                  * check MATURE entry to start to send expire message
 4358                  * whether or not.
 4359                  */
 4360                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) {
 4361                         /* we don't need to check. */
 4362                         if (sav->lft_s == NULL)
 4363                                 continue;
 4364 
 4365                         /* sanity check */
 4366                         if (sav->lft_c == NULL) {
 4367                                 ipseclog((LOG_DEBUG,"%s: there is no CURRENT "
 4368                                         "time, why?\n", __func__));
 4369                                 continue;
 4370                         }
 4371 
 4372                         /* check SOFT lifetime */
 4373                         if (sav->lft_s->addtime != 0 &&
 4374                             now - sav->created > sav->lft_s->addtime) {
 4375                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4376                                 /* 
 4377                                  * Actually, only send expire message if
 4378                                  * SA has been used, as it was done before,
 4379                                  * but should we always send such message,
 4380                                  * and let IKE daemon decide if it should be
 4381                                  * renegotiated or not ?
 4382                                  * XXX expire message will actually NOT be
 4383                                  * sent if SA is only used after soft
 4384                                  * lifetime has been reached, see below
 4385                                  * (DYING state)
 4386                                  */
 4387                                 if (sav->lft_c->usetime != 0)
 4388                                         key_expire(sav);
 4389                         }
 4390                         /* check SOFT lifetime by bytes */
 4391                         /*
 4392                          * XXX I don't know the way to delete this SA
 4393                          * when new SA is installed.  Caution when it's
 4394                          * installed too big lifetime by time.
 4395                          */
 4396                         else if (sav->lft_s->bytes != 0 &&
 4397                             sav->lft_s->bytes < sav->lft_c->bytes) {
 4398 
 4399                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4400                                 /*
 4401                                  * XXX If we keep to send expire
 4402                                  * message in the status of
 4403                                  * DYING. Do remove below code.
 4404                                  */
 4405                                 key_expire(sav);
 4406                         }
 4407                 }
 4408 
 4409                 /* check DYING entry to change status to DEAD. */
 4410                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) {
 4411                         /* we don't need to check. */
 4412                         if (sav->lft_h == NULL)
 4413                                 continue;
 4414 
 4415                         /* sanity check */
 4416                         if (sav->lft_c == NULL) {
 4417                                 ipseclog((LOG_DEBUG, "%s: there is no CURRENT "
 4418                                         "time, why?\n", __func__));
 4419                                 continue;
 4420                         }
 4421 
 4422                         if (sav->lft_h->addtime != 0 &&
 4423                             now - sav->created > sav->lft_h->addtime) {
 4424                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4425                                 KEY_FREESAV(&sav);
 4426                         }
 4427 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4428                         else if (sav->lft_s != NULL
 4429                               && sav->lft_s->addtime != 0
 4430                               && now - sav->created > sav->lft_s->addtime) {
 4431                                 /*
 4432                                  * XXX: should be checked to be
 4433                                  * installed the valid SA.
 4434                                  */
 4435 
 4436                                 /*
 4437                                  * If there is no SA then sending
 4438                                  * expire message.
 4439                                  */
 4440                                 key_expire(sav);
 4441                         }
 4442 #endif
 4443                         /* check HARD lifetime by bytes */
 4444                         else if (sav->lft_h->bytes != 0 &&
 4445                             sav->lft_h->bytes < sav->lft_c->bytes) {
 4446                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4447                                 KEY_FREESAV(&sav);
 4448                         }
 4449                 }
 4450 
 4451                 /* delete entry in DEAD */
 4452                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) {
 4453                         /* sanity check */
 4454                         if (sav->state != SADB_SASTATE_DEAD) {
 4455                                 ipseclog((LOG_DEBUG, "%s: invalid sav->state "
 4456                                         "(queue: %d SA: %d): kill it anyway\n",
 4457                                         __func__,
 4458                                         SADB_SASTATE_DEAD, sav->state));
 4459                         }
 4460                         /*
 4461                          * do not call key_freesav() here.
 4462                          * sav should already be freed, and sav->refcnt
 4463                          * shows other references to sav
 4464                          * (such as from SPD).
 4465                          */
 4466                 }
 4467         }
 4468         SAHTREE_UNLOCK();
 4469 }
 4470 
 4471 static void
 4472 key_flush_acq(time_t now)
 4473 {
 4474         struct secacq *acq, *nextacq;
 4475 
 4476         /* ACQ tree */
 4477         ACQ_LOCK();
 4478         for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) {
 4479                 nextacq = LIST_NEXT(acq, chain);
 4480                 if (now - acq->created > V_key_blockacq_lifetime
 4481                  && __LIST_CHAINED(acq)) {
 4482                         LIST_REMOVE(acq, chain);
 4483                         free(acq, M_IPSEC_SAQ);
 4484                 }
 4485         }
 4486         ACQ_UNLOCK();
 4487 }
 4488 
 4489 static void
 4490 key_flush_spacq(time_t now)
 4491 {
 4492         struct secspacq *acq, *nextacq;
 4493 
 4494         /* SP ACQ tree */
 4495         SPACQ_LOCK();
 4496         for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) {
 4497                 nextacq = LIST_NEXT(acq, chain);
 4498                 if (now - acq->created > V_key_blockacq_lifetime
 4499                  && __LIST_CHAINED(acq)) {
 4500                         LIST_REMOVE(acq, chain);
 4501                         free(acq, M_IPSEC_SAQ);
 4502                 }
 4503         }
 4504         SPACQ_UNLOCK();
 4505 }
 4506 
 4507 /*
 4508  * time handler.
 4509  * scanning SPD and SAD to check status for each entries,
 4510  * and do to remove or to expire.
 4511  * XXX: year 2038 problem may remain.
 4512  */
 4513 static void
 4514 key_timehandler(void *arg)
 4515 {
 4516         VNET_ITERATOR_DECL(vnet_iter);
 4517         time_t now = time_second;
 4518 
 4519         VNET_LIST_RLOCK_NOSLEEP();
 4520         VNET_FOREACH(vnet_iter) {
 4521                 CURVNET_SET(vnet_iter);
 4522                 key_flush_spd(now);
 4523                 key_flush_sad(now);
 4524                 key_flush_acq(now);
 4525                 key_flush_spacq(now);
 4526                 CURVNET_RESTORE();
 4527         }
 4528         VNET_LIST_RUNLOCK_NOSLEEP();
 4529 
 4530 #ifndef IPSEC_DEBUG2
 4531         /* do exchange to tick time !! */
 4532         callout_schedule(&key_timer, hz);
 4533 #endif /* IPSEC_DEBUG2 */
 4534 }
 4535 
 4536 u_long
 4537 key_random()
 4538 {
 4539         u_long value;
 4540 
 4541         key_randomfill(&value, sizeof(value));
 4542         return value;
 4543 }
 4544 
 4545 void
 4546 key_randomfill(p, l)
 4547         void *p;
 4548         size_t l;
 4549 {
 4550         size_t n;
 4551         u_long v;
 4552         static int warn = 1;
 4553 
 4554         n = 0;
 4555         n = (size_t)read_random(p, (u_int)l);
 4556         /* last resort */
 4557         while (n < l) {
 4558                 v = random();
 4559                 bcopy(&v, (u_int8_t *)p + n,
 4560                     l - n < sizeof(v) ? l - n : sizeof(v));
 4561                 n += sizeof(v);
 4562 
 4563                 if (warn) {
 4564                         printf("WARNING: pseudo-random number generator "
 4565                             "used for IPsec processing\n");
 4566                         warn = 0;
 4567                 }
 4568         }
 4569 }
 4570 
 4571 /*
 4572  * map SADB_SATYPE_* to IPPROTO_*.
 4573  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4574  * OUT:
 4575  *      0: invalid satype.
 4576  */
 4577 static u_int16_t
 4578 key_satype2proto(u_int8_t satype)
 4579 {
 4580         switch (satype) {
 4581         case SADB_SATYPE_UNSPEC:
 4582                 return IPSEC_PROTO_ANY;
 4583         case SADB_SATYPE_AH:
 4584                 return IPPROTO_AH;
 4585         case SADB_SATYPE_ESP:
 4586                 return IPPROTO_ESP;
 4587         case SADB_X_SATYPE_IPCOMP:
 4588                 return IPPROTO_IPCOMP;
 4589         case SADB_X_SATYPE_TCPSIGNATURE:
 4590                 return IPPROTO_TCP;
 4591         default:
 4592                 return 0;
 4593         }
 4594         /* NOTREACHED */
 4595 }
 4596 
 4597 /*
 4598  * map IPPROTO_* to SADB_SATYPE_*
 4599  * OUT:
 4600  *      0: invalid protocol type.
 4601  */
 4602 static u_int8_t
 4603 key_proto2satype(u_int16_t proto)
 4604 {
 4605         switch (proto) {
 4606         case IPPROTO_AH:
 4607                 return SADB_SATYPE_AH;
 4608         case IPPROTO_ESP:
 4609                 return SADB_SATYPE_ESP;
 4610         case IPPROTO_IPCOMP:
 4611                 return SADB_X_SATYPE_IPCOMP;
 4612         case IPPROTO_TCP:
 4613                 return SADB_X_SATYPE_TCPSIGNATURE;
 4614         default:
 4615                 return 0;
 4616         }
 4617         /* NOTREACHED */
 4618 }
 4619 
 4620 /* %%% PF_KEY */
 4621 /*
 4622  * SADB_GETSPI processing is to receive
 4623  *      <base, (SA2), src address, dst address, (SPI range)>
 4624  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4625  * tree with the status of LARVAL, and send
 4626  *      <base, SA(*), address(SD)>
 4627  * to the IKMPd.
 4628  *
 4629  * IN:  mhp: pointer to the pointer to each header.
 4630  * OUT: NULL if fail.
 4631  *      other if success, return pointer to the message to send.
 4632  */
 4633 static int
 4634 key_getspi(so, m, mhp)
 4635         struct socket *so;
 4636         struct mbuf *m;
 4637         const struct sadb_msghdr *mhp;
 4638 {
 4639         struct sadb_address *src0, *dst0;
 4640         struct secasindex saidx;
 4641         struct secashead *newsah;
 4642         struct secasvar *newsav;
 4643         u_int8_t proto;
 4644         u_int32_t spi;
 4645         u_int8_t mode;
 4646         u_int32_t reqid;
 4647         int error;
 4648 
 4649         IPSEC_ASSERT(so != NULL, ("null socket"));
 4650         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4651         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4652         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4653 
 4654         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4655             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4656                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4657                         __func__));
 4658                 return key_senderror(so, m, EINVAL);
 4659         }
 4660         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4661             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4662                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4663                         __func__));
 4664                 return key_senderror(so, m, EINVAL);
 4665         }
 4666         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4667                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4668                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4669         } else {
 4670                 mode = IPSEC_MODE_ANY;
 4671                 reqid = 0;
 4672         }
 4673 
 4674         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4675         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4676 
 4677         /* map satype to proto */
 4678         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4679                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4680                         __func__));
 4681                 return key_senderror(so, m, EINVAL);
 4682         }
 4683 
 4684         /*
 4685          * Make sure the port numbers are zero.
 4686          * In case of NAT-T we will update them later if needed.
 4687          */
 4688         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4689         case AF_INET:
 4690                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4691                     sizeof(struct sockaddr_in))
 4692                         return key_senderror(so, m, EINVAL);
 4693                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4694                 break;
 4695         case AF_INET6:
 4696                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4697                     sizeof(struct sockaddr_in6))
 4698                         return key_senderror(so, m, EINVAL);
 4699                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4700                 break;
 4701         default:
 4702                 ; /*???*/
 4703         }
 4704         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4705         case AF_INET:
 4706                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4707                     sizeof(struct sockaddr_in))
 4708                         return key_senderror(so, m, EINVAL);
 4709                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4710                 break;
 4711         case AF_INET6:
 4712                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4713                     sizeof(struct sockaddr_in6))
 4714                         return key_senderror(so, m, EINVAL);
 4715                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4716                 break;
 4717         default:
 4718                 ; /*???*/
 4719         }
 4720 
 4721         /* XXX boundary check against sa_len */
 4722         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4723 
 4724 #ifdef IPSEC_NAT_T
 4725         /*
 4726          * Handle NAT-T info if present.
 4727          * We made sure the port numbers are zero above, so we do
 4728          * not have to worry in case we do not update them.
 4729          */
 4730         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
 4731                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi present\n", __func__));
 4732         if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
 4733                 ipseclog((LOG_DEBUG, "%s: NAT-T OAr present\n", __func__));
 4734 
 4735         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 4736             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 4737             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 4738                 struct sadb_x_nat_t_type *type;
 4739                 struct sadb_x_nat_t_port *sport, *dport;
 4740 
 4741                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 4742                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 4743                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 4744                         ipseclog((LOG_DEBUG, "%s: invalid nat-t message "
 4745                             "passed.\n", __func__));
 4746                         return key_senderror(so, m, EINVAL);
 4747                 }
 4748 
 4749                 sport = (struct sadb_x_nat_t_port *)
 4750                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 4751                 dport = (struct sadb_x_nat_t_port *)
 4752                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 4753 
 4754                 if (sport)
 4755                         KEY_PORTTOSADDR(&saidx.src, sport->sadb_x_nat_t_port_port);
 4756                 if (dport)
 4757                         KEY_PORTTOSADDR(&saidx.dst, dport->sadb_x_nat_t_port_port);
 4758         }
 4759 #endif
 4760 
 4761         /* SPI allocation */
 4762         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4763                                &saidx);
 4764         if (spi == 0)
 4765                 return key_senderror(so, m, EINVAL);
 4766 
 4767         /* get a SA index */
 4768         if ((newsah = key_getsah(&saidx)) == NULL) {
 4769                 /* create a new SA index */
 4770                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4771                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 4772                         return key_senderror(so, m, ENOBUFS);
 4773                 }
 4774         }
 4775 
 4776         /* get a new SA */
 4777         /* XXX rewrite */
 4778         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 4779         if (newsav == NULL) {
 4780                 /* XXX don't free new SA index allocated in above. */
 4781                 return key_senderror(so, m, error);
 4782         }
 4783 
 4784         /* set spi */
 4785         newsav->spi = htonl(spi);
 4786 
 4787         /* delete the entry in acqtree */
 4788         if (mhp->msg->sadb_msg_seq != 0) {
 4789                 struct secacq *acq;
 4790                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4791                         /* reset counter in order to deletion by timehandler. */
 4792                         acq->created = time_second;
 4793                         acq->count = 0;
 4794                 }
 4795         }
 4796 
 4797     {
 4798         struct mbuf *n, *nn;
 4799         struct sadb_sa *m_sa;
 4800         struct sadb_msg *newmsg;
 4801         int off, len;
 4802 
 4803         /* create new sadb_msg to reply. */
 4804         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4805             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4806 
 4807         MGETHDR(n, M_NOWAIT, MT_DATA);
 4808         if (len > MHLEN) {
 4809                 MCLGET(n, M_NOWAIT);
 4810                 if ((n->m_flags & M_EXT) == 0) {
 4811                         m_freem(n);
 4812                         n = NULL;
 4813                 }
 4814         }
 4815         if (!n)
 4816                 return key_senderror(so, m, ENOBUFS);
 4817 
 4818         n->m_len = len;
 4819         n->m_next = NULL;
 4820         off = 0;
 4821 
 4822         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4823         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4824 
 4825         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4826         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4827         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4828         m_sa->sadb_sa_spi = htonl(spi);
 4829         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4830 
 4831         IPSEC_ASSERT(off == len,
 4832                 ("length inconsistency (off %u len %u)", off, len));
 4833 
 4834         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4835             SADB_EXT_ADDRESS_DST);
 4836         if (!n->m_next) {
 4837                 m_freem(n);
 4838                 return key_senderror(so, m, ENOBUFS);
 4839         }
 4840 
 4841         if (n->m_len < sizeof(struct sadb_msg)) {
 4842                 n = m_pullup(n, sizeof(struct sadb_msg));
 4843                 if (n == NULL)
 4844                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4845         }
 4846 
 4847         n->m_pkthdr.len = 0;
 4848         for (nn = n; nn; nn = nn->m_next)
 4849                 n->m_pkthdr.len += nn->m_len;
 4850 
 4851         newmsg = mtod(n, struct sadb_msg *);
 4852         newmsg->sadb_msg_seq = newsav->seq;
 4853         newmsg->sadb_msg_errno = 0;
 4854         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4855 
 4856         m_freem(m);
 4857         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4858     }
 4859 }
 4860 
 4861 /*
 4862  * allocating new SPI
 4863  * called by key_getspi().
 4864  * OUT:
 4865  *      0:      failure.
 4866  *      others: success.
 4867  */
 4868 static u_int32_t
 4869 key_do_getnewspi(spirange, saidx)
 4870         struct sadb_spirange *spirange;
 4871         struct secasindex *saidx;
 4872 {
 4873         u_int32_t newspi;
 4874         u_int32_t min, max;
 4875         int count = V_key_spi_trycnt;
 4876 
 4877         /* set spi range to allocate */
 4878         if (spirange != NULL) {
 4879                 min = spirange->sadb_spirange_min;
 4880                 max = spirange->sadb_spirange_max;
 4881         } else {
 4882                 min = V_key_spi_minval;
 4883                 max = V_key_spi_maxval;
 4884         }
 4885         /* IPCOMP needs 2-byte SPI */
 4886         if (saidx->proto == IPPROTO_IPCOMP) {
 4887                 u_int32_t t;
 4888                 if (min >= 0x10000)
 4889                         min = 0xffff;
 4890                 if (max >= 0x10000)
 4891                         max = 0xffff;
 4892                 if (min > max) {
 4893                         t = min; min = max; max = t;
 4894                 }
 4895         }
 4896 
 4897         if (min == max) {
 4898                 if (key_checkspidup(saidx, min) != NULL) {
 4899                         ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n",
 4900                                 __func__, min));
 4901                         return 0;
 4902                 }
 4903 
 4904                 count--; /* taking one cost. */
 4905                 newspi = min;
 4906 
 4907         } else {
 4908 
 4909                 /* init SPI */
 4910                 newspi = 0;
 4911 
 4912                 /* when requesting to allocate spi ranged */
 4913                 while (count--) {
 4914                         /* generate pseudo-random SPI value ranged. */
 4915                         newspi = min + (key_random() % (max - min + 1));
 4916 
 4917                         if (key_checkspidup(saidx, newspi) == NULL)
 4918                                 break;
 4919                 }
 4920 
 4921                 if (count == 0 || newspi == 0) {
 4922                         ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n",
 4923                                 __func__));
 4924                         return 0;
 4925                 }
 4926         }
 4927 
 4928         /* statistics */
 4929         keystat.getspi_count =
 4930                 (keystat.getspi_count + V_key_spi_trycnt - count) / 2;
 4931 
 4932         return newspi;
 4933 }
 4934 
 4935 /*
 4936  * SADB_UPDATE processing
 4937  * receive
 4938  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4939  *       key(AE), (identity(SD),) (sensitivity)>
 4940  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4941  * and send
 4942  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4943  *       (identity(SD),) (sensitivity)>
 4944  * to the ikmpd.
 4945  *
 4946  * m will always be freed.
 4947  */
 4948 static int
 4949 key_update(so, m, mhp)
 4950         struct socket *so;
 4951         struct mbuf *m;
 4952         const struct sadb_msghdr *mhp;
 4953 {
 4954         struct sadb_sa *sa0;
 4955         struct sadb_address *src0, *dst0;
 4956 #ifdef IPSEC_NAT_T
 4957         struct sadb_x_nat_t_type *type;
 4958         struct sadb_x_nat_t_port *sport, *dport;
 4959         struct sadb_address *iaddr, *raddr;
 4960         struct sadb_x_nat_t_frag *frag;
 4961 #endif
 4962         struct secasindex saidx;
 4963         struct secashead *sah;
 4964         struct secasvar *sav;
 4965         u_int16_t proto;
 4966         u_int8_t mode;
 4967         u_int32_t reqid;
 4968         int error;
 4969 
 4970         IPSEC_ASSERT(so != NULL, ("null socket"));
 4971         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4972         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4973         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4974 
 4975         /* map satype to proto */
 4976         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4977                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4978                         __func__));
 4979                 return key_senderror(so, m, EINVAL);
 4980         }
 4981 
 4982         if (mhp->ext[SADB_EXT_SA] == NULL ||
 4983             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4984             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 4985             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 4986              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 4987             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 4988              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 4989             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 4990              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 4991             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 4992              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 4993                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4994                         __func__));
 4995                 return key_senderror(so, m, EINVAL);
 4996         }
 4997         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 4998             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4999             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5000                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5001                         __func__));
 5002                 return key_senderror(so, m, EINVAL);
 5003         }
 5004         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5005                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5006                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5007         } else {
 5008                 mode = IPSEC_MODE_ANY;
 5009                 reqid = 0;
 5010         }
 5011         /* XXX boundary checking for other extensions */
 5012 
 5013         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5014         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5015         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5016 
 5017         /* XXX boundary check against sa_len */
 5018         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5019 
 5020         /*
 5021          * Make sure the port numbers are zero.
 5022          * In case of NAT-T we will update them later if needed.
 5023          */
 5024         KEY_PORTTOSADDR(&saidx.src, 0);
 5025         KEY_PORTTOSADDR(&saidx.dst, 0);
 5026 
 5027 #ifdef IPSEC_NAT_T
 5028         /*
 5029          * Handle NAT-T info if present.
 5030          */
 5031         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 5032             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5033             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5034 
 5035                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 5036                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5037                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5038                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5039                             __func__));
 5040                         return key_senderror(so, m, EINVAL);
 5041                 }
 5042 
 5043                 type = (struct sadb_x_nat_t_type *)
 5044                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 5045                 sport = (struct sadb_x_nat_t_port *)
 5046                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5047                 dport = (struct sadb_x_nat_t_port *)
 5048                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5049         } else {
 5050                 type = 0;
 5051                 sport = dport = 0;
 5052         }
 5053         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 5054             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 5055                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 5056                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 5057                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5058                             __func__));
 5059                         return key_senderror(so, m, EINVAL);
 5060                 }
 5061                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 5062                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 5063                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 5064         } else {
 5065                 iaddr = raddr = NULL;
 5066         }
 5067         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 5068                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 5069                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5070                             __func__));
 5071                         return key_senderror(so, m, EINVAL);
 5072                 }
 5073                 frag = (struct sadb_x_nat_t_frag *)
 5074                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 5075         } else {
 5076                 frag = 0;
 5077         }
 5078 #endif
 5079 
 5080         /* get a SA header */
 5081         if ((sah = key_getsah(&saidx)) == NULL) {
 5082                 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__));
 5083                 return key_senderror(so, m, ENOENT);
 5084         }
 5085 
 5086         /* set spidx if there */
 5087         /* XXX rewrite */
 5088         error = key_setident(sah, m, mhp);
 5089         if (error)
 5090                 return key_senderror(so, m, error);
 5091 
 5092         /* find a SA with sequence number. */
 5093 #ifdef IPSEC_DOSEQCHECK
 5094         if (mhp->msg->sadb_msg_seq != 0
 5095          && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 5096                 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u "
 5097                         "exists.\n", __func__, mhp->msg->sadb_msg_seq));
 5098                 return key_senderror(so, m, ENOENT);
 5099         }
 5100 #else
 5101         SAHTREE_LOCK();
 5102         sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5103         SAHTREE_UNLOCK();
 5104         if (sav == NULL) {
 5105                 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n",
 5106                         __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5107                 return key_senderror(so, m, EINVAL);
 5108         }
 5109 #endif
 5110 
 5111         /* validity check */
 5112         if (sav->sah->saidx.proto != proto) {
 5113                 ipseclog((LOG_DEBUG, "%s: protocol mismatched "
 5114                         "(DB=%u param=%u)\n", __func__,
 5115                         sav->sah->saidx.proto, proto));
 5116                 return key_senderror(so, m, EINVAL);
 5117         }
 5118 #ifdef IPSEC_DOSEQCHECK
 5119         if (sav->spi != sa0->sadb_sa_spi) {
 5120                 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n",
 5121                     __func__,
 5122                     (u_int32_t)ntohl(sav->spi),
 5123                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5124                 return key_senderror(so, m, EINVAL);
 5125         }
 5126 #endif
 5127         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5128                 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n",
 5129                     __func__, sav->pid, mhp->msg->sadb_msg_pid));
 5130                 return key_senderror(so, m, EINVAL);
 5131         }
 5132 
 5133         /* copy sav values */
 5134         error = key_setsaval(sav, m, mhp);
 5135         if (error) {
 5136                 KEY_FREESAV(&sav);
 5137                 return key_senderror(so, m, error);
 5138         }
 5139 
 5140 #ifdef IPSEC_NAT_T
 5141         /*
 5142          * Handle more NAT-T info if present,
 5143          * now that we have a sav to fill.
 5144          */
 5145         if (type)
 5146                 sav->natt_type = type->sadb_x_nat_t_type_type;
 5147 
 5148         if (sport)
 5149                 KEY_PORTTOSADDR(&sav->sah->saidx.src,
 5150                     sport->sadb_x_nat_t_port_port);
 5151         if (dport)
 5152                 KEY_PORTTOSADDR(&sav->sah->saidx.dst,
 5153                     dport->sadb_x_nat_t_port_port);
 5154 
 5155 #if 0
 5156         /*
 5157          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5158          * We should actually check for a minimum MTU here, if we
 5159          * want to support it in ip_output.
 5160          */
 5161         if (frag)
 5162                 sav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5163 #endif
 5164 #endif
 5165 
 5166         /* check SA values to be mature. */
 5167         if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
 5168                 KEY_FREESAV(&sav);
 5169                 return key_senderror(so, m, 0);
 5170         }
 5171 
 5172     {
 5173         struct mbuf *n;
 5174 
 5175         /* set msg buf from mhp */
 5176         n = key_getmsgbuf_x1(m, mhp);
 5177         if (n == NULL) {
 5178                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5179                 return key_senderror(so, m, ENOBUFS);
 5180         }
 5181 
 5182         m_freem(m);
 5183         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5184     }
 5185 }
 5186 
 5187 /*
 5188  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5189  * only called by key_update().
 5190  * OUT:
 5191  *      NULL    : not found
 5192  *      others  : found, pointer to a SA.
 5193  */
 5194 #ifdef IPSEC_DOSEQCHECK
 5195 static struct secasvar *
 5196 key_getsavbyseq(sah, seq)
 5197         struct secashead *sah;
 5198         u_int32_t seq;
 5199 {
 5200         struct secasvar *sav;
 5201         u_int state;
 5202 
 5203         state = SADB_SASTATE_LARVAL;
 5204 
 5205         /* search SAD with sequence number ? */
 5206         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5207 
 5208                 KEY_CHKSASTATE(state, sav->state, __func__);
 5209 
 5210                 if (sav->seq == seq) {
 5211                         sa_addref(sav);
 5212                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5213                                 printf("DP %s cause refcnt++:%d SA:%p\n",
 5214                                         __func__, sav->refcnt, sav));
 5215                         return sav;
 5216                 }
 5217         }
 5218 
 5219         return NULL;
 5220 }
 5221 #endif
 5222 
 5223 /*
 5224  * SADB_ADD processing
 5225  * add an entry to SA database, when received
 5226  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5227  *       key(AE), (identity(SD),) (sensitivity)>
 5228  * from the ikmpd,
 5229  * and send
 5230  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5231  *       (identity(SD),) (sensitivity)>
 5232  * to the ikmpd.
 5233  *
 5234  * IGNORE identity and sensitivity messages.
 5235  *
 5236  * m will always be freed.
 5237  */
 5238 static int
 5239 key_add(so, m, mhp)
 5240         struct socket *so;
 5241         struct mbuf *m;
 5242         const struct sadb_msghdr *mhp;
 5243 {
 5244         struct sadb_sa *sa0;
 5245         struct sadb_address *src0, *dst0;
 5246 #ifdef IPSEC_NAT_T
 5247         struct sadb_x_nat_t_type *type;
 5248         struct sadb_address *iaddr, *raddr;
 5249         struct sadb_x_nat_t_frag *frag;
 5250 #endif
 5251         struct secasindex saidx;
 5252         struct secashead *newsah;
 5253         struct secasvar *newsav;
 5254         u_int16_t proto;
 5255         u_int8_t mode;
 5256         u_int32_t reqid;
 5257         int error;
 5258 
 5259         IPSEC_ASSERT(so != NULL, ("null socket"));
 5260         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5261         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5262         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5263 
 5264         /* map satype to proto */
 5265         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5266                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5267                         __func__));
 5268                 return key_senderror(so, m, EINVAL);
 5269         }
 5270 
 5271         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5272             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5273             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5274             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5275              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5276             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5277              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5278             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5279              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5280             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5281              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5282                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5283                         __func__));
 5284                 return key_senderror(so, m, EINVAL);
 5285         }
 5286         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5287             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5288             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5289                 /* XXX need more */
 5290                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5291                         __func__));
 5292                 return key_senderror(so, m, EINVAL);
 5293         }
 5294         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5295                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5296                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5297         } else {
 5298                 mode = IPSEC_MODE_ANY;
 5299                 reqid = 0;
 5300         }
 5301 
 5302         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5303         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5304         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5305 
 5306         /* XXX boundary check against sa_len */
 5307         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5308 
 5309         /*
 5310          * Make sure the port numbers are zero.
 5311          * In case of NAT-T we will update them later if needed.
 5312          */
 5313         KEY_PORTTOSADDR(&saidx.src, 0);
 5314         KEY_PORTTOSADDR(&saidx.dst, 0);
 5315 
 5316 #ifdef IPSEC_NAT_T
 5317         /*
 5318          * Handle NAT-T info if present.
 5319          */
 5320         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 5321             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5322             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5323                 struct sadb_x_nat_t_port *sport, *dport;
 5324 
 5325                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 5326                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5327                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5328                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5329                             __func__));
 5330                         return key_senderror(so, m, EINVAL);
 5331                 }
 5332 
 5333                 type = (struct sadb_x_nat_t_type *)
 5334                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 5335                 sport = (struct sadb_x_nat_t_port *)
 5336                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5337                 dport = (struct sadb_x_nat_t_port *)
 5338                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5339 
 5340                 if (sport)
 5341                         KEY_PORTTOSADDR(&saidx.src,
 5342                             sport->sadb_x_nat_t_port_port);
 5343                 if (dport)
 5344                         KEY_PORTTOSADDR(&saidx.dst,
 5345                             dport->sadb_x_nat_t_port_port);
 5346         } else {
 5347                 type = 0;
 5348         }
 5349         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 5350             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 5351                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 5352                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 5353                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5354                             __func__));
 5355                         return key_senderror(so, m, EINVAL);
 5356                 }
 5357                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 5358                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 5359                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 5360         } else {
 5361                 iaddr = raddr = NULL;
 5362         }
 5363         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 5364                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 5365                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5366                             __func__));
 5367                         return key_senderror(so, m, EINVAL);
 5368                 }
 5369                 frag = (struct sadb_x_nat_t_frag *)
 5370                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 5371         } else {
 5372                 frag = 0;
 5373         }
 5374 #endif
 5375 
 5376         /* get a SA header */
 5377         if ((newsah = key_getsah(&saidx)) == NULL) {
 5378                 /* create a new SA header */
 5379                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5380                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 5381                         return key_senderror(so, m, ENOBUFS);
 5382                 }
 5383         }
 5384 
 5385         /* set spidx if there */
 5386         /* XXX rewrite */
 5387         error = key_setident(newsah, m, mhp);
 5388         if (error) {
 5389                 return key_senderror(so, m, error);
 5390         }
 5391 
 5392         /* create new SA entry. */
 5393         /* We can create new SA only if SPI is differenct. */
 5394         SAHTREE_LOCK();
 5395         newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi);
 5396         SAHTREE_UNLOCK();
 5397         if (newsav != NULL) {
 5398                 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__));
 5399                 return key_senderror(so, m, EEXIST);
 5400         }
 5401         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 5402         if (newsav == NULL) {
 5403                 return key_senderror(so, m, error);
 5404         }
 5405 
 5406 #ifdef IPSEC_NAT_T
 5407         /*
 5408          * Handle more NAT-T info if present,
 5409          * now that we have a sav to fill.
 5410          */
 5411         if (type)
 5412                 newsav->natt_type = type->sadb_x_nat_t_type_type;
 5413 
 5414 #if 0
 5415         /*
 5416          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5417          * We should actually check for a minimum MTU here, if we
 5418          * want to support it in ip_output.
 5419          */
 5420         if (frag)
 5421                 newsav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5422 #endif
 5423 #endif
 5424 
 5425         /* check SA values to be mature. */
 5426         if ((error = key_mature(newsav)) != 0) {
 5427                 KEY_FREESAV(&newsav);
 5428                 return key_senderror(so, m, error);
 5429         }
 5430 
 5431         /*
 5432          * don't call key_freesav() here, as we would like to keep the SA
 5433          * in the database on success.
 5434          */
 5435 
 5436     {
 5437         struct mbuf *n;
 5438 
 5439         /* set msg buf from mhp */
 5440         n = key_getmsgbuf_x1(m, mhp);
 5441         if (n == NULL) {
 5442                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5443                 return key_senderror(so, m, ENOBUFS);
 5444         }
 5445 
 5446         m_freem(m);
 5447         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5448     }
 5449 }
 5450 
 5451 /* m is retained */
 5452 static int
 5453 key_setident(sah, m, mhp)
 5454         struct secashead *sah;
 5455         struct mbuf *m;
 5456         const struct sadb_msghdr *mhp;
 5457 {
 5458         const struct sadb_ident *idsrc, *iddst;
 5459         int idsrclen, iddstlen;
 5460 
 5461         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 5462         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5463         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5464         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5465 
 5466         /* don't make buffer if not there */
 5467         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5468             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5469                 sah->idents = NULL;
 5470                 sah->identd = NULL;
 5471                 return 0;
 5472         }
 5473         
 5474         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5475             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5476                 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__));
 5477                 return EINVAL;
 5478         }
 5479 
 5480         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5481         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5482         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5483         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5484 
 5485         /* validity check */
 5486         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5487                 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__));
 5488                 return EINVAL;
 5489         }
 5490 
 5491         switch (idsrc->sadb_ident_type) {
 5492         case SADB_IDENTTYPE_PREFIX:
 5493         case SADB_IDENTTYPE_FQDN:
 5494         case SADB_IDENTTYPE_USERFQDN:
 5495         default:
 5496                 /* XXX do nothing */
 5497                 sah->idents = NULL;
 5498                 sah->identd = NULL;
 5499                 return 0;
 5500         }
 5501 
 5502         /* make structure */
 5503         sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5504         if (sah->idents == NULL) {
 5505                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5506                 return ENOBUFS;
 5507         }
 5508         sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5509         if (sah->identd == NULL) {
 5510                 free(sah->idents, M_IPSEC_MISC);
 5511                 sah->idents = NULL;
 5512                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5513                 return ENOBUFS;
 5514         }
 5515         sah->idents->type = idsrc->sadb_ident_type;
 5516         sah->idents->id = idsrc->sadb_ident_id;
 5517 
 5518         sah->identd->type = iddst->sadb_ident_type;
 5519         sah->identd->id = iddst->sadb_ident_id;
 5520 
 5521         return 0;
 5522 }
 5523 
 5524 /*
 5525  * m will not be freed on return.
 5526  * it is caller's responsibility to free the result. 
 5527  */
 5528 static struct mbuf *
 5529 key_getmsgbuf_x1(m, mhp)
 5530         struct mbuf *m;
 5531         const struct sadb_msghdr *mhp;
 5532 {
 5533         struct mbuf *n;
 5534 
 5535         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5536         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5537         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5538 
 5539         /* create new sadb_msg to reply. */
 5540         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5541             SADB_EXT_SA, SADB_X_EXT_SA2,
 5542             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5543             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5544             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5545         if (!n)
 5546                 return NULL;
 5547 
 5548         if (n->m_len < sizeof(struct sadb_msg)) {
 5549                 n = m_pullup(n, sizeof(struct sadb_msg));
 5550                 if (n == NULL)
 5551                         return NULL;
 5552         }
 5553         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5554         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5555             PFKEY_UNIT64(n->m_pkthdr.len);
 5556 
 5557         return n;
 5558 }
 5559 
 5560 static int key_delete_all __P((struct socket *, struct mbuf *,
 5561         const struct sadb_msghdr *, u_int16_t));
 5562 
 5563 /*
 5564  * SADB_DELETE processing
 5565  * receive
 5566  *   <base, SA(*), address(SD)>
 5567  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5568  * and send,
 5569  *   <base, SA(*), address(SD)>
 5570  * to the ikmpd.
 5571  *
 5572  * m will always be freed.
 5573  */
 5574 static int
 5575 key_delete(so, m, mhp)
 5576         struct socket *so;
 5577         struct mbuf *m;
 5578         const struct sadb_msghdr *mhp;
 5579 {
 5580         struct sadb_sa *sa0;
 5581         struct sadb_address *src0, *dst0;
 5582         struct secasindex saidx;
 5583         struct secashead *sah;
 5584         struct secasvar *sav = NULL;
 5585         u_int16_t proto;
 5586 
 5587         IPSEC_ASSERT(so != NULL, ("null socket"));
 5588         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5589         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5590         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5591 
 5592         /* map satype to proto */
 5593         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5594                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5595                         __func__));
 5596                 return key_senderror(so, m, EINVAL);
 5597         }
 5598 
 5599         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5600             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5601                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5602                         __func__));
 5603                 return key_senderror(so, m, EINVAL);
 5604         }
 5605 
 5606         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5607             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5608                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5609                         __func__));
 5610                 return key_senderror(so, m, EINVAL);
 5611         }
 5612 
 5613         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5614                 /*
 5615                  * Caller wants us to delete all non-LARVAL SAs
 5616                  * that match the src/dst.  This is used during
 5617                  * IKE INITIAL-CONTACT.
 5618                  */
 5619                 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__));
 5620                 return key_delete_all(so, m, mhp, proto);
 5621         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5622                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5623                         __func__));
 5624                 return key_senderror(so, m, EINVAL);
 5625         }
 5626 
 5627         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5628         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5629         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5630 
 5631         /* XXX boundary check against sa_len */
 5632         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5633 
 5634         /*
 5635          * Make sure the port numbers are zero.
 5636          * In case of NAT-T we will update them later if needed.
 5637          */
 5638         KEY_PORTTOSADDR(&saidx.src, 0);
 5639         KEY_PORTTOSADDR(&saidx.dst, 0);
 5640 
 5641 #ifdef IPSEC_NAT_T
 5642         /*
 5643          * Handle NAT-T info if present.
 5644          */
 5645         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5646             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5647                 struct sadb_x_nat_t_port *sport, *dport;
 5648 
 5649                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5650                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5651                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5652                             __func__));
 5653                         return key_senderror(so, m, EINVAL);
 5654                 }
 5655 
 5656                 sport = (struct sadb_x_nat_t_port *)
 5657                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5658                 dport = (struct sadb_x_nat_t_port *)
 5659                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5660 
 5661                 if (sport)
 5662                         KEY_PORTTOSADDR(&saidx.src,
 5663                             sport->sadb_x_nat_t_port_port);
 5664                 if (dport)
 5665                         KEY_PORTTOSADDR(&saidx.dst,
 5666                             dport->sadb_x_nat_t_port_port);
 5667         }
 5668 #endif
 5669 
 5670         /* get a SA header */
 5671         SAHTREE_LOCK();
 5672         LIST_FOREACH(sah, &V_sahtree, chain) {
 5673                 if (sah->state == SADB_SASTATE_DEAD)
 5674                         continue;
 5675                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5676                         continue;
 5677 
 5678                 /* get a SA with SPI. */
 5679                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5680                 if (sav)
 5681                         break;
 5682         }
 5683         if (sah == NULL) {
 5684                 SAHTREE_UNLOCK();
 5685                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5686                 return key_senderror(so, m, ENOENT);
 5687         }
 5688 
 5689         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5690         KEY_FREESAV(&sav);
 5691         SAHTREE_UNLOCK();
 5692 
 5693     {
 5694         struct mbuf *n;
 5695         struct sadb_msg *newmsg;
 5696 
 5697         /* create new sadb_msg to reply. */
 5698         /* XXX-BZ NAT-T extensions? */
 5699         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5700             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5701         if (!n)
 5702                 return key_senderror(so, m, ENOBUFS);
 5703 
 5704         if (n->m_len < sizeof(struct sadb_msg)) {
 5705                 n = m_pullup(n, sizeof(struct sadb_msg));
 5706                 if (n == NULL)
 5707                         return key_senderror(so, m, ENOBUFS);
 5708         }
 5709         newmsg = mtod(n, struct sadb_msg *);
 5710         newmsg->sadb_msg_errno = 0;
 5711         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5712 
 5713         m_freem(m);
 5714         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5715     }
 5716 }
 5717 
 5718 /*
 5719  * delete all SAs for src/dst.  Called from key_delete().
 5720  */
 5721 static int
 5722 key_delete_all(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp,
 5723     u_int16_t proto)
 5724 {
 5725         struct sadb_address *src0, *dst0;
 5726         struct secasindex saidx;
 5727         struct secashead *sah;
 5728         struct secasvar *sav, *nextsav;
 5729         u_int stateidx, state;
 5730 
 5731         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5732         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5733 
 5734         /* XXX boundary check against sa_len */
 5735         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5736 
 5737         /*
 5738          * Make sure the port numbers are zero.
 5739          * In case of NAT-T we will update them later if needed.
 5740          */
 5741         KEY_PORTTOSADDR(&saidx.src, 0);
 5742         KEY_PORTTOSADDR(&saidx.dst, 0);
 5743 
 5744 #ifdef IPSEC_NAT_T
 5745         /*
 5746          * Handle NAT-T info if present.
 5747          */
 5748 
 5749         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5750             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5751                 struct sadb_x_nat_t_port *sport, *dport;
 5752 
 5753                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5754                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5755                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5756                             __func__));
 5757                         return key_senderror(so, m, EINVAL);
 5758                 }
 5759 
 5760                 sport = (struct sadb_x_nat_t_port *)
 5761                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5762                 dport = (struct sadb_x_nat_t_port *)
 5763                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5764 
 5765                 if (sport)
 5766                         KEY_PORTTOSADDR(&saidx.src,
 5767                             sport->sadb_x_nat_t_port_port);
 5768                 if (dport)
 5769                         KEY_PORTTOSADDR(&saidx.dst,
 5770                             dport->sadb_x_nat_t_port_port);
 5771         }
 5772 #endif
 5773 
 5774         SAHTREE_LOCK();
 5775         LIST_FOREACH(sah, &V_sahtree, chain) {
 5776                 if (sah->state == SADB_SASTATE_DEAD)
 5777                         continue;
 5778                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5779                         continue;
 5780 
 5781                 /* Delete all non-LARVAL SAs. */
 5782                 for (stateidx = 0;
 5783                      stateidx < _ARRAYLEN(saorder_state_alive);
 5784                      stateidx++) {
 5785                         state = saorder_state_alive[stateidx];
 5786                         if (state == SADB_SASTATE_LARVAL)
 5787                                 continue;
 5788                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5789                              sav != NULL; sav = nextsav) {
 5790                                 nextsav = LIST_NEXT(sav, chain);
 5791                                 /* sanity check */
 5792                                 if (sav->state != state) {
 5793                                         ipseclog((LOG_DEBUG, "%s: invalid "
 5794                                                 "sav->state (queue %d SA %d)\n",
 5795                                                 __func__, state, sav->state));
 5796                                         continue;
 5797                                 }
 5798                                 
 5799                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5800                                 KEY_FREESAV(&sav);
 5801                         }
 5802                 }
 5803         }
 5804         SAHTREE_UNLOCK();
 5805     {
 5806         struct mbuf *n;
 5807         struct sadb_msg *newmsg;
 5808 
 5809         /* create new sadb_msg to reply. */
 5810         /* XXX-BZ NAT-T extensions? */
 5811         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5812             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5813         if (!n)
 5814                 return key_senderror(so, m, ENOBUFS);
 5815 
 5816         if (n->m_len < sizeof(struct sadb_msg)) {
 5817                 n = m_pullup(n, sizeof(struct sadb_msg));
 5818                 if (n == NULL)
 5819                         return key_senderror(so, m, ENOBUFS);
 5820         }
 5821         newmsg = mtod(n, struct sadb_msg *);
 5822         newmsg->sadb_msg_errno = 0;
 5823         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5824 
 5825         m_freem(m);
 5826         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5827     }
 5828 }
 5829 
 5830 /*
 5831  * SADB_GET processing
 5832  * receive
 5833  *   <base, SA(*), address(SD)>
 5834  * from the ikmpd, and get a SP and a SA to respond,
 5835  * and send,
 5836  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5837  *       (identity(SD),) (sensitivity)>
 5838  * to the ikmpd.
 5839  *
 5840  * m will always be freed.
 5841  */
 5842 static int
 5843 key_get(so, m, mhp)
 5844         struct socket *so;
 5845         struct mbuf *m;
 5846         const struct sadb_msghdr *mhp;
 5847 {
 5848         struct sadb_sa *sa0;
 5849         struct sadb_address *src0, *dst0;
 5850         struct secasindex saidx;
 5851         struct secashead *sah;
 5852         struct secasvar *sav = NULL;
 5853         u_int16_t proto;
 5854 
 5855         IPSEC_ASSERT(so != NULL, ("null socket"));
 5856         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5857         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5858         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5859 
 5860         /* map satype to proto */
 5861         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5862                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5863                         __func__));
 5864                 return key_senderror(so, m, EINVAL);
 5865         }
 5866 
 5867         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5868             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5869             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5870                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5871                         __func__));
 5872                 return key_senderror(so, m, EINVAL);
 5873         }
 5874         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5875             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5876             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5877                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5878                         __func__));
 5879                 return key_senderror(so, m, EINVAL);
 5880         }
 5881 
 5882         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5883         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5884         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5885 
 5886         /* XXX boundary check against sa_len */
 5887         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5888 
 5889         /*
 5890          * Make sure the port numbers are zero.
 5891          * In case of NAT-T we will update them later if needed.
 5892          */
 5893         KEY_PORTTOSADDR(&saidx.src, 0);
 5894         KEY_PORTTOSADDR(&saidx.dst, 0);
 5895 
 5896 #ifdef IPSEC_NAT_T
 5897         /*
 5898          * Handle NAT-T info if present.
 5899          */
 5900 
 5901         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5902             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5903                 struct sadb_x_nat_t_port *sport, *dport;
 5904 
 5905                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5906                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5907                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5908                             __func__));
 5909                         return key_senderror(so, m, EINVAL);
 5910                 }
 5911 
 5912                 sport = (struct sadb_x_nat_t_port *)
 5913                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5914                 dport = (struct sadb_x_nat_t_port *)
 5915                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5916 
 5917                 if (sport)
 5918                         KEY_PORTTOSADDR(&saidx.src,
 5919                             sport->sadb_x_nat_t_port_port);
 5920                 if (dport)
 5921                         KEY_PORTTOSADDR(&saidx.dst,
 5922                             dport->sadb_x_nat_t_port_port);
 5923         }
 5924 #endif
 5925 
 5926         /* get a SA header */
 5927         SAHTREE_LOCK();
 5928         LIST_FOREACH(sah, &V_sahtree, chain) {
 5929                 if (sah->state == SADB_SASTATE_DEAD)
 5930                         continue;
 5931                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5932                         continue;
 5933 
 5934                 /* get a SA with SPI. */
 5935                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5936                 if (sav)
 5937                         break;
 5938         }
 5939         SAHTREE_UNLOCK();
 5940         if (sah == NULL) {
 5941                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5942                 return key_senderror(so, m, ENOENT);
 5943         }
 5944 
 5945     {
 5946         struct mbuf *n;
 5947         u_int8_t satype;
 5948 
 5949         /* map proto to satype */
 5950         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5951                 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n",
 5952                         __func__));
 5953                 return key_senderror(so, m, EINVAL);
 5954         }
 5955 
 5956         /* create new sadb_msg to reply. */
 5957         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5958             mhp->msg->sadb_msg_pid);
 5959         if (!n)
 5960                 return key_senderror(so, m, ENOBUFS);
 5961 
 5962         m_freem(m);
 5963         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5964     }
 5965 }
 5966 
 5967 /* XXX make it sysctl-configurable? */
 5968 static void
 5969 key_getcomb_setlifetime(comb)
 5970         struct sadb_comb *comb;
 5971 {
 5972 
 5973         comb->sadb_comb_soft_allocations = 1;
 5974         comb->sadb_comb_hard_allocations = 1;
 5975         comb->sadb_comb_soft_bytes = 0;
 5976         comb->sadb_comb_hard_bytes = 0;
 5977         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5978         comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
 5979         comb->sadb_comb_soft_usetime = 28800;   /* 8 hours */
 5980         comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5981 }
 5982 
 5983 /*
 5984  * XXX reorder combinations by preference
 5985  * XXX no idea if the user wants ESP authentication or not
 5986  */
 5987 static struct mbuf *
 5988 key_getcomb_esp()
 5989 {
 5990         struct sadb_comb *comb;
 5991         struct enc_xform *algo;
 5992         struct mbuf *result = NULL, *m, *n;
 5993         int encmin;
 5994         int i, off, o;
 5995         int totlen;
 5996         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5997 
 5998         m = NULL;
 5999         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6000                 algo = esp_algorithm_lookup(i);
 6001                 if (algo == NULL)
 6002                         continue;
 6003 
 6004                 /* discard algorithms with key size smaller than system min */
 6005                 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin)
 6006                         continue;
 6007                 if (_BITS(algo->minkey) < V_ipsec_esp_keymin)
 6008                         encmin = V_ipsec_esp_keymin;
 6009                 else
 6010                         encmin = _BITS(algo->minkey);
 6011 
 6012                 if (V_ipsec_esp_auth)
 6013                         m = key_getcomb_ah();
 6014                 else {
 6015                         IPSEC_ASSERT(l <= MLEN,
 6016                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6017                         MGET(m, M_NOWAIT, MT_DATA);
 6018                         if (m) {
 6019                                 M_ALIGN(m, l);
 6020                                 m->m_len = l;
 6021                                 m->m_next = NULL;
 6022                                 bzero(mtod(m, caddr_t), m->m_len);
 6023                         }
 6024                 }
 6025                 if (!m)
 6026                         goto fail;
 6027 
 6028                 totlen = 0;
 6029                 for (n = m; n; n = n->m_next)
 6030                         totlen += n->m_len;
 6031                 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l));
 6032 
 6033                 for (off = 0; off < totlen; off += l) {
 6034                         n = m_pulldown(m, off, l, &o);
 6035                         if (!n) {
 6036                                 /* m is already freed */
 6037                                 goto fail;
 6038                         }
 6039                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 6040                         bzero(comb, sizeof(*comb));
 6041                         key_getcomb_setlifetime(comb);
 6042                         comb->sadb_comb_encrypt = i;
 6043                         comb->sadb_comb_encrypt_minbits = encmin;
 6044                         comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
 6045                 }
 6046 
 6047                 if (!result)
 6048                         result = m;
 6049                 else
 6050                         m_cat(result, m);
 6051         }
 6052 
 6053         return result;
 6054 
 6055  fail:
 6056         if (result)
 6057                 m_freem(result);
 6058         return NULL;
 6059 }
 6060 
 6061 static void
 6062 key_getsizes_ah(
 6063         const struct auth_hash *ah,
 6064         int alg,
 6065         u_int16_t* min,
 6066         u_int16_t* max)
 6067 {
 6068 
 6069         *min = *max = ah->keysize;
 6070         if (ah->keysize == 0) {
 6071                 /*
 6072                  * Transform takes arbitrary key size but algorithm
 6073                  * key size is restricted.  Enforce this here.
 6074                  */
 6075                 switch (alg) {
 6076                 case SADB_X_AALG_MD5:   *min = *max = 16; break;
 6077                 case SADB_X_AALG_SHA:   *min = *max = 20; break;
 6078                 case SADB_X_AALG_NULL:  *min = 1; *max = 256; break;
 6079                 case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
 6080                 case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
 6081                 case SADB_X_AALG_SHA2_512: *min = *max = 64; break;
 6082                 default:
 6083                         DPRINTF(("%s: unknown AH algorithm %u\n",
 6084                                 __func__, alg));
 6085                         break;
 6086                 }
 6087         }
 6088 }
 6089 
 6090 /*
 6091  * XXX reorder combinations by preference
 6092  */
 6093 static struct mbuf *
 6094 key_getcomb_ah()
 6095 {
 6096         struct sadb_comb *comb;
 6097         struct auth_hash *algo;
 6098         struct mbuf *m;
 6099         u_int16_t minkeysize, maxkeysize;
 6100         int i;
 6101         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6102 
 6103         m = NULL;
 6104         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6105 #if 1
 6106                 /* we prefer HMAC algorithms, not old algorithms */
 6107                 if (i != SADB_AALG_SHA1HMAC &&
 6108                     i != SADB_AALG_MD5HMAC  &&
 6109                     i != SADB_X_AALG_SHA2_256 &&
 6110                     i != SADB_X_AALG_SHA2_384 &&
 6111                     i != SADB_X_AALG_SHA2_512)
 6112                         continue;
 6113 #endif
 6114                 algo = ah_algorithm_lookup(i);
 6115                 if (!algo)
 6116                         continue;
 6117                 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
 6118                 /* discard algorithms with key size smaller than system min */
 6119                 if (_BITS(minkeysize) < V_ipsec_ah_keymin)
 6120                         continue;
 6121 
 6122                 if (!m) {
 6123                         IPSEC_ASSERT(l <= MLEN,
 6124                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6125                         MGET(m, M_NOWAIT, MT_DATA);
 6126                         if (m) {
 6127                                 M_ALIGN(m, l);
 6128                                 m->m_len = l;
 6129                                 m->m_next = NULL;
 6130                         }
 6131                 } else
 6132                         M_PREPEND(m, l, M_NOWAIT);
 6133                 if (!m)
 6134                         return NULL;
 6135 
 6136                 comb = mtod(m, struct sadb_comb *);
 6137                 bzero(comb, sizeof(*comb));
 6138                 key_getcomb_setlifetime(comb);
 6139                 comb->sadb_comb_auth = i;
 6140                 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
 6141                 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
 6142         }
 6143 
 6144         return m;
 6145 }
 6146 
 6147 /*
 6148  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 6149  * XXX reorder combinations by preference
 6150  */
 6151 static struct mbuf *
 6152 key_getcomb_ipcomp()
 6153 {
 6154         struct sadb_comb *comb;
 6155         struct comp_algo *algo;
 6156         struct mbuf *m;
 6157         int i;
 6158         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6159 
 6160         m = NULL;
 6161         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 6162                 algo = ipcomp_algorithm_lookup(i);
 6163                 if (!algo)
 6164                         continue;
 6165 
 6166                 if (!m) {
 6167                         IPSEC_ASSERT(l <= MLEN,
 6168                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6169                         MGET(m, M_NOWAIT, MT_DATA);
 6170                         if (m) {
 6171                                 M_ALIGN(m, l);
 6172                                 m->m_len = l;
 6173                                 m->m_next = NULL;
 6174                         }
 6175                 } else
 6176                         M_PREPEND(m, l, M_NOWAIT);
 6177                 if (!m)
 6178                         return NULL;
 6179 
 6180                 comb = mtod(m, struct sadb_comb *);
 6181                 bzero(comb, sizeof(*comb));
 6182                 key_getcomb_setlifetime(comb);
 6183                 comb->sadb_comb_encrypt = i;
 6184                 /* what should we set into sadb_comb_*_{min,max}bits? */
 6185         }
 6186 
 6187         return m;
 6188 }
 6189 
 6190 /*
 6191  * XXX no way to pass mode (transport/tunnel) to userland
 6192  * XXX replay checking?
 6193  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 6194  */
 6195 static struct mbuf *
 6196 key_getprop(saidx)
 6197         const struct secasindex *saidx;
 6198 {
 6199         struct sadb_prop *prop;
 6200         struct mbuf *m, *n;
 6201         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 6202         int totlen;
 6203 
 6204         switch (saidx->proto)  {
 6205         case IPPROTO_ESP:
 6206                 m = key_getcomb_esp();
 6207                 break;
 6208         case IPPROTO_AH:
 6209                 m = key_getcomb_ah();
 6210                 break;
 6211         case IPPROTO_IPCOMP:
 6212                 m = key_getcomb_ipcomp();
 6213                 break;
 6214         default:
 6215                 return NULL;
 6216         }
 6217 
 6218         if (!m)
 6219                 return NULL;
 6220         M_PREPEND(m, l, M_NOWAIT);
 6221         if (!m)
 6222                 return NULL;
 6223 
 6224         totlen = 0;
 6225         for (n = m; n; n = n->m_next)
 6226                 totlen += n->m_len;
 6227 
 6228         prop = mtod(m, struct sadb_prop *);
 6229         bzero(prop, sizeof(*prop));
 6230         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 6231         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 6232         prop->sadb_prop_replay = 32;    /* XXX */
 6233 
 6234         return m;
 6235 }
 6236 
 6237 /*
 6238  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 6239  * send
 6240  *   <base, SA, address(SD), (address(P)), x_policy,
 6241  *       (identity(SD),) (sensitivity,) proposal>
 6242  * to KMD, and expect to receive
 6243  *   <base> with SADB_ACQUIRE if error occured,
 6244  * or
 6245  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 6246  * from KMD by PF_KEY.
 6247  *
 6248  * XXX x_policy is outside of RFC2367 (KAME extension).
 6249  * XXX sensitivity is not supported.
 6250  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 6251  * see comment for key_getcomb_ipcomp().
 6252  *
 6253  * OUT:
 6254  *    0     : succeed
 6255  *    others: error number
 6256  */
 6257 static int
 6258 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
 6259 {
 6260         struct mbuf *result = NULL, *m;
 6261         struct secacq *newacq;
 6262         u_int8_t satype;
 6263         int error = -1;
 6264         u_int32_t seq;
 6265 
 6266         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 6267         satype = key_proto2satype(saidx->proto);
 6268         IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
 6269 
 6270         /*
 6271          * We never do anything about acquirng SA.  There is anather
 6272          * solution that kernel blocks to send SADB_ACQUIRE message until
 6273          * getting something message from IKEd.  In later case, to be
 6274          * managed with ACQUIRING list.
 6275          */
 6276         /* Get an entry to check whether sending message or not. */
 6277         if ((newacq = key_getacq(saidx)) != NULL) {
 6278                 if (V_key_blockacq_count < newacq->count) {
 6279                         /* reset counter and do send message. */
 6280                         newacq->count = 0;
 6281                 } else {
 6282                         /* increment counter and do nothing. */
 6283                         newacq->count++;
 6284                         return 0;
 6285                 }
 6286         } else {
 6287                 /* make new entry for blocking to send SADB_ACQUIRE. */
 6288                 if ((newacq = key_newacq(saidx)) == NULL)
 6289                         return ENOBUFS;
 6290         }
 6291 
 6292 
 6293         seq = newacq->seq;
 6294         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 6295         if (!m) {
 6296                 error = ENOBUFS;
 6297                 goto fail;
 6298         }
 6299         result = m;
 6300 
 6301         /*
 6302          * No SADB_X_EXT_NAT_T_* here: we do not know
 6303          * anything related to NAT-T at this time.
 6304          */
 6305 
 6306         /* set sadb_address for saidx's. */
 6307         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6308             &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY);
 6309         if (!m) {
 6310                 error = ENOBUFS;
 6311                 goto fail;
 6312         }
 6313         m_cat(result, m);
 6314 
 6315         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6316             &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY);
 6317         if (!m) {
 6318                 error = ENOBUFS;
 6319                 goto fail;
 6320         }
 6321         m_cat(result, m);
 6322 
 6323         /* XXX proxy address (optional) */
 6324 
 6325         /* set sadb_x_policy */
 6326         if (sp) {
 6327                 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
 6328                 if (!m) {
 6329                         error = ENOBUFS;
 6330                         goto fail;
 6331                 }
 6332                 m_cat(result, m);
 6333         }
 6334 
 6335         /* XXX identity (optional) */
 6336 #if 0
 6337         if (idexttype && fqdn) {
 6338                 /* create identity extension (FQDN) */
 6339                 struct sadb_ident *id;
 6340                 int fqdnlen;
 6341 
 6342                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 6343                 id = (struct sadb_ident *)p;
 6344                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6345                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6346                 id->sadb_ident_exttype = idexttype;
 6347                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6348                 bcopy(fqdn, id + 1, fqdnlen);
 6349                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6350         }
 6351 
 6352         if (idexttype) {
 6353                 /* create identity extension (USERFQDN) */
 6354                 struct sadb_ident *id;
 6355                 int userfqdnlen;
 6356 
 6357                 if (userfqdn) {
 6358                         /* +1 for terminating-NUL */
 6359                         userfqdnlen = strlen(userfqdn) + 1;
 6360                 } else
 6361                         userfqdnlen = 0;
 6362                 id = (struct sadb_ident *)p;
 6363                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6364                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6365                 id->sadb_ident_exttype = idexttype;
 6366                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6367                 /* XXX is it correct? */
 6368                 if (curproc && curproc->p_cred)
 6369                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6370                 if (userfqdn && userfqdnlen)
 6371                         bcopy(userfqdn, id + 1, userfqdnlen);
 6372                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6373         }
 6374 #endif
 6375 
 6376         /* XXX sensitivity (optional) */
 6377 
 6378         /* create proposal/combination extension */
 6379         m = key_getprop(saidx);
 6380 #if 0
 6381         /*
 6382          * spec conformant: always attach proposal/combination extension,
 6383          * the problem is that we have no way to attach it for ipcomp,
 6384          * due to the way sadb_comb is declared in RFC2367.
 6385          */
 6386         if (!m) {
 6387                 error = ENOBUFS;
 6388                 goto fail;
 6389         }
 6390         m_cat(result, m);
 6391 #else
 6392         /*
 6393          * outside of spec; make proposal/combination extension optional.
 6394          */
 6395         if (m)
 6396                 m_cat(result, m);
 6397 #endif
 6398 
 6399         if ((result->m_flags & M_PKTHDR) == 0) {
 6400                 error = EINVAL;
 6401                 goto fail;
 6402         }
 6403 
 6404         if (result->m_len < sizeof(struct sadb_msg)) {
 6405                 result = m_pullup(result, sizeof(struct sadb_msg));
 6406                 if (result == NULL) {
 6407                         error = ENOBUFS;
 6408                         goto fail;
 6409                 }
 6410         }
 6411 
 6412         result->m_pkthdr.len = 0;
 6413         for (m = result; m; m = m->m_next)
 6414                 result->m_pkthdr.len += m->m_len;
 6415 
 6416         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6417             PFKEY_UNIT64(result->m_pkthdr.len);
 6418 
 6419         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6420 
 6421  fail:
 6422         if (result)
 6423                 m_freem(result);
 6424         return error;
 6425 }
 6426 
 6427 static struct secacq *
 6428 key_newacq(const struct secasindex *saidx)
 6429 {
 6430         struct secacq *newacq;
 6431 
 6432         /* get new entry */
 6433         newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6434         if (newacq == NULL) {
 6435                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6436                 return NULL;
 6437         }
 6438 
 6439         /* copy secindex */
 6440         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6441         newacq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
 6442         newacq->created = time_second;
 6443         newacq->count = 0;
 6444 
 6445         /* add to acqtree */
 6446         ACQ_LOCK();
 6447         LIST_INSERT_HEAD(&V_acqtree, newacq, chain);
 6448         ACQ_UNLOCK();
 6449 
 6450         return newacq;
 6451 }
 6452 
 6453 static struct secacq *
 6454 key_getacq(const struct secasindex *saidx)
 6455 {
 6456         struct secacq *acq;
 6457 
 6458         ACQ_LOCK();
 6459         LIST_FOREACH(acq, &V_acqtree, chain) {
 6460                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6461                         break;
 6462         }
 6463         ACQ_UNLOCK();
 6464 
 6465         return acq;
 6466 }
 6467 
 6468 static struct secacq *
 6469 key_getacqbyseq(seq)
 6470         u_int32_t seq;
 6471 {
 6472         struct secacq *acq;
 6473 
 6474         ACQ_LOCK();
 6475         LIST_FOREACH(acq, &V_acqtree, chain) {
 6476                 if (acq->seq == seq)
 6477                         break;
 6478         }
 6479         ACQ_UNLOCK();
 6480 
 6481         return acq;
 6482 }
 6483 
 6484 static struct secspacq *
 6485 key_newspacq(spidx)
 6486         struct secpolicyindex *spidx;
 6487 {
 6488         struct secspacq *acq;
 6489 
 6490         /* get new entry */
 6491         acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6492         if (acq == NULL) {
 6493                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6494                 return NULL;
 6495         }
 6496 
 6497         /* copy secindex */
 6498         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6499         acq->created = time_second;
 6500         acq->count = 0;
 6501 
 6502         /* add to spacqtree */
 6503         SPACQ_LOCK();
 6504         LIST_INSERT_HEAD(&V_spacqtree, acq, chain);
 6505         SPACQ_UNLOCK();
 6506 
 6507         return acq;
 6508 }
 6509 
 6510 static struct secspacq *
 6511 key_getspacq(spidx)
 6512         struct secpolicyindex *spidx;
 6513 {
 6514         struct secspacq *acq;
 6515 
 6516         SPACQ_LOCK();
 6517         LIST_FOREACH(acq, &V_spacqtree, chain) {
 6518                 if (key_cmpspidx_exactly(spidx, &acq->spidx)) {
 6519                         /* NB: return holding spacq_lock */
 6520                         return acq;
 6521                 }
 6522         }
 6523         SPACQ_UNLOCK();
 6524 
 6525         return NULL;
 6526 }
 6527 
 6528 /*
 6529  * SADB_ACQUIRE processing,
 6530  * in first situation, is receiving
 6531  *   <base>
 6532  * from the ikmpd, and clear sequence of its secasvar entry.
 6533  *
 6534  * In second situation, is receiving
 6535  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6536  * from a user land process, and return
 6537  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6538  * to the socket.
 6539  *
 6540  * m will always be freed.
 6541  */
 6542 static int
 6543 key_acquire2(so, m, mhp)
 6544         struct socket *so;
 6545         struct mbuf *m;
 6546         const struct sadb_msghdr *mhp;
 6547 {
 6548         const struct sadb_address *src0, *dst0;
 6549         struct secasindex saidx;
 6550         struct secashead *sah;
 6551         u_int16_t proto;
 6552         int error;
 6553 
 6554         IPSEC_ASSERT(so != NULL, ("null socket"));
 6555         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6556         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6557         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6558 
 6559         /*
 6560          * Error message from KMd.
 6561          * We assume that if error was occured in IKEd, the length of PFKEY
 6562          * message is equal to the size of sadb_msg structure.
 6563          * We do not raise error even if error occured in this function.
 6564          */
 6565         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6566                 struct secacq *acq;
 6567 
 6568                 /* check sequence number */
 6569                 if (mhp->msg->sadb_msg_seq == 0) {
 6570                         ipseclog((LOG_DEBUG, "%s: must specify sequence "
 6571                                 "number.\n", __func__));
 6572                         m_freem(m);
 6573                         return 0;
 6574                 }
 6575 
 6576                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6577                         /*
 6578                          * the specified larval SA is already gone, or we got
 6579                          * a bogus sequence number.  we can silently ignore it.
 6580                          */
 6581                         m_freem(m);
 6582                         return 0;
 6583                 }
 6584 
 6585                 /* reset acq counter in order to deletion by timehander. */
 6586                 acq->created = time_second;
 6587                 acq->count = 0;
 6588                 m_freem(m);
 6589                 return 0;
 6590         }
 6591 
 6592         /*
 6593          * This message is from user land.
 6594          */
 6595 
 6596         /* map satype to proto */
 6597         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6598                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 6599                         __func__));
 6600                 return key_senderror(so, m, EINVAL);
 6601         }
 6602 
 6603         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6604             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6605             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6606                 /* error */
 6607                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 6608                         __func__));
 6609                 return key_senderror(so, m, EINVAL);
 6610         }
 6611         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6612             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6613             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6614                 /* error */
 6615                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",        
 6616                         __func__));
 6617                 return key_senderror(so, m, EINVAL);
 6618         }
 6619 
 6620         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6621         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6622 
 6623         /* XXX boundary check against sa_len */
 6624         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6625 
 6626         /*
 6627          * Make sure the port numbers are zero.
 6628          * In case of NAT-T we will update them later if needed.
 6629          */
 6630         KEY_PORTTOSADDR(&saidx.src, 0);
 6631         KEY_PORTTOSADDR(&saidx.dst, 0);
 6632 
 6633 #ifndef IPSEC_NAT_T
 6634         /*
 6635          * Handle NAT-T info if present.
 6636          */
 6637 
 6638         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 6639             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 6640                 struct sadb_x_nat_t_port *sport, *dport;
 6641 
 6642                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 6643                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 6644                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 6645                             __func__));
 6646                         return key_senderror(so, m, EINVAL);
 6647                 }
 6648 
 6649                 sport = (struct sadb_x_nat_t_port *)
 6650                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 6651                 dport = (struct sadb_x_nat_t_port *)
 6652                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 6653 
 6654                 if (sport)
 6655                         KEY_PORTTOSADDR(&saidx.src,
 6656                             sport->sadb_x_nat_t_port_port);
 6657                 if (dport)
 6658                         KEY_PORTTOSADDR(&saidx.dst,
 6659                             dport->sadb_x_nat_t_port_port);
 6660         }
 6661 #endif
 6662 
 6663         /* get a SA index */
 6664         SAHTREE_LOCK();
 6665         LIST_FOREACH(sah, &V_sahtree, chain) {
 6666                 if (sah->state == SADB_SASTATE_DEAD)
 6667                         continue;
 6668                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6669                         break;
 6670         }
 6671         SAHTREE_UNLOCK();
 6672         if (sah != NULL) {
 6673                 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__));
 6674                 return key_senderror(so, m, EEXIST);
 6675         }
 6676 
 6677         error = key_acquire(&saidx, NULL);
 6678         if (error != 0) {
 6679                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
 6680                         __func__, mhp->msg->sadb_msg_errno));
 6681                 return key_senderror(so, m, error);
 6682         }
 6683 
 6684         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6685 }
 6686 
 6687 /*
 6688  * SADB_REGISTER processing.
 6689  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6690  * receive
 6691  *   <base>
 6692  * from the ikmpd, and register a socket to send PF_KEY messages,
 6693  * and send
 6694  *   <base, supported>
 6695  * to KMD by PF_KEY.
 6696  * If socket is detached, must free from regnode.
 6697  *
 6698  * m will always be freed.
 6699  */
 6700 static int
 6701 key_register(so, m, mhp)
 6702         struct socket *so;
 6703         struct mbuf *m;
 6704         const struct sadb_msghdr *mhp;
 6705 {
 6706         struct secreg *reg, *newreg = 0;
 6707 
 6708         IPSEC_ASSERT(so != NULL, ("null socket"));
 6709         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6710         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6711         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6712 
 6713         /* check for invalid register message */
 6714         if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0]))
 6715                 return key_senderror(so, m, EINVAL);
 6716 
 6717         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6718         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6719                 goto setmsg;
 6720 
 6721         /* check whether existing or not */
 6722         REGTREE_LOCK();
 6723         LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) {
 6724                 if (reg->so == so) {
 6725                         REGTREE_UNLOCK();
 6726                         ipseclog((LOG_DEBUG, "%s: socket exists already.\n",
 6727                                 __func__));
 6728                         return key_senderror(so, m, EEXIST);
 6729                 }
 6730         }
 6731 
 6732         /* create regnode */
 6733         newreg =  malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO);
 6734         if (newreg == NULL) {
 6735                 REGTREE_UNLOCK();
 6736                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6737                 return key_senderror(so, m, ENOBUFS);
 6738         }
 6739 
 6740         newreg->so = so;
 6741         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6742 
 6743         /* add regnode to regtree. */
 6744         LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6745         REGTREE_UNLOCK();
 6746 
 6747   setmsg:
 6748     {
 6749         struct mbuf *n;
 6750         struct sadb_msg *newmsg;
 6751         struct sadb_supported *sup;
 6752         u_int len, alen, elen;
 6753         int off;
 6754         int i;
 6755         struct sadb_alg *alg;
 6756 
 6757         /* create new sadb_msg to reply. */
 6758         alen = 0;
 6759         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6760                 if (ah_algorithm_lookup(i))
 6761                         alen += sizeof(struct sadb_alg);
 6762         }
 6763         if (alen)
 6764                 alen += sizeof(struct sadb_supported);
 6765         elen = 0;
 6766         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6767                 if (esp_algorithm_lookup(i))
 6768                         elen += sizeof(struct sadb_alg);
 6769         }
 6770         if (elen)
 6771                 elen += sizeof(struct sadb_supported);
 6772 
 6773         len = sizeof(struct sadb_msg) + alen + elen;
 6774 
 6775         if (len > MCLBYTES)
 6776                 return key_senderror(so, m, ENOBUFS);
 6777 
 6778         MGETHDR(n, M_NOWAIT, MT_DATA);
 6779         if (len > MHLEN) {
 6780                 MCLGET(n, M_NOWAIT);
 6781                 if ((n->m_flags & M_EXT) == 0) {
 6782                         m_freem(n);
 6783                         n = NULL;
 6784                 }
 6785         }
 6786         if (!n)
 6787                 return key_senderror(so, m, ENOBUFS);
 6788 
 6789         n->m_pkthdr.len = n->m_len = len;
 6790         n->m_next = NULL;
 6791         off = 0;
 6792 
 6793         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6794         newmsg = mtod(n, struct sadb_msg *);
 6795         newmsg->sadb_msg_errno = 0;
 6796         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6797         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6798 
 6799         /* for authentication algorithm */
 6800         if (alen) {
 6801                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6802                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6803                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6804                 off += PFKEY_ALIGN8(sizeof(*sup));
 6805 
 6806                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6807                         struct auth_hash *aalgo;
 6808                         u_int16_t minkeysize, maxkeysize;
 6809 
 6810                         aalgo = ah_algorithm_lookup(i);
 6811                         if (!aalgo)
 6812                                 continue;
 6813                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6814                         alg->sadb_alg_id = i;
 6815                         alg->sadb_alg_ivlen = 0;
 6816                         key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
 6817                         alg->sadb_alg_minbits = _BITS(minkeysize);
 6818                         alg->sadb_alg_maxbits = _BITS(maxkeysize);
 6819                         off += PFKEY_ALIGN8(sizeof(*alg));
 6820                 }
 6821         }
 6822 
 6823         /* for encryption algorithm */
 6824         if (elen) {
 6825                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6826                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6827                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6828                 off += PFKEY_ALIGN8(sizeof(*sup));
 6829 
 6830                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6831                         struct enc_xform *ealgo;
 6832 
 6833                         ealgo = esp_algorithm_lookup(i);
 6834                         if (!ealgo)
 6835                                 continue;
 6836                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6837                         alg->sadb_alg_id = i;
 6838                         alg->sadb_alg_ivlen = ealgo->blocksize;
 6839                         alg->sadb_alg_minbits = _BITS(ealgo->minkey);
 6840                         alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
 6841                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6842                 }
 6843         }
 6844 
 6845         IPSEC_ASSERT(off == len,
 6846                 ("length assumption failed (off %u len %u)", off, len));
 6847 
 6848         m_freem(m);
 6849         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6850     }
 6851 }
 6852 
 6853 /*
 6854  * free secreg entry registered.
 6855  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6856  */
 6857 void
 6858 key_freereg(struct socket *so)
 6859 {
 6860         struct secreg *reg;
 6861         int i;
 6862 
 6863         IPSEC_ASSERT(so != NULL, ("NULL so"));
 6864 
 6865         /*
 6866          * check whether existing or not.
 6867          * check all type of SA, because there is a potential that
 6868          * one socket is registered to multiple type of SA.
 6869          */
 6870         REGTREE_LOCK();
 6871         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6872                 LIST_FOREACH(reg, &V_regtree[i], chain) {
 6873                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6874                                 LIST_REMOVE(reg, chain);
 6875                                 free(reg, M_IPSEC_SAR);
 6876                                 break;
 6877                         }
 6878                 }
 6879         }
 6880         REGTREE_UNLOCK();
 6881 }
 6882 
 6883 /*
 6884  * SADB_EXPIRE processing
 6885  * send
 6886  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6887  * to KMD by PF_KEY.
 6888  * NOTE: We send only soft lifetime extension.
 6889  *
 6890  * OUT: 0       : succeed
 6891  *      others  : error number
 6892  */
 6893 static int
 6894 key_expire(struct secasvar *sav)
 6895 {
 6896         int satype;
 6897         struct mbuf *result = NULL, *m;
 6898         int len;
 6899         int error = -1;
 6900         struct sadb_lifetime *lt;
 6901 
 6902         IPSEC_ASSERT (sav != NULL, ("null sav"));
 6903         IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
 6904 
 6905         /* set msg header */
 6906         satype = key_proto2satype(sav->sah->saidx.proto);
 6907         IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
 6908         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6909         if (!m) {
 6910                 error = ENOBUFS;
 6911                 goto fail;
 6912         }
 6913         result = m;
 6914 
 6915         /* create SA extension */
 6916         m = key_setsadbsa(sav);
 6917         if (!m) {
 6918                 error = ENOBUFS;
 6919                 goto fail;
 6920         }
 6921         m_cat(result, m);
 6922 
 6923         /* create SA extension */
 6924         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6925                         sav->replay ? sav->replay->count : 0,
 6926                         sav->sah->saidx.reqid);
 6927         if (!m) {
 6928                 error = ENOBUFS;
 6929                 goto fail;
 6930         }
 6931         m_cat(result, m);
 6932 
 6933         /* create lifetime extension (current and soft) */
 6934         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6935         m = m_get2(len, M_NOWAIT, MT_DATA, 0);
 6936         if (m == NULL) {
 6937                 error = ENOBUFS;
 6938                 goto fail;
 6939         }
 6940         m_align(m, len);
 6941         m->m_len = len;
 6942         bzero(mtod(m, caddr_t), len);
 6943         lt = mtod(m, struct sadb_lifetime *);
 6944         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6945         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6946         lt->sadb_lifetime_allocations = sav->lft_c->allocations;
 6947         lt->sadb_lifetime_bytes = sav->lft_c->bytes;
 6948         lt->sadb_lifetime_addtime = sav->lft_c->addtime;
 6949         lt->sadb_lifetime_usetime = sav->lft_c->usetime;
 6950         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6951         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6952         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
 6953         lt->sadb_lifetime_allocations = sav->lft_s->allocations;
 6954         lt->sadb_lifetime_bytes = sav->lft_s->bytes;
 6955         lt->sadb_lifetime_addtime = sav->lft_s->addtime;
 6956         lt->sadb_lifetime_usetime = sav->lft_s->usetime;
 6957         m_cat(result, m);
 6958 
 6959         /* set sadb_address for source */
 6960         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6961             &sav->sah->saidx.src.sa,
 6962             FULLMASK, IPSEC_ULPROTO_ANY);
 6963         if (!m) {
 6964                 error = ENOBUFS;
 6965                 goto fail;
 6966         }
 6967         m_cat(result, m);
 6968 
 6969         /* set sadb_address for destination */
 6970         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6971             &sav->sah->saidx.dst.sa,
 6972             FULLMASK, IPSEC_ULPROTO_ANY);
 6973         if (!m) {
 6974                 error = ENOBUFS;
 6975                 goto fail;
 6976         }
 6977         m_cat(result, m);
 6978 
 6979         /*
 6980          * XXX-BZ Handle NAT-T extensions here.
 6981          */
 6982 
 6983         if ((result->m_flags & M_PKTHDR) == 0) {
 6984                 error = EINVAL;
 6985                 goto fail;
 6986         }
 6987 
 6988         if (result->m_len < sizeof(struct sadb_msg)) {
 6989                 result = m_pullup(result, sizeof(struct sadb_msg));
 6990                 if (result == NULL) {
 6991                         error = ENOBUFS;
 6992                         goto fail;
 6993                 }
 6994         }
 6995 
 6996         result->m_pkthdr.len = 0;
 6997         for (m = result; m; m = m->m_next)
 6998                 result->m_pkthdr.len += m->m_len;
 6999 
 7000         mtod(result, struct sadb_msg *)->sadb_msg_len =
 7001             PFKEY_UNIT64(result->m_pkthdr.len);
 7002 
 7003         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 7004 
 7005  fail:
 7006         if (result)
 7007                 m_freem(result);
 7008         return error;
 7009 }
 7010 
 7011 /*
 7012  * SADB_FLUSH processing
 7013  * receive
 7014  *   <base>
 7015  * from the ikmpd, and free all entries in secastree.
 7016  * and send,
 7017  *   <base>
 7018  * to the ikmpd.
 7019  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 7020  *
 7021  * m will always be freed.
 7022  */
 7023 static int
 7024 key_flush(so, m, mhp)
 7025         struct socket *so;
 7026         struct mbuf *m;
 7027         const struct sadb_msghdr *mhp;
 7028 {
 7029         struct sadb_msg *newmsg;
 7030         struct secashead *sah, *nextsah;
 7031         struct secasvar *sav, *nextsav;
 7032         u_int16_t proto;
 7033         u_int8_t state;
 7034         u_int stateidx;
 7035 
 7036         IPSEC_ASSERT(so != NULL, ("null socket"));
 7037         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7038         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7039 
 7040         /* map satype to proto */
 7041         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 7042                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 7043                         __func__));
 7044                 return key_senderror(so, m, EINVAL);
 7045         }
 7046 
 7047         /* no SATYPE specified, i.e. flushing all SA. */
 7048         SAHTREE_LOCK();
 7049         for (sah = LIST_FIRST(&V_sahtree);
 7050              sah != NULL;
 7051              sah = nextsah) {
 7052                 nextsah = LIST_NEXT(sah, chain);
 7053 
 7054                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7055                  && proto != sah->saidx.proto)
 7056                         continue;
 7057 
 7058                 for (stateidx = 0;
 7059                      stateidx < _ARRAYLEN(saorder_state_alive);
 7060                      stateidx++) {
 7061                         state = saorder_state_any[stateidx];
 7062                         for (sav = LIST_FIRST(&sah->savtree[state]);
 7063                              sav != NULL;
 7064                              sav = nextsav) {
 7065 
 7066                                 nextsav = LIST_NEXT(sav, chain);
 7067 
 7068                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 7069                                 KEY_FREESAV(&sav);
 7070                         }
 7071                 }
 7072 
 7073                 sah->state = SADB_SASTATE_DEAD;
 7074         }
 7075         SAHTREE_UNLOCK();
 7076 
 7077         if (m->m_len < sizeof(struct sadb_msg) ||
 7078             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 7079                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 7080                 return key_senderror(so, m, ENOBUFS);
 7081         }
 7082 
 7083         if (m->m_next)
 7084                 m_freem(m->m_next);
 7085         m->m_next = NULL;
 7086         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 7087         newmsg = mtod(m, struct sadb_msg *);
 7088         newmsg->sadb_msg_errno = 0;
 7089         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 7090 
 7091         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7092 }
 7093 
 7094 /*
 7095  * SADB_DUMP processing
 7096  * dump all entries including status of DEAD in SAD.
 7097  * receive
 7098  *   <base>
 7099  * from the ikmpd, and dump all secasvar leaves
 7100  * and send,
 7101  *   <base> .....
 7102  * to the ikmpd.
 7103  *
 7104  * m will always be freed.
 7105  */
 7106 static int
 7107 key_dump(so, m, mhp)
 7108         struct socket *so;
 7109         struct mbuf *m;
 7110         const struct sadb_msghdr *mhp;
 7111 {
 7112         struct secashead *sah;
 7113         struct secasvar *sav;
 7114         u_int16_t proto;
 7115         u_int stateidx;
 7116         u_int8_t satype;
 7117         u_int8_t state;
 7118         int cnt;
 7119         struct sadb_msg *newmsg;
 7120         struct mbuf *n;
 7121 
 7122         IPSEC_ASSERT(so != NULL, ("null socket"));
 7123         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7124         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7125         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7126 
 7127         /* map satype to proto */
 7128         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 7129                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 7130                         __func__));
 7131                 return key_senderror(so, m, EINVAL);
 7132         }
 7133 
 7134         /* count sav entries to be sent to the userland. */
 7135         cnt = 0;
 7136         SAHTREE_LOCK();
 7137         LIST_FOREACH(sah, &V_sahtree, chain) {
 7138                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7139                  && proto != sah->saidx.proto)
 7140                         continue;
 7141 
 7142                 for (stateidx = 0;
 7143                      stateidx < _ARRAYLEN(saorder_state_any);
 7144                      stateidx++) {
 7145                         state = saorder_state_any[stateidx];
 7146                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7147                                 cnt++;
 7148                         }
 7149                 }
 7150         }
 7151 
 7152         if (cnt == 0) {
 7153                 SAHTREE_UNLOCK();
 7154                 return key_senderror(so, m, ENOENT);
 7155         }
 7156 
 7157         /* send this to the userland, one at a time. */
 7158         newmsg = NULL;
 7159         LIST_FOREACH(sah, &V_sahtree, chain) {
 7160                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7161                  && proto != sah->saidx.proto)
 7162                         continue;
 7163 
 7164                 /* map proto to satype */
 7165                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 7166                         SAHTREE_UNLOCK();
 7167                         ipseclog((LOG_DEBUG, "%s: there was invalid proto in "
 7168                                 "SAD.\n", __func__));
 7169                         return key_senderror(so, m, EINVAL);
 7170                 }
 7171 
 7172                 for (stateidx = 0;
 7173                      stateidx < _ARRAYLEN(saorder_state_any);
 7174                      stateidx++) {
 7175                         state = saorder_state_any[stateidx];
 7176                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7177                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 7178                                     --cnt, mhp->msg->sadb_msg_pid);
 7179                                 if (!n) {
 7180                                         SAHTREE_UNLOCK();
 7181                                         return key_senderror(so, m, ENOBUFS);
 7182                                 }
 7183                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 7184                         }
 7185                 }
 7186         }
 7187         SAHTREE_UNLOCK();
 7188 
 7189         m_freem(m);
 7190         return 0;
 7191 }
 7192 
 7193 /*
 7194  * SADB_X_PROMISC processing
 7195  *
 7196  * m will always be freed.
 7197  */
 7198 static int
 7199 key_promisc(so, m, mhp)
 7200         struct socket *so;
 7201         struct mbuf *m;
 7202         const struct sadb_msghdr *mhp;
 7203 {
 7204         int olen;
 7205 
 7206         IPSEC_ASSERT(so != NULL, ("null socket"));
 7207         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7208         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7209         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7210 
 7211         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7212 
 7213         if (olen < sizeof(struct sadb_msg)) {
 7214 #if 1
 7215                 return key_senderror(so, m, EINVAL);
 7216 #else
 7217                 m_freem(m);
 7218                 return 0;
 7219 #endif
 7220         } else if (olen == sizeof(struct sadb_msg)) {
 7221                 /* enable/disable promisc mode */
 7222                 struct keycb *kp;
 7223 
 7224                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 7225                         return key_senderror(so, m, EINVAL);
 7226                 mhp->msg->sadb_msg_errno = 0;
 7227                 switch (mhp->msg->sadb_msg_satype) {
 7228                 case 0:
 7229                 case 1:
 7230                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 7231                         break;
 7232                 default:
 7233                         return key_senderror(so, m, EINVAL);
 7234                 }
 7235 
 7236                 /* send the original message back to everyone */
 7237                 mhp->msg->sadb_msg_errno = 0;
 7238                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7239         } else {
 7240                 /* send packet as is */
 7241 
 7242                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 7243 
 7244                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 7245                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7246         }
 7247 }
 7248 
 7249 static int (*key_typesw[]) __P((struct socket *, struct mbuf *,
 7250                 const struct sadb_msghdr *)) = {
 7251         NULL,           /* SADB_RESERVED */
 7252         key_getspi,     /* SADB_GETSPI */
 7253         key_update,     /* SADB_UPDATE */
 7254         key_add,        /* SADB_ADD */
 7255         key_delete,     /* SADB_DELETE */
 7256         key_get,        /* SADB_GET */
 7257         key_acquire2,   /* SADB_ACQUIRE */
 7258         key_register,   /* SADB_REGISTER */
 7259         NULL,           /* SADB_EXPIRE */
 7260         key_flush,      /* SADB_FLUSH */
 7261         key_dump,       /* SADB_DUMP */
 7262         key_promisc,    /* SADB_X_PROMISC */
 7263         NULL,           /* SADB_X_PCHANGE */
 7264         key_spdadd,     /* SADB_X_SPDUPDATE */
 7265         key_spdadd,     /* SADB_X_SPDADD */
 7266         key_spddelete,  /* SADB_X_SPDDELETE */
 7267         key_spdget,     /* SADB_X_SPDGET */
 7268         NULL,           /* SADB_X_SPDACQUIRE */
 7269         key_spddump,    /* SADB_X_SPDDUMP */
 7270         key_spdflush,   /* SADB_X_SPDFLUSH */
 7271         key_spdadd,     /* SADB_X_SPDSETIDX */
 7272         NULL,           /* SADB_X_SPDEXPIRE */
 7273         key_spddelete2, /* SADB_X_SPDDELETE2 */
 7274 };
 7275 
 7276 /*
 7277  * parse sadb_msg buffer to process PFKEYv2,
 7278  * and create a data to response if needed.
 7279  * I think to be dealed with mbuf directly.
 7280  * IN:
 7281  *     msgp  : pointer to pointer to a received buffer pulluped.
 7282  *             This is rewrited to response.
 7283  *     so    : pointer to socket.
 7284  * OUT:
 7285  *    length for buffer to send to user process.
 7286  */
 7287 int
 7288 key_parse(m, so)
 7289         struct mbuf *m;
 7290         struct socket *so;
 7291 {
 7292         struct sadb_msg *msg;
 7293         struct sadb_msghdr mh;
 7294         u_int orglen;
 7295         int error;
 7296         int target;
 7297 
 7298         IPSEC_ASSERT(so != NULL, ("null socket"));
 7299         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7300 
 7301 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 7302         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 7303                 ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__));
 7304                 kdebug_sadb(msg));
 7305 #endif
 7306 
 7307         if (m->m_len < sizeof(struct sadb_msg)) {
 7308                 m = m_pullup(m, sizeof(struct sadb_msg));
 7309                 if (!m)
 7310                         return ENOBUFS;
 7311         }
 7312         msg = mtod(m, struct sadb_msg *);
 7313         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 7314         target = KEY_SENDUP_ONE;
 7315 
 7316         if ((m->m_flags & M_PKTHDR) == 0 ||
 7317             m->m_pkthdr.len != m->m_pkthdr.len) {
 7318                 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
 7319                 PFKEYSTAT_INC(out_invlen);
 7320                 error = EINVAL;
 7321                 goto senderror;
 7322         }
 7323 
 7324         if (msg->sadb_msg_version != PF_KEY_V2) {
 7325                 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
 7326                     __func__, msg->sadb_msg_version));
 7327                 PFKEYSTAT_INC(out_invver);
 7328                 error = EINVAL;
 7329                 goto senderror;
 7330         }
 7331 
 7332         if (msg->sadb_msg_type > SADB_MAX) {
 7333                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7334                     __func__, msg->sadb_msg_type));
 7335                 PFKEYSTAT_INC(out_invmsgtype);
 7336                 error = EINVAL;
 7337                 goto senderror;
 7338         }
 7339 
 7340         /* for old-fashioned code - should be nuked */
 7341         if (m->m_pkthdr.len > MCLBYTES) {
 7342                 m_freem(m);
 7343                 return ENOBUFS;
 7344         }
 7345         if (m->m_next) {
 7346                 struct mbuf *n;
 7347 
 7348                 MGETHDR(n, M_NOWAIT, MT_DATA);
 7349                 if (n && m->m_pkthdr.len > MHLEN) {
 7350                         MCLGET(n, M_NOWAIT);
 7351                         if ((n->m_flags & M_EXT) == 0) {
 7352                                 m_free(n);
 7353                                 n = NULL;
 7354                         }
 7355                 }
 7356                 if (!n) {
 7357                         m_freem(m);
 7358                         return ENOBUFS;
 7359                 }
 7360                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 7361                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 7362                 n->m_next = NULL;
 7363                 m_freem(m);
 7364                 m = n;
 7365         }
 7366 
 7367         /* align the mbuf chain so that extensions are in contiguous region. */
 7368         error = key_align(m, &mh);
 7369         if (error)
 7370                 return error;
 7371 
 7372         msg = mh.msg;
 7373 
 7374         /* check SA type */
 7375         switch (msg->sadb_msg_satype) {
 7376         case SADB_SATYPE_UNSPEC:
 7377                 switch (msg->sadb_msg_type) {
 7378                 case SADB_GETSPI:
 7379                 case SADB_UPDATE:
 7380                 case SADB_ADD:
 7381                 case SADB_DELETE:
 7382                 case SADB_GET:
 7383                 case SADB_ACQUIRE:
 7384                 case SADB_EXPIRE:
 7385                         ipseclog((LOG_DEBUG, "%s: must specify satype "
 7386                             "when msg type=%u.\n", __func__,
 7387                             msg->sadb_msg_type));
 7388                         PFKEYSTAT_INC(out_invsatype);
 7389                         error = EINVAL;
 7390                         goto senderror;
 7391                 }
 7392                 break;
 7393         case SADB_SATYPE_AH:
 7394         case SADB_SATYPE_ESP:
 7395         case SADB_X_SATYPE_IPCOMP:
 7396         case SADB_X_SATYPE_TCPSIGNATURE:
 7397                 switch (msg->sadb_msg_type) {
 7398                 case SADB_X_SPDADD:
 7399                 case SADB_X_SPDDELETE:
 7400                 case SADB_X_SPDGET:
 7401                 case SADB_X_SPDDUMP:
 7402                 case SADB_X_SPDFLUSH:
 7403                 case SADB_X_SPDSETIDX:
 7404                 case SADB_X_SPDUPDATE:
 7405                 case SADB_X_SPDDELETE2:
 7406                         ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
 7407                                 __func__, msg->sadb_msg_type));
 7408                         PFKEYSTAT_INC(out_invsatype);
 7409                         error = EINVAL;
 7410                         goto senderror;
 7411                 }
 7412                 break;
 7413         case SADB_SATYPE_RSVP:
 7414         case SADB_SATYPE_OSPFV2:
 7415         case SADB_SATYPE_RIPV2:
 7416         case SADB_SATYPE_MIP:
 7417                 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
 7418                         __func__, msg->sadb_msg_satype));
 7419                 PFKEYSTAT_INC(out_invsatype);
 7420                 error = EOPNOTSUPP;
 7421                 goto senderror;
 7422         case 1: /* XXX: What does it do? */
 7423                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7424                         break;
 7425                 /*FALLTHROUGH*/
 7426         default:
 7427                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7428                         __func__, msg->sadb_msg_satype));
 7429                 PFKEYSTAT_INC(out_invsatype);
 7430                 error = EINVAL;
 7431                 goto senderror;
 7432         }
 7433 
 7434         /* check field of upper layer protocol and address family */
 7435         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
 7436          && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7437                 struct sadb_address *src0, *dst0;
 7438                 u_int plen;
 7439 
 7440                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7441                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7442 
 7443                 /* check upper layer protocol */
 7444                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7445                         ipseclog((LOG_DEBUG, "%s: upper layer protocol "
 7446                                 "mismatched.\n", __func__));
 7447                         PFKEYSTAT_INC(out_invaddr);
 7448                         error = EINVAL;
 7449                         goto senderror;
 7450                 }
 7451 
 7452                 /* check family */
 7453                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7454                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7455                         ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 7456                                 __func__));
 7457                         PFKEYSTAT_INC(out_invaddr);
 7458                         error = EINVAL;
 7459                         goto senderror;
 7460                 }
 7461                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7462                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7463                         ipseclog((LOG_DEBUG, "%s: address struct size "
 7464                                 "mismatched.\n", __func__));
 7465                         PFKEYSTAT_INC(out_invaddr);
 7466                         error = EINVAL;
 7467                         goto senderror;
 7468                 }
 7469 
 7470                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7471                 case AF_INET:
 7472                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7473                             sizeof(struct sockaddr_in)) {
 7474                                 PFKEYSTAT_INC(out_invaddr);
 7475                                 error = EINVAL;
 7476                                 goto senderror;
 7477                         }
 7478                         break;
 7479                 case AF_INET6:
 7480                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7481                             sizeof(struct sockaddr_in6)) {
 7482                                 PFKEYSTAT_INC(out_invaddr);
 7483                                 error = EINVAL;
 7484                                 goto senderror;
 7485                         }
 7486                         break;
 7487                 default:
 7488                         ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
 7489                                 __func__));
 7490                         PFKEYSTAT_INC(out_invaddr);
 7491                         error = EAFNOSUPPORT;
 7492                         goto senderror;
 7493                 }
 7494 
 7495                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7496                 case AF_INET:
 7497                         plen = sizeof(struct in_addr) << 3;
 7498                         break;
 7499                 case AF_INET6:
 7500                         plen = sizeof(struct in6_addr) << 3;
 7501                         break;
 7502                 default:
 7503                         plen = 0;       /*fool gcc*/
 7504                         break;
 7505                 }
 7506 
 7507                 /* check max prefix length */
 7508                 if (src0->sadb_address_prefixlen > plen ||
 7509                     dst0->sadb_address_prefixlen > plen) {
 7510                         ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
 7511                                 __func__));
 7512                         PFKEYSTAT_INC(out_invaddr);
 7513                         error = EINVAL;
 7514                         goto senderror;
 7515                 }
 7516 
 7517                 /*
 7518                  * prefixlen == 0 is valid because there can be a case when
 7519                  * all addresses are matched.
 7520                  */
 7521         }
 7522 
 7523         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7524             key_typesw[msg->sadb_msg_type] == NULL) {
 7525                 PFKEYSTAT_INC(out_invmsgtype);
 7526                 error = EINVAL;
 7527                 goto senderror;
 7528         }
 7529 
 7530         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7531 
 7532 senderror:
 7533         msg->sadb_msg_errno = error;
 7534         return key_sendup_mbuf(so, m, target);
 7535 }
 7536 
 7537 static int
 7538 key_senderror(so, m, code)
 7539         struct socket *so;
 7540         struct mbuf *m;
 7541         int code;
 7542 {
 7543         struct sadb_msg *msg;
 7544 
 7545         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7546                 ("mbuf too small, len %u", m->m_len));
 7547 
 7548         msg = mtod(m, struct sadb_msg *);
 7549         msg->sadb_msg_errno = code;
 7550         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7551 }
 7552 
 7553 /*
 7554  * set the pointer to each header into message buffer.
 7555  * m will be freed on error.
 7556  * XXX larger-than-MCLBYTES extension?
 7557  */
 7558 static int
 7559 key_align(m, mhp)
 7560         struct mbuf *m;
 7561         struct sadb_msghdr *mhp;
 7562 {
 7563         struct mbuf *n;
 7564         struct sadb_ext *ext;
 7565         size_t off, end;
 7566         int extlen;
 7567         int toff;
 7568 
 7569         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7570         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7571         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7572                 ("mbuf too small, len %u", m->m_len));
 7573 
 7574         /* initialize */
 7575         bzero(mhp, sizeof(*mhp));
 7576 
 7577         mhp->msg = mtod(m, struct sadb_msg *);
 7578         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7579 
 7580         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7581         extlen = end;   /*just in case extlen is not updated*/
 7582         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7583                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7584                 if (!n) {
 7585                         /* m is already freed */
 7586                         return ENOBUFS;
 7587                 }
 7588                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7589 
 7590                 /* set pointer */
 7591                 switch (ext->sadb_ext_type) {
 7592                 case SADB_EXT_SA:
 7593                 case SADB_EXT_ADDRESS_SRC:
 7594                 case SADB_EXT_ADDRESS_DST:
 7595                 case SADB_EXT_ADDRESS_PROXY:
 7596                 case SADB_EXT_LIFETIME_CURRENT:
 7597                 case SADB_EXT_LIFETIME_HARD:
 7598                 case SADB_EXT_LIFETIME_SOFT:
 7599                 case SADB_EXT_KEY_AUTH:
 7600                 case SADB_EXT_KEY_ENCRYPT:
 7601                 case SADB_EXT_IDENTITY_SRC:
 7602                 case SADB_EXT_IDENTITY_DST:
 7603                 case SADB_EXT_SENSITIVITY:
 7604                 case SADB_EXT_PROPOSAL:
 7605                 case SADB_EXT_SUPPORTED_AUTH:
 7606                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7607                 case SADB_EXT_SPIRANGE:
 7608                 case SADB_X_EXT_POLICY:
 7609                 case SADB_X_EXT_SA2:
 7610 #ifdef IPSEC_NAT_T
 7611                 case SADB_X_EXT_NAT_T_TYPE:
 7612                 case SADB_X_EXT_NAT_T_SPORT:
 7613                 case SADB_X_EXT_NAT_T_DPORT:
 7614                 case SADB_X_EXT_NAT_T_OAI:
 7615                 case SADB_X_EXT_NAT_T_OAR:
 7616                 case SADB_X_EXT_NAT_T_FRAG:
 7617 #endif
 7618                         /* duplicate check */
 7619                         /*
 7620                          * XXX Are there duplication payloads of either
 7621                          * KEY_AUTH or KEY_ENCRYPT ?
 7622                          */
 7623                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7624                                 ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
 7625                                         "%u\n", __func__, ext->sadb_ext_type));
 7626                                 m_freem(m);
 7627                                 PFKEYSTAT_INC(out_dupext);
 7628                                 return EINVAL;
 7629                         }
 7630                         break;
 7631                 default:
 7632                         ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
 7633                                 __func__, ext->sadb_ext_type));
 7634                         m_freem(m);
 7635                         PFKEYSTAT_INC(out_invexttype);
 7636                         return EINVAL;
 7637                 }
 7638 
 7639                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7640 
 7641                 if (key_validate_ext(ext, extlen)) {
 7642                         m_freem(m);
 7643                         PFKEYSTAT_INC(out_invlen);
 7644                         return EINVAL;
 7645                 }
 7646 
 7647                 n = m_pulldown(m, off, extlen, &toff);
 7648                 if (!n) {
 7649                         /* m is already freed */
 7650                         return ENOBUFS;
 7651                 }
 7652                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7653 
 7654                 mhp->ext[ext->sadb_ext_type] = ext;
 7655                 mhp->extoff[ext->sadb_ext_type] = off;
 7656                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7657         }
 7658 
 7659         if (off != end) {
 7660                 m_freem(m);
 7661                 PFKEYSTAT_INC(out_invlen);
 7662                 return EINVAL;
 7663         }
 7664 
 7665         return 0;
 7666 }
 7667 
 7668 static int
 7669 key_validate_ext(ext, len)
 7670         const struct sadb_ext *ext;
 7671         int len;
 7672 {
 7673         const struct sockaddr *sa;
 7674         enum { NONE, ADDR } checktype = NONE;
 7675         int baselen = 0;
 7676         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7677 
 7678         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7679                 return EINVAL;
 7680 
 7681         /* if it does not match minimum/maximum length, bail */
 7682         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7683             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7684                 return EINVAL;
 7685         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7686                 return EINVAL;
 7687         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7688                 return EINVAL;
 7689 
 7690         /* more checks based on sadb_ext_type XXX need more */
 7691         switch (ext->sadb_ext_type) {
 7692         case SADB_EXT_ADDRESS_SRC:
 7693         case SADB_EXT_ADDRESS_DST:
 7694         case SADB_EXT_ADDRESS_PROXY:
 7695                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7696                 checktype = ADDR;
 7697                 break;
 7698         case SADB_EXT_IDENTITY_SRC:
 7699         case SADB_EXT_IDENTITY_DST:
 7700                 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
 7701                     SADB_X_IDENTTYPE_ADDR) {
 7702                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7703                         checktype = ADDR;
 7704                 } else
 7705                         checktype = NONE;
 7706                 break;
 7707         default:
 7708                 checktype = NONE;
 7709                 break;
 7710         }
 7711 
 7712         switch (checktype) {
 7713         case NONE:
 7714                 break;
 7715         case ADDR:
 7716                 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
 7717                 if (len < baselen + sal)
 7718                         return EINVAL;
 7719                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7720                         return EINVAL;
 7721                 break;
 7722         }
 7723 
 7724         return 0;
 7725 }
 7726 
 7727 void
 7728 key_init(void)
 7729 {
 7730         int i;
 7731 
 7732         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7733                 LIST_INIT(&V_sptree[i]);
 7734 
 7735         LIST_INIT(&V_sahtree);
 7736 
 7737         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7738                 LIST_INIT(&V_regtree[i]);
 7739 
 7740         LIST_INIT(&V_acqtree);
 7741         LIST_INIT(&V_spacqtree);
 7742 
 7743         /* system default */
 7744         V_ip4_def_policy.policy = IPSEC_POLICY_NONE;
 7745         V_ip4_def_policy.refcnt++;      /*never reclaim this*/
 7746 
 7747         if (!IS_DEFAULT_VNET(curvnet))
 7748                 return;
 7749 
 7750         SPTREE_LOCK_INIT();
 7751         REGTREE_LOCK_INIT();
 7752         SAHTREE_LOCK_INIT();
 7753         ACQ_LOCK_INIT();
 7754         SPACQ_LOCK_INIT();
 7755 
 7756 #ifndef IPSEC_DEBUG2
 7757         callout_init(&key_timer, CALLOUT_MPSAFE);
 7758         callout_reset(&key_timer, hz, key_timehandler, NULL);
 7759 #endif /*IPSEC_DEBUG2*/
 7760 
 7761         /* initialize key statistics */
 7762         keystat.getspi_count = 1;
 7763 
 7764         printf("IPsec: Initialized Security Association Processing.\n");
 7765 }
 7766 
 7767 #ifdef VIMAGE
 7768 void
 7769 key_destroy(void)
 7770 {
 7771         struct secpolicy *sp, *nextsp;
 7772         struct secacq *acq, *nextacq;
 7773         struct secspacq *spacq, *nextspacq;
 7774         struct secashead *sah, *nextsah;
 7775         struct secreg *reg;
 7776         int i;
 7777 
 7778         SPTREE_LOCK();
 7779         for (i = 0; i < IPSEC_DIR_MAX; i++) {
 7780                 for (sp = LIST_FIRST(&V_sptree[i]); 
 7781                     sp != NULL; sp = nextsp) {
 7782                         nextsp = LIST_NEXT(sp, chain);
 7783                         if (__LIST_CHAINED(sp)) {
 7784                                 LIST_REMOVE(sp, chain);