The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: releng/9.1/sys/netipsec/key.c 226386 2011-10-15 12:10:34Z brueffer $  */
    2 /*      $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 /*
   34  * This code is referd to RFC 2367
   35  */
   36 
   37 #include "opt_inet.h"
   38 #include "opt_inet6.h"
   39 #include "opt_ipsec.h"
   40 
   41 #include <sys/types.h>
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/kernel.h>
   45 #include <sys/lock.h>
   46 #include <sys/mutex.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/socket.h>
   52 #include <sys/socketvar.h>
   53 #include <sys/sysctl.h>
   54 #include <sys/errno.h>
   55 #include <sys/proc.h>
   56 #include <sys/queue.h>
   57 #include <sys/refcount.h>
   58 #include <sys/syslog.h>
   59 
   60 #include <net/if.h>
   61 #include <net/route.h>
   62 #include <net/raw_cb.h>
   63 #include <net/vnet.h>
   64 
   65 #include <netinet/in.h>
   66 #include <netinet/in_systm.h>
   67 #include <netinet/ip.h>
   68 #include <netinet/in_var.h>
   69 
   70 #ifdef INET6
   71 #include <netinet/ip6.h>
   72 #include <netinet6/in6_var.h>
   73 #include <netinet6/ip6_var.h>
   74 #endif /* INET6 */
   75 
   76 #if defined(INET) || defined(INET6)
   77 #include <netinet/in_pcb.h>
   78 #endif
   79 #ifdef INET6
   80 #include <netinet6/in6_pcb.h>
   81 #endif /* INET6 */
   82 
   83 #include <net/pfkeyv2.h>
   84 #include <netipsec/keydb.h>
   85 #include <netipsec/key.h>
   86 #include <netipsec/keysock.h>
   87 #include <netipsec/key_debug.h>
   88 
   89 #include <netipsec/ipsec.h>
   90 #ifdef INET6
   91 #include <netipsec/ipsec6.h>
   92 #endif
   93 
   94 #include <netipsec/xform.h>
   95 
   96 #include <machine/stdarg.h>
   97 
   98 /* randomness */
   99 #include <sys/random.h>
  100 
  101 #define FULLMASK        0xff
  102 #define _BITS(bytes)    ((bytes) << 3)
  103 
  104 /*
  105  * Note on SA reference counting:
  106  * - SAs that are not in DEAD state will have (total external reference + 1)
  107  *   following value in reference count field.  they cannot be freed and are
  108  *   referenced from SA header.
  109  * - SAs that are in DEAD state will have (total external reference)
  110  *   in reference count field.  they are ready to be freed.  reference from
  111  *   SA header will be removed in key_delsav(), when the reference count
  112  *   field hits 0 (= no external reference other than from SA header.
  113  */
  114 
  115 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
  116 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000;
  117 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100;
  118 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff;     /* XXX */
  119 static VNET_DEFINE(u_int32_t, policy_id) = 0;
  120 /*interval to initialize randseed,1(m)*/
  121 static VNET_DEFINE(u_int, key_int_random) = 60;
  122 /* interval to expire acquiring, 30(s)*/
  123 static VNET_DEFINE(u_int, key_larval_lifetime) = 30;
  124 /* counter for blocking SADB_ACQUIRE.*/
  125 static VNET_DEFINE(int, key_blockacq_count) = 10;
  126 /* lifetime for blocking SADB_ACQUIRE.*/
  127 static VNET_DEFINE(int, key_blockacq_lifetime) = 20;
  128 /* preferred old sa rather than new sa.*/
  129 static VNET_DEFINE(int, key_preferred_oldsa) = 1;
  130 #define V_key_spi_trycnt        VNET(key_spi_trycnt)
  131 #define V_key_spi_minval        VNET(key_spi_minval)
  132 #define V_key_spi_maxval        VNET(key_spi_maxval)
  133 #define V_policy_id             VNET(policy_id)
  134 #define V_key_int_random        VNET(key_int_random)
  135 #define V_key_larval_lifetime   VNET(key_larval_lifetime)
  136 #define V_key_blockacq_count    VNET(key_blockacq_count)
  137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime)
  138 #define V_key_preferred_oldsa   VNET(key_preferred_oldsa)
  139 
  140 static VNET_DEFINE(u_int32_t, acq_seq) = 0;
  141 #define V_acq_seq               VNET(acq_seq)
  142 
  143                                                                 /* SPD */
  144 static VNET_DEFINE(LIST_HEAD(_sptree, secpolicy), sptree[IPSEC_DIR_MAX]);
  145 #define V_sptree                VNET(sptree)
  146 static struct mtx sptree_lock;
  147 #define SPTREE_LOCK_INIT() \
  148         mtx_init(&sptree_lock, "sptree", \
  149                 "fast ipsec security policy database", MTX_DEF)
  150 #define SPTREE_LOCK_DESTROY()   mtx_destroy(&sptree_lock)
  151 #define SPTREE_LOCK()           mtx_lock(&sptree_lock)
  152 #define SPTREE_UNLOCK() mtx_unlock(&sptree_lock)
  153 #define SPTREE_LOCK_ASSERT()    mtx_assert(&sptree_lock, MA_OWNED)
  154 
  155 static VNET_DEFINE(LIST_HEAD(_sahtree, secashead), sahtree);    /* SAD */
  156 #define V_sahtree               VNET(sahtree)
  157 static struct mtx sahtree_lock;
  158 #define SAHTREE_LOCK_INIT() \
  159         mtx_init(&sahtree_lock, "sahtree", \
  160                 "fast ipsec security association database", MTX_DEF)
  161 #define SAHTREE_LOCK_DESTROY()  mtx_destroy(&sahtree_lock)
  162 #define SAHTREE_LOCK()          mtx_lock(&sahtree_lock)
  163 #define SAHTREE_UNLOCK()        mtx_unlock(&sahtree_lock)
  164 #define SAHTREE_LOCK_ASSERT()   mtx_assert(&sahtree_lock, MA_OWNED)
  165 
  166                                                         /* registed list */
  167 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
  168 #define V_regtree               VNET(regtree)
  169 static struct mtx regtree_lock;
  170 #define REGTREE_LOCK_INIT() \
  171         mtx_init(&regtree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
  172 #define REGTREE_LOCK_DESTROY()  mtx_destroy(&regtree_lock)
  173 #define REGTREE_LOCK()          mtx_lock(&regtree_lock)
  174 #define REGTREE_UNLOCK()        mtx_unlock(&regtree_lock)
  175 #define REGTREE_LOCK_ASSERT()   mtx_assert(&regtree_lock, MA_OWNED)
  176 
  177 static VNET_DEFINE(LIST_HEAD(_acqtree, secacq), acqtree); /* acquiring list */
  178 #define V_acqtree               VNET(acqtree)
  179 static struct mtx acq_lock;
  180 #define ACQ_LOCK_INIT() \
  181         mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF)
  182 #define ACQ_LOCK_DESTROY()      mtx_destroy(&acq_lock)
  183 #define ACQ_LOCK()              mtx_lock(&acq_lock)
  184 #define ACQ_UNLOCK()            mtx_unlock(&acq_lock)
  185 #define ACQ_LOCK_ASSERT()       mtx_assert(&acq_lock, MA_OWNED)
  186 
  187                                                         /* SP acquiring list */
  188 static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree);
  189 #define V_spacqtree             VNET(spacqtree)
  190 static struct mtx spacq_lock;
  191 #define SPACQ_LOCK_INIT() \
  192         mtx_init(&spacq_lock, "spacqtree", \
  193                 "fast ipsec security policy acquire list", MTX_DEF)
  194 #define SPACQ_LOCK_DESTROY()    mtx_destroy(&spacq_lock)
  195 #define SPACQ_LOCK()            mtx_lock(&spacq_lock)
  196 #define SPACQ_UNLOCK()          mtx_unlock(&spacq_lock)
  197 #define SPACQ_LOCK_ASSERT()     mtx_assert(&spacq_lock, MA_OWNED)
  198 
  199 /* search order for SAs */
  200 static const u_int saorder_state_valid_prefer_old[] = {
  201         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  202 };
  203 static const u_int saorder_state_valid_prefer_new[] = {
  204         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  205 };
  206 static const u_int saorder_state_alive[] = {
  207         /* except DEAD */
  208         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  209 };
  210 static const u_int saorder_state_any[] = {
  211         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  212         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  213 };
  214 
  215 static const int minsize[] = {
  216         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  217         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  218         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  219         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  220         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  221         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  222         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  223         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  224         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  225         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  226         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  227         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  228         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  229         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  230         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  231         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  232         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  233         0,                              /* SADB_X_EXT_KMPRIVATE */
  234         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  235         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  236         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  237         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  238         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  239         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAI */
  240         sizeof(struct sadb_address),    /* SADB_X_EXT_NAT_T_OAR */
  241         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  242 };
  243 static const int maxsize[] = {
  244         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  245         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  246         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  247         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  248         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  249         0,                              /* SADB_EXT_ADDRESS_SRC */
  250         0,                              /* SADB_EXT_ADDRESS_DST */
  251         0,                              /* SADB_EXT_ADDRESS_PROXY */
  252         0,                              /* SADB_EXT_KEY_AUTH */
  253         0,                              /* SADB_EXT_KEY_ENCRYPT */
  254         0,                              /* SADB_EXT_IDENTITY_SRC */
  255         0,                              /* SADB_EXT_IDENTITY_DST */
  256         0,                              /* SADB_EXT_SENSITIVITY */
  257         0,                              /* SADB_EXT_PROPOSAL */
  258         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  259         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  260         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  261         0,                              /* SADB_X_EXT_KMPRIVATE */
  262         0,                              /* SADB_X_EXT_POLICY */
  263         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  264         sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */
  265         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */
  266         sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */
  267         0,                              /* SADB_X_EXT_NAT_T_OAI */
  268         0,                              /* SADB_X_EXT_NAT_T_OAR */
  269         sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
  270 };
  271 
  272 static VNET_DEFINE(int, ipsec_esp_keymin) = 256;
  273 static VNET_DEFINE(int, ipsec_esp_auth) = 0;
  274 static VNET_DEFINE(int, ipsec_ah_keymin) = 128;
  275 
  276 #define V_ipsec_esp_keymin      VNET(ipsec_esp_keymin)
  277 #define V_ipsec_esp_auth        VNET(ipsec_esp_auth)
  278 #define V_ipsec_ah_keymin       VNET(ipsec_ah_keymin)
  279 
  280 #ifdef SYSCTL_DECL
  281 SYSCTL_DECL(_net_key);
  282 #endif
  283 
  284 SYSCTL_VNET_INT(_net_key, KEYCTL_DEBUG_LEVEL,   debug,
  285         CTLFLAG_RW, &VNET_NAME(key_debug_level),        0,      "");
  286 
  287 /* max count of trial for the decision of spi value */
  288 SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
  289         CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0,      "");
  290 
  291 /* minimum spi value to allocate automatically. */
  292 SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_MIN_VALUE,
  293         spi_minval,     CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0,      "");
  294 
  295 /* maximun spi value to allocate automatically. */
  296 SYSCTL_VNET_INT(_net_key, KEYCTL_SPI_MAX_VALUE,
  297         spi_maxval,     CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0,      "");
  298 
  299 /* interval to initialize randseed */
  300 SYSCTL_VNET_INT(_net_key, KEYCTL_RANDOM_INT,
  301         int_random,     CTLFLAG_RW, &VNET_NAME(key_int_random), 0,      "");
  302 
  303 /* lifetime for larval SA */
  304 SYSCTL_VNET_INT(_net_key, KEYCTL_LARVAL_LIFETIME,
  305         larval_lifetime, CTLFLAG_RW, &VNET_NAME(key_larval_lifetime),   0, "");
  306 
  307 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  308 SYSCTL_VNET_INT(_net_key, KEYCTL_BLOCKACQ_COUNT,
  309         blockacq_count, CTLFLAG_RW, &VNET_NAME(key_blockacq_count),     0, "");
  310 
  311 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  312 SYSCTL_VNET_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME,
  313         blockacq_lifetime, CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
  314 
  315 /* ESP auth */
  316 SYSCTL_VNET_INT(_net_key, KEYCTL_ESP_AUTH,      esp_auth,
  317         CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0,      "");
  318 
  319 /* minimum ESP key length */
  320 SYSCTL_VNET_INT(_net_key, KEYCTL_ESP_KEYMIN,
  321         esp_keymin, CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin),   0,      "");
  322 
  323 /* minimum AH key length */
  324 SYSCTL_VNET_INT(_net_key, KEYCTL_AH_KEYMIN,     ah_keymin,
  325         CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin),        0,      "");
  326 
  327 /* perfered old SA rather than new SA */
  328 SYSCTL_VNET_INT(_net_key, KEYCTL_PREFERED_OLDSA,
  329         preferred_oldsa, CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa),   0, "");
  330 
  331 #define __LIST_CHAINED(elm) \
  332         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  333 #define LIST_INSERT_TAIL(head, elm, type, field) \
  334 do {\
  335         struct type *curelm = LIST_FIRST(head); \
  336         if (curelm == NULL) {\
  337                 LIST_INSERT_HEAD(head, elm, field); \
  338         } else { \
  339                 while (LIST_NEXT(curelm, field)) \
  340                         curelm = LIST_NEXT(curelm, field);\
  341                 LIST_INSERT_AFTER(curelm, elm, field);\
  342         }\
  343 } while (0)
  344 
  345 #define KEY_CHKSASTATE(head, sav, name) \
  346 do { \
  347         if ((head) != (sav)) {                                          \
  348                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
  349                         (name), (head), (sav)));                        \
  350                 continue;                                               \
  351         }                                                               \
  352 } while (0)
  353 
  354 #define KEY_CHKSPDIR(head, sp, name) \
  355 do { \
  356         if ((head) != (sp)) {                                           \
  357                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
  358                         "anyway continue.\n",                           \
  359                         (name), (head), (sp)));                         \
  360         }                                                               \
  361 } while (0)
  362 
  363 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association");
  364 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head");
  365 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy");
  366 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request");
  367 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous");
  368 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire");
  369 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire");
  370 
  371 /*
  372  * set parameters into secpolicyindex buffer.
  373  * Must allocate secpolicyindex buffer passed to this function.
  374  */
  375 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
  376 do { \
  377         bzero((idx), sizeof(struct secpolicyindex));                         \
  378         (idx)->dir = (_dir);                                                 \
  379         (idx)->prefs = (ps);                                                 \
  380         (idx)->prefd = (pd);                                                 \
  381         (idx)->ul_proto = (ulp);                                             \
  382         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  383         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  384 } while (0)
  385 
  386 /*
  387  * set parameters into secasindex buffer.
  388  * Must allocate secasindex buffer before calling this function.
  389  */
  390 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  391 do { \
  392         bzero((idx), sizeof(struct secasindex));                             \
  393         (idx)->proto = (p);                                                  \
  394         (idx)->mode = (m);                                                   \
  395         (idx)->reqid = (r);                                                  \
  396         bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len);     \
  397         bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len);     \
  398 } while (0)
  399 
  400 /* key statistics */
  401 struct _keystat {
  402         u_long getspi_count; /* the avarage of count to try to get new SPI */
  403 } keystat;
  404 
  405 struct sadb_msghdr {
  406         struct sadb_msg *msg;
  407         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  408         int extoff[SADB_EXT_MAX + 1];
  409         int extlen[SADB_EXT_MAX + 1];
  410 };
  411 
  412 static struct secasvar *key_allocsa_policy __P((const struct secasindex *));
  413 static void key_freesp_so __P((struct secpolicy **));
  414 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
  415 static void key_delsp __P((struct secpolicy *));
  416 static struct secpolicy *key_getsp __P((struct secpolicyindex *));
  417 static void _key_delsp(struct secpolicy *sp);
  418 static struct secpolicy *key_getspbyid __P((u_int32_t));
  419 static u_int32_t key_newreqid __P((void));
  420 static struct mbuf *key_gather_mbuf __P((struct mbuf *,
  421         const struct sadb_msghdr *, int, int, ...));
  422 static int key_spdadd __P((struct socket *, struct mbuf *,
  423         const struct sadb_msghdr *));
  424 static u_int32_t key_getnewspid __P((void));
  425 static int key_spddelete __P((struct socket *, struct mbuf *,
  426         const struct sadb_msghdr *));
  427 static int key_spddelete2 __P((struct socket *, struct mbuf *,
  428         const struct sadb_msghdr *));
  429 static int key_spdget __P((struct socket *, struct mbuf *,
  430         const struct sadb_msghdr *));
  431 static int key_spdflush __P((struct socket *, struct mbuf *,
  432         const struct sadb_msghdr *));
  433 static int key_spddump __P((struct socket *, struct mbuf *,
  434         const struct sadb_msghdr *));
  435 static struct mbuf *key_setdumpsp __P((struct secpolicy *,
  436         u_int8_t, u_int32_t, u_int32_t));
  437 static u_int key_getspreqmsglen __P((struct secpolicy *));
  438 static int key_spdexpire __P((struct secpolicy *));
  439 static struct secashead *key_newsah __P((struct secasindex *));
  440 static void key_delsah __P((struct secashead *));
  441 static struct secasvar *key_newsav __P((struct mbuf *,
  442         const struct sadb_msghdr *, struct secashead *, int *,
  443         const char*, int));
  444 #define KEY_NEWSAV(m, sadb, sah, e)                             \
  445         key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
  446 static void key_delsav __P((struct secasvar *));
  447 static struct secashead *key_getsah __P((struct secasindex *));
  448 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t));
  449 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t));
  450 static int key_setsaval __P((struct secasvar *, struct mbuf *,
  451         const struct sadb_msghdr *));
  452 static int key_mature __P((struct secasvar *));
  453 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t,
  454         u_int8_t, u_int32_t, u_int32_t));
  455 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t,
  456         u_int32_t, pid_t, u_int16_t));
  457 static struct mbuf *key_setsadbsa __P((struct secasvar *));
  458 static struct mbuf *key_setsadbaddr __P((u_int16_t,
  459         const struct sockaddr *, u_int8_t, u_int16_t));
  460 #ifdef IPSEC_NAT_T
  461 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
  462 static struct mbuf *key_setsadbxtype(u_int16_t);
  463 #endif
  464 static void key_porttosaddr(struct sockaddr *, u_int16_t);
  465 #define KEY_PORTTOSADDR(saddr, port)                            \
  466         key_porttosaddr((struct sockaddr *)(saddr), (port))
  467 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t));
  468 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
  469         u_int32_t));
  470 static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, 
  471                                      struct malloc_type *);
  472 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
  473                                             struct malloc_type *type);
  474 #ifdef INET6
  475 static int key_ismyaddr6 __P((struct sockaddr_in6 *));
  476 #endif
  477 
  478 /* flags for key_cmpsaidx() */
  479 #define CMP_HEAD        1       /* protocol, addresses. */
  480 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  481 #define CMP_REQID       3       /* additionally HEAD, reaid. */
  482 #define CMP_EXACTLY     4       /* all elements. */
  483 static int key_cmpsaidx
  484         __P((const struct secasindex *, const struct secasindex *, int));
  485 
  486 static int key_cmpspidx_exactly
  487         __P((struct secpolicyindex *, struct secpolicyindex *));
  488 static int key_cmpspidx_withmask
  489         __P((struct secpolicyindex *, struct secpolicyindex *));
  490 static int key_sockaddrcmp __P((const struct sockaddr *, const struct sockaddr *, int));
  491 static int key_bbcmp __P((const void *, const void *, u_int));
  492 static u_int16_t key_satype2proto __P((u_int8_t));
  493 static u_int8_t key_proto2satype __P((u_int16_t));
  494 
  495 static int key_getspi __P((struct socket *, struct mbuf *,
  496         const struct sadb_msghdr *));
  497 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *,
  498                                         struct secasindex *));
  499 static int key_update __P((struct socket *, struct mbuf *,
  500         const struct sadb_msghdr *));
  501 #ifdef IPSEC_DOSEQCHECK
  502 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t));
  503 #endif
  504 static int key_add __P((struct socket *, struct mbuf *,
  505         const struct sadb_msghdr *));
  506 static int key_setident __P((struct secashead *, struct mbuf *,
  507         const struct sadb_msghdr *));
  508 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *,
  509         const struct sadb_msghdr *));
  510 static int key_delete __P((struct socket *, struct mbuf *,
  511         const struct sadb_msghdr *));
  512 static int key_get __P((struct socket *, struct mbuf *,
  513         const struct sadb_msghdr *));
  514 
  515 static void key_getcomb_setlifetime __P((struct sadb_comb *));
  516 static struct mbuf *key_getcomb_esp __P((void));
  517 static struct mbuf *key_getcomb_ah __P((void));
  518 static struct mbuf *key_getcomb_ipcomp __P((void));
  519 static struct mbuf *key_getprop __P((const struct secasindex *));
  520 
  521 static int key_acquire __P((const struct secasindex *, struct secpolicy *));
  522 static struct secacq *key_newacq __P((const struct secasindex *));
  523 static struct secacq *key_getacq __P((const struct secasindex *));
  524 static struct secacq *key_getacqbyseq __P((u_int32_t));
  525 static struct secspacq *key_newspacq __P((struct secpolicyindex *));
  526 static struct secspacq *key_getspacq __P((struct secpolicyindex *));
  527 static int key_acquire2 __P((struct socket *, struct mbuf *,
  528         const struct sadb_msghdr *));
  529 static int key_register __P((struct socket *, struct mbuf *,
  530         const struct sadb_msghdr *));
  531 static int key_expire __P((struct secasvar *));
  532 static int key_flush __P((struct socket *, struct mbuf *,
  533         const struct sadb_msghdr *));
  534 static int key_dump __P((struct socket *, struct mbuf *,
  535         const struct sadb_msghdr *));
  536 static int key_promisc __P((struct socket *, struct mbuf *,
  537         const struct sadb_msghdr *));
  538 static int key_senderror __P((struct socket *, struct mbuf *, int));
  539 static int key_validate_ext __P((const struct sadb_ext *, int));
  540 static int key_align __P((struct mbuf *, struct sadb_msghdr *));
  541 static struct mbuf *key_setlifetime(struct seclifetime *src, 
  542                                      u_int16_t exttype);
  543 static struct mbuf *key_setkey(struct seckey *src, u_int16_t exttype);
  544 
  545 #if 0
  546 static const char *key_getfqdn __P((void));
  547 static const char *key_getuserfqdn __P((void));
  548 #endif
  549 static void key_sa_chgstate __P((struct secasvar *, u_int8_t));
  550 static struct mbuf *key_alloc_mbuf __P((int));
  551 
  552 static __inline void
  553 sa_initref(struct secasvar *sav)
  554 {
  555 
  556         refcount_init(&sav->refcnt, 1);
  557 }
  558 static __inline void
  559 sa_addref(struct secasvar *sav)
  560 {
  561 
  562         refcount_acquire(&sav->refcnt);
  563         IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow"));
  564 }
  565 static __inline int
  566 sa_delref(struct secasvar *sav)
  567 {
  568 
  569         IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow"));
  570         return (refcount_release(&sav->refcnt));
  571 }
  572 
  573 #define SP_ADDREF(p) do {                                               \
  574         (p)->refcnt++;                                                  \
  575         IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow"));         \
  576 } while (0)
  577 #define SP_DELREF(p) do {                                               \
  578         IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow"));         \
  579         (p)->refcnt--;                                                  \
  580 } while (0)
  581  
  582 
  583 /*
  584  * Update the refcnt while holding the SPTREE lock.
  585  */
  586 void
  587 key_addref(struct secpolicy *sp)
  588 {
  589         SPTREE_LOCK();
  590         SP_ADDREF(sp);
  591         SPTREE_UNLOCK();
  592 }
  593 
  594 /*
  595  * Return 0 when there are known to be no SP's for the specified
  596  * direction.  Otherwise return 1.  This is used by IPsec code
  597  * to optimize performance.
  598  */
  599 int
  600 key_havesp(u_int dir)
  601 {
  602 
  603         return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
  604                 LIST_FIRST(&V_sptree[dir]) != NULL : 1);
  605 }
  606 
  607 /* %%% IPsec policy management */
  608 /*
  609  * allocating a SP for OUTBOUND or INBOUND packet.
  610  * Must call key_freesp() later.
  611  * OUT: NULL:   not found
  612  *      others: found and return the pointer.
  613  */
  614 struct secpolicy *
  615 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
  616 {
  617         struct secpolicy *sp;
  618 
  619         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
  620         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  621                 ("invalid direction %u", dir));
  622 
  623         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  624                 printf("DP %s from %s:%u\n", __func__, where, tag));
  625 
  626         /* get a SP entry */
  627         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  628                 printf("*** objects\n");
  629                 kdebug_secpolicyindex(spidx));
  630 
  631         SPTREE_LOCK();
  632         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  633                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  634                         printf("*** in SPD\n");
  635                         kdebug_secpolicyindex(&sp->spidx));
  636 
  637                 if (sp->state == IPSEC_SPSTATE_DEAD)
  638                         continue;
  639                 if (key_cmpspidx_withmask(&sp->spidx, spidx))
  640                         goto found;
  641         }
  642         sp = NULL;
  643 found:
  644         if (sp) {
  645                 /* sanity check */
  646                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  647 
  648                 /* found a SPD entry */
  649                 sp->lastused = time_second;
  650                 SP_ADDREF(sp);
  651         }
  652         SPTREE_UNLOCK();
  653 
  654         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  655                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  656                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  657         return sp;
  658 }
  659 
  660 /*
  661  * allocating a SP for OUTBOUND or INBOUND packet.
  662  * Must call key_freesp() later.
  663  * OUT: NULL:   not found
  664  *      others: found and return the pointer.
  665  */
  666 struct secpolicy *
  667 key_allocsp2(u_int32_t spi,
  668              union sockaddr_union *dst,
  669              u_int8_t proto,
  670              u_int dir,
  671              const char* where, int tag)
  672 {
  673         struct secpolicy *sp;
  674 
  675         IPSEC_ASSERT(dst != NULL, ("null dst"));
  676         IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
  677                 ("invalid direction %u", dir));
  678 
  679         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  680                 printf("DP %s from %s:%u\n", __func__, where, tag));
  681 
  682         /* get a SP entry */
  683         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  684                 printf("*** objects\n");
  685                 printf("spi %u proto %u dir %u\n", spi, proto, dir);
  686                 kdebug_sockaddr(&dst->sa));
  687 
  688         SPTREE_LOCK();
  689         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  690                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  691                         printf("*** in SPD\n");
  692                         kdebug_secpolicyindex(&sp->spidx));
  693 
  694                 if (sp->state == IPSEC_SPSTATE_DEAD)
  695                         continue;
  696                 /* compare simple values, then dst address */
  697                 if (sp->spidx.ul_proto != proto)
  698                         continue;
  699                 /* NB: spi's must exist and match */
  700                 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
  701                         continue;
  702                 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
  703                         goto found;
  704         }
  705         sp = NULL;
  706 found:
  707         if (sp) {
  708                 /* sanity check */
  709                 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__);
  710 
  711                 /* found a SPD entry */
  712                 sp->lastused = time_second;
  713                 SP_ADDREF(sp);
  714         }
  715         SPTREE_UNLOCK();
  716 
  717         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  718                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  719                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  720         return sp;
  721 }
  722 
  723 #if 0
  724 /*
  725  * return a policy that matches this particular inbound packet.
  726  * XXX slow
  727  */
  728 struct secpolicy *
  729 key_gettunnel(const struct sockaddr *osrc,
  730               const struct sockaddr *odst,
  731               const struct sockaddr *isrc,
  732               const struct sockaddr *idst,
  733               const char* where, int tag)
  734 {
  735         struct secpolicy *sp;
  736         const int dir = IPSEC_DIR_INBOUND;
  737         struct ipsecrequest *r1, *r2, *p;
  738         struct secpolicyindex spidx;
  739 
  740         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  741                 printf("DP %s from %s:%u\n", __func__, where, tag));
  742 
  743         if (isrc->sa_family != idst->sa_family) {
  744                 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.",
  745                         __func__, isrc->sa_family, idst->sa_family));
  746                 sp = NULL;
  747                 goto done;
  748         }
  749 
  750         SPTREE_LOCK();
  751         LIST_FOREACH(sp, &V_sptree[dir], chain) {
  752                 if (sp->state == IPSEC_SPSTATE_DEAD)
  753                         continue;
  754 
  755                 r1 = r2 = NULL;
  756                 for (p = sp->req; p; p = p->next) {
  757                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  758                                 continue;
  759 
  760                         r1 = r2;
  761                         r2 = p;
  762 
  763                         if (!r1) {
  764                                 /* here we look at address matches only */
  765                                 spidx = sp->spidx;
  766                                 if (isrc->sa_len > sizeof(spidx.src) ||
  767                                     idst->sa_len > sizeof(spidx.dst))
  768                                         continue;
  769                                 bcopy(isrc, &spidx.src, isrc->sa_len);
  770                                 bcopy(idst, &spidx.dst, idst->sa_len);
  771                                 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
  772                                         continue;
  773                         } else {
  774                                 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
  775                                     key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
  776                                         continue;
  777                         }
  778 
  779                         if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
  780                             key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
  781                                 continue;
  782 
  783                         goto found;
  784                 }
  785         }
  786         sp = NULL;
  787 found:
  788         if (sp) {
  789                 sp->lastused = time_second;
  790                 SP_ADDREF(sp);
  791         }
  792         SPTREE_UNLOCK();
  793 done:
  794         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  795                 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
  796                         sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
  797         return sp;
  798 }
  799 #endif
  800 
  801 /*
  802  * allocating an SA entry for an *OUTBOUND* packet.
  803  * checking each request entries in SP, and acquire an SA if need.
  804  * OUT: 0: there are valid requests.
  805  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  806  */
  807 int
  808 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
  809 {
  810         u_int level;
  811         int error;
  812         struct secasvar *sav;
  813 
  814         IPSEC_ASSERT(isr != NULL, ("null isr"));
  815         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
  816         IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
  817                 saidx->mode == IPSEC_MODE_TUNNEL,
  818                 ("unexpected policy %u", saidx->mode));
  819 
  820         /*
  821          * XXX guard against protocol callbacks from the crypto
  822          * thread as they reference ipsecrequest.sav which we
  823          * temporarily null out below.  Need to rethink how we
  824          * handle bundled SA's in the callback thread.
  825          */
  826         IPSECREQUEST_LOCK_ASSERT(isr);
  827 
  828         /* get current level */
  829         level = ipsec_get_reqlevel(isr);
  830 
  831         /*
  832          * We check new SA in the IPsec request because a different
  833          * SA may be involved each time this request is checked, either
  834          * because new SAs are being configured, or this request is
  835          * associated with an unconnected datagram socket, or this request
  836          * is associated with a system default policy.
  837          *
  838          * key_allocsa_policy should allocate the oldest SA available.
  839          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  840          */
  841         sav = key_allocsa_policy(saidx);
  842         if (sav != isr->sav) {
  843                 /* SA need to be updated. */
  844                 if (!IPSECREQUEST_UPGRADE(isr)) {
  845                         /* Kick everyone off. */
  846                         IPSECREQUEST_UNLOCK(isr);
  847                         IPSECREQUEST_WLOCK(isr);
  848                 }
  849                 if (isr->sav != NULL)
  850                         KEY_FREESAV(&isr->sav);
  851                 isr->sav = sav;
  852                 IPSECREQUEST_DOWNGRADE(isr);
  853         } else if (sav != NULL)
  854                 KEY_FREESAV(&sav);
  855 
  856         /* When there is SA. */
  857         if (isr->sav != NULL) {
  858                 if (isr->sav->state != SADB_SASTATE_MATURE &&
  859                     isr->sav->state != SADB_SASTATE_DYING)
  860                         return EINVAL;
  861                 return 0;
  862         }
  863 
  864         /* there is no SA */
  865         error = key_acquire(saidx, isr->sp);
  866         if (error != 0) {
  867                 /* XXX What should I do ? */
  868                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
  869                         __func__, error));
  870                 return error;
  871         }
  872 
  873         if (level != IPSEC_LEVEL_REQUIRE) {
  874                 /* XXX sigh, the interface to this routine is botched */
  875                 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA"));
  876                 return 0;
  877         } else {
  878                 return ENOENT;
  879         }
  880 }
  881 
  882 /*
  883  * allocating a SA for policy entry from SAD.
  884  * NOTE: searching SAD of aliving state.
  885  * OUT: NULL:   not found.
  886  *      others: found and return the pointer.
  887  */
  888 static struct secasvar *
  889 key_allocsa_policy(const struct secasindex *saidx)
  890 {
  891 #define N(a)    _ARRAYLEN(a)
  892         struct secashead *sah;
  893         struct secasvar *sav;
  894         u_int stateidx, arraysize;
  895         const u_int *state_valid;
  896 
  897         state_valid = NULL;     /* silence gcc */
  898         arraysize = 0;          /* silence gcc */
  899 
  900         SAHTREE_LOCK();
  901         LIST_FOREACH(sah, &V_sahtree, chain) {
  902                 if (sah->state == SADB_SASTATE_DEAD)
  903                         continue;
  904                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) {
  905                         if (V_key_preferred_oldsa) {
  906                                 state_valid = saorder_state_valid_prefer_old;
  907                                 arraysize = N(saorder_state_valid_prefer_old);
  908                         } else {
  909                                 state_valid = saorder_state_valid_prefer_new;
  910                                 arraysize = N(saorder_state_valid_prefer_new);
  911                         }
  912                         break;
  913                 }
  914         }
  915         SAHTREE_UNLOCK();
  916         if (sah == NULL)
  917                 return NULL;
  918 
  919         /* search valid state */
  920         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  921                 sav = key_do_allocsa_policy(sah, state_valid[stateidx]);
  922                 if (sav != NULL)
  923                         return sav;
  924         }
  925 
  926         return NULL;
  927 #undef N
  928 }
  929 
  930 /*
  931  * searching SAD with direction, protocol, mode and state.
  932  * called by key_allocsa_policy().
  933  * OUT:
  934  *      NULL    : not found
  935  *      others  : found, pointer to a SA.
  936  */
  937 static struct secasvar *
  938 key_do_allocsa_policy(struct secashead *sah, u_int state)
  939 {
  940         struct secasvar *sav, *nextsav, *candidate, *d;
  941 
  942         /* initilize */
  943         candidate = NULL;
  944 
  945         SAHTREE_LOCK();
  946         for (sav = LIST_FIRST(&sah->savtree[state]);
  947              sav != NULL;
  948              sav = nextsav) {
  949 
  950                 nextsav = LIST_NEXT(sav, chain);
  951 
  952                 /* sanity check */
  953                 KEY_CHKSASTATE(sav->state, state, __func__);
  954 
  955                 /* initialize */
  956                 if (candidate == NULL) {
  957                         candidate = sav;
  958                         continue;
  959                 }
  960 
  961                 /* Which SA is the better ? */
  962 
  963                 IPSEC_ASSERT(candidate->lft_c != NULL,
  964                         ("null candidate lifetime"));
  965                 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime"));
  966 
  967                 /* What the best method is to compare ? */
  968                 if (V_key_preferred_oldsa) {
  969                         if (candidate->lft_c->addtime >
  970                                         sav->lft_c->addtime) {
  971                                 candidate = sav;
  972                         }
  973                         continue;
  974                         /*NOTREACHED*/
  975                 }
  976 
  977                 /* preferred new sa rather than old sa */
  978                 if (candidate->lft_c->addtime <
  979                                 sav->lft_c->addtime) {
  980                         d = candidate;
  981                         candidate = sav;
  982                 } else
  983                         d = sav;
  984 
  985                 /*
  986                  * prepared to delete the SA when there is more
  987                  * suitable candidate and the lifetime of the SA is not
  988                  * permanent.
  989                  */
  990                 if (d->lft_h->addtime != 0) {
  991                         struct mbuf *m, *result;
  992                         u_int8_t satype;
  993 
  994                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  995 
  996                         IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count"));
  997 
  998                         satype = key_proto2satype(d->sah->saidx.proto);
  999                         if (satype == 0)
 1000                                 goto msgfail;
 1001 
 1002                         m = key_setsadbmsg(SADB_DELETE, 0,
 1003                             satype, 0, 0, d->refcnt - 1);
 1004                         if (!m)
 1005                                 goto msgfail;
 1006                         result = m;
 1007 
 1008                         /* set sadb_address for saidx's. */
 1009                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 1010                                 &d->sah->saidx.src.sa,
 1011                                 d->sah->saidx.src.sa.sa_len << 3,
 1012                                 IPSEC_ULPROTO_ANY);
 1013                         if (!m)
 1014                                 goto msgfail;
 1015                         m_cat(result, m);
 1016 
 1017                         /* set sadb_address for saidx's. */
 1018                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 1019                                 &d->sah->saidx.dst.sa,
 1020                                 d->sah->saidx.dst.sa.sa_len << 3,
 1021                                 IPSEC_ULPROTO_ANY);
 1022                         if (!m)
 1023                                 goto msgfail;
 1024                         m_cat(result, m);
 1025 
 1026                         /* create SA extension */
 1027                         m = key_setsadbsa(d);
 1028                         if (!m)
 1029                                 goto msgfail;
 1030                         m_cat(result, m);
 1031 
 1032                         if (result->m_len < sizeof(struct sadb_msg)) {
 1033                                 result = m_pullup(result,
 1034                                                 sizeof(struct sadb_msg));
 1035                                 if (result == NULL)
 1036                                         goto msgfail;
 1037                         }
 1038 
 1039                         result->m_pkthdr.len = 0;
 1040                         for (m = result; m; m = m->m_next)
 1041                                 result->m_pkthdr.len += m->m_len;
 1042                         mtod(result, struct sadb_msg *)->sadb_msg_len =
 1043                                 PFKEY_UNIT64(result->m_pkthdr.len);
 1044 
 1045                         if (key_sendup_mbuf(NULL, result,
 1046                                         KEY_SENDUP_REGISTERED))
 1047                                 goto msgfail;
 1048                  msgfail:
 1049                         KEY_FREESAV(&d);
 1050                 }
 1051         }
 1052         if (candidate) {
 1053                 sa_addref(candidate);
 1054                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1055                         printf("DP %s cause refcnt++:%d SA:%p\n",
 1056                                 __func__, candidate->refcnt, candidate));
 1057         }
 1058         SAHTREE_UNLOCK();
 1059 
 1060         return candidate;
 1061 }
 1062 
 1063 /*
 1064  * allocating a usable SA entry for a *INBOUND* packet.
 1065  * Must call key_freesav() later.
 1066  * OUT: positive:       pointer to a usable sav (i.e. MATURE or DYING state).
 1067  *      NULL:           not found, or error occured.
 1068  *
 1069  * In the comparison, no source address is used--for RFC2401 conformance.
 1070  * To quote, from section 4.1:
 1071  *      A security association is uniquely identified by a triple consisting
 1072  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
 1073  *      security protocol (AH or ESP) identifier.
 1074  * Note that, however, we do need to keep source address in IPsec SA.
 1075  * IKE specification and PF_KEY specification do assume that we
 1076  * keep source address in IPsec SA.  We see a tricky situation here.
 1077  */
 1078 struct secasvar *
 1079 key_allocsa(
 1080         union sockaddr_union *dst,
 1081         u_int proto,
 1082         u_int32_t spi,
 1083         const char* where, int tag)
 1084 {
 1085         struct secashead *sah;
 1086         struct secasvar *sav;
 1087         u_int stateidx, arraysize, state;
 1088         const u_int *saorder_state_valid;
 1089         int chkport;
 1090 
 1091         IPSEC_ASSERT(dst != NULL, ("null dst address"));
 1092 
 1093         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1094                 printf("DP %s from %s:%u\n", __func__, where, tag));
 1095 
 1096 #ifdef IPSEC_NAT_T
 1097         chkport = (dst->sa.sa_family == AF_INET &&
 1098             dst->sa.sa_len == sizeof(struct sockaddr_in) &&
 1099             dst->sin.sin_port != 0);
 1100 #else
 1101         chkport = 0;
 1102 #endif
 1103 
 1104         /*
 1105          * searching SAD.
 1106          * XXX: to be checked internal IP header somewhere.  Also when
 1107          * IPsec tunnel packet is received.  But ESP tunnel mode is
 1108          * encrypted so we can't check internal IP header.
 1109          */
 1110         SAHTREE_LOCK();
 1111         if (V_key_preferred_oldsa) {
 1112                 saorder_state_valid = saorder_state_valid_prefer_old;
 1113                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
 1114         } else {
 1115                 saorder_state_valid = saorder_state_valid_prefer_new;
 1116                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
 1117         }
 1118         LIST_FOREACH(sah, &V_sahtree, chain) {
 1119                 /* search valid state */
 1120                 for (stateidx = 0; stateidx < arraysize; stateidx++) {
 1121                         state = saorder_state_valid[stateidx];
 1122                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 1123                                 /* sanity check */
 1124                                 KEY_CHKSASTATE(sav->state, state, __func__);
 1125                                 /* do not return entries w/ unusable state */
 1126                                 if (sav->state != SADB_SASTATE_MATURE &&
 1127                                     sav->state != SADB_SASTATE_DYING)
 1128                                         continue;
 1129                                 if (proto != sav->sah->saidx.proto)
 1130                                         continue;
 1131                                 if (spi != sav->spi)
 1132                                         continue;
 1133 #if 0   /* don't check src */
 1134                                 /* check src address */
 1135                                 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, chkport) != 0)
 1136                                         continue;
 1137 #endif
 1138                                 /* check dst address */
 1139                                 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, chkport) != 0)
 1140                                         continue;
 1141                                 sa_addref(sav);
 1142                                 goto done;
 1143                         }
 1144                 }
 1145         }
 1146         sav = NULL;
 1147 done:
 1148         SAHTREE_UNLOCK();
 1149 
 1150         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1151                 printf("DP %s return SA:%p; refcnt %u\n", __func__,
 1152                         sav, sav ? sav->refcnt : 0));
 1153         return sav;
 1154 }
 1155 
 1156 /*
 1157  * Must be called after calling key_allocsp().
 1158  * For both the packet without socket and key_freeso().
 1159  */
 1160 void
 1161 _key_freesp(struct secpolicy **spp, const char* where, int tag)
 1162 {
 1163         struct secpolicy *sp = *spp;
 1164 
 1165         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1166 
 1167         SPTREE_LOCK();
 1168         SP_DELREF(sp);
 1169 
 1170         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1171                 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
 1172                         __func__, sp, sp->id, where, tag, sp->refcnt));
 1173 
 1174         if (sp->refcnt == 0) {
 1175                 *spp = NULL;
 1176                 key_delsp(sp);
 1177         }
 1178         SPTREE_UNLOCK();
 1179 }
 1180 
 1181 /*
 1182  * Must be called after calling key_allocsp().
 1183  * For the packet with socket.
 1184  */
 1185 void
 1186 key_freeso(struct socket *so)
 1187 {
 1188         IPSEC_ASSERT(so != NULL, ("null so"));
 1189 
 1190         switch (so->so_proto->pr_domain->dom_family) {
 1191 #if defined(INET) || defined(INET6)
 1192 #ifdef INET
 1193         case PF_INET:
 1194 #endif
 1195 #ifdef INET6
 1196         case PF_INET6:
 1197 #endif
 1198             {
 1199                 struct inpcb *pcb = sotoinpcb(so);
 1200 
 1201                 /* Does it have a PCB ? */
 1202                 if (pcb == NULL)
 1203                         return;
 1204                 key_freesp_so(&pcb->inp_sp->sp_in);
 1205                 key_freesp_so(&pcb->inp_sp->sp_out);
 1206             }
 1207                 break;
 1208 #endif /* INET || INET6 */
 1209         default:
 1210                 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n",
 1211                     __func__, so->so_proto->pr_domain->dom_family));
 1212                 return;
 1213         }
 1214 }
 1215 
 1216 static void
 1217 key_freesp_so(struct secpolicy **sp)
 1218 {
 1219         IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp"));
 1220 
 1221         if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
 1222             (*sp)->policy == IPSEC_POLICY_BYPASS)
 1223                 return;
 1224 
 1225         IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
 1226                 ("invalid policy %u", (*sp)->policy));
 1227         KEY_FREESP(sp);
 1228 }
 1229 
 1230 void
 1231 key_addrefsa(struct secasvar *sav, const char* where, int tag)
 1232 {
 1233 
 1234         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1235         IPSEC_ASSERT(sav->refcnt > 0, ("refcount must exist"));
 1236 
 1237         sa_addref(sav);
 1238 }
 1239 
 1240 /*
 1241  * Must be called after calling key_allocsa().
 1242  * This function is called by key_freesp() to free some SA allocated
 1243  * for a policy.
 1244  */
 1245 void
 1246 key_freesav(struct secasvar **psav, const char* where, int tag)
 1247 {
 1248         struct secasvar *sav = *psav;
 1249 
 1250         IPSEC_ASSERT(sav != NULL, ("null sav"));
 1251 
 1252         if (sa_delref(sav)) {
 1253                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1254                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1255                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1256                 *psav = NULL;
 1257                 key_delsav(sav);
 1258         } else {
 1259                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1260                         printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
 1261                                 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt));
 1262         }
 1263 }
 1264 
 1265 /* %%% SPD management */
 1266 /*
 1267  * free security policy entry.
 1268  */
 1269 static void
 1270 key_delsp(struct secpolicy *sp)
 1271 {
 1272         struct ipsecrequest *isr, *nextisr;
 1273 
 1274         IPSEC_ASSERT(sp != NULL, ("null sp"));
 1275         SPTREE_LOCK_ASSERT();
 1276 
 1277         sp->state = IPSEC_SPSTATE_DEAD;
 1278 
 1279         IPSEC_ASSERT(sp->refcnt == 0,
 1280                 ("SP with references deleted (refcnt %u)", sp->refcnt));
 1281 
 1282         /* remove from SP index */
 1283         if (__LIST_CHAINED(sp))
 1284                 LIST_REMOVE(sp, chain);
 1285 
 1286         for (isr = sp->req; isr != NULL; isr = nextisr) {
 1287                 if (isr->sav != NULL) {
 1288                         KEY_FREESAV(&isr->sav);
 1289                         isr->sav = NULL;
 1290                 }
 1291 
 1292                 nextisr = isr->next;
 1293                 ipsec_delisr(isr);
 1294         }
 1295         _key_delsp(sp);
 1296 }
 1297 
 1298 /*
 1299  * search SPD
 1300  * OUT: NULL    : not found
 1301  *      others  : found, pointer to a SP.
 1302  */
 1303 static struct secpolicy *
 1304 key_getsp(struct secpolicyindex *spidx)
 1305 {
 1306         struct secpolicy *sp;
 1307 
 1308         IPSEC_ASSERT(spidx != NULL, ("null spidx"));
 1309 
 1310         SPTREE_LOCK();
 1311         LIST_FOREACH(sp, &V_sptree[spidx->dir], chain) {
 1312                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1313                         continue;
 1314                 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
 1315                         SP_ADDREF(sp);
 1316                         break;
 1317                 }
 1318         }
 1319         SPTREE_UNLOCK();
 1320 
 1321         return sp;
 1322 }
 1323 
 1324 /*
 1325  * get SP by index.
 1326  * OUT: NULL    : not found
 1327  *      others  : found, pointer to a SP.
 1328  */
 1329 static struct secpolicy *
 1330 key_getspbyid(u_int32_t id)
 1331 {
 1332         struct secpolicy *sp;
 1333 
 1334         SPTREE_LOCK();
 1335         LIST_FOREACH(sp, &V_sptree[IPSEC_DIR_INBOUND], chain) {
 1336                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1337                         continue;
 1338                 if (sp->id == id) {
 1339                         SP_ADDREF(sp);
 1340                         goto done;
 1341                 }
 1342         }
 1343 
 1344         LIST_FOREACH(sp, &V_sptree[IPSEC_DIR_OUTBOUND], chain) {
 1345                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1346                         continue;
 1347                 if (sp->id == id) {
 1348                         SP_ADDREF(sp);
 1349                         goto done;
 1350                 }
 1351         }
 1352 done:
 1353         SPTREE_UNLOCK();
 1354 
 1355         return sp;
 1356 }
 1357 
 1358 struct secpolicy *
 1359 key_newsp(const char* where, int tag)
 1360 {
 1361         struct secpolicy *newsp = NULL;
 1362 
 1363         newsp = (struct secpolicy *)
 1364                 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO);
 1365         if (newsp) {
 1366                 SECPOLICY_LOCK_INIT(newsp);
 1367                 newsp->refcnt = 1;
 1368                 newsp->req = NULL;
 1369         }
 1370 
 1371         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1372                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 1373                         where, tag, newsp));
 1374         return newsp;
 1375 }
 1376 
 1377 static void
 1378 _key_delsp(struct secpolicy *sp)
 1379 {
 1380         SECPOLICY_LOCK_DESTROY(sp);
 1381         free(sp, M_IPSEC_SP);
 1382 }
 1383 
 1384 /*
 1385  * create secpolicy structure from sadb_x_policy structure.
 1386  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1387  * so must be set properly later.
 1388  */
 1389 struct secpolicy *
 1390 key_msg2sp(xpl0, len, error)
 1391         struct sadb_x_policy *xpl0;
 1392         size_t len;
 1393         int *error;
 1394 {
 1395         struct secpolicy *newsp;
 1396 
 1397         IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
 1398         IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len));
 1399 
 1400         if (len != PFKEY_EXTLEN(xpl0)) {
 1401                 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
 1402                 *error = EINVAL;
 1403                 return NULL;
 1404         }
 1405 
 1406         if ((newsp = KEY_NEWSP()) == NULL) {
 1407                 *error = ENOBUFS;
 1408                 return NULL;
 1409         }
 1410 
 1411         newsp->spidx.dir = xpl0->sadb_x_policy_dir;
 1412         newsp->policy = xpl0->sadb_x_policy_type;
 1413 
 1414         /* check policy */
 1415         switch (xpl0->sadb_x_policy_type) {
 1416         case IPSEC_POLICY_DISCARD:
 1417         case IPSEC_POLICY_NONE:
 1418         case IPSEC_POLICY_ENTRUST:
 1419         case IPSEC_POLICY_BYPASS:
 1420                 newsp->req = NULL;
 1421                 break;
 1422 
 1423         case IPSEC_POLICY_IPSEC:
 1424             {
 1425                 int tlen;
 1426                 struct sadb_x_ipsecrequest *xisr;
 1427                 struct ipsecrequest **p_isr = &newsp->req;
 1428 
 1429                 /* validity check */
 1430                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1431                         ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n",
 1432                                 __func__));
 1433                         KEY_FREESP(&newsp);
 1434                         *error = EINVAL;
 1435                         return NULL;
 1436                 }
 1437 
 1438                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1439                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1440 
 1441                 while (tlen > 0) {
 1442                         /* length check */
 1443                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1444                                 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest "
 1445                                         "length.\n", __func__));
 1446                                 KEY_FREESP(&newsp);
 1447                                 *error = EINVAL;
 1448                                 return NULL;
 1449                         }
 1450 
 1451                         /* allocate request buffer */
 1452                         /* NB: data structure is zero'd */
 1453                         *p_isr = ipsec_newisr();
 1454                         if ((*p_isr) == NULL) {
 1455                                 ipseclog((LOG_DEBUG,
 1456                                     "%s: No more memory.\n", __func__));
 1457                                 KEY_FREESP(&newsp);
 1458                                 *error = ENOBUFS;
 1459                                 return NULL;
 1460                         }
 1461 
 1462                         /* set values */
 1463                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1464                         case IPPROTO_ESP:
 1465                         case IPPROTO_AH:
 1466                         case IPPROTO_IPCOMP:
 1467                                 break;
 1468                         default:
 1469                                 ipseclog((LOG_DEBUG,
 1470                                     "%s: invalid proto type=%u\n", __func__,
 1471                                     xisr->sadb_x_ipsecrequest_proto));
 1472                                 KEY_FREESP(&newsp);
 1473                                 *error = EPROTONOSUPPORT;
 1474                                 return NULL;
 1475                         }
 1476                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1477 
 1478                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1479                         case IPSEC_MODE_TRANSPORT:
 1480                         case IPSEC_MODE_TUNNEL:
 1481                                 break;
 1482                         case IPSEC_MODE_ANY:
 1483                         default:
 1484                                 ipseclog((LOG_DEBUG,
 1485                                     "%s: invalid mode=%u\n", __func__,
 1486                                     xisr->sadb_x_ipsecrequest_mode));
 1487                                 KEY_FREESP(&newsp);
 1488                                 *error = EINVAL;
 1489                                 return NULL;
 1490                         }
 1491                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1492 
 1493                         switch (xisr->sadb_x_ipsecrequest_level) {
 1494                         case IPSEC_LEVEL_DEFAULT:
 1495                         case IPSEC_LEVEL_USE:
 1496                         case IPSEC_LEVEL_REQUIRE:
 1497                                 break;
 1498                         case IPSEC_LEVEL_UNIQUE:
 1499                                 /* validity check */
 1500                                 /*
 1501                                  * If range violation of reqid, kernel will
 1502                                  * update it, don't refuse it.
 1503                                  */
 1504                                 if (xisr->sadb_x_ipsecrequest_reqid
 1505                                                 > IPSEC_MANUAL_REQID_MAX) {
 1506                                         ipseclog((LOG_DEBUG,
 1507                                             "%s: reqid=%d range "
 1508                                             "violation, updated by kernel.\n",
 1509                                             __func__,
 1510                                             xisr->sadb_x_ipsecrequest_reqid));
 1511                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1512                                 }
 1513 
 1514                                 /* allocate new reqid id if reqid is zero. */
 1515                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1516                                         u_int32_t reqid;
 1517                                         if ((reqid = key_newreqid()) == 0) {
 1518                                                 KEY_FREESP(&newsp);
 1519                                                 *error = ENOBUFS;
 1520                                                 return NULL;
 1521                                         }
 1522                                         (*p_isr)->saidx.reqid = reqid;
 1523                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1524                                 } else {
 1525                                 /* set it for manual keying. */
 1526                                         (*p_isr)->saidx.reqid =
 1527                                                 xisr->sadb_x_ipsecrequest_reqid;
 1528                                 }
 1529                                 break;
 1530 
 1531                         default:
 1532                                 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n",
 1533                                         __func__,
 1534                                         xisr->sadb_x_ipsecrequest_level));
 1535                                 KEY_FREESP(&newsp);
 1536                                 *error = EINVAL;
 1537                                 return NULL;
 1538                         }
 1539                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1540 
 1541                         /* set IP addresses if there */
 1542                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1543                                 struct sockaddr *paddr;
 1544 
 1545                                 paddr = (struct sockaddr *)(xisr + 1);
 1546 
 1547                                 /* validity check */
 1548                                 if (paddr->sa_len
 1549                                     > sizeof((*p_isr)->saidx.src)) {
 1550                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1551                                                 "request address length.\n",
 1552                                                 __func__));
 1553                                         KEY_FREESP(&newsp);
 1554                                         *error = EINVAL;
 1555                                         return NULL;
 1556                                 }
 1557                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1558                                         paddr->sa_len);
 1559 
 1560                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1561                                                         + paddr->sa_len);
 1562 
 1563                                 /* validity check */
 1564                                 if (paddr->sa_len
 1565                                     > sizeof((*p_isr)->saidx.dst)) {
 1566                                         ipseclog((LOG_DEBUG, "%s: invalid "
 1567                                                 "request address length.\n",
 1568                                                 __func__));
 1569                                         KEY_FREESP(&newsp);
 1570                                         *error = EINVAL;
 1571                                         return NULL;
 1572                                 }
 1573                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1574                                         paddr->sa_len);
 1575                         }
 1576 
 1577                         (*p_isr)->sp = newsp;
 1578 
 1579                         /* initialization for the next. */
 1580                         p_isr = &(*p_isr)->next;
 1581                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1582 
 1583                         /* validity check */
 1584                         if (tlen < 0) {
 1585                                 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n",
 1586                                         __func__));
 1587                                 KEY_FREESP(&newsp);
 1588                                 *error = EINVAL;
 1589                                 return NULL;
 1590                         }
 1591 
 1592                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1593                                          + xisr->sadb_x_ipsecrequest_len);
 1594                 }
 1595             }
 1596                 break;
 1597         default:
 1598                 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
 1599                 KEY_FREESP(&newsp);
 1600                 *error = EINVAL;
 1601                 return NULL;
 1602         }
 1603 
 1604         *error = 0;
 1605         return newsp;
 1606 }
 1607 
 1608 static u_int32_t
 1609 key_newreqid()
 1610 {
 1611         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1612 
 1613         auto_reqid = (auto_reqid == ~0
 1614                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1615 
 1616         /* XXX should be unique check */
 1617 
 1618         return auto_reqid;
 1619 }
 1620 
 1621 /*
 1622  * copy secpolicy struct to sadb_x_policy structure indicated.
 1623  */
 1624 struct mbuf *
 1625 key_sp2msg(sp)
 1626         struct secpolicy *sp;
 1627 {
 1628         struct sadb_x_policy *xpl;
 1629         int tlen;
 1630         caddr_t p;
 1631         struct mbuf *m;
 1632 
 1633         IPSEC_ASSERT(sp != NULL, ("null policy"));
 1634 
 1635         tlen = key_getspreqmsglen(sp);
 1636 
 1637         m = key_alloc_mbuf(tlen);
 1638         if (!m || m->m_next) {  /*XXX*/
 1639                 if (m)
 1640                         m_freem(m);
 1641                 return NULL;
 1642         }
 1643 
 1644         m->m_len = tlen;
 1645         m->m_next = NULL;
 1646         xpl = mtod(m, struct sadb_x_policy *);
 1647         bzero(xpl, tlen);
 1648 
 1649         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1650         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1651         xpl->sadb_x_policy_type = sp->policy;
 1652         xpl->sadb_x_policy_dir = sp->spidx.dir;
 1653         xpl->sadb_x_policy_id = sp->id;
 1654         p = (caddr_t)xpl + sizeof(*xpl);
 1655 
 1656         /* if is the policy for ipsec ? */
 1657         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1658                 struct sadb_x_ipsecrequest *xisr;
 1659                 struct ipsecrequest *isr;
 1660 
 1661                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1662 
 1663                         xisr = (struct sadb_x_ipsecrequest *)p;
 1664 
 1665                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1666                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1667                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1668                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1669 
 1670                         p += sizeof(*xisr);
 1671                         bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
 1672                         p += isr->saidx.src.sa.sa_len;
 1673                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
 1674                         p += isr->saidx.src.sa.sa_len;
 1675 
 1676                         xisr->sadb_x_ipsecrequest_len =
 1677                                 PFKEY_ALIGN8(sizeof(*xisr)
 1678                                         + isr->saidx.src.sa.sa_len
 1679                                         + isr->saidx.dst.sa.sa_len);
 1680                 }
 1681         }
 1682 
 1683         return m;
 1684 }
 1685 
 1686 /* m will not be freed nor modified */
 1687 static struct mbuf *
 1688 #ifdef __STDC__
 1689 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1690         int ndeep, int nitem, ...)
 1691 #else
 1692 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
 1693         struct mbuf *m;
 1694         const struct sadb_msghdr *mhp;
 1695         int ndeep;
 1696         int nitem;
 1697         va_dcl
 1698 #endif
 1699 {
 1700         va_list ap;
 1701         int idx;
 1702         int i;
 1703         struct mbuf *result = NULL, *n;
 1704         int len;
 1705 
 1706         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1707         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1708 
 1709         va_start(ap, nitem);
 1710         for (i = 0; i < nitem; i++) {
 1711                 idx = va_arg(ap, int);
 1712                 if (idx < 0 || idx > SADB_EXT_MAX)
 1713                         goto fail;
 1714                 /* don't attempt to pull empty extension */
 1715                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1716                         continue;
 1717                 if (idx != SADB_EXT_RESERVED  &&
 1718                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1719                         continue;
 1720 
 1721                 if (idx == SADB_EXT_RESERVED) {
 1722                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1723 
 1724                         IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
 1725 
 1726                         MGETHDR(n, M_DONTWAIT, MT_DATA);
 1727                         if (!n)
 1728                                 goto fail;
 1729                         n->m_len = len;
 1730                         n->m_next = NULL;
 1731                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1732                             mtod(n, caddr_t));
 1733                 } else if (i < ndeep) {
 1734                         len = mhp->extlen[idx];
 1735                         n = key_alloc_mbuf(len);
 1736                         if (!n || n->m_next) {  /*XXX*/
 1737                                 if (n)
 1738                                         m_freem(n);
 1739                                 goto fail;
 1740                         }
 1741                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1742                             mtod(n, caddr_t));
 1743                 } else {
 1744                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1745                             M_DONTWAIT);
 1746                 }
 1747                 if (n == NULL)
 1748                         goto fail;
 1749 
 1750                 if (result)
 1751                         m_cat(result, n);
 1752                 else
 1753                         result = n;
 1754         }
 1755         va_end(ap);
 1756 
 1757         if ((result->m_flags & M_PKTHDR) != 0) {
 1758                 result->m_pkthdr.len = 0;
 1759                 for (n = result; n; n = n->m_next)
 1760                         result->m_pkthdr.len += n->m_len;
 1761         }
 1762 
 1763         return result;
 1764 
 1765 fail:
 1766         m_freem(result);
 1767         va_end(ap);
 1768         return NULL;
 1769 }
 1770 
 1771 /*
 1772  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1773  * add an entry to SP database, when received
 1774  *   <base, address(SD), (lifetime(H),) policy>
 1775  * from the user(?).
 1776  * Adding to SP database,
 1777  * and send
 1778  *   <base, address(SD), (lifetime(H),) policy>
 1779  * to the socket which was send.
 1780  *
 1781  * SPDADD set a unique policy entry.
 1782  * SPDSETIDX like SPDADD without a part of policy requests.
 1783  * SPDUPDATE replace a unique policy entry.
 1784  *
 1785  * m will always be freed.
 1786  */
 1787 static int
 1788 key_spdadd(so, m, mhp)
 1789         struct socket *so;
 1790         struct mbuf *m;
 1791         const struct sadb_msghdr *mhp;
 1792 {
 1793         struct sadb_address *src0, *dst0;
 1794         struct sadb_x_policy *xpl0, *xpl;
 1795         struct sadb_lifetime *lft = NULL;
 1796         struct secpolicyindex spidx;
 1797         struct secpolicy *newsp;
 1798         int error;
 1799 
 1800         IPSEC_ASSERT(so != NULL, ("null socket"));
 1801         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 1802         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 1803         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 1804 
 1805         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 1806             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 1807             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1808                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1809                 return key_senderror(so, m, EINVAL);
 1810         }
 1811         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 1812             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 1813             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1814                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1815                         __func__));
 1816                 return key_senderror(so, m, EINVAL);
 1817         }
 1818         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1819                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1820                         < sizeof(struct sadb_lifetime)) {
 1821                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 1822                                 __func__));
 1823                         return key_senderror(so, m, EINVAL);
 1824                 }
 1825                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1826         }
 1827 
 1828         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1829         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1830         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1831 
 1832         /* 
 1833          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 1834          * we are processing traffic endpoints.
 1835          */
 1836 
 1837         /* make secindex */
 1838         /* XXX boundary check against sa_len */
 1839         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1840                         src0 + 1,
 1841                         dst0 + 1,
 1842                         src0->sadb_address_prefixlen,
 1843                         dst0->sadb_address_prefixlen,
 1844                         src0->sadb_address_proto,
 1845                         &spidx);
 1846 
 1847         /* checking the direciton. */
 1848         switch (xpl0->sadb_x_policy_dir) {
 1849         case IPSEC_DIR_INBOUND:
 1850         case IPSEC_DIR_OUTBOUND:
 1851                 break;
 1852         default:
 1853                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 1854                 mhp->msg->sadb_msg_errno = EINVAL;
 1855                 return 0;
 1856         }
 1857 
 1858         /* check policy */
 1859         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1860         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
 1861          || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1862                 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__));
 1863                 return key_senderror(so, m, EINVAL);
 1864         }
 1865 
 1866         /* policy requests are mandatory when action is ipsec. */
 1867         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
 1868          && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
 1869          && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1870                 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n",
 1871                         __func__));
 1872                 return key_senderror(so, m, EINVAL);
 1873         }
 1874 
 1875         /*
 1876          * checking there is SP already or not.
 1877          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1878          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1879          * then error.
 1880          */
 1881         newsp = key_getsp(&spidx);
 1882         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1883                 if (newsp) {
 1884                         SPTREE_LOCK();
 1885                         newsp->state = IPSEC_SPSTATE_DEAD;
 1886                         SPTREE_UNLOCK();
 1887                         KEY_FREESP(&newsp);
 1888                 }
 1889         } else {
 1890                 if (newsp != NULL) {
 1891                         KEY_FREESP(&newsp);
 1892                         ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n",
 1893                                 __func__));
 1894                         return key_senderror(so, m, EEXIST);
 1895                 }
 1896         }
 1897 
 1898         /* allocation new SP entry */
 1899         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1900                 return key_senderror(so, m, error);
 1901         }
 1902 
 1903         if ((newsp->id = key_getnewspid()) == 0) {
 1904                 _key_delsp(newsp);
 1905                 return key_senderror(so, m, ENOBUFS);
 1906         }
 1907 
 1908         /* XXX boundary check against sa_len */
 1909         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 1910                         src0 + 1,
 1911                         dst0 + 1,
 1912                         src0->sadb_address_prefixlen,
 1913                         dst0->sadb_address_prefixlen,
 1914                         src0->sadb_address_proto,
 1915                         &newsp->spidx);
 1916 
 1917         /* sanity check on addr pair */
 1918         if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1919                         ((struct sockaddr *)(dst0+ 1))->sa_family) {
 1920                 _key_delsp(newsp);
 1921                 return key_senderror(so, m, EINVAL);
 1922         }
 1923         if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1924                         ((struct sockaddr *)(dst0+ 1))->sa_len) {
 1925                 _key_delsp(newsp);
 1926                 return key_senderror(so, m, EINVAL);
 1927         }
 1928 #if 1
 1929         if (newsp->req && newsp->req->saidx.src.sa.sa_family && newsp->req->saidx.dst.sa.sa_family) {
 1930                 if (newsp->req->saidx.src.sa.sa_family != newsp->req->saidx.dst.sa.sa_family) {
 1931                         _key_delsp(newsp);
 1932                         return key_senderror(so, m, EINVAL);
 1933                 }
 1934         }
 1935 #endif
 1936 
 1937         newsp->created = time_second;
 1938         newsp->lastused = newsp->created;
 1939         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1940         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1941 
 1942         newsp->refcnt = 1;      /* do not reclaim until I say I do */
 1943         newsp->state = IPSEC_SPSTATE_ALIVE;
 1944         LIST_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, secpolicy, chain);
 1945 
 1946         /* delete the entry in spacqtree */
 1947         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1948                 struct secspacq *spacq = key_getspacq(&spidx);
 1949                 if (spacq != NULL) {
 1950                         /* reset counter in order to deletion by timehandler. */
 1951                         spacq->created = time_second;
 1952                         spacq->count = 0;
 1953                         SPACQ_UNLOCK();
 1954                 }
 1955         }
 1956 
 1957     {
 1958         struct mbuf *n, *mpolicy;
 1959         struct sadb_msg *newmsg;
 1960         int off;
 1961 
 1962         /*
 1963          * Note: do not send SADB_X_EXT_NAT_T_* here:
 1964          * we are sending traffic endpoints.
 1965          */
 1966 
 1967         /* create new sadb_msg to reply. */
 1968         if (lft) {
 1969                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1970                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1971                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1972         } else {
 1973                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1974                     SADB_X_EXT_POLICY,
 1975                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1976         }
 1977         if (!n)
 1978                 return key_senderror(so, m, ENOBUFS);
 1979 
 1980         if (n->m_len < sizeof(*newmsg)) {
 1981                 n = m_pullup(n, sizeof(*newmsg));
 1982                 if (!n)
 1983                         return key_senderror(so, m, ENOBUFS);
 1984         }
 1985         newmsg = mtod(n, struct sadb_msg *);
 1986         newmsg->sadb_msg_errno = 0;
 1987         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 1988 
 1989         off = 0;
 1990         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 1991             sizeof(*xpl), &off);
 1992         if (mpolicy == NULL) {
 1993                 /* n is already freed */
 1994                 return key_senderror(so, m, ENOBUFS);
 1995         }
 1996         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 1997         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 1998                 m_freem(n);
 1999                 return key_senderror(so, m, EINVAL);
 2000         }
 2001         xpl->sadb_x_policy_id = newsp->id;
 2002 
 2003         m_freem(m);
 2004         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2005     }
 2006 }
 2007 
 2008 /*
 2009  * get new policy id.
 2010  * OUT:
 2011  *      0:      failure.
 2012  *      others: success.
 2013  */
 2014 static u_int32_t
 2015 key_getnewspid()
 2016 {
 2017         u_int32_t newid = 0;
 2018         int count = V_key_spi_trycnt;   /* XXX */
 2019         struct secpolicy *sp;
 2020 
 2021         /* when requesting to allocate spi ranged */
 2022         while (count--) {
 2023                 newid = (V_policy_id = (V_policy_id == ~0 ? 1 : V_policy_id + 1));
 2024 
 2025                 if ((sp = key_getspbyid(newid)) == NULL)
 2026                         break;
 2027 
 2028                 KEY_FREESP(&sp);
 2029         }
 2030 
 2031         if (count == 0 || newid == 0) {
 2032                 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n",
 2033                         __func__));
 2034                 return 0;
 2035         }
 2036 
 2037         return newid;
 2038 }
 2039 
 2040 /*
 2041  * SADB_SPDDELETE processing
 2042  * receive
 2043  *   <base, address(SD), policy(*)>
 2044  * from the user(?), and set SADB_SASTATE_DEAD,
 2045  * and send,
 2046  *   <base, address(SD), policy(*)>
 2047  * to the ikmpd.
 2048  * policy(*) including direction of policy.
 2049  *
 2050  * m will always be freed.
 2051  */
 2052 static int
 2053 key_spddelete(so, m, mhp)
 2054         struct socket *so;
 2055         struct mbuf *m;
 2056         const struct sadb_msghdr *mhp;
 2057 {
 2058         struct sadb_address *src0, *dst0;
 2059         struct sadb_x_policy *xpl0;
 2060         struct secpolicyindex spidx;
 2061         struct secpolicy *sp;
 2062 
 2063         IPSEC_ASSERT(so != NULL, ("null so"));
 2064         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2065         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2066         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2067 
 2068         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2069             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2070             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2071                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2072                         __func__));
 2073                 return key_senderror(so, m, EINVAL);
 2074         }
 2075         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2076             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2077             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2078                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2079                         __func__));
 2080                 return key_senderror(so, m, EINVAL);
 2081         }
 2082 
 2083         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2084         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2085         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2086 
 2087         /*
 2088          * Note: do not parse SADB_X_EXT_NAT_T_* here:
 2089          * we are processing traffic endpoints.
 2090          */
 2091 
 2092         /* make secindex */
 2093         /* XXX boundary check against sa_len */
 2094         KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
 2095                         src0 + 1,
 2096                         dst0 + 1,
 2097                         src0->sadb_address_prefixlen,
 2098                         dst0->sadb_address_prefixlen,
 2099                         src0->sadb_address_proto,
 2100                         &spidx);
 2101 
 2102         /* checking the direciton. */
 2103         switch (xpl0->sadb_x_policy_dir) {
 2104         case IPSEC_DIR_INBOUND:
 2105         case IPSEC_DIR_OUTBOUND:
 2106                 break;
 2107         default:
 2108                 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__));
 2109                 return key_senderror(so, m, EINVAL);
 2110         }
 2111 
 2112         /* Is there SP in SPD ? */
 2113         if ((sp = key_getsp(&spidx)) == NULL) {
 2114                 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__));
 2115                 return key_senderror(so, m, EINVAL);
 2116         }
 2117 
 2118         /* save policy id to buffer to be returned. */
 2119         xpl0->sadb_x_policy_id = sp->id;
 2120 
 2121         SPTREE_LOCK();
 2122         sp->state = IPSEC_SPSTATE_DEAD;
 2123         SPTREE_UNLOCK();
 2124         KEY_FREESP(&sp);
 2125 
 2126     {
 2127         struct mbuf *n;
 2128         struct sadb_msg *newmsg;
 2129 
 2130         /*
 2131          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2132          * we are sending traffic endpoints.
 2133          */
 2134 
 2135         /* create new sadb_msg to reply. */
 2136         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2137             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2138         if (!n)
 2139                 return key_senderror(so, m, ENOBUFS);
 2140 
 2141         newmsg = mtod(n, struct sadb_msg *);
 2142         newmsg->sadb_msg_errno = 0;
 2143         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2144 
 2145         m_freem(m);
 2146         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2147     }
 2148 }
 2149 
 2150 /*
 2151  * SADB_SPDDELETE2 processing
 2152  * receive
 2153  *   <base, policy(*)>
 2154  * from the user(?), and set SADB_SASTATE_DEAD,
 2155  * and send,
 2156  *   <base, policy(*)>
 2157  * to the ikmpd.
 2158  * policy(*) including direction of policy.
 2159  *
 2160  * m will always be freed.
 2161  */
 2162 static int
 2163 key_spddelete2(so, m, mhp)
 2164         struct socket *so;
 2165         struct mbuf *m;
 2166         const struct sadb_msghdr *mhp;
 2167 {
 2168         u_int32_t id;
 2169         struct secpolicy *sp;
 2170 
 2171         IPSEC_ASSERT(so != NULL, ("null socket"));
 2172         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2173         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2174         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2175 
 2176         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2177             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2178                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__));
 2179                 return key_senderror(so, m, EINVAL);
 2180         }
 2181 
 2182         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2183 
 2184         /* Is there SP in SPD ? */
 2185         if ((sp = key_getspbyid(id)) == NULL) {
 2186                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2187                 return key_senderror(so, m, EINVAL);
 2188         }
 2189 
 2190         SPTREE_LOCK();
 2191         sp->state = IPSEC_SPSTATE_DEAD;
 2192         SPTREE_UNLOCK();
 2193         KEY_FREESP(&sp);
 2194 
 2195     {
 2196         struct mbuf *n, *nn;
 2197         struct sadb_msg *newmsg;
 2198         int off, len;
 2199 
 2200         /* create new sadb_msg to reply. */
 2201         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2202 
 2203         MGETHDR(n, M_DONTWAIT, MT_DATA);
 2204         if (n && len > MHLEN) {
 2205                 MCLGET(n, M_DONTWAIT);
 2206                 if ((n->m_flags & M_EXT) == 0) {
 2207                         m_freem(n);
 2208                         n = NULL;
 2209                 }
 2210         }
 2211         if (!n)
 2212                 return key_senderror(so, m, ENOBUFS);
 2213 
 2214         n->m_len = len;
 2215         n->m_next = NULL;
 2216         off = 0;
 2217 
 2218         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2219         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2220 
 2221         IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)",
 2222                 off, len));
 2223 
 2224         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2225             mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
 2226         if (!n->m_next) {
 2227                 m_freem(n);
 2228                 return key_senderror(so, m, ENOBUFS);
 2229         }
 2230 
 2231         n->m_pkthdr.len = 0;
 2232         for (nn = n; nn; nn = nn->m_next)
 2233                 n->m_pkthdr.len += nn->m_len;
 2234 
 2235         newmsg = mtod(n, struct sadb_msg *);
 2236         newmsg->sadb_msg_errno = 0;
 2237         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2238 
 2239         m_freem(m);
 2240         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2241     }
 2242 }
 2243 
 2244 /*
 2245  * SADB_X_GET processing
 2246  * receive
 2247  *   <base, policy(*)>
 2248  * from the user(?),
 2249  * and send,
 2250  *   <base, address(SD), policy>
 2251  * to the ikmpd.
 2252  * policy(*) including direction of policy.
 2253  *
 2254  * m will always be freed.
 2255  */
 2256 static int
 2257 key_spdget(so, m, mhp)
 2258         struct socket *so;
 2259         struct mbuf *m;
 2260         const struct sadb_msghdr *mhp;
 2261 {
 2262         u_int32_t id;
 2263         struct secpolicy *sp;
 2264         struct mbuf *n;
 2265 
 2266         IPSEC_ASSERT(so != NULL, ("null socket"));
 2267         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2268         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2269         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2270 
 2271         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2272             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2273                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2274                         __func__));
 2275                 return key_senderror(so, m, EINVAL);
 2276         }
 2277 
 2278         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2279 
 2280         /* Is there SP in SPD ? */
 2281         if ((sp = key_getspbyid(id)) == NULL) {
 2282                 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id));
 2283                 return key_senderror(so, m, ENOENT);
 2284         }
 2285 
 2286         n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
 2287         KEY_FREESP(&sp);
 2288         if (n != NULL) {
 2289                 m_freem(m);
 2290                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2291         } else
 2292                 return key_senderror(so, m, ENOBUFS);
 2293 }
 2294 
 2295 /*
 2296  * SADB_X_SPDACQUIRE processing.
 2297  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2298  * send
 2299  *   <base, policy(*)>
 2300  * to KMD, and expect to receive
 2301  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2302  * or
 2303  *   <base, policy>
 2304  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2305  * policy(*) is without policy requests.
 2306  *
 2307  *    0     : succeed
 2308  *    others: error number
 2309  */
 2310 int
 2311 key_spdacquire(sp)
 2312         struct secpolicy *sp;
 2313 {
 2314         struct mbuf *result = NULL, *m;
 2315         struct secspacq *newspacq;
 2316 
 2317         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2318         IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
 2319         IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
 2320                 ("policy not IPSEC %u", sp->policy));
 2321 
 2322         /* Get an entry to check whether sent message or not. */
 2323         newspacq = key_getspacq(&sp->spidx);
 2324         if (newspacq != NULL) {
 2325                 if (V_key_blockacq_count < newspacq->count) {
 2326                         /* reset counter and do send message. */
 2327                         newspacq->count = 0;
 2328                 } else {
 2329                         /* increment counter and do nothing. */
 2330                         newspacq->count++;
 2331                         return 0;
 2332                 }
 2333                 SPACQ_UNLOCK();
 2334         } else {
 2335                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2336                 newspacq = key_newspacq(&sp->spidx);
 2337                 if (newspacq == NULL)
 2338                         return ENOBUFS;
 2339         }
 2340 
 2341         /* create new sadb_msg to reply. */
 2342         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2343         if (!m)
 2344                 return ENOBUFS;
 2345 
 2346         result = m;
 2347 
 2348         result->m_pkthdr.len = 0;
 2349         for (m = result; m; m = m->m_next)
 2350                 result->m_pkthdr.len += m->m_len;
 2351 
 2352         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2353             PFKEY_UNIT64(result->m_pkthdr.len);
 2354 
 2355         return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
 2356 }
 2357 
 2358 /*
 2359  * SADB_SPDFLUSH processing
 2360  * receive
 2361  *   <base>
 2362  * from the user, and free all entries in secpctree.
 2363  * and send,
 2364  *   <base>
 2365  * to the user.
 2366  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2367  *
 2368  * m will always be freed.
 2369  */
 2370 static int
 2371 key_spdflush(so, m, mhp)
 2372         struct socket *so;
 2373         struct mbuf *m;
 2374         const struct sadb_msghdr *mhp;
 2375 {
 2376         struct sadb_msg *newmsg;
 2377         struct secpolicy *sp;
 2378         u_int dir;
 2379 
 2380         IPSEC_ASSERT(so != NULL, ("null socket"));
 2381         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2382         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2383         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2384 
 2385         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2386                 return key_senderror(so, m, EINVAL);
 2387 
 2388         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2389                 SPTREE_LOCK();
 2390                 LIST_FOREACH(sp, &V_sptree[dir], chain)
 2391                         sp->state = IPSEC_SPSTATE_DEAD;
 2392                 SPTREE_UNLOCK();
 2393         }
 2394 
 2395         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2396                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2397                 return key_senderror(so, m, ENOBUFS);
 2398         }
 2399 
 2400         if (m->m_next)
 2401                 m_freem(m->m_next);
 2402         m->m_next = NULL;
 2403         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2404         newmsg = mtod(m, struct sadb_msg *);
 2405         newmsg->sadb_msg_errno = 0;
 2406         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2407 
 2408         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2409 }
 2410 
 2411 /*
 2412  * SADB_SPDDUMP processing
 2413  * receive
 2414  *   <base>
 2415  * from the user, and dump all SP leaves
 2416  * and send,
 2417  *   <base> .....
 2418  * to the ikmpd.
 2419  *
 2420  * m will always be freed.
 2421  */
 2422 static int
 2423 key_spddump(so, m, mhp)
 2424         struct socket *so;
 2425         struct mbuf *m;
 2426         const struct sadb_msghdr *mhp;
 2427 {
 2428         struct secpolicy *sp;
 2429         int cnt;
 2430         u_int dir;
 2431         struct mbuf *n;
 2432 
 2433         IPSEC_ASSERT(so != NULL, ("null socket"));
 2434         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2435         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2436         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2437 
 2438         /* search SPD entry and get buffer size. */
 2439         cnt = 0;
 2440         SPTREE_LOCK();
 2441         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2442                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 2443                         cnt++;
 2444                 }
 2445         }
 2446 
 2447         if (cnt == 0) {
 2448                 SPTREE_UNLOCK();
 2449                 return key_senderror(so, m, ENOENT);
 2450         }
 2451 
 2452         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2453                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 2454                         --cnt;
 2455                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2456                             mhp->msg->sadb_msg_pid);
 2457 
 2458                         if (n)
 2459                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2460                 }
 2461         }
 2462 
 2463         SPTREE_UNLOCK();
 2464         m_freem(m);
 2465         return 0;
 2466 }
 2467 
 2468 static struct mbuf *
 2469 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, u_int32_t pid)
 2470 {
 2471         struct mbuf *result = NULL, *m;
 2472         struct seclifetime lt;
 2473 
 2474         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2475         if (!m)
 2476                 goto fail;
 2477         result = m;
 2478 
 2479         /*
 2480          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2481          * we are sending traffic endpoints.
 2482          */
 2483         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2484             &sp->spidx.src.sa, sp->spidx.prefs,
 2485             sp->spidx.ul_proto);
 2486         if (!m)
 2487                 goto fail;
 2488         m_cat(result, m);
 2489 
 2490         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2491             &sp->spidx.dst.sa, sp->spidx.prefd,
 2492             sp->spidx.ul_proto);
 2493         if (!m)
 2494                 goto fail;
 2495         m_cat(result, m);
 2496 
 2497         m = key_sp2msg(sp);
 2498         if (!m)
 2499                 goto fail;
 2500         m_cat(result, m);
 2501 
 2502         if(sp->lifetime){
 2503                 lt.addtime=sp->created;
 2504                 lt.usetime= sp->lastused;
 2505                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_CURRENT);
 2506                 if (!m)
 2507                         goto fail;
 2508                 m_cat(result, m);
 2509                 
 2510                 lt.addtime=sp->lifetime;
 2511                 lt.usetime= sp->validtime;
 2512                 m = key_setlifetime(&lt, SADB_EXT_LIFETIME_HARD);
 2513                 if (!m)
 2514                         goto fail;
 2515                 m_cat(result, m);
 2516         }
 2517 
 2518         if ((result->m_flags & M_PKTHDR) == 0)
 2519                 goto fail;
 2520 
 2521         if (result->m_len < sizeof(struct sadb_msg)) {
 2522                 result = m_pullup(result, sizeof(struct sadb_msg));
 2523                 if (result == NULL)
 2524                         goto fail;
 2525         }
 2526 
 2527         result->m_pkthdr.len = 0;
 2528         for (m = result; m; m = m->m_next)
 2529                 result->m_pkthdr.len += m->m_len;
 2530 
 2531         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2532             PFKEY_UNIT64(result->m_pkthdr.len);
 2533 
 2534         return result;
 2535 
 2536 fail:
 2537         m_freem(result);
 2538         return NULL;
 2539 }
 2540 
 2541 /*
 2542  * get PFKEY message length for security policy and request.
 2543  */
 2544 static u_int
 2545 key_getspreqmsglen(sp)
 2546         struct secpolicy *sp;
 2547 {
 2548         u_int tlen;
 2549 
 2550         tlen = sizeof(struct sadb_x_policy);
 2551 
 2552         /* if is the policy for ipsec ? */
 2553         if (sp->policy != IPSEC_POLICY_IPSEC)
 2554                 return tlen;
 2555 
 2556         /* get length of ipsec requests */
 2557     {
 2558         struct ipsecrequest *isr;
 2559         int len;
 2560 
 2561         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2562                 len = sizeof(struct sadb_x_ipsecrequest)
 2563                         + isr->saidx.src.sa.sa_len
 2564                         + isr->saidx.dst.sa.sa_len;
 2565 
 2566                 tlen += PFKEY_ALIGN8(len);
 2567         }
 2568     }
 2569 
 2570         return tlen;
 2571 }
 2572 
 2573 /*
 2574  * SADB_SPDEXPIRE processing
 2575  * send
 2576  *   <base, address(SD), lifetime(CH), policy>
 2577  * to KMD by PF_KEY.
 2578  *
 2579  * OUT: 0       : succeed
 2580  *      others  : error number
 2581  */
 2582 static int
 2583 key_spdexpire(sp)
 2584         struct secpolicy *sp;
 2585 {
 2586         struct mbuf *result = NULL, *m;
 2587         int len;
 2588         int error = -1;
 2589         struct sadb_lifetime *lt;
 2590 
 2591         /* XXX: Why do we lock ? */
 2592 
 2593         IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
 2594 
 2595         /* set msg header */
 2596         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2597         if (!m) {
 2598                 error = ENOBUFS;
 2599                 goto fail;
 2600         }
 2601         result = m;
 2602 
 2603         /* create lifetime extension (current and hard) */
 2604         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2605         m = key_alloc_mbuf(len);
 2606         if (!m || m->m_next) {  /*XXX*/
 2607                 if (m)
 2608                         m_freem(m);
 2609                 error = ENOBUFS;
 2610                 goto fail;
 2611         }
 2612         bzero(mtod(m, caddr_t), len);
 2613         lt = mtod(m, struct sadb_lifetime *);
 2614         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2615         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2616         lt->sadb_lifetime_allocations = 0;
 2617         lt->sadb_lifetime_bytes = 0;
 2618         lt->sadb_lifetime_addtime = sp->created;
 2619         lt->sadb_lifetime_usetime = sp->lastused;
 2620         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2621         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2622         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2623         lt->sadb_lifetime_allocations = 0;
 2624         lt->sadb_lifetime_bytes = 0;
 2625         lt->sadb_lifetime_addtime = sp->lifetime;
 2626         lt->sadb_lifetime_usetime = sp->validtime;
 2627         m_cat(result, m);
 2628 
 2629         /*
 2630          * Note: do not send SADB_X_EXT_NAT_T_* here:
 2631          * we are sending traffic endpoints.
 2632          */
 2633 
 2634         /* set sadb_address for source */
 2635         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2636             &sp->spidx.src.sa,
 2637             sp->spidx.prefs, sp->spidx.ul_proto);
 2638         if (!m) {
 2639                 error = ENOBUFS;
 2640                 goto fail;
 2641         }
 2642         m_cat(result, m);
 2643 
 2644         /* set sadb_address for destination */
 2645         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2646             &sp->spidx.dst.sa,
 2647             sp->spidx.prefd, sp->spidx.ul_proto);
 2648         if (!m) {
 2649                 error = ENOBUFS;
 2650                 goto fail;
 2651         }
 2652         m_cat(result, m);
 2653 
 2654         /* set secpolicy */
 2655         m = key_sp2msg(sp);
 2656         if (!m) {
 2657                 error = ENOBUFS;
 2658                 goto fail;
 2659         }
 2660         m_cat(result, m);
 2661 
 2662         if ((result->m_flags & M_PKTHDR) == 0) {
 2663                 error = EINVAL;
 2664                 goto fail;
 2665         }
 2666 
 2667         if (result->m_len < sizeof(struct sadb_msg)) {
 2668                 result = m_pullup(result, sizeof(struct sadb_msg));
 2669                 if (result == NULL) {
 2670                         error = ENOBUFS;
 2671                         goto fail;
 2672                 }
 2673         }
 2674 
 2675         result->m_pkthdr.len = 0;
 2676         for (m = result; m; m = m->m_next)
 2677                 result->m_pkthdr.len += m->m_len;
 2678 
 2679         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2680             PFKEY_UNIT64(result->m_pkthdr.len);
 2681 
 2682         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2683 
 2684  fail:
 2685         if (result)
 2686                 m_freem(result);
 2687         return error;
 2688 }
 2689 
 2690 /* %%% SAD management */
 2691 /*
 2692  * allocating a memory for new SA head, and copy from the values of mhp.
 2693  * OUT: NULL    : failure due to the lack of memory.
 2694  *      others  : pointer to new SA head.
 2695  */
 2696 static struct secashead *
 2697 key_newsah(saidx)
 2698         struct secasindex *saidx;
 2699 {
 2700         struct secashead *newsah;
 2701 
 2702         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 2703 
 2704         newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO);
 2705         if (newsah != NULL) {
 2706                 int i;
 2707                 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++)
 2708                         LIST_INIT(&newsah->savtree[i]);
 2709                 newsah->saidx = *saidx;
 2710 
 2711                 /* add to saidxtree */
 2712                 newsah->state = SADB_SASTATE_MATURE;
 2713 
 2714                 SAHTREE_LOCK();
 2715                 LIST_INSERT_HEAD(&V_sahtree, newsah, chain);
 2716                 SAHTREE_UNLOCK();
 2717         }
 2718         return(newsah);
 2719 }
 2720 
 2721 /*
 2722  * delete SA index and all SA registerd.
 2723  */
 2724 static void
 2725 key_delsah(sah)
 2726         struct secashead *sah;
 2727 {
 2728         struct secasvar *sav, *nextsav;
 2729         u_int stateidx;
 2730         int zombie = 0;
 2731 
 2732         IPSEC_ASSERT(sah != NULL, ("NULL sah"));
 2733         SAHTREE_LOCK_ASSERT();
 2734 
 2735         /* searching all SA registerd in the secindex. */
 2736         for (stateidx = 0;
 2737              stateidx < _ARRAYLEN(saorder_state_any);
 2738              stateidx++) {
 2739                 u_int state = saorder_state_any[stateidx];
 2740                 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) {
 2741                         if (sav->refcnt == 0) {
 2742                                 /* sanity check */
 2743                                 KEY_CHKSASTATE(state, sav->state, __func__);
 2744                                 /* 
 2745                                  * do NOT call KEY_FREESAV here:
 2746                                  * it will only delete the sav if refcnt == 1,
 2747                                  * where we already know that refcnt == 0
 2748                                  */
 2749                                 key_delsav(sav);
 2750                         } else {
 2751                                 /* give up to delete this sa */
 2752                                 zombie++;
 2753                         }
 2754                 }
 2755         }
 2756         if (!zombie) {          /* delete only if there are savs */
 2757                 /* remove from tree of SA index */
 2758                 if (__LIST_CHAINED(sah))
 2759                         LIST_REMOVE(sah, chain);
 2760                 if (sah->route_cache.sa_route.ro_rt) {
 2761                         RTFREE(sah->route_cache.sa_route.ro_rt);
 2762                         sah->route_cache.sa_route.ro_rt = (struct rtentry *)NULL;
 2763                 }
 2764                 free(sah, M_IPSEC_SAH);
 2765         }
 2766 }
 2767 
 2768 /*
 2769  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2770  * and copy the values of mhp into new buffer.
 2771  * When SAD message type is GETSPI:
 2772  *      to set sequence number from acq_seq++,
 2773  *      to set zero to SPI.
 2774  *      not to call key_setsava().
 2775  * OUT: NULL    : fail
 2776  *      others  : pointer to new secasvar.
 2777  *
 2778  * does not modify mbuf.  does not free mbuf on error.
 2779  */
 2780 static struct secasvar *
 2781 key_newsav(m, mhp, sah, errp, where, tag)
 2782         struct mbuf *m;
 2783         const struct sadb_msghdr *mhp;
 2784         struct secashead *sah;
 2785         int *errp;
 2786         const char* where;
 2787         int tag;
 2788 {
 2789         struct secasvar *newsav;
 2790         const struct sadb_sa *xsa;
 2791 
 2792         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 2793         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 2794         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 2795         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 2796 
 2797         newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO);
 2798         if (newsav == NULL) {
 2799                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 2800                 *errp = ENOBUFS;
 2801                 goto done;
 2802         }
 2803 
 2804         switch (mhp->msg->sadb_msg_type) {
 2805         case SADB_GETSPI:
 2806                 newsav->spi = 0;
 2807 
 2808 #ifdef IPSEC_DOSEQCHECK
 2809                 /* sync sequence number */
 2810                 if (mhp->msg->sadb_msg_seq == 0)
 2811                         newsav->seq =
 2812                                 (V_acq_seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq));
 2813                 else
 2814 #endif
 2815                         newsav->seq = mhp->msg->sadb_msg_seq;
 2816                 break;
 2817 
 2818         case SADB_ADD:
 2819                 /* sanity check */
 2820                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2821                         free(newsav, M_IPSEC_SA);
 2822                         newsav = NULL;
 2823                         ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 2824                                 __func__));
 2825                         *errp = EINVAL;
 2826                         goto done;
 2827                 }
 2828                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2829                 newsav->spi = xsa->sadb_sa_spi;
 2830                 newsav->seq = mhp->msg->sadb_msg_seq;
 2831                 break;
 2832         default:
 2833                 free(newsav, M_IPSEC_SA);
 2834                 newsav = NULL;
 2835                 *errp = EINVAL;
 2836                 goto done;
 2837         }
 2838 
 2839 
 2840         /* copy sav values */
 2841         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2842                 *errp = key_setsaval(newsav, m, mhp);
 2843                 if (*errp) {
 2844                         free(newsav, M_IPSEC_SA);
 2845                         newsav = NULL;
 2846                         goto done;
 2847                 }
 2848         }
 2849 
 2850         SECASVAR_LOCK_INIT(newsav);
 2851 
 2852         /* reset created */
 2853         newsav->created = time_second;
 2854         newsav->pid = mhp->msg->sadb_msg_pid;
 2855 
 2856         /* add to satree */
 2857         newsav->sah = sah;
 2858         sa_initref(newsav);
 2859         newsav->state = SADB_SASTATE_LARVAL;
 2860 
 2861         SAHTREE_LOCK();
 2862         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2863                         secasvar, chain);
 2864         SAHTREE_UNLOCK();
 2865 done:
 2866         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 2867                 printf("DP %s from %s:%u return SP:%p\n", __func__,
 2868                         where, tag, newsav));
 2869 
 2870         return newsav;
 2871 }
 2872 
 2873 /*
 2874  * free() SA variable entry.
 2875  */
 2876 static void
 2877 key_cleansav(struct secasvar *sav)
 2878 {
 2879         /*
 2880          * Cleanup xform state.  Note that zeroize'ing causes the
 2881          * keys to be cleared; otherwise we must do it ourself.
 2882          */
 2883         if (sav->tdb_xform != NULL) {
 2884                 sav->tdb_xform->xf_zeroize(sav);
 2885                 sav->tdb_xform = NULL;
 2886         } else {
 2887                 KASSERT(sav->iv == NULL, ("iv but no xform"));
 2888                 if (sav->key_auth != NULL)
 2889                         bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
 2890                 if (sav->key_enc != NULL)
 2891                         bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc));
 2892         }
 2893         if (sav->key_auth != NULL) {
 2894                 if (sav->key_auth->key_data != NULL)
 2895                         free(sav->key_auth->key_data, M_IPSEC_MISC);
 2896                 free(sav->key_auth, M_IPSEC_MISC);
 2897                 sav->key_auth = NULL;
 2898         }
 2899         if (sav->key_enc != NULL) {
 2900                 if (sav->key_enc->key_data != NULL)
 2901                         free(sav->key_enc->key_data, M_IPSEC_MISC);
 2902                 free(sav->key_enc, M_IPSEC_MISC);
 2903                 sav->key_enc = NULL;
 2904         }
 2905         if (sav->sched) {
 2906                 bzero(sav->sched, sav->schedlen);
 2907                 free(sav->sched, M_IPSEC_MISC);
 2908                 sav->sched = NULL;
 2909         }
 2910         if (sav->replay != NULL) {
 2911                 free(sav->replay, M_IPSEC_MISC);
 2912                 sav->replay = NULL;
 2913         }
 2914         if (sav->lft_c != NULL) {
 2915                 free(sav->lft_c, M_IPSEC_MISC);
 2916                 sav->lft_c = NULL;
 2917         }
 2918         if (sav->lft_h != NULL) {
 2919                 free(sav->lft_h, M_IPSEC_MISC);
 2920                 sav->lft_h = NULL;
 2921         }
 2922         if (sav->lft_s != NULL) {
 2923                 free(sav->lft_s, M_IPSEC_MISC);
 2924                 sav->lft_s = NULL;
 2925         }
 2926 }
 2927 
 2928 /*
 2929  * free() SA variable entry.
 2930  */
 2931 static void
 2932 key_delsav(sav)
 2933         struct secasvar *sav;
 2934 {
 2935         IPSEC_ASSERT(sav != NULL, ("null sav"));
 2936         IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt));
 2937 
 2938         /* remove from SA header */
 2939         if (__LIST_CHAINED(sav))
 2940                 LIST_REMOVE(sav, chain);
 2941         key_cleansav(sav);
 2942         SECASVAR_LOCK_DESTROY(sav);
 2943         free(sav, M_IPSEC_SA);
 2944 }
 2945 
 2946 /*
 2947  * search SAD.
 2948  * OUT:
 2949  *      NULL    : not found
 2950  *      others  : found, pointer to a SA.
 2951  */
 2952 static struct secashead *
 2953 key_getsah(saidx)
 2954         struct secasindex *saidx;
 2955 {
 2956         struct secashead *sah;
 2957 
 2958         SAHTREE_LOCK();
 2959         LIST_FOREACH(sah, &V_sahtree, chain) {
 2960                 if (sah->state == SADB_SASTATE_DEAD)
 2961                         continue;
 2962                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
 2963                         break;
 2964         }
 2965         SAHTREE_UNLOCK();
 2966 
 2967         return sah;
 2968 }
 2969 
 2970 /*
 2971  * check not to be duplicated SPI.
 2972  * NOTE: this function is too slow due to searching all SAD.
 2973  * OUT:
 2974  *      NULL    : not found
 2975  *      others  : found, pointer to a SA.
 2976  */
 2977 static struct secasvar *
 2978 key_checkspidup(saidx, spi)
 2979         struct secasindex *saidx;
 2980         u_int32_t spi;
 2981 {
 2982         struct secashead *sah;
 2983         struct secasvar *sav;
 2984 
 2985         /* check address family */
 2986         if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
 2987                 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 2988                         __func__));
 2989                 return NULL;
 2990         }
 2991 
 2992         sav = NULL;
 2993         /* check all SAD */
 2994         SAHTREE_LOCK();
 2995         LIST_FOREACH(sah, &V_sahtree, chain) {
 2996                 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
 2997                         continue;
 2998                 sav = key_getsavbyspi(sah, spi);
 2999                 if (sav != NULL)
 3000                         break;
 3001         }
 3002         SAHTREE_UNLOCK();
 3003 
 3004         return sav;
 3005 }
 3006 
 3007 /*
 3008  * search SAD litmited alive SA, protocol, SPI.
 3009  * OUT:
 3010  *      NULL    : not found
 3011  *      others  : found, pointer to a SA.
 3012  */
 3013 static struct secasvar *
 3014 key_getsavbyspi(sah, spi)
 3015         struct secashead *sah;
 3016         u_int32_t spi;
 3017 {
 3018         struct secasvar *sav;
 3019         u_int stateidx, state;
 3020 
 3021         sav = NULL;
 3022         SAHTREE_LOCK_ASSERT();
 3023         /* search all status */
 3024         for (stateidx = 0;
 3025              stateidx < _ARRAYLEN(saorder_state_alive);
 3026              stateidx++) {
 3027 
 3028                 state = saorder_state_alive[stateidx];
 3029                 LIST_FOREACH(sav, &sah->savtree[state], chain) {
 3030 
 3031                         /* sanity check */
 3032                         if (sav->state != state) {
 3033                                 ipseclog((LOG_DEBUG, "%s: "
 3034                                     "invalid sav->state (queue: %d SA: %d)\n",
 3035                                     __func__, state, sav->state));
 3036                                 continue;
 3037                         }
 3038 
 3039                         if (sav->spi == spi)
 3040                                 return sav;
 3041                 }
 3042         }
 3043 
 3044         return NULL;
 3045 }
 3046 
 3047 /*
 3048  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 3049  * You must update these if need.
 3050  * OUT: 0:      success.
 3051  *      !0:     failure.
 3052  *
 3053  * does not modify mbuf.  does not free mbuf on error.
 3054  */
 3055 static int
 3056 key_setsaval(sav, m, mhp)
 3057         struct secasvar *sav;
 3058         struct mbuf *m;
 3059         const struct sadb_msghdr *mhp;
 3060 {
 3061         int error = 0;
 3062 
 3063         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 3064         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 3065         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 3066 
 3067         /* initialization */
 3068         sav->replay = NULL;
 3069         sav->key_auth = NULL;
 3070         sav->key_enc = NULL;
 3071         sav->sched = NULL;
 3072         sav->schedlen = 0;
 3073         sav->iv = NULL;
 3074         sav->lft_c = NULL;
 3075         sav->lft_h = NULL;
 3076         sav->lft_s = NULL;
 3077         sav->tdb_xform = NULL;          /* transform */
 3078         sav->tdb_encalgxform = NULL;    /* encoding algorithm */
 3079         sav->tdb_authalgxform = NULL;   /* authentication algorithm */
 3080         sav->tdb_compalgxform = NULL;   /* compression algorithm */
 3081         /*  Initialize even if NAT-T not compiled in: */
 3082         sav->natt_type = 0;
 3083         sav->natt_esp_frag_len = 0;
 3084 
 3085         /* SA */
 3086         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3087                 const struct sadb_sa *sa0;
 3088 
 3089                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3090                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3091                         error = EINVAL;
 3092                         goto fail;
 3093                 }
 3094 
 3095                 sav->alg_auth = sa0->sadb_sa_auth;
 3096                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3097                 sav->flags = sa0->sadb_sa_flags;
 3098 
 3099                 /* replay window */
 3100                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3101                         sav->replay = (struct secreplay *)
 3102                                 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO);
 3103                         if (sav->replay == NULL) {
 3104                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3105                                         __func__));
 3106                                 error = ENOBUFS;
 3107                                 goto fail;
 3108                         }
 3109                         if (sa0->sadb_sa_replay != 0)
 3110                                 sav->replay->bitmap = (caddr_t)(sav->replay+1);
 3111                         sav->replay->wsize = sa0->sadb_sa_replay;
 3112                 }
 3113         }
 3114 
 3115         /* Authentication keys */
 3116         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3117                 const struct sadb_key *key0;
 3118                 int len;
 3119 
 3120                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3121                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3122 
 3123                 error = 0;
 3124                 if (len < sizeof(*key0)) {
 3125                         error = EINVAL;
 3126                         goto fail;
 3127                 }
 3128                 switch (mhp->msg->sadb_msg_satype) {
 3129                 case SADB_SATYPE_AH:
 3130                 case SADB_SATYPE_ESP:
 3131                 case SADB_X_SATYPE_TCPSIGNATURE:
 3132                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3133                             sav->alg_auth != SADB_X_AALG_NULL)
 3134                                 error = EINVAL;
 3135                         break;
 3136                 case SADB_X_SATYPE_IPCOMP:
 3137                 default:
 3138                         error = EINVAL;
 3139                         break;
 3140                 }
 3141                 if (error) {
 3142                         ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n",
 3143                                 __func__));
 3144                         goto fail;
 3145                 }
 3146 
 3147                 sav->key_auth = (struct seckey *)key_dup_keymsg(key0, len,
 3148                                                                 M_IPSEC_MISC);
 3149                 if (sav->key_auth == NULL ) {
 3150                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3151                                   __func__));
 3152                         error = ENOBUFS;
 3153                         goto fail;
 3154                 }
 3155         }
 3156 
 3157         /* Encryption key */
 3158         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3159                 const struct sadb_key *key0;
 3160                 int len;
 3161 
 3162                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3163                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3164 
 3165                 error = 0;
 3166                 if (len < sizeof(*key0)) {
 3167                         error = EINVAL;
 3168                         goto fail;
 3169                 }
 3170                 switch (mhp->msg->sadb_msg_satype) {
 3171                 case SADB_SATYPE_ESP:
 3172                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3173                             sav->alg_enc != SADB_EALG_NULL) {
 3174                                 error = EINVAL;
 3175                                 break;
 3176                         }
 3177                         sav->key_enc = (struct seckey *)key_dup_keymsg(key0,
 3178                                                                        len,
 3179                                                                        M_IPSEC_MISC);
 3180                         if (sav->key_enc == NULL) {
 3181                                 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
 3182                                         __func__));
 3183                                 error = ENOBUFS;
 3184                                 goto fail;
 3185                         }
 3186                         break;
 3187                 case SADB_X_SATYPE_IPCOMP:
 3188                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3189                                 error = EINVAL;
 3190                         sav->key_enc = NULL;    /*just in case*/
 3191                         break;
 3192                 case SADB_SATYPE_AH:
 3193                 case SADB_X_SATYPE_TCPSIGNATURE:
 3194                 default:
 3195                         error = EINVAL;
 3196                         break;
 3197                 }
 3198                 if (error) {
 3199                         ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n",
 3200                                 __func__));
 3201                         goto fail;
 3202                 }
 3203         }
 3204 
 3205         /* set iv */
 3206         sav->ivlen = 0;
 3207 
 3208         switch (mhp->msg->sadb_msg_satype) {
 3209         case SADB_SATYPE_AH:
 3210                 error = xform_init(sav, XF_AH);
 3211                 break;
 3212         case SADB_SATYPE_ESP:
 3213                 error = xform_init(sav, XF_ESP);
 3214                 break;
 3215         case SADB_X_SATYPE_IPCOMP:
 3216                 error = xform_init(sav, XF_IPCOMP);
 3217                 break;
 3218         case SADB_X_SATYPE_TCPSIGNATURE:
 3219                 error = xform_init(sav, XF_TCPSIGNATURE);
 3220                 break;
 3221         }
 3222         if (error) {
 3223                 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n",
 3224                         __func__, mhp->msg->sadb_msg_satype));
 3225                 goto fail;
 3226         }
 3227 
 3228         /* reset created */
 3229         sav->created = time_second;
 3230 
 3231         /* make lifetime for CURRENT */
 3232         sav->lft_c = malloc(sizeof(struct seclifetime), M_IPSEC_MISC, M_NOWAIT);
 3233         if (sav->lft_c == NULL) {
 3234                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3235                 error = ENOBUFS;
 3236                 goto fail;
 3237         }
 3238 
 3239         sav->lft_c->allocations = 0;
 3240         sav->lft_c->bytes = 0;
 3241         sav->lft_c->addtime = time_second;
 3242         sav->lft_c->usetime = 0;
 3243 
 3244         /* lifetimes for HARD and SOFT */
 3245     {
 3246         const struct sadb_lifetime *lft0;
 3247 
 3248         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3249         if (lft0 != NULL) {
 3250                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3251                         error = EINVAL;
 3252                         goto fail;
 3253                 }
 3254                 sav->lft_h = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3255                 if (sav->lft_h == NULL) {
 3256                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3257                         error = ENOBUFS;
 3258                         goto fail;
 3259                 }
 3260                 /* to be initialize ? */
 3261         }
 3262 
 3263         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3264         if (lft0 != NULL) {
 3265                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3266                         error = EINVAL;
 3267                         goto fail;
 3268                 }
 3269                 sav->lft_s = key_dup_lifemsg(lft0, M_IPSEC_MISC);
 3270                 if (sav->lft_s == NULL) {
 3271                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 3272                         error = ENOBUFS;
 3273                         goto fail;
 3274                 }
 3275                 /* to be initialize ? */
 3276         }
 3277     }
 3278 
 3279         return 0;
 3280 
 3281  fail:
 3282         /* initialization */
 3283         key_cleansav(sav);
 3284 
 3285         return error;
 3286 }
 3287 
 3288 /*
 3289  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3290  * OUT: 0:      valid
 3291  *      other:  errno
 3292  */
 3293 static int
 3294 key_mature(struct secasvar *sav)
 3295 {
 3296         int error;
 3297 
 3298         /* check SPI value */
 3299         switch (sav->sah->saidx.proto) {
 3300         case IPPROTO_ESP:
 3301         case IPPROTO_AH:
 3302                 /*
 3303                  * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
 3304                  * 1-255 reserved by IANA for future use,
 3305                  * 0 for implementation specific, local use.
 3306                  */
 3307                 if (ntohl(sav->spi) <= 255) {
 3308                         ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
 3309                             __func__, (u_int32_t)ntohl(sav->spi)));
 3310                         return EINVAL;
 3311                 }
 3312                 break;
 3313         }
 3314 
 3315         /* check satype */
 3316         switch (sav->sah->saidx.proto) {
 3317         case IPPROTO_ESP:
 3318                 /* check flags */
 3319                 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
 3320                     (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
 3321                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3322                                 "given to old-esp.\n", __func__));
 3323                         return EINVAL;
 3324                 }
 3325                 error = xform_init(sav, XF_ESP);
 3326                 break;
 3327         case IPPROTO_AH:
 3328                 /* check flags */
 3329                 if (sav->flags & SADB_X_EXT_DERIV) {
 3330                         ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
 3331                                 "given to AH SA.\n", __func__));
 3332                         return EINVAL;
 3333                 }
 3334                 if (sav->alg_enc != SADB_EALG_NONE) {
 3335                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3336                                 "mismated.\n", __func__));
 3337                         return(EINVAL);
 3338                 }
 3339                 error = xform_init(sav, XF_AH);
 3340                 break;
 3341         case IPPROTO_IPCOMP:
 3342                 if (sav->alg_auth != SADB_AALG_NONE) {
 3343                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3344                                 "mismated.\n", __func__));
 3345                         return(EINVAL);
 3346                 }
 3347                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
 3348                  && ntohl(sav->spi) >= 0x10000) {
 3349                         ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
 3350                                 __func__));
 3351                         return(EINVAL);
 3352                 }
 3353                 error = xform_init(sav, XF_IPCOMP);
 3354                 break;
 3355         case IPPROTO_TCP:
 3356                 if (sav->alg_enc != SADB_EALG_NONE) {
 3357                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3358                                 "mismated.\n", __func__));
 3359                         return(EINVAL);
 3360                 }
 3361                 error = xform_init(sav, XF_TCPSIGNATURE);
 3362                 break;
 3363         default:
 3364                 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
 3365                 error = EPROTONOSUPPORT;
 3366                 break;
 3367         }
 3368         if (error == 0) {
 3369                 SAHTREE_LOCK();
 3370                 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3371                 SAHTREE_UNLOCK();
 3372         }
 3373         return (error);
 3374 }
 3375 
 3376 /*
 3377  * subroutine for SADB_GET and SADB_DUMP.
 3378  */
 3379 static struct mbuf *
 3380 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
 3381     u_int32_t seq, u_int32_t pid)
 3382 {
 3383         struct mbuf *result = NULL, *tres = NULL, *m;
 3384         int i;
 3385         int dumporder[] = {
 3386                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3387                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3388                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3389                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3390                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3391                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3392 #ifdef IPSEC_NAT_T
 3393                 SADB_X_EXT_NAT_T_TYPE,
 3394                 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
 3395                 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
 3396                 SADB_X_EXT_NAT_T_FRAG,
 3397 #endif
 3398         };
 3399 
 3400         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3401         if (m == NULL)
 3402                 goto fail;
 3403         result = m;
 3404 
 3405         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3406                 m = NULL;
 3407                 switch (dumporder[i]) {
 3408                 case SADB_EXT_SA:
 3409                         m = key_setsadbsa(sav);
 3410                         if (!m)
 3411                                 goto fail;
 3412                         break;
 3413 
 3414                 case SADB_X_EXT_SA2:
 3415                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3416                                         sav->replay ? sav->replay->count : 0,
 3417                                         sav->sah->saidx.reqid);
 3418                         if (!m)
 3419                                 goto fail;
 3420                         break;
 3421 
 3422                 case SADB_EXT_ADDRESS_SRC:
 3423                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3424                             &sav->sah->saidx.src.sa,
 3425                             FULLMASK, IPSEC_ULPROTO_ANY);
 3426                         if (!m)
 3427                                 goto fail;
 3428                         break;
 3429 
 3430                 case SADB_EXT_ADDRESS_DST:
 3431                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3432                             &sav->sah->saidx.dst.sa,
 3433                             FULLMASK, IPSEC_ULPROTO_ANY);
 3434                         if (!m)
 3435                                 goto fail;
 3436                         break;
 3437 
 3438                 case SADB_EXT_KEY_AUTH:
 3439                         if (!sav->key_auth)
 3440                                 continue;
 3441                         m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
 3442                         if (!m)
 3443                                 goto fail;
 3444                         break;
 3445 
 3446                 case SADB_EXT_KEY_ENCRYPT:
 3447                         if (!sav->key_enc)
 3448                                 continue;
 3449                         m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
 3450                         if (!m)
 3451                                 goto fail;
 3452                         break;
 3453 
 3454                 case SADB_EXT_LIFETIME_CURRENT:
 3455                         if (!sav->lft_c)
 3456                                 continue;
 3457                         m = key_setlifetime(sav->lft_c, 
 3458                                             SADB_EXT_LIFETIME_CURRENT);
 3459                         if (!m)
 3460                                 goto fail;
 3461                         break;
 3462 
 3463                 case SADB_EXT_LIFETIME_HARD:
 3464                         if (!sav->lft_h)
 3465                                 continue;
 3466                         m = key_setlifetime(sav->lft_h, 
 3467                                             SADB_EXT_LIFETIME_HARD);
 3468                         if (!m)
 3469                                 goto fail;
 3470                         break;
 3471 
 3472                 case SADB_EXT_LIFETIME_SOFT:
 3473                         if (!sav->lft_s)
 3474                                 continue;
 3475                         m = key_setlifetime(sav->lft_s, 
 3476                                             SADB_EXT_LIFETIME_SOFT);
 3477 
 3478                         if (!m)
 3479                                 goto fail;
 3480                         break;
 3481 
 3482 #ifdef IPSEC_NAT_T
 3483                 case SADB_X_EXT_NAT_T_TYPE:
 3484                         m = key_setsadbxtype(sav->natt_type);
 3485                         if (!m)
 3486                                 goto fail;
 3487                         break;
 3488                 
 3489                 case SADB_X_EXT_NAT_T_DPORT:
 3490                         m = key_setsadbxport(
 3491                             KEY_PORTFROMSADDR(&sav->sah->saidx.dst),
 3492                             SADB_X_EXT_NAT_T_DPORT);
 3493                         if (!m)
 3494                                 goto fail;
 3495                         break;
 3496 
 3497                 case SADB_X_EXT_NAT_T_SPORT:
 3498                         m = key_setsadbxport(
 3499                             KEY_PORTFROMSADDR(&sav->sah->saidx.src),
 3500                             SADB_X_EXT_NAT_T_SPORT);
 3501                         if (!m)
 3502                                 goto fail;
 3503                         break;
 3504 
 3505                 case SADB_X_EXT_NAT_T_OAI:
 3506                 case SADB_X_EXT_NAT_T_OAR:
 3507                 case SADB_X_EXT_NAT_T_FRAG:
 3508                         /* We do not (yet) support those. */
 3509                         continue;
 3510 #endif
 3511 
 3512                 case SADB_EXT_ADDRESS_PROXY:
 3513                 case SADB_EXT_IDENTITY_SRC:
 3514                 case SADB_EXT_IDENTITY_DST:
 3515                         /* XXX: should we brought from SPD ? */
 3516                 case SADB_EXT_SENSITIVITY:
 3517                 default:
 3518                         continue;
 3519                 }
 3520 
 3521                 if (!m)
 3522                         goto fail;
 3523                 if (tres)
 3524                         m_cat(m, tres);
 3525                 tres = m;
 3526                   
 3527         }
 3528 
 3529         m_cat(result, tres);
 3530         if (result->m_len < sizeof(struct sadb_msg)) {
 3531                 result = m_pullup(result, sizeof(struct sadb_msg));
 3532                 if (result == NULL)
 3533                         goto fail;
 3534         }
 3535 
 3536         result->m_pkthdr.len = 0;
 3537         for (m = result; m; m = m->m_next)
 3538                 result->m_pkthdr.len += m->m_len;
 3539 
 3540         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3541             PFKEY_UNIT64(result->m_pkthdr.len);
 3542 
 3543         return result;
 3544 
 3545 fail:
 3546         m_freem(result);
 3547         m_freem(tres);
 3548         return NULL;
 3549 }
 3550 
 3551 /*
 3552  * set data into sadb_msg.
 3553  */
 3554 static struct mbuf *
 3555 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq,
 3556     pid_t pid, u_int16_t reserved)
 3557 {
 3558         struct mbuf *m;
 3559         struct sadb_msg *p;
 3560         int len;
 3561 
 3562         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3563         if (len > MCLBYTES)
 3564                 return NULL;
 3565         MGETHDR(m, M_DONTWAIT, MT_DATA);
 3566         if (m && len > MHLEN) {
 3567                 MCLGET(m, M_DONTWAIT);
 3568                 if ((m->m_flags & M_EXT) == 0) {
 3569                         m_freem(m);
 3570                         m = NULL;
 3571                 }
 3572         }
 3573         if (!m)
 3574                 return NULL;
 3575         m->m_pkthdr.len = m->m_len = len;
 3576         m->m_next = NULL;
 3577 
 3578         p = mtod(m, struct sadb_msg *);
 3579 
 3580         bzero(p, len);
 3581         p->sadb_msg_version = PF_KEY_V2;
 3582         p->sadb_msg_type = type;
 3583         p->sadb_msg_errno = 0;
 3584         p->sadb_msg_satype = satype;
 3585         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3586         p->sadb_msg_reserved = reserved;
 3587         p->sadb_msg_seq = seq;
 3588         p->sadb_msg_pid = (u_int32_t)pid;
 3589 
 3590         return m;
 3591 }
 3592 
 3593 /*
 3594  * copy secasvar data into sadb_address.
 3595  */
 3596 static struct mbuf *
 3597 key_setsadbsa(sav)
 3598         struct secasvar *sav;
 3599 {
 3600         struct mbuf *m;
 3601         struct sadb_sa *p;
 3602         int len;
 3603 
 3604         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3605         m = key_alloc_mbuf(len);
 3606         if (!m || m->m_next) {  /*XXX*/
 3607                 if (m)
 3608                         m_freem(m);
 3609                 return NULL;
 3610         }
 3611 
 3612         p = mtod(m, struct sadb_sa *);
 3613 
 3614         bzero(p, len);
 3615         p->sadb_sa_len = PFKEY_UNIT64(len);
 3616         p->sadb_sa_exttype = SADB_EXT_SA;
 3617         p->sadb_sa_spi = sav->spi;
 3618         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3619         p->sadb_sa_state = sav->state;
 3620         p->sadb_sa_auth = sav->alg_auth;
 3621         p->sadb_sa_encrypt = sav->alg_enc;
 3622         p->sadb_sa_flags = sav->flags;
 3623 
 3624         return m;
 3625 }
 3626 
 3627 /*
 3628  * set data into sadb_address.
 3629  */
 3630 static struct mbuf *
 3631 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, u_int8_t prefixlen, u_int16_t ul_proto)
 3632 {
 3633         struct mbuf *m;
 3634         struct sadb_address *p;
 3635         size_t len;
 3636 
 3637         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3638             PFKEY_ALIGN8(saddr->sa_len);
 3639         m = key_alloc_mbuf(len);
 3640         if (!m || m->m_next) {  /*XXX*/
 3641                 if (m)
 3642                         m_freem(m);
 3643                 return NULL;
 3644         }
 3645 
 3646         p = mtod(m, struct sadb_address *);
 3647 
 3648         bzero(p, len);
 3649         p->sadb_address_len = PFKEY_UNIT64(len);
 3650         p->sadb_address_exttype = exttype;
 3651         p->sadb_address_proto = ul_proto;
 3652         if (prefixlen == FULLMASK) {
 3653                 switch (saddr->sa_family) {
 3654                 case AF_INET:
 3655                         prefixlen = sizeof(struct in_addr) << 3;
 3656                         break;
 3657                 case AF_INET6:
 3658                         prefixlen = sizeof(struct in6_addr) << 3;
 3659                         break;
 3660                 default:
 3661                         ; /*XXX*/
 3662                 }
 3663         }
 3664         p->sadb_address_prefixlen = prefixlen;
 3665         p->sadb_address_reserved = 0;
 3666 
 3667         bcopy(saddr,
 3668             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3669             saddr->sa_len);
 3670 
 3671         return m;
 3672 }
 3673 
 3674 /*
 3675  * set data into sadb_x_sa2.
 3676  */
 3677 static struct mbuf *
 3678 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
 3679 {
 3680         struct mbuf *m;
 3681         struct sadb_x_sa2 *p;
 3682         size_t len;
 3683 
 3684         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3685         m = key_alloc_mbuf(len);
 3686         if (!m || m->m_next) {  /*XXX*/
 3687                 if (m)
 3688                         m_freem(m);
 3689                 return NULL;
 3690         }
 3691 
 3692         p = mtod(m, struct sadb_x_sa2 *);
 3693 
 3694         bzero(p, len);
 3695         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3696         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3697         p->sadb_x_sa2_mode = mode;
 3698         p->sadb_x_sa2_reserved1 = 0;
 3699         p->sadb_x_sa2_reserved2 = 0;
 3700         p->sadb_x_sa2_sequence = seq;
 3701         p->sadb_x_sa2_reqid = reqid;
 3702 
 3703         return m;
 3704 }
 3705 
 3706 #ifdef IPSEC_NAT_T
 3707 /*
 3708  * Set a type in sadb_x_nat_t_type.
 3709  */
 3710 static struct mbuf *
 3711 key_setsadbxtype(u_int16_t type)
 3712 {
 3713         struct mbuf *m;
 3714         size_t len;
 3715         struct sadb_x_nat_t_type *p;
 3716 
 3717         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
 3718 
 3719         m = key_alloc_mbuf(len);
 3720         if (!m || m->m_next) {  /*XXX*/
 3721                 if (m)
 3722                         m_freem(m);
 3723                 return (NULL);
 3724         }
 3725 
 3726         p = mtod(m, struct sadb_x_nat_t_type *);
 3727 
 3728         bzero(p, len);
 3729         p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
 3730         p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
 3731         p->sadb_x_nat_t_type_type = type;
 3732 
 3733         return (m);
 3734 }
 3735 /*
 3736  * Set a port in sadb_x_nat_t_port.
 3737  * In contrast to default RFC 2367 behaviour, port is in network byte order.
 3738  */
 3739 static struct mbuf *
 3740 key_setsadbxport(u_int16_t port, u_int16_t type)
 3741 {
 3742         struct mbuf *m;
 3743         size_t len;
 3744         struct sadb_x_nat_t_port *p;
 3745 
 3746         len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
 3747 
 3748         m = key_alloc_mbuf(len);
 3749         if (!m || m->m_next) {  /*XXX*/
 3750                 if (m)
 3751                         m_freem(m);
 3752                 return (NULL);
 3753         }
 3754 
 3755         p = mtod(m, struct sadb_x_nat_t_port *);
 3756 
 3757         bzero(p, len);
 3758         p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
 3759         p->sadb_x_nat_t_port_exttype = type;
 3760         p->sadb_x_nat_t_port_port = port;
 3761 
 3762         return (m);
 3763 }
 3764 
 3765 /* 
 3766  * Get port from sockaddr. Port is in network byte order.
 3767  */
 3768 u_int16_t 
 3769 key_portfromsaddr(struct sockaddr *sa)
 3770 {
 3771 
 3772         switch (sa->sa_family) {
 3773 #ifdef INET
 3774         case AF_INET:
 3775                 return ((struct sockaddr_in *)sa)->sin_port;
 3776 #endif
 3777 #ifdef INET6
 3778         case AF_INET6:
 3779                 return ((struct sockaddr_in6 *)sa)->sin6_port;
 3780 #endif
 3781         }
 3782         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 3783                 printf("DP %s unexpected address family %d\n",
 3784                         __func__, sa->sa_family));
 3785         return (0);
 3786 }
 3787 #endif /* IPSEC_NAT_T */
 3788 
 3789 /*
 3790  * Set port in struct sockaddr. Port is in network byte order.
 3791  */
 3792 static void
 3793 key_porttosaddr(struct sockaddr *sa, u_int16_t port)
 3794 {
 3795 
 3796         switch (sa->sa_family) {
 3797 #ifdef INET
 3798         case AF_INET:
 3799                 ((struct sockaddr_in *)sa)->sin_port = port;
 3800                 break;
 3801 #endif
 3802 #ifdef INET6
 3803         case AF_INET6:
 3804                 ((struct sockaddr_in6 *)sa)->sin6_port = port;
 3805                 break;
 3806 #endif
 3807         default:
 3808                 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n",
 3809                         __func__, sa->sa_family));
 3810                 break;
 3811         }
 3812 }
 3813 
 3814 /*
 3815  * set data into sadb_x_policy
 3816  */
 3817 static struct mbuf *
 3818 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
 3819 {
 3820         struct mbuf *m;
 3821         struct sadb_x_policy *p;
 3822         size_t len;
 3823 
 3824         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3825         m = key_alloc_mbuf(len);
 3826         if (!m || m->m_next) {  /*XXX*/
 3827                 if (m)
 3828                         m_freem(m);
 3829                 return NULL;
 3830         }
 3831 
 3832         p = mtod(m, struct sadb_x_policy *);
 3833 
 3834         bzero(p, len);
 3835         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3836         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3837         p->sadb_x_policy_type = type;
 3838         p->sadb_x_policy_dir = dir;
 3839         p->sadb_x_policy_id = id;
 3840 
 3841         return m;
 3842 }
 3843 
 3844 /* %%% utilities */
 3845 /* Take a key message (sadb_key) from the socket and turn it into one
 3846  * of the kernel's key structures (seckey).
 3847  *
 3848  * IN: pointer to the src
 3849  * OUT: NULL no more memory
 3850  */
 3851 struct seckey *
 3852 key_dup_keymsg(const struct sadb_key *src, u_int len,
 3853                struct malloc_type *type)
 3854 {
 3855         struct seckey *dst;
 3856         dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT);
 3857         if (dst != NULL) {
 3858                 dst->bits = src->sadb_key_bits;
 3859                 dst->key_data = (char *)malloc(len, type, M_NOWAIT);
 3860                 if (dst->key_data != NULL) {
 3861                         bcopy((const char *)src + sizeof(struct sadb_key), 
 3862                               dst->key_data, len);
 3863                 } else {
 3864                         ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3865                                   __func__));
 3866                         free(dst, type);
 3867                         dst = NULL;
 3868                 }
 3869         } else {
 3870                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 
 3871                           __func__));
 3872 
 3873         }
 3874         return dst;
 3875 }
 3876 
 3877 /* Take a lifetime message (sadb_lifetime) passed in on a socket and
 3878  * turn it into one of the kernel's lifetime structures (seclifetime).
 3879  *
 3880  * IN: pointer to the destination, source and malloc type
 3881  * OUT: NULL, no more memory
 3882  */
 3883 
 3884 static struct seclifetime *
 3885 key_dup_lifemsg(const struct sadb_lifetime *src,
 3886                  struct malloc_type *type)
 3887 {
 3888         struct seclifetime *dst = NULL;
 3889 
 3890         dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), 
 3891                                            type, M_NOWAIT);
 3892         if (dst == NULL) {
 3893                 /* XXX counter */
 3894                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 3895         } else {
 3896                 dst->allocations = src->sadb_lifetime_allocations;
 3897                 dst->bytes = src->sadb_lifetime_bytes;
 3898                 dst->addtime = src->sadb_lifetime_addtime;
 3899                 dst->usetime = src->sadb_lifetime_usetime;
 3900         }
 3901         return dst;
 3902 }
 3903 
 3904 /* compare my own address
 3905  * OUT: 1: true, i.e. my address.
 3906  *      0: false
 3907  */
 3908 int
 3909 key_ismyaddr(sa)
 3910         struct sockaddr *sa;
 3911 {
 3912 #ifdef INET
 3913         struct sockaddr_in *sin;
 3914         struct in_ifaddr *ia;
 3915 #endif
 3916 
 3917         IPSEC_ASSERT(sa != NULL, ("null sockaddr"));
 3918 
 3919         switch (sa->sa_family) {
 3920 #ifdef INET
 3921         case AF_INET:
 3922                 sin = (struct sockaddr_in *)sa;
 3923                 IN_IFADDR_RLOCK();
 3924                 for (ia = V_in_ifaddrhead.tqh_first; ia;
 3925                      ia = ia->ia_link.tqe_next)
 3926                 {
 3927                         if (sin->sin_family == ia->ia_addr.sin_family &&
 3928                             sin->sin_len == ia->ia_addr.sin_len &&
 3929                             sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
 3930                         {
 3931                                 IN_IFADDR_RUNLOCK();
 3932                                 return 1;
 3933                         }
 3934                 }
 3935                 IN_IFADDR_RUNLOCK();
 3936                 break;
 3937 #endif
 3938 #ifdef INET6
 3939         case AF_INET6:
 3940                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3941 #endif
 3942         }
 3943 
 3944         return 0;
 3945 }
 3946 
 3947 #ifdef INET6
 3948 /*
 3949  * compare my own address for IPv6.
 3950  * 1: ours
 3951  * 0: other
 3952  * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
 3953  */
 3954 #include <netinet6/in6_var.h>
 3955 
 3956 static int
 3957 key_ismyaddr6(sin6)
 3958         struct sockaddr_in6 *sin6;
 3959 {
 3960         struct in6_ifaddr *ia;
 3961 #if 0
 3962         struct in6_multi *in6m;
 3963 #endif
 3964 
 3965         IN6_IFADDR_RLOCK();
 3966         TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
 3967                 if (key_sockaddrcmp((struct sockaddr *)&sin6,
 3968                     (struct sockaddr *)&ia->ia_addr, 0) == 0) {
 3969                         IN6_IFADDR_RUNLOCK();
 3970                         return 1;
 3971                 }
 3972 
 3973 #if 0
 3974                 /*
 3975                  * XXX Multicast
 3976                  * XXX why do we care about multlicast here while we don't care
 3977                  * about IPv4 multicast??
 3978                  * XXX scope
 3979                  */
 3980                 in6m = NULL;
 3981                 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
 3982                 if (in6m) {
 3983                         IN6_IFADDR_RUNLOCK();
 3984                         return 1;
 3985                 }
 3986 #endif
 3987         }
 3988         IN6_IFADDR_RUNLOCK();
 3989 
 3990         /* loopback, just for safety */
 3991         if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
 3992                 return 1;
 3993 
 3994         return 0;
 3995 }
 3996 #endif /*INET6*/
 3997 
 3998 /*
 3999  * compare two secasindex structure.
 4000  * flag can specify to compare 2 saidxes.
 4001  * compare two secasindex structure without both mode and reqid.
 4002  * don't compare port.
 4003  * IN:  
 4004  *      saidx0: source, it can be in SAD.
 4005  *      saidx1: object.
 4006  * OUT: 
 4007  *      1 : equal
 4008  *      0 : not equal
 4009  */
 4010 static int
 4011 key_cmpsaidx(
 4012         const struct secasindex *saidx0,
 4013         const struct secasindex *saidx1,
 4014         int flag)
 4015 {
 4016         int chkport = 0;
 4017 
 4018         /* sanity */
 4019         if (saidx0 == NULL && saidx1 == NULL)
 4020                 return 1;
 4021 
 4022         if (saidx0 == NULL || saidx1 == NULL)
 4023                 return 0;
 4024 
 4025         if (saidx0->proto != saidx1->proto)
 4026                 return 0;
 4027 
 4028         if (flag == CMP_EXACTLY) {
 4029                 if (saidx0->mode != saidx1->mode)
 4030                         return 0;
 4031                 if (saidx0->reqid != saidx1->reqid)
 4032                         return 0;
 4033                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
 4034                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
 4035                         return 0;
 4036         } else {
 4037 
 4038                 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
 4039                 if (flag == CMP_MODE_REQID
 4040                   ||flag == CMP_REQID) {
 4041                         /*
 4042                          * If reqid of SPD is non-zero, unique SA is required.
 4043                          * The result must be of same reqid in this case.
 4044                          */
 4045                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 4046                                 return 0;
 4047                 }
 4048 
 4049                 if (flag == CMP_MODE_REQID) {
 4050                         if (saidx0->mode != IPSEC_MODE_ANY
 4051                          && saidx0->mode != saidx1->mode)
 4052                                 return 0;
 4053                 }
 4054 
 4055 #ifdef IPSEC_NAT_T
 4056                 /*
 4057                  * If NAT-T is enabled, check ports for tunnel mode.
 4058                  * Do not check ports if they are set to zero in the SPD.
 4059                  * Also do not do it for transport mode, as there is no
 4060                  * port information available in the SP.
 4061                  */
 4062                 if (saidx1->mode == IPSEC_MODE_TUNNEL &&
 4063                     saidx1->src.sa.sa_family == AF_INET &&
 4064                     saidx1->dst.sa.sa_family == AF_INET &&
 4065                     ((const struct sockaddr_in *)(&saidx1->src))->sin_port &&
 4066                     ((const struct sockaddr_in *)(&saidx1->dst))->sin_port)
 4067                         chkport = 1;
 4068 #endif /* IPSEC_NAT_T */
 4069 
 4070                 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, chkport) != 0) {
 4071                         return 0;
 4072                 }
 4073                 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, chkport) != 0) {
 4074                         return 0;
 4075                 }
 4076         }
 4077 
 4078         return 1;
 4079 }
 4080 
 4081 /*
 4082  * compare two secindex structure exactly.
 4083  * IN:
 4084  *      spidx0: source, it is often in SPD.
 4085  *      spidx1: object, it is often from PFKEY message.
 4086  * OUT:
 4087  *      1 : equal
 4088  *      0 : not equal
 4089  */
 4090 static int
 4091 key_cmpspidx_exactly(
 4092         struct secpolicyindex *spidx0,
 4093         struct secpolicyindex *spidx1)
 4094 {
 4095         /* sanity */
 4096         if (spidx0 == NULL && spidx1 == NULL)
 4097                 return 1;
 4098 
 4099         if (spidx0 == NULL || spidx1 == NULL)
 4100                 return 0;
 4101 
 4102         if (spidx0->prefs != spidx1->prefs
 4103          || spidx0->prefd != spidx1->prefd
 4104          || spidx0->ul_proto != spidx1->ul_proto)
 4105                 return 0;
 4106 
 4107         return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
 4108                key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
 4109 }
 4110 
 4111 /*
 4112  * compare two secindex structure with mask.
 4113  * IN:
 4114  *      spidx0: source, it is often in SPD.
 4115  *      spidx1: object, it is often from IP header.
 4116  * OUT:
 4117  *      1 : equal
 4118  *      0 : not equal
 4119  */
 4120 static int
 4121 key_cmpspidx_withmask(
 4122         struct secpolicyindex *spidx0,
 4123         struct secpolicyindex *spidx1)
 4124 {
 4125         /* sanity */
 4126         if (spidx0 == NULL && spidx1 == NULL)
 4127                 return 1;
 4128 
 4129         if (spidx0 == NULL || spidx1 == NULL)
 4130                 return 0;
 4131 
 4132         if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
 4133             spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
 4134             spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
 4135             spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
 4136                 return 0;
 4137 
 4138         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4139         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
 4140          && spidx0->ul_proto != spidx1->ul_proto)
 4141                 return 0;
 4142 
 4143         switch (spidx0->src.sa.sa_family) {
 4144         case AF_INET:
 4145                 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
 4146                  && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
 4147                         return 0;
 4148                 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
 4149                     &spidx1->src.sin.sin_addr, spidx0->prefs))
 4150                         return 0;
 4151                 break;
 4152         case AF_INET6:
 4153                 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
 4154                  && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
 4155                         return 0;
 4156                 /*
 4157                  * scope_id check. if sin6_scope_id is 0, we regard it
 4158                  * as a wildcard scope, which matches any scope zone ID. 
 4159                  */
 4160                 if (spidx0->src.sin6.sin6_scope_id &&
 4161                     spidx1->src.sin6.sin6_scope_id &&
 4162                     spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
 4163                         return 0;
 4164                 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
 4165                     &spidx1->src.sin6.sin6_addr, spidx0->prefs))
 4166                         return 0;
 4167                 break;
 4168         default:
 4169                 /* XXX */
 4170                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
 4171                         return 0;
 4172                 break;
 4173         }
 4174 
 4175         switch (spidx0->dst.sa.sa_family) {
 4176         case AF_INET:
 4177                 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
 4178                  && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
 4179                         return 0;
 4180                 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
 4181                     &spidx1->dst.sin.sin_addr, spidx0->prefd))
 4182                         return 0;
 4183                 break;
 4184         case AF_INET6:
 4185                 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
 4186                  && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
 4187                         return 0;
 4188                 /*
 4189                  * scope_id check. if sin6_scope_id is 0, we regard it
 4190                  * as a wildcard scope, which matches any scope zone ID. 
 4191                  */
 4192                 if (spidx0->dst.sin6.sin6_scope_id &&
 4193                     spidx1->dst.sin6.sin6_scope_id &&
 4194                     spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
 4195                         return 0;
 4196                 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
 4197                     &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
 4198                         return 0;
 4199                 break;
 4200         default:
 4201                 /* XXX */
 4202                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
 4203                         return 0;
 4204                 break;
 4205         }
 4206 
 4207         /* XXX Do we check other field ?  e.g. flowinfo */
 4208 
 4209         return 1;
 4210 }
 4211 
 4212 /* returns 0 on match */
 4213 static int
 4214 key_sockaddrcmp(
 4215         const struct sockaddr *sa1,
 4216         const struct sockaddr *sa2,
 4217         int port)
 4218 {
 4219 #ifdef satosin
 4220 #undef satosin
 4221 #endif
 4222 #define satosin(s) ((const struct sockaddr_in *)s)
 4223 #ifdef satosin6
 4224 #undef satosin6
 4225 #endif
 4226 #define satosin6(s) ((const struct sockaddr_in6 *)s)
 4227         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4228                 return 1;
 4229 
 4230         switch (sa1->sa_family) {
 4231         case AF_INET:
 4232                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4233                         return 1;
 4234                 if (satosin(sa1)->sin_addr.s_addr !=
 4235                     satosin(sa2)->sin_addr.s_addr) {
 4236                         return 1;
 4237                 }
 4238                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4239                         return 1;
 4240                 break;
 4241         case AF_INET6:
 4242                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4243                         return 1;       /*EINVAL*/
 4244                 if (satosin6(sa1)->sin6_scope_id !=
 4245                     satosin6(sa2)->sin6_scope_id) {
 4246                         return 1;
 4247                 }
 4248                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4249                     &satosin6(sa2)->sin6_addr)) {
 4250                         return 1;
 4251                 }
 4252                 if (port &&
 4253                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4254                         return 1;
 4255                 }
 4256                 break;
 4257         default:
 4258                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4259                         return 1;
 4260                 break;
 4261         }
 4262 
 4263         return 0;
 4264 #undef satosin
 4265 #undef satosin6
 4266 }
 4267 
 4268 /*
 4269  * compare two buffers with mask.
 4270  * IN:
 4271  *      addr1: source
 4272  *      addr2: object
 4273  *      bits:  Number of bits to compare
 4274  * OUT:
 4275  *      1 : equal
 4276  *      0 : not equal
 4277  */
 4278 static int
 4279 key_bbcmp(const void *a1, const void *a2, u_int bits)
 4280 {
 4281         const unsigned char *p1 = a1;
 4282         const unsigned char *p2 = a2;
 4283 
 4284         /* XXX: This could be considerably faster if we compare a word
 4285          * at a time, but it is complicated on LSB Endian machines */
 4286 
 4287         /* Handle null pointers */
 4288         if (p1 == NULL || p2 == NULL)
 4289                 return (p1 == p2);
 4290 
 4291         while (bits >= 8) {
 4292                 if (*p1++ != *p2++)
 4293                         return 0;
 4294                 bits -= 8;
 4295         }
 4296 
 4297         if (bits > 0) {
 4298                 u_int8_t mask = ~((1<<(8-bits))-1);
 4299                 if ((*p1 & mask) != (*p2 & mask))
 4300                         return 0;
 4301         }
 4302         return 1;       /* Match! */
 4303 }
 4304 
 4305 static void
 4306 key_flush_spd(time_t now)
 4307 {
 4308         static u_int16_t sptree_scangen = 0;
 4309         u_int16_t gen = sptree_scangen++;
 4310         struct secpolicy *sp;
 4311         u_int dir;
 4312 
 4313         /* SPD */
 4314         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4315 restart:
 4316                 SPTREE_LOCK();
 4317                 LIST_FOREACH(sp, &V_sptree[dir], chain) {
 4318                         if (sp->scangen == gen)         /* previously handled */
 4319                                 continue;
 4320                         sp->scangen = gen;
 4321                         if (sp->state == IPSEC_SPSTATE_DEAD &&
 4322                             sp->refcnt == 1) {
 4323                                 /*
 4324                                  * Ensure that we only decrease refcnt once,
 4325                                  * when we're the last consumer.
 4326                                  * Directly call SP_DELREF/key_delsp instead
 4327                                  * of KEY_FREESP to avoid unlocking/relocking
 4328                                  * SPTREE_LOCK before key_delsp: may refcnt
 4329                                  * be increased again during that time ?
 4330                                  * NB: also clean entries created by
 4331                                  * key_spdflush
 4332                                  */
 4333                                 SP_DELREF(sp);
 4334                                 key_delsp(sp);
 4335                                 SPTREE_UNLOCK();
 4336                                 goto restart;
 4337                         }
 4338                         if (sp->lifetime == 0 && sp->validtime == 0)
 4339                                 continue;
 4340                         if ((sp->lifetime && now - sp->created > sp->lifetime)
 4341                          || (sp->validtime && now - sp->lastused > sp->validtime)) {
 4342                                 sp->state = IPSEC_SPSTATE_DEAD;
 4343                                 SPTREE_UNLOCK();
 4344                                 key_spdexpire(sp);
 4345                                 goto restart;
 4346                         }
 4347                 }
 4348                 SPTREE_UNLOCK();
 4349         }
 4350 }
 4351 
 4352 static void
 4353 key_flush_sad(time_t now)
 4354 {
 4355         struct secashead *sah, *nextsah;
 4356         struct secasvar *sav, *nextsav;
 4357 
 4358         /* SAD */
 4359         SAHTREE_LOCK();
 4360         LIST_FOREACH_SAFE(sah, &V_sahtree, chain, nextsah) {
 4361                 /* if sah has been dead, then delete it and process next sah. */
 4362                 if (sah->state == SADB_SASTATE_DEAD) {
 4363                         key_delsah(sah);
 4364                         continue;
 4365                 }
 4366 
 4367                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4368                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) {
 4369                         /* Need to also check refcnt for a larval SA ??? */
 4370                         if (now - sav->created > V_key_larval_lifetime)
 4371                                 KEY_FREESAV(&sav);
 4372                 }
 4373 
 4374                 /*
 4375                  * check MATURE entry to start to send expire message
 4376                  * whether or not.
 4377                  */
 4378                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) {
 4379                         /* we don't need to check. */
 4380                         if (sav->lft_s == NULL)
 4381                                 continue;
 4382 
 4383                         /* sanity check */
 4384                         if (sav->lft_c == NULL) {
 4385                                 ipseclog((LOG_DEBUG,"%s: there is no CURRENT "
 4386                                         "time, why?\n", __func__));
 4387                                 continue;
 4388                         }
 4389 
 4390                         /* check SOFT lifetime */
 4391                         if (sav->lft_s->addtime != 0 &&
 4392                             now - sav->created > sav->lft_s->addtime) {
 4393                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4394                                 /* 
 4395                                  * Actually, only send expire message if
 4396                                  * SA has been used, as it was done before,
 4397                                  * but should we always send such message,
 4398                                  * and let IKE daemon decide if it should be
 4399                                  * renegotiated or not ?
 4400                                  * XXX expire message will actually NOT be
 4401                                  * sent if SA is only used after soft
 4402                                  * lifetime has been reached, see below
 4403                                  * (DYING state)
 4404                                  */
 4405                                 if (sav->lft_c->usetime != 0)
 4406                                         key_expire(sav);
 4407                         }
 4408                         /* check SOFT lifetime by bytes */
 4409                         /*
 4410                          * XXX I don't know the way to delete this SA
 4411                          * when new SA is installed.  Caution when it's
 4412                          * installed too big lifetime by time.
 4413                          */
 4414                         else if (sav->lft_s->bytes != 0 &&
 4415                             sav->lft_s->bytes < sav->lft_c->bytes) {
 4416 
 4417                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4418                                 /*
 4419                                  * XXX If we keep to send expire
 4420                                  * message in the status of
 4421                                  * DYING. Do remove below code.
 4422                                  */
 4423                                 key_expire(sav);
 4424                         }
 4425                 }
 4426 
 4427                 /* check DYING entry to change status to DEAD. */
 4428                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) {
 4429                         /* we don't need to check. */
 4430                         if (sav->lft_h == NULL)
 4431                                 continue;
 4432 
 4433                         /* sanity check */
 4434                         if (sav->lft_c == NULL) {
 4435                                 ipseclog((LOG_DEBUG, "%s: there is no CURRENT "
 4436                                         "time, why?\n", __func__));
 4437                                 continue;
 4438                         }
 4439 
 4440                         if (sav->lft_h->addtime != 0 &&
 4441                             now - sav->created > sav->lft_h->addtime) {
 4442                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4443                                 KEY_FREESAV(&sav);
 4444                         }
 4445 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4446                         else if (sav->lft_s != NULL
 4447                               && sav->lft_s->addtime != 0
 4448                               && now - sav->created > sav->lft_s->addtime) {
 4449                                 /*
 4450                                  * XXX: should be checked to be
 4451                                  * installed the valid SA.
 4452                                  */
 4453 
 4454                                 /*
 4455                                  * If there is no SA then sending
 4456                                  * expire message.
 4457                                  */
 4458                                 key_expire(sav);
 4459                         }
 4460 #endif
 4461                         /* check HARD lifetime by bytes */
 4462                         else if (sav->lft_h->bytes != 0 &&
 4463                             sav->lft_h->bytes < sav->lft_c->bytes) {
 4464                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4465                                 KEY_FREESAV(&sav);
 4466                         }
 4467                 }
 4468 
 4469                 /* delete entry in DEAD */
 4470                 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) {
 4471                         /* sanity check */
 4472                         if (sav->state != SADB_SASTATE_DEAD) {
 4473                                 ipseclog((LOG_DEBUG, "%s: invalid sav->state "
 4474                                         "(queue: %d SA: %d): kill it anyway\n",
 4475                                         __func__,
 4476                                         SADB_SASTATE_DEAD, sav->state));
 4477                         }
 4478                         /*
 4479                          * do not call key_freesav() here.
 4480                          * sav should already be freed, and sav->refcnt
 4481                          * shows other references to sav
 4482                          * (such as from SPD).
 4483                          */
 4484                 }
 4485         }
 4486         SAHTREE_UNLOCK();
 4487 }
 4488 
 4489 static void
 4490 key_flush_acq(time_t now)
 4491 {
 4492         struct secacq *acq, *nextacq;
 4493 
 4494         /* ACQ tree */
 4495         ACQ_LOCK();
 4496         for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) {
 4497                 nextacq = LIST_NEXT(acq, chain);
 4498                 if (now - acq->created > V_key_blockacq_lifetime
 4499                  && __LIST_CHAINED(acq)) {
 4500                         LIST_REMOVE(acq, chain);
 4501                         free(acq, M_IPSEC_SAQ);
 4502                 }
 4503         }
 4504         ACQ_UNLOCK();
 4505 }
 4506 
 4507 static void
 4508 key_flush_spacq(time_t now)
 4509 {
 4510         struct secspacq *acq, *nextacq;
 4511 
 4512         /* SP ACQ tree */
 4513         SPACQ_LOCK();
 4514         for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) {
 4515                 nextacq = LIST_NEXT(acq, chain);
 4516                 if (now - acq->created > V_key_blockacq_lifetime
 4517                  && __LIST_CHAINED(acq)) {
 4518                         LIST_REMOVE(acq, chain);
 4519                         free(acq, M_IPSEC_SAQ);
 4520                 }
 4521         }
 4522         SPACQ_UNLOCK();
 4523 }
 4524 
 4525 /*
 4526  * time handler.
 4527  * scanning SPD and SAD to check status for each entries,
 4528  * and do to remove or to expire.
 4529  * XXX: year 2038 problem may remain.
 4530  */
 4531 void
 4532 key_timehandler(void)
 4533 {
 4534         VNET_ITERATOR_DECL(vnet_iter);
 4535         time_t now = time_second;
 4536 
 4537         VNET_LIST_RLOCK_NOSLEEP();
 4538         VNET_FOREACH(vnet_iter) {
 4539                 CURVNET_SET(vnet_iter);
 4540                 key_flush_spd(now);
 4541                 key_flush_sad(now);
 4542                 key_flush_acq(now);
 4543                 key_flush_spacq(now);
 4544                 CURVNET_RESTORE();
 4545         }
 4546         VNET_LIST_RUNLOCK_NOSLEEP();
 4547 
 4548 #ifndef IPSEC_DEBUG2
 4549         /* do exchange to tick time !! */
 4550         (void)timeout((void *)key_timehandler, (void *)0, hz);
 4551 #endif /* IPSEC_DEBUG2 */
 4552 }
 4553 
 4554 u_long
 4555 key_random()
 4556 {
 4557         u_long value;
 4558 
 4559         key_randomfill(&value, sizeof(value));
 4560         return value;
 4561 }
 4562 
 4563 void
 4564 key_randomfill(p, l)
 4565         void *p;
 4566         size_t l;
 4567 {
 4568         size_t n;
 4569         u_long v;
 4570         static int warn = 1;
 4571 
 4572         n = 0;
 4573         n = (size_t)read_random(p, (u_int)l);
 4574         /* last resort */
 4575         while (n < l) {
 4576                 v = random();
 4577                 bcopy(&v, (u_int8_t *)p + n,
 4578                     l - n < sizeof(v) ? l - n : sizeof(v));
 4579                 n += sizeof(v);
 4580 
 4581                 if (warn) {
 4582                         printf("WARNING: pseudo-random number generator "
 4583                             "used for IPsec processing\n");
 4584                         warn = 0;
 4585                 }
 4586         }
 4587 }
 4588 
 4589 /*
 4590  * map SADB_SATYPE_* to IPPROTO_*.
 4591  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4592  * OUT:
 4593  *      0: invalid satype.
 4594  */
 4595 static u_int16_t
 4596 key_satype2proto(u_int8_t satype)
 4597 {
 4598         switch (satype) {
 4599         case SADB_SATYPE_UNSPEC:
 4600                 return IPSEC_PROTO_ANY;
 4601         case SADB_SATYPE_AH:
 4602                 return IPPROTO_AH;
 4603         case SADB_SATYPE_ESP:
 4604                 return IPPROTO_ESP;
 4605         case SADB_X_SATYPE_IPCOMP:
 4606                 return IPPROTO_IPCOMP;
 4607         case SADB_X_SATYPE_TCPSIGNATURE:
 4608                 return IPPROTO_TCP;
 4609         default:
 4610                 return 0;
 4611         }
 4612         /* NOTREACHED */
 4613 }
 4614 
 4615 /*
 4616  * map IPPROTO_* to SADB_SATYPE_*
 4617  * OUT:
 4618  *      0: invalid protocol type.
 4619  */
 4620 static u_int8_t
 4621 key_proto2satype(u_int16_t proto)
 4622 {
 4623         switch (proto) {
 4624         case IPPROTO_AH:
 4625                 return SADB_SATYPE_AH;
 4626         case IPPROTO_ESP:
 4627                 return SADB_SATYPE_ESP;
 4628         case IPPROTO_IPCOMP:
 4629                 return SADB_X_SATYPE_IPCOMP;
 4630         case IPPROTO_TCP:
 4631                 return SADB_X_SATYPE_TCPSIGNATURE;
 4632         default:
 4633                 return 0;
 4634         }
 4635         /* NOTREACHED */
 4636 }
 4637 
 4638 /* %%% PF_KEY */
 4639 /*
 4640  * SADB_GETSPI processing is to receive
 4641  *      <base, (SA2), src address, dst address, (SPI range)>
 4642  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4643  * tree with the status of LARVAL, and send
 4644  *      <base, SA(*), address(SD)>
 4645  * to the IKMPd.
 4646  *
 4647  * IN:  mhp: pointer to the pointer to each header.
 4648  * OUT: NULL if fail.
 4649  *      other if success, return pointer to the message to send.
 4650  */
 4651 static int
 4652 key_getspi(so, m, mhp)
 4653         struct socket *so;
 4654         struct mbuf *m;
 4655         const struct sadb_msghdr *mhp;
 4656 {
 4657         struct sadb_address *src0, *dst0;
 4658         struct secasindex saidx;
 4659         struct secashead *newsah;
 4660         struct secasvar *newsav;
 4661         u_int8_t proto;
 4662         u_int32_t spi;
 4663         u_int8_t mode;
 4664         u_int32_t reqid;
 4665         int error;
 4666 
 4667         IPSEC_ASSERT(so != NULL, ("null socket"));
 4668         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4669         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4670         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4671 
 4672         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4673             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4674                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4675                         __func__));
 4676                 return key_senderror(so, m, EINVAL);
 4677         }
 4678         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4679             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4680                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 4681                         __func__));
 4682                 return key_senderror(so, m, EINVAL);
 4683         }
 4684         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4685                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4686                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4687         } else {
 4688                 mode = IPSEC_MODE_ANY;
 4689                 reqid = 0;
 4690         }
 4691 
 4692         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4693         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4694 
 4695         /* map satype to proto */
 4696         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4697                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4698                         __func__));
 4699                 return key_senderror(so, m, EINVAL);
 4700         }
 4701 
 4702         /*
 4703          * Make sure the port numbers are zero.
 4704          * In case of NAT-T we will update them later if needed.
 4705          */
 4706         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4707         case AF_INET:
 4708                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4709                     sizeof(struct sockaddr_in))
 4710                         return key_senderror(so, m, EINVAL);
 4711                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4712                 break;
 4713         case AF_INET6:
 4714                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4715                     sizeof(struct sockaddr_in6))
 4716                         return key_senderror(so, m, EINVAL);
 4717                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4718                 break;
 4719         default:
 4720                 ; /*???*/
 4721         }
 4722         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4723         case AF_INET:
 4724                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4725                     sizeof(struct sockaddr_in))
 4726                         return key_senderror(so, m, EINVAL);
 4727                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4728                 break;
 4729         case AF_INET6:
 4730                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4731                     sizeof(struct sockaddr_in6))
 4732                         return key_senderror(so, m, EINVAL);
 4733                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4734                 break;
 4735         default:
 4736                 ; /*???*/
 4737         }
 4738 
 4739         /* XXX boundary check against sa_len */
 4740         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4741 
 4742 #ifdef IPSEC_NAT_T
 4743         /*
 4744          * Handle NAT-T info if present.
 4745          * We made sure the port numbers are zero above, so we do
 4746          * not have to worry in case we do not update them.
 4747          */
 4748         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
 4749                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi present\n", __func__));
 4750         if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
 4751                 ipseclog((LOG_DEBUG, "%s: NAT-T OAr present\n", __func__));
 4752 
 4753         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 4754             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 4755             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 4756                 struct sadb_x_nat_t_type *type;
 4757                 struct sadb_x_nat_t_port *sport, *dport;
 4758 
 4759                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 4760                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 4761                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 4762                         ipseclog((LOG_DEBUG, "%s: invalid nat-t message "
 4763                             "passed.\n", __func__));
 4764                         return key_senderror(so, m, EINVAL);
 4765                 }
 4766 
 4767                 sport = (struct sadb_x_nat_t_port *)
 4768                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 4769                 dport = (struct sadb_x_nat_t_port *)
 4770                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 4771 
 4772                 if (sport)
 4773                         KEY_PORTTOSADDR(&saidx.src, sport->sadb_x_nat_t_port_port);
 4774                 if (dport)
 4775                         KEY_PORTTOSADDR(&saidx.dst, dport->sadb_x_nat_t_port_port);
 4776         }
 4777 #endif
 4778 
 4779         /* SPI allocation */
 4780         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4781                                &saidx);
 4782         if (spi == 0)
 4783                 return key_senderror(so, m, EINVAL);
 4784 
 4785         /* get a SA index */
 4786         if ((newsah = key_getsah(&saidx)) == NULL) {
 4787                 /* create a new SA index */
 4788                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4789                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 4790                         return key_senderror(so, m, ENOBUFS);
 4791                 }
 4792         }
 4793 
 4794         /* get a new SA */
 4795         /* XXX rewrite */
 4796         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 4797         if (newsav == NULL) {
 4798                 /* XXX don't free new SA index allocated in above. */
 4799                 return key_senderror(so, m, error);
 4800         }
 4801 
 4802         /* set spi */
 4803         newsav->spi = htonl(spi);
 4804 
 4805         /* delete the entry in acqtree */
 4806         if (mhp->msg->sadb_msg_seq != 0) {
 4807                 struct secacq *acq;
 4808                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4809                         /* reset counter in order to deletion by timehandler. */
 4810                         acq->created = time_second;
 4811                         acq->count = 0;
 4812                 }
 4813         }
 4814 
 4815     {
 4816         struct mbuf *n, *nn;
 4817         struct sadb_sa *m_sa;
 4818         struct sadb_msg *newmsg;
 4819         int off, len;
 4820 
 4821         /* create new sadb_msg to reply. */
 4822         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4823             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4824 
 4825         MGETHDR(n, M_DONTWAIT, MT_DATA);
 4826         if (len > MHLEN) {
 4827                 MCLGET(n, M_DONTWAIT);
 4828                 if ((n->m_flags & M_EXT) == 0) {
 4829                         m_freem(n);
 4830                         n = NULL;
 4831                 }
 4832         }
 4833         if (!n)
 4834                 return key_senderror(so, m, ENOBUFS);
 4835 
 4836         n->m_len = len;
 4837         n->m_next = NULL;
 4838         off = 0;
 4839 
 4840         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4841         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4842 
 4843         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4844         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4845         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4846         m_sa->sadb_sa_spi = htonl(spi);
 4847         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4848 
 4849         IPSEC_ASSERT(off == len,
 4850                 ("length inconsistency (off %u len %u)", off, len));
 4851 
 4852         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4853             SADB_EXT_ADDRESS_DST);
 4854         if (!n->m_next) {
 4855                 m_freem(n);
 4856                 return key_senderror(so, m, ENOBUFS);
 4857         }
 4858 
 4859         if (n->m_len < sizeof(struct sadb_msg)) {
 4860                 n = m_pullup(n, sizeof(struct sadb_msg));
 4861                 if (n == NULL)
 4862                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4863         }
 4864 
 4865         n->m_pkthdr.len = 0;
 4866         for (nn = n; nn; nn = nn->m_next)
 4867                 n->m_pkthdr.len += nn->m_len;
 4868 
 4869         newmsg = mtod(n, struct sadb_msg *);
 4870         newmsg->sadb_msg_seq = newsav->seq;
 4871         newmsg->sadb_msg_errno = 0;
 4872         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4873 
 4874         m_freem(m);
 4875         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4876     }
 4877 }
 4878 
 4879 /*
 4880  * allocating new SPI
 4881  * called by key_getspi().
 4882  * OUT:
 4883  *      0:      failure.
 4884  *      others: success.
 4885  */
 4886 static u_int32_t
 4887 key_do_getnewspi(spirange, saidx)
 4888         struct sadb_spirange *spirange;
 4889         struct secasindex *saidx;
 4890 {
 4891         u_int32_t newspi;
 4892         u_int32_t min, max;
 4893         int count = V_key_spi_trycnt;
 4894 
 4895         /* set spi range to allocate */
 4896         if (spirange != NULL) {
 4897                 min = spirange->sadb_spirange_min;
 4898                 max = spirange->sadb_spirange_max;
 4899         } else {
 4900                 min = V_key_spi_minval;
 4901                 max = V_key_spi_maxval;
 4902         }
 4903         /* IPCOMP needs 2-byte SPI */
 4904         if (saidx->proto == IPPROTO_IPCOMP) {
 4905                 u_int32_t t;
 4906                 if (min >= 0x10000)
 4907                         min = 0xffff;
 4908                 if (max >= 0x10000)
 4909                         max = 0xffff;
 4910                 if (min > max) {
 4911                         t = min; min = max; max = t;
 4912                 }
 4913         }
 4914 
 4915         if (min == max) {
 4916                 if (key_checkspidup(saidx, min) != NULL) {
 4917                         ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n",
 4918                                 __func__, min));
 4919                         return 0;
 4920                 }
 4921 
 4922                 count--; /* taking one cost. */
 4923                 newspi = min;
 4924 
 4925         } else {
 4926 
 4927                 /* init SPI */
 4928                 newspi = 0;
 4929 
 4930                 /* when requesting to allocate spi ranged */
 4931                 while (count--) {
 4932                         /* generate pseudo-random SPI value ranged. */
 4933                         newspi = min + (key_random() % (max - min + 1));
 4934 
 4935                         if (key_checkspidup(saidx, newspi) == NULL)
 4936                                 break;
 4937                 }
 4938 
 4939                 if (count == 0 || newspi == 0) {
 4940                         ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n",
 4941                                 __func__));
 4942                         return 0;
 4943                 }
 4944         }
 4945 
 4946         /* statistics */
 4947         keystat.getspi_count =
 4948                 (keystat.getspi_count + V_key_spi_trycnt - count) / 2;
 4949 
 4950         return newspi;
 4951 }
 4952 
 4953 /*
 4954  * SADB_UPDATE processing
 4955  * receive
 4956  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4957  *       key(AE), (identity(SD),) (sensitivity)>
 4958  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4959  * and send
 4960  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4961  *       (identity(SD),) (sensitivity)>
 4962  * to the ikmpd.
 4963  *
 4964  * m will always be freed.
 4965  */
 4966 static int
 4967 key_update(so, m, mhp)
 4968         struct socket *so;
 4969         struct mbuf *m;
 4970         const struct sadb_msghdr *mhp;
 4971 {
 4972         struct sadb_sa *sa0;
 4973         struct sadb_address *src0, *dst0;
 4974 #ifdef IPSEC_NAT_T
 4975         struct sadb_x_nat_t_type *type;
 4976         struct sadb_x_nat_t_port *sport, *dport;
 4977         struct sadb_address *iaddr, *raddr;
 4978         struct sadb_x_nat_t_frag *frag;
 4979 #endif
 4980         struct secasindex saidx;
 4981         struct secashead *sah;
 4982         struct secasvar *sav;
 4983         u_int16_t proto;
 4984         u_int8_t mode;
 4985         u_int32_t reqid;
 4986         int error;
 4987 
 4988         IPSEC_ASSERT(so != NULL, ("null socket"));
 4989         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 4990         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 4991         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 4992 
 4993         /* map satype to proto */
 4994         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4995                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 4996                         __func__));
 4997                 return key_senderror(so, m, EINVAL);
 4998         }
 4999 
 5000         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5001             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5002             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5003             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5004              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5005             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5006              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5007             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5008              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5009             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5010              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5011                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5012                         __func__));
 5013                 return key_senderror(so, m, EINVAL);
 5014         }
 5015         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5016             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5017             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5018                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5019                         __func__));
 5020                 return key_senderror(so, m, EINVAL);
 5021         }
 5022         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5023                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5024                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5025         } else {
 5026                 mode = IPSEC_MODE_ANY;
 5027                 reqid = 0;
 5028         }
 5029         /* XXX boundary checking for other extensions */
 5030 
 5031         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5032         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5033         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5034 
 5035         /* XXX boundary check against sa_len */
 5036         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5037 
 5038         /*
 5039          * Make sure the port numbers are zero.
 5040          * In case of NAT-T we will update them later if needed.
 5041          */
 5042         KEY_PORTTOSADDR(&saidx.src, 0);
 5043         KEY_PORTTOSADDR(&saidx.dst, 0);
 5044 
 5045 #ifdef IPSEC_NAT_T
 5046         /*
 5047          * Handle NAT-T info if present.
 5048          */
 5049         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 5050             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5051             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5052 
 5053                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 5054                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5055                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5056                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5057                             __func__));
 5058                         return key_senderror(so, m, EINVAL);
 5059                 }
 5060 
 5061                 type = (struct sadb_x_nat_t_type *)
 5062                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 5063                 sport = (struct sadb_x_nat_t_port *)
 5064                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5065                 dport = (struct sadb_x_nat_t_port *)
 5066                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5067         } else {
 5068                 type = 0;
 5069                 sport = dport = 0;
 5070         }
 5071         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 5072             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 5073                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 5074                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 5075                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5076                             __func__));
 5077                         return key_senderror(so, m, EINVAL);
 5078                 }
 5079                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 5080                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 5081                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 5082         } else {
 5083                 iaddr = raddr = NULL;
 5084         }
 5085         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 5086                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 5087                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5088                             __func__));
 5089                         return key_senderror(so, m, EINVAL);
 5090                 }
 5091                 frag = (struct sadb_x_nat_t_frag *)
 5092                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 5093         } else {
 5094                 frag = 0;
 5095         }
 5096 #endif
 5097 
 5098         /* get a SA header */
 5099         if ((sah = key_getsah(&saidx)) == NULL) {
 5100                 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__));
 5101                 return key_senderror(so, m, ENOENT);
 5102         }
 5103 
 5104         /* set spidx if there */
 5105         /* XXX rewrite */
 5106         error = key_setident(sah, m, mhp);
 5107         if (error)
 5108                 return key_senderror(so, m, error);
 5109 
 5110         /* find a SA with sequence number. */
 5111 #ifdef IPSEC_DOSEQCHECK
 5112         if (mhp->msg->sadb_msg_seq != 0
 5113          && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 5114                 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u "
 5115                         "exists.\n", __func__, mhp->msg->sadb_msg_seq));
 5116                 return key_senderror(so, m, ENOENT);
 5117         }
 5118 #else
 5119         SAHTREE_LOCK();
 5120         sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5121         SAHTREE_UNLOCK();
 5122         if (sav == NULL) {
 5123                 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n",
 5124                         __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5125                 return key_senderror(so, m, EINVAL);
 5126         }
 5127 #endif
 5128 
 5129         /* validity check */
 5130         if (sav->sah->saidx.proto != proto) {
 5131                 ipseclog((LOG_DEBUG, "%s: protocol mismatched "
 5132                         "(DB=%u param=%u)\n", __func__,
 5133                         sav->sah->saidx.proto, proto));
 5134                 return key_senderror(so, m, EINVAL);
 5135         }
 5136 #ifdef IPSEC_DOSEQCHECK
 5137         if (sav->spi != sa0->sadb_sa_spi) {
 5138                 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n",
 5139                     __func__,
 5140                     (u_int32_t)ntohl(sav->spi),
 5141                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5142                 return key_senderror(so, m, EINVAL);
 5143         }
 5144 #endif
 5145         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5146                 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n",
 5147                     __func__, sav->pid, mhp->msg->sadb_msg_pid));
 5148                 return key_senderror(so, m, EINVAL);
 5149         }
 5150 
 5151         /* copy sav values */
 5152         error = key_setsaval(sav, m, mhp);
 5153         if (error) {
 5154                 KEY_FREESAV(&sav);
 5155                 return key_senderror(so, m, error);
 5156         }
 5157 
 5158 #ifdef IPSEC_NAT_T
 5159         /*
 5160          * Handle more NAT-T info if present,
 5161          * now that we have a sav to fill.
 5162          */
 5163         if (type)
 5164                 sav->natt_type = type->sadb_x_nat_t_type_type;
 5165 
 5166         if (sport)
 5167                 KEY_PORTTOSADDR(&sav->sah->saidx.src,
 5168                     sport->sadb_x_nat_t_port_port);
 5169         if (dport)
 5170                 KEY_PORTTOSADDR(&sav->sah->saidx.dst,
 5171                     dport->sadb_x_nat_t_port_port);
 5172 
 5173 #if 0
 5174         /*
 5175          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5176          * We should actually check for a minimum MTU here, if we
 5177          * want to support it in ip_output.
 5178          */
 5179         if (frag)
 5180                 sav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5181 #endif
 5182 #endif
 5183 
 5184         /* check SA values to be mature. */
 5185         if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
 5186                 KEY_FREESAV(&sav);
 5187                 return key_senderror(so, m, 0);
 5188         }
 5189 
 5190     {
 5191         struct mbuf *n;
 5192 
 5193         /* set msg buf from mhp */
 5194         n = key_getmsgbuf_x1(m, mhp);
 5195         if (n == NULL) {
 5196                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5197                 return key_senderror(so, m, ENOBUFS);
 5198         }
 5199 
 5200         m_freem(m);
 5201         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5202     }
 5203 }
 5204 
 5205 /*
 5206  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5207  * only called by key_update().
 5208  * OUT:
 5209  *      NULL    : not found
 5210  *      others  : found, pointer to a SA.
 5211  */
 5212 #ifdef IPSEC_DOSEQCHECK
 5213 static struct secasvar *
 5214 key_getsavbyseq(sah, seq)
 5215         struct secashead *sah;
 5216         u_int32_t seq;
 5217 {
 5218         struct secasvar *sav;
 5219         u_int state;
 5220 
 5221         state = SADB_SASTATE_LARVAL;
 5222 
 5223         /* search SAD with sequence number ? */
 5224         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5225 
 5226                 KEY_CHKSASTATE(state, sav->state, __func__);
 5227 
 5228                 if (sav->seq == seq) {
 5229                         sa_addref(sav);
 5230                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5231                                 printf("DP %s cause refcnt++:%d SA:%p\n",
 5232                                         __func__, sav->refcnt, sav));
 5233                         return sav;
 5234                 }
 5235         }
 5236 
 5237         return NULL;
 5238 }
 5239 #endif
 5240 
 5241 /*
 5242  * SADB_ADD processing
 5243  * add an entry to SA database, when received
 5244  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5245  *       key(AE), (identity(SD),) (sensitivity)>
 5246  * from the ikmpd,
 5247  * and send
 5248  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5249  *       (identity(SD),) (sensitivity)>
 5250  * to the ikmpd.
 5251  *
 5252  * IGNORE identity and sensitivity messages.
 5253  *
 5254  * m will always be freed.
 5255  */
 5256 static int
 5257 key_add(so, m, mhp)
 5258         struct socket *so;
 5259         struct mbuf *m;
 5260         const struct sadb_msghdr *mhp;
 5261 {
 5262         struct sadb_sa *sa0;
 5263         struct sadb_address *src0, *dst0;
 5264 #ifdef IPSEC_NAT_T
 5265         struct sadb_x_nat_t_type *type;
 5266         struct sadb_address *iaddr, *raddr;
 5267         struct sadb_x_nat_t_frag *frag;
 5268 #endif
 5269         struct secasindex saidx;
 5270         struct secashead *newsah;
 5271         struct secasvar *newsav;
 5272         u_int16_t proto;
 5273         u_int8_t mode;
 5274         u_int32_t reqid;
 5275         int error;
 5276 
 5277         IPSEC_ASSERT(so != NULL, ("null socket"));
 5278         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5279         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5280         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5281 
 5282         /* map satype to proto */
 5283         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5284                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5285                         __func__));
 5286                 return key_senderror(so, m, EINVAL);
 5287         }
 5288 
 5289         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5290             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5291             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5292             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5293              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5294             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5295              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5296             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5297              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5298             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5299              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5300                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5301                         __func__));
 5302                 return key_senderror(so, m, EINVAL);
 5303         }
 5304         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5305             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5306             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5307                 /* XXX need more */
 5308                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5309                         __func__));
 5310                 return key_senderror(so, m, EINVAL);
 5311         }
 5312         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5313                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5314                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5315         } else {
 5316                 mode = IPSEC_MODE_ANY;
 5317                 reqid = 0;
 5318         }
 5319 
 5320         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5321         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5322         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5323 
 5324         /* XXX boundary check against sa_len */
 5325         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5326 
 5327         /*
 5328          * Make sure the port numbers are zero.
 5329          * In case of NAT-T we will update them later if needed.
 5330          */
 5331         KEY_PORTTOSADDR(&saidx.src, 0);
 5332         KEY_PORTTOSADDR(&saidx.dst, 0);
 5333 
 5334 #ifdef IPSEC_NAT_T
 5335         /*
 5336          * Handle NAT-T info if present.
 5337          */
 5338         if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL &&
 5339             mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5340             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5341                 struct sadb_x_nat_t_port *sport, *dport;
 5342 
 5343                 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) ||
 5344                     mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5345                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5346                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5347                             __func__));
 5348                         return key_senderror(so, m, EINVAL);
 5349                 }
 5350 
 5351                 type = (struct sadb_x_nat_t_type *)
 5352                     mhp->ext[SADB_X_EXT_NAT_T_TYPE];
 5353                 sport = (struct sadb_x_nat_t_port *)
 5354                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5355                 dport = (struct sadb_x_nat_t_port *)
 5356                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5357 
 5358                 if (sport)
 5359                         KEY_PORTTOSADDR(&saidx.src,
 5360                             sport->sadb_x_nat_t_port_port);
 5361                 if (dport)
 5362                         KEY_PORTTOSADDR(&saidx.dst,
 5363                             dport->sadb_x_nat_t_port_port);
 5364         } else {
 5365                 type = 0;
 5366         }
 5367         if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL &&
 5368             mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
 5369                 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) ||
 5370                     mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
 5371                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5372                             __func__));
 5373                         return key_senderror(so, m, EINVAL);
 5374                 }
 5375                 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
 5376                 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
 5377                 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__));
 5378         } else {
 5379                 iaddr = raddr = NULL;
 5380         }
 5381         if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
 5382                 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
 5383                         ipseclog((LOG_DEBUG, "%s: invalid message\n",
 5384                             __func__));
 5385                         return key_senderror(so, m, EINVAL);
 5386                 }
 5387                 frag = (struct sadb_x_nat_t_frag *)
 5388                     mhp->ext[SADB_X_EXT_NAT_T_FRAG];
 5389         } else {
 5390                 frag = 0;
 5391         }
 5392 #endif
 5393 
 5394         /* get a SA header */
 5395         if ((newsah = key_getsah(&saidx)) == NULL) {
 5396                 /* create a new SA header */
 5397                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5398                         ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__));
 5399                         return key_senderror(so, m, ENOBUFS);
 5400                 }
 5401         }
 5402 
 5403         /* set spidx if there */
 5404         /* XXX rewrite */
 5405         error = key_setident(newsah, m, mhp);
 5406         if (error) {
 5407                 return key_senderror(so, m, error);
 5408         }
 5409 
 5410         /* create new SA entry. */
 5411         /* We can create new SA only if SPI is differenct. */
 5412         SAHTREE_LOCK();
 5413         newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi);
 5414         SAHTREE_UNLOCK();
 5415         if (newsav != NULL) {
 5416                 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__));
 5417                 return key_senderror(so, m, EEXIST);
 5418         }
 5419         newsav = KEY_NEWSAV(m, mhp, newsah, &error);
 5420         if (newsav == NULL) {
 5421                 return key_senderror(so, m, error);
 5422         }
 5423 
 5424 #ifdef IPSEC_NAT_T
 5425         /*
 5426          * Handle more NAT-T info if present,
 5427          * now that we have a sav to fill.
 5428          */
 5429         if (type)
 5430                 newsav->natt_type = type->sadb_x_nat_t_type_type;
 5431 
 5432 #if 0
 5433         /*
 5434          * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0.
 5435          * We should actually check for a minimum MTU here, if we
 5436          * want to support it in ip_output.
 5437          */
 5438         if (frag)
 5439                 newsav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen;
 5440 #endif
 5441 #endif
 5442 
 5443         /* check SA values to be mature. */
 5444         if ((error = key_mature(newsav)) != 0) {
 5445                 KEY_FREESAV(&newsav);
 5446                 return key_senderror(so, m, error);
 5447         }
 5448 
 5449         /*
 5450          * don't call key_freesav() here, as we would like to keep the SA
 5451          * in the database on success.
 5452          */
 5453 
 5454     {
 5455         struct mbuf *n;
 5456 
 5457         /* set msg buf from mhp */
 5458         n = key_getmsgbuf_x1(m, mhp);
 5459         if (n == NULL) {
 5460                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5461                 return key_senderror(so, m, ENOBUFS);
 5462         }
 5463 
 5464         m_freem(m);
 5465         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5466     }
 5467 }
 5468 
 5469 /* m is retained */
 5470 static int
 5471 key_setident(sah, m, mhp)
 5472         struct secashead *sah;
 5473         struct mbuf *m;
 5474         const struct sadb_msghdr *mhp;
 5475 {
 5476         const struct sadb_ident *idsrc, *iddst;
 5477         int idsrclen, iddstlen;
 5478 
 5479         IPSEC_ASSERT(sah != NULL, ("null secashead"));
 5480         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5481         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5482         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5483 
 5484         /* don't make buffer if not there */
 5485         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5486             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5487                 sah->idents = NULL;
 5488                 sah->identd = NULL;
 5489                 return 0;
 5490         }
 5491         
 5492         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5493             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5494                 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__));
 5495                 return EINVAL;
 5496         }
 5497 
 5498         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5499         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5500         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5501         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5502 
 5503         /* validity check */
 5504         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5505                 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__));
 5506                 return EINVAL;
 5507         }
 5508 
 5509         switch (idsrc->sadb_ident_type) {
 5510         case SADB_IDENTTYPE_PREFIX:
 5511         case SADB_IDENTTYPE_FQDN:
 5512         case SADB_IDENTTYPE_USERFQDN:
 5513         default:
 5514                 /* XXX do nothing */
 5515                 sah->idents = NULL;
 5516                 sah->identd = NULL;
 5517                 return 0;
 5518         }
 5519 
 5520         /* make structure */
 5521         sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5522         if (sah->idents == NULL) {
 5523                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5524                 return ENOBUFS;
 5525         }
 5526         sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
 5527         if (sah->identd == NULL) {
 5528                 free(sah->idents, M_IPSEC_MISC);
 5529                 sah->idents = NULL;
 5530                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 5531                 return ENOBUFS;
 5532         }
 5533         sah->idents->type = idsrc->sadb_ident_type;
 5534         sah->idents->id = idsrc->sadb_ident_id;
 5535 
 5536         sah->identd->type = iddst->sadb_ident_type;
 5537         sah->identd->id = iddst->sadb_ident_id;
 5538 
 5539         return 0;
 5540 }
 5541 
 5542 /*
 5543  * m will not be freed on return.
 5544  * it is caller's responsibility to free the result. 
 5545  */
 5546 static struct mbuf *
 5547 key_getmsgbuf_x1(m, mhp)
 5548         struct mbuf *m;
 5549         const struct sadb_msghdr *mhp;
 5550 {
 5551         struct mbuf *n;
 5552 
 5553         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5554         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5555         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5556 
 5557         /* create new sadb_msg to reply. */
 5558         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5559             SADB_EXT_SA, SADB_X_EXT_SA2,
 5560             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5561             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5562             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5563         if (!n)
 5564                 return NULL;
 5565 
 5566         if (n->m_len < sizeof(struct sadb_msg)) {
 5567                 n = m_pullup(n, sizeof(struct sadb_msg));
 5568                 if (n == NULL)
 5569                         return NULL;
 5570         }
 5571         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5572         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5573             PFKEY_UNIT64(n->m_pkthdr.len);
 5574 
 5575         return n;
 5576 }
 5577 
 5578 static int key_delete_all __P((struct socket *, struct mbuf *,
 5579         const struct sadb_msghdr *, u_int16_t));
 5580 
 5581 /*
 5582  * SADB_DELETE processing
 5583  * receive
 5584  *   <base, SA(*), address(SD)>
 5585  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5586  * and send,
 5587  *   <base, SA(*), address(SD)>
 5588  * to the ikmpd.
 5589  *
 5590  * m will always be freed.
 5591  */
 5592 static int
 5593 key_delete(so, m, mhp)
 5594         struct socket *so;
 5595         struct mbuf *m;
 5596         const struct sadb_msghdr *mhp;
 5597 {
 5598         struct sadb_sa *sa0;
 5599         struct sadb_address *src0, *dst0;
 5600         struct secasindex saidx;
 5601         struct secashead *sah;
 5602         struct secasvar *sav = NULL;
 5603         u_int16_t proto;
 5604 
 5605         IPSEC_ASSERT(so != NULL, ("null socket"));
 5606         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5607         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5608         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5609 
 5610         /* map satype to proto */
 5611         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5612                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5613                         __func__));
 5614                 return key_senderror(so, m, EINVAL);
 5615         }
 5616 
 5617         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5618             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5619                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5620                         __func__));
 5621                 return key_senderror(so, m, EINVAL);
 5622         }
 5623 
 5624         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5625             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5626                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5627                         __func__));
 5628                 return key_senderror(so, m, EINVAL);
 5629         }
 5630 
 5631         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5632                 /*
 5633                  * Caller wants us to delete all non-LARVAL SAs
 5634                  * that match the src/dst.  This is used during
 5635                  * IKE INITIAL-CONTACT.
 5636                  */
 5637                 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__));
 5638                 return key_delete_all(so, m, mhp, proto);
 5639         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5640                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5641                         __func__));
 5642                 return key_senderror(so, m, EINVAL);
 5643         }
 5644 
 5645         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5646         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5647         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5648 
 5649         /* XXX boundary check against sa_len */
 5650         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5651 
 5652         /*
 5653          * Make sure the port numbers are zero.
 5654          * In case of NAT-T we will update them later if needed.
 5655          */
 5656         KEY_PORTTOSADDR(&saidx.src, 0);
 5657         KEY_PORTTOSADDR(&saidx.dst, 0);
 5658 
 5659 #ifdef IPSEC_NAT_T
 5660         /*
 5661          * Handle NAT-T info if present.
 5662          */
 5663         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5664             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5665                 struct sadb_x_nat_t_port *sport, *dport;
 5666 
 5667                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5668                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5669                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5670                             __func__));
 5671                         return key_senderror(so, m, EINVAL);
 5672                 }
 5673 
 5674                 sport = (struct sadb_x_nat_t_port *)
 5675                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5676                 dport = (struct sadb_x_nat_t_port *)
 5677                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5678 
 5679                 if (sport)
 5680                         KEY_PORTTOSADDR(&saidx.src,
 5681                             sport->sadb_x_nat_t_port_port);
 5682                 if (dport)
 5683                         KEY_PORTTOSADDR(&saidx.dst,
 5684                             dport->sadb_x_nat_t_port_port);
 5685         }
 5686 #endif
 5687 
 5688         /* get a SA header */
 5689         SAHTREE_LOCK();
 5690         LIST_FOREACH(sah, &V_sahtree, chain) {
 5691                 if (sah->state == SADB_SASTATE_DEAD)
 5692                         continue;
 5693                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5694                         continue;
 5695 
 5696                 /* get a SA with SPI. */
 5697                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5698                 if (sav)
 5699                         break;
 5700         }
 5701         if (sah == NULL) {
 5702                 SAHTREE_UNLOCK();
 5703                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5704                 return key_senderror(so, m, ENOENT);
 5705         }
 5706 
 5707         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5708         KEY_FREESAV(&sav);
 5709         SAHTREE_UNLOCK();
 5710 
 5711     {
 5712         struct mbuf *n;
 5713         struct sadb_msg *newmsg;
 5714 
 5715         /* create new sadb_msg to reply. */
 5716         /* XXX-BZ NAT-T extensions? */
 5717         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5718             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5719         if (!n)
 5720                 return key_senderror(so, m, ENOBUFS);
 5721 
 5722         if (n->m_len < sizeof(struct sadb_msg)) {
 5723                 n = m_pullup(n, sizeof(struct sadb_msg));
 5724                 if (n == NULL)
 5725                         return key_senderror(so, m, ENOBUFS);
 5726         }
 5727         newmsg = mtod(n, struct sadb_msg *);
 5728         newmsg->sadb_msg_errno = 0;
 5729         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5730 
 5731         m_freem(m);
 5732         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5733     }
 5734 }
 5735 
 5736 /*
 5737  * delete all SAs for src/dst.  Called from key_delete().
 5738  */
 5739 static int
 5740 key_delete_all(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp,
 5741     u_int16_t proto)
 5742 {
 5743         struct sadb_address *src0, *dst0;
 5744         struct secasindex saidx;
 5745         struct secashead *sah;
 5746         struct secasvar *sav, *nextsav;
 5747         u_int stateidx, state;
 5748 
 5749         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5750         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5751 
 5752         /* XXX boundary check against sa_len */
 5753         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5754 
 5755         /*
 5756          * Make sure the port numbers are zero.
 5757          * In case of NAT-T we will update them later if needed.
 5758          */
 5759         KEY_PORTTOSADDR(&saidx.src, 0);
 5760         KEY_PORTTOSADDR(&saidx.dst, 0);
 5761 
 5762 #ifdef IPSEC_NAT_T
 5763         /*
 5764          * Handle NAT-T info if present.
 5765          */
 5766 
 5767         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5768             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5769                 struct sadb_x_nat_t_port *sport, *dport;
 5770 
 5771                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5772                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5773                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5774                             __func__));
 5775                         return key_senderror(so, m, EINVAL);
 5776                 }
 5777 
 5778                 sport = (struct sadb_x_nat_t_port *)
 5779                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5780                 dport = (struct sadb_x_nat_t_port *)
 5781                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5782 
 5783                 if (sport)
 5784                         KEY_PORTTOSADDR(&saidx.src,
 5785                             sport->sadb_x_nat_t_port_port);
 5786                 if (dport)
 5787                         KEY_PORTTOSADDR(&saidx.dst,
 5788                             dport->sadb_x_nat_t_port_port);
 5789         }
 5790 #endif
 5791 
 5792         SAHTREE_LOCK();
 5793         LIST_FOREACH(sah, &V_sahtree, chain) {
 5794                 if (sah->state == SADB_SASTATE_DEAD)
 5795                         continue;
 5796                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5797                         continue;
 5798 
 5799                 /* Delete all non-LARVAL SAs. */
 5800                 for (stateidx = 0;
 5801                      stateidx < _ARRAYLEN(saorder_state_alive);
 5802                      stateidx++) {
 5803                         state = saorder_state_alive[stateidx];
 5804                         if (state == SADB_SASTATE_LARVAL)
 5805                                 continue;
 5806                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5807                              sav != NULL; sav = nextsav) {
 5808                                 nextsav = LIST_NEXT(sav, chain);
 5809                                 /* sanity check */
 5810                                 if (sav->state != state) {
 5811                                         ipseclog((LOG_DEBUG, "%s: invalid "
 5812                                                 "sav->state (queue %d SA %d)\n",
 5813                                                 __func__, state, sav->state));
 5814                                         continue;
 5815                                 }
 5816                                 
 5817                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5818                                 KEY_FREESAV(&sav);
 5819                         }
 5820                 }
 5821         }
 5822         SAHTREE_UNLOCK();
 5823     {
 5824         struct mbuf *n;
 5825         struct sadb_msg *newmsg;
 5826 
 5827         /* create new sadb_msg to reply. */
 5828         /* XXX-BZ NAT-T extensions? */
 5829         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5830             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5831         if (!n)
 5832                 return key_senderror(so, m, ENOBUFS);
 5833 
 5834         if (n->m_len < sizeof(struct sadb_msg)) {
 5835                 n = m_pullup(n, sizeof(struct sadb_msg));
 5836                 if (n == NULL)
 5837                         return key_senderror(so, m, ENOBUFS);
 5838         }
 5839         newmsg = mtod(n, struct sadb_msg *);
 5840         newmsg->sadb_msg_errno = 0;
 5841         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5842 
 5843         m_freem(m);
 5844         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5845     }
 5846 }
 5847 
 5848 /*
 5849  * SADB_GET processing
 5850  * receive
 5851  *   <base, SA(*), address(SD)>
 5852  * from the ikmpd, and get a SP and a SA to respond,
 5853  * and send,
 5854  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5855  *       (identity(SD),) (sensitivity)>
 5856  * to the ikmpd.
 5857  *
 5858  * m will always be freed.
 5859  */
 5860 static int
 5861 key_get(so, m, mhp)
 5862         struct socket *so;
 5863         struct mbuf *m;
 5864         const struct sadb_msghdr *mhp;
 5865 {
 5866         struct sadb_sa *sa0;
 5867         struct sadb_address *src0, *dst0;
 5868         struct secasindex saidx;
 5869         struct secashead *sah;
 5870         struct secasvar *sav = NULL;
 5871         u_int16_t proto;
 5872 
 5873         IPSEC_ASSERT(so != NULL, ("null socket"));
 5874         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 5875         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 5876         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 5877 
 5878         /* map satype to proto */
 5879         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5880                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 5881                         __func__));
 5882                 return key_senderror(so, m, EINVAL);
 5883         }
 5884 
 5885         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5886             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5887             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5888                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5889                         __func__));
 5890                 return key_senderror(so, m, EINVAL);
 5891         }
 5892         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5893             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5894             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5895                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 5896                         __func__));
 5897                 return key_senderror(so, m, EINVAL);
 5898         }
 5899 
 5900         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5901         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5902         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5903 
 5904         /* XXX boundary check against sa_len */
 5905         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5906 
 5907         /*
 5908          * Make sure the port numbers are zero.
 5909          * In case of NAT-T we will update them later if needed.
 5910          */
 5911         KEY_PORTTOSADDR(&saidx.src, 0);
 5912         KEY_PORTTOSADDR(&saidx.dst, 0);
 5913 
 5914 #ifdef IPSEC_NAT_T
 5915         /*
 5916          * Handle NAT-T info if present.
 5917          */
 5918 
 5919         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 5920             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 5921                 struct sadb_x_nat_t_port *sport, *dport;
 5922 
 5923                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 5924                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 5925                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 5926                             __func__));
 5927                         return key_senderror(so, m, EINVAL);
 5928                 }
 5929 
 5930                 sport = (struct sadb_x_nat_t_port *)
 5931                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 5932                 dport = (struct sadb_x_nat_t_port *)
 5933                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 5934 
 5935                 if (sport)
 5936                         KEY_PORTTOSADDR(&saidx.src,
 5937                             sport->sadb_x_nat_t_port_port);
 5938                 if (dport)
 5939                         KEY_PORTTOSADDR(&saidx.dst,
 5940                             dport->sadb_x_nat_t_port_port);
 5941         }
 5942 #endif
 5943 
 5944         /* get a SA header */
 5945         SAHTREE_LOCK();
 5946         LIST_FOREACH(sah, &V_sahtree, chain) {
 5947                 if (sah->state == SADB_SASTATE_DEAD)
 5948                         continue;
 5949                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5950                         continue;
 5951 
 5952                 /* get a SA with SPI. */
 5953                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5954                 if (sav)
 5955                         break;
 5956         }
 5957         SAHTREE_UNLOCK();
 5958         if (sah == NULL) {
 5959                 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
 5960                 return key_senderror(so, m, ENOENT);
 5961         }
 5962 
 5963     {
 5964         struct mbuf *n;
 5965         u_int8_t satype;
 5966 
 5967         /* map proto to satype */
 5968         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5969                 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n",
 5970                         __func__));
 5971                 return key_senderror(so, m, EINVAL);
 5972         }
 5973 
 5974         /* create new sadb_msg to reply. */
 5975         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5976             mhp->msg->sadb_msg_pid);
 5977         if (!n)
 5978                 return key_senderror(so, m, ENOBUFS);
 5979 
 5980         m_freem(m);
 5981         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5982     }
 5983 }
 5984 
 5985 /* XXX make it sysctl-configurable? */
 5986 static void
 5987 key_getcomb_setlifetime(comb)
 5988         struct sadb_comb *comb;
 5989 {
 5990 
 5991         comb->sadb_comb_soft_allocations = 1;
 5992         comb->sadb_comb_hard_allocations = 1;
 5993         comb->sadb_comb_soft_bytes = 0;
 5994         comb->sadb_comb_hard_bytes = 0;
 5995         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5996         comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
 5997         comb->sadb_comb_soft_usetime = 28800;   /* 8 hours */
 5998         comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5999 }
 6000 
 6001 /*
 6002  * XXX reorder combinations by preference
 6003  * XXX no idea if the user wants ESP authentication or not
 6004  */
 6005 static struct mbuf *
 6006 key_getcomb_esp()
 6007 {
 6008         struct sadb_comb *comb;
 6009         struct enc_xform *algo;
 6010         struct mbuf *result = NULL, *m, *n;
 6011         int encmin;
 6012         int i, off, o;
 6013         int totlen;
 6014         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6015 
 6016         m = NULL;
 6017         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6018                 algo = esp_algorithm_lookup(i);
 6019                 if (algo == NULL)
 6020                         continue;
 6021 
 6022                 /* discard algorithms with key size smaller than system min */
 6023                 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin)
 6024                         continue;
 6025                 if (_BITS(algo->minkey) < V_ipsec_esp_keymin)
 6026                         encmin = V_ipsec_esp_keymin;
 6027                 else
 6028                         encmin = _BITS(algo->minkey);
 6029 
 6030                 if (V_ipsec_esp_auth)
 6031                         m = key_getcomb_ah();
 6032                 else {
 6033                         IPSEC_ASSERT(l <= MLEN,
 6034                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6035                         MGET(m, M_DONTWAIT, MT_DATA);
 6036                         if (m) {
 6037                                 M_ALIGN(m, l);
 6038                                 m->m_len = l;
 6039                                 m->m_next = NULL;
 6040                                 bzero(mtod(m, caddr_t), m->m_len);
 6041                         }
 6042                 }
 6043                 if (!m)
 6044                         goto fail;
 6045 
 6046                 totlen = 0;
 6047                 for (n = m; n; n = n->m_next)
 6048                         totlen += n->m_len;
 6049                 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l));
 6050 
 6051                 for (off = 0; off < totlen; off += l) {
 6052                         n = m_pulldown(m, off, l, &o);
 6053                         if (!n) {
 6054                                 /* m is already freed */
 6055                                 goto fail;
 6056                         }
 6057                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 6058                         bzero(comb, sizeof(*comb));
 6059                         key_getcomb_setlifetime(comb);
 6060                         comb->sadb_comb_encrypt = i;
 6061                         comb->sadb_comb_encrypt_minbits = encmin;
 6062                         comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
 6063                 }
 6064 
 6065                 if (!result)
 6066                         result = m;
 6067                 else
 6068                         m_cat(result, m);
 6069         }
 6070 
 6071         return result;
 6072 
 6073  fail:
 6074         if (result)
 6075                 m_freem(result);
 6076         return NULL;
 6077 }
 6078 
 6079 static void
 6080 key_getsizes_ah(
 6081         const struct auth_hash *ah,
 6082         int alg,
 6083         u_int16_t* min,
 6084         u_int16_t* max)
 6085 {
 6086 
 6087         *min = *max = ah->keysize;
 6088         if (ah->keysize == 0) {
 6089                 /*
 6090                  * Transform takes arbitrary key size but algorithm
 6091                  * key size is restricted.  Enforce this here.
 6092                  */
 6093                 switch (alg) {
 6094                 case SADB_X_AALG_MD5:   *min = *max = 16; break;
 6095                 case SADB_X_AALG_SHA:   *min = *max = 20; break;
 6096                 case SADB_X_AALG_NULL:  *min = 1; *max = 256; break;
 6097                 case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
 6098                 case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
 6099                 case SADB_X_AALG_SHA2_512: *min = *max = 64; break;
 6100                 default:
 6101                         DPRINTF(("%s: unknown AH algorithm %u\n",
 6102                                 __func__, alg));
 6103                         break;
 6104                 }
 6105         }
 6106 }
 6107 
 6108 /*
 6109  * XXX reorder combinations by preference
 6110  */
 6111 static struct mbuf *
 6112 key_getcomb_ah()
 6113 {
 6114         struct sadb_comb *comb;
 6115         struct auth_hash *algo;
 6116         struct mbuf *m;
 6117         u_int16_t minkeysize, maxkeysize;
 6118         int i;
 6119         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6120 
 6121         m = NULL;
 6122         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6123 #if 1
 6124                 /* we prefer HMAC algorithms, not old algorithms */
 6125                 if (i != SADB_AALG_SHA1HMAC &&
 6126                     i != SADB_AALG_MD5HMAC  &&
 6127                     i != SADB_X_AALG_SHA2_256 &&
 6128                     i != SADB_X_AALG_SHA2_384 &&
 6129                     i != SADB_X_AALG_SHA2_512)
 6130                         continue;
 6131 #endif
 6132                 algo = ah_algorithm_lookup(i);
 6133                 if (!algo)
 6134                         continue;
 6135                 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
 6136                 /* discard algorithms with key size smaller than system min */
 6137                 if (_BITS(minkeysize) < V_ipsec_ah_keymin)
 6138                         continue;
 6139 
 6140                 if (!m) {
 6141                         IPSEC_ASSERT(l <= MLEN,
 6142                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6143                         MGET(m, M_DONTWAIT, MT_DATA);
 6144                         if (m) {
 6145                                 M_ALIGN(m, l);
 6146                                 m->m_len = l;
 6147                                 m->m_next = NULL;
 6148                         }
 6149                 } else
 6150                         M_PREPEND(m, l, M_DONTWAIT);
 6151                 if (!m)
 6152                         return NULL;
 6153 
 6154                 comb = mtod(m, struct sadb_comb *);
 6155                 bzero(comb, sizeof(*comb));
 6156                 key_getcomb_setlifetime(comb);
 6157                 comb->sadb_comb_auth = i;
 6158                 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
 6159                 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
 6160         }
 6161 
 6162         return m;
 6163 }
 6164 
 6165 /*
 6166  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 6167  * XXX reorder combinations by preference
 6168  */
 6169 static struct mbuf *
 6170 key_getcomb_ipcomp()
 6171 {
 6172         struct sadb_comb *comb;
 6173         struct comp_algo *algo;
 6174         struct mbuf *m;
 6175         int i;
 6176         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 6177 
 6178         m = NULL;
 6179         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 6180                 algo = ipcomp_algorithm_lookup(i);
 6181                 if (!algo)
 6182                         continue;
 6183 
 6184                 if (!m) {
 6185                         IPSEC_ASSERT(l <= MLEN,
 6186                                 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
 6187                         MGET(m, M_DONTWAIT, MT_DATA);
 6188                         if (m) {
 6189                                 M_ALIGN(m, l);
 6190                                 m->m_len = l;
 6191                                 m->m_next = NULL;
 6192                         }
 6193                 } else
 6194                         M_PREPEND(m, l, M_DONTWAIT);
 6195                 if (!m)
 6196                         return NULL;
 6197 
 6198                 comb = mtod(m, struct sadb_comb *);
 6199                 bzero(comb, sizeof(*comb));
 6200                 key_getcomb_setlifetime(comb);
 6201                 comb->sadb_comb_encrypt = i;
 6202                 /* what should we set into sadb_comb_*_{min,max}bits? */
 6203         }
 6204 
 6205         return m;
 6206 }
 6207 
 6208 /*
 6209  * XXX no way to pass mode (transport/tunnel) to userland
 6210  * XXX replay checking?
 6211  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 6212  */
 6213 static struct mbuf *
 6214 key_getprop(saidx)
 6215         const struct secasindex *saidx;
 6216 {
 6217         struct sadb_prop *prop;
 6218         struct mbuf *m, *n;
 6219         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 6220         int totlen;
 6221 
 6222         switch (saidx->proto)  {
 6223         case IPPROTO_ESP:
 6224                 m = key_getcomb_esp();
 6225                 break;
 6226         case IPPROTO_AH:
 6227                 m = key_getcomb_ah();
 6228                 break;
 6229         case IPPROTO_IPCOMP:
 6230                 m = key_getcomb_ipcomp();
 6231                 break;
 6232         default:
 6233                 return NULL;
 6234         }
 6235 
 6236         if (!m)
 6237                 return NULL;
 6238         M_PREPEND(m, l, M_DONTWAIT);
 6239         if (!m)
 6240                 return NULL;
 6241 
 6242         totlen = 0;
 6243         for (n = m; n; n = n->m_next)
 6244                 totlen += n->m_len;
 6245 
 6246         prop = mtod(m, struct sadb_prop *);
 6247         bzero(prop, sizeof(*prop));
 6248         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 6249         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 6250         prop->sadb_prop_replay = 32;    /* XXX */
 6251 
 6252         return m;
 6253 }
 6254 
 6255 /*
 6256  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 6257  * send
 6258  *   <base, SA, address(SD), (address(P)), x_policy,
 6259  *       (identity(SD),) (sensitivity,) proposal>
 6260  * to KMD, and expect to receive
 6261  *   <base> with SADB_ACQUIRE if error occured,
 6262  * or
 6263  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 6264  * from KMD by PF_KEY.
 6265  *
 6266  * XXX x_policy is outside of RFC2367 (KAME extension).
 6267  * XXX sensitivity is not supported.
 6268  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 6269  * see comment for key_getcomb_ipcomp().
 6270  *
 6271  * OUT:
 6272  *    0     : succeed
 6273  *    others: error number
 6274  */
 6275 static int
 6276 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
 6277 {
 6278         struct mbuf *result = NULL, *m;
 6279         struct secacq *newacq;
 6280         u_int8_t satype;
 6281         int error = -1;
 6282         u_int32_t seq;
 6283 
 6284         IPSEC_ASSERT(saidx != NULL, ("null saidx"));
 6285         satype = key_proto2satype(saidx->proto);
 6286         IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
 6287 
 6288         /*
 6289          * We never do anything about acquirng SA.  There is anather
 6290          * solution that kernel blocks to send SADB_ACQUIRE message until
 6291          * getting something message from IKEd.  In later case, to be
 6292          * managed with ACQUIRING list.
 6293          */
 6294         /* Get an entry to check whether sending message or not. */
 6295         if ((newacq = key_getacq(saidx)) != NULL) {
 6296                 if (V_key_blockacq_count < newacq->count) {
 6297                         /* reset counter and do send message. */
 6298                         newacq->count = 0;
 6299                 } else {
 6300                         /* increment counter and do nothing. */
 6301                         newacq->count++;
 6302                         return 0;
 6303                 }
 6304         } else {
 6305                 /* make new entry for blocking to send SADB_ACQUIRE. */
 6306                 if ((newacq = key_newacq(saidx)) == NULL)
 6307                         return ENOBUFS;
 6308         }
 6309 
 6310 
 6311         seq = newacq->seq;
 6312         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 6313         if (!m) {
 6314                 error = ENOBUFS;
 6315                 goto fail;
 6316         }
 6317         result = m;
 6318 
 6319         /*
 6320          * No SADB_X_EXT_NAT_T_* here: we do not know
 6321          * anything related to NAT-T at this time.
 6322          */
 6323 
 6324         /* set sadb_address for saidx's. */
 6325         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6326             &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY);
 6327         if (!m) {
 6328                 error = ENOBUFS;
 6329                 goto fail;
 6330         }
 6331         m_cat(result, m);
 6332 
 6333         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6334             &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY);
 6335         if (!m) {
 6336                 error = ENOBUFS;
 6337                 goto fail;
 6338         }
 6339         m_cat(result, m);
 6340 
 6341         /* XXX proxy address (optional) */
 6342 
 6343         /* set sadb_x_policy */
 6344         if (sp) {
 6345                 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
 6346                 if (!m) {
 6347                         error = ENOBUFS;
 6348                         goto fail;
 6349                 }
 6350                 m_cat(result, m);
 6351         }
 6352 
 6353         /* XXX identity (optional) */
 6354 #if 0
 6355         if (idexttype && fqdn) {
 6356                 /* create identity extension (FQDN) */
 6357                 struct sadb_ident *id;
 6358                 int fqdnlen;
 6359 
 6360                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 6361                 id = (struct sadb_ident *)p;
 6362                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6363                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6364                 id->sadb_ident_exttype = idexttype;
 6365                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6366                 bcopy(fqdn, id + 1, fqdnlen);
 6367                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6368         }
 6369 
 6370         if (idexttype) {
 6371                 /* create identity extension (USERFQDN) */
 6372                 struct sadb_ident *id;
 6373                 int userfqdnlen;
 6374 
 6375                 if (userfqdn) {
 6376                         /* +1 for terminating-NUL */
 6377                         userfqdnlen = strlen(userfqdn) + 1;
 6378                 } else
 6379                         userfqdnlen = 0;
 6380                 id = (struct sadb_ident *)p;
 6381                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6382                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6383                 id->sadb_ident_exttype = idexttype;
 6384                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6385                 /* XXX is it correct? */
 6386                 if (curproc && curproc->p_cred)
 6387                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6388                 if (userfqdn && userfqdnlen)
 6389                         bcopy(userfqdn, id + 1, userfqdnlen);
 6390                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6391         }
 6392 #endif
 6393 
 6394         /* XXX sensitivity (optional) */
 6395 
 6396         /* create proposal/combination extension */
 6397         m = key_getprop(saidx);
 6398 #if 0
 6399         /*
 6400          * spec conformant: always attach proposal/combination extension,
 6401          * the problem is that we have no way to attach it for ipcomp,
 6402          * due to the way sadb_comb is declared in RFC2367.
 6403          */
 6404         if (!m) {
 6405                 error = ENOBUFS;
 6406                 goto fail;
 6407         }
 6408         m_cat(result, m);
 6409 #else
 6410         /*
 6411          * outside of spec; make proposal/combination extension optional.
 6412          */
 6413         if (m)
 6414                 m_cat(result, m);
 6415 #endif
 6416 
 6417         if ((result->m_flags & M_PKTHDR) == 0) {
 6418                 error = EINVAL;
 6419                 goto fail;
 6420         }
 6421 
 6422         if (result->m_len < sizeof(struct sadb_msg)) {
 6423                 result = m_pullup(result, sizeof(struct sadb_msg));
 6424                 if (result == NULL) {
 6425                         error = ENOBUFS;
 6426                         goto fail;
 6427                 }
 6428         }
 6429 
 6430         result->m_pkthdr.len = 0;
 6431         for (m = result; m; m = m->m_next)
 6432                 result->m_pkthdr.len += m->m_len;
 6433 
 6434         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6435             PFKEY_UNIT64(result->m_pkthdr.len);
 6436 
 6437         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6438 
 6439  fail:
 6440         if (result)
 6441                 m_freem(result);
 6442         return error;
 6443 }
 6444 
 6445 static struct secacq *
 6446 key_newacq(const struct secasindex *saidx)
 6447 {
 6448         struct secacq *newacq;
 6449 
 6450         /* get new entry */
 6451         newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6452         if (newacq == NULL) {
 6453                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6454                 return NULL;
 6455         }
 6456 
 6457         /* copy secindex */
 6458         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6459         newacq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
 6460         newacq->created = time_second;
 6461         newacq->count = 0;
 6462 
 6463         /* add to acqtree */
 6464         ACQ_LOCK();
 6465         LIST_INSERT_HEAD(&V_acqtree, newacq, chain);
 6466         ACQ_UNLOCK();
 6467 
 6468         return newacq;
 6469 }
 6470 
 6471 static struct secacq *
 6472 key_getacq(const struct secasindex *saidx)
 6473 {
 6474         struct secacq *acq;
 6475 
 6476         ACQ_LOCK();
 6477         LIST_FOREACH(acq, &V_acqtree, chain) {
 6478                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6479                         break;
 6480         }
 6481         ACQ_UNLOCK();
 6482 
 6483         return acq;
 6484 }
 6485 
 6486 static struct secacq *
 6487 key_getacqbyseq(seq)
 6488         u_int32_t seq;
 6489 {
 6490         struct secacq *acq;
 6491 
 6492         ACQ_LOCK();
 6493         LIST_FOREACH(acq, &V_acqtree, chain) {
 6494                 if (acq->seq == seq)
 6495                         break;
 6496         }
 6497         ACQ_UNLOCK();
 6498 
 6499         return acq;
 6500 }
 6501 
 6502 static struct secspacq *
 6503 key_newspacq(spidx)
 6504         struct secpolicyindex *spidx;
 6505 {
 6506         struct secspacq *acq;
 6507 
 6508         /* get new entry */
 6509         acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
 6510         if (acq == NULL) {
 6511                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6512                 return NULL;
 6513         }
 6514 
 6515         /* copy secindex */
 6516         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6517         acq->created = time_second;
 6518         acq->count = 0;
 6519 
 6520         /* add to spacqtree */
 6521         SPACQ_LOCK();
 6522         LIST_INSERT_HEAD(&V_spacqtree, acq, chain);
 6523         SPACQ_UNLOCK();
 6524 
 6525         return acq;
 6526 }
 6527 
 6528 static struct secspacq *
 6529 key_getspacq(spidx)
 6530         struct secpolicyindex *spidx;
 6531 {
 6532         struct secspacq *acq;
 6533 
 6534         SPACQ_LOCK();
 6535         LIST_FOREACH(acq, &V_spacqtree, chain) {
 6536                 if (key_cmpspidx_exactly(spidx, &acq->spidx)) {
 6537                         /* NB: return holding spacq_lock */
 6538                         return acq;
 6539                 }
 6540         }
 6541         SPACQ_UNLOCK();
 6542 
 6543         return NULL;
 6544 }
 6545 
 6546 /*
 6547  * SADB_ACQUIRE processing,
 6548  * in first situation, is receiving
 6549  *   <base>
 6550  * from the ikmpd, and clear sequence of its secasvar entry.
 6551  *
 6552  * In second situation, is receiving
 6553  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6554  * from a user land process, and return
 6555  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6556  * to the socket.
 6557  *
 6558  * m will always be freed.
 6559  */
 6560 static int
 6561 key_acquire2(so, m, mhp)
 6562         struct socket *so;
 6563         struct mbuf *m;
 6564         const struct sadb_msghdr *mhp;
 6565 {
 6566         const struct sadb_address *src0, *dst0;
 6567         struct secasindex saidx;
 6568         struct secashead *sah;
 6569         u_int16_t proto;
 6570         int error;
 6571 
 6572         IPSEC_ASSERT(so != NULL, ("null socket"));
 6573         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6574         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6575         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6576 
 6577         /*
 6578          * Error message from KMd.
 6579          * We assume that if error was occured in IKEd, the length of PFKEY
 6580          * message is equal to the size of sadb_msg structure.
 6581          * We do not raise error even if error occured in this function.
 6582          */
 6583         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6584                 struct secacq *acq;
 6585 
 6586                 /* check sequence number */
 6587                 if (mhp->msg->sadb_msg_seq == 0) {
 6588                         ipseclog((LOG_DEBUG, "%s: must specify sequence "
 6589                                 "number.\n", __func__));
 6590                         m_freem(m);
 6591                         return 0;
 6592                 }
 6593 
 6594                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6595                         /*
 6596                          * the specified larval SA is already gone, or we got
 6597                          * a bogus sequence number.  we can silently ignore it.
 6598                          */
 6599                         m_freem(m);
 6600                         return 0;
 6601                 }
 6602 
 6603                 /* reset acq counter in order to deletion by timehander. */
 6604                 acq->created = time_second;
 6605                 acq->count = 0;
 6606                 m_freem(m);
 6607                 return 0;
 6608         }
 6609 
 6610         /*
 6611          * This message is from user land.
 6612          */
 6613 
 6614         /* map satype to proto */
 6615         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6616                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 6617                         __func__));
 6618                 return key_senderror(so, m, EINVAL);
 6619         }
 6620 
 6621         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6622             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6623             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6624                 /* error */
 6625                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
 6626                         __func__));
 6627                 return key_senderror(so, m, EINVAL);
 6628         }
 6629         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6630             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6631             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6632                 /* error */
 6633                 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",        
 6634                         __func__));
 6635                 return key_senderror(so, m, EINVAL);
 6636         }
 6637 
 6638         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6639         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6640 
 6641         /* XXX boundary check against sa_len */
 6642         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6643 
 6644         /*
 6645          * Make sure the port numbers are zero.
 6646          * In case of NAT-T we will update them later if needed.
 6647          */
 6648         KEY_PORTTOSADDR(&saidx.src, 0);
 6649         KEY_PORTTOSADDR(&saidx.dst, 0);
 6650 
 6651 #ifndef IPSEC_NAT_T
 6652         /*
 6653          * Handle NAT-T info if present.
 6654          */
 6655 
 6656         if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL &&
 6657             mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) {
 6658                 struct sadb_x_nat_t_port *sport, *dport;
 6659 
 6660                 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) ||
 6661                     mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
 6662                         ipseclog((LOG_DEBUG, "%s: invalid message.\n",
 6663                             __func__));
 6664                         return key_senderror(so, m, EINVAL);
 6665                 }
 6666 
 6667                 sport = (struct sadb_x_nat_t_port *)
 6668                     mhp->ext[SADB_X_EXT_NAT_T_SPORT];
 6669                 dport = (struct sadb_x_nat_t_port *)
 6670                     mhp->ext[SADB_X_EXT_NAT_T_DPORT];
 6671 
 6672                 if (sport)
 6673                         KEY_PORTTOSADDR(&saidx.src,
 6674                             sport->sadb_x_nat_t_port_port);
 6675                 if (dport)
 6676                         KEY_PORTTOSADDR(&saidx.dst,
 6677                             dport->sadb_x_nat_t_port_port);
 6678         }
 6679 #endif
 6680 
 6681         /* get a SA index */
 6682         SAHTREE_LOCK();
 6683         LIST_FOREACH(sah, &V_sahtree, chain) {
 6684                 if (sah->state == SADB_SASTATE_DEAD)
 6685                         continue;
 6686                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6687                         break;
 6688         }
 6689         SAHTREE_UNLOCK();
 6690         if (sah != NULL) {
 6691                 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__));
 6692                 return key_senderror(so, m, EEXIST);
 6693         }
 6694 
 6695         error = key_acquire(&saidx, NULL);
 6696         if (error != 0) {
 6697                 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n",
 6698                         __func__, mhp->msg->sadb_msg_errno));
 6699                 return key_senderror(so, m, error);
 6700         }
 6701 
 6702         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6703 }
 6704 
 6705 /*
 6706  * SADB_REGISTER processing.
 6707  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6708  * receive
 6709  *   <base>
 6710  * from the ikmpd, and register a socket to send PF_KEY messages,
 6711  * and send
 6712  *   <base, supported>
 6713  * to KMD by PF_KEY.
 6714  * If socket is detached, must free from regnode.
 6715  *
 6716  * m will always be freed.
 6717  */
 6718 static int
 6719 key_register(so, m, mhp)
 6720         struct socket *so;
 6721         struct mbuf *m;
 6722         const struct sadb_msghdr *mhp;
 6723 {
 6724         struct secreg *reg, *newreg = 0;
 6725 
 6726         IPSEC_ASSERT(so != NULL, ("null socket"));
 6727         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 6728         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 6729         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 6730 
 6731         /* check for invalid register message */
 6732         if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0]))
 6733                 return key_senderror(so, m, EINVAL);
 6734 
 6735         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6736         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6737                 goto setmsg;
 6738 
 6739         /* check whether existing or not */
 6740         REGTREE_LOCK();
 6741         LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) {
 6742                 if (reg->so == so) {
 6743                         REGTREE_UNLOCK();
 6744                         ipseclog((LOG_DEBUG, "%s: socket exists already.\n",
 6745                                 __func__));
 6746                         return key_senderror(so, m, EEXIST);
 6747                 }
 6748         }
 6749 
 6750         /* create regnode */
 6751         newreg =  malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO);
 6752         if (newreg == NULL) {
 6753                 REGTREE_UNLOCK();
 6754                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 6755                 return key_senderror(so, m, ENOBUFS);
 6756         }
 6757 
 6758         newreg->so = so;
 6759         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6760 
 6761         /* add regnode to regtree. */
 6762         LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6763         REGTREE_UNLOCK();
 6764 
 6765   setmsg:
 6766     {
 6767         struct mbuf *n;
 6768         struct sadb_msg *newmsg;
 6769         struct sadb_supported *sup;
 6770         u_int len, alen, elen;
 6771         int off;
 6772         int i;
 6773         struct sadb_alg *alg;
 6774 
 6775         /* create new sadb_msg to reply. */
 6776         alen = 0;
 6777         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6778                 if (ah_algorithm_lookup(i))
 6779                         alen += sizeof(struct sadb_alg);
 6780         }
 6781         if (alen)
 6782                 alen += sizeof(struct sadb_supported);
 6783         elen = 0;
 6784         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6785                 if (esp_algorithm_lookup(i))
 6786                         elen += sizeof(struct sadb_alg);
 6787         }
 6788         if (elen)
 6789                 elen += sizeof(struct sadb_supported);
 6790 
 6791         len = sizeof(struct sadb_msg) + alen + elen;
 6792 
 6793         if (len > MCLBYTES)
 6794                 return key_senderror(so, m, ENOBUFS);
 6795 
 6796         MGETHDR(n, M_DONTWAIT, MT_DATA);
 6797         if (len > MHLEN) {
 6798                 MCLGET(n, M_DONTWAIT);
 6799                 if ((n->m_flags & M_EXT) == 0) {
 6800                         m_freem(n);
 6801                         n = NULL;
 6802                 }
 6803         }
 6804         if (!n)
 6805                 return key_senderror(so, m, ENOBUFS);
 6806 
 6807         n->m_pkthdr.len = n->m_len = len;
 6808         n->m_next = NULL;
 6809         off = 0;
 6810 
 6811         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6812         newmsg = mtod(n, struct sadb_msg *);
 6813         newmsg->sadb_msg_errno = 0;
 6814         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6815         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6816 
 6817         /* for authentication algorithm */
 6818         if (alen) {
 6819                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6820                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6821                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6822                 off += PFKEY_ALIGN8(sizeof(*sup));
 6823 
 6824                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6825                         struct auth_hash *aalgo;
 6826                         u_int16_t minkeysize, maxkeysize;
 6827 
 6828                         aalgo = ah_algorithm_lookup(i);
 6829                         if (!aalgo)
 6830                                 continue;
 6831                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6832                         alg->sadb_alg_id = i;
 6833                         alg->sadb_alg_ivlen = 0;
 6834                         key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
 6835                         alg->sadb_alg_minbits = _BITS(minkeysize);
 6836                         alg->sadb_alg_maxbits = _BITS(maxkeysize);
 6837                         off += PFKEY_ALIGN8(sizeof(*alg));
 6838                 }
 6839         }
 6840 
 6841         /* for encryption algorithm */
 6842         if (elen) {
 6843                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6844                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6845                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6846                 off += PFKEY_ALIGN8(sizeof(*sup));
 6847 
 6848                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6849                         struct enc_xform *ealgo;
 6850 
 6851                         ealgo = esp_algorithm_lookup(i);
 6852                         if (!ealgo)
 6853                                 continue;
 6854                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6855                         alg->sadb_alg_id = i;
 6856                         alg->sadb_alg_ivlen = ealgo->blocksize;
 6857                         alg->sadb_alg_minbits = _BITS(ealgo->minkey);
 6858                         alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
 6859                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6860                 }
 6861         }
 6862 
 6863         IPSEC_ASSERT(off == len,
 6864                 ("length assumption failed (off %u len %u)", off, len));
 6865 
 6866         m_freem(m);
 6867         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6868     }
 6869 }
 6870 
 6871 /*
 6872  * free secreg entry registered.
 6873  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6874  */
 6875 void
 6876 key_freereg(struct socket *so)
 6877 {
 6878         struct secreg *reg;
 6879         int i;
 6880 
 6881         IPSEC_ASSERT(so != NULL, ("NULL so"));
 6882 
 6883         /*
 6884          * check whether existing or not.
 6885          * check all type of SA, because there is a potential that
 6886          * one socket is registered to multiple type of SA.
 6887          */
 6888         REGTREE_LOCK();
 6889         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6890                 LIST_FOREACH(reg, &V_regtree[i], chain) {
 6891                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6892                                 LIST_REMOVE(reg, chain);
 6893                                 free(reg, M_IPSEC_SAR);
 6894                                 break;
 6895                         }
 6896                 }
 6897         }
 6898         REGTREE_UNLOCK();
 6899 }
 6900 
 6901 /*
 6902  * SADB_EXPIRE processing
 6903  * send
 6904  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6905  * to KMD by PF_KEY.
 6906  * NOTE: We send only soft lifetime extension.
 6907  *
 6908  * OUT: 0       : succeed
 6909  *      others  : error number
 6910  */
 6911 static int
 6912 key_expire(struct secasvar *sav)
 6913 {
 6914         int s;
 6915         int satype;
 6916         struct mbuf *result = NULL, *m;
 6917         int len;
 6918         int error = -1;
 6919         struct sadb_lifetime *lt;
 6920 
 6921         /* XXX: Why do we lock ? */
 6922         s = splnet();   /*called from softclock()*/
 6923 
 6924         IPSEC_ASSERT (sav != NULL, ("null sav"));
 6925         IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
 6926 
 6927         /* set msg header */
 6928         satype = key_proto2satype(sav->sah->saidx.proto);
 6929         IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
 6930         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6931         if (!m) {
 6932                 error = ENOBUFS;
 6933                 goto fail;
 6934         }
 6935         result = m;
 6936 
 6937         /* create SA extension */
 6938         m = key_setsadbsa(sav);
 6939         if (!m) {
 6940                 error = ENOBUFS;
 6941                 goto fail;
 6942         }
 6943         m_cat(result, m);
 6944 
 6945         /* create SA extension */
 6946         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6947                         sav->replay ? sav->replay->count : 0,
 6948                         sav->sah->saidx.reqid);
 6949         if (!m) {
 6950                 error = ENOBUFS;
 6951                 goto fail;
 6952         }
 6953         m_cat(result, m);
 6954 
 6955         /* create lifetime extension (current and soft) */
 6956         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6957         m = key_alloc_mbuf(len);
 6958         if (!m || m->m_next) {  /*XXX*/
 6959                 if (m)
 6960                         m_freem(m);
 6961                 error = ENOBUFS;
 6962                 goto fail;
 6963         }
 6964         bzero(mtod(m, caddr_t), len);
 6965         lt = mtod(m, struct sadb_lifetime *);
 6966         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6967         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6968         lt->sadb_lifetime_allocations = sav->lft_c->allocations;
 6969         lt->sadb_lifetime_bytes = sav->lft_c->bytes;
 6970         lt->sadb_lifetime_addtime = sav->lft_c->addtime;
 6971         lt->sadb_lifetime_usetime = sav->lft_c->usetime;
 6972         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6973         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6974         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
 6975         lt->sadb_lifetime_allocations = sav->lft_s->allocations;
 6976         lt->sadb_lifetime_bytes = sav->lft_s->bytes;
 6977         lt->sadb_lifetime_addtime = sav->lft_s->addtime;
 6978         lt->sadb_lifetime_usetime = sav->lft_s->usetime;
 6979         m_cat(result, m);
 6980 
 6981         /* set sadb_address for source */
 6982         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6983             &sav->sah->saidx.src.sa,
 6984             FULLMASK, IPSEC_ULPROTO_ANY);
 6985         if (!m) {
 6986                 error = ENOBUFS;
 6987                 goto fail;
 6988         }
 6989         m_cat(result, m);
 6990 
 6991         /* set sadb_address for destination */
 6992         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6993             &sav->sah->saidx.dst.sa,
 6994             FULLMASK, IPSEC_ULPROTO_ANY);
 6995         if (!m) {
 6996                 error = ENOBUFS;
 6997                 goto fail;
 6998         }
 6999         m_cat(result, m);
 7000 
 7001         /*
 7002          * XXX-BZ Handle NAT-T extensions here.
 7003          */
 7004 
 7005         if ((result->m_flags & M_PKTHDR) == 0) {
 7006                 error = EINVAL;
 7007                 goto fail;
 7008         }
 7009 
 7010         if (result->m_len < sizeof(struct sadb_msg)) {
 7011                 result = m_pullup(result, sizeof(struct sadb_msg));
 7012                 if (result == NULL) {
 7013                         error = ENOBUFS;
 7014                         goto fail;
 7015                 }
 7016         }
 7017 
 7018         result->m_pkthdr.len = 0;
 7019         for (m = result; m; m = m->m_next)
 7020                 result->m_pkthdr.len += m->m_len;
 7021 
 7022         mtod(result, struct sadb_msg *)->sadb_msg_len =
 7023             PFKEY_UNIT64(result->m_pkthdr.len);
 7024 
 7025         splx(s);
 7026         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 7027 
 7028  fail:
 7029         if (result)
 7030                 m_freem(result);
 7031         splx(s);
 7032         return error;
 7033 }
 7034 
 7035 /*
 7036  * SADB_FLUSH processing
 7037  * receive
 7038  *   <base>
 7039  * from the ikmpd, and free all entries in secastree.
 7040  * and send,
 7041  *   <base>
 7042  * to the ikmpd.
 7043  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 7044  *
 7045  * m will always be freed.
 7046  */
 7047 static int
 7048 key_flush(so, m, mhp)
 7049         struct socket *so;
 7050         struct mbuf *m;
 7051         const struct sadb_msghdr *mhp;
 7052 {
 7053         struct sadb_msg *newmsg;
 7054         struct secashead *sah, *nextsah;
 7055         struct secasvar *sav, *nextsav;
 7056         u_int16_t proto;
 7057         u_int8_t state;
 7058         u_int stateidx;
 7059 
 7060         IPSEC_ASSERT(so != NULL, ("null socket"));
 7061         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7062         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7063 
 7064         /* map satype to proto */
 7065         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 7066                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 7067                         __func__));
 7068                 return key_senderror(so, m, EINVAL);
 7069         }
 7070 
 7071         /* no SATYPE specified, i.e. flushing all SA. */
 7072         SAHTREE_LOCK();
 7073         for (sah = LIST_FIRST(&V_sahtree);
 7074              sah != NULL;
 7075              sah = nextsah) {
 7076                 nextsah = LIST_NEXT(sah, chain);
 7077 
 7078                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7079                  && proto != sah->saidx.proto)
 7080                         continue;
 7081 
 7082                 for (stateidx = 0;
 7083                      stateidx < _ARRAYLEN(saorder_state_alive);
 7084                      stateidx++) {
 7085                         state = saorder_state_any[stateidx];
 7086                         for (sav = LIST_FIRST(&sah->savtree[state]);
 7087                              sav != NULL;
 7088                              sav = nextsav) {
 7089 
 7090                                 nextsav = LIST_NEXT(sav, chain);
 7091 
 7092                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 7093                                 KEY_FREESAV(&sav);
 7094                         }
 7095                 }
 7096 
 7097                 sah->state = SADB_SASTATE_DEAD;
 7098         }
 7099         SAHTREE_UNLOCK();
 7100 
 7101         if (m->m_len < sizeof(struct sadb_msg) ||
 7102             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 7103                 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 7104                 return key_senderror(so, m, ENOBUFS);
 7105         }
 7106 
 7107         if (m->m_next)
 7108                 m_freem(m->m_next);
 7109         m->m_next = NULL;
 7110         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 7111         newmsg = mtod(m, struct sadb_msg *);
 7112         newmsg->sadb_msg_errno = 0;
 7113         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 7114 
 7115         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7116 }
 7117 
 7118 /*
 7119  * SADB_DUMP processing
 7120  * dump all entries including status of DEAD in SAD.
 7121  * receive
 7122  *   <base>
 7123  * from the ikmpd, and dump all secasvar leaves
 7124  * and send,
 7125  *   <base> .....
 7126  * to the ikmpd.
 7127  *
 7128  * m will always be freed.
 7129  */
 7130 static int
 7131 key_dump(so, m, mhp)
 7132         struct socket *so;
 7133         struct mbuf *m;
 7134         const struct sadb_msghdr *mhp;
 7135 {
 7136         struct secashead *sah;
 7137         struct secasvar *sav;
 7138         u_int16_t proto;
 7139         u_int stateidx;
 7140         u_int8_t satype;
 7141         u_int8_t state;
 7142         int cnt;
 7143         struct sadb_msg *newmsg;
 7144         struct mbuf *n;
 7145 
 7146         IPSEC_ASSERT(so != NULL, ("null socket"));
 7147         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7148         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7149         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7150 
 7151         /* map satype to proto */
 7152         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 7153                 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
 7154                         __func__));
 7155                 return key_senderror(so, m, EINVAL);
 7156         }
 7157 
 7158         /* count sav entries to be sent to the userland. */
 7159         cnt = 0;
 7160         SAHTREE_LOCK();
 7161         LIST_FOREACH(sah, &V_sahtree, chain) {
 7162                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7163                  && proto != sah->saidx.proto)
 7164                         continue;
 7165 
 7166                 for (stateidx = 0;
 7167                      stateidx < _ARRAYLEN(saorder_state_any);
 7168                      stateidx++) {
 7169                         state = saorder_state_any[stateidx];
 7170                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7171                                 cnt++;
 7172                         }
 7173                 }
 7174         }
 7175 
 7176         if (cnt == 0) {
 7177                 SAHTREE_UNLOCK();
 7178                 return key_senderror(so, m, ENOENT);
 7179         }
 7180 
 7181         /* send this to the userland, one at a time. */
 7182         newmsg = NULL;
 7183         LIST_FOREACH(sah, &V_sahtree, chain) {
 7184                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
 7185                  && proto != sah->saidx.proto)
 7186                         continue;
 7187 
 7188                 /* map proto to satype */
 7189                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 7190                         SAHTREE_UNLOCK();
 7191                         ipseclog((LOG_DEBUG, "%s: there was invalid proto in "
 7192                                 "SAD.\n", __func__));
 7193                         return key_senderror(so, m, EINVAL);
 7194                 }
 7195 
 7196                 for (stateidx = 0;
 7197                      stateidx < _ARRAYLEN(saorder_state_any);
 7198                      stateidx++) {
 7199                         state = saorder_state_any[stateidx];
 7200                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 7201                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 7202                                     --cnt, mhp->msg->sadb_msg_pid);
 7203                                 if (!n) {
 7204                                         SAHTREE_UNLOCK();
 7205                                         return key_senderror(so, m, ENOBUFS);
 7206                                 }
 7207                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 7208                         }
 7209                 }
 7210         }
 7211         SAHTREE_UNLOCK();
 7212 
 7213         m_freem(m);
 7214         return 0;
 7215 }
 7216 
 7217 /*
 7218  * SADB_X_PROMISC processing
 7219  *
 7220  * m will always be freed.
 7221  */
 7222 static int
 7223 key_promisc(so, m, mhp)
 7224         struct socket *so;
 7225         struct mbuf *m;
 7226         const struct sadb_msghdr *mhp;
 7227 {
 7228         int olen;
 7229 
 7230         IPSEC_ASSERT(so != NULL, ("null socket"));
 7231         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7232         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7233         IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
 7234 
 7235         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7236 
 7237         if (olen < sizeof(struct sadb_msg)) {
 7238 #if 1
 7239                 return key_senderror(so, m, EINVAL);
 7240 #else
 7241                 m_freem(m);
 7242                 return 0;
 7243 #endif
 7244         } else if (olen == sizeof(struct sadb_msg)) {
 7245                 /* enable/disable promisc mode */
 7246                 struct keycb *kp;
 7247 
 7248                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 7249                         return key_senderror(so, m, EINVAL);
 7250                 mhp->msg->sadb_msg_errno = 0;
 7251                 switch (mhp->msg->sadb_msg_satype) {
 7252                 case 0:
 7253                 case 1:
 7254                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 7255                         break;
 7256                 default:
 7257                         return key_senderror(so, m, EINVAL);
 7258                 }
 7259 
 7260                 /* send the original message back to everyone */
 7261                 mhp->msg->sadb_msg_errno = 0;
 7262                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7263         } else {
 7264                 /* send packet as is */
 7265 
 7266                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 7267 
 7268                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 7269                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 7270         }
 7271 }
 7272 
 7273 static int (*key_typesw[]) __P((struct socket *, struct mbuf *,
 7274                 const struct sadb_msghdr *)) = {
 7275         NULL,           /* SADB_RESERVED */
 7276         key_getspi,     /* SADB_GETSPI */
 7277         key_update,     /* SADB_UPDATE */
 7278         key_add,        /* SADB_ADD */
 7279         key_delete,     /* SADB_DELETE */
 7280         key_get,        /* SADB_GET */
 7281         key_acquire2,   /* SADB_ACQUIRE */
 7282         key_register,   /* SADB_REGISTER */
 7283         NULL,           /* SADB_EXPIRE */
 7284         key_flush,      /* SADB_FLUSH */
 7285         key_dump,       /* SADB_DUMP */
 7286         key_promisc,    /* SADB_X_PROMISC */
 7287         NULL,           /* SADB_X_PCHANGE */
 7288         key_spdadd,     /* SADB_X_SPDUPDATE */
 7289         key_spdadd,     /* SADB_X_SPDADD */
 7290         key_spddelete,  /* SADB_X_SPDDELETE */
 7291         key_spdget,     /* SADB_X_SPDGET */
 7292         NULL,           /* SADB_X_SPDACQUIRE */
 7293         key_spddump,    /* SADB_X_SPDDUMP */
 7294         key_spdflush,   /* SADB_X_SPDFLUSH */
 7295         key_spdadd,     /* SADB_X_SPDSETIDX */
 7296         NULL,           /* SADB_X_SPDEXPIRE */
 7297         key_spddelete2, /* SADB_X_SPDDELETE2 */
 7298 };
 7299 
 7300 /*
 7301  * parse sadb_msg buffer to process PFKEYv2,
 7302  * and create a data to response if needed.
 7303  * I think to be dealed with mbuf directly.
 7304  * IN:
 7305  *     msgp  : pointer to pointer to a received buffer pulluped.
 7306  *             This is rewrited to response.
 7307  *     so    : pointer to socket.
 7308  * OUT:
 7309  *    length for buffer to send to user process.
 7310  */
 7311 int
 7312 key_parse(m, so)
 7313         struct mbuf *m;
 7314         struct socket *so;
 7315 {
 7316         struct sadb_msg *msg;
 7317         struct sadb_msghdr mh;
 7318         u_int orglen;
 7319         int error;
 7320         int target;
 7321 
 7322         IPSEC_ASSERT(so != NULL, ("null socket"));
 7323         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7324 
 7325 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 7326         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 7327                 ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__));
 7328                 kdebug_sadb(msg));
 7329 #endif
 7330 
 7331         if (m->m_len < sizeof(struct sadb_msg)) {
 7332                 m = m_pullup(m, sizeof(struct sadb_msg));
 7333                 if (!m)
 7334                         return ENOBUFS;
 7335         }
 7336         msg = mtod(m, struct sadb_msg *);
 7337         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 7338         target = KEY_SENDUP_ONE;
 7339 
 7340         if ((m->m_flags & M_PKTHDR) == 0 ||
 7341             m->m_pkthdr.len != m->m_pkthdr.len) {
 7342                 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
 7343                 V_pfkeystat.out_invlen++;
 7344                 error = EINVAL;
 7345                 goto senderror;
 7346         }
 7347 
 7348         if (msg->sadb_msg_version != PF_KEY_V2) {
 7349                 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
 7350                     __func__, msg->sadb_msg_version));
 7351                 V_pfkeystat.out_invver++;
 7352                 error = EINVAL;
 7353                 goto senderror;
 7354         }
 7355 
 7356         if (msg->sadb_msg_type > SADB_MAX) {
 7357                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7358                     __func__, msg->sadb_msg_type));
 7359                 V_pfkeystat.out_invmsgtype++;
 7360                 error = EINVAL;
 7361                 goto senderror;
 7362         }
 7363 
 7364         /* for old-fashioned code - should be nuked */
 7365         if (m->m_pkthdr.len > MCLBYTES) {
 7366                 m_freem(m);
 7367                 return ENOBUFS;
 7368         }
 7369         if (m->m_next) {
 7370                 struct mbuf *n;
 7371 
 7372                 MGETHDR(n, M_DONTWAIT, MT_DATA);
 7373                 if (n && m->m_pkthdr.len > MHLEN) {
 7374                         MCLGET(n, M_DONTWAIT);
 7375                         if ((n->m_flags & M_EXT) == 0) {
 7376                                 m_free(n);
 7377                                 n = NULL;
 7378                         }
 7379                 }
 7380                 if (!n) {
 7381                         m_freem(m);
 7382                         return ENOBUFS;
 7383                 }
 7384                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 7385                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 7386                 n->m_next = NULL;
 7387                 m_freem(m);
 7388                 m = n;
 7389         }
 7390 
 7391         /* align the mbuf chain so that extensions are in contiguous region. */
 7392         error = key_align(m, &mh);
 7393         if (error)
 7394                 return error;
 7395 
 7396         msg = mh.msg;
 7397 
 7398         /* check SA type */
 7399         switch (msg->sadb_msg_satype) {
 7400         case SADB_SATYPE_UNSPEC:
 7401                 switch (msg->sadb_msg_type) {
 7402                 case SADB_GETSPI:
 7403                 case SADB_UPDATE:
 7404                 case SADB_ADD:
 7405                 case SADB_DELETE:
 7406                 case SADB_GET:
 7407                 case SADB_ACQUIRE:
 7408                 case SADB_EXPIRE:
 7409                         ipseclog((LOG_DEBUG, "%s: must specify satype "
 7410                             "when msg type=%u.\n", __func__,
 7411                             msg->sadb_msg_type));
 7412                         V_pfkeystat.out_invsatype++;
 7413                         error = EINVAL;
 7414                         goto senderror;
 7415                 }
 7416                 break;
 7417         case SADB_SATYPE_AH:
 7418         case SADB_SATYPE_ESP:
 7419         case SADB_X_SATYPE_IPCOMP:
 7420         case SADB_X_SATYPE_TCPSIGNATURE:
 7421                 switch (msg->sadb_msg_type) {
 7422                 case SADB_X_SPDADD:
 7423                 case SADB_X_SPDDELETE:
 7424                 case SADB_X_SPDGET:
 7425                 case SADB_X_SPDDUMP:
 7426                 case SADB_X_SPDFLUSH:
 7427                 case SADB_X_SPDSETIDX:
 7428                 case SADB_X_SPDUPDATE:
 7429                 case SADB_X_SPDDELETE2:
 7430                         ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
 7431                                 __func__, msg->sadb_msg_type));
 7432                         V_pfkeystat.out_invsatype++;
 7433                         error = EINVAL;
 7434                         goto senderror;
 7435                 }
 7436                 break;
 7437         case SADB_SATYPE_RSVP:
 7438         case SADB_SATYPE_OSPFV2:
 7439         case SADB_SATYPE_RIPV2:
 7440         case SADB_SATYPE_MIP:
 7441                 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
 7442                         __func__, msg->sadb_msg_satype));
 7443                 V_pfkeystat.out_invsatype++;
 7444                 error = EOPNOTSUPP;
 7445                 goto senderror;
 7446         case 1: /* XXX: What does it do? */
 7447                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7448                         break;
 7449                 /*FALLTHROUGH*/
 7450         default:
 7451                 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
 7452                         __func__, msg->sadb_msg_satype));
 7453                 V_pfkeystat.out_invsatype++;
 7454                 error = EINVAL;
 7455                 goto senderror;
 7456         }
 7457 
 7458         /* check field of upper layer protocol and address family */
 7459         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
 7460          && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7461                 struct sadb_address *src0, *dst0;
 7462                 u_int plen;
 7463 
 7464                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7465                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7466 
 7467                 /* check upper layer protocol */
 7468                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7469                         ipseclog((LOG_DEBUG, "%s: upper layer protocol "
 7470                                 "mismatched.\n", __func__));
 7471                         V_pfkeystat.out_invaddr++;
 7472                         error = EINVAL;
 7473                         goto senderror;
 7474                 }
 7475 
 7476                 /* check family */
 7477                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7478                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7479                         ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
 7480                                 __func__));
 7481                         V_pfkeystat.out_invaddr++;
 7482                         error = EINVAL;
 7483                         goto senderror;
 7484                 }
 7485                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7486                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7487                         ipseclog((LOG_DEBUG, "%s: address struct size "
 7488                                 "mismatched.\n", __func__));
 7489                         V_pfkeystat.out_invaddr++;
 7490                         error = EINVAL;
 7491                         goto senderror;
 7492                 }
 7493 
 7494                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7495                 case AF_INET:
 7496                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7497                             sizeof(struct sockaddr_in)) {
 7498                                 V_pfkeystat.out_invaddr++;
 7499                                 error = EINVAL;
 7500                                 goto senderror;
 7501                         }
 7502                         break;
 7503                 case AF_INET6:
 7504                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7505                             sizeof(struct sockaddr_in6)) {
 7506                                 V_pfkeystat.out_invaddr++;
 7507                                 error = EINVAL;
 7508                                 goto senderror;
 7509                         }
 7510                         break;
 7511                 default:
 7512                         ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
 7513                                 __func__));
 7514                         V_pfkeystat.out_invaddr++;
 7515                         error = EAFNOSUPPORT;
 7516                         goto senderror;
 7517                 }
 7518 
 7519                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7520                 case AF_INET:
 7521                         plen = sizeof(struct in_addr) << 3;
 7522                         break;
 7523                 case AF_INET6:
 7524                         plen = sizeof(struct in6_addr) << 3;
 7525                         break;
 7526                 default:
 7527                         plen = 0;       /*fool gcc*/
 7528                         break;
 7529                 }
 7530 
 7531                 /* check max prefix length */
 7532                 if (src0->sadb_address_prefixlen > plen ||
 7533                     dst0->sadb_address_prefixlen > plen) {
 7534                         ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
 7535                                 __func__));
 7536                         V_pfkeystat.out_invaddr++;
 7537                         error = EINVAL;
 7538                         goto senderror;
 7539                 }
 7540 
 7541                 /*
 7542                  * prefixlen == 0 is valid because there can be a case when
 7543                  * all addresses are matched.
 7544                  */
 7545         }
 7546 
 7547         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7548             key_typesw[msg->sadb_msg_type] == NULL) {
 7549                 V_pfkeystat.out_invmsgtype++;
 7550                 error = EINVAL;
 7551                 goto senderror;
 7552         }
 7553 
 7554         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7555 
 7556 senderror:
 7557         msg->sadb_msg_errno = error;
 7558         return key_sendup_mbuf(so, m, target);
 7559 }
 7560 
 7561 static int
 7562 key_senderror(so, m, code)
 7563         struct socket *so;
 7564         struct mbuf *m;
 7565         int code;
 7566 {
 7567         struct sadb_msg *msg;
 7568 
 7569         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7570                 ("mbuf too small, len %u", m->m_len));
 7571 
 7572         msg = mtod(m, struct sadb_msg *);
 7573         msg->sadb_msg_errno = code;
 7574         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7575 }
 7576 
 7577 /*
 7578  * set the pointer to each header into message buffer.
 7579  * m will be freed on error.
 7580  * XXX larger-than-MCLBYTES extension?
 7581  */
 7582 static int
 7583 key_align(m, mhp)
 7584         struct mbuf *m;
 7585         struct sadb_msghdr *mhp;
 7586 {
 7587         struct mbuf *n;
 7588         struct sadb_ext *ext;
 7589         size_t off, end;
 7590         int extlen;
 7591         int toff;
 7592 
 7593         IPSEC_ASSERT(m != NULL, ("null mbuf"));
 7594         IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
 7595         IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
 7596                 ("mbuf too small, len %u", m->m_len));
 7597 
 7598         /* initialize */
 7599         bzero(mhp, sizeof(*mhp));
 7600 
 7601         mhp->msg = mtod(m, struct sadb_msg *);
 7602         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7603 
 7604         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7605         extlen = end;   /*just in case extlen is not updated*/
 7606         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7607                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7608                 if (!n) {
 7609                         /* m is already freed */
 7610                         return ENOBUFS;
 7611                 }
 7612                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7613 
 7614                 /* set pointer */
 7615                 switch (ext->sadb_ext_type) {
 7616                 case SADB_EXT_SA:
 7617                 case SADB_EXT_ADDRESS_SRC:
 7618                 case SADB_EXT_ADDRESS_DST:
 7619                 case SADB_EXT_ADDRESS_PROXY:
 7620                 case SADB_EXT_LIFETIME_CURRENT:
 7621                 case SADB_EXT_LIFETIME_HARD:
 7622                 case SADB_EXT_LIFETIME_SOFT:
 7623                 case SADB_EXT_KEY_AUTH:
 7624                 case SADB_EXT_KEY_ENCRYPT:
 7625                 case SADB_EXT_IDENTITY_SRC:
 7626                 case SADB_EXT_IDENTITY_DST:
 7627                 case SADB_EXT_SENSITIVITY:
 7628                 case SADB_EXT_PROPOSAL:
 7629                 case SADB_EXT_SUPPORTED_AUTH:
 7630                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7631                 case SADB_EXT_SPIRANGE:
 7632                 case SADB_X_EXT_POLICY:
 7633                 case SADB_X_EXT_SA2:
 7634 #ifdef IPSEC_NAT_T
 7635                 case SADB_X_EXT_NAT_T_TYPE:
 7636                 case SADB_X_EXT_NAT_T_SPORT:
 7637                 case SADB_X_EXT_NAT_T_DPORT:
 7638                 case SADB_X_EXT_NAT_T_OAI:
 7639                 case SADB_X_EXT_NAT_T_OAR:
 7640                 case SADB_X_EXT_NAT_T_FRAG:
 7641 #endif
 7642                         /* duplicate check */
 7643                         /*
 7644                          * XXX Are there duplication payloads of either
 7645                          * KEY_AUTH or KEY_ENCRYPT ?
 7646                          */
 7647                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7648                                 ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
 7649                                         "%u\n", __func__, ext->sadb_ext_type));
 7650                                 m_freem(m);
 7651                                 V_pfkeystat.out_dupext++;
 7652                                 return EINVAL;
 7653                         }
 7654                         break;
 7655                 default:
 7656                         ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
 7657                                 __func__, ext->sadb_ext_type));
 7658                         m_freem(m);
 7659                         V_pfkeystat.out_invexttype++;
 7660                         return EINVAL;
 7661                 }
 7662 
 7663                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7664 
 7665                 if (key_validate_ext(ext, extlen)) {
 7666                         m_freem(m);
 7667                         V_pfkeystat.out_invlen++;
 7668                         return EINVAL;
 7669                 }
 7670 
 7671                 n = m_pulldown(m, off, extlen, &toff);
 7672                 if (!n) {
 7673                         /* m is already freed */
 7674                         return ENOBUFS;
 7675                 }
 7676                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7677 
 7678                 mhp->ext[ext->sadb_ext_type] = ext;
 7679                 mhp->extoff[ext->sadb_ext_type] = off;
 7680                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7681         }
 7682 
 7683         if (off != end) {
 7684                 m_freem(m);
 7685                 V_pfkeystat.out_invlen++;
 7686                 return EINVAL;
 7687         }
 7688 
 7689         return 0;
 7690 }
 7691 
 7692 static int
 7693 key_validate_ext(ext, len)
 7694         const struct sadb_ext *ext;
 7695         int len;
 7696 {
 7697         const struct sockaddr *sa;
 7698         enum { NONE, ADDR } checktype = NONE;
 7699         int baselen = 0;
 7700         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7701 
 7702         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7703                 return EINVAL;
 7704 
 7705         /* if it does not match minimum/maximum length, bail */
 7706         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7707             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7708                 return EINVAL;
 7709         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7710                 return EINVAL;
 7711         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7712                 return EINVAL;
 7713 
 7714         /* more checks based on sadb_ext_type XXX need more */
 7715         switch (ext->sadb_ext_type) {
 7716         case SADB_EXT_ADDRESS_SRC:
 7717         case SADB_EXT_ADDRESS_DST:
 7718         case SADB_EXT_ADDRESS_PROXY:
 7719                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7720                 checktype = ADDR;
 7721                 break;
 7722         case SADB_EXT_IDENTITY_SRC:
 7723         case SADB_EXT_IDENTITY_DST:
 7724                 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
 7725                     SADB_X_IDENTTYPE_ADDR) {
 7726                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7727                         checktype = ADDR;
 7728                 } else
 7729                         checktype = NONE;
 7730                 break;
 7731         default:
 7732                 checktype = NONE;
 7733                 break;
 7734         }
 7735 
 7736         switch (checktype) {
 7737         case NONE:
 7738                 break;
 7739         case ADDR:
 7740                 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
 7741                 if (len < baselen + sal)
 7742                         return EINVAL;
 7743                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7744                         return EINVAL;
 7745                 break;
 7746         }
 7747 
 7748         return 0;
 7749 }
 7750 
 7751 void
 7752 key_init(void)
 7753 {
 7754         int i;
 7755 
 7756         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7757                 LIST_INIT(&V_sptree[i]);
 7758 
 7759         LIST_INIT(&V_sahtree);
 7760 
 7761         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7762                 LIST_INIT(&V_regtree[i]);
 7763 
 7764         LIST_INIT(&V_acqtree);
 7765         LIST_INIT(&V_spacqtree);
 7766 
 7767         /* system default */
 7768         V_ip4_def_policy.policy = IPSEC_POLICY_NONE;
 7769         V_ip4_def_policy.refcnt++;      /*never reclaim this*/
 7770 
 7771         if (!IS_DEFAULT_VNET(curvnet))
 7772                 return;
 7773 
 7774         SPTREE_LOCK_INIT();
 7775         REGTREE_LOCK_INIT();
 7776         SAHTREE_LOCK_INIT();
 7777         ACQ_LOCK_INIT();
 7778         SPACQ_LOCK_INIT();
 7779 
 7780 #ifndef IPSEC_DEBUG2
 7781         timeout((void *)key_timehandler, (void *)0, hz);
 7782 #endif /*IPSEC_DEBUG2*/
 7783 
 7784         /* initialize key statistics */
 7785         keystat.getspi_count = 1;
 7786 
 7787         printf("IPsec: Initialized Security Association Processing.\n");
 7788 }
 7789 
 7790 #ifdef VIMAGE
 7791 void
 7792 key_destroy(void)
 7793 {
 7794         struct secpolicy *sp, *nextsp;
 7795         struct secacq *acq, *nextacq;
 7796         struct secspacq *spacq, *nextspacq;
 7797         struct secashead *sah, *nextsah;
 7798         struct secreg *reg;
 7799         int i;
 7800 
 7801         SPTREE_LOCK();
 7802         for (i = 0; i < IPSEC_DIR_MAX; i++) {
 7803                 for (sp = LIST_FIRST(&V_sptree[i]); 
 7804                     sp != NULL; sp = nextsp) {
 7805                         nextsp = LIST_NEXT(sp, chain);
 7806                         if (__LIST_CHAINED(sp)) {
 7807                                 LIST_REMOVE(sp, chain);
 7808                                 free(sp, M_IPSEC_SP);
 7809                         }
 7810                 }
 7811         }
 7812         SPTREE_UNLOCK();
 7813 
 7814         SAHTREE_LOCK();
 7815         for (sah = LIST_FIRST(&V_sahtree); sah != NULL; sah = nextsah) {
 7816                 nextsah = LIST_NEXT(sah, chain);
 7817                 if (__LIST_CHAINED(sah)) {
 7818                         LIST_REMOVE(sah, chain);
 7819                         free(sah, M_IPSEC_SAH);
 7820                 }
 7821         }
 7822         SAHTREE_UNLOCK();
 7823 
 7824         REGTREE_LOCK();
 7825         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 7826                 LIST_FOREACH(reg, &V_regtree[i], chain) {
 7827                         if (__LIST_CHAINED(reg)) {
 7828                                 LIST_REMOVE(reg, chain);
 7829                                 free(reg, M_IPSEC_SAR);
 7830                                 break;
 7831                         }
 7832                 }
 7833         }
 7834         REGTREE_UNLOCK();
 7835 
 7836         ACQ_LOCK();
 7837         for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) {
 7838                 nextacq = LIST_NEXT(acq, chain);
 7839                 if (__LIST_CHAINED(acq)) {
 7840                         LIST_REMOVE(acq, chain);
 7841                         free(acq, M_IPSEC_SAQ);
 7842                 }
 7843         }
 7844         ACQ_UNLOCK();
 7845 
 7846         SPACQ_LOCK();
 7847         for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL;
 7848             spacq = nextspacq) {
 7849                 nextspacq = LIST_NEXT(spacq, chain);
 7850                 if (__LIST_CHAINED(spacq)) {
 7851                         LIST_REMOVE(spacq, chain);
 7852                         free(spacq, M_IPSEC_SAQ);
 7853                 }
 7854         }
 7855         SPACQ_UNLOCK();
 7856 }
 7857 #endif
 7858 
 7859 /*
 7860  * XXX: maybe This function is called after INBOUND IPsec processing.
 7861  *
 7862  * Special check for tunnel-mode packets.
 7863  * We must make some checks for consistency between inner and outer IP header.
 7864  *
 7865  * xxx more checks to be provided
 7866  */
 7867 int
 7868 key_checktunnelsanity(sav, family, src, dst)
 7869         struct secasvar *sav;
 7870         u_int family;
 7871         caddr_t src;
 7872         caddr_t dst;
 7873 {
 7874         IPSEC_ASSERT(sav->sah != NULL, ("null SA header"));
 7875 
 7876         /* XXX: check inner IP header */
 7877 
 7878         return 1;
 7879 }
 7880 
 7881 /* record data transfer on SA, and update timestamps */
 7882 void
 7883 key_sa_recordxfer(sav, m)
 7884         struct secasvar *sav;
 7885         struct mbuf *m;
 7886 {
 7887         IPSEC_ASSERT(sav != NULL, ("Null secasvar"));
 7888         IPSEC_ASSERT(m != NULL, ("Null mbuf"));
 7889         if (!sav->lft_c)
 7890                 return;
 7891 
 7892         /*
 7893          * XXX Currently, there is a difference of bytes size
 7894          * between inbound and outbound processing.
 7895          */
 7896         sav->lft_c->bytes += m->m_pkthdr.len;
 7897         /* to check bytes lifetime is done in key_timehandler(). */
 7898 
 7899         /*
 7900          * We use the number of packets as the unit of
 7901          * allocations.  We increment the variable
 7902          * whenever {esp,ah}_{in,out}put is called.
 7903          */
 7904         sav->lft_c->allocations++;
 7905         /* XXX check for expires? */
 7906 
 7907         /*
 7908          * NOTE: We record CURRENT usetime by using wall clock,
 7909          * in seconds.  HARD and SOFT lifetime are measured by the time
 7910          * difference (again in seconds) from usetime.
 7911          *
 7912          *      usetime
 7913          *      v     expire   expire
 7914          * -----+-----+--------+---> t
 7915          *      <--------------> HARD
 7916          *      <-----> SOFT
 7917          */
 7918         sav->lft_c->usetime = time_second;
 7919         /* XXX check for expires? */
 7920 
 7921         return;
 7922 }
 7923 
 7924 /* dumb version */
 7925 void
 7926 key_sa_routechange(dst)
 7927         struct sockaddr *dst;
 7928 {
 7929         struct secashead *sah;
 7930         struct route *ro;
 7931 
 7932         SAHTREE_LOCK();
 7933         LIST_FOREACH(sah, &V_sahtree, chain) {
 7934                 ro = &sah->route_cache.sa_route;
 7935                 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
 7936                  && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
 7937                         RTFREE(ro->ro_rt);
 7938                         ro->ro_rt = (struct rtentry *)NULL;
 7939                 }
 7940         }
 7941         SAHTREE_UNLOCK();
 7942 }
 7943 
 7944 static void
 7945 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
 7946 {
 7947         IPSEC_ASSERT(sav != NULL, ("NULL sav"));
 7948         SAHTREE_LOCK_ASSERT();
 7949 
 7950         if (sav->state != state) {
 7951                 if (__LIST_CHAINED(sav))
 7952                         LIST_REMOVE(sav, chain);
 7953                 sav->state = state;
 7954                 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
 7955         }
 7956 }
 7957 
 7958 void
 7959 key_sa_stir_iv(sav)
 7960         struct secasvar *sav;
 7961 {
 7962 
 7963         IPSEC_ASSERT(sav->iv != NULL, ("null IV"));
 7964         key_randomfill(sav->iv, sav->ivlen);
 7965 }
 7966 
 7967 /* XXX too much? */
 7968 static struct mbuf *
 7969 key_alloc_mbuf(l)
 7970         int l;
 7971 {
 7972         struct mbuf *m = NULL, *n;
 7973         int len, t;
 7974 
 7975         len = l;
 7976         while (len > 0) {
 7977                 MGET(n, M_DONTWAIT, MT_DATA);
 7978                 if (n && len > MLEN)
 7979                         MCLGET(n, M_DONTWAIT);
 7980                 if (!n) {
 7981                         m_freem(m);
 7982                         return NULL;
 7983                 }
 7984 
 7985                 n->m_next = NULL;
 7986                 n->m_len = 0;
 7987                 n->m_len = M_TRAILINGSPACE(n);
 7988                 /* use the bottom of mbuf, hoping we can prepend afterwards */
 7989                 if (n->m_len > len) {
 7990                         t = (n->m_len - len) & ~(sizeof(long) - 1);
 7991                         n->m_data += t;
 7992                         n->m_len = len;
 7993                 }
 7994 
 7995                 len -= n->m_len;
 7996 
 7997                 if (m)
 7998                         m_cat(m, n);
 7999                 else
 8000                         m = n;
 8001         }
 8002 
 8003         return m;
 8004 }
 8005 
 8006 /*
 8007  * Take one of the kernel's security keys and convert it into a PF_KEY
 8008  * structure within an mbuf, suitable for sending up to a waiting
 8009  * application in user land.
 8010  * 
 8011  * IN: 
 8012  *    src: A pointer to a kernel security key.
 8013  *    exttype: Which type of key this is. Refer to the PF_KEY data structures.
 8014  * OUT:
 8015  *    a valid mbuf or NULL indicating an error
 8016  *
 8017  */
 8018 
 8019 static struct mbuf *
 8020 key_setkey(struct seckey *src, u_int16_t exttype) 
 8021 {
 8022         struct mbuf *m;
 8023         struct sadb_key *p;
 8024         int len;
 8025 
 8026         if (src == NULL)
 8027                 return NULL;
 8028 
 8029         len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src));
 8030         m = key_alloc_mbuf(len);
 8031         if (m == NULL)
 8032                 return NULL;
 8033         p = mtod(m, struct sadb_key *);
 8034         bzero(p, len);
 8035         p->sadb_key_len = PFKEY_UNIT64(len);
 8036         p->sadb_key_exttype = exttype;
 8037         p->sadb_key_bits = src->bits;
 8038         bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src));
 8039 
 8040         return m;
 8041 }
 8042 
 8043 /*
 8044  * Take one of the kernel's lifetime data structures and convert it
 8045  * into a PF_KEY structure within an mbuf, suitable for sending up to
 8046  * a waiting application in user land.
 8047  * 
 8048  * IN: 
 8049  *    src: A pointer to a kernel lifetime structure.
 8050  *    exttype: Which type of lifetime this is. Refer to the PF_KEY 
 8051  *             data structures for more information.
 8052  * OUT:
 8053  *    a valid mbuf or NULL indicating an error
 8054  *
 8055  */
 8056 
 8057 static struct mbuf *
 8058 key_setlifetime(struct seclifetime *src, u_int16_t exttype)
 8059 {
 8060         struct mbuf *m = NULL;
 8061         struct sadb_lifetime *p;
 8062         int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
 8063 
 8064         if (src == NULL)
 8065                 return NULL;
 8066 
 8067         m = key_alloc_mbuf(len);
 8068         if (m == NULL)
 8069                 return m;
 8070         p = mtod(m, struct sadb_lifetime *);
 8071 
 8072         bzero(p, len);
 8073         p->sadb_lifetime_len = PFKEY_UNIT64(len);
 8074         p->sadb_lifetime_exttype = exttype;
 8075         p->sadb_lifetime_allocations = src->allocations;
 8076         p->sadb_lifetime_bytes = src->bytes;
 8077         p->sadb_lifetime_addtime = src->addtime;
 8078         p->sadb_lifetime_usetime = src->usetime;
 8079         
 8080         return m;
 8081 
 8082 }

Cache object: 622360af0bdc46c655b47e1d3ae2f359


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.