The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keysock.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: releng/10.3/sys/netipsec/keysock.c 283902 2015-06-02 03:43:36Z ae $   */
    2 /*      $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $        */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 #include "opt_ipsec.h"
   34 
   35 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
   36 
   37 #include <sys/types.h>
   38 #include <sys/param.h>
   39 #include <sys/domain.h>
   40 #include <sys/errno.h>
   41 #include <sys/kernel.h>
   42 #include <sys/lock.h>
   43 #include <sys/malloc.h>
   44 #include <sys/mbuf.h>
   45 #include <sys/mutex.h>
   46 #include <sys/priv.h>
   47 #include <sys/protosw.h>
   48 #include <sys/signalvar.h>
   49 #include <sys/socket.h>
   50 #include <sys/socketvar.h>
   51 #include <sys/sysctl.h>
   52 #include <sys/systm.h>
   53 
   54 #include <net/if.h>
   55 #include <net/raw_cb.h>
   56 #include <net/vnet.h>
   57 
   58 #include <netinet/in.h>
   59 
   60 #include <net/pfkeyv2.h>
   61 #include <netipsec/key.h>
   62 #include <netipsec/keysock.h>
   63 #include <netipsec/key_debug.h>
   64 #include <netipsec/ipsec.h>
   65 
   66 #include <machine/stdarg.h>
   67 
   68 struct key_cb {
   69         int key_count;
   70         int any_count;
   71 };
   72 static VNET_DEFINE(struct key_cb, key_cb);
   73 #define V_key_cb                VNET(key_cb)
   74 
   75 static struct sockaddr key_src = { 2, PF_KEY, };
   76 
   77 static int key_sendup0(struct rawcb *, struct mbuf *, int);
   78 
   79 VNET_PCPUSTAT_DEFINE(struct pfkeystat, pfkeystat);
   80 VNET_PCPUSTAT_SYSINIT(pfkeystat);
   81 
   82 #ifdef VIMAGE
   83 VNET_PCPUSTAT_SYSUNINIT(pfkeystat);
   84 #endif /* VIMAGE */
   85 
   86 /*
   87  * key_output()
   88  */
   89 int
   90 key_output(struct mbuf *m, struct socket *so)
   91 {
   92         struct sadb_msg *msg;
   93         int len, error = 0;
   94 
   95         if (m == 0)
   96                 panic("%s: NULL pointer was passed.\n", __func__);
   97 
   98         PFKEYSTAT_INC(out_total);
   99         PFKEYSTAT_ADD(out_bytes, m->m_pkthdr.len);
  100 
  101         len = m->m_pkthdr.len;
  102         if (len < sizeof(struct sadb_msg)) {
  103                 PFKEYSTAT_INC(out_tooshort);
  104                 error = EINVAL;
  105                 goto end;
  106         }
  107 
  108         if (m->m_len < sizeof(struct sadb_msg)) {
  109                 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
  110                         PFKEYSTAT_INC(out_nomem);
  111                         error = ENOBUFS;
  112                         goto end;
  113                 }
  114         }
  115 
  116         M_ASSERTPKTHDR(m);
  117 
  118         KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
  119 
  120         msg = mtod(m, struct sadb_msg *);
  121         PFKEYSTAT_INC(out_msgtype[msg->sadb_msg_type]);
  122         if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
  123                 PFKEYSTAT_INC(out_invlen);
  124                 error = EINVAL;
  125                 goto end;
  126         }
  127 
  128         error = key_parse(m, so);
  129         m = NULL;
  130 end:
  131         if (m)
  132                 m_freem(m);
  133         return error;
  134 }
  135 
  136 /*
  137  * send message to the socket.
  138  */
  139 static int
  140 key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
  141 {
  142         int error;
  143 
  144         if (promisc) {
  145                 struct sadb_msg *pmsg;
  146 
  147                 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
  148                 if (m == NULL) {
  149                         PFKEYSTAT_INC(in_nomem);
  150                         return (ENOBUFS);
  151                 }
  152                 pmsg = mtod(m, struct sadb_msg *);
  153                 bzero(pmsg, sizeof(*pmsg));
  154                 pmsg->sadb_msg_version = PF_KEY_V2;
  155                 pmsg->sadb_msg_type = SADB_X_PROMISC;
  156                 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
  157                 /* pid and seq? */
  158 
  159                 PFKEYSTAT_INC(in_msgtype[pmsg->sadb_msg_type]);
  160         }
  161 
  162         if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
  163             m, NULL)) {
  164                 PFKEYSTAT_INC(in_nomem);
  165                 m_freem(m);
  166                 error = ENOBUFS;
  167         } else
  168                 error = 0;
  169         sorwakeup(rp->rcb_socket);
  170         return error;
  171 }
  172 
  173 /* XXX this interface should be obsoleted. */
  174 int
  175 key_sendup(struct socket *so, struct sadb_msg *msg, u_int len, int target)
  176 {
  177         struct mbuf *m, *n, *mprev;
  178         int tlen;
  179 
  180         /* sanity check */
  181         if (so == 0 || msg == 0)
  182                 panic("%s: NULL pointer was passed.\n", __func__);
  183 
  184         KEYDEBUG(KEYDEBUG_KEY_DUMP,
  185                 printf("%s: \n", __func__);
  186                 kdebug_sadb(msg));
  187 
  188         /*
  189          * we increment statistics here, just in case we have ENOBUFS
  190          * in this function.
  191          */
  192         PFKEYSTAT_INC(in_total);
  193         PFKEYSTAT_ADD(in_bytes, len);
  194         PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
  195 
  196         /*
  197          * Get mbuf chain whenever possible (not clusters),
  198          * to save socket buffer.  We'll be generating many SADB_ACQUIRE
  199          * messages to listening key sockets.  If we simply allocate clusters,
  200          * sbappendaddr() will raise ENOBUFS due to too little sbspace().
  201          * sbspace() computes # of actual data bytes AND mbuf region.
  202          *
  203          * TODO: SADB_ACQUIRE filters should be implemented.
  204          */
  205         tlen = len;
  206         m = mprev = NULL;
  207         while (tlen > 0) {
  208                 if (tlen == len) {
  209                         MGETHDR(n, M_NOWAIT, MT_DATA);
  210                         if (n == NULL) {
  211                                 PFKEYSTAT_INC(in_nomem);
  212                                 return ENOBUFS;
  213                         }
  214                         n->m_len = MHLEN;
  215                 } else {
  216                         MGET(n, M_NOWAIT, MT_DATA);
  217                         if (n == NULL) {
  218                                 PFKEYSTAT_INC(in_nomem);
  219                                 return ENOBUFS;
  220                         }
  221                         n->m_len = MLEN;
  222                 }
  223                 if (tlen >= MCLBYTES) { /*XXX better threshold? */
  224                         MCLGET(n, M_NOWAIT);
  225                         if ((n->m_flags & M_EXT) == 0) {
  226                                 m_free(n);
  227                                 m_freem(m);
  228                                 PFKEYSTAT_INC(in_nomem);
  229                                 return ENOBUFS;
  230                         }
  231                         n->m_len = MCLBYTES;
  232                 }
  233 
  234                 if (tlen < n->m_len)
  235                         n->m_len = tlen;
  236                 n->m_next = NULL;
  237                 if (m == NULL)
  238                         m = mprev = n;
  239                 else {
  240                         mprev->m_next = n;
  241                         mprev = n;
  242                 }
  243                 tlen -= n->m_len;
  244                 n = NULL;
  245         }
  246         m->m_pkthdr.len = len;
  247         m->m_pkthdr.rcvif = NULL;
  248         m_copyback(m, 0, len, (caddr_t)msg);
  249 
  250         /* avoid duplicated statistics */
  251         PFKEYSTAT_ADD(in_total, -1);
  252         PFKEYSTAT_ADD(in_bytes, -len);
  253         PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1);
  254 
  255         return key_sendup_mbuf(so, m, target);
  256 }
  257 
  258 /* so can be NULL if target != KEY_SENDUP_ONE */
  259 int
  260 key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
  261 {
  262         struct mbuf *n;
  263         struct keycb *kp;
  264         int sendup;
  265         struct rawcb *rp;
  266         int error = 0;
  267 
  268         if (m == NULL)
  269                 panic("key_sendup_mbuf: NULL pointer was passed.\n");
  270         if (so == NULL && target == KEY_SENDUP_ONE)
  271                 panic("%s: NULL pointer was passed.\n", __func__);
  272 
  273         PFKEYSTAT_INC(in_total);
  274         PFKEYSTAT_ADD(in_bytes, m->m_pkthdr.len);
  275         if (m->m_len < sizeof(struct sadb_msg)) {
  276                 m = m_pullup(m, sizeof(struct sadb_msg));
  277                 if (m == NULL) {
  278                         PFKEYSTAT_INC(in_nomem);
  279                         return ENOBUFS;
  280                 }
  281         }
  282         if (m->m_len >= sizeof(struct sadb_msg)) {
  283                 struct sadb_msg *msg;
  284                 msg = mtod(m, struct sadb_msg *);
  285                 PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
  286         }
  287         mtx_lock(&rawcb_mtx);
  288         LIST_FOREACH(rp, &V_rawcb_list, list)
  289         {
  290                 if (rp->rcb_proto.sp_family != PF_KEY)
  291                         continue;
  292                 if (rp->rcb_proto.sp_protocol
  293                  && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
  294                         continue;
  295                 }
  296 
  297                 kp = (struct keycb *)rp;
  298 
  299                 /*
  300                  * If you are in promiscuous mode, and when you get broadcasted
  301                  * reply, you'll get two PF_KEY messages.
  302                  * (based on pf_key@inner.net message on 14 Oct 1998)
  303                  */
  304                 if (((struct keycb *)rp)->kp_promisc) {
  305                         if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
  306                                 (void)key_sendup0(rp, n, 1);
  307                                 n = NULL;
  308                         }
  309                 }
  310 
  311                 /* the exact target will be processed later */
  312                 if (so && sotorawcb(so) == rp)
  313                         continue;
  314 
  315                 sendup = 0;
  316                 switch (target) {
  317                 case KEY_SENDUP_ONE:
  318                         /* the statement has no effect */
  319                         if (so && sotorawcb(so) == rp)
  320                                 sendup++;
  321                         break;
  322                 case KEY_SENDUP_ALL:
  323                         sendup++;
  324                         break;
  325                 case KEY_SENDUP_REGISTERED:
  326                         if (kp->kp_registered)
  327                                 sendup++;
  328                         break;
  329                 }
  330                 PFKEYSTAT_INC(in_msgtarget[target]);
  331 
  332                 if (!sendup)
  333                         continue;
  334 
  335                 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
  336                         m_freem(m);
  337                         PFKEYSTAT_INC(in_nomem);
  338                         mtx_unlock(&rawcb_mtx);
  339                         return ENOBUFS;
  340                 }
  341 
  342                 if ((error = key_sendup0(rp, n, 0)) != 0) {
  343                         m_freem(m);
  344                         mtx_unlock(&rawcb_mtx);
  345                         return error;
  346                 }
  347 
  348                 n = NULL;
  349         }
  350 
  351         if (so) {
  352                 error = key_sendup0(sotorawcb(so), m, 0);
  353                 m = NULL;
  354         } else {
  355                 error = 0;
  356                 m_freem(m);
  357         }
  358         mtx_unlock(&rawcb_mtx);
  359         return error;
  360 }
  361 
  362 /*
  363  * key_abort()
  364  * derived from net/rtsock.c:rts_abort()
  365  */
  366 static void
  367 key_abort(struct socket *so)
  368 {
  369         raw_usrreqs.pru_abort(so);
  370 }
  371 
  372 /*
  373  * key_attach()
  374  * derived from net/rtsock.c:rts_attach()
  375  */
  376 static int
  377 key_attach(struct socket *so, int proto, struct thread *td)
  378 {
  379         struct keycb *kp;
  380         int error;
  381 
  382         KASSERT(so->so_pcb == NULL, ("key_attach: so_pcb != NULL"));
  383 
  384         if (td != NULL) {
  385                 error = priv_check(td, PRIV_NET_RAW);
  386                 if (error)
  387                         return error;
  388         }
  389 
  390         /* XXX */
  391         kp = malloc(sizeof *kp, M_PCB, M_WAITOK | M_ZERO); 
  392         if (kp == 0)
  393                 return ENOBUFS;
  394 
  395         so->so_pcb = (caddr_t)kp;
  396         error = raw_attach(so, proto);
  397         kp = (struct keycb *)sotorawcb(so);
  398         if (error) {
  399                 free(kp, M_PCB);
  400                 so->so_pcb = (caddr_t) 0;
  401                 return error;
  402         }
  403 
  404         kp->kp_promisc = kp->kp_registered = 0;
  405 
  406         if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
  407                 V_key_cb.key_count++;
  408         V_key_cb.any_count++;
  409         soisconnected(so);
  410         so->so_options |= SO_USELOOPBACK;
  411 
  412         return 0;
  413 }
  414 
  415 /*
  416  * key_bind()
  417  * derived from net/rtsock.c:rts_bind()
  418  */
  419 static int
  420 key_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
  421 {
  422   return EINVAL;
  423 }
  424 
  425 /*
  426  * key_close()
  427  * derived from net/rtsock.c:rts_close().
  428  */
  429 static void
  430 key_close(struct socket *so)
  431 {
  432 
  433         raw_usrreqs.pru_close(so);
  434 }
  435 
  436 /*
  437  * key_connect()
  438  * derived from net/rtsock.c:rts_connect()
  439  */
  440 static int
  441 key_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
  442 {
  443         return EINVAL;
  444 }
  445 
  446 /*
  447  * key_detach()
  448  * derived from net/rtsock.c:rts_detach()
  449  */
  450 static void
  451 key_detach(struct socket *so)
  452 {
  453         struct keycb *kp = (struct keycb *)sotorawcb(so);
  454 
  455         KASSERT(kp != NULL, ("key_detach: kp == NULL"));
  456         if (kp->kp_raw.rcb_proto.sp_protocol
  457             == PF_KEY) /* XXX: AF_KEY */
  458                 V_key_cb.key_count--;
  459         V_key_cb.any_count--;
  460 
  461         key_freereg(so);
  462         raw_usrreqs.pru_detach(so);
  463 }
  464 
  465 /*
  466  * key_disconnect()
  467  * derived from net/rtsock.c:key_disconnect()
  468  */
  469 static int
  470 key_disconnect(struct socket *so)
  471 {
  472         return(raw_usrreqs.pru_disconnect(so));
  473 }
  474 
  475 /*
  476  * key_peeraddr()
  477  * derived from net/rtsock.c:rts_peeraddr()
  478  */
  479 static int
  480 key_peeraddr(struct socket *so, struct sockaddr **nam)
  481 {
  482         return(raw_usrreqs.pru_peeraddr(so, nam));
  483 }
  484 
  485 /*
  486  * key_send()
  487  * derived from net/rtsock.c:rts_send()
  488  */
  489 static int
  490 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
  491          struct mbuf *control, struct thread *td)
  492 {
  493         return(raw_usrreqs.pru_send(so, flags, m, nam, control, td));
  494 }
  495 
  496 /*
  497  * key_shutdown()
  498  * derived from net/rtsock.c:rts_shutdown()
  499  */
  500 static int
  501 key_shutdown(struct socket *so)
  502 {
  503         return(raw_usrreqs.pru_shutdown(so));
  504 }
  505 
  506 /*
  507  * key_sockaddr()
  508  * derived from net/rtsock.c:rts_sockaddr()
  509  */
  510 static int
  511 key_sockaddr(struct socket *so, struct sockaddr **nam)
  512 {
  513         return(raw_usrreqs.pru_sockaddr(so, nam));
  514 }
  515 
  516 struct pr_usrreqs key_usrreqs = {
  517         .pru_abort =            key_abort,
  518         .pru_attach =           key_attach,
  519         .pru_bind =             key_bind,
  520         .pru_connect =          key_connect,
  521         .pru_detach =           key_detach,
  522         .pru_disconnect =       key_disconnect,
  523         .pru_peeraddr =         key_peeraddr,
  524         .pru_send =             key_send,
  525         .pru_shutdown =         key_shutdown,
  526         .pru_sockaddr =         key_sockaddr,
  527         .pru_close =            key_close,
  528 };
  529 
  530 /* sysctl */
  531 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
  532 
  533 /*
  534  * Definitions of protocols supported in the KEY domain.
  535  */
  536 
  537 extern struct domain keydomain;
  538 
  539 struct protosw keysw[] = {
  540 {
  541         .pr_type =              SOCK_RAW,
  542         .pr_domain =            &keydomain,
  543         .pr_protocol =          PF_KEY_V2,
  544         .pr_flags =             PR_ATOMIC|PR_ADDR,
  545         .pr_output =            key_output,
  546         .pr_ctlinput =          raw_ctlinput,
  547         .pr_init =              raw_init,
  548         .pr_usrreqs =           &key_usrreqs
  549 }
  550 };
  551 
  552 static void
  553 key_init0(void)
  554 {
  555 
  556         bzero((caddr_t)&V_key_cb, sizeof(V_key_cb));
  557         key_init();
  558 }
  559 
  560 struct domain keydomain = {
  561         .dom_family =           PF_KEY,
  562         .dom_name =             "key",
  563         .dom_init =             key_init0,
  564 #ifdef VIMAGE
  565         .dom_destroy =          key_destroy,
  566 #endif
  567         .dom_protosw =          keysw,
  568         .dom_protoswNPROTOSW =  &keysw[sizeof(keysw)/sizeof(keysw[0])]
  569 };
  570 
  571 VNET_DOMAIN_SET(key);

Cache object: ee5575ba1abe5fcc141042b2a8a06349


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.