Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keysock.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_ipsec.h" 34 35 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */ 36 37 #include <sys/types.h> 38 #include <sys/param.h> 39 #include <sys/domain.h> 40 #include <sys/errno.h> 41 #include <sys/kernel.h> 42 #include <sys/malloc.h> 43 #include <sys/mbuf.h> 44 #include <sys/protosw.h> 45 #include <sys/signalvar.h> 46 #include <sys/socket.h> 47 #include <sys/socketvar.h> 48 #include <sys/sysctl.h> 49 #include <sys/systm.h> 50 51 #include <net/raw_cb.h> 52 #include <net/route.h> 53 54 #include <net/pfkeyv2.h> 55 #include <netipsec/key.h> 56 #include <netipsec/keysock.h> 57 #include <netipsec/key_debug.h> 58 59 #include <machine/stdarg.h> 60 61 typedef int pr_output_t (struct mbuf *, struct socket *); 62 63 struct key_cb { 64 int key_count; 65 int any_count; 66 }; 67 static struct key_cb key_cb; 68 69 static struct sockaddr key_dst = { 2, PF_KEY, }; 70 static struct sockaddr key_src = { 2, PF_KEY, }; 71 72 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); 73 74 struct pfkeystat pfkeystat; 75 76 /* 77 * key_output() 78 */ 79 int 80 #if __STDC__ 81 key_output(struct mbuf *m, ...) 82 #else 83 key_output(m, va_alist) 84 struct mbuf *m; 85 va_dcl 86 #endif 87 { 88 struct sadb_msg *msg; 89 int len, error = 0; 90 int s; 91 struct socket *so; 92 va_list ap; 93 94 va_start(ap, m); 95 so = va_arg(ap, struct socket *); 96 va_end(ap); 97 98 if (m == 0) 99 panic("key_output: NULL pointer was passed.\n"); 100 101 pfkeystat.out_total++; 102 pfkeystat.out_bytes += m->m_pkthdr.len; 103 104 len = m->m_pkthdr.len; 105 if (len < sizeof(struct sadb_msg)) { 106 pfkeystat.out_tooshort++; 107 error = EINVAL; 108 goto end; 109 } 110 111 if (m->m_len < sizeof(struct sadb_msg)) { 112 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { 113 pfkeystat.out_nomem++; 114 error = ENOBUFS; 115 goto end; 116 } 117 } 118 119 if ((m->m_flags & M_PKTHDR) == 0) 120 panic("key_output: not M_PKTHDR ??"); 121 122 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); 123 124 msg = mtod(m, struct sadb_msg *); 125 pfkeystat.out_msgtype[msg->sadb_msg_type]++; 126 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { 127 pfkeystat.out_invlen++; 128 error = EINVAL; 129 goto end; 130 } 131 132 /*XXX giant lock*/ 133 s = splnet(); 134 error = key_parse(m, so); 135 m = NULL; 136 splx(s); 137 end: 138 if (m) 139 m_freem(m); 140 return error; 141 } 142 143 /* 144 * send message to the socket. 145 */ 146 static int 147 key_sendup0(rp, m, promisc) 148 struct rawcb *rp; 149 struct mbuf *m; 150 int promisc; 151 { 152 int error; 153 154 if (promisc) { 155 struct sadb_msg *pmsg; 156 157 M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT); 158 if (m && m->m_len < sizeof(struct sadb_msg)) 159 m = m_pullup(m, sizeof(struct sadb_msg)); 160 if (!m) { 161 pfkeystat.in_nomem++; 162 m_freem(m); 163 return ENOBUFS; 164 } 165 m->m_pkthdr.len += sizeof(*pmsg); 166 167 pmsg = mtod(m, struct sadb_msg *); 168 bzero(pmsg, sizeof(*pmsg)); 169 pmsg->sadb_msg_version = PF_KEY_V2; 170 pmsg->sadb_msg_type = SADB_X_PROMISC; 171 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 172 /* pid and seq? */ 173 174 pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; 175 } 176 177 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, 178 m, NULL)) { 179 pfkeystat.in_nomem++; 180 m_freem(m); 181 error = ENOBUFS; 182 } else 183 error = 0; 184 sorwakeup(rp->rcb_socket); 185 return error; 186 } 187 188 /* XXX this interface should be obsoleted. */ 189 int 190 key_sendup(so, msg, len, target) 191 struct socket *so; 192 struct sadb_msg *msg; 193 u_int len; 194 int target; /*target of the resulting message*/ 195 { 196 struct mbuf *m, *n, *mprev; 197 int tlen; 198 199 /* sanity check */ 200 if (so == 0 || msg == 0) 201 panic("key_sendup: NULL pointer was passed.\n"); 202 203 KEYDEBUG(KEYDEBUG_KEY_DUMP, 204 printf("key_sendup: \n"); 205 kdebug_sadb(msg)); 206 207 /* 208 * we increment statistics here, just in case we have ENOBUFS 209 * in this function. 210 */ 211 pfkeystat.in_total++; 212 pfkeystat.in_bytes += len; 213 pfkeystat.in_msgtype[msg->sadb_msg_type]++; 214 215 /* 216 * Get mbuf chain whenever possible (not clusters), 217 * to save socket buffer. We'll be generating many SADB_ACQUIRE 218 * messages to listening key sockets. If we simply allocate clusters, 219 * sbappendaddr() will raise ENOBUFS due to too little sbspace(). 220 * sbspace() computes # of actual data bytes AND mbuf region. 221 * 222 * TODO: SADB_ACQUIRE filters should be implemented. 223 */ 224 tlen = len; 225 m = mprev = NULL; 226 while (tlen > 0) { 227 if (tlen == len) { 228 MGETHDR(n, M_DONTWAIT, MT_DATA); 229 n->m_len = MHLEN; 230 } else { 231 MGET(n, M_DONTWAIT, MT_DATA); 232 n->m_len = MLEN; 233 } 234 if (!n) { 235 pfkeystat.in_nomem++; 236 return ENOBUFS; 237 } 238 if (tlen >= MCLBYTES) { /*XXX better threshold? */ 239 MCLGET(n, M_DONTWAIT); 240 if ((n->m_flags & M_EXT) == 0) { 241 m_free(n); 242 m_freem(m); 243 pfkeystat.in_nomem++; 244 return ENOBUFS; 245 } 246 n->m_len = MCLBYTES; 247 } 248 249 if (tlen < n->m_len) 250 n->m_len = tlen; 251 n->m_next = NULL; 252 if (m == NULL) 253 m = mprev = n; 254 else { 255 mprev->m_next = n; 256 mprev = n; 257 } 258 tlen -= n->m_len; 259 n = NULL; 260 } 261 m->m_pkthdr.len = len; 262 m->m_pkthdr.rcvif = NULL; 263 m_copyback(m, 0, len, (caddr_t)msg); 264 265 /* avoid duplicated statistics */ 266 pfkeystat.in_total--; 267 pfkeystat.in_bytes -= len; 268 pfkeystat.in_msgtype[msg->sadb_msg_type]--; 269 270 return key_sendup_mbuf(so, m, target); 271 } 272 273 /* so can be NULL if target != KEY_SENDUP_ONE */ 274 int 275 key_sendup_mbuf(so, m, target) 276 struct socket *so; 277 struct mbuf *m; 278 int target; 279 { 280 struct mbuf *n; 281 struct keycb *kp; 282 int sendup; 283 struct rawcb *rp; 284 int error = 0; 285 286 if (m == NULL) 287 panic("key_sendup_mbuf: NULL pointer was passed.\n"); 288 if (so == NULL && target == KEY_SENDUP_ONE) 289 panic("key_sendup_mbuf: NULL pointer was passed.\n"); 290 291 pfkeystat.in_total++; 292 pfkeystat.in_bytes += m->m_pkthdr.len; 293 if (m->m_len < sizeof(struct sadb_msg)) { 294 #if 1 295 m = m_pullup(m, sizeof(struct sadb_msg)); 296 if (m == NULL) { 297 pfkeystat.in_nomem++; 298 return ENOBUFS; 299 } 300 #else 301 /* don't bother pulling it up just for stats */ 302 #endif 303 } 304 if (m->m_len >= sizeof(struct sadb_msg)) { 305 struct sadb_msg *msg; 306 msg = mtod(m, struct sadb_msg *); 307 pfkeystat.in_msgtype[msg->sadb_msg_type]++; 308 } 309 310 LIST_FOREACH(rp, &rawcb_list, list) 311 { 312 if (rp->rcb_proto.sp_family != PF_KEY) 313 continue; 314 if (rp->rcb_proto.sp_protocol 315 && rp->rcb_proto.sp_protocol != PF_KEY_V2) { 316 continue; 317 } 318 319 kp = (struct keycb *)rp; 320 321 /* 322 * If you are in promiscuous mode, and when you get broadcasted 323 * reply, you'll get two PF_KEY messages. 324 * (based on pf_key@inner.net message on 14 Oct 1998) 325 */ 326 if (((struct keycb *)rp)->kp_promisc) { 327 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 328 (void)key_sendup0(rp, n, 1); 329 n = NULL; 330 } 331 } 332 333 /* the exact target will be processed later */ 334 if (so && sotorawcb(so) == rp) 335 continue; 336 337 sendup = 0; 338 switch (target) { 339 case KEY_SENDUP_ONE: 340 /* the statement has no effect */ 341 if (so && sotorawcb(so) == rp) 342 sendup++; 343 break; 344 case KEY_SENDUP_ALL: 345 sendup++; 346 break; 347 case KEY_SENDUP_REGISTERED: 348 if (kp->kp_registered) 349 sendup++; 350 break; 351 } 352 pfkeystat.in_msgtarget[target]++; 353 354 if (!sendup) 355 continue; 356 357 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { 358 m_freem(m); 359 pfkeystat.in_nomem++; 360 return ENOBUFS; 361 } 362 363 if ((error = key_sendup0(rp, n, 0)) != 0) { 364 m_freem(m); 365 return error; 366 } 367 368 n = NULL; 369 } 370 371 if (so) { 372 error = key_sendup0(sotorawcb(so), m, 0); 373 m = NULL; 374 } else { 375 error = 0; 376 m_freem(m); 377 } 378 return error; 379 } 380 381 /* 382 * key_abort() 383 * derived from net/rtsock.c:rts_abort() 384 */ 385 static int 386 key_abort(struct socket *so) 387 { 388 int s, error; 389 s = splnet(); 390 error = raw_usrreqs.pru_abort(so); 391 splx(s); 392 return error; 393 } 394 395 /* 396 * key_attach() 397 * derived from net/rtsock.c:rts_attach() 398 */ 399 static int 400 key_attach(struct socket *so, int proto, struct proc *td) 401 { 402 struct keycb *kp; 403 int s, error; 404 405 if (sotorawcb(so) != 0) 406 return EISCONN; /* XXX panic? */ 407 kp = (struct keycb *)malloc(sizeof *kp, M_PCB, M_WAITOK|M_ZERO); /* XXX */ 408 if (kp == 0) 409 return ENOBUFS; 410 411 /* 412 * The splnet() is necessary to block protocols from sending 413 * error notifications (like RTM_REDIRECT or RTM_LOSING) while 414 * this PCB is extant but incompletely initialized. 415 * Probably we should try to do more of this work beforehand and 416 * eliminate the spl. 417 */ 418 s = splnet(); 419 so->so_pcb = (caddr_t)kp; 420 error = raw_usrreqs.pru_attach(so, proto, td); 421 kp = (struct keycb *)sotorawcb(so); 422 if (error) { 423 free(kp, M_PCB); 424 so->so_pcb = (caddr_t) 0; 425 splx(s); 426 return error; 427 } 428 429 kp->kp_promisc = kp->kp_registered = 0; 430 431 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ 432 key_cb.key_count++; 433 key_cb.any_count++; 434 kp->kp_raw.rcb_laddr = &key_src; 435 kp->kp_raw.rcb_faddr = &key_dst; 436 soisconnected(so); 437 so->so_options |= SO_USELOOPBACK; 438 439 splx(s); 440 return 0; 441 } 442 443 /* 444 * key_bind() 445 * derived from net/rtsock.c:rts_bind() 446 */ 447 static int 448 key_bind(struct socket *so, struct sockaddr *nam, struct proc *td) 449 { 450 int s, error; 451 s = splnet(); 452 error = raw_usrreqs.pru_bind(so, nam, td); /* xxx just EINVAL */ 453 splx(s); 454 return error; 455 } 456 457 /* 458 * key_connect() 459 * derived from net/rtsock.c:rts_connect() 460 */ 461 static int 462 key_connect(struct socket *so, struct sockaddr *nam, struct proc *td) 463 { 464 int s, error; 465 s = splnet(); 466 error = raw_usrreqs.pru_connect(so, nam, td); /* XXX just EINVAL */ 467 splx(s); 468 return error; 469 } 470 471 /* 472 * key_detach() 473 * derived from net/rtsock.c:rts_detach() 474 */ 475 static int 476 key_detach(struct socket *so) 477 { 478 struct keycb *kp = (struct keycb *)sotorawcb(so); 479 int s, error; 480 481 s = splnet(); 482 if (kp != 0) { 483 if (kp->kp_raw.rcb_proto.sp_protocol 484 == PF_KEY) /* XXX: AF_KEY */ 485 key_cb.key_count--; 486 key_cb.any_count--; 487 488 key_freereg(so); 489 } 490 error = raw_usrreqs.pru_detach(so); 491 splx(s); 492 return error; 493 } 494 495 /* 496 * key_disconnect() 497 * derived from net/rtsock.c:key_disconnect() 498 */ 499 static int 500 key_disconnect(struct socket *so) 501 { 502 int s, error; 503 s = splnet(); 504 error = raw_usrreqs.pru_disconnect(so); 505 splx(s); 506 return error; 507 } 508 509 /* 510 * key_peeraddr() 511 * derived from net/rtsock.c:rts_peeraddr() 512 */ 513 static int 514 key_peeraddr(struct socket *so, struct sockaddr **nam) 515 { 516 int s, error; 517 s = splnet(); 518 error = raw_usrreqs.pru_peeraddr(so, nam); 519 splx(s); 520 return error; 521 } 522 523 /* 524 * key_send() 525 * derived from net/rtsock.c:rts_send() 526 */ 527 static int 528 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 529 struct mbuf *control, struct proc *td) 530 { 531 int s, error; 532 s = splnet(); 533 error = raw_usrreqs.pru_send(so, flags, m, nam, control, td); 534 splx(s); 535 return error; 536 } 537 538 /* 539 * key_shutdown() 540 * derived from net/rtsock.c:rts_shutdown() 541 */ 542 static int 543 key_shutdown(struct socket *so) 544 { 545 int s, error; 546 s = splnet(); 547 error = raw_usrreqs.pru_shutdown(so); 548 splx(s); 549 return error; 550 } 551 552 /* 553 * key_sockaddr() 554 * derived from net/rtsock.c:rts_sockaddr() 555 */ 556 static int 557 key_sockaddr(struct socket *so, struct sockaddr **nam) 558 { 559 int s, error; 560 s = splnet(); 561 error = raw_usrreqs.pru_sockaddr(so, nam); 562 splx(s); 563 return error; 564 } 565 566 struct pr_usrreqs key_usrreqs = { 567 key_abort, pru_accept_notsupp, key_attach, key_bind, 568 key_connect, 569 pru_connect2_notsupp, pru_control_notsupp, key_detach, 570 key_disconnect, pru_listen_notsupp, key_peeraddr, 571 pru_rcvd_notsupp, 572 pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown, 573 key_sockaddr, sosend, soreceive, sopoll 574 }; 575 576 /* sysctl */ 577 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); 578 579 /* 580 * Definitions of protocols supported in the KEY domain. 581 */ 582 583 extern struct domain keydomain; 584 585 struct protosw keysw[] = { 586 { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, 587 0, (pr_output_t *)key_output, raw_ctlinput, 0, 588 0, 589 raw_init, 0, 0, 0, 590 &key_usrreqs 591 } 592 }; 593 594 static void 595 key_init0(void) 596 { 597 bzero((caddr_t)&key_cb, sizeof(key_cb)); 598 key_init(); 599 } 600 601 struct domain keydomain = 602 { PF_KEY, "key", key_init0, 0, 0, 603 keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] }; 604 605 DOMAIN_SET(key);
Cache object: 8f17ac8626a0127df5b03916ac46e151
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]