1 /* $FreeBSD$ */
2 /* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */
3
4 /*-
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include "opt_ipsec.h"
34
35 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
36
37 #include <sys/types.h>
38 #include <sys/param.h>
39 #include <sys/domain.h>
40 #include <sys/errno.h>
41 #include <sys/kernel.h>
42 #include <sys/lock.h>
43 #include <sys/malloc.h>
44 #include <sys/mbuf.h>
45 #include <sys/mutex.h>
46 #include <sys/priv.h>
47 #include <sys/protosw.h>
48 #include <sys/signalvar.h>
49 #include <sys/socket.h>
50 #include <sys/socketvar.h>
51 #include <sys/sysctl.h>
52 #include <sys/systm.h>
53
54 #include <net/raw_cb.h>
55 #include <net/route.h>
56
57 #include <net/pfkeyv2.h>
58 #include <netipsec/key.h>
59 #include <netipsec/keysock.h>
60 #include <netipsec/key_debug.h>
61
62 #include <machine/stdarg.h>
63
64 struct key_cb {
65 int key_count;
66 int any_count;
67 };
68 static struct key_cb key_cb;
69
70 static struct sockaddr key_src = { 2, PF_KEY, };
71
72 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
73
74 struct pfkeystat pfkeystat;
75
76 /*
77 * key_output()
78 */
79 int
80 key_output(struct mbuf *m, struct socket *so)
81 {
82 struct sadb_msg *msg;
83 int len, error = 0;
84
85 if (m == 0)
86 panic("%s: NULL pointer was passed.\n", __func__);
87
88 pfkeystat.out_total++;
89 pfkeystat.out_bytes += m->m_pkthdr.len;
90
91 len = m->m_pkthdr.len;
92 if (len < sizeof(struct sadb_msg)) {
93 pfkeystat.out_tooshort++;
94 error = EINVAL;
95 goto end;
96 }
97
98 if (m->m_len < sizeof(struct sadb_msg)) {
99 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
100 pfkeystat.out_nomem++;
101 error = ENOBUFS;
102 goto end;
103 }
104 }
105
106 M_ASSERTPKTHDR(m);
107
108 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
109
110 msg = mtod(m, struct sadb_msg *);
111 pfkeystat.out_msgtype[msg->sadb_msg_type]++;
112 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
113 pfkeystat.out_invlen++;
114 error = EINVAL;
115 goto end;
116 }
117
118 error = key_parse(m, so);
119 m = NULL;
120 end:
121 if (m)
122 m_freem(m);
123 return error;
124 }
125
126 /*
127 * send message to the socket.
128 */
129 static int
130 key_sendup0(rp, m, promisc)
131 struct rawcb *rp;
132 struct mbuf *m;
133 int promisc;
134 {
135 int error;
136
137 if (promisc) {
138 struct sadb_msg *pmsg;
139
140 M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT);
141 if (m && m->m_len < sizeof(struct sadb_msg))
142 m = m_pullup(m, sizeof(struct sadb_msg));
143 if (!m) {
144 pfkeystat.in_nomem++;
145 m_freem(m);
146 return ENOBUFS;
147 }
148 m->m_pkthdr.len += sizeof(*pmsg);
149
150 pmsg = mtod(m, struct sadb_msg *);
151 bzero(pmsg, sizeof(*pmsg));
152 pmsg->sadb_msg_version = PF_KEY_V2;
153 pmsg->sadb_msg_type = SADB_X_PROMISC;
154 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
155 /* pid and seq? */
156
157 pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
158 }
159
160 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
161 m, NULL)) {
162 pfkeystat.in_nomem++;
163 m_freem(m);
164 error = ENOBUFS;
165 } else
166 error = 0;
167 sorwakeup(rp->rcb_socket);
168 return error;
169 }
170
171 /* XXX this interface should be obsoleted. */
172 int
173 key_sendup(so, msg, len, target)
174 struct socket *so;
175 struct sadb_msg *msg;
176 u_int len;
177 int target; /*target of the resulting message*/
178 {
179 struct mbuf *m, *n, *mprev;
180 int tlen;
181
182 /* sanity check */
183 if (so == 0 || msg == 0)
184 panic("%s: NULL pointer was passed.\n", __func__);
185
186 KEYDEBUG(KEYDEBUG_KEY_DUMP,
187 printf("%s: \n", __func__);
188 kdebug_sadb(msg));
189
190 /*
191 * we increment statistics here, just in case we have ENOBUFS
192 * in this function.
193 */
194 pfkeystat.in_total++;
195 pfkeystat.in_bytes += len;
196 pfkeystat.in_msgtype[msg->sadb_msg_type]++;
197
198 /*
199 * Get mbuf chain whenever possible (not clusters),
200 * to save socket buffer. We'll be generating many SADB_ACQUIRE
201 * messages to listening key sockets. If we simply allocate clusters,
202 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
203 * sbspace() computes # of actual data bytes AND mbuf region.
204 *
205 * TODO: SADB_ACQUIRE filters should be implemented.
206 */
207 tlen = len;
208 m = mprev = NULL;
209 while (tlen > 0) {
210 if (tlen == len) {
211 MGETHDR(n, M_DONTWAIT, MT_DATA);
212 if (n == NULL) {
213 pfkeystat.in_nomem++;
214 return ENOBUFS;
215 }
216 n->m_len = MHLEN;
217 } else {
218 MGET(n, M_DONTWAIT, MT_DATA);
219 if (n == NULL) {
220 pfkeystat.in_nomem++;
221 return ENOBUFS;
222 }
223 n->m_len = MLEN;
224 }
225 if (tlen >= MCLBYTES) { /*XXX better threshold? */
226 MCLGET(n, M_DONTWAIT);
227 if ((n->m_flags & M_EXT) == 0) {
228 m_free(n);
229 m_freem(m);
230 pfkeystat.in_nomem++;
231 return ENOBUFS;
232 }
233 n->m_len = MCLBYTES;
234 }
235
236 if (tlen < n->m_len)
237 n->m_len = tlen;
238 n->m_next = NULL;
239 if (m == NULL)
240 m = mprev = n;
241 else {
242 mprev->m_next = n;
243 mprev = n;
244 }
245 tlen -= n->m_len;
246 n = NULL;
247 }
248 m->m_pkthdr.len = len;
249 m->m_pkthdr.rcvif = NULL;
250 m_copyback(m, 0, len, (caddr_t)msg);
251
252 /* avoid duplicated statistics */
253 pfkeystat.in_total--;
254 pfkeystat.in_bytes -= len;
255 pfkeystat.in_msgtype[msg->sadb_msg_type]--;
256
257 return key_sendup_mbuf(so, m, target);
258 }
259
260 /* so can be NULL if target != KEY_SENDUP_ONE */
261 int
262 key_sendup_mbuf(so, m, target)
263 struct socket *so;
264 struct mbuf *m;
265 int target;
266 {
267 struct mbuf *n;
268 struct keycb *kp;
269 int sendup;
270 struct rawcb *rp;
271 int error = 0;
272
273 if (m == NULL)
274 panic("key_sendup_mbuf: NULL pointer was passed.\n");
275 if (so == NULL && target == KEY_SENDUP_ONE)
276 panic("%s: NULL pointer was passed.\n", __func__);
277
278 pfkeystat.in_total++;
279 pfkeystat.in_bytes += m->m_pkthdr.len;
280 if (m->m_len < sizeof(struct sadb_msg)) {
281 m = m_pullup(m, sizeof(struct sadb_msg));
282 if (m == NULL) {
283 pfkeystat.in_nomem++;
284 return ENOBUFS;
285 }
286 }
287 if (m->m_len >= sizeof(struct sadb_msg)) {
288 struct sadb_msg *msg;
289 msg = mtod(m, struct sadb_msg *);
290 pfkeystat.in_msgtype[msg->sadb_msg_type]++;
291 }
292 mtx_lock(&rawcb_mtx);
293 LIST_FOREACH(rp, &rawcb_list, list)
294 {
295 if (rp->rcb_proto.sp_family != PF_KEY)
296 continue;
297 if (rp->rcb_proto.sp_protocol
298 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
299 continue;
300 }
301
302 kp = (struct keycb *)rp;
303
304 /*
305 * If you are in promiscuous mode, and when you get broadcasted
306 * reply, you'll get two PF_KEY messages.
307 * (based on pf_key@inner.net message on 14 Oct 1998)
308 */
309 if (((struct keycb *)rp)->kp_promisc) {
310 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
311 (void)key_sendup0(rp, n, 1);
312 n = NULL;
313 }
314 }
315
316 /* the exact target will be processed later */
317 if (so && sotorawcb(so) == rp)
318 continue;
319
320 sendup = 0;
321 switch (target) {
322 case KEY_SENDUP_ONE:
323 /* the statement has no effect */
324 if (so && sotorawcb(so) == rp)
325 sendup++;
326 break;
327 case KEY_SENDUP_ALL:
328 sendup++;
329 break;
330 case KEY_SENDUP_REGISTERED:
331 if (kp->kp_registered)
332 sendup++;
333 break;
334 }
335 pfkeystat.in_msgtarget[target]++;
336
337 if (!sendup)
338 continue;
339
340 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
341 m_freem(m);
342 pfkeystat.in_nomem++;
343 mtx_unlock(&rawcb_mtx);
344 return ENOBUFS;
345 }
346
347 if ((error = key_sendup0(rp, n, 0)) != 0) {
348 m_freem(m);
349 mtx_unlock(&rawcb_mtx);
350 return error;
351 }
352
353 n = NULL;
354 }
355
356 if (so) {
357 error = key_sendup0(sotorawcb(so), m, 0);
358 m = NULL;
359 } else {
360 error = 0;
361 m_freem(m);
362 }
363 mtx_unlock(&rawcb_mtx);
364 return error;
365 }
366
367 /*
368 * key_abort()
369 * derived from net/rtsock.c:rts_abort()
370 */
371 static void
372 key_abort(struct socket *so)
373 {
374 raw_usrreqs.pru_abort(so);
375 }
376
377 /*
378 * key_attach()
379 * derived from net/rtsock.c:rts_attach()
380 */
381 static int
382 key_attach(struct socket *so, int proto, struct thread *td)
383 {
384 struct keycb *kp;
385 int error;
386
387 KASSERT(so->so_pcb == NULL, ("key_attach: so_pcb != NULL"));
388
389 if (td != NULL) {
390 error = priv_check(td, PRIV_NET_RAW);
391 if (error)
392 return error;
393 }
394
395 /* XXX */
396 MALLOC(kp, struct keycb *, sizeof *kp, M_PCB, M_WAITOK | M_ZERO);
397 if (kp == 0)
398 return ENOBUFS;
399
400 so->so_pcb = (caddr_t)kp;
401 error = raw_attach(so, proto);
402 kp = (struct keycb *)sotorawcb(so);
403 if (error) {
404 free(kp, M_PCB);
405 so->so_pcb = (caddr_t) 0;
406 return error;
407 }
408
409 kp->kp_promisc = kp->kp_registered = 0;
410
411 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
412 key_cb.key_count++;
413 key_cb.any_count++;
414 soisconnected(so);
415 so->so_options |= SO_USELOOPBACK;
416
417 return 0;
418 }
419
420 /*
421 * key_bind()
422 * derived from net/rtsock.c:rts_bind()
423 */
424 static int
425 key_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
426 {
427 return EINVAL;
428 }
429
430 /*
431 * key_close()
432 * derived from net/rtsock.c:rts_close().
433 */
434 static void
435 key_close(struct socket *so)
436 {
437
438 raw_usrreqs.pru_close(so);
439 }
440
441 /*
442 * key_connect()
443 * derived from net/rtsock.c:rts_connect()
444 */
445 static int
446 key_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
447 {
448 return EINVAL;
449 }
450
451 /*
452 * key_detach()
453 * derived from net/rtsock.c:rts_detach()
454 */
455 static void
456 key_detach(struct socket *so)
457 {
458 struct keycb *kp = (struct keycb *)sotorawcb(so);
459
460 KASSERT(kp != NULL, ("key_detach: kp == NULL"));
461 if (kp->kp_raw.rcb_proto.sp_protocol
462 == PF_KEY) /* XXX: AF_KEY */
463 key_cb.key_count--;
464 key_cb.any_count--;
465
466 key_freereg(so);
467 raw_usrreqs.pru_detach(so);
468 }
469
470 /*
471 * key_disconnect()
472 * derived from net/rtsock.c:key_disconnect()
473 */
474 static int
475 key_disconnect(struct socket *so)
476 {
477 return(raw_usrreqs.pru_disconnect(so));
478 }
479
480 /*
481 * key_peeraddr()
482 * derived from net/rtsock.c:rts_peeraddr()
483 */
484 static int
485 key_peeraddr(struct socket *so, struct sockaddr **nam)
486 {
487 return(raw_usrreqs.pru_peeraddr(so, nam));
488 }
489
490 /*
491 * key_send()
492 * derived from net/rtsock.c:rts_send()
493 */
494 static int
495 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
496 struct mbuf *control, struct thread *td)
497 {
498 return(raw_usrreqs.pru_send(so, flags, m, nam, control, td));
499 }
500
501 /*
502 * key_shutdown()
503 * derived from net/rtsock.c:rts_shutdown()
504 */
505 static int
506 key_shutdown(struct socket *so)
507 {
508 return(raw_usrreqs.pru_shutdown(so));
509 }
510
511 /*
512 * key_sockaddr()
513 * derived from net/rtsock.c:rts_sockaddr()
514 */
515 static int
516 key_sockaddr(struct socket *so, struct sockaddr **nam)
517 {
518 return(raw_usrreqs.pru_sockaddr(so, nam));
519 }
520
521 struct pr_usrreqs key_usrreqs = {
522 .pru_abort = key_abort,
523 .pru_attach = key_attach,
524 .pru_bind = key_bind,
525 .pru_connect = key_connect,
526 .pru_detach = key_detach,
527 .pru_disconnect = key_disconnect,
528 .pru_peeraddr = key_peeraddr,
529 .pru_send = key_send,
530 .pru_shutdown = key_shutdown,
531 .pru_sockaddr = key_sockaddr,
532 .pru_close = key_close,
533 };
534
535 /* sysctl */
536 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
537
538 /*
539 * Definitions of protocols supported in the KEY domain.
540 */
541
542 extern struct domain keydomain;
543
544 struct protosw keysw[] = {
545 {
546 .pr_type = SOCK_RAW,
547 .pr_domain = &keydomain,
548 .pr_protocol = PF_KEY_V2,
549 .pr_flags = PR_ATOMIC|PR_ADDR,
550 .pr_output = key_output,
551 .pr_ctlinput = raw_ctlinput,
552 .pr_init = raw_init,
553 .pr_usrreqs = &key_usrreqs
554 }
555 };
556
557 static void
558 key_init0(void)
559 {
560 bzero((caddr_t)&key_cb, sizeof(key_cb));
561 key_init();
562 }
563
564 struct domain keydomain = {
565 .dom_family = PF_KEY,
566 .dom_name = "key",
567 .dom_init = key_init0,
568 .dom_protosw = keysw,
569 .dom_protoswNPROTOSW = &keysw[sizeof(keysw)/sizeof(keysw[0])]
570 };
571
572 DOMAIN_SET(key);
Cache object: 29e176e12f957d103029a56913932dbb
|