The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netipsec/keysock.c

Version: -  FREEBSD  -  FREEBSD11  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $FreeBSD: releng/9.2/sys/netipsec/keysock.c 252693 2013-07-04 08:59:34Z ae $    */
    2 /*      $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $        */
    3 
    4 /*-
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 #include "opt_ipsec.h"
   34 
   35 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
   36 
   37 #include <sys/types.h>
   38 #include <sys/param.h>
   39 #include <sys/domain.h>
   40 #include <sys/errno.h>
   41 #include <sys/kernel.h>
   42 #include <sys/lock.h>
   43 #include <sys/malloc.h>
   44 #include <sys/mbuf.h>
   45 #include <sys/mutex.h>
   46 #include <sys/priv.h>
   47 #include <sys/protosw.h>
   48 #include <sys/signalvar.h>
   49 #include <sys/socket.h>
   50 #include <sys/socketvar.h>
   51 #include <sys/sysctl.h>
   52 #include <sys/systm.h>
   53 
   54 #include <net/if.h>
   55 #include <net/raw_cb.h>
   56 #include <net/route.h>
   57 #include <net/vnet.h>
   58 
   59 #include <netinet/in.h>
   60 
   61 #include <net/pfkeyv2.h>
   62 #include <netipsec/key.h>
   63 #include <netipsec/keysock.h>
   64 #include <netipsec/key_debug.h>
   65 #include <netipsec/ipsec.h>
   66 
   67 #include <machine/stdarg.h>
   68 
   69 struct key_cb {
   70         int key_count;
   71         int any_count;
   72 };
   73 static VNET_DEFINE(struct key_cb, key_cb);
   74 #define V_key_cb                VNET(key_cb)
   75 
   76 static struct sockaddr key_src = { 2, PF_KEY, };
   77 
   78 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
   79 
   80 VNET_DEFINE(struct pfkeystat, pfkeystat);
   81 
   82 /*
   83  * key_output()
   84  */
   85 int
   86 key_output(struct mbuf *m, struct socket *so)
   87 {
   88         struct sadb_msg *msg;
   89         int len, error = 0;
   90 
   91         if (m == 0)
   92                 panic("%s: NULL pointer was passed.\n", __func__);
   93 
   94         PFKEYSTAT_INC(out_total);
   95         PFKEYSTAT_ADD(out_bytes, m->m_pkthdr.len);
   96 
   97         len = m->m_pkthdr.len;
   98         if (len < sizeof(struct sadb_msg)) {
   99                 PFKEYSTAT_INC(out_tooshort);
  100                 error = EINVAL;
  101                 goto end;
  102         }
  103 
  104         if (m->m_len < sizeof(struct sadb_msg)) {
  105                 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
  106                         PFKEYSTAT_INC(out_nomem);
  107                         error = ENOBUFS;
  108                         goto end;
  109                 }
  110         }
  111 
  112         M_ASSERTPKTHDR(m);
  113 
  114         KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
  115 
  116         msg = mtod(m, struct sadb_msg *);
  117         PFKEYSTAT_INC(out_msgtype[msg->sadb_msg_type]);
  118         if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
  119                 PFKEYSTAT_INC(out_invlen);
  120                 error = EINVAL;
  121                 goto end;
  122         }
  123 
  124         error = key_parse(m, so);
  125         m = NULL;
  126 end:
  127         if (m)
  128                 m_freem(m);
  129         return error;
  130 }
  131 
  132 /*
  133  * send message to the socket.
  134  */
  135 static int
  136 key_sendup0(rp, m, promisc)
  137         struct rawcb *rp;
  138         struct mbuf *m;
  139         int promisc;
  140 {
  141         int error;
  142 
  143         if (promisc) {
  144                 struct sadb_msg *pmsg;
  145 
  146                 M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT);
  147                 if (m && m->m_len < sizeof(struct sadb_msg))
  148                         m = m_pullup(m, sizeof(struct sadb_msg));
  149                 if (!m) {
  150                         PFKEYSTAT_INC(in_nomem);
  151                         m_freem(m);
  152                         return ENOBUFS;
  153                 }
  154                 m->m_pkthdr.len += sizeof(*pmsg);
  155 
  156                 pmsg = mtod(m, struct sadb_msg *);
  157                 bzero(pmsg, sizeof(*pmsg));
  158                 pmsg->sadb_msg_version = PF_KEY_V2;
  159                 pmsg->sadb_msg_type = SADB_X_PROMISC;
  160                 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
  161                 /* pid and seq? */
  162 
  163                 PFKEYSTAT_INC(in_msgtype[pmsg->sadb_msg_type]);
  164         }
  165 
  166         if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
  167             m, NULL)) {
  168                 PFKEYSTAT_INC(in_nomem);
  169                 m_freem(m);
  170                 error = ENOBUFS;
  171         } else
  172                 error = 0;
  173         sorwakeup(rp->rcb_socket);
  174         return error;
  175 }
  176 
  177 /* XXX this interface should be obsoleted. */
  178 int
  179 key_sendup(so, msg, len, target)
  180         struct socket *so;
  181         struct sadb_msg *msg;
  182         u_int len;
  183         int target;     /*target of the resulting message*/
  184 {
  185         struct mbuf *m, *n, *mprev;
  186         int tlen;
  187 
  188         /* sanity check */
  189         if (so == 0 || msg == 0)
  190                 panic("%s: NULL pointer was passed.\n", __func__);
  191 
  192         KEYDEBUG(KEYDEBUG_KEY_DUMP,
  193                 printf("%s: \n", __func__);
  194                 kdebug_sadb(msg));
  195 
  196         /*
  197          * we increment statistics here, just in case we have ENOBUFS
  198          * in this function.
  199          */
  200         PFKEYSTAT_INC(in_total);
  201         PFKEYSTAT_ADD(in_bytes, len);
  202         PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
  203 
  204         /*
  205          * Get mbuf chain whenever possible (not clusters),
  206          * to save socket buffer.  We'll be generating many SADB_ACQUIRE
  207          * messages to listening key sockets.  If we simply allocate clusters,
  208          * sbappendaddr() will raise ENOBUFS due to too little sbspace().
  209          * sbspace() computes # of actual data bytes AND mbuf region.
  210          *
  211          * TODO: SADB_ACQUIRE filters should be implemented.
  212          */
  213         tlen = len;
  214         m = mprev = NULL;
  215         while (tlen > 0) {
  216                 if (tlen == len) {
  217                         MGETHDR(n, M_DONTWAIT, MT_DATA);
  218                         if (n == NULL) {
  219                                 PFKEYSTAT_INC(in_nomem);
  220                                 return ENOBUFS;
  221                         }
  222                         n->m_len = MHLEN;
  223                 } else {
  224                         MGET(n, M_DONTWAIT, MT_DATA);
  225                         if (n == NULL) {
  226                                 PFKEYSTAT_INC(in_nomem);
  227                                 return ENOBUFS;
  228                         }
  229                         n->m_len = MLEN;
  230                 }
  231                 if (tlen >= MCLBYTES) { /*XXX better threshold? */
  232                         MCLGET(n, M_DONTWAIT);
  233                         if ((n->m_flags & M_EXT) == 0) {
  234                                 m_free(n);
  235                                 m_freem(m);
  236                                 PFKEYSTAT_INC(in_nomem);
  237                                 return ENOBUFS;
  238                         }
  239                         n->m_len = MCLBYTES;
  240                 }
  241 
  242                 if (tlen < n->m_len)
  243                         n->m_len = tlen;
  244                 n->m_next = NULL;
  245                 if (m == NULL)
  246                         m = mprev = n;
  247                 else {
  248                         mprev->m_next = n;
  249                         mprev = n;
  250                 }
  251                 tlen -= n->m_len;
  252                 n = NULL;
  253         }
  254         m->m_pkthdr.len = len;
  255         m->m_pkthdr.rcvif = NULL;
  256         m_copyback(m, 0, len, (caddr_t)msg);
  257 
  258         /* avoid duplicated statistics */
  259         PFKEYSTAT_ADD(in_total, -1);
  260         PFKEYSTAT_ADD(in_bytes, -len);
  261         PFKEYSTAT_ADD(in_msgtype[msg->sadb_msg_type], -1);
  262 
  263         return key_sendup_mbuf(so, m, target);
  264 }
  265 
  266 /* so can be NULL if target != KEY_SENDUP_ONE */
  267 int
  268 key_sendup_mbuf(so, m, target)
  269         struct socket *so;
  270         struct mbuf *m;
  271         int target;
  272 {
  273         struct mbuf *n;
  274         struct keycb *kp;
  275         int sendup;
  276         struct rawcb *rp;
  277         int error = 0;
  278 
  279         if (m == NULL)
  280                 panic("key_sendup_mbuf: NULL pointer was passed.\n");
  281         if (so == NULL && target == KEY_SENDUP_ONE)
  282                 panic("%s: NULL pointer was passed.\n", __func__);
  283 
  284         PFKEYSTAT_INC(in_total);
  285         PFKEYSTAT_ADD(in_bytes, m->m_pkthdr.len);
  286         if (m->m_len < sizeof(struct sadb_msg)) {
  287                 m = m_pullup(m, sizeof(struct sadb_msg));
  288                 if (m == NULL) {
  289                         PFKEYSTAT_INC(in_nomem);
  290                         return ENOBUFS;
  291                 }
  292         }
  293         if (m->m_len >= sizeof(struct sadb_msg)) {
  294                 struct sadb_msg *msg;
  295                 msg = mtod(m, struct sadb_msg *);
  296                 PFKEYSTAT_INC(in_msgtype[msg->sadb_msg_type]);
  297         }
  298         mtx_lock(&rawcb_mtx);
  299         LIST_FOREACH(rp, &V_rawcb_list, list)
  300         {
  301                 if (rp->rcb_proto.sp_family != PF_KEY)
  302                         continue;
  303                 if (rp->rcb_proto.sp_protocol
  304                  && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
  305                         continue;
  306                 }
  307 
  308                 kp = (struct keycb *)rp;
  309 
  310                 /*
  311                  * If you are in promiscuous mode, and when you get broadcasted
  312                  * reply, you'll get two PF_KEY messages.
  313                  * (based on pf_key@inner.net message on 14 Oct 1998)
  314                  */
  315                 if (((struct keycb *)rp)->kp_promisc) {
  316                         if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
  317                                 (void)key_sendup0(rp, n, 1);
  318                                 n = NULL;
  319                         }
  320                 }
  321 
  322                 /* the exact target will be processed later */
  323                 if (so && sotorawcb(so) == rp)
  324                         continue;
  325 
  326                 sendup = 0;
  327                 switch (target) {
  328                 case KEY_SENDUP_ONE:
  329                         /* the statement has no effect */
  330                         if (so && sotorawcb(so) == rp)
  331                                 sendup++;
  332                         break;
  333                 case KEY_SENDUP_ALL:
  334                         sendup++;
  335                         break;
  336                 case KEY_SENDUP_REGISTERED:
  337                         if (kp->kp_registered)
  338                                 sendup++;
  339                         break;
  340                 }
  341                 PFKEYSTAT_INC(in_msgtarget[target]);
  342 
  343                 if (!sendup)
  344                         continue;
  345 
  346                 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
  347                         m_freem(m);
  348                         PFKEYSTAT_INC(in_nomem);
  349                         mtx_unlock(&rawcb_mtx);
  350                         return ENOBUFS;
  351                 }
  352 
  353                 if ((error = key_sendup0(rp, n, 0)) != 0) {
  354                         m_freem(m);
  355                         mtx_unlock(&rawcb_mtx);
  356                         return error;
  357                 }
  358 
  359                 n = NULL;
  360         }
  361 
  362         if (so) {
  363                 error = key_sendup0(sotorawcb(so), m, 0);
  364                 m = NULL;
  365         } else {
  366                 error = 0;
  367                 m_freem(m);
  368         }
  369         mtx_unlock(&rawcb_mtx);
  370         return error;
  371 }
  372 
  373 /*
  374  * key_abort()
  375  * derived from net/rtsock.c:rts_abort()
  376  */
  377 static void
  378 key_abort(struct socket *so)
  379 {
  380         raw_usrreqs.pru_abort(so);
  381 }
  382 
  383 /*
  384  * key_attach()
  385  * derived from net/rtsock.c:rts_attach()
  386  */
  387 static int
  388 key_attach(struct socket *so, int proto, struct thread *td)
  389 {
  390         struct keycb *kp;
  391         int error;
  392 
  393         KASSERT(so->so_pcb == NULL, ("key_attach: so_pcb != NULL"));
  394 
  395         if (td != NULL) {
  396                 error = priv_check(td, PRIV_NET_RAW);
  397                 if (error)
  398                         return error;
  399         }
  400 
  401         /* XXX */
  402         kp = malloc(sizeof *kp, M_PCB, M_WAITOK | M_ZERO); 
  403         if (kp == 0)
  404                 return ENOBUFS;
  405 
  406         so->so_pcb = (caddr_t)kp;
  407         error = raw_attach(so, proto);
  408         kp = (struct keycb *)sotorawcb(so);
  409         if (error) {
  410                 free(kp, M_PCB);
  411                 so->so_pcb = (caddr_t) 0;
  412                 return error;
  413         }
  414 
  415         kp->kp_promisc = kp->kp_registered = 0;
  416 
  417         if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
  418                 V_key_cb.key_count++;
  419         V_key_cb.any_count++;
  420         soisconnected(so);
  421         so->so_options |= SO_USELOOPBACK;
  422 
  423         return 0;
  424 }
  425 
  426 /*
  427  * key_bind()
  428  * derived from net/rtsock.c:rts_bind()
  429  */
  430 static int
  431 key_bind(struct socket *so, struct sockaddr *nam, struct thread *td)
  432 {
  433   return EINVAL;
  434 }
  435 
  436 /*
  437  * key_close()
  438  * derived from net/rtsock.c:rts_close().
  439  */
  440 static void
  441 key_close(struct socket *so)
  442 {
  443 
  444         raw_usrreqs.pru_close(so);
  445 }
  446 
  447 /*
  448  * key_connect()
  449  * derived from net/rtsock.c:rts_connect()
  450  */
  451 static int
  452 key_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
  453 {
  454         return EINVAL;
  455 }
  456 
  457 /*
  458  * key_detach()
  459  * derived from net/rtsock.c:rts_detach()
  460  */
  461 static void
  462 key_detach(struct socket *so)
  463 {
  464         struct keycb *kp = (struct keycb *)sotorawcb(so);
  465 
  466         KASSERT(kp != NULL, ("key_detach: kp == NULL"));
  467         if (kp->kp_raw.rcb_proto.sp_protocol
  468             == PF_KEY) /* XXX: AF_KEY */
  469                 V_key_cb.key_count--;
  470         V_key_cb.any_count--;
  471 
  472         key_freereg(so);
  473         raw_usrreqs.pru_detach(so);
  474 }
  475 
  476 /*
  477  * key_disconnect()
  478  * derived from net/rtsock.c:key_disconnect()
  479  */
  480 static int
  481 key_disconnect(struct socket *so)
  482 {
  483         return(raw_usrreqs.pru_disconnect(so));
  484 }
  485 
  486 /*
  487  * key_peeraddr()
  488  * derived from net/rtsock.c:rts_peeraddr()
  489  */
  490 static int
  491 key_peeraddr(struct socket *so, struct sockaddr **nam)
  492 {
  493         return(raw_usrreqs.pru_peeraddr(so, nam));
  494 }
  495 
  496 /*
  497  * key_send()
  498  * derived from net/rtsock.c:rts_send()
  499  */
  500 static int
  501 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
  502          struct mbuf *control, struct thread *td)
  503 {
  504         return(raw_usrreqs.pru_send(so, flags, m, nam, control, td));
  505 }
  506 
  507 /*
  508  * key_shutdown()
  509  * derived from net/rtsock.c:rts_shutdown()
  510  */
  511 static int
  512 key_shutdown(struct socket *so)
  513 {
  514         return(raw_usrreqs.pru_shutdown(so));
  515 }
  516 
  517 /*
  518  * key_sockaddr()
  519  * derived from net/rtsock.c:rts_sockaddr()
  520  */
  521 static int
  522 key_sockaddr(struct socket *so, struct sockaddr **nam)
  523 {
  524         return(raw_usrreqs.pru_sockaddr(so, nam));
  525 }
  526 
  527 struct pr_usrreqs key_usrreqs = {
  528         .pru_abort =            key_abort,
  529         .pru_attach =           key_attach,
  530         .pru_bind =             key_bind,
  531         .pru_connect =          key_connect,
  532         .pru_detach =           key_detach,
  533         .pru_disconnect =       key_disconnect,
  534         .pru_peeraddr =         key_peeraddr,
  535         .pru_send =             key_send,
  536         .pru_shutdown =         key_shutdown,
  537         .pru_sockaddr =         key_sockaddr,
  538         .pru_close =            key_close,
  539 };
  540 
  541 /* sysctl */
  542 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
  543 
  544 /*
  545  * Definitions of protocols supported in the KEY domain.
  546  */
  547 
  548 extern struct domain keydomain;
  549 
  550 struct protosw keysw[] = {
  551 {
  552         .pr_type =              SOCK_RAW,
  553         .pr_domain =            &keydomain,
  554         .pr_protocol =          PF_KEY_V2,
  555         .pr_flags =             PR_ATOMIC|PR_ADDR,
  556         .pr_output =            key_output,
  557         .pr_ctlinput =          raw_ctlinput,
  558         .pr_init =              raw_init,
  559         .pr_usrreqs =           &key_usrreqs
  560 }
  561 };
  562 
  563 static void
  564 key_init0(void)
  565 {
  566 
  567         bzero((caddr_t)&V_key_cb, sizeof(V_key_cb));
  568         key_init();
  569 }
  570 
  571 struct domain keydomain = {
  572         .dom_family =           PF_KEY,
  573         .dom_name =             "key",
  574         .dom_init =             key_init0,
  575 #ifdef VIMAGE
  576         .dom_destroy =          key_destroy,
  577 #endif
  578         .dom_protosw =          keysw,
  579         .dom_protoswNPROTOSW =  &keysw[sizeof(keysw)/sizeof(keysw[0])]
  580 };
  581 
  582 VNET_DOMAIN_SET(key);

Cache object: 0f1fd7c1be6cab4ff06e9844354a6d13


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.