The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $   */
    2 
    3 /*-
    4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  * 3. Neither the name of the project nor the names of its contributors
   16  *    may be used to endorse or promote products derived from this software
   17  *    without specific prior written permission.
   18  *
   19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   29  * SUCH DAMAGE.
   30  */
   31 
   32 #include <sys/cdefs.h>
   33 __FBSDID("$FreeBSD: releng/5.4/sys/netkey/key.c 141760 2005-02-12 19:42:55Z rwatson $");
   34 
   35 /*
   36  * This code is referd to RFC 2367
   37  */
   38 
   39 #include "opt_inet.h"
   40 #include "opt_inet6.h"
   41 #include "opt_ipsec.h"
   42 
   43 #include <sys/types.h>
   44 #include <sys/param.h>
   45 #include <sys/systm.h>
   46 #include <sys/kernel.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/socket.h>
   52 #include <sys/socketvar.h>
   53 #include <sys/sysctl.h>
   54 #include <sys/errno.h>
   55 #include <sys/proc.h>
   56 #include <sys/queue.h>
   57 #include <sys/syslog.h>
   58 
   59 #include <net/if.h>
   60 #include <net/route.h>
   61 #include <net/raw_cb.h>
   62 
   63 #include <netinet/in.h>
   64 #include <netinet/in_systm.h>
   65 #include <netinet/ip.h>
   66 #include <netinet/in_var.h>
   67 
   68 #ifdef INET6
   69 #include <netinet/ip6.h>
   70 #include <netinet6/in6_var.h>
   71 #include <netinet6/ip6_var.h>
   72 #endif /* INET6 */
   73 
   74 #ifdef INET
   75 #include <netinet/in_pcb.h>
   76 #endif
   77 #ifdef INET6
   78 #include <netinet6/in6_pcb.h>
   79 #endif /* INET6 */
   80 
   81 #include <net/pfkeyv2.h>
   82 #include <netkey/keydb.h>
   83 #include <netkey/key.h>
   84 #include <netkey/keysock.h>
   85 #include <netkey/key_debug.h>
   86 
   87 #include <netinet6/ipsec.h>
   88 #ifdef INET6
   89 #include <netinet6/ipsec6.h>
   90 #endif
   91 #include <netinet6/ah.h>
   92 #ifdef INET6
   93 #include <netinet6/ah6.h>
   94 #endif
   95 #ifdef IPSEC_ESP
   96 #include <netinet6/esp.h>
   97 #ifdef INET6
   98 #include <netinet6/esp6.h>
   99 #endif
  100 #endif
  101 #include <netinet6/ipcomp.h>
  102 #ifdef INET6
  103 #include <netinet6/ipcomp6.h>
  104 #endif
  105 
  106 #include <machine/stdarg.h>
  107 
  108 /* randomness */
  109 #include <sys/random.h>
  110 
  111 #include <net/net_osdep.h>
  112 
  113 #ifndef satosin
  114 #define satosin(s) ((struct sockaddr_in *)s)
  115 #endif
  116 
  117 #define FULLMASK        0xff
  118 
  119 /*
  120  * Note on SA reference counting:
  121  * - SAs that are not in DEAD state will have (total external reference + 1)
  122  *   following value in reference count field.  they cannot be freed and are
  123  *   referenced from SA header.
  124  * - SAs that are in DEAD state will have (total external reference)
  125  *   in reference count field.  they are ready to be freed.  reference from
  126  *   SA header will be removed in keydb_delsecasvar(), when the reference count
  127  *   field hits 0 (= no external reference other than from SA header.
  128  */
  129 
  130 u_int32_t key_debug_level = 0;
  131 static u_int key_spi_trycnt = 1000;
  132 static u_int32_t key_spi_minval = 0x100;
  133 static u_int32_t key_spi_maxval = 0x0fffffff;   /* XXX */
  134 static u_int key_larval_lifetime = 30;  /* interval to expire acquiring, 30(s)*/
  135 static int key_blockacq_count = 10;     /* counter for blocking SADB_ACQUIRE.*/
  136 static int key_blockacq_lifetime = 20;  /* lifetime for blocking SADB_ACQUIRE.*/
  137 static int key_preferred_oldsa = 1;     /* preferred old sa rather than new sa.*/
  138 
  139 static u_int32_t acq_seq = 0;
  140 
  141 struct _satailq satailq;                /* list of all SAD entry */
  142 struct _sptailq sptailq;                /* SPD table + pcb */
  143 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX];     /* SPD table */
  144 static LIST_HEAD(_sahtree, secashead) sahtree;                  /* SAD */
  145 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
  146                                                         /* registed list */
  147 
  148 #define SPIHASHSIZE     128
  149 #define SPIHASH(x)      (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
  150 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
  151 
  152 #ifndef IPSEC_NONBLOCK_ACQUIRE
  153 static LIST_HEAD(_acqtree, secacq) acqtree;             /* acquiring list */
  154 #endif
  155 static LIST_HEAD(_spacqtree, secspacq) spacqtree;       /* SP acquiring list */
  156 
  157 struct key_cb key_cb;
  158 
  159 /* search order for SAs */
  160 static const u_int saorder_state_valid_prefer_old[] = {
  161         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  162 };
  163 static const u_int saorder_state_valid_prefer_new[] = {
  164         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  165 };
  166 static const u_int saorder_state_alive[] = {
  167         /* except DEAD */
  168         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  169 };
  170 static const u_int saorder_state_any[] = {
  171         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  172         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  173 };
  174 
  175 static const int minsize[] = {
  176         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  177         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  178         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  179         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  180         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  181         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  182         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  183         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  184         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  185         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  186         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  187         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  188         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  189         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  190         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  191         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  192         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  193         0,                              /* SADB_X_EXT_KMPRIVATE */
  194         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  195         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  196 };
  197 static const int maxsize[] = {
  198         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  199         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  200         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  201         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  202         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  203         0,                              /* SADB_EXT_ADDRESS_SRC */
  204         0,                              /* SADB_EXT_ADDRESS_DST */
  205         0,                              /* SADB_EXT_ADDRESS_PROXY */
  206         0,                              /* SADB_EXT_KEY_AUTH */
  207         0,                              /* SADB_EXT_KEY_ENCRYPT */
  208         0,                              /* SADB_EXT_IDENTITY_SRC */
  209         0,                              /* SADB_EXT_IDENTITY_DST */
  210         0,                              /* SADB_EXT_SENSITIVITY */
  211         0,                              /* SADB_EXT_PROPOSAL */
  212         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  213         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  214         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  215         0,                              /* SADB_X_EXT_KMPRIVATE */
  216         0,                              /* SADB_X_EXT_POLICY */
  217         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  218 };
  219 
  220 static int ipsec_esp_keymin = 256;
  221 #ifdef IPSEC_ESP
  222 static int ipsec_esp_auth = 0;
  223 #endif
  224 static int ipsec_ah_keymin = 128;
  225 
  226 SYSCTL_DECL(_net_key);
  227 
  228 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,        debug,  CTLFLAG_RW, \
  229         &key_debug_level,       0,      "");
  230 
  231 /* max count of trial for the decision of spi value */
  232 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY,            spi_trycnt,     CTLFLAG_RW, \
  233         &key_spi_trycnt,        0,      "");
  234 
  235 /* minimum spi value to allocate automatically. */
  236 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE,      spi_minval,     CTLFLAG_RW, \
  237         &key_spi_minval,        0,      "");
  238 
  239 /* maximun spi value to allocate automatically. */
  240 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE,      spi_maxval,     CTLFLAG_RW, \
  241         &key_spi_maxval,        0,      "");
  242 
  243 /* lifetime for larval SA */
  244 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME,    larval_lifetime, CTLFLAG_RW, \
  245         &key_larval_lifetime,   0,      "");
  246 
  247 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  248 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT,     blockacq_count, CTLFLAG_RW, \
  249         &key_blockacq_count,    0,      "");
  250 
  251 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  252 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME,  blockacq_lifetime, CTLFLAG_RW, \
  253         &key_blockacq_lifetime, 0,      "");
  254 
  255 #ifdef IPSEC_ESP
  256 /* ESP auth */
  257 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH,   esp_auth, CTLFLAG_RW, \
  258         &ipsec_esp_auth,        0,      "ESP auth");
  259 #endif
  260 
  261 /* minimum ESP key length */
  262 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
  263         &ipsec_esp_keymin,      0,      "");
  264 
  265 /* minimum AH key length */
  266 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN,  ah_keymin, CTLFLAG_RW, \
  267         &ipsec_ah_keymin,       0,      "");
  268 
  269 /* perfered old SA rather than new SA */
  270 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA,     preferred_oldsa, CTLFLAG_RW,\
  271         &key_preferred_oldsa,   0,      "");
  272 
  273 #define __LIST_CHAINED(elm) \
  274         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  275 #define LIST_INSERT_TAIL(head, elm, type, field) \
  276 do {\
  277         struct type *curelm = LIST_FIRST(head); \
  278         if (curelm == NULL) {\
  279                 LIST_INSERT_HEAD(head, elm, field); \
  280         } else { \
  281                 while (LIST_NEXT(curelm, field)) \
  282                         curelm = LIST_NEXT(curelm, field);\
  283                 LIST_INSERT_AFTER(curelm, elm, field);\
  284         }\
  285 } while (/*CONSTCOND*/ 0)
  286 
  287 #define KEY_CHKSASTATE(head, sav, name) \
  288 do { \
  289         if ((head) != (sav)) {                                          \
  290                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
  291                         (name), (head), (sav)));                        \
  292                 continue;                                               \
  293         }                                                               \
  294 } while (/*CONSTCOND*/ 0)
  295 
  296 #define KEY_CHKSPDIR(head, sp, name) \
  297 do { \
  298         if ((head) != (sp)) {                                           \
  299                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
  300                         "anyway continue.\n",                           \
  301                         (name), (head), (sp)));                         \
  302         }                                                               \
  303 } while (/*CONSTCOND*/ 0)
  304 
  305 #if 1
  306 #define KMALLOC(p, t, n)                                                     \
  307         ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
  308 #define KFREE(p)                                                             \
  309         free((caddr_t)(p), M_SECA)
  310 #else
  311 #define KMALLOC(p, t, n) \
  312 do { \
  313         ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT));             \
  314         printf("%s %d: %p <- KMALLOC(%s, %d)\n",                             \
  315                 __FILE__, __LINE__, (p), #t, n);                             \
  316 } while (/*CONSTCOND*/ 0)
  317 
  318 #define KFREE(p)                                                             \
  319         do {                                                                 \
  320                 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p));   \
  321                 free((caddr_t)(p), M_SECA);                                  \
  322         } while (/*CONSTCOND*/ 0)
  323 #endif
  324 
  325 /*
  326  * set parameters into secpolicyindex buffer.
  327  * Must allocate secpolicyindex buffer passed to this function.
  328  */
  329 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
  330 do { \
  331         bzero((idx), sizeof(struct secpolicyindex));                             \
  332         (idx)->prefs = (ps);                                                 \
  333         (idx)->prefd = (pd);                                                 \
  334         (idx)->ul_proto = (ulp);                                             \
  335         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  336         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  337 } while (/*CONSTCOND*/ 0)
  338 
  339 /*
  340  * set parameters into secasindex buffer.
  341  * Must allocate secasindex buffer before calling this function.
  342  */
  343 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  344 do { \
  345         bzero((idx), sizeof(struct secasindex));                             \
  346         (idx)->proto = (p);                                                  \
  347         (idx)->mode = (m);                                                   \
  348         (idx)->reqid = (r);                                                  \
  349         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  350         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  351 } while (/*CONSTCOND*/ 0)
  352 
  353 /* key statistics */
  354 struct _keystat {
  355         u_long getspi_count; /* the avarage of count to try to get new SPI */
  356 } keystat;
  357 
  358 struct sadb_msghdr {
  359         struct sadb_msg *msg;
  360         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  361         int extoff[SADB_EXT_MAX + 1];
  362         int extlen[SADB_EXT_MAX + 1];
  363 };
  364 
  365 static struct secasvar *key_allocsa_policy(struct secasindex *);
  366 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
  367 static void key_delsav(struct secasvar *);
  368 static void key_delsp(struct secpolicy *);
  369 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
  370 static struct secpolicy *key_getspbyid(u_int32_t);
  371 static u_int32_t key_newreqid(void);
  372 static struct mbuf *key_gather_mbuf(struct mbuf *,
  373         const struct sadb_msghdr *, int, int, ...);
  374 static int key_spdadd(struct socket *, struct mbuf *,
  375         const struct sadb_msghdr *);
  376 static int key_spddelete(struct socket *, struct mbuf *,
  377         const struct sadb_msghdr *);
  378 static int key_spddelete2(struct socket *, struct mbuf *,
  379         const struct sadb_msghdr *);
  380 static int key_spdget(struct socket *, struct mbuf *,
  381         const struct sadb_msghdr *);
  382 static int key_spdflush(struct socket *, struct mbuf *,
  383         const struct sadb_msghdr *);
  384 static int key_spddump(struct socket *, struct mbuf *,
  385         const struct sadb_msghdr *);
  386 static struct mbuf *key_setdumpsp(struct secpolicy *,
  387         u_int8_t, u_int32_t, u_int32_t);
  388 static u_int key_getspreqmsglen(struct secpolicy *);
  389 static int key_spdexpire(struct secpolicy *);
  390 static struct secashead *key_newsah(struct secasindex *);
  391 static void key_delsah(struct secashead *);
  392 static struct secasvar *key_newsav(struct mbuf *,
  393         const struct sadb_msghdr *, struct secashead *, int *);
  394 static struct secashead *key_getsah(struct secasindex *);
  395 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
  396 static void key_setspi(struct secasvar *, u_int32_t);
  397 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
  398 static int key_setsaval(struct secasvar *, struct mbuf *,
  399         const struct sadb_msghdr *);
  400 static int key_mature(struct secasvar *);
  401 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
  402         u_int8_t, u_int32_t, u_int32_t);
  403 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
  404         u_int32_t, pid_t, u_int16_t);
  405 static struct mbuf *key_setsadbsa(struct secasvar *);
  406 static struct mbuf *key_setsadbaddr(u_int16_t,
  407         struct sockaddr *, u_int8_t, u_int16_t);
  408 #if 0
  409 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
  410         int, u_int64_t);
  411 #endif
  412 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
  413 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
  414         u_int64_t, u_int64_t, u_int64_t);
  415 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
  416         u_int32_t);
  417 static void *key_newbuf(const void *, u_int);
  418 static int key_ismyaddr(struct sockaddr *);
  419 #ifdef INET6
  420 static int key_ismyaddr6(struct sockaddr_in6 *);
  421 #endif
  422 
  423 /* flags for key_cmpsaidx() */
  424 #define CMP_HEAD        1       /* protocol, addresses. */
  425 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  426 #define CMP_REQID       3       /* additionally HEAD, reqid. not used */
  427 #define CMP_EXACTLY     4       /* all elements. */
  428 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
  429 
  430 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
  431 static int key_bbcmp(caddr_t, caddr_t, u_int);
  432 static u_long key_random(void);
  433 static u_int16_t key_satype2proto(u_int8_t);
  434 static u_int8_t key_proto2satype(u_int16_t);
  435 
  436 static int key_getspi(struct socket *, struct mbuf *,
  437         const struct sadb_msghdr *);
  438 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
  439                                         struct secasindex *);
  440 static int key_update(struct socket *, struct mbuf *,
  441         const struct sadb_msghdr *);
  442 #ifdef IPSEC_DOSEQCHECK
  443 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
  444 #endif
  445 static int key_add(struct socket *, struct mbuf *,
  446         const struct sadb_msghdr *);
  447 static int key_setident(struct secashead *, struct mbuf *,
  448         const struct sadb_msghdr *);
  449 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
  450         const struct sadb_msghdr *);
  451 static int key_delete(struct socket *, struct mbuf *,
  452         const struct sadb_msghdr *);
  453 static int key_get(struct socket *, struct mbuf *,
  454         const struct sadb_msghdr *);
  455 
  456 static void key_getcomb_setlifetime(struct sadb_comb *);
  457 #ifdef IPSEC_ESP
  458 static struct mbuf *key_getcomb_esp(void);
  459 #endif
  460 static struct mbuf *key_getcomb_ah(void);
  461 static struct mbuf *key_getcomb_ipcomp(void);
  462 static struct mbuf *key_getprop(const struct secasindex *);
  463 
  464 static int key_acquire(struct secasindex *, struct secpolicy *);
  465 #ifndef IPSEC_NONBLOCK_ACQUIRE
  466 static struct secacq *key_newacq(struct secasindex *);
  467 static struct secacq *key_getacq(struct secasindex *);
  468 static struct secacq *key_getacqbyseq(u_int32_t);
  469 #endif
  470 static struct secspacq *key_newspacq(struct secpolicyindex *);
  471 static struct secspacq *key_getspacq(struct secpolicyindex *);
  472 static int key_acquire2(struct socket *, struct mbuf *,
  473         const struct sadb_msghdr *);
  474 static int key_register(struct socket *, struct mbuf *,
  475         const struct sadb_msghdr *);
  476 static int key_expire(struct secasvar *);
  477 static int key_flush(struct socket *, struct mbuf *,
  478         const struct sadb_msghdr *);
  479 static int key_dump(struct socket *, struct mbuf *,
  480         const struct sadb_msghdr *);
  481 static int key_promisc(struct socket *, struct mbuf *,
  482         const struct sadb_msghdr *);
  483 static int key_senderror(struct socket *, struct mbuf *, int);
  484 static int key_validate_ext(struct sadb_ext *, int);
  485 static int key_align(struct mbuf *, struct sadb_msghdr *);
  486 #if 0
  487 static const char *key_getfqdn(void);
  488 static const char *key_getuserfqdn(void);
  489 #endif
  490 static void key_sa_chgstate(struct secasvar *, u_int8_t);
  491 static void key_sp_dead(struct secpolicy *);
  492 static void key_sp_unlink(struct secpolicy *);
  493 static struct mbuf *key_alloc_mbuf(int);
  494 static struct callout key_timehandler_ch;
  495 
  496 /* %%% IPsec policy management */
  497 /*
  498  * allocating a SP for OUTBOUND or INBOUND packet.
  499  * Must call key_freesp() later.
  500  * OUT: NULL:   not found
  501  *      others: found and return the pointer.
  502  */
  503 struct secpolicy *
  504 key_allocsp(tag, spidx, dir)
  505         u_int16_t tag;
  506         struct secpolicyindex *spidx;
  507         u_int dir;
  508 {
  509         struct secpolicy *sp;
  510         int s;
  511 
  512         /* check direction */
  513         switch (dir) {
  514         case IPSEC_DIR_INBOUND:
  515         case IPSEC_DIR_OUTBOUND:
  516                 break;
  517         default:
  518                 panic("key_allocsp: Invalid direction is passed.");
  519         }
  520 
  521         /* get a SP entry */
  522         s = splnet();   /*called from softclock()*/
  523         if (spidx) {
  524                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  525                         printf("*** objects\n");
  526                         kdebug_secpolicyindex(spidx));
  527         }
  528 
  529         LIST_FOREACH(sp, &sptree[dir], chain) {
  530                 if (sp->state == IPSEC_SPSTATE_DEAD)
  531                         continue;
  532                 if (sp->spidx) {
  533                         if (!spidx)
  534                                 continue;
  535 
  536                         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  537                                 printf("*** in SPD\n");
  538                                 kdebug_secpolicyindex(sp->spidx));
  539 
  540                         if (key_cmpspidx_withmask(sp->spidx, spidx))
  541                                 goto found;
  542                 }
  543         }
  544 
  545         splx(s);
  546         return NULL;
  547 
  548 found:
  549         /* sanity check */
  550         KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
  551 
  552         /* found a SPD entry */
  553         sp->lastused = time_second;
  554         sp->refcnt++;
  555         splx(s);
  556         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  557                 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
  558                         sp->refcnt, sp));
  559 
  560         return sp;
  561 }
  562 
  563 /*
  564  * return a policy that matches this particular inbound packet.
  565  * XXX slow
  566  */
  567 struct secpolicy *
  568 key_gettunnel(osrc, odst, isrc, idst)
  569         struct sockaddr *osrc, *odst, *isrc, *idst;
  570 {
  571         struct secpolicy *sp;
  572         const int dir = IPSEC_DIR_INBOUND;
  573         int s;
  574         struct ipsecrequest *r1, *r2, *p;
  575         struct sockaddr *os, *od, *is, *id;
  576         struct secpolicyindex spidx;
  577 
  578         if (isrc->sa_family != idst->sa_family) {
  579                 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
  580                         isrc->sa_family, idst->sa_family));
  581                 return NULL;
  582         }
  583 
  584         s = splnet();   /*called from softclock()*/
  585         LIST_FOREACH(sp, &sptree[dir], chain) {
  586                 if (sp->state == IPSEC_SPSTATE_DEAD)
  587                         continue;
  588 
  589                 r1 = r2 = NULL;
  590                 for (p = sp->req; p; p = p->next) {
  591                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  592                                 continue;
  593 
  594                         r1 = r2;
  595                         r2 = p;
  596 
  597                         if (!r1) {
  598                                 if (sp->spidx) {
  599                                         /*
  600                                          * here we look at address matches
  601                                          * only
  602                                          */
  603                                         spidx = *sp->spidx;
  604                                         if (isrc->sa_len > sizeof(spidx.src) ||
  605                                             idst->sa_len > sizeof(spidx.dst))
  606                                                 continue;
  607                                         bcopy(isrc, &spidx.src, isrc->sa_len);
  608                                         bcopy(idst, &spidx.dst, idst->sa_len);
  609                                         if (!key_cmpspidx_withmask(sp->spidx,
  610                                             &spidx))
  611                                                 continue;
  612                                 } else
  613                                         ; /* can't check for tagged policy */
  614                         } else {
  615                                 is = (struct sockaddr *)&r1->saidx.src;
  616                                 id = (struct sockaddr *)&r1->saidx.dst;
  617                                 if (key_sockaddrcmp(is, isrc, 0) ||
  618                                     key_sockaddrcmp(id, idst, 0))
  619                                         continue;
  620                         }
  621 
  622                         os = (struct sockaddr *)&r2->saidx.src;
  623                         od = (struct sockaddr *)&r2->saidx.dst;
  624                         if (key_sockaddrcmp(os, osrc, 0) ||
  625                             key_sockaddrcmp(od, odst, 0))
  626                                 continue;
  627 
  628                         goto found;
  629                 }
  630         }
  631         splx(s);
  632         return NULL;
  633 
  634 found:
  635         sp->lastused = time_second;
  636         sp->refcnt++;
  637         splx(s);
  638         return sp;
  639 }
  640 
  641 /*
  642  * allocating an SA entry for an *OUTBOUND* packet.
  643  * checking each request entries in SP, and acquire an SA if need.
  644  * OUT: 0: there are valid requests.
  645  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  646  */
  647 int
  648 key_checkrequest(isr, saidx)
  649         struct ipsecrequest *isr;
  650         struct secasindex *saidx;
  651 {
  652         u_int level;
  653         int error;
  654 
  655         /* sanity check */
  656         if (isr == NULL || saidx == NULL)
  657                 panic("key_checkrequest: NULL pointer is passed.");
  658 
  659         /* check mode */
  660         switch (saidx->mode) {
  661         case IPSEC_MODE_TRANSPORT:
  662         case IPSEC_MODE_TUNNEL:
  663                 break;
  664         case IPSEC_MODE_ANY:
  665         default:
  666                 panic("key_checkrequest: Invalid policy defined.");
  667         }
  668 
  669         /* get current level */
  670         level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
  671 
  672 #if 0
  673         /*
  674          * We do allocate new SA only if the state of SA in the holder is
  675          * SADB_SASTATE_DEAD.  The SA for outbound must be the oldest.
  676          */
  677         if (isr->sav != NULL) {
  678                 if (isr->sav->sah == NULL)
  679                         panic("key_checkrequest: sah is null.");
  680                 if (isr->sav ==
  681                     LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
  682                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  683                                 printf("DP checkrequest calls free SA:%p\n",
  684                                         isr->sav));
  685                         key_freesav(isr->sav);
  686                         isr->sav = NULL;
  687                 }
  688         }
  689 #else
  690         /*
  691          * we free any SA stashed in the IPsec request because a different
  692          * SA may be involved each time this request is checked, either
  693          * because new SAs are being configured, or this request is
  694          * associated with an unconnected datagram socket, or this request
  695          * is associated with a system default policy.
  696          *
  697          * The operation may have negative impact to performance.  We may
  698          * want to check cached SA carefully, rather than picking new SA
  699          * every time.
  700          */
  701         if (isr->sav != NULL) {
  702                 key_freesav(isr->sav);
  703                 isr->sav = NULL;
  704         }
  705 #endif
  706 
  707         /*
  708          * new SA allocation if no SA found.
  709          * key_allocsa_policy should allocate the oldest SA available.
  710          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  711          */
  712         if (isr->sav == NULL)
  713                 isr->sav = key_allocsa_policy(saidx);
  714 
  715         /* When there is SA. */
  716         if (isr->sav != NULL)
  717                 return 0;
  718 
  719         /* there is no SA */
  720         if ((error = key_acquire(saidx, isr->sp)) != 0) {
  721                 /* XXX What should I do ? */
  722                 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
  723                         "from key_acquire.\n", error));
  724                 return error;
  725         }
  726 
  727         return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
  728 }
  729 
  730 /*
  731  * allocating a SA for policy entry from SAD.
  732  * NOTE: searching SAD of aliving state.
  733  * OUT: NULL:   not found.
  734  *      others: found and return the pointer.
  735  */
  736 static struct secasvar *
  737 key_allocsa_policy(saidx)
  738         struct secasindex *saidx;
  739 {
  740         struct secashead *sah;
  741         struct secasvar *sav;
  742         u_int stateidx, state;
  743         const u_int *saorder_state_valid;
  744         int arraysize;
  745 
  746         LIST_FOREACH(sah, &sahtree, chain) {
  747                 if (sah->state == SADB_SASTATE_DEAD)
  748                         continue;
  749                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
  750                         goto found;
  751         }
  752 
  753         return NULL;
  754 
  755     found:
  756 
  757         /*
  758          * search a valid state list for outbound packet.
  759          * This search order is important.
  760          */
  761         if (key_preferred_oldsa) {
  762                 saorder_state_valid = saorder_state_valid_prefer_old;
  763                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  764         } else {
  765                 saorder_state_valid = saorder_state_valid_prefer_new;
  766                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  767         }
  768 
  769         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  770 
  771                 state = saorder_state_valid[stateidx];
  772 
  773                 sav = key_do_allocsa_policy(sah, state);
  774                 if (sav != NULL)
  775                         return sav;
  776         }
  777 
  778         return NULL;
  779 }
  780 
  781 /*
  782  * searching SAD with direction, protocol, mode and state.
  783  * called by key_allocsa_policy().
  784  * OUT:
  785  *      NULL    : not found
  786  *      others  : found, pointer to a SA.
  787  */
  788 static struct secasvar *
  789 key_do_allocsa_policy(sah, state)
  790         struct secashead *sah;
  791         u_int state;
  792 {
  793         struct secasvar *sav, *nextsav, *candidate, *d;
  794 
  795         /* initilize */
  796         candidate = NULL;
  797 
  798         for (sav = LIST_FIRST(&sah->savtree[state]);
  799              sav != NULL;
  800              sav = nextsav) {
  801 
  802                 nextsav = LIST_NEXT(sav, chain);
  803 
  804                 /* sanity check */
  805                 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
  806 
  807                 /* initialize */
  808                 if (candidate == NULL) {
  809                         candidate = sav;
  810                         continue;
  811                 }
  812 
  813                 /* Which SA is the better ? */
  814 
  815                 /* sanity check 2 */
  816                 if (candidate->lft_c == NULL || sav->lft_c == NULL)
  817                         panic("key_do_allocsa_policy: "
  818                                 "lifetime_current is NULL.");
  819 
  820                 /* What the best method is to compare ? */
  821                 if (key_preferred_oldsa) {
  822                         if (candidate->lft_c->sadb_lifetime_addtime >
  823                                         sav->lft_c->sadb_lifetime_addtime) {
  824                                 candidate = sav;
  825                         }
  826                         continue;
  827                         /*NOTREACHED*/
  828                 }
  829 
  830                 /* preferred new sa rather than old sa */
  831                 if (candidate->lft_c->sadb_lifetime_addtime <
  832                                 sav->lft_c->sadb_lifetime_addtime) {
  833                         d = candidate;
  834                         candidate = sav;
  835                 } else
  836                         d = sav;
  837 
  838                 /*
  839                  * prepared to delete the SA when there is more
  840                  * suitable candidate and the lifetime of the SA is not
  841                  * permanent.
  842                  */
  843                 if (d->lft_c->sadb_lifetime_addtime != 0) {
  844                         struct mbuf *m, *result = NULL;
  845 
  846                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  847 
  848                         m = key_setsadbmsg(SADB_DELETE, 0,
  849                             key_proto2satype(d->sah->saidx.proto),
  850                             0, 0, d->refcnt - 1);
  851                         if (!m)
  852                                 goto msgfail;
  853                         result = m;
  854 
  855                         /* set sadb_address for saidx's. */
  856                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
  857                                 (struct sockaddr *)&d->sah->saidx.src,
  858                                 FULLMASK, IPSEC_ULPROTO_ANY);
  859                         if (!m)
  860                                 goto msgfail;
  861                         m_cat(result, m);
  862 
  863                         /* set sadb_address for saidx's. */
  864                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
  865                                 (struct sockaddr *)&d->sah->saidx.dst,
  866                                 FULLMASK, IPSEC_ULPROTO_ANY);
  867                         if (!m)
  868                                 goto msgfail;
  869                         m_cat(result, m);
  870 
  871                         /* create SA extension */
  872                         m = key_setsadbsa(d);
  873                         if (!m)
  874                                 goto msgfail;
  875                         m_cat(result, m);
  876 
  877                         if (result->m_len < sizeof(struct sadb_msg)) {
  878                                 result = m_pullup(result,
  879                                                 sizeof(struct sadb_msg));
  880                                 if (result == NULL)
  881                                         goto msgfail;
  882                         }
  883 
  884                         result->m_pkthdr.len = 0;
  885                         for (m = result; m; m = m->m_next)
  886                                 result->m_pkthdr.len += m->m_len;
  887                         mtod(result, struct sadb_msg *)->sadb_msg_len =
  888                                 PFKEY_UNIT64(result->m_pkthdr.len);
  889 
  890                         if (key_sendup_mbuf(NULL, result,
  891                                         KEY_SENDUP_REGISTERED))
  892                                 goto msgfail;
  893 
  894                         result = NULL;
  895 
  896                  msgfail:
  897                         if (result != NULL)
  898                                 m_freem(result);
  899                         key_freesav(d);
  900                 }
  901         }
  902 
  903         if (candidate) {
  904                 candidate->refcnt++;
  905                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  906                         printf("DP allocsa_policy cause "
  907                                 "refcnt++:%d SA:%p\n",
  908                                 candidate->refcnt, candidate));
  909         }
  910         return candidate;
  911 }
  912 
  913 /*
  914  * allocating a SA entry for a *INBOUND* packet.
  915  * Must call key_freesav() later.
  916  * OUT: positive:       pointer to a sav.
  917  *      NULL:           not found, or error occured.
  918  *
  919  * In the comparison, source address will be ignored for RFC2401 conformance.
  920  * To quote, from section 4.1:
  921  *      A security association is uniquely identified by a triple consisting
  922  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
  923  *      security protocol (AH or ESP) identifier.
  924  * Note that, however, we do need to keep source address in IPsec SA.
  925  * IKE specification and PF_KEY specification do assume that we
  926  * keep source address in IPsec SA.  We see a tricky situation here.
  927  */
  928 struct secasvar *
  929 key_allocsa(family, src, dst, proto, spi)
  930         u_int family, proto;
  931         caddr_t src, dst;
  932         u_int32_t spi;
  933 {
  934         struct secasvar *sav, *match;
  935         u_int stateidx, state, tmpidx, matchidx;
  936         struct sockaddr_in sin;
  937         struct sockaddr_in6 sin6;
  938         int s;
  939         const u_int *saorder_state_valid;
  940         int arraysize;
  941 
  942         /* sanity check */
  943         if (src == NULL || dst == NULL)
  944                 panic("key_allocsa: NULL pointer is passed.");
  945 
  946         /*
  947          * when both systems employ similar strategy to use a SA.
  948          * the search order is important even in the inbound case.
  949          */
  950         if (key_preferred_oldsa) {
  951                 saorder_state_valid = saorder_state_valid_prefer_old;
  952                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  953         } else {
  954                 saorder_state_valid = saorder_state_valid_prefer_new;
  955                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  956         }
  957 
  958         /*
  959          * searching SAD.
  960          * XXX: to be checked internal IP header somewhere.  Also when
  961          * IPsec tunnel packet is received.  But ESP tunnel mode is
  962          * encrypted so we can't check internal IP header.
  963          */
  964         s = splnet();   /*called from softclock()*/
  965         /*
  966          * search a valid state list for inbound packet.
  967          * the search order is not important.
  968          */
  969         match = NULL;
  970         matchidx = arraysize;
  971         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
  972                 if (sav->spi != spi)
  973                         continue;
  974                 if (proto != sav->sah->saidx.proto)
  975                         continue;
  976                 if (family != sav->sah->saidx.src.ss_family ||
  977                     family != sav->sah->saidx.dst.ss_family)
  978                         continue;
  979                 tmpidx = arraysize;
  980                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
  981                         state = saorder_state_valid[stateidx];
  982                         if (sav->state == state) {
  983                                 tmpidx = stateidx;
  984                                 break;
  985                         }
  986                 }
  987                 if (tmpidx >= matchidx)
  988                         continue;
  989 
  990 #if 0   /* don't check src */
  991                 /* check src address */
  992                 switch (family) {
  993                 case AF_INET:
  994                         bzero(&sin, sizeof(sin));
  995                         sin.sin_family = AF_INET;
  996                         sin.sin_len = sizeof(sin);
  997                         bcopy(src, &sin.sin_addr,
  998                             sizeof(sin.sin_addr));
  999                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1000                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1001                                 continue;
 1002 
 1003                         break;
 1004                 case AF_INET6:
 1005                         bzero(&sin6, sizeof(sin6));
 1006                         sin6.sin6_family = AF_INET6;
 1007                         sin6.sin6_len = sizeof(sin6);
 1008                         bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1009                         if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
 1010                                 /* kame fake scopeid */
 1011                                 sin6.sin6_scope_id =
 1012                                     ntohs(sin6.sin6_addr.s6_addr16[1]);
 1013                                 sin6.sin6_addr.s6_addr16[1] = 0;
 1014                         }
 1015                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1016                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1017                                 continue;
 1018                         break;
 1019                 default:
 1020                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1021                             "unknown address family=%d.\n",
 1022                             family));
 1023                         continue;
 1024                 }
 1025 
 1026 #endif
 1027                 /* check dst address */
 1028                 switch (family) {
 1029                 case AF_INET:
 1030                         bzero(&sin, sizeof(sin));
 1031                         sin.sin_family = AF_INET;
 1032                         sin.sin_len = sizeof(sin);
 1033                         bcopy(dst, &sin.sin_addr,
 1034                             sizeof(sin.sin_addr));
 1035                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1036                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1037                                 continue;
 1038 
 1039                         break;
 1040                 case AF_INET6:
 1041                         bzero(&sin6, sizeof(sin6));
 1042                         sin6.sin6_family = AF_INET6;
 1043                         sin6.sin6_len = sizeof(sin6);
 1044                         bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1045                         if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
 1046                                 /* kame fake scopeid */
 1047                                 sin6.sin6_scope_id =
 1048                                     ntohs(sin6.sin6_addr.s6_addr16[1]);
 1049                                 sin6.sin6_addr.s6_addr16[1] = 0;
 1050                         }
 1051                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1052                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1053                                 continue;
 1054                         break;
 1055                 default:
 1056                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1057                             "unknown address family=%d.\n", family));
 1058                         continue;
 1059                 }
 1060 
 1061                 match = sav;
 1062                 matchidx = tmpidx;
 1063         }
 1064 
 1065         if (match)
 1066                 goto found;
 1067 
 1068         /* not found */
 1069         splx(s);
 1070         return NULL;
 1071 
 1072 found:
 1073         match->refcnt++;
 1074         splx(s);
 1075         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1076                 printf("DP allocsa cause refcnt++:%d SA:%p\n",
 1077                         match->refcnt, match));
 1078         return match;
 1079 }
 1080 
 1081 /*
 1082  * Must be called after calling key_allocsp().
 1083  * For both the packet without socket and key_freeso().
 1084  */
 1085 void
 1086 key_freesp(sp)
 1087         struct secpolicy *sp;
 1088 {
 1089         /* sanity check */
 1090         if (sp == NULL)
 1091                 panic("key_freesp: NULL pointer is passed.");
 1092 
 1093         sp->refcnt--;
 1094         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1095                 printf("DP freesp cause refcnt--:%d SP:%p\n",
 1096                         sp->refcnt, sp));
 1097 
 1098         if (sp->refcnt == 0)
 1099                 key_delsp(sp);
 1100 
 1101         return;
 1102 }
 1103 
 1104 /*
 1105  * Must be called after calling key_allocsa().
 1106  * This function is called by key_freesp() to free some SA allocated
 1107  * for a policy.
 1108  */
 1109 void
 1110 key_freesav(sav)
 1111         struct secasvar *sav;
 1112 {
 1113         /* sanity check */
 1114         if (sav == NULL)
 1115                 panic("key_freesav: NULL pointer is passed.");
 1116 
 1117         sav->refcnt--;
 1118         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1119                 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
 1120                         sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
 1121 
 1122         if (sav->refcnt > 0)
 1123                 return;
 1124 
 1125         key_delsav(sav);
 1126 }
 1127 
 1128 static void
 1129 key_delsav(sav)
 1130         struct secasvar *sav;
 1131 {
 1132         int s;
 1133 
 1134         /* sanity check */
 1135         if (sav == NULL)
 1136                 panic("key_delsav: NULL pointer is passed.");
 1137 
 1138         if (sav->refcnt > 0)
 1139                 panic("key_delsav: called with positive refcnt");
 1140 
 1141         s = splnet();
 1142 
 1143         if (__LIST_CHAINED(sav))
 1144                 LIST_REMOVE(sav, chain);
 1145 
 1146         if (sav->spihash.le_prev || sav->spihash.le_next)
 1147                 LIST_REMOVE(sav, spihash);
 1148 
 1149         if (sav->key_auth != NULL) {
 1150                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 1151                 KFREE(sav->key_auth);
 1152                 sav->key_auth = NULL;
 1153         }
 1154         if (sav->key_enc != NULL) {
 1155                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 1156                 KFREE(sav->key_enc);
 1157                 sav->key_enc = NULL;
 1158         }
 1159         if (sav->sched) {
 1160                 bzero(sav->sched, sav->schedlen);
 1161                 KFREE(sav->sched);
 1162                 sav->sched = NULL;
 1163         }
 1164         if (sav->replay != NULL) {
 1165                 keydb_delsecreplay(sav->replay);
 1166                 sav->replay = NULL;
 1167         }
 1168         if (sav->lft_c != NULL) {
 1169                 KFREE(sav->lft_c);
 1170                 sav->lft_c = NULL;
 1171         }
 1172         if (sav->lft_h != NULL) {
 1173                 KFREE(sav->lft_h);
 1174                 sav->lft_h = NULL;
 1175         }
 1176         if (sav->lft_s != NULL) {
 1177                 KFREE(sav->lft_s);
 1178                 sav->lft_s = NULL;
 1179         }
 1180         if (sav->iv != NULL) {
 1181                 KFREE(sav->iv);
 1182                 sav->iv = NULL;
 1183         }
 1184 
 1185         keydb_delsecasvar(sav);
 1186 
 1187         splx(s);
 1188 }
 1189 
 1190 /* %%% SPD management */
 1191 /*
 1192  * free security policy entry.
 1193  */
 1194 static void
 1195 key_delsp(sp)
 1196         struct secpolicy *sp;
 1197 {
 1198         int s;
 1199 
 1200         /* sanity check */
 1201         if (sp == NULL)
 1202                 panic("key_delsp: NULL pointer is passed.");
 1203 
 1204         if (sp->refcnt > 0)
 1205                 panic("key_delsp: called with positive refcnt");
 1206 
 1207         s = splnet();   /*called from softclock()*/
 1208 
 1209     {
 1210         struct ipsecrequest *isr = sp->req, *nextisr;
 1211 
 1212         while (isr != NULL) {
 1213                 if (isr->sav != NULL) {
 1214                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1215                                 printf("DP delsp calls free SA:%p\n",
 1216                                         isr->sav));
 1217                         key_freesav(isr->sav);
 1218                         isr->sav = NULL;
 1219                 }
 1220 
 1221                 nextisr = isr->next;
 1222                 KFREE(isr);
 1223                 isr = nextisr;
 1224         }
 1225     }
 1226 
 1227         keydb_delsecpolicy(sp);
 1228 
 1229         splx(s);
 1230 
 1231         return;
 1232 }
 1233 
 1234 /*
 1235  * search SPD
 1236  * OUT: NULL    : not found
 1237  *      others  : found, pointer to a SP.
 1238  */
 1239 static struct secpolicy *
 1240 key_getsp(spidx, dir)
 1241         struct secpolicyindex *spidx;
 1242         int dir;
 1243 {
 1244         struct secpolicy *sp;
 1245 
 1246         /* sanity check */
 1247         if (spidx == NULL)
 1248                 panic("key_getsp: NULL pointer is passed.");
 1249 
 1250         LIST_FOREACH(sp, &sptree[dir], chain) {
 1251                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1252                         continue;
 1253                 if (!sp->spidx)
 1254                         continue;
 1255                 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
 1256                         sp->refcnt++;
 1257                         return sp;
 1258                 }
 1259         }
 1260 
 1261         return NULL;
 1262 }
 1263 
 1264 /*
 1265  * get SP by index.
 1266  * OUT: NULL    : not found
 1267  *      others  : found, pointer to a SP.
 1268  */
 1269 static struct secpolicy *
 1270 key_getspbyid(id)
 1271         u_int32_t id;
 1272 {
 1273         struct secpolicy *sp;
 1274 
 1275         TAILQ_FOREACH(sp, &sptailq, tailq) {
 1276                 if (sp->id == id) {
 1277                         sp->refcnt++;
 1278                         return sp;
 1279                 }
 1280         }
 1281 
 1282         return NULL;
 1283 }
 1284 
 1285 struct secpolicy *
 1286 key_newsp(id)
 1287         u_int32_t id;
 1288 {
 1289         struct secpolicy *newsp = NULL, *sp;
 1290         u_int32_t newid;
 1291 
 1292         if (id > IPSEC_MANUAL_POLICYID_MAX) {
 1293                 ipseclog((LOG_DEBUG,
 1294                     "key_newsp: policy_id=%u range "
 1295                     "violation, updated by kernel.\n", id));
 1296                 id = 0;
 1297         }
 1298 
 1299         if (id == 0) {
 1300                 if ((newid = keydb_newspid()) == 0) {
 1301                         ipseclog((LOG_DEBUG, 
 1302                             "key_newsp: new policy_id allocation failed."));
 1303                         return NULL;
 1304                 }
 1305         } else {
 1306                 sp = key_getspbyid(id);
 1307                 if (sp != NULL) {
 1308                         ipseclog((LOG_DEBUG,
 1309                             "key_newsp: policy_id(%u) has been used.\n", id));
 1310                         key_freesp(sp);
 1311                         return NULL;
 1312                 }
 1313                 newid = id;
 1314         }
 1315 
 1316         newsp = keydb_newsecpolicy();
 1317         if (!newsp)
 1318                 return newsp;
 1319 
 1320         newsp->id = newid;
 1321         newsp->refcnt = 1;
 1322         newsp->req = NULL;
 1323 
 1324         return newsp;
 1325 }
 1326 
 1327 /*
 1328  * create secpolicy structure from sadb_x_policy structure.
 1329  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1330  * so must be set properly later.
 1331  */
 1332 struct secpolicy *
 1333 key_msg2sp(xpl0, len, error)
 1334         struct sadb_x_policy *xpl0;
 1335         size_t len;
 1336         int *error;
 1337 {
 1338         struct secpolicy *newsp;
 1339 
 1340         /* sanity check */
 1341         if (xpl0 == NULL)
 1342                 panic("key_msg2sp: NULL pointer was passed.");
 1343         if (len < sizeof(*xpl0))
 1344                 panic("key_msg2sp: invalid length.");
 1345         if (len != PFKEY_EXTLEN(xpl0)) {
 1346                 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
 1347                 *error = EINVAL;
 1348                 return NULL;
 1349         }
 1350 
 1351         if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
 1352                 *error = ENOBUFS;
 1353                 return NULL;
 1354         }
 1355 
 1356         newsp->dir = xpl0->sadb_x_policy_dir;
 1357         newsp->policy = xpl0->sadb_x_policy_type;
 1358 
 1359         /* check policy */
 1360         switch (xpl0->sadb_x_policy_type) {
 1361         case IPSEC_POLICY_DISCARD:
 1362         case IPSEC_POLICY_NONE:
 1363         case IPSEC_POLICY_ENTRUST:
 1364         case IPSEC_POLICY_BYPASS:
 1365                 newsp->req = NULL;
 1366                 break;
 1367 
 1368         case IPSEC_POLICY_IPSEC:
 1369             {
 1370                 int tlen;
 1371                 struct sadb_x_ipsecrequest *xisr;
 1372                 struct ipsecrequest **p_isr = &newsp->req;
 1373 
 1374                 /* validity check */
 1375                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1376                         ipseclog((LOG_DEBUG,
 1377                             "key_msg2sp: Invalid msg length.\n"));
 1378                         key_freesp(newsp);
 1379                         *error = EINVAL;
 1380                         return NULL;
 1381                 }
 1382 
 1383                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1384                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1385 
 1386                 while (tlen > 0) {
 1387 
 1388                         /* length check */
 1389                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1390                                 ipseclog((LOG_DEBUG, "key_msg2sp: "
 1391                                         "invalid ipsecrequest length.\n"));
 1392                                 key_freesp(newsp);
 1393                                 *error = EINVAL;
 1394                                 return NULL;
 1395                         }
 1396 
 1397                         /* allocate request buffer */
 1398                         KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
 1399                         if ((*p_isr) == NULL) {
 1400                                 ipseclog((LOG_DEBUG,
 1401                                     "key_msg2sp: No more memory.\n"));
 1402                                 key_freesp(newsp);
 1403                                 *error = ENOBUFS;
 1404                                 return NULL;
 1405                         }
 1406                         bzero(*p_isr, sizeof(**p_isr));
 1407 
 1408                         /* set values */
 1409                         (*p_isr)->next = NULL;
 1410 
 1411                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1412                         case IPPROTO_ESP:
 1413                         case IPPROTO_AH:
 1414                         case IPPROTO_IPCOMP:
 1415                                 break;
 1416                         default:
 1417                                 ipseclog((LOG_DEBUG,
 1418                                     "key_msg2sp: invalid proto type=%u\n",
 1419                                     xisr->sadb_x_ipsecrequest_proto));
 1420                                 key_freesp(newsp);
 1421                                 *error = EPROTONOSUPPORT;
 1422                                 return NULL;
 1423                         }
 1424                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1425 
 1426                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1427                         case IPSEC_MODE_TRANSPORT:
 1428                         case IPSEC_MODE_TUNNEL:
 1429                                 break;
 1430                         case IPSEC_MODE_ANY:
 1431                         default:
 1432                                 ipseclog((LOG_DEBUG,
 1433                                     "key_msg2sp: invalid mode=%u\n",
 1434                                     xisr->sadb_x_ipsecrequest_mode));
 1435                                 key_freesp(newsp);
 1436                                 *error = EINVAL;
 1437                                 return NULL;
 1438                         }
 1439                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1440 
 1441                         switch (xisr->sadb_x_ipsecrequest_level) {
 1442                         case IPSEC_LEVEL_DEFAULT:
 1443                         case IPSEC_LEVEL_USE:
 1444                         case IPSEC_LEVEL_REQUIRE:
 1445                                 break;
 1446                         case IPSEC_LEVEL_UNIQUE:
 1447                                 /* validity check */
 1448                                 /*
 1449                                  * If range violation of reqid, kernel will
 1450                                  * update it, don't refuse it.
 1451                                  */
 1452                                 if (xisr->sadb_x_ipsecrequest_reqid
 1453                                                 > IPSEC_MANUAL_REQID_MAX) {
 1454                                         ipseclog((LOG_DEBUG,
 1455                                             "key_msg2sp: reqid=%u range "
 1456                                             "violation, updated by kernel.\n",
 1457                                             xisr->sadb_x_ipsecrequest_reqid));
 1458                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1459                                 }
 1460 
 1461                                 /* allocate new reqid id if reqid is zero. */
 1462                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1463                                         u_int32_t reqid;
 1464                                         if ((reqid = key_newreqid()) == 0) {
 1465                                                 key_freesp(newsp);
 1466                                                 *error = ENOBUFS;
 1467                                                 return NULL;
 1468                                         }
 1469                                         (*p_isr)->saidx.reqid = reqid;
 1470                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1471                                 } else {
 1472                                 /* set it for manual keying. */
 1473                                         (*p_isr)->saidx.reqid =
 1474                                                 xisr->sadb_x_ipsecrequest_reqid;
 1475                                 }
 1476                                 break;
 1477 
 1478                         default:
 1479                                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
 1480                                         xisr->sadb_x_ipsecrequest_level));
 1481                                 key_freesp(newsp);
 1482                                 *error = EINVAL;
 1483                                 return NULL;
 1484                         }
 1485                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1486 
 1487                         /* set IP addresses if there */
 1488                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1489                                 struct sockaddr *paddr;
 1490 
 1491                                 paddr = (struct sockaddr *)(xisr + 1);
 1492 
 1493                                 /* validity check */
 1494                                 if (paddr->sa_len
 1495                                     > sizeof((*p_isr)->saidx.src)) {
 1496                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1497                                                 "address length.\n"));
 1498                                         key_freesp(newsp);
 1499                                         *error = EINVAL;
 1500                                         return NULL;
 1501                                 }
 1502                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1503                                         paddr->sa_len);
 1504 
 1505                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1506                                                         + paddr->sa_len);
 1507 
 1508                                 /* validity check */
 1509                                 if (paddr->sa_len
 1510                                     > sizeof((*p_isr)->saidx.dst)) {
 1511                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1512                                                 "address length.\n"));
 1513                                         key_freesp(newsp);
 1514                                         *error = EINVAL;
 1515                                         return NULL;
 1516                                 }
 1517                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1518                                         paddr->sa_len);
 1519                         }
 1520 
 1521                         (*p_isr)->sav = NULL;
 1522                         (*p_isr)->sp = newsp;
 1523 
 1524                         /* initialization for the next. */
 1525                         p_isr = &(*p_isr)->next;
 1526                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1527 
 1528                         /* validity check */
 1529                         if (tlen < 0) {
 1530                                 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
 1531                                 key_freesp(newsp);
 1532                                 *error = EINVAL;
 1533                                 return NULL;
 1534                         }
 1535 
 1536                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1537                                          + xisr->sadb_x_ipsecrequest_len);
 1538                 }
 1539             }
 1540                 break;
 1541         default:
 1542                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
 1543                 key_freesp(newsp);
 1544                 *error = EINVAL;
 1545                 return NULL;
 1546         }
 1547 
 1548         *error = 0;
 1549         return newsp;
 1550 }
 1551 
 1552 static u_int32_t
 1553 key_newreqid()
 1554 {
 1555         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1556 
 1557         auto_reqid = (auto_reqid == ~0
 1558                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1559 
 1560         /* XXX should be unique check */
 1561 
 1562         return auto_reqid;
 1563 }
 1564 
 1565 /*
 1566  * copy secpolicy struct to sadb_x_policy structure indicated.
 1567  */
 1568 struct mbuf *
 1569 key_sp2msg(sp)
 1570         struct secpolicy *sp;
 1571 {
 1572         struct sadb_x_policy *xpl;
 1573         int tlen;
 1574         caddr_t p;
 1575         struct mbuf *m;
 1576 
 1577         /* sanity check. */
 1578         if (sp == NULL)
 1579                 panic("key_sp2msg: NULL pointer was passed.");
 1580 
 1581         tlen = key_getspreqmsglen(sp);
 1582 
 1583         m = key_alloc_mbuf(tlen);
 1584         if (!m || m->m_next) {  /*XXX*/
 1585                 if (m)
 1586                         m_freem(m);
 1587                 return NULL;
 1588         }
 1589 
 1590         m->m_len = tlen;
 1591         m->m_next = NULL;
 1592         xpl = mtod(m, struct sadb_x_policy *);
 1593         bzero(xpl, tlen);
 1594 
 1595         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1596         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1597         xpl->sadb_x_policy_type = sp->policy;
 1598         xpl->sadb_x_policy_dir = sp->dir;
 1599         xpl->sadb_x_policy_id = sp->id;
 1600         p = (caddr_t)xpl + sizeof(*xpl);
 1601 
 1602         /* if is the policy for ipsec ? */
 1603         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1604                 struct sadb_x_ipsecrequest *xisr;
 1605                 struct ipsecrequest *isr;
 1606 
 1607                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1608 
 1609                         xisr = (struct sadb_x_ipsecrequest *)p;
 1610 
 1611                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1612                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1613                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1614                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1615 
 1616                         p += sizeof(*xisr);
 1617                         bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
 1618                         p += isr->saidx.src.ss_len;
 1619                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
 1620                         p += isr->saidx.src.ss_len;
 1621 
 1622                         xisr->sadb_x_ipsecrequest_len =
 1623                             PFKEY_ALIGN8(sizeof(*xisr) +
 1624                             isr->saidx.src.ss_len + isr->saidx.dst.ss_len);
 1625                 }
 1626         }
 1627 
 1628         return m;
 1629 }
 1630 
 1631 /* m will not be freed nor modified */
 1632 static struct mbuf *
 1633 #ifdef __STDC__
 1634 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1635         int ndeep, int nitem, ...)
 1636 #else
 1637 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
 1638         struct mbuf *m;
 1639         const struct sadb_msghdr *mhp;
 1640         int ndeep;
 1641         int nitem;
 1642         va_dcl
 1643 #endif
 1644 {
 1645         va_list ap;
 1646         int idx;
 1647         int i;
 1648         struct mbuf *result = NULL, *n;
 1649         int len;
 1650 
 1651         if (m == NULL || mhp == NULL)
 1652                 panic("null pointer passed to key_gather");
 1653 
 1654         va_start(ap, nitem);
 1655         for (i = 0; i < nitem; i++) {
 1656                 idx = va_arg(ap, int);
 1657                 if (idx < 0 || idx > SADB_EXT_MAX)
 1658                         goto fail;
 1659                 /* don't attempt to pull empty extension */
 1660                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1661                         continue;
 1662                 if (idx != SADB_EXT_RESERVED  &&
 1663                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1664                         continue;
 1665 
 1666                 if (idx == SADB_EXT_RESERVED) {
 1667                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1668 #ifdef DIAGNOSTIC
 1669                         if (len > MHLEN)
 1670                                 panic("assumption failed");
 1671 #endif
 1672                         MGETHDR(n, M_DONTWAIT, MT_DATA);
 1673                         if (!n)
 1674                                 goto fail;
 1675                         n->m_len = len;
 1676                         n->m_next = NULL;
 1677                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1678                             mtod(n, caddr_t));
 1679                 } else if (i < ndeep) {
 1680                         len = mhp->extlen[idx];
 1681                         n = key_alloc_mbuf(len);
 1682                         if (!n || n->m_next) {  /*XXX*/
 1683                                 if (n)
 1684                                         m_freem(n);
 1685                                 goto fail;
 1686                         }
 1687                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1688                             mtod(n, caddr_t));
 1689                 } else {
 1690                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1691                             M_DONTWAIT);
 1692                 }
 1693                 if (n == NULL)
 1694                         goto fail;
 1695 
 1696                 if (result)
 1697                         m_cat(result, n);
 1698                 else
 1699                         result = n;
 1700         }
 1701         va_end(ap);
 1702 
 1703         if ((result->m_flags & M_PKTHDR) != 0) {
 1704                 result->m_pkthdr.len = 0;
 1705                 for (n = result; n; n = n->m_next)
 1706                         result->m_pkthdr.len += n->m_len;
 1707         }
 1708 
 1709         return result;
 1710 
 1711 fail:
 1712         va_end(ap);
 1713         m_freem(result);
 1714         return NULL;
 1715 }
 1716 
 1717 /*
 1718  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1719  * add an entry to SP database, when received
 1720  *   <base, address(SD), (lifetime(H),) policy>
 1721  * from the user(?).
 1722  * Adding to SP database,
 1723  * and send
 1724  *   <base, address(SD), (lifetime(H),) policy>
 1725  * to the socket which was send.
 1726  *
 1727  * SPDADD set a unique policy entry.
 1728  * SPDSETIDX like SPDADD without a part of policy requests.
 1729  * SPDUPDATE replace a unique policy entry.
 1730  *
 1731  * m will always be freed.
 1732  */
 1733 static int
 1734 key_spdadd(so, m, mhp)
 1735         struct socket *so;
 1736         struct mbuf *m;
 1737         const struct sadb_msghdr *mhp;
 1738 {
 1739         struct sadb_address *src0 = NULL, *dst0 = NULL;
 1740         struct sadb_x_policy *xpl0, *xpl;
 1741         struct sadb_lifetime *lft = NULL;
 1742         struct secpolicyindex spidx;
 1743         struct secpolicy *newsp;
 1744         struct ipsecrequest *isr;
 1745         int error;
 1746         int spidxmode;
 1747 
 1748         /* sanity check */
 1749         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 1750                 panic("key_spdadd: NULL pointer is passed.");
 1751 
 1752         if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 1753             mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
 1754                 ;
 1755         } else {
 1756                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1757                 return key_senderror(so, m, EINVAL);
 1758         }
 1759         if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1760                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1761                 return key_senderror(so, m, EINVAL);
 1762         }
 1763         if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
 1764              mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
 1765             (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
 1766              mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
 1767             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1768                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1769                 return key_senderror(so, m, EINVAL);
 1770         }
 1771         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1772                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1773                         < sizeof(struct sadb_lifetime)) {
 1774                         ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1775                         return key_senderror(so, m, EINVAL);
 1776                 }
 1777                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1778         }
 1779 
 1780         /* spidx mode, or tag mode */
 1781         spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
 1782 
 1783         if (spidxmode) {
 1784                 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1785                 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1786                 /* make secindex */
 1787                 /* XXX boundary check against sa_len */
 1788                 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
 1789                     src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
 1790                     src0->sadb_address_proto, &spidx);
 1791         }
 1792         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1793 
 1794         /* checking the direciton. */
 1795         switch (xpl0->sadb_x_policy_dir) {
 1796         case IPSEC_DIR_INBOUND:
 1797         case IPSEC_DIR_OUTBOUND:
 1798                 break;
 1799         default:
 1800                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
 1801                 mhp->msg->sadb_msg_errno = EINVAL;
 1802                 return 0;
 1803         }
 1804 
 1805         /* check policy */
 1806         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1807         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
 1808             xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1809                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
 1810                 return key_senderror(so, m, EINVAL);
 1811         }
 1812 
 1813         /* policy requests are mandatory when action is ipsec. */
 1814         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
 1815             xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
 1816             mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1817                 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
 1818                 return key_senderror(so, m, EINVAL);
 1819         }
 1820 
 1821         /*
 1822          * checking there is SP already or not.
 1823          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1824          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1825          * then error.
 1826          */
 1827         if (xpl0->sadb_x_policy_id != 0)
 1828                 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
 1829         else if (spidxmode)
 1830                 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
 1831         else
 1832                 newsp = NULL;
 1833 
 1834         if (newsp && (newsp->readonly || newsp->persist)) {
 1835                 ipseclog((LOG_DEBUG,
 1836                     "key_spdadd: tried to alter readonly/persistent SP.\n"));
 1837                 return key_senderror(so, m, EPERM);
 1838         }
 1839 
 1840         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1841                 if (newsp) {
 1842                         key_sp_dead(newsp);
 1843                         key_freesp(newsp);      /* ref gained by key_getsp */
 1844                         key_sp_unlink(newsp);
 1845                         newsp = NULL;
 1846                 }
 1847         } else {
 1848                 if (newsp != NULL) {
 1849                         key_freesp(newsp);
 1850                         ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
 1851                         return key_senderror(so, m, EEXIST);
 1852                 }
 1853         }
 1854 
 1855         /* allocation new SP entry */
 1856         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1857                 return key_senderror(so, m, error);
 1858         }
 1859 
 1860         if (spidxmode) {
 1861                 error = keydb_setsecpolicyindex(newsp, &spidx);
 1862                 if (error) {
 1863                         keydb_delsecpolicy(newsp);
 1864                         return key_senderror(so, m, error);
 1865                 }
 1866 
 1867                 /* sanity check on addr pair */
 1868                 if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1869                                 ((struct sockaddr *)(dst0 + 1))->sa_family) {
 1870                         keydb_delsecpolicy(newsp);
 1871                         return key_senderror(so, m, EINVAL);
 1872                 }
 1873                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1874                                 ((struct sockaddr *)(dst0 + 1))->sa_len) {
 1875                         keydb_delsecpolicy(newsp);
 1876                         return key_senderror(so, m, EINVAL);
 1877                 }
 1878         }
 1879 
 1880         for (isr = newsp->req; isr; isr = isr->next) {
 1881                 struct sockaddr *sa;
 1882 
 1883                 /*
 1884                  * port spec is not permitted for tunnel mode
 1885                  */
 1886                 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
 1887                         sa = (struct sockaddr *)(src0 + 1);
 1888                         switch (sa->sa_family) {
 1889                         case AF_INET:
 1890                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1891                                         keydb_delsecpolicy(newsp);
 1892                                         return key_senderror(so, m, EINVAL);
 1893                                 }
 1894                                 break;
 1895                         case AF_INET6:
 1896                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1897                                         keydb_delsecpolicy(newsp);
 1898                                         return key_senderror(so, m, EINVAL);
 1899                                 }
 1900                                 break;
 1901                         default:
 1902                                 break;
 1903                         }
 1904                         sa = (struct sockaddr *)(dst0 + 1);
 1905                         switch (sa->sa_family) {
 1906                         case AF_INET:
 1907                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1908                                         keydb_delsecpolicy(newsp);
 1909                                         return key_senderror(so, m, EINVAL);
 1910                                 }
 1911                                 break;
 1912                         case AF_INET6:
 1913                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1914                                         keydb_delsecpolicy(newsp);
 1915                                         return key_senderror(so, m, EINVAL);
 1916                                 }
 1917                                 break;
 1918                         default:
 1919                                 break;
 1920                         }
 1921                 }
 1922         }
 1923 
 1924         /*
 1925          * bark if we have different address family on tunnel address
 1926          * specification.  applies only if we decapsulate in RFC2401
 1927          * IPsec (implementation limitation).
 1928          */
 1929         for (isr = newsp->req; isr; isr = isr->next) {
 1930                 struct sockaddr *sa;
 1931 
 1932                 if (isr->saidx.src.ss_family && src0) {
 1933                         sa = (struct sockaddr *)(src0 + 1);
 1934                         if (sa->sa_family != isr->saidx.src.ss_family) {
 1935                                 keydb_delsecpolicy(newsp);
 1936                                 return key_senderror(so, m, EINVAL);
 1937                         }
 1938                 }
 1939                 if (isr->saidx.dst.ss_family && dst0) {
 1940                         sa = (struct sockaddr *)(dst0 + 1);
 1941                         if (sa->sa_family != isr->saidx.dst.ss_family) {
 1942                                 keydb_delsecpolicy(newsp);
 1943                                 return key_senderror(so, m, EINVAL);
 1944                         }
 1945                 }
 1946         }
 1947 
 1948         newsp->created = time_second;
 1949         newsp->lastused = time_second;
 1950         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1951         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1952 
 1953         newsp->state = IPSEC_SPSTATE_ALIVE;
 1954         LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
 1955 
 1956         /* delete the entry in spacqtree */
 1957         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
 1958             mhp->ext[SADB_EXT_ADDRESS_SRC]) {
 1959                 struct secspacq *spacq;
 1960                 if ((spacq = key_getspacq(&spidx)) != NULL) {
 1961                         /* reset counter in order to deletion by timehandler. */
 1962                         spacq->created = time_second;
 1963                         spacq->count = 0;
 1964                 }
 1965         }
 1966 
 1967         /* invalidate all cached SPD pointers on pcb */
 1968         ipsec_invalpcbcacheall();
 1969 
 1970     {
 1971         struct mbuf *n, *mpolicy;
 1972         struct sadb_msg *newmsg;
 1973         int off;
 1974 
 1975         /* create new sadb_msg to reply. */
 1976         if (lft) {
 1977                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1978                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1979                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1980         } else {
 1981                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1982                     SADB_X_EXT_POLICY,
 1983                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1984         }
 1985         if (!n)
 1986                 return key_senderror(so, m, ENOBUFS);
 1987 
 1988         if (n->m_len < sizeof(*newmsg)) {
 1989                 n = m_pullup(n, sizeof(*newmsg));
 1990                 if (!n)
 1991                         return key_senderror(so, m, ENOBUFS);
 1992         }
 1993         newmsg = mtod(n, struct sadb_msg *);
 1994         newmsg->sadb_msg_errno = 0;
 1995         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 1996 
 1997         off = 0;
 1998         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 1999             sizeof(*xpl), &off);
 2000         if (mpolicy == NULL) {
 2001                 /* n is already freed */
 2002                 return key_senderror(so, m, ENOBUFS);
 2003         }
 2004         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 2005         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 2006                 m_freem(n);
 2007                 return key_senderror(so, m, EINVAL);
 2008         }
 2009         xpl->sadb_x_policy_id = newsp->id;
 2010 
 2011         m_freem(m);
 2012         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2013     }
 2014 }
 2015 
 2016 /*
 2017  * SADB_SPDDELETE processing
 2018  * receive
 2019  *   <base, address(SD), policy(*)>
 2020  * from the user(?), and set SADB_SASTATE_DEAD,
 2021  * and send,
 2022  *   <base, address(SD), policy(*)>
 2023  * to the ikmpd.
 2024  * policy(*) including the direction of the policy.
 2025  *
 2026  * m will always be freed.
 2027  */
 2028 static int
 2029 key_spddelete(so, m, mhp)
 2030         struct socket *so;
 2031         struct mbuf *m;
 2032         const struct sadb_msghdr *mhp;
 2033 {
 2034         struct sadb_address *src0, *dst0;
 2035         struct sadb_x_policy *xpl0;
 2036         struct secpolicyindex spidx;
 2037         struct secpolicy *sp;
 2038 
 2039         /* sanity check */
 2040         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2041                 panic("key_spddelete: NULL pointer is passed.");
 2042 
 2043         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2044             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2045             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2046                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2047                 return key_senderror(so, m, EINVAL);
 2048         }
 2049         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2050             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2051             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2052                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2053                 return key_senderror(so, m, EINVAL);
 2054         }
 2055 
 2056         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2057         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2058         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2059 
 2060         /* make secindex */
 2061         /* XXX boundary check against sa_len */
 2062         KEY_SETSECSPIDX(src0 + 1,
 2063                         dst0 + 1,
 2064                         src0->sadb_address_prefixlen,
 2065                         dst0->sadb_address_prefixlen,
 2066                         src0->sadb_address_proto,
 2067                         &spidx);
 2068 
 2069         /* checking the direciton. */
 2070         switch (xpl0->sadb_x_policy_dir) {
 2071         case IPSEC_DIR_INBOUND:
 2072         case IPSEC_DIR_OUTBOUND:
 2073                 break;
 2074         default:
 2075                 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
 2076                 return key_senderror(so, m, EINVAL);
 2077         }
 2078 
 2079         /* Is there SP in SPD ? */
 2080         if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
 2081                 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
 2082                 return key_senderror(so, m, EINVAL);
 2083         }
 2084 
 2085         if (sp->persist) {
 2086                 ipseclog((LOG_DEBUG,
 2087                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2088                     sp->id));
 2089                 key_freesp(sp); /* ref gained by key_getsp */
 2090                 return key_senderror(so, m, EPERM);
 2091         }
 2092 
 2093         /* save policy id to be returned. */
 2094         xpl0->sadb_x_policy_id = sp->id;
 2095 
 2096         key_sp_dead(sp);
 2097         key_freesp(sp); /* ref gained by key_getsp */
 2098         key_sp_unlink(sp);
 2099         sp = NULL;
 2100 
 2101         /* invalidate all cached SPD pointers on pcb */
 2102         ipsec_invalpcbcacheall();
 2103 
 2104     {
 2105         struct mbuf *n;
 2106         struct sadb_msg *newmsg;
 2107 
 2108         /* create new sadb_msg to reply. */
 2109         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2110             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2111         if (!n)
 2112                 return key_senderror(so, m, ENOBUFS);
 2113 
 2114         newmsg = mtod(n, struct sadb_msg *);
 2115         newmsg->sadb_msg_errno = 0;
 2116         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2117 
 2118         m_freem(m);
 2119         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2120     }
 2121 }
 2122 
 2123 /*
 2124  * SADB_SPDDELETE2 processing
 2125  * receive
 2126  *   <base, policy(*)>
 2127  * from the user(?), and set SADB_SASTATE_DEAD,
 2128  * and send,
 2129  *   <base, policy(*)>
 2130  * to the ikmpd.
 2131  * policy(*) including the policy id.
 2132  *
 2133  * m will always be freed.
 2134  */
 2135 static int
 2136 key_spddelete2(so, m, mhp)
 2137         struct socket *so;
 2138         struct mbuf *m;
 2139         const struct sadb_msghdr *mhp;
 2140 {
 2141         u_int32_t id;
 2142         struct secpolicy *sp;
 2143 
 2144         /* sanity check */
 2145         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2146                 panic("key_spddelete2: NULL pointer is passed.");
 2147 
 2148         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2149             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2150                 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
 2151                 return key_senderror(so, m, EINVAL);
 2152         }
 2153 
 2154         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2155 
 2156         /* Is there SP in SPD ? */
 2157         if ((sp = key_getspbyid(id)) == NULL) {
 2158                 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
 2159                     id));
 2160                 return key_senderror(so, m, EINVAL);
 2161         }
 2162 
 2163         if (sp->persist) {
 2164                 ipseclog((LOG_DEBUG,
 2165                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2166                     id));
 2167                 key_freesp(sp); /* ref gained by key_getspbyid */
 2168                 return key_senderror(so, m, EPERM);
 2169         }
 2170 
 2171         key_sp_dead(sp);
 2172         key_freesp(sp); /* ref gained by key_getspbyid */
 2173         key_sp_unlink(sp);
 2174         sp = NULL;
 2175 
 2176         /* invalidate all cached SPD pointers on pcb */
 2177         ipsec_invalpcbcacheall();
 2178 
 2179     {
 2180         struct mbuf *n, *nn;
 2181         struct sadb_msg *newmsg;
 2182         int off, len;
 2183 
 2184         /* create new sadb_msg to reply. */
 2185         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2186 
 2187         if (len > MCLBYTES)
 2188                 return key_senderror(so, m, ENOBUFS);
 2189         MGETHDR(n, M_DONTWAIT, MT_DATA);
 2190         if (n && len > MHLEN) {
 2191                 MCLGET(n, M_DONTWAIT);
 2192                 if ((n->m_flags & M_EXT) == 0) {
 2193                         m_freem(n);
 2194                         n = NULL;
 2195                 }
 2196         }
 2197         if (!n)
 2198                 return key_senderror(so, m, ENOBUFS);
 2199 
 2200         n->m_len = len;
 2201         n->m_next = NULL;
 2202         off = 0;
 2203 
 2204         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2205         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2206 
 2207 #ifdef DIAGNOSTIC
 2208         if (off != len)
 2209                 panic("length inconsistency in key_spddelete2");
 2210 #endif
 2211 
 2212         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2213             mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
 2214         if (!n->m_next) {
 2215                 m_freem(n);
 2216                 return key_senderror(so, m, ENOBUFS);
 2217         }
 2218 
 2219         n->m_pkthdr.len = 0;
 2220         for (nn = n; nn; nn = nn->m_next)
 2221                 n->m_pkthdr.len += nn->m_len;
 2222 
 2223         newmsg = mtod(n, struct sadb_msg *);
 2224         newmsg->sadb_msg_errno = 0;
 2225         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2226 
 2227         m_freem(m);
 2228         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2229     }
 2230 }
 2231 
 2232 /*
 2233  * SADB_X_SPDGET processing
 2234  * receive
 2235  *   <base, policy(*)>
 2236  * from the user(?),
 2237  * and send,
 2238  *   <base, address(SD), policy>
 2239  * to the ikmpd.
 2240  * policy(*) including direction of policy.
 2241  *
 2242  * m will always be freed.
 2243  */
 2244 static int
 2245 key_spdget(so, m, mhp)
 2246         struct socket *so;
 2247         struct mbuf *m;
 2248         const struct sadb_msghdr *mhp;
 2249 {
 2250         u_int32_t id;
 2251         struct secpolicy *sp;
 2252         struct mbuf *n;
 2253 
 2254         /* sanity check */
 2255         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2256                 panic("key_spdget: NULL pointer is passed.");
 2257 
 2258         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2259             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2260                 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
 2261                 return key_senderror(so, m, EINVAL);
 2262         }
 2263 
 2264         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2265 
 2266         /* Is there SP in SPD ? */
 2267         if ((sp = key_getspbyid(id)) == NULL) {
 2268                 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
 2269                 return key_senderror(so, m, ENOENT);
 2270         }
 2271 
 2272         n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
 2273         key_freesp(sp); /* ref gained by key_getspbyid */
 2274         if (n != NULL) {
 2275                 m_freem(m);
 2276                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2277         } else
 2278                 return key_senderror(so, m, ENOBUFS);
 2279 }
 2280 
 2281 /*
 2282  * SADB_X_SPDACQUIRE processing.
 2283  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2284  * send
 2285  *   <base, policy(*)>
 2286  * to KMD, and expect to receive
 2287  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2288  * or
 2289  *   <base, policy>
 2290  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2291  * policy(*) is without policy requests.
 2292  *
 2293  *    0     : succeed
 2294  *    others: error number
 2295  */
 2296 int
 2297 key_spdacquire(sp)
 2298         struct secpolicy *sp;
 2299 {
 2300         struct mbuf *result = NULL, *m;
 2301 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2302         struct secspacq *newspacq;
 2303 #endif
 2304         int error = -1;
 2305 
 2306         /* sanity check */
 2307         if (sp == NULL)
 2308                 panic("key_spdacquire: NULL pointer is passed.");
 2309         if (sp->req != NULL)
 2310                 panic("key_spdacquire: called but there is request.");
 2311         if (sp->policy != IPSEC_POLICY_IPSEC)
 2312                 panic("key_spdacquire: policy mismathed. IPsec is expected.");
 2313         if (!sp->spidx) {
 2314                 error = EOPNOTSUPP;
 2315                 goto fail;
 2316         }
 2317 
 2318 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2319         /* get an entry to check whether sent message or not. */
 2320         if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
 2321                 if (key_blockacq_count < newspacq->count) {
 2322                         /* reset counter and do send message. */
 2323                         newspacq->count = 0;
 2324                 } else {
 2325                         /* increment counter and do nothing. */
 2326                         newspacq->count++;
 2327                         return 0;
 2328                 }
 2329         } else {
 2330                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2331                 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
 2332                         return ENOBUFS;
 2333 
 2334                 /* add to acqtree */
 2335                 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
 2336         }
 2337 #endif
 2338 
 2339         /* create new sadb_msg to reply. */
 2340         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2341         if (!m) {
 2342                 error = ENOBUFS;
 2343                 goto fail;
 2344         }
 2345         result = m;
 2346 
 2347         /* set sadb_x_policy */
 2348         if (sp) {
 2349                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 2350                 if (!m) {
 2351                         error = ENOBUFS;
 2352                         goto fail;
 2353                 }
 2354                 m_cat(result, m);
 2355         }
 2356 
 2357         result->m_pkthdr.len = 0;
 2358         for (m = result; m; m = m->m_next)
 2359                 result->m_pkthdr.len += m->m_len;
 2360 
 2361         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2362             PFKEY_UNIT64(result->m_pkthdr.len);
 2363 
 2364         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2365 
 2366 fail:
 2367         if (result)
 2368                 m_freem(result);
 2369         return error;
 2370 }
 2371 
 2372 /*
 2373  * SADB_SPDFLUSH processing
 2374  * receive
 2375  *   <base>
 2376  * from the user, and free all entries in secpctree.
 2377  * and send,
 2378  *   <base>
 2379  * to the user.
 2380  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2381  *
 2382  * m will always be freed.
 2383  */
 2384 static int
 2385 key_spdflush(so, m, mhp)
 2386         struct socket *so;
 2387         struct mbuf *m;
 2388         const struct sadb_msghdr *mhp;
 2389 {
 2390         struct sadb_msg *newmsg;
 2391         struct secpolicy *sp, *nextsp;
 2392 
 2393         /* sanity check */
 2394         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2395                 panic("key_spdflush: NULL pointer is passed.");
 2396 
 2397         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2398                 return key_senderror(so, m, EINVAL);
 2399 
 2400         for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
 2401                 nextsp = TAILQ_NEXT(sp, tailq);
 2402                 if (sp->persist)
 2403                         continue;
 2404                 if (sp->state == IPSEC_SPSTATE_DEAD)
 2405                         continue;
 2406                 key_sp_dead(sp);
 2407                 key_sp_unlink(sp);
 2408                 sp = NULL;
 2409         }
 2410 
 2411         /* invalidate all cached SPD pointers on pcb */
 2412         ipsec_invalpcbcacheall();
 2413 
 2414         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2415                 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
 2416                 return key_senderror(so, m, ENOBUFS);
 2417         }
 2418 
 2419         if (m->m_next)
 2420                 m_freem(m->m_next);
 2421         m->m_next = NULL;
 2422         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2423         newmsg = mtod(m, struct sadb_msg *);
 2424         newmsg->sadb_msg_errno = 0;
 2425         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2426 
 2427         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2428 }
 2429 
 2430 /*
 2431  * SADB_SPDDUMP processing
 2432  * receive
 2433  *   <base>
 2434  * from the user, and dump all SP leaves
 2435  * and send,
 2436  *   <base> .....
 2437  * to the ikmpd.
 2438  *
 2439  * m will always be freed.
 2440  */
 2441 static int
 2442 key_spddump(so, m, mhp)
 2443         struct socket *so;
 2444         struct mbuf *m;
 2445         const struct sadb_msghdr *mhp;
 2446 {
 2447         struct secpolicy *sp;
 2448         int cnt;
 2449         u_int dir;
 2450         struct mbuf *n;
 2451 
 2452         /* sanity check */
 2453         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2454                 panic("key_spddump: NULL pointer is passed.");
 2455 
 2456         /* search SPD entry and get buffer size. */
 2457         cnt = 0;
 2458         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2459                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2460                         cnt++;
 2461                 }
 2462         }
 2463 
 2464         if (cnt == 0)
 2465                 return key_senderror(so, m, ENOENT);
 2466 
 2467         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2468                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2469                         --cnt;
 2470                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2471                             mhp->msg->sadb_msg_pid);
 2472 
 2473                         if (n)
 2474                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2475                 }
 2476         }
 2477 
 2478         m_freem(m);
 2479         return 0;
 2480 }
 2481 
 2482 static struct mbuf *
 2483 key_setdumpsp(sp, type, seq, pid)
 2484         struct secpolicy *sp;
 2485         u_int8_t type;
 2486         u_int32_t seq, pid;
 2487 {
 2488         struct mbuf *result = NULL, *m;
 2489 
 2490         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2491         if (!m)
 2492                 goto fail;
 2493         result = m;
 2494 
 2495         if (sp->spidx) {
 2496                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2497                     (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
 2498                     sp->spidx->ul_proto);
 2499                 if (!m)
 2500                         goto fail;
 2501                 m_cat(result, m);
 2502 
 2503                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2504                     (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
 2505                     sp->spidx->ul_proto);
 2506                 if (!m)
 2507                         goto fail;
 2508                 m_cat(result, m);
 2509         }
 2510 
 2511         m = key_sp2msg(sp);
 2512         if (!m)
 2513                 goto fail;
 2514         m_cat(result, m);
 2515 
 2516         m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
 2517                 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
 2518         if (!m)
 2519                 goto fail;
 2520         m_cat(result, m);
 2521 
 2522         m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
 2523                 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
 2524         if (!m)
 2525                 goto fail;
 2526         m_cat(result, m);
 2527 
 2528         if ((result->m_flags & M_PKTHDR) == 0)
 2529                 goto fail;
 2530 
 2531         if (result->m_len < sizeof(struct sadb_msg)) {
 2532                 result = m_pullup(result, sizeof(struct sadb_msg));
 2533                 if (result == NULL)
 2534                         goto fail;
 2535         }
 2536 
 2537         result->m_pkthdr.len = 0;
 2538         for (m = result; m; m = m->m_next)
 2539                 result->m_pkthdr.len += m->m_len;
 2540 
 2541         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2542             PFKEY_UNIT64(result->m_pkthdr.len);
 2543 
 2544         return result;
 2545 
 2546 fail:
 2547         m_freem(result);
 2548         return NULL;
 2549 }
 2550 
 2551 /*
 2552  * get PFKEY message length for security policy and request.
 2553  */
 2554 static u_int
 2555 key_getspreqmsglen(sp)
 2556         struct secpolicy *sp;
 2557 {
 2558         u_int tlen;
 2559 
 2560         tlen = sizeof(struct sadb_x_policy);
 2561 
 2562         /* if is the policy for ipsec ? */
 2563         if (sp->policy != IPSEC_POLICY_IPSEC)
 2564                 return tlen;
 2565 
 2566         /* get length of ipsec requests */
 2567     {
 2568         struct ipsecrequest *isr;
 2569         int len;
 2570 
 2571         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2572                 len = sizeof(struct sadb_x_ipsecrequest)
 2573                         + isr->saidx.src.ss_len
 2574                         + isr->saidx.dst.ss_len;
 2575 
 2576                 tlen += PFKEY_ALIGN8(len);
 2577         }
 2578     }
 2579 
 2580         return tlen;
 2581 }
 2582 
 2583 /*
 2584  * SADB_X_SPDEXPIRE processing
 2585  * send
 2586  *   <base, address(SD), lifetime(CH), policy>
 2587  * to KMD by PF_KEY.
 2588  *
 2589  * OUT: 0       : succeed
 2590  *      others  : error number
 2591  */
 2592 static int
 2593 key_spdexpire(sp)
 2594         struct secpolicy *sp;
 2595 {
 2596         int s;
 2597         struct mbuf *result = NULL, *m;
 2598         int len;
 2599         int error = -1;
 2600         struct sadb_lifetime *lt;
 2601 
 2602         /* XXX: Why do we lock ? */
 2603         s = splnet();   /*called from softclock()*/
 2604 
 2605         /* sanity check */
 2606         if (sp == NULL)
 2607                 panic("key_spdexpire: NULL pointer is passed.");
 2608 
 2609         /* set msg header */
 2610         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2611         if (!m) {
 2612                 error = ENOBUFS;
 2613                 goto fail;
 2614         }
 2615         result = m;
 2616 
 2617         /* create lifetime extension (current and hard) */
 2618         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2619         m = key_alloc_mbuf(len);
 2620         if (!m || m->m_next) {  /*XXX*/
 2621                 if (m)
 2622                         m_freem(m);
 2623                 error = ENOBUFS;
 2624                 goto fail;
 2625         }
 2626         bzero(mtod(m, caddr_t), len);
 2627         lt = mtod(m, struct sadb_lifetime *);
 2628         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2629         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2630         lt->sadb_lifetime_allocations = 0;
 2631         lt->sadb_lifetime_bytes = 0;
 2632         lt->sadb_lifetime_addtime = sp->created;
 2633         lt->sadb_lifetime_usetime = sp->lastused;
 2634         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2635         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2636         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2637         lt->sadb_lifetime_allocations = 0;
 2638         lt->sadb_lifetime_bytes = 0;
 2639         lt->sadb_lifetime_addtime = sp->lifetime;
 2640         lt->sadb_lifetime_usetime = sp->validtime;
 2641         m_cat(result, m);
 2642 
 2643         /* set sadb_address for source */
 2644         if (sp->spidx) {
 2645                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2646                     (struct sockaddr *)&sp->spidx->src,
 2647                     sp->spidx->prefs, sp->spidx->ul_proto);
 2648                 if (!m) {
 2649                         error = ENOBUFS;
 2650                         goto fail;
 2651                 }
 2652                 m_cat(result, m);
 2653 
 2654                 /* set sadb_address for destination */
 2655                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2656                     (struct sockaddr *)&sp->spidx->dst,
 2657                     sp->spidx->prefd, sp->spidx->ul_proto);
 2658                 if (!m) {
 2659                         error = ENOBUFS;
 2660                         goto fail;
 2661                 }
 2662                 m_cat(result, m);
 2663         }
 2664 
 2665         /* set secpolicy */
 2666         m = key_sp2msg(sp);
 2667         if (!m) {
 2668                 error = ENOBUFS;
 2669                 goto fail;
 2670         }
 2671         m_cat(result, m);
 2672 
 2673         if ((result->m_flags & M_PKTHDR) == 0) {
 2674                 error = EINVAL;
 2675                 goto fail;
 2676         }
 2677 
 2678         if (result->m_len < sizeof(struct sadb_msg)) {
 2679                 result = m_pullup(result, sizeof(struct sadb_msg));
 2680                 if (result == NULL) {
 2681                         error = ENOBUFS;
 2682                         goto fail;
 2683                 }
 2684         }
 2685 
 2686         result->m_pkthdr.len = 0;
 2687         for (m = result; m; m = m->m_next)
 2688                 result->m_pkthdr.len += m->m_len;
 2689 
 2690         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2691             PFKEY_UNIT64(result->m_pkthdr.len);
 2692 
 2693         splx(s);
 2694         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2695 
 2696  fail:
 2697         if (result)
 2698                 m_freem(result);
 2699         splx(s);
 2700         return error;
 2701 }
 2702 
 2703 /* %%% SAD management */
 2704 /*
 2705  * allocating a memory for new SA head, and copy from the values of mhp.
 2706  * OUT: NULL    : failure due to the lack of memory.
 2707  *      others  : pointer to new SA head.
 2708  */
 2709 static struct secashead *
 2710 key_newsah(saidx)
 2711         struct secasindex *saidx;
 2712 {
 2713         struct secashead *newsah;
 2714 
 2715         /* sanity check */
 2716         if (saidx == NULL)
 2717                 panic("key_newsaidx: NULL pointer is passed.");
 2718 
 2719         newsah = keydb_newsecashead();
 2720         if (newsah == NULL)
 2721                 return NULL;
 2722 
 2723         bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
 2724 
 2725         /* add to saidxtree */
 2726         newsah->state = SADB_SASTATE_MATURE;
 2727         LIST_INSERT_HEAD(&sahtree, newsah, chain);
 2728 
 2729         return (newsah);
 2730 }
 2731 
 2732 /*
 2733  * delete SA index and all SA registerd.
 2734  */
 2735 static void
 2736 key_delsah(sah)
 2737         struct secashead *sah;
 2738 {
 2739         struct secasvar *sav, *nextsav;
 2740         u_int stateidx, state;
 2741         int s;
 2742         int zombie = 0;
 2743 
 2744         /* sanity check */
 2745         if (sah == NULL)
 2746                 panic("key_delsah: NULL pointer is passed.");
 2747 
 2748         s = splnet();   /*called from softclock()*/
 2749 
 2750         /* searching all SA registerd in the secindex. */
 2751         for (stateidx = 0;
 2752              stateidx < _ARRAYLEN(saorder_state_any);
 2753              stateidx++) {
 2754 
 2755                 state = saorder_state_any[stateidx];
 2756                 for (sav = LIST_FIRST(&sah->savtree[state]);
 2757                      sav != NULL;
 2758                      sav = nextsav) {
 2759 
 2760                         nextsav = LIST_NEXT(sav, chain);
 2761 
 2762                         if (sav->refcnt > 0) {
 2763                                 /* give up to delete this sa */
 2764                                 zombie++;
 2765                                 continue;
 2766                         }
 2767 
 2768                         /* sanity check */
 2769                         KEY_CHKSASTATE(state, sav->state, "key_delsah");
 2770 
 2771                         /* remove back pointer */
 2772                         sav->sah = NULL;
 2773 
 2774                         key_freesav(sav);
 2775 
 2776                         sav = NULL;
 2777                 }
 2778         }
 2779 
 2780         /* delete sah only if there's no sav. */
 2781         if (zombie) {
 2782                 splx(s);
 2783                 return;
 2784         }
 2785 
 2786         if (sah->sa_route.ro_rt) {
 2787                 RTFREE(sah->sa_route.ro_rt);
 2788                 sah->sa_route.ro_rt = (struct rtentry *)NULL;
 2789         }
 2790 
 2791         /* remove from tree of SA index */
 2792         if (__LIST_CHAINED(sah))
 2793                 LIST_REMOVE(sah, chain);
 2794 
 2795         KFREE(sah);
 2796 
 2797         splx(s);
 2798         return;
 2799 }
 2800 
 2801 /*
 2802  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2803  * and copy the values of mhp into new buffer.
 2804  * When SAD message type is GETSPI:
 2805  *      to set sequence number from acq_seq++,
 2806  *      to set zero to SPI.
 2807  *      not to call key_setsava().
 2808  * OUT: NULL    : fail
 2809  *      others  : pointer to new secasvar.
 2810  *
 2811  * does not modify mbuf.  does not free mbuf on error.
 2812  */
 2813 static struct secasvar *
 2814 key_newsav(m, mhp, sah, errp)
 2815         struct mbuf *m;
 2816         const struct sadb_msghdr *mhp;
 2817         struct secashead *sah;
 2818         int *errp;
 2819 {
 2820         struct secasvar *newsav;
 2821         const struct sadb_sa *xsa;
 2822 
 2823         /* sanity check */
 2824         if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
 2825                 panic("key_newsa: NULL pointer is passed.");
 2826 
 2827         newsav = keydb_newsecasvar();
 2828         if (newsav == NULL) {
 2829                 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
 2830                 *errp = ENOBUFS;
 2831                 return NULL;
 2832         }
 2833 
 2834         switch (mhp->msg->sadb_msg_type) {
 2835         case SADB_GETSPI:
 2836                 key_setspi(newsav, 0);
 2837 
 2838 #ifdef IPSEC_DOSEQCHECK
 2839                 /* sync sequence number */
 2840                 if (mhp->msg->sadb_msg_seq == 0)
 2841                         newsav->seq =
 2842                                 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 2843                 else
 2844 #endif
 2845                         newsav->seq = mhp->msg->sadb_msg_seq;
 2846                 break;
 2847 
 2848         case SADB_ADD:
 2849                 /* sanity check */
 2850                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2851                         KFREE(newsav);
 2852                         ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
 2853                         *errp = EINVAL;
 2854                         return NULL;
 2855                 }
 2856                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2857                 key_setspi(newsav, xsa->sadb_sa_spi);
 2858                 newsav->seq = mhp->msg->sadb_msg_seq;
 2859                 break;
 2860         default:
 2861                 KFREE(newsav);
 2862                 *errp = EINVAL;
 2863                 return NULL;
 2864         }
 2865 
 2866         /* copy sav values */
 2867         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2868                 *errp = key_setsaval(newsav, m, mhp);
 2869                 if (*errp) {
 2870                         KFREE(newsav);
 2871                         return NULL;
 2872                 }
 2873         }
 2874 
 2875         /* reset created */
 2876         newsav->created = time_second;
 2877 
 2878         newsav->pid = mhp->msg->sadb_msg_pid;
 2879 
 2880         /* add to satree */
 2881         newsav->sah = sah;
 2882         newsav->refcnt = 1;
 2883         newsav->state = SADB_SASTATE_LARVAL;
 2884         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2885                         secasvar, chain);
 2886 
 2887         return newsav;
 2888 }
 2889 
 2890 /*
 2891  * search SAD.
 2892  * OUT:
 2893  *      NULL    : not found
 2894  *      others  : found, pointer to a SA.
 2895  */
 2896 static struct secashead *
 2897 key_getsah(saidx)
 2898         struct secasindex *saidx;
 2899 {
 2900         struct secashead *sah;
 2901 
 2902         LIST_FOREACH(sah, &sahtree, chain) {
 2903                 if (sah->state == SADB_SASTATE_DEAD)
 2904                         continue;
 2905                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
 2906                         return sah;
 2907         }
 2908 
 2909         return NULL;
 2910 }
 2911 
 2912 /*
 2913  * check not to be duplicated SPI.
 2914  * NOTE: this function is too slow due to searching all SAD.
 2915  * OUT:
 2916  *      NULL    : not found
 2917  *      others  : found, pointer to a SA.
 2918  */
 2919 static struct secasvar *
 2920 key_checkspidup(saidx, spi)
 2921         struct secasindex *saidx;
 2922         u_int32_t spi;
 2923 {
 2924         struct secasvar *sav;
 2925         u_int stateidx, state;
 2926 
 2927         /* check address family */
 2928         if (saidx->src.ss_family != saidx->dst.ss_family) {
 2929                 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
 2930                 return NULL;
 2931         }
 2932 
 2933         /* check all SAD */
 2934         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2935                 if (sav->spi != spi)
 2936                         continue;
 2937                 for (stateidx = 0;
 2938                      stateidx < _ARRAYLEN(saorder_state_alive);
 2939                      stateidx++) {
 2940                         state = saorder_state_alive[stateidx];
 2941                         if (sav->state == state &&
 2942                             key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
 2943                                 return sav;
 2944                 }
 2945         }
 2946 
 2947         return NULL;
 2948 }
 2949 
 2950 static void
 2951 key_setspi(sav, spi)
 2952         struct secasvar *sav;
 2953         u_int32_t spi;
 2954 {
 2955         int s;
 2956 
 2957         s = splnet();
 2958         sav->spi = spi;
 2959         if (sav->spihash.le_prev || sav->spihash.le_next)
 2960                 LIST_REMOVE(sav, spihash);
 2961         LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
 2962         splx(s);
 2963 }
 2964 
 2965 /*
 2966  * search SAD litmited alive SA, protocol, SPI.
 2967  * OUT:
 2968  *      NULL    : not found
 2969  *      others  : found, pointer to a SA.
 2970  */
 2971 static struct secasvar *
 2972 key_getsavbyspi(sah, spi)
 2973         struct secashead *sah;
 2974         u_int32_t spi;
 2975 {
 2976         struct secasvar *sav, *match;
 2977         u_int stateidx, state, matchidx;
 2978 
 2979         match = NULL;
 2980         matchidx = _ARRAYLEN(saorder_state_alive);
 2981         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2982                 if (sav->spi != spi)
 2983                         continue;
 2984                 if (sav->sah != sah)
 2985                         continue;
 2986                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
 2987                         state = saorder_state_alive[stateidx];
 2988                         if (sav->state == state) {
 2989                                 match = sav;
 2990                                 matchidx = stateidx;
 2991                                 break;
 2992                         }
 2993                 }
 2994         }
 2995 
 2996         return match;
 2997 }
 2998 
 2999 /*
 3000  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 3001  * You must update these if need.
 3002  * OUT: 0:      success.
 3003  *      !0:     failure.
 3004  *
 3005  * does not modify mbuf.  does not free mbuf on error.
 3006  */
 3007 static int
 3008 key_setsaval(sav, m, mhp)
 3009         struct secasvar *sav;
 3010         struct mbuf *m;
 3011         const struct sadb_msghdr *mhp;
 3012 {
 3013 #ifdef IPSEC_ESP
 3014         const struct esp_algorithm *algo;
 3015 #endif
 3016         int error = 0;
 3017 
 3018         /* sanity check */
 3019         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 3020                 panic("key_setsaval: NULL pointer is passed.");
 3021 
 3022         /* initialization */
 3023         sav->replay = NULL;
 3024         sav->key_auth = NULL;
 3025         sav->key_enc = NULL;
 3026         sav->sched = NULL;
 3027         sav->schedlen = 0;
 3028         sav->iv = NULL;
 3029         sav->lft_c = NULL;
 3030         sav->lft_h = NULL;
 3031         sav->lft_s = NULL;
 3032 
 3033         /* SA */
 3034         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3035                 const struct sadb_sa *sa0;
 3036 
 3037                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3038                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3039                         error = EINVAL;
 3040                         goto fail;
 3041                 }
 3042 
 3043                 sav->alg_auth = sa0->sadb_sa_auth;
 3044                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3045                 sav->flags = sa0->sadb_sa_flags;
 3046 
 3047                 /* replay window */
 3048                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3049                         sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
 3050                         if (sav->replay == NULL) {
 3051                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3052                                 error = ENOBUFS;
 3053                                 goto fail;
 3054                         }
 3055                 }
 3056         }
 3057 
 3058         /* Authentication keys */
 3059         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3060                 const struct sadb_key *key0;
 3061                 int len;
 3062 
 3063                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3064                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3065 
 3066                 error = 0;
 3067                 if (len < sizeof(*key0)) {
 3068                         error = EINVAL;
 3069                         goto fail;
 3070                 }
 3071                 switch (mhp->msg->sadb_msg_satype) {
 3072                 case SADB_SATYPE_AH:
 3073                 case SADB_SATYPE_ESP:
 3074                 case SADB_X_SATYPE_TCPSIGNATURE:
 3075                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3076                             sav->alg_auth != SADB_X_AALG_NULL)
 3077                                 error = EINVAL;
 3078                         break;
 3079                 case SADB_X_SATYPE_IPCOMP:
 3080                 default:
 3081                         error = EINVAL;
 3082                         break;
 3083                 }
 3084                 if (error) {
 3085                         ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
 3086                         goto fail;
 3087                 }
 3088 
 3089                 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
 3090                 if (sav->key_auth == NULL) {
 3091                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3092                         error = ENOBUFS;
 3093                         goto fail;
 3094                 }
 3095         }
 3096 
 3097         /* Encryption key */
 3098         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3099                 const struct sadb_key *key0;
 3100                 int len;
 3101 
 3102                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3103                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3104 
 3105                 error = 0;
 3106                 if (len < sizeof(*key0)) {
 3107                         error = EINVAL;
 3108                         goto fail;
 3109                 }
 3110                 switch (mhp->msg->sadb_msg_satype) {
 3111                 case SADB_SATYPE_ESP:
 3112                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3113                             sav->alg_enc != SADB_EALG_NULL) {
 3114                                 error = EINVAL;
 3115                                 break;
 3116                         }
 3117                         sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
 3118                         if (sav->key_enc == NULL) {
 3119                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3120                                 error = ENOBUFS;
 3121                                 goto fail;
 3122                         }
 3123                         break;
 3124                 case SADB_X_SATYPE_IPCOMP:
 3125                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3126                                 error = EINVAL;
 3127                         sav->key_enc = NULL;    /*just in case*/
 3128                         break;
 3129                 case SADB_SATYPE_AH:
 3130                 case SADB_X_SATYPE_TCPSIGNATURE:
 3131                 default:
 3132                         error = EINVAL;
 3133                         break;
 3134                 }
 3135                 if (error) {
 3136                         ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
 3137                         goto fail;
 3138                 }
 3139         }
 3140 
 3141         /* set iv */
 3142         sav->ivlen = 0;
 3143 
 3144         switch (mhp->msg->sadb_msg_satype) {
 3145         case SADB_SATYPE_ESP:
 3146 #ifdef IPSEC_ESP
 3147                 algo = esp_algorithm_lookup(sav->alg_enc);
 3148                 if (algo && algo->ivlen)
 3149                         sav->ivlen = (*algo->ivlen)(algo, sav);
 3150                 if (sav->ivlen == 0)
 3151                         break;
 3152                 KMALLOC(sav->iv, caddr_t, sav->ivlen);
 3153                 if (sav->iv == 0) {
 3154                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3155                         error = ENOBUFS;
 3156                         goto fail;
 3157                 }
 3158 
 3159                 /* initialize */
 3160                 key_randomfill(sav->iv, sav->ivlen);
 3161 #endif
 3162                 break;
 3163         case SADB_SATYPE_AH:
 3164         case SADB_X_SATYPE_IPCOMP:
 3165         case SADB_X_SATYPE_TCPSIGNATURE:
 3166                 break;
 3167         default:
 3168                 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
 3169                 error = EINVAL;
 3170                 goto fail;
 3171         }
 3172 
 3173         /* reset created */
 3174         sav->created = time_second;
 3175 
 3176         /* make lifetime for CURRENT */
 3177         KMALLOC(sav->lft_c, struct sadb_lifetime *,
 3178             sizeof(struct sadb_lifetime));
 3179         if (sav->lft_c == NULL) {
 3180                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3181                 error = ENOBUFS;
 3182                 goto fail;
 3183         }
 3184 
 3185         sav->lft_c->sadb_lifetime_len =
 3186             PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 3187         sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 3188         sav->lft_c->sadb_lifetime_allocations = 0;
 3189         sav->lft_c->sadb_lifetime_bytes = 0;
 3190         sav->lft_c->sadb_lifetime_addtime = time_second;
 3191         sav->lft_c->sadb_lifetime_usetime = 0;
 3192 
 3193         /* lifetimes for HARD and SOFT */
 3194     {
 3195         const struct sadb_lifetime *lft0;
 3196 
 3197         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3198         if (lft0 != NULL) {
 3199                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3200                         error = EINVAL;
 3201                         goto fail;
 3202                 }
 3203                 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
 3204                     sizeof(*lft0));
 3205                 if (sav->lft_h == NULL) {
 3206                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3207                         error = ENOBUFS;
 3208                         goto fail;
 3209                 }
 3210                 /* we no longer support byte lifetime */
 3211                 if (sav->lft_h->sadb_lifetime_bytes) {
 3212                         error = EINVAL;
 3213                         goto fail;
 3214                 }
 3215                 /* initialize? */
 3216         }
 3217 
 3218         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3219         if (lft0 != NULL) {
 3220                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3221                         error = EINVAL;
 3222                         goto fail;
 3223                 }
 3224                 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
 3225                     sizeof(*lft0));
 3226                 if (sav->lft_s == NULL) {
 3227                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3228                         error = ENOBUFS;
 3229                         goto fail;
 3230                 }
 3231                 /* we no longer support byte lifetime */
 3232                 if (sav->lft_s->sadb_lifetime_bytes) {
 3233                         error = EINVAL;
 3234                         goto fail;
 3235                 }
 3236                 /* initialize? */
 3237         }
 3238     }
 3239 
 3240         return 0;
 3241 
 3242  fail:
 3243         /* initialization */
 3244         if (sav->replay != NULL) {
 3245                 keydb_delsecreplay(sav->replay);
 3246                 sav->replay = NULL;
 3247         }
 3248         if (sav->key_auth != NULL) {
 3249                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 3250                 KFREE(sav->key_auth);
 3251                 sav->key_auth = NULL;
 3252         }
 3253         if (sav->key_enc != NULL) {
 3254                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 3255                 KFREE(sav->key_enc);
 3256                 sav->key_enc = NULL;
 3257         }
 3258         if (sav->sched) {
 3259                 bzero(sav->sched, sav->schedlen);
 3260                 KFREE(sav->sched);
 3261                 sav->sched = NULL;
 3262         }
 3263         if (sav->iv != NULL) {
 3264                 KFREE(sav->iv);
 3265                 sav->iv = NULL;
 3266         }
 3267         if (sav->lft_c != NULL) {
 3268                 KFREE(sav->lft_c);
 3269                 sav->lft_c = NULL;
 3270         }
 3271         if (sav->lft_h != NULL) {
 3272                 KFREE(sav->lft_h);
 3273                 sav->lft_h = NULL;
 3274         }
 3275         if (sav->lft_s != NULL) {
 3276                 KFREE(sav->lft_s);
 3277                 sav->lft_s = NULL;
 3278         }
 3279 
 3280         return error;
 3281 }
 3282 
 3283 /*
 3284  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3285  * OUT: 0:      valid
 3286  *      other:  errno
 3287  */
 3288 static int
 3289 key_mature(sav)
 3290         struct secasvar *sav;
 3291 {
 3292         int mature;
 3293         int checkmask = 0;      /* 2^0: ealg  2^1: aalg  2^2: calg */
 3294         int mustmask = 0;       /* 2^0: ealg  2^1: aalg  2^2: calg */
 3295 
 3296         mature = 0;
 3297 
 3298         /* check SPI value */
 3299         switch (sav->sah->saidx.proto) {
 3300         case IPPROTO_ESP:
 3301         case IPPROTO_AH:
 3302                 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
 3303                         ipseclog((LOG_DEBUG,
 3304                             "key_mature: illegal range of SPI %u.\n",
 3305                             (u_int32_t)ntohl(sav->spi)));
 3306                         return EINVAL;
 3307                 }
 3308                 break;
 3309         }
 3310 
 3311         /* check satype */
 3312         switch (sav->sah->saidx.proto) {
 3313         case IPPROTO_ESP:
 3314                 /* check flags */
 3315                 if ((sav->flags & SADB_X_EXT_OLD) &&
 3316                     (sav->flags & SADB_X_EXT_DERIV)) {
 3317                         ipseclog((LOG_DEBUG, "key_mature: "
 3318                             "invalid flag (derived) given to old-esp.\n"));
 3319                         return EINVAL;
 3320                 }
 3321                 if (sav->alg_auth == SADB_AALG_NONE)
 3322                         checkmask = 1;
 3323                 else
 3324                         checkmask = 3;
 3325                 mustmask = 1;
 3326                 break;
 3327         case IPPROTO_AH:
 3328                 /* check flags */
 3329                 if (sav->flags & SADB_X_EXT_DERIV) {
 3330                         ipseclog((LOG_DEBUG, "key_mature: "
 3331                             "invalid flag (derived) given to AH SA.\n"));
 3332                         return EINVAL;
 3333                 }
 3334                 if (sav->alg_enc != SADB_EALG_NONE) {
 3335                         ipseclog((LOG_DEBUG, "key_mature: "
 3336                             "protocol and algorithm mismated.\n"));
 3337                         return (EINVAL);
 3338                 }
 3339                 checkmask = 2;
 3340                 mustmask = 2;
 3341                 break;
 3342         case IPPROTO_IPCOMP:
 3343                 if (sav->alg_auth != SADB_AALG_NONE) {
 3344                         ipseclog((LOG_DEBUG, "key_mature: "
 3345                                 "protocol and algorithm mismated.\n"));
 3346                         return (EINVAL);
 3347                 }
 3348                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
 3349                     ntohl(sav->spi) >= 0x10000) {
 3350                         ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
 3351                         return (EINVAL);
 3352                 }
 3353                 checkmask = 4;
 3354                 mustmask = 4;
 3355                 break;
 3356         case IPPROTO_TCP:
 3357                 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
 3358                         ipseclog((LOG_DEBUG, "key_mature: unsupported authentication algorithm %u\n",
 3359                             sav->alg_auth));
 3360                         return (EINVAL);
 3361                 }
 3362                 if (sav->alg_enc != SADB_EALG_NONE) {
 3363                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3364                                 "mismated.\n", __func__));
 3365                         return(EINVAL);
 3366                 }
 3367                 if (sav->spi != htonl(0x1000)) {
 3368                         ipseclog((LOG_DEBUG, "key_mature: SPI must be TCP_SIG_SPI (0x1000)\n"));
 3369                         return (EINVAL);
 3370                 }
 3371                 checkmask = 2;
 3372                 mustmask = 2;
 3373                 break;
 3374         default:
 3375                 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
 3376                 return EPROTONOSUPPORT;
 3377         }
 3378 
 3379         /* check authentication algorithm */
 3380         if ((checkmask & 2) != 0) {
 3381                 const struct ah_algorithm *algo;
 3382                 int keylen;
 3383 
 3384                 algo = ah_algorithm_lookup(sav->alg_auth);
 3385                 if (!algo) {
 3386                         ipseclog((LOG_DEBUG, "key_mature: "
 3387                             "unknown authentication algorithm.\n"));
 3388                         return EINVAL;
 3389                 }
 3390 
 3391                 /* algorithm-dependent check */
 3392                 if (sav->key_auth)
 3393                         keylen = sav->key_auth->sadb_key_bits;
 3394                 else
 3395                         keylen = 0;
 3396                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3397                         ipseclog((LOG_DEBUG,
 3398                             "key_mature: invalid AH key length %d "
 3399                             "(%d-%d allowed)\n",
 3400                             keylen, algo->keymin, algo->keymax));
 3401                         return EINVAL;
 3402                 }
 3403 
 3404                 if (algo->mature) {
 3405                         if ((*algo->mature)(sav)) {
 3406                                 /* message generated in per-algorithm function*/
 3407                                 return EINVAL;
 3408                         } else
 3409                                 mature = SADB_SATYPE_AH;
 3410                 }
 3411 
 3412                 if ((mustmask & 2) != 0 &&  mature != SADB_SATYPE_AH) {
 3413                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
 3414                         return EINVAL;
 3415                 }
 3416         }
 3417 
 3418         /* check encryption algorithm */
 3419         if ((checkmask & 1) != 0) {
 3420 #ifdef IPSEC_ESP
 3421                 const struct esp_algorithm *algo;
 3422                 int keylen;
 3423 
 3424                 algo = esp_algorithm_lookup(sav->alg_enc);
 3425                 if (!algo) {
 3426                         ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
 3427                         return EINVAL;
 3428                 }
 3429 
 3430                 /* algorithm-dependent check */
 3431                 if (sav->key_enc)
 3432                         keylen = sav->key_enc->sadb_key_bits;
 3433                 else
 3434                         keylen = 0;
 3435                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3436                         ipseclog((LOG_DEBUG,
 3437                             "key_mature: invalid ESP key length %d "
 3438                             "(%d-%d allowed)\n",
 3439                             keylen, algo->keymin, algo->keymax));
 3440                         return EINVAL;
 3441                 }
 3442 
 3443                 if (algo->mature) {
 3444                         if ((*algo->mature)(sav)) {
 3445                                 /* message generated in per-algorithm function*/
 3446                                 return EINVAL;
 3447                         } else
 3448                                 mature = SADB_SATYPE_ESP;
 3449                 }
 3450 
 3451                 if ((mustmask & 1) != 0 &&  mature != SADB_SATYPE_ESP) {
 3452                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
 3453                         return EINVAL;
 3454                 }
 3455 #else /*IPSEC_ESP*/
 3456                 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
 3457                 return EINVAL;
 3458 #endif
 3459         }
 3460 
 3461         /* check compression algorithm */
 3462         if ((checkmask & 4) != 0) {
 3463                 const struct ipcomp_algorithm *algo;
 3464 
 3465                 /* algorithm-dependent check */
 3466                 algo = ipcomp_algorithm_lookup(sav->alg_enc);
 3467                 if (!algo) {
 3468                         ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
 3469                         return EINVAL;
 3470                 }
 3471         }
 3472 
 3473         key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3474 
 3475         return 0;
 3476 }
 3477 
 3478 /*
 3479  * subroutine for SADB_GET and SADB_DUMP.
 3480  */
 3481 static struct mbuf *
 3482 key_setdumpsa(sav, type, satype, seq, pid)
 3483         struct secasvar *sav;
 3484         u_int8_t type, satype;
 3485         u_int32_t seq, pid;
 3486 {
 3487         struct mbuf *result = NULL, *tres = NULL, *m;
 3488         int l = 0;
 3489         int i;
 3490         void *p;
 3491         int dumporder[] = {
 3492                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3493                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3494                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3495                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3496                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3497                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3498         };
 3499 
 3500         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3501         if (m == NULL)
 3502                 goto fail;
 3503         result = m;
 3504 
 3505         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3506                 m = NULL;
 3507                 p = NULL;
 3508                 switch (dumporder[i]) {
 3509                 case SADB_EXT_SA:
 3510                         m = key_setsadbsa(sav);
 3511                         if (!m)
 3512                                 goto fail;
 3513                         break;
 3514 
 3515                 case SADB_X_EXT_SA2:
 3516                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3517                             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 3518                             sav->sah->saidx.reqid);
 3519                         if (!m)
 3520                                 goto fail;
 3521                         break;
 3522 
 3523                 case SADB_EXT_ADDRESS_SRC:
 3524                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3525                             (struct sockaddr *)&sav->sah->saidx.src,
 3526                             FULLMASK, IPSEC_ULPROTO_ANY);
 3527                         if (!m)
 3528                                 goto fail;
 3529                         break;
 3530 
 3531                 case SADB_EXT_ADDRESS_DST:
 3532                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3533                             (struct sockaddr *)&sav->sah->saidx.dst,
 3534                             FULLMASK, IPSEC_ULPROTO_ANY);
 3535                         if (!m)
 3536                                 goto fail;
 3537                         break;
 3538 
 3539                 case SADB_EXT_KEY_AUTH:
 3540                         if (!sav->key_auth)
 3541                                 continue;
 3542                         l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
 3543                         p = sav->key_auth;
 3544                         break;
 3545 
 3546                 case SADB_EXT_KEY_ENCRYPT:
 3547                         if (!sav->key_enc)
 3548                                 continue;
 3549                         l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
 3550                         p = sav->key_enc;
 3551                         break;
 3552 
 3553                 case SADB_EXT_LIFETIME_CURRENT:
 3554                         if (!sav->lft_c)
 3555                                 continue;
 3556                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
 3557                         p = sav->lft_c;
 3558                         break;
 3559 
 3560                 case SADB_EXT_LIFETIME_HARD:
 3561                         if (!sav->lft_h)
 3562                                 continue;
 3563                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
 3564                         p = sav->lft_h;
 3565                         break;
 3566 
 3567                 case SADB_EXT_LIFETIME_SOFT:
 3568                         if (!sav->lft_s)
 3569                                 continue;
 3570                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
 3571                         p = sav->lft_s;
 3572                         break;
 3573 
 3574                 case SADB_EXT_ADDRESS_PROXY:
 3575                 case SADB_EXT_IDENTITY_SRC:
 3576                 case SADB_EXT_IDENTITY_DST:
 3577                         /* XXX: should we brought from SPD ? */
 3578                 case SADB_EXT_SENSITIVITY:
 3579                 default:
 3580                         continue;
 3581                 }
 3582 
 3583                 if ((!m && !p) || (m && p))
 3584                         goto fail;
 3585                 if (p && tres) {
 3586                         M_PREPEND(tres, l, M_DONTWAIT);
 3587                         if (!tres)
 3588                                 goto fail;
 3589                         bcopy(p, mtod(tres, caddr_t), l);
 3590                         continue;
 3591                 }
 3592                 if (p) {
 3593                         m = key_alloc_mbuf(l);
 3594                         if (!m)
 3595                                 goto fail;
 3596                         m_copyback(m, 0, l, p);
 3597                 }
 3598 
 3599                 if (tres)
 3600                         m_cat(m, tres);
 3601                 tres = m;
 3602         }
 3603 
 3604         m_cat(result, tres);
 3605 
 3606         if (result->m_len < sizeof(struct sadb_msg)) {
 3607                 result = m_pullup(result, sizeof(struct sadb_msg));
 3608                 if (result == NULL)
 3609                         goto fail;
 3610         }
 3611 
 3612         result->m_pkthdr.len = 0;
 3613         for (m = result; m; m = m->m_next)
 3614                 result->m_pkthdr.len += m->m_len;
 3615 
 3616         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3617             PFKEY_UNIT64(result->m_pkthdr.len);
 3618 
 3619         return result;
 3620 
 3621 fail:
 3622         m_freem(result);
 3623         m_freem(tres);
 3624         return NULL;
 3625 }
 3626 
 3627 /*
 3628  * set data into sadb_msg.
 3629  */
 3630 static struct mbuf *
 3631 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
 3632         u_int8_t type, satype;
 3633         u_int16_t tlen;
 3634         u_int32_t seq;
 3635         pid_t pid;
 3636         u_int16_t reserved;
 3637 {
 3638         struct mbuf *m;
 3639         struct sadb_msg *p;
 3640         int len;
 3641 
 3642         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3643         if (len > MCLBYTES)
 3644                 return NULL;
 3645         MGETHDR(m, M_DONTWAIT, MT_DATA);
 3646         if (m && len > MHLEN) {
 3647                 MCLGET(m, M_DONTWAIT);
 3648                 if ((m->m_flags & M_EXT) == 0) {
 3649                         m_freem(m);
 3650                         m = NULL;
 3651                 }
 3652         }
 3653         if (!m)
 3654                 return NULL;
 3655         m->m_pkthdr.len = m->m_len = len;
 3656         m->m_next = NULL;
 3657 
 3658         p = mtod(m, struct sadb_msg *);
 3659 
 3660         bzero(p, len);
 3661         p->sadb_msg_version = PF_KEY_V2;
 3662         p->sadb_msg_type = type;
 3663         p->sadb_msg_errno = 0;
 3664         p->sadb_msg_satype = satype;
 3665         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3666         p->sadb_msg_reserved = reserved;
 3667         p->sadb_msg_seq = seq;
 3668         p->sadb_msg_pid = (u_int32_t)pid;
 3669 
 3670         return m;
 3671 }
 3672 
 3673 /*
 3674  * copy secasvar data into sadb_address.
 3675  */
 3676 static struct mbuf *
 3677 key_setsadbsa(sav)
 3678         struct secasvar *sav;
 3679 {
 3680         struct mbuf *m;
 3681         struct sadb_sa *p;
 3682         int len;
 3683 
 3684         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3685         m = key_alloc_mbuf(len);
 3686         if (!m || m->m_next) {  /*XXX*/
 3687                 if (m)
 3688                         m_freem(m);
 3689                 return NULL;
 3690         }
 3691 
 3692         p = mtod(m, struct sadb_sa *);
 3693 
 3694         bzero(p, len);
 3695         p->sadb_sa_len = PFKEY_UNIT64(len);
 3696         p->sadb_sa_exttype = SADB_EXT_SA;
 3697         p->sadb_sa_spi = sav->spi;
 3698         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3699         p->sadb_sa_state = sav->state;
 3700         p->sadb_sa_auth = sav->alg_auth;
 3701         p->sadb_sa_encrypt = sav->alg_enc;
 3702         p->sadb_sa_flags = sav->flags;
 3703 
 3704         return m;
 3705 }
 3706 
 3707 /*
 3708  * set data into sadb_address.
 3709  */
 3710 static struct mbuf *
 3711 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
 3712         u_int16_t exttype;
 3713         struct sockaddr *saddr;
 3714         u_int8_t prefixlen;
 3715         u_int16_t ul_proto;
 3716 {
 3717         struct mbuf *m;
 3718         struct sadb_address *p;
 3719         size_t len;
 3720 
 3721         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3722             PFKEY_ALIGN8(saddr->sa_len);
 3723         m = key_alloc_mbuf(len);
 3724         if (!m || m->m_next) {  /*XXX*/
 3725                 if (m)
 3726                         m_freem(m);
 3727                 return NULL;
 3728         }
 3729 
 3730         p = mtod(m, struct sadb_address *);
 3731 
 3732         bzero(p, len);
 3733         p->sadb_address_len = PFKEY_UNIT64(len);
 3734         p->sadb_address_exttype = exttype;
 3735         p->sadb_address_proto = ul_proto;
 3736         if (prefixlen == FULLMASK) {
 3737                 switch (saddr->sa_family) {
 3738                 case AF_INET:
 3739                         prefixlen = sizeof(struct in_addr) << 3;
 3740                         break;
 3741                 case AF_INET6:
 3742                         prefixlen = sizeof(struct in6_addr) << 3;
 3743                         break;
 3744                 default:
 3745                         ; /*XXX*/
 3746                 }
 3747         }
 3748         p->sadb_address_prefixlen = prefixlen;
 3749         p->sadb_address_reserved = 0;
 3750 
 3751         bcopy(saddr,
 3752             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3753             saddr->sa_len);
 3754 
 3755         return m;
 3756 }
 3757 
 3758 #if 0
 3759 /*
 3760  * set data into sadb_ident.
 3761  */
 3762 static struct mbuf *
 3763 key_setsadbident(exttype, idtype, string, stringlen, id)
 3764         u_int16_t exttype, idtype;
 3765         caddr_t string;
 3766         int stringlen;
 3767         u_int64_t id;
 3768 {
 3769         struct mbuf *m;
 3770         struct sadb_ident *p;
 3771         size_t len;
 3772 
 3773         len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
 3774         m = key_alloc_mbuf(len);
 3775         if (!m || m->m_next) {  /*XXX*/
 3776                 if (m)
 3777                         m_freem(m);
 3778                 return NULL;
 3779         }
 3780 
 3781         p = mtod(m, struct sadb_ident *);
 3782 
 3783         bzero(p, len);
 3784         p->sadb_ident_len = PFKEY_UNIT64(len);
 3785         p->sadb_ident_exttype = exttype;
 3786         p->sadb_ident_type = idtype;
 3787         p->sadb_ident_reserved = 0;
 3788         p->sadb_ident_id = id;
 3789 
 3790         bcopy(string,
 3791             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
 3792             stringlen);
 3793 
 3794         return m;
 3795 }
 3796 #endif
 3797 
 3798 /*
 3799  * set data into sadb_x_sa2.
 3800  */
 3801 static struct mbuf *
 3802 key_setsadbxsa2(mode, seq, reqid)
 3803         u_int8_t mode;
 3804         u_int32_t seq, reqid;
 3805 {
 3806         struct mbuf *m;
 3807         struct sadb_x_sa2 *p;
 3808         size_t len;
 3809 
 3810         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3811         m = key_alloc_mbuf(len);
 3812         if (!m || m->m_next) {  /*XXX*/
 3813                 if (m)
 3814                         m_freem(m);
 3815                 return NULL;
 3816         }
 3817 
 3818         p = mtod(m, struct sadb_x_sa2 *);
 3819 
 3820         bzero(p, len);
 3821         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3822         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3823         p->sadb_x_sa2_mode = mode;
 3824         p->sadb_x_sa2_reserved1 = 0;
 3825         p->sadb_x_sa2_reserved2 = 0;
 3826         p->sadb_x_sa2_sequence = seq;
 3827         p->sadb_x_sa2_reqid = reqid;
 3828 
 3829         return m;
 3830 }
 3831 
 3832 /*
 3833  * set data into sadb_lifetime
 3834  */
 3835 static struct mbuf *
 3836 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
 3837         u_int16_t type;
 3838         u_int32_t alloc;
 3839         u_int64_t bytes, addtime, usetime;
 3840 {
 3841         struct mbuf *m;
 3842         struct sadb_lifetime *p;
 3843         size_t len;
 3844 
 3845         len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
 3846         m = key_alloc_mbuf(len);
 3847         if (!m || m->m_next) {  /*XXX*/
 3848                 if (m)
 3849                         m_freem(m);
 3850                 return NULL;
 3851         }
 3852 
 3853         p = mtod(m, struct sadb_lifetime *);
 3854 
 3855         bzero(p, len);
 3856         p->sadb_lifetime_len = PFKEY_UNIT64(len);
 3857         p->sadb_lifetime_exttype = type;
 3858         p->sadb_lifetime_allocations = alloc;
 3859         p->sadb_lifetime_bytes = bytes;
 3860         p->sadb_lifetime_addtime = addtime;
 3861         p->sadb_lifetime_usetime = usetime;
 3862 
 3863         return m;
 3864 }
 3865 
 3866 /*
 3867  * set data into sadb_x_policy
 3868  */
 3869 static struct mbuf *
 3870 key_setsadbxpolicy(type, dir, id)
 3871         u_int16_t type;
 3872         u_int8_t dir;
 3873         u_int32_t id;
 3874 {
 3875         struct mbuf *m;
 3876         struct sadb_x_policy *p;
 3877         size_t len;
 3878 
 3879         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3880         m = key_alloc_mbuf(len);
 3881         if (!m || m->m_next) {  /*XXX*/
 3882                 if (m)
 3883                         m_freem(m);
 3884                 return NULL;
 3885         }
 3886 
 3887         p = mtod(m, struct sadb_x_policy *);
 3888 
 3889         bzero(p, len);
 3890         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3891         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3892         p->sadb_x_policy_type = type;
 3893         p->sadb_x_policy_dir = dir;
 3894         p->sadb_x_policy_id = id;
 3895 
 3896         return m;
 3897 }
 3898 
 3899 /* %%% utilities */
 3900 /*
 3901  * copy a buffer into the new buffer allocated.
 3902  */
 3903 static void *
 3904 key_newbuf(src, len)
 3905         const void *src;
 3906         u_int len;
 3907 {
 3908         caddr_t new;
 3909 
 3910         KMALLOC(new, caddr_t, len);
 3911         if (new == NULL) {
 3912                 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
 3913                 return NULL;
 3914         }
 3915         bcopy(src, new, len);
 3916 
 3917         return new;
 3918 }
 3919 
 3920 /* compare my own address
 3921  * OUT: 1: true, i.e. my address.
 3922  *      0: false
 3923  */
 3924 static int
 3925 key_ismyaddr(sa)
 3926         struct sockaddr *sa;
 3927 {
 3928 #ifdef INET
 3929         struct sockaddr_in *sin;
 3930         struct in_ifaddr *ia;
 3931 #endif
 3932 
 3933         /* sanity check */
 3934         if (sa == NULL)
 3935                 panic("key_ismyaddr: NULL pointer is passed.");
 3936 
 3937         switch (sa->sa_family) {
 3938 #ifdef INET
 3939         case AF_INET:
 3940                 sin = (struct sockaddr_in *)sa;
 3941                 for (ia = in_ifaddrhead.tqh_first; ia;
 3942                      ia = ia->ia_link.tqe_next)
 3943                 {
 3944                         if (sin->sin_family == ia->ia_addr.sin_family &&
 3945                             sin->sin_len == ia->ia_addr.sin_len &&
 3946                             sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
 3947                         {
 3948                                 return 1;
 3949                         }
 3950                 }
 3951                 break;
 3952 #endif
 3953 #ifdef INET6
 3954         case AF_INET6:
 3955                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3956 #endif
 3957         }
 3958 
 3959         return 0;
 3960 }
 3961 
 3962 #ifdef INET6
 3963 /*
 3964  * compare my own address for IPv6.
 3965  * 1: ours
 3966  * 0: other
 3967  * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
 3968  */
 3969 #include <netinet6/in6_var.h>
 3970 
 3971 static int
 3972 key_ismyaddr6(sin6)
 3973         struct sockaddr_in6 *sin6;
 3974 {
 3975         struct in6_ifaddr *ia;
 3976         struct in6_multi *in6m;
 3977 
 3978         for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
 3979                 if (key_sockaddrcmp((struct sockaddr *)&sin6,
 3980                     (struct sockaddr *)&ia->ia_addr, 0) == 0)
 3981                         return 1;
 3982 
 3983                 /*
 3984                  * XXX Multicast
 3985                  * XXX why do we care about multlicast here while we don't care
 3986                  * about IPv4 multicast??
 3987                  */
 3988                 in6m = NULL;
 3989                 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
 3990                 if (in6m)
 3991                         return 1;
 3992         }
 3993 
 3994         /* loopback, just for safety */
 3995         if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
 3996                 return 1;
 3997 
 3998         return 0;
 3999 }
 4000 #endif /*INET6*/
 4001 
 4002 /*
 4003  * compare two secasindex structure.
 4004  * flag can specify to compare 2 saidxes.
 4005  * compare two secasindex structure without both mode and reqid.
 4006  * don't compare port.
 4007  * IN:  
 4008  *      saidx0: source, it can be in SAD.
 4009  *      saidx1: object.
 4010  * OUT: 
 4011  *      1 : equal
 4012  *      0 : not equal
 4013  */
 4014 static int
 4015 key_cmpsaidx(saidx0, saidx1, flag)
 4016         struct secasindex *saidx0, *saidx1;
 4017         int flag;
 4018 {
 4019         /* sanity */
 4020         if (saidx0 == NULL && saidx1 == NULL)
 4021                 return 1;
 4022 
 4023         if (saidx0 == NULL || saidx1 == NULL)
 4024                 return 0;
 4025 
 4026         if (saidx0->proto != saidx1->proto)
 4027                 return 0;
 4028 
 4029         if (flag == CMP_EXACTLY) {
 4030                 if (saidx0->mode != saidx1->mode)
 4031                         return 0;
 4032                 if (saidx0->reqid != saidx1->reqid)
 4033                         return 0;
 4034                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
 4035                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
 4036                         return 0;
 4037         } else {
 4038 
 4039                 /* CMP_MODE_REQID, CMP_HEAD */
 4040                 if (flag == CMP_MODE_REQID) {
 4041                         /*
 4042                          * If reqid of SPD is non-zero, unique SA is required.
 4043                          * The result must be of same reqid in this case.
 4044                          */
 4045                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 4046                                 return 0;
 4047                 }
 4048 
 4049                 if (flag == CMP_MODE_REQID) {
 4050                         if (saidx0->mode != IPSEC_MODE_ANY &&
 4051                             saidx0->mode != saidx1->mode)
 4052                                 return 0;
 4053                 }
 4054 
 4055                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
 4056                                 (struct sockaddr *)&saidx1->src, 0) != 0) {
 4057                         return 0;
 4058                 }
 4059                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
 4060                                 (struct sockaddr *)&saidx1->dst, 0) != 0) {
 4061                         return 0;
 4062                 }
 4063         }
 4064 
 4065         return 1;
 4066 }
 4067 
 4068 /*
 4069  * compare two secindex structure exactly.
 4070  * IN:
 4071  *      spidx0: source, it is often in SPD.
 4072  *      spidx1: object, it is often from PFKEY message.
 4073  * OUT:
 4074  *      1 : equal
 4075  *      0 : not equal
 4076  */
 4077 int
 4078 key_cmpspidx_exactly(spidx0, spidx1)
 4079         struct secpolicyindex *spidx0, *spidx1;
 4080 {
 4081         /* sanity */
 4082         if (spidx0 == NULL && spidx1 == NULL)
 4083                 return 1;
 4084 
 4085         if (spidx0 == NULL || spidx1 == NULL)
 4086                 return 0;
 4087 
 4088         if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
 4089             spidx0->ul_proto != spidx1->ul_proto)
 4090                 return 0;
 4091 
 4092         if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
 4093             (struct sockaddr *)&spidx1->src, 1) != 0) {
 4094                 return 0;
 4095         }
 4096         if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
 4097             (struct sockaddr *)&spidx1->dst, 1) != 0) {
 4098                 return 0;
 4099         }
 4100 
 4101         return 1;
 4102 }
 4103 
 4104 /*
 4105  * compare two secindex structure with mask.
 4106  * IN:
 4107  *      spidx0: source, it is often in SPD.
 4108  *      spidx1: object, it is often from IP header.
 4109  * OUT:
 4110  *      1 : equal
 4111  *      0 : not equal
 4112  */
 4113 int
 4114 key_cmpspidx_withmask(spidx0, spidx1)
 4115         struct secpolicyindex *spidx0, *spidx1;
 4116 {
 4117         /* sanity */
 4118         if (spidx0 == NULL && spidx1 == NULL)
 4119                 return 1;
 4120 
 4121         if (spidx0 == NULL || spidx1 == NULL)
 4122                 return 0;
 4123 
 4124         if (spidx0->src.ss_family != spidx1->src.ss_family ||
 4125             spidx0->dst.ss_family != spidx1->dst.ss_family ||
 4126             spidx0->src.ss_len != spidx1->src.ss_len ||
 4127             spidx0->dst.ss_len != spidx1->dst.ss_len)
 4128                 return 0;
 4129 
 4130         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4131         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
 4132             spidx0->ul_proto != spidx1->ul_proto)
 4133                 return 0;
 4134 
 4135         switch (spidx0->src.ss_family) {
 4136         case AF_INET:
 4137                 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
 4138                     satosin(&spidx0->src)->sin_port !=
 4139                     satosin(&spidx1->src)->sin_port)
 4140                         return 0;
 4141                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
 4142                     (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
 4143                         return 0;
 4144                 break;
 4145         case AF_INET6:
 4146                 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
 4147                     satosin6(&spidx0->src)->sin6_port !=
 4148                     satosin6(&spidx1->src)->sin6_port)
 4149                         return 0;
 4150                 /*
 4151                  * scope_id check. if sin6_scope_id is 0, we regard it
 4152                  * as a wildcard scope, which matches any scope zone ID. 
 4153                  */
 4154                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4155                     satosin6(&spidx1->src)->sin6_scope_id &&
 4156                     satosin6(&spidx0->src)->sin6_scope_id !=
 4157                     satosin6(&spidx1->src)->sin6_scope_id)
 4158                         return 0;
 4159                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
 4160                     (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
 4161                         return 0;
 4162                 break;
 4163         default:
 4164                 /* XXX */
 4165                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
 4166                         return 0;
 4167                 break;
 4168         }
 4169 
 4170         switch (spidx0->dst.ss_family) {
 4171         case AF_INET:
 4172                 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
 4173                     satosin(&spidx0->dst)->sin_port !=
 4174                     satosin(&spidx1->dst)->sin_port)
 4175                         return 0;
 4176                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
 4177                     (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
 4178                         return 0;
 4179                 break;
 4180         case AF_INET6:
 4181                 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
 4182                     satosin6(&spidx0->dst)->sin6_port !=
 4183                     satosin6(&spidx1->dst)->sin6_port)
 4184                         return 0;
 4185                 /*
 4186                  * scope_id check. if sin6_scope_id is 0, we regard it
 4187                  * as a wildcard scope, which matches any scope zone ID. 
 4188                  */
 4189                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4190                     satosin6(&spidx1->src)->sin6_scope_id &&
 4191                     satosin6(&spidx0->dst)->sin6_scope_id !=
 4192                     satosin6(&spidx1->dst)->sin6_scope_id)
 4193                         return 0;
 4194                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
 4195                     (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
 4196                         return 0;
 4197                 break;
 4198         default:
 4199                 /* XXX */
 4200                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
 4201                         return 0;
 4202                 break;
 4203         }
 4204 
 4205         /* XXX Do we check other field ?  e.g. flowinfo */
 4206 
 4207         return 1;
 4208 }
 4209 
 4210 /* returns 0 on match */
 4211 static int
 4212 key_sockaddrcmp(sa1, sa2, port)
 4213         struct sockaddr *sa1;
 4214         struct sockaddr *sa2;
 4215         int port;
 4216 {
 4217         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4218                 return 1;
 4219 
 4220         switch (sa1->sa_family) {
 4221         case AF_INET:
 4222                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4223                         return 1;
 4224                 if (satosin(sa1)->sin_addr.s_addr !=
 4225                     satosin(sa2)->sin_addr.s_addr) {
 4226                         return 1;
 4227                 }
 4228                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4229                         return 1;
 4230                 break;
 4231         case AF_INET6:
 4232                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4233                         return 1;       /*EINVAL*/
 4234                 if (satosin6(sa1)->sin6_scope_id !=
 4235                     satosin6(sa2)->sin6_scope_id) {
 4236                         return 1;
 4237                 }
 4238                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4239                     &satosin6(sa2)->sin6_addr)) {
 4240                         return 1;
 4241                 }
 4242                 if (port &&
 4243                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4244                         return 1;
 4245                 }
 4246                 break;
 4247         default:
 4248                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4249                         return 1;
 4250                 break;
 4251         }
 4252 
 4253         return 0;
 4254 }
 4255 
 4256 /*
 4257  * compare two buffers with mask.
 4258  * IN:
 4259  *      addr1: source
 4260  *      addr2: object
 4261  *      bits:  Number of bits to compare
 4262  * OUT:
 4263  *      1 : equal
 4264  *      0 : not equal
 4265  */
 4266 static int
 4267 key_bbcmp(p1, p2, bits)
 4268         caddr_t p1, p2;
 4269         u_int bits;
 4270 {
 4271         u_int8_t mask;
 4272 
 4273         /* XXX: This could be considerably faster if we compare a word
 4274          * at a time, but it is complicated on LSB Endian machines */
 4275 
 4276         /* Handle null pointers */
 4277         if (p1 == NULL || p2 == NULL)
 4278                 return (p1 == p2);
 4279 
 4280         while (bits >= 8) {
 4281                 if (*p1++ != *p2++)
 4282                         return 0;
 4283                 bits -= 8;
 4284         }
 4285 
 4286         if (bits > 0) {
 4287                 mask = ~((1<<(8-bits))-1);
 4288                 if ((*p1 & mask) != (*p2 & mask))
 4289                         return 0;
 4290         }
 4291         return 1;       /* Match! */
 4292 }
 4293 
 4294 /*
 4295  * time handler.
 4296  * scanning SPD and SAD to check status for each entries,
 4297  * and do to remove or to expire.
 4298  * XXX: year 2038 problem may remain.
 4299  */
 4300 void
 4301 key_timehandler(arg)
 4302         void *arg;
 4303 {
 4304         u_int dir;
 4305         int s;
 4306         struct timeval tv;
 4307 
 4308         microtime(&tv);
 4309 
 4310         s = splnet();   /*called from softclock()*/
 4311 
 4312         /* SPD */
 4313     {
 4314         struct secpolicy *sp, *nextsp;
 4315 
 4316         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4317                 for (sp = LIST_FIRST(&sptree[dir]);
 4318                      sp != NULL;
 4319                      sp = nextsp) {
 4320                         nextsp = LIST_NEXT(sp, chain);
 4321 
 4322                         if (sp->state == IPSEC_SPSTATE_DEAD) {
 4323                                 key_sp_unlink(sp);      /*XXX*/
 4324                                 sp = NULL;
 4325                                 continue;
 4326                         }
 4327 
 4328                         if (sp->lifetime == 0 && sp->validtime == 0)
 4329                                 continue;
 4330 
 4331                         /* the deletion will occur next time */
 4332                         if ((sp->lifetime &&
 4333                              tv.tv_sec - sp->created > sp->lifetime) ||
 4334                             (sp->validtime &&
 4335                              tv.tv_sec - sp->lastused > sp->validtime)) {
 4336                                 key_sp_dead(sp);
 4337                                 key_spdexpire(sp);
 4338                                 continue;
 4339                         }
 4340                 }
 4341         }
 4342 
 4343         /* invalidate all cached SPD pointers on pcb */
 4344         ipsec_invalpcbcacheall();
 4345     }
 4346 
 4347         /* SAD */
 4348     {
 4349         struct secashead *sah, *nextsah;
 4350         struct secasvar *sav, *nextsav;
 4351 
 4352         for (sah = LIST_FIRST(&sahtree);
 4353              sah != NULL;
 4354              sah = nextsah) {
 4355 
 4356                 nextsah = LIST_NEXT(sah, chain);
 4357 
 4358                 /* if sah has been dead, then delete it and process next sah. */
 4359                 if (sah->state == SADB_SASTATE_DEAD) {
 4360                         key_delsah(sah);
 4361                         continue;
 4362                 }
 4363 
 4364                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4365                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
 4366                      sav != NULL;
 4367                      sav = nextsav) {
 4368 
 4369                         nextsav = LIST_NEXT(sav, chain);
 4370 
 4371                         if (tv.tv_sec - sav->created > key_larval_lifetime) {
 4372                                 key_freesav(sav);
 4373                         }
 4374                 }
 4375 
 4376                 /*
 4377                  * check MATURE entry to start to send expire message
 4378                  * whether or not.
 4379                  */
 4380                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
 4381                      sav != NULL;
 4382                      sav = nextsav) {
 4383 
 4384                         nextsav = LIST_NEXT(sav, chain);
 4385 
 4386                         /* we don't need to check. */
 4387                         if (sav->lft_s == NULL)
 4388                                 continue;
 4389 
 4390                         /* sanity check */
 4391                         if (sav->lft_c == NULL) {
 4392                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4393                                         "There is no CURRENT time, why?\n"));
 4394                                 continue;
 4395                         }
 4396 
 4397                         /* check SOFT lifetime */
 4398                         if (sav->lft_s->sadb_lifetime_addtime != 0 &&
 4399                             tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4400                                 /*
 4401                                  * check the SA if it has been used.
 4402                                  * when it hasn't been used, delete it.
 4403                                  * i don't think such SA will be used.
 4404                                  */
 4405                                 if (sav->lft_c->sadb_lifetime_usetime == 0) {
 4406                                         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4407                                         key_freesav(sav);
 4408                                         sav = NULL;
 4409                                 } else {
 4410                                         key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4411                                         /*
 4412                                          * XXX If we keep to send expire
 4413                                          * message in the status of
 4414                                          * DYING. Do remove below code.
 4415                                          */
 4416                                         key_expire(sav);
 4417                                 }
 4418                         }
 4419 
 4420                         /* check SOFT lifetime by bytes */
 4421                         /*
 4422                          * XXX I don't know the way to delete this SA
 4423                          * when new SA is installed.  Caution when it's
 4424                          * installed too big lifetime by time.
 4425                          */
 4426                         else if (sav->lft_s->sadb_lifetime_bytes != 0
 4427                               && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4428 
 4429                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4430                                 /*
 4431                                  * XXX If we keep to send expire
 4432                                  * message in the status of
 4433                                  * DYING. Do remove below code.
 4434                                  */
 4435                                 key_expire(sav);
 4436                         }
 4437                 }
 4438 
 4439                 /* check DYING entry to change status to DEAD. */
 4440                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
 4441                      sav != NULL;
 4442                      sav = nextsav) {
 4443 
 4444                         nextsav = LIST_NEXT(sav, chain);
 4445 
 4446                         /* we don't need to check. */
 4447                         if (sav->lft_h == NULL)
 4448                                 continue;
 4449 
 4450                         /* sanity check */
 4451                         if (sav->lft_c == NULL) {
 4452                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4453                                         "There is no CURRENT time, why?\n"));
 4454                                 continue;
 4455                         }
 4456 
 4457                         if (sav->lft_h->sadb_lifetime_addtime != 0 &&
 4458                             tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
 4459                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4460                                 key_freesav(sav);
 4461                                 sav = NULL;
 4462                         }
 4463 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4464                         else if (sav->lft_s != NULL
 4465                               && sav->lft_s->sadb_lifetime_addtime != 0
 4466                               && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4467                                 /*
 4468                                  * XXX: should be checked to be
 4469                                  * installed the valid SA.
 4470                                  */
 4471 
 4472                                 /*
 4473                                  * If there is no SA then sending
 4474                                  * expire message.
 4475                                  */
 4476                                 key_expire(sav);
 4477                         }
 4478 #endif
 4479                         /* check HARD lifetime by bytes */
 4480                         else if (sav->lft_h->sadb_lifetime_bytes != 0
 4481                               && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4482                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4483                                 key_freesav(sav);
 4484                                 sav = NULL;
 4485                         }
 4486                 }
 4487 
 4488                 /* delete entry in DEAD */
 4489                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
 4490                      sav != NULL;
 4491                      sav = nextsav) {
 4492 
 4493                         nextsav = LIST_NEXT(sav, chain);
 4494 
 4495                         /* sanity check */
 4496                         if (sav->state != SADB_SASTATE_DEAD) {
 4497                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4498                                         "invalid sav->state "
 4499                                         "(queue: %u SA: %u): "
 4500                                         "kill it anyway\n",
 4501                                         SADB_SASTATE_DEAD, sav->state));
 4502                         }
 4503 
 4504                         /*
 4505                          * do not call key_freesav() here.
 4506                          * sav should already be freed, and sav->refcnt
 4507                          * shows other references to sav
 4508                          * (such as from SPD).
 4509                          */
 4510                 }
 4511         }
 4512     }
 4513 
 4514 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4515         /* ACQ tree */
 4516     {
 4517         struct secacq *acq, *nextacq;
 4518 
 4519         for (acq = LIST_FIRST(&acqtree);
 4520              acq != NULL;
 4521              acq = nextacq) {
 4522 
 4523                 nextacq = LIST_NEXT(acq, chain);
 4524 
 4525                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4526                     __LIST_CHAINED(acq)) {
 4527                         LIST_REMOVE(acq, chain);
 4528                         KFREE(acq);
 4529                 }
 4530         }
 4531     }
 4532 #endif
 4533 
 4534         /* SP ACQ tree */
 4535     {
 4536         struct secspacq *acq, *nextacq;
 4537 
 4538         for (acq = LIST_FIRST(&spacqtree);
 4539              acq != NULL;
 4540              acq = nextacq) {
 4541 
 4542                 nextacq = LIST_NEXT(acq, chain);
 4543 
 4544                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4545                     __LIST_CHAINED(acq)) {
 4546                         LIST_REMOVE(acq, chain);
 4547                         KFREE(acq);
 4548                 }
 4549         }
 4550     }
 4551 
 4552         /*
 4553          * should set timeout based on the most closest timer expiration.
 4554          * we don't bother to do that yet.
 4555          */
 4556         callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
 4557 
 4558         splx(s);
 4559         return;
 4560 }
 4561 
 4562 static u_long
 4563 key_random()
 4564 {
 4565         u_long value;
 4566 
 4567         key_randomfill(&value, sizeof(value));
 4568         return value;
 4569 }
 4570 
 4571 void
 4572 key_randomfill(p, l)
 4573         void *p;
 4574         size_t l;
 4575 {
 4576         size_t n;
 4577         u_long v;
 4578         static int warn = 1;
 4579 
 4580         n = 0;
 4581         n = (size_t)read_random(p, (u_int)l);
 4582         /* last resort */
 4583         while (n < l) {
 4584                 v = random();
 4585                 bcopy(&v, (u_int8_t *)p + n,
 4586                     l - n < sizeof(v) ? l - n : sizeof(v));
 4587                 n += sizeof(v);
 4588 
 4589                 if (warn) {
 4590                         printf("WARNING: pseudo-random number generator "
 4591                             "used for IPsec processing\n");
 4592                         warn = 0;
 4593                 }
 4594         }
 4595 }
 4596 
 4597 /*
 4598  * map SADB_SATYPE_* to IPPROTO_*.
 4599  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4600  * OUT:
 4601  *      0: invalid satype.
 4602  */
 4603 static u_int16_t
 4604 key_satype2proto(satype)
 4605         u_int8_t satype;
 4606 {
 4607         switch (satype) {
 4608         case SADB_SATYPE_UNSPEC:
 4609                 return IPSEC_PROTO_ANY;
 4610         case SADB_SATYPE_AH:
 4611                 return IPPROTO_AH;
 4612         case SADB_SATYPE_ESP:
 4613                 return IPPROTO_ESP;
 4614         case SADB_X_SATYPE_IPCOMP:
 4615                 return IPPROTO_IPCOMP;
 4616         case SADB_X_SATYPE_TCPSIGNATURE:
 4617                 return IPPROTO_TCP;
 4618         default:
 4619                 return 0;
 4620         }
 4621         /* NOTREACHED */
 4622 }
 4623 
 4624 /*
 4625  * map IPPROTO_* to SADB_SATYPE_*
 4626  * OUT:
 4627  *      0: invalid protocol type.
 4628  */
 4629 static u_int8_t
 4630 key_proto2satype(proto)
 4631         u_int16_t proto;
 4632 {
 4633         switch (proto) {
 4634         case IPPROTO_AH:
 4635                 return SADB_SATYPE_AH;
 4636         case IPPROTO_ESP:
 4637                 return SADB_SATYPE_ESP;
 4638         case IPPROTO_IPCOMP:
 4639                 return SADB_X_SATYPE_IPCOMP;
 4640         case IPPROTO_TCP:
 4641                 return SADB_X_SATYPE_TCPSIGNATURE;
 4642         default:
 4643                 return 0;
 4644         }
 4645         /* NOTREACHED */
 4646 }
 4647 
 4648 /* %%% PF_KEY */
 4649 /*
 4650  * SADB_GETSPI processing is to receive
 4651  *      <base, (SA2), src address, dst address, (SPI range)>
 4652  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4653  * tree with the status of LARVAL, and send
 4654  *      <base, SA(*), address(SD)>
 4655  * to the IKMPd.
 4656  *
 4657  * IN:  mhp: pointer to the pointer to each header.
 4658  * OUT: NULL if fail.
 4659  *      other if success, return pointer to the message to send.
 4660  */
 4661 static int
 4662 key_getspi(so, m, mhp)
 4663         struct socket *so;
 4664         struct mbuf *m;
 4665         const struct sadb_msghdr *mhp;
 4666 {
 4667         struct sadb_address *src0, *dst0;
 4668         struct secasindex saidx;
 4669         struct secashead *newsah;
 4670         struct secasvar *newsav;
 4671         u_int8_t proto;
 4672         u_int32_t spi;
 4673         u_int8_t mode;
 4674         u_int32_t reqid;
 4675         int error;
 4676 
 4677         /* sanity check */
 4678         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4679                 panic("key_getspi: NULL pointer is passed.");
 4680 
 4681         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4682             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4683                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4684                 return key_senderror(so, m, EINVAL);
 4685         }
 4686         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4687             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4688                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4689                 return key_senderror(so, m, EINVAL);
 4690         }
 4691         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4692                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4693                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4694         } else {
 4695                 mode = IPSEC_MODE_ANY;
 4696                 reqid = 0;
 4697         }
 4698 
 4699         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4700         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4701 
 4702         /* map satype to proto */
 4703         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4704                 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
 4705                 return key_senderror(so, m, EINVAL);
 4706         }
 4707 
 4708         /* make sure if port number is zero. */
 4709         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4710         case AF_INET:
 4711                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4712                     sizeof(struct sockaddr_in))
 4713                         return key_senderror(so, m, EINVAL);
 4714                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4715                 break;
 4716         case AF_INET6:
 4717                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4718                     sizeof(struct sockaddr_in6))
 4719                         return key_senderror(so, m, EINVAL);
 4720                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4721                 break;
 4722         default:
 4723                 ; /*???*/
 4724         }
 4725         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4726         case AF_INET:
 4727                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4728                     sizeof(struct sockaddr_in))
 4729                         return key_senderror(so, m, EINVAL);
 4730                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4731                 break;
 4732         case AF_INET6:
 4733                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4734                     sizeof(struct sockaddr_in6))
 4735                         return key_senderror(so, m, EINVAL);
 4736                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4737                 break;
 4738         default:
 4739                 ; /*???*/
 4740         }
 4741 
 4742         /* XXX boundary check against sa_len */
 4743         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4744 
 4745         /* SPI allocation */
 4746         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4747                                &saidx);
 4748         if (spi == 0)
 4749                 return key_senderror(so, m, EINVAL);
 4750 
 4751         /* get a SA index */
 4752         if ((newsah = key_getsah(&saidx)) == NULL) {
 4753                 /* create a new SA index */
 4754                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4755                         ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
 4756                         return key_senderror(so, m, ENOBUFS);
 4757                 }
 4758         }
 4759 
 4760         /* get a new SA */
 4761         /* XXX rewrite */
 4762         newsav = key_newsav(m, mhp, newsah, &error);
 4763         if (newsav == NULL) {
 4764                 /* XXX don't free new SA index allocated in above. */
 4765                 return key_senderror(so, m, error);
 4766         }
 4767 
 4768         /* set spi */
 4769         key_setspi(newsav, htonl(spi));
 4770 
 4771 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4772         /* delete the entry in acqtree */
 4773         if (mhp->msg->sadb_msg_seq != 0) {
 4774                 struct secacq *acq;
 4775                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4776                         /* reset counter in order to deletion by timehandler. */
 4777                         acq->created = time_second;
 4778                         acq->count = 0;
 4779                 }
 4780         }
 4781 #endif
 4782 
 4783     {
 4784         struct mbuf *n, *nn;
 4785         struct sadb_sa *m_sa;
 4786         struct sadb_msg *newmsg;
 4787         int off, len;
 4788 
 4789         /* create new sadb_msg to reply. */
 4790         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4791             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4792         if (len > MCLBYTES)
 4793                 return key_senderror(so, m, ENOBUFS);
 4794 
 4795         MGETHDR(n, M_DONTWAIT, MT_DATA);
 4796         if (len > MHLEN) {
 4797                 MCLGET(n, M_DONTWAIT);
 4798                 if ((n->m_flags & M_EXT) == 0) {
 4799                         m_freem(n);
 4800                         n = NULL;
 4801                 }
 4802         }
 4803         if (!n)
 4804                 return key_senderror(so, m, ENOBUFS);
 4805 
 4806         n->m_len = len;
 4807         n->m_next = NULL;
 4808         off = 0;
 4809 
 4810         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4811         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4812 
 4813         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4814         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4815         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4816         m_sa->sadb_sa_spi = htonl(spi);
 4817         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4818 
 4819 #ifdef DIAGNOSTIC
 4820         if (off != len)
 4821                 panic("length inconsistency in key_getspi");
 4822 #endif
 4823 
 4824         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4825             SADB_EXT_ADDRESS_DST);
 4826         if (!n->m_next) {
 4827                 m_freem(n);
 4828                 return key_senderror(so, m, ENOBUFS);
 4829         }
 4830 
 4831         if (n->m_len < sizeof(struct sadb_msg)) {
 4832                 n = m_pullup(n, sizeof(struct sadb_msg));
 4833                 if (n == NULL)
 4834                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4835         }
 4836 
 4837         n->m_pkthdr.len = 0;
 4838         for (nn = n; nn; nn = nn->m_next)
 4839                 n->m_pkthdr.len += nn->m_len;
 4840 
 4841         newmsg = mtod(n, struct sadb_msg *);
 4842         newmsg->sadb_msg_seq = newsav->seq;
 4843         newmsg->sadb_msg_errno = 0;
 4844         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4845 
 4846         m_freem(m);
 4847         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4848     }
 4849 }
 4850 
 4851 /*
 4852  * allocating new SPI
 4853  * called by key_getspi().
 4854  * OUT:
 4855  *      0:      failure.
 4856  *      others: success.
 4857  */
 4858 static u_int32_t
 4859 key_do_getnewspi(spirange, saidx)
 4860         struct sadb_spirange *spirange;
 4861         struct secasindex *saidx;
 4862 {
 4863         u_int32_t newspi;
 4864         u_int32_t min, max;
 4865         int count = key_spi_trycnt;
 4866 
 4867         /* set spi range to allocate */
 4868         if (spirange != NULL) {
 4869                 min = spirange->sadb_spirange_min;
 4870                 max = spirange->sadb_spirange_max;
 4871         } else {
 4872                 min = key_spi_minval;
 4873                 max = key_spi_maxval;
 4874         }
 4875         /* IPCOMP needs 2-byte SPI */
 4876         if (saidx->proto == IPPROTO_IPCOMP) {
 4877                 u_int32_t t;
 4878                 if (min >= 0x10000)
 4879                         min = 0xffff;
 4880                 if (max >= 0x10000)
 4881                         max = 0xffff;
 4882                 if (min > max) {
 4883                         t = min; min = max; max = t;
 4884                 }
 4885         }
 4886 
 4887         if (min == max) {
 4888                 if (key_checkspidup(saidx, min) != NULL) {
 4889                         ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
 4890                         return 0;
 4891                 }
 4892 
 4893                 count--; /* taking one cost. */
 4894                 newspi = min;
 4895 
 4896         } else {
 4897 
 4898                 /* init SPI */
 4899                 newspi = 0;
 4900 
 4901                 /* when requesting to allocate spi ranged */
 4902                 while (count--) {
 4903                         /* generate pseudo-random SPI value ranged. */
 4904                         newspi = min + (key_random() % (max - min + 1));
 4905 
 4906                         if (key_checkspidup(saidx, newspi) == NULL)
 4907                                 break;
 4908                 }
 4909 
 4910                 if (count == 0 || newspi == 0) {
 4911                         ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
 4912                         return 0;
 4913                 }
 4914         }
 4915 
 4916         /* statistics */
 4917         keystat.getspi_count =
 4918                 (keystat.getspi_count + key_spi_trycnt - count) / 2;
 4919 
 4920         return newspi;
 4921 }
 4922 
 4923 /*
 4924  * SADB_UPDATE processing
 4925  * receive
 4926  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4927  *       key(AE), (identity(SD),) (sensitivity)>
 4928  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4929  * and send
 4930  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4931  *       (identity(SD),) (sensitivity)>
 4932  * to the ikmpd.
 4933  *
 4934  * m will always be freed.
 4935  */
 4936 static int
 4937 key_update(so, m, mhp)
 4938         struct socket *so;
 4939         struct mbuf *m;
 4940         const struct sadb_msghdr *mhp;
 4941 {
 4942         struct sadb_sa *sa0;
 4943         struct sadb_address *src0, *dst0;
 4944         struct secasindex saidx;
 4945         struct secashead *sah;
 4946         struct secasvar *sav;
 4947         u_int16_t proto;
 4948         u_int8_t mode;
 4949         u_int32_t reqid;
 4950         int error;
 4951 
 4952         /* sanity check */
 4953         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4954                 panic("key_update: NULL pointer is passed.");
 4955 
 4956         /* map satype to proto */
 4957         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4958                 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
 4959                 return key_senderror(so, m, EINVAL);
 4960         }
 4961 
 4962         if (mhp->ext[SADB_EXT_SA] == NULL ||
 4963             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4964             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 4965             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 4966              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 4967             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 4968              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 4969             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 4970              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 4971             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 4972              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 4973                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4974                 return key_senderror(so, m, EINVAL);
 4975         }
 4976         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 4977             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4978             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4979                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4980                 return key_senderror(so, m, EINVAL);
 4981         }
 4982         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4983                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4984                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4985         } else {
 4986                 mode = IPSEC_MODE_ANY;
 4987                 reqid = 0;
 4988         }
 4989         /* XXX boundary checking for other extensions */
 4990 
 4991         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 4992         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4993         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4994 
 4995         /* XXX boundary check against sa_len */
 4996         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4997 
 4998         /* get a SA header */
 4999         if ((sah = key_getsah(&saidx)) == NULL) {
 5000                 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
 5001                 return key_senderror(so, m, ENOENT);
 5002         }
 5003 
 5004         /* set spidx if there */
 5005         /* XXX rewrite */
 5006         error = key_setident(sah, m, mhp);
 5007         if (error)
 5008                 return key_senderror(so, m, error);
 5009 
 5010         /* find a SA with sequence number. */
 5011 #ifdef IPSEC_DOSEQCHECK
 5012         if (mhp->msg->sadb_msg_seq != 0 &&
 5013             (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 5014                 ipseclog((LOG_DEBUG,
 5015                     "key_update: no larval SA with sequence %u exists.\n",
 5016                     mhp->msg->sadb_msg_seq));
 5017                 return key_senderror(so, m, ENOENT);
 5018         }
 5019 #else
 5020         if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
 5021                 ipseclog((LOG_DEBUG,
 5022                     "key_update: no such a SA found (spi:%u)\n",
 5023                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5024                 return key_senderror(so, m, EINVAL);
 5025         }
 5026 #endif
 5027 
 5028         /* validity check */
 5029         if (sav->sah->saidx.proto != proto) {
 5030                 ipseclog((LOG_DEBUG,
 5031                     "key_update: protocol mismatched (DB=%u param=%u)\n",
 5032                     sav->sah->saidx.proto, proto));
 5033                 return key_senderror(so, m, EINVAL);
 5034         }
 5035 #ifdef IPSEC_DOSEQCHECK
 5036         if (sav->spi != sa0->sadb_sa_spi) {
 5037                 ipseclog((LOG_DEBUG,
 5038                     "key_update: SPI mismatched (DB:%u param:%u)\n",
 5039                     (u_int32_t)ntohl(sav->spi),
 5040                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5041                 return key_senderror(so, m, EINVAL);
 5042         }
 5043 #endif
 5044         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5045                 ipseclog((LOG_DEBUG,
 5046                     "key_update: pid mismatched (DB:%u param:%u)\n",
 5047                     sav->pid, mhp->msg->sadb_msg_pid));
 5048                 return key_senderror(so, m, EINVAL);
 5049         }
 5050 
 5051         /* copy sav values */
 5052         error = key_setsaval(sav, m, mhp);
 5053         if (error) {
 5054                 key_freesav(sav);
 5055                 return key_senderror(so, m, error);
 5056         }
 5057 
 5058         /* check SA values to be mature. */
 5059         if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
 5060                 key_freesav(sav);
 5061                 return key_senderror(so, m, 0);
 5062         }
 5063 
 5064     {
 5065         struct mbuf *n;
 5066 
 5067         /* set msg buf from mhp */
 5068         n = key_getmsgbuf_x1(m, mhp);
 5069         if (n == NULL) {
 5070                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5071                 return key_senderror(so, m, ENOBUFS);
 5072         }
 5073 
 5074         m_freem(m);
 5075         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5076     }
 5077 }
 5078 
 5079 /*
 5080  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5081  * only called by key_update().
 5082  * OUT:
 5083  *      NULL    : not found
 5084  *      others  : found, pointer to a SA.
 5085  */
 5086 #ifdef IPSEC_DOSEQCHECK
 5087 static struct secasvar *
 5088 key_getsavbyseq(sah, seq)
 5089         struct secashead *sah;
 5090         u_int32_t seq;
 5091 {
 5092         struct secasvar *sav;
 5093         u_int state;
 5094 
 5095         state = SADB_SASTATE_LARVAL;
 5096 
 5097         /* search SAD with sequence number ? */
 5098         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5099 
 5100                 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
 5101 
 5102                 if (sav->seq == seq) {
 5103                         sav->refcnt++;
 5104                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5105                                 printf("DP key_getsavbyseq cause "
 5106                                         "refcnt++:%d SA:%p\n",
 5107                                         sav->refcnt, sav));
 5108                         return sav;
 5109                 }
 5110         }
 5111 
 5112         return NULL;
 5113 }
 5114 #endif
 5115 
 5116 /*
 5117  * SADB_ADD processing
 5118  * add an entry to SA database, when received
 5119  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5120  *       key(AE), (identity(SD),) (sensitivity)>
 5121  * from the ikmpd,
 5122  * and send
 5123  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5124  *       (identity(SD),) (sensitivity)>
 5125  * to the ikmpd.
 5126  *
 5127  * IGNORE identity and sensitivity messages.
 5128  *
 5129  * m will always be freed.
 5130  */
 5131 static int
 5132 key_add(so, m, mhp)
 5133         struct socket *so;
 5134         struct mbuf *m;
 5135         const struct sadb_msghdr *mhp;
 5136 {
 5137         struct sadb_sa *sa0;
 5138         struct sadb_address *src0, *dst0;
 5139         struct secasindex saidx;
 5140         struct secashead *newsah;
 5141         struct secasvar *newsav;
 5142         u_int16_t proto;
 5143         u_int8_t mode;
 5144         u_int32_t reqid;
 5145         int error;
 5146 
 5147         /* sanity check */
 5148         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5149                 panic("key_add: NULL pointer is passed.");
 5150 
 5151         /* map satype to proto */
 5152         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5153                 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
 5154                 return key_senderror(so, m, EINVAL);
 5155         }
 5156 
 5157         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5158             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5159             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5160             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5161              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5162             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5163              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5164             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5165              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5166             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5167              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5168                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5169                 return key_senderror(so, m, EINVAL);
 5170         }
 5171         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5172             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5173             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5174                 /* XXX need more */
 5175                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5176                 return key_senderror(so, m, EINVAL);
 5177         }
 5178         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5179                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5180                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5181         } else {
 5182                 mode = IPSEC_MODE_ANY;
 5183                 reqid = 0;
 5184         }
 5185 
 5186         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5187         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5188         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5189 
 5190         /* XXX boundary check against sa_len */
 5191         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5192 
 5193         /* get a SA header */
 5194         if ((newsah = key_getsah(&saidx)) == NULL) {
 5195                 /* create a new SA header */
 5196                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5197                         ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
 5198                         return key_senderror(so, m, ENOBUFS);
 5199                 }
 5200         }
 5201 
 5202         /* set spidx if there */
 5203         /* XXX rewrite */
 5204         error = key_setident(newsah, m, mhp);
 5205         if (error) {
 5206                 return key_senderror(so, m, error);
 5207         }
 5208 
 5209         /* create new SA entry. */
 5210         /* We can create new SA only if SPI is differenct. */
 5211         if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
 5212                 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
 5213                 return key_senderror(so, m, EEXIST);
 5214         }
 5215         newsav = key_newsav(m, mhp, newsah, &error);
 5216         if (newsav == NULL) {
 5217                 return key_senderror(so, m, error);
 5218         }
 5219 
 5220         /* check SA values to be mature. */
 5221         if ((error = key_mature(newsav)) != 0) {
 5222                 key_freesav(newsav);
 5223                 return key_senderror(so, m, error);
 5224         }
 5225 
 5226         /*
 5227          * don't call key_freesav() here, as we would like to keep the SA
 5228          * in the database on success.
 5229          */
 5230 
 5231     {
 5232         struct mbuf *n;
 5233 
 5234         /* set msg buf from mhp */
 5235         n = key_getmsgbuf_x1(m, mhp);
 5236         if (n == NULL) {
 5237                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5238                 return key_senderror(so, m, ENOBUFS);
 5239         }
 5240 
 5241         m_freem(m);
 5242         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5243     }
 5244 }
 5245 
 5246 /* m is retained */
 5247 static int
 5248 key_setident(sah, m, mhp)
 5249         struct secashead *sah;
 5250         struct mbuf *m;
 5251         const struct sadb_msghdr *mhp;
 5252 {
 5253         const struct sadb_ident *idsrc, *iddst;
 5254         int idsrclen, iddstlen;
 5255 
 5256         /* sanity check */
 5257         if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5258                 panic("key_setident: NULL pointer is passed.");
 5259 
 5260         /* don't make buffer if not there */
 5261         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5262             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5263                 sah->idents = NULL;
 5264                 sah->identd = NULL;
 5265                 return 0;
 5266         }
 5267         
 5268         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5269             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5270                 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
 5271                 return EINVAL;
 5272         }
 5273 
 5274         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5275         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5276         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5277         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5278 
 5279         /* validity check */
 5280         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5281                 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
 5282                 return EINVAL;
 5283         }
 5284 
 5285         switch (idsrc->sadb_ident_type) {
 5286         case SADB_IDENTTYPE_PREFIX:
 5287         case SADB_IDENTTYPE_FQDN:
 5288         case SADB_IDENTTYPE_USERFQDN:
 5289         default:
 5290                 /* XXX do nothing */
 5291                 sah->idents = NULL;
 5292                 sah->identd = NULL;
 5293                 return 0;
 5294         }
 5295 
 5296         /* make structure */
 5297         KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
 5298         if (sah->idents == NULL) {
 5299                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5300                 return ENOBUFS;
 5301         }
 5302         KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
 5303         if (sah->identd == NULL) {
 5304                 KFREE(sah->idents);
 5305                 sah->idents = NULL;
 5306                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5307                 return ENOBUFS;
 5308         }
 5309         bcopy(idsrc, sah->idents, idsrclen);
 5310         bcopy(iddst, sah->identd, iddstlen);
 5311 
 5312         return 0;
 5313 }
 5314 
 5315 /*
 5316  * m will not be freed on return.
 5317  * it is caller's responsibility to free the result. 
 5318  */
 5319 static struct mbuf *
 5320 key_getmsgbuf_x1(m, mhp)
 5321         struct mbuf *m;
 5322         const struct sadb_msghdr *mhp;
 5323 {
 5324         struct mbuf *n;
 5325 
 5326         /* sanity check */
 5327         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 5328                 panic("key_getmsgbuf_x1: NULL pointer is passed.");
 5329 
 5330         /* create new sadb_msg to reply. */
 5331         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5332             SADB_EXT_SA, SADB_X_EXT_SA2,
 5333             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5334             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5335             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5336         if (!n)
 5337                 return NULL;
 5338 
 5339         if (n->m_len < sizeof(struct sadb_msg)) {
 5340                 n = m_pullup(n, sizeof(struct sadb_msg));
 5341                 if (n == NULL)
 5342                         return NULL;
 5343         }
 5344         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5345         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5346             PFKEY_UNIT64(n->m_pkthdr.len);
 5347 
 5348         return n;
 5349 }
 5350 
 5351 static int key_delete_all(struct socket *, struct mbuf *,
 5352         const struct sadb_msghdr *, u_int16_t);
 5353 
 5354 /*
 5355  * SADB_DELETE processing
 5356  * receive
 5357  *   <base, SA(*), address(SD)>
 5358  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5359  * and send,
 5360  *   <base, SA(*), address(SD)>
 5361  * to the ikmpd.
 5362  *
 5363  * m will always be freed.
 5364  */
 5365 static int
 5366 key_delete(so, m, mhp)
 5367         struct socket *so;
 5368         struct mbuf *m;
 5369         const struct sadb_msghdr *mhp;
 5370 {
 5371         struct sadb_sa *sa0;
 5372         struct sadb_address *src0, *dst0;
 5373         struct secasindex saidx;
 5374         struct secashead *sah;
 5375         struct secasvar *sav = NULL;
 5376         u_int16_t proto;
 5377 
 5378         /* sanity check */
 5379         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5380                 panic("key_delete: NULL pointer is passed.");
 5381 
 5382         /* map satype to proto */
 5383         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5384                 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
 5385                 return key_senderror(so, m, EINVAL);
 5386         }
 5387 
 5388         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5389             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5390                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5391                 return key_senderror(so, m, EINVAL);
 5392         }
 5393 
 5394         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5395             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5396                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5397                 return key_senderror(so, m, EINVAL);
 5398         }
 5399 
 5400         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5401                 /*
 5402                  * Caller wants us to delete all non-LARVAL SAs
 5403                  * that match the src/dst.  This is used during
 5404                  * IKE INITIAL-CONTACT.
 5405                  */
 5406                 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
 5407                 return key_delete_all(so, m, mhp, proto);
 5408         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5409                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5410                 return key_senderror(so, m, EINVAL);
 5411         }
 5412 
 5413         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5414         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5415         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5416 
 5417         /* XXX boundary check against sa_len */
 5418         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5419 
 5420         /* get a SA header */
 5421         LIST_FOREACH(sah, &sahtree, chain) {
 5422                 if (sah->state == SADB_SASTATE_DEAD)
 5423                         continue;
 5424                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5425                         continue;
 5426 
 5427                 /* get a SA with SPI. */
 5428                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5429                 if (sav)
 5430                         break;
 5431         }
 5432         if (sah == NULL) {
 5433                 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
 5434                 return key_senderror(so, m, ENOENT);
 5435         }
 5436 
 5437         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5438         key_freesav(sav);
 5439         sav = NULL;
 5440 
 5441     {
 5442         struct mbuf *n;
 5443         struct sadb_msg *newmsg;
 5444 
 5445         /* create new sadb_msg to reply. */
 5446         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5447             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5448         if (!n)
 5449                 return key_senderror(so, m, ENOBUFS);
 5450 
 5451         if (n->m_len < sizeof(struct sadb_msg)) {
 5452                 n = m_pullup(n, sizeof(struct sadb_msg));
 5453                 if (n == NULL)
 5454                         return key_senderror(so, m, ENOBUFS);
 5455         }
 5456         newmsg = mtod(n, struct sadb_msg *);
 5457         newmsg->sadb_msg_errno = 0;
 5458         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5459 
 5460         m_freem(m);
 5461         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5462     }
 5463 }
 5464 
 5465 /*
 5466  * delete all SAs for src/dst.  Called from key_delete().
 5467  */
 5468 static int
 5469 key_delete_all(so, m, mhp, proto)
 5470         struct socket *so;
 5471         struct mbuf *m;
 5472         const struct sadb_msghdr *mhp;
 5473         u_int16_t proto;
 5474 {
 5475         struct sadb_address *src0, *dst0;
 5476         struct secasindex saidx;
 5477         struct secashead *sah;
 5478         struct secasvar *sav, *nextsav;
 5479         u_int stateidx, state;
 5480 
 5481         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5482         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5483 
 5484         /* XXX boundary check against sa_len */
 5485         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5486 
 5487         LIST_FOREACH(sah, &sahtree, chain) {
 5488                 if (sah->state == SADB_SASTATE_DEAD)
 5489                         continue;
 5490                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5491                         continue;
 5492 
 5493                 /* Delete all non-LARVAL SAs. */
 5494                 for (stateidx = 0;
 5495                      stateidx < _ARRAYLEN(saorder_state_alive);
 5496                      stateidx++) {
 5497                         state = saorder_state_alive[stateidx];
 5498                         if (state == SADB_SASTATE_LARVAL)
 5499                                 continue;
 5500                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5501                              sav != NULL; sav = nextsav) {
 5502                                 nextsav = LIST_NEXT(sav, chain);
 5503                                 /* sanity check */
 5504                                 if (sav->state != state) {
 5505                                         ipseclog((LOG_DEBUG, "key_delete_all: "
 5506                                                "invalid sav->state "
 5507                                                "(queue: %u SA: %u)\n",
 5508                                                state, sav->state));
 5509                                         continue;
 5510                                 }
 5511                                 
 5512                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5513                                 key_freesav(sav);
 5514                         }
 5515                 }
 5516         }
 5517     {
 5518         struct mbuf *n;
 5519         struct sadb_msg *newmsg;
 5520 
 5521         /* create new sadb_msg to reply. */
 5522         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5523             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5524         if (!n)
 5525                 return key_senderror(so, m, ENOBUFS);
 5526 
 5527         if (n->m_len < sizeof(struct sadb_msg)) {
 5528                 n = m_pullup(n, sizeof(struct sadb_msg));
 5529                 if (n == NULL)
 5530                         return key_senderror(so, m, ENOBUFS);
 5531         }
 5532         newmsg = mtod(n, struct sadb_msg *);
 5533         newmsg->sadb_msg_errno = 0;
 5534         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5535 
 5536         m_freem(m);
 5537         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5538     }
 5539 }
 5540 
 5541 /*
 5542  * SADB_GET processing
 5543  * receive
 5544  *   <base, SA(*), address(SD)>
 5545  * from the ikmpd, and get a SP and a SA to respond,
 5546  * and send,
 5547  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5548  *       (identity(SD),) (sensitivity)>
 5549  * to the ikmpd.
 5550  *
 5551  * m will always be freed.
 5552  */
 5553 static int
 5554 key_get(so, m, mhp)
 5555         struct socket *so;
 5556         struct mbuf *m;
 5557         const struct sadb_msghdr *mhp;
 5558 {
 5559         struct sadb_sa *sa0;
 5560         struct sadb_address *src0, *dst0;
 5561         struct secasindex saidx;
 5562         struct secashead *sah;
 5563         struct secasvar *sav = NULL;
 5564         u_int16_t proto;
 5565 
 5566         /* sanity check */
 5567         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5568                 panic("key_get: NULL pointer is passed.");
 5569 
 5570         /* map satype to proto */
 5571         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5572                 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
 5573                 return key_senderror(so, m, EINVAL);
 5574         }
 5575 
 5576         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5577             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5578             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5579                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5580                 return key_senderror(so, m, EINVAL);
 5581         }
 5582         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5583             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5584             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5585                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5586                 return key_senderror(so, m, EINVAL);
 5587         }
 5588 
 5589         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5590         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5591         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5592 
 5593         /* XXX boundary check against sa_len */
 5594         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5595 
 5596         /* get a SA header */
 5597         LIST_FOREACH(sah, &sahtree, chain) {
 5598                 if (sah->state == SADB_SASTATE_DEAD)
 5599                         continue;
 5600                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5601                         continue;
 5602 
 5603                 /* get a SA with SPI. */
 5604                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5605                 if (sav)
 5606                         break;
 5607         }
 5608         if (sah == NULL) {
 5609                 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
 5610                 return key_senderror(so, m, ENOENT);
 5611         }
 5612 
 5613     {
 5614         struct mbuf *n;
 5615         u_int8_t satype;
 5616 
 5617         /* map proto to satype */
 5618         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5619                 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
 5620                 return key_senderror(so, m, EINVAL);
 5621         }
 5622 
 5623         /* create new sadb_msg to reply. */
 5624         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5625             mhp->msg->sadb_msg_pid);
 5626         if (!n)
 5627                 return key_senderror(so, m, ENOBUFS);
 5628 
 5629         m_freem(m);
 5630         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5631     }
 5632 }
 5633 
 5634 /* XXX make it sysctl-configurable? */
 5635 static void
 5636 key_getcomb_setlifetime(comb)
 5637         struct sadb_comb *comb;
 5638 {
 5639 
 5640         comb->sadb_comb_soft_allocations = 1;
 5641         comb->sadb_comb_hard_allocations = 1;
 5642         comb->sadb_comb_soft_bytes = 0;
 5643         comb->sadb_comb_hard_bytes = 0;
 5644         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5645         comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
 5646         comb->sadb_comb_hard_usetime = 28800;   /* 8 hours */
 5647         comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5648 }
 5649 
 5650 #ifdef IPSEC_ESP
 5651 /*
 5652  * XXX reorder combinations by preference
 5653  * XXX no idea if the user wants ESP authentication or not
 5654  */
 5655 static struct mbuf *
 5656 key_getcomb_esp()
 5657 {
 5658         struct sadb_comb *comb;
 5659         const struct esp_algorithm *algo;
 5660         struct mbuf *result = NULL, *m, *n;
 5661         int encmin;
 5662         int i, off, o;
 5663         int totlen;
 5664         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5665 
 5666         m = NULL;
 5667         for (i = 1; i <= SADB_EALG_MAX; i++) {
 5668                 algo = esp_algorithm_lookup(i);
 5669                 if (!algo)
 5670                         continue;
 5671 
 5672                 if (algo->keymax < ipsec_esp_keymin)
 5673                         continue;
 5674                 if (algo->keymin < ipsec_esp_keymin)
 5675                         encmin = ipsec_esp_keymin;
 5676                 else
 5677                         encmin = algo->keymin;
 5678 
 5679                 if (ipsec_esp_auth)
 5680                         m = key_getcomb_ah();
 5681                 else {
 5682 #ifdef DIAGNOSTIC
 5683                         if (l > MLEN)
 5684                                 panic("assumption failed in key_getcomb_esp");
 5685 #endif
 5686                         MGET(m, M_DONTWAIT, MT_DATA);
 5687                         if (m) {
 5688                                 M_ALIGN(m, l);
 5689                                 m->m_len = l;
 5690                                 m->m_next = NULL;
 5691                                 bzero(mtod(m, caddr_t), m->m_len);
 5692                         }
 5693                 }
 5694                 if (!m)
 5695                         goto fail;
 5696 
 5697                 totlen = 0;
 5698                 for (n = m; n; n = n->m_next)
 5699                         totlen += n->m_len;
 5700 #ifdef DIAGNOSTIC
 5701                 if (totlen % l)
 5702                         panic("assumption failed in key_getcomb_esp");
 5703 #endif
 5704 
 5705                 for (off = 0; off < totlen; off += l) {
 5706                         n = m_pulldown(m, off, l, &o);
 5707                         if (!n) {
 5708                                 /* m is already freed */
 5709                                 goto fail;
 5710                         }
 5711                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 5712                         bzero(comb, sizeof(*comb));
 5713                         key_getcomb_setlifetime(comb);
 5714                         comb->sadb_comb_encrypt = i;
 5715                         comb->sadb_comb_encrypt_minbits = encmin;
 5716                         comb->sadb_comb_encrypt_maxbits = algo->keymax;
 5717                 }
 5718 
 5719                 if (!result)
 5720                         result = m;
 5721                 else
 5722                         m_cat(result, m);
 5723         }
 5724 
 5725         return result;
 5726 
 5727  fail:
 5728         if (result)
 5729                 m_freem(result);
 5730         return NULL;
 5731 }
 5732 #endif
 5733 
 5734 /*
 5735  * XXX reorder combinations by preference
 5736  */
 5737 static struct mbuf *
 5738 key_getcomb_ah()
 5739 {
 5740         struct sadb_comb *comb;
 5741         const struct ah_algorithm *algo;
 5742         struct mbuf *m;
 5743         int min;
 5744         int i;
 5745         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5746 
 5747         m = NULL;
 5748         for (i = 1; i <= SADB_AALG_MAX; i++) {
 5749 #if 1
 5750                 /* we prefer HMAC algorithms, not old algorithms */
 5751                 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
 5752                         continue;
 5753 #endif
 5754                 algo = ah_algorithm_lookup(i);
 5755                 if (!algo)
 5756                         continue;
 5757 
 5758                 if (algo->keymax < ipsec_ah_keymin)
 5759                         continue;
 5760                 if (algo->keymin < ipsec_ah_keymin)
 5761                         min = ipsec_ah_keymin;
 5762                 else
 5763                         min = algo->keymin;
 5764 
 5765                 if (!m) {
 5766 #ifdef DIAGNOSTIC
 5767                         if (l > MLEN)
 5768                                 panic("assumption failed in key_getcomb_ah");
 5769 #endif
 5770                         MGET(m, M_DONTWAIT, MT_DATA);
 5771                         if (m) {
 5772                                 M_ALIGN(m, l);
 5773                                 m->m_len = l;
 5774                                 m->m_next = NULL;
 5775                         }
 5776                 } else
 5777                         M_PREPEND(m, l, M_DONTWAIT);
 5778                 if (!m)
 5779                         return NULL;
 5780 
 5781                 comb = mtod(m, struct sadb_comb *);
 5782                 bzero(comb, sizeof(*comb));
 5783                 key_getcomb_setlifetime(comb);
 5784                 comb->sadb_comb_auth = i;
 5785                 comb->sadb_comb_auth_minbits = min;
 5786                 comb->sadb_comb_auth_maxbits = algo->keymax;
 5787         }
 5788 
 5789         return m;
 5790 }
 5791 
 5792 /*
 5793  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 5794  * XXX reorder combinations by preference
 5795  */
 5796 static struct mbuf *
 5797 key_getcomb_ipcomp()
 5798 {
 5799         struct sadb_comb *comb;
 5800         const struct ipcomp_algorithm *algo;
 5801         struct mbuf *m;
 5802         int i;
 5803         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5804 
 5805         m = NULL;
 5806         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 5807                 algo = ipcomp_algorithm_lookup(i);
 5808                 if (!algo)
 5809                         continue;
 5810 
 5811                 if (!m) {
 5812 #ifdef DIAGNOSTIC
 5813                         if (l > MLEN)
 5814                                 panic("assumption failed in key_getcomb_ipcomp");
 5815 #endif
 5816                         MGET(m, M_DONTWAIT, MT_DATA);
 5817                         if (m) {
 5818                                 M_ALIGN(m, l);
 5819                                 m->m_len = l;
 5820                                 m->m_next = NULL;
 5821                         }
 5822                 } else
 5823                         M_PREPEND(m, l, M_DONTWAIT);
 5824                 if (!m)
 5825                         return NULL;
 5826 
 5827                 comb = mtod(m, struct sadb_comb *);
 5828                 bzero(comb, sizeof(*comb));
 5829                 key_getcomb_setlifetime(comb);
 5830                 comb->sadb_comb_encrypt = i;
 5831                 /* what should we set into sadb_comb_*_{min,max}bits? */
 5832         }
 5833 
 5834         return m;
 5835 }
 5836 
 5837 /*
 5838  * XXX no way to pass mode (transport/tunnel) to userland
 5839  * XXX replay checking?
 5840  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 5841  */
 5842 static struct mbuf *
 5843 key_getprop(saidx)
 5844         const struct secasindex *saidx;
 5845 {
 5846         struct sadb_prop *prop;
 5847         struct mbuf *m, *n;
 5848         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 5849         int totlen;
 5850 
 5851         switch (saidx->proto)  {
 5852 #ifdef IPSEC_ESP
 5853         case IPPROTO_ESP:
 5854                 m = key_getcomb_esp();
 5855                 break;
 5856 #endif
 5857         case IPPROTO_AH:
 5858                 m = key_getcomb_ah();
 5859                 break;
 5860         case IPPROTO_IPCOMP:
 5861                 m = key_getcomb_ipcomp();
 5862                 break;
 5863         default:
 5864                 return NULL;
 5865         }
 5866 
 5867         if (!m)
 5868                 return NULL;
 5869         M_PREPEND(m, l, M_DONTWAIT);
 5870         if (!m)
 5871                 return NULL;
 5872 
 5873         totlen = 0;
 5874         for (n = m; n; n = n->m_next)
 5875                 totlen += n->m_len;
 5876 
 5877         prop = mtod(m, struct sadb_prop *);
 5878         bzero(prop, sizeof(*prop));
 5879         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 5880         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 5881         prop->sadb_prop_replay = 32;    /* XXX */
 5882 
 5883         return m;
 5884 }
 5885 
 5886 /*
 5887  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 5888  * send
 5889  *   <base, SA, address(SD), (address(P)), x_policy,
 5890  *       (identity(SD),) (sensitivity,) proposal>
 5891  * to KMD, and expect to receive
 5892  *   <base> with SADB_ACQUIRE if error occured,
 5893  * or
 5894  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 5895  * from KMD by PF_KEY.
 5896  *
 5897  * XXX x_policy is outside of RFC2367 (KAME extension).
 5898  * XXX sensitivity is not supported.
 5899  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 5900  * see comment for key_getcomb_ipcomp().
 5901  *
 5902  * OUT:
 5903  *    0     : succeed
 5904  *    others: error number
 5905  */
 5906 static int
 5907 key_acquire(saidx, sp)
 5908         struct secasindex *saidx;
 5909         struct secpolicy *sp;
 5910 {
 5911         struct mbuf *result = NULL, *m;
 5912 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5913         struct secacq *newacq;
 5914 #endif
 5915         u_int8_t satype;
 5916         int error = -1;
 5917         u_int32_t seq;
 5918 
 5919         /* sanity check */
 5920         if (saidx == NULL)
 5921                 panic("key_acquire: NULL pointer is passed.");
 5922         if ((satype = key_proto2satype(saidx->proto)) == 0)
 5923                 panic("key_acquire: invalid proto is passed.");
 5924 
 5925 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5926         /*
 5927          * We never do anything about acquirng SA.  There is anather
 5928          * solution that kernel blocks to send SADB_ACQUIRE message until
 5929          * getting something message from IKEd.  In later case, to be
 5930          * managed with ACQUIRING list.
 5931          */
 5932         /* get an entry to check whether sending message or not. */
 5933         if ((newacq = key_getacq(saidx)) != NULL) {
 5934                 if (key_blockacq_count < newacq->count) {
 5935                         /* reset counter and do send message. */
 5936                         newacq->count = 0;
 5937                 } else {
 5938                         /* increment counter and do nothing. */
 5939                         newacq->count++;
 5940                         return 0;
 5941                 }
 5942         } else {
 5943                 /* make new entry for blocking to send SADB_ACQUIRE. */
 5944                 if ((newacq = key_newacq(saidx)) == NULL)
 5945                         return ENOBUFS;
 5946 
 5947                 /* add to acqtree */
 5948                 LIST_INSERT_HEAD(&acqtree, newacq, chain);
 5949         }
 5950 #endif
 5951 
 5952 
 5953 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5954         seq = newacq->seq;
 5955 #else
 5956         seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 5957 #endif
 5958         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 5959         if (!m) {
 5960                 error = ENOBUFS;
 5961                 goto fail;
 5962         }
 5963         result = m;
 5964 
 5965         /* set sadb_address for saidx's. */
 5966         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 5967             (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
 5968         if (!m) {
 5969                 error = ENOBUFS;
 5970                 goto fail;
 5971         }
 5972         m_cat(result, m);
 5973 
 5974         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 5975             (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
 5976         if (!m) {
 5977                 error = ENOBUFS;
 5978                 goto fail;
 5979         }
 5980         m_cat(result, m);
 5981 
 5982         /* XXX proxy address (optional) */
 5983 
 5984         /* set sadb_x_policy */
 5985         if (sp) {
 5986                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 5987                 if (!m) {
 5988                         error = ENOBUFS;
 5989                         goto fail;
 5990                 }
 5991                 m_cat(result, m);
 5992         }
 5993 
 5994         /* XXX identity (optional) */
 5995 #if 0
 5996         if (idexttype && fqdn) {
 5997                 /* create identity extension (FQDN) */
 5998                 struct sadb_ident *id;
 5999                 int fqdnlen;
 6000 
 6001                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 6002                 id = (struct sadb_ident *)p;
 6003                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6004                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6005                 id->sadb_ident_exttype = idexttype;
 6006                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6007                 bcopy(fqdn, id + 1, fqdnlen);
 6008                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6009         }
 6010 
 6011         if (idexttype) {
 6012                 /* create identity extension (USERFQDN) */
 6013                 struct sadb_ident *id;
 6014                 int userfqdnlen;
 6015 
 6016                 if (userfqdn) {
 6017                         /* +1 for terminating-NUL */
 6018                         userfqdnlen = strlen(userfqdn) + 1;
 6019                 } else
 6020                         userfqdnlen = 0;
 6021                 id = (struct sadb_ident *)p;
 6022                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6023                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6024                 id->sadb_ident_exttype = idexttype;
 6025                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6026                 /* XXX is it correct? */
 6027                 if (curproc && curproc->p_cred)
 6028                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6029                 if (userfqdn && userfqdnlen)
 6030                         bcopy(userfqdn, id + 1, userfqdnlen);
 6031                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6032         }
 6033 #endif
 6034 
 6035         /* XXX sensitivity (optional) */
 6036 
 6037         /* create proposal/combination extension */
 6038         m = key_getprop(saidx);
 6039 #if 0
 6040         /*
 6041          * spec conformant: always attach proposal/combination extension,
 6042          * the problem is that we have no way to attach it for ipcomp,
 6043          * due to the way sadb_comb is declared in RFC2367.
 6044          */
 6045         if (!m) {
 6046                 error = ENOBUFS;
 6047                 goto fail;
 6048         }
 6049         m_cat(result, m);
 6050 #else
 6051         /*
 6052          * outside of spec; make proposal/combination extension optional.
 6053          */
 6054         if (m)
 6055                 m_cat(result, m);
 6056 #endif
 6057 
 6058         if ((result->m_flags & M_PKTHDR) == 0) {
 6059                 error = EINVAL;
 6060                 goto fail;
 6061         }
 6062 
 6063         if (result->m_len < sizeof(struct sadb_msg)) {
 6064                 result = m_pullup(result, sizeof(struct sadb_msg));
 6065                 if (result == NULL) {
 6066                         error = ENOBUFS;
 6067                         goto fail;
 6068                 }
 6069         }
 6070 
 6071         result->m_pkthdr.len = 0;
 6072         for (m = result; m; m = m->m_next)
 6073                 result->m_pkthdr.len += m->m_len;
 6074 
 6075         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6076             PFKEY_UNIT64(result->m_pkthdr.len);
 6077 
 6078         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6079 
 6080  fail:
 6081         if (result)
 6082                 m_freem(result);
 6083         return error;
 6084 }
 6085 
 6086 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6087 static struct secacq *
 6088 key_newacq(saidx)
 6089         struct secasindex *saidx;
 6090 {
 6091         struct secacq *newacq;
 6092 
 6093         /* get new entry */
 6094         KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
 6095         if (newacq == NULL) {
 6096                 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
 6097                 return NULL;
 6098         }
 6099         bzero(newacq, sizeof(*newacq));
 6100 
 6101         /* copy secindex */
 6102         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6103         newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
 6104         newacq->created = time_second;
 6105         newacq->count = 0;
 6106 
 6107         return newacq;
 6108 }
 6109 
 6110 static struct secacq *
 6111 key_getacq(saidx)
 6112         struct secasindex *saidx;
 6113 {
 6114         struct secacq *acq;
 6115 
 6116         LIST_FOREACH(acq, &acqtree, chain) {
 6117                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6118                         return acq;
 6119         }
 6120 
 6121         return NULL;
 6122 }
 6123 
 6124 static struct secacq *
 6125 key_getacqbyseq(seq)
 6126         u_int32_t seq;
 6127 {
 6128         struct secacq *acq;
 6129 
 6130         LIST_FOREACH(acq, &acqtree, chain) {
 6131                 if (acq->seq == seq)
 6132                         return acq;
 6133         }
 6134 
 6135         return NULL;
 6136 }
 6137 #endif
 6138 
 6139 static struct secspacq *
 6140 key_newspacq(spidx)
 6141         struct secpolicyindex *spidx;
 6142 {
 6143         struct secspacq *acq;
 6144 
 6145         if (!spidx)
 6146                 return NULL;
 6147 
 6148         /* get new entry */
 6149         KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
 6150         if (acq == NULL) {
 6151                 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
 6152                 return NULL;
 6153         }
 6154         bzero(acq, sizeof(*acq));
 6155 
 6156         /* copy secindex */
 6157         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6158         acq->created = time_second;
 6159         acq->count = 1;
 6160 
 6161         return acq;
 6162 }
 6163 
 6164 static struct secspacq *
 6165 key_getspacq(spidx)
 6166         struct secpolicyindex *spidx;
 6167 {
 6168         struct secspacq *acq;
 6169 
 6170         if (!spidx)
 6171                 return NULL;
 6172 
 6173         LIST_FOREACH(acq, &spacqtree, chain) {
 6174                 if (key_cmpspidx_exactly(spidx, &acq->spidx))
 6175                         return acq;
 6176         }
 6177 
 6178         return NULL;
 6179 }
 6180 
 6181 /*
 6182  * SADB_ACQUIRE processing,
 6183  * in first situation, is receiving
 6184  *   <base>
 6185  * from the ikmpd, and clear sequence of its secasvar entry.
 6186  *
 6187  * In second situation, is receiving
 6188  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6189  * from a user land process, and return
 6190  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6191  * to the socket.
 6192  *
 6193  * m will always be freed.
 6194  */
 6195 static int
 6196 key_acquire2(so, m, mhp)
 6197         struct socket *so;
 6198         struct mbuf *m;
 6199         const struct sadb_msghdr *mhp;
 6200 {
 6201         struct sadb_address *src0, *dst0;
 6202         struct secasindex saidx;
 6203         struct secashead *sah;
 6204         u_int16_t proto;
 6205         int error;
 6206 
 6207         /* sanity check */
 6208         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6209                 panic("key_acquire2: NULL pointer is passed.");
 6210 
 6211         /*
 6212          * Error message from KMd.
 6213          * We assume that if error was occured in IKEd, the length of PFKEY
 6214          * message is equal to the size of sadb_msg structure.
 6215          * We do not raise error even if error occured in this function.
 6216          */
 6217         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6218 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6219                 struct secacq *acq;
 6220 
 6221                 /* check sequence number */
 6222                 if (mhp->msg->sadb_msg_seq == 0) {
 6223                         ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
 6224                         m_freem(m);
 6225                         return 0;
 6226                 }
 6227 
 6228                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6229                         /*
 6230                          * the specified larval SA is already gone, or we got
 6231                          * a bogus sequence number.  we can silently ignore it.
 6232                          */
 6233                         m_freem(m);
 6234                         return 0;
 6235                 }
 6236 
 6237                 /* reset acq counter in order to deletion by timehander. */
 6238                 acq->created = time_second;
 6239                 acq->count = 0;
 6240 #endif
 6241                 m_freem(m);
 6242                 return 0;
 6243         }
 6244 
 6245         /*
 6246          * This message is from user land.
 6247          */
 6248 
 6249         /* map satype to proto */
 6250         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6251                 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
 6252                 return key_senderror(so, m, EINVAL);
 6253         }
 6254 
 6255         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6256             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6257             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6258                 /* error */
 6259                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6260                 return key_senderror(so, m, EINVAL);
 6261         }
 6262         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6263             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6264             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6265                 /* error */
 6266                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6267                 return key_senderror(so, m, EINVAL);
 6268         }
 6269 
 6270         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6271         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6272 
 6273         /* XXX boundary check against sa_len */
 6274         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6275 
 6276         /* get a SA index */
 6277         LIST_FOREACH(sah, &sahtree, chain) {
 6278                 if (sah->state == SADB_SASTATE_DEAD)
 6279                         continue;
 6280                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6281                         break;
 6282         }
 6283         if (sah != NULL) {
 6284                 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
 6285                 return key_senderror(so, m, EEXIST);
 6286         }
 6287 
 6288         error = key_acquire(&saidx, NULL);
 6289         if (error != 0) {
 6290                 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
 6291                         "from key_acquire.\n", mhp->msg->sadb_msg_errno));
 6292                 return key_senderror(so, m, error);
 6293         }
 6294 
 6295         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6296 }
 6297 
 6298 /*
 6299  * SADB_REGISTER processing.
 6300  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6301  * receive
 6302  *   <base>
 6303  * from the ikmpd, and register a socket to send PF_KEY messages,
 6304  * and send
 6305  *   <base, supported>
 6306  * to KMD by PF_KEY.
 6307  * If socket is detached, must free from regnode.
 6308  *
 6309  * m will always be freed.
 6310  */
 6311 static int
 6312 key_register(so, m, mhp)
 6313         struct socket *so;
 6314         struct mbuf *m;
 6315         const struct sadb_msghdr *mhp;
 6316 {
 6317         struct secreg *reg, *newreg = 0;
 6318 
 6319         /* sanity check */
 6320         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6321                 panic("key_register: NULL pointer is passed.");
 6322 
 6323         /* check for invalid register message */
 6324         if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
 6325                 return key_senderror(so, m, EINVAL);
 6326 
 6327         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6328         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6329                 goto setmsg;
 6330 
 6331         /* check whether existing or not */
 6332         LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
 6333                 if (reg->so == so) {
 6334                         ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
 6335                         return key_senderror(so, m, EEXIST);
 6336                 }
 6337         }
 6338 
 6339         /* create regnode */
 6340         KMALLOC(newreg, struct secreg *, sizeof(*newreg));
 6341         if (newreg == NULL) {
 6342                 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
 6343                 return key_senderror(so, m, ENOBUFS);
 6344         }
 6345         bzero((caddr_t)newreg, sizeof(*newreg));
 6346 
 6347         newreg->so = so;
 6348         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6349 
 6350         /* add regnode to regtree. */
 6351         LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6352 
 6353   setmsg:
 6354     {
 6355         struct mbuf *n;
 6356         struct sadb_msg *newmsg;
 6357         struct sadb_supported *sup;
 6358         u_int len, alen, elen;
 6359         int off;
 6360         int i;
 6361         struct sadb_alg *alg;
 6362 
 6363         /* create new sadb_msg to reply. */
 6364         alen = 0;
 6365         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6366                 if (ah_algorithm_lookup(i))
 6367                         alen += sizeof(struct sadb_alg);
 6368         }
 6369         if (alen)
 6370                 alen += sizeof(struct sadb_supported);
 6371         elen = 0;
 6372 #ifdef IPSEC_ESP
 6373         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6374                 if (esp_algorithm_lookup(i))
 6375                         elen += sizeof(struct sadb_alg);
 6376         }
 6377         if (elen)
 6378                 elen += sizeof(struct sadb_supported);
 6379 #endif
 6380 
 6381         len = sizeof(struct sadb_msg) + alen + elen;
 6382 
 6383         if (len > MCLBYTES)
 6384                 return key_senderror(so, m, ENOBUFS);
 6385 
 6386         MGETHDR(n, M_DONTWAIT, MT_DATA);
 6387         if (len > MHLEN) {
 6388                 MCLGET(n, M_DONTWAIT);
 6389                 if ((n->m_flags & M_EXT) == 0) {
 6390                         m_freem(n);
 6391                         n = NULL;
 6392                 }
 6393         }
 6394         if (!n)
 6395                 return key_senderror(so, m, ENOBUFS);
 6396 
 6397         n->m_pkthdr.len = n->m_len = len;
 6398         n->m_next = NULL;
 6399         off = 0;
 6400 
 6401         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6402         newmsg = mtod(n, struct sadb_msg *);
 6403         newmsg->sadb_msg_errno = 0;
 6404         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6405         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6406 
 6407         /* for authentication algorithm */
 6408         if (alen) {
 6409                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6410                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6411                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6412                 off += PFKEY_ALIGN8(sizeof(*sup));
 6413 
 6414                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6415                         const struct ah_algorithm *aalgo;
 6416 
 6417                         aalgo = ah_algorithm_lookup(i);
 6418                         if (!aalgo)
 6419                                 continue;
 6420                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6421                         alg->sadb_alg_id = i;
 6422                         alg->sadb_alg_ivlen = 0;
 6423                         alg->sadb_alg_minbits = aalgo->keymin;
 6424                         alg->sadb_alg_maxbits = aalgo->keymax;
 6425                         off += PFKEY_ALIGN8(sizeof(*alg));
 6426                 }
 6427         }
 6428 
 6429 #ifdef IPSEC_ESP
 6430         /* for encryption algorithm */
 6431         if (elen) {
 6432                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6433                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6434                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6435                 off += PFKEY_ALIGN8(sizeof(*sup));
 6436 
 6437                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6438                         const struct esp_algorithm *ealgo;
 6439 
 6440                         ealgo = esp_algorithm_lookup(i);
 6441                         if (!ealgo)
 6442                                 continue;
 6443                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6444                         alg->sadb_alg_id = i;
 6445                         if (ealgo && ealgo->ivlen) {
 6446                                 /*
 6447                                  * give NULL to get the value preferred by
 6448                                  * algorithm XXX SADB_X_EXT_DERIV ?
 6449                                  */
 6450                                 alg->sadb_alg_ivlen =
 6451                                     (*ealgo->ivlen)(ealgo, NULL);
 6452                         } else
 6453                                 alg->sadb_alg_ivlen = 0;
 6454                         alg->sadb_alg_minbits = ealgo->keymin;
 6455                         alg->sadb_alg_maxbits = ealgo->keymax;
 6456                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6457                 }
 6458         }
 6459 #endif
 6460 
 6461 #ifdef DIGAGNOSTIC
 6462         if (off != len)
 6463                 panic("length assumption failed in key_register");
 6464 #endif
 6465 
 6466         m_freem(m);
 6467         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6468     }
 6469 }
 6470 
 6471 /*
 6472  * free secreg entry registered.
 6473  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6474  */
 6475 void
 6476 key_freereg(so)
 6477         struct socket *so;
 6478 {
 6479         struct secreg *reg;
 6480         int i;
 6481 
 6482         /* sanity check */
 6483         if (so == NULL)
 6484                 panic("key_freereg: NULL pointer is passed.");
 6485 
 6486         /*
 6487          * check whether existing or not.
 6488          * check all type of SA, because there is a potential that
 6489          * one socket is registered to multiple type of SA.
 6490          */
 6491         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6492                 LIST_FOREACH(reg, &regtree[i], chain) {
 6493                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6494                                 LIST_REMOVE(reg, chain);
 6495                                 KFREE(reg);
 6496                                 break;
 6497                         }
 6498                 }
 6499         }
 6500         
 6501         return;
 6502 }
 6503 
 6504 /*
 6505  * SADB_EXPIRE processing
 6506  * send
 6507  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6508  * to KMD by PF_KEY.
 6509  * NOTE: We send only soft lifetime extension.
 6510  *
 6511  * OUT: 0       : succeed
 6512  *      others  : error number
 6513  */
 6514 static int
 6515 key_expire(sav)
 6516         struct secasvar *sav;
 6517 {
 6518         int s;
 6519         int satype;
 6520         struct mbuf *result = NULL, *m;
 6521         int len;
 6522         int error = -1;
 6523         struct sadb_lifetime *lt;
 6524 
 6525         /* XXX: Why do we lock ? */
 6526         s = splnet();   /*called from softclock()*/
 6527 
 6528         /* sanity check */
 6529         if (sav == NULL)
 6530                 panic("key_expire: NULL pointer is passed.");
 6531         if (sav->sah == NULL)
 6532                 panic("key_expire: Why was SA index in SA NULL.");
 6533         if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
 6534                 panic("key_expire: invalid proto is passed.");
 6535 
 6536         /* set msg header */
 6537         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6538         if (!m) {
 6539                 error = ENOBUFS;
 6540                 goto fail;
 6541         }
 6542         result = m;
 6543 
 6544         /* create SA extension */
 6545         m = key_setsadbsa(sav);
 6546         if (!m) {
 6547                 error = ENOBUFS;
 6548                 goto fail;
 6549         }
 6550         m_cat(result, m);
 6551 
 6552         /* create SA extension */
 6553         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6554             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 6555             sav->sah->saidx.reqid);
 6556         if (!m) {
 6557                 error = ENOBUFS;
 6558                 goto fail;
 6559         }
 6560         m_cat(result, m);
 6561 
 6562         /* create lifetime extension (current and soft) */
 6563         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6564         m = key_alloc_mbuf(len);
 6565         if (!m || m->m_next) {  /*XXX*/
 6566                 if (m)
 6567                         m_freem(m);
 6568                 error = ENOBUFS;
 6569                 goto fail;
 6570         }
 6571         bzero(mtod(m, caddr_t), len);
 6572         lt = mtod(m, struct sadb_lifetime *);
 6573         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6574         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6575         lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
 6576         lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
 6577         lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
 6578         lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
 6579         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6580         bcopy(sav->lft_s, lt, sizeof(*lt));
 6581         m_cat(result, m);
 6582 
 6583         /* set sadb_address for source */
 6584         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6585             (struct sockaddr *)&sav->sah->saidx.src,
 6586             FULLMASK, IPSEC_ULPROTO_ANY);
 6587         if (!m) {
 6588                 error = ENOBUFS;
 6589                 goto fail;
 6590         }
 6591         m_cat(result, m);
 6592 
 6593         /* set sadb_address for destination */
 6594         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6595             (struct sockaddr *)&sav->sah->saidx.dst,
 6596             FULLMASK, IPSEC_ULPROTO_ANY);
 6597         if (!m) {
 6598                 error = ENOBUFS;
 6599                 goto fail;
 6600         }
 6601         m_cat(result, m);
 6602 
 6603         if ((result->m_flags & M_PKTHDR) == 0) {
 6604                 error = EINVAL;
 6605                 goto fail;
 6606         }
 6607 
 6608         if (result->m_len < sizeof(struct sadb_msg)) {
 6609                 result = m_pullup(result, sizeof(struct sadb_msg));
 6610                 if (result == NULL) {
 6611                         error = ENOBUFS;
 6612                         goto fail;
 6613                 }
 6614         }
 6615 
 6616         result->m_pkthdr.len = 0;
 6617         for (m = result; m; m = m->m_next)
 6618                 result->m_pkthdr.len += m->m_len;
 6619 
 6620         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6621             PFKEY_UNIT64(result->m_pkthdr.len);
 6622 
 6623         splx(s);
 6624         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6625 
 6626  fail:
 6627         if (result)
 6628                 m_freem(result);
 6629         splx(s);
 6630         return error;
 6631 }
 6632 
 6633 /*
 6634  * SADB_FLUSH processing
 6635  * receive
 6636  *   <base>
 6637  * from the ikmpd, and free all entries in secastree.
 6638  * and send,
 6639  *   <base>
 6640  * to the ikmpd.
 6641  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 6642  *
 6643  * m will always be freed.
 6644  */
 6645 static int
 6646 key_flush(so, m, mhp)
 6647         struct socket *so;
 6648         struct mbuf *m;
 6649         const struct sadb_msghdr *mhp;
 6650 {
 6651         struct sadb_msg *newmsg;
 6652         struct secashead *sah, *nextsah;
 6653         struct secasvar *sav, *nextsav;
 6654         u_int16_t proto;
 6655         u_int8_t state;
 6656         u_int stateidx;
 6657 
 6658         /* sanity check */
 6659         if (so == NULL || mhp == NULL || mhp->msg == NULL)
 6660                 panic("key_flush: NULL pointer is passed.");
 6661 
 6662         /* map satype to proto */
 6663         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6664                 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
 6665                 return key_senderror(so, m, EINVAL);
 6666         }
 6667 
 6668         /* no SATYPE specified, i.e. flushing all SA. */
 6669         for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
 6670                 nextsah = LIST_NEXT(sah, chain);
 6671 
 6672                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6673                     proto != sah->saidx.proto)
 6674                         continue;
 6675 
 6676                 for (stateidx = 0;
 6677                      stateidx < _ARRAYLEN(saorder_state_alive);
 6678                      stateidx++) {
 6679                         state = saorder_state_any[stateidx];
 6680                         for (sav = LIST_FIRST(&sah->savtree[state]);
 6681                              sav != NULL;
 6682                              sav = nextsav) {
 6683 
 6684                                 nextsav = LIST_NEXT(sav, chain);
 6685 
 6686                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 6687                                 key_freesav(sav);
 6688                         }
 6689                 }
 6690 
 6691                 sah->state = SADB_SASTATE_DEAD;
 6692         }
 6693 
 6694         if (m->m_len < sizeof(struct sadb_msg) ||
 6695             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 6696                 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
 6697                 return key_senderror(so, m, ENOBUFS);
 6698         }
 6699 
 6700         if (m->m_next)
 6701                 m_freem(m->m_next);
 6702         m->m_next = NULL;
 6703         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 6704         newmsg = mtod(m, struct sadb_msg *);
 6705         newmsg->sadb_msg_errno = 0;
 6706         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 6707 
 6708         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6709 }
 6710 
 6711 /*
 6712  * SADB_DUMP processing
 6713  * dump all entries including status of DEAD in SAD.
 6714  * receive
 6715  *   <base>
 6716  * from the ikmpd, and dump all secasvar leaves
 6717  * and send,
 6718  *   <base> .....
 6719  * to the ikmpd.
 6720  *
 6721  * m will always be freed.
 6722  */
 6723 static int
 6724 key_dump(so, m, mhp)
 6725         struct socket *so;
 6726         struct mbuf *m;
 6727         const struct sadb_msghdr *mhp;
 6728 {
 6729         struct secashead *sah;
 6730         struct secasvar *sav;
 6731         u_int16_t proto;
 6732         u_int stateidx;
 6733         u_int8_t satype;
 6734         u_int8_t state;
 6735         int cnt;
 6736         struct mbuf *n;
 6737 
 6738         /* sanity check */
 6739         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6740                 panic("key_dump: NULL pointer is passed.");
 6741 
 6742         /* map satype to proto */
 6743         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6744                 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
 6745                 return key_senderror(so, m, EINVAL);
 6746         }
 6747 
 6748         /* count sav entries to be sent to the userland. */
 6749         cnt = 0;
 6750         LIST_FOREACH(sah, &sahtree, chain) {
 6751                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6752                     proto != sah->saidx.proto)
 6753                         continue;
 6754 
 6755                 for (stateidx = 0;
 6756                      stateidx < _ARRAYLEN(saorder_state_any);
 6757                      stateidx++) {
 6758                         state = saorder_state_any[stateidx];
 6759                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6760                                 cnt++;
 6761                         }
 6762                 }
 6763         }
 6764 
 6765         if (cnt == 0)
 6766                 return key_senderror(so, m, ENOENT);
 6767 
 6768         /* send this to the userland, one at a time. */
 6769         LIST_FOREACH(sah, &sahtree, chain) {
 6770                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6771                     proto != sah->saidx.proto)
 6772                         continue;
 6773 
 6774                 /* map proto to satype */
 6775                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 6776                         ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
 6777                         return key_senderror(so, m, EINVAL);
 6778                 }
 6779 
 6780                 for (stateidx = 0;
 6781                      stateidx < _ARRAYLEN(saorder_state_any);
 6782                      stateidx++) {
 6783                         state = saorder_state_any[stateidx];
 6784                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6785                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 6786                                     --cnt, mhp->msg->sadb_msg_pid);
 6787                                 if (!n)
 6788                                         return key_senderror(so, m, ENOBUFS);
 6789 
 6790                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 6791                         }
 6792                 }
 6793         }
 6794 
 6795         m_freem(m);
 6796         return 0;
 6797 }
 6798 
 6799 /*
 6800  * SADB_X_PROMISC processing
 6801  *
 6802  * m will always be freed.
 6803  */
 6804 static int
 6805 key_promisc(so, m, mhp)
 6806         struct socket *so;
 6807         struct mbuf *m;
 6808         const struct sadb_msghdr *mhp;
 6809 {
 6810         int olen;
 6811 
 6812         /* sanity check */
 6813         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6814                 panic("key_promisc: NULL pointer is passed.");
 6815 
 6816         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 6817 
 6818         if (olen < sizeof(struct sadb_msg)) {
 6819 #if 1
 6820                 return key_senderror(so, m, EINVAL);
 6821 #else
 6822                 m_freem(m);
 6823                 return 0;
 6824 #endif
 6825         } else if (olen == sizeof(struct sadb_msg)) {
 6826                 /* enable/disable promisc mode */
 6827                 struct keycb *kp;
 6828 
 6829                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 6830                         return key_senderror(so, m, EINVAL);
 6831                 mhp->msg->sadb_msg_errno = 0;
 6832                 switch (mhp->msg->sadb_msg_satype) {
 6833                 case 0:
 6834                 case 1:
 6835                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 6836                         break;
 6837                 default:
 6838                         return key_senderror(so, m, EINVAL);
 6839                 }
 6840 
 6841                 /* send the original message back to everyone */
 6842                 mhp->msg->sadb_msg_errno = 0;
 6843                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6844         } else {
 6845                 /* send packet as is */
 6846 
 6847                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 6848 
 6849                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 6850                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6851         }
 6852 }
 6853 
 6854 static int (*key_typesw[])(struct socket *, struct mbuf *,
 6855                 const struct sadb_msghdr *) = {
 6856         NULL,           /* SADB_RESERVED */
 6857         key_getspi,     /* SADB_GETSPI */
 6858         key_update,     /* SADB_UPDATE */
 6859         key_add,        /* SADB_ADD */
 6860         key_delete,     /* SADB_DELETE */
 6861         key_get,        /* SADB_GET */
 6862         key_acquire2,   /* SADB_ACQUIRE */
 6863         key_register,   /* SADB_REGISTER */
 6864         NULL,           /* SADB_EXPIRE */
 6865         key_flush,      /* SADB_FLUSH */
 6866         key_dump,       /* SADB_DUMP */
 6867         key_promisc,    /* SADB_X_PROMISC */
 6868         NULL,           /* SADB_X_PCHANGE */
 6869         key_spdadd,     /* SADB_X_SPDUPDATE */
 6870         key_spdadd,     /* SADB_X_SPDADD */
 6871         key_spddelete,  /* SADB_X_SPDDELETE */
 6872         key_spdget,     /* SADB_X_SPDGET */
 6873         NULL,           /* SADB_X_SPDACQUIRE */
 6874         key_spddump,    /* SADB_X_SPDDUMP */
 6875         key_spdflush,   /* SADB_X_SPDFLUSH */
 6876         key_spdadd,     /* SADB_X_SPDSETIDX */
 6877         NULL,           /* SADB_X_SPDEXPIRE */
 6878         key_spddelete2, /* SADB_X_SPDDELETE2 */
 6879 };
 6880 
 6881 /*
 6882  * parse sadb_msg buffer to process PFKEYv2,
 6883  * and create a data to response if needed.
 6884  * I think to be dealed with mbuf directly.
 6885  * IN:
 6886  *     msgp  : pointer to pointer to a received buffer pulluped.
 6887  *             This is rewrited to response.
 6888  *     so    : pointer to socket.
 6889  * OUT:
 6890  *    length for buffer to send to user process.
 6891  */
 6892 int
 6893 key_parse(m, so)
 6894         struct mbuf *m;
 6895         struct socket *so;
 6896 {
 6897         struct sadb_msg *msg;
 6898         struct sadb_msghdr mh;
 6899         u_int orglen;
 6900         int error;
 6901         int target;
 6902 
 6903         /* sanity check */
 6904         if (m == NULL || so == NULL)
 6905                 panic("key_parse: NULL pointer is passed.");
 6906 
 6907 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 6908         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 6909                 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
 6910                 kdebug_sadb(msg));
 6911 #endif
 6912 
 6913         if (m->m_len < sizeof(struct sadb_msg)) {
 6914                 m = m_pullup(m, sizeof(struct sadb_msg));
 6915                 if (!m)
 6916                         return ENOBUFS;
 6917         }
 6918         msg = mtod(m, struct sadb_msg *);
 6919         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 6920         target = KEY_SENDUP_ONE;
 6921 
 6922         if ((m->m_flags & M_PKTHDR) == 0 ||
 6923             m->m_pkthdr.len != m->m_pkthdr.len) {
 6924                 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
 6925                 pfkeystat.out_invlen++;
 6926                 error = EINVAL;
 6927                 goto senderror;
 6928         }
 6929 
 6930         if (msg->sadb_msg_version != PF_KEY_V2) {
 6931                 ipseclog((LOG_DEBUG,
 6932                     "key_parse: PF_KEY version %u is mismatched.\n",
 6933                     msg->sadb_msg_version));
 6934                 pfkeystat.out_invver++;
 6935                 error = EINVAL;
 6936                 goto senderror;
 6937         }
 6938 
 6939         if (msg->sadb_msg_type > SADB_MAX) {
 6940                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 6941                     msg->sadb_msg_type));
 6942                 pfkeystat.out_invmsgtype++;
 6943                 error = EINVAL;
 6944                 goto senderror;
 6945         }
 6946 
 6947         /* for old-fashioned code - should be nuked */
 6948         if (m->m_pkthdr.len > MCLBYTES) {
 6949                 m_freem(m);
 6950                 return ENOBUFS;
 6951         }
 6952         if (m->m_next) {
 6953                 struct mbuf *n;
 6954 
 6955                 MGETHDR(n, M_DONTWAIT, MT_DATA);
 6956                 if (n && m->m_pkthdr.len > MHLEN) {
 6957                         MCLGET(n, M_DONTWAIT);
 6958                         if ((n->m_flags & M_EXT) == 0) {
 6959                                 m_free(n);
 6960                                 n = NULL;
 6961                         }
 6962                 }
 6963                 if (!n) {
 6964                         m_freem(m);
 6965                         return ENOBUFS;
 6966                 }
 6967                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 6968                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 6969                 n->m_next = NULL;
 6970                 m_freem(m);
 6971                 m = n;
 6972         }
 6973 
 6974         /* align the mbuf chain so that extensions are in contiguous region. */
 6975         error = key_align(m, &mh);
 6976         if (error)
 6977                 return error;
 6978 
 6979         msg = mh.msg;
 6980 
 6981         /* check SA type */
 6982         switch (msg->sadb_msg_satype) {
 6983         case SADB_SATYPE_UNSPEC:
 6984                 switch (msg->sadb_msg_type) {
 6985                 case SADB_GETSPI:
 6986                 case SADB_UPDATE:
 6987                 case SADB_ADD:
 6988                 case SADB_DELETE:
 6989                 case SADB_GET:
 6990                 case SADB_ACQUIRE:
 6991                 case SADB_EXPIRE:
 6992                         ipseclog((LOG_DEBUG, "key_parse: must specify satype "
 6993                             "when msg type=%u.\n", msg->sadb_msg_type));
 6994                         pfkeystat.out_invsatype++;
 6995                         error = EINVAL;
 6996                         goto senderror;
 6997                 }
 6998                 break;
 6999         case SADB_SATYPE_AH:
 7000         case SADB_SATYPE_ESP:
 7001         case SADB_X_SATYPE_IPCOMP:
 7002         case SADB_X_SATYPE_TCPSIGNATURE:
 7003                 switch (msg->sadb_msg_type) {
 7004                 case SADB_X_SPDADD:
 7005                 case SADB_X_SPDDELETE:
 7006                 case SADB_X_SPDGET:
 7007                 case SADB_X_SPDDUMP:
 7008                 case SADB_X_SPDFLUSH:
 7009                 case SADB_X_SPDSETIDX:
 7010                 case SADB_X_SPDUPDATE:
 7011                 case SADB_X_SPDDELETE2:
 7012                         ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
 7013                             msg->sadb_msg_type));
 7014                         pfkeystat.out_invsatype++;
 7015                         error = EINVAL;
 7016                         goto senderror;
 7017                 }
 7018                 break;
 7019         case SADB_SATYPE_RSVP:
 7020         case SADB_SATYPE_OSPFV2:
 7021         case SADB_SATYPE_RIPV2:
 7022         case SADB_SATYPE_MIP:
 7023                 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
 7024                     msg->sadb_msg_satype));
 7025                 pfkeystat.out_invsatype++;
 7026                 error = EOPNOTSUPP;
 7027                 goto senderror;
 7028         case 1: /* XXX: What does it do? */
 7029                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7030                         break;
 7031                 /*FALLTHROUGH*/
 7032         default:
 7033                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 7034                     msg->sadb_msg_satype));
 7035                 pfkeystat.out_invsatype++;
 7036                 error = EINVAL;
 7037                 goto senderror;
 7038         }
 7039 
 7040         /* check field of upper layer protocol and address family */
 7041         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 7042             mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7043                 struct sadb_address *src0, *dst0;
 7044                 u_int plen;
 7045 
 7046                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7047                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7048 
 7049                 /* check upper layer protocol */
 7050                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7051                         ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
 7052                         pfkeystat.out_invaddr++;
 7053                         error = EINVAL;
 7054                         goto senderror;
 7055                 }
 7056 
 7057                 /* check family */
 7058                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7059                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7060                         ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
 7061                         pfkeystat.out_invaddr++;
 7062                         error = EINVAL;
 7063                         goto senderror;
 7064                 }
 7065                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7066                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7067                         ipseclog((LOG_DEBUG,
 7068                             "key_parse: address struct size mismatched.\n"));
 7069                         pfkeystat.out_invaddr++;
 7070                         error = EINVAL;
 7071                         goto senderror;
 7072                 }
 7073 
 7074                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7075                 case AF_INET:
 7076                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7077                             sizeof(struct sockaddr_in)) {
 7078                                 pfkeystat.out_invaddr++;
 7079                                 error = EINVAL;
 7080                                 goto senderror;
 7081                         }
 7082                         break;
 7083                 case AF_INET6:
 7084                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7085                             sizeof(struct sockaddr_in6)) {
 7086                                 pfkeystat.out_invaddr++;
 7087                                 error = EINVAL;
 7088                                 goto senderror;
 7089                         }
 7090                         break;
 7091                 default:
 7092                         ipseclog((LOG_DEBUG,
 7093                             "key_parse: unsupported address family.\n"));
 7094                         pfkeystat.out_invaddr++;
 7095                         error = EAFNOSUPPORT;
 7096                         goto senderror;
 7097                 }
 7098 
 7099                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7100                 case AF_INET:
 7101                         plen = sizeof(struct in_addr) << 3;
 7102                         break;
 7103                 case AF_INET6:
 7104                         plen = sizeof(struct in6_addr) << 3;
 7105                         break;
 7106                 default:
 7107                         plen = 0;       /*fool gcc*/
 7108                         break;
 7109                 }
 7110 
 7111                 /* check max prefix length */
 7112                 if (src0->sadb_address_prefixlen > plen ||
 7113                     dst0->sadb_address_prefixlen > plen) {
 7114                         ipseclog((LOG_DEBUG,
 7115                             "key_parse: illegal prefixlen.\n"));
 7116                         pfkeystat.out_invaddr++;
 7117                         error = EINVAL;
 7118                         goto senderror;
 7119                 }
 7120 
 7121                 /*
 7122                  * prefixlen == 0 is valid because there can be a case when
 7123                  * all addresses are matched.
 7124                  */
 7125         }
 7126 
 7127         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7128             key_typesw[msg->sadb_msg_type] == NULL) {
 7129                 pfkeystat.out_invmsgtype++;
 7130                 error = EINVAL;
 7131                 goto senderror;
 7132         }
 7133 
 7134         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7135 
 7136 senderror:
 7137         msg->sadb_msg_errno = error;
 7138         return key_sendup_mbuf(so, m, target);
 7139 }
 7140 
 7141 static int
 7142 key_senderror(so, m, code)
 7143         struct socket *so;
 7144         struct mbuf *m;
 7145         int code;
 7146 {
 7147         struct sadb_msg *msg;
 7148 
 7149         if (m->m_len < sizeof(struct sadb_msg))
 7150                 panic("invalid mbuf passed to key_senderror");
 7151 
 7152         msg = mtod(m, struct sadb_msg *);
 7153         msg->sadb_msg_errno = code;
 7154         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7155 }
 7156 
 7157 /*
 7158  * set the pointer to each header into message buffer.
 7159  * m will be freed on error.
 7160  * XXX larger-than-MCLBYTES extension?
 7161  */
 7162 static int
 7163 key_align(m, mhp)
 7164         struct mbuf *m;
 7165         struct sadb_msghdr *mhp;
 7166 {
 7167         struct mbuf *n;
 7168         struct sadb_ext *ext;
 7169         size_t off, end;
 7170         int extlen;
 7171         int toff;
 7172 
 7173         /* sanity check */
 7174         if (m == NULL || mhp == NULL)
 7175                 panic("key_align: NULL pointer is passed.");
 7176         if (m->m_len < sizeof(struct sadb_msg))
 7177                 panic("invalid mbuf passed to key_align");
 7178 
 7179         /* initialize */
 7180         bzero(mhp, sizeof(*mhp));
 7181 
 7182         mhp->msg = mtod(m, struct sadb_msg *);
 7183         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7184 
 7185         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7186         extlen = end;   /*just in case extlen is not updated*/
 7187         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7188                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7189                 if (!n) {
 7190                         /* m is already freed */
 7191                         return ENOBUFS;
 7192                 }
 7193                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7194 
 7195                 /* set pointer */
 7196                 switch (ext->sadb_ext_type) {
 7197                 case SADB_EXT_SA:
 7198                 case SADB_EXT_ADDRESS_SRC:
 7199                 case SADB_EXT_ADDRESS_DST:
 7200                 case SADB_EXT_ADDRESS_PROXY:
 7201                 case SADB_EXT_LIFETIME_CURRENT:
 7202                 case SADB_EXT_LIFETIME_HARD:
 7203                 case SADB_EXT_LIFETIME_SOFT:
 7204                 case SADB_EXT_KEY_AUTH:
 7205                 case SADB_EXT_KEY_ENCRYPT:
 7206                 case SADB_EXT_IDENTITY_SRC:
 7207                 case SADB_EXT_IDENTITY_DST:
 7208                 case SADB_EXT_SENSITIVITY:
 7209                 case SADB_EXT_PROPOSAL:
 7210                 case SADB_EXT_SUPPORTED_AUTH:
 7211                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7212                 case SADB_EXT_SPIRANGE:
 7213                 case SADB_X_EXT_POLICY:
 7214                 case SADB_X_EXT_SA2:
 7215                         /* duplicate check */
 7216                         /*
 7217                          * XXX Are there duplication payloads of either
 7218                          * KEY_AUTH or KEY_ENCRYPT ?
 7219                          */
 7220                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7221                                 ipseclog((LOG_DEBUG,
 7222                                     "key_align: duplicate ext_type %u "
 7223                                     "is passed.\n", ext->sadb_ext_type));
 7224                                 m_freem(m);
 7225                                 pfkeystat.out_dupext++;
 7226                                 return EINVAL;
 7227                         }
 7228                         break;
 7229                 default:
 7230                         ipseclog((LOG_DEBUG,
 7231                             "key_align: invalid ext_type %u is passed.\n",
 7232                             ext->sadb_ext_type));
 7233                         m_freem(m);
 7234                         pfkeystat.out_invexttype++;
 7235                         return EINVAL;
 7236                 }
 7237 
 7238                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7239 
 7240                 if (key_validate_ext(ext, extlen)) {
 7241                         m_freem(m);
 7242                         pfkeystat.out_invlen++;
 7243                         return EINVAL;
 7244                 }
 7245 
 7246                 n = m_pulldown(m, off, extlen, &toff);
 7247                 if (!n) {
 7248                         /* m is already freed */
 7249                         return ENOBUFS;
 7250                 }
 7251                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7252 
 7253                 mhp->ext[ext->sadb_ext_type] = ext;
 7254                 mhp->extoff[ext->sadb_ext_type] = off;
 7255                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7256         }
 7257 
 7258         if (off != end) {
 7259                 m_freem(m);
 7260                 pfkeystat.out_invlen++;
 7261                 return EINVAL;
 7262         }
 7263 
 7264         return 0;
 7265 }
 7266 
 7267 static int
 7268 key_validate_ext(ext, len)
 7269         struct sadb_ext *ext;
 7270         int len;
 7271 {
 7272         struct sockaddr *sa;
 7273         enum { NONE, ADDR } checktype = NONE;
 7274         int baselen = 0;
 7275         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7276 
 7277         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7278                 return EINVAL;
 7279 
 7280         /* if it does not match minimum/maximum length, bail */
 7281         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7282             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7283                 return EINVAL;
 7284         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7285                 return EINVAL;
 7286         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7287                 return EINVAL;
 7288 
 7289         /* more checks based on sadb_ext_type XXX need more */
 7290         switch (ext->sadb_ext_type) {
 7291         case SADB_EXT_ADDRESS_SRC:
 7292         case SADB_EXT_ADDRESS_DST:
 7293         case SADB_EXT_ADDRESS_PROXY:
 7294                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7295                 checktype = ADDR;
 7296                 break;
 7297         case SADB_EXT_IDENTITY_SRC:
 7298         case SADB_EXT_IDENTITY_DST:
 7299                 if (((struct sadb_ident *)ext)->sadb_ident_type ==
 7300                     SADB_X_IDENTTYPE_ADDR) {
 7301                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7302                         checktype = ADDR;
 7303                 } else
 7304                         checktype = NONE;
 7305                 break;
 7306         default:
 7307                 checktype = NONE;
 7308                 break;
 7309         }
 7310 
 7311         switch (checktype) {
 7312         case NONE:
 7313                 break;
 7314         case ADDR:
 7315                 sa = (struct sockaddr *)((caddr_t)ext + baselen);
 7316                 if (len < baselen + sal)
 7317                         return EINVAL;
 7318                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7319                         return EINVAL;
 7320                 break;
 7321         }
 7322 
 7323         return 0;
 7324 }
 7325 
 7326 void
 7327 key_init()
 7328 {
 7329         int i;
 7330 
 7331         bzero((caddr_t)&key_cb, sizeof(key_cb));
 7332 
 7333         callout_init(&key_timehandler_ch, 0);
 7334 
 7335         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7336                 LIST_INIT(&sptree[i]);
 7337 
 7338         LIST_INIT(&sahtree);
 7339 
 7340         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7341                 LIST_INIT(&regtree[i]);
 7342 
 7343         for (i = 0; i < SPIHASHSIZE; i++)
 7344                 LIST_INIT(&spihash[i]);
 7345 
 7346 #ifndef IPSEC_NONBLOCK_ACQUIRE
 7347         LIST_INIT(&acqtree);
 7348 #endif
 7349         LIST_INIT(&spacqtree);
 7350 
 7351         TAILQ_INIT(&satailq);
 7352         TAILQ_INIT(&sptailq);
 7353 
 7354         /* system default */
 7355 #ifdef INET
 7356         ip4_def_policy = key_newsp(0);
 7357         if (!ip4_def_policy)
 7358                 panic("could not initialize IPv4 default security policy");
 7359         ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7360         ip4_def_policy->policy = IPSEC_POLICY_NONE;
 7361         ip4_def_policy->dir = IPSEC_DIR_ANY;
 7362         ip4_def_policy->readonly = 1;
 7363         ip4_def_policy->persist = 1;
 7364 #endif
 7365 #ifdef INET6
 7366         ip6_def_policy = key_newsp(0);
 7367         if (!ip6_def_policy)
 7368                 panic("could not initialize IPv6 default security policy");
 7369         ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7370         ip6_def_policy->policy = IPSEC_POLICY_NONE;
 7371         ip6_def_policy->dir = IPSEC_DIR_ANY;
 7372         ip6_def_policy->readonly = 1;
 7373         ip6_def_policy->persist = 1;
 7374 #endif
 7375 
 7376         callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
 7377 
 7378         /* initialize key statistics */
 7379         keystat.getspi_count = 1;
 7380 
 7381         printf("IPsec: Initialized Security Association Processing.\n");
 7382 
 7383         return;
 7384 }
 7385 
 7386 /*
 7387  * XXX: maybe This function is called after INBOUND IPsec processing.
 7388  *
 7389  * Special check for tunnel-mode packets.
 7390  * We must make some checks for consistency between inner and outer IP header.
 7391  *
 7392  * xxx more checks to be provided
 7393  */
 7394 int
 7395 key_checktunnelsanity(sav, family, src, dst)
 7396         struct secasvar *sav;
 7397         u_int family;
 7398         caddr_t src;
 7399         caddr_t dst;
 7400 {
 7401         /* sanity check */
 7402         if (sav->sah == NULL)
 7403                 panic("sav->sah == NULL at key_checktunnelsanity");
 7404 
 7405         /* XXX: check inner IP header */
 7406 
 7407         return 1;
 7408 }
 7409 
 7410 #if 0
 7411 /*
 7412  * Get FQDN for the host.
 7413  * If the administrator configured hostname (by hostname(1)) without
 7414  * domain name, returns nothing.
 7415  */
 7416 static const char *
 7417 key_getfqdn()
 7418 {
 7419         int i;
 7420         int hasdot;
 7421         static char fqdn[MAXHOSTNAMELEN + 1];
 7422         int hostnamelen = strlen(hostname);
 7423 
 7424         if (!hostnamelen)
 7425                 return NULL;
 7426 
 7427         /* check if it comes with domain name. */
 7428         hasdot = 0;
 7429         for (i = 0; i < hostnamelen; i++) {
 7430                 if (hostname[i] == '.')
 7431                         hasdot++;
 7432         }
 7433         if (!hasdot)
 7434                 return NULL;
 7435 
 7436         /* NOTE: hostname may not be NUL-terminated. */
 7437         bzero(fqdn, sizeof(fqdn));
 7438         bcopy(hostname, fqdn, hostnamelen);
 7439         fqdn[hostnamelen] = '\0';
 7440         return fqdn;
 7441 }
 7442 
 7443 /*
 7444  * get username@FQDN for the host/user.
 7445  */
 7446 static const char *
 7447 key_getuserfqdn()
 7448 {
 7449         const char *host;
 7450         static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
 7451         struct proc *p = curproc;
 7452         char *q;
 7453 
 7454         PROC_LOCK(p);
 7455         if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
 7456                 PROC_UNLOCK(p);
 7457                 return NULL;
 7458         }
 7459         if (!(host = key_getfqdn())) {
 7460                 PROC_UNLOCK(p);
 7461                 return NULL;
 7462         }
 7463 
 7464         /* NOTE: s_login may not be-NUL terminated. */
 7465         bzero(userfqdn, sizeof(userfqdn));
 7466         SESS_LOCK(p->p_session);
 7467         bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
 7468         SESS_UNLOCK(p->p_session);
 7469         PROC_UNLOCK(p);
 7470         userfqdn[MAXLOGNAME] = '\0';    /* safeguard */
 7471         q = userfqdn + strlen(userfqdn);
 7472         *q++ = '@';
 7473         bcopy(host, q, strlen(host));
 7474         q += strlen(host);
 7475         *q++ = '\0';
 7476 
 7477         return userfqdn;
 7478 }
 7479 #endif
 7480 
 7481 /* record data transfer on SA, and update timestamps */
 7482 void
 7483 key_sa_recordxfer(sav, m)
 7484         struct secasvar *sav;
 7485         struct mbuf *m;
 7486 {
 7487         if (!sav)
 7488                 panic("key_sa_recordxfer called with sav == NULL");
 7489         if (!m)
 7490                 panic("key_sa_recordxfer called with m == NULL");
 7491         if (!sav->lft_c)
 7492                 return;
 7493 
 7494         /*
 7495          * XXX Currently, there is a difference of bytes size
 7496          * between inbound and outbound processing.
 7497          */
 7498         sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
 7499         /* to check bytes lifetime is done in key_timehandler(). */
 7500 
 7501         /*
 7502          * We use the number of packets as the unit of
 7503          * sadb_lifetime_allocations.  We increment the variable
 7504          * whenever {esp,ah}_{in,out}put is called.
 7505          */
 7506         sav->lft_c->sadb_lifetime_allocations++;
 7507         /* XXX check for expires? */
 7508 
 7509         /*
 7510          * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
 7511          * in seconds.  HARD and SOFT lifetime are measured by the time
 7512          * difference (again in seconds) from sadb_lifetime_usetime.
 7513          *
 7514          *      usetime
 7515          *      v     expire   expire
 7516          * -----+-----+--------+---> t
 7517          *      <--------------> HARD
 7518          *      <-----> SOFT
 7519          */
 7520     {
 7521         sav->lft_c->sadb_lifetime_usetime = time_second;
 7522         /* XXX check for expires? */
 7523     }
 7524 
 7525         return;
 7526 }
 7527 
 7528 /* dumb version */
 7529 void
 7530 key_sa_routechange(dst)
 7531         struct sockaddr *dst;
 7532 {
 7533         struct secashead *sah;
 7534         struct route *ro;
 7535 
 7536         LIST_FOREACH(sah, &sahtree, chain) {
 7537                 ro = &sah->sa_route;
 7538                 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
 7539                     bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
 7540                         RTFREE(ro->ro_rt);
 7541                         ro->ro_rt = (struct rtentry *)NULL;
 7542                 }
 7543         }
 7544 
 7545         return;
 7546 }
 7547 
 7548 static void
 7549 key_sa_chgstate(sav, state)
 7550         struct secasvar *sav;
 7551         u_int8_t state;
 7552 {
 7553         if (sav == NULL)
 7554                 panic("key_sa_chgstate called with sav == NULL");
 7555 
 7556         if (sav->state == state)
 7557                 return;
 7558 
 7559         if (__LIST_CHAINED(sav))
 7560                 LIST_REMOVE(sav, chain);
 7561 
 7562         sav->state = state;
 7563         LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
 7564 }
 7565 
 7566 void
 7567 key_sa_stir_iv(sav)
 7568         struct secasvar *sav;
 7569 {
 7570 
 7571         if (!sav->iv)
 7572                 panic("key_sa_stir_iv called with sav == NULL");
 7573         key_randomfill(sav->iv, sav->ivlen);
 7574 }
 7575 
 7576 static void
 7577 key_sp_dead(sp)
 7578         struct secpolicy *sp;
 7579 {
 7580 
 7581         /* mark the SP dead */
 7582         sp->state = IPSEC_SPSTATE_DEAD;
 7583 }
 7584 
 7585 static void
 7586 key_sp_unlink(sp)
 7587         struct secpolicy *sp;
 7588 {
 7589 
 7590         /* remove from SP index */
 7591         if (__LIST_CHAINED(sp)) {
 7592                 LIST_REMOVE(sp, chain);
 7593                 key_freesp(sp);
 7594         }
 7595 }
 7596 
 7597 /* XXX too much? */
 7598 static struct mbuf *
 7599 key_alloc_mbuf(l)
 7600         int l;
 7601 {
 7602         struct mbuf *m = NULL, *n;
 7603         int len, t;
 7604 
 7605         len = l;
 7606         while (len > 0) {
 7607                 MGET(n, M_DONTWAIT, MT_DATA);
 7608                 if (n && len > MLEN)
 7609                         MCLGET(n, M_DONTWAIT);
 7610                 if (!n) {
 7611                         m_freem(m);
 7612                         return NULL;
 7613                 }
 7614 
 7615                 n->m_next = NULL;
 7616                 n->m_len = 0;
 7617                 n->m_len = M_TRAILINGSPACE(n);
 7618                 /* use the bottom of mbuf, hoping we can prepend afterwards */
 7619                 if (n->m_len > len) {
 7620                         t = (n->m_len - len) & ~(sizeof(long) - 1);
 7621                         n->m_data += t;
 7622                         n->m_len = len;
 7623                 }
 7624 
 7625                 len -= n->m_len;
 7626 
 7627                 if (m)
 7628                         m_cat(m, n);
 7629                 else
 7630                         m = n;
 7631         }
 7632 
 7633         return m;
 7634 }

Cache object: 861939d75117d65e5ac70308c2dfae6f


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.