The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $   */
    2 
    3 /*-
    4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  * 3. Neither the name of the project nor the names of its contributors
   16  *    may be used to endorse or promote products derived from this software
   17  *    without specific prior written permission.
   18  *
   19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   29  * SUCH DAMAGE.
   30  */
   31 
   32 #include <sys/cdefs.h>
   33 __FBSDID("$FreeBSD$");
   34 
   35 /*
   36  * This code is referd to RFC 2367
   37  */
   38 
   39 #include "opt_inet.h"
   40 #include "opt_inet6.h"
   41 #include "opt_ipsec.h"
   42 
   43 #include <sys/types.h>
   44 #include <sys/param.h>
   45 #include <sys/systm.h>
   46 #include <sys/kernel.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/socket.h>
   52 #include <sys/socketvar.h>
   53 #include <sys/sysctl.h>
   54 #include <sys/errno.h>
   55 #include <sys/proc.h>
   56 #include <sys/queue.h>
   57 #include <sys/syslog.h>
   58 
   59 #include <net/if.h>
   60 #include <net/route.h>
   61 #include <net/raw_cb.h>
   62 
   63 #include <netinet/in.h>
   64 #include <netinet/in_systm.h>
   65 #include <netinet/ip.h>
   66 #include <netinet/in_var.h>
   67 
   68 #ifdef INET6
   69 #include <netinet/ip6.h>
   70 #include <netinet6/in6_var.h>
   71 #include <netinet6/ip6_var.h>
   72 #include <netinet6/scope6_var.h>
   73 #endif /* INET6 */
   74 
   75 #ifdef INET
   76 #include <netinet/in_pcb.h>
   77 #endif
   78 #ifdef INET6
   79 #include <netinet6/in6_pcb.h>
   80 #endif /* INET6 */
   81 
   82 #include <net/pfkeyv2.h>
   83 #include <netkey/keydb.h>
   84 #include <netkey/key.h>
   85 #include <netkey/keysock.h>
   86 #include <netkey/key_debug.h>
   87 
   88 #include <netinet6/ipsec.h>
   89 #ifdef INET6
   90 #include <netinet6/ipsec6.h>
   91 #endif
   92 #include <netinet6/ah.h>
   93 #ifdef INET6
   94 #include <netinet6/ah6.h>
   95 #endif
   96 #ifdef IPSEC_ESP
   97 #include <netinet6/esp.h>
   98 #ifdef INET6
   99 #include <netinet6/esp6.h>
  100 #endif
  101 #endif
  102 #include <netinet6/ipcomp.h>
  103 #ifdef INET6
  104 #include <netinet6/ipcomp6.h>
  105 #endif
  106 
  107 #include <machine/stdarg.h>
  108 
  109 /* randomness */
  110 #include <sys/random.h>
  111 
  112 #include <net/net_osdep.h>
  113 
  114 #ifndef satosin
  115 #define satosin(s) ((struct sockaddr_in *)s)
  116 #endif
  117 
  118 #define FULLMASK        0xff
  119 
  120 /*
  121  * Note on SA reference counting:
  122  * - SAs that are not in DEAD state will have (total external reference + 1)
  123  *   following value in reference count field.  they cannot be freed and are
  124  *   referenced from SA header.
  125  * - SAs that are in DEAD state will have (total external reference)
  126  *   in reference count field.  they are ready to be freed.  reference from
  127  *   SA header will be removed in keydb_delsecasvar(), when the reference count
  128  *   field hits 0 (= no external reference other than from SA header.
  129  */
  130 
  131 u_int32_t key_debug_level = 0;
  132 static u_int key_spi_trycnt = 1000;
  133 static u_int32_t key_spi_minval = 0x100;
  134 static u_int32_t key_spi_maxval = 0x0fffffff;   /* XXX */
  135 static u_int key_larval_lifetime = 30;  /* interval to expire acquiring, 30(s)*/
  136 static int key_blockacq_count = 10;     /* counter for blocking SADB_ACQUIRE.*/
  137 static int key_blockacq_lifetime = 20;  /* lifetime for blocking SADB_ACQUIRE.*/
  138 static int key_preferred_oldsa = 1;     /* preferred old sa rather than new sa.*/
  139 
  140 static u_int32_t acq_seq = 0;
  141 
  142 struct _satailq satailq;                /* list of all SAD entry */
  143 struct _sptailq sptailq;                /* SPD table + pcb */
  144 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX];     /* SPD table */
  145 static LIST_HEAD(_sahtree, secashead) sahtree;                  /* SAD */
  146 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
  147                                                         /* registed list */
  148 
  149 #define SPIHASHSIZE     128
  150 #define SPIHASH(x)      (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
  151 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
  152 
  153 #ifndef IPSEC_NONBLOCK_ACQUIRE
  154 static LIST_HEAD(_acqtree, secacq) acqtree;             /* acquiring list */
  155 #endif
  156 static LIST_HEAD(_spacqtree, secspacq) spacqtree;       /* SP acquiring list */
  157 
  158 struct key_cb key_cb;
  159 
  160 /* search order for SAs */
  161 static const u_int saorder_state_valid_prefer_old[] = {
  162         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  163 };
  164 static const u_int saorder_state_valid_prefer_new[] = {
  165         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  166 };
  167 static const u_int saorder_state_alive[] = {
  168         /* except DEAD */
  169         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  170 };
  171 static const u_int saorder_state_any[] = {
  172         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  173         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  174 };
  175 
  176 static const int minsize[] = {
  177         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  178         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  179         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  180         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  181         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  182         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  183         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  184         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  185         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  186         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  187         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  188         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  189         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  190         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  191         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  192         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  193         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  194         0,                              /* SADB_X_EXT_KMPRIVATE */
  195         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  196         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  197 };
  198 static const int maxsize[] = {
  199         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  200         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  201         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  202         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  203         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  204         0,                              /* SADB_EXT_ADDRESS_SRC */
  205         0,                              /* SADB_EXT_ADDRESS_DST */
  206         0,                              /* SADB_EXT_ADDRESS_PROXY */
  207         0,                              /* SADB_EXT_KEY_AUTH */
  208         0,                              /* SADB_EXT_KEY_ENCRYPT */
  209         0,                              /* SADB_EXT_IDENTITY_SRC */
  210         0,                              /* SADB_EXT_IDENTITY_DST */
  211         0,                              /* SADB_EXT_SENSITIVITY */
  212         0,                              /* SADB_EXT_PROPOSAL */
  213         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  214         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  215         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  216         0,                              /* SADB_X_EXT_KMPRIVATE */
  217         0,                              /* SADB_X_EXT_POLICY */
  218         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  219 };
  220 
  221 static int ipsec_esp_keymin = 256;
  222 #ifdef IPSEC_ESP
  223 static int ipsec_esp_auth = 0;
  224 #endif
  225 static int ipsec_ah_keymin = 128;
  226 
  227 SYSCTL_DECL(_net_key);
  228 
  229 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,        debug,  CTLFLAG_RW, \
  230         &key_debug_level,       0,      "");
  231 
  232 /* max count of trial for the decision of spi value */
  233 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY,            spi_trycnt,     CTLFLAG_RW, \
  234         &key_spi_trycnt,        0,      "");
  235 
  236 /* minimum spi value to allocate automatically. */
  237 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE,      spi_minval,     CTLFLAG_RW, \
  238         &key_spi_minval,        0,      "");
  239 
  240 /* maximun spi value to allocate automatically. */
  241 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE,      spi_maxval,     CTLFLAG_RW, \
  242         &key_spi_maxval,        0,      "");
  243 
  244 /* lifetime for larval SA */
  245 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME,    larval_lifetime, CTLFLAG_RW, \
  246         &key_larval_lifetime,   0,      "");
  247 
  248 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  249 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT,     blockacq_count, CTLFLAG_RW, \
  250         &key_blockacq_count,    0,      "");
  251 
  252 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  253 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME,  blockacq_lifetime, CTLFLAG_RW, \
  254         &key_blockacq_lifetime, 0,      "");
  255 
  256 #ifdef IPSEC_ESP
  257 /* ESP auth */
  258 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH,   esp_auth, CTLFLAG_RW, \
  259         &ipsec_esp_auth,        0,      "ESP auth");
  260 #endif
  261 
  262 /* minimum ESP key length */
  263 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
  264         &ipsec_esp_keymin,      0,      "");
  265 
  266 /* minimum AH key length */
  267 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN,  ah_keymin, CTLFLAG_RW, \
  268         &ipsec_ah_keymin,       0,      "");
  269 
  270 /* perfered old SA rather than new SA */
  271 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA,     preferred_oldsa, CTLFLAG_RW,\
  272         &key_preferred_oldsa,   0,      "");
  273 
  274 #define __LIST_CHAINED(elm) \
  275         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  276 #define LIST_INSERT_TAIL(head, elm, type, field) \
  277 do {\
  278         struct type *curelm = LIST_FIRST(head); \
  279         if (curelm == NULL) {\
  280                 LIST_INSERT_HEAD(head, elm, field); \
  281         } else { \
  282                 while (LIST_NEXT(curelm, field)) \
  283                         curelm = LIST_NEXT(curelm, field);\
  284                 LIST_INSERT_AFTER(curelm, elm, field);\
  285         }\
  286 } while (/*CONSTCOND*/ 0)
  287 
  288 #define KEY_CHKSASTATE(head, sav, name) \
  289 do { \
  290         if ((head) != (sav)) {                                          \
  291                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
  292                         (name), (head), (sav)));                        \
  293                 continue;                                               \
  294         }                                                               \
  295 } while (/*CONSTCOND*/ 0)
  296 
  297 #define KEY_CHKSPDIR(head, sp, name) \
  298 do { \
  299         if ((head) != (sp)) {                                           \
  300                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
  301                         "anyway continue.\n",                           \
  302                         (name), (head), (sp)));                         \
  303         }                                                               \
  304 } while (/*CONSTCOND*/ 0)
  305 
  306 #if 1
  307 #define KMALLOC(p, t, n)                                                     \
  308         ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
  309 #define KFREE(p)                                                             \
  310         free((caddr_t)(p), M_SECA)
  311 #else
  312 #define KMALLOC(p, t, n) \
  313 do { \
  314         ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT));             \
  315         printf("%s %d: %p <- KMALLOC(%s, %d)\n",                             \
  316                 __FILE__, __LINE__, (p), #t, n);                             \
  317 } while (/*CONSTCOND*/ 0)
  318 
  319 #define KFREE(p)                                                             \
  320         do {                                                                 \
  321                 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p));   \
  322                 free((caddr_t)(p), M_SECA);                                  \
  323         } while (/*CONSTCOND*/ 0)
  324 #endif
  325 
  326 /*
  327  * set parameters into secpolicyindex buffer.
  328  * Must allocate secpolicyindex buffer passed to this function.
  329  */
  330 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
  331 do { \
  332         bzero((idx), sizeof(struct secpolicyindex));                             \
  333         (idx)->prefs = (ps);                                                 \
  334         (idx)->prefd = (pd);                                                 \
  335         (idx)->ul_proto = (ulp);                                             \
  336         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  337         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  338 } while (/*CONSTCOND*/ 0)
  339 
  340 /*
  341  * set parameters into secasindex buffer.
  342  * Must allocate secasindex buffer before calling this function.
  343  */
  344 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  345 do { \
  346         bzero((idx), sizeof(struct secasindex));                             \
  347         (idx)->proto = (p);                                                  \
  348         (idx)->mode = (m);                                                   \
  349         (idx)->reqid = (r);                                                  \
  350         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  351         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  352 } while (/*CONSTCOND*/ 0)
  353 
  354 /* key statistics */
  355 struct _keystat {
  356         u_long getspi_count; /* the avarage of count to try to get new SPI */
  357 } keystat;
  358 
  359 struct sadb_msghdr {
  360         struct sadb_msg *msg;
  361         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  362         int extoff[SADB_EXT_MAX + 1];
  363         int extlen[SADB_EXT_MAX + 1];
  364 };
  365 
  366 static struct secasvar *key_allocsa_policy(struct secasindex *);
  367 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
  368 static void key_delsav(struct secasvar *);
  369 static void key_delsp(struct secpolicy *);
  370 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
  371 static struct secpolicy *key_getspbyid(u_int32_t);
  372 static u_int32_t key_newreqid(void);
  373 static struct mbuf *key_gather_mbuf(struct mbuf *,
  374         const struct sadb_msghdr *, int, int, ...);
  375 static int key_spdadd(struct socket *, struct mbuf *,
  376         const struct sadb_msghdr *);
  377 static int key_spddelete(struct socket *, struct mbuf *,
  378         const struct sadb_msghdr *);
  379 static int key_spddelete2(struct socket *, struct mbuf *,
  380         const struct sadb_msghdr *);
  381 static int key_spdget(struct socket *, struct mbuf *,
  382         const struct sadb_msghdr *);
  383 static int key_spdflush(struct socket *, struct mbuf *,
  384         const struct sadb_msghdr *);
  385 static int key_spddump(struct socket *, struct mbuf *,
  386         const struct sadb_msghdr *);
  387 static struct mbuf *key_setdumpsp(struct secpolicy *,
  388         u_int8_t, u_int32_t, u_int32_t);
  389 static u_int key_getspreqmsglen(struct secpolicy *);
  390 static int key_spdexpire(struct secpolicy *);
  391 static struct secashead *key_newsah(struct secasindex *);
  392 static void key_delsah(struct secashead *);
  393 static struct secasvar *key_newsav(struct mbuf *,
  394         const struct sadb_msghdr *, struct secashead *, int *);
  395 static struct secashead *key_getsah(struct secasindex *);
  396 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
  397 static void key_setspi(struct secasvar *, u_int32_t);
  398 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
  399 static int key_setsaval(struct secasvar *, struct mbuf *,
  400         const struct sadb_msghdr *);
  401 static int key_mature(struct secasvar *);
  402 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
  403         u_int8_t, u_int32_t, u_int32_t);
  404 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
  405         u_int32_t, pid_t, u_int16_t);
  406 static struct mbuf *key_setsadbsa(struct secasvar *);
  407 static struct mbuf *key_setsadbaddr(u_int16_t,
  408         struct sockaddr *, u_int8_t, u_int16_t);
  409 #if 0
  410 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
  411         int, u_int64_t);
  412 #endif
  413 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
  414 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
  415         u_int64_t, u_int64_t, u_int64_t);
  416 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
  417         u_int32_t);
  418 static void *key_newbuf(const void *, u_int);
  419 static int key_ismyaddr(struct sockaddr *);
  420 #ifdef INET6
  421 static int key_ismyaddr6(struct sockaddr_in6 *);
  422 #endif
  423 
  424 /* flags for key_cmpsaidx() */
  425 #define CMP_HEAD        1       /* protocol, addresses. */
  426 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  427 #define CMP_REQID       3       /* additionally HEAD, reqid. not used */
  428 #define CMP_EXACTLY     4       /* all elements. */
  429 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
  430 
  431 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
  432 static int key_bbcmp(caddr_t, caddr_t, u_int);
  433 static u_long key_random(void);
  434 static u_int16_t key_satype2proto(u_int8_t);
  435 static u_int8_t key_proto2satype(u_int16_t);
  436 
  437 static int key_getspi(struct socket *, struct mbuf *,
  438         const struct sadb_msghdr *);
  439 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
  440                                         struct secasindex *);
  441 static int key_update(struct socket *, struct mbuf *,
  442         const struct sadb_msghdr *);
  443 #ifdef IPSEC_DOSEQCHECK
  444 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
  445 #endif
  446 static int key_add(struct socket *, struct mbuf *,
  447         const struct sadb_msghdr *);
  448 static int key_setident(struct secashead *, struct mbuf *,
  449         const struct sadb_msghdr *);
  450 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
  451         const struct sadb_msghdr *);
  452 static int key_delete(struct socket *, struct mbuf *,
  453         const struct sadb_msghdr *);
  454 static int key_get(struct socket *, struct mbuf *,
  455         const struct sadb_msghdr *);
  456 
  457 static void key_getcomb_setlifetime(struct sadb_comb *);
  458 #ifdef IPSEC_ESP
  459 static struct mbuf *key_getcomb_esp(void);
  460 #endif
  461 static struct mbuf *key_getcomb_ah(void);
  462 static struct mbuf *key_getcomb_ipcomp(void);
  463 static struct mbuf *key_getprop(const struct secasindex *);
  464 
  465 static int key_acquire(struct secasindex *, struct secpolicy *);
  466 #ifndef IPSEC_NONBLOCK_ACQUIRE
  467 static struct secacq *key_newacq(struct secasindex *);
  468 static struct secacq *key_getacq(struct secasindex *);
  469 static struct secacq *key_getacqbyseq(u_int32_t);
  470 #endif
  471 static struct secspacq *key_newspacq(struct secpolicyindex *);
  472 static struct secspacq *key_getspacq(struct secpolicyindex *);
  473 static int key_acquire2(struct socket *, struct mbuf *,
  474         const struct sadb_msghdr *);
  475 static int key_register(struct socket *, struct mbuf *,
  476         const struct sadb_msghdr *);
  477 static int key_expire(struct secasvar *);
  478 static int key_flush(struct socket *, struct mbuf *,
  479         const struct sadb_msghdr *);
  480 static int key_dump(struct socket *, struct mbuf *,
  481         const struct sadb_msghdr *);
  482 static int key_promisc(struct socket *, struct mbuf *,
  483         const struct sadb_msghdr *);
  484 static int key_senderror(struct socket *, struct mbuf *, int);
  485 static int key_validate_ext(struct sadb_ext *, int);
  486 static int key_align(struct mbuf *, struct sadb_msghdr *);
  487 #if 0
  488 static const char *key_getfqdn(void);
  489 static const char *key_getuserfqdn(void);
  490 #endif
  491 static void key_sa_chgstate(struct secasvar *, u_int8_t);
  492 static void key_sp_dead(struct secpolicy *);
  493 static void key_sp_unlink(struct secpolicy *);
  494 static struct mbuf *key_alloc_mbuf(int);
  495 static struct callout key_timehandler_ch;
  496 
  497 /* %%% IPsec policy management */
  498 /*
  499  * allocating a SP for OUTBOUND or INBOUND packet.
  500  * Must call key_freesp() later.
  501  * OUT: NULL:   not found
  502  *      others: found and return the pointer.
  503  */
  504 struct secpolicy *
  505 key_allocsp(tag, spidx, dir)
  506         u_int16_t tag;
  507         struct secpolicyindex *spidx;
  508         u_int dir;
  509 {
  510         struct secpolicy *sp;
  511         int s;
  512 
  513         /* check direction */
  514         switch (dir) {
  515         case IPSEC_DIR_INBOUND:
  516         case IPSEC_DIR_OUTBOUND:
  517                 break;
  518         default:
  519                 panic("key_allocsp: Invalid direction is passed.");
  520         }
  521 
  522         /* get a SP entry */
  523         s = splnet();   /*called from softclock()*/
  524         if (spidx) {
  525                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  526                         printf("*** objects\n");
  527                         kdebug_secpolicyindex(spidx));
  528         }
  529 
  530         LIST_FOREACH(sp, &sptree[dir], chain) {
  531                 if (sp->state == IPSEC_SPSTATE_DEAD)
  532                         continue;
  533                 if (sp->spidx) {
  534                         if (!spidx)
  535                                 continue;
  536 
  537                         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  538                                 printf("*** in SPD\n");
  539                                 kdebug_secpolicyindex(sp->spidx));
  540 
  541                         if (key_cmpspidx_withmask(sp->spidx, spidx))
  542                                 goto found;
  543                 }
  544         }
  545 
  546         splx(s);
  547         return NULL;
  548 
  549 found:
  550         /* sanity check */
  551         KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
  552 
  553         /* found a SPD entry */
  554         sp->lastused = time_second;
  555         sp->refcnt++;
  556         splx(s);
  557         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  558                 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
  559                         sp->refcnt, sp));
  560 
  561         return sp;
  562 }
  563 
  564 /*
  565  * return a policy that matches this particular inbound packet.
  566  * XXX slow
  567  */
  568 struct secpolicy *
  569 key_gettunnel(osrc, odst, isrc, idst)
  570         struct sockaddr *osrc, *odst, *isrc, *idst;
  571 {
  572         struct secpolicy *sp;
  573         const int dir = IPSEC_DIR_INBOUND;
  574         int s;
  575         struct ipsecrequest *r1, *r2, *p;
  576         struct sockaddr *os, *od, *is, *id;
  577         struct secpolicyindex spidx;
  578 
  579         if (isrc->sa_family != idst->sa_family) {
  580                 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
  581                         isrc->sa_family, idst->sa_family));
  582                 return NULL;
  583         }
  584 
  585         s = splnet();   /*called from softclock()*/
  586         LIST_FOREACH(sp, &sptree[dir], chain) {
  587                 if (sp->state == IPSEC_SPSTATE_DEAD)
  588                         continue;
  589 
  590                 r1 = r2 = NULL;
  591                 for (p = sp->req; p; p = p->next) {
  592                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  593                                 continue;
  594 
  595                         r1 = r2;
  596                         r2 = p;
  597 
  598                         if (!r1) {
  599                                 if (sp->spidx) {
  600                                         /*
  601                                          * here we look at address matches
  602                                          * only
  603                                          */
  604                                         spidx = *sp->spidx;
  605                                         if (isrc->sa_len > sizeof(spidx.src) ||
  606                                             idst->sa_len > sizeof(spidx.dst))
  607                                                 continue;
  608                                         bcopy(isrc, &spidx.src, isrc->sa_len);
  609                                         bcopy(idst, &spidx.dst, idst->sa_len);
  610                                         if (!key_cmpspidx_withmask(sp->spidx,
  611                                             &spidx))
  612                                                 continue;
  613                                 } else
  614                                         ; /* can't check for tagged policy */
  615                         } else {
  616                                 is = (struct sockaddr *)&r1->saidx.src;
  617                                 id = (struct sockaddr *)&r1->saidx.dst;
  618                                 if (key_sockaddrcmp(is, isrc, 0) ||
  619                                     key_sockaddrcmp(id, idst, 0))
  620                                         continue;
  621                         }
  622 
  623                         os = (struct sockaddr *)&r2->saidx.src;
  624                         od = (struct sockaddr *)&r2->saidx.dst;
  625                         if (key_sockaddrcmp(os, osrc, 0) ||
  626                             key_sockaddrcmp(od, odst, 0))
  627                                 continue;
  628 
  629                         goto found;
  630                 }
  631         }
  632         splx(s);
  633         return NULL;
  634 
  635 found:
  636         sp->lastused = time_second;
  637         sp->refcnt++;
  638         splx(s);
  639         return sp;
  640 }
  641 
  642 /*
  643  * allocating an SA entry for an *OUTBOUND* packet.
  644  * checking each request entries in SP, and acquire an SA if need.
  645  * OUT: 0: there are valid requests.
  646  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  647  */
  648 int
  649 key_checkrequest(isr, saidx)
  650         struct ipsecrequest *isr;
  651         struct secasindex *saidx;
  652 {
  653         u_int level;
  654         int error;
  655 
  656         /* sanity check */
  657         if (isr == NULL || saidx == NULL)
  658                 panic("key_checkrequest: NULL pointer is passed.");
  659 
  660         /* check mode */
  661         switch (saidx->mode) {
  662         case IPSEC_MODE_TRANSPORT:
  663         case IPSEC_MODE_TUNNEL:
  664                 break;
  665         case IPSEC_MODE_ANY:
  666         default:
  667                 panic("key_checkrequest: Invalid policy defined.");
  668         }
  669 
  670         /* get current level */
  671         level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
  672 
  673 #if 0
  674         /*
  675          * We do allocate new SA only if the state of SA in the holder is
  676          * SADB_SASTATE_DEAD.  The SA for outbound must be the oldest.
  677          */
  678         if (isr->sav != NULL) {
  679                 if (isr->sav->sah == NULL)
  680                         panic("key_checkrequest: sah is null.");
  681                 if (isr->sav ==
  682                     LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
  683                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  684                                 printf("DP checkrequest calls free SA:%p\n",
  685                                         isr->sav));
  686                         key_freesav(isr->sav);
  687                         isr->sav = NULL;
  688                 }
  689         }
  690 #else
  691         /*
  692          * we free any SA stashed in the IPsec request because a different
  693          * SA may be involved each time this request is checked, either
  694          * because new SAs are being configured, or this request is
  695          * associated with an unconnected datagram socket, or this request
  696          * is associated with a system default policy.
  697          *
  698          * The operation may have negative impact to performance.  We may
  699          * want to check cached SA carefully, rather than picking new SA
  700          * every time.
  701          */
  702         if (isr->sav != NULL) {
  703                 key_freesav(isr->sav);
  704                 isr->sav = NULL;
  705         }
  706 #endif
  707 
  708         /*
  709          * new SA allocation if no SA found.
  710          * key_allocsa_policy should allocate the oldest SA available.
  711          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  712          */
  713         if (isr->sav == NULL)
  714                 isr->sav = key_allocsa_policy(saidx);
  715 
  716         /* When there is SA. */
  717         if (isr->sav != NULL)
  718                 return 0;
  719 
  720         /* there is no SA */
  721         if ((error = key_acquire(saidx, isr->sp)) != 0) {
  722                 /* XXX What should I do ? */
  723                 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
  724                         "from key_acquire.\n", error));
  725                 return error;
  726         }
  727 
  728         return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
  729 }
  730 
  731 /*
  732  * allocating a SA for policy entry from SAD.
  733  * NOTE: searching SAD of aliving state.
  734  * OUT: NULL:   not found.
  735  *      others: found and return the pointer.
  736  */
  737 static struct secasvar *
  738 key_allocsa_policy(saidx)
  739         struct secasindex *saidx;
  740 {
  741         struct secashead *sah;
  742         struct secasvar *sav;
  743         u_int stateidx, state;
  744         const u_int *saorder_state_valid;
  745         int arraysize;
  746 
  747         LIST_FOREACH(sah, &sahtree, chain) {
  748                 if (sah->state == SADB_SASTATE_DEAD)
  749                         continue;
  750                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
  751                         goto found;
  752         }
  753 
  754         return NULL;
  755 
  756     found:
  757 
  758         /*
  759          * search a valid state list for outbound packet.
  760          * This search order is important.
  761          */
  762         if (key_preferred_oldsa) {
  763                 saorder_state_valid = saorder_state_valid_prefer_old;
  764                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  765         } else {
  766                 saorder_state_valid = saorder_state_valid_prefer_new;
  767                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  768         }
  769 
  770         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  771 
  772                 state = saorder_state_valid[stateidx];
  773 
  774                 sav = key_do_allocsa_policy(sah, state);
  775                 if (sav != NULL)
  776                         return sav;
  777         }
  778 
  779         return NULL;
  780 }
  781 
  782 /*
  783  * searching SAD with direction, protocol, mode and state.
  784  * called by key_allocsa_policy().
  785  * OUT:
  786  *      NULL    : not found
  787  *      others  : found, pointer to a SA.
  788  */
  789 static struct secasvar *
  790 key_do_allocsa_policy(sah, state)
  791         struct secashead *sah;
  792         u_int state;
  793 {
  794         struct secasvar *sav, *nextsav, *candidate, *d;
  795 
  796         /* initilize */
  797         candidate = NULL;
  798 
  799         for (sav = LIST_FIRST(&sah->savtree[state]);
  800              sav != NULL;
  801              sav = nextsav) {
  802 
  803                 nextsav = LIST_NEXT(sav, chain);
  804 
  805                 /* sanity check */
  806                 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
  807 
  808                 /* initialize */
  809                 if (candidate == NULL) {
  810                         candidate = sav;
  811                         continue;
  812                 }
  813 
  814                 /* Which SA is the better ? */
  815 
  816                 /* sanity check 2 */
  817                 if (candidate->lft_c == NULL || sav->lft_c == NULL)
  818                         panic("key_do_allocsa_policy: "
  819                                 "lifetime_current is NULL.");
  820 
  821                 /* What the best method is to compare ? */
  822                 if (key_preferred_oldsa) {
  823                         if (candidate->lft_c->sadb_lifetime_addtime >
  824                                         sav->lft_c->sadb_lifetime_addtime) {
  825                                 candidate = sav;
  826                         }
  827                         continue;
  828                         /*NOTREACHED*/
  829                 }
  830 
  831                 /* preferred new sa rather than old sa */
  832                 if (candidate->lft_c->sadb_lifetime_addtime <
  833                                 sav->lft_c->sadb_lifetime_addtime) {
  834                         d = candidate;
  835                         candidate = sav;
  836                 } else
  837                         d = sav;
  838 
  839                 /*
  840                  * prepared to delete the SA when there is more
  841                  * suitable candidate and the lifetime of the SA is not
  842                  * permanent.
  843                  */
  844                 if (d->lft_h->sadb_lifetime_addtime != 0) {
  845                         struct mbuf *m, *result = NULL;
  846 
  847                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  848 
  849                         m = key_setsadbmsg(SADB_DELETE, 0,
  850                             key_proto2satype(d->sah->saidx.proto),
  851                             0, 0, d->refcnt - 1);
  852                         if (!m)
  853                                 goto msgfail;
  854                         result = m;
  855 
  856                         /* set sadb_address for saidx's. */
  857                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
  858                                 (struct sockaddr *)&d->sah->saidx.src,
  859                                 FULLMASK, IPSEC_ULPROTO_ANY);
  860                         if (!m)
  861                                 goto msgfail;
  862                         m_cat(result, m);
  863 
  864                         /* set sadb_address for saidx's. */
  865                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
  866                                 (struct sockaddr *)&d->sah->saidx.dst,
  867                                 FULLMASK, IPSEC_ULPROTO_ANY);
  868                         if (!m)
  869                                 goto msgfail;
  870                         m_cat(result, m);
  871 
  872                         /* create SA extension */
  873                         m = key_setsadbsa(d);
  874                         if (!m)
  875                                 goto msgfail;
  876                         m_cat(result, m);
  877 
  878                         if (result->m_len < sizeof(struct sadb_msg)) {
  879                                 result = m_pullup(result,
  880                                                 sizeof(struct sadb_msg));
  881                                 if (result == NULL)
  882                                         goto msgfail;
  883                         }
  884 
  885                         result->m_pkthdr.len = 0;
  886                         for (m = result; m; m = m->m_next)
  887                                 result->m_pkthdr.len += m->m_len;
  888                         mtod(result, struct sadb_msg *)->sadb_msg_len =
  889                                 PFKEY_UNIT64(result->m_pkthdr.len);
  890 
  891                         if (key_sendup_mbuf(NULL, result,
  892                                         KEY_SENDUP_REGISTERED))
  893                                 goto msgfail;
  894 
  895                         result = NULL;
  896 
  897                  msgfail:
  898                         if (result != NULL)
  899                                 m_freem(result);
  900                         key_freesav(d);
  901                 }
  902         }
  903 
  904         if (candidate) {
  905                 candidate->refcnt++;
  906                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  907                         printf("DP allocsa_policy cause "
  908                                 "refcnt++:%d SA:%p\n",
  909                                 candidate->refcnt, candidate));
  910         }
  911         return candidate;
  912 }
  913 
  914 /*
  915  * allocating a SA entry for a *INBOUND* packet.
  916  * Must call key_freesav() later.
  917  * OUT: positive:       pointer to a sav.
  918  *      NULL:           not found, or error occured.
  919  *
  920  * In the comparison, source address will be ignored for RFC2401 conformance.
  921  * To quote, from section 4.1:
  922  *      A security association is uniquely identified by a triple consisting
  923  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
  924  *      security protocol (AH or ESP) identifier.
  925  * Note that, however, we do need to keep source address in IPsec SA.
  926  * IKE specification and PF_KEY specification do assume that we
  927  * keep source address in IPsec SA.  We see a tricky situation here.
  928  */
  929 struct secasvar *
  930 key_allocsa(family, src, dst, proto, spi)
  931         u_int family, proto;
  932         caddr_t src, dst;
  933         u_int32_t spi;
  934 {
  935         struct secasvar *sav, *match;
  936         u_int stateidx, state, tmpidx, matchidx;
  937         struct sockaddr_in sin;
  938 #ifdef INET6
  939         struct sockaddr_in6 sin6;
  940 #endif
  941         int s;
  942         const u_int *saorder_state_valid;
  943         int arraysize;
  944 
  945         /* sanity check */
  946         if (src == NULL || dst == NULL)
  947                 panic("key_allocsa: NULL pointer is passed.");
  948 
  949         /*
  950          * when both systems employ similar strategy to use a SA.
  951          * the search order is important even in the inbound case.
  952          */
  953         if (key_preferred_oldsa) {
  954                 saorder_state_valid = saorder_state_valid_prefer_old;
  955                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  956         } else {
  957                 saorder_state_valid = saorder_state_valid_prefer_new;
  958                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  959         }
  960 
  961         bzero(&sin, sizeof(sin));
  962         sin.sin_family = AF_INET;
  963         sin.sin_len = sizeof(sin);
  964 #ifdef INET6
  965         bzero(&sin6, sizeof(sin6));
  966         sin6.sin6_family = AF_INET6;
  967         sin6.sin6_len = sizeof(sin6);
  968 #endif
  969 
  970         /*
  971          * searching SAD.
  972          * XXX: to be checked internal IP header somewhere.  Also when
  973          * IPsec tunnel packet is received.  But ESP tunnel mode is
  974          * encrypted so we can't check internal IP header.
  975          */
  976         s = splnet();   /*called from softclock()*/
  977         /*
  978          * search a valid state list for inbound packet.
  979          * the search order is not important.
  980          */
  981         match = NULL;
  982         matchidx = arraysize;
  983         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
  984                 if (sav->spi != spi)
  985                         continue;
  986                 if (proto != sav->sah->saidx.proto)
  987                         continue;
  988                 if (family != sav->sah->saidx.src.ss_family ||
  989                     family != sav->sah->saidx.dst.ss_family)
  990                         continue;
  991                 tmpidx = arraysize;
  992                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
  993                         state = saorder_state_valid[stateidx];
  994                         if (sav->state == state) {
  995                                 tmpidx = stateidx;
  996                                 break;
  997                         }
  998                 }
  999                 if (tmpidx >= matchidx)
 1000                         continue;
 1001 
 1002 #if 0   /* don't check src */
 1003                 /* check src address */
 1004                 switch (family) {
 1005                 case AF_INET:
 1006                         bcopy(src, &sin.sin_addr, sizeof(sin.sin_addr));
 1007                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1008                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1009                                 continue;
 1010 
 1011                         break;
 1012 #ifdef INET6
 1013                 case AF_INET6:
 1014                         bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1015                         sin6.sin6_scope_id = 0;
 1016                         if (sa6_recoverscope(&sin6))
 1017                                 continue;
 1018                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1019                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1020                                 continue;
 1021                         break;
 1022 #endif
 1023                 default:
 1024                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1025                             "unknown address family=%d.\n",
 1026                             family));
 1027                         continue;
 1028                 }
 1029 
 1030 #endif
 1031                 /* check dst address */
 1032                 switch (family) {
 1033                 case AF_INET:
 1034                         bcopy(dst, &sin.sin_addr, sizeof(sin.sin_addr));
 1035                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1036                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1037                                 continue;
 1038 
 1039                         break;
 1040 #ifdef INET6
 1041                 case AF_INET6:
 1042                         bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1043                         sin6.sin6_scope_id = 0;
 1044                         if (sa6_recoverscope(&sin6))
 1045                                 continue;
 1046                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1047                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1048                                 continue;
 1049                         break;
 1050 #endif
 1051                 default:
 1052                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1053                             "unknown address family=%d.\n", family));
 1054                         continue;
 1055                 }
 1056 
 1057                 match = sav;
 1058                 matchidx = tmpidx;
 1059         }
 1060 
 1061         if (match)
 1062                 goto found;
 1063 
 1064         /* not found */
 1065         splx(s);
 1066         return NULL;
 1067 
 1068 found:
 1069         match->refcnt++;
 1070         splx(s);
 1071         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1072                 printf("DP allocsa cause refcnt++:%d SA:%p\n",
 1073                         match->refcnt, match));
 1074         return match;
 1075 }
 1076 
 1077 /*
 1078  * Must be called after calling key_allocsp().
 1079  * For both the packet without socket and key_freeso().
 1080  */
 1081 void
 1082 key_freesp(sp)
 1083         struct secpolicy *sp;
 1084 {
 1085         /* sanity check */
 1086         if (sp == NULL)
 1087                 panic("key_freesp: NULL pointer is passed.");
 1088 
 1089         sp->refcnt--;
 1090         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1091                 printf("DP freesp cause refcnt--:%d SP:%p\n",
 1092                         sp->refcnt, sp));
 1093 
 1094         if (sp->refcnt == 0)
 1095                 key_delsp(sp);
 1096 
 1097         return;
 1098 }
 1099 
 1100 /*
 1101  * Must be called after calling key_allocsa().
 1102  * This function is called by key_freesp() to free some SA allocated
 1103  * for a policy.
 1104  */
 1105 void
 1106 key_freesav(sav)
 1107         struct secasvar *sav;
 1108 {
 1109         /* sanity check */
 1110         if (sav == NULL)
 1111                 panic("key_freesav: NULL pointer is passed.");
 1112 
 1113         sav->refcnt--;
 1114         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1115                 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
 1116                         sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
 1117 
 1118         if (sav->refcnt > 0)
 1119                 return;
 1120 
 1121         key_delsav(sav);
 1122 }
 1123 
 1124 static void
 1125 key_delsav(sav)
 1126         struct secasvar *sav;
 1127 {
 1128         int s;
 1129 
 1130         /* sanity check */
 1131         if (sav == NULL)
 1132                 panic("key_delsav: NULL pointer is passed.");
 1133 
 1134         if (sav->refcnt > 0)
 1135                 panic("key_delsav: called with positive refcnt");
 1136 
 1137         s = splnet();
 1138 
 1139         if (__LIST_CHAINED(sav))
 1140                 LIST_REMOVE(sav, chain);
 1141 
 1142         if (sav->spihash.le_prev || sav->spihash.le_next)
 1143                 LIST_REMOVE(sav, spihash);
 1144 
 1145         if (sav->key_auth != NULL) {
 1146                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 1147                 KFREE(sav->key_auth);
 1148                 sav->key_auth = NULL;
 1149         }
 1150         if (sav->key_enc != NULL) {
 1151                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 1152                 KFREE(sav->key_enc);
 1153                 sav->key_enc = NULL;
 1154         }
 1155         if (sav->sched) {
 1156                 bzero(sav->sched, sav->schedlen);
 1157                 KFREE(sav->sched);
 1158                 sav->sched = NULL;
 1159         }
 1160         if (sav->replay != NULL) {
 1161                 keydb_delsecreplay(sav->replay);
 1162                 sav->replay = NULL;
 1163         }
 1164         if (sav->lft_c != NULL) {
 1165                 KFREE(sav->lft_c);
 1166                 sav->lft_c = NULL;
 1167         }
 1168         if (sav->lft_h != NULL) {
 1169                 KFREE(sav->lft_h);
 1170                 sav->lft_h = NULL;
 1171         }
 1172         if (sav->lft_s != NULL) {
 1173                 KFREE(sav->lft_s);
 1174                 sav->lft_s = NULL;
 1175         }
 1176         if (sav->iv != NULL) {
 1177                 KFREE(sav->iv);
 1178                 sav->iv = NULL;
 1179         }
 1180 
 1181         keydb_delsecasvar(sav);
 1182 
 1183         splx(s);
 1184 }
 1185 
 1186 /* %%% SPD management */
 1187 /*
 1188  * free security policy entry.
 1189  */
 1190 static void
 1191 key_delsp(sp)
 1192         struct secpolicy *sp;
 1193 {
 1194         int s;
 1195 
 1196         /* sanity check */
 1197         if (sp == NULL)
 1198                 panic("key_delsp: NULL pointer is passed.");
 1199 
 1200         if (sp->refcnt > 0)
 1201                 panic("key_delsp: called with positive refcnt");
 1202 
 1203         s = splnet();   /*called from softclock()*/
 1204 
 1205     {
 1206         struct ipsecrequest *isr = sp->req, *nextisr;
 1207 
 1208         while (isr != NULL) {
 1209                 if (isr->sav != NULL) {
 1210                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1211                                 printf("DP delsp calls free SA:%p\n",
 1212                                         isr->sav));
 1213                         key_freesav(isr->sav);
 1214                         isr->sav = NULL;
 1215                 }
 1216 
 1217                 nextisr = isr->next;
 1218                 KFREE(isr);
 1219                 isr = nextisr;
 1220         }
 1221     }
 1222 
 1223         keydb_delsecpolicy(sp);
 1224 
 1225         splx(s);
 1226 
 1227         return;
 1228 }
 1229 
 1230 /*
 1231  * search SPD
 1232  * OUT: NULL    : not found
 1233  *      others  : found, pointer to a SP.
 1234  */
 1235 static struct secpolicy *
 1236 key_getsp(spidx, dir)
 1237         struct secpolicyindex *spidx;
 1238         int dir;
 1239 {
 1240         struct secpolicy *sp;
 1241 
 1242         /* sanity check */
 1243         if (spidx == NULL)
 1244                 panic("key_getsp: NULL pointer is passed.");
 1245 
 1246         LIST_FOREACH(sp, &sptree[dir], chain) {
 1247                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1248                         continue;
 1249                 if (!sp->spidx)
 1250                         continue;
 1251                 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
 1252                         sp->refcnt++;
 1253                         return sp;
 1254                 }
 1255         }
 1256 
 1257         return NULL;
 1258 }
 1259 
 1260 /*
 1261  * get SP by index.
 1262  * OUT: NULL    : not found
 1263  *      others  : found, pointer to a SP.
 1264  */
 1265 static struct secpolicy *
 1266 key_getspbyid(id)
 1267         u_int32_t id;
 1268 {
 1269         struct secpolicy *sp;
 1270 
 1271         TAILQ_FOREACH(sp, &sptailq, tailq) {
 1272                 if (sp->id == id) {
 1273                         sp->refcnt++;
 1274                         return sp;
 1275                 }
 1276         }
 1277 
 1278         return NULL;
 1279 }
 1280 
 1281 struct secpolicy *
 1282 key_newsp(id)
 1283         u_int32_t id;
 1284 {
 1285         struct secpolicy *newsp = NULL, *sp;
 1286         u_int32_t newid;
 1287 
 1288         if (id > IPSEC_MANUAL_POLICYID_MAX) {
 1289                 ipseclog((LOG_DEBUG,
 1290                     "key_newsp: policy_id=%u range "
 1291                     "violation, updated by kernel.\n", id));
 1292                 id = 0;
 1293         }
 1294 
 1295         if (id == 0) {
 1296                 if ((newid = keydb_newspid()) == 0) {
 1297                         ipseclog((LOG_DEBUG, 
 1298                             "key_newsp: new policy_id allocation failed."));
 1299                         return NULL;
 1300                 }
 1301         } else {
 1302                 sp = key_getspbyid(id);
 1303                 if (sp != NULL) {
 1304                         ipseclog((LOG_DEBUG,
 1305                             "key_newsp: policy_id(%u) has been used.\n", id));
 1306                         key_freesp(sp);
 1307                         return NULL;
 1308                 }
 1309                 newid = id;
 1310         }
 1311 
 1312         newsp = keydb_newsecpolicy();
 1313         if (!newsp)
 1314                 return newsp;
 1315 
 1316         newsp->id = newid;
 1317         newsp->refcnt = 1;
 1318         newsp->req = NULL;
 1319 
 1320         return newsp;
 1321 }
 1322 
 1323 /*
 1324  * create secpolicy structure from sadb_x_policy structure.
 1325  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1326  * so must be set properly later.
 1327  */
 1328 struct secpolicy *
 1329 key_msg2sp(xpl0, len, error)
 1330         struct sadb_x_policy *xpl0;
 1331         size_t len;
 1332         int *error;
 1333 {
 1334         struct secpolicy *newsp;
 1335 
 1336         /* sanity check */
 1337         if (xpl0 == NULL)
 1338                 panic("key_msg2sp: NULL pointer was passed.");
 1339         if (len < sizeof(*xpl0))
 1340                 panic("key_msg2sp: invalid length.");
 1341         if (len != PFKEY_EXTLEN(xpl0)) {
 1342                 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
 1343                 *error = EINVAL;
 1344                 return NULL;
 1345         }
 1346 
 1347         if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
 1348                 *error = ENOBUFS;
 1349                 return NULL;
 1350         }
 1351 
 1352         newsp->dir = xpl0->sadb_x_policy_dir;
 1353         newsp->policy = xpl0->sadb_x_policy_type;
 1354 
 1355         /* check policy */
 1356         switch (xpl0->sadb_x_policy_type) {
 1357         case IPSEC_POLICY_DISCARD:
 1358         case IPSEC_POLICY_NONE:
 1359         case IPSEC_POLICY_ENTRUST:
 1360         case IPSEC_POLICY_BYPASS:
 1361                 newsp->req = NULL;
 1362                 break;
 1363 
 1364         case IPSEC_POLICY_IPSEC:
 1365             {
 1366                 int tlen;
 1367                 struct sadb_x_ipsecrequest *xisr;
 1368                 struct ipsecrequest **p_isr = &newsp->req;
 1369 
 1370                 /* validity check */
 1371                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1372                         ipseclog((LOG_DEBUG,
 1373                             "key_msg2sp: Invalid msg length.\n"));
 1374                         key_freesp(newsp);
 1375                         *error = EINVAL;
 1376                         return NULL;
 1377                 }
 1378 
 1379                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1380                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1381 
 1382                 while (tlen > 0) {
 1383 
 1384                         /* length check */
 1385                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1386                                 ipseclog((LOG_DEBUG, "key_msg2sp: "
 1387                                         "invalid ipsecrequest length.\n"));
 1388                                 key_freesp(newsp);
 1389                                 *error = EINVAL;
 1390                                 return NULL;
 1391                         }
 1392 
 1393                         /* allocate request buffer */
 1394                         KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
 1395                         if ((*p_isr) == NULL) {
 1396                                 ipseclog((LOG_DEBUG,
 1397                                     "key_msg2sp: No more memory.\n"));
 1398                                 key_freesp(newsp);
 1399                                 *error = ENOBUFS;
 1400                                 return NULL;
 1401                         }
 1402                         bzero(*p_isr, sizeof(**p_isr));
 1403 
 1404                         /* set values */
 1405                         (*p_isr)->next = NULL;
 1406 
 1407                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1408                         case IPPROTO_ESP:
 1409                         case IPPROTO_AH:
 1410                         case IPPROTO_IPCOMP:
 1411                                 break;
 1412                         default:
 1413                                 ipseclog((LOG_DEBUG,
 1414                                     "key_msg2sp: invalid proto type=%u\n",
 1415                                     xisr->sadb_x_ipsecrequest_proto));
 1416                                 key_freesp(newsp);
 1417                                 *error = EPROTONOSUPPORT;
 1418                                 return NULL;
 1419                         }
 1420                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1421 
 1422                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1423                         case IPSEC_MODE_TRANSPORT:
 1424                         case IPSEC_MODE_TUNNEL:
 1425                                 break;
 1426                         case IPSEC_MODE_ANY:
 1427                         default:
 1428                                 ipseclog((LOG_DEBUG,
 1429                                     "key_msg2sp: invalid mode=%u\n",
 1430                                     xisr->sadb_x_ipsecrequest_mode));
 1431                                 key_freesp(newsp);
 1432                                 *error = EINVAL;
 1433                                 return NULL;
 1434                         }
 1435                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1436 
 1437                         switch (xisr->sadb_x_ipsecrequest_level) {
 1438                         case IPSEC_LEVEL_DEFAULT:
 1439                         case IPSEC_LEVEL_USE:
 1440                         case IPSEC_LEVEL_REQUIRE:
 1441                                 break;
 1442                         case IPSEC_LEVEL_UNIQUE:
 1443                                 /* validity check */
 1444                                 /*
 1445                                  * If range violation of reqid, kernel will
 1446                                  * update it, don't refuse it.
 1447                                  */
 1448                                 if (xisr->sadb_x_ipsecrequest_reqid
 1449                                                 > IPSEC_MANUAL_REQID_MAX) {
 1450                                         ipseclog((LOG_DEBUG,
 1451                                             "key_msg2sp: reqid=%u range "
 1452                                             "violation, updated by kernel.\n",
 1453                                             xisr->sadb_x_ipsecrequest_reqid));
 1454                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1455                                 }
 1456 
 1457                                 /* allocate new reqid id if reqid is zero. */
 1458                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1459                                         u_int32_t reqid;
 1460                                         if ((reqid = key_newreqid()) == 0) {
 1461                                                 key_freesp(newsp);
 1462                                                 *error = ENOBUFS;
 1463                                                 return NULL;
 1464                                         }
 1465                                         (*p_isr)->saidx.reqid = reqid;
 1466                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1467                                 } else {
 1468                                 /* set it for manual keying. */
 1469                                         (*p_isr)->saidx.reqid =
 1470                                                 xisr->sadb_x_ipsecrequest_reqid;
 1471                                 }
 1472                                 break;
 1473 
 1474                         default:
 1475                                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
 1476                                         xisr->sadb_x_ipsecrequest_level));
 1477                                 key_freesp(newsp);
 1478                                 *error = EINVAL;
 1479                                 return NULL;
 1480                         }
 1481                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1482 
 1483                         /* set IP addresses if there */
 1484                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1485                                 struct sockaddr *paddr;
 1486 
 1487                                 paddr = (struct sockaddr *)(xisr + 1);
 1488 
 1489                                 /* validity check */
 1490                                 if (paddr->sa_len
 1491                                     > sizeof((*p_isr)->saidx.src)) {
 1492                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1493                                                 "address length.\n"));
 1494                                         key_freesp(newsp);
 1495                                         *error = EINVAL;
 1496                                         return NULL;
 1497                                 }
 1498                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1499                                         paddr->sa_len);
 1500 
 1501                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1502                                                         + paddr->sa_len);
 1503 
 1504                                 /* validity check */
 1505                                 if (paddr->sa_len
 1506                                     > sizeof((*p_isr)->saidx.dst)) {
 1507                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1508                                                 "address length.\n"));
 1509                                         key_freesp(newsp);
 1510                                         *error = EINVAL;
 1511                                         return NULL;
 1512                                 }
 1513                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1514                                         paddr->sa_len);
 1515                         }
 1516 
 1517                         (*p_isr)->sav = NULL;
 1518                         (*p_isr)->sp = newsp;
 1519 
 1520                         /* initialization for the next. */
 1521                         p_isr = &(*p_isr)->next;
 1522                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1523 
 1524                         /* validity check */
 1525                         if (tlen < 0) {
 1526                                 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
 1527                                 key_freesp(newsp);
 1528                                 *error = EINVAL;
 1529                                 return NULL;
 1530                         }
 1531 
 1532                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1533                                          + xisr->sadb_x_ipsecrequest_len);
 1534                 }
 1535             }
 1536                 break;
 1537         default:
 1538                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
 1539                 key_freesp(newsp);
 1540                 *error = EINVAL;
 1541                 return NULL;
 1542         }
 1543 
 1544         *error = 0;
 1545         return newsp;
 1546 }
 1547 
 1548 static u_int32_t
 1549 key_newreqid()
 1550 {
 1551         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1552 
 1553         auto_reqid = (auto_reqid == ~0
 1554                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1555 
 1556         /* XXX should be unique check */
 1557 
 1558         return auto_reqid;
 1559 }
 1560 
 1561 /*
 1562  * copy secpolicy struct to sadb_x_policy structure indicated.
 1563  */
 1564 struct mbuf *
 1565 key_sp2msg(sp)
 1566         struct secpolicy *sp;
 1567 {
 1568         struct sadb_x_policy *xpl;
 1569         int tlen;
 1570         caddr_t p;
 1571         struct mbuf *m;
 1572 
 1573         /* sanity check. */
 1574         if (sp == NULL)
 1575                 panic("key_sp2msg: NULL pointer was passed.");
 1576 
 1577         tlen = key_getspreqmsglen(sp);
 1578 
 1579         m = key_alloc_mbuf(tlen);
 1580         if (!m || m->m_next) {  /*XXX*/
 1581                 if (m)
 1582                         m_freem(m);
 1583                 return NULL;
 1584         }
 1585 
 1586         m->m_len = tlen;
 1587         m->m_next = NULL;
 1588         xpl = mtod(m, struct sadb_x_policy *);
 1589         bzero(xpl, tlen);
 1590 
 1591         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1592         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1593         xpl->sadb_x_policy_type = sp->policy;
 1594         xpl->sadb_x_policy_dir = sp->dir;
 1595         xpl->sadb_x_policy_id = sp->id;
 1596         p = (caddr_t)xpl + sizeof(*xpl);
 1597 
 1598         /* if is the policy for ipsec ? */
 1599         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1600                 struct sadb_x_ipsecrequest *xisr;
 1601                 struct ipsecrequest *isr;
 1602 
 1603                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1604 
 1605                         xisr = (struct sadb_x_ipsecrequest *)p;
 1606 
 1607                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1608                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1609                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1610                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1611 
 1612                         p += sizeof(*xisr);
 1613                         bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
 1614                         p += isr->saidx.src.ss_len;
 1615                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
 1616                         p += isr->saidx.src.ss_len;
 1617 
 1618                         xisr->sadb_x_ipsecrequest_len =
 1619                             PFKEY_ALIGN8(sizeof(*xisr) +
 1620                             isr->saidx.src.ss_len + isr->saidx.dst.ss_len);
 1621                 }
 1622         }
 1623 
 1624         return m;
 1625 }
 1626 
 1627 /* m will not be freed nor modified */
 1628 static struct mbuf *
 1629 #ifdef __STDC__
 1630 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1631         int ndeep, int nitem, ...)
 1632 #else
 1633 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
 1634         struct mbuf *m;
 1635         const struct sadb_msghdr *mhp;
 1636         int ndeep;
 1637         int nitem;
 1638         va_dcl
 1639 #endif
 1640 {
 1641         va_list ap;
 1642         int idx;
 1643         int i;
 1644         struct mbuf *result = NULL, *n;
 1645         int len;
 1646 
 1647         if (m == NULL || mhp == NULL)
 1648                 panic("null pointer passed to key_gather");
 1649 
 1650         va_start(ap, nitem);
 1651         for (i = 0; i < nitem; i++) {
 1652                 idx = va_arg(ap, int);
 1653                 if (idx < 0 || idx > SADB_EXT_MAX)
 1654                         goto fail;
 1655                 /* don't attempt to pull empty extension */
 1656                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1657                         continue;
 1658                 if (idx != SADB_EXT_RESERVED  &&
 1659                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1660                         continue;
 1661 
 1662                 if (idx == SADB_EXT_RESERVED) {
 1663                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1664 #ifdef DIAGNOSTIC
 1665                         if (len > MHLEN)
 1666                                 panic("assumption failed");
 1667 #endif
 1668                         MGETHDR(n, M_DONTWAIT, MT_DATA);
 1669                         if (!n)
 1670                                 goto fail;
 1671                         n->m_len = len;
 1672                         n->m_next = NULL;
 1673                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1674                             mtod(n, caddr_t));
 1675                 } else if (i < ndeep) {
 1676                         len = mhp->extlen[idx];
 1677                         n = key_alloc_mbuf(len);
 1678                         if (!n || n->m_next) {  /*XXX*/
 1679                                 if (n)
 1680                                         m_freem(n);
 1681                                 goto fail;
 1682                         }
 1683                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1684                             mtod(n, caddr_t));
 1685                 } else {
 1686                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1687                             M_DONTWAIT);
 1688                 }
 1689                 if (n == NULL)
 1690                         goto fail;
 1691 
 1692                 if (result)
 1693                         m_cat(result, n);
 1694                 else
 1695                         result = n;
 1696         }
 1697         va_end(ap);
 1698 
 1699         if ((result->m_flags & M_PKTHDR) != 0) {
 1700                 result->m_pkthdr.len = 0;
 1701                 for (n = result; n; n = n->m_next)
 1702                         result->m_pkthdr.len += n->m_len;
 1703         }
 1704 
 1705         return result;
 1706 
 1707 fail:
 1708         va_end(ap);
 1709         m_freem(result);
 1710         return NULL;
 1711 }
 1712 
 1713 /*
 1714  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1715  * add an entry to SP database, when received
 1716  *   <base, address(SD), (lifetime(H),) policy>
 1717  * from the user(?).
 1718  * Adding to SP database,
 1719  * and send
 1720  *   <base, address(SD), (lifetime(H),) policy>
 1721  * to the socket which was send.
 1722  *
 1723  * SPDADD set a unique policy entry.
 1724  * SPDSETIDX like SPDADD without a part of policy requests.
 1725  * SPDUPDATE replace a unique policy entry.
 1726  *
 1727  * m will always be freed.
 1728  */
 1729 static int
 1730 key_spdadd(so, m, mhp)
 1731         struct socket *so;
 1732         struct mbuf *m;
 1733         const struct sadb_msghdr *mhp;
 1734 {
 1735         struct sadb_address *src0 = NULL, *dst0 = NULL;
 1736         struct sadb_x_policy *xpl0, *xpl;
 1737         struct sadb_lifetime *lft = NULL;
 1738         struct secpolicyindex spidx;
 1739         struct secpolicy *newsp;
 1740         struct ipsecrequest *isr;
 1741         int error;
 1742         int spidxmode;
 1743 
 1744         /* sanity check */
 1745         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 1746                 panic("key_spdadd: NULL pointer is passed.");
 1747 
 1748         if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 1749             mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
 1750                 ;
 1751         } else {
 1752                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1753                 return key_senderror(so, m, EINVAL);
 1754         }
 1755         if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1756                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1757                 return key_senderror(so, m, EINVAL);
 1758         }
 1759         if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
 1760              mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
 1761             (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
 1762              mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
 1763             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1764                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1765                 return key_senderror(so, m, EINVAL);
 1766         }
 1767         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1768                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1769                         < sizeof(struct sadb_lifetime)) {
 1770                         ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1771                         return key_senderror(so, m, EINVAL);
 1772                 }
 1773                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1774         }
 1775 
 1776         /* spidx mode, or tag mode */
 1777         spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
 1778 
 1779         if (spidxmode) {
 1780                 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1781                 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1782                 /* make secindex */
 1783                 /* XXX boundary check against sa_len */
 1784                 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
 1785                     src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
 1786                     src0->sadb_address_proto, &spidx);
 1787         }
 1788         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1789 
 1790         /* checking the direciton. */
 1791         switch (xpl0->sadb_x_policy_dir) {
 1792         case IPSEC_DIR_INBOUND:
 1793         case IPSEC_DIR_OUTBOUND:
 1794                 break;
 1795         default:
 1796                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
 1797                 mhp->msg->sadb_msg_errno = EINVAL;
 1798                 return 0;
 1799         }
 1800 
 1801         /* check policy */
 1802         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1803         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
 1804             xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1805                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
 1806                 return key_senderror(so, m, EINVAL);
 1807         }
 1808 
 1809         /* policy requests are mandatory when action is ipsec. */
 1810         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
 1811             xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
 1812             mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1813                 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
 1814                 return key_senderror(so, m, EINVAL);
 1815         }
 1816 
 1817         /*
 1818          * checking there is SP already or not.
 1819          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1820          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1821          * then error.
 1822          */
 1823         if (xpl0->sadb_x_policy_id != 0)
 1824                 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
 1825         else if (spidxmode)
 1826                 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
 1827         else
 1828                 newsp = NULL;
 1829 
 1830         if (newsp && (newsp->readonly || newsp->persist)) {
 1831                 ipseclog((LOG_DEBUG,
 1832                     "key_spdadd: tried to alter readonly/persistent SP.\n"));
 1833                 return key_senderror(so, m, EPERM);
 1834         }
 1835 
 1836         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1837                 if (newsp) {
 1838                         key_sp_dead(newsp);
 1839                         key_freesp(newsp);      /* ref gained by key_getsp */
 1840                         key_sp_unlink(newsp);
 1841                         newsp = NULL;
 1842                 }
 1843         } else {
 1844                 if (newsp != NULL) {
 1845                         key_freesp(newsp);
 1846                         ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
 1847                         return key_senderror(so, m, EEXIST);
 1848                 }
 1849         }
 1850 
 1851         /* allocation new SP entry */
 1852         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1853                 return key_senderror(so, m, error);
 1854         }
 1855 
 1856         if (spidxmode) {
 1857                 error = keydb_setsecpolicyindex(newsp, &spidx);
 1858                 if (error) {
 1859                         keydb_delsecpolicy(newsp);
 1860                         return key_senderror(so, m, error);
 1861                 }
 1862 
 1863                 /* sanity check on addr pair */
 1864                 if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1865                                 ((struct sockaddr *)(dst0 + 1))->sa_family) {
 1866                         keydb_delsecpolicy(newsp);
 1867                         return key_senderror(so, m, EINVAL);
 1868                 }
 1869                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1870                                 ((struct sockaddr *)(dst0 + 1))->sa_len) {
 1871                         keydb_delsecpolicy(newsp);
 1872                         return key_senderror(so, m, EINVAL);
 1873                 }
 1874         }
 1875 
 1876         for (isr = newsp->req; isr; isr = isr->next) {
 1877                 struct sockaddr *sa;
 1878 
 1879                 /*
 1880                  * port spec is not permitted for tunnel mode
 1881                  */
 1882                 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
 1883                         sa = (struct sockaddr *)(src0 + 1);
 1884                         switch (sa->sa_family) {
 1885                         case AF_INET:
 1886                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1887                                         keydb_delsecpolicy(newsp);
 1888                                         return key_senderror(so, m, EINVAL);
 1889                                 }
 1890                                 break;
 1891                         case AF_INET6:
 1892                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1893                                         keydb_delsecpolicy(newsp);
 1894                                         return key_senderror(so, m, EINVAL);
 1895                                 }
 1896                                 break;
 1897                         default:
 1898                                 break;
 1899                         }
 1900                         sa = (struct sockaddr *)(dst0 + 1);
 1901                         switch (sa->sa_family) {
 1902                         case AF_INET:
 1903                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1904                                         keydb_delsecpolicy(newsp);
 1905                                         return key_senderror(so, m, EINVAL);
 1906                                 }
 1907                                 break;
 1908                         case AF_INET6:
 1909                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1910                                         keydb_delsecpolicy(newsp);
 1911                                         return key_senderror(so, m, EINVAL);
 1912                                 }
 1913                                 break;
 1914                         default:
 1915                                 break;
 1916                         }
 1917                 }
 1918         }
 1919 
 1920         /*
 1921          * bark if we have different address family on tunnel address
 1922          * specification.  applies only if we decapsulate in RFC2401
 1923          * IPsec (implementation limitation).
 1924          */
 1925         for (isr = newsp->req; isr; isr = isr->next) {
 1926                 struct sockaddr *sa;
 1927 
 1928                 if (isr->saidx.src.ss_family && src0) {
 1929                         sa = (struct sockaddr *)(src0 + 1);
 1930                         if (sa->sa_family != isr->saidx.src.ss_family) {
 1931                                 keydb_delsecpolicy(newsp);
 1932                                 return key_senderror(so, m, EINVAL);
 1933                         }
 1934                 }
 1935                 if (isr->saidx.dst.ss_family && dst0) {
 1936                         sa = (struct sockaddr *)(dst0 + 1);
 1937                         if (sa->sa_family != isr->saidx.dst.ss_family) {
 1938                                 keydb_delsecpolicy(newsp);
 1939                                 return key_senderror(so, m, EINVAL);
 1940                         }
 1941                 }
 1942         }
 1943 
 1944         newsp->created = time_second;
 1945         newsp->lastused = time_second;
 1946         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1947         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1948 
 1949         newsp->state = IPSEC_SPSTATE_ALIVE;
 1950         LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
 1951 
 1952         /* delete the entry in spacqtree */
 1953         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
 1954             mhp->ext[SADB_EXT_ADDRESS_SRC]) {
 1955                 struct secspacq *spacq;
 1956                 if ((spacq = key_getspacq(&spidx)) != NULL) {
 1957                         /* reset counter in order to deletion by timehandler. */
 1958                         spacq->created = time_second;
 1959                         spacq->count = 0;
 1960                 }
 1961         }
 1962 
 1963         /* invalidate all cached SPD pointers on pcb */
 1964         ipsec_invalpcbcacheall();
 1965 
 1966     {
 1967         struct mbuf *n, *mpolicy;
 1968         struct sadb_msg *newmsg;
 1969         int off;
 1970 
 1971         /* create new sadb_msg to reply. */
 1972         if (lft) {
 1973                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1974                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1975                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1976         } else {
 1977                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1978                     SADB_X_EXT_POLICY,
 1979                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1980         }
 1981         if (!n)
 1982                 return key_senderror(so, m, ENOBUFS);
 1983 
 1984         if (n->m_len < sizeof(*newmsg)) {
 1985                 n = m_pullup(n, sizeof(*newmsg));
 1986                 if (!n)
 1987                         return key_senderror(so, m, ENOBUFS);
 1988         }
 1989         newmsg = mtod(n, struct sadb_msg *);
 1990         newmsg->sadb_msg_errno = 0;
 1991         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 1992 
 1993         off = 0;
 1994         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 1995             sizeof(*xpl), &off);
 1996         if (mpolicy == NULL) {
 1997                 /* n is already freed */
 1998                 return key_senderror(so, m, ENOBUFS);
 1999         }
 2000         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 2001         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 2002                 m_freem(n);
 2003                 return key_senderror(so, m, EINVAL);
 2004         }
 2005         xpl->sadb_x_policy_id = newsp->id;
 2006 
 2007         m_freem(m);
 2008         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2009     }
 2010 }
 2011 
 2012 /*
 2013  * SADB_SPDDELETE processing
 2014  * receive
 2015  *   <base, address(SD), policy(*)>
 2016  * from the user(?), and set SADB_SASTATE_DEAD,
 2017  * and send,
 2018  *   <base, address(SD), policy(*)>
 2019  * to the ikmpd.
 2020  * policy(*) including the direction of the policy.
 2021  *
 2022  * m will always be freed.
 2023  */
 2024 static int
 2025 key_spddelete(so, m, mhp)
 2026         struct socket *so;
 2027         struct mbuf *m;
 2028         const struct sadb_msghdr *mhp;
 2029 {
 2030         struct sadb_address *src0, *dst0;
 2031         struct sadb_x_policy *xpl0;
 2032         struct secpolicyindex spidx;
 2033         struct secpolicy *sp;
 2034 
 2035         /* sanity check */
 2036         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2037                 panic("key_spddelete: NULL pointer is passed.");
 2038 
 2039         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2040             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2041             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2042                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2043                 return key_senderror(so, m, EINVAL);
 2044         }
 2045         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2046             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2047             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2048                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2049                 return key_senderror(so, m, EINVAL);
 2050         }
 2051 
 2052         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2053         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2054         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2055 
 2056         /* make secindex */
 2057         /* XXX boundary check against sa_len */
 2058         KEY_SETSECSPIDX(src0 + 1,
 2059                         dst0 + 1,
 2060                         src0->sadb_address_prefixlen,
 2061                         dst0->sadb_address_prefixlen,
 2062                         src0->sadb_address_proto,
 2063                         &spidx);
 2064 
 2065         /* checking the direciton. */
 2066         switch (xpl0->sadb_x_policy_dir) {
 2067         case IPSEC_DIR_INBOUND:
 2068         case IPSEC_DIR_OUTBOUND:
 2069                 break;
 2070         default:
 2071                 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
 2072                 return key_senderror(so, m, EINVAL);
 2073         }
 2074 
 2075         /* Is there SP in SPD ? */
 2076         if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
 2077                 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
 2078                 return key_senderror(so, m, EINVAL);
 2079         }
 2080 
 2081         if (sp->persist) {
 2082                 ipseclog((LOG_DEBUG,
 2083                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2084                     sp->id));
 2085                 key_freesp(sp); /* ref gained by key_getsp */
 2086                 return key_senderror(so, m, EPERM);
 2087         }
 2088 
 2089         /* save policy id to be returned. */
 2090         xpl0->sadb_x_policy_id = sp->id;
 2091 
 2092         key_sp_dead(sp);
 2093         key_freesp(sp); /* ref gained by key_getsp */
 2094         key_sp_unlink(sp);
 2095         sp = NULL;
 2096 
 2097         /* invalidate all cached SPD pointers on pcb */
 2098         ipsec_invalpcbcacheall();
 2099 
 2100     {
 2101         struct mbuf *n;
 2102         struct sadb_msg *newmsg;
 2103 
 2104         /* create new sadb_msg to reply. */
 2105         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2106             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2107         if (!n)
 2108                 return key_senderror(so, m, ENOBUFS);
 2109 
 2110         newmsg = mtod(n, struct sadb_msg *);
 2111         newmsg->sadb_msg_errno = 0;
 2112         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2113 
 2114         m_freem(m);
 2115         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2116     }
 2117 }
 2118 
 2119 /*
 2120  * SADB_SPDDELETE2 processing
 2121  * receive
 2122  *   <base, policy(*)>
 2123  * from the user(?), and set SADB_SASTATE_DEAD,
 2124  * and send,
 2125  *   <base, policy(*)>
 2126  * to the ikmpd.
 2127  * policy(*) including the policy id.
 2128  *
 2129  * m will always be freed.
 2130  */
 2131 static int
 2132 key_spddelete2(so, m, mhp)
 2133         struct socket *so;
 2134         struct mbuf *m;
 2135         const struct sadb_msghdr *mhp;
 2136 {
 2137         u_int32_t id;
 2138         struct secpolicy *sp;
 2139 
 2140         /* sanity check */
 2141         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2142                 panic("key_spddelete2: NULL pointer is passed.");
 2143 
 2144         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2145             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2146                 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
 2147                 return key_senderror(so, m, EINVAL);
 2148         }
 2149 
 2150         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2151 
 2152         /* Is there SP in SPD ? */
 2153         if ((sp = key_getspbyid(id)) == NULL) {
 2154                 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
 2155                     id));
 2156                 return key_senderror(so, m, EINVAL);
 2157         }
 2158 
 2159         if (sp->persist) {
 2160                 ipseclog((LOG_DEBUG,
 2161                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2162                     id));
 2163                 key_freesp(sp); /* ref gained by key_getspbyid */
 2164                 return key_senderror(so, m, EPERM);
 2165         }
 2166 
 2167         key_sp_dead(sp);
 2168         key_freesp(sp); /* ref gained by key_getspbyid */
 2169         key_sp_unlink(sp);
 2170         sp = NULL;
 2171 
 2172         /* invalidate all cached SPD pointers on pcb */
 2173         ipsec_invalpcbcacheall();
 2174 
 2175     {
 2176         struct mbuf *n, *nn;
 2177         struct sadb_msg *newmsg;
 2178         int off, len;
 2179 
 2180         /* create new sadb_msg to reply. */
 2181         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2182 
 2183         if (len > MCLBYTES)
 2184                 return key_senderror(so, m, ENOBUFS);
 2185         MGETHDR(n, M_DONTWAIT, MT_DATA);
 2186         if (n && len > MHLEN) {
 2187                 MCLGET(n, M_DONTWAIT);
 2188                 if ((n->m_flags & M_EXT) == 0) {
 2189                         m_freem(n);
 2190                         n = NULL;
 2191                 }
 2192         }
 2193         if (!n)
 2194                 return key_senderror(so, m, ENOBUFS);
 2195 
 2196         n->m_len = len;
 2197         n->m_next = NULL;
 2198         off = 0;
 2199 
 2200         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2201         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2202 
 2203 #ifdef DIAGNOSTIC
 2204         if (off != len)
 2205                 panic("length inconsistency in key_spddelete2");
 2206 #endif
 2207 
 2208         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2209             mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
 2210         if (!n->m_next) {
 2211                 m_freem(n);
 2212                 return key_senderror(so, m, ENOBUFS);
 2213         }
 2214 
 2215         n->m_pkthdr.len = 0;
 2216         for (nn = n; nn; nn = nn->m_next)
 2217                 n->m_pkthdr.len += nn->m_len;
 2218 
 2219         newmsg = mtod(n, struct sadb_msg *);
 2220         newmsg->sadb_msg_errno = 0;
 2221         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2222 
 2223         m_freem(m);
 2224         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2225     }
 2226 }
 2227 
 2228 /*
 2229  * SADB_X_SPDGET processing
 2230  * receive
 2231  *   <base, policy(*)>
 2232  * from the user(?),
 2233  * and send,
 2234  *   <base, address(SD), policy>
 2235  * to the ikmpd.
 2236  * policy(*) including direction of policy.
 2237  *
 2238  * m will always be freed.
 2239  */
 2240 static int
 2241 key_spdget(so, m, mhp)
 2242         struct socket *so;
 2243         struct mbuf *m;
 2244         const struct sadb_msghdr *mhp;
 2245 {
 2246         u_int32_t id;
 2247         struct secpolicy *sp;
 2248         struct mbuf *n;
 2249 
 2250         /* sanity check */
 2251         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2252                 panic("key_spdget: NULL pointer is passed.");
 2253 
 2254         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2255             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2256                 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
 2257                 return key_senderror(so, m, EINVAL);
 2258         }
 2259 
 2260         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2261 
 2262         /* Is there SP in SPD ? */
 2263         if ((sp = key_getspbyid(id)) == NULL) {
 2264                 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
 2265                 return key_senderror(so, m, ENOENT);
 2266         }
 2267 
 2268         n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
 2269         key_freesp(sp); /* ref gained by key_getspbyid */
 2270         if (n != NULL) {
 2271                 m_freem(m);
 2272                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2273         } else
 2274                 return key_senderror(so, m, ENOBUFS);
 2275 }
 2276 
 2277 /*
 2278  * SADB_X_SPDACQUIRE processing.
 2279  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2280  * send
 2281  *   <base, policy(*)>
 2282  * to KMD, and expect to receive
 2283  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2284  * or
 2285  *   <base, policy>
 2286  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2287  * policy(*) is without policy requests.
 2288  *
 2289  *    0     : succeed
 2290  *    others: error number
 2291  */
 2292 int
 2293 key_spdacquire(sp)
 2294         struct secpolicy *sp;
 2295 {
 2296         struct mbuf *result = NULL, *m;
 2297 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2298         struct secspacq *newspacq;
 2299 #endif
 2300         int error = -1;
 2301 
 2302         /* sanity check */
 2303         if (sp == NULL)
 2304                 panic("key_spdacquire: NULL pointer is passed.");
 2305         if (sp->req != NULL)
 2306                 panic("key_spdacquire: called but there is request.");
 2307         if (sp->policy != IPSEC_POLICY_IPSEC)
 2308                 panic("key_spdacquire: policy mismathed. IPsec is expected.");
 2309         if (!sp->spidx) {
 2310                 error = EOPNOTSUPP;
 2311                 goto fail;
 2312         }
 2313 
 2314 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2315         /* get an entry to check whether sent message or not. */
 2316         if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
 2317                 if (key_blockacq_count < newspacq->count) {
 2318                         /* reset counter and do send message. */
 2319                         newspacq->count = 0;
 2320                 } else {
 2321                         /* increment counter and do nothing. */
 2322                         newspacq->count++;
 2323                         return 0;
 2324                 }
 2325         } else {
 2326                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2327                 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
 2328                         return ENOBUFS;
 2329 
 2330                 /* add to acqtree */
 2331                 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
 2332         }
 2333 #endif
 2334 
 2335         /* create new sadb_msg to reply. */
 2336         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2337         if (!m) {
 2338                 error = ENOBUFS;
 2339                 goto fail;
 2340         }
 2341         result = m;
 2342 
 2343         /* set sadb_x_policy */
 2344         if (sp) {
 2345                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 2346                 if (!m) {
 2347                         error = ENOBUFS;
 2348                         goto fail;
 2349                 }
 2350                 m_cat(result, m);
 2351         }
 2352 
 2353         result->m_pkthdr.len = 0;
 2354         for (m = result; m; m = m->m_next)
 2355                 result->m_pkthdr.len += m->m_len;
 2356 
 2357         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2358             PFKEY_UNIT64(result->m_pkthdr.len);
 2359 
 2360         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2361 
 2362 fail:
 2363         if (result)
 2364                 m_freem(result);
 2365         return error;
 2366 }
 2367 
 2368 /*
 2369  * SADB_SPDFLUSH processing
 2370  * receive
 2371  *   <base>
 2372  * from the user, and free all entries in secpctree.
 2373  * and send,
 2374  *   <base>
 2375  * to the user.
 2376  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2377  *
 2378  * m will always be freed.
 2379  */
 2380 static int
 2381 key_spdflush(so, m, mhp)
 2382         struct socket *so;
 2383         struct mbuf *m;
 2384         const struct sadb_msghdr *mhp;
 2385 {
 2386         struct sadb_msg *newmsg;
 2387         struct secpolicy *sp, *nextsp;
 2388 
 2389         /* sanity check */
 2390         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2391                 panic("key_spdflush: NULL pointer is passed.");
 2392 
 2393         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2394                 return key_senderror(so, m, EINVAL);
 2395 
 2396         for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
 2397                 nextsp = TAILQ_NEXT(sp, tailq);
 2398                 if (sp->persist)
 2399                         continue;
 2400                 if (sp->state == IPSEC_SPSTATE_DEAD)
 2401                         continue;
 2402                 key_sp_dead(sp);
 2403                 key_sp_unlink(sp);
 2404                 sp = NULL;
 2405         }
 2406 
 2407         /* invalidate all cached SPD pointers on pcb */
 2408         ipsec_invalpcbcacheall();
 2409 
 2410         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2411                 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
 2412                 return key_senderror(so, m, ENOBUFS);
 2413         }
 2414 
 2415         if (m->m_next)
 2416                 m_freem(m->m_next);
 2417         m->m_next = NULL;
 2418         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2419         newmsg = mtod(m, struct sadb_msg *);
 2420         newmsg->sadb_msg_errno = 0;
 2421         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2422 
 2423         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2424 }
 2425 
 2426 /*
 2427  * SADB_SPDDUMP processing
 2428  * receive
 2429  *   <base>
 2430  * from the user, and dump all SP leaves
 2431  * and send,
 2432  *   <base> .....
 2433  * to the ikmpd.
 2434  *
 2435  * m will always be freed.
 2436  */
 2437 static int
 2438 key_spddump(so, m, mhp)
 2439         struct socket *so;
 2440         struct mbuf *m;
 2441         const struct sadb_msghdr *mhp;
 2442 {
 2443         struct secpolicy *sp;
 2444         int cnt;
 2445         u_int dir;
 2446         struct mbuf *n;
 2447 
 2448         /* sanity check */
 2449         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2450                 panic("key_spddump: NULL pointer is passed.");
 2451 
 2452         /* search SPD entry and get buffer size. */
 2453         cnt = 0;
 2454         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2455                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2456                         cnt++;
 2457                 }
 2458         }
 2459 
 2460         if (cnt == 0)
 2461                 return key_senderror(so, m, ENOENT);
 2462 
 2463         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2464                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2465                         --cnt;
 2466                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2467                             mhp->msg->sadb_msg_pid);
 2468 
 2469                         if (n)
 2470                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2471                 }
 2472         }
 2473 
 2474         m_freem(m);
 2475         return 0;
 2476 }
 2477 
 2478 static struct mbuf *
 2479 key_setdumpsp(sp, type, seq, pid)
 2480         struct secpolicy *sp;
 2481         u_int8_t type;
 2482         u_int32_t seq, pid;
 2483 {
 2484         struct mbuf *result = NULL, *m;
 2485 
 2486         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2487         if (!m)
 2488                 goto fail;
 2489         result = m;
 2490 
 2491         if (sp->spidx) {
 2492                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2493                     (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
 2494                     sp->spidx->ul_proto);
 2495                 if (!m)
 2496                         goto fail;
 2497                 m_cat(result, m);
 2498 
 2499                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2500                     (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
 2501                     sp->spidx->ul_proto);
 2502                 if (!m)
 2503                         goto fail;
 2504                 m_cat(result, m);
 2505         }
 2506 
 2507         m = key_sp2msg(sp);
 2508         if (!m)
 2509                 goto fail;
 2510         m_cat(result, m);
 2511 
 2512         m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
 2513                 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
 2514         if (!m)
 2515                 goto fail;
 2516         m_cat(result, m);
 2517 
 2518         m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
 2519                 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
 2520         if (!m)
 2521                 goto fail;
 2522         m_cat(result, m);
 2523 
 2524         if ((result->m_flags & M_PKTHDR) == 0)
 2525                 goto fail;
 2526 
 2527         if (result->m_len < sizeof(struct sadb_msg)) {
 2528                 result = m_pullup(result, sizeof(struct sadb_msg));
 2529                 if (result == NULL)
 2530                         goto fail;
 2531         }
 2532 
 2533         result->m_pkthdr.len = 0;
 2534         for (m = result; m; m = m->m_next)
 2535                 result->m_pkthdr.len += m->m_len;
 2536 
 2537         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2538             PFKEY_UNIT64(result->m_pkthdr.len);
 2539 
 2540         return result;
 2541 
 2542 fail:
 2543         m_freem(result);
 2544         return NULL;
 2545 }
 2546 
 2547 /*
 2548  * get PFKEY message length for security policy and request.
 2549  */
 2550 static u_int
 2551 key_getspreqmsglen(sp)
 2552         struct secpolicy *sp;
 2553 {
 2554         u_int tlen;
 2555 
 2556         tlen = sizeof(struct sadb_x_policy);
 2557 
 2558         /* if is the policy for ipsec ? */
 2559         if (sp->policy != IPSEC_POLICY_IPSEC)
 2560                 return tlen;
 2561 
 2562         /* get length of ipsec requests */
 2563     {
 2564         struct ipsecrequest *isr;
 2565         int len;
 2566 
 2567         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2568                 len = sizeof(struct sadb_x_ipsecrequest)
 2569                         + isr->saidx.src.ss_len
 2570                         + isr->saidx.dst.ss_len;
 2571 
 2572                 tlen += PFKEY_ALIGN8(len);
 2573         }
 2574     }
 2575 
 2576         return tlen;
 2577 }
 2578 
 2579 /*
 2580  * SADB_X_SPDEXPIRE processing
 2581  * send
 2582  *   <base, address(SD), lifetime(CH), policy>
 2583  * to KMD by PF_KEY.
 2584  *
 2585  * OUT: 0       : succeed
 2586  *      others  : error number
 2587  */
 2588 static int
 2589 key_spdexpire(sp)
 2590         struct secpolicy *sp;
 2591 {
 2592         int s;
 2593         struct mbuf *result = NULL, *m;
 2594         int len;
 2595         int error = -1;
 2596         struct sadb_lifetime *lt;
 2597 
 2598         /* XXX: Why do we lock ? */
 2599         s = splnet();   /*called from softclock()*/
 2600 
 2601         /* sanity check */
 2602         if (sp == NULL)
 2603                 panic("key_spdexpire: NULL pointer is passed.");
 2604 
 2605         /* set msg header */
 2606         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2607         if (!m) {
 2608                 error = ENOBUFS;
 2609                 goto fail;
 2610         }
 2611         result = m;
 2612 
 2613         /* create lifetime extension (current and hard) */
 2614         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2615         m = key_alloc_mbuf(len);
 2616         if (!m || m->m_next) {  /*XXX*/
 2617                 if (m)
 2618                         m_freem(m);
 2619                 error = ENOBUFS;
 2620                 goto fail;
 2621         }
 2622         bzero(mtod(m, caddr_t), len);
 2623         lt = mtod(m, struct sadb_lifetime *);
 2624         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2625         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2626         lt->sadb_lifetime_allocations = 0;
 2627         lt->sadb_lifetime_bytes = 0;
 2628         lt->sadb_lifetime_addtime = sp->created;
 2629         lt->sadb_lifetime_usetime = sp->lastused;
 2630         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2631         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2632         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2633         lt->sadb_lifetime_allocations = 0;
 2634         lt->sadb_lifetime_bytes = 0;
 2635         lt->sadb_lifetime_addtime = sp->lifetime;
 2636         lt->sadb_lifetime_usetime = sp->validtime;
 2637         m_cat(result, m);
 2638 
 2639         /* set sadb_address for source */
 2640         if (sp->spidx) {
 2641                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2642                     (struct sockaddr *)&sp->spidx->src,
 2643                     sp->spidx->prefs, sp->spidx->ul_proto);
 2644                 if (!m) {
 2645                         error = ENOBUFS;
 2646                         goto fail;
 2647                 }
 2648                 m_cat(result, m);
 2649 
 2650                 /* set sadb_address for destination */
 2651                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2652                     (struct sockaddr *)&sp->spidx->dst,
 2653                     sp->spidx->prefd, sp->spidx->ul_proto);
 2654                 if (!m) {
 2655                         error = ENOBUFS;
 2656                         goto fail;
 2657                 }
 2658                 m_cat(result, m);
 2659         }
 2660 
 2661         /* set secpolicy */
 2662         m = key_sp2msg(sp);
 2663         if (!m) {
 2664                 error = ENOBUFS;
 2665                 goto fail;
 2666         }
 2667         m_cat(result, m);
 2668 
 2669         if ((result->m_flags & M_PKTHDR) == 0) {
 2670                 error = EINVAL;
 2671                 goto fail;
 2672         }
 2673 
 2674         if (result->m_len < sizeof(struct sadb_msg)) {
 2675                 result = m_pullup(result, sizeof(struct sadb_msg));
 2676                 if (result == NULL) {
 2677                         error = ENOBUFS;
 2678                         goto fail;
 2679                 }
 2680         }
 2681 
 2682         result->m_pkthdr.len = 0;
 2683         for (m = result; m; m = m->m_next)
 2684                 result->m_pkthdr.len += m->m_len;
 2685 
 2686         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2687             PFKEY_UNIT64(result->m_pkthdr.len);
 2688 
 2689         splx(s);
 2690         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2691 
 2692  fail:
 2693         if (result)
 2694                 m_freem(result);
 2695         splx(s);
 2696         return error;
 2697 }
 2698 
 2699 /* %%% SAD management */
 2700 /*
 2701  * allocating a memory for new SA head, and copy from the values of mhp.
 2702  * OUT: NULL    : failure due to the lack of memory.
 2703  *      others  : pointer to new SA head.
 2704  */
 2705 static struct secashead *
 2706 key_newsah(saidx)
 2707         struct secasindex *saidx;
 2708 {
 2709         struct secashead *newsah;
 2710 
 2711         /* sanity check */
 2712         if (saidx == NULL)
 2713                 panic("key_newsaidx: NULL pointer is passed.");
 2714 
 2715         newsah = keydb_newsecashead();
 2716         if (newsah == NULL)
 2717                 return NULL;
 2718 
 2719         bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
 2720 
 2721         /* add to saidxtree */
 2722         newsah->state = SADB_SASTATE_MATURE;
 2723         LIST_INSERT_HEAD(&sahtree, newsah, chain);
 2724 
 2725         return (newsah);
 2726 }
 2727 
 2728 /*
 2729  * delete SA index and all SA registerd.
 2730  */
 2731 static void
 2732 key_delsah(sah)
 2733         struct secashead *sah;
 2734 {
 2735         struct secasvar *sav, *nextsav;
 2736         u_int stateidx, state;
 2737         int s;
 2738         int zombie = 0;
 2739 
 2740         /* sanity check */
 2741         if (sah == NULL)
 2742                 panic("key_delsah: NULL pointer is passed.");
 2743 
 2744         s = splnet();   /*called from softclock()*/
 2745 
 2746         /* searching all SA registerd in the secindex. */
 2747         for (stateidx = 0;
 2748              stateidx < _ARRAYLEN(saorder_state_any);
 2749              stateidx++) {
 2750 
 2751                 state = saorder_state_any[stateidx];
 2752                 for (sav = LIST_FIRST(&sah->savtree[state]);
 2753                      sav != NULL;
 2754                      sav = nextsav) {
 2755 
 2756                         nextsav = LIST_NEXT(sav, chain);
 2757 
 2758                         if (sav->refcnt > 0) {
 2759                                 /* give up to delete this sa */
 2760                                 zombie++;
 2761                                 continue;
 2762                         }
 2763 
 2764                         /* sanity check */
 2765                         KEY_CHKSASTATE(state, sav->state, "key_delsah");
 2766 
 2767                         /* remove back pointer */
 2768                         sav->sah = NULL;
 2769 
 2770                         key_freesav(sav);
 2771 
 2772                         sav = NULL;
 2773                 }
 2774         }
 2775 
 2776         /* delete sah only if there's no sav. */
 2777         if (zombie) {
 2778                 splx(s);
 2779                 return;
 2780         }
 2781 
 2782         if (sah->sa_route.ro_rt) {
 2783                 RTFREE(sah->sa_route.ro_rt);
 2784                 sah->sa_route.ro_rt = (struct rtentry *)NULL;
 2785         }
 2786 
 2787         /* remove from tree of SA index */
 2788         if (__LIST_CHAINED(sah))
 2789                 LIST_REMOVE(sah, chain);
 2790 
 2791         KFREE(sah);
 2792 
 2793         splx(s);
 2794         return;
 2795 }
 2796 
 2797 /*
 2798  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2799  * and copy the values of mhp into new buffer.
 2800  * When SAD message type is GETSPI:
 2801  *      to set sequence number from acq_seq++,
 2802  *      to set zero to SPI.
 2803  *      not to call key_setsava().
 2804  * OUT: NULL    : fail
 2805  *      others  : pointer to new secasvar.
 2806  *
 2807  * does not modify mbuf.  does not free mbuf on error.
 2808  */
 2809 static struct secasvar *
 2810 key_newsav(m, mhp, sah, errp)
 2811         struct mbuf *m;
 2812         const struct sadb_msghdr *mhp;
 2813         struct secashead *sah;
 2814         int *errp;
 2815 {
 2816         struct secasvar *newsav;
 2817         const struct sadb_sa *xsa;
 2818 
 2819         /* sanity check */
 2820         if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
 2821                 panic("key_newsa: NULL pointer is passed.");
 2822 
 2823         newsav = keydb_newsecasvar();
 2824         if (newsav == NULL) {
 2825                 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
 2826                 *errp = ENOBUFS;
 2827                 return NULL;
 2828         }
 2829 
 2830         switch (mhp->msg->sadb_msg_type) {
 2831         case SADB_GETSPI:
 2832                 key_setspi(newsav, 0);
 2833 
 2834 #ifdef IPSEC_DOSEQCHECK
 2835                 /* sync sequence number */
 2836                 if (mhp->msg->sadb_msg_seq == 0)
 2837                         newsav->seq =
 2838                                 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 2839                 else
 2840 #endif
 2841                         newsav->seq = mhp->msg->sadb_msg_seq;
 2842                 break;
 2843 
 2844         case SADB_ADD:
 2845                 /* sanity check */
 2846                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2847                         KFREE(newsav);
 2848                         ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
 2849                         *errp = EINVAL;
 2850                         return NULL;
 2851                 }
 2852                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2853                 key_setspi(newsav, xsa->sadb_sa_spi);
 2854                 newsav->seq = mhp->msg->sadb_msg_seq;
 2855                 break;
 2856         default:
 2857                 KFREE(newsav);
 2858                 *errp = EINVAL;
 2859                 return NULL;
 2860         }
 2861 
 2862         /* copy sav values */
 2863         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2864                 *errp = key_setsaval(newsav, m, mhp);
 2865                 if (*errp) {
 2866                         KFREE(newsav);
 2867                         return NULL;
 2868                 }
 2869         }
 2870 
 2871         /* reset created */
 2872         newsav->created = time_second;
 2873 
 2874         newsav->pid = mhp->msg->sadb_msg_pid;
 2875 
 2876         /* add to satree */
 2877         newsav->sah = sah;
 2878         newsav->refcnt = 1;
 2879         newsav->state = SADB_SASTATE_LARVAL;
 2880         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2881                         secasvar, chain);
 2882 
 2883         return newsav;
 2884 }
 2885 
 2886 /*
 2887  * search SAD.
 2888  * OUT:
 2889  *      NULL    : not found
 2890  *      others  : found, pointer to a SA.
 2891  */
 2892 static struct secashead *
 2893 key_getsah(saidx)
 2894         struct secasindex *saidx;
 2895 {
 2896         struct secashead *sah;
 2897 
 2898         LIST_FOREACH(sah, &sahtree, chain) {
 2899                 if (sah->state == SADB_SASTATE_DEAD)
 2900                         continue;
 2901                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
 2902                         return sah;
 2903         }
 2904 
 2905         return NULL;
 2906 }
 2907 
 2908 /*
 2909  * check not to be duplicated SPI.
 2910  * NOTE: this function is too slow due to searching all SAD.
 2911  * OUT:
 2912  *      NULL    : not found
 2913  *      others  : found, pointer to a SA.
 2914  */
 2915 static struct secasvar *
 2916 key_checkspidup(saidx, spi)
 2917         struct secasindex *saidx;
 2918         u_int32_t spi;
 2919 {
 2920         struct secasvar *sav;
 2921         u_int stateidx, state;
 2922 
 2923         /* check address family */
 2924         if (saidx->src.ss_family != saidx->dst.ss_family) {
 2925                 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
 2926                 return NULL;
 2927         }
 2928 
 2929         /* check all SAD */
 2930         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2931                 if (sav->spi != spi)
 2932                         continue;
 2933                 for (stateidx = 0;
 2934                      stateidx < _ARRAYLEN(saorder_state_alive);
 2935                      stateidx++) {
 2936                         state = saorder_state_alive[stateidx];
 2937                         if (sav->state == state &&
 2938                             key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
 2939                                 return sav;
 2940                 }
 2941         }
 2942 
 2943         return NULL;
 2944 }
 2945 
 2946 static void
 2947 key_setspi(sav, spi)
 2948         struct secasvar *sav;
 2949         u_int32_t spi;
 2950 {
 2951         int s;
 2952 
 2953         s = splnet();
 2954         sav->spi = spi;
 2955         if (sav->spihash.le_prev || sav->spihash.le_next)
 2956                 LIST_REMOVE(sav, spihash);
 2957         LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
 2958         splx(s);
 2959 }
 2960 
 2961 /*
 2962  * search SAD litmited alive SA, protocol, SPI.
 2963  * OUT:
 2964  *      NULL    : not found
 2965  *      others  : found, pointer to a SA.
 2966  */
 2967 static struct secasvar *
 2968 key_getsavbyspi(sah, spi)
 2969         struct secashead *sah;
 2970         u_int32_t spi;
 2971 {
 2972         struct secasvar *sav, *match;
 2973         u_int stateidx, state, matchidx;
 2974 
 2975         match = NULL;
 2976         matchidx = _ARRAYLEN(saorder_state_alive);
 2977         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2978                 if (sav->spi != spi)
 2979                         continue;
 2980                 if (sav->sah != sah)
 2981                         continue;
 2982                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
 2983                         state = saorder_state_alive[stateidx];
 2984                         if (sav->state == state) {
 2985                                 match = sav;
 2986                                 matchidx = stateidx;
 2987                                 break;
 2988                         }
 2989                 }
 2990         }
 2991 
 2992         return match;
 2993 }
 2994 
 2995 /*
 2996  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 2997  * You must update these if need.
 2998  * OUT: 0:      success.
 2999  *      !0:     failure.
 3000  *
 3001  * does not modify mbuf.  does not free mbuf on error.
 3002  */
 3003 static int
 3004 key_setsaval(sav, m, mhp)
 3005         struct secasvar *sav;
 3006         struct mbuf *m;
 3007         const struct sadb_msghdr *mhp;
 3008 {
 3009 #ifdef IPSEC_ESP
 3010         const struct esp_algorithm *algo;
 3011 #endif
 3012         int error = 0;
 3013 
 3014         /* sanity check */
 3015         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 3016                 panic("key_setsaval: NULL pointer is passed.");
 3017 
 3018         /* initialization */
 3019         sav->replay = NULL;
 3020         sav->key_auth = NULL;
 3021         sav->key_enc = NULL;
 3022         sav->sched = NULL;
 3023         sav->schedlen = 0;
 3024         sav->iv = NULL;
 3025         sav->lft_c = NULL;
 3026         sav->lft_h = NULL;
 3027         sav->lft_s = NULL;
 3028 
 3029         /* SA */
 3030         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3031                 const struct sadb_sa *sa0;
 3032 
 3033                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3034                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3035                         error = EINVAL;
 3036                         goto fail;
 3037                 }
 3038 
 3039                 sav->alg_auth = sa0->sadb_sa_auth;
 3040                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3041                 sav->flags = sa0->sadb_sa_flags;
 3042 
 3043                 /* replay window */
 3044                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3045                         sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
 3046                         if (sav->replay == NULL) {
 3047                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3048                                 error = ENOBUFS;
 3049                                 goto fail;
 3050                         }
 3051                 }
 3052         }
 3053 
 3054         /* Authentication keys */
 3055         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3056                 const struct sadb_key *key0;
 3057                 int len;
 3058 
 3059                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3060                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3061 
 3062                 error = 0;
 3063                 if (len < sizeof(*key0)) {
 3064                         error = EINVAL;
 3065                         goto fail;
 3066                 }
 3067                 switch (mhp->msg->sadb_msg_satype) {
 3068                 case SADB_SATYPE_AH:
 3069                 case SADB_SATYPE_ESP:
 3070                 case SADB_X_SATYPE_TCPSIGNATURE:
 3071                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3072                             sav->alg_auth != SADB_X_AALG_NULL)
 3073                                 error = EINVAL;
 3074                         break;
 3075                 case SADB_X_SATYPE_IPCOMP:
 3076                 default:
 3077                         error = EINVAL;
 3078                         break;
 3079                 }
 3080                 if (error) {
 3081                         ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
 3082                         goto fail;
 3083                 }
 3084 
 3085                 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
 3086                 if (sav->key_auth == NULL) {
 3087                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3088                         error = ENOBUFS;
 3089                         goto fail;
 3090                 }
 3091         }
 3092 
 3093         /* Encryption key */
 3094         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3095                 const struct sadb_key *key0;
 3096                 int len;
 3097 
 3098                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3099                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3100 
 3101                 error = 0;
 3102                 if (len < sizeof(*key0)) {
 3103                         error = EINVAL;
 3104                         goto fail;
 3105                 }
 3106                 switch (mhp->msg->sadb_msg_satype) {
 3107                 case SADB_SATYPE_ESP:
 3108                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3109                             sav->alg_enc != SADB_EALG_NULL) {
 3110                                 error = EINVAL;
 3111                                 break;
 3112                         }
 3113                         sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
 3114                         if (sav->key_enc == NULL) {
 3115                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3116                                 error = ENOBUFS;
 3117                                 goto fail;
 3118                         }
 3119                         break;
 3120                 case SADB_X_SATYPE_IPCOMP:
 3121                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3122                                 error = EINVAL;
 3123                         sav->key_enc = NULL;    /*just in case*/
 3124                         break;
 3125                 case SADB_SATYPE_AH:
 3126                 case SADB_X_SATYPE_TCPSIGNATURE:
 3127                 default:
 3128                         error = EINVAL;
 3129                         break;
 3130                 }
 3131                 if (error) {
 3132                         ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
 3133                         goto fail;
 3134                 }
 3135         }
 3136 
 3137         /* set iv */
 3138         sav->ivlen = 0;
 3139 
 3140         switch (mhp->msg->sadb_msg_satype) {
 3141         case SADB_SATYPE_ESP:
 3142 #ifdef IPSEC_ESP
 3143                 algo = esp_algorithm_lookup(sav->alg_enc);
 3144                 if (algo && algo->ivlen)
 3145                         sav->ivlen = (*algo->ivlen)(algo, sav);
 3146                 if (sav->ivlen == 0)
 3147                         break;
 3148                 KMALLOC(sav->iv, caddr_t, sav->ivlen);
 3149                 if (sav->iv == 0) {
 3150                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3151                         error = ENOBUFS;
 3152                         goto fail;
 3153                 }
 3154 
 3155                 /* initialize */
 3156                 key_randomfill(sav->iv, sav->ivlen);
 3157 #endif
 3158                 break;
 3159         case SADB_SATYPE_AH:
 3160         case SADB_X_SATYPE_IPCOMP:
 3161         case SADB_X_SATYPE_TCPSIGNATURE:
 3162                 break;
 3163         default:
 3164                 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
 3165                 error = EINVAL;
 3166                 goto fail;
 3167         }
 3168 
 3169         /* reset created */
 3170         sav->created = time_second;
 3171 
 3172         /* make lifetime for CURRENT */
 3173         KMALLOC(sav->lft_c, struct sadb_lifetime *,
 3174             sizeof(struct sadb_lifetime));
 3175         if (sav->lft_c == NULL) {
 3176                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3177                 error = ENOBUFS;
 3178                 goto fail;
 3179         }
 3180 
 3181         sav->lft_c->sadb_lifetime_len =
 3182             PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 3183         sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 3184         sav->lft_c->sadb_lifetime_allocations = 0;
 3185         sav->lft_c->sadb_lifetime_bytes = 0;
 3186         sav->lft_c->sadb_lifetime_addtime = time_second;
 3187         sav->lft_c->sadb_lifetime_usetime = 0;
 3188 
 3189         /* lifetimes for HARD and SOFT */
 3190     {
 3191         const struct sadb_lifetime *lft0;
 3192 
 3193         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3194         if (lft0 != NULL) {
 3195                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3196                         error = EINVAL;
 3197                         goto fail;
 3198                 }
 3199                 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
 3200                     sizeof(*lft0));
 3201                 if (sav->lft_h == NULL) {
 3202                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3203                         error = ENOBUFS;
 3204                         goto fail;
 3205                 }
 3206                 /* we no longer support byte lifetime */
 3207                 if (sav->lft_h->sadb_lifetime_bytes) {
 3208                         error = EINVAL;
 3209                         goto fail;
 3210                 }
 3211                 /* initialize? */
 3212         }
 3213 
 3214         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3215         if (lft0 != NULL) {
 3216                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3217                         error = EINVAL;
 3218                         goto fail;
 3219                 }
 3220                 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
 3221                     sizeof(*lft0));
 3222                 if (sav->lft_s == NULL) {
 3223                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3224                         error = ENOBUFS;
 3225                         goto fail;
 3226                 }
 3227                 /* we no longer support byte lifetime */
 3228                 if (sav->lft_s->sadb_lifetime_bytes) {
 3229                         error = EINVAL;
 3230                         goto fail;
 3231                 }
 3232                 /* initialize? */
 3233         }
 3234     }
 3235 
 3236         return 0;
 3237 
 3238  fail:
 3239         /* initialization */
 3240         if (sav->replay != NULL) {
 3241                 keydb_delsecreplay(sav->replay);
 3242                 sav->replay = NULL;
 3243         }
 3244         if (sav->key_auth != NULL) {
 3245                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 3246                 KFREE(sav->key_auth);
 3247                 sav->key_auth = NULL;
 3248         }
 3249         if (sav->key_enc != NULL) {
 3250                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 3251                 KFREE(sav->key_enc);
 3252                 sav->key_enc = NULL;
 3253         }
 3254         if (sav->sched) {
 3255                 bzero(sav->sched, sav->schedlen);
 3256                 KFREE(sav->sched);
 3257                 sav->sched = NULL;
 3258         }
 3259         if (sav->iv != NULL) {
 3260                 KFREE(sav->iv);
 3261                 sav->iv = NULL;
 3262         }
 3263         if (sav->lft_c != NULL) {
 3264                 KFREE(sav->lft_c);
 3265                 sav->lft_c = NULL;
 3266         }
 3267         if (sav->lft_h != NULL) {
 3268                 KFREE(sav->lft_h);
 3269                 sav->lft_h = NULL;
 3270         }
 3271         if (sav->lft_s != NULL) {
 3272                 KFREE(sav->lft_s);
 3273                 sav->lft_s = NULL;
 3274         }
 3275 
 3276         return error;
 3277 }
 3278 
 3279 /*
 3280  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3281  * OUT: 0:      valid
 3282  *      other:  errno
 3283  */
 3284 static int
 3285 key_mature(sav)
 3286         struct secasvar *sav;
 3287 {
 3288         int mature;
 3289         int checkmask = 0;      /* 2^0: ealg  2^1: aalg  2^2: calg */
 3290         int mustmask = 0;       /* 2^0: ealg  2^1: aalg  2^2: calg */
 3291 
 3292         mature = 0;
 3293 
 3294         /* check SPI value */
 3295         switch (sav->sah->saidx.proto) {
 3296         case IPPROTO_ESP:
 3297         case IPPROTO_AH:
 3298                 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
 3299                         ipseclog((LOG_DEBUG,
 3300                             "key_mature: illegal range of SPI %u.\n",
 3301                             (u_int32_t)ntohl(sav->spi)));
 3302                         return EINVAL;
 3303                 }
 3304                 break;
 3305         }
 3306 
 3307         /* check satype */
 3308         switch (sav->sah->saidx.proto) {
 3309         case IPPROTO_ESP:
 3310                 /* check flags */
 3311                 if ((sav->flags & SADB_X_EXT_OLD) &&
 3312                     (sav->flags & SADB_X_EXT_DERIV)) {
 3313                         ipseclog((LOG_DEBUG, "key_mature: "
 3314                             "invalid flag (derived) given to old-esp.\n"));
 3315                         return EINVAL;
 3316                 }
 3317                 if (sav->alg_auth == SADB_AALG_NONE)
 3318                         checkmask = 1;
 3319                 else
 3320                         checkmask = 3;
 3321                 mustmask = 1;
 3322                 break;
 3323         case IPPROTO_AH:
 3324                 /* check flags */
 3325                 if (sav->flags & SADB_X_EXT_DERIV) {
 3326                         ipseclog((LOG_DEBUG, "key_mature: "
 3327                             "invalid flag (derived) given to AH SA.\n"));
 3328                         return EINVAL;
 3329                 }
 3330                 if (sav->alg_enc != SADB_EALG_NONE) {
 3331                         ipseclog((LOG_DEBUG, "key_mature: "
 3332                             "protocol and algorithm mismated.\n"));
 3333                         return (EINVAL);
 3334                 }
 3335                 checkmask = 2;
 3336                 mustmask = 2;
 3337                 break;
 3338         case IPPROTO_IPCOMP:
 3339                 if (sav->alg_auth != SADB_AALG_NONE) {
 3340                         ipseclog((LOG_DEBUG, "key_mature: "
 3341                                 "protocol and algorithm mismated.\n"));
 3342                         return (EINVAL);
 3343                 }
 3344                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
 3345                     ntohl(sav->spi) >= 0x10000) {
 3346                         ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
 3347                         return (EINVAL);
 3348                 }
 3349                 checkmask = 4;
 3350                 mustmask = 4;
 3351                 break;
 3352         case IPPROTO_TCP:
 3353                 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
 3354                         ipseclog((LOG_DEBUG, "key_mature: unsupported authentication algorithm %u\n",
 3355                             sav->alg_auth));
 3356                         return (EINVAL);
 3357                 }
 3358                 if (sav->alg_enc != SADB_EALG_NONE) {
 3359                         ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
 3360                                 "mismated.\n", __func__));
 3361                         return(EINVAL);
 3362                 }
 3363                 if (sav->spi != htonl(0x1000)) {
 3364                         ipseclog((LOG_DEBUG, "key_mature: SPI must be TCP_SIG_SPI (0x1000)\n"));
 3365                         return (EINVAL);
 3366                 }
 3367                 checkmask = 2;
 3368                 mustmask = 2;
 3369                 break;
 3370         default:
 3371                 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
 3372                 return EPROTONOSUPPORT;
 3373         }
 3374 
 3375         /* check authentication algorithm */
 3376         if ((checkmask & 2) != 0) {
 3377                 const struct ah_algorithm *algo;
 3378                 int keylen;
 3379 
 3380                 algo = ah_algorithm_lookup(sav->alg_auth);
 3381                 if (!algo) {
 3382                         ipseclog((LOG_DEBUG, "key_mature: "
 3383                             "unknown authentication algorithm.\n"));
 3384                         return EINVAL;
 3385                 }
 3386 
 3387                 /* algorithm-dependent check */
 3388                 if (sav->key_auth)
 3389                         keylen = sav->key_auth->sadb_key_bits;
 3390                 else
 3391                         keylen = 0;
 3392                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3393                         ipseclog((LOG_DEBUG,
 3394                             "key_mature: invalid AH key length %d "
 3395                             "(%d-%d allowed)\n",
 3396                             keylen, algo->keymin, algo->keymax));
 3397                         return EINVAL;
 3398                 }
 3399 
 3400                 if (algo->mature) {
 3401                         if ((*algo->mature)(sav)) {
 3402                                 /* message generated in per-algorithm function*/
 3403                                 return EINVAL;
 3404                         } else
 3405                                 mature = SADB_SATYPE_AH;
 3406                 }
 3407 
 3408                 if ((mustmask & 2) != 0 &&  mature != SADB_SATYPE_AH) {
 3409                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
 3410                         return EINVAL;
 3411                 }
 3412         }
 3413 
 3414         /* check encryption algorithm */
 3415         if ((checkmask & 1) != 0) {
 3416 #ifdef IPSEC_ESP
 3417                 const struct esp_algorithm *algo;
 3418                 int keylen;
 3419 
 3420                 algo = esp_algorithm_lookup(sav->alg_enc);
 3421                 if (!algo) {
 3422                         ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
 3423                         return EINVAL;
 3424                 }
 3425 
 3426                 /* algorithm-dependent check */
 3427                 if (sav->key_enc)
 3428                         keylen = sav->key_enc->sadb_key_bits;
 3429                 else
 3430                         keylen = 0;
 3431                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3432                         ipseclog((LOG_DEBUG,
 3433                             "key_mature: invalid ESP key length %d "
 3434                             "(%d-%d allowed)\n",
 3435                             keylen, algo->keymin, algo->keymax));
 3436                         return EINVAL;
 3437                 }
 3438 
 3439                 if (algo->mature) {
 3440                         if ((*algo->mature)(sav)) {
 3441                                 /* message generated in per-algorithm function*/
 3442                                 return EINVAL;
 3443                         } else
 3444                                 mature = SADB_SATYPE_ESP;
 3445                 }
 3446 
 3447                 if ((mustmask & 1) != 0 &&  mature != SADB_SATYPE_ESP) {
 3448                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
 3449                         return EINVAL;
 3450                 }
 3451 #else /*IPSEC_ESP*/
 3452                 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
 3453                 return EINVAL;
 3454 #endif
 3455         }
 3456 
 3457         /* check compression algorithm */
 3458         if ((checkmask & 4) != 0) {
 3459                 const struct ipcomp_algorithm *algo;
 3460 
 3461                 /* algorithm-dependent check */
 3462                 algo = ipcomp_algorithm_lookup(sav->alg_enc);
 3463                 if (!algo) {
 3464                         ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
 3465                         return EINVAL;
 3466                 }
 3467         }
 3468 
 3469         key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3470 
 3471         return 0;
 3472 }
 3473 
 3474 /*
 3475  * subroutine for SADB_GET and SADB_DUMP.
 3476  */
 3477 static struct mbuf *
 3478 key_setdumpsa(sav, type, satype, seq, pid)
 3479         struct secasvar *sav;
 3480         u_int8_t type, satype;
 3481         u_int32_t seq, pid;
 3482 {
 3483         struct mbuf *result = NULL, *tres = NULL, *m;
 3484         int l = 0;
 3485         int i;
 3486         void *p;
 3487         int dumporder[] = {
 3488                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3489                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3490                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3491                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3492                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3493                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3494         };
 3495 
 3496         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3497         if (m == NULL)
 3498                 goto fail;
 3499         result = m;
 3500 
 3501         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3502                 m = NULL;
 3503                 p = NULL;
 3504                 switch (dumporder[i]) {
 3505                 case SADB_EXT_SA:
 3506                         m = key_setsadbsa(sav);
 3507                         if (!m)
 3508                                 goto fail;
 3509                         break;
 3510 
 3511                 case SADB_X_EXT_SA2:
 3512                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3513                             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 3514                             sav->sah->saidx.reqid);
 3515                         if (!m)
 3516                                 goto fail;
 3517                         break;
 3518 
 3519                 case SADB_EXT_ADDRESS_SRC:
 3520                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3521                             (struct sockaddr *)&sav->sah->saidx.src,
 3522                             FULLMASK, IPSEC_ULPROTO_ANY);
 3523                         if (!m)
 3524                                 goto fail;
 3525                         break;
 3526 
 3527                 case SADB_EXT_ADDRESS_DST:
 3528                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3529                             (struct sockaddr *)&sav->sah->saidx.dst,
 3530                             FULLMASK, IPSEC_ULPROTO_ANY);
 3531                         if (!m)
 3532                                 goto fail;
 3533                         break;
 3534 
 3535                 case SADB_EXT_KEY_AUTH:
 3536                         if (!sav->key_auth)
 3537                                 continue;
 3538                         l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
 3539                         p = sav->key_auth;
 3540                         break;
 3541 
 3542                 case SADB_EXT_KEY_ENCRYPT:
 3543                         if (!sav->key_enc)
 3544                                 continue;
 3545                         l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
 3546                         p = sav->key_enc;
 3547                         break;
 3548 
 3549                 case SADB_EXT_LIFETIME_CURRENT:
 3550                         if (!sav->lft_c)
 3551                                 continue;
 3552                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
 3553                         p = sav->lft_c;
 3554                         break;
 3555 
 3556                 case SADB_EXT_LIFETIME_HARD:
 3557                         if (!sav->lft_h)
 3558                                 continue;
 3559                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
 3560                         p = sav->lft_h;
 3561                         break;
 3562 
 3563                 case SADB_EXT_LIFETIME_SOFT:
 3564                         if (!sav->lft_s)
 3565                                 continue;
 3566                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
 3567                         p = sav->lft_s;
 3568                         break;
 3569 
 3570                 case SADB_EXT_ADDRESS_PROXY:
 3571                 case SADB_EXT_IDENTITY_SRC:
 3572                 case SADB_EXT_IDENTITY_DST:
 3573                         /* XXX: should we brought from SPD ? */
 3574                 case SADB_EXT_SENSITIVITY:
 3575                 default:
 3576                         continue;
 3577                 }
 3578 
 3579                 if ((!m && !p) || (m && p))
 3580                         goto fail;
 3581                 if (p && tres) {
 3582                         M_PREPEND(tres, l, M_DONTWAIT);
 3583                         if (!tres)
 3584                                 goto fail;
 3585                         bcopy(p, mtod(tres, caddr_t), l);
 3586                         continue;
 3587                 }
 3588                 if (p) {
 3589                         m = key_alloc_mbuf(l);
 3590                         if (!m)
 3591                                 goto fail;
 3592                         m_copyback(m, 0, l, p);
 3593                 }
 3594 
 3595                 if (tres)
 3596                         m_cat(m, tres);
 3597                 tres = m;
 3598         }
 3599 
 3600         m_cat(result, tres);
 3601 
 3602         if (result->m_len < sizeof(struct sadb_msg)) {
 3603                 result = m_pullup(result, sizeof(struct sadb_msg));
 3604                 if (result == NULL)
 3605                         goto fail;
 3606         }
 3607 
 3608         result->m_pkthdr.len = 0;
 3609         for (m = result; m; m = m->m_next)
 3610                 result->m_pkthdr.len += m->m_len;
 3611 
 3612         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3613             PFKEY_UNIT64(result->m_pkthdr.len);
 3614 
 3615         return result;
 3616 
 3617 fail:
 3618         m_freem(result);
 3619         m_freem(tres);
 3620         return NULL;
 3621 }
 3622 
 3623 /*
 3624  * set data into sadb_msg.
 3625  */
 3626 static struct mbuf *
 3627 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
 3628         u_int8_t type, satype;
 3629         u_int16_t tlen;
 3630         u_int32_t seq;
 3631         pid_t pid;
 3632         u_int16_t reserved;
 3633 {
 3634         struct mbuf *m;
 3635         struct sadb_msg *p;
 3636         int len;
 3637 
 3638         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3639         if (len > MCLBYTES)
 3640                 return NULL;
 3641         MGETHDR(m, M_DONTWAIT, MT_DATA);
 3642         if (m && len > MHLEN) {
 3643                 MCLGET(m, M_DONTWAIT);
 3644                 if ((m->m_flags & M_EXT) == 0) {
 3645                         m_freem(m);
 3646                         m = NULL;
 3647                 }
 3648         }
 3649         if (!m)
 3650                 return NULL;
 3651         m->m_pkthdr.len = m->m_len = len;
 3652         m->m_next = NULL;
 3653 
 3654         p = mtod(m, struct sadb_msg *);
 3655 
 3656         bzero(p, len);
 3657         p->sadb_msg_version = PF_KEY_V2;
 3658         p->sadb_msg_type = type;
 3659         p->sadb_msg_errno = 0;
 3660         p->sadb_msg_satype = satype;
 3661         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3662         p->sadb_msg_reserved = reserved;
 3663         p->sadb_msg_seq = seq;
 3664         p->sadb_msg_pid = (u_int32_t)pid;
 3665 
 3666         return m;
 3667 }
 3668 
 3669 /*
 3670  * copy secasvar data into sadb_address.
 3671  */
 3672 static struct mbuf *
 3673 key_setsadbsa(sav)
 3674         struct secasvar *sav;
 3675 {
 3676         struct mbuf *m;
 3677         struct sadb_sa *p;
 3678         int len;
 3679 
 3680         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3681         m = key_alloc_mbuf(len);
 3682         if (!m || m->m_next) {  /*XXX*/
 3683                 if (m)
 3684                         m_freem(m);
 3685                 return NULL;
 3686         }
 3687 
 3688         p = mtod(m, struct sadb_sa *);
 3689 
 3690         bzero(p, len);
 3691         p->sadb_sa_len = PFKEY_UNIT64(len);
 3692         p->sadb_sa_exttype = SADB_EXT_SA;
 3693         p->sadb_sa_spi = sav->spi;
 3694         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3695         p->sadb_sa_state = sav->state;
 3696         p->sadb_sa_auth = sav->alg_auth;
 3697         p->sadb_sa_encrypt = sav->alg_enc;
 3698         p->sadb_sa_flags = sav->flags;
 3699 
 3700         return m;
 3701 }
 3702 
 3703 /*
 3704  * set data into sadb_address.
 3705  */
 3706 static struct mbuf *
 3707 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
 3708         u_int16_t exttype;
 3709         struct sockaddr *saddr;
 3710         u_int8_t prefixlen;
 3711         u_int16_t ul_proto;
 3712 {
 3713         struct mbuf *m;
 3714         struct sadb_address *p;
 3715         size_t len;
 3716 
 3717         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3718             PFKEY_ALIGN8(saddr->sa_len);
 3719         m = key_alloc_mbuf(len);
 3720         if (!m || m->m_next) {  /*XXX*/
 3721                 if (m)
 3722                         m_freem(m);
 3723                 return NULL;
 3724         }
 3725 
 3726         p = mtod(m, struct sadb_address *);
 3727 
 3728         bzero(p, len);
 3729         p->sadb_address_len = PFKEY_UNIT64(len);
 3730         p->sadb_address_exttype = exttype;
 3731         p->sadb_address_proto = ul_proto;
 3732         if (prefixlen == FULLMASK) {
 3733                 switch (saddr->sa_family) {
 3734                 case AF_INET:
 3735                         prefixlen = sizeof(struct in_addr) << 3;
 3736                         break;
 3737                 case AF_INET6:
 3738                         prefixlen = sizeof(struct in6_addr) << 3;
 3739                         break;
 3740                 default:
 3741                         ; /*XXX*/
 3742                 }
 3743         }
 3744         p->sadb_address_prefixlen = prefixlen;
 3745         p->sadb_address_reserved = 0;
 3746 
 3747         bcopy(saddr,
 3748             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3749             saddr->sa_len);
 3750 
 3751         return m;
 3752 }
 3753 
 3754 #if 0
 3755 /*
 3756  * set data into sadb_ident.
 3757  */
 3758 static struct mbuf *
 3759 key_setsadbident(exttype, idtype, string, stringlen, id)
 3760         u_int16_t exttype, idtype;
 3761         caddr_t string;
 3762         int stringlen;
 3763         u_int64_t id;
 3764 {
 3765         struct mbuf *m;
 3766         struct sadb_ident *p;
 3767         size_t len;
 3768 
 3769         len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
 3770         m = key_alloc_mbuf(len);
 3771         if (!m || m->m_next) {  /*XXX*/
 3772                 if (m)
 3773                         m_freem(m);
 3774                 return NULL;
 3775         }
 3776 
 3777         p = mtod(m, struct sadb_ident *);
 3778 
 3779         bzero(p, len);
 3780         p->sadb_ident_len = PFKEY_UNIT64(len);
 3781         p->sadb_ident_exttype = exttype;
 3782         p->sadb_ident_type = idtype;
 3783         p->sadb_ident_reserved = 0;
 3784         p->sadb_ident_id = id;
 3785 
 3786         bcopy(string,
 3787             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
 3788             stringlen);
 3789 
 3790         return m;
 3791 }
 3792 #endif
 3793 
 3794 /*
 3795  * set data into sadb_x_sa2.
 3796  */
 3797 static struct mbuf *
 3798 key_setsadbxsa2(mode, seq, reqid)
 3799         u_int8_t mode;
 3800         u_int32_t seq, reqid;
 3801 {
 3802         struct mbuf *m;
 3803         struct sadb_x_sa2 *p;
 3804         size_t len;
 3805 
 3806         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3807         m = key_alloc_mbuf(len);
 3808         if (!m || m->m_next) {  /*XXX*/
 3809                 if (m)
 3810                         m_freem(m);
 3811                 return NULL;
 3812         }
 3813 
 3814         p = mtod(m, struct sadb_x_sa2 *);
 3815 
 3816         bzero(p, len);
 3817         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3818         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3819         p->sadb_x_sa2_mode = mode;
 3820         p->sadb_x_sa2_reserved1 = 0;
 3821         p->sadb_x_sa2_reserved2 = 0;
 3822         p->sadb_x_sa2_sequence = seq;
 3823         p->sadb_x_sa2_reqid = reqid;
 3824 
 3825         return m;
 3826 }
 3827 
 3828 /*
 3829  * set data into sadb_lifetime
 3830  */
 3831 static struct mbuf *
 3832 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
 3833         u_int16_t type;
 3834         u_int32_t alloc;
 3835         u_int64_t bytes, addtime, usetime;
 3836 {
 3837         struct mbuf *m;
 3838         struct sadb_lifetime *p;
 3839         size_t len;
 3840 
 3841         len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
 3842         m = key_alloc_mbuf(len);
 3843         if (!m || m->m_next) {  /*XXX*/
 3844                 if (m)
 3845                         m_freem(m);
 3846                 return NULL;
 3847         }
 3848 
 3849         p = mtod(m, struct sadb_lifetime *);
 3850 
 3851         bzero(p, len);
 3852         p->sadb_lifetime_len = PFKEY_UNIT64(len);
 3853         p->sadb_lifetime_exttype = type;
 3854         p->sadb_lifetime_allocations = alloc;
 3855         p->sadb_lifetime_bytes = bytes;
 3856         p->sadb_lifetime_addtime = addtime;
 3857         p->sadb_lifetime_usetime = usetime;
 3858 
 3859         return m;
 3860 }
 3861 
 3862 /*
 3863  * set data into sadb_x_policy
 3864  */
 3865 static struct mbuf *
 3866 key_setsadbxpolicy(type, dir, id)
 3867         u_int16_t type;
 3868         u_int8_t dir;
 3869         u_int32_t id;
 3870 {
 3871         struct mbuf *m;
 3872         struct sadb_x_policy *p;
 3873         size_t len;
 3874 
 3875         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3876         m = key_alloc_mbuf(len);
 3877         if (!m || m->m_next) {  /*XXX*/
 3878                 if (m)
 3879                         m_freem(m);
 3880                 return NULL;
 3881         }
 3882 
 3883         p = mtod(m, struct sadb_x_policy *);
 3884 
 3885         bzero(p, len);
 3886         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3887         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3888         p->sadb_x_policy_type = type;
 3889         p->sadb_x_policy_dir = dir;
 3890         p->sadb_x_policy_id = id;
 3891 
 3892         return m;
 3893 }
 3894 
 3895 /* %%% utilities */
 3896 /*
 3897  * copy a buffer into the new buffer allocated.
 3898  */
 3899 static void *
 3900 key_newbuf(src, len)
 3901         const void *src;
 3902         u_int len;
 3903 {
 3904         caddr_t new;
 3905 
 3906         KMALLOC(new, caddr_t, len);
 3907         if (new == NULL) {
 3908                 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
 3909                 return NULL;
 3910         }
 3911         bcopy(src, new, len);
 3912 
 3913         return new;
 3914 }
 3915 
 3916 /* compare my own address
 3917  * OUT: 1: true, i.e. my address.
 3918  *      0: false
 3919  */
 3920 static int
 3921 key_ismyaddr(sa)
 3922         struct sockaddr *sa;
 3923 {
 3924 #ifdef INET
 3925         struct sockaddr_in *sin;
 3926         struct in_ifaddr *ia;
 3927 #endif
 3928 
 3929         /* sanity check */
 3930         if (sa == NULL)
 3931                 panic("key_ismyaddr: NULL pointer is passed.");
 3932 
 3933         switch (sa->sa_family) {
 3934 #ifdef INET
 3935         case AF_INET:
 3936                 sin = (struct sockaddr_in *)sa;
 3937                 for (ia = in_ifaddrhead.tqh_first; ia;
 3938                      ia = ia->ia_link.tqe_next)
 3939                 {
 3940                         if (sin->sin_family == ia->ia_addr.sin_family &&
 3941                             sin->sin_len == ia->ia_addr.sin_len &&
 3942                             sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
 3943                         {
 3944                                 return 1;
 3945                         }
 3946                 }
 3947                 break;
 3948 #endif
 3949 #ifdef INET6
 3950         case AF_INET6:
 3951                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3952 #endif
 3953         }
 3954 
 3955         return 0;
 3956 }
 3957 
 3958 #ifdef INET6
 3959 /*
 3960  * compare my own address for IPv6.
 3961  * 1: ours
 3962  * 0: other
 3963  * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
 3964  */
 3965 #include <netinet6/in6_var.h>
 3966 
 3967 static int
 3968 key_ismyaddr6(sin6)
 3969         struct sockaddr_in6 *sin6;
 3970 {
 3971         struct in6_ifaddr *ia;
 3972         struct in6_multi *in6m;
 3973 
 3974         if (sa6_embedscope(sin6, 0) != 0)
 3975                 return 0;
 3976 
 3977         for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
 3978                 if (key_sockaddrcmp((struct sockaddr *)&sin6,
 3979                     (struct sockaddr *)&ia->ia_addr, 0) == 0)
 3980                         return 1;
 3981 
 3982                 /*
 3983                  * XXX Multicast
 3984                  * XXX why do we care about multlicast here while we don't care
 3985                  * about IPv4 multicast??
 3986                  */
 3987                 in6m = NULL;
 3988                 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
 3989                 if (in6m)
 3990                         return 1;
 3991         }
 3992 
 3993         /* loopback, just for safety */
 3994         if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
 3995                 return 1;
 3996 
 3997         return 0;
 3998 }
 3999 #endif /*INET6*/
 4000 
 4001 /*
 4002  * compare two secasindex structure.
 4003  * flag can specify to compare 2 saidxes.
 4004  * compare two secasindex structure without both mode and reqid.
 4005  * don't compare port.
 4006  * IN:  
 4007  *      saidx0: source, it can be in SAD.
 4008  *      saidx1: object.
 4009  * OUT: 
 4010  *      1 : equal
 4011  *      0 : not equal
 4012  */
 4013 static int
 4014 key_cmpsaidx(saidx0, saidx1, flag)
 4015         struct secasindex *saidx0, *saidx1;
 4016         int flag;
 4017 {
 4018         /* sanity */
 4019         if (saidx0 == NULL && saidx1 == NULL)
 4020                 return 1;
 4021 
 4022         if (saidx0 == NULL || saidx1 == NULL)
 4023                 return 0;
 4024 
 4025         if (saidx0->proto != saidx1->proto)
 4026                 return 0;
 4027 
 4028         if (flag == CMP_EXACTLY) {
 4029                 if (saidx0->mode != saidx1->mode)
 4030                         return 0;
 4031                 if (saidx0->reqid != saidx1->reqid)
 4032                         return 0;
 4033                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
 4034                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
 4035                         return 0;
 4036         } else {
 4037 
 4038                 /* CMP_MODE_REQID, CMP_HEAD */
 4039                 if (flag == CMP_MODE_REQID) {
 4040                         /*
 4041                          * If reqid of SPD is non-zero, unique SA is required.
 4042                          * The result must be of same reqid in this case.
 4043                          */
 4044                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 4045                                 return 0;
 4046                 }
 4047 
 4048                 if (flag == CMP_MODE_REQID) {
 4049                         if (saidx0->mode != IPSEC_MODE_ANY &&
 4050                             saidx0->mode != saidx1->mode)
 4051                                 return 0;
 4052                 }
 4053 
 4054                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
 4055                                 (struct sockaddr *)&saidx1->src, 0) != 0) {
 4056                         return 0;
 4057                 }
 4058                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
 4059                                 (struct sockaddr *)&saidx1->dst, 0) != 0) {
 4060                         return 0;
 4061                 }
 4062         }
 4063 
 4064         return 1;
 4065 }
 4066 
 4067 /*
 4068  * compare two secindex structure exactly.
 4069  * IN:
 4070  *      spidx0: source, it is often in SPD.
 4071  *      spidx1: object, it is often from PFKEY message.
 4072  * OUT:
 4073  *      1 : equal
 4074  *      0 : not equal
 4075  */
 4076 int
 4077 key_cmpspidx_exactly(spidx0, spidx1)
 4078         struct secpolicyindex *spidx0, *spidx1;
 4079 {
 4080         /* sanity */
 4081         if (spidx0 == NULL && spidx1 == NULL)
 4082                 return 1;
 4083 
 4084         if (spidx0 == NULL || spidx1 == NULL)
 4085                 return 0;
 4086 
 4087         if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
 4088             spidx0->ul_proto != spidx1->ul_proto)
 4089                 return 0;
 4090 
 4091         if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
 4092             (struct sockaddr *)&spidx1->src, 1) != 0) {
 4093                 return 0;
 4094         }
 4095         if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
 4096             (struct sockaddr *)&spidx1->dst, 1) != 0) {
 4097                 return 0;
 4098         }
 4099 
 4100         return 1;
 4101 }
 4102 
 4103 /*
 4104  * compare two secindex structure with mask.
 4105  * IN:
 4106  *      spidx0: source, it is often in SPD.
 4107  *      spidx1: object, it is often from IP header.
 4108  * OUT:
 4109  *      1 : equal
 4110  *      0 : not equal
 4111  */
 4112 int
 4113 key_cmpspidx_withmask(spidx0, spidx1)
 4114         struct secpolicyindex *spidx0, *spidx1;
 4115 {
 4116         /* sanity */
 4117         if (spidx0 == NULL && spidx1 == NULL)
 4118                 return 1;
 4119 
 4120         if (spidx0 == NULL || spidx1 == NULL)
 4121                 return 0;
 4122 
 4123         if (spidx0->src.ss_family != spidx1->src.ss_family ||
 4124             spidx0->dst.ss_family != spidx1->dst.ss_family ||
 4125             spidx0->src.ss_len != spidx1->src.ss_len ||
 4126             spidx0->dst.ss_len != spidx1->dst.ss_len)
 4127                 return 0;
 4128 
 4129         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4130         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
 4131             spidx0->ul_proto != spidx1->ul_proto)
 4132                 return 0;
 4133 
 4134         switch (spidx0->src.ss_family) {
 4135         case AF_INET:
 4136                 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
 4137                     satosin(&spidx0->src)->sin_port !=
 4138                     satosin(&spidx1->src)->sin_port)
 4139                         return 0;
 4140                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
 4141                     (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
 4142                         return 0;
 4143                 break;
 4144         case AF_INET6:
 4145                 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
 4146                     satosin6(&spidx0->src)->sin6_port !=
 4147                     satosin6(&spidx1->src)->sin6_port)
 4148                         return 0;
 4149                 /*
 4150                  * scope_id check. if sin6_scope_id is 0, we regard it
 4151                  * as a wildcard scope, which matches any scope zone ID. 
 4152                  */
 4153                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4154                     satosin6(&spidx1->src)->sin6_scope_id &&
 4155                     satosin6(&spidx0->src)->sin6_scope_id !=
 4156                     satosin6(&spidx1->src)->sin6_scope_id)
 4157                         return 0;
 4158                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
 4159                     (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
 4160                         return 0;
 4161                 break;
 4162         default:
 4163                 /* XXX */
 4164                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
 4165                         return 0;
 4166                 break;
 4167         }
 4168 
 4169         switch (spidx0->dst.ss_family) {
 4170         case AF_INET:
 4171                 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
 4172                     satosin(&spidx0->dst)->sin_port !=
 4173                     satosin(&spidx1->dst)->sin_port)
 4174                         return 0;
 4175                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
 4176                     (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
 4177                         return 0;
 4178                 break;
 4179         case AF_INET6:
 4180                 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
 4181                     satosin6(&spidx0->dst)->sin6_port !=
 4182                     satosin6(&spidx1->dst)->sin6_port)
 4183                         return 0;
 4184                 /*
 4185                  * scope_id check. if sin6_scope_id is 0, we regard it
 4186                  * as a wildcard scope, which matches any scope zone ID. 
 4187                  */
 4188                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4189                     satosin6(&spidx1->src)->sin6_scope_id &&
 4190                     satosin6(&spidx0->dst)->sin6_scope_id !=
 4191                     satosin6(&spidx1->dst)->sin6_scope_id)
 4192                         return 0;
 4193                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
 4194                     (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
 4195                         return 0;
 4196                 break;
 4197         default:
 4198                 /* XXX */
 4199                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
 4200                         return 0;
 4201                 break;
 4202         }
 4203 
 4204         /* XXX Do we check other field ?  e.g. flowinfo */
 4205 
 4206         return 1;
 4207 }
 4208 
 4209 /* returns 0 on match */
 4210 static int
 4211 key_sockaddrcmp(sa1, sa2, port)
 4212         struct sockaddr *sa1;
 4213         struct sockaddr *sa2;
 4214         int port;
 4215 {
 4216         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4217                 return 1;
 4218 
 4219         switch (sa1->sa_family) {
 4220         case AF_INET:
 4221                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4222                         return 1;
 4223                 if (satosin(sa1)->sin_addr.s_addr !=
 4224                     satosin(sa2)->sin_addr.s_addr) {
 4225                         return 1;
 4226                 }
 4227                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4228                         return 1;
 4229                 break;
 4230         case AF_INET6:
 4231                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4232                         return 1;       /*EINVAL*/
 4233                 if (satosin6(sa1)->sin6_scope_id !=
 4234                     satosin6(sa2)->sin6_scope_id) {
 4235                         return 1;
 4236                 }
 4237                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4238                     &satosin6(sa2)->sin6_addr)) {
 4239                         return 1;
 4240                 }
 4241                 if (port &&
 4242                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4243                         return 1;
 4244                 }
 4245                 break;
 4246         default:
 4247                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4248                         return 1;
 4249                 break;
 4250         }
 4251 
 4252         return 0;
 4253 }
 4254 
 4255 /*
 4256  * compare two buffers with mask.
 4257  * IN:
 4258  *      addr1: source
 4259  *      addr2: object
 4260  *      bits:  Number of bits to compare
 4261  * OUT:
 4262  *      1 : equal
 4263  *      0 : not equal
 4264  */
 4265 static int
 4266 key_bbcmp(p1, p2, bits)
 4267         caddr_t p1, p2;
 4268         u_int bits;
 4269 {
 4270         u_int8_t mask;
 4271 
 4272         /* XXX: This could be considerably faster if we compare a word
 4273          * at a time, but it is complicated on LSB Endian machines */
 4274 
 4275         /* Handle null pointers */
 4276         if (p1 == NULL || p2 == NULL)
 4277                 return (p1 == p2);
 4278 
 4279         while (bits >= 8) {
 4280                 if (*p1++ != *p2++)
 4281                         return 0;
 4282                 bits -= 8;
 4283         }
 4284 
 4285         if (bits > 0) {
 4286                 mask = ~((1<<(8-bits))-1);
 4287                 if ((*p1 & mask) != (*p2 & mask))
 4288                         return 0;
 4289         }
 4290         return 1;       /* Match! */
 4291 }
 4292 
 4293 /*
 4294  * time handler.
 4295  * scanning SPD and SAD to check status for each entries,
 4296  * and do to remove or to expire.
 4297  * XXX: year 2038 problem may remain.
 4298  */
 4299 void
 4300 key_timehandler(arg)
 4301         void *arg;
 4302 {
 4303         u_int dir;
 4304         int s;
 4305         struct timeval tv;
 4306 
 4307         microtime(&tv);
 4308 
 4309         s = splnet();   /*called from softclock()*/
 4310 
 4311         /* SPD */
 4312     {
 4313         struct secpolicy *sp, *nextsp;
 4314 
 4315         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4316                 for (sp = LIST_FIRST(&sptree[dir]);
 4317                      sp != NULL;
 4318                      sp = nextsp) {
 4319                         nextsp = LIST_NEXT(sp, chain);
 4320 
 4321                         if (sp->state == IPSEC_SPSTATE_DEAD) {
 4322                                 key_sp_unlink(sp);      /*XXX*/
 4323                                 sp = NULL;
 4324                                 continue;
 4325                         }
 4326 
 4327                         if (sp->lifetime == 0 && sp->validtime == 0)
 4328                                 continue;
 4329 
 4330                         /* the deletion will occur next time */
 4331                         if ((sp->lifetime &&
 4332                              tv.tv_sec - sp->created > sp->lifetime) ||
 4333                             (sp->validtime &&
 4334                              tv.tv_sec - sp->lastused > sp->validtime)) {
 4335                                 key_sp_dead(sp);
 4336                                 key_spdexpire(sp);
 4337                                 continue;
 4338                         }
 4339                 }
 4340         }
 4341 
 4342         /* invalidate all cached SPD pointers on pcb */
 4343         ipsec_invalpcbcacheall();
 4344     }
 4345 
 4346         /* SAD */
 4347     {
 4348         struct secashead *sah, *nextsah;
 4349         struct secasvar *sav, *nextsav;
 4350 
 4351         for (sah = LIST_FIRST(&sahtree);
 4352              sah != NULL;
 4353              sah = nextsah) {
 4354 
 4355                 nextsah = LIST_NEXT(sah, chain);
 4356 
 4357                 /* if sah has been dead, then delete it and process next sah. */
 4358                 if (sah->state == SADB_SASTATE_DEAD) {
 4359                         key_delsah(sah);
 4360                         continue;
 4361                 }
 4362 
 4363                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4364                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
 4365                      sav != NULL;
 4366                      sav = nextsav) {
 4367 
 4368                         nextsav = LIST_NEXT(sav, chain);
 4369 
 4370                         if (tv.tv_sec - sav->created > key_larval_lifetime) {
 4371                                 key_freesav(sav);
 4372                         }
 4373                 }
 4374 
 4375                 /*
 4376                  * check MATURE entry to start to send expire message
 4377                  * whether or not.
 4378                  */
 4379                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
 4380                      sav != NULL;
 4381                      sav = nextsav) {
 4382 
 4383                         nextsav = LIST_NEXT(sav, chain);
 4384 
 4385                         /* we don't need to check. */
 4386                         if (sav->lft_s == NULL)
 4387                                 continue;
 4388 
 4389                         /* sanity check */
 4390                         if (sav->lft_c == NULL) {
 4391                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4392                                         "There is no CURRENT time, why?\n"));
 4393                                 continue;
 4394                         }
 4395 
 4396                         /* check SOFT lifetime */
 4397                         if (sav->lft_s->sadb_lifetime_addtime != 0 &&
 4398                             tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4399                                 /*
 4400                                  * check the SA if it has been used.
 4401                                  * when it hasn't been used, delete it.
 4402                                  * i don't think such SA will be used.
 4403                                  */
 4404                                 if (sav->lft_c->sadb_lifetime_usetime == 0) {
 4405                                         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4406                                         key_freesav(sav);
 4407                                         sav = NULL;
 4408                                 } else {
 4409                                         key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4410                                         /*
 4411                                          * XXX If we keep to send expire
 4412                                          * message in the status of
 4413                                          * DYING. Do remove below code.
 4414                                          */
 4415                                         key_expire(sav);
 4416                                 }
 4417                         }
 4418 
 4419                         /* check SOFT lifetime by bytes */
 4420                         /*
 4421                          * XXX I don't know the way to delete this SA
 4422                          * when new SA is installed.  Caution when it's
 4423                          * installed too big lifetime by time.
 4424                          */
 4425                         else if (sav->lft_s->sadb_lifetime_bytes != 0
 4426                               && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4427 
 4428                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4429                                 /*
 4430                                  * XXX If we keep to send expire
 4431                                  * message in the status of
 4432                                  * DYING. Do remove below code.
 4433                                  */
 4434                                 key_expire(sav);
 4435                         }
 4436                 }
 4437 
 4438                 /* check DYING entry to change status to DEAD. */
 4439                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
 4440                      sav != NULL;
 4441                      sav = nextsav) {
 4442 
 4443                         nextsav = LIST_NEXT(sav, chain);
 4444 
 4445                         /* we don't need to check. */
 4446                         if (sav->lft_h == NULL)
 4447                                 continue;
 4448 
 4449                         /* sanity check */
 4450                         if (sav->lft_c == NULL) {
 4451                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4452                                         "There is no CURRENT time, why?\n"));
 4453                                 continue;
 4454                         }
 4455 
 4456                         if (sav->lft_h->sadb_lifetime_addtime != 0 &&
 4457                             tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
 4458                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4459                                 key_freesav(sav);
 4460                                 sav = NULL;
 4461                         }
 4462 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4463                         else if (sav->lft_s != NULL
 4464                               && sav->lft_s->sadb_lifetime_addtime != 0
 4465                               && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4466                                 /*
 4467                                  * XXX: should be checked to be
 4468                                  * installed the valid SA.
 4469                                  */
 4470 
 4471                                 /*
 4472                                  * If there is no SA then sending
 4473                                  * expire message.
 4474                                  */
 4475                                 key_expire(sav);
 4476                         }
 4477 #endif
 4478                         /* check HARD lifetime by bytes */
 4479                         else if (sav->lft_h->sadb_lifetime_bytes != 0
 4480                               && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4481                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4482                                 key_freesav(sav);
 4483                                 sav = NULL;
 4484                         }
 4485                 }
 4486 
 4487                 /* delete entry in DEAD */
 4488                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
 4489                      sav != NULL;
 4490                      sav = nextsav) {
 4491 
 4492                         nextsav = LIST_NEXT(sav, chain);
 4493 
 4494                         /* sanity check */
 4495                         if (sav->state != SADB_SASTATE_DEAD) {
 4496                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4497                                         "invalid sav->state "
 4498                                         "(queue: %u SA: %u): "
 4499                                         "kill it anyway\n",
 4500                                         SADB_SASTATE_DEAD, sav->state));
 4501                         }
 4502 
 4503                         /*
 4504                          * do not call key_freesav() here.
 4505                          * sav should already be freed, and sav->refcnt
 4506                          * shows other references to sav
 4507                          * (such as from SPD).
 4508                          */
 4509                 }
 4510         }
 4511     }
 4512 
 4513 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4514         /* ACQ tree */
 4515     {
 4516         struct secacq *acq, *nextacq;
 4517 
 4518         for (acq = LIST_FIRST(&acqtree);
 4519              acq != NULL;
 4520              acq = nextacq) {
 4521 
 4522                 nextacq = LIST_NEXT(acq, chain);
 4523 
 4524                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4525                     __LIST_CHAINED(acq)) {
 4526                         LIST_REMOVE(acq, chain);
 4527                         KFREE(acq);
 4528                 }
 4529         }
 4530     }
 4531 #endif
 4532 
 4533         /* SP ACQ tree */
 4534     {
 4535         struct secspacq *acq, *nextacq;
 4536 
 4537         for (acq = LIST_FIRST(&spacqtree);
 4538              acq != NULL;
 4539              acq = nextacq) {
 4540 
 4541                 nextacq = LIST_NEXT(acq, chain);
 4542 
 4543                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4544                     __LIST_CHAINED(acq)) {
 4545                         LIST_REMOVE(acq, chain);
 4546                         KFREE(acq);
 4547                 }
 4548         }
 4549     }
 4550 
 4551         /*
 4552          * should set timeout based on the most closest timer expiration.
 4553          * we don't bother to do that yet.
 4554          */
 4555         callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
 4556 
 4557         splx(s);
 4558         return;
 4559 }
 4560 
 4561 static u_long
 4562 key_random()
 4563 {
 4564         u_long value;
 4565 
 4566         key_randomfill(&value, sizeof(value));
 4567         return value;
 4568 }
 4569 
 4570 void
 4571 key_randomfill(p, l)
 4572         void *p;
 4573         size_t l;
 4574 {
 4575         size_t n;
 4576         u_long v;
 4577         static int warn = 1;
 4578 
 4579         n = 0;
 4580         n = (size_t)read_random(p, (u_int)l);
 4581         /* last resort */
 4582         while (n < l) {
 4583                 v = random();
 4584                 bcopy(&v, (u_int8_t *)p + n,
 4585                     l - n < sizeof(v) ? l - n : sizeof(v));
 4586                 n += sizeof(v);
 4587 
 4588                 if (warn) {
 4589                         printf("WARNING: pseudo-random number generator "
 4590                             "used for IPsec processing\n");
 4591                         warn = 0;
 4592                 }
 4593         }
 4594 }
 4595 
 4596 /*
 4597  * map SADB_SATYPE_* to IPPROTO_*.
 4598  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4599  * OUT:
 4600  *      0: invalid satype.
 4601  */
 4602 static u_int16_t
 4603 key_satype2proto(satype)
 4604         u_int8_t satype;
 4605 {
 4606         switch (satype) {
 4607         case SADB_SATYPE_UNSPEC:
 4608                 return IPSEC_PROTO_ANY;
 4609         case SADB_SATYPE_AH:
 4610                 return IPPROTO_AH;
 4611         case SADB_SATYPE_ESP:
 4612                 return IPPROTO_ESP;
 4613         case SADB_X_SATYPE_IPCOMP:
 4614                 return IPPROTO_IPCOMP;
 4615         case SADB_X_SATYPE_TCPSIGNATURE:
 4616                 return IPPROTO_TCP;
 4617         default:
 4618                 return 0;
 4619         }
 4620         /* NOTREACHED */
 4621 }
 4622 
 4623 /*
 4624  * map IPPROTO_* to SADB_SATYPE_*
 4625  * OUT:
 4626  *      0: invalid protocol type.
 4627  */
 4628 static u_int8_t
 4629 key_proto2satype(proto)
 4630         u_int16_t proto;
 4631 {
 4632         switch (proto) {
 4633         case IPPROTO_AH:
 4634                 return SADB_SATYPE_AH;
 4635         case IPPROTO_ESP:
 4636                 return SADB_SATYPE_ESP;
 4637         case IPPROTO_IPCOMP:
 4638                 return SADB_X_SATYPE_IPCOMP;
 4639         case IPPROTO_TCP:
 4640                 return SADB_X_SATYPE_TCPSIGNATURE;
 4641         default:
 4642                 return 0;
 4643         }
 4644         /* NOTREACHED */
 4645 }
 4646 
 4647 /* %%% PF_KEY */
 4648 /*
 4649  * SADB_GETSPI processing is to receive
 4650  *      <base, (SA2), src address, dst address, (SPI range)>
 4651  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4652  * tree with the status of LARVAL, and send
 4653  *      <base, SA(*), address(SD)>
 4654  * to the IKMPd.
 4655  *
 4656  * IN:  mhp: pointer to the pointer to each header.
 4657  * OUT: NULL if fail.
 4658  *      other if success, return pointer to the message to send.
 4659  */
 4660 static int
 4661 key_getspi(so, m, mhp)
 4662         struct socket *so;
 4663         struct mbuf *m;
 4664         const struct sadb_msghdr *mhp;
 4665 {
 4666         struct sadb_address *src0, *dst0;
 4667         struct secasindex saidx;
 4668         struct secashead *newsah;
 4669         struct secasvar *newsav;
 4670         u_int8_t proto;
 4671         u_int32_t spi;
 4672         u_int8_t mode;
 4673         u_int32_t reqid;
 4674         int error;
 4675 
 4676         /* sanity check */
 4677         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4678                 panic("key_getspi: NULL pointer is passed.");
 4679 
 4680         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4681             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4682                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4683                 return key_senderror(so, m, EINVAL);
 4684         }
 4685         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4686             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4687                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4688                 return key_senderror(so, m, EINVAL);
 4689         }
 4690         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4691                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4692                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4693         } else {
 4694                 mode = IPSEC_MODE_ANY;
 4695                 reqid = 0;
 4696         }
 4697 
 4698         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4699         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4700 
 4701         /* map satype to proto */
 4702         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4703                 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
 4704                 return key_senderror(so, m, EINVAL);
 4705         }
 4706 
 4707         /* make sure if port number is zero. */
 4708         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4709         case AF_INET:
 4710                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4711                     sizeof(struct sockaddr_in))
 4712                         return key_senderror(so, m, EINVAL);
 4713                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4714                 break;
 4715         case AF_INET6:
 4716                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4717                     sizeof(struct sockaddr_in6))
 4718                         return key_senderror(so, m, EINVAL);
 4719                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4720                 break;
 4721         default:
 4722                 ; /*???*/
 4723         }
 4724         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4725         case AF_INET:
 4726                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4727                     sizeof(struct sockaddr_in))
 4728                         return key_senderror(so, m, EINVAL);
 4729                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4730                 break;
 4731         case AF_INET6:
 4732                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4733                     sizeof(struct sockaddr_in6))
 4734                         return key_senderror(so, m, EINVAL);
 4735                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4736                 break;
 4737         default:
 4738                 ; /*???*/
 4739         }
 4740 
 4741         /* XXX boundary check against sa_len */
 4742         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4743 
 4744         /* SPI allocation */
 4745         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4746                                &saidx);
 4747         if (spi == 0)
 4748                 return key_senderror(so, m, EINVAL);
 4749 
 4750         /* get a SA index */
 4751         if ((newsah = key_getsah(&saidx)) == NULL) {
 4752                 /* create a new SA index */
 4753                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4754                         ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
 4755                         return key_senderror(so, m, ENOBUFS);
 4756                 }
 4757         }
 4758 
 4759         /* get a new SA */
 4760         /* XXX rewrite */
 4761         newsav = key_newsav(m, mhp, newsah, &error);
 4762         if (newsav == NULL) {
 4763                 /* XXX don't free new SA index allocated in above. */
 4764                 return key_senderror(so, m, error);
 4765         }
 4766 
 4767         /* set spi */
 4768         key_setspi(newsav, htonl(spi));
 4769 
 4770 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4771         /* delete the entry in acqtree */
 4772         if (mhp->msg->sadb_msg_seq != 0) {
 4773                 struct secacq *acq;
 4774                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4775                         /* reset counter in order to deletion by timehandler. */
 4776                         acq->created = time_second;
 4777                         acq->count = 0;
 4778                 }
 4779         }
 4780 #endif
 4781 
 4782     {
 4783         struct mbuf *n, *nn;
 4784         struct sadb_sa *m_sa;
 4785         struct sadb_msg *newmsg;
 4786         int off, len;
 4787 
 4788         /* create new sadb_msg to reply. */
 4789         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4790             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4791         if (len > MCLBYTES)
 4792                 return key_senderror(so, m, ENOBUFS);
 4793 
 4794         MGETHDR(n, M_DONTWAIT, MT_DATA);
 4795         if (len > MHLEN) {
 4796                 MCLGET(n, M_DONTWAIT);
 4797                 if ((n->m_flags & M_EXT) == 0) {
 4798                         m_freem(n);
 4799                         n = NULL;
 4800                 }
 4801         }
 4802         if (!n)
 4803                 return key_senderror(so, m, ENOBUFS);
 4804 
 4805         n->m_len = len;
 4806         n->m_next = NULL;
 4807         off = 0;
 4808 
 4809         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4810         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4811 
 4812         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4813         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4814         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4815         m_sa->sadb_sa_spi = htonl(spi);
 4816         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4817 
 4818 #ifdef DIAGNOSTIC
 4819         if (off != len)
 4820                 panic("length inconsistency in key_getspi");
 4821 #endif
 4822 
 4823         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4824             SADB_EXT_ADDRESS_DST);
 4825         if (!n->m_next) {
 4826                 m_freem(n);
 4827                 return key_senderror(so, m, ENOBUFS);
 4828         }
 4829 
 4830         if (n->m_len < sizeof(struct sadb_msg)) {
 4831                 n = m_pullup(n, sizeof(struct sadb_msg));
 4832                 if (n == NULL)
 4833                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4834         }
 4835 
 4836         n->m_pkthdr.len = 0;
 4837         for (nn = n; nn; nn = nn->m_next)
 4838                 n->m_pkthdr.len += nn->m_len;
 4839 
 4840         newmsg = mtod(n, struct sadb_msg *);
 4841         newmsg->sadb_msg_seq = newsav->seq;
 4842         newmsg->sadb_msg_errno = 0;
 4843         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4844 
 4845         m_freem(m);
 4846         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4847     }
 4848 }
 4849 
 4850 /*
 4851  * allocating new SPI
 4852  * called by key_getspi().
 4853  * OUT:
 4854  *      0:      failure.
 4855  *      others: success.
 4856  */
 4857 static u_int32_t
 4858 key_do_getnewspi(spirange, saidx)
 4859         struct sadb_spirange *spirange;
 4860         struct secasindex *saidx;
 4861 {
 4862         u_int32_t newspi;
 4863         u_int32_t min, max;
 4864         int count = key_spi_trycnt;
 4865 
 4866         /* set spi range to allocate */
 4867         if (spirange != NULL) {
 4868                 min = spirange->sadb_spirange_min;
 4869                 max = spirange->sadb_spirange_max;
 4870         } else {
 4871                 min = key_spi_minval;
 4872                 max = key_spi_maxval;
 4873         }
 4874         /* IPCOMP needs 2-byte SPI */
 4875         if (saidx->proto == IPPROTO_IPCOMP) {
 4876                 u_int32_t t;
 4877                 if (min >= 0x10000)
 4878                         min = 0xffff;
 4879                 if (max >= 0x10000)
 4880                         max = 0xffff;
 4881                 if (min > max) {
 4882                         t = min; min = max; max = t;
 4883                 }
 4884         }
 4885 
 4886         if (min == max) {
 4887                 if (key_checkspidup(saidx, min) != NULL) {
 4888                         ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
 4889                         return 0;
 4890                 }
 4891 
 4892                 count--; /* taking one cost. */
 4893                 newspi = min;
 4894 
 4895         } else {
 4896 
 4897                 /* init SPI */
 4898                 newspi = 0;
 4899 
 4900                 /* when requesting to allocate spi ranged */
 4901                 while (count--) {
 4902                         /* generate pseudo-random SPI value ranged. */
 4903                         newspi = min + (key_random() % (max - min + 1));
 4904 
 4905                         if (key_checkspidup(saidx, newspi) == NULL)
 4906                                 break;
 4907                 }
 4908 
 4909                 if (count == 0 || newspi == 0) {
 4910                         ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
 4911                         return 0;
 4912                 }
 4913         }
 4914 
 4915         /* statistics */
 4916         keystat.getspi_count =
 4917                 (keystat.getspi_count + key_spi_trycnt - count) / 2;
 4918 
 4919         return newspi;
 4920 }
 4921 
 4922 /*
 4923  * SADB_UPDATE processing
 4924  * receive
 4925  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4926  *       key(AE), (identity(SD),) (sensitivity)>
 4927  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4928  * and send
 4929  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4930  *       (identity(SD),) (sensitivity)>
 4931  * to the ikmpd.
 4932  *
 4933  * m will always be freed.
 4934  */
 4935 static int
 4936 key_update(so, m, mhp)
 4937         struct socket *so;
 4938         struct mbuf *m;
 4939         const struct sadb_msghdr *mhp;
 4940 {
 4941         struct sadb_sa *sa0;
 4942         struct sadb_address *src0, *dst0;
 4943         struct secasindex saidx;
 4944         struct secashead *sah;
 4945         struct secasvar *sav;
 4946         u_int16_t proto;
 4947         u_int8_t mode;
 4948         u_int32_t reqid;
 4949         int error;
 4950 
 4951         /* sanity check */
 4952         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4953                 panic("key_update: NULL pointer is passed.");
 4954 
 4955         /* map satype to proto */
 4956         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4957                 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
 4958                 return key_senderror(so, m, EINVAL);
 4959         }
 4960 
 4961         if (mhp->ext[SADB_EXT_SA] == NULL ||
 4962             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4963             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 4964             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 4965              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 4966             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 4967              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 4968             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 4969              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 4970             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 4971              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 4972                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4973                 return key_senderror(so, m, EINVAL);
 4974         }
 4975         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 4976             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4977             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4978                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4979                 return key_senderror(so, m, EINVAL);
 4980         }
 4981         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4982                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4983                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4984         } else {
 4985                 mode = IPSEC_MODE_ANY;
 4986                 reqid = 0;
 4987         }
 4988         /* XXX boundary checking for other extensions */
 4989 
 4990         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 4991         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4992         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4993 
 4994         /* XXX boundary check against sa_len */
 4995         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4996 
 4997         /* get a SA header */
 4998         if ((sah = key_getsah(&saidx)) == NULL) {
 4999                 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
 5000                 return key_senderror(so, m, ENOENT);
 5001         }
 5002 
 5003         /* set spidx if there */
 5004         /* XXX rewrite */
 5005         error = key_setident(sah, m, mhp);
 5006         if (error)
 5007                 return key_senderror(so, m, error);
 5008 
 5009         /* find a SA with sequence number. */
 5010 #ifdef IPSEC_DOSEQCHECK
 5011         if (mhp->msg->sadb_msg_seq != 0 &&
 5012             (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 5013                 ipseclog((LOG_DEBUG,
 5014                     "key_update: no larval SA with sequence %u exists.\n",
 5015                     mhp->msg->sadb_msg_seq));
 5016                 return key_senderror(so, m, ENOENT);
 5017         }
 5018 #else
 5019         if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
 5020                 ipseclog((LOG_DEBUG,
 5021                     "key_update: no such a SA found (spi:%u)\n",
 5022                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5023                 return key_senderror(so, m, EINVAL);
 5024         }
 5025 #endif
 5026 
 5027         /* validity check */
 5028         if (sav->sah->saidx.proto != proto) {
 5029                 ipseclog((LOG_DEBUG,
 5030                     "key_update: protocol mismatched (DB=%u param=%u)\n",
 5031                     sav->sah->saidx.proto, proto));
 5032                 return key_senderror(so, m, EINVAL);
 5033         }
 5034 #ifdef IPSEC_DOSEQCHECK
 5035         if (sav->spi != sa0->sadb_sa_spi) {
 5036                 ipseclog((LOG_DEBUG,
 5037                     "key_update: SPI mismatched (DB:%u param:%u)\n",
 5038                     (u_int32_t)ntohl(sav->spi),
 5039                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5040                 return key_senderror(so, m, EINVAL);
 5041         }
 5042 #endif
 5043         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5044                 ipseclog((LOG_DEBUG,
 5045                     "key_update: pid mismatched (DB:%u param:%u)\n",
 5046                     sav->pid, mhp->msg->sadb_msg_pid));
 5047                 return key_senderror(so, m, EINVAL);
 5048         }
 5049 
 5050         /* copy sav values */
 5051         error = key_setsaval(sav, m, mhp);
 5052         if (error) {
 5053                 key_freesav(sav);
 5054                 return key_senderror(so, m, error);
 5055         }
 5056 
 5057         /* check SA values to be mature. */
 5058         if ((error = key_mature(sav)) != 0) {
 5059                 key_freesav(sav);
 5060                 return key_senderror(so, m, error);
 5061         }
 5062 
 5063     {
 5064         struct mbuf *n;
 5065 
 5066         /* set msg buf from mhp */
 5067         n = key_getmsgbuf_x1(m, mhp);
 5068         if (n == NULL) {
 5069                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5070                 return key_senderror(so, m, ENOBUFS);
 5071         }
 5072 
 5073         m_freem(m);
 5074         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5075     }
 5076 }
 5077 
 5078 /*
 5079  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5080  * only called by key_update().
 5081  * OUT:
 5082  *      NULL    : not found
 5083  *      others  : found, pointer to a SA.
 5084  */
 5085 #ifdef IPSEC_DOSEQCHECK
 5086 static struct secasvar *
 5087 key_getsavbyseq(sah, seq)
 5088         struct secashead *sah;
 5089         u_int32_t seq;
 5090 {
 5091         struct secasvar *sav;
 5092         u_int state;
 5093 
 5094         state = SADB_SASTATE_LARVAL;
 5095 
 5096         /* search SAD with sequence number ? */
 5097         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5098 
 5099                 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
 5100 
 5101                 if (sav->seq == seq) {
 5102                         sav->refcnt++;
 5103                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5104                                 printf("DP key_getsavbyseq cause "
 5105                                         "refcnt++:%d SA:%p\n",
 5106                                         sav->refcnt, sav));
 5107                         return sav;
 5108                 }
 5109         }
 5110 
 5111         return NULL;
 5112 }
 5113 #endif
 5114 
 5115 /*
 5116  * SADB_ADD processing
 5117  * add an entry to SA database, when received
 5118  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5119  *       key(AE), (identity(SD),) (sensitivity)>
 5120  * from the ikmpd,
 5121  * and send
 5122  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5123  *       (identity(SD),) (sensitivity)>
 5124  * to the ikmpd.
 5125  *
 5126  * IGNORE identity and sensitivity messages.
 5127  *
 5128  * m will always be freed.
 5129  */
 5130 static int
 5131 key_add(so, m, mhp)
 5132         struct socket *so;
 5133         struct mbuf *m;
 5134         const struct sadb_msghdr *mhp;
 5135 {
 5136         struct sadb_sa *sa0;
 5137         struct sadb_address *src0, *dst0;
 5138         struct secasindex saidx;
 5139         struct secashead *newsah;
 5140         struct secasvar *newsav;
 5141         u_int16_t proto;
 5142         u_int8_t mode;
 5143         u_int32_t reqid;
 5144         int error;
 5145 
 5146         /* sanity check */
 5147         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5148                 panic("key_add: NULL pointer is passed.");
 5149 
 5150         /* map satype to proto */
 5151         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5152                 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
 5153                 return key_senderror(so, m, EINVAL);
 5154         }
 5155 
 5156         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5157             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5158             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5159             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5160              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5161             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5162              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5163             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5164              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5165             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5166              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5167                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5168                 return key_senderror(so, m, EINVAL);
 5169         }
 5170         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5171             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5172             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5173                 /* XXX need more */
 5174                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5175                 return key_senderror(so, m, EINVAL);
 5176         }
 5177         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5178                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5179                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5180         } else {
 5181                 mode = IPSEC_MODE_ANY;
 5182                 reqid = 0;
 5183         }
 5184 
 5185         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5186         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5187         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5188 
 5189         /* XXX boundary check against sa_len */
 5190         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5191 
 5192         /* get a SA header */
 5193         if ((newsah = key_getsah(&saidx)) == NULL) {
 5194                 /* create a new SA header */
 5195                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5196                         ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
 5197                         return key_senderror(so, m, ENOBUFS);
 5198                 }
 5199         }
 5200 
 5201         /* set spidx if there */
 5202         /* XXX rewrite */
 5203         error = key_setident(newsah, m, mhp);
 5204         if (error) {
 5205                 return key_senderror(so, m, error);
 5206         }
 5207 
 5208         /* create new SA entry. */
 5209         /* We can create new SA only if SPI is differenct. */
 5210         if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
 5211                 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
 5212                 return key_senderror(so, m, EEXIST);
 5213         }
 5214         newsav = key_newsav(m, mhp, newsah, &error);
 5215         if (newsav == NULL) {
 5216                 return key_senderror(so, m, error);
 5217         }
 5218 
 5219         /* check SA values to be mature. */
 5220         if ((error = key_mature(newsav)) != 0) {
 5221                 key_freesav(newsav);
 5222                 return key_senderror(so, m, error);
 5223         }
 5224 
 5225         /*
 5226          * don't call key_freesav() here, as we would like to keep the SA
 5227          * in the database on success.
 5228          */
 5229 
 5230     {
 5231         struct mbuf *n;
 5232 
 5233         /* set msg buf from mhp */
 5234         n = key_getmsgbuf_x1(m, mhp);
 5235         if (n == NULL) {
 5236                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5237                 return key_senderror(so, m, ENOBUFS);
 5238         }
 5239 
 5240         m_freem(m);
 5241         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5242     }
 5243 }
 5244 
 5245 /* m is retained */
 5246 static int
 5247 key_setident(sah, m, mhp)
 5248         struct secashead *sah;
 5249         struct mbuf *m;
 5250         const struct sadb_msghdr *mhp;
 5251 {
 5252         const struct sadb_ident *idsrc, *iddst;
 5253         int idsrclen, iddstlen;
 5254 
 5255         /* sanity check */
 5256         if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5257                 panic("key_setident: NULL pointer is passed.");
 5258 
 5259         /* don't make buffer if not there */
 5260         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5261             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5262                 sah->idents = NULL;
 5263                 sah->identd = NULL;
 5264                 return 0;
 5265         }
 5266         
 5267         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5268             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5269                 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
 5270                 return EINVAL;
 5271         }
 5272 
 5273         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5274         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5275         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5276         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5277 
 5278         /* validity check */
 5279         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5280                 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
 5281                 return EINVAL;
 5282         }
 5283 
 5284         switch (idsrc->sadb_ident_type) {
 5285         case SADB_IDENTTYPE_PREFIX:
 5286         case SADB_IDENTTYPE_FQDN:
 5287         case SADB_IDENTTYPE_USERFQDN:
 5288         default:
 5289                 /* XXX do nothing */
 5290                 sah->idents = NULL;
 5291                 sah->identd = NULL;
 5292                 return 0;
 5293         }
 5294 
 5295         /* make structure */
 5296         KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
 5297         if (sah->idents == NULL) {
 5298                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5299                 return ENOBUFS;
 5300         }
 5301         KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
 5302         if (sah->identd == NULL) {
 5303                 KFREE(sah->idents);
 5304                 sah->idents = NULL;
 5305                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5306                 return ENOBUFS;
 5307         }
 5308         bcopy(idsrc, sah->idents, idsrclen);
 5309         bcopy(iddst, sah->identd, iddstlen);
 5310 
 5311         return 0;
 5312 }
 5313 
 5314 /*
 5315  * m will not be freed on return.
 5316  * it is caller's responsibility to free the result. 
 5317  */
 5318 static struct mbuf *
 5319 key_getmsgbuf_x1(m, mhp)
 5320         struct mbuf *m;
 5321         const struct sadb_msghdr *mhp;
 5322 {
 5323         struct mbuf *n;
 5324 
 5325         /* sanity check */
 5326         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 5327                 panic("key_getmsgbuf_x1: NULL pointer is passed.");
 5328 
 5329         /* create new sadb_msg to reply. */
 5330         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5331             SADB_EXT_SA, SADB_X_EXT_SA2,
 5332             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5333             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5334             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5335         if (!n)
 5336                 return NULL;
 5337 
 5338         if (n->m_len < sizeof(struct sadb_msg)) {
 5339                 n = m_pullup(n, sizeof(struct sadb_msg));
 5340                 if (n == NULL)
 5341                         return NULL;
 5342         }
 5343         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5344         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5345             PFKEY_UNIT64(n->m_pkthdr.len);
 5346 
 5347         return n;
 5348 }
 5349 
 5350 static int key_delete_all(struct socket *, struct mbuf *,
 5351         const struct sadb_msghdr *, u_int16_t);
 5352 
 5353 /*
 5354  * SADB_DELETE processing
 5355  * receive
 5356  *   <base, SA(*), address(SD)>
 5357  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5358  * and send,
 5359  *   <base, SA(*), address(SD)>
 5360  * to the ikmpd.
 5361  *
 5362  * m will always be freed.
 5363  */
 5364 static int
 5365 key_delete(so, m, mhp)
 5366         struct socket *so;
 5367         struct mbuf *m;
 5368         const struct sadb_msghdr *mhp;
 5369 {
 5370         struct sadb_sa *sa0;
 5371         struct sadb_address *src0, *dst0;
 5372         struct secasindex saidx;
 5373         struct secashead *sah;
 5374         struct secasvar *sav = NULL;
 5375         u_int16_t proto;
 5376 
 5377         /* sanity check */
 5378         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5379                 panic("key_delete: NULL pointer is passed.");
 5380 
 5381         /* map satype to proto */
 5382         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5383                 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
 5384                 return key_senderror(so, m, EINVAL);
 5385         }
 5386 
 5387         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5388             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5389                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5390                 return key_senderror(so, m, EINVAL);
 5391         }
 5392 
 5393         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5394             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5395                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5396                 return key_senderror(so, m, EINVAL);
 5397         }
 5398 
 5399         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5400                 /*
 5401                  * Caller wants us to delete all non-LARVAL SAs
 5402                  * that match the src/dst.  This is used during
 5403                  * IKE INITIAL-CONTACT.
 5404                  */
 5405                 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
 5406                 return key_delete_all(so, m, mhp, proto);
 5407         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5408                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5409                 return key_senderror(so, m, EINVAL);
 5410         }
 5411 
 5412         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5413         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5414         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5415 
 5416         /* XXX boundary check against sa_len */
 5417         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5418 
 5419         /* get a SA header */
 5420         LIST_FOREACH(sah, &sahtree, chain) {
 5421                 if (sah->state == SADB_SASTATE_DEAD)
 5422                         continue;
 5423                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5424                         continue;
 5425 
 5426                 /* get a SA with SPI. */
 5427                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5428                 if (sav)
 5429                         break;
 5430         }
 5431         if (sah == NULL) {
 5432                 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
 5433                 return key_senderror(so, m, ENOENT);
 5434         }
 5435 
 5436         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5437         key_freesav(sav);
 5438         sav = NULL;
 5439 
 5440     {
 5441         struct mbuf *n;
 5442         struct sadb_msg *newmsg;
 5443 
 5444         /* create new sadb_msg to reply. */
 5445         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5446             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5447         if (!n)
 5448                 return key_senderror(so, m, ENOBUFS);
 5449 
 5450         if (n->m_len < sizeof(struct sadb_msg)) {
 5451                 n = m_pullup(n, sizeof(struct sadb_msg));
 5452                 if (n == NULL)
 5453                         return key_senderror(so, m, ENOBUFS);
 5454         }
 5455         newmsg = mtod(n, struct sadb_msg *);
 5456         newmsg->sadb_msg_errno = 0;
 5457         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5458 
 5459         m_freem(m);
 5460         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5461     }
 5462 }
 5463 
 5464 /*
 5465  * delete all SAs for src/dst.  Called from key_delete().
 5466  */
 5467 static int
 5468 key_delete_all(so, m, mhp, proto)
 5469         struct socket *so;
 5470         struct mbuf *m;
 5471         const struct sadb_msghdr *mhp;
 5472         u_int16_t proto;
 5473 {
 5474         struct sadb_address *src0, *dst0;
 5475         struct secasindex saidx;
 5476         struct secashead *sah;
 5477         struct secasvar *sav, *nextsav;
 5478         u_int stateidx, state;
 5479 
 5480         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5481         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5482 
 5483         /* XXX boundary check against sa_len */
 5484         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5485 
 5486         LIST_FOREACH(sah, &sahtree, chain) {
 5487                 if (sah->state == SADB_SASTATE_DEAD)
 5488                         continue;
 5489                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5490                         continue;
 5491 
 5492                 /* Delete all non-LARVAL SAs. */
 5493                 for (stateidx = 0;
 5494                      stateidx < _ARRAYLEN(saorder_state_alive);
 5495                      stateidx++) {
 5496                         state = saorder_state_alive[stateidx];
 5497                         if (state == SADB_SASTATE_LARVAL)
 5498                                 continue;
 5499                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5500                              sav != NULL; sav = nextsav) {
 5501                                 nextsav = LIST_NEXT(sav, chain);
 5502                                 /* sanity check */
 5503                                 if (sav->state != state) {
 5504                                         ipseclog((LOG_DEBUG, "key_delete_all: "
 5505                                                "invalid sav->state "
 5506                                                "(queue: %u SA: %u)\n",
 5507                                                state, sav->state));
 5508                                         continue;
 5509                                 }
 5510                                 
 5511                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5512                                 key_freesav(sav);
 5513                         }
 5514                 }
 5515         }
 5516     {
 5517         struct mbuf *n;
 5518         struct sadb_msg *newmsg;
 5519 
 5520         /* create new sadb_msg to reply. */
 5521         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5522             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5523         if (!n)
 5524                 return key_senderror(so, m, ENOBUFS);
 5525 
 5526         if (n->m_len < sizeof(struct sadb_msg)) {
 5527                 n = m_pullup(n, sizeof(struct sadb_msg));
 5528                 if (n == NULL)
 5529                         return key_senderror(so, m, ENOBUFS);
 5530         }
 5531         newmsg = mtod(n, struct sadb_msg *);
 5532         newmsg->sadb_msg_errno = 0;
 5533         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5534 
 5535         m_freem(m);
 5536         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5537     }
 5538 }
 5539 
 5540 /*
 5541  * SADB_GET processing
 5542  * receive
 5543  *   <base, SA(*), address(SD)>
 5544  * from the ikmpd, and get a SP and a SA to respond,
 5545  * and send,
 5546  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5547  *       (identity(SD),) (sensitivity)>
 5548  * to the ikmpd.
 5549  *
 5550  * m will always be freed.
 5551  */
 5552 static int
 5553 key_get(so, m, mhp)
 5554         struct socket *so;
 5555         struct mbuf *m;
 5556         const struct sadb_msghdr *mhp;
 5557 {
 5558         struct sadb_sa *sa0;
 5559         struct sadb_address *src0, *dst0;
 5560         struct secasindex saidx;
 5561         struct secashead *sah;
 5562         struct secasvar *sav = NULL;
 5563         u_int16_t proto;
 5564 
 5565         /* sanity check */
 5566         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5567                 panic("key_get: NULL pointer is passed.");
 5568 
 5569         /* map satype to proto */
 5570         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5571                 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
 5572                 return key_senderror(so, m, EINVAL);
 5573         }
 5574 
 5575         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5576             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5577             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5578                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5579                 return key_senderror(so, m, EINVAL);
 5580         }
 5581         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5582             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5583             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5584                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5585                 return key_senderror(so, m, EINVAL);
 5586         }
 5587 
 5588         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5589         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5590         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5591 
 5592         /* XXX boundary check against sa_len */
 5593         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5594 
 5595         /* get a SA header */
 5596         LIST_FOREACH(sah, &sahtree, chain) {
 5597                 if (sah->state == SADB_SASTATE_DEAD)
 5598                         continue;
 5599                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5600                         continue;
 5601 
 5602                 /* get a SA with SPI. */
 5603                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5604                 if (sav)
 5605                         break;
 5606         }
 5607         if (sah == NULL) {
 5608                 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
 5609                 return key_senderror(so, m, ENOENT);
 5610         }
 5611 
 5612     {
 5613         struct mbuf *n;
 5614         u_int8_t satype;
 5615 
 5616         /* map proto to satype */
 5617         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5618                 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
 5619                 return key_senderror(so, m, EINVAL);
 5620         }
 5621 
 5622         /* create new sadb_msg to reply. */
 5623         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5624             mhp->msg->sadb_msg_pid);
 5625         if (!n)
 5626                 return key_senderror(so, m, ENOBUFS);
 5627 
 5628         m_freem(m);
 5629         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5630     }
 5631 }
 5632 
 5633 /* XXX make it sysctl-configurable? */
 5634 static void
 5635 key_getcomb_setlifetime(comb)
 5636         struct sadb_comb *comb;
 5637 {
 5638 
 5639         comb->sadb_comb_soft_allocations = 1;
 5640         comb->sadb_comb_hard_allocations = 1;
 5641         comb->sadb_comb_soft_bytes = 0;
 5642         comb->sadb_comb_hard_bytes = 0;
 5643         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5644         comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
 5645         comb->sadb_comb_hard_usetime = 28800;   /* 8 hours */
 5646         comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5647 }
 5648 
 5649 #ifdef IPSEC_ESP
 5650 /*
 5651  * XXX reorder combinations by preference
 5652  * XXX no idea if the user wants ESP authentication or not
 5653  */
 5654 static struct mbuf *
 5655 key_getcomb_esp()
 5656 {
 5657         struct sadb_comb *comb;
 5658         const struct esp_algorithm *algo;
 5659         struct mbuf *result = NULL, *m, *n;
 5660         int encmin;
 5661         int i, off, o;
 5662         int totlen;
 5663         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5664 
 5665         m = NULL;
 5666         for (i = 1; i <= SADB_EALG_MAX; i++) {
 5667                 algo = esp_algorithm_lookup(i);
 5668                 if (!algo)
 5669                         continue;
 5670 
 5671                 if (algo->keymax < ipsec_esp_keymin)
 5672                         continue;
 5673                 if (algo->keymin < ipsec_esp_keymin)
 5674                         encmin = ipsec_esp_keymin;
 5675                 else
 5676                         encmin = algo->keymin;
 5677 
 5678                 if (ipsec_esp_auth)
 5679                         m = key_getcomb_ah();
 5680                 else {
 5681 #ifdef DIAGNOSTIC
 5682                         if (l > MLEN)
 5683                                 panic("assumption failed in key_getcomb_esp");
 5684 #endif
 5685                         MGET(m, M_DONTWAIT, MT_DATA);
 5686                         if (m) {
 5687                                 M_ALIGN(m, l);
 5688                                 m->m_len = l;
 5689                                 m->m_next = NULL;
 5690                                 bzero(mtod(m, caddr_t), m->m_len);
 5691                         }
 5692                 }
 5693                 if (!m)
 5694                         goto fail;
 5695 
 5696                 totlen = 0;
 5697                 for (n = m; n; n = n->m_next)
 5698                         totlen += n->m_len;
 5699 #ifdef DIAGNOSTIC
 5700                 if (totlen % l)
 5701                         panic("assumption failed in key_getcomb_esp");
 5702 #endif
 5703 
 5704                 for (off = 0; off < totlen; off += l) {
 5705                         n = m_pulldown(m, off, l, &o);
 5706                         if (!n) {
 5707                                 /* m is already freed */
 5708                                 goto fail;
 5709                         }
 5710                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 5711                         bzero(comb, sizeof(*comb));
 5712                         key_getcomb_setlifetime(comb);
 5713                         comb->sadb_comb_encrypt = i;
 5714                         comb->sadb_comb_encrypt_minbits = encmin;
 5715                         comb->sadb_comb_encrypt_maxbits = algo->keymax;
 5716                 }
 5717 
 5718                 if (!result)
 5719                         result = m;
 5720                 else
 5721                         m_cat(result, m);
 5722         }
 5723 
 5724         return result;
 5725 
 5726  fail:
 5727         if (result)
 5728                 m_freem(result);
 5729         return NULL;
 5730 }
 5731 #endif
 5732 
 5733 /*
 5734  * XXX reorder combinations by preference
 5735  */
 5736 static struct mbuf *
 5737 key_getcomb_ah()
 5738 {
 5739         struct sadb_comb *comb;
 5740         const struct ah_algorithm *algo;
 5741         struct mbuf *m;
 5742         int min;
 5743         int i;
 5744         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5745 
 5746         m = NULL;
 5747         for (i = 1; i <= SADB_AALG_MAX; i++) {
 5748 #if 1
 5749                 /* we prefer HMAC algorithms, not old algorithms */
 5750                 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
 5751                         continue;
 5752 #endif
 5753                 algo = ah_algorithm_lookup(i);
 5754                 if (!algo)
 5755                         continue;
 5756 
 5757                 if (algo->keymax < ipsec_ah_keymin)
 5758                         continue;
 5759                 if (algo->keymin < ipsec_ah_keymin)
 5760                         min = ipsec_ah_keymin;
 5761                 else
 5762                         min = algo->keymin;
 5763 
 5764                 if (!m) {
 5765 #ifdef DIAGNOSTIC
 5766                         if (l > MLEN)
 5767                                 panic("assumption failed in key_getcomb_ah");
 5768 #endif
 5769                         MGET(m, M_DONTWAIT, MT_DATA);
 5770                         if (m) {
 5771                                 M_ALIGN(m, l);
 5772                                 m->m_len = l;
 5773                                 m->m_next = NULL;
 5774                         }
 5775                 } else
 5776                         M_PREPEND(m, l, M_DONTWAIT);
 5777                 if (!m)
 5778                         return NULL;
 5779 
 5780                 comb = mtod(m, struct sadb_comb *);
 5781                 bzero(comb, sizeof(*comb));
 5782                 key_getcomb_setlifetime(comb);
 5783                 comb->sadb_comb_auth = i;
 5784                 comb->sadb_comb_auth_minbits = min;
 5785                 comb->sadb_comb_auth_maxbits = algo->keymax;
 5786         }
 5787 
 5788         return m;
 5789 }
 5790 
 5791 /*
 5792  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 5793  * XXX reorder combinations by preference
 5794  */
 5795 static struct mbuf *
 5796 key_getcomb_ipcomp()
 5797 {
 5798         struct sadb_comb *comb;
 5799         const struct ipcomp_algorithm *algo;
 5800         struct mbuf *m;
 5801         int i;
 5802         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5803 
 5804         m = NULL;
 5805         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 5806                 algo = ipcomp_algorithm_lookup(i);
 5807                 if (!algo)
 5808                         continue;
 5809 
 5810                 if (!m) {
 5811 #ifdef DIAGNOSTIC
 5812                         if (l > MLEN)
 5813                                 panic("assumption failed in key_getcomb_ipcomp");
 5814 #endif
 5815                         MGET(m, M_DONTWAIT, MT_DATA);
 5816                         if (m) {
 5817                                 M_ALIGN(m, l);
 5818                                 m->m_len = l;
 5819                                 m->m_next = NULL;
 5820                         }
 5821                 } else
 5822                         M_PREPEND(m, l, M_DONTWAIT);
 5823                 if (!m)
 5824                         return NULL;
 5825 
 5826                 comb = mtod(m, struct sadb_comb *);
 5827                 bzero(comb, sizeof(*comb));
 5828                 key_getcomb_setlifetime(comb);
 5829                 comb->sadb_comb_encrypt = i;
 5830                 /* what should we set into sadb_comb_*_{min,max}bits? */
 5831         }
 5832 
 5833         return m;
 5834 }
 5835 
 5836 /*
 5837  * XXX no way to pass mode (transport/tunnel) to userland
 5838  * XXX replay checking?
 5839  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 5840  */
 5841 static struct mbuf *
 5842 key_getprop(saidx)
 5843         const struct secasindex *saidx;
 5844 {
 5845         struct sadb_prop *prop;
 5846         struct mbuf *m, *n;
 5847         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 5848         int totlen;
 5849 
 5850         switch (saidx->proto)  {
 5851 #ifdef IPSEC_ESP
 5852         case IPPROTO_ESP:
 5853                 m = key_getcomb_esp();
 5854                 break;
 5855 #endif
 5856         case IPPROTO_AH:
 5857                 m = key_getcomb_ah();
 5858                 break;
 5859         case IPPROTO_IPCOMP:
 5860                 m = key_getcomb_ipcomp();
 5861                 break;
 5862         default:
 5863                 return NULL;
 5864         }
 5865 
 5866         if (!m)
 5867                 return NULL;
 5868         M_PREPEND(m, l, M_DONTWAIT);
 5869         if (!m)
 5870                 return NULL;
 5871 
 5872         totlen = 0;
 5873         for (n = m; n; n = n->m_next)
 5874                 totlen += n->m_len;
 5875 
 5876         prop = mtod(m, struct sadb_prop *);
 5877         bzero(prop, sizeof(*prop));
 5878         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 5879         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 5880         prop->sadb_prop_replay = 32;    /* XXX */
 5881 
 5882         return m;
 5883 }
 5884 
 5885 /*
 5886  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 5887  * send
 5888  *   <base, SA, address(SD), (address(P)), x_policy,
 5889  *       (identity(SD),) (sensitivity,) proposal>
 5890  * to KMD, and expect to receive
 5891  *   <base> with SADB_ACQUIRE if error occured,
 5892  * or
 5893  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 5894  * from KMD by PF_KEY.
 5895  *
 5896  * XXX x_policy is outside of RFC2367 (KAME extension).
 5897  * XXX sensitivity is not supported.
 5898  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 5899  * see comment for key_getcomb_ipcomp().
 5900  *
 5901  * OUT:
 5902  *    0     : succeed
 5903  *    others: error number
 5904  */
 5905 static int
 5906 key_acquire(saidx, sp)
 5907         struct secasindex *saidx;
 5908         struct secpolicy *sp;
 5909 {
 5910         struct mbuf *result = NULL, *m;
 5911 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5912         struct secacq *newacq;
 5913 #endif
 5914         u_int8_t satype;
 5915         int error = -1;
 5916         u_int32_t seq;
 5917 
 5918         /* sanity check */
 5919         if (saidx == NULL)
 5920                 panic("key_acquire: NULL pointer is passed.");
 5921         if ((satype = key_proto2satype(saidx->proto)) == 0)
 5922                 panic("key_acquire: invalid proto is passed.");
 5923 
 5924 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5925         /*
 5926          * We never do anything about acquirng SA.  There is anather
 5927          * solution that kernel blocks to send SADB_ACQUIRE message until
 5928          * getting something message from IKEd.  In later case, to be
 5929          * managed with ACQUIRING list.
 5930          */
 5931         /* get an entry to check whether sending message or not. */
 5932         if ((newacq = key_getacq(saidx)) != NULL) {
 5933                 if (key_blockacq_count < newacq->count) {
 5934                         /* reset counter and do send message. */
 5935                         newacq->count = 0;
 5936                 } else {
 5937                         /* increment counter and do nothing. */
 5938                         newacq->count++;
 5939                         return 0;
 5940                 }
 5941         } else {
 5942                 /* make new entry for blocking to send SADB_ACQUIRE. */
 5943                 if ((newacq = key_newacq(saidx)) == NULL)
 5944                         return ENOBUFS;
 5945 
 5946                 /* add to acqtree */
 5947                 LIST_INSERT_HEAD(&acqtree, newacq, chain);
 5948         }
 5949 #endif
 5950 
 5951 
 5952 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5953         seq = newacq->seq;
 5954 #else
 5955         seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 5956 #endif
 5957         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 5958         if (!m) {
 5959                 error = ENOBUFS;
 5960                 goto fail;
 5961         }
 5962         result = m;
 5963 
 5964         /* set sadb_address for saidx's. */
 5965         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 5966             (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
 5967         if (!m) {
 5968                 error = ENOBUFS;
 5969                 goto fail;
 5970         }
 5971         m_cat(result, m);
 5972 
 5973         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 5974             (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
 5975         if (!m) {
 5976                 error = ENOBUFS;
 5977                 goto fail;
 5978         }
 5979         m_cat(result, m);
 5980 
 5981         /* XXX proxy address (optional) */
 5982 
 5983         /* set sadb_x_policy */
 5984         if (sp) {
 5985                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 5986                 if (!m) {
 5987                         error = ENOBUFS;
 5988                         goto fail;
 5989                 }
 5990                 m_cat(result, m);
 5991         }
 5992 
 5993         /* XXX identity (optional) */
 5994 #if 0
 5995         if (idexttype && fqdn) {
 5996                 /* create identity extension (FQDN) */
 5997                 struct sadb_ident *id;
 5998                 int fqdnlen;
 5999 
 6000                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 6001                 id = (struct sadb_ident *)p;
 6002                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6003                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6004                 id->sadb_ident_exttype = idexttype;
 6005                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6006                 bcopy(fqdn, id + 1, fqdnlen);
 6007                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6008         }
 6009 
 6010         if (idexttype) {
 6011                 /* create identity extension (USERFQDN) */
 6012                 struct sadb_ident *id;
 6013                 int userfqdnlen;
 6014 
 6015                 if (userfqdn) {
 6016                         /* +1 for terminating-NUL */
 6017                         userfqdnlen = strlen(userfqdn) + 1;
 6018                 } else
 6019                         userfqdnlen = 0;
 6020                 id = (struct sadb_ident *)p;
 6021                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6022                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6023                 id->sadb_ident_exttype = idexttype;
 6024                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6025                 /* XXX is it correct? */
 6026                 if (curproc && curproc->p_cred)
 6027                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6028                 if (userfqdn && userfqdnlen)
 6029                         bcopy(userfqdn, id + 1, userfqdnlen);
 6030                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6031         }
 6032 #endif
 6033 
 6034         /* XXX sensitivity (optional) */
 6035 
 6036         /* create proposal/combination extension */
 6037         m = key_getprop(saidx);
 6038 #if 0
 6039         /*
 6040          * spec conformant: always attach proposal/combination extension,
 6041          * the problem is that we have no way to attach it for ipcomp,
 6042          * due to the way sadb_comb is declared in RFC2367.
 6043          */
 6044         if (!m) {
 6045                 error = ENOBUFS;
 6046                 goto fail;
 6047         }
 6048         m_cat(result, m);
 6049 #else
 6050         /*
 6051          * outside of spec; make proposal/combination extension optional.
 6052          */
 6053         if (m)
 6054                 m_cat(result, m);
 6055 #endif
 6056 
 6057         if ((result->m_flags & M_PKTHDR) == 0) {
 6058                 error = EINVAL;
 6059                 goto fail;
 6060         }
 6061 
 6062         if (result->m_len < sizeof(struct sadb_msg)) {
 6063                 result = m_pullup(result, sizeof(struct sadb_msg));
 6064                 if (result == NULL) {
 6065                         error = ENOBUFS;
 6066                         goto fail;
 6067                 }
 6068         }
 6069 
 6070         result->m_pkthdr.len = 0;
 6071         for (m = result; m; m = m->m_next)
 6072                 result->m_pkthdr.len += m->m_len;
 6073 
 6074         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6075             PFKEY_UNIT64(result->m_pkthdr.len);
 6076 
 6077         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6078 
 6079  fail:
 6080         if (result)
 6081                 m_freem(result);
 6082         return error;
 6083 }
 6084 
 6085 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6086 static struct secacq *
 6087 key_newacq(saidx)
 6088         struct secasindex *saidx;
 6089 {
 6090         struct secacq *newacq;
 6091 
 6092         /* get new entry */
 6093         KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
 6094         if (newacq == NULL) {
 6095                 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
 6096                 return NULL;
 6097         }
 6098         bzero(newacq, sizeof(*newacq));
 6099 
 6100         /* copy secindex */
 6101         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6102         newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
 6103         newacq->created = time_second;
 6104         newacq->count = 0;
 6105 
 6106         return newacq;
 6107 }
 6108 
 6109 static struct secacq *
 6110 key_getacq(saidx)
 6111         struct secasindex *saidx;
 6112 {
 6113         struct secacq *acq;
 6114 
 6115         LIST_FOREACH(acq, &acqtree, chain) {
 6116                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6117                         return acq;
 6118         }
 6119 
 6120         return NULL;
 6121 }
 6122 
 6123 static struct secacq *
 6124 key_getacqbyseq(seq)
 6125         u_int32_t seq;
 6126 {
 6127         struct secacq *acq;
 6128 
 6129         LIST_FOREACH(acq, &acqtree, chain) {
 6130                 if (acq->seq == seq)
 6131                         return acq;
 6132         }
 6133 
 6134         return NULL;
 6135 }
 6136 #endif
 6137 
 6138 static struct secspacq *
 6139 key_newspacq(spidx)
 6140         struct secpolicyindex *spidx;
 6141 {
 6142         struct secspacq *acq;
 6143 
 6144         if (!spidx)
 6145                 return NULL;
 6146 
 6147         /* get new entry */
 6148         KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
 6149         if (acq == NULL) {
 6150                 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
 6151                 return NULL;
 6152         }
 6153         bzero(acq, sizeof(*acq));
 6154 
 6155         /* copy secindex */
 6156         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6157         acq->created = time_second;
 6158         acq->count = 1;
 6159 
 6160         return acq;
 6161 }
 6162 
 6163 static struct secspacq *
 6164 key_getspacq(spidx)
 6165         struct secpolicyindex *spidx;
 6166 {
 6167         struct secspacq *acq;
 6168 
 6169         if (!spidx)
 6170                 return NULL;
 6171 
 6172         LIST_FOREACH(acq, &spacqtree, chain) {
 6173                 if (key_cmpspidx_exactly(spidx, &acq->spidx))
 6174                         return acq;
 6175         }
 6176 
 6177         return NULL;
 6178 }
 6179 
 6180 /*
 6181  * SADB_ACQUIRE processing,
 6182  * in first situation, is receiving
 6183  *   <base>
 6184  * from the ikmpd, and clear sequence of its secasvar entry.
 6185  *
 6186  * In second situation, is receiving
 6187  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6188  * from a user land process, and return
 6189  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6190  * to the socket.
 6191  *
 6192  * m will always be freed.
 6193  */
 6194 static int
 6195 key_acquire2(so, m, mhp)
 6196         struct socket *so;
 6197         struct mbuf *m;
 6198         const struct sadb_msghdr *mhp;
 6199 {
 6200         struct sadb_address *src0, *dst0;
 6201         struct secasindex saidx;
 6202         struct secashead *sah;
 6203         u_int16_t proto;
 6204         int error;
 6205 
 6206         /* sanity check */
 6207         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6208                 panic("key_acquire2: NULL pointer is passed.");
 6209 
 6210         /*
 6211          * Error message from KMd.
 6212          * We assume that if error was occured in IKEd, the length of PFKEY
 6213          * message is equal to the size of sadb_msg structure.
 6214          * We do not raise error even if error occured in this function.
 6215          */
 6216         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6217 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6218                 struct secacq *acq;
 6219 
 6220                 /* check sequence number */
 6221                 if (mhp->msg->sadb_msg_seq == 0) {
 6222                         ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
 6223                         m_freem(m);
 6224                         return 0;
 6225                 }
 6226 
 6227                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6228                         /*
 6229                          * the specified larval SA is already gone, or we got
 6230                          * a bogus sequence number.  we can silently ignore it.
 6231                          */
 6232                         m_freem(m);
 6233                         return 0;
 6234                 }
 6235 
 6236                 /* reset acq counter in order to deletion by timehander. */
 6237                 acq->created = time_second;
 6238                 acq->count = 0;
 6239 #endif
 6240                 m_freem(m);
 6241                 return 0;
 6242         }
 6243 
 6244         /*
 6245          * This message is from user land.
 6246          */
 6247 
 6248         /* map satype to proto */
 6249         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6250                 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
 6251                 return key_senderror(so, m, EINVAL);
 6252         }
 6253 
 6254         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6255             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6256             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6257                 /* error */
 6258                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6259                 return key_senderror(so, m, EINVAL);
 6260         }
 6261         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6262             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6263             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6264                 /* error */
 6265                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6266                 return key_senderror(so, m, EINVAL);
 6267         }
 6268 
 6269         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6270         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6271 
 6272         /* XXX boundary check against sa_len */
 6273         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6274 
 6275         /* get a SA index */
 6276         LIST_FOREACH(sah, &sahtree, chain) {
 6277                 if (sah->state == SADB_SASTATE_DEAD)
 6278                         continue;
 6279                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6280                         break;
 6281         }
 6282         if (sah != NULL) {
 6283                 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
 6284                 return key_senderror(so, m, EEXIST);
 6285         }
 6286 
 6287         error = key_acquire(&saidx, NULL);
 6288         if (error != 0) {
 6289                 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
 6290                         "from key_acquire.\n", mhp->msg->sadb_msg_errno));
 6291                 return key_senderror(so, m, error);
 6292         }
 6293 
 6294         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6295 }
 6296 
 6297 /*
 6298  * SADB_REGISTER processing.
 6299  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6300  * receive
 6301  *   <base>
 6302  * from the ikmpd, and register a socket to send PF_KEY messages,
 6303  * and send
 6304  *   <base, supported>
 6305  * to KMD by PF_KEY.
 6306  * If socket is detached, must free from regnode.
 6307  *
 6308  * m will always be freed.
 6309  */
 6310 static int
 6311 key_register(so, m, mhp)
 6312         struct socket *so;
 6313         struct mbuf *m;
 6314         const struct sadb_msghdr *mhp;
 6315 {
 6316         struct secreg *reg, *newreg = 0;
 6317 
 6318         /* sanity check */
 6319         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6320                 panic("key_register: NULL pointer is passed.");
 6321 
 6322         /* check for invalid register message */
 6323         if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
 6324                 return key_senderror(so, m, EINVAL);
 6325 
 6326         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6327         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6328                 goto setmsg;
 6329 
 6330         /* check whether existing or not */
 6331         LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
 6332                 if (reg->so == so) {
 6333                         ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
 6334                         return key_senderror(so, m, EEXIST);
 6335                 }
 6336         }
 6337 
 6338         /* create regnode */
 6339         KMALLOC(newreg, struct secreg *, sizeof(*newreg));
 6340         if (newreg == NULL) {
 6341                 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
 6342                 return key_senderror(so, m, ENOBUFS);
 6343         }
 6344         bzero((caddr_t)newreg, sizeof(*newreg));
 6345 
 6346         newreg->so = so;
 6347         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6348 
 6349         /* add regnode to regtree. */
 6350         LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6351 
 6352   setmsg:
 6353     {
 6354         struct mbuf *n;
 6355         struct sadb_msg *newmsg;
 6356         struct sadb_supported *sup;
 6357         u_int len, alen, elen;
 6358         int off;
 6359         int i;
 6360         struct sadb_alg *alg;
 6361 
 6362         /* create new sadb_msg to reply. */
 6363         alen = 0;
 6364         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6365                 if (ah_algorithm_lookup(i))
 6366                         alen += sizeof(struct sadb_alg);
 6367         }
 6368         if (alen)
 6369                 alen += sizeof(struct sadb_supported);
 6370         elen = 0;
 6371 #ifdef IPSEC_ESP
 6372         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6373                 if (esp_algorithm_lookup(i))
 6374                         elen += sizeof(struct sadb_alg);
 6375         }
 6376         if (elen)
 6377                 elen += sizeof(struct sadb_supported);
 6378 #endif
 6379 
 6380         len = sizeof(struct sadb_msg) + alen + elen;
 6381 
 6382         if (len > MCLBYTES)
 6383                 return key_senderror(so, m, ENOBUFS);
 6384 
 6385         MGETHDR(n, M_DONTWAIT, MT_DATA);
 6386         if (len > MHLEN) {
 6387                 MCLGET(n, M_DONTWAIT);
 6388                 if ((n->m_flags & M_EXT) == 0) {
 6389                         m_freem(n);
 6390                         n = NULL;
 6391                 }
 6392         }
 6393         if (!n)
 6394                 return key_senderror(so, m, ENOBUFS);
 6395 
 6396         n->m_pkthdr.len = n->m_len = len;
 6397         n->m_next = NULL;
 6398         off = 0;
 6399 
 6400         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6401         newmsg = mtod(n, struct sadb_msg *);
 6402         newmsg->sadb_msg_errno = 0;
 6403         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6404         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6405 
 6406         /* for authentication algorithm */
 6407         if (alen) {
 6408                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6409                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6410                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6411                 off += PFKEY_ALIGN8(sizeof(*sup));
 6412 
 6413                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6414                         const struct ah_algorithm *aalgo;
 6415 
 6416                         aalgo = ah_algorithm_lookup(i);
 6417                         if (!aalgo)
 6418                                 continue;
 6419                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6420                         alg->sadb_alg_id = i;
 6421                         alg->sadb_alg_ivlen = 0;
 6422                         alg->sadb_alg_minbits = aalgo->keymin;
 6423                         alg->sadb_alg_maxbits = aalgo->keymax;
 6424                         off += PFKEY_ALIGN8(sizeof(*alg));
 6425                 }
 6426         }
 6427 
 6428 #ifdef IPSEC_ESP
 6429         /* for encryption algorithm */
 6430         if (elen) {
 6431                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6432                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6433                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6434                 off += PFKEY_ALIGN8(sizeof(*sup));
 6435 
 6436                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6437                         const struct esp_algorithm *ealgo;
 6438 
 6439                         ealgo = esp_algorithm_lookup(i);
 6440                         if (!ealgo)
 6441                                 continue;
 6442                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6443                         alg->sadb_alg_id = i;
 6444                         if (ealgo && ealgo->ivlen) {
 6445                                 /*
 6446                                  * give NULL to get the value preferred by
 6447                                  * algorithm XXX SADB_X_EXT_DERIV ?
 6448                                  */
 6449                                 alg->sadb_alg_ivlen =
 6450                                     (*ealgo->ivlen)(ealgo, NULL);
 6451                         } else
 6452                                 alg->sadb_alg_ivlen = 0;
 6453                         alg->sadb_alg_minbits = ealgo->keymin;
 6454                         alg->sadb_alg_maxbits = ealgo->keymax;
 6455                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6456                 }
 6457         }
 6458 #endif
 6459 
 6460 #ifdef DIGAGNOSTIC
 6461         if (off != len)
 6462                 panic("length assumption failed in key_register");
 6463 #endif
 6464 
 6465         m_freem(m);
 6466         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6467     }
 6468 }
 6469 
 6470 /*
 6471  * free secreg entry registered.
 6472  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6473  */
 6474 void
 6475 key_freereg(so)
 6476         struct socket *so;
 6477 {
 6478         struct secreg *reg;
 6479         int i;
 6480 
 6481         /* sanity check */
 6482         if (so == NULL)
 6483                 panic("key_freereg: NULL pointer is passed.");
 6484 
 6485         /*
 6486          * check whether existing or not.
 6487          * check all type of SA, because there is a potential that
 6488          * one socket is registered to multiple type of SA.
 6489          */
 6490         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6491                 LIST_FOREACH(reg, &regtree[i], chain) {
 6492                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6493                                 LIST_REMOVE(reg, chain);
 6494                                 KFREE(reg);
 6495                                 break;
 6496                         }
 6497                 }
 6498         }
 6499         
 6500         return;
 6501 }
 6502 
 6503 /*
 6504  * SADB_EXPIRE processing
 6505  * send
 6506  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6507  * to KMD by PF_KEY.
 6508  * NOTE: We send only soft lifetime extension.
 6509  *
 6510  * OUT: 0       : succeed
 6511  *      others  : error number
 6512  */
 6513 static int
 6514 key_expire(sav)
 6515         struct secasvar *sav;
 6516 {
 6517         int s;
 6518         int satype;
 6519         struct mbuf *result = NULL, *m;
 6520         int len;
 6521         int error = -1;
 6522         struct sadb_lifetime *lt;
 6523 
 6524         /* XXX: Why do we lock ? */
 6525         s = splnet();   /*called from softclock()*/
 6526 
 6527         /* sanity check */
 6528         if (sav == NULL)
 6529                 panic("key_expire: NULL pointer is passed.");
 6530         if (sav->sah == NULL)
 6531                 panic("key_expire: Why was SA index in SA NULL.");
 6532         if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
 6533                 panic("key_expire: invalid proto is passed.");
 6534 
 6535         /* set msg header */
 6536         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6537         if (!m) {
 6538                 error = ENOBUFS;
 6539                 goto fail;
 6540         }
 6541         result = m;
 6542 
 6543         /* create SA extension */
 6544         m = key_setsadbsa(sav);
 6545         if (!m) {
 6546                 error = ENOBUFS;
 6547                 goto fail;
 6548         }
 6549         m_cat(result, m);
 6550 
 6551         /* create SA extension */
 6552         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6553             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 6554             sav->sah->saidx.reqid);
 6555         if (!m) {
 6556                 error = ENOBUFS;
 6557                 goto fail;
 6558         }
 6559         m_cat(result, m);
 6560 
 6561         /* create lifetime extension (current and soft) */
 6562         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6563         m = key_alloc_mbuf(len);
 6564         if (!m || m->m_next) {  /*XXX*/
 6565                 if (m)
 6566                         m_freem(m);
 6567                 error = ENOBUFS;
 6568                 goto fail;
 6569         }
 6570         bzero(mtod(m, caddr_t), len);
 6571         lt = mtod(m, struct sadb_lifetime *);
 6572         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6573         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6574         lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
 6575         lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
 6576         lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
 6577         lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
 6578         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6579         bcopy(sav->lft_s, lt, sizeof(*lt));
 6580         m_cat(result, m);
 6581 
 6582         /* set sadb_address for source */
 6583         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6584             (struct sockaddr *)&sav->sah->saidx.src,
 6585             FULLMASK, IPSEC_ULPROTO_ANY);
 6586         if (!m) {
 6587                 error = ENOBUFS;
 6588                 goto fail;
 6589         }
 6590         m_cat(result, m);
 6591 
 6592         /* set sadb_address for destination */
 6593         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6594             (struct sockaddr *)&sav->sah->saidx.dst,
 6595             FULLMASK, IPSEC_ULPROTO_ANY);
 6596         if (!m) {
 6597                 error = ENOBUFS;
 6598                 goto fail;
 6599         }
 6600         m_cat(result, m);
 6601 
 6602         if ((result->m_flags & M_PKTHDR) == 0) {
 6603                 error = EINVAL;
 6604                 goto fail;
 6605         }
 6606 
 6607         if (result->m_len < sizeof(struct sadb_msg)) {
 6608                 result = m_pullup(result, sizeof(struct sadb_msg));
 6609                 if (result == NULL) {
 6610                         error = ENOBUFS;
 6611                         goto fail;
 6612                 }
 6613         }
 6614 
 6615         result->m_pkthdr.len = 0;
 6616         for (m = result; m; m = m->m_next)
 6617                 result->m_pkthdr.len += m->m_len;
 6618 
 6619         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6620             PFKEY_UNIT64(result->m_pkthdr.len);
 6621 
 6622         splx(s);
 6623         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6624 
 6625  fail:
 6626         if (result)
 6627                 m_freem(result);
 6628         splx(s);
 6629         return error;
 6630 }
 6631 
 6632 /*
 6633  * SADB_FLUSH processing
 6634  * receive
 6635  *   <base>
 6636  * from the ikmpd, and free all entries in secastree.
 6637  * and send,
 6638  *   <base>
 6639  * to the ikmpd.
 6640  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 6641  *
 6642  * m will always be freed.
 6643  */
 6644 static int
 6645 key_flush(so, m, mhp)
 6646         struct socket *so;
 6647         struct mbuf *m;
 6648         const struct sadb_msghdr *mhp;
 6649 {
 6650         struct sadb_msg *newmsg;
 6651         struct secashead *sah, *nextsah;
 6652         struct secasvar *sav, *nextsav;
 6653         u_int16_t proto;
 6654         u_int8_t state;
 6655         u_int stateidx;
 6656 
 6657         /* sanity check */
 6658         if (so == NULL || mhp == NULL || mhp->msg == NULL)
 6659                 panic("key_flush: NULL pointer is passed.");
 6660 
 6661         /* map satype to proto */
 6662         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6663                 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
 6664                 return key_senderror(so, m, EINVAL);
 6665         }
 6666 
 6667         /* no SATYPE specified, i.e. flushing all SA. */
 6668         for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
 6669                 nextsah = LIST_NEXT(sah, chain);
 6670 
 6671                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6672                     proto != sah->saidx.proto)
 6673                         continue;
 6674 
 6675                 for (stateidx = 0;
 6676                      stateidx < _ARRAYLEN(saorder_state_alive);
 6677                      stateidx++) {
 6678                         state = saorder_state_any[stateidx];
 6679                         for (sav = LIST_FIRST(&sah->savtree[state]);
 6680                              sav != NULL;
 6681                              sav = nextsav) {
 6682 
 6683                                 nextsav = LIST_NEXT(sav, chain);
 6684 
 6685                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 6686                                 key_freesav(sav);
 6687                         }
 6688                 }
 6689 
 6690                 sah->state = SADB_SASTATE_DEAD;
 6691         }
 6692 
 6693         if (m->m_len < sizeof(struct sadb_msg) ||
 6694             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 6695                 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
 6696                 return key_senderror(so, m, ENOBUFS);
 6697         }
 6698 
 6699         if (m->m_next)
 6700                 m_freem(m->m_next);
 6701         m->m_next = NULL;
 6702         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 6703         newmsg = mtod(m, struct sadb_msg *);
 6704         newmsg->sadb_msg_errno = 0;
 6705         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 6706 
 6707         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6708 }
 6709 
 6710 /*
 6711  * SADB_DUMP processing
 6712  * dump all entries including status of DEAD in SAD.
 6713  * receive
 6714  *   <base>
 6715  * from the ikmpd, and dump all secasvar leaves
 6716  * and send,
 6717  *   <base> .....
 6718  * to the ikmpd.
 6719  *
 6720  * m will always be freed.
 6721  */
 6722 static int
 6723 key_dump(so, m, mhp)
 6724         struct socket *so;
 6725         struct mbuf *m;
 6726         const struct sadb_msghdr *mhp;
 6727 {
 6728         struct secashead *sah;
 6729         struct secasvar *sav;
 6730         u_int16_t proto;
 6731         u_int stateidx;
 6732         u_int8_t satype;
 6733         u_int8_t state;
 6734         int cnt;
 6735         struct mbuf *n;
 6736 
 6737         /* sanity check */
 6738         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6739                 panic("key_dump: NULL pointer is passed.");
 6740 
 6741         /* map satype to proto */
 6742         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6743                 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
 6744                 return key_senderror(so, m, EINVAL);
 6745         }
 6746 
 6747         /* count sav entries to be sent to the userland. */
 6748         cnt = 0;
 6749         LIST_FOREACH(sah, &sahtree, chain) {
 6750                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6751                     proto != sah->saidx.proto)
 6752                         continue;
 6753 
 6754                 for (stateidx = 0;
 6755                      stateidx < _ARRAYLEN(saorder_state_any);
 6756                      stateidx++) {
 6757                         state = saorder_state_any[stateidx];
 6758                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6759                                 cnt++;
 6760                         }
 6761                 }
 6762         }
 6763 
 6764         if (cnt == 0)
 6765                 return key_senderror(so, m, ENOENT);
 6766 
 6767         /* send this to the userland, one at a time. */
 6768         LIST_FOREACH(sah, &sahtree, chain) {
 6769                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6770                     proto != sah->saidx.proto)
 6771                         continue;
 6772 
 6773                 /* map proto to satype */
 6774                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 6775                         ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
 6776                         return key_senderror(so, m, EINVAL);
 6777                 }
 6778 
 6779                 for (stateidx = 0;
 6780                      stateidx < _ARRAYLEN(saorder_state_any);
 6781                      stateidx++) {
 6782                         state = saorder_state_any[stateidx];
 6783                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6784                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 6785                                     --cnt, mhp->msg->sadb_msg_pid);
 6786                                 if (!n)
 6787                                         return key_senderror(so, m, ENOBUFS);
 6788 
 6789                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 6790                         }
 6791                 }
 6792         }
 6793 
 6794         m_freem(m);
 6795         return 0;
 6796 }
 6797 
 6798 /*
 6799  * SADB_X_PROMISC processing
 6800  *
 6801  * m will always be freed.
 6802  */
 6803 static int
 6804 key_promisc(so, m, mhp)
 6805         struct socket *so;
 6806         struct mbuf *m;
 6807         const struct sadb_msghdr *mhp;
 6808 {
 6809         int olen;
 6810 
 6811         /* sanity check */
 6812         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6813                 panic("key_promisc: NULL pointer is passed.");
 6814 
 6815         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 6816 
 6817         if (olen < sizeof(struct sadb_msg)) {
 6818 #if 1
 6819                 return key_senderror(so, m, EINVAL);
 6820 #else
 6821                 m_freem(m);
 6822                 return 0;
 6823 #endif
 6824         } else if (olen == sizeof(struct sadb_msg)) {
 6825                 /* enable/disable promisc mode */
 6826                 struct keycb *kp;
 6827 
 6828                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 6829                         return key_senderror(so, m, EINVAL);
 6830                 mhp->msg->sadb_msg_errno = 0;
 6831                 switch (mhp->msg->sadb_msg_satype) {
 6832                 case 0:
 6833                 case 1:
 6834                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 6835                         break;
 6836                 default:
 6837                         return key_senderror(so, m, EINVAL);
 6838                 }
 6839 
 6840                 /* send the original message back to everyone */
 6841                 mhp->msg->sadb_msg_errno = 0;
 6842                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6843         } else {
 6844                 /* send packet as is */
 6845 
 6846                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 6847 
 6848                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 6849                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6850         }
 6851 }
 6852 
 6853 static int (*key_typesw[])(struct socket *, struct mbuf *,
 6854                 const struct sadb_msghdr *) = {
 6855         NULL,           /* SADB_RESERVED */
 6856         key_getspi,     /* SADB_GETSPI */
 6857         key_update,     /* SADB_UPDATE */
 6858         key_add,        /* SADB_ADD */
 6859         key_delete,     /* SADB_DELETE */
 6860         key_get,        /* SADB_GET */
 6861         key_acquire2,   /* SADB_ACQUIRE */
 6862         key_register,   /* SADB_REGISTER */
 6863         NULL,           /* SADB_EXPIRE */
 6864         key_flush,      /* SADB_FLUSH */
 6865         key_dump,       /* SADB_DUMP */
 6866         key_promisc,    /* SADB_X_PROMISC */
 6867         NULL,           /* SADB_X_PCHANGE */
 6868         key_spdadd,     /* SADB_X_SPDUPDATE */
 6869         key_spdadd,     /* SADB_X_SPDADD */
 6870         key_spddelete,  /* SADB_X_SPDDELETE */
 6871         key_spdget,     /* SADB_X_SPDGET */
 6872         NULL,           /* SADB_X_SPDACQUIRE */
 6873         key_spddump,    /* SADB_X_SPDDUMP */
 6874         key_spdflush,   /* SADB_X_SPDFLUSH */
 6875         key_spdadd,     /* SADB_X_SPDSETIDX */
 6876         NULL,           /* SADB_X_SPDEXPIRE */
 6877         key_spddelete2, /* SADB_X_SPDDELETE2 */
 6878 };
 6879 
 6880 /*
 6881  * parse sadb_msg buffer to process PFKEYv2,
 6882  * and create a data to response if needed.
 6883  * I think to be dealed with mbuf directly.
 6884  * IN:
 6885  *     msgp  : pointer to pointer to a received buffer pulluped.
 6886  *             This is rewrited to response.
 6887  *     so    : pointer to socket.
 6888  * OUT:
 6889  *    length for buffer to send to user process.
 6890  */
 6891 int
 6892 key_parse(m, so)
 6893         struct mbuf *m;
 6894         struct socket *so;
 6895 {
 6896         struct sadb_msg *msg;
 6897         struct sadb_msghdr mh;
 6898         u_int orglen;
 6899         int error;
 6900         int target;
 6901 #ifdef INET6
 6902         struct sockaddr_in6 *sin6;
 6903 #endif
 6904 
 6905         /* sanity check */
 6906         if (m == NULL || so == NULL)
 6907                 panic("key_parse: NULL pointer is passed.");
 6908 
 6909 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 6910         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 6911                 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
 6912                 kdebug_sadb(msg));
 6913 #endif
 6914 
 6915         if (m->m_len < sizeof(struct sadb_msg)) {
 6916                 m = m_pullup(m, sizeof(struct sadb_msg));
 6917                 if (!m)
 6918                         return ENOBUFS;
 6919         }
 6920         msg = mtod(m, struct sadb_msg *);
 6921         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 6922         target = KEY_SENDUP_ONE;
 6923 
 6924         if ((m->m_flags & M_PKTHDR) == 0 ||
 6925             m->m_pkthdr.len != m->m_pkthdr.len) {
 6926                 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
 6927                 pfkeystat.out_invlen++;
 6928                 error = EINVAL;
 6929                 goto senderror;
 6930         }
 6931 
 6932         if (msg->sadb_msg_version != PF_KEY_V2) {
 6933                 ipseclog((LOG_DEBUG,
 6934                     "key_parse: PF_KEY version %u is mismatched.\n",
 6935                     msg->sadb_msg_version));
 6936                 pfkeystat.out_invver++;
 6937                 error = EINVAL;
 6938                 goto senderror;
 6939         }
 6940 
 6941         if (msg->sadb_msg_type > SADB_MAX) {
 6942                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 6943                     msg->sadb_msg_type));
 6944                 pfkeystat.out_invmsgtype++;
 6945                 error = EINVAL;
 6946                 goto senderror;
 6947         }
 6948 
 6949         /* for old-fashioned code - should be nuked */
 6950         if (m->m_pkthdr.len > MCLBYTES) {
 6951                 m_freem(m);
 6952                 return ENOBUFS;
 6953         }
 6954         if (m->m_next) {
 6955                 struct mbuf *n;
 6956 
 6957                 MGETHDR(n, M_DONTWAIT, MT_DATA);
 6958                 if (n && m->m_pkthdr.len > MHLEN) {
 6959                         MCLGET(n, M_DONTWAIT);
 6960                         if ((n->m_flags & M_EXT) == 0) {
 6961                                 m_free(n);
 6962                                 n = NULL;
 6963                         }
 6964                 }
 6965                 if (!n) {
 6966                         m_freem(m);
 6967                         return ENOBUFS;
 6968                 }
 6969                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 6970                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 6971                 n->m_next = NULL;
 6972                 m_freem(m);
 6973                 m = n;
 6974         }
 6975 
 6976         /* align the mbuf chain so that extensions are in contiguous region. */
 6977         error = key_align(m, &mh);
 6978         if (error)
 6979                 return error;
 6980 
 6981         msg = mh.msg;
 6982 
 6983         /* check SA type */
 6984         switch (msg->sadb_msg_satype) {
 6985         case SADB_SATYPE_UNSPEC:
 6986                 switch (msg->sadb_msg_type) {
 6987                 case SADB_GETSPI:
 6988                 case SADB_UPDATE:
 6989                 case SADB_ADD:
 6990                 case SADB_DELETE:
 6991                 case SADB_GET:
 6992                 case SADB_ACQUIRE:
 6993                 case SADB_EXPIRE:
 6994                         ipseclog((LOG_DEBUG, "key_parse: must specify satype "
 6995                             "when msg type=%u.\n", msg->sadb_msg_type));
 6996                         pfkeystat.out_invsatype++;
 6997                         error = EINVAL;
 6998                         goto senderror;
 6999                 }
 7000                 break;
 7001         case SADB_SATYPE_AH:
 7002         case SADB_SATYPE_ESP:
 7003         case SADB_X_SATYPE_IPCOMP:
 7004         case SADB_X_SATYPE_TCPSIGNATURE:
 7005                 switch (msg->sadb_msg_type) {
 7006                 case SADB_X_SPDADD:
 7007                 case SADB_X_SPDDELETE:
 7008                 case SADB_X_SPDGET:
 7009                 case SADB_X_SPDDUMP:
 7010                 case SADB_X_SPDFLUSH:
 7011                 case SADB_X_SPDSETIDX:
 7012                 case SADB_X_SPDUPDATE:
 7013                 case SADB_X_SPDDELETE2:
 7014                         ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
 7015                             msg->sadb_msg_type));
 7016                         pfkeystat.out_invsatype++;
 7017                         error = EINVAL;
 7018                         goto senderror;
 7019                 }
 7020                 break;
 7021         case SADB_SATYPE_RSVP:
 7022         case SADB_SATYPE_OSPFV2:
 7023         case SADB_SATYPE_RIPV2:
 7024         case SADB_SATYPE_MIP:
 7025                 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
 7026                     msg->sadb_msg_satype));
 7027                 pfkeystat.out_invsatype++;
 7028                 error = EOPNOTSUPP;
 7029                 goto senderror;
 7030         case 1: /* XXX: What does it do? */
 7031                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7032                         break;
 7033                 /*FALLTHROUGH*/
 7034         default:
 7035                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 7036                     msg->sadb_msg_satype));
 7037                 pfkeystat.out_invsatype++;
 7038                 error = EINVAL;
 7039                 goto senderror;
 7040         }
 7041 
 7042         /* check field of upper layer protocol and address family */
 7043         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 7044             mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7045                 struct sadb_address *src0, *dst0;
 7046                 u_int plen;
 7047 
 7048                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7049                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7050 
 7051                 /* check upper layer protocol */
 7052                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7053                         ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
 7054                         pfkeystat.out_invaddr++;
 7055                         error = EINVAL;
 7056                         goto senderror;
 7057                 }
 7058 
 7059                 /* check family */
 7060                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7061                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7062                         ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
 7063                         pfkeystat.out_invaddr++;
 7064                         error = EINVAL;
 7065                         goto senderror;
 7066                 }
 7067                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7068                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7069                         ipseclog((LOG_DEBUG,
 7070                             "key_parse: address struct size mismatched.\n"));
 7071                         pfkeystat.out_invaddr++;
 7072                         error = EINVAL;
 7073                         goto senderror;
 7074                 }
 7075 
 7076                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7077                 case AF_INET:
 7078                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7079                             sizeof(struct sockaddr_in)) {
 7080                                 pfkeystat.out_invaddr++;
 7081                                 error = EINVAL;
 7082                                 goto senderror;
 7083                         }
 7084                         break;
 7085                 case AF_INET6:
 7086                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7087                             sizeof(struct sockaddr_in6)) {
 7088                                 pfkeystat.out_invaddr++;
 7089                                 error = EINVAL;
 7090                                 goto senderror;
 7091                         }
 7092 #ifdef INET6
 7093                         /*
 7094                          * Check validity of the scope zone ID of the
 7095                          * addresses, and embed the zone ID into the address
 7096                          * if necessary.
 7097                          */
 7098                         sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(src0);
 7099                         if ((error = sa6_embedscope(sin6, 0)) != 0)
 7100                                 goto senderror;
 7101                         sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(dst0);
 7102                         if ((error = sa6_embedscope(sin6, 0)) != 0)
 7103                                 goto senderror;
 7104 #endif
 7105                         break;
 7106                 default:
 7107                         ipseclog((LOG_DEBUG,
 7108                             "key_parse: unsupported address family.\n"));
 7109                         pfkeystat.out_invaddr++;
 7110                         error = EAFNOSUPPORT;
 7111                         goto senderror;
 7112                 }
 7113 
 7114                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7115                 case AF_INET:
 7116                         plen = sizeof(struct in_addr) << 3;
 7117                         break;
 7118                 case AF_INET6:
 7119                         plen = sizeof(struct in6_addr) << 3;
 7120                         break;
 7121                 default:
 7122                         plen = 0;       /*fool gcc*/
 7123                         break;
 7124                 }
 7125 
 7126                 /* check max prefix length */
 7127                 if (src0->sadb_address_prefixlen > plen ||
 7128                     dst0->sadb_address_prefixlen > plen) {
 7129                         ipseclog((LOG_DEBUG,
 7130                             "key_parse: illegal prefixlen.\n"));
 7131                         pfkeystat.out_invaddr++;
 7132                         error = EINVAL;
 7133                         goto senderror;
 7134                 }
 7135 
 7136                 /*
 7137                  * prefixlen == 0 is valid because there can be a case when
 7138                  * all addresses are matched.
 7139                  */
 7140         }
 7141 
 7142         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7143             key_typesw[msg->sadb_msg_type] == NULL) {
 7144                 pfkeystat.out_invmsgtype++;
 7145                 error = EINVAL;
 7146                 goto senderror;
 7147         }
 7148 
 7149         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7150 
 7151 senderror:
 7152         msg->sadb_msg_errno = error;
 7153         return key_sendup_mbuf(so, m, target);
 7154 }
 7155 
 7156 static int
 7157 key_senderror(so, m, code)
 7158         struct socket *so;
 7159         struct mbuf *m;
 7160         int code;
 7161 {
 7162         struct sadb_msg *msg;
 7163 
 7164         if (m->m_len < sizeof(struct sadb_msg))
 7165                 panic("invalid mbuf passed to key_senderror");
 7166 
 7167         msg = mtod(m, struct sadb_msg *);
 7168         msg->sadb_msg_errno = code;
 7169         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7170 }
 7171 
 7172 /*
 7173  * set the pointer to each header into message buffer.
 7174  * m will be freed on error.
 7175  * XXX larger-than-MCLBYTES extension?
 7176  */
 7177 static int
 7178 key_align(m, mhp)
 7179         struct mbuf *m;
 7180         struct sadb_msghdr *mhp;
 7181 {
 7182         struct mbuf *n;
 7183         struct sadb_ext *ext;
 7184         size_t off, end;
 7185         int extlen;
 7186         int toff;
 7187 
 7188         /* sanity check */
 7189         if (m == NULL || mhp == NULL)
 7190                 panic("key_align: NULL pointer is passed.");
 7191         if (m->m_len < sizeof(struct sadb_msg))
 7192                 panic("invalid mbuf passed to key_align");
 7193 
 7194         /* initialize */
 7195         bzero(mhp, sizeof(*mhp));
 7196 
 7197         mhp->msg = mtod(m, struct sadb_msg *);
 7198         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7199 
 7200         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7201         extlen = end;   /*just in case extlen is not updated*/
 7202         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7203                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7204                 if (!n) {
 7205                         /* m is already freed */
 7206                         return ENOBUFS;
 7207                 }
 7208                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7209 
 7210                 /* set pointer */
 7211                 switch (ext->sadb_ext_type) {
 7212                 case SADB_EXT_SA:
 7213                 case SADB_EXT_ADDRESS_SRC:
 7214                 case SADB_EXT_ADDRESS_DST:
 7215                 case SADB_EXT_ADDRESS_PROXY:
 7216                 case SADB_EXT_LIFETIME_CURRENT:
 7217                 case SADB_EXT_LIFETIME_HARD:
 7218                 case SADB_EXT_LIFETIME_SOFT:
 7219                 case SADB_EXT_KEY_AUTH:
 7220                 case SADB_EXT_KEY_ENCRYPT:
 7221                 case SADB_EXT_IDENTITY_SRC:
 7222                 case SADB_EXT_IDENTITY_DST:
 7223                 case SADB_EXT_SENSITIVITY:
 7224                 case SADB_EXT_PROPOSAL:
 7225                 case SADB_EXT_SUPPORTED_AUTH:
 7226                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7227                 case SADB_EXT_SPIRANGE:
 7228                 case SADB_X_EXT_POLICY:
 7229                 case SADB_X_EXT_SA2:
 7230                         /* duplicate check */
 7231                         /*
 7232                          * XXX Are there duplication payloads of either
 7233                          * KEY_AUTH or KEY_ENCRYPT ?
 7234                          */
 7235                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7236                                 ipseclog((LOG_DEBUG,
 7237                                     "key_align: duplicate ext_type %u "
 7238                                     "is passed.\n", ext->sadb_ext_type));
 7239                                 m_freem(m);
 7240                                 pfkeystat.out_dupext++;
 7241                                 return EINVAL;
 7242                         }
 7243                         break;
 7244                 default:
 7245                         ipseclog((LOG_DEBUG,
 7246                             "key_align: invalid ext_type %u is passed.\n",
 7247                             ext->sadb_ext_type));
 7248                         m_freem(m);
 7249                         pfkeystat.out_invexttype++;
 7250                         return EINVAL;
 7251                 }
 7252 
 7253                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7254 
 7255                 if (key_validate_ext(ext, extlen)) {
 7256                         m_freem(m);
 7257                         pfkeystat.out_invlen++;
 7258                         return EINVAL;
 7259                 }
 7260 
 7261                 n = m_pulldown(m, off, extlen, &toff);
 7262                 if (!n) {
 7263                         /* m is already freed */
 7264                         return ENOBUFS;
 7265                 }
 7266                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7267 
 7268                 mhp->ext[ext->sadb_ext_type] = ext;
 7269                 mhp->extoff[ext->sadb_ext_type] = off;
 7270                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7271         }
 7272 
 7273         if (off != end) {
 7274                 m_freem(m);
 7275                 pfkeystat.out_invlen++;
 7276                 return EINVAL;
 7277         }
 7278 
 7279         return 0;
 7280 }
 7281 
 7282 static int
 7283 key_validate_ext(ext, len)
 7284         struct sadb_ext *ext;
 7285         int len;
 7286 {
 7287         struct sockaddr *sa;
 7288         enum { NONE, ADDR } checktype = NONE;
 7289         int baselen = 0;
 7290         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7291 
 7292         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7293                 return EINVAL;
 7294 
 7295         /* if it does not match minimum/maximum length, bail */
 7296         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7297             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7298                 return EINVAL;
 7299         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7300                 return EINVAL;
 7301         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7302                 return EINVAL;
 7303 
 7304         /* more checks based on sadb_ext_type XXX need more */
 7305         switch (ext->sadb_ext_type) {
 7306         case SADB_EXT_ADDRESS_SRC:
 7307         case SADB_EXT_ADDRESS_DST:
 7308         case SADB_EXT_ADDRESS_PROXY:
 7309                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7310                 checktype = ADDR;
 7311                 break;
 7312         case SADB_EXT_IDENTITY_SRC:
 7313         case SADB_EXT_IDENTITY_DST:
 7314                 if (((struct sadb_ident *)ext)->sadb_ident_type ==
 7315                     SADB_X_IDENTTYPE_ADDR) {
 7316                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7317                         checktype = ADDR;
 7318                 } else
 7319                         checktype = NONE;
 7320                 break;
 7321         default:
 7322                 checktype = NONE;
 7323                 break;
 7324         }
 7325 
 7326         switch (checktype) {
 7327         case NONE:
 7328                 break;
 7329         case ADDR:
 7330                 sa = (struct sockaddr *)((caddr_t)ext + baselen);
 7331                 if (len < baselen + sal)
 7332                         return EINVAL;
 7333                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7334                         return EINVAL;
 7335                 break;
 7336         }
 7337 
 7338         return 0;
 7339 }
 7340 
 7341 void
 7342 key_init()
 7343 {
 7344         int i;
 7345 
 7346         bzero((caddr_t)&key_cb, sizeof(key_cb));
 7347 
 7348         callout_init(&key_timehandler_ch, 0);
 7349 
 7350         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7351                 LIST_INIT(&sptree[i]);
 7352 
 7353         LIST_INIT(&sahtree);
 7354 
 7355         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7356                 LIST_INIT(&regtree[i]);
 7357 
 7358         for (i = 0; i < SPIHASHSIZE; i++)
 7359                 LIST_INIT(&spihash[i]);
 7360 
 7361 #ifndef IPSEC_NONBLOCK_ACQUIRE
 7362         LIST_INIT(&acqtree);
 7363 #endif
 7364         LIST_INIT(&spacqtree);
 7365 
 7366         TAILQ_INIT(&satailq);
 7367         TAILQ_INIT(&sptailq);
 7368 
 7369         /* system default */
 7370 #ifdef INET
 7371         ip4_def_policy = key_newsp(0);
 7372         if (!ip4_def_policy)
 7373                 panic("could not initialize IPv4 default security policy");
 7374         ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7375         ip4_def_policy->policy = IPSEC_POLICY_NONE;
 7376         ip4_def_policy->dir = IPSEC_DIR_ANY;
 7377         ip4_def_policy->readonly = 1;
 7378         ip4_def_policy->persist = 1;
 7379 #endif
 7380 #ifdef INET6
 7381         ip6_def_policy = key_newsp(0);
 7382         if (!ip6_def_policy)
 7383                 panic("could not initialize IPv6 default security policy");
 7384         ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7385         ip6_def_policy->policy = IPSEC_POLICY_NONE;
 7386         ip6_def_policy->dir = IPSEC_DIR_ANY;
 7387         ip6_def_policy->readonly = 1;
 7388         ip6_def_policy->persist = 1;
 7389 #endif
 7390 
 7391         callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
 7392 
 7393         /* initialize key statistics */
 7394         keystat.getspi_count = 1;
 7395 
 7396         printf("IPsec: Initialized Security Association Processing.\n");
 7397 
 7398         return;
 7399 }
 7400 
 7401 /*
 7402  * XXX: maybe This function is called after INBOUND IPsec processing.
 7403  *
 7404  * Special check for tunnel-mode packets.
 7405  * We must make some checks for consistency between inner and outer IP header.
 7406  *
 7407  * xxx more checks to be provided
 7408  */
 7409 int
 7410 key_checktunnelsanity(sav, family, src, dst)
 7411         struct secasvar *sav;
 7412         u_int family;
 7413         caddr_t src;
 7414         caddr_t dst;
 7415 {
 7416         /* sanity check */
 7417         if (sav->sah == NULL)
 7418                 panic("sav->sah == NULL at key_checktunnelsanity");
 7419 
 7420         /* XXX: check inner IP header */
 7421 
 7422         return 1;
 7423 }
 7424 
 7425 #if 0
 7426 /*
 7427  * Get FQDN for the host.
 7428  * If the administrator configured hostname (by hostname(1)) without
 7429  * domain name, returns nothing.
 7430  */
 7431 static const char *
 7432 key_getfqdn()
 7433 {
 7434         int i;
 7435         int hasdot;
 7436         static char fqdn[MAXHOSTNAMELEN + 1];
 7437         int hostnamelen = strlen(hostname);
 7438 
 7439         if (!hostnamelen)
 7440                 return NULL;
 7441 
 7442         /* check if it comes with domain name. */
 7443         hasdot = 0;
 7444         for (i = 0; i < hostnamelen; i++) {
 7445                 if (hostname[i] == '.')
 7446                         hasdot++;
 7447         }
 7448         if (!hasdot)
 7449                 return NULL;
 7450 
 7451         /* NOTE: hostname may not be NUL-terminated. */
 7452         bzero(fqdn, sizeof(fqdn));
 7453         bcopy(hostname, fqdn, hostnamelen);
 7454         fqdn[hostnamelen] = '\0';
 7455         return fqdn;
 7456 }
 7457 
 7458 /*
 7459  * get username@FQDN for the host/user.
 7460  */
 7461 static const char *
 7462 key_getuserfqdn()
 7463 {
 7464         const char *host;
 7465         static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
 7466         struct proc *p = curproc;
 7467         char *q;
 7468 
 7469         PROC_LOCK(p);
 7470         if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
 7471                 PROC_UNLOCK(p);
 7472                 return NULL;
 7473         }
 7474         if (!(host = key_getfqdn())) {
 7475                 PROC_UNLOCK(p);
 7476                 return NULL;
 7477         }
 7478 
 7479         /* NOTE: s_login may not be-NUL terminated. */
 7480         bzero(userfqdn, sizeof(userfqdn));
 7481         SESS_LOCK(p->p_session);
 7482         bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
 7483         SESS_UNLOCK(p->p_session);
 7484         PROC_UNLOCK(p);
 7485         userfqdn[MAXLOGNAME] = '\0';    /* safeguard */
 7486         q = userfqdn + strlen(userfqdn);
 7487         *q++ = '@';
 7488         bcopy(host, q, strlen(host));
 7489         q += strlen(host);
 7490         *q++ = '\0';
 7491 
 7492         return userfqdn;
 7493 }
 7494 #endif
 7495 
 7496 /* record data transfer on SA, and update timestamps */
 7497 void
 7498 key_sa_recordxfer(sav, m)
 7499         struct secasvar *sav;
 7500         struct mbuf *m;
 7501 {
 7502         if (!sav)
 7503                 panic("key_sa_recordxfer called with sav == NULL");
 7504         if (!m)
 7505                 panic("key_sa_recordxfer called with m == NULL");
 7506         if (!sav->lft_c)
 7507                 return;
 7508 
 7509         /*
 7510          * XXX Currently, there is a difference of bytes size
 7511          * between inbound and outbound processing.
 7512          */
 7513         sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
 7514         /* to check bytes lifetime is done in key_timehandler(). */
 7515 
 7516         /*
 7517          * We use the number of packets as the unit of
 7518          * sadb_lifetime_allocations.  We increment the variable
 7519          * whenever {esp,ah}_{in,out}put is called.
 7520          */
 7521         sav->lft_c->sadb_lifetime_allocations++;
 7522         /* XXX check for expires? */
 7523 
 7524         /*
 7525          * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
 7526          * in seconds.  HARD and SOFT lifetime are measured by the time
 7527          * difference (again in seconds) from sadb_lifetime_usetime.
 7528          *
 7529          *      usetime
 7530          *      v     expire   expire
 7531          * -----+-----+--------+---> t
 7532          *      <--------------> HARD
 7533          *      <-----> SOFT
 7534          */
 7535     {
 7536         sav->lft_c->sadb_lifetime_usetime = time_second;
 7537         /* XXX check for expires? */
 7538     }
 7539 
 7540         return;
 7541 }
 7542 
 7543 /* dumb version */
 7544 void
 7545 key_sa_routechange(dst)
 7546         struct sockaddr *dst;
 7547 {
 7548         struct secashead *sah;
 7549         struct route *ro;
 7550 
 7551         LIST_FOREACH(sah, &sahtree, chain) {
 7552                 ro = &sah->sa_route;
 7553                 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
 7554                     bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
 7555                         RTFREE(ro->ro_rt);
 7556                         ro->ro_rt = (struct rtentry *)NULL;
 7557                 }
 7558         }
 7559 
 7560         return;
 7561 }
 7562 
 7563 static void
 7564 key_sa_chgstate(sav, state)
 7565         struct secasvar *sav;
 7566         u_int8_t state;
 7567 {
 7568         if (sav == NULL)
 7569                 panic("key_sa_chgstate called with sav == NULL");
 7570 
 7571         if (sav->state == state)
 7572                 return;
 7573 
 7574         if (__LIST_CHAINED(sav))
 7575                 LIST_REMOVE(sav, chain);
 7576 
 7577         sav->state = state;
 7578         LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
 7579 }
 7580 
 7581 void
 7582 key_sa_stir_iv(sav)
 7583         struct secasvar *sav;
 7584 {
 7585 
 7586         if (!sav->iv)
 7587                 panic("key_sa_stir_iv called with sav == NULL");
 7588         key_randomfill(sav->iv, sav->ivlen);
 7589 }
 7590 
 7591 static void
 7592 key_sp_dead(sp)
 7593         struct secpolicy *sp;
 7594 {
 7595 
 7596         /* mark the SP dead */
 7597         sp->state = IPSEC_SPSTATE_DEAD;
 7598 }
 7599 
 7600 static void
 7601 key_sp_unlink(sp)
 7602         struct secpolicy *sp;
 7603 {
 7604 
 7605         /* remove from SP index */
 7606         if (__LIST_CHAINED(sp)) {
 7607                 LIST_REMOVE(sp, chain);
 7608                 key_freesp(sp);
 7609         }
 7610 }
 7611 
 7612 /* XXX too much? */
 7613 static struct mbuf *
 7614 key_alloc_mbuf(l)
 7615         int l;
 7616 {
 7617         struct mbuf *m = NULL, *n;
 7618         int len, t;
 7619 
 7620         len = l;
 7621         while (len > 0) {
 7622                 MGET(n, M_DONTWAIT, MT_DATA);
 7623                 if (n && len > MLEN)
 7624                         MCLGET(n, M_DONTWAIT);
 7625                 if (!n) {
 7626                         m_freem(m);
 7627                         return NULL;
 7628                 }
 7629 
 7630                 n->m_next = NULL;
 7631                 n->m_len = 0;
 7632                 n->m_len = M_TRAILINGSPACE(n);
 7633                 /* use the bottom of mbuf, hoping we can prepend afterwards */
 7634                 if (n->m_len > len) {
 7635                         t = (n->m_len - len) & ~(sizeof(long) - 1);
 7636                         n->m_data += t;
 7637                         n->m_len = len;
 7638                 }
 7639 
 7640                 len -= n->m_len;
 7641 
 7642                 if (m)
 7643                         m_cat(m, n);
 7644                 else
 7645                         m = n;
 7646         }
 7647 
 7648         return m;
 7649 }

Cache object: 5bbd5a02078d04a02e01a349382dc682


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.