Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: key.c,v 1.163.4.1 2010/02/14 13:35:44 bouyer Exp $ */ 2 /* $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * This code is referred to RFC 2367 35 */ 36 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.4.1 2010/02/14 13:35:44 bouyer Exp $"); 39 40 #include "opt_inet.h" 41 #include "opt_ipsec.h" 42 #include "fs_kernfs.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/callout.h> 47 #include <sys/kernel.h> 48 #include <sys/mbuf.h> 49 #include <sys/domain.h> 50 #include <sys/protosw.h> 51 #include <sys/malloc.h> 52 #include <sys/socket.h> 53 #include <sys/socketvar.h> 54 #include <sys/errno.h> 55 #include <sys/proc.h> 56 #include <sys/queue.h> 57 #include <sys/sysctl.h> 58 #include <sys/syslog.h> 59 #include <sys/once.h> 60 61 #include <net/if.h> 62 #include <net/route.h> 63 #include <net/raw_cb.h> 64 65 #include <netinet/in.h> 66 #include <netinet/in_systm.h> 67 #include <netinet/ip.h> 68 #include <netinet/in_var.h> 69 70 #ifdef INET6 71 #include <netinet/ip6.h> 72 #include <netinet6/in6_var.h> 73 #include <netinet6/ip6_var.h> 74 #include <netinet6/scope6_var.h> 75 #endif /* INET6 */ 76 77 #ifdef INET 78 #include <netinet/in_pcb.h> 79 #endif 80 #ifdef INET6 81 #include <netinet6/in6_pcb.h> 82 #endif /* INET6 */ 83 84 #include <net/pfkeyv2.h> 85 #include <netkey/keydb.h> 86 #include <netkey/key.h> 87 #include <netkey/keysock.h> 88 #include <netkey/key_debug.h> 89 #include <netkey/key_private.h> 90 91 #include <netinet6/ipsec.h> 92 #include <netinet6/ah.h> 93 #ifdef IPSEC_ESP 94 #include <netinet6/esp.h> 95 #endif 96 #include <netinet6/ipcomp.h> 97 98 #ifdef KERNFS 99 #include <miscfs/kernfs/kernfs.h> 100 #endif 101 102 #include <machine/stdarg.h> 103 104 #include "rnd.h" 105 #if NRND > 0 106 #include <sys/rnd.h> 107 #endif 108 109 #include <net/net_osdep.h> 110 111 #ifndef offsetof 112 #define offsetof(type, member) ((size_t)(&((type *)0)->member)) 113 #endif 114 #ifndef satosin 115 #define satosin(s) ((struct sockaddr_in *)s) 116 #endif 117 118 #define FULLMASK 0xff 119 120 percpu_t *pfkeystat_percpu; 121 122 /* 123 * Note on SA reference counting: 124 * - SAs that are not in DEAD state will have (total external reference + 1) 125 * following value in reference count field. they cannot be freed and are 126 * referenced from SA header. 127 * - SAs that are in DEAD state will have (total external reference) 128 * in reference count field. they are ready to be freed. reference from 129 * SA header will be removed in keydb_delsecasvar(), when the reference count 130 * field hits 0 (= no external reference other than from SA header. 131 */ 132 133 u_int32_t key_debug_level = 0; 134 static u_int key_spi_trycnt = 1000; 135 static u_int32_t key_spi_minval = 0x100; 136 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ 137 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ 138 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ 139 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ 140 141 static u_int32_t acq_seq = 0; 142 143 struct _satailq satailq; /* list of all SAD entry */ 144 struct _sptailq sptailq; /* SPD table + pcb */ 145 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */ 146 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ 147 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; 148 /* registed list */ 149 150 #define SPIHASHSIZE 128 151 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE) 152 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE]; 153 154 #ifndef IPSEC_NONBLOCK_ACQUIRE 155 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ 156 #endif 157 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ 158 159 struct key_cb key_cb; 160 161 /* search order for SAs */ 162 static const u_int saorder_state_valid[] = { 163 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 164 /* 165 * This order is important because we must select a oldest SA 166 * for outbound processing. For inbound, This is not important. 167 */ 168 }; 169 static const u_int saorder_state_alive[] = { 170 /* except DEAD */ 171 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 172 }; 173 static const u_int saorder_state_any[] = { 174 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 175 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 176 }; 177 178 static const int minsize[] = { 179 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 180 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 181 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 182 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 183 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 184 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 185 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 186 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 187 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 188 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 189 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 190 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 191 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 192 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 193 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 194 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 195 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 196 0, /* SADB_X_EXT_KMPRIVATE */ 197 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 198 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 199 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 200 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 201 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 202 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OA */ 203 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 204 #ifdef SADB_X_EXT_TAG 205 sizeof(struct sadb_x_tag), /* SADB_X_TAG */ 206 #endif 207 }; 208 static const int maxsize[] = { 209 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 210 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 211 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 212 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 214 0, /* SADB_EXT_ADDRESS_SRC */ 215 0, /* SADB_EXT_ADDRESS_DST */ 216 0, /* SADB_EXT_ADDRESS_PROXY */ 217 0, /* SADB_EXT_KEY_AUTH */ 218 0, /* SADB_EXT_KEY_ENCRYPT */ 219 0, /* SADB_EXT_IDENTITY_SRC */ 220 0, /* SADB_EXT_IDENTITY_DST */ 221 0, /* SADB_EXT_SENSITIVITY */ 222 0, /* SADB_EXT_PROPOSAL */ 223 0, /* SADB_EXT_SUPPORTED_AUTH */ 224 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 225 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 226 0, /* SADB_X_EXT_KMPRIVATE */ 227 0, /* SADB_X_EXT_POLICY */ 228 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 229 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ 230 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ 231 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ 232 0, /* SADB_X_EXT_NAT_T_OA */ 233 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ 234 #ifdef SADB_X_EXT_TAG 235 sizeof(struct sadb_x_tag), /* SADB_X_TAG */ 236 #endif 237 }; 238 239 static int ipsec_esp_keymin = 256; 240 static int ipsec_esp_auth = 0; 241 static int ipsec_ah_keymin = 128; 242 243 #define __LIST_CHAINED(elm) \ 244 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 245 #define LIST_INSERT_TAIL(head, elm, type, field) \ 246 do {\ 247 struct type *curelm = LIST_FIRST(head); \ 248 if (curelm == NULL) {\ 249 LIST_INSERT_HEAD(head, elm, field); \ 250 } else { \ 251 while (LIST_NEXT(curelm, field)) \ 252 curelm = LIST_NEXT(curelm, field);\ 253 LIST_INSERT_AFTER(curelm, elm, field);\ 254 }\ 255 } while (/*CONSTCOND*/ 0) 256 257 #define KEY_CHKSASTATE(head, sav, name) \ 258 /* do */ { \ 259 if ((head) != (sav)) { \ 260 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \ 261 (name), (head), (sav))); \ 262 continue; \ 263 } \ 264 } // while (/*CONSTCOND*/ 0) 265 266 #define KEY_CHKSPDIR(head, sp, name) \ 267 do { \ 268 if ((head) != (sp)) { \ 269 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \ 270 "anyway continue.\n", \ 271 (name), (head), (sp))); \ 272 } \ 273 } while (/*CONSTCOND*/ 0) 274 275 #if 1 276 #define KMALLOC(p, t, n) \ 277 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT)) 278 #define KFREE(p) \ 279 free((void *)(p), M_SECA) 280 #else 281 #define KMALLOC(p, t, n) \ 282 do { \ 283 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \ 284 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \ 285 __FILE__, __LINE__, (p), #t, n); \ 286 } while (/*CONSTCOND*/ 0) 287 288 #define KFREE(p) \ 289 do { \ 290 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \ 291 free((void *)(p), M_SECA); \ 292 } while (/*CONSTCOND*/ 0) 293 #endif 294 295 /* 296 * set parameters into secpolicyindex buffer. 297 * Must allocate secpolicyindex buffer passed to this function. 298 */ 299 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \ 300 do { \ 301 (void)memset((idx), 0, sizeof(struct secpolicyindex)); \ 302 (idx)->prefs = (ps); \ 303 (idx)->prefd = (pd); \ 304 (idx)->ul_proto = (ulp); \ 305 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\ 306 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\ 307 } while (/*CONSTCOND*/ 0) 308 309 /* 310 * set parameters into secasindex buffer. 311 * Must allocate secasindex buffer before calling this function. 312 */ 313 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 314 do { \ 315 (void)memset((idx), 0, sizeof(struct secasindex)); \ 316 (idx)->proto = (p); \ 317 (idx)->mode = (m); \ 318 (idx)->reqid = (r); \ 319 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\ 320 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\ 321 } while (/*CONSTCOND*/ 0) 322 323 /* key statistics */ 324 struct _keystat { 325 u_long getspi_count; /* the avarage of count to try to get new SPI */ 326 } keystat; 327 328 struct sadb_msghdr { 329 struct sadb_msg *msg; 330 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 331 int extoff[SADB_EXT_MAX + 1]; 332 int extlen[SADB_EXT_MAX + 1]; 333 }; 334 335 static struct secasvar *key_allocsa_policy __P((struct secasindex *)); 336 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int)); 337 static void key_delsav __P((struct secasvar *)); 338 static void key_delsp __P((struct secpolicy *)); 339 static struct secpolicy *key_getsp __P((struct secpolicyindex *, int)); 340 #ifdef SADB_X_EXT_TAG 341 static struct secpolicy *key_getspbytag __P((u_int16_t, int)); 342 #endif 343 static u_int16_t key_newreqid __P((void)); 344 static struct mbuf *key_gather_mbuf __P((struct mbuf *, 345 const struct sadb_msghdr *, int, int, ...)); 346 static int key_spdadd __P((struct socket *, struct mbuf *, 347 const struct sadb_msghdr *)); 348 static int key_spddelete __P((struct socket *, struct mbuf *, 349 const struct sadb_msghdr *)); 350 static int key_spddelete2 __P((struct socket *, struct mbuf *, 351 const struct sadb_msghdr *)); 352 static int key_spdget __P((struct socket *, struct mbuf *, 353 const struct sadb_msghdr *)); 354 static int key_spdflush __P((struct socket *, struct mbuf *, 355 const struct sadb_msghdr *)); 356 static int key_spddump __P((struct socket *, struct mbuf *, 357 const struct sadb_msghdr *)); 358 #ifdef IPSEC_NAT_T 359 static int key_nat_map __P((struct socket *, struct mbuf *, 360 const struct sadb_msghdr *)); 361 #endif 362 static struct mbuf *key_setspddump __P((int *)); 363 static u_int key_getspreqmsglen __P((struct secpolicy *)); 364 static int key_spdexpire __P((struct secpolicy *)); 365 static struct secashead *key_newsah __P((struct secasindex *)); 366 static void key_delsah __P((struct secashead *)); 367 static struct secasvar *key_newsav __P((struct mbuf *, 368 const struct sadb_msghdr *, struct secashead *, int *)); 369 static struct secashead *key_getsah __P((struct secasindex *)); 370 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t)); 371 static void key_setspi __P((struct secasvar *, u_int32_t)); 372 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t)); 373 static int key_setsaval __P((struct secasvar *, struct mbuf *, 374 const struct sadb_msghdr *)); 375 static int key_mature __P((struct secasvar *)); 376 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t, 377 u_int8_t, u_int32_t, u_int32_t)); 378 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t, 379 u_int32_t, pid_t, u_int16_t)); 380 static struct mbuf *key_setsadbsa __P((struct secasvar *)); 381 static struct mbuf *key_setsadbaddr __P((u_int16_t, 382 struct sockaddr *, u_int8_t, u_int16_t)); 383 #if 0 384 static struct mbuf *key_setsadbident __P((u_int16_t, u_int16_t, void *, 385 int, u_int64_t)); 386 #endif 387 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int16_t)); 388 #ifdef SADB_X_EXT_TAG 389 static struct mbuf *key_setsadbxtag __P((u_int16_t)); 390 #endif 391 #ifdef IPSEC_NAT_T 392 static struct mbuf *key_setsadbxport __P((u_int16_t, u_int16_t)); 393 static struct mbuf *key_setsadbxtype __P((u_int16_t)); 394 #endif 395 static void key_porttosaddr __P((struct sockaddr *, u_int16_t)); 396 #define KEY_PORTTOSADDR(saddr, port) \ 397 key_porttosaddr((struct sockaddr *)(saddr), (port)) 398 static int key_checksalen __P((const struct sockaddr *)); 399 #define KEY_CHECKSALEN(saddr) key_checksalen((const struct sockaddr *)(saddr)) 400 static struct mbuf *key_setsadblifetime __P((u_int16_t, u_int32_t, 401 u_int64_t, u_int64_t, u_int64_t)); 402 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t, 403 u_int32_t)); 404 static void *key_newbuf __P((const void *, u_int)); 405 static int key_ismyaddr __P((struct sockaddr *)); 406 #ifdef INET6 407 static int key_ismyaddr6 __P((struct sockaddr_in6 *)); 408 #endif 409 static int key_cmpsaidx_exactly 410 __P((struct secasindex *, struct secasindex *)); 411 static int key_cmpsaidx_withmode 412 __P((struct secasindex *, struct secasindex *)); 413 static int key_cmpsaidx_withoutmode 414 __P((struct secasindex *, struct secasindex *)); 415 static int key_sockaddrcmp __P((struct sockaddr *, struct sockaddr *, int)); 416 static int key_bbcmp __P((void *, void *, u_int)); 417 static u_long key_random __P((void)); 418 static u_int16_t key_satype2proto __P((u_int8_t)); 419 static u_int8_t key_proto2satype __P((u_int16_t)); 420 421 static int key_getspi __P((struct socket *, struct mbuf *, 422 const struct sadb_msghdr *)); 423 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *, 424 struct secasindex *)); 425 static int key_update __P((struct socket *, struct mbuf *, 426 const struct sadb_msghdr *)); 427 #ifdef IPSEC_DOSEQCHECK 428 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t)); 429 #endif 430 static int key_add __P((struct socket *, struct mbuf *, 431 const struct sadb_msghdr *)); 432 static int key_setident __P((struct secashead *, struct mbuf *, 433 const struct sadb_msghdr *)); 434 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *, 435 const struct sadb_msghdr *)); 436 static int key_delete __P((struct socket *, struct mbuf *, 437 const struct sadb_msghdr *)); 438 static int key_get __P((struct socket *, struct mbuf *, 439 const struct sadb_msghdr *)); 440 441 static void key_getcomb_setlifetime __P((struct sadb_comb *)); 442 #ifdef IPSEC_ESP 443 static struct mbuf *key_getcomb_esp __P((void)); 444 #endif 445 static struct mbuf *key_getcomb_ah __P((void)); 446 static struct mbuf *key_getcomb_ipcomp __P((void)); 447 static struct mbuf *key_getprop __P((const struct secasindex *)); 448 449 static int key_acquire __P((struct secasindex *, struct secpolicy *)); 450 #ifndef IPSEC_NONBLOCK_ACQUIRE 451 static struct secacq *key_newacq __P((struct secasindex *)); 452 static struct secacq *key_getacq __P((struct secasindex *)); 453 static struct secacq *key_getacqbyseq __P((u_int32_t)); 454 #endif 455 static struct secspacq *key_newspacq __P((struct secpolicyindex *)); 456 static struct secspacq *key_getspacq __P((struct secpolicyindex *)); 457 static int key_acquire2 __P((struct socket *, struct mbuf *, 458 const struct sadb_msghdr *)); 459 static int key_register __P((struct socket *, struct mbuf *, 460 const struct sadb_msghdr *)); 461 static int key_expire __P((struct secasvar *)); 462 static int key_flush __P((struct socket *, struct mbuf *, 463 const struct sadb_msghdr *)); 464 static int key_dump __P((struct socket *, struct mbuf *, 465 const struct sadb_msghdr *)); 466 static struct mbuf *key_setdump __P((u_int8_t, int *)); 467 static int key_promisc __P((struct socket *, struct mbuf *, 468 const struct sadb_msghdr *)); 469 static int key_senderror __P((struct socket *, struct mbuf *, int)); 470 static int key_validate_ext __P((const struct sadb_ext *, int)); 471 static int key_align __P((struct mbuf *, struct sadb_msghdr *)); 472 #if 0 473 static const char *key_getfqdn __P((void)); 474 static const char *key_getuserfqdn __P((void)); 475 #endif 476 static void key_sa_chgstate __P((struct secasvar *, u_int8_t)); 477 static void key_sp_dead __P((struct secpolicy *)); 478 static void key_sp_unlink __P((struct secpolicy *)); 479 static struct mbuf *key_alloc_mbuf __P((int)); 480 struct callout key_timehandler_ch; 481 482 /* %%% IPsec policy management */ 483 /* 484 * allocating a SP for OUTBOUND or INBOUND packet. 485 * Must call key_freesp() later. 486 * OUT: NULL: not found 487 * others: found and return the pointer. 488 */ 489 struct secpolicy * 490 key_allocsp(tag, spidx, dir) 491 u_int16_t tag; 492 struct secpolicyindex *spidx; 493 u_int dir; 494 { 495 struct secpolicy *sp; 496 int s; 497 498 /* check direction */ 499 switch (dir) { 500 case IPSEC_DIR_INBOUND: 501 case IPSEC_DIR_OUTBOUND: 502 break; 503 default: 504 panic("key_allocsp: Invalid direction is passed."); 505 } 506 507 /* get a SP entry */ 508 s = splsoftnet(); /*called from softclock()*/ 509 if (spidx) { 510 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 511 printf("*** objects\n"); 512 kdebug_secpolicyindex(spidx)); 513 } 514 515 LIST_FOREACH(sp, &sptree[dir], chain) { 516 if (sp->state == IPSEC_SPSTATE_DEAD) 517 continue; 518 if (!sp->spidx) { 519 if (!tag) 520 continue; 521 if (sp->tag == tag) 522 goto found; 523 } else { 524 if (!spidx) 525 continue; 526 527 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 528 printf("*** in SPD\n"); 529 kdebug_secpolicyindex(sp->spidx)); 530 531 if (key_cmpspidx_withmask(sp->spidx, spidx)) 532 goto found; 533 } 534 } 535 536 splx(s); 537 return NULL; 538 539 found: 540 /* sanity check */ 541 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp"); 542 543 /* found a SPD entry */ 544 sp->lastused = time_second; 545 sp->refcnt++; 546 splx(s); 547 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 548 printf("DP key_allocsp cause refcnt++:%d SP:%p\n", 549 sp->refcnt, sp)); 550 551 return sp; 552 } 553 554 /* 555 * allocating an SA entry for an *OUTBOUND* packet. 556 * checking each request entries in SP, and acquire an SA if need. 557 * OUT: 0: there are valid requests. 558 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 559 */ 560 int 561 key_checkrequest(isr, saidx) 562 struct ipsecrequest *isr; 563 struct secasindex *saidx; 564 { 565 u_int level; 566 int error; 567 568 /* sanity check */ 569 if (isr == NULL || saidx == NULL) 570 panic("key_checkrequest: NULL pointer is passed."); 571 572 /* check mode */ 573 switch (saidx->mode) { 574 case IPSEC_MODE_TRANSPORT: 575 case IPSEC_MODE_TUNNEL: 576 break; 577 case IPSEC_MODE_ANY: 578 default: 579 panic("key_checkrequest: Invalid policy defined."); 580 } 581 582 /* get current level */ 583 level = ipsec_get_reqlevel(isr, saidx->src.ss_family); 584 585 #if 0 586 /* 587 * We do allocate new SA only if the state of SA in the holder is 588 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest. 589 */ 590 if (isr->sav != NULL) { 591 if (isr->sav->sah == NULL) 592 panic("key_checkrequest: sah is null."); 593 if (isr->sav == 594 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) { 595 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 596 printf("DP checkrequest calls free SA:%p\n", 597 isr->sav)); 598 key_freesav(isr->sav); 599 isr->sav = NULL; 600 } 601 } 602 #else 603 /* 604 * we free any SA stashed in the IPsec request because a different 605 * SA may be involved each time this request is checked, either 606 * because new SAs are being configured, or this request is 607 * associated with an unconnected datagram socket, or this request 608 * is associated with a system default policy. 609 * 610 * The operation may have negative impact to performance. We may 611 * want to check cached SA carefully, rather than picking new SA 612 * every time. 613 */ 614 if (isr->sav != NULL) { 615 key_freesav(isr->sav); 616 isr->sav = NULL; 617 } 618 #endif 619 620 /* 621 * new SA allocation if no SA found. 622 * key_allocsa_policy should allocate the oldest SA available. 623 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt. 624 */ 625 if (isr->sav == NULL) 626 isr->sav = key_allocsa_policy(saidx); 627 628 /* When there is SA. */ 629 if (isr->sav != NULL) 630 return 0; 631 632 /* there is no SA */ 633 if ((error = key_acquire(saidx, isr->sp)) != 0) { 634 /* XXX What should I do ? */ 635 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned " 636 "from key_acquire.\n", error)); 637 return error; 638 } 639 640 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0; 641 } 642 643 /* 644 * allocating a SA for policy entry from SAD. 645 * NOTE: searching SAD of aliving state. 646 * OUT: NULL: not found. 647 * others: found and return the pointer. 648 */ 649 static struct secasvar * 650 key_allocsa_policy(saidx) 651 struct secasindex *saidx; 652 { 653 struct secashead *sah; 654 struct secasvar *sav; 655 u_int stateidx, state; 656 657 LIST_FOREACH(sah, &sahtree, chain) { 658 if (sah->state == SADB_SASTATE_DEAD) 659 continue; 660 if (key_cmpsaidx_withmode(&sah->saidx, saidx)) 661 goto found; 662 } 663 664 return NULL; 665 666 found: 667 668 /* search valid state */ 669 for (stateidx = 0; 670 stateidx < _ARRAYLEN(saorder_state_valid); 671 stateidx++) { 672 673 state = saorder_state_valid[stateidx]; 674 675 sav = key_do_allocsa_policy(sah, state); 676 if (sav != NULL) 677 return sav; 678 } 679 680 return NULL; 681 } 682 683 /* 684 * searching SAD with direction, protocol, mode and state. 685 * called by key_allocsa_policy(). 686 * OUT: 687 * NULL : not found 688 * others : found, pointer to a SA. 689 */ 690 static struct secasvar * 691 key_do_allocsa_policy(sah, state) 692 struct secashead *sah; 693 u_int state; 694 { 695 struct secasvar *sav, *candidate; 696 697 /* initilize */ 698 candidate = NULL; 699 700 LIST_FOREACH(sav, &sah->savtree[state], chain) { 701 702 /* sanity check */ 703 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy"); 704 705 /* initialize */ 706 if (candidate == NULL) { 707 candidate = sav; 708 continue; 709 } 710 711 /* Which SA is the better ? */ 712 713 /* sanity check 2 */ 714 if (candidate->lft_c == NULL || sav->lft_c == NULL) 715 panic("key_do_allocsa_policy: " 716 "lifetime_current is NULL."); 717 718 /* XXX What the best method is to compare ? */ 719 if (candidate->lft_c->sadb_lifetime_addtime > 720 sav->lft_c->sadb_lifetime_addtime) { 721 candidate = sav; 722 continue; 723 } 724 } 725 726 if (candidate) { 727 candidate->refcnt++; 728 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 729 printf("DP allocsa_policy cause " 730 "refcnt++:%d SA:%p\n", 731 candidate->refcnt, candidate)); 732 } 733 return candidate; 734 } 735 736 /* 737 * allocating a SA entry for a *INBOUND* packet. 738 * Must call key_freesav() later. 739 * OUT: positive: pointer to a sav. 740 * NULL: not found, or error occurred. 741 * 742 * In the comparison, source address will be ignored for RFC2401 conformance. 743 * To quote, from section 4.1: 744 * A security association is uniquely identified by a triple consisting 745 * of a Security Parameter Index (SPI), an IP Destination Address, and a 746 * security protocol (AH or ESP) identifier. 747 * Note that, however, we do need to keep source address in IPsec SA. 748 * IKE specification and PF_KEY specification do assume that we 749 * keep source address in IPsec SA. We see a tricky situation here. 750 * 751 * sport and dport are used for NAT-T. network order is always used. 752 */ 753 struct secasvar * 754 key_allocsa( 755 u_int family, 756 const void *src, 757 const void *dst, 758 u_int proto, 759 u_int32_t spi, 760 u_int16_t sport, 761 u_int16_t dport 762 ) 763 { 764 struct secasvar *sav, *match; 765 u_int stateidx, state, tmpidx, matchidx; 766 struct sockaddr_in sin; 767 #ifdef INET6 768 struct sockaddr_in6 sin6; 769 #endif 770 int s; 771 int chkport = 0; 772 773 #ifdef IPSEC_NAT_T 774 if ((sport != 0) && (dport != 0)) 775 chkport = 1; 776 #endif 777 /* sanity check */ 778 if (src == NULL || dst == NULL) 779 panic("key_allocsa: NULL pointer is passed."); 780 781 /* 782 * searching SAD. 783 * XXX: to be checked internal IP header somewhere. Also when 784 * IPsec tunnel packet is received. But ESP tunnel mode is 785 * encrypted so we can't check internal IP header. 786 */ 787 s = splsoftnet(); /*called from softclock()*/ 788 /* search valid state */ 789 match = NULL; 790 matchidx = _ARRAYLEN(saorder_state_valid); 791 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) { 792 if (sav->spi != spi) 793 continue; 794 if (proto != sav->sah->saidx.proto) 795 continue; 796 if (family != sav->sah->saidx.src.ss_family || 797 family != sav->sah->saidx.dst.ss_family) 798 continue; 799 tmpidx = _ARRAYLEN(saorder_state_valid); 800 for (stateidx = 0; stateidx < matchidx; stateidx++) { 801 state = saorder_state_valid[stateidx]; 802 if (sav->state == state) { 803 tmpidx = stateidx; 804 break; 805 } 806 } 807 if (tmpidx >= matchidx) 808 continue; 809 810 #if 0 /* src address check ignored for RFC 2401 conformance */ 811 /* check src address */ 812 switch (family) { 813 case AF_INET: 814 bzero(&sin, sizeof(sin)); 815 sin.sin_family = AF_INET; 816 sin.sin_len = sizeof(sin); 817 bcopy(src, &sin.sin_addr, 818 sizeof(sin.sin_addr)); 819 #ifdef IPSEC_NAT_T 820 sin.sin_port = sport; 821 #endif 822 if (key_sockaddrcmp((struct sockaddr*)&sin, 823 (struct sockaddr *)&sav->sah->saidx.src, 824 chkport) != 0) 825 continue; 826 827 break; 828 #ifdef INET6 829 case AF_INET6: 830 bzero(&sin6, sizeof(sin6)); 831 sin6.sin6_family = AF_INET6; 832 sin6.sin6_len = sizeof(sin6); 833 bcopy(src, &sin6.sin6_addr, 834 sizeof(sin6.sin6_addr)); 835 #ifdef IPSEC_NAT_T 836 sin6.sin6_port = sport; 837 #endif 838 if (sa6_recoverscope(&sin6)) 839 continue; 840 if (key_sockaddrcmp((struct sockaddr*)&sin6, 841 (struct sockaddr *)&sav->sah->saidx.src, 842 chkport) != 0) 843 continue; 844 break; 845 #endif 846 default: 847 ipseclog((LOG_DEBUG, "key_allocsa: " 848 "unknown address family=%d.\n", 849 family)); 850 continue; 851 } 852 853 #endif 854 /* check dst address */ 855 switch (family) { 856 case AF_INET: 857 bzero(&sin, sizeof(sin)); 858 sin.sin_family = AF_INET; 859 sin.sin_len = sizeof(sin); 860 bcopy(dst, &sin.sin_addr, 861 sizeof(sin.sin_addr)); 862 #ifdef IPSEC_NAT_T 863 sin.sin_port = dport; 864 #endif 865 if (key_sockaddrcmp((struct sockaddr*)&sin, 866 (struct sockaddr *)&sav->sah->saidx.dst, 867 chkport) != 0) 868 continue; 869 870 break; 871 #ifdef INET6 872 case AF_INET6: 873 bzero(&sin6, sizeof(sin6)); 874 sin6.sin6_family = AF_INET6; 875 sin6.sin6_len = sizeof(sin6); 876 bcopy(dst, &sin6.sin6_addr, 877 sizeof(sin6.sin6_addr)); 878 #ifdef IPSEC_NAT_T 879 sin6.sin6_port = dport; 880 #endif 881 if (sa6_recoverscope(&sin6)) 882 continue; 883 if (key_sockaddrcmp((struct sockaddr*)&sin6, 884 (struct sockaddr *)&sav->sah->saidx.dst, 885 chkport) != 0) 886 continue; 887 break; 888 #endif 889 default: 890 ipseclog((LOG_DEBUG, "key_allocsa: " 891 "unknown address family=%d.\n", family)); 892 continue; 893 } 894 895 match = sav; 896 matchidx = tmpidx; 897 } 898 899 if (match) 900 goto found; 901 902 /* not found */ 903 splx(s); 904 return NULL; 905 906 found: 907 match->refcnt++; 908 splx(s); 909 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 910 printf("DP allocsa cause refcnt++:%d SA:%p\n", 911 match->refcnt, match)); 912 return match; 913 } 914 915 /* 916 * Must be called after calling key_allocsp(). 917 * For both the packet without socket and key_freeso(). 918 */ 919 void 920 key_freesp(sp) 921 struct secpolicy *sp; 922 { 923 /* sanity check */ 924 if (sp == NULL) 925 panic("key_freesp: NULL pointer is passed."); 926 927 sp->refcnt--; 928 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 929 printf("DP freesp cause refcnt--:%d SP:%p\n", 930 sp->refcnt, sp)); 931 932 if (sp->refcnt == 0) 933 key_delsp(sp); 934 935 return; 936 } 937 938 /* 939 * Must be called after calling key_allocsa(). 940 * This function is called by key_freesp() to free some SA allocated 941 * for a policy. 942 */ 943 void 944 key_freesav(sav) 945 struct secasvar *sav; 946 { 947 /* sanity check */ 948 if (sav == NULL) 949 panic("key_freesav: NULL pointer is passed."); 950 951 sav->refcnt--; 952 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 953 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n", 954 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi))); 955 956 if (sav->refcnt > 0) 957 return; 958 959 key_delsav(sav); 960 } 961 962 static void 963 key_delsav(sav) 964 struct secasvar *sav; 965 { 966 int s; 967 968 /* sanity check */ 969 if (sav == NULL) 970 panic("key_delsav: NULL pointer is passed."); 971 972 if (sav->refcnt > 0) 973 panic("key_delsav: called with positive refcnt"); 974 975 s = splsoftnet(); 976 977 #ifdef KERNFS 978 kernfs_revoke_sa(sav); 979 #endif 980 981 if (__LIST_CHAINED(sav)) 982 LIST_REMOVE(sav, chain); 983 984 if (sav->spihash.le_prev || sav->spihash.le_next) 985 LIST_REMOVE(sav, spihash); 986 987 if (sav->key_auth != NULL) { 988 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); 989 KFREE(sav->key_auth); 990 sav->key_auth = NULL; 991 } 992 if (sav->key_enc != NULL) { 993 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); 994 KFREE(sav->key_enc); 995 sav->key_enc = NULL; 996 } 997 if (sav->sched) { 998 bzero(sav->sched, sav->schedlen); 999 KFREE(sav->sched); 1000 sav->sched = NULL; 1001 } 1002 if (sav->replay != NULL) { 1003 keydb_delsecreplay(sav->replay); 1004 sav->replay = NULL; 1005 } 1006 if (sav->lft_c != NULL) { 1007 KFREE(sav->lft_c); 1008 sav->lft_c = NULL; 1009 } 1010 if (sav->lft_h != NULL) { 1011 KFREE(sav->lft_h); 1012 sav->lft_h = NULL; 1013 } 1014 if (sav->lft_s != NULL) { 1015 KFREE(sav->lft_s); 1016 sav->lft_s = NULL; 1017 } 1018 if (sav->iv != NULL) { 1019 KFREE(sav->iv); 1020 sav->iv = NULL; 1021 } 1022 1023 keydb_delsecasvar(sav); 1024 1025 splx(s); 1026 } 1027 1028 /* %%% SPD management */ 1029 /* 1030 * free security policy entry. 1031 */ 1032 static void 1033 key_delsp(sp) 1034 struct secpolicy *sp; 1035 { 1036 int s; 1037 1038 /* sanity check */ 1039 if (sp == NULL) 1040 panic("key_delsp: NULL pointer is passed."); 1041 1042 if (sp->refcnt > 0) 1043 panic("key_delsp: called with positive refcnt"); 1044 1045 s = splsoftnet(); /*called from softclock()*/ 1046 1047 #ifdef KERNFS 1048 kernfs_revoke_sp(sp); 1049 #endif 1050 1051 { 1052 struct ipsecrequest *isr = sp->req, *nextisr; 1053 1054 while (isr != NULL) { 1055 if (isr->sav != NULL) { 1056 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1057 printf("DP delsp calls free SA:%p\n", 1058 isr->sav)); 1059 key_freesav(isr->sav); 1060 isr->sav = NULL; 1061 } 1062 1063 nextisr = isr->next; 1064 KFREE(isr); 1065 isr = nextisr; 1066 } 1067 } 1068 1069 keydb_delsecpolicy(sp); 1070 1071 splx(s); 1072 1073 return; 1074 } 1075 1076 /* 1077 * search SPD 1078 * OUT: NULL : not found 1079 * others : found, pointer to a SP. 1080 */ 1081 static struct secpolicy * 1082 key_getsp(spidx, dir) 1083 struct secpolicyindex *spidx; 1084 int dir; 1085 { 1086 struct secpolicy *sp; 1087 1088 /* sanity check */ 1089 if (spidx == NULL) 1090 panic("key_getsp: NULL pointer is passed."); 1091 1092 LIST_FOREACH(sp, &sptree[dir], chain) { 1093 if (sp->state == IPSEC_SPSTATE_DEAD) 1094 continue; 1095 if (!sp->spidx) 1096 continue; 1097 if (key_cmpspidx_exactly(spidx, sp->spidx)) { 1098 sp->refcnt++; 1099 return sp; 1100 } 1101 } 1102 1103 return NULL; 1104 } 1105 1106 #ifdef SADB_X_EXT_TAG 1107 static struct secpolicy * 1108 key_getspbytag(tag, dir) 1109 u_int16_t tag; 1110 int dir; 1111 { 1112 struct secpolicy *sp; 1113 1114 LIST_FOREACH(sp, &sptree[dir], chain) { 1115 if (sp->state == IPSEC_SPSTATE_DEAD) 1116 continue; 1117 if (sp->spidx) 1118 continue; 1119 if (sp->tag == tag) { 1120 sp->refcnt++; 1121 return sp; 1122 } 1123 } 1124 1125 return NULL; 1126 } 1127 #endif 1128 1129 /* 1130 * get SP by index. 1131 * OUT: NULL : not found 1132 * others : found, pointer to a SP. 1133 */ 1134 struct secpolicy * 1135 key_getspbyid(id) 1136 u_int32_t id; 1137 { 1138 struct secpolicy *sp; 1139 1140 TAILQ_FOREACH(sp, &sptailq, tailq) { 1141 if (sp->id == id) { 1142 sp->refcnt++; 1143 return sp; 1144 } 1145 } 1146 1147 return NULL; 1148 } 1149 1150 struct secpolicy * 1151 key_newsp(id) 1152 u_int32_t id; 1153 { 1154 struct secpolicy *newsp = NULL, *sp; 1155 u_int32_t newid; 1156 1157 if (id > IPSEC_MANUAL_POLICYID_MAX) { 1158 ipseclog((LOG_DEBUG, 1159 "key_newsp: policy_id=%u range " 1160 "violation, updated by kernel.\n", id)); 1161 id = 0; 1162 } 1163 1164 if (id == 0) { 1165 if ((newid = keydb_newspid()) == 0) { 1166 ipseclog((LOG_DEBUG, 1167 "key_newsp: new policy_id allocation failed.")); 1168 return NULL; 1169 } 1170 } else { 1171 sp = key_getspbyid(id); 1172 if (sp != NULL) { 1173 ipseclog((LOG_DEBUG, 1174 "key_newsp: policy_id(%u) has been used.\n", id)); 1175 key_freesp(sp); 1176 return NULL; 1177 } 1178 newid = id; 1179 } 1180 1181 newsp = keydb_newsecpolicy(); 1182 if (!newsp) 1183 return newsp; 1184 1185 newsp->id = newid; 1186 newsp->refcnt = 1; 1187 newsp->req = NULL; 1188 1189 return newsp; 1190 } 1191 1192 /* 1193 * create secpolicy structure from sadb_x_policy structure. 1194 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1195 * so must be set properly later. 1196 */ 1197 struct secpolicy * 1198 key_msg2sp(xpl0, len, error) 1199 struct sadb_x_policy *xpl0; 1200 size_t len; 1201 int *error; 1202 { 1203 struct secpolicy *newsp; 1204 1205 /* sanity check */ 1206 if (xpl0 == NULL) 1207 panic("key_msg2sp: NULL pointer was passed."); 1208 if (len < sizeof(*xpl0)) 1209 panic("key_msg2sp: invalid length."); 1210 if (len != PFKEY_EXTLEN(xpl0)) { 1211 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n")); 1212 *error = EINVAL; 1213 return NULL; 1214 } 1215 1216 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) { 1217 *error = ENOBUFS; 1218 return NULL; 1219 } 1220 1221 newsp->dir = xpl0->sadb_x_policy_dir; 1222 newsp->policy = xpl0->sadb_x_policy_type; 1223 1224 /* check policy */ 1225 switch (xpl0->sadb_x_policy_type) { 1226 case IPSEC_POLICY_DISCARD: 1227 case IPSEC_POLICY_NONE: 1228 case IPSEC_POLICY_ENTRUST: 1229 case IPSEC_POLICY_BYPASS: 1230 newsp->req = NULL; 1231 break; 1232 1233 case IPSEC_POLICY_IPSEC: 1234 { 1235 int tlen; 1236 struct sadb_x_ipsecrequest *xisr; 1237 struct ipsecrequest **p_isr = &newsp->req; 1238 1239 /* validity check */ 1240 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1241 ipseclog((LOG_DEBUG, 1242 "key_msg2sp: Invalid msg length.\n")); 1243 key_freesp(newsp); 1244 *error = EINVAL; 1245 return NULL; 1246 } 1247 1248 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1249 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1250 1251 while (tlen > 0) { 1252 1253 /* length check */ 1254 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1255 ipseclog((LOG_DEBUG, "key_msg2sp: " 1256 "invalid ipsecrequest length.\n")); 1257 key_freesp(newsp); 1258 *error = EINVAL; 1259 return NULL; 1260 } 1261 1262 /* allocate request buffer */ 1263 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr)); 1264 if ((*p_isr) == NULL) { 1265 ipseclog((LOG_DEBUG, 1266 "key_msg2sp: No more memory.\n")); 1267 key_freesp(newsp); 1268 *error = ENOBUFS; 1269 return NULL; 1270 } 1271 bzero(*p_isr, sizeof(**p_isr)); 1272 1273 /* set values */ 1274 (*p_isr)->next = NULL; 1275 1276 switch (xisr->sadb_x_ipsecrequest_proto) { 1277 case IPPROTO_ESP: 1278 case IPPROTO_AH: 1279 case IPPROTO_IPCOMP: 1280 case IPPROTO_IPV4: 1281 case IPPROTO_IPV6: 1282 break; 1283 default: 1284 ipseclog((LOG_DEBUG, 1285 "key_msg2sp: invalid proto type=%u\n", 1286 xisr->sadb_x_ipsecrequest_proto)); 1287 key_freesp(newsp); 1288 *error = EPROTONOSUPPORT; 1289 return NULL; 1290 } 1291 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1292 1293 switch (xisr->sadb_x_ipsecrequest_mode) { 1294 case IPSEC_MODE_TRANSPORT: 1295 case IPSEC_MODE_TUNNEL: 1296 break; 1297 case IPSEC_MODE_ANY: 1298 default: 1299 ipseclog((LOG_DEBUG, 1300 "key_msg2sp: invalid mode=%u\n", 1301 xisr->sadb_x_ipsecrequest_mode)); 1302 key_freesp(newsp); 1303 *error = EINVAL; 1304 return NULL; 1305 } 1306 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1307 1308 switch (xisr->sadb_x_ipsecrequest_level) { 1309 case IPSEC_LEVEL_DEFAULT: 1310 case IPSEC_LEVEL_USE: 1311 case IPSEC_LEVEL_REQUIRE: 1312 break; 1313 case IPSEC_LEVEL_UNIQUE: 1314 /* validity check */ 1315 /* 1316 * If range violation of reqid, kernel will 1317 * update it, don't refuse it. 1318 */ 1319 if (xisr->sadb_x_ipsecrequest_reqid 1320 > IPSEC_MANUAL_REQID_MAX) { 1321 ipseclog((LOG_DEBUG, 1322 "key_msg2sp: reqid=%u range " 1323 "violation, updated by kernel.\n", 1324 xisr->sadb_x_ipsecrequest_reqid)); 1325 xisr->sadb_x_ipsecrequest_reqid = 0; 1326 } 1327 1328 /* allocate new reqid id if reqid is zero. */ 1329 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1330 u_int16_t reqid; 1331 if ((reqid = key_newreqid()) == 0) { 1332 key_freesp(newsp); 1333 *error = ENOBUFS; 1334 return NULL; 1335 } 1336 (*p_isr)->saidx.reqid = reqid; 1337 xisr->sadb_x_ipsecrequest_reqid = reqid; 1338 } else { 1339 /* set it for manual keying. */ 1340 (*p_isr)->saidx.reqid = 1341 xisr->sadb_x_ipsecrequest_reqid; 1342 } 1343 break; 1344 1345 default: 1346 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n", 1347 xisr->sadb_x_ipsecrequest_level)); 1348 key_freesp(newsp); 1349 *error = EINVAL; 1350 return NULL; 1351 } 1352 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1353 1354 /* set IP addresses if there */ 1355 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1356 struct sockaddr *paddr; 1357 1358 paddr = (struct sockaddr *)(xisr + 1); 1359 1360 /* validity check */ 1361 if (paddr->sa_len 1362 > sizeof((*p_isr)->saidx.src)) { 1363 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " 1364 "address length.\n")); 1365 key_freesp(newsp); 1366 *error = EINVAL; 1367 return NULL; 1368 } 1369 bcopy(paddr, &(*p_isr)->saidx.src, 1370 paddr->sa_len); 1371 1372 paddr = (struct sockaddr *)((char *)paddr 1373 + paddr->sa_len); 1374 1375 /* validity check */ 1376 if (paddr->sa_len 1377 > sizeof((*p_isr)->saidx.dst)) { 1378 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " 1379 "address length.\n")); 1380 key_freesp(newsp); 1381 *error = EINVAL; 1382 return NULL; 1383 } 1384 bcopy(paddr, &(*p_isr)->saidx.dst, 1385 paddr->sa_len); 1386 } 1387 1388 (*p_isr)->sav = NULL; 1389 (*p_isr)->sp = newsp; 1390 1391 /* initialization for the next. */ 1392 p_isr = &(*p_isr)->next; 1393 tlen -= xisr->sadb_x_ipsecrequest_len; 1394 1395 /* validity check */ 1396 if (tlen < 0) { 1397 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n")); 1398 key_freesp(newsp); 1399 *error = EINVAL; 1400 return NULL; 1401 } 1402 1403 xisr = (struct sadb_x_ipsecrequest *)((char *)xisr 1404 + xisr->sadb_x_ipsecrequest_len); 1405 } 1406 } 1407 break; 1408 default: 1409 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n")); 1410 key_freesp(newsp); 1411 *error = EINVAL; 1412 return NULL; 1413 } 1414 1415 *error = 0; 1416 return newsp; 1417 } 1418 1419 static u_int16_t 1420 key_newreqid() 1421 { 1422 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1423 1424 auto_reqid = (auto_reqid == 0xffff 1425 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 1426 1427 /* XXX should be unique check */ 1428 1429 return auto_reqid; 1430 } 1431 1432 /* 1433 * copy secpolicy struct to sadb_x_policy structure indicated. 1434 */ 1435 struct mbuf * 1436 key_sp2msg(sp) 1437 struct secpolicy *sp; 1438 { 1439 struct sadb_x_policy *xpl; 1440 int tlen; 1441 char *p; 1442 struct mbuf *m; 1443 1444 /* sanity check. */ 1445 if (sp == NULL) 1446 panic("key_sp2msg: NULL pointer was passed."); 1447 1448 tlen = key_getspreqmsglen(sp); 1449 1450 m = key_alloc_mbuf(tlen); 1451 if (!m || m->m_next) { /*XXX*/ 1452 if (m) 1453 m_freem(m); 1454 return NULL; 1455 } 1456 1457 m->m_len = tlen; 1458 m->m_next = NULL; 1459 xpl = mtod(m, struct sadb_x_policy *); 1460 bzero(xpl, tlen); 1461 1462 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 1463 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1464 xpl->sadb_x_policy_type = sp->policy; 1465 xpl->sadb_x_policy_dir = sp->dir; 1466 xpl->sadb_x_policy_id = sp->id; 1467 p = (char *)xpl + sizeof(*xpl); 1468 1469 /* if is the policy for ipsec ? */ 1470 if (sp->policy == IPSEC_POLICY_IPSEC) { 1471 struct sadb_x_ipsecrequest *xisr; 1472 struct ipsecrequest *isr; 1473 1474 for (isr = sp->req; isr != NULL; isr = isr->next) { 1475 1476 xisr = (struct sadb_x_ipsecrequest *)p; 1477 1478 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1479 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1480 xisr->sadb_x_ipsecrequest_level = isr->level; 1481 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1482 1483 p += sizeof(*xisr); 1484 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len); 1485 p += isr->saidx.src.ss_len; 1486 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len); 1487 p += isr->saidx.src.ss_len; 1488 1489 xisr->sadb_x_ipsecrequest_len = 1490 PFKEY_ALIGN8(sizeof(*xisr) 1491 + isr->saidx.src.ss_len 1492 + isr->saidx.dst.ss_len); 1493 } 1494 } 1495 1496 return m; 1497 } 1498 1499 /* m will not be freed nor modified */ 1500 static struct mbuf * 1501 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1502 int ndeep, int nitem, ...) 1503 { 1504 va_list ap; 1505 int idx; 1506 int i; 1507 struct mbuf *result = NULL, *n; 1508 int len; 1509 1510 if (m == NULL || mhp == NULL) 1511 panic("null pointer passed to key_gather"); 1512 1513 va_start(ap, nitem); 1514 for (i = 0; i < nitem; i++) { 1515 idx = va_arg(ap, int); 1516 if (idx < 0 || idx > SADB_EXT_MAX) 1517 goto fail; 1518 /* don't attempt to pull empty extension */ 1519 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1520 continue; 1521 if (idx != SADB_EXT_RESERVED && 1522 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1523 continue; 1524 1525 if (idx == SADB_EXT_RESERVED) { 1526 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1527 #ifdef DIAGNOSTIC 1528 if (len > MHLEN) 1529 panic("assumption failed"); 1530 #endif 1531 MGETHDR(n, M_DONTWAIT, MT_DATA); 1532 if (!n) 1533 goto fail; 1534 n->m_len = len; 1535 n->m_next = NULL; 1536 m_copydata(m, 0, sizeof(struct sadb_msg), 1537 mtod(n, void *)); 1538 } else if (i < ndeep) { 1539 len = mhp->extlen[idx]; 1540 n = key_alloc_mbuf(len); 1541 if (!n || n->m_next) { /*XXX*/ 1542 if (n) 1543 m_freem(n); 1544 goto fail; 1545 } 1546 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1547 mtod(n, void *)); 1548 } else { 1549 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1550 M_DONTWAIT); 1551 } 1552 if (n == NULL) 1553 goto fail; 1554 1555 if (result) 1556 m_cat(result, n); 1557 else 1558 result = n; 1559 } 1560 va_end(ap); 1561 1562 if ((result->m_flags & M_PKTHDR) != 0) { 1563 result->m_pkthdr.len = 0; 1564 for (n = result; n; n = n->m_next) 1565 result->m_pkthdr.len += n->m_len; 1566 } 1567 1568 return result; 1569 1570 fail: 1571 va_end(ap); 1572 m_freem(result); 1573 return NULL; 1574 } 1575 1576 /* 1577 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1578 * add an entry to SP database, when received 1579 * <base, address(SD), (lifetime(H),) policy> 1580 * from the user(?). 1581 * Adding to SP database, 1582 * and send 1583 * <base, address(SD), (lifetime(H),) policy> 1584 * to the socket which was send. 1585 * 1586 * SPDADD set a unique policy entry. 1587 * SPDSETIDX like SPDADD without a part of policy requests. 1588 * SPDUPDATE replace a unique policy entry. 1589 * 1590 * m will always be freed. 1591 */ 1592 static int 1593 key_spdadd(so, m, mhp) 1594 struct socket *so; 1595 struct mbuf *m; 1596 const struct sadb_msghdr *mhp; 1597 { 1598 struct sadb_address *src0 = NULL, *dst0 = NULL; 1599 struct sadb_x_policy *xpl0, *xpl; 1600 struct sadb_lifetime *lft = NULL; 1601 #ifdef SADB_X_EXT_TAG 1602 struct sadb_x_tag *tag = NULL; 1603 #endif 1604 struct secpolicyindex spidx; 1605 struct secpolicy *newsp; 1606 struct ipsecrequest *isr; 1607 int error; 1608 #ifdef SADB_X_EXT_TAG 1609 u_int16_t tagvalue = 0; 1610 #endif 1611 int spidxmode; 1612 1613 /* sanity check */ 1614 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 1615 panic("key_spdadd: NULL pointer is passed."); 1616 1617 #ifdef SADB_X_EXT_TAG 1618 if ((mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL && 1619 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) || 1620 mhp->ext[SADB_X_EXT_TAG] != NULL) 1621 #else 1622 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL && 1623 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) 1624 #endif 1625 { 1626 ; 1627 } else { 1628 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1629 return key_senderror(so, m, EINVAL); 1630 } 1631 #ifdef SADB_X_EXT_TAG 1632 if (mhp->ext[SADB_X_EXT_TAG] != NULL) { 1633 ipseclog((LOG_DEBUG, "key_spdadd: tag not supported.\n")); 1634 return key_senderror(so, m, EOPNOTSUPP); 1635 } 1636 #endif 1637 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) { 1638 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1639 return key_senderror(so, m, EINVAL); 1640 } 1641 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] && 1642 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) || 1643 (mhp->extlen[SADB_EXT_ADDRESS_DST] && 1644 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) || 1645 #ifdef SADB_X_EXT_TAG 1646 (mhp->extlen[SADB_X_EXT_TAG] && 1647 mhp->extlen[SADB_X_EXT_TAG] < sizeof(struct sadb_x_tag)) || 1648 #endif 1649 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 1650 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1651 return key_senderror(so, m, EINVAL); 1652 } 1653 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 1654 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] 1655 < sizeof(struct sadb_lifetime)) { 1656 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1657 return key_senderror(so, m, EINVAL); 1658 } 1659 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1660 } 1661 1662 /* spidx mode, or tag mode */ 1663 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL); 1664 #ifndef SADB_X_EXT_TAG 1665 if (!spidxmode) 1666 return key_senderror(so, m, EINVAL); 1667 #endif 1668 1669 if (spidxmode) { 1670 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1671 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1672 /* make secindex */ 1673 /* XXX boundary check against sa_len */ 1674 KEY_SETSECSPIDX(src0 + 1, dst0 + 1, 1675 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen, 1676 src0->sadb_address_proto, &spidx); 1677 } 1678 #ifdef SADB_X_EXT_TAG 1679 else 1680 tag = (struct sadb_x_tag *)mhp->ext[SADB_X_EXT_TAG]; 1681 #endif 1682 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1683 1684 /* checking the direciton. */ 1685 switch (xpl0->sadb_x_policy_dir) { 1686 case IPSEC_DIR_INBOUND: 1687 case IPSEC_DIR_OUTBOUND: 1688 break; 1689 default: 1690 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n")); 1691 mhp->msg->sadb_msg_errno = EINVAL; 1692 return 0; 1693 } 1694 1695 /* check policy */ 1696 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1697 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST || 1698 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 1699 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n")); 1700 return key_senderror(so, m, EINVAL); 1701 } 1702 1703 /* policy requests are mandatory when action is ipsec. */ 1704 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX && 1705 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 1706 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1707 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n")); 1708 return key_senderror(so, m, EINVAL); 1709 } 1710 1711 /* 1712 * checking there is SP already or not. 1713 * SPDUPDATE doesn't depend on whether there is a SP or not. 1714 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 1715 * then error. 1716 */ 1717 if (xpl0->sadb_x_policy_id != 0) 1718 newsp = key_getspbyid(xpl0->sadb_x_policy_id); 1719 else if (spidxmode) 1720 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir); 1721 #ifdef SADB_X_EXT_TAG 1722 else { 1723 tagvalue = m_nametag_tagname2tag(tag->sadb_x_tag_name); 1724 /* tag refcnt++ */ 1725 newsp = key_getspbytag(tagvalue, xpl0->sadb_x_policy_dir); 1726 } 1727 #else 1728 else 1729 newsp = NULL; 1730 #endif 1731 1732 if (newsp && (newsp->readonly || newsp->persist)) { 1733 ipseclog((LOG_DEBUG, 1734 "key_spdadd: tried to alter readonly/persistent SP.\n")); 1735 return key_senderror(so, m, EPERM); 1736 } 1737 1738 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1739 if (newsp) { 1740 key_sp_dead(newsp); 1741 key_freesp(newsp); /* ref gained by key_getsp */ 1742 key_sp_unlink(newsp); 1743 newsp = NULL; 1744 } 1745 } else { 1746 if (newsp != NULL) { 1747 key_freesp(newsp); 1748 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n")); 1749 #ifdef SADB_X_EXT_TAG 1750 if (!mhp->ext[SADB_EXT_ADDRESS_SRC]) 1751 m_nametag_unref(tagvalue); 1752 #endif 1753 return key_senderror(so, m, EEXIST); 1754 } 1755 } 1756 1757 /* allocation new SP entry */ 1758 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1759 #ifdef SADB_X_EXT_TAG 1760 if (!spidxmode) 1761 m_nametag_unref(tagvalue); 1762 #endif 1763 return key_senderror(so, m, error); 1764 } 1765 1766 if (spidxmode) { 1767 error = keydb_setsecpolicyindex(newsp, &spidx); 1768 if (error) { 1769 keydb_delsecpolicy(newsp); 1770 return key_senderror(so, m, error); 1771 } 1772 1773 /* sanity check on addr pair */ 1774 if (((struct sockaddr *)(src0 + 1))->sa_family != 1775 ((struct sockaddr *)(dst0 + 1))->sa_family) { 1776 keydb_delsecpolicy(newsp); 1777 return key_senderror(so, m, EINVAL); 1778 } 1779 if (((struct sockaddr *)(src0 + 1))->sa_len != 1780 ((struct sockaddr *)(dst0 + 1))->sa_len) { 1781 keydb_delsecpolicy(newsp); 1782 return key_senderror(so, m, EINVAL); 1783 } 1784 } 1785 #ifdef SADB_X_EXT_TAG 1786 else { 1787 newsp->tag = tagvalue; 1788 } 1789 #endif 1790 1791 for (isr = newsp->req; isr; isr = isr->next) { 1792 #ifndef IPSEC_NAT_T 1793 struct sockaddr *sa; 1794 1795 /* 1796 * port spec is not permitted for tunnel mode 1797 */ 1798 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) { 1799 sa = (struct sockaddr *)(src0 + 1); 1800 switch (sa->sa_family) { 1801 case AF_INET: 1802 if (((struct sockaddr_in *)sa)->sin_port) { 1803 keydb_delsecpolicy(newsp); 1804 return key_senderror(so, m, EINVAL); 1805 } 1806 break; 1807 case AF_INET6: 1808 if (((struct sockaddr_in6 *)sa)->sin6_port) { 1809 keydb_delsecpolicy(newsp); 1810 return key_senderror(so, m, EINVAL); 1811 } 1812 break; 1813 default: 1814 break; 1815 } 1816 sa = (struct sockaddr *)(dst0 + 1); 1817 switch (sa->sa_family) { 1818 case AF_INET: 1819 if (((struct sockaddr_in *)sa)->sin_port) { 1820 keydb_delsecpolicy(newsp); 1821 return key_senderror(so, m, EINVAL); 1822 } 1823 break; 1824 case AF_INET6: 1825 if (((struct sockaddr_in6 *)sa)->sin6_port) { 1826 keydb_delsecpolicy(newsp); 1827 return key_senderror(so, m, EINVAL); 1828 } 1829 break; 1830 default: 1831 break; 1832 } 1833 } 1834 #endif /* !IPSEC_NAT_T */ 1835 } 1836 1837 /* 1838 * bark if we have different address family on tunnel address 1839 * specification. applies only if we decapsulate in RFC2401 1840 * IPsec (implementation limitation). 1841 */ 1842 for (isr = newsp->req; isr; isr = isr->next) { 1843 struct sockaddr *sa; 1844 1845 if (isr->saidx.src.ss_family && src0) { 1846 sa = (struct sockaddr *)(src0 + 1); 1847 if (sa->sa_family != isr->saidx.src.ss_family) { 1848 keydb_delsecpolicy(newsp); 1849 return key_senderror(so, m, EINVAL); 1850 } 1851 } 1852 if (isr->saidx.dst.ss_family && dst0) { 1853 sa = (struct sockaddr *)(dst0 + 1); 1854 if (sa->sa_family != isr->saidx.dst.ss_family) { 1855 keydb_delsecpolicy(newsp); 1856 return key_senderror(so, m, EINVAL); 1857 } 1858 } 1859 } 1860 1861 newsp->created = time_second; 1862 newsp->lastused = time_second; 1863 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1864 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1865 1866 newsp->refcnt = 1; /* do not reclaim until I say I do */ 1867 newsp->state = IPSEC_SPSTATE_ALIVE; 1868 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain); 1869 1870 /* delete the entry in spacqtree */ 1871 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE && 1872 mhp->ext[SADB_EXT_ADDRESS_SRC]) { 1873 struct secspacq *spacq; 1874 if ((spacq = key_getspacq(&spidx)) != NULL) { 1875 /* reset counter in order to deletion by timehandler. */ 1876 spacq->created = time_second; 1877 spacq->count = 0; 1878 } 1879 } 1880 1881 /* invalidate all cached SPD pointers on pcb */ 1882 ipsec_invalpcbcacheall(); 1883 1884 { 1885 struct mbuf *n, *mpolicy; 1886 struct sadb_msg *newmsg; 1887 int off; 1888 1889 /* create new sadb_msg to reply. */ 1890 if (lft) { 1891 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1892 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1893 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1894 } else { 1895 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1896 SADB_X_EXT_POLICY, 1897 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1898 } 1899 if (!n) 1900 return key_senderror(so, m, ENOBUFS); 1901 1902 if (n->m_len < sizeof(*newmsg)) { 1903 n = m_pullup(n, sizeof(*newmsg)); 1904 if (!n) 1905 return key_senderror(so, m, ENOBUFS); 1906 } 1907 newmsg = mtod(n, struct sadb_msg *); 1908 newmsg->sadb_msg_errno = 0; 1909 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1910 1911 off = 0; 1912 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1913 sizeof(*xpl), &off); 1914 if (mpolicy == NULL) { 1915 /* n is already freed */ 1916 return key_senderror(so, m, ENOBUFS); 1917 } 1918 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); 1919 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1920 m_freem(n); 1921 return key_senderror(so, m, EINVAL); 1922 } 1923 xpl->sadb_x_policy_id = newsp->id; 1924 1925 m_freem(m); 1926 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1927 } 1928 } 1929 1930 /* 1931 * SADB_SPDDELETE processing 1932 * receive 1933 * <base, address(SD), policy(*)> 1934 * from the user(?), and set SADB_SASTATE_DEAD, 1935 * and send, 1936 * <base, address(SD), policy(*)> 1937 * to the ikmpd. 1938 * policy(*) including the direction of the policy. 1939 * 1940 * m will always be freed. 1941 */ 1942 static int 1943 key_spddelete(so, m, mhp) 1944 struct socket *so; 1945 struct mbuf *m; 1946 const struct sadb_msghdr *mhp; 1947 { 1948 struct sadb_address *src0, *dst0; 1949 struct sadb_x_policy *xpl0; 1950 struct secpolicyindex spidx; 1951 struct secpolicy *sp; 1952 1953 /* sanity check */ 1954 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 1955 panic("key_spddelete: NULL pointer is passed."); 1956 1957 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 1958 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 1959 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 1960 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n")); 1961 return key_senderror(so, m, EINVAL); 1962 } 1963 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 1964 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 1965 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 1966 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n")); 1967 return key_senderror(so, m, EINVAL); 1968 } 1969 1970 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1971 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1972 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1973 1974 /* make secindex */ 1975 /* XXX boundary check against sa_len */ 1976 KEY_SETSECSPIDX(src0 + 1, 1977 dst0 + 1, 1978 src0->sadb_address_prefixlen, 1979 dst0->sadb_address_prefixlen, 1980 src0->sadb_address_proto, 1981 &spidx); 1982 1983 /* checking the direciton. */ 1984 switch (xpl0->sadb_x_policy_dir) { 1985 case IPSEC_DIR_INBOUND: 1986 case IPSEC_DIR_OUTBOUND: 1987 break; 1988 default: 1989 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n")); 1990 return key_senderror(so, m, EINVAL); 1991 } 1992 1993 /* Is there SP in SPD ? */ 1994 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) { 1995 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n")); 1996 return key_senderror(so, m, EINVAL); 1997 } 1998 1999 if (sp->persist) { 2000 ipseclog((LOG_DEBUG, 2001 "key_spddelete2: attempt to remove persistent SP:%u.\n", 2002 sp->id)); 2003 key_freesp(sp); /* ref gained by key_getsp */ 2004 return key_senderror(so, m, EPERM); 2005 } 2006 2007 /* save policy id to be returned. */ 2008 xpl0->sadb_x_policy_id = sp->id; 2009 2010 key_sp_dead(sp); 2011 key_freesp(sp); /* ref gained by key_getsp */ 2012 key_sp_unlink(sp); 2013 sp = NULL; 2014 2015 /* invalidate all cached SPD pointers on pcb */ 2016 ipsec_invalpcbcacheall(); 2017 2018 { 2019 struct mbuf *n; 2020 struct sadb_msg *newmsg; 2021 2022 /* create new sadb_msg to reply. */ 2023 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2024 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2025 if (!n) 2026 return key_senderror(so, m, ENOBUFS); 2027 2028 newmsg = mtod(n, struct sadb_msg *); 2029 newmsg->sadb_msg_errno = 0; 2030 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2031 2032 m_freem(m); 2033 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2034 } 2035 } 2036 2037 /* 2038 * SADB_SPDDELETE2 processing 2039 * receive 2040 * <base, policy(*)> 2041 * from the user(?), and set SADB_SASTATE_DEAD, 2042 * and send, 2043 * <base, policy(*)> 2044 * to the ikmpd. 2045 * policy(*) including the policy id. 2046 * 2047 * m will always be freed. 2048 */ 2049 static int 2050 key_spddelete2(so, m, mhp) 2051 struct socket *so; 2052 struct mbuf *m; 2053 const struct sadb_msghdr *mhp; 2054 { 2055 u_int32_t id; 2056 struct secpolicy *sp; 2057 2058 /* sanity check */ 2059 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 2060 panic("key_spddelete2: NULL pointer is passed."); 2061 2062 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2063 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2064 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n")); 2065 return key_senderror(so, m, EINVAL); 2066 } 2067 2068 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2069 2070 /* Is there SP in SPD ? */ 2071 if ((sp = key_getspbyid(id)) == NULL) { 2072 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", 2073 id)); 2074 return key_senderror(so, m, EINVAL); 2075 } 2076 2077 if (sp->persist) { 2078 ipseclog((LOG_DEBUG, 2079 "key_spddelete2: attempt to remove persistent SP:%u.\n", 2080 id)); 2081 key_freesp(sp); /* ref gained by key_getspbyid */ 2082 return key_senderror(so, m, EPERM); 2083 } 2084 2085 key_sp_dead(sp); 2086 key_freesp(sp); /* ref gained by key_getspbyid */ 2087 key_sp_unlink(sp); 2088 sp = NULL; 2089 2090 /* invalidate all cached SPD pointers on pcb */ 2091 ipsec_invalpcbcacheall(); 2092 2093 { 2094 struct mbuf *n, *nn; 2095 struct sadb_msg *newmsg; 2096 int off, len; 2097 2098 /* create new sadb_msg to reply. */ 2099 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2100 2101 if (len > MCLBYTES) 2102 return key_senderror(so, m, ENOBUFS); 2103 MGETHDR(n, M_DONTWAIT, MT_DATA); 2104 if (n && len > MHLEN) { 2105 MCLGET(n, M_DONTWAIT); 2106 if ((n->m_flags & M_EXT) == 0) { 2107 m_freem(n); 2108 n = NULL; 2109 } 2110 } 2111 if (!n) 2112 return key_senderror(so, m, ENOBUFS); 2113 2114 n->m_len = len; 2115 n->m_next = NULL; 2116 off = 0; 2117 2118 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 2119 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2120 2121 #ifdef DIAGNOSTIC 2122 if (off != len) 2123 panic("length inconsistency in key_spddelete2"); 2124 #endif 2125 2126 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2127 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT); 2128 if (!n->m_next) { 2129 m_freem(n); 2130 return key_senderror(so, m, ENOBUFS); 2131 } 2132 2133 n->m_pkthdr.len = 0; 2134 for (nn = n; nn; nn = nn->m_next) 2135 n->m_pkthdr.len += nn->m_len; 2136 2137 newmsg = mtod(n, struct sadb_msg *); 2138 newmsg->sadb_msg_errno = 0; 2139 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2140 2141 m_freem(m); 2142 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2143 } 2144 } 2145 2146 /* 2147 * SADB_X_SPDGET processing 2148 * receive 2149 * <base, policy(*)> 2150 * from the user(?), 2151 * and send, 2152 * <base, address(SD), policy> 2153 * to the ikmpd. 2154 * policy(*) including direction of policy. 2155 * 2156 * m will always be freed. 2157 */ 2158 static int 2159 key_spdget(so, m, mhp) 2160 struct socket *so; 2161 struct mbuf *m; 2162 const struct sadb_msghdr *mhp; 2163 { 2164 u_int32_t id; 2165 struct secpolicy *sp; 2166 struct mbuf *n; 2167 2168 /* sanity check */ 2169 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 2170 panic("key_spdget: NULL pointer is passed."); 2171 2172 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2173 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2174 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n")); 2175 return key_senderror(so, m, EINVAL); 2176 } 2177 2178 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2179 2180 /* Is there SP in SPD ? */ 2181 if ((sp = key_getspbyid(id)) == NULL) { 2182 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id)); 2183 return key_senderror(so, m, ENOENT); 2184 } 2185 2186 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2187 mhp->msg->sadb_msg_pid); 2188 key_freesp(sp); /* ref gained by key_getspbyid */ 2189 if (n != NULL) { 2190 m_freem(m); 2191 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2192 } else 2193 return key_senderror(so, m, ENOBUFS); 2194 } 2195 2196 /* 2197 * SADB_X_SPDACQUIRE processing. 2198 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2199 * send 2200 * <base, policy(*)> 2201 * to KMD, and expect to receive 2202 * <base> with SADB_X_SPDACQUIRE if error occurred, 2203 * or 2204 * <base, policy> 2205 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2206 * policy(*) is without policy requests. 2207 * 2208 * 0 : succeed 2209 * others: error number 2210 */ 2211 int 2212 key_spdacquire(sp) 2213 struct secpolicy *sp; 2214 { 2215 struct mbuf *result = NULL, *m; 2216 #ifndef IPSEC_NONBLOCK_ACQUIRE 2217 struct secspacq *newspacq; 2218 #endif 2219 int error = -1; 2220 2221 /* sanity check */ 2222 if (sp == NULL) 2223 panic("key_spdacquire: NULL pointer is passed."); 2224 if (sp->req != NULL) 2225 panic("key_spdacquire: called but there is request."); 2226 if (sp->policy != IPSEC_POLICY_IPSEC) 2227 panic("key_spdacquire: policy mismathed. IPsec is expected."); 2228 if (!sp->spidx) { 2229 error = EOPNOTSUPP; 2230 goto fail; 2231 } 2232 2233 #ifndef IPSEC_NONBLOCK_ACQUIRE 2234 /* get an entry to check whether sent message or not. */ 2235 if ((newspacq = key_getspacq(sp->spidx)) != NULL) { 2236 if (key_blockacq_count < newspacq->count) { 2237 /* reset counter and do send message. */ 2238 newspacq->count = 0; 2239 } else { 2240 /* increment counter and do nothing. */ 2241 newspacq->count++; 2242 return 0; 2243 } 2244 } else { 2245 /* make new entry for blocking to send SADB_ACQUIRE. */ 2246 if ((newspacq = key_newspacq(sp->spidx)) == NULL) 2247 return ENOBUFS; 2248 2249 /* add to acqtree */ 2250 LIST_INSERT_HEAD(&spacqtree, newspacq, chain); 2251 } 2252 #endif 2253 2254 /* create new sadb_msg to reply. */ 2255 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2256 if (!m) { 2257 error = ENOBUFS; 2258 goto fail; 2259 } 2260 result = m; 2261 2262 /* set sadb_x_policy */ 2263 if (sp) { 2264 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id); 2265 if (!m) { 2266 error = ENOBUFS; 2267 goto fail; 2268 } 2269 m_cat(result, m); 2270 } 2271 2272 result->m_pkthdr.len = 0; 2273 for (m = result; m; m = m->m_next) 2274 result->m_pkthdr.len += m->m_len; 2275 2276 mtod(result, struct sadb_msg *)->sadb_msg_len = 2277 PFKEY_UNIT64(result->m_pkthdr.len); 2278 2279 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2280 2281 fail: 2282 if (result) 2283 m_freem(result); 2284 return error; 2285 } 2286 2287 /* 2288 * SADB_SPDFLUSH processing 2289 * receive 2290 * <base> 2291 * from the user, and free all entries in secpctree. 2292 * and send, 2293 * <base> 2294 * to the user. 2295 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2296 * 2297 * m will always be freed. 2298 */ 2299 static int 2300 key_spdflush(so, m, mhp) 2301 struct socket *so; 2302 struct mbuf *m; 2303 const struct sadb_msghdr *mhp; 2304 { 2305 struct sadb_msg *newmsg; 2306 struct secpolicy *sp, *nextsp; 2307 2308 /* sanity check */ 2309 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 2310 panic("key_spdflush: NULL pointer is passed."); 2311 2312 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2313 return key_senderror(so, m, EINVAL); 2314 2315 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) { 2316 nextsp = TAILQ_NEXT(sp, tailq); 2317 if (sp->persist) 2318 continue; 2319 if (sp->state == IPSEC_SPSTATE_DEAD) 2320 continue; 2321 key_sp_dead(sp); 2322 key_sp_unlink(sp); 2323 sp = NULL; 2324 } 2325 2326 /* invalidate all cached SPD pointers on pcb */ 2327 ipsec_invalpcbcacheall(); 2328 2329 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2330 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n")); 2331 return key_senderror(so, m, ENOBUFS); 2332 } 2333 2334 if (m->m_next) 2335 m_freem(m->m_next); 2336 m->m_next = NULL; 2337 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2338 newmsg = mtod(m, struct sadb_msg *); 2339 newmsg->sadb_msg_errno = 0; 2340 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2341 2342 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2343 } 2344 2345 /* 2346 * SADB_SPDDUMP processing 2347 * receive 2348 * <base> 2349 * from the user, and dump all SP leaves 2350 * and send, 2351 * <base> ..... 2352 * to the ikmpd. 2353 * 2354 * m will always be freed. 2355 */ 2356 static int 2357 key_spddump(so, m, mhp) 2358 struct socket *so; 2359 struct mbuf *m; 2360 const struct sadb_msghdr *mhp; 2361 { 2362 struct secpolicy *sp; 2363 int cnt; 2364 u_int dir; 2365 struct mbuf *n; 2366 struct keycb *kp; 2367 int error = 0, needwait = 0; 2368 2369 /* sanity check */ 2370 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 2371 panic("key_spddump: NULL pointer is passed."); 2372 2373 /* search SPD entry and get buffer size. */ 2374 cnt = 0; 2375 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2376 LIST_FOREACH(sp, &sptree[dir], chain) { 2377 cnt++; 2378 } 2379 } 2380 2381 if (cnt == 0) 2382 return key_senderror(so, m, ENOENT); 2383 2384 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2385 LIST_FOREACH(sp, &sptree[dir], chain) { 2386 --cnt; 2387 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2388 mhp->msg->sadb_msg_pid); 2389 2390 if (n) { 2391 error = key_sendup_mbuf(so, n, 2392 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT); 2393 if (error == EAGAIN) 2394 needwait = 1; 2395 } 2396 } 2397 } 2398 2399 kp = (struct keycb *)sotorawcb(so); 2400 while (needwait && kp->kp_queue) 2401 sbwait(&so->so_rcv); 2402 2403 m_freem(m); 2404 return 0; 2405 } 2406 2407 #ifdef IPSEC_NAT_T 2408 /* 2409 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23 2410 */ 2411 static int 2412 key_nat_map(so, m, mhp) 2413 struct socket *so; 2414 struct mbuf *m; 2415 const struct sadb_msghdr *mhp; 2416 { 2417 struct sadb_x_nat_t_type *type; 2418 struct sadb_x_nat_t_port *sport; 2419 struct sadb_x_nat_t_port *dport; 2420 struct sadb_address *addr; 2421 struct sadb_x_nat_t_frag *frag; 2422 2423 /* sanity check */ 2424 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 2425 panic("key_nat_map: NULL pointer is passed."); 2426 2427 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || 2428 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || 2429 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) { 2430 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n")); 2431 return key_senderror(so, m, EINVAL); 2432 } 2433 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 2434 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 2435 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 2436 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n")); 2437 return key_senderror(so, m, EINVAL); 2438 } 2439 2440 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) && 2441 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) { 2442 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n")); 2443 return key_senderror(so, m, EINVAL); 2444 } 2445 2446 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && 2447 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { 2448 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n")); 2449 return key_senderror(so, m, EINVAL); 2450 } 2451 2452 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 2453 sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 2454 dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 2455 addr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA]; 2456 frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 2457 2458 printf("sadb_nat_map called\n"); 2459 2460 /* 2461 * XXX handle that, it should also contain a SA, or anything 2462 * that enable to update the SA information. 2463 */ 2464 2465 return 0; 2466 } 2467 #endif /* IPSEC_NAT_T */ 2468 2469 static struct mbuf * 2470 key_setspddump(errorp) 2471 int *errorp; 2472 { 2473 struct secpolicy *sp; 2474 int cnt; 2475 u_int dir; 2476 struct mbuf *m, *n; 2477 2478 /* search SPD entry and get buffer size. */ 2479 cnt = 0; 2480 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2481 LIST_FOREACH(sp, &sptree[dir], chain) { 2482 cnt++; 2483 } 2484 } 2485 2486 if (cnt == 0) { 2487 *errorp = ENOENT; 2488 return (NULL); 2489 } 2490 2491 m = NULL; 2492 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2493 LIST_FOREACH(sp, &sptree[dir], chain) { 2494 --cnt; 2495 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 0); 2496 2497 if (!n) { 2498 *errorp = ENOBUFS; 2499 m_freem(m); 2500 return (NULL); 2501 } 2502 if (!m) 2503 m = n; 2504 else { 2505 m->m_pkthdr.len += n->m_pkthdr.len; 2506 m_cat(m, n); 2507 } 2508 } 2509 } 2510 2511 *errorp = 0; 2512 return (m); 2513 } 2514 2515 struct mbuf * 2516 key_setdumpsp(sp, type, seq, pid) 2517 struct secpolicy *sp; 2518 u_int8_t type; 2519 u_int32_t seq, pid; 2520 { 2521 struct mbuf *result = NULL, *m; 2522 2523 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2524 if (!m) 2525 goto fail; 2526 result = m; 2527 2528 if (sp->spidx) { 2529 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2530 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs, 2531 sp->spidx->ul_proto); 2532 if (!m) 2533 goto fail; 2534 m_cat(result, m); 2535 2536 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2537 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd, 2538 sp->spidx->ul_proto); 2539 if (!m) 2540 goto fail; 2541 m_cat(result, m); 2542 } 2543 #ifdef SADB_X_EXT_TAG 2544 else if (sp->tag) { 2545 m = key_setsadbxtag(sp->tag); 2546 if (!m) 2547 goto fail; 2548 m_cat(result, m); 2549 } 2550 #endif 2551 2552 m = key_sp2msg(sp); 2553 if (!m) 2554 goto fail; 2555 m_cat(result, m); 2556 2557 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT, 2558 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused); 2559 if (!m) 2560 goto fail; 2561 m_cat(result, m); 2562 2563 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD, 2564 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime); 2565 if (!m) 2566 goto fail; 2567 m_cat(result, m); 2568 2569 if ((result->m_flags & M_PKTHDR) == 0) 2570 goto fail; 2571 2572 if (result->m_len < sizeof(struct sadb_msg)) { 2573 result = m_pullup(result, sizeof(struct sadb_msg)); 2574 if (result == NULL) 2575 goto fail; 2576 } 2577 2578 result->m_pkthdr.len = 0; 2579 for (m = result; m; m = m->m_next) 2580 result->m_pkthdr.len += m->m_len; 2581 2582 mtod(result, struct sadb_msg *)->sadb_msg_len = 2583 PFKEY_UNIT64(result->m_pkthdr.len); 2584 2585 return result; 2586 2587 fail: 2588 m_freem(result); 2589 return NULL; 2590 } 2591 2592 /* 2593 * get PFKEY message length for security policy and request. 2594 */ 2595 static u_int 2596 key_getspreqmsglen(sp) 2597 struct secpolicy *sp; 2598 { 2599 u_int tlen; 2600 2601 tlen = sizeof(struct sadb_x_policy); 2602 2603 /* if is the policy for ipsec ? */ 2604 if (sp->policy != IPSEC_POLICY_IPSEC) 2605 return tlen; 2606 2607 /* get length of ipsec requests */ 2608 { 2609 struct ipsecrequest *isr; 2610 int len; 2611 2612 for (isr = sp->req; isr != NULL; isr = isr->next) { 2613 len = sizeof(struct sadb_x_ipsecrequest) 2614 + isr->saidx.src.ss_len 2615 + isr->saidx.dst.ss_len; 2616 2617 tlen += PFKEY_ALIGN8(len); 2618 } 2619 } 2620 2621 return tlen; 2622 } 2623 2624 /* 2625 * SADB_X_SPDEXPIRE processing 2626 * send 2627 * <base, address(SD), lifetime(CH), policy> 2628 * to KMD by PF_KEY. 2629 * 2630 * OUT: 0 : succeed 2631 * others : error number 2632 */ 2633 static int 2634 key_spdexpire(sp) 2635 struct secpolicy *sp; 2636 { 2637 int s; 2638 struct mbuf *result = NULL, *m; 2639 int len; 2640 int error = -1; 2641 struct sadb_lifetime *lt; 2642 2643 /* XXX: Why do we lock ? */ 2644 s = splsoftnet(); /*called from softclock()*/ 2645 2646 /* sanity check */ 2647 if (sp == NULL) 2648 panic("key_spdexpire: NULL pointer is passed."); 2649 2650 /* set msg header */ 2651 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2652 if (!m) { 2653 error = ENOBUFS; 2654 goto fail; 2655 } 2656 result = m; 2657 2658 /* create lifetime extension (current and hard) */ 2659 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2660 m = key_alloc_mbuf(len); 2661 if (!m || m->m_next) { /*XXX*/ 2662 if (m) 2663 m_freem(m); 2664 error = ENOBUFS; 2665 goto fail; 2666 } 2667 bzero(mtod(m, void *), len); 2668 lt = mtod(m, struct sadb_lifetime *); 2669 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2670 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2671 lt->sadb_lifetime_allocations = 0; 2672 lt->sadb_lifetime_bytes = 0; 2673 lt->sadb_lifetime_addtime = sp->created; 2674 lt->sadb_lifetime_usetime = sp->lastused; 2675 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 2676 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2677 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2678 lt->sadb_lifetime_allocations = 0; 2679 lt->sadb_lifetime_bytes = 0; 2680 lt->sadb_lifetime_addtime = sp->lifetime; 2681 lt->sadb_lifetime_usetime = sp->validtime; 2682 m_cat(result, m); 2683 2684 /* set sadb_address for source */ 2685 if (sp->spidx) { 2686 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2687 (struct sockaddr *)&sp->spidx->src, 2688 sp->spidx->prefs, sp->spidx->ul_proto); 2689 if (!m) { 2690 error = ENOBUFS; 2691 goto fail; 2692 } 2693 m_cat(result, m); 2694 2695 /* set sadb_address for destination */ 2696 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2697 (struct sockaddr *)&sp->spidx->dst, 2698 sp->spidx->prefd, sp->spidx->ul_proto); 2699 if (!m) { 2700 error = ENOBUFS; 2701 goto fail; 2702 } 2703 m_cat(result, m); 2704 } 2705 #ifdef SADB_X_EXT_TAG 2706 else if (sp->tag) { 2707 m = key_setsadbxtag(sp->tag); 2708 if (!m) { 2709 error = ENOBUFS; 2710 goto fail; 2711 } 2712 m_cat(result, m); 2713 } 2714 #endif 2715 2716 /* set secpolicy */ 2717 m = key_sp2msg(sp); 2718 if (!m) { 2719 error = ENOBUFS; 2720 goto fail; 2721 } 2722 m_cat(result, m); 2723 2724 if ((result->m_flags & M_PKTHDR) == 0) { 2725 error = EINVAL; 2726 goto fail; 2727 } 2728 2729 if (result->m_len < sizeof(struct sadb_msg)) { 2730 result = m_pullup(result, sizeof(struct sadb_msg)); 2731 if (result == NULL) { 2732 error = ENOBUFS; 2733 goto fail; 2734 } 2735 } 2736 2737 result->m_pkthdr.len = 0; 2738 for (m = result; m; m = m->m_next) 2739 result->m_pkthdr.len += m->m_len; 2740 2741 mtod(result, struct sadb_msg *)->sadb_msg_len = 2742 PFKEY_UNIT64(result->m_pkthdr.len); 2743 2744 splx(s); 2745 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2746 2747 fail: 2748 if (result) 2749 m_freem(result); 2750 splx(s); 2751 return error; 2752 } 2753 2754 /* %%% SAD management */ 2755 /* 2756 * allocating a memory for new SA head, and copy from the values of mhp. 2757 * OUT: NULL : failure due to the lack of memory. 2758 * others : pointer to new SA head. 2759 */ 2760 static struct secashead * 2761 key_newsah(saidx) 2762 struct secasindex *saidx; 2763 { 2764 struct secashead *newsah; 2765 2766 /* sanity check */ 2767 if (saidx == NULL) 2768 panic("key_newsaidx: NULL pointer is passed."); 2769 2770 newsah = keydb_newsecashead(); 2771 if (newsah == NULL) 2772 return NULL; 2773 2774 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx)); 2775 2776 /* add to saidxtree */ 2777 newsah->state = SADB_SASTATE_MATURE; 2778 LIST_INSERT_HEAD(&sahtree, newsah, chain); 2779 2780 return (newsah); 2781 } 2782 2783 /* 2784 * delete SA index and all SA registerd. 2785 */ 2786 static void 2787 key_delsah(sah) 2788 struct secashead *sah; 2789 { 2790 struct secasvar *sav, *nextsav; 2791 u_int stateidx, state; 2792 int s; 2793 int zombie = 0; 2794 2795 /* sanity check */ 2796 if (sah == NULL) 2797 panic("key_delsah: NULL pointer is passed."); 2798 2799 s = splsoftnet(); /*called from softclock()*/ 2800 2801 /* searching all SA registerd in the secindex. */ 2802 for (stateidx = 0; 2803 stateidx < _ARRAYLEN(saorder_state_any); 2804 stateidx++) { 2805 2806 state = saorder_state_any[stateidx]; 2807 for (sav = LIST_FIRST(&sah->savtree[state]); 2808 sav != NULL; 2809 sav = nextsav) { 2810 2811 nextsav = LIST_NEXT(sav, chain); 2812 2813 if (sav->refcnt > 0) { 2814 /* give up to delete this sa */ 2815 zombie++; 2816 continue; 2817 } 2818 2819 /* sanity check */ 2820 KEY_CHKSASTATE(state, sav->state, "key_delsah"); 2821 2822 /* remove back pointer */ 2823 sav->sah = NULL; 2824 2825 key_freesav(sav); 2826 2827 sav = NULL; 2828 } 2829 } 2830 2831 /* delete sah only if there's no sav. */ 2832 if (zombie) { 2833 splx(s); 2834 return; 2835 } 2836 2837 rtcache_free(&sah->sa_route); 2838 2839 /* remove from tree of SA index */ 2840 if (__LIST_CHAINED(sah)) 2841 LIST_REMOVE(sah, chain); 2842 2843 KFREE(sah); 2844 2845 splx(s); 2846 return; 2847 } 2848 2849 /* 2850 * allocating a new SA with LARVAL state. key_add() and key_getspi() call, 2851 * and copy the values of mhp into new buffer. 2852 * When SAD message type is GETSPI: 2853 * to set sequence number from acq_seq++, 2854 * to set zero to SPI. 2855 * not to call key_setsava(). 2856 * OUT: NULL : fail 2857 * others : pointer to new secasvar. 2858 * 2859 * does not modify mbuf. does not free mbuf on error. 2860 */ 2861 static struct secasvar * 2862 key_newsav(m, mhp, sah, errp) 2863 struct mbuf *m; 2864 const struct sadb_msghdr *mhp; 2865 struct secashead *sah; 2866 int *errp; 2867 { 2868 struct secasvar *newsav; 2869 const struct sadb_sa *xsa; 2870 2871 /* sanity check */ 2872 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) 2873 panic("key_newsa: NULL pointer is passed."); 2874 2875 newsav = keydb_newsecasvar(); 2876 if (newsav == NULL) { 2877 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n")); 2878 *errp = ENOBUFS; 2879 return NULL; 2880 } 2881 2882 switch (mhp->msg->sadb_msg_type) { 2883 case SADB_GETSPI: 2884 key_setspi(newsav, 0); 2885 2886 #ifdef IPSEC_DOSEQCHECK 2887 /* sync sequence number */ 2888 if (mhp->msg->sadb_msg_seq == 0) 2889 newsav->seq = 2890 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 2891 else 2892 #endif 2893 newsav->seq = mhp->msg->sadb_msg_seq; 2894 break; 2895 2896 case SADB_ADD: 2897 /* sanity check */ 2898 if (mhp->ext[SADB_EXT_SA] == NULL) { 2899 KFREE(newsav); 2900 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n")); 2901 *errp = EINVAL; 2902 return NULL; 2903 } 2904 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2905 key_setspi(newsav, xsa->sadb_sa_spi); 2906 newsav->seq = mhp->msg->sadb_msg_seq; 2907 break; 2908 default: 2909 KFREE(newsav); 2910 *errp = EINVAL; 2911 return NULL; 2912 } 2913 2914 /* copy sav values */ 2915 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 2916 *errp = key_setsaval(newsav, m, mhp); 2917 if (*errp) { 2918 KFREE(newsav); 2919 return NULL; 2920 } 2921 } 2922 2923 /* reset created */ 2924 newsav->created = time_second; 2925 2926 newsav->pid = mhp->msg->sadb_msg_pid; 2927 2928 /* add to satree */ 2929 newsav->sah = sah; 2930 newsav->refcnt = 1; 2931 newsav->state = SADB_SASTATE_LARVAL; 2932 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2933 secasvar, chain); 2934 2935 return newsav; 2936 } 2937 2938 /* 2939 * search SAD. 2940 * OUT: 2941 * NULL : not found 2942 * others : found, pointer to a SA. 2943 */ 2944 static struct secashead * 2945 key_getsah(saidx) 2946 struct secasindex *saidx; 2947 { 2948 struct secashead *sah; 2949 2950 LIST_FOREACH(sah, &sahtree, chain) { 2951 if (sah->state == SADB_SASTATE_DEAD) 2952 continue; 2953 if (key_cmpsaidx_exactly(&sah->saidx, saidx)) 2954 return (sah); 2955 } 2956 2957 return NULL; 2958 } 2959 2960 /* 2961 * check not to be duplicated SPI. 2962 * NOTE: this function is too slow due to searching all SAD. 2963 * OUT: 2964 * NULL : not found 2965 * others : found, pointer to a SA. 2966 */ 2967 static struct secasvar * 2968 key_checkspidup(saidx, spi) 2969 struct secasindex *saidx; 2970 u_int32_t spi; 2971 { 2972 struct secasvar *sav; 2973 u_int stateidx, state; 2974 2975 /* check address family */ 2976 if (saidx->src.ss_family != saidx->dst.ss_family) { 2977 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n")); 2978 return NULL; 2979 } 2980 2981 /* check all SAD */ 2982 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) { 2983 if (sav->spi != spi) 2984 continue; 2985 for (stateidx = 0; 2986 stateidx < _ARRAYLEN(saorder_state_alive); 2987 stateidx++) { 2988 state = saorder_state_alive[stateidx]; 2989 if (sav->state == state && 2990 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) 2991 return sav; 2992 } 2993 } 2994 2995 return NULL; 2996 } 2997 2998 static void 2999 key_setspi(sav, spi) 3000 struct secasvar *sav; 3001 u_int32_t spi; 3002 { 3003 int s; 3004 3005 s = splsoftnet(); 3006 sav->spi = spi; 3007 if (sav->spihash.le_prev || sav->spihash.le_next) 3008 LIST_REMOVE(sav, spihash); 3009 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash); 3010 splx(s); 3011 } 3012 3013 /* 3014 * search SAD litmited alive SA, protocol, SPI. 3015 * OUT: 3016 * NULL : not found 3017 * others : found, pointer to a SA. 3018 */ 3019 static struct secasvar * 3020 key_getsavbyspi(sah, spi) 3021 struct secashead *sah; 3022 u_int32_t spi; 3023 { 3024 struct secasvar *sav, *match; 3025 u_int stateidx, state, matchidx; 3026 3027 match = NULL; 3028 matchidx = _ARRAYLEN(saorder_state_alive); 3029 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) { 3030 if (sav->spi != spi) 3031 continue; 3032 if (sav->sah != sah) 3033 continue; 3034 for (stateidx = 0; stateidx < matchidx; stateidx++) { 3035 state = saorder_state_alive[stateidx]; 3036 if (sav->state == state) { 3037 match = sav; 3038 matchidx = stateidx; 3039 break; 3040 } 3041 } 3042 } 3043 3044 return match; 3045 } 3046 3047 /* 3048 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 3049 * You must update these if need. 3050 * OUT: 0: success. 3051 * !0: failure. 3052 * 3053 * does not modify mbuf. does not free mbuf on error. 3054 */ 3055 static int 3056 key_setsaval(sav, m, mhp) 3057 struct secasvar *sav; 3058 struct mbuf *m; 3059 const struct sadb_msghdr *mhp; 3060 { 3061 #ifdef IPSEC_ESP 3062 const struct esp_algorithm *algo; 3063 #endif 3064 int error = 0; 3065 3066 /* sanity check */ 3067 if (m == NULL || mhp == NULL || mhp->msg == NULL) 3068 panic("key_setsaval: NULL pointer is passed."); 3069 3070 /* initialization */ 3071 sav->replay = NULL; 3072 sav->key_auth = NULL; 3073 sav->key_enc = NULL; 3074 sav->sched = NULL; 3075 sav->schedlen = 0; 3076 sav->iv = NULL; 3077 sav->lft_c = NULL; 3078 sav->lft_h = NULL; 3079 sav->lft_s = NULL; 3080 #ifdef IPSEC_NAT_T 3081 sav->natt_type = 0; 3082 sav->esp_frag = 0; 3083 #endif 3084 3085 /* SA */ 3086 if (mhp->ext[SADB_EXT_SA] != NULL) { 3087 const struct sadb_sa *sa0; 3088 3089 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3090 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 3091 error = EINVAL; 3092 goto fail; 3093 } 3094 3095 sav->alg_auth = sa0->sadb_sa_auth; 3096 sav->alg_enc = sa0->sadb_sa_encrypt; 3097 sav->flags = sa0->sadb_sa_flags; 3098 3099 /* replay window */ 3100 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3101 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay); 3102 if (sav->replay == NULL) { 3103 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3104 error = ENOBUFS; 3105 goto fail; 3106 } 3107 } 3108 } 3109 3110 /* Authentication keys */ 3111 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3112 const struct sadb_key *key0; 3113 int len; 3114 3115 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3116 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3117 3118 error = 0; 3119 if (len < sizeof(*key0)) { 3120 error = EINVAL; 3121 goto fail; 3122 } 3123 switch (mhp->msg->sadb_msg_satype) { 3124 case SADB_SATYPE_AH: 3125 case SADB_SATYPE_ESP: 3126 case SADB_X_SATYPE_TCPSIGNATURE: 3127 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3128 sav->alg_auth != SADB_X_AALG_NULL) 3129 error = EINVAL; 3130 break; 3131 case SADB_X_SATYPE_IPCOMP: 3132 default: 3133 error = EINVAL; 3134 break; 3135 } 3136 if (error) { 3137 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n")); 3138 goto fail; 3139 } 3140 3141 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len); 3142 if (sav->key_auth == NULL) { 3143 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3144 error = ENOBUFS; 3145 goto fail; 3146 } 3147 } 3148 3149 /* Encryption key */ 3150 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3151 const struct sadb_key *key0; 3152 int len; 3153 3154 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3155 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3156 3157 error = 0; 3158 if (len < sizeof(*key0)) { 3159 error = EINVAL; 3160 goto fail; 3161 } 3162 switch (mhp->msg->sadb_msg_satype) { 3163 case SADB_SATYPE_ESP: 3164 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3165 sav->alg_enc != SADB_EALG_NULL) { 3166 error = EINVAL; 3167 break; 3168 } 3169 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len); 3170 if (sav->key_enc == NULL) { 3171 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3172 error = ENOBUFS; 3173 goto fail; 3174 } 3175 break; 3176 case SADB_X_SATYPE_IPCOMP: 3177 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3178 error = EINVAL; 3179 sav->key_enc = NULL; /*just in case*/ 3180 break; 3181 case SADB_SATYPE_AH: 3182 case SADB_X_SATYPE_TCPSIGNATURE: 3183 default: 3184 error = EINVAL; 3185 break; 3186 } 3187 if (error) { 3188 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n")); 3189 goto fail; 3190 } 3191 } 3192 3193 /* set iv */ 3194 sav->ivlen = 0; 3195 3196 switch (mhp->msg->sadb_msg_satype) { 3197 case SADB_SATYPE_ESP: 3198 #ifdef IPSEC_ESP 3199 algo = esp_algorithm_lookup(sav->alg_enc); 3200 if (algo && algo->ivlen) 3201 sav->ivlen = (*algo->ivlen)(algo, sav); 3202 if (sav->ivlen == 0) 3203 break; 3204 KMALLOC(sav->iv, void *, sav->ivlen); 3205 if (sav->iv == 0) { 3206 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3207 error = ENOBUFS; 3208 goto fail; 3209 } 3210 3211 /* initialize */ 3212 key_randomfill(sav->iv, sav->ivlen); 3213 #endif 3214 break; 3215 case SADB_SATYPE_AH: 3216 break; 3217 case SADB_X_SATYPE_IPCOMP: 3218 break; 3219 case SADB_X_SATYPE_TCPSIGNATURE: 3220 if (sav->alg_enc != SADB_EALG_NONE) { 3221 ipseclog((LOG_DEBUG, "key_setsaval: protocol and " 3222 "algorithm mismatched.\n")); 3223 error = EINVAL; 3224 goto fail; 3225 } 3226 break; 3227 default: 3228 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n")); 3229 error = EINVAL; 3230 goto fail; 3231 } 3232 3233 /* reset created */ 3234 sav->created = time_second; 3235 3236 /* make lifetime for CURRENT */ 3237 KMALLOC(sav->lft_c, struct sadb_lifetime *, 3238 sizeof(struct sadb_lifetime)); 3239 if (sav->lft_c == NULL) { 3240 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3241 error = ENOBUFS; 3242 goto fail; 3243 } 3244 3245 sav->lft_c->sadb_lifetime_len = 3246 PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3247 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3248 sav->lft_c->sadb_lifetime_allocations = 0; 3249 sav->lft_c->sadb_lifetime_bytes = 0; 3250 sav->lft_c->sadb_lifetime_addtime = time_second; 3251 sav->lft_c->sadb_lifetime_usetime = 0; 3252 3253 /* lifetimes for HARD and SOFT */ 3254 { 3255 const struct sadb_lifetime *lft0; 3256 3257 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 3258 if (lft0 != NULL) { 3259 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3260 error = EINVAL; 3261 goto fail; 3262 } 3263 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0, 3264 sizeof(*lft0)); 3265 if (sav->lft_h == NULL) { 3266 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3267 error = ENOBUFS; 3268 goto fail; 3269 } 3270 /* we no longer support byte lifetime */ 3271 if (sav->lft_h->sadb_lifetime_bytes) { 3272 error = EINVAL; 3273 goto fail; 3274 } 3275 /* initialize? */ 3276 } 3277 3278 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3279 if (lft0 != NULL) { 3280 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3281 error = EINVAL; 3282 goto fail; 3283 } 3284 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0, 3285 sizeof(*lft0)); 3286 if (sav->lft_s == NULL) { 3287 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n")); 3288 error = ENOBUFS; 3289 goto fail; 3290 } 3291 /* we no longer support byte lifetime */ 3292 if (sav->lft_s->sadb_lifetime_bytes) { 3293 error = EINVAL; 3294 goto fail; 3295 } 3296 /* initialize? */ 3297 } 3298 } 3299 3300 return 0; 3301 3302 fail: 3303 /* initialization */ 3304 if (sav->replay != NULL) { 3305 keydb_delsecreplay(sav->replay); 3306 sav->replay = NULL; 3307 } 3308 if (sav->key_auth != NULL) { 3309 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); 3310 KFREE(sav->key_auth); 3311 sav->key_auth = NULL; 3312 } 3313 if (sav->key_enc != NULL) { 3314 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); 3315 KFREE(sav->key_enc); 3316 sav->key_enc = NULL; 3317 } 3318 if (sav->sched) { 3319 bzero(sav->sched, sav->schedlen); 3320 KFREE(sav->sched); 3321 sav->sched = NULL; 3322 } 3323 if (sav->iv != NULL) { 3324 KFREE(sav->iv); 3325 sav->iv = NULL; 3326 } 3327 if (sav->lft_c != NULL) { 3328 KFREE(sav->lft_c); 3329 sav->lft_c = NULL; 3330 } 3331 if (sav->lft_h != NULL) { 3332 KFREE(sav->lft_h); 3333 sav->lft_h = NULL; 3334 } 3335 if (sav->lft_s != NULL) { 3336 KFREE(sav->lft_s); 3337 sav->lft_s = NULL; 3338 } 3339 3340 return error; 3341 } 3342 3343 /* 3344 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3345 * OUT: 0: valid 3346 * other: errno 3347 */ 3348 static int 3349 key_mature(sav) 3350 struct secasvar *sav; 3351 { 3352 int mature; 3353 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */ 3354 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */ 3355 3356 mature = 0; 3357 3358 /* check SPI value */ 3359 switch (sav->sah->saidx.proto) { 3360 case IPPROTO_ESP: 3361 case IPPROTO_AH: 3362 if (ntohl(sav->spi) <= 255) { 3363 ipseclog((LOG_DEBUG, 3364 "key_mature: illegal range of SPI %u.\n", 3365 (u_int32_t)ntohl(sav->spi))); 3366 return EINVAL; 3367 } 3368 break; 3369 case IPPROTO_TCP: 3370 if (ntohl(sav->spi) != 0x1000) { /*TCP_SIG_SPI*/ 3371 ipseclog((LOG_DEBUG, 3372 "key_mature: SPI must be 0x1000 for TCPMD5.\n")); 3373 return (EINVAL); 3374 } 3375 break; 3376 case IPPROTO_IPV4: 3377 case IPPROTO_IPV6: 3378 break; 3379 } 3380 3381 /* check satype */ 3382 switch (sav->sah->saidx.proto) { 3383 #ifdef IPSEC_ESP 3384 case IPPROTO_ESP: 3385 /* check flags */ 3386 if ((sav->flags & SADB_X_EXT_OLD) && 3387 (sav->flags & SADB_X_EXT_DERIV)) { 3388 ipseclog((LOG_DEBUG, "key_mature: " 3389 "invalid flag (derived) given to old-esp.\n")); 3390 return EINVAL; 3391 } 3392 if (sav->alg_auth == SADB_AALG_NONE) 3393 checkmask = 1; 3394 else 3395 checkmask = 3; 3396 mustmask = 1; 3397 break; 3398 #endif 3399 case IPPROTO_AH: 3400 /* check flags */ 3401 if (sav->flags & SADB_X_EXT_DERIV) { 3402 ipseclog((LOG_DEBUG, "key_mature: " 3403 "invalid flag (derived) given to AH SA.\n")); 3404 return EINVAL; 3405 } 3406 if (sav->alg_enc != SADB_EALG_NONE) { 3407 ipseclog((LOG_DEBUG, "key_mature: " 3408 "protocol and algorithm mismated.\n")); 3409 return (EINVAL); 3410 } 3411 checkmask = 2; 3412 mustmask = 2; 3413 break; 3414 case IPPROTO_IPCOMP: 3415 if (sav->alg_auth != SADB_AALG_NONE) { 3416 ipseclog((LOG_DEBUG, "key_mature: " 3417 "protocol and algorithm mismated.\n")); 3418 return (EINVAL); 3419 } 3420 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3421 ntohl(sav->spi) >= 0x10000) { 3422 ipseclog((LOG_DEBUG, 3423 "key_mature: invalid cpi for IPComp.\n")); 3424 return (EINVAL); 3425 } 3426 checkmask = 4; 3427 mustmask = 4; 3428 break; 3429 case IPPROTO_TCP: 3430 if (sav->alg_enc != SADB_EALG_NONE) { 3431 ipseclog((LOG_DEBUG, "key_mature: " 3432 "encryption algorithm must be null for TCPMD5.\n")); 3433 return (EINVAL); 3434 } 3435 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) { 3436 ipseclog((LOG_DEBUG, "key_mature: " 3437 "auth algorithm must be tcp-md5 for TCPMD5.\n")); 3438 return (EINVAL); 3439 } 3440 checkmask = 0; 3441 break; 3442 case IPPROTO_IPV4: 3443 case IPPROTO_IPV6: 3444 break; 3445 default: 3446 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n")); 3447 return EPROTONOSUPPORT; 3448 } 3449 3450 /* check authentication algorithm */ 3451 if ((checkmask & 2) != 0) { 3452 const struct ah_algorithm *algo; 3453 int keylen; 3454 3455 algo = ah_algorithm_lookup(sav->alg_auth); 3456 if (!algo) { 3457 ipseclog((LOG_DEBUG,"key_mature: " 3458 "unknown authentication algorithm.\n")); 3459 return EINVAL; 3460 } 3461 3462 /* algorithm-dependent check */ 3463 if (sav->key_auth) 3464 keylen = sav->key_auth->sadb_key_bits; 3465 else 3466 keylen = 0; 3467 if (keylen < algo->keymin || algo->keymax < keylen) { 3468 ipseclog((LOG_DEBUG, 3469 "key_mature: invalid AH key length %d " 3470 "(%d-%d allowed)\n", 3471 keylen, algo->keymin, algo->keymax)); 3472 return EINVAL; 3473 } 3474 3475 if (algo->mature) { 3476 if ((*algo->mature)(sav)) { 3477 /* message generated in per-algorithm function*/ 3478 return EINVAL; 3479 } else 3480 mature = SADB_SATYPE_AH; 3481 } 3482 3483 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) { 3484 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n")); 3485 return EINVAL; 3486 } 3487 } 3488 3489 /* check encryption algorithm */ 3490 if ((checkmask & 1) != 0) { 3491 #ifdef IPSEC_ESP 3492 const struct esp_algorithm *algo; 3493 int keylen; 3494 3495 algo = esp_algorithm_lookup(sav->alg_enc); 3496 if (!algo) { 3497 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n")); 3498 return EINVAL; 3499 } 3500 3501 /* algorithm-dependent check */ 3502 if (sav->key_enc) 3503 keylen = sav->key_enc->sadb_key_bits; 3504 else 3505 keylen = 0; 3506 if (keylen < algo->keymin || algo->keymax < keylen) { 3507 ipseclog((LOG_DEBUG, 3508 "key_mature: invalid ESP key length %d " 3509 "(%d-%d allowed)\n", 3510 keylen, algo->keymin, algo->keymax)); 3511 return EINVAL; 3512 } 3513 3514 if (algo->mature) { 3515 if ((*algo->mature)(sav)) { 3516 /* message generated in per-algorithm function*/ 3517 return EINVAL; 3518 } else 3519 mature = SADB_SATYPE_ESP; 3520 } 3521 3522 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) { 3523 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n")); 3524 return EINVAL; 3525 } 3526 #else /*IPSEC_ESP*/ 3527 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n")); 3528 return EINVAL; 3529 #endif 3530 } 3531 3532 /* check compression algorithm */ 3533 if ((checkmask & 4) != 0) { 3534 const struct ipcomp_algorithm *algo; 3535 3536 /* algorithm-dependent check */ 3537 algo = ipcomp_algorithm_lookup(sav->alg_enc); 3538 if (!algo) { 3539 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n")); 3540 return EINVAL; 3541 } 3542 } 3543 3544 key_sa_chgstate(sav, SADB_SASTATE_MATURE); 3545 return (0); 3546 } 3547 3548 /* 3549 * subroutine for SADB_GET and SADB_DUMP. 3550 */ 3551 static struct mbuf * 3552 key_setdumpsa(sav, type, satype, seq, pid) 3553 struct secasvar *sav; 3554 u_int8_t type, satype; 3555 u_int32_t seq, pid; 3556 { 3557 struct mbuf *result = NULL, *tres = NULL, *m; 3558 int l = 0; 3559 int i; 3560 void *p; 3561 int dumporder[] = { 3562 SADB_EXT_SA, SADB_X_EXT_SA2, 3563 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3564 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3565 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3566 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3567 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3568 #ifdef IPSEC_NAT_T 3569 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 3570 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OA, 3571 SADB_X_EXT_NAT_T_FRAG, 3572 #endif 3573 }; 3574 3575 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3576 if (m == NULL) 3577 goto fail; 3578 result = m; 3579 3580 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { 3581 m = NULL; 3582 p = NULL; 3583 switch (dumporder[i]) { 3584 case SADB_EXT_SA: 3585 m = key_setsadbsa(sav); 3586 if (!m) 3587 goto fail; 3588 break; 3589 3590 case SADB_X_EXT_SA2: 3591 m = key_setsadbxsa2(sav->sah->saidx.mode, 3592 sav->replay ? (sav->replay->count & 0xffffffff) : 0, 3593 sav->sah->saidx.reqid); 3594 if (!m) 3595 goto fail; 3596 break; 3597 3598 case SADB_EXT_ADDRESS_SRC: 3599 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3600 (struct sockaddr *)&sav->sah->saidx.src, 3601 FULLMASK, IPSEC_ULPROTO_ANY); 3602 if (!m) 3603 goto fail; 3604 break; 3605 3606 case SADB_EXT_ADDRESS_DST: 3607 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3608 (struct sockaddr *)&sav->sah->saidx.dst, 3609 FULLMASK, IPSEC_ULPROTO_ANY); 3610 if (!m) 3611 goto fail; 3612 break; 3613 3614 case SADB_EXT_KEY_AUTH: 3615 if (!sav->key_auth) 3616 continue; 3617 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); 3618 p = sav->key_auth; 3619 break; 3620 3621 case SADB_EXT_KEY_ENCRYPT: 3622 if (!sav->key_enc) 3623 continue; 3624 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); 3625 p = sav->key_enc; 3626 break; 3627 3628 case SADB_EXT_LIFETIME_CURRENT: 3629 if (!sav->lft_c) 3630 continue; 3631 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); 3632 p = sav->lft_c; 3633 break; 3634 3635 case SADB_EXT_LIFETIME_HARD: 3636 if (!sav->lft_h) 3637 continue; 3638 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); 3639 p = sav->lft_h; 3640 break; 3641 3642 case SADB_EXT_LIFETIME_SOFT: 3643 if (!sav->lft_s) 3644 continue; 3645 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); 3646 p = sav->lft_s; 3647 break; 3648 3649 #ifdef IPSEC_NAT_T 3650 case SADB_X_EXT_NAT_T_TYPE: 3651 if ((m = key_setsadbxtype(sav->natt_type)) == NULL) 3652 goto fail; 3653 break; 3654 3655 case SADB_X_EXT_NAT_T_DPORT: 3656 if ((m = key_setsadbxport(KEY_PORTFROMSADDR 3657 (&sav->sah->saidx.dst), 3658 SADB_X_EXT_NAT_T_DPORT)) == NULL) 3659 goto fail; 3660 break; 3661 3662 case SADB_X_EXT_NAT_T_SPORT: 3663 if ((m = key_setsadbxport(KEY_PORTFROMSADDR 3664 (&sav->sah->saidx.src), 3665 SADB_X_EXT_NAT_T_SPORT)) == NULL) 3666 goto fail; 3667 break; 3668 3669 case SADB_X_EXT_NAT_T_OA: 3670 case SADB_X_EXT_NAT_T_FRAG: 3671 continue; 3672 #endif 3673 case SADB_EXT_ADDRESS_PROXY: 3674 case SADB_EXT_IDENTITY_SRC: 3675 case SADB_EXT_IDENTITY_DST: 3676 /* XXX: should we brought from SPD ? */ 3677 case SADB_EXT_SENSITIVITY: 3678 default: 3679 continue; 3680 } 3681 3682 if ((!m && !p) || (m && p)) 3683 goto fail; 3684 if (p && tres) { 3685 M_PREPEND(tres, l, M_DONTWAIT); 3686 if (!tres) 3687 goto fail; 3688 bcopy(p, mtod(tres, void *), l); 3689 continue; 3690 } 3691 if (p) { 3692 m = key_alloc_mbuf(l); 3693 if (!m) 3694 goto fail; 3695 m_copyback(m, 0, l, p); 3696 } 3697 3698 if (tres) 3699 m_cat(m, tres); 3700 tres = m; 3701 } 3702 3703 m_cat(result, tres); 3704 3705 if (result->m_len < sizeof(struct sadb_msg)) { 3706 result = m_pullup(result, sizeof(struct sadb_msg)); 3707 if (result == NULL) 3708 goto fail; 3709 } 3710 3711 result->m_pkthdr.len = 0; 3712 for (m = result; m; m = m->m_next) 3713 result->m_pkthdr.len += m->m_len; 3714 3715 mtod(result, struct sadb_msg *)->sadb_msg_len = 3716 PFKEY_UNIT64(result->m_pkthdr.len); 3717 3718 return result; 3719 3720 fail: 3721 m_freem(result); 3722 m_freem(tres); 3723 return NULL; 3724 } 3725 3726 /* 3727 * set data into sadb_msg. 3728 */ 3729 static struct mbuf * 3730 key_setsadbmsg(type, tlen, satype, seq, pid, reserved) 3731 u_int8_t type, satype; 3732 u_int16_t tlen; 3733 u_int32_t seq; 3734 pid_t pid; 3735 u_int16_t reserved; 3736 { 3737 struct mbuf *m; 3738 struct sadb_msg *p; 3739 int len; 3740 3741 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3742 if (len > MCLBYTES) 3743 return NULL; 3744 MGETHDR(m, M_DONTWAIT, MT_DATA); 3745 if (m && len > MHLEN) { 3746 MCLGET(m, M_DONTWAIT); 3747 if ((m->m_flags & M_EXT) == 0) { 3748 m_freem(m); 3749 m = NULL; 3750 } 3751 } 3752 if (!m) 3753 return NULL; 3754 m->m_pkthdr.len = m->m_len = len; 3755 m->m_next = NULL; 3756 3757 p = mtod(m, struct sadb_msg *); 3758 3759 bzero(p, len); 3760 p->sadb_msg_version = PF_KEY_V2; 3761 p->sadb_msg_type = type; 3762 p->sadb_msg_errno = 0; 3763 p->sadb_msg_satype = satype; 3764 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3765 p->sadb_msg_reserved = reserved; 3766 p->sadb_msg_seq = seq; 3767 p->sadb_msg_pid = (u_int32_t)pid; 3768 3769 return m; 3770 } 3771 3772 /* 3773 * copy secasvar data into sadb_address. 3774 */ 3775 static struct mbuf * 3776 key_setsadbsa(sav) 3777 struct secasvar *sav; 3778 { 3779 struct mbuf *m; 3780 struct sadb_sa *p; 3781 int len; 3782 3783 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3784 m = key_alloc_mbuf(len); 3785 if (!m || m->m_next) { /*XXX*/ 3786 if (m) 3787 m_freem(m); 3788 return NULL; 3789 } 3790 3791 p = mtod(m, struct sadb_sa *); 3792 3793 bzero(p, len); 3794 p->sadb_sa_len = PFKEY_UNIT64(len); 3795 p->sadb_sa_exttype = SADB_EXT_SA; 3796 p->sadb_sa_spi = sav->spi; 3797 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 3798 p->sadb_sa_state = sav->state; 3799 p->sadb_sa_auth = sav->alg_auth; 3800 p->sadb_sa_encrypt = sav->alg_enc; 3801 p->sadb_sa_flags = sav->flags; 3802 3803 return m; 3804 } 3805 3806 /* 3807 * set data into sadb_address. 3808 */ 3809 static struct mbuf * 3810 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto) 3811 u_int16_t exttype; 3812 struct sockaddr *saddr; 3813 u_int8_t prefixlen; 3814 u_int16_t ul_proto; 3815 { 3816 struct mbuf *m; 3817 struct sadb_address *p; 3818 size_t len; 3819 3820 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3821 PFKEY_ALIGN8(saddr->sa_len); 3822 m = key_alloc_mbuf(len); 3823 if (!m || m->m_next) { /*XXX*/ 3824 if (m) 3825 m_freem(m); 3826 return NULL; 3827 } 3828 3829 p = mtod(m, struct sadb_address *); 3830 3831 bzero(p, len); 3832 p->sadb_address_len = PFKEY_UNIT64(len); 3833 p->sadb_address_exttype = exttype; 3834 p->sadb_address_proto = ul_proto; 3835 if (prefixlen == FULLMASK) { 3836 switch (saddr->sa_family) { 3837 case AF_INET: 3838 prefixlen = sizeof(struct in_addr) << 3; 3839 break; 3840 case AF_INET6: 3841 prefixlen = sizeof(struct in6_addr) << 3; 3842 break; 3843 default: 3844 ; /*XXX*/ 3845 } 3846 } 3847 p->sadb_address_prefixlen = prefixlen; 3848 p->sadb_address_reserved = 0; 3849 3850 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3851 saddr, saddr->sa_len); 3852 3853 return m; 3854 } 3855 3856 #if 0 3857 /* 3858 * set data into sadb_ident. 3859 */ 3860 static struct mbuf * 3861 key_setsadbident(exttype, idtype, string, stringlen, id) 3862 u_int16_t exttype, idtype; 3863 void *string; 3864 int stringlen; 3865 u_int64_t id; 3866 { 3867 struct mbuf *m; 3868 struct sadb_ident *p; 3869 size_t len; 3870 3871 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen); 3872 m = key_alloc_mbuf(len); 3873 if (!m || m->m_next) { /*XXX*/ 3874 if (m) 3875 m_freem(m); 3876 return NULL; 3877 } 3878 3879 p = mtod(m, struct sadb_ident *); 3880 3881 bzero(p, len); 3882 p->sadb_ident_len = PFKEY_UNIT64(len); 3883 p->sadb_ident_exttype = exttype; 3884 p->sadb_ident_type = idtype; 3885 p->sadb_ident_reserved = 0; 3886 p->sadb_ident_id = id; 3887 3888 bcopy(string, 3889 mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)), 3890 stringlen); 3891 3892 return m; 3893 } 3894 #endif 3895 3896 /* 3897 * set data into sadb_x_sa2. 3898 */ 3899 static struct mbuf * 3900 key_setsadbxsa2(mode, seq, reqid) 3901 u_int8_t mode; 3902 u_int32_t seq; 3903 u_int16_t reqid; 3904 { 3905 struct mbuf *m; 3906 struct sadb_x_sa2 *p; 3907 size_t len; 3908 3909 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3910 m = key_alloc_mbuf(len); 3911 if (!m || m->m_next) { /*XXX*/ 3912 if (m) 3913 m_freem(m); 3914 return NULL; 3915 } 3916 3917 p = mtod(m, struct sadb_x_sa2 *); 3918 3919 bzero(p, len); 3920 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3921 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3922 p->sadb_x_sa2_mode = mode; 3923 p->sadb_x_sa2_reserved1 = 0; 3924 p->sadb_x_sa2_reserved2 = 0; 3925 p->sadb_x_sa2_sequence = seq; 3926 p->sadb_x_sa2_reqid = reqid; 3927 3928 return m; 3929 } 3930 3931 #ifdef SADB_X_EXT_TAG 3932 /* 3933 * set data into sadb_x_tag. 3934 */ 3935 static struct mbuf * 3936 key_setsadbxtag(tag) 3937 u_int16_t tag; 3938 { 3939 struct mbuf *m; 3940 struct sadb_x_tag *p; 3941 size_t len; 3942 3943 len = PFKEY_ALIGN8(sizeof(struct sadb_x_tag)); 3944 m = key_alloc_mbuf(len); 3945 if (!m || m->m_next) { /*XXX*/ 3946 if (m) 3947 m_freem(m); 3948 return NULL; 3949 } 3950 3951 p = mtod(m, struct sadb_x_tag *); 3952 3953 bzero(p, len); 3954 p->sadb_x_tag_len = PFKEY_UNIT64(len); 3955 p->sadb_x_tag_exttype = SADB_X_EXT_TAG; 3956 m_nametag_tag2tagname(tag, p->sadb_x_tag_name); 3957 3958 return m; 3959 } 3960 #endif 3961 3962 #ifdef IPSEC_NAT_T 3963 /* 3964 * set a type in sadb_x_nat_t_type 3965 */ 3966 static struct mbuf * 3967 key_setsadbxtype(type) 3968 u_int16_t type; 3969 { 3970 struct mbuf *m; 3971 size_t len; 3972 struct sadb_x_nat_t_type *p; 3973 3974 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3975 3976 m = key_alloc_mbuf(len); 3977 if (!m || m->m_next) { /*XXX*/ 3978 if (m) 3979 m_freem(m); 3980 return NULL; 3981 } 3982 3983 p = mtod(m, struct sadb_x_nat_t_type *); 3984 3985 bzero(p, len); 3986 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3987 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3988 p->sadb_x_nat_t_type_type = type; 3989 3990 return m; 3991 } 3992 /* 3993 * set a port in sadb_x_nat_t_port. port is in network order 3994 */ 3995 static struct mbuf * 3996 key_setsadbxport(port, type) 3997 u_int16_t port; 3998 u_int16_t type; 3999 { 4000 struct mbuf *m; 4001 size_t len; 4002 struct sadb_x_nat_t_port *p; 4003 4004 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4005 4006 m = key_alloc_mbuf(len); 4007 if (!m || m->m_next) { /*XXX*/ 4008 if (m) 4009 m_freem(m); 4010 return NULL; 4011 } 4012 4013 p = mtod(m, struct sadb_x_nat_t_port *); 4014 4015 bzero(p, len); 4016 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4017 p->sadb_x_nat_t_port_exttype = type; 4018 p->sadb_x_nat_t_port_port = port; 4019 4020 return m; 4021 } 4022 4023 /* 4024 * Get port from sockaddr, port is in network order 4025 */ 4026 u_int16_t 4027 key_portfromsaddr(saddr) 4028 struct sockaddr *saddr; 4029 { 4030 u_int16_t port; 4031 4032 switch (saddr->sa_family) { 4033 case AF_INET: { 4034 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4035 4036 port = sin->sin_port; 4037 break; 4038 } 4039 #ifdef INET6 4040 case AF_INET6: { 4041 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4042 4043 port = sin6->sin6_port; 4044 break; 4045 } 4046 #endif 4047 default: 4048 printf("key_portfromsaddr: unexpected address family\n"); 4049 port = 0; 4050 break; 4051 } 4052 4053 return port; 4054 } 4055 #endif /* IPSEC_NAT_T */ 4056 4057 /* 4058 * Set port is struct sockaddr. port is in network order 4059 */ 4060 static void 4061 key_porttosaddr(saddr, port) 4062 struct sockaddr *saddr; 4063 u_int16_t port; 4064 { 4065 switch (saddr->sa_family) { 4066 case AF_INET: { 4067 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4068 4069 sin->sin_port = port; 4070 break; 4071 } 4072 #ifdef INET6 4073 case AF_INET6: { 4074 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4075 4076 sin6->sin6_port = port; 4077 break; 4078 } 4079 #endif 4080 default: 4081 printf("key_porttosaddr: unexpected address family %d\n", 4082 saddr->sa_family); 4083 break; 4084 } 4085 4086 return; 4087 } 4088 4089 /* 4090 * Safety check sa_len 4091 */ 4092 static int 4093 key_checksalen(saddr) 4094 const struct sockaddr *saddr; 4095 { 4096 switch (saddr->sa_family) { 4097 case AF_INET: 4098 if (saddr->sa_len != sizeof(struct sockaddr_in)) 4099 return -1; 4100 break; 4101 #ifdef INET6 4102 case AF_INET6: 4103 if (saddr->sa_len != sizeof(struct sockaddr_in6)) 4104 return -1; 4105 break; 4106 #endif 4107 default: 4108 printf("key_checksalen: unexpected sa_family %d\n", 4109 saddr->sa_family); 4110 return -1; 4111 break; 4112 } 4113 4114 return 0; 4115 } 4116 4117 /* 4118 * set data into sadb_lifetime 4119 */ 4120 static struct mbuf * 4121 key_setsadblifetime(type, alloc, bytes, addtime, usetime) 4122 u_int16_t type; 4123 u_int32_t alloc; 4124 u_int64_t bytes, addtime, usetime; 4125 { 4126 struct mbuf *m; 4127 struct sadb_lifetime *p; 4128 size_t len; 4129 4130 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 4131 m = key_alloc_mbuf(len); 4132 if (!m || m->m_next) { /*XXX*/ 4133 if (m) 4134 m_freem(m); 4135 return NULL; 4136 } 4137 4138 p = mtod(m, struct sadb_lifetime *); 4139 4140 bzero(p, len); 4141 p->sadb_lifetime_len = PFKEY_UNIT64(len); 4142 p->sadb_lifetime_exttype = type; 4143 p->sadb_lifetime_allocations = alloc; 4144 p->sadb_lifetime_bytes = bytes; 4145 p->sadb_lifetime_addtime = addtime; 4146 p->sadb_lifetime_usetime = usetime; 4147 4148 return m; 4149 } 4150 4151 /* 4152 * set data into sadb_x_policy 4153 */ 4154 static struct mbuf * 4155 key_setsadbxpolicy(type, dir, id) 4156 u_int16_t type; 4157 u_int8_t dir; 4158 u_int32_t id; 4159 { 4160 struct mbuf *m; 4161 struct sadb_x_policy *p; 4162 size_t len; 4163 4164 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4165 m = key_alloc_mbuf(len); 4166 if (!m || m->m_next) { /*XXX*/ 4167 if (m) 4168 m_freem(m); 4169 return NULL; 4170 } 4171 4172 p = mtod(m, struct sadb_x_policy *); 4173 4174 bzero(p, len); 4175 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4176 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4177 p->sadb_x_policy_type = type; 4178 p->sadb_x_policy_dir = dir; 4179 p->sadb_x_policy_id = id; 4180 4181 return m; 4182 } 4183 4184 /* %%% utilities */ 4185 /* 4186 * copy a buffer into the new buffer allocated. 4187 */ 4188 static void * 4189 key_newbuf(src, len) 4190 const void *src; 4191 u_int len; 4192 { 4193 void *new; 4194 4195 KMALLOC(new, void *, len); 4196 if (new == NULL) { 4197 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n")); 4198 return NULL; 4199 } 4200 bcopy(src, new, len); 4201 4202 return new; 4203 } 4204 4205 /* compare my own address 4206 * OUT: 1: true, i.e. my address. 4207 * 0: false 4208 */ 4209 static int 4210 key_ismyaddr(sa) 4211 struct sockaddr *sa; 4212 { 4213 #ifdef INET 4214 struct sockaddr_in *sin; 4215 struct in_ifaddr *ia; 4216 #endif 4217 4218 /* sanity check */ 4219 if (sa == NULL) 4220 panic("key_ismyaddr: NULL pointer is passed."); 4221 4222 switch (sa->sa_family) { 4223 #ifdef INET 4224 case AF_INET: 4225 sin = (struct sockaddr_in *)sa; 4226 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_list) { 4227 if (sin->sin_family == ia->ia_addr.sin_family && 4228 sin->sin_len == ia->ia_addr.sin_len && 4229 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) 4230 { 4231 return 1; 4232 } 4233 } 4234 break; 4235 #endif 4236 #ifdef INET6 4237 case AF_INET6: 4238 return key_ismyaddr6((struct sockaddr_in6 *)sa); 4239 #endif 4240 } 4241 4242 return 0; 4243 } 4244 4245 #ifdef INET6 4246 /* 4247 * compare my own address for IPv6. 4248 * 1: ours 4249 * 0: other 4250 * NOTE: derived ip6_input() in KAME. This is necessary to modify more. 4251 */ 4252 4253 static int 4254 key_ismyaddr6(sin6) 4255 struct sockaddr_in6 *sin6; 4256 { 4257 struct in6_ifaddr *ia; 4258 struct in6_multi *in6m; 4259 4260 if (sa6_embedscope(sin6, 0) != 0) 4261 return 0; 4262 4263 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 4264 if (key_sockaddrcmp((struct sockaddr *)&sin6, 4265 (struct sockaddr *)&ia->ia_addr, 0) == 0) 4266 return 1; 4267 4268 /* 4269 * XXX Multicast 4270 * XXX why do we care about multlicast here while we don't care 4271 * about IPv4 multicast?? 4272 * XXX scope 4273 */ 4274 in6m = NULL; 4275 for ((in6m) = ia->ia6_multiaddrs.lh_first; 4276 (in6m) != NULL && 4277 !IN6_ARE_ADDR_EQUAL(&(in6m)->in6m_addr, &sin6->sin6_addr); 4278 (in6m) = in6m->in6m_entry.le_next) 4279 continue; 4280 if (in6m) 4281 return 1; 4282 } 4283 4284 /* loopback, just for safety */ 4285 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) 4286 return 1; 4287 4288 return 0; 4289 } 4290 #endif /*INET6*/ 4291 4292 /* 4293 * compare two secasindex structure exactly. 4294 * IN: 4295 * saidx0: source, it can be in SAD. 4296 * saidx1: object. 4297 * OUT: 4298 * 1 : equal 4299 * 0 : not equal 4300 */ 4301 static int 4302 key_cmpsaidx_exactly(saidx0, saidx1) 4303 struct secasindex *saidx0, *saidx1; 4304 { 4305 /* sanity */ 4306 if (saidx0 == NULL && saidx1 == NULL) 4307 return 1; 4308 4309 if (saidx0 == NULL || saidx1 == NULL) 4310 return 0; 4311 4312 if (saidx0->proto != saidx1->proto || saidx0->mode != saidx1->mode || 4313 saidx0->reqid != saidx1->reqid) 4314 return 0; 4315 4316 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 || 4317 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0) 4318 return 0; 4319 4320 return 1; 4321 } 4322 4323 /* 4324 * compare two secasindex structure with consideration mode. 4325 * don't compare port. 4326 * IN: 4327 * saidx0: source, it is often in SAD. 4328 * saidx1: object, it is often from SPD. 4329 * OUT: 4330 * 1 : equal 4331 * 0 : not equal 4332 */ 4333 static int 4334 key_cmpsaidx_withmode(saidx0, saidx1) 4335 struct secasindex *saidx0, *saidx1; 4336 { 4337 int chkport = 0; 4338 4339 /* sanity */ 4340 if (saidx0 == NULL && saidx1 == NULL) 4341 return 1; 4342 4343 if (saidx0 == NULL || saidx1 == NULL) 4344 return 0; 4345 4346 if (saidx0->proto != saidx1->proto) 4347 return 0; 4348 4349 /* 4350 * If NAT-T is enabled, check ports for tunnel mode. 4351 * Don't do it for transport mode, as there is no 4352 * port information available in the SP. 4353 */ 4354 #ifdef IPSEC_NAT_T 4355 if (saidx1->mode == IPSEC_MODE_TUNNEL) 4356 chkport = 1; 4357 #endif 4358 /* 4359 * If reqid of SPD is non-zero, unique SA is required. 4360 * The result must be of same reqid in this case. 4361 */ 4362 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 4363 return 0; 4364 4365 if (saidx0->mode != IPSEC_MODE_ANY && saidx0->mode != saidx1->mode) 4366 return 0; 4367 4368 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src, 4369 (struct sockaddr *)&saidx1->src, chkport) != 0) { 4370 return 0; 4371 } 4372 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst, 4373 (struct sockaddr *)&saidx1->dst, chkport) != 0) { 4374 return 0; 4375 } 4376 4377 return 1; 4378 } 4379 4380 /* 4381 * compare two secasindex structure without mode. 4382 * don't compare port. 4383 * IN: 4384 * saidx0: source, it is often in SAD. 4385 * saidx1: object, it is often from user. 4386 * OUT: 4387 * 1 : equal 4388 * 0 : not equal 4389 */ 4390 static int 4391 key_cmpsaidx_withoutmode(saidx0, saidx1) 4392 struct secasindex *saidx0, *saidx1; 4393 { 4394 #ifdef IPSEC_NAT_T 4395 int chkport = 1; 4396 #else 4397 int chkport = 0; 4398 #endif 4399 4400 /* sanity */ 4401 if (saidx0 == NULL && saidx1 == NULL) 4402 return 1; 4403 4404 if (saidx0 == NULL || saidx1 == NULL) 4405 return 0; 4406 4407 if (saidx0->proto != saidx1->proto) 4408 return 0; 4409 4410 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src, 4411 (struct sockaddr *)&saidx1->src, chkport) != 0) { 4412 return 0; 4413 } 4414 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst, 4415 (struct sockaddr *)&saidx1->dst, chkport) != 0) { 4416 return 0; 4417 } 4418 4419 return 1; 4420 } 4421 4422 /* 4423 * compare two secindex structure exactly. 4424 * IN: 4425 * spidx0: source, it is often in SPD. 4426 * spidx1: object, it is often from PFKEY message. 4427 * OUT: 4428 * 1 : equal 4429 * 0 : not equal 4430 */ 4431 int 4432 key_cmpspidx_exactly(spidx0, spidx1) 4433 struct secpolicyindex *spidx0, *spidx1; 4434 { 4435 /* sanity */ 4436 if (spidx0 == NULL && spidx1 == NULL) 4437 return 1; 4438 4439 if (spidx0 == NULL || spidx1 == NULL) 4440 return 0; 4441 4442 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd || 4443 spidx0->ul_proto != spidx1->ul_proto) 4444 return 0; 4445 4446 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src, 4447 (struct sockaddr *)&spidx1->src, 1) != 0) { 4448 return 0; 4449 } 4450 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst, 4451 (struct sockaddr *)&spidx1->dst, 1) != 0) { 4452 return 0; 4453 } 4454 4455 return 1; 4456 } 4457 4458 /* 4459 * compare two secindex structure with mask. 4460 * IN: 4461 * spidx0: source, it is often in SPD. 4462 * spidx1: object, it is often from IP header. 4463 * OUT: 4464 * 1 : equal 4465 * 0 : not equal 4466 */ 4467 int 4468 key_cmpspidx_withmask(spidx0, spidx1) 4469 struct secpolicyindex *spidx0, *spidx1; 4470 { 4471 /* sanity */ 4472 if (spidx0 == NULL && spidx1 == NULL) 4473 return 1; 4474 4475 if (spidx0 == NULL || spidx1 == NULL) 4476 return 0; 4477 4478 if (spidx0->src.ss_family != spidx1->src.ss_family || 4479 spidx0->dst.ss_family != spidx1->dst.ss_family || 4480 spidx0->src.ss_len != spidx1->src.ss_len || 4481 spidx0->dst.ss_len != spidx1->dst.ss_len) 4482 return 0; 4483 4484 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4485 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY && 4486 spidx0->ul_proto != spidx1->ul_proto) 4487 return 0; 4488 4489 switch (spidx0->src.ss_family) { 4490 case AF_INET: 4491 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY && 4492 satosin(&spidx0->src)->sin_port != 4493 satosin(&spidx1->src)->sin_port) 4494 return 0; 4495 if (!key_bbcmp((void *)&satosin(&spidx0->src)->sin_addr, 4496 (void *)&satosin(&spidx1->src)->sin_addr, spidx0->prefs)) 4497 return 0; 4498 break; 4499 case AF_INET6: 4500 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY && 4501 satosin6(&spidx0->src)->sin6_port != 4502 satosin6(&spidx1->src)->sin6_port) 4503 return 0; 4504 /* 4505 * scope_id check. if sin6_scope_id is 0, we regard it 4506 * as a wildcard scope, which matches any scope zone ID. 4507 */ 4508 if (satosin6(&spidx0->src)->sin6_scope_id && 4509 satosin6(&spidx1->src)->sin6_scope_id && 4510 satosin6(&spidx0->src)->sin6_scope_id != 4511 satosin6(&spidx1->src)->sin6_scope_id) 4512 return 0; 4513 if (!key_bbcmp((void *)&satosin6(&spidx0->src)->sin6_addr, 4514 (void *)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs)) 4515 return 0; 4516 break; 4517 default: 4518 /* XXX */ 4519 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0) 4520 return 0; 4521 break; 4522 } 4523 4524 switch (spidx0->dst.ss_family) { 4525 case AF_INET: 4526 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY && 4527 satosin(&spidx0->dst)->sin_port != 4528 satosin(&spidx1->dst)->sin_port) 4529 return 0; 4530 if (!key_bbcmp((void *)&satosin(&spidx0->dst)->sin_addr, 4531 (void *)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd)) 4532 return 0; 4533 break; 4534 case AF_INET6: 4535 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY && 4536 satosin6(&spidx0->dst)->sin6_port != 4537 satosin6(&spidx1->dst)->sin6_port) 4538 return 0; 4539 /* 4540 * scope_id check. if sin6_scope_id is 0, we regard it 4541 * as a wildcard scope, which matches any scope zone ID. 4542 */ 4543 if (satosin6(&spidx0->src)->sin6_scope_id && 4544 satosin6(&spidx1->src)->sin6_scope_id && 4545 satosin6(&spidx0->dst)->sin6_scope_id != 4546 satosin6(&spidx1->dst)->sin6_scope_id) 4547 return 0; 4548 if (!key_bbcmp((void *)&satosin6(&spidx0->dst)->sin6_addr, 4549 (void *)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd)) 4550 return 0; 4551 break; 4552 default: 4553 /* XXX */ 4554 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0) 4555 return 0; 4556 break; 4557 } 4558 4559 /* XXX Do we check other field ? e.g. flowinfo */ 4560 4561 return 1; 4562 } 4563 4564 /* returns 0 on match */ 4565 static int 4566 key_sockaddrcmp(sa1, sa2, port) 4567 struct sockaddr *sa1; 4568 struct sockaddr *sa2; 4569 int port; 4570 { 4571 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4572 return 1; 4573 4574 switch (sa1->sa_family) { 4575 case AF_INET: 4576 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4577 return 1; 4578 if (satosin(sa1)->sin_addr.s_addr != 4579 satosin(sa2)->sin_addr.s_addr) { 4580 return 1; 4581 } 4582 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4583 return 1; 4584 break; 4585 case AF_INET6: 4586 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4587 return 1; /*EINVAL*/ 4588 if (satosin6(sa1)->sin6_scope_id != 4589 satosin6(sa2)->sin6_scope_id) { 4590 return 1; 4591 } 4592 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4593 &satosin6(sa2)->sin6_addr)) { 4594 return 1; 4595 } 4596 if (port && 4597 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4598 return 1; 4599 } 4600 break; 4601 default: 4602 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4603 return 1; 4604 break; 4605 } 4606 4607 return 0; 4608 } 4609 4610 /* 4611 * compare two buffers with mask. 4612 * IN: 4613 * addr1: source 4614 * addr2: object 4615 * bits: Number of bits to compare 4616 * OUT: 4617 * 1 : equal 4618 * 0 : not equal 4619 */ 4620 static int 4621 key_bbcmp(p1v, p2v, bits) 4622 void *p1v, *p2v; 4623 u_int bits; 4624 { 4625 char *p1 = p1v; 4626 char *p2 = p2v; 4627 u_int8_t mask; 4628 4629 /* XXX: This could be considerably faster if we compare a word 4630 * at a time, but it is complicated on LSB Endian machines */ 4631 4632 /* Handle null pointers */ 4633 if (p1 == NULL || p2 == NULL) 4634 return (p1 == p2); 4635 4636 while (bits >= 8) { 4637 if (*p1++ != *p2++) 4638 return 0; 4639 bits -= 8; 4640 } 4641 4642 if (bits > 0) { 4643 mask = ~((1<<(8-bits))-1); 4644 if ((*p1 & mask) != (*p2 & mask)) 4645 return 0; 4646 } 4647 return 1; /* Match! */ 4648 } 4649 4650 /* 4651 * time handler. 4652 * scanning SPD and SAD to check status for each entries, 4653 * and do to remove or to expire. 4654 * XXX2038: year 2038 problem may remain. 4655 */ 4656 void 4657 key_timehandler(void *arg) 4658 { 4659 u_int dir; 4660 int s; 4661 struct timeval tv; 4662 4663 getmicrotime(&tv); 4664 4665 s = splsoftnet(); /*called from softclock()*/ 4666 mutex_enter(softnet_lock); 4667 4668 /* SPD */ 4669 { 4670 struct secpolicy *sp, *nextsp; 4671 4672 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4673 for (sp = LIST_FIRST(&sptree[dir]); 4674 sp != NULL; 4675 sp = nextsp) { 4676 nextsp = LIST_NEXT(sp, chain); 4677 4678 if (sp->state == IPSEC_SPSTATE_DEAD) { 4679 key_sp_unlink(sp); /*XXX*/ 4680 sp = NULL; 4681 continue; 4682 } 4683 4684 if (sp->lifetime == 0 && sp->validtime == 0) 4685 continue; 4686 4687 /* the deletion will occur next time */ 4688 if ((sp->lifetime && 4689 tv.tv_sec - sp->created > sp->lifetime) || 4690 (sp->validtime && 4691 tv.tv_sec - sp->lastused > sp->validtime)) { 4692 key_sp_dead(sp); 4693 key_spdexpire(sp); 4694 continue; 4695 } 4696 } 4697 } 4698 4699 /* invalidate all cached SPD pointers on pcb */ 4700 ipsec_invalpcbcacheall(); 4701 } 4702 4703 /* SAD */ 4704 { 4705 struct secashead *sah, *nextsah; 4706 struct secasvar *sav, *nextsav; 4707 int havesav; 4708 u_int stateidx, state; 4709 4710 for (sah = LIST_FIRST(&sahtree); 4711 sah != NULL; 4712 sah = nextsah) { 4713 4714 nextsah = LIST_NEXT(sah, chain); 4715 4716 /* if sah has been dead, then delete it and process next sah. */ 4717 if (sah->state == SADB_SASTATE_DEAD) { 4718 key_delsah(sah); 4719 continue; 4720 } 4721 4722 /* if LARVAL entry doesn't become MATURE, delete it. */ 4723 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); 4724 sav != NULL; 4725 sav = nextsav) { 4726 4727 nextsav = LIST_NEXT(sav, chain); 4728 4729 if (tv.tv_sec - sav->created > key_larval_lifetime) { 4730 key_freesav(sav); 4731 } 4732 } 4733 4734 /* 4735 * check MATURE entry to start to send expire message 4736 * whether or not. 4737 */ 4738 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); 4739 sav != NULL; 4740 sav = nextsav) { 4741 4742 nextsav = LIST_NEXT(sav, chain); 4743 4744 /* we don't need to check. */ 4745 if (sav->lft_s == NULL) 4746 continue; 4747 4748 /* sanity check */ 4749 if (sav->lft_c == NULL) { 4750 ipseclog((LOG_DEBUG, "key_timehandler: " 4751 "There is no CURRENT time, why?\n")); 4752 continue; 4753 } 4754 4755 /* check SOFT lifetime */ 4756 if (sav->lft_s->sadb_lifetime_addtime != 0 && 4757 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4758 /* 4759 * check the SA if it has been used. 4760 * when it hasn't been used, delete it. 4761 * i don't think such SA will be used. 4762 */ 4763 if (sav->lft_c->sadb_lifetime_usetime == 0) { 4764 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4765 key_freesav(sav); 4766 sav = NULL; 4767 } else { 4768 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4769 /* 4770 * XXX If we keep to send expire 4771 * message in the status of 4772 * DYING. Do remove below code. 4773 */ 4774 key_expire(sav); 4775 } 4776 } 4777 4778 /* check SOFT lifetime by bytes */ 4779 /* 4780 * XXX I don't know the way to delete this SA 4781 * when new SA is installed. Caution when it's 4782 * installed too big lifetime by time. 4783 */ 4784 else if (sav->lft_s->sadb_lifetime_bytes != 0 4785 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4786 4787 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4788 /* 4789 * XXX If we keep to send expire 4790 * message in the status of 4791 * DYING. Do remove below code. 4792 */ 4793 key_expire(sav); 4794 } 4795 } 4796 4797 /* check DYING entry to change status to DEAD. */ 4798 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); 4799 sav != NULL; 4800 sav = nextsav) { 4801 4802 nextsav = LIST_NEXT(sav, chain); 4803 4804 /* we don't need to check. */ 4805 if (sav->lft_h == NULL) 4806 continue; 4807 4808 /* sanity check */ 4809 if (sav->lft_c == NULL) { 4810 ipseclog((LOG_DEBUG,"key_timehandler: " 4811 "There is no CURRENT time, why?\n")); 4812 continue; 4813 } 4814 4815 if (sav->lft_h->sadb_lifetime_addtime != 0 && 4816 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) { 4817 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4818 key_freesav(sav); 4819 sav = NULL; 4820 } 4821 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 4822 else if (sav->lft_s != NULL 4823 && sav->lft_s->sadb_lifetime_addtime != 0 4824 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4825 /* 4826 * XXX: should be checked to be 4827 * installed the valid SA. 4828 */ 4829 4830 /* 4831 * If there is no SA then sending 4832 * expire message. 4833 */ 4834 key_expire(sav); 4835 } 4836 #endif 4837 /* check HARD lifetime by bytes */ 4838 else if (sav->lft_h->sadb_lifetime_bytes != 0 4839 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4840 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4841 key_freesav(sav); 4842 sav = NULL; 4843 } 4844 } 4845 4846 /* delete entry in DEAD */ 4847 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); 4848 sav != NULL; 4849 sav = nextsav) { 4850 4851 nextsav = LIST_NEXT(sav, chain); 4852 4853 /* sanity check */ 4854 if (sav->state != SADB_SASTATE_DEAD) { 4855 ipseclog((LOG_DEBUG, "key_timehandler: " 4856 "invalid sav->state " 4857 "(queue: %u SA: %u): " 4858 "kill it anyway\n", 4859 SADB_SASTATE_DEAD, sav->state)); 4860 } 4861 4862 /* 4863 * do not call key_freesav() here. 4864 * sav should already be freed, and sav->refcnt 4865 * shows other references to sav 4866 * (such as from SPD). 4867 */ 4868 } 4869 4870 /* move SA header to DEAD if there's no SA */ 4871 havesav = 0; 4872 for (stateidx = 0; 4873 stateidx < _ARRAYLEN(saorder_state_alive); 4874 stateidx++) { 4875 state = saorder_state_alive[stateidx]; 4876 if (LIST_FIRST(&sah->savtree[state])) { 4877 havesav++; 4878 break; 4879 } 4880 } 4881 if (havesav == 0) { 4882 ipseclog((LOG_DEBUG, "key_timehandler: " 4883 "move sah %p to DEAD (no more SAs)\n", sah)); 4884 sah->state = SADB_SASTATE_DEAD; 4885 } 4886 } 4887 } 4888 4889 #ifndef IPSEC_NONBLOCK_ACQUIRE 4890 /* ACQ tree */ 4891 { 4892 struct secacq *acq, *nextacq; 4893 4894 for (acq = LIST_FIRST(&acqtree); 4895 acq != NULL; 4896 acq = nextacq) { 4897 4898 nextacq = LIST_NEXT(acq, chain); 4899 4900 if (tv.tv_sec - acq->created > key_blockacq_lifetime && 4901 __LIST_CHAINED(acq)) { 4902 LIST_REMOVE(acq, chain); 4903 KFREE(acq); 4904 } 4905 } 4906 } 4907 #endif 4908 4909 /* SP ACQ tree */ 4910 { 4911 struct secspacq *acq, *nextacq; 4912 4913 for (acq = LIST_FIRST(&spacqtree); 4914 acq != NULL; 4915 acq = nextacq) { 4916 4917 nextacq = LIST_NEXT(acq, chain); 4918 4919 if (tv.tv_sec - acq->created > key_blockacq_lifetime && 4920 __LIST_CHAINED(acq)) { 4921 LIST_REMOVE(acq, chain); 4922 KFREE(acq); 4923 } 4924 } 4925 } 4926 4927 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0); 4928 4929 mutex_exit(softnet_lock); 4930 splx(s); 4931 return; 4932 } 4933 4934 /* 4935 * to initialize a seed for random() 4936 */ 4937 static u_long 4938 key_random() 4939 { 4940 u_long value; 4941 4942 key_randomfill(&value, sizeof(value)); 4943 return value; 4944 } 4945 4946 void 4947 key_randomfill(p, l) 4948 void *p; 4949 size_t l; 4950 { 4951 #if NRND == 0 4952 static int warn = 1; 4953 #endif 4954 4955 arc4randbytes(p, l); 4956 4957 #if NRND == 0 4958 /* the arc4 generator is keyed with junk. */ 4959 if (warn) { 4960 printf("WARNING: pseudo-random number generator " 4961 "used for IPsec processing\n"); 4962 warn = 0; 4963 } 4964 #endif 4965 } 4966 4967 /* 4968 * map SADB_SATYPE_* to IPPROTO_*. 4969 * if satype == SADB_SATYPE then satype is mapped to ~0. 4970 * OUT: 4971 * 0: invalid satype. 4972 */ 4973 static u_int16_t 4974 key_satype2proto(satype) 4975 u_int8_t satype; 4976 { 4977 switch (satype) { 4978 case SADB_SATYPE_UNSPEC: 4979 return IPSEC_PROTO_ANY; 4980 case SADB_SATYPE_AH: 4981 return IPPROTO_AH; 4982 case SADB_SATYPE_ESP: 4983 return IPPROTO_ESP; 4984 case SADB_X_SATYPE_IPCOMP: 4985 return IPPROTO_IPCOMP; 4986 case SADB_X_SATYPE_TCPSIGNATURE: 4987 return IPPROTO_TCP; 4988 default: 4989 return 0; 4990 } 4991 /* NOTREACHED */ 4992 } 4993 4994 /* 4995 * map IPPROTO_* to SADB_SATYPE_* 4996 * OUT: 4997 * 0: invalid protocol type. 4998 */ 4999 static u_int8_t 5000 key_proto2satype(proto) 5001 u_int16_t proto; 5002 { 5003 switch (proto) { 5004 case IPPROTO_AH: 5005 return SADB_SATYPE_AH; 5006 case IPPROTO_ESP: 5007 return SADB_SATYPE_ESP; 5008 case IPPROTO_IPCOMP: 5009 return SADB_X_SATYPE_IPCOMP; 5010 case IPPROTO_TCP: 5011 return SADB_X_SATYPE_TCPSIGNATURE; 5012 default: 5013 return 0; 5014 } 5015 /* NOTREACHED */ 5016 } 5017 5018 /* %%% PF_KEY */ 5019 /* 5020 * SADB_GETSPI processing is to receive 5021 * <base, (SA2), src address, dst address, (SPI range)> 5022 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 5023 * tree with the status of LARVAL, and send 5024 * <base, SA(*), address(SD)> 5025 * to the IKMPd. 5026 * 5027 * IN: mhp: pointer to the pointer to each header. 5028 * OUT: NULL if fail. 5029 * other if success, return pointer to the message to send. 5030 */ 5031 static int 5032 key_getspi(so, m, mhp) 5033 struct socket *so; 5034 struct mbuf *m; 5035 const struct sadb_msghdr *mhp; 5036 { 5037 struct sadb_address *src0, *dst0; 5038 struct secasindex saidx; 5039 struct secashead *newsah; 5040 struct secasvar *newsav; 5041 u_int8_t proto; 5042 u_int32_t spi; 5043 u_int8_t mode; 5044 u_int16_t reqid; 5045 int error; 5046 5047 /* sanity check */ 5048 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 5049 panic("key_getspi: NULL pointer is passed."); 5050 5051 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5052 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5053 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n")); 5054 return key_senderror(so, m, EINVAL); 5055 } 5056 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5057 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5058 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n")); 5059 return key_senderror(so, m, EINVAL); 5060 } 5061 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5062 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5063 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5064 } else { 5065 mode = IPSEC_MODE_ANY; 5066 reqid = 0; 5067 } 5068 5069 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5070 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5071 5072 /* map satype to proto */ 5073 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5074 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n")); 5075 return key_senderror(so, m, EINVAL); 5076 } 5077 5078 /* sa_len safety check */ 5079 if (KEY_CHECKSALEN(src0 + 1) != 0) 5080 return key_senderror(so, m, EINVAL); 5081 if (KEY_CHECKSALEN(dst0 + 1) != 0) 5082 return key_senderror(so, m, EINVAL); 5083 5084 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5085 5086 /* If not using NAT-T, make sure port numbers are set to zero. */ 5087 #ifndef IPSEC_NAT_T 5088 KEY_PORTTOSADDR(&saidx.src, 0); 5089 KEY_PORTTOSADDR(&saidx.dst, 0); 5090 #endif 5091 5092 /* SPI allocation */ 5093 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], 5094 &saidx); 5095 if (spi == 0) 5096 return key_senderror(so, m, EINVAL); 5097 5098 /* get a SA index */ 5099 if ((newsah = key_getsah(&saidx)) == NULL) { 5100 /* create a new SA index */ 5101 if ((newsah = key_newsah(&saidx)) == NULL) { 5102 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n")); 5103 return key_senderror(so, m, ENOBUFS); 5104 } 5105 } 5106 5107 /* get a new SA */ 5108 /* XXX rewrite */ 5109 newsav = key_newsav(m, mhp, newsah, &error); 5110 if (newsav == NULL) { 5111 /* XXX don't free new SA index allocated in above. */ 5112 return key_senderror(so, m, error); 5113 } 5114 5115 /* set spi */ 5116 key_setspi(newsav, htonl(spi)); 5117 5118 #ifndef IPSEC_NONBLOCK_ACQUIRE 5119 /* delete the entry in acqtree */ 5120 if (mhp->msg->sadb_msg_seq != 0) { 5121 struct secacq *acq; 5122 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) { 5123 /* reset counter in order to deletion by timehandler. */ 5124 acq->created = time_second; 5125 acq->count = 0; 5126 } 5127 } 5128 #endif 5129 5130 { 5131 struct mbuf *n, *nn; 5132 struct sadb_sa *m_sa; 5133 struct sadb_msg *newmsg; 5134 int off, len; 5135 5136 /* create new sadb_msg to reply. */ 5137 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5138 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5139 if (len > MCLBYTES) 5140 return key_senderror(so, m, ENOBUFS); 5141 5142 MGETHDR(n, M_DONTWAIT, MT_DATA); 5143 if (len > MHLEN) { 5144 MCLGET(n, M_DONTWAIT); 5145 if ((n->m_flags & M_EXT) == 0) { 5146 m_freem(n); 5147 n = NULL; 5148 } 5149 } 5150 if (!n) 5151 return key_senderror(so, m, ENOBUFS); 5152 5153 n->m_len = len; 5154 n->m_next = NULL; 5155 off = 0; 5156 5157 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 5158 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5159 5160 m_sa = (struct sadb_sa *)(mtod(n, char *) + off); 5161 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5162 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5163 m_sa->sadb_sa_spi = htonl(spi); 5164 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5165 5166 #ifdef DIAGNOSTIC 5167 if (off != len) 5168 panic("length inconsistency in key_getspi"); 5169 #endif 5170 5171 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5172 SADB_EXT_ADDRESS_DST); 5173 if (!n->m_next) { 5174 m_freem(n); 5175 return key_senderror(so, m, ENOBUFS); 5176 } 5177 5178 if (n->m_len < sizeof(struct sadb_msg)) { 5179 n = m_pullup(n, sizeof(struct sadb_msg)); 5180 if (n == NULL) 5181 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5182 } 5183 5184 n->m_pkthdr.len = 0; 5185 for (nn = n; nn; nn = nn->m_next) 5186 n->m_pkthdr.len += nn->m_len; 5187 5188 newmsg = mtod(n, struct sadb_msg *); 5189 newmsg->sadb_msg_seq = newsav->seq; 5190 newmsg->sadb_msg_errno = 0; 5191 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5192 5193 m_freem(m); 5194 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5195 } 5196 } 5197 5198 /* 5199 * allocating new SPI 5200 * called by key_getspi(). 5201 * OUT: 5202 * 0: failure. 5203 * others: success. 5204 */ 5205 static u_int32_t 5206 key_do_getnewspi(spirange, saidx) 5207 struct sadb_spirange *spirange; 5208 struct secasindex *saidx; 5209 { 5210 u_int32_t newspi; 5211 u_int32_t xmin, xmax; 5212 int count = key_spi_trycnt; 5213 5214 /* set spi range to allocate */ 5215 if (spirange != NULL) { 5216 xmin = spirange->sadb_spirange_min; 5217 xmax = spirange->sadb_spirange_max; 5218 } else { 5219 xmin = key_spi_minval; 5220 xmax = key_spi_maxval; 5221 } 5222 /* IPCOMP needs 2-byte SPI */ 5223 if (saidx->proto == IPPROTO_IPCOMP) { 5224 u_int32_t t; 5225 if (xmin >= 0x10000) 5226 xmin = 0xffff; 5227 if (xmax >= 0x10000) 5228 xmax = 0xffff; 5229 if (xmin > xmax) { 5230 t = xmin; xmin = xmax; xmax = t; 5231 } 5232 } 5233 5234 if (xmin == xmax) { 5235 if (key_checkspidup(saidx, htonl(xmin)) != NULL) { 5236 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", xmin)); 5237 return 0; 5238 } 5239 5240 count--; /* taking one cost. */ 5241 newspi = xmin; 5242 5243 } else { 5244 5245 /* init SPI */ 5246 newspi = 0; 5247 5248 /* when requesting to allocate spi ranged */ 5249 while (count--) { 5250 /* generate pseudo-random SPI value ranged. */ 5251 newspi = xmin + (key_random() % (xmax - xmin + 1)); 5252 5253 if (key_checkspidup(saidx, htonl(newspi)) == NULL) 5254 break; 5255 } 5256 5257 if (count == 0 || newspi == 0) { 5258 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n")); 5259 return 0; 5260 } 5261 } 5262 5263 /* statistics */ 5264 keystat.getspi_count = 5265 (keystat.getspi_count + key_spi_trycnt - count) / 2; 5266 5267 return newspi; 5268 } 5269 5270 /* 5271 * SADB_UPDATE processing 5272 * receive 5273 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5274 * key(AE), (identity(SD),) (sensitivity)> 5275 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5276 * and send 5277 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5278 * (identity(SD),) (sensitivity)> 5279 * to the ikmpd. 5280 * 5281 * m will always be freed. 5282 */ 5283 static int 5284 key_update(so, m, mhp) 5285 struct socket *so; 5286 struct mbuf *m; 5287 const struct sadb_msghdr *mhp; 5288 { 5289 struct sadb_sa *sa0; 5290 struct sadb_address *src0, *dst0; 5291 struct secasindex saidx; 5292 struct secashead *sah; 5293 struct secasvar *sav; 5294 u_int16_t proto; 5295 u_int8_t mode; 5296 u_int16_t reqid; 5297 int error; 5298 5299 /* sanity check */ 5300 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 5301 panic("key_update: NULL pointer is passed."); 5302 5303 /* map satype to proto */ 5304 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5305 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n")); 5306 return key_senderror(so, m, EINVAL); 5307 } 5308 5309 if (mhp->ext[SADB_EXT_SA] == NULL || 5310 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5311 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5312 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5313 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5314 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5315 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5316 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5317 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5318 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5319 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5320 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n")); 5321 return key_senderror(so, m, EINVAL); 5322 } 5323 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5324 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5325 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5326 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n")); 5327 return key_senderror(so, m, EINVAL); 5328 } 5329 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5330 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5331 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5332 } else { 5333 mode = IPSEC_MODE_ANY; 5334 reqid = 0; 5335 } 5336 /* XXX boundary checking for other extensions */ 5337 5338 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5339 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5340 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5341 5342 /* sa_len safety check */ 5343 if (KEY_CHECKSALEN(src0 + 1) != 0) 5344 return key_senderror(so, m, EINVAL); 5345 if (KEY_CHECKSALEN(dst0 + 1) != 0) 5346 return key_senderror(so, m, EINVAL); 5347 5348 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5349 5350 /* If not using NAT-T, make sure if port number is zero. */ 5351 #ifndef IPSEC_NAT_T 5352 KEY_PORTTOSADDR(&saidx.src, 0); 5353 KEY_PORTTOSADDR(&saidx.dst, 0); 5354 #endif 5355 5356 /* get a SA header */ 5357 if ((sah = key_getsah(&saidx)) == NULL) { 5358 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n")); 5359 return key_senderror(so, m, ENOENT); 5360 } 5361 5362 /* set spidx if there */ 5363 /* XXX rewrite */ 5364 error = key_setident(sah, m, mhp); 5365 if (error) 5366 return key_senderror(so, m, error); 5367 5368 /* find a SA with sequence number. */ 5369 #ifdef IPSEC_DOSEQCHECK 5370 if (mhp->msg->sadb_msg_seq != 0 && 5371 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { 5372 ipseclog((LOG_DEBUG, 5373 "key_update: no larval SA with sequence %u exists.\n", 5374 mhp->msg->sadb_msg_seq)); 5375 return key_senderror(so, m, ENOENT); 5376 } 5377 #else 5378 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { 5379 ipseclog((LOG_DEBUG, 5380 "key_update: no such a SA found (spi:%u)\n", 5381 (u_int32_t)ntohl(sa0->sadb_sa_spi))); 5382 return key_senderror(so, m, EINVAL); 5383 } 5384 #endif 5385 5386 /* validity check */ 5387 if (sav->sah->saidx.proto != proto) { 5388 ipseclog((LOG_DEBUG, 5389 "key_update: protocol mismatched (DB=%u param=%u)\n", 5390 sav->sah->saidx.proto, proto)); 5391 return key_senderror(so, m, EINVAL); 5392 } 5393 #ifdef IPSEC_DOSEQCHECK 5394 if (sav->spi != sa0->sadb_sa_spi) { 5395 ipseclog((LOG_DEBUG, 5396 "key_update: SPI mismatched (DB:%u param:%u)\n", 5397 (u_int32_t)ntohl(sav->spi), 5398 (u_int32_t)ntohl(sa0->sadb_sa_spi))); 5399 return key_senderror(so, m, EINVAL); 5400 } 5401 #endif 5402 if (sav->pid != mhp->msg->sadb_msg_pid) { 5403 ipseclog((LOG_DEBUG, 5404 "key_update: pid mismatched (DB:%u param:%u)\n", 5405 sav->pid, mhp->msg->sadb_msg_pid)); 5406 return key_senderror(so, m, EINVAL); 5407 } 5408 5409 /* copy sav values */ 5410 error = key_setsaval(sav, m, mhp); 5411 if (error) { 5412 key_freesav(sav); 5413 return key_senderror(so, m, error); 5414 } 5415 5416 /* check SA values to be mature. */ 5417 if ((error = key_mature(sav)) != 0) { 5418 key_freesav(sav); 5419 return key_senderror(so, m, error); 5420 } 5421 5422 #ifdef IPSEC_NAT_T 5423 /* 5424 * Handle NAT-T info if present 5425 */ 5426 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) 5427 printf("update: NAT-T OA present\n"); 5428 5429 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) && 5430 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) && 5431 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) { 5432 struct sadb_x_nat_t_type *type; 5433 struct sadb_x_nat_t_port *sport; 5434 struct sadb_x_nat_t_port *dport; 5435 struct sadb_address *addr; 5436 struct sadb_x_nat_t_frag *frag; 5437 5438 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 5439 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 5440 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 5441 ipseclog((LOG_DEBUG, "key_update: " 5442 "invalid message.\n")); 5443 return key_senderror(so, m, EINVAL); 5444 } 5445 5446 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) && 5447 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) { 5448 ipseclog((LOG_DEBUG, "key_update: invalid message\n")); 5449 return key_senderror(so, m, EINVAL); 5450 } 5451 5452 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && 5453 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { 5454 ipseclog((LOG_DEBUG, "key_update: invalid message\n")); 5455 return key_senderror(so, m, EINVAL); 5456 } 5457 5458 type = (struct sadb_x_nat_t_type *) 5459 mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5460 sport = (struct sadb_x_nat_t_port *) 5461 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5462 dport = (struct sadb_x_nat_t_port *) 5463 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5464 addr = (struct sadb_address *) 5465 mhp->ext[SADB_X_EXT_NAT_T_OA]; 5466 frag = (struct sadb_x_nat_t_frag *) 5467 mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 5468 5469 if (type) 5470 sav->natt_type = type->sadb_x_nat_t_type_type; 5471 if (sport) 5472 KEY_PORTTOSADDR(&sav->sah->saidx.src, 5473 sport->sadb_x_nat_t_port_port); 5474 if (dport) 5475 KEY_PORTTOSADDR(&sav->sah->saidx.dst, 5476 dport->sadb_x_nat_t_port_port); 5477 if (frag) 5478 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen; 5479 else 5480 sav->esp_frag = IP_MAXPACKET; 5481 } 5482 #endif /* IPSEC_NAT_T */ 5483 5484 { 5485 struct mbuf *n; 5486 5487 /* set msg buf from mhp */ 5488 n = key_getmsgbuf_x1(m, mhp); 5489 if (n == NULL) { 5490 ipseclog((LOG_DEBUG, "key_update: No more memory.\n")); 5491 return key_senderror(so, m, ENOBUFS); 5492 } 5493 5494 m_freem(m); 5495 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5496 } 5497 } 5498 5499 /* 5500 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 5501 * only called by key_update(). 5502 * OUT: 5503 * NULL : not found 5504 * others : found, pointer to a SA. 5505 */ 5506 #ifdef IPSEC_DOSEQCHECK 5507 static struct secasvar * 5508 key_getsavbyseq(sah, seq) 5509 struct secashead *sah; 5510 u_int32_t seq; 5511 { 5512 struct secasvar *sav; 5513 u_int state; 5514 5515 state = SADB_SASTATE_LARVAL; 5516 5517 /* search SAD with sequence number ? */ 5518 LIST_FOREACH(sav, &sah->savtree[state], chain) { 5519 5520 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq"); 5521 5522 if (sav->seq == seq) 5523 } 5524 5525 return NULL; 5526 } 5527 #endif 5528 5529 /* 5530 * SADB_ADD processing 5531 * add an entry to SA database, when received 5532 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5533 * key(AE), (identity(SD),) (sensitivity)> 5534 * from the ikmpd, 5535 * and send 5536 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5537 * (identity(SD),) (sensitivity)> 5538 * to the ikmpd. 5539 * 5540 * IGNORE identity and sensitivity messages. 5541 * 5542 * m will always be freed. 5543 */ 5544 static int 5545 key_add(so, m, mhp) 5546 struct socket *so; 5547 struct mbuf *m; 5548 const struct sadb_msghdr *mhp; 5549 { 5550 struct sadb_sa *sa0; 5551 struct sadb_address *src0, *dst0; 5552 struct secasindex saidx; 5553 struct secashead *newsah; 5554 struct secasvar *newsav; 5555 u_int16_t proto; 5556 u_int8_t mode; 5557 u_int16_t reqid; 5558 int error; 5559 5560 /* sanity check */ 5561 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 5562 panic("key_add: NULL pointer is passed."); 5563 5564 /* map satype to proto */ 5565 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5566 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n")); 5567 return key_senderror(so, m, EINVAL); 5568 } 5569 5570 if (mhp->ext[SADB_EXT_SA] == NULL || 5571 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5572 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5573 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5574 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5575 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5576 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5577 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5578 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5579 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5580 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5581 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n")); 5582 return key_senderror(so, m, EINVAL); 5583 } 5584 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5585 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5586 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5587 /* XXX need more */ 5588 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n")); 5589 return key_senderror(so, m, EINVAL); 5590 } 5591 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5592 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5593 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5594 } else { 5595 mode = IPSEC_MODE_ANY; 5596 reqid = 0; 5597 } 5598 5599 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5600 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5601 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5602 5603 /* sa_len safety check */ 5604 if (KEY_CHECKSALEN(src0 + 1) != 0) 5605 return key_senderror(so, m, EINVAL); 5606 if (KEY_CHECKSALEN(dst0 + 1) != 0) 5607 return key_senderror(so, m, EINVAL); 5608 5609 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5610 5611 /* If not using NAT-T, make sure if port number is zero. */ 5612 #ifndef IPSEC_NAT_T 5613 KEY_PORTTOSADDR(&saidx.src, 0); 5614 KEY_PORTTOSADDR(&saidx.dst, 0); 5615 #endif 5616 5617 /* get a SA header */ 5618 if ((newsah = key_getsah(&saidx)) == NULL) { 5619 /* create a new SA header */ 5620 if ((newsah = key_newsah(&saidx)) == NULL) { 5621 ipseclog((LOG_DEBUG, "key_add: No more memory.\n")); 5622 return key_senderror(so, m, ENOBUFS); 5623 } 5624 } 5625 5626 /* set spidx if there */ 5627 /* XXX rewrite */ 5628 error = key_setident(newsah, m, mhp); 5629 if (error) { 5630 return key_senderror(so, m, error); 5631 } 5632 5633 /* create new SA entry. */ 5634 /* We can create new SA only if SPI is differenct. */ 5635 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) { 5636 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n")); 5637 return key_senderror(so, m, EEXIST); 5638 } 5639 newsav = key_newsav(m, mhp, newsah, &error); 5640 if (newsav == NULL) { 5641 return key_senderror(so, m, error); 5642 } 5643 5644 /* check SA values to be mature. */ 5645 if ((error = key_mature(newsav)) != 0) { 5646 key_freesav(newsav); 5647 return key_senderror(so, m, error); 5648 } 5649 5650 #ifdef IPSEC_NAT_T 5651 /* 5652 * Handle NAT-T info if present 5653 */ 5654 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) 5655 printf("add: NAT-T OA present\n"); 5656 5657 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) && 5658 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) && 5659 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) { 5660 struct sadb_x_nat_t_type *type; 5661 struct sadb_x_nat_t_port *sport; 5662 struct sadb_x_nat_t_port *dport; 5663 struct sadb_address *addr; 5664 struct sadb_x_nat_t_frag *frag; 5665 5666 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || 5667 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || 5668 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { 5669 ipseclog((LOG_DEBUG, "key_add: " 5670 "invalid message.\n")); 5671 return key_senderror(so, m, EINVAL); 5672 } 5673 5674 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) && 5675 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) { 5676 ipseclog((LOG_DEBUG, "key_add: invalid message\n")); 5677 return key_senderror(so, m, EINVAL); 5678 } 5679 5680 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && 5681 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { 5682 ipseclog((LOG_DEBUG, "key_update: invalid message\n")); 5683 return key_senderror(so, m, EINVAL); 5684 } 5685 5686 type = (struct sadb_x_nat_t_type *) 5687 mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5688 sport = (struct sadb_x_nat_t_port *) 5689 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5690 dport = (struct sadb_x_nat_t_port *) 5691 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5692 addr = (struct sadb_address *) 5693 mhp->ext[SADB_X_EXT_NAT_T_OA]; 5694 frag = (struct sadb_x_nat_t_frag *) 5695 mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 5696 5697 if (type) 5698 newsav->natt_type = type->sadb_x_nat_t_type_type; 5699 if (sport) 5700 KEY_PORTTOSADDR(&newsav->sah->saidx.src, 5701 sport->sadb_x_nat_t_port_port); 5702 if (dport) 5703 KEY_PORTTOSADDR(&newsav->sah->saidx.dst, 5704 dport->sadb_x_nat_t_port_port); 5705 if (frag) 5706 newsav->esp_frag = frag->sadb_x_nat_t_frag_fraglen; 5707 else 5708 newsav->esp_frag = IP_MAXPACKET; 5709 } 5710 #endif /* IPSEC_NAT_T */ 5711 5712 /* 5713 * don't call key_freesav() here, as we would like to keep the SA 5714 * in the database on success. 5715 */ 5716 5717 { 5718 struct mbuf *n; 5719 5720 /* set msg buf from mhp */ 5721 n = key_getmsgbuf_x1(m, mhp); 5722 if (n == NULL) { 5723 ipseclog((LOG_DEBUG, "key_update: No more memory.\n")); 5724 return key_senderror(so, m, ENOBUFS); 5725 } 5726 5727 m_freem(m); 5728 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5729 } 5730 } 5731 5732 /* m is retained */ 5733 static int 5734 key_setident(sah, m, mhp) 5735 struct secashead *sah; 5736 struct mbuf *m; 5737 const struct sadb_msghdr *mhp; 5738 { 5739 const struct sadb_ident *idsrc, *iddst; 5740 int idsrclen, iddstlen; 5741 5742 /* sanity check */ 5743 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 5744 panic("key_setident: NULL pointer is passed."); 5745 5746 /* don't make buffer if not there */ 5747 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 5748 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5749 sah->idents = NULL; 5750 sah->identd = NULL; 5751 return 0; 5752 } 5753 5754 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 5755 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5756 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n")); 5757 return EINVAL; 5758 } 5759 5760 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5761 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5762 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 5763 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 5764 5765 /* validity check */ 5766 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5767 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n")); 5768 return EINVAL; 5769 } 5770 5771 switch (idsrc->sadb_ident_type) { 5772 case SADB_IDENTTYPE_PREFIX: 5773 case SADB_IDENTTYPE_FQDN: 5774 case SADB_IDENTTYPE_USERFQDN: 5775 default: 5776 /* XXX do nothing */ 5777 sah->idents = NULL; 5778 sah->identd = NULL; 5779 return 0; 5780 } 5781 5782 /* make structure */ 5783 KMALLOC(sah->idents, struct sadb_ident *, idsrclen); 5784 if (sah->idents == NULL) { 5785 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n")); 5786 return ENOBUFS; 5787 } 5788 KMALLOC(sah->identd, struct sadb_ident *, iddstlen); 5789 if (sah->identd == NULL) { 5790 KFREE(sah->idents); 5791 sah->idents = NULL; 5792 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n")); 5793 return ENOBUFS; 5794 } 5795 bcopy(idsrc, sah->idents, idsrclen); 5796 bcopy(iddst, sah->identd, iddstlen); 5797 5798 return 0; 5799 } 5800 5801 /* 5802 * m will not be freed on return. 5803 * it is caller's responsibility to free the result. 5804 */ 5805 static struct mbuf * 5806 key_getmsgbuf_x1(m, mhp) 5807 struct mbuf *m; 5808 const struct sadb_msghdr *mhp; 5809 { 5810 struct mbuf *n; 5811 5812 /* sanity check */ 5813 if (m == NULL || mhp == NULL || mhp->msg == NULL) 5814 panic("key_getmsgbuf_x1: NULL pointer is passed."); 5815 5816 /* create new sadb_msg to reply. */ 5817 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, 5818 SADB_EXT_SA, SADB_X_EXT_SA2, 5819 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5820 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5821 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST); 5822 if (!n) 5823 return NULL; 5824 5825 if (n->m_len < sizeof(struct sadb_msg)) { 5826 n = m_pullup(n, sizeof(struct sadb_msg)); 5827 if (n == NULL) 5828 return NULL; 5829 } 5830 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5831 mtod(n, struct sadb_msg *)->sadb_msg_len = 5832 PFKEY_UNIT64(n->m_pkthdr.len); 5833 5834 return n; 5835 } 5836 5837 static int key_delete_all __P((struct socket *, struct mbuf *, 5838 const struct sadb_msghdr *, u_int16_t)); 5839 5840 /* 5841 * SADB_DELETE processing 5842 * receive 5843 * <base, SA(*), address(SD)> 5844 * from the ikmpd, and set SADB_SASTATE_DEAD, 5845 * and send, 5846 * <base, SA(*), address(SD)> 5847 * to the ikmpd. 5848 * 5849 * m will always be freed. 5850 */ 5851 static int 5852 key_delete(so, m, mhp) 5853 struct socket *so; 5854 struct mbuf *m; 5855 const struct sadb_msghdr *mhp; 5856 { 5857 struct sadb_sa *sa0; 5858 struct sadb_address *src0, *dst0; 5859 struct secasindex saidx; 5860 struct secashead *sah; 5861 struct secasvar *sav = NULL; 5862 u_int16_t proto; 5863 5864 /* sanity check */ 5865 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 5866 panic("key_delete: NULL pointer is passed."); 5867 5868 /* map satype to proto */ 5869 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5870 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n")); 5871 return key_senderror(so, m, EINVAL); 5872 } 5873 5874 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5875 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5876 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); 5877 return key_senderror(so, m, EINVAL); 5878 } 5879 5880 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5881 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5882 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); 5883 return key_senderror(so, m, EINVAL); 5884 } 5885 5886 if (mhp->ext[SADB_EXT_SA] == NULL) { 5887 /* 5888 * Caller wants us to delete all non-LARVAL SAs 5889 * that match the src/dst. This is used during 5890 * IKE INITIAL-CONTACT. 5891 */ 5892 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n")); 5893 return key_delete_all(so, m, mhp, proto); 5894 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 5895 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n")); 5896 return key_senderror(so, m, EINVAL); 5897 } 5898 5899 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5900 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5901 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5902 5903 /* sa_len safety check */ 5904 if (KEY_CHECKSALEN(src0 + 1) != 0) 5905 return key_senderror(so, m, EINVAL); 5906 if (KEY_CHECKSALEN(dst0 + 1) != 0) 5907 return key_senderror(so, m, EINVAL); 5908 5909 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5910 5911 /* If not using NAT-T, make sure if port number is zero. */ 5912 #ifndef IPSEC_NAT_T 5913 KEY_PORTTOSADDR(&saidx.src, 0); 5914 KEY_PORTTOSADDR(&saidx.dst, 0); 5915 #endif 5916 5917 /* get a SA header */ 5918 LIST_FOREACH(sah, &sahtree, chain) { 5919 if (sah->state == SADB_SASTATE_DEAD) 5920 continue; 5921 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0) 5922 continue; 5923 5924 /* get a SA with SPI. */ 5925 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5926 if (sav) 5927 break; 5928 } 5929 if (sah == NULL) { 5930 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n")); 5931 return key_senderror(so, m, ENOENT); 5932 } 5933 5934 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5935 key_freesav(sav); 5936 sav = NULL; 5937 5938 { 5939 struct mbuf *n; 5940 struct sadb_msg *newmsg; 5941 5942 /* create new sadb_msg to reply. */ 5943 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5944 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5945 if (!n) 5946 return key_senderror(so, m, ENOBUFS); 5947 5948 if (n->m_len < sizeof(struct sadb_msg)) { 5949 n = m_pullup(n, sizeof(struct sadb_msg)); 5950 if (n == NULL) 5951 return key_senderror(so, m, ENOBUFS); 5952 } 5953 newmsg = mtod(n, struct sadb_msg *); 5954 newmsg->sadb_msg_errno = 0; 5955 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5956 5957 m_freem(m); 5958 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5959 } 5960 } 5961 5962 /* 5963 * delete all SAs for src/dst. Called from key_delete(). 5964 */ 5965 static int 5966 key_delete_all(so, m, mhp, proto) 5967 struct socket *so; 5968 struct mbuf *m; 5969 const struct sadb_msghdr *mhp; 5970 u_int16_t proto; 5971 { 5972 struct sadb_address *src0, *dst0; 5973 struct secasindex saidx; 5974 struct secashead *sah; 5975 struct secasvar *sav, *nextsav; 5976 u_int stateidx, state; 5977 5978 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5979 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5980 5981 /* sa_len safety check */ 5982 if (KEY_CHECKSALEN(src0 + 1) != 0) 5983 return key_senderror(so, m, EINVAL); 5984 if (KEY_CHECKSALEN(dst0 + 1) != 0) 5985 return key_senderror(so, m, EINVAL); 5986 5987 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5988 5989 /* If not using NAT-T, make sure if port number is zero. */ 5990 #ifndef IPSEC_NAT_T 5991 KEY_PORTTOSADDR(&saidx.src, 0); 5992 KEY_PORTTOSADDR(&saidx.dst, 0); 5993 #endif 5994 5995 LIST_FOREACH(sah, &sahtree, chain) { 5996 if (sah->state == SADB_SASTATE_DEAD) 5997 continue; 5998 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0) 5999 continue; 6000 6001 /* Delete all non-LARVAL SAs. */ 6002 for (stateidx = 0; 6003 stateidx < _ARRAYLEN(saorder_state_alive); 6004 stateidx++) { 6005 state = saorder_state_alive[stateidx]; 6006 if (state == SADB_SASTATE_LARVAL) 6007 continue; 6008 for (sav = LIST_FIRST(&sah->savtree[state]); 6009 sav != NULL; sav = nextsav) { 6010 nextsav = LIST_NEXT(sav, chain); 6011 /* sanity check */ 6012 if (sav->state != state) { 6013 ipseclog((LOG_DEBUG, "key_delete_all: " 6014 "invalid sav->state " 6015 "(queue: %u SA: %u)\n", 6016 state, sav->state)); 6017 continue; 6018 } 6019 6020 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 6021 key_freesav(sav); 6022 } 6023 } 6024 } 6025 { 6026 struct mbuf *n; 6027 struct sadb_msg *newmsg; 6028 6029 /* create new sadb_msg to reply. */ 6030 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6031 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6032 if (!n) 6033 return key_senderror(so, m, ENOBUFS); 6034 6035 if (n->m_len < sizeof(struct sadb_msg)) { 6036 n = m_pullup(n, sizeof(struct sadb_msg)); 6037 if (n == NULL) 6038 return key_senderror(so, m, ENOBUFS); 6039 } 6040 newmsg = mtod(n, struct sadb_msg *); 6041 newmsg->sadb_msg_errno = 0; 6042 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6043 6044 m_freem(m); 6045 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6046 } 6047 } 6048 6049 /* 6050 * SADB_GET processing 6051 * receive 6052 * <base, SA(*), address(SD)> 6053 * from the ikmpd, and get a SP and a SA to respond, 6054 * and send, 6055 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6056 * (identity(SD),) (sensitivity)> 6057 * to the ikmpd. 6058 * 6059 * m will always be freed. 6060 */ 6061 static int 6062 key_get(so, m, mhp) 6063 struct socket *so; 6064 struct mbuf *m; 6065 const struct sadb_msghdr *mhp; 6066 { 6067 struct sadb_sa *sa0; 6068 struct sadb_address *src0, *dst0; 6069 struct secasindex saidx; 6070 struct secashead *sah; 6071 struct secasvar *sav = NULL; 6072 u_int16_t proto; 6073 6074 /* sanity check */ 6075 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 6076 panic("key_get: NULL pointer is passed."); 6077 6078 /* map satype to proto */ 6079 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6080 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n")); 6081 return key_senderror(so, m, EINVAL); 6082 } 6083 6084 if (mhp->ext[SADB_EXT_SA] == NULL || 6085 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6086 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 6087 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n")); 6088 return key_senderror(so, m, EINVAL); 6089 } 6090 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 6091 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6092 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 6093 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n")); 6094 return key_senderror(so, m, EINVAL); 6095 } 6096 6097 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6098 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6099 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6100 6101 /* sa_len safety check */ 6102 if (KEY_CHECKSALEN(src0 + 1) != 0) 6103 return key_senderror(so, m, EINVAL); 6104 if (KEY_CHECKSALEN(dst0 + 1) != 0) 6105 return key_senderror(so, m, EINVAL); 6106 6107 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6108 6109 /* If not using NAT-T, make sure if port number is zero. */ 6110 #ifndef IPSEC_NAT_T 6111 KEY_PORTTOSADDR(&saidx.src, 0); 6112 KEY_PORTTOSADDR(&saidx.dst, 0); 6113 #endif 6114 6115 /* get a SA header */ 6116 LIST_FOREACH(sah, &sahtree, chain) { 6117 if (sah->state == SADB_SASTATE_DEAD) 6118 continue; 6119 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0) 6120 continue; 6121 6122 /* get a SA with SPI. */ 6123 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 6124 if (sav) 6125 break; 6126 } 6127 if (sah == NULL) { 6128 ipseclog((LOG_DEBUG, "key_get: no SA found.\n")); 6129 return key_senderror(so, m, ENOENT); 6130 } 6131 6132 { 6133 struct mbuf *n; 6134 u_int8_t satype; 6135 6136 /* map proto to satype */ 6137 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 6138 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n")); 6139 return key_senderror(so, m, EINVAL); 6140 } 6141 6142 /* create new sadb_msg to reply. */ 6143 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6144 mhp->msg->sadb_msg_pid); 6145 if (!n) 6146 return key_senderror(so, m, ENOBUFS); 6147 6148 m_freem(m); 6149 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6150 } 6151 } 6152 6153 /* XXX make it sysctl-configurable? */ 6154 static void 6155 key_getcomb_setlifetime(comb) 6156 struct sadb_comb *comb; 6157 { 6158 6159 comb->sadb_comb_soft_allocations = 1; 6160 comb->sadb_comb_hard_allocations = 1; 6161 comb->sadb_comb_soft_bytes = 0; 6162 comb->sadb_comb_hard_bytes = 0; 6163 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6164 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100; 6165 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */ 6166 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6167 } 6168 6169 #ifdef IPSEC_ESP 6170 /* 6171 * XXX reorder combinations by preference 6172 * XXX no idea if the user wants ESP authentication or not 6173 */ 6174 static struct mbuf * 6175 key_getcomb_esp() 6176 { 6177 struct sadb_comb *comb; 6178 const struct esp_algorithm *algo; 6179 struct mbuf *result = NULL, *m, *n; 6180 int encmin; 6181 int i, off, o; 6182 int totlen; 6183 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6184 6185 m = NULL; 6186 for (i = 1; i <= SADB_EALG_MAX; i++) { 6187 algo = esp_algorithm_lookup(i); 6188 if (!algo) 6189 continue; 6190 6191 if (algo->keymax < ipsec_esp_keymin) 6192 continue; 6193 if (algo->keymin < ipsec_esp_keymin) 6194 encmin = ipsec_esp_keymin; 6195 else 6196 encmin = algo->keymin; 6197 6198 if (ipsec_esp_auth) 6199 m = key_getcomb_ah(); 6200 else { 6201 #ifdef DIAGNOSTIC 6202 if (l > MLEN) 6203 panic("assumption failed in key_getcomb_esp"); 6204 #endif 6205 MGET(m, M_DONTWAIT, MT_DATA); 6206 if (m) { 6207 M_ALIGN(m, l); 6208 m->m_len = l; 6209 m->m_next = NULL; 6210 bzero(mtod(m, void *), m->m_len); 6211 } 6212 } 6213 if (!m) 6214 goto fail; 6215 6216 totlen = 0; 6217 for (n = m; n; n = n->m_next) 6218 totlen += n->m_len; 6219 #ifdef DIAGNOSTIC 6220 if (totlen % l) 6221 panic("assumption failed in key_getcomb_esp"); 6222 #endif 6223 6224 for (off = 0; off < totlen; off += l) { 6225 n = m_pulldown(m, off, l, &o); 6226 if (!n) { 6227 /* m is already freed */ 6228 goto fail; 6229 } 6230 comb = (struct sadb_comb *)(mtod(n, char *) + o); 6231 bzero(comb, sizeof(*comb)); 6232 key_getcomb_setlifetime(comb); 6233 comb->sadb_comb_encrypt = i; 6234 comb->sadb_comb_encrypt_minbits = encmin; 6235 comb->sadb_comb_encrypt_maxbits = algo->keymax; 6236 } 6237 6238 if (!result) 6239 result = m; 6240 else 6241 m_cat(result, m); 6242 } 6243 6244 return result; 6245 6246 fail: 6247 if (result) 6248 m_freem(result); 6249 return NULL; 6250 } 6251 #endif 6252 6253 /* 6254 * XXX reorder combinations by preference 6255 */ 6256 static struct mbuf * 6257 key_getcomb_ah() 6258 { 6259 struct sadb_comb *comb; 6260 const struct ah_algorithm *algo; 6261 struct mbuf *m; 6262 int xmin; 6263 int i; 6264 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6265 6266 m = NULL; 6267 for (i = 1; i <= SADB_AALG_MAX; i++) { 6268 #if 1 6269 /* we prefer HMAC algorithms, not old algorithms */ 6270 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC) 6271 continue; 6272 #endif 6273 algo = ah_algorithm_lookup(i); 6274 if (!algo) 6275 continue; 6276 6277 if (algo->keymax < ipsec_ah_keymin) 6278 continue; 6279 if (algo->keymin < ipsec_ah_keymin) 6280 xmin = ipsec_ah_keymin; 6281 else 6282 xmin = algo->keymin; 6283 6284 if (!m) { 6285 #ifdef DIAGNOSTIC 6286 if (l > MLEN) 6287 panic("assumption failed in key_getcomb_ah"); 6288 #endif 6289 MGET(m, M_DONTWAIT, MT_DATA); 6290 if (m) { 6291 M_ALIGN(m, l); 6292 m->m_len = l; 6293 m->m_next = NULL; 6294 } 6295 } else 6296 M_PREPEND(m, l, M_DONTWAIT); 6297 if (!m) 6298 return NULL; 6299 6300 comb = mtod(m, struct sadb_comb *); 6301 bzero(comb, sizeof(*comb)); 6302 key_getcomb_setlifetime(comb); 6303 comb->sadb_comb_auth = i; 6304 comb->sadb_comb_auth_minbits = xmin; 6305 comb->sadb_comb_auth_maxbits = algo->keymax; 6306 } 6307 6308 return m; 6309 } 6310 6311 /* 6312 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6313 * XXX reorder combinations by preference 6314 */ 6315 static struct mbuf * 6316 key_getcomb_ipcomp() 6317 { 6318 struct sadb_comb *comb; 6319 const struct ipcomp_algorithm *algo; 6320 struct mbuf *m; 6321 int i; 6322 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6323 6324 m = NULL; 6325 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6326 algo = ipcomp_algorithm_lookup(i); 6327 if (!algo) 6328 continue; 6329 6330 if (!m) { 6331 #ifdef DIAGNOSTIC 6332 if (l > MLEN) 6333 panic("assumption failed in key_getcomb_ipcomp"); 6334 #endif 6335 MGET(m, M_DONTWAIT, MT_DATA); 6336 if (m) { 6337 M_ALIGN(m, l); 6338 m->m_len = l; 6339 m->m_next = NULL; 6340 } 6341 } else 6342 M_PREPEND(m, l, M_DONTWAIT); 6343 if (!m) 6344 return NULL; 6345 6346 comb = mtod(m, struct sadb_comb *); 6347 bzero(comb, sizeof(*comb)); 6348 key_getcomb_setlifetime(comb); 6349 comb->sadb_comb_encrypt = i; 6350 /* what should we set into sadb_comb_*_{min,max}bits? */ 6351 } 6352 6353 return m; 6354 } 6355 6356 /* 6357 * XXX no way to pass mode (transport/tunnel) to userland 6358 * XXX replay checking? 6359 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6360 */ 6361 static struct mbuf * 6362 key_getprop(saidx) 6363 const struct secasindex *saidx; 6364 { 6365 struct sadb_prop *prop; 6366 struct mbuf *m, *n; 6367 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6368 int totlen; 6369 6370 switch (saidx->proto) { 6371 #ifdef IPSEC_ESP 6372 case IPPROTO_ESP: 6373 m = key_getcomb_esp(); 6374 break; 6375 #endif 6376 case IPPROTO_AH: 6377 m = key_getcomb_ah(); 6378 break; 6379 case IPPROTO_IPCOMP: 6380 m = key_getcomb_ipcomp(); 6381 break; 6382 default: 6383 return NULL; 6384 } 6385 6386 if (!m) 6387 return NULL; 6388 M_PREPEND(m, l, M_DONTWAIT); 6389 if (!m) 6390 return NULL; 6391 6392 totlen = 0; 6393 for (n = m; n; n = n->m_next) 6394 totlen += n->m_len; 6395 6396 prop = mtod(m, struct sadb_prop *); 6397 bzero(prop, sizeof(*prop)); 6398 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6399 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6400 prop->sadb_prop_replay = 32; /* XXX */ 6401 6402 return m; 6403 } 6404 6405 /* 6406 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6407 * send 6408 * <base, SA, address(SD), (address(P)), x_policy, 6409 * (identity(SD),) (sensitivity,) proposal> 6410 * to KMD, and expect to receive 6411 * <base> with SADB_ACQUIRE if error occurred, 6412 * or 6413 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6414 * from KMD by PF_KEY. 6415 * 6416 * XXX x_policy is outside of RFC2367 (KAME extension). 6417 * XXX sensitivity is not supported. 6418 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6419 * see comment for key_getcomb_ipcomp(). 6420 * 6421 * OUT: 6422 * 0 : succeed 6423 * others: error number 6424 */ 6425 static int 6426 key_acquire(saidx, sp) 6427 struct secasindex *saidx; 6428 struct secpolicy *sp; 6429 { 6430 struct mbuf *result = NULL, *m; 6431 #ifndef IPSEC_NONBLOCK_ACQUIRE 6432 struct secacq *newacq; 6433 #endif 6434 u_int8_t satype; 6435 int error = -1; 6436 u_int32_t seq; 6437 6438 /* sanity check */ 6439 if (saidx == NULL) 6440 panic("key_acquire: NULL pointer is passed."); 6441 if ((satype = key_proto2satype(saidx->proto)) == 0) 6442 panic("key_acquire: invalid proto is passed."); 6443 6444 #ifndef IPSEC_NONBLOCK_ACQUIRE 6445 /* 6446 * We never do anything about acquirng SA. There is anather 6447 * solution that kernel blocks to send SADB_ACQUIRE message until 6448 * getting something message from IKEd. In later case, to be 6449 * managed with ACQUIRING list. 6450 */ 6451 /* get an entry to check whether sending message or not. */ 6452 if ((newacq = key_getacq(saidx)) != NULL) { 6453 if (key_blockacq_count < newacq->count) { 6454 /* reset counter and do send message. */ 6455 newacq->count = 0; 6456 } else { 6457 /* increment counter and do nothing. */ 6458 newacq->count++; 6459 return 0; 6460 } 6461 } else { 6462 /* make new entry for blocking to send SADB_ACQUIRE. */ 6463 if ((newacq = key_newacq(saidx)) == NULL) 6464 return ENOBUFS; 6465 6466 /* add to acqtree */ 6467 LIST_INSERT_HEAD(&acqtree, newacq, chain); 6468 } 6469 #endif 6470 6471 #ifndef IPSEC_NONBLOCK_ACQUIRE 6472 seq = newacq->seq; 6473 #else 6474 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 6475 #endif 6476 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6477 if (!m) { 6478 error = ENOBUFS; 6479 goto fail; 6480 } 6481 result = m; 6482 6483 /* set sadb_address for saidx's. */ 6484 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 6485 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY); 6486 if (!m) { 6487 error = ENOBUFS; 6488 goto fail; 6489 } 6490 m_cat(result, m); 6491 6492 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 6493 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY); 6494 if (!m) { 6495 error = ENOBUFS; 6496 goto fail; 6497 } 6498 m_cat(result, m); 6499 6500 /* XXX proxy address (optional) */ 6501 6502 /* set sadb_x_policy */ 6503 if (sp) { 6504 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id); 6505 if (!m) { 6506 error = ENOBUFS; 6507 goto fail; 6508 } 6509 m_cat(result, m); 6510 } 6511 6512 #ifdef SADB_X_EXT_TAG 6513 /* set sadb_x_tag */ 6514 if (sp && sp->tag) { 6515 m = key_setsadbxtag(sp->tag); 6516 if (!m) { 6517 error = ENOBUFS; 6518 goto fail; 6519 } 6520 m_cat(result, m); 6521 } 6522 #endif 6523 6524 /* XXX identity (optional) */ 6525 #if 0 6526 if (idexttype && fqdn) { 6527 /* create identity extension (FQDN) */ 6528 struct sadb_ident *id; 6529 int fqdnlen; 6530 6531 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6532 id = (struct sadb_ident *)p; 6533 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6534 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6535 id->sadb_ident_exttype = idexttype; 6536 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6537 bcopy(fqdn, id + 1, fqdnlen); 6538 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6539 } 6540 6541 if (idexttype) { 6542 /* create identity extension (USERFQDN) */ 6543 struct sadb_ident *id; 6544 int userfqdnlen; 6545 6546 if (userfqdn) { 6547 /* +1 for terminating-NUL */ 6548 userfqdnlen = strlen(userfqdn) + 1; 6549 } else 6550 userfqdnlen = 0; 6551 id = (struct sadb_ident *)p; 6552 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6553 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6554 id->sadb_ident_exttype = idexttype; 6555 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6556 /* XXX is it correct? */ 6557 if (curlwp) 6558 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred); 6559 if (userfqdn && userfqdnlen) 6560 bcopy(userfqdn, id + 1, userfqdnlen); 6561 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6562 } 6563 #endif 6564 6565 /* XXX sensitivity (optional) */ 6566 6567 /* create proposal/combination extension */ 6568 m = key_getprop(saidx); 6569 #if 0 6570 /* 6571 * spec conformant: always attach proposal/combination extension, 6572 * the problem is that we have no way to attach it for ipcomp, 6573 * due to the way sadb_comb is declared in RFC2367. 6574 */ 6575 if (!m) { 6576 error = ENOBUFS; 6577 goto fail; 6578 } 6579 m_cat(result, m); 6580 #else 6581 /* 6582 * outside of spec; make proposal/combination extension optional. 6583 */ 6584 if (m) 6585 m_cat(result, m); 6586 #endif 6587 6588 if ((result->m_flags & M_PKTHDR) == 0) { 6589 error = EINVAL; 6590 goto fail; 6591 } 6592 6593 if (result->m_len < sizeof(struct sadb_msg)) { 6594 result = m_pullup(result, sizeof(struct sadb_msg)); 6595 if (result == NULL) { 6596 error = ENOBUFS; 6597 goto fail; 6598 } 6599 } 6600 6601 result->m_pkthdr.len = 0; 6602 for (m = result; m; m = m->m_next) 6603 result->m_pkthdr.len += m->m_len; 6604 6605 mtod(result, struct sadb_msg *)->sadb_msg_len = 6606 PFKEY_UNIT64(result->m_pkthdr.len); 6607 6608 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6609 6610 fail: 6611 if (result) 6612 m_freem(result); 6613 return error; 6614 } 6615 6616 #ifndef IPSEC_NONBLOCK_ACQUIRE 6617 static struct secacq * 6618 key_newacq(saidx) 6619 struct secasindex *saidx; 6620 { 6621 struct secacq *newacq; 6622 6623 /* get new entry */ 6624 KMALLOC(newacq, struct secacq *, sizeof(struct secacq)); 6625 if (newacq == NULL) { 6626 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n")); 6627 return NULL; 6628 } 6629 bzero(newacq, sizeof(*newacq)); 6630 6631 /* copy secindex */ 6632 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx)); 6633 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq); 6634 newacq->created = time_second; 6635 newacq->count = 1; 6636 6637 return newacq; 6638 } 6639 6640 static struct secacq * 6641 key_getacq(saidx) 6642 struct secasindex *saidx; 6643 { 6644 struct secacq *acq; 6645 6646 LIST_FOREACH(acq, &acqtree, chain) { 6647 if (key_cmpsaidx_exactly(saidx, &acq->saidx)) 6648 return acq; 6649 } 6650 6651 return NULL; 6652 } 6653 6654 static struct secacq * 6655 key_getacqbyseq(seq) 6656 u_int32_t seq; 6657 { 6658 struct secacq *acq; 6659 6660 LIST_FOREACH(acq, &acqtree, chain) { 6661 if (acq->seq == seq) 6662 return acq; 6663 } 6664 6665 return NULL; 6666 } 6667 #endif 6668 6669 static struct secspacq * 6670 key_newspacq(spidx) 6671 struct secpolicyindex *spidx; 6672 { 6673 struct secspacq *acq; 6674 6675 if (!spidx) 6676 return NULL; 6677 6678 /* get new entry */ 6679 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq)); 6680 if (acq == NULL) { 6681 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n")); 6682 return NULL; 6683 } 6684 bzero(acq, sizeof(*acq)); 6685 6686 /* copy secindex */ 6687 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6688 acq->created = time_second; 6689 acq->count = 0; 6690 6691 return acq; 6692 } 6693 6694 static struct secspacq * 6695 key_getspacq(spidx) 6696 struct secpolicyindex *spidx; 6697 { 6698 struct secspacq *acq; 6699 6700 if (!spidx) 6701 return NULL; 6702 6703 LIST_FOREACH(acq, &spacqtree, chain) { 6704 if (key_cmpspidx_exactly(spidx, &acq->spidx)) 6705 return acq; 6706 } 6707 6708 return NULL; 6709 } 6710 6711 /* 6712 * SADB_ACQUIRE processing, 6713 * in first situation, is receiving 6714 * <base> 6715 * from the ikmpd, and clear sequence of its secasvar entry. 6716 * 6717 * In second situation, is receiving 6718 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6719 * from a user land process, and return 6720 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6721 * to the socket. 6722 * 6723 * m will always be freed. 6724 */ 6725 static int 6726 key_acquire2(so, m, mhp) 6727 struct socket *so; 6728 struct mbuf *m; 6729 const struct sadb_msghdr *mhp; 6730 { 6731 const struct sadb_address *src0, *dst0; 6732 struct secasindex saidx; 6733 struct secashead *sah; 6734 u_int16_t proto; 6735 int error; 6736 6737 /* sanity check */ 6738 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 6739 panic("key_acquire2: NULL pointer is passed."); 6740 6741 /* 6742 * Error message from KMd. 6743 * We assume that if error was occurred in IKEd, the length of PFKEY 6744 * message is equal to the size of sadb_msg structure. 6745 * We do not raise error even if error occurred in this function. 6746 */ 6747 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6748 #ifndef IPSEC_NONBLOCK_ACQUIRE 6749 struct secacq *acq; 6750 6751 /* check sequence number */ 6752 if (mhp->msg->sadb_msg_seq == 0) { 6753 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n")); 6754 m_freem(m); 6755 return 0; 6756 } 6757 6758 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) { 6759 /* 6760 * the specified larval SA is already gone, or we got 6761 * a bogus sequence number. we can silently ignore it. 6762 */ 6763 m_freem(m); 6764 return 0; 6765 } 6766 6767 /* reset acq counter in order to deletion by timehander. */ 6768 acq->created = time_second; 6769 acq->count = 0; 6770 #endif 6771 m_freem(m); 6772 return 0; 6773 } 6774 6775 /* 6776 * This message is from user land. 6777 */ 6778 6779 /* map satype to proto */ 6780 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6781 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n")); 6782 return key_senderror(so, m, EINVAL); 6783 } 6784 6785 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6786 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 6787 mhp->ext[SADB_EXT_PROPOSAL] == NULL) { 6788 /* error */ 6789 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n")); 6790 return key_senderror(so, m, EINVAL); 6791 } 6792 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6793 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 6794 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { 6795 /* error */ 6796 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n")); 6797 return key_senderror(so, m, EINVAL); 6798 } 6799 6800 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6801 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6802 6803 /* sa_len safety check */ 6804 if (KEY_CHECKSALEN(src0 + 1) != 0) 6805 return key_senderror(so, m, EINVAL); 6806 if (KEY_CHECKSALEN(dst0 + 1) != 0) 6807 return key_senderror(so, m, EINVAL); 6808 6809 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6810 6811 /* If not using NAT-T, make sure if port number is zero. */ 6812 #ifndef IPSEC_NAT_T 6813 KEY_PORTTOSADDR(&saidx.src, 0); 6814 KEY_PORTTOSADDR(&saidx.dst, 0); 6815 #endif 6816 6817 /* get a SA index */ 6818 LIST_FOREACH(sah, &sahtree, chain) { 6819 if (sah->state == SADB_SASTATE_DEAD) 6820 continue; 6821 if (key_cmpsaidx_withmode(&sah->saidx, &saidx)) 6822 break; 6823 } 6824 if (sah != NULL) { 6825 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n")); 6826 return key_senderror(so, m, EEXIST); 6827 } 6828 6829 error = key_acquire(&saidx, NULL); 6830 if (error != 0) { 6831 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned " 6832 "from key_acquire.\n", mhp->msg->sadb_msg_errno)); 6833 return key_senderror(so, m, error); 6834 } 6835 6836 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); 6837 } 6838 6839 /* 6840 * SADB_REGISTER processing. 6841 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 6842 * receive 6843 * <base> 6844 * from the ikmpd, and register a socket to send PF_KEY messages, 6845 * and send 6846 * <base, supported> 6847 * to KMD by PF_KEY. 6848 * If socket is detached, must free from regnode. 6849 * 6850 * m will always be freed. 6851 */ 6852 static int 6853 key_register(so, m, mhp) 6854 struct socket *so; 6855 struct mbuf *m; 6856 const struct sadb_msghdr *mhp; 6857 { 6858 struct secreg *reg, *newreg = 0; 6859 6860 /* sanity check */ 6861 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 6862 panic("key_register: NULL pointer is passed."); 6863 6864 /* check for invalid register message */ 6865 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0])) 6866 return key_senderror(so, m, EINVAL); 6867 6868 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 6869 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 6870 goto setmsg; 6871 6872 /* check whether existing or not */ 6873 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) { 6874 if (reg->so == so) { 6875 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n")); 6876 return key_senderror(so, m, EEXIST); 6877 } 6878 } 6879 6880 /* create regnode */ 6881 KMALLOC(newreg, struct secreg *, sizeof(*newreg)); 6882 if (newreg == NULL) { 6883 ipseclog((LOG_DEBUG, "key_register: No more memory.\n")); 6884 return key_senderror(so, m, ENOBUFS); 6885 } 6886 bzero((void *)newreg, sizeof(*newreg)); 6887 6888 newreg->so = so; 6889 ((struct keycb *)sotorawcb(so))->kp_registered++; 6890 6891 /* add regnode to regtree. */ 6892 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain); 6893 6894 setmsg: 6895 { 6896 struct mbuf *n; 6897 struct sadb_msg *newmsg; 6898 struct sadb_supported *sup; 6899 u_int len, alen, elen; 6900 int off; 6901 int i; 6902 struct sadb_alg *alg; 6903 6904 /* create new sadb_msg to reply. */ 6905 alen = 0; 6906 for (i = 1; i <= SADB_AALG_MAX; i++) { 6907 if (ah_algorithm_lookup(i)) 6908 alen += sizeof(struct sadb_alg); 6909 } 6910 if (alen) 6911 alen += sizeof(struct sadb_supported); 6912 elen = 0; 6913 #ifdef IPSEC_ESP 6914 for (i = 1; i <= SADB_EALG_MAX; i++) { 6915 if (esp_algorithm_lookup(i)) 6916 elen += sizeof(struct sadb_alg); 6917 } 6918 if (elen) 6919 elen += sizeof(struct sadb_supported); 6920 #endif 6921 6922 len = sizeof(struct sadb_msg) + alen + elen; 6923 6924 if (len > MCLBYTES) 6925 return key_senderror(so, m, ENOBUFS); 6926 6927 MGETHDR(n, M_DONTWAIT, MT_DATA); 6928 if (len > MHLEN) { 6929 MCLGET(n, M_DONTWAIT); 6930 if ((n->m_flags & M_EXT) == 0) { 6931 m_freem(n); 6932 n = NULL; 6933 } 6934 } 6935 if (!n) 6936 return key_senderror(so, m, ENOBUFS); 6937 6938 n->m_pkthdr.len = n->m_len = len; 6939 n->m_next = NULL; 6940 off = 0; 6941 6942 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); 6943 newmsg = mtod(n, struct sadb_msg *); 6944 newmsg->sadb_msg_errno = 0; 6945 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 6946 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 6947 6948 /* for authentication algorithm */ 6949 if (alen) { 6950 sup = (struct sadb_supported *)(mtod(n, char *) + off); 6951 sup->sadb_supported_len = PFKEY_UNIT64(alen); 6952 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 6953 off += PFKEY_ALIGN8(sizeof(*sup)); 6954 6955 for (i = 1; i <= SADB_AALG_MAX; i++) { 6956 const struct ah_algorithm *aalgo; 6957 6958 aalgo = ah_algorithm_lookup(i); 6959 if (!aalgo) 6960 continue; 6961 alg = (struct sadb_alg *)(mtod(n, char *) + off); 6962 alg->sadb_alg_id = i; 6963 alg->sadb_alg_ivlen = 0; 6964 alg->sadb_alg_minbits = aalgo->keymin; 6965 alg->sadb_alg_maxbits = aalgo->keymax; 6966 off += PFKEY_ALIGN8(sizeof(*alg)); 6967 } 6968 } 6969 6970 #ifdef IPSEC_ESP 6971 /* for encryption algorithm */ 6972 if (elen) { 6973 sup = (struct sadb_supported *)(mtod(n, char *) + off); 6974 sup->sadb_supported_len = PFKEY_UNIT64(elen); 6975 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 6976 off += PFKEY_ALIGN8(sizeof(*sup)); 6977 6978 for (i = 1; i <= SADB_EALG_MAX; i++) { 6979 const struct esp_algorithm *ealgo; 6980 6981 ealgo = esp_algorithm_lookup(i); 6982 if (!ealgo) 6983 continue; 6984 alg = (struct sadb_alg *)(mtod(n, char *) + off); 6985 alg->sadb_alg_id = i; 6986 if (ealgo && ealgo->ivlen) { 6987 /* 6988 * give NULL to get the value preferred by 6989 * algorithm XXX SADB_X_EXT_DERIV ? 6990 */ 6991 alg->sadb_alg_ivlen = 6992 (*ealgo->ivlen)(ealgo, NULL); 6993 } else 6994 alg->sadb_alg_ivlen = 0; 6995 alg->sadb_alg_minbits = ealgo->keymin; 6996 alg->sadb_alg_maxbits = ealgo->keymax; 6997 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 6998 } 6999 } 7000 #endif 7001 7002 #ifdef DIAGNOSTIC 7003 if (off != len) 7004 panic("length assumption failed in key_register"); 7005 #endif 7006 7007 m_freem(m); 7008 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7009 } 7010 } 7011 7012 /* 7013 * free secreg entry registered. 7014 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7015 */ 7016 void 7017 key_freereg(so) 7018 struct socket *so; 7019 { 7020 struct secreg *reg; 7021 int i; 7022 7023 /* sanity check */ 7024 if (so == NULL) 7025 panic("key_freereg: NULL pointer is passed."); 7026 7027 /* 7028 * check whether existing or not. 7029 * check all type of SA, because there is a potential that 7030 * one socket is registered to multiple type of SA. 7031 */ 7032 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7033 LIST_FOREACH(reg, ®tree[i], chain) { 7034 if (reg->so == so && __LIST_CHAINED(reg)) { 7035 LIST_REMOVE(reg, chain); 7036 KFREE(reg); 7037 break; 7038 } 7039 } 7040 } 7041 7042 return; 7043 } 7044 7045 /* 7046 * SADB_EXPIRE processing 7047 * send 7048 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7049 * to KMD by PF_KEY. 7050 * NOTE: We send only soft lifetime extension. 7051 * 7052 * OUT: 0 : succeed 7053 * others : error number 7054 */ 7055 static int 7056 key_expire(sav) 7057 struct secasvar *sav; 7058 { 7059 int s; 7060 int satype; 7061 struct mbuf *result = NULL, *m; 7062 int len; 7063 int error = -1; 7064 struct sadb_lifetime *lt; 7065 7066 /* XXX: Why do we lock ? */ 7067 s = splsoftnet(); /*called from softclock()*/ 7068 7069 /* sanity check */ 7070 if (sav == NULL) 7071 panic("key_expire: NULL pointer is passed."); 7072 if (sav->sah == NULL) 7073 panic("key_expire: Why was SA index in SA NULL."); 7074 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) 7075 panic("key_expire: invalid proto is passed."); 7076 7077 /* set msg header */ 7078 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7079 if (!m) { 7080 error = ENOBUFS; 7081 goto fail; 7082 } 7083 result = m; 7084 7085 /* create SA extension */ 7086 m = key_setsadbsa(sav); 7087 if (!m) { 7088 error = ENOBUFS; 7089 goto fail; 7090 } 7091 m_cat(result, m); 7092 7093 /* create SA extension */ 7094 m = key_setsadbxsa2(sav->sah->saidx.mode, 7095 sav->replay ? (sav->replay->count & 0xffffffff) : 0, 7096 sav->sah->saidx.reqid); 7097 if (!m) { 7098 error = ENOBUFS; 7099 goto fail; 7100 } 7101 m_cat(result, m); 7102 7103 /* create lifetime extension (current and soft) */ 7104 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7105 m = key_alloc_mbuf(len); 7106 if (!m || m->m_next) { /*XXX*/ 7107 if (m) 7108 m_freem(m); 7109 error = ENOBUFS; 7110 goto fail; 7111 } 7112 bzero(mtod(m, void *), len); 7113 lt = mtod(m, struct sadb_lifetime *); 7114 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7115 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7116 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations; 7117 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes; 7118 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime; 7119 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime; 7120 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); 7121 bcopy(sav->lft_s, lt, sizeof(*lt)); 7122 m_cat(result, m); 7123 7124 /* set sadb_address for source */ 7125 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7126 (struct sockaddr *)&sav->sah->saidx.src, 7127 FULLMASK, IPSEC_ULPROTO_ANY); 7128 if (!m) { 7129 error = ENOBUFS; 7130 goto fail; 7131 } 7132 m_cat(result, m); 7133 7134 /* set sadb_address for destination */ 7135 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7136 (struct sockaddr *)&sav->sah->saidx.dst, 7137 FULLMASK, IPSEC_ULPROTO_ANY); 7138 if (!m) { 7139 error = ENOBUFS; 7140 goto fail; 7141 } 7142 m_cat(result, m); 7143 7144 if ((result->m_flags & M_PKTHDR) == 0) { 7145 error = EINVAL; 7146 goto fail; 7147 } 7148 7149 if (result->m_len < sizeof(struct sadb_msg)) { 7150 result = m_pullup(result, sizeof(struct sadb_msg)); 7151 if (result == NULL) { 7152 error = ENOBUFS; 7153 goto fail; 7154 } 7155 } 7156 7157 result->m_pkthdr.len = 0; 7158 for (m = result; m; m = m->m_next) 7159 result->m_pkthdr.len += m->m_len; 7160 7161 mtod(result, struct sadb_msg *)->sadb_msg_len = 7162 PFKEY_UNIT64(result->m_pkthdr.len); 7163 7164 splx(s); 7165 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7166 7167 fail: 7168 if (result) 7169 m_freem(result); 7170 splx(s); 7171 return error; 7172 } 7173 7174 /* 7175 * SADB_FLUSH processing 7176 * receive 7177 * <base> 7178 * from the ikmpd, and free all entries in secastree. 7179 * and send, 7180 * <base> 7181 * to the ikmpd. 7182 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7183 * 7184 * m will always be freed. 7185 */ 7186 static int 7187 key_flush(so, m, mhp) 7188 struct socket *so; 7189 struct mbuf *m; 7190 const struct sadb_msghdr *mhp; 7191 { 7192 struct sadb_msg *newmsg; 7193 struct secashead *sah, *nextsah; 7194 struct secasvar *sav, *nextsav; 7195 u_int16_t proto; 7196 u_int8_t state; 7197 u_int stateidx; 7198 7199 /* sanity check */ 7200 if (so == NULL || mhp == NULL || mhp->msg == NULL) 7201 panic("key_flush: NULL pointer is passed."); 7202 7203 /* map satype to proto */ 7204 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7205 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n")); 7206 return key_senderror(so, m, EINVAL); 7207 } 7208 7209 /* no SATYPE specified, i.e. flushing all SA. */ 7210 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) { 7211 nextsah = LIST_NEXT(sah, chain); 7212 7213 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7214 proto != sah->saidx.proto) 7215 continue; 7216 7217 for (stateidx = 0; 7218 stateidx < _ARRAYLEN(saorder_state_alive); 7219 stateidx++) { 7220 state = saorder_state_any[stateidx]; 7221 for (sav = LIST_FIRST(&sah->savtree[state]); 7222 sav != NULL; 7223 sav = nextsav) { 7224 7225 nextsav = LIST_NEXT(sav, chain); 7226 7227 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 7228 key_freesav(sav); 7229 } 7230 } 7231 7232 sah->state = SADB_SASTATE_DEAD; 7233 } 7234 7235 if (m->m_len < sizeof(struct sadb_msg) || 7236 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7237 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n")); 7238 return key_senderror(so, m, ENOBUFS); 7239 } 7240 7241 if (m->m_next) 7242 m_freem(m->m_next); 7243 m->m_next = NULL; 7244 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7245 newmsg = mtod(m, struct sadb_msg *); 7246 newmsg->sadb_msg_errno = 0; 7247 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7248 7249 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7250 } 7251 7252 /* 7253 * SADB_DUMP processing 7254 * dump all entries including status of DEAD in SAD. 7255 * receive 7256 * <base> 7257 * from the ikmpd, and dump all secasvar leaves 7258 * and send, 7259 * <base> ..... 7260 * to the ikmpd. 7261 * 7262 * m will always be freed. 7263 */ 7264 static int 7265 key_dump(so, m, mhp) 7266 struct socket *so; 7267 struct mbuf *m; 7268 const struct sadb_msghdr *mhp; 7269 { 7270 struct secashead *sah; 7271 struct secasvar *sav; 7272 u_int16_t proto; 7273 u_int stateidx; 7274 u_int8_t satype; 7275 u_int8_t state; 7276 int cnt, error = 0, needwait = 0; 7277 struct keycb *kp; 7278 struct mbuf *n; 7279 7280 /* sanity check */ 7281 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 7282 panic("key_dump: NULL pointer is passed."); 7283 7284 /* map satype to proto */ 7285 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7286 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n")); 7287 return key_senderror(so, m, EINVAL); 7288 } 7289 7290 /* count sav entries to be sent to the userland. */ 7291 cnt = 0; 7292 LIST_FOREACH(sah, &sahtree, chain) { 7293 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7294 proto != sah->saidx.proto) 7295 continue; 7296 7297 for (stateidx = 0; 7298 stateidx < _ARRAYLEN(saorder_state_any); 7299 stateidx++) { 7300 state = saorder_state_any[stateidx]; 7301 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7302 cnt++; 7303 } 7304 } 7305 } 7306 7307 if (cnt == 0) 7308 return key_senderror(so, m, ENOENT); 7309 7310 /* send this to the userland, one at a time. */ 7311 LIST_FOREACH(sah, &sahtree, chain) { 7312 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7313 proto != sah->saidx.proto) 7314 continue; 7315 7316 /* map proto to satype */ 7317 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7318 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n")); 7319 return key_senderror(so, m, EINVAL); 7320 } 7321 7322 for (stateidx = 0; 7323 stateidx < _ARRAYLEN(saorder_state_any); 7324 stateidx++) { 7325 state = saorder_state_any[stateidx]; 7326 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7327 n = key_setdumpsa(sav, SADB_DUMP, satype, 7328 --cnt, mhp->msg->sadb_msg_pid); 7329 if (!n) 7330 return key_senderror(so, m, ENOBUFS); 7331 7332 error = key_sendup_mbuf(so, n, 7333 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT); 7334 if (error == EAGAIN) 7335 needwait = 1; 7336 } 7337 } 7338 } 7339 7340 kp = (struct keycb *)sotorawcb(so); 7341 while (needwait && kp->kp_queue) 7342 sbwait(&so->so_rcv); 7343 7344 m_freem(m); 7345 return 0; 7346 } 7347 7348 static struct mbuf * 7349 key_setdump(req_satype, errorp) 7350 u_int8_t req_satype; 7351 int *errorp; 7352 { 7353 struct secashead *sah; 7354 struct secasvar *sav; 7355 u_int16_t proto; 7356 u_int stateidx; 7357 u_int8_t satype; 7358 u_int8_t state; 7359 int cnt; 7360 struct mbuf *m, *n; 7361 7362 /* map satype to proto */ 7363 if ((proto = key_satype2proto(req_satype)) == 0) { 7364 *errorp = EINVAL; 7365 return (NULL); 7366 } 7367 7368 /* count sav entries to be sent to the userland. */ 7369 cnt = 0; 7370 LIST_FOREACH(sah, &sahtree, chain) { 7371 if (req_satype != SADB_SATYPE_UNSPEC && 7372 proto != sah->saidx.proto) 7373 continue; 7374 7375 for (stateidx = 0; 7376 stateidx < _ARRAYLEN(saorder_state_any); 7377 stateidx++) { 7378 state = saorder_state_any[stateidx]; 7379 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7380 cnt++; 7381 } 7382 } 7383 } 7384 7385 if (cnt == 0) { 7386 *errorp = ENOENT; 7387 return (NULL); 7388 } 7389 7390 /* send this to the userland, one at a time. */ 7391 m = NULL; 7392 LIST_FOREACH(sah, &sahtree, chain) { 7393 if (req_satype != SADB_SATYPE_UNSPEC && 7394 proto != sah->saidx.proto) 7395 continue; 7396 7397 /* map proto to satype */ 7398 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7399 m_freem(m); 7400 *errorp = EINVAL; 7401 return (NULL); 7402 } 7403 7404 for (stateidx = 0; 7405 stateidx < _ARRAYLEN(saorder_state_any); 7406 stateidx++) { 7407 state = saorder_state_any[stateidx]; 7408 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7409 n = key_setdumpsa(sav, SADB_DUMP, satype, 7410 --cnt, 0); 7411 if (!n) { 7412 m_freem(m); 7413 *errorp = ENOBUFS; 7414 return (NULL); 7415 } 7416 7417 if (!m) 7418 m = n; 7419 else 7420 m_cat(m, n); 7421 } 7422 } 7423 } 7424 7425 if (!m) { 7426 *errorp = EINVAL; 7427 return (NULL); 7428 } 7429 7430 if ((m->m_flags & M_PKTHDR) != 0) { 7431 m->m_pkthdr.len = 0; 7432 for (n = m; n; n = n->m_next) 7433 m->m_pkthdr.len += n->m_len; 7434 } 7435 7436 *errorp = 0; 7437 return (m); 7438 } 7439 7440 struct mbuf * 7441 key_setdumpsa_spi(spi) 7442 u_int32_t spi; 7443 { 7444 struct mbuf *m, *n; 7445 struct secasvar *sav; 7446 u_int8_t satype; 7447 int cnt; 7448 7449 cnt = 0; 7450 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) { 7451 if (sav->spi != spi) 7452 continue; 7453 cnt++; 7454 } 7455 7456 if (cnt == 0) 7457 return (NULL); 7458 7459 m = NULL; 7460 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) { 7461 if (sav->spi != spi) 7462 continue; 7463 satype = key_proto2satype(sav->sah->saidx.proto); 7464 n = key_setdumpsa(sav, SADB_DUMP, satype, --cnt, 0); 7465 if (!m) 7466 m = n; 7467 else if (n) 7468 m_cat(m, n); 7469 } 7470 7471 if (!m) 7472 return (NULL); 7473 7474 if ((m->m_flags & M_PKTHDR) != 0) { 7475 m->m_pkthdr.len = 0; 7476 for (n = m; n; n = n->m_next) 7477 m->m_pkthdr.len += n->m_len; 7478 } 7479 7480 return (m); 7481 } 7482 7483 /* 7484 * SADB_X_PROMISC processing 7485 * 7486 * m will always be freed. 7487 */ 7488 static int 7489 key_promisc(so, m, mhp) 7490 struct socket *so; 7491 struct mbuf *m; 7492 const struct sadb_msghdr *mhp; 7493 { 7494 int olen; 7495 7496 /* sanity check */ 7497 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) 7498 panic("key_promisc: NULL pointer is passed."); 7499 7500 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7501 7502 if (olen < sizeof(struct sadb_msg)) { 7503 #if 1 7504 return key_senderror(so, m, EINVAL); 7505 #else 7506 m_freem(m); 7507 return 0; 7508 #endif 7509 } else if (olen == sizeof(struct sadb_msg)) { 7510 /* enable/disable promisc mode */ 7511 struct keycb *kp; 7512 7513 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7514 return key_senderror(so, m, EINVAL); 7515 mhp->msg->sadb_msg_errno = 0; 7516 switch (mhp->msg->sadb_msg_satype) { 7517 case 0: 7518 case 1: 7519 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7520 break; 7521 default: 7522 return key_senderror(so, m, EINVAL); 7523 } 7524 7525 /* send the original message back to everyone */ 7526 mhp->msg->sadb_msg_errno = 0; 7527 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7528 } else { 7529 /* send packet as is */ 7530 7531 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7532 7533 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7534 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7535 } 7536 } 7537 7538 static int (*key_typesw[]) __P((struct socket *, struct mbuf *, 7539 const struct sadb_msghdr *)) = { 7540 NULL, /* SADB_RESERVED */ 7541 key_getspi, /* SADB_GETSPI */ 7542 key_update, /* SADB_UPDATE */ 7543 key_add, /* SADB_ADD */ 7544 key_delete, /* SADB_DELETE */ 7545 key_get, /* SADB_GET */ 7546 key_acquire2, /* SADB_ACQUIRE */ 7547 key_register, /* SADB_REGISTER */ 7548 NULL, /* SADB_EXPIRE */ 7549 key_flush, /* SADB_FLUSH */ 7550 key_dump, /* SADB_DUMP */ 7551 key_promisc, /* SADB_X_PROMISC */ 7552 NULL, /* SADB_X_PCHANGE */ 7553 key_spdadd, /* SADB_X_SPDUPDATE */ 7554 key_spdadd, /* SADB_X_SPDADD */ 7555 key_spddelete, /* SADB_X_SPDDELETE */ 7556 key_spdget, /* SADB_X_SPDGET */ 7557 NULL, /* SADB_X_SPDACQUIRE */ 7558 key_spddump, /* SADB_X_SPDDUMP */ 7559 key_spdflush, /* SADB_X_SPDFLUSH */ 7560 key_spdadd, /* SADB_X_SPDSETIDX */ 7561 NULL, /* SADB_X_SPDEXPIRE */ 7562 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7563 #ifdef IPSEC_NAT_T 7564 key_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */ 7565 #else 7566 NULL, 7567 #endif 7568 }; 7569 7570 /* 7571 * parse sadb_msg buffer to process PFKEYv2, 7572 * and create a data to response if needed. 7573 * I think to be dealed with mbuf directly. 7574 * IN: 7575 * msgp : pointer to pointer to a received buffer pulluped. 7576 * This is rewrited to response. 7577 * so : pointer to socket. 7578 * OUT: 7579 * length for buffer to send to user process. 7580 */ 7581 int 7582 key_parse(m, so) 7583 struct mbuf *m; 7584 struct socket *so; 7585 { 7586 struct sadb_msg *msg; 7587 struct sadb_msghdr mh; 7588 u_int orglen; 7589 int error; 7590 int target; 7591 #ifdef INET6 7592 struct sockaddr_in6 *sin6; 7593 #endif 7594 7595 /* sanity check */ 7596 if (m == NULL || so == NULL) 7597 panic("key_parse: NULL pointer is passed."); 7598 7599 #if 0 /*kdebug_sadb assumes msg in linear buffer*/ 7600 KEYDEBUG(KEYDEBUG_KEY_DUMP, 7601 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n")); 7602 kdebug_sadb(msg)); 7603 #endif 7604 7605 if (m->m_len < sizeof(struct sadb_msg)) { 7606 m = m_pullup(m, sizeof(struct sadb_msg)); 7607 if (!m) 7608 return ENOBUFS; 7609 } 7610 msg = mtod(m, struct sadb_msg *); 7611 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7612 target = KEY_SENDUP_ONE; 7613 7614 if ((m->m_flags & M_PKTHDR) == 0 || 7615 m->m_pkthdr.len != m->m_pkthdr.len) { 7616 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n")); 7617 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 7618 error = EINVAL; 7619 goto senderror; 7620 } 7621 7622 if (msg->sadb_msg_version != PF_KEY_V2) { 7623 ipseclog((LOG_DEBUG, 7624 "key_parse: PF_KEY version %u is mismatched.\n", 7625 msg->sadb_msg_version)); 7626 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER); 7627 error = EINVAL; 7628 goto senderror; 7629 } 7630 7631 if (msg->sadb_msg_type > SADB_MAX) { 7632 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n", 7633 msg->sadb_msg_type)); 7634 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 7635 error = EINVAL; 7636 goto senderror; 7637 } 7638 7639 /* for old-fashioned code - should be nuked */ 7640 if (m->m_pkthdr.len > MCLBYTES) { 7641 m_freem(m); 7642 return ENOBUFS; 7643 } 7644 if (m->m_next) { 7645 struct mbuf *n; 7646 7647 MGETHDR(n, M_DONTWAIT, MT_DATA); 7648 if (n && m->m_pkthdr.len > MHLEN) { 7649 MCLGET(n, M_DONTWAIT); 7650 if ((n->m_flags & M_EXT) == 0) { 7651 m_free(n); 7652 n = NULL; 7653 } 7654 } 7655 if (!n) { 7656 m_freem(m); 7657 return ENOBUFS; 7658 } 7659 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *)); 7660 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7661 n->m_next = NULL; 7662 m_freem(m); 7663 m = n; 7664 } 7665 7666 /* align the mbuf chain so that extensions are in contiguous region. */ 7667 error = key_align(m, &mh); 7668 if (error) 7669 return error; 7670 7671 msg = mh.msg; 7672 7673 /* check SA type */ 7674 switch (msg->sadb_msg_satype) { 7675 case SADB_SATYPE_UNSPEC: 7676 switch (msg->sadb_msg_type) { 7677 case SADB_GETSPI: 7678 case SADB_UPDATE: 7679 case SADB_ADD: 7680 case SADB_DELETE: 7681 case SADB_GET: 7682 case SADB_ACQUIRE: 7683 case SADB_EXPIRE: 7684 ipseclog((LOG_DEBUG, "key_parse: must specify satype " 7685 "when msg type=%u.\n", msg->sadb_msg_type)); 7686 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7687 error = EINVAL; 7688 goto senderror; 7689 } 7690 break; 7691 case SADB_SATYPE_AH: 7692 case SADB_SATYPE_ESP: 7693 case SADB_X_SATYPE_IPCOMP: 7694 case SADB_X_SATYPE_TCPSIGNATURE: 7695 switch (msg->sadb_msg_type) { 7696 case SADB_X_SPDADD: 7697 case SADB_X_SPDDELETE: 7698 case SADB_X_SPDGET: 7699 case SADB_X_SPDDUMP: 7700 case SADB_X_SPDFLUSH: 7701 case SADB_X_SPDSETIDX: 7702 case SADB_X_SPDUPDATE: 7703 case SADB_X_SPDDELETE2: 7704 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n", 7705 msg->sadb_msg_type)); 7706 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7707 error = EINVAL; 7708 goto senderror; 7709 } 7710 break; 7711 case SADB_SATYPE_RSVP: 7712 case SADB_SATYPE_OSPFV2: 7713 case SADB_SATYPE_RIPV2: 7714 case SADB_SATYPE_MIP: 7715 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n", 7716 msg->sadb_msg_satype)); 7717 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7718 error = EOPNOTSUPP; 7719 goto senderror; 7720 case 1: /* XXX: What does it do? */ 7721 if (msg->sadb_msg_type == SADB_X_PROMISC) 7722 break; 7723 /*FALLTHROUGH*/ 7724 default: 7725 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n", 7726 msg->sadb_msg_satype)); 7727 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); 7728 error = EINVAL; 7729 goto senderror; 7730 } 7731 7732 /* check field of upper layer protocol and address family */ 7733 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL && 7734 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7735 struct sadb_address *src0, *dst0; 7736 u_int plen; 7737 7738 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7739 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7740 7741 /* check upper layer protocol */ 7742 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7743 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n")); 7744 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7745 error = EINVAL; 7746 goto senderror; 7747 } 7748 7749 /* check family */ 7750 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7751 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7752 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n")); 7753 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7754 error = EINVAL; 7755 goto senderror; 7756 } 7757 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7758 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7759 ipseclog((LOG_DEBUG, 7760 "key_parse: address struct size mismatched.\n")); 7761 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7762 error = EINVAL; 7763 goto senderror; 7764 } 7765 7766 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7767 case AF_INET: 7768 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7769 sizeof(struct sockaddr_in)) { 7770 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7771 error = EINVAL; 7772 goto senderror; 7773 } 7774 break; 7775 case AF_INET6: 7776 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7777 sizeof(struct sockaddr_in6)) { 7778 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7779 error = EINVAL; 7780 goto senderror; 7781 } 7782 #ifdef INET6 7783 /* 7784 * Check validity of the scope zone ID of the 7785 * addresses, and embed the zone ID into the address 7786 * if necessary. 7787 */ 7788 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(src0); 7789 if ((error = sa6_embedscope(sin6, 0)) != 0) 7790 goto senderror; 7791 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(dst0); 7792 if ((error = sa6_embedscope(sin6, 0)) != 0) 7793 goto senderror; 7794 #endif 7795 break; 7796 default: 7797 ipseclog((LOG_DEBUG, 7798 "key_parse: unsupported address family.\n")); 7799 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7800 error = EAFNOSUPPORT; 7801 goto senderror; 7802 } 7803 7804 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7805 case AF_INET: 7806 plen = sizeof(struct in_addr) << 3; 7807 break; 7808 case AF_INET6: 7809 plen = sizeof(struct in6_addr) << 3; 7810 break; 7811 default: 7812 plen = 0; /*fool gcc*/ 7813 break; 7814 } 7815 7816 /* check max prefix length */ 7817 if (src0->sadb_address_prefixlen > plen || 7818 dst0->sadb_address_prefixlen > plen) { 7819 ipseclog((LOG_DEBUG, 7820 "key_parse: illegal prefixlen.\n")); 7821 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); 7822 error = EINVAL; 7823 goto senderror; 7824 } 7825 7826 /* 7827 * prefixlen == 0 is valid because there can be a case when 7828 * all addresses are matched. 7829 */ 7830 } 7831 7832 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || 7833 key_typesw[msg->sadb_msg_type] == NULL) { 7834 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); 7835 error = EINVAL; 7836 goto senderror; 7837 } 7838 7839 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7840 7841 senderror: 7842 msg->sadb_msg_errno = error; 7843 return key_sendup_mbuf(so, m, target); 7844 } 7845 7846 static int 7847 key_senderror(so, m, code) 7848 struct socket *so; 7849 struct mbuf *m; 7850 int code; 7851 { 7852 struct sadb_msg *msg; 7853 7854 if (m->m_len < sizeof(struct sadb_msg)) 7855 panic("invalid mbuf passed to key_senderror"); 7856 7857 msg = mtod(m, struct sadb_msg *); 7858 msg->sadb_msg_errno = code; 7859 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7860 } 7861 7862 /* 7863 * set the pointer to each header into message buffer. 7864 * m will be freed on error. 7865 * XXX larger-than-MCLBYTES extension? 7866 */ 7867 static int 7868 key_align(m, mhp) 7869 struct mbuf *m; 7870 struct sadb_msghdr *mhp; 7871 { 7872 struct mbuf *n; 7873 struct sadb_ext *ext; 7874 size_t off, end; 7875 int extlen; 7876 int toff; 7877 7878 /* sanity check */ 7879 if (m == NULL || mhp == NULL) 7880 panic("key_align: NULL pointer is passed."); 7881 if (m->m_len < sizeof(struct sadb_msg)) 7882 panic("invalid mbuf passed to key_align"); 7883 7884 /* initialize */ 7885 bzero(mhp, sizeof(*mhp)); 7886 7887 mhp->msg = mtod(m, struct sadb_msg *); 7888 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 7889 7890 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7891 extlen = end; /*just in case extlen is not updated*/ 7892 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 7893 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 7894 if (!n) { 7895 /* m is already freed */ 7896 return ENOBUFS; 7897 } 7898 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 7899 7900 /* set pointer */ 7901 switch (ext->sadb_ext_type) { 7902 case SADB_EXT_SA: 7903 case SADB_EXT_ADDRESS_SRC: 7904 case SADB_EXT_ADDRESS_DST: 7905 case SADB_EXT_ADDRESS_PROXY: 7906 case SADB_EXT_LIFETIME_CURRENT: 7907 case SADB_EXT_LIFETIME_HARD: 7908 case SADB_EXT_LIFETIME_SOFT: 7909 case SADB_EXT_KEY_AUTH: 7910 case SADB_EXT_KEY_ENCRYPT: 7911 case SADB_EXT_IDENTITY_SRC: 7912 case SADB_EXT_IDENTITY_DST: 7913 case SADB_EXT_SENSITIVITY: 7914 case SADB_EXT_PROPOSAL: 7915 case SADB_EXT_SUPPORTED_AUTH: 7916 case SADB_EXT_SUPPORTED_ENCRYPT: 7917 case SADB_EXT_SPIRANGE: 7918 case SADB_X_EXT_POLICY: 7919 case SADB_X_EXT_SA2: 7920 #ifdef IPSEC_NAT_T 7921 case SADB_X_EXT_NAT_T_TYPE: 7922 case SADB_X_EXT_NAT_T_SPORT: 7923 case SADB_X_EXT_NAT_T_DPORT: 7924 case SADB_X_EXT_NAT_T_OA: 7925 case SADB_X_EXT_NAT_T_FRAG: 7926 #endif 7927 #ifdef SADB_X_EXT_TAG 7928 case SADB_X_EXT_TAG: 7929 #endif 7930 /* duplicate check */ 7931 /* 7932 * XXX Are there duplication payloads of either 7933 * KEY_AUTH or KEY_ENCRYPT ? 7934 */ 7935 if (mhp->ext[ext->sadb_ext_type] != NULL) { 7936 ipseclog((LOG_DEBUG, 7937 "key_align: duplicate ext_type %u " 7938 "is passed.\n", ext->sadb_ext_type)); 7939 m_freem(m); 7940 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT); 7941 return EINVAL; 7942 } 7943 break; 7944 default: 7945 ipseclog((LOG_DEBUG, 7946 "key_align: invalid ext_type %u is passed.\n", 7947 ext->sadb_ext_type)); 7948 m_freem(m); 7949 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE); 7950 return EINVAL; 7951 } 7952 7953 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 7954 7955 if (key_validate_ext(ext, extlen)) { 7956 m_freem(m); 7957 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 7958 return EINVAL; 7959 } 7960 7961 n = m_pulldown(m, off, extlen, &toff); 7962 if (!n) { 7963 /* m is already freed */ 7964 return ENOBUFS; 7965 } 7966 ext = (struct sadb_ext *)(mtod(n, char *) + toff); 7967 7968 mhp->ext[ext->sadb_ext_type] = ext; 7969 mhp->extoff[ext->sadb_ext_type] = off; 7970 mhp->extlen[ext->sadb_ext_type] = extlen; 7971 } 7972 7973 if (off != end) { 7974 m_freem(m); 7975 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 7976 return EINVAL; 7977 } 7978 7979 return 0; 7980 } 7981 7982 static int 7983 key_validate_ext(ext, len) 7984 const struct sadb_ext *ext; 7985 int len; 7986 { 7987 const struct sockaddr *sa; 7988 enum { NONE, ADDR } checktype = NONE; 7989 int baselen = 0; 7990 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 7991 7992 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 7993 return EINVAL; 7994 7995 /* if it does not match minimum/maximum length, bail */ 7996 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) || 7997 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0])) 7998 return EINVAL; 7999 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8000 return EINVAL; 8001 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8002 return EINVAL; 8003 8004 /* more checks based on sadb_ext_type XXX need more */ 8005 switch (ext->sadb_ext_type) { 8006 case SADB_EXT_ADDRESS_SRC: 8007 case SADB_EXT_ADDRESS_DST: 8008 case SADB_EXT_ADDRESS_PROXY: 8009 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8010 checktype = ADDR; 8011 break; 8012 case SADB_EXT_IDENTITY_SRC: 8013 case SADB_EXT_IDENTITY_DST: 8014 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8015 SADB_X_IDENTTYPE_ADDR) { 8016 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8017 checktype = ADDR; 8018 } else 8019 checktype = NONE; 8020 break; 8021 default: 8022 checktype = NONE; 8023 break; 8024 } 8025 8026 switch (checktype) { 8027 case NONE: 8028 break; 8029 case ADDR: 8030 sa = (const struct sockaddr *)((const char *)ext + baselen); 8031 if (len < baselen + sal) 8032 return EINVAL; 8033 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8034 return EINVAL; 8035 break; 8036 } 8037 8038 return 0; 8039 } 8040 8041 static int 8042 key_do_init(void) 8043 { 8044 int i; 8045 8046 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS); 8047 8048 bzero((void *)&key_cb, sizeof(key_cb)); 8049 8050 callout_init(&key_timehandler_ch, 0); 8051 8052 for (i = 0; i < IPSEC_DIR_MAX; i++) 8053 LIST_INIT(&sptree[i]); 8054 8055 LIST_INIT(&sahtree); 8056 8057 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8058 LIST_INIT(®tree[i]); 8059 8060 for (i = 0; i < SPIHASHSIZE; i++) 8061 LIST_INIT(&spihash[i]); 8062 8063 #ifndef IPSEC_NONBLOCK_ACQUIRE 8064 LIST_INIT(&acqtree); 8065 #endif 8066 LIST_INIT(&spacqtree); 8067 8068 TAILQ_INIT(&satailq); 8069 TAILQ_INIT(&sptailq); 8070 8071 /* system default */ 8072 #ifdef INET 8073 ip4_def_policy = key_newsp(0); 8074 if (!ip4_def_policy) 8075 panic("could not initialize IPv4 default security policy"); 8076 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE; 8077 ip4_def_policy->policy = IPSEC_POLICY_NONE; 8078 ip4_def_policy->dir = IPSEC_DIR_ANY; 8079 ip4_def_policy->readonly = 1; 8080 ip4_def_policy->persist = 1; 8081 #endif 8082 #ifdef INET6 8083 ip6_def_policy = key_newsp(0); 8084 if (!ip6_def_policy) 8085 panic("could not initialize IPv6 default security policy"); 8086 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE; 8087 ip6_def_policy->policy = IPSEC_POLICY_NONE; 8088 ip6_def_policy->dir = IPSEC_DIR_ANY; 8089 ip6_def_policy->readonly = 1; 8090 ip6_def_policy->persist = 1; 8091 #endif 8092 8093 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0); 8094 8095 /* initialize key statistics */ 8096 keystat.getspi_count = 1; 8097 8098 aprint_verbose("IPsec: Initialized Security Association Processing.\n"); 8099 8100 return (0); 8101 } 8102 8103 void 8104 key_init(void) 8105 { 8106 static ONCE_DECL(key_init_once); 8107 8108 RUN_ONCE(&key_init_once, key_do_init); 8109 } 8110 8111 /* 8112 * XXX: maybe This function is called after INBOUND IPsec processing. 8113 * 8114 * Special check for tunnel-mode packets. 8115 * We must make some checks for consistency between inner and outer IP header. 8116 * 8117 * xxx more checks to be provided 8118 */ 8119 int 8120 key_checktunnelsanity(struct secasvar *sav, u_int family, 8121 void *src, void *dst) 8122 { 8123 /* sanity check */ 8124 if (sav->sah == NULL) 8125 panic("sav->sah == NULL at key_checktunnelsanity"); 8126 8127 /* XXX: check inner IP header */ 8128 8129 return 1; 8130 } 8131 8132 #if 0 8133 /* 8134 * Get FQDN for the host. 8135 * If the administrator configured hostname (by hostname(1)) without 8136 * domain name, returns nothing. 8137 */ 8138 static const char * 8139 key_getfqdn() 8140 { 8141 int i; 8142 int hasdot; 8143 static char fqdn[MAXHOSTNAMELEN + 1]; 8144 8145 if (!hostnamelen) 8146 return NULL; 8147 8148 /* check if it comes with domain name. */ 8149 hasdot = 0; 8150 for (i = 0; i < hostnamelen; i++) { 8151 if (hostname[i] == '.') 8152 hasdot++; 8153 } 8154 if (!hasdot) 8155 return NULL; 8156 8157 /* NOTE: hostname may not be NUL-terminated. */ 8158 bzero(fqdn, sizeof(fqdn)); 8159 bcopy(hostname, fqdn, hostnamelen); 8160 fqdn[hostnamelen] = '\0'; 8161 return fqdn; 8162 } 8163 8164 /* 8165 * get username@FQDN for the host/user. 8166 */ 8167 static const char * 8168 key_getuserfqdn() 8169 { 8170 const char *host; 8171 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2]; 8172 struct proc *p = curproc; 8173 char *q; 8174 8175 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) 8176 return NULL; 8177 if (!(host = key_getfqdn())) 8178 return NULL; 8179 8180 /* NOTE: s_login may not be-NUL terminated. */ 8181 bzero(userfqdn, sizeof(userfqdn)); 8182 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME); 8183 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */ 8184 q = userfqdn + strlen(userfqdn); 8185 *q++ = '@'; 8186 bcopy(host, q, strlen(host)); 8187 q += strlen(host); 8188 *q++ = '\0'; 8189 8190 return userfqdn; 8191 } 8192 #endif 8193 8194 /* record data transfer on SA, and update timestamps */ 8195 void 8196 key_sa_recordxfer(sav, m) 8197 struct secasvar *sav; 8198 struct mbuf *m; 8199 { 8200 if (!sav) 8201 panic("key_sa_recordxfer called with sav == NULL"); 8202 if (!m) 8203 panic("key_sa_recordxfer called with m == NULL"); 8204 if (!sav->lft_c) 8205 return; 8206 8207 /* 8208 * XXX Currently, there is a difference of bytes size 8209 * between inbound and outbound processing. 8210 */ 8211 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len; 8212 /* to check bytes lifetime is done in key_timehandler(). */ 8213 8214 /* 8215 * We use the number of packets as the unit of 8216 * sadb_lifetime_allocations. We increment the variable 8217 * whenever {esp,ah}_{in,out}put is called. 8218 */ 8219 sav->lft_c->sadb_lifetime_allocations++; 8220 /* XXX check for expires? */ 8221 8222 /* 8223 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock, 8224 * in seconds. HARD and SOFT lifetime are measured by the time 8225 * difference (again in seconds) from sadb_lifetime_usetime. 8226 * 8227 * usetime 8228 * v expire expire 8229 * -----+-----+--------+---> t 8230 * <--------------> HARD 8231 * <-----> SOFT 8232 */ 8233 { 8234 sav->lft_c->sadb_lifetime_usetime = time_second; 8235 /* XXX check for expires? */ 8236 } 8237 8238 return; 8239 } 8240 8241 /* dumb version */ 8242 void 8243 key_sa_routechange(dst) 8244 struct sockaddr *dst; 8245 { 8246 struct secashead *sah; 8247 struct route *ro; 8248 const struct sockaddr *sa; 8249 8250 LIST_FOREACH(sah, &sahtree, chain) { 8251 ro = &sah->sa_route; 8252 sa = rtcache_getdst(ro); 8253 if (sa != NULL && dst->sa_len == sa->sa_len && 8254 memcmp(dst, sa, dst->sa_len) == 0) 8255 rtcache_free(ro); 8256 } 8257 8258 return; 8259 } 8260 8261 static void 8262 key_sa_chgstate(sav, state) 8263 struct secasvar *sav; 8264 u_int8_t state; 8265 { 8266 if (sav == NULL) 8267 panic("key_sa_chgstate called with sav == NULL"); 8268 8269 if (sav->state == state) 8270 return; 8271 8272 if (__LIST_CHAINED(sav)) 8273 LIST_REMOVE(sav, chain); 8274 8275 sav->state = state; 8276 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); 8277 } 8278 8279 void 8280 key_sa_stir_iv(sav) 8281 struct secasvar *sav; 8282 { 8283 8284 if (!sav->iv) 8285 panic("key_sa_stir_iv called with sav == NULL"); 8286 key_randomfill(sav->iv, sav->ivlen); 8287 } 8288 8289 static void 8290 key_sp_dead(sp) 8291 struct secpolicy *sp; 8292 { 8293 8294 /* mark the SP dead */ 8295 sp->state = IPSEC_SPSTATE_DEAD; 8296 } 8297 8298 static void 8299 key_sp_unlink(sp) 8300 struct secpolicy *sp; 8301 { 8302 8303 /* remove from SP index */ 8304 if (__LIST_CHAINED(sp)) { 8305 LIST_REMOVE(sp, chain); 8306 key_freesp(sp); 8307 } 8308 } 8309 8310 /* XXX too much? */ 8311 static struct mbuf * 8312 key_alloc_mbuf(l) 8313 int l; 8314 { 8315 struct mbuf *m = NULL, *n; 8316 int len, t; 8317 8318 len = l; 8319 while (len > 0) { 8320 MGET(n, M_DONTWAIT, MT_DATA); 8321 if (n && len > MLEN) 8322 MCLGET(n, M_DONTWAIT); 8323 if (!n) { 8324 m_freem(m); 8325 return NULL; 8326 } 8327 8328 n->m_next = NULL; 8329 n->m_len = 0; 8330 n->m_len = M_TRAILINGSPACE(n); 8331 /* use the bottom of mbuf, hoping we can prepend afterwards */ 8332 if (n->m_len > len) { 8333 t = (n->m_len - len) & ~(sizeof(long) - 1); 8334 n->m_data += t; 8335 n->m_len = len; 8336 } 8337 8338 len -= n->m_len; 8339 8340 if (m) 8341 m_cat(m, n); 8342 else 8343 m = n; 8344 } 8345 8346 return m; 8347 } 8348 8349 static int 8350 sysctl_net_key_dumpsa(SYSCTLFN_ARGS) 8351 { 8352 struct mbuf *m, *n; 8353 int err2 = 0; 8354 char *p, *ep; 8355 size_t len; 8356 int s, error; 8357 8358 if (newp) 8359 return (EPERM); 8360 if (namelen != 1) 8361 return (EINVAL); 8362 8363 s = splsoftnet(); 8364 m = key_setdump(name[0], &error); 8365 splx(s); 8366 if (!m) 8367 return (error); 8368 if (!oldp) 8369 *oldlenp = m->m_pkthdr.len; 8370 else { 8371 p = oldp; 8372 if (*oldlenp < m->m_pkthdr.len) { 8373 err2 = ENOMEM; 8374 ep = p + *oldlenp; 8375 } else { 8376 *oldlenp = m->m_pkthdr.len; 8377 ep = p + m->m_pkthdr.len; 8378 } 8379 for (n = m; n; n = n->m_next) { 8380 len = (ep - p < n->m_len) ? 8381 ep - p : n->m_len; 8382 error = copyout(mtod(n, const void *), p, len); 8383 p += len; 8384 if (error) 8385 break; 8386 } 8387 if (error == 0) 8388 error = err2; 8389 } 8390 m_freem(m); 8391 8392 return (error); 8393 } 8394 8395 static int 8396 sysctl_net_key_dumpsp(SYSCTLFN_ARGS) 8397 { 8398 struct mbuf *m, *n; 8399 int err2 = 0; 8400 char *p, *ep; 8401 size_t len; 8402 int s, error; 8403 8404 if (newp) 8405 return (EPERM); 8406 if (namelen != 0) 8407 return (EINVAL); 8408 8409 s = splsoftnet(); 8410 m = key_setspddump(&error); 8411 splx(s); 8412 if (!m) 8413 return (error); 8414 if (!oldp) 8415 *oldlenp = m->m_pkthdr.len; 8416 else { 8417 p = oldp; 8418 if (*oldlenp < m->m_pkthdr.len) { 8419 err2 = ENOMEM; 8420 ep = p + *oldlenp; 8421 } else { 8422 *oldlenp = m->m_pkthdr.len; 8423 ep = p + m->m_pkthdr.len; 8424 } 8425 for (n = m; n; n = n->m_next) { 8426 len = (ep - p < n->m_len) ? 8427 ep - p : n->m_len; 8428 error = copyout(mtod(n, const void *), p, len); 8429 p += len; 8430 if (error) 8431 break; 8432 } 8433 if (error == 0) 8434 error = err2; 8435 } 8436 m_freem(m); 8437 8438 return (error); 8439 } 8440 8441 static int 8442 sysctl_net_key_stats(SYSCTLFN_ARGS) 8443 { 8444 8445 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS)); 8446 } 8447 8448 SYSCTL_SETUP(sysctl_net_key_setup, "sysctl net.key subtree setup") 8449 { 8450 8451 sysctl_createv(clog, 0, NULL, NULL, 8452 CTLFLAG_PERMANENT, 8453 CTLTYPE_NODE, "net", NULL, 8454 NULL, 0, NULL, 0, 8455 CTL_NET, CTL_EOL); 8456 sysctl_createv(clog, 0, NULL, NULL, 8457 CTLFLAG_PERMANENT, 8458 CTLTYPE_NODE, "key", NULL, 8459 NULL, 0, NULL, 0, 8460 CTL_NET, PF_KEY, CTL_EOL); 8461 8462 sysctl_createv(clog, 0, NULL, NULL, 8463 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8464 CTLTYPE_INT, "debug", NULL, 8465 NULL, 0, &key_debug_level, 0, 8466 CTL_NET, PF_KEY, KEYCTL_DEBUG_LEVEL, CTL_EOL); 8467 sysctl_createv(clog, 0, NULL, NULL, 8468 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8469 CTLTYPE_INT, "spi_try", NULL, 8470 NULL, 0, &key_spi_trycnt, 0, 8471 CTL_NET, PF_KEY, KEYCTL_SPI_TRY, CTL_EOL); 8472 sysctl_createv(clog, 0, NULL, NULL, 8473 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8474 CTLTYPE_INT, "spi_min_value", NULL, 8475 NULL, 0, &key_spi_minval, 0, 8476 CTL_NET, PF_KEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL); 8477 sysctl_createv(clog, 0, NULL, NULL, 8478 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8479 CTLTYPE_INT, "spi_max_value", NULL, 8480 NULL, 0, &key_spi_maxval, 0, 8481 CTL_NET, PF_KEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL); 8482 sysctl_createv(clog, 0, NULL, NULL, 8483 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8484 CTLTYPE_INT, "larval_lifetime", NULL, 8485 NULL, 0, &key_larval_lifetime, 0, 8486 CTL_NET, PF_KEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL); 8487 sysctl_createv(clog, 0, NULL, NULL, 8488 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8489 CTLTYPE_INT, "blockacq_count", NULL, 8490 NULL, 0, &key_blockacq_count, 0, 8491 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL); 8492 sysctl_createv(clog, 0, NULL, NULL, 8493 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8494 CTLTYPE_INT, "blockacq_lifetime", NULL, 8495 NULL, 0, &key_blockacq_lifetime, 0, 8496 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL); 8497 sysctl_createv(clog, 0, NULL, NULL, 8498 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8499 CTLTYPE_INT, "esp_keymin", NULL, 8500 NULL, 0, &ipsec_esp_keymin, 0, 8501 CTL_NET, PF_KEY, KEYCTL_ESP_KEYMIN, CTL_EOL); 8502 sysctl_createv(clog, 0, NULL, NULL, 8503 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8504 CTLTYPE_INT, "esp_auth", NULL, 8505 NULL, 0, &ipsec_esp_auth, 0, 8506 CTL_NET, PF_KEY, KEYCTL_ESP_AUTH, CTL_EOL); 8507 sysctl_createv(clog, 0, NULL, NULL, 8508 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 8509 CTLTYPE_INT, "ah_keymin", NULL, 8510 NULL, 0, &ipsec_ah_keymin, 0, 8511 CTL_NET, PF_KEY, KEYCTL_AH_KEYMIN, CTL_EOL); 8512 sysctl_createv(clog, 0, NULL, NULL, 8513 CTLFLAG_PERMANENT, 8514 CTLTYPE_STRUCT, "dumpsa", NULL, 8515 sysctl_net_key_dumpsa, 0, NULL, 0, 8516 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL); 8517 sysctl_createv(clog, 0, NULL, NULL, 8518 CTLFLAG_PERMANENT, 8519 CTLTYPE_STRUCT, "dumpsp", NULL, 8520 sysctl_net_key_dumpsp, 0, NULL, 0, 8521 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL); 8522 sysctl_createv(clog, 0, NULL, NULL, 8523 CTLFLAG_PERMANENT, 8524 CTLTYPE_STRUCT, "stats", 8525 SYSCTL_DESCR("PF_KEY statistics"), 8526 sysctl_net_key_stats, 0, NULL, 0, 8527 CTL_NET, PF_KEY, CTL_CREATE, CTL_EOL); 8528 }
Cache object: b3458283fd872d1d282ec4b39881032f
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]