FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c
1 /* $NetBSD: key.c,v 1.163.4.1 2010/02/14 13:35:44 bouyer Exp $ */
2 /* $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * This code is referred to RFC 2367
35 */
36
37 #include <sys/cdefs.h>
38 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.4.1 2010/02/14 13:35:44 bouyer Exp $");
39
40 #include "opt_inet.h"
41 #include "opt_ipsec.h"
42 #include "fs_kernfs.h"
43
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/callout.h>
47 #include <sys/kernel.h>
48 #include <sys/mbuf.h>
49 #include <sys/domain.h>
50 #include <sys/protosw.h>
51 #include <sys/malloc.h>
52 #include <sys/socket.h>
53 #include <sys/socketvar.h>
54 #include <sys/errno.h>
55 #include <sys/proc.h>
56 #include <sys/queue.h>
57 #include <sys/sysctl.h>
58 #include <sys/syslog.h>
59 #include <sys/once.h>
60
61 #include <net/if.h>
62 #include <net/route.h>
63 #include <net/raw_cb.h>
64
65 #include <netinet/in.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/ip.h>
68 #include <netinet/in_var.h>
69
70 #ifdef INET6
71 #include <netinet/ip6.h>
72 #include <netinet6/in6_var.h>
73 #include <netinet6/ip6_var.h>
74 #include <netinet6/scope6_var.h>
75 #endif /* INET6 */
76
77 #ifdef INET
78 #include <netinet/in_pcb.h>
79 #endif
80 #ifdef INET6
81 #include <netinet6/in6_pcb.h>
82 #endif /* INET6 */
83
84 #include <net/pfkeyv2.h>
85 #include <netkey/keydb.h>
86 #include <netkey/key.h>
87 #include <netkey/keysock.h>
88 #include <netkey/key_debug.h>
89 #include <netkey/key_private.h>
90
91 #include <netinet6/ipsec.h>
92 #include <netinet6/ah.h>
93 #ifdef IPSEC_ESP
94 #include <netinet6/esp.h>
95 #endif
96 #include <netinet6/ipcomp.h>
97
98 #ifdef KERNFS
99 #include <miscfs/kernfs/kernfs.h>
100 #endif
101
102 #include <machine/stdarg.h>
103
104 #include "rnd.h"
105 #if NRND > 0
106 #include <sys/rnd.h>
107 #endif
108
109 #include <net/net_osdep.h>
110
111 #ifndef offsetof
112 #define offsetof(type, member) ((size_t)(&((type *)0)->member))
113 #endif
114 #ifndef satosin
115 #define satosin(s) ((struct sockaddr_in *)s)
116 #endif
117
118 #define FULLMASK 0xff
119
120 percpu_t *pfkeystat_percpu;
121
122 /*
123 * Note on SA reference counting:
124 * - SAs that are not in DEAD state will have (total external reference + 1)
125 * following value in reference count field. they cannot be freed and are
126 * referenced from SA header.
127 * - SAs that are in DEAD state will have (total external reference)
128 * in reference count field. they are ready to be freed. reference from
129 * SA header will be removed in keydb_delsecasvar(), when the reference count
130 * field hits 0 (= no external reference other than from SA header.
131 */
132
133 u_int32_t key_debug_level = 0;
134 static u_int key_spi_trycnt = 1000;
135 static u_int32_t key_spi_minval = 0x100;
136 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
137 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
138 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
139 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
140
141 static u_int32_t acq_seq = 0;
142
143 struct _satailq satailq; /* list of all SAD entry */
144 struct _sptailq sptailq; /* SPD table + pcb */
145 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
146 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
147 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
148 /* registed list */
149
150 #define SPIHASHSIZE 128
151 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
152 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
153
154 #ifndef IPSEC_NONBLOCK_ACQUIRE
155 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
156 #endif
157 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
158
159 struct key_cb key_cb;
160
161 /* search order for SAs */
162 static const u_int saorder_state_valid[] = {
163 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
164 /*
165 * This order is important because we must select a oldest SA
166 * for outbound processing. For inbound, This is not important.
167 */
168 };
169 static const u_int saorder_state_alive[] = {
170 /* except DEAD */
171 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
172 };
173 static const u_int saorder_state_any[] = {
174 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
175 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
176 };
177
178 static const int minsize[] = {
179 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
180 sizeof(struct sadb_sa), /* SADB_EXT_SA */
181 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
182 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
183 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
184 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
185 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
186 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
187 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
188 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
189 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
190 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
191 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
192 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
193 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
194 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
195 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
196 0, /* SADB_X_EXT_KMPRIVATE */
197 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
198 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
199 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
200 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
201 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
202 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OA */
203 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
204 #ifdef SADB_X_EXT_TAG
205 sizeof(struct sadb_x_tag), /* SADB_X_TAG */
206 #endif
207 };
208 static const int maxsize[] = {
209 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
210 sizeof(struct sadb_sa), /* SADB_EXT_SA */
211 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
212 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
214 0, /* SADB_EXT_ADDRESS_SRC */
215 0, /* SADB_EXT_ADDRESS_DST */
216 0, /* SADB_EXT_ADDRESS_PROXY */
217 0, /* SADB_EXT_KEY_AUTH */
218 0, /* SADB_EXT_KEY_ENCRYPT */
219 0, /* SADB_EXT_IDENTITY_SRC */
220 0, /* SADB_EXT_IDENTITY_DST */
221 0, /* SADB_EXT_SENSITIVITY */
222 0, /* SADB_EXT_PROPOSAL */
223 0, /* SADB_EXT_SUPPORTED_AUTH */
224 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
225 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
226 0, /* SADB_X_EXT_KMPRIVATE */
227 0, /* SADB_X_EXT_POLICY */
228 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
229 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
230 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
231 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
232 0, /* SADB_X_EXT_NAT_T_OA */
233 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
234 #ifdef SADB_X_EXT_TAG
235 sizeof(struct sadb_x_tag), /* SADB_X_TAG */
236 #endif
237 };
238
239 static int ipsec_esp_keymin = 256;
240 static int ipsec_esp_auth = 0;
241 static int ipsec_ah_keymin = 128;
242
243 #define __LIST_CHAINED(elm) \
244 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
245 #define LIST_INSERT_TAIL(head, elm, type, field) \
246 do {\
247 struct type *curelm = LIST_FIRST(head); \
248 if (curelm == NULL) {\
249 LIST_INSERT_HEAD(head, elm, field); \
250 } else { \
251 while (LIST_NEXT(curelm, field)) \
252 curelm = LIST_NEXT(curelm, field);\
253 LIST_INSERT_AFTER(curelm, elm, field);\
254 }\
255 } while (/*CONSTCOND*/ 0)
256
257 #define KEY_CHKSASTATE(head, sav, name) \
258 /* do */ { \
259 if ((head) != (sav)) { \
260 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
261 (name), (head), (sav))); \
262 continue; \
263 } \
264 } // while (/*CONSTCOND*/ 0)
265
266 #define KEY_CHKSPDIR(head, sp, name) \
267 do { \
268 if ((head) != (sp)) { \
269 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
270 "anyway continue.\n", \
271 (name), (head), (sp))); \
272 } \
273 } while (/*CONSTCOND*/ 0)
274
275 #if 1
276 #define KMALLOC(p, t, n) \
277 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
278 #define KFREE(p) \
279 free((void *)(p), M_SECA)
280 #else
281 #define KMALLOC(p, t, n) \
282 do { \
283 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
284 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
285 __FILE__, __LINE__, (p), #t, n); \
286 } while (/*CONSTCOND*/ 0)
287
288 #define KFREE(p) \
289 do { \
290 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
291 free((void *)(p), M_SECA); \
292 } while (/*CONSTCOND*/ 0)
293 #endif
294
295 /*
296 * set parameters into secpolicyindex buffer.
297 * Must allocate secpolicyindex buffer passed to this function.
298 */
299 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
300 do { \
301 (void)memset((idx), 0, sizeof(struct secpolicyindex)); \
302 (idx)->prefs = (ps); \
303 (idx)->prefd = (pd); \
304 (idx)->ul_proto = (ulp); \
305 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\
306 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\
307 } while (/*CONSTCOND*/ 0)
308
309 /*
310 * set parameters into secasindex buffer.
311 * Must allocate secasindex buffer before calling this function.
312 */
313 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
314 do { \
315 (void)memset((idx), 0, sizeof(struct secasindex)); \
316 (idx)->proto = (p); \
317 (idx)->mode = (m); \
318 (idx)->reqid = (r); \
319 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\
320 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\
321 } while (/*CONSTCOND*/ 0)
322
323 /* key statistics */
324 struct _keystat {
325 u_long getspi_count; /* the avarage of count to try to get new SPI */
326 } keystat;
327
328 struct sadb_msghdr {
329 struct sadb_msg *msg;
330 struct sadb_ext *ext[SADB_EXT_MAX + 1];
331 int extoff[SADB_EXT_MAX + 1];
332 int extlen[SADB_EXT_MAX + 1];
333 };
334
335 static struct secasvar *key_allocsa_policy __P((struct secasindex *));
336 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
337 static void key_delsav __P((struct secasvar *));
338 static void key_delsp __P((struct secpolicy *));
339 static struct secpolicy *key_getsp __P((struct secpolicyindex *, int));
340 #ifdef SADB_X_EXT_TAG
341 static struct secpolicy *key_getspbytag __P((u_int16_t, int));
342 #endif
343 static u_int16_t key_newreqid __P((void));
344 static struct mbuf *key_gather_mbuf __P((struct mbuf *,
345 const struct sadb_msghdr *, int, int, ...));
346 static int key_spdadd __P((struct socket *, struct mbuf *,
347 const struct sadb_msghdr *));
348 static int key_spddelete __P((struct socket *, struct mbuf *,
349 const struct sadb_msghdr *));
350 static int key_spddelete2 __P((struct socket *, struct mbuf *,
351 const struct sadb_msghdr *));
352 static int key_spdget __P((struct socket *, struct mbuf *,
353 const struct sadb_msghdr *));
354 static int key_spdflush __P((struct socket *, struct mbuf *,
355 const struct sadb_msghdr *));
356 static int key_spddump __P((struct socket *, struct mbuf *,
357 const struct sadb_msghdr *));
358 #ifdef IPSEC_NAT_T
359 static int key_nat_map __P((struct socket *, struct mbuf *,
360 const struct sadb_msghdr *));
361 #endif
362 static struct mbuf *key_setspddump __P((int *));
363 static u_int key_getspreqmsglen __P((struct secpolicy *));
364 static int key_spdexpire __P((struct secpolicy *));
365 static struct secashead *key_newsah __P((struct secasindex *));
366 static void key_delsah __P((struct secashead *));
367 static struct secasvar *key_newsav __P((struct mbuf *,
368 const struct sadb_msghdr *, struct secashead *, int *));
369 static struct secashead *key_getsah __P((struct secasindex *));
370 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t));
371 static void key_setspi __P((struct secasvar *, u_int32_t));
372 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t));
373 static int key_setsaval __P((struct secasvar *, struct mbuf *,
374 const struct sadb_msghdr *));
375 static int key_mature __P((struct secasvar *));
376 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t,
377 u_int8_t, u_int32_t, u_int32_t));
378 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t,
379 u_int32_t, pid_t, u_int16_t));
380 static struct mbuf *key_setsadbsa __P((struct secasvar *));
381 static struct mbuf *key_setsadbaddr __P((u_int16_t,
382 struct sockaddr *, u_int8_t, u_int16_t));
383 #if 0
384 static struct mbuf *key_setsadbident __P((u_int16_t, u_int16_t, void *,
385 int, u_int64_t));
386 #endif
387 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int16_t));
388 #ifdef SADB_X_EXT_TAG
389 static struct mbuf *key_setsadbxtag __P((u_int16_t));
390 #endif
391 #ifdef IPSEC_NAT_T
392 static struct mbuf *key_setsadbxport __P((u_int16_t, u_int16_t));
393 static struct mbuf *key_setsadbxtype __P((u_int16_t));
394 #endif
395 static void key_porttosaddr __P((struct sockaddr *, u_int16_t));
396 #define KEY_PORTTOSADDR(saddr, port) \
397 key_porttosaddr((struct sockaddr *)(saddr), (port))
398 static int key_checksalen __P((const struct sockaddr *));
399 #define KEY_CHECKSALEN(saddr) key_checksalen((const struct sockaddr *)(saddr))
400 static struct mbuf *key_setsadblifetime __P((u_int16_t, u_int32_t,
401 u_int64_t, u_int64_t, u_int64_t));
402 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
403 u_int32_t));
404 static void *key_newbuf __P((const void *, u_int));
405 static int key_ismyaddr __P((struct sockaddr *));
406 #ifdef INET6
407 static int key_ismyaddr6 __P((struct sockaddr_in6 *));
408 #endif
409 static int key_cmpsaidx_exactly
410 __P((struct secasindex *, struct secasindex *));
411 static int key_cmpsaidx_withmode
412 __P((struct secasindex *, struct secasindex *));
413 static int key_cmpsaidx_withoutmode
414 __P((struct secasindex *, struct secasindex *));
415 static int key_sockaddrcmp __P((struct sockaddr *, struct sockaddr *, int));
416 static int key_bbcmp __P((void *, void *, u_int));
417 static u_long key_random __P((void));
418 static u_int16_t key_satype2proto __P((u_int8_t));
419 static u_int8_t key_proto2satype __P((u_int16_t));
420
421 static int key_getspi __P((struct socket *, struct mbuf *,
422 const struct sadb_msghdr *));
423 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *,
424 struct secasindex *));
425 static int key_update __P((struct socket *, struct mbuf *,
426 const struct sadb_msghdr *));
427 #ifdef IPSEC_DOSEQCHECK
428 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t));
429 #endif
430 static int key_add __P((struct socket *, struct mbuf *,
431 const struct sadb_msghdr *));
432 static int key_setident __P((struct secashead *, struct mbuf *,
433 const struct sadb_msghdr *));
434 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *,
435 const struct sadb_msghdr *));
436 static int key_delete __P((struct socket *, struct mbuf *,
437 const struct sadb_msghdr *));
438 static int key_get __P((struct socket *, struct mbuf *,
439 const struct sadb_msghdr *));
440
441 static void key_getcomb_setlifetime __P((struct sadb_comb *));
442 #ifdef IPSEC_ESP
443 static struct mbuf *key_getcomb_esp __P((void));
444 #endif
445 static struct mbuf *key_getcomb_ah __P((void));
446 static struct mbuf *key_getcomb_ipcomp __P((void));
447 static struct mbuf *key_getprop __P((const struct secasindex *));
448
449 static int key_acquire __P((struct secasindex *, struct secpolicy *));
450 #ifndef IPSEC_NONBLOCK_ACQUIRE
451 static struct secacq *key_newacq __P((struct secasindex *));
452 static struct secacq *key_getacq __P((struct secasindex *));
453 static struct secacq *key_getacqbyseq __P((u_int32_t));
454 #endif
455 static struct secspacq *key_newspacq __P((struct secpolicyindex *));
456 static struct secspacq *key_getspacq __P((struct secpolicyindex *));
457 static int key_acquire2 __P((struct socket *, struct mbuf *,
458 const struct sadb_msghdr *));
459 static int key_register __P((struct socket *, struct mbuf *,
460 const struct sadb_msghdr *));
461 static int key_expire __P((struct secasvar *));
462 static int key_flush __P((struct socket *, struct mbuf *,
463 const struct sadb_msghdr *));
464 static int key_dump __P((struct socket *, struct mbuf *,
465 const struct sadb_msghdr *));
466 static struct mbuf *key_setdump __P((u_int8_t, int *));
467 static int key_promisc __P((struct socket *, struct mbuf *,
468 const struct sadb_msghdr *));
469 static int key_senderror __P((struct socket *, struct mbuf *, int));
470 static int key_validate_ext __P((const struct sadb_ext *, int));
471 static int key_align __P((struct mbuf *, struct sadb_msghdr *));
472 #if 0
473 static const char *key_getfqdn __P((void));
474 static const char *key_getuserfqdn __P((void));
475 #endif
476 static void key_sa_chgstate __P((struct secasvar *, u_int8_t));
477 static void key_sp_dead __P((struct secpolicy *));
478 static void key_sp_unlink __P((struct secpolicy *));
479 static struct mbuf *key_alloc_mbuf __P((int));
480 struct callout key_timehandler_ch;
481
482 /* %%% IPsec policy management */
483 /*
484 * allocating a SP for OUTBOUND or INBOUND packet.
485 * Must call key_freesp() later.
486 * OUT: NULL: not found
487 * others: found and return the pointer.
488 */
489 struct secpolicy *
490 key_allocsp(tag, spidx, dir)
491 u_int16_t tag;
492 struct secpolicyindex *spidx;
493 u_int dir;
494 {
495 struct secpolicy *sp;
496 int s;
497
498 /* check direction */
499 switch (dir) {
500 case IPSEC_DIR_INBOUND:
501 case IPSEC_DIR_OUTBOUND:
502 break;
503 default:
504 panic("key_allocsp: Invalid direction is passed.");
505 }
506
507 /* get a SP entry */
508 s = splsoftnet(); /*called from softclock()*/
509 if (spidx) {
510 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
511 printf("*** objects\n");
512 kdebug_secpolicyindex(spidx));
513 }
514
515 LIST_FOREACH(sp, &sptree[dir], chain) {
516 if (sp->state == IPSEC_SPSTATE_DEAD)
517 continue;
518 if (!sp->spidx) {
519 if (!tag)
520 continue;
521 if (sp->tag == tag)
522 goto found;
523 } else {
524 if (!spidx)
525 continue;
526
527 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
528 printf("*** in SPD\n");
529 kdebug_secpolicyindex(sp->spidx));
530
531 if (key_cmpspidx_withmask(sp->spidx, spidx))
532 goto found;
533 }
534 }
535
536 splx(s);
537 return NULL;
538
539 found:
540 /* sanity check */
541 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
542
543 /* found a SPD entry */
544 sp->lastused = time_second;
545 sp->refcnt++;
546 splx(s);
547 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
548 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
549 sp->refcnt, sp));
550
551 return sp;
552 }
553
554 /*
555 * allocating an SA entry for an *OUTBOUND* packet.
556 * checking each request entries in SP, and acquire an SA if need.
557 * OUT: 0: there are valid requests.
558 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
559 */
560 int
561 key_checkrequest(isr, saidx)
562 struct ipsecrequest *isr;
563 struct secasindex *saidx;
564 {
565 u_int level;
566 int error;
567
568 /* sanity check */
569 if (isr == NULL || saidx == NULL)
570 panic("key_checkrequest: NULL pointer is passed.");
571
572 /* check mode */
573 switch (saidx->mode) {
574 case IPSEC_MODE_TRANSPORT:
575 case IPSEC_MODE_TUNNEL:
576 break;
577 case IPSEC_MODE_ANY:
578 default:
579 panic("key_checkrequest: Invalid policy defined.");
580 }
581
582 /* get current level */
583 level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
584
585 #if 0
586 /*
587 * We do allocate new SA only if the state of SA in the holder is
588 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
589 */
590 if (isr->sav != NULL) {
591 if (isr->sav->sah == NULL)
592 panic("key_checkrequest: sah is null.");
593 if (isr->sav ==
594 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
595 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
596 printf("DP checkrequest calls free SA:%p\n",
597 isr->sav));
598 key_freesav(isr->sav);
599 isr->sav = NULL;
600 }
601 }
602 #else
603 /*
604 * we free any SA stashed in the IPsec request because a different
605 * SA may be involved each time this request is checked, either
606 * because new SAs are being configured, or this request is
607 * associated with an unconnected datagram socket, or this request
608 * is associated with a system default policy.
609 *
610 * The operation may have negative impact to performance. We may
611 * want to check cached SA carefully, rather than picking new SA
612 * every time.
613 */
614 if (isr->sav != NULL) {
615 key_freesav(isr->sav);
616 isr->sav = NULL;
617 }
618 #endif
619
620 /*
621 * new SA allocation if no SA found.
622 * key_allocsa_policy should allocate the oldest SA available.
623 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
624 */
625 if (isr->sav == NULL)
626 isr->sav = key_allocsa_policy(saidx);
627
628 /* When there is SA. */
629 if (isr->sav != NULL)
630 return 0;
631
632 /* there is no SA */
633 if ((error = key_acquire(saidx, isr->sp)) != 0) {
634 /* XXX What should I do ? */
635 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
636 "from key_acquire.\n", error));
637 return error;
638 }
639
640 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
641 }
642
643 /*
644 * allocating a SA for policy entry from SAD.
645 * NOTE: searching SAD of aliving state.
646 * OUT: NULL: not found.
647 * others: found and return the pointer.
648 */
649 static struct secasvar *
650 key_allocsa_policy(saidx)
651 struct secasindex *saidx;
652 {
653 struct secashead *sah;
654 struct secasvar *sav;
655 u_int stateidx, state;
656
657 LIST_FOREACH(sah, &sahtree, chain) {
658 if (sah->state == SADB_SASTATE_DEAD)
659 continue;
660 if (key_cmpsaidx_withmode(&sah->saidx, saidx))
661 goto found;
662 }
663
664 return NULL;
665
666 found:
667
668 /* search valid state */
669 for (stateidx = 0;
670 stateidx < _ARRAYLEN(saorder_state_valid);
671 stateidx++) {
672
673 state = saorder_state_valid[stateidx];
674
675 sav = key_do_allocsa_policy(sah, state);
676 if (sav != NULL)
677 return sav;
678 }
679
680 return NULL;
681 }
682
683 /*
684 * searching SAD with direction, protocol, mode and state.
685 * called by key_allocsa_policy().
686 * OUT:
687 * NULL : not found
688 * others : found, pointer to a SA.
689 */
690 static struct secasvar *
691 key_do_allocsa_policy(sah, state)
692 struct secashead *sah;
693 u_int state;
694 {
695 struct secasvar *sav, *candidate;
696
697 /* initilize */
698 candidate = NULL;
699
700 LIST_FOREACH(sav, &sah->savtree[state], chain) {
701
702 /* sanity check */
703 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
704
705 /* initialize */
706 if (candidate == NULL) {
707 candidate = sav;
708 continue;
709 }
710
711 /* Which SA is the better ? */
712
713 /* sanity check 2 */
714 if (candidate->lft_c == NULL || sav->lft_c == NULL)
715 panic("key_do_allocsa_policy: "
716 "lifetime_current is NULL.");
717
718 /* XXX What the best method is to compare ? */
719 if (candidate->lft_c->sadb_lifetime_addtime >
720 sav->lft_c->sadb_lifetime_addtime) {
721 candidate = sav;
722 continue;
723 }
724 }
725
726 if (candidate) {
727 candidate->refcnt++;
728 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
729 printf("DP allocsa_policy cause "
730 "refcnt++:%d SA:%p\n",
731 candidate->refcnt, candidate));
732 }
733 return candidate;
734 }
735
736 /*
737 * allocating a SA entry for a *INBOUND* packet.
738 * Must call key_freesav() later.
739 * OUT: positive: pointer to a sav.
740 * NULL: not found, or error occurred.
741 *
742 * In the comparison, source address will be ignored for RFC2401 conformance.
743 * To quote, from section 4.1:
744 * A security association is uniquely identified by a triple consisting
745 * of a Security Parameter Index (SPI), an IP Destination Address, and a
746 * security protocol (AH or ESP) identifier.
747 * Note that, however, we do need to keep source address in IPsec SA.
748 * IKE specification and PF_KEY specification do assume that we
749 * keep source address in IPsec SA. We see a tricky situation here.
750 *
751 * sport and dport are used for NAT-T. network order is always used.
752 */
753 struct secasvar *
754 key_allocsa(
755 u_int family,
756 const void *src,
757 const void *dst,
758 u_int proto,
759 u_int32_t spi,
760 u_int16_t sport,
761 u_int16_t dport
762 )
763 {
764 struct secasvar *sav, *match;
765 u_int stateidx, state, tmpidx, matchidx;
766 struct sockaddr_in sin;
767 #ifdef INET6
768 struct sockaddr_in6 sin6;
769 #endif
770 int s;
771 int chkport = 0;
772
773 #ifdef IPSEC_NAT_T
774 if ((sport != 0) && (dport != 0))
775 chkport = 1;
776 #endif
777 /* sanity check */
778 if (src == NULL || dst == NULL)
779 panic("key_allocsa: NULL pointer is passed.");
780
781 /*
782 * searching SAD.
783 * XXX: to be checked internal IP header somewhere. Also when
784 * IPsec tunnel packet is received. But ESP tunnel mode is
785 * encrypted so we can't check internal IP header.
786 */
787 s = splsoftnet(); /*called from softclock()*/
788 /* search valid state */
789 match = NULL;
790 matchidx = _ARRAYLEN(saorder_state_valid);
791 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
792 if (sav->spi != spi)
793 continue;
794 if (proto != sav->sah->saidx.proto)
795 continue;
796 if (family != sav->sah->saidx.src.ss_family ||
797 family != sav->sah->saidx.dst.ss_family)
798 continue;
799 tmpidx = _ARRAYLEN(saorder_state_valid);
800 for (stateidx = 0; stateidx < matchidx; stateidx++) {
801 state = saorder_state_valid[stateidx];
802 if (sav->state == state) {
803 tmpidx = stateidx;
804 break;
805 }
806 }
807 if (tmpidx >= matchidx)
808 continue;
809
810 #if 0 /* src address check ignored for RFC 2401 conformance */
811 /* check src address */
812 switch (family) {
813 case AF_INET:
814 bzero(&sin, sizeof(sin));
815 sin.sin_family = AF_INET;
816 sin.sin_len = sizeof(sin);
817 bcopy(src, &sin.sin_addr,
818 sizeof(sin.sin_addr));
819 #ifdef IPSEC_NAT_T
820 sin.sin_port = sport;
821 #endif
822 if (key_sockaddrcmp((struct sockaddr*)&sin,
823 (struct sockaddr *)&sav->sah->saidx.src,
824 chkport) != 0)
825 continue;
826
827 break;
828 #ifdef INET6
829 case AF_INET6:
830 bzero(&sin6, sizeof(sin6));
831 sin6.sin6_family = AF_INET6;
832 sin6.sin6_len = sizeof(sin6);
833 bcopy(src, &sin6.sin6_addr,
834 sizeof(sin6.sin6_addr));
835 #ifdef IPSEC_NAT_T
836 sin6.sin6_port = sport;
837 #endif
838 if (sa6_recoverscope(&sin6))
839 continue;
840 if (key_sockaddrcmp((struct sockaddr*)&sin6,
841 (struct sockaddr *)&sav->sah->saidx.src,
842 chkport) != 0)
843 continue;
844 break;
845 #endif
846 default:
847 ipseclog((LOG_DEBUG, "key_allocsa: "
848 "unknown address family=%d.\n",
849 family));
850 continue;
851 }
852
853 #endif
854 /* check dst address */
855 switch (family) {
856 case AF_INET:
857 bzero(&sin, sizeof(sin));
858 sin.sin_family = AF_INET;
859 sin.sin_len = sizeof(sin);
860 bcopy(dst, &sin.sin_addr,
861 sizeof(sin.sin_addr));
862 #ifdef IPSEC_NAT_T
863 sin.sin_port = dport;
864 #endif
865 if (key_sockaddrcmp((struct sockaddr*)&sin,
866 (struct sockaddr *)&sav->sah->saidx.dst,
867 chkport) != 0)
868 continue;
869
870 break;
871 #ifdef INET6
872 case AF_INET6:
873 bzero(&sin6, sizeof(sin6));
874 sin6.sin6_family = AF_INET6;
875 sin6.sin6_len = sizeof(sin6);
876 bcopy(dst, &sin6.sin6_addr,
877 sizeof(sin6.sin6_addr));
878 #ifdef IPSEC_NAT_T
879 sin6.sin6_port = dport;
880 #endif
881 if (sa6_recoverscope(&sin6))
882 continue;
883 if (key_sockaddrcmp((struct sockaddr*)&sin6,
884 (struct sockaddr *)&sav->sah->saidx.dst,
885 chkport) != 0)
886 continue;
887 break;
888 #endif
889 default:
890 ipseclog((LOG_DEBUG, "key_allocsa: "
891 "unknown address family=%d.\n", family));
892 continue;
893 }
894
895 match = sav;
896 matchidx = tmpidx;
897 }
898
899 if (match)
900 goto found;
901
902 /* not found */
903 splx(s);
904 return NULL;
905
906 found:
907 match->refcnt++;
908 splx(s);
909 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
910 printf("DP allocsa cause refcnt++:%d SA:%p\n",
911 match->refcnt, match));
912 return match;
913 }
914
915 /*
916 * Must be called after calling key_allocsp().
917 * For both the packet without socket and key_freeso().
918 */
919 void
920 key_freesp(sp)
921 struct secpolicy *sp;
922 {
923 /* sanity check */
924 if (sp == NULL)
925 panic("key_freesp: NULL pointer is passed.");
926
927 sp->refcnt--;
928 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
929 printf("DP freesp cause refcnt--:%d SP:%p\n",
930 sp->refcnt, sp));
931
932 if (sp->refcnt == 0)
933 key_delsp(sp);
934
935 return;
936 }
937
938 /*
939 * Must be called after calling key_allocsa().
940 * This function is called by key_freesp() to free some SA allocated
941 * for a policy.
942 */
943 void
944 key_freesav(sav)
945 struct secasvar *sav;
946 {
947 /* sanity check */
948 if (sav == NULL)
949 panic("key_freesav: NULL pointer is passed.");
950
951 sav->refcnt--;
952 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
953 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
954 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
955
956 if (sav->refcnt > 0)
957 return;
958
959 key_delsav(sav);
960 }
961
962 static void
963 key_delsav(sav)
964 struct secasvar *sav;
965 {
966 int s;
967
968 /* sanity check */
969 if (sav == NULL)
970 panic("key_delsav: NULL pointer is passed.");
971
972 if (sav->refcnt > 0)
973 panic("key_delsav: called with positive refcnt");
974
975 s = splsoftnet();
976
977 #ifdef KERNFS
978 kernfs_revoke_sa(sav);
979 #endif
980
981 if (__LIST_CHAINED(sav))
982 LIST_REMOVE(sav, chain);
983
984 if (sav->spihash.le_prev || sav->spihash.le_next)
985 LIST_REMOVE(sav, spihash);
986
987 if (sav->key_auth != NULL) {
988 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
989 KFREE(sav->key_auth);
990 sav->key_auth = NULL;
991 }
992 if (sav->key_enc != NULL) {
993 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
994 KFREE(sav->key_enc);
995 sav->key_enc = NULL;
996 }
997 if (sav->sched) {
998 bzero(sav->sched, sav->schedlen);
999 KFREE(sav->sched);
1000 sav->sched = NULL;
1001 }
1002 if (sav->replay != NULL) {
1003 keydb_delsecreplay(sav->replay);
1004 sav->replay = NULL;
1005 }
1006 if (sav->lft_c != NULL) {
1007 KFREE(sav->lft_c);
1008 sav->lft_c = NULL;
1009 }
1010 if (sav->lft_h != NULL) {
1011 KFREE(sav->lft_h);
1012 sav->lft_h = NULL;
1013 }
1014 if (sav->lft_s != NULL) {
1015 KFREE(sav->lft_s);
1016 sav->lft_s = NULL;
1017 }
1018 if (sav->iv != NULL) {
1019 KFREE(sav->iv);
1020 sav->iv = NULL;
1021 }
1022
1023 keydb_delsecasvar(sav);
1024
1025 splx(s);
1026 }
1027
1028 /* %%% SPD management */
1029 /*
1030 * free security policy entry.
1031 */
1032 static void
1033 key_delsp(sp)
1034 struct secpolicy *sp;
1035 {
1036 int s;
1037
1038 /* sanity check */
1039 if (sp == NULL)
1040 panic("key_delsp: NULL pointer is passed.");
1041
1042 if (sp->refcnt > 0)
1043 panic("key_delsp: called with positive refcnt");
1044
1045 s = splsoftnet(); /*called from softclock()*/
1046
1047 #ifdef KERNFS
1048 kernfs_revoke_sp(sp);
1049 #endif
1050
1051 {
1052 struct ipsecrequest *isr = sp->req, *nextisr;
1053
1054 while (isr != NULL) {
1055 if (isr->sav != NULL) {
1056 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1057 printf("DP delsp calls free SA:%p\n",
1058 isr->sav));
1059 key_freesav(isr->sav);
1060 isr->sav = NULL;
1061 }
1062
1063 nextisr = isr->next;
1064 KFREE(isr);
1065 isr = nextisr;
1066 }
1067 }
1068
1069 keydb_delsecpolicy(sp);
1070
1071 splx(s);
1072
1073 return;
1074 }
1075
1076 /*
1077 * search SPD
1078 * OUT: NULL : not found
1079 * others : found, pointer to a SP.
1080 */
1081 static struct secpolicy *
1082 key_getsp(spidx, dir)
1083 struct secpolicyindex *spidx;
1084 int dir;
1085 {
1086 struct secpolicy *sp;
1087
1088 /* sanity check */
1089 if (spidx == NULL)
1090 panic("key_getsp: NULL pointer is passed.");
1091
1092 LIST_FOREACH(sp, &sptree[dir], chain) {
1093 if (sp->state == IPSEC_SPSTATE_DEAD)
1094 continue;
1095 if (!sp->spidx)
1096 continue;
1097 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
1098 sp->refcnt++;
1099 return sp;
1100 }
1101 }
1102
1103 return NULL;
1104 }
1105
1106 #ifdef SADB_X_EXT_TAG
1107 static struct secpolicy *
1108 key_getspbytag(tag, dir)
1109 u_int16_t tag;
1110 int dir;
1111 {
1112 struct secpolicy *sp;
1113
1114 LIST_FOREACH(sp, &sptree[dir], chain) {
1115 if (sp->state == IPSEC_SPSTATE_DEAD)
1116 continue;
1117 if (sp->spidx)
1118 continue;
1119 if (sp->tag == tag) {
1120 sp->refcnt++;
1121 return sp;
1122 }
1123 }
1124
1125 return NULL;
1126 }
1127 #endif
1128
1129 /*
1130 * get SP by index.
1131 * OUT: NULL : not found
1132 * others : found, pointer to a SP.
1133 */
1134 struct secpolicy *
1135 key_getspbyid(id)
1136 u_int32_t id;
1137 {
1138 struct secpolicy *sp;
1139
1140 TAILQ_FOREACH(sp, &sptailq, tailq) {
1141 if (sp->id == id) {
1142 sp->refcnt++;
1143 return sp;
1144 }
1145 }
1146
1147 return NULL;
1148 }
1149
1150 struct secpolicy *
1151 key_newsp(id)
1152 u_int32_t id;
1153 {
1154 struct secpolicy *newsp = NULL, *sp;
1155 u_int32_t newid;
1156
1157 if (id > IPSEC_MANUAL_POLICYID_MAX) {
1158 ipseclog((LOG_DEBUG,
1159 "key_newsp: policy_id=%u range "
1160 "violation, updated by kernel.\n", id));
1161 id = 0;
1162 }
1163
1164 if (id == 0) {
1165 if ((newid = keydb_newspid()) == 0) {
1166 ipseclog((LOG_DEBUG,
1167 "key_newsp: new policy_id allocation failed."));
1168 return NULL;
1169 }
1170 } else {
1171 sp = key_getspbyid(id);
1172 if (sp != NULL) {
1173 ipseclog((LOG_DEBUG,
1174 "key_newsp: policy_id(%u) has been used.\n", id));
1175 key_freesp(sp);
1176 return NULL;
1177 }
1178 newid = id;
1179 }
1180
1181 newsp = keydb_newsecpolicy();
1182 if (!newsp)
1183 return newsp;
1184
1185 newsp->id = newid;
1186 newsp->refcnt = 1;
1187 newsp->req = NULL;
1188
1189 return newsp;
1190 }
1191
1192 /*
1193 * create secpolicy structure from sadb_x_policy structure.
1194 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1195 * so must be set properly later.
1196 */
1197 struct secpolicy *
1198 key_msg2sp(xpl0, len, error)
1199 struct sadb_x_policy *xpl0;
1200 size_t len;
1201 int *error;
1202 {
1203 struct secpolicy *newsp;
1204
1205 /* sanity check */
1206 if (xpl0 == NULL)
1207 panic("key_msg2sp: NULL pointer was passed.");
1208 if (len < sizeof(*xpl0))
1209 panic("key_msg2sp: invalid length.");
1210 if (len != PFKEY_EXTLEN(xpl0)) {
1211 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1212 *error = EINVAL;
1213 return NULL;
1214 }
1215
1216 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
1217 *error = ENOBUFS;
1218 return NULL;
1219 }
1220
1221 newsp->dir = xpl0->sadb_x_policy_dir;
1222 newsp->policy = xpl0->sadb_x_policy_type;
1223
1224 /* check policy */
1225 switch (xpl0->sadb_x_policy_type) {
1226 case IPSEC_POLICY_DISCARD:
1227 case IPSEC_POLICY_NONE:
1228 case IPSEC_POLICY_ENTRUST:
1229 case IPSEC_POLICY_BYPASS:
1230 newsp->req = NULL;
1231 break;
1232
1233 case IPSEC_POLICY_IPSEC:
1234 {
1235 int tlen;
1236 struct sadb_x_ipsecrequest *xisr;
1237 struct ipsecrequest **p_isr = &newsp->req;
1238
1239 /* validity check */
1240 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1241 ipseclog((LOG_DEBUG,
1242 "key_msg2sp: Invalid msg length.\n"));
1243 key_freesp(newsp);
1244 *error = EINVAL;
1245 return NULL;
1246 }
1247
1248 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1249 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1250
1251 while (tlen > 0) {
1252
1253 /* length check */
1254 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1255 ipseclog((LOG_DEBUG, "key_msg2sp: "
1256 "invalid ipsecrequest length.\n"));
1257 key_freesp(newsp);
1258 *error = EINVAL;
1259 return NULL;
1260 }
1261
1262 /* allocate request buffer */
1263 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1264 if ((*p_isr) == NULL) {
1265 ipseclog((LOG_DEBUG,
1266 "key_msg2sp: No more memory.\n"));
1267 key_freesp(newsp);
1268 *error = ENOBUFS;
1269 return NULL;
1270 }
1271 bzero(*p_isr, sizeof(**p_isr));
1272
1273 /* set values */
1274 (*p_isr)->next = NULL;
1275
1276 switch (xisr->sadb_x_ipsecrequest_proto) {
1277 case IPPROTO_ESP:
1278 case IPPROTO_AH:
1279 case IPPROTO_IPCOMP:
1280 case IPPROTO_IPV4:
1281 case IPPROTO_IPV6:
1282 break;
1283 default:
1284 ipseclog((LOG_DEBUG,
1285 "key_msg2sp: invalid proto type=%u\n",
1286 xisr->sadb_x_ipsecrequest_proto));
1287 key_freesp(newsp);
1288 *error = EPROTONOSUPPORT;
1289 return NULL;
1290 }
1291 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1292
1293 switch (xisr->sadb_x_ipsecrequest_mode) {
1294 case IPSEC_MODE_TRANSPORT:
1295 case IPSEC_MODE_TUNNEL:
1296 break;
1297 case IPSEC_MODE_ANY:
1298 default:
1299 ipseclog((LOG_DEBUG,
1300 "key_msg2sp: invalid mode=%u\n",
1301 xisr->sadb_x_ipsecrequest_mode));
1302 key_freesp(newsp);
1303 *error = EINVAL;
1304 return NULL;
1305 }
1306 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1307
1308 switch (xisr->sadb_x_ipsecrequest_level) {
1309 case IPSEC_LEVEL_DEFAULT:
1310 case IPSEC_LEVEL_USE:
1311 case IPSEC_LEVEL_REQUIRE:
1312 break;
1313 case IPSEC_LEVEL_UNIQUE:
1314 /* validity check */
1315 /*
1316 * If range violation of reqid, kernel will
1317 * update it, don't refuse it.
1318 */
1319 if (xisr->sadb_x_ipsecrequest_reqid
1320 > IPSEC_MANUAL_REQID_MAX) {
1321 ipseclog((LOG_DEBUG,
1322 "key_msg2sp: reqid=%u range "
1323 "violation, updated by kernel.\n",
1324 xisr->sadb_x_ipsecrequest_reqid));
1325 xisr->sadb_x_ipsecrequest_reqid = 0;
1326 }
1327
1328 /* allocate new reqid id if reqid is zero. */
1329 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1330 u_int16_t reqid;
1331 if ((reqid = key_newreqid()) == 0) {
1332 key_freesp(newsp);
1333 *error = ENOBUFS;
1334 return NULL;
1335 }
1336 (*p_isr)->saidx.reqid = reqid;
1337 xisr->sadb_x_ipsecrequest_reqid = reqid;
1338 } else {
1339 /* set it for manual keying. */
1340 (*p_isr)->saidx.reqid =
1341 xisr->sadb_x_ipsecrequest_reqid;
1342 }
1343 break;
1344
1345 default:
1346 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1347 xisr->sadb_x_ipsecrequest_level));
1348 key_freesp(newsp);
1349 *error = EINVAL;
1350 return NULL;
1351 }
1352 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1353
1354 /* set IP addresses if there */
1355 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1356 struct sockaddr *paddr;
1357
1358 paddr = (struct sockaddr *)(xisr + 1);
1359
1360 /* validity check */
1361 if (paddr->sa_len
1362 > sizeof((*p_isr)->saidx.src)) {
1363 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1364 "address length.\n"));
1365 key_freesp(newsp);
1366 *error = EINVAL;
1367 return NULL;
1368 }
1369 bcopy(paddr, &(*p_isr)->saidx.src,
1370 paddr->sa_len);
1371
1372 paddr = (struct sockaddr *)((char *)paddr
1373 + paddr->sa_len);
1374
1375 /* validity check */
1376 if (paddr->sa_len
1377 > sizeof((*p_isr)->saidx.dst)) {
1378 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1379 "address length.\n"));
1380 key_freesp(newsp);
1381 *error = EINVAL;
1382 return NULL;
1383 }
1384 bcopy(paddr, &(*p_isr)->saidx.dst,
1385 paddr->sa_len);
1386 }
1387
1388 (*p_isr)->sav = NULL;
1389 (*p_isr)->sp = newsp;
1390
1391 /* initialization for the next. */
1392 p_isr = &(*p_isr)->next;
1393 tlen -= xisr->sadb_x_ipsecrequest_len;
1394
1395 /* validity check */
1396 if (tlen < 0) {
1397 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1398 key_freesp(newsp);
1399 *error = EINVAL;
1400 return NULL;
1401 }
1402
1403 xisr = (struct sadb_x_ipsecrequest *)((char *)xisr
1404 + xisr->sadb_x_ipsecrequest_len);
1405 }
1406 }
1407 break;
1408 default:
1409 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1410 key_freesp(newsp);
1411 *error = EINVAL;
1412 return NULL;
1413 }
1414
1415 *error = 0;
1416 return newsp;
1417 }
1418
1419 static u_int16_t
1420 key_newreqid()
1421 {
1422 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1423
1424 auto_reqid = (auto_reqid == 0xffff
1425 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1426
1427 /* XXX should be unique check */
1428
1429 return auto_reqid;
1430 }
1431
1432 /*
1433 * copy secpolicy struct to sadb_x_policy structure indicated.
1434 */
1435 struct mbuf *
1436 key_sp2msg(sp)
1437 struct secpolicy *sp;
1438 {
1439 struct sadb_x_policy *xpl;
1440 int tlen;
1441 char *p;
1442 struct mbuf *m;
1443
1444 /* sanity check. */
1445 if (sp == NULL)
1446 panic("key_sp2msg: NULL pointer was passed.");
1447
1448 tlen = key_getspreqmsglen(sp);
1449
1450 m = key_alloc_mbuf(tlen);
1451 if (!m || m->m_next) { /*XXX*/
1452 if (m)
1453 m_freem(m);
1454 return NULL;
1455 }
1456
1457 m->m_len = tlen;
1458 m->m_next = NULL;
1459 xpl = mtod(m, struct sadb_x_policy *);
1460 bzero(xpl, tlen);
1461
1462 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1463 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1464 xpl->sadb_x_policy_type = sp->policy;
1465 xpl->sadb_x_policy_dir = sp->dir;
1466 xpl->sadb_x_policy_id = sp->id;
1467 p = (char *)xpl + sizeof(*xpl);
1468
1469 /* if is the policy for ipsec ? */
1470 if (sp->policy == IPSEC_POLICY_IPSEC) {
1471 struct sadb_x_ipsecrequest *xisr;
1472 struct ipsecrequest *isr;
1473
1474 for (isr = sp->req; isr != NULL; isr = isr->next) {
1475
1476 xisr = (struct sadb_x_ipsecrequest *)p;
1477
1478 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1479 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1480 xisr->sadb_x_ipsecrequest_level = isr->level;
1481 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1482
1483 p += sizeof(*xisr);
1484 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
1485 p += isr->saidx.src.ss_len;
1486 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
1487 p += isr->saidx.src.ss_len;
1488
1489 xisr->sadb_x_ipsecrequest_len =
1490 PFKEY_ALIGN8(sizeof(*xisr)
1491 + isr->saidx.src.ss_len
1492 + isr->saidx.dst.ss_len);
1493 }
1494 }
1495
1496 return m;
1497 }
1498
1499 /* m will not be freed nor modified */
1500 static struct mbuf *
1501 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1502 int ndeep, int nitem, ...)
1503 {
1504 va_list ap;
1505 int idx;
1506 int i;
1507 struct mbuf *result = NULL, *n;
1508 int len;
1509
1510 if (m == NULL || mhp == NULL)
1511 panic("null pointer passed to key_gather");
1512
1513 va_start(ap, nitem);
1514 for (i = 0; i < nitem; i++) {
1515 idx = va_arg(ap, int);
1516 if (idx < 0 || idx > SADB_EXT_MAX)
1517 goto fail;
1518 /* don't attempt to pull empty extension */
1519 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1520 continue;
1521 if (idx != SADB_EXT_RESERVED &&
1522 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1523 continue;
1524
1525 if (idx == SADB_EXT_RESERVED) {
1526 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1527 #ifdef DIAGNOSTIC
1528 if (len > MHLEN)
1529 panic("assumption failed");
1530 #endif
1531 MGETHDR(n, M_DONTWAIT, MT_DATA);
1532 if (!n)
1533 goto fail;
1534 n->m_len = len;
1535 n->m_next = NULL;
1536 m_copydata(m, 0, sizeof(struct sadb_msg),
1537 mtod(n, void *));
1538 } else if (i < ndeep) {
1539 len = mhp->extlen[idx];
1540 n = key_alloc_mbuf(len);
1541 if (!n || n->m_next) { /*XXX*/
1542 if (n)
1543 m_freem(n);
1544 goto fail;
1545 }
1546 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1547 mtod(n, void *));
1548 } else {
1549 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1550 M_DONTWAIT);
1551 }
1552 if (n == NULL)
1553 goto fail;
1554
1555 if (result)
1556 m_cat(result, n);
1557 else
1558 result = n;
1559 }
1560 va_end(ap);
1561
1562 if ((result->m_flags & M_PKTHDR) != 0) {
1563 result->m_pkthdr.len = 0;
1564 for (n = result; n; n = n->m_next)
1565 result->m_pkthdr.len += n->m_len;
1566 }
1567
1568 return result;
1569
1570 fail:
1571 va_end(ap);
1572 m_freem(result);
1573 return NULL;
1574 }
1575
1576 /*
1577 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1578 * add an entry to SP database, when received
1579 * <base, address(SD), (lifetime(H),) policy>
1580 * from the user(?).
1581 * Adding to SP database,
1582 * and send
1583 * <base, address(SD), (lifetime(H),) policy>
1584 * to the socket which was send.
1585 *
1586 * SPDADD set a unique policy entry.
1587 * SPDSETIDX like SPDADD without a part of policy requests.
1588 * SPDUPDATE replace a unique policy entry.
1589 *
1590 * m will always be freed.
1591 */
1592 static int
1593 key_spdadd(so, m, mhp)
1594 struct socket *so;
1595 struct mbuf *m;
1596 const struct sadb_msghdr *mhp;
1597 {
1598 struct sadb_address *src0 = NULL, *dst0 = NULL;
1599 struct sadb_x_policy *xpl0, *xpl;
1600 struct sadb_lifetime *lft = NULL;
1601 #ifdef SADB_X_EXT_TAG
1602 struct sadb_x_tag *tag = NULL;
1603 #endif
1604 struct secpolicyindex spidx;
1605 struct secpolicy *newsp;
1606 struct ipsecrequest *isr;
1607 int error;
1608 #ifdef SADB_X_EXT_TAG
1609 u_int16_t tagvalue = 0;
1610 #endif
1611 int spidxmode;
1612
1613 /* sanity check */
1614 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1615 panic("key_spdadd: NULL pointer is passed.");
1616
1617 #ifdef SADB_X_EXT_TAG
1618 if ((mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1619 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) ||
1620 mhp->ext[SADB_X_EXT_TAG] != NULL)
1621 #else
1622 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1623 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL)
1624 #endif
1625 {
1626 ;
1627 } else {
1628 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1629 return key_senderror(so, m, EINVAL);
1630 }
1631 #ifdef SADB_X_EXT_TAG
1632 if (mhp->ext[SADB_X_EXT_TAG] != NULL) {
1633 ipseclog((LOG_DEBUG, "key_spdadd: tag not supported.\n"));
1634 return key_senderror(so, m, EOPNOTSUPP);
1635 }
1636 #endif
1637 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1638 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1639 return key_senderror(so, m, EINVAL);
1640 }
1641 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
1642 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
1643 (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
1644 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
1645 #ifdef SADB_X_EXT_TAG
1646 (mhp->extlen[SADB_X_EXT_TAG] &&
1647 mhp->extlen[SADB_X_EXT_TAG] < sizeof(struct sadb_x_tag)) ||
1648 #endif
1649 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1650 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1651 return key_senderror(so, m, EINVAL);
1652 }
1653 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1654 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1655 < sizeof(struct sadb_lifetime)) {
1656 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1657 return key_senderror(so, m, EINVAL);
1658 }
1659 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1660 }
1661
1662 /* spidx mode, or tag mode */
1663 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
1664 #ifndef SADB_X_EXT_TAG
1665 if (!spidxmode)
1666 return key_senderror(so, m, EINVAL);
1667 #endif
1668
1669 if (spidxmode) {
1670 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1671 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1672 /* make secindex */
1673 /* XXX boundary check against sa_len */
1674 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
1675 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
1676 src0->sadb_address_proto, &spidx);
1677 }
1678 #ifdef SADB_X_EXT_TAG
1679 else
1680 tag = (struct sadb_x_tag *)mhp->ext[SADB_X_EXT_TAG];
1681 #endif
1682 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1683
1684 /* checking the direciton. */
1685 switch (xpl0->sadb_x_policy_dir) {
1686 case IPSEC_DIR_INBOUND:
1687 case IPSEC_DIR_OUTBOUND:
1688 break;
1689 default:
1690 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1691 mhp->msg->sadb_msg_errno = EINVAL;
1692 return 0;
1693 }
1694
1695 /* check policy */
1696 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1697 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1698 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1699 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1700 return key_senderror(so, m, EINVAL);
1701 }
1702
1703 /* policy requests are mandatory when action is ipsec. */
1704 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1705 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1706 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1707 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1708 return key_senderror(so, m, EINVAL);
1709 }
1710
1711 /*
1712 * checking there is SP already or not.
1713 * SPDUPDATE doesn't depend on whether there is a SP or not.
1714 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1715 * then error.
1716 */
1717 if (xpl0->sadb_x_policy_id != 0)
1718 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
1719 else if (spidxmode)
1720 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
1721 #ifdef SADB_X_EXT_TAG
1722 else {
1723 tagvalue = m_nametag_tagname2tag(tag->sadb_x_tag_name);
1724 /* tag refcnt++ */
1725 newsp = key_getspbytag(tagvalue, xpl0->sadb_x_policy_dir);
1726 }
1727 #else
1728 else
1729 newsp = NULL;
1730 #endif
1731
1732 if (newsp && (newsp->readonly || newsp->persist)) {
1733 ipseclog((LOG_DEBUG,
1734 "key_spdadd: tried to alter readonly/persistent SP.\n"));
1735 return key_senderror(so, m, EPERM);
1736 }
1737
1738 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1739 if (newsp) {
1740 key_sp_dead(newsp);
1741 key_freesp(newsp); /* ref gained by key_getsp */
1742 key_sp_unlink(newsp);
1743 newsp = NULL;
1744 }
1745 } else {
1746 if (newsp != NULL) {
1747 key_freesp(newsp);
1748 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1749 #ifdef SADB_X_EXT_TAG
1750 if (!mhp->ext[SADB_EXT_ADDRESS_SRC])
1751 m_nametag_unref(tagvalue);
1752 #endif
1753 return key_senderror(so, m, EEXIST);
1754 }
1755 }
1756
1757 /* allocation new SP entry */
1758 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1759 #ifdef SADB_X_EXT_TAG
1760 if (!spidxmode)
1761 m_nametag_unref(tagvalue);
1762 #endif
1763 return key_senderror(so, m, error);
1764 }
1765
1766 if (spidxmode) {
1767 error = keydb_setsecpolicyindex(newsp, &spidx);
1768 if (error) {
1769 keydb_delsecpolicy(newsp);
1770 return key_senderror(so, m, error);
1771 }
1772
1773 /* sanity check on addr pair */
1774 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1775 ((struct sockaddr *)(dst0 + 1))->sa_family) {
1776 keydb_delsecpolicy(newsp);
1777 return key_senderror(so, m, EINVAL);
1778 }
1779 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1780 ((struct sockaddr *)(dst0 + 1))->sa_len) {
1781 keydb_delsecpolicy(newsp);
1782 return key_senderror(so, m, EINVAL);
1783 }
1784 }
1785 #ifdef SADB_X_EXT_TAG
1786 else {
1787 newsp->tag = tagvalue;
1788 }
1789 #endif
1790
1791 for (isr = newsp->req; isr; isr = isr->next) {
1792 #ifndef IPSEC_NAT_T
1793 struct sockaddr *sa;
1794
1795 /*
1796 * port spec is not permitted for tunnel mode
1797 */
1798 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
1799 sa = (struct sockaddr *)(src0 + 1);
1800 switch (sa->sa_family) {
1801 case AF_INET:
1802 if (((struct sockaddr_in *)sa)->sin_port) {
1803 keydb_delsecpolicy(newsp);
1804 return key_senderror(so, m, EINVAL);
1805 }
1806 break;
1807 case AF_INET6:
1808 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1809 keydb_delsecpolicy(newsp);
1810 return key_senderror(so, m, EINVAL);
1811 }
1812 break;
1813 default:
1814 break;
1815 }
1816 sa = (struct sockaddr *)(dst0 + 1);
1817 switch (sa->sa_family) {
1818 case AF_INET:
1819 if (((struct sockaddr_in *)sa)->sin_port) {
1820 keydb_delsecpolicy(newsp);
1821 return key_senderror(so, m, EINVAL);
1822 }
1823 break;
1824 case AF_INET6:
1825 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1826 keydb_delsecpolicy(newsp);
1827 return key_senderror(so, m, EINVAL);
1828 }
1829 break;
1830 default:
1831 break;
1832 }
1833 }
1834 #endif /* !IPSEC_NAT_T */
1835 }
1836
1837 /*
1838 * bark if we have different address family on tunnel address
1839 * specification. applies only if we decapsulate in RFC2401
1840 * IPsec (implementation limitation).
1841 */
1842 for (isr = newsp->req; isr; isr = isr->next) {
1843 struct sockaddr *sa;
1844
1845 if (isr->saidx.src.ss_family && src0) {
1846 sa = (struct sockaddr *)(src0 + 1);
1847 if (sa->sa_family != isr->saidx.src.ss_family) {
1848 keydb_delsecpolicy(newsp);
1849 return key_senderror(so, m, EINVAL);
1850 }
1851 }
1852 if (isr->saidx.dst.ss_family && dst0) {
1853 sa = (struct sockaddr *)(dst0 + 1);
1854 if (sa->sa_family != isr->saidx.dst.ss_family) {
1855 keydb_delsecpolicy(newsp);
1856 return key_senderror(so, m, EINVAL);
1857 }
1858 }
1859 }
1860
1861 newsp->created = time_second;
1862 newsp->lastused = time_second;
1863 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1864 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1865
1866 newsp->refcnt = 1; /* do not reclaim until I say I do */
1867 newsp->state = IPSEC_SPSTATE_ALIVE;
1868 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
1869
1870 /* delete the entry in spacqtree */
1871 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
1872 mhp->ext[SADB_EXT_ADDRESS_SRC]) {
1873 struct secspacq *spacq;
1874 if ((spacq = key_getspacq(&spidx)) != NULL) {
1875 /* reset counter in order to deletion by timehandler. */
1876 spacq->created = time_second;
1877 spacq->count = 0;
1878 }
1879 }
1880
1881 /* invalidate all cached SPD pointers on pcb */
1882 ipsec_invalpcbcacheall();
1883
1884 {
1885 struct mbuf *n, *mpolicy;
1886 struct sadb_msg *newmsg;
1887 int off;
1888
1889 /* create new sadb_msg to reply. */
1890 if (lft) {
1891 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1892 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1893 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1894 } else {
1895 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1896 SADB_X_EXT_POLICY,
1897 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1898 }
1899 if (!n)
1900 return key_senderror(so, m, ENOBUFS);
1901
1902 if (n->m_len < sizeof(*newmsg)) {
1903 n = m_pullup(n, sizeof(*newmsg));
1904 if (!n)
1905 return key_senderror(so, m, ENOBUFS);
1906 }
1907 newmsg = mtod(n, struct sadb_msg *);
1908 newmsg->sadb_msg_errno = 0;
1909 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
1910
1911 off = 0;
1912 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
1913 sizeof(*xpl), &off);
1914 if (mpolicy == NULL) {
1915 /* n is already freed */
1916 return key_senderror(so, m, ENOBUFS);
1917 }
1918 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off);
1919 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
1920 m_freem(n);
1921 return key_senderror(so, m, EINVAL);
1922 }
1923 xpl->sadb_x_policy_id = newsp->id;
1924
1925 m_freem(m);
1926 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
1927 }
1928 }
1929
1930 /*
1931 * SADB_SPDDELETE processing
1932 * receive
1933 * <base, address(SD), policy(*)>
1934 * from the user(?), and set SADB_SASTATE_DEAD,
1935 * and send,
1936 * <base, address(SD), policy(*)>
1937 * to the ikmpd.
1938 * policy(*) including the direction of the policy.
1939 *
1940 * m will always be freed.
1941 */
1942 static int
1943 key_spddelete(so, m, mhp)
1944 struct socket *so;
1945 struct mbuf *m;
1946 const struct sadb_msghdr *mhp;
1947 {
1948 struct sadb_address *src0, *dst0;
1949 struct sadb_x_policy *xpl0;
1950 struct secpolicyindex spidx;
1951 struct secpolicy *sp;
1952
1953 /* sanity check */
1954 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1955 panic("key_spddelete: NULL pointer is passed.");
1956
1957 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1958 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1959 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1960 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1961 return key_senderror(so, m, EINVAL);
1962 }
1963 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1964 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1965 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1966 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1967 return key_senderror(so, m, EINVAL);
1968 }
1969
1970 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1971 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1972 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1973
1974 /* make secindex */
1975 /* XXX boundary check against sa_len */
1976 KEY_SETSECSPIDX(src0 + 1,
1977 dst0 + 1,
1978 src0->sadb_address_prefixlen,
1979 dst0->sadb_address_prefixlen,
1980 src0->sadb_address_proto,
1981 &spidx);
1982
1983 /* checking the direciton. */
1984 switch (xpl0->sadb_x_policy_dir) {
1985 case IPSEC_DIR_INBOUND:
1986 case IPSEC_DIR_OUTBOUND:
1987 break;
1988 default:
1989 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
1990 return key_senderror(so, m, EINVAL);
1991 }
1992
1993 /* Is there SP in SPD ? */
1994 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
1995 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
1996 return key_senderror(so, m, EINVAL);
1997 }
1998
1999 if (sp->persist) {
2000 ipseclog((LOG_DEBUG,
2001 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2002 sp->id));
2003 key_freesp(sp); /* ref gained by key_getsp */
2004 return key_senderror(so, m, EPERM);
2005 }
2006
2007 /* save policy id to be returned. */
2008 xpl0->sadb_x_policy_id = sp->id;
2009
2010 key_sp_dead(sp);
2011 key_freesp(sp); /* ref gained by key_getsp */
2012 key_sp_unlink(sp);
2013 sp = NULL;
2014
2015 /* invalidate all cached SPD pointers on pcb */
2016 ipsec_invalpcbcacheall();
2017
2018 {
2019 struct mbuf *n;
2020 struct sadb_msg *newmsg;
2021
2022 /* create new sadb_msg to reply. */
2023 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2024 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2025 if (!n)
2026 return key_senderror(so, m, ENOBUFS);
2027
2028 newmsg = mtod(n, struct sadb_msg *);
2029 newmsg->sadb_msg_errno = 0;
2030 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2031
2032 m_freem(m);
2033 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2034 }
2035 }
2036
2037 /*
2038 * SADB_SPDDELETE2 processing
2039 * receive
2040 * <base, policy(*)>
2041 * from the user(?), and set SADB_SASTATE_DEAD,
2042 * and send,
2043 * <base, policy(*)>
2044 * to the ikmpd.
2045 * policy(*) including the policy id.
2046 *
2047 * m will always be freed.
2048 */
2049 static int
2050 key_spddelete2(so, m, mhp)
2051 struct socket *so;
2052 struct mbuf *m;
2053 const struct sadb_msghdr *mhp;
2054 {
2055 u_int32_t id;
2056 struct secpolicy *sp;
2057
2058 /* sanity check */
2059 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2060 panic("key_spddelete2: NULL pointer is passed.");
2061
2062 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2063 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2064 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2065 return key_senderror(so, m, EINVAL);
2066 }
2067
2068 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2069
2070 /* Is there SP in SPD ? */
2071 if ((sp = key_getspbyid(id)) == NULL) {
2072 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
2073 id));
2074 return key_senderror(so, m, EINVAL);
2075 }
2076
2077 if (sp->persist) {
2078 ipseclog((LOG_DEBUG,
2079 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2080 id));
2081 key_freesp(sp); /* ref gained by key_getspbyid */
2082 return key_senderror(so, m, EPERM);
2083 }
2084
2085 key_sp_dead(sp);
2086 key_freesp(sp); /* ref gained by key_getspbyid */
2087 key_sp_unlink(sp);
2088 sp = NULL;
2089
2090 /* invalidate all cached SPD pointers on pcb */
2091 ipsec_invalpcbcacheall();
2092
2093 {
2094 struct mbuf *n, *nn;
2095 struct sadb_msg *newmsg;
2096 int off, len;
2097
2098 /* create new sadb_msg to reply. */
2099 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2100
2101 if (len > MCLBYTES)
2102 return key_senderror(so, m, ENOBUFS);
2103 MGETHDR(n, M_DONTWAIT, MT_DATA);
2104 if (n && len > MHLEN) {
2105 MCLGET(n, M_DONTWAIT);
2106 if ((n->m_flags & M_EXT) == 0) {
2107 m_freem(n);
2108 n = NULL;
2109 }
2110 }
2111 if (!n)
2112 return key_senderror(so, m, ENOBUFS);
2113
2114 n->m_len = len;
2115 n->m_next = NULL;
2116 off = 0;
2117
2118 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
2119 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2120
2121 #ifdef DIAGNOSTIC
2122 if (off != len)
2123 panic("length inconsistency in key_spddelete2");
2124 #endif
2125
2126 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2127 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2128 if (!n->m_next) {
2129 m_freem(n);
2130 return key_senderror(so, m, ENOBUFS);
2131 }
2132
2133 n->m_pkthdr.len = 0;
2134 for (nn = n; nn; nn = nn->m_next)
2135 n->m_pkthdr.len += nn->m_len;
2136
2137 newmsg = mtod(n, struct sadb_msg *);
2138 newmsg->sadb_msg_errno = 0;
2139 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2140
2141 m_freem(m);
2142 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2143 }
2144 }
2145
2146 /*
2147 * SADB_X_SPDGET processing
2148 * receive
2149 * <base, policy(*)>
2150 * from the user(?),
2151 * and send,
2152 * <base, address(SD), policy>
2153 * to the ikmpd.
2154 * policy(*) including direction of policy.
2155 *
2156 * m will always be freed.
2157 */
2158 static int
2159 key_spdget(so, m, mhp)
2160 struct socket *so;
2161 struct mbuf *m;
2162 const struct sadb_msghdr *mhp;
2163 {
2164 u_int32_t id;
2165 struct secpolicy *sp;
2166 struct mbuf *n;
2167
2168 /* sanity check */
2169 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2170 panic("key_spdget: NULL pointer is passed.");
2171
2172 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2173 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2174 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2175 return key_senderror(so, m, EINVAL);
2176 }
2177
2178 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2179
2180 /* Is there SP in SPD ? */
2181 if ((sp = key_getspbyid(id)) == NULL) {
2182 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2183 return key_senderror(so, m, ENOENT);
2184 }
2185
2186 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2187 mhp->msg->sadb_msg_pid);
2188 key_freesp(sp); /* ref gained by key_getspbyid */
2189 if (n != NULL) {
2190 m_freem(m);
2191 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2192 } else
2193 return key_senderror(so, m, ENOBUFS);
2194 }
2195
2196 /*
2197 * SADB_X_SPDACQUIRE processing.
2198 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2199 * send
2200 * <base, policy(*)>
2201 * to KMD, and expect to receive
2202 * <base> with SADB_X_SPDACQUIRE if error occurred,
2203 * or
2204 * <base, policy>
2205 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2206 * policy(*) is without policy requests.
2207 *
2208 * 0 : succeed
2209 * others: error number
2210 */
2211 int
2212 key_spdacquire(sp)
2213 struct secpolicy *sp;
2214 {
2215 struct mbuf *result = NULL, *m;
2216 #ifndef IPSEC_NONBLOCK_ACQUIRE
2217 struct secspacq *newspacq;
2218 #endif
2219 int error = -1;
2220
2221 /* sanity check */
2222 if (sp == NULL)
2223 panic("key_spdacquire: NULL pointer is passed.");
2224 if (sp->req != NULL)
2225 panic("key_spdacquire: called but there is request.");
2226 if (sp->policy != IPSEC_POLICY_IPSEC)
2227 panic("key_spdacquire: policy mismathed. IPsec is expected.");
2228 if (!sp->spidx) {
2229 error = EOPNOTSUPP;
2230 goto fail;
2231 }
2232
2233 #ifndef IPSEC_NONBLOCK_ACQUIRE
2234 /* get an entry to check whether sent message or not. */
2235 if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
2236 if (key_blockacq_count < newspacq->count) {
2237 /* reset counter and do send message. */
2238 newspacq->count = 0;
2239 } else {
2240 /* increment counter and do nothing. */
2241 newspacq->count++;
2242 return 0;
2243 }
2244 } else {
2245 /* make new entry for blocking to send SADB_ACQUIRE. */
2246 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
2247 return ENOBUFS;
2248
2249 /* add to acqtree */
2250 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2251 }
2252 #endif
2253
2254 /* create new sadb_msg to reply. */
2255 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2256 if (!m) {
2257 error = ENOBUFS;
2258 goto fail;
2259 }
2260 result = m;
2261
2262 /* set sadb_x_policy */
2263 if (sp) {
2264 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
2265 if (!m) {
2266 error = ENOBUFS;
2267 goto fail;
2268 }
2269 m_cat(result, m);
2270 }
2271
2272 result->m_pkthdr.len = 0;
2273 for (m = result; m; m = m->m_next)
2274 result->m_pkthdr.len += m->m_len;
2275
2276 mtod(result, struct sadb_msg *)->sadb_msg_len =
2277 PFKEY_UNIT64(result->m_pkthdr.len);
2278
2279 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2280
2281 fail:
2282 if (result)
2283 m_freem(result);
2284 return error;
2285 }
2286
2287 /*
2288 * SADB_SPDFLUSH processing
2289 * receive
2290 * <base>
2291 * from the user, and free all entries in secpctree.
2292 * and send,
2293 * <base>
2294 * to the user.
2295 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2296 *
2297 * m will always be freed.
2298 */
2299 static int
2300 key_spdflush(so, m, mhp)
2301 struct socket *so;
2302 struct mbuf *m;
2303 const struct sadb_msghdr *mhp;
2304 {
2305 struct sadb_msg *newmsg;
2306 struct secpolicy *sp, *nextsp;
2307
2308 /* sanity check */
2309 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2310 panic("key_spdflush: NULL pointer is passed.");
2311
2312 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2313 return key_senderror(so, m, EINVAL);
2314
2315 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
2316 nextsp = TAILQ_NEXT(sp, tailq);
2317 if (sp->persist)
2318 continue;
2319 if (sp->state == IPSEC_SPSTATE_DEAD)
2320 continue;
2321 key_sp_dead(sp);
2322 key_sp_unlink(sp);
2323 sp = NULL;
2324 }
2325
2326 /* invalidate all cached SPD pointers on pcb */
2327 ipsec_invalpcbcacheall();
2328
2329 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2330 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2331 return key_senderror(so, m, ENOBUFS);
2332 }
2333
2334 if (m->m_next)
2335 m_freem(m->m_next);
2336 m->m_next = NULL;
2337 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2338 newmsg = mtod(m, struct sadb_msg *);
2339 newmsg->sadb_msg_errno = 0;
2340 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2341
2342 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2343 }
2344
2345 /*
2346 * SADB_SPDDUMP processing
2347 * receive
2348 * <base>
2349 * from the user, and dump all SP leaves
2350 * and send,
2351 * <base> .....
2352 * to the ikmpd.
2353 *
2354 * m will always be freed.
2355 */
2356 static int
2357 key_spddump(so, m, mhp)
2358 struct socket *so;
2359 struct mbuf *m;
2360 const struct sadb_msghdr *mhp;
2361 {
2362 struct secpolicy *sp;
2363 int cnt;
2364 u_int dir;
2365 struct mbuf *n;
2366 struct keycb *kp;
2367 int error = 0, needwait = 0;
2368
2369 /* sanity check */
2370 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2371 panic("key_spddump: NULL pointer is passed.");
2372
2373 /* search SPD entry and get buffer size. */
2374 cnt = 0;
2375 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2376 LIST_FOREACH(sp, &sptree[dir], chain) {
2377 cnt++;
2378 }
2379 }
2380
2381 if (cnt == 0)
2382 return key_senderror(so, m, ENOENT);
2383
2384 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2385 LIST_FOREACH(sp, &sptree[dir], chain) {
2386 --cnt;
2387 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2388 mhp->msg->sadb_msg_pid);
2389
2390 if (n) {
2391 error = key_sendup_mbuf(so, n,
2392 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT);
2393 if (error == EAGAIN)
2394 needwait = 1;
2395 }
2396 }
2397 }
2398
2399 kp = (struct keycb *)sotorawcb(so);
2400 while (needwait && kp->kp_queue)
2401 sbwait(&so->so_rcv);
2402
2403 m_freem(m);
2404 return 0;
2405 }
2406
2407 #ifdef IPSEC_NAT_T
2408 /*
2409 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23
2410 */
2411 static int
2412 key_nat_map(so, m, mhp)
2413 struct socket *so;
2414 struct mbuf *m;
2415 const struct sadb_msghdr *mhp;
2416 {
2417 struct sadb_x_nat_t_type *type;
2418 struct sadb_x_nat_t_port *sport;
2419 struct sadb_x_nat_t_port *dport;
2420 struct sadb_address *addr;
2421 struct sadb_x_nat_t_frag *frag;
2422
2423 /* sanity check */
2424 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2425 panic("key_nat_map: NULL pointer is passed.");
2426
2427 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
2428 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
2429 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) {
2430 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2431 return key_senderror(so, m, EINVAL);
2432 }
2433 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
2434 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
2435 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
2436 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2437 return key_senderror(so, m, EINVAL);
2438 }
2439
2440 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
2441 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
2442 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2443 return key_senderror(so, m, EINVAL);
2444 }
2445
2446 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
2447 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
2448 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2449 return key_senderror(so, m, EINVAL);
2450 }
2451
2452 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
2453 sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
2454 dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
2455 addr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA];
2456 frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG];
2457
2458 printf("sadb_nat_map called\n");
2459
2460 /*
2461 * XXX handle that, it should also contain a SA, or anything
2462 * that enable to update the SA information.
2463 */
2464
2465 return 0;
2466 }
2467 #endif /* IPSEC_NAT_T */
2468
2469 static struct mbuf *
2470 key_setspddump(errorp)
2471 int *errorp;
2472 {
2473 struct secpolicy *sp;
2474 int cnt;
2475 u_int dir;
2476 struct mbuf *m, *n;
2477
2478 /* search SPD entry and get buffer size. */
2479 cnt = 0;
2480 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2481 LIST_FOREACH(sp, &sptree[dir], chain) {
2482 cnt++;
2483 }
2484 }
2485
2486 if (cnt == 0) {
2487 *errorp = ENOENT;
2488 return (NULL);
2489 }
2490
2491 m = NULL;
2492 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2493 LIST_FOREACH(sp, &sptree[dir], chain) {
2494 --cnt;
2495 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 0);
2496
2497 if (!n) {
2498 *errorp = ENOBUFS;
2499 m_freem(m);
2500 return (NULL);
2501 }
2502 if (!m)
2503 m = n;
2504 else {
2505 m->m_pkthdr.len += n->m_pkthdr.len;
2506 m_cat(m, n);
2507 }
2508 }
2509 }
2510
2511 *errorp = 0;
2512 return (m);
2513 }
2514
2515 struct mbuf *
2516 key_setdumpsp(sp, type, seq, pid)
2517 struct secpolicy *sp;
2518 u_int8_t type;
2519 u_int32_t seq, pid;
2520 {
2521 struct mbuf *result = NULL, *m;
2522
2523 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2524 if (!m)
2525 goto fail;
2526 result = m;
2527
2528 if (sp->spidx) {
2529 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2530 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
2531 sp->spidx->ul_proto);
2532 if (!m)
2533 goto fail;
2534 m_cat(result, m);
2535
2536 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2537 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
2538 sp->spidx->ul_proto);
2539 if (!m)
2540 goto fail;
2541 m_cat(result, m);
2542 }
2543 #ifdef SADB_X_EXT_TAG
2544 else if (sp->tag) {
2545 m = key_setsadbxtag(sp->tag);
2546 if (!m)
2547 goto fail;
2548 m_cat(result, m);
2549 }
2550 #endif
2551
2552 m = key_sp2msg(sp);
2553 if (!m)
2554 goto fail;
2555 m_cat(result, m);
2556
2557 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
2558 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
2559 if (!m)
2560 goto fail;
2561 m_cat(result, m);
2562
2563 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
2564 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
2565 if (!m)
2566 goto fail;
2567 m_cat(result, m);
2568
2569 if ((result->m_flags & M_PKTHDR) == 0)
2570 goto fail;
2571
2572 if (result->m_len < sizeof(struct sadb_msg)) {
2573 result = m_pullup(result, sizeof(struct sadb_msg));
2574 if (result == NULL)
2575 goto fail;
2576 }
2577
2578 result->m_pkthdr.len = 0;
2579 for (m = result; m; m = m->m_next)
2580 result->m_pkthdr.len += m->m_len;
2581
2582 mtod(result, struct sadb_msg *)->sadb_msg_len =
2583 PFKEY_UNIT64(result->m_pkthdr.len);
2584
2585 return result;
2586
2587 fail:
2588 m_freem(result);
2589 return NULL;
2590 }
2591
2592 /*
2593 * get PFKEY message length for security policy and request.
2594 */
2595 static u_int
2596 key_getspreqmsglen(sp)
2597 struct secpolicy *sp;
2598 {
2599 u_int tlen;
2600
2601 tlen = sizeof(struct sadb_x_policy);
2602
2603 /* if is the policy for ipsec ? */
2604 if (sp->policy != IPSEC_POLICY_IPSEC)
2605 return tlen;
2606
2607 /* get length of ipsec requests */
2608 {
2609 struct ipsecrequest *isr;
2610 int len;
2611
2612 for (isr = sp->req; isr != NULL; isr = isr->next) {
2613 len = sizeof(struct sadb_x_ipsecrequest)
2614 + isr->saidx.src.ss_len
2615 + isr->saidx.dst.ss_len;
2616
2617 tlen += PFKEY_ALIGN8(len);
2618 }
2619 }
2620
2621 return tlen;
2622 }
2623
2624 /*
2625 * SADB_X_SPDEXPIRE processing
2626 * send
2627 * <base, address(SD), lifetime(CH), policy>
2628 * to KMD by PF_KEY.
2629 *
2630 * OUT: 0 : succeed
2631 * others : error number
2632 */
2633 static int
2634 key_spdexpire(sp)
2635 struct secpolicy *sp;
2636 {
2637 int s;
2638 struct mbuf *result = NULL, *m;
2639 int len;
2640 int error = -1;
2641 struct sadb_lifetime *lt;
2642
2643 /* XXX: Why do we lock ? */
2644 s = splsoftnet(); /*called from softclock()*/
2645
2646 /* sanity check */
2647 if (sp == NULL)
2648 panic("key_spdexpire: NULL pointer is passed.");
2649
2650 /* set msg header */
2651 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2652 if (!m) {
2653 error = ENOBUFS;
2654 goto fail;
2655 }
2656 result = m;
2657
2658 /* create lifetime extension (current and hard) */
2659 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2660 m = key_alloc_mbuf(len);
2661 if (!m || m->m_next) { /*XXX*/
2662 if (m)
2663 m_freem(m);
2664 error = ENOBUFS;
2665 goto fail;
2666 }
2667 bzero(mtod(m, void *), len);
2668 lt = mtod(m, struct sadb_lifetime *);
2669 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2670 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2671 lt->sadb_lifetime_allocations = 0;
2672 lt->sadb_lifetime_bytes = 0;
2673 lt->sadb_lifetime_addtime = sp->created;
2674 lt->sadb_lifetime_usetime = sp->lastused;
2675 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
2676 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2677 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2678 lt->sadb_lifetime_allocations = 0;
2679 lt->sadb_lifetime_bytes = 0;
2680 lt->sadb_lifetime_addtime = sp->lifetime;
2681 lt->sadb_lifetime_usetime = sp->validtime;
2682 m_cat(result, m);
2683
2684 /* set sadb_address for source */
2685 if (sp->spidx) {
2686 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2687 (struct sockaddr *)&sp->spidx->src,
2688 sp->spidx->prefs, sp->spidx->ul_proto);
2689 if (!m) {
2690 error = ENOBUFS;
2691 goto fail;
2692 }
2693 m_cat(result, m);
2694
2695 /* set sadb_address for destination */
2696 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2697 (struct sockaddr *)&sp->spidx->dst,
2698 sp->spidx->prefd, sp->spidx->ul_proto);
2699 if (!m) {
2700 error = ENOBUFS;
2701 goto fail;
2702 }
2703 m_cat(result, m);
2704 }
2705 #ifdef SADB_X_EXT_TAG
2706 else if (sp->tag) {
2707 m = key_setsadbxtag(sp->tag);
2708 if (!m) {
2709 error = ENOBUFS;
2710 goto fail;
2711 }
2712 m_cat(result, m);
2713 }
2714 #endif
2715
2716 /* set secpolicy */
2717 m = key_sp2msg(sp);
2718 if (!m) {
2719 error = ENOBUFS;
2720 goto fail;
2721 }
2722 m_cat(result, m);
2723
2724 if ((result->m_flags & M_PKTHDR) == 0) {
2725 error = EINVAL;
2726 goto fail;
2727 }
2728
2729 if (result->m_len < sizeof(struct sadb_msg)) {
2730 result = m_pullup(result, sizeof(struct sadb_msg));
2731 if (result == NULL) {
2732 error = ENOBUFS;
2733 goto fail;
2734 }
2735 }
2736
2737 result->m_pkthdr.len = 0;
2738 for (m = result; m; m = m->m_next)
2739 result->m_pkthdr.len += m->m_len;
2740
2741 mtod(result, struct sadb_msg *)->sadb_msg_len =
2742 PFKEY_UNIT64(result->m_pkthdr.len);
2743
2744 splx(s);
2745 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2746
2747 fail:
2748 if (result)
2749 m_freem(result);
2750 splx(s);
2751 return error;
2752 }
2753
2754 /* %%% SAD management */
2755 /*
2756 * allocating a memory for new SA head, and copy from the values of mhp.
2757 * OUT: NULL : failure due to the lack of memory.
2758 * others : pointer to new SA head.
2759 */
2760 static struct secashead *
2761 key_newsah(saidx)
2762 struct secasindex *saidx;
2763 {
2764 struct secashead *newsah;
2765
2766 /* sanity check */
2767 if (saidx == NULL)
2768 panic("key_newsaidx: NULL pointer is passed.");
2769
2770 newsah = keydb_newsecashead();
2771 if (newsah == NULL)
2772 return NULL;
2773
2774 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
2775
2776 /* add to saidxtree */
2777 newsah->state = SADB_SASTATE_MATURE;
2778 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2779
2780 return (newsah);
2781 }
2782
2783 /*
2784 * delete SA index and all SA registerd.
2785 */
2786 static void
2787 key_delsah(sah)
2788 struct secashead *sah;
2789 {
2790 struct secasvar *sav, *nextsav;
2791 u_int stateidx, state;
2792 int s;
2793 int zombie = 0;
2794
2795 /* sanity check */
2796 if (sah == NULL)
2797 panic("key_delsah: NULL pointer is passed.");
2798
2799 s = splsoftnet(); /*called from softclock()*/
2800
2801 /* searching all SA registerd in the secindex. */
2802 for (stateidx = 0;
2803 stateidx < _ARRAYLEN(saorder_state_any);
2804 stateidx++) {
2805
2806 state = saorder_state_any[stateidx];
2807 for (sav = LIST_FIRST(&sah->savtree[state]);
2808 sav != NULL;
2809 sav = nextsav) {
2810
2811 nextsav = LIST_NEXT(sav, chain);
2812
2813 if (sav->refcnt > 0) {
2814 /* give up to delete this sa */
2815 zombie++;
2816 continue;
2817 }
2818
2819 /* sanity check */
2820 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2821
2822 /* remove back pointer */
2823 sav->sah = NULL;
2824
2825 key_freesav(sav);
2826
2827 sav = NULL;
2828 }
2829 }
2830
2831 /* delete sah only if there's no sav. */
2832 if (zombie) {
2833 splx(s);
2834 return;
2835 }
2836
2837 rtcache_free(&sah->sa_route);
2838
2839 /* remove from tree of SA index */
2840 if (__LIST_CHAINED(sah))
2841 LIST_REMOVE(sah, chain);
2842
2843 KFREE(sah);
2844
2845 splx(s);
2846 return;
2847 }
2848
2849 /*
2850 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2851 * and copy the values of mhp into new buffer.
2852 * When SAD message type is GETSPI:
2853 * to set sequence number from acq_seq++,
2854 * to set zero to SPI.
2855 * not to call key_setsava().
2856 * OUT: NULL : fail
2857 * others : pointer to new secasvar.
2858 *
2859 * does not modify mbuf. does not free mbuf on error.
2860 */
2861 static struct secasvar *
2862 key_newsav(m, mhp, sah, errp)
2863 struct mbuf *m;
2864 const struct sadb_msghdr *mhp;
2865 struct secashead *sah;
2866 int *errp;
2867 {
2868 struct secasvar *newsav;
2869 const struct sadb_sa *xsa;
2870
2871 /* sanity check */
2872 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2873 panic("key_newsa: NULL pointer is passed.");
2874
2875 newsav = keydb_newsecasvar();
2876 if (newsav == NULL) {
2877 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2878 *errp = ENOBUFS;
2879 return NULL;
2880 }
2881
2882 switch (mhp->msg->sadb_msg_type) {
2883 case SADB_GETSPI:
2884 key_setspi(newsav, 0);
2885
2886 #ifdef IPSEC_DOSEQCHECK
2887 /* sync sequence number */
2888 if (mhp->msg->sadb_msg_seq == 0)
2889 newsav->seq =
2890 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2891 else
2892 #endif
2893 newsav->seq = mhp->msg->sadb_msg_seq;
2894 break;
2895
2896 case SADB_ADD:
2897 /* sanity check */
2898 if (mhp->ext[SADB_EXT_SA] == NULL) {
2899 KFREE(newsav);
2900 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2901 *errp = EINVAL;
2902 return NULL;
2903 }
2904 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2905 key_setspi(newsav, xsa->sadb_sa_spi);
2906 newsav->seq = mhp->msg->sadb_msg_seq;
2907 break;
2908 default:
2909 KFREE(newsav);
2910 *errp = EINVAL;
2911 return NULL;
2912 }
2913
2914 /* copy sav values */
2915 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2916 *errp = key_setsaval(newsav, m, mhp);
2917 if (*errp) {
2918 KFREE(newsav);
2919 return NULL;
2920 }
2921 }
2922
2923 /* reset created */
2924 newsav->created = time_second;
2925
2926 newsav->pid = mhp->msg->sadb_msg_pid;
2927
2928 /* add to satree */
2929 newsav->sah = sah;
2930 newsav->refcnt = 1;
2931 newsav->state = SADB_SASTATE_LARVAL;
2932 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2933 secasvar, chain);
2934
2935 return newsav;
2936 }
2937
2938 /*
2939 * search SAD.
2940 * OUT:
2941 * NULL : not found
2942 * others : found, pointer to a SA.
2943 */
2944 static struct secashead *
2945 key_getsah(saidx)
2946 struct secasindex *saidx;
2947 {
2948 struct secashead *sah;
2949
2950 LIST_FOREACH(sah, &sahtree, chain) {
2951 if (sah->state == SADB_SASTATE_DEAD)
2952 continue;
2953 if (key_cmpsaidx_exactly(&sah->saidx, saidx))
2954 return (sah);
2955 }
2956
2957 return NULL;
2958 }
2959
2960 /*
2961 * check not to be duplicated SPI.
2962 * NOTE: this function is too slow due to searching all SAD.
2963 * OUT:
2964 * NULL : not found
2965 * others : found, pointer to a SA.
2966 */
2967 static struct secasvar *
2968 key_checkspidup(saidx, spi)
2969 struct secasindex *saidx;
2970 u_int32_t spi;
2971 {
2972 struct secasvar *sav;
2973 u_int stateidx, state;
2974
2975 /* check address family */
2976 if (saidx->src.ss_family != saidx->dst.ss_family) {
2977 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2978 return NULL;
2979 }
2980
2981 /* check all SAD */
2982 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2983 if (sav->spi != spi)
2984 continue;
2985 for (stateidx = 0;
2986 stateidx < _ARRAYLEN(saorder_state_alive);
2987 stateidx++) {
2988 state = saorder_state_alive[stateidx];
2989 if (sav->state == state &&
2990 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
2991 return sav;
2992 }
2993 }
2994
2995 return NULL;
2996 }
2997
2998 static void
2999 key_setspi(sav, spi)
3000 struct secasvar *sav;
3001 u_int32_t spi;
3002 {
3003 int s;
3004
3005 s = splsoftnet();
3006 sav->spi = spi;
3007 if (sav->spihash.le_prev || sav->spihash.le_next)
3008 LIST_REMOVE(sav, spihash);
3009 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
3010 splx(s);
3011 }
3012
3013 /*
3014 * search SAD litmited alive SA, protocol, SPI.
3015 * OUT:
3016 * NULL : not found
3017 * others : found, pointer to a SA.
3018 */
3019 static struct secasvar *
3020 key_getsavbyspi(sah, spi)
3021 struct secashead *sah;
3022 u_int32_t spi;
3023 {
3024 struct secasvar *sav, *match;
3025 u_int stateidx, state, matchidx;
3026
3027 match = NULL;
3028 matchidx = _ARRAYLEN(saorder_state_alive);
3029 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
3030 if (sav->spi != spi)
3031 continue;
3032 if (sav->sah != sah)
3033 continue;
3034 for (stateidx = 0; stateidx < matchidx; stateidx++) {
3035 state = saorder_state_alive[stateidx];
3036 if (sav->state == state) {
3037 match = sav;
3038 matchidx = stateidx;
3039 break;
3040 }
3041 }
3042 }
3043
3044 return match;
3045 }
3046
3047 /*
3048 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3049 * You must update these if need.
3050 * OUT: 0: success.
3051 * !0: failure.
3052 *
3053 * does not modify mbuf. does not free mbuf on error.
3054 */
3055 static int
3056 key_setsaval(sav, m, mhp)
3057 struct secasvar *sav;
3058 struct mbuf *m;
3059 const struct sadb_msghdr *mhp;
3060 {
3061 #ifdef IPSEC_ESP
3062 const struct esp_algorithm *algo;
3063 #endif
3064 int error = 0;
3065
3066 /* sanity check */
3067 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3068 panic("key_setsaval: NULL pointer is passed.");
3069
3070 /* initialization */
3071 sav->replay = NULL;
3072 sav->key_auth = NULL;
3073 sav->key_enc = NULL;
3074 sav->sched = NULL;
3075 sav->schedlen = 0;
3076 sav->iv = NULL;
3077 sav->lft_c = NULL;
3078 sav->lft_h = NULL;
3079 sav->lft_s = NULL;
3080 #ifdef IPSEC_NAT_T
3081 sav->natt_type = 0;
3082 sav->esp_frag = 0;
3083 #endif
3084
3085 /* SA */
3086 if (mhp->ext[SADB_EXT_SA] != NULL) {
3087 const struct sadb_sa *sa0;
3088
3089 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3090 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3091 error = EINVAL;
3092 goto fail;
3093 }
3094
3095 sav->alg_auth = sa0->sadb_sa_auth;
3096 sav->alg_enc = sa0->sadb_sa_encrypt;
3097 sav->flags = sa0->sadb_sa_flags;
3098
3099 /* replay window */
3100 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3101 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3102 if (sav->replay == NULL) {
3103 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3104 error = ENOBUFS;
3105 goto fail;
3106 }
3107 }
3108 }
3109
3110 /* Authentication keys */
3111 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3112 const struct sadb_key *key0;
3113 int len;
3114
3115 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3116 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3117
3118 error = 0;
3119 if (len < sizeof(*key0)) {
3120 error = EINVAL;
3121 goto fail;
3122 }
3123 switch (mhp->msg->sadb_msg_satype) {
3124 case SADB_SATYPE_AH:
3125 case SADB_SATYPE_ESP:
3126 case SADB_X_SATYPE_TCPSIGNATURE:
3127 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3128 sav->alg_auth != SADB_X_AALG_NULL)
3129 error = EINVAL;
3130 break;
3131 case SADB_X_SATYPE_IPCOMP:
3132 default:
3133 error = EINVAL;
3134 break;
3135 }
3136 if (error) {
3137 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3138 goto fail;
3139 }
3140
3141 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3142 if (sav->key_auth == NULL) {
3143 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3144 error = ENOBUFS;
3145 goto fail;
3146 }
3147 }
3148
3149 /* Encryption key */
3150 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3151 const struct sadb_key *key0;
3152 int len;
3153
3154 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3155 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3156
3157 error = 0;
3158 if (len < sizeof(*key0)) {
3159 error = EINVAL;
3160 goto fail;
3161 }
3162 switch (mhp->msg->sadb_msg_satype) {
3163 case SADB_SATYPE_ESP:
3164 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3165 sav->alg_enc != SADB_EALG_NULL) {
3166 error = EINVAL;
3167 break;
3168 }
3169 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3170 if (sav->key_enc == NULL) {
3171 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3172 error = ENOBUFS;
3173 goto fail;
3174 }
3175 break;
3176 case SADB_X_SATYPE_IPCOMP:
3177 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3178 error = EINVAL;
3179 sav->key_enc = NULL; /*just in case*/
3180 break;
3181 case SADB_SATYPE_AH:
3182 case SADB_X_SATYPE_TCPSIGNATURE:
3183 default:
3184 error = EINVAL;
3185 break;
3186 }
3187 if (error) {
3188 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3189 goto fail;
3190 }
3191 }
3192
3193 /* set iv */
3194 sav->ivlen = 0;
3195
3196 switch (mhp->msg->sadb_msg_satype) {
3197 case SADB_SATYPE_ESP:
3198 #ifdef IPSEC_ESP
3199 algo = esp_algorithm_lookup(sav->alg_enc);
3200 if (algo && algo->ivlen)
3201 sav->ivlen = (*algo->ivlen)(algo, sav);
3202 if (sav->ivlen == 0)
3203 break;
3204 KMALLOC(sav->iv, void *, sav->ivlen);
3205 if (sav->iv == 0) {
3206 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3207 error = ENOBUFS;
3208 goto fail;
3209 }
3210
3211 /* initialize */
3212 key_randomfill(sav->iv, sav->ivlen);
3213 #endif
3214 break;
3215 case SADB_SATYPE_AH:
3216 break;
3217 case SADB_X_SATYPE_IPCOMP:
3218 break;
3219 case SADB_X_SATYPE_TCPSIGNATURE:
3220 if (sav->alg_enc != SADB_EALG_NONE) {
3221 ipseclog((LOG_DEBUG, "key_setsaval: protocol and "
3222 "algorithm mismatched.\n"));
3223 error = EINVAL;
3224 goto fail;
3225 }
3226 break;
3227 default:
3228 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3229 error = EINVAL;
3230 goto fail;
3231 }
3232
3233 /* reset created */
3234 sav->created = time_second;
3235
3236 /* make lifetime for CURRENT */
3237 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3238 sizeof(struct sadb_lifetime));
3239 if (sav->lft_c == NULL) {
3240 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3241 error = ENOBUFS;
3242 goto fail;
3243 }
3244
3245 sav->lft_c->sadb_lifetime_len =
3246 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3247 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3248 sav->lft_c->sadb_lifetime_allocations = 0;
3249 sav->lft_c->sadb_lifetime_bytes = 0;
3250 sav->lft_c->sadb_lifetime_addtime = time_second;
3251 sav->lft_c->sadb_lifetime_usetime = 0;
3252
3253 /* lifetimes for HARD and SOFT */
3254 {
3255 const struct sadb_lifetime *lft0;
3256
3257 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3258 if (lft0 != NULL) {
3259 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3260 error = EINVAL;
3261 goto fail;
3262 }
3263 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3264 sizeof(*lft0));
3265 if (sav->lft_h == NULL) {
3266 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3267 error = ENOBUFS;
3268 goto fail;
3269 }
3270 /* we no longer support byte lifetime */
3271 if (sav->lft_h->sadb_lifetime_bytes) {
3272 error = EINVAL;
3273 goto fail;
3274 }
3275 /* initialize? */
3276 }
3277
3278 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3279 if (lft0 != NULL) {
3280 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3281 error = EINVAL;
3282 goto fail;
3283 }
3284 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3285 sizeof(*lft0));
3286 if (sav->lft_s == NULL) {
3287 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3288 error = ENOBUFS;
3289 goto fail;
3290 }
3291 /* we no longer support byte lifetime */
3292 if (sav->lft_s->sadb_lifetime_bytes) {
3293 error = EINVAL;
3294 goto fail;
3295 }
3296 /* initialize? */
3297 }
3298 }
3299
3300 return 0;
3301
3302 fail:
3303 /* initialization */
3304 if (sav->replay != NULL) {
3305 keydb_delsecreplay(sav->replay);
3306 sav->replay = NULL;
3307 }
3308 if (sav->key_auth != NULL) {
3309 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3310 KFREE(sav->key_auth);
3311 sav->key_auth = NULL;
3312 }
3313 if (sav->key_enc != NULL) {
3314 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3315 KFREE(sav->key_enc);
3316 sav->key_enc = NULL;
3317 }
3318 if (sav->sched) {
3319 bzero(sav->sched, sav->schedlen);
3320 KFREE(sav->sched);
3321 sav->sched = NULL;
3322 }
3323 if (sav->iv != NULL) {
3324 KFREE(sav->iv);
3325 sav->iv = NULL;
3326 }
3327 if (sav->lft_c != NULL) {
3328 KFREE(sav->lft_c);
3329 sav->lft_c = NULL;
3330 }
3331 if (sav->lft_h != NULL) {
3332 KFREE(sav->lft_h);
3333 sav->lft_h = NULL;
3334 }
3335 if (sav->lft_s != NULL) {
3336 KFREE(sav->lft_s);
3337 sav->lft_s = NULL;
3338 }
3339
3340 return error;
3341 }
3342
3343 /*
3344 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3345 * OUT: 0: valid
3346 * other: errno
3347 */
3348 static int
3349 key_mature(sav)
3350 struct secasvar *sav;
3351 {
3352 int mature;
3353 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3354 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3355
3356 mature = 0;
3357
3358 /* check SPI value */
3359 switch (sav->sah->saidx.proto) {
3360 case IPPROTO_ESP:
3361 case IPPROTO_AH:
3362 if (ntohl(sav->spi) <= 255) {
3363 ipseclog((LOG_DEBUG,
3364 "key_mature: illegal range of SPI %u.\n",
3365 (u_int32_t)ntohl(sav->spi)));
3366 return EINVAL;
3367 }
3368 break;
3369 case IPPROTO_TCP:
3370 if (ntohl(sav->spi) != 0x1000) { /*TCP_SIG_SPI*/
3371 ipseclog((LOG_DEBUG,
3372 "key_mature: SPI must be 0x1000 for TCPMD5.\n"));
3373 return (EINVAL);
3374 }
3375 break;
3376 case IPPROTO_IPV4:
3377 case IPPROTO_IPV6:
3378 break;
3379 }
3380
3381 /* check satype */
3382 switch (sav->sah->saidx.proto) {
3383 #ifdef IPSEC_ESP
3384 case IPPROTO_ESP:
3385 /* check flags */
3386 if ((sav->flags & SADB_X_EXT_OLD) &&
3387 (sav->flags & SADB_X_EXT_DERIV)) {
3388 ipseclog((LOG_DEBUG, "key_mature: "
3389 "invalid flag (derived) given to old-esp.\n"));
3390 return EINVAL;
3391 }
3392 if (sav->alg_auth == SADB_AALG_NONE)
3393 checkmask = 1;
3394 else
3395 checkmask = 3;
3396 mustmask = 1;
3397 break;
3398 #endif
3399 case IPPROTO_AH:
3400 /* check flags */
3401 if (sav->flags & SADB_X_EXT_DERIV) {
3402 ipseclog((LOG_DEBUG, "key_mature: "
3403 "invalid flag (derived) given to AH SA.\n"));
3404 return EINVAL;
3405 }
3406 if (sav->alg_enc != SADB_EALG_NONE) {
3407 ipseclog((LOG_DEBUG, "key_mature: "
3408 "protocol and algorithm mismated.\n"));
3409 return (EINVAL);
3410 }
3411 checkmask = 2;
3412 mustmask = 2;
3413 break;
3414 case IPPROTO_IPCOMP:
3415 if (sav->alg_auth != SADB_AALG_NONE) {
3416 ipseclog((LOG_DEBUG, "key_mature: "
3417 "protocol and algorithm mismated.\n"));
3418 return (EINVAL);
3419 }
3420 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3421 ntohl(sav->spi) >= 0x10000) {
3422 ipseclog((LOG_DEBUG,
3423 "key_mature: invalid cpi for IPComp.\n"));
3424 return (EINVAL);
3425 }
3426 checkmask = 4;
3427 mustmask = 4;
3428 break;
3429 case IPPROTO_TCP:
3430 if (sav->alg_enc != SADB_EALG_NONE) {
3431 ipseclog((LOG_DEBUG, "key_mature: "
3432 "encryption algorithm must be null for TCPMD5.\n"));
3433 return (EINVAL);
3434 }
3435 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
3436 ipseclog((LOG_DEBUG, "key_mature: "
3437 "auth algorithm must be tcp-md5 for TCPMD5.\n"));
3438 return (EINVAL);
3439 }
3440 checkmask = 0;
3441 break;
3442 case IPPROTO_IPV4:
3443 case IPPROTO_IPV6:
3444 break;
3445 default:
3446 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3447 return EPROTONOSUPPORT;
3448 }
3449
3450 /* check authentication algorithm */
3451 if ((checkmask & 2) != 0) {
3452 const struct ah_algorithm *algo;
3453 int keylen;
3454
3455 algo = ah_algorithm_lookup(sav->alg_auth);
3456 if (!algo) {
3457 ipseclog((LOG_DEBUG,"key_mature: "
3458 "unknown authentication algorithm.\n"));
3459 return EINVAL;
3460 }
3461
3462 /* algorithm-dependent check */
3463 if (sav->key_auth)
3464 keylen = sav->key_auth->sadb_key_bits;
3465 else
3466 keylen = 0;
3467 if (keylen < algo->keymin || algo->keymax < keylen) {
3468 ipseclog((LOG_DEBUG,
3469 "key_mature: invalid AH key length %d "
3470 "(%d-%d allowed)\n",
3471 keylen, algo->keymin, algo->keymax));
3472 return EINVAL;
3473 }
3474
3475 if (algo->mature) {
3476 if ((*algo->mature)(sav)) {
3477 /* message generated in per-algorithm function*/
3478 return EINVAL;
3479 } else
3480 mature = SADB_SATYPE_AH;
3481 }
3482
3483 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3484 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3485 return EINVAL;
3486 }
3487 }
3488
3489 /* check encryption algorithm */
3490 if ((checkmask & 1) != 0) {
3491 #ifdef IPSEC_ESP
3492 const struct esp_algorithm *algo;
3493 int keylen;
3494
3495 algo = esp_algorithm_lookup(sav->alg_enc);
3496 if (!algo) {
3497 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3498 return EINVAL;
3499 }
3500
3501 /* algorithm-dependent check */
3502 if (sav->key_enc)
3503 keylen = sav->key_enc->sadb_key_bits;
3504 else
3505 keylen = 0;
3506 if (keylen < algo->keymin || algo->keymax < keylen) {
3507 ipseclog((LOG_DEBUG,
3508 "key_mature: invalid ESP key length %d "
3509 "(%d-%d allowed)\n",
3510 keylen, algo->keymin, algo->keymax));
3511 return EINVAL;
3512 }
3513
3514 if (algo->mature) {
3515 if ((*algo->mature)(sav)) {
3516 /* message generated in per-algorithm function*/
3517 return EINVAL;
3518 } else
3519 mature = SADB_SATYPE_ESP;
3520 }
3521
3522 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3523 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3524 return EINVAL;
3525 }
3526 #else /*IPSEC_ESP*/
3527 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3528 return EINVAL;
3529 #endif
3530 }
3531
3532 /* check compression algorithm */
3533 if ((checkmask & 4) != 0) {
3534 const struct ipcomp_algorithm *algo;
3535
3536 /* algorithm-dependent check */
3537 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3538 if (!algo) {
3539 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3540 return EINVAL;
3541 }
3542 }
3543
3544 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3545 return (0);
3546 }
3547
3548 /*
3549 * subroutine for SADB_GET and SADB_DUMP.
3550 */
3551 static struct mbuf *
3552 key_setdumpsa(sav, type, satype, seq, pid)
3553 struct secasvar *sav;
3554 u_int8_t type, satype;
3555 u_int32_t seq, pid;
3556 {
3557 struct mbuf *result = NULL, *tres = NULL, *m;
3558 int l = 0;
3559 int i;
3560 void *p;
3561 int dumporder[] = {
3562 SADB_EXT_SA, SADB_X_EXT_SA2,
3563 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3564 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3565 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3566 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3567 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3568 #ifdef IPSEC_NAT_T
3569 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
3570 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OA,
3571 SADB_X_EXT_NAT_T_FRAG,
3572 #endif
3573 };
3574
3575 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3576 if (m == NULL)
3577 goto fail;
3578 result = m;
3579
3580 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3581 m = NULL;
3582 p = NULL;
3583 switch (dumporder[i]) {
3584 case SADB_EXT_SA:
3585 m = key_setsadbsa(sav);
3586 if (!m)
3587 goto fail;
3588 break;
3589
3590 case SADB_X_EXT_SA2:
3591 m = key_setsadbxsa2(sav->sah->saidx.mode,
3592 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
3593 sav->sah->saidx.reqid);
3594 if (!m)
3595 goto fail;
3596 break;
3597
3598 case SADB_EXT_ADDRESS_SRC:
3599 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3600 (struct sockaddr *)&sav->sah->saidx.src,
3601 FULLMASK, IPSEC_ULPROTO_ANY);
3602 if (!m)
3603 goto fail;
3604 break;
3605
3606 case SADB_EXT_ADDRESS_DST:
3607 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3608 (struct sockaddr *)&sav->sah->saidx.dst,
3609 FULLMASK, IPSEC_ULPROTO_ANY);
3610 if (!m)
3611 goto fail;
3612 break;
3613
3614 case SADB_EXT_KEY_AUTH:
3615 if (!sav->key_auth)
3616 continue;
3617 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3618 p = sav->key_auth;
3619 break;
3620
3621 case SADB_EXT_KEY_ENCRYPT:
3622 if (!sav->key_enc)
3623 continue;
3624 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3625 p = sav->key_enc;
3626 break;
3627
3628 case SADB_EXT_LIFETIME_CURRENT:
3629 if (!sav->lft_c)
3630 continue;
3631 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3632 p = sav->lft_c;
3633 break;
3634
3635 case SADB_EXT_LIFETIME_HARD:
3636 if (!sav->lft_h)
3637 continue;
3638 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3639 p = sav->lft_h;
3640 break;
3641
3642 case SADB_EXT_LIFETIME_SOFT:
3643 if (!sav->lft_s)
3644 continue;
3645 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3646 p = sav->lft_s;
3647 break;
3648
3649 #ifdef IPSEC_NAT_T
3650 case SADB_X_EXT_NAT_T_TYPE:
3651 if ((m = key_setsadbxtype(sav->natt_type)) == NULL)
3652 goto fail;
3653 break;
3654
3655 case SADB_X_EXT_NAT_T_DPORT:
3656 if ((m = key_setsadbxport(KEY_PORTFROMSADDR
3657 (&sav->sah->saidx.dst),
3658 SADB_X_EXT_NAT_T_DPORT)) == NULL)
3659 goto fail;
3660 break;
3661
3662 case SADB_X_EXT_NAT_T_SPORT:
3663 if ((m = key_setsadbxport(KEY_PORTFROMSADDR
3664 (&sav->sah->saidx.src),
3665 SADB_X_EXT_NAT_T_SPORT)) == NULL)
3666 goto fail;
3667 break;
3668
3669 case SADB_X_EXT_NAT_T_OA:
3670 case SADB_X_EXT_NAT_T_FRAG:
3671 continue;
3672 #endif
3673 case SADB_EXT_ADDRESS_PROXY:
3674 case SADB_EXT_IDENTITY_SRC:
3675 case SADB_EXT_IDENTITY_DST:
3676 /* XXX: should we brought from SPD ? */
3677 case SADB_EXT_SENSITIVITY:
3678 default:
3679 continue;
3680 }
3681
3682 if ((!m && !p) || (m && p))
3683 goto fail;
3684 if (p && tres) {
3685 M_PREPEND(tres, l, M_DONTWAIT);
3686 if (!tres)
3687 goto fail;
3688 bcopy(p, mtod(tres, void *), l);
3689 continue;
3690 }
3691 if (p) {
3692 m = key_alloc_mbuf(l);
3693 if (!m)
3694 goto fail;
3695 m_copyback(m, 0, l, p);
3696 }
3697
3698 if (tres)
3699 m_cat(m, tres);
3700 tres = m;
3701 }
3702
3703 m_cat(result, tres);
3704
3705 if (result->m_len < sizeof(struct sadb_msg)) {
3706 result = m_pullup(result, sizeof(struct sadb_msg));
3707 if (result == NULL)
3708 goto fail;
3709 }
3710
3711 result->m_pkthdr.len = 0;
3712 for (m = result; m; m = m->m_next)
3713 result->m_pkthdr.len += m->m_len;
3714
3715 mtod(result, struct sadb_msg *)->sadb_msg_len =
3716 PFKEY_UNIT64(result->m_pkthdr.len);
3717
3718 return result;
3719
3720 fail:
3721 m_freem(result);
3722 m_freem(tres);
3723 return NULL;
3724 }
3725
3726 /*
3727 * set data into sadb_msg.
3728 */
3729 static struct mbuf *
3730 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3731 u_int8_t type, satype;
3732 u_int16_t tlen;
3733 u_int32_t seq;
3734 pid_t pid;
3735 u_int16_t reserved;
3736 {
3737 struct mbuf *m;
3738 struct sadb_msg *p;
3739 int len;
3740
3741 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3742 if (len > MCLBYTES)
3743 return NULL;
3744 MGETHDR(m, M_DONTWAIT, MT_DATA);
3745 if (m && len > MHLEN) {
3746 MCLGET(m, M_DONTWAIT);
3747 if ((m->m_flags & M_EXT) == 0) {
3748 m_freem(m);
3749 m = NULL;
3750 }
3751 }
3752 if (!m)
3753 return NULL;
3754 m->m_pkthdr.len = m->m_len = len;
3755 m->m_next = NULL;
3756
3757 p = mtod(m, struct sadb_msg *);
3758
3759 bzero(p, len);
3760 p->sadb_msg_version = PF_KEY_V2;
3761 p->sadb_msg_type = type;
3762 p->sadb_msg_errno = 0;
3763 p->sadb_msg_satype = satype;
3764 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3765 p->sadb_msg_reserved = reserved;
3766 p->sadb_msg_seq = seq;
3767 p->sadb_msg_pid = (u_int32_t)pid;
3768
3769 return m;
3770 }
3771
3772 /*
3773 * copy secasvar data into sadb_address.
3774 */
3775 static struct mbuf *
3776 key_setsadbsa(sav)
3777 struct secasvar *sav;
3778 {
3779 struct mbuf *m;
3780 struct sadb_sa *p;
3781 int len;
3782
3783 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3784 m = key_alloc_mbuf(len);
3785 if (!m || m->m_next) { /*XXX*/
3786 if (m)
3787 m_freem(m);
3788 return NULL;
3789 }
3790
3791 p = mtod(m, struct sadb_sa *);
3792
3793 bzero(p, len);
3794 p->sadb_sa_len = PFKEY_UNIT64(len);
3795 p->sadb_sa_exttype = SADB_EXT_SA;
3796 p->sadb_sa_spi = sav->spi;
3797 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3798 p->sadb_sa_state = sav->state;
3799 p->sadb_sa_auth = sav->alg_auth;
3800 p->sadb_sa_encrypt = sav->alg_enc;
3801 p->sadb_sa_flags = sav->flags;
3802
3803 return m;
3804 }
3805
3806 /*
3807 * set data into sadb_address.
3808 */
3809 static struct mbuf *
3810 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
3811 u_int16_t exttype;
3812 struct sockaddr *saddr;
3813 u_int8_t prefixlen;
3814 u_int16_t ul_proto;
3815 {
3816 struct mbuf *m;
3817 struct sadb_address *p;
3818 size_t len;
3819
3820 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3821 PFKEY_ALIGN8(saddr->sa_len);
3822 m = key_alloc_mbuf(len);
3823 if (!m || m->m_next) { /*XXX*/
3824 if (m)
3825 m_freem(m);
3826 return NULL;
3827 }
3828
3829 p = mtod(m, struct sadb_address *);
3830
3831 bzero(p, len);
3832 p->sadb_address_len = PFKEY_UNIT64(len);
3833 p->sadb_address_exttype = exttype;
3834 p->sadb_address_proto = ul_proto;
3835 if (prefixlen == FULLMASK) {
3836 switch (saddr->sa_family) {
3837 case AF_INET:
3838 prefixlen = sizeof(struct in_addr) << 3;
3839 break;
3840 case AF_INET6:
3841 prefixlen = sizeof(struct in6_addr) << 3;
3842 break;
3843 default:
3844 ; /*XXX*/
3845 }
3846 }
3847 p->sadb_address_prefixlen = prefixlen;
3848 p->sadb_address_reserved = 0;
3849
3850 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3851 saddr, saddr->sa_len);
3852
3853 return m;
3854 }
3855
3856 #if 0
3857 /*
3858 * set data into sadb_ident.
3859 */
3860 static struct mbuf *
3861 key_setsadbident(exttype, idtype, string, stringlen, id)
3862 u_int16_t exttype, idtype;
3863 void *string;
3864 int stringlen;
3865 u_int64_t id;
3866 {
3867 struct mbuf *m;
3868 struct sadb_ident *p;
3869 size_t len;
3870
3871 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3872 m = key_alloc_mbuf(len);
3873 if (!m || m->m_next) { /*XXX*/
3874 if (m)
3875 m_freem(m);
3876 return NULL;
3877 }
3878
3879 p = mtod(m, struct sadb_ident *);
3880
3881 bzero(p, len);
3882 p->sadb_ident_len = PFKEY_UNIT64(len);
3883 p->sadb_ident_exttype = exttype;
3884 p->sadb_ident_type = idtype;
3885 p->sadb_ident_reserved = 0;
3886 p->sadb_ident_id = id;
3887
3888 bcopy(string,
3889 mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3890 stringlen);
3891
3892 return m;
3893 }
3894 #endif
3895
3896 /*
3897 * set data into sadb_x_sa2.
3898 */
3899 static struct mbuf *
3900 key_setsadbxsa2(mode, seq, reqid)
3901 u_int8_t mode;
3902 u_int32_t seq;
3903 u_int16_t reqid;
3904 {
3905 struct mbuf *m;
3906 struct sadb_x_sa2 *p;
3907 size_t len;
3908
3909 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3910 m = key_alloc_mbuf(len);
3911 if (!m || m->m_next) { /*XXX*/
3912 if (m)
3913 m_freem(m);
3914 return NULL;
3915 }
3916
3917 p = mtod(m, struct sadb_x_sa2 *);
3918
3919 bzero(p, len);
3920 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3921 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3922 p->sadb_x_sa2_mode = mode;
3923 p->sadb_x_sa2_reserved1 = 0;
3924 p->sadb_x_sa2_reserved2 = 0;
3925 p->sadb_x_sa2_sequence = seq;
3926 p->sadb_x_sa2_reqid = reqid;
3927
3928 return m;
3929 }
3930
3931 #ifdef SADB_X_EXT_TAG
3932 /*
3933 * set data into sadb_x_tag.
3934 */
3935 static struct mbuf *
3936 key_setsadbxtag(tag)
3937 u_int16_t tag;
3938 {
3939 struct mbuf *m;
3940 struct sadb_x_tag *p;
3941 size_t len;
3942
3943 len = PFKEY_ALIGN8(sizeof(struct sadb_x_tag));
3944 m = key_alloc_mbuf(len);
3945 if (!m || m->m_next) { /*XXX*/
3946 if (m)
3947 m_freem(m);
3948 return NULL;
3949 }
3950
3951 p = mtod(m, struct sadb_x_tag *);
3952
3953 bzero(p, len);
3954 p->sadb_x_tag_len = PFKEY_UNIT64(len);
3955 p->sadb_x_tag_exttype = SADB_X_EXT_TAG;
3956 m_nametag_tag2tagname(tag, p->sadb_x_tag_name);
3957
3958 return m;
3959 }
3960 #endif
3961
3962 #ifdef IPSEC_NAT_T
3963 /*
3964 * set a type in sadb_x_nat_t_type
3965 */
3966 static struct mbuf *
3967 key_setsadbxtype(type)
3968 u_int16_t type;
3969 {
3970 struct mbuf *m;
3971 size_t len;
3972 struct sadb_x_nat_t_type *p;
3973
3974 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
3975
3976 m = key_alloc_mbuf(len);
3977 if (!m || m->m_next) { /*XXX*/
3978 if (m)
3979 m_freem(m);
3980 return NULL;
3981 }
3982
3983 p = mtod(m, struct sadb_x_nat_t_type *);
3984
3985 bzero(p, len);
3986 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3987 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3988 p->sadb_x_nat_t_type_type = type;
3989
3990 return m;
3991 }
3992 /*
3993 * set a port in sadb_x_nat_t_port. port is in network order
3994 */
3995 static struct mbuf *
3996 key_setsadbxport(port, type)
3997 u_int16_t port;
3998 u_int16_t type;
3999 {
4000 struct mbuf *m;
4001 size_t len;
4002 struct sadb_x_nat_t_port *p;
4003
4004 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
4005
4006 m = key_alloc_mbuf(len);
4007 if (!m || m->m_next) { /*XXX*/
4008 if (m)
4009 m_freem(m);
4010 return NULL;
4011 }
4012
4013 p = mtod(m, struct sadb_x_nat_t_port *);
4014
4015 bzero(p, len);
4016 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
4017 p->sadb_x_nat_t_port_exttype = type;
4018 p->sadb_x_nat_t_port_port = port;
4019
4020 return m;
4021 }
4022
4023 /*
4024 * Get port from sockaddr, port is in network order
4025 */
4026 u_int16_t
4027 key_portfromsaddr(saddr)
4028 struct sockaddr *saddr;
4029 {
4030 u_int16_t port;
4031
4032 switch (saddr->sa_family) {
4033 case AF_INET: {
4034 struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4035
4036 port = sin->sin_port;
4037 break;
4038 }
4039 #ifdef INET6
4040 case AF_INET6: {
4041 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4042
4043 port = sin6->sin6_port;
4044 break;
4045 }
4046 #endif
4047 default:
4048 printf("key_portfromsaddr: unexpected address family\n");
4049 port = 0;
4050 break;
4051 }
4052
4053 return port;
4054 }
4055 #endif /* IPSEC_NAT_T */
4056
4057 /*
4058 * Set port is struct sockaddr. port is in network order
4059 */
4060 static void
4061 key_porttosaddr(saddr, port)
4062 struct sockaddr *saddr;
4063 u_int16_t port;
4064 {
4065 switch (saddr->sa_family) {
4066 case AF_INET: {
4067 struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4068
4069 sin->sin_port = port;
4070 break;
4071 }
4072 #ifdef INET6
4073 case AF_INET6: {
4074 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4075
4076 sin6->sin6_port = port;
4077 break;
4078 }
4079 #endif
4080 default:
4081 printf("key_porttosaddr: unexpected address family %d\n",
4082 saddr->sa_family);
4083 break;
4084 }
4085
4086 return;
4087 }
4088
4089 /*
4090 * Safety check sa_len
4091 */
4092 static int
4093 key_checksalen(saddr)
4094 const struct sockaddr *saddr;
4095 {
4096 switch (saddr->sa_family) {
4097 case AF_INET:
4098 if (saddr->sa_len != sizeof(struct sockaddr_in))
4099 return -1;
4100 break;
4101 #ifdef INET6
4102 case AF_INET6:
4103 if (saddr->sa_len != sizeof(struct sockaddr_in6))
4104 return -1;
4105 break;
4106 #endif
4107 default:
4108 printf("key_checksalen: unexpected sa_family %d\n",
4109 saddr->sa_family);
4110 return -1;
4111 break;
4112 }
4113
4114 return 0;
4115 }
4116
4117 /*
4118 * set data into sadb_lifetime
4119 */
4120 static struct mbuf *
4121 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
4122 u_int16_t type;
4123 u_int32_t alloc;
4124 u_int64_t bytes, addtime, usetime;
4125 {
4126 struct mbuf *m;
4127 struct sadb_lifetime *p;
4128 size_t len;
4129
4130 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
4131 m = key_alloc_mbuf(len);
4132 if (!m || m->m_next) { /*XXX*/
4133 if (m)
4134 m_freem(m);
4135 return NULL;
4136 }
4137
4138 p = mtod(m, struct sadb_lifetime *);
4139
4140 bzero(p, len);
4141 p->sadb_lifetime_len = PFKEY_UNIT64(len);
4142 p->sadb_lifetime_exttype = type;
4143 p->sadb_lifetime_allocations = alloc;
4144 p->sadb_lifetime_bytes = bytes;
4145 p->sadb_lifetime_addtime = addtime;
4146 p->sadb_lifetime_usetime = usetime;
4147
4148 return m;
4149 }
4150
4151 /*
4152 * set data into sadb_x_policy
4153 */
4154 static struct mbuf *
4155 key_setsadbxpolicy(type, dir, id)
4156 u_int16_t type;
4157 u_int8_t dir;
4158 u_int32_t id;
4159 {
4160 struct mbuf *m;
4161 struct sadb_x_policy *p;
4162 size_t len;
4163
4164 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4165 m = key_alloc_mbuf(len);
4166 if (!m || m->m_next) { /*XXX*/
4167 if (m)
4168 m_freem(m);
4169 return NULL;
4170 }
4171
4172 p = mtod(m, struct sadb_x_policy *);
4173
4174 bzero(p, len);
4175 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4176 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4177 p->sadb_x_policy_type = type;
4178 p->sadb_x_policy_dir = dir;
4179 p->sadb_x_policy_id = id;
4180
4181 return m;
4182 }
4183
4184 /* %%% utilities */
4185 /*
4186 * copy a buffer into the new buffer allocated.
4187 */
4188 static void *
4189 key_newbuf(src, len)
4190 const void *src;
4191 u_int len;
4192 {
4193 void *new;
4194
4195 KMALLOC(new, void *, len);
4196 if (new == NULL) {
4197 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
4198 return NULL;
4199 }
4200 bcopy(src, new, len);
4201
4202 return new;
4203 }
4204
4205 /* compare my own address
4206 * OUT: 1: true, i.e. my address.
4207 * 0: false
4208 */
4209 static int
4210 key_ismyaddr(sa)
4211 struct sockaddr *sa;
4212 {
4213 #ifdef INET
4214 struct sockaddr_in *sin;
4215 struct in_ifaddr *ia;
4216 #endif
4217
4218 /* sanity check */
4219 if (sa == NULL)
4220 panic("key_ismyaddr: NULL pointer is passed.");
4221
4222 switch (sa->sa_family) {
4223 #ifdef INET
4224 case AF_INET:
4225 sin = (struct sockaddr_in *)sa;
4226 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_list) {
4227 if (sin->sin_family == ia->ia_addr.sin_family &&
4228 sin->sin_len == ia->ia_addr.sin_len &&
4229 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4230 {
4231 return 1;
4232 }
4233 }
4234 break;
4235 #endif
4236 #ifdef INET6
4237 case AF_INET6:
4238 return key_ismyaddr6((struct sockaddr_in6 *)sa);
4239 #endif
4240 }
4241
4242 return 0;
4243 }
4244
4245 #ifdef INET6
4246 /*
4247 * compare my own address for IPv6.
4248 * 1: ours
4249 * 0: other
4250 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4251 */
4252
4253 static int
4254 key_ismyaddr6(sin6)
4255 struct sockaddr_in6 *sin6;
4256 {
4257 struct in6_ifaddr *ia;
4258 struct in6_multi *in6m;
4259
4260 if (sa6_embedscope(sin6, 0) != 0)
4261 return 0;
4262
4263 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
4264 if (key_sockaddrcmp((struct sockaddr *)&sin6,
4265 (struct sockaddr *)&ia->ia_addr, 0) == 0)
4266 return 1;
4267
4268 /*
4269 * XXX Multicast
4270 * XXX why do we care about multlicast here while we don't care
4271 * about IPv4 multicast??
4272 * XXX scope
4273 */
4274 in6m = NULL;
4275 for ((in6m) = ia->ia6_multiaddrs.lh_first;
4276 (in6m) != NULL &&
4277 !IN6_ARE_ADDR_EQUAL(&(in6m)->in6m_addr, &sin6->sin6_addr);
4278 (in6m) = in6m->in6m_entry.le_next)
4279 continue;
4280 if (in6m)
4281 return 1;
4282 }
4283
4284 /* loopback, just for safety */
4285 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4286 return 1;
4287
4288 return 0;
4289 }
4290 #endif /*INET6*/
4291
4292 /*
4293 * compare two secasindex structure exactly.
4294 * IN:
4295 * saidx0: source, it can be in SAD.
4296 * saidx1: object.
4297 * OUT:
4298 * 1 : equal
4299 * 0 : not equal
4300 */
4301 static int
4302 key_cmpsaidx_exactly(saidx0, saidx1)
4303 struct secasindex *saidx0, *saidx1;
4304 {
4305 /* sanity */
4306 if (saidx0 == NULL && saidx1 == NULL)
4307 return 1;
4308
4309 if (saidx0 == NULL || saidx1 == NULL)
4310 return 0;
4311
4312 if (saidx0->proto != saidx1->proto || saidx0->mode != saidx1->mode ||
4313 saidx0->reqid != saidx1->reqid)
4314 return 0;
4315
4316 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4317 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4318 return 0;
4319
4320 return 1;
4321 }
4322
4323 /*
4324 * compare two secasindex structure with consideration mode.
4325 * don't compare port.
4326 * IN:
4327 * saidx0: source, it is often in SAD.
4328 * saidx1: object, it is often from SPD.
4329 * OUT:
4330 * 1 : equal
4331 * 0 : not equal
4332 */
4333 static int
4334 key_cmpsaidx_withmode(saidx0, saidx1)
4335 struct secasindex *saidx0, *saidx1;
4336 {
4337 int chkport = 0;
4338
4339 /* sanity */
4340 if (saidx0 == NULL && saidx1 == NULL)
4341 return 1;
4342
4343 if (saidx0 == NULL || saidx1 == NULL)
4344 return 0;
4345
4346 if (saidx0->proto != saidx1->proto)
4347 return 0;
4348
4349 /*
4350 * If NAT-T is enabled, check ports for tunnel mode.
4351 * Don't do it for transport mode, as there is no
4352 * port information available in the SP.
4353 */
4354 #ifdef IPSEC_NAT_T
4355 if (saidx1->mode == IPSEC_MODE_TUNNEL)
4356 chkport = 1;
4357 #endif
4358 /*
4359 * If reqid of SPD is non-zero, unique SA is required.
4360 * The result must be of same reqid in this case.
4361 */
4362 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4363 return 0;
4364
4365 if (saidx0->mode != IPSEC_MODE_ANY && saidx0->mode != saidx1->mode)
4366 return 0;
4367
4368 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4369 (struct sockaddr *)&saidx1->src, chkport) != 0) {
4370 return 0;
4371 }
4372 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4373 (struct sockaddr *)&saidx1->dst, chkport) != 0) {
4374 return 0;
4375 }
4376
4377 return 1;
4378 }
4379
4380 /*
4381 * compare two secasindex structure without mode.
4382 * don't compare port.
4383 * IN:
4384 * saidx0: source, it is often in SAD.
4385 * saidx1: object, it is often from user.
4386 * OUT:
4387 * 1 : equal
4388 * 0 : not equal
4389 */
4390 static int
4391 key_cmpsaidx_withoutmode(saidx0, saidx1)
4392 struct secasindex *saidx0, *saidx1;
4393 {
4394 #ifdef IPSEC_NAT_T
4395 int chkport = 1;
4396 #else
4397 int chkport = 0;
4398 #endif
4399
4400 /* sanity */
4401 if (saidx0 == NULL && saidx1 == NULL)
4402 return 1;
4403
4404 if (saidx0 == NULL || saidx1 == NULL)
4405 return 0;
4406
4407 if (saidx0->proto != saidx1->proto)
4408 return 0;
4409
4410 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4411 (struct sockaddr *)&saidx1->src, chkport) != 0) {
4412 return 0;
4413 }
4414 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4415 (struct sockaddr *)&saidx1->dst, chkport) != 0) {
4416 return 0;
4417 }
4418
4419 return 1;
4420 }
4421
4422 /*
4423 * compare two secindex structure exactly.
4424 * IN:
4425 * spidx0: source, it is often in SPD.
4426 * spidx1: object, it is often from PFKEY message.
4427 * OUT:
4428 * 1 : equal
4429 * 0 : not equal
4430 */
4431 int
4432 key_cmpspidx_exactly(spidx0, spidx1)
4433 struct secpolicyindex *spidx0, *spidx1;
4434 {
4435 /* sanity */
4436 if (spidx0 == NULL && spidx1 == NULL)
4437 return 1;
4438
4439 if (spidx0 == NULL || spidx1 == NULL)
4440 return 0;
4441
4442 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
4443 spidx0->ul_proto != spidx1->ul_proto)
4444 return 0;
4445
4446 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4447 (struct sockaddr *)&spidx1->src, 1) != 0) {
4448 return 0;
4449 }
4450 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4451 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4452 return 0;
4453 }
4454
4455 return 1;
4456 }
4457
4458 /*
4459 * compare two secindex structure with mask.
4460 * IN:
4461 * spidx0: source, it is often in SPD.
4462 * spidx1: object, it is often from IP header.
4463 * OUT:
4464 * 1 : equal
4465 * 0 : not equal
4466 */
4467 int
4468 key_cmpspidx_withmask(spidx0, spidx1)
4469 struct secpolicyindex *spidx0, *spidx1;
4470 {
4471 /* sanity */
4472 if (spidx0 == NULL && spidx1 == NULL)
4473 return 1;
4474
4475 if (spidx0 == NULL || spidx1 == NULL)
4476 return 0;
4477
4478 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4479 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4480 spidx0->src.ss_len != spidx1->src.ss_len ||
4481 spidx0->dst.ss_len != spidx1->dst.ss_len)
4482 return 0;
4483
4484 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4485 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4486 spidx0->ul_proto != spidx1->ul_proto)
4487 return 0;
4488
4489 switch (spidx0->src.ss_family) {
4490 case AF_INET:
4491 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
4492 satosin(&spidx0->src)->sin_port !=
4493 satosin(&spidx1->src)->sin_port)
4494 return 0;
4495 if (!key_bbcmp((void *)&satosin(&spidx0->src)->sin_addr,
4496 (void *)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4497 return 0;
4498 break;
4499 case AF_INET6:
4500 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
4501 satosin6(&spidx0->src)->sin6_port !=
4502 satosin6(&spidx1->src)->sin6_port)
4503 return 0;
4504 /*
4505 * scope_id check. if sin6_scope_id is 0, we regard it
4506 * as a wildcard scope, which matches any scope zone ID.
4507 */
4508 if (satosin6(&spidx0->src)->sin6_scope_id &&
4509 satosin6(&spidx1->src)->sin6_scope_id &&
4510 satosin6(&spidx0->src)->sin6_scope_id !=
4511 satosin6(&spidx1->src)->sin6_scope_id)
4512 return 0;
4513 if (!key_bbcmp((void *)&satosin6(&spidx0->src)->sin6_addr,
4514 (void *)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4515 return 0;
4516 break;
4517 default:
4518 /* XXX */
4519 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4520 return 0;
4521 break;
4522 }
4523
4524 switch (spidx0->dst.ss_family) {
4525 case AF_INET:
4526 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
4527 satosin(&spidx0->dst)->sin_port !=
4528 satosin(&spidx1->dst)->sin_port)
4529 return 0;
4530 if (!key_bbcmp((void *)&satosin(&spidx0->dst)->sin_addr,
4531 (void *)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4532 return 0;
4533 break;
4534 case AF_INET6:
4535 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
4536 satosin6(&spidx0->dst)->sin6_port !=
4537 satosin6(&spidx1->dst)->sin6_port)
4538 return 0;
4539 /*
4540 * scope_id check. if sin6_scope_id is 0, we regard it
4541 * as a wildcard scope, which matches any scope zone ID.
4542 */
4543 if (satosin6(&spidx0->src)->sin6_scope_id &&
4544 satosin6(&spidx1->src)->sin6_scope_id &&
4545 satosin6(&spidx0->dst)->sin6_scope_id !=
4546 satosin6(&spidx1->dst)->sin6_scope_id)
4547 return 0;
4548 if (!key_bbcmp((void *)&satosin6(&spidx0->dst)->sin6_addr,
4549 (void *)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4550 return 0;
4551 break;
4552 default:
4553 /* XXX */
4554 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4555 return 0;
4556 break;
4557 }
4558
4559 /* XXX Do we check other field ? e.g. flowinfo */
4560
4561 return 1;
4562 }
4563
4564 /* returns 0 on match */
4565 static int
4566 key_sockaddrcmp(sa1, sa2, port)
4567 struct sockaddr *sa1;
4568 struct sockaddr *sa2;
4569 int port;
4570 {
4571 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4572 return 1;
4573
4574 switch (sa1->sa_family) {
4575 case AF_INET:
4576 if (sa1->sa_len != sizeof(struct sockaddr_in))
4577 return 1;
4578 if (satosin(sa1)->sin_addr.s_addr !=
4579 satosin(sa2)->sin_addr.s_addr) {
4580 return 1;
4581 }
4582 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4583 return 1;
4584 break;
4585 case AF_INET6:
4586 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4587 return 1; /*EINVAL*/
4588 if (satosin6(sa1)->sin6_scope_id !=
4589 satosin6(sa2)->sin6_scope_id) {
4590 return 1;
4591 }
4592 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4593 &satosin6(sa2)->sin6_addr)) {
4594 return 1;
4595 }
4596 if (port &&
4597 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4598 return 1;
4599 }
4600 break;
4601 default:
4602 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4603 return 1;
4604 break;
4605 }
4606
4607 return 0;
4608 }
4609
4610 /*
4611 * compare two buffers with mask.
4612 * IN:
4613 * addr1: source
4614 * addr2: object
4615 * bits: Number of bits to compare
4616 * OUT:
4617 * 1 : equal
4618 * 0 : not equal
4619 */
4620 static int
4621 key_bbcmp(p1v, p2v, bits)
4622 void *p1v, *p2v;
4623 u_int bits;
4624 {
4625 char *p1 = p1v;
4626 char *p2 = p2v;
4627 u_int8_t mask;
4628
4629 /* XXX: This could be considerably faster if we compare a word
4630 * at a time, but it is complicated on LSB Endian machines */
4631
4632 /* Handle null pointers */
4633 if (p1 == NULL || p2 == NULL)
4634 return (p1 == p2);
4635
4636 while (bits >= 8) {
4637 if (*p1++ != *p2++)
4638 return 0;
4639 bits -= 8;
4640 }
4641
4642 if (bits > 0) {
4643 mask = ~((1<<(8-bits))-1);
4644 if ((*p1 & mask) != (*p2 & mask))
4645 return 0;
4646 }
4647 return 1; /* Match! */
4648 }
4649
4650 /*
4651 * time handler.
4652 * scanning SPD and SAD to check status for each entries,
4653 * and do to remove or to expire.
4654 * XXX2038: year 2038 problem may remain.
4655 */
4656 void
4657 key_timehandler(void *arg)
4658 {
4659 u_int dir;
4660 int s;
4661 struct timeval tv;
4662
4663 getmicrotime(&tv);
4664
4665 s = splsoftnet(); /*called from softclock()*/
4666 mutex_enter(softnet_lock);
4667
4668 /* SPD */
4669 {
4670 struct secpolicy *sp, *nextsp;
4671
4672 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4673 for (sp = LIST_FIRST(&sptree[dir]);
4674 sp != NULL;
4675 sp = nextsp) {
4676 nextsp = LIST_NEXT(sp, chain);
4677
4678 if (sp->state == IPSEC_SPSTATE_DEAD) {
4679 key_sp_unlink(sp); /*XXX*/
4680 sp = NULL;
4681 continue;
4682 }
4683
4684 if (sp->lifetime == 0 && sp->validtime == 0)
4685 continue;
4686
4687 /* the deletion will occur next time */
4688 if ((sp->lifetime &&
4689 tv.tv_sec - sp->created > sp->lifetime) ||
4690 (sp->validtime &&
4691 tv.tv_sec - sp->lastused > sp->validtime)) {
4692 key_sp_dead(sp);
4693 key_spdexpire(sp);
4694 continue;
4695 }
4696 }
4697 }
4698
4699 /* invalidate all cached SPD pointers on pcb */
4700 ipsec_invalpcbcacheall();
4701 }
4702
4703 /* SAD */
4704 {
4705 struct secashead *sah, *nextsah;
4706 struct secasvar *sav, *nextsav;
4707 int havesav;
4708 u_int stateidx, state;
4709
4710 for (sah = LIST_FIRST(&sahtree);
4711 sah != NULL;
4712 sah = nextsah) {
4713
4714 nextsah = LIST_NEXT(sah, chain);
4715
4716 /* if sah has been dead, then delete it and process next sah. */
4717 if (sah->state == SADB_SASTATE_DEAD) {
4718 key_delsah(sah);
4719 continue;
4720 }
4721
4722 /* if LARVAL entry doesn't become MATURE, delete it. */
4723 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4724 sav != NULL;
4725 sav = nextsav) {
4726
4727 nextsav = LIST_NEXT(sav, chain);
4728
4729 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4730 key_freesav(sav);
4731 }
4732 }
4733
4734 /*
4735 * check MATURE entry to start to send expire message
4736 * whether or not.
4737 */
4738 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4739 sav != NULL;
4740 sav = nextsav) {
4741
4742 nextsav = LIST_NEXT(sav, chain);
4743
4744 /* we don't need to check. */
4745 if (sav->lft_s == NULL)
4746 continue;
4747
4748 /* sanity check */
4749 if (sav->lft_c == NULL) {
4750 ipseclog((LOG_DEBUG, "key_timehandler: "
4751 "There is no CURRENT time, why?\n"));
4752 continue;
4753 }
4754
4755 /* check SOFT lifetime */
4756 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4757 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4758 /*
4759 * check the SA if it has been used.
4760 * when it hasn't been used, delete it.
4761 * i don't think such SA will be used.
4762 */
4763 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4764 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4765 key_freesav(sav);
4766 sav = NULL;
4767 } else {
4768 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4769 /*
4770 * XXX If we keep to send expire
4771 * message in the status of
4772 * DYING. Do remove below code.
4773 */
4774 key_expire(sav);
4775 }
4776 }
4777
4778 /* check SOFT lifetime by bytes */
4779 /*
4780 * XXX I don't know the way to delete this SA
4781 * when new SA is installed. Caution when it's
4782 * installed too big lifetime by time.
4783 */
4784 else if (sav->lft_s->sadb_lifetime_bytes != 0
4785 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4786
4787 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4788 /*
4789 * XXX If we keep to send expire
4790 * message in the status of
4791 * DYING. Do remove below code.
4792 */
4793 key_expire(sav);
4794 }
4795 }
4796
4797 /* check DYING entry to change status to DEAD. */
4798 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4799 sav != NULL;
4800 sav = nextsav) {
4801
4802 nextsav = LIST_NEXT(sav, chain);
4803
4804 /* we don't need to check. */
4805 if (sav->lft_h == NULL)
4806 continue;
4807
4808 /* sanity check */
4809 if (sav->lft_c == NULL) {
4810 ipseclog((LOG_DEBUG,"key_timehandler: "
4811 "There is no CURRENT time, why?\n"));
4812 continue;
4813 }
4814
4815 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4816 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4817 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4818 key_freesav(sav);
4819 sav = NULL;
4820 }
4821 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4822 else if (sav->lft_s != NULL
4823 && sav->lft_s->sadb_lifetime_addtime != 0
4824 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4825 /*
4826 * XXX: should be checked to be
4827 * installed the valid SA.
4828 */
4829
4830 /*
4831 * If there is no SA then sending
4832 * expire message.
4833 */
4834 key_expire(sav);
4835 }
4836 #endif
4837 /* check HARD lifetime by bytes */
4838 else if (sav->lft_h->sadb_lifetime_bytes != 0
4839 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4840 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4841 key_freesav(sav);
4842 sav = NULL;
4843 }
4844 }
4845
4846 /* delete entry in DEAD */
4847 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4848 sav != NULL;
4849 sav = nextsav) {
4850
4851 nextsav = LIST_NEXT(sav, chain);
4852
4853 /* sanity check */
4854 if (sav->state != SADB_SASTATE_DEAD) {
4855 ipseclog((LOG_DEBUG, "key_timehandler: "
4856 "invalid sav->state "
4857 "(queue: %u SA: %u): "
4858 "kill it anyway\n",
4859 SADB_SASTATE_DEAD, sav->state));
4860 }
4861
4862 /*
4863 * do not call key_freesav() here.
4864 * sav should already be freed, and sav->refcnt
4865 * shows other references to sav
4866 * (such as from SPD).
4867 */
4868 }
4869
4870 /* move SA header to DEAD if there's no SA */
4871 havesav = 0;
4872 for (stateidx = 0;
4873 stateidx < _ARRAYLEN(saorder_state_alive);
4874 stateidx++) {
4875 state = saorder_state_alive[stateidx];
4876 if (LIST_FIRST(&sah->savtree[state])) {
4877 havesav++;
4878 break;
4879 }
4880 }
4881 if (havesav == 0) {
4882 ipseclog((LOG_DEBUG, "key_timehandler: "
4883 "move sah %p to DEAD (no more SAs)\n", sah));
4884 sah->state = SADB_SASTATE_DEAD;
4885 }
4886 }
4887 }
4888
4889 #ifndef IPSEC_NONBLOCK_ACQUIRE
4890 /* ACQ tree */
4891 {
4892 struct secacq *acq, *nextacq;
4893
4894 for (acq = LIST_FIRST(&acqtree);
4895 acq != NULL;
4896 acq = nextacq) {
4897
4898 nextacq = LIST_NEXT(acq, chain);
4899
4900 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4901 __LIST_CHAINED(acq)) {
4902 LIST_REMOVE(acq, chain);
4903 KFREE(acq);
4904 }
4905 }
4906 }
4907 #endif
4908
4909 /* SP ACQ tree */
4910 {
4911 struct secspacq *acq, *nextacq;
4912
4913 for (acq = LIST_FIRST(&spacqtree);
4914 acq != NULL;
4915 acq = nextacq) {
4916
4917 nextacq = LIST_NEXT(acq, chain);
4918
4919 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4920 __LIST_CHAINED(acq)) {
4921 LIST_REMOVE(acq, chain);
4922 KFREE(acq);
4923 }
4924 }
4925 }
4926
4927 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
4928
4929 mutex_exit(softnet_lock);
4930 splx(s);
4931 return;
4932 }
4933
4934 /*
4935 * to initialize a seed for random()
4936 */
4937 static u_long
4938 key_random()
4939 {
4940 u_long value;
4941
4942 key_randomfill(&value, sizeof(value));
4943 return value;
4944 }
4945
4946 void
4947 key_randomfill(p, l)
4948 void *p;
4949 size_t l;
4950 {
4951 #if NRND == 0
4952 static int warn = 1;
4953 #endif
4954
4955 arc4randbytes(p, l);
4956
4957 #if NRND == 0
4958 /* the arc4 generator is keyed with junk. */
4959 if (warn) {
4960 printf("WARNING: pseudo-random number generator "
4961 "used for IPsec processing\n");
4962 warn = 0;
4963 }
4964 #endif
4965 }
4966
4967 /*
4968 * map SADB_SATYPE_* to IPPROTO_*.
4969 * if satype == SADB_SATYPE then satype is mapped to ~0.
4970 * OUT:
4971 * 0: invalid satype.
4972 */
4973 static u_int16_t
4974 key_satype2proto(satype)
4975 u_int8_t satype;
4976 {
4977 switch (satype) {
4978 case SADB_SATYPE_UNSPEC:
4979 return IPSEC_PROTO_ANY;
4980 case SADB_SATYPE_AH:
4981 return IPPROTO_AH;
4982 case SADB_SATYPE_ESP:
4983 return IPPROTO_ESP;
4984 case SADB_X_SATYPE_IPCOMP:
4985 return IPPROTO_IPCOMP;
4986 case SADB_X_SATYPE_TCPSIGNATURE:
4987 return IPPROTO_TCP;
4988 default:
4989 return 0;
4990 }
4991 /* NOTREACHED */
4992 }
4993
4994 /*
4995 * map IPPROTO_* to SADB_SATYPE_*
4996 * OUT:
4997 * 0: invalid protocol type.
4998 */
4999 static u_int8_t
5000 key_proto2satype(proto)
5001 u_int16_t proto;
5002 {
5003 switch (proto) {
5004 case IPPROTO_AH:
5005 return SADB_SATYPE_AH;
5006 case IPPROTO_ESP:
5007 return SADB_SATYPE_ESP;
5008 case IPPROTO_IPCOMP:
5009 return SADB_X_SATYPE_IPCOMP;
5010 case IPPROTO_TCP:
5011 return SADB_X_SATYPE_TCPSIGNATURE;
5012 default:
5013 return 0;
5014 }
5015 /* NOTREACHED */
5016 }
5017
5018 /* %%% PF_KEY */
5019 /*
5020 * SADB_GETSPI processing is to receive
5021 * <base, (SA2), src address, dst address, (SPI range)>
5022 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5023 * tree with the status of LARVAL, and send
5024 * <base, SA(*), address(SD)>
5025 * to the IKMPd.
5026 *
5027 * IN: mhp: pointer to the pointer to each header.
5028 * OUT: NULL if fail.
5029 * other if success, return pointer to the message to send.
5030 */
5031 static int
5032 key_getspi(so, m, mhp)
5033 struct socket *so;
5034 struct mbuf *m;
5035 const struct sadb_msghdr *mhp;
5036 {
5037 struct sadb_address *src0, *dst0;
5038 struct secasindex saidx;
5039 struct secashead *newsah;
5040 struct secasvar *newsav;
5041 u_int8_t proto;
5042 u_int32_t spi;
5043 u_int8_t mode;
5044 u_int16_t reqid;
5045 int error;
5046
5047 /* sanity check */
5048 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5049 panic("key_getspi: NULL pointer is passed.");
5050
5051 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5052 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5053 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
5054 return key_senderror(so, m, EINVAL);
5055 }
5056 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5057 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5058 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
5059 return key_senderror(so, m, EINVAL);
5060 }
5061 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5062 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5063 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5064 } else {
5065 mode = IPSEC_MODE_ANY;
5066 reqid = 0;
5067 }
5068
5069 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5070 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5071
5072 /* map satype to proto */
5073 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5074 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
5075 return key_senderror(so, m, EINVAL);
5076 }
5077
5078 /* sa_len safety check */
5079 if (KEY_CHECKSALEN(src0 + 1) != 0)
5080 return key_senderror(so, m, EINVAL);
5081 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5082 return key_senderror(so, m, EINVAL);
5083
5084 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5085
5086 /* If not using NAT-T, make sure port numbers are set to zero. */
5087 #ifndef IPSEC_NAT_T
5088 KEY_PORTTOSADDR(&saidx.src, 0);
5089 KEY_PORTTOSADDR(&saidx.dst, 0);
5090 #endif
5091
5092 /* SPI allocation */
5093 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
5094 &saidx);
5095 if (spi == 0)
5096 return key_senderror(so, m, EINVAL);
5097
5098 /* get a SA index */
5099 if ((newsah = key_getsah(&saidx)) == NULL) {
5100 /* create a new SA index */
5101 if ((newsah = key_newsah(&saidx)) == NULL) {
5102 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
5103 return key_senderror(so, m, ENOBUFS);
5104 }
5105 }
5106
5107 /* get a new SA */
5108 /* XXX rewrite */
5109 newsav = key_newsav(m, mhp, newsah, &error);
5110 if (newsav == NULL) {
5111 /* XXX don't free new SA index allocated in above. */
5112 return key_senderror(so, m, error);
5113 }
5114
5115 /* set spi */
5116 key_setspi(newsav, htonl(spi));
5117
5118 #ifndef IPSEC_NONBLOCK_ACQUIRE
5119 /* delete the entry in acqtree */
5120 if (mhp->msg->sadb_msg_seq != 0) {
5121 struct secacq *acq;
5122 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
5123 /* reset counter in order to deletion by timehandler. */
5124 acq->created = time_second;
5125 acq->count = 0;
5126 }
5127 }
5128 #endif
5129
5130 {
5131 struct mbuf *n, *nn;
5132 struct sadb_sa *m_sa;
5133 struct sadb_msg *newmsg;
5134 int off, len;
5135
5136 /* create new sadb_msg to reply. */
5137 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5138 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5139 if (len > MCLBYTES)
5140 return key_senderror(so, m, ENOBUFS);
5141
5142 MGETHDR(n, M_DONTWAIT, MT_DATA);
5143 if (len > MHLEN) {
5144 MCLGET(n, M_DONTWAIT);
5145 if ((n->m_flags & M_EXT) == 0) {
5146 m_freem(n);
5147 n = NULL;
5148 }
5149 }
5150 if (!n)
5151 return key_senderror(so, m, ENOBUFS);
5152
5153 n->m_len = len;
5154 n->m_next = NULL;
5155 off = 0;
5156
5157 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
5158 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5159
5160 m_sa = (struct sadb_sa *)(mtod(n, char *) + off);
5161 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5162 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5163 m_sa->sadb_sa_spi = htonl(spi);
5164 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5165
5166 #ifdef DIAGNOSTIC
5167 if (off != len)
5168 panic("length inconsistency in key_getspi");
5169 #endif
5170
5171 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
5172 SADB_EXT_ADDRESS_DST);
5173 if (!n->m_next) {
5174 m_freem(n);
5175 return key_senderror(so, m, ENOBUFS);
5176 }
5177
5178 if (n->m_len < sizeof(struct sadb_msg)) {
5179 n = m_pullup(n, sizeof(struct sadb_msg));
5180 if (n == NULL)
5181 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5182 }
5183
5184 n->m_pkthdr.len = 0;
5185 for (nn = n; nn; nn = nn->m_next)
5186 n->m_pkthdr.len += nn->m_len;
5187
5188 newmsg = mtod(n, struct sadb_msg *);
5189 newmsg->sadb_msg_seq = newsav->seq;
5190 newmsg->sadb_msg_errno = 0;
5191 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5192
5193 m_freem(m);
5194 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5195 }
5196 }
5197
5198 /*
5199 * allocating new SPI
5200 * called by key_getspi().
5201 * OUT:
5202 * 0: failure.
5203 * others: success.
5204 */
5205 static u_int32_t
5206 key_do_getnewspi(spirange, saidx)
5207 struct sadb_spirange *spirange;
5208 struct secasindex *saidx;
5209 {
5210 u_int32_t newspi;
5211 u_int32_t xmin, xmax;
5212 int count = key_spi_trycnt;
5213
5214 /* set spi range to allocate */
5215 if (spirange != NULL) {
5216 xmin = spirange->sadb_spirange_min;
5217 xmax = spirange->sadb_spirange_max;
5218 } else {
5219 xmin = key_spi_minval;
5220 xmax = key_spi_maxval;
5221 }
5222 /* IPCOMP needs 2-byte SPI */
5223 if (saidx->proto == IPPROTO_IPCOMP) {
5224 u_int32_t t;
5225 if (xmin >= 0x10000)
5226 xmin = 0xffff;
5227 if (xmax >= 0x10000)
5228 xmax = 0xffff;
5229 if (xmin > xmax) {
5230 t = xmin; xmin = xmax; xmax = t;
5231 }
5232 }
5233
5234 if (xmin == xmax) {
5235 if (key_checkspidup(saidx, htonl(xmin)) != NULL) {
5236 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", xmin));
5237 return 0;
5238 }
5239
5240 count--; /* taking one cost. */
5241 newspi = xmin;
5242
5243 } else {
5244
5245 /* init SPI */
5246 newspi = 0;
5247
5248 /* when requesting to allocate spi ranged */
5249 while (count--) {
5250 /* generate pseudo-random SPI value ranged. */
5251 newspi = xmin + (key_random() % (xmax - xmin + 1));
5252
5253 if (key_checkspidup(saidx, htonl(newspi)) == NULL)
5254 break;
5255 }
5256
5257 if (count == 0 || newspi == 0) {
5258 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
5259 return 0;
5260 }
5261 }
5262
5263 /* statistics */
5264 keystat.getspi_count =
5265 (keystat.getspi_count + key_spi_trycnt - count) / 2;
5266
5267 return newspi;
5268 }
5269
5270 /*
5271 * SADB_UPDATE processing
5272 * receive
5273 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5274 * key(AE), (identity(SD),) (sensitivity)>
5275 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5276 * and send
5277 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5278 * (identity(SD),) (sensitivity)>
5279 * to the ikmpd.
5280 *
5281 * m will always be freed.
5282 */
5283 static int
5284 key_update(so, m, mhp)
5285 struct socket *so;
5286 struct mbuf *m;
5287 const struct sadb_msghdr *mhp;
5288 {
5289 struct sadb_sa *sa0;
5290 struct sadb_address *src0, *dst0;
5291 struct secasindex saidx;
5292 struct secashead *sah;
5293 struct secasvar *sav;
5294 u_int16_t proto;
5295 u_int8_t mode;
5296 u_int16_t reqid;
5297 int error;
5298
5299 /* sanity check */
5300 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5301 panic("key_update: NULL pointer is passed.");
5302
5303 /* map satype to proto */
5304 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5305 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
5306 return key_senderror(so, m, EINVAL);
5307 }
5308
5309 if (mhp->ext[SADB_EXT_SA] == NULL ||
5310 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5311 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5312 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5313 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5314 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5315 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5316 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5317 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5318 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5319 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5320 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5321 return key_senderror(so, m, EINVAL);
5322 }
5323 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5324 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5325 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5326 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5327 return key_senderror(so, m, EINVAL);
5328 }
5329 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5330 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5331 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5332 } else {
5333 mode = IPSEC_MODE_ANY;
5334 reqid = 0;
5335 }
5336 /* XXX boundary checking for other extensions */
5337
5338 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5339 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5340 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5341
5342 /* sa_len safety check */
5343 if (KEY_CHECKSALEN(src0 + 1) != 0)
5344 return key_senderror(so, m, EINVAL);
5345 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5346 return key_senderror(so, m, EINVAL);
5347
5348 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5349
5350 /* If not using NAT-T, make sure if port number is zero. */
5351 #ifndef IPSEC_NAT_T
5352 KEY_PORTTOSADDR(&saidx.src, 0);
5353 KEY_PORTTOSADDR(&saidx.dst, 0);
5354 #endif
5355
5356 /* get a SA header */
5357 if ((sah = key_getsah(&saidx)) == NULL) {
5358 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
5359 return key_senderror(so, m, ENOENT);
5360 }
5361
5362 /* set spidx if there */
5363 /* XXX rewrite */
5364 error = key_setident(sah, m, mhp);
5365 if (error)
5366 return key_senderror(so, m, error);
5367
5368 /* find a SA with sequence number. */
5369 #ifdef IPSEC_DOSEQCHECK
5370 if (mhp->msg->sadb_msg_seq != 0 &&
5371 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5372 ipseclog((LOG_DEBUG,
5373 "key_update: no larval SA with sequence %u exists.\n",
5374 mhp->msg->sadb_msg_seq));
5375 return key_senderror(so, m, ENOENT);
5376 }
5377 #else
5378 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5379 ipseclog((LOG_DEBUG,
5380 "key_update: no such a SA found (spi:%u)\n",
5381 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5382 return key_senderror(so, m, EINVAL);
5383 }
5384 #endif
5385
5386 /* validity check */
5387 if (sav->sah->saidx.proto != proto) {
5388 ipseclog((LOG_DEBUG,
5389 "key_update: protocol mismatched (DB=%u param=%u)\n",
5390 sav->sah->saidx.proto, proto));
5391 return key_senderror(so, m, EINVAL);
5392 }
5393 #ifdef IPSEC_DOSEQCHECK
5394 if (sav->spi != sa0->sadb_sa_spi) {
5395 ipseclog((LOG_DEBUG,
5396 "key_update: SPI mismatched (DB:%u param:%u)\n",
5397 (u_int32_t)ntohl(sav->spi),
5398 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5399 return key_senderror(so, m, EINVAL);
5400 }
5401 #endif
5402 if (sav->pid != mhp->msg->sadb_msg_pid) {
5403 ipseclog((LOG_DEBUG,
5404 "key_update: pid mismatched (DB:%u param:%u)\n",
5405 sav->pid, mhp->msg->sadb_msg_pid));
5406 return key_senderror(so, m, EINVAL);
5407 }
5408
5409 /* copy sav values */
5410 error = key_setsaval(sav, m, mhp);
5411 if (error) {
5412 key_freesav(sav);
5413 return key_senderror(so, m, error);
5414 }
5415
5416 /* check SA values to be mature. */
5417 if ((error = key_mature(sav)) != 0) {
5418 key_freesav(sav);
5419 return key_senderror(so, m, error);
5420 }
5421
5422 #ifdef IPSEC_NAT_T
5423 /*
5424 * Handle NAT-T info if present
5425 */
5426 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL)
5427 printf("update: NAT-T OA present\n");
5428
5429 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5430 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5431 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5432 struct sadb_x_nat_t_type *type;
5433 struct sadb_x_nat_t_port *sport;
5434 struct sadb_x_nat_t_port *dport;
5435 struct sadb_address *addr;
5436 struct sadb_x_nat_t_frag *frag;
5437
5438 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5439 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5440 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5441 ipseclog((LOG_DEBUG, "key_update: "
5442 "invalid message.\n"));
5443 return key_senderror(so, m, EINVAL);
5444 }
5445
5446 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
5447 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
5448 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5449 return key_senderror(so, m, EINVAL);
5450 }
5451
5452 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
5453 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
5454 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5455 return key_senderror(so, m, EINVAL);
5456 }
5457
5458 type = (struct sadb_x_nat_t_type *)
5459 mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5460 sport = (struct sadb_x_nat_t_port *)
5461 mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5462 dport = (struct sadb_x_nat_t_port *)
5463 mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5464 addr = (struct sadb_address *)
5465 mhp->ext[SADB_X_EXT_NAT_T_OA];
5466 frag = (struct sadb_x_nat_t_frag *)
5467 mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5468
5469 if (type)
5470 sav->natt_type = type->sadb_x_nat_t_type_type;
5471 if (sport)
5472 KEY_PORTTOSADDR(&sav->sah->saidx.src,
5473 sport->sadb_x_nat_t_port_port);
5474 if (dport)
5475 KEY_PORTTOSADDR(&sav->sah->saidx.dst,
5476 dport->sadb_x_nat_t_port_port);
5477 if (frag)
5478 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5479 else
5480 sav->esp_frag = IP_MAXPACKET;
5481 }
5482 #endif /* IPSEC_NAT_T */
5483
5484 {
5485 struct mbuf *n;
5486
5487 /* set msg buf from mhp */
5488 n = key_getmsgbuf_x1(m, mhp);
5489 if (n == NULL) {
5490 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5491 return key_senderror(so, m, ENOBUFS);
5492 }
5493
5494 m_freem(m);
5495 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5496 }
5497 }
5498
5499 /*
5500 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5501 * only called by key_update().
5502 * OUT:
5503 * NULL : not found
5504 * others : found, pointer to a SA.
5505 */
5506 #ifdef IPSEC_DOSEQCHECK
5507 static struct secasvar *
5508 key_getsavbyseq(sah, seq)
5509 struct secashead *sah;
5510 u_int32_t seq;
5511 {
5512 struct secasvar *sav;
5513 u_int state;
5514
5515 state = SADB_SASTATE_LARVAL;
5516
5517 /* search SAD with sequence number ? */
5518 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5519
5520 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5521
5522 if (sav->seq == seq)
5523 }
5524
5525 return NULL;
5526 }
5527 #endif
5528
5529 /*
5530 * SADB_ADD processing
5531 * add an entry to SA database, when received
5532 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5533 * key(AE), (identity(SD),) (sensitivity)>
5534 * from the ikmpd,
5535 * and send
5536 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5537 * (identity(SD),) (sensitivity)>
5538 * to the ikmpd.
5539 *
5540 * IGNORE identity and sensitivity messages.
5541 *
5542 * m will always be freed.
5543 */
5544 static int
5545 key_add(so, m, mhp)
5546 struct socket *so;
5547 struct mbuf *m;
5548 const struct sadb_msghdr *mhp;
5549 {
5550 struct sadb_sa *sa0;
5551 struct sadb_address *src0, *dst0;
5552 struct secasindex saidx;
5553 struct secashead *newsah;
5554 struct secasvar *newsav;
5555 u_int16_t proto;
5556 u_int8_t mode;
5557 u_int16_t reqid;
5558 int error;
5559
5560 /* sanity check */
5561 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5562 panic("key_add: NULL pointer is passed.");
5563
5564 /* map satype to proto */
5565 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5566 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5567 return key_senderror(so, m, EINVAL);
5568 }
5569
5570 if (mhp->ext[SADB_EXT_SA] == NULL ||
5571 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5572 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5573 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5574 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5575 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5576 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5577 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5578 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5579 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5580 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5581 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5582 return key_senderror(so, m, EINVAL);
5583 }
5584 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5585 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5586 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5587 /* XXX need more */
5588 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5589 return key_senderror(so, m, EINVAL);
5590 }
5591 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5592 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5593 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5594 } else {
5595 mode = IPSEC_MODE_ANY;
5596 reqid = 0;
5597 }
5598
5599 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5600 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5601 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5602
5603 /* sa_len safety check */
5604 if (KEY_CHECKSALEN(src0 + 1) != 0)
5605 return key_senderror(so, m, EINVAL);
5606 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5607 return key_senderror(so, m, EINVAL);
5608
5609 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5610
5611 /* If not using NAT-T, make sure if port number is zero. */
5612 #ifndef IPSEC_NAT_T
5613 KEY_PORTTOSADDR(&saidx.src, 0);
5614 KEY_PORTTOSADDR(&saidx.dst, 0);
5615 #endif
5616
5617 /* get a SA header */
5618 if ((newsah = key_getsah(&saidx)) == NULL) {
5619 /* create a new SA header */
5620 if ((newsah = key_newsah(&saidx)) == NULL) {
5621 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5622 return key_senderror(so, m, ENOBUFS);
5623 }
5624 }
5625
5626 /* set spidx if there */
5627 /* XXX rewrite */
5628 error = key_setident(newsah, m, mhp);
5629 if (error) {
5630 return key_senderror(so, m, error);
5631 }
5632
5633 /* create new SA entry. */
5634 /* We can create new SA only if SPI is differenct. */
5635 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5636 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5637 return key_senderror(so, m, EEXIST);
5638 }
5639 newsav = key_newsav(m, mhp, newsah, &error);
5640 if (newsav == NULL) {
5641 return key_senderror(so, m, error);
5642 }
5643
5644 /* check SA values to be mature. */
5645 if ((error = key_mature(newsav)) != 0) {
5646 key_freesav(newsav);
5647 return key_senderror(so, m, error);
5648 }
5649
5650 #ifdef IPSEC_NAT_T
5651 /*
5652 * Handle NAT-T info if present
5653 */
5654 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL)
5655 printf("add: NAT-T OA present\n");
5656
5657 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5658 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5659 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5660 struct sadb_x_nat_t_type *type;
5661 struct sadb_x_nat_t_port *sport;
5662 struct sadb_x_nat_t_port *dport;
5663 struct sadb_address *addr;
5664 struct sadb_x_nat_t_frag *frag;
5665
5666 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5667 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5668 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5669 ipseclog((LOG_DEBUG, "key_add: "
5670 "invalid message.\n"));
5671 return key_senderror(so, m, EINVAL);
5672 }
5673
5674 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
5675 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
5676 ipseclog((LOG_DEBUG, "key_add: invalid message\n"));
5677 return key_senderror(so, m, EINVAL);
5678 }
5679
5680 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
5681 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
5682 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5683 return key_senderror(so, m, EINVAL);
5684 }
5685
5686 type = (struct sadb_x_nat_t_type *)
5687 mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5688 sport = (struct sadb_x_nat_t_port *)
5689 mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5690 dport = (struct sadb_x_nat_t_port *)
5691 mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5692 addr = (struct sadb_address *)
5693 mhp->ext[SADB_X_EXT_NAT_T_OA];
5694 frag = (struct sadb_x_nat_t_frag *)
5695 mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5696
5697 if (type)
5698 newsav->natt_type = type->sadb_x_nat_t_type_type;
5699 if (sport)
5700 KEY_PORTTOSADDR(&newsav->sah->saidx.src,
5701 sport->sadb_x_nat_t_port_port);
5702 if (dport)
5703 KEY_PORTTOSADDR(&newsav->sah->saidx.dst,
5704 dport->sadb_x_nat_t_port_port);
5705 if (frag)
5706 newsav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5707 else
5708 newsav->esp_frag = IP_MAXPACKET;
5709 }
5710 #endif /* IPSEC_NAT_T */
5711
5712 /*
5713 * don't call key_freesav() here, as we would like to keep the SA
5714 * in the database on success.
5715 */
5716
5717 {
5718 struct mbuf *n;
5719
5720 /* set msg buf from mhp */
5721 n = key_getmsgbuf_x1(m, mhp);
5722 if (n == NULL) {
5723 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5724 return key_senderror(so, m, ENOBUFS);
5725 }
5726
5727 m_freem(m);
5728 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5729 }
5730 }
5731
5732 /* m is retained */
5733 static int
5734 key_setident(sah, m, mhp)
5735 struct secashead *sah;
5736 struct mbuf *m;
5737 const struct sadb_msghdr *mhp;
5738 {
5739 const struct sadb_ident *idsrc, *iddst;
5740 int idsrclen, iddstlen;
5741
5742 /* sanity check */
5743 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5744 panic("key_setident: NULL pointer is passed.");
5745
5746 /* don't make buffer if not there */
5747 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5748 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5749 sah->idents = NULL;
5750 sah->identd = NULL;
5751 return 0;
5752 }
5753
5754 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5755 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5756 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5757 return EINVAL;
5758 }
5759
5760 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5761 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5762 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5763 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5764
5765 /* validity check */
5766 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5767 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5768 return EINVAL;
5769 }
5770
5771 switch (idsrc->sadb_ident_type) {
5772 case SADB_IDENTTYPE_PREFIX:
5773 case SADB_IDENTTYPE_FQDN:
5774 case SADB_IDENTTYPE_USERFQDN:
5775 default:
5776 /* XXX do nothing */
5777 sah->idents = NULL;
5778 sah->identd = NULL;
5779 return 0;
5780 }
5781
5782 /* make structure */
5783 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5784 if (sah->idents == NULL) {
5785 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5786 return ENOBUFS;
5787 }
5788 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5789 if (sah->identd == NULL) {
5790 KFREE(sah->idents);
5791 sah->idents = NULL;
5792 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5793 return ENOBUFS;
5794 }
5795 bcopy(idsrc, sah->idents, idsrclen);
5796 bcopy(iddst, sah->identd, iddstlen);
5797
5798 return 0;
5799 }
5800
5801 /*
5802 * m will not be freed on return.
5803 * it is caller's responsibility to free the result.
5804 */
5805 static struct mbuf *
5806 key_getmsgbuf_x1(m, mhp)
5807 struct mbuf *m;
5808 const struct sadb_msghdr *mhp;
5809 {
5810 struct mbuf *n;
5811
5812 /* sanity check */
5813 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5814 panic("key_getmsgbuf_x1: NULL pointer is passed.");
5815
5816 /* create new sadb_msg to reply. */
5817 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5818 SADB_EXT_SA, SADB_X_EXT_SA2,
5819 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5820 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5821 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5822 if (!n)
5823 return NULL;
5824
5825 if (n->m_len < sizeof(struct sadb_msg)) {
5826 n = m_pullup(n, sizeof(struct sadb_msg));
5827 if (n == NULL)
5828 return NULL;
5829 }
5830 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5831 mtod(n, struct sadb_msg *)->sadb_msg_len =
5832 PFKEY_UNIT64(n->m_pkthdr.len);
5833
5834 return n;
5835 }
5836
5837 static int key_delete_all __P((struct socket *, struct mbuf *,
5838 const struct sadb_msghdr *, u_int16_t));
5839
5840 /*
5841 * SADB_DELETE processing
5842 * receive
5843 * <base, SA(*), address(SD)>
5844 * from the ikmpd, and set SADB_SASTATE_DEAD,
5845 * and send,
5846 * <base, SA(*), address(SD)>
5847 * to the ikmpd.
5848 *
5849 * m will always be freed.
5850 */
5851 static int
5852 key_delete(so, m, mhp)
5853 struct socket *so;
5854 struct mbuf *m;
5855 const struct sadb_msghdr *mhp;
5856 {
5857 struct sadb_sa *sa0;
5858 struct sadb_address *src0, *dst0;
5859 struct secasindex saidx;
5860 struct secashead *sah;
5861 struct secasvar *sav = NULL;
5862 u_int16_t proto;
5863
5864 /* sanity check */
5865 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5866 panic("key_delete: NULL pointer is passed.");
5867
5868 /* map satype to proto */
5869 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5870 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5871 return key_senderror(so, m, EINVAL);
5872 }
5873
5874 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5875 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5876 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5877 return key_senderror(so, m, EINVAL);
5878 }
5879
5880 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5881 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5882 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5883 return key_senderror(so, m, EINVAL);
5884 }
5885
5886 if (mhp->ext[SADB_EXT_SA] == NULL) {
5887 /*
5888 * Caller wants us to delete all non-LARVAL SAs
5889 * that match the src/dst. This is used during
5890 * IKE INITIAL-CONTACT.
5891 */
5892 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5893 return key_delete_all(so, m, mhp, proto);
5894 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5895 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5896 return key_senderror(so, m, EINVAL);
5897 }
5898
5899 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5900 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5901 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5902
5903 /* sa_len safety check */
5904 if (KEY_CHECKSALEN(src0 + 1) != 0)
5905 return key_senderror(so, m, EINVAL);
5906 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5907 return key_senderror(so, m, EINVAL);
5908
5909 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5910
5911 /* If not using NAT-T, make sure if port number is zero. */
5912 #ifndef IPSEC_NAT_T
5913 KEY_PORTTOSADDR(&saidx.src, 0);
5914 KEY_PORTTOSADDR(&saidx.dst, 0);
5915 #endif
5916
5917 /* get a SA header */
5918 LIST_FOREACH(sah, &sahtree, chain) {
5919 if (sah->state == SADB_SASTATE_DEAD)
5920 continue;
5921 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
5922 continue;
5923
5924 /* get a SA with SPI. */
5925 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5926 if (sav)
5927 break;
5928 }
5929 if (sah == NULL) {
5930 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5931 return key_senderror(so, m, ENOENT);
5932 }
5933
5934 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5935 key_freesav(sav);
5936 sav = NULL;
5937
5938 {
5939 struct mbuf *n;
5940 struct sadb_msg *newmsg;
5941
5942 /* create new sadb_msg to reply. */
5943 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5944 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5945 if (!n)
5946 return key_senderror(so, m, ENOBUFS);
5947
5948 if (n->m_len < sizeof(struct sadb_msg)) {
5949 n = m_pullup(n, sizeof(struct sadb_msg));
5950 if (n == NULL)
5951 return key_senderror(so, m, ENOBUFS);
5952 }
5953 newmsg = mtod(n, struct sadb_msg *);
5954 newmsg->sadb_msg_errno = 0;
5955 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5956
5957 m_freem(m);
5958 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5959 }
5960 }
5961
5962 /*
5963 * delete all SAs for src/dst. Called from key_delete().
5964 */
5965 static int
5966 key_delete_all(so, m, mhp, proto)
5967 struct socket *so;
5968 struct mbuf *m;
5969 const struct sadb_msghdr *mhp;
5970 u_int16_t proto;
5971 {
5972 struct sadb_address *src0, *dst0;
5973 struct secasindex saidx;
5974 struct secashead *sah;
5975 struct secasvar *sav, *nextsav;
5976 u_int stateidx, state;
5977
5978 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5979 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5980
5981 /* sa_len safety check */
5982 if (KEY_CHECKSALEN(src0 + 1) != 0)
5983 return key_senderror(so, m, EINVAL);
5984 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5985 return key_senderror(so, m, EINVAL);
5986
5987 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5988
5989 /* If not using NAT-T, make sure if port number is zero. */
5990 #ifndef IPSEC_NAT_T
5991 KEY_PORTTOSADDR(&saidx.src, 0);
5992 KEY_PORTTOSADDR(&saidx.dst, 0);
5993 #endif
5994
5995 LIST_FOREACH(sah, &sahtree, chain) {
5996 if (sah->state == SADB_SASTATE_DEAD)
5997 continue;
5998 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
5999 continue;
6000
6001 /* Delete all non-LARVAL SAs. */
6002 for (stateidx = 0;
6003 stateidx < _ARRAYLEN(saorder_state_alive);
6004 stateidx++) {
6005 state = saorder_state_alive[stateidx];
6006 if (state == SADB_SASTATE_LARVAL)
6007 continue;
6008 for (sav = LIST_FIRST(&sah->savtree[state]);
6009 sav != NULL; sav = nextsav) {
6010 nextsav = LIST_NEXT(sav, chain);
6011 /* sanity check */
6012 if (sav->state != state) {
6013 ipseclog((LOG_DEBUG, "key_delete_all: "
6014 "invalid sav->state "
6015 "(queue: %u SA: %u)\n",
6016 state, sav->state));
6017 continue;
6018 }
6019
6020 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6021 key_freesav(sav);
6022 }
6023 }
6024 }
6025 {
6026 struct mbuf *n;
6027 struct sadb_msg *newmsg;
6028
6029 /* create new sadb_msg to reply. */
6030 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
6031 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6032 if (!n)
6033 return key_senderror(so, m, ENOBUFS);
6034
6035 if (n->m_len < sizeof(struct sadb_msg)) {
6036 n = m_pullup(n, sizeof(struct sadb_msg));
6037 if (n == NULL)
6038 return key_senderror(so, m, ENOBUFS);
6039 }
6040 newmsg = mtod(n, struct sadb_msg *);
6041 newmsg->sadb_msg_errno = 0;
6042 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6043
6044 m_freem(m);
6045 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6046 }
6047 }
6048
6049 /*
6050 * SADB_GET processing
6051 * receive
6052 * <base, SA(*), address(SD)>
6053 * from the ikmpd, and get a SP and a SA to respond,
6054 * and send,
6055 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6056 * (identity(SD),) (sensitivity)>
6057 * to the ikmpd.
6058 *
6059 * m will always be freed.
6060 */
6061 static int
6062 key_get(so, m, mhp)
6063 struct socket *so;
6064 struct mbuf *m;
6065 const struct sadb_msghdr *mhp;
6066 {
6067 struct sadb_sa *sa0;
6068 struct sadb_address *src0, *dst0;
6069 struct secasindex saidx;
6070 struct secashead *sah;
6071 struct secasvar *sav = NULL;
6072 u_int16_t proto;
6073
6074 /* sanity check */
6075 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6076 panic("key_get: NULL pointer is passed.");
6077
6078 /* map satype to proto */
6079 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6080 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
6081 return key_senderror(so, m, EINVAL);
6082 }
6083
6084 if (mhp->ext[SADB_EXT_SA] == NULL ||
6085 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6086 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6087 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
6088 return key_senderror(so, m, EINVAL);
6089 }
6090 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6091 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6092 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6093 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
6094 return key_senderror(so, m, EINVAL);
6095 }
6096
6097 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6098 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6099 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6100
6101 /* sa_len safety check */
6102 if (KEY_CHECKSALEN(src0 + 1) != 0)
6103 return key_senderror(so, m, EINVAL);
6104 if (KEY_CHECKSALEN(dst0 + 1) != 0)
6105 return key_senderror(so, m, EINVAL);
6106
6107 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6108
6109 /* If not using NAT-T, make sure if port number is zero. */
6110 #ifndef IPSEC_NAT_T
6111 KEY_PORTTOSADDR(&saidx.src, 0);
6112 KEY_PORTTOSADDR(&saidx.dst, 0);
6113 #endif
6114
6115 /* get a SA header */
6116 LIST_FOREACH(sah, &sahtree, chain) {
6117 if (sah->state == SADB_SASTATE_DEAD)
6118 continue;
6119 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
6120 continue;
6121
6122 /* get a SA with SPI. */
6123 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6124 if (sav)
6125 break;
6126 }
6127 if (sah == NULL) {
6128 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
6129 return key_senderror(so, m, ENOENT);
6130 }
6131
6132 {
6133 struct mbuf *n;
6134 u_int8_t satype;
6135
6136 /* map proto to satype */
6137 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6138 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
6139 return key_senderror(so, m, EINVAL);
6140 }
6141
6142 /* create new sadb_msg to reply. */
6143 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6144 mhp->msg->sadb_msg_pid);
6145 if (!n)
6146 return key_senderror(so, m, ENOBUFS);
6147
6148 m_freem(m);
6149 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6150 }
6151 }
6152
6153 /* XXX make it sysctl-configurable? */
6154 static void
6155 key_getcomb_setlifetime(comb)
6156 struct sadb_comb *comb;
6157 {
6158
6159 comb->sadb_comb_soft_allocations = 1;
6160 comb->sadb_comb_hard_allocations = 1;
6161 comb->sadb_comb_soft_bytes = 0;
6162 comb->sadb_comb_hard_bytes = 0;
6163 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6164 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
6165 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
6166 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6167 }
6168
6169 #ifdef IPSEC_ESP
6170 /*
6171 * XXX reorder combinations by preference
6172 * XXX no idea if the user wants ESP authentication or not
6173 */
6174 static struct mbuf *
6175 key_getcomb_esp()
6176 {
6177 struct sadb_comb *comb;
6178 const struct esp_algorithm *algo;
6179 struct mbuf *result = NULL, *m, *n;
6180 int encmin;
6181 int i, off, o;
6182 int totlen;
6183 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6184
6185 m = NULL;
6186 for (i = 1; i <= SADB_EALG_MAX; i++) {
6187 algo = esp_algorithm_lookup(i);
6188 if (!algo)
6189 continue;
6190
6191 if (algo->keymax < ipsec_esp_keymin)
6192 continue;
6193 if (algo->keymin < ipsec_esp_keymin)
6194 encmin = ipsec_esp_keymin;
6195 else
6196 encmin = algo->keymin;
6197
6198 if (ipsec_esp_auth)
6199 m = key_getcomb_ah();
6200 else {
6201 #ifdef DIAGNOSTIC
6202 if (l > MLEN)
6203 panic("assumption failed in key_getcomb_esp");
6204 #endif
6205 MGET(m, M_DONTWAIT, MT_DATA);
6206 if (m) {
6207 M_ALIGN(m, l);
6208 m->m_len = l;
6209 m->m_next = NULL;
6210 bzero(mtod(m, void *), m->m_len);
6211 }
6212 }
6213 if (!m)
6214 goto fail;
6215
6216 totlen = 0;
6217 for (n = m; n; n = n->m_next)
6218 totlen += n->m_len;
6219 #ifdef DIAGNOSTIC
6220 if (totlen % l)
6221 panic("assumption failed in key_getcomb_esp");
6222 #endif
6223
6224 for (off = 0; off < totlen; off += l) {
6225 n = m_pulldown(m, off, l, &o);
6226 if (!n) {
6227 /* m is already freed */
6228 goto fail;
6229 }
6230 comb = (struct sadb_comb *)(mtod(n, char *) + o);
6231 bzero(comb, sizeof(*comb));
6232 key_getcomb_setlifetime(comb);
6233 comb->sadb_comb_encrypt = i;
6234 comb->sadb_comb_encrypt_minbits = encmin;
6235 comb->sadb_comb_encrypt_maxbits = algo->keymax;
6236 }
6237
6238 if (!result)
6239 result = m;
6240 else
6241 m_cat(result, m);
6242 }
6243
6244 return result;
6245
6246 fail:
6247 if (result)
6248 m_freem(result);
6249 return NULL;
6250 }
6251 #endif
6252
6253 /*
6254 * XXX reorder combinations by preference
6255 */
6256 static struct mbuf *
6257 key_getcomb_ah()
6258 {
6259 struct sadb_comb *comb;
6260 const struct ah_algorithm *algo;
6261 struct mbuf *m;
6262 int xmin;
6263 int i;
6264 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6265
6266 m = NULL;
6267 for (i = 1; i <= SADB_AALG_MAX; i++) {
6268 #if 1
6269 /* we prefer HMAC algorithms, not old algorithms */
6270 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
6271 continue;
6272 #endif
6273 algo = ah_algorithm_lookup(i);
6274 if (!algo)
6275 continue;
6276
6277 if (algo->keymax < ipsec_ah_keymin)
6278 continue;
6279 if (algo->keymin < ipsec_ah_keymin)
6280 xmin = ipsec_ah_keymin;
6281 else
6282 xmin = algo->keymin;
6283
6284 if (!m) {
6285 #ifdef DIAGNOSTIC
6286 if (l > MLEN)
6287 panic("assumption failed in key_getcomb_ah");
6288 #endif
6289 MGET(m, M_DONTWAIT, MT_DATA);
6290 if (m) {
6291 M_ALIGN(m, l);
6292 m->m_len = l;
6293 m->m_next = NULL;
6294 }
6295 } else
6296 M_PREPEND(m, l, M_DONTWAIT);
6297 if (!m)
6298 return NULL;
6299
6300 comb = mtod(m, struct sadb_comb *);
6301 bzero(comb, sizeof(*comb));
6302 key_getcomb_setlifetime(comb);
6303 comb->sadb_comb_auth = i;
6304 comb->sadb_comb_auth_minbits = xmin;
6305 comb->sadb_comb_auth_maxbits = algo->keymax;
6306 }
6307
6308 return m;
6309 }
6310
6311 /*
6312 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6313 * XXX reorder combinations by preference
6314 */
6315 static struct mbuf *
6316 key_getcomb_ipcomp()
6317 {
6318 struct sadb_comb *comb;
6319 const struct ipcomp_algorithm *algo;
6320 struct mbuf *m;
6321 int i;
6322 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6323
6324 m = NULL;
6325 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6326 algo = ipcomp_algorithm_lookup(i);
6327 if (!algo)
6328 continue;
6329
6330 if (!m) {
6331 #ifdef DIAGNOSTIC
6332 if (l > MLEN)
6333 panic("assumption failed in key_getcomb_ipcomp");
6334 #endif
6335 MGET(m, M_DONTWAIT, MT_DATA);
6336 if (m) {
6337 M_ALIGN(m, l);
6338 m->m_len = l;
6339 m->m_next = NULL;
6340 }
6341 } else
6342 M_PREPEND(m, l, M_DONTWAIT);
6343 if (!m)
6344 return NULL;
6345
6346 comb = mtod(m, struct sadb_comb *);
6347 bzero(comb, sizeof(*comb));
6348 key_getcomb_setlifetime(comb);
6349 comb->sadb_comb_encrypt = i;
6350 /* what should we set into sadb_comb_*_{min,max}bits? */
6351 }
6352
6353 return m;
6354 }
6355
6356 /*
6357 * XXX no way to pass mode (transport/tunnel) to userland
6358 * XXX replay checking?
6359 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6360 */
6361 static struct mbuf *
6362 key_getprop(saidx)
6363 const struct secasindex *saidx;
6364 {
6365 struct sadb_prop *prop;
6366 struct mbuf *m, *n;
6367 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6368 int totlen;
6369
6370 switch (saidx->proto) {
6371 #ifdef IPSEC_ESP
6372 case IPPROTO_ESP:
6373 m = key_getcomb_esp();
6374 break;
6375 #endif
6376 case IPPROTO_AH:
6377 m = key_getcomb_ah();
6378 break;
6379 case IPPROTO_IPCOMP:
6380 m = key_getcomb_ipcomp();
6381 break;
6382 default:
6383 return NULL;
6384 }
6385
6386 if (!m)
6387 return NULL;
6388 M_PREPEND(m, l, M_DONTWAIT);
6389 if (!m)
6390 return NULL;
6391
6392 totlen = 0;
6393 for (n = m; n; n = n->m_next)
6394 totlen += n->m_len;
6395
6396 prop = mtod(m, struct sadb_prop *);
6397 bzero(prop, sizeof(*prop));
6398 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6399 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6400 prop->sadb_prop_replay = 32; /* XXX */
6401
6402 return m;
6403 }
6404
6405 /*
6406 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6407 * send
6408 * <base, SA, address(SD), (address(P)), x_policy,
6409 * (identity(SD),) (sensitivity,) proposal>
6410 * to KMD, and expect to receive
6411 * <base> with SADB_ACQUIRE if error occurred,
6412 * or
6413 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6414 * from KMD by PF_KEY.
6415 *
6416 * XXX x_policy is outside of RFC2367 (KAME extension).
6417 * XXX sensitivity is not supported.
6418 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6419 * see comment for key_getcomb_ipcomp().
6420 *
6421 * OUT:
6422 * 0 : succeed
6423 * others: error number
6424 */
6425 static int
6426 key_acquire(saidx, sp)
6427 struct secasindex *saidx;
6428 struct secpolicy *sp;
6429 {
6430 struct mbuf *result = NULL, *m;
6431 #ifndef IPSEC_NONBLOCK_ACQUIRE
6432 struct secacq *newacq;
6433 #endif
6434 u_int8_t satype;
6435 int error = -1;
6436 u_int32_t seq;
6437
6438 /* sanity check */
6439 if (saidx == NULL)
6440 panic("key_acquire: NULL pointer is passed.");
6441 if ((satype = key_proto2satype(saidx->proto)) == 0)
6442 panic("key_acquire: invalid proto is passed.");
6443
6444 #ifndef IPSEC_NONBLOCK_ACQUIRE
6445 /*
6446 * We never do anything about acquirng SA. There is anather
6447 * solution that kernel blocks to send SADB_ACQUIRE message until
6448 * getting something message from IKEd. In later case, to be
6449 * managed with ACQUIRING list.
6450 */
6451 /* get an entry to check whether sending message or not. */
6452 if ((newacq = key_getacq(saidx)) != NULL) {
6453 if (key_blockacq_count < newacq->count) {
6454 /* reset counter and do send message. */
6455 newacq->count = 0;
6456 } else {
6457 /* increment counter and do nothing. */
6458 newacq->count++;
6459 return 0;
6460 }
6461 } else {
6462 /* make new entry for blocking to send SADB_ACQUIRE. */
6463 if ((newacq = key_newacq(saidx)) == NULL)
6464 return ENOBUFS;
6465
6466 /* add to acqtree */
6467 LIST_INSERT_HEAD(&acqtree, newacq, chain);
6468 }
6469 #endif
6470
6471 #ifndef IPSEC_NONBLOCK_ACQUIRE
6472 seq = newacq->seq;
6473 #else
6474 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
6475 #endif
6476 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6477 if (!m) {
6478 error = ENOBUFS;
6479 goto fail;
6480 }
6481 result = m;
6482
6483 /* set sadb_address for saidx's. */
6484 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6485 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
6486 if (!m) {
6487 error = ENOBUFS;
6488 goto fail;
6489 }
6490 m_cat(result, m);
6491
6492 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6493 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
6494 if (!m) {
6495 error = ENOBUFS;
6496 goto fail;
6497 }
6498 m_cat(result, m);
6499
6500 /* XXX proxy address (optional) */
6501
6502 /* set sadb_x_policy */
6503 if (sp) {
6504 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
6505 if (!m) {
6506 error = ENOBUFS;
6507 goto fail;
6508 }
6509 m_cat(result, m);
6510 }
6511
6512 #ifdef SADB_X_EXT_TAG
6513 /* set sadb_x_tag */
6514 if (sp && sp->tag) {
6515 m = key_setsadbxtag(sp->tag);
6516 if (!m) {
6517 error = ENOBUFS;
6518 goto fail;
6519 }
6520 m_cat(result, m);
6521 }
6522 #endif
6523
6524 /* XXX identity (optional) */
6525 #if 0
6526 if (idexttype && fqdn) {
6527 /* create identity extension (FQDN) */
6528 struct sadb_ident *id;
6529 int fqdnlen;
6530
6531 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6532 id = (struct sadb_ident *)p;
6533 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6534 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6535 id->sadb_ident_exttype = idexttype;
6536 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6537 bcopy(fqdn, id + 1, fqdnlen);
6538 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6539 }
6540
6541 if (idexttype) {
6542 /* create identity extension (USERFQDN) */
6543 struct sadb_ident *id;
6544 int userfqdnlen;
6545
6546 if (userfqdn) {
6547 /* +1 for terminating-NUL */
6548 userfqdnlen = strlen(userfqdn) + 1;
6549 } else
6550 userfqdnlen = 0;
6551 id = (struct sadb_ident *)p;
6552 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6553 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6554 id->sadb_ident_exttype = idexttype;
6555 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6556 /* XXX is it correct? */
6557 if (curlwp)
6558 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred);
6559 if (userfqdn && userfqdnlen)
6560 bcopy(userfqdn, id + 1, userfqdnlen);
6561 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6562 }
6563 #endif
6564
6565 /* XXX sensitivity (optional) */
6566
6567 /* create proposal/combination extension */
6568 m = key_getprop(saidx);
6569 #if 0
6570 /*
6571 * spec conformant: always attach proposal/combination extension,
6572 * the problem is that we have no way to attach it for ipcomp,
6573 * due to the way sadb_comb is declared in RFC2367.
6574 */
6575 if (!m) {
6576 error = ENOBUFS;
6577 goto fail;
6578 }
6579 m_cat(result, m);
6580 #else
6581 /*
6582 * outside of spec; make proposal/combination extension optional.
6583 */
6584 if (m)
6585 m_cat(result, m);
6586 #endif
6587
6588 if ((result->m_flags & M_PKTHDR) == 0) {
6589 error = EINVAL;
6590 goto fail;
6591 }
6592
6593 if (result->m_len < sizeof(struct sadb_msg)) {
6594 result = m_pullup(result, sizeof(struct sadb_msg));
6595 if (result == NULL) {
6596 error = ENOBUFS;
6597 goto fail;
6598 }
6599 }
6600
6601 result->m_pkthdr.len = 0;
6602 for (m = result; m; m = m->m_next)
6603 result->m_pkthdr.len += m->m_len;
6604
6605 mtod(result, struct sadb_msg *)->sadb_msg_len =
6606 PFKEY_UNIT64(result->m_pkthdr.len);
6607
6608 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6609
6610 fail:
6611 if (result)
6612 m_freem(result);
6613 return error;
6614 }
6615
6616 #ifndef IPSEC_NONBLOCK_ACQUIRE
6617 static struct secacq *
6618 key_newacq(saidx)
6619 struct secasindex *saidx;
6620 {
6621 struct secacq *newacq;
6622
6623 /* get new entry */
6624 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
6625 if (newacq == NULL) {
6626 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6627 return NULL;
6628 }
6629 bzero(newacq, sizeof(*newacq));
6630
6631 /* copy secindex */
6632 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
6633 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6634 newacq->created = time_second;
6635 newacq->count = 1;
6636
6637 return newacq;
6638 }
6639
6640 static struct secacq *
6641 key_getacq(saidx)
6642 struct secasindex *saidx;
6643 {
6644 struct secacq *acq;
6645
6646 LIST_FOREACH(acq, &acqtree, chain) {
6647 if (key_cmpsaidx_exactly(saidx, &acq->saidx))
6648 return acq;
6649 }
6650
6651 return NULL;
6652 }
6653
6654 static struct secacq *
6655 key_getacqbyseq(seq)
6656 u_int32_t seq;
6657 {
6658 struct secacq *acq;
6659
6660 LIST_FOREACH(acq, &acqtree, chain) {
6661 if (acq->seq == seq)
6662 return acq;
6663 }
6664
6665 return NULL;
6666 }
6667 #endif
6668
6669 static struct secspacq *
6670 key_newspacq(spidx)
6671 struct secpolicyindex *spidx;
6672 {
6673 struct secspacq *acq;
6674
6675 if (!spidx)
6676 return NULL;
6677
6678 /* get new entry */
6679 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
6680 if (acq == NULL) {
6681 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6682 return NULL;
6683 }
6684 bzero(acq, sizeof(*acq));
6685
6686 /* copy secindex */
6687 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
6688 acq->created = time_second;
6689 acq->count = 0;
6690
6691 return acq;
6692 }
6693
6694 static struct secspacq *
6695 key_getspacq(spidx)
6696 struct secpolicyindex *spidx;
6697 {
6698 struct secspacq *acq;
6699
6700 if (!spidx)
6701 return NULL;
6702
6703 LIST_FOREACH(acq, &spacqtree, chain) {
6704 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6705 return acq;
6706 }
6707
6708 return NULL;
6709 }
6710
6711 /*
6712 * SADB_ACQUIRE processing,
6713 * in first situation, is receiving
6714 * <base>
6715 * from the ikmpd, and clear sequence of its secasvar entry.
6716 *
6717 * In second situation, is receiving
6718 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6719 * from a user land process, and return
6720 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6721 * to the socket.
6722 *
6723 * m will always be freed.
6724 */
6725 static int
6726 key_acquire2(so, m, mhp)
6727 struct socket *so;
6728 struct mbuf *m;
6729 const struct sadb_msghdr *mhp;
6730 {
6731 const struct sadb_address *src0, *dst0;
6732 struct secasindex saidx;
6733 struct secashead *sah;
6734 u_int16_t proto;
6735 int error;
6736
6737 /* sanity check */
6738 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6739 panic("key_acquire2: NULL pointer is passed.");
6740
6741 /*
6742 * Error message from KMd.
6743 * We assume that if error was occurred in IKEd, the length of PFKEY
6744 * message is equal to the size of sadb_msg structure.
6745 * We do not raise error even if error occurred in this function.
6746 */
6747 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6748 #ifndef IPSEC_NONBLOCK_ACQUIRE
6749 struct secacq *acq;
6750
6751 /* check sequence number */
6752 if (mhp->msg->sadb_msg_seq == 0) {
6753 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6754 m_freem(m);
6755 return 0;
6756 }
6757
6758 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6759 /*
6760 * the specified larval SA is already gone, or we got
6761 * a bogus sequence number. we can silently ignore it.
6762 */
6763 m_freem(m);
6764 return 0;
6765 }
6766
6767 /* reset acq counter in order to deletion by timehander. */
6768 acq->created = time_second;
6769 acq->count = 0;
6770 #endif
6771 m_freem(m);
6772 return 0;
6773 }
6774
6775 /*
6776 * This message is from user land.
6777 */
6778
6779 /* map satype to proto */
6780 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6781 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6782 return key_senderror(so, m, EINVAL);
6783 }
6784
6785 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6786 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6787 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6788 /* error */
6789 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6790 return key_senderror(so, m, EINVAL);
6791 }
6792 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6793 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6794 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6795 /* error */
6796 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6797 return key_senderror(so, m, EINVAL);
6798 }
6799
6800 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6801 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6802
6803 /* sa_len safety check */
6804 if (KEY_CHECKSALEN(src0 + 1) != 0)
6805 return key_senderror(so, m, EINVAL);
6806 if (KEY_CHECKSALEN(dst0 + 1) != 0)
6807 return key_senderror(so, m, EINVAL);
6808
6809 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6810
6811 /* If not using NAT-T, make sure if port number is zero. */
6812 #ifndef IPSEC_NAT_T
6813 KEY_PORTTOSADDR(&saidx.src, 0);
6814 KEY_PORTTOSADDR(&saidx.dst, 0);
6815 #endif
6816
6817 /* get a SA index */
6818 LIST_FOREACH(sah, &sahtree, chain) {
6819 if (sah->state == SADB_SASTATE_DEAD)
6820 continue;
6821 if (key_cmpsaidx_withmode(&sah->saidx, &saidx))
6822 break;
6823 }
6824 if (sah != NULL) {
6825 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6826 return key_senderror(so, m, EEXIST);
6827 }
6828
6829 error = key_acquire(&saidx, NULL);
6830 if (error != 0) {
6831 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6832 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6833 return key_senderror(so, m, error);
6834 }
6835
6836 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6837 }
6838
6839 /*
6840 * SADB_REGISTER processing.
6841 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6842 * receive
6843 * <base>
6844 * from the ikmpd, and register a socket to send PF_KEY messages,
6845 * and send
6846 * <base, supported>
6847 * to KMD by PF_KEY.
6848 * If socket is detached, must free from regnode.
6849 *
6850 * m will always be freed.
6851 */
6852 static int
6853 key_register(so, m, mhp)
6854 struct socket *so;
6855 struct mbuf *m;
6856 const struct sadb_msghdr *mhp;
6857 {
6858 struct secreg *reg, *newreg = 0;
6859
6860 /* sanity check */
6861 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6862 panic("key_register: NULL pointer is passed.");
6863
6864 /* check for invalid register message */
6865 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6866 return key_senderror(so, m, EINVAL);
6867
6868 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6869 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6870 goto setmsg;
6871
6872 /* check whether existing or not */
6873 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6874 if (reg->so == so) {
6875 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6876 return key_senderror(so, m, EEXIST);
6877 }
6878 }
6879
6880 /* create regnode */
6881 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6882 if (newreg == NULL) {
6883 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6884 return key_senderror(so, m, ENOBUFS);
6885 }
6886 bzero((void *)newreg, sizeof(*newreg));
6887
6888 newreg->so = so;
6889 ((struct keycb *)sotorawcb(so))->kp_registered++;
6890
6891 /* add regnode to regtree. */
6892 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6893
6894 setmsg:
6895 {
6896 struct mbuf *n;
6897 struct sadb_msg *newmsg;
6898 struct sadb_supported *sup;
6899 u_int len, alen, elen;
6900 int off;
6901 int i;
6902 struct sadb_alg *alg;
6903
6904 /* create new sadb_msg to reply. */
6905 alen = 0;
6906 for (i = 1; i <= SADB_AALG_MAX; i++) {
6907 if (ah_algorithm_lookup(i))
6908 alen += sizeof(struct sadb_alg);
6909 }
6910 if (alen)
6911 alen += sizeof(struct sadb_supported);
6912 elen = 0;
6913 #ifdef IPSEC_ESP
6914 for (i = 1; i <= SADB_EALG_MAX; i++) {
6915 if (esp_algorithm_lookup(i))
6916 elen += sizeof(struct sadb_alg);
6917 }
6918 if (elen)
6919 elen += sizeof(struct sadb_supported);
6920 #endif
6921
6922 len = sizeof(struct sadb_msg) + alen + elen;
6923
6924 if (len > MCLBYTES)
6925 return key_senderror(so, m, ENOBUFS);
6926
6927 MGETHDR(n, M_DONTWAIT, MT_DATA);
6928 if (len > MHLEN) {
6929 MCLGET(n, M_DONTWAIT);
6930 if ((n->m_flags & M_EXT) == 0) {
6931 m_freem(n);
6932 n = NULL;
6933 }
6934 }
6935 if (!n)
6936 return key_senderror(so, m, ENOBUFS);
6937
6938 n->m_pkthdr.len = n->m_len = len;
6939 n->m_next = NULL;
6940 off = 0;
6941
6942 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
6943 newmsg = mtod(n, struct sadb_msg *);
6944 newmsg->sadb_msg_errno = 0;
6945 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6946 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6947
6948 /* for authentication algorithm */
6949 if (alen) {
6950 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6951 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6952 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6953 off += PFKEY_ALIGN8(sizeof(*sup));
6954
6955 for (i = 1; i <= SADB_AALG_MAX; i++) {
6956 const struct ah_algorithm *aalgo;
6957
6958 aalgo = ah_algorithm_lookup(i);
6959 if (!aalgo)
6960 continue;
6961 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6962 alg->sadb_alg_id = i;
6963 alg->sadb_alg_ivlen = 0;
6964 alg->sadb_alg_minbits = aalgo->keymin;
6965 alg->sadb_alg_maxbits = aalgo->keymax;
6966 off += PFKEY_ALIGN8(sizeof(*alg));
6967 }
6968 }
6969
6970 #ifdef IPSEC_ESP
6971 /* for encryption algorithm */
6972 if (elen) {
6973 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6974 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6975 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6976 off += PFKEY_ALIGN8(sizeof(*sup));
6977
6978 for (i = 1; i <= SADB_EALG_MAX; i++) {
6979 const struct esp_algorithm *ealgo;
6980
6981 ealgo = esp_algorithm_lookup(i);
6982 if (!ealgo)
6983 continue;
6984 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6985 alg->sadb_alg_id = i;
6986 if (ealgo && ealgo->ivlen) {
6987 /*
6988 * give NULL to get the value preferred by
6989 * algorithm XXX SADB_X_EXT_DERIV ?
6990 */
6991 alg->sadb_alg_ivlen =
6992 (*ealgo->ivlen)(ealgo, NULL);
6993 } else
6994 alg->sadb_alg_ivlen = 0;
6995 alg->sadb_alg_minbits = ealgo->keymin;
6996 alg->sadb_alg_maxbits = ealgo->keymax;
6997 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6998 }
6999 }
7000 #endif
7001
7002 #ifdef DIAGNOSTIC
7003 if (off != len)
7004 panic("length assumption failed in key_register");
7005 #endif
7006
7007 m_freem(m);
7008 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
7009 }
7010 }
7011
7012 /*
7013 * free secreg entry registered.
7014 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7015 */
7016 void
7017 key_freereg(so)
7018 struct socket *so;
7019 {
7020 struct secreg *reg;
7021 int i;
7022
7023 /* sanity check */
7024 if (so == NULL)
7025 panic("key_freereg: NULL pointer is passed.");
7026
7027 /*
7028 * check whether existing or not.
7029 * check all type of SA, because there is a potential that
7030 * one socket is registered to multiple type of SA.
7031 */
7032 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7033 LIST_FOREACH(reg, ®tree[i], chain) {
7034 if (reg->so == so && __LIST_CHAINED(reg)) {
7035 LIST_REMOVE(reg, chain);
7036 KFREE(reg);
7037 break;
7038 }
7039 }
7040 }
7041
7042 return;
7043 }
7044
7045 /*
7046 * SADB_EXPIRE processing
7047 * send
7048 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7049 * to KMD by PF_KEY.
7050 * NOTE: We send only soft lifetime extension.
7051 *
7052 * OUT: 0 : succeed
7053 * others : error number
7054 */
7055 static int
7056 key_expire(sav)
7057 struct secasvar *sav;
7058 {
7059 int s;
7060 int satype;
7061 struct mbuf *result = NULL, *m;
7062 int len;
7063 int error = -1;
7064 struct sadb_lifetime *lt;
7065
7066 /* XXX: Why do we lock ? */
7067 s = splsoftnet(); /*called from softclock()*/
7068
7069 /* sanity check */
7070 if (sav == NULL)
7071 panic("key_expire: NULL pointer is passed.");
7072 if (sav->sah == NULL)
7073 panic("key_expire: Why was SA index in SA NULL.");
7074 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
7075 panic("key_expire: invalid proto is passed.");
7076
7077 /* set msg header */
7078 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
7079 if (!m) {
7080 error = ENOBUFS;
7081 goto fail;
7082 }
7083 result = m;
7084
7085 /* create SA extension */
7086 m = key_setsadbsa(sav);
7087 if (!m) {
7088 error = ENOBUFS;
7089 goto fail;
7090 }
7091 m_cat(result, m);
7092
7093 /* create SA extension */
7094 m = key_setsadbxsa2(sav->sah->saidx.mode,
7095 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
7096 sav->sah->saidx.reqid);
7097 if (!m) {
7098 error = ENOBUFS;
7099 goto fail;
7100 }
7101 m_cat(result, m);
7102
7103 /* create lifetime extension (current and soft) */
7104 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
7105 m = key_alloc_mbuf(len);
7106 if (!m || m->m_next) { /*XXX*/
7107 if (m)
7108 m_freem(m);
7109 error = ENOBUFS;
7110 goto fail;
7111 }
7112 bzero(mtod(m, void *), len);
7113 lt = mtod(m, struct sadb_lifetime *);
7114 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7115 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
7116 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
7117 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
7118 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
7119 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
7120 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
7121 bcopy(sav->lft_s, lt, sizeof(*lt));
7122 m_cat(result, m);
7123
7124 /* set sadb_address for source */
7125 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
7126 (struct sockaddr *)&sav->sah->saidx.src,
7127 FULLMASK, IPSEC_ULPROTO_ANY);
7128 if (!m) {
7129 error = ENOBUFS;
7130 goto fail;
7131 }
7132 m_cat(result, m);
7133
7134 /* set sadb_address for destination */
7135 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
7136 (struct sockaddr *)&sav->sah->saidx.dst,
7137 FULLMASK, IPSEC_ULPROTO_ANY);
7138 if (!m) {
7139 error = ENOBUFS;
7140 goto fail;
7141 }
7142 m_cat(result, m);
7143
7144 if ((result->m_flags & M_PKTHDR) == 0) {
7145 error = EINVAL;
7146 goto fail;
7147 }
7148
7149 if (result->m_len < sizeof(struct sadb_msg)) {
7150 result = m_pullup(result, sizeof(struct sadb_msg));
7151 if (result == NULL) {
7152 error = ENOBUFS;
7153 goto fail;
7154 }
7155 }
7156
7157 result->m_pkthdr.len = 0;
7158 for (m = result; m; m = m->m_next)
7159 result->m_pkthdr.len += m->m_len;
7160
7161 mtod(result, struct sadb_msg *)->sadb_msg_len =
7162 PFKEY_UNIT64(result->m_pkthdr.len);
7163
7164 splx(s);
7165 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7166
7167 fail:
7168 if (result)
7169 m_freem(result);
7170 splx(s);
7171 return error;
7172 }
7173
7174 /*
7175 * SADB_FLUSH processing
7176 * receive
7177 * <base>
7178 * from the ikmpd, and free all entries in secastree.
7179 * and send,
7180 * <base>
7181 * to the ikmpd.
7182 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7183 *
7184 * m will always be freed.
7185 */
7186 static int
7187 key_flush(so, m, mhp)
7188 struct socket *so;
7189 struct mbuf *m;
7190 const struct sadb_msghdr *mhp;
7191 {
7192 struct sadb_msg *newmsg;
7193 struct secashead *sah, *nextsah;
7194 struct secasvar *sav, *nextsav;
7195 u_int16_t proto;
7196 u_int8_t state;
7197 u_int stateidx;
7198
7199 /* sanity check */
7200 if (so == NULL || mhp == NULL || mhp->msg == NULL)
7201 panic("key_flush: NULL pointer is passed.");
7202
7203 /* map satype to proto */
7204 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7205 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
7206 return key_senderror(so, m, EINVAL);
7207 }
7208
7209 /* no SATYPE specified, i.e. flushing all SA. */
7210 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
7211 nextsah = LIST_NEXT(sah, chain);
7212
7213 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7214 proto != sah->saidx.proto)
7215 continue;
7216
7217 for (stateidx = 0;
7218 stateidx < _ARRAYLEN(saorder_state_alive);
7219 stateidx++) {
7220 state = saorder_state_any[stateidx];
7221 for (sav = LIST_FIRST(&sah->savtree[state]);
7222 sav != NULL;
7223 sav = nextsav) {
7224
7225 nextsav = LIST_NEXT(sav, chain);
7226
7227 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7228 key_freesav(sav);
7229 }
7230 }
7231
7232 sah->state = SADB_SASTATE_DEAD;
7233 }
7234
7235 if (m->m_len < sizeof(struct sadb_msg) ||
7236 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7237 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
7238 return key_senderror(so, m, ENOBUFS);
7239 }
7240
7241 if (m->m_next)
7242 m_freem(m->m_next);
7243 m->m_next = NULL;
7244 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7245 newmsg = mtod(m, struct sadb_msg *);
7246 newmsg->sadb_msg_errno = 0;
7247 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7248
7249 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7250 }
7251
7252 /*
7253 * SADB_DUMP processing
7254 * dump all entries including status of DEAD in SAD.
7255 * receive
7256 * <base>
7257 * from the ikmpd, and dump all secasvar leaves
7258 * and send,
7259 * <base> .....
7260 * to the ikmpd.
7261 *
7262 * m will always be freed.
7263 */
7264 static int
7265 key_dump(so, m, mhp)
7266 struct socket *so;
7267 struct mbuf *m;
7268 const struct sadb_msghdr *mhp;
7269 {
7270 struct secashead *sah;
7271 struct secasvar *sav;
7272 u_int16_t proto;
7273 u_int stateidx;
7274 u_int8_t satype;
7275 u_int8_t state;
7276 int cnt, error = 0, needwait = 0;
7277 struct keycb *kp;
7278 struct mbuf *n;
7279
7280 /* sanity check */
7281 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7282 panic("key_dump: NULL pointer is passed.");
7283
7284 /* map satype to proto */
7285 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7286 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
7287 return key_senderror(so, m, EINVAL);
7288 }
7289
7290 /* count sav entries to be sent to the userland. */
7291 cnt = 0;
7292 LIST_FOREACH(sah, &sahtree, chain) {
7293 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7294 proto != sah->saidx.proto)
7295 continue;
7296
7297 for (stateidx = 0;
7298 stateidx < _ARRAYLEN(saorder_state_any);
7299 stateidx++) {
7300 state = saorder_state_any[stateidx];
7301 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7302 cnt++;
7303 }
7304 }
7305 }
7306
7307 if (cnt == 0)
7308 return key_senderror(so, m, ENOENT);
7309
7310 /* send this to the userland, one at a time. */
7311 LIST_FOREACH(sah, &sahtree, chain) {
7312 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7313 proto != sah->saidx.proto)
7314 continue;
7315
7316 /* map proto to satype */
7317 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7318 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
7319 return key_senderror(so, m, EINVAL);
7320 }
7321
7322 for (stateidx = 0;
7323 stateidx < _ARRAYLEN(saorder_state_any);
7324 stateidx++) {
7325 state = saorder_state_any[stateidx];
7326 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7327 n = key_setdumpsa(sav, SADB_DUMP, satype,
7328 --cnt, mhp->msg->sadb_msg_pid);
7329 if (!n)
7330 return key_senderror(so, m, ENOBUFS);
7331
7332 error = key_sendup_mbuf(so, n,
7333 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT);
7334 if (error == EAGAIN)
7335 needwait = 1;
7336 }
7337 }
7338 }
7339
7340 kp = (struct keycb *)sotorawcb(so);
7341 while (needwait && kp->kp_queue)
7342 sbwait(&so->so_rcv);
7343
7344 m_freem(m);
7345 return 0;
7346 }
7347
7348 static struct mbuf *
7349 key_setdump(req_satype, errorp)
7350 u_int8_t req_satype;
7351 int *errorp;
7352 {
7353 struct secashead *sah;
7354 struct secasvar *sav;
7355 u_int16_t proto;
7356 u_int stateidx;
7357 u_int8_t satype;
7358 u_int8_t state;
7359 int cnt;
7360 struct mbuf *m, *n;
7361
7362 /* map satype to proto */
7363 if ((proto = key_satype2proto(req_satype)) == 0) {
7364 *errorp = EINVAL;
7365 return (NULL);
7366 }
7367
7368 /* count sav entries to be sent to the userland. */
7369 cnt = 0;
7370 LIST_FOREACH(sah, &sahtree, chain) {
7371 if (req_satype != SADB_SATYPE_UNSPEC &&
7372 proto != sah->saidx.proto)
7373 continue;
7374
7375 for (stateidx = 0;
7376 stateidx < _ARRAYLEN(saorder_state_any);
7377 stateidx++) {
7378 state = saorder_state_any[stateidx];
7379 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7380 cnt++;
7381 }
7382 }
7383 }
7384
7385 if (cnt == 0) {
7386 *errorp = ENOENT;
7387 return (NULL);
7388 }
7389
7390 /* send this to the userland, one at a time. */
7391 m = NULL;
7392 LIST_FOREACH(sah, &sahtree, chain) {
7393 if (req_satype != SADB_SATYPE_UNSPEC &&
7394 proto != sah->saidx.proto)
7395 continue;
7396
7397 /* map proto to satype */
7398 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7399 m_freem(m);
7400 *errorp = EINVAL;
7401 return (NULL);
7402 }
7403
7404 for (stateidx = 0;
7405 stateidx < _ARRAYLEN(saorder_state_any);
7406 stateidx++) {
7407 state = saorder_state_any[stateidx];
7408 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7409 n = key_setdumpsa(sav, SADB_DUMP, satype,
7410 --cnt, 0);
7411 if (!n) {
7412 m_freem(m);
7413 *errorp = ENOBUFS;
7414 return (NULL);
7415 }
7416
7417 if (!m)
7418 m = n;
7419 else
7420 m_cat(m, n);
7421 }
7422 }
7423 }
7424
7425 if (!m) {
7426 *errorp = EINVAL;
7427 return (NULL);
7428 }
7429
7430 if ((m->m_flags & M_PKTHDR) != 0) {
7431 m->m_pkthdr.len = 0;
7432 for (n = m; n; n = n->m_next)
7433 m->m_pkthdr.len += n->m_len;
7434 }
7435
7436 *errorp = 0;
7437 return (m);
7438 }
7439
7440 struct mbuf *
7441 key_setdumpsa_spi(spi)
7442 u_int32_t spi;
7443 {
7444 struct mbuf *m, *n;
7445 struct secasvar *sav;
7446 u_int8_t satype;
7447 int cnt;
7448
7449 cnt = 0;
7450 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
7451 if (sav->spi != spi)
7452 continue;
7453 cnt++;
7454 }
7455
7456 if (cnt == 0)
7457 return (NULL);
7458
7459 m = NULL;
7460 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
7461 if (sav->spi != spi)
7462 continue;
7463 satype = key_proto2satype(sav->sah->saidx.proto);
7464 n = key_setdumpsa(sav, SADB_DUMP, satype, --cnt, 0);
7465 if (!m)
7466 m = n;
7467 else if (n)
7468 m_cat(m, n);
7469 }
7470
7471 if (!m)
7472 return (NULL);
7473
7474 if ((m->m_flags & M_PKTHDR) != 0) {
7475 m->m_pkthdr.len = 0;
7476 for (n = m; n; n = n->m_next)
7477 m->m_pkthdr.len += n->m_len;
7478 }
7479
7480 return (m);
7481 }
7482
7483 /*
7484 * SADB_X_PROMISC processing
7485 *
7486 * m will always be freed.
7487 */
7488 static int
7489 key_promisc(so, m, mhp)
7490 struct socket *so;
7491 struct mbuf *m;
7492 const struct sadb_msghdr *mhp;
7493 {
7494 int olen;
7495
7496 /* sanity check */
7497 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7498 panic("key_promisc: NULL pointer is passed.");
7499
7500 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7501
7502 if (olen < sizeof(struct sadb_msg)) {
7503 #if 1
7504 return key_senderror(so, m, EINVAL);
7505 #else
7506 m_freem(m);
7507 return 0;
7508 #endif
7509 } else if (olen == sizeof(struct sadb_msg)) {
7510 /* enable/disable promisc mode */
7511 struct keycb *kp;
7512
7513 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
7514 return key_senderror(so, m, EINVAL);
7515 mhp->msg->sadb_msg_errno = 0;
7516 switch (mhp->msg->sadb_msg_satype) {
7517 case 0:
7518 case 1:
7519 kp->kp_promisc = mhp->msg->sadb_msg_satype;
7520 break;
7521 default:
7522 return key_senderror(so, m, EINVAL);
7523 }
7524
7525 /* send the original message back to everyone */
7526 mhp->msg->sadb_msg_errno = 0;
7527 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7528 } else {
7529 /* send packet as is */
7530
7531 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7532
7533 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7534 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7535 }
7536 }
7537
7538 static int (*key_typesw[]) __P((struct socket *, struct mbuf *,
7539 const struct sadb_msghdr *)) = {
7540 NULL, /* SADB_RESERVED */
7541 key_getspi, /* SADB_GETSPI */
7542 key_update, /* SADB_UPDATE */
7543 key_add, /* SADB_ADD */
7544 key_delete, /* SADB_DELETE */
7545 key_get, /* SADB_GET */
7546 key_acquire2, /* SADB_ACQUIRE */
7547 key_register, /* SADB_REGISTER */
7548 NULL, /* SADB_EXPIRE */
7549 key_flush, /* SADB_FLUSH */
7550 key_dump, /* SADB_DUMP */
7551 key_promisc, /* SADB_X_PROMISC */
7552 NULL, /* SADB_X_PCHANGE */
7553 key_spdadd, /* SADB_X_SPDUPDATE */
7554 key_spdadd, /* SADB_X_SPDADD */
7555 key_spddelete, /* SADB_X_SPDDELETE */
7556 key_spdget, /* SADB_X_SPDGET */
7557 NULL, /* SADB_X_SPDACQUIRE */
7558 key_spddump, /* SADB_X_SPDDUMP */
7559 key_spdflush, /* SADB_X_SPDFLUSH */
7560 key_spdadd, /* SADB_X_SPDSETIDX */
7561 NULL, /* SADB_X_SPDEXPIRE */
7562 key_spddelete2, /* SADB_X_SPDDELETE2 */
7563 #ifdef IPSEC_NAT_T
7564 key_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */
7565 #else
7566 NULL,
7567 #endif
7568 };
7569
7570 /*
7571 * parse sadb_msg buffer to process PFKEYv2,
7572 * and create a data to response if needed.
7573 * I think to be dealed with mbuf directly.
7574 * IN:
7575 * msgp : pointer to pointer to a received buffer pulluped.
7576 * This is rewrited to response.
7577 * so : pointer to socket.
7578 * OUT:
7579 * length for buffer to send to user process.
7580 */
7581 int
7582 key_parse(m, so)
7583 struct mbuf *m;
7584 struct socket *so;
7585 {
7586 struct sadb_msg *msg;
7587 struct sadb_msghdr mh;
7588 u_int orglen;
7589 int error;
7590 int target;
7591 #ifdef INET6
7592 struct sockaddr_in6 *sin6;
7593 #endif
7594
7595 /* sanity check */
7596 if (m == NULL || so == NULL)
7597 panic("key_parse: NULL pointer is passed.");
7598
7599 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
7600 KEYDEBUG(KEYDEBUG_KEY_DUMP,
7601 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
7602 kdebug_sadb(msg));
7603 #endif
7604
7605 if (m->m_len < sizeof(struct sadb_msg)) {
7606 m = m_pullup(m, sizeof(struct sadb_msg));
7607 if (!m)
7608 return ENOBUFS;
7609 }
7610 msg = mtod(m, struct sadb_msg *);
7611 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7612 target = KEY_SENDUP_ONE;
7613
7614 if ((m->m_flags & M_PKTHDR) == 0 ||
7615 m->m_pkthdr.len != m->m_pkthdr.len) {
7616 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
7617 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7618 error = EINVAL;
7619 goto senderror;
7620 }
7621
7622 if (msg->sadb_msg_version != PF_KEY_V2) {
7623 ipseclog((LOG_DEBUG,
7624 "key_parse: PF_KEY version %u is mismatched.\n",
7625 msg->sadb_msg_version));
7626 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER);
7627 error = EINVAL;
7628 goto senderror;
7629 }
7630
7631 if (msg->sadb_msg_type > SADB_MAX) {
7632 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7633 msg->sadb_msg_type));
7634 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7635 error = EINVAL;
7636 goto senderror;
7637 }
7638
7639 /* for old-fashioned code - should be nuked */
7640 if (m->m_pkthdr.len > MCLBYTES) {
7641 m_freem(m);
7642 return ENOBUFS;
7643 }
7644 if (m->m_next) {
7645 struct mbuf *n;
7646
7647 MGETHDR(n, M_DONTWAIT, MT_DATA);
7648 if (n && m->m_pkthdr.len > MHLEN) {
7649 MCLGET(n, M_DONTWAIT);
7650 if ((n->m_flags & M_EXT) == 0) {
7651 m_free(n);
7652 n = NULL;
7653 }
7654 }
7655 if (!n) {
7656 m_freem(m);
7657 return ENOBUFS;
7658 }
7659 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *));
7660 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7661 n->m_next = NULL;
7662 m_freem(m);
7663 m = n;
7664 }
7665
7666 /* align the mbuf chain so that extensions are in contiguous region. */
7667 error = key_align(m, &mh);
7668 if (error)
7669 return error;
7670
7671 msg = mh.msg;
7672
7673 /* check SA type */
7674 switch (msg->sadb_msg_satype) {
7675 case SADB_SATYPE_UNSPEC:
7676 switch (msg->sadb_msg_type) {
7677 case SADB_GETSPI:
7678 case SADB_UPDATE:
7679 case SADB_ADD:
7680 case SADB_DELETE:
7681 case SADB_GET:
7682 case SADB_ACQUIRE:
7683 case SADB_EXPIRE:
7684 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
7685 "when msg type=%u.\n", msg->sadb_msg_type));
7686 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7687 error = EINVAL;
7688 goto senderror;
7689 }
7690 break;
7691 case SADB_SATYPE_AH:
7692 case SADB_SATYPE_ESP:
7693 case SADB_X_SATYPE_IPCOMP:
7694 case SADB_X_SATYPE_TCPSIGNATURE:
7695 switch (msg->sadb_msg_type) {
7696 case SADB_X_SPDADD:
7697 case SADB_X_SPDDELETE:
7698 case SADB_X_SPDGET:
7699 case SADB_X_SPDDUMP:
7700 case SADB_X_SPDFLUSH:
7701 case SADB_X_SPDSETIDX:
7702 case SADB_X_SPDUPDATE:
7703 case SADB_X_SPDDELETE2:
7704 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7705 msg->sadb_msg_type));
7706 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7707 error = EINVAL;
7708 goto senderror;
7709 }
7710 break;
7711 case SADB_SATYPE_RSVP:
7712 case SADB_SATYPE_OSPFV2:
7713 case SADB_SATYPE_RIPV2:
7714 case SADB_SATYPE_MIP:
7715 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7716 msg->sadb_msg_satype));
7717 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7718 error = EOPNOTSUPP;
7719 goto senderror;
7720 case 1: /* XXX: What does it do? */
7721 if (msg->sadb_msg_type == SADB_X_PROMISC)
7722 break;
7723 /*FALLTHROUGH*/
7724 default:
7725 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7726 msg->sadb_msg_satype));
7727 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7728 error = EINVAL;
7729 goto senderror;
7730 }
7731
7732 /* check field of upper layer protocol and address family */
7733 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7734 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7735 struct sadb_address *src0, *dst0;
7736 u_int plen;
7737
7738 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7739 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7740
7741 /* check upper layer protocol */
7742 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7743 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7744 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7745 error = EINVAL;
7746 goto senderror;
7747 }
7748
7749 /* check family */
7750 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7751 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7752 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7753 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7754 error = EINVAL;
7755 goto senderror;
7756 }
7757 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7758 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7759 ipseclog((LOG_DEBUG,
7760 "key_parse: address struct size mismatched.\n"));
7761 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7762 error = EINVAL;
7763 goto senderror;
7764 }
7765
7766 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7767 case AF_INET:
7768 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7769 sizeof(struct sockaddr_in)) {
7770 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7771 error = EINVAL;
7772 goto senderror;
7773 }
7774 break;
7775 case AF_INET6:
7776 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7777 sizeof(struct sockaddr_in6)) {
7778 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7779 error = EINVAL;
7780 goto senderror;
7781 }
7782 #ifdef INET6
7783 /*
7784 * Check validity of the scope zone ID of the
7785 * addresses, and embed the zone ID into the address
7786 * if necessary.
7787 */
7788 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(src0);
7789 if ((error = sa6_embedscope(sin6, 0)) != 0)
7790 goto senderror;
7791 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(dst0);
7792 if ((error = sa6_embedscope(sin6, 0)) != 0)
7793 goto senderror;
7794 #endif
7795 break;
7796 default:
7797 ipseclog((LOG_DEBUG,
7798 "key_parse: unsupported address family.\n"));
7799 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7800 error = EAFNOSUPPORT;
7801 goto senderror;
7802 }
7803
7804 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7805 case AF_INET:
7806 plen = sizeof(struct in_addr) << 3;
7807 break;
7808 case AF_INET6:
7809 plen = sizeof(struct in6_addr) << 3;
7810 break;
7811 default:
7812 plen = 0; /*fool gcc*/
7813 break;
7814 }
7815
7816 /* check max prefix length */
7817 if (src0->sadb_address_prefixlen > plen ||
7818 dst0->sadb_address_prefixlen > plen) {
7819 ipseclog((LOG_DEBUG,
7820 "key_parse: illegal prefixlen.\n"));
7821 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7822 error = EINVAL;
7823 goto senderror;
7824 }
7825
7826 /*
7827 * prefixlen == 0 is valid because there can be a case when
7828 * all addresses are matched.
7829 */
7830 }
7831
7832 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7833 key_typesw[msg->sadb_msg_type] == NULL) {
7834 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7835 error = EINVAL;
7836 goto senderror;
7837 }
7838
7839 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7840
7841 senderror:
7842 msg->sadb_msg_errno = error;
7843 return key_sendup_mbuf(so, m, target);
7844 }
7845
7846 static int
7847 key_senderror(so, m, code)
7848 struct socket *so;
7849 struct mbuf *m;
7850 int code;
7851 {
7852 struct sadb_msg *msg;
7853
7854 if (m->m_len < sizeof(struct sadb_msg))
7855 panic("invalid mbuf passed to key_senderror");
7856
7857 msg = mtod(m, struct sadb_msg *);
7858 msg->sadb_msg_errno = code;
7859 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7860 }
7861
7862 /*
7863 * set the pointer to each header into message buffer.
7864 * m will be freed on error.
7865 * XXX larger-than-MCLBYTES extension?
7866 */
7867 static int
7868 key_align(m, mhp)
7869 struct mbuf *m;
7870 struct sadb_msghdr *mhp;
7871 {
7872 struct mbuf *n;
7873 struct sadb_ext *ext;
7874 size_t off, end;
7875 int extlen;
7876 int toff;
7877
7878 /* sanity check */
7879 if (m == NULL || mhp == NULL)
7880 panic("key_align: NULL pointer is passed.");
7881 if (m->m_len < sizeof(struct sadb_msg))
7882 panic("invalid mbuf passed to key_align");
7883
7884 /* initialize */
7885 bzero(mhp, sizeof(*mhp));
7886
7887 mhp->msg = mtod(m, struct sadb_msg *);
7888 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7889
7890 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7891 extlen = end; /*just in case extlen is not updated*/
7892 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7893 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7894 if (!n) {
7895 /* m is already freed */
7896 return ENOBUFS;
7897 }
7898 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7899
7900 /* set pointer */
7901 switch (ext->sadb_ext_type) {
7902 case SADB_EXT_SA:
7903 case SADB_EXT_ADDRESS_SRC:
7904 case SADB_EXT_ADDRESS_DST:
7905 case SADB_EXT_ADDRESS_PROXY:
7906 case SADB_EXT_LIFETIME_CURRENT:
7907 case SADB_EXT_LIFETIME_HARD:
7908 case SADB_EXT_LIFETIME_SOFT:
7909 case SADB_EXT_KEY_AUTH:
7910 case SADB_EXT_KEY_ENCRYPT:
7911 case SADB_EXT_IDENTITY_SRC:
7912 case SADB_EXT_IDENTITY_DST:
7913 case SADB_EXT_SENSITIVITY:
7914 case SADB_EXT_PROPOSAL:
7915 case SADB_EXT_SUPPORTED_AUTH:
7916 case SADB_EXT_SUPPORTED_ENCRYPT:
7917 case SADB_EXT_SPIRANGE:
7918 case SADB_X_EXT_POLICY:
7919 case SADB_X_EXT_SA2:
7920 #ifdef IPSEC_NAT_T
7921 case SADB_X_EXT_NAT_T_TYPE:
7922 case SADB_X_EXT_NAT_T_SPORT:
7923 case SADB_X_EXT_NAT_T_DPORT:
7924 case SADB_X_EXT_NAT_T_OA:
7925 case SADB_X_EXT_NAT_T_FRAG:
7926 #endif
7927 #ifdef SADB_X_EXT_TAG
7928 case SADB_X_EXT_TAG:
7929 #endif
7930 /* duplicate check */
7931 /*
7932 * XXX Are there duplication payloads of either
7933 * KEY_AUTH or KEY_ENCRYPT ?
7934 */
7935 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7936 ipseclog((LOG_DEBUG,
7937 "key_align: duplicate ext_type %u "
7938 "is passed.\n", ext->sadb_ext_type));
7939 m_freem(m);
7940 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT);
7941 return EINVAL;
7942 }
7943 break;
7944 default:
7945 ipseclog((LOG_DEBUG,
7946 "key_align: invalid ext_type %u is passed.\n",
7947 ext->sadb_ext_type));
7948 m_freem(m);
7949 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE);
7950 return EINVAL;
7951 }
7952
7953 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7954
7955 if (key_validate_ext(ext, extlen)) {
7956 m_freem(m);
7957 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7958 return EINVAL;
7959 }
7960
7961 n = m_pulldown(m, off, extlen, &toff);
7962 if (!n) {
7963 /* m is already freed */
7964 return ENOBUFS;
7965 }
7966 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7967
7968 mhp->ext[ext->sadb_ext_type] = ext;
7969 mhp->extoff[ext->sadb_ext_type] = off;
7970 mhp->extlen[ext->sadb_ext_type] = extlen;
7971 }
7972
7973 if (off != end) {
7974 m_freem(m);
7975 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7976 return EINVAL;
7977 }
7978
7979 return 0;
7980 }
7981
7982 static int
7983 key_validate_ext(ext, len)
7984 const struct sadb_ext *ext;
7985 int len;
7986 {
7987 const struct sockaddr *sa;
7988 enum { NONE, ADDR } checktype = NONE;
7989 int baselen = 0;
7990 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7991
7992 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7993 return EINVAL;
7994
7995 /* if it does not match minimum/maximum length, bail */
7996 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7997 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7998 return EINVAL;
7999 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
8000 return EINVAL;
8001 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
8002 return EINVAL;
8003
8004 /* more checks based on sadb_ext_type XXX need more */
8005 switch (ext->sadb_ext_type) {
8006 case SADB_EXT_ADDRESS_SRC:
8007 case SADB_EXT_ADDRESS_DST:
8008 case SADB_EXT_ADDRESS_PROXY:
8009 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
8010 checktype = ADDR;
8011 break;
8012 case SADB_EXT_IDENTITY_SRC:
8013 case SADB_EXT_IDENTITY_DST:
8014 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
8015 SADB_X_IDENTTYPE_ADDR) {
8016 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
8017 checktype = ADDR;
8018 } else
8019 checktype = NONE;
8020 break;
8021 default:
8022 checktype = NONE;
8023 break;
8024 }
8025
8026 switch (checktype) {
8027 case NONE:
8028 break;
8029 case ADDR:
8030 sa = (const struct sockaddr *)((const char *)ext + baselen);
8031 if (len < baselen + sal)
8032 return EINVAL;
8033 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
8034 return EINVAL;
8035 break;
8036 }
8037
8038 return 0;
8039 }
8040
8041 static int
8042 key_do_init(void)
8043 {
8044 int i;
8045
8046 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
8047
8048 bzero((void *)&key_cb, sizeof(key_cb));
8049
8050 callout_init(&key_timehandler_ch, 0);
8051
8052 for (i = 0; i < IPSEC_DIR_MAX; i++)
8053 LIST_INIT(&sptree[i]);
8054
8055 LIST_INIT(&sahtree);
8056
8057 for (i = 0; i <= SADB_SATYPE_MAX; i++)
8058 LIST_INIT(®tree[i]);
8059
8060 for (i = 0; i < SPIHASHSIZE; i++)
8061 LIST_INIT(&spihash[i]);
8062
8063 #ifndef IPSEC_NONBLOCK_ACQUIRE
8064 LIST_INIT(&acqtree);
8065 #endif
8066 LIST_INIT(&spacqtree);
8067
8068 TAILQ_INIT(&satailq);
8069 TAILQ_INIT(&sptailq);
8070
8071 /* system default */
8072 #ifdef INET
8073 ip4_def_policy = key_newsp(0);
8074 if (!ip4_def_policy)
8075 panic("could not initialize IPv4 default security policy");
8076 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
8077 ip4_def_policy->policy = IPSEC_POLICY_NONE;
8078 ip4_def_policy->dir = IPSEC_DIR_ANY;
8079 ip4_def_policy->readonly = 1;
8080 ip4_def_policy->persist = 1;
8081 #endif
8082 #ifdef INET6
8083 ip6_def_policy = key_newsp(0);
8084 if (!ip6_def_policy)
8085 panic("could not initialize IPv6 default security policy");
8086 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
8087 ip6_def_policy->policy = IPSEC_POLICY_NONE;
8088 ip6_def_policy->dir = IPSEC_DIR_ANY;
8089 ip6_def_policy->readonly = 1;
8090 ip6_def_policy->persist = 1;
8091 #endif
8092
8093 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
8094
8095 /* initialize key statistics */
8096 keystat.getspi_count = 1;
8097
8098 aprint_verbose("IPsec: Initialized Security Association Processing.\n");
8099
8100 return (0);
8101 }
8102
8103 void
8104 key_init(void)
8105 {
8106 static ONCE_DECL(key_init_once);
8107
8108 RUN_ONCE(&key_init_once, key_do_init);
8109 }
8110
8111 /*
8112 * XXX: maybe This function is called after INBOUND IPsec processing.
8113 *
8114 * Special check for tunnel-mode packets.
8115 * We must make some checks for consistency between inner and outer IP header.
8116 *
8117 * xxx more checks to be provided
8118 */
8119 int
8120 key_checktunnelsanity(struct secasvar *sav, u_int family,
8121 void *src, void *dst)
8122 {
8123 /* sanity check */
8124 if (sav->sah == NULL)
8125 panic("sav->sah == NULL at key_checktunnelsanity");
8126
8127 /* XXX: check inner IP header */
8128
8129 return 1;
8130 }
8131
8132 #if 0
8133 /*
8134 * Get FQDN for the host.
8135 * If the administrator configured hostname (by hostname(1)) without
8136 * domain name, returns nothing.
8137 */
8138 static const char *
8139 key_getfqdn()
8140 {
8141 int i;
8142 int hasdot;
8143 static char fqdn[MAXHOSTNAMELEN + 1];
8144
8145 if (!hostnamelen)
8146 return NULL;
8147
8148 /* check if it comes with domain name. */
8149 hasdot = 0;
8150 for (i = 0; i < hostnamelen; i++) {
8151 if (hostname[i] == '.')
8152 hasdot++;
8153 }
8154 if (!hasdot)
8155 return NULL;
8156
8157 /* NOTE: hostname may not be NUL-terminated. */
8158 bzero(fqdn, sizeof(fqdn));
8159 bcopy(hostname, fqdn, hostnamelen);
8160 fqdn[hostnamelen] = '\0';
8161 return fqdn;
8162 }
8163
8164 /*
8165 * get username@FQDN for the host/user.
8166 */
8167 static const char *
8168 key_getuserfqdn()
8169 {
8170 const char *host;
8171 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
8172 struct proc *p = curproc;
8173 char *q;
8174
8175 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
8176 return NULL;
8177 if (!(host = key_getfqdn()))
8178 return NULL;
8179
8180 /* NOTE: s_login may not be-NUL terminated. */
8181 bzero(userfqdn, sizeof(userfqdn));
8182 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
8183 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
8184 q = userfqdn + strlen(userfqdn);
8185 *q++ = '@';
8186 bcopy(host, q, strlen(host));
8187 q += strlen(host);
8188 *q++ = '\0';
8189
8190 return userfqdn;
8191 }
8192 #endif
8193
8194 /* record data transfer on SA, and update timestamps */
8195 void
8196 key_sa_recordxfer(sav, m)
8197 struct secasvar *sav;
8198 struct mbuf *m;
8199 {
8200 if (!sav)
8201 panic("key_sa_recordxfer called with sav == NULL");
8202 if (!m)
8203 panic("key_sa_recordxfer called with m == NULL");
8204 if (!sav->lft_c)
8205 return;
8206
8207 /*
8208 * XXX Currently, there is a difference of bytes size
8209 * between inbound and outbound processing.
8210 */
8211 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
8212 /* to check bytes lifetime is done in key_timehandler(). */
8213
8214 /*
8215 * We use the number of packets as the unit of
8216 * sadb_lifetime_allocations. We increment the variable
8217 * whenever {esp,ah}_{in,out}put is called.
8218 */
8219 sav->lft_c->sadb_lifetime_allocations++;
8220 /* XXX check for expires? */
8221
8222 /*
8223 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
8224 * in seconds. HARD and SOFT lifetime are measured by the time
8225 * difference (again in seconds) from sadb_lifetime_usetime.
8226 *
8227 * usetime
8228 * v expire expire
8229 * -----+-----+--------+---> t
8230 * <--------------> HARD
8231 * <-----> SOFT
8232 */
8233 {
8234 sav->lft_c->sadb_lifetime_usetime = time_second;
8235 /* XXX check for expires? */
8236 }
8237
8238 return;
8239 }
8240
8241 /* dumb version */
8242 void
8243 key_sa_routechange(dst)
8244 struct sockaddr *dst;
8245 {
8246 struct secashead *sah;
8247 struct route *ro;
8248 const struct sockaddr *sa;
8249
8250 LIST_FOREACH(sah, &sahtree, chain) {
8251 ro = &sah->sa_route;
8252 sa = rtcache_getdst(ro);
8253 if (sa != NULL && dst->sa_len == sa->sa_len &&
8254 memcmp(dst, sa, dst->sa_len) == 0)
8255 rtcache_free(ro);
8256 }
8257
8258 return;
8259 }
8260
8261 static void
8262 key_sa_chgstate(sav, state)
8263 struct secasvar *sav;
8264 u_int8_t state;
8265 {
8266 if (sav == NULL)
8267 panic("key_sa_chgstate called with sav == NULL");
8268
8269 if (sav->state == state)
8270 return;
8271
8272 if (__LIST_CHAINED(sav))
8273 LIST_REMOVE(sav, chain);
8274
8275 sav->state = state;
8276 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
8277 }
8278
8279 void
8280 key_sa_stir_iv(sav)
8281 struct secasvar *sav;
8282 {
8283
8284 if (!sav->iv)
8285 panic("key_sa_stir_iv called with sav == NULL");
8286 key_randomfill(sav->iv, sav->ivlen);
8287 }
8288
8289 static void
8290 key_sp_dead(sp)
8291 struct secpolicy *sp;
8292 {
8293
8294 /* mark the SP dead */
8295 sp->state = IPSEC_SPSTATE_DEAD;
8296 }
8297
8298 static void
8299 key_sp_unlink(sp)
8300 struct secpolicy *sp;
8301 {
8302
8303 /* remove from SP index */
8304 if (__LIST_CHAINED(sp)) {
8305 LIST_REMOVE(sp, chain);
8306 key_freesp(sp);
8307 }
8308 }
8309
8310 /* XXX too much? */
8311 static struct mbuf *
8312 key_alloc_mbuf(l)
8313 int l;
8314 {
8315 struct mbuf *m = NULL, *n;
8316 int len, t;
8317
8318 len = l;
8319 while (len > 0) {
8320 MGET(n, M_DONTWAIT, MT_DATA);
8321 if (n && len > MLEN)
8322 MCLGET(n, M_DONTWAIT);
8323 if (!n) {
8324 m_freem(m);
8325 return NULL;
8326 }
8327
8328 n->m_next = NULL;
8329 n->m_len = 0;
8330 n->m_len = M_TRAILINGSPACE(n);
8331 /* use the bottom of mbuf, hoping we can prepend afterwards */
8332 if (n->m_len > len) {
8333 t = (n->m_len - len) & ~(sizeof(long) - 1);
8334 n->m_data += t;
8335 n->m_len = len;
8336 }
8337
8338 len -= n->m_len;
8339
8340 if (m)
8341 m_cat(m, n);
8342 else
8343 m = n;
8344 }
8345
8346 return m;
8347 }
8348
8349 static int
8350 sysctl_net_key_dumpsa(SYSCTLFN_ARGS)
8351 {
8352 struct mbuf *m, *n;
8353 int err2 = 0;
8354 char *p, *ep;
8355 size_t len;
8356 int s, error;
8357
8358 if (newp)
8359 return (EPERM);
8360 if (namelen != 1)
8361 return (EINVAL);
8362
8363 s = splsoftnet();
8364 m = key_setdump(name[0], &error);
8365 splx(s);
8366 if (!m)
8367 return (error);
8368 if (!oldp)
8369 *oldlenp = m->m_pkthdr.len;
8370 else {
8371 p = oldp;
8372 if (*oldlenp < m->m_pkthdr.len) {
8373 err2 = ENOMEM;
8374 ep = p + *oldlenp;
8375 } else {
8376 *oldlenp = m->m_pkthdr.len;
8377 ep = p + m->m_pkthdr.len;
8378 }
8379 for (n = m; n; n = n->m_next) {
8380 len = (ep - p < n->m_len) ?
8381 ep - p : n->m_len;
8382 error = copyout(mtod(n, const void *), p, len);
8383 p += len;
8384 if (error)
8385 break;
8386 }
8387 if (error == 0)
8388 error = err2;
8389 }
8390 m_freem(m);
8391
8392 return (error);
8393 }
8394
8395 static int
8396 sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
8397 {
8398 struct mbuf *m, *n;
8399 int err2 = 0;
8400 char *p, *ep;
8401 size_t len;
8402 int s, error;
8403
8404 if (newp)
8405 return (EPERM);
8406 if (namelen != 0)
8407 return (EINVAL);
8408
8409 s = splsoftnet();
8410 m = key_setspddump(&error);
8411 splx(s);
8412 if (!m)
8413 return (error);
8414 if (!oldp)
8415 *oldlenp = m->m_pkthdr.len;
8416 else {
8417 p = oldp;
8418 if (*oldlenp < m->m_pkthdr.len) {
8419 err2 = ENOMEM;
8420 ep = p + *oldlenp;
8421 } else {
8422 *oldlenp = m->m_pkthdr.len;
8423 ep = p + m->m_pkthdr.len;
8424 }
8425 for (n = m; n; n = n->m_next) {
8426 len = (ep - p < n->m_len) ?
8427 ep - p : n->m_len;
8428 error = copyout(mtod(n, const void *), p, len);
8429 p += len;
8430 if (error)
8431 break;
8432 }
8433 if (error == 0)
8434 error = err2;
8435 }
8436 m_freem(m);
8437
8438 return (error);
8439 }
8440
8441 static int
8442 sysctl_net_key_stats(SYSCTLFN_ARGS)
8443 {
8444
8445 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
8446 }
8447
8448 SYSCTL_SETUP(sysctl_net_key_setup, "sysctl net.key subtree setup")
8449 {
8450
8451 sysctl_createv(clog, 0, NULL, NULL,
8452 CTLFLAG_PERMANENT,
8453 CTLTYPE_NODE, "net", NULL,
8454 NULL, 0, NULL, 0,
8455 CTL_NET, CTL_EOL);
8456 sysctl_createv(clog, 0, NULL, NULL,
8457 CTLFLAG_PERMANENT,
8458 CTLTYPE_NODE, "key", NULL,
8459 NULL, 0, NULL, 0,
8460 CTL_NET, PF_KEY, CTL_EOL);
8461
8462 sysctl_createv(clog, 0, NULL, NULL,
8463 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8464 CTLTYPE_INT, "debug", NULL,
8465 NULL, 0, &key_debug_level, 0,
8466 CTL_NET, PF_KEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
8467 sysctl_createv(clog, 0, NULL, NULL,
8468 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8469 CTLTYPE_INT, "spi_try", NULL,
8470 NULL, 0, &key_spi_trycnt, 0,
8471 CTL_NET, PF_KEY, KEYCTL_SPI_TRY, CTL_EOL);
8472 sysctl_createv(clog, 0, NULL, NULL,
8473 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8474 CTLTYPE_INT, "spi_min_value", NULL,
8475 NULL, 0, &key_spi_minval, 0,
8476 CTL_NET, PF_KEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
8477 sysctl_createv(clog, 0, NULL, NULL,
8478 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8479 CTLTYPE_INT, "spi_max_value", NULL,
8480 NULL, 0, &key_spi_maxval, 0,
8481 CTL_NET, PF_KEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
8482 sysctl_createv(clog, 0, NULL, NULL,
8483 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8484 CTLTYPE_INT, "larval_lifetime", NULL,
8485 NULL, 0, &key_larval_lifetime, 0,
8486 CTL_NET, PF_KEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
8487 sysctl_createv(clog, 0, NULL, NULL,
8488 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8489 CTLTYPE_INT, "blockacq_count", NULL,
8490 NULL, 0, &key_blockacq_count, 0,
8491 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
8492 sysctl_createv(clog, 0, NULL, NULL,
8493 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8494 CTLTYPE_INT, "blockacq_lifetime", NULL,
8495 NULL, 0, &key_blockacq_lifetime, 0,
8496 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
8497 sysctl_createv(clog, 0, NULL, NULL,
8498 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8499 CTLTYPE_INT, "esp_keymin", NULL,
8500 NULL, 0, &ipsec_esp_keymin, 0,
8501 CTL_NET, PF_KEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
8502 sysctl_createv(clog, 0, NULL, NULL,
8503 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8504 CTLTYPE_INT, "esp_auth", NULL,
8505 NULL, 0, &ipsec_esp_auth, 0,
8506 CTL_NET, PF_KEY, KEYCTL_ESP_AUTH, CTL_EOL);
8507 sysctl_createv(clog, 0, NULL, NULL,
8508 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8509 CTLTYPE_INT, "ah_keymin", NULL,
8510 NULL, 0, &ipsec_ah_keymin, 0,
8511 CTL_NET, PF_KEY, KEYCTL_AH_KEYMIN, CTL_EOL);
8512 sysctl_createv(clog, 0, NULL, NULL,
8513 CTLFLAG_PERMANENT,
8514 CTLTYPE_STRUCT, "dumpsa", NULL,
8515 sysctl_net_key_dumpsa, 0, NULL, 0,
8516 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL);
8517 sysctl_createv(clog, 0, NULL, NULL,
8518 CTLFLAG_PERMANENT,
8519 CTLTYPE_STRUCT, "dumpsp", NULL,
8520 sysctl_net_key_dumpsp, 0, NULL, 0,
8521 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL);
8522 sysctl_createv(clog, 0, NULL, NULL,
8523 CTLFLAG_PERMANENT,
8524 CTLTYPE_STRUCT, "stats",
8525 SYSCTL_DESCR("PF_KEY statistics"),
8526 sysctl_net_key_stats, 0, NULL, 0,
8527 CTL_NET, PF_KEY, CTL_CREATE, CTL_EOL);
8528 }
Cache object: b3458283fd872d1d282ec4b39881032f
|