Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netkey/keysock.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_ipsec.h" 34 35 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */ 36 37 #include <sys/types.h> 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sysctl.h> 42 #include <sys/mbuf.h> 43 #include <sys/malloc.h> 44 #include <sys/socket.h> 45 #include <sys/socketvar.h> 46 #include <sys/domain.h> 47 #include <sys/protosw.h> 48 #include <sys/errno.h> 49 50 #include <machine/ipl.h> 51 52 #include <net/raw_cb.h> 53 #include <net/route.h> 54 #include <netinet/in.h> 55 56 #include <net/pfkeyv2.h> 57 #include <netkey/keydb.h> 58 #include <netkey/key.h> 59 #include <netkey/keysock.h> 60 #include <netkey/key_debug.h> 61 62 #include <machine/stdarg.h> 63 64 struct sockaddr key_dst = { 2, PF_KEY, }; 65 struct sockaddr key_src = { 2, PF_KEY, }; 66 67 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); 68 69 struct pfkeystat pfkeystat; 70 71 /* 72 * key_output() 73 */ 74 int 75 #if __STDC__ 76 key_output(struct mbuf *m, ...) 77 #else 78 key_output(m, va_alist) 79 struct mbuf *m; 80 va_dcl 81 #endif 82 { 83 struct sadb_msg *msg; 84 int len, error = 0; 85 int s; 86 struct socket *so; 87 va_list ap; 88 89 va_start(ap, m); 90 so = va_arg(ap, struct socket *); 91 va_end(ap); 92 93 if (m == 0) 94 panic("key_output: NULL pointer was passed.\n"); 95 96 pfkeystat.out_total++; 97 pfkeystat.out_bytes += m->m_pkthdr.len; 98 99 len = m->m_pkthdr.len; 100 if (len < sizeof(struct sadb_msg)) { 101 pfkeystat.out_tooshort++; 102 error = EINVAL; 103 goto end; 104 } 105 106 if (m->m_len < sizeof(struct sadb_msg)) { 107 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { 108 pfkeystat.out_nomem++; 109 error = ENOBUFS; 110 goto end; 111 } 112 } 113 114 if ((m->m_flags & M_PKTHDR) == 0) 115 panic("key_output: not M_PKTHDR ??"); 116 117 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); 118 119 msg = mtod(m, struct sadb_msg *); 120 pfkeystat.out_msgtype[msg->sadb_msg_type]++; 121 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { 122 pfkeystat.out_invlen++; 123 error = EINVAL; 124 goto end; 125 } 126 127 /*XXX giant lock*/ 128 s = splnet(); 129 error = key_parse(m, so); 130 m = NULL; 131 splx(s); 132 end: 133 if (m) 134 m_freem(m); 135 return error; 136 } 137 138 /* 139 * send message to the socket. 140 */ 141 static int 142 key_sendup0(rp, m, promisc) 143 struct rawcb *rp; 144 struct mbuf *m; 145 int promisc; 146 { 147 int error; 148 149 if (promisc) { 150 struct sadb_msg *pmsg; 151 152 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT); 153 if (m && m->m_len < sizeof(struct sadb_msg)) 154 m = m_pullup(m, sizeof(struct sadb_msg)); 155 if (!m) { 156 pfkeystat.in_nomem++; 157 m_freem(m); 158 return ENOBUFS; 159 } 160 m->m_pkthdr.len += sizeof(*pmsg); 161 162 pmsg = mtod(m, struct sadb_msg *); 163 bzero(pmsg, sizeof(*pmsg)); 164 pmsg->sadb_msg_version = PF_KEY_V2; 165 pmsg->sadb_msg_type = SADB_X_PROMISC; 166 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 167 /* pid and seq? */ 168 169 pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; 170 } 171 172 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, 173 m, NULL)) { 174 pfkeystat.in_nomem++; 175 m_freem(m); 176 error = ENOBUFS; 177 } else 178 error = 0; 179 sorwakeup(rp->rcb_socket); 180 return error; 181 } 182 183 /* XXX this interface should be obsoleted. */ 184 int 185 key_sendup(so, msg, len, target) 186 struct socket *so; 187 struct sadb_msg *msg; 188 u_int len; 189 int target; /*target of the resulting message*/ 190 { 191 struct mbuf *m, *n, *mprev; 192 int tlen; 193 194 /* sanity check */ 195 if (so == 0 || msg == 0) 196 panic("key_sendup: NULL pointer was passed.\n"); 197 198 KEYDEBUG(KEYDEBUG_KEY_DUMP, 199 printf("key_sendup: \n"); 200 kdebug_sadb(msg)); 201 202 /* 203 * we increment statistics here, just in case we have ENOBUFS 204 * in this function. 205 */ 206 pfkeystat.in_total++; 207 pfkeystat.in_bytes += len; 208 pfkeystat.in_msgtype[msg->sadb_msg_type]++; 209 210 /* 211 * Get mbuf chain whenever possible (not clusters), 212 * to save socket buffer. We'll be generating many SADB_ACQUIRE 213 * messages to listening key sockets. If we simply allocate clusters, 214 * sbappendaddr() will raise ENOBUFS due to too little sbspace(). 215 * sbspace() computes # of actual data bytes AND mbuf region. 216 * 217 * TODO: SADB_ACQUIRE filters should be implemented. 218 */ 219 tlen = len; 220 m = mprev = NULL; 221 while (tlen > 0) { 222 if (tlen == len) { 223 MGETHDR(n, M_DONTWAIT, MT_DATA); 224 n->m_len = MHLEN; 225 } else { 226 MGET(n, M_DONTWAIT, MT_DATA); 227 n->m_len = MLEN; 228 } 229 if (!n) { 230 pfkeystat.in_nomem++; 231 return ENOBUFS; 232 } 233 if (tlen >= MCLBYTES) { /*XXX better threshold? */ 234 MCLGET(n, M_DONTWAIT); 235 if ((n->m_flags & M_EXT) == 0) { 236 m_free(n); 237 m_freem(m); 238 pfkeystat.in_nomem++; 239 return ENOBUFS; 240 } 241 n->m_len = MCLBYTES; 242 } 243 244 if (tlen < n->m_len) 245 n->m_len = tlen; 246 n->m_next = NULL; 247 if (m == NULL) 248 m = mprev = n; 249 else { 250 mprev->m_next = n; 251 mprev = n; 252 } 253 tlen -= n->m_len; 254 n = NULL; 255 } 256 m->m_pkthdr.len = len; 257 m->m_pkthdr.rcvif = NULL; 258 m_copyback(m, 0, len, (caddr_t)msg); 259 260 /* avoid duplicated statistics */ 261 pfkeystat.in_total--; 262 pfkeystat.in_bytes -= len; 263 pfkeystat.in_msgtype[msg->sadb_msg_type]--; 264 265 return key_sendup_mbuf(so, m, target); 266 } 267 268 /* so can be NULL if target != KEY_SENDUP_ONE */ 269 int 270 key_sendup_mbuf(so, m, target) 271 struct socket *so; 272 struct mbuf *m; 273 int target; 274 { 275 struct mbuf *n; 276 struct keycb *kp; 277 int sendup; 278 struct rawcb *rp; 279 int error = 0; 280 281 if (m == NULL) 282 panic("key_sendup_mbuf: NULL pointer was passed.\n"); 283 if (so == NULL && target == KEY_SENDUP_ONE) 284 panic("key_sendup_mbuf: NULL pointer was passed.\n"); 285 286 pfkeystat.in_total++; 287 pfkeystat.in_bytes += m->m_pkthdr.len; 288 if (m->m_len < sizeof(struct sadb_msg)) { 289 #if 1 290 m = m_pullup(m, sizeof(struct sadb_msg)); 291 if (m == NULL) { 292 pfkeystat.in_nomem++; 293 return ENOBUFS; 294 } 295 #else 296 /* don't bother pulling it up just for stats */ 297 #endif 298 } 299 if (m->m_len >= sizeof(struct sadb_msg)) { 300 struct sadb_msg *msg; 301 msg = mtod(m, struct sadb_msg *); 302 pfkeystat.in_msgtype[msg->sadb_msg_type]++; 303 } 304 305 LIST_FOREACH(rp, &rawcb_list, list) 306 { 307 if (rp->rcb_proto.sp_family != PF_KEY) 308 continue; 309 if (rp->rcb_proto.sp_protocol 310 && rp->rcb_proto.sp_protocol != PF_KEY_V2) { 311 continue; 312 } 313 314 kp = (struct keycb *)rp; 315 316 /* 317 * If you are in promiscuous mode, and when you get broadcasted 318 * reply, you'll get two PF_KEY messages. 319 * (based on pf_key@inner.net message on 14 Oct 1998) 320 */ 321 if (((struct keycb *)rp)->kp_promisc) { 322 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 323 (void)key_sendup0(rp, n, 1); 324 n = NULL; 325 } 326 } 327 328 /* the exact target will be processed later */ 329 if (so && sotorawcb(so) == rp) 330 continue; 331 332 sendup = 0; 333 switch (target) { 334 case KEY_SENDUP_ONE: 335 /* the statement has no effect */ 336 if (so && sotorawcb(so) == rp) 337 sendup++; 338 break; 339 case KEY_SENDUP_ALL: 340 sendup++; 341 break; 342 case KEY_SENDUP_REGISTERED: 343 if (kp->kp_registered) 344 sendup++; 345 break; 346 } 347 pfkeystat.in_msgtarget[target]++; 348 349 if (!sendup) 350 continue; 351 352 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { 353 m_freem(m); 354 pfkeystat.in_nomem++; 355 return ENOBUFS; 356 } 357 358 if ((error = key_sendup0(rp, n, 0)) != 0) { 359 m_freem(m); 360 return error; 361 } 362 363 n = NULL; 364 } 365 366 if (so) { 367 error = key_sendup0(sotorawcb(so), m, 0); 368 m = NULL; 369 } else { 370 error = 0; 371 m_freem(m); 372 } 373 return error; 374 } 375 376 /* 377 * key_abort() 378 * derived from net/rtsock.c:rts_abort() 379 */ 380 static int 381 key_abort(struct socket *so) 382 { 383 int s, error; 384 s = splnet(); 385 error = raw_usrreqs.pru_abort(so); 386 splx(s); 387 return error; 388 } 389 390 /* 391 * key_attach() 392 * derived from net/rtsock.c:rts_attach() 393 */ 394 static int 395 key_attach(struct socket *so, int proto, struct proc *p) 396 { 397 struct keycb *kp; 398 int s, error; 399 400 if (sotorawcb(so) != 0) 401 return EISCONN; /* XXX panic? */ 402 kp = (struct keycb *)malloc(sizeof *kp, M_PCB, M_WAITOK); /* XXX */ 403 if (kp == 0) 404 return ENOBUFS; 405 bzero(kp, sizeof *kp); 406 407 /* 408 * The splnet() is necessary to block protocols from sending 409 * error notifications (like RTM_REDIRECT or RTM_LOSING) while 410 * this PCB is extant but incompletely initialized. 411 * Probably we should try to do more of this work beforehand and 412 * eliminate the spl. 413 */ 414 s = splnet(); 415 so->so_pcb = (caddr_t)kp; 416 error = raw_usrreqs.pru_attach(so, proto, p); 417 kp = (struct keycb *)sotorawcb(so); 418 if (error) { 419 free(kp, M_PCB); 420 so->so_pcb = (caddr_t) 0; 421 splx(s); 422 return error; 423 } 424 425 kp->kp_promisc = kp->kp_registered = 0; 426 427 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ 428 key_cb.key_count++; 429 key_cb.any_count++; 430 kp->kp_raw.rcb_laddr = &key_src; 431 kp->kp_raw.rcb_faddr = &key_dst; 432 soisconnected(so); 433 so->so_options |= SO_USELOOPBACK; 434 435 splx(s); 436 return 0; 437 } 438 439 /* 440 * key_bind() 441 * derived from net/rtsock.c:rts_bind() 442 */ 443 static int 444 key_bind(struct socket *so, struct sockaddr *nam, struct proc *p) 445 { 446 int s, error; 447 s = splnet(); 448 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */ 449 splx(s); 450 return error; 451 } 452 453 /* 454 * key_connect() 455 * derived from net/rtsock.c:rts_connect() 456 */ 457 static int 458 key_connect(struct socket *so, struct sockaddr *nam, struct proc *p) 459 { 460 int s, error; 461 s = splnet(); 462 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */ 463 splx(s); 464 return error; 465 } 466 467 /* 468 * key_detach() 469 * derived from net/rtsock.c:rts_detach() 470 */ 471 static int 472 key_detach(struct socket *so) 473 { 474 struct keycb *kp = (struct keycb *)sotorawcb(so); 475 int s, error; 476 477 s = splnet(); 478 if (kp != 0) { 479 if (kp->kp_raw.rcb_proto.sp_protocol 480 == PF_KEY) /* XXX: AF_KEY */ 481 key_cb.key_count--; 482 key_cb.any_count--; 483 484 key_freereg(so); 485 } 486 error = raw_usrreqs.pru_detach(so); 487 splx(s); 488 return error; 489 } 490 491 /* 492 * key_disconnect() 493 * derived from net/rtsock.c:key_disconnect() 494 */ 495 static int 496 key_disconnect(struct socket *so) 497 { 498 int s, error; 499 s = splnet(); 500 error = raw_usrreqs.pru_disconnect(so); 501 splx(s); 502 return error; 503 } 504 505 /* 506 * key_peeraddr() 507 * derived from net/rtsock.c:rts_peeraddr() 508 */ 509 static int 510 key_peeraddr(struct socket *so, struct sockaddr **nam) 511 { 512 int s, error; 513 s = splnet(); 514 error = raw_usrreqs.pru_peeraddr(so, nam); 515 splx(s); 516 return error; 517 } 518 519 /* 520 * key_send() 521 * derived from net/rtsock.c:rts_send() 522 */ 523 static int 524 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 525 struct mbuf *control, struct proc *p) 526 { 527 int s, error; 528 s = splnet(); 529 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p); 530 splx(s); 531 return error; 532 } 533 534 /* 535 * key_shutdown() 536 * derived from net/rtsock.c:rts_shutdown() 537 */ 538 static int 539 key_shutdown(struct socket *so) 540 { 541 int s, error; 542 s = splnet(); 543 error = raw_usrreqs.pru_shutdown(so); 544 splx(s); 545 return error; 546 } 547 548 /* 549 * key_sockaddr() 550 * derived from net/rtsock.c:rts_sockaddr() 551 */ 552 static int 553 key_sockaddr(struct socket *so, struct sockaddr **nam) 554 { 555 int s, error; 556 s = splnet(); 557 error = raw_usrreqs.pru_sockaddr(so, nam); 558 splx(s); 559 return error; 560 } 561 562 struct pr_usrreqs key_usrreqs = { 563 key_abort, pru_accept_notsupp, key_attach, key_bind, 564 key_connect, 565 pru_connect2_notsupp, pru_control_notsupp, key_detach, 566 key_disconnect, pru_listen_notsupp, key_peeraddr, 567 pru_rcvd_notsupp, 568 pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown, 569 key_sockaddr, sosend, soreceive, sopoll 570 }; 571 572 /* sysctl */ 573 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); 574 575 /* 576 * Definitions of protocols supported in the KEY domain. 577 */ 578 579 extern struct domain keydomain; 580 581 struct protosw keysw[] = { 582 { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, 583 0, key_output, raw_ctlinput, 0, 584 0, 585 raw_init, 0, 0, 0, 586 &key_usrreqs 587 } 588 }; 589 590 struct domain keydomain = 591 { PF_KEY, "key", key_init, 0, 0, 592 keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] }; 593 594 DOMAIN_SET(key);
Cache object: ecee9f2ac1bd982552c1d3fec47521d0
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]