1 | /* $NetBSD: key.c,v 1.101 2016/07/20 07:37:51 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | |
5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. |
8 | * |
9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions |
11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright |
15 | * notice, this list of conditions and the following disclaimer in the |
16 | * documentation and/or other materials provided with the distribution. |
17 | * 3. Neither the name of the project nor the names of its contributors |
18 | * may be used to endorse or promote products derived from this software |
19 | * without specific prior written permission. |
20 | * |
21 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. |
32 | */ |
33 | |
34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.101 2016/07/20 07:37:51 ozaki-r Exp $" ); |
36 | |
37 | /* |
38 | * This code is referd to RFC 2367 |
39 | */ |
40 | |
41 | #include "opt_inet.h" |
42 | #ifdef __FreeBSD__ |
43 | #include "opt_inet6.h" |
44 | #endif |
45 | #include "opt_ipsec.h" |
46 | #ifdef __NetBSD__ |
47 | #include "opt_gateway.h" |
48 | #endif |
49 | |
50 | #include <sys/types.h> |
51 | #include <sys/param.h> |
52 | #include <sys/systm.h> |
53 | #include <sys/callout.h> |
54 | #include <sys/kernel.h> |
55 | #include <sys/mbuf.h> |
56 | #include <sys/domain.h> |
57 | #include <sys/protosw.h> |
58 | #include <sys/malloc.h> |
59 | #include <sys/socket.h> |
60 | #include <sys/socketvar.h> |
61 | #include <sys/sysctl.h> |
62 | #include <sys/errno.h> |
63 | #include <sys/proc.h> |
64 | #include <sys/queue.h> |
65 | #include <sys/syslog.h> |
66 | #include <sys/once.h> |
67 | #include <sys/cprng.h> |
68 | |
69 | #include <net/if.h> |
70 | #include <net/route.h> |
71 | #include <net/raw_cb.h> |
72 | |
73 | #include <netinet/in.h> |
74 | #include <netinet/in_systm.h> |
75 | #include <netinet/ip.h> |
76 | #include <netinet/in_var.h> |
77 | #ifdef INET |
78 | #include <netinet/ip_var.h> |
79 | #endif |
80 | |
81 | #ifdef INET6 |
82 | #include <netinet/ip6.h> |
83 | #include <netinet6/in6_var.h> |
84 | #include <netinet6/ip6_var.h> |
85 | #endif /* INET6 */ |
86 | |
87 | #ifdef INET |
88 | #include <netinet/in_pcb.h> |
89 | #endif |
90 | #ifdef INET6 |
91 | #include <netinet6/in6_pcb.h> |
92 | #endif /* INET6 */ |
93 | |
94 | #include <net/pfkeyv2.h> |
95 | #include <netipsec/keydb.h> |
96 | #include <netipsec/key.h> |
97 | #include <netipsec/keysock.h> |
98 | #include <netipsec/key_debug.h> |
99 | |
100 | #include <netipsec/ipsec.h> |
101 | #ifdef INET6 |
102 | #include <netipsec/ipsec6.h> |
103 | #endif |
104 | #include <netipsec/ipsec_private.h> |
105 | |
106 | #include <netipsec/xform.h> |
107 | #include <netipsec/ipsec_osdep.h> |
108 | #include <netipsec/ipcomp.h> |
109 | |
110 | |
111 | #include <net/net_osdep.h> |
112 | |
113 | #define FULLMASK 0xff |
114 | #define _BITS(bytes) ((bytes) << 3) |
115 | |
116 | #define PORT_NONE 0 |
117 | #define PORT_LOOSE 1 |
118 | #define PORT_STRICT 2 |
119 | |
120 | percpu_t *pfkeystat_percpu; |
121 | |
122 | /* |
123 | * Note on SA reference counting: |
124 | * - SAs that are not in DEAD state will have (total external reference + 1) |
125 | * following value in reference count field. they cannot be freed and are |
126 | * referenced from SA header. |
127 | * - SAs that are in DEAD state will have (total external reference) |
128 | * in reference count field. they are ready to be freed. reference from |
129 | * SA header will be removed in key_delsav(), when the reference count |
130 | * field hits 0 (= no external reference other than from SA header. |
131 | */ |
132 | |
133 | u_int32_t key_debug_level = 0; |
134 | static u_int key_spi_trycnt = 1000; |
135 | static u_int32_t key_spi_minval = 0x100; |
136 | static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ |
137 | static u_int32_t policy_id = 0; |
138 | static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ |
139 | static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ |
140 | static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ |
141 | static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ |
142 | static int key_prefered_oldsa = 0; /* prefered old sa rather than new sa.*/ |
143 | |
144 | static u_int32_t acq_seq = 0; |
145 | |
146 | static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */ |
147 | static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ |
148 | static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; |
149 | /* registed list */ |
150 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
151 | static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ |
152 | #endif |
153 | static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ |
154 | |
155 | /* search order for SAs */ |
156 | /* |
157 | * This order is important because we must select the oldest SA |
158 | * for outbound processing. For inbound, This is not important. |
159 | */ |
160 | static const u_int saorder_state_valid_prefer_old[] = { |
161 | SADB_SASTATE_DYING, SADB_SASTATE_MATURE, |
162 | }; |
163 | static const u_int saorder_state_valid_prefer_new[] = { |
164 | SADB_SASTATE_MATURE, SADB_SASTATE_DYING, |
165 | }; |
166 | |
167 | static const u_int saorder_state_alive[] = { |
168 | /* except DEAD */ |
169 | SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL |
170 | }; |
171 | static const u_int saorder_state_any[] = { |
172 | SADB_SASTATE_MATURE, SADB_SASTATE_DYING, |
173 | SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD |
174 | }; |
175 | |
176 | static const int minsize[] = { |
177 | sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ |
178 | sizeof(struct sadb_sa), /* SADB_EXT_SA */ |
179 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ |
180 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ |
181 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ |
182 | sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ |
183 | sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ |
184 | sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ |
185 | sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ |
186 | sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ |
187 | sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ |
188 | sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ |
189 | sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ |
190 | sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ |
191 | sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ |
192 | sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ |
193 | sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ |
194 | 0, /* SADB_X_EXT_KMPRIVATE */ |
195 | sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ |
196 | sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ |
197 | sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ |
198 | sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ |
199 | sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ |
200 | sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ |
201 | sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ |
202 | sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ |
203 | }; |
204 | static const int maxsize[] = { |
205 | sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ |
206 | sizeof(struct sadb_sa), /* SADB_EXT_SA */ |
207 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ |
208 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ |
209 | sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ |
210 | 0, /* SADB_EXT_ADDRESS_SRC */ |
211 | 0, /* SADB_EXT_ADDRESS_DST */ |
212 | 0, /* SADB_EXT_ADDRESS_PROXY */ |
213 | 0, /* SADB_EXT_KEY_AUTH */ |
214 | 0, /* SADB_EXT_KEY_ENCRYPT */ |
215 | 0, /* SADB_EXT_IDENTITY_SRC */ |
216 | 0, /* SADB_EXT_IDENTITY_DST */ |
217 | 0, /* SADB_EXT_SENSITIVITY */ |
218 | 0, /* SADB_EXT_PROPOSAL */ |
219 | 0, /* SADB_EXT_SUPPORTED_AUTH */ |
220 | 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ |
221 | sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ |
222 | 0, /* SADB_X_EXT_KMPRIVATE */ |
223 | 0, /* SADB_X_EXT_POLICY */ |
224 | sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ |
225 | sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */ |
226 | sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */ |
227 | sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */ |
228 | 0, /* SADB_X_EXT_NAT_T_OAI */ |
229 | 0, /* SADB_X_EXT_NAT_T_OAR */ |
230 | sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */ |
231 | }; |
232 | |
233 | static int ipsec_esp_keymin = 256; |
234 | static int ipsec_esp_auth = 0; |
235 | static int ipsec_ah_keymin = 128; |
236 | |
237 | #ifdef SYSCTL_DECL |
238 | SYSCTL_DECL(_net_key); |
239 | #endif |
240 | |
241 | #ifdef SYSCTL_INT |
242 | SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ |
243 | &key_debug_level, 0, "" ); |
244 | |
245 | /* max count of trial for the decision of spi value */ |
246 | SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ |
247 | &key_spi_trycnt, 0, "" ); |
248 | |
249 | /* minimum spi value to allocate automatically. */ |
250 | SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ |
251 | &key_spi_minval, 0, "" ); |
252 | |
253 | /* maximun spi value to allocate automatically. */ |
254 | SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ |
255 | &key_spi_maxval, 0, "" ); |
256 | |
257 | /* interval to initialize randseed */ |
258 | SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ |
259 | &key_int_random, 0, "" ); |
260 | |
261 | /* lifetime for larval SA */ |
262 | SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ |
263 | &key_larval_lifetime, 0, "" ); |
264 | |
265 | /* counter for blocking to send SADB_ACQUIRE to IKEd */ |
266 | SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ |
267 | &key_blockacq_count, 0, "" ); |
268 | |
269 | /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ |
270 | SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ |
271 | &key_blockacq_lifetime, 0, "" ); |
272 | |
273 | /* ESP auth */ |
274 | SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ |
275 | &ipsec_esp_auth, 0, "" ); |
276 | |
277 | /* minimum ESP key length */ |
278 | SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ |
279 | &ipsec_esp_keymin, 0, "" ); |
280 | |
281 | /* minimum AH key length */ |
282 | SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ |
283 | &ipsec_ah_keymin, 0, "" ); |
284 | |
285 | /* perfered old SA rather than new SA */ |
286 | SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\ |
287 | &key_prefered_oldsa, 0, "" ); |
288 | #endif /* SYSCTL_INT */ |
289 | |
290 | #ifndef LIST_FOREACH |
291 | #define LIST_FOREACH(elm, head, field) \ |
292 | for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field)) |
293 | #endif |
294 | #define __LIST_CHAINED(elm) \ |
295 | (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) |
296 | #define LIST_INSERT_TAIL(head, elm, type, field) \ |
297 | do {\ |
298 | struct type *curelm = LIST_FIRST(head); \ |
299 | if (curelm == NULL) {\ |
300 | LIST_INSERT_HEAD(head, elm, field); \ |
301 | } else { \ |
302 | while (LIST_NEXT(curelm, field)) \ |
303 | curelm = LIST_NEXT(curelm, field);\ |
304 | LIST_INSERT_AFTER(curelm, elm, field);\ |
305 | }\ |
306 | } while (0) |
307 | |
308 | #define KEY_CHKSASTATE(head, sav, name) \ |
309 | /* do */ { \ |
310 | if ((head) != (sav)) { \ |
311 | ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \ |
312 | (name), (head), (sav))); \ |
313 | continue; \ |
314 | } \ |
315 | } /* while (0) */ |
316 | |
317 | #define KEY_CHKSPDIR(head, sp, name) \ |
318 | do { \ |
319 | if ((head) != (sp)) { \ |
320 | ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \ |
321 | "anyway continue.\n", \ |
322 | (name), (head), (sp))); \ |
323 | } \ |
324 | } while (0) |
325 | |
326 | MALLOC_DEFINE(M_SECA, "key mgmt" , "security associations, key management" ); |
327 | |
328 | #if 1 |
329 | #define KMALLOC(p, t, n) \ |
330 | ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT)) |
331 | #define KFREE(p) \ |
332 | free((p), M_SECA) |
333 | #else |
334 | #define KMALLOC(p, t, n) \ |
335 | do { \ |
336 | ((p) = malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \ |
337 | printf("%s %d: %p <- KMALLOC(%s, %d)\n", \ |
338 | __FILE__, __LINE__, (p), #t, n); \ |
339 | } while (0) |
340 | |
341 | #define KFREE(p) \ |
342 | do { \ |
343 | printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \ |
344 | free((p), M_SECA); \ |
345 | } while (0) |
346 | #endif |
347 | |
348 | /* |
349 | * set parameters into secpolicyindex buffer. |
350 | * Must allocate secpolicyindex buffer passed to this function. |
351 | */ |
352 | #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ |
353 | do { \ |
354 | memset((idx), 0, sizeof(struct secpolicyindex)); \ |
355 | (idx)->dir = (_dir); \ |
356 | (idx)->prefs = (ps); \ |
357 | (idx)->prefd = (pd); \ |
358 | (idx)->ul_proto = (ulp); \ |
359 | memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len); \ |
360 | memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len); \ |
361 | } while (0) |
362 | |
363 | /* |
364 | * set parameters into secasindex buffer. |
365 | * Must allocate secasindex buffer before calling this function. |
366 | */ |
367 | static int |
368 | key_setsecasidx (int, int, int, const struct sadb_address *, |
369 | const struct sadb_address *, struct secasindex *); |
370 | |
371 | /* key statistics */ |
372 | struct _keystat { |
373 | u_long getspi_count; /* the avarage of count to try to get new SPI */ |
374 | } keystat; |
375 | |
376 | struct sadb_msghdr { |
377 | struct sadb_msg *msg; |
378 | struct sadb_ext *ext[SADB_EXT_MAX + 1]; |
379 | int extoff[SADB_EXT_MAX + 1]; |
380 | int extlen[SADB_EXT_MAX + 1]; |
381 | }; |
382 | |
383 | static struct secasvar *key_allocsa_policy (const struct secasindex *); |
384 | static void key_freesp_so (struct secpolicy **); |
385 | static struct secasvar *key_do_allocsa_policy (struct secashead *, u_int); |
386 | static void key_delsp (struct secpolicy *); |
387 | static struct secpolicy *key_getsp (const struct secpolicyindex *); |
388 | static struct secpolicy *key_getspbyid (u_int32_t); |
389 | static u_int16_t key_newreqid (void); |
390 | static struct mbuf *key_gather_mbuf (struct mbuf *, |
391 | const struct sadb_msghdr *, int, int, ...); |
392 | static int key_spdadd (struct socket *, struct mbuf *, |
393 | const struct sadb_msghdr *); |
394 | static u_int32_t key_getnewspid (void); |
395 | static int key_spddelete (struct socket *, struct mbuf *, |
396 | const struct sadb_msghdr *); |
397 | static int key_spddelete2 (struct socket *, struct mbuf *, |
398 | const struct sadb_msghdr *); |
399 | static int key_spdget (struct socket *, struct mbuf *, |
400 | const struct sadb_msghdr *); |
401 | static int key_spdflush (struct socket *, struct mbuf *, |
402 | const struct sadb_msghdr *); |
403 | static int key_spddump (struct socket *, struct mbuf *, |
404 | const struct sadb_msghdr *); |
405 | static struct mbuf * key_setspddump (int *errorp, pid_t); |
406 | static struct mbuf * key_setspddump_chain (int *errorp, int *lenp, pid_t pid); |
407 | static int key_nat_map (struct socket *, struct mbuf *, |
408 | const struct sadb_msghdr *); |
409 | static struct mbuf *key_setdumpsp (struct secpolicy *, |
410 | u_int8_t, u_int32_t, pid_t); |
411 | static u_int key_getspreqmsglen (const struct secpolicy *); |
412 | static int key_spdexpire (struct secpolicy *); |
413 | static struct secashead *key_newsah (const struct secasindex *); |
414 | static void key_delsah (struct secashead *); |
415 | static struct secasvar *key_newsav (struct mbuf *, |
416 | const struct sadb_msghdr *, struct secashead *, int *, |
417 | const char*, int); |
418 | #define KEY_NEWSAV(m, sadb, sah, e) \ |
419 | key_newsav(m, sadb, sah, e, __FILE__, __LINE__) |
420 | static void key_delsav (struct secasvar *); |
421 | static struct secashead *key_getsah (const struct secasindex *); |
422 | static struct secasvar *key_checkspidup (const struct secasindex *, u_int32_t); |
423 | static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t); |
424 | static int key_setsaval (struct secasvar *, struct mbuf *, |
425 | const struct sadb_msghdr *); |
426 | static int key_mature (struct secasvar *); |
427 | static struct mbuf *key_setdumpsa (struct secasvar *, u_int8_t, |
428 | u_int8_t, u_int32_t, u_int32_t); |
429 | static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t); |
430 | static struct mbuf *key_setsadbxtype (u_int16_t); |
431 | static struct mbuf *key_setsadbxfrag (u_int16_t); |
432 | static void key_porttosaddr (union sockaddr_union *, u_int16_t); |
433 | static int key_checksalen (const union sockaddr_union *); |
434 | static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t, |
435 | u_int32_t, pid_t, u_int16_t); |
436 | static struct mbuf *key_setsadbsa (struct secasvar *); |
437 | static struct mbuf *key_setsadbaddr (u_int16_t, |
438 | const struct sockaddr *, u_int8_t, u_int16_t); |
439 | #if 0 |
440 | static struct mbuf *key_setsadbident (u_int16_t, u_int16_t, void *, |
441 | int, u_int64_t); |
442 | #endif |
443 | static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t); |
444 | static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t, |
445 | u_int32_t); |
446 | static void *key_newbuf (const void *, u_int); |
447 | #ifdef INET6 |
448 | static int key_ismyaddr6 (const struct sockaddr_in6 *); |
449 | #endif |
450 | |
451 | /* flags for key_cmpsaidx() */ |
452 | #define CMP_HEAD 1 /* protocol, addresses. */ |
453 | #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ |
454 | #define CMP_REQID 3 /* additionally HEAD, reaid. */ |
455 | #define CMP_EXACTLY 4 /* all elements. */ |
456 | static int key_cmpsaidx |
457 | (const struct secasindex *, const struct secasindex *, int); |
458 | |
459 | static int key_sockaddrcmp (const struct sockaddr *, const struct sockaddr *, int); |
460 | static int key_bbcmp (const void *, const void *, u_int); |
461 | static u_int16_t key_satype2proto (u_int8_t); |
462 | static u_int8_t key_proto2satype (u_int16_t); |
463 | |
464 | static int key_getspi (struct socket *, struct mbuf *, |
465 | const struct sadb_msghdr *); |
466 | static u_int32_t key_do_getnewspi (const struct sadb_spirange *, |
467 | const struct secasindex *); |
468 | static int key_handle_natt_info (struct secasvar *, |
469 | const struct sadb_msghdr *); |
470 | static int key_set_natt_ports (union sockaddr_union *, |
471 | union sockaddr_union *, |
472 | const struct sadb_msghdr *); |
473 | static int key_update (struct socket *, struct mbuf *, |
474 | const struct sadb_msghdr *); |
475 | #ifdef IPSEC_DOSEQCHECK |
476 | static struct secasvar *key_getsavbyseq (struct secashead *, u_int32_t); |
477 | #endif |
478 | static int key_add (struct socket *, struct mbuf *, |
479 | const struct sadb_msghdr *); |
480 | static int key_setident (struct secashead *, struct mbuf *, |
481 | const struct sadb_msghdr *); |
482 | static struct mbuf *key_getmsgbuf_x1 (struct mbuf *, |
483 | const struct sadb_msghdr *); |
484 | static int key_delete (struct socket *, struct mbuf *, |
485 | const struct sadb_msghdr *); |
486 | static int key_get (struct socket *, struct mbuf *, |
487 | const struct sadb_msghdr *); |
488 | |
489 | static void key_getcomb_setlifetime (struct sadb_comb *); |
490 | static struct mbuf *key_getcomb_esp (void); |
491 | static struct mbuf *key_getcomb_ah (void); |
492 | static struct mbuf *key_getcomb_ipcomp (void); |
493 | static struct mbuf *key_getprop (const struct secasindex *); |
494 | |
495 | static int key_acquire (const struct secasindex *, struct secpolicy *); |
496 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
497 | static struct secacq *key_newacq (const struct secasindex *); |
498 | static struct secacq *key_getacq (const struct secasindex *); |
499 | static struct secacq *key_getacqbyseq (u_int32_t); |
500 | #endif |
501 | static struct secspacq *key_newspacq (const struct secpolicyindex *); |
502 | static struct secspacq *key_getspacq (const struct secpolicyindex *); |
503 | static int key_acquire2 (struct socket *, struct mbuf *, |
504 | const struct sadb_msghdr *); |
505 | static int key_register (struct socket *, struct mbuf *, |
506 | const struct sadb_msghdr *); |
507 | static int key_expire (struct secasvar *); |
508 | static int key_flush (struct socket *, struct mbuf *, |
509 | const struct sadb_msghdr *); |
510 | static struct mbuf *key_setdump_chain (u_int8_t req_satype, int *errorp, |
511 | int *lenp, pid_t pid); |
512 | static int key_dump (struct socket *, struct mbuf *, |
513 | const struct sadb_msghdr *); |
514 | static int key_promisc (struct socket *, struct mbuf *, |
515 | const struct sadb_msghdr *); |
516 | static int key_senderror (struct socket *, struct mbuf *, int); |
517 | static int key_validate_ext (const struct sadb_ext *, int); |
518 | static int key_align (struct mbuf *, struct sadb_msghdr *); |
519 | #if 0 |
520 | static const char *key_getfqdn (void); |
521 | static const char *key_getuserfqdn (void); |
522 | #endif |
523 | static void key_sa_chgstate (struct secasvar *, u_int8_t); |
524 | static inline void key_sp_dead (struct secpolicy *); |
525 | static void key_sp_unlink (struct secpolicy *sp); |
526 | |
527 | static struct mbuf *key_alloc_mbuf (int); |
528 | struct callout key_timehandler_ch; |
529 | |
530 | #define SA_ADDREF(p) do { \ |
531 | (p)->refcnt++; \ |
532 | IPSEC_ASSERT((p)->refcnt != 0, \ |
533 | ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \ |
534 | } while (0) |
535 | #define SA_DELREF(p) do { \ |
536 | IPSEC_ASSERT((p)->refcnt > 0, \ |
537 | ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \ |
538 | (p)->refcnt--; \ |
539 | } while (0) |
540 | |
541 | #define SP_ADDREF(p) do { \ |
542 | (p)->refcnt++; \ |
543 | IPSEC_ASSERT((p)->refcnt != 0, \ |
544 | ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \ |
545 | } while (0) |
546 | #define SP_DELREF(p) do { \ |
547 | IPSEC_ASSERT((p)->refcnt > 0, \ |
548 | ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \ |
549 | (p)->refcnt--; \ |
550 | } while (0) |
551 | |
552 | |
553 | static inline void |
554 | key_sp_dead(struct secpolicy *sp) |
555 | { |
556 | |
557 | /* mark the SP dead */ |
558 | sp->state = IPSEC_SPSTATE_DEAD; |
559 | } |
560 | |
561 | static void |
562 | key_sp_unlink(struct secpolicy *sp) |
563 | { |
564 | |
565 | /* remove from SP index */ |
566 | if (__LIST_CHAINED(sp)) { |
567 | LIST_REMOVE(sp, chain); |
568 | /* Release refcount held just for being on chain */ |
569 | KEY_FREESP(&sp); |
570 | } |
571 | } |
572 | |
573 | |
574 | /* |
575 | * Return 0 when there are known to be no SP's for the specified |
576 | * direction. Otherwise return 1. This is used by IPsec code |
577 | * to optimize performance. |
578 | */ |
579 | int |
580 | key_havesp(u_int dir) |
581 | { |
582 | return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? |
583 | LIST_FIRST(&sptree[dir]) != NULL : 1); |
584 | } |
585 | |
586 | /* %%% IPsec policy management */ |
587 | /* |
588 | * allocating a SP for OUTBOUND or INBOUND packet. |
589 | * Must call key_freesp() later. |
590 | * OUT: NULL: not found |
591 | * others: found and return the pointer. |
592 | */ |
593 | struct secpolicy * |
594 | key_allocsp(const struct secpolicyindex *spidx, u_int dir, const char* where, int tag) |
595 | { |
596 | struct secpolicy *sp; |
597 | int s; |
598 | |
599 | IPSEC_ASSERT(spidx != NULL, ("key_allocsp: null spidx" )); |
600 | IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, |
601 | ("key_allocsp: invalid direction %u" , dir)); |
602 | |
603 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
604 | printf("DP %s from %s:%u\n" , __func__, where, tag)); |
605 | |
606 | /* get a SP entry */ |
607 | s = splsoftnet(); /*called from softclock()*/ |
608 | KEYDEBUG(KEYDEBUG_IPSEC_DATA, |
609 | printf("*** objects\n" ); |
610 | kdebug_secpolicyindex(spidx)); |
611 | |
612 | LIST_FOREACH(sp, &sptree[dir], chain) { |
613 | KEYDEBUG(KEYDEBUG_IPSEC_DATA, |
614 | printf("*** in SPD\n" ); |
615 | kdebug_secpolicyindex(&sp->spidx)); |
616 | |
617 | if (sp->state == IPSEC_SPSTATE_DEAD) |
618 | continue; |
619 | if (key_cmpspidx_withmask(&sp->spidx, spidx)) |
620 | goto found; |
621 | } |
622 | sp = NULL; |
623 | found: |
624 | if (sp) { |
625 | /* sanity check */ |
626 | KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp" ); |
627 | |
628 | /* found a SPD entry */ |
629 | sp->lastused = time_uptime; |
630 | SP_ADDREF(sp); |
631 | } |
632 | splx(s); |
633 | |
634 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
635 | printf("DP %s return SP:%p (ID=%u) refcnt %u\n" , __func__, |
636 | sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); |
637 | return sp; |
638 | } |
639 | |
640 | /* |
641 | * allocating a SP for OUTBOUND or INBOUND packet. |
642 | * Must call key_freesp() later. |
643 | * OUT: NULL: not found |
644 | * others: found and return the pointer. |
645 | */ |
646 | struct secpolicy * |
647 | key_allocsp2(u_int32_t spi, |
648 | const union sockaddr_union *dst, |
649 | u_int8_t proto, |
650 | u_int dir, |
651 | const char* where, int tag) |
652 | { |
653 | struct secpolicy *sp; |
654 | int s; |
655 | |
656 | IPSEC_ASSERT(dst != NULL, ("key_allocsp2: null dst" )); |
657 | IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, |
658 | ("key_allocsp2: invalid direction %u" , dir)); |
659 | |
660 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
661 | printf("DP %s from %s:%u\n" , __func__, where, tag)); |
662 | |
663 | /* get a SP entry */ |
664 | s = splsoftnet(); /*called from softclock()*/ |
665 | KEYDEBUG(KEYDEBUG_IPSEC_DATA, |
666 | printf("*** objects\n" ); |
667 | printf("spi %u proto %u dir %u\n" , spi, proto, dir); |
668 | kdebug_sockaddr(&dst->sa)); |
669 | |
670 | LIST_FOREACH(sp, &sptree[dir], chain) { |
671 | KEYDEBUG(KEYDEBUG_IPSEC_DATA, |
672 | printf("*** in SPD\n" ); |
673 | kdebug_secpolicyindex(&sp->spidx)); |
674 | |
675 | if (sp->state == IPSEC_SPSTATE_DEAD) |
676 | continue; |
677 | /* compare simple values, then dst address */ |
678 | if (sp->spidx.ul_proto != proto) |
679 | continue; |
680 | /* NB: spi's must exist and match */ |
681 | if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi) |
682 | continue; |
683 | if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, PORT_STRICT) == 0) |
684 | goto found; |
685 | } |
686 | sp = NULL; |
687 | found: |
688 | if (sp) { |
689 | /* sanity check */ |
690 | KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp2" ); |
691 | |
692 | /* found a SPD entry */ |
693 | sp->lastused = time_uptime; |
694 | SP_ADDREF(sp); |
695 | } |
696 | splx(s); |
697 | |
698 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
699 | printf("DP %s return SP:%p (ID=%u) refcnt %u\n" , __func__, |
700 | sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); |
701 | return sp; |
702 | } |
703 | |
704 | /* |
705 | * return a policy that matches this particular inbound packet. |
706 | * XXX slow |
707 | */ |
708 | struct secpolicy * |
709 | key_gettunnel(const struct sockaddr *osrc, |
710 | const struct sockaddr *odst, |
711 | const struct sockaddr *isrc, |
712 | const struct sockaddr *idst, |
713 | const char* where, int tag) |
714 | { |
715 | struct secpolicy *sp; |
716 | const int dir = IPSEC_DIR_INBOUND; |
717 | int s; |
718 | struct ipsecrequest *r1, *r2, *p; |
719 | struct secpolicyindex spidx; |
720 | |
721 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
722 | printf("DP %s from %s:%u\n" , __func__, where, tag)); |
723 | |
724 | if (isrc->sa_family != idst->sa_family) { |
725 | ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n." , |
726 | isrc->sa_family, idst->sa_family)); |
727 | sp = NULL; |
728 | goto done; |
729 | } |
730 | |
731 | s = splsoftnet(); /*called from softclock()*/ |
732 | LIST_FOREACH(sp, &sptree[dir], chain) { |
733 | if (sp->state == IPSEC_SPSTATE_DEAD) |
734 | continue; |
735 | |
736 | r1 = r2 = NULL; |
737 | for (p = sp->req; p; p = p->next) { |
738 | if (p->saidx.mode != IPSEC_MODE_TUNNEL) |
739 | continue; |
740 | |
741 | r1 = r2; |
742 | r2 = p; |
743 | |
744 | if (!r1) { |
745 | /* here we look at address matches only */ |
746 | spidx = sp->spidx; |
747 | if (isrc->sa_len > sizeof(spidx.src) || |
748 | idst->sa_len > sizeof(spidx.dst)) |
749 | continue; |
750 | memcpy(&spidx.src, isrc, isrc->sa_len); |
751 | memcpy(&spidx.dst, idst, idst->sa_len); |
752 | if (!key_cmpspidx_withmask(&sp->spidx, &spidx)) |
753 | continue; |
754 | } else { |
755 | if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, PORT_NONE) || |
756 | key_sockaddrcmp(&r1->saidx.dst.sa, idst, PORT_NONE)) |
757 | continue; |
758 | } |
759 | |
760 | if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, PORT_NONE) || |
761 | key_sockaddrcmp(&r2->saidx.dst.sa, odst, PORT_NONE)) |
762 | continue; |
763 | |
764 | goto found; |
765 | } |
766 | } |
767 | sp = NULL; |
768 | found: |
769 | if (sp) { |
770 | sp->lastused = time_uptime; |
771 | SP_ADDREF(sp); |
772 | } |
773 | splx(s); |
774 | done: |
775 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
776 | printf("DP %s return SP:%p (ID=%u) refcnt %u\n" , __func__, |
777 | sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); |
778 | return sp; |
779 | } |
780 | |
781 | /* |
782 | * allocating an SA entry for an *OUTBOUND* packet. |
783 | * checking each request entries in SP, and acquire an SA if need. |
784 | * OUT: 0: there are valid requests. |
785 | * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. |
786 | */ |
787 | int |
788 | key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) |
789 | { |
790 | u_int level; |
791 | int error; |
792 | |
793 | IPSEC_ASSERT(isr != NULL, ("key_checkrequest: null isr" )); |
794 | IPSEC_ASSERT(saidx != NULL, ("key_checkrequest: null saidx" )); |
795 | IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || |
796 | saidx->mode == IPSEC_MODE_TUNNEL, |
797 | ("key_checkrequest: unexpected policy %u" , saidx->mode)); |
798 | |
799 | /* get current level */ |
800 | level = ipsec_get_reqlevel(isr); |
801 | |
802 | /* |
803 | * XXX guard against protocol callbacks from the crypto |
804 | * thread as they reference ipsecrequest.sav which we |
805 | * temporarily null out below. Need to rethink how we |
806 | * handle bundled SA's in the callback thread. |
807 | */ |
808 | IPSEC_SPLASSERT_SOFTNET("key_checkrequest" ); |
809 | #if 0 |
810 | /* |
811 | * We do allocate new SA only if the state of SA in the holder is |
812 | * SADB_SASTATE_DEAD. The SA for outbound must be the oldest. |
813 | */ |
814 | if (isr->sav != NULL) { |
815 | if (isr->sav->sah == NULL) |
816 | panic("key_checkrequest: sah is null" ); |
817 | if (isr->sav == (struct secasvar *)LIST_FIRST( |
818 | &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) { |
819 | KEY_FREESAV(&isr->sav); |
820 | isr->sav = NULL; |
821 | } |
822 | } |
823 | #else |
824 | /* |
825 | * we free any SA stashed in the IPsec request because a different |
826 | * SA may be involved each time this request is checked, either |
827 | * because new SAs are being configured, or this request is |
828 | * associated with an unconnected datagram socket, or this request |
829 | * is associated with a system default policy. |
830 | * |
831 | * The operation may have negative impact to performance. We may |
832 | * want to check cached SA carefully, rather than picking new SA |
833 | * every time. |
834 | */ |
835 | if (isr->sav != NULL) { |
836 | KEY_FREESAV(&isr->sav); |
837 | isr->sav = NULL; |
838 | } |
839 | #endif |
840 | |
841 | /* |
842 | * new SA allocation if no SA found. |
843 | * key_allocsa_policy should allocate the oldest SA available. |
844 | * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt. |
845 | */ |
846 | if (isr->sav == NULL) |
847 | isr->sav = key_allocsa_policy(saidx); |
848 | |
849 | /* When there is SA. */ |
850 | if (isr->sav != NULL) { |
851 | if (isr->sav->state != SADB_SASTATE_MATURE && |
852 | isr->sav->state != SADB_SASTATE_DYING) |
853 | return EINVAL; |
854 | return 0; |
855 | } |
856 | |
857 | /* there is no SA */ |
858 | error = key_acquire(saidx, isr->sp); |
859 | if (error != 0) { |
860 | /* XXX What should I do ? */ |
861 | ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned " |
862 | "from key_acquire.\n" , error)); |
863 | return error; |
864 | } |
865 | |
866 | if (level != IPSEC_LEVEL_REQUIRE) { |
867 | /* XXX sigh, the interface to this routine is botched */ |
868 | IPSEC_ASSERT(isr->sav == NULL, ("key_checkrequest: unexpected SA" )); |
869 | return 0; |
870 | } else { |
871 | return ENOENT; |
872 | } |
873 | } |
874 | |
875 | /* |
876 | * allocating a SA for policy entry from SAD. |
877 | * NOTE: searching SAD of aliving state. |
878 | * OUT: NULL: not found. |
879 | * others: found and return the pointer. |
880 | */ |
881 | static struct secasvar * |
882 | key_allocsa_policy(const struct secasindex *saidx) |
883 | { |
884 | struct secashead *sah; |
885 | struct secasvar *sav; |
886 | u_int stateidx, state; |
887 | const u_int *saorder_state_valid; |
888 | int arraysize; |
889 | |
890 | LIST_FOREACH(sah, &sahtree, chain) { |
891 | if (sah->state == SADB_SASTATE_DEAD) |
892 | continue; |
893 | if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) |
894 | goto found; |
895 | } |
896 | |
897 | return NULL; |
898 | |
899 | found: |
900 | |
901 | /* |
902 | * search a valid state list for outbound packet. |
903 | * This search order is important. |
904 | */ |
905 | if (key_prefered_oldsa) { |
906 | saorder_state_valid = saorder_state_valid_prefer_old; |
907 | arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); |
908 | } else { |
909 | saorder_state_valid = saorder_state_valid_prefer_new; |
910 | arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); |
911 | } |
912 | |
913 | /* search valid state */ |
914 | for (stateidx = 0; |
915 | stateidx < arraysize; |
916 | stateidx++) { |
917 | |
918 | state = saorder_state_valid[stateidx]; |
919 | |
920 | sav = key_do_allocsa_policy(sah, state); |
921 | if (sav != NULL) |
922 | return sav; |
923 | } |
924 | |
925 | return NULL; |
926 | } |
927 | |
928 | /* |
929 | * searching SAD with direction, protocol, mode and state. |
930 | * called by key_allocsa_policy(). |
931 | * OUT: |
932 | * NULL : not found |
933 | * others : found, pointer to a SA. |
934 | */ |
935 | static struct secasvar * |
936 | key_do_allocsa_policy(struct secashead *sah, u_int state) |
937 | { |
938 | struct secasvar *sav, *nextsav, *candidate, *d; |
939 | |
940 | /* initilize */ |
941 | candidate = NULL; |
942 | |
943 | for (sav = LIST_FIRST(&sah->savtree[state]); |
944 | sav != NULL; |
945 | sav = nextsav) { |
946 | |
947 | nextsav = LIST_NEXT(sav, chain); |
948 | |
949 | /* sanity check */ |
950 | KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy" ); |
951 | |
952 | /* initialize */ |
953 | if (candidate == NULL) { |
954 | candidate = sav; |
955 | continue; |
956 | } |
957 | |
958 | /* Which SA is the better ? */ |
959 | |
960 | /* sanity check 2 */ |
961 | if (candidate->lft_c == NULL || sav->lft_c == NULL) |
962 | panic("key_do_allocsa_policy: " |
963 | "lifetime_current is NULL" ); |
964 | |
965 | /* What the best method is to compare ? */ |
966 | if (key_prefered_oldsa) { |
967 | if (candidate->lft_c->sadb_lifetime_addtime > |
968 | sav->lft_c->sadb_lifetime_addtime) { |
969 | candidate = sav; |
970 | } |
971 | continue; |
972 | /*NOTREACHED*/ |
973 | } |
974 | |
975 | /* prefered new sa rather than old sa */ |
976 | if (candidate->lft_c->sadb_lifetime_addtime < |
977 | sav->lft_c->sadb_lifetime_addtime) { |
978 | d = candidate; |
979 | candidate = sav; |
980 | } else |
981 | d = sav; |
982 | |
983 | /* |
984 | * prepared to delete the SA when there is more |
985 | * suitable candidate and the lifetime of the SA is not |
986 | * permanent. |
987 | */ |
988 | if (d->lft_c->sadb_lifetime_addtime != 0) { |
989 | struct mbuf *m, *result = 0; |
990 | uint8_t satype; |
991 | |
992 | key_sa_chgstate(d, SADB_SASTATE_DEAD); |
993 | |
994 | IPSEC_ASSERT(d->refcnt > 0, |
995 | ("key_do_allocsa_policy: bogus ref count" )); |
996 | |
997 | satype = key_proto2satype(d->sah->saidx.proto); |
998 | if (satype == 0) |
999 | goto msgfail; |
1000 | |
1001 | m = key_setsadbmsg(SADB_DELETE, 0, |
1002 | satype, 0, 0, d->refcnt - 1); |
1003 | if (!m) |
1004 | goto msgfail; |
1005 | result = m; |
1006 | |
1007 | /* set sadb_address for saidx's. */ |
1008 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
1009 | &d->sah->saidx.src.sa, |
1010 | d->sah->saidx.src.sa.sa_len << 3, |
1011 | IPSEC_ULPROTO_ANY); |
1012 | if (!m) |
1013 | goto msgfail; |
1014 | m_cat(result, m); |
1015 | |
1016 | /* set sadb_address for saidx's. */ |
1017 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
1018 | &d->sah->saidx.src.sa, |
1019 | d->sah->saidx.src.sa.sa_len << 3, |
1020 | IPSEC_ULPROTO_ANY); |
1021 | if (!m) |
1022 | goto msgfail; |
1023 | m_cat(result, m); |
1024 | |
1025 | /* create SA extension */ |
1026 | m = key_setsadbsa(d); |
1027 | if (!m) |
1028 | goto msgfail; |
1029 | m_cat(result, m); |
1030 | |
1031 | if (result->m_len < sizeof(struct sadb_msg)) { |
1032 | result = m_pullup(result, |
1033 | sizeof(struct sadb_msg)); |
1034 | if (result == NULL) |
1035 | goto msgfail; |
1036 | } |
1037 | |
1038 | result->m_pkthdr.len = 0; |
1039 | for (m = result; m; m = m->m_next) |
1040 | result->m_pkthdr.len += m->m_len; |
1041 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
1042 | PFKEY_UNIT64(result->m_pkthdr.len); |
1043 | |
1044 | key_sendup_mbuf(NULL, result, |
1045 | KEY_SENDUP_REGISTERED); |
1046 | result = 0; |
1047 | msgfail: |
1048 | if (result) |
1049 | m_freem(result); |
1050 | KEY_FREESAV(&d); |
1051 | } |
1052 | } |
1053 | |
1054 | if (candidate) { |
1055 | SA_ADDREF(candidate); |
1056 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1057 | printf("DP %s cause refcnt++:%d SA:%p\n" , __func__, |
1058 | candidate->refcnt, candidate)); |
1059 | } |
1060 | return candidate; |
1061 | } |
1062 | |
1063 | /* |
1064 | * allocating a usable SA entry for a *INBOUND* packet. |
1065 | * Must call key_freesav() later. |
1066 | * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). |
1067 | * NULL: not found, or error occurred. |
1068 | * |
1069 | * In the comparison, no source address is used--for RFC2401 conformance. |
1070 | * To quote, from section 4.1: |
1071 | * A security association is uniquely identified by a triple consisting |
1072 | * of a Security Parameter Index (SPI), an IP Destination Address, and a |
1073 | * security protocol (AH or ESP) identifier. |
1074 | * Note that, however, we do need to keep source address in IPsec SA. |
1075 | * IKE specification and PF_KEY specification do assume that we |
1076 | * keep source address in IPsec SA. We see a tricky situation here. |
1077 | * |
1078 | * sport and dport are used for NAT-T. network order is always used. |
1079 | */ |
1080 | struct secasvar * |
1081 | key_allocsa( |
1082 | const union sockaddr_union *dst, |
1083 | u_int proto, |
1084 | u_int32_t spi, |
1085 | u_int16_t sport, |
1086 | u_int16_t dport, |
1087 | const char* where, int tag) |
1088 | { |
1089 | struct secashead *sah; |
1090 | struct secasvar *sav; |
1091 | u_int stateidx, state; |
1092 | const u_int *saorder_state_valid; |
1093 | int arraysize, chkport; |
1094 | int s; |
1095 | |
1096 | int must_check_spi = 1; |
1097 | int must_check_alg = 0; |
1098 | u_int16_t cpi = 0; |
1099 | u_int8_t algo = 0; |
1100 | |
1101 | if ((sport != 0) && (dport != 0)) |
1102 | chkport = PORT_STRICT; |
1103 | else |
1104 | chkport = PORT_NONE; |
1105 | |
1106 | IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address" )); |
1107 | |
1108 | /* |
1109 | * XXX IPCOMP case |
1110 | * We use cpi to define spi here. In the case where cpi <= |
1111 | * IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not |
1112 | * the real spi. In this case, don't check the spi but check the |
1113 | * algorithm |
1114 | */ |
1115 | |
1116 | if (proto == IPPROTO_IPCOMP) { |
1117 | u_int32_t tmp; |
1118 | tmp = ntohl(spi); |
1119 | cpi = (u_int16_t) tmp; |
1120 | if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) { |
1121 | algo = (u_int8_t) cpi; |
1122 | must_check_spi = 0; |
1123 | must_check_alg = 1; |
1124 | } |
1125 | } |
1126 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1127 | printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n" , |
1128 | __func__, where, tag, must_check_spi, must_check_alg)); |
1129 | |
1130 | |
1131 | /* |
1132 | * searching SAD. |
1133 | * XXX: to be checked internal IP header somewhere. Also when |
1134 | * IPsec tunnel packet is received. But ESP tunnel mode is |
1135 | * encrypted so we can't check internal IP header. |
1136 | */ |
1137 | s = splsoftnet(); /*called from softclock()*/ |
1138 | if (key_prefered_oldsa) { |
1139 | saorder_state_valid = saorder_state_valid_prefer_old; |
1140 | arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); |
1141 | } else { |
1142 | saorder_state_valid = saorder_state_valid_prefer_new; |
1143 | arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); |
1144 | } |
1145 | LIST_FOREACH(sah, &sahtree, chain) { |
1146 | /* search valid state */ |
1147 | for (stateidx = 0; stateidx < arraysize; stateidx++) { |
1148 | state = saorder_state_valid[stateidx]; |
1149 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
1150 | KEYDEBUG(KEYDEBUG_MATCH, |
1151 | printf("try match spi %#x, %#x\n" , |
1152 | ntohl(spi), ntohl(sav->spi))); |
1153 | /* sanity check */ |
1154 | KEY_CHKSASTATE(sav->state, state, "key_allocsav" ); |
1155 | /* do not return entries w/ unusable state */ |
1156 | if (sav->state != SADB_SASTATE_MATURE && |
1157 | sav->state != SADB_SASTATE_DYING) { |
1158 | KEYDEBUG(KEYDEBUG_MATCH, |
1159 | printf("bad state %d\n" , |
1160 | sav->state)); |
1161 | continue; |
1162 | } |
1163 | if (proto != sav->sah->saidx.proto) { |
1164 | KEYDEBUG(KEYDEBUG_MATCH, |
1165 | printf("proto fail %d != %d\n" , |
1166 | proto, sav->sah->saidx.proto)); |
1167 | continue; |
1168 | } |
1169 | if (must_check_spi && spi != sav->spi) { |
1170 | KEYDEBUG(KEYDEBUG_MATCH, |
1171 | printf("spi fail %#x != %#x\n" , |
1172 | ntohl(spi), ntohl(sav->spi))); |
1173 | continue; |
1174 | } |
1175 | /* XXX only on the ipcomp case */ |
1176 | if (must_check_alg && algo != sav->alg_comp) { |
1177 | KEYDEBUG(KEYDEBUG_MATCH, |
1178 | printf("algo fail %d != %d\n" , |
1179 | algo, sav->alg_comp)); |
1180 | continue; |
1181 | } |
1182 | |
1183 | #if 0 /* don't check src */ |
1184 | /* Fix port in src->sa */ |
1185 | |
1186 | /* check src address */ |
1187 | if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE) != 0) |
1188 | continue; |
1189 | #endif |
1190 | /* fix port of dst address XXX*/ |
1191 | key_porttosaddr(__UNCONST(dst), dport); |
1192 | /* check dst address */ |
1193 | if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, chkport) != 0) |
1194 | continue; |
1195 | SA_ADDREF(sav); |
1196 | goto done; |
1197 | } |
1198 | } |
1199 | } |
1200 | sav = NULL; |
1201 | done: |
1202 | splx(s); |
1203 | |
1204 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1205 | printf("DP %s return SA:%p; refcnt %u\n" , __func__, |
1206 | sav, sav ? sav->refcnt : 0)); |
1207 | return sav; |
1208 | } |
1209 | |
1210 | /* |
1211 | * Must be called after calling key_allocsp(). |
1212 | * For both the packet without socket and key_freeso(). |
1213 | */ |
1214 | void |
1215 | _key_freesp(struct secpolicy **spp, const char* where, int tag) |
1216 | { |
1217 | struct secpolicy *sp = *spp; |
1218 | |
1219 | IPSEC_ASSERT(sp != NULL, ("key_freesp: null sp" )); |
1220 | |
1221 | SP_DELREF(sp); |
1222 | |
1223 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1224 | printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n" , |
1225 | __func__, sp, sp->id, where, tag, sp->refcnt)); |
1226 | |
1227 | if (sp->refcnt == 0) { |
1228 | *spp = NULL; |
1229 | key_delsp(sp); |
1230 | } |
1231 | } |
1232 | |
1233 | /* |
1234 | * Must be called after calling key_allocsp(). |
1235 | * For the packet with socket. |
1236 | */ |
1237 | void |
1238 | key_freeso(struct socket *so) |
1239 | { |
1240 | /* sanity check */ |
1241 | IPSEC_ASSERT(so != NULL, ("key_freeso: null so" )); |
1242 | |
1243 | switch (so->so_proto->pr_domain->dom_family) { |
1244 | #ifdef INET |
1245 | case PF_INET: |
1246 | { |
1247 | struct inpcb *pcb = sotoinpcb(so); |
1248 | |
1249 | /* Does it have a PCB ? */ |
1250 | if (pcb == NULL) |
1251 | return; |
1252 | |
1253 | struct inpcbpolicy *sp = pcb->inp_sp; |
1254 | key_freesp_so(&sp->sp_in); |
1255 | key_freesp_so(&sp->sp_out); |
1256 | } |
1257 | break; |
1258 | #endif |
1259 | #ifdef INET6 |
1260 | case PF_INET6: |
1261 | { |
1262 | #ifdef HAVE_NRL_INPCB |
1263 | struct inpcb *pcb = sotoinpcb(so); |
1264 | struct inpcbpolicy *sp = pcb->inp_sp; |
1265 | |
1266 | /* Does it have a PCB ? */ |
1267 | if (pcb == NULL) |
1268 | return; |
1269 | key_freesp_so(&sp->sp_in); |
1270 | key_freesp_so(&sp->sp_out); |
1271 | #else |
1272 | struct in6pcb *pcb = sotoin6pcb(so); |
1273 | |
1274 | /* Does it have a PCB ? */ |
1275 | if (pcb == NULL) |
1276 | return; |
1277 | key_freesp_so(&pcb->in6p_sp->sp_in); |
1278 | key_freesp_so(&pcb->in6p_sp->sp_out); |
1279 | #endif |
1280 | } |
1281 | break; |
1282 | #endif /* INET6 */ |
1283 | default: |
1284 | ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n" , |
1285 | so->so_proto->pr_domain->dom_family)); |
1286 | return; |
1287 | } |
1288 | } |
1289 | |
1290 | static void |
1291 | key_freesp_so(struct secpolicy **sp) |
1292 | { |
1293 | IPSEC_ASSERT(sp != NULL && *sp != NULL, ("key_freesp_so: null sp" )); |
1294 | |
1295 | if ((*sp)->policy == IPSEC_POLICY_ENTRUST || |
1296 | (*sp)->policy == IPSEC_POLICY_BYPASS) |
1297 | return; |
1298 | |
1299 | IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, |
1300 | ("key_freesp_so: invalid policy %u" , (*sp)->policy)); |
1301 | KEY_FREESP(sp); |
1302 | } |
1303 | |
1304 | /* |
1305 | * Must be called after calling key_allocsa(). |
1306 | * This function is called by key_freesp() to free some SA allocated |
1307 | * for a policy. |
1308 | */ |
1309 | void |
1310 | key_freesav(struct secasvar **psav, const char* where, int tag) |
1311 | { |
1312 | struct secasvar *sav = *psav; |
1313 | |
1314 | IPSEC_ASSERT(sav != NULL, ("key_freesav: null sav" )); |
1315 | |
1316 | SA_DELREF(sav); |
1317 | |
1318 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1319 | printf("DP %s SA:%p (SPI %lu) from %s:%u; refcnt now %u\n" , |
1320 | __func__, sav, (u_long)ntohl(sav->spi), where, tag, |
1321 | sav->refcnt)); |
1322 | |
1323 | if (sav->refcnt == 0) { |
1324 | *psav = NULL; |
1325 | key_delsav(sav); |
1326 | } |
1327 | } |
1328 | |
1329 | /* %%% SPD management */ |
1330 | /* |
1331 | * free security policy entry. |
1332 | */ |
1333 | static void |
1334 | key_delsp(struct secpolicy *sp) |
1335 | { |
1336 | int s; |
1337 | |
1338 | IPSEC_ASSERT(sp != NULL, ("key_delsp: null sp" )); |
1339 | |
1340 | key_sp_dead(sp); |
1341 | |
1342 | IPSEC_ASSERT(sp->refcnt == 0, |
1343 | ("key_delsp: SP with references deleted (refcnt %u)" , |
1344 | sp->refcnt)); |
1345 | |
1346 | s = splsoftnet(); /*called from softclock()*/ |
1347 | |
1348 | { |
1349 | struct ipsecrequest *isr = sp->req, *nextisr; |
1350 | |
1351 | while (isr != NULL) { |
1352 | if (isr->sav != NULL) { |
1353 | KEY_FREESAV(&isr->sav); |
1354 | isr->sav = NULL; |
1355 | } |
1356 | |
1357 | nextisr = isr->next; |
1358 | KFREE(isr); |
1359 | isr = nextisr; |
1360 | } |
1361 | } |
1362 | |
1363 | KFREE(sp); |
1364 | |
1365 | splx(s); |
1366 | } |
1367 | |
1368 | /* |
1369 | * search SPD |
1370 | * OUT: NULL : not found |
1371 | * others : found, pointer to a SP. |
1372 | */ |
1373 | static struct secpolicy * |
1374 | key_getsp(const struct secpolicyindex *spidx) |
1375 | { |
1376 | struct secpolicy *sp; |
1377 | |
1378 | IPSEC_ASSERT(spidx != NULL, ("key_getsp: null spidx" )); |
1379 | |
1380 | LIST_FOREACH(sp, &sptree[spidx->dir], chain) { |
1381 | if (sp->state == IPSEC_SPSTATE_DEAD) |
1382 | continue; |
1383 | if (key_cmpspidx_exactly(spidx, &sp->spidx)) { |
1384 | SP_ADDREF(sp); |
1385 | return sp; |
1386 | } |
1387 | } |
1388 | |
1389 | return NULL; |
1390 | } |
1391 | |
1392 | /* |
1393 | * get SP by index. |
1394 | * OUT: NULL : not found |
1395 | * others : found, pointer to a SP. |
1396 | */ |
1397 | static struct secpolicy * |
1398 | key_getspbyid(u_int32_t id) |
1399 | { |
1400 | struct secpolicy *sp; |
1401 | |
1402 | LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) { |
1403 | if (sp->state == IPSEC_SPSTATE_DEAD) |
1404 | continue; |
1405 | if (sp->id == id) { |
1406 | SP_ADDREF(sp); |
1407 | return sp; |
1408 | } |
1409 | } |
1410 | |
1411 | LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) { |
1412 | if (sp->state == IPSEC_SPSTATE_DEAD) |
1413 | continue; |
1414 | if (sp->id == id) { |
1415 | SP_ADDREF(sp); |
1416 | return sp; |
1417 | } |
1418 | } |
1419 | |
1420 | return NULL; |
1421 | } |
1422 | |
1423 | struct secpolicy * |
1424 | key_newsp(const char* where, int tag) |
1425 | { |
1426 | struct secpolicy *newsp = NULL; |
1427 | |
1428 | newsp = (struct secpolicy *) |
1429 | malloc(sizeof(struct secpolicy), M_SECA, M_NOWAIT|M_ZERO); |
1430 | if (newsp) { |
1431 | newsp->refcnt = 1; |
1432 | newsp->req = NULL; |
1433 | } |
1434 | |
1435 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
1436 | printf("DP %s from %s:%u return SP:%p\n" , __func__, |
1437 | where, tag, newsp)); |
1438 | return newsp; |
1439 | } |
1440 | |
1441 | /* |
1442 | * create secpolicy structure from sadb_x_policy structure. |
1443 | * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, |
1444 | * so must be set properly later. |
1445 | */ |
1446 | struct secpolicy * |
1447 | key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) |
1448 | { |
1449 | struct secpolicy *newsp; |
1450 | |
1451 | /* sanity check */ |
1452 | if (xpl0 == NULL) |
1453 | panic("key_msg2sp: NULL pointer was passed" ); |
1454 | if (len < sizeof(*xpl0)) |
1455 | panic("key_msg2sp: invalid length" ); |
1456 | if (len != PFKEY_EXTLEN(xpl0)) { |
1457 | ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n" )); |
1458 | *error = EINVAL; |
1459 | return NULL; |
1460 | } |
1461 | |
1462 | if ((newsp = KEY_NEWSP()) == NULL) { |
1463 | *error = ENOBUFS; |
1464 | return NULL; |
1465 | } |
1466 | |
1467 | newsp->spidx.dir = xpl0->sadb_x_policy_dir; |
1468 | newsp->policy = xpl0->sadb_x_policy_type; |
1469 | |
1470 | /* check policy */ |
1471 | switch (xpl0->sadb_x_policy_type) { |
1472 | case IPSEC_POLICY_DISCARD: |
1473 | case IPSEC_POLICY_NONE: |
1474 | case IPSEC_POLICY_ENTRUST: |
1475 | case IPSEC_POLICY_BYPASS: |
1476 | newsp->req = NULL; |
1477 | break; |
1478 | |
1479 | case IPSEC_POLICY_IPSEC: |
1480 | { |
1481 | int tlen; |
1482 | const struct sadb_x_ipsecrequest *xisr; |
1483 | uint16_t xisr_reqid; |
1484 | struct ipsecrequest **p_isr = &newsp->req; |
1485 | |
1486 | /* validity check */ |
1487 | if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { |
1488 | ipseclog((LOG_DEBUG, |
1489 | "key_msg2sp: Invalid msg length.\n" )); |
1490 | KEY_FREESP(&newsp); |
1491 | *error = EINVAL; |
1492 | return NULL; |
1493 | } |
1494 | |
1495 | tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); |
1496 | xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1); |
1497 | |
1498 | while (tlen > 0) { |
1499 | /* length check */ |
1500 | if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { |
1501 | ipseclog((LOG_DEBUG, "key_msg2sp: " |
1502 | "invalid ipsecrequest length.\n" )); |
1503 | KEY_FREESP(&newsp); |
1504 | *error = EINVAL; |
1505 | return NULL; |
1506 | } |
1507 | |
1508 | /* allocate request buffer */ |
1509 | KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr)); |
1510 | if ((*p_isr) == NULL) { |
1511 | ipseclog((LOG_DEBUG, |
1512 | "key_msg2sp: No more memory.\n" )); |
1513 | KEY_FREESP(&newsp); |
1514 | *error = ENOBUFS; |
1515 | return NULL; |
1516 | } |
1517 | memset(*p_isr, 0, sizeof(**p_isr)); |
1518 | |
1519 | /* set values */ |
1520 | (*p_isr)->next = NULL; |
1521 | |
1522 | switch (xisr->sadb_x_ipsecrequest_proto) { |
1523 | case IPPROTO_ESP: |
1524 | case IPPROTO_AH: |
1525 | case IPPROTO_IPCOMP: |
1526 | break; |
1527 | default: |
1528 | ipseclog((LOG_DEBUG, |
1529 | "key_msg2sp: invalid proto type=%u\n" , |
1530 | xisr->sadb_x_ipsecrequest_proto)); |
1531 | KEY_FREESP(&newsp); |
1532 | *error = EPROTONOSUPPORT; |
1533 | return NULL; |
1534 | } |
1535 | (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; |
1536 | |
1537 | switch (xisr->sadb_x_ipsecrequest_mode) { |
1538 | case IPSEC_MODE_TRANSPORT: |
1539 | case IPSEC_MODE_TUNNEL: |
1540 | break; |
1541 | case IPSEC_MODE_ANY: |
1542 | default: |
1543 | ipseclog((LOG_DEBUG, |
1544 | "key_msg2sp: invalid mode=%u\n" , |
1545 | xisr->sadb_x_ipsecrequest_mode)); |
1546 | KEY_FREESP(&newsp); |
1547 | *error = EINVAL; |
1548 | return NULL; |
1549 | } |
1550 | (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; |
1551 | |
1552 | switch (xisr->sadb_x_ipsecrequest_level) { |
1553 | case IPSEC_LEVEL_DEFAULT: |
1554 | case IPSEC_LEVEL_USE: |
1555 | case IPSEC_LEVEL_REQUIRE: |
1556 | break; |
1557 | case IPSEC_LEVEL_UNIQUE: |
1558 | xisr_reqid = xisr->sadb_x_ipsecrequest_reqid; |
1559 | /* validity check */ |
1560 | /* |
1561 | * If range violation of reqid, kernel will |
1562 | * update it, don't refuse it. |
1563 | */ |
1564 | if (xisr_reqid > IPSEC_MANUAL_REQID_MAX) { |
1565 | ipseclog((LOG_DEBUG, |
1566 | "key_msg2sp: reqid=%d range " |
1567 | "violation, updated by kernel.\n" , |
1568 | xisr_reqid)); |
1569 | xisr_reqid = 0; |
1570 | } |
1571 | |
1572 | /* allocate new reqid id if reqid is zero. */ |
1573 | if (xisr_reqid == 0) { |
1574 | u_int16_t reqid; |
1575 | if ((reqid = key_newreqid()) == 0) { |
1576 | KEY_FREESP(&newsp); |
1577 | *error = ENOBUFS; |
1578 | return NULL; |
1579 | } |
1580 | (*p_isr)->saidx.reqid = reqid; |
1581 | } else { |
1582 | /* set it for manual keying. */ |
1583 | (*p_isr)->saidx.reqid = xisr_reqid; |
1584 | } |
1585 | break; |
1586 | |
1587 | default: |
1588 | ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n" , |
1589 | xisr->sadb_x_ipsecrequest_level)); |
1590 | KEY_FREESP(&newsp); |
1591 | *error = EINVAL; |
1592 | return NULL; |
1593 | } |
1594 | (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; |
1595 | |
1596 | /* set IP addresses if there */ |
1597 | if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { |
1598 | const struct sockaddr *paddr; |
1599 | |
1600 | paddr = (const struct sockaddr *)(xisr + 1); |
1601 | |
1602 | /* validity check */ |
1603 | if (paddr->sa_len |
1604 | > sizeof((*p_isr)->saidx.src)) { |
1605 | ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " |
1606 | "address length.\n" )); |
1607 | KEY_FREESP(&newsp); |
1608 | *error = EINVAL; |
1609 | return NULL; |
1610 | } |
1611 | memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len); |
1612 | |
1613 | paddr = (const struct sockaddr *)((const char *)paddr |
1614 | + paddr->sa_len); |
1615 | |
1616 | /* validity check */ |
1617 | if (paddr->sa_len |
1618 | > sizeof((*p_isr)->saidx.dst)) { |
1619 | ipseclog((LOG_DEBUG, "key_msg2sp: invalid request " |
1620 | "address length.\n" )); |
1621 | KEY_FREESP(&newsp); |
1622 | *error = EINVAL; |
1623 | return NULL; |
1624 | } |
1625 | memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len); |
1626 | } |
1627 | |
1628 | (*p_isr)->sav = NULL; |
1629 | (*p_isr)->sp = newsp; |
1630 | |
1631 | /* initialization for the next. */ |
1632 | p_isr = &(*p_isr)->next; |
1633 | tlen -= xisr->sadb_x_ipsecrequest_len; |
1634 | |
1635 | /* validity check */ |
1636 | if (tlen < 0) { |
1637 | ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n" )); |
1638 | KEY_FREESP(&newsp); |
1639 | *error = EINVAL; |
1640 | return NULL; |
1641 | } |
1642 | |
1643 | xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr |
1644 | + xisr->sadb_x_ipsecrequest_len); |
1645 | } |
1646 | } |
1647 | break; |
1648 | default: |
1649 | ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n" )); |
1650 | KEY_FREESP(&newsp); |
1651 | *error = EINVAL; |
1652 | return NULL; |
1653 | } |
1654 | |
1655 | *error = 0; |
1656 | return newsp; |
1657 | } |
1658 | |
1659 | static u_int16_t |
1660 | key_newreqid(void) |
1661 | { |
1662 | static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; |
1663 | |
1664 | auto_reqid = (auto_reqid == 0xffff |
1665 | ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); |
1666 | |
1667 | /* XXX should be unique check */ |
1668 | |
1669 | return auto_reqid; |
1670 | } |
1671 | |
1672 | /* |
1673 | * copy secpolicy struct to sadb_x_policy structure indicated. |
1674 | */ |
1675 | struct mbuf * |
1676 | key_sp2msg(const struct secpolicy *sp) |
1677 | { |
1678 | struct sadb_x_policy *xpl; |
1679 | int tlen; |
1680 | char *p; |
1681 | struct mbuf *m; |
1682 | |
1683 | /* sanity check. */ |
1684 | if (sp == NULL) |
1685 | panic("key_sp2msg: NULL pointer was passed" ); |
1686 | |
1687 | tlen = key_getspreqmsglen(sp); |
1688 | |
1689 | m = key_alloc_mbuf(tlen); |
1690 | if (!m || m->m_next) { /*XXX*/ |
1691 | if (m) |
1692 | m_freem(m); |
1693 | return NULL; |
1694 | } |
1695 | |
1696 | m->m_len = tlen; |
1697 | m->m_next = NULL; |
1698 | xpl = mtod(m, struct sadb_x_policy *); |
1699 | memset(xpl, 0, tlen); |
1700 | |
1701 | xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); |
1702 | xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; |
1703 | xpl->sadb_x_policy_type = sp->policy; |
1704 | xpl->sadb_x_policy_dir = sp->spidx.dir; |
1705 | xpl->sadb_x_policy_id = sp->id; |
1706 | p = (char *)xpl + sizeof(*xpl); |
1707 | |
1708 | /* if is the policy for ipsec ? */ |
1709 | if (sp->policy == IPSEC_POLICY_IPSEC) { |
1710 | struct sadb_x_ipsecrequest *xisr; |
1711 | struct ipsecrequest *isr; |
1712 | |
1713 | for (isr = sp->req; isr != NULL; isr = isr->next) { |
1714 | |
1715 | xisr = (struct sadb_x_ipsecrequest *)p; |
1716 | |
1717 | xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; |
1718 | xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; |
1719 | xisr->sadb_x_ipsecrequest_level = isr->level; |
1720 | xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; |
1721 | |
1722 | p += sizeof(*xisr); |
1723 | memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len); |
1724 | p += isr->saidx.src.sa.sa_len; |
1725 | memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len); |
1726 | p += isr->saidx.src.sa.sa_len; |
1727 | |
1728 | xisr->sadb_x_ipsecrequest_len = |
1729 | PFKEY_ALIGN8(sizeof(*xisr) |
1730 | + isr->saidx.src.sa.sa_len |
1731 | + isr->saidx.dst.sa.sa_len); |
1732 | } |
1733 | } |
1734 | |
1735 | return m; |
1736 | } |
1737 | |
1738 | /* m will not be freed nor modified */ |
1739 | static struct mbuf * |
1740 | key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, |
1741 | int ndeep, int nitem, ...) |
1742 | { |
1743 | va_list ap; |
1744 | int idx; |
1745 | int i; |
1746 | struct mbuf *result = NULL, *n; |
1747 | int len; |
1748 | |
1749 | if (m == NULL || mhp == NULL) |
1750 | panic("null pointer passed to key_gather" ); |
1751 | |
1752 | va_start(ap, nitem); |
1753 | for (i = 0; i < nitem; i++) { |
1754 | idx = va_arg(ap, int); |
1755 | if (idx < 0 || idx > SADB_EXT_MAX) |
1756 | goto fail; |
1757 | /* don't attempt to pull empty extension */ |
1758 | if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) |
1759 | continue; |
1760 | if (idx != SADB_EXT_RESERVED && |
1761 | (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) |
1762 | continue; |
1763 | |
1764 | if (idx == SADB_EXT_RESERVED) { |
1765 | len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
1766 | #ifdef DIAGNOSTIC |
1767 | if (len > MHLEN) |
1768 | panic("assumption failed" ); |
1769 | #endif |
1770 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
1771 | if (!n) |
1772 | goto fail; |
1773 | n->m_len = len; |
1774 | n->m_next = NULL; |
1775 | m_copydata(m, 0, sizeof(struct sadb_msg), |
1776 | mtod(n, void *)); |
1777 | } else if (i < ndeep) { |
1778 | len = mhp->extlen[idx]; |
1779 | n = key_alloc_mbuf(len); |
1780 | if (!n || n->m_next) { /*XXX*/ |
1781 | if (n) |
1782 | m_freem(n); |
1783 | goto fail; |
1784 | } |
1785 | m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], |
1786 | mtod(n, void *)); |
1787 | } else { |
1788 | n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], |
1789 | M_DONTWAIT); |
1790 | } |
1791 | if (n == NULL) |
1792 | goto fail; |
1793 | |
1794 | if (result) |
1795 | m_cat(result, n); |
1796 | else |
1797 | result = n; |
1798 | } |
1799 | va_end(ap); |
1800 | |
1801 | if (result && (result->m_flags & M_PKTHDR) != 0) { |
1802 | result->m_pkthdr.len = 0; |
1803 | for (n = result; n; n = n->m_next) |
1804 | result->m_pkthdr.len += n->m_len; |
1805 | } |
1806 | |
1807 | return result; |
1808 | |
1809 | fail: |
1810 | va_end(ap); |
1811 | m_freem(result); |
1812 | return NULL; |
1813 | } |
1814 | |
1815 | /* |
1816 | * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing |
1817 | * add an entry to SP database, when received |
1818 | * <base, address(SD), (lifetime(H),) policy> |
1819 | * from the user(?). |
1820 | * Adding to SP database, |
1821 | * and send |
1822 | * <base, address(SD), (lifetime(H),) policy> |
1823 | * to the socket which was send. |
1824 | * |
1825 | * SPDADD set a unique policy entry. |
1826 | * SPDSETIDX like SPDADD without a part of policy requests. |
1827 | * SPDUPDATE replace a unique policy entry. |
1828 | * |
1829 | * m will always be freed. |
1830 | */ |
1831 | static int |
1832 | key_spdadd(struct socket *so, struct mbuf *m, |
1833 | const struct sadb_msghdr *mhp) |
1834 | { |
1835 | const struct sadb_address *src0, *dst0; |
1836 | const struct sadb_x_policy *xpl0; |
1837 | struct sadb_x_policy *xpl; |
1838 | const struct sadb_lifetime *lft = NULL; |
1839 | struct secpolicyindex spidx; |
1840 | struct secpolicy *newsp; |
1841 | int error; |
1842 | |
1843 | /* sanity check */ |
1844 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
1845 | panic("key_spdadd: NULL pointer is passed" ); |
1846 | |
1847 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
1848 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
1849 | mhp->ext[SADB_X_EXT_POLICY] == NULL) { |
1850 | ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n" )); |
1851 | return key_senderror(so, m, EINVAL); |
1852 | } |
1853 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
1854 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || |
1855 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { |
1856 | ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n" )); |
1857 | return key_senderror(so, m, EINVAL); |
1858 | } |
1859 | if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { |
1860 | if (mhp->extlen[SADB_EXT_LIFETIME_HARD] |
1861 | < sizeof(struct sadb_lifetime)) { |
1862 | ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n" )); |
1863 | return key_senderror(so, m, EINVAL); |
1864 | } |
1865 | lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; |
1866 | } |
1867 | |
1868 | src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; |
1869 | dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; |
1870 | xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; |
1871 | |
1872 | /* make secindex */ |
1873 | /* XXX boundary check against sa_len */ |
1874 | KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, |
1875 | src0 + 1, |
1876 | dst0 + 1, |
1877 | src0->sadb_address_prefixlen, |
1878 | dst0->sadb_address_prefixlen, |
1879 | src0->sadb_address_proto, |
1880 | &spidx); |
1881 | |
1882 | /* checking the direciton. */ |
1883 | switch (xpl0->sadb_x_policy_dir) { |
1884 | case IPSEC_DIR_INBOUND: |
1885 | case IPSEC_DIR_OUTBOUND: |
1886 | break; |
1887 | default: |
1888 | ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n" )); |
1889 | mhp->msg->sadb_msg_errno = EINVAL; |
1890 | return 0; |
1891 | } |
1892 | |
1893 | /* check policy */ |
1894 | /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ |
1895 | if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST |
1896 | || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { |
1897 | ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n" )); |
1898 | return key_senderror(so, m, EINVAL); |
1899 | } |
1900 | |
1901 | /* policy requests are mandatory when action is ipsec. */ |
1902 | if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX |
1903 | && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC |
1904 | && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { |
1905 | ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n" )); |
1906 | return key_senderror(so, m, EINVAL); |
1907 | } |
1908 | |
1909 | /* |
1910 | * checking there is SP already or not. |
1911 | * SPDUPDATE doesn't depend on whether there is a SP or not. |
1912 | * If the type is either SPDADD or SPDSETIDX AND a SP is found, |
1913 | * then error. |
1914 | */ |
1915 | newsp = key_getsp(&spidx); |
1916 | if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { |
1917 | if (newsp) { |
1918 | key_sp_dead(newsp); |
1919 | key_sp_unlink(newsp); /* XXX jrs ordering */ |
1920 | KEY_FREESP(&newsp); |
1921 | newsp = NULL; |
1922 | } |
1923 | } else { |
1924 | if (newsp != NULL) { |
1925 | KEY_FREESP(&newsp); |
1926 | ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n" )); |
1927 | return key_senderror(so, m, EEXIST); |
1928 | } |
1929 | } |
1930 | |
1931 | /* allocation new SP entry */ |
1932 | if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { |
1933 | return key_senderror(so, m, error); |
1934 | } |
1935 | |
1936 | if ((newsp->id = key_getnewspid()) == 0) { |
1937 | KFREE(newsp); |
1938 | return key_senderror(so, m, ENOBUFS); |
1939 | } |
1940 | |
1941 | /* XXX boundary check against sa_len */ |
1942 | KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, |
1943 | src0 + 1, |
1944 | dst0 + 1, |
1945 | src0->sadb_address_prefixlen, |
1946 | dst0->sadb_address_prefixlen, |
1947 | src0->sadb_address_proto, |
1948 | &newsp->spidx); |
1949 | |
1950 | /* sanity check on addr pair */ |
1951 | if (((const struct sockaddr *)(src0 + 1))->sa_family != |
1952 | ((const struct sockaddr *)(dst0+ 1))->sa_family) { |
1953 | KFREE(newsp); |
1954 | return key_senderror(so, m, EINVAL); |
1955 | } |
1956 | if (((const struct sockaddr *)(src0 + 1))->sa_len != |
1957 | ((const struct sockaddr *)(dst0+ 1))->sa_len) { |
1958 | KFREE(newsp); |
1959 | return key_senderror(so, m, EINVAL); |
1960 | } |
1961 | |
1962 | newsp->created = time_uptime; |
1963 | newsp->lastused = newsp->created; |
1964 | newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; |
1965 | newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; |
1966 | |
1967 | newsp->refcnt = 1; /* do not reclaim until I say I do */ |
1968 | newsp->state = IPSEC_SPSTATE_ALIVE; |
1969 | LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain); |
1970 | |
1971 | /* delete the entry in spacqtree */ |
1972 | if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { |
1973 | struct secspacq *spacq; |
1974 | if ((spacq = key_getspacq(&spidx)) != NULL) { |
1975 | /* reset counter in order to deletion by timehandler. */ |
1976 | spacq->created = time_uptime; |
1977 | spacq->count = 0; |
1978 | } |
1979 | } |
1980 | |
1981 | #if defined(__NetBSD__) |
1982 | /* Invalidate all cached SPD pointers in the PCBs. */ |
1983 | ipsec_invalpcbcacheall(); |
1984 | |
1985 | #if defined(GATEWAY) |
1986 | /* Invalidate the ipflow cache, as well. */ |
1987 | ipflow_invalidate_all(0); |
1988 | #ifdef INET6 |
1989 | ip6flow_invalidate_all(0); |
1990 | #endif /* INET6 */ |
1991 | #endif /* GATEWAY */ |
1992 | #endif /* __NetBSD__ */ |
1993 | |
1994 | { |
1995 | struct mbuf *n, *mpolicy; |
1996 | struct sadb_msg *newmsg; |
1997 | int off; |
1998 | |
1999 | /* create new sadb_msg to reply. */ |
2000 | if (lft) { |
2001 | n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, |
2002 | SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, |
2003 | SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); |
2004 | } else { |
2005 | n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, |
2006 | SADB_X_EXT_POLICY, |
2007 | SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); |
2008 | } |
2009 | if (!n) |
2010 | return key_senderror(so, m, ENOBUFS); |
2011 | |
2012 | if (n->m_len < sizeof(*newmsg)) { |
2013 | n = m_pullup(n, sizeof(*newmsg)); |
2014 | if (!n) |
2015 | return key_senderror(so, m, ENOBUFS); |
2016 | } |
2017 | newmsg = mtod(n, struct sadb_msg *); |
2018 | newmsg->sadb_msg_errno = 0; |
2019 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
2020 | |
2021 | off = 0; |
2022 | mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), |
2023 | sizeof(*xpl), &off); |
2024 | if (mpolicy == NULL) { |
2025 | /* n is already freed */ |
2026 | return key_senderror(so, m, ENOBUFS); |
2027 | } |
2028 | xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); |
2029 | if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { |
2030 | m_freem(n); |
2031 | return key_senderror(so, m, EINVAL); |
2032 | } |
2033 | xpl->sadb_x_policy_id = newsp->id; |
2034 | |
2035 | m_freem(m); |
2036 | key_update_used(); |
2037 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
2038 | } |
2039 | } |
2040 | |
2041 | /* |
2042 | * get new policy id. |
2043 | * OUT: |
2044 | * 0: failure. |
2045 | * others: success. |
2046 | */ |
2047 | static u_int32_t |
2048 | key_getnewspid(void) |
2049 | { |
2050 | u_int32_t newid = 0; |
2051 | int count = key_spi_trycnt; /* XXX */ |
2052 | struct secpolicy *sp; |
2053 | |
2054 | /* when requesting to allocate spi ranged */ |
2055 | while (count--) { |
2056 | newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1)); |
2057 | |
2058 | if ((sp = key_getspbyid(newid)) == NULL) |
2059 | break; |
2060 | |
2061 | KEY_FREESP(&sp); |
2062 | } |
2063 | |
2064 | if (count == 0 || newid == 0) { |
2065 | ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n" )); |
2066 | return 0; |
2067 | } |
2068 | |
2069 | return newid; |
2070 | } |
2071 | |
2072 | /* |
2073 | * SADB_SPDDELETE processing |
2074 | * receive |
2075 | * <base, address(SD), policy(*)> |
2076 | * from the user(?), and set SADB_SASTATE_DEAD, |
2077 | * and send, |
2078 | * <base, address(SD), policy(*)> |
2079 | * to the ikmpd. |
2080 | * policy(*) including direction of policy. |
2081 | * |
2082 | * m will always be freed. |
2083 | */ |
2084 | static int |
2085 | key_spddelete(struct socket *so, struct mbuf *m, |
2086 | const struct sadb_msghdr *mhp) |
2087 | { |
2088 | struct sadb_address *src0, *dst0; |
2089 | struct sadb_x_policy *xpl0; |
2090 | struct secpolicyindex spidx; |
2091 | struct secpolicy *sp; |
2092 | |
2093 | /* sanity check */ |
2094 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
2095 | panic("key_spddelete: NULL pointer is passed" ); |
2096 | |
2097 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
2098 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
2099 | mhp->ext[SADB_X_EXT_POLICY] == NULL) { |
2100 | ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n" )); |
2101 | return key_senderror(so, m, EINVAL); |
2102 | } |
2103 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
2104 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || |
2105 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { |
2106 | ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n" )); |
2107 | return key_senderror(so, m, EINVAL); |
2108 | } |
2109 | |
2110 | src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; |
2111 | dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; |
2112 | xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; |
2113 | |
2114 | /* make secindex */ |
2115 | /* XXX boundary check against sa_len */ |
2116 | KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, |
2117 | src0 + 1, |
2118 | dst0 + 1, |
2119 | src0->sadb_address_prefixlen, |
2120 | dst0->sadb_address_prefixlen, |
2121 | src0->sadb_address_proto, |
2122 | &spidx); |
2123 | |
2124 | /* checking the direciton. */ |
2125 | switch (xpl0->sadb_x_policy_dir) { |
2126 | case IPSEC_DIR_INBOUND: |
2127 | case IPSEC_DIR_OUTBOUND: |
2128 | break; |
2129 | default: |
2130 | ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n" )); |
2131 | return key_senderror(so, m, EINVAL); |
2132 | } |
2133 | |
2134 | /* Is there SP in SPD ? */ |
2135 | if ((sp = key_getsp(&spidx)) == NULL) { |
2136 | ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n" )); |
2137 | return key_senderror(so, m, EINVAL); |
2138 | } |
2139 | |
2140 | /* save policy id to buffer to be returned. */ |
2141 | xpl0->sadb_x_policy_id = sp->id; |
2142 | |
2143 | key_sp_dead(sp); |
2144 | key_sp_unlink(sp); /* XXX jrs ordering */ |
2145 | KEY_FREESP(&sp); /* ref gained by key_getspbyid */ |
2146 | |
2147 | #if defined(__NetBSD__) |
2148 | /* Invalidate all cached SPD pointers in the PCBs. */ |
2149 | ipsec_invalpcbcacheall(); |
2150 | |
2151 | /* We're deleting policy; no need to invalidate the ipflow cache. */ |
2152 | #endif /* __NetBSD__ */ |
2153 | |
2154 | { |
2155 | struct mbuf *n; |
2156 | struct sadb_msg *newmsg; |
2157 | |
2158 | /* create new sadb_msg to reply. */ |
2159 | n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, |
2160 | SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); |
2161 | if (!n) |
2162 | return key_senderror(so, m, ENOBUFS); |
2163 | |
2164 | newmsg = mtod(n, struct sadb_msg *); |
2165 | newmsg->sadb_msg_errno = 0; |
2166 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
2167 | |
2168 | m_freem(m); |
2169 | key_update_used(); |
2170 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
2171 | } |
2172 | } |
2173 | |
2174 | /* |
2175 | * SADB_SPDDELETE2 processing |
2176 | * receive |
2177 | * <base, policy(*)> |
2178 | * from the user(?), and set SADB_SASTATE_DEAD, |
2179 | * and send, |
2180 | * <base, policy(*)> |
2181 | * to the ikmpd. |
2182 | * policy(*) including direction of policy. |
2183 | * |
2184 | * m will always be freed. |
2185 | */ |
2186 | static int |
2187 | key_spddelete2(struct socket *so, struct mbuf *m, |
2188 | const struct sadb_msghdr *mhp) |
2189 | { |
2190 | u_int32_t id; |
2191 | struct secpolicy *sp; |
2192 | |
2193 | /* sanity check */ |
2194 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
2195 | panic("key_spddelete2: NULL pointer is passed" ); |
2196 | |
2197 | if (mhp->ext[SADB_X_EXT_POLICY] == NULL || |
2198 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { |
2199 | ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n" )); |
2200 | key_senderror(so, m, EINVAL); |
2201 | return 0; |
2202 | } |
2203 | |
2204 | id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; |
2205 | |
2206 | /* Is there SP in SPD ? */ |
2207 | if ((sp = key_getspbyid(id)) == NULL) { |
2208 | ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n" , id)); |
2209 | return key_senderror(so, m, EINVAL); |
2210 | } |
2211 | |
2212 | key_sp_dead(sp); |
2213 | key_sp_unlink(sp); /* XXX jrs ordering */ |
2214 | KEY_FREESP(&sp); /* ref gained by key_getsp */ |
2215 | sp = NULL; |
2216 | |
2217 | #if defined(__NetBSD__) |
2218 | /* Invalidate all cached SPD pointers in the PCBs. */ |
2219 | ipsec_invalpcbcacheall(); |
2220 | |
2221 | /* We're deleting policy; no need to invalidate the ipflow cache. */ |
2222 | #endif /* __NetBSD__ */ |
2223 | |
2224 | { |
2225 | struct mbuf *n, *nn; |
2226 | struct sadb_msg *newmsg; |
2227 | int off, len; |
2228 | |
2229 | /* create new sadb_msg to reply. */ |
2230 | len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
2231 | |
2232 | if (len > MCLBYTES) |
2233 | return key_senderror(so, m, ENOBUFS); |
2234 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
2235 | if (n && len > MHLEN) { |
2236 | MCLGET(n, M_DONTWAIT); |
2237 | if ((n->m_flags & M_EXT) == 0) { |
2238 | m_freem(n); |
2239 | n = NULL; |
2240 | } |
2241 | } |
2242 | if (!n) |
2243 | return key_senderror(so, m, ENOBUFS); |
2244 | |
2245 | n->m_len = len; |
2246 | n->m_next = NULL; |
2247 | off = 0; |
2248 | |
2249 | m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); |
2250 | off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
2251 | |
2252 | #ifdef DIAGNOSTIC |
2253 | if (off != len) |
2254 | panic("length inconsistency in key_spddelete2" ); |
2255 | #endif |
2256 | |
2257 | n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], |
2258 | mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT); |
2259 | if (!n->m_next) { |
2260 | m_freem(n); |
2261 | return key_senderror(so, m, ENOBUFS); |
2262 | } |
2263 | |
2264 | n->m_pkthdr.len = 0; |
2265 | for (nn = n; nn; nn = nn->m_next) |
2266 | n->m_pkthdr.len += nn->m_len; |
2267 | |
2268 | newmsg = mtod(n, struct sadb_msg *); |
2269 | newmsg->sadb_msg_errno = 0; |
2270 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
2271 | |
2272 | m_freem(m); |
2273 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
2274 | } |
2275 | } |
2276 | |
2277 | /* |
2278 | * SADB_X_GET processing |
2279 | * receive |
2280 | * <base, policy(*)> |
2281 | * from the user(?), |
2282 | * and send, |
2283 | * <base, address(SD), policy> |
2284 | * to the ikmpd. |
2285 | * policy(*) including direction of policy. |
2286 | * |
2287 | * m will always be freed. |
2288 | */ |
2289 | static int |
2290 | key_spdget(struct socket *so, struct mbuf *m, |
2291 | const struct sadb_msghdr *mhp) |
2292 | { |
2293 | u_int32_t id; |
2294 | struct secpolicy *sp; |
2295 | struct mbuf *n; |
2296 | |
2297 | /* sanity check */ |
2298 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
2299 | panic("key_spdget: NULL pointer is passed" ); |
2300 | |
2301 | if (mhp->ext[SADB_X_EXT_POLICY] == NULL || |
2302 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { |
2303 | ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n" )); |
2304 | return key_senderror(so, m, EINVAL); |
2305 | } |
2306 | |
2307 | id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; |
2308 | |
2309 | /* Is there SP in SPD ? */ |
2310 | if ((sp = key_getspbyid(id)) == NULL) { |
2311 | ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n" , id)); |
2312 | return key_senderror(so, m, ENOENT); |
2313 | } |
2314 | |
2315 | n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, |
2316 | mhp->msg->sadb_msg_pid); |
2317 | KEY_FREESP(&sp); /* ref gained by key_getspbyid */ |
2318 | if (n != NULL) { |
2319 | m_freem(m); |
2320 | return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); |
2321 | } else |
2322 | return key_senderror(so, m, ENOBUFS); |
2323 | } |
2324 | |
2325 | /* |
2326 | * SADB_X_SPDACQUIRE processing. |
2327 | * Acquire policy and SA(s) for a *OUTBOUND* packet. |
2328 | * send |
2329 | * <base, policy(*)> |
2330 | * to KMD, and expect to receive |
2331 | * <base> with SADB_X_SPDACQUIRE if error occurred, |
2332 | * or |
2333 | * <base, policy> |
2334 | * with SADB_X_SPDUPDATE from KMD by PF_KEY. |
2335 | * policy(*) is without policy requests. |
2336 | * |
2337 | * 0 : succeed |
2338 | * others: error number |
2339 | */ |
2340 | int |
2341 | key_spdacquire(const struct secpolicy *sp) |
2342 | { |
2343 | struct mbuf *result = NULL, *m; |
2344 | struct secspacq *newspacq; |
2345 | int error; |
2346 | |
2347 | /* sanity check */ |
2348 | if (sp == NULL) |
2349 | panic("key_spdacquire: NULL pointer is passed" ); |
2350 | if (sp->req != NULL) |
2351 | panic("key_spdacquire: called but there is request" ); |
2352 | if (sp->policy != IPSEC_POLICY_IPSEC) |
2353 | panic("key_spdacquire: policy mismathed. IPsec is expected" ); |
2354 | |
2355 | /* Get an entry to check whether sent message or not. */ |
2356 | if ((newspacq = key_getspacq(&sp->spidx)) != NULL) { |
2357 | if (key_blockacq_count < newspacq->count) { |
2358 | /* reset counter and do send message. */ |
2359 | newspacq->count = 0; |
2360 | } else { |
2361 | /* increment counter and do nothing. */ |
2362 | newspacq->count++; |
2363 | return 0; |
2364 | } |
2365 | } else { |
2366 | /* make new entry for blocking to send SADB_ACQUIRE. */ |
2367 | if ((newspacq = key_newspacq(&sp->spidx)) == NULL) |
2368 | return ENOBUFS; |
2369 | |
2370 | /* add to acqtree */ |
2371 | LIST_INSERT_HEAD(&spacqtree, newspacq, chain); |
2372 | } |
2373 | |
2374 | /* create new sadb_msg to reply. */ |
2375 | m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); |
2376 | if (!m) { |
2377 | error = ENOBUFS; |
2378 | goto fail; |
2379 | } |
2380 | result = m; |
2381 | |
2382 | result->m_pkthdr.len = 0; |
2383 | for (m = result; m; m = m->m_next) |
2384 | result->m_pkthdr.len += m->m_len; |
2385 | |
2386 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
2387 | PFKEY_UNIT64(result->m_pkthdr.len); |
2388 | |
2389 | return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); |
2390 | |
2391 | fail: |
2392 | if (result) |
2393 | m_freem(result); |
2394 | return error; |
2395 | } |
2396 | |
2397 | /* |
2398 | * SADB_SPDFLUSH processing |
2399 | * receive |
2400 | * <base> |
2401 | * from the user, and free all entries in secpctree. |
2402 | * and send, |
2403 | * <base> |
2404 | * to the user. |
2405 | * NOTE: what to do is only marking SADB_SASTATE_DEAD. |
2406 | * |
2407 | * m will always be freed. |
2408 | */ |
2409 | static int |
2410 | key_spdflush(struct socket *so, struct mbuf *m, |
2411 | const struct sadb_msghdr *mhp) |
2412 | { |
2413 | struct sadb_msg *newmsg; |
2414 | struct secpolicy *sp; |
2415 | u_int dir; |
2416 | |
2417 | /* sanity check */ |
2418 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
2419 | panic("key_spdflush: NULL pointer is passed" ); |
2420 | |
2421 | if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) |
2422 | return key_senderror(so, m, EINVAL); |
2423 | |
2424 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
2425 | struct secpolicy * nextsp; |
2426 | for (sp = LIST_FIRST(&sptree[dir]); |
2427 | sp != NULL; |
2428 | sp = nextsp) { |
2429 | |
2430 | nextsp = LIST_NEXT(sp, chain); |
2431 | if (sp->state == IPSEC_SPSTATE_DEAD) |
2432 | continue; |
2433 | key_sp_dead(sp); |
2434 | key_sp_unlink(sp); |
2435 | /* 'sp' dead; continue transfers to 'sp = nextsp' */ |
2436 | continue; |
2437 | } |
2438 | } |
2439 | |
2440 | #if defined(__NetBSD__) |
2441 | /* Invalidate all cached SPD pointers in the PCBs. */ |
2442 | ipsec_invalpcbcacheall(); |
2443 | |
2444 | /* We're deleting policy; no need to invalidate the ipflow cache. */ |
2445 | #endif /* __NetBSD__ */ |
2446 | |
2447 | if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { |
2448 | ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n" )); |
2449 | return key_senderror(so, m, ENOBUFS); |
2450 | } |
2451 | |
2452 | if (m->m_next) |
2453 | m_freem(m->m_next); |
2454 | m->m_next = NULL; |
2455 | m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
2456 | newmsg = mtod(m, struct sadb_msg *); |
2457 | newmsg->sadb_msg_errno = 0; |
2458 | newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); |
2459 | |
2460 | return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); |
2461 | } |
2462 | |
2463 | static struct sockaddr key_src = { |
2464 | .sa_len = 2, |
2465 | .sa_family = PF_KEY, |
2466 | }; |
2467 | |
2468 | static struct mbuf * |
2469 | key_setspddump_chain(int *errorp, int *lenp, pid_t pid) |
2470 | { |
2471 | struct secpolicy *sp; |
2472 | int cnt; |
2473 | u_int dir; |
2474 | struct mbuf *m, *n, *prev; |
2475 | int totlen; |
2476 | |
2477 | *lenp = 0; |
2478 | |
2479 | /* search SPD entry and get buffer size. */ |
2480 | cnt = 0; |
2481 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
2482 | LIST_FOREACH(sp, &sptree[dir], chain) { |
2483 | cnt++; |
2484 | } |
2485 | } |
2486 | |
2487 | if (cnt == 0) { |
2488 | *errorp = ENOENT; |
2489 | return (NULL); |
2490 | } |
2491 | |
2492 | m = NULL; |
2493 | prev = m; |
2494 | totlen = 0; |
2495 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
2496 | LIST_FOREACH(sp, &sptree[dir], chain) { |
2497 | --cnt; |
2498 | n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); |
2499 | |
2500 | if (!n) { |
2501 | *errorp = ENOBUFS; |
2502 | if (m) m_freem(m); |
2503 | return (NULL); |
2504 | } |
2505 | |
2506 | totlen += n->m_pkthdr.len; |
2507 | if (!m) { |
2508 | m = n; |
2509 | } else { |
2510 | prev->m_nextpkt = n; |
2511 | } |
2512 | prev = n; |
2513 | } |
2514 | } |
2515 | |
2516 | *lenp = totlen; |
2517 | *errorp = 0; |
2518 | return (m); |
2519 | } |
2520 | |
2521 | /* |
2522 | * SADB_SPDDUMP processing |
2523 | * receive |
2524 | * <base> |
2525 | * from the user, and dump all SP leaves |
2526 | * and send, |
2527 | * <base> ..... |
2528 | * to the ikmpd. |
2529 | * |
2530 | * m will always be freed. |
2531 | */ |
2532 | static int |
2533 | key_spddump(struct socket *so, struct mbuf *m0, |
2534 | const struct sadb_msghdr *mhp) |
2535 | { |
2536 | struct mbuf *n; |
2537 | int error, len; |
2538 | int ok, s; |
2539 | pid_t pid; |
2540 | |
2541 | /* sanity check */ |
2542 | if (so == NULL || m0 == NULL || mhp == NULL || mhp->msg == NULL) |
2543 | panic("key_spddump: NULL pointer is passed" ); |
2544 | |
2545 | |
2546 | pid = mhp->msg->sadb_msg_pid; |
2547 | /* |
2548 | * If the requestor has insufficient socket-buffer space |
2549 | * for the entire chain, nobody gets any response to the DUMP. |
2550 | * XXX For now, only the requestor ever gets anything. |
2551 | * Moreover, if the requestor has any space at all, they receive |
2552 | * the entire chain, otherwise the request is refused with ENOBUFS. |
2553 | */ |
2554 | if (sbspace(&so->so_rcv) <= 0) { |
2555 | return key_senderror(so, m0, ENOBUFS); |
2556 | } |
2557 | |
2558 | s = splsoftnet(); |
2559 | n = key_setspddump_chain(&error, &len, pid); |
2560 | splx(s); |
2561 | |
2562 | if (n == NULL) { |
2563 | return key_senderror(so, m0, ENOENT); |
2564 | } |
2565 | { |
2566 | uint64_t *ps = PFKEY_STAT_GETREF(); |
2567 | ps[PFKEY_STAT_IN_TOTAL]++; |
2568 | ps[PFKEY_STAT_IN_BYTES] += len; |
2569 | PFKEY_STAT_PUTREF(); |
2570 | } |
2571 | |
2572 | /* |
2573 | * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. |
2574 | * The requestor receives either the entire chain, or an |
2575 | * error message with ENOBUFS. |
2576 | */ |
2577 | |
2578 | /* |
2579 | * sbappendchainwith record takes the chain of entries, one |
2580 | * packet-record per SPD entry, prepends the key_src sockaddr |
2581 | * to each packet-record, links the sockaddr mbufs into a new |
2582 | * list of records, then appends the entire resulting |
2583 | * list to the requesting socket. |
2584 | */ |
2585 | ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, |
2586 | n, SB_PRIO_ONESHOT_OVERFLOW); |
2587 | |
2588 | if (!ok) { |
2589 | PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); |
2590 | m_freem(n); |
2591 | return key_senderror(so, m0, ENOBUFS); |
2592 | } |
2593 | |
2594 | m_freem(m0); |
2595 | return error; |
2596 | } |
2597 | |
2598 | /* |
2599 | * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23 |
2600 | */ |
2601 | static int |
2602 | key_nat_map(struct socket *so, struct mbuf *m, |
2603 | const struct sadb_msghdr *mhp) |
2604 | { |
2605 | struct sadb_x_nat_t_type *type; |
2606 | struct sadb_x_nat_t_port *sport; |
2607 | struct sadb_x_nat_t_port *dport; |
2608 | struct sadb_address *iaddr, *raddr; |
2609 | struct sadb_x_nat_t_frag *frag; |
2610 | |
2611 | /* sanity check */ |
2612 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
2613 | panic("key_nat_map: NULL pointer is passed." ); |
2614 | |
2615 | if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || |
2616 | mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || |
2617 | mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) { |
2618 | ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n" )); |
2619 | return key_senderror(so, m, EINVAL); |
2620 | } |
2621 | if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || |
2622 | (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || |
2623 | (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { |
2624 | ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n" )); |
2625 | return key_senderror(so, m, EINVAL); |
2626 | } |
2627 | |
2628 | if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) && |
2629 | (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) { |
2630 | ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n" )); |
2631 | return key_senderror(so, m, EINVAL); |
2632 | } |
2633 | |
2634 | if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) && |
2635 | (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) { |
2636 | ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n" )); |
2637 | return key_senderror(so, m, EINVAL); |
2638 | } |
2639 | |
2640 | if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) && |
2641 | (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) { |
2642 | ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n" )); |
2643 | return key_senderror(so, m, EINVAL); |
2644 | } |
2645 | |
2646 | type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; |
2647 | sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; |
2648 | dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; |
2649 | iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; |
2650 | raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; |
2651 | frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG]; |
2652 | |
2653 | /* |
2654 | * XXX handle that, it should also contain a SA, or anything |
2655 | * that enable to update the SA information. |
2656 | */ |
2657 | |
2658 | return 0; |
2659 | } |
2660 | |
2661 | static struct mbuf * |
2662 | key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid) |
2663 | { |
2664 | struct mbuf *result = NULL, *m; |
2665 | |
2666 | m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); |
2667 | if (!m) |
2668 | goto fail; |
2669 | result = m; |
2670 | |
2671 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
2672 | &sp->spidx.src.sa, sp->spidx.prefs, |
2673 | sp->spidx.ul_proto); |
2674 | if (!m) |
2675 | goto fail; |
2676 | m_cat(result, m); |
2677 | |
2678 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
2679 | &sp->spidx.dst.sa, sp->spidx.prefd, |
2680 | sp->spidx.ul_proto); |
2681 | if (!m) |
2682 | goto fail; |
2683 | m_cat(result, m); |
2684 | |
2685 | m = key_sp2msg(sp); |
2686 | if (!m) |
2687 | goto fail; |
2688 | m_cat(result, m); |
2689 | |
2690 | if ((result->m_flags & M_PKTHDR) == 0) |
2691 | goto fail; |
2692 | |
2693 | if (result->m_len < sizeof(struct sadb_msg)) { |
2694 | result = m_pullup(result, sizeof(struct sadb_msg)); |
2695 | if (result == NULL) |
2696 | goto fail; |
2697 | } |
2698 | |
2699 | result->m_pkthdr.len = 0; |
2700 | for (m = result; m; m = m->m_next) |
2701 | result->m_pkthdr.len += m->m_len; |
2702 | |
2703 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
2704 | PFKEY_UNIT64(result->m_pkthdr.len); |
2705 | |
2706 | return result; |
2707 | |
2708 | fail: |
2709 | m_freem(result); |
2710 | return NULL; |
2711 | } |
2712 | |
2713 | /* |
2714 | * get PFKEY message length for security policy and request. |
2715 | */ |
2716 | static u_int |
2717 | key_getspreqmsglen(const struct secpolicy *sp) |
2718 | { |
2719 | u_int tlen; |
2720 | |
2721 | tlen = sizeof(struct sadb_x_policy); |
2722 | |
2723 | /* if is the policy for ipsec ? */ |
2724 | if (sp->policy != IPSEC_POLICY_IPSEC) |
2725 | return tlen; |
2726 | |
2727 | /* get length of ipsec requests */ |
2728 | { |
2729 | const struct ipsecrequest *isr; |
2730 | int len; |
2731 | |
2732 | for (isr = sp->req; isr != NULL; isr = isr->next) { |
2733 | len = sizeof(struct sadb_x_ipsecrequest) |
2734 | + isr->saidx.src.sa.sa_len |
2735 | + isr->saidx.dst.sa.sa_len; |
2736 | |
2737 | tlen += PFKEY_ALIGN8(len); |
2738 | } |
2739 | } |
2740 | |
2741 | return tlen; |
2742 | } |
2743 | |
2744 | /* |
2745 | * SADB_SPDEXPIRE processing |
2746 | * send |
2747 | * <base, address(SD), lifetime(CH), policy> |
2748 | * to KMD by PF_KEY. |
2749 | * |
2750 | * OUT: 0 : succeed |
2751 | * others : error number |
2752 | */ |
2753 | static int |
2754 | key_spdexpire(struct secpolicy *sp) |
2755 | { |
2756 | int s; |
2757 | struct mbuf *result = NULL, *m; |
2758 | int len; |
2759 | int error = -1; |
2760 | struct sadb_lifetime *lt; |
2761 | |
2762 | /* XXX: Why do we lock ? */ |
2763 | s = splsoftnet(); /*called from softclock()*/ |
2764 | |
2765 | /* sanity check */ |
2766 | if (sp == NULL) |
2767 | panic("key_spdexpire: NULL pointer is passed" ); |
2768 | |
2769 | /* set msg header */ |
2770 | m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); |
2771 | if (!m) { |
2772 | error = ENOBUFS; |
2773 | goto fail; |
2774 | } |
2775 | result = m; |
2776 | |
2777 | /* create lifetime extension (current and hard) */ |
2778 | len = PFKEY_ALIGN8(sizeof(*lt)) * 2; |
2779 | m = key_alloc_mbuf(len); |
2780 | if (!m || m->m_next) { /*XXX*/ |
2781 | if (m) |
2782 | m_freem(m); |
2783 | error = ENOBUFS; |
2784 | goto fail; |
2785 | } |
2786 | memset(mtod(m, void *), 0, len); |
2787 | lt = mtod(m, struct sadb_lifetime *); |
2788 | lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); |
2789 | lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; |
2790 | lt->sadb_lifetime_allocations = 0; |
2791 | lt->sadb_lifetime_bytes = 0; |
2792 | lt->sadb_lifetime_addtime = sp->created + time_second - time_uptime; |
2793 | lt->sadb_lifetime_usetime = sp->lastused + time_second - time_uptime; |
2794 | lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); |
2795 | lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); |
2796 | lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; |
2797 | lt->sadb_lifetime_allocations = 0; |
2798 | lt->sadb_lifetime_bytes = 0; |
2799 | lt->sadb_lifetime_addtime = sp->lifetime; |
2800 | lt->sadb_lifetime_usetime = sp->validtime; |
2801 | m_cat(result, m); |
2802 | |
2803 | /* set sadb_address for source */ |
2804 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
2805 | &sp->spidx.src.sa, |
2806 | sp->spidx.prefs, sp->spidx.ul_proto); |
2807 | if (!m) { |
2808 | error = ENOBUFS; |
2809 | goto fail; |
2810 | } |
2811 | m_cat(result, m); |
2812 | |
2813 | /* set sadb_address for destination */ |
2814 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
2815 | &sp->spidx.dst.sa, |
2816 | sp->spidx.prefd, sp->spidx.ul_proto); |
2817 | if (!m) { |
2818 | error = ENOBUFS; |
2819 | goto fail; |
2820 | } |
2821 | m_cat(result, m); |
2822 | |
2823 | /* set secpolicy */ |
2824 | m = key_sp2msg(sp); |
2825 | if (!m) { |
2826 | error = ENOBUFS; |
2827 | goto fail; |
2828 | } |
2829 | m_cat(result, m); |
2830 | |
2831 | if ((result->m_flags & M_PKTHDR) == 0) { |
2832 | error = EINVAL; |
2833 | goto fail; |
2834 | } |
2835 | |
2836 | if (result->m_len < sizeof(struct sadb_msg)) { |
2837 | result = m_pullup(result, sizeof(struct sadb_msg)); |
2838 | if (result == NULL) { |
2839 | error = ENOBUFS; |
2840 | goto fail; |
2841 | } |
2842 | } |
2843 | |
2844 | result->m_pkthdr.len = 0; |
2845 | for (m = result; m; m = m->m_next) |
2846 | result->m_pkthdr.len += m->m_len; |
2847 | |
2848 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
2849 | PFKEY_UNIT64(result->m_pkthdr.len); |
2850 | |
2851 | return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); |
2852 | |
2853 | fail: |
2854 | if (result) |
2855 | m_freem(result); |
2856 | splx(s); |
2857 | return error; |
2858 | } |
2859 | |
2860 | /* %%% SAD management */ |
2861 | /* |
2862 | * allocating a memory for new SA head, and copy from the values of mhp. |
2863 | * OUT: NULL : failure due to the lack of memory. |
2864 | * others : pointer to new SA head. |
2865 | */ |
2866 | static struct secashead * |
2867 | key_newsah(const struct secasindex *saidx) |
2868 | { |
2869 | struct secashead *newsah; |
2870 | |
2871 | IPSEC_ASSERT(saidx != NULL, ("key_newsaidx: null saidx" )); |
2872 | |
2873 | newsah = (struct secashead *) |
2874 | malloc(sizeof(struct secashead), M_SECA, M_NOWAIT|M_ZERO); |
2875 | if (newsah != NULL) { |
2876 | int i; |
2877 | for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++) |
2878 | LIST_INIT(&newsah->savtree[i]); |
2879 | newsah->saidx = *saidx; |
2880 | |
2881 | /* add to saidxtree */ |
2882 | newsah->state = SADB_SASTATE_MATURE; |
2883 | LIST_INSERT_HEAD(&sahtree, newsah, chain); |
2884 | } |
2885 | return(newsah); |
2886 | } |
2887 | |
2888 | /* |
2889 | * delete SA index and all SA registerd. |
2890 | */ |
2891 | static void |
2892 | key_delsah(struct secashead *sah) |
2893 | { |
2894 | struct secasvar *sav, *nextsav; |
2895 | u_int stateidx, state; |
2896 | int s; |
2897 | int zombie = 0; |
2898 | |
2899 | /* sanity check */ |
2900 | if (sah == NULL) |
2901 | panic("key_delsah: NULL pointer is passed" ); |
2902 | |
2903 | s = splsoftnet(); /*called from softclock()*/ |
2904 | |
2905 | /* searching all SA registerd in the secindex. */ |
2906 | for (stateidx = 0; |
2907 | stateidx < _ARRAYLEN(saorder_state_any); |
2908 | stateidx++) { |
2909 | |
2910 | state = saorder_state_any[stateidx]; |
2911 | for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]); |
2912 | sav != NULL; |
2913 | sav = nextsav) { |
2914 | |
2915 | nextsav = LIST_NEXT(sav, chain); |
2916 | |
2917 | if (sav->refcnt == 0) { |
2918 | /* sanity check */ |
2919 | KEY_CHKSASTATE(state, sav->state, "key_delsah" ); |
2920 | KEY_FREESAV(&sav); |
2921 | } else { |
2922 | /* give up to delete this sa */ |
2923 | zombie++; |
2924 | } |
2925 | } |
2926 | } |
2927 | |
2928 | /* don't delete sah only if there are savs. */ |
2929 | if (zombie) { |
2930 | splx(s); |
2931 | return; |
2932 | } |
2933 | |
2934 | rtcache_free(&sah->sa_route); |
2935 | |
2936 | /* remove from tree of SA index */ |
2937 | if (__LIST_CHAINED(sah)) |
2938 | LIST_REMOVE(sah, chain); |
2939 | |
2940 | KFREE(sah); |
2941 | |
2942 | splx(s); |
2943 | return; |
2944 | } |
2945 | |
2946 | /* |
2947 | * allocating a new SA with LARVAL state. key_add() and key_getspi() call, |
2948 | * and copy the values of mhp into new buffer. |
2949 | * When SAD message type is GETSPI: |
2950 | * to set sequence number from acq_seq++, |
2951 | * to set zero to SPI. |
2952 | * not to call key_setsava(). |
2953 | * OUT: NULL : fail |
2954 | * others : pointer to new secasvar. |
2955 | * |
2956 | * does not modify mbuf. does not free mbuf on error. |
2957 | */ |
2958 | static struct secasvar * |
2959 | key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp, |
2960 | struct secashead *sah, int *errp, |
2961 | const char* where, int tag) |
2962 | { |
2963 | struct secasvar *newsav; |
2964 | const struct sadb_sa *xsa; |
2965 | |
2966 | /* sanity check */ |
2967 | if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) |
2968 | panic("key_newsa: NULL pointer is passed" ); |
2969 | |
2970 | KMALLOC(newsav, struct secasvar *, sizeof(struct secasvar)); |
2971 | if (newsav == NULL) { |
2972 | ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n" )); |
2973 | *errp = ENOBUFS; |
2974 | goto done; |
2975 | } |
2976 | memset(newsav, 0, sizeof(struct secasvar)); |
2977 | |
2978 | switch (mhp->msg->sadb_msg_type) { |
2979 | case SADB_GETSPI: |
2980 | newsav->spi = 0; |
2981 | |
2982 | #ifdef IPSEC_DOSEQCHECK |
2983 | /* sync sequence number */ |
2984 | if (mhp->msg->sadb_msg_seq == 0) |
2985 | newsav->seq = |
2986 | (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); |
2987 | else |
2988 | #endif |
2989 | newsav->seq = mhp->msg->sadb_msg_seq; |
2990 | break; |
2991 | |
2992 | case SADB_ADD: |
2993 | /* sanity check */ |
2994 | if (mhp->ext[SADB_EXT_SA] == NULL) { |
2995 | KFREE(newsav), newsav = NULL; |
2996 | ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n" )); |
2997 | *errp = EINVAL; |
2998 | goto done; |
2999 | } |
3000 | xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
3001 | newsav->spi = xsa->sadb_sa_spi; |
3002 | newsav->seq = mhp->msg->sadb_msg_seq; |
3003 | break; |
3004 | default: |
3005 | KFREE(newsav), newsav = NULL; |
3006 | *errp = EINVAL; |
3007 | goto done; |
3008 | } |
3009 | |
3010 | /* copy sav values */ |
3011 | if (mhp->msg->sadb_msg_type != SADB_GETSPI) { |
3012 | *errp = key_setsaval(newsav, m, mhp); |
3013 | if (*errp) { |
3014 | KFREE(newsav), newsav = NULL; |
3015 | goto done; |
3016 | } |
3017 | } |
3018 | |
3019 | /* reset created */ |
3020 | newsav->created = time_uptime; |
3021 | newsav->pid = mhp->msg->sadb_msg_pid; |
3022 | |
3023 | /* add to satree */ |
3024 | newsav->sah = sah; |
3025 | newsav->refcnt = 1; |
3026 | newsav->state = SADB_SASTATE_LARVAL; |
3027 | LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, |
3028 | secasvar, chain); |
3029 | done: |
3030 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
3031 | printf("DP %s from %s:%u return SP:%p\n" , __func__, |
3032 | where, tag, newsav)); |
3033 | |
3034 | return newsav; |
3035 | } |
3036 | |
3037 | /* |
3038 | * free() SA variable entry. |
3039 | */ |
3040 | static void |
3041 | key_delsav(struct secasvar *sav) |
3042 | { |
3043 | IPSEC_ASSERT(sav != NULL, ("key_delsav: null sav" )); |
3044 | IPSEC_ASSERT(sav->refcnt == 0, |
3045 | ("key_delsav: reference count %u > 0" , sav->refcnt)); |
3046 | |
3047 | /* remove from SA header */ |
3048 | if (__LIST_CHAINED(sav)) |
3049 | LIST_REMOVE(sav, chain); |
3050 | |
3051 | /* |
3052 | * Cleanup xform state. Note that zeroize'ing causes the |
3053 | * keys to be cleared; otherwise we must do it ourself. |
3054 | */ |
3055 | if (sav->tdb_xform != NULL) { |
3056 | sav->tdb_xform->xf_zeroize(sav); |
3057 | sav->tdb_xform = NULL; |
3058 | } else { |
3059 | if (sav->key_auth != NULL) |
3060 | explicit_memset(_KEYBUF(sav->key_auth), 0, |
3061 | _KEYLEN(sav->key_auth)); |
3062 | if (sav->key_enc != NULL) |
3063 | explicit_memset(_KEYBUF(sav->key_enc), 0, |
3064 | _KEYLEN(sav->key_enc)); |
3065 | } |
3066 | if (sav->key_auth != NULL) { |
3067 | KFREE(sav->key_auth); |
3068 | sav->key_auth = NULL; |
3069 | } |
3070 | if (sav->key_enc != NULL) { |
3071 | KFREE(sav->key_enc); |
3072 | sav->key_enc = NULL; |
3073 | } |
3074 | if (sav->replay != NULL) { |
3075 | KFREE(sav->replay); |
3076 | sav->replay = NULL; |
3077 | } |
3078 | if (sav->lft_c != NULL) { |
3079 | KFREE(sav->lft_c); |
3080 | sav->lft_c = NULL; |
3081 | } |
3082 | if (sav->lft_h != NULL) { |
3083 | KFREE(sav->lft_h); |
3084 | sav->lft_h = NULL; |
3085 | } |
3086 | if (sav->lft_s != NULL) { |
3087 | KFREE(sav->lft_s); |
3088 | sav->lft_s = NULL; |
3089 | } |
3090 | |
3091 | KFREE(sav); |
3092 | |
3093 | return; |
3094 | } |
3095 | |
3096 | /* |
3097 | * search SAD. |
3098 | * OUT: |
3099 | * NULL : not found |
3100 | * others : found, pointer to a SA. |
3101 | */ |
3102 | static struct secashead * |
3103 | key_getsah(const struct secasindex *saidx) |
3104 | { |
3105 | struct secashead *sah; |
3106 | |
3107 | LIST_FOREACH(sah, &sahtree, chain) { |
3108 | if (sah->state == SADB_SASTATE_DEAD) |
3109 | continue; |
3110 | if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) |
3111 | return sah; |
3112 | } |
3113 | |
3114 | return NULL; |
3115 | } |
3116 | |
3117 | /* |
3118 | * check not to be duplicated SPI. |
3119 | * NOTE: this function is too slow due to searching all SAD. |
3120 | * OUT: |
3121 | * NULL : not found |
3122 | * others : found, pointer to a SA. |
3123 | */ |
3124 | static struct secasvar * |
3125 | key_checkspidup(const struct secasindex *saidx, u_int32_t spi) |
3126 | { |
3127 | struct secashead *sah; |
3128 | struct secasvar *sav; |
3129 | |
3130 | /* check address family */ |
3131 | if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { |
3132 | ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n" )); |
3133 | return NULL; |
3134 | } |
3135 | |
3136 | /* check all SAD */ |
3137 | LIST_FOREACH(sah, &sahtree, chain) { |
3138 | if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) |
3139 | continue; |
3140 | sav = key_getsavbyspi(sah, spi); |
3141 | if (sav != NULL) |
3142 | return sav; |
3143 | } |
3144 | |
3145 | return NULL; |
3146 | } |
3147 | |
3148 | /* |
3149 | * search SAD litmited alive SA, protocol, SPI. |
3150 | * OUT: |
3151 | * NULL : not found |
3152 | * others : found, pointer to a SA. |
3153 | */ |
3154 | static struct secasvar * |
3155 | key_getsavbyspi(struct secashead *sah, u_int32_t spi) |
3156 | { |
3157 | struct secasvar *sav; |
3158 | u_int stateidx, state; |
3159 | |
3160 | /* search all status */ |
3161 | for (stateidx = 0; |
3162 | stateidx < _ARRAYLEN(saorder_state_alive); |
3163 | stateidx++) { |
3164 | |
3165 | state = saorder_state_alive[stateidx]; |
3166 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
3167 | |
3168 | /* sanity check */ |
3169 | if (sav->state != state) { |
3170 | ipseclog((LOG_DEBUG, "key_getsavbyspi: " |
3171 | "invalid sav->state (queue: %d SA: %d)\n" , |
3172 | state, sav->state)); |
3173 | continue; |
3174 | } |
3175 | |
3176 | if (sav->spi == spi) |
3177 | return sav; |
3178 | } |
3179 | } |
3180 | |
3181 | return NULL; |
3182 | } |
3183 | |
3184 | /* |
3185 | * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. |
3186 | * You must update these if need. |
3187 | * OUT: 0: success. |
3188 | * !0: failure. |
3189 | * |
3190 | * does not modify mbuf. does not free mbuf on error. |
3191 | */ |
3192 | static int |
3193 | key_setsaval(struct secasvar *sav, struct mbuf *m, |
3194 | const struct sadb_msghdr *mhp) |
3195 | { |
3196 | int error = 0; |
3197 | |
3198 | /* sanity check */ |
3199 | if (m == NULL || mhp == NULL || mhp->msg == NULL) |
3200 | panic("key_setsaval: NULL pointer is passed" ); |
3201 | |
3202 | /* initialization */ |
3203 | sav->replay = NULL; |
3204 | sav->key_auth = NULL; |
3205 | sav->key_enc = NULL; |
3206 | sav->lft_c = NULL; |
3207 | sav->lft_h = NULL; |
3208 | sav->lft_s = NULL; |
3209 | sav->tdb_xform = NULL; /* transform */ |
3210 | sav->tdb_encalgxform = NULL; /* encoding algorithm */ |
3211 | sav->tdb_authalgxform = NULL; /* authentication algorithm */ |
3212 | sav->tdb_compalgxform = NULL; /* compression algorithm */ |
3213 | sav->natt_type = 0; |
3214 | sav->esp_frag = 0; |
3215 | |
3216 | /* SA */ |
3217 | if (mhp->ext[SADB_EXT_SA] != NULL) { |
3218 | const struct sadb_sa *sa0; |
3219 | |
3220 | sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
3221 | if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { |
3222 | error = EINVAL; |
3223 | goto fail; |
3224 | } |
3225 | |
3226 | sav->alg_auth = sa0->sadb_sa_auth; |
3227 | sav->alg_enc = sa0->sadb_sa_encrypt; |
3228 | sav->flags = sa0->sadb_sa_flags; |
3229 | |
3230 | /* replay window */ |
3231 | if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { |
3232 | sav->replay = (struct secreplay *) |
3233 | malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_SECA, M_NOWAIT|M_ZERO); |
3234 | if (sav->replay == NULL) { |
3235 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3236 | error = ENOBUFS; |
3237 | goto fail; |
3238 | } |
3239 | if (sa0->sadb_sa_replay != 0) |
3240 | sav->replay->bitmap = (char*)(sav->replay+1); |
3241 | sav->replay->wsize = sa0->sadb_sa_replay; |
3242 | } |
3243 | } |
3244 | |
3245 | /* Authentication keys */ |
3246 | if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { |
3247 | const struct sadb_key *key0; |
3248 | int len; |
3249 | |
3250 | key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; |
3251 | len = mhp->extlen[SADB_EXT_KEY_AUTH]; |
3252 | |
3253 | error = 0; |
3254 | if (len < sizeof(*key0)) { |
3255 | error = EINVAL; |
3256 | goto fail; |
3257 | } |
3258 | switch (mhp->msg->sadb_msg_satype) { |
3259 | case SADB_SATYPE_AH: |
3260 | case SADB_SATYPE_ESP: |
3261 | case SADB_X_SATYPE_TCPSIGNATURE: |
3262 | if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && |
3263 | sav->alg_auth != SADB_X_AALG_NULL) |
3264 | error = EINVAL; |
3265 | break; |
3266 | case SADB_X_SATYPE_IPCOMP: |
3267 | default: |
3268 | error = EINVAL; |
3269 | break; |
3270 | } |
3271 | if (error) { |
3272 | ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n" )); |
3273 | goto fail; |
3274 | } |
3275 | |
3276 | sav->key_auth = (struct sadb_key *)key_newbuf(key0, len); |
3277 | if (sav->key_auth == NULL) { |
3278 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3279 | error = ENOBUFS; |
3280 | goto fail; |
3281 | } |
3282 | } |
3283 | |
3284 | /* Encryption key */ |
3285 | if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { |
3286 | const struct sadb_key *key0; |
3287 | int len; |
3288 | |
3289 | key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; |
3290 | len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; |
3291 | |
3292 | error = 0; |
3293 | if (len < sizeof(*key0)) { |
3294 | error = EINVAL; |
3295 | goto fail; |
3296 | } |
3297 | switch (mhp->msg->sadb_msg_satype) { |
3298 | case SADB_SATYPE_ESP: |
3299 | if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && |
3300 | sav->alg_enc != SADB_EALG_NULL) { |
3301 | error = EINVAL; |
3302 | break; |
3303 | } |
3304 | sav->key_enc = (struct sadb_key *)key_newbuf(key0, len); |
3305 | if (sav->key_enc == NULL) { |
3306 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3307 | error = ENOBUFS; |
3308 | goto fail; |
3309 | } |
3310 | break; |
3311 | case SADB_X_SATYPE_IPCOMP: |
3312 | if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) |
3313 | error = EINVAL; |
3314 | sav->key_enc = NULL; /*just in case*/ |
3315 | break; |
3316 | case SADB_SATYPE_AH: |
3317 | case SADB_X_SATYPE_TCPSIGNATURE: |
3318 | default: |
3319 | error = EINVAL; |
3320 | break; |
3321 | } |
3322 | if (error) { |
3323 | ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n" )); |
3324 | goto fail; |
3325 | } |
3326 | } |
3327 | |
3328 | /* set iv */ |
3329 | sav->ivlen = 0; |
3330 | |
3331 | switch (mhp->msg->sadb_msg_satype) { |
3332 | case SADB_SATYPE_AH: |
3333 | error = xform_init(sav, XF_AH); |
3334 | break; |
3335 | case SADB_SATYPE_ESP: |
3336 | error = xform_init(sav, XF_ESP); |
3337 | break; |
3338 | case SADB_X_SATYPE_IPCOMP: |
3339 | error = xform_init(sav, XF_IPCOMP); |
3340 | break; |
3341 | case SADB_X_SATYPE_TCPSIGNATURE: |
3342 | error = xform_init(sav, XF_TCPSIGNATURE); |
3343 | break; |
3344 | } |
3345 | if (error) { |
3346 | ipseclog((LOG_DEBUG, |
3347 | "key_setsaval: unable to initialize SA type %u.\n" , |
3348 | mhp->msg->sadb_msg_satype)); |
3349 | goto fail; |
3350 | } |
3351 | |
3352 | /* reset created */ |
3353 | sav->created = time_uptime; |
3354 | |
3355 | /* make lifetime for CURRENT */ |
3356 | KMALLOC(sav->lft_c, struct sadb_lifetime *, |
3357 | sizeof(struct sadb_lifetime)); |
3358 | if (sav->lft_c == NULL) { |
3359 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3360 | error = ENOBUFS; |
3361 | goto fail; |
3362 | } |
3363 | |
3364 | sav->lft_c->sadb_lifetime_len = |
3365 | PFKEY_UNIT64(sizeof(struct sadb_lifetime)); |
3366 | sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; |
3367 | sav->lft_c->sadb_lifetime_allocations = 0; |
3368 | sav->lft_c->sadb_lifetime_bytes = 0; |
3369 | sav->lft_c->sadb_lifetime_addtime = time_uptime; |
3370 | sav->lft_c->sadb_lifetime_usetime = 0; |
3371 | |
3372 | /* lifetimes for HARD and SOFT */ |
3373 | { |
3374 | const struct sadb_lifetime *lft0; |
3375 | |
3376 | lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; |
3377 | if (lft0 != NULL) { |
3378 | if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { |
3379 | error = EINVAL; |
3380 | goto fail; |
3381 | } |
3382 | sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0, |
3383 | sizeof(*lft0)); |
3384 | if (sav->lft_h == NULL) { |
3385 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3386 | error = ENOBUFS; |
3387 | goto fail; |
3388 | } |
3389 | /* to be initialize ? */ |
3390 | } |
3391 | |
3392 | lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT]; |
3393 | if (lft0 != NULL) { |
3394 | if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { |
3395 | error = EINVAL; |
3396 | goto fail; |
3397 | } |
3398 | sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0, |
3399 | sizeof(*lft0)); |
3400 | if (sav->lft_s == NULL) { |
3401 | ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n" )); |
3402 | error = ENOBUFS; |
3403 | goto fail; |
3404 | } |
3405 | /* to be initialize ? */ |
3406 | } |
3407 | } |
3408 | |
3409 | return 0; |
3410 | |
3411 | fail: |
3412 | /* initialization */ |
3413 | if (sav->replay != NULL) { |
3414 | KFREE(sav->replay); |
3415 | sav->replay = NULL; |
3416 | } |
3417 | if (sav->key_auth != NULL) { |
3418 | KFREE(sav->key_auth); |
3419 | sav->key_auth = NULL; |
3420 | } |
3421 | if (sav->key_enc != NULL) { |
3422 | KFREE(sav->key_enc); |
3423 | sav->key_enc = NULL; |
3424 | } |
3425 | if (sav->lft_c != NULL) { |
3426 | KFREE(sav->lft_c); |
3427 | sav->lft_c = NULL; |
3428 | } |
3429 | if (sav->lft_h != NULL) { |
3430 | KFREE(sav->lft_h); |
3431 | sav->lft_h = NULL; |
3432 | } |
3433 | if (sav->lft_s != NULL) { |
3434 | KFREE(sav->lft_s); |
3435 | sav->lft_s = NULL; |
3436 | } |
3437 | |
3438 | return error; |
3439 | } |
3440 | |
3441 | /* |
3442 | * validation with a secasvar entry, and set SADB_SATYPE_MATURE. |
3443 | * OUT: 0: valid |
3444 | * other: errno |
3445 | */ |
3446 | static int |
3447 | key_mature(struct secasvar *sav) |
3448 | { |
3449 | int error; |
3450 | |
3451 | /* check SPI value */ |
3452 | switch (sav->sah->saidx.proto) { |
3453 | case IPPROTO_ESP: |
3454 | case IPPROTO_AH: |
3455 | if (ntohl(sav->spi) <= 255) { |
3456 | ipseclog((LOG_DEBUG, |
3457 | "key_mature: illegal range of SPI %u.\n" , |
3458 | (u_int32_t)ntohl(sav->spi))); |
3459 | return EINVAL; |
3460 | } |
3461 | break; |
3462 | } |
3463 | |
3464 | /* check satype */ |
3465 | switch (sav->sah->saidx.proto) { |
3466 | case IPPROTO_ESP: |
3467 | /* check flags */ |
3468 | if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == |
3469 | (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { |
3470 | ipseclog((LOG_DEBUG, "key_mature: " |
3471 | "invalid flag (derived) given to old-esp.\n" )); |
3472 | return EINVAL; |
3473 | } |
3474 | error = xform_init(sav, XF_ESP); |
3475 | break; |
3476 | case IPPROTO_AH: |
3477 | /* check flags */ |
3478 | if (sav->flags & SADB_X_EXT_DERIV) { |
3479 | ipseclog((LOG_DEBUG, "key_mature: " |
3480 | "invalid flag (derived) given to AH SA.\n" )); |
3481 | return EINVAL; |
3482 | } |
3483 | if (sav->alg_enc != SADB_EALG_NONE) { |
3484 | ipseclog((LOG_DEBUG, "key_mature: " |
3485 | "protocol and algorithm mismated.\n" )); |
3486 | return(EINVAL); |
3487 | } |
3488 | error = xform_init(sav, XF_AH); |
3489 | break; |
3490 | case IPPROTO_IPCOMP: |
3491 | if (sav->alg_auth != SADB_AALG_NONE) { |
3492 | ipseclog((LOG_DEBUG, "key_mature: " |
3493 | "protocol and algorithm mismated.\n" )); |
3494 | return(EINVAL); |
3495 | } |
3496 | if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 |
3497 | && ntohl(sav->spi) >= 0x10000) { |
3498 | ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n" )); |
3499 | return(EINVAL); |
3500 | } |
3501 | error = xform_init(sav, XF_IPCOMP); |
3502 | break; |
3503 | case IPPROTO_TCP: |
3504 | if (sav->alg_enc != SADB_EALG_NONE) { |
3505 | ipseclog((LOG_DEBUG, "%s: protocol and algorithm " |
3506 | "mismated.\n" , __func__)); |
3507 | return(EINVAL); |
3508 | } |
3509 | error = xform_init(sav, XF_TCPSIGNATURE); |
3510 | break; |
3511 | default: |
3512 | ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n" )); |
3513 | error = EPROTONOSUPPORT; |
3514 | break; |
3515 | } |
3516 | if (error == 0) |
3517 | key_sa_chgstate(sav, SADB_SASTATE_MATURE); |
3518 | return (error); |
3519 | } |
3520 | |
3521 | /* |
3522 | * subroutine for SADB_GET and SADB_DUMP. |
3523 | */ |
3524 | static struct mbuf * |
3525 | key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, |
3526 | u_int32_t seq, u_int32_t pid) |
3527 | { |
3528 | struct mbuf *result = NULL, *tres = NULL, *m; |
3529 | int l = 0; |
3530 | int i; |
3531 | void *p; |
3532 | struct sadb_lifetime lt; |
3533 | int dumporder[] = { |
3534 | SADB_EXT_SA, SADB_X_EXT_SA2, |
3535 | SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, |
3536 | SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, |
3537 | SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, |
3538 | SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, |
3539 | SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, |
3540 | SADB_X_EXT_NAT_T_TYPE, |
3541 | SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, |
3542 | SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, |
3543 | SADB_X_EXT_NAT_T_FRAG, |
3544 | |
3545 | }; |
3546 | |
3547 | m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); |
3548 | if (m == NULL) |
3549 | goto fail; |
3550 | result = m; |
3551 | |
3552 | for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { |
3553 | m = NULL; |
3554 | p = NULL; |
3555 | switch (dumporder[i]) { |
3556 | case SADB_EXT_SA: |
3557 | m = key_setsadbsa(sav); |
3558 | break; |
3559 | |
3560 | case SADB_X_EXT_SA2: |
3561 | m = key_setsadbxsa2(sav->sah->saidx.mode, |
3562 | sav->replay ? sav->replay->count : 0, |
3563 | sav->sah->saidx.reqid); |
3564 | break; |
3565 | |
3566 | case SADB_EXT_ADDRESS_SRC: |
3567 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
3568 | &sav->sah->saidx.src.sa, |
3569 | FULLMASK, IPSEC_ULPROTO_ANY); |
3570 | break; |
3571 | |
3572 | case SADB_EXT_ADDRESS_DST: |
3573 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
3574 | &sav->sah->saidx.dst.sa, |
3575 | FULLMASK, IPSEC_ULPROTO_ANY); |
3576 | break; |
3577 | |
3578 | case SADB_EXT_KEY_AUTH: |
3579 | if (!sav->key_auth) |
3580 | continue; |
3581 | l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); |
3582 | p = sav->key_auth; |
3583 | break; |
3584 | |
3585 | case SADB_EXT_KEY_ENCRYPT: |
3586 | if (!sav->key_enc) |
3587 | continue; |
3588 | l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); |
3589 | p = sav->key_enc; |
3590 | break; |
3591 | |
3592 | case SADB_EXT_LIFETIME_CURRENT: |
3593 | if (!sav->lft_c) |
3594 | continue; |
3595 | l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); |
3596 | memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime)); |
3597 | lt.sadb_lifetime_addtime += time_second - time_uptime; |
3598 | lt.sadb_lifetime_usetime += time_second - time_uptime; |
3599 | p = < |
3600 | break; |
3601 | |
3602 | case SADB_EXT_LIFETIME_HARD: |
3603 | if (!sav->lft_h) |
3604 | continue; |
3605 | l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); |
3606 | p = sav->lft_h; |
3607 | break; |
3608 | |
3609 | case SADB_EXT_LIFETIME_SOFT: |
3610 | if (!sav->lft_s) |
3611 | continue; |
3612 | l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); |
3613 | p = sav->lft_s; |
3614 | break; |
3615 | |
3616 | case SADB_X_EXT_NAT_T_TYPE: |
3617 | m = key_setsadbxtype(sav->natt_type); |
3618 | break; |
3619 | |
3620 | case SADB_X_EXT_NAT_T_DPORT: |
3621 | if (sav->natt_type == 0) |
3622 | continue; |
3623 | m = key_setsadbxport( |
3624 | key_portfromsaddr(&sav->sah->saidx.dst), |
3625 | SADB_X_EXT_NAT_T_DPORT); |
3626 | break; |
3627 | |
3628 | case SADB_X_EXT_NAT_T_SPORT: |
3629 | if (sav->natt_type == 0) |
3630 | continue; |
3631 | m = key_setsadbxport( |
3632 | key_portfromsaddr(&sav->sah->saidx.src), |
3633 | SADB_X_EXT_NAT_T_SPORT); |
3634 | break; |
3635 | |
3636 | case SADB_X_EXT_NAT_T_FRAG: |
3637 | /* don't send frag info if not set */ |
3638 | if (sav->natt_type == 0 || sav->esp_frag == IP_MAXPACKET) |
3639 | continue; |
3640 | m = key_setsadbxfrag(sav->esp_frag); |
3641 | break; |
3642 | |
3643 | case SADB_X_EXT_NAT_T_OAI: |
3644 | case SADB_X_EXT_NAT_T_OAR: |
3645 | continue; |
3646 | |
3647 | case SADB_EXT_ADDRESS_PROXY: |
3648 | case SADB_EXT_IDENTITY_SRC: |
3649 | case SADB_EXT_IDENTITY_DST: |
3650 | /* XXX: should we brought from SPD ? */ |
3651 | case SADB_EXT_SENSITIVITY: |
3652 | default: |
3653 | continue; |
3654 | } |
3655 | |
3656 | KASSERT(!(m && p)); |
3657 | if (!m && !p) |
3658 | goto fail; |
3659 | if (p && tres) { |
3660 | M_PREPEND(tres, l, M_DONTWAIT); |
3661 | if (!tres) |
3662 | goto fail; |
3663 | memcpy(mtod(tres, void *), p, l); |
3664 | continue; |
3665 | } |
3666 | if (p) { |
3667 | m = key_alloc_mbuf(l); |
3668 | if (!m) |
3669 | goto fail; |
3670 | m_copyback(m, 0, l, p); |
3671 | } |
3672 | |
3673 | if (tres) |
3674 | m_cat(m, tres); |
3675 | tres = m; |
3676 | } |
3677 | |
3678 | m_cat(result, tres); |
3679 | tres = NULL; /* avoid free on error below */ |
3680 | |
3681 | if (result->m_len < sizeof(struct sadb_msg)) { |
3682 | result = m_pullup(result, sizeof(struct sadb_msg)); |
3683 | if (result == NULL) |
3684 | goto fail; |
3685 | } |
3686 | |
3687 | result->m_pkthdr.len = 0; |
3688 | for (m = result; m; m = m->m_next) |
3689 | result->m_pkthdr.len += m->m_len; |
3690 | |
3691 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
3692 | PFKEY_UNIT64(result->m_pkthdr.len); |
3693 | |
3694 | return result; |
3695 | |
3696 | fail: |
3697 | m_freem(result); |
3698 | m_freem(tres); |
3699 | return NULL; |
3700 | } |
3701 | |
3702 | |
3703 | /* |
3704 | * set a type in sadb_x_nat_t_type |
3705 | */ |
3706 | static struct mbuf * |
3707 | key_setsadbxtype(u_int16_t type) |
3708 | { |
3709 | struct mbuf *m; |
3710 | size_t len; |
3711 | struct sadb_x_nat_t_type *p; |
3712 | |
3713 | len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); |
3714 | |
3715 | m = key_alloc_mbuf(len); |
3716 | if (!m || m->m_next) { /*XXX*/ |
3717 | if (m) |
3718 | m_freem(m); |
3719 | return NULL; |
3720 | } |
3721 | |
3722 | p = mtod(m, struct sadb_x_nat_t_type *); |
3723 | |
3724 | memset(p, 0, len); |
3725 | p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); |
3726 | p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; |
3727 | p->sadb_x_nat_t_type_type = type; |
3728 | |
3729 | return m; |
3730 | } |
3731 | /* |
3732 | * set a port in sadb_x_nat_t_port. port is in network order |
3733 | */ |
3734 | static struct mbuf * |
3735 | key_setsadbxport(u_int16_t port, u_int16_t type) |
3736 | { |
3737 | struct mbuf *m; |
3738 | size_t len; |
3739 | struct sadb_x_nat_t_port *p; |
3740 | |
3741 | len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); |
3742 | |
3743 | m = key_alloc_mbuf(len); |
3744 | if (!m || m->m_next) { /*XXX*/ |
3745 | if (m) |
3746 | m_freem(m); |
3747 | return NULL; |
3748 | } |
3749 | |
3750 | p = mtod(m, struct sadb_x_nat_t_port *); |
3751 | |
3752 | memset(p, 0, len); |
3753 | p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); |
3754 | p->sadb_x_nat_t_port_exttype = type; |
3755 | p->sadb_x_nat_t_port_port = port; |
3756 | |
3757 | return m; |
3758 | } |
3759 | |
3760 | /* |
3761 | * set fragmentation info in sadb_x_nat_t_frag |
3762 | */ |
3763 | static struct mbuf * |
3764 | key_setsadbxfrag(u_int16_t flen) |
3765 | { |
3766 | struct mbuf *m; |
3767 | size_t len; |
3768 | struct sadb_x_nat_t_frag *p; |
3769 | |
3770 | len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag)); |
3771 | |
3772 | m = key_alloc_mbuf(len); |
3773 | if (!m || m->m_next) { /*XXX*/ |
3774 | if (m) |
3775 | m_freem(m); |
3776 | return NULL; |
3777 | } |
3778 | |
3779 | p = mtod(m, struct sadb_x_nat_t_frag *); |
3780 | |
3781 | memset(p, 0, len); |
3782 | p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len); |
3783 | p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG; |
3784 | p->sadb_x_nat_t_frag_fraglen = flen; |
3785 | |
3786 | return m; |
3787 | } |
3788 | |
3789 | /* |
3790 | * Get port from sockaddr, port is in network order |
3791 | */ |
3792 | u_int16_t |
3793 | key_portfromsaddr(const union sockaddr_union *saddr) |
3794 | { |
3795 | u_int16_t port; |
3796 | |
3797 | switch (saddr->sa.sa_family) { |
3798 | case AF_INET: { |
3799 | port = saddr->sin.sin_port; |
3800 | break; |
3801 | } |
3802 | #ifdef INET6 |
3803 | case AF_INET6: { |
3804 | port = saddr->sin6.sin6_port; |
3805 | break; |
3806 | } |
3807 | #endif |
3808 | default: |
3809 | printf("%s: unexpected address family\n" , __func__); |
3810 | port = 0; |
3811 | break; |
3812 | } |
3813 | |
3814 | return port; |
3815 | } |
3816 | |
3817 | |
3818 | /* |
3819 | * Set port is struct sockaddr. port is in network order |
3820 | */ |
3821 | static void |
3822 | key_porttosaddr(union sockaddr_union *saddr, u_int16_t port) |
3823 | { |
3824 | switch (saddr->sa.sa_family) { |
3825 | case AF_INET: { |
3826 | saddr->sin.sin_port = port; |
3827 | break; |
3828 | } |
3829 | #ifdef INET6 |
3830 | case AF_INET6: { |
3831 | saddr->sin6.sin6_port = port; |
3832 | break; |
3833 | } |
3834 | #endif |
3835 | default: |
3836 | printf("%s: unexpected address family %d\n" , __func__, |
3837 | saddr->sa.sa_family); |
3838 | break; |
3839 | } |
3840 | |
3841 | return; |
3842 | } |
3843 | |
3844 | /* |
3845 | * Safety check sa_len |
3846 | */ |
3847 | static int |
3848 | key_checksalen(const union sockaddr_union *saddr) |
3849 | { |
3850 | switch (saddr->sa.sa_family) { |
3851 | case AF_INET: |
3852 | if (saddr->sa.sa_len != sizeof(struct sockaddr_in)) |
3853 | return -1; |
3854 | break; |
3855 | #ifdef INET6 |
3856 | case AF_INET6: |
3857 | if (saddr->sa.sa_len != sizeof(struct sockaddr_in6)) |
3858 | return -1; |
3859 | break; |
3860 | #endif |
3861 | default: |
3862 | printf("%s: unexpected sa_family %d\n" , __func__, |
3863 | saddr->sa.sa_family); |
3864 | return -1; |
3865 | break; |
3866 | } |
3867 | return 0; |
3868 | } |
3869 | |
3870 | |
3871 | /* |
3872 | * set data into sadb_msg. |
3873 | */ |
3874 | static struct mbuf * |
3875 | key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, |
3876 | u_int32_t seq, pid_t pid, u_int16_t reserved) |
3877 | { |
3878 | struct mbuf *m; |
3879 | struct sadb_msg *p; |
3880 | int len; |
3881 | |
3882 | len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
3883 | if (len > MCLBYTES) |
3884 | return NULL; |
3885 | MGETHDR(m, M_DONTWAIT, MT_DATA); |
3886 | if (m && len > MHLEN) { |
3887 | MCLGET(m, M_DONTWAIT); |
3888 | if ((m->m_flags & M_EXT) == 0) { |
3889 | m_freem(m); |
3890 | m = NULL; |
3891 | } |
3892 | } |
3893 | if (!m) |
3894 | return NULL; |
3895 | m->m_pkthdr.len = m->m_len = len; |
3896 | m->m_next = NULL; |
3897 | |
3898 | p = mtod(m, struct sadb_msg *); |
3899 | |
3900 | memset(p, 0, len); |
3901 | p->sadb_msg_version = PF_KEY_V2; |
3902 | p->sadb_msg_type = type; |
3903 | p->sadb_msg_errno = 0; |
3904 | p->sadb_msg_satype = satype; |
3905 | p->sadb_msg_len = PFKEY_UNIT64(tlen); |
3906 | p->sadb_msg_reserved = reserved; |
3907 | p->sadb_msg_seq = seq; |
3908 | p->sadb_msg_pid = (u_int32_t)pid; |
3909 | |
3910 | return m; |
3911 | } |
3912 | |
3913 | /* |
3914 | * copy secasvar data into sadb_address. |
3915 | */ |
3916 | static struct mbuf * |
3917 | key_setsadbsa(struct secasvar *sav) |
3918 | { |
3919 | struct mbuf *m; |
3920 | struct sadb_sa *p; |
3921 | int len; |
3922 | |
3923 | len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); |
3924 | m = key_alloc_mbuf(len); |
3925 | if (!m || m->m_next) { /*XXX*/ |
3926 | if (m) |
3927 | m_freem(m); |
3928 | return NULL; |
3929 | } |
3930 | |
3931 | p = mtod(m, struct sadb_sa *); |
3932 | |
3933 | memset(p, 0, len); |
3934 | p->sadb_sa_len = PFKEY_UNIT64(len); |
3935 | p->sadb_sa_exttype = SADB_EXT_SA; |
3936 | p->sadb_sa_spi = sav->spi; |
3937 | p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); |
3938 | p->sadb_sa_state = sav->state; |
3939 | p->sadb_sa_auth = sav->alg_auth; |
3940 | p->sadb_sa_encrypt = sav->alg_enc; |
3941 | p->sadb_sa_flags = sav->flags; |
3942 | |
3943 | return m; |
3944 | } |
3945 | |
3946 | /* |
3947 | * set data into sadb_address. |
3948 | */ |
3949 | static struct mbuf * |
3950 | key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, |
3951 | u_int8_t prefixlen, u_int16_t ul_proto) |
3952 | { |
3953 | struct mbuf *m; |
3954 | struct sadb_address *p; |
3955 | size_t len; |
3956 | |
3957 | len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + |
3958 | PFKEY_ALIGN8(saddr->sa_len); |
3959 | m = key_alloc_mbuf(len); |
3960 | if (!m || m->m_next) { /*XXX*/ |
3961 | if (m) |
3962 | m_freem(m); |
3963 | return NULL; |
3964 | } |
3965 | |
3966 | p = mtod(m, struct sadb_address *); |
3967 | |
3968 | memset(p, 0, len); |
3969 | p->sadb_address_len = PFKEY_UNIT64(len); |
3970 | p->sadb_address_exttype = exttype; |
3971 | p->sadb_address_proto = ul_proto; |
3972 | if (prefixlen == FULLMASK) { |
3973 | switch (saddr->sa_family) { |
3974 | case AF_INET: |
3975 | prefixlen = sizeof(struct in_addr) << 3; |
3976 | break; |
3977 | case AF_INET6: |
3978 | prefixlen = sizeof(struct in6_addr) << 3; |
3979 | break; |
3980 | default: |
3981 | ; /*XXX*/ |
3982 | } |
3983 | } |
3984 | p->sadb_address_prefixlen = prefixlen; |
3985 | p->sadb_address_reserved = 0; |
3986 | |
3987 | memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)), |
3988 | saddr, saddr->sa_len); |
3989 | |
3990 | return m; |
3991 | } |
3992 | |
3993 | #if 0 |
3994 | /* |
3995 | * set data into sadb_ident. |
3996 | */ |
3997 | static struct mbuf * |
3998 | key_setsadbident(u_int16_t exttype, u_int16_t idtype, |
3999 | void *string, int stringlen, u_int64_t id) |
4000 | { |
4001 | struct mbuf *m; |
4002 | struct sadb_ident *p; |
4003 | size_t len; |
4004 | |
4005 | len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen); |
4006 | m = key_alloc_mbuf(len); |
4007 | if (!m || m->m_next) { /*XXX*/ |
4008 | if (m) |
4009 | m_freem(m); |
4010 | return NULL; |
4011 | } |
4012 | |
4013 | p = mtod(m, struct sadb_ident *); |
4014 | |
4015 | memset(p, 0, len); |
4016 | p->sadb_ident_len = PFKEY_UNIT64(len); |
4017 | p->sadb_ident_exttype = exttype; |
4018 | p->sadb_ident_type = idtype; |
4019 | p->sadb_ident_reserved = 0; |
4020 | p->sadb_ident_id = id; |
4021 | |
4022 | memcpy(mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)), |
4023 | string, stringlen); |
4024 | |
4025 | return m; |
4026 | } |
4027 | #endif |
4028 | |
4029 | /* |
4030 | * set data into sadb_x_sa2. |
4031 | */ |
4032 | static struct mbuf * |
4033 | key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid) |
4034 | { |
4035 | struct mbuf *m; |
4036 | struct sadb_x_sa2 *p; |
4037 | size_t len; |
4038 | |
4039 | len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); |
4040 | m = key_alloc_mbuf(len); |
4041 | if (!m || m->m_next) { /*XXX*/ |
4042 | if (m) |
4043 | m_freem(m); |
4044 | return NULL; |
4045 | } |
4046 | |
4047 | p = mtod(m, struct sadb_x_sa2 *); |
4048 | |
4049 | memset(p, 0, len); |
4050 | p->sadb_x_sa2_len = PFKEY_UNIT64(len); |
4051 | p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; |
4052 | p->sadb_x_sa2_mode = mode; |
4053 | p->sadb_x_sa2_reserved1 = 0; |
4054 | p->sadb_x_sa2_reserved2 = 0; |
4055 | p->sadb_x_sa2_sequence = seq; |
4056 | p->sadb_x_sa2_reqid = reqid; |
4057 | |
4058 | return m; |
4059 | } |
4060 | |
4061 | /* |
4062 | * set data into sadb_x_policy |
4063 | */ |
4064 | static struct mbuf * |
4065 | key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id) |
4066 | { |
4067 | struct mbuf *m; |
4068 | struct sadb_x_policy *p; |
4069 | size_t len; |
4070 | |
4071 | len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); |
4072 | m = key_alloc_mbuf(len); |
4073 | if (!m || m->m_next) { /*XXX*/ |
4074 | if (m) |
4075 | m_freem(m); |
4076 | return NULL; |
4077 | } |
4078 | |
4079 | p = mtod(m, struct sadb_x_policy *); |
4080 | |
4081 | memset(p, 0, len); |
4082 | p->sadb_x_policy_len = PFKEY_UNIT64(len); |
4083 | p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; |
4084 | p->sadb_x_policy_type = type; |
4085 | p->sadb_x_policy_dir = dir; |
4086 | p->sadb_x_policy_id = id; |
4087 | |
4088 | return m; |
4089 | } |
4090 | |
4091 | /* %%% utilities */ |
4092 | /* |
4093 | * copy a buffer into the new buffer allocated. |
4094 | */ |
4095 | static void * |
4096 | key_newbuf(const void *src, u_int len) |
4097 | { |
4098 | void *new; |
4099 | |
4100 | KMALLOC(new, void *, len); |
4101 | if (new == NULL) { |
4102 | ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n" )); |
4103 | return NULL; |
4104 | } |
4105 | memcpy(new, src, len); |
4106 | |
4107 | return new; |
4108 | } |
4109 | |
4110 | /* compare my own address |
4111 | * OUT: 1: true, i.e. my address. |
4112 | * 0: false |
4113 | */ |
4114 | int |
4115 | key_ismyaddr(const struct sockaddr *sa) |
4116 | { |
4117 | #ifdef INET |
4118 | const struct sockaddr_in *sin; |
4119 | const struct in_ifaddr *ia; |
4120 | int s; |
4121 | #endif |
4122 | |
4123 | /* sanity check */ |
4124 | if (sa == NULL) |
4125 | panic("key_ismyaddr: NULL pointer is passed" ); |
4126 | |
4127 | switch (sa->sa_family) { |
4128 | #ifdef INET |
4129 | case AF_INET: |
4130 | sin = (const struct sockaddr_in *)sa; |
4131 | s = pserialize_read_enter(); |
4132 | IN_ADDRLIST_READER_FOREACH(ia) { |
4133 | if (sin->sin_family == ia->ia_addr.sin_family && |
4134 | sin->sin_len == ia->ia_addr.sin_len && |
4135 | sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) |
4136 | { |
4137 | pserialize_read_exit(s); |
4138 | return 1; |
4139 | } |
4140 | } |
4141 | pserialize_read_exit(s); |
4142 | break; |
4143 | #endif |
4144 | #ifdef INET6 |
4145 | case AF_INET6: |
4146 | return key_ismyaddr6((const struct sockaddr_in6 *)sa); |
4147 | #endif |
4148 | } |
4149 | |
4150 | return 0; |
4151 | } |
4152 | |
4153 | #ifdef INET6 |
4154 | /* |
4155 | * compare my own address for IPv6. |
4156 | * 1: ours |
4157 | * 0: other |
4158 | * NOTE: derived ip6_input() in KAME. This is necessary to modify more. |
4159 | */ |
4160 | #include <netinet6/in6_var.h> |
4161 | |
4162 | static int |
4163 | key_ismyaddr6(const struct sockaddr_in6 *sin6) |
4164 | { |
4165 | struct in6_ifaddr *ia; |
4166 | const struct in6_multi *in6m; |
4167 | int s; |
4168 | |
4169 | s = pserialize_read_enter(); |
4170 | IN6_ADDRLIST_READER_FOREACH(ia) { |
4171 | if (key_sockaddrcmp((const struct sockaddr *)&sin6, |
4172 | (const struct sockaddr *)&ia->ia_addr, 0) == 0) { |
4173 | pserialize_read_exit(s); |
4174 | return 1; |
4175 | } |
4176 | |
4177 | /* |
4178 | * XXX Multicast |
4179 | * XXX why do we care about multlicast here while we don't care |
4180 | * about IPv4 multicast?? |
4181 | * XXX scope |
4182 | */ |
4183 | in6m = NULL; |
4184 | #ifdef __FreeBSD__ |
4185 | IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m); |
4186 | #else |
4187 | for ((in6m) = ia->ia6_multiaddrs.lh_first; |
4188 | (in6m) != NULL && |
4189 | !IN6_ARE_ADDR_EQUAL(&(in6m)->in6m_addr, &sin6->sin6_addr); |
4190 | (in6m) = in6m->in6m_entry.le_next) |
4191 | continue; |
4192 | #endif |
4193 | if (in6m) { |
4194 | pserialize_read_exit(s); |
4195 | return 1; |
4196 | } |
4197 | } |
4198 | pserialize_read_exit(s); |
4199 | |
4200 | /* loopback, just for safety */ |
4201 | if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) |
4202 | return 1; |
4203 | |
4204 | return 0; |
4205 | } |
4206 | #endif /*INET6*/ |
4207 | |
4208 | /* |
4209 | * compare two secasindex structure. |
4210 | * flag can specify to compare 2 saidxes. |
4211 | * compare two secasindex structure without both mode and reqid. |
4212 | * don't compare port. |
4213 | * IN: |
4214 | * saidx0: source, it can be in SAD. |
4215 | * saidx1: object. |
4216 | * OUT: |
4217 | * 1 : equal |
4218 | * 0 : not equal |
4219 | */ |
4220 | static int |
4221 | key_cmpsaidx( |
4222 | const struct secasindex *saidx0, |
4223 | const struct secasindex *saidx1, |
4224 | int flag) |
4225 | { |
4226 | int chkport; |
4227 | const struct sockaddr *sa0src, *sa0dst, *sa1src, *sa1dst; |
4228 | |
4229 | /* sanity */ |
4230 | if (saidx0 == NULL && saidx1 == NULL) |
4231 | return 1; |
4232 | |
4233 | if (saidx0 == NULL || saidx1 == NULL) |
4234 | return 0; |
4235 | |
4236 | if (saidx0->proto != saidx1->proto) |
4237 | return 0; |
4238 | |
4239 | if (flag == CMP_EXACTLY) { |
4240 | if (saidx0->mode != saidx1->mode) |
4241 | return 0; |
4242 | if (saidx0->reqid != saidx1->reqid) |
4243 | return 0; |
4244 | if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || |
4245 | memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) |
4246 | return 0; |
4247 | } else { |
4248 | |
4249 | /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ |
4250 | if (flag == CMP_MODE_REQID |
4251 | ||flag == CMP_REQID) { |
4252 | /* |
4253 | * If reqid of SPD is non-zero, unique SA is required. |
4254 | * The result must be of same reqid in this case. |
4255 | */ |
4256 | if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) |
4257 | return 0; |
4258 | } |
4259 | |
4260 | if (flag == CMP_MODE_REQID) { |
4261 | if (saidx0->mode != IPSEC_MODE_ANY |
4262 | && saidx0->mode != saidx1->mode) |
4263 | return 0; |
4264 | } |
4265 | |
4266 | |
4267 | sa0src = &saidx0->src.sa; |
4268 | sa0dst = &saidx0->dst.sa; |
4269 | sa1src = &saidx1->src.sa; |
4270 | sa1dst = &saidx1->dst.sa; |
4271 | /* |
4272 | * If NAT-T is enabled, check ports for tunnel mode. |
4273 | * Don't do it for transport mode, as there is no |
4274 | * port information available in the SP. |
4275 | * Also don't check ports if they are set to zero |
4276 | * in the SPD: This means we have a non-generated |
4277 | * SPD which can't know UDP ports. |
4278 | */ |
4279 | if (saidx1->mode == IPSEC_MODE_TUNNEL) |
4280 | chkport = PORT_LOOSE; |
4281 | else |
4282 | chkport = PORT_NONE; |
4283 | |
4284 | if (key_sockaddrcmp(sa0src, sa1src, chkport) != 0) { |
4285 | return 0; |
4286 | } |
4287 | if (key_sockaddrcmp(sa0dst, sa1dst, chkport) != 0) { |
4288 | return 0; |
4289 | } |
4290 | } |
4291 | |
4292 | return 1; |
4293 | } |
4294 | |
4295 | /* |
4296 | * compare two secindex structure exactly. |
4297 | * IN: |
4298 | * spidx0: source, it is often in SPD. |
4299 | * spidx1: object, it is often from PFKEY message. |
4300 | * OUT: |
4301 | * 1 : equal |
4302 | * 0 : not equal |
4303 | */ |
4304 | int |
4305 | key_cmpspidx_exactly( |
4306 | const struct secpolicyindex *spidx0, |
4307 | const struct secpolicyindex *spidx1) |
4308 | { |
4309 | /* sanity */ |
4310 | if (spidx0 == NULL && spidx1 == NULL) |
4311 | return 1; |
4312 | |
4313 | if (spidx0 == NULL || spidx1 == NULL) |
4314 | return 0; |
4315 | |
4316 | if (spidx0->prefs != spidx1->prefs |
4317 | || spidx0->prefd != spidx1->prefd |
4318 | || spidx0->ul_proto != spidx1->ul_proto) |
4319 | return 0; |
4320 | |
4321 | return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) == 0 && |
4322 | key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT) == 0; |
4323 | } |
4324 | |
4325 | /* |
4326 | * compare two secindex structure with mask. |
4327 | * IN: |
4328 | * spidx0: source, it is often in SPD. |
4329 | * spidx1: object, it is often from IP header. |
4330 | * OUT: |
4331 | * 1 : equal |
4332 | * 0 : not equal |
4333 | */ |
4334 | int |
4335 | key_cmpspidx_withmask( |
4336 | const struct secpolicyindex *spidx0, |
4337 | const struct secpolicyindex *spidx1) |
4338 | { |
4339 | /* sanity */ |
4340 | if (spidx0 == NULL && spidx1 == NULL) |
4341 | return 1; |
4342 | |
4343 | if (spidx0 == NULL || spidx1 == NULL) |
4344 | return 0; |
4345 | |
4346 | if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || |
4347 | spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || |
4348 | spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || |
4349 | spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) |
4350 | return 0; |
4351 | |
4352 | /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ |
4353 | if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY |
4354 | && spidx0->ul_proto != spidx1->ul_proto) |
4355 | return 0; |
4356 | |
4357 | switch (spidx0->src.sa.sa_family) { |
4358 | case AF_INET: |
4359 | if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY |
4360 | && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) |
4361 | return 0; |
4362 | if (!key_bbcmp(&spidx0->src.sin.sin_addr, |
4363 | &spidx1->src.sin.sin_addr, spidx0->prefs)) |
4364 | return 0; |
4365 | break; |
4366 | case AF_INET6: |
4367 | if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY |
4368 | && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) |
4369 | return 0; |
4370 | /* |
4371 | * scope_id check. if sin6_scope_id is 0, we regard it |
4372 | * as a wildcard scope, which matches any scope zone ID. |
4373 | */ |
4374 | if (spidx0->src.sin6.sin6_scope_id && |
4375 | spidx1->src.sin6.sin6_scope_id && |
4376 | spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) |
4377 | return 0; |
4378 | if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, |
4379 | &spidx1->src.sin6.sin6_addr, spidx0->prefs)) |
4380 | return 0; |
4381 | break; |
4382 | default: |
4383 | /* XXX */ |
4384 | if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) |
4385 | return 0; |
4386 | break; |
4387 | } |
4388 | |
4389 | switch (spidx0->dst.sa.sa_family) { |
4390 | case AF_INET: |
4391 | if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY |
4392 | && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) |
4393 | return 0; |
4394 | if (!key_bbcmp(&spidx0->dst.sin.sin_addr, |
4395 | &spidx1->dst.sin.sin_addr, spidx0->prefd)) |
4396 | return 0; |
4397 | break; |
4398 | case AF_INET6: |
4399 | if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY |
4400 | && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) |
4401 | return 0; |
4402 | /* |
4403 | * scope_id check. if sin6_scope_id is 0, we regard it |
4404 | * as a wildcard scope, which matches any scope zone ID. |
4405 | */ |
4406 | if (spidx0->src.sin6.sin6_scope_id && |
4407 | spidx1->src.sin6.sin6_scope_id && |
4408 | spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) |
4409 | return 0; |
4410 | if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, |
4411 | &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) |
4412 | return 0; |
4413 | break; |
4414 | default: |
4415 | /* XXX */ |
4416 | if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) |
4417 | return 0; |
4418 | break; |
4419 | } |
4420 | |
4421 | /* XXX Do we check other field ? e.g. flowinfo */ |
4422 | |
4423 | return 1; |
4424 | } |
4425 | |
4426 | /* returns 0 on match */ |
4427 | static int |
4428 | key_portcomp(in_port_t port1, in_port_t port2, int howport) |
4429 | { |
4430 | switch (howport) { |
4431 | case PORT_NONE: |
4432 | return 0; |
4433 | case PORT_LOOSE: |
4434 | if (port1 == 0 || port2 == 0) |
4435 | return 0; |
4436 | /*FALLTHROUGH*/ |
4437 | case PORT_STRICT: |
4438 | if (port1 != port2) { |
4439 | KEYDEBUG(KEYDEBUG_MATCH, |
4440 | printf("port fail %d != %d\n" , port1, port2)); |
4441 | return 1; |
4442 | } |
4443 | return 0; |
4444 | default: |
4445 | KASSERT(0); |
4446 | return 1; |
4447 | } |
4448 | } |
4449 | |
4450 | /* returns 0 on match */ |
4451 | static int |
4452 | key_sockaddrcmp( |
4453 | const struct sockaddr *sa1, |
4454 | const struct sockaddr *sa2, |
4455 | int howport) |
4456 | { |
4457 | const struct sockaddr_in *sin1, *sin2; |
4458 | const struct sockaddr_in6 *sin61, *sin62; |
4459 | |
4460 | if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) { |
4461 | KEYDEBUG(KEYDEBUG_MATCH, |
4462 | printf("fam/len fail %d != %d || %d != %d\n" , |
4463 | sa1->sa_family, sa2->sa_family, sa1->sa_len, |
4464 | sa2->sa_len)); |
4465 | return 1; |
4466 | } |
4467 | |
4468 | switch (sa1->sa_family) { |
4469 | case AF_INET: |
4470 | if (sa1->sa_len != sizeof(struct sockaddr_in)) { |
4471 | KEYDEBUG(KEYDEBUG_MATCH, |
4472 | printf("len fail %d != %zu\n" , |
4473 | sa1->sa_len, sizeof(struct sockaddr_in))); |
4474 | return 1; |
4475 | } |
4476 | sin1 = (const struct sockaddr_in *)sa1; |
4477 | sin2 = (const struct sockaddr_in *)sa2; |
4478 | if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) { |
4479 | KEYDEBUG(KEYDEBUG_MATCH, |
4480 | printf("addr fail %#x != %#x\n" , |
4481 | sin1->sin_addr.s_addr, |
4482 | sin2->sin_addr.s_addr)); |
4483 | return 1; |
4484 | } |
4485 | if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) { |
4486 | return 1; |
4487 | } |
4488 | KEYDEBUG(KEYDEBUG_MATCH, |
4489 | printf("addr success %#x[%d] == %#x[%d]\n" , |
4490 | sin1->sin_addr.s_addr, |
4491 | sin1->sin_port, |
4492 | sin2->sin_addr.s_addr, |
4493 | sin2->sin_port)); |
4494 | break; |
4495 | case AF_INET6: |
4496 | sin61 = (const struct sockaddr_in6 *)sa1; |
4497 | sin62 = (const struct sockaddr_in6 *)sa2; |
4498 | if (sa1->sa_len != sizeof(struct sockaddr_in6)) |
4499 | return 1; /*EINVAL*/ |
4500 | |
4501 | if (sin61->sin6_scope_id != sin62->sin6_scope_id) { |
4502 | return 1; |
4503 | } |
4504 | if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) { |
4505 | return 1; |
4506 | } |
4507 | if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) { |
4508 | return 1; |
4509 | } |
4510 | break; |
4511 | default: |
4512 | if (memcmp(sa1, sa2, sa1->sa_len) != 0) |
4513 | return 1; |
4514 | break; |
4515 | } |
4516 | |
4517 | return 0; |
4518 | } |
4519 | |
4520 | /* |
4521 | * compare two buffers with mask. |
4522 | * IN: |
4523 | * addr1: source |
4524 | * addr2: object |
4525 | * bits: Number of bits to compare |
4526 | * OUT: |
4527 | * 1 : equal |
4528 | * 0 : not equal |
4529 | */ |
4530 | static int |
4531 | key_bbcmp(const void *a1, const void *a2, u_int bits) |
4532 | { |
4533 | const unsigned char *p1 = a1; |
4534 | const unsigned char *p2 = a2; |
4535 | |
4536 | /* XXX: This could be considerably faster if we compare a word |
4537 | * at a time, but it is complicated on LSB Endian machines */ |
4538 | |
4539 | /* Handle null pointers */ |
4540 | if (p1 == NULL || p2 == NULL) |
4541 | return (p1 == p2); |
4542 | |
4543 | while (bits >= 8) { |
4544 | if (*p1++ != *p2++) |
4545 | return 0; |
4546 | bits -= 8; |
4547 | } |
4548 | |
4549 | if (bits > 0) { |
4550 | u_int8_t mask = ~((1<<(8-bits))-1); |
4551 | if ((*p1 & mask) != (*p2 & mask)) |
4552 | return 0; |
4553 | } |
4554 | return 1; /* Match! */ |
4555 | } |
4556 | |
4557 | /* |
4558 | * time handler. |
4559 | * scanning SPD and SAD to check status for each entries, |
4560 | * and do to remove or to expire. |
4561 | */ |
4562 | void |
4563 | key_timehandler(void* arg) |
4564 | { |
4565 | u_int dir; |
4566 | int s; |
4567 | time_t now = time_uptime; |
4568 | |
4569 | s = splsoftnet(); /*called from softclock()*/ |
4570 | mutex_enter(softnet_lock); |
4571 | |
4572 | /* SPD */ |
4573 | { |
4574 | struct secpolicy *sp, *nextsp; |
4575 | |
4576 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
4577 | for (sp = LIST_FIRST(&sptree[dir]); |
4578 | sp != NULL; |
4579 | sp = nextsp) { |
4580 | |
4581 | nextsp = LIST_NEXT(sp, chain); |
4582 | |
4583 | if (sp->state == IPSEC_SPSTATE_DEAD) { |
4584 | key_sp_unlink(sp); /*XXX*/ |
4585 | |
4586 | /* 'sp' dead; continue transfers to |
4587 | * 'sp = nextsp' |
4588 | */ |
4589 | continue; |
4590 | } |
4591 | |
4592 | if (sp->lifetime == 0 && sp->validtime == 0) |
4593 | continue; |
4594 | |
4595 | /* the deletion will occur next time */ |
4596 | if ((sp->lifetime && now - sp->created > sp->lifetime) |
4597 | || (sp->validtime && now - sp->lastused > sp->validtime)) { |
4598 | key_sp_dead(sp); |
4599 | key_spdexpire(sp); |
4600 | continue; |
4601 | } |
4602 | } |
4603 | } |
4604 | } |
4605 | |
4606 | /* SAD */ |
4607 | { |
4608 | struct secashead *sah, *nextsah; |
4609 | struct secasvar *sav, *nextsav; |
4610 | |
4611 | for (sah = LIST_FIRST(&sahtree); |
4612 | sah != NULL; |
4613 | sah = nextsah) { |
4614 | |
4615 | nextsah = LIST_NEXT(sah, chain); |
4616 | |
4617 | /* if sah has been dead, then delete it and process next sah. */ |
4618 | if (sah->state == SADB_SASTATE_DEAD) { |
4619 | key_delsah(sah); |
4620 | continue; |
4621 | } |
4622 | |
4623 | /* if LARVAL entry doesn't become MATURE, delete it. */ |
4624 | for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]); |
4625 | sav != NULL; |
4626 | sav = nextsav) { |
4627 | |
4628 | nextsav = LIST_NEXT(sav, chain); |
4629 | |
4630 | if (now - sav->created > key_larval_lifetime) { |
4631 | KEY_FREESAV(&sav); |
4632 | } |
4633 | } |
4634 | |
4635 | /* |
4636 | * check MATURE entry to start to send expire message |
4637 | * whether or not. |
4638 | */ |
4639 | for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); |
4640 | sav != NULL; |
4641 | sav = nextsav) { |
4642 | |
4643 | nextsav = LIST_NEXT(sav, chain); |
4644 | |
4645 | /* we don't need to check. */ |
4646 | if (sav->lft_s == NULL) |
4647 | continue; |
4648 | |
4649 | /* sanity check */ |
4650 | if (sav->lft_c == NULL) { |
4651 | ipseclog((LOG_DEBUG,"key_timehandler: " |
4652 | "There is no CURRENT time, why?\n" )); |
4653 | continue; |
4654 | } |
4655 | |
4656 | /* check SOFT lifetime */ |
4657 | if (sav->lft_s->sadb_lifetime_addtime != 0 |
4658 | && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { |
4659 | /* |
4660 | * check SA to be used whether or not. |
4661 | * when SA hasn't been used, delete it. |
4662 | */ |
4663 | if (sav->lft_c->sadb_lifetime_usetime == 0) { |
4664 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
4665 | KEY_FREESAV(&sav); |
4666 | } else { |
4667 | key_sa_chgstate(sav, SADB_SASTATE_DYING); |
4668 | /* |
4669 | * XXX If we keep to send expire |
4670 | * message in the status of |
4671 | * DYING. Do remove below code. |
4672 | */ |
4673 | key_expire(sav); |
4674 | } |
4675 | } |
4676 | /* check SOFT lifetime by bytes */ |
4677 | /* |
4678 | * XXX I don't know the way to delete this SA |
4679 | * when new SA is installed. Caution when it's |
4680 | * installed too big lifetime by time. |
4681 | */ |
4682 | else if (sav->lft_s->sadb_lifetime_bytes != 0 |
4683 | && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { |
4684 | |
4685 | key_sa_chgstate(sav, SADB_SASTATE_DYING); |
4686 | /* |
4687 | * XXX If we keep to send expire |
4688 | * message in the status of |
4689 | * DYING. Do remove below code. |
4690 | */ |
4691 | key_expire(sav); |
4692 | } |
4693 | } |
4694 | |
4695 | /* check DYING entry to change status to DEAD. */ |
4696 | for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]); |
4697 | sav != NULL; |
4698 | sav = nextsav) { |
4699 | |
4700 | nextsav = LIST_NEXT(sav, chain); |
4701 | |
4702 | /* we don't need to check. */ |
4703 | if (sav->lft_h == NULL) |
4704 | continue; |
4705 | |
4706 | /* sanity check */ |
4707 | if (sav->lft_c == NULL) { |
4708 | ipseclog((LOG_DEBUG, "key_timehandler: " |
4709 | "There is no CURRENT time, why?\n" )); |
4710 | continue; |
4711 | } |
4712 | |
4713 | if (sav->lft_h->sadb_lifetime_addtime != 0 |
4714 | && now - sav->created > sav->lft_h->sadb_lifetime_addtime) { |
4715 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
4716 | KEY_FREESAV(&sav); |
4717 | } |
4718 | #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ |
4719 | else if (sav->lft_s != NULL |
4720 | && sav->lft_s->sadb_lifetime_addtime != 0 |
4721 | && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { |
4722 | /* |
4723 | * XXX: should be checked to be |
4724 | * installed the valid SA. |
4725 | */ |
4726 | |
4727 | /* |
4728 | * If there is no SA then sending |
4729 | * expire message. |
4730 | */ |
4731 | key_expire(sav); |
4732 | } |
4733 | #endif |
4734 | /* check HARD lifetime by bytes */ |
4735 | else if (sav->lft_h->sadb_lifetime_bytes != 0 |
4736 | && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { |
4737 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
4738 | KEY_FREESAV(&sav); |
4739 | } |
4740 | } |
4741 | |
4742 | /* delete entry in DEAD */ |
4743 | for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]); |
4744 | sav != NULL; |
4745 | sav = nextsav) { |
4746 | |
4747 | nextsav = LIST_NEXT(sav, chain); |
4748 | |
4749 | /* sanity check */ |
4750 | if (sav->state != SADB_SASTATE_DEAD) { |
4751 | ipseclog((LOG_DEBUG, "key_timehandler: " |
4752 | "invalid sav->state " |
4753 | "(queue: %d SA: %d): " |
4754 | "kill it anyway\n" , |
4755 | SADB_SASTATE_DEAD, sav->state)); |
4756 | } |
4757 | |
4758 | /* |
4759 | * do not call key_freesav() here. |
4760 | * sav should already be freed, and sav->refcnt |
4761 | * shows other references to sav |
4762 | * (such as from SPD). |
4763 | */ |
4764 | } |
4765 | } |
4766 | } |
4767 | |
4768 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
4769 | /* ACQ tree */ |
4770 | { |
4771 | struct secacq *acq, *nextacq; |
4772 | |
4773 | for (acq = LIST_FIRST(&acqtree); |
4774 | acq != NULL; |
4775 | acq = nextacq) { |
4776 | |
4777 | nextacq = LIST_NEXT(acq, chain); |
4778 | |
4779 | if (now - acq->created > key_blockacq_lifetime |
4780 | && __LIST_CHAINED(acq)) { |
4781 | LIST_REMOVE(acq, chain); |
4782 | KFREE(acq); |
4783 | } |
4784 | } |
4785 | } |
4786 | #endif |
4787 | |
4788 | /* SP ACQ tree */ |
4789 | { |
4790 | struct secspacq *acq, *nextacq; |
4791 | |
4792 | for (acq = LIST_FIRST(&spacqtree); |
4793 | acq != NULL; |
4794 | acq = nextacq) { |
4795 | |
4796 | nextacq = LIST_NEXT(acq, chain); |
4797 | |
4798 | if (now - acq->created > key_blockacq_lifetime |
4799 | && __LIST_CHAINED(acq)) { |
4800 | LIST_REMOVE(acq, chain); |
4801 | KFREE(acq); |
4802 | } |
4803 | } |
4804 | } |
4805 | |
4806 | #ifndef IPSEC_DEBUG2 |
4807 | /* do exchange to tick time !! */ |
4808 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); |
4809 | #endif /* IPSEC_DEBUG2 */ |
4810 | |
4811 | mutex_exit(softnet_lock); |
4812 | splx(s); |
4813 | return; |
4814 | } |
4815 | |
4816 | u_long |
4817 | key_random(void) |
4818 | { |
4819 | u_long value; |
4820 | |
4821 | key_randomfill(&value, sizeof(value)); |
4822 | return value; |
4823 | } |
4824 | |
4825 | void |
4826 | key_randomfill(void *p, size_t l) |
4827 | { |
4828 | |
4829 | cprng_fast(p, l); |
4830 | } |
4831 | |
4832 | /* |
4833 | * map SADB_SATYPE_* to IPPROTO_*. |
4834 | * if satype == SADB_SATYPE then satype is mapped to ~0. |
4835 | * OUT: |
4836 | * 0: invalid satype. |
4837 | */ |
4838 | static u_int16_t |
4839 | key_satype2proto(u_int8_t satype) |
4840 | { |
4841 | switch (satype) { |
4842 | case SADB_SATYPE_UNSPEC: |
4843 | return IPSEC_PROTO_ANY; |
4844 | case SADB_SATYPE_AH: |
4845 | return IPPROTO_AH; |
4846 | case SADB_SATYPE_ESP: |
4847 | return IPPROTO_ESP; |
4848 | case SADB_X_SATYPE_IPCOMP: |
4849 | return IPPROTO_IPCOMP; |
4850 | case SADB_X_SATYPE_TCPSIGNATURE: |
4851 | return IPPROTO_TCP; |
4852 | default: |
4853 | return 0; |
4854 | } |
4855 | /* NOTREACHED */ |
4856 | } |
4857 | |
4858 | /* |
4859 | * map IPPROTO_* to SADB_SATYPE_* |
4860 | * OUT: |
4861 | * 0: invalid protocol type. |
4862 | */ |
4863 | static u_int8_t |
4864 | key_proto2satype(u_int16_t proto) |
4865 | { |
4866 | switch (proto) { |
4867 | case IPPROTO_AH: |
4868 | return SADB_SATYPE_AH; |
4869 | case IPPROTO_ESP: |
4870 | return SADB_SATYPE_ESP; |
4871 | case IPPROTO_IPCOMP: |
4872 | return SADB_X_SATYPE_IPCOMP; |
4873 | case IPPROTO_TCP: |
4874 | return SADB_X_SATYPE_TCPSIGNATURE; |
4875 | default: |
4876 | return 0; |
4877 | } |
4878 | /* NOTREACHED */ |
4879 | } |
4880 | |
4881 | static int |
4882 | key_setsecasidx(int proto, int mode, int reqid, |
4883 | const struct sadb_address * src, |
4884 | const struct sadb_address * dst, |
4885 | struct secasindex * saidx) |
4886 | { |
4887 | const union sockaddr_union * src_u = |
4888 | (const union sockaddr_union *) src; |
4889 | const union sockaddr_union * dst_u = |
4890 | (const union sockaddr_union *) dst; |
4891 | |
4892 | /* sa len safety check */ |
4893 | if (key_checksalen(src_u) != 0) |
4894 | return -1; |
4895 | if (key_checksalen(dst_u) != 0) |
4896 | return -1; |
4897 | |
4898 | memset(saidx, 0, sizeof(*saidx)); |
4899 | saidx->proto = proto; |
4900 | saidx->mode = mode; |
4901 | saidx->reqid = reqid; |
4902 | memcpy(&saidx->src, src_u, src_u->sa.sa_len); |
4903 | memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len); |
4904 | |
4905 | key_porttosaddr(&((saidx)->src),0); |
4906 | key_porttosaddr(&((saidx)->dst),0); |
4907 | return 0; |
4908 | } |
4909 | |
4910 | /* %%% PF_KEY */ |
4911 | /* |
4912 | * SADB_GETSPI processing is to receive |
4913 | * <base, (SA2), src address, dst address, (SPI range)> |
4914 | * from the IKMPd, to assign a unique spi value, to hang on the INBOUND |
4915 | * tree with the status of LARVAL, and send |
4916 | * <base, SA(*), address(SD)> |
4917 | * to the IKMPd. |
4918 | * |
4919 | * IN: mhp: pointer to the pointer to each header. |
4920 | * OUT: NULL if fail. |
4921 | * other if success, return pointer to the message to send. |
4922 | */ |
4923 | static int |
4924 | key_getspi(struct socket *so, struct mbuf *m, |
4925 | const struct sadb_msghdr *mhp) |
4926 | { |
4927 | struct sadb_address *src0, *dst0; |
4928 | struct secasindex saidx; |
4929 | struct secashead *newsah; |
4930 | struct secasvar *newsav; |
4931 | u_int8_t proto; |
4932 | u_int32_t spi; |
4933 | u_int8_t mode; |
4934 | u_int16_t reqid; |
4935 | int error; |
4936 | |
4937 | /* sanity check */ |
4938 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
4939 | panic("key_getspi: NULL pointer is passed" ); |
4940 | |
4941 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
4942 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { |
4943 | ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n" )); |
4944 | return key_senderror(so, m, EINVAL); |
4945 | } |
4946 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
4947 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { |
4948 | ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n" )); |
4949 | return key_senderror(so, m, EINVAL); |
4950 | } |
4951 | if (mhp->ext[SADB_X_EXT_SA2] != NULL) { |
4952 | mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; |
4953 | reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; |
4954 | } else { |
4955 | mode = IPSEC_MODE_ANY; |
4956 | reqid = 0; |
4957 | } |
4958 | |
4959 | src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); |
4960 | dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); |
4961 | |
4962 | /* map satype to proto */ |
4963 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
4964 | ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n" )); |
4965 | return key_senderror(so, m, EINVAL); |
4966 | } |
4967 | |
4968 | |
4969 | if ((error = key_setsecasidx(proto, mode, reqid, src0 + 1, |
4970 | dst0 + 1, &saidx)) != 0) |
4971 | return key_senderror(so, m, EINVAL); |
4972 | |
4973 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
4974 | return key_senderror(so, m, EINVAL); |
4975 | |
4976 | /* SPI allocation */ |
4977 | spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], |
4978 | &saidx); |
4979 | if (spi == 0) |
4980 | return key_senderror(so, m, EINVAL); |
4981 | |
4982 | /* get a SA index */ |
4983 | if ((newsah = key_getsah(&saidx)) == NULL) { |
4984 | /* create a new SA index */ |
4985 | if ((newsah = key_newsah(&saidx)) == NULL) { |
4986 | ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n" )); |
4987 | return key_senderror(so, m, ENOBUFS); |
4988 | } |
4989 | } |
4990 | |
4991 | /* get a new SA */ |
4992 | /* XXX rewrite */ |
4993 | newsav = KEY_NEWSAV(m, mhp, newsah, &error); |
4994 | if (newsav == NULL) { |
4995 | /* XXX don't free new SA index allocated in above. */ |
4996 | return key_senderror(so, m, error); |
4997 | } |
4998 | |
4999 | /* set spi */ |
5000 | newsav->spi = htonl(spi); |
5001 | |
5002 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
5003 | /* delete the entry in acqtree */ |
5004 | if (mhp->msg->sadb_msg_seq != 0) { |
5005 | struct secacq *acq; |
5006 | if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) { |
5007 | /* reset counter in order to deletion by timehandler. */ |
5008 | acq->created = time_uptime; |
5009 | acq->count = 0; |
5010 | } |
5011 | } |
5012 | #endif |
5013 | |
5014 | { |
5015 | struct mbuf *n, *nn; |
5016 | struct sadb_sa *m_sa; |
5017 | struct sadb_msg *newmsg; |
5018 | int off, len; |
5019 | |
5020 | /* create new sadb_msg to reply. */ |
5021 | len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + |
5022 | PFKEY_ALIGN8(sizeof(struct sadb_sa)); |
5023 | if (len > MCLBYTES) |
5024 | return key_senderror(so, m, ENOBUFS); |
5025 | |
5026 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
5027 | if (len > MHLEN) { |
5028 | MCLGET(n, M_DONTWAIT); |
5029 | if ((n->m_flags & M_EXT) == 0) { |
5030 | m_freem(n); |
5031 | n = NULL; |
5032 | } |
5033 | } |
5034 | if (!n) |
5035 | return key_senderror(so, m, ENOBUFS); |
5036 | |
5037 | n->m_len = len; |
5038 | n->m_next = NULL; |
5039 | off = 0; |
5040 | |
5041 | m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); |
5042 | off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
5043 | |
5044 | m_sa = (struct sadb_sa *)(mtod(n, char *) + off); |
5045 | m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); |
5046 | m_sa->sadb_sa_exttype = SADB_EXT_SA; |
5047 | m_sa->sadb_sa_spi = htonl(spi); |
5048 | off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); |
5049 | |
5050 | #ifdef DIAGNOSTIC |
5051 | if (off != len) |
5052 | panic("length inconsistency in key_getspi" ); |
5053 | #endif |
5054 | |
5055 | n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, |
5056 | SADB_EXT_ADDRESS_DST); |
5057 | if (!n->m_next) { |
5058 | m_freem(n); |
5059 | return key_senderror(so, m, ENOBUFS); |
5060 | } |
5061 | |
5062 | if (n->m_len < sizeof(struct sadb_msg)) { |
5063 | n = m_pullup(n, sizeof(struct sadb_msg)); |
5064 | if (n == NULL) |
5065 | return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); |
5066 | } |
5067 | |
5068 | n->m_pkthdr.len = 0; |
5069 | for (nn = n; nn; nn = nn->m_next) |
5070 | n->m_pkthdr.len += nn->m_len; |
5071 | |
5072 | newmsg = mtod(n, struct sadb_msg *); |
5073 | newmsg->sadb_msg_seq = newsav->seq; |
5074 | newmsg->sadb_msg_errno = 0; |
5075 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
5076 | |
5077 | m_freem(m); |
5078 | return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); |
5079 | } |
5080 | } |
5081 | |
5082 | /* |
5083 | * allocating new SPI |
5084 | * called by key_getspi(). |
5085 | * OUT: |
5086 | * 0: failure. |
5087 | * others: success. |
5088 | */ |
5089 | static u_int32_t |
5090 | key_do_getnewspi(const struct sadb_spirange *spirange, |
5091 | const struct secasindex *saidx) |
5092 | { |
5093 | u_int32_t newspi; |
5094 | u_int32_t spmin, spmax; |
5095 | int count = key_spi_trycnt; |
5096 | |
5097 | /* set spi range to allocate */ |
5098 | if (spirange != NULL) { |
5099 | spmin = spirange->sadb_spirange_min; |
5100 | spmax = spirange->sadb_spirange_max; |
5101 | } else { |
5102 | spmin = key_spi_minval; |
5103 | spmax = key_spi_maxval; |
5104 | } |
5105 | /* IPCOMP needs 2-byte SPI */ |
5106 | if (saidx->proto == IPPROTO_IPCOMP) { |
5107 | u_int32_t t; |
5108 | if (spmin >= 0x10000) |
5109 | spmin = 0xffff; |
5110 | if (spmax >= 0x10000) |
5111 | spmax = 0xffff; |
5112 | if (spmin > spmax) { |
5113 | t = spmin; spmin = spmax; spmax = t; |
5114 | } |
5115 | } |
5116 | |
5117 | if (spmin == spmax) { |
5118 | if (key_checkspidup(saidx, htonl(spmin)) != NULL) { |
5119 | ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n" , spmin)); |
5120 | return 0; |
5121 | } |
5122 | |
5123 | count--; /* taking one cost. */ |
5124 | newspi = spmin; |
5125 | |
5126 | } else { |
5127 | |
5128 | /* init SPI */ |
5129 | newspi = 0; |
5130 | |
5131 | /* when requesting to allocate spi ranged */ |
5132 | while (count--) { |
5133 | /* generate pseudo-random SPI value ranged. */ |
5134 | newspi = spmin + (key_random() % (spmax - spmin + 1)); |
5135 | |
5136 | if (key_checkspidup(saidx, htonl(newspi)) == NULL) |
5137 | break; |
5138 | } |
5139 | |
5140 | if (count == 0 || newspi == 0) { |
5141 | ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n" )); |
5142 | return 0; |
5143 | } |
5144 | } |
5145 | |
5146 | /* statistics */ |
5147 | keystat.getspi_count = |
5148 | (keystat.getspi_count + key_spi_trycnt - count) / 2; |
5149 | |
5150 | return newspi; |
5151 | } |
5152 | |
5153 | static int |
5154 | key_handle_natt_info(struct secasvar *sav, |
5155 | const struct sadb_msghdr *mhp) |
5156 | { |
5157 | const char *msg = "?" ; |
5158 | struct sadb_x_nat_t_type *type; |
5159 | struct sadb_x_nat_t_port *sport, *dport; |
5160 | struct sadb_address *iaddr, *raddr; |
5161 | struct sadb_x_nat_t_frag *frag; |
5162 | |
5163 | if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL || |
5164 | mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL || |
5165 | mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) |
5166 | return 0; |
5167 | |
5168 | if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) { |
5169 | msg = "TYPE" ; |
5170 | goto bad; |
5171 | } |
5172 | |
5173 | if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) { |
5174 | msg = "SPORT" ; |
5175 | goto bad; |
5176 | } |
5177 | |
5178 | if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { |
5179 | msg = "DPORT" ; |
5180 | goto bad; |
5181 | } |
5182 | |
5183 | if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) { |
5184 | ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n" , __func__)); |
5185 | if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) { |
5186 | msg = "OAI" ; |
5187 | goto bad; |
5188 | } |
5189 | } |
5190 | |
5191 | if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { |
5192 | ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n" , __func__)); |
5193 | if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) { |
5194 | msg = "OAR" ; |
5195 | goto bad; |
5196 | } |
5197 | } |
5198 | |
5199 | if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) { |
5200 | if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) { |
5201 | msg = "FRAG" ; |
5202 | goto bad; |
5203 | } |
5204 | } |
5205 | |
5206 | type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; |
5207 | sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; |
5208 | dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; |
5209 | iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; |
5210 | raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; |
5211 | frag = (struct sadb_x_nat_t_frag *)mhp->ext[SADB_X_EXT_NAT_T_FRAG]; |
5212 | |
5213 | ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n" , |
5214 | __func__, type->sadb_x_nat_t_type_type, |
5215 | ntohs(sport->sadb_x_nat_t_port_port), |
5216 | ntohs(dport->sadb_x_nat_t_port_port))); |
5217 | |
5218 | sav->natt_type = type->sadb_x_nat_t_type_type; |
5219 | key_porttosaddr(&sav->sah->saidx.src, |
5220 | sport->sadb_x_nat_t_port_port); |
5221 | key_porttosaddr(&sav->sah->saidx.dst, |
5222 | dport->sadb_x_nat_t_port_port); |
5223 | if (frag) |
5224 | sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen; |
5225 | else |
5226 | sav->esp_frag = IP_MAXPACKET; |
5227 | |
5228 | return 0; |
5229 | bad: |
5230 | ipseclog((LOG_DEBUG, "%s: invalid message %s\n" , __func__, msg)); |
5231 | __USE(msg); |
5232 | return -1; |
5233 | } |
5234 | |
5235 | /* Just update the IPSEC_NAT_T ports if present */ |
5236 | static int |
5237 | key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst, |
5238 | const struct sadb_msghdr *mhp) |
5239 | { |
5240 | if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) |
5241 | ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n" , __func__)); |
5242 | if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) |
5243 | ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n" , __func__)); |
5244 | |
5245 | if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) && |
5246 | (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) && |
5247 | (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) { |
5248 | struct sadb_x_nat_t_type *type; |
5249 | struct sadb_x_nat_t_port *sport; |
5250 | struct sadb_x_nat_t_port *dport; |
5251 | |
5252 | if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) || |
5253 | (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) || |
5254 | (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) { |
5255 | ipseclog((LOG_DEBUG, "%s: invalid message\n" , |
5256 | __func__)); |
5257 | return -1; |
5258 | } |
5259 | |
5260 | type = (struct sadb_x_nat_t_type *) |
5261 | mhp->ext[SADB_X_EXT_NAT_T_TYPE]; |
5262 | sport = (struct sadb_x_nat_t_port *) |
5263 | mhp->ext[SADB_X_EXT_NAT_T_SPORT]; |
5264 | dport = (struct sadb_x_nat_t_port *) |
5265 | mhp->ext[SADB_X_EXT_NAT_T_DPORT]; |
5266 | |
5267 | key_porttosaddr(src, sport->sadb_x_nat_t_port_port); |
5268 | key_porttosaddr(dst, dport->sadb_x_nat_t_port_port); |
5269 | |
5270 | ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n" , |
5271 | __func__, type->sadb_x_nat_t_type_type, |
5272 | ntohs(sport->sadb_x_nat_t_port_port), |
5273 | ntohs(dport->sadb_x_nat_t_port_port))); |
5274 | } |
5275 | |
5276 | return 0; |
5277 | } |
5278 | |
5279 | |
5280 | /* |
5281 | * SADB_UPDATE processing |
5282 | * receive |
5283 | * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) |
5284 | * key(AE), (identity(SD),) (sensitivity)> |
5285 | * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. |
5286 | * and send |
5287 | * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) |
5288 | * (identity(SD),) (sensitivity)> |
5289 | * to the ikmpd. |
5290 | * |
5291 | * m will always be freed. |
5292 | */ |
5293 | static int |
5294 | key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) |
5295 | { |
5296 | struct sadb_sa *sa0; |
5297 | struct sadb_address *src0, *dst0; |
5298 | struct secasindex saidx; |
5299 | struct secashead *sah; |
5300 | struct secasvar *sav; |
5301 | u_int16_t proto; |
5302 | u_int8_t mode; |
5303 | u_int16_t reqid; |
5304 | int error; |
5305 | |
5306 | /* sanity check */ |
5307 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
5308 | panic("key_update: NULL pointer is passed" ); |
5309 | |
5310 | /* map satype to proto */ |
5311 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
5312 | ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n" )); |
5313 | return key_senderror(so, m, EINVAL); |
5314 | } |
5315 | |
5316 | if (mhp->ext[SADB_EXT_SA] == NULL || |
5317 | mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
5318 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
5319 | (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && |
5320 | mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || |
5321 | (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && |
5322 | mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || |
5323 | (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && |
5324 | mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || |
5325 | (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && |
5326 | mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { |
5327 | ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n" )); |
5328 | return key_senderror(so, m, EINVAL); |
5329 | } |
5330 | if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || |
5331 | mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
5332 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { |
5333 | ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n" )); |
5334 | return key_senderror(so, m, EINVAL); |
5335 | } |
5336 | if (mhp->ext[SADB_X_EXT_SA2] != NULL) { |
5337 | mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; |
5338 | reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; |
5339 | } else { |
5340 | mode = IPSEC_MODE_ANY; |
5341 | reqid = 0; |
5342 | } |
5343 | /* XXX boundary checking for other extensions */ |
5344 | |
5345 | sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
5346 | src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); |
5347 | dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); |
5348 | |
5349 | if ((error = key_setsecasidx(proto, mode, reqid, src0 + 1, |
5350 | dst0 + 1, &saidx)) != 0) |
5351 | return key_senderror(so, m, EINVAL); |
5352 | |
5353 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
5354 | return key_senderror(so, m, EINVAL); |
5355 | |
5356 | /* get a SA header */ |
5357 | if ((sah = key_getsah(&saidx)) == NULL) { |
5358 | ipseclog((LOG_DEBUG, "key_update: no SA index found.\n" )); |
5359 | return key_senderror(so, m, ENOENT); |
5360 | } |
5361 | |
5362 | /* set spidx if there */ |
5363 | /* XXX rewrite */ |
5364 | error = key_setident(sah, m, mhp); |
5365 | if (error) |
5366 | return key_senderror(so, m, error); |
5367 | |
5368 | /* find a SA with sequence number. */ |
5369 | #ifdef IPSEC_DOSEQCHECK |
5370 | if (mhp->msg->sadb_msg_seq != 0 |
5371 | && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { |
5372 | ipseclog((LOG_DEBUG, |
5373 | "key_update: no larval SA with sequence %u exists.\n" , |
5374 | mhp->msg->sadb_msg_seq)); |
5375 | return key_senderror(so, m, ENOENT); |
5376 | } |
5377 | #else |
5378 | if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) { |
5379 | ipseclog((LOG_DEBUG, |
5380 | "key_update: no such a SA found (spi:%u)\n" , |
5381 | (u_int32_t)ntohl(sa0->sadb_sa_spi))); |
5382 | return key_senderror(so, m, EINVAL); |
5383 | } |
5384 | #endif |
5385 | |
5386 | /* validity check */ |
5387 | if (sav->sah->saidx.proto != proto) { |
5388 | ipseclog((LOG_DEBUG, |
5389 | "key_update: protocol mismatched (DB=%u param=%u)\n" , |
5390 | sav->sah->saidx.proto, proto)); |
5391 | return key_senderror(so, m, EINVAL); |
5392 | } |
5393 | #ifdef IPSEC_DOSEQCHECK |
5394 | if (sav->spi != sa0->sadb_sa_spi) { |
5395 | ipseclog((LOG_DEBUG, |
5396 | "key_update: SPI mismatched (DB:%u param:%u)\n" , |
5397 | (u_int32_t)ntohl(sav->spi), |
5398 | (u_int32_t)ntohl(sa0->sadb_sa_spi))); |
5399 | return key_senderror(so, m, EINVAL); |
5400 | } |
5401 | #endif |
5402 | if (sav->pid != mhp->msg->sadb_msg_pid) { |
5403 | ipseclog((LOG_DEBUG, |
5404 | "key_update: pid mismatched (DB:%u param:%u)\n" , |
5405 | sav->pid, mhp->msg->sadb_msg_pid)); |
5406 | return key_senderror(so, m, EINVAL); |
5407 | } |
5408 | |
5409 | /* copy sav values */ |
5410 | error = key_setsaval(sav, m, mhp); |
5411 | if (error) { |
5412 | KEY_FREESAV(&sav); |
5413 | return key_senderror(so, m, error); |
5414 | } |
5415 | |
5416 | if ((error = key_handle_natt_info(sav,mhp)) != 0) |
5417 | return key_senderror(so, m, EINVAL); |
5418 | |
5419 | /* check SA values to be mature. */ |
5420 | if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { |
5421 | KEY_FREESAV(&sav); |
5422 | return key_senderror(so, m, 0); |
5423 | } |
5424 | |
5425 | { |
5426 | struct mbuf *n; |
5427 | |
5428 | /* set msg buf from mhp */ |
5429 | n = key_getmsgbuf_x1(m, mhp); |
5430 | if (n == NULL) { |
5431 | ipseclog((LOG_DEBUG, "key_update: No more memory.\n" )); |
5432 | return key_senderror(so, m, ENOBUFS); |
5433 | } |
5434 | |
5435 | m_freem(m); |
5436 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
5437 | } |
5438 | } |
5439 | |
5440 | /* |
5441 | * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. |
5442 | * only called by key_update(). |
5443 | * OUT: |
5444 | * NULL : not found |
5445 | * others : found, pointer to a SA. |
5446 | */ |
5447 | #ifdef IPSEC_DOSEQCHECK |
5448 | static struct secasvar * |
5449 | key_getsavbyseq(struct secashead *sah, u_int32_t seq) |
5450 | { |
5451 | struct secasvar *sav; |
5452 | u_int state; |
5453 | |
5454 | state = SADB_SASTATE_LARVAL; |
5455 | |
5456 | /* search SAD with sequence number ? */ |
5457 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
5458 | |
5459 | KEY_CHKSASTATE(state, sav->state, "key_getsabyseq" ); |
5460 | |
5461 | if (sav->seq == seq) { |
5462 | SA_ADDREF(sav); |
5463 | KEYDEBUG(KEYDEBUG_IPSEC_STAMP, |
5464 | printf("DP %s cause refcnt++:%d SA:%p\n" , |
5465 | __func__, sav->refcnt, sav)); |
5466 | return sav; |
5467 | } |
5468 | } |
5469 | |
5470 | return NULL; |
5471 | } |
5472 | #endif |
5473 | |
5474 | /* |
5475 | * SADB_ADD processing |
5476 | * add an entry to SA database, when received |
5477 | * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) |
5478 | * key(AE), (identity(SD),) (sensitivity)> |
5479 | * from the ikmpd, |
5480 | * and send |
5481 | * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) |
5482 | * (identity(SD),) (sensitivity)> |
5483 | * to the ikmpd. |
5484 | * |
5485 | * IGNORE identity and sensitivity messages. |
5486 | * |
5487 | * m will always be freed. |
5488 | */ |
5489 | static int |
5490 | key_add(struct socket *so, struct mbuf *m, |
5491 | const struct sadb_msghdr *mhp) |
5492 | { |
5493 | struct sadb_sa *sa0; |
5494 | struct sadb_address *src0, *dst0; |
5495 | struct secasindex saidx; |
5496 | struct secashead *newsah; |
5497 | struct secasvar *newsav; |
5498 | u_int16_t proto; |
5499 | u_int8_t mode; |
5500 | u_int16_t reqid; |
5501 | int error; |
5502 | |
5503 | /* sanity check */ |
5504 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
5505 | panic("key_add: NULL pointer is passed" ); |
5506 | |
5507 | /* map satype to proto */ |
5508 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
5509 | ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n" )); |
5510 | return key_senderror(so, m, EINVAL); |
5511 | } |
5512 | |
5513 | if (mhp->ext[SADB_EXT_SA] == NULL || |
5514 | mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
5515 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
5516 | (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && |
5517 | mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || |
5518 | (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && |
5519 | mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || |
5520 | (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && |
5521 | mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || |
5522 | (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && |
5523 | mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { |
5524 | ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n" )); |
5525 | return key_senderror(so, m, EINVAL); |
5526 | } |
5527 | if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || |
5528 | mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
5529 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { |
5530 | /* XXX need more */ |
5531 | ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n" )); |
5532 | return key_senderror(so, m, EINVAL); |
5533 | } |
5534 | if (mhp->ext[SADB_X_EXT_SA2] != NULL) { |
5535 | mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; |
5536 | reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; |
5537 | } else { |
5538 | mode = IPSEC_MODE_ANY; |
5539 | reqid = 0; |
5540 | } |
5541 | |
5542 | sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
5543 | src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; |
5544 | dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; |
5545 | |
5546 | if ((error = key_setsecasidx(proto, mode, reqid, src0 + 1, |
5547 | dst0 + 1, &saidx)) != 0) |
5548 | return key_senderror(so, m, EINVAL); |
5549 | |
5550 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
5551 | return key_senderror(so, m, EINVAL); |
5552 | |
5553 | /* get a SA header */ |
5554 | if ((newsah = key_getsah(&saidx)) == NULL) { |
5555 | /* create a new SA header */ |
5556 | if ((newsah = key_newsah(&saidx)) == NULL) { |
5557 | ipseclog((LOG_DEBUG, "key_add: No more memory.\n" )); |
5558 | return key_senderror(so, m, ENOBUFS); |
5559 | } |
5560 | } |
5561 | |
5562 | /* set spidx if there */ |
5563 | /* XXX rewrite */ |
5564 | error = key_setident(newsah, m, mhp); |
5565 | if (error) { |
5566 | return key_senderror(so, m, error); |
5567 | } |
5568 | |
5569 | /* create new SA entry. */ |
5570 | /* We can create new SA only if SPI is differenct. */ |
5571 | if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) { |
5572 | ipseclog((LOG_DEBUG, "key_add: SA already exists.\n" )); |
5573 | return key_senderror(so, m, EEXIST); |
5574 | } |
5575 | newsav = KEY_NEWSAV(m, mhp, newsah, &error); |
5576 | if (newsav == NULL) { |
5577 | return key_senderror(so, m, error); |
5578 | } |
5579 | |
5580 | if ((error = key_handle_natt_info(newsav, mhp)) != 0) |
5581 | return key_senderror(so, m, EINVAL); |
5582 | |
5583 | /* check SA values to be mature. */ |
5584 | if ((error = key_mature(newsav)) != 0) { |
5585 | KEY_FREESAV(&newsav); |
5586 | return key_senderror(so, m, error); |
5587 | } |
5588 | |
5589 | /* |
5590 | * don't call key_freesav() here, as we would like to keep the SA |
5591 | * in the database on success. |
5592 | */ |
5593 | |
5594 | { |
5595 | struct mbuf *n; |
5596 | |
5597 | /* set msg buf from mhp */ |
5598 | n = key_getmsgbuf_x1(m, mhp); |
5599 | if (n == NULL) { |
5600 | ipseclog((LOG_DEBUG, "key_update: No more memory.\n" )); |
5601 | return key_senderror(so, m, ENOBUFS); |
5602 | } |
5603 | |
5604 | m_freem(m); |
5605 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
5606 | } |
5607 | } |
5608 | |
5609 | /* m is retained */ |
5610 | static int |
5611 | key_setident(struct secashead *sah, struct mbuf *m, |
5612 | const struct sadb_msghdr *mhp) |
5613 | { |
5614 | const struct sadb_ident *idsrc, *iddst; |
5615 | int idsrclen, iddstlen; |
5616 | |
5617 | /* sanity check */ |
5618 | if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
5619 | panic("key_setident: NULL pointer is passed" ); |
5620 | |
5621 | /* don't make buffer if not there */ |
5622 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && |
5623 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { |
5624 | sah->idents = NULL; |
5625 | sah->identd = NULL; |
5626 | return 0; |
5627 | } |
5628 | |
5629 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || |
5630 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { |
5631 | ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n" )); |
5632 | return EINVAL; |
5633 | } |
5634 | |
5635 | idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; |
5636 | iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; |
5637 | idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; |
5638 | iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; |
5639 | |
5640 | /* validity check */ |
5641 | if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { |
5642 | ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n" )); |
5643 | return EINVAL; |
5644 | } |
5645 | |
5646 | switch (idsrc->sadb_ident_type) { |
5647 | case SADB_IDENTTYPE_PREFIX: |
5648 | case SADB_IDENTTYPE_FQDN: |
5649 | case SADB_IDENTTYPE_USERFQDN: |
5650 | default: |
5651 | /* XXX do nothing */ |
5652 | sah->idents = NULL; |
5653 | sah->identd = NULL; |
5654 | return 0; |
5655 | } |
5656 | |
5657 | /* make structure */ |
5658 | KMALLOC(sah->idents, struct sadb_ident *, idsrclen); |
5659 | if (sah->idents == NULL) { |
5660 | ipseclog((LOG_DEBUG, "key_setident: No more memory.\n" )); |
5661 | return ENOBUFS; |
5662 | } |
5663 | KMALLOC(sah->identd, struct sadb_ident *, iddstlen); |
5664 | if (sah->identd == NULL) { |
5665 | KFREE(sah->idents); |
5666 | sah->idents = NULL; |
5667 | ipseclog((LOG_DEBUG, "key_setident: No more memory.\n" )); |
5668 | return ENOBUFS; |
5669 | } |
5670 | memcpy(sah->idents, idsrc, idsrclen); |
5671 | memcpy(sah->identd, iddst, iddstlen); |
5672 | |
5673 | return 0; |
5674 | } |
5675 | |
5676 | /* |
5677 | * m will not be freed on return. |
5678 | * it is caller's responsibility to free the result. |
5679 | */ |
5680 | static struct mbuf * |
5681 | key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) |
5682 | { |
5683 | struct mbuf *n; |
5684 | |
5685 | /* sanity check */ |
5686 | if (m == NULL || mhp == NULL || mhp->msg == NULL) |
5687 | panic("key_getmsgbuf_x1: NULL pointer is passed" ); |
5688 | |
5689 | /* create new sadb_msg to reply. */ |
5690 | n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED, |
5691 | SADB_EXT_SA, SADB_X_EXT_SA2, |
5692 | SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, |
5693 | SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, |
5694 | SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, |
5695 | SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, |
5696 | SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, |
5697 | SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG); |
5698 | if (!n) |
5699 | return NULL; |
5700 | |
5701 | if (n->m_len < sizeof(struct sadb_msg)) { |
5702 | n = m_pullup(n, sizeof(struct sadb_msg)); |
5703 | if (n == NULL) |
5704 | return NULL; |
5705 | } |
5706 | mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; |
5707 | mtod(n, struct sadb_msg *)->sadb_msg_len = |
5708 | PFKEY_UNIT64(n->m_pkthdr.len); |
5709 | |
5710 | return n; |
5711 | } |
5712 | |
5713 | static int key_delete_all (struct socket *, struct mbuf *, |
5714 | const struct sadb_msghdr *, u_int16_t); |
5715 | |
5716 | /* |
5717 | * SADB_DELETE processing |
5718 | * receive |
5719 | * <base, SA(*), address(SD)> |
5720 | * from the ikmpd, and set SADB_SASTATE_DEAD, |
5721 | * and send, |
5722 | * <base, SA(*), address(SD)> |
5723 | * to the ikmpd. |
5724 | * |
5725 | * m will always be freed. |
5726 | */ |
5727 | static int |
5728 | key_delete(struct socket *so, struct mbuf *m, |
5729 | const struct sadb_msghdr *mhp) |
5730 | { |
5731 | struct sadb_sa *sa0; |
5732 | struct sadb_address *src0, *dst0; |
5733 | struct secasindex saidx; |
5734 | struct secashead *sah; |
5735 | struct secasvar *sav = NULL; |
5736 | u_int16_t proto; |
5737 | int error; |
5738 | |
5739 | /* sanity check */ |
5740 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
5741 | panic("key_delete: NULL pointer is passed" ); |
5742 | |
5743 | /* map satype to proto */ |
5744 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
5745 | ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n" )); |
5746 | return key_senderror(so, m, EINVAL); |
5747 | } |
5748 | |
5749 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
5750 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { |
5751 | ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n" )); |
5752 | return key_senderror(so, m, EINVAL); |
5753 | } |
5754 | |
5755 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
5756 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { |
5757 | ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n" )); |
5758 | return key_senderror(so, m, EINVAL); |
5759 | } |
5760 | |
5761 | if (mhp->ext[SADB_EXT_SA] == NULL) { |
5762 | /* |
5763 | * Caller wants us to delete all non-LARVAL SAs |
5764 | * that match the src/dst. This is used during |
5765 | * IKE INITIAL-CONTACT. |
5766 | */ |
5767 | ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n" )); |
5768 | return key_delete_all(so, m, mhp, proto); |
5769 | } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { |
5770 | ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n" )); |
5771 | return key_senderror(so, m, EINVAL); |
5772 | } |
5773 | |
5774 | sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
5775 | src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); |
5776 | dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); |
5777 | |
5778 | if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, |
5779 | dst0 + 1, &saidx)) != 0) |
5780 | return key_senderror(so, m, EINVAL); |
5781 | |
5782 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
5783 | return key_senderror(so, m, EINVAL); |
5784 | |
5785 | /* get a SA header */ |
5786 | LIST_FOREACH(sah, &sahtree, chain) { |
5787 | if (sah->state == SADB_SASTATE_DEAD) |
5788 | continue; |
5789 | if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) |
5790 | continue; |
5791 | |
5792 | /* get a SA with SPI. */ |
5793 | sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); |
5794 | if (sav) |
5795 | break; |
5796 | } |
5797 | if (sah == NULL) { |
5798 | ipseclog((LOG_DEBUG, "key_delete: no SA found.\n" )); |
5799 | return key_senderror(so, m, ENOENT); |
5800 | } |
5801 | |
5802 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
5803 | KEY_FREESAV(&sav); |
5804 | |
5805 | { |
5806 | struct mbuf *n; |
5807 | struct sadb_msg *newmsg; |
5808 | |
5809 | /* create new sadb_msg to reply. */ |
5810 | n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, |
5811 | SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); |
5812 | if (!n) |
5813 | return key_senderror(so, m, ENOBUFS); |
5814 | |
5815 | if (n->m_len < sizeof(struct sadb_msg)) { |
5816 | n = m_pullup(n, sizeof(struct sadb_msg)); |
5817 | if (n == NULL) |
5818 | return key_senderror(so, m, ENOBUFS); |
5819 | } |
5820 | newmsg = mtod(n, struct sadb_msg *); |
5821 | newmsg->sadb_msg_errno = 0; |
5822 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
5823 | |
5824 | m_freem(m); |
5825 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
5826 | } |
5827 | } |
5828 | |
5829 | /* |
5830 | * delete all SAs for src/dst. Called from key_delete(). |
5831 | */ |
5832 | static int |
5833 | key_delete_all(struct socket *so, struct mbuf *m, |
5834 | const struct sadb_msghdr *mhp, u_int16_t proto) |
5835 | { |
5836 | struct sadb_address *src0, *dst0; |
5837 | struct secasindex saidx; |
5838 | struct secashead *sah; |
5839 | struct secasvar *sav, *nextsav; |
5840 | u_int stateidx, state; |
5841 | int error; |
5842 | |
5843 | src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); |
5844 | dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); |
5845 | |
5846 | if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, |
5847 | dst0 + 1, &saidx)) != 0) |
5848 | return key_senderror(so, m, EINVAL); |
5849 | |
5850 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
5851 | return key_senderror(so, m, EINVAL); |
5852 | |
5853 | LIST_FOREACH(sah, &sahtree, chain) { |
5854 | if (sah->state == SADB_SASTATE_DEAD) |
5855 | continue; |
5856 | if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) |
5857 | continue; |
5858 | |
5859 | /* Delete all non-LARVAL SAs. */ |
5860 | for (stateidx = 0; |
5861 | stateidx < _ARRAYLEN(saorder_state_alive); |
5862 | stateidx++) { |
5863 | state = saorder_state_alive[stateidx]; |
5864 | if (state == SADB_SASTATE_LARVAL) |
5865 | continue; |
5866 | for (sav = LIST_FIRST(&sah->savtree[state]); |
5867 | sav != NULL; sav = nextsav) { |
5868 | nextsav = LIST_NEXT(sav, chain); |
5869 | /* sanity check */ |
5870 | if (sav->state != state) { |
5871 | ipseclog((LOG_DEBUG, "key_delete_all: " |
5872 | "invalid sav->state " |
5873 | "(queue: %d SA: %d)\n" , |
5874 | state, sav->state)); |
5875 | continue; |
5876 | } |
5877 | |
5878 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
5879 | KEY_FREESAV(&sav); |
5880 | } |
5881 | } |
5882 | } |
5883 | { |
5884 | struct mbuf *n; |
5885 | struct sadb_msg *newmsg; |
5886 | |
5887 | /* create new sadb_msg to reply. */ |
5888 | n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, |
5889 | SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); |
5890 | if (!n) |
5891 | return key_senderror(so, m, ENOBUFS); |
5892 | |
5893 | if (n->m_len < sizeof(struct sadb_msg)) { |
5894 | n = m_pullup(n, sizeof(struct sadb_msg)); |
5895 | if (n == NULL) |
5896 | return key_senderror(so, m, ENOBUFS); |
5897 | } |
5898 | newmsg = mtod(n, struct sadb_msg *); |
5899 | newmsg->sadb_msg_errno = 0; |
5900 | newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); |
5901 | |
5902 | m_freem(m); |
5903 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
5904 | } |
5905 | } |
5906 | |
5907 | /* |
5908 | * SADB_GET processing |
5909 | * receive |
5910 | * <base, SA(*), address(SD)> |
5911 | * from the ikmpd, and get a SP and a SA to respond, |
5912 | * and send, |
5913 | * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), |
5914 | * (identity(SD),) (sensitivity)> |
5915 | * to the ikmpd. |
5916 | * |
5917 | * m will always be freed. |
5918 | */ |
5919 | static int |
5920 | key_get(struct socket *so, struct mbuf *m, |
5921 | const struct sadb_msghdr *mhp) |
5922 | { |
5923 | struct sadb_sa *sa0; |
5924 | struct sadb_address *src0, *dst0; |
5925 | struct secasindex saidx; |
5926 | struct secashead *sah; |
5927 | struct secasvar *sav = NULL; |
5928 | u_int16_t proto; |
5929 | int error; |
5930 | |
5931 | /* sanity check */ |
5932 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
5933 | panic("key_get: NULL pointer is passed" ); |
5934 | |
5935 | /* map satype to proto */ |
5936 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
5937 | ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n" )); |
5938 | return key_senderror(so, m, EINVAL); |
5939 | } |
5940 | |
5941 | if (mhp->ext[SADB_EXT_SA] == NULL || |
5942 | mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
5943 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { |
5944 | ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n" )); |
5945 | return key_senderror(so, m, EINVAL); |
5946 | } |
5947 | if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || |
5948 | mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
5949 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { |
5950 | ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n" )); |
5951 | return key_senderror(so, m, EINVAL); |
5952 | } |
5953 | |
5954 | sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; |
5955 | src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; |
5956 | dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; |
5957 | |
5958 | if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, |
5959 | dst0 + 1, &saidx)) != 0) |
5960 | return key_senderror(so, m, EINVAL); |
5961 | |
5962 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
5963 | return key_senderror(so, m, EINVAL); |
5964 | |
5965 | /* get a SA header */ |
5966 | LIST_FOREACH(sah, &sahtree, chain) { |
5967 | if (sah->state == SADB_SASTATE_DEAD) |
5968 | continue; |
5969 | if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) |
5970 | continue; |
5971 | |
5972 | /* get a SA with SPI. */ |
5973 | sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); |
5974 | if (sav) |
5975 | break; |
5976 | } |
5977 | if (sah == NULL) { |
5978 | ipseclog((LOG_DEBUG, "key_get: no SA found.\n" )); |
5979 | return key_senderror(so, m, ENOENT); |
5980 | } |
5981 | |
5982 | { |
5983 | struct mbuf *n; |
5984 | u_int8_t satype; |
5985 | |
5986 | /* map proto to satype */ |
5987 | if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { |
5988 | ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n" )); |
5989 | return key_senderror(so, m, EINVAL); |
5990 | } |
5991 | |
5992 | /* create new sadb_msg to reply. */ |
5993 | n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, |
5994 | mhp->msg->sadb_msg_pid); |
5995 | if (!n) |
5996 | return key_senderror(so, m, ENOBUFS); |
5997 | |
5998 | m_freem(m); |
5999 | return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); |
6000 | } |
6001 | } |
6002 | |
6003 | /* XXX make it sysctl-configurable? */ |
6004 | static void |
6005 | key_getcomb_setlifetime(struct sadb_comb *comb) |
6006 | { |
6007 | |
6008 | comb->sadb_comb_soft_allocations = 1; |
6009 | comb->sadb_comb_hard_allocations = 1; |
6010 | comb->sadb_comb_soft_bytes = 0; |
6011 | comb->sadb_comb_hard_bytes = 0; |
6012 | comb->sadb_comb_hard_addtime = 86400; /* 1 day */ |
6013 | comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; |
6014 | comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ |
6015 | comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; |
6016 | } |
6017 | |
6018 | /* |
6019 | * XXX reorder combinations by preference |
6020 | * XXX no idea if the user wants ESP authentication or not |
6021 | */ |
6022 | static struct mbuf * |
6023 | key_getcomb_esp(void) |
6024 | { |
6025 | struct sadb_comb *comb; |
6026 | const struct enc_xform *algo; |
6027 | struct mbuf *result = NULL, *m, *n; |
6028 | int encmin; |
6029 | int i, off, o; |
6030 | int totlen; |
6031 | const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); |
6032 | |
6033 | m = NULL; |
6034 | for (i = 1; i <= SADB_EALG_MAX; i++) { |
6035 | algo = esp_algorithm_lookup(i); |
6036 | if (algo == NULL) |
6037 | continue; |
6038 | |
6039 | /* discard algorithms with key size smaller than system min */ |
6040 | if (_BITS(algo->maxkey) < ipsec_esp_keymin) |
6041 | continue; |
6042 | if (_BITS(algo->minkey) < ipsec_esp_keymin) |
6043 | encmin = ipsec_esp_keymin; |
6044 | else |
6045 | encmin = _BITS(algo->minkey); |
6046 | |
6047 | if (ipsec_esp_auth) |
6048 | m = key_getcomb_ah(); |
6049 | else { |
6050 | IPSEC_ASSERT(l <= MLEN, |
6051 | ("key_getcomb_esp: l=%u > MLEN=%lu" , |
6052 | l, (u_long) MLEN)); |
6053 | MGET(m, M_DONTWAIT, MT_DATA); |
6054 | if (m) { |
6055 | M_ALIGN(m, l); |
6056 | m->m_len = l; |
6057 | m->m_next = NULL; |
6058 | memset(mtod(m, void *), 0, m->m_len); |
6059 | } |
6060 | } |
6061 | if (!m) |
6062 | goto fail; |
6063 | |
6064 | totlen = 0; |
6065 | for (n = m; n; n = n->m_next) |
6066 | totlen += n->m_len; |
6067 | IPSEC_ASSERT((totlen % l) == 0, |
6068 | ("key_getcomb_esp: totlen=%u, l=%u" , totlen, l)); |
6069 | |
6070 | for (off = 0; off < totlen; off += l) { |
6071 | n = m_pulldown(m, off, l, &o); |
6072 | if (!n) { |
6073 | /* m is already freed */ |
6074 | goto fail; |
6075 | } |
6076 | comb = (struct sadb_comb *)(mtod(n, char *) + o); |
6077 | memset(comb, 0, sizeof(*comb)); |
6078 | key_getcomb_setlifetime(comb); |
6079 | comb->sadb_comb_encrypt = i; |
6080 | comb->sadb_comb_encrypt_minbits = encmin; |
6081 | comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); |
6082 | } |
6083 | |
6084 | if (!result) |
6085 | result = m; |
6086 | else |
6087 | m_cat(result, m); |
6088 | } |
6089 | |
6090 | return result; |
6091 | |
6092 | fail: |
6093 | if (result) |
6094 | m_freem(result); |
6095 | return NULL; |
6096 | } |
6097 | |
6098 | static void |
6099 | key_getsizes_ah(const struct auth_hash *ah, int alg, |
6100 | u_int16_t* ksmin, u_int16_t* ksmax) |
6101 | { |
6102 | *ksmin = *ksmax = ah->keysize; |
6103 | if (ah->keysize == 0) { |
6104 | /* |
6105 | * Transform takes arbitrary key size but algorithm |
6106 | * key size is restricted. Enforce this here. |
6107 | */ |
6108 | switch (alg) { |
6109 | case SADB_X_AALG_MD5: *ksmin = *ksmax = 16; break; |
6110 | case SADB_X_AALG_SHA: *ksmin = *ksmax = 20; break; |
6111 | case SADB_X_AALG_NULL: *ksmin = 1; *ksmax = 256; break; |
6112 | default: |
6113 | DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n" , |
6114 | alg)); |
6115 | break; |
6116 | } |
6117 | } |
6118 | } |
6119 | |
6120 | /* |
6121 | * XXX reorder combinations by preference |
6122 | */ |
6123 | static struct mbuf * |
6124 | key_getcomb_ah(void) |
6125 | { |
6126 | struct sadb_comb *comb; |
6127 | const struct auth_hash *algo; |
6128 | struct mbuf *m; |
6129 | u_int16_t minkeysize, maxkeysize; |
6130 | int i; |
6131 | const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); |
6132 | |
6133 | m = NULL; |
6134 | for (i = 1; i <= SADB_AALG_MAX; i++) { |
6135 | #if 1 |
6136 | /* we prefer HMAC algorithms, not old algorithms */ |
6137 | if (i != SADB_AALG_SHA1HMAC && |
6138 | i != SADB_AALG_MD5HMAC && |
6139 | i != SADB_X_AALG_SHA2_256 && |
6140 | i != SADB_X_AALG_SHA2_384 && |
6141 | i != SADB_X_AALG_SHA2_512) |
6142 | continue; |
6143 | #endif |
6144 | algo = ah_algorithm_lookup(i); |
6145 | if (!algo) |
6146 | continue; |
6147 | key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); |
6148 | /* discard algorithms with key size smaller than system min */ |
6149 | if (_BITS(minkeysize) < ipsec_ah_keymin) |
6150 | continue; |
6151 | |
6152 | if (!m) { |
6153 | IPSEC_ASSERT(l <= MLEN, |
6154 | ("key_getcomb_ah: l=%u > MLEN=%lu" , |
6155 | l, (u_long) MLEN)); |
6156 | MGET(m, M_DONTWAIT, MT_DATA); |
6157 | if (m) { |
6158 | M_ALIGN(m, l); |
6159 | m->m_len = l; |
6160 | m->m_next = NULL; |
6161 | } |
6162 | } else |
6163 | M_PREPEND(m, l, M_DONTWAIT); |
6164 | if (!m) |
6165 | return NULL; |
6166 | |
6167 | comb = mtod(m, struct sadb_comb *); |
6168 | memset(comb, 0, sizeof(*comb)); |
6169 | key_getcomb_setlifetime(comb); |
6170 | comb->sadb_comb_auth = i; |
6171 | comb->sadb_comb_auth_minbits = _BITS(minkeysize); |
6172 | comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); |
6173 | } |
6174 | |
6175 | return m; |
6176 | } |
6177 | |
6178 | /* |
6179 | * not really an official behavior. discussed in pf_key@inner.net in Sep2000. |
6180 | * XXX reorder combinations by preference |
6181 | */ |
6182 | static struct mbuf * |
6183 | key_getcomb_ipcomp(void) |
6184 | { |
6185 | struct sadb_comb *comb; |
6186 | const struct comp_algo *algo; |
6187 | struct mbuf *m; |
6188 | int i; |
6189 | const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); |
6190 | |
6191 | m = NULL; |
6192 | for (i = 1; i <= SADB_X_CALG_MAX; i++) { |
6193 | algo = ipcomp_algorithm_lookup(i); |
6194 | if (!algo) |
6195 | continue; |
6196 | |
6197 | if (!m) { |
6198 | IPSEC_ASSERT(l <= MLEN, |
6199 | ("key_getcomb_ipcomp: l=%u > MLEN=%lu" , |
6200 | l, (u_long) MLEN)); |
6201 | MGET(m, M_DONTWAIT, MT_DATA); |
6202 | if (m) { |
6203 | M_ALIGN(m, l); |
6204 | m->m_len = l; |
6205 | m->m_next = NULL; |
6206 | } |
6207 | } else |
6208 | M_PREPEND(m, l, M_DONTWAIT); |
6209 | if (!m) |
6210 | return NULL; |
6211 | |
6212 | comb = mtod(m, struct sadb_comb *); |
6213 | memset(comb, 0, sizeof(*comb)); |
6214 | key_getcomb_setlifetime(comb); |
6215 | comb->sadb_comb_encrypt = i; |
6216 | /* what should we set into sadb_comb_*_{min,max}bits? */ |
6217 | } |
6218 | |
6219 | return m; |
6220 | } |
6221 | |
6222 | /* |
6223 | * XXX no way to pass mode (transport/tunnel) to userland |
6224 | * XXX replay checking? |
6225 | * XXX sysctl interface to ipsec_{ah,esp}_keymin |
6226 | */ |
6227 | static struct mbuf * |
6228 | key_getprop(const struct secasindex *saidx) |
6229 | { |
6230 | struct sadb_prop *prop; |
6231 | struct mbuf *m, *n; |
6232 | const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); |
6233 | int totlen; |
6234 | |
6235 | switch (saidx->proto) { |
6236 | case IPPROTO_ESP: |
6237 | m = key_getcomb_esp(); |
6238 | break; |
6239 | case IPPROTO_AH: |
6240 | m = key_getcomb_ah(); |
6241 | break; |
6242 | case IPPROTO_IPCOMP: |
6243 | m = key_getcomb_ipcomp(); |
6244 | break; |
6245 | default: |
6246 | return NULL; |
6247 | } |
6248 | |
6249 | if (!m) |
6250 | return NULL; |
6251 | M_PREPEND(m, l, M_DONTWAIT); |
6252 | if (!m) |
6253 | return NULL; |
6254 | |
6255 | totlen = 0; |
6256 | for (n = m; n; n = n->m_next) |
6257 | totlen += n->m_len; |
6258 | |
6259 | prop = mtod(m, struct sadb_prop *); |
6260 | memset(prop, 0, sizeof(*prop)); |
6261 | prop->sadb_prop_len = PFKEY_UNIT64(totlen); |
6262 | prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; |
6263 | prop->sadb_prop_replay = 32; /* XXX */ |
6264 | |
6265 | return m; |
6266 | } |
6267 | |
6268 | /* |
6269 | * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). |
6270 | * send |
6271 | * <base, SA, address(SD), (address(P)), x_policy, |
6272 | * (identity(SD),) (sensitivity,) proposal> |
6273 | * to KMD, and expect to receive |
6274 | * <base> with SADB_ACQUIRE if error occurred, |
6275 | * or |
6276 | * <base, src address, dst address, (SPI range)> with SADB_GETSPI |
6277 | * from KMD by PF_KEY. |
6278 | * |
6279 | * XXX x_policy is outside of RFC2367 (KAME extension). |
6280 | * XXX sensitivity is not supported. |
6281 | * XXX for ipcomp, RFC2367 does not define how to fill in proposal. |
6282 | * see comment for key_getcomb_ipcomp(). |
6283 | * |
6284 | * OUT: |
6285 | * 0 : succeed |
6286 | * others: error number |
6287 | */ |
6288 | static int |
6289 | key_acquire(const struct secasindex *saidx, struct secpolicy *sp) |
6290 | { |
6291 | struct mbuf *result = NULL, *m; |
6292 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
6293 | struct secacq *newacq; |
6294 | #endif |
6295 | u_int8_t satype; |
6296 | int error = -1; |
6297 | u_int32_t seq; |
6298 | |
6299 | /* sanity check */ |
6300 | IPSEC_ASSERT(saidx != NULL, ("key_acquire: null saidx" )); |
6301 | satype = key_proto2satype(saidx->proto); |
6302 | IPSEC_ASSERT(satype != 0, |
6303 | ("key_acquire: null satype, protocol %u" , saidx->proto)); |
6304 | |
6305 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
6306 | /* |
6307 | * We never do anything about acquirng SA. There is anather |
6308 | * solution that kernel blocks to send SADB_ACQUIRE message until |
6309 | * getting something message from IKEd. In later case, to be |
6310 | * managed with ACQUIRING list. |
6311 | */ |
6312 | /* Get an entry to check whether sending message or not. */ |
6313 | if ((newacq = key_getacq(saidx)) != NULL) { |
6314 | if (key_blockacq_count < newacq->count) { |
6315 | /* reset counter and do send message. */ |
6316 | newacq->count = 0; |
6317 | } else { |
6318 | /* increment counter and do nothing. */ |
6319 | newacq->count++; |
6320 | return 0; |
6321 | } |
6322 | } else { |
6323 | /* make new entry for blocking to send SADB_ACQUIRE. */ |
6324 | if ((newacq = key_newacq(saidx)) == NULL) |
6325 | return ENOBUFS; |
6326 | |
6327 | /* add to acqtree */ |
6328 | LIST_INSERT_HEAD(&acqtree, newacq, chain); |
6329 | } |
6330 | #endif |
6331 | |
6332 | |
6333 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
6334 | seq = newacq->seq; |
6335 | #else |
6336 | seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); |
6337 | #endif |
6338 | m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); |
6339 | if (!m) { |
6340 | error = ENOBUFS; |
6341 | goto fail; |
6342 | } |
6343 | result = m; |
6344 | |
6345 | /* set sadb_address for saidx's. */ |
6346 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
6347 | &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY); |
6348 | if (!m) { |
6349 | error = ENOBUFS; |
6350 | goto fail; |
6351 | } |
6352 | m_cat(result, m); |
6353 | |
6354 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
6355 | &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY); |
6356 | if (!m) { |
6357 | error = ENOBUFS; |
6358 | goto fail; |
6359 | } |
6360 | m_cat(result, m); |
6361 | |
6362 | /* XXX proxy address (optional) */ |
6363 | |
6364 | /* set sadb_x_policy */ |
6365 | if (sp) { |
6366 | m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id); |
6367 | if (!m) { |
6368 | error = ENOBUFS; |
6369 | goto fail; |
6370 | } |
6371 | m_cat(result, m); |
6372 | } |
6373 | |
6374 | /* XXX identity (optional) */ |
6375 | #if 0 |
6376 | if (idexttype && fqdn) { |
6377 | /* create identity extension (FQDN) */ |
6378 | struct sadb_ident *id; |
6379 | int fqdnlen; |
6380 | |
6381 | fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ |
6382 | id = (struct sadb_ident *)p; |
6383 | memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); |
6384 | id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); |
6385 | id->sadb_ident_exttype = idexttype; |
6386 | id->sadb_ident_type = SADB_IDENTTYPE_FQDN; |
6387 | memcpy(id + 1, fqdn, fqdnlen); |
6388 | p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); |
6389 | } |
6390 | |
6391 | if (idexttype) { |
6392 | /* create identity extension (USERFQDN) */ |
6393 | struct sadb_ident *id; |
6394 | int userfqdnlen; |
6395 | |
6396 | if (userfqdn) { |
6397 | /* +1 for terminating-NUL */ |
6398 | userfqdnlen = strlen(userfqdn) + 1; |
6399 | } else |
6400 | userfqdnlen = 0; |
6401 | id = (struct sadb_ident *)p; |
6402 | memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); |
6403 | id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); |
6404 | id->sadb_ident_exttype = idexttype; |
6405 | id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; |
6406 | /* XXX is it correct? */ |
6407 | if (curlwp) |
6408 | id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred); |
6409 | if (userfqdn && userfqdnlen) |
6410 | memcpy(id + 1, userfqdn, userfqdnlen); |
6411 | p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); |
6412 | } |
6413 | #endif |
6414 | |
6415 | /* XXX sensitivity (optional) */ |
6416 | |
6417 | /* create proposal/combination extension */ |
6418 | m = key_getprop(saidx); |
6419 | #if 0 |
6420 | /* |
6421 | * spec conformant: always attach proposal/combination extension, |
6422 | * the problem is that we have no way to attach it for ipcomp, |
6423 | * due to the way sadb_comb is declared in RFC2367. |
6424 | */ |
6425 | if (!m) { |
6426 | error = ENOBUFS; |
6427 | goto fail; |
6428 | } |
6429 | m_cat(result, m); |
6430 | #else |
6431 | /* |
6432 | * outside of spec; make proposal/combination extension optional. |
6433 | */ |
6434 | if (m) |
6435 | m_cat(result, m); |
6436 | #endif |
6437 | |
6438 | if ((result->m_flags & M_PKTHDR) == 0) { |
6439 | error = EINVAL; |
6440 | goto fail; |
6441 | } |
6442 | |
6443 | if (result->m_len < sizeof(struct sadb_msg)) { |
6444 | result = m_pullup(result, sizeof(struct sadb_msg)); |
6445 | if (result == NULL) { |
6446 | error = ENOBUFS; |
6447 | goto fail; |
6448 | } |
6449 | } |
6450 | |
6451 | result->m_pkthdr.len = 0; |
6452 | for (m = result; m; m = m->m_next) |
6453 | result->m_pkthdr.len += m->m_len; |
6454 | |
6455 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
6456 | PFKEY_UNIT64(result->m_pkthdr.len); |
6457 | |
6458 | return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); |
6459 | |
6460 | fail: |
6461 | if (result) |
6462 | m_freem(result); |
6463 | return error; |
6464 | } |
6465 | |
6466 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
6467 | static struct secacq * |
6468 | key_newacq(const struct secasindex *saidx) |
6469 | { |
6470 | struct secacq *newacq; |
6471 | |
6472 | /* get new entry */ |
6473 | KMALLOC(newacq, struct secacq *, sizeof(struct secacq)); |
6474 | if (newacq == NULL) { |
6475 | ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n" )); |
6476 | return NULL; |
6477 | } |
6478 | memset(newacq, 0, sizeof(*newacq)); |
6479 | |
6480 | /* copy secindex */ |
6481 | memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx)); |
6482 | newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq); |
6483 | newacq->created = time_uptime; |
6484 | newacq->count = 0; |
6485 | |
6486 | return newacq; |
6487 | } |
6488 | |
6489 | static struct secacq * |
6490 | key_getacq(const struct secasindex *saidx) |
6491 | { |
6492 | struct secacq *acq; |
6493 | |
6494 | LIST_FOREACH(acq, &acqtree, chain) { |
6495 | if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY)) |
6496 | return acq; |
6497 | } |
6498 | |
6499 | return NULL; |
6500 | } |
6501 | |
6502 | static struct secacq * |
6503 | key_getacqbyseq(u_int32_t seq) |
6504 | { |
6505 | struct secacq *acq; |
6506 | |
6507 | LIST_FOREACH(acq, &acqtree, chain) { |
6508 | if (acq->seq == seq) |
6509 | return acq; |
6510 | } |
6511 | |
6512 | return NULL; |
6513 | } |
6514 | #endif |
6515 | |
6516 | static struct secspacq * |
6517 | key_newspacq(const struct secpolicyindex *spidx) |
6518 | { |
6519 | struct secspacq *acq; |
6520 | |
6521 | /* get new entry */ |
6522 | KMALLOC(acq, struct secspacq *, sizeof(struct secspacq)); |
6523 | if (acq == NULL) { |
6524 | ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n" )); |
6525 | return NULL; |
6526 | } |
6527 | memset(acq, 0, sizeof(*acq)); |
6528 | |
6529 | /* copy secindex */ |
6530 | memcpy(&acq->spidx, spidx, sizeof(acq->spidx)); |
6531 | acq->created = time_uptime; |
6532 | acq->count = 0; |
6533 | |
6534 | return acq; |
6535 | } |
6536 | |
6537 | static struct secspacq * |
6538 | key_getspacq(const struct secpolicyindex *spidx) |
6539 | { |
6540 | struct secspacq *acq; |
6541 | |
6542 | LIST_FOREACH(acq, &spacqtree, chain) { |
6543 | if (key_cmpspidx_exactly(spidx, &acq->spidx)) |
6544 | return acq; |
6545 | } |
6546 | |
6547 | return NULL; |
6548 | } |
6549 | |
6550 | /* |
6551 | * SADB_ACQUIRE processing, |
6552 | * in first situation, is receiving |
6553 | * <base> |
6554 | * from the ikmpd, and clear sequence of its secasvar entry. |
6555 | * |
6556 | * In second situation, is receiving |
6557 | * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> |
6558 | * from a user land process, and return |
6559 | * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> |
6560 | * to the socket. |
6561 | * |
6562 | * m will always be freed. |
6563 | */ |
6564 | static int |
6565 | key_acquire2(struct socket *so, struct mbuf *m, |
6566 | const struct sadb_msghdr *mhp) |
6567 | { |
6568 | const struct sadb_address *src0, *dst0; |
6569 | struct secasindex saidx; |
6570 | struct secashead *sah; |
6571 | u_int16_t proto; |
6572 | int error; |
6573 | |
6574 | /* sanity check */ |
6575 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
6576 | panic("key_acquire2: NULL pointer is passed" ); |
6577 | |
6578 | /* |
6579 | * Error message from KMd. |
6580 | * We assume that if error was occurred in IKEd, the length of PFKEY |
6581 | * message is equal to the size of sadb_msg structure. |
6582 | * We do not raise error even if error occurred in this function. |
6583 | */ |
6584 | if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { |
6585 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
6586 | struct secacq *acq; |
6587 | |
6588 | /* check sequence number */ |
6589 | if (mhp->msg->sadb_msg_seq == 0) { |
6590 | ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n" )); |
6591 | m_freem(m); |
6592 | return 0; |
6593 | } |
6594 | |
6595 | if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) { |
6596 | /* |
6597 | * the specified larval SA is already gone, or we got |
6598 | * a bogus sequence number. we can silently ignore it. |
6599 | */ |
6600 | m_freem(m); |
6601 | return 0; |
6602 | } |
6603 | |
6604 | /* reset acq counter in order to deletion by timehander. */ |
6605 | acq->created = time_uptime; |
6606 | acq->count = 0; |
6607 | #endif |
6608 | m_freem(m); |
6609 | return 0; |
6610 | } |
6611 | |
6612 | /* |
6613 | * This message is from user land. |
6614 | */ |
6615 | |
6616 | /* map satype to proto */ |
6617 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
6618 | ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n" )); |
6619 | return key_senderror(so, m, EINVAL); |
6620 | } |
6621 | |
6622 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
6623 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
6624 | mhp->ext[SADB_EXT_PROPOSAL] == NULL) { |
6625 | /* error */ |
6626 | ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n" )); |
6627 | return key_senderror(so, m, EINVAL); |
6628 | } |
6629 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
6630 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || |
6631 | mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { |
6632 | /* error */ |
6633 | ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n" )); |
6634 | return key_senderror(so, m, EINVAL); |
6635 | } |
6636 | |
6637 | src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; |
6638 | dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; |
6639 | |
6640 | if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, |
6641 | dst0 + 1, &saidx)) != 0) |
6642 | return key_senderror(so, m, EINVAL); |
6643 | |
6644 | if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != 0) |
6645 | return key_senderror(so, m, EINVAL); |
6646 | |
6647 | /* get a SA index */ |
6648 | LIST_FOREACH(sah, &sahtree, chain) { |
6649 | if (sah->state == SADB_SASTATE_DEAD) |
6650 | continue; |
6651 | if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) |
6652 | break; |
6653 | } |
6654 | if (sah != NULL) { |
6655 | ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n" )); |
6656 | return key_senderror(so, m, EEXIST); |
6657 | } |
6658 | |
6659 | error = key_acquire(&saidx, NULL); |
6660 | if (error != 0) { |
6661 | ipseclog((LOG_DEBUG, "key_acquire2: error %d returned " |
6662 | "from key_acquire.\n" , mhp->msg->sadb_msg_errno)); |
6663 | return key_senderror(so, m, error); |
6664 | } |
6665 | |
6666 | return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); |
6667 | } |
6668 | |
6669 | /* |
6670 | * SADB_REGISTER processing. |
6671 | * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. |
6672 | * receive |
6673 | * <base> |
6674 | * from the ikmpd, and register a socket to send PF_KEY messages, |
6675 | * and send |
6676 | * <base, supported> |
6677 | * to KMD by PF_KEY. |
6678 | * If socket is detached, must free from regnode. |
6679 | * |
6680 | * m will always be freed. |
6681 | */ |
6682 | static int |
6683 | key_register(struct socket *so, struct mbuf *m, |
6684 | const struct sadb_msghdr *mhp) |
6685 | { |
6686 | struct secreg *reg, *newreg = 0; |
6687 | |
6688 | /* sanity check */ |
6689 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
6690 | panic("key_register: NULL pointer is passed" ); |
6691 | |
6692 | /* check for invalid register message */ |
6693 | if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0])) |
6694 | return key_senderror(so, m, EINVAL); |
6695 | |
6696 | /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ |
6697 | if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) |
6698 | goto setmsg; |
6699 | |
6700 | /* check whether existing or not */ |
6701 | LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) { |
6702 | if (reg->so == so) { |
6703 | ipseclog((LOG_DEBUG, "key_register: socket exists already.\n" )); |
6704 | return key_senderror(so, m, EEXIST); |
6705 | } |
6706 | } |
6707 | |
6708 | /* create regnode */ |
6709 | KMALLOC(newreg, struct secreg *, sizeof(*newreg)); |
6710 | if (newreg == NULL) { |
6711 | ipseclog((LOG_DEBUG, "key_register: No more memory.\n" )); |
6712 | return key_senderror(so, m, ENOBUFS); |
6713 | } |
6714 | memset(newreg, 0, sizeof(*newreg)); |
6715 | |
6716 | newreg->so = so; |
6717 | ((struct keycb *)sotorawcb(so))->kp_registered++; |
6718 | |
6719 | /* add regnode to regtree. */ |
6720 | LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain); |
6721 | |
6722 | setmsg: |
6723 | { |
6724 | struct mbuf *n; |
6725 | struct sadb_msg *newmsg; |
6726 | struct sadb_supported *sup; |
6727 | u_int len, alen, elen; |
6728 | int off; |
6729 | int i; |
6730 | struct sadb_alg *alg; |
6731 | |
6732 | /* create new sadb_msg to reply. */ |
6733 | alen = 0; |
6734 | for (i = 1; i <= SADB_AALG_MAX; i++) { |
6735 | if (ah_algorithm_lookup(i)) |
6736 | alen += sizeof(struct sadb_alg); |
6737 | } |
6738 | if (alen) |
6739 | alen += sizeof(struct sadb_supported); |
6740 | elen = 0; |
6741 | for (i = 1; i <= SADB_EALG_MAX; i++) { |
6742 | if (esp_algorithm_lookup(i)) |
6743 | elen += sizeof(struct sadb_alg); |
6744 | } |
6745 | if (elen) |
6746 | elen += sizeof(struct sadb_supported); |
6747 | |
6748 | len = sizeof(struct sadb_msg) + alen + elen; |
6749 | |
6750 | if (len > MCLBYTES) |
6751 | return key_senderror(so, m, ENOBUFS); |
6752 | |
6753 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
6754 | if (len > MHLEN) { |
6755 | MCLGET(n, M_DONTWAIT); |
6756 | if ((n->m_flags & M_EXT) == 0) { |
6757 | m_freem(n); |
6758 | n = NULL; |
6759 | } |
6760 | } |
6761 | if (!n) |
6762 | return key_senderror(so, m, ENOBUFS); |
6763 | |
6764 | n->m_pkthdr.len = n->m_len = len; |
6765 | n->m_next = NULL; |
6766 | off = 0; |
6767 | |
6768 | m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off); |
6769 | newmsg = mtod(n, struct sadb_msg *); |
6770 | newmsg->sadb_msg_errno = 0; |
6771 | newmsg->sadb_msg_len = PFKEY_UNIT64(len); |
6772 | off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); |
6773 | |
6774 | /* for authentication algorithm */ |
6775 | if (alen) { |
6776 | sup = (struct sadb_supported *)(mtod(n, char *) + off); |
6777 | sup->sadb_supported_len = PFKEY_UNIT64(alen); |
6778 | sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; |
6779 | off += PFKEY_ALIGN8(sizeof(*sup)); |
6780 | |
6781 | for (i = 1; i <= SADB_AALG_MAX; i++) { |
6782 | const struct auth_hash *aalgo; |
6783 | u_int16_t minkeysize, maxkeysize; |
6784 | |
6785 | aalgo = ah_algorithm_lookup(i); |
6786 | if (!aalgo) |
6787 | continue; |
6788 | alg = (struct sadb_alg *)(mtod(n, char *) + off); |
6789 | alg->sadb_alg_id = i; |
6790 | alg->sadb_alg_ivlen = 0; |
6791 | key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); |
6792 | alg->sadb_alg_minbits = _BITS(minkeysize); |
6793 | alg->sadb_alg_maxbits = _BITS(maxkeysize); |
6794 | off += PFKEY_ALIGN8(sizeof(*alg)); |
6795 | } |
6796 | } |
6797 | |
6798 | /* for encryption algorithm */ |
6799 | if (elen) { |
6800 | sup = (struct sadb_supported *)(mtod(n, char *) + off); |
6801 | sup->sadb_supported_len = PFKEY_UNIT64(elen); |
6802 | sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; |
6803 | off += PFKEY_ALIGN8(sizeof(*sup)); |
6804 | |
6805 | for (i = 1; i <= SADB_EALG_MAX; i++) { |
6806 | const struct enc_xform *ealgo; |
6807 | |
6808 | ealgo = esp_algorithm_lookup(i); |
6809 | if (!ealgo) |
6810 | continue; |
6811 | alg = (struct sadb_alg *)(mtod(n, char *) + off); |
6812 | alg->sadb_alg_id = i; |
6813 | alg->sadb_alg_ivlen = ealgo->blocksize; |
6814 | alg->sadb_alg_minbits = _BITS(ealgo->minkey); |
6815 | alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); |
6816 | off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); |
6817 | } |
6818 | } |
6819 | |
6820 | #ifdef DIAGNOSTIC |
6821 | if (off != len) |
6822 | panic("length assumption failed in key_register" ); |
6823 | #endif |
6824 | |
6825 | m_freem(m); |
6826 | return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); |
6827 | } |
6828 | } |
6829 | |
6830 | /* |
6831 | * free secreg entry registered. |
6832 | * XXX: I want to do free a socket marked done SADB_RESIGER to socket. |
6833 | */ |
6834 | void |
6835 | key_freereg(struct socket *so) |
6836 | { |
6837 | struct secreg *reg; |
6838 | int i; |
6839 | |
6840 | /* sanity check */ |
6841 | if (so == NULL) |
6842 | panic("key_freereg: NULL pointer is passed" ); |
6843 | |
6844 | /* |
6845 | * check whether existing or not. |
6846 | * check all type of SA, because there is a potential that |
6847 | * one socket is registered to multiple type of SA. |
6848 | */ |
6849 | for (i = 0; i <= SADB_SATYPE_MAX; i++) { |
6850 | LIST_FOREACH(reg, ®tree[i], chain) { |
6851 | if (reg->so == so |
6852 | && __LIST_CHAINED(reg)) { |
6853 | LIST_REMOVE(reg, chain); |
6854 | KFREE(reg); |
6855 | break; |
6856 | } |
6857 | } |
6858 | } |
6859 | |
6860 | return; |
6861 | } |
6862 | |
6863 | /* |
6864 | * SADB_EXPIRE processing |
6865 | * send |
6866 | * <base, SA, SA2, lifetime(C and one of HS), address(SD)> |
6867 | * to KMD by PF_KEY. |
6868 | * NOTE: We send only soft lifetime extension. |
6869 | * |
6870 | * OUT: 0 : succeed |
6871 | * others : error number |
6872 | */ |
6873 | static int |
6874 | key_expire(struct secasvar *sav) |
6875 | { |
6876 | int s; |
6877 | int satype; |
6878 | struct mbuf *result = NULL, *m; |
6879 | int len; |
6880 | int error = -1; |
6881 | struct sadb_lifetime *lt; |
6882 | |
6883 | /* XXX: Why do we lock ? */ |
6884 | s = splsoftnet(); /*called from softclock()*/ |
6885 | |
6886 | /* sanity check */ |
6887 | if (sav == NULL) |
6888 | panic("key_expire: NULL pointer is passed" ); |
6889 | if (sav->sah == NULL) |
6890 | panic("key_expire: Why was SA index in SA NULL" ); |
6891 | if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) |
6892 | panic("key_expire: invalid proto is passed" ); |
6893 | |
6894 | /* set msg header */ |
6895 | m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); |
6896 | if (!m) { |
6897 | error = ENOBUFS; |
6898 | goto fail; |
6899 | } |
6900 | result = m; |
6901 | |
6902 | /* create SA extension */ |
6903 | m = key_setsadbsa(sav); |
6904 | if (!m) { |
6905 | error = ENOBUFS; |
6906 | goto fail; |
6907 | } |
6908 | m_cat(result, m); |
6909 | |
6910 | /* create SA extension */ |
6911 | m = key_setsadbxsa2(sav->sah->saidx.mode, |
6912 | sav->replay ? sav->replay->count : 0, |
6913 | sav->sah->saidx.reqid); |
6914 | if (!m) { |
6915 | error = ENOBUFS; |
6916 | goto fail; |
6917 | } |
6918 | m_cat(result, m); |
6919 | |
6920 | /* create lifetime extension (current and soft) */ |
6921 | len = PFKEY_ALIGN8(sizeof(*lt)) * 2; |
6922 | m = key_alloc_mbuf(len); |
6923 | if (!m || m->m_next) { /*XXX*/ |
6924 | if (m) |
6925 | m_freem(m); |
6926 | error = ENOBUFS; |
6927 | goto fail; |
6928 | } |
6929 | memset(mtod(m, void *), 0, len); |
6930 | lt = mtod(m, struct sadb_lifetime *); |
6931 | lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); |
6932 | lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; |
6933 | lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations; |
6934 | lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes; |
6935 | lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime |
6936 | + time_second - time_uptime; |
6937 | lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime |
6938 | + time_second - time_uptime; |
6939 | lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2); |
6940 | memcpy(lt, sav->lft_s, sizeof(*lt)); |
6941 | m_cat(result, m); |
6942 | |
6943 | /* set sadb_address for source */ |
6944 | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, |
6945 | &sav->sah->saidx.src.sa, |
6946 | FULLMASK, IPSEC_ULPROTO_ANY); |
6947 | if (!m) { |
6948 | error = ENOBUFS; |
6949 | goto fail; |
6950 | } |
6951 | m_cat(result, m); |
6952 | |
6953 | /* set sadb_address for destination */ |
6954 | m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, |
6955 | &sav->sah->saidx.dst.sa, |
6956 | FULLMASK, IPSEC_ULPROTO_ANY); |
6957 | if (!m) { |
6958 | error = ENOBUFS; |
6959 | goto fail; |
6960 | } |
6961 | m_cat(result, m); |
6962 | |
6963 | if ((result->m_flags & M_PKTHDR) == 0) { |
6964 | error = EINVAL; |
6965 | goto fail; |
6966 | } |
6967 | |
6968 | if (result->m_len < sizeof(struct sadb_msg)) { |
6969 | result = m_pullup(result, sizeof(struct sadb_msg)); |
6970 | if (result == NULL) { |
6971 | error = ENOBUFS; |
6972 | goto fail; |
6973 | } |
6974 | } |
6975 | |
6976 | result->m_pkthdr.len = 0; |
6977 | for (m = result; m; m = m->m_next) |
6978 | result->m_pkthdr.len += m->m_len; |
6979 | |
6980 | mtod(result, struct sadb_msg *)->sadb_msg_len = |
6981 | PFKEY_UNIT64(result->m_pkthdr.len); |
6982 | |
6983 | splx(s); |
6984 | return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); |
6985 | |
6986 | fail: |
6987 | if (result) |
6988 | m_freem(result); |
6989 | splx(s); |
6990 | return error; |
6991 | } |
6992 | |
6993 | /* |
6994 | * SADB_FLUSH processing |
6995 | * receive |
6996 | * <base> |
6997 | * from the ikmpd, and free all entries in secastree. |
6998 | * and send, |
6999 | * <base> |
7000 | * to the ikmpd. |
7001 | * NOTE: to do is only marking SADB_SASTATE_DEAD. |
7002 | * |
7003 | * m will always be freed. |
7004 | */ |
7005 | static int |
7006 | key_flush(struct socket *so, struct mbuf *m, |
7007 | const struct sadb_msghdr *mhp) |
7008 | { |
7009 | struct sadb_msg *newmsg; |
7010 | struct secashead *sah, *nextsah; |
7011 | struct secasvar *sav, *nextsav; |
7012 | u_int16_t proto; |
7013 | u_int8_t state; |
7014 | u_int stateidx; |
7015 | |
7016 | /* sanity check */ |
7017 | if (so == NULL || mhp == NULL || mhp->msg == NULL) |
7018 | panic("key_flush: NULL pointer is passed" ); |
7019 | |
7020 | /* map satype to proto */ |
7021 | if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { |
7022 | ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n" )); |
7023 | return key_senderror(so, m, EINVAL); |
7024 | } |
7025 | |
7026 | /* no SATYPE specified, i.e. flushing all SA. */ |
7027 | for (sah = LIST_FIRST(&sahtree); |
7028 | sah != NULL; |
7029 | sah = nextsah) { |
7030 | nextsah = LIST_NEXT(sah, chain); |
7031 | |
7032 | if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC |
7033 | && proto != sah->saidx.proto) |
7034 | continue; |
7035 | |
7036 | for (stateidx = 0; |
7037 | stateidx < _ARRAYLEN(saorder_state_alive); |
7038 | stateidx++) { |
7039 | state = saorder_state_any[stateidx]; |
7040 | for (sav = LIST_FIRST(&sah->savtree[state]); |
7041 | sav != NULL; |
7042 | sav = nextsav) { |
7043 | |
7044 | nextsav = LIST_NEXT(sav, chain); |
7045 | |
7046 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
7047 | KEY_FREESAV(&sav); |
7048 | } |
7049 | } |
7050 | |
7051 | sah->state = SADB_SASTATE_DEAD; |
7052 | } |
7053 | |
7054 | if (m->m_len < sizeof(struct sadb_msg) || |
7055 | sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { |
7056 | ipseclog((LOG_DEBUG, "key_flush: No more memory.\n" )); |
7057 | return key_senderror(so, m, ENOBUFS); |
7058 | } |
7059 | |
7060 | if (m->m_next) |
7061 | m_freem(m->m_next); |
7062 | m->m_next = NULL; |
7063 | m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); |
7064 | newmsg = mtod(m, struct sadb_msg *); |
7065 | newmsg->sadb_msg_errno = 0; |
7066 | newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); |
7067 | |
7068 | return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); |
7069 | } |
7070 | |
7071 | |
7072 | static struct mbuf * |
7073 | key_setdump_chain(u_int8_t req_satype, int *errorp, int *lenp, pid_t pid) |
7074 | { |
7075 | struct secashead *sah; |
7076 | struct secasvar *sav; |
7077 | u_int16_t proto; |
7078 | u_int stateidx; |
7079 | u_int8_t satype; |
7080 | u_int8_t state; |
7081 | int cnt; |
7082 | struct mbuf *m, *n, *prev; |
7083 | |
7084 | *lenp = 0; |
7085 | |
7086 | /* map satype to proto */ |
7087 | if ((proto = key_satype2proto(req_satype)) == 0) { |
7088 | *errorp = EINVAL; |
7089 | return (NULL); |
7090 | } |
7091 | |
7092 | /* count sav entries to be sent to userland. */ |
7093 | cnt = 0; |
7094 | LIST_FOREACH(sah, &sahtree, chain) { |
7095 | if (req_satype != SADB_SATYPE_UNSPEC && |
7096 | proto != sah->saidx.proto) |
7097 | continue; |
7098 | |
7099 | for (stateidx = 0; |
7100 | stateidx < _ARRAYLEN(saorder_state_any); |
7101 | stateidx++) { |
7102 | state = saorder_state_any[stateidx]; |
7103 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
7104 | cnt++; |
7105 | } |
7106 | } |
7107 | } |
7108 | |
7109 | if (cnt == 0) { |
7110 | *errorp = ENOENT; |
7111 | return (NULL); |
7112 | } |
7113 | |
7114 | /* send this to the userland, one at a time. */ |
7115 | m = NULL; |
7116 | prev = m; |
7117 | LIST_FOREACH(sah, &sahtree, chain) { |
7118 | if (req_satype != SADB_SATYPE_UNSPEC && |
7119 | proto != sah->saidx.proto) |
7120 | continue; |
7121 | |
7122 | /* map proto to satype */ |
7123 | if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { |
7124 | m_freem(m); |
7125 | *errorp = EINVAL; |
7126 | return (NULL); |
7127 | } |
7128 | |
7129 | for (stateidx = 0; |
7130 | stateidx < _ARRAYLEN(saorder_state_any); |
7131 | stateidx++) { |
7132 | state = saorder_state_any[stateidx]; |
7133 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
7134 | n = key_setdumpsa(sav, SADB_DUMP, satype, |
7135 | --cnt, pid); |
7136 | if (!n) { |
7137 | m_freem(m); |
7138 | *errorp = ENOBUFS; |
7139 | return (NULL); |
7140 | } |
7141 | |
7142 | if (!m) |
7143 | m = n; |
7144 | else |
7145 | prev->m_nextpkt = n; |
7146 | prev = n; |
7147 | } |
7148 | } |
7149 | } |
7150 | |
7151 | if (!m) { |
7152 | *errorp = EINVAL; |
7153 | return (NULL); |
7154 | } |
7155 | |
7156 | if ((m->m_flags & M_PKTHDR) != 0) { |
7157 | m->m_pkthdr.len = 0; |
7158 | for (n = m; n; n = n->m_next) |
7159 | m->m_pkthdr.len += n->m_len; |
7160 | } |
7161 | |
7162 | *errorp = 0; |
7163 | return (m); |
7164 | } |
7165 | |
7166 | /* |
7167 | * SADB_DUMP processing |
7168 | * dump all entries including status of DEAD in SAD. |
7169 | * receive |
7170 | * <base> |
7171 | * from the ikmpd, and dump all secasvar leaves |
7172 | * and send, |
7173 | * <base> ..... |
7174 | * to the ikmpd. |
7175 | * |
7176 | * m will always be freed. |
7177 | */ |
7178 | static int |
7179 | key_dump(struct socket *so, struct mbuf *m0, |
7180 | const struct sadb_msghdr *mhp) |
7181 | { |
7182 | u_int16_t proto; |
7183 | u_int8_t satype; |
7184 | struct mbuf *n; |
7185 | int s; |
7186 | int error, len, ok; |
7187 | |
7188 | /* sanity check */ |
7189 | if (so == NULL || m0 == NULL || mhp == NULL || mhp->msg == NULL) |
7190 | panic("key_dump: NULL pointer is passed" ); |
7191 | |
7192 | /* map satype to proto */ |
7193 | satype = mhp->msg->sadb_msg_satype; |
7194 | if ((proto = key_satype2proto(satype)) == 0) { |
7195 | ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n" )); |
7196 | return key_senderror(so, m0, EINVAL); |
7197 | } |
7198 | |
7199 | /* |
7200 | * If the requestor has insufficient socket-buffer space |
7201 | * for the entire chain, nobody gets any response to the DUMP. |
7202 | * XXX For now, only the requestor ever gets anything. |
7203 | * Moreover, if the requestor has any space at all, they receive |
7204 | * the entire chain, otherwise the request is refused with ENOBUFS. |
7205 | */ |
7206 | if (sbspace(&so->so_rcv) <= 0) { |
7207 | return key_senderror(so, m0, ENOBUFS); |
7208 | } |
7209 | |
7210 | s = splsoftnet(); |
7211 | n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid); |
7212 | splx(s); |
7213 | |
7214 | if (n == NULL) { |
7215 | return key_senderror(so, m0, ENOENT); |
7216 | } |
7217 | { |
7218 | uint64_t *ps = PFKEY_STAT_GETREF(); |
7219 | ps[PFKEY_STAT_IN_TOTAL]++; |
7220 | ps[PFKEY_STAT_IN_BYTES] += len; |
7221 | PFKEY_STAT_PUTREF(); |
7222 | } |
7223 | |
7224 | /* |
7225 | * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets. |
7226 | * The requestor receives either the entire chain, or an |
7227 | * error message with ENOBUFS. |
7228 | * |
7229 | * sbappendaddrchain() takes the chain of entries, one |
7230 | * packet-record per SPD entry, prepends the key_src sockaddr |
7231 | * to each packet-record, links the sockaddr mbufs into a new |
7232 | * list of records, then appends the entire resulting |
7233 | * list to the requesting socket. |
7234 | */ |
7235 | ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, |
7236 | n, SB_PRIO_ONESHOT_OVERFLOW); |
7237 | |
7238 | if (!ok) { |
7239 | PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); |
7240 | m_freem(n); |
7241 | return key_senderror(so, m0, ENOBUFS); |
7242 | } |
7243 | |
7244 | m_freem(m0); |
7245 | return 0; |
7246 | } |
7247 | |
7248 | /* |
7249 | * SADB_X_PROMISC processing |
7250 | * |
7251 | * m will always be freed. |
7252 | */ |
7253 | static int |
7254 | key_promisc(struct socket *so, struct mbuf *m, |
7255 | const struct sadb_msghdr *mhp) |
7256 | { |
7257 | int olen; |
7258 | |
7259 | /* sanity check */ |
7260 | if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) |
7261 | panic("key_promisc: NULL pointer is passed" ); |
7262 | |
7263 | olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); |
7264 | |
7265 | if (olen < sizeof(struct sadb_msg)) { |
7266 | #if 1 |
7267 | return key_senderror(so, m, EINVAL); |
7268 | #else |
7269 | m_freem(m); |
7270 | return 0; |
7271 | #endif |
7272 | } else if (olen == sizeof(struct sadb_msg)) { |
7273 | /* enable/disable promisc mode */ |
7274 | struct keycb *kp; |
7275 | |
7276 | if ((kp = (struct keycb *)sotorawcb(so)) == NULL) |
7277 | return key_senderror(so, m, EINVAL); |
7278 | mhp->msg->sadb_msg_errno = 0; |
7279 | switch (mhp->msg->sadb_msg_satype) { |
7280 | case 0: |
7281 | case 1: |
7282 | kp->kp_promisc = mhp->msg->sadb_msg_satype; |
7283 | break; |
7284 | default: |
7285 | return key_senderror(so, m, EINVAL); |
7286 | } |
7287 | |
7288 | /* send the original message back to everyone */ |
7289 | mhp->msg->sadb_msg_errno = 0; |
7290 | return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); |
7291 | } else { |
7292 | /* send packet as is */ |
7293 | |
7294 | m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); |
7295 | |
7296 | /* TODO: if sadb_msg_seq is specified, send to specific pid */ |
7297 | return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); |
7298 | } |
7299 | } |
7300 | |
7301 | static int (*key_typesw[]) (struct socket *, struct mbuf *, |
7302 | const struct sadb_msghdr *) = { |
7303 | NULL, /* SADB_RESERVED */ |
7304 | key_getspi, /* SADB_GETSPI */ |
7305 | key_update, /* SADB_UPDATE */ |
7306 | key_add, /* SADB_ADD */ |
7307 | key_delete, /* SADB_DELETE */ |
7308 | key_get, /* SADB_GET */ |
7309 | key_acquire2, /* SADB_ACQUIRE */ |
7310 | key_register, /* SADB_REGISTER */ |
7311 | NULL, /* SADB_EXPIRE */ |
7312 | key_flush, /* SADB_FLUSH */ |
7313 | key_dump, /* SADB_DUMP */ |
7314 | key_promisc, /* SADB_X_PROMISC */ |
7315 | NULL, /* SADB_X_PCHANGE */ |
7316 | key_spdadd, /* SADB_X_SPDUPDATE */ |
7317 | key_spdadd, /* SADB_X_SPDADD */ |
7318 | key_spddelete, /* SADB_X_SPDDELETE */ |
7319 | key_spdget, /* SADB_X_SPDGET */ |
7320 | NULL, /* SADB_X_SPDACQUIRE */ |
7321 | key_spddump, /* SADB_X_SPDDUMP */ |
7322 | key_spdflush, /* SADB_X_SPDFLUSH */ |
7323 | key_spdadd, /* SADB_X_SPDSETIDX */ |
7324 | NULL, /* SADB_X_SPDEXPIRE */ |
7325 | key_spddelete2, /* SADB_X_SPDDELETE2 */ |
7326 | key_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */ |
7327 | }; |
7328 | |
7329 | /* |
7330 | * parse sadb_msg buffer to process PFKEYv2, |
7331 | * and create a data to response if needed. |
7332 | * I think to be dealed with mbuf directly. |
7333 | * IN: |
7334 | * msgp : pointer to pointer to a received buffer pulluped. |
7335 | * This is rewrited to response. |
7336 | * so : pointer to socket. |
7337 | * OUT: |
7338 | * length for buffer to send to user process. |
7339 | */ |
7340 | int |
7341 | key_parse(struct mbuf *m, struct socket *so) |
7342 | { |
7343 | struct sadb_msg *msg; |
7344 | struct sadb_msghdr mh; |
7345 | u_int orglen; |
7346 | int error; |
7347 | int target; |
7348 | |
7349 | /* sanity check */ |
7350 | if (m == NULL || so == NULL) |
7351 | panic("key_parse: NULL pointer is passed" ); |
7352 | |
7353 | #if 0 /*kdebug_sadb assumes msg in linear buffer*/ |
7354 | KEYDEBUG(KEYDEBUG_KEY_DUMP, |
7355 | ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n" )); |
7356 | kdebug_sadb(msg)); |
7357 | #endif |
7358 | |
7359 | if (m->m_len < sizeof(struct sadb_msg)) { |
7360 | m = m_pullup(m, sizeof(struct sadb_msg)); |
7361 | if (!m) |
7362 | return ENOBUFS; |
7363 | } |
7364 | msg = mtod(m, struct sadb_msg *); |
7365 | orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); |
7366 | target = KEY_SENDUP_ONE; |
7367 | |
7368 | if ((m->m_flags & M_PKTHDR) == 0 || |
7369 | m->m_pkthdr.len != orglen) { |
7370 | ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n" )); |
7371 | PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); |
7372 | error = EINVAL; |
7373 | goto senderror; |
7374 | } |
7375 | |
7376 | if (msg->sadb_msg_version != PF_KEY_V2) { |
7377 | ipseclog((LOG_DEBUG, |
7378 | "key_parse: PF_KEY version %u is mismatched.\n" , |
7379 | msg->sadb_msg_version)); |
7380 | PFKEY_STATINC(PFKEY_STAT_OUT_INVVER); |
7381 | error = EINVAL; |
7382 | goto senderror; |
7383 | } |
7384 | |
7385 | if (msg->sadb_msg_type > SADB_MAX) { |
7386 | ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n" , |
7387 | msg->sadb_msg_type)); |
7388 | PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); |
7389 | error = EINVAL; |
7390 | goto senderror; |
7391 | } |
7392 | |
7393 | /* for old-fashioned code - should be nuked */ |
7394 | if (m->m_pkthdr.len > MCLBYTES) { |
7395 | m_freem(m); |
7396 | return ENOBUFS; |
7397 | } |
7398 | if (m->m_next) { |
7399 | struct mbuf *n; |
7400 | |
7401 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
7402 | if (n && m->m_pkthdr.len > MHLEN) { |
7403 | MCLGET(n, M_DONTWAIT); |
7404 | if ((n->m_flags & M_EXT) == 0) { |
7405 | m_free(n); |
7406 | n = NULL; |
7407 | } |
7408 | } |
7409 | if (!n) { |
7410 | m_freem(m); |
7411 | return ENOBUFS; |
7412 | } |
7413 | m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *)); |
7414 | n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; |
7415 | n->m_next = NULL; |
7416 | m_freem(m); |
7417 | m = n; |
7418 | } |
7419 | |
7420 | /* align the mbuf chain so that extensions are in contiguous region. */ |
7421 | error = key_align(m, &mh); |
7422 | if (error) |
7423 | return error; |
7424 | |
7425 | if (m->m_next) { /*XXX*/ |
7426 | m_freem(m); |
7427 | return ENOBUFS; |
7428 | } |
7429 | |
7430 | msg = mh.msg; |
7431 | |
7432 | /* check SA type */ |
7433 | switch (msg->sadb_msg_satype) { |
7434 | case SADB_SATYPE_UNSPEC: |
7435 | switch (msg->sadb_msg_type) { |
7436 | case SADB_GETSPI: |
7437 | case SADB_UPDATE: |
7438 | case SADB_ADD: |
7439 | case SADB_DELETE: |
7440 | case SADB_GET: |
7441 | case SADB_ACQUIRE: |
7442 | case SADB_EXPIRE: |
7443 | ipseclog((LOG_DEBUG, "key_parse: must specify satype " |
7444 | "when msg type=%u.\n" , msg->sadb_msg_type)); |
7445 | PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); |
7446 | error = EINVAL; |
7447 | goto senderror; |
7448 | } |
7449 | break; |
7450 | case SADB_SATYPE_AH: |
7451 | case SADB_SATYPE_ESP: |
7452 | case SADB_X_SATYPE_IPCOMP: |
7453 | case SADB_X_SATYPE_TCPSIGNATURE: |
7454 | switch (msg->sadb_msg_type) { |
7455 | case SADB_X_SPDADD: |
7456 | case SADB_X_SPDDELETE: |
7457 | case SADB_X_SPDGET: |
7458 | case SADB_X_SPDDUMP: |
7459 | case SADB_X_SPDFLUSH: |
7460 | case SADB_X_SPDSETIDX: |
7461 | case SADB_X_SPDUPDATE: |
7462 | case SADB_X_SPDDELETE2: |
7463 | ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n" , |
7464 | msg->sadb_msg_type)); |
7465 | PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); |
7466 | error = EINVAL; |
7467 | goto senderror; |
7468 | } |
7469 | break; |
7470 | case SADB_SATYPE_RSVP: |
7471 | case SADB_SATYPE_OSPFV2: |
7472 | case SADB_SATYPE_RIPV2: |
7473 | case SADB_SATYPE_MIP: |
7474 | ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n" , |
7475 | msg->sadb_msg_satype)); |
7476 | PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); |
7477 | error = EOPNOTSUPP; |
7478 | goto senderror; |
7479 | case 1: /* XXX: What does it do? */ |
7480 | if (msg->sadb_msg_type == SADB_X_PROMISC) |
7481 | break; |
7482 | /*FALLTHROUGH*/ |
7483 | default: |
7484 | ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n" , |
7485 | msg->sadb_msg_satype)); |
7486 | PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE); |
7487 | error = EINVAL; |
7488 | goto senderror; |
7489 | } |
7490 | |
7491 | /* check field of upper layer protocol and address family */ |
7492 | if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL |
7493 | && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { |
7494 | struct sadb_address *src0, *dst0; |
7495 | u_int plen; |
7496 | |
7497 | src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); |
7498 | dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); |
7499 | |
7500 | /* check upper layer protocol */ |
7501 | if (src0->sadb_address_proto != dst0->sadb_address_proto) { |
7502 | ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n" )); |
7503 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7504 | error = EINVAL; |
7505 | goto senderror; |
7506 | } |
7507 | |
7508 | /* check family */ |
7509 | if (PFKEY_ADDR_SADDR(src0)->sa_family != |
7510 | PFKEY_ADDR_SADDR(dst0)->sa_family) { |
7511 | ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n" )); |
7512 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7513 | error = EINVAL; |
7514 | goto senderror; |
7515 | } |
7516 | if (PFKEY_ADDR_SADDR(src0)->sa_len != |
7517 | PFKEY_ADDR_SADDR(dst0)->sa_len) { |
7518 | ipseclog((LOG_DEBUG, |
7519 | "key_parse: address struct size mismatched.\n" )); |
7520 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7521 | error = EINVAL; |
7522 | goto senderror; |
7523 | } |
7524 | |
7525 | switch (PFKEY_ADDR_SADDR(src0)->sa_family) { |
7526 | case AF_INET: |
7527 | if (PFKEY_ADDR_SADDR(src0)->sa_len != |
7528 | sizeof(struct sockaddr_in)) { |
7529 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7530 | error = EINVAL; |
7531 | goto senderror; |
7532 | } |
7533 | break; |
7534 | case AF_INET6: |
7535 | if (PFKEY_ADDR_SADDR(src0)->sa_len != |
7536 | sizeof(struct sockaddr_in6)) { |
7537 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7538 | error = EINVAL; |
7539 | goto senderror; |
7540 | } |
7541 | break; |
7542 | default: |
7543 | ipseclog((LOG_DEBUG, |
7544 | "key_parse: unsupported address family.\n" )); |
7545 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7546 | error = EAFNOSUPPORT; |
7547 | goto senderror; |
7548 | } |
7549 | |
7550 | switch (PFKEY_ADDR_SADDR(src0)->sa_family) { |
7551 | case AF_INET: |
7552 | plen = sizeof(struct in_addr) << 3; |
7553 | break; |
7554 | case AF_INET6: |
7555 | plen = sizeof(struct in6_addr) << 3; |
7556 | break; |
7557 | default: |
7558 | plen = 0; /*fool gcc*/ |
7559 | break; |
7560 | } |
7561 | |
7562 | /* check max prefix length */ |
7563 | if (src0->sadb_address_prefixlen > plen || |
7564 | dst0->sadb_address_prefixlen > plen) { |
7565 | ipseclog((LOG_DEBUG, |
7566 | "key_parse: illegal prefixlen.\n" )); |
7567 | PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR); |
7568 | error = EINVAL; |
7569 | goto senderror; |
7570 | } |
7571 | |
7572 | /* |
7573 | * prefixlen == 0 is valid because there can be a case when |
7574 | * all addresses are matched. |
7575 | */ |
7576 | } |
7577 | |
7578 | if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || |
7579 | key_typesw[msg->sadb_msg_type] == NULL) { |
7580 | PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE); |
7581 | error = EINVAL; |
7582 | goto senderror; |
7583 | } |
7584 | |
7585 | return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); |
7586 | |
7587 | senderror: |
7588 | msg->sadb_msg_errno = error; |
7589 | return key_sendup_mbuf(so, m, target); |
7590 | } |
7591 | |
7592 | static int |
7593 | key_senderror(struct socket *so, struct mbuf *m, int code) |
7594 | { |
7595 | struct sadb_msg *msg; |
7596 | |
7597 | if (m->m_len < sizeof(struct sadb_msg)) |
7598 | panic("invalid mbuf passed to key_senderror" ); |
7599 | |
7600 | msg = mtod(m, struct sadb_msg *); |
7601 | msg->sadb_msg_errno = code; |
7602 | return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); |
7603 | } |
7604 | |
7605 | /* |
7606 | * set the pointer to each header into message buffer. |
7607 | * m will be freed on error. |
7608 | * XXX larger-than-MCLBYTES extension? |
7609 | */ |
7610 | static int |
7611 | key_align(struct mbuf *m, struct sadb_msghdr *mhp) |
7612 | { |
7613 | struct mbuf *n; |
7614 | struct sadb_ext *ext; |
7615 | size_t off, end; |
7616 | int extlen; |
7617 | int toff; |
7618 | |
7619 | /* sanity check */ |
7620 | if (m == NULL || mhp == NULL) |
7621 | panic("key_align: NULL pointer is passed" ); |
7622 | if (m->m_len < sizeof(struct sadb_msg)) |
7623 | panic("invalid mbuf passed to key_align" ); |
7624 | |
7625 | /* initialize */ |
7626 | memset(mhp, 0, sizeof(*mhp)); |
7627 | |
7628 | mhp->msg = mtod(m, struct sadb_msg *); |
7629 | mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ |
7630 | |
7631 | end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); |
7632 | extlen = end; /*just in case extlen is not updated*/ |
7633 | for (off = sizeof(struct sadb_msg); off < end; off += extlen) { |
7634 | n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); |
7635 | if (!n) { |
7636 | /* m is already freed */ |
7637 | return ENOBUFS; |
7638 | } |
7639 | ext = (struct sadb_ext *)(mtod(n, char *) + toff); |
7640 | |
7641 | /* set pointer */ |
7642 | switch (ext->sadb_ext_type) { |
7643 | case SADB_EXT_SA: |
7644 | case SADB_EXT_ADDRESS_SRC: |
7645 | case SADB_EXT_ADDRESS_DST: |
7646 | case SADB_EXT_ADDRESS_PROXY: |
7647 | case SADB_EXT_LIFETIME_CURRENT: |
7648 | case SADB_EXT_LIFETIME_HARD: |
7649 | case SADB_EXT_LIFETIME_SOFT: |
7650 | case SADB_EXT_KEY_AUTH: |
7651 | case SADB_EXT_KEY_ENCRYPT: |
7652 | case SADB_EXT_IDENTITY_SRC: |
7653 | case SADB_EXT_IDENTITY_DST: |
7654 | case SADB_EXT_SENSITIVITY: |
7655 | case SADB_EXT_PROPOSAL: |
7656 | case SADB_EXT_SUPPORTED_AUTH: |
7657 | case SADB_EXT_SUPPORTED_ENCRYPT: |
7658 | case SADB_EXT_SPIRANGE: |
7659 | case SADB_X_EXT_POLICY: |
7660 | case SADB_X_EXT_SA2: |
7661 | case SADB_X_EXT_NAT_T_TYPE: |
7662 | case SADB_X_EXT_NAT_T_SPORT: |
7663 | case SADB_X_EXT_NAT_T_DPORT: |
7664 | case SADB_X_EXT_NAT_T_OAI: |
7665 | case SADB_X_EXT_NAT_T_OAR: |
7666 | case SADB_X_EXT_NAT_T_FRAG: |
7667 | /* duplicate check */ |
7668 | /* |
7669 | * XXX Are there duplication payloads of either |
7670 | * KEY_AUTH or KEY_ENCRYPT ? |
7671 | */ |
7672 | if (mhp->ext[ext->sadb_ext_type] != NULL) { |
7673 | ipseclog((LOG_DEBUG, |
7674 | "key_align: duplicate ext_type %u " |
7675 | "is passed.\n" , ext->sadb_ext_type)); |
7676 | m_freem(m); |
7677 | PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT); |
7678 | return EINVAL; |
7679 | } |
7680 | break; |
7681 | default: |
7682 | ipseclog((LOG_DEBUG, |
7683 | "key_align: invalid ext_type %u is passed.\n" , |
7684 | ext->sadb_ext_type)); |
7685 | m_freem(m); |
7686 | PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE); |
7687 | return EINVAL; |
7688 | } |
7689 | |
7690 | extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); |
7691 | |
7692 | if (key_validate_ext(ext, extlen)) { |
7693 | m_freem(m); |
7694 | PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); |
7695 | return EINVAL; |
7696 | } |
7697 | |
7698 | n = m_pulldown(m, off, extlen, &toff); |
7699 | if (!n) { |
7700 | /* m is already freed */ |
7701 | return ENOBUFS; |
7702 | } |
7703 | ext = (struct sadb_ext *)(mtod(n, char *) + toff); |
7704 | |
7705 | mhp->ext[ext->sadb_ext_type] = ext; |
7706 | mhp->extoff[ext->sadb_ext_type] = off; |
7707 | mhp->extlen[ext->sadb_ext_type] = extlen; |
7708 | } |
7709 | |
7710 | if (off != end) { |
7711 | m_freem(m); |
7712 | PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); |
7713 | return EINVAL; |
7714 | } |
7715 | |
7716 | return 0; |
7717 | } |
7718 | |
7719 | static int |
7720 | key_validate_ext(const struct sadb_ext *ext, int len) |
7721 | { |
7722 | const struct sockaddr *sa; |
7723 | enum { NONE, ADDR } checktype = NONE; |
7724 | int baselen = 0; |
7725 | const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); |
7726 | |
7727 | if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) |
7728 | return EINVAL; |
7729 | |
7730 | /* if it does not match minimum/maximum length, bail */ |
7731 | if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) || |
7732 | ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0])) |
7733 | return EINVAL; |
7734 | if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) |
7735 | return EINVAL; |
7736 | if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) |
7737 | return EINVAL; |
7738 | |
7739 | /* more checks based on sadb_ext_type XXX need more */ |
7740 | switch (ext->sadb_ext_type) { |
7741 | case SADB_EXT_ADDRESS_SRC: |
7742 | case SADB_EXT_ADDRESS_DST: |
7743 | case SADB_EXT_ADDRESS_PROXY: |
7744 | baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); |
7745 | checktype = ADDR; |
7746 | break; |
7747 | case SADB_EXT_IDENTITY_SRC: |
7748 | case SADB_EXT_IDENTITY_DST: |
7749 | if (((const struct sadb_ident *)ext)->sadb_ident_type == |
7750 | SADB_X_IDENTTYPE_ADDR) { |
7751 | baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); |
7752 | checktype = ADDR; |
7753 | } else |
7754 | checktype = NONE; |
7755 | break; |
7756 | default: |
7757 | checktype = NONE; |
7758 | break; |
7759 | } |
7760 | |
7761 | switch (checktype) { |
7762 | case NONE: |
7763 | break; |
7764 | case ADDR: |
7765 | sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); |
7766 | if (len < baselen + sal) |
7767 | return EINVAL; |
7768 | if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) |
7769 | return EINVAL; |
7770 | break; |
7771 | } |
7772 | |
7773 | return 0; |
7774 | } |
7775 | |
7776 | static int |
7777 | key_do_init(void) |
7778 | { |
7779 | int i; |
7780 | |
7781 | pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS); |
7782 | |
7783 | callout_init(&key_timehandler_ch, 0); |
7784 | |
7785 | for (i = 0; i < IPSEC_DIR_MAX; i++) { |
7786 | LIST_INIT(&sptree[i]); |
7787 | } |
7788 | |
7789 | LIST_INIT(&sahtree); |
7790 | |
7791 | for (i = 0; i <= SADB_SATYPE_MAX; i++) { |
7792 | LIST_INIT(®tree[i]); |
7793 | } |
7794 | |
7795 | #ifndef IPSEC_NONBLOCK_ACQUIRE |
7796 | LIST_INIT(&acqtree); |
7797 | #endif |
7798 | LIST_INIT(&spacqtree); |
7799 | |
7800 | /* system default */ |
7801 | ip4_def_policy.policy = IPSEC_POLICY_NONE; |
7802 | ip4_def_policy.refcnt++; /*never reclaim this*/ |
7803 | |
7804 | #ifdef INET6 |
7805 | ip6_def_policy.policy = IPSEC_POLICY_NONE; |
7806 | ip6_def_policy.refcnt++; /*never reclaim this*/ |
7807 | #endif |
7808 | |
7809 | |
7810 | #ifndef IPSEC_DEBUG2 |
7811 | callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL); |
7812 | #endif /*IPSEC_DEBUG2*/ |
7813 | |
7814 | /* initialize key statistics */ |
7815 | keystat.getspi_count = 1; |
7816 | |
7817 | aprint_verbose("IPsec: Initialized Security Association Processing.\n" ); |
7818 | |
7819 | return (0); |
7820 | } |
7821 | |
7822 | void |
7823 | key_init(void) |
7824 | { |
7825 | static ONCE_DECL(key_init_once); |
7826 | |
7827 | RUN_ONCE(&key_init_once, key_do_init); |
7828 | } |
7829 | |
7830 | /* |
7831 | * XXX: maybe This function is called after INBOUND IPsec processing. |
7832 | * |
7833 | * Special check for tunnel-mode packets. |
7834 | * We must make some checks for consistency between inner and outer IP header. |
7835 | * |
7836 | * xxx more checks to be provided |
7837 | */ |
7838 | int |
7839 | key_checktunnelsanity( |
7840 | struct secasvar *sav, |
7841 | u_int family, |
7842 | void *src, |
7843 | void *dst |
7844 | ) |
7845 | { |
7846 | /* sanity check */ |
7847 | if (sav->sah == NULL) |
7848 | panic("sav->sah == NULL at key_checktunnelsanity" ); |
7849 | |
7850 | /* XXX: check inner IP header */ |
7851 | |
7852 | return 1; |
7853 | } |
7854 | |
7855 | #if 0 |
7856 | #define hostnamelen strlen(hostname) |
7857 | |
7858 | /* |
7859 | * Get FQDN for the host. |
7860 | * If the administrator configured hostname (by hostname(1)) without |
7861 | * domain name, returns nothing. |
7862 | */ |
7863 | static const char * |
7864 | key_getfqdn(void) |
7865 | { |
7866 | int i; |
7867 | int hasdot; |
7868 | static char fqdn[MAXHOSTNAMELEN + 1]; |
7869 | |
7870 | if (!hostnamelen) |
7871 | return NULL; |
7872 | |
7873 | /* check if it comes with domain name. */ |
7874 | hasdot = 0; |
7875 | for (i = 0; i < hostnamelen; i++) { |
7876 | if (hostname[i] == '.') |
7877 | hasdot++; |
7878 | } |
7879 | if (!hasdot) |
7880 | return NULL; |
7881 | |
7882 | /* NOTE: hostname may not be NUL-terminated. */ |
7883 | memset(fqdn, 0, sizeof(fqdn)); |
7884 | memcpy(fqdn, hostname, hostnamelen); |
7885 | fqdn[hostnamelen] = '\0'; |
7886 | return fqdn; |
7887 | } |
7888 | |
7889 | /* |
7890 | * get username@FQDN for the host/user. |
7891 | */ |
7892 | static const char * |
7893 | key_getuserfqdn(void) |
7894 | { |
7895 | const char *host; |
7896 | static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2]; |
7897 | struct proc *p = curproc; |
7898 | char *q; |
7899 | |
7900 | if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) |
7901 | return NULL; |
7902 | if (!(host = key_getfqdn())) |
7903 | return NULL; |
7904 | |
7905 | /* NOTE: s_login may not be-NUL terminated. */ |
7906 | memset(userfqdn, 0, sizeof(userfqdn)); |
7907 | memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME); |
7908 | userfqdn[MAXLOGNAME] = '\0'; /* safeguard */ |
7909 | q = userfqdn + strlen(userfqdn); |
7910 | *q++ = '@'; |
7911 | memcpy(q, host, strlen(host)); |
7912 | q += strlen(host); |
7913 | *q++ = '\0'; |
7914 | |
7915 | return userfqdn; |
7916 | } |
7917 | #endif |
7918 | |
7919 | /* record data transfer on SA, and update timestamps */ |
7920 | void |
7921 | key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) |
7922 | { |
7923 | IPSEC_ASSERT(sav != NULL, ("key_sa_recordxfer: Null secasvar" )); |
7924 | IPSEC_ASSERT(m != NULL, ("key_sa_recordxfer: Null mbuf" )); |
7925 | if (!sav->lft_c) |
7926 | return; |
7927 | |
7928 | /* |
7929 | * XXX Currently, there is a difference of bytes size |
7930 | * between inbound and outbound processing. |
7931 | */ |
7932 | sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len; |
7933 | /* to check bytes lifetime is done in key_timehandler(). */ |
7934 | |
7935 | /* |
7936 | * We use the number of packets as the unit of |
7937 | * sadb_lifetime_allocations. We increment the variable |
7938 | * whenever {esp,ah}_{in,out}put is called. |
7939 | */ |
7940 | sav->lft_c->sadb_lifetime_allocations++; |
7941 | /* XXX check for expires? */ |
7942 | |
7943 | /* |
7944 | * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock, |
7945 | * in seconds. HARD and SOFT lifetime are measured by the time |
7946 | * difference (again in seconds) from sadb_lifetime_usetime. |
7947 | * |
7948 | * usetime |
7949 | * v expire expire |
7950 | * -----+-----+--------+---> t |
7951 | * <--------------> HARD |
7952 | * <-----> SOFT |
7953 | */ |
7954 | sav->lft_c->sadb_lifetime_usetime = time_uptime; |
7955 | /* XXX check for expires? */ |
7956 | |
7957 | return; |
7958 | } |
7959 | |
7960 | /* dumb version */ |
7961 | void |
7962 | key_sa_routechange(struct sockaddr *dst) |
7963 | { |
7964 | struct secashead *sah; |
7965 | struct route *ro; |
7966 | const struct sockaddr *sa; |
7967 | |
7968 | LIST_FOREACH(sah, &sahtree, chain) { |
7969 | ro = &sah->sa_route; |
7970 | sa = rtcache_getdst(ro); |
7971 | if (sa != NULL && dst->sa_len == sa->sa_len && |
7972 | memcmp(dst, sa, dst->sa_len) == 0) |
7973 | rtcache_free(ro); |
7974 | } |
7975 | |
7976 | return; |
7977 | } |
7978 | |
7979 | static void |
7980 | key_sa_chgstate(struct secasvar *sav, u_int8_t state) |
7981 | { |
7982 | if (sav == NULL) |
7983 | panic("key_sa_chgstate called with sav == NULL" ); |
7984 | |
7985 | if (sav->state == state) |
7986 | return; |
7987 | |
7988 | if (__LIST_CHAINED(sav)) |
7989 | LIST_REMOVE(sav, chain); |
7990 | |
7991 | sav->state = state; |
7992 | LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); |
7993 | } |
7994 | |
7995 | /* XXX too much? */ |
7996 | static struct mbuf * |
7997 | key_alloc_mbuf(int l) |
7998 | { |
7999 | struct mbuf *m = NULL, *n; |
8000 | int len, t; |
8001 | |
8002 | len = l; |
8003 | while (len > 0) { |
8004 | MGET(n, M_DONTWAIT, MT_DATA); |
8005 | if (n && len > MLEN) |
8006 | MCLGET(n, M_DONTWAIT); |
8007 | if (!n) { |
8008 | m_freem(m); |
8009 | return NULL; |
8010 | } |
8011 | |
8012 | n->m_next = NULL; |
8013 | n->m_len = 0; |
8014 | n->m_len = M_TRAILINGSPACE(n); |
8015 | /* use the bottom of mbuf, hoping we can prepend afterwards */ |
8016 | if (n->m_len > len) { |
8017 | t = (n->m_len - len) & ~(sizeof(long) - 1); |
8018 | n->m_data += t; |
8019 | n->m_len = len; |
8020 | } |
8021 | |
8022 | len -= n->m_len; |
8023 | |
8024 | if (m) |
8025 | m_cat(m, n); |
8026 | else |
8027 | m = n; |
8028 | } |
8029 | |
8030 | return m; |
8031 | } |
8032 | |
8033 | static struct mbuf * |
8034 | key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid) |
8035 | { |
8036 | struct secashead *sah; |
8037 | struct secasvar *sav; |
8038 | u_int16_t proto; |
8039 | u_int stateidx; |
8040 | u_int8_t satype; |
8041 | u_int8_t state; |
8042 | int cnt; |
8043 | struct mbuf *m, *n; |
8044 | |
8045 | /* map satype to proto */ |
8046 | if ((proto = key_satype2proto(req_satype)) == 0) { |
8047 | *errorp = EINVAL; |
8048 | return (NULL); |
8049 | } |
8050 | |
8051 | /* count sav entries to be sent to the userland. */ |
8052 | cnt = 0; |
8053 | LIST_FOREACH(sah, &sahtree, chain) { |
8054 | if (req_satype != SADB_SATYPE_UNSPEC && |
8055 | proto != sah->saidx.proto) |
8056 | continue; |
8057 | |
8058 | for (stateidx = 0; |
8059 | stateidx < _ARRAYLEN(saorder_state_any); |
8060 | stateidx++) { |
8061 | state = saorder_state_any[stateidx]; |
8062 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
8063 | cnt++; |
8064 | } |
8065 | } |
8066 | } |
8067 | |
8068 | if (cnt == 0) { |
8069 | *errorp = ENOENT; |
8070 | return (NULL); |
8071 | } |
8072 | |
8073 | /* send this to the userland, one at a time. */ |
8074 | m = NULL; |
8075 | LIST_FOREACH(sah, &sahtree, chain) { |
8076 | if (req_satype != SADB_SATYPE_UNSPEC && |
8077 | proto != sah->saidx.proto) |
8078 | continue; |
8079 | |
8080 | /* map proto to satype */ |
8081 | if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { |
8082 | m_freem(m); |
8083 | *errorp = EINVAL; |
8084 | return (NULL); |
8085 | } |
8086 | |
8087 | for (stateidx = 0; |
8088 | stateidx < _ARRAYLEN(saorder_state_any); |
8089 | stateidx++) { |
8090 | state = saorder_state_any[stateidx]; |
8091 | LIST_FOREACH(sav, &sah->savtree[state], chain) { |
8092 | n = key_setdumpsa(sav, SADB_DUMP, satype, |
8093 | --cnt, pid); |
8094 | if (!n) { |
8095 | m_freem(m); |
8096 | *errorp = ENOBUFS; |
8097 | return (NULL); |
8098 | } |
8099 | |
8100 | if (!m) |
8101 | m = n; |
8102 | else |
8103 | m_cat(m, n); |
8104 | } |
8105 | } |
8106 | } |
8107 | |
8108 | if (!m) { |
8109 | *errorp = EINVAL; |
8110 | return (NULL); |
8111 | } |
8112 | |
8113 | if ((m->m_flags & M_PKTHDR) != 0) { |
8114 | m->m_pkthdr.len = 0; |
8115 | for (n = m; n; n = n->m_next) |
8116 | m->m_pkthdr.len += n->m_len; |
8117 | } |
8118 | |
8119 | *errorp = 0; |
8120 | return (m); |
8121 | } |
8122 | |
8123 | static struct mbuf * |
8124 | key_setspddump(int *errorp, pid_t pid) |
8125 | { |
8126 | struct secpolicy *sp; |
8127 | int cnt; |
8128 | u_int dir; |
8129 | struct mbuf *m, *n; |
8130 | |
8131 | /* search SPD entry and get buffer size. */ |
8132 | cnt = 0; |
8133 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
8134 | LIST_FOREACH(sp, &sptree[dir], chain) { |
8135 | cnt++; |
8136 | } |
8137 | } |
8138 | |
8139 | if (cnt == 0) { |
8140 | *errorp = ENOENT; |
8141 | return (NULL); |
8142 | } |
8143 | |
8144 | m = NULL; |
8145 | for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { |
8146 | LIST_FOREACH(sp, &sptree[dir], chain) { |
8147 | --cnt; |
8148 | n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid); |
8149 | |
8150 | if (!n) { |
8151 | *errorp = ENOBUFS; |
8152 | m_freem(m); |
8153 | return (NULL); |
8154 | } |
8155 | if (!m) |
8156 | m = n; |
8157 | else { |
8158 | m->m_pkthdr.len += n->m_pkthdr.len; |
8159 | m_cat(m, n); |
8160 | } |
8161 | } |
8162 | } |
8163 | |
8164 | *errorp = 0; |
8165 | return (m); |
8166 | } |
8167 | |
8168 | int |
8169 | key_get_used(void) { |
8170 | return !LIST_EMPTY(&sptree[IPSEC_DIR_INBOUND]) || |
8171 | !LIST_EMPTY(&sptree[IPSEC_DIR_OUTBOUND]); |
8172 | } |
8173 | |
8174 | void |
8175 | key_update_used(void) |
8176 | { |
8177 | switch (ipsec_enabled) { |
8178 | default: |
8179 | case 0: |
8180 | #ifdef notyet |
8181 | /* XXX: racy */ |
8182 | ipsec_used = 0; |
8183 | #endif |
8184 | break; |
8185 | case 1: |
8186 | #ifndef notyet |
8187 | /* XXX: racy */ |
8188 | if (!ipsec_used) |
8189 | #endif |
8190 | ipsec_used = key_get_used(); |
8191 | break; |
8192 | case 2: |
8193 | ipsec_used = 1; |
8194 | break; |
8195 | } |
8196 | } |
8197 | |
8198 | static int |
8199 | sysctl_net_key_dumpsa(SYSCTLFN_ARGS) |
8200 | { |
8201 | struct mbuf *m, *n; |
8202 | int err2 = 0; |
8203 | char *p, *ep; |
8204 | size_t len; |
8205 | int s, error; |
8206 | |
8207 | if (newp) |
8208 | return (EPERM); |
8209 | if (namelen != 1) |
8210 | return (EINVAL); |
8211 | |
8212 | s = splsoftnet(); |
8213 | m = key_setdump(name[0], &error, l->l_proc->p_pid); |
8214 | splx(s); |
8215 | if (!m) |
8216 | return (error); |
8217 | if (!oldp) |
8218 | *oldlenp = m->m_pkthdr.len; |
8219 | else { |
8220 | p = oldp; |
8221 | if (*oldlenp < m->m_pkthdr.len) { |
8222 | err2 = ENOMEM; |
8223 | ep = p + *oldlenp; |
8224 | } else { |
8225 | *oldlenp = m->m_pkthdr.len; |
8226 | ep = p + m->m_pkthdr.len; |
8227 | } |
8228 | for (n = m; n; n = n->m_next) { |
8229 | len = (ep - p < n->m_len) ? |
8230 | ep - p : n->m_len; |
8231 | error = copyout(mtod(n, const void *), p, len); |
8232 | p += len; |
8233 | if (error) |
8234 | break; |
8235 | } |
8236 | if (error == 0) |
8237 | error = err2; |
8238 | } |
8239 | m_freem(m); |
8240 | |
8241 | return (error); |
8242 | } |
8243 | |
8244 | static int |
8245 | sysctl_net_key_dumpsp(SYSCTLFN_ARGS) |
8246 | { |
8247 | struct mbuf *m, *n; |
8248 | int err2 = 0; |
8249 | char *p, *ep; |
8250 | size_t len; |
8251 | int s, error; |
8252 | |
8253 | if (newp) |
8254 | return (EPERM); |
8255 | if (namelen != 0) |
8256 | return (EINVAL); |
8257 | |
8258 | s = splsoftnet(); |
8259 | m = key_setspddump(&error, l->l_proc->p_pid); |
8260 | splx(s); |
8261 | if (!m) |
8262 | return (error); |
8263 | if (!oldp) |
8264 | *oldlenp = m->m_pkthdr.len; |
8265 | else { |
8266 | p = oldp; |
8267 | if (*oldlenp < m->m_pkthdr.len) { |
8268 | err2 = ENOMEM; |
8269 | ep = p + *oldlenp; |
8270 | } else { |
8271 | *oldlenp = m->m_pkthdr.len; |
8272 | ep = p + m->m_pkthdr.len; |
8273 | } |
8274 | for (n = m; n; n = n->m_next) { |
8275 | len = (ep - p < n->m_len) ? |
8276 | ep - p : n->m_len; |
8277 | error = copyout(mtod(n, const void *), p, len); |
8278 | p += len; |
8279 | if (error) |
8280 | break; |
8281 | } |
8282 | if (error == 0) |
8283 | error = err2; |
8284 | } |
8285 | m_freem(m); |
8286 | |
8287 | return (error); |
8288 | } |
8289 | |
8290 | /* |
8291 | * Create sysctl tree for native IPSEC key knobs, originally |
8292 | * under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }. |
8293 | * However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 }; |
8294 | * and in any case the part of our sysctl namespace used for dumping the |
8295 | * SPD and SA database *HAS* to be compatible with the KAME sysctl |
8296 | * namespace, for API reasons. |
8297 | * |
8298 | * Pending a consensus on the right way to fix this, add a level of |
8299 | * indirection in how we number the `native' IPSEC key nodes; |
8300 | * and (as requested by Andrew Brown) move registration of the |
8301 | * KAME-compatible names to a separate function. |
8302 | */ |
8303 | #if 0 |
8304 | # define IPSEC_PFKEY PF_KEY_V2 |
8305 | # define IPSEC_PFKEY_NAME "keyv2" |
8306 | #else |
8307 | # define IPSEC_PFKEY PF_KEY |
8308 | # define IPSEC_PFKEY_NAME "key" |
8309 | #endif |
8310 | |
8311 | static int |
8312 | sysctl_net_key_stats(SYSCTLFN_ARGS) |
8313 | { |
8314 | |
8315 | return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS)); |
8316 | } |
8317 | |
8318 | SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup" ) |
8319 | { |
8320 | |
8321 | sysctl_createv(clog, 0, NULL, NULL, |
8322 | CTLFLAG_PERMANENT, |
8323 | CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL, |
8324 | NULL, 0, NULL, 0, |
8325 | CTL_NET, IPSEC_PFKEY, CTL_EOL); |
8326 | |
8327 | sysctl_createv(clog, 0, NULL, NULL, |
8328 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8329 | CTLTYPE_INT, "debug" , NULL, |
8330 | NULL, 0, &key_debug_level, 0, |
8331 | CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL); |
8332 | sysctl_createv(clog, 0, NULL, NULL, |
8333 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8334 | CTLTYPE_INT, "spi_try" , NULL, |
8335 | NULL, 0, &key_spi_trycnt, 0, |
8336 | CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL); |
8337 | sysctl_createv(clog, 0, NULL, NULL, |
8338 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8339 | CTLTYPE_INT, "spi_min_value" , NULL, |
8340 | NULL, 0, &key_spi_minval, 0, |
8341 | CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL); |
8342 | sysctl_createv(clog, 0, NULL, NULL, |
8343 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8344 | CTLTYPE_INT, "spi_max_value" , NULL, |
8345 | NULL, 0, &key_spi_maxval, 0, |
8346 | CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL); |
8347 | sysctl_createv(clog, 0, NULL, NULL, |
8348 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8349 | CTLTYPE_INT, "random_int" , NULL, |
8350 | NULL, 0, &key_int_random, 0, |
8351 | CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL); |
8352 | sysctl_createv(clog, 0, NULL, NULL, |
8353 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8354 | CTLTYPE_INT, "larval_lifetime" , NULL, |
8355 | NULL, 0, &key_larval_lifetime, 0, |
8356 | CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL); |
8357 | sysctl_createv(clog, 0, NULL, NULL, |
8358 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8359 | CTLTYPE_INT, "blockacq_count" , NULL, |
8360 | NULL, 0, &key_blockacq_count, 0, |
8361 | CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL); |
8362 | sysctl_createv(clog, 0, NULL, NULL, |
8363 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8364 | CTLTYPE_INT, "blockacq_lifetime" , NULL, |
8365 | NULL, 0, &key_blockacq_lifetime, 0, |
8366 | CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL); |
8367 | sysctl_createv(clog, 0, NULL, NULL, |
8368 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8369 | CTLTYPE_INT, "esp_keymin" , NULL, |
8370 | NULL, 0, &ipsec_esp_keymin, 0, |
8371 | CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL); |
8372 | sysctl_createv(clog, 0, NULL, NULL, |
8373 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8374 | CTLTYPE_INT, "prefered_oldsa" , NULL, |
8375 | NULL, 0, &key_prefered_oldsa, 0, |
8376 | CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL); |
8377 | sysctl_createv(clog, 0, NULL, NULL, |
8378 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8379 | CTLTYPE_INT, "esp_auth" , NULL, |
8380 | NULL, 0, &ipsec_esp_auth, 0, |
8381 | CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL); |
8382 | sysctl_createv(clog, 0, NULL, NULL, |
8383 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
8384 | CTLTYPE_INT, "ah_keymin" , NULL, |
8385 | NULL, 0, &ipsec_ah_keymin, 0, |
8386 | CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL); |
8387 | sysctl_createv(clog, 0, NULL, NULL, |
8388 | CTLFLAG_PERMANENT, |
8389 | CTLTYPE_STRUCT, "stats" , |
8390 | SYSCTL_DESCR("PF_KEY statistics" ), |
8391 | sysctl_net_key_stats, 0, NULL, 0, |
8392 | CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL); |
8393 | } |
8394 | |
8395 | /* |
8396 | * Register sysctl names used by setkey(8). For historical reasons, |
8397 | * and to share a single API, these names appear under { CTL_NET, PF_KEY } |
8398 | * for both IPSEC and KAME IPSEC. |
8399 | */ |
8400 | SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC" ) |
8401 | { |
8402 | |
8403 | sysctl_createv(clog, 0, NULL, NULL, |
8404 | CTLFLAG_PERMANENT, |
8405 | CTLTYPE_NODE, "key" , NULL, |
8406 | NULL, 0, NULL, 0, |
8407 | CTL_NET, PF_KEY, CTL_EOL); |
8408 | |
8409 | /* Register the net.key.dump{sa,sp} nodes used by setkey(8). */ |
8410 | sysctl_createv(clog, 0, NULL, NULL, |
8411 | CTLFLAG_PERMANENT, |
8412 | CTLTYPE_STRUCT, "dumpsa" , NULL, |
8413 | sysctl_net_key_dumpsa, 0, NULL, 0, |
8414 | CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL); |
8415 | sysctl_createv(clog, 0, NULL, NULL, |
8416 | CTLFLAG_PERMANENT, |
8417 | CTLTYPE_STRUCT, "dumpsp" , NULL, |
8418 | sysctl_net_key_dumpsp, 0, NULL, 0, |
8419 | CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL); |
8420 | } |
8421 | |