key.c source code [src/src/sys/netipsec/key.c]

1	/ $NetBSD: key.c,v 1.101 2016/07/20 07:37:51 ozaki-r Exp $ /
2	/ $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ /
3	/ $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ /
4
5	/*
6	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	* 2. Redistributions in binary form must reproduce the above copyright
15	* notice, this list of conditions and the following disclaimer in the
16	* documentation and/or other materials provided with the distribution.
17	* 3. Neither the name of the project nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#include <sys/cdefs.h>
35	__KERNEL_RCSID(`0`, "$NetBSD: key.c,v 1.101 2016/07/20 07:37:51 ozaki-r Exp $");
36
37	/*
38	* This code is referd to RFC 2367
39	*/
40
41	#include "opt_inet.h"
42	#ifdef __FreeBSD__
43	#include "opt_inet6.h"
44	#endif
45	#include "opt_ipsec.h"
46	#ifdef __NetBSD__
47	#include "opt_gateway.h"
48	#endif
49
50	#include <sys/types.h>
51	#include <sys/param.h>
52	#include <sys/systm.h>
53	#include <sys/callout.h>
54	#include <sys/kernel.h>
55	#include <sys/mbuf.h>
56	#include <sys/domain.h>
57	#include <sys/protosw.h>
58	#include <sys/malloc.h>
59	#include <sys/socket.h>
60	#include <sys/socketvar.h>
61	#include <sys/sysctl.h>
62	#include <sys/errno.h>
63	#include <sys/proc.h>
64	#include <sys/queue.h>
65	#include <sys/syslog.h>
66	#include <sys/once.h>
67	#include <sys/cprng.h>
68
69	#include <net/if.h>
70	#include <net/route.h>
71	#include <net/raw_cb.h>
72
73	#include <netinet/in.h>
74	#include <netinet/in_systm.h>
75	#include <netinet/ip.h>
76	#include <netinet/in_var.h>
77	#ifdef INET
78	#include <netinet/ip_var.h>
79	#endif
80
81	#ifdef INET6
82	#include <netinet/ip6.h>
83	#include <netinet6/in6_var.h>
84	#include <netinet6/ip6_var.h>
85	#endif /* INET6 */
86
87	#ifdef INET
88	#include <netinet/in_pcb.h>
89	#endif
90	#ifdef INET6
91	#include <netinet6/in6_pcb.h>
92	#endif /* INET6 */
93
94	#include <net/pfkeyv2.h>
95	#include <netipsec/keydb.h>
96	#include <netipsec/key.h>
97	#include <netipsec/keysock.h>
98	#include <netipsec/key_debug.h>
99
100	#include <netipsec/ipsec.h>
101	#ifdef INET6
102	#include <netipsec/ipsec6.h>
103	#endif
104	#include <netipsec/ipsec_private.h>
105
106	#include <netipsec/xform.h>
107	#include <netipsec/ipsec_osdep.h>
108	#include <netipsec/ipcomp.h>
109
110
111	#include <net/net_osdep.h>
112
113	#define FULLMASK 0xff
114	#define _BITS(bytes) ((bytes) << 3)
115
116	#define PORT_NONE 0
117	#define PORT_LOOSE 1
118	#define PORT_STRICT 2
119
120	percpu_t *pfkeystat_percpu;
121
122	/*
123	* Note on SA reference counting:
124	* - SAs that are not in DEAD state will have (total external reference + 1)
125	* following value in reference count field. they cannot be freed and are
126	* referenced from SA header.
127	* - SAs that are in DEAD state will have (total external reference)
128	* in reference count field. they are ready to be freed. reference from
129	* SA header will be removed in key_delsav(), when the reference count
130	* field hits 0 (= no external reference other than from SA header.
131	*/
132
133	u_int32_t key_debug_level = `0`;
134	static u_int key_spi_trycnt = `1000`;
135	static u_int32_t key_spi_minval = `0x100`;
136	static u_int32_t key_spi_maxval = `0x0fffffff`; / XXX /
137	static u_int32_t policy_id = `0`;
138	static u_int key_int_random = `60`; /interval to initialize randseed,1(m)/
139	static u_int key_larval_lifetime = `30`; / interval to expire acquiring, 30(s)/
140	static int key_blockacq_count = `10`; / counter for blocking SADB_ACQUIRE./
141	static int key_blockacq_lifetime = `20`; / lifetime for blocking SADB_ACQUIRE./
142	static int key_prefered_oldsa = `0`; / prefered old sa rather than new sa./
143
144	static u_int32_t acq_seq = `0`;
145
146	static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; / SPD /
147	static LIST_HEAD(_sahtree, secashead) sahtree; / SAD /
148	static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + `1`];
149	/ registed list /
150	#ifndef IPSEC_NONBLOCK_ACQUIRE
151	static LIST_HEAD(_acqtree, secacq) acqtree; / acquiring list /
152	#endif
153	static LIST_HEAD(_spacqtree, secspacq) spacqtree; / SP acquiring list /
154
155	/ search order for SAs /
156	/*
157	* This order is important because we must select the oldest SA
158	* for outbound processing. For inbound, This is not important.
159	*/
160	static const u_int saorder_state_valid_prefer_old[] = {
161	SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
162	};
163	static const u_int saorder_state_valid_prefer_new[] = {
164	SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
165	};
166
167	static const u_int saorder_state_alive[] = {
168	/ except DEAD /
169	SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
170	};
171	static const u_int saorder_state_any[] = {
172	SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
173	SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
174	};
175
176	static const int minsize[] = {
177	sizeof(struct sadb_msg), / SADB_EXT_RESERVED /
178	sizeof(struct sadb_sa), / SADB_EXT_SA /
179	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_CURRENT /
180	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_HARD /
181	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_SOFT /
182	sizeof(struct sadb_address), / SADB_EXT_ADDRESS_SRC /
183	sizeof(struct sadb_address), / SADB_EXT_ADDRESS_DST /
184	sizeof(struct sadb_address), / SADB_EXT_ADDRESS_PROXY /
185	sizeof(struct sadb_key), / SADB_EXT_KEY_AUTH /
186	sizeof(struct sadb_key), / SADB_EXT_KEY_ENCRYPT /
187	sizeof(struct sadb_ident), / SADB_EXT_IDENTITY_SRC /
188	sizeof(struct sadb_ident), / SADB_EXT_IDENTITY_DST /
189	sizeof(struct sadb_sens), / SADB_EXT_SENSITIVITY /
190	sizeof(struct sadb_prop), / SADB_EXT_PROPOSAL /
191	sizeof(struct sadb_supported), / SADB_EXT_SUPPORTED_AUTH /
192	sizeof(struct sadb_supported), / SADB_EXT_SUPPORTED_ENCRYPT /
193	sizeof(struct sadb_spirange), / SADB_EXT_SPIRANGE /
194	`0`, / SADB_X_EXT_KMPRIVATE /
195	sizeof(struct sadb_x_policy), / SADB_X_EXT_POLICY /
196	sizeof(struct sadb_x_sa2), / SADB_X_SA2 /
197	sizeof(struct sadb_x_nat_t_type), / SADB_X_EXT_NAT_T_TYPE /
198	sizeof(struct sadb_x_nat_t_port), / SADB_X_EXT_NAT_T_SPORT /
199	sizeof(struct sadb_x_nat_t_port), / SADB_X_EXT_NAT_T_DPORT /
200	sizeof(struct sadb_address), / SADB_X_EXT_NAT_T_OAI /
201	sizeof(struct sadb_address), / SADB_X_EXT_NAT_T_OAR /
202	sizeof(struct sadb_x_nat_t_frag), / SADB_X_EXT_NAT_T_FRAG /
203	};
204	static const int maxsize[] = {
205	sizeof(struct sadb_msg), / SADB_EXT_RESERVED /
206	sizeof(struct sadb_sa), / SADB_EXT_SA /
207	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_CURRENT /
208	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_HARD /
209	sizeof(struct sadb_lifetime), / SADB_EXT_LIFETIME_SOFT /
210	`0`, / SADB_EXT_ADDRESS_SRC /
211	`0`, / SADB_EXT_ADDRESS_DST /
212	`0`, / SADB_EXT_ADDRESS_PROXY /
213	`0`, / SADB_EXT_KEY_AUTH /
214	`0`, / SADB_EXT_KEY_ENCRYPT /
215	`0`, / SADB_EXT_IDENTITY_SRC /
216	`0`, / SADB_EXT_IDENTITY_DST /
217	`0`, / SADB_EXT_SENSITIVITY /
218	`0`, / SADB_EXT_PROPOSAL /
219	`0`, / SADB_EXT_SUPPORTED_AUTH /
220	`0`, / SADB_EXT_SUPPORTED_ENCRYPT /
221	sizeof(struct sadb_spirange), / SADB_EXT_SPIRANGE /
222	`0`, / SADB_X_EXT_KMPRIVATE /
223	`0`, / SADB_X_EXT_POLICY /
224	sizeof(struct sadb_x_sa2), / SADB_X_SA2 /
225	sizeof(struct sadb_x_nat_t_type), / SADB_X_EXT_NAT_T_TYPE /
226	sizeof(struct sadb_x_nat_t_port), / SADB_X_EXT_NAT_T_SPORT /
227	sizeof(struct sadb_x_nat_t_port), / SADB_X_EXT_NAT_T_DPORT /
228	`0`, / SADB_X_EXT_NAT_T_OAI /
229	`0`, / SADB_X_EXT_NAT_T_OAR /
230	sizeof(struct sadb_x_nat_t_frag), / SADB_X_EXT_NAT_T_FRAG /
231	};
232
233	static int ipsec_esp_keymin = `256`;
234	static int ipsec_esp_auth = `0`;
235	static int ipsec_ah_keymin = `128`;
236
237	#ifdef SYSCTL_DECL
238	SYSCTL_DECL(_net_key);
239	#endif
240
241	#ifdef SYSCTL_INT
242	SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
243	&key_debug_level, `0`, "");
244
245	/ max count of trial for the decision of spi value /
246	SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
247	&key_spi_trycnt, `0`, "");
248
249	/ minimum spi value to allocate automatically. /
250	SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
251	&key_spi_minval, `0`, "");
252
253	/ maximun spi value to allocate automatically. /
254	SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
255	&key_spi_maxval, `0`, "");
256
257	/ interval to initialize randseed /
258	SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
259	&key_int_random, `0`, "");
260
261	/ lifetime for larval SA /
262	SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
263	&key_larval_lifetime, `0`, "");
264
265	/ counter for blocking to send SADB_ACQUIRE to IKEd /
266	SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
267	&key_blockacq_count, `0`, "");
268
269	/ lifetime for blocking to send SADB_ACQUIRE to IKEd /
270	SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
271	&key_blockacq_lifetime, `0`, "");
272
273	/ ESP auth /
274	SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
275	&ipsec_esp_auth, `0`, "");
276
277	/ minimum ESP key length /
278	SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
279	&ipsec_esp_keymin, `0`, "");
280
281	/ minimum AH key length /
282	SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
283	&ipsec_ah_keymin, `0`, "");
284
285	/ perfered old SA rather than new SA /
286	SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
287	&key_prefered_oldsa, `0`, "");
288	#endif /* SYSCTL_INT */
289
290	#ifndef LIST_FOREACH
291	#define LIST_FOREACH(elm, head, field) \
292	for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
293	#endif
294	#define __LIST_CHAINED(elm) \
295	(!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
296	#define LIST_INSERT_TAIL(head, elm, type, field) \
297	do {\
298	struct type *curelm = LIST_FIRST(head); \
299	if (curelm == NULL) {\
300	LIST_INSERT_HEAD(head, elm, field); \
301	} else { \
302	while (LIST_NEXT(curelm, field)) \
303	curelm = LIST_NEXT(curelm, field);\
304	LIST_INSERT_AFTER(curelm, elm, field);\
305	}\
306	} while (0)
307
308	#define KEY_CHKSASTATE(head, sav, name) \
309	/* do */ { \
310	if ((head) != (sav)) { \
311	ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
312	(name), (head), (sav))); \
313	continue; \
314	} \
315	} /* while (0) */
316
317	#define KEY_CHKSPDIR(head, sp, name) \
318	do { \
319	if ((head) != (sp)) { \
320	ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
321	"anyway continue.\n", \
322	(name), (head), (sp))); \
323	} \
324	} while (0)
325
326	MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
327
328	#if 1
329	#define KMALLOC(p, t, n) \
330	((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
331	#define KFREE(p) \
332	free((p), M_SECA)
333	#else
334	#define KMALLOC(p, t, n) \
335	do { \
336	((p) = malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
337	printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
338	__FILE__, __LINE__, (p), #t, n); \
339	} while (0)
340
341	#define KFREE(p) \
342	do { \
343	printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
344	free((p), M_SECA); \
345	} while (0)
346	#endif
347
348	/*
349	* set parameters into secpolicyindex buffer.
350	* Must allocate secpolicyindex buffer passed to this function.
351	*/
352	#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
353	do { \
354	memset((idx), 0, sizeof(struct secpolicyindex)); \
355	(idx)->dir = (_dir); \
356	(idx)->prefs = (ps); \
357	(idx)->prefd = (pd); \
358	(idx)->ul_proto = (ulp); \
359	memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len); \
360	memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len); \
361	} while (0)
362
363	/*
364	* set parameters into secasindex buffer.
365	* Must allocate secasindex buffer before calling this function.
366	*/
367	static int
368	key_setsecasidx (int, int, int, const struct sadb_address *,
369	const struct sadb_address , struct* secasindex *);
370
371	/ key statistics /
372	struct _keystat {
373	u_long getspi_count; / the avarage of count to try to get new SPI /
374	} keystat;
375
376	struct sadb_msghdr {
377	struct sadb_msg *msg;
378	struct sadb_ext *ext[SADB_EXT_MAX + `1`];
379	int extoff[SADB_EXT_MAX + `1`];
380	int extlen[SADB_EXT_MAX + `1`];
381	};
382
383	static struct secasvar key_allocsa_policy (const* struct secasindex *);
384	static void key_freesp_so (struct secpolicy **);
385	static struct secasvar key_do_allocsa_policy (struct* secashead *, u_int);
386	static void key_delsp (struct secpolicy *);
387	static struct secpolicy key_getsp (const* struct secpolicyindex *);
388	static struct secpolicy *key_getspbyid (u_int32_t);
389	static u_int16_t key_newreqid (void);
390	static struct mbuf key_gather_mbuf (struct* mbuf *,
391	const struct sadb_msghdr , int, int*, ...);
392	static int key_spdadd (struct socket , struct* mbuf *,
393	const struct sadb_msghdr *);
394	static u_int32_t key_getnewspid (void);
395	static int key_spddelete (struct socket , struct* mbuf *,
396	const struct sadb_msghdr *);
397	static int key_spddelete2 (struct socket , struct* mbuf *,
398	const struct sadb_msghdr *);
399	static int key_spdget (struct socket , struct* mbuf *,
400	const struct sadb_msghdr *);
401	static int key_spdflush (struct socket , struct* mbuf *,
402	const struct sadb_msghdr *);
403	static int key_spddump (struct socket , struct* mbuf *,
404	const struct sadb_msghdr *);
405	static struct mbuf * key_setspddump (int *errorp, pid_t);
406	static struct mbuf * key_setspddump_chain (int errorp, int* *lenp, pid_t pid);
407	static int key_nat_map (struct socket , struct* mbuf *,
408	const struct sadb_msghdr *);
409	static struct mbuf key_setdumpsp (struct* secpolicy *,
410	u_int8_t, u_int32_t, pid_t);
411	static u_int key_getspreqmsglen (const struct secpolicy *);
412	static int key_spdexpire (struct secpolicy *);
413	static struct secashead key_newsah (const* struct secasindex *);
414	static void key_delsah (struct secashead *);
415	static struct secasvar key_newsav (struct* mbuf *,
416	const struct sadb_msghdr , struct* secashead , int* *,
417	const char, int*);
418	#define KEY_NEWSAV(m, sadb, sah, e) \
419	key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
420	static void key_delsav (struct secasvar *);
421	static struct secashead key_getsah (const* struct secasindex *);
422	static struct secasvar key_checkspidup (const* struct secasindex *, u_int32_t);
423	static struct secasvar key_getsavbyspi (struct* secashead *, u_int32_t);
424	static int key_setsaval (struct secasvar , struct* mbuf *,
425	const struct sadb_msghdr *);
426	static int key_mature (struct secasvar *);
427	static struct mbuf key_setdumpsa (struct* secasvar *, u_int8_t,
428	u_int8_t, u_int32_t, u_int32_t);
429	static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t);
430	static struct mbuf *key_setsadbxtype (u_int16_t);
431	static struct mbuf *key_setsadbxfrag (u_int16_t);
432	static void key_porttosaddr (union sockaddr_union *, u_int16_t);
433	static int key_checksalen (const union sockaddr_union *);
434	static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t,
435	u_int32_t, pid_t, u_int16_t);
436	static struct mbuf key_setsadbsa (struct* secasvar *);
437	static struct mbuf *key_setsadbaddr (u_int16_t,
438	const struct sockaddr *, u_int8_t, u_int16_t);
439	#if 0
440	static struct mbuf key_setsadbident (u_int16_t, u_int16_t, void* *,
441	int, u_int64_t);
442	#endif
443	static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t);
444	static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t,
445	u_int32_t);
446	static void key_newbuf (const* void *, u_int);
447	#ifdef INET6
448	static int key_ismyaddr6 (const struct sockaddr_in6 *);
449	#endif
450
451	/ flags for key_cmpsaidx() /
452	#define CMP_HEAD 1 /* protocol, addresses. */
453	#define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
454	#define CMP_REQID 3 /* additionally HEAD, reaid. */
455	#define CMP_EXACTLY 4 /* all elements. */
456	static int key_cmpsaidx
457	(const struct secasindex , const* struct secasindex , int*);
458
459	static int key_sockaddrcmp (const struct sockaddr , const* struct sockaddr , int*);
460	static int key_bbcmp (const void , const* void *, u_int);
461	static u_int16_t key_satype2proto (u_int8_t);
462	static u_int8_t key_proto2satype (u_int16_t);
463
464	static int key_getspi (struct socket , struct* mbuf *,
465	const struct sadb_msghdr *);
466	static u_int32_t key_do_getnewspi (const struct sadb_spirange *,
467	const struct secasindex *);
468	static int key_handle_natt_info (struct secasvar *,
469	const struct sadb_msghdr *);
470	static int key_set_natt_ports (union sockaddr_union *,
471	union sockaddr_union *,
472	const struct sadb_msghdr *);
473	static int key_update (struct socket , struct* mbuf *,
474	const struct sadb_msghdr *);
475	#ifdef IPSEC_DOSEQCHECK
476	static struct secasvar key_getsavbyseq (struct* secashead *, u_int32_t);
477	#endif
478	static int key_add (struct socket , struct* mbuf *,
479	const struct sadb_msghdr *);
480	static int key_setident (struct secashead , struct* mbuf *,
481	const struct sadb_msghdr *);
482	static struct mbuf key_getmsgbuf_x1 (struct* mbuf *,
483	const struct sadb_msghdr *);
484	static int key_delete (struct socket , struct* mbuf *,
485	const struct sadb_msghdr *);
486	static int key_get (struct socket , struct* mbuf *,
487	const struct sadb_msghdr *);
488
489	static void key_getcomb_setlifetime (struct sadb_comb *);
490	static struct mbuf key_getcomb_esp (void*);
491	static struct mbuf key_getcomb_ah (void*);
492	static struct mbuf key_getcomb_ipcomp (void*);
493	static struct mbuf key_getprop (const* struct secasindex *);
494
495	static int key_acquire (const struct secasindex , struct* secpolicy *);
496	#ifndef IPSEC_NONBLOCK_ACQUIRE
497	static struct secacq key_newacq (const* struct secasindex *);
498	static struct secacq key_getacq (const* struct secasindex *);
499	static struct secacq *key_getacqbyseq (u_int32_t);
500	#endif
501	static struct secspacq key_newspacq (const* struct secpolicyindex *);
502	static struct secspacq key_getspacq (const* struct secpolicyindex *);
503	static int key_acquire2 (struct socket , struct* mbuf *,
504	const struct sadb_msghdr *);
505	static int key_register (struct socket , struct* mbuf *,
506	const struct sadb_msghdr *);
507	static int key_expire (struct secasvar *);
508	static int key_flush (struct socket , struct* mbuf *,
509	const struct sadb_msghdr *);
510	static struct mbuf key_setdump_chain (u_int8_t req_satype, int* *errorp,
511	int *lenp, pid_t pid);
512	static int key_dump (struct socket , struct* mbuf *,
513	const struct sadb_msghdr *);
514	static int key_promisc (struct socket , struct* mbuf *,
515	const struct sadb_msghdr *);
516	static int key_senderror (struct socket , struct* mbuf , int*);
517	static int key_validate_ext (const struct sadb_ext , int*);
518	static int key_align (struct mbuf , struct* sadb_msghdr *);
519	#if 0
520	static const char key_getfqdn (void*);
521	static const char key_getuserfqdn (void*);
522	#endif
523	static void key_sa_chgstate (struct secasvar *, u_int8_t);
524	static inline void key_sp_dead (struct secpolicy *);
525	static void key_sp_unlink (struct secpolicy *sp);
526
527	static struct mbuf key_alloc_mbuf (int*);
528	struct callout key_timehandler_ch;
529
530	#define SA_ADDREF(p) do { \
531	(p)->refcnt++; \
532	IPSEC_ASSERT((p)->refcnt != 0, \
533	("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \
534	} while (0)
535	#define SA_DELREF(p) do { \
536	IPSEC_ASSERT((p)->refcnt > 0, \
537	("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \
538	(p)->refcnt--; \
539	} while (0)
540
541	#define SP_ADDREF(p) do { \
542	(p)->refcnt++; \
543	IPSEC_ASSERT((p)->refcnt != 0, \
544	("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \
545	} while (0)
546	#define SP_DELREF(p) do { \
547	IPSEC_ASSERT((p)->refcnt > 0, \
548	("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \
549	(p)->refcnt--; \
550	} while (0)
551
552
553	static inline void
554	key_sp_dead(struct secpolicy *sp)
555	{
556
557	/ mark the SP dead /
558	sp->state = IPSEC_SPSTATE_DEAD;
559	}
560
561	static void
562	key_sp_unlink(struct secpolicy *sp)
563	{
564
565	/ remove from SP index /
566	if (__LIST_CHAINED(sp)) {
567	LIST_REMOVE(sp, chain);
568	/ Release refcount held just for being on chain /
569	KEY_FREESP(&sp);
570	}
571	}
572
573
574	/*
575	* Return 0 when there are known to be no SP's for the specified
576	* direction. Otherwise return 1. This is used by IPsec code
577	* to optimize performance.
578	*/
579	int
580	key_havesp(u_int dir)
581	{
582	return (dir == IPSEC_DIR_INBOUND \|\| dir == IPSEC_DIR_OUTBOUND ?
583	LIST_FIRST(&sptree[dir]) != NULL : `1`);
584	}
585
586	/ %%% IPsec policy management /
587	/*
588	* allocating a SP for OUTBOUND or INBOUND packet.
589	* Must call key_freesp() later.
590	* OUT: NULL: not found
591	* others: found and return the pointer.
592	*/
593	struct secpolicy *
594	key_allocsp(const struct secpolicyindex spidx, u_int dir, const* char* where, int tag)
595	{
596	struct secpolicy *sp;
597	int s;
598
599	IPSEC_ASSERT(spidx != NULL, ("key_allocsp: null spidx"));
600	IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND \|\| dir == IPSEC_DIR_OUTBOUND,
601	("key_allocsp: invalid direction %u", dir));
602
603	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
604	printf("DP %s from %s:%u\n", __func__, where, tag));
605
606	/ get a SP entry /
607	s = splsoftnet(); /called from softclock()/
608	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
609	printf("*** objects\n");
610	kdebug_secpolicyindex(spidx));
611
612	LIST_FOREACH(sp, &sptree[dir], chain) {
613	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
614	printf("*** in SPD\n");
615	kdebug_secpolicyindex(&sp->spidx));
616
617	if (sp->state == IPSEC_SPSTATE_DEAD)
618	continue;
619	if (key_cmpspidx_withmask(&sp->spidx, spidx))
620	goto found;
621	}
622	sp = NULL;
623	found:
624	if (sp) {
625	/ sanity check /
626	KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
627
628	/ found a SPD entry /
629	sp->lastused = time_uptime;
630	SP_ADDREF(sp);
631	}
632	splx(s);
633
634	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
635	printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
636	sp, sp ? sp->id : `0`, sp ? sp->refcnt : `0`));
637	return sp;
638	}
639
640	/*
641	* allocating a SP for OUTBOUND or INBOUND packet.
642	* Must call key_freesp() later.
643	* OUT: NULL: not found
644	* others: found and return the pointer.
645	*/
646	struct secpolicy *
647	key_allocsp2(u_int32_t spi,
648	const union sockaddr_union *dst,
649	u_int8_t proto,
650	u_int dir,
651	const char* where, int tag)
652	{
653	struct secpolicy *sp;
654	int s;
655
656	IPSEC_ASSERT(dst != NULL, ("key_allocsp2: null dst"));
657	IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND \|\| dir == IPSEC_DIR_OUTBOUND,
658	("key_allocsp2: invalid direction %u", dir));
659
660	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
661	printf("DP %s from %s:%u\n", __func__, where, tag));
662
663	/ get a SP entry /
664	s = splsoftnet(); /called from softclock()/
665	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
666	printf("*** objects\n");
667	printf("spi %u proto %u dir %u\n", spi, proto, dir);
668	kdebug_sockaddr(&dst->sa));
669
670	LIST_FOREACH(sp, &sptree[dir], chain) {
671	KEYDEBUG(KEYDEBUG_IPSEC_DATA,
672	printf("*** in SPD\n");
673	kdebug_secpolicyindex(&sp->spidx));
674
675	if (sp->state == IPSEC_SPSTATE_DEAD)
676	continue;
677	/ compare simple values, then dst address /
678	if (sp->spidx.ul_proto != proto)
679	continue;
680	/ NB: spi's must exist and match /
681	if (!sp->req \|\| !sp->req->sav \|\| sp->req->sav->spi != spi)
682	continue;
683	if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, PORT_STRICT) == `0`)
684	goto found;
685	}
686	sp = NULL;
687	found:
688	if (sp) {
689	/ sanity check /
690	KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp2");
691
692	/ found a SPD entry /
693	sp->lastused = time_uptime;
694	SP_ADDREF(sp);
695	}
696	splx(s);
697
698	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
699	printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
700	sp, sp ? sp->id : `0`, sp ? sp->refcnt : `0`));
701	return sp;
702	}
703
704	/*
705	* return a policy that matches this particular inbound packet.
706	* XXX slow
707	*/
708	struct secpolicy *
709	key_gettunnel(const struct sockaddr *osrc,
710	const struct sockaddr *odst,
711	const struct sockaddr *isrc,
712	const struct sockaddr *idst,
713	const char* where, int tag)
714	{
715	struct secpolicy *sp;
716	const int dir = IPSEC_DIR_INBOUND;
717	int s;
718	struct ipsecrequest r1, r2, *p;
719	struct secpolicyindex spidx;
720
721	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
722	printf("DP %s from %s:%u\n", __func__, where, tag));
723
724	if (isrc->sa_family != idst->sa_family) {
725	ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
726	isrc->sa_family, idst->sa_family));
727	sp = NULL;
728	goto done;
729	}
730
731	s = splsoftnet(); /called from softclock()/
732	LIST_FOREACH(sp, &sptree[dir], chain) {
733	if (sp->state == IPSEC_SPSTATE_DEAD)
734	continue;
735
736	r1 = r2 = NULL;
737	for (p = sp->req; p; p = p->next) {
738	if (p->saidx.mode != IPSEC_MODE_TUNNEL)
739	continue;
740
741	r1 = r2;
742	r2 = p;
743
744	if (!r1) {
745	/ here we look at address matches only /
746	spidx = sp->spidx;
747	if (isrc->sa_len > sizeof(spidx.src) \|\|
748	idst->sa_len > sizeof(spidx.dst))
749	continue;
750	memcpy(&spidx.src, isrc, isrc->sa_len);
751	memcpy(&spidx.dst, idst, idst->sa_len);
752	if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
753	continue;
754	} else {
755	if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, PORT_NONE) \|\|
756	key_sockaddrcmp(&r1->saidx.dst.sa, idst, PORT_NONE))
757	continue;
758	}
759
760	if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, PORT_NONE) \|\|
761	key_sockaddrcmp(&r2->saidx.dst.sa, odst, PORT_NONE))
762	continue;
763
764	goto found;
765	}
766	}
767	sp = NULL;
768	found:
769	if (sp) {
770	sp->lastused = time_uptime;
771	SP_ADDREF(sp);
772	}
773	splx(s);
774	done:
775	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
776	printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__,
777	sp, sp ? sp->id : `0`, sp ? sp->refcnt : `0`));
778	return sp;
779	}
780
781	/*
782	* allocating an SA entry for an OUTBOUND packet.
783	* checking each request entries in SP, and acquire an SA if need.
784	* OUT: 0: there are valid requests.
785	* ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
786	*/
787	int
788	key_checkrequest(struct ipsecrequest isr, const* struct secasindex *saidx)
789	{
790	u_int level;
791	int error;
792
793	IPSEC_ASSERT(isr != NULL, ("key_checkrequest: null isr"));
794	IPSEC_ASSERT(saidx != NULL, ("key_checkrequest: null saidx"));
795	IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT \|\|
796	saidx->mode == IPSEC_MODE_TUNNEL,
797	("key_checkrequest: unexpected policy %u", saidx->mode));
798
799	/ get current level /
800	level = ipsec_get_reqlevel(isr);
801
802	/*
803	* XXX guard against protocol callbacks from the crypto
804	* thread as they reference ipsecrequest.sav which we
805	* temporarily null out below. Need to rethink how we
806	* handle bundled SA's in the callback thread.
807	*/
808	IPSEC_SPLASSERT_SOFTNET("key_checkrequest");
809	#if 0
810	/*
811	* We do allocate new SA only if the state of SA in the holder is
812	* SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
813	*/
814	if (isr->sav != NULL) {
815	if (isr->sav->sah == NULL)
816	panic("key_checkrequest: sah is null");
817	if (isr->sav == (struct secasvar *)LIST_FIRST(
818	&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
819	KEY_FREESAV(&isr->sav);
820	isr->sav = NULL;
821	}
822	}
823	#else
824	/*
825	* we free any SA stashed in the IPsec request because a different
826	* SA may be involved each time this request is checked, either
827	* because new SAs are being configured, or this request is
828	* associated with an unconnected datagram socket, or this request
829	* is associated with a system default policy.
830	*
831	* The operation may have negative impact to performance. We may
832	* want to check cached SA carefully, rather than picking new SA
833	* every time.
834	*/
835	if (isr->sav != NULL) {
836	KEY_FREESAV(&isr->sav);
837	isr->sav = NULL;
838	}
839	#endif
840
841	/*
842	* new SA allocation if no SA found.
843	* key_allocsa_policy should allocate the oldest SA available.
844	* See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
845	*/
846	if (isr->sav == NULL)
847	isr->sav = key_allocsa_policy(saidx);
848
849	/ When there is SA. /
850	if (isr->sav != NULL) {
851	if (isr->sav->state != SADB_SASTATE_MATURE &&
852	isr->sav->state != SADB_SASTATE_DYING)
853	return EINVAL;
854	return `0`;
855	}
856
857	/ there is no SA /
858	error = key_acquire(saidx, isr->sp);
859	if (error != `0`) {
860	/ XXX What should I do ? /
861	ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
862	"from key_acquire.\n", error));
863	return error;
864	}
865
866	if (level != IPSEC_LEVEL_REQUIRE) {
867	/ XXX sigh, the interface to this routine is botched /
868	IPSEC_ASSERT(isr->sav == NULL, ("key_checkrequest: unexpected SA"));
869	return `0`;
870	} else {
871	return ENOENT;
872	}
873	}
874
875	/*
876	* allocating a SA for policy entry from SAD.
877	* NOTE: searching SAD of aliving state.
878	* OUT: NULL: not found.
879	* others: found and return the pointer.
880	*/
881	static struct secasvar *
882	key_allocsa_policy(const struct secasindex *saidx)
883	{
884	struct secashead *sah;
885	struct secasvar *sav;
886	u_int stateidx, state;
887	const u_int *saorder_state_valid;
888	int arraysize;
889
890	LIST_FOREACH(sah, &sahtree, chain) {
891	if (sah->state == SADB_SASTATE_DEAD)
892	continue;
893	if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
894	goto found;
895	}
896
897	return NULL;
898
899	found:
900
901	/*
902	* search a valid state list for outbound packet.
903	* This search order is important.
904	*/
905	if (key_prefered_oldsa) {
906	saorder_state_valid = saorder_state_valid_prefer_old;
907	arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
908	} else {
909	saorder_state_valid = saorder_state_valid_prefer_new;
910	arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
911	}
912
913	/ search valid state /
914	for (stateidx = `0`;
915	stateidx < arraysize;
916	stateidx++) {
917
918	state = saorder_state_valid[stateidx];
919
920	sav = key_do_allocsa_policy(sah, state);
921	if (sav != NULL)
922	return sav;
923	}
924
925	return NULL;
926	}
927
928	/*
929	* searching SAD with direction, protocol, mode and state.
930	* called by key_allocsa_policy().
931	* OUT:
932	* NULL : not found
933	* others : found, pointer to a SA.
934	*/
935	static struct secasvar *
936	key_do_allocsa_policy(struct secashead *sah, u_int state)
937	{
938	struct secasvar sav, nextsav, candidate, d;
939
940	/ initilize /
941	candidate = NULL;
942
943	for (sav = LIST_FIRST(&sah->savtree[state]);
944	sav != NULL;
945	sav = nextsav) {
946
947	nextsav = LIST_NEXT(sav, chain);
948
949	/ sanity check /
950	KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
951
952	/ initialize /
953	if (candidate == NULL) {
954	candidate = sav;
955	continue;
956	}
957
958	/ Which SA is the better ? /
959
960	/ sanity check 2 /
961	if (candidate->lft_c == NULL \|\| sav->lft_c == NULL)
962	panic("key_do_allocsa_policy: "
963	"lifetime_current is NULL");
964
965	/ What the best method is to compare ? /
966	if (key_prefered_oldsa) {
967	if (candidate->lft_c->sadb_lifetime_addtime >
968	sav->lft_c->sadb_lifetime_addtime) {
969	candidate = sav;
970	}
971	continue;
972	/NOTREACHED/
973	}
974
975	/ prefered new sa rather than old sa /
976	if (candidate->lft_c->sadb_lifetime_addtime <
977	sav->lft_c->sadb_lifetime_addtime) {
978	d = candidate;
979	candidate = sav;
980	} else
981	d = sav;
982
983	/*
984	* prepared to delete the SA when there is more
985	* suitable candidate and the lifetime of the SA is not
986	* permanent.
987	*/
988	if (d->lft_c->sadb_lifetime_addtime != `0`) {
989	struct mbuf m, result = `0`;
990	uint8_t satype;
991
992	key_sa_chgstate(d, SADB_SASTATE_DEAD);
993
994	IPSEC_ASSERT(d->refcnt > `0`,
995	("key_do_allocsa_policy: bogus ref count"));
996
997	satype = key_proto2satype(d->sah->saidx.proto);
998	if (satype == `0`)
999	goto msgfail;
1000
1001	m = key_setsadbmsg(SADB_DELETE, `0`,
1002	satype, `0`, `0`, d->refcnt - `1`);
1003	if (!m)
1004	goto msgfail;
1005	result = m;
1006
1007	/ set sadb_address for saidx's. /
1008	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
1009	&d->sah->saidx.src.sa,
1010	d->sah->saidx.src.sa.sa_len << `3`,
1011	IPSEC_ULPROTO_ANY);
1012	if (!m)
1013	goto msgfail;
1014	m_cat(result, m);
1015
1016	/ set sadb_address for saidx's. /
1017	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
1018	&d->sah->saidx.src.sa,
1019	d->sah->saidx.src.sa.sa_len << `3`,
1020	IPSEC_ULPROTO_ANY);
1021	if (!m)
1022	goto msgfail;
1023	m_cat(result, m);
1024
1025	/ create SA extension /
1026	m = key_setsadbsa(d);
1027	if (!m)
1028	goto msgfail;
1029	m_cat(result, m);
1030
1031	if (result->m_len < sizeof(struct sadb_msg)) {
1032	result = m_pullup(result,
1033	sizeof(struct sadb_msg));
1034	if (result == NULL)
1035	goto msgfail;
1036	}
1037
1038	result->m_pkthdr.len = `0`;
1039	for (m = result; m; m = m->m_next)
1040	result->m_pkthdr.len += m->m_len;
1041	mtod(result, struct sadb_msg *)->sadb_msg_len =
1042	PFKEY_UNIT64(result->m_pkthdr.len);
1043
1044	key_sendup_mbuf(NULL, result,
1045	KEY_SENDUP_REGISTERED);
1046	result = `0`;
1047	msgfail:
1048	if (result)
1049	m_freem(result);
1050	KEY_FREESAV(&d);
1051	}
1052	}
1053
1054	if (candidate) {
1055	SA_ADDREF(candidate);
1056	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1057	printf("DP %s cause refcnt++:%d SA:%p\n", __func__,
1058	candidate->refcnt, candidate));
1059	}
1060	return candidate;
1061	}
1062
1063	/*
1064	* allocating a usable SA entry for a INBOUND packet.
1065	* Must call key_freesav() later.
1066	* OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
1067	* NULL: not found, or error occurred.
1068	*
1069	* In the comparison, no source address is used--for RFC2401 conformance.
1070	* To quote, from section 4.1:
1071	* A security association is uniquely identified by a triple consisting
1072	* of a Security Parameter Index (SPI), an IP Destination Address, and a
1073	* security protocol (AH or ESP) identifier.
1074	* Note that, however, we do need to keep source address in IPsec SA.
1075	* IKE specification and PF_KEY specification do assume that we
1076	* keep source address in IPsec SA. We see a tricky situation here.
1077	*
1078	* sport and dport are used for NAT-T. network order is always used.
1079	*/
1080	struct secasvar *
1081	key_allocsa(
1082	const union sockaddr_union *dst,
1083	u_int proto,
1084	u_int32_t spi,
1085	u_int16_t sport,
1086	u_int16_t dport,
1087	const char* where, int tag)
1088	{
1089	struct secashead *sah;
1090	struct secasvar *sav;
1091	u_int stateidx, state;
1092	const u_int *saorder_state_valid;
1093	int arraysize, chkport;
1094	int s;
1095
1096	int must_check_spi = `1`;
1097	int must_check_alg = `0`;
1098	u_int16_t cpi = `0`;
1099	u_int8_t algo = `0`;
1100
1101	if ((sport != `0`) && (dport != `0`))
1102	chkport = PORT_STRICT;
1103	else
1104	chkport = PORT_NONE;
1105
1106	IPSEC_ASSERT(dst != NULL, ("key_allocsa: null dst address"));
1107
1108	/*
1109	* XXX IPCOMP case
1110	* We use cpi to define spi here. In the case where cpi <=
1111	* IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not
1112	* the real spi. In this case, don't check the spi but check the
1113	* algorithm
1114	*/
1115
1116	if (proto == IPPROTO_IPCOMP) {
1117	u_int32_t tmp;
1118	tmp = ntohl(spi);
1119	cpi = (u_int16_t) tmp;
1120	if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) {
1121	algo = (u_int8_t) cpi;
1122	must_check_spi = `0`;
1123	must_check_alg = `1`;
1124	}
1125	}
1126	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1127	printf("DP %s from %s:%u check_spi=%d, check_alg=%d\n",
1128	__func__, where, tag, must_check_spi, must_check_alg));
1129
1130
1131	/*
1132	* searching SAD.
1133	* XXX: to be checked internal IP header somewhere. Also when
1134	* IPsec tunnel packet is received. But ESP tunnel mode is
1135	* encrypted so we can't check internal IP header.
1136	*/
1137	s = splsoftnet(); /called from softclock()/
1138	if (key_prefered_oldsa) {
1139	saorder_state_valid = saorder_state_valid_prefer_old;
1140	arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1141	} else {
1142	saorder_state_valid = saorder_state_valid_prefer_new;
1143	arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1144	}
1145	LIST_FOREACH(sah, &sahtree, chain) {
1146	/ search valid state /
1147	for (stateidx = `0`; stateidx < arraysize; stateidx++) {
1148	state = saorder_state_valid[stateidx];
1149	LIST_FOREACH(sav, &sah->savtree[state], chain) {
1150	KEYDEBUG(KEYDEBUG_MATCH,
1151	printf("try match spi %#x, %#x\n",
1152	ntohl(spi), ntohl(sav->spi)));
1153	/ sanity check /
1154	KEY_CHKSASTATE(sav->state, state, "key_allocsav");
1155	/ do not return entries w/ unusable state /
1156	if (sav->state != SADB_SASTATE_MATURE &&
1157	sav->state != SADB_SASTATE_DYING) {
1158	KEYDEBUG(KEYDEBUG_MATCH,
1159	printf("bad state %d\n",
1160	sav->state));
1161	continue;
1162	}
1163	if (proto != sav->sah->saidx.proto) {
1164	KEYDEBUG(KEYDEBUG_MATCH,
1165	printf("proto fail %d != %d\n",
1166	proto, sav->sah->saidx.proto));
1167	continue;
1168	}
1169	if (must_check_spi && spi != sav->spi) {
1170	KEYDEBUG(KEYDEBUG_MATCH,
1171	printf("spi fail %#x != %#x\n",
1172	ntohl(spi), ntohl(sav->spi)));
1173	continue;
1174	}
1175	/ XXX only on the ipcomp case /
1176	if (must_check_alg && algo != sav->alg_comp) {
1177	KEYDEBUG(KEYDEBUG_MATCH,
1178	printf("algo fail %d != %d\n",
1179	algo, sav->alg_comp));
1180	continue;
1181	}
1182
1183	#if 0 /* don't check src */
1184	/ Fix port in src->sa /
1185
1186	/ check src address /
1187	if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE) != `0`)
1188	continue;
1189	#endif
1190	/ fix port of dst address XXX/
1191	key_porttosaddr(__UNCONST(dst), dport);
1192	/ check dst address /
1193	if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, chkport) != `0`)
1194	continue;
1195	SA_ADDREF(sav);
1196	goto done;
1197	}
1198	}
1199	}
1200	sav = NULL;
1201	done:
1202	splx(s);
1203
1204	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1205	printf("DP %s return SA:%p; refcnt %u\n", __func__,
1206	sav, sav ? sav->refcnt : `0`));
1207	return sav;
1208	}
1209
1210	/*
1211	* Must be called after calling key_allocsp().
1212	* For both the packet without socket and key_freeso().
1213	*/
1214	void
1215	_key_freesp(struct secpolicy *spp, const* char* where, int tag)
1216	{
1217	struct secpolicy sp = spp;
1218
1219	IPSEC_ASSERT(sp != NULL, ("key_freesp: null sp"));
1220
1221	SP_DELREF(sp);
1222
1223	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1224	printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
1225	__func__, sp, sp->id, where, tag, sp->refcnt));
1226
1227	if (sp->refcnt == `0`) {
1228	*spp = NULL;
1229	key_delsp(sp);
1230	}
1231	}
1232
1233	/*
1234	* Must be called after calling key_allocsp().
1235	* For the packet with socket.
1236	*/
1237	void
1238	key_freeso(struct socket *so)
1239	{
1240	/ sanity check /
1241	IPSEC_ASSERT(so != NULL, ("key_freeso: null so"));
1242
1243	switch (so->so_proto->pr_domain->dom_family) {
1244	#ifdef INET
1245	case PF_INET:
1246	{
1247	struct inpcb *pcb = sotoinpcb(so);
1248
1249	/ Does it have a PCB ? /
1250	if (pcb == NULL)
1251	return;
1252
1253	struct inpcbpolicy *sp = pcb->inp_sp;
1254	key_freesp_so(&sp->sp_in);
1255	key_freesp_so(&sp->sp_out);
1256	}
1257	break;
1258	#endif
1259	#ifdef INET6
1260	case PF_INET6:
1261	{
1262	#ifdef HAVE_NRL_INPCB
1263	struct inpcb *pcb = sotoinpcb(so);
1264	struct inpcbpolicy *sp = pcb->inp_sp;
1265
1266	/ Does it have a PCB ? /
1267	if (pcb == NULL)
1268	return;
1269	key_freesp_so(&sp->sp_in);
1270	key_freesp_so(&sp->sp_out);
1271	#else
1272	struct in6pcb *pcb = sotoin6pcb(so);
1273
1274	/ Does it have a PCB ? /
1275	if (pcb == NULL)
1276	return;
1277	key_freesp_so(&pcb->in6p_sp->sp_in);
1278	key_freesp_so(&pcb->in6p_sp->sp_out);
1279	#endif
1280	}
1281	break;
1282	#endif /* INET6 */
1283	default:
1284	ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n",
1285	so->so_proto->pr_domain->dom_family));
1286	return;
1287	}
1288	}
1289
1290	static void
1291	key_freesp_so(struct secpolicy **sp)
1292	{
1293	IPSEC_ASSERT(sp != NULL && *sp != NULL, ("key_freesp_so: null sp"));
1294
1295	if ((*sp)->policy == IPSEC_POLICY_ENTRUST \|\|
1296	(*sp)->policy == IPSEC_POLICY_BYPASS)
1297	return;
1298
1299	IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
1300	("key_freesp_so: invalid policy %u", (*sp)->policy));
1301	KEY_FREESP(sp);
1302	}
1303
1304	/*
1305	* Must be called after calling key_allocsa().
1306	* This function is called by key_freesp() to free some SA allocated
1307	* for a policy.
1308	*/
1309	void
1310	key_freesav(struct secasvar *psav, const* char* where, int tag)
1311	{
1312	struct secasvar sav = psav;
1313
1314	IPSEC_ASSERT(sav != NULL, ("key_freesav: null sav"));
1315
1316	SA_DELREF(sav);
1317
1318	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1319	printf("DP %s SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
1320	__func__, sav, (u_long)ntohl(sav->spi), where, tag,
1321	sav->refcnt));
1322
1323	if (sav->refcnt == `0`) {
1324	*psav = NULL;
1325	key_delsav(sav);
1326	}
1327	}
1328
1329	/ %%% SPD management /
1330	/*
1331	* free security policy entry.
1332	*/
1333	static void
1334	key_delsp(struct secpolicy *sp)
1335	{
1336	int s;
1337
1338	IPSEC_ASSERT(sp != NULL, ("key_delsp: null sp"));
1339
1340	key_sp_dead(sp);
1341
1342	IPSEC_ASSERT(sp->refcnt == `0`,
1343	("key_delsp: SP with references deleted (refcnt %u)",
1344	sp->refcnt));
1345
1346	s = splsoftnet(); /called from softclock()/
1347
1348	{
1349	struct ipsecrequest isr = sp->req, nextisr;
1350
1351	while (isr != NULL) {
1352	if (isr->sav != NULL) {
1353	KEY_FREESAV(&isr->sav);
1354	isr->sav = NULL;
1355	}
1356
1357	nextisr = isr->next;
1358	KFREE(isr);
1359	isr = nextisr;
1360	}
1361	}
1362
1363	KFREE(sp);
1364
1365	splx(s);
1366	}
1367
1368	/*
1369	* search SPD
1370	* OUT: NULL : not found
1371	* others : found, pointer to a SP.
1372	*/
1373	static struct secpolicy *
1374	key_getsp(const struct secpolicyindex *spidx)
1375	{
1376	struct secpolicy *sp;
1377
1378	IPSEC_ASSERT(spidx != NULL, ("key_getsp: null spidx"));
1379
1380	LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1381	if (sp->state == IPSEC_SPSTATE_DEAD)
1382	continue;
1383	if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1384	SP_ADDREF(sp);
1385	return sp;
1386	}
1387	}
1388
1389	return NULL;
1390	}
1391
1392	/*
1393	* get SP by index.
1394	* OUT: NULL : not found
1395	* others : found, pointer to a SP.
1396	*/
1397	static struct secpolicy *
1398	key_getspbyid(u_int32_t id)
1399	{
1400	struct secpolicy *sp;
1401
1402	LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1403	if (sp->state == IPSEC_SPSTATE_DEAD)
1404	continue;
1405	if (sp->id == id) {
1406	SP_ADDREF(sp);
1407	return sp;
1408	}
1409	}
1410
1411	LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1412	if (sp->state == IPSEC_SPSTATE_DEAD)
1413	continue;
1414	if (sp->id == id) {
1415	SP_ADDREF(sp);
1416	return sp;
1417	}
1418	}
1419
1420	return NULL;
1421	}
1422
1423	struct secpolicy *
1424	key_newsp(const char* where, int tag)
1425	{
1426	struct secpolicy *newsp = NULL;
1427
1428	newsp = (struct secpolicy *)
1429	malloc(sizeof(struct secpolicy), M_SECA, M_NOWAIT\|M_ZERO);
1430	if (newsp) {
1431	newsp->refcnt = `1`;
1432	newsp->req = NULL;
1433	}
1434
1435	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1436	printf("DP %s from %s:%u return SP:%p\n", __func__,
1437	where, tag, newsp));
1438	return newsp;
1439	}
1440
1441	/*
1442	* create secpolicy structure from sadb_x_policy structure.
1443	* NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1444	* so must be set properly later.
1445	*/
1446	struct secpolicy *
1447	key_msg2sp(const struct sadb_x_policy xpl0, size_t len, int* *error)
1448	{
1449	struct secpolicy *newsp;
1450
1451	/ sanity check /
1452	if (xpl0 == NULL)
1453	panic("key_msg2sp: NULL pointer was passed");
1454	if (len < sizeof(*xpl0))
1455	panic("key_msg2sp: invalid length");
1456	if (len != PFKEY_EXTLEN(xpl0)) {
1457	ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1458	*error = EINVAL;
1459	return NULL;
1460	}
1461
1462	if ((newsp = KEY_NEWSP()) == NULL) {
1463	*error = ENOBUFS;
1464	return NULL;
1465	}
1466
1467	newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1468	newsp->policy = xpl0->sadb_x_policy_type;
1469
1470	/ check policy /
1471	switch (xpl0->sadb_x_policy_type) {
1472	case IPSEC_POLICY_DISCARD:
1473	case IPSEC_POLICY_NONE:
1474	case IPSEC_POLICY_ENTRUST:
1475	case IPSEC_POLICY_BYPASS:
1476	newsp->req = NULL;
1477	break;
1478
1479	case IPSEC_POLICY_IPSEC:
1480	{
1481	int tlen;
1482	const struct sadb_x_ipsecrequest *xisr;
1483	uint16_t xisr_reqid;
1484	struct ipsecrequest **p_isr = &newsp->req;
1485
1486	/ validity check /
1487	if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1488	ipseclog((LOG_DEBUG,
1489	"key_msg2sp: Invalid msg length.\n"));
1490	KEY_FREESP(&newsp);
1491	*error = EINVAL;
1492	return NULL;
1493	}
1494
1495	tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1496	xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + `1`);
1497
1498	while (tlen > `0`) {
1499	/ length check /
1500	if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1501	ipseclog((LOG_DEBUG, "key_msg2sp: "
1502	"invalid ipsecrequest length.\n"));
1503	KEY_FREESP(&newsp);
1504	*error = EINVAL;
1505	return NULL;
1506	}
1507
1508	/ allocate request buffer /
1509	KMALLOC(p_isr, struct* ipsecrequest , sizeof(*p_isr));
1510	if ((*p_isr) == NULL) {
1511	ipseclog((LOG_DEBUG,
1512	"key_msg2sp: No more memory.\n"));
1513	KEY_FREESP(&newsp);
1514	*error = ENOBUFS;
1515	return NULL;
1516	}
1517	memset(p_isr, `0`, sizeof(*p_isr));
1518
1519	/ set values /
1520	(*p_isr)->next = NULL;
1521
1522	switch (xisr->sadb_x_ipsecrequest_proto) {
1523	case IPPROTO_ESP:
1524	case IPPROTO_AH:
1525	case IPPROTO_IPCOMP:
1526	break;
1527	default:
1528	ipseclog((LOG_DEBUG,
1529	"key_msg2sp: invalid proto type=%u\n",
1530	xisr->sadb_x_ipsecrequest_proto));
1531	KEY_FREESP(&newsp);
1532	*error = EPROTONOSUPPORT;
1533	return NULL;
1534	}
1535	(*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1536
1537	switch (xisr->sadb_x_ipsecrequest_mode) {
1538	case IPSEC_MODE_TRANSPORT:
1539	case IPSEC_MODE_TUNNEL:
1540	break;
1541	case IPSEC_MODE_ANY:
1542	default:
1543	ipseclog((LOG_DEBUG,
1544	"key_msg2sp: invalid mode=%u\n",
1545	xisr->sadb_x_ipsecrequest_mode));
1546	KEY_FREESP(&newsp);
1547	*error = EINVAL;
1548	return NULL;
1549	}
1550	(*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1551
1552	switch (xisr->sadb_x_ipsecrequest_level) {
1553	case IPSEC_LEVEL_DEFAULT:
1554	case IPSEC_LEVEL_USE:
1555	case IPSEC_LEVEL_REQUIRE:
1556	break;
1557	case IPSEC_LEVEL_UNIQUE:
1558	xisr_reqid = xisr->sadb_x_ipsecrequest_reqid;
1559	/ validity check /
1560	/*
1561	* If range violation of reqid, kernel will
1562	* update it, don't refuse it.
1563	*/
1564	if (xisr_reqid > IPSEC_MANUAL_REQID_MAX) {
1565	ipseclog((LOG_DEBUG,
1566	"key_msg2sp: reqid=%d range "
1567	"violation, updated by kernel.\n",
1568	xisr_reqid));
1569	xisr_reqid = `0`;
1570	}
1571
1572	/ allocate new reqid id if reqid is zero. /
1573	if (xisr_reqid == `0`) {
1574	u_int16_t reqid;
1575	if ((reqid = key_newreqid()) == `0`) {
1576	KEY_FREESP(&newsp);
1577	*error = ENOBUFS;
1578	return NULL;
1579	}
1580	(*p_isr)->saidx.reqid = reqid;
1581	} else {
1582	/ set it for manual keying. /
1583	(*p_isr)->saidx.reqid = xisr_reqid;
1584	}
1585	break;
1586
1587	default:
1588	ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1589	xisr->sadb_x_ipsecrequest_level));
1590	KEY_FREESP(&newsp);
1591	*error = EINVAL;
1592	return NULL;
1593	}
1594	(*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1595
1596	/ set IP addresses if there /
1597	if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1598	const struct sockaddr *paddr;
1599
1600	paddr = (const struct sockaddr *)(xisr + `1`);
1601
1602	/ validity check /
1603	if (paddr->sa_len
1604	> sizeof((*p_isr)->saidx.src)) {
1605	ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1606	"address length.\n"));
1607	KEY_FREESP(&newsp);
1608	*error = EINVAL;
1609	return NULL;
1610	}
1611	memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len);
1612
1613	paddr = (const struct sockaddr )((const* char *)paddr
1614	+ paddr->sa_len);
1615
1616	/ validity check /
1617	if (paddr->sa_len
1618	> sizeof((*p_isr)->saidx.dst)) {
1619	ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1620	"address length.\n"));
1621	KEY_FREESP(&newsp);
1622	*error = EINVAL;
1623	return NULL;
1624	}
1625	memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len);
1626	}
1627
1628	(*p_isr)->sav = NULL;
1629	(*p_isr)->sp = newsp;
1630
1631	/ initialization for the next. /
1632	p_isr = &(*p_isr)->next;
1633	tlen -= xisr->sadb_x_ipsecrequest_len;
1634
1635	/ validity check /
1636	if (tlen < `0`) {
1637	ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1638	KEY_FREESP(&newsp);
1639	*error = EINVAL;
1640	return NULL;
1641	}
1642
1643	xisr = (const struct sadb_x_ipsecrequest )((const* char *)xisr
1644	+ xisr->sadb_x_ipsecrequest_len);
1645	}
1646	}
1647	break;
1648	default:
1649	ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1650	KEY_FREESP(&newsp);
1651	*error = EINVAL;
1652	return NULL;
1653	}
1654
1655	*error = `0`;
1656	return newsp;
1657	}
1658
1659	static u_int16_t
1660	key_newreqid(void)
1661	{
1662	static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + `1`;
1663
1664	auto_reqid = (auto_reqid == `0xffff`
1665	? IPSEC_MANUAL_REQID_MAX + `1` : auto_reqid + `1`);
1666
1667	/ XXX should be unique check /
1668
1669	return auto_reqid;
1670	}
1671
1672	/*
1673	* copy secpolicy struct to sadb_x_policy structure indicated.
1674	*/
1675	struct mbuf *
1676	key_sp2msg(const struct secpolicy *sp)
1677	{
1678	struct sadb_x_policy *xpl;
1679	int tlen;
1680	char *p;
1681	struct mbuf *m;
1682
1683	/ sanity check. /
1684	if (sp == NULL)
1685	panic("key_sp2msg: NULL pointer was passed");
1686
1687	tlen = key_getspreqmsglen(sp);
1688
1689	m = key_alloc_mbuf(tlen);
1690	if (!m \|\| m->m_next) { /XXX/
1691	if (m)
1692	m_freem(m);
1693	return NULL;
1694	}
1695
1696	m->m_len = tlen;
1697	m->m_next = NULL;
1698	xpl = mtod(m, struct sadb_x_policy *);
1699	memset(xpl, `0`, tlen);
1700
1701	xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1702	xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1703	xpl->sadb_x_policy_type = sp->policy;
1704	xpl->sadb_x_policy_dir = sp->spidx.dir;
1705	xpl->sadb_x_policy_id = sp->id;
1706	p = (char )xpl + sizeof(xpl);
1707
1708	/ if is the policy for ipsec ? /
1709	if (sp->policy == IPSEC_POLICY_IPSEC) {
1710	struct sadb_x_ipsecrequest *xisr;
1711	struct ipsecrequest *isr;
1712
1713	for (isr = sp->req; isr != NULL; isr = isr->next) {
1714
1715	xisr = (struct sadb_x_ipsecrequest *)p;
1716
1717	xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1718	xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1719	xisr->sadb_x_ipsecrequest_level = isr->level;
1720	xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1721
1722	p += sizeof(*xisr);
1723	memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len);
1724	p += isr->saidx.src.sa.sa_len;
1725	memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len);
1726	p += isr->saidx.src.sa.sa_len;
1727
1728	xisr->sadb_x_ipsecrequest_len =
1729	PFKEY_ALIGN8(sizeof(*xisr)
1730	+ isr->saidx.src.sa.sa_len
1731	+ isr->saidx.dst.sa.sa_len);
1732	}
1733	}
1734
1735	return m;
1736	}
1737
1738	/ m will not be freed nor modified /
1739	static struct mbuf *
1740	key_gather_mbuf(struct mbuf m, const* struct sadb_msghdr *mhp,
1741	int ndeep, int nitem, ...)
1742	{
1743	va_list ap;
1744	int idx;
1745	int i;
1746	struct mbuf result = NULL, n;
1747	int len;
1748
1749	if (m == NULL \|\| mhp == NULL)
1750	panic("null pointer passed to key_gather");
1751
1752	va_start(ap, nitem);
1753	for (i = `0`; i < nitem; i++) {
1754	idx = va_arg(ap, int);
1755	if (idx < `0` \|\| idx > SADB_EXT_MAX)
1756	goto fail;
1757	/ don't attempt to pull empty extension /
1758	if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1759	continue;
1760	if (idx != SADB_EXT_RESERVED &&
1761	(mhp->ext[idx] == NULL \|\| mhp->extlen[idx] == `0`))
1762	continue;
1763
1764	if (idx == SADB_EXT_RESERVED) {
1765	len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1766	#ifdef DIAGNOSTIC
1767	if (len > MHLEN)
1768	panic("assumption failed");
1769	#endif
1770	MGETHDR(n, M_DONTWAIT, MT_DATA);
1771	if (!n)
1772	goto fail;
1773	n->m_len = len;
1774	n->m_next = NULL;
1775	m_copydata(m, `0`, sizeof(struct sadb_msg),
1776	mtod(n, void *));
1777	} else if (i < ndeep) {
1778	len = mhp->extlen[idx];
1779	n = key_alloc_mbuf(len);
1780	if (!n \|\| n->m_next) { /XXX/
1781	if (n)
1782	m_freem(n);
1783	goto fail;
1784	}
1785	m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1786	mtod(n, void *));
1787	} else {
1788	n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1789	M_DONTWAIT);
1790	}
1791	if (n == NULL)
1792	goto fail;
1793
1794	if (result)
1795	m_cat(result, n);
1796	else
1797	result = n;
1798	}
1799	va_end(ap);
1800
1801	if (result && (result->m_flags & M_PKTHDR) != `0`) {
1802	result->m_pkthdr.len = `0`;
1803	for (n = result; n; n = n->m_next)
1804	result->m_pkthdr.len += n->m_len;
1805	}
1806
1807	return result;
1808
1809	fail:
1810	va_end(ap);
1811	m_freem(result);
1812	return NULL;
1813	}
1814
1815	/*
1816	* SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1817	* add an entry to SP database, when received
1818	* <base, address(SD), (lifetime(H),) policy>
1819	* from the user(?).
1820	* Adding to SP database,
1821	* and send
1822	* <base, address(SD), (lifetime(H),) policy>
1823	* to the socket which was send.
1824	*
1825	* SPDADD set a unique policy entry.
1826	* SPDSETIDX like SPDADD without a part of policy requests.
1827	* SPDUPDATE replace a unique policy entry.
1828	*
1829	* m will always be freed.
1830	*/
1831	static int
1832	key_spdadd(struct socket so, struct* mbuf *m,
1833	const struct sadb_msghdr *mhp)
1834	{
1835	const struct sadb_address src0, dst0;
1836	const struct sadb_x_policy *xpl0;
1837	struct sadb_x_policy *xpl;
1838	const struct sadb_lifetime *lft = NULL;
1839	struct secpolicyindex spidx;
1840	struct secpolicy *newsp;
1841	int error;
1842
1843	/ sanity check /
1844	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
1845	panic("key_spdadd: NULL pointer is passed");
1846
1847	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
1848	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL \|\|
1849	mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1850	ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1851	return key_senderror(so, m, EINVAL);
1852	}
1853	if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
1854	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) \|\|
1855	mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1856	ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1857	return key_senderror(so, m, EINVAL);
1858	}
1859	if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1860	if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1861	< sizeof(struct sadb_lifetime)) {
1862	ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1863	return key_senderror(so, m, EINVAL);
1864	}
1865	lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1866	}
1867
1868	src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1869	dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1870	xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1871
1872	/ make secindex /
1873	/ XXX boundary check against sa_len /
1874	KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1875	src0 + `1`,
1876	dst0 + `1`,
1877	src0->sadb_address_prefixlen,
1878	dst0->sadb_address_prefixlen,
1879	src0->sadb_address_proto,
1880	&spidx);
1881
1882	/ checking the direciton. /
1883	switch (xpl0->sadb_x_policy_dir) {
1884	case IPSEC_DIR_INBOUND:
1885	case IPSEC_DIR_OUTBOUND:
1886	break;
1887	default:
1888	ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1889	mhp->msg->sadb_msg_errno = EINVAL;
1890	return `0`;
1891	}
1892
1893	/ check policy /
1894	/ key_spdadd() accepts DISCARD, NONE and IPSEC. /
1895	if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
1896	\|\| xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1897	ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1898	return key_senderror(so, m, EINVAL);
1899	}
1900
1901	/ policy requests are mandatory when action is ipsec. /
1902	if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
1903	&& xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
1904	&& mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1905	ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1906	return key_senderror(so, m, EINVAL);
1907	}
1908
1909	/*
1910	* checking there is SP already or not.
1911	* SPDUPDATE doesn't depend on whether there is a SP or not.
1912	* If the type is either SPDADD or SPDSETIDX AND a SP is found,
1913	* then error.
1914	*/
1915	newsp = key_getsp(&spidx);
1916	if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1917	if (newsp) {
1918	key_sp_dead(newsp);
1919	key_sp_unlink(newsp); / XXX jrs ordering /
1920	KEY_FREESP(&newsp);
1921	newsp = NULL;
1922	}
1923	} else {
1924	if (newsp != NULL) {
1925	KEY_FREESP(&newsp);
1926	ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1927	return key_senderror(so, m, EEXIST);
1928	}
1929	}
1930
1931	/ allocation new SP entry /
1932	if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1933	return key_senderror(so, m, error);
1934	}
1935
1936	if ((newsp->id = key_getnewspid()) == `0`) {
1937	KFREE(newsp);
1938	return key_senderror(so, m, ENOBUFS);
1939	}
1940
1941	/ XXX boundary check against sa_len /
1942	KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1943	src0 + `1`,
1944	dst0 + `1`,
1945	src0->sadb_address_prefixlen,
1946	dst0->sadb_address_prefixlen,
1947	src0->sadb_address_proto,
1948	&newsp->spidx);
1949
1950	/ sanity check on addr pair /
1951	if (((const struct sockaddr *)(src0 + `1`))->sa_family !=
1952	((const struct sockaddr *)(dst0+ `1`))->sa_family) {
1953	KFREE(newsp);
1954	return key_senderror(so, m, EINVAL);
1955	}
1956	if (((const struct sockaddr *)(src0 + `1`))->sa_len !=
1957	((const struct sockaddr *)(dst0+ `1`))->sa_len) {
1958	KFREE(newsp);
1959	return key_senderror(so, m, EINVAL);
1960	}
1961
1962	newsp->created = time_uptime;
1963	newsp->lastused = newsp->created;
1964	newsp->lifetime = lft ? lft->sadb_lifetime_addtime : `0`;
1965	newsp->validtime = lft ? lft->sadb_lifetime_usetime : `0`;
1966
1967	newsp->refcnt = `1`; / do not reclaim until I say I do /
1968	newsp->state = IPSEC_SPSTATE_ALIVE;
1969	LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
1970
1971	/ delete the entry in spacqtree /
1972	if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1973	struct secspacq *spacq;
1974	if ((spacq = key_getspacq(&spidx)) != NULL) {
1975	/ reset counter in order to deletion by timehandler. /
1976	spacq->created = time_uptime;
1977	spacq->count = `0`;
1978	}
1979	}
1980
1981	#if defined(__NetBSD__)
1982	/ Invalidate all cached SPD pointers in the PCBs. /
1983	ipsec_invalpcbcacheall();
1984
1985	#if defined(GATEWAY)
1986	/ Invalidate the ipflow cache, as well. /
1987	ipflow_invalidate_all(`0`);
1988	#ifdef INET6
1989	ip6flow_invalidate_all(`0`);
1990	#endif /* INET6 */
1991	#endif /* GATEWAY */
1992	#endif /* __NetBSD__ */
1993
1994	{
1995	struct mbuf n, mpolicy;
1996	struct sadb_msg *newmsg;
1997	int off;
1998
1999	/ create new sadb_msg to reply. /
2000	if (lft) {
2001	n = key_gather_mbuf(m, mhp, `2`, `5`, SADB_EXT_RESERVED,
2002	SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
2003	SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2004	} else {
2005	n = key_gather_mbuf(m, mhp, `2`, `4`, SADB_EXT_RESERVED,
2006	SADB_X_EXT_POLICY,
2007	SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2008	}
2009	if (!n)
2010	return key_senderror(so, m, ENOBUFS);
2011
2012	if (n->m_len < sizeof(*newmsg)) {
2013	n = m_pullup(n, sizeof(*newmsg));
2014	if (!n)
2015	return key_senderror(so, m, ENOBUFS);
2016	}
2017	newmsg = mtod(n, struct sadb_msg *);
2018	newmsg->sadb_msg_errno = `0`;
2019	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2020
2021	off = `0`;
2022	mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2023	sizeof(*xpl), &off);
2024	if (mpolicy == NULL) {
2025	/ n is already freed /
2026	return key_senderror(so, m, ENOBUFS);
2027	}
2028	xpl = (struct sadb_x_policy )(mtod(mpolicy, char* *) + off);
2029	if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2030	m_freem(n);
2031	return key_senderror(so, m, EINVAL);
2032	}
2033	xpl->sadb_x_policy_id = newsp->id;
2034
2035	m_freem(m);
2036	key_update_used();
2037	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2038	}
2039	}
2040
2041	/*
2042	* get new policy id.
2043	* OUT:
2044	* 0: failure.
2045	* others: success.
2046	*/
2047	static u_int32_t
2048	key_getnewspid(void)
2049	{
2050	u_int32_t newid = `0`;
2051	int count = key_spi_trycnt; / XXX /
2052	struct secpolicy *sp;
2053
2054	/ when requesting to allocate spi ranged /
2055	while (count--) {
2056	newid = (policy_id = (policy_id == ~`0` ? `1` : policy_id + `1`));
2057
2058	if ((sp = key_getspbyid(newid)) == NULL)
2059	break;
2060
2061	KEY_FREESP(&sp);
2062	}
2063
2064	if (count == `0` \|\| newid == `0`) {
2065	ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
2066	return `0`;
2067	}
2068
2069	return newid;
2070	}
2071
2072	/*
2073	* SADB_SPDDELETE processing
2074	* receive
2075	* <base, address(SD), policy(*)>
2076	* from the user(?), and set SADB_SASTATE_DEAD,
2077	* and send,
2078	* <base, address(SD), policy(*)>
2079	* to the ikmpd.
2080	* policy(*) including direction of policy.
2081	*
2082	* m will always be freed.
2083	*/
2084	static int
2085	key_spddelete(struct socket so, struct* mbuf *m,
2086	const struct sadb_msghdr *mhp)
2087	{
2088	struct sadb_address src0, dst0;
2089	struct sadb_x_policy *xpl0;
2090	struct secpolicyindex spidx;
2091	struct secpolicy *sp;
2092
2093	/ sanity check /
2094	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2095	panic("key_spddelete: NULL pointer is passed");
2096
2097	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
2098	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL \|\|
2099	mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2100	ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2101	return key_senderror(so, m, EINVAL);
2102	}
2103	if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
2104	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) \|\|
2105	mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2106	ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2107	return key_senderror(so, m, EINVAL);
2108	}
2109
2110	src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2111	dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2112	xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2113
2114	/ make secindex /
2115	/ XXX boundary check against sa_len /
2116	KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2117	src0 + `1`,
2118	dst0 + `1`,
2119	src0->sadb_address_prefixlen,
2120	dst0->sadb_address_prefixlen,
2121	src0->sadb_address_proto,
2122	&spidx);
2123
2124	/ checking the direciton. /
2125	switch (xpl0->sadb_x_policy_dir) {
2126	case IPSEC_DIR_INBOUND:
2127	case IPSEC_DIR_OUTBOUND:
2128	break;
2129	default:
2130	ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2131	return key_senderror(so, m, EINVAL);
2132	}
2133
2134	/ Is there SP in SPD ? /
2135	if ((sp = key_getsp(&spidx)) == NULL) {
2136	ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2137	return key_senderror(so, m, EINVAL);
2138	}
2139
2140	/ save policy id to buffer to be returned. /
2141	xpl0->sadb_x_policy_id = sp->id;
2142
2143	key_sp_dead(sp);
2144	key_sp_unlink(sp); / XXX jrs ordering /
2145	KEY_FREESP(&sp); / ref gained by key_getspbyid /
2146
2147	#if defined(__NetBSD__)
2148	/ Invalidate all cached SPD pointers in the PCBs. /
2149	ipsec_invalpcbcacheall();
2150
2151	/ We're deleting policy; no need to invalidate the ipflow cache. /
2152	#endif /* __NetBSD__ */
2153
2154	{
2155	struct mbuf *n;
2156	struct sadb_msg *newmsg;
2157
2158	/ create new sadb_msg to reply. /
2159	n = key_gather_mbuf(m, mhp, `1`, `4`, SADB_EXT_RESERVED,
2160	SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2161	if (!n)
2162	return key_senderror(so, m, ENOBUFS);
2163
2164	newmsg = mtod(n, struct sadb_msg *);
2165	newmsg->sadb_msg_errno = `0`;
2166	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2167
2168	m_freem(m);
2169	key_update_used();
2170	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2171	}
2172	}
2173
2174	/*
2175	* SADB_SPDDELETE2 processing
2176	* receive
2177	* <base, policy(*)>
2178	* from the user(?), and set SADB_SASTATE_DEAD,
2179	* and send,
2180	* <base, policy(*)>
2181	* to the ikmpd.
2182	* policy(*) including direction of policy.
2183	*
2184	* m will always be freed.
2185	*/
2186	static int
2187	key_spddelete2(struct socket so, struct* mbuf *m,
2188	const struct sadb_msghdr *mhp)
2189	{
2190	u_int32_t id;
2191	struct secpolicy *sp;
2192
2193	/ sanity check /
2194	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2195	panic("key_spddelete2: NULL pointer is passed");
2196
2197	if (mhp->ext[SADB_X_EXT_POLICY] == NULL \|\|
2198	mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2199	ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2200	key_senderror(so, m, EINVAL);
2201	return `0`;
2202	}
2203
2204	id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2205
2206	/ Is there SP in SPD ? /
2207	if ((sp = key_getspbyid(id)) == NULL) {
2208	ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2209	return key_senderror(so, m, EINVAL);
2210	}
2211
2212	key_sp_dead(sp);
2213	key_sp_unlink(sp); / XXX jrs ordering /
2214	KEY_FREESP(&sp); / ref gained by key_getsp /
2215	sp = NULL;
2216
2217	#if defined(__NetBSD__)
2218	/ Invalidate all cached SPD pointers in the PCBs. /
2219	ipsec_invalpcbcacheall();
2220
2221	/ We're deleting policy; no need to invalidate the ipflow cache. /
2222	#endif /* __NetBSD__ */
2223
2224	{
2225	struct mbuf n, nn;
2226	struct sadb_msg *newmsg;
2227	int off, len;
2228
2229	/ create new sadb_msg to reply. /
2230	len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2231
2232	if (len > MCLBYTES)
2233	return key_senderror(so, m, ENOBUFS);
2234	MGETHDR(n, M_DONTWAIT, MT_DATA);
2235	if (n && len > MHLEN) {
2236	MCLGET(n, M_DONTWAIT);
2237	if ((n->m_flags & M_EXT) == `0`) {
2238	m_freem(n);
2239	n = NULL;
2240	}
2241	}
2242	if (!n)
2243	return key_senderror(so, m, ENOBUFS);
2244
2245	n->m_len = len;
2246	n->m_next = NULL;
2247	off = `0`;
2248
2249	m_copydata(m, `0`, sizeof(struct sadb_msg), mtod(n, char *) + off);
2250	off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2251
2252	#ifdef DIAGNOSTIC
2253	if (off != len)
2254	panic("length inconsistency in key_spddelete2");
2255	#endif
2256
2257	n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2258	mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2259	if (!n->m_next) {
2260	m_freem(n);
2261	return key_senderror(so, m, ENOBUFS);
2262	}
2263
2264	n->m_pkthdr.len = `0`;
2265	for (nn = n; nn; nn = nn->m_next)
2266	n->m_pkthdr.len += nn->m_len;
2267
2268	newmsg = mtod(n, struct sadb_msg *);
2269	newmsg->sadb_msg_errno = `0`;
2270	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2271
2272	m_freem(m);
2273	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2274	}
2275	}
2276
2277	/*
2278	* SADB_X_GET processing
2279	* receive
2280	* <base, policy(*)>
2281	* from the user(?),
2282	* and send,
2283	* <base, address(SD), policy>
2284	* to the ikmpd.
2285	* policy(*) including direction of policy.
2286	*
2287	* m will always be freed.
2288	*/
2289	static int
2290	key_spdget(struct socket so, struct* mbuf *m,
2291	const struct sadb_msghdr *mhp)
2292	{
2293	u_int32_t id;
2294	struct secpolicy *sp;
2295	struct mbuf *n;
2296
2297	/ sanity check /
2298	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2299	panic("key_spdget: NULL pointer is passed");
2300
2301	if (mhp->ext[SADB_X_EXT_POLICY] == NULL \|\|
2302	mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2303	ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2304	return key_senderror(so, m, EINVAL);
2305	}
2306
2307	id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2308
2309	/ Is there SP in SPD ? /
2310	if ((sp = key_getspbyid(id)) == NULL) {
2311	ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2312	return key_senderror(so, m, ENOENT);
2313	}
2314
2315	n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2316	mhp->msg->sadb_msg_pid);
2317	KEY_FREESP(&sp); / ref gained by key_getspbyid /
2318	if (n != NULL) {
2319	m_freem(m);
2320	return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2321	} else
2322	return key_senderror(so, m, ENOBUFS);
2323	}
2324
2325	/*
2326	* SADB_X_SPDACQUIRE processing.
2327	* Acquire policy and SA(s) for a OUTBOUND packet.
2328	* send
2329	* <base, policy(*)>
2330	* to KMD, and expect to receive
2331	* <base> with SADB_X_SPDACQUIRE if error occurred,
2332	* or
2333	* <base, policy>
2334	* with SADB_X_SPDUPDATE from KMD by PF_KEY.
2335	* policy(*) is without policy requests.
2336	*
2337	* 0 : succeed
2338	* others: error number
2339	*/
2340	int
2341	key_spdacquire(const struct secpolicy *sp)
2342	{
2343	struct mbuf result = NULL, m;
2344	struct secspacq *newspacq;
2345	int error;
2346
2347	/ sanity check /
2348	if (sp == NULL)
2349	panic("key_spdacquire: NULL pointer is passed");
2350	if (sp->req != NULL)
2351	panic("key_spdacquire: called but there is request");
2352	if (sp->policy != IPSEC_POLICY_IPSEC)
2353	panic("key_spdacquire: policy mismathed. IPsec is expected");
2354
2355	/ Get an entry to check whether sent message or not. /
2356	if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
2357	if (key_blockacq_count < newspacq->count) {
2358	/ reset counter and do send message. /
2359	newspacq->count = `0`;
2360	} else {
2361	/ increment counter and do nothing. /
2362	newspacq->count++;
2363	return `0`;
2364	}
2365	} else {
2366	/ make new entry for blocking to send SADB_ACQUIRE. /
2367	if ((newspacq = key_newspacq(&sp->spidx)) == NULL)
2368	return ENOBUFS;
2369
2370	/ add to acqtree /
2371	LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2372	}
2373
2374	/ create new sadb_msg to reply. /
2375	m = key_setsadbmsg(SADB_X_SPDACQUIRE, `0`, `0`, `0`, `0`, `0`);
2376	if (!m) {
2377	error = ENOBUFS;
2378	goto fail;
2379	}
2380	result = m;
2381
2382	result->m_pkthdr.len = `0`;
2383	for (m = result; m; m = m->m_next)
2384	result->m_pkthdr.len += m->m_len;
2385
2386	mtod(result, struct sadb_msg *)->sadb_msg_len =
2387	PFKEY_UNIT64(result->m_pkthdr.len);
2388
2389	return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2390
2391	fail:
2392	if (result)
2393	m_freem(result);
2394	return error;
2395	}
2396
2397	/*
2398	* SADB_SPDFLUSH processing
2399	* receive
2400	* <base>
2401	* from the user, and free all entries in secpctree.
2402	* and send,
2403	* <base>
2404	* to the user.
2405	* NOTE: what to do is only marking SADB_SASTATE_DEAD.
2406	*
2407	* m will always be freed.
2408	*/
2409	static int
2410	key_spdflush(struct socket so, struct* mbuf *m,
2411	const struct sadb_msghdr *mhp)
2412	{
2413	struct sadb_msg *newmsg;
2414	struct secpolicy *sp;
2415	u_int dir;
2416
2417	/ sanity check /
2418	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2419	panic("key_spdflush: NULL pointer is passed");
2420
2421	if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2422	return key_senderror(so, m, EINVAL);
2423
2424	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
2425	struct secpolicy * nextsp;
2426	for (sp = LIST_FIRST(&sptree[dir]);
2427	sp != NULL;
2428	sp = nextsp) {
2429
2430	nextsp = LIST_NEXT(sp, chain);
2431	if (sp->state == IPSEC_SPSTATE_DEAD)
2432	continue;
2433	key_sp_dead(sp);
2434	key_sp_unlink(sp);
2435	/ 'sp' dead; continue transfers to 'sp = nextsp' /
2436	continue;
2437	}
2438	}
2439
2440	#if defined(__NetBSD__)
2441	/ Invalidate all cached SPD pointers in the PCBs. /
2442	ipsec_invalpcbcacheall();
2443
2444	/ We're deleting policy; no need to invalidate the ipflow cache. /
2445	#endif /* __NetBSD__ */
2446
2447	if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2448	ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2449	return key_senderror(so, m, ENOBUFS);
2450	}
2451
2452	if (m->m_next)
2453	m_freem(m->m_next);
2454	m->m_next = NULL;
2455	m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2456	newmsg = mtod(m, struct sadb_msg *);
2457	newmsg->sadb_msg_errno = `0`;
2458	newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2459
2460	return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2461	}
2462
2463	static struct sockaddr key_src = {
2464	.sa_len = `2`,
2465	.sa_family = PF_KEY,
2466	};
2467
2468	static struct mbuf *
2469	key_setspddump_chain(int errorp, int* *lenp, pid_t pid)
2470	{
2471	struct secpolicy *sp;
2472	int cnt;
2473	u_int dir;
2474	struct mbuf m, n, *prev;
2475	int totlen;
2476
2477	*lenp = `0`;
2478
2479	/ search SPD entry and get buffer size. /
2480	cnt = `0`;
2481	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
2482	LIST_FOREACH(sp, &sptree[dir], chain) {
2483	cnt++;
2484	}
2485	}
2486
2487	if (cnt == `0`) {
2488	*errorp = ENOENT;
2489	return (NULL);
2490	}
2491
2492	m = NULL;
2493	prev = m;
2494	totlen = `0`;
2495	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
2496	LIST_FOREACH(sp, &sptree[dir], chain) {
2497	--cnt;
2498	n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
2499
2500	if (!n) {
2501	*errorp = ENOBUFS;
2502	if (m) m_freem(m);
2503	return (NULL);
2504	}
2505
2506	totlen += n->m_pkthdr.len;
2507	if (!m) {
2508	m = n;
2509	} else {
2510	prev->m_nextpkt = n;
2511	}
2512	prev = n;
2513	}
2514	}
2515
2516	*lenp = totlen;
2517	*errorp = `0`;
2518	return (m);
2519	}
2520
2521	/*
2522	* SADB_SPDDUMP processing
2523	* receive
2524	* <base>
2525	* from the user, and dump all SP leaves
2526	* and send,
2527	* <base> .....
2528	* to the ikmpd.
2529	*
2530	* m will always be freed.
2531	*/
2532	static int
2533	key_spddump(struct socket so, struct* mbuf *m0,
2534	const struct sadb_msghdr *mhp)
2535	{
2536	struct mbuf *n;
2537	int error, len;
2538	int ok, s;
2539	pid_t pid;
2540
2541	/ sanity check /
2542	if (so == NULL \|\| m0 == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2543	panic("key_spddump: NULL pointer is passed");
2544
2545
2546	pid = mhp->msg->sadb_msg_pid;
2547	/*
2548	* If the requestor has insufficient socket-buffer space
2549	* for the entire chain, nobody gets any response to the DUMP.
2550	* XXX For now, only the requestor ever gets anything.
2551	* Moreover, if the requestor has any space at all, they receive
2552	* the entire chain, otherwise the request is refused with ENOBUFS.
2553	*/
2554	if (sbspace(&so->so_rcv) <= `0`) {
2555	return key_senderror(so, m0, ENOBUFS);
2556	}
2557
2558	s = splsoftnet();
2559	n = key_setspddump_chain(&error, &len, pid);
2560	splx(s);
2561
2562	if (n == NULL) {
2563	return key_senderror(so, m0, ENOENT);
2564	}
2565	{
2566	uint64_t *ps = PFKEY_STAT_GETREF();
2567	ps[PFKEY_STAT_IN_TOTAL]++;
2568	ps[PFKEY_STAT_IN_BYTES] += len;
2569	PFKEY_STAT_PUTREF();
2570	}
2571
2572	/*
2573	* PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
2574	* The requestor receives either the entire chain, or an
2575	* error message with ENOBUFS.
2576	*/
2577
2578	/*
2579	* sbappendchainwith record takes the chain of entries, one
2580	* packet-record per SPD entry, prepends the key_src sockaddr
2581	* to each packet-record, links the sockaddr mbufs into a new
2582	* list of records, then appends the entire resulting
2583	* list to the requesting socket.
2584	*/
2585	ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src,
2586	n, SB_PRIO_ONESHOT_OVERFLOW);
2587
2588	if (!ok) {
2589	PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
2590	m_freem(n);
2591	return key_senderror(so, m0, ENOBUFS);
2592	}
2593
2594	m_freem(m0);
2595	return error;
2596	}
2597
2598	/*
2599	* SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23
2600	*/
2601	static int
2602	key_nat_map(struct socket so, struct* mbuf *m,
2603	const struct sadb_msghdr *mhp)
2604	{
2605	struct sadb_x_nat_t_type *type;
2606	struct sadb_x_nat_t_port *sport;
2607	struct sadb_x_nat_t_port *dport;
2608	struct sadb_address iaddr, raddr;
2609	struct sadb_x_nat_t_frag *frag;
2610
2611	/ sanity check /
2612	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
2613	panic("key_nat_map: NULL pointer is passed.");
2614
2615	if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL \|\|
2616	mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL \|\|
2617	mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) {
2618	ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2619	return key_senderror(so, m, EINVAL);
2620	}
2621	if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) \|\|
2622	(mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) \|\|
2623	(mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
2624	ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2625	return key_senderror(so, m, EINVAL);
2626	}
2627
2628	if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) &&
2629	(mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) {
2630	ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2631	return key_senderror(so, m, EINVAL);
2632	}
2633
2634	if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) &&
2635	(mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) {
2636	ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2637	return key_senderror(so, m, EINVAL);
2638	}
2639
2640	if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
2641	(mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
2642	ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2643	return key_senderror(so, m, EINVAL);
2644	}
2645
2646	type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
2647	sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
2648	dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
2649	iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
2650	raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
2651	frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG];
2652
2653	/*
2654	* XXX handle that, it should also contain a SA, or anything
2655	* that enable to update the SA information.
2656	*/
2657
2658	return `0`;
2659	}
2660
2661	static struct mbuf *
2662	key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid)
2663	{
2664	struct mbuf result = NULL, m;
2665
2666	m = key_setsadbmsg(type, `0`, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2667	if (!m)
2668	goto fail;
2669	result = m;
2670
2671	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2672	&sp->spidx.src.sa, sp->spidx.prefs,
2673	sp->spidx.ul_proto);
2674	if (!m)
2675	goto fail;
2676	m_cat(result, m);
2677
2678	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2679	&sp->spidx.dst.sa, sp->spidx.prefd,
2680	sp->spidx.ul_proto);
2681	if (!m)
2682	goto fail;
2683	m_cat(result, m);
2684
2685	m = key_sp2msg(sp);
2686	if (!m)
2687	goto fail;
2688	m_cat(result, m);
2689
2690	if ((result->m_flags & M_PKTHDR) == `0`)
2691	goto fail;
2692
2693	if (result->m_len < sizeof(struct sadb_msg)) {
2694	result = m_pullup(result, sizeof(struct sadb_msg));
2695	if (result == NULL)
2696	goto fail;
2697	}
2698
2699	result->m_pkthdr.len = `0`;
2700	for (m = result; m; m = m->m_next)
2701	result->m_pkthdr.len += m->m_len;
2702
2703	mtod(result, struct sadb_msg *)->sadb_msg_len =
2704	PFKEY_UNIT64(result->m_pkthdr.len);
2705
2706	return result;
2707
2708	fail:
2709	m_freem(result);
2710	return NULL;
2711	}
2712
2713	/*
2714	* get PFKEY message length for security policy and request.
2715	*/
2716	static u_int
2717	key_getspreqmsglen(const struct secpolicy *sp)
2718	{
2719	u_int tlen;
2720
2721	tlen = sizeof(struct sadb_x_policy);
2722
2723	/ if is the policy for ipsec ? /
2724	if (sp->policy != IPSEC_POLICY_IPSEC)
2725	return tlen;
2726
2727	/ get length of ipsec requests /
2728	{
2729	const struct ipsecrequest *isr;
2730	int len;
2731
2732	for (isr = sp->req; isr != NULL; isr = isr->next) {
2733	len = sizeof(struct sadb_x_ipsecrequest)
2734	+ isr->saidx.src.sa.sa_len
2735	+ isr->saidx.dst.sa.sa_len;
2736
2737	tlen += PFKEY_ALIGN8(len);
2738	}
2739	}
2740
2741	return tlen;
2742	}
2743
2744	/*
2745	* SADB_SPDEXPIRE processing
2746	* send
2747	* <base, address(SD), lifetime(CH), policy>
2748	* to KMD by PF_KEY.
2749	*
2750	* OUT: 0 : succeed
2751	* others : error number
2752	*/
2753	static int
2754	key_spdexpire(struct secpolicy *sp)
2755	{
2756	int s;
2757	struct mbuf result = NULL, m;
2758	int len;
2759	int error = -`1`;
2760	struct sadb_lifetime *lt;
2761
2762	/ XXX: Why do we lock ? /
2763	s = splsoftnet(); /called from softclock()/
2764
2765	/ sanity check /
2766	if (sp == NULL)
2767	panic("key_spdexpire: NULL pointer is passed");
2768
2769	/ set msg header /
2770	m = key_setsadbmsg(SADB_X_SPDEXPIRE, `0`, `0`, `0`, `0`, `0`);
2771	if (!m) {
2772	error = ENOBUFS;
2773	goto fail;
2774	}
2775	result = m;
2776
2777	/ create lifetime extension (current and hard) /
2778	len = PFKEY_ALIGN8(sizeof(lt)) `2`;
2779	m = key_alloc_mbuf(len);
2780	if (!m \|\| m->m_next) { /XXX/
2781	if (m)
2782	m_freem(m);
2783	error = ENOBUFS;
2784	goto fail;
2785	}
2786	memset(mtod(m, void *), `0`, len);
2787	lt = mtod(m, struct sadb_lifetime *);
2788	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2789	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2790	lt->sadb_lifetime_allocations = `0`;
2791	lt->sadb_lifetime_bytes = `0`;
2792	lt->sadb_lifetime_addtime = sp->created + time_second - time_uptime;
2793	lt->sadb_lifetime_usetime = sp->lastused + time_second - time_uptime;
2794	lt = (struct sadb_lifetime )(mtod(m, char* *) + len / `2`);
2795	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2796	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2797	lt->sadb_lifetime_allocations = `0`;
2798	lt->sadb_lifetime_bytes = `0`;
2799	lt->sadb_lifetime_addtime = sp->lifetime;
2800	lt->sadb_lifetime_usetime = sp->validtime;
2801	m_cat(result, m);
2802
2803	/ set sadb_address for source /
2804	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2805	&sp->spidx.src.sa,
2806	sp->spidx.prefs, sp->spidx.ul_proto);
2807	if (!m) {
2808	error = ENOBUFS;
2809	goto fail;
2810	}
2811	m_cat(result, m);
2812
2813	/ set sadb_address for destination /
2814	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2815	&sp->spidx.dst.sa,
2816	sp->spidx.prefd, sp->spidx.ul_proto);
2817	if (!m) {
2818	error = ENOBUFS;
2819	goto fail;
2820	}
2821	m_cat(result, m);
2822
2823	/ set secpolicy /
2824	m = key_sp2msg(sp);
2825	if (!m) {
2826	error = ENOBUFS;
2827	goto fail;
2828	}
2829	m_cat(result, m);
2830
2831	if ((result->m_flags & M_PKTHDR) == `0`) {
2832	error = EINVAL;
2833	goto fail;
2834	}
2835
2836	if (result->m_len < sizeof(struct sadb_msg)) {
2837	result = m_pullup(result, sizeof(struct sadb_msg));
2838	if (result == NULL) {
2839	error = ENOBUFS;
2840	goto fail;
2841	}
2842	}
2843
2844	result->m_pkthdr.len = `0`;
2845	for (m = result; m; m = m->m_next)
2846	result->m_pkthdr.len += m->m_len;
2847
2848	mtod(result, struct sadb_msg *)->sadb_msg_len =
2849	PFKEY_UNIT64(result->m_pkthdr.len);
2850
2851	return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2852
2853	fail:
2854	if (result)
2855	m_freem(result);
2856	splx(s);
2857	return error;
2858	}
2859
2860	/ %%% SAD management /
2861	/*
2862	* allocating a memory for new SA head, and copy from the values of mhp.
2863	* OUT: NULL : failure due to the lack of memory.
2864	* others : pointer to new SA head.
2865	*/
2866	static struct secashead *
2867	key_newsah(const struct secasindex *saidx)
2868	{
2869	struct secashead *newsah;
2870
2871	IPSEC_ASSERT(saidx != NULL, ("key_newsaidx: null saidx"));
2872
2873	newsah = (struct secashead *)
2874	malloc(sizeof(struct secashead), M_SECA, M_NOWAIT\|M_ZERO);
2875	if (newsah != NULL) {
2876	int i;
2877	for (i = `0`; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[`0`]); i++)
2878	LIST_INIT(&newsah->savtree[i]);
2879	newsah->saidx = *saidx;
2880
2881	/ add to saidxtree /
2882	newsah->state = SADB_SASTATE_MATURE;
2883	LIST_INSERT_HEAD(&sahtree, newsah, chain);
2884	}
2885	return(newsah);
2886	}
2887
2888	/*
2889	* delete SA index and all SA registerd.
2890	*/
2891	static void
2892	key_delsah(struct secashead *sah)
2893	{
2894	struct secasvar sav, nextsav;
2895	u_int stateidx, state;
2896	int s;
2897	int zombie = `0`;
2898
2899	/ sanity check /
2900	if (sah == NULL)
2901	panic("key_delsah: NULL pointer is passed");
2902
2903	s = splsoftnet(); /called from softclock()/
2904
2905	/ searching all SA registerd in the secindex. /
2906	for (stateidx = `0`;
2907	stateidx < _ARRAYLEN(saorder_state_any);
2908	stateidx++) {
2909
2910	state = saorder_state_any[stateidx];
2911	for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
2912	sav != NULL;
2913	sav = nextsav) {
2914
2915	nextsav = LIST_NEXT(sav, chain);
2916
2917	if (sav->refcnt == `0`) {
2918	/ sanity check /
2919	KEY_CHKSASTATE(state, sav->state, "key_delsah");
2920	KEY_FREESAV(&sav);
2921	} else {
2922	/ give up to delete this sa /
2923	zombie++;
2924	}
2925	}
2926	}
2927
2928	/ don't delete sah only if there are savs. /
2929	if (zombie) {
2930	splx(s);
2931	return;
2932	}
2933
2934	rtcache_free(&sah->sa_route);
2935
2936	/ remove from tree of SA index /
2937	if (__LIST_CHAINED(sah))
2938	LIST_REMOVE(sah, chain);
2939
2940	KFREE(sah);
2941
2942	splx(s);
2943	return;
2944	}
2945
2946	/*
2947	* allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2948	* and copy the values of mhp into new buffer.
2949	* When SAD message type is GETSPI:
2950	* to set sequence number from acq_seq++,
2951	* to set zero to SPI.
2952	* not to call key_setsava().
2953	* OUT: NULL : fail
2954	* others : pointer to new secasvar.
2955	*
2956	* does not modify mbuf. does not free mbuf on error.
2957	*/
2958	static struct secasvar *
2959	key_newsav(struct mbuf m, const* struct sadb_msghdr *mhp,
2960	struct secashead sah, int* *errp,
2961	const char* where, int tag)
2962	{
2963	struct secasvar *newsav;
2964	const struct sadb_sa *xsa;
2965
2966	/ sanity check /
2967	if (m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL \|\| sah == NULL)
2968	panic("key_newsa: NULL pointer is passed");
2969
2970	KMALLOC(newsav, struct secasvar , sizeof(struct* secasvar));
2971	if (newsav == NULL) {
2972	ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2973	*errp = ENOBUFS;
2974	goto done;
2975	}
2976	memset(newsav, `0`, sizeof(struct secasvar));
2977
2978	switch (mhp->msg->sadb_msg_type) {
2979	case SADB_GETSPI:
2980	newsav->spi = `0`;
2981
2982	#ifdef IPSEC_DOSEQCHECK
2983	/ sync sequence number /
2984	if (mhp->msg->sadb_msg_seq == `0`)
2985	newsav->seq =
2986	(acq_seq = (acq_seq == ~`0` ? `1` : ++acq_seq));
2987	else
2988	#endif
2989	newsav->seq = mhp->msg->sadb_msg_seq;
2990	break;
2991
2992	case SADB_ADD:
2993	/ sanity check /
2994	if (mhp->ext[SADB_EXT_SA] == NULL) {
2995	KFREE(newsav), newsav = NULL;
2996	ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2997	*errp = EINVAL;
2998	goto done;
2999	}
3000	xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3001	newsav->spi = xsa->sadb_sa_spi;
3002	newsav->seq = mhp->msg->sadb_msg_seq;
3003	break;
3004	default:
3005	KFREE(newsav), newsav = NULL;
3006	*errp = EINVAL;
3007	goto done;
3008	}
3009
3010	/ copy sav values /
3011	if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3012	*errp = key_setsaval(newsav, m, mhp);
3013	if (*errp) {
3014	KFREE(newsav), newsav = NULL;
3015	goto done;
3016	}
3017	}
3018
3019	/ reset created /
3020	newsav->created = time_uptime;
3021	newsav->pid = mhp->msg->sadb_msg_pid;
3022
3023	/ add to satree /
3024	newsav->sah = sah;
3025	newsav->refcnt = `1`;
3026	newsav->state = SADB_SASTATE_LARVAL;
3027	LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3028	secasvar, chain);
3029	done:
3030	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
3031	printf("DP %s from %s:%u return SP:%p\n", __func__,
3032	where, tag, newsav));
3033
3034	return newsav;
3035	}
3036
3037	/*
3038	* free() SA variable entry.
3039	*/
3040	static void
3041	key_delsav(struct secasvar *sav)
3042	{
3043	IPSEC_ASSERT(sav != NULL, ("key_delsav: null sav"));
3044	IPSEC_ASSERT(sav->refcnt == `0`,
3045	("key_delsav: reference count %u > 0", sav->refcnt));
3046
3047	/ remove from SA header /
3048	if (__LIST_CHAINED(sav))
3049	LIST_REMOVE(sav, chain);
3050
3051	/*
3052	* Cleanup xform state. Note that zeroize'ing causes the
3053	* keys to be cleared; otherwise we must do it ourself.
3054	*/
3055	if (sav->tdb_xform != NULL) {
3056	sav->tdb_xform->xf_zeroize(sav);
3057	sav->tdb_xform = NULL;
3058	} else {
3059	if (sav->key_auth != NULL)
3060	explicit_memset(_KEYBUF(sav->key_auth), `0`,
3061	_KEYLEN(sav->key_auth));
3062	if (sav->key_enc != NULL)
3063	explicit_memset(_KEYBUF(sav->key_enc), `0`,
3064	_KEYLEN(sav->key_enc));
3065	}
3066	if (sav->key_auth != NULL) {
3067	KFREE(sav->key_auth);
3068	sav->key_auth = NULL;
3069	}
3070	if (sav->key_enc != NULL) {
3071	KFREE(sav->key_enc);
3072	sav->key_enc = NULL;
3073	}
3074	if (sav->replay != NULL) {
3075	KFREE(sav->replay);
3076	sav->replay = NULL;
3077	}
3078	if (sav->lft_c != NULL) {
3079	KFREE(sav->lft_c);
3080	sav->lft_c = NULL;
3081	}
3082	if (sav->lft_h != NULL) {
3083	KFREE(sav->lft_h);
3084	sav->lft_h = NULL;
3085	}
3086	if (sav->lft_s != NULL) {
3087	KFREE(sav->lft_s);
3088	sav->lft_s = NULL;
3089	}
3090
3091	KFREE(sav);
3092
3093	return;
3094	}
3095
3096	/*
3097	* search SAD.
3098	* OUT:
3099	* NULL : not found
3100	* others : found, pointer to a SA.
3101	*/
3102	static struct secashead *
3103	key_getsah(const struct secasindex *saidx)
3104	{
3105	struct secashead *sah;
3106
3107	LIST_FOREACH(sah, &sahtree, chain) {
3108	if (sah->state == SADB_SASTATE_DEAD)
3109	continue;
3110	if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3111	return sah;
3112	}
3113
3114	return NULL;
3115	}
3116
3117	/*
3118	* check not to be duplicated SPI.
3119	* NOTE: this function is too slow due to searching all SAD.
3120	* OUT:
3121	* NULL : not found
3122	* others : found, pointer to a SA.
3123	*/
3124	static struct secasvar *
3125	key_checkspidup(const struct secasindex *saidx, u_int32_t spi)
3126	{
3127	struct secashead *sah;
3128	struct secasvar *sav;
3129
3130	/ check address family /
3131	if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
3132	ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
3133	return NULL;
3134	}
3135
3136	/ check all SAD /
3137	LIST_FOREACH(sah, &sahtree, chain) {
3138	if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
3139	continue;
3140	sav = key_getsavbyspi(sah, spi);
3141	if (sav != NULL)
3142	return sav;
3143	}
3144
3145	return NULL;
3146	}
3147
3148	/*
3149	* search SAD litmited alive SA, protocol, SPI.
3150	* OUT:
3151	* NULL : not found
3152	* others : found, pointer to a SA.
3153	*/
3154	static struct secasvar *
3155	key_getsavbyspi(struct secashead *sah, u_int32_t spi)
3156	{
3157	struct secasvar *sav;
3158	u_int stateidx, state;
3159
3160	/ search all status /
3161	for (stateidx = `0`;
3162	stateidx < _ARRAYLEN(saorder_state_alive);
3163	stateidx++) {
3164
3165	state = saorder_state_alive[stateidx];
3166	LIST_FOREACH(sav, &sah->savtree[state], chain) {
3167
3168	/ sanity check /
3169	if (sav->state != state) {
3170	ipseclog((LOG_DEBUG, "key_getsavbyspi: "
3171	"invalid sav->state (queue: %d SA: %d)\n",
3172	state, sav->state));
3173	continue;
3174	}
3175
3176	if (sav->spi == spi)
3177	return sav;
3178	}
3179	}
3180
3181	return NULL;
3182	}
3183
3184	/*
3185	* copy SA values from PF_KEY message except SPI, SEQ, PID, STATE and TYPE.
3186	* You must update these if need.
3187	* OUT: 0: success.
3188	* !0: failure.
3189	*
3190	* does not modify mbuf. does not free mbuf on error.
3191	*/
3192	static int
3193	key_setsaval(struct secasvar sav, struct* mbuf *m,
3194	const struct sadb_msghdr *mhp)
3195	{
3196	int error = `0`;
3197
3198	/ sanity check /
3199	if (m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
3200	panic("key_setsaval: NULL pointer is passed");
3201
3202	/ initialization /
3203	sav->replay = NULL;
3204	sav->key_auth = NULL;
3205	sav->key_enc = NULL;
3206	sav->lft_c = NULL;
3207	sav->lft_h = NULL;
3208	sav->lft_s = NULL;
3209	sav->tdb_xform = NULL; / transform /
3210	sav->tdb_encalgxform = NULL; / encoding algorithm /
3211	sav->tdb_authalgxform = NULL; / authentication algorithm /
3212	sav->tdb_compalgxform = NULL; / compression algorithm /
3213	sav->natt_type = `0`;
3214	sav->esp_frag = `0`;
3215
3216	/ SA /
3217	if (mhp->ext[SADB_EXT_SA] != NULL) {
3218	const struct sadb_sa *sa0;
3219
3220	sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3221	if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3222	error = EINVAL;
3223	goto fail;
3224	}
3225
3226	sav->alg_auth = sa0->sadb_sa_auth;
3227	sav->alg_enc = sa0->sadb_sa_encrypt;
3228	sav->flags = sa0->sadb_sa_flags;
3229
3230	/ replay window /
3231	if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == `0`) {
3232	sav->replay = (struct secreplay *)
3233	malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_SECA, M_NOWAIT\|M_ZERO);
3234	if (sav->replay == NULL) {
3235	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3236	error = ENOBUFS;
3237	goto fail;
3238	}
3239	if (sa0->sadb_sa_replay != `0`)
3240	sav->replay->bitmap = (char*)(sav->replay+`1`);
3241	sav->replay->wsize = sa0->sadb_sa_replay;
3242	}
3243	}
3244
3245	/ Authentication keys /
3246	if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3247	const struct sadb_key *key0;
3248	int len;
3249
3250	key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3251	len = mhp->extlen[SADB_EXT_KEY_AUTH];
3252
3253	error = `0`;
3254	if (len < sizeof(*key0)) {
3255	error = EINVAL;
3256	goto fail;
3257	}
3258	switch (mhp->msg->sadb_msg_satype) {
3259	case SADB_SATYPE_AH:
3260	case SADB_SATYPE_ESP:
3261	case SADB_X_SATYPE_TCPSIGNATURE:
3262	if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3263	sav->alg_auth != SADB_X_AALG_NULL)
3264	error = EINVAL;
3265	break;
3266	case SADB_X_SATYPE_IPCOMP:
3267	default:
3268	error = EINVAL;
3269	break;
3270	}
3271	if (error) {
3272	ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3273	goto fail;
3274	}
3275
3276	sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3277	if (sav->key_auth == NULL) {
3278	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3279	error = ENOBUFS;
3280	goto fail;
3281	}
3282	}
3283
3284	/ Encryption key /
3285	if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3286	const struct sadb_key *key0;
3287	int len;
3288
3289	key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3290	len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3291
3292	error = `0`;
3293	if (len < sizeof(*key0)) {
3294	error = EINVAL;
3295	goto fail;
3296	}
3297	switch (mhp->msg->sadb_msg_satype) {
3298	case SADB_SATYPE_ESP:
3299	if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3300	sav->alg_enc != SADB_EALG_NULL) {
3301	error = EINVAL;
3302	break;
3303	}
3304	sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3305	if (sav->key_enc == NULL) {
3306	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3307	error = ENOBUFS;
3308	goto fail;
3309	}
3310	break;
3311	case SADB_X_SATYPE_IPCOMP:
3312	if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3313	error = EINVAL;
3314	sav->key_enc = NULL; /just in case/
3315	break;
3316	case SADB_SATYPE_AH:
3317	case SADB_X_SATYPE_TCPSIGNATURE:
3318	default:
3319	error = EINVAL;
3320	break;
3321	}
3322	if (error) {
3323	ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3324	goto fail;
3325	}
3326	}
3327
3328	/ set iv /
3329	sav->ivlen = `0`;
3330
3331	switch (mhp->msg->sadb_msg_satype) {
3332	case SADB_SATYPE_AH:
3333	error = xform_init(sav, XF_AH);
3334	break;
3335	case SADB_SATYPE_ESP:
3336	error = xform_init(sav, XF_ESP);
3337	break;
3338	case SADB_X_SATYPE_IPCOMP:
3339	error = xform_init(sav, XF_IPCOMP);
3340	break;
3341	case SADB_X_SATYPE_TCPSIGNATURE:
3342	error = xform_init(sav, XF_TCPSIGNATURE);
3343	break;
3344	}
3345	if (error) {
3346	ipseclog((LOG_DEBUG,
3347	"key_setsaval: unable to initialize SA type %u.\n",
3348	mhp->msg->sadb_msg_satype));
3349	goto fail;
3350	}
3351
3352	/ reset created /
3353	sav->created = time_uptime;
3354
3355	/ make lifetime for CURRENT /
3356	KMALLOC(sav->lft_c, struct sadb_lifetime *,
3357	sizeof(struct sadb_lifetime));
3358	if (sav->lft_c == NULL) {
3359	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3360	error = ENOBUFS;
3361	goto fail;
3362	}
3363
3364	sav->lft_c->sadb_lifetime_len =
3365	PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3366	sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3367	sav->lft_c->sadb_lifetime_allocations = `0`;
3368	sav->lft_c->sadb_lifetime_bytes = `0`;
3369	sav->lft_c->sadb_lifetime_addtime = time_uptime;
3370	sav->lft_c->sadb_lifetime_usetime = `0`;
3371
3372	/ lifetimes for HARD and SOFT /
3373	{
3374	const struct sadb_lifetime *lft0;
3375
3376	lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3377	if (lft0 != NULL) {
3378	if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3379	error = EINVAL;
3380	goto fail;
3381	}
3382	sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3383	sizeof(*lft0));
3384	if (sav->lft_h == NULL) {
3385	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3386	error = ENOBUFS;
3387	goto fail;
3388	}
3389	/ to be initialize ? /
3390	}
3391
3392	lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3393	if (lft0 != NULL) {
3394	if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3395	error = EINVAL;
3396	goto fail;
3397	}
3398	sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3399	sizeof(*lft0));
3400	if (sav->lft_s == NULL) {
3401	ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3402	error = ENOBUFS;
3403	goto fail;
3404	}
3405	/ to be initialize ? /
3406	}
3407	}
3408
3409	return `0`;
3410
3411	fail:
3412	/ initialization /
3413	if (sav->replay != NULL) {
3414	KFREE(sav->replay);
3415	sav->replay = NULL;
3416	}
3417	if (sav->key_auth != NULL) {
3418	KFREE(sav->key_auth);
3419	sav->key_auth = NULL;
3420	}
3421	if (sav->key_enc != NULL) {
3422	KFREE(sav->key_enc);
3423	sav->key_enc = NULL;
3424	}
3425	if (sav->lft_c != NULL) {
3426	KFREE(sav->lft_c);
3427	sav->lft_c = NULL;
3428	}
3429	if (sav->lft_h != NULL) {
3430	KFREE(sav->lft_h);
3431	sav->lft_h = NULL;
3432	}
3433	if (sav->lft_s != NULL) {
3434	KFREE(sav->lft_s);
3435	sav->lft_s = NULL;
3436	}
3437
3438	return error;
3439	}
3440
3441	/*
3442	* validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3443	* OUT: 0: valid
3444	* other: errno
3445	*/
3446	static int
3447	key_mature(struct secasvar *sav)
3448	{
3449	int error;
3450
3451	/ check SPI value /
3452	switch (sav->sah->saidx.proto) {
3453	case IPPROTO_ESP:
3454	case IPPROTO_AH:
3455	if (ntohl(sav->spi) <= `255`) {
3456	ipseclog((LOG_DEBUG,
3457	"key_mature: illegal range of SPI %u.\n",
3458	(u_int32_t)ntohl(sav->spi)));
3459	return EINVAL;
3460	}
3461	break;
3462	}
3463
3464	/ check satype /
3465	switch (sav->sah->saidx.proto) {
3466	case IPPROTO_ESP:
3467	/ check flags /
3468	if ((sav->flags & (SADB_X_EXT_OLD\|SADB_X_EXT_DERIV)) ==
3469	(SADB_X_EXT_OLD\|SADB_X_EXT_DERIV)) {
3470	ipseclog((LOG_DEBUG, "key_mature: "
3471	"invalid flag (derived) given to old-esp.\n"));
3472	return EINVAL;
3473	}
3474	error = xform_init(sav, XF_ESP);
3475	break;
3476	case IPPROTO_AH:
3477	/ check flags /
3478	if (sav->flags & SADB_X_EXT_DERIV) {
3479	ipseclog((LOG_DEBUG, "key_mature: "
3480	"invalid flag (derived) given to AH SA.\n"));
3481	return EINVAL;
3482	}
3483	if (sav->alg_enc != SADB_EALG_NONE) {
3484	ipseclog((LOG_DEBUG, "key_mature: "
3485	"protocol and algorithm mismated.\n"));
3486	return(EINVAL);
3487	}
3488	error = xform_init(sav, XF_AH);
3489	break;
3490	case IPPROTO_IPCOMP:
3491	if (sav->alg_auth != SADB_AALG_NONE) {
3492	ipseclog((LOG_DEBUG, "key_mature: "
3493	"protocol and algorithm mismated.\n"));
3494	return(EINVAL);
3495	}
3496	if ((sav->flags & SADB_X_EXT_RAWCPI) == `0`
3497	&& ntohl(sav->spi) >= `0x10000`) {
3498	ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3499	return(EINVAL);
3500	}
3501	error = xform_init(sav, XF_IPCOMP);
3502	break;
3503	case IPPROTO_TCP:
3504	if (sav->alg_enc != SADB_EALG_NONE) {
3505	ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3506	"mismated.\n", __func__));
3507	return(EINVAL);
3508	}
3509	error = xform_init(sav, XF_TCPSIGNATURE);
3510	break;
3511	default:
3512	ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3513	error = EPROTONOSUPPORT;
3514	break;
3515	}
3516	if (error == `0`)
3517	key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3518	return (error);
3519	}
3520
3521	/*
3522	* subroutine for SADB_GET and SADB_DUMP.
3523	*/
3524	static struct mbuf *
3525	key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
3526	u_int32_t seq, u_int32_t pid)
3527	{
3528	struct mbuf result = NULL, tres = NULL, *m;
3529	int l = `0`;
3530	int i;
3531	void *p;
3532	struct sadb_lifetime lt;
3533	int dumporder[] = {
3534	SADB_EXT_SA, SADB_X_EXT_SA2,
3535	SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3536	SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3537	SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3538	SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3539	SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3540	SADB_X_EXT_NAT_T_TYPE,
3541	SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
3542	SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
3543	SADB_X_EXT_NAT_T_FRAG,
3544
3545	};
3546
3547	m = key_setsadbmsg(type, `0`, satype, seq, pid, sav->refcnt);
3548	if (m == NULL)
3549	goto fail;
3550	result = m;
3551
3552	for (i = sizeof(dumporder)/sizeof(dumporder[`0`]) - `1`; i >= `0`; i--) {
3553	m = NULL;
3554	p = NULL;
3555	switch (dumporder[i]) {
3556	case SADB_EXT_SA:
3557	m = key_setsadbsa(sav);
3558	break;
3559
3560	case SADB_X_EXT_SA2:
3561	m = key_setsadbxsa2(sav->sah->saidx.mode,
3562	sav->replay ? sav->replay->count : `0`,
3563	sav->sah->saidx.reqid);
3564	break;
3565
3566	case SADB_EXT_ADDRESS_SRC:
3567	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3568	&sav->sah->saidx.src.sa,
3569	FULLMASK, IPSEC_ULPROTO_ANY);
3570	break;
3571
3572	case SADB_EXT_ADDRESS_DST:
3573	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3574	&sav->sah->saidx.dst.sa,
3575	FULLMASK, IPSEC_ULPROTO_ANY);
3576	break;
3577
3578	case SADB_EXT_KEY_AUTH:
3579	if (!sav->key_auth)
3580	continue;
3581	l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3582	p = sav->key_auth;
3583	break;
3584
3585	case SADB_EXT_KEY_ENCRYPT:
3586	if (!sav->key_enc)
3587	continue;
3588	l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3589	p = sav->key_enc;
3590	break;
3591
3592	case SADB_EXT_LIFETIME_CURRENT:
3593	if (!sav->lft_c)
3594	continue;
3595	l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3596	memcpy(&lt, sav->lft_c, sizeof(struct sadb_lifetime));
3597	lt.sadb_lifetime_addtime += time_second - time_uptime;
3598	lt.sadb_lifetime_usetime += time_second - time_uptime;
3599	p = <
3600	break;
3601
3602	case SADB_EXT_LIFETIME_HARD:
3603	if (!sav->lft_h)
3604	continue;
3605	l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3606	p = sav->lft_h;
3607	break;
3608
3609	case SADB_EXT_LIFETIME_SOFT:
3610	if (!sav->lft_s)
3611	continue;
3612	l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3613	p = sav->lft_s;
3614	break;
3615
3616	case SADB_X_EXT_NAT_T_TYPE:
3617	m = key_setsadbxtype(sav->natt_type);
3618	break;
3619
3620	case SADB_X_EXT_NAT_T_DPORT:
3621	if (sav->natt_type == `0`)
3622	continue;
3623	m = key_setsadbxport(
3624	key_portfromsaddr(&sav->sah->saidx.dst),
3625	SADB_X_EXT_NAT_T_DPORT);
3626	break;
3627
3628	case SADB_X_EXT_NAT_T_SPORT:
3629	if (sav->natt_type == `0`)
3630	continue;
3631	m = key_setsadbxport(
3632	key_portfromsaddr(&sav->sah->saidx.src),
3633	SADB_X_EXT_NAT_T_SPORT);
3634	break;
3635
3636	case SADB_X_EXT_NAT_T_FRAG:
3637	/ don't send frag info if not set /
3638	if (sav->natt_type == `0` \|\| sav->esp_frag == IP_MAXPACKET)
3639	continue;
3640	m = key_setsadbxfrag(sav->esp_frag);
3641	break;
3642
3643	case SADB_X_EXT_NAT_T_OAI:
3644	case SADB_X_EXT_NAT_T_OAR:
3645	continue;
3646
3647	case SADB_EXT_ADDRESS_PROXY:
3648	case SADB_EXT_IDENTITY_SRC:
3649	case SADB_EXT_IDENTITY_DST:
3650	/ XXX: should we brought from SPD ? /
3651	case SADB_EXT_SENSITIVITY:
3652	default:
3653	continue;
3654	}
3655
3656	KASSERT(!(m && p));
3657	if (!m && !p)
3658	goto fail;
3659	if (p && tres) {
3660	M_PREPEND(tres, l, M_DONTWAIT);
3661	if (!tres)
3662	goto fail;
3663	memcpy(mtod(tres, void *), p, l);
3664	continue;
3665	}
3666	if (p) {
3667	m = key_alloc_mbuf(l);
3668	if (!m)
3669	goto fail;
3670	m_copyback(m, `0`, l, p);
3671	}
3672
3673	if (tres)
3674	m_cat(m, tres);
3675	tres = m;
3676	}
3677
3678	m_cat(result, tres);
3679	tres = NULL; / avoid free on error below /
3680
3681	if (result->m_len < sizeof(struct sadb_msg)) {
3682	result = m_pullup(result, sizeof(struct sadb_msg));
3683	if (result == NULL)
3684	goto fail;
3685	}
3686
3687	result->m_pkthdr.len = `0`;
3688	for (m = result; m; m = m->m_next)
3689	result->m_pkthdr.len += m->m_len;
3690
3691	mtod(result, struct sadb_msg *)->sadb_msg_len =
3692	PFKEY_UNIT64(result->m_pkthdr.len);
3693
3694	return result;
3695
3696	fail:
3697	m_freem(result);
3698	m_freem(tres);
3699	return NULL;
3700	}
3701
3702
3703	/*
3704	* set a type in sadb_x_nat_t_type
3705	*/
3706	static struct mbuf *
3707	key_setsadbxtype(u_int16_t type)
3708	{
3709	struct mbuf *m;
3710	size_t len;
3711	struct sadb_x_nat_t_type *p;
3712
3713	len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
3714
3715	m = key_alloc_mbuf(len);
3716	if (!m \|\| m->m_next) { /XXX/
3717	if (m)
3718	m_freem(m);
3719	return NULL;
3720	}
3721
3722	p = mtod(m, struct sadb_x_nat_t_type *);
3723
3724	memset(p, `0`, len);
3725	p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3726	p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3727	p->sadb_x_nat_t_type_type = type;
3728
3729	return m;
3730	}
3731	/*
3732	* set a port in sadb_x_nat_t_port. port is in network order
3733	*/
3734	static struct mbuf *
3735	key_setsadbxport(u_int16_t port, u_int16_t type)
3736	{
3737	struct mbuf *m;
3738	size_t len;
3739	struct sadb_x_nat_t_port *p;
3740
3741	len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
3742
3743	m = key_alloc_mbuf(len);
3744	if (!m \|\| m->m_next) { /XXX/
3745	if (m)
3746	m_freem(m);
3747	return NULL;
3748	}
3749
3750	p = mtod(m, struct sadb_x_nat_t_port *);
3751
3752	memset(p, `0`, len);
3753	p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
3754	p->sadb_x_nat_t_port_exttype = type;
3755	p->sadb_x_nat_t_port_port = port;
3756
3757	return m;
3758	}
3759
3760	/*
3761	* set fragmentation info in sadb_x_nat_t_frag
3762	*/
3763	static struct mbuf *
3764	key_setsadbxfrag(u_int16_t flen)
3765	{
3766	struct mbuf *m;
3767	size_t len;
3768	struct sadb_x_nat_t_frag *p;
3769
3770	len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag));
3771
3772	m = key_alloc_mbuf(len);
3773	if (!m \|\| m->m_next) { /XXX/
3774	if (m)
3775	m_freem(m);
3776	return NULL;
3777	}
3778
3779	p = mtod(m, struct sadb_x_nat_t_frag *);
3780
3781	memset(p, `0`, len);
3782	p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len);
3783	p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG;
3784	p->sadb_x_nat_t_frag_fraglen = flen;
3785
3786	return m;
3787	}
3788
3789	/*
3790	* Get port from sockaddr, port is in network order
3791	*/
3792	u_int16_t
3793	key_portfromsaddr(const union sockaddr_union *saddr)
3794	{
3795	u_int16_t port;
3796
3797	switch (saddr->sa.sa_family) {
3798	case AF_INET: {
3799	port = saddr->sin.sin_port;
3800	break;
3801	}
3802	#ifdef INET6
3803	case AF_INET6: {
3804	port = saddr->sin6.sin6_port;
3805	break;
3806	}
3807	#endif
3808	default:
3809	printf("%s: unexpected address family\n", __func__);
3810	port = `0`;
3811	break;
3812	}
3813
3814	return port;
3815	}
3816
3817
3818	/*
3819	* Set port is struct sockaddr. port is in network order
3820	*/
3821	static void
3822	key_porttosaddr(union sockaddr_union *saddr, u_int16_t port)
3823	{
3824	switch (saddr->sa.sa_family) {
3825	case AF_INET: {
3826	saddr->sin.sin_port = port;
3827	break;
3828	}
3829	#ifdef INET6
3830	case AF_INET6: {
3831	saddr->sin6.sin6_port = port;
3832	break;
3833	}
3834	#endif
3835	default:
3836	printf("%s: unexpected address family %d\n", __func__,
3837	saddr->sa.sa_family);
3838	break;
3839	}
3840
3841	return;
3842	}
3843
3844	/*
3845	* Safety check sa_len
3846	*/
3847	static int
3848	key_checksalen(const union sockaddr_union *saddr)
3849	{
3850	switch (saddr->sa.sa_family) {
3851	case AF_INET:
3852	if (saddr->sa.sa_len != sizeof(struct sockaddr_in))
3853	return -`1`;
3854	break;
3855	#ifdef INET6
3856	case AF_INET6:
3857	if (saddr->sa.sa_len != sizeof(struct sockaddr_in6))
3858	return -`1`;
3859	break;
3860	#endif
3861	default:
3862	printf("%s: unexpected sa_family %d\n", __func__,
3863	saddr->sa.sa_family);
3864	return -`1`;
3865	break;
3866	}
3867	return `0`;
3868	}
3869
3870
3871	/*
3872	* set data into sadb_msg.
3873	*/
3874	static struct mbuf *
3875	key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype,
3876	u_int32_t seq, pid_t pid, u_int16_t reserved)
3877	{
3878	struct mbuf *m;
3879	struct sadb_msg *p;
3880	int len;
3881
3882	len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3883	if (len > MCLBYTES)
3884	return NULL;
3885	MGETHDR(m, M_DONTWAIT, MT_DATA);
3886	if (m && len > MHLEN) {
3887	MCLGET(m, M_DONTWAIT);
3888	if ((m->m_flags & M_EXT) == `0`) {
3889	m_freem(m);
3890	m = NULL;
3891	}
3892	}
3893	if (!m)
3894	return NULL;
3895	m->m_pkthdr.len = m->m_len = len;
3896	m->m_next = NULL;
3897
3898	p = mtod(m, struct sadb_msg *);
3899
3900	memset(p, `0`, len);
3901	p->sadb_msg_version = PF_KEY_V2;
3902	p->sadb_msg_type = type;
3903	p->sadb_msg_errno = `0`;
3904	p->sadb_msg_satype = satype;
3905	p->sadb_msg_len = PFKEY_UNIT64(tlen);
3906	p->sadb_msg_reserved = reserved;
3907	p->sadb_msg_seq = seq;
3908	p->sadb_msg_pid = (u_int32_t)pid;
3909
3910	return m;
3911	}
3912
3913	/*
3914	* copy secasvar data into sadb_address.
3915	*/
3916	static struct mbuf *
3917	key_setsadbsa(struct secasvar *sav)
3918	{
3919	struct mbuf *m;
3920	struct sadb_sa *p;
3921	int len;
3922
3923	len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3924	m = key_alloc_mbuf(len);
3925	if (!m \|\| m->m_next) { /XXX/
3926	if (m)
3927	m_freem(m);
3928	return NULL;
3929	}
3930
3931	p = mtod(m, struct sadb_sa *);
3932
3933	memset(p, `0`, len);
3934	p->sadb_sa_len = PFKEY_UNIT64(len);
3935	p->sadb_sa_exttype = SADB_EXT_SA;
3936	p->sadb_sa_spi = sav->spi;
3937	p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : `0`);
3938	p->sadb_sa_state = sav->state;
3939	p->sadb_sa_auth = sav->alg_auth;
3940	p->sadb_sa_encrypt = sav->alg_enc;
3941	p->sadb_sa_flags = sav->flags;
3942
3943	return m;
3944	}
3945
3946	/*
3947	* set data into sadb_address.
3948	*/
3949	static struct mbuf *
3950	key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
3951	u_int8_t prefixlen, u_int16_t ul_proto)
3952	{
3953	struct mbuf *m;
3954	struct sadb_address *p;
3955	size_t len;
3956
3957	len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3958	PFKEY_ALIGN8(saddr->sa_len);
3959	m = key_alloc_mbuf(len);
3960	if (!m \|\| m->m_next) { /XXX/
3961	if (m)
3962	m_freem(m);
3963	return NULL;
3964	}
3965
3966	p = mtod(m, struct sadb_address *);
3967
3968	memset(p, `0`, len);
3969	p->sadb_address_len = PFKEY_UNIT64(len);
3970	p->sadb_address_exttype = exttype;
3971	p->sadb_address_proto = ul_proto;
3972	if (prefixlen == FULLMASK) {
3973	switch (saddr->sa_family) {
3974	case AF_INET:
3975	prefixlen = sizeof(struct in_addr) << `3`;
3976	break;
3977	case AF_INET6:
3978	prefixlen = sizeof(struct in6_addr) << `3`;
3979	break;
3980	default:
3981	; /XXX/
3982	}
3983	}
3984	p->sadb_address_prefixlen = prefixlen;
3985	p->sadb_address_reserved = `0`;
3986
3987	memcpy(mtod(m, char ) + PFKEY_ALIGN8(sizeof(struct* sadb_address)),
3988	saddr, saddr->sa_len);
3989
3990	return m;
3991	}
3992
3993	#if 0
3994	/*
3995	* set data into sadb_ident.
3996	*/
3997	static struct mbuf *
3998	key_setsadbident(u_int16_t exttype, u_int16_t idtype,
3999	void string, int* stringlen, u_int64_t id)
4000	{
4001	struct mbuf *m;
4002	struct sadb_ident *p;
4003	size_t len;
4004
4005	len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
4006	m = key_alloc_mbuf(len);
4007	if (!m \|\| m->m_next) { /XXX/
4008	if (m)
4009	m_freem(m);
4010	return NULL;
4011	}
4012
4013	p = mtod(m, struct sadb_ident *);
4014
4015	memset(p, `0`, len);
4016	p->sadb_ident_len = PFKEY_UNIT64(len);
4017	p->sadb_ident_exttype = exttype;
4018	p->sadb_ident_type = idtype;
4019	p->sadb_ident_reserved = `0`;
4020	p->sadb_ident_id = id;
4021
4022	memcpy(mtod(m, void ) + PFKEY_ALIGN8(sizeof(struct* sadb_ident)),
4023	string, stringlen);
4024
4025	return m;
4026	}
4027	#endif
4028
4029	/*
4030	* set data into sadb_x_sa2.
4031	*/
4032	static struct mbuf *
4033	key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid)
4034	{
4035	struct mbuf *m;
4036	struct sadb_x_sa2 *p;
4037	size_t len;
4038
4039	len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
4040	m = key_alloc_mbuf(len);
4041	if (!m \|\| m->m_next) { /XXX/
4042	if (m)
4043	m_freem(m);
4044	return NULL;
4045	}
4046
4047	p = mtod(m, struct sadb_x_sa2 *);
4048
4049	memset(p, `0`, len);
4050	p->sadb_x_sa2_len = PFKEY_UNIT64(len);
4051	p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
4052	p->sadb_x_sa2_mode = mode;
4053	p->sadb_x_sa2_reserved1 = `0`;
4054	p->sadb_x_sa2_reserved2 = `0`;
4055	p->sadb_x_sa2_sequence = seq;
4056	p->sadb_x_sa2_reqid = reqid;
4057
4058	return m;
4059	}
4060
4061	/*
4062	* set data into sadb_x_policy
4063	*/
4064	static struct mbuf *
4065	key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
4066	{
4067	struct mbuf *m;
4068	struct sadb_x_policy *p;
4069	size_t len;
4070
4071	len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4072	m = key_alloc_mbuf(len);
4073	if (!m \|\| m->m_next) { /XXX/
4074	if (m)
4075	m_freem(m);
4076	return NULL;
4077	}
4078
4079	p = mtod(m, struct sadb_x_policy *);
4080
4081	memset(p, `0`, len);
4082	p->sadb_x_policy_len = PFKEY_UNIT64(len);
4083	p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4084	p->sadb_x_policy_type = type;
4085	p->sadb_x_policy_dir = dir;
4086	p->sadb_x_policy_id = id;
4087
4088	return m;
4089	}
4090
4091	/ %%% utilities /
4092	/*
4093	* copy a buffer into the new buffer allocated.
4094	*/
4095	static void *
4096	key_newbuf(const void *src, u_int len)
4097	{
4098	void *new;
4099
4100	KMALLOC(new, void *, len);
4101	if (new == NULL) {
4102	ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
4103	return NULL;
4104	}
4105	memcpy(new, src, len);
4106
4107	return new;
4108	}
4109
4110	/ compare my own address*
4111	* OUT: 1: true, i.e. my address.
4112	* 0: false
4113	*/
4114	int
4115	key_ismyaddr(const struct sockaddr *sa)
4116	{
4117	#ifdef INET
4118	const struct sockaddr_in *sin;
4119	const struct in_ifaddr *ia;
4120	int s;
4121	#endif
4122
4123	/ sanity check /
4124	if (sa == NULL)
4125	panic("key_ismyaddr: NULL pointer is passed");
4126
4127	switch (sa->sa_family) {
4128	#ifdef INET
4129	case AF_INET:
4130	sin = (const struct sockaddr_in *)sa;
4131	s = pserialize_read_enter();
4132	IN_ADDRLIST_READER_FOREACH(ia) {
4133	if (sin->sin_family == ia->ia_addr.sin_family &&
4134	sin->sin_len == ia->ia_addr.sin_len &&
4135	sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4136	{
4137	pserialize_read_exit(s);
4138	return `1`;
4139	}
4140	}
4141	pserialize_read_exit(s);
4142	break;
4143	#endif
4144	#ifdef INET6
4145	case AF_INET6:
4146	return key_ismyaddr6((const struct sockaddr_in6 *)sa);
4147	#endif
4148	}
4149
4150	return `0`;
4151	}
4152
4153	#ifdef INET6
4154	/*
4155	* compare my own address for IPv6.
4156	* 1: ours
4157	* 0: other
4158	* NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4159	*/
4160	#include <netinet6/in6_var.h>
4161
4162	static int
4163	key_ismyaddr6(const struct sockaddr_in6 *sin6)
4164	{
4165	struct in6_ifaddr *ia;
4166	const struct in6_multi *in6m;
4167	int s;
4168
4169	s = pserialize_read_enter();
4170	IN6_ADDRLIST_READER_FOREACH(ia) {
4171	if (key_sockaddrcmp((const struct sockaddr *)&sin6,
4172	(const struct sockaddr *)&ia->ia_addr, `0`) == `0`) {
4173	pserialize_read_exit(s);
4174	return `1`;
4175	}
4176
4177	/*
4178	* XXX Multicast
4179	* XXX why do we care about multlicast here while we don't care
4180	* about IPv4 multicast??
4181	* XXX scope
4182	*/
4183	in6m = NULL;
4184	#ifdef __FreeBSD__
4185	IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
4186	#else
4187	for ((in6m) = ia->ia6_multiaddrs.lh_first;
4188	(in6m) != NULL &&
4189	!IN6_ARE_ADDR_EQUAL(&(in6m)->in6m_addr, &sin6->sin6_addr);
4190	(in6m) = in6m->in6m_entry.le_next)
4191	continue;
4192	#endif
4193	if (in6m) {
4194	pserialize_read_exit(s);
4195	return `1`;
4196	}
4197	}
4198	pserialize_read_exit(s);
4199
4200	/ loopback, just for safety /
4201	if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4202	return `1`;
4203
4204	return `0`;
4205	}
4206	#endif /INET6/
4207
4208	/*
4209	* compare two secasindex structure.
4210	* flag can specify to compare 2 saidxes.
4211	* compare two secasindex structure without both mode and reqid.
4212	* don't compare port.
4213	* IN:
4214	* saidx0: source, it can be in SAD.
4215	* saidx1: object.
4216	* OUT:
4217	* 1 : equal
4218	* 0 : not equal
4219	*/
4220	static int
4221	key_cmpsaidx(
4222	const struct secasindex *saidx0,
4223	const struct secasindex *saidx1,
4224	int flag)
4225	{
4226	int chkport;
4227	const struct sockaddr sa0src, sa0dst, sa1src, sa1dst;
4228
4229	/ sanity /
4230	if (saidx0 == NULL && saidx1 == NULL)
4231	return `1`;
4232
4233	if (saidx0 == NULL \|\| saidx1 == NULL)
4234	return `0`;
4235
4236	if (saidx0->proto != saidx1->proto)
4237	return `0`;
4238
4239	if (flag == CMP_EXACTLY) {
4240	if (saidx0->mode != saidx1->mode)
4241	return `0`;
4242	if (saidx0->reqid != saidx1->reqid)
4243	return `0`;
4244	if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != `0` \|\|
4245	memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != `0`)
4246	return `0`;
4247	} else {
4248
4249	/ CMP_MODE_REQID, CMP_REQID, CMP_HEAD /
4250	if (flag == CMP_MODE_REQID
4251	\|\|flag == CMP_REQID) {
4252	/*
4253	* If reqid of SPD is non-zero, unique SA is required.
4254	* The result must be of same reqid in this case.
4255	*/
4256	if (saidx1->reqid != `0` && saidx0->reqid != saidx1->reqid)
4257	return `0`;
4258	}
4259
4260	if (flag == CMP_MODE_REQID) {
4261	if (saidx0->mode != IPSEC_MODE_ANY
4262	&& saidx0->mode != saidx1->mode)
4263	return `0`;
4264	}
4265
4266
4267	sa0src = &saidx0->src.sa;
4268	sa0dst = &saidx0->dst.sa;
4269	sa1src = &saidx1->src.sa;
4270	sa1dst = &saidx1->dst.sa;
4271	/*
4272	* If NAT-T is enabled, check ports for tunnel mode.
4273	* Don't do it for transport mode, as there is no
4274	* port information available in the SP.
4275	* Also don't check ports if they are set to zero
4276	* in the SPD: This means we have a non-generated
4277	* SPD which can't know UDP ports.
4278	*/
4279	if (saidx1->mode == IPSEC_MODE_TUNNEL)
4280	chkport = PORT_LOOSE;
4281	else
4282	chkport = PORT_NONE;
4283
4284	if (key_sockaddrcmp(sa0src, sa1src, chkport) != `0`) {
4285	return `0`;
4286	}
4287	if (key_sockaddrcmp(sa0dst, sa1dst, chkport) != `0`) {
4288	return `0`;
4289	}
4290	}
4291
4292	return `1`;
4293	}
4294
4295	/*
4296	* compare two secindex structure exactly.
4297	* IN:
4298	* spidx0: source, it is often in SPD.
4299	* spidx1: object, it is often from PFKEY message.
4300	* OUT:
4301	* 1 : equal
4302	* 0 : not equal
4303	*/
4304	int
4305	key_cmpspidx_exactly(
4306	const struct secpolicyindex *spidx0,
4307	const struct secpolicyindex *spidx1)
4308	{
4309	/ sanity /
4310	if (spidx0 == NULL && spidx1 == NULL)
4311	return `1`;
4312
4313	if (spidx0 == NULL \|\| spidx1 == NULL)
4314	return `0`;
4315
4316	if (spidx0->prefs != spidx1->prefs
4317	\|\| spidx0->prefd != spidx1->prefd
4318	\|\| spidx0->ul_proto != spidx1->ul_proto)
4319	return `0`;
4320
4321	return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) == `0` &&
4322	key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT) == `0`;
4323	}
4324
4325	/*
4326	* compare two secindex structure with mask.
4327	* IN:
4328	* spidx0: source, it is often in SPD.
4329	* spidx1: object, it is often from IP header.
4330	* OUT:
4331	* 1 : equal
4332	* 0 : not equal
4333	*/
4334	int
4335	key_cmpspidx_withmask(
4336	const struct secpolicyindex *spidx0,
4337	const struct secpolicyindex *spidx1)
4338	{
4339	/ sanity /
4340	if (spidx0 == NULL && spidx1 == NULL)
4341	return `1`;
4342
4343	if (spidx0 == NULL \|\| spidx1 == NULL)
4344	return `0`;
4345
4346	if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family \|\|
4347	spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family \|\|
4348	spidx0->src.sa.sa_len != spidx1->src.sa.sa_len \|\|
4349	spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
4350	return `0`;
4351
4352	/ if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. /
4353	if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
4354	&& spidx0->ul_proto != spidx1->ul_proto)
4355	return `0`;
4356
4357	switch (spidx0->src.sa.sa_family) {
4358	case AF_INET:
4359	if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
4360	&& spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
4361	return `0`;
4362	if (!key_bbcmp(&spidx0->src.sin.sin_addr,
4363	&spidx1->src.sin.sin_addr, spidx0->prefs))
4364	return `0`;
4365	break;
4366	case AF_INET6:
4367	if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
4368	&& spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
4369	return `0`;
4370	/*
4371	* scope_id check. if sin6_scope_id is 0, we regard it
4372	* as a wildcard scope, which matches any scope zone ID.
4373	*/
4374	if (spidx0->src.sin6.sin6_scope_id &&
4375	spidx1->src.sin6.sin6_scope_id &&
4376	spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
4377	return `0`;
4378	if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
4379	&spidx1->src.sin6.sin6_addr, spidx0->prefs))
4380	return `0`;
4381	break;
4382	default:
4383	/ XXX /
4384	if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != `0`)
4385	return `0`;
4386	break;
4387	}
4388
4389	switch (spidx0->dst.sa.sa_family) {
4390	case AF_INET:
4391	if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
4392	&& spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
4393	return `0`;
4394	if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
4395	&spidx1->dst.sin.sin_addr, spidx0->prefd))
4396	return `0`;
4397	break;
4398	case AF_INET6:
4399	if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
4400	&& spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
4401	return `0`;
4402	/*
4403	* scope_id check. if sin6_scope_id is 0, we regard it
4404	* as a wildcard scope, which matches any scope zone ID.
4405	*/
4406	if (spidx0->src.sin6.sin6_scope_id &&
4407	spidx1->src.sin6.sin6_scope_id &&
4408	spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
4409	return `0`;
4410	if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
4411	&spidx1->dst.sin6.sin6_addr, spidx0->prefd))
4412	return `0`;
4413	break;
4414	default:
4415	/ XXX /
4416	if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != `0`)
4417	return `0`;
4418	break;
4419	}
4420
4421	/ XXX Do we check other field ? e.g. flowinfo /
4422
4423	return `1`;
4424	}
4425
4426	/ returns 0 on match /
4427	static int
4428	key_portcomp(in_port_t port1, in_port_t port2, int howport)
4429	{
4430	switch (howport) {
4431	case PORT_NONE:
4432	return `0`;
4433	case PORT_LOOSE:
4434	if (port1 == `0` \|\| port2 == `0`)
4435	return `0`;
4436	/FALLTHROUGH/
4437	case PORT_STRICT:
4438	if (port1 != port2) {
4439	KEYDEBUG(KEYDEBUG_MATCH,
4440	printf("port fail %d != %d\n", port1, port2));
4441	return `1`;
4442	}
4443	return `0`;
4444	default:
4445	KASSERT(`0`);
4446	return `1`;
4447	}
4448	}
4449
4450	/ returns 0 on match /
4451	static int
4452	key_sockaddrcmp(
4453	const struct sockaddr *sa1,
4454	const struct sockaddr *sa2,
4455	int howport)
4456	{
4457	const struct sockaddr_in sin1, sin2;
4458	const struct sockaddr_in6 sin61, sin62;
4459
4460	if (sa1->sa_family != sa2->sa_family \|\| sa1->sa_len != sa2->sa_len) {
4461	KEYDEBUG(KEYDEBUG_MATCH,
4462	printf("fam/len fail %d != %d \|\| %d != %d\n",
4463	sa1->sa_family, sa2->sa_family, sa1->sa_len,
4464	sa2->sa_len));
4465	return `1`;
4466	}
4467
4468	switch (sa1->sa_family) {
4469	case AF_INET:
4470	if (sa1->sa_len != sizeof(struct sockaddr_in)) {
4471	KEYDEBUG(KEYDEBUG_MATCH,
4472	printf("len fail %d != %zu\n",
4473	sa1->sa_len, sizeof(struct sockaddr_in)));
4474	return `1`;
4475	}
4476	sin1 = (const struct sockaddr_in *)sa1;
4477	sin2 = (const struct sockaddr_in *)sa2;
4478	if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
4479	KEYDEBUG(KEYDEBUG_MATCH,
4480	printf("addr fail %#x != %#x\n",
4481	sin1->sin_addr.s_addr,
4482	sin2->sin_addr.s_addr));
4483	return `1`;
4484	}
4485	if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) {
4486	return `1`;
4487	}
4488	KEYDEBUG(KEYDEBUG_MATCH,
4489	printf("addr success %#x[%d] == %#x[%d]\n",
4490	sin1->sin_addr.s_addr,
4491	sin1->sin_port,
4492	sin2->sin_addr.s_addr,
4493	sin2->sin_port));
4494	break;
4495	case AF_INET6:
4496	sin61 = (const struct sockaddr_in6 *)sa1;
4497	sin62 = (const struct sockaddr_in6 *)sa2;
4498	if (sa1->sa_len != sizeof(struct sockaddr_in6))
4499	return `1`; /EINVAL/
4500
4501	if (sin61->sin6_scope_id != sin62->sin6_scope_id) {
4502	return `1`;
4503	}
4504	if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) {
4505	return `1`;
4506	}
4507	if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) {
4508	return `1`;
4509	}
4510	break;
4511	default:
4512	if (memcmp(sa1, sa2, sa1->sa_len) != `0`)
4513	return `1`;
4514	break;
4515	}
4516
4517	return `0`;
4518	}
4519
4520	/*
4521	* compare two buffers with mask.
4522	* IN:
4523	* addr1: source
4524	* addr2: object
4525	* bits: Number of bits to compare
4526	* OUT:
4527	* 1 : equal
4528	* 0 : not equal
4529	*/
4530	static int
4531	key_bbcmp(const void a1, const* void *a2, u_int bits)
4532	{
4533	const unsigned char *p1 = a1;
4534	const unsigned char *p2 = a2;
4535
4536	/ XXX: This could be considerably faster if we compare a word*
4537	* at a time, but it is complicated on LSB Endian machines */
4538
4539	/ Handle null pointers /
4540	if (p1 == NULL \|\| p2 == NULL)
4541	return (p1 == p2);
4542
4543	while (bits >= `8`) {
4544	if (p1++ != p2++)
4545	return `0`;
4546	bits -= `8`;
4547	}
4548
4549	if (bits > `0`) {
4550	u_int8_t mask = ~((`1`<<(`8`-bits))-`1`);
4551	if ((p1 & mask) != (p2 & mask))
4552	return `0`;
4553	}
4554	return `1`; / Match! /
4555	}
4556
4557	/*
4558	* time handler.
4559	* scanning SPD and SAD to check status for each entries,
4560	* and do to remove or to expire.
4561	*/
4562	void
4563	key_timehandler(void* arg)
4564	{
4565	u_int dir;
4566	int s;
4567	time_t now = time_uptime;
4568
4569	s = splsoftnet(); /called from softclock()/
4570	mutex_enter(softnet_lock);
4571
4572	/ SPD /
4573	{
4574	struct secpolicy sp, nextsp;
4575
4576	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
4577	for (sp = LIST_FIRST(&sptree[dir]);
4578	sp != NULL;
4579	sp = nextsp) {
4580
4581	nextsp = LIST_NEXT(sp, chain);
4582
4583	if (sp->state == IPSEC_SPSTATE_DEAD) {
4584	key_sp_unlink(sp); /XXX/
4585
4586	/ 'sp' dead; continue transfers to*
4587	* 'sp = nextsp'
4588	*/
4589	continue;
4590	}
4591
4592	if (sp->lifetime == `0` && sp->validtime == `0`)
4593	continue;
4594
4595	/ the deletion will occur next time /
4596	if ((sp->lifetime && now - sp->created > sp->lifetime)
4597	\|\| (sp->validtime && now - sp->lastused > sp->validtime)) {
4598	key_sp_dead(sp);
4599	key_spdexpire(sp);
4600	continue;
4601	}
4602	}
4603	}
4604	}
4605
4606	/ SAD /
4607	{
4608	struct secashead sah, nextsah;
4609	struct secasvar sav, nextsav;
4610
4611	for (sah = LIST_FIRST(&sahtree);
4612	sah != NULL;
4613	sah = nextsah) {
4614
4615	nextsah = LIST_NEXT(sah, chain);
4616
4617	/ if sah has been dead, then delete it and process next sah. /
4618	if (sah->state == SADB_SASTATE_DEAD) {
4619	key_delsah(sah);
4620	continue;
4621	}
4622
4623	/ if LARVAL entry doesn't become MATURE, delete it. /
4624	for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4625	sav != NULL;
4626	sav = nextsav) {
4627
4628	nextsav = LIST_NEXT(sav, chain);
4629
4630	if (now - sav->created > key_larval_lifetime) {
4631	KEY_FREESAV(&sav);
4632	}
4633	}
4634
4635	/*
4636	* check MATURE entry to start to send expire message
4637	* whether or not.
4638	*/
4639	for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4640	sav != NULL;
4641	sav = nextsav) {
4642
4643	nextsav = LIST_NEXT(sav, chain);
4644
4645	/ we don't need to check. /
4646	if (sav->lft_s == NULL)
4647	continue;
4648
4649	/ sanity check /
4650	if (sav->lft_c == NULL) {
4651	ipseclog((LOG_DEBUG,"key_timehandler: "
4652	"There is no CURRENT time, why?\n"));
4653	continue;
4654	}
4655
4656	/ check SOFT lifetime /
4657	if (sav->lft_s->sadb_lifetime_addtime != `0`
4658	&& now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4659	/*
4660	* check SA to be used whether or not.
4661	* when SA hasn't been used, delete it.
4662	*/
4663	if (sav->lft_c->sadb_lifetime_usetime == `0`) {
4664	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4665	KEY_FREESAV(&sav);
4666	} else {
4667	key_sa_chgstate(sav, SADB_SASTATE_DYING);
4668	/*
4669	* XXX If we keep to send expire
4670	* message in the status of
4671	* DYING. Do remove below code.
4672	*/
4673	key_expire(sav);
4674	}
4675	}
4676	/ check SOFT lifetime by bytes /
4677	/*
4678	* XXX I don't know the way to delete this SA
4679	* when new SA is installed. Caution when it's
4680	* installed too big lifetime by time.
4681	*/
4682	else if (sav->lft_s->sadb_lifetime_bytes != `0`
4683	&& sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4684
4685	key_sa_chgstate(sav, SADB_SASTATE_DYING);
4686	/*
4687	* XXX If we keep to send expire
4688	* message in the status of
4689	* DYING. Do remove below code.
4690	*/
4691	key_expire(sav);
4692	}
4693	}
4694
4695	/ check DYING entry to change status to DEAD. /
4696	for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4697	sav != NULL;
4698	sav = nextsav) {
4699
4700	nextsav = LIST_NEXT(sav, chain);
4701
4702	/ we don't need to check. /
4703	if (sav->lft_h == NULL)
4704	continue;
4705
4706	/ sanity check /
4707	if (sav->lft_c == NULL) {
4708	ipseclog((LOG_DEBUG, "key_timehandler: "
4709	"There is no CURRENT time, why?\n"));
4710	continue;
4711	}
4712
4713	if (sav->lft_h->sadb_lifetime_addtime != `0`
4714	&& now - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4715	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4716	KEY_FREESAV(&sav);
4717	}
4718	#if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4719	else if (sav->lft_s != NULL
4720	&& sav->lft_s->sadb_lifetime_addtime != `0`
4721	&& now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4722	/*
4723	* XXX: should be checked to be
4724	* installed the valid SA.
4725	*/
4726
4727	/*
4728	* If there is no SA then sending
4729	* expire message.
4730	*/
4731	key_expire(sav);
4732	}
4733	#endif
4734	/ check HARD lifetime by bytes /
4735	else if (sav->lft_h->sadb_lifetime_bytes != `0`
4736	&& sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4737	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4738	KEY_FREESAV(&sav);
4739	}
4740	}
4741
4742	/ delete entry in DEAD /
4743	for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4744	sav != NULL;
4745	sav = nextsav) {
4746
4747	nextsav = LIST_NEXT(sav, chain);
4748
4749	/ sanity check /
4750	if (sav->state != SADB_SASTATE_DEAD) {
4751	ipseclog((LOG_DEBUG, "key_timehandler: "
4752	"invalid sav->state "
4753	"(queue: %d SA: %d): "
4754	"kill it anyway\n",
4755	SADB_SASTATE_DEAD, sav->state));
4756	}
4757
4758	/*
4759	* do not call key_freesav() here.
4760	* sav should already be freed, and sav->refcnt
4761	* shows other references to sav
4762	* (such as from SPD).
4763	*/
4764	}
4765	}
4766	}
4767
4768	#ifndef IPSEC_NONBLOCK_ACQUIRE
4769	/ ACQ tree /
4770	{
4771	struct secacq acq, nextacq;
4772
4773	for (acq = LIST_FIRST(&acqtree);
4774	acq != NULL;
4775	acq = nextacq) {
4776
4777	nextacq = LIST_NEXT(acq, chain);
4778
4779	if (now - acq->created > key_blockacq_lifetime
4780	&& __LIST_CHAINED(acq)) {
4781	LIST_REMOVE(acq, chain);
4782	KFREE(acq);
4783	}
4784	}
4785	}
4786	#endif
4787
4788	/ SP ACQ tree /
4789	{
4790	struct secspacq acq, nextacq;
4791
4792	for (acq = LIST_FIRST(&spacqtree);
4793	acq != NULL;
4794	acq = nextacq) {
4795
4796	nextacq = LIST_NEXT(acq, chain);
4797
4798	if (now - acq->created > key_blockacq_lifetime
4799	&& __LIST_CHAINED(acq)) {
4800	LIST_REMOVE(acq, chain);
4801	KFREE(acq);
4802	}
4803	}
4804	}
4805
4806	#ifndef IPSEC_DEBUG2
4807	/ do exchange to tick time !! /
4808	callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
4809	#endif /* IPSEC_DEBUG2 */
4810
4811	mutex_exit(softnet_lock);
4812	splx(s);
4813	return;
4814	}
4815
4816	u_long
4817	key_random(void)
4818	{
4819	u_long value;
4820
4821	key_randomfill(&value, sizeof(value));
4822	return value;
4823	}
4824
4825	void
4826	key_randomfill(void *p, size_t l)
4827	{
4828
4829	cprng_fast(p, l);
4830	}
4831
4832	/*
4833	* map SADB_SATYPE_* to IPPROTO_*.
4834	* if satype == SADB_SATYPE then satype is mapped to ~0.
4835	* OUT:
4836	* 0: invalid satype.
4837	*/
4838	static u_int16_t
4839	key_satype2proto(u_int8_t satype)
4840	{
4841	switch (satype) {
4842	case SADB_SATYPE_UNSPEC:
4843	return IPSEC_PROTO_ANY;
4844	case SADB_SATYPE_AH:
4845	return IPPROTO_AH;
4846	case SADB_SATYPE_ESP:
4847	return IPPROTO_ESP;
4848	case SADB_X_SATYPE_IPCOMP:
4849	return IPPROTO_IPCOMP;
4850	case SADB_X_SATYPE_TCPSIGNATURE:
4851	return IPPROTO_TCP;
4852	default:
4853	return `0`;
4854	}
4855	/ NOTREACHED /
4856	}
4857
4858	/*
4859	* map IPPROTO_* to SADB_SATYPE_*
4860	* OUT:
4861	* 0: invalid protocol type.
4862	*/
4863	static u_int8_t
4864	key_proto2satype(u_int16_t proto)
4865	{
4866	switch (proto) {
4867	case IPPROTO_AH:
4868	return SADB_SATYPE_AH;
4869	case IPPROTO_ESP:
4870	return SADB_SATYPE_ESP;
4871	case IPPROTO_IPCOMP:
4872	return SADB_X_SATYPE_IPCOMP;
4873	case IPPROTO_TCP:
4874	return SADB_X_SATYPE_TCPSIGNATURE;
4875	default:
4876	return `0`;
4877	}
4878	/ NOTREACHED /
4879	}
4880
4881	static int
4882	key_setsecasidx(int proto, int mode, int reqid,
4883	const struct sadb_address * src,
4884	const struct sadb_address * dst,
4885	struct secasindex * saidx)
4886	{
4887	const union sockaddr_union * src_u =
4888	(const union sockaddr_union *) src;
4889	const union sockaddr_union * dst_u =
4890	(const union sockaddr_union *) dst;
4891
4892	/ sa len safety check /
4893	if (key_checksalen(src_u) != `0`)
4894	return -`1`;
4895	if (key_checksalen(dst_u) != `0`)
4896	return -`1`;
4897
4898	memset(saidx, `0`, sizeof(*saidx));
4899	saidx->proto = proto;
4900	saidx->mode = mode;
4901	saidx->reqid = reqid;
4902	memcpy(&saidx->src, src_u, src_u->sa.sa_len);
4903	memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len);
4904
4905	key_porttosaddr(&((saidx)->src),`0`);
4906	key_porttosaddr(&((saidx)->dst),`0`);
4907	return `0`;
4908	}
4909
4910	/ %%% PF_KEY /
4911	/*
4912	* SADB_GETSPI processing is to receive
4913	* <base, (SA2), src address, dst address, (SPI range)>
4914	* from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4915	* tree with the status of LARVAL, and send
4916	* <base, SA(*), address(SD)>
4917	* to the IKMPd.
4918	*
4919	* IN: mhp: pointer to the pointer to each header.
4920	* OUT: NULL if fail.
4921	* other if success, return pointer to the message to send.
4922	*/
4923	static int
4924	key_getspi(struct socket so, struct* mbuf *m,
4925	const struct sadb_msghdr *mhp)
4926	{
4927	struct sadb_address src0, dst0;
4928	struct secasindex saidx;
4929	struct secashead *newsah;
4930	struct secasvar *newsav;
4931	u_int8_t proto;
4932	u_int32_t spi;
4933	u_int8_t mode;
4934	u_int16_t reqid;
4935	int error;
4936
4937	/ sanity check /
4938	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
4939	panic("key_getspi: NULL pointer is passed");
4940
4941	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
4942	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4943	ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4944	return key_senderror(so, m, EINVAL);
4945	}
4946	if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
4947	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4948	ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4949	return key_senderror(so, m, EINVAL);
4950	}
4951	if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4952	mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4953	reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4954	} else {
4955	mode = IPSEC_MODE_ANY;
4956	reqid = `0`;
4957	}
4958
4959	src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4960	dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4961
4962	/ map satype to proto /
4963	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
4964	ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4965	return key_senderror(so, m, EINVAL);
4966	}
4967
4968
4969	if ((error = key_setsecasidx(proto, mode, reqid, src0 + `1`,
4970	dst0 + `1`, &saidx)) != `0`)
4971	return key_senderror(so, m, EINVAL);
4972
4973	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
4974	return key_senderror(so, m, EINVAL);
4975
4976	/ SPI allocation /
4977	spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4978	&saidx);
4979	if (spi == `0`)
4980	return key_senderror(so, m, EINVAL);
4981
4982	/ get a SA index /
4983	if ((newsah = key_getsah(&saidx)) == NULL) {
4984	/ create a new SA index /
4985	if ((newsah = key_newsah(&saidx)) == NULL) {
4986	ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4987	return key_senderror(so, m, ENOBUFS);
4988	}
4989	}
4990
4991	/ get a new SA /
4992	/ XXX rewrite /
4993	newsav = KEY_NEWSAV(m, mhp, newsah, &error);
4994	if (newsav == NULL) {
4995	/ XXX don't free new SA index allocated in above. /
4996	return key_senderror(so, m, error);
4997	}
4998
4999	/ set spi /
5000	newsav->spi = htonl(spi);
5001
5002	#ifndef IPSEC_NONBLOCK_ACQUIRE
5003	/ delete the entry in acqtree /
5004	if (mhp->msg->sadb_msg_seq != `0`) {
5005	struct secacq *acq;
5006	if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
5007	/ reset counter in order to deletion by timehandler. /
5008	acq->created = time_uptime;
5009	acq->count = `0`;
5010	}
5011	}
5012	#endif
5013
5014	{
5015	struct mbuf n, nn;
5016	struct sadb_sa *m_sa;
5017	struct sadb_msg *newmsg;
5018	int off, len;
5019
5020	/ create new sadb_msg to reply. /
5021	len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5022	PFKEY_ALIGN8(sizeof(struct sadb_sa));
5023	if (len > MCLBYTES)
5024	return key_senderror(so, m, ENOBUFS);
5025
5026	MGETHDR(n, M_DONTWAIT, MT_DATA);
5027	if (len > MHLEN) {
5028	MCLGET(n, M_DONTWAIT);
5029	if ((n->m_flags & M_EXT) == `0`) {
5030	m_freem(n);
5031	n = NULL;
5032	}
5033	}
5034	if (!n)
5035	return key_senderror(so, m, ENOBUFS);
5036
5037	n->m_len = len;
5038	n->m_next = NULL;
5039	off = `0`;
5040
5041	m_copydata(m, `0`, sizeof(struct sadb_msg), mtod(n, char *) + off);
5042	off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5043
5044	m_sa = (struct sadb_sa )(mtod(n, char* *) + off);
5045	m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5046	m_sa->sadb_sa_exttype = SADB_EXT_SA;
5047	m_sa->sadb_sa_spi = htonl(spi);
5048	off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5049
5050	#ifdef DIAGNOSTIC
5051	if (off != len)
5052	panic("length inconsistency in key_getspi");
5053	#endif
5054
5055	n->m_next = key_gather_mbuf(m, mhp, `0`, `2`, SADB_EXT_ADDRESS_SRC,
5056	SADB_EXT_ADDRESS_DST);
5057	if (!n->m_next) {
5058	m_freem(n);
5059	return key_senderror(so, m, ENOBUFS);
5060	}
5061
5062	if (n->m_len < sizeof(struct sadb_msg)) {
5063	n = m_pullup(n, sizeof(struct sadb_msg));
5064	if (n == NULL)
5065	return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5066	}
5067
5068	n->m_pkthdr.len = `0`;
5069	for (nn = n; nn; nn = nn->m_next)
5070	n->m_pkthdr.len += nn->m_len;
5071
5072	newmsg = mtod(n, struct sadb_msg *);
5073	newmsg->sadb_msg_seq = newsav->seq;
5074	newmsg->sadb_msg_errno = `0`;
5075	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5076
5077	m_freem(m);
5078	return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5079	}
5080	}
5081
5082	/*
5083	* allocating new SPI
5084	* called by key_getspi().
5085	* OUT:
5086	* 0: failure.
5087	* others: success.
5088	*/
5089	static u_int32_t
5090	key_do_getnewspi(const struct sadb_spirange *spirange,
5091	const struct secasindex *saidx)
5092	{
5093	u_int32_t newspi;
5094	u_int32_t spmin, spmax;
5095	int count = key_spi_trycnt;
5096
5097	/ set spi range to allocate /
5098	if (spirange != NULL) {
5099	spmin = spirange->sadb_spirange_min;
5100	spmax = spirange->sadb_spirange_max;
5101	} else {
5102	spmin = key_spi_minval;
5103	spmax = key_spi_maxval;
5104	}
5105	/ IPCOMP needs 2-byte SPI /
5106	if (saidx->proto == IPPROTO_IPCOMP) {
5107	u_int32_t t;
5108	if (spmin >= `0x10000`)
5109	spmin = `0xffff`;
5110	if (spmax >= `0x10000`)
5111	spmax = `0xffff`;
5112	if (spmin > spmax) {
5113	t = spmin; spmin = spmax; spmax = t;
5114	}
5115	}
5116
5117	if (spmin == spmax) {
5118	if (key_checkspidup(saidx, htonl(spmin)) != NULL) {
5119	ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", spmin));
5120	return `0`;
5121	}
5122
5123	count--; / taking one cost. /
5124	newspi = spmin;
5125
5126	} else {
5127
5128	/ init SPI /
5129	newspi = `0`;
5130
5131	/ when requesting to allocate spi ranged /
5132	while (count--) {
5133	/ generate pseudo-random SPI value ranged. /
5134	newspi = spmin + (key_random() % (spmax - spmin + `1`));
5135
5136	if (key_checkspidup(saidx, htonl(newspi)) == NULL)
5137	break;
5138	}
5139
5140	if (count == `0` \|\| newspi == `0`) {
5141	ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
5142	return `0`;
5143	}
5144	}
5145
5146	/ statistics /
5147	keystat.getspi_count =
5148	(keystat.getspi_count + key_spi_trycnt - count) / `2`;
5149
5150	return newspi;
5151	}
5152
5153	static int
5154	key_handle_natt_info(struct secasvar *sav,
5155	const struct sadb_msghdr *mhp)
5156	{
5157	const char *msg = "?" ;
5158	struct sadb_x_nat_t_type *type;
5159	struct sadb_x_nat_t_port sport, dport;
5160	struct sadb_address iaddr, raddr;
5161	struct sadb_x_nat_t_frag *frag;
5162
5163	if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL \|\|
5164	mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL \|\|
5165	mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL)
5166	return `0`;
5167
5168	if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) {
5169	msg = "TYPE";
5170	goto bad;
5171	}
5172
5173	if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) {
5174	msg = "SPORT";
5175	goto bad;
5176	}
5177
5178	if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
5179	msg = "DPORT";
5180	goto bad;
5181	}
5182
5183	if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) {
5184	ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n", __func__));
5185	if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) {
5186	msg = "OAI";
5187	goto bad;
5188	}
5189	}
5190
5191	if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
5192	ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n", __func__));
5193	if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
5194	msg = "OAR";
5195	goto bad;
5196	}
5197	}
5198
5199	if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
5200	if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
5201	msg = "FRAG";
5202	goto bad;
5203	}
5204	}
5205
5206	type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5207	sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5208	dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5209	iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
5210	raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
5211	frag = (struct sadb_x_nat_t_frag *)mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5212
5213	ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n",
5214	__func__, type->sadb_x_nat_t_type_type,
5215	ntohs(sport->sadb_x_nat_t_port_port),
5216	ntohs(dport->sadb_x_nat_t_port_port)));
5217
5218	sav->natt_type = type->sadb_x_nat_t_type_type;
5219	key_porttosaddr(&sav->sah->saidx.src,
5220	sport->sadb_x_nat_t_port_port);
5221	key_porttosaddr(&sav->sah->saidx.dst,
5222	dport->sadb_x_nat_t_port_port);
5223	if (frag)
5224	sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5225	else
5226	sav->esp_frag = IP_MAXPACKET;
5227
5228	return `0`;
5229	bad:
5230	ipseclog((LOG_DEBUG, "%s: invalid message %s\n", __func__, msg));
5231	__USE(msg);
5232	return -`1`;
5233	}
5234
5235	/ Just update the IPSEC_NAT_T ports if present /
5236	static int
5237	key_set_natt_ports(union sockaddr_union src, union* sockaddr_union *dst,
5238	const struct sadb_msghdr *mhp)
5239	{
5240	if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
5241	ipseclog((LOG_DEBUG,"%s: NAT-T OAi present\n", __func__));
5242	if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
5243	ipseclog((LOG_DEBUG,"%s: NAT-T OAr present\n", __func__));
5244
5245	if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5246	(mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5247	(mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5248	struct sadb_x_nat_t_type *type;
5249	struct sadb_x_nat_t_port *sport;
5250	struct sadb_x_nat_t_port *dport;
5251
5252	if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) \|\|
5253	(mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) \|\|
5254	(mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5255	ipseclog((LOG_DEBUG, "%s: invalid message\n",
5256	__func__));
5257	return -`1`;
5258	}
5259
5260	type = (struct sadb_x_nat_t_type *)
5261	mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5262	sport = (struct sadb_x_nat_t_port *)
5263	mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5264	dport = (struct sadb_x_nat_t_port *)
5265	mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5266
5267	key_porttosaddr(src, sport->sadb_x_nat_t_port_port);
5268	key_porttosaddr(dst, dport->sadb_x_nat_t_port_port);
5269
5270	ipseclog((LOG_DEBUG, "%s: type %d, sport = %d, dport = %d\n",
5271	__func__, type->sadb_x_nat_t_type_type,
5272	ntohs(sport->sadb_x_nat_t_port_port),
5273	ntohs(dport->sadb_x_nat_t_port_port)));
5274	}
5275
5276	return `0`;
5277	}
5278
5279
5280	/*
5281	* SADB_UPDATE processing
5282	* receive
5283	* <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5284	* key(AE), (identity(SD),) (sensitivity)>
5285	* from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5286	* and send
5287	* <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5288	* (identity(SD),) (sensitivity)>
5289	* to the ikmpd.
5290	*
5291	* m will always be freed.
5292	*/
5293	static int
5294	key_update(struct socket so, struct* mbuf m, const* struct sadb_msghdr *mhp)
5295	{
5296	struct sadb_sa *sa0;
5297	struct sadb_address src0, dst0;
5298	struct secasindex saidx;
5299	struct secashead *sah;
5300	struct secasvar *sav;
5301	u_int16_t proto;
5302	u_int8_t mode;
5303	u_int16_t reqid;
5304	int error;
5305
5306	/ sanity check /
5307	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5308	panic("key_update: NULL pointer is passed");
5309
5310	/ map satype to proto /
5311	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
5312	ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
5313	return key_senderror(so, m, EINVAL);
5314	}
5315
5316	if (mhp->ext[SADB_EXT_SA] == NULL \|\|
5317	mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
5318	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL \|\|
5319	(mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5320	mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) \|\|
5321	(mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5322	mhp->ext[SADB_EXT_KEY_AUTH] == NULL) \|\|
5323	(mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5324	mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) \|\|
5325	(mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5326	mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5327	ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5328	return key_senderror(so, m, EINVAL);
5329	}
5330	if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) \|\|
5331	mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
5332	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5333	ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5334	return key_senderror(so, m, EINVAL);
5335	}
5336	if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5337	mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5338	reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5339	} else {
5340	mode = IPSEC_MODE_ANY;
5341	reqid = `0`;
5342	}
5343	/ XXX boundary checking for other extensions /
5344
5345	sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5346	src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5347	dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5348
5349	if ((error = key_setsecasidx(proto, mode, reqid, src0 + `1`,
5350	dst0 + `1`, &saidx)) != `0`)
5351	return key_senderror(so, m, EINVAL);
5352
5353	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
5354	return key_senderror(so, m, EINVAL);
5355
5356	/ get a SA header /
5357	if ((sah = key_getsah(&saidx)) == NULL) {
5358	ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
5359	return key_senderror(so, m, ENOENT);
5360	}
5361
5362	/ set spidx if there /
5363	/ XXX rewrite /
5364	error = key_setident(sah, m, mhp);
5365	if (error)
5366	return key_senderror(so, m, error);
5367
5368	/ find a SA with sequence number. /
5369	#ifdef IPSEC_DOSEQCHECK
5370	if (mhp->msg->sadb_msg_seq != `0`
5371	&& (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5372	ipseclog((LOG_DEBUG,
5373	"key_update: no larval SA with sequence %u exists.\n",
5374	mhp->msg->sadb_msg_seq));
5375	return key_senderror(so, m, ENOENT);
5376	}
5377	#else
5378	if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5379	ipseclog((LOG_DEBUG,
5380	"key_update: no such a SA found (spi:%u)\n",
5381	(u_int32_t)ntohl(sa0->sadb_sa_spi)));
5382	return key_senderror(so, m, EINVAL);
5383	}
5384	#endif
5385
5386	/ validity check /
5387	if (sav->sah->saidx.proto != proto) {
5388	ipseclog((LOG_DEBUG,
5389	"key_update: protocol mismatched (DB=%u param=%u)\n",
5390	sav->sah->saidx.proto, proto));
5391	return key_senderror(so, m, EINVAL);
5392	}
5393	#ifdef IPSEC_DOSEQCHECK
5394	if (sav->spi != sa0->sadb_sa_spi) {
5395	ipseclog((LOG_DEBUG,
5396	"key_update: SPI mismatched (DB:%u param:%u)\n",
5397	(u_int32_t)ntohl(sav->spi),
5398	(u_int32_t)ntohl(sa0->sadb_sa_spi)));
5399	return key_senderror(so, m, EINVAL);
5400	}
5401	#endif
5402	if (sav->pid != mhp->msg->sadb_msg_pid) {
5403	ipseclog((LOG_DEBUG,
5404	"key_update: pid mismatched (DB:%u param:%u)\n",
5405	sav->pid, mhp->msg->sadb_msg_pid));
5406	return key_senderror(so, m, EINVAL);
5407	}
5408
5409	/ copy sav values /
5410	error = key_setsaval(sav, m, mhp);
5411	if (error) {
5412	KEY_FREESAV(&sav);
5413	return key_senderror(so, m, error);
5414	}
5415
5416	if ((error = key_handle_natt_info(sav,mhp)) != `0`)
5417	return key_senderror(so, m, EINVAL);
5418
5419	/ check SA values to be mature. /
5420	if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != `0`) {
5421	KEY_FREESAV(&sav);
5422	return key_senderror(so, m, `0`);
5423	}
5424
5425	{
5426	struct mbuf *n;
5427
5428	/ set msg buf from mhp /
5429	n = key_getmsgbuf_x1(m, mhp);
5430	if (n == NULL) {
5431	ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5432	return key_senderror(so, m, ENOBUFS);
5433	}
5434
5435	m_freem(m);
5436	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5437	}
5438	}
5439
5440	/*
5441	* search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5442	* only called by key_update().
5443	* OUT:
5444	* NULL : not found
5445	* others : found, pointer to a SA.
5446	*/
5447	#ifdef IPSEC_DOSEQCHECK
5448	static struct secasvar *
5449	key_getsavbyseq(struct secashead *sah, u_int32_t seq)
5450	{
5451	struct secasvar *sav;
5452	u_int state;
5453
5454	state = SADB_SASTATE_LARVAL;
5455
5456	/ search SAD with sequence number ? /
5457	LIST_FOREACH(sav, &sah->savtree[state], chain) {
5458
5459	KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5460
5461	if (sav->seq == seq) {
5462	SA_ADDREF(sav);
5463	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
5464	printf("DP %s cause refcnt++:%d SA:%p\n",
5465	__func__, sav->refcnt, sav));
5466	return sav;
5467	}
5468	}
5469
5470	return NULL;
5471	}
5472	#endif
5473
5474	/*
5475	* SADB_ADD processing
5476	* add an entry to SA database, when received
5477	* <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5478	* key(AE), (identity(SD),) (sensitivity)>
5479	* from the ikmpd,
5480	* and send
5481	* <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5482	* (identity(SD),) (sensitivity)>
5483	* to the ikmpd.
5484	*
5485	* IGNORE identity and sensitivity messages.
5486	*
5487	* m will always be freed.
5488	*/
5489	static int
5490	key_add(struct socket so, struct* mbuf *m,
5491	const struct sadb_msghdr *mhp)
5492	{
5493	struct sadb_sa *sa0;
5494	struct sadb_address src0, dst0;
5495	struct secasindex saidx;
5496	struct secashead *newsah;
5497	struct secasvar *newsav;
5498	u_int16_t proto;
5499	u_int8_t mode;
5500	u_int16_t reqid;
5501	int error;
5502
5503	/ sanity check /
5504	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5505	panic("key_add: NULL pointer is passed");
5506
5507	/ map satype to proto /
5508	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
5509	ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5510	return key_senderror(so, m, EINVAL);
5511	}
5512
5513	if (mhp->ext[SADB_EXT_SA] == NULL \|\|
5514	mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
5515	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL \|\|
5516	(mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5517	mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) \|\|
5518	(mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5519	mhp->ext[SADB_EXT_KEY_AUTH] == NULL) \|\|
5520	(mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5521	mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) \|\|
5522	(mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5523	mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5524	ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5525	return key_senderror(so, m, EINVAL);
5526	}
5527	if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) \|\|
5528	mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
5529	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5530	/ XXX need more /
5531	ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5532	return key_senderror(so, m, EINVAL);
5533	}
5534	if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5535	mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5536	reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5537	} else {
5538	mode = IPSEC_MODE_ANY;
5539	reqid = `0`;
5540	}
5541
5542	sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5543	src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5544	dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5545
5546	if ((error = key_setsecasidx(proto, mode, reqid, src0 + `1`,
5547	dst0 + `1`, &saidx)) != `0`)
5548	return key_senderror(so, m, EINVAL);
5549
5550	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
5551	return key_senderror(so, m, EINVAL);
5552
5553	/ get a SA header /
5554	if ((newsah = key_getsah(&saidx)) == NULL) {
5555	/ create a new SA header /
5556	if ((newsah = key_newsah(&saidx)) == NULL) {
5557	ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5558	return key_senderror(so, m, ENOBUFS);
5559	}
5560	}
5561
5562	/ set spidx if there /
5563	/ XXX rewrite /
5564	error = key_setident(newsah, m, mhp);
5565	if (error) {
5566	return key_senderror(so, m, error);
5567	}
5568
5569	/ create new SA entry. /
5570	/ We can create new SA only if SPI is differenct. /
5571	if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5572	ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5573	return key_senderror(so, m, EEXIST);
5574	}
5575	newsav = KEY_NEWSAV(m, mhp, newsah, &error);
5576	if (newsav == NULL) {
5577	return key_senderror(so, m, error);
5578	}
5579
5580	if ((error = key_handle_natt_info(newsav, mhp)) != `0`)
5581	return key_senderror(so, m, EINVAL);
5582
5583	/ check SA values to be mature. /
5584	if ((error = key_mature(newsav)) != `0`) {
5585	KEY_FREESAV(&newsav);
5586	return key_senderror(so, m, error);
5587	}
5588
5589	/*
5590	* don't call key_freesav() here, as we would like to keep the SA
5591	* in the database on success.
5592	*/
5593
5594	{
5595	struct mbuf *n;
5596
5597	/ set msg buf from mhp /
5598	n = key_getmsgbuf_x1(m, mhp);
5599	if (n == NULL) {
5600	ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5601	return key_senderror(so, m, ENOBUFS);
5602	}
5603
5604	m_freem(m);
5605	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5606	}
5607	}
5608
5609	/ m is retained /
5610	static int
5611	key_setident(struct secashead sah, struct* mbuf *m,
5612	const struct sadb_msghdr *mhp)
5613	{
5614	const struct sadb_ident idsrc, iddst;
5615	int idsrclen, iddstlen;
5616
5617	/ sanity check /
5618	if (sah == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5619	panic("key_setident: NULL pointer is passed");
5620
5621	/ don't make buffer if not there /
5622	if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5623	mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5624	sah->idents = NULL;
5625	sah->identd = NULL;
5626	return `0`;
5627	}
5628
5629	if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL \|\|
5630	mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5631	ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5632	return EINVAL;
5633	}
5634
5635	idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5636	iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5637	idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5638	iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5639
5640	/ validity check /
5641	if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5642	ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5643	return EINVAL;
5644	}
5645
5646	switch (idsrc->sadb_ident_type) {
5647	case SADB_IDENTTYPE_PREFIX:
5648	case SADB_IDENTTYPE_FQDN:
5649	case SADB_IDENTTYPE_USERFQDN:
5650	default:
5651	/ XXX do nothing /
5652	sah->idents = NULL;
5653	sah->identd = NULL;
5654	return `0`;
5655	}
5656
5657	/ make structure /
5658	KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5659	if (sah->idents == NULL) {
5660	ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5661	return ENOBUFS;
5662	}
5663	KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5664	if (sah->identd == NULL) {
5665	KFREE(sah->idents);
5666	sah->idents = NULL;
5667	ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5668	return ENOBUFS;
5669	}
5670	memcpy(sah->idents, idsrc, idsrclen);
5671	memcpy(sah->identd, iddst, iddstlen);
5672
5673	return `0`;
5674	}
5675
5676	/*
5677	* m will not be freed on return.
5678	* it is caller's responsibility to free the result.
5679	*/
5680	static struct mbuf *
5681	key_getmsgbuf_x1(struct mbuf m, const* struct sadb_msghdr *mhp)
5682	{
5683	struct mbuf *n;
5684
5685	/ sanity check /
5686	if (m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5687	panic("key_getmsgbuf_x1: NULL pointer is passed");
5688
5689	/ create new sadb_msg to reply. /
5690	n = key_gather_mbuf(m, mhp, `1`, `15`, SADB_EXT_RESERVED,
5691	SADB_EXT_SA, SADB_X_EXT_SA2,
5692	SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5693	SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5694	SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
5695	SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
5696	SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
5697	SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG);
5698	if (!n)
5699	return NULL;
5700
5701	if (n->m_len < sizeof(struct sadb_msg)) {
5702	n = m_pullup(n, sizeof(struct sadb_msg));
5703	if (n == NULL)
5704	return NULL;
5705	}
5706	mtod(n, struct sadb_msg *)->sadb_msg_errno = `0`;
5707	mtod(n, struct sadb_msg *)->sadb_msg_len =
5708	PFKEY_UNIT64(n->m_pkthdr.len);
5709
5710	return n;
5711	}
5712
5713	static int key_delete_all (struct socket , struct* mbuf *,
5714	const struct sadb_msghdr *, u_int16_t);
5715
5716	/*
5717	* SADB_DELETE processing
5718	* receive
5719	* <base, SA(*), address(SD)>
5720	* from the ikmpd, and set SADB_SASTATE_DEAD,
5721	* and send,
5722	* <base, SA(*), address(SD)>
5723	* to the ikmpd.
5724	*
5725	* m will always be freed.
5726	*/
5727	static int
5728	key_delete(struct socket so, struct* mbuf *m,
5729	const struct sadb_msghdr *mhp)
5730	{
5731	struct sadb_sa *sa0;
5732	struct sadb_address src0, dst0;
5733	struct secasindex saidx;
5734	struct secashead *sah;
5735	struct secasvar *sav = NULL;
5736	u_int16_t proto;
5737	int error;
5738
5739	/ sanity check /
5740	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5741	panic("key_delete: NULL pointer is passed");
5742
5743	/ map satype to proto /
5744	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
5745	ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5746	return key_senderror(so, m, EINVAL);
5747	}
5748
5749	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
5750	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5751	ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5752	return key_senderror(so, m, EINVAL);
5753	}
5754
5755	if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
5756	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5757	ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5758	return key_senderror(so, m, EINVAL);
5759	}
5760
5761	if (mhp->ext[SADB_EXT_SA] == NULL) {
5762	/*
5763	* Caller wants us to delete all non-LARVAL SAs
5764	* that match the src/dst. This is used during
5765	* IKE INITIAL-CONTACT.
5766	*/
5767	ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5768	return key_delete_all(so, m, mhp, proto);
5769	} else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5770	ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5771	return key_senderror(so, m, EINVAL);
5772	}
5773
5774	sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5775	src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5776	dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5777
5778	if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, `0`, src0 + `1`,
5779	dst0 + `1`, &saidx)) != `0`)
5780	return key_senderror(so, m, EINVAL);
5781
5782	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
5783	return key_senderror(so, m, EINVAL);
5784
5785	/ get a SA header /
5786	LIST_FOREACH(sah, &sahtree, chain) {
5787	if (sah->state == SADB_SASTATE_DEAD)
5788	continue;
5789	if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == `0`)
5790	continue;
5791
5792	/ get a SA with SPI. /
5793	sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5794	if (sav)
5795	break;
5796	}
5797	if (sah == NULL) {
5798	ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5799	return key_senderror(so, m, ENOENT);
5800	}
5801
5802	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5803	KEY_FREESAV(&sav);
5804
5805	{
5806	struct mbuf *n;
5807	struct sadb_msg *newmsg;
5808
5809	/ create new sadb_msg to reply. /
5810	n = key_gather_mbuf(m, mhp, `1`, `4`, SADB_EXT_RESERVED,
5811	SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5812	if (!n)
5813	return key_senderror(so, m, ENOBUFS);
5814
5815	if (n->m_len < sizeof(struct sadb_msg)) {
5816	n = m_pullup(n, sizeof(struct sadb_msg));
5817	if (n == NULL)
5818	return key_senderror(so, m, ENOBUFS);
5819	}
5820	newmsg = mtod(n, struct sadb_msg *);
5821	newmsg->sadb_msg_errno = `0`;
5822	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5823
5824	m_freem(m);
5825	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5826	}
5827	}
5828
5829	/*
5830	* delete all SAs for src/dst. Called from key_delete().
5831	*/
5832	static int
5833	key_delete_all(struct socket so, struct* mbuf *m,
5834	const struct sadb_msghdr *mhp, u_int16_t proto)
5835	{
5836	struct sadb_address src0, dst0;
5837	struct secasindex saidx;
5838	struct secashead *sah;
5839	struct secasvar sav, nextsav;
5840	u_int stateidx, state;
5841	int error;
5842
5843	src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5844	dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5845
5846	if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, `0`, src0 + `1`,
5847	dst0 + `1`, &saidx)) != `0`)
5848	return key_senderror(so, m, EINVAL);
5849
5850	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
5851	return key_senderror(so, m, EINVAL);
5852
5853	LIST_FOREACH(sah, &sahtree, chain) {
5854	if (sah->state == SADB_SASTATE_DEAD)
5855	continue;
5856	if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == `0`)
5857	continue;
5858
5859	/ Delete all non-LARVAL SAs. /
5860	for (stateidx = `0`;
5861	stateidx < _ARRAYLEN(saorder_state_alive);
5862	stateidx++) {
5863	state = saorder_state_alive[stateidx];
5864	if (state == SADB_SASTATE_LARVAL)
5865	continue;
5866	for (sav = LIST_FIRST(&sah->savtree[state]);
5867	sav != NULL; sav = nextsav) {
5868	nextsav = LIST_NEXT(sav, chain);
5869	/ sanity check /
5870	if (sav->state != state) {
5871	ipseclog((LOG_DEBUG, "key_delete_all: "
5872	"invalid sav->state "
5873	"(queue: %d SA: %d)\n",
5874	state, sav->state));
5875	continue;
5876	}
5877
5878	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5879	KEY_FREESAV(&sav);
5880	}
5881	}
5882	}
5883	{
5884	struct mbuf *n;
5885	struct sadb_msg *newmsg;
5886
5887	/ create new sadb_msg to reply. /
5888	n = key_gather_mbuf(m, mhp, `1`, `3`, SADB_EXT_RESERVED,
5889	SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5890	if (!n)
5891	return key_senderror(so, m, ENOBUFS);
5892
5893	if (n->m_len < sizeof(struct sadb_msg)) {
5894	n = m_pullup(n, sizeof(struct sadb_msg));
5895	if (n == NULL)
5896	return key_senderror(so, m, ENOBUFS);
5897	}
5898	newmsg = mtod(n, struct sadb_msg *);
5899	newmsg->sadb_msg_errno = `0`;
5900	newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5901
5902	m_freem(m);
5903	return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5904	}
5905	}
5906
5907	/*
5908	* SADB_GET processing
5909	* receive
5910	* <base, SA(*), address(SD)>
5911	* from the ikmpd, and get a SP and a SA to respond,
5912	* and send,
5913	* <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5914	* (identity(SD),) (sensitivity)>
5915	* to the ikmpd.
5916	*
5917	* m will always be freed.
5918	*/
5919	static int
5920	key_get(struct socket so, struct* mbuf *m,
5921	const struct sadb_msghdr *mhp)
5922	{
5923	struct sadb_sa *sa0;
5924	struct sadb_address src0, dst0;
5925	struct secasindex saidx;
5926	struct secashead *sah;
5927	struct secasvar *sav = NULL;
5928	u_int16_t proto;
5929	int error;
5930
5931	/ sanity check /
5932	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
5933	panic("key_get: NULL pointer is passed");
5934
5935	/ map satype to proto /
5936	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
5937	ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5938	return key_senderror(so, m, EINVAL);
5939	}
5940
5941	if (mhp->ext[SADB_EXT_SA] == NULL \|\|
5942	mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
5943	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5944	ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5945	return key_senderror(so, m, EINVAL);
5946	}
5947	if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) \|\|
5948	mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
5949	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5950	ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5951	return key_senderror(so, m, EINVAL);
5952	}
5953
5954	sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5955	src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5956	dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5957
5958	if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, `0`, src0 + `1`,
5959	dst0 + `1`, &saidx)) != `0`)
5960	return key_senderror(so, m, EINVAL);
5961
5962	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
5963	return key_senderror(so, m, EINVAL);
5964
5965	/ get a SA header /
5966	LIST_FOREACH(sah, &sahtree, chain) {
5967	if (sah->state == SADB_SASTATE_DEAD)
5968	continue;
5969	if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == `0`)
5970	continue;
5971
5972	/ get a SA with SPI. /
5973	sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5974	if (sav)
5975	break;
5976	}
5977	if (sah == NULL) {
5978	ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5979	return key_senderror(so, m, ENOENT);
5980	}
5981
5982	{
5983	struct mbuf *n;
5984	u_int8_t satype;
5985
5986	/ map proto to satype /
5987	if ((satype = key_proto2satype(sah->saidx.proto)) == `0`) {
5988	ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5989	return key_senderror(so, m, EINVAL);
5990	}
5991
5992	/ create new sadb_msg to reply. /
5993	n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5994	mhp->msg->sadb_msg_pid);
5995	if (!n)
5996	return key_senderror(so, m, ENOBUFS);
5997
5998	m_freem(m);
5999	return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6000	}
6001	}
6002
6003	/ XXX make it sysctl-configurable? /
6004	static void
6005	key_getcomb_setlifetime(struct sadb_comb *comb)
6006	{
6007
6008	comb->sadb_comb_soft_allocations = `1`;
6009	comb->sadb_comb_hard_allocations = `1`;
6010	comb->sadb_comb_soft_bytes = `0`;
6011	comb->sadb_comb_hard_bytes = `0`;
6012	comb->sadb_comb_hard_addtime = `86400`; / 1 day /
6013	comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * `80` / `100`;
6014	comb->sadb_comb_soft_usetime = `28800`; / 8 hours /
6015	comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * `80` / `100`;
6016	}
6017
6018	/*
6019	* XXX reorder combinations by preference
6020	* XXX no idea if the user wants ESP authentication or not
6021	*/
6022	static struct mbuf *
6023	key_getcomb_esp(void)
6024	{
6025	struct sadb_comb *comb;
6026	const struct enc_xform *algo;
6027	struct mbuf result = NULL, m, *n;
6028	int encmin;
6029	int i, off, o;
6030	int totlen;
6031	const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6032
6033	m = NULL;
6034	for (i = `1`; i <= SADB_EALG_MAX; i++) {
6035	algo = esp_algorithm_lookup(i);
6036	if (algo == NULL)
6037	continue;
6038
6039	/ discard algorithms with key size smaller than system min /
6040	if (_BITS(algo->maxkey) < ipsec_esp_keymin)
6041	continue;
6042	if (_BITS(algo->minkey) < ipsec_esp_keymin)
6043	encmin = ipsec_esp_keymin;
6044	else
6045	encmin = _BITS(algo->minkey);
6046
6047	if (ipsec_esp_auth)
6048	m = key_getcomb_ah();
6049	else {
6050	IPSEC_ASSERT(l <= MLEN,
6051	("key_getcomb_esp: l=%u > MLEN=%lu",
6052	l, (u_long) MLEN));
6053	MGET(m, M_DONTWAIT, MT_DATA);
6054	if (m) {
6055	M_ALIGN(m, l);
6056	m->m_len = l;
6057	m->m_next = NULL;
6058	memset(mtod(m, void *), `0`, m->m_len);
6059	}
6060	}
6061	if (!m)
6062	goto fail;
6063
6064	totlen = `0`;
6065	for (n = m; n; n = n->m_next)
6066	totlen += n->m_len;
6067	IPSEC_ASSERT((totlen % l) == `0`,
6068	("key_getcomb_esp: totlen=%u, l=%u", totlen, l));
6069
6070	for (off = `0`; off < totlen; off += l) {
6071	n = m_pulldown(m, off, l, &o);
6072	if (!n) {
6073	/ m is already freed /
6074	goto fail;
6075	}
6076	comb = (struct sadb_comb )(mtod(n, char* *) + o);
6077	memset(comb, `0`, sizeof(*comb));
6078	key_getcomb_setlifetime(comb);
6079	comb->sadb_comb_encrypt = i;
6080	comb->sadb_comb_encrypt_minbits = encmin;
6081	comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
6082	}
6083
6084	if (!result)
6085	result = m;
6086	else
6087	m_cat(result, m);
6088	}
6089
6090	return result;
6091
6092	fail:
6093	if (result)
6094	m_freem(result);
6095	return NULL;
6096	}
6097
6098	static void
6099	key_getsizes_ah(const struct auth_hash ah, int* alg,
6100	u_int16_t* ksmin, u_int16_t* ksmax)
6101	{
6102	ksmin = ksmax = ah->keysize;
6103	if (ah->keysize == `0`) {
6104	/*
6105	* Transform takes arbitrary key size but algorithm
6106	* key size is restricted. Enforce this here.
6107	*/
6108	switch (alg) {
6109	case SADB_X_AALG_MD5: ksmin = ksmax = `16`; break;
6110	case SADB_X_AALG_SHA: ksmin = ksmax = `20`; break;
6111	case SADB_X_AALG_NULL: ksmin = `1`; ksmax = `256`; break;
6112	default:
6113	DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n",
6114	alg));
6115	break;
6116	}
6117	}
6118	}
6119
6120	/*
6121	* XXX reorder combinations by preference
6122	*/
6123	static struct mbuf *
6124	key_getcomb_ah(void)
6125	{
6126	struct sadb_comb *comb;
6127	const struct auth_hash *algo;
6128	struct mbuf *m;
6129	u_int16_t minkeysize, maxkeysize;
6130	int i;
6131	const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6132
6133	m = NULL;
6134	for (i = `1`; i <= SADB_AALG_MAX; i++) {
6135	#if 1
6136	/ we prefer HMAC algorithms, not old algorithms /
6137	if (i != SADB_AALG_SHA1HMAC &&
6138	i != SADB_AALG_MD5HMAC &&
6139	i != SADB_X_AALG_SHA2_256 &&
6140	i != SADB_X_AALG_SHA2_384 &&
6141	i != SADB_X_AALG_SHA2_512)
6142	continue;
6143	#endif
6144	algo = ah_algorithm_lookup(i);
6145	if (!algo)
6146	continue;
6147	key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
6148	/ discard algorithms with key size smaller than system min /
6149	if (_BITS(minkeysize) < ipsec_ah_keymin)
6150	continue;
6151
6152	if (!m) {
6153	IPSEC_ASSERT(l <= MLEN,
6154	("key_getcomb_ah: l=%u > MLEN=%lu",
6155	l, (u_long) MLEN));
6156	MGET(m, M_DONTWAIT, MT_DATA);
6157	if (m) {
6158	M_ALIGN(m, l);
6159	m->m_len = l;
6160	m->m_next = NULL;
6161	}
6162	} else
6163	M_PREPEND(m, l, M_DONTWAIT);
6164	if (!m)
6165	return NULL;
6166
6167	comb = mtod(m, struct sadb_comb *);
6168	memset(comb, `0`, sizeof(*comb));
6169	key_getcomb_setlifetime(comb);
6170	comb->sadb_comb_auth = i;
6171	comb->sadb_comb_auth_minbits = _BITS(minkeysize);
6172	comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
6173	}
6174
6175	return m;
6176	}
6177
6178	/*
6179	* not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6180	* XXX reorder combinations by preference
6181	*/
6182	static struct mbuf *
6183	key_getcomb_ipcomp(void)
6184	{
6185	struct sadb_comb *comb;
6186	const struct comp_algo *algo;
6187	struct mbuf *m;
6188	int i;
6189	const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6190
6191	m = NULL;
6192	for (i = `1`; i <= SADB_X_CALG_MAX; i++) {
6193	algo = ipcomp_algorithm_lookup(i);
6194	if (!algo)
6195	continue;
6196
6197	if (!m) {
6198	IPSEC_ASSERT(l <= MLEN,
6199	("key_getcomb_ipcomp: l=%u > MLEN=%lu",
6200	l, (u_long) MLEN));
6201	MGET(m, M_DONTWAIT, MT_DATA);
6202	if (m) {
6203	M_ALIGN(m, l);
6204	m->m_len = l;
6205	m->m_next = NULL;
6206	}
6207	} else
6208	M_PREPEND(m, l, M_DONTWAIT);
6209	if (!m)
6210	return NULL;
6211
6212	comb = mtod(m, struct sadb_comb *);
6213	memset(comb, `0`, sizeof(*comb));
6214	key_getcomb_setlifetime(comb);
6215	comb->sadb_comb_encrypt = i;
6216	/ what should we set into sadb_comb__{min,max}bits? /*
6217	}
6218
6219	return m;
6220	}
6221
6222	/*
6223	* XXX no way to pass mode (transport/tunnel) to userland
6224	* XXX replay checking?
6225	* XXX sysctl interface to ipsec_{ah,esp}_keymin
6226	*/
6227	static struct mbuf *
6228	key_getprop(const struct secasindex *saidx)
6229	{
6230	struct sadb_prop *prop;
6231	struct mbuf m, n;
6232	const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6233	int totlen;
6234
6235	switch (saidx->proto) {
6236	case IPPROTO_ESP:
6237	m = key_getcomb_esp();
6238	break;
6239	case IPPROTO_AH:
6240	m = key_getcomb_ah();
6241	break;
6242	case IPPROTO_IPCOMP:
6243	m = key_getcomb_ipcomp();
6244	break;
6245	default:
6246	return NULL;
6247	}
6248
6249	if (!m)
6250	return NULL;
6251	M_PREPEND(m, l, M_DONTWAIT);
6252	if (!m)
6253	return NULL;
6254
6255	totlen = `0`;
6256	for (n = m; n; n = n->m_next)
6257	totlen += n->m_len;
6258
6259	prop = mtod(m, struct sadb_prop *);
6260	memset(prop, `0`, sizeof(*prop));
6261	prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6262	prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6263	prop->sadb_prop_replay = `32`; / XXX /
6264
6265	return m;
6266	}
6267
6268	/*
6269	* SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6270	* send
6271	* <base, SA, address(SD), (address(P)), x_policy,
6272	* (identity(SD),) (sensitivity,) proposal>
6273	* to KMD, and expect to receive
6274	* <base> with SADB_ACQUIRE if error occurred,
6275	* or
6276	* <base, src address, dst address, (SPI range)> with SADB_GETSPI
6277	* from KMD by PF_KEY.
6278	*
6279	* XXX x_policy is outside of RFC2367 (KAME extension).
6280	* XXX sensitivity is not supported.
6281	* XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6282	* see comment for key_getcomb_ipcomp().
6283	*
6284	* OUT:
6285	* 0 : succeed
6286	* others: error number
6287	*/
6288	static int
6289	key_acquire(const struct secasindex saidx, struct* secpolicy *sp)
6290	{
6291	struct mbuf result = NULL, m;
6292	#ifndef IPSEC_NONBLOCK_ACQUIRE
6293	struct secacq *newacq;
6294	#endif
6295	u_int8_t satype;
6296	int error = -`1`;
6297	u_int32_t seq;
6298
6299	/ sanity check /
6300	IPSEC_ASSERT(saidx != NULL, ("key_acquire: null saidx"));
6301	satype = key_proto2satype(saidx->proto);
6302	IPSEC_ASSERT(satype != `0`,
6303	("key_acquire: null satype, protocol %u", saidx->proto));
6304
6305	#ifndef IPSEC_NONBLOCK_ACQUIRE
6306	/*
6307	* We never do anything about acquirng SA. There is anather
6308	* solution that kernel blocks to send SADB_ACQUIRE message until
6309	* getting something message from IKEd. In later case, to be
6310	* managed with ACQUIRING list.
6311	*/
6312	/ Get an entry to check whether sending message or not. /
6313	if ((newacq = key_getacq(saidx)) != NULL) {
6314	if (key_blockacq_count < newacq->count) {
6315	/ reset counter and do send message. /
6316	newacq->count = `0`;
6317	} else {
6318	/ increment counter and do nothing. /
6319	newacq->count++;
6320	return `0`;
6321	}
6322	} else {
6323	/ make new entry for blocking to send SADB_ACQUIRE. /
6324	if ((newacq = key_newacq(saidx)) == NULL)
6325	return ENOBUFS;
6326
6327	/ add to acqtree /
6328	LIST_INSERT_HEAD(&acqtree, newacq, chain);
6329	}
6330	#endif
6331
6332
6333	#ifndef IPSEC_NONBLOCK_ACQUIRE
6334	seq = newacq->seq;
6335	#else
6336	seq = (acq_seq = (acq_seq == ~`0` ? `1` : ++acq_seq));
6337	#endif
6338	m = key_setsadbmsg(SADB_ACQUIRE, `0`, satype, seq, `0`, `0`);
6339	if (!m) {
6340	error = ENOBUFS;
6341	goto fail;
6342	}
6343	result = m;
6344
6345	/ set sadb_address for saidx's. /
6346	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6347	&saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY);
6348	if (!m) {
6349	error = ENOBUFS;
6350	goto fail;
6351	}
6352	m_cat(result, m);
6353
6354	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6355	&saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY);
6356	if (!m) {
6357	error = ENOBUFS;
6358	goto fail;
6359	}
6360	m_cat(result, m);
6361
6362	/ XXX proxy address (optional) /
6363
6364	/ set sadb_x_policy /
6365	if (sp) {
6366	m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
6367	if (!m) {
6368	error = ENOBUFS;
6369	goto fail;
6370	}
6371	m_cat(result, m);
6372	}
6373
6374	/ XXX identity (optional) /
6375	#if 0
6376	if (idexttype && fqdn) {
6377	/ create identity extension (FQDN) /
6378	struct sadb_ident *id;
6379	int fqdnlen;
6380
6381	fqdnlen = strlen(fqdn) + `1`; / +1 for terminating-NUL /
6382	id = (struct sadb_ident *)p;
6383	memset(id, `0`, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6384	id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6385	id->sadb_ident_exttype = idexttype;
6386	id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6387	memcpy(id + `1`, fqdn, fqdnlen);
6388	p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6389	}
6390
6391	if (idexttype) {
6392	/ create identity extension (USERFQDN) /
6393	struct sadb_ident *id;
6394	int userfqdnlen;
6395
6396	if (userfqdn) {
6397	/ +1 for terminating-NUL /
6398	userfqdnlen = strlen(userfqdn) + `1`;
6399	} else
6400	userfqdnlen = `0`;
6401	id = (struct sadb_ident *)p;
6402	memset(id, `0`, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6403	id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6404	id->sadb_ident_exttype = idexttype;
6405	id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6406	/ XXX is it correct? /
6407	if (curlwp)
6408	id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred);
6409	if (userfqdn && userfqdnlen)
6410	memcpy(id + `1`, userfqdn, userfqdnlen);
6411	p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6412	}
6413	#endif
6414
6415	/ XXX sensitivity (optional) /
6416
6417	/ create proposal/combination extension /
6418	m = key_getprop(saidx);
6419	#if 0
6420	/*
6421	* spec conformant: always attach proposal/combination extension,
6422	* the problem is that we have no way to attach it for ipcomp,
6423	* due to the way sadb_comb is declared in RFC2367.
6424	*/
6425	if (!m) {
6426	error = ENOBUFS;
6427	goto fail;
6428	}
6429	m_cat(result, m);
6430	#else
6431	/*
6432	* outside of spec; make proposal/combination extension optional.
6433	*/
6434	if (m)
6435	m_cat(result, m);
6436	#endif
6437
6438	if ((result->m_flags & M_PKTHDR) == `0`) {
6439	error = EINVAL;
6440	goto fail;
6441	}
6442
6443	if (result->m_len < sizeof(struct sadb_msg)) {
6444	result = m_pullup(result, sizeof(struct sadb_msg));
6445	if (result == NULL) {
6446	error = ENOBUFS;
6447	goto fail;
6448	}
6449	}
6450
6451	result->m_pkthdr.len = `0`;
6452	for (m = result; m; m = m->m_next)
6453	result->m_pkthdr.len += m->m_len;
6454
6455	mtod(result, struct sadb_msg *)->sadb_msg_len =
6456	PFKEY_UNIT64(result->m_pkthdr.len);
6457
6458	return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6459
6460	fail:
6461	if (result)
6462	m_freem(result);
6463	return error;
6464	}
6465
6466	#ifndef IPSEC_NONBLOCK_ACQUIRE
6467	static struct secacq *
6468	key_newacq(const struct secasindex *saidx)
6469	{
6470	struct secacq *newacq;
6471
6472	/ get new entry /
6473	KMALLOC(newacq, struct secacq , sizeof(struct* secacq));
6474	if (newacq == NULL) {
6475	ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6476	return NULL;
6477	}
6478	memset(newacq, `0`, sizeof(*newacq));
6479
6480	/ copy secindex /
6481	memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx));
6482	newacq->seq = (acq_seq == ~`0` ? `1` : ++acq_seq);
6483	newacq->created = time_uptime;
6484	newacq->count = `0`;
6485
6486	return newacq;
6487	}
6488
6489	static struct secacq *
6490	key_getacq(const struct secasindex *saidx)
6491	{
6492	struct secacq *acq;
6493
6494	LIST_FOREACH(acq, &acqtree, chain) {
6495	if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6496	return acq;
6497	}
6498
6499	return NULL;
6500	}
6501
6502	static struct secacq *
6503	key_getacqbyseq(u_int32_t seq)
6504	{
6505	struct secacq *acq;
6506
6507	LIST_FOREACH(acq, &acqtree, chain) {
6508	if (acq->seq == seq)
6509	return acq;
6510	}
6511
6512	return NULL;
6513	}
6514	#endif
6515
6516	static struct secspacq *
6517	key_newspacq(const struct secpolicyindex *spidx)
6518	{
6519	struct secspacq *acq;
6520
6521	/ get new entry /
6522	KMALLOC(acq, struct secspacq , sizeof(struct* secspacq));
6523	if (acq == NULL) {
6524	ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6525	return NULL;
6526	}
6527	memset(acq, `0`, sizeof(*acq));
6528
6529	/ copy secindex /
6530	memcpy(&acq->spidx, spidx, sizeof(acq->spidx));
6531	acq->created = time_uptime;
6532	acq->count = `0`;
6533
6534	return acq;
6535	}
6536
6537	static struct secspacq *
6538	key_getspacq(const struct secpolicyindex *spidx)
6539	{
6540	struct secspacq *acq;
6541
6542	LIST_FOREACH(acq, &spacqtree, chain) {
6543	if (key_cmpspidx_exactly(spidx, &acq->spidx))
6544	return acq;
6545	}
6546
6547	return NULL;
6548	}
6549
6550	/*
6551	* SADB_ACQUIRE processing,
6552	* in first situation, is receiving
6553	* <base>
6554	* from the ikmpd, and clear sequence of its secasvar entry.
6555	*
6556	* In second situation, is receiving
6557	* <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6558	* from a user land process, and return
6559	* <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6560	* to the socket.
6561	*
6562	* m will always be freed.
6563	*/
6564	static int
6565	key_acquire2(struct socket so, struct* mbuf *m,
6566	const struct sadb_msghdr *mhp)
6567	{
6568	const struct sadb_address src0, dst0;
6569	struct secasindex saidx;
6570	struct secashead *sah;
6571	u_int16_t proto;
6572	int error;
6573
6574	/ sanity check /
6575	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
6576	panic("key_acquire2: NULL pointer is passed");
6577
6578	/*
6579	* Error message from KMd.
6580	* We assume that if error was occurred in IKEd, the length of PFKEY
6581	* message is equal to the size of sadb_msg structure.
6582	* We do not raise error even if error occurred in this function.
6583	*/
6584	if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6585	#ifndef IPSEC_NONBLOCK_ACQUIRE
6586	struct secacq *acq;
6587
6588	/ check sequence number /
6589	if (mhp->msg->sadb_msg_seq == `0`) {
6590	ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6591	m_freem(m);
6592	return `0`;
6593	}
6594
6595	if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6596	/*
6597	* the specified larval SA is already gone, or we got
6598	* a bogus sequence number. we can silently ignore it.
6599	*/
6600	m_freem(m);
6601	return `0`;
6602	}
6603
6604	/ reset acq counter in order to deletion by timehander. /
6605	acq->created = time_uptime;
6606	acq->count = `0`;
6607	#endif
6608	m_freem(m);
6609	return `0`;
6610	}
6611
6612	/*
6613	* This message is from user land.
6614	*/
6615
6616	/ map satype to proto /
6617	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
6618	ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6619	return key_senderror(so, m, EINVAL);
6620	}
6621
6622	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL \|\|
6623	mhp->ext[SADB_EXT_ADDRESS_DST] == NULL \|\|
6624	mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6625	/ error /
6626	ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6627	return key_senderror(so, m, EINVAL);
6628	}
6629	if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) \|\|
6630	mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) \|\|
6631	mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6632	/ error /
6633	ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6634	return key_senderror(so, m, EINVAL);
6635	}
6636
6637	src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6638	dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6639
6640	if ((error = key_setsecasidx(proto, IPSEC_MODE_ANY, `0`, src0 + `1`,
6641	dst0 + `1`, &saidx)) != `0`)
6642	return key_senderror(so, m, EINVAL);
6643
6644	if ((error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp)) != `0`)
6645	return key_senderror(so, m, EINVAL);
6646
6647	/ get a SA index /
6648	LIST_FOREACH(sah, &sahtree, chain) {
6649	if (sah->state == SADB_SASTATE_DEAD)
6650	continue;
6651	if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6652	break;
6653	}
6654	if (sah != NULL) {
6655	ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6656	return key_senderror(so, m, EEXIST);
6657	}
6658
6659	error = key_acquire(&saidx, NULL);
6660	if (error != `0`) {
6661	ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6662	"from key_acquire.\n", mhp->msg->sadb_msg_errno));
6663	return key_senderror(so, m, error);
6664	}
6665
6666	return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6667	}
6668
6669	/*
6670	* SADB_REGISTER processing.
6671	* If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6672	* receive
6673	* <base>
6674	* from the ikmpd, and register a socket to send PF_KEY messages,
6675	* and send
6676	* <base, supported>
6677	* to KMD by PF_KEY.
6678	* If socket is detached, must free from regnode.
6679	*
6680	* m will always be freed.
6681	*/
6682	static int
6683	key_register(struct socket so, struct* mbuf *m,
6684	const struct sadb_msghdr *mhp)
6685	{
6686	struct secreg reg, newreg = `0`;
6687
6688	/ sanity check /
6689	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
6690	panic("key_register: NULL pointer is passed");
6691
6692	/ check for invalid register message /
6693	if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[`0`]))
6694	return key_senderror(so, m, EINVAL);
6695
6696	/ When SATYPE_UNSPEC is specified, only return sabd_supported. /
6697	if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6698	goto setmsg;
6699
6700	/ check whether existing or not /
6701	LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
6702	if (reg->so == so) {
6703	ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6704	return key_senderror(so, m, EEXIST);
6705	}
6706	}
6707
6708	/ create regnode /
6709	KMALLOC(newreg, struct secreg , sizeof(newreg));
6710	if (newreg == NULL) {
6711	ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6712	return key_senderror(so, m, ENOBUFS);
6713	}
6714	memset(newreg, `0`, sizeof(*newreg));
6715
6716	newreg->so = so;
6717	((struct keycb *)sotorawcb(so))->kp_registered++;
6718
6719	/ add regnode to regtree. /
6720	LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
6721
6722	setmsg:
6723	{
6724	struct mbuf *n;
6725	struct sadb_msg *newmsg;
6726	struct sadb_supported *sup;
6727	u_int len, alen, elen;
6728	int off;
6729	int i;
6730	struct sadb_alg *alg;
6731
6732	/ create new sadb_msg to reply. /
6733	alen = `0`;
6734	for (i = `1`; i <= SADB_AALG_MAX; i++) {
6735	if (ah_algorithm_lookup(i))
6736	alen += sizeof(struct sadb_alg);
6737	}
6738	if (alen)
6739	alen += sizeof(struct sadb_supported);
6740	elen = `0`;
6741	for (i = `1`; i <= SADB_EALG_MAX; i++) {
6742	if (esp_algorithm_lookup(i))
6743	elen += sizeof(struct sadb_alg);
6744	}
6745	if (elen)
6746	elen += sizeof(struct sadb_supported);
6747
6748	len = sizeof(struct sadb_msg) + alen + elen;
6749
6750	if (len > MCLBYTES)
6751	return key_senderror(so, m, ENOBUFS);
6752
6753	MGETHDR(n, M_DONTWAIT, MT_DATA);
6754	if (len > MHLEN) {
6755	MCLGET(n, M_DONTWAIT);
6756	if ((n->m_flags & M_EXT) == `0`) {
6757	m_freem(n);
6758	n = NULL;
6759	}
6760	}
6761	if (!n)
6762	return key_senderror(so, m, ENOBUFS);
6763
6764	n->m_pkthdr.len = n->m_len = len;
6765	n->m_next = NULL;
6766	off = `0`;
6767
6768	m_copydata(m, `0`, sizeof(struct sadb_msg), mtod(n, char *) + off);
6769	newmsg = mtod(n, struct sadb_msg *);
6770	newmsg->sadb_msg_errno = `0`;
6771	newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6772	off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6773
6774	/ for authentication algorithm /
6775	if (alen) {
6776	sup = (struct sadb_supported )(mtod(n, char* *) + off);
6777	sup->sadb_supported_len = PFKEY_UNIT64(alen);
6778	sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6779	off += PFKEY_ALIGN8(sizeof(*sup));
6780
6781	for (i = `1`; i <= SADB_AALG_MAX; i++) {
6782	const struct auth_hash *aalgo;
6783	u_int16_t minkeysize, maxkeysize;
6784
6785	aalgo = ah_algorithm_lookup(i);
6786	if (!aalgo)
6787	continue;
6788	alg = (struct sadb_alg )(mtod(n, char* *) + off);
6789	alg->sadb_alg_id = i;
6790	alg->sadb_alg_ivlen = `0`;
6791	key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
6792	alg->sadb_alg_minbits = _BITS(minkeysize);
6793	alg->sadb_alg_maxbits = _BITS(maxkeysize);
6794	off += PFKEY_ALIGN8(sizeof(*alg));
6795	}
6796	}
6797
6798	/ for encryption algorithm /
6799	if (elen) {
6800	sup = (struct sadb_supported )(mtod(n, char* *) + off);
6801	sup->sadb_supported_len = PFKEY_UNIT64(elen);
6802	sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6803	off += PFKEY_ALIGN8(sizeof(*sup));
6804
6805	for (i = `1`; i <= SADB_EALG_MAX; i++) {
6806	const struct enc_xform *ealgo;
6807
6808	ealgo = esp_algorithm_lookup(i);
6809	if (!ealgo)
6810	continue;
6811	alg = (struct sadb_alg )(mtod(n, char* *) + off);
6812	alg->sadb_alg_id = i;
6813	alg->sadb_alg_ivlen = ealgo->blocksize;
6814	alg->sadb_alg_minbits = _BITS(ealgo->minkey);
6815	alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
6816	off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6817	}
6818	}
6819
6820	#ifdef DIAGNOSTIC
6821	if (off != len)
6822	panic("length assumption failed in key_register");
6823	#endif
6824
6825	m_freem(m);
6826	return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6827	}
6828	}
6829
6830	/*
6831	* free secreg entry registered.
6832	* XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6833	*/
6834	void
6835	key_freereg(struct socket *so)
6836	{
6837	struct secreg *reg;
6838	int i;
6839
6840	/ sanity check /
6841	if (so == NULL)
6842	panic("key_freereg: NULL pointer is passed");
6843
6844	/*
6845	* check whether existing or not.
6846	* check all type of SA, because there is a potential that
6847	* one socket is registered to multiple type of SA.
6848	*/
6849	for (i = `0`; i <= SADB_SATYPE_MAX; i++) {
6850	LIST_FOREACH(reg, &regtree[i], chain) {
6851	if (reg->so == so
6852	&& __LIST_CHAINED(reg)) {
6853	LIST_REMOVE(reg, chain);
6854	KFREE(reg);
6855	break;
6856	}
6857	}
6858	}
6859
6860	return;
6861	}
6862
6863	/*
6864	* SADB_EXPIRE processing
6865	* send
6866	* <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6867	* to KMD by PF_KEY.
6868	* NOTE: We send only soft lifetime extension.
6869	*
6870	* OUT: 0 : succeed
6871	* others : error number
6872	*/
6873	static int
6874	key_expire(struct secasvar *sav)
6875	{
6876	int s;
6877	int satype;
6878	struct mbuf result = NULL, m;
6879	int len;
6880	int error = -`1`;
6881	struct sadb_lifetime *lt;
6882
6883	/ XXX: Why do we lock ? /
6884	s = splsoftnet(); /called from softclock()/
6885
6886	/ sanity check /
6887	if (sav == NULL)
6888	panic("key_expire: NULL pointer is passed");
6889	if (sav->sah == NULL)
6890	panic("key_expire: Why was SA index in SA NULL");
6891	if ((satype = key_proto2satype(sav->sah->saidx.proto)) == `0`)
6892	panic("key_expire: invalid proto is passed");
6893
6894	/ set msg header /
6895	m = key_setsadbmsg(SADB_EXPIRE, `0`, satype, sav->seq, `0`, sav->refcnt);
6896	if (!m) {
6897	error = ENOBUFS;
6898	goto fail;
6899	}
6900	result = m;
6901
6902	/ create SA extension /
6903	m = key_setsadbsa(sav);
6904	if (!m) {
6905	error = ENOBUFS;
6906	goto fail;
6907	}
6908	m_cat(result, m);
6909
6910	/ create SA extension /
6911	m = key_setsadbxsa2(sav->sah->saidx.mode,
6912	sav->replay ? sav->replay->count : `0`,
6913	sav->sah->saidx.reqid);
6914	if (!m) {
6915	error = ENOBUFS;
6916	goto fail;
6917	}
6918	m_cat(result, m);
6919
6920	/ create lifetime extension (current and soft) /
6921	len = PFKEY_ALIGN8(sizeof(lt)) `2`;
6922	m = key_alloc_mbuf(len);
6923	if (!m \|\| m->m_next) { /XXX/
6924	if (m)
6925	m_freem(m);
6926	error = ENOBUFS;
6927	goto fail;
6928	}
6929	memset(mtod(m, void *), `0`, len);
6930	lt = mtod(m, struct sadb_lifetime *);
6931	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6932	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6933	lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6934	lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6935	lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime
6936	+ time_second - time_uptime;
6937	lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime
6938	+ time_second - time_uptime;
6939	lt = (struct sadb_lifetime )(mtod(m, char* *) + len / `2`);
6940	memcpy(lt, sav->lft_s, sizeof(*lt));
6941	m_cat(result, m);
6942
6943	/ set sadb_address for source /
6944	m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6945	&sav->sah->saidx.src.sa,
6946	FULLMASK, IPSEC_ULPROTO_ANY);
6947	if (!m) {
6948	error = ENOBUFS;
6949	goto fail;
6950	}
6951	m_cat(result, m);
6952
6953	/ set sadb_address for destination /
6954	m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6955	&sav->sah->saidx.dst.sa,
6956	FULLMASK, IPSEC_ULPROTO_ANY);
6957	if (!m) {
6958	error = ENOBUFS;
6959	goto fail;
6960	}
6961	m_cat(result, m);
6962
6963	if ((result->m_flags & M_PKTHDR) == `0`) {
6964	error = EINVAL;
6965	goto fail;
6966	}
6967
6968	if (result->m_len < sizeof(struct sadb_msg)) {
6969	result = m_pullup(result, sizeof(struct sadb_msg));
6970	if (result == NULL) {
6971	error = ENOBUFS;
6972	goto fail;
6973	}
6974	}
6975
6976	result->m_pkthdr.len = `0`;
6977	for (m = result; m; m = m->m_next)
6978	result->m_pkthdr.len += m->m_len;
6979
6980	mtod(result, struct sadb_msg *)->sadb_msg_len =
6981	PFKEY_UNIT64(result->m_pkthdr.len);
6982
6983	splx(s);
6984	return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6985
6986	fail:
6987	if (result)
6988	m_freem(result);
6989	splx(s);
6990	return error;
6991	}
6992
6993	/*
6994	* SADB_FLUSH processing
6995	* receive
6996	* <base>
6997	* from the ikmpd, and free all entries in secastree.
6998	* and send,
6999	* <base>
7000	* to the ikmpd.
7001	* NOTE: to do is only marking SADB_SASTATE_DEAD.
7002	*
7003	* m will always be freed.
7004	*/
7005	static int
7006	key_flush(struct socket so, struct* mbuf *m,
7007	const struct sadb_msghdr *mhp)
7008	{
7009	struct sadb_msg *newmsg;
7010	struct secashead sah, nextsah;
7011	struct secasvar sav, nextsav;
7012	u_int16_t proto;
7013	u_int8_t state;
7014	u_int stateidx;
7015
7016	/ sanity check /
7017	if (so == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
7018	panic("key_flush: NULL pointer is passed");
7019
7020	/ map satype to proto /
7021	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == `0`) {
7022	ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
7023	return key_senderror(so, m, EINVAL);
7024	}
7025
7026	/ no SATYPE specified, i.e. flushing all SA. /
7027	for (sah = LIST_FIRST(&sahtree);
7028	sah != NULL;
7029	sah = nextsah) {
7030	nextsah = LIST_NEXT(sah, chain);
7031
7032	if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
7033	&& proto != sah->saidx.proto)
7034	continue;
7035
7036	for (stateidx = `0`;
7037	stateidx < _ARRAYLEN(saorder_state_alive);
7038	stateidx++) {
7039	state = saorder_state_any[stateidx];
7040	for (sav = LIST_FIRST(&sah->savtree[state]);
7041	sav != NULL;
7042	sav = nextsav) {
7043
7044	nextsav = LIST_NEXT(sav, chain);
7045
7046	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7047	KEY_FREESAV(&sav);
7048	}
7049	}
7050
7051	sah->state = SADB_SASTATE_DEAD;
7052	}
7053
7054	if (m->m_len < sizeof(struct sadb_msg) \|\|
7055	sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7056	ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
7057	return key_senderror(so, m, ENOBUFS);
7058	}
7059
7060	if (m->m_next)
7061	m_freem(m->m_next);
7062	m->m_next = NULL;
7063	m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7064	newmsg = mtod(m, struct sadb_msg *);
7065	newmsg->sadb_msg_errno = `0`;
7066	newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7067
7068	return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7069	}
7070
7071
7072	static struct mbuf *
7073	key_setdump_chain(u_int8_t req_satype, int errorp, int* *lenp, pid_t pid)
7074	{
7075	struct secashead *sah;
7076	struct secasvar *sav;
7077	u_int16_t proto;
7078	u_int stateidx;
7079	u_int8_t satype;
7080	u_int8_t state;
7081	int cnt;
7082	struct mbuf m, n, *prev;
7083
7084	*lenp = `0`;
7085
7086	/ map satype to proto /
7087	if ((proto = key_satype2proto(req_satype)) == `0`) {
7088	*errorp = EINVAL;
7089	return (NULL);
7090	}
7091
7092	/ count sav entries to be sent to userland. /
7093	cnt = `0`;
7094	LIST_FOREACH(sah, &sahtree, chain) {
7095	if (req_satype != SADB_SATYPE_UNSPEC &&
7096	proto != sah->saidx.proto)
7097	continue;
7098
7099	for (stateidx = `0`;
7100	stateidx < _ARRAYLEN(saorder_state_any);
7101	stateidx++) {
7102	state = saorder_state_any[stateidx];
7103	LIST_FOREACH(sav, &sah->savtree[state], chain) {
7104	cnt++;
7105	}
7106	}
7107	}
7108
7109	if (cnt == `0`) {
7110	*errorp = ENOENT;
7111	return (NULL);
7112	}
7113
7114	/ send this to the userland, one at a time. /
7115	m = NULL;
7116	prev = m;
7117	LIST_FOREACH(sah, &sahtree, chain) {
7118	if (req_satype != SADB_SATYPE_UNSPEC &&
7119	proto != sah->saidx.proto)
7120	continue;
7121
7122	/ map proto to satype /
7123	if ((satype = key_proto2satype(sah->saidx.proto)) == `0`) {
7124	m_freem(m);
7125	*errorp = EINVAL;
7126	return (NULL);
7127	}
7128
7129	for (stateidx = `0`;
7130	stateidx < _ARRAYLEN(saorder_state_any);
7131	stateidx++) {
7132	state = saorder_state_any[stateidx];
7133	LIST_FOREACH(sav, &sah->savtree[state], chain) {
7134	n = key_setdumpsa(sav, SADB_DUMP, satype,
7135	--cnt, pid);
7136	if (!n) {
7137	m_freem(m);
7138	*errorp = ENOBUFS;
7139	return (NULL);
7140	}
7141
7142	if (!m)
7143	m = n;
7144	else
7145	prev->m_nextpkt = n;
7146	prev = n;
7147	}
7148	}
7149	}
7150
7151	if (!m) {
7152	*errorp = EINVAL;
7153	return (NULL);
7154	}
7155
7156	if ((m->m_flags & M_PKTHDR) != `0`) {
7157	m->m_pkthdr.len = `0`;
7158	for (n = m; n; n = n->m_next)
7159	m->m_pkthdr.len += n->m_len;
7160	}
7161
7162	*errorp = `0`;
7163	return (m);
7164	}
7165
7166	/*
7167	* SADB_DUMP processing
7168	* dump all entries including status of DEAD in SAD.
7169	* receive
7170	* <base>
7171	* from the ikmpd, and dump all secasvar leaves
7172	* and send,
7173	* <base> .....
7174	* to the ikmpd.
7175	*
7176	* m will always be freed.
7177	*/
7178	static int
7179	key_dump(struct socket so, struct* mbuf *m0,
7180	const struct sadb_msghdr *mhp)
7181	{
7182	u_int16_t proto;
7183	u_int8_t satype;
7184	struct mbuf *n;
7185	int s;
7186	int error, len, ok;
7187
7188	/ sanity check /
7189	if (so == NULL \|\| m0 == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
7190	panic("key_dump: NULL pointer is passed");
7191
7192	/ map satype to proto /
7193	satype = mhp->msg->sadb_msg_satype;
7194	if ((proto = key_satype2proto(satype)) == `0`) {
7195	ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
7196	return key_senderror(so, m0, EINVAL);
7197	}
7198
7199	/*
7200	* If the requestor has insufficient socket-buffer space
7201	* for the entire chain, nobody gets any response to the DUMP.
7202	* XXX For now, only the requestor ever gets anything.
7203	* Moreover, if the requestor has any space at all, they receive
7204	* the entire chain, otherwise the request is refused with ENOBUFS.
7205	*/
7206	if (sbspace(&so->so_rcv) <= `0`) {
7207	return key_senderror(so, m0, ENOBUFS);
7208	}
7209
7210	s = splsoftnet();
7211	n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid);
7212	splx(s);
7213
7214	if (n == NULL) {
7215	return key_senderror(so, m0, ENOENT);
7216	}
7217	{
7218	uint64_t *ps = PFKEY_STAT_GETREF();
7219	ps[PFKEY_STAT_IN_TOTAL]++;
7220	ps[PFKEY_STAT_IN_BYTES] += len;
7221	PFKEY_STAT_PUTREF();
7222	}
7223
7224	/*
7225	* PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
7226	* The requestor receives either the entire chain, or an
7227	* error message with ENOBUFS.
7228	*
7229	* sbappendaddrchain() takes the chain of entries, one
7230	* packet-record per SPD entry, prepends the key_src sockaddr
7231	* to each packet-record, links the sockaddr mbufs into a new
7232	* list of records, then appends the entire resulting
7233	* list to the requesting socket.
7234	*/
7235	ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src,
7236	n, SB_PRIO_ONESHOT_OVERFLOW);
7237
7238	if (!ok) {
7239	PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
7240	m_freem(n);
7241	return key_senderror(so, m0, ENOBUFS);
7242	}
7243
7244	m_freem(m0);
7245	return `0`;
7246	}
7247
7248	/*
7249	* SADB_X_PROMISC processing
7250	*
7251	* m will always be freed.
7252	*/
7253	static int
7254	key_promisc(struct socket so, struct* mbuf *m,
7255	const struct sadb_msghdr *mhp)
7256	{
7257	int olen;
7258
7259	/ sanity check /
7260	if (so == NULL \|\| m == NULL \|\| mhp == NULL \|\| mhp->msg == NULL)
7261	panic("key_promisc: NULL pointer is passed");
7262
7263	olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7264
7265	if (olen < sizeof(struct sadb_msg)) {
7266	#if 1
7267	return key_senderror(so, m, EINVAL);
7268	#else
7269	m_freem(m);
7270	return `0`;
7271	#endif
7272	} else if (olen == sizeof(struct sadb_msg)) {
7273	/ enable/disable promisc mode /
7274	struct keycb *kp;
7275
7276	if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
7277	return key_senderror(so, m, EINVAL);
7278	mhp->msg->sadb_msg_errno = `0`;
7279	switch (mhp->msg->sadb_msg_satype) {
7280	case `0`:
7281	case `1`:
7282	kp->kp_promisc = mhp->msg->sadb_msg_satype;
7283	break;
7284	default:
7285	return key_senderror(so, m, EINVAL);
7286	}
7287
7288	/ send the original message back to everyone /
7289	mhp->msg->sadb_msg_errno = `0`;
7290	return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7291	} else {
7292	/ send packet as is /
7293
7294	m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7295
7296	/ TODO: if sadb_msg_seq is specified, send to specific pid /
7297	return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7298	}
7299	}
7300
7301	static int (key_typesw[]) (struct* socket , struct* mbuf *,
7302	const struct sadb_msghdr *) = {
7303	NULL, / SADB_RESERVED /
7304	key_getspi, / SADB_GETSPI /
7305	key_update, / SADB_UPDATE /
7306	key_add, / SADB_ADD /
7307	key_delete, / SADB_DELETE /
7308	key_get, / SADB_GET /
7309	key_acquire2, / SADB_ACQUIRE /
7310	key_register, / SADB_REGISTER /
7311	NULL, / SADB_EXPIRE /
7312	key_flush, / SADB_FLUSH /
7313	key_dump, / SADB_DUMP /
7314	key_promisc, / SADB_X_PROMISC /
7315	NULL, / SADB_X_PCHANGE /
7316	key_spdadd, / SADB_X_SPDUPDATE /
7317	key_spdadd, / SADB_X_SPDADD /
7318	key_spddelete, / SADB_X_SPDDELETE /
7319	key_spdget, / SADB_X_SPDGET /
7320	NULL, / SADB_X_SPDACQUIRE /
7321	key_spddump, / SADB_X_SPDDUMP /
7322	key_spdflush, / SADB_X_SPDFLUSH /
7323	key_spdadd, / SADB_X_SPDSETIDX /
7324	NULL, / SADB_X_SPDEXPIRE /
7325	key_spddelete2, / SADB_X_SPDDELETE2 /
7326	key_nat_map, / SADB_X_NAT_T_NEW_MAPPING /
7327	};
7328
7329	/*
7330	* parse sadb_msg buffer to process PFKEYv2,
7331	* and create a data to response if needed.
7332	* I think to be dealed with mbuf directly.
7333	* IN:
7334	* msgp : pointer to pointer to a received buffer pulluped.
7335	* This is rewrited to response.
7336	* so : pointer to socket.
7337	* OUT:
7338	* length for buffer to send to user process.
7339	*/
7340	int
7341	key_parse(struct mbuf m, struct* socket *so)
7342	{
7343	struct sadb_msg *msg;
7344	struct sadb_msghdr mh;
7345	u_int orglen;
7346	int error;
7347	int target;
7348
7349	/ sanity check /
7350	if (m == NULL \|\| so == NULL)
7351	panic("key_parse: NULL pointer is passed");
7352
7353	#if 0 /kdebug_sadb assumes msg in linear buffer/
7354	KEYDEBUG(KEYDEBUG_KEY_DUMP,
7355	ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
7356	kdebug_sadb(msg));
7357	#endif
7358
7359	if (m->m_len < sizeof(struct sadb_msg)) {
7360	m = m_pullup(m, sizeof(struct sadb_msg));
7361	if (!m)
7362	return ENOBUFS;
7363	}
7364	msg = mtod(m, struct sadb_msg *);
7365	orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7366	target = KEY_SENDUP_ONE;
7367
7368	if ((m->m_flags & M_PKTHDR) == `0` \|\|
7369	m->m_pkthdr.len != orglen) {
7370	ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
7371	PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7372	error = EINVAL;
7373	goto senderror;
7374	}
7375
7376	if (msg->sadb_msg_version != PF_KEY_V2) {
7377	ipseclog((LOG_DEBUG,
7378	"key_parse: PF_KEY version %u is mismatched.\n",
7379	msg->sadb_msg_version));
7380	PFKEY_STATINC(PFKEY_STAT_OUT_INVVER);
7381	error = EINVAL;
7382	goto senderror;
7383	}
7384
7385	if (msg->sadb_msg_type > SADB_MAX) {
7386	ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7387	msg->sadb_msg_type));
7388	PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7389	error = EINVAL;
7390	goto senderror;
7391	}
7392
7393	/ for old-fashioned code - should be nuked /
7394	if (m->m_pkthdr.len > MCLBYTES) {
7395	m_freem(m);
7396	return ENOBUFS;
7397	}
7398	if (m->m_next) {
7399	struct mbuf *n;
7400
7401	MGETHDR(n, M_DONTWAIT, MT_DATA);
7402	if (n && m->m_pkthdr.len > MHLEN) {
7403	MCLGET(n, M_DONTWAIT);
7404	if ((n->m_flags & M_EXT) == `0`) {
7405	m_free(n);
7406	n = NULL;
7407	}
7408	}
7409	if (!n) {
7410	m_freem(m);
7411	return ENOBUFS;
7412	}
7413	m_copydata(m, `0`, m->m_pkthdr.len, mtod(n, void *));
7414	n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7415	n->m_next = NULL;
7416	m_freem(m);
7417	m = n;
7418	}
7419
7420	/ align the mbuf chain so that extensions are in contiguous region. /
7421	error = key_align(m, &mh);
7422	if (error)
7423	return error;
7424
7425	if (m->m_next) { /XXX/
7426	m_freem(m);
7427	return ENOBUFS;
7428	}
7429
7430	msg = mh.msg;
7431
7432	/ check SA type /
7433	switch (msg->sadb_msg_satype) {
7434	case SADB_SATYPE_UNSPEC:
7435	switch (msg->sadb_msg_type) {
7436	case SADB_GETSPI:
7437	case SADB_UPDATE:
7438	case SADB_ADD:
7439	case SADB_DELETE:
7440	case SADB_GET:
7441	case SADB_ACQUIRE:
7442	case SADB_EXPIRE:
7443	ipseclog((LOG_DEBUG, "key_parse: must specify satype "
7444	"when msg type=%u.\n", msg->sadb_msg_type));
7445	PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7446	error = EINVAL;
7447	goto senderror;
7448	}
7449	break;
7450	case SADB_SATYPE_AH:
7451	case SADB_SATYPE_ESP:
7452	case SADB_X_SATYPE_IPCOMP:
7453	case SADB_X_SATYPE_TCPSIGNATURE:
7454	switch (msg->sadb_msg_type) {
7455	case SADB_X_SPDADD:
7456	case SADB_X_SPDDELETE:
7457	case SADB_X_SPDGET:
7458	case SADB_X_SPDDUMP:
7459	case SADB_X_SPDFLUSH:
7460	case SADB_X_SPDSETIDX:
7461	case SADB_X_SPDUPDATE:
7462	case SADB_X_SPDDELETE2:
7463	ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7464	msg->sadb_msg_type));
7465	PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7466	error = EINVAL;
7467	goto senderror;
7468	}
7469	break;
7470	case SADB_SATYPE_RSVP:
7471	case SADB_SATYPE_OSPFV2:
7472	case SADB_SATYPE_RIPV2:
7473	case SADB_SATYPE_MIP:
7474	ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7475	msg->sadb_msg_satype));
7476	PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7477	error = EOPNOTSUPP;
7478	goto senderror;
7479	case `1`: / XXX: What does it do? /
7480	if (msg->sadb_msg_type == SADB_X_PROMISC)
7481	break;
7482	/FALLTHROUGH/
7483	default:
7484	ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7485	msg->sadb_msg_satype));
7486	PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7487	error = EINVAL;
7488	goto senderror;
7489	}
7490
7491	/ check field of upper layer protocol and address family /
7492	if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
7493	&& mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7494	struct sadb_address src0, dst0;
7495	u_int plen;
7496
7497	src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7498	dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7499
7500	/ check upper layer protocol /
7501	if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7502	ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7503	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7504	error = EINVAL;
7505	goto senderror;
7506	}
7507
7508	/ check family /
7509	if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7510	PFKEY_ADDR_SADDR(dst0)->sa_family) {
7511	ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7512	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7513	error = EINVAL;
7514	goto senderror;
7515	}
7516	if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7517	PFKEY_ADDR_SADDR(dst0)->sa_len) {
7518	ipseclog((LOG_DEBUG,
7519	"key_parse: address struct size mismatched.\n"));
7520	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7521	error = EINVAL;
7522	goto senderror;
7523	}
7524
7525	switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7526	case AF_INET:
7527	if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7528	sizeof(struct sockaddr_in)) {
7529	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7530	error = EINVAL;
7531	goto senderror;
7532	}
7533	break;
7534	case AF_INET6:
7535	if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7536	sizeof(struct sockaddr_in6)) {
7537	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7538	error = EINVAL;
7539	goto senderror;
7540	}
7541	break;
7542	default:
7543	ipseclog((LOG_DEBUG,
7544	"key_parse: unsupported address family.\n"));
7545	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7546	error = EAFNOSUPPORT;
7547	goto senderror;
7548	}
7549
7550	switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7551	case AF_INET:
7552	plen = sizeof(struct in_addr) << `3`;
7553	break;
7554	case AF_INET6:
7555	plen = sizeof(struct in6_addr) << `3`;
7556	break;
7557	default:
7558	plen = `0`; /fool gcc/
7559	break;
7560	}
7561
7562	/ check max prefix length /
7563	if (src0->sadb_address_prefixlen > plen \|\|
7564	dst0->sadb_address_prefixlen > plen) {
7565	ipseclog((LOG_DEBUG,
7566	"key_parse: illegal prefixlen.\n"));
7567	PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7568	error = EINVAL;
7569	goto senderror;
7570	}
7571
7572	/*
7573	* prefixlen == 0 is valid because there can be a case when
7574	* all addresses are matched.
7575	*/
7576	}
7577
7578	if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[`0`]) \|\|
7579	key_typesw[msg->sadb_msg_type] == NULL) {
7580	PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7581	error = EINVAL;
7582	goto senderror;
7583	}
7584
7585	return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7586
7587	senderror:
7588	msg->sadb_msg_errno = error;
7589	return key_sendup_mbuf(so, m, target);
7590	}
7591
7592	static int
7593	key_senderror(struct socket so, struct* mbuf m, int* code)
7594	{
7595	struct sadb_msg *msg;
7596
7597	if (m->m_len < sizeof(struct sadb_msg))
7598	panic("invalid mbuf passed to key_senderror");
7599
7600	msg = mtod(m, struct sadb_msg *);
7601	msg->sadb_msg_errno = code;
7602	return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7603	}
7604
7605	/*
7606	* set the pointer to each header into message buffer.
7607	* m will be freed on error.
7608	* XXX larger-than-MCLBYTES extension?
7609	*/
7610	static int
7611	key_align(struct mbuf m, struct* sadb_msghdr *mhp)
7612	{
7613	struct mbuf *n;
7614	struct sadb_ext *ext;
7615	size_t off, end;
7616	int extlen;
7617	int toff;
7618
7619	/ sanity check /
7620	if (m == NULL \|\| mhp == NULL)
7621	panic("key_align: NULL pointer is passed");
7622	if (m->m_len < sizeof(struct sadb_msg))
7623	panic("invalid mbuf passed to key_align");
7624
7625	/ initialize /
7626	memset(mhp, `0`, sizeof(*mhp));
7627
7628	mhp->msg = mtod(m, struct sadb_msg *);
7629	mhp->ext[`0`] = (struct sadb_ext )mhp->msg; /XXX backward compat /*
7630
7631	end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7632	extlen = end; /just in case extlen is not updated/
7633	for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7634	n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7635	if (!n) {
7636	/ m is already freed /
7637	return ENOBUFS;
7638	}
7639	ext = (struct sadb_ext )(mtod(n, char* *) + toff);
7640
7641	/ set pointer /
7642	switch (ext->sadb_ext_type) {
7643	case SADB_EXT_SA:
7644	case SADB_EXT_ADDRESS_SRC:
7645	case SADB_EXT_ADDRESS_DST:
7646	case SADB_EXT_ADDRESS_PROXY:
7647	case SADB_EXT_LIFETIME_CURRENT:
7648	case SADB_EXT_LIFETIME_HARD:
7649	case SADB_EXT_LIFETIME_SOFT:
7650	case SADB_EXT_KEY_AUTH:
7651	case SADB_EXT_KEY_ENCRYPT:
7652	case SADB_EXT_IDENTITY_SRC:
7653	case SADB_EXT_IDENTITY_DST:
7654	case SADB_EXT_SENSITIVITY:
7655	case SADB_EXT_PROPOSAL:
7656	case SADB_EXT_SUPPORTED_AUTH:
7657	case SADB_EXT_SUPPORTED_ENCRYPT:
7658	case SADB_EXT_SPIRANGE:
7659	case SADB_X_EXT_POLICY:
7660	case SADB_X_EXT_SA2:
7661	case SADB_X_EXT_NAT_T_TYPE:
7662	case SADB_X_EXT_NAT_T_SPORT:
7663	case SADB_X_EXT_NAT_T_DPORT:
7664	case SADB_X_EXT_NAT_T_OAI:
7665	case SADB_X_EXT_NAT_T_OAR:
7666	case SADB_X_EXT_NAT_T_FRAG:
7667	/ duplicate check /
7668	/*
7669	* XXX Are there duplication payloads of either
7670	* KEY_AUTH or KEY_ENCRYPT ?
7671	*/
7672	if (mhp->ext[ext->sadb_ext_type] != NULL) {
7673	ipseclog((LOG_DEBUG,
7674	"key_align: duplicate ext_type %u "
7675	"is passed.\n", ext->sadb_ext_type));
7676	m_freem(m);
7677	PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT);
7678	return EINVAL;
7679	}
7680	break;
7681	default:
7682	ipseclog((LOG_DEBUG,
7683	"key_align: invalid ext_type %u is passed.\n",
7684	ext->sadb_ext_type));
7685	m_freem(m);
7686	PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE);
7687	return EINVAL;
7688	}
7689
7690	extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7691
7692	if (key_validate_ext(ext, extlen)) {
7693	m_freem(m);
7694	PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7695	return EINVAL;
7696	}
7697
7698	n = m_pulldown(m, off, extlen, &toff);
7699	if (!n) {
7700	/ m is already freed /
7701	return ENOBUFS;
7702	}
7703	ext = (struct sadb_ext )(mtod(n, char* *) + toff);
7704
7705	mhp->ext[ext->sadb_ext_type] = ext;
7706	mhp->extoff[ext->sadb_ext_type] = off;
7707	mhp->extlen[ext->sadb_ext_type] = extlen;
7708	}
7709
7710	if (off != end) {
7711	m_freem(m);
7712	PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7713	return EINVAL;
7714	}
7715
7716	return `0`;
7717	}
7718
7719	static int
7720	key_validate_ext(const struct sadb_ext ext, int* len)
7721	{
7722	const struct sockaddr *sa;
7723	enum { NONE, ADDR } checktype = NONE;
7724	int baselen = `0`;
7725	const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7726
7727	if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7728	return EINVAL;
7729
7730	/ if it does not match minimum/maximum length, bail /
7731	if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[`0`]) \|\|
7732	ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[`0`]))
7733	return EINVAL;
7734	if (!minsize[ext->sadb_ext_type] \|\| len < minsize[ext->sadb_ext_type])
7735	return EINVAL;
7736	if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7737	return EINVAL;
7738
7739	/ more checks based on sadb_ext_type XXX need more /
7740	switch (ext->sadb_ext_type) {
7741	case SADB_EXT_ADDRESS_SRC:
7742	case SADB_EXT_ADDRESS_DST:
7743	case SADB_EXT_ADDRESS_PROXY:
7744	baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7745	checktype = ADDR;
7746	break;
7747	case SADB_EXT_IDENTITY_SRC:
7748	case SADB_EXT_IDENTITY_DST:
7749	if (((const struct sadb_ident *)ext)->sadb_ident_type ==
7750	SADB_X_IDENTTYPE_ADDR) {
7751	baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7752	checktype = ADDR;
7753	} else
7754	checktype = NONE;
7755	break;
7756	default:
7757	checktype = NONE;
7758	break;
7759	}
7760
7761	switch (checktype) {
7762	case NONE:
7763	break;
7764	case ADDR:
7765	sa = (const struct sockaddr )(((const* u_int8_t*)ext)+baselen);
7766	if (len < baselen + sal)
7767	return EINVAL;
7768	if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7769	return EINVAL;
7770	break;
7771	}
7772
7773	return `0`;
7774	}
7775
7776	static int
7777	key_do_init(void)
7778	{
7779	int i;
7780
7781	pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
7782
7783	callout_init(&key_timehandler_ch, `0`);
7784
7785	for (i = `0`; i < IPSEC_DIR_MAX; i++) {
7786	LIST_INIT(&sptree[i]);
7787	}
7788
7789	LIST_INIT(&sahtree);
7790
7791	for (i = `0`; i <= SADB_SATYPE_MAX; i++) {
7792	LIST_INIT(&regtree[i]);
7793	}
7794
7795	#ifndef IPSEC_NONBLOCK_ACQUIRE
7796	LIST_INIT(&acqtree);
7797	#endif
7798	LIST_INIT(&spacqtree);
7799
7800	/ system default /
7801	ip4_def_policy.policy = IPSEC_POLICY_NONE;
7802	ip4_def_policy.refcnt++; /never reclaim this/
7803
7804	#ifdef INET6
7805	ip6_def_policy.policy = IPSEC_POLICY_NONE;
7806	ip6_def_policy.refcnt++; /never reclaim this/
7807	#endif
7808
7809
7810	#ifndef IPSEC_DEBUG2
7811	callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
7812	#endif /IPSEC_DEBUG2/
7813
7814	/ initialize key statistics /
7815	keystat.getspi_count = `1`;
7816
7817	aprint_verbose("IPsec: Initialized Security Association Processing.\n");
7818
7819	return (`0`);
7820	}
7821
7822	void
7823	key_init(void)
7824	{
7825	static ONCE_DECL(key_init_once);
7826
7827	RUN_ONCE(&key_init_once, key_do_init);
7828	}
7829
7830	/*
7831	* XXX: maybe This function is called after INBOUND IPsec processing.
7832	*
7833	* Special check for tunnel-mode packets.
7834	* We must make some checks for consistency between inner and outer IP header.
7835	*
7836	* xxx more checks to be provided
7837	*/
7838	int
7839	key_checktunnelsanity(
7840	struct secasvar *sav,
7841	u_int family,
7842	void *src,
7843	void *dst
7844	)
7845	{
7846	/ sanity check /
7847	if (sav->sah == NULL)
7848	panic("sav->sah == NULL at key_checktunnelsanity");
7849
7850	/ XXX: check inner IP header /
7851
7852	return `1`;
7853	}
7854
7855	#if 0
7856	#define hostnamelen strlen(hostname)
7857
7858	/*
7859	* Get FQDN for the host.
7860	* If the administrator configured hostname (by hostname(1)) without
7861	* domain name, returns nothing.
7862	*/
7863	static const char *
7864	key_getfqdn(void)
7865	{
7866	int i;
7867	int hasdot;
7868	static char fqdn[MAXHOSTNAMELEN + `1`];
7869
7870	if (!hostnamelen)
7871	return NULL;
7872
7873	/ check if it comes with domain name. /
7874	hasdot = `0`;
7875	for (i = `0`; i < hostnamelen; i++) {
7876	if (hostname[i] == `'.'`)
7877	hasdot++;
7878	}
7879	if (!hasdot)
7880	return NULL;
7881
7882	/ NOTE: hostname may not be NUL-terminated. /
7883	memset(fqdn, `0`, sizeof(fqdn));
7884	memcpy(fqdn, hostname, hostnamelen);
7885	fqdn[hostnamelen] = `'\0'`;
7886	return fqdn;
7887	}
7888
7889	/*
7890	* get username@FQDN for the host/user.
7891	*/
7892	static const char *
7893	key_getuserfqdn(void)
7894	{
7895	const char *host;
7896	static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + `2`];
7897	struct proc *p = curproc;
7898	char *q;
7899
7900	if (!p \|\| !p->p_pgrp \|\| !p->p_pgrp->pg_session)
7901	return NULL;
7902	if (!(host = key_getfqdn()))
7903	return NULL;
7904
7905	/ NOTE: s_login may not be-NUL terminated. /
7906	memset(userfqdn, `0`, sizeof(userfqdn));
7907	memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME);
7908	userfqdn[MAXLOGNAME] = `'\0'`; / safeguard /
7909	q = userfqdn + strlen(userfqdn);
7910	*q++ = `'@'`;
7911	memcpy(q, host, strlen(host));
7912	q += strlen(host);
7913	*q++ = `'\0'`;
7914
7915	return userfqdn;
7916	}
7917	#endif
7918
7919	/ record data transfer on SA, and update timestamps /
7920	void
7921	key_sa_recordxfer(struct secasvar sav, struct* mbuf *m)
7922	{
7923	IPSEC_ASSERT(sav != NULL, ("key_sa_recordxfer: Null secasvar"));
7924	IPSEC_ASSERT(m != NULL, ("key_sa_recordxfer: Null mbuf"));
7925	if (!sav->lft_c)
7926	return;
7927
7928	/*
7929	* XXX Currently, there is a difference of bytes size
7930	* between inbound and outbound processing.
7931	*/
7932	sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7933	/ to check bytes lifetime is done in key_timehandler(). /
7934
7935	/*
7936	* We use the number of packets as the unit of
7937	* sadb_lifetime_allocations. We increment the variable
7938	* whenever {esp,ah}_{in,out}put is called.
7939	*/
7940	sav->lft_c->sadb_lifetime_allocations++;
7941	/ XXX check for expires? /
7942
7943	/*
7944	* NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7945	* in seconds. HARD and SOFT lifetime are measured by the time
7946	* difference (again in seconds) from sadb_lifetime_usetime.
7947	*
7948	* usetime
7949	* v expire expire
7950	* -----+-----+--------+---> t
7951	* <--------------> HARD
7952	* <-----> SOFT
7953	*/
7954	sav->lft_c->sadb_lifetime_usetime = time_uptime;
7955	/ XXX check for expires? /
7956
7957	return;
7958	}
7959
7960	/ dumb version /
7961	void
7962	key_sa_routechange(struct sockaddr *dst)
7963	{
7964	struct secashead *sah;
7965	struct route *ro;
7966	const struct sockaddr *sa;
7967
7968	LIST_FOREACH(sah, &sahtree, chain) {
7969	ro = &sah->sa_route;
7970	sa = rtcache_getdst(ro);
7971	if (sa != NULL && dst->sa_len == sa->sa_len &&
7972	memcmp(dst, sa, dst->sa_len) == `0`)
7973	rtcache_free(ro);
7974	}
7975
7976	return;
7977	}
7978
7979	static void
7980	key_sa_chgstate(struct secasvar *sav, u_int8_t state)
7981	{
7982	if (sav == NULL)
7983	panic("key_sa_chgstate called with sav == NULL");
7984
7985	if (sav->state == state)
7986	return;
7987
7988	if (__LIST_CHAINED(sav))
7989	LIST_REMOVE(sav, chain);
7990
7991	sav->state = state;
7992	LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7993	}
7994
7995	/ XXX too much? /
7996	static struct mbuf *
7997	key_alloc_mbuf(int l)
7998	{
7999	struct mbuf m = NULL, n;
8000	int len, t;
8001
8002	len = l;
8003	while (len > `0`) {
8004	MGET(n, M_DONTWAIT, MT_DATA);
8005	if (n && len > MLEN)
8006	MCLGET(n, M_DONTWAIT);
8007	if (!n) {
8008	m_freem(m);
8009	return NULL;
8010	}
8011
8012	n->m_next = NULL;
8013	n->m_len = `0`;
8014	n->m_len = M_TRAILINGSPACE(n);
8015	/ use the bottom of mbuf, hoping we can prepend afterwards /
8016	if (n->m_len > len) {
8017	t = (n->m_len - len) & ~(sizeof(long) - `1`);
8018	n->m_data += t;
8019	n->m_len = len;
8020	}
8021
8022	len -= n->m_len;
8023
8024	if (m)
8025	m_cat(m, n);
8026	else
8027	m = n;
8028	}
8029
8030	return m;
8031	}
8032
8033	static struct mbuf *
8034	key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid)
8035	{
8036	struct secashead *sah;
8037	struct secasvar *sav;
8038	u_int16_t proto;
8039	u_int stateidx;
8040	u_int8_t satype;
8041	u_int8_t state;
8042	int cnt;
8043	struct mbuf m, n;
8044
8045	/ map satype to proto /
8046	if ((proto = key_satype2proto(req_satype)) == `0`) {
8047	*errorp = EINVAL;
8048	return (NULL);
8049	}
8050
8051	/ count sav entries to be sent to the userland. /
8052	cnt = `0`;
8053	LIST_FOREACH(sah, &sahtree, chain) {
8054	if (req_satype != SADB_SATYPE_UNSPEC &&
8055	proto != sah->saidx.proto)
8056	continue;
8057
8058	for (stateidx = `0`;
8059	stateidx < _ARRAYLEN(saorder_state_any);
8060	stateidx++) {
8061	state = saorder_state_any[stateidx];
8062	LIST_FOREACH(sav, &sah->savtree[state], chain) {
8063	cnt++;
8064	}
8065	}
8066	}
8067
8068	if (cnt == `0`) {
8069	*errorp = ENOENT;
8070	return (NULL);
8071	}
8072
8073	/ send this to the userland, one at a time. /
8074	m = NULL;
8075	LIST_FOREACH(sah, &sahtree, chain) {
8076	if (req_satype != SADB_SATYPE_UNSPEC &&
8077	proto != sah->saidx.proto)
8078	continue;
8079
8080	/ map proto to satype /
8081	if ((satype = key_proto2satype(sah->saidx.proto)) == `0`) {
8082	m_freem(m);
8083	*errorp = EINVAL;
8084	return (NULL);
8085	}
8086
8087	for (stateidx = `0`;
8088	stateidx < _ARRAYLEN(saorder_state_any);
8089	stateidx++) {
8090	state = saorder_state_any[stateidx];
8091	LIST_FOREACH(sav, &sah->savtree[state], chain) {
8092	n = key_setdumpsa(sav, SADB_DUMP, satype,
8093	--cnt, pid);
8094	if (!n) {
8095	m_freem(m);
8096	*errorp = ENOBUFS;
8097	return (NULL);
8098	}
8099
8100	if (!m)
8101	m = n;
8102	else
8103	m_cat(m, n);
8104	}
8105	}
8106	}
8107
8108	if (!m) {
8109	*errorp = EINVAL;
8110	return (NULL);
8111	}
8112
8113	if ((m->m_flags & M_PKTHDR) != `0`) {
8114	m->m_pkthdr.len = `0`;
8115	for (n = m; n; n = n->m_next)
8116	m->m_pkthdr.len += n->m_len;
8117	}
8118
8119	*errorp = `0`;
8120	return (m);
8121	}
8122
8123	static struct mbuf *
8124	key_setspddump(int *errorp, pid_t pid)
8125	{
8126	struct secpolicy *sp;
8127	int cnt;
8128	u_int dir;
8129	struct mbuf m, n;
8130
8131	/ search SPD entry and get buffer size. /
8132	cnt = `0`;
8133	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
8134	LIST_FOREACH(sp, &sptree[dir], chain) {
8135	cnt++;
8136	}
8137	}
8138
8139	if (cnt == `0`) {
8140	*errorp = ENOENT;
8141	return (NULL);
8142	}
8143
8144	m = NULL;
8145	for (dir = `0`; dir < IPSEC_DIR_MAX; dir++) {
8146	LIST_FOREACH(sp, &sptree[dir], chain) {
8147	--cnt;
8148	n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
8149
8150	if (!n) {
8151	*errorp = ENOBUFS;
8152	m_freem(m);
8153	return (NULL);
8154	}
8155	if (!m)
8156	m = n;
8157	else {
8158	m->m_pkthdr.len += n->m_pkthdr.len;
8159	m_cat(m, n);
8160	}
8161	}
8162	}
8163
8164	*errorp = `0`;
8165	return (m);
8166	}
8167
8168	int
8169	key_get_used(void) {
8170	return !LIST_EMPTY(&sptree[IPSEC_DIR_INBOUND]) \|\|
8171	!LIST_EMPTY(&sptree[IPSEC_DIR_OUTBOUND]);
8172	}
8173
8174	void
8175	key_update_used(void)
8176	{
8177	switch (ipsec_enabled) {
8178	default:
8179	case `0`:
8180	#ifdef notyet
8181	/ XXX: racy /
8182	ipsec_used = `0`;
8183	#endif
8184	break;
8185	case `1`:
8186	#ifndef notyet
8187	/ XXX: racy /
8188	if (!ipsec_used)
8189	#endif
8190	ipsec_used = key_get_used();
8191	break;
8192	case `2`:
8193	ipsec_used = `1`;
8194	break;
8195	}
8196	}
8197
8198	static int
8199	sysctl_net_key_dumpsa(SYSCTLFN_ARGS)
8200	{
8201	struct mbuf m, n;
8202	int err2 = `0`;
8203	char p, ep;
8204	size_t len;
8205	int s, error;
8206
8207	if (newp)
8208	return (EPERM);
8209	if (namelen != `1`)
8210	return (EINVAL);
8211
8212	s = splsoftnet();
8213	m = key_setdump(name[`0`], &error, l->l_proc->p_pid);
8214	splx(s);
8215	if (!m)
8216	return (error);
8217	if (!oldp)
8218	*oldlenp = m->m_pkthdr.len;
8219	else {
8220	p = oldp;
8221	if (*oldlenp < m->m_pkthdr.len) {
8222	err2 = ENOMEM;
8223	ep = p + *oldlenp;
8224	} else {
8225	*oldlenp = m->m_pkthdr.len;
8226	ep = p + m->m_pkthdr.len;
8227	}
8228	for (n = m; n; n = n->m_next) {
8229	len = (ep - p < n->m_len) ?
8230	ep - p : n->m_len;
8231	error = copyout(mtod(n, const void *), p, len);
8232	p += len;
8233	if (error)
8234	break;
8235	}
8236	if (error == `0`)
8237	error = err2;
8238	}
8239	m_freem(m);
8240
8241	return (error);
8242	}
8243
8244	static int
8245	sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
8246	{
8247	struct mbuf m, n;
8248	int err2 = `0`;
8249	char p, ep;
8250	size_t len;
8251	int s, error;
8252
8253	if (newp)
8254	return (EPERM);
8255	if (namelen != `0`)
8256	return (EINVAL);
8257
8258	s = splsoftnet();
8259	m = key_setspddump(&error, l->l_proc->p_pid);
8260	splx(s);
8261	if (!m)
8262	return (error);
8263	if (!oldp)
8264	*oldlenp = m->m_pkthdr.len;
8265	else {
8266	p = oldp;
8267	if (*oldlenp < m->m_pkthdr.len) {
8268	err2 = ENOMEM;
8269	ep = p + *oldlenp;
8270	} else {
8271	*oldlenp = m->m_pkthdr.len;
8272	ep = p + m->m_pkthdr.len;
8273	}
8274	for (n = m; n; n = n->m_next) {
8275	len = (ep - p < n->m_len) ?
8276	ep - p : n->m_len;
8277	error = copyout(mtod(n, const void *), p, len);
8278	p += len;
8279	if (error)
8280	break;
8281	}
8282	if (error == `0`)
8283	error = err2;
8284	}
8285	m_freem(m);
8286
8287	return (error);
8288	}
8289
8290	/*
8291	* Create sysctl tree for native IPSEC key knobs, originally
8292	* under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }.
8293	* However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 };
8294	* and in any case the part of our sysctl namespace used for dumping the
8295	* SPD and SA database HAS to be compatible with the KAME sysctl
8296	* namespace, for API reasons.
8297	*
8298	* Pending a consensus on the right way to fix this, add a level of
8299	* indirection in how we number the `native' IPSEC key nodes;
8300	* and (as requested by Andrew Brown) move registration of the
8301	* KAME-compatible names to a separate function.
8302	*/
8303	#if 0
8304	# define IPSEC_PFKEY PF_KEY_V2
8305	# define IPSEC_PFKEY_NAME "keyv2"
8306	#else
8307	# define IPSEC_PFKEY PF_KEY
8308	# define IPSEC_PFKEY_NAME "key"
8309	#endif
8310
8311	static int
8312	sysctl_net_key_stats(SYSCTLFN_ARGS)
8313	{
8314
8315	return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
8316	}
8317
8318	SYSCTL_SETUP(sysctl_net_keyv2_setup, "sysctl net.keyv2 subtree setup")
8319	{
8320
8321	sysctl_createv(clog, `0`, NULL, NULL,
8322	CTLFLAG_PERMANENT,
8323	CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL,
8324	NULL, `0`, NULL, `0`,
8325	CTL_NET, IPSEC_PFKEY, CTL_EOL);
8326
8327	sysctl_createv(clog, `0`, NULL, NULL,
8328	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8329	CTLTYPE_INT, "debug", NULL,
8330	NULL, `0`, &key_debug_level, `0`,
8331	CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
8332	sysctl_createv(clog, `0`, NULL, NULL,
8333	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8334	CTLTYPE_INT, "spi_try", NULL,
8335	NULL, `0`, &key_spi_trycnt, `0`,
8336	CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL);
8337	sysctl_createv(clog, `0`, NULL, NULL,
8338	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8339	CTLTYPE_INT, "spi_min_value", NULL,
8340	NULL, `0`, &key_spi_minval, `0`,
8341	CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
8342	sysctl_createv(clog, `0`, NULL, NULL,
8343	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8344	CTLTYPE_INT, "spi_max_value", NULL,
8345	NULL, `0`, &key_spi_maxval, `0`,
8346	CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
8347	sysctl_createv(clog, `0`, NULL, NULL,
8348	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8349	CTLTYPE_INT, "random_int", NULL,
8350	NULL, `0`, &key_int_random, `0`,
8351	CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL);
8352	sysctl_createv(clog, `0`, NULL, NULL,
8353	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8354	CTLTYPE_INT, "larval_lifetime", NULL,
8355	NULL, `0`, &key_larval_lifetime, `0`,
8356	CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
8357	sysctl_createv(clog, `0`, NULL, NULL,
8358	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8359	CTLTYPE_INT, "blockacq_count", NULL,
8360	NULL, `0`, &key_blockacq_count, `0`,
8361	CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
8362	sysctl_createv(clog, `0`, NULL, NULL,
8363	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8364	CTLTYPE_INT, "blockacq_lifetime", NULL,
8365	NULL, `0`, &key_blockacq_lifetime, `0`,
8366	CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
8367	sysctl_createv(clog, `0`, NULL, NULL,
8368	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8369	CTLTYPE_INT, "esp_keymin", NULL,
8370	NULL, `0`, &ipsec_esp_keymin, `0`,
8371	CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
8372	sysctl_createv(clog, `0`, NULL, NULL,
8373	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8374	CTLTYPE_INT, "prefered_oldsa", NULL,
8375	NULL, `0`, &key_prefered_oldsa, `0`,
8376	CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL);
8377	sysctl_createv(clog, `0`, NULL, NULL,
8378	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8379	CTLTYPE_INT, "esp_auth", NULL,
8380	NULL, `0`, &ipsec_esp_auth, `0`,
8381	CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL);
8382	sysctl_createv(clog, `0`, NULL, NULL,
8383	CTLFLAG_PERMANENT\|CTLFLAG_READWRITE,
8384	CTLTYPE_INT, "ah_keymin", NULL,
8385	NULL, `0`, &ipsec_ah_keymin, `0`,
8386	CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL);
8387	sysctl_createv(clog, `0`, NULL, NULL,
8388	CTLFLAG_PERMANENT,
8389	CTLTYPE_STRUCT, "stats",
8390	SYSCTL_DESCR("PF_KEY statistics"),
8391	sysctl_net_key_stats, `0`, NULL, `0`,
8392	CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL);
8393	}
8394
8395	/*
8396	* Register sysctl names used by setkey(8). For historical reasons,
8397	* and to share a single API, these names appear under { CTL_NET, PF_KEY }
8398	* for both IPSEC and KAME IPSEC.
8399	*/
8400	SYSCTL_SETUP(sysctl_net_key_compat_setup, "sysctl net.key subtree setup for IPSEC")
8401	{
8402
8403	sysctl_createv(clog, `0`, NULL, NULL,
8404	CTLFLAG_PERMANENT,
8405	CTLTYPE_NODE, "key", NULL,
8406	NULL, `0`, NULL, `0`,
8407	CTL_NET, PF_KEY, CTL_EOL);
8408
8409	/ Register the net.key.dump{sa,sp} nodes used by setkey(8). /
8410	sysctl_createv(clog, `0`, NULL, NULL,
8411	CTLFLAG_PERMANENT,
8412	CTLTYPE_STRUCT, "dumpsa", NULL,
8413	sysctl_net_key_dumpsa, `0`, NULL, `0`,
8414	CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL);
8415	sysctl_createv(clog, `0`, NULL, NULL,
8416	CTLFLAG_PERMANENT,
8417	CTLTYPE_STRUCT, "dumpsp", NULL,
8418	sysctl_net_key_dumpsp, `0`, NULL, `0`,
8419	CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL);
8420	}
8421

Browse the source code of src/src/sys/netipsec/key.c