4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 * Copyright (c) 2017 Joyent, Inc.
28 #include <sys/types.h>
29 #include <sys/stream.h>
30 #include <sys/stropts.h>
31 #include <sys/errno.h>
32 #include <sys/strlog.h>
33 #include <sys/tihdr.h>
34 #include <sys/socket.h>
36 #include <sys/sunddi.h>
39 #include <sys/sysmacros.h>
40 #include <sys/cmn_err.h>
41 #include <sys/vtrace.h>
42 #include <sys/debug.h>
43 #include <sys/atomic.h>
44 #include <sys/strsun.h>
45 #include <sys/random.h>
46 #include <netinet/in.h>
48 #include <netinet/ip6.h>
49 #include <net/pfkeyv2.h>
50 #include <net/pfpolicy.h>
52 #include <inet/common.h>
56 #include <inet/ip_impl.h>
58 #include <inet/ip_if.h>
59 #include <inet/ip_ndp.h>
60 #include <inet/sadb.h>
61 #include <inet/ipsec_info.h>
62 #include <inet/ipsec_impl.h>
63 #include <inet/ipsecesp.h>
64 #include <inet/ipdrop.h>
66 #include <sys/kstat.h>
67 #include <sys/policy.h>
68 #include <sys/strsun.h>
69 #include <sys/strsubr.h>
70 #include <inet/udp_impl.h>
71 #include <sys/taskq.h>
74 #include <sys/tsol/tnet.h>
77 * Table of ND variables supported by ipsecesp. These are loaded into
78 * ipsecesp_g_nd in ipsecesp_init_nd.
79 * All of these are alterable, within the min/max values given, at run time.
81 static ipsecespparam_t lcl_param_arr
[] = {
82 /* min max value name */
83 { 0, 3, 0, "ipsecesp_debug"},
84 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT
, "ipsecesp_age_interval"},
85 { 1, 10, 1, "ipsecesp_reap_delay"},
86 { 1, SADB_MAX_REPLAY
, 64, "ipsecesp_replay_size"},
87 { 1, 300, 15, "ipsecesp_acquire_timeout"},
88 { 1, 1800, 90, "ipsecesp_larval_timeout"},
89 /* Default lifetime values for ACQUIRE messages. */
90 { 0, 0xffffffffU
, 0, "ipsecesp_default_soft_bytes"},
91 { 0, 0xffffffffU
, 0, "ipsecesp_default_hard_bytes"},
92 { 0, 0xffffffffU
, 24000, "ipsecesp_default_soft_addtime"},
93 { 0, 0xffffffffU
, 28800, "ipsecesp_default_hard_addtime"},
94 { 0, 0xffffffffU
, 0, "ipsecesp_default_soft_usetime"},
95 { 0, 0xffffffffU
, 0, "ipsecesp_default_hard_usetime"},
96 { 0, 1, 0, "ipsecesp_log_unknown_spi"},
97 { 0, 2, 1, "ipsecesp_padding_check"},
98 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"},
100 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */
102 #define esp0dbg(a) printf a
103 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
104 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a
105 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a
106 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a
108 static int ipsecesp_open(queue_t
*, dev_t
*, int, int, cred_t
*);
109 static int ipsecesp_close(queue_t
*);
110 static void ipsecesp_wput(queue_t
*, mblk_t
*);
111 static void *ipsecesp_stack_init(netstackid_t stackid
, netstack_t
*ns
);
112 static void ipsecesp_stack_fini(netstackid_t stackid
, void *arg
);
114 static void esp_prepare_udp(netstack_t
*, mblk_t
*, ipha_t
*);
115 static void esp_outbound_finish(mblk_t
*, ip_xmit_attr_t
*);
116 static void esp_inbound_restart(mblk_t
*, ip_recv_attr_t
*);
118 static boolean_t
esp_register_out(uint32_t, uint32_t, uint_t
,
119 ipsecesp_stack_t
*, cred_t
*);
120 static boolean_t
esp_strip_header(mblk_t
*, boolean_t
, uint32_t,
121 kstat_named_t
**, ipsecesp_stack_t
*);
122 static mblk_t
*esp_submit_req_inbound(mblk_t
*, ip_recv_attr_t
*,
124 static mblk_t
*esp_submit_req_outbound(mblk_t
*, ip_xmit_attr_t
*,
125 ipsa_t
*, uchar_t
*, uint_t
);
127 /* Setable in /etc/system */
128 uint32_t esp_hash_size
= IPSEC_DEFAULT_HASH_SIZE
;
130 static struct module_info info
= {
131 5137, "ipsecesp", 0, INFPSZ
, 65536, 1024
134 static struct qinit rinit
= {
135 (pfi_t
)putnext
, NULL
, ipsecesp_open
, ipsecesp_close
, NULL
, &info
,
139 static struct qinit winit
= {
140 (pfi_t
)ipsecesp_wput
, NULL
, ipsecesp_open
, ipsecesp_close
, NULL
, &info
,
144 struct streamtab ipsecespinfo
= {
145 &rinit
, &winit
, NULL
, NULL
148 static taskq_t
*esp_taskq
;
151 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now.
153 * Question: Do I need this, given that all instance's esps->esps_wq point
156 * Answer: Yes, because I need to know which queue is BOUND to
160 static int esp_kstat_update(kstat_t
*, int);
163 esp_kstat_init(ipsecesp_stack_t
*espstack
, netstackid_t stackid
)
165 espstack
->esp_ksp
= kstat_create_netstack("ipsecesp", 0, "esp_stat",
166 "net", KSTAT_TYPE_NAMED
,
167 sizeof (esp_kstats_t
) / sizeof (kstat_named_t
), 0, stackid
);
169 if (espstack
->esp_ksp
== NULL
|| espstack
->esp_ksp
->ks_data
== NULL
)
172 espstack
->esp_kstats
= espstack
->esp_ksp
->ks_data
;
174 espstack
->esp_ksp
->ks_update
= esp_kstat_update
;
175 espstack
->esp_ksp
->ks_private
= (void *)(uintptr_t)stackid
;
177 #define K64 KSTAT_DATA_UINT64
178 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
186 KI(replay_early_failures
);
189 KI(acquire_requests
);
196 KI(sa_port_renumbers
);
201 kstat_install(espstack
->esp_ksp
);
207 esp_kstat_update(kstat_t
*kp
, int rw
)
210 netstackid_t stackid
= (zoneid_t
)(uintptr_t)kp
->ks_private
;
214 if ((kp
== NULL
) || (kp
->ks_data
== NULL
))
217 if (rw
== KSTAT_WRITE
)
220 ns
= netstack_find_by_stackid(stackid
);
223 ipss
= ns
->netstack_ipsec
;
228 ekp
= (esp_kstats_t
*)kp
->ks_data
;
230 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
231 ekp
->esp_stat_num_aalgs
.value
.ui64
=
232 ipss
->ipsec_nalgs
[IPSEC_ALG_AUTH
];
233 ekp
->esp_stat_num_ealgs
.value
.ui64
=
234 ipss
->ipsec_nalgs
[IPSEC_ALG_ENCR
];
235 rw_exit(&ipss
->ipsec_alg_lock
);
243 * Debug routine, useful to see pre-encryption data.
248 char tmp_str
[3], tmp_line
[256];
253 printf("mblk address 0x%p, length %ld, db_ref %d "
254 "type %d, base 0x%p, lim 0x%p\n",
255 (void *) mp
, (long)(mp
->b_wptr
- mp
->b_rptr
),
256 mp
->b_datap
->db_ref
, mp
->b_datap
->db_type
,
257 (void *)mp
->b_datap
->db_base
, (void *)mp
->b_datap
->db_lim
);
261 while (ptr
< mp
->b_wptr
) {
264 diff
= (ptr
- mp
->b_rptr
);
265 if (!(diff
& 0x1f)) {
266 if (strlen(tmp_line
) > 0) {
267 printf("bytes: %s\n", tmp_line
);
272 (void) strcat(tmp_line
, " ");
273 (void) sprintf(tmp_str
, "%02x", *ptr
);
274 (void) strcat(tmp_line
, tmp_str
);
277 if (strlen(tmp_line
) > 0)
278 printf("bytes: %s\n", tmp_line
);
290 printf("Find value of mp %p.\n", mp
);
296 * Don't have to lock age_interval, as only one thread will access it at
297 * a time, because I control the one function that does with timeout().
302 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)arg
;
303 netstack_t
*ns
= espstack
->ipsecesp_netstack
;
304 hrtime_t begin
= gethrtime();
306 sadb_ager(&espstack
->esp_sadb
.s_v4
, espstack
->esp_pfkey_q
,
307 espstack
->ipsecesp_reap_delay
, ns
);
308 sadb_ager(&espstack
->esp_sadb
.s_v6
, espstack
->esp_pfkey_q
,
309 espstack
->ipsecesp_reap_delay
, ns
);
311 espstack
->esp_event
= sadb_retimeout(begin
, espstack
->esp_pfkey_q
,
313 &espstack
->ipsecesp_age_interval
, espstack
->ipsecesp_age_int_max
,
318 * Get an ESP NDD parameter.
328 ipsecespparam_t
*ipsecesppa
= (ipsecespparam_t
*)cp
;
330 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
332 mutex_enter(&espstack
->ipsecesp_param_lock
);
333 value
= ipsecesppa
->ipsecesp_param_value
;
334 mutex_exit(&espstack
->ipsecesp_param_lock
);
336 (void) mi_mpprintf(mp
, "%u", value
);
341 * This routine sets an NDD variable in a ipsecespparam_t structure.
353 ipsecespparam_t
*ipsecesppa
= (ipsecespparam_t
*)cp
;
354 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
357 * Fail the request if the new value does not lie within the
360 if (ddi_strtoul(value
, NULL
, 10, &new_value
) != 0 ||
361 new_value
< ipsecesppa
->ipsecesp_param_min
||
362 new_value
> ipsecesppa
->ipsecesp_param_max
) {
366 /* Set the new value */
367 mutex_enter(&espstack
->ipsecesp_param_lock
);
368 ipsecesppa
->ipsecesp_param_value
= new_value
;
369 mutex_exit(&espstack
->ipsecesp_param_lock
);
374 * Using lifetime NDD variables, fill in an extended combination's
375 * lifetime information.
378 ipsecesp_fill_defs(sadb_x_ecomb_t
*ecomb
, netstack_t
*ns
)
380 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
382 ecomb
->sadb_x_ecomb_soft_bytes
= espstack
->ipsecesp_default_soft_bytes
;
383 ecomb
->sadb_x_ecomb_hard_bytes
= espstack
->ipsecesp_default_hard_bytes
;
384 ecomb
->sadb_x_ecomb_soft_addtime
=
385 espstack
->ipsecesp_default_soft_addtime
;
386 ecomb
->sadb_x_ecomb_hard_addtime
=
387 espstack
->ipsecesp_default_hard_addtime
;
388 ecomb
->sadb_x_ecomb_soft_usetime
=
389 espstack
->ipsecesp_default_soft_usetime
;
390 ecomb
->sadb_x_ecomb_hard_usetime
=
391 espstack
->ipsecesp_default_hard_usetime
;
395 * Initialize things for ESP at module load time.
398 ipsecesp_ddi_init(void)
400 esp_taskq
= taskq_create("esp_taskq", 1, minclsyspri
,
401 IPSEC_TASKQ_MIN
, IPSEC_TASKQ_MAX
, 0);
404 * We want to be informed each time a stack is created or
405 * destroyed in the kernel, so we can maintain the
406 * set of ipsecesp_stack_t's.
408 netstack_register(NS_IPSECESP
, ipsecesp_stack_init
, NULL
,
409 ipsecesp_stack_fini
);
415 * Walk through the param array specified registering each element with the
416 * named dispatch handler.
419 ipsecesp_param_register(IDP
*ndp
, ipsecespparam_t
*espp
, int cnt
)
421 for (; cnt
-- > 0; espp
++) {
422 if (espp
->ipsecesp_param_name
!= NULL
&&
423 espp
->ipsecesp_param_name
[0]) {
425 espp
->ipsecesp_param_name
,
426 ipsecesp_param_get
, ipsecesp_param_set
,
437 * Initialize things for ESP for each stack instance
440 ipsecesp_stack_init(netstackid_t stackid
, netstack_t
*ns
)
442 ipsecesp_stack_t
*espstack
;
443 ipsecespparam_t
*espp
;
445 espstack
= (ipsecesp_stack_t
*)kmem_zalloc(sizeof (*espstack
),
447 espstack
->ipsecesp_netstack
= ns
;
449 espp
= (ipsecespparam_t
*)kmem_alloc(sizeof (lcl_param_arr
), KM_SLEEP
);
450 espstack
->ipsecesp_params
= espp
;
451 bcopy(lcl_param_arr
, espp
, sizeof (lcl_param_arr
));
453 (void) ipsecesp_param_register(&espstack
->ipsecesp_g_nd
, espp
,
454 A_CNT(lcl_param_arr
));
456 (void) esp_kstat_init(espstack
, stackid
);
458 espstack
->esp_sadb
.s_acquire_timeout
=
459 &espstack
->ipsecesp_acquire_timeout
;
460 sadbp_init("ESP", &espstack
->esp_sadb
, SADB_SATYPE_ESP
, esp_hash_size
,
461 espstack
->ipsecesp_netstack
);
463 mutex_init(&espstack
->ipsecesp_param_lock
, NULL
, MUTEX_DEFAULT
, 0);
465 ip_drop_register(&espstack
->esp_dropper
, "IPsec ESP");
470 * Destroy things for ESP at module unload time.
473 ipsecesp_ddi_destroy(void)
475 netstack_unregister(NS_IPSECESP
);
476 taskq_destroy(esp_taskq
);
480 * Destroy things for ESP for one stack instance
483 ipsecesp_stack_fini(netstackid_t stackid
, void *arg
)
485 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)arg
;
487 if (espstack
->esp_pfkey_q
!= NULL
) {
488 (void) quntimeout(espstack
->esp_pfkey_q
, espstack
->esp_event
);
490 espstack
->esp_sadb
.s_acquire_timeout
= NULL
;
491 sadbp_destroy(&espstack
->esp_sadb
, espstack
->ipsecesp_netstack
);
492 ip_drop_unregister(&espstack
->esp_dropper
);
493 mutex_destroy(&espstack
->ipsecesp_param_lock
);
494 nd_free(&espstack
->ipsecesp_g_nd
);
496 kmem_free(espstack
->ipsecesp_params
, sizeof (lcl_param_arr
));
497 espstack
->ipsecesp_params
= NULL
;
498 kstat_delete_netstack(espstack
->esp_ksp
, stackid
);
499 espstack
->esp_ksp
= NULL
;
500 espstack
->esp_kstats
= NULL
;
501 kmem_free(espstack
, sizeof (*espstack
));
505 * ESP module open routine, which is here for keysock plumbing.
506 * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old
507 * Days of export control, and fears that ESP would not be allowed
508 * to be shipped at all by default. Eventually, keysock should
509 * either access AH and ESP via modstubs or krtld dependencies, or
510 * perhaps be folded in with AH and ESP into a single IPsec/netsec
511 * module ("netsec" if PF_KEY provides more than AH/ESP keying tables).
515 ipsecesp_open(queue_t
*q
, dev_t
*devp
, int flag
, int sflag
, cred_t
*credp
)
518 ipsecesp_stack_t
*espstack
;
520 if (secpolicy_ip_config(credp
, B_FALSE
) != 0)
523 if (q
->q_ptr
!= NULL
)
524 return (0); /* Re-open of an already open instance. */
526 if (sflag
!= MODOPEN
)
529 ns
= netstack_find_by_cred(credp
);
531 espstack
= ns
->netstack_ipsecesp
;
532 ASSERT(espstack
!= NULL
);
535 WR(q
)->q_ptr
= q
->q_ptr
;
542 * ESP module close routine.
545 ipsecesp_close(queue_t
*q
)
547 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
550 * Clean up q_ptr, if needed.
554 /* Keysock queue check is safe, because of OCEXCL perimeter. */
556 if (q
== espstack
->esp_pfkey_q
) {
558 ("ipsecesp_close: Ummm... keysock is closing ESP.\n"));
559 espstack
->esp_pfkey_q
= NULL
;
560 /* Detach qtimeouts. */
561 (void) quntimeout(q
, espstack
->esp_event
);
564 netstack_rele(espstack
->ipsecesp_netstack
);
569 * Add a number of bytes to what the SA has protected so far. Return
570 * B_TRUE if the SA can still protect that many bytes.
572 * Caller must REFRELE the passed-in assoc. This function must REFRELE
573 * any obtained peer SA.
576 esp_age_bytes(ipsa_t
*assoc
, uint64_t bytes
, boolean_t inbound
)
578 ipsa_t
*inassoc
, *outassoc
;
580 boolean_t inrc
, outrc
, isv6
;
583 netstack_t
*ns
= assoc
->ipsa_netstack
;
584 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
586 /* No peer? No problem! */
587 if (!assoc
->ipsa_haspeer
) {
588 return (sadb_age_bytes(espstack
->esp_pfkey_q
, assoc
, bytes
,
593 * Otherwise, we want to grab both the original assoc and its peer.
594 * There might be a race for this, but if it's a real race, two
595 * expire messages may occur. We limit this by only sending the
596 * expire message on one of the peers, we'll pick the inbound
599 * If we need tight synchronization on the peer SA, then we need to
603 /* Use address length to select IPv6/IPv4 */
604 isv6
= (assoc
->ipsa_addrfam
== AF_INET6
);
605 sp
= isv6
? &espstack
->esp_sadb
.s_v6
: &espstack
->esp_sadb
.s_v4
;
610 outhash
= OUTBOUND_HASH_V6(sp
, *((in6_addr_t
*)
611 &inassoc
->ipsa_dstaddr
));
613 outhash
= OUTBOUND_HASH_V4(sp
, *((ipaddr_t
*)
614 &inassoc
->ipsa_dstaddr
));
616 bucket
= &sp
->sdb_of
[outhash
];
617 mutex_enter(&bucket
->isaf_lock
);
618 outassoc
= ipsec_getassocbyspi(bucket
, inassoc
->ipsa_spi
,
619 inassoc
->ipsa_srcaddr
, inassoc
->ipsa_dstaddr
,
620 inassoc
->ipsa_addrfam
);
621 mutex_exit(&bucket
->isaf_lock
);
622 if (outassoc
== NULL
) {
623 /* Q: Do we wish to set haspeer == B_FALSE? */
624 esp0dbg(("esp_age_bytes: "
625 "can't find peer for inbound.\n"));
626 return (sadb_age_bytes(espstack
->esp_pfkey_q
, inassoc
,
631 bucket
= INBOUND_BUCKET(sp
, outassoc
->ipsa_spi
);
632 mutex_enter(&bucket
->isaf_lock
);
633 inassoc
= ipsec_getassocbyspi(bucket
, outassoc
->ipsa_spi
,
634 outassoc
->ipsa_srcaddr
, outassoc
->ipsa_dstaddr
,
635 outassoc
->ipsa_addrfam
);
636 mutex_exit(&bucket
->isaf_lock
);
637 if (inassoc
== NULL
) {
638 /* Q: Do we wish to set haspeer == B_FALSE? */
639 esp0dbg(("esp_age_bytes: "
640 "can't find peer for outbound.\n"));
641 return (sadb_age_bytes(espstack
->esp_pfkey_q
, outassoc
,
646 inrc
= sadb_age_bytes(espstack
->esp_pfkey_q
, inassoc
, bytes
, B_TRUE
);
647 outrc
= sadb_age_bytes(espstack
->esp_pfkey_q
, outassoc
, bytes
, B_FALSE
);
650 * REFRELE any peer SA.
652 * Because of the multi-line macro nature of IPSA_REFRELE, keep
656 IPSA_REFRELE(outassoc
);
658 IPSA_REFRELE(inassoc
);
661 return (inrc
&& outrc
);
665 * Do incoming NAT-T manipulations for packet.
666 * Returns NULL if the mblk chain is consumed.
669 esp_fix_natt_checksums(mblk_t
*data_mp
, ipsa_t
*assoc
)
671 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
674 /* Initialize to our inbound cksum adjustment... */
675 uint32_t sum
= assoc
->ipsa_inbound_cksum
;
677 switch (ipha
->ipha_protocol
) {
679 tcpha
= (tcpha_t
*)(data_mp
->b_rptr
+
680 IPH_HDR_LENGTH(ipha
));
682 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16)
683 sum
+= ~ntohs(tcpha
->tha_sum
) & 0xFFFF;
686 tcpha
->tha_sum
= ~htons(sum
);
689 udpha
= (udpha_t
*)(data_mp
->b_rptr
+ IPH_HDR_LENGTH(ipha
));
691 if (udpha
->uha_checksum
!= 0) {
692 /* Adujst if the inbound one was not zero. */
693 sum
+= ~ntohs(udpha
->uha_checksum
) & 0xFFFF;
696 udpha
->uha_checksum
= ~htons(sum
);
697 if (udpha
->uha_checksum
== 0)
698 udpha
->uha_checksum
= 0xFFFF;
704 * This case is only an issue for self-encapsulated
705 * packets. So for now, fall through.
714 * Strip ESP header, check padding, and fix IP header.
715 * Returns B_TRUE on success, B_FALSE if an error occured.
718 esp_strip_header(mblk_t
*data_mp
, boolean_t isv4
, uint32_t ivlen
,
719 kstat_named_t
**counter
, ipsecesp_stack_t
*espstack
)
725 uint8_t nexthdr
, padlen
;
727 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
731 * Strip ESP data and fix IP header.
733 * XXX In case the beginning of esp_inbound() changes to not do a
734 * pullup, this part of the code can remain unchanged.
737 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (ipha_t
));
738 ipha
= (ipha_t
*)data_mp
->b_rptr
;
739 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (esph_t
) +
740 IPH_HDR_LENGTH(ipha
));
741 divpoint
= IPH_HDR_LENGTH(ipha
);
743 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (ip6_t
));
744 ip6h
= (ip6_t
*)data_mp
->b_rptr
;
745 divpoint
= ip_hdr_length_v6(data_mp
, ip6h
);
749 while (scratch
->b_cont
!= NULL
)
750 scratch
= scratch
->b_cont
;
752 ASSERT((scratch
->b_wptr
- scratch
->b_rptr
) >= 3);
755 * "Next header" and padding length are the last two bytes in the
756 * ESP-protected datagram, thus the explicit - 1 and - 2.
757 * lastpad is the last byte of the padding, which can be used for
758 * a quick check to see if the padding is correct.
760 lastbyte
= scratch
->b_wptr
- 1;
761 nexthdr
= *lastbyte
--;
762 padlen
= *lastbyte
--;
765 /* Fix part of the IP header. */
766 ipha
->ipha_protocol
= nexthdr
;
768 * Reality check the padlen. The explicit - 2 is for the
769 * padding length and the next-header bytes.
771 if (padlen
>= ntohs(ipha
->ipha_length
) - sizeof (ipha_t
) - 2 -
772 sizeof (esph_t
) - ivlen
) {
773 ESP_BUMP_STAT(espstack
, bad_decrypt
);
774 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
777 "Corrupt ESP packet (padlen too big).\n");
778 esp1dbg(espstack
, ("padlen (%d) is greater than:\n",
780 esp1dbg(espstack
, ("pkt len(%d) - ip hdr - esp "
781 "hdr - ivlen(%d) = %d.\n",
782 ntohs(ipha
->ipha_length
), ivlen
,
783 (int)(ntohs(ipha
->ipha_length
) - sizeof (ipha_t
) -
784 2 - sizeof (esph_t
) - ivlen
)));
785 *counter
= DROPPER(ipss
, ipds_esp_bad_padlen
);
790 * Fix the rest of the header. The explicit - 2 is for the
791 * padding length and the next-header bytes.
793 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) - padlen
-
794 2 - sizeof (esph_t
) - ivlen
);
795 ipha
->ipha_hdr_checksum
= 0;
796 ipha
->ipha_hdr_checksum
= (uint16_t)ip_csum_hdr(ipha
);
798 if (ip6h
->ip6_nxt
== IPPROTO_ESP
) {
799 ip6h
->ip6_nxt
= nexthdr
;
803 bzero(&ipp
, sizeof (ipp
));
804 (void) ip_find_hdr_v6(data_mp
, ip6h
, B_FALSE
, &ipp
,
806 if (ipp
.ipp_dstopts
!= NULL
) {
807 ipp
.ipp_dstopts
->ip6d_nxt
= nexthdr
;
808 } else if (ipp
.ipp_rthdr
!= NULL
) {
809 ipp
.ipp_rthdr
->ip6r_nxt
= nexthdr
;
810 } else if (ipp
.ipp_hopopts
!= NULL
) {
811 ipp
.ipp_hopopts
->ip6h_nxt
= nexthdr
;
813 /* Panic a DEBUG kernel. */
814 ASSERT(ipp
.ipp_hopopts
!= NULL
);
815 /* Otherwise, pretend it's IP + ESP. */
816 cmn_err(CE_WARN
, "ESP IPv6 headers wrong.\n");
817 ip6h
->ip6_nxt
= nexthdr
;
821 if (padlen
>= ntohs(ip6h
->ip6_plen
) - 2 - sizeof (esph_t
) -
823 ESP_BUMP_STAT(espstack
, bad_decrypt
);
824 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
827 "Corrupt ESP packet (v6 padlen too big).\n");
828 esp1dbg(espstack
, ("padlen (%d) is greater than:\n",
831 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = "
832 "%u.\n", (unsigned)(ntohs(ip6h
->ip6_plen
)
833 + sizeof (ip6_t
)), ivlen
,
834 (unsigned)(ntohs(ip6h
->ip6_plen
) - 2 -
835 sizeof (esph_t
) - ivlen
)));
836 *counter
= DROPPER(ipss
, ipds_esp_bad_padlen
);
842 * Fix the rest of the header. The explicit - 2 is for the
843 * padding length and the next-header bytes. IPv6 is nice,
844 * because there's no hdr checksum!
846 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) - padlen
-
847 2 - sizeof (esph_t
) - ivlen
);
850 if (espstack
->ipsecesp_padding_check
> 0 && padlen
> 0) {
852 * Weak padding check: compare last-byte to length, they
855 lastpad
= *lastbyte
--;
857 if (padlen
!= lastpad
) {
858 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
859 info
.mi_idnum
, 0, 0, SL_ERROR
| SL_WARN
,
860 "Corrupt ESP packet (lastpad != padlen).\n");
862 ("lastpad (%d) not equal to padlen (%d):\n",
864 ESP_BUMP_STAT(espstack
, bad_padding
);
865 *counter
= DROPPER(ipss
, ipds_esp_bad_padding
);
870 * Strong padding check: Check all pad bytes to see that
871 * they're ascending. Go backwards using a descending counter
872 * to verify. padlen == 1 is checked by previous block, so
873 * only bother if we've more than 1 byte of padding.
874 * Consequently, start the check one byte before the location
877 if (espstack
->ipsecesp_padding_check
> 1) {
879 * This assert may have to become an if and a pullup
880 * if we start accepting multi-dblk mblks. For now,
881 * though, any packet here will have been pulled up in
884 ASSERT(MBLKL(scratch
) >= lastpad
+ 3);
887 * Use "--lastpad" because we already checked the very
888 * last pad byte previously.
890 while (--lastpad
!= 0) {
891 if (lastpad
!= *lastbyte
) {
893 espstack
->ipsecesp_netstack
,
895 SL_ERROR
| SL_WARN
, "Corrupt ESP "
896 "packet (bad padding).\n");
898 ("padding not in correct"
900 ESP_BUMP_STAT(espstack
, bad_padding
);
901 *counter
= DROPPER(ipss
,
902 ipds_esp_bad_padding
);
910 /* Trim off the padding. */
911 ASSERT(data_mp
->b_cont
== NULL
);
912 data_mp
->b_wptr
-= (padlen
+ 2);
915 * Remove the ESP header.
917 * The above assertions about data_mp's size will make this work.
919 * XXX Question: If I send up and get back a contiguous mblk,
920 * would it be quicker to bcopy over, or keep doing the dupb stuff?
921 * I go with copying for now.
924 if (IS_P2ALIGNED(data_mp
->b_rptr
, sizeof (uint32_t)) &&
925 IS_P2ALIGNED(ivlen
, sizeof (uint32_t))) {
926 uint8_t *start
= data_mp
->b_rptr
;
929 src
= (uint32_t *)(start
+ divpoint
);
930 dst
= (uint32_t *)(start
+ divpoint
+ sizeof (esph_t
) + ivlen
);
932 ASSERT(IS_P2ALIGNED(dst
, sizeof (uint32_t)) &&
933 IS_P2ALIGNED(src
, sizeof (uint32_t)));
939 } while (src
!= (uint32_t *)start
);
941 data_mp
->b_rptr
= (uchar_t
*)dst
;
943 uint8_t *start
= data_mp
->b_rptr
;
946 src
= start
+ divpoint
;
947 dst
= src
+ sizeof (esph_t
) + ivlen
;
953 } while (src
!= start
);
955 data_mp
->b_rptr
= dst
;
958 esp2dbg(espstack
, ("data_mp after inbound ESP adjustment:\n"));
959 esp2dbg(espstack
, (dump_msg(data_mp
)));
965 * Updating use times can be tricky business if the ipsa_haspeer flag is
966 * set. This function is called once in an SA's lifetime.
968 * Caller has to REFRELE "assoc" which is passed in. This function has
969 * to REFRELE any peer SA that is obtained.
972 esp_set_usetime(ipsa_t
*assoc
, boolean_t inbound
)
974 ipsa_t
*inassoc
, *outassoc
;
979 netstack_t
*ns
= assoc
->ipsa_netstack
;
980 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
982 /* No peer? No problem! */
983 if (!assoc
->ipsa_haspeer
) {
984 sadb_set_usetime(assoc
);
989 * Otherwise, we want to grab both the original assoc and its peer.
990 * There might be a race for this, but if it's a real race, the times
991 * will be out-of-synch by at most a second, and since our time
992 * granularity is a second, this won't be a problem.
994 * If we need tight synchronization on the peer SA, then we need to
998 /* Use address length to select IPv6/IPv4 */
999 isv6
= (assoc
->ipsa_addrfam
== AF_INET6
);
1000 sp
= isv6
? &espstack
->esp_sadb
.s_v6
: &espstack
->esp_sadb
.s_v4
;
1005 outhash
= OUTBOUND_HASH_V6(sp
, *((in6_addr_t
*)
1006 &inassoc
->ipsa_dstaddr
));
1008 outhash
= OUTBOUND_HASH_V4(sp
, *((ipaddr_t
*)
1009 &inassoc
->ipsa_dstaddr
));
1011 bucket
= &sp
->sdb_of
[outhash
];
1012 mutex_enter(&bucket
->isaf_lock
);
1013 outassoc
= ipsec_getassocbyspi(bucket
, inassoc
->ipsa_spi
,
1014 inassoc
->ipsa_srcaddr
, inassoc
->ipsa_dstaddr
,
1015 inassoc
->ipsa_addrfam
);
1016 mutex_exit(&bucket
->isaf_lock
);
1017 if (outassoc
== NULL
) {
1018 /* Q: Do we wish to set haspeer == B_FALSE? */
1019 esp0dbg(("esp_set_usetime: "
1020 "can't find peer for inbound.\n"));
1021 sadb_set_usetime(inassoc
);
1026 bucket
= INBOUND_BUCKET(sp
, outassoc
->ipsa_spi
);
1027 mutex_enter(&bucket
->isaf_lock
);
1028 inassoc
= ipsec_getassocbyspi(bucket
, outassoc
->ipsa_spi
,
1029 outassoc
->ipsa_srcaddr
, outassoc
->ipsa_dstaddr
,
1030 outassoc
->ipsa_addrfam
);
1031 mutex_exit(&bucket
->isaf_lock
);
1032 if (inassoc
== NULL
) {
1033 /* Q: Do we wish to set haspeer == B_FALSE? */
1034 esp0dbg(("esp_set_usetime: "
1035 "can't find peer for outbound.\n"));
1036 sadb_set_usetime(outassoc
);
1041 /* Update usetime on both. */
1042 sadb_set_usetime(inassoc
);
1043 sadb_set_usetime(outassoc
);
1046 * REFRELE any peer SA.
1048 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1052 IPSA_REFRELE(outassoc
);
1054 IPSA_REFRELE(inassoc
);
1059 * Handle ESP inbound data for IPv4 and IPv6.
1060 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1061 * mblk chain data_mp.
1064 esp_inbound(mblk_t
*data_mp
, void *arg
, ip_recv_attr_t
*ira
)
1066 esph_t
*esph
= (esph_t
*)arg
;
1067 ipsa_t
*ipsa
= ira
->ira_ipsec_esp_sa
;
1068 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1069 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1070 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1073 * We may wish to check replay in-range-only here as an optimization.
1074 * Include the reality check of ipsa->ipsa_replay >
1075 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
1076 * where N == ipsa->ipsa_replay_wsize.
1078 * Another check that may come here later is the "collision" check.
1079 * If legitimate packets flow quickly enough, this won't be a problem,
1080 * but collisions may cause authentication algorithm crunching to
1081 * take place when it doesn't need to.
1083 if (!sadb_replay_peek(ipsa
, esph
->esph_replay
)) {
1084 ESP_BUMP_STAT(espstack
, replay_early_failures
);
1085 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1086 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
,
1087 DROPPER(ipss
, ipds_esp_early_replay
),
1088 &espstack
->esp_dropper
);
1089 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1094 * Adjust the IP header's payload length to reflect the removal
1097 if (!(ira
->ira_flags
& IRAF_IS_IPV4
)) {
1098 ip6_t
*ip6h
= (ip6_t
*)data_mp
->b_rptr
;
1099 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) -
1100 ipsa
->ipsa_mac_len
);
1102 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
1103 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) -
1104 ipsa
->ipsa_mac_len
);
1107 /* submit the request to the crypto framework */
1108 return (esp_submit_req_inbound(data_mp
, ira
, ipsa
,
1109 (uint8_t *)esph
- data_mp
->b_rptr
));
1112 /* XXX refactor me */
1114 * Handle the SADB_GETSPI message. Create a larval SA.
1117 esp_getspi(mblk_t
*mp
, keysock_in_t
*ksi
, ipsecesp_stack_t
*espstack
)
1119 ipsa_t
*newbie
, *target
;
1120 isaf_t
*outbound
, *inbound
;
1127 * Randomly generate a proposed SPI value
1129 if (cl_inet_getspi
!= NULL
) {
1130 cl_inet_getspi(espstack
->ipsecesp_netstack
->netstack_stackid
,
1131 IPPROTO_ESP
, (uint8_t *)&newspi
, sizeof (uint32_t), NULL
);
1133 (void) random_get_pseudo_bytes((uint8_t *)&newspi
,
1136 newbie
= sadb_getspi(ksi
, newspi
, &diagnostic
,
1137 espstack
->ipsecesp_netstack
, IPPROTO_ESP
);
1139 if (newbie
== NULL
) {
1140 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, ENOMEM
, diagnostic
,
1143 } else if (newbie
== (ipsa_t
*)-1) {
1144 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
, diagnostic
,
1150 * XXX - We may randomly collide. We really should recover from this.
1151 * Unfortunately, that could require spending way-too-much-time
1152 * in here. For now, let the user retry.
1155 if (newbie
->ipsa_addrfam
== AF_INET6
) {
1156 outbound
= OUTBOUND_BUCKET_V6(&espstack
->esp_sadb
.s_v6
,
1157 *(uint32_t *)(newbie
->ipsa_dstaddr
));
1158 inbound
= INBOUND_BUCKET(&espstack
->esp_sadb
.s_v6
,
1161 ASSERT(newbie
->ipsa_addrfam
== AF_INET
);
1162 outbound
= OUTBOUND_BUCKET_V4(&espstack
->esp_sadb
.s_v4
,
1163 *(uint32_t *)(newbie
->ipsa_dstaddr
));
1164 inbound
= INBOUND_BUCKET(&espstack
->esp_sadb
.s_v4
,
1168 mutex_enter(&outbound
->isaf_lock
);
1169 mutex_enter(&inbound
->isaf_lock
);
1172 * Check for collisions (i.e. did sadb_getspi() return with something
1173 * that already exists?).
1175 * Try outbound first. Even though SADB_GETSPI is traditionally
1176 * for inbound SAs, you never know what a user might do.
1178 target
= ipsec_getassocbyspi(outbound
, newbie
->ipsa_spi
,
1179 newbie
->ipsa_srcaddr
, newbie
->ipsa_dstaddr
, newbie
->ipsa_addrfam
);
1180 if (target
== NULL
) {
1181 target
= ipsec_getassocbyspi(inbound
, newbie
->ipsa_spi
,
1182 newbie
->ipsa_srcaddr
, newbie
->ipsa_dstaddr
,
1183 newbie
->ipsa_addrfam
);
1187 * I don't have collisions elsewhere!
1188 * (Nor will I because I'm still holding inbound/outbound locks.)
1191 if (target
!= NULL
) {
1193 IPSA_REFRELE(target
);
1196 * sadb_insertassoc() also checks for collisions, so
1197 * if there's a colliding entry, rc will be set
1200 rc
= sadb_insertassoc(newbie
, inbound
);
1201 newbie
->ipsa_hardexpiretime
= gethrestime_sec();
1202 newbie
->ipsa_hardexpiretime
+=
1203 espstack
->ipsecesp_larval_timeout
;
1207 * Can exit outbound mutex. Hold inbound until we're done
1210 mutex_exit(&outbound
->isaf_lock
);
1213 mutex_exit(&inbound
->isaf_lock
);
1214 IPSA_REFRELE(newbie
);
1215 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, rc
,
1216 SADB_X_DIAGNOSTIC_NONE
, ksi
->ks_in_serial
);
1221 /* Can write here because I'm still holding the bucket lock. */
1222 newbie
->ipsa_type
= SADB_SATYPE_ESP
;
1225 * Construct successful return message. We have one thing going
1226 * for us in PF_KEY v2. That's the fact that
1227 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1229 assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SPIRANGE
];
1230 assoc
->sadb_sa_exttype
= SADB_EXT_SA
;
1231 assoc
->sadb_sa_spi
= newbie
->ipsa_spi
;
1232 *((uint64_t *)(&assoc
->sadb_sa_replay
)) = 0;
1233 mutex_exit(&inbound
->isaf_lock
);
1235 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1236 kso
= (keysock_out_t
*)ksi
;
1237 kso
->ks_out_len
= sizeof (*kso
);
1238 kso
->ks_out_serial
= ksi
->ks_in_serial
;
1239 kso
->ks_out_type
= KEYSOCK_OUT
;
1242 * Can safely putnext() to esp_pfkey_q, because this is a turnaround
1243 * from the esp_pfkey_q.
1245 putnext(espstack
->esp_pfkey_q
, mp
);
1249 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly
1250 * allocated mblk with the ESP header in between the two.
1253 esp_insert_esp(mblk_t
*mp
, mblk_t
*esp_mp
, uint_t divpoint
,
1254 ipsecesp_stack_t
*espstack
)
1256 mblk_t
*split_mp
= mp
;
1257 uint_t wheretodiv
= divpoint
;
1259 while ((split_mp
->b_wptr
- split_mp
->b_rptr
) < wheretodiv
) {
1260 wheretodiv
-= (split_mp
->b_wptr
- split_mp
->b_rptr
);
1261 split_mp
= split_mp
->b_cont
;
1262 ASSERT(split_mp
!= NULL
);
1265 if (split_mp
->b_wptr
- split_mp
->b_rptr
!= wheretodiv
) {
1268 /* "scratch" is the 2nd half, split_mp is the first. */
1269 scratch
= dupb(split_mp
);
1270 if (scratch
== NULL
) {
1272 ("esp_insert_esp: can't allocate scratch.\n"));
1275 /* NOTE: dupb() doesn't set b_cont appropriately. */
1276 scratch
->b_cont
= split_mp
->b_cont
;
1277 scratch
->b_rptr
+= wheretodiv
;
1278 split_mp
->b_wptr
= split_mp
->b_rptr
+ wheretodiv
;
1279 split_mp
->b_cont
= scratch
;
1282 * At this point, split_mp is exactly "wheretodiv" bytes long, and
1283 * holds the end of the pre-ESP part of the datagram.
1285 esp_mp
->b_cont
= split_mp
->b_cont
;
1286 split_mp
->b_cont
= esp_mp
;
1292 * Section 7 of RFC 3947 says:
1294 * 7. Recovering from the Expiring NAT Mappings
1296 * There are cases where NAT box decides to remove mappings that are still
1297 * alive (for example, when the keepalive interval is too long, or when the
1298 * NAT box is rebooted). To recover from this, ends that are NOT behind
1299 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from
1300 * the other end to determine which IP and port addresses should be used.
1301 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a
1302 * DoS attack possibility because the IP address or port of the other host
1303 * will not change (it is not behind NAT).
1305 * Keepalives cannot be used for these purposes, as they are not
1306 * authenticated, but any IKE authenticated IKE packet or ESP packet can be
1307 * used to detect whether the IP address or the port has changed.
1309 * The following function will check an SA and its explicitly-set pair to see
1310 * if the NAT-T remote port matches the received packet (which must have
1311 * passed ESP authentication, see esp_in_done() for the caller context). If
1312 * there is a mismatch, the SAs are updated. It is not important if we race
1313 * with a transmitting thread, as if there is a transmitting thread, it will
1314 * merely emit a packet that will most-likely be dropped.
1316 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should
1317 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port.
1319 #ifdef _LITTLE_ENDIAN
1320 #define FIRST_16(x) ((x) & 0xFFFF)
1321 #define NEXT_16(x) (((x) >> 16) & 0xFFFF)
1323 #define FIRST_16(x) (((x) >> 16) & 0xFFFF)
1324 #define NEXT_16(x) ((x) & 0xFFFF)
1327 esp_port_freshness(uint32_t ports
, ipsa_t
*assoc
)
1329 uint16_t remote
= FIRST_16(ports
);
1330 uint16_t local
= NEXT_16(ports
);
1331 ipsa_t
*outbound_peer
;
1333 ipsecesp_stack_t
*espstack
= assoc
->ipsa_netstack
->netstack_ipsecesp
;
1335 /* We found a conn_t, therefore local != 0. */
1337 /* Assume an IPv4 SA. */
1338 ASSERT(assoc
->ipsa_addrfam
== AF_INET
);
1341 * On-the-wire rport == 0 means something's very wrong.
1342 * An unpaired SA is also useless to us.
1343 * If we are behind the NAT, don't bother.
1344 * A zero local NAT port defaults to 4500, so check that too.
1345 * And, of course, if the ports already match, we don't need to
1348 if (remote
== 0 || assoc
->ipsa_otherspi
== 0 ||
1349 (assoc
->ipsa_flags
& IPSA_F_BEHIND_NAT
) ||
1350 (assoc
->ipsa_remote_nat_port
== 0 &&
1351 remote
== htons(IPPORT_IKE_NATT
)) ||
1352 remote
== assoc
->ipsa_remote_nat_port
)
1355 /* Try and snag the peer. NOTE: Assume IPv4 for now. */
1356 bucket
= OUTBOUND_BUCKET_V4(&(espstack
->esp_sadb
.s_v4
),
1357 assoc
->ipsa_srcaddr
[0]);
1358 mutex_enter(&bucket
->isaf_lock
);
1359 outbound_peer
= ipsec_getassocbyspi(bucket
, assoc
->ipsa_otherspi
,
1360 assoc
->ipsa_dstaddr
, assoc
->ipsa_srcaddr
, AF_INET
);
1361 mutex_exit(&bucket
->isaf_lock
);
1363 /* We probably lost a race to a deleting or expiring thread. */
1364 if (outbound_peer
== NULL
)
1368 * Hold the mutexes for both SAs so we don't race another inbound
1369 * thread. A lock-entry order shouldn't matter, since all other
1370 * per-ipsa locks are individually held-then-released.
1372 * Luckily, this has nothing to do with the remote-NAT address,
1373 * so we don't have to re-scribble the cached-checksum differential.
1375 mutex_enter(&outbound_peer
->ipsa_lock
);
1376 mutex_enter(&assoc
->ipsa_lock
);
1377 outbound_peer
->ipsa_remote_nat_port
= assoc
->ipsa_remote_nat_port
=
1379 mutex_exit(&assoc
->ipsa_lock
);
1380 mutex_exit(&outbound_peer
->ipsa_lock
);
1381 IPSA_REFRELE(outbound_peer
);
1382 ESP_BUMP_STAT(espstack
, sa_port_renumbers
);
1385 * Finish processing of an inbound ESP packet after processing by the
1387 * - Remove the ESP header.
1388 * - Send packet back to IP.
1389 * If authentication was performed on the packet, this function is called
1390 * only if the authentication succeeded.
1391 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1392 * mblk chain data_mp.
1395 esp_in_done(mblk_t
*data_mp
, ip_recv_attr_t
*ira
, ipsec_crypto_t
*ic
)
1400 uint_t processed_len
;
1402 kstat_named_t
*counter
;
1404 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1405 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1406 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1408 assoc
= ira
->ira_ipsec_esp_sa
;
1409 ASSERT(assoc
!= NULL
);
1411 is_natt
= ((assoc
->ipsa_flags
& IPSA_F_NATT
) != 0);
1413 /* get the pointer to the ESP header */
1414 if (assoc
->ipsa_encr_alg
== SADB_EALG_NULL
) {
1415 /* authentication-only ESP */
1416 espstart
= ic
->ic_crypto_data
.cd_offset
;
1417 processed_len
= ic
->ic_crypto_data
.cd_length
;
1419 /* encryption present */
1420 ivlen
= assoc
->ipsa_iv_len
;
1421 if (assoc
->ipsa_auth_alg
== SADB_AALG_NONE
) {
1422 /* encryption-only ESP */
1423 espstart
= ic
->ic_crypto_data
.cd_offset
-
1424 sizeof (esph_t
) - assoc
->ipsa_iv_len
;
1425 processed_len
= ic
->ic_crypto_data
.cd_length
+
1428 /* encryption with authentication */
1429 espstart
= ic
->ic_crypto_dual_data
.dd_offset1
;
1430 processed_len
= ic
->ic_crypto_dual_data
.dd_len2
+
1435 esph
= (esph_t
*)(data_mp
->b_rptr
+ espstart
);
1437 if (assoc
->ipsa_auth_alg
!= IPSA_AALG_NONE
||
1438 (assoc
->ipsa_flags
& IPSA_F_COMBINED
)) {
1440 * Authentication passed if we reach this point.
1441 * Packets with authentication will have the ICV
1442 * after the crypto data. Adjust b_wptr before
1443 * making padlen checks.
1445 ESP_BUMP_STAT(espstack
, good_auth
);
1446 data_mp
->b_wptr
-= assoc
->ipsa_mac_len
;
1449 * Check replay window here!
1450 * For right now, assume keysock will set the replay window
1451 * size to zero for SAs that have an unspecified sender.
1452 * This may change...
1455 if (!sadb_replay_check(assoc
, esph
->esph_replay
)) {
1457 * Log the event. As of now we print out an event.
1458 * Do not print the replay failure number, or else
1459 * syslog cannot collate the error messages. Printing
1460 * the replay number that failed opens a denial-of-
1463 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
1465 "Replay failed for ESP spi 0x%x, dst %s.\n",
1466 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
,
1467 assoc
->ipsa_addrfam
, espstack
->ipsecesp_netstack
);
1468 ESP_BUMP_STAT(espstack
, replay_failures
);
1469 counter
= DROPPER(ipss
, ipds_esp_replay
);
1474 ASSERT(ira
->ira_flags
& IRAF_ESP_UDP_PORTS
);
1475 ASSERT(ira
->ira_esp_udp_ports
!= 0);
1476 esp_port_freshness(ira
->ira_esp_udp_ports
, assoc
);
1480 esp_set_usetime(assoc
, B_TRUE
);
1482 if (!esp_age_bytes(assoc
, processed_len
, B_TRUE
)) {
1483 /* The ipsa has hit hard expiration, LOG and AUDIT. */
1484 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
1486 "ESP association 0x%x, dst %s had bytes expire.\n",
1487 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
, assoc
->ipsa_addrfam
,
1488 espstack
->ipsecesp_netstack
);
1489 ESP_BUMP_STAT(espstack
, bytes_expired
);
1490 counter
= DROPPER(ipss
, ipds_esp_bytes_expire
);
1495 * Remove ESP header and padding from packet. I hope the compiler
1496 * spews "branch, predict taken" code for this.
1499 if (esp_strip_header(data_mp
, (ira
->ira_flags
& IRAF_IS_IPV4
),
1500 ivlen
, &counter
, espstack
)) {
1502 if (is_system_labeled() && assoc
->ipsa_tsl
!= NULL
) {
1503 if (!ip_recv_attr_replace_label(ira
, assoc
->ipsa_tsl
)) {
1504 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
,
1505 DROPPER(ipss
, ipds_ah_nomem
),
1506 &espstack
->esp_dropper
);
1507 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
,
1508 ipIfStatsInDiscards
);
1513 return (esp_fix_natt_checksums(data_mp
, assoc
));
1515 if (assoc
->ipsa_state
== IPSA_STATE_IDLE
) {
1517 * Cluster buffering case. Tell caller that we're
1518 * handling the packet.
1520 sadb_buf_pkt(assoc
, data_mp
, ira
);
1527 esp1dbg(espstack
, ("esp_in_done: esp_strip_header() failed\n"));
1529 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1530 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
, counter
,
1531 &espstack
->esp_dropper
);
1532 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1537 * Called upon failing the inbound ICV check. The message passed as
1538 * argument is freed.
1541 esp_log_bad_auth(mblk_t
*mp
, ip_recv_attr_t
*ira
)
1543 ipsa_t
*assoc
= ira
->ira_ipsec_esp_sa
;
1544 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1545 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1546 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1549 * Log the event. Don't print to the console, block
1550 * potential denial-of-service attack.
1552 ESP_BUMP_STAT(espstack
, bad_auth
);
1554 ipsec_assocfailure(info
.mi_idnum
, 0, 0, SL_ERROR
| SL_WARN
,
1555 "ESP Authentication failed for spi 0x%x, dst %s.\n",
1556 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
, assoc
->ipsa_addrfam
,
1557 espstack
->ipsecesp_netstack
);
1559 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1560 ip_drop_packet(mp
, B_TRUE
, ira
->ira_ill
,
1561 DROPPER(ipss
, ipds_esp_bad_auth
),
1562 &espstack
->esp_dropper
);
1567 * Invoked for outbound packets after ESP processing. If the packet
1568 * also requires AH, performs the AH SA selection and AH processing.
1570 * Returns data_mp (possibly with AH added) unless data_mp was consumed
1571 * due to an error, or queued due to async. crypto or an ACQUIRE trigger.
1574 esp_do_outbound_ah(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
1578 ap
= ixa
->ixa_ipsec_action
;
1580 ipsec_policy_t
*pp
= ixa
->ixa_ipsec_policy
;
1584 if (!ap
->ipa_want_ah
)
1588 * Normally the AH SA would have already been put in place
1589 * but it could have been flushed so we need to look for it.
1591 if (ixa
->ixa_ipsec_ah_sa
== NULL
) {
1592 if (!ipsec_outbound_sa(data_mp
, ixa
, IPPROTO_AH
)) {
1593 sadb_acquire(data_mp
, ixa
, B_TRUE
, B_FALSE
);
1597 ASSERT(ixa
->ixa_ipsec_ah_sa
!= NULL
);
1599 data_mp
= ixa
->ixa_ipsec_ah_sa
->ipsa_output_func(data_mp
, ixa
);
1605 * Kernel crypto framework callback invoked after completion of async
1606 * crypto requests for outbound packets.
1609 esp_kcf_callback_outbound(void *arg
, int status
)
1611 mblk_t
*mp
= (mblk_t
*)arg
;
1614 ipsec_stack_t
*ipss
;
1615 ipsecesp_stack_t
*espstack
;
1617 ip_xmit_attr_t ixas
;
1622 * First remove the ipsec_crypto_t mblk
1623 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1625 async_mp
= ipsec_remove_crypto_data(mp
, &ic
);
1626 ASSERT(async_mp
!= NULL
);
1629 * Extract the ip_xmit_attr_t from the first mblk.
1630 * Verifies that the netstack and ill is still around; could
1631 * have vanished while kEf was doing its work.
1632 * On succesful return we have a nce_t and the ill/ipst can't
1633 * disappear until we do the nce_refrele in ixa_cleanup.
1635 data_mp
= async_mp
->b_cont
;
1636 async_mp
->b_cont
= NULL
;
1637 if (!ip_xmit_attr_from_mblk(async_mp
, &ixas
)) {
1638 /* Disappeared on us - no ill/ipst for MIB */
1639 /* We have nowhere to do stats since ixa_ipst could be NULL */
1640 if (ixas
.ixa_nce
!= NULL
) {
1641 ill
= ixas
.ixa_nce
->nce_ill
;
1642 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
1643 ip_drop_output("ipIfStatsOutDiscards", data_mp
, ill
);
1648 ns
= ixas
.ixa_ipst
->ips_netstack
;
1649 espstack
= ns
->netstack_ipsecesp
;
1650 ipss
= ns
->netstack_ipsec
;
1651 ill
= ixas
.ixa_nce
->nce_ill
;
1653 if (status
== CRYPTO_SUCCESS
) {
1655 * If a ICV was computed, it was stored by the
1656 * crypto framework at the end of the packet.
1658 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
1660 esp_set_usetime(ixas
.ixa_ipsec_esp_sa
, B_FALSE
);
1662 if (IPH_HDR_VERSION(ipha
) == IP_VERSION
&&
1663 ipha
->ipha_protocol
== IPPROTO_UDP
)
1664 esp_prepare_udp(ns
, data_mp
, ipha
);
1666 /* do AH processing if needed */
1667 data_mp
= esp_do_outbound_ah(data_mp
, &ixas
);
1668 if (data_mp
== NULL
)
1671 (void) ip_output_post_ipsec(data_mp
, &ixas
);
1673 /* Outbound shouldn't see invalid MAC */
1674 ASSERT(status
!= CRYPTO_INVALID_MAC
);
1677 ("esp_kcf_callback_outbound: crypto failed with 0x%x\n",
1679 ESP_BUMP_STAT(espstack
, crypto_failures
);
1680 ESP_BUMP_STAT(espstack
, out_discards
);
1681 ip_drop_packet(data_mp
, B_FALSE
, ill
,
1682 DROPPER(ipss
, ipds_esp_crypto_failed
),
1683 &espstack
->esp_dropper
);
1684 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
1688 (void) ipsec_free_crypto_data(mp
);
1692 * Kernel crypto framework callback invoked after completion of async
1693 * crypto requests for inbound packets.
1696 esp_kcf_callback_inbound(void *arg
, int status
)
1698 mblk_t
*mp
= (mblk_t
*)arg
;
1701 ipsecesp_stack_t
*espstack
;
1702 ipsec_stack_t
*ipss
;
1704 ip_recv_attr_t iras
;
1708 * First remove the ipsec_crypto_t mblk
1709 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1711 async_mp
= ipsec_remove_crypto_data(mp
, &ic
);
1712 ASSERT(async_mp
!= NULL
);
1715 * Extract the ip_recv_attr_t from the first mblk.
1716 * Verifies that the netstack and ill is still around; could
1717 * have vanished while kEf was doing its work.
1719 data_mp
= async_mp
->b_cont
;
1720 async_mp
->b_cont
= NULL
;
1721 if (!ip_recv_attr_from_mblk(async_mp
, &iras
)) {
1722 /* The ill or ip_stack_t disappeared on us */
1723 ip_drop_input("ip_recv_attr_from_mblk", data_mp
, NULL
);
1728 ns
= iras
.ira_ill
->ill_ipst
->ips_netstack
;
1729 espstack
= ns
->netstack_ipsecesp
;
1730 ipss
= ns
->netstack_ipsec
;
1732 if (status
== CRYPTO_SUCCESS
) {
1733 data_mp
= esp_in_done(data_mp
, &iras
, ic
);
1734 if (data_mp
== NULL
)
1737 /* finish IPsec processing */
1738 ip_input_post_ipsec(data_mp
, &iras
);
1739 } else if (status
== CRYPTO_INVALID_MAC
) {
1740 esp_log_bad_auth(data_mp
, &iras
);
1743 ("esp_kcf_callback: crypto failed with 0x%x\n",
1745 ESP_BUMP_STAT(espstack
, crypto_failures
);
1746 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1747 ip_drop_packet(data_mp
, B_TRUE
, iras
.ira_ill
,
1748 DROPPER(ipss
, ipds_esp_crypto_failed
),
1749 &espstack
->esp_dropper
);
1750 BUMP_MIB(iras
.ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1753 ira_cleanup(&iras
, B_TRUE
);
1754 (void) ipsec_free_crypto_data(mp
);
1758 * Invoked on crypto framework failure during inbound and outbound processing.
1761 esp_crypto_failed(mblk_t
*data_mp
, boolean_t is_inbound
, int kef_rc
,
1762 ill_t
*ill
, ipsecesp_stack_t
*espstack
)
1764 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
1766 esp1dbg(espstack
, ("crypto failed for %s ESP with 0x%x\n",
1767 is_inbound
? "inbound" : "outbound", kef_rc
));
1768 ip_drop_packet(data_mp
, is_inbound
, ill
,
1769 DROPPER(ipss
, ipds_esp_crypto_failed
),
1770 &espstack
->esp_dropper
);
1771 ESP_BUMP_STAT(espstack
, crypto_failures
);
1773 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1775 ESP_BUMP_STAT(espstack
, out_discards
);
1779 * A statement-equivalent macro, _cr MUST point to a modifiable
1780 * crypto_call_req_t.
1782 #define ESP_INIT_CALLREQ(_cr, _mp, _callback) \
1783 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE; \
1784 (_cr)->cr_callback_arg = (_mp); \
1785 (_cr)->cr_callback_func = (_callback)
1787 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \
1788 (mac)->cd_format = CRYPTO_DATA_RAW; \
1789 (mac)->cd_offset = 0; \
1790 (mac)->cd_length = icvlen; \
1791 (mac)->cd_raw.iov_base = (char *)icvbuf; \
1792 (mac)->cd_raw.iov_len = icvlen; \
1795 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \
1796 if (MBLKL(mp) >= (len) + (off)) { \
1797 (data)->cd_format = CRYPTO_DATA_RAW; \
1798 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \
1799 (data)->cd_raw.iov_len = MBLKL(mp); \
1800 (data)->cd_offset = off; \
1802 (data)->cd_format = CRYPTO_DATA_MBLK; \
1803 (data)->cd_mp = mp; \
1804 (data)->cd_offset = off; \
1806 (data)->cd_length = len; \
1809 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \
1810 (data)->dd_format = CRYPTO_DATA_MBLK; \
1811 (data)->dd_mp = mp; \
1812 (data)->dd_len1 = len1; \
1813 (data)->dd_offset1 = off1; \
1814 (data)->dd_len2 = len2; \
1815 (data)->dd_offset2 = off2; \
1819 * Returns data_mp if successfully completed the request. Returns
1820 * NULL if it failed (and increments InDiscards) or if it is pending.
1823 esp_submit_req_inbound(mblk_t
*esp_mp
, ip_recv_attr_t
*ira
,
1824 ipsa_t
*assoc
, uint_t esph_offset
)
1826 uint_t auth_offset
, msg_len
, auth_len
;
1827 crypto_call_req_t call_req
, *callrp
;
1831 uint_t icv_len
= assoc
->ipsa_mac_len
;
1832 crypto_ctx_template_t auth_ctx_tmpl
;
1833 boolean_t do_auth
, do_encr
, force
;
1834 uint_t encr_offset
, encr_len
;
1835 uint_t iv_len
= assoc
->ipsa_iv_len
;
1836 crypto_ctx_template_t encr_ctx_tmpl
;
1837 ipsec_crypto_t
*ic
, icstack
;
1839 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1840 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1841 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1843 do_auth
= assoc
->ipsa_auth_alg
!= SADB_AALG_NONE
;
1844 do_encr
= assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
;
1845 force
= (assoc
->ipsa_flags
& IPSA_F_ASYNC
);
1847 #ifdef IPSEC_LATENCY_TEST
1848 kef_rc
= CRYPTO_SUCCESS
;
1850 kef_rc
= CRYPTO_FAILED
;
1854 * An inbound packet is of the form:
1855 * [IP,options,ESP,IV,data,ICV,pad]
1857 esph_ptr
= (esph_t
*)(esp_mp
->b_rptr
+ esph_offset
);
1858 iv_ptr
= (uchar_t
*)(esph_ptr
+ 1);
1859 /* Packet length starting at IP header ending after ESP ICV. */
1860 msg_len
= MBLKL(esp_mp
);
1862 encr_offset
= esph_offset
+ sizeof (esph_t
) + iv_len
;
1863 encr_len
= msg_len
- encr_offset
;
1866 * Counter mode algs need a nonce. This is setup in sadb_common_add().
1867 * If for some reason we are using a SA which does not have a nonce
1868 * then we must fail here.
1870 if ((assoc
->ipsa_flags
& IPSA_F_COUNTERMODE
) &&
1871 (assoc
->ipsa_nonce
== NULL
)) {
1872 ip_drop_packet(esp_mp
, B_TRUE
, ira
->ira_ill
,
1873 DROPPER(ipss
, ipds_esp_nomem
), &espstack
->esp_dropper
);
1878 /* We are doing asynch; allocate mblks to hold state */
1879 if ((mp
= ip_recv_attr_to_mblk(ira
)) == NULL
||
1880 (mp
= ipsec_add_crypto_data(mp
, &ic
)) == NULL
) {
1881 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1882 ip_drop_input("ipIfStatsInDiscards", esp_mp
,
1888 ESP_INIT_CALLREQ(callrp
, mp
, esp_kcf_callback_inbound
);
1891 * If we know we are going to do sync then ipsec_crypto_t
1892 * should be on the stack.
1895 bzero(ic
, sizeof (*ic
));
1900 /* authentication context template */
1901 IPSEC_CTX_TMPL(assoc
, ipsa_authtmpl
, IPSEC_ALG_AUTH
,
1904 /* ICV to be verified */
1905 ESP_INIT_CRYPTO_MAC(&ic
->ic_crypto_mac
,
1906 icv_len
, esp_mp
->b_wptr
- icv_len
);
1908 /* authentication starts at the ESP header */
1909 auth_offset
= esph_offset
;
1910 auth_len
= msg_len
- auth_offset
- icv_len
;
1912 /* authentication only */
1913 /* initialize input data argument */
1914 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
1915 esp_mp
, auth_offset
, auth_len
);
1917 /* call the crypto framework */
1918 kef_rc
= crypto_mac_verify(&assoc
->ipsa_amech
,
1919 &ic
->ic_crypto_data
,
1920 &assoc
->ipsa_kcfauthkey
, auth_ctx_tmpl
,
1921 &ic
->ic_crypto_mac
, callrp
);
1926 /* encryption template */
1927 IPSEC_CTX_TMPL(assoc
, ipsa_encrtmpl
, IPSEC_ALG_ENCR
,
1930 /* Call the nonce update function. Also passes in IV */
1931 (assoc
->ipsa_noncefunc
)(assoc
, (uchar_t
*)esph_ptr
, encr_len
,
1932 iv_ptr
, &ic
->ic_cmm
, &ic
->ic_crypto_data
);
1935 /* decryption only */
1936 /* initialize input data argument */
1937 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
1938 esp_mp
, encr_offset
, encr_len
);
1940 /* call the crypto framework */
1941 kef_rc
= crypto_decrypt((crypto_mechanism_t
*)
1942 &ic
->ic_cmm
, &ic
->ic_crypto_data
,
1943 &assoc
->ipsa_kcfencrkey
, encr_ctx_tmpl
,
1948 if (do_auth
&& do_encr
) {
1949 /* dual operation */
1950 /* initialize input data argument */
1951 ESP_INIT_CRYPTO_DUAL_DATA(&ic
->ic_crypto_dual_data
,
1952 esp_mp
, auth_offset
, auth_len
,
1953 encr_offset
, encr_len
- icv_len
);
1956 ic
->ic_crypto_dual_data
.dd_miscdata
= (char *)iv_ptr
;
1958 /* call the framework */
1959 kef_rc
= crypto_mac_verify_decrypt(&assoc
->ipsa_amech
,
1960 &assoc
->ipsa_emech
, &ic
->ic_crypto_dual_data
,
1961 &assoc
->ipsa_kcfauthkey
, &assoc
->ipsa_kcfencrkey
,
1962 auth_ctx_tmpl
, encr_ctx_tmpl
, &ic
->ic_crypto_mac
,
1967 case CRYPTO_SUCCESS
:
1968 ESP_BUMP_STAT(espstack
, crypto_sync
);
1969 esp_mp
= esp_in_done(esp_mp
, ira
, ic
);
1971 /* Free mp after we are done with ic */
1972 mp
= ipsec_free_crypto_data(mp
);
1973 (void) ip_recv_attr_free_mblk(mp
);
1977 /* esp_kcf_callback_inbound() will be invoked on completion */
1978 ESP_BUMP_STAT(espstack
, crypto_async
);
1980 case CRYPTO_INVALID_MAC
:
1982 mp
= ipsec_free_crypto_data(mp
);
1983 esp_mp
= ip_recv_attr_free_mblk(mp
);
1985 ESP_BUMP_STAT(espstack
, crypto_sync
);
1986 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1987 esp_log_bad_auth(esp_mp
, ira
);
1988 /* esp_mp was passed to ip_drop_packet */
1993 mp
= ipsec_free_crypto_data(mp
);
1994 esp_mp
= ip_recv_attr_free_mblk(mp
);
1996 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1997 esp_crypto_failed(esp_mp
, B_TRUE
, kef_rc
, ira
->ira_ill
, espstack
);
1998 /* esp_mp was passed to ip_drop_packet */
2003 * Compute the IP and UDP checksums -- common code for both keepalives and
2004 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP
2005 * uses mblk-insertion to insert the UDP header.
2006 * TODO - If there is an easy way to prep a packet for HW checksums, make
2008 * Note that this is used before both before calling ip_output_simple and
2009 * in the esp datapath. The former could use IXAF_SET_ULP_CKSUM but not the
2013 esp_prepare_udp(netstack_t
*ns
, mblk_t
*mp
, ipha_t
*ipha
)
2019 uint_t hlen
= IPH_HDR_LENGTH(ipha
);
2021 ASSERT(MBLKL(mp
) >= sizeof (ipha_t
));
2023 ipha
->ipha_hdr_checksum
= 0;
2024 ipha
->ipha_hdr_checksum
= ip_csum_hdr(ipha
);
2026 if (ns
->netstack_udp
->us_do_checksum
) {
2027 ASSERT(MBLKL(udpmp
) >= sizeof (udpha_t
));
2028 /* arr points to the IP header. */
2029 arr
= (uint16_t *)ipha
;
2030 IP_STAT(ns
->netstack_ip
, ip_out_sw_cksum
);
2031 IP_STAT_UPDATE(ns
->netstack_ip
, ip_out_sw_cksum_bytes
,
2032 ntohs(htons(ipha
->ipha_length
) - hlen
));
2033 /* arr[6-9] are the IP addresses. */
2034 cksum
= IP_UDP_CSUM_COMP
+ arr
[6] + arr
[7] + arr
[8] + arr
[9] +
2035 ntohs(htons(ipha
->ipha_length
) - hlen
);
2036 cksum
= IP_CSUM(mp
, hlen
, cksum
);
2037 offset
= hlen
+ UDP_CHECKSUM_OFFSET
;
2038 while (offset
>= MBLKL(udpmp
)) {
2039 offset
-= MBLKL(udpmp
);
2040 udpmp
= udpmp
->b_cont
;
2042 /* arr points to the UDP header's checksum field. */
2043 arr
= (uint16_t *)(udpmp
->b_rptr
+ offset
);
2049 * taskq handler so we can send the NAT-T keepalive on a separate thread.
2052 actually_send_keepalive(void *arg
)
2054 mblk_t
*mp
= (mblk_t
*)arg
;
2055 ip_xmit_attr_t ixas
;
2057 netstackid_t stackid
;
2059 stackid
= (netstackid_t
)(uintptr_t)mp
->b_prev
;
2061 ns
= netstack_find_by_stackid(stackid
);
2064 ip_drop_output("ipIfStatsOutDiscards", mp
, NULL
);
2069 bzero(&ixas
, sizeof (ixas
));
2070 ixas
.ixa_zoneid
= ALL_ZONES
;
2071 ixas
.ixa_cred
= kcred
;
2072 ixas
.ixa_cpid
= NOPID
;
2073 ixas
.ixa_tsl
= NULL
;
2074 ixas
.ixa_ipst
= ns
->netstack_ip
;
2075 /* No ULP checksum; done by esp_prepare_udp */
2076 ixas
.ixa_flags
= (IXAF_IS_IPV4
| IXAF_NO_IPSEC
| IXAF_VERIFY_SOURCE
);
2078 (void) ip_output_simple(mp
, &ixas
);
2084 * Send a one-byte UDP NAT-T keepalive.
2087 ipsecesp_send_keepalive(ipsa_t
*assoc
)
2092 netstack_t
*ns
= assoc
->ipsa_netstack
;
2094 ASSERT(MUTEX_NOT_HELD(&assoc
->ipsa_lock
));
2096 mp
= allocb(sizeof (ipha_t
) + sizeof (udpha_t
) + 1, BPRI_HI
);
2099 ipha
= (ipha_t
*)mp
->b_rptr
;
2100 ipha
->ipha_version_and_hdr_length
= IP_SIMPLE_HDR_VERSION
;
2101 ipha
->ipha_type_of_service
= 0;
2102 ipha
->ipha_length
= htons(sizeof (ipha_t
) + sizeof (udpha_t
) + 1);
2103 /* Use the low-16 of the SPI so we have some clue where it came from. */
2104 ipha
->ipha_ident
= *(((uint16_t *)(&assoc
->ipsa_spi
)) + 1);
2105 ipha
->ipha_fragment_offset_and_flags
= 0; /* Too small to fragment! */
2106 ipha
->ipha_ttl
= 0xFF;
2107 ipha
->ipha_protocol
= IPPROTO_UDP
;
2108 ipha
->ipha_hdr_checksum
= 0;
2109 ipha
->ipha_src
= assoc
->ipsa_srcaddr
[0];
2110 ipha
->ipha_dst
= assoc
->ipsa_dstaddr
[0];
2111 udpha
= (udpha_t
*)(ipha
+ 1);
2112 udpha
->uha_src_port
= (assoc
->ipsa_local_nat_port
!= 0) ?
2113 assoc
->ipsa_local_nat_port
: htons(IPPORT_IKE_NATT
);
2114 udpha
->uha_dst_port
= (assoc
->ipsa_remote_nat_port
!= 0) ?
2115 assoc
->ipsa_remote_nat_port
: htons(IPPORT_IKE_NATT
);
2116 udpha
->uha_length
= htons(sizeof (udpha_t
) + 1);
2117 udpha
->uha_checksum
= 0;
2118 mp
->b_wptr
= (uint8_t *)(udpha
+ 1);
2119 *(mp
->b_wptr
++) = 0xFF;
2121 esp_prepare_udp(ns
, mp
, ipha
);
2124 * We're holding an isaf_t bucket lock, so pawn off the actual
2125 * packet transmission to another thread. Just in case syncq
2126 * processing causes a same-bucket packet to be processed.
2128 mp
->b_prev
= (mblk_t
*)(uintptr_t)ns
->netstack_stackid
;
2130 if (taskq_dispatch(esp_taskq
, actually_send_keepalive
, mp
,
2132 /* Assume no memory if taskq_dispatch() fails. */
2134 ip_drop_packet(mp
, B_FALSE
, NULL
,
2135 DROPPER(ns
->netstack_ipsec
, ipds_esp_nomem
),
2136 &ns
->netstack_ipsecesp
->esp_dropper
);
2141 * Returns mp if successfully completed the request. Returns
2142 * NULL if it failed (and increments InDiscards) or if it is pending.
2145 esp_submit_req_outbound(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
, ipsa_t
*assoc
,
2146 uchar_t
*icv_buf
, uint_t payload_len
)
2149 crypto_call_req_t call_req
, *callrp
;
2153 int kef_rc
= CRYPTO_FAILED
;
2154 uint_t icv_len
= assoc
->ipsa_mac_len
;
2155 crypto_ctx_template_t auth_ctx_tmpl
;
2156 boolean_t do_auth
, do_encr
, force
;
2157 uint_t iv_len
= assoc
->ipsa_iv_len
;
2158 crypto_ctx_template_t encr_ctx_tmpl
;
2159 boolean_t is_natt
= ((assoc
->ipsa_flags
& IPSA_F_NATT
) != 0);
2160 size_t esph_offset
= (is_natt
? UDPH_SIZE
: 0);
2161 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
2162 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2163 ipsec_crypto_t
*ic
, icstack
;
2165 crypto_data_t
*cd_ptr
= NULL
;
2166 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
2167 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2169 esp3dbg(espstack
, ("esp_submit_req_outbound:%s",
2170 is_natt
? "natt" : "not natt"));
2172 do_encr
= assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
;
2173 do_auth
= assoc
->ipsa_auth_alg
!= SADB_AALG_NONE
;
2174 force
= (assoc
->ipsa_flags
& IPSA_F_ASYNC
);
2176 #ifdef IPSEC_LATENCY_TEST
2177 kef_rc
= CRYPTO_SUCCESS
;
2179 kef_rc
= CRYPTO_FAILED
;
2183 * Outbound IPsec packets are of the form:
2184 * [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
2185 * unless it's NATT, then it's
2186 * [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
2187 * Get a pointer to the mblk containing the ESP header.
2189 ASSERT(data_mp
->b_cont
!= NULL
);
2190 esp_mp
= data_mp
->b_cont
;
2191 esph_ptr
= (esph_t
*)(esp_mp
->b_rptr
+ esph_offset
);
2192 iv_ptr
= (uchar_t
*)(esph_ptr
+ 1);
2195 * Combined mode algs need a nonce. This is setup in sadb_common_add().
2196 * If for some reason we are using a SA which does not have a nonce
2197 * then we must fail here.
2199 if ((assoc
->ipsa_flags
& IPSA_F_COUNTERMODE
) &&
2200 (assoc
->ipsa_nonce
== NULL
)) {
2201 ip_drop_packet(data_mp
, B_FALSE
, NULL
,
2202 DROPPER(ipss
, ipds_esp_nomem
), &espstack
->esp_dropper
);
2207 /* We are doing asynch; allocate mblks to hold state */
2208 if ((mp
= ip_xmit_attr_to_mblk(ixa
)) == NULL
||
2209 (mp
= ipsec_add_crypto_data(mp
, &ic
)) == NULL
) {
2210 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2211 ip_drop_output("ipIfStatsOutDiscards", data_mp
, ill
);
2218 ESP_INIT_CALLREQ(callrp
, mp
, esp_kcf_callback_outbound
);
2221 * If we know we are going to do sync then ipsec_crypto_t
2222 * should be on the stack.
2225 bzero(ic
, sizeof (*ic
));
2231 /* authentication context template */
2232 IPSEC_CTX_TMPL(assoc
, ipsa_authtmpl
, IPSEC_ALG_AUTH
,
2235 /* where to store the computed mac */
2236 ESP_INIT_CRYPTO_MAC(&ic
->ic_crypto_mac
,
2239 /* authentication starts at the ESP header */
2240 auth_len
= payload_len
+ iv_len
+ sizeof (esph_t
);
2242 /* authentication only */
2243 /* initialize input data argument */
2244 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
2245 esp_mp
, esph_offset
, auth_len
);
2247 /* call the crypto framework */
2248 kef_rc
= crypto_mac(&assoc
->ipsa_amech
,
2249 &ic
->ic_crypto_data
,
2250 &assoc
->ipsa_kcfauthkey
, auth_ctx_tmpl
,
2251 &ic
->ic_crypto_mac
, callrp
);
2256 /* encryption context template */
2257 IPSEC_CTX_TMPL(assoc
, ipsa_encrtmpl
, IPSEC_ALG_ENCR
,
2259 /* Call the nonce update function. */
2260 (assoc
->ipsa_noncefunc
)(assoc
, (uchar_t
*)esph_ptr
, payload_len
,
2261 iv_ptr
, &ic
->ic_cmm
, &ic
->ic_crypto_data
);
2264 /* encryption only, skip mblk that contains ESP hdr */
2265 /* initialize input data argument */
2266 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
2267 esp_mp
->b_cont
, 0, payload_len
);
2270 * For combined mode ciphers, the ciphertext is the same
2271 * size as the clear text, the ICV should follow the
2272 * ciphertext. To convince the kcf to allow in-line
2273 * encryption, with an ICV, use ipsec_out_crypto_mac
2274 * to point to the same buffer as the data. The calling
2275 * function need to ensure the buffer is large enough to
2278 * The IV is already written to the packet buffer, the
2279 * nonce setup function copied it to the params struct
2280 * for the cipher to use.
2282 if (assoc
->ipsa_flags
& IPSA_F_COMBINED
) {
2283 bcopy(&ic
->ic_crypto_data
,
2285 sizeof (crypto_data_t
));
2286 ic
->ic_crypto_mac
.cd_length
=
2287 payload_len
+ icv_len
;
2288 cd_ptr
= &ic
->ic_crypto_mac
;
2291 /* call the crypto framework */
2292 kef_rc
= crypto_encrypt((crypto_mechanism_t
*)
2293 &ic
->ic_cmm
, &ic
->ic_crypto_data
,
2294 &assoc
->ipsa_kcfencrkey
, encr_ctx_tmpl
,
2300 if (do_auth
&& do_encr
) {
2302 * Encryption and authentication:
2303 * Pass the pointer to the mblk chain starting at the ESP
2304 * header to the framework. Skip the ESP header mblk
2305 * for encryption, which is reflected by an encryption
2306 * offset equal to the length of that mblk. Start
2307 * the authentication at the ESP header, i.e. use an
2308 * authentication offset of zero.
2310 ESP_INIT_CRYPTO_DUAL_DATA(&ic
->ic_crypto_dual_data
,
2311 esp_mp
, MBLKL(esp_mp
), payload_len
, esph_offset
, auth_len
);
2314 ic
->ic_crypto_dual_data
.dd_miscdata
= (char *)iv_ptr
;
2316 /* call the framework */
2317 kef_rc
= crypto_encrypt_mac(&assoc
->ipsa_emech
,
2318 &assoc
->ipsa_amech
, NULL
,
2319 &assoc
->ipsa_kcfencrkey
, &assoc
->ipsa_kcfauthkey
,
2320 encr_ctx_tmpl
, auth_ctx_tmpl
,
2321 &ic
->ic_crypto_dual_data
,
2322 &ic
->ic_crypto_mac
, callrp
);
2326 case CRYPTO_SUCCESS
:
2327 ESP_BUMP_STAT(espstack
, crypto_sync
);
2328 esp_set_usetime(assoc
, B_FALSE
);
2330 mp
= ipsec_free_crypto_data(mp
);
2331 data_mp
= ip_xmit_attr_free_mblk(mp
);
2334 esp_prepare_udp(ns
, data_mp
, (ipha_t
*)data_mp
->b_rptr
);
2337 /* esp_kcf_callback_outbound() will be invoked on completion */
2338 ESP_BUMP_STAT(espstack
, crypto_async
);
2343 mp
= ipsec_free_crypto_data(mp
);
2344 data_mp
= ip_xmit_attr_free_mblk(mp
);
2346 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2347 esp_crypto_failed(data_mp
, B_FALSE
, kef_rc
, NULL
, espstack
);
2348 /* data_mp was passed to ip_drop_packet */
2353 * Handle outbound IPsec processing for IPv4 and IPv6
2355 * Returns data_mp if successfully completed the request. Returns
2356 * NULL if it failed (and increments InDiscards) or if it is pending.
2359 esp_outbound(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
2361 mblk_t
*espmp
, *tailmp
;
2364 esph_t
*esph_ptr
, *iv_ptr
;
2367 uintptr_t divpoint
, datalen
, adj
, padlen
, i
, alloclen
;
2368 uintptr_t esplen
= sizeof (esph_t
);
2371 uint_t iv_len
, block_size
, mac_len
= 0;
2374 boolean_t is_natt
= B_FALSE
;
2375 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
2376 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2377 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2378 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
2379 boolean_t need_refrele
= B_FALSE
;
2381 ESP_BUMP_STAT(espstack
, out_requests
);
2384 * <sigh> We have to copy the message here, because TCP (for example)
2385 * keeps a dupb() of the message lying around for retransmission.
2386 * Since ESP changes the whole of the datagram, we have to create our
2387 * own copy lest we clobber TCP's data. Since we have to copy anyway,
2388 * we might as well make use of msgpullup() and get the mblk into one
2391 tailmp
= msgpullup(data_mp
, -1);
2392 if (tailmp
== NULL
) {
2393 esp0dbg(("esp_outbound: msgpullup() failed, "
2394 "dropping packet.\n"));
2395 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2396 DROPPER(ipss
, ipds_esp_nomem
),
2397 &espstack
->esp_dropper
);
2398 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2404 assoc
= ixa
->ixa_ipsec_esp_sa
;
2405 ASSERT(assoc
!= NULL
);
2408 * Get the outer IP header in shape to escape this system..
2410 if (is_system_labeled() && (assoc
->ipsa_otsl
!= NULL
)) {
2412 * Need to update packet with any CIPSO option and update
2413 * ixa_tsl to capture the new label.
2414 * We allocate a separate ixa for that purpose.
2416 ixa
= ip_xmit_attr_duplicate(ixa
);
2418 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2419 DROPPER(ipss
, ipds_esp_nomem
),
2420 &espstack
->esp_dropper
);
2423 need_refrele
= B_TRUE
;
2425 label_hold(assoc
->ipsa_otsl
);
2426 ip_xmit_attr_replace_tsl(ixa
, assoc
->ipsa_otsl
);
2428 data_mp
= sadb_whack_label(data_mp
, assoc
, ixa
,
2429 DROPPER(ipss
, ipds_esp_nomem
), &espstack
->esp_dropper
);
2430 if (data_mp
== NULL
) {
2431 /* Packet dropped by sadb_whack_label */
2440 ipha
= (ipha_t
*)data_mp
->b_rptr
; /* So we can call esp_acquire(). */
2442 if (ixa
->ixa_flags
& IXAF_IS_IPV4
) {
2443 ASSERT(IPH_HDR_VERSION(ipha
) == IPV4_VERSION
);
2446 divpoint
= IPH_HDR_LENGTH(ipha
);
2447 datalen
= ntohs(ipha
->ipha_length
) - divpoint
;
2448 nhp
= (uint8_t *)&ipha
->ipha_protocol
;
2452 ASSERT(IPH_HDR_VERSION(ipha
) == IPV6_VERSION
);
2455 ip6h
= (ip6_t
*)ipha
;
2456 bzero(&ipp
, sizeof (ipp
));
2457 divpoint
= ip_find_hdr_v6(data_mp
, ip6h
, B_FALSE
, &ipp
, NULL
);
2458 if (ipp
.ipp_dstopts
!= NULL
&&
2459 ipp
.ipp_dstopts
->ip6d_nxt
!= IPPROTO_ROUTING
) {
2461 * Destination options are tricky. If we get in here,
2462 * then we have a terminal header following the
2463 * destination options. We need to adjust backwards
2464 * so we insert ESP BEFORE the destination options
2465 * bag. (So that the dstopts get encrypted!)
2467 * Since this is for outbound packets only, we know
2468 * that non-terminal destination options only precede
2471 divpoint
-= ipp
.ipp_dstoptslen
;
2473 datalen
= ntohs(ip6h
->ip6_plen
) + sizeof (ip6_t
) - divpoint
;
2475 if (ipp
.ipp_rthdr
!= NULL
) {
2476 nhp
= &ipp
.ipp_rthdr
->ip6r_nxt
;
2477 } else if (ipp
.ipp_hopopts
!= NULL
) {
2478 nhp
= &ipp
.ipp_hopopts
->ip6h_nxt
;
2480 ASSERT(divpoint
== sizeof (ip6_t
));
2481 /* It's probably IP + ESP. */
2482 nhp
= &ip6h
->ip6_nxt
;
2486 mac_len
= assoc
->ipsa_mac_len
;
2488 if (assoc
->ipsa_flags
& IPSA_F_NATT
) {
2489 /* wedge in UDP header */
2491 esplen
+= UDPH_SIZE
;
2495 * Set up ESP header and encryption padding for ENCR PI request.
2498 /* Determine the padding length. Pad to 4-bytes for no-encryption. */
2499 if (assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
) {
2500 iv_len
= assoc
->ipsa_iv_len
;
2501 block_size
= assoc
->ipsa_datalen
;
2504 * Pad the data to the length of the cipher block size.
2505 * Include the two additional bytes (hence the - 2) for the
2506 * padding length and the next header. Take this into account
2507 * when calculating the actual length of the padding.
2509 ASSERT(ISP2(iv_len
));
2510 padlen
= ((unsigned)(block_size
- datalen
- 2)) &
2514 padlen
= ((unsigned)(sizeof (uint32_t) - datalen
- 2)) &
2515 (sizeof (uint32_t) - 1);
2518 /* Allocate ESP header and IV. */
2522 * Update association byte-count lifetimes. Don't forget to take
2523 * into account the padding length and next-header (hence the + 2).
2525 * Use the amount of data fed into the "encryption algorithm". This
2526 * is the IV, the data length, the padding length, and the final two
2527 * bytes (padlen, and next-header).
2531 if (!esp_age_bytes(assoc
, datalen
+ padlen
+ iv_len
+ 2, B_FALSE
)) {
2532 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2533 DROPPER(ipss
, ipds_esp_bytes_expire
),
2534 &espstack
->esp_dropper
);
2535 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2541 espmp
= allocb(esplen
, BPRI_HI
);
2542 if (espmp
== NULL
) {
2543 ESP_BUMP_STAT(espstack
, out_discards
);
2544 esp1dbg(espstack
, ("esp_outbound: can't allocate espmp.\n"));
2545 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2546 DROPPER(ipss
, ipds_esp_nomem
),
2547 &espstack
->esp_dropper
);
2548 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2553 espmp
->b_wptr
+= esplen
;
2554 esph_ptr
= (esph_t
*)espmp
->b_rptr
;
2557 esp3dbg(espstack
, ("esp_outbound: NATT"));
2559 udpha
= (udpha_t
*)espmp
->b_rptr
;
2560 udpha
->uha_src_port
= (assoc
->ipsa_local_nat_port
!= 0) ?
2561 assoc
->ipsa_local_nat_port
: htons(IPPORT_IKE_NATT
);
2562 udpha
->uha_dst_port
= (assoc
->ipsa_remote_nat_port
!= 0) ?
2563 assoc
->ipsa_remote_nat_port
: htons(IPPORT_IKE_NATT
);
2565 * Set the checksum to 0, so that the esp_prepare_udp() call
2566 * can do the right thing.
2568 udpha
->uha_checksum
= 0;
2569 esph_ptr
= (esph_t
*)(udpha
+ 1);
2572 esph_ptr
->esph_spi
= assoc
->ipsa_spi
;
2574 esph_ptr
->esph_replay
= htonl(atomic_inc_32_nv(&assoc
->ipsa_replay
));
2575 if (esph_ptr
->esph_replay
== 0 && assoc
->ipsa_replay_wsize
!= 0) {
2577 * XXX We have replay counter wrapping.
2578 * We probably want to nuke this SA (and its peer).
2580 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
2581 SL_ERROR
| SL_CONSOLE
| SL_WARN
,
2582 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n",
2583 esph_ptr
->esph_spi
, assoc
->ipsa_dstaddr
, af
,
2584 espstack
->ipsecesp_netstack
);
2586 ESP_BUMP_STAT(espstack
, out_discards
);
2587 sadb_replay_delete(assoc
);
2588 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2589 DROPPER(ipss
, ipds_esp_replay
),
2590 &espstack
->esp_dropper
);
2591 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2597 iv_ptr
= (esph_ptr
+ 1);
2599 * iv_ptr points to the mblk which will contain the IV once we have
2600 * written it there. This mblk will be part of a mblk chain that
2601 * will make up the packet.
2603 * For counter mode algorithms, the IV is a 64 bit quantity, it
2604 * must NEVER repeat in the lifetime of the SA, otherwise an
2605 * attacker who had recorded enough packets might be able to
2606 * determine some clear text.
2608 * To ensure this does not happen, the IV is stored in the SA and
2609 * incremented for each packet, the IV is then copied into the
2610 * "packet" for transmission to the receiving system. The IV will
2611 * also be copied into the nonce, when the packet is encrypted.
2613 * CBC mode algorithms use a random IV for each packet. We do not
2614 * require the highest quality random bits, but for best security
2615 * with CBC mode ciphers, the value must be unlikely to repeat and
2616 * must not be known in advance to an adversary capable of influencing
2619 if (!update_iv((uint8_t *)iv_ptr
, espstack
->esp_pfkey_q
, assoc
,
2621 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2622 DROPPER(ipss
, ipds_esp_iv_wrap
), &espstack
->esp_dropper
);
2628 /* Fix the IP header. */
2629 alloclen
= padlen
+ 2 + mac_len
;
2630 adj
= alloclen
+ (espmp
->b_wptr
- espmp
->b_rptr
);
2634 if (ixa
->ixa_flags
& IXAF_IS_IPV4
) {
2635 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) + adj
);
2638 udpha
->uha_length
= htons(ntohs(ipha
->ipha_length
) -
2639 IPH_HDR_LENGTH(ipha
));
2643 ipha
->ipha_hdr_checksum
= 0;
2644 ipha
->ipha_hdr_checksum
= (uint16_t)ip_csum_hdr(ipha
);
2646 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) + adj
);
2650 /* I've got the two ESP mblks, now insert them. */
2652 esp2dbg(espstack
, ("data_mp before outbound ESP adjustment:\n"));
2653 esp2dbg(espstack
, (dump_msg(data_mp
)));
2655 if (!esp_insert_esp(data_mp
, espmp
, divpoint
, espstack
)) {
2656 ESP_BUMP_STAT(espstack
, out_discards
);
2657 /* NOTE: esp_insert_esp() only fails if there's no memory. */
2658 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2659 DROPPER(ipss
, ipds_esp_nomem
),
2660 &espstack
->esp_dropper
);
2662 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2668 /* Append padding (and leave room for ICV). */
2669 for (tailmp
= data_mp
; tailmp
->b_cont
!= NULL
; tailmp
= tailmp
->b_cont
)
2671 if (tailmp
->b_wptr
+ alloclen
> tailmp
->b_datap
->db_lim
) {
2672 tailmp
->b_cont
= allocb(alloclen
, BPRI_HI
);
2673 if (tailmp
->b_cont
== NULL
) {
2674 ESP_BUMP_STAT(espstack
, out_discards
);
2675 esp0dbg(("esp_outbound: Can't allocate tailmp.\n"));
2676 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2677 DROPPER(ipss
, ipds_esp_nomem
),
2678 &espstack
->esp_dropper
);
2679 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2684 tailmp
= tailmp
->b_cont
;
2688 * If there's padding, N bytes of padding must be of the form 0x1,
2691 for (i
= 0; i
< padlen
; ) {
2693 *tailmp
->b_wptr
++ = i
;
2695 *tailmp
->b_wptr
++ = i
;
2696 *tailmp
->b_wptr
++ = protocol
;
2698 esp2dbg(espstack
, ("data_Mp before encryption:\n"));
2699 esp2dbg(espstack
, (dump_msg(data_mp
)));
2702 * Okay. I've set up the pre-encryption ESP. Let's do it!
2706 ASSERT(tailmp
->b_wptr
+ mac_len
<= tailmp
->b_datap
->db_lim
);
2707 icv_buf
= tailmp
->b_wptr
;
2708 tailmp
->b_wptr
+= mac_len
;
2713 data_mp
= esp_submit_req_outbound(data_mp
, ixa
, assoc
, icv_buf
,
2714 datalen
+ padlen
+ 2);
2721 * IP calls this to validate the ICMP errors that
2722 * we got from the network.
2725 ipsecesp_icmp_error(mblk_t
*data_mp
, ip_recv_attr_t
*ira
)
2727 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
2728 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2729 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2732 * Unless we get an entire packet back, this function is useless.
2735 * 1.) Partial packets are useless, because the "next header"
2736 * is at the end of the decrypted ESP packet. Without the
2737 * whole packet, this is useless.
2739 * 2.) If we every use a stateful cipher, such as a stream or a
2740 * one-time pad, we can't do anything.
2742 * Since the chances of us getting an entire packet back are very
2743 * very small, we discard here.
2745 IP_ESP_BUMP_STAT(ipss
, in_discards
);
2746 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
,
2747 DROPPER(ipss
, ipds_esp_icmp
),
2748 &espstack
->esp_dropper
);
2753 * Construct an SADB_REGISTER message with the current algorithms.
2754 * This function gets called when 'ipsecalgs -s' is run or when
2755 * in.iked (or other KMD) starts.
2758 esp_register_out(uint32_t sequence
, uint32_t pid
, uint_t serial
,
2759 ipsecesp_stack_t
*espstack
, cred_t
*cr
)
2761 mblk_t
*pfkey_msg_mp
, *keysock_out_mp
;
2763 sadb_supported_t
*sasupp_auth
= NULL
;
2764 sadb_supported_t
*sasupp_encr
= NULL
;
2766 uint_t allocsize
= sizeof (*samsg
);
2767 uint_t i
, numalgs_snap
;
2769 ipsec_alginfo_t
**authalgs
;
2772 ipsec_alginfo_t
**encralgs
;
2774 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
2776 size_t sens_len
= 0;
2777 sadb_ext_t
*nextext
;
2778 ts_label_t
*sens_tsl
= NULL
;
2780 /* Allocate the KEYSOCK_OUT. */
2781 keysock_out_mp
= sadb_keysock_out(serial
);
2782 if (keysock_out_mp
== NULL
) {
2783 esp0dbg(("esp_register_out: couldn't allocate mblk.\n"));
2787 if (is_system_labeled() && (cr
!= NULL
)) {
2788 sens_tsl
= crgetlabel(cr
);
2789 if (sens_tsl
!= NULL
) {
2790 sens_len
= sadb_sens_len_from_label(sens_tsl
);
2791 allocsize
+= sens_len
;
2796 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
2799 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
2801 * Fill SADB_REGISTER message's algorithm descriptors. Hold
2802 * down the lock while filling it.
2804 * Return only valid algorithms, so the number of algorithms
2805 * to send up may be less than the number of algorithm entries
2808 authalgs
= ipss
->ipsec_alglists
[IPSEC_ALG_AUTH
];
2809 for (num_aalgs
= 0, i
= 0; i
< IPSEC_MAX_ALGS
; i
++)
2810 if (authalgs
[i
] != NULL
&& ALG_VALID(authalgs
[i
]))
2813 if (num_aalgs
!= 0) {
2814 allocsize
+= (num_aalgs
* sizeof (*saalg
));
2815 allocsize
+= sizeof (*sasupp_auth
);
2817 encralgs
= ipss
->ipsec_alglists
[IPSEC_ALG_ENCR
];
2818 for (num_ealgs
= 0, i
= 0; i
< IPSEC_MAX_ALGS
; i
++)
2819 if (encralgs
[i
] != NULL
&& ALG_VALID(encralgs
[i
]))
2822 if (num_ealgs
!= 0) {
2823 allocsize
+= (num_ealgs
* sizeof (*saalg
));
2824 allocsize
+= sizeof (*sasupp_encr
);
2826 keysock_out_mp
->b_cont
= allocb(allocsize
, BPRI_HI
);
2827 if (keysock_out_mp
->b_cont
== NULL
) {
2828 rw_exit(&ipss
->ipsec_alg_lock
);
2829 freemsg(keysock_out_mp
);
2832 pfkey_msg_mp
= keysock_out_mp
->b_cont
;
2833 pfkey_msg_mp
->b_wptr
+= allocsize
;
2835 nextext
= (sadb_ext_t
*)(pfkey_msg_mp
->b_rptr
+ sizeof (*samsg
));
2837 if (num_aalgs
!= 0) {
2838 sasupp_auth
= (sadb_supported_t
*)nextext
;
2839 saalg
= (sadb_alg_t
*)(sasupp_auth
+ 1);
2841 ASSERT(((ulong_t
)saalg
& 0x7) == 0);
2845 ((i
< IPSEC_MAX_ALGS
) && (numalgs_snap
< num_aalgs
));
2847 if (authalgs
[i
] == NULL
|| !ALG_VALID(authalgs
[i
]))
2850 saalg
->sadb_alg_id
= authalgs
[i
]->alg_id
;
2851 saalg
->sadb_alg_ivlen
= 0;
2852 saalg
->sadb_alg_minbits
= authalgs
[i
]->alg_ef_minbits
;
2853 saalg
->sadb_alg_maxbits
= authalgs
[i
]->alg_ef_maxbits
;
2854 saalg
->sadb_x_alg_increment
=
2855 authalgs
[i
]->alg_increment
;
2856 saalg
->sadb_x_alg_saltbits
= SADB_8TO1(
2857 authalgs
[i
]->alg_saltlen
);
2861 ASSERT(numalgs_snap
== num_aalgs
);
2864 * Reality check to make sure I snagged all of the
2867 for (; i
< IPSEC_MAX_ALGS
; i
++) {
2868 if (authalgs
[i
] != NULL
&& ALG_VALID(authalgs
[i
])) {
2869 cmn_err(CE_PANIC
, "esp_register_out()! "
2870 "Missed aalg #%d.\n", i
);
2874 nextext
= (sadb_ext_t
*)saalg
;
2877 if (num_ealgs
!= 0) {
2878 sasupp_encr
= (sadb_supported_t
*)nextext
;
2879 saalg
= (sadb_alg_t
*)(sasupp_encr
+ 1);
2883 ((i
< IPSEC_MAX_ALGS
) && (numalgs_snap
< num_ealgs
)); i
++) {
2884 if (encralgs
[i
] == NULL
|| !ALG_VALID(encralgs
[i
]))
2886 saalg
->sadb_alg_id
= encralgs
[i
]->alg_id
;
2887 saalg
->sadb_alg_ivlen
= encralgs
[i
]->alg_ivlen
;
2888 saalg
->sadb_alg_minbits
= encralgs
[i
]->alg_ef_minbits
;
2889 saalg
->sadb_alg_maxbits
= encralgs
[i
]->alg_ef_maxbits
;
2891 * We could advertise the ICV length, except there
2892 * is not a value in sadb_x_algb to do this.
2893 * saalg->sadb_alg_maclen = encralgs[i]->alg_maclen;
2895 saalg
->sadb_x_alg_increment
=
2896 encralgs
[i
]->alg_increment
;
2897 saalg
->sadb_x_alg_saltbits
=
2898 SADB_8TO1(encralgs
[i
]->alg_saltlen
);
2903 ASSERT(numalgs_snap
== num_ealgs
);
2906 * Reality check to make sure I snagged all of the
2909 for (; i
< IPSEC_MAX_ALGS
; i
++) {
2910 if (encralgs
[i
] != NULL
&& ALG_VALID(encralgs
[i
])) {
2911 cmn_err(CE_PANIC
, "esp_register_out()! "
2912 "Missed ealg #%d.\n", i
);
2916 nextext
= (sadb_ext_t
*)saalg
;
2919 current_aalgs
= num_aalgs
;
2920 current_ealgs
= num_ealgs
;
2922 rw_exit(&ipss
->ipsec_alg_lock
);
2924 if (sens_tsl
!= NULL
) {
2925 sens
= (sadb_sens_t
*)nextext
;
2926 sadb_sens_from_label(sens
, SADB_EXT_SENSITIVITY
,
2927 sens_tsl
, sens_len
);
2929 nextext
= (sadb_ext_t
*)(((uint8_t *)sens
) + sens_len
);
2932 /* Now fill the rest of the SADB_REGISTER message. */
2934 samsg
= (sadb_msg_t
*)pfkey_msg_mp
->b_rptr
;
2935 samsg
->sadb_msg_version
= PF_KEY_V2
;
2936 samsg
->sadb_msg_type
= SADB_REGISTER
;
2937 samsg
->sadb_msg_errno
= 0;
2938 samsg
->sadb_msg_satype
= SADB_SATYPE_ESP
;
2939 samsg
->sadb_msg_len
= SADB_8TO64(allocsize
);
2940 samsg
->sadb_msg_reserved
= 0;
2942 * Assume caller has sufficient sequence/pid number info. If it's one
2943 * from me over a new alg., I could give two hoots about sequence.
2945 samsg
->sadb_msg_seq
= sequence
;
2946 samsg
->sadb_msg_pid
= pid
;
2948 if (sasupp_auth
!= NULL
) {
2949 sasupp_auth
->sadb_supported_len
= SADB_8TO64(
2950 sizeof (*sasupp_auth
) + sizeof (*saalg
) * current_aalgs
);
2951 sasupp_auth
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
2952 sasupp_auth
->sadb_supported_reserved
= 0;
2955 if (sasupp_encr
!= NULL
) {
2956 sasupp_encr
->sadb_supported_len
= SADB_8TO64(
2957 sizeof (*sasupp_encr
) + sizeof (*saalg
) * current_ealgs
);
2958 sasupp_encr
->sadb_supported_exttype
=
2959 SADB_EXT_SUPPORTED_ENCRYPT
;
2960 sasupp_encr
->sadb_supported_reserved
= 0;
2963 if (espstack
->esp_pfkey_q
!= NULL
)
2964 putnext(espstack
->esp_pfkey_q
, keysock_out_mp
);
2966 freemsg(keysock_out_mp
);
2974 * Invoked when the algorithm table changes. Causes SADB_REGISTER
2975 * messages continaining the current list of algorithms to be
2976 * sent up to the ESP listeners.
2979 ipsecesp_algs_changed(netstack_t
*ns
)
2981 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2984 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners
2985 * everywhere. (The function itself checks for NULL esp_pfkey_q.)
2987 (void) esp_register_out(0, 0, 0, espstack
, NULL
);
2991 * Stub function that taskq_dispatch() invokes to take the mblk (in arg)
2992 * and send() it into ESP and IP again.
2995 inbound_task(void *arg
)
2997 mblk_t
*mp
= (mblk_t
*)arg
;
2999 ip_recv_attr_t iras
;
3002 mp
= async_mp
->b_cont
;
3003 async_mp
->b_cont
= NULL
;
3004 if (!ip_recv_attr_from_mblk(async_mp
, &iras
)) {
3005 /* The ill or ip_stack_t disappeared on us */
3006 ip_drop_input("ip_recv_attr_from_mblk", mp
, NULL
);
3011 esp_inbound_restart(mp
, &iras
);
3013 ira_cleanup(&iras
, B_TRUE
);
3017 * Restart ESP after the SA has been added.
3020 esp_inbound_restart(mblk_t
*mp
, ip_recv_attr_t
*ira
)
3023 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
3024 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3026 esp2dbg(espstack
, ("in ESP inbound_task"));
3027 ASSERT(espstack
!= NULL
);
3029 mp
= ipsec_inbound_esp_sa(mp
, ira
, &esph
);
3033 ASSERT(esph
!= NULL
);
3034 ASSERT(ira
->ira_flags
& IRAF_IPSEC_SECURE
);
3035 ASSERT(ira
->ira_ipsec_esp_sa
!= NULL
);
3037 mp
= ira
->ira_ipsec_esp_sa
->ipsa_input_func(mp
, esph
, ira
);
3040 * Either it failed or is pending. In the former case
3041 * ipIfStatsInDiscards was increased.
3046 ip_input_post_ipsec(mp
, ira
);
3050 * Now that weak-key passed, actually ADD the security association, and
3051 * send back a reply ADD message.
3054 esp_add_sa_finish(mblk_t
*mp
, sadb_msg_t
*samsg
, keysock_in_t
*ksi
,
3055 int *diagnostic
, ipsecesp_stack_t
*espstack
)
3057 isaf_t
*primary
= NULL
, *secondary
;
3058 boolean_t clone
= B_FALSE
, is_inbound
= B_FALSE
;
3059 ipsa_t
*larval
= NULL
;
3061 iacqf_t
*acq_bucket
;
3062 mblk_t
*acq_msgs
= NULL
;
3067 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
3070 * Locate the appropriate table(s).
3072 sq
.spp
= &espstack
->esp_sadb
; /* XXX */
3073 error
= sadb_form_query(ksi
, IPSA_Q_SA
|IPSA_Q_DST
,
3074 IPSA_Q_SA
|IPSA_Q_DST
|IPSA_Q_INBOUND
|IPSA_Q_OUTBOUND
,
3080 * Use the direction flags provided by the KMD to determine
3081 * if the inbound or outbound table should be the primary
3082 * for this SA. If these flags were absent then make this
3083 * decision based on the addresses.
3085 if (sq
.assoc
->sadb_sa_flags
& IPSA_F_INBOUND
) {
3086 primary
= sq
.inbound
;
3087 secondary
= sq
.outbound
;
3088 is_inbound
= B_TRUE
;
3089 if (sq
.assoc
->sadb_sa_flags
& IPSA_F_OUTBOUND
)
3091 } else if (sq
.assoc
->sadb_sa_flags
& IPSA_F_OUTBOUND
) {
3092 primary
= sq
.outbound
;
3093 secondary
= sq
.inbound
;
3096 if (primary
== NULL
) {
3098 * The KMD did not set a direction flag, determine which
3099 * table to insert the SA into based on addresses.
3101 switch (ksi
->ks_in_dsttype
) {
3102 case KS_IN_ADDR_MBCAST
:
3103 clone
= B_TRUE
; /* All mcast SAs can be bidirectional */
3104 sq
.assoc
->sadb_sa_flags
|= IPSA_F_OUTBOUND
;
3107 * If the source address is either one of mine, or unspecified
3108 * (which is best summed up by saying "not 'not mine'"),
3109 * then the association is potentially bi-directional,
3110 * in that it can be used for inbound traffic and outbound
3111 * traffic. The best example of such an SA is a multicast
3112 * SA (which allows me to receive the outbound traffic).
3115 sq
.assoc
->sadb_sa_flags
|= IPSA_F_INBOUND
;
3116 primary
= sq
.inbound
;
3117 secondary
= sq
.outbound
;
3118 if (ksi
->ks_in_srctype
!= KS_IN_ADDR_NOTME
)
3120 is_inbound
= B_TRUE
;
3123 * If the source address literally not mine (either
3124 * unspecified or not mine), then this SA may have an
3125 * address that WILL be mine after some configuration.
3126 * We pay the price for this by making it a bi-directional
3129 case KS_IN_ADDR_NOTME
:
3130 sq
.assoc
->sadb_sa_flags
|= IPSA_F_OUTBOUND
;
3131 primary
= sq
.outbound
;
3132 secondary
= sq
.inbound
;
3133 if (ksi
->ks_in_srctype
!= KS_IN_ADDR_ME
) {
3134 sq
.assoc
->sadb_sa_flags
|= IPSA_F_INBOUND
;
3139 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_DST
;
3145 * Find a ACQUIRE list entry if possible. If we've added an SA that
3146 * suits the needs of an ACQUIRE list entry, we can eliminate the
3147 * ACQUIRE list entry and transmit the enqueued packets. Use the
3148 * high-bit of the sequence number to queue it. Key off destination
3149 * addr, and change acqrec's state.
3152 if (samsg
->sadb_msg_seq
& IACQF_LOWEST_SEQ
) {
3153 acq_bucket
= &(sq
.sp
->sdb_acq
[sq
.outhash
]);
3154 mutex_enter(&acq_bucket
->iacqf_lock
);
3155 for (acqrec
= acq_bucket
->iacqf_ipsacq
; acqrec
!= NULL
;
3156 acqrec
= acqrec
->ipsacq_next
) {
3157 mutex_enter(&acqrec
->ipsacq_lock
);
3159 * Q: I only check sequence. Should I check dst?
3160 * A: Yes, check dest because those are the packets
3161 * that are queued up.
3163 if (acqrec
->ipsacq_seq
== samsg
->sadb_msg_seq
&&
3164 IPSA_ARE_ADDR_EQUAL(sq
.dstaddr
,
3165 acqrec
->ipsacq_dstaddr
, acqrec
->ipsacq_addrfam
))
3167 mutex_exit(&acqrec
->ipsacq_lock
);
3169 if (acqrec
!= NULL
) {
3171 * AHA! I found an ACQUIRE record for this SA.
3172 * Grab the msg list, and free the acquire record.
3173 * I already am holding the lock for this record,
3174 * so all I have to do is free it.
3176 acq_msgs
= acqrec
->ipsacq_mp
;
3177 acqrec
->ipsacq_mp
= NULL
;
3178 mutex_exit(&acqrec
->ipsacq_lock
);
3179 sadb_destroy_acquire(acqrec
,
3180 espstack
->ipsecesp_netstack
);
3182 mutex_exit(&acq_bucket
->iacqf_lock
);
3186 * Find PF_KEY message, and see if I'm an update. If so, find entry
3187 * in larval list (if there).
3189 if (samsg
->sadb_msg_type
== SADB_UPDATE
) {
3190 mutex_enter(&sq
.inbound
->isaf_lock
);
3191 larval
= ipsec_getassocbyspi(sq
.inbound
, sq
.assoc
->sadb_sa_spi
,
3192 ALL_ZEROES_PTR
, sq
.dstaddr
, sq
.dst
->sin_family
);
3193 mutex_exit(&sq
.inbound
->isaf_lock
);
3195 if ((larval
== NULL
) ||
3196 (larval
->ipsa_state
!= IPSA_STATE_LARVAL
)) {
3197 *diagnostic
= SADB_X_DIAGNOSTIC_SA_NOTFOUND
;
3198 if (larval
!= NULL
) {
3199 IPSA_REFRELE(larval
);
3201 esp0dbg(("Larval update, but larval disappeared.\n"));
3203 } /* Else sadb_common_add unlinks it for me! */
3206 if (larval
!= NULL
) {
3208 * Hold again, because sadb_common_add() consumes a reference,
3209 * and we don't want to clear_lpkt() without a reference.
3211 IPSA_REFHOLD(larval
);
3214 rc
= sadb_common_add(espstack
->esp_pfkey_q
,
3215 mp
, samsg
, ksi
, primary
, secondary
, larval
, clone
, is_inbound
,
3216 diagnostic
, espstack
->ipsecesp_netstack
, &espstack
->esp_sadb
);
3218 if (larval
!= NULL
) {
3220 lpkt
= sadb_clear_lpkt(larval
);
3222 rc
= !taskq_dispatch(esp_taskq
, inbound_task
,
3226 IPSA_REFRELE(larval
);
3230 * How much more stack will I create with all of these
3231 * esp_outbound() calls?
3234 /* Handle the packets queued waiting for the SA */
3235 while (acq_msgs
!= NULL
) {
3238 ip_xmit_attr_t ixas
;
3242 acq_msgs
= acq_msgs
->b_next
;
3243 asyncmp
->b_next
= NULL
;
3246 * Extract the ip_xmit_attr_t from the first mblk.
3247 * Verifies that the netstack and ill is still around; could
3248 * have vanished while iked was doing its work.
3249 * On succesful return we have a nce_t and the ill/ipst can't
3250 * disappear until we do the nce_refrele in ixa_cleanup.
3252 data_mp
= asyncmp
->b_cont
;
3253 asyncmp
->b_cont
= NULL
;
3254 if (!ip_xmit_attr_from_mblk(asyncmp
, &ixas
)) {
3255 ESP_BUMP_STAT(espstack
, out_discards
);
3256 ip_drop_packet(data_mp
, B_FALSE
, NULL
,
3257 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3258 &espstack
->esp_dropper
);
3259 } else if (rc
!= 0) {
3260 ill
= ixas
.ixa_nce
->nce_ill
;
3261 ESP_BUMP_STAT(espstack
, out_discards
);
3262 ip_drop_packet(data_mp
, B_FALSE
, ill
,
3263 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3264 &espstack
->esp_dropper
);
3265 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
3267 esp_outbound_finish(data_mp
, &ixas
);
3276 * Process one of the queued messages (from ipsacq_mp) once the SA
3280 esp_outbound_finish(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
3282 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
3283 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3284 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3285 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
3287 if (!ipsec_outbound_sa(data_mp
, ixa
, IPPROTO_ESP
)) {
3288 ESP_BUMP_STAT(espstack
, out_discards
);
3289 ip_drop_packet(data_mp
, B_FALSE
, ill
,
3290 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3291 &espstack
->esp_dropper
);
3292 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
3296 data_mp
= esp_outbound(data_mp
, ixa
);
3297 if (data_mp
== NULL
)
3300 /* do AH processing if needed */
3301 data_mp
= esp_do_outbound_ah(data_mp
, ixa
);
3302 if (data_mp
== NULL
)
3305 (void) ip_output_post_ipsec(data_mp
, ixa
);
3309 * Add new ESP security association. This may become a generic AH/ESP
3310 * routine eventually.
3313 esp_add_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
, netstack_t
*ns
)
3315 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3316 sadb_address_t
*srcext
=
3317 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_SRC
];
3318 sadb_address_t
*dstext
=
3319 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3320 sadb_address_t
*isrcext
=
3321 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_INNER_SRC
];
3322 sadb_address_t
*idstext
=
3323 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_INNER_DST
];
3324 sadb_address_t
*nttext_loc
=
3325 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_NATT_LOC
];
3326 sadb_address_t
*nttext_rem
=
3327 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_NATT_REM
];
3328 sadb_key_t
*akey
= (sadb_key_t
*)ksi
->ks_in_extv
[SADB_EXT_KEY_AUTH
];
3329 sadb_key_t
*ekey
= (sadb_key_t
*)ksi
->ks_in_extv
[SADB_EXT_KEY_ENCRYPT
];
3330 struct sockaddr_in
*src
, *dst
;
3331 struct sockaddr_in
*natt_loc
, *natt_rem
;
3332 struct sockaddr_in6
*natt_loc6
, *natt_rem6
;
3333 sadb_lifetime_t
*soft
=
3334 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_EXT_LIFETIME_SOFT
];
3335 sadb_lifetime_t
*hard
=
3336 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_EXT_LIFETIME_HARD
];
3337 sadb_lifetime_t
*idle
=
3338 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_X_EXT_LIFETIME_IDLE
];
3339 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3340 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3344 /* I need certain extensions present for an ADD message. */
3345 if (srcext
== NULL
) {
3346 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SRC
;
3349 if (dstext
== NULL
) {
3350 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_DST
;
3353 if (isrcext
== NULL
&& idstext
!= NULL
) {
3354 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_INNER_SRC
;
3357 if (isrcext
!= NULL
&& idstext
== NULL
) {
3358 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_INNER_DST
;
3361 if (assoc
== NULL
) {
3362 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SA
;
3365 if (ekey
== NULL
&& assoc
->sadb_sa_encrypt
!= SADB_EALG_NULL
) {
3366 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_EKEY
;
3370 src
= (struct sockaddr_in
*)(srcext
+ 1);
3371 dst
= (struct sockaddr_in
*)(dstext
+ 1);
3372 natt_loc
= (struct sockaddr_in
*)(nttext_loc
+ 1);
3373 natt_loc6
= (struct sockaddr_in6
*)(nttext_loc
+ 1);
3374 natt_rem
= (struct sockaddr_in
*)(nttext_rem
+ 1);
3375 natt_rem6
= (struct sockaddr_in6
*)(nttext_rem
+ 1);
3377 /* Sundry ADD-specific reality checks. */
3378 /* XXX STATS : Logging/stats here? */
3380 if ((assoc
->sadb_sa_state
!= SADB_SASTATE_MATURE
) &&
3381 (assoc
->sadb_sa_state
!= SADB_X_SASTATE_ACTIVE_ELSEWHERE
)) {
3382 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_SASTATE
;
3385 if (assoc
->sadb_sa_encrypt
== SADB_EALG_NONE
) {
3386 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EALG
;
3390 #ifndef IPSEC_LATENCY_TEST
3391 if (assoc
->sadb_sa_encrypt
== SADB_EALG_NULL
&&
3392 assoc
->sadb_sa_auth
== SADB_AALG_NONE
) {
3393 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AALG
;
3398 if (assoc
->sadb_sa_flags
& ~espstack
->esp_sadb
.s_addflags
) {
3399 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_SAFLAGS
;
3403 if ((*diagnostic
= sadb_hardsoftchk(hard
, soft
, idle
)) != 0) {
3406 ASSERT(src
->sin_family
== dst
->sin_family
);
3408 if (assoc
->sadb_sa_flags
& SADB_X_SAFLAGS_NATT_LOC
) {
3409 if (nttext_loc
== NULL
) {
3410 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_NATT_LOC
;
3414 if (natt_loc
->sin_family
== AF_INET6
&&
3415 !IN6_IS_ADDR_V4MAPPED(&natt_loc6
->sin6_addr
)) {
3416 *diagnostic
= SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC
;
3421 if (assoc
->sadb_sa_flags
& SADB_X_SAFLAGS_NATT_REM
) {
3422 if (nttext_rem
== NULL
) {
3423 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_NATT_REM
;
3426 if (natt_rem
->sin_family
== AF_INET6
&&
3427 !IN6_IS_ADDR_V4MAPPED(&natt_rem6
->sin6_addr
)) {
3428 *diagnostic
= SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM
;
3434 /* Stuff I don't support, for now. XXX Diagnostic? */
3435 if (ksi
->ks_in_extv
[SADB_EXT_LIFETIME_CURRENT
] != NULL
)
3436 return (EOPNOTSUPP
);
3438 if ((*diagnostic
= sadb_labelchk(ksi
)) != 0)
3442 * XXX Policy : I'm not checking identities at this time,
3443 * but if I did, I'd do them here, before I sent
3444 * the weak key check up to the algorithm.
3447 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
3450 * First locate the authentication algorithm.
3452 #ifdef IPSEC_LATENCY_TEST
3453 if (akey
!= NULL
&& assoc
->sadb_sa_auth
!= SADB_AALG_NONE
) {
3457 ipsec_alginfo_t
*aalg
;
3459 aalg
= ipss
->ipsec_alglists
[IPSEC_ALG_AUTH
]
3460 [assoc
->sadb_sa_auth
];
3461 if (aalg
== NULL
|| !ALG_VALID(aalg
)) {
3462 rw_exit(&ipss
->ipsec_alg_lock
);
3463 esp1dbg(espstack
, ("Couldn't find auth alg #%d.\n",
3464 assoc
->sadb_sa_auth
));
3465 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AALG
;
3470 * Sanity check key sizes.
3471 * Note: It's not possible to use SADB_AALG_NONE because
3472 * this auth_alg is not defined with ALG_FLAG_VALID. If this
3473 * ever changes, the same check for SADB_AALG_NONE and
3474 * a auth_key != NULL should be made here ( see below).
3476 if (!ipsec_valid_key_size(akey
->sadb_key_bits
, aalg
)) {
3477 rw_exit(&ipss
->ipsec_alg_lock
);
3478 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AKEYBITS
;
3481 ASSERT(aalg
->alg_mech_type
!= CRYPTO_MECHANISM_INVALID
);
3483 /* check key and fix parity if needed */
3484 if (ipsec_check_key(aalg
->alg_mech_type
, akey
, B_TRUE
,
3486 rw_exit(&ipss
->ipsec_alg_lock
);
3492 * Then locate the encryption algorithm.
3496 ipsec_alginfo_t
*ealg
;
3498 ealg
= ipss
->ipsec_alglists
[IPSEC_ALG_ENCR
]
3499 [assoc
->sadb_sa_encrypt
];
3500 if (ealg
== NULL
|| !ALG_VALID(ealg
)) {
3501 rw_exit(&ipss
->ipsec_alg_lock
);
3502 esp1dbg(espstack
, ("Couldn't find encr alg #%d.\n",
3503 assoc
->sadb_sa_encrypt
));
3504 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EALG
;
3509 * Sanity check key sizes. If the encryption algorithm is
3510 * SADB_EALG_NULL but the encryption key is NOT
3511 * NULL then complain.
3513 * The keying material includes salt bits if required by
3514 * algorithm and optionally the Initial IV, check the
3515 * length of whats left.
3517 keybits
= ekey
->sadb_key_bits
;
3518 keybits
-= ekey
->sadb_key_reserved
;
3519 keybits
-= SADB_8TO1(ealg
->alg_saltlen
);
3520 if ((assoc
->sadb_sa_encrypt
== SADB_EALG_NULL
) ||
3521 (!ipsec_valid_key_size(keybits
, ealg
))) {
3522 rw_exit(&ipss
->ipsec_alg_lock
);
3523 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EKEYBITS
;
3526 ASSERT(ealg
->alg_mech_type
!= CRYPTO_MECHANISM_INVALID
);
3529 if (ipsec_check_key(ealg
->alg_mech_type
, ekey
, B_FALSE
,
3531 rw_exit(&ipss
->ipsec_alg_lock
);
3535 rw_exit(&ipss
->ipsec_alg_lock
);
3537 return (esp_add_sa_finish(mp
, (sadb_msg_t
*)mp
->b_cont
->b_rptr
, ksi
,
3538 diagnostic
, espstack
));
3542 * Update a security association. Updates come in two varieties. The first
3543 * is an update of lifetimes on a non-larval SA. The second is an update of
3544 * a larval SA, which ends up looking a lot more like an add.
3547 esp_update_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
,
3548 ipsecesp_stack_t
*espstack
, uint8_t sadb_msg_type
)
3550 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3554 sadb_address_t
*dstext
=
3555 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3557 if (dstext
== NULL
) {
3558 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_DST
;
3562 rcode
= sadb_update_sa(mp
, ksi
, &buf_pkt
, &espstack
->esp_sadb
,
3563 diagnostic
, espstack
->esp_pfkey_q
, esp_add_sa
,
3564 espstack
->ipsecesp_netstack
, sadb_msg_type
);
3566 if ((assoc
->sadb_sa_state
!= SADB_X_SASTATE_ACTIVE
) ||
3571 HANDLE_BUF_PKT(esp_taskq
, espstack
->ipsecesp_netstack
->netstack_ipsec
,
3572 espstack
->esp_dropper
, buf_pkt
);
3577 /* XXX refactor me */
3579 * Delete a security association. This is REALLY likely to be code common to
3580 * both AH and ESP. Find the association, then unlink it.
3583 esp_del_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
,
3584 ipsecesp_stack_t
*espstack
, uint8_t sadb_msg_type
)
3586 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3587 sadb_address_t
*dstext
=
3588 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3589 sadb_address_t
*srcext
=
3590 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_SRC
];
3591 struct sockaddr_in
*sin
;
3593 if (assoc
== NULL
) {
3594 if (dstext
!= NULL
) {
3595 sin
= (struct sockaddr_in
*)(dstext
+ 1);
3596 } else if (srcext
!= NULL
) {
3597 sin
= (struct sockaddr_in
*)(srcext
+ 1);
3599 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SA
;
3602 return (sadb_purge_sa(mp
, ksi
,
3603 (sin
->sin_family
== AF_INET6
) ? &espstack
->esp_sadb
.s_v6
:
3604 &espstack
->esp_sadb
.s_v4
, diagnostic
,
3605 espstack
->esp_pfkey_q
));
3608 return (sadb_delget_sa(mp
, ksi
, &espstack
->esp_sadb
, diagnostic
,
3609 espstack
->esp_pfkey_q
, sadb_msg_type
));
3612 /* XXX refactor me */
3614 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP
3618 esp_dump(mblk_t
*mp
, keysock_in_t
*ksi
, ipsecesp_stack_t
*espstack
)
3624 * Dump each fanout, bailing if error is non-zero.
3627 error
= sadb_dump(espstack
->esp_pfkey_q
, mp
, ksi
,
3628 &espstack
->esp_sadb
.s_v4
);
3632 error
= sadb_dump(espstack
->esp_pfkey_q
, mp
, ksi
,
3633 &espstack
->esp_sadb
.s_v6
);
3635 ASSERT(mp
->b_cont
!= NULL
);
3636 samsg
= (sadb_msg_t
*)mp
->b_cont
->b_rptr
;
3637 samsg
->sadb_msg_errno
= (uint8_t)error
;
3638 sadb_pfkey_echo(espstack
->esp_pfkey_q
, mp
,
3639 (sadb_msg_t
*)mp
->b_cont
->b_rptr
, ksi
, NULL
);
3643 * First-cut reality check for an inbound PF_KEY message.
3646 esp_pfkey_reality_failures(mblk_t
*mp
, keysock_in_t
*ksi
,
3647 ipsecesp_stack_t
*espstack
)
3651 if (ksi
->ks_in_extv
[SADB_EXT_PROPOSAL
] != NULL
) {
3652 diagnostic
= SADB_X_DIAGNOSTIC_PROP_PRESENT
;
3655 if (ksi
->ks_in_extv
[SADB_EXT_SUPPORTED_AUTH
] != NULL
||
3656 ksi
->ks_in_extv
[SADB_EXT_SUPPORTED_ENCRYPT
] != NULL
) {
3657 diagnostic
= SADB_X_DIAGNOSTIC_SUPP_PRESENT
;
3660 return (B_FALSE
); /* False ==> no failures */
3663 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
, diagnostic
,
3665 return (B_TRUE
); /* True ==> failures */
3669 * ESP parsing of PF_KEY messages. Keysock did most of the really silly
3670 * error cases. What I receive is a fully-formed, syntactically legal
3671 * PF_KEY message. I then need to check semantics...
3673 * This code may become common to AH and ESP. Stay tuned.
3675 * I also make the assumption that db_ref's are cool. If this assumption
3676 * is wrong, this means that someone other than keysock or me has been
3677 * mucking with PF_KEY messages.
3680 esp_parse_pfkey(mblk_t
*mp
, ipsecesp_stack_t
*espstack
)
3682 mblk_t
*msg
= mp
->b_cont
;
3686 int diagnostic
= SADB_X_DIAGNOSTIC_NONE
;
3688 ASSERT(msg
!= NULL
);
3690 samsg
= (sadb_msg_t
*)msg
->b_rptr
;
3691 ksi
= (keysock_in_t
*)mp
->b_rptr
;
3694 * If applicable, convert unspecified AF_INET6 to unspecified
3695 * AF_INET. And do other address reality checks.
3697 if (!sadb_addrfix(ksi
, espstack
->esp_pfkey_q
, mp
,
3698 espstack
->ipsecesp_netstack
) ||
3699 esp_pfkey_reality_failures(mp
, ksi
, espstack
)) {
3703 switch (samsg
->sadb_msg_type
) {
3705 error
= esp_add_sa(mp
, ksi
, &diagnostic
,
3706 espstack
->ipsecesp_netstack
);
3708 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3709 diagnostic
, ksi
->ks_in_serial
);
3711 /* else esp_add_sa() took care of things. */
3714 case SADB_X_DELPAIR
:
3715 case SADB_X_DELPAIR_STATE
:
3716 error
= esp_del_sa(mp
, ksi
, &diagnostic
, espstack
,
3717 samsg
->sadb_msg_type
);
3719 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3720 diagnostic
, ksi
->ks_in_serial
);
3722 /* Else esp_del_sa() took care of things. */
3725 error
= sadb_delget_sa(mp
, ksi
, &espstack
->esp_sadb
,
3726 &diagnostic
, espstack
->esp_pfkey_q
, samsg
->sadb_msg_type
);
3728 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3729 diagnostic
, ksi
->ks_in_serial
);
3731 /* Else sadb_get_sa() took care of things. */
3734 sadbp_flush(&espstack
->esp_sadb
, espstack
->ipsecesp_netstack
);
3735 sadb_pfkey_echo(espstack
->esp_pfkey_q
, mp
, samsg
, ksi
, NULL
);
3739 * Hmmm, let's do it! Check for extensions (there should
3740 * be none), extract the fields, call esp_register_out(),
3741 * then either free or report an error.
3743 * Keysock takes care of the PF_KEY bookkeeping for this.
3745 if (esp_register_out(samsg
->sadb_msg_seq
, samsg
->sadb_msg_pid
,
3746 ksi
->ks_in_serial
, espstack
, msg_getcred(mp
, NULL
))) {
3750 * Only way this path hits is if there is a memory
3751 * failure. It will not return B_FALSE because of
3752 * lack of esp_pfkey_q if I am in wput().
3754 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, ENOMEM
,
3755 diagnostic
, ksi
->ks_in_serial
);
3759 case SADB_X_UPDATEPAIR
:
3761 * Find a larval, if not there, find a full one and get
3764 error
= esp_update_sa(mp
, ksi
, &diagnostic
, espstack
,
3765 samsg
->sadb_msg_type
);
3767 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3768 diagnostic
, ksi
->ks_in_serial
);
3770 /* else esp_update_sa() took care of things. */
3774 * Reserve a new larval entry.
3776 esp_getspi(mp
, ksi
, espstack
);
3780 * Find larval and/or ACQUIRE record and kill it (them), I'm
3781 * most likely an error. Inbound ACQUIRE messages should only
3782 * have the base header.
3784 sadb_in_acquire(samsg
, &espstack
->esp_sadb
,
3785 espstack
->esp_pfkey_q
, espstack
->ipsecesp_netstack
);
3792 esp_dump(mp
, ksi
, espstack
);
3793 /* esp_dump will take care of the return message, etc. */
3796 /* Should never reach me. */
3797 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EOPNOTSUPP
,
3798 diagnostic
, ksi
->ks_in_serial
);
3801 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
,
3802 SADB_X_DIAGNOSTIC_UNKNOWN_MSG
, ksi
->ks_in_serial
);
3808 * Handle case where PF_KEY says it can't find a keysock for one of my
3812 esp_keysock_no_socket(mblk_t
*mp
, ipsecesp_stack_t
*espstack
)
3815 keysock_out_err_t
*kse
= (keysock_out_err_t
*)mp
->b_rptr
;
3817 if (mp
->b_cont
== NULL
) {
3821 samsg
= (sadb_msg_t
*)mp
->b_cont
->b_rptr
;
3824 * If keysock can't find any registered, delete the acquire record
3825 * immediately, and handle errors.
3827 if (samsg
->sadb_msg_type
== SADB_ACQUIRE
) {
3828 samsg
->sadb_msg_errno
= kse
->ks_err_errno
;
3829 samsg
->sadb_msg_len
= SADB_8TO64(sizeof (*samsg
));
3831 * Use the write-side of the esp_pfkey_q
3833 sadb_in_acquire(samsg
, &espstack
->esp_sadb
,
3834 WR(espstack
->esp_pfkey_q
), espstack
->ipsecesp_netstack
);
3841 * ESP module write put routine.
3844 ipsecesp_wput(queue_t
*q
, mblk_t
*mp
)
3847 struct iocblk
*iocp
;
3848 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
3850 esp3dbg(espstack
, ("In esp_wput().\n"));
3852 /* NOTE: Each case must take care of freeing or passing mp. */
3853 switch (mp
->b_datap
->db_type
) {
3855 if ((mp
->b_wptr
- mp
->b_rptr
) < sizeof (ipsec_info_t
)) {
3856 /* Not big enough message. */
3860 ii
= (ipsec_info_t
*)mp
->b_rptr
;
3862 switch (ii
->ipsec_info_type
) {
3863 case KEYSOCK_OUT_ERR
:
3864 esp1dbg(espstack
, ("Got KEYSOCK_OUT_ERR message.\n"));
3865 esp_keysock_no_socket(mp
, espstack
);
3868 ESP_BUMP_STAT(espstack
, keysock_in
);
3869 esp3dbg(espstack
, ("Got KEYSOCK_IN message.\n"));
3871 /* Parse the message. */
3872 esp_parse_pfkey(mp
, espstack
);
3875 sadb_keysock_hello(&espstack
->esp_pfkey_q
, q
, mp
,
3876 esp_ager
, (void *)espstack
, &espstack
->esp_event
,
3880 esp2dbg(espstack
, ("Got M_CTL from above of 0x%x.\n",
3881 ii
->ipsec_info_type
));
3887 iocp
= (struct iocblk
*)mp
->b_rptr
;
3888 switch (iocp
->ioc_cmd
) {
3891 if (nd_getset(q
, espstack
->ipsecesp_g_nd
, mp
)) {
3895 iocp
->ioc_error
= ENOENT
;
3899 /* We really don't support any other ioctls, do we? */
3902 if (iocp
->ioc_error
!= ENOENT
)
3903 iocp
->ioc_error
= EINVAL
;
3904 iocp
->ioc_count
= 0;
3905 mp
->b_datap
->db_type
= M_IOCACK
;
3911 ("Got default message, type %d, passing to IP.\n",
3912 mp
->b_datap
->db_type
));
3918 * Wrapper to allow IP to trigger an ESP association failure message
3919 * during inbound SA selection.
3922 ipsecesp_in_assocfailure(mblk_t
*mp
, char level
, ushort_t sl
, char *fmt
,
3923 uint32_t spi
, void *addr
, int af
, ip_recv_attr_t
*ira
)
3925 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
3926 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3927 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3929 if (espstack
->ipsecesp_log_unknown_spi
) {
3930 ipsec_assocfailure(info
.mi_idnum
, 0, level
, sl
, fmt
, spi
,
3931 addr
, af
, espstack
->ipsecesp_netstack
);
3934 ip_drop_packet(mp
, B_TRUE
, ira
->ira_ill
,
3935 DROPPER(ipss
, ipds_esp_no_sa
),
3936 &espstack
->esp_dropper
);
3940 * Initialize the ESP input and output processing functions.
3943 ipsecesp_init_funcs(ipsa_t
*sa
)
3945 if (sa
->ipsa_output_func
== NULL
)
3946 sa
->ipsa_output_func
= esp_outbound
;
3947 if (sa
->ipsa_input_func
== NULL
)
3948 sa
->ipsa_input_func
= esp_inbound
;