search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit '12014b724f98604d61f9756b7e199416475d7396' into merges
[unleashed.git] / kernel / net / ip / keysock.c
blob3567710fdafdba82f8bd7ebd985dc45d4918dd44
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /*
26 * Copyright 2017 Joyent, Inc.
27 */
28
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/stream.h>
32 #include <sys/strsubr.h>
33 #include <sys/strsun.h>
34 #include <sys/stropts.h>
35 #include <sys/vnode.h>
36 #include <sys/zone.h>
37 #include <sys/strlog.h>
38 #include <sys/sysmacros.h>
39 #define _SUN_TPI_VERSION 2
40 #include <sys/tihdr.h>
41 #include <sys/timod.h>
42 #include <sys/tiuser.h>
43 #include <sys/ddi.h>
44 #include <sys/sunddi.h>
45 #include <sys/sunldi.h>
46 #include <sys/file.h>
47 #include <sys/modctl.h>
48 #include <sys/debug.h>
49 #include <sys/kmem.h>
50 #include <sys/cmn_err.h>
51 #include <sys/proc.h>
52 #include <sys/suntpi.h>
53 #include <sys/atomic.h>
54 #include <sys/mkdev.h>
55 #include <sys/policy.h>
56 #include <sys/disp.h>
57
58 #include <sys/socket.h>
59 #include <netinet/in.h>
60 #include <net/pfkeyv2.h>
61
62 #include <inet/common.h>
63 #include <netinet/ip6.h>
64 #include <inet/ip.h>
65 #include <inet/proto_set.h>
66 #include <inet/nd.h>
67 #include <inet/optcom.h>
68 #include <inet/ipsec_info.h>
69 #include <inet/ipsec_impl.h>
70 #include <inet/keysock.h>
71
72 #include <sys/isa_defs.h>
73
74 /*
75 * This is a transport provider for the PF_KEY key mangement socket.
76 * (See RFC 2367 for details.)
77 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN
78 * messages (see ipsec_info.h), and passed to the appropriate consumer.
79 * Upstream messages are generated for all open PF_KEY sockets, when
80 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled)
81 * in reply to downstream messages.
82 *
83 * Upstream messages must be created asynchronously for the following
84 * situations:
85 *
86 * 1.) A keysock consumer requires an SA, and there is currently none.
87 * 2.) An SA expires, either hard or soft lifetime.
88 * 3.) Other events a consumer deems fit.
89 *
90 * The MT model of this is PERMOD, with shared put procedures. Two types of
91 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send
92 * down the *multiple* messages they create.
93 */
94
95 static vmem_t *keysock_vmem; /* for minor numbers. */
96
97 #define KEYSOCK_MAX_CONSUMERS 256
98
99 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */
100 static struct T_info_ack keysock_g_t_info_ack = {
101 T_INFO_ACK,
102 T_INFINITE, /* TSDU_size. Maximum size messages. */
103 T_INVALID, /* ETSDU_size. No expedited data. */
104 T_INVALID, /* CDATA_size. No connect data. */
105 T_INVALID, /* DDATA_size. No disconnect data. */
106 0, /* ADDR_size. */
107 0, /* OPT_size. No user-settable options */
108 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */
109 T_COTS, /* SERV_type. keysock supports connection oriented. */
110 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */
111 (XPG4_1) /* Provider flags */
112 };
113
114 /* Named Dispatch Parameter Management Structure */
115 typedef struct keysockparam_s {
116 uint_t keysock_param_min;
117 uint_t keysock_param_max;
118 uint_t keysock_param_value;
119 char *keysock_param_name;
120 } keysockparam_t;
121
122 /*
123 * Table of NDD variables supported by keysock. These are loaded into
124 * keysock_g_nd in keysock_init_nd.
125 * All of these are alterable, within the min/max values given, at run time.
126 */
127 static keysockparam_t lcl_param_arr[] = {
128 /* min max value name */
129 { 4096, 65536, 8192, "keysock_xmit_hiwat"},
130 { 0, 65536, 1024, "keysock_xmit_lowat"},
131 { 4096, 65536, 8192, "keysock_recv_hiwat"},
132 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"},
133 { 0, 3, 0, "keysock_debug"},
134 };
135 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value
136 #define keystack_xmit_lowat keystack_params[1].keysock_param_value
137 #define keystack_recv_hiwat keystack_params[2].keysock_param_value
138 #define keystack_max_buf keystack_params[3].keysock_param_value
139 #define keystack_debug keystack_params[4].keysock_param_value
140
141 #define ks0dbg(a) printf a
142 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
143 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a
144 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a
145 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a
146
147 static int keysock_close(queue_t *);
148 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *);
149 static void keysock_wput(queue_t *, mblk_t *);
150 static void keysock_rput(queue_t *, mblk_t *);
151 static void keysock_rsrv(queue_t *);
152 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t,
153 keysock_consumer_t *, boolean_t, keysock_stack_t *);
154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns);
155 static void keysock_stack_fini(netstackid_t stackid, void *arg);
156
157 static struct module_info info = {
158 5138, "keysock", 1, INFPSZ, 512, 128
159 };
160
161 static struct qinit rinit = {
162 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close,
163 NULL, &info
164 };
165
166 static struct qinit winit = {
167 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info
168 };
169
170 struct streamtab keysockinfo = {
171 &rinit, &winit
172 };
173
174 extern struct modlinkage *keysock_modlp;
175
176 /*
177 * Plumb IPsec.
178 *
179 * NOTE: New "default" modules will need to be loaded here if needed before
180 * boot time.
181 */
182
183 /* Keep these in global space to keep the lint from complaining. */
184 static char *IPSECESP = "ipsecesp";
185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp";
186 static char *IPSECAH = "ipsecah";
187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah";
188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6";
189 static char *KEYSOCK = "keysock";
190 static char *STRMOD = "strmod";
191
192 /*
193 * Load the other ipsec modules and plumb them together.
194 */
195 int
196 keysock_plumb_ipsec(netstack_t *ns)
197 {
198 ldi_handle_t lh, ip6_lh = NULL;
199 ldi_ident_t li = NULL;
200 int err = 0;
201 int muxid, rval;
202 boolean_t esp_present = B_TRUE;
203 cred_t *cr;
204 keysock_stack_t *keystack = ns->netstack_keysock;
205
206 #ifdef NS_DEBUG
207 (void) printf("keysock_plumb_ipsec(%d)\n",
208 ns->netstack_stackid);
209 #endif
210
211 keystack->keystack_plumbed = 0; /* we're trying again.. */
212
213 cr = zone_get_kcred(netstackid_to_zoneid(
214 keystack->keystack_netstack->netstack_stackid));
215 ASSERT(cr != NULL);
216 /*
217 * Load up the drivers (AH/ESP).
218 *
219 * I do this separately from the actual plumbing in case this function
220 * ever gets called from a diskless boot before the root filesystem is
221 * up. I don't have to worry about "keysock" because, well, if I'm
222 * here, keysock must've loaded successfully.
223 */
224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) {
225 ks0dbg(("IPsec: AH failed to attach.\n"));
226 goto bail;
227 }
228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) {
229 ks0dbg(("IPsec: ESP failed to attach.\n"));
230 esp_present = B_FALSE;
231 }
232
233 /*
234 * Set up the IP streams for AH and ESP, as well as tacking keysock
235 * on top of them. Assume keysock has set the autopushes up already.
236 */
237
238 /* Open IP. */
239 err = ldi_ident_from_mod(keysock_modlp, &li);
240 if (err) {
241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n",
242 err));
243 goto bail;
244 }
245
246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li);
247 if (err) {
248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err));
249 goto bail;
250 }
251
252 /* PLINK KEYSOCK/AH */
253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li);
254 if (err) {
255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err));
256 goto bail;
257 }
258 err = ldi_ioctl(lh,
259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
260 if (err) {
261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n",
262 err));
263 (void) ldi_close(lh, FREAD|FWRITE, cr);
264 goto bail;
265 }
266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
268 if (err) {
269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err));
270 (void) ldi_close(lh, FREAD|FWRITE, cr);
271 goto bail;
272 }
273 (void) ldi_close(lh, FREAD|FWRITE, cr);
274
275 /* PLINK KEYSOCK/ESP */
276 if (esp_present) {
277 err = ldi_open_by_name(IPSECESPDEV,
278 FREAD|FWRITE, cr, &lh, li);
279 if (err) {
280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err));
281 goto bail;
282 }
283 err = ldi_ioctl(lh,
284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
285 if (err) {
286 ks0dbg(("IPsec: "
287 "Push of KEYSOCK onto ESP failed (err %d).\n",
288 err));
289 (void) ldi_close(lh, FREAD|FWRITE, cr);
290 goto bail;
291 }
292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
294 if (err) {
295 ks0dbg(("IPsec: "
296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err));
297 (void) ldi_close(lh, FREAD|FWRITE, cr);
298 goto bail;
299 }
300 (void) ldi_close(lh, FREAD|FWRITE, cr);
301 }
302
303 bail:
304 keystack->keystack_plumbed = (err == 0) ? 1 : -1;
305 if (ip6_lh != NULL) {
306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr);
307 }
308 if (li != NULL)
309 ldi_ident_release(li);
310 #ifdef NS_DEBUG
311 (void) printf("keysock_plumb_ipsec -> %d\n",
312 keystack->keystack_plumbed);
313 #endif
314 crfree(cr);
315 return (err);
316 }
317
318 /* ARGSUSED */
319 static int
320 keysock_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr)
321 {
322 keysockparam_t *keysockpa = (keysockparam_t *)cp;
323 uint_t value;
324 keysock_t *ks = (keysock_t *)q->q_ptr;
325 keysock_stack_t *keystack = ks->keysock_keystack;
326
327 mutex_enter(&keystack->keystack_param_lock);
328 value = keysockpa->keysock_param_value;
329 mutex_exit(&keystack->keystack_param_lock);
330
331 (void) mi_mpprintf(mp, "%u", value);
332 return (0);
333 }
334
335 /* This routine sets an NDD variable in a keysockparam_t structure. */
336 /* ARGSUSED */
337 static int
338 keysock_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, cred_t *cr)
339 {
340 ulong_t new_value;
341 keysockparam_t *keysockpa = (keysockparam_t *)cp;
342 keysock_t *ks = (keysock_t *)q->q_ptr;
343 keysock_stack_t *keystack = ks->keysock_keystack;
344
345 /* Convert the value from a string into a long integer. */
346 if (ddi_strtoul(value, NULL, 10, &new_value) != 0)
347 return (EINVAL);
348
349 mutex_enter(&keystack->keystack_param_lock);
350 /*
351 * Fail the request if the new value does not lie within the
352 * required bounds.
353 */
354 if (new_value < keysockpa->keysock_param_min ||
355 new_value > keysockpa->keysock_param_max) {
356 mutex_exit(&keystack->keystack_param_lock);
357 return (EINVAL);
358 }
359
360 /* Set the new value */
361 keysockpa->keysock_param_value = new_value;
362 mutex_exit(&keystack->keystack_param_lock);
363
364 return (0);
365 }
366
367 /*
368 * Initialize keysock at module load time
369 */
370 boolean_t
371 keysock_ddi_init(void)
372 {
373 keysock_max_optsize = optcom_max_optsize(
374 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt);
375
376 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1,
377 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER);
378
379 /*
380 * We want to be informed each time a stack is created or
381 * destroyed in the kernel, so we can maintain the
382 * set of keysock_stack_t's.
383 */
384 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL,
385 keysock_stack_fini);
386
387 return (B_TRUE);
388 }
389
390 /*
391 * Walk through the param array specified registering each element with the
392 * named dispatch handler.
393 */
394 static boolean_t
395 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt)
396 {
397 for (; cnt-- > 0; ksp++) {
398 if (ksp->keysock_param_name != NULL &&
399 ksp->keysock_param_name[0]) {
400 if (!nd_load(ndp,
401 ksp->keysock_param_name,
402 keysock_param_get, keysock_param_set,
403 (caddr_t)ksp)) {
404 nd_free(ndp);
405 return (B_FALSE);
406 }
407 }
408 }
409 return (B_TRUE);
410 }
411
412 /*
413 * Initialize keysock for one stack instance
414 */
415 /* ARGSUSED */
416 static void *
417 keysock_stack_init(netstackid_t stackid, netstack_t *ns)
418 {
419 keysock_stack_t *keystack;
420 keysockparam_t *ksp;
421
422 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP);
423 keystack->keystack_netstack = ns;
424
425 keystack->keystack_acquire_seq = 0xffffffff;
426
427 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
428 keystack->keystack_params = ksp;
429 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr));
430
431 (void) keysock_param_register(&keystack->keystack_g_nd, ksp,
432 A_CNT(lcl_param_arr));
433
434 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL);
435 mutex_init(&keystack->keystack_consumers_lock,
436 NULL, MUTEX_DEFAULT, NULL);
437 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL);
438 return (keystack);
439 }
440
441 /*
442 * Free NDD variable space, and other destructors, for keysock.
443 */
444 void
445 keysock_ddi_destroy(void)
446 {
447 netstack_unregister(NS_KEYSOCK);
448 vmem_destroy(keysock_vmem);
449 }
450
451 /*
452 * Remove one stack instance from keysock
453 */
454 /* ARGSUSED */
455 static void
456 keysock_stack_fini(netstackid_t stackid, void *arg)
457 {
458 keysock_stack_t *keystack = (keysock_stack_t *)arg;
459
460 nd_free(&keystack->keystack_g_nd);
461 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr));
462 keystack->keystack_params = NULL;
463
464 mutex_destroy(&keystack->keystack_list_lock);
465 mutex_destroy(&keystack->keystack_consumers_lock);
466 mutex_destroy(&keystack->keystack_param_lock);
467
468 kmem_free(keystack, sizeof (*keystack));
469 }
470
471 /*
472 * Close routine for keysock.
473 */
474 static int
475 keysock_close(queue_t *q)
476 {
477 keysock_t *ks;
478 keysock_consumer_t *kc;
479 void *ptr = q->q_ptr;
480 int size;
481 keysock_stack_t *keystack;
482
483
484 qprocsoff(q);
485
486 /* Safe assumption. */
487 ASSERT(ptr != NULL);
488
489 if (WR(q)->q_next) {
490 kc = (keysock_consumer_t *)ptr;
491 keystack = kc->kc_keystack;
492
493 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n",
494 kc->kc_sa_type));
495 /*
496 * Because of PERMOD open/close exclusive perimeter, I
497 * can inspect KC_FLUSHING w/o locking down kc->kc_lock.
498 */
499 if (kc->kc_flags & KC_FLUSHING) {
500 /*
501 * If this decrement was the last one, send
502 * down the next pending one, if any.
503 *
504 * With a PERMOD perimeter, the mutexes ops aren't
505 * really necessary, but if we ever loosen up, we will
506 * have this bit covered already.
507 */
508 keystack->keystack_flushdump--;
509 if (keystack->keystack_flushdump == 0) {
510 /*
511 * The flush/dump terminated by having a
512 * consumer go away. I need to send up to the
513 * appropriate keysock all of the relevant
514 * information. Unfortunately, I don't
515 * have that handy.
516 */
517 ks0dbg(("Consumer went away while flushing or"
518 " dumping.\n"));
519 }
520 }
521 size = sizeof (keysock_consumer_t);
522 mutex_enter(&keystack->keystack_consumers_lock);
523 keystack->keystack_consumers[kc->kc_sa_type] = NULL;
524 mutex_exit(&keystack->keystack_consumers_lock);
525 mutex_destroy(&kc->kc_lock);
526 netstack_rele(kc->kc_keystack->keystack_netstack);
527 } else {
528 ks = (keysock_t *)ptr;
529 keystack = ks->keysock_keystack;
530
531 ks3dbg(keystack,
532 ("Driver close, PF_KEY socket is going away.\n"));
533 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0)
534 atomic_dec_32(&keystack->keystack_num_extended);
535 size = sizeof (keysock_t);
536 mutex_enter(&keystack->keystack_list_lock);
537 *(ks->keysock_ptpn) = ks->keysock_next;
538 if (ks->keysock_next != NULL)
539 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn;
540 mutex_exit(&keystack->keystack_list_lock);
541 mutex_destroy(&ks->keysock_lock);
542 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial,
543 1);
544 netstack_rele(ks->keysock_keystack->keystack_netstack);
545 }
546
547 /* Now I'm free. */
548 kmem_free(ptr, size);
549 return (0);
550 }
551 /*
552 * Open routine for keysock.
553 */
554 /* ARGSUSED */
555 static int
556 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
557 {
558 keysock_t *ks;
559 keysock_consumer_t *kc;
560 mblk_t *mp;
561 ipsec_info_t *ii;
562 netstack_t *ns;
563 keysock_stack_t *keystack;
564
565 if (secpolicy_ip_config(credp, B_FALSE) != 0) {
566 /* Privilege debugging will log the error */
567 return (EPERM);
568 }
569
570 if (q->q_ptr != NULL)
571 return (0); /* Re-open of an already open instance. */
572
573 ns = netstack_find_by_cred(credp);
574 ASSERT(ns != NULL);
575 keystack = ns->netstack_keysock;
576 ASSERT(keystack != NULL);
577
578 ks3dbg(keystack, ("Entering keysock open.\n"));
579
580 if (keystack->keystack_plumbed < 1) {
581 netstack_t *ns = keystack->keystack_netstack;
582
583 keystack->keystack_plumbed = 0;
584 #ifdef NS_DEBUG
585 printf("keysock_open(%d) - plumb\n",
586 keystack->keystack_netstack->netstack_stackid);
587 #endif
588 /*
589 * Don't worry about ipsec_failure being true here.
590 * (See ip.c). An open of keysock should try and force
591 * the issue. Maybe it was a transient failure.
592 */
593 ipsec_loader_loadnow(ns->netstack_ipsec);
594 }
595
596 if (sflag & MODOPEN) {
597 /* Initialize keysock_consumer state here. */
598 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP);
599 if (kc == NULL) {
600 netstack_rele(keystack->keystack_netstack);
601 return (ENOMEM);
602 }
603 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0);
604 kc->kc_rq = q;
605 kc->kc_wq = WR(q);
606
607 q->q_ptr = kc;
608 WR(q)->q_ptr = kc;
609
610 kc->kc_keystack = keystack;
611 qprocson(q);
612
613 /*
614 * Send down initial message to whatever I was pushed on top
615 * of asking for its consumer type. The reply will set it.
616 */
617
618 /* Allocate it. */
619 mp = allocb(sizeof (ipsec_info_t), BPRI_HI);
620 if (mp == NULL) {
621 ks1dbg(keystack, (
622 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n"));
623 /* Do I need to set these to null? */
624 q->q_ptr = NULL;
625 WR(q)->q_ptr = NULL;
626 mutex_destroy(&kc->kc_lock);
627 kmem_free(kc, sizeof (*kc));
628 netstack_rele(keystack->keystack_netstack);
629 return (ENOMEM);
630 }
631
632 /* If I allocated okay, putnext to what I was pushed atop. */
633 mp->b_wptr += sizeof (ipsec_info_t);
634 mp->b_datap->db_type = M_CTL;
635 ii = (ipsec_info_t *)mp->b_rptr;
636 ii->ipsec_info_type = KEYSOCK_HELLO;
637 /* Length only of type/len. */
638 ii->ipsec_info_len = sizeof (ii->ipsec_allu);
639 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n"));
640 putnext(kc->kc_wq, mp);
641 } else {
642 minor_t ksminor;
643
644 /* Initialize keysock state. */
645
646 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n"));
647
648 ksminor = (minor_t)(uintptr_t)
649 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP);
650 if (ksminor == 0) {
651 netstack_rele(keystack->keystack_netstack);
652 return (ENOMEM);
653 }
654 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP);
655 if (ks == NULL) {
656 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1);
657 netstack_rele(keystack->keystack_netstack);
658 return (ENOMEM);
659 }
660
661 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0);
662 ks->keysock_rq = q;
663 ks->keysock_wq = WR(q);
664 ks->keysock_state = TS_UNBND;
665 ks->keysock_serial = ksminor;
666
667 q->q_ptr = ks;
668 WR(q)->q_ptr = ks;
669 ks->keysock_keystack = keystack;
670
671 /*
672 * The receive hiwat is only looked at on the stream head
673 * queue. Store in q_hiwat in order to return on SO_RCVBUF
674 * getsockopts.
675 */
676
677 q->q_hiwat = keystack->keystack_recv_hiwat;
678
679 /*
680 * The transmit hiwat/lowat is only looked at on IP's queue.
681 * Store in q_hiwat/q_lowat in order to return on
682 * SO_SNDBUF/SO_SNDLOWAT getsockopts.
683 */
684
685 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat;
686 WR(q)->q_lowat = keystack->keystack_xmit_lowat;
687
688 *devp = makedevice(getmajor(*devp), ksminor);
689
690 /*
691 * Thread keysock into the global keysock list.
692 */
693 mutex_enter(&keystack->keystack_list_lock);
694 ks->keysock_next = keystack->keystack_list;
695 ks->keysock_ptpn = &keystack->keystack_list;
696 if (keystack->keystack_list != NULL) {
697 keystack->keystack_list->keysock_ptpn =
698 &ks->keysock_next;
699 }
700 keystack->keystack_list = ks;
701 mutex_exit(&keystack->keystack_list_lock);
702
703 qprocson(q);
704 (void) proto_set_rx_hiwat(q, NULL,
705 keystack->keystack_recv_hiwat);
706 /*
707 * Wait outside the keysock module perimeter for IPsec
708 * plumbing to be completed. If it fails, keysock_close()
709 * undoes everything we just did.
710 */
711 if (!ipsec_loader_wait(q,
712 keystack->keystack_netstack->netstack_ipsec)) {
713 (void) keysock_close(q);
714 return (EPFNOSUPPORT);
715 }
716 }
717
718 return (0);
719 }
720
721 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */
722
723 /*
724 * Copy relevant state bits.
725 */
726 static void
727 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks)
728 {
729 *tap = keysock_g_t_info_ack;
730 tap->CURRENT_state = ks->keysock_state;
731 tap->OPT_size = keysock_max_optsize;
732 }
733
734 /*
735 * This routine responds to T_CAPABILITY_REQ messages. It is called by
736 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from
737 * keysock_g_t_info_ack. The current state of the stream is copied from
738 * keysock_state.
739 */
740 static void
741 keysock_capability_req(queue_t *q, mblk_t *mp)
742 {
743 keysock_t *ks = (keysock_t *)q->q_ptr;
744 t_uscalar_t cap_bits1;
745 struct T_capability_ack *tcap;
746
747 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
748
749 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
750 mp->b_datap->db_type, T_CAPABILITY_ACK);
751 if (mp == NULL)
752 return;
753
754 tcap = (struct T_capability_ack *)mp->b_rptr;
755 tcap->CAP_bits1 = 0;
756
757 if (cap_bits1 & TC1_INFO) {
758 keysock_copy_info(&tcap->INFO_ack, ks);
759 tcap->CAP_bits1 |= TC1_INFO;
760 }
761
762 qreply(q, mp);
763 }
764
765 /*
766 * This routine responds to T_INFO_REQ messages. It is called by
767 * keysock_wput_other.
768 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack.
769 * The current state of the stream is copied from keysock_state.
770 */
771 static void
772 keysock_info_req(queue_t *q, mblk_t *mp)
773 {
774 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO,
775 T_INFO_ACK);
776 if (mp == NULL)
777 return;
778 keysock_copy_info((struct T_info_ack *)mp->b_rptr,
779 (keysock_t *)q->q_ptr);
780 qreply(q, mp);
781 }
782
783 /*
784 * keysock_err_ack. This routine creates a
785 * T_ERROR_ACK message and passes it
786 * upstream.
787 */
788 static void
789 keysock_err_ack(queue_t *q, mblk_t *mp, int t_error, int sys_error)
790 {
791 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL)
792 qreply(q, mp);
793 }
794
795 /*
796 * This routine retrieves the current status of socket options.
797 * It returns the size of the option retrieved.
798 */
799 /* ARGSUSED */
800 int
801 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr)
802 {
803 int *i1 = (int *)ptr;
804 keysock_t *ks = (keysock_t *)q->q_ptr;
805
806 switch (level) {
807 case SOL_SOCKET:
808 mutex_enter(&ks->keysock_lock);
809 switch (name) {
810 case SO_TYPE:
811 *i1 = SOCK_RAW;
812 break;
813 case SO_USELOOPBACK:
814 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) ==
815 KEYSOCK_NOLOOP));
816 break;
817 /*
818 * The following two items can be manipulated,
819 * but changing them should do nothing.
820 */
821 case SO_SNDBUF:
822 *i1 = (int)q->q_hiwat;
823 break;
824 case SO_RCVBUF:
825 *i1 = (int)(RD(q)->q_hiwat);
826 break;
827 }
828 mutex_exit(&ks->keysock_lock);
829 break;
830 default:
831 return (0);
832 }
833 return (sizeof (int));
834 }
835
836 /*
837 * This routine sets socket options.
838 */
839 /* ARGSUSED */
840 int
841 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level,
842 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp,
843 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr)
844 {
845 int *i1 = (int *)invalp, errno = 0;
846 keysock_t *ks = (keysock_t *)q->q_ptr;
847 keysock_stack_t *keystack = ks->keysock_keystack;
848
849 switch (level) {
850 case SOL_SOCKET:
851 mutex_enter(&ks->keysock_lock);
852 switch (name) {
853 case SO_USELOOPBACK:
854 if (!(*i1))
855 ks->keysock_flags |= KEYSOCK_NOLOOP;
856 else ks->keysock_flags &= ~KEYSOCK_NOLOOP;
857 break;
858 case SO_SNDBUF:
859 if (*i1 > keystack->keystack_max_buf)
860 errno = ENOBUFS;
861 else q->q_hiwat = *i1;
862 break;
863 case SO_RCVBUF:
864 if (*i1 > keystack->keystack_max_buf) {
865 errno = ENOBUFS;
866 } else {
867 RD(q)->q_hiwat = *i1;
868 (void) proto_set_rx_hiwat(RD(q), NULL, *i1);
869 }
870 break;
871 default:
872 errno = EINVAL;
873 }
874 mutex_exit(&ks->keysock_lock);
875 break;
876 default:
877 errno = EINVAL;
878 }
879 return (errno);
880 }
881
882 /*
883 * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and
884 * PF_POLICY.
885 */
886 void
887 keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family)
888 {
889 mblk_t *mp1;
890 STRUCT_HANDLE(strbuf, sb);
891 /* What size of sockaddr do we need? */
892 const uint_t addrlen = sizeof (struct sockaddr);
893
894 /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */
895 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) {
896 case TI_GETMYNAME:
897 case TI_GETPEERNAME:
898 break;
899 default:
900 freemsg(mp);
901 return;
902 }
903
904 switch (mi_copy_state(q, mp, &mp1)) {
905 case -1:
906 return;
907 case MI_COPY_CASE(MI_COPY_IN, 1):
908 break;
909 case MI_COPY_CASE(MI_COPY_OUT, 1):
910 /*
911 * The address has been copied out, so now
912 * copyout the strbuf.
913 */
914 mi_copyout(q, mp);
915 return;
916 case MI_COPY_CASE(MI_COPY_OUT, 2):
917 /*
918 * The address and strbuf have been copied out.
919 * We're done, so just acknowledge the original
920 * M_IOCTL.
921 */
922 mi_copy_done(q, mp, 0);
923 return;
924 default:
925 /*
926 * Something strange has happened, so acknowledge
927 * the original M_IOCTL with an EPROTO error.
928 */
929 mi_copy_done(q, mp, EPROTO);
930 return;
931 }
932
933 /*
934 * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we
935 * copyout the requested address and then we'll copyout the strbuf.
936 * Regardless of sockname or peername, we just return a sockaddr with
937 * sa_family set.
938 */
939 STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag,
940 (void *)mp1->b_rptr);
941
942 if (STRUCT_FGET(sb, maxlen) < addrlen) {
943 mi_copy_done(q, mp, EINVAL);
944 return;
945 }
946
947 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE);
948 if (mp1 == NULL)
949 return;
950
951 STRUCT_FSET(sb, len, addrlen);
952 ((struct sockaddr *)mp1->b_wptr)->sa_family = family;
953 mp1->b_wptr += addrlen;
954 mi_copyout(q, mp);
955 }
956
957 /*
958 * Handle STREAMS messages.
959 */
960 static void
961 keysock_wput_other(queue_t *q, mblk_t *mp)
962 {
963 struct iocblk *iocp;
964 int error;
965 keysock_t *ks = (keysock_t *)q->q_ptr;
966 keysock_stack_t *keystack = ks->keysock_keystack;
967 cred_t *cr;
968
969 switch (mp->b_datap->db_type) {
970 case M_PROTO:
971 case M_PCPROTO:
972 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) {
973 ks3dbg(keystack, (
974 "keysock_wput_other: Not big enough M_PROTO\n"));
975 freemsg(mp);
976 return;
977 }
978 switch (((union T_primitives *)mp->b_rptr)->type) {
979 case T_CAPABILITY_REQ:
980 keysock_capability_req(q, mp);
981 break;
982 case T_INFO_REQ:
983 keysock_info_req(q, mp);
984 break;
985 case T_SVR4_OPTMGMT_REQ:
986 case T_OPTMGMT_REQ:
987 /*
988 * All Solaris components should pass a db_credp
989 * for this TPI message, hence we ASSERT.
990 * But in case there is some other M_PROTO that looks
991 * like a TPI message sent by some other kernel
992 * component, we check and return an error.
993 */
994 cr = msg_getcred(mp, NULL);
995 ASSERT(cr != NULL);
996 if (cr == NULL) {
997 keysock_err_ack(q, mp, TSYSERR, EINVAL);
998 return;
999 }
1000 if (((union T_primitives *)mp->b_rptr)->type ==
1001 T_SVR4_OPTMGMT_REQ) {
1002 svr4_optcom_req(q, mp, cr, &keysock_opt_obj);
1003 } else {
1004 tpi_optcom_req(q, mp, cr, &keysock_opt_obj);
1005 }
1006 break;
1007 case T_DATA_REQ:
1008 case T_EXDATA_REQ:
1009 case T_ORDREL_REQ:
1010 /* Illegal for keysock. */
1011 freemsg(mp);
1012 (void) putnextctl1(RD(q), M_ERROR, EPROTO);
1013 break;
1014 default:
1015 /* Not supported by keysock. */
1016 keysock_err_ack(q, mp, TNOTSUPPORT, 0);
1017 break;
1018 }
1019 return;
1020 case M_IOCDATA:
1021 keysock_spdsock_wput_iocdata(q, mp, PF_KEY);
1022 return;
1023 case M_IOCTL:
1024 iocp = (struct iocblk *)mp->b_rptr;
1025 error = EINVAL;
1026
1027 switch (iocp->ioc_cmd) {
1028 case TI_GETMYNAME:
1029 case TI_GETPEERNAME:
1030 /*
1031 * For pfiles(1) observability with getsockname().
1032 * See keysock_spdsock_wput_iocdata() for the rest of
1033 * this.
1034 */
1035 mi_copyin(q, mp, NULL,
1036 SIZEOF_STRUCT(strbuf, iocp->ioc_flag));
1037 return;
1038 case ND_SET:
1039 case ND_GET:
1040 if (nd_getset(q, keystack->keystack_g_nd, mp)) {
1041 qreply(q, mp);
1042 return;
1043 } else
1044 error = ENOENT;
1045 /* FALLTHRU */
1046 default:
1047 miocnak(q, mp, 0, error);
1048 return;
1049 }
1050 case M_FLUSH:
1051 if (*mp->b_rptr & FLUSHW) {
1052 flushq(q, FLUSHALL);
1053 *mp->b_rptr &= ~FLUSHW;
1054 }
1055 if (*mp->b_rptr & FLUSHR) {
1056 qreply(q, mp);
1057 return;
1058 }
1059 /* Else FALLTHRU */
1060 }
1061
1062 /* If fell through, just black-hole the message. */
1063 freemsg(mp);
1064 }
1065
1066 /*
1067 * Transmit a PF_KEY error message to the instance either pointed to
1068 * by ks, the instance with serial number serial, or more, depending.
1069 *
1070 * The faulty message (or a reasonable facsimile thereof) is in mp.
1071 * This function will free mp or recycle it for delivery, thereby causing
1072 * the stream head to free it.
1073 */
1074 static void
1075 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic)
1076 {
1077 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1078 keysock_stack_t *keystack = ks->keysock_keystack;
1079
1080 ASSERT(mp->b_datap->db_type == M_DATA);
1081
1082 if (samsg->sadb_msg_type < SADB_GETSPI ||
1083 samsg->sadb_msg_type > SADB_MAX)
1084 samsg->sadb_msg_type = SADB_RESERVED;
1085
1086 /*
1087 * Strip out extension headers.
1088 */
1089 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim);
1090 mp->b_wptr = mp->b_rptr + sizeof (*samsg);
1091 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t));
1092 samsg->sadb_msg_errno = (uint8_t)error;
1093 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic;
1094
1095 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack);
1096 }
1097
1098 /*
1099 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy
1100 * in the extv if passed in.
1101 */
1102 static void
1103 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
1104 boolean_t flushmsg)
1105 {
1106 keysock_consumer_t *kc;
1107 mblk_t *wrapper;
1108 keysock_in_t *ksi;
1109 int i;
1110 keysock_stack_t *keystack = ks->keysock_keystack;
1111
1112 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI);
1113 if (wrapper == NULL) {
1114 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n"));
1115 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL)
1116 bzero(extv[SADB_EXT_KEY_ENCRYPT],
1117 SADB_64TO8(
1118 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len));
1119 if (extv[SADB_EXT_KEY_AUTH] != NULL)
1120 bzero(extv[SADB_EXT_KEY_AUTH],
1121 SADB_64TO8(
1122 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len));
1123 if (flushmsg) {
1124 ks0dbg((
1125 "keysock: Downwards flush/dump message failed!\n"));
1126 /* If this is true, I hold the perimeter. */
1127 keystack->keystack_flushdump--;
1128 }
1129 freemsg(mp);
1130 return;
1131 }
1132
1133 wrapper->b_datap->db_type = M_CTL;
1134 ksi = (keysock_in_t *)wrapper->b_rptr;
1135 ksi->ks_in_type = KEYSOCK_IN;
1136 ksi->ks_in_len = sizeof (keysock_in_t);
1137 if (extv[SADB_EXT_ADDRESS_SRC] != NULL)
1138 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN;
1139 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE;
1140 if (extv[SADB_EXT_ADDRESS_DST] != NULL)
1141 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
1142 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
1143 for (i = 0; i <= SADB_EXT_MAX; i++)
1144 ksi->ks_in_extv[i] = extv[i];
1145 ksi->ks_in_serial = ks->keysock_serial;
1146 wrapper->b_wptr += sizeof (ipsec_info_t);
1147 wrapper->b_cont = mp;
1148
1149 /*
1150 * Find the appropriate consumer where the message is passed down.
1151 */
1152 kc = keystack->keystack_consumers[satype];
1153 if (kc == NULL) {
1154 freeb(wrapper);
1155 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1156 if (flushmsg) {
1157 ks0dbg((
1158 "keysock: Downwards flush/dump message failed!\n"));
1159 /* If this is true, I hold the perimeter. */
1160 keystack->keystack_flushdump--;
1161 }
1162 return;
1163 }
1164
1165 /*
1166 * NOTE: There used to be code in here to spin while a flush or
1167 * dump finished. Keysock now assumes that consumers have enough
1168 * MT-savviness to deal with that.
1169 */
1170
1171 /*
1172 * Current consumers (AH and ESP) are guaranteed to return a
1173 * FLUSH or DUMP message back, so when we reach here, we don't
1174 * have to worry about keysock_flushdumps.
1175 */
1176
1177 putnext(kc->kc_wq, wrapper);
1178 }
1179
1180 /*
1181 * High-level reality checking of extensions.
1182 */
1183 static boolean_t
1184 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack)
1185 {
1186 int i;
1187 uint64_t *lp;
1188 sadb_ident_t *id;
1189 char *idstr;
1190
1191 switch (ext->sadb_ext_type) {
1192 case SADB_EXT_ADDRESS_SRC:
1193 case SADB_EXT_ADDRESS_DST:
1194 case SADB_X_EXT_ADDRESS_INNER_SRC:
1195 case SADB_X_EXT_ADDRESS_INNER_DST:
1196 /* Check for at least enough addtl length for a sockaddr. */
1197 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
1198 return (B_FALSE);
1199 break;
1200 case SADB_EXT_LIFETIME_HARD:
1201 case SADB_EXT_LIFETIME_SOFT:
1202 case SADB_EXT_LIFETIME_CURRENT:
1203 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t)))
1204 return (B_FALSE);
1205 break;
1206 case SADB_EXT_SPIRANGE:
1207 /* See if the SPI range is legit. */
1208 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) >
1209 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max))
1210 return (B_FALSE);
1211 break;
1212 case SADB_EXT_KEY_AUTH:
1213 case SADB_EXT_KEY_ENCRYPT:
1214 /* Key length check. */
1215 if (((sadb_key_t *)ext)->sadb_key_bits == 0)
1216 return (B_FALSE);
1217 /*
1218 * Check to see if the key length (in bits) is less than the
1219 * extension length (in 8-bits words).
1220 */
1221 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) +
1222 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) {
1223 ks1dbg(keystack, (
1224 "ext_check: Key bits/length inconsistent.\n"));
1225 ks1dbg(keystack, ("%d bits, len is %d bytes.\n",
1226 ((sadb_key_t *)ext)->sadb_key_bits,
1227 SADB_64TO8(ext->sadb_ext_len)));
1228 return (B_FALSE);
1229 }
1230
1231 /* All-zeroes key check. */
1232 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t));
1233 for (i = 0;
1234 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t)));
1235 i++)
1236 if (lp[i] != 0)
1237 break; /* Out of for loop. */
1238 /* If finished the loop naturally, it's an all zero key. */
1239 if (lp[i] == 0)
1240 return (B_FALSE);
1241 break;
1242 case SADB_EXT_IDENTITY_SRC:
1243 case SADB_EXT_IDENTITY_DST:
1244 /*
1245 * Make sure the strings in these identities are
1246 * null-terminated. RFC 2367 underspecified how to handle
1247 * such a case. I "proactively" null-terminate the string
1248 * at the last byte if it's not terminated sooner.
1249 */
1250 id = (sadb_ident_t *)ext;
1251 i = SADB_64TO8(id->sadb_ident_len);
1252 i -= sizeof (sadb_ident_t);
1253 idstr = (char *)(id + 1);
1254 while (*idstr != '\0' && i > 0) {
1255 i--;
1256 idstr++;
1257 }
1258 if (i == 0) {
1259 /*
1260 * I.e., if the bozo user didn't NULL-terminate the
1261 * string...
1262 */
1263 idstr--;
1264 *idstr = '\0';
1265 }
1266 break;
1267 }
1268 return (B_TRUE); /* For now... */
1269 }
1270
1271 /* Return values for keysock_get_ext(). */
1272 #define KGE_OK 0
1273 #define KGE_DUP 1
1274 #define KGE_UNK 2
1275 #define KGE_LEN 3
1276 #define KGE_CHK 4
1277
1278 /*
1279 * Parse basic extension headers and return in the passed-in pointer vector.
1280 * Return values include:
1281 *
1282 * KGE_OK Everything's nice and parsed out.
1283 * If there are no extensions, place NULL in extv[0].
1284 * KGE_DUP There is a duplicate extension.
1285 * First instance in appropriate bin. First duplicate in
1286 * extv[0].
1287 * KGE_UNK Unknown extension type encountered. extv[0] contains
1288 * unknown header.
1289 * KGE_LEN Extension length error.
1290 * KGE_CHK High-level reality check failed on specific extension.
1291 *
1292 * My apologies for some of the pointer arithmetic in here. I'm thinking
1293 * like an assembly programmer, yet trying to make the compiler happy.
1294 */
1295 static int
1296 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize,
1297 keysock_stack_t *keystack)
1298 {
1299 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1));
1300
1301 /* Use extv[0] as the "current working pointer". */
1302
1303 extv[0] = (sadb_ext_t *)(basehdr + 1);
1304
1305 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) {
1306 /* Check for unknown headers. */
1307 if (extv[0]->sadb_ext_type == 0 ||
1308 extv[0]->sadb_ext_type > SADB_EXT_MAX)
1309 return (KGE_UNK);
1310
1311 /*
1312 * Check length. Use uint64_t because extlen is in units
1313 * of 64-bit words. If length goes beyond the msgsize,
1314 * return an error. (Zero length also qualifies here.)
1315 */
1316 if (extv[0]->sadb_ext_len == 0 ||
1317 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) >
1318 (void *)((uint8_t *)basehdr + msgsize))
1319 return (KGE_LEN);
1320
1321 /* Check for redundant headers. */
1322 if (extv[extv[0]->sadb_ext_type] != NULL)
1323 return (KGE_DUP);
1324
1325 /*
1326 * Reality check the extension if possible at the keysock
1327 * level.
1328 */
1329 if (!ext_check(extv[0], keystack))
1330 return (KGE_CHK);
1331
1332 /* If I make it here, assign the appropriate bin. */
1333 extv[extv[0]->sadb_ext_type] = extv[0];
1334
1335 /* Advance pointer (See above for uint64_t ptr reasoning.) */
1336 extv[0] = (sadb_ext_t *)
1337 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len);
1338 }
1339
1340 /* Everything's cool. */
1341
1342 /*
1343 * If extv[0] == NULL, then there are no extension headers in this
1344 * message. Ensure that this is the case.
1345 */
1346 if (extv[0] == (sadb_ext_t *)(basehdr + 1))
1347 extv[0] = NULL;
1348
1349 return (KGE_OK);
1350 }
1351
1352 /*
1353 * qwriter() callback to handle flushes and dumps. This routine will hold
1354 * the inner perimeter.
1355 */
1356 void
1357 keysock_do_flushdump(queue_t *q, mblk_t *mp)
1358 {
1359 int i, start, finish;
1360 mblk_t *mp1 = NULL;
1361 keysock_t *ks = (keysock_t *)q->q_ptr;
1362 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1363 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1364 keysock_stack_t *keystack = ks->keysock_keystack;
1365
1366 /*
1367 * I am guaranteed this will work. I did the work in keysock_parse()
1368 * already.
1369 */
1370 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len),
1371 keystack);
1372
1373 /*
1374 * I hold the perimeter, therefore I don't need to use atomic ops.
1375 */
1376 if (keystack->keystack_flushdump != 0) {
1377 /* XXX Should I instead use EBUSY? */
1378 /* XXX Or is there a way to queue these up? */
1379 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE);
1380 return;
1381 }
1382
1383 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1384 start = 0;
1385 finish = KEYSOCK_MAX_CONSUMERS - 1;
1386 } else {
1387 start = samsg->sadb_msg_satype;
1388 finish = samsg->sadb_msg_satype;
1389 }
1390
1391 /*
1392 * Fill up keysock_flushdump with the number of outstanding dumps
1393 * and/or flushes.
1394 */
1395
1396 keystack->keystack_flushdump_errno = 0;
1397
1398 /*
1399 * Okay, I hold the perimeter. Eventually keysock_flushdump will
1400 * contain the number of consumers with outstanding flush operations.
1401 *
1402 * SO, here's the plan:
1403 * * For each relevant consumer (Might be one, might be all)
1404 * * Twiddle on the FLUSHING flag.
1405 * * Pass down the FLUSH/DUMP message.
1406 *
1407 * When I see upbound FLUSH/DUMP messages, I will decrement the
1408 * keysock_flushdump. When I decrement it to 0, I will pass the
1409 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will
1410 * pass down the right SA type to the consumer (either its own, or
1411 * that of UNSPEC), the right one will be reflected from each consumer,
1412 * and accordingly back to the socket.
1413 */
1414
1415 mutex_enter(&keystack->keystack_consumers_lock);
1416 for (i = start; i <= finish; i++) {
1417 if (keystack->keystack_consumers[i] != NULL) {
1418 mp1 = copymsg(mp);
1419 if (mp1 == NULL) {
1420 ks0dbg(("SADB_FLUSH copymsg() failed.\n"));
1421 /*
1422 * Error? And what about outstanding
1423 * flushes? Oh, yeah, they get sucked up and
1424 * the counter is decremented. Consumers
1425 * (see keysock_passdown()) are guaranteed
1426 * to deliver back a flush request, even if
1427 * it's an error.
1428 */
1429 keysock_error(ks, mp, ENOMEM,
1430 SADB_X_DIAGNOSTIC_NONE);
1431 return;
1432 }
1433 /*
1434 * Because my entry conditions are met above, the
1435 * following assertion should hold true.
1436 */
1437 mutex_enter(&keystack->keystack_consumers[i]->kc_lock);
1438 ASSERT((keystack->keystack_consumers[i]->kc_flags &
1439 KC_FLUSHING) == 0);
1440 keystack->keystack_consumers[i]->kc_flags |=
1441 KC_FLUSHING;
1442 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock));
1443 /* Always increment the number of flushes... */
1444 keystack->keystack_flushdump++;
1445 /* Guaranteed to return a message. */
1446 keysock_passdown(ks, mp1, i, extv, B_TRUE);
1447 } else if (start == finish) {
1448 /*
1449 * In case where start == finish, and there's no
1450 * consumer, should we force an error? Yes.
1451 */
1452 mutex_exit(&keystack->keystack_consumers_lock);
1453 keysock_error(ks, mp, EINVAL,
1454 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1455 return;
1456 }
1457 }
1458 mutex_exit(&keystack->keystack_consumers_lock);
1459
1460 if (keystack->keystack_flushdump == 0) {
1461 /*
1462 * There were no consumers at all for this message.
1463 * XXX For now return ESRCH.
1464 */
1465 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS);
1466 } else {
1467 /* Otherwise, free the original message. */
1468 freemsg(mp);
1469 }
1470 }
1471
1472 /*
1473 * Get the right diagnostic for a duplicate. Should probably use a static
1474 * table lookup.
1475 */
1476 int
1477 keysock_duplicate(int ext_type)
1478 {
1479 int rc = 0;
1480
1481 switch (ext_type) {
1482 case SADB_EXT_ADDRESS_SRC:
1483 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC;
1484 break;
1485 case SADB_EXT_ADDRESS_DST:
1486 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
1487 break;
1488 case SADB_X_EXT_ADDRESS_INNER_SRC:
1489 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
1490 break;
1491 case SADB_X_EXT_ADDRESS_INNER_DST:
1492 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
1493 break;
1494 case SADB_EXT_SA:
1495 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
1496 break;
1497 case SADB_EXT_SPIRANGE:
1498 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE;
1499 break;
1500 case SADB_EXT_KEY_AUTH:
1501 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY;
1502 break;
1503 case SADB_EXT_KEY_ENCRYPT:
1504 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY;
1505 break;
1506 }
1507 return (rc);
1508 }
1509
1510 /*
1511 * Get the right diagnostic for a reality check failure. Should probably use
1512 * a static table lookup.
1513 */
1514 int
1515 keysock_malformed(int ext_type)
1516 {
1517 int rc = 0;
1518
1519 switch (ext_type) {
1520 case SADB_EXT_ADDRESS_SRC:
1521 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC;
1522 break;
1523 case SADB_EXT_ADDRESS_DST:
1524 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
1525 break;
1526 case SADB_X_EXT_ADDRESS_INNER_SRC:
1527 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
1528 break;
1529 case SADB_X_EXT_ADDRESS_INNER_DST:
1530 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
1531 break;
1532 case SADB_EXT_SA:
1533 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
1534 break;
1535 case SADB_EXT_SPIRANGE:
1536 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE;
1537 break;
1538 case SADB_EXT_KEY_AUTH:
1539 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY;
1540 break;
1541 case SADB_EXT_KEY_ENCRYPT:
1542 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY;
1543 break;
1544 }
1545 return (rc);
1546 }
1547
1548 /*
1549 * Keysock massaging of an inverse ACQUIRE. Consult policy,
1550 * and construct an appropriate response.
1551 */
1552 static void
1553 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
1554 keysock_t *ks)
1555 {
1556 mblk_t *reply_mp;
1557 keysock_stack_t *keystack = ks->keysock_keystack;
1558
1559 /*
1560 * Reality check things...
1561 */
1562 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) {
1563 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC);
1564 return;
1565 }
1566 if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
1567 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
1568 return;
1569 }
1570
1571 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
1572 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
1573 keysock_error(ks, mp, EINVAL,
1574 SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
1575 return;
1576 }
1577
1578 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
1579 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
1580 keysock_error(ks, mp, EINVAL,
1581 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
1582 return;
1583 }
1584
1585 reply_mp = ipsec_construct_inverse_acquire(samsg, extv,
1586 keystack->keystack_netstack);
1587
1588 if (reply_mp != NULL) {
1589 freemsg(mp);
1590 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr,
1591 ks->keysock_serial, NULL, B_FALSE, keystack);
1592 } else {
1593 keysock_error(ks, mp, samsg->sadb_msg_errno,
1594 samsg->sadb_x_msg_diagnostic);
1595 }
1596 }
1597
1598 /*
1599 * Spew an extended REGISTER down to the relevant consumers.
1600 */
1601 static void
1602 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1603 {
1604 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG];
1605 uint8_t *satypes, *fencepost;
1606 mblk_t *downmp;
1607 sadb_ext_t *downextv[SADB_EXT_MAX + 1];
1608 keysock_stack_t *keystack = ks->keysock_keystack;
1609
1610 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 ||
1611 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) {
1612 keysock_error(ks, mp, EBUSY, 0);
1613 }
1614
1615 ks->keysock_flags |= KEYSOCK_EXTENDED;
1616 if (ereg == NULL) {
1617 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1618 } else {
1619 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr);
1620 fencepost = (uint8_t *)mp->b_wptr;
1621 satypes = ereg->sadb_x_ereg_satypes;
1622 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) {
1623 downmp = copymsg(mp);
1624 if (downmp == NULL) {
1625 keysock_error(ks, mp, ENOMEM, 0);
1626 return;
1627 }
1628 /*
1629 * Since we've made it here, keysock_get_ext will work!
1630 */
1631 (void) keysock_get_ext(downextv,
1632 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp),
1633 keystack);
1634 keysock_passdown(ks, downmp, *satypes, downextv,
1635 B_FALSE);
1636 ++satypes;
1637 }
1638 freemsg(mp);
1639 }
1640
1641 /*
1642 * Set global to indicate we prefer an extended ACQUIRE.
1643 */
1644 atomic_inc_32(&keystack->keystack_num_extended);
1645 }
1646
1647 static void
1648 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1649 {
1650 int i, start, finish;
1651 mblk_t *mp1 = NULL;
1652 keysock_stack_t *keystack = ks->keysock_keystack;
1653
1654 start = 0;
1655 finish = KEYSOCK_MAX_CONSUMERS - 1;
1656
1657 for (i = start; i <= finish; i++) {
1658 if (keystack->keystack_consumers[i] != NULL) {
1659 mp1 = copymsg(mp);
1660 if (mp1 == NULL) {
1661 keysock_error(ks, mp, ENOMEM,
1662 SADB_X_DIAGNOSTIC_NONE);
1663 return;
1664 }
1665 keysock_passdown(ks, mp1, i, extv, B_FALSE);
1666 }
1667 }
1668 }
1669
1670 /*
1671 * Handle PF_KEY messages.
1672 */
1673 static void
1674 keysock_parse(queue_t *q, mblk_t *mp)
1675 {
1676 sadb_msg_t *samsg;
1677 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1678 keysock_t *ks = (keysock_t *)q->q_ptr;
1679 uint_t msgsize;
1680 uint8_t satype;
1681 keysock_stack_t *keystack = ks->keysock_keystack;
1682
1683 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */
1684 ASSERT(WR(q)->q_next == NULL);
1685
1686 samsg = (sadb_msg_t *)mp->b_rptr;
1687 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n",
1688 samsg->sadb_msg_type));
1689
1690 msgsize = SADB_64TO8(samsg->sadb_msg_len);
1691
1692 if (msgdsize(mp) != msgsize) {
1693 /*
1694 * Message len incorrect w.r.t. actual size. Send an error
1695 * (EMSGSIZE). It may be necessary to massage things a
1696 * bit. For example, if the sadb_msg_type is hosed,
1697 * I need to set it to SADB_RESERVED to get delivery to
1698 * do the right thing. Then again, maybe just letting
1699 * the error delivery do the right thing.
1700 */
1701 ks2dbg(keystack,
1702 ("mblk (%lu) and base (%d) message sizes don't jibe.\n",
1703 msgdsize(mp), msgsize));
1704 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE);
1705 return;
1706 }
1707
1708 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) {
1709 /* Get all message into one mblk. */
1710 if (pullupmsg(mp, -1) == 0) {
1711 /*
1712 * Something screwy happened.
1713 */
1714 ks3dbg(keystack,
1715 ("keysock_parse: pullupmsg() failed.\n"));
1716 return;
1717 } else {
1718 samsg = (sadb_msg_t *)mp->b_rptr;
1719 }
1720 }
1721
1722 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) {
1723 case KGE_DUP:
1724 /* Handle duplicate extension. */
1725 ks1dbg(keystack, ("Got duplicate extension of type %d.\n",
1726 extv[0]->sadb_ext_type));
1727 keysock_error(ks, mp, EINVAL,
1728 keysock_duplicate(extv[0]->sadb_ext_type));
1729 return;
1730 case KGE_UNK:
1731 /* Handle unknown extension. */
1732 ks1dbg(keystack, ("Got unknown extension of type %d.\n",
1733 extv[0]->sadb_ext_type));
1734 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT);
1735 return;
1736 case KGE_LEN:
1737 /* Length error. */
1738 ks1dbg(keystack,
1739 ("Length %d on extension type %d overrun or 0.\n",
1740 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type));
1741 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN);
1742 return;
1743 case KGE_CHK:
1744 /* Reality check failed. */
1745 ks1dbg(keystack,
1746 ("Reality check failed on extension type %d.\n",
1747 extv[0]->sadb_ext_type));
1748 keysock_error(ks, mp, EINVAL,
1749 keysock_malformed(extv[0]->sadb_ext_type));
1750 return;
1751 default:
1752 /* Default case is no errors. */
1753 break;
1754 }
1755
1756 switch (samsg->sadb_msg_type) {
1757 case SADB_REGISTER:
1758 /*
1759 * There's a semantic weirdness in that a message OTHER than
1760 * the return REGISTER message may be passed up if I set the
1761 * registered bit BEFORE I pass it down.
1762 *
1763 * SOOOO, I'll not twiddle any registered bits until I see
1764 * the upbound REGISTER (with a serial number in it).
1765 */
1766 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1767 /* Handle extended register here. */
1768 keysock_extended_register(ks, mp, extv);
1769 return;
1770 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) {
1771 keysock_error(ks, mp, EBUSY, 0);
1772 return;
1773 }
1774 /* FALLTHRU */
1775 case SADB_GETSPI:
1776 case SADB_ADD:
1777 case SADB_UPDATE:
1778 case SADB_X_UPDATEPAIR:
1779 case SADB_DELETE:
1780 case SADB_X_DELPAIR:
1781 case SADB_GET:
1782 /*
1783 * Pass down to appropriate consumer.
1784 */
1785 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1786 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1787 B_FALSE);
1788 else keysock_error(ks, mp, EINVAL,
1789 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1790 return;
1791 case SADB_X_DELPAIR_STATE:
1792 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1793 keysock_delpair_all(ks, mp, extv);
1794 } else {
1795 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1796 B_FALSE);
1797 }
1798 return;
1799 case SADB_ACQUIRE:
1800 /*
1801 * If I _receive_ an acquire, this means I should spread it
1802 * out to registered sockets. Unless there's an errno...
1803 *
1804 * Need ADDRESS, may have ID, SENS, and PROP, unless errno,
1805 * in which case there should be NO extensions.
1806 *
1807 * Return to registered.
1808 */
1809 if (samsg->sadb_msg_errno != 0) {
1810 satype = samsg->sadb_msg_satype;
1811 if (satype == SADB_SATYPE_UNSPEC) {
1812 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) {
1813 keysock_error(ks, mp, EINVAL,
1814 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1815 return;
1816 }
1817 /*
1818 * Reassign satype based on the first
1819 * flags that KEYSOCK_SETREG says.
1820 */
1821 while (satype <= SADB_SATYPE_MAX) {
1822 if (KEYSOCK_ISREG(ks, satype))
1823 break;
1824 satype++;
1825 }
1826 if (satype > SADB_SATYPE_MAX) {
1827 keysock_error(ks, mp, EBUSY, 0);
1828 return;
1829 }
1830 }
1831 keysock_passdown(ks, mp, satype, extv, B_FALSE);
1832 } else {
1833 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1834 keysock_error(ks, mp, EINVAL,
1835 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1836 } else {
1837 keysock_passup(mp, samsg, 0, NULL, B_FALSE,
1838 keystack);
1839 }
1840 }
1841 return;
1842 case SADB_EXPIRE:
1843 /*
1844 * If someone sends this in, then send out to all senders.
1845 * (Save maybe ESP or AH, I have to be careful here.)
1846 *
1847 * Need ADDRESS, may have ID and SENS.
1848 *
1849 * XXX for now this is unsupported.
1850 */
1851 break;
1852 case SADB_FLUSH:
1853 /*
1854 * Nuke all SAs.
1855 *
1856 * No extensions at all. Return to all listeners.
1857 *
1858 * Question: Should I hold a lock here to prevent
1859 * additions/deletions while flushing?
1860 * Answer: No. (See keysock_passdown() for details.)
1861 */
1862 if (extv[0] != NULL) {
1863 /*
1864 * FLUSH messages shouldn't have extensions.
1865 * Return EINVAL.
1866 */
1867 ks2dbg(keystack, ("FLUSH message with extension.\n"));
1868 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT);
1869 return;
1870 }
1871
1872 /* Passing down of DUMP/FLUSH messages are special. */
1873 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1874 return;
1875 case SADB_DUMP: /* not used by normal applications */
1876 if ((extv[0] != NULL) &&
1877 ((msgsize >
1878 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) ||
1879 (extv[SADB_X_EXT_EDUMP] == NULL))) {
1880 keysock_error(ks, mp, EINVAL,
1881 SADB_X_DIAGNOSTIC_NO_EXT);
1882 return;
1883 }
1884 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1885 return;
1886 case SADB_X_PROMISC:
1887 /*
1888 * Promiscuous processing message.
1889 */
1890 if (samsg->sadb_msg_satype == 0)
1891 ks->keysock_flags &= ~KEYSOCK_PROMISC;
1892 else
1893 ks->keysock_flags |= KEYSOCK_PROMISC;
1894 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE,
1895 keystack);
1896 return;
1897 case SADB_X_INVERSE_ACQUIRE:
1898 keysock_inverse_acquire(mp, samsg, extv, ks);
1899 return;
1900 default:
1901 ks2dbg(keystack, ("Got unknown message type %d.\n",
1902 samsg->sadb_msg_type));
1903 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG);
1904 return;
1905 }
1906
1907 /* As a placeholder... */
1908 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n"));
1909 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE);
1910 }
1911
1912 /*
1913 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket,
1914 * I don't convert to ioctl()'s for IP. I am the end-all driver as far
1915 * as PF_KEY sockets are concerned. I do some conversion, but not as much
1916 * as IP/rts does.
1917 */
1918 static void
1919 keysock_wput(queue_t *q, mblk_t *mp)
1920 {
1921 uchar_t *rptr = mp->b_rptr;
1922 mblk_t *mp1;
1923 keysock_t *ks;
1924 keysock_stack_t *keystack;
1925
1926 if (WR(q)->q_next) {
1927 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
1928 keystack = kc->kc_keystack;
1929
1930 ks3dbg(keystack, ("In keysock_wput\n"));
1931
1932 /*
1933 * We shouldn't get writes on a consumer instance.
1934 * But for now, just passthru.
1935 */
1936 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n",
1937 kc->kc_sa_type));
1938 putnext(q, mp);
1939 return;
1940 }
1941 ks = (keysock_t *)q->q_ptr;
1942 keystack = ks->keysock_keystack;
1943
1944 ks3dbg(keystack, ("In keysock_wput\n"));
1945
1946 switch (mp->b_datap->db_type) {
1947 case M_DATA:
1948 /*
1949 * Silently discard.
1950 */
1951 ks2dbg(keystack, ("raw M_DATA in keysock.\n"));
1952 freemsg(mp);
1953 return;
1954 case M_PROTO:
1955 case M_PCPROTO:
1956 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) {
1957 if (((union T_primitives *)rptr)->type == T_DATA_REQ) {
1958 if ((mp1 = mp->b_cont) == NULL) {
1959 /* No data after T_DATA_REQ. */
1960 ks2dbg(keystack,
1961 ("No data after DATA_REQ.\n"));
1962 freemsg(mp);
1963 return;
1964 }
1965 freeb(mp);
1966 mp = mp1;
1967 ks2dbg(keystack, ("T_DATA_REQ\n"));
1968 break; /* Out of switch. */
1969 }
1970 }
1971 /* FALLTHRU */
1972 default:
1973 ks3dbg(keystack, ("In default wput case (%d %d).\n",
1974 mp->b_datap->db_type, ((union T_primitives *)rptr)->type));
1975 keysock_wput_other(q, mp);
1976 return;
1977 }
1978
1979 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */
1980 keysock_parse(q, mp);
1981 }
1982
1983 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */
1984
1985 /*
1986 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate
1987 * state vectors.
1988 */
1989 static void
1990 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc)
1991 {
1992 keysock_t *ks;
1993 keysock_stack_t *keystack = kc->kc_keystack;
1994
1995 mutex_enter(&keystack->keystack_consumers_lock);
1996 mutex_enter(&kc->kc_lock);
1997 if (keystack->keystack_consumers[satype] != NULL) {
1998 ks0dbg((
1999 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n",
2000 satype));
2001 /*
2002 * Perhaps updating the new below-me consumer with what I have
2003 * so far would work too?
2004 */
2005 mutex_exit(&kc->kc_lock);
2006 mutex_exit(&keystack->keystack_consumers_lock);
2007 } else {
2008 /* Add new below-me consumer. */
2009 keystack->keystack_consumers[satype] = kc;
2010
2011 kc->kc_flags = 0;
2012 kc->kc_sa_type = satype;
2013 mutex_exit(&kc->kc_lock);
2014 mutex_exit(&keystack->keystack_consumers_lock);
2015
2016 /* Scan the keysock list. */
2017 mutex_enter(&keystack->keystack_list_lock);
2018 for (ks = keystack->keystack_list; ks != NULL;
2019 ks = ks->keysock_next) {
2020 if (KEYSOCK_ISREG(ks, satype)) {
2021 /*
2022 * XXX Perhaps send an SADB_REGISTER down on
2023 * the socket's behalf.
2024 */
2025 ks1dbg(keystack,
2026 ("Socket %u registered already for "
2027 "new consumer.\n", ks->keysock_serial));
2028 }
2029 }
2030 mutex_exit(&keystack->keystack_list_lock);
2031 }
2032 }
2033
2034 /*
2035 * Generate a KEYSOCK_OUT_ERR message for my consumer.
2036 */
2037 static void
2038 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp)
2039 {
2040 keysock_out_err_t *kse;
2041 mblk_t *imp;
2042 keysock_stack_t *keystack = kc->kc_keystack;
2043
2044 imp = allocb(sizeof (ipsec_info_t), BPRI_HI);
2045 if (imp == NULL) {
2046 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n"));
2047 return;
2048 }
2049
2050 imp->b_datap->db_type = M_CTL;
2051 imp->b_wptr += sizeof (ipsec_info_t);
2052
2053 kse = (keysock_out_err_t *)imp->b_rptr;
2054 imp->b_cont = mp;
2055 kse->ks_err_type = KEYSOCK_OUT_ERR;
2056 kse->ks_err_len = sizeof (*kse);
2057 /* Is serial necessary? */
2058 kse->ks_err_serial = 0;
2059 kse->ks_err_errno = ks_errno;
2060
2061 /*
2062 * XXX What else do I need to do here w.r.t. information
2063 * to tell the consumer what caused this error?
2064 *
2065 * I believe the answer is the PF_KEY ACQUIRE (or other) message
2066 * attached in mp, which is appended at the end. I believe the
2067 * db_ref won't matter here, because the PF_KEY message is only read
2068 * for KEYSOCK_OUT_ERR.
2069 */
2070
2071 putnext(kc->kc_wq, imp);
2072 }
2073
2074 /* XXX this is a hack errno. */
2075 #define EIPSECNOSA 255
2076
2077 /*
2078 * Route message (pointed by mp, header in samsg) toward appropriate
2079 * sockets. Assume the message's creator did its job correctly.
2080 *
2081 * This should be a function that is followed by a return in its caller.
2082 * The compiler _should_ be able to use tail-call optimizations to make the
2083 * large ## of parameters not a huge deal.
2084 */
2085 static void
2086 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial,
2087 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack)
2088 {
2089 keysock_t *ks;
2090 uint8_t satype = samsg->sadb_msg_satype;
2091 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE,
2092 setalg = B_FALSE;
2093 mblk_t *mp1;
2094 int err = EIPSECNOSA;
2095
2096 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */
2097 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI);
2098 if (mp1 == NULL) {
2099 err = ENOMEM;
2100 goto error;
2101 }
2102 mp1->b_wptr += sizeof (struct T_data_req);
2103 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND;
2104 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0;
2105 mp1->b_datap->db_type = M_PROTO;
2106 mp1->b_cont = mp;
2107 mp = mp1;
2108
2109 switch (samsg->sadb_msg_type) {
2110 case SADB_FLUSH:
2111 case SADB_GETSPI:
2112 case SADB_UPDATE:
2113 case SADB_X_UPDATEPAIR:
2114 case SADB_ADD:
2115 case SADB_DELETE:
2116 case SADB_X_DELPAIR:
2117 case SADB_EXPIRE:
2118 /*
2119 * These are most likely replies. Don't worry about
2120 * KEYSOCK_OUT_ERR handling. Deliver to all sockets.
2121 */
2122 ks3dbg(keystack,
2123 ("Delivering normal message (%d) to all sockets.\n",
2124 samsg->sadb_msg_type));
2125 toall = B_TRUE;
2126 break;
2127 case SADB_REGISTER:
2128 /*
2129 * REGISTERs come up for one of three reasons:
2130 *
2131 * 1.) In response to a normal SADB_REGISTER
2132 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2133 * serial != 0)
2134 * Deliver to normal SADB_REGISTERed sockets.
2135 * 2.) In response to an extended REGISTER
2136 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
2137 * Deliver to extended REGISTERed socket.
2138 * 3.) Spontaneous algorithm changes
2139 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2140 * serial == 0)
2141 * Deliver to REGISTERed sockets of all sorts.
2142 */
2143 if (kc == NULL) {
2144 /* Here because of keysock_error() call. */
2145 ASSERT(samsg->sadb_msg_errno != 0);
2146 break; /* Out of switch. */
2147 }
2148 ks3dbg(keystack, ("Delivering REGISTER.\n"));
2149 if (satype == SADB_SATYPE_UNSPEC) {
2150 /* REGISTER Reason #2 */
2151 allereg = B_TRUE;
2152 /*
2153 * Rewhack SA type so PF_KEY socket holder knows what
2154 * consumer generated this algorithm list.
2155 */
2156 satype = kc->kc_sa_type;
2157 samsg->sadb_msg_satype = satype;
2158 setalg = B_TRUE;
2159 } else if (serial == 0) {
2160 /* REGISTER Reason #3 */
2161 allreg = B_TRUE;
2162 allereg = B_TRUE;
2163 } else {
2164 /* REGISTER Reason #1 */
2165 allreg = B_TRUE;
2166 setalg = B_TRUE;
2167 }
2168 break;
2169 case SADB_ACQUIRE:
2170 /*
2171 * ACQUIREs are either extended (sadb_msg_satype == 0) or
2172 * regular (sadb_msg_satype != 0). And we're guaranteed
2173 * that serial == 0 for an ACQUIRE.
2174 */
2175 ks3dbg(keystack, ("Delivering ACQUIRE.\n"));
2176 allereg = (satype == SADB_SATYPE_UNSPEC);
2177 allreg = !allereg;
2178 /*
2179 * Corner case - if we send a regular ACQUIRE and there's
2180 * extended ones registered, don't send an error down to
2181 * consumers if nobody's listening and prematurely destroy
2182 * their ACQUIRE record. This might be too hackish of a
2183 * solution.
2184 */
2185 if (allreg && keystack->keystack_num_extended > 0)
2186 err = 0;
2187 break;
2188 case SADB_X_PROMISC:
2189 case SADB_X_INVERSE_ACQUIRE:
2190 case SADB_DUMP:
2191 case SADB_GET:
2192 default:
2193 /*
2194 * Deliver to the sender and promiscuous only.
2195 */
2196 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n",
2197 samsg->sadb_msg_type));
2198 break;
2199 }
2200
2201 mutex_enter(&keystack->keystack_list_lock);
2202 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) {
2203 /* Delivery loop. */
2204
2205 /*
2206 * Check special keysock-setting cases (REGISTER replies)
2207 * here.
2208 */
2209 if (setalg && serial == ks->keysock_serial) {
2210 ASSERT(kc != NULL);
2211 ASSERT(kc->kc_sa_type == satype);
2212 KEYSOCK_SETREG(ks, satype);
2213 }
2214
2215 /*
2216 * NOLOOP takes precedence over PROMISC. So if you've set
2217 * !SO_USELOOPBACK, don't expect to see any data...
2218 */
2219 if (ks->keysock_flags & KEYSOCK_NOLOOP)
2220 continue;
2221
2222 /*
2223 * Messages to all, or promiscuous sockets just GET the
2224 * message. Perform rules-type checking iff it's not for all
2225 * listeners or the socket is in promiscuous mode.
2226 *
2227 * NOTE:Because of the (kc != NULL && ISREG()), make sure
2228 * extended ACQUIREs arrive off a consumer that is
2229 * part of the extended REGISTER set of consumers.
2230 */
2231 if (serial != ks->keysock_serial &&
2232 !toall &&
2233 !(ks->keysock_flags & KEYSOCK_PROMISC) &&
2234 !((ks->keysock_flags & KEYSOCK_EXTENDED) ?
2235 allereg : allreg && kc != NULL &&
2236 KEYSOCK_ISREG(ks, kc->kc_sa_type)))
2237 continue;
2238
2239 mp1 = dupmsg(mp);
2240 if (mp1 == NULL) {
2241 ks2dbg(keystack, (
2242 "keysock_passup(): dupmsg() failed.\n"));
2243 mp1 = mp;
2244 mp = NULL;
2245 err = ENOMEM;
2246 }
2247
2248 /*
2249 * At this point, we can deliver or attempt to deliver
2250 * this message. We're free of obligation to report
2251 * no listening PF_KEY sockets. So set err to 0.
2252 */
2253 err = 0;
2254
2255 /*
2256 * See if we canputnext(), as well as see if the message
2257 * needs to be queued if we can't.
2258 */
2259 if (!canputnext(ks->keysock_rq)) {
2260 if (persistent) {
2261 if (putq(ks->keysock_rq, mp1) == 0) {
2262 ks1dbg(keystack, (
2263 "keysock_passup: putq failed.\n"));
2264 } else {
2265 continue;
2266 }
2267 }
2268 freemsg(mp1);
2269 continue;
2270 }
2271
2272 ks3dbg(keystack,
2273 ("Putting to serial %d.\n", ks->keysock_serial));
2274 /*
2275 * Unlike the specific keysock instance case, this
2276 * will only hit for listeners, so we will only
2277 * putnext() if we can.
2278 */
2279 putnext(ks->keysock_rq, mp1);
2280 if (mp == NULL)
2281 break; /* out of for loop. */
2282 }
2283 mutex_exit(&keystack->keystack_list_lock);
2284
2285 error:
2286 if ((err != 0) && (kc != NULL)) {
2287 /*
2288 * Generate KEYSOCK_OUT_ERR for consumer.
2289 * Basically, I send this back if I have not been able to
2290 * transmit (for whatever reason)
2291 */
2292 ks1dbg(keystack,
2293 ("keysock_passup(): No registered of type %d.\n",
2294 satype));
2295 if (mp != NULL) {
2296 if (mp->b_datap->db_type == M_PROTO) {
2297 mp1 = mp;
2298 mp = mp->b_cont;
2299 freeb(mp1);
2300 }
2301 /*
2302 * Do a copymsg() because people who get
2303 * KEYSOCK_OUT_ERR may alter the message contents.
2304 */
2305 mp1 = copymsg(mp);
2306 if (mp1 == NULL) {
2307 ks2dbg(keystack,
2308 ("keysock_passup: copymsg() failed.\n"));
2309 mp1 = mp;
2310 mp = NULL;
2311 }
2312 keysock_out_err(kc, err, mp1);
2313 }
2314 }
2315
2316 /*
2317 * XXX Blank the message somehow. This is difficult because we don't
2318 * know at this point if the message has db_ref > 1, etc.
2319 *
2320 * Optimally, keysock messages containing actual keying material would
2321 * be allocated with esballoc(), with a zeroing free function.
2322 */
2323 if (mp != NULL)
2324 freemsg(mp);
2325 }
2326
2327 /*
2328 * Keysock's read service procedure is there only for PF_KEY reply
2329 * messages that really need to reach the top.
2330 */
2331 static void
2332 keysock_rsrv(queue_t *q)
2333 {
2334 mblk_t *mp;
2335
2336 while ((mp = getq(q)) != NULL) {
2337 if (canputnext(q)) {
2338 putnext(q, mp);
2339 } else {
2340 (void) putbq(q, mp);
2341 return;
2342 }
2343 }
2344 }
2345
2346 /*
2347 * The read procedure should only be invoked by a keysock consumer, like
2348 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK
2349 * messages on my read queues.
2350 */
2351 static void
2352 keysock_rput(queue_t *q, mblk_t *mp)
2353 {
2354 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
2355 ipsec_info_t *ii;
2356 keysock_hello_ack_t *ksa;
2357 minor_t serial;
2358 mblk_t *mp1;
2359 sadb_msg_t *samsg;
2360 keysock_stack_t *keystack = kc->kc_keystack;
2361
2362 /* Make sure I'm a consumer instance. (i.e. something's below me) */
2363 ASSERT(WR(q)->q_next != NULL);
2364
2365 if (mp->b_datap->db_type != M_CTL) {
2366 /*
2367 * Keysock should only see keysock consumer interface
2368 * messages (see ipsec_info.h) on its read procedure.
2369 * To be robust, however, putnext() up so the STREAM head can
2370 * deal with it appropriately.
2371 */
2372 ks1dbg(keystack,
2373 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n",
2374 mp->b_datap->db_type, mp->b_datap->db_type));
2375 putnext(q, mp);
2376 return;
2377 }
2378
2379 ii = (ipsec_info_t *)mp->b_rptr;
2380
2381 switch (ii->ipsec_info_type) {
2382 case KEYSOCK_OUT:
2383 /*
2384 * A consumer needs to pass a response message or an ACQUIRE
2385 * UP. I assume that the consumer has done the right
2386 * thing w.r.t. message creation, etc.
2387 */
2388 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial;
2389 mp1 = mp->b_cont; /* Get M_DATA portion. */
2390 freeb(mp);
2391 samsg = (sadb_msg_t *)mp1->b_rptr;
2392 if (samsg->sadb_msg_type == SADB_FLUSH ||
2393 (samsg->sadb_msg_type == SADB_DUMP &&
2394 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) {
2395 /*
2396 * If I'm an end-of-FLUSH or an end-of-DUMP marker...
2397 */
2398 ASSERT(keystack->keystack_flushdump != 0);
2399 /* Am I flushing? */
2400
2401 mutex_enter(&kc->kc_lock);
2402 kc->kc_flags &= ~KC_FLUSHING;
2403 mutex_exit(&kc->kc_lock);
2404
2405 if (samsg->sadb_msg_errno != 0)
2406 keystack->keystack_flushdump_errno =
2407 samsg->sadb_msg_errno;
2408
2409 /*
2410 * Lower the atomic "flushing" count. If it's
2411 * the last one, send up the end-of-{FLUSH,DUMP} to
2412 * the appropriate PF_KEY socket.
2413 */
2414 if (atomic_dec_32_nv(&keystack->keystack_flushdump) !=
2415 0) {
2416 ks1dbg(keystack,
2417 ("One flush/dump message back from %d,"
2418 " more to go.\n", samsg->sadb_msg_satype));
2419 freemsg(mp1);
2420 return;
2421 }
2422
2423 samsg->sadb_msg_errno =
2424 (uint8_t)keystack->keystack_flushdump_errno;
2425 if (samsg->sadb_msg_type == SADB_DUMP) {
2426 samsg->sadb_msg_seq = 0;
2427 }
2428 }
2429 keysock_passup(mp1, samsg, serial, kc,
2430 (samsg->sadb_msg_type == SADB_DUMP), keystack);
2431 return;
2432 case KEYSOCK_HELLO_ACK:
2433 /* Aha, now we can link in the consumer! */
2434 ksa = (keysock_hello_ack_t *)ii;
2435 keysock_link_consumer(ksa->ks_hello_satype, kc);
2436 freemsg(mp);
2437 return;
2438 default:
2439 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n",
2440 ii->ipsec_info_type));
2441 putnext(q, mp);
2442 }
2443 }
2444
2445 /*
2446 * So we can avoid external linking problems....
2447 */
2448 boolean_t
2449 keysock_extended_reg(netstack_t *ns)
2450 {
2451 keysock_stack_t *keystack = ns->netstack_keysock;
2452
2453 return (keystack->keystack_num_extended != 0);
2454 }
2455
2456 uint32_t
2457 keysock_next_seq(netstack_t *ns)
2458 {
2459 keysock_stack_t *keystack = ns->netstack_keysock;
2460
2461 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq));
2462 }
Unleashed OS