1 /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.1 2003/01/24 05:11:35 sam Exp $ */
2 /* $DragonFly: src/sys/netproto/ipsec/key.c,v 1.26 2008/06/08 08:38:05 sephe Exp $ */
3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * This code is referd to RFC 2367
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
42 #include <sys/types.h>
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
47 #include <sys/domain.h>
48 #include <sys/protosw.h>
49 #include <sys/malloc.h>
50 #include <sys/socket.h>
51 #include <sys/socketvar.h>
52 #include <sys/sysctl.h>
53 #include <sys/errno.h>
55 #include <sys/queue.h>
56 #include <sys/syslog.h>
59 #include <net/route.h>
60 #include <net/raw_cb.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <netinet/in_var.h>
68 #include <netinet/ip6.h>
69 #include <netinet6/in6_var.h>
70 #include <netinet6/ip6_var.h>
74 #include <netinet/in_pcb.h>
77 #include <netinet6/in6_pcb.h>
80 #include <net/pfkeyv2.h>
81 #include <netproto/ipsec/keydb.h>
82 #include <netproto/ipsec/key.h>
83 #include <netproto/ipsec/keysock.h>
84 #include <netproto/ipsec/key_debug.h>
86 #include <netproto/ipsec/ipsec.h>
88 #include <netproto/ipsec/ipsec6.h>
91 #include <netproto/ipsec/xform.h>
93 #include <machine/stdarg.h>
96 #include <sys/random.h>
98 #include <net/net_osdep.h>
100 #define FULLMASK 0xff
101 #define _BITS(bytes) ((bytes) << 3)
104 * Note on SA reference counting:
105 * - SAs that are not in DEAD state will have (total external reference + 1)
106 * following value in reference count field. they cannot be freed and are
107 * referenced from SA header.
108 * - SAs that are in DEAD state will have (total external reference)
109 * in reference count field. they are ready to be freed. reference from
110 * SA header will be removed in key_delsav(), when the reference count
111 * field hits 0 (= no external reference other than from SA header.
115 static struct callout key_timehandler_ch
;
117 u_int32_t key_debug_level
= 0;
118 static u_int key_spi_trycnt
= 1000;
119 static u_int32_t key_spi_minval
= 0x100;
120 static u_int32_t key_spi_maxval
= 0x0fffffff; /* XXX */
121 static u_int32_t policy_id
= 0;
122 static u_int key_int_random
= 60; /*interval to initialize randseed,1(m)*/
123 static u_int key_larval_lifetime
= 30; /* interval to expire acquiring, 30(s)*/
124 static int key_blockacq_count
= 10; /* counter for blocking SADB_ACQUIRE.*/
125 static int key_blockacq_lifetime
= 20; /* lifetime for blocking SADB_ACQUIRE.*/
126 static int key_prefered_oldsa
= 1; /* prefered old sa rather than new sa.*/
128 static u_int32_t acq_seq
= 0;
129 static int key_tick_init_random
= 0;
131 static LIST_HEAD(_sptree
, secpolicy
) sptree
[IPSEC_DIR_MAX
]; /* SPD */
132 static LIST_HEAD(_sahtree
, secashead
) sahtree
; /* SAD */
133 static LIST_HEAD(_regtree
, secreg
) regtree
[SADB_SATYPE_MAX
+ 1];
135 #ifndef IPSEC_NONBLOCK_ACQUIRE
136 static LIST_HEAD(_acqtree
, secacq
) acqtree
; /* acquiring list */
138 static LIST_HEAD(_spacqtree
, secspacq
) spacqtree
; /* SP acquiring list */
140 /* search order for SAs */
141 static u_int saorder_state_valid
[] = {
142 SADB_SASTATE_DYING
, SADB_SASTATE_MATURE
,
144 * This order is important because we must select the oldest SA
145 * for outbound processing. For inbound, This is not important.
148 static u_int saorder_state_alive
[] = {
150 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
, SADB_SASTATE_LARVAL
152 static u_int saorder_state_any
[] = {
153 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
154 SADB_SASTATE_LARVAL
, SADB_SASTATE_DEAD
157 static const int minsize
[] = {
158 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
159 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
160 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
161 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
162 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
163 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_SRC */
164 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_DST */
165 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_PROXY */
166 sizeof(struct sadb_key
), /* SADB_EXT_KEY_AUTH */
167 sizeof(struct sadb_key
), /* SADB_EXT_KEY_ENCRYPT */
168 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_SRC */
169 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_DST */
170 sizeof(struct sadb_sens
), /* SADB_EXT_SENSITIVITY */
171 sizeof(struct sadb_prop
), /* SADB_EXT_PROPOSAL */
172 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_AUTH */
173 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_ENCRYPT */
174 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
175 0, /* SADB_X_EXT_KMPRIVATE */
176 sizeof(struct sadb_x_policy
), /* SADB_X_EXT_POLICY */
177 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
179 static const int maxsize
[] = {
180 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
181 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
182 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
183 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
184 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
185 0, /* SADB_EXT_ADDRESS_SRC */
186 0, /* SADB_EXT_ADDRESS_DST */
187 0, /* SADB_EXT_ADDRESS_PROXY */
188 0, /* SADB_EXT_KEY_AUTH */
189 0, /* SADB_EXT_KEY_ENCRYPT */
190 0, /* SADB_EXT_IDENTITY_SRC */
191 0, /* SADB_EXT_IDENTITY_DST */
192 0, /* SADB_EXT_SENSITIVITY */
193 0, /* SADB_EXT_PROPOSAL */
194 0, /* SADB_EXT_SUPPORTED_AUTH */
195 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
196 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
197 0, /* SADB_X_EXT_KMPRIVATE */
198 0, /* SADB_X_EXT_POLICY */
199 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
202 static int ipsec_esp_keymin
= 256;
203 static int ipsec_esp_auth
= 0;
204 static int ipsec_ah_keymin
= 128;
207 SYSCTL_DECL(_net_key
);
210 SYSCTL_INT(_net_key
, KEYCTL_DEBUG_LEVEL
, debug
, CTLFLAG_RW
, \
211 &key_debug_level
, 0, "");
213 /* max count of trial for the decision of spi value */
214 SYSCTL_INT(_net_key
, KEYCTL_SPI_TRY
, spi_trycnt
, CTLFLAG_RW
, \
215 &key_spi_trycnt
, 0, "");
217 /* minimum spi value to allocate automatically. */
218 SYSCTL_INT(_net_key
, KEYCTL_SPI_MIN_VALUE
, spi_minval
, CTLFLAG_RW
, \
219 &key_spi_minval
, 0, "");
221 /* maximun spi value to allocate automatically. */
222 SYSCTL_INT(_net_key
, KEYCTL_SPI_MAX_VALUE
, spi_maxval
, CTLFLAG_RW
, \
223 &key_spi_maxval
, 0, "");
225 /* interval to initialize randseed */
226 SYSCTL_INT(_net_key
, KEYCTL_RANDOM_INT
, int_random
, CTLFLAG_RW
, \
227 &key_int_random
, 0, "");
229 /* lifetime for larval SA */
230 SYSCTL_INT(_net_key
, KEYCTL_LARVAL_LIFETIME
, larval_lifetime
, CTLFLAG_RW
, \
231 &key_larval_lifetime
, 0, "");
233 /* counter for blocking to send SADB_ACQUIRE to IKEd */
234 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_COUNT
, blockacq_count
, CTLFLAG_RW
, \
235 &key_blockacq_count
, 0, "");
237 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
238 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_LIFETIME
, blockacq_lifetime
, CTLFLAG_RW
, \
239 &key_blockacq_lifetime
, 0, "");
242 SYSCTL_INT(_net_key
, KEYCTL_ESP_AUTH
, esp_auth
, CTLFLAG_RW
, \
243 &ipsec_esp_auth
, 0, "");
245 /* minimum ESP key length */
246 SYSCTL_INT(_net_key
, KEYCTL_ESP_KEYMIN
, esp_keymin
, CTLFLAG_RW
, \
247 &ipsec_esp_keymin
, 0, "");
249 /* minimum AH key length */
250 SYSCTL_INT(_net_key
, KEYCTL_AH_KEYMIN
, ah_keymin
, CTLFLAG_RW
, \
251 &ipsec_ah_keymin
, 0, "");
253 /* perfered old SA rather than new SA */
254 SYSCTL_INT(_net_key
, KEYCTL_PREFERED_OLDSA
, prefered_oldsa
, CTLFLAG_RW
,\
255 &key_prefered_oldsa
, 0, "");
257 #define __LIST_CHAINED(elm) \
258 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
259 #define LIST_INSERT_TAIL(head, elm, type, field) \
261 struct type *curelm = LIST_FIRST(head); \
262 if (curelm == NULL) {\
263 LIST_INSERT_HEAD(head, elm, field); \
265 while (LIST_NEXT(curelm, field)) \
266 curelm = LIST_NEXT(curelm, field);\
267 LIST_INSERT_AFTER(curelm, elm, field);\
271 #define KEY_CHKSASTATE(head, sav, name) \
273 if ((head) != (sav)) { \
274 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
275 (name), (head), (sav))); \
280 #define KEY_CHKSPDIR(head, sp, name) \
282 if ((head) != (sp)) { \
283 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
284 "anyway continue.\n", \
285 (name), (head), (sp))); \
289 MALLOC_DEFINE(M_SECA
, "key mgmt", "security associations, key management");
292 #define KMALLOC(p, t, n) \
293 ((p) = (t) kmalloc((unsigned long)(n), M_SECA, M_INTWAIT | M_NULLOK))
295 kfree((caddr_t)(p), M_SECA)
297 #define KMALLOC(p, t, n) \
299 ((p) = (t)kmalloc((unsigned long)(n), M_SECA, M_INTWAIT | M_NULLOK)); \
300 kprintf("%s %d: %p <- KMALLOC(%s, %d)\n", \
301 __FILE__, __LINE__, (p), #t, n); \
306 kprintf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
307 kfree((caddr_t)(p), M_SECA); \
312 * set parameters into secpolicyindex buffer.
313 * Must allocate secpolicyindex buffer passed to this function.
315 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
317 bzero((idx), sizeof(struct secpolicyindex)); \
318 (idx)->dir = (_dir); \
319 (idx)->prefs = (ps); \
320 (idx)->prefd = (pd); \
321 (idx)->ul_proto = (ulp); \
322 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
323 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
327 * set parameters into secasindex buffer.
328 * Must allocate secasindex buffer before calling this function.
330 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
332 bzero((idx), sizeof(struct secasindex)); \
333 (idx)->proto = (p); \
335 (idx)->reqid = (r); \
336 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
337 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
342 u_long getspi_count
; /* the avarage of count to try to get new SPI */
346 struct sadb_msg
*msg
;
347 struct sadb_ext
*ext
[SADB_EXT_MAX
+ 1];
348 int extoff
[SADB_EXT_MAX
+ 1];
349 int extlen
[SADB_EXT_MAX
+ 1];
352 static struct secasvar
*key_allocsa_policy (const struct secasindex
*);
353 static void key_freesp_so (struct secpolicy
**);
354 static struct secasvar
*key_do_allocsa_policy (struct secashead
*, u_int
);
355 static void key_delsp (struct secpolicy
*);
356 static struct secpolicy
*key_getsp (struct secpolicyindex
*);
357 static struct secpolicy
*key_getspbyid (u_int32_t
);
358 static u_int32_t
key_newreqid (void);
359 static struct mbuf
*key_gather_mbuf (struct mbuf
*,
360 const struct sadb_msghdr
*, int, int, ...);
361 static int key_spdadd (struct socket
*, struct mbuf
*,
362 const struct sadb_msghdr
*);
363 static u_int32_t
key_getnewspid (void);
364 static int key_spddelete (struct socket
*, struct mbuf
*,
365 const struct sadb_msghdr
*);
366 static int key_spddelete2 (struct socket
*, struct mbuf
*,
367 const struct sadb_msghdr
*);
368 static int key_spdget (struct socket
*, struct mbuf
*,
369 const struct sadb_msghdr
*);
370 static int key_spdflush (struct socket
*, struct mbuf
*,
371 const struct sadb_msghdr
*);
372 static int key_spddump (struct socket
*, struct mbuf
*,
373 const struct sadb_msghdr
*);
374 static struct mbuf
*key_setdumpsp (struct secpolicy
*,
375 u_int8_t
, u_int32_t
, u_int32_t
);
376 static u_int
key_getspreqmsglen (struct secpolicy
*);
377 static int key_spdexpire (struct secpolicy
*);
378 static struct secashead
*key_newsah (struct secasindex
*);
379 static void key_delsah (struct secashead
*);
380 static struct secasvar
*key_newsav (struct mbuf
*,
381 const struct sadb_msghdr
*, struct secashead
*, int *,
383 #define KEY_NEWSAV(m, sadb, sah, e) \
384 key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
385 static void key_delsav (struct secasvar
*);
386 static struct secashead
*key_getsah (struct secasindex
*);
387 static struct secasvar
*key_checkspidup (struct secasindex
*, u_int32_t
);
388 static struct secasvar
*key_getsavbyspi (struct secashead
*, u_int32_t
);
389 static int key_setsaval (struct secasvar
*, struct mbuf
*,
390 const struct sadb_msghdr
*);
391 static int key_mature (struct secasvar
*);
392 static struct mbuf
*key_setdumpsa (struct secasvar
*, u_int8_t
,
393 u_int8_t
, u_int32_t
, u_int32_t
);
394 static struct mbuf
*key_setsadbmsg (u_int8_t
, u_int16_t
, u_int8_t
,
395 u_int32_t
, pid_t
, u_int16_t
);
396 static struct mbuf
*key_setsadbsa (struct secasvar
*);
397 static struct mbuf
*key_setsadbaddr (u_int16_t
,
398 const struct sockaddr
*, u_int8_t
, u_int16_t
);
400 static struct mbuf
*key_setsadbident (u_int16_t
, u_int16_t
, caddr_t
,
403 static struct mbuf
*key_setsadbxsa2 (u_int8_t
, u_int32_t
, u_int32_t
);
404 static struct mbuf
*key_setsadbxpolicy (u_int16_t
, u_int8_t
,
406 static void *key_newbuf (const void *, u_int
);
408 static int key_ismyaddr6 (struct sockaddr_in6
*);
411 /* flags for key_cmpsaidx() */
412 #define CMP_HEAD 1 /* protocol, addresses. */
413 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
414 #define CMP_REQID 3 /* additionally HEAD, reaid. */
415 #define CMP_EXACTLY 4 /* all elements. */
416 static int key_cmpsaidx
417 (const struct secasindex
*, const struct secasindex
*, int);
419 static int key_cmpspidx_exactly
420 (struct secpolicyindex
*, struct secpolicyindex
*);
421 static int key_cmpspidx_withmask
422 (struct secpolicyindex
*, struct secpolicyindex
*);
423 static int key_sockaddrcmp (const struct sockaddr
*, const struct sockaddr
*, int);
424 static int key_bbcmp (const void *, const void *, u_int
);
425 static void key_srandom (void);
426 static u_int16_t
key_satype2proto (u_int8_t
);
427 static u_int8_t
key_proto2satype (u_int16_t
);
429 static int key_getspi (struct socket
*, struct mbuf
*,
430 const struct sadb_msghdr
*);
431 static u_int32_t
key_do_getnewspi (struct sadb_spirange
*,
432 struct secasindex
*);
433 static int key_update (struct socket
*, struct mbuf
*,
434 const struct sadb_msghdr
*);
435 #ifdef IPSEC_DOSEQCHECK
436 static struct secasvar
*key_getsavbyseq (struct secashead
*, u_int32_t
);
438 static int key_add (struct socket
*, struct mbuf
*,
439 const struct sadb_msghdr
*);
440 static int key_setident (struct secashead
*, struct mbuf
*,
441 const struct sadb_msghdr
*);
442 static struct mbuf
*key_getmsgbuf_x1 (struct mbuf
*,
443 const struct sadb_msghdr
*);
444 static int key_delete (struct socket
*, struct mbuf
*,
445 const struct sadb_msghdr
*);
446 static int key_get (struct socket
*, struct mbuf
*,
447 const struct sadb_msghdr
*);
449 static void key_getcomb_setlifetime (struct sadb_comb
*);
450 static struct mbuf
*key_getcomb_esp (void);
451 static struct mbuf
*key_getcomb_ah (void);
452 static struct mbuf
*key_getcomb_ipcomp (void);
453 static struct mbuf
*key_getprop (const struct secasindex
*);
455 static int key_acquire (const struct secasindex
*, struct secpolicy
*);
456 #ifndef IPSEC_NONBLOCK_ACQUIRE
457 static struct secacq
*key_newacq (const struct secasindex
*);
458 static struct secacq
*key_getacq (const struct secasindex
*);
459 static struct secacq
*key_getacqbyseq (u_int32_t
);
461 static struct secspacq
*key_newspacq (struct secpolicyindex
*);
462 static struct secspacq
*key_getspacq (struct secpolicyindex
*);
463 static int key_acquire2 (struct socket
*, struct mbuf
*,
464 const struct sadb_msghdr
*);
465 static int key_register (struct socket
*, struct mbuf
*,
466 const struct sadb_msghdr
*);
467 static int key_expire (struct secasvar
*);
468 static int key_flush (struct socket
*, struct mbuf
*,
469 const struct sadb_msghdr
*);
470 static int key_dump (struct socket
*, struct mbuf
*,
471 const struct sadb_msghdr
*);
472 static int key_promisc (struct socket
*, struct mbuf
*,
473 const struct sadb_msghdr
*);
474 static int key_senderror (struct socket
*, struct mbuf
*, int);
475 static int key_validate_ext (const struct sadb_ext
*, int);
476 static int key_align (struct mbuf
*, struct sadb_msghdr
*);
478 static const char *key_getfqdn (void);
479 static const char *key_getuserfqdn (void);
481 static void key_sa_chgstate (struct secasvar
*, u_int8_t
);
482 static struct mbuf
*key_alloc_mbuf (int);
484 #define SA_ADDREF(p) do { \
486 KASSERT((p)->refcnt != 0, \
487 ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \
489 #define SA_DELREF(p) do { \
490 KASSERT((p)->refcnt > 0, \
491 ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \
495 #define SP_ADDREF(p) do { \
497 KASSERT((p)->refcnt != 0, \
498 ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \
500 #define SP_DELREF(p) do { \
501 KASSERT((p)->refcnt > 0, \
502 ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \
507 * Return 0 when there are known to be no SP's for the specified
508 * direction. Otherwise return 1. This is used by IPsec code
509 * to optimize performance.
512 key_havesp(u_int dir
)
514 return (dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
?
515 LIST_FIRST(&sptree
[dir
]) != NULL
: 1);
518 /* %%% IPsec policy management */
520 * allocating a SP for OUTBOUND or INBOUND packet.
521 * Must call key_freesp() later.
522 * OUT: NULL: not found
523 * others: found and return the pointer.
526 key_allocsp(struct secpolicyindex
*spidx
, u_int dir
, const char* where
, int tag
)
528 struct secpolicy
*sp
;
531 KASSERT(spidx
!= NULL
, ("key_allocsp: null spidx"));
532 KASSERT(dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
,
533 ("key_allocsp: invalid direction %u", dir
));
535 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
536 kprintf("DP key_allocsp from %s:%u\n", where
, tag
));
540 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
541 kprintf("*** objects\n"); kdebug_secpolicyindex(spidx
));
543 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
544 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
545 kprintf("*** in SPD\n");
546 kdebug_secpolicyindex(&sp
->spidx
));
548 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
550 if (key_cmpspidx_withmask(&sp
->spidx
, spidx
))
557 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp");
559 /* found a SPD entry */
560 sp
->lastused
= time_second
;
565 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
566 kprintf("DP key_allocsp return SP:%p (ID=%u) refcnt %u\n",
567 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
572 * allocating a SP for OUTBOUND or INBOUND packet.
573 * Must call key_freesp() later.
574 * OUT: NULL: not found
575 * others: found and return the pointer.
578 key_allocsp2(u_int32_t spi
,
579 union sockaddr_union
*dst
,
582 const char* where
, int tag
)
584 struct secpolicy
*sp
;
587 KASSERT(dst
!= NULL
, ("key_allocsp2: null dst"));
588 KASSERT(dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
,
589 ("key_allocsp2: invalid direction %u", dir
));
591 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
592 kprintf("DP key_allocsp2 from %s:%u\n", where
, tag
));
596 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
597 kprintf("*** objects\n");
598 kprintf("spi %u proto %u dir %u\n", spi
, proto
, dir
);
599 kdebug_sockaddr(&dst
->sa
));
601 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
602 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
603 kprintf("*** in SPD\n");
604 kdebug_secpolicyindex(&sp
->spidx
));
606 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
608 /* compare simple values, then dst address */
609 if (sp
->spidx
.ul_proto
!= proto
)
611 /* NB: spi's must exist and match */
612 if (!sp
->req
|| !sp
->req
->sav
|| sp
->req
->sav
->spi
!= spi
)
614 if (key_sockaddrcmp(&sp
->spidx
.dst
.sa
, &dst
->sa
, 1) == 0)
621 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp2");
623 /* found a SPD entry */
624 sp
->lastused
= time_second
;
629 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
630 kprintf("DP key_allocsp2 return SP:%p (ID=%u) refcnt %u\n",
631 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
636 * return a policy that matches this particular inbound packet.
640 key_gettunnel(const struct sockaddr
*osrc
,
641 const struct sockaddr
*odst
,
642 const struct sockaddr
*isrc
,
643 const struct sockaddr
*idst
,
644 const char* where
, int tag
)
646 struct secpolicy
*sp
;
647 const int dir
= IPSEC_DIR_INBOUND
;
649 struct ipsecrequest
*r1
, *r2
, *p
;
650 struct secpolicyindex spidx
;
652 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
653 kprintf("DP key_gettunnel from %s:%u\n", where
, tag
));
655 if (isrc
->sa_family
!= idst
->sa_family
) {
656 ipseclog((LOG_ERR
, "protocol family mismatched %d != %d\n.",
657 isrc
->sa_family
, idst
->sa_family
));
663 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
664 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
668 for (p
= sp
->req
; p
; p
= p
->next
) {
669 if (p
->saidx
.mode
!= IPSEC_MODE_TUNNEL
)
676 /* here we look at address matches only */
678 if (isrc
->sa_len
> sizeof(spidx
.src
) ||
679 idst
->sa_len
> sizeof(spidx
.dst
))
681 bcopy(isrc
, &spidx
.src
, isrc
->sa_len
);
682 bcopy(idst
, &spidx
.dst
, idst
->sa_len
);
683 if (!key_cmpspidx_withmask(&sp
->spidx
, &spidx
))
686 if (key_sockaddrcmp(&r1
->saidx
.src
.sa
, isrc
, 0) ||
687 key_sockaddrcmp(&r1
->saidx
.dst
.sa
, idst
, 0))
691 if (key_sockaddrcmp(&r2
->saidx
.src
.sa
, osrc
, 0) ||
692 key_sockaddrcmp(&r2
->saidx
.dst
.sa
, odst
, 0))
701 sp
->lastused
= time_second
;
706 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
707 kprintf("DP key_gettunnel return SP:%p (ID=%u) refcnt %u\n",
708 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
713 * allocating an SA entry for an *OUTBOUND* packet.
714 * checking each request entries in SP, and acquire an SA if need.
715 * OUT: 0: there are valid requests.
716 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
719 key_checkrequest(struct ipsecrequest
*isr
, const struct secasindex
*saidx
)
724 KASSERT(isr
!= NULL
, ("key_checkrequest: null isr"));
725 KASSERT(saidx
!= NULL
, ("key_checkrequest: null saidx"));
726 KASSERT(saidx
->mode
== IPSEC_MODE_TRANSPORT
||
727 saidx
->mode
== IPSEC_MODE_TUNNEL
,
728 ("key_checkrequest: unexpected policy %u", saidx
->mode
));
730 /* get current level */
731 level
= ipsec_get_reqlevel(isr
);
734 * XXX guard against protocol callbacks from the crypto
735 * thread as they reference ipsecrequest.sav which we
736 * temporarily null out below. Need to rethink how we
737 * handle bundled SA's in the callback thread.
741 * We do allocate new SA only if the state of SA in the holder is
742 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
744 if (isr
->sav
!= NULL
) {
745 if (isr
->sav
->sah
== NULL
)
746 panic("key_checkrequest: sah is null.\n");
747 if (isr
->sav
== (struct secasvar
*)LIST_FIRST(
748 &isr
->sav
->sah
->savtree
[SADB_SASTATE_DEAD
])) {
749 KEY_FREESAV(&isr
->sav
);
755 * we free any SA stashed in the IPsec request because a different
756 * SA may be involved each time this request is checked, either
757 * because new SAs are being configured, or this request is
758 * associated with an unconnected datagram socket, or this request
759 * is associated with a system default policy.
761 * The operation may have negative impact to performance. We may
762 * want to check cached SA carefully, rather than picking new SA
765 if (isr
->sav
!= NULL
) {
766 KEY_FREESAV(&isr
->sav
);
772 * new SA allocation if no SA found.
773 * key_allocsa_policy should allocate the oldest SA available.
774 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
776 if (isr
->sav
== NULL
)
777 isr
->sav
= key_allocsa_policy(saidx
);
779 /* When there is SA. */
780 if (isr
->sav
!= NULL
) {
781 if (isr
->sav
->state
!= SADB_SASTATE_MATURE
&&
782 isr
->sav
->state
!= SADB_SASTATE_DYING
)
788 error
= key_acquire(saidx
, isr
->sp
);
790 /* XXX What should I do ? */
791 ipseclog((LOG_DEBUG
, "key_checkrequest: error %d returned "
792 "from key_acquire.\n", error
));
796 if (level
!= IPSEC_LEVEL_REQUIRE
) {
797 /* XXX sigh, the interface to this routine is botched */
798 KASSERT(isr
->sav
== NULL
, ("key_checkrequest: unexpected SA"));
806 * allocating a SA for policy entry from SAD.
807 * NOTE: searching SAD of aliving state.
808 * OUT: NULL: not found.
809 * others: found and return the pointer.
811 static struct secasvar
*
812 key_allocsa_policy(const struct secasindex
*saidx
)
814 struct secashead
*sah
;
815 struct secasvar
*sav
;
816 u_int stateidx
, state
;
818 LIST_FOREACH(sah
, &sahtree
, chain
) {
819 if (sah
->state
== SADB_SASTATE_DEAD
)
821 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_MODE_REQID
))
829 /* search valid state */
831 stateidx
< _ARRAYLEN(saorder_state_valid
);
834 state
= saorder_state_valid
[stateidx
];
836 sav
= key_do_allocsa_policy(sah
, state
);
845 * searching SAD with direction, protocol, mode and state.
846 * called by key_allocsa_policy().
849 * others : found, pointer to a SA.
851 static struct secasvar
*
852 key_do_allocsa_policy(struct secashead
*sah
, u_int state
)
854 struct secasvar
*sav
, *nextsav
, *candidate
= NULL
, *d
;
856 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
, nextsav
) {
858 KEY_CHKSASTATE(sav
->state
, state
, "key_do_allocsa_policy");
861 if (candidate
== NULL
) {
866 /* Which SA is the better ? */
869 if (candidate
->lft_c
== NULL
|| sav
->lft_c
== NULL
)
870 panic("key_do_allocsa_policy: "
871 "lifetime_current is NULL.\n");
873 /* What the best method is to compare ? */
874 if (key_prefered_oldsa
) {
875 if (candidate
->lft_c
->sadb_lifetime_addtime
>
876 sav
->lft_c
->sadb_lifetime_addtime
) {
882 /* prefered new sa rather than old sa */
883 if (candidate
->lft_c
->sadb_lifetime_addtime
<
884 sav
->lft_c
->sadb_lifetime_addtime
) {
891 * prepared to delete the SA when there is more
892 * suitable candidate and the lifetime of the SA is not
895 if (d
->lft_c
->sadb_lifetime_addtime
!= 0) {
896 struct mbuf
*m
, *result
;
899 key_sa_chgstate(d
, SADB_SASTATE_DEAD
);
901 KASSERT(d
->refcnt
> 0,
902 ("key_do_allocsa_policy: bogus ref count"));
904 satype
= key_proto2satype(d
->sah
->saidx
.proto
);
908 m
= key_setsadbmsg(SADB_DELETE
, 0, satype
, 0, 0,
914 /* set sadb_address for saidx's. */
915 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
916 &d
->sah
->saidx
.src
.sa
,
917 d
->sah
->saidx
.src
.sa
.sa_len
<< 3,
923 /* set sadb_address for saidx's. */
924 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
925 &d
->sah
->saidx
.dst
.sa
,
926 d
->sah
->saidx
.dst
.sa
.sa_len
<< 3,
932 /* create SA extension */
933 m
= key_setsadbsa(d
);
938 if (result
->m_len
< sizeof(struct sadb_msg
)) {
939 result
= m_pullup(result
,
940 sizeof(struct sadb_msg
));
945 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
946 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
947 PFKEY_UNIT64(result
->m_pkthdr
.len
);
949 if (key_sendup_mbuf(NULL
, result
,
950 KEY_SENDUP_REGISTERED
))
958 SA_ADDREF(candidate
);
959 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
960 kprintf("DP allocsa_policy cause refcnt++:%d SA:%p\n",
961 candidate
->refcnt
, candidate
));
967 * allocating a usable SA entry for a *INBOUND* packet.
968 * Must call key_freesav() later.
969 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
970 * NULL: not found, or error occured.
972 * In the comparison, no source address is used--for RFC2401 conformance.
973 * To quote, from section 4.1:
974 * A security association is uniquely identified by a triple consisting
975 * of a Security Parameter Index (SPI), an IP Destination Address, and a
976 * security protocol (AH or ESP) identifier.
977 * Note that, however, we do need to keep source address in IPsec SA.
978 * IKE specification and PF_KEY specification do assume that we
979 * keep source address in IPsec SA. We see a tricky situation here.
983 union sockaddr_union
*dst
,
986 const char* where
, int tag
)
988 struct secashead
*sah
;
989 struct secasvar
*sav
;
990 u_int stateidx
, state
;
993 KASSERT(dst
!= NULL
, ("key_allocsa: null dst address"));
995 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
996 kprintf("DP key_allocsa from %s:%u\n", where
, tag
));
1000 * XXX: to be checked internal IP header somewhere. Also when
1001 * IPsec tunnel packet is received. But ESP tunnel mode is
1002 * encrypted so we can't check internal IP header.
1005 LIST_FOREACH(sah
, &sahtree
, chain
) {
1006 /* search valid state */
1008 stateidx
< _ARRAYLEN(saorder_state_valid
);
1010 state
= saorder_state_valid
[stateidx
];
1011 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
1013 KEY_CHKSASTATE(sav
->state
, state
, "key_allocsav");
1014 /* do not return entries w/ unusable state */
1015 if (sav
->state
!= SADB_SASTATE_MATURE
&&
1016 sav
->state
!= SADB_SASTATE_DYING
)
1018 if (proto
!= sav
->sah
->saidx
.proto
)
1020 if (spi
!= sav
->spi
)
1022 #if 0 /* don't check src */
1023 /* check src address */
1024 if (key_sockaddrcmp(&src
->sa
, &sav
->sah
->saidx
.src
.sa
, 0) != 0)
1027 /* check dst address */
1028 if (key_sockaddrcmp(&dst
->sa
, &sav
->sah
->saidx
.dst
.sa
, 0) != 0)
1039 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1040 kprintf("DP key_allocsa return SA:%p; refcnt %u\n",
1041 sav
, sav
? sav
->refcnt
: 0));
1046 * Must be called after calling key_allocsp().
1047 * For both the packet without socket and key_freeso().
1050 _key_freesp(struct secpolicy
**spp
, const char* where
, int tag
)
1052 struct secpolicy
*sp
= *spp
;
1054 KASSERT(sp
!= NULL
, ("key_freesp: null sp"));
1058 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1059 kprintf("DP key_freesp SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
1060 sp
, sp
->id
, where
, tag
, sp
->refcnt
));
1062 if (sp
->refcnt
== 0) {
1069 * Must be called after calling key_allocsp().
1070 * For the packet with socket.
1073 key_freeso(struct socket
*so
)
1076 KASSERT(so
!= NULL
, ("key_freeso: null so"));
1078 switch (so
->so_proto
->pr_domain
->dom_family
) {
1082 struct inpcb
*pcb
= so
->so_pcb
;
1084 /* Does it have a PCB ? */
1087 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1088 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1095 #ifdef HAVE_NRL_INPCB
1096 struct inpcb
*pcb
= so
->so_pcb
;
1098 /* Does it have a PCB ? */
1101 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1102 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1104 struct in6pcb
*pcb
= so
->so_pcb
;
1106 /* Does it have a PCB ? */
1109 key_freesp_so(&pcb
->in6p_sp
->sp_in
);
1110 key_freesp_so(&pcb
->in6p_sp
->sp_out
);
1116 ipseclog((LOG_DEBUG
, "key_freeso: unknown address family=%d.\n",
1117 so
->so_proto
->pr_domain
->dom_family
));
1123 key_freesp_so(struct secpolicy
**sp
)
1125 KASSERT(sp
!= NULL
&& *sp
!= NULL
, ("key_freesp_so: null sp"));
1127 if ((*sp
)->policy
== IPSEC_POLICY_ENTRUST
||
1128 (*sp
)->policy
== IPSEC_POLICY_BYPASS
)
1131 KASSERT((*sp
)->policy
== IPSEC_POLICY_IPSEC
,
1132 ("key_freesp_so: invalid policy %u", (*sp
)->policy
));
1137 * Must be called after calling key_allocsa().
1138 * This function is called by key_freesp() to free some SA allocated
1142 key_freesav(struct secasvar
**psav
, const char* where
, int tag
)
1144 struct secasvar
*sav
= *psav
;
1146 KASSERT(sav
!= NULL
, ("key_freesav: null sav"));
1150 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1151 kprintf("DP key_freesav SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
1152 sav
, ntohl(sav
->spi
), where
, tag
, sav
->refcnt
));
1154 if (sav
->refcnt
== 0) {
1160 /* %%% SPD management */
1162 * free security policy entry.
1165 key_delsp(struct secpolicy
*sp
)
1169 KASSERT(sp
!= NULL
, ("key_delsp: null sp"));
1171 sp
->state
= IPSEC_SPSTATE_DEAD
;
1173 KASSERT(sp
->refcnt
== 0,
1174 ("key_delsp: SP with references deleted (refcnt %u)",
1178 /* remove from SP index */
1179 if (__LIST_CHAINED(sp
))
1180 LIST_REMOVE(sp
, chain
);
1183 struct ipsecrequest
*isr
= sp
->req
, *nextisr
;
1185 while (isr
!= NULL
) {
1186 if (isr
->sav
!= NULL
) {
1187 KEY_FREESAV(&isr
->sav
);
1191 nextisr
= isr
->next
;
1204 * OUT: NULL : not found
1205 * others : found, pointer to a SP.
1207 static struct secpolicy
*
1208 key_getsp(struct secpolicyindex
*spidx
)
1210 struct secpolicy
*sp
;
1212 KASSERT(spidx
!= NULL
, ("key_getsp: null spidx"));
1214 LIST_FOREACH(sp
, &sptree
[spidx
->dir
], chain
) {
1215 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1217 if (key_cmpspidx_exactly(spidx
, &sp
->spidx
)) {
1228 * OUT: NULL : not found
1229 * others : found, pointer to a SP.
1231 static struct secpolicy
*
1232 key_getspbyid(u_int32_t id
)
1234 struct secpolicy
*sp
;
1236 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_INBOUND
], chain
) {
1237 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1245 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_OUTBOUND
], chain
) {
1246 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1258 key_newsp(const char* where
, int tag
)
1260 struct secpolicy
*newsp
= NULL
;
1262 newsp
= kmalloc(sizeof(struct secpolicy
), M_SECA
,
1263 M_INTWAIT
| M_ZERO
| M_NULLOK
);
1269 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1270 kprintf("DP key_newsp from %s:%u return SP:%p\n",
1271 where
, tag
, newsp
));
1276 * create secpolicy structure from sadb_x_policy structure.
1277 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1278 * so must be set properly later.
1281 key_msg2sp(struct sadb_x_policy
*xpl0
, size_t len
, int *error
)
1283 struct secpolicy
*newsp
;
1287 panic("key_msg2sp: NULL pointer was passed.\n");
1288 if (len
< sizeof(*xpl0
))
1289 panic("key_msg2sp: invalid length.\n");
1290 if (len
!= PFKEY_EXTLEN(xpl0
)) {
1291 ipseclog((LOG_DEBUG
, "key_msg2sp: Invalid msg length.\n"));
1296 if ((newsp
= KEY_NEWSP()) == NULL
) {
1301 newsp
->spidx
.dir
= xpl0
->sadb_x_policy_dir
;
1302 newsp
->policy
= xpl0
->sadb_x_policy_type
;
1305 switch (xpl0
->sadb_x_policy_type
) {
1306 case IPSEC_POLICY_DISCARD
:
1307 case IPSEC_POLICY_NONE
:
1308 case IPSEC_POLICY_ENTRUST
:
1309 case IPSEC_POLICY_BYPASS
:
1313 case IPSEC_POLICY_IPSEC
:
1316 struct sadb_x_ipsecrequest
*xisr
;
1317 struct ipsecrequest
**p_isr
= &newsp
->req
;
1319 /* validity check */
1320 if (PFKEY_EXTLEN(xpl0
) < sizeof(*xpl0
)) {
1321 ipseclog((LOG_DEBUG
,
1322 "key_msg2sp: Invalid msg length.\n"));
1328 tlen
= PFKEY_EXTLEN(xpl0
) - sizeof(*xpl0
);
1329 xisr
= (struct sadb_x_ipsecrequest
*)(xpl0
+ 1);
1333 if (xisr
->sadb_x_ipsecrequest_len
< sizeof(*xisr
)) {
1334 ipseclog((LOG_DEBUG
, "key_msg2sp: "
1335 "invalid ipsecrequest length.\n"));
1341 /* allocate request buffer */
1342 KMALLOC(*p_isr
, struct ipsecrequest
*, sizeof(**p_isr
));
1343 if ((*p_isr
) == NULL
) {
1344 ipseclog((LOG_DEBUG
,
1345 "key_msg2sp: No more memory.\n"));
1350 bzero(*p_isr
, sizeof(**p_isr
));
1353 (*p_isr
)->next
= NULL
;
1355 switch (xisr
->sadb_x_ipsecrequest_proto
) {
1358 case IPPROTO_IPCOMP
:
1361 ipseclog((LOG_DEBUG
,
1362 "key_msg2sp: invalid proto type=%u\n",
1363 xisr
->sadb_x_ipsecrequest_proto
));
1365 *error
= EPROTONOSUPPORT
;
1368 (*p_isr
)->saidx
.proto
= xisr
->sadb_x_ipsecrequest_proto
;
1370 switch (xisr
->sadb_x_ipsecrequest_mode
) {
1371 case IPSEC_MODE_TRANSPORT
:
1372 case IPSEC_MODE_TUNNEL
:
1374 case IPSEC_MODE_ANY
:
1376 ipseclog((LOG_DEBUG
,
1377 "key_msg2sp: invalid mode=%u\n",
1378 xisr
->sadb_x_ipsecrequest_mode
));
1383 (*p_isr
)->saidx
.mode
= xisr
->sadb_x_ipsecrequest_mode
;
1385 switch (xisr
->sadb_x_ipsecrequest_level
) {
1386 case IPSEC_LEVEL_DEFAULT
:
1387 case IPSEC_LEVEL_USE
:
1388 case IPSEC_LEVEL_REQUIRE
:
1390 case IPSEC_LEVEL_UNIQUE
:
1391 /* validity check */
1393 * If range violation of reqid, kernel will
1394 * update it, don't refuse it.
1396 if (xisr
->sadb_x_ipsecrequest_reqid
1397 > IPSEC_MANUAL_REQID_MAX
) {
1398 ipseclog((LOG_DEBUG
,
1399 "key_msg2sp: reqid=%d range "
1400 "violation, updated by kernel.\n",
1401 xisr
->sadb_x_ipsecrequest_reqid
));
1402 xisr
->sadb_x_ipsecrequest_reqid
= 0;
1405 /* allocate new reqid id if reqid is zero. */
1406 if (xisr
->sadb_x_ipsecrequest_reqid
== 0) {
1408 if ((reqid
= key_newreqid()) == 0) {
1413 (*p_isr
)->saidx
.reqid
= reqid
;
1414 xisr
->sadb_x_ipsecrequest_reqid
= reqid
;
1416 /* set it for manual keying. */
1417 (*p_isr
)->saidx
.reqid
=
1418 xisr
->sadb_x_ipsecrequest_reqid
;
1423 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid level=%u\n",
1424 xisr
->sadb_x_ipsecrequest_level
));
1429 (*p_isr
)->level
= xisr
->sadb_x_ipsecrequest_level
;
1431 /* set IP addresses if there */
1432 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
1433 struct sockaddr
*paddr
;
1435 paddr
= (struct sockaddr
*)(xisr
+ 1);
1437 /* validity check */
1439 > sizeof((*p_isr
)->saidx
.src
)) {
1440 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1441 "address length.\n"));
1446 bcopy(paddr
, &(*p_isr
)->saidx
.src
,
1449 paddr
= (struct sockaddr
*)((caddr_t
)paddr
1452 /* validity check */
1454 > sizeof((*p_isr
)->saidx
.dst
)) {
1455 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1456 "address length.\n"));
1461 bcopy(paddr
, &(*p_isr
)->saidx
.dst
,
1465 (*p_isr
)->sav
= NULL
;
1466 (*p_isr
)->sp
= newsp
;
1468 /* initialization for the next. */
1469 p_isr
= &(*p_isr
)->next
;
1470 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
1472 /* validity check */
1474 ipseclog((LOG_DEBUG
, "key_msg2sp: becoming tlen < 0.\n"));
1480 xisr
= (struct sadb_x_ipsecrequest
*)((caddr_t
)xisr
1481 + xisr
->sadb_x_ipsecrequest_len
);
1486 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid policy type.\n"));
1499 static u_int32_t auto_reqid
= IPSEC_MANUAL_REQID_MAX
+ 1;
1501 auto_reqid
= (auto_reqid
== ~0
1502 ? IPSEC_MANUAL_REQID_MAX
+ 1 : auto_reqid
+ 1);
1504 /* XXX should be unique check */
1510 * copy secpolicy struct to sadb_x_policy structure indicated.
1513 key_sp2msg(struct secpolicy
*sp
)
1515 struct sadb_x_policy
*xpl
;
1522 panic("key_sp2msg: NULL pointer was passed.\n");
1524 tlen
= key_getspreqmsglen(sp
);
1526 m
= key_alloc_mbuf(tlen
);
1527 if (!m
|| m
->m_next
) { /*XXX*/
1535 xpl
= mtod(m
, struct sadb_x_policy
*);
1538 xpl
->sadb_x_policy_len
= PFKEY_UNIT64(tlen
);
1539 xpl
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
1540 xpl
->sadb_x_policy_type
= sp
->policy
;
1541 xpl
->sadb_x_policy_dir
= sp
->spidx
.dir
;
1542 xpl
->sadb_x_policy_id
= sp
->id
;
1543 p
= (caddr_t
)xpl
+ sizeof(*xpl
);
1545 /* if is the policy for ipsec ? */
1546 if (sp
->policy
== IPSEC_POLICY_IPSEC
) {
1547 struct sadb_x_ipsecrequest
*xisr
;
1548 struct ipsecrequest
*isr
;
1550 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
1552 xisr
= (struct sadb_x_ipsecrequest
*)p
;
1554 xisr
->sadb_x_ipsecrequest_proto
= isr
->saidx
.proto
;
1555 xisr
->sadb_x_ipsecrequest_mode
= isr
->saidx
.mode
;
1556 xisr
->sadb_x_ipsecrequest_level
= isr
->level
;
1557 xisr
->sadb_x_ipsecrequest_reqid
= isr
->saidx
.reqid
;
1560 bcopy(&isr
->saidx
.src
, p
, isr
->saidx
.src
.sa
.sa_len
);
1561 p
+= isr
->saidx
.src
.sa
.sa_len
;
1562 bcopy(&isr
->saidx
.dst
, p
, isr
->saidx
.dst
.sa
.sa_len
);
1563 p
+= isr
->saidx
.src
.sa
.sa_len
;
1565 xisr
->sadb_x_ipsecrequest_len
=
1566 PFKEY_ALIGN8(sizeof(*xisr
)
1567 + isr
->saidx
.src
.sa
.sa_len
1568 + isr
->saidx
.dst
.sa
.sa_len
);
1575 /* m will not be freed nor modified */
1576 static struct mbuf
*
1577 key_gather_mbuf(struct mbuf
*m
, const struct sadb_msghdr
*mhp
,
1578 int ndeep
, int nitem
, ...)
1583 struct mbuf
*result
= NULL
, *n
;
1586 if (m
== NULL
|| mhp
== NULL
)
1587 panic("null pointer passed to key_gather");
1589 __va_start(ap
, nitem
);
1590 for (i
= 0; i
< nitem
; i
++) {
1591 idx
= __va_arg(ap
, int);
1592 if (idx
< 0 || idx
> SADB_EXT_MAX
)
1594 /* don't attempt to pull empty extension */
1595 if (idx
== SADB_EXT_RESERVED
&& mhp
->msg
== NULL
)
1597 if (idx
!= SADB_EXT_RESERVED
&&
1598 (mhp
->ext
[idx
] == NULL
|| mhp
->extlen
[idx
] == 0))
1601 if (idx
== SADB_EXT_RESERVED
) {
1602 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
1605 panic("assumption failed");
1607 MGETHDR(n
, MB_DONTWAIT
, MT_DATA
);
1612 m_copydata(m
, 0, sizeof(struct sadb_msg
),
1614 } else if (i
< ndeep
) {
1615 len
= mhp
->extlen
[idx
];
1616 n
= key_alloc_mbuf(len
);
1617 if (!n
|| n
->m_next
) { /*XXX*/
1622 m_copydata(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1625 n
= m_copym(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1638 if (result
->m_flags
& M_PKTHDR
)
1639 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
1649 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1650 * add an entry to SP database, when received
1651 * <base, address(SD), (lifetime(H),) policy>
1653 * Adding to SP database,
1655 * <base, address(SD), (lifetime(H),) policy>
1656 * to the socket which was send.
1658 * SPDADD set a unique policy entry.
1659 * SPDSETIDX like SPDADD without a part of policy requests.
1660 * SPDUPDATE replace a unique policy entry.
1662 * m will always be freed.
1665 key_spdadd(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
1667 struct sadb_address
*src0
, *dst0
;
1668 struct sadb_x_policy
*xpl0
, *xpl
;
1669 struct sadb_lifetime
*lft
= NULL
;
1670 struct secpolicyindex spidx
;
1671 struct secpolicy
*newsp
;
1672 struct sockaddr
*saddr
, *daddr
;
1676 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
1677 panic("key_spdadd: NULL pointer is passed.\n");
1679 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
1680 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
1681 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
1682 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1683 return key_senderror(so
, m
, EINVAL
);
1685 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
1686 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
1687 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
1688 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1689 return key_senderror(so
, m
, EINVAL
);
1691 if (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
) {
1692 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
]
1693 < sizeof(struct sadb_lifetime
)) {
1694 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1695 return key_senderror(so
, m
, EINVAL
);
1697 lft
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
1700 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
1701 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
1702 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
1705 /* XXX boundary check against sa_len */
1706 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1709 src0
->sadb_address_prefixlen
,
1710 dst0
->sadb_address_prefixlen
,
1711 src0
->sadb_address_proto
,
1714 /* checking the direciton. */
1715 switch (xpl0
->sadb_x_policy_dir
) {
1716 case IPSEC_DIR_INBOUND
:
1717 case IPSEC_DIR_OUTBOUND
:
1720 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid SP direction.\n"));
1721 mhp
->msg
->sadb_msg_errno
= EINVAL
;
1726 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1727 if (xpl0
->sadb_x_policy_type
== IPSEC_POLICY_ENTRUST
1728 || xpl0
->sadb_x_policy_type
== IPSEC_POLICY_BYPASS
) {
1729 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid policy type.\n"));
1730 return key_senderror(so
, m
, EINVAL
);
1733 /* policy requests are mandatory when action is ipsec. */
1734 if (mhp
->msg
->sadb_msg_type
!= SADB_X_SPDSETIDX
1735 && xpl0
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
1736 && mhp
->extlen
[SADB_X_EXT_POLICY
] <= sizeof(*xpl0
)) {
1737 ipseclog((LOG_DEBUG
, "key_spdadd: some policy requests part required.\n"));
1738 return key_senderror(so
, m
, EINVAL
);
1742 * checking there is SP already or not.
1743 * SPDUPDATE doesn't depend on whether there is a SP or not.
1744 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1747 newsp
= key_getsp(&spidx
);
1748 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
1750 newsp
->state
= IPSEC_SPSTATE_DEAD
;
1754 if (newsp
!= NULL
) {
1756 ipseclog((LOG_DEBUG
, "key_spdadd: a SP entry exists already.\n"));
1757 return key_senderror(so
, m
, EEXIST
);
1761 /* allocation new SP entry */
1762 if ((newsp
= key_msg2sp(xpl0
, PFKEY_EXTLEN(xpl0
), &error
)) == NULL
) {
1763 return key_senderror(so
, m
, error
);
1766 if ((newsp
->id
= key_getnewspid()) == 0) {
1768 return key_senderror(so
, m
, ENOBUFS
);
1771 /* XXX boundary check against sa_len */
1772 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1775 src0
->sadb_address_prefixlen
,
1776 dst0
->sadb_address_prefixlen
,
1777 src0
->sadb_address_proto
,
1780 /* sanity check on addr pair */
1781 saddr
= (struct sockaddr
*)(src0
+ 1);
1782 daddr
= (struct sockaddr
*)(dst0
+ 1);
1783 if (saddr
->sa_family
!= daddr
->sa_family
) {
1785 return key_senderror(so
, m
, EINVAL
);
1787 if (saddr
->sa_len
!= daddr
->sa_len
) {
1789 return key_senderror(so
, m
, EINVAL
);
1792 if (newsp
->req
&& newsp
->req
->saidx
.src
.sa
.sa_family
) {
1793 if (saddr
->sa_family
!= newsp
->req
->saidx
.src
.sa
.sa_family
) {
1795 return key_senderror(so
, m
, EINVAL
);
1798 if (newsp
->req
&& newsp
->req
->saidx
.dst
.sa
.sa_family
) {
1799 if (daddr
->sa_family
!= newsp
->req
->saidx
.dst
.sa
.sa_family
) {
1801 return key_senderror(so
, m
, EINVAL
);
1806 newsp
->created
= time_second
;
1807 newsp
->lastused
= newsp
->created
;
1808 newsp
->lifetime
= lft
? lft
->sadb_lifetime_addtime
: 0;
1809 newsp
->validtime
= lft
? lft
->sadb_lifetime_usetime
: 0;
1811 newsp
->refcnt
= 1; /* do not reclaim until I say I do */
1812 newsp
->state
= IPSEC_SPSTATE_ALIVE
;
1813 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
1815 /* delete the entry in spacqtree */
1816 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
1817 struct secspacq
*spacq
;
1818 if ((spacq
= key_getspacq(&spidx
)) != NULL
) {
1819 /* reset counter in order to deletion by timehandler. */
1820 spacq
->created
= time_second
;
1826 struct mbuf
*n
, *mpolicy
;
1827 struct sadb_msg
*newmsg
;
1830 /* create new sadb_msg to reply. */
1832 n
= key_gather_mbuf(m
, mhp
, 2, 5, SADB_EXT_RESERVED
,
1833 SADB_X_EXT_POLICY
, SADB_EXT_LIFETIME_HARD
,
1834 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1836 n
= key_gather_mbuf(m
, mhp
, 2, 4, SADB_EXT_RESERVED
,
1838 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1841 return key_senderror(so
, m
, ENOBUFS
);
1843 if (n
->m_len
< sizeof(*newmsg
)) {
1844 n
= m_pullup(n
, sizeof(*newmsg
));
1846 return key_senderror(so
, m
, ENOBUFS
);
1848 newmsg
= mtod(n
, struct sadb_msg
*);
1849 newmsg
->sadb_msg_errno
= 0;
1850 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
1853 mpolicy
= m_pulldown(n
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)),
1854 sizeof(*xpl
), &off
);
1855 if (mpolicy
== NULL
) {
1856 /* n is already freed */
1857 return key_senderror(so
, m
, ENOBUFS
);
1859 xpl
= (struct sadb_x_policy
*)(mtod(mpolicy
, caddr_t
) + off
);
1860 if (xpl
->sadb_x_policy_exttype
!= SADB_X_EXT_POLICY
) {
1862 return key_senderror(so
, m
, EINVAL
);
1864 xpl
->sadb_x_policy_id
= newsp
->id
;
1867 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
1872 * get new policy id.
1878 key_getnewspid(void)
1880 u_int32_t newid
= 0;
1881 int count
= key_spi_trycnt
; /* XXX */
1882 struct secpolicy
*sp
;
1884 /* when requesting to allocate spi ranged */
1886 newid
= (policy_id
= (policy_id
== ~0 ? 1 : policy_id
+ 1));
1888 if ((sp
= key_getspbyid(newid
)) == NULL
)
1894 if (count
== 0 || newid
== 0) {
1895 ipseclog((LOG_DEBUG
, "key_getnewspid: to allocate policy id is failed.\n"));
1903 * SADB_SPDDELETE processing
1905 * <base, address(SD), policy(*)>
1906 * from the user(?), and set SADB_SASTATE_DEAD,
1908 * <base, address(SD), policy(*)>
1910 * policy(*) including direction of policy.
1912 * m will always be freed.
1915 key_spddelete(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
1917 struct sadb_address
*src0
, *dst0
;
1918 struct sadb_x_policy
*xpl0
;
1919 struct secpolicyindex spidx
;
1920 struct secpolicy
*sp
;
1923 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
1924 panic("key_spddelete: NULL pointer is passed.\n");
1926 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
1927 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
1928 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
1929 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
1930 return key_senderror(so
, m
, EINVAL
);
1932 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
1933 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
1934 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
1935 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
1936 return key_senderror(so
, m
, EINVAL
);
1939 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
1940 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
1941 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
1944 /* XXX boundary check against sa_len */
1945 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1948 src0
->sadb_address_prefixlen
,
1949 dst0
->sadb_address_prefixlen
,
1950 src0
->sadb_address_proto
,
1953 /* checking the direciton. */
1954 switch (xpl0
->sadb_x_policy_dir
) {
1955 case IPSEC_DIR_INBOUND
:
1956 case IPSEC_DIR_OUTBOUND
:
1959 ipseclog((LOG_DEBUG
, "key_spddelete: Invalid SP direction.\n"));
1960 return key_senderror(so
, m
, EINVAL
);
1963 /* Is there SP in SPD ? */
1964 if ((sp
= key_getsp(&spidx
)) == NULL
) {
1965 ipseclog((LOG_DEBUG
, "key_spddelete: no SP found.\n"));
1966 return key_senderror(so
, m
, EINVAL
);
1969 /* save policy id to buffer to be returned. */
1970 xpl0
->sadb_x_policy_id
= sp
->id
;
1972 sp
->state
= IPSEC_SPSTATE_DEAD
;
1977 struct sadb_msg
*newmsg
;
1979 /* create new sadb_msg to reply. */
1980 n
= key_gather_mbuf(m
, mhp
, 1, 4, SADB_EXT_RESERVED
,
1981 SADB_X_EXT_POLICY
, SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1983 return key_senderror(so
, m
, ENOBUFS
);
1985 newmsg
= mtod(n
, struct sadb_msg
*);
1986 newmsg
->sadb_msg_errno
= 0;
1987 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
1990 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
1995 * SADB_SPDDELETE2 processing
1998 * from the user(?), and set SADB_SASTATE_DEAD,
2002 * policy(*) including direction of policy.
2004 * m will always be freed.
2007 key_spddelete2(struct socket
*so
, struct mbuf
*m
,
2008 const struct sadb_msghdr
*mhp
)
2011 struct secpolicy
*sp
;
2014 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2015 panic("key_spddelete2: NULL pointer is passed.\n");
2017 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2018 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2019 ipseclog((LOG_DEBUG
, "key_spddelete2: invalid message is passed.\n"));
2020 key_senderror(so
, m
, EINVAL
);
2024 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2026 /* Is there SP in SPD ? */
2027 if ((sp
= key_getspbyid(id
)) == NULL
) {
2028 ipseclog((LOG_DEBUG
, "key_spddelete2: no SP found id:%u.\n", id
));
2029 key_senderror(so
, m
, EINVAL
);
2032 sp
->state
= IPSEC_SPSTATE_DEAD
;
2037 struct sadb_msg
*newmsg
;
2040 /* create new sadb_msg to reply. */
2041 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2044 return key_senderror(so
, m
, ENOBUFS
);
2045 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
2047 return key_senderror(so
, m
, ENOBUFS
);
2050 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
2051 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2055 panic("length inconsistency in key_spddelete2");
2058 n
->m_next
= m_copym(m
, mhp
->extoff
[SADB_X_EXT_POLICY
],
2059 mhp
->extlen
[SADB_X_EXT_POLICY
], MB_DONTWAIT
);
2062 return key_senderror(so
, m
, ENOBUFS
);
2064 n
->m_pkthdr
.len
= m_lengthm(n
, NULL
);
2066 newmsg
= mtod(n
, struct sadb_msg
*);
2067 newmsg
->sadb_msg_errno
= 0;
2068 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2071 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2076 * SADB_X_GET processing
2081 * <base, address(SD), policy>
2083 * policy(*) including direction of policy.
2085 * m will always be freed.
2088 key_spdget(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2091 struct secpolicy
*sp
;
2095 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2096 panic("key_spdget: NULL pointer is passed.\n");
2098 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2099 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2100 ipseclog((LOG_DEBUG
, "key_spdget: invalid message is passed.\n"));
2101 return key_senderror(so
, m
, EINVAL
);
2104 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2106 /* Is there SP in SPD ? */
2107 if ((sp
= key_getspbyid(id
)) == NULL
) {
2108 ipseclog((LOG_DEBUG
, "key_spdget: no SP found id:%u.\n", id
));
2109 return key_senderror(so
, m
, ENOENT
);
2112 n
= key_setdumpsp(sp
, SADB_X_SPDGET
, 0, mhp
->msg
->sadb_msg_pid
);
2115 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2117 return key_senderror(so
, m
, ENOBUFS
);
2121 * SADB_X_SPDACQUIRE processing.
2122 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2125 * to KMD, and expect to receive
2126 * <base> with SADB_X_SPDACQUIRE if error occured,
2129 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2130 * policy(*) is without policy requests.
2133 * others: error number
2136 key_spdacquire(struct secpolicy
*sp
)
2138 struct mbuf
*result
= NULL
, *m
;
2139 struct secspacq
*newspacq
;
2144 panic("key_spdacquire: NULL pointer is passed.\n");
2145 if (sp
->req
!= NULL
)
2146 panic("key_spdacquire: called but there is request.\n");
2147 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2148 panic("key_spdacquire: policy mismatched. IPsec is expected.\n");
2150 /* Get an entry to check whether sent message or not. */
2151 if ((newspacq
= key_getspacq(&sp
->spidx
)) != NULL
) {
2152 if (key_blockacq_count
< newspacq
->count
) {
2153 /* reset counter and do send message. */
2154 newspacq
->count
= 0;
2156 /* increment counter and do nothing. */
2161 /* make new entry for blocking to send SADB_ACQUIRE. */
2162 if ((newspacq
= key_newspacq(&sp
->spidx
)) == NULL
)
2165 /* add to acqtree */
2166 LIST_INSERT_HEAD(&spacqtree
, newspacq
, chain
);
2169 /* create new sadb_msg to reply. */
2170 m
= key_setsadbmsg(SADB_X_SPDACQUIRE
, 0, 0, 0, 0, 0);
2176 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2177 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2178 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2180 return key_sendup_mbuf(NULL
, m
, KEY_SENDUP_REGISTERED
);
2189 * SADB_SPDFLUSH processing
2192 * from the user, and free all entries in secpctree.
2196 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2198 * m will always be freed.
2201 key_spdflush(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2203 struct sadb_msg
*newmsg
;
2204 struct secpolicy
*sp
;
2208 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2209 panic("key_spdflush: NULL pointer is passed.\n");
2211 if (m
->m_len
!= PFKEY_ALIGN8(sizeof(struct sadb_msg
)))
2212 return key_senderror(so
, m
, EINVAL
);
2214 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2215 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2216 sp
->state
= IPSEC_SPSTATE_DEAD
;
2220 if (sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
2221 ipseclog((LOG_DEBUG
, "key_spdflush: No more memory.\n"));
2222 return key_senderror(so
, m
, ENOBUFS
);
2228 m
->m_pkthdr
.len
= m
->m_len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2229 newmsg
= mtod(m
, struct sadb_msg
*);
2230 newmsg
->sadb_msg_errno
= 0;
2231 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
2233 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
2237 * SADB_SPDDUMP processing
2240 * from the user, and dump all SP leaves
2245 * m will always be freed.
2248 key_spddump(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2250 struct secpolicy
*sp
;
2256 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2257 panic("key_spddump: NULL pointer is passed.\n");
2259 /* search SPD entry and get buffer size. */
2261 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2262 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2268 return key_senderror(so
, m
, ENOENT
);
2270 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2271 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2273 n
= key_setdumpsp(sp
, SADB_X_SPDDUMP
, cnt
,
2274 mhp
->msg
->sadb_msg_pid
);
2277 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2285 static struct mbuf
*
2286 key_setdumpsp(struct secpolicy
*sp
, u_int8_t type
, u_int32_t seq
,
2289 struct mbuf
*result
= NULL
, *m
;
2291 m
= key_setsadbmsg(type
, 0, SADB_SATYPE_UNSPEC
, seq
, pid
, sp
->refcnt
);
2296 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2297 &sp
->spidx
.src
.sa
, sp
->spidx
.prefs
,
2298 sp
->spidx
.ul_proto
);
2303 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2304 &sp
->spidx
.dst
.sa
, sp
->spidx
.prefd
,
2305 sp
->spidx
.ul_proto
);
2315 if ((result
->m_flags
& M_PKTHDR
) == 0)
2318 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2319 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2323 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2324 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2325 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2335 * get PFKEY message length for security policy and request.
2338 key_getspreqmsglen(struct secpolicy
*sp
)
2340 struct ipsecrequest
*isr
;
2343 tlen
= sizeof(struct sadb_x_policy
);
2345 /* if is the policy for ipsec ? */
2346 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2349 /* get length of ipsec requests */
2350 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
2351 len
= sizeof(struct sadb_x_ipsecrequest
) +
2352 isr
->saidx
.src
.sa
.sa_len
+ isr
->saidx
.dst
.sa
.sa_len
;
2354 tlen
+= PFKEY_ALIGN8(len
);
2361 * SADB_SPDEXPIRE processing
2363 * <base, address(SD), lifetime(CH), policy>
2367 * others : error number
2370 key_spdexpire(struct secpolicy
*sp
)
2373 struct mbuf
*result
= NULL
, *m
;
2376 struct sadb_lifetime
*lt
;
2378 /* XXX: Why do we lock ? */
2383 panic("key_spdexpire: NULL pointer is passed.\n");
2385 /* set msg header */
2386 m
= key_setsadbmsg(SADB_X_SPDEXPIRE
, 0, 0, 0, 0, 0);
2393 /* create lifetime extension (current and hard) */
2394 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
2395 m
= key_alloc_mbuf(len
);
2396 if (!m
|| m
->m_next
) { /*XXX*/
2402 bzero(mtod(m
, caddr_t
), len
);
2403 lt
= mtod(m
, struct sadb_lifetime
*);
2404 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2405 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
2406 lt
->sadb_lifetime_allocations
= 0;
2407 lt
->sadb_lifetime_bytes
= 0;
2408 lt
->sadb_lifetime_addtime
= sp
->created
;
2409 lt
->sadb_lifetime_usetime
= sp
->lastused
;
2410 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
2411 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2412 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_HARD
;
2413 lt
->sadb_lifetime_allocations
= 0;
2414 lt
->sadb_lifetime_bytes
= 0;
2415 lt
->sadb_lifetime_addtime
= sp
->lifetime
;
2416 lt
->sadb_lifetime_usetime
= sp
->validtime
;
2419 /* set sadb_address for source */
2420 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2422 sp
->spidx
.prefs
, sp
->spidx
.ul_proto
);
2429 /* set sadb_address for destination */
2430 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2432 sp
->spidx
.prefd
, sp
->spidx
.ul_proto
);
2447 if ((result
->m_flags
& M_PKTHDR
) == 0) {
2452 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2453 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2454 if (result
== NULL
) {
2459 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2460 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2461 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2463 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
2472 /* %%% SAD management */
2474 * allocating a memory for new SA head, and copy from the values of mhp.
2475 * OUT: NULL : failure due to the lack of memory.
2476 * others : pointer to new SA head.
2478 static struct secashead
*
2479 key_newsah(struct secasindex
*saidx
)
2481 struct secashead
*newsah
;
2483 KASSERT(saidx
!= NULL
, ("key_newsaidx: null saidx"));
2485 newsah
= kmalloc(sizeof(struct secashead
), M_SECA
,
2486 M_INTWAIT
| M_ZERO
| M_NULLOK
);
2487 if (newsah
!= NULL
) {
2489 for (i
= 0; i
< sizeof(newsah
->savtree
)/sizeof(newsah
->savtree
[0]); i
++)
2490 LIST_INIT(&newsah
->savtree
[i
]);
2491 newsah
->saidx
= *saidx
;
2493 /* add to saidxtree */
2494 newsah
->state
= SADB_SASTATE_MATURE
;
2495 LIST_INSERT_HEAD(&sahtree
, newsah
, chain
);
2501 * Delete SA index and all registered SAs.
2504 key_delsah(struct secashead
*sah
)
2506 struct secasvar
*sav
, *nextsav
;
2512 panic("key_delsah: NULL pointer is passed.\n");
2516 /* searching all SA registerd in the secindex. */
2517 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
2519 u_int state
= saorder_state_any
[stateidx
];
2521 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
, nextsav
)
2522 if (sav
->refcnt
== 0) {
2524 KEY_CHKSASTATE(state
, sav
->state
, __func__
);
2527 /* give up to delete this SA */
2532 /* Delete sah it has are no savs. */
2533 if (nzombies
== 0) {
2534 /* remove from tree of SA index */
2535 if (__LIST_CHAINED(sah
))
2536 LIST_REMOVE(sah
, chain
);
2537 if (sah
->sa_route
.ro_rt
) {
2538 RTFREE(sah
->sa_route
.ro_rt
);
2539 sah
->sa_route
.ro_rt
= NULL
;
2549 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2550 * and copy the values of mhp into new buffer.
2551 * When SAD message type is GETSPI:
2552 * to set sequence number from acq_seq++,
2553 * to set zero to SPI.
2554 * not to call key_setsava().
2556 * others : pointer to new secasvar.
2558 * does not modify mbuf. does not free mbuf on error.
2560 static struct secasvar
*
2561 key_newsav(struct mbuf
*m
, const struct sadb_msghdr
*mhp
, struct secashead
*sah
,
2562 int *errp
, const char *where
, int tag
)
2564 struct secasvar
*newsav
;
2565 const struct sadb_sa
*xsa
;
2568 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
|| sah
== NULL
)
2569 panic("key_newsa: NULL pointer is passed.\n");
2571 KMALLOC(newsav
, struct secasvar
*, sizeof(struct secasvar
));
2572 if (newsav
== NULL
) {
2573 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
2577 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
2579 switch (mhp
->msg
->sadb_msg_type
) {
2583 #ifdef IPSEC_DOSEQCHECK
2584 /* sync sequence number */
2585 if (mhp
->msg
->sadb_msg_seq
== 0)
2587 (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
2590 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
2595 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
2596 KFREE(newsav
), newsav
= NULL
;
2597 ipseclog((LOG_DEBUG
, "key_newsa: invalid message is passed.\n"));
2601 xsa
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
2602 newsav
->spi
= xsa
->sadb_sa_spi
;
2603 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
2606 KFREE(newsav
), newsav
= NULL
;
2611 /* copy sav values */
2612 if (mhp
->msg
->sadb_msg_type
!= SADB_GETSPI
) {
2613 *errp
= key_setsaval(newsav
, m
, mhp
);
2615 KFREE(newsav
), newsav
= NULL
;
2621 newsav
->created
= time_second
;
2622 newsav
->pid
= mhp
->msg
->sadb_msg_pid
;
2627 newsav
->state
= SADB_SASTATE_LARVAL
;
2628 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
2631 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
2632 kprintf("DP key_newsav from %s:%u return SP:%p\n",
2633 where
, tag
, newsav
));
2639 * free() SA variable entry.
2642 key_delsav(struct secasvar
*sav
)
2644 KASSERT(sav
!= NULL
, ("key_delsav: null sav"));
2645 KASSERT(sav
->refcnt
== 0,
2646 ("key_delsav: reference count %u > 0", sav
->refcnt
));
2648 /* remove from SA header */
2649 if (__LIST_CHAINED(sav
))
2650 LIST_REMOVE(sav
, chain
);
2653 * Cleanup xform state. Note that zeroize'ing causes the
2654 * keys to be cleared; otherwise we must do it ourself.
2656 if (sav
->tdb_xform
!= NULL
) {
2657 sav
->tdb_xform
->xf_zeroize(sav
);
2658 sav
->tdb_xform
= NULL
;
2660 if (sav
->key_auth
!= NULL
)
2661 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
2662 if (sav
->key_enc
!= NULL
)
2663 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
2665 if (sav
->key_auth
!= NULL
) {
2666 KFREE(sav
->key_auth
);
2667 sav
->key_auth
= NULL
;
2669 if (sav
->key_enc
!= NULL
) {
2670 KFREE(sav
->key_enc
);
2671 sav
->key_enc
= NULL
;
2674 bzero(sav
->sched
, sav
->schedlen
);
2678 if (sav
->replay
!= NULL
) {
2682 if (sav
->lft_c
!= NULL
) {
2686 if (sav
->lft_h
!= NULL
) {
2690 if (sav
->lft_s
!= NULL
) {
2694 if (sav
->iv
!= NULL
) {
2708 * others : found, pointer to a SA.
2710 static struct secashead
*
2711 key_getsah(struct secasindex
*saidx
)
2713 struct secashead
*sah
;
2715 LIST_FOREACH(sah
, &sahtree
, chain
) {
2716 if (sah
->state
== SADB_SASTATE_DEAD
)
2718 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_REQID
))
2726 * check not to be duplicated SPI.
2727 * NOTE: this function is too slow due to searching all SAD.
2730 * others : found, pointer to a SA.
2732 static struct secasvar
*
2733 key_checkspidup(struct secasindex
*saidx
, u_int32_t spi
)
2735 struct secashead
*sah
;
2736 struct secasvar
*sav
;
2738 /* check address family */
2739 if (saidx
->src
.sa
.sa_family
!= saidx
->dst
.sa
.sa_family
) {
2740 ipseclog((LOG_DEBUG
, "key_checkspidup: address family mismatched.\n"));
2745 LIST_FOREACH(sah
, &sahtree
, chain
) {
2746 if (!key_ismyaddr((struct sockaddr
*)&sah
->saidx
.dst
))
2748 sav
= key_getsavbyspi(sah
, spi
);
2757 * search SAD litmited alive SA, protocol, SPI.
2760 * others : found, pointer to a SA.
2762 static struct secasvar
*
2763 key_getsavbyspi(struct secashead
*sah
, u_int32_t spi
)
2765 struct secasvar
*sav
;
2768 /* search all status */
2769 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
2771 u_int state
= saorder_state_alive
[stateidx
];
2773 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
2775 if (sav
->state
!= state
) {
2776 ipseclog((LOG_DEBUG
, "key_getsavbyspi: "
2777 "invalid sav->state (queue: %d SA: %d)\n",
2778 state
, sav
->state
));
2782 if (sav
->spi
== spi
)
2791 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
2792 * You must update these if need.
2796 * does not modify mbuf. does not free mbuf on error.
2799 key_setsaval(struct secasvar
*sav
, struct mbuf
*m
,
2800 const struct sadb_msghdr
*mhp
)
2805 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2806 panic("key_setsaval: NULL pointer is passed.\n");
2808 /* initialization */
2810 sav
->key_auth
= NULL
;
2811 sav
->key_enc
= NULL
;
2818 sav
->tdb_xform
= NULL
; /* transform */
2819 sav
->tdb_encalgxform
= NULL
; /* encoding algorithm */
2820 sav
->tdb_authalgxform
= NULL
; /* authentication algorithm */
2821 sav
->tdb_compalgxform
= NULL
; /* compression algorithm */
2824 if (mhp
->ext
[SADB_EXT_SA
] != NULL
) {
2825 const struct sadb_sa
*sa0
;
2827 sa0
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
2828 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(*sa0
)) {
2833 sav
->alg_auth
= sa0
->sadb_sa_auth
;
2834 sav
->alg_enc
= sa0
->sadb_sa_encrypt
;
2835 sav
->flags
= sa0
->sadb_sa_flags
;
2838 if ((sa0
->sadb_sa_flags
& SADB_X_EXT_OLD
) == 0) {
2840 kmalloc(sizeof(struct secreplay
)+sa0
->sadb_sa_replay
,
2841 M_SECA
, M_INTWAIT
| M_ZERO
| M_NULLOK
);
2842 if (sav
->replay
== NULL
) {
2843 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2847 if (sa0
->sadb_sa_replay
!= 0)
2848 sav
->replay
->bitmap
= (caddr_t
)(sav
->replay
+1);
2849 sav
->replay
->wsize
= sa0
->sadb_sa_replay
;
2853 /* Authentication keys */
2854 if (mhp
->ext
[SADB_EXT_KEY_AUTH
] != NULL
) {
2855 const struct sadb_key
*key0
;
2858 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_AUTH
];
2859 len
= mhp
->extlen
[SADB_EXT_KEY_AUTH
];
2862 if (len
< sizeof(*key0
)) {
2866 switch (mhp
->msg
->sadb_msg_satype
) {
2867 case SADB_SATYPE_AH
:
2868 case SADB_SATYPE_ESP
:
2869 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
2870 sav
->alg_auth
!= SADB_X_AALG_NULL
)
2873 case SADB_X_SATYPE_IPCOMP
:
2879 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_auth values.\n"));
2883 sav
->key_auth
= (struct sadb_key
*)key_newbuf(key0
, len
);
2884 if (sav
->key_auth
== NULL
) {
2885 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2891 /* Encryption key */
2892 if (mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] != NULL
) {
2893 const struct sadb_key
*key0
;
2896 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_ENCRYPT
];
2897 len
= mhp
->extlen
[SADB_EXT_KEY_ENCRYPT
];
2900 if (len
< sizeof(*key0
)) {
2904 switch (mhp
->msg
->sadb_msg_satype
) {
2905 case SADB_SATYPE_ESP
:
2906 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
2907 sav
->alg_enc
!= SADB_EALG_NULL
) {
2911 sav
->key_enc
= (struct sadb_key
*)key_newbuf(key0
, len
);
2912 if (sav
->key_enc
== NULL
) {
2913 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2918 case SADB_X_SATYPE_IPCOMP
:
2919 if (len
!= PFKEY_ALIGN8(sizeof(struct sadb_key
)))
2921 sav
->key_enc
= NULL
; /*just in case*/
2923 case SADB_SATYPE_AH
:
2929 ipseclog((LOG_DEBUG
, "key_setsatval: invalid key_enc value.\n"));
2937 switch (mhp
->msg
->sadb_msg_satype
) {
2938 case SADB_SATYPE_AH
:
2939 error
= xform_init(sav
, XF_AH
);
2941 case SADB_SATYPE_ESP
:
2942 error
= xform_init(sav
, XF_ESP
);
2944 case SADB_X_SATYPE_IPCOMP
:
2945 error
= xform_init(sav
, XF_IPCOMP
);
2949 ipseclog((LOG_DEBUG
,
2950 "key_setsaval: unable to initialize SA type %u.\n",
2951 mhp
->msg
->sadb_msg_satype
));
2956 sav
->created
= time_second
;
2958 /* make lifetime for CURRENT */
2959 KMALLOC(sav
->lft_c
, struct sadb_lifetime
*,
2960 sizeof(struct sadb_lifetime
));
2961 if (sav
->lft_c
== NULL
) {
2962 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2967 sav
->lft_c
->sadb_lifetime_len
=
2968 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2969 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
2970 sav
->lft_c
->sadb_lifetime_allocations
= 0;
2971 sav
->lft_c
->sadb_lifetime_bytes
= 0;
2972 sav
->lft_c
->sadb_lifetime_addtime
= time_second
;
2973 sav
->lft_c
->sadb_lifetime_usetime
= 0;
2975 /* lifetimes for HARD and SOFT */
2977 const struct sadb_lifetime
*lft0
;
2979 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
2981 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
2985 sav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
,
2987 if (sav
->lft_h
== NULL
) {
2988 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2992 /* to be initialize ? */
2995 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_SOFT
];
2997 if (mhp
->extlen
[SADB_EXT_LIFETIME_SOFT
] < sizeof(*lft0
)) {
3001 sav
->lft_s
= (struct sadb_lifetime
*)key_newbuf(lft0
,
3003 if (sav
->lft_s
== NULL
) {
3004 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3008 /* to be initialize ? */
3015 /* initialization */
3016 if (sav
->replay
!= NULL
) {
3020 if (sav
->key_auth
!= NULL
) {
3021 KFREE(sav
->key_auth
);
3022 sav
->key_auth
= NULL
;
3024 if (sav
->key_enc
!= NULL
) {
3025 KFREE(sav
->key_enc
);
3026 sav
->key_enc
= NULL
;
3032 if (sav
->iv
!= NULL
) {
3036 if (sav
->lft_c
!= NULL
) {
3040 if (sav
->lft_h
!= NULL
) {
3044 if (sav
->lft_s
!= NULL
) {
3053 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3058 key_mature(struct secasvar
*sav
)
3062 /* check SPI value */
3063 switch (sav
->sah
->saidx
.proto
) {
3066 if (ntohl(sav
->spi
) >= 0 && ntohl(sav
->spi
) <= 255) {
3067 ipseclog((LOG_DEBUG
,
3068 "key_mature: illegal range of SPI %u.\n",
3069 (u_int32_t
)ntohl(sav
->spi
)));
3076 switch (sav
->sah
->saidx
.proto
) {
3079 if ((sav
->flags
& (SADB_X_EXT_OLD
|SADB_X_EXT_DERIV
)) ==
3080 (SADB_X_EXT_OLD
|SADB_X_EXT_DERIV
)) {
3081 ipseclog((LOG_DEBUG
, "key_mature: "
3082 "invalid flag (derived) given to old-esp.\n"));
3085 error
= xform_init(sav
, XF_ESP
);
3089 if (sav
->flags
& SADB_X_EXT_DERIV
) {
3090 ipseclog((LOG_DEBUG
, "key_mature: "
3091 "invalid flag (derived) given to AH SA.\n"));
3094 if (sav
->alg_enc
!= SADB_EALG_NONE
) {
3095 ipseclog((LOG_DEBUG
, "key_mature: "
3096 "protocol and algorithm mismated.\n"));
3099 error
= xform_init(sav
, XF_AH
);
3101 case IPPROTO_IPCOMP
:
3102 if (sav
->alg_auth
!= SADB_AALG_NONE
) {
3103 ipseclog((LOG_DEBUG
, "key_mature: "
3104 "protocol and algorithm mismated.\n"));
3107 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0
3108 && ntohl(sav
->spi
) >= 0x10000) {
3109 ipseclog((LOG_DEBUG
, "key_mature: invalid cpi for IPComp.\n"));
3112 error
= xform_init(sav
, XF_IPCOMP
);
3115 ipseclog((LOG_DEBUG
, "key_mature: Invalid satype.\n"));
3116 error
= EPROTONOSUPPORT
;
3120 key_sa_chgstate(sav
, SADB_SASTATE_MATURE
);
3125 * subroutine for SADB_GET and SADB_DUMP.
3127 static struct mbuf
*
3128 key_setdumpsa(struct secasvar
*sav
, u_int8_t type
, u_int8_t satype
,
3129 u_int32_t seq
, u_int32_t pid
)
3131 struct mbuf
*result
= NULL
, *tres
= NULL
, *m
;
3136 SADB_EXT_SA
, SADB_X_EXT_SA2
,
3137 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
3138 SADB_EXT_LIFETIME_CURRENT
, SADB_EXT_ADDRESS_SRC
,
3139 SADB_EXT_ADDRESS_DST
, SADB_EXT_ADDRESS_PROXY
, SADB_EXT_KEY_AUTH
,
3140 SADB_EXT_KEY_ENCRYPT
, SADB_EXT_IDENTITY_SRC
,
3141 SADB_EXT_IDENTITY_DST
, SADB_EXT_SENSITIVITY
,
3144 m
= key_setsadbmsg(type
, 0, satype
, seq
, pid
, sav
->refcnt
);
3149 for (i
= sizeof(dumporder
)/sizeof(dumporder
[0]) - 1; i
>= 0; i
--) {
3152 switch (dumporder
[i
]) {
3154 m
= key_setsadbsa(sav
);
3159 case SADB_X_EXT_SA2
:
3160 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
3161 sav
->replay
? sav
->replay
->count
: 0,
3162 sav
->sah
->saidx
.reqid
);
3167 case SADB_EXT_ADDRESS_SRC
:
3168 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3169 &sav
->sah
->saidx
.src
.sa
,
3170 FULLMASK
, IPSEC_ULPROTO_ANY
);
3175 case SADB_EXT_ADDRESS_DST
:
3176 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3177 &sav
->sah
->saidx
.dst
.sa
,
3178 FULLMASK
, IPSEC_ULPROTO_ANY
);
3183 case SADB_EXT_KEY_AUTH
:
3186 l
= PFKEY_UNUNIT64(sav
->key_auth
->sadb_key_len
);
3190 case SADB_EXT_KEY_ENCRYPT
:
3193 l
= PFKEY_UNUNIT64(sav
->key_enc
->sadb_key_len
);
3197 case SADB_EXT_LIFETIME_CURRENT
:
3200 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_c
)->sadb_ext_len
);
3204 case SADB_EXT_LIFETIME_HARD
:
3207 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_h
)->sadb_ext_len
);
3211 case SADB_EXT_LIFETIME_SOFT
:
3214 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_s
)->sadb_ext_len
);
3218 case SADB_EXT_ADDRESS_PROXY
:
3219 case SADB_EXT_IDENTITY_SRC
:
3220 case SADB_EXT_IDENTITY_DST
:
3221 /* XXX: should we brought from SPD ? */
3222 case SADB_EXT_SENSITIVITY
:
3227 if ((!m
&& !p
) || (m
&& p
))
3230 M_PREPEND(tres
, l
, MB_DONTWAIT
);
3233 bcopy(p
, mtod(tres
, caddr_t
), l
);
3237 m
= key_alloc_mbuf(l
);
3240 m_copyback(m
, 0, l
, p
);
3248 m_cat(result
, tres
);
3250 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3251 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3255 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
3256 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3257 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3268 * set data into sadb_msg.
3270 static struct mbuf
*
3271 key_setsadbmsg(u_int8_t type
, u_int16_t tlen
, u_int8_t satype
, u_int32_t seq
,
3272 pid_t pid
, u_int16_t reserved
)
3278 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
3281 m
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
3284 m
->m_pkthdr
.len
= m
->m_len
= len
;
3286 p
= mtod(m
, struct sadb_msg
*);
3289 p
->sadb_msg_version
= PF_KEY_V2
;
3290 p
->sadb_msg_type
= type
;
3291 p
->sadb_msg_errno
= 0;
3292 p
->sadb_msg_satype
= satype
;
3293 p
->sadb_msg_len
= PFKEY_UNIT64(tlen
);
3294 p
->sadb_msg_reserved
= reserved
;
3295 p
->sadb_msg_seq
= seq
;
3296 p
->sadb_msg_pid
= (u_int32_t
)pid
;
3302 * copy secasvar data into sadb_address.
3304 static struct mbuf
*
3305 key_setsadbsa(struct secasvar
*sav
)
3311 len
= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
3312 m
= key_alloc_mbuf(len
);
3313 if (!m
|| m
->m_next
) { /*XXX*/
3319 p
= mtod(m
, struct sadb_sa
*);
3322 p
->sadb_sa_len
= PFKEY_UNIT64(len
);
3323 p
->sadb_sa_exttype
= SADB_EXT_SA
;
3324 p
->sadb_sa_spi
= sav
->spi
;
3325 p
->sadb_sa_replay
= (sav
->replay
!= NULL
? sav
->replay
->wsize
: 0);
3326 p
->sadb_sa_state
= sav
->state
;
3327 p
->sadb_sa_auth
= sav
->alg_auth
;
3328 p
->sadb_sa_encrypt
= sav
->alg_enc
;
3329 p
->sadb_sa_flags
= sav
->flags
;
3335 * set data into sadb_address.
3337 static struct mbuf
*
3338 key_setsadbaddr(u_int16_t exttype
, const struct sockaddr
*saddr
, u_int8_t prefixlen
,
3342 struct sadb_address
*p
;
3345 len
= PFKEY_ALIGN8(sizeof(struct sadb_address
)) +
3346 PFKEY_ALIGN8(saddr
->sa_len
);
3347 m
= key_alloc_mbuf(len
);
3348 if (!m
|| m
->m_next
) { /*XXX*/
3354 p
= mtod(m
, struct sadb_address
*);
3357 p
->sadb_address_len
= PFKEY_UNIT64(len
);
3358 p
->sadb_address_exttype
= exttype
;
3359 p
->sadb_address_proto
= ul_proto
;
3360 if (prefixlen
== FULLMASK
) {
3361 switch (saddr
->sa_family
) {
3363 prefixlen
= sizeof(struct in_addr
) << 3;
3366 prefixlen
= sizeof(struct in6_addr
) << 3;
3372 p
->sadb_address_prefixlen
= prefixlen
;
3373 p
->sadb_address_reserved
= 0;
3376 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_address
)),
3384 * set data into sadb_ident.
3386 static struct mbuf
*
3387 key_setsadbident(u_int16_t exttype
, u_int16_t idtype
, caddr_t string
,
3388 int stringlen
, u_int64_t id
)
3391 struct sadb_ident
*p
;
3394 len
= PFKEY_ALIGN8(sizeof(struct sadb_ident
)) + PFKEY_ALIGN8(stringlen
);
3395 m
= key_alloc_mbuf(len
);
3396 if (!m
|| m
->m_next
) { /*XXX*/
3402 p
= mtod(m
, struct sadb_ident
*);
3405 p
->sadb_ident_len
= PFKEY_UNIT64(len
);
3406 p
->sadb_ident_exttype
= exttype
;
3407 p
->sadb_ident_type
= idtype
;
3408 p
->sadb_ident_reserved
= 0;
3409 p
->sadb_ident_id
= id
;
3412 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_ident
)),
3420 * set data into sadb_x_sa2.
3422 static struct mbuf
*
3423 key_setsadbxsa2(u_int8_t mode
, u_int32_t seq
, u_int32_t reqid
)
3426 struct sadb_x_sa2
*p
;
3429 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_sa2
));
3430 m
= key_alloc_mbuf(len
);
3431 if (!m
|| m
->m_next
) { /*XXX*/
3437 p
= mtod(m
, struct sadb_x_sa2
*);
3440 p
->sadb_x_sa2_len
= PFKEY_UNIT64(len
);
3441 p
->sadb_x_sa2_exttype
= SADB_X_EXT_SA2
;
3442 p
->sadb_x_sa2_mode
= mode
;
3443 p
->sadb_x_sa2_reserved1
= 0;
3444 p
->sadb_x_sa2_reserved2
= 0;
3445 p
->sadb_x_sa2_sequence
= seq
;
3446 p
->sadb_x_sa2_reqid
= reqid
;
3452 * set data into sadb_x_policy
3454 static struct mbuf
*
3455 key_setsadbxpolicy(u_int16_t type
, u_int8_t dir
, u_int32_t id
)
3458 struct sadb_x_policy
*p
;
3461 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_policy
));
3462 m
= key_alloc_mbuf(len
);
3463 if (!m
|| m
->m_next
) { /*XXX*/
3469 p
= mtod(m
, struct sadb_x_policy
*);
3472 p
->sadb_x_policy_len
= PFKEY_UNIT64(len
);
3473 p
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
3474 p
->sadb_x_policy_type
= type
;
3475 p
->sadb_x_policy_dir
= dir
;
3476 p
->sadb_x_policy_id
= id
;
3483 * copy a buffer into the new buffer allocated.
3486 key_newbuf(const void *src
, u_int len
)
3490 KMALLOC(new, caddr_t
, len
);
3492 ipseclog((LOG_DEBUG
, "key_newbuf: No more memory.\n"));
3495 bcopy(src
, new, len
);
3500 /* compare my own address
3501 * OUT: 1: true, i.e. my address.
3505 key_ismyaddr(struct sockaddr
*sa
)
3508 struct sockaddr_in
*sin
;
3509 struct in_ifaddr_container
*iac
;
3514 panic("key_ismyaddr: NULL pointer is passed.\n");
3516 switch (sa
->sa_family
) {
3519 sin
= (struct sockaddr_in
*)sa
;
3520 TAILQ_FOREACH(iac
, &in_ifaddrheads
[mycpuid
], ia_link
) {
3521 struct in_ifaddr
*ia
= iac
->ia
;
3523 if (sin
->sin_family
== ia
->ia_addr
.sin_family
&&
3524 sin
->sin_len
== ia
->ia_addr
.sin_len
&&
3525 sin
->sin_addr
.s_addr
== ia
->ia_addr
.sin_addr
.s_addr
)
3534 return key_ismyaddr6((struct sockaddr_in6
*)sa
);
3543 * compare my own address for IPv6.
3546 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3548 #include <netinet6/in6_var.h>
3551 key_ismyaddr6(struct sockaddr_in6
*sin6
)
3553 struct in6_ifaddr
*ia
;
3554 struct in6_multi
*in6m
;
3556 for (ia
= in6_ifaddr
; ia
; ia
= ia
->ia_next
) {
3557 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
3558 (struct sockaddr
*)&ia
->ia_addr
, 0) == 0)
3563 * XXX why do we care about multlicast here while we don't care
3564 * about IPv4 multicast??
3568 IN6_LOOKUP_MULTI(sin6
->sin6_addr
, ia
->ia_ifp
, in6m
);
3573 /* loopback, just for safety */
3574 if (IN6_IS_ADDR_LOOPBACK(&sin6
->sin6_addr
))
3582 * compare two secasindex structure.
3583 * flag can specify to compare 2 saidxes.
3584 * compare two secasindex structure without both mode and reqid.
3585 * don't compare port.
3587 * saidx0: source, it can be in SAD.
3595 const struct secasindex
*saidx0
,
3596 const struct secasindex
*saidx1
,
3600 if (saidx0
== NULL
&& saidx1
== NULL
)
3603 if (saidx0
== NULL
|| saidx1
== NULL
)
3606 if (saidx0
->proto
!= saidx1
->proto
)
3609 if (flag
== CMP_EXACTLY
) {
3610 if (saidx0
->mode
!= saidx1
->mode
)
3612 if (saidx0
->reqid
!= saidx1
->reqid
)
3614 if (bcmp(&saidx0
->src
, &saidx1
->src
, saidx0
->src
.sa
.sa_len
) != 0 ||
3615 bcmp(&saidx0
->dst
, &saidx1
->dst
, saidx0
->dst
.sa
.sa_len
) != 0)
3619 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
3620 if (flag
== CMP_MODE_REQID
3621 ||flag
== CMP_REQID
) {
3623 * If reqid of SPD is non-zero, unique SA is required.
3624 * The result must be of same reqid in this case.
3626 if (saidx1
->reqid
!= 0 && saidx0
->reqid
!= saidx1
->reqid
)
3630 if (flag
== CMP_MODE_REQID
) {
3631 if (saidx0
->mode
!= IPSEC_MODE_ANY
3632 && saidx0
->mode
!= saidx1
->mode
)
3636 if (key_sockaddrcmp(&saidx0
->src
.sa
, &saidx1
->src
.sa
, 0) != 0) {
3639 if (key_sockaddrcmp(&saidx0
->dst
.sa
, &saidx1
->dst
.sa
, 0) != 0) {
3648 * compare two secindex structure exactly.
3650 * spidx0: source, it is often in SPD.
3651 * spidx1: object, it is often from PFKEY message.
3657 key_cmpspidx_exactly(
3658 struct secpolicyindex
*spidx0
,
3659 struct secpolicyindex
*spidx1
)
3662 if (spidx0
== NULL
&& spidx1
== NULL
)
3665 if (spidx0
== NULL
|| spidx1
== NULL
)
3668 if (spidx0
->prefs
!= spidx1
->prefs
3669 || spidx0
->prefd
!= spidx1
->prefd
3670 || spidx0
->ul_proto
!= spidx1
->ul_proto
)
3673 return key_sockaddrcmp(&spidx0
->src
.sa
, &spidx1
->src
.sa
, 1) == 0 &&
3674 key_sockaddrcmp(&spidx0
->dst
.sa
, &spidx1
->dst
.sa
, 1) == 0;
3678 * compare two secindex structure with mask.
3680 * spidx0: source, it is often in SPD.
3681 * spidx1: object, it is often from IP header.
3687 key_cmpspidx_withmask(
3688 struct secpolicyindex
*spidx0
,
3689 struct secpolicyindex
*spidx1
)
3692 if (spidx0
== NULL
&& spidx1
== NULL
)
3695 if (spidx0
== NULL
|| spidx1
== NULL
)
3698 if (spidx0
->src
.sa
.sa_family
!= spidx1
->src
.sa
.sa_family
||
3699 spidx0
->dst
.sa
.sa_family
!= spidx1
->dst
.sa
.sa_family
||
3700 spidx0
->src
.sa
.sa_len
!= spidx1
->src
.sa
.sa_len
||
3701 spidx0
->dst
.sa
.sa_len
!= spidx1
->dst
.sa
.sa_len
)
3704 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
3705 if (spidx0
->ul_proto
!= (u_int16_t
)IPSEC_ULPROTO_ANY
3706 && spidx0
->ul_proto
!= spidx1
->ul_proto
)
3709 switch (spidx0
->src
.sa
.sa_family
) {
3711 if (spidx0
->src
.sin
.sin_port
!= IPSEC_PORT_ANY
3712 && spidx0
->src
.sin
.sin_port
!= spidx1
->src
.sin
.sin_port
)
3714 if (!key_bbcmp(&spidx0
->src
.sin
.sin_addr
,
3715 &spidx1
->src
.sin
.sin_addr
, spidx0
->prefs
))
3719 if (spidx0
->src
.sin6
.sin6_port
!= IPSEC_PORT_ANY
3720 && spidx0
->src
.sin6
.sin6_port
!= spidx1
->src
.sin6
.sin6_port
)
3723 * scope_id check. if sin6_scope_id is 0, we regard it
3724 * as a wildcard scope, which matches any scope zone ID.
3726 if (spidx0
->src
.sin6
.sin6_scope_id
&&
3727 spidx1
->src
.sin6
.sin6_scope_id
&&
3728 spidx0
->src
.sin6
.sin6_scope_id
!= spidx1
->src
.sin6
.sin6_scope_id
)
3730 if (!key_bbcmp(&spidx0
->src
.sin6
.sin6_addr
,
3731 &spidx1
->src
.sin6
.sin6_addr
, spidx0
->prefs
))
3736 if (bcmp(&spidx0
->src
, &spidx1
->src
, spidx0
->src
.sa
.sa_len
) != 0)
3741 switch (spidx0
->dst
.sa
.sa_family
) {
3743 if (spidx0
->dst
.sin
.sin_port
!= IPSEC_PORT_ANY
3744 && spidx0
->dst
.sin
.sin_port
!= spidx1
->dst
.sin
.sin_port
)
3746 if (!key_bbcmp(&spidx0
->dst
.sin
.sin_addr
,
3747 &spidx1
->dst
.sin
.sin_addr
, spidx0
->prefd
))
3751 if (spidx0
->dst
.sin6
.sin6_port
!= IPSEC_PORT_ANY
3752 && spidx0
->dst
.sin6
.sin6_port
!= spidx1
->dst
.sin6
.sin6_port
)
3755 * scope_id check. if sin6_scope_id is 0, we regard it
3756 * as a wildcard scope, which matches any scope zone ID.
3758 if (spidx0
->dst
.sin6
.sin6_scope_id
&&
3759 spidx1
->dst
.sin6
.sin6_scope_id
&&
3760 spidx0
->dst
.sin6
.sin6_scope_id
!= spidx1
->dst
.sin6
.sin6_scope_id
)
3762 if (!key_bbcmp(&spidx0
->dst
.sin6
.sin6_addr
,
3763 &spidx1
->dst
.sin6
.sin6_addr
, spidx0
->prefd
))
3768 if (bcmp(&spidx0
->dst
, &spidx1
->dst
, spidx0
->dst
.sa
.sa_len
) != 0)
3773 /* XXX Do we check other field ? e.g. flowinfo */
3778 /* returns 0 on match */
3781 const struct sockaddr
*sa1
,
3782 const struct sockaddr
*sa2
,
3788 #define satosin(s) ((const struct sockaddr_in *)s)
3792 #define satosin6(s) ((const struct sockaddr_in6 *)s)
3793 if (sa1
->sa_family
!= sa2
->sa_family
|| sa1
->sa_len
!= sa2
->sa_len
)
3796 switch (sa1
->sa_family
) {
3798 if (sa1
->sa_len
!= sizeof(struct sockaddr_in
))
3800 if (satosin(sa1
)->sin_addr
.s_addr
!=
3801 satosin(sa2
)->sin_addr
.s_addr
) {
3804 if (port
&& satosin(sa1
)->sin_port
!= satosin(sa2
)->sin_port
)
3808 if (sa1
->sa_len
!= sizeof(struct sockaddr_in6
))
3809 return 1; /*EINVAL*/
3810 if (satosin6(sa1
)->sin6_scope_id
!=
3811 satosin6(sa2
)->sin6_scope_id
) {
3814 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1
)->sin6_addr
,
3815 &satosin6(sa2
)->sin6_addr
)) {
3819 satosin6(sa1
)->sin6_port
!= satosin6(sa2
)->sin6_port
) {
3823 if (bcmp(sa1
, sa2
, sa1
->sa_len
) != 0)
3834 * compare two buffers with mask.
3838 * bits: Number of bits to compare
3844 key_bbcmp(const void *a1
, const void *a2
, u_int bits
)
3846 const unsigned char *p1
= a1
;
3847 const unsigned char *p2
= a2
;
3849 /* XXX: This could be considerably faster if we compare a word
3850 * at a time, but it is complicated on LSB Endian machines */
3852 /* Handle null pointers */
3853 if (p1
== NULL
|| p2
== NULL
)
3863 u_int8_t mask
= ~((1<<(8-bits
))-1);
3864 if ((*p1
& mask
) != (*p2
& mask
))
3867 return 1; /* Match! */
3872 * scanning SPD and SAD to check status for each entries,
3873 * and do to remove or to expire.
3874 * XXX: year 2038 problem may remain.
3877 key_timehandler(void *unused
)
3880 time_t now
= time_second
;
3881 struct secspacq
*spacq
, *nextspacq
;
3887 struct secpolicy
*sp
, *nextsp
;
3889 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3890 LIST_FOREACH_MUTABLE(sp
, &sptree
[dir
], chain
, nextsp
) {
3891 if (sp
->state
== IPSEC_SPSTATE_DEAD
) {
3896 if (sp
->lifetime
== 0 && sp
->validtime
== 0)
3899 /* the deletion will occur next time */
3900 if ((sp
->lifetime
&& now
- sp
->created
> sp
->lifetime
)
3901 || (sp
->validtime
&& now
- sp
->lastused
> sp
->validtime
)) {
3902 sp
->state
= IPSEC_SPSTATE_DEAD
;
3912 struct secashead
*sah
, *nextsah
;
3913 struct secasvar
*sav
, *nextsav
;
3915 LIST_FOREACH_MUTABLE(sah
, &sahtree
, chain
, nextsah
) {
3916 /* if sah has been dead, then delete it and process next sah. */
3917 if (sah
->state
== SADB_SASTATE_DEAD
) {
3922 /* if LARVAL entry doesn't become MATURE, delete it. */
3923 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_LARVAL
],
3925 if (now
- sav
->created
> key_larval_lifetime
) {
3931 * check MATURE entry to start to send expire message
3934 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_MATURE
],
3936 /* we don't need to check. */
3937 if (sav
->lft_s
== NULL
)
3941 if (sav
->lft_c
== NULL
) {
3942 ipseclog((LOG_DEBUG
,"key_timehandler: "
3943 "There is no CURRENT time, why?\n"));
3947 /* check SOFT lifetime */
3948 if (sav
->lft_s
->sadb_lifetime_addtime
!= 0
3949 && now
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
3951 * check SA to be used whether or not.
3952 * when SA hasn't been used, delete it.
3954 if (sav
->lft_c
->sadb_lifetime_usetime
== 0) {
3955 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
3958 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
3960 * XXX If we keep to send expire
3961 * message in the status of
3962 * DYING. Do remove below code.
3967 /* check SOFT lifetime by bytes */
3969 * XXX I don't know the way to delete this SA
3970 * when new SA is installed. Caution when it's
3971 * installed too big lifetime by time.
3973 else if (sav
->lft_s
->sadb_lifetime_bytes
!= 0
3974 && sav
->lft_s
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
3976 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
3978 * XXX If we keep to send expire
3979 * message in the status of
3980 * DYING. Do remove below code.
3986 /* check DYING entry to change status to DEAD. */
3987 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_DYING
],
3989 /* we don't need to check. */
3990 if (sav
->lft_h
== NULL
)
3994 if (sav
->lft_c
== NULL
) {
3995 ipseclog((LOG_DEBUG
, "key_timehandler: "
3996 "There is no CURRENT time, why?\n"));
4000 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
4001 && now
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
4002 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4005 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4006 else if (sav
->lft_s
!= NULL
4007 && sav
->lft_s
->sadb_lifetime_addtime
!= 0
4008 && now
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
4010 * XXX: should be checked to be
4011 * installed the valid SA.
4015 * If there is no SA then sending
4021 /* check HARD lifetime by bytes */
4022 else if (sav
->lft_h
->sadb_lifetime_bytes
!= 0
4023 && sav
->lft_h
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
4024 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4029 /* delete entry in DEAD */
4030 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_DEAD
],
4033 if (sav
->state
!= SADB_SASTATE_DEAD
) {
4034 ipseclog((LOG_DEBUG
, "key_timehandler: "
4035 "invalid sav->state "
4036 "(queue: %d SA: %d): "
4038 SADB_SASTATE_DEAD
, sav
->state
));
4042 * do not call key_freesav() here.
4043 * sav should already be freed, and sav->refcnt
4044 * shows other references to sav
4045 * (such as from SPD).
4051 #ifndef IPSEC_NONBLOCK_ACQUIRE
4054 struct secacq
*acq
, *nextacq
;
4056 LIST_FOREACH_MUTABLE(acq
, &acqtree
, chain
, nextacq
) {
4057 if (now
- acq
->created
> key_blockacq_lifetime
&&
4058 __LIST_CHAINED(acq
)) {
4059 LIST_REMOVE(acq
, chain
);
4067 LIST_FOREACH_MUTABLE(spacq
, &spacqtree
, chain
, nextspacq
) {
4068 if (now
- spacq
->created
> key_blockacq_lifetime
&&
4069 __LIST_CHAINED(spacq
)) {
4070 LIST_REMOVE(spacq
, chain
);
4075 /* initialize random seed */
4076 if (key_tick_init_random
++ > key_int_random
) {
4077 key_tick_init_random
= 0;
4081 #ifndef IPSEC_DEBUG2
4082 /* do exchange to tick time !! */
4083 callout_reset(&key_timehandler_ch
, hz
, key_timehandler
, NULL
);
4091 * to initialize a seed for random()
4096 skrandom(time_second
);
4104 key_randomfill(&value
, sizeof(value
));
4109 key_randomfill(void *p
, size_t l
)
4113 static int warn
= 1;
4115 n
= (size_t)read_random(p
, (u_int
)l
);
4119 bcopy(&v
, (u_int8_t
*)p
+ n
,
4120 l
- n
< sizeof(v
) ? l
- n
: sizeof(v
));
4124 kprintf("WARNING: pseudo-random number generator "
4125 "used for IPsec processing\n");
4132 * map SADB_SATYPE_* to IPPROTO_*.
4133 * if satype == SADB_SATYPE then satype is mapped to ~0.
4135 * 0: invalid satype.
4138 key_satype2proto(u_int8_t satype
)
4141 case SADB_SATYPE_UNSPEC
:
4142 return IPSEC_PROTO_ANY
;
4143 case SADB_SATYPE_AH
:
4145 case SADB_SATYPE_ESP
:
4147 case SADB_X_SATYPE_IPCOMP
:
4148 return IPPROTO_IPCOMP
;
4156 * map IPPROTO_* to SADB_SATYPE_*
4158 * 0: invalid protocol type.
4161 key_proto2satype(u_int16_t proto
)
4165 return SADB_SATYPE_AH
;
4167 return SADB_SATYPE_ESP
;
4168 case IPPROTO_IPCOMP
:
4169 return SADB_X_SATYPE_IPCOMP
;
4178 * SADB_GETSPI processing is to receive
4179 * <base, (SA2), src address, dst address, (SPI range)>
4180 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4181 * tree with the status of LARVAL, and send
4182 * <base, SA(*), address(SD)>
4185 * IN: mhp: pointer to the pointer to each header.
4186 * OUT: NULL if fail.
4187 * other if success, return pointer to the message to send.
4190 key_getspi(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4192 struct sadb_address
*src0
, *dst0
;
4193 struct secasindex saidx
;
4194 struct secashead
*newsah
;
4195 struct secasvar
*newsav
;
4196 struct sockaddr
*saddr
, *daddr
;
4204 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4205 panic("key_getspi: NULL pointer is passed.\n");
4207 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4208 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
4209 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
4210 return key_senderror(so
, m
, EINVAL
);
4212 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4213 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4214 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
4215 return key_senderror(so
, m
, EINVAL
);
4217 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4218 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4219 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4221 mode
= IPSEC_MODE_ANY
;
4225 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4226 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4228 /* map satype to proto */
4229 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4230 ipseclog((LOG_DEBUG
, "key_getspi: invalid satype is passed.\n"));
4231 return key_senderror(so
, m
, EINVAL
);
4234 /* make sure if port number is zero. */
4235 saddr
= (struct sockaddr
*)(src0
+ 1);
4236 daddr
= (struct sockaddr
*)(dst0
+ 1);
4237 switch (saddr
->sa_family
) {
4239 if (saddr
->sa_len
!= sizeof(struct sockaddr_in
))
4240 return key_senderror(so
, m
, EINVAL
);
4241 ((struct sockaddr_in
*)(src0
+ 1))->sin_port
= 0;
4244 if (saddr
->sa_len
!= sizeof(struct sockaddr_in6
))
4245 return key_senderror(so
, m
, EINVAL
);
4246 ((struct sockaddr_in6
*)(src0
+ 1))->sin6_port
= 0;
4251 switch (daddr
->sa_family
) {
4253 if (daddr
->sa_len
!= sizeof(struct sockaddr_in
))
4254 return key_senderror(so
, m
, EINVAL
);
4255 ((struct sockaddr_in
*)(dst0
+ 1))->sin_port
= 0;
4258 if (daddr
->sa_len
!= sizeof(struct sockaddr_in6
))
4259 return key_senderror(so
, m
, EINVAL
);
4260 ((struct sockaddr_in6
*)(dst0
+ 1))->sin6_port
= 0;
4266 /* XXX boundary check against sa_len */
4267 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4269 /* SPI allocation */
4270 spi
= key_do_getnewspi((struct sadb_spirange
*)mhp
->ext
[SADB_EXT_SPIRANGE
],
4273 return key_senderror(so
, m
, EINVAL
);
4275 /* get a SA index */
4276 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
4277 /* create a new SA index */
4278 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
4279 ipseclog((LOG_DEBUG
, "key_getspi: No more memory.\n"));
4280 return key_senderror(so
, m
, ENOBUFS
);
4286 newsav
= KEY_NEWSAV(m
, mhp
, newsah
, &error
);
4287 if (newsav
== NULL
) {
4288 /* XXX don't free new SA index allocated in above. */
4289 return key_senderror(so
, m
, error
);
4293 newsav
->spi
= htonl(spi
);
4295 #ifndef IPSEC_NONBLOCK_ACQUIRE
4296 /* delete the entry in acqtree */
4297 if (mhp
->msg
->sadb_msg_seq
!= 0) {
4299 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) != NULL
) {
4300 /* reset counter in order to deletion by timehandler. */
4301 acq
->created
= time_second
;
4309 struct sadb_sa
*m_sa
;
4310 struct sadb_msg
*newmsg
;
4313 /* create new sadb_msg to reply. */
4314 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
)) +
4315 PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4317 return key_senderror(so
, m
, ENOBUFS
);
4318 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
4320 return key_senderror(so
, m
, ENOBUFS
);
4323 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
4324 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
4326 m_sa
= (struct sadb_sa
*)(mtod(n
, caddr_t
) + off
);
4327 m_sa
->sadb_sa_len
= PFKEY_UNIT64(sizeof(struct sadb_sa
));
4328 m_sa
->sadb_sa_exttype
= SADB_EXT_SA
;
4329 m_sa
->sadb_sa_spi
= htonl(spi
);
4330 off
+= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4334 panic("length inconsistency in key_getspi");
4337 n
->m_next
= key_gather_mbuf(m
, mhp
, 0, 2, SADB_EXT_ADDRESS_SRC
,
4338 SADB_EXT_ADDRESS_DST
);
4341 return key_senderror(so
, m
, ENOBUFS
);
4344 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4345 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4347 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
4349 n
->m_pkthdr
.len
= m_lengthm(n
, NULL
);
4351 newmsg
= mtod(n
, struct sadb_msg
*);
4352 newmsg
->sadb_msg_seq
= newsav
->seq
;
4353 newmsg
->sadb_msg_errno
= 0;
4354 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
4357 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
4362 * allocating new SPI
4363 * called by key_getspi().
4369 key_do_getnewspi(struct sadb_spirange
*spirange
, struct secasindex
*saidx
)
4373 int count
= key_spi_trycnt
;
4375 /* set spi range to allocate */
4376 if (spirange
!= NULL
) {
4377 min
= spirange
->sadb_spirange_min
;
4378 max
= spirange
->sadb_spirange_max
;
4380 min
= key_spi_minval
;
4381 max
= key_spi_maxval
;
4383 /* IPCOMP needs 2-byte SPI */
4384 if (saidx
->proto
== IPPROTO_IPCOMP
) {
4391 t
= min
; min
= max
; max
= t
;
4396 if (key_checkspidup(saidx
, min
) != NULL
) {
4397 ipseclog((LOG_DEBUG
, "key_do_getnewspi: SPI %u exists already.\n", min
));
4401 count
--; /* taking one cost. */
4409 /* when requesting to allocate spi ranged */
4411 /* generate pseudo-random SPI value ranged. */
4412 newspi
= min
+ (key_random() % (max
- min
+ 1));
4414 if (key_checkspidup(saidx
, newspi
) == NULL
)
4418 if (count
== 0 || newspi
== 0) {
4419 ipseclog((LOG_DEBUG
, "key_do_getnewspi: to allocate spi is failed.\n"));
4425 keystat
.getspi_count
=
4426 (keystat
.getspi_count
+ key_spi_trycnt
- count
) / 2;
4432 * SADB_UPDATE processing
4434 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4435 * key(AE), (identity(SD),) (sensitivity)>
4436 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4438 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4439 * (identity(SD),) (sensitivity)>
4442 * m will always be freed.
4445 key_update(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4447 struct sadb_sa
*sa0
;
4448 struct sadb_address
*src0
, *dst0
;
4449 struct secasindex saidx
;
4450 struct secashead
*sah
;
4451 struct secasvar
*sav
;
4458 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4459 panic("key_update: NULL pointer is passed.\n");
4461 /* map satype to proto */
4462 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4463 ipseclog((LOG_DEBUG
, "key_update: invalid satype is passed.\n"));
4464 return key_senderror(so
, m
, EINVAL
);
4467 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
4468 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4469 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
4470 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
4471 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
4472 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
4473 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
4474 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
4475 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
4476 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
4477 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
4478 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
4479 return key_senderror(so
, m
, EINVAL
);
4481 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
4482 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4483 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4484 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
4485 return key_senderror(so
, m
, EINVAL
);
4487 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4488 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4489 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4491 mode
= IPSEC_MODE_ANY
;
4494 /* XXX boundary checking for other extensions */
4496 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4497 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4498 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4500 /* XXX boundary check against sa_len */
4501 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4503 /* get a SA header */
4504 if ((sah
= key_getsah(&saidx
)) == NULL
) {
4505 ipseclog((LOG_DEBUG
, "key_update: no SA index found.\n"));
4506 return key_senderror(so
, m
, ENOENT
);
4509 /* set spidx if there */
4511 error
= key_setident(sah
, m
, mhp
);
4513 return key_senderror(so
, m
, error
);
4515 /* find a SA with sequence number. */
4516 #ifdef IPSEC_DOSEQCHECK
4517 if (mhp
->msg
->sadb_msg_seq
!= 0
4518 && (sav
= key_getsavbyseq(sah
, mhp
->msg
->sadb_msg_seq
)) == NULL
) {
4519 ipseclog((LOG_DEBUG
,
4520 "key_update: no larval SA with sequence %u exists.\n",
4521 mhp
->msg
->sadb_msg_seq
));
4522 return key_senderror(so
, m
, ENOENT
);
4525 if ((sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
)) == NULL
) {
4526 ipseclog((LOG_DEBUG
,
4527 "key_update: no such a SA found (spi:%u)\n",
4528 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
4529 return key_senderror(so
, m
, EINVAL
);
4533 /* validity check */
4534 if (sav
->sah
->saidx
.proto
!= proto
) {
4535 ipseclog((LOG_DEBUG
,
4536 "key_update: protocol mismatched (DB=%u param=%u)\n",
4537 sav
->sah
->saidx
.proto
, proto
));
4538 return key_senderror(so
, m
, EINVAL
);
4540 #ifdef IPSEC_DOSEQCHECK
4541 if (sav
->spi
!= sa0
->sadb_sa_spi
) {
4542 ipseclog((LOG_DEBUG
,
4543 "key_update: SPI mismatched (DB:%u param:%u)\n",
4544 (u_int32_t
)ntohl(sav
->spi
),
4545 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
4546 return key_senderror(so
, m
, EINVAL
);
4549 if (sav
->pid
!= mhp
->msg
->sadb_msg_pid
) {
4550 ipseclog((LOG_DEBUG
,
4551 "key_update: pid mismatched (DB:%u param:%u)\n",
4552 sav
->pid
, mhp
->msg
->sadb_msg_pid
));
4553 return key_senderror(so
, m
, EINVAL
);
4556 /* copy sav values */
4557 error
= key_setsaval(sav
, m
, mhp
);
4560 return key_senderror(so
, m
, error
);
4563 /* check SA values to be mature. */
4564 if ((mhp
->msg
->sadb_msg_errno
= key_mature(sav
)) != 0) {
4566 return key_senderror(so
, m
, 0);
4572 /* set msg buf from mhp */
4573 n
= key_getmsgbuf_x1(m
, mhp
);
4575 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
4576 return key_senderror(so
, m
, ENOBUFS
);
4580 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4585 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
4586 * only called by key_update().
4589 * others : found, pointer to a SA.
4591 #ifdef IPSEC_DOSEQCHECK
4592 static struct secasvar
*
4593 key_getsavbyseq(struct secashead
*sah
, u_int32_t seq
)
4595 struct secasvar
*sav
;
4598 state
= SADB_SASTATE_LARVAL
;
4600 /* search SAD with sequence number ? */
4601 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
4603 KEY_CHKSASTATE(state
, sav
->state
, "key_getsabyseq");
4605 if (sav
->seq
== seq
) {
4607 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
4608 kprintf("DP key_getsavbyseq cause "
4609 "refcnt++:%d SA:%p\n",
4620 * SADB_ADD processing
4621 * add an entry to SA database, when received
4622 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4623 * key(AE), (identity(SD),) (sensitivity)>
4626 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4627 * (identity(SD),) (sensitivity)>
4630 * IGNORE identity and sensitivity messages.
4632 * m will always be freed.
4635 key_add(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4637 struct sadb_sa
*sa0
;
4638 struct sadb_address
*src0
, *dst0
;
4639 struct secasindex saidx
;
4640 struct secashead
*newsah
;
4641 struct secasvar
*newsav
;
4648 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4649 panic("key_add: NULL pointer is passed.\n");
4651 /* map satype to proto */
4652 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4653 ipseclog((LOG_DEBUG
, "key_add: invalid satype is passed.\n"));
4654 return key_senderror(so
, m
, EINVAL
);
4657 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
4658 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4659 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
4660 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
4661 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
4662 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
4663 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
4664 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
4665 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
4666 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
4667 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
4668 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
4669 return key_senderror(so
, m
, EINVAL
);
4671 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
4672 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4673 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4675 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
4676 return key_senderror(so
, m
, EINVAL
);
4678 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4679 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4680 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4682 mode
= IPSEC_MODE_ANY
;
4686 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4687 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
4688 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
4690 /* XXX boundary check against sa_len */
4691 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4693 /* get a SA header */
4694 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
4695 /* create a new SA header */
4696 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
4697 ipseclog((LOG_DEBUG
, "key_add: No more memory.\n"));
4698 return key_senderror(so
, m
, ENOBUFS
);
4702 /* set spidx if there */
4704 error
= key_setident(newsah
, m
, mhp
);
4706 return key_senderror(so
, m
, error
);
4709 /* create new SA entry. */
4710 /* We can create new SA only if SPI is differenct. */
4711 if (key_getsavbyspi(newsah
, sa0
->sadb_sa_spi
)) {
4712 ipseclog((LOG_DEBUG
, "key_add: SA already exists.\n"));
4713 return key_senderror(so
, m
, EEXIST
);
4715 newsav
= KEY_NEWSAV(m
, mhp
, newsah
, &error
);
4716 if (newsav
== NULL
) {
4717 return key_senderror(so
, m
, error
);
4720 /* check SA values to be mature. */
4721 if ((error
= key_mature(newsav
)) != 0) {
4722 KEY_FREESAV(&newsav
);
4723 return key_senderror(so
, m
, error
);
4727 * don't call key_freesav() here, as we would like to keep the SA
4728 * in the database on success.
4734 /* set msg buf from mhp */
4735 n
= key_getmsgbuf_x1(m
, mhp
);
4737 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
4738 return key_senderror(so
, m
, ENOBUFS
);
4742 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4748 key_setident(struct secashead
*sah
, struct mbuf
*m
,
4749 const struct sadb_msghdr
*mhp
)
4751 const struct sadb_ident
*idsrc
, *iddst
;
4752 int idsrclen
, iddstlen
;
4755 if (sah
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4756 panic("key_setident: NULL pointer is passed.\n");
4758 /* don't make buffer if not there */
4759 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
&&
4760 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
4766 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
||
4767 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
4768 ipseclog((LOG_DEBUG
, "key_setident: invalid identity.\n"));
4772 idsrc
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_SRC
];
4773 iddst
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_DST
];
4774 idsrclen
= mhp
->extlen
[SADB_EXT_IDENTITY_SRC
];
4775 iddstlen
= mhp
->extlen
[SADB_EXT_IDENTITY_DST
];
4777 /* validity check */
4778 if (idsrc
->sadb_ident_type
!= iddst
->sadb_ident_type
) {
4779 ipseclog((LOG_DEBUG
, "key_setident: ident type mismatch.\n"));
4783 switch (idsrc
->sadb_ident_type
) {
4784 case SADB_IDENTTYPE_PREFIX
:
4785 case SADB_IDENTTYPE_FQDN
:
4786 case SADB_IDENTTYPE_USERFQDN
:
4788 /* XXX do nothing */
4794 /* make structure */
4795 KMALLOC(sah
->idents
, struct sadb_ident
*, idsrclen
);
4796 if (sah
->idents
== NULL
) {
4797 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
4800 KMALLOC(sah
->identd
, struct sadb_ident
*, iddstlen
);
4801 if (sah
->identd
== NULL
) {
4804 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
4807 bcopy(idsrc
, sah
->idents
, idsrclen
);
4808 bcopy(iddst
, sah
->identd
, iddstlen
);
4814 * m will not be freed on return.
4815 * it is caller's responsibility to free the result.
4817 static struct mbuf
*
4818 key_getmsgbuf_x1(struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4823 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4824 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
4826 /* create new sadb_msg to reply. */
4827 n
= key_gather_mbuf(m
, mhp
, 1, 9, SADB_EXT_RESERVED
,
4828 SADB_EXT_SA
, SADB_X_EXT_SA2
,
4829 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
4830 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
4831 SADB_EXT_IDENTITY_SRC
, SADB_EXT_IDENTITY_DST
);
4835 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4836 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4840 mtod(n
, struct sadb_msg
*)->sadb_msg_errno
= 0;
4841 mtod(n
, struct sadb_msg
*)->sadb_msg_len
=
4842 PFKEY_UNIT64(n
->m_pkthdr
.len
);
4847 static int key_delete_all (struct socket
*, struct mbuf
*,
4848 const struct sadb_msghdr
*, u_int16_t
);
4851 * SADB_DELETE processing
4853 * <base, SA(*), address(SD)>
4854 * from the ikmpd, and set SADB_SASTATE_DEAD,
4856 * <base, SA(*), address(SD)>
4859 * m will always be freed.
4862 key_delete(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4864 struct sadb_sa
*sa0
;
4865 struct sadb_address
*src0
, *dst0
;
4866 struct secasindex saidx
;
4867 struct secashead
*sah
;
4868 struct secasvar
*sav
= NULL
;
4872 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4873 panic("key_delete: NULL pointer is passed.\n");
4875 /* map satype to proto */
4876 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4877 ipseclog((LOG_DEBUG
, "key_delete: invalid satype is passed.\n"));
4878 return key_senderror(so
, m
, EINVAL
);
4881 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4882 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
4883 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4884 return key_senderror(so
, m
, EINVAL
);
4887 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4888 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4889 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4890 return key_senderror(so
, m
, EINVAL
);
4893 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
4895 * Caller wants us to delete all non-LARVAL SAs
4896 * that match the src/dst. This is used during
4897 * IKE INITIAL-CONTACT.
4899 ipseclog((LOG_DEBUG
, "key_delete: doing delete all.\n"));
4900 return key_delete_all(so
, m
, mhp
, proto
);
4901 } else if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
)) {
4902 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4903 return key_senderror(so
, m
, EINVAL
);
4906 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4907 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4908 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4910 /* XXX boundary check against sa_len */
4911 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
4913 /* get a SA header */
4914 LIST_FOREACH(sah
, &sahtree
, chain
) {
4915 if (sah
->state
== SADB_SASTATE_DEAD
)
4917 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
4920 /* get a SA with SPI. */
4921 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
4926 ipseclog((LOG_DEBUG
, "key_delete: no SA found.\n"));
4927 return key_senderror(so
, m
, ENOENT
);
4930 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4935 struct sadb_msg
*newmsg
;
4937 /* create new sadb_msg to reply. */
4938 n
= key_gather_mbuf(m
, mhp
, 1, 4, SADB_EXT_RESERVED
,
4939 SADB_EXT_SA
, SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
4941 return key_senderror(so
, m
, ENOBUFS
);
4943 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4944 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4946 return key_senderror(so
, m
, ENOBUFS
);
4948 newmsg
= mtod(n
, struct sadb_msg
*);
4949 newmsg
->sadb_msg_errno
= 0;
4950 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
4953 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4958 * delete all SAs for src/dst. Called from key_delete().
4961 key_delete_all(struct socket
*so
, struct mbuf
*m
,
4962 const struct sadb_msghdr
*mhp
, u_int16_t proto
)
4964 struct sadb_address
*src0
, *dst0
;
4965 struct secasindex saidx
;
4966 struct secashead
*sah
;
4967 struct secasvar
*sav
, *nextsav
;
4968 u_int stateidx
, state
;
4970 struct sadb_msg
*newmsg
;
4972 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4973 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4975 /* XXX boundary check against sa_len */
4976 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
4978 LIST_FOREACH(sah
, &sahtree
, chain
) {
4979 if (sah
->state
== SADB_SASTATE_DEAD
)
4981 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
4984 /* Delete all non-LARVAL SAs. */
4985 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
4987 state
= saorder_state_alive
[stateidx
];
4988 if (state
== SADB_SASTATE_LARVAL
)
4990 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
,
4993 if (sav
->state
!= state
) {
4994 ipseclog((LOG_DEBUG
, "key_delete_all: "
4995 "invalid sav->state "
4996 "(queue: %d SA: %d)\n",
4997 state
, sav
->state
));
5001 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
5007 /* create new sadb_msg to reply. */
5008 n
= key_gather_mbuf(m
, mhp
, 1, 3, SADB_EXT_RESERVED
,
5009 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
5011 return key_senderror(so
, m
, ENOBUFS
);
5013 if (n
->m_len
< sizeof(struct sadb_msg
)) {
5014 n
= m_pullup(n
, sizeof(struct sadb_msg
));
5016 return key_senderror(so
, m
, ENOBUFS
);
5018 newmsg
= mtod(n
, struct sadb_msg
*);
5019 newmsg
->sadb_msg_errno
= 0;
5020 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
5023 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
5027 * SADB_GET processing
5029 * <base, SA(*), address(SD)>
5030 * from the ikmpd, and get a SP and a SA to respond,
5032 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5033 * (identity(SD),) (sensitivity)>
5036 * m will always be freed.
5039 key_get(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
5041 struct sadb_sa
*sa0
;
5042 struct sadb_address
*src0
, *dst0
;
5043 struct secasindex saidx
;
5044 struct secashead
*sah
;
5045 struct secasvar
*sav
= NULL
;
5049 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5050 panic("key_get: NULL pointer is passed.\n");
5052 /* map satype to proto */
5053 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5054 ipseclog((LOG_DEBUG
, "key_get: invalid satype is passed.\n"));
5055 return key_senderror(so
, m
, EINVAL
);
5058 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
5059 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5060 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
5061 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
5062 return key_senderror(so
, m
, EINVAL
);
5064 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
5065 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5066 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5067 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
5068 return key_senderror(so
, m
, EINVAL
);
5071 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
5072 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
5073 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
5075 /* XXX boundary check against sa_len */
5076 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
5078 /* get a SA header */
5079 LIST_FOREACH(sah
, &sahtree
, chain
) {
5080 if (sah
->state
== SADB_SASTATE_DEAD
)
5082 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
5085 /* get a SA with SPI. */
5086 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
5091 ipseclog((LOG_DEBUG
, "key_get: no SA found.\n"));
5092 return key_senderror(so
, m
, ENOENT
);
5099 /* map proto to satype */
5100 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
5101 ipseclog((LOG_DEBUG
, "key_get: there was invalid proto in SAD.\n"));
5102 return key_senderror(so
, m
, EINVAL
);
5105 /* create new sadb_msg to reply. */
5106 n
= key_setdumpsa(sav
, SADB_GET
, satype
, mhp
->msg
->sadb_msg_seq
,
5107 mhp
->msg
->sadb_msg_pid
);
5109 return key_senderror(so
, m
, ENOBUFS
);
5112 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
5116 /* XXX make it sysctl-configurable? */
5118 key_getcomb_setlifetime(struct sadb_comb
*comb
)
5121 comb
->sadb_comb_soft_allocations
= 1;
5122 comb
->sadb_comb_hard_allocations
= 1;
5123 comb
->sadb_comb_soft_bytes
= 0;
5124 comb
->sadb_comb_hard_bytes
= 0;
5125 comb
->sadb_comb_hard_addtime
= 86400; /* 1 day */
5126 comb
->sadb_comb_soft_addtime
= comb
->sadb_comb_soft_addtime
* 80 / 100;
5127 comb
->sadb_comb_soft_usetime
= 28800; /* 8 hours */
5128 comb
->sadb_comb_hard_usetime
= comb
->sadb_comb_hard_usetime
* 80 / 100;
5132 * XXX reorder combinations by preference
5133 * XXX no idea if the user wants ESP authentication or not
5135 static struct mbuf
*
5136 key_getcomb_esp(void)
5138 struct sadb_comb
*comb
;
5139 struct enc_xform
*algo
;
5140 struct mbuf
*result
= NULL
, *m
, *n
;
5144 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5147 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5148 algo
= esp_algorithm_lookup(i
);
5152 /* discard algorithms with key size smaller than system min */
5153 if (_BITS(algo
->maxkey
) < ipsec_esp_keymin
)
5155 if (_BITS(algo
->minkey
) < ipsec_esp_keymin
)
5156 encmin
= ipsec_esp_keymin
;
5158 encmin
= _BITS(algo
->minkey
);
5161 m
= key_getcomb_ah();
5164 ("key_getcomb_esp: l=%u > MLEN=%lu",
5166 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5171 bzero(mtod(m
, caddr_t
), m
->m_len
);
5177 totlen
= m_lengthm(m
, NULL
);
5178 KASSERT((totlen
% l
) == 0,
5179 ("key_getcomb_esp: totlen=%u, l=%u", totlen
, l
));
5181 for (off
= 0; off
< totlen
; off
+= l
) {
5182 n
= m_pulldown(m
, off
, l
, &o
);
5184 /* m is already freed */
5187 comb
= (struct sadb_comb
*)(mtod(n
, caddr_t
) + o
);
5188 bzero(comb
, sizeof(*comb
));
5189 key_getcomb_setlifetime(comb
);
5190 comb
->sadb_comb_encrypt
= i
;
5191 comb
->sadb_comb_encrypt_minbits
= encmin
;
5192 comb
->sadb_comb_encrypt_maxbits
= _BITS(algo
->maxkey
);
5211 const struct auth_hash
*ah
,
5216 *min
= *max
= ah
->keysize
;
5217 if (ah
->keysize
== 0) {
5219 * Transform takes arbitrary key size but algorithm
5220 * key size is restricted. Enforce this here.
5223 case SADB_X_AALG_MD5
: *min
= *max
= 16; break;
5224 case SADB_X_AALG_SHA
: *min
= *max
= 20; break;
5225 case SADB_X_AALG_NULL
: *min
= 1; *max
= 256; break;
5227 DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n",
5235 * XXX reorder combinations by preference
5237 static struct mbuf
*
5238 key_getcomb_ah(void)
5240 struct sadb_comb
*comb
;
5241 struct auth_hash
*algo
;
5243 u_int16_t minkeysize
, maxkeysize
;
5245 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5248 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5250 /* we prefer HMAC algorithms, not old algorithms */
5251 if (i
!= SADB_AALG_SHA1HMAC
&& i
!= SADB_AALG_MD5HMAC
)
5254 algo
= ah_algorithm_lookup(i
);
5257 key_getsizes_ah(algo
, i
, &minkeysize
, &maxkeysize
);
5258 /* discard algorithms with key size smaller than system min */
5259 if (_BITS(minkeysize
) < ipsec_ah_keymin
)
5264 ("key_getcomb_ah: l=%u > MLEN=%lu",
5266 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5273 M_PREPEND(m
, l
, MB_DONTWAIT
);
5277 comb
= mtod(m
, struct sadb_comb
*);
5278 bzero(comb
, sizeof(*comb
));
5279 key_getcomb_setlifetime(comb
);
5280 comb
->sadb_comb_auth
= i
;
5281 comb
->sadb_comb_auth_minbits
= _BITS(minkeysize
);
5282 comb
->sadb_comb_auth_maxbits
= _BITS(maxkeysize
);
5289 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5290 * XXX reorder combinations by preference
5292 static struct mbuf
*
5293 key_getcomb_ipcomp(void)
5295 struct sadb_comb
*comb
;
5296 struct comp_algo
*algo
;
5299 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5302 for (i
= 1; i
<= SADB_X_CALG_MAX
; i
++) {
5303 algo
= ipcomp_algorithm_lookup(i
);
5309 ("key_getcomb_ipcomp: l=%u > MLEN=%lu",
5311 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5318 M_PREPEND(m
, l
, MB_DONTWAIT
);
5322 comb
= mtod(m
, struct sadb_comb
*);
5323 bzero(comb
, sizeof(*comb
));
5324 key_getcomb_setlifetime(comb
);
5325 comb
->sadb_comb_encrypt
= i
;
5326 /* what should we set into sadb_comb_*_{min,max}bits? */
5333 * XXX no way to pass mode (transport/tunnel) to userland
5334 * XXX replay checking?
5335 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5337 static struct mbuf
*
5338 key_getprop(const struct secasindex
*saidx
)
5340 struct sadb_prop
*prop
;
5342 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_prop
));
5344 switch (saidx
->proto
) {
5346 m
= key_getcomb_esp();
5349 m
= key_getcomb_ah();
5351 case IPPROTO_IPCOMP
:
5352 m
= key_getcomb_ipcomp();
5360 M_PREPEND(m
, l
, MB_DONTWAIT
);
5364 prop
= mtod(m
, struct sadb_prop
*);
5365 bzero(prop
, sizeof(*prop
));
5366 prop
->sadb_prop_len
= PFKEY_UNIT64(m_lengthm(m
, NULL
));
5367 prop
->sadb_prop_exttype
= SADB_EXT_PROPOSAL
;
5368 prop
->sadb_prop_replay
= 32; /* XXX */
5374 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5376 * <base, SA, address(SD), (address(P)), x_policy,
5377 * (identity(SD),) (sensitivity,) proposal>
5378 * to KMD, and expect to receive
5379 * <base> with SADB_ACQUIRE if error occured,
5381 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5382 * from KMD by PF_KEY.
5384 * XXX x_policy is outside of RFC2367 (KAME extension).
5385 * XXX sensitivity is not supported.
5386 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5387 * see comment for key_getcomb_ipcomp().
5391 * others: error number
5394 key_acquire(const struct secasindex
*saidx
, struct secpolicy
*sp
)
5396 struct mbuf
*result
= NULL
, *m
;
5397 #ifndef IPSEC_NONBLOCK_ACQUIRE
5398 struct secacq
*newacq
;
5405 KASSERT(saidx
!= NULL
, ("key_acquire: null saidx"));
5406 satype
= key_proto2satype(saidx
->proto
);
5407 KASSERT(satype
!= 0,
5408 ("key_acquire: null satype, protocol %u", saidx
->proto
));
5410 #ifndef IPSEC_NONBLOCK_ACQUIRE
5412 * We never do anything about acquirng SA. There is anather
5413 * solution that kernel blocks to send SADB_ACQUIRE message until
5414 * getting something message from IKEd. In later case, to be
5415 * managed with ACQUIRING list.
5417 /* Get an entry to check whether sending message or not. */
5418 if ((newacq
= key_getacq(saidx
)) != NULL
) {
5419 if (key_blockacq_count
< newacq
->count
) {
5420 /* reset counter and do send message. */
5423 /* increment counter and do nothing. */
5428 /* make new entry for blocking to send SADB_ACQUIRE. */
5429 if ((newacq
= key_newacq(saidx
)) == NULL
)
5432 /* add to acqtree */
5433 LIST_INSERT_HEAD(&acqtree
, newacq
, chain
);
5438 #ifndef IPSEC_NONBLOCK_ACQUIRE
5441 seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
5443 m
= key_setsadbmsg(SADB_ACQUIRE
, 0, satype
, seq
, 0, 0);
5450 /* set sadb_address for saidx's. */
5451 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
5452 &saidx
->src
.sa
, FULLMASK
, IPSEC_ULPROTO_ANY
);
5459 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
5460 &saidx
->dst
.sa
, FULLMASK
, IPSEC_ULPROTO_ANY
);
5467 /* XXX proxy address (optional) */
5469 /* set sadb_x_policy */
5471 m
= key_setsadbxpolicy(sp
->policy
, sp
->spidx
.dir
, sp
->id
);
5479 /* XXX identity (optional) */
5481 if (idexttype
&& fqdn
) {
5482 /* create identity extension (FQDN) */
5483 struct sadb_ident
*id
;
5486 fqdnlen
= strlen(fqdn
) + 1; /* +1 for terminating-NUL */
5487 id
= (struct sadb_ident
*)p
;
5488 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
5489 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
5490 id
->sadb_ident_exttype
= idexttype
;
5491 id
->sadb_ident_type
= SADB_IDENTTYPE_FQDN
;
5492 bcopy(fqdn
, id
+ 1, fqdnlen
);
5493 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(fqdnlen
);
5497 /* create identity extension (USERFQDN) */
5498 struct sadb_ident
*id
;
5502 /* +1 for terminating-NUL */
5503 userfqdnlen
= strlen(userfqdn
) + 1;
5506 id
= (struct sadb_ident
*)p
;
5507 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
5508 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
5509 id
->sadb_ident_exttype
= idexttype
;
5510 id
->sadb_ident_type
= SADB_IDENTTYPE_USERFQDN
;
5511 /* XXX is it correct? */
5512 if (curproc
&& curproc
->p_cred
)
5513 id
->sadb_ident_id
= curproc
->p_cred
->p_ruid
;
5514 if (userfqdn
&& userfqdnlen
)
5515 bcopy(userfqdn
, id
+ 1, userfqdnlen
);
5516 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(userfqdnlen
);
5520 /* XXX sensitivity (optional) */
5522 /* create proposal/combination extension */
5523 m
= key_getprop(saidx
);
5526 * spec conformant: always attach proposal/combination extension,
5527 * the problem is that we have no way to attach it for ipcomp,
5528 * due to the way sadb_comb is declared in RFC2367.
5537 * outside of spec; make proposal/combination extension optional.
5543 if ((result
->m_flags
& M_PKTHDR
) == 0) {
5548 if (result
->m_len
< sizeof(struct sadb_msg
)) {
5549 result
= m_pullup(result
, sizeof(struct sadb_msg
));
5550 if (result
== NULL
) {
5555 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
5556 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
5557 PFKEY_UNIT64(result
->m_pkthdr
.len
);
5559 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
5567 #ifndef IPSEC_NONBLOCK_ACQUIRE
5568 static struct secacq
*
5569 key_newacq(const struct secasindex
*saidx
)
5571 struct secacq
*newacq
;
5574 KMALLOC(newacq
, struct secacq
*, sizeof(struct secacq
));
5575 if (newacq
== NULL
) {
5576 ipseclog((LOG_DEBUG
, "key_newacq: No more memory.\n"));
5579 bzero(newacq
, sizeof(*newacq
));
5582 bcopy(saidx
, &newacq
->saidx
, sizeof(newacq
->saidx
));
5583 newacq
->seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
);
5584 newacq
->created
= time_second
;
5590 static struct secacq
*
5591 key_getacq(const struct secasindex
*saidx
)
5595 LIST_FOREACH(acq
, &acqtree
, chain
) {
5596 if (key_cmpsaidx(saidx
, &acq
->saidx
, CMP_EXACTLY
))
5603 static struct secacq
*
5604 key_getacqbyseq(u_int32_t seq
)
5608 LIST_FOREACH(acq
, &acqtree
, chain
) {
5609 if (acq
->seq
== seq
)
5617 static struct secspacq
*
5618 key_newspacq(struct secpolicyindex
*spidx
)
5620 struct secspacq
*acq
;
5623 KMALLOC(acq
, struct secspacq
*, sizeof(struct secspacq
));
5625 ipseclog((LOG_DEBUG
, "key_newspacq: No more memory.\n"));
5628 bzero(acq
, sizeof(*acq
));
5631 bcopy(spidx
, &acq
->spidx
, sizeof(acq
->spidx
));
5632 acq
->created
= time_second
;
5638 static struct secspacq
*
5639 key_getspacq(struct secpolicyindex
*spidx
)
5641 struct secspacq
*acq
;
5643 LIST_FOREACH(acq
, &spacqtree
, chain
) {
5644 if (key_cmpspidx_exactly(spidx
, &acq
->spidx
))
5652 * SADB_ACQUIRE processing,
5653 * in first situation, is receiving
5655 * from the ikmpd, and clear sequence of its secasvar entry.
5657 * In second situation, is receiving
5658 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5659 * from a user land process, and return
5660 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5663 * m will always be freed.
5666 key_acquire2(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
5668 const struct sadb_address
*src0
, *dst0
;
5669 struct secasindex saidx
;
5670 struct secashead
*sah
;
5675 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5676 panic("key_acquire2: NULL pointer is passed.\n");
5679 * Error message from KMd.
5680 * We assume that if error was occured in IKEd, the length of PFKEY
5681 * message is equal to the size of sadb_msg structure.
5682 * We do not raise error even if error occured in this function.
5684 if (mhp
->msg
->sadb_msg_len
== PFKEY_UNIT64(sizeof(struct sadb_msg
))) {
5685 #ifndef IPSEC_NONBLOCK_ACQUIRE
5688 /* check sequence number */
5689 if (mhp
->msg
->sadb_msg_seq
== 0) {
5690 ipseclog((LOG_DEBUG
, "key_acquire2: must specify sequence number.\n"));
5695 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) == NULL
) {
5697 * the specified larval SA is already gone, or we got
5698 * a bogus sequence number. we can silently ignore it.
5704 /* reset acq counter in order to deletion by timehander. */
5705 acq
->created
= time_second
;
5713 * This message is from user land.
5716 /* map satype to proto */
5717 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5718 ipseclog((LOG_DEBUG
, "key_acquire2: invalid satype is passed.\n"));
5719 return key_senderror(so
, m
, EINVAL
);
5722 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5723 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
5724 mhp
->ext
[SADB_EXT_PROPOSAL
] == NULL
) {
5726 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
5727 return key_senderror(so
, m
, EINVAL
);
5729 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5730 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
5731 mhp
->extlen
[SADB_EXT_PROPOSAL
] < sizeof(struct sadb_prop
)) {
5733 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
5734 return key_senderror(so
, m
, EINVAL
);
5737 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
5738 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
5740 /* XXX boundary check against sa_len */
5741 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
5743 /* get a SA index */
5744 LIST_FOREACH(sah
, &sahtree
, chain
) {
5745 if (sah
->state
== SADB_SASTATE_DEAD
)
5747 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE_REQID
))
5751 ipseclog((LOG_DEBUG
, "key_acquire2: a SA exists already.\n"));
5752 return key_senderror(so
, m
, EEXIST
);
5755 error
= key_acquire(&saidx
, NULL
);
5757 ipseclog((LOG_DEBUG
, "key_acquire2: error %d returned "
5758 "from key_acquire.\n", mhp
->msg
->sadb_msg_errno
));
5759 return key_senderror(so
, m
, error
);
5762 return key_sendup_mbuf(so
, m
, KEY_SENDUP_REGISTERED
);
5766 * SADB_REGISTER processing.
5767 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
5770 * from the ikmpd, and register a socket to send PF_KEY messages,
5774 * If socket is detached, must free from regnode.
5776 * m will always be freed.
5779 key_register(struct socket
*so
, struct mbuf
*m
,
5780 const struct sadb_msghdr
*mhp
)
5782 struct secreg
*reg
, *newreg
= 0;
5785 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5786 panic("key_register: NULL pointer is passed.\n");
5788 /* check for invalid register message */
5789 if (mhp
->msg
->sadb_msg_satype
>= sizeof(regtree
)/sizeof(regtree
[0]))
5790 return key_senderror(so
, m
, EINVAL
);
5792 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
5793 if (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_UNSPEC
)
5796 /* check whether existing or not */
5797 LIST_FOREACH(reg
, ®tree
[mhp
->msg
->sadb_msg_satype
], chain
) {
5798 if (reg
->so
== so
) {
5799 ipseclog((LOG_DEBUG
, "key_register: socket exists already.\n"));
5800 return key_senderror(so
, m
, EEXIST
);
5804 /* create regnode */
5805 KMALLOC(newreg
, struct secreg
*, sizeof(*newreg
));
5806 if (newreg
== NULL
) {
5807 ipseclog((LOG_DEBUG
, "key_register: No more memory.\n"));
5808 return key_senderror(so
, m
, ENOBUFS
);
5810 bzero((caddr_t
)newreg
, sizeof(*newreg
));
5813 ((struct keycb
*)sotorawcb(so
))->kp_registered
++;
5815 /* add regnode to regtree. */
5816 LIST_INSERT_HEAD(®tree
[mhp
->msg
->sadb_msg_satype
], newreg
, chain
);
5821 struct sadb_msg
*newmsg
;
5822 struct sadb_supported
*sup
;
5823 u_int len
, alen
, elen
;
5826 struct sadb_alg
*alg
;
5828 /* create new sadb_msg to reply. */
5830 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5831 if (ah_algorithm_lookup(i
))
5832 alen
+= sizeof(struct sadb_alg
);
5835 alen
+= sizeof(struct sadb_supported
);
5837 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5838 if (esp_algorithm_lookup(i
))
5839 elen
+= sizeof(struct sadb_alg
);
5842 elen
+= sizeof(struct sadb_supported
);
5844 len
= sizeof(struct sadb_msg
) + alen
+ elen
;
5847 return key_senderror(so
, m
, ENOBUFS
);
5848 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
5850 return key_senderror(so
, m
, ENOBUFS
);
5851 n
->m_pkthdr
.len
= n
->m_len
= len
;
5853 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
5854 newmsg
= mtod(n
, struct sadb_msg
*);
5855 newmsg
->sadb_msg_errno
= 0;
5856 newmsg
->sadb_msg_len
= PFKEY_UNIT64(len
);
5857 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
5859 /* for authentication algorithm */
5861 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
5862 sup
->sadb_supported_len
= PFKEY_UNIT64(alen
);
5863 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
5864 off
+= PFKEY_ALIGN8(sizeof(*sup
));
5866 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5867 struct auth_hash
*aalgo
;
5868 u_int16_t minkeysize
, maxkeysize
;
5870 aalgo
= ah_algorithm_lookup(i
);
5873 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
5874 alg
->sadb_alg_id
= i
;
5875 alg
->sadb_alg_ivlen
= 0;
5876 key_getsizes_ah(aalgo
, i
, &minkeysize
, &maxkeysize
);
5877 alg
->sadb_alg_minbits
= _BITS(minkeysize
);
5878 alg
->sadb_alg_maxbits
= _BITS(maxkeysize
);
5879 off
+= PFKEY_ALIGN8(sizeof(*alg
));
5883 /* for encryption algorithm */
5885 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
5886 sup
->sadb_supported_len
= PFKEY_UNIT64(elen
);
5887 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_ENCRYPT
;
5888 off
+= PFKEY_ALIGN8(sizeof(*sup
));
5890 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5891 struct enc_xform
*ealgo
;
5893 ealgo
= esp_algorithm_lookup(i
);
5896 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
5897 alg
->sadb_alg_id
= i
;
5898 alg
->sadb_alg_ivlen
= ealgo
->blocksize
;
5899 alg
->sadb_alg_minbits
= _BITS(ealgo
->minkey
);
5900 alg
->sadb_alg_maxbits
= _BITS(ealgo
->maxkey
);
5901 off
+= PFKEY_ALIGN8(sizeof(struct sadb_alg
));
5907 panic("length assumption failed in key_register");
5911 return key_sendup_mbuf(so
, n
, KEY_SENDUP_REGISTERED
);
5916 * free secreg entry registered.
5917 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
5920 key_freereg(struct socket
*so
)
5927 panic("key_freereg: NULL pointer is passed.\n");
5930 * check whether existing or not.
5931 * check all type of SA, because there is a potential that
5932 * one socket is registered to multiple type of SA.
5934 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
5935 LIST_FOREACH(reg
, ®tree
[i
], chain
) {
5937 && __LIST_CHAINED(reg
)) {
5938 LIST_REMOVE(reg
, chain
);
5949 * SADB_EXPIRE processing
5951 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
5953 * NOTE: We send only soft lifetime extension.
5956 * others : error number
5959 key_expire(struct secasvar
*sav
)
5963 struct mbuf
*result
= NULL
, *m
;
5966 struct sadb_lifetime
*lt
;
5968 /* XXX: Why do we lock ? */
5973 panic("key_expire: NULL pointer is passed.\n");
5974 if (sav
->sah
== NULL
)
5975 panic("key_expire: Why was SA index in SA NULL.\n");
5976 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
5977 panic("key_expire: invalid proto is passed.\n");
5979 /* set msg header */
5980 m
= key_setsadbmsg(SADB_EXPIRE
, 0, satype
, sav
->seq
, 0, sav
->refcnt
);
5987 /* create SA extension */
5988 m
= key_setsadbsa(sav
);
5995 /* create SA extension */
5996 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
5997 sav
->replay
? sav
->replay
->count
: 0,
5998 sav
->sah
->saidx
.reqid
);
6005 /* create lifetime extension (current and soft) */
6006 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
6007 m
= key_alloc_mbuf(len
);
6008 if (!m
|| m
->m_next
) { /*XXX*/
6014 bzero(mtod(m
, caddr_t
), len
);
6015 lt
= mtod(m
, struct sadb_lifetime
*);
6016 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
6017 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
6018 lt
->sadb_lifetime_allocations
= sav
->lft_c
->sadb_lifetime_allocations
;
6019 lt
->sadb_lifetime_bytes
= sav
->lft_c
->sadb_lifetime_bytes
;
6020 lt
->sadb_lifetime_addtime
= sav
->lft_c
->sadb_lifetime_addtime
;
6021 lt
->sadb_lifetime_usetime
= sav
->lft_c
->sadb_lifetime_usetime
;
6022 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
6023 bcopy(sav
->lft_s
, lt
, sizeof(*lt
));
6026 /* set sadb_address for source */
6027 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
6028 &sav
->sah
->saidx
.src
.sa
,
6029 FULLMASK
, IPSEC_ULPROTO_ANY
);
6036 /* set sadb_address for destination */
6037 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
6038 &sav
->sah
->saidx
.dst
.sa
,
6039 FULLMASK
, IPSEC_ULPROTO_ANY
);
6046 if ((result
->m_flags
& M_PKTHDR
) == 0) {
6051 if (result
->m_len
< sizeof(struct sadb_msg
)) {
6052 result
= m_pullup(result
, sizeof(struct sadb_msg
));
6053 if (result
== NULL
) {
6058 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
6059 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
6060 PFKEY_UNIT64(result
->m_pkthdr
.len
);
6063 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
6073 * SADB_FLUSH processing
6076 * from the ikmpd, and free all entries in secastree.
6080 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6082 * m will always be freed.
6085 key_flush(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6087 struct sadb_msg
*newmsg
;
6088 struct secashead
*sah
;
6093 if (so
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6094 panic("key_flush: NULL pointer is passed.\n");
6096 /* map satype to proto */
6097 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6098 ipseclog((LOG_DEBUG
, "key_flush: invalid satype is passed.\n"));
6099 return key_senderror(so
, m
, EINVAL
);
6102 /* no SATYPE specified, i.e. flushing all SA. */
6103 LIST_FOREACH(sah
, &sahtree
, chain
) {
6104 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
&&
6105 proto
!= sah
->saidx
.proto
)
6108 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
6110 struct secasvar
*sav
, *nextsav
;
6111 u_int8_t state
= saorder_state_any
[stateidx
];
6113 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
,
6115 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6120 sah
->state
= SADB_SASTATE_DEAD
;
6123 if (m
->m_len
< sizeof(struct sadb_msg
) ||
6124 sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
6125 ipseclog((LOG_DEBUG
, "key_flush: No more memory.\n"));
6126 return key_senderror(so
, m
, ENOBUFS
);
6132 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct sadb_msg
);
6133 newmsg
= mtod(m
, struct sadb_msg
*);
6134 newmsg
->sadb_msg_errno
= 0;
6135 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
6137 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6141 * SADB_DUMP processing
6142 * dump all entries including status of DEAD in SAD.
6145 * from the ikmpd, and dump all secasvar leaves
6150 * m will always be freed.
6153 key_dump(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6155 struct secashead
*sah
;
6156 struct secasvar
*sav
;
6162 struct sadb_msg
*newmsg
;
6166 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6167 panic("key_dump: NULL pointer is passed.\n");
6169 /* map satype to proto */
6170 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6171 ipseclog((LOG_DEBUG
, "key_dump: invalid satype is passed.\n"));
6172 return key_senderror(so
, m
, EINVAL
);
6175 /* count sav entries to be sent to the userland. */
6177 LIST_FOREACH(sah
, &sahtree
, chain
) {
6178 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
&&
6179 proto
!= sah
->saidx
.proto
)
6182 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
6184 state
= saorder_state_any
[stateidx
];
6185 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
6192 return key_senderror(so
, m
, ENOENT
);
6194 /* send this to the userland, one at a time. */
6196 LIST_FOREACH(sah
, &sahtree
, chain
) {
6197 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
6198 && proto
!= sah
->saidx
.proto
)
6201 /* map proto to satype */
6202 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
6203 ipseclog((LOG_DEBUG
, "key_dump: there was invalid proto in SAD.\n"));
6204 return key_senderror(so
, m
, EINVAL
);
6207 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
6209 state
= saorder_state_any
[stateidx
];
6210 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
6211 n
= key_setdumpsa(sav
, SADB_DUMP
, satype
,
6212 --cnt
, mhp
->msg
->sadb_msg_pid
);
6214 return key_senderror(so
, m
, ENOBUFS
);
6216 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
6226 * SADB_X_PROMISC processing
6228 * m will always be freed.
6231 key_promisc(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6236 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6237 panic("key_promisc: NULL pointer is passed.\n");
6239 olen
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
6241 if (olen
< sizeof(struct sadb_msg
)) {
6243 return key_senderror(so
, m
, EINVAL
);
6248 } else if (olen
== sizeof(struct sadb_msg
)) {
6249 /* enable/disable promisc mode */
6252 if ((kp
= (struct keycb
*)sotorawcb(so
)) == NULL
)
6253 return key_senderror(so
, m
, EINVAL
);
6254 mhp
->msg
->sadb_msg_errno
= 0;
6255 switch (mhp
->msg
->sadb_msg_satype
) {
6258 kp
->kp_promisc
= mhp
->msg
->sadb_msg_satype
;
6261 return key_senderror(so
, m
, EINVAL
);
6264 /* send the original message back to everyone */
6265 mhp
->msg
->sadb_msg_errno
= 0;
6266 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6268 /* send packet as is */
6270 m_adj(m
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)));
6272 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6273 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6277 static int (*key_typesw
[]) (struct socket
*, struct mbuf
*,
6278 const struct sadb_msghdr
*) = {
6279 NULL
, /* SADB_RESERVED */
6280 key_getspi
, /* SADB_GETSPI */
6281 key_update
, /* SADB_UPDATE */
6282 key_add
, /* SADB_ADD */
6283 key_delete
, /* SADB_DELETE */
6284 key_get
, /* SADB_GET */
6285 key_acquire2
, /* SADB_ACQUIRE */
6286 key_register
, /* SADB_REGISTER */
6287 NULL
, /* SADB_EXPIRE */
6288 key_flush
, /* SADB_FLUSH */
6289 key_dump
, /* SADB_DUMP */
6290 key_promisc
, /* SADB_X_PROMISC */
6291 NULL
, /* SADB_X_PCHANGE */
6292 key_spdadd
, /* SADB_X_SPDUPDATE */
6293 key_spdadd
, /* SADB_X_SPDADD */
6294 key_spddelete
, /* SADB_X_SPDDELETE */
6295 key_spdget
, /* SADB_X_SPDGET */
6296 NULL
, /* SADB_X_SPDACQUIRE */
6297 key_spddump
, /* SADB_X_SPDDUMP */
6298 key_spdflush
, /* SADB_X_SPDFLUSH */
6299 key_spdadd
, /* SADB_X_SPDSETIDX */
6300 NULL
, /* SADB_X_SPDEXPIRE */
6301 key_spddelete2
, /* SADB_X_SPDDELETE2 */
6305 * parse sadb_msg buffer to process PFKEYv2,
6306 * and create a data to response if needed.
6307 * I think to be dealed with mbuf directly.
6309 * msgp : pointer to pointer to a received buffer pulluped.
6310 * This is rewrited to response.
6311 * so : pointer to socket.
6313 * length for buffer to send to user process.
6316 key_parse(struct mbuf
*m
, struct socket
*so
)
6318 struct sadb_msg
*msg
;
6319 struct sadb_msghdr mh
;
6325 if (m
== NULL
|| so
== NULL
)
6326 panic("key_parse: NULL pointer is passed.\n");
6328 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6329 KEYDEBUG(KEYDEBUG_KEY_DUMP
,
6330 ipseclog((LOG_DEBUG
, "key_parse: passed sadb_msg\n"));
6334 if (m
->m_len
< sizeof(struct sadb_msg
)) {
6335 m
= m_pullup(m
, sizeof(struct sadb_msg
));
6339 msg
= mtod(m
, struct sadb_msg
*);
6340 orglen
= PFKEY_UNUNIT64(msg
->sadb_msg_len
);
6341 target
= KEY_SENDUP_ONE
;
6343 if ((m
->m_flags
& M_PKTHDR
) == 0 ||
6344 m
->m_pkthdr
.len
!= m
->m_pkthdr
.len
) {
6345 ipseclog((LOG_DEBUG
, "key_parse: invalid message length.\n"));
6346 pfkeystat
.out_invlen
++;
6351 if (msg
->sadb_msg_version
!= PF_KEY_V2
) {
6352 ipseclog((LOG_DEBUG
,
6353 "key_parse: PF_KEY version %u is mismatched.\n",
6354 msg
->sadb_msg_version
));
6355 pfkeystat
.out_invver
++;
6360 if (msg
->sadb_msg_type
> SADB_MAX
) {
6361 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
6362 msg
->sadb_msg_type
));
6363 pfkeystat
.out_invmsgtype
++;
6368 /* for old-fashioned code - should be nuked */
6369 if (m
->m_pkthdr
.len
> MCLBYTES
) {
6376 n
= m_getb(m
->m_pkthdr
.len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
6381 m_copydata(m
, 0, m
->m_pkthdr
.len
, mtod(n
, caddr_t
));
6382 n
->m_pkthdr
.len
= n
->m_len
= m
->m_pkthdr
.len
;
6387 /* align the mbuf chain so that extensions are in contiguous region. */
6388 error
= key_align(m
, &mh
);
6395 switch (msg
->sadb_msg_satype
) {
6396 case SADB_SATYPE_UNSPEC
:
6397 switch (msg
->sadb_msg_type
) {
6405 ipseclog((LOG_DEBUG
, "key_parse: must specify satype "
6406 "when msg type=%u.\n", msg
->sadb_msg_type
));
6407 pfkeystat
.out_invsatype
++;
6412 case SADB_SATYPE_AH
:
6413 case SADB_SATYPE_ESP
:
6414 case SADB_X_SATYPE_IPCOMP
:
6415 switch (msg
->sadb_msg_type
) {
6417 case SADB_X_SPDDELETE
:
6419 case SADB_X_SPDDUMP
:
6420 case SADB_X_SPDFLUSH
:
6421 case SADB_X_SPDSETIDX
:
6422 case SADB_X_SPDUPDATE
:
6423 case SADB_X_SPDDELETE2
:
6424 ipseclog((LOG_DEBUG
, "key_parse: illegal satype=%u\n",
6425 msg
->sadb_msg_type
));
6426 pfkeystat
.out_invsatype
++;
6431 case SADB_SATYPE_RSVP
:
6432 case SADB_SATYPE_OSPFV2
:
6433 case SADB_SATYPE_RIPV2
:
6434 case SADB_SATYPE_MIP
:
6435 ipseclog((LOG_DEBUG
, "key_parse: type %u isn't supported.\n",
6436 msg
->sadb_msg_satype
));
6437 pfkeystat
.out_invsatype
++;
6440 case 1: /* XXX: What does it do? */
6441 if (msg
->sadb_msg_type
== SADB_X_PROMISC
)
6445 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
6446 msg
->sadb_msg_satype
));
6447 pfkeystat
.out_invsatype
++;
6452 /* check field of upper layer protocol and address family */
6453 if (mh
.ext
[SADB_EXT_ADDRESS_SRC
] != NULL
6454 && mh
.ext
[SADB_EXT_ADDRESS_DST
] != NULL
) {
6455 struct sadb_address
*src0
, *dst0
;
6458 src0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_SRC
]);
6459 dst0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_DST
]);
6461 /* check upper layer protocol */
6462 if (src0
->sadb_address_proto
!= dst0
->sadb_address_proto
) {
6463 ipseclog((LOG_DEBUG
, "key_parse: upper layer protocol mismatched.\n"));
6464 pfkeystat
.out_invaddr
++;
6470 if (PFKEY_ADDR_SADDR(src0
)->sa_family
!=
6471 PFKEY_ADDR_SADDR(dst0
)->sa_family
) {
6472 ipseclog((LOG_DEBUG
, "key_parse: address family mismatched.\n"));
6473 pfkeystat
.out_invaddr
++;
6477 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6478 PFKEY_ADDR_SADDR(dst0
)->sa_len
) {
6479 ipseclog((LOG_DEBUG
,
6480 "key_parse: address struct size mismatched.\n"));
6481 pfkeystat
.out_invaddr
++;
6486 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
6488 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6489 sizeof(struct sockaddr_in
)) {
6490 pfkeystat
.out_invaddr
++;
6496 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6497 sizeof(struct sockaddr_in6
)) {
6498 pfkeystat
.out_invaddr
++;
6504 ipseclog((LOG_DEBUG
,
6505 "key_parse: unsupported address family.\n"));
6506 pfkeystat
.out_invaddr
++;
6507 error
= EAFNOSUPPORT
;
6511 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
6513 plen
= sizeof(struct in_addr
) << 3;
6516 plen
= sizeof(struct in6_addr
) << 3;
6519 plen
= 0; /*fool gcc*/
6523 /* check max prefix length */
6524 if (src0
->sadb_address_prefixlen
> plen
||
6525 dst0
->sadb_address_prefixlen
> plen
) {
6526 ipseclog((LOG_DEBUG
,
6527 "key_parse: illegal prefixlen.\n"));
6528 pfkeystat
.out_invaddr
++;
6534 * prefixlen == 0 is valid because there can be a case when
6535 * all addresses are matched.
6539 if (msg
->sadb_msg_type
>= sizeof(key_typesw
)/sizeof(key_typesw
[0]) ||
6540 key_typesw
[msg
->sadb_msg_type
] == NULL
) {
6541 pfkeystat
.out_invmsgtype
++;
6546 return (*key_typesw
[msg
->sadb_msg_type
])(so
, m
, &mh
);
6549 msg
->sadb_msg_errno
= error
;
6550 return key_sendup_mbuf(so
, m
, target
);
6554 key_senderror(struct socket
*so
, struct mbuf
*m
, int code
)
6556 struct sadb_msg
*msg
;
6558 if (m
->m_len
< sizeof(struct sadb_msg
))
6559 panic("invalid mbuf passed to key_senderror");
6561 msg
= mtod(m
, struct sadb_msg
*);
6562 msg
->sadb_msg_errno
= code
;
6563 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
6567 * set the pointer to each header into message buffer.
6568 * m will be freed on error.
6569 * XXX larger-than-MCLBYTES extension?
6572 key_align(struct mbuf
*m
, struct sadb_msghdr
*mhp
)
6575 struct sadb_ext
*ext
;
6581 if (m
== NULL
|| mhp
== NULL
)
6582 panic("key_align: NULL pointer is passed.\n");
6583 if (m
->m_len
< sizeof(struct sadb_msg
))
6584 panic("invalid mbuf passed to key_align");
6587 bzero(mhp
, sizeof(*mhp
));
6589 mhp
->msg
= mtod(m
, struct sadb_msg
*);
6590 mhp
->ext
[0] = (struct sadb_ext
*)mhp
->msg
; /*XXX backward compat */
6592 end
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
6593 extlen
= end
; /*just in case extlen is not updated*/
6594 for (off
= sizeof(struct sadb_msg
); off
< end
; off
+= extlen
) {
6595 n
= m_pulldown(m
, off
, sizeof(struct sadb_ext
), &toff
);
6597 /* m is already freed */
6600 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
6603 switch (ext
->sadb_ext_type
) {
6605 case SADB_EXT_ADDRESS_SRC
:
6606 case SADB_EXT_ADDRESS_DST
:
6607 case SADB_EXT_ADDRESS_PROXY
:
6608 case SADB_EXT_LIFETIME_CURRENT
:
6609 case SADB_EXT_LIFETIME_HARD
:
6610 case SADB_EXT_LIFETIME_SOFT
:
6611 case SADB_EXT_KEY_AUTH
:
6612 case SADB_EXT_KEY_ENCRYPT
:
6613 case SADB_EXT_IDENTITY_SRC
:
6614 case SADB_EXT_IDENTITY_DST
:
6615 case SADB_EXT_SENSITIVITY
:
6616 case SADB_EXT_PROPOSAL
:
6617 case SADB_EXT_SUPPORTED_AUTH
:
6618 case SADB_EXT_SUPPORTED_ENCRYPT
:
6619 case SADB_EXT_SPIRANGE
:
6620 case SADB_X_EXT_POLICY
:
6621 case SADB_X_EXT_SA2
:
6622 /* duplicate check */
6624 * XXX Are there duplication payloads of either
6625 * KEY_AUTH or KEY_ENCRYPT ?
6627 if (mhp
->ext
[ext
->sadb_ext_type
] != NULL
) {
6628 ipseclog((LOG_DEBUG
,
6629 "key_align: duplicate ext_type %u "
6630 "is passed.\n", ext
->sadb_ext_type
));
6632 pfkeystat
.out_dupext
++;
6637 ipseclog((LOG_DEBUG
,
6638 "key_align: invalid ext_type %u is passed.\n",
6639 ext
->sadb_ext_type
));
6641 pfkeystat
.out_invexttype
++;
6645 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
6647 if (key_validate_ext(ext
, extlen
)) {
6649 pfkeystat
.out_invlen
++;
6653 n
= m_pulldown(m
, off
, extlen
, &toff
);
6655 /* m is already freed */
6658 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
6660 mhp
->ext
[ext
->sadb_ext_type
] = ext
;
6661 mhp
->extoff
[ext
->sadb_ext_type
] = off
;
6662 mhp
->extlen
[ext
->sadb_ext_type
] = extlen
;
6667 pfkeystat
.out_invlen
++;
6675 key_validate_ext(const struct sadb_ext
*ext
, int len
)
6677 const struct sockaddr
*sa
;
6678 enum { NONE
, ADDR
} checktype
= NONE
;
6680 const int sal
= offsetof(struct sockaddr
, sa_len
) + sizeof(sa
->sa_len
);
6682 if (len
!= PFKEY_UNUNIT64(ext
->sadb_ext_len
))
6685 /* if it does not match minimum/maximum length, bail */
6686 if (ext
->sadb_ext_type
>= sizeof(minsize
) / sizeof(minsize
[0]) ||
6687 ext
->sadb_ext_type
>= sizeof(maxsize
) / sizeof(maxsize
[0]))
6689 if (!minsize
[ext
->sadb_ext_type
] || len
< minsize
[ext
->sadb_ext_type
])
6691 if (maxsize
[ext
->sadb_ext_type
] && len
> maxsize
[ext
->sadb_ext_type
])
6694 /* more checks based on sadb_ext_type XXX need more */
6695 switch (ext
->sadb_ext_type
) {
6696 case SADB_EXT_ADDRESS_SRC
:
6697 case SADB_EXT_ADDRESS_DST
:
6698 case SADB_EXT_ADDRESS_PROXY
:
6699 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_address
));
6702 case SADB_EXT_IDENTITY_SRC
:
6703 case SADB_EXT_IDENTITY_DST
:
6704 if (((const struct sadb_ident
*)ext
)->sadb_ident_type
==
6705 SADB_X_IDENTTYPE_ADDR
) {
6706 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_ident
));
6716 switch (checktype
) {
6720 sa
= (const struct sockaddr
*)(((const u_int8_t
*)ext
)+baselen
);
6721 if (len
< baselen
+ sal
)
6723 if (baselen
+ PFKEY_ALIGN8(sa
->sa_len
) != len
)
6736 for (i
= 0; i
< IPSEC_DIR_MAX
; i
++) {
6737 LIST_INIT(&sptree
[i
]);
6740 LIST_INIT(&sahtree
);
6742 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
6743 LIST_INIT(®tree
[i
]);
6746 #ifndef IPSEC_NONBLOCK_ACQUIRE
6747 LIST_INIT(&acqtree
);
6749 LIST_INIT(&spacqtree
);
6751 /* system default */
6752 ip4_def_policy
.policy
= IPSEC_POLICY_NONE
;
6753 ip4_def_policy
.refcnt
++; /*never reclaim this*/
6755 #ifndef IPSEC_DEBUG2
6756 callout_init(&key_timehandler_ch
);
6757 callout_reset(&key_timehandler_ch
, hz
, key_timehandler
, NULL
);
6758 #endif /*IPSEC_DEBUG2*/
6760 /* initialize key statistics */
6761 keystat
.getspi_count
= 1;
6763 kprintf("IPsec: Initialized Security Association Processing.\n");
6769 * XXX: maybe This function is called after INBOUND IPsec processing.
6771 * Special check for tunnel-mode packets.
6772 * We must make some checks for consistency between inner and outer IP header.
6774 * xxx more checks to be provided
6777 key_checktunnelsanity(struct secasvar
*sav
, u_int family
, caddr_t src
,
6781 if (sav
->sah
== NULL
)
6782 panic("sav->sah == NULL at key_checktunnelsanity");
6784 /* XXX: check inner IP header */
6790 #define hostnamelen strlen(hostname)
6793 * Get FQDN for the host.
6794 * If the administrator configured hostname (by hostname(1)) without
6795 * domain name, returns nothing.
6802 static char fqdn
[MAXHOSTNAMELEN
+ 1];
6807 /* check if it comes with domain name. */
6809 for (i
= 0; i
< hostnamelen
; i
++) {
6810 if (hostname
[i
] == '.')
6816 /* NOTE: hostname may not be NUL-terminated. */
6817 bzero(fqdn
, sizeof(fqdn
));
6818 bcopy(hostname
, fqdn
, hostnamelen
);
6819 fqdn
[hostnamelen
] = '\0';
6824 * get username@FQDN for the host/user.
6827 key_getuserfqdn(void)
6830 static char userfqdn
[MAXHOSTNAMELEN
+ MAXLOGNAME
+ 2];
6831 struct proc
*p
= curproc
;
6834 if (!p
|| !p
->p_pgrp
|| !p
->p_pgrp
->pg_session
)
6836 if (!(host
= key_getfqdn()))
6839 /* NOTE: s_login may not be-NUL terminated. */
6840 bzero(userfqdn
, sizeof(userfqdn
));
6841 bcopy(p
->p_pgrp
->pg_session
->s_login
, userfqdn
, MAXLOGNAME
);
6842 userfqdn
[MAXLOGNAME
] = '\0'; /* safeguard */
6843 q
= userfqdn
+ strlen(userfqdn
);
6845 bcopy(host
, q
, strlen(host
));
6853 /* record data transfer on SA, and update timestamps */
6855 key_sa_recordxfer(struct secasvar
*sav
, struct mbuf
*m
)
6857 KASSERT(sav
!= NULL
, ("key_sa_recordxfer: Null secasvar"));
6858 KASSERT(m
!= NULL
, ("key_sa_recordxfer: Null mbuf"));
6863 * XXX Currently, there is a difference of bytes size
6864 * between inbound and outbound processing.
6866 sav
->lft_c
->sadb_lifetime_bytes
+= m
->m_pkthdr
.len
;
6867 /* to check bytes lifetime is done in key_timehandler(). */
6870 * We use the number of packets as the unit of
6871 * sadb_lifetime_allocations. We increment the variable
6872 * whenever {esp,ah}_{in,out}put is called.
6874 sav
->lft_c
->sadb_lifetime_allocations
++;
6875 /* XXX check for expires? */
6878 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
6879 * in seconds. HARD and SOFT lifetime are measured by the time
6880 * difference (again in seconds) from sadb_lifetime_usetime.
6884 * -----+-----+--------+---> t
6885 * <--------------> HARD
6888 sav
->lft_c
->sadb_lifetime_usetime
= time_second
;
6889 /* XXX check for expires? */
6896 key_sa_routechange(struct sockaddr
*dst
)
6898 struct secashead
*sah
;
6901 LIST_FOREACH(sah
, &sahtree
, chain
) {
6902 ro
= &sah
->sa_route
;
6903 if (ro
->ro_rt
&& dst
->sa_len
== ro
->ro_dst
.sa_len
6904 && bcmp(dst
, &ro
->ro_dst
, dst
->sa_len
) == 0) {
6914 key_sa_chgstate(struct secasvar
*sav
, u_int8_t state
)
6917 panic("key_sa_chgstate called with sav == NULL");
6919 if (sav
->state
== state
)
6922 if (__LIST_CHAINED(sav
))
6923 LIST_REMOVE(sav
, chain
);
6926 LIST_INSERT_HEAD(&sav
->sah
->savtree
[state
], sav
, chain
);
6930 key_sa_stir_iv(struct secasvar
*sav
)
6934 panic("key_sa_stir_iv called with sav == NULL");
6935 key_randomfill(sav
->iv
, sav
->ivlen
);
6939 static struct mbuf
*
6940 key_alloc_mbuf(int l
)
6942 struct mbuf
*m
= NULL
, *n
;
6947 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, 0);
6953 n
->m_len
= M_TRAILINGSPACE(n
);
6954 /* use the bottom of mbuf, hoping we can prepend afterwards */
6955 if (n
->m_len
> len
) {
6956 t
= (n
->m_len
- len
) & ~(sizeof(long) - 1);