1 /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.1 2003/01/24 05:11:35 sam Exp $ */
2 /* $DragonFly: src/sys/netproto/ipsec/key.c,v 1.25 2007/05/13 18:33:58 swildner Exp $ */
3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * This code is referd to RFC 2367
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
42 #include <sys/types.h>
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
47 #include <sys/domain.h>
48 #include <sys/protosw.h>
49 #include <sys/malloc.h>
50 #include <sys/socket.h>
51 #include <sys/socketvar.h>
52 #include <sys/sysctl.h>
53 #include <sys/errno.h>
55 #include <sys/queue.h>
56 #include <sys/syslog.h>
59 #include <net/route.h>
60 #include <net/raw_cb.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <netinet/in_var.h>
68 #include <netinet/ip6.h>
69 #include <netinet6/in6_var.h>
70 #include <netinet6/ip6_var.h>
74 #include <netinet/in_pcb.h>
77 #include <netinet6/in6_pcb.h>
80 #include <net/pfkeyv2.h>
81 #include <netproto/ipsec/keydb.h>
82 #include <netproto/ipsec/key.h>
83 #include <netproto/ipsec/keysock.h>
84 #include <netproto/ipsec/key_debug.h>
86 #include <netproto/ipsec/ipsec.h>
88 #include <netproto/ipsec/ipsec6.h>
91 #include <netproto/ipsec/xform.h>
93 #include <machine/stdarg.h>
96 #include <sys/random.h>
98 #include <net/net_osdep.h>
100 #define FULLMASK 0xff
101 #define _BITS(bytes) ((bytes) << 3)
104 * Note on SA reference counting:
105 * - SAs that are not in DEAD state will have (total external reference + 1)
106 * following value in reference count field. they cannot be freed and are
107 * referenced from SA header.
108 * - SAs that are in DEAD state will have (total external reference)
109 * in reference count field. they are ready to be freed. reference from
110 * SA header will be removed in key_delsav(), when the reference count
111 * field hits 0 (= no external reference other than from SA header.
115 static struct callout key_timehandler_ch
;
117 u_int32_t key_debug_level
= 0;
118 static u_int key_spi_trycnt
= 1000;
119 static u_int32_t key_spi_minval
= 0x100;
120 static u_int32_t key_spi_maxval
= 0x0fffffff; /* XXX */
121 static u_int32_t policy_id
= 0;
122 static u_int key_int_random
= 60; /*interval to initialize randseed,1(m)*/
123 static u_int key_larval_lifetime
= 30; /* interval to expire acquiring, 30(s)*/
124 static int key_blockacq_count
= 10; /* counter for blocking SADB_ACQUIRE.*/
125 static int key_blockacq_lifetime
= 20; /* lifetime for blocking SADB_ACQUIRE.*/
126 static int key_prefered_oldsa
= 1; /* prefered old sa rather than new sa.*/
128 static u_int32_t acq_seq
= 0;
129 static int key_tick_init_random
= 0;
131 static LIST_HEAD(_sptree
, secpolicy
) sptree
[IPSEC_DIR_MAX
]; /* SPD */
132 static LIST_HEAD(_sahtree
, secashead
) sahtree
; /* SAD */
133 static LIST_HEAD(_regtree
, secreg
) regtree
[SADB_SATYPE_MAX
+ 1];
135 #ifndef IPSEC_NONBLOCK_ACQUIRE
136 static LIST_HEAD(_acqtree
, secacq
) acqtree
; /* acquiring list */
138 static LIST_HEAD(_spacqtree
, secspacq
) spacqtree
; /* SP acquiring list */
140 /* search order for SAs */
141 static u_int saorder_state_valid
[] = {
142 SADB_SASTATE_DYING
, SADB_SASTATE_MATURE
,
144 * This order is important because we must select the oldest SA
145 * for outbound processing. For inbound, This is not important.
148 static u_int saorder_state_alive
[] = {
150 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
, SADB_SASTATE_LARVAL
152 static u_int saorder_state_any
[] = {
153 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
154 SADB_SASTATE_LARVAL
, SADB_SASTATE_DEAD
157 static const int minsize
[] = {
158 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
159 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
160 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
161 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
162 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
163 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_SRC */
164 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_DST */
165 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_PROXY */
166 sizeof(struct sadb_key
), /* SADB_EXT_KEY_AUTH */
167 sizeof(struct sadb_key
), /* SADB_EXT_KEY_ENCRYPT */
168 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_SRC */
169 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_DST */
170 sizeof(struct sadb_sens
), /* SADB_EXT_SENSITIVITY */
171 sizeof(struct sadb_prop
), /* SADB_EXT_PROPOSAL */
172 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_AUTH */
173 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_ENCRYPT */
174 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
175 0, /* SADB_X_EXT_KMPRIVATE */
176 sizeof(struct sadb_x_policy
), /* SADB_X_EXT_POLICY */
177 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
179 static const int maxsize
[] = {
180 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
181 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
182 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
183 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
184 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
185 0, /* SADB_EXT_ADDRESS_SRC */
186 0, /* SADB_EXT_ADDRESS_DST */
187 0, /* SADB_EXT_ADDRESS_PROXY */
188 0, /* SADB_EXT_KEY_AUTH */
189 0, /* SADB_EXT_KEY_ENCRYPT */
190 0, /* SADB_EXT_IDENTITY_SRC */
191 0, /* SADB_EXT_IDENTITY_DST */
192 0, /* SADB_EXT_SENSITIVITY */
193 0, /* SADB_EXT_PROPOSAL */
194 0, /* SADB_EXT_SUPPORTED_AUTH */
195 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
196 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
197 0, /* SADB_X_EXT_KMPRIVATE */
198 0, /* SADB_X_EXT_POLICY */
199 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
202 static int ipsec_esp_keymin
= 256;
203 static int ipsec_esp_auth
= 0;
204 static int ipsec_ah_keymin
= 128;
207 SYSCTL_DECL(_net_key
);
210 SYSCTL_INT(_net_key
, KEYCTL_DEBUG_LEVEL
, debug
, CTLFLAG_RW
, \
211 &key_debug_level
, 0, "");
213 /* max count of trial for the decision of spi value */
214 SYSCTL_INT(_net_key
, KEYCTL_SPI_TRY
, spi_trycnt
, CTLFLAG_RW
, \
215 &key_spi_trycnt
, 0, "");
217 /* minimum spi value to allocate automatically. */
218 SYSCTL_INT(_net_key
, KEYCTL_SPI_MIN_VALUE
, spi_minval
, CTLFLAG_RW
, \
219 &key_spi_minval
, 0, "");
221 /* maximun spi value to allocate automatically. */
222 SYSCTL_INT(_net_key
, KEYCTL_SPI_MAX_VALUE
, spi_maxval
, CTLFLAG_RW
, \
223 &key_spi_maxval
, 0, "");
225 /* interval to initialize randseed */
226 SYSCTL_INT(_net_key
, KEYCTL_RANDOM_INT
, int_random
, CTLFLAG_RW
, \
227 &key_int_random
, 0, "");
229 /* lifetime for larval SA */
230 SYSCTL_INT(_net_key
, KEYCTL_LARVAL_LIFETIME
, larval_lifetime
, CTLFLAG_RW
, \
231 &key_larval_lifetime
, 0, "");
233 /* counter for blocking to send SADB_ACQUIRE to IKEd */
234 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_COUNT
, blockacq_count
, CTLFLAG_RW
, \
235 &key_blockacq_count
, 0, "");
237 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
238 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_LIFETIME
, blockacq_lifetime
, CTLFLAG_RW
, \
239 &key_blockacq_lifetime
, 0, "");
242 SYSCTL_INT(_net_key
, KEYCTL_ESP_AUTH
, esp_auth
, CTLFLAG_RW
, \
243 &ipsec_esp_auth
, 0, "");
245 /* minimum ESP key length */
246 SYSCTL_INT(_net_key
, KEYCTL_ESP_KEYMIN
, esp_keymin
, CTLFLAG_RW
, \
247 &ipsec_esp_keymin
, 0, "");
249 /* minimum AH key length */
250 SYSCTL_INT(_net_key
, KEYCTL_AH_KEYMIN
, ah_keymin
, CTLFLAG_RW
, \
251 &ipsec_ah_keymin
, 0, "");
253 /* perfered old SA rather than new SA */
254 SYSCTL_INT(_net_key
, KEYCTL_PREFERED_OLDSA
, prefered_oldsa
, CTLFLAG_RW
,\
255 &key_prefered_oldsa
, 0, "");
257 #define __LIST_CHAINED(elm) \
258 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
259 #define LIST_INSERT_TAIL(head, elm, type, field) \
261 struct type *curelm = LIST_FIRST(head); \
262 if (curelm == NULL) {\
263 LIST_INSERT_HEAD(head, elm, field); \
265 while (LIST_NEXT(curelm, field)) \
266 curelm = LIST_NEXT(curelm, field);\
267 LIST_INSERT_AFTER(curelm, elm, field);\
271 #define KEY_CHKSASTATE(head, sav, name) \
273 if ((head) != (sav)) { \
274 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
275 (name), (head), (sav))); \
280 #define KEY_CHKSPDIR(head, sp, name) \
282 if ((head) != (sp)) { \
283 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
284 "anyway continue.\n", \
285 (name), (head), (sp))); \
289 MALLOC_DEFINE(M_SECA
, "key mgmt", "security associations, key management");
292 #define KMALLOC(p, t, n) \
293 ((p) = (t) kmalloc((unsigned long)(n), M_SECA, M_INTWAIT | M_NULLOK))
295 kfree((caddr_t)(p), M_SECA)
297 #define KMALLOC(p, t, n) \
299 ((p) = (t)kmalloc((unsigned long)(n), M_SECA, M_INTWAIT | M_NULLOK)); \
300 kprintf("%s %d: %p <- KMALLOC(%s, %d)\n", \
301 __FILE__, __LINE__, (p), #t, n); \
306 kprintf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
307 kfree((caddr_t)(p), M_SECA); \
312 * set parameters into secpolicyindex buffer.
313 * Must allocate secpolicyindex buffer passed to this function.
315 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
317 bzero((idx), sizeof(struct secpolicyindex)); \
318 (idx)->dir = (_dir); \
319 (idx)->prefs = (ps); \
320 (idx)->prefd = (pd); \
321 (idx)->ul_proto = (ulp); \
322 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
323 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
327 * set parameters into secasindex buffer.
328 * Must allocate secasindex buffer before calling this function.
330 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
332 bzero((idx), sizeof(struct secasindex)); \
333 (idx)->proto = (p); \
335 (idx)->reqid = (r); \
336 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
337 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
342 u_long getspi_count
; /* the avarage of count to try to get new SPI */
346 struct sadb_msg
*msg
;
347 struct sadb_ext
*ext
[SADB_EXT_MAX
+ 1];
348 int extoff
[SADB_EXT_MAX
+ 1];
349 int extlen
[SADB_EXT_MAX
+ 1];
352 static struct secasvar
*key_allocsa_policy (const struct secasindex
*);
353 static void key_freesp_so (struct secpolicy
**);
354 static struct secasvar
*key_do_allocsa_policy (struct secashead
*, u_int
);
355 static void key_delsp (struct secpolicy
*);
356 static struct secpolicy
*key_getsp (struct secpolicyindex
*);
357 static struct secpolicy
*key_getspbyid (u_int32_t
);
358 static u_int32_t
key_newreqid (void);
359 static struct mbuf
*key_gather_mbuf (struct mbuf
*,
360 const struct sadb_msghdr
*, int, int, ...);
361 static int key_spdadd (struct socket
*, struct mbuf
*,
362 const struct sadb_msghdr
*);
363 static u_int32_t
key_getnewspid (void);
364 static int key_spddelete (struct socket
*, struct mbuf
*,
365 const struct sadb_msghdr
*);
366 static int key_spddelete2 (struct socket
*, struct mbuf
*,
367 const struct sadb_msghdr
*);
368 static int key_spdget (struct socket
*, struct mbuf
*,
369 const struct sadb_msghdr
*);
370 static int key_spdflush (struct socket
*, struct mbuf
*,
371 const struct sadb_msghdr
*);
372 static int key_spddump (struct socket
*, struct mbuf
*,
373 const struct sadb_msghdr
*);
374 static struct mbuf
*key_setdumpsp (struct secpolicy
*,
375 u_int8_t
, u_int32_t
, u_int32_t
);
376 static u_int
key_getspreqmsglen (struct secpolicy
*);
377 static int key_spdexpire (struct secpolicy
*);
378 static struct secashead
*key_newsah (struct secasindex
*);
379 static void key_delsah (struct secashead
*);
380 static struct secasvar
*key_newsav (struct mbuf
*,
381 const struct sadb_msghdr
*, struct secashead
*, int *,
383 #define KEY_NEWSAV(m, sadb, sah, e) \
384 key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
385 static void key_delsav (struct secasvar
*);
386 static struct secashead
*key_getsah (struct secasindex
*);
387 static struct secasvar
*key_checkspidup (struct secasindex
*, u_int32_t
);
388 static struct secasvar
*key_getsavbyspi (struct secashead
*, u_int32_t
);
389 static int key_setsaval (struct secasvar
*, struct mbuf
*,
390 const struct sadb_msghdr
*);
391 static int key_mature (struct secasvar
*);
392 static struct mbuf
*key_setdumpsa (struct secasvar
*, u_int8_t
,
393 u_int8_t
, u_int32_t
, u_int32_t
);
394 static struct mbuf
*key_setsadbmsg (u_int8_t
, u_int16_t
, u_int8_t
,
395 u_int32_t
, pid_t
, u_int16_t
);
396 static struct mbuf
*key_setsadbsa (struct secasvar
*);
397 static struct mbuf
*key_setsadbaddr (u_int16_t
,
398 const struct sockaddr
*, u_int8_t
, u_int16_t
);
400 static struct mbuf
*key_setsadbident (u_int16_t
, u_int16_t
, caddr_t
,
403 static struct mbuf
*key_setsadbxsa2 (u_int8_t
, u_int32_t
, u_int32_t
);
404 static struct mbuf
*key_setsadbxpolicy (u_int16_t
, u_int8_t
,
406 static void *key_newbuf (const void *, u_int
);
408 static int key_ismyaddr6 (struct sockaddr_in6
*);
411 /* flags for key_cmpsaidx() */
412 #define CMP_HEAD 1 /* protocol, addresses. */
413 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
414 #define CMP_REQID 3 /* additionally HEAD, reaid. */
415 #define CMP_EXACTLY 4 /* all elements. */
416 static int key_cmpsaidx
417 (const struct secasindex
*, const struct secasindex
*, int);
419 static int key_cmpspidx_exactly
420 (struct secpolicyindex
*, struct secpolicyindex
*);
421 static int key_cmpspidx_withmask
422 (struct secpolicyindex
*, struct secpolicyindex
*);
423 static int key_sockaddrcmp (const struct sockaddr
*, const struct sockaddr
*, int);
424 static int key_bbcmp (const void *, const void *, u_int
);
425 static void key_srandom (void);
426 static u_int16_t
key_satype2proto (u_int8_t
);
427 static u_int8_t
key_proto2satype (u_int16_t
);
429 static int key_getspi (struct socket
*, struct mbuf
*,
430 const struct sadb_msghdr
*);
431 static u_int32_t
key_do_getnewspi (struct sadb_spirange
*,
432 struct secasindex
*);
433 static int key_update (struct socket
*, struct mbuf
*,
434 const struct sadb_msghdr
*);
435 #ifdef IPSEC_DOSEQCHECK
436 static struct secasvar
*key_getsavbyseq (struct secashead
*, u_int32_t
);
438 static int key_add (struct socket
*, struct mbuf
*,
439 const struct sadb_msghdr
*);
440 static int key_setident (struct secashead
*, struct mbuf
*,
441 const struct sadb_msghdr
*);
442 static struct mbuf
*key_getmsgbuf_x1 (struct mbuf
*,
443 const struct sadb_msghdr
*);
444 static int key_delete (struct socket
*, struct mbuf
*,
445 const struct sadb_msghdr
*);
446 static int key_get (struct socket
*, struct mbuf
*,
447 const struct sadb_msghdr
*);
449 static void key_getcomb_setlifetime (struct sadb_comb
*);
450 static struct mbuf
*key_getcomb_esp (void);
451 static struct mbuf
*key_getcomb_ah (void);
452 static struct mbuf
*key_getcomb_ipcomp (void);
453 static struct mbuf
*key_getprop (const struct secasindex
*);
455 static int key_acquire (const struct secasindex
*, struct secpolicy
*);
456 #ifndef IPSEC_NONBLOCK_ACQUIRE
457 static struct secacq
*key_newacq (const struct secasindex
*);
458 static struct secacq
*key_getacq (const struct secasindex
*);
459 static struct secacq
*key_getacqbyseq (u_int32_t
);
461 static struct secspacq
*key_newspacq (struct secpolicyindex
*);
462 static struct secspacq
*key_getspacq (struct secpolicyindex
*);
463 static int key_acquire2 (struct socket
*, struct mbuf
*,
464 const struct sadb_msghdr
*);
465 static int key_register (struct socket
*, struct mbuf
*,
466 const struct sadb_msghdr
*);
467 static int key_expire (struct secasvar
*);
468 static int key_flush (struct socket
*, struct mbuf
*,
469 const struct sadb_msghdr
*);
470 static int key_dump (struct socket
*, struct mbuf
*,
471 const struct sadb_msghdr
*);
472 static int key_promisc (struct socket
*, struct mbuf
*,
473 const struct sadb_msghdr
*);
474 static int key_senderror (struct socket
*, struct mbuf
*, int);
475 static int key_validate_ext (const struct sadb_ext
*, int);
476 static int key_align (struct mbuf
*, struct sadb_msghdr
*);
478 static const char *key_getfqdn (void);
479 static const char *key_getuserfqdn (void);
481 static void key_sa_chgstate (struct secasvar
*, u_int8_t
);
482 static struct mbuf
*key_alloc_mbuf (int);
484 #define SA_ADDREF(p) do { \
486 KASSERT((p)->refcnt != 0, \
487 ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \
489 #define SA_DELREF(p) do { \
490 KASSERT((p)->refcnt > 0, \
491 ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \
495 #define SP_ADDREF(p) do { \
497 KASSERT((p)->refcnt != 0, \
498 ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \
500 #define SP_DELREF(p) do { \
501 KASSERT((p)->refcnt > 0, \
502 ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \
507 * Return 0 when there are known to be no SP's for the specified
508 * direction. Otherwise return 1. This is used by IPsec code
509 * to optimize performance.
512 key_havesp(u_int dir
)
514 return (dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
?
515 LIST_FIRST(&sptree
[dir
]) != NULL
: 1);
518 /* %%% IPsec policy management */
520 * allocating a SP for OUTBOUND or INBOUND packet.
521 * Must call key_freesp() later.
522 * OUT: NULL: not found
523 * others: found and return the pointer.
526 key_allocsp(struct secpolicyindex
*spidx
, u_int dir
, const char* where
, int tag
)
528 struct secpolicy
*sp
;
531 KASSERT(spidx
!= NULL
, ("key_allocsp: null spidx"));
532 KASSERT(dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
,
533 ("key_allocsp: invalid direction %u", dir
));
535 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
536 kprintf("DP key_allocsp from %s:%u\n", where
, tag
));
540 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
541 kprintf("*** objects\n"); kdebug_secpolicyindex(spidx
));
543 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
544 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
545 kprintf("*** in SPD\n");
546 kdebug_secpolicyindex(&sp
->spidx
));
548 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
550 if (key_cmpspidx_withmask(&sp
->spidx
, spidx
))
557 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp");
559 /* found a SPD entry */
560 sp
->lastused
= time_second
;
565 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
566 kprintf("DP key_allocsp return SP:%p (ID=%u) refcnt %u\n",
567 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
572 * allocating a SP for OUTBOUND or INBOUND packet.
573 * Must call key_freesp() later.
574 * OUT: NULL: not found
575 * others: found and return the pointer.
578 key_allocsp2(u_int32_t spi
,
579 union sockaddr_union
*dst
,
582 const char* where
, int tag
)
584 struct secpolicy
*sp
;
587 KASSERT(dst
!= NULL
, ("key_allocsp2: null dst"));
588 KASSERT(dir
== IPSEC_DIR_INBOUND
|| dir
== IPSEC_DIR_OUTBOUND
,
589 ("key_allocsp2: invalid direction %u", dir
));
591 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
592 kprintf("DP key_allocsp2 from %s:%u\n", where
, tag
));
596 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
597 kprintf("*** objects\n");
598 kprintf("spi %u proto %u dir %u\n", spi
, proto
, dir
);
599 kdebug_sockaddr(&dst
->sa
));
601 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
602 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
603 kprintf("*** in SPD\n");
604 kdebug_secpolicyindex(&sp
->spidx
));
606 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
608 /* compare simple values, then dst address */
609 if (sp
->spidx
.ul_proto
!= proto
)
611 /* NB: spi's must exist and match */
612 if (!sp
->req
|| !sp
->req
->sav
|| sp
->req
->sav
->spi
!= spi
)
614 if (key_sockaddrcmp(&sp
->spidx
.dst
.sa
, &dst
->sa
, 1) == 0)
621 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp2");
623 /* found a SPD entry */
624 sp
->lastused
= time_second
;
629 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
630 kprintf("DP key_allocsp2 return SP:%p (ID=%u) refcnt %u\n",
631 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
636 * return a policy that matches this particular inbound packet.
640 key_gettunnel(const struct sockaddr
*osrc
,
641 const struct sockaddr
*odst
,
642 const struct sockaddr
*isrc
,
643 const struct sockaddr
*idst
,
644 const char* where
, int tag
)
646 struct secpolicy
*sp
;
647 const int dir
= IPSEC_DIR_INBOUND
;
649 struct ipsecrequest
*r1
, *r2
, *p
;
650 struct secpolicyindex spidx
;
652 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
653 kprintf("DP key_gettunnel from %s:%u\n", where
, tag
));
655 if (isrc
->sa_family
!= idst
->sa_family
) {
656 ipseclog((LOG_ERR
, "protocol family mismatched %d != %d\n.",
657 isrc
->sa_family
, idst
->sa_family
));
663 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
664 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
668 for (p
= sp
->req
; p
; p
= p
->next
) {
669 if (p
->saidx
.mode
!= IPSEC_MODE_TUNNEL
)
676 /* here we look at address matches only */
678 if (isrc
->sa_len
> sizeof(spidx
.src
) ||
679 idst
->sa_len
> sizeof(spidx
.dst
))
681 bcopy(isrc
, &spidx
.src
, isrc
->sa_len
);
682 bcopy(idst
, &spidx
.dst
, idst
->sa_len
);
683 if (!key_cmpspidx_withmask(&sp
->spidx
, &spidx
))
686 if (key_sockaddrcmp(&r1
->saidx
.src
.sa
, isrc
, 0) ||
687 key_sockaddrcmp(&r1
->saidx
.dst
.sa
, idst
, 0))
691 if (key_sockaddrcmp(&r2
->saidx
.src
.sa
, osrc
, 0) ||
692 key_sockaddrcmp(&r2
->saidx
.dst
.sa
, odst
, 0))
701 sp
->lastused
= time_second
;
706 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
707 kprintf("DP key_gettunnel return SP:%p (ID=%u) refcnt %u\n",
708 sp
, sp
? sp
->id
: 0, sp
? sp
->refcnt
: 0));
713 * allocating an SA entry for an *OUTBOUND* packet.
714 * checking each request entries in SP, and acquire an SA if need.
715 * OUT: 0: there are valid requests.
716 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
719 key_checkrequest(struct ipsecrequest
*isr
, const struct secasindex
*saidx
)
724 KASSERT(isr
!= NULL
, ("key_checkrequest: null isr"));
725 KASSERT(saidx
!= NULL
, ("key_checkrequest: null saidx"));
726 KASSERT(saidx
->mode
== IPSEC_MODE_TRANSPORT
||
727 saidx
->mode
== IPSEC_MODE_TUNNEL
,
728 ("key_checkrequest: unexpected policy %u", saidx
->mode
));
730 /* get current level */
731 level
= ipsec_get_reqlevel(isr
);
734 * XXX guard against protocol callbacks from the crypto
735 * thread as they reference ipsecrequest.sav which we
736 * temporarily null out below. Need to rethink how we
737 * handle bundled SA's in the callback thread.
741 * We do allocate new SA only if the state of SA in the holder is
742 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
744 if (isr
->sav
!= NULL
) {
745 if (isr
->sav
->sah
== NULL
)
746 panic("key_checkrequest: sah is null.\n");
747 if (isr
->sav
== (struct secasvar
*)LIST_FIRST(
748 &isr
->sav
->sah
->savtree
[SADB_SASTATE_DEAD
])) {
749 KEY_FREESAV(&isr
->sav
);
755 * we free any SA stashed in the IPsec request because a different
756 * SA may be involved each time this request is checked, either
757 * because new SAs are being configured, or this request is
758 * associated with an unconnected datagram socket, or this request
759 * is associated with a system default policy.
761 * The operation may have negative impact to performance. We may
762 * want to check cached SA carefully, rather than picking new SA
765 if (isr
->sav
!= NULL
) {
766 KEY_FREESAV(&isr
->sav
);
772 * new SA allocation if no SA found.
773 * key_allocsa_policy should allocate the oldest SA available.
774 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
776 if (isr
->sav
== NULL
)
777 isr
->sav
= key_allocsa_policy(saidx
);
779 /* When there is SA. */
780 if (isr
->sav
!= NULL
) {
781 if (isr
->sav
->state
!= SADB_SASTATE_MATURE
&&
782 isr
->sav
->state
!= SADB_SASTATE_DYING
)
788 error
= key_acquire(saidx
, isr
->sp
);
790 /* XXX What should I do ? */
791 ipseclog((LOG_DEBUG
, "key_checkrequest: error %d returned "
792 "from key_acquire.\n", error
));
796 if (level
!= IPSEC_LEVEL_REQUIRE
) {
797 /* XXX sigh, the interface to this routine is botched */
798 KASSERT(isr
->sav
== NULL
, ("key_checkrequest: unexpected SA"));
806 * allocating a SA for policy entry from SAD.
807 * NOTE: searching SAD of aliving state.
808 * OUT: NULL: not found.
809 * others: found and return the pointer.
811 static struct secasvar
*
812 key_allocsa_policy(const struct secasindex
*saidx
)
814 struct secashead
*sah
;
815 struct secasvar
*sav
;
816 u_int stateidx
, state
;
818 LIST_FOREACH(sah
, &sahtree
, chain
) {
819 if (sah
->state
== SADB_SASTATE_DEAD
)
821 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_MODE_REQID
))
829 /* search valid state */
831 stateidx
< _ARRAYLEN(saorder_state_valid
);
834 state
= saorder_state_valid
[stateidx
];
836 sav
= key_do_allocsa_policy(sah
, state
);
845 * searching SAD with direction, protocol, mode and state.
846 * called by key_allocsa_policy().
849 * others : found, pointer to a SA.
851 static struct secasvar
*
852 key_do_allocsa_policy(struct secashead
*sah
, u_int state
)
854 struct secasvar
*sav
, *nextsav
, *candidate
= NULL
, *d
;
856 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
, nextsav
) {
858 KEY_CHKSASTATE(sav
->state
, state
, "key_do_allocsa_policy");
861 if (candidate
== NULL
) {
866 /* Which SA is the better ? */
869 if (candidate
->lft_c
== NULL
|| sav
->lft_c
== NULL
)
870 panic("key_do_allocsa_policy: "
871 "lifetime_current is NULL.\n");
873 /* What the best method is to compare ? */
874 if (key_prefered_oldsa
) {
875 if (candidate
->lft_c
->sadb_lifetime_addtime
>
876 sav
->lft_c
->sadb_lifetime_addtime
) {
882 /* prefered new sa rather than old sa */
883 if (candidate
->lft_c
->sadb_lifetime_addtime
<
884 sav
->lft_c
->sadb_lifetime_addtime
) {
891 * prepared to delete the SA when there is more
892 * suitable candidate and the lifetime of the SA is not
895 if (d
->lft_c
->sadb_lifetime_addtime
!= 0) {
896 struct mbuf
*m
, *result
;
899 key_sa_chgstate(d
, SADB_SASTATE_DEAD
);
901 KASSERT(d
->refcnt
> 0,
902 ("key_do_allocsa_policy: bogus ref count"));
904 satype
= key_proto2satype(d
->sah
->saidx
.proto
);
908 m
= key_setsadbmsg(SADB_DELETE
, 0, satype
, 0, 0,
914 /* set sadb_address for saidx's. */
915 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
916 &d
->sah
->saidx
.src
.sa
,
917 d
->sah
->saidx
.src
.sa
.sa_len
<< 3,
923 /* set sadb_address for saidx's. */
924 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
925 &d
->sah
->saidx
.dst
.sa
,
926 d
->sah
->saidx
.dst
.sa
.sa_len
<< 3,
932 /* create SA extension */
933 m
= key_setsadbsa(d
);
938 if (result
->m_len
< sizeof(struct sadb_msg
)) {
939 result
= m_pullup(result
,
940 sizeof(struct sadb_msg
));
945 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
946 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
947 PFKEY_UNIT64(result
->m_pkthdr
.len
);
949 if (key_sendup_mbuf(NULL
, result
,
950 KEY_SENDUP_REGISTERED
))
958 SA_ADDREF(candidate
);
959 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
960 kprintf("DP allocsa_policy cause refcnt++:%d SA:%p\n",
961 candidate
->refcnt
, candidate
));
967 * allocating a usable SA entry for a *INBOUND* packet.
968 * Must call key_freesav() later.
969 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
970 * NULL: not found, or error occured.
972 * In the comparison, no source address is used--for RFC2401 conformance.
973 * To quote, from section 4.1:
974 * A security association is uniquely identified by a triple consisting
975 * of a Security Parameter Index (SPI), an IP Destination Address, and a
976 * security protocol (AH or ESP) identifier.
977 * Note that, however, we do need to keep source address in IPsec SA.
978 * IKE specification and PF_KEY specification do assume that we
979 * keep source address in IPsec SA. We see a tricky situation here.
983 union sockaddr_union
*dst
,
986 const char* where
, int tag
)
988 struct secashead
*sah
;
989 struct secasvar
*sav
;
990 u_int stateidx
, state
;
993 KASSERT(dst
!= NULL
, ("key_allocsa: null dst address"));
995 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
996 kprintf("DP key_allocsa from %s:%u\n", where
, tag
));
1000 * XXX: to be checked internal IP header somewhere. Also when
1001 * IPsec tunnel packet is received. But ESP tunnel mode is
1002 * encrypted so we can't check internal IP header.
1005 LIST_FOREACH(sah
, &sahtree
, chain
) {
1006 /* search valid state */
1008 stateidx
< _ARRAYLEN(saorder_state_valid
);
1010 state
= saorder_state_valid
[stateidx
];
1011 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
1013 KEY_CHKSASTATE(sav
->state
, state
, "key_allocsav");
1014 /* do not return entries w/ unusable state */
1015 if (sav
->state
!= SADB_SASTATE_MATURE
&&
1016 sav
->state
!= SADB_SASTATE_DYING
)
1018 if (proto
!= sav
->sah
->saidx
.proto
)
1020 if (spi
!= sav
->spi
)
1022 #if 0 /* don't check src */
1023 /* check src address */
1024 if (key_sockaddrcmp(&src
->sa
, &sav
->sah
->saidx
.src
.sa
, 0) != 0)
1027 /* check dst address */
1028 if (key_sockaddrcmp(&dst
->sa
, &sav
->sah
->saidx
.dst
.sa
, 0) != 0)
1039 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1040 kprintf("DP key_allocsa return SA:%p; refcnt %u\n",
1041 sav
, sav
? sav
->refcnt
: 0));
1046 * Must be called after calling key_allocsp().
1047 * For both the packet without socket and key_freeso().
1050 _key_freesp(struct secpolicy
**spp
, const char* where
, int tag
)
1052 struct secpolicy
*sp
= *spp
;
1054 KASSERT(sp
!= NULL
, ("key_freesp: null sp"));
1058 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1059 kprintf("DP key_freesp SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
1060 sp
, sp
->id
, where
, tag
, sp
->refcnt
));
1062 if (sp
->refcnt
== 0) {
1069 * Must be called after calling key_allocsp().
1070 * For the packet with socket.
1073 key_freeso(struct socket
*so
)
1076 KASSERT(so
!= NULL
, ("key_freeso: null so"));
1078 switch (so
->so_proto
->pr_domain
->dom_family
) {
1082 struct inpcb
*pcb
= so
->so_pcb
;
1084 /* Does it have a PCB ? */
1087 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1088 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1095 #ifdef HAVE_NRL_INPCB
1096 struct inpcb
*pcb
= so
->so_pcb
;
1098 /* Does it have a PCB ? */
1101 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1102 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1104 struct in6pcb
*pcb
= so
->so_pcb
;
1106 /* Does it have a PCB ? */
1109 key_freesp_so(&pcb
->in6p_sp
->sp_in
);
1110 key_freesp_so(&pcb
->in6p_sp
->sp_out
);
1116 ipseclog((LOG_DEBUG
, "key_freeso: unknown address family=%d.\n",
1117 so
->so_proto
->pr_domain
->dom_family
));
1123 key_freesp_so(struct secpolicy
**sp
)
1125 KASSERT(sp
!= NULL
&& *sp
!= NULL
, ("key_freesp_so: null sp"));
1127 if ((*sp
)->policy
== IPSEC_POLICY_ENTRUST
||
1128 (*sp
)->policy
== IPSEC_POLICY_BYPASS
)
1131 KASSERT((*sp
)->policy
== IPSEC_POLICY_IPSEC
,
1132 ("key_freesp_so: invalid policy %u", (*sp
)->policy
));
1137 * Must be called after calling key_allocsa().
1138 * This function is called by key_freesp() to free some SA allocated
1142 key_freesav(struct secasvar
**psav
, const char* where
, int tag
)
1144 struct secasvar
*sav
= *psav
;
1146 KASSERT(sav
!= NULL
, ("key_freesav: null sav"));
1150 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1151 kprintf("DP key_freesav SA:%p (SPI %u) from %s:%u; refcnt now %u\n",
1152 sav
, ntohl(sav
->spi
), where
, tag
, sav
->refcnt
));
1154 if (sav
->refcnt
== 0) {
1160 /* %%% SPD management */
1162 * free security policy entry.
1165 key_delsp(struct secpolicy
*sp
)
1169 KASSERT(sp
!= NULL
, ("key_delsp: null sp"));
1171 sp
->state
= IPSEC_SPSTATE_DEAD
;
1173 KASSERT(sp
->refcnt
== 0,
1174 ("key_delsp: SP with references deleted (refcnt %u)",
1178 /* remove from SP index */
1179 if (__LIST_CHAINED(sp
))
1180 LIST_REMOVE(sp
, chain
);
1183 struct ipsecrequest
*isr
= sp
->req
, *nextisr
;
1185 while (isr
!= NULL
) {
1186 if (isr
->sav
!= NULL
) {
1187 KEY_FREESAV(&isr
->sav
);
1191 nextisr
= isr
->next
;
1204 * OUT: NULL : not found
1205 * others : found, pointer to a SP.
1207 static struct secpolicy
*
1208 key_getsp(struct secpolicyindex
*spidx
)
1210 struct secpolicy
*sp
;
1212 KASSERT(spidx
!= NULL
, ("key_getsp: null spidx"));
1214 LIST_FOREACH(sp
, &sptree
[spidx
->dir
], chain
) {
1215 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1217 if (key_cmpspidx_exactly(spidx
, &sp
->spidx
)) {
1228 * OUT: NULL : not found
1229 * others : found, pointer to a SP.
1231 static struct secpolicy
*
1232 key_getspbyid(u_int32_t id
)
1234 struct secpolicy
*sp
;
1236 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_INBOUND
], chain
) {
1237 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1245 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_OUTBOUND
], chain
) {
1246 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1258 key_newsp(const char* where
, int tag
)
1260 struct secpolicy
*newsp
= NULL
;
1262 newsp
= kmalloc(sizeof(struct secpolicy
), M_SECA
,
1263 M_INTWAIT
| M_ZERO
| M_NULLOK
);
1269 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1270 kprintf("DP key_newsp from %s:%u return SP:%p\n",
1271 where
, tag
, newsp
));
1276 * create secpolicy structure from sadb_x_policy structure.
1277 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1278 * so must be set properly later.
1281 key_msg2sp(struct sadb_x_policy
*xpl0
, size_t len
, int *error
)
1283 struct secpolicy
*newsp
;
1287 panic("key_msg2sp: NULL pointer was passed.\n");
1288 if (len
< sizeof(*xpl0
))
1289 panic("key_msg2sp: invalid length.\n");
1290 if (len
!= PFKEY_EXTLEN(xpl0
)) {
1291 ipseclog((LOG_DEBUG
, "key_msg2sp: Invalid msg length.\n"));
1296 if ((newsp
= KEY_NEWSP()) == NULL
) {
1301 newsp
->spidx
.dir
= xpl0
->sadb_x_policy_dir
;
1302 newsp
->policy
= xpl0
->sadb_x_policy_type
;
1305 switch (xpl0
->sadb_x_policy_type
) {
1306 case IPSEC_POLICY_DISCARD
:
1307 case IPSEC_POLICY_NONE
:
1308 case IPSEC_POLICY_ENTRUST
:
1309 case IPSEC_POLICY_BYPASS
:
1313 case IPSEC_POLICY_IPSEC
:
1316 struct sadb_x_ipsecrequest
*xisr
;
1317 struct ipsecrequest
**p_isr
= &newsp
->req
;
1319 /* validity check */
1320 if (PFKEY_EXTLEN(xpl0
) < sizeof(*xpl0
)) {
1321 ipseclog((LOG_DEBUG
,
1322 "key_msg2sp: Invalid msg length.\n"));
1328 tlen
= PFKEY_EXTLEN(xpl0
) - sizeof(*xpl0
);
1329 xisr
= (struct sadb_x_ipsecrequest
*)(xpl0
+ 1);
1333 if (xisr
->sadb_x_ipsecrequest_len
< sizeof(*xisr
)) {
1334 ipseclog((LOG_DEBUG
, "key_msg2sp: "
1335 "invalid ipsecrequest length.\n"));
1341 /* allocate request buffer */
1342 KMALLOC(*p_isr
, struct ipsecrequest
*, sizeof(**p_isr
));
1343 if ((*p_isr
) == NULL
) {
1344 ipseclog((LOG_DEBUG
,
1345 "key_msg2sp: No more memory.\n"));
1350 bzero(*p_isr
, sizeof(**p_isr
));
1353 (*p_isr
)->next
= NULL
;
1355 switch (xisr
->sadb_x_ipsecrequest_proto
) {
1358 case IPPROTO_IPCOMP
:
1361 ipseclog((LOG_DEBUG
,
1362 "key_msg2sp: invalid proto type=%u\n",
1363 xisr
->sadb_x_ipsecrequest_proto
));
1365 *error
= EPROTONOSUPPORT
;
1368 (*p_isr
)->saidx
.proto
= xisr
->sadb_x_ipsecrequest_proto
;
1370 switch (xisr
->sadb_x_ipsecrequest_mode
) {
1371 case IPSEC_MODE_TRANSPORT
:
1372 case IPSEC_MODE_TUNNEL
:
1374 case IPSEC_MODE_ANY
:
1376 ipseclog((LOG_DEBUG
,
1377 "key_msg2sp: invalid mode=%u\n",
1378 xisr
->sadb_x_ipsecrequest_mode
));
1383 (*p_isr
)->saidx
.mode
= xisr
->sadb_x_ipsecrequest_mode
;
1385 switch (xisr
->sadb_x_ipsecrequest_level
) {
1386 case IPSEC_LEVEL_DEFAULT
:
1387 case IPSEC_LEVEL_USE
:
1388 case IPSEC_LEVEL_REQUIRE
:
1390 case IPSEC_LEVEL_UNIQUE
:
1391 /* validity check */
1393 * If range violation of reqid, kernel will
1394 * update it, don't refuse it.
1396 if (xisr
->sadb_x_ipsecrequest_reqid
1397 > IPSEC_MANUAL_REQID_MAX
) {
1398 ipseclog((LOG_DEBUG
,
1399 "key_msg2sp: reqid=%d range "
1400 "violation, updated by kernel.\n",
1401 xisr
->sadb_x_ipsecrequest_reqid
));
1402 xisr
->sadb_x_ipsecrequest_reqid
= 0;
1405 /* allocate new reqid id if reqid is zero. */
1406 if (xisr
->sadb_x_ipsecrequest_reqid
== 0) {
1408 if ((reqid
= key_newreqid()) == 0) {
1413 (*p_isr
)->saidx
.reqid
= reqid
;
1414 xisr
->sadb_x_ipsecrequest_reqid
= reqid
;
1416 /* set it for manual keying. */
1417 (*p_isr
)->saidx
.reqid
=
1418 xisr
->sadb_x_ipsecrequest_reqid
;
1423 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid level=%u\n",
1424 xisr
->sadb_x_ipsecrequest_level
));
1429 (*p_isr
)->level
= xisr
->sadb_x_ipsecrequest_level
;
1431 /* set IP addresses if there */
1432 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
1433 struct sockaddr
*paddr
;
1435 paddr
= (struct sockaddr
*)(xisr
+ 1);
1437 /* validity check */
1439 > sizeof((*p_isr
)->saidx
.src
)) {
1440 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1441 "address length.\n"));
1446 bcopy(paddr
, &(*p_isr
)->saidx
.src
,
1449 paddr
= (struct sockaddr
*)((caddr_t
)paddr
1452 /* validity check */
1454 > sizeof((*p_isr
)->saidx
.dst
)) {
1455 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1456 "address length.\n"));
1461 bcopy(paddr
, &(*p_isr
)->saidx
.dst
,
1465 (*p_isr
)->sav
= NULL
;
1466 (*p_isr
)->sp
= newsp
;
1468 /* initialization for the next. */
1469 p_isr
= &(*p_isr
)->next
;
1470 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
1472 /* validity check */
1474 ipseclog((LOG_DEBUG
, "key_msg2sp: becoming tlen < 0.\n"));
1480 xisr
= (struct sadb_x_ipsecrequest
*)((caddr_t
)xisr
1481 + xisr
->sadb_x_ipsecrequest_len
);
1486 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid policy type.\n"));
1499 static u_int32_t auto_reqid
= IPSEC_MANUAL_REQID_MAX
+ 1;
1501 auto_reqid
= (auto_reqid
== ~0
1502 ? IPSEC_MANUAL_REQID_MAX
+ 1 : auto_reqid
+ 1);
1504 /* XXX should be unique check */
1510 * copy secpolicy struct to sadb_x_policy structure indicated.
1513 key_sp2msg(struct secpolicy
*sp
)
1515 struct sadb_x_policy
*xpl
;
1522 panic("key_sp2msg: NULL pointer was passed.\n");
1524 tlen
= key_getspreqmsglen(sp
);
1526 m
= key_alloc_mbuf(tlen
);
1527 if (!m
|| m
->m_next
) { /*XXX*/
1535 xpl
= mtod(m
, struct sadb_x_policy
*);
1538 xpl
->sadb_x_policy_len
= PFKEY_UNIT64(tlen
);
1539 xpl
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
1540 xpl
->sadb_x_policy_type
= sp
->policy
;
1541 xpl
->sadb_x_policy_dir
= sp
->spidx
.dir
;
1542 xpl
->sadb_x_policy_id
= sp
->id
;
1543 p
= (caddr_t
)xpl
+ sizeof(*xpl
);
1545 /* if is the policy for ipsec ? */
1546 if (sp
->policy
== IPSEC_POLICY_IPSEC
) {
1547 struct sadb_x_ipsecrequest
*xisr
;
1548 struct ipsecrequest
*isr
;
1550 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
1552 xisr
= (struct sadb_x_ipsecrequest
*)p
;
1554 xisr
->sadb_x_ipsecrequest_proto
= isr
->saidx
.proto
;
1555 xisr
->sadb_x_ipsecrequest_mode
= isr
->saidx
.mode
;
1556 xisr
->sadb_x_ipsecrequest_level
= isr
->level
;
1557 xisr
->sadb_x_ipsecrequest_reqid
= isr
->saidx
.reqid
;
1560 bcopy(&isr
->saidx
.src
, p
, isr
->saidx
.src
.sa
.sa_len
);
1561 p
+= isr
->saidx
.src
.sa
.sa_len
;
1562 bcopy(&isr
->saidx
.dst
, p
, isr
->saidx
.dst
.sa
.sa_len
);
1563 p
+= isr
->saidx
.src
.sa
.sa_len
;
1565 xisr
->sadb_x_ipsecrequest_len
=
1566 PFKEY_ALIGN8(sizeof(*xisr
)
1567 + isr
->saidx
.src
.sa
.sa_len
1568 + isr
->saidx
.dst
.sa
.sa_len
);
1575 /* m will not be freed nor modified */
1576 static struct mbuf
*
1577 key_gather_mbuf(struct mbuf
*m
, const struct sadb_msghdr
*mhp
,
1578 int ndeep
, int nitem
, ...)
1583 struct mbuf
*result
= NULL
, *n
;
1586 if (m
== NULL
|| mhp
== NULL
)
1587 panic("null pointer passed to key_gather");
1589 __va_start(ap
, nitem
);
1590 for (i
= 0; i
< nitem
; i
++) {
1591 idx
= __va_arg(ap
, int);
1592 if (idx
< 0 || idx
> SADB_EXT_MAX
)
1594 /* don't attempt to pull empty extension */
1595 if (idx
== SADB_EXT_RESERVED
&& mhp
->msg
== NULL
)
1597 if (idx
!= SADB_EXT_RESERVED
&&
1598 (mhp
->ext
[idx
] == NULL
|| mhp
->extlen
[idx
] == 0))
1601 if (idx
== SADB_EXT_RESERVED
) {
1602 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
1605 panic("assumption failed");
1607 MGETHDR(n
, MB_DONTWAIT
, MT_DATA
);
1612 m_copydata(m
, 0, sizeof(struct sadb_msg
),
1614 } else if (i
< ndeep
) {
1615 len
= mhp
->extlen
[idx
];
1616 n
= key_alloc_mbuf(len
);
1617 if (!n
|| n
->m_next
) { /*XXX*/
1622 m_copydata(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1625 n
= m_copym(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1638 if (result
->m_flags
& M_PKTHDR
)
1639 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
1649 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1650 * add an entry to SP database, when received
1651 * <base, address(SD), (lifetime(H),) policy>
1653 * Adding to SP database,
1655 * <base, address(SD), (lifetime(H),) policy>
1656 * to the socket which was send.
1658 * SPDADD set a unique policy entry.
1659 * SPDSETIDX like SPDADD without a part of policy requests.
1660 * SPDUPDATE replace a unique policy entry.
1662 * m will always be freed.
1665 key_spdadd(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
1667 struct sadb_address
*src0
, *dst0
;
1668 struct sadb_x_policy
*xpl0
, *xpl
;
1669 struct sadb_lifetime
*lft
= NULL
;
1670 struct secpolicyindex spidx
;
1671 struct secpolicy
*newsp
;
1672 struct sockaddr
*saddr
, *daddr
;
1676 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
1677 panic("key_spdadd: NULL pointer is passed.\n");
1679 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
1680 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
1681 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
1682 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1683 return key_senderror(so
, m
, EINVAL
);
1685 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
1686 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
1687 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
1688 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1689 return key_senderror(so
, m
, EINVAL
);
1691 if (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
) {
1692 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
]
1693 < sizeof(struct sadb_lifetime
)) {
1694 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1695 return key_senderror(so
, m
, EINVAL
);
1697 lft
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
1700 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
1701 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
1702 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
1705 /* XXX boundary check against sa_len */
1706 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1709 src0
->sadb_address_prefixlen
,
1710 dst0
->sadb_address_prefixlen
,
1711 src0
->sadb_address_proto
,
1714 /* checking the direciton. */
1715 switch (xpl0
->sadb_x_policy_dir
) {
1716 case IPSEC_DIR_INBOUND
:
1717 case IPSEC_DIR_OUTBOUND
:
1720 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid SP direction.\n"));
1721 mhp
->msg
->sadb_msg_errno
= EINVAL
;
1726 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1727 if (xpl0
->sadb_x_policy_type
== IPSEC_POLICY_ENTRUST
1728 || xpl0
->sadb_x_policy_type
== IPSEC_POLICY_BYPASS
) {
1729 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid policy type.\n"));
1730 return key_senderror(so
, m
, EINVAL
);
1733 /* policy requests are mandatory when action is ipsec. */
1734 if (mhp
->msg
->sadb_msg_type
!= SADB_X_SPDSETIDX
1735 && xpl0
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
1736 && mhp
->extlen
[SADB_X_EXT_POLICY
] <= sizeof(*xpl0
)) {
1737 ipseclog((LOG_DEBUG
, "key_spdadd: some policy requests part required.\n"));
1738 return key_senderror(so
, m
, EINVAL
);
1742 * checking there is SP already or not.
1743 * SPDUPDATE doesn't depend on whether there is a SP or not.
1744 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1747 newsp
= key_getsp(&spidx
);
1748 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
1750 newsp
->state
= IPSEC_SPSTATE_DEAD
;
1754 if (newsp
!= NULL
) {
1756 ipseclog((LOG_DEBUG
, "key_spdadd: a SP entry exists already.\n"));
1757 return key_senderror(so
, m
, EEXIST
);
1761 /* allocation new SP entry */
1762 if ((newsp
= key_msg2sp(xpl0
, PFKEY_EXTLEN(xpl0
), &error
)) == NULL
) {
1763 return key_senderror(so
, m
, error
);
1766 if ((newsp
->id
= key_getnewspid()) == 0) {
1768 return key_senderror(so
, m
, ENOBUFS
);
1771 /* XXX boundary check against sa_len */
1772 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1775 src0
->sadb_address_prefixlen
,
1776 dst0
->sadb_address_prefixlen
,
1777 src0
->sadb_address_proto
,
1780 /* sanity check on addr pair */
1781 saddr
= (struct sockaddr
*)(src0
+ 1);
1782 daddr
= (struct sockaddr
*)(dst0
+ 1);
1783 if (saddr
->sa_family
!= daddr
->sa_family
) {
1785 return key_senderror(so
, m
, EINVAL
);
1787 if (saddr
->sa_len
!= daddr
->sa_len
) {
1789 return key_senderror(so
, m
, EINVAL
);
1792 if (newsp
->req
&& newsp
->req
->saidx
.src
.sa
.sa_family
) {
1793 if (saddr
->sa_family
!= newsp
->req
->saidx
.src
.sa
.sa_family
) {
1795 return key_senderror(so
, m
, EINVAL
);
1798 if (newsp
->req
&& newsp
->req
->saidx
.dst
.sa
.sa_family
) {
1799 if (daddr
->sa_family
!= newsp
->req
->saidx
.dst
.sa
.sa_family
) {
1801 return key_senderror(so
, m
, EINVAL
);
1806 newsp
->created
= time_second
;
1807 newsp
->lastused
= newsp
->created
;
1808 newsp
->lifetime
= lft
? lft
->sadb_lifetime_addtime
: 0;
1809 newsp
->validtime
= lft
? lft
->sadb_lifetime_usetime
: 0;
1811 newsp
->refcnt
= 1; /* do not reclaim until I say I do */
1812 newsp
->state
= IPSEC_SPSTATE_ALIVE
;
1813 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
1815 /* delete the entry in spacqtree */
1816 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
1817 struct secspacq
*spacq
;
1818 if ((spacq
= key_getspacq(&spidx
)) != NULL
) {
1819 /* reset counter in order to deletion by timehandler. */
1820 spacq
->created
= time_second
;
1826 struct mbuf
*n
, *mpolicy
;
1827 struct sadb_msg
*newmsg
;
1830 /* create new sadb_msg to reply. */
1832 n
= key_gather_mbuf(m
, mhp
, 2, 5, SADB_EXT_RESERVED
,
1833 SADB_X_EXT_POLICY
, SADB_EXT_LIFETIME_HARD
,
1834 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1836 n
= key_gather_mbuf(m
, mhp
, 2, 4, SADB_EXT_RESERVED
,
1838 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1841 return key_senderror(so
, m
, ENOBUFS
);
1843 if (n
->m_len
< sizeof(*newmsg
)) {
1844 n
= m_pullup(n
, sizeof(*newmsg
));
1846 return key_senderror(so
, m
, ENOBUFS
);
1848 newmsg
= mtod(n
, struct sadb_msg
*);
1849 newmsg
->sadb_msg_errno
= 0;
1850 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
1853 mpolicy
= m_pulldown(n
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)),
1854 sizeof(*xpl
), &off
);
1855 if (mpolicy
== NULL
) {
1856 /* n is already freed */
1857 return key_senderror(so
, m
, ENOBUFS
);
1859 xpl
= (struct sadb_x_policy
*)(mtod(mpolicy
, caddr_t
) + off
);
1860 if (xpl
->sadb_x_policy_exttype
!= SADB_X_EXT_POLICY
) {
1862 return key_senderror(so
, m
, EINVAL
);
1864 xpl
->sadb_x_policy_id
= newsp
->id
;
1867 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
1872 * get new policy id.
1878 key_getnewspid(void)
1880 u_int32_t newid
= 0;
1881 int count
= key_spi_trycnt
; /* XXX */
1882 struct secpolicy
*sp
;
1884 /* when requesting to allocate spi ranged */
1886 newid
= (policy_id
= (policy_id
== ~0 ? 1 : policy_id
+ 1));
1888 if ((sp
= key_getspbyid(newid
)) == NULL
)
1894 if (count
== 0 || newid
== 0) {
1895 ipseclog((LOG_DEBUG
, "key_getnewspid: to allocate policy id is failed.\n"));
1903 * SADB_SPDDELETE processing
1905 * <base, address(SD), policy(*)>
1906 * from the user(?), and set SADB_SASTATE_DEAD,
1908 * <base, address(SD), policy(*)>
1910 * policy(*) including direction of policy.
1912 * m will always be freed.
1915 key_spddelete(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
1917 struct sadb_address
*src0
, *dst0
;
1918 struct sadb_x_policy
*xpl0
;
1919 struct secpolicyindex spidx
;
1920 struct secpolicy
*sp
;
1923 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
1924 panic("key_spddelete: NULL pointer is passed.\n");
1926 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
1927 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
1928 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
1929 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
1930 return key_senderror(so
, m
, EINVAL
);
1932 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
1933 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
1934 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
1935 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
1936 return key_senderror(so
, m
, EINVAL
);
1939 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
1940 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
1941 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
1944 /* XXX boundary check against sa_len */
1945 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
1948 src0
->sadb_address_prefixlen
,
1949 dst0
->sadb_address_prefixlen
,
1950 src0
->sadb_address_proto
,
1953 /* checking the direciton. */
1954 switch (xpl0
->sadb_x_policy_dir
) {
1955 case IPSEC_DIR_INBOUND
:
1956 case IPSEC_DIR_OUTBOUND
:
1959 ipseclog((LOG_DEBUG
, "key_spddelete: Invalid SP direction.\n"));
1960 return key_senderror(so
, m
, EINVAL
);
1963 /* Is there SP in SPD ? */
1964 if ((sp
= key_getsp(&spidx
)) == NULL
) {
1965 ipseclog((LOG_DEBUG
, "key_spddelete: no SP found.\n"));
1966 return key_senderror(so
, m
, EINVAL
);
1969 /* save policy id to buffer to be returned. */
1970 xpl0
->sadb_x_policy_id
= sp
->id
;
1972 sp
->state
= IPSEC_SPSTATE_DEAD
;
1977 struct sadb_msg
*newmsg
;
1979 /* create new sadb_msg to reply. */
1980 n
= key_gather_mbuf(m
, mhp
, 1, 4, SADB_EXT_RESERVED
,
1981 SADB_X_EXT_POLICY
, SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
1983 return key_senderror(so
, m
, ENOBUFS
);
1985 newmsg
= mtod(n
, struct sadb_msg
*);
1986 newmsg
->sadb_msg_errno
= 0;
1987 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
1990 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
1995 * SADB_SPDDELETE2 processing
1998 * from the user(?), and set SADB_SASTATE_DEAD,
2002 * policy(*) including direction of policy.
2004 * m will always be freed.
2007 key_spddelete2(struct socket
*so
, struct mbuf
*m
,
2008 const struct sadb_msghdr
*mhp
)
2011 struct secpolicy
*sp
;
2014 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2015 panic("key_spddelete2: NULL pointer is passed.\n");
2017 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2018 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2019 ipseclog((LOG_DEBUG
, "key_spddelete2: invalid message is passed.\n"));
2020 key_senderror(so
, m
, EINVAL
);
2024 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2026 /* Is there SP in SPD ? */
2027 if ((sp
= key_getspbyid(id
)) == NULL
) {
2028 ipseclog((LOG_DEBUG
, "key_spddelete2: no SP found id:%u.\n", id
));
2029 key_senderror(so
, m
, EINVAL
);
2032 sp
->state
= IPSEC_SPSTATE_DEAD
;
2037 struct sadb_msg
*newmsg
;
2040 /* create new sadb_msg to reply. */
2041 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2044 return key_senderror(so
, m
, ENOBUFS
);
2045 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
2047 return key_senderror(so
, m
, ENOBUFS
);
2050 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
2051 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2055 panic("length inconsistency in key_spddelete2");
2058 n
->m_next
= m_copym(m
, mhp
->extoff
[SADB_X_EXT_POLICY
],
2059 mhp
->extlen
[SADB_X_EXT_POLICY
], MB_DONTWAIT
);
2062 return key_senderror(so
, m
, ENOBUFS
);
2064 n
->m_pkthdr
.len
= m_lengthm(n
, NULL
);
2066 newmsg
= mtod(n
, struct sadb_msg
*);
2067 newmsg
->sadb_msg_errno
= 0;
2068 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2071 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2076 * SADB_X_GET processing
2081 * <base, address(SD), policy>
2083 * policy(*) including direction of policy.
2085 * m will always be freed.
2088 key_spdget(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2091 struct secpolicy
*sp
;
2095 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2096 panic("key_spdget: NULL pointer is passed.\n");
2098 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2099 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2100 ipseclog((LOG_DEBUG
, "key_spdget: invalid message is passed.\n"));
2101 return key_senderror(so
, m
, EINVAL
);
2104 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2106 /* Is there SP in SPD ? */
2107 if ((sp
= key_getspbyid(id
)) == NULL
) {
2108 ipseclog((LOG_DEBUG
, "key_spdget: no SP found id:%u.\n", id
));
2109 return key_senderror(so
, m
, ENOENT
);
2112 n
= key_setdumpsp(sp
, SADB_X_SPDGET
, 0, mhp
->msg
->sadb_msg_pid
);
2115 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2117 return key_senderror(so
, m
, ENOBUFS
);
2121 * SADB_X_SPDACQUIRE processing.
2122 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2125 * to KMD, and expect to receive
2126 * <base> with SADB_X_SPDACQUIRE if error occured,
2129 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2130 * policy(*) is without policy requests.
2133 * others: error number
2136 key_spdacquire(struct secpolicy
*sp
)
2138 struct mbuf
*result
= NULL
, *m
;
2139 struct secspacq
*newspacq
;
2144 panic("key_spdacquire: NULL pointer is passed.\n");
2145 if (sp
->req
!= NULL
)
2146 panic("key_spdacquire: called but there is request.\n");
2147 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2148 panic("key_spdacquire: policy mismatched. IPsec is expected.\n");
2150 /* Get an entry to check whether sent message or not. */
2151 if ((newspacq
= key_getspacq(&sp
->spidx
)) != NULL
) {
2152 if (key_blockacq_count
< newspacq
->count
) {
2153 /* reset counter and do send message. */
2154 newspacq
->count
= 0;
2156 /* increment counter and do nothing. */
2161 /* make new entry for blocking to send SADB_ACQUIRE. */
2162 if ((newspacq
= key_newspacq(&sp
->spidx
)) == NULL
)
2165 /* add to acqtree */
2166 LIST_INSERT_HEAD(&spacqtree
, newspacq
, chain
);
2169 /* create new sadb_msg to reply. */
2170 m
= key_setsadbmsg(SADB_X_SPDACQUIRE
, 0, 0, 0, 0, 0);
2176 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2177 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2178 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2180 return key_sendup_mbuf(NULL
, m
, KEY_SENDUP_REGISTERED
);
2189 * SADB_SPDFLUSH processing
2192 * from the user, and free all entries in secpctree.
2196 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2198 * m will always be freed.
2201 key_spdflush(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2203 struct sadb_msg
*newmsg
;
2204 struct secpolicy
*sp
;
2208 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2209 panic("key_spdflush: NULL pointer is passed.\n");
2211 if (m
->m_len
!= PFKEY_ALIGN8(sizeof(struct sadb_msg
)))
2212 return key_senderror(so
, m
, EINVAL
);
2214 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2215 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2216 sp
->state
= IPSEC_SPSTATE_DEAD
;
2220 if (sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
2221 ipseclog((LOG_DEBUG
, "key_spdflush: No more memory.\n"));
2222 return key_senderror(so
, m
, ENOBUFS
);
2228 m
->m_pkthdr
.len
= m
->m_len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2229 newmsg
= mtod(m
, struct sadb_msg
*);
2230 newmsg
->sadb_msg_errno
= 0;
2231 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
2233 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
2237 * SADB_SPDDUMP processing
2240 * from the user, and dump all SP leaves
2245 * m will always be freed.
2248 key_spddump(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
2250 struct secpolicy
*sp
;
2256 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2257 panic("key_spddump: NULL pointer is passed.\n");
2259 /* search SPD entry and get buffer size. */
2261 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2262 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2268 return key_senderror(so
, m
, ENOENT
);
2270 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2271 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2273 n
= key_setdumpsp(sp
, SADB_X_SPDDUMP
, cnt
,
2274 mhp
->msg
->sadb_msg_pid
);
2277 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2285 static struct mbuf
*
2286 key_setdumpsp(struct secpolicy
*sp
, u_int8_t type
, u_int32_t seq
,
2289 struct mbuf
*result
= NULL
, *m
;
2291 m
= key_setsadbmsg(type
, 0, SADB_SATYPE_UNSPEC
, seq
, pid
, sp
->refcnt
);
2296 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2297 &sp
->spidx
.src
.sa
, sp
->spidx
.prefs
,
2298 sp
->spidx
.ul_proto
);
2303 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2304 &sp
->spidx
.dst
.sa
, sp
->spidx
.prefd
,
2305 sp
->spidx
.ul_proto
);
2315 if ((result
->m_flags
& M_PKTHDR
) == 0)
2318 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2319 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2323 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2324 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2325 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2335 * get PFKEY message length for security policy and request.
2338 key_getspreqmsglen(struct secpolicy
*sp
)
2340 struct ipsecrequest
*isr
;
2343 tlen
= sizeof(struct sadb_x_policy
);
2345 /* if is the policy for ipsec ? */
2346 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2349 /* get length of ipsec requests */
2350 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
2351 len
= sizeof(struct sadb_x_ipsecrequest
) +
2352 isr
->saidx
.src
.sa
.sa_len
+ isr
->saidx
.dst
.sa
.sa_len
;
2354 tlen
+= PFKEY_ALIGN8(len
);
2361 * SADB_SPDEXPIRE processing
2363 * <base, address(SD), lifetime(CH), policy>
2367 * others : error number
2370 key_spdexpire(struct secpolicy
*sp
)
2373 struct mbuf
*result
= NULL
, *m
;
2376 struct sadb_lifetime
*lt
;
2378 /* XXX: Why do we lock ? */
2383 panic("key_spdexpire: NULL pointer is passed.\n");
2385 /* set msg header */
2386 m
= key_setsadbmsg(SADB_X_SPDEXPIRE
, 0, 0, 0, 0, 0);
2393 /* create lifetime extension (current and hard) */
2394 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
2395 m
= key_alloc_mbuf(len
);
2396 if (!m
|| m
->m_next
) { /*XXX*/
2402 bzero(mtod(m
, caddr_t
), len
);
2403 lt
= mtod(m
, struct sadb_lifetime
*);
2404 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2405 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
2406 lt
->sadb_lifetime_allocations
= 0;
2407 lt
->sadb_lifetime_bytes
= 0;
2408 lt
->sadb_lifetime_addtime
= sp
->created
;
2409 lt
->sadb_lifetime_usetime
= sp
->lastused
;
2410 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
2411 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2412 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_HARD
;
2413 lt
->sadb_lifetime_allocations
= 0;
2414 lt
->sadb_lifetime_bytes
= 0;
2415 lt
->sadb_lifetime_addtime
= sp
->lifetime
;
2416 lt
->sadb_lifetime_usetime
= sp
->validtime
;
2419 /* set sadb_address for source */
2420 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2422 sp
->spidx
.prefs
, sp
->spidx
.ul_proto
);
2429 /* set sadb_address for destination */
2430 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2432 sp
->spidx
.prefd
, sp
->spidx
.ul_proto
);
2447 if ((result
->m_flags
& M_PKTHDR
) == 0) {
2452 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2453 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2454 if (result
== NULL
) {
2459 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
2460 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2461 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2463 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
2472 /* %%% SAD management */
2474 * allocating a memory for new SA head, and copy from the values of mhp.
2475 * OUT: NULL : failure due to the lack of memory.
2476 * others : pointer to new SA head.
2478 static struct secashead
*
2479 key_newsah(struct secasindex
*saidx
)
2481 struct secashead
*newsah
;
2483 KASSERT(saidx
!= NULL
, ("key_newsaidx: null saidx"));
2485 newsah
= kmalloc(sizeof(struct secashead
), M_SECA
,
2486 M_INTWAIT
| M_ZERO
| M_NULLOK
);
2487 if (newsah
!= NULL
) {
2489 for (i
= 0; i
< sizeof(newsah
->savtree
)/sizeof(newsah
->savtree
[0]); i
++)
2490 LIST_INIT(&newsah
->savtree
[i
]);
2491 newsah
->saidx
= *saidx
;
2493 /* add to saidxtree */
2494 newsah
->state
= SADB_SASTATE_MATURE
;
2495 LIST_INSERT_HEAD(&sahtree
, newsah
, chain
);
2501 * Delete SA index and all registered SAs.
2504 key_delsah(struct secashead
*sah
)
2506 struct secasvar
*sav
, *nextsav
;
2512 panic("key_delsah: NULL pointer is passed.\n");
2516 /* searching all SA registerd in the secindex. */
2517 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
2519 u_int state
= saorder_state_any
[stateidx
];
2521 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
, nextsav
)
2522 if (sav
->refcnt
== 0) {
2524 KEY_CHKSASTATE(state
, sav
->state
, __func__
);
2527 /* give up to delete this SA */
2532 /* Delete sah it has are no savs. */
2533 if (nzombies
== 0) {
2534 /* remove from tree of SA index */
2535 if (__LIST_CHAINED(sah
))
2536 LIST_REMOVE(sah
, chain
);
2537 if (sah
->sa_route
.ro_rt
) {
2538 RTFREE(sah
->sa_route
.ro_rt
);
2539 sah
->sa_route
.ro_rt
= (struct rtentry
*)NULL
;
2549 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2550 * and copy the values of mhp into new buffer.
2551 * When SAD message type is GETSPI:
2552 * to set sequence number from acq_seq++,
2553 * to set zero to SPI.
2554 * not to call key_setsava().
2556 * others : pointer to new secasvar.
2558 * does not modify mbuf. does not free mbuf on error.
2560 static struct secasvar
*
2561 key_newsav(struct mbuf
*m
, const struct sadb_msghdr
*mhp
, struct secashead
*sah
,
2562 int *errp
, const char *where
, int tag
)
2564 struct secasvar
*newsav
;
2565 const struct sadb_sa
*xsa
;
2568 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
|| sah
== NULL
)
2569 panic("key_newsa: NULL pointer is passed.\n");
2571 KMALLOC(newsav
, struct secasvar
*, sizeof(struct secasvar
));
2572 if (newsav
== NULL
) {
2573 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
2577 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
2579 switch (mhp
->msg
->sadb_msg_type
) {
2583 #ifdef IPSEC_DOSEQCHECK
2584 /* sync sequence number */
2585 if (mhp
->msg
->sadb_msg_seq
== 0)
2587 (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
2590 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
2595 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
2596 KFREE(newsav
), newsav
= NULL
;
2597 ipseclog((LOG_DEBUG
, "key_newsa: invalid message is passed.\n"));
2601 xsa
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
2602 newsav
->spi
= xsa
->sadb_sa_spi
;
2603 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
2606 KFREE(newsav
), newsav
= NULL
;
2611 /* copy sav values */
2612 if (mhp
->msg
->sadb_msg_type
!= SADB_GETSPI
) {
2613 *errp
= key_setsaval(newsav
, m
, mhp
);
2615 KFREE(newsav
), newsav
= NULL
;
2621 newsav
->created
= time_second
;
2622 newsav
->pid
= mhp
->msg
->sadb_msg_pid
;
2627 newsav
->state
= SADB_SASTATE_LARVAL
;
2628 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
2631 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
2632 kprintf("DP key_newsav from %s:%u return SP:%p\n",
2633 where
, tag
, newsav
));
2639 * free() SA variable entry.
2642 key_delsav(struct secasvar
*sav
)
2644 KASSERT(sav
!= NULL
, ("key_delsav: null sav"));
2645 KASSERT(sav
->refcnt
== 0,
2646 ("key_delsav: reference count %u > 0", sav
->refcnt
));
2648 /* remove from SA header */
2649 if (__LIST_CHAINED(sav
))
2650 LIST_REMOVE(sav
, chain
);
2653 * Cleanup xform state. Note that zeroize'ing causes the
2654 * keys to be cleared; otherwise we must do it ourself.
2656 if (sav
->tdb_xform
!= NULL
) {
2657 sav
->tdb_xform
->xf_zeroize(sav
);
2658 sav
->tdb_xform
= NULL
;
2660 if (sav
->key_auth
!= NULL
)
2661 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
2662 if (sav
->key_enc
!= NULL
)
2663 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
2665 if (sav
->key_auth
!= NULL
) {
2666 KFREE(sav
->key_auth
);
2667 sav
->key_auth
= NULL
;
2669 if (sav
->key_enc
!= NULL
) {
2670 KFREE(sav
->key_enc
);
2671 sav
->key_enc
= NULL
;
2674 bzero(sav
->sched
, sav
->schedlen
);
2678 if (sav
->replay
!= NULL
) {
2682 if (sav
->lft_c
!= NULL
) {
2686 if (sav
->lft_h
!= NULL
) {
2690 if (sav
->lft_s
!= NULL
) {
2694 if (sav
->iv
!= NULL
) {
2708 * others : found, pointer to a SA.
2710 static struct secashead
*
2711 key_getsah(struct secasindex
*saidx
)
2713 struct secashead
*sah
;
2715 LIST_FOREACH(sah
, &sahtree
, chain
) {
2716 if (sah
->state
== SADB_SASTATE_DEAD
)
2718 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_REQID
))
2726 * check not to be duplicated SPI.
2727 * NOTE: this function is too slow due to searching all SAD.
2730 * others : found, pointer to a SA.
2732 static struct secasvar
*
2733 key_checkspidup(struct secasindex
*saidx
, u_int32_t spi
)
2735 struct secashead
*sah
;
2736 struct secasvar
*sav
;
2738 /* check address family */
2739 if (saidx
->src
.sa
.sa_family
!= saidx
->dst
.sa
.sa_family
) {
2740 ipseclog((LOG_DEBUG
, "key_checkspidup: address family mismatched.\n"));
2745 LIST_FOREACH(sah
, &sahtree
, chain
) {
2746 if (!key_ismyaddr((struct sockaddr
*)&sah
->saidx
.dst
))
2748 sav
= key_getsavbyspi(sah
, spi
);
2757 * search SAD litmited alive SA, protocol, SPI.
2760 * others : found, pointer to a SA.
2762 static struct secasvar
*
2763 key_getsavbyspi(struct secashead
*sah
, u_int32_t spi
)
2765 struct secasvar
*sav
;
2768 /* search all status */
2769 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
2771 u_int state
= saorder_state_alive
[stateidx
];
2773 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
2775 if (sav
->state
!= state
) {
2776 ipseclog((LOG_DEBUG
, "key_getsavbyspi: "
2777 "invalid sav->state (queue: %d SA: %d)\n",
2778 state
, sav
->state
));
2782 if (sav
->spi
== spi
)
2791 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
2792 * You must update these if need.
2796 * does not modify mbuf. does not free mbuf on error.
2799 key_setsaval(struct secasvar
*sav
, struct mbuf
*m
,
2800 const struct sadb_msghdr
*mhp
)
2805 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2806 panic("key_setsaval: NULL pointer is passed.\n");
2808 /* initialization */
2810 sav
->key_auth
= NULL
;
2811 sav
->key_enc
= NULL
;
2818 sav
->tdb_xform
= NULL
; /* transform */
2819 sav
->tdb_encalgxform
= NULL
; /* encoding algorithm */
2820 sav
->tdb_authalgxform
= NULL
; /* authentication algorithm */
2821 sav
->tdb_compalgxform
= NULL
; /* compression algorithm */
2824 if (mhp
->ext
[SADB_EXT_SA
] != NULL
) {
2825 const struct sadb_sa
*sa0
;
2827 sa0
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
2828 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(*sa0
)) {
2833 sav
->alg_auth
= sa0
->sadb_sa_auth
;
2834 sav
->alg_enc
= sa0
->sadb_sa_encrypt
;
2835 sav
->flags
= sa0
->sadb_sa_flags
;
2838 if ((sa0
->sadb_sa_flags
& SADB_X_EXT_OLD
) == 0) {
2840 kmalloc(sizeof(struct secreplay
)+sa0
->sadb_sa_replay
,
2841 M_SECA
, M_INTWAIT
| M_ZERO
| M_NULLOK
);
2842 if (sav
->replay
== NULL
) {
2843 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2847 if (sa0
->sadb_sa_replay
!= 0)
2848 sav
->replay
->bitmap
= (caddr_t
)(sav
->replay
+1);
2849 sav
->replay
->wsize
= sa0
->sadb_sa_replay
;
2853 /* Authentication keys */
2854 if (mhp
->ext
[SADB_EXT_KEY_AUTH
] != NULL
) {
2855 const struct sadb_key
*key0
;
2858 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_AUTH
];
2859 len
= mhp
->extlen
[SADB_EXT_KEY_AUTH
];
2862 if (len
< sizeof(*key0
)) {
2866 switch (mhp
->msg
->sadb_msg_satype
) {
2867 case SADB_SATYPE_AH
:
2868 case SADB_SATYPE_ESP
:
2869 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
2870 sav
->alg_auth
!= SADB_X_AALG_NULL
)
2873 case SADB_X_SATYPE_IPCOMP
:
2879 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_auth values.\n"));
2883 sav
->key_auth
= (struct sadb_key
*)key_newbuf(key0
, len
);
2884 if (sav
->key_auth
== NULL
) {
2885 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2891 /* Encryption key */
2892 if (mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] != NULL
) {
2893 const struct sadb_key
*key0
;
2896 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_ENCRYPT
];
2897 len
= mhp
->extlen
[SADB_EXT_KEY_ENCRYPT
];
2900 if (len
< sizeof(*key0
)) {
2904 switch (mhp
->msg
->sadb_msg_satype
) {
2905 case SADB_SATYPE_ESP
:
2906 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
2907 sav
->alg_enc
!= SADB_EALG_NULL
) {
2911 sav
->key_enc
= (struct sadb_key
*)key_newbuf(key0
, len
);
2912 if (sav
->key_enc
== NULL
) {
2913 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2918 case SADB_X_SATYPE_IPCOMP
:
2919 if (len
!= PFKEY_ALIGN8(sizeof(struct sadb_key
)))
2921 sav
->key_enc
= NULL
; /*just in case*/
2923 case SADB_SATYPE_AH
:
2929 ipseclog((LOG_DEBUG
, "key_setsatval: invalid key_enc value.\n"));
2937 switch (mhp
->msg
->sadb_msg_satype
) {
2938 case SADB_SATYPE_AH
:
2939 error
= xform_init(sav
, XF_AH
);
2941 case SADB_SATYPE_ESP
:
2942 error
= xform_init(sav
, XF_ESP
);
2944 case SADB_X_SATYPE_IPCOMP
:
2945 error
= xform_init(sav
, XF_IPCOMP
);
2949 ipseclog((LOG_DEBUG
,
2950 "key_setsaval: unable to initialize SA type %u.\n",
2951 mhp
->msg
->sadb_msg_satype
));
2956 sav
->created
= time_second
;
2958 /* make lifetime for CURRENT */
2959 KMALLOC(sav
->lft_c
, struct sadb_lifetime
*,
2960 sizeof(struct sadb_lifetime
));
2961 if (sav
->lft_c
== NULL
) {
2962 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2967 sav
->lft_c
->sadb_lifetime_len
=
2968 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2969 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
2970 sav
->lft_c
->sadb_lifetime_allocations
= 0;
2971 sav
->lft_c
->sadb_lifetime_bytes
= 0;
2972 sav
->lft_c
->sadb_lifetime_addtime
= time_second
;
2973 sav
->lft_c
->sadb_lifetime_usetime
= 0;
2975 /* lifetimes for HARD and SOFT */
2977 const struct sadb_lifetime
*lft0
;
2979 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
2981 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
2985 sav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
,
2987 if (sav
->lft_h
== NULL
) {
2988 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
2992 /* to be initialize ? */
2995 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_SOFT
];
2997 if (mhp
->extlen
[SADB_EXT_LIFETIME_SOFT
] < sizeof(*lft0
)) {
3001 sav
->lft_s
= (struct sadb_lifetime
*)key_newbuf(lft0
,
3003 if (sav
->lft_s
== NULL
) {
3004 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3008 /* to be initialize ? */
3015 /* initialization */
3016 if (sav
->replay
!= NULL
) {
3020 if (sav
->key_auth
!= NULL
) {
3021 KFREE(sav
->key_auth
);
3022 sav
->key_auth
= NULL
;
3024 if (sav
->key_enc
!= NULL
) {
3025 KFREE(sav
->key_enc
);
3026 sav
->key_enc
= NULL
;
3032 if (sav
->iv
!= NULL
) {
3036 if (sav
->lft_c
!= NULL
) {
3040 if (sav
->lft_h
!= NULL
) {
3044 if (sav
->lft_s
!= NULL
) {
3053 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3058 key_mature(struct secasvar
*sav
)
3062 /* check SPI value */
3063 switch (sav
->sah
->saidx
.proto
) {
3066 if (ntohl(sav
->spi
) >= 0 && ntohl(sav
->spi
) <= 255) {
3067 ipseclog((LOG_DEBUG
,
3068 "key_mature: illegal range of SPI %u.\n",
3069 (u_int32_t
)ntohl(sav
->spi
)));
3076 switch (sav
->sah
->saidx
.proto
) {
3079 if ((sav
->flags
& (SADB_X_EXT_OLD
|SADB_X_EXT_DERIV
)) ==
3080 (SADB_X_EXT_OLD
|SADB_X_EXT_DERIV
)) {
3081 ipseclog((LOG_DEBUG
, "key_mature: "
3082 "invalid flag (derived) given to old-esp.\n"));
3085 error
= xform_init(sav
, XF_ESP
);
3089 if (sav
->flags
& SADB_X_EXT_DERIV
) {
3090 ipseclog((LOG_DEBUG
, "key_mature: "
3091 "invalid flag (derived) given to AH SA.\n"));
3094 if (sav
->alg_enc
!= SADB_EALG_NONE
) {
3095 ipseclog((LOG_DEBUG
, "key_mature: "
3096 "protocol and algorithm mismated.\n"));
3099 error
= xform_init(sav
, XF_AH
);
3101 case IPPROTO_IPCOMP
:
3102 if (sav
->alg_auth
!= SADB_AALG_NONE
) {
3103 ipseclog((LOG_DEBUG
, "key_mature: "
3104 "protocol and algorithm mismated.\n"));
3107 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0
3108 && ntohl(sav
->spi
) >= 0x10000) {
3109 ipseclog((LOG_DEBUG
, "key_mature: invalid cpi for IPComp.\n"));
3112 error
= xform_init(sav
, XF_IPCOMP
);
3115 ipseclog((LOG_DEBUG
, "key_mature: Invalid satype.\n"));
3116 error
= EPROTONOSUPPORT
;
3120 key_sa_chgstate(sav
, SADB_SASTATE_MATURE
);
3125 * subroutine for SADB_GET and SADB_DUMP.
3127 static struct mbuf
*
3128 key_setdumpsa(struct secasvar
*sav
, u_int8_t type
, u_int8_t satype
,
3129 u_int32_t seq
, u_int32_t pid
)
3131 struct mbuf
*result
= NULL
, *tres
= NULL
, *m
;
3136 SADB_EXT_SA
, SADB_X_EXT_SA2
,
3137 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
3138 SADB_EXT_LIFETIME_CURRENT
, SADB_EXT_ADDRESS_SRC
,
3139 SADB_EXT_ADDRESS_DST
, SADB_EXT_ADDRESS_PROXY
, SADB_EXT_KEY_AUTH
,
3140 SADB_EXT_KEY_ENCRYPT
, SADB_EXT_IDENTITY_SRC
,
3141 SADB_EXT_IDENTITY_DST
, SADB_EXT_SENSITIVITY
,
3144 m
= key_setsadbmsg(type
, 0, satype
, seq
, pid
, sav
->refcnt
);
3149 for (i
= sizeof(dumporder
)/sizeof(dumporder
[0]) - 1; i
>= 0; i
--) {
3152 switch (dumporder
[i
]) {
3154 m
= key_setsadbsa(sav
);
3159 case SADB_X_EXT_SA2
:
3160 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
3161 sav
->replay
? sav
->replay
->count
: 0,
3162 sav
->sah
->saidx
.reqid
);
3167 case SADB_EXT_ADDRESS_SRC
:
3168 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3169 &sav
->sah
->saidx
.src
.sa
,
3170 FULLMASK
, IPSEC_ULPROTO_ANY
);
3175 case SADB_EXT_ADDRESS_DST
:
3176 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3177 &sav
->sah
->saidx
.dst
.sa
,
3178 FULLMASK
, IPSEC_ULPROTO_ANY
);
3183 case SADB_EXT_KEY_AUTH
:
3186 l
= PFKEY_UNUNIT64(sav
->key_auth
->sadb_key_len
);
3190 case SADB_EXT_KEY_ENCRYPT
:
3193 l
= PFKEY_UNUNIT64(sav
->key_enc
->sadb_key_len
);
3197 case SADB_EXT_LIFETIME_CURRENT
:
3200 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_c
)->sadb_ext_len
);
3204 case SADB_EXT_LIFETIME_HARD
:
3207 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_h
)->sadb_ext_len
);
3211 case SADB_EXT_LIFETIME_SOFT
:
3214 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_s
)->sadb_ext_len
);
3218 case SADB_EXT_ADDRESS_PROXY
:
3219 case SADB_EXT_IDENTITY_SRC
:
3220 case SADB_EXT_IDENTITY_DST
:
3221 /* XXX: should we brought from SPD ? */
3222 case SADB_EXT_SENSITIVITY
:
3227 if ((!m
&& !p
) || (m
&& p
))
3230 M_PREPEND(tres
, l
, MB_DONTWAIT
);
3233 bcopy(p
, mtod(tres
, caddr_t
), l
);
3237 m
= key_alloc_mbuf(l
);
3240 m_copyback(m
, 0, l
, p
);
3248 m_cat(result
, tres
);
3250 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3251 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3255 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
3256 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3257 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3268 * set data into sadb_msg.
3270 static struct mbuf
*
3271 key_setsadbmsg(u_int8_t type
, u_int16_t tlen
, u_int8_t satype
, u_int32_t seq
,
3272 pid_t pid
, u_int16_t reserved
)
3278 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
3281 m
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
3284 m
->m_pkthdr
.len
= m
->m_len
= len
;
3286 p
= mtod(m
, struct sadb_msg
*);
3289 p
->sadb_msg_version
= PF_KEY_V2
;
3290 p
->sadb_msg_type
= type
;
3291 p
->sadb_msg_errno
= 0;
3292 p
->sadb_msg_satype
= satype
;
3293 p
->sadb_msg_len
= PFKEY_UNIT64(tlen
);
3294 p
->sadb_msg_reserved
= reserved
;
3295 p
->sadb_msg_seq
= seq
;
3296 p
->sadb_msg_pid
= (u_int32_t
)pid
;
3302 * copy secasvar data into sadb_address.
3304 static struct mbuf
*
3305 key_setsadbsa(struct secasvar
*sav
)
3311 len
= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
3312 m
= key_alloc_mbuf(len
);
3313 if (!m
|| m
->m_next
) { /*XXX*/
3319 p
= mtod(m
, struct sadb_sa
*);
3322 p
->sadb_sa_len
= PFKEY_UNIT64(len
);
3323 p
->sadb_sa_exttype
= SADB_EXT_SA
;
3324 p
->sadb_sa_spi
= sav
->spi
;
3325 p
->sadb_sa_replay
= (sav
->replay
!= NULL
? sav
->replay
->wsize
: 0);
3326 p
->sadb_sa_state
= sav
->state
;
3327 p
->sadb_sa_auth
= sav
->alg_auth
;
3328 p
->sadb_sa_encrypt
= sav
->alg_enc
;
3329 p
->sadb_sa_flags
= sav
->flags
;
3335 * set data into sadb_address.
3337 static struct mbuf
*
3338 key_setsadbaddr(u_int16_t exttype
, const struct sockaddr
*saddr
, u_int8_t prefixlen
,
3342 struct sadb_address
*p
;
3345 len
= PFKEY_ALIGN8(sizeof(struct sadb_address
)) +
3346 PFKEY_ALIGN8(saddr
->sa_len
);
3347 m
= key_alloc_mbuf(len
);
3348 if (!m
|| m
->m_next
) { /*XXX*/
3354 p
= mtod(m
, struct sadb_address
*);
3357 p
->sadb_address_len
= PFKEY_UNIT64(len
);
3358 p
->sadb_address_exttype
= exttype
;
3359 p
->sadb_address_proto
= ul_proto
;
3360 if (prefixlen
== FULLMASK
) {
3361 switch (saddr
->sa_family
) {
3363 prefixlen
= sizeof(struct in_addr
) << 3;
3366 prefixlen
= sizeof(struct in6_addr
) << 3;
3372 p
->sadb_address_prefixlen
= prefixlen
;
3373 p
->sadb_address_reserved
= 0;
3376 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_address
)),
3384 * set data into sadb_ident.
3386 static struct mbuf
*
3387 key_setsadbident(u_int16_t exttype
, u_int16_t idtype
, caddr_t string
,
3388 int stringlen
, u_int64_t id
)
3391 struct sadb_ident
*p
;
3394 len
= PFKEY_ALIGN8(sizeof(struct sadb_ident
)) + PFKEY_ALIGN8(stringlen
);
3395 m
= key_alloc_mbuf(len
);
3396 if (!m
|| m
->m_next
) { /*XXX*/
3402 p
= mtod(m
, struct sadb_ident
*);
3405 p
->sadb_ident_len
= PFKEY_UNIT64(len
);
3406 p
->sadb_ident_exttype
= exttype
;
3407 p
->sadb_ident_type
= idtype
;
3408 p
->sadb_ident_reserved
= 0;
3409 p
->sadb_ident_id
= id
;
3412 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_ident
)),
3420 * set data into sadb_x_sa2.
3422 static struct mbuf
*
3423 key_setsadbxsa2(u_int8_t mode
, u_int32_t seq
, u_int32_t reqid
)
3426 struct sadb_x_sa2
*p
;
3429 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_sa2
));
3430 m
= key_alloc_mbuf(len
);
3431 if (!m
|| m
->m_next
) { /*XXX*/
3437 p
= mtod(m
, struct sadb_x_sa2
*);
3440 p
->sadb_x_sa2_len
= PFKEY_UNIT64(len
);
3441 p
->sadb_x_sa2_exttype
= SADB_X_EXT_SA2
;
3442 p
->sadb_x_sa2_mode
= mode
;
3443 p
->sadb_x_sa2_reserved1
= 0;
3444 p
->sadb_x_sa2_reserved2
= 0;
3445 p
->sadb_x_sa2_sequence
= seq
;
3446 p
->sadb_x_sa2_reqid
= reqid
;
3452 * set data into sadb_x_policy
3454 static struct mbuf
*
3455 key_setsadbxpolicy(u_int16_t type
, u_int8_t dir
, u_int32_t id
)
3458 struct sadb_x_policy
*p
;
3461 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_policy
));
3462 m
= key_alloc_mbuf(len
);
3463 if (!m
|| m
->m_next
) { /*XXX*/
3469 p
= mtod(m
, struct sadb_x_policy
*);
3472 p
->sadb_x_policy_len
= PFKEY_UNIT64(len
);
3473 p
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
3474 p
->sadb_x_policy_type
= type
;
3475 p
->sadb_x_policy_dir
= dir
;
3476 p
->sadb_x_policy_id
= id
;
3483 * copy a buffer into the new buffer allocated.
3486 key_newbuf(const void *src
, u_int len
)
3490 KMALLOC(new, caddr_t
, len
);
3492 ipseclog((LOG_DEBUG
, "key_newbuf: No more memory.\n"));
3495 bcopy(src
, new, len
);
3500 /* compare my own address
3501 * OUT: 1: true, i.e. my address.
3505 key_ismyaddr(struct sockaddr
*sa
)
3508 struct sockaddr_in
*sin
;
3509 struct in_ifaddr
*ia
;
3514 panic("key_ismyaddr: NULL pointer is passed.\n");
3516 switch (sa
->sa_family
) {
3519 sin
= (struct sockaddr_in
*)sa
;
3520 TAILQ_FOREACH(ia
, &in_ifaddrhead
, ia_link
) {
3521 if (sin
->sin_family
== ia
->ia_addr
.sin_family
&&
3522 sin
->sin_len
== ia
->ia_addr
.sin_len
&&
3523 sin
->sin_addr
.s_addr
== ia
->ia_addr
.sin_addr
.s_addr
)
3532 return key_ismyaddr6((struct sockaddr_in6
*)sa
);
3541 * compare my own address for IPv6.
3544 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3546 #include <netinet6/in6_var.h>
3549 key_ismyaddr6(struct sockaddr_in6
*sin6
)
3551 struct in6_ifaddr
*ia
;
3552 struct in6_multi
*in6m
;
3554 for (ia
= in6_ifaddr
; ia
; ia
= ia
->ia_next
) {
3555 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
3556 (struct sockaddr
*)&ia
->ia_addr
, 0) == 0)
3561 * XXX why do we care about multlicast here while we don't care
3562 * about IPv4 multicast??
3566 IN6_LOOKUP_MULTI(sin6
->sin6_addr
, ia
->ia_ifp
, in6m
);
3571 /* loopback, just for safety */
3572 if (IN6_IS_ADDR_LOOPBACK(&sin6
->sin6_addr
))
3580 * compare two secasindex structure.
3581 * flag can specify to compare 2 saidxes.
3582 * compare two secasindex structure without both mode and reqid.
3583 * don't compare port.
3585 * saidx0: source, it can be in SAD.
3593 const struct secasindex
*saidx0
,
3594 const struct secasindex
*saidx1
,
3598 if (saidx0
== NULL
&& saidx1
== NULL
)
3601 if (saidx0
== NULL
|| saidx1
== NULL
)
3604 if (saidx0
->proto
!= saidx1
->proto
)
3607 if (flag
== CMP_EXACTLY
) {
3608 if (saidx0
->mode
!= saidx1
->mode
)
3610 if (saidx0
->reqid
!= saidx1
->reqid
)
3612 if (bcmp(&saidx0
->src
, &saidx1
->src
, saidx0
->src
.sa
.sa_len
) != 0 ||
3613 bcmp(&saidx0
->dst
, &saidx1
->dst
, saidx0
->dst
.sa
.sa_len
) != 0)
3617 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
3618 if (flag
== CMP_MODE_REQID
3619 ||flag
== CMP_REQID
) {
3621 * If reqid of SPD is non-zero, unique SA is required.
3622 * The result must be of same reqid in this case.
3624 if (saidx1
->reqid
!= 0 && saidx0
->reqid
!= saidx1
->reqid
)
3628 if (flag
== CMP_MODE_REQID
) {
3629 if (saidx0
->mode
!= IPSEC_MODE_ANY
3630 && saidx0
->mode
!= saidx1
->mode
)
3634 if (key_sockaddrcmp(&saidx0
->src
.sa
, &saidx1
->src
.sa
, 0) != 0) {
3637 if (key_sockaddrcmp(&saidx0
->dst
.sa
, &saidx1
->dst
.sa
, 0) != 0) {
3646 * compare two secindex structure exactly.
3648 * spidx0: source, it is often in SPD.
3649 * spidx1: object, it is often from PFKEY message.
3655 key_cmpspidx_exactly(
3656 struct secpolicyindex
*spidx0
,
3657 struct secpolicyindex
*spidx1
)
3660 if (spidx0
== NULL
&& spidx1
== NULL
)
3663 if (spidx0
== NULL
|| spidx1
== NULL
)
3666 if (spidx0
->prefs
!= spidx1
->prefs
3667 || spidx0
->prefd
!= spidx1
->prefd
3668 || spidx0
->ul_proto
!= spidx1
->ul_proto
)
3671 return key_sockaddrcmp(&spidx0
->src
.sa
, &spidx1
->src
.sa
, 1) == 0 &&
3672 key_sockaddrcmp(&spidx0
->dst
.sa
, &spidx1
->dst
.sa
, 1) == 0;
3676 * compare two secindex structure with mask.
3678 * spidx0: source, it is often in SPD.
3679 * spidx1: object, it is often from IP header.
3685 key_cmpspidx_withmask(
3686 struct secpolicyindex
*spidx0
,
3687 struct secpolicyindex
*spidx1
)
3690 if (spidx0
== NULL
&& spidx1
== NULL
)
3693 if (spidx0
== NULL
|| spidx1
== NULL
)
3696 if (spidx0
->src
.sa
.sa_family
!= spidx1
->src
.sa
.sa_family
||
3697 spidx0
->dst
.sa
.sa_family
!= spidx1
->dst
.sa
.sa_family
||
3698 spidx0
->src
.sa
.sa_len
!= spidx1
->src
.sa
.sa_len
||
3699 spidx0
->dst
.sa
.sa_len
!= spidx1
->dst
.sa
.sa_len
)
3702 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
3703 if (spidx0
->ul_proto
!= (u_int16_t
)IPSEC_ULPROTO_ANY
3704 && spidx0
->ul_proto
!= spidx1
->ul_proto
)
3707 switch (spidx0
->src
.sa
.sa_family
) {
3709 if (spidx0
->src
.sin
.sin_port
!= IPSEC_PORT_ANY
3710 && spidx0
->src
.sin
.sin_port
!= spidx1
->src
.sin
.sin_port
)
3712 if (!key_bbcmp(&spidx0
->src
.sin
.sin_addr
,
3713 &spidx1
->src
.sin
.sin_addr
, spidx0
->prefs
))
3717 if (spidx0
->src
.sin6
.sin6_port
!= IPSEC_PORT_ANY
3718 && spidx0
->src
.sin6
.sin6_port
!= spidx1
->src
.sin6
.sin6_port
)
3721 * scope_id check. if sin6_scope_id is 0, we regard it
3722 * as a wildcard scope, which matches any scope zone ID.
3724 if (spidx0
->src
.sin6
.sin6_scope_id
&&
3725 spidx1
->src
.sin6
.sin6_scope_id
&&
3726 spidx0
->src
.sin6
.sin6_scope_id
!= spidx1
->src
.sin6
.sin6_scope_id
)
3728 if (!key_bbcmp(&spidx0
->src
.sin6
.sin6_addr
,
3729 &spidx1
->src
.sin6
.sin6_addr
, spidx0
->prefs
))
3734 if (bcmp(&spidx0
->src
, &spidx1
->src
, spidx0
->src
.sa
.sa_len
) != 0)
3739 switch (spidx0
->dst
.sa
.sa_family
) {
3741 if (spidx0
->dst
.sin
.sin_port
!= IPSEC_PORT_ANY
3742 && spidx0
->dst
.sin
.sin_port
!= spidx1
->dst
.sin
.sin_port
)
3744 if (!key_bbcmp(&spidx0
->dst
.sin
.sin_addr
,
3745 &spidx1
->dst
.sin
.sin_addr
, spidx0
->prefd
))
3749 if (spidx0
->dst
.sin6
.sin6_port
!= IPSEC_PORT_ANY
3750 && spidx0
->dst
.sin6
.sin6_port
!= spidx1
->dst
.sin6
.sin6_port
)
3753 * scope_id check. if sin6_scope_id is 0, we regard it
3754 * as a wildcard scope, which matches any scope zone ID.
3756 if (spidx0
->dst
.sin6
.sin6_scope_id
&&
3757 spidx1
->dst
.sin6
.sin6_scope_id
&&
3758 spidx0
->dst
.sin6
.sin6_scope_id
!= spidx1
->dst
.sin6
.sin6_scope_id
)
3760 if (!key_bbcmp(&spidx0
->dst
.sin6
.sin6_addr
,
3761 &spidx1
->dst
.sin6
.sin6_addr
, spidx0
->prefd
))
3766 if (bcmp(&spidx0
->dst
, &spidx1
->dst
, spidx0
->dst
.sa
.sa_len
) != 0)
3771 /* XXX Do we check other field ? e.g. flowinfo */
3776 /* returns 0 on match */
3779 const struct sockaddr
*sa1
,
3780 const struct sockaddr
*sa2
,
3786 #define satosin(s) ((const struct sockaddr_in *)s)
3790 #define satosin6(s) ((const struct sockaddr_in6 *)s)
3791 if (sa1
->sa_family
!= sa2
->sa_family
|| sa1
->sa_len
!= sa2
->sa_len
)
3794 switch (sa1
->sa_family
) {
3796 if (sa1
->sa_len
!= sizeof(struct sockaddr_in
))
3798 if (satosin(sa1
)->sin_addr
.s_addr
!=
3799 satosin(sa2
)->sin_addr
.s_addr
) {
3802 if (port
&& satosin(sa1
)->sin_port
!= satosin(sa2
)->sin_port
)
3806 if (sa1
->sa_len
!= sizeof(struct sockaddr_in6
))
3807 return 1; /*EINVAL*/
3808 if (satosin6(sa1
)->sin6_scope_id
!=
3809 satosin6(sa2
)->sin6_scope_id
) {
3812 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1
)->sin6_addr
,
3813 &satosin6(sa2
)->sin6_addr
)) {
3817 satosin6(sa1
)->sin6_port
!= satosin6(sa2
)->sin6_port
) {
3821 if (bcmp(sa1
, sa2
, sa1
->sa_len
) != 0)
3832 * compare two buffers with mask.
3836 * bits: Number of bits to compare
3842 key_bbcmp(const void *a1
, const void *a2
, u_int bits
)
3844 const unsigned char *p1
= a1
;
3845 const unsigned char *p2
= a2
;
3847 /* XXX: This could be considerably faster if we compare a word
3848 * at a time, but it is complicated on LSB Endian machines */
3850 /* Handle null pointers */
3851 if (p1
== NULL
|| p2
== NULL
)
3861 u_int8_t mask
= ~((1<<(8-bits
))-1);
3862 if ((*p1
& mask
) != (*p2
& mask
))
3865 return 1; /* Match! */
3870 * scanning SPD and SAD to check status for each entries,
3871 * and do to remove or to expire.
3872 * XXX: year 2038 problem may remain.
3875 key_timehandler(void *unused
)
3878 time_t now
= time_second
;
3879 struct secspacq
*spacq
, *nextspacq
;
3885 struct secpolicy
*sp
, *nextsp
;
3887 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3888 LIST_FOREACH_MUTABLE(sp
, &sptree
[dir
], chain
, nextsp
) {
3889 if (sp
->state
== IPSEC_SPSTATE_DEAD
) {
3894 if (sp
->lifetime
== 0 && sp
->validtime
== 0)
3897 /* the deletion will occur next time */
3898 if ((sp
->lifetime
&& now
- sp
->created
> sp
->lifetime
)
3899 || (sp
->validtime
&& now
- sp
->lastused
> sp
->validtime
)) {
3900 sp
->state
= IPSEC_SPSTATE_DEAD
;
3910 struct secashead
*sah
, *nextsah
;
3911 struct secasvar
*sav
, *nextsav
;
3913 LIST_FOREACH_MUTABLE(sah
, &sahtree
, chain
, nextsah
) {
3914 /* if sah has been dead, then delete it and process next sah. */
3915 if (sah
->state
== SADB_SASTATE_DEAD
) {
3920 /* if LARVAL entry doesn't become MATURE, delete it. */
3921 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_LARVAL
],
3923 if (now
- sav
->created
> key_larval_lifetime
) {
3929 * check MATURE entry to start to send expire message
3932 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_MATURE
],
3934 /* we don't need to check. */
3935 if (sav
->lft_s
== NULL
)
3939 if (sav
->lft_c
== NULL
) {
3940 ipseclog((LOG_DEBUG
,"key_timehandler: "
3941 "There is no CURRENT time, why?\n"));
3945 /* check SOFT lifetime */
3946 if (sav
->lft_s
->sadb_lifetime_addtime
!= 0
3947 && now
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
3949 * check SA to be used whether or not.
3950 * when SA hasn't been used, delete it.
3952 if (sav
->lft_c
->sadb_lifetime_usetime
== 0) {
3953 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
3956 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
3958 * XXX If we keep to send expire
3959 * message in the status of
3960 * DYING. Do remove below code.
3965 /* check SOFT lifetime by bytes */
3967 * XXX I don't know the way to delete this SA
3968 * when new SA is installed. Caution when it's
3969 * installed too big lifetime by time.
3971 else if (sav
->lft_s
->sadb_lifetime_bytes
!= 0
3972 && sav
->lft_s
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
3974 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
3976 * XXX If we keep to send expire
3977 * message in the status of
3978 * DYING. Do remove below code.
3984 /* check DYING entry to change status to DEAD. */
3985 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_DYING
],
3987 /* we don't need to check. */
3988 if (sav
->lft_h
== NULL
)
3992 if (sav
->lft_c
== NULL
) {
3993 ipseclog((LOG_DEBUG
, "key_timehandler: "
3994 "There is no CURRENT time, why?\n"));
3998 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
3999 && now
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
4000 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4003 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4004 else if (sav
->lft_s
!= NULL
4005 && sav
->lft_s
->sadb_lifetime_addtime
!= 0
4006 && now
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
4008 * XXX: should be checked to be
4009 * installed the valid SA.
4013 * If there is no SA then sending
4019 /* check HARD lifetime by bytes */
4020 else if (sav
->lft_h
->sadb_lifetime_bytes
!= 0
4021 && sav
->lft_h
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
4022 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4027 /* delete entry in DEAD */
4028 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[SADB_SASTATE_DEAD
],
4031 if (sav
->state
!= SADB_SASTATE_DEAD
) {
4032 ipseclog((LOG_DEBUG
, "key_timehandler: "
4033 "invalid sav->state "
4034 "(queue: %d SA: %d): "
4036 SADB_SASTATE_DEAD
, sav
->state
));
4040 * do not call key_freesav() here.
4041 * sav should already be freed, and sav->refcnt
4042 * shows other references to sav
4043 * (such as from SPD).
4049 #ifndef IPSEC_NONBLOCK_ACQUIRE
4052 struct secacq
*acq
, *nextacq
;
4054 LIST_FOREACH_MUTABLE(acq
, &acqtree
, chain
, nextacq
) {
4055 if (now
- acq
->created
> key_blockacq_lifetime
&&
4056 __LIST_CHAINED(acq
)) {
4057 LIST_REMOVE(acq
, chain
);
4065 LIST_FOREACH_MUTABLE(spacq
, &spacqtree
, chain
, nextspacq
) {
4066 if (now
- spacq
->created
> key_blockacq_lifetime
&&
4067 __LIST_CHAINED(spacq
)) {
4068 LIST_REMOVE(spacq
, chain
);
4073 /* initialize random seed */
4074 if (key_tick_init_random
++ > key_int_random
) {
4075 key_tick_init_random
= 0;
4079 #ifndef IPSEC_DEBUG2
4080 /* do exchange to tick time !! */
4081 callout_reset(&key_timehandler_ch
, hz
, key_timehandler
, NULL
);
4089 * to initialize a seed for random()
4094 skrandom(time_second
);
4102 key_randomfill(&value
, sizeof(value
));
4107 key_randomfill(void *p
, size_t l
)
4111 static int warn
= 1;
4113 n
= (size_t)read_random(p
, (u_int
)l
);
4117 bcopy(&v
, (u_int8_t
*)p
+ n
,
4118 l
- n
< sizeof(v
) ? l
- n
: sizeof(v
));
4122 kprintf("WARNING: pseudo-random number generator "
4123 "used for IPsec processing\n");
4130 * map SADB_SATYPE_* to IPPROTO_*.
4131 * if satype == SADB_SATYPE then satype is mapped to ~0.
4133 * 0: invalid satype.
4136 key_satype2proto(u_int8_t satype
)
4139 case SADB_SATYPE_UNSPEC
:
4140 return IPSEC_PROTO_ANY
;
4141 case SADB_SATYPE_AH
:
4143 case SADB_SATYPE_ESP
:
4145 case SADB_X_SATYPE_IPCOMP
:
4146 return IPPROTO_IPCOMP
;
4154 * map IPPROTO_* to SADB_SATYPE_*
4156 * 0: invalid protocol type.
4159 key_proto2satype(u_int16_t proto
)
4163 return SADB_SATYPE_AH
;
4165 return SADB_SATYPE_ESP
;
4166 case IPPROTO_IPCOMP
:
4167 return SADB_X_SATYPE_IPCOMP
;
4176 * SADB_GETSPI processing is to receive
4177 * <base, (SA2), src address, dst address, (SPI range)>
4178 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4179 * tree with the status of LARVAL, and send
4180 * <base, SA(*), address(SD)>
4183 * IN: mhp: pointer to the pointer to each header.
4184 * OUT: NULL if fail.
4185 * other if success, return pointer to the message to send.
4188 key_getspi(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4190 struct sadb_address
*src0
, *dst0
;
4191 struct secasindex saidx
;
4192 struct secashead
*newsah
;
4193 struct secasvar
*newsav
;
4194 struct sockaddr
*saddr
, *daddr
;
4202 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4203 panic("key_getspi: NULL pointer is passed.\n");
4205 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4206 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
4207 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
4208 return key_senderror(so
, m
, EINVAL
);
4210 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4211 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4212 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
4213 return key_senderror(so
, m
, EINVAL
);
4215 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4216 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4217 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4219 mode
= IPSEC_MODE_ANY
;
4223 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4224 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4226 /* map satype to proto */
4227 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4228 ipseclog((LOG_DEBUG
, "key_getspi: invalid satype is passed.\n"));
4229 return key_senderror(so
, m
, EINVAL
);
4232 /* make sure if port number is zero. */
4233 saddr
= (struct sockaddr
*)(src0
+ 1);
4234 daddr
= (struct sockaddr
*)(dst0
+ 1);
4235 switch (saddr
->sa_family
) {
4237 if (saddr
->sa_len
!= sizeof(struct sockaddr_in
))
4238 return key_senderror(so
, m
, EINVAL
);
4239 ((struct sockaddr_in
*)(src0
+ 1))->sin_port
= 0;
4242 if (saddr
->sa_len
!= sizeof(struct sockaddr_in6
))
4243 return key_senderror(so
, m
, EINVAL
);
4244 ((struct sockaddr_in6
*)(src0
+ 1))->sin6_port
= 0;
4249 switch (daddr
->sa_family
) {
4251 if (daddr
->sa_len
!= sizeof(struct sockaddr_in
))
4252 return key_senderror(so
, m
, EINVAL
);
4253 ((struct sockaddr_in
*)(dst0
+ 1))->sin_port
= 0;
4256 if (daddr
->sa_len
!= sizeof(struct sockaddr_in6
))
4257 return key_senderror(so
, m
, EINVAL
);
4258 ((struct sockaddr_in6
*)(dst0
+ 1))->sin6_port
= 0;
4264 /* XXX boundary check against sa_len */
4265 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4267 /* SPI allocation */
4268 spi
= key_do_getnewspi((struct sadb_spirange
*)mhp
->ext
[SADB_EXT_SPIRANGE
],
4271 return key_senderror(so
, m
, EINVAL
);
4273 /* get a SA index */
4274 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
4275 /* create a new SA index */
4276 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
4277 ipseclog((LOG_DEBUG
, "key_getspi: No more memory.\n"));
4278 return key_senderror(so
, m
, ENOBUFS
);
4284 newsav
= KEY_NEWSAV(m
, mhp
, newsah
, &error
);
4285 if (newsav
== NULL
) {
4286 /* XXX don't free new SA index allocated in above. */
4287 return key_senderror(so
, m
, error
);
4291 newsav
->spi
= htonl(spi
);
4293 #ifndef IPSEC_NONBLOCK_ACQUIRE
4294 /* delete the entry in acqtree */
4295 if (mhp
->msg
->sadb_msg_seq
!= 0) {
4297 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) != NULL
) {
4298 /* reset counter in order to deletion by timehandler. */
4299 acq
->created
= time_second
;
4307 struct sadb_sa
*m_sa
;
4308 struct sadb_msg
*newmsg
;
4311 /* create new sadb_msg to reply. */
4312 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
)) +
4313 PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4315 return key_senderror(so
, m
, ENOBUFS
);
4316 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
4318 return key_senderror(so
, m
, ENOBUFS
);
4321 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
4322 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
4324 m_sa
= (struct sadb_sa
*)(mtod(n
, caddr_t
) + off
);
4325 m_sa
->sadb_sa_len
= PFKEY_UNIT64(sizeof(struct sadb_sa
));
4326 m_sa
->sadb_sa_exttype
= SADB_EXT_SA
;
4327 m_sa
->sadb_sa_spi
= htonl(spi
);
4328 off
+= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4332 panic("length inconsistency in key_getspi");
4335 n
->m_next
= key_gather_mbuf(m
, mhp
, 0, 2, SADB_EXT_ADDRESS_SRC
,
4336 SADB_EXT_ADDRESS_DST
);
4339 return key_senderror(so
, m
, ENOBUFS
);
4342 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4343 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4345 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
4347 n
->m_pkthdr
.len
= m_lengthm(n
, NULL
);
4349 newmsg
= mtod(n
, struct sadb_msg
*);
4350 newmsg
->sadb_msg_seq
= newsav
->seq
;
4351 newmsg
->sadb_msg_errno
= 0;
4352 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
4355 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
4360 * allocating new SPI
4361 * called by key_getspi().
4367 key_do_getnewspi(struct sadb_spirange
*spirange
, struct secasindex
*saidx
)
4371 int count
= key_spi_trycnt
;
4373 /* set spi range to allocate */
4374 if (spirange
!= NULL
) {
4375 min
= spirange
->sadb_spirange_min
;
4376 max
= spirange
->sadb_spirange_max
;
4378 min
= key_spi_minval
;
4379 max
= key_spi_maxval
;
4381 /* IPCOMP needs 2-byte SPI */
4382 if (saidx
->proto
== IPPROTO_IPCOMP
) {
4389 t
= min
; min
= max
; max
= t
;
4394 if (key_checkspidup(saidx
, min
) != NULL
) {
4395 ipseclog((LOG_DEBUG
, "key_do_getnewspi: SPI %u exists already.\n", min
));
4399 count
--; /* taking one cost. */
4407 /* when requesting to allocate spi ranged */
4409 /* generate pseudo-random SPI value ranged. */
4410 newspi
= min
+ (key_random() % (max
- min
+ 1));
4412 if (key_checkspidup(saidx
, newspi
) == NULL
)
4416 if (count
== 0 || newspi
== 0) {
4417 ipseclog((LOG_DEBUG
, "key_do_getnewspi: to allocate spi is failed.\n"));
4423 keystat
.getspi_count
=
4424 (keystat
.getspi_count
+ key_spi_trycnt
- count
) / 2;
4430 * SADB_UPDATE processing
4432 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4433 * key(AE), (identity(SD),) (sensitivity)>
4434 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4436 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4437 * (identity(SD),) (sensitivity)>
4440 * m will always be freed.
4443 key_update(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4445 struct sadb_sa
*sa0
;
4446 struct sadb_address
*src0
, *dst0
;
4447 struct secasindex saidx
;
4448 struct secashead
*sah
;
4449 struct secasvar
*sav
;
4456 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4457 panic("key_update: NULL pointer is passed.\n");
4459 /* map satype to proto */
4460 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4461 ipseclog((LOG_DEBUG
, "key_update: invalid satype is passed.\n"));
4462 return key_senderror(so
, m
, EINVAL
);
4465 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
4466 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4467 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
4468 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
4469 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
4470 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
4471 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
4472 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
4473 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
4474 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
4475 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
4476 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
4477 return key_senderror(so
, m
, EINVAL
);
4479 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
4480 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4481 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4482 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
4483 return key_senderror(so
, m
, EINVAL
);
4485 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4486 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4487 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4489 mode
= IPSEC_MODE_ANY
;
4492 /* XXX boundary checking for other extensions */
4494 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4495 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4496 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4498 /* XXX boundary check against sa_len */
4499 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4501 /* get a SA header */
4502 if ((sah
= key_getsah(&saidx
)) == NULL
) {
4503 ipseclog((LOG_DEBUG
, "key_update: no SA index found.\n"));
4504 return key_senderror(so
, m
, ENOENT
);
4507 /* set spidx if there */
4509 error
= key_setident(sah
, m
, mhp
);
4511 return key_senderror(so
, m
, error
);
4513 /* find a SA with sequence number. */
4514 #ifdef IPSEC_DOSEQCHECK
4515 if (mhp
->msg
->sadb_msg_seq
!= 0
4516 && (sav
= key_getsavbyseq(sah
, mhp
->msg
->sadb_msg_seq
)) == NULL
) {
4517 ipseclog((LOG_DEBUG
,
4518 "key_update: no larval SA with sequence %u exists.\n",
4519 mhp
->msg
->sadb_msg_seq
));
4520 return key_senderror(so
, m
, ENOENT
);
4523 if ((sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
)) == NULL
) {
4524 ipseclog((LOG_DEBUG
,
4525 "key_update: no such a SA found (spi:%u)\n",
4526 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
4527 return key_senderror(so
, m
, EINVAL
);
4531 /* validity check */
4532 if (sav
->sah
->saidx
.proto
!= proto
) {
4533 ipseclog((LOG_DEBUG
,
4534 "key_update: protocol mismatched (DB=%u param=%u)\n",
4535 sav
->sah
->saidx
.proto
, proto
));
4536 return key_senderror(so
, m
, EINVAL
);
4538 #ifdef IPSEC_DOSEQCHECK
4539 if (sav
->spi
!= sa0
->sadb_sa_spi
) {
4540 ipseclog((LOG_DEBUG
,
4541 "key_update: SPI mismatched (DB:%u param:%u)\n",
4542 (u_int32_t
)ntohl(sav
->spi
),
4543 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
4544 return key_senderror(so
, m
, EINVAL
);
4547 if (sav
->pid
!= mhp
->msg
->sadb_msg_pid
) {
4548 ipseclog((LOG_DEBUG
,
4549 "key_update: pid mismatched (DB:%u param:%u)\n",
4550 sav
->pid
, mhp
->msg
->sadb_msg_pid
));
4551 return key_senderror(so
, m
, EINVAL
);
4554 /* copy sav values */
4555 error
= key_setsaval(sav
, m
, mhp
);
4558 return key_senderror(so
, m
, error
);
4561 /* check SA values to be mature. */
4562 if ((mhp
->msg
->sadb_msg_errno
= key_mature(sav
)) != 0) {
4564 return key_senderror(so
, m
, 0);
4570 /* set msg buf from mhp */
4571 n
= key_getmsgbuf_x1(m
, mhp
);
4573 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
4574 return key_senderror(so
, m
, ENOBUFS
);
4578 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4583 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
4584 * only called by key_update().
4587 * others : found, pointer to a SA.
4589 #ifdef IPSEC_DOSEQCHECK
4590 static struct secasvar
*
4591 key_getsavbyseq(struct secashead
*sah
, u_int32_t seq
)
4593 struct secasvar
*sav
;
4596 state
= SADB_SASTATE_LARVAL
;
4598 /* search SAD with sequence number ? */
4599 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
4601 KEY_CHKSASTATE(state
, sav
->state
, "key_getsabyseq");
4603 if (sav
->seq
== seq
) {
4605 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
4606 kprintf("DP key_getsavbyseq cause "
4607 "refcnt++:%d SA:%p\n",
4618 * SADB_ADD processing
4619 * add an entry to SA database, when received
4620 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4621 * key(AE), (identity(SD),) (sensitivity)>
4624 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4625 * (identity(SD),) (sensitivity)>
4628 * IGNORE identity and sensitivity messages.
4630 * m will always be freed.
4633 key_add(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4635 struct sadb_sa
*sa0
;
4636 struct sadb_address
*src0
, *dst0
;
4637 struct secasindex saidx
;
4638 struct secashead
*newsah
;
4639 struct secasvar
*newsav
;
4646 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4647 panic("key_add: NULL pointer is passed.\n");
4649 /* map satype to proto */
4650 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4651 ipseclog((LOG_DEBUG
, "key_add: invalid satype is passed.\n"));
4652 return key_senderror(so
, m
, EINVAL
);
4655 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
4656 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4657 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
4658 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
4659 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
4660 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
4661 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
4662 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
4663 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
4664 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
4665 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
4666 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
4667 return key_senderror(so
, m
, EINVAL
);
4669 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
4670 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4671 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4673 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
4674 return key_senderror(so
, m
, EINVAL
);
4676 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
4677 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
4678 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
4680 mode
= IPSEC_MODE_ANY
;
4684 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4685 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
4686 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
4688 /* XXX boundary check against sa_len */
4689 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
4691 /* get a SA header */
4692 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
4693 /* create a new SA header */
4694 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
4695 ipseclog((LOG_DEBUG
, "key_add: No more memory.\n"));
4696 return key_senderror(so
, m
, ENOBUFS
);
4700 /* set spidx if there */
4702 error
= key_setident(newsah
, m
, mhp
);
4704 return key_senderror(so
, m
, error
);
4707 /* create new SA entry. */
4708 /* We can create new SA only if SPI is differenct. */
4709 if (key_getsavbyspi(newsah
, sa0
->sadb_sa_spi
)) {
4710 ipseclog((LOG_DEBUG
, "key_add: SA already exists.\n"));
4711 return key_senderror(so
, m
, EEXIST
);
4713 newsav
= KEY_NEWSAV(m
, mhp
, newsah
, &error
);
4714 if (newsav
== NULL
) {
4715 return key_senderror(so
, m
, error
);
4718 /* check SA values to be mature. */
4719 if ((error
= key_mature(newsav
)) != 0) {
4720 KEY_FREESAV(&newsav
);
4721 return key_senderror(so
, m
, error
);
4725 * don't call key_freesav() here, as we would like to keep the SA
4726 * in the database on success.
4732 /* set msg buf from mhp */
4733 n
= key_getmsgbuf_x1(m
, mhp
);
4735 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
4736 return key_senderror(so
, m
, ENOBUFS
);
4740 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4746 key_setident(struct secashead
*sah
, struct mbuf
*m
,
4747 const struct sadb_msghdr
*mhp
)
4749 const struct sadb_ident
*idsrc
, *iddst
;
4750 int idsrclen
, iddstlen
;
4753 if (sah
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4754 panic("key_setident: NULL pointer is passed.\n");
4756 /* don't make buffer if not there */
4757 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
&&
4758 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
4764 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
||
4765 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
4766 ipseclog((LOG_DEBUG
, "key_setident: invalid identity.\n"));
4770 idsrc
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_SRC
];
4771 iddst
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_DST
];
4772 idsrclen
= mhp
->extlen
[SADB_EXT_IDENTITY_SRC
];
4773 iddstlen
= mhp
->extlen
[SADB_EXT_IDENTITY_DST
];
4775 /* validity check */
4776 if (idsrc
->sadb_ident_type
!= iddst
->sadb_ident_type
) {
4777 ipseclog((LOG_DEBUG
, "key_setident: ident type mismatch.\n"));
4781 switch (idsrc
->sadb_ident_type
) {
4782 case SADB_IDENTTYPE_PREFIX
:
4783 case SADB_IDENTTYPE_FQDN
:
4784 case SADB_IDENTTYPE_USERFQDN
:
4786 /* XXX do nothing */
4792 /* make structure */
4793 KMALLOC(sah
->idents
, struct sadb_ident
*, idsrclen
);
4794 if (sah
->idents
== NULL
) {
4795 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
4798 KMALLOC(sah
->identd
, struct sadb_ident
*, iddstlen
);
4799 if (sah
->identd
== NULL
) {
4802 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
4805 bcopy(idsrc
, sah
->idents
, idsrclen
);
4806 bcopy(iddst
, sah
->identd
, iddstlen
);
4812 * m will not be freed on return.
4813 * it is caller's responsibility to free the result.
4815 static struct mbuf
*
4816 key_getmsgbuf_x1(struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4821 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4822 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
4824 /* create new sadb_msg to reply. */
4825 n
= key_gather_mbuf(m
, mhp
, 1, 9, SADB_EXT_RESERVED
,
4826 SADB_EXT_SA
, SADB_X_EXT_SA2
,
4827 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
4828 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
4829 SADB_EXT_IDENTITY_SRC
, SADB_EXT_IDENTITY_DST
);
4833 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4834 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4838 mtod(n
, struct sadb_msg
*)->sadb_msg_errno
= 0;
4839 mtod(n
, struct sadb_msg
*)->sadb_msg_len
=
4840 PFKEY_UNIT64(n
->m_pkthdr
.len
);
4845 static int key_delete_all (struct socket
*, struct mbuf
*,
4846 const struct sadb_msghdr
*, u_int16_t
);
4849 * SADB_DELETE processing
4851 * <base, SA(*), address(SD)>
4852 * from the ikmpd, and set SADB_SASTATE_DEAD,
4854 * <base, SA(*), address(SD)>
4857 * m will always be freed.
4860 key_delete(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
4862 struct sadb_sa
*sa0
;
4863 struct sadb_address
*src0
, *dst0
;
4864 struct secasindex saidx
;
4865 struct secashead
*sah
;
4866 struct secasvar
*sav
= NULL
;
4870 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4871 panic("key_delete: NULL pointer is passed.\n");
4873 /* map satype to proto */
4874 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
4875 ipseclog((LOG_DEBUG
, "key_delete: invalid satype is passed.\n"));
4876 return key_senderror(so
, m
, EINVAL
);
4879 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
4880 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
4881 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4882 return key_senderror(so
, m
, EINVAL
);
4885 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
4886 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
4887 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4888 return key_senderror(so
, m
, EINVAL
);
4891 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
4893 * Caller wants us to delete all non-LARVAL SAs
4894 * that match the src/dst. This is used during
4895 * IKE INITIAL-CONTACT.
4897 ipseclog((LOG_DEBUG
, "key_delete: doing delete all.\n"));
4898 return key_delete_all(so
, m
, mhp
, proto
);
4899 } else if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
)) {
4900 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
4901 return key_senderror(so
, m
, EINVAL
);
4904 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
4905 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4906 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4908 /* XXX boundary check against sa_len */
4909 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
4911 /* get a SA header */
4912 LIST_FOREACH(sah
, &sahtree
, chain
) {
4913 if (sah
->state
== SADB_SASTATE_DEAD
)
4915 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
4918 /* get a SA with SPI. */
4919 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
4924 ipseclog((LOG_DEBUG
, "key_delete: no SA found.\n"));
4925 return key_senderror(so
, m
, ENOENT
);
4928 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4933 struct sadb_msg
*newmsg
;
4935 /* create new sadb_msg to reply. */
4936 n
= key_gather_mbuf(m
, mhp
, 1, 4, SADB_EXT_RESERVED
,
4937 SADB_EXT_SA
, SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
4939 return key_senderror(so
, m
, ENOBUFS
);
4941 if (n
->m_len
< sizeof(struct sadb_msg
)) {
4942 n
= m_pullup(n
, sizeof(struct sadb_msg
));
4944 return key_senderror(so
, m
, ENOBUFS
);
4946 newmsg
= mtod(n
, struct sadb_msg
*);
4947 newmsg
->sadb_msg_errno
= 0;
4948 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
4951 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
4956 * delete all SAs for src/dst. Called from key_delete().
4959 key_delete_all(struct socket
*so
, struct mbuf
*m
,
4960 const struct sadb_msghdr
*mhp
, u_int16_t proto
)
4962 struct sadb_address
*src0
, *dst0
;
4963 struct secasindex saidx
;
4964 struct secashead
*sah
;
4965 struct secasvar
*sav
, *nextsav
;
4966 u_int stateidx
, state
;
4968 struct sadb_msg
*newmsg
;
4970 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
4971 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
4973 /* XXX boundary check against sa_len */
4974 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
4976 LIST_FOREACH(sah
, &sahtree
, chain
) {
4977 if (sah
->state
== SADB_SASTATE_DEAD
)
4979 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
4982 /* Delete all non-LARVAL SAs. */
4983 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
4985 state
= saorder_state_alive
[stateidx
];
4986 if (state
== SADB_SASTATE_LARVAL
)
4988 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
,
4991 if (sav
->state
!= state
) {
4992 ipseclog((LOG_DEBUG
, "key_delete_all: "
4993 "invalid sav->state "
4994 "(queue: %d SA: %d)\n",
4995 state
, sav
->state
));
4999 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
5005 /* create new sadb_msg to reply. */
5006 n
= key_gather_mbuf(m
, mhp
, 1, 3, SADB_EXT_RESERVED
,
5007 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
);
5009 return key_senderror(so
, m
, ENOBUFS
);
5011 if (n
->m_len
< sizeof(struct sadb_msg
)) {
5012 n
= m_pullup(n
, sizeof(struct sadb_msg
));
5014 return key_senderror(so
, m
, ENOBUFS
);
5016 newmsg
= mtod(n
, struct sadb_msg
*);
5017 newmsg
->sadb_msg_errno
= 0;
5018 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
5021 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
5025 * SADB_GET processing
5027 * <base, SA(*), address(SD)>
5028 * from the ikmpd, and get a SP and a SA to respond,
5030 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5031 * (identity(SD),) (sensitivity)>
5034 * m will always be freed.
5037 key_get(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
5039 struct sadb_sa
*sa0
;
5040 struct sadb_address
*src0
, *dst0
;
5041 struct secasindex saidx
;
5042 struct secashead
*sah
;
5043 struct secasvar
*sav
= NULL
;
5047 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5048 panic("key_get: NULL pointer is passed.\n");
5050 /* map satype to proto */
5051 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5052 ipseclog((LOG_DEBUG
, "key_get: invalid satype is passed.\n"));
5053 return key_senderror(so
, m
, EINVAL
);
5056 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
5057 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5058 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
5059 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
5060 return key_senderror(so
, m
, EINVAL
);
5062 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
5063 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5064 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5065 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
5066 return key_senderror(so
, m
, EINVAL
);
5069 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
5070 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
5071 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
5073 /* XXX boundary check against sa_len */
5074 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
5076 /* get a SA header */
5077 LIST_FOREACH(sah
, &sahtree
, chain
) {
5078 if (sah
->state
== SADB_SASTATE_DEAD
)
5080 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
5083 /* get a SA with SPI. */
5084 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
5089 ipseclog((LOG_DEBUG
, "key_get: no SA found.\n"));
5090 return key_senderror(so
, m
, ENOENT
);
5097 /* map proto to satype */
5098 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
5099 ipseclog((LOG_DEBUG
, "key_get: there was invalid proto in SAD.\n"));
5100 return key_senderror(so
, m
, EINVAL
);
5103 /* create new sadb_msg to reply. */
5104 n
= key_setdumpsa(sav
, SADB_GET
, satype
, mhp
->msg
->sadb_msg_seq
,
5105 mhp
->msg
->sadb_msg_pid
);
5107 return key_senderror(so
, m
, ENOBUFS
);
5110 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
5114 /* XXX make it sysctl-configurable? */
5116 key_getcomb_setlifetime(struct sadb_comb
*comb
)
5119 comb
->sadb_comb_soft_allocations
= 1;
5120 comb
->sadb_comb_hard_allocations
= 1;
5121 comb
->sadb_comb_soft_bytes
= 0;
5122 comb
->sadb_comb_hard_bytes
= 0;
5123 comb
->sadb_comb_hard_addtime
= 86400; /* 1 day */
5124 comb
->sadb_comb_soft_addtime
= comb
->sadb_comb_soft_addtime
* 80 / 100;
5125 comb
->sadb_comb_soft_usetime
= 28800; /* 8 hours */
5126 comb
->sadb_comb_hard_usetime
= comb
->sadb_comb_hard_usetime
* 80 / 100;
5130 * XXX reorder combinations by preference
5131 * XXX no idea if the user wants ESP authentication or not
5133 static struct mbuf
*
5134 key_getcomb_esp(void)
5136 struct sadb_comb
*comb
;
5137 struct enc_xform
*algo
;
5138 struct mbuf
*result
= NULL
, *m
, *n
;
5142 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5145 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5146 algo
= esp_algorithm_lookup(i
);
5150 /* discard algorithms with key size smaller than system min */
5151 if (_BITS(algo
->maxkey
) < ipsec_esp_keymin
)
5153 if (_BITS(algo
->minkey
) < ipsec_esp_keymin
)
5154 encmin
= ipsec_esp_keymin
;
5156 encmin
= _BITS(algo
->minkey
);
5159 m
= key_getcomb_ah();
5162 ("key_getcomb_esp: l=%u > MLEN=%lu",
5164 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5169 bzero(mtod(m
, caddr_t
), m
->m_len
);
5175 totlen
= m_lengthm(m
, NULL
);
5176 KASSERT((totlen
% l
) == 0,
5177 ("key_getcomb_esp: totlen=%u, l=%u", totlen
, l
));
5179 for (off
= 0; off
< totlen
; off
+= l
) {
5180 n
= m_pulldown(m
, off
, l
, &o
);
5182 /* m is already freed */
5185 comb
= (struct sadb_comb
*)(mtod(n
, caddr_t
) + o
);
5186 bzero(comb
, sizeof(*comb
));
5187 key_getcomb_setlifetime(comb
);
5188 comb
->sadb_comb_encrypt
= i
;
5189 comb
->sadb_comb_encrypt_minbits
= encmin
;
5190 comb
->sadb_comb_encrypt_maxbits
= _BITS(algo
->maxkey
);
5209 const struct auth_hash
*ah
,
5214 *min
= *max
= ah
->keysize
;
5215 if (ah
->keysize
== 0) {
5217 * Transform takes arbitrary key size but algorithm
5218 * key size is restricted. Enforce this here.
5221 case SADB_X_AALG_MD5
: *min
= *max
= 16; break;
5222 case SADB_X_AALG_SHA
: *min
= *max
= 20; break;
5223 case SADB_X_AALG_NULL
: *min
= 1; *max
= 256; break;
5225 DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n",
5233 * XXX reorder combinations by preference
5235 static struct mbuf
*
5236 key_getcomb_ah(void)
5238 struct sadb_comb
*comb
;
5239 struct auth_hash
*algo
;
5241 u_int16_t minkeysize
, maxkeysize
;
5243 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5246 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5248 /* we prefer HMAC algorithms, not old algorithms */
5249 if (i
!= SADB_AALG_SHA1HMAC
&& i
!= SADB_AALG_MD5HMAC
)
5252 algo
= ah_algorithm_lookup(i
);
5255 key_getsizes_ah(algo
, i
, &minkeysize
, &maxkeysize
);
5256 /* discard algorithms with key size smaller than system min */
5257 if (_BITS(minkeysize
) < ipsec_ah_keymin
)
5262 ("key_getcomb_ah: l=%u > MLEN=%lu",
5264 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5271 M_PREPEND(m
, l
, MB_DONTWAIT
);
5275 comb
= mtod(m
, struct sadb_comb
*);
5276 bzero(comb
, sizeof(*comb
));
5277 key_getcomb_setlifetime(comb
);
5278 comb
->sadb_comb_auth
= i
;
5279 comb
->sadb_comb_auth_minbits
= _BITS(minkeysize
);
5280 comb
->sadb_comb_auth_maxbits
= _BITS(maxkeysize
);
5287 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5288 * XXX reorder combinations by preference
5290 static struct mbuf
*
5291 key_getcomb_ipcomp(void)
5293 struct sadb_comb
*comb
;
5294 struct comp_algo
*algo
;
5297 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
5300 for (i
= 1; i
<= SADB_X_CALG_MAX
; i
++) {
5301 algo
= ipcomp_algorithm_lookup(i
);
5307 ("key_getcomb_ipcomp: l=%u > MLEN=%lu",
5309 MGET(m
, MB_DONTWAIT
, MT_DATA
);
5316 M_PREPEND(m
, l
, MB_DONTWAIT
);
5320 comb
= mtod(m
, struct sadb_comb
*);
5321 bzero(comb
, sizeof(*comb
));
5322 key_getcomb_setlifetime(comb
);
5323 comb
->sadb_comb_encrypt
= i
;
5324 /* what should we set into sadb_comb_*_{min,max}bits? */
5331 * XXX no way to pass mode (transport/tunnel) to userland
5332 * XXX replay checking?
5333 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5335 static struct mbuf
*
5336 key_getprop(const struct secasindex
*saidx
)
5338 struct sadb_prop
*prop
;
5340 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_prop
));
5342 switch (saidx
->proto
) {
5344 m
= key_getcomb_esp();
5347 m
= key_getcomb_ah();
5349 case IPPROTO_IPCOMP
:
5350 m
= key_getcomb_ipcomp();
5358 M_PREPEND(m
, l
, MB_DONTWAIT
);
5362 prop
= mtod(m
, struct sadb_prop
*);
5363 bzero(prop
, sizeof(*prop
));
5364 prop
->sadb_prop_len
= PFKEY_UNIT64(m_lengthm(m
, NULL
));
5365 prop
->sadb_prop_exttype
= SADB_EXT_PROPOSAL
;
5366 prop
->sadb_prop_replay
= 32; /* XXX */
5372 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5374 * <base, SA, address(SD), (address(P)), x_policy,
5375 * (identity(SD),) (sensitivity,) proposal>
5376 * to KMD, and expect to receive
5377 * <base> with SADB_ACQUIRE if error occured,
5379 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5380 * from KMD by PF_KEY.
5382 * XXX x_policy is outside of RFC2367 (KAME extension).
5383 * XXX sensitivity is not supported.
5384 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5385 * see comment for key_getcomb_ipcomp().
5389 * others: error number
5392 key_acquire(const struct secasindex
*saidx
, struct secpolicy
*sp
)
5394 struct mbuf
*result
= NULL
, *m
;
5395 #ifndef IPSEC_NONBLOCK_ACQUIRE
5396 struct secacq
*newacq
;
5403 KASSERT(saidx
!= NULL
, ("key_acquire: null saidx"));
5404 satype
= key_proto2satype(saidx
->proto
);
5405 KASSERT(satype
!= 0,
5406 ("key_acquire: null satype, protocol %u", saidx
->proto
));
5408 #ifndef IPSEC_NONBLOCK_ACQUIRE
5410 * We never do anything about acquirng SA. There is anather
5411 * solution that kernel blocks to send SADB_ACQUIRE message until
5412 * getting something message from IKEd. In later case, to be
5413 * managed with ACQUIRING list.
5415 /* Get an entry to check whether sending message or not. */
5416 if ((newacq
= key_getacq(saidx
)) != NULL
) {
5417 if (key_blockacq_count
< newacq
->count
) {
5418 /* reset counter and do send message. */
5421 /* increment counter and do nothing. */
5426 /* make new entry for blocking to send SADB_ACQUIRE. */
5427 if ((newacq
= key_newacq(saidx
)) == NULL
)
5430 /* add to acqtree */
5431 LIST_INSERT_HEAD(&acqtree
, newacq
, chain
);
5436 #ifndef IPSEC_NONBLOCK_ACQUIRE
5439 seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
5441 m
= key_setsadbmsg(SADB_ACQUIRE
, 0, satype
, seq
, 0, 0);
5448 /* set sadb_address for saidx's. */
5449 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
5450 &saidx
->src
.sa
, FULLMASK
, IPSEC_ULPROTO_ANY
);
5457 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
5458 &saidx
->dst
.sa
, FULLMASK
, IPSEC_ULPROTO_ANY
);
5465 /* XXX proxy address (optional) */
5467 /* set sadb_x_policy */
5469 m
= key_setsadbxpolicy(sp
->policy
, sp
->spidx
.dir
, sp
->id
);
5477 /* XXX identity (optional) */
5479 if (idexttype
&& fqdn
) {
5480 /* create identity extension (FQDN) */
5481 struct sadb_ident
*id
;
5484 fqdnlen
= strlen(fqdn
) + 1; /* +1 for terminating-NUL */
5485 id
= (struct sadb_ident
*)p
;
5486 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
5487 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
5488 id
->sadb_ident_exttype
= idexttype
;
5489 id
->sadb_ident_type
= SADB_IDENTTYPE_FQDN
;
5490 bcopy(fqdn
, id
+ 1, fqdnlen
);
5491 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(fqdnlen
);
5495 /* create identity extension (USERFQDN) */
5496 struct sadb_ident
*id
;
5500 /* +1 for terminating-NUL */
5501 userfqdnlen
= strlen(userfqdn
) + 1;
5504 id
= (struct sadb_ident
*)p
;
5505 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
5506 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
5507 id
->sadb_ident_exttype
= idexttype
;
5508 id
->sadb_ident_type
= SADB_IDENTTYPE_USERFQDN
;
5509 /* XXX is it correct? */
5510 if (curproc
&& curproc
->p_cred
)
5511 id
->sadb_ident_id
= curproc
->p_cred
->p_ruid
;
5512 if (userfqdn
&& userfqdnlen
)
5513 bcopy(userfqdn
, id
+ 1, userfqdnlen
);
5514 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(userfqdnlen
);
5518 /* XXX sensitivity (optional) */
5520 /* create proposal/combination extension */
5521 m
= key_getprop(saidx
);
5524 * spec conformant: always attach proposal/combination extension,
5525 * the problem is that we have no way to attach it for ipcomp,
5526 * due to the way sadb_comb is declared in RFC2367.
5535 * outside of spec; make proposal/combination extension optional.
5541 if ((result
->m_flags
& M_PKTHDR
) == 0) {
5546 if (result
->m_len
< sizeof(struct sadb_msg
)) {
5547 result
= m_pullup(result
, sizeof(struct sadb_msg
));
5548 if (result
== NULL
) {
5553 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
5554 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
5555 PFKEY_UNIT64(result
->m_pkthdr
.len
);
5557 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
5565 #ifndef IPSEC_NONBLOCK_ACQUIRE
5566 static struct secacq
*
5567 key_newacq(const struct secasindex
*saidx
)
5569 struct secacq
*newacq
;
5572 KMALLOC(newacq
, struct secacq
*, sizeof(struct secacq
));
5573 if (newacq
== NULL
) {
5574 ipseclog((LOG_DEBUG
, "key_newacq: No more memory.\n"));
5577 bzero(newacq
, sizeof(*newacq
));
5580 bcopy(saidx
, &newacq
->saidx
, sizeof(newacq
->saidx
));
5581 newacq
->seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
);
5582 newacq
->created
= time_second
;
5588 static struct secacq
*
5589 key_getacq(const struct secasindex
*saidx
)
5593 LIST_FOREACH(acq
, &acqtree
, chain
) {
5594 if (key_cmpsaidx(saidx
, &acq
->saidx
, CMP_EXACTLY
))
5601 static struct secacq
*
5602 key_getacqbyseq(u_int32_t seq
)
5606 LIST_FOREACH(acq
, &acqtree
, chain
) {
5607 if (acq
->seq
== seq
)
5615 static struct secspacq
*
5616 key_newspacq(struct secpolicyindex
*spidx
)
5618 struct secspacq
*acq
;
5621 KMALLOC(acq
, struct secspacq
*, sizeof(struct secspacq
));
5623 ipseclog((LOG_DEBUG
, "key_newspacq: No more memory.\n"));
5626 bzero(acq
, sizeof(*acq
));
5629 bcopy(spidx
, &acq
->spidx
, sizeof(acq
->spidx
));
5630 acq
->created
= time_second
;
5636 static struct secspacq
*
5637 key_getspacq(struct secpolicyindex
*spidx
)
5639 struct secspacq
*acq
;
5641 LIST_FOREACH(acq
, &spacqtree
, chain
) {
5642 if (key_cmpspidx_exactly(spidx
, &acq
->spidx
))
5650 * SADB_ACQUIRE processing,
5651 * in first situation, is receiving
5653 * from the ikmpd, and clear sequence of its secasvar entry.
5655 * In second situation, is receiving
5656 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5657 * from a user land process, and return
5658 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5661 * m will always be freed.
5664 key_acquire2(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
5666 const struct sadb_address
*src0
, *dst0
;
5667 struct secasindex saidx
;
5668 struct secashead
*sah
;
5673 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5674 panic("key_acquire2: NULL pointer is passed.\n");
5677 * Error message from KMd.
5678 * We assume that if error was occured in IKEd, the length of PFKEY
5679 * message is equal to the size of sadb_msg structure.
5680 * We do not raise error even if error occured in this function.
5682 if (mhp
->msg
->sadb_msg_len
== PFKEY_UNIT64(sizeof(struct sadb_msg
))) {
5683 #ifndef IPSEC_NONBLOCK_ACQUIRE
5686 /* check sequence number */
5687 if (mhp
->msg
->sadb_msg_seq
== 0) {
5688 ipseclog((LOG_DEBUG
, "key_acquire2: must specify sequence number.\n"));
5693 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) == NULL
) {
5695 * the specified larval SA is already gone, or we got
5696 * a bogus sequence number. we can silently ignore it.
5702 /* reset acq counter in order to deletion by timehander. */
5703 acq
->created
= time_second
;
5711 * This message is from user land.
5714 /* map satype to proto */
5715 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5716 ipseclog((LOG_DEBUG
, "key_acquire2: invalid satype is passed.\n"));
5717 return key_senderror(so
, m
, EINVAL
);
5720 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5721 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
5722 mhp
->ext
[SADB_EXT_PROPOSAL
] == NULL
) {
5724 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
5725 return key_senderror(so
, m
, EINVAL
);
5727 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5728 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
5729 mhp
->extlen
[SADB_EXT_PROPOSAL
] < sizeof(struct sadb_prop
)) {
5731 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
5732 return key_senderror(so
, m
, EINVAL
);
5735 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
5736 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
5738 /* XXX boundary check against sa_len */
5739 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
5741 /* get a SA index */
5742 LIST_FOREACH(sah
, &sahtree
, chain
) {
5743 if (sah
->state
== SADB_SASTATE_DEAD
)
5745 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE_REQID
))
5749 ipseclog((LOG_DEBUG
, "key_acquire2: a SA exists already.\n"));
5750 return key_senderror(so
, m
, EEXIST
);
5753 error
= key_acquire(&saidx
, NULL
);
5755 ipseclog((LOG_DEBUG
, "key_acquire2: error %d returned "
5756 "from key_acquire.\n", mhp
->msg
->sadb_msg_errno
));
5757 return key_senderror(so
, m
, error
);
5760 return key_sendup_mbuf(so
, m
, KEY_SENDUP_REGISTERED
);
5764 * SADB_REGISTER processing.
5765 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
5768 * from the ikmpd, and register a socket to send PF_KEY messages,
5772 * If socket is detached, must free from regnode.
5774 * m will always be freed.
5777 key_register(struct socket
*so
, struct mbuf
*m
,
5778 const struct sadb_msghdr
*mhp
)
5780 struct secreg
*reg
, *newreg
= 0;
5783 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5784 panic("key_register: NULL pointer is passed.\n");
5786 /* check for invalid register message */
5787 if (mhp
->msg
->sadb_msg_satype
>= sizeof(regtree
)/sizeof(regtree
[0]))
5788 return key_senderror(so
, m
, EINVAL
);
5790 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
5791 if (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_UNSPEC
)
5794 /* check whether existing or not */
5795 LIST_FOREACH(reg
, ®tree
[mhp
->msg
->sadb_msg_satype
], chain
) {
5796 if (reg
->so
== so
) {
5797 ipseclog((LOG_DEBUG
, "key_register: socket exists already.\n"));
5798 return key_senderror(so
, m
, EEXIST
);
5802 /* create regnode */
5803 KMALLOC(newreg
, struct secreg
*, sizeof(*newreg
));
5804 if (newreg
== NULL
) {
5805 ipseclog((LOG_DEBUG
, "key_register: No more memory.\n"));
5806 return key_senderror(so
, m
, ENOBUFS
);
5808 bzero((caddr_t
)newreg
, sizeof(*newreg
));
5811 ((struct keycb
*)sotorawcb(so
))->kp_registered
++;
5813 /* add regnode to regtree. */
5814 LIST_INSERT_HEAD(®tree
[mhp
->msg
->sadb_msg_satype
], newreg
, chain
);
5819 struct sadb_msg
*newmsg
;
5820 struct sadb_supported
*sup
;
5821 u_int len
, alen
, elen
;
5824 struct sadb_alg
*alg
;
5826 /* create new sadb_msg to reply. */
5828 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5829 if (ah_algorithm_lookup(i
))
5830 alen
+= sizeof(struct sadb_alg
);
5833 alen
+= sizeof(struct sadb_supported
);
5835 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5836 if (esp_algorithm_lookup(i
))
5837 elen
+= sizeof(struct sadb_alg
);
5840 elen
+= sizeof(struct sadb_supported
);
5842 len
= sizeof(struct sadb_msg
) + alen
+ elen
;
5845 return key_senderror(so
, m
, ENOBUFS
);
5846 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
5848 return key_senderror(so
, m
, ENOBUFS
);
5849 n
->m_pkthdr
.len
= n
->m_len
= len
;
5851 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
));
5852 newmsg
= mtod(n
, struct sadb_msg
*);
5853 newmsg
->sadb_msg_errno
= 0;
5854 newmsg
->sadb_msg_len
= PFKEY_UNIT64(len
);
5855 off
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
5857 /* for authentication algorithm */
5859 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
5860 sup
->sadb_supported_len
= PFKEY_UNIT64(alen
);
5861 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
5862 off
+= PFKEY_ALIGN8(sizeof(*sup
));
5864 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
5865 struct auth_hash
*aalgo
;
5866 u_int16_t minkeysize
, maxkeysize
;
5868 aalgo
= ah_algorithm_lookup(i
);
5871 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
5872 alg
->sadb_alg_id
= i
;
5873 alg
->sadb_alg_ivlen
= 0;
5874 key_getsizes_ah(aalgo
, i
, &minkeysize
, &maxkeysize
);
5875 alg
->sadb_alg_minbits
= _BITS(minkeysize
);
5876 alg
->sadb_alg_maxbits
= _BITS(maxkeysize
);
5877 off
+= PFKEY_ALIGN8(sizeof(*alg
));
5881 /* for encryption algorithm */
5883 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
5884 sup
->sadb_supported_len
= PFKEY_UNIT64(elen
);
5885 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_ENCRYPT
;
5886 off
+= PFKEY_ALIGN8(sizeof(*sup
));
5888 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
5889 struct enc_xform
*ealgo
;
5891 ealgo
= esp_algorithm_lookup(i
);
5894 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
5895 alg
->sadb_alg_id
= i
;
5896 alg
->sadb_alg_ivlen
= ealgo
->blocksize
;
5897 alg
->sadb_alg_minbits
= _BITS(ealgo
->minkey
);
5898 alg
->sadb_alg_maxbits
= _BITS(ealgo
->maxkey
);
5899 off
+= PFKEY_ALIGN8(sizeof(struct sadb_alg
));
5905 panic("length assumption failed in key_register");
5909 return key_sendup_mbuf(so
, n
, KEY_SENDUP_REGISTERED
);
5914 * free secreg entry registered.
5915 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
5918 key_freereg(struct socket
*so
)
5925 panic("key_freereg: NULL pointer is passed.\n");
5928 * check whether existing or not.
5929 * check all type of SA, because there is a potential that
5930 * one socket is registered to multiple type of SA.
5932 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
5933 LIST_FOREACH(reg
, ®tree
[i
], chain
) {
5935 && __LIST_CHAINED(reg
)) {
5936 LIST_REMOVE(reg
, chain
);
5947 * SADB_EXPIRE processing
5949 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
5951 * NOTE: We send only soft lifetime extension.
5954 * others : error number
5957 key_expire(struct secasvar
*sav
)
5961 struct mbuf
*result
= NULL
, *m
;
5964 struct sadb_lifetime
*lt
;
5966 /* XXX: Why do we lock ? */
5971 panic("key_expire: NULL pointer is passed.\n");
5972 if (sav
->sah
== NULL
)
5973 panic("key_expire: Why was SA index in SA NULL.\n");
5974 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
5975 panic("key_expire: invalid proto is passed.\n");
5977 /* set msg header */
5978 m
= key_setsadbmsg(SADB_EXPIRE
, 0, satype
, sav
->seq
, 0, sav
->refcnt
);
5985 /* create SA extension */
5986 m
= key_setsadbsa(sav
);
5993 /* create SA extension */
5994 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
5995 sav
->replay
? sav
->replay
->count
: 0,
5996 sav
->sah
->saidx
.reqid
);
6003 /* create lifetime extension (current and soft) */
6004 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
6005 m
= key_alloc_mbuf(len
);
6006 if (!m
|| m
->m_next
) { /*XXX*/
6012 bzero(mtod(m
, caddr_t
), len
);
6013 lt
= mtod(m
, struct sadb_lifetime
*);
6014 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
6015 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
6016 lt
->sadb_lifetime_allocations
= sav
->lft_c
->sadb_lifetime_allocations
;
6017 lt
->sadb_lifetime_bytes
= sav
->lft_c
->sadb_lifetime_bytes
;
6018 lt
->sadb_lifetime_addtime
= sav
->lft_c
->sadb_lifetime_addtime
;
6019 lt
->sadb_lifetime_usetime
= sav
->lft_c
->sadb_lifetime_usetime
;
6020 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
6021 bcopy(sav
->lft_s
, lt
, sizeof(*lt
));
6024 /* set sadb_address for source */
6025 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
6026 &sav
->sah
->saidx
.src
.sa
,
6027 FULLMASK
, IPSEC_ULPROTO_ANY
);
6034 /* set sadb_address for destination */
6035 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
6036 &sav
->sah
->saidx
.dst
.sa
,
6037 FULLMASK
, IPSEC_ULPROTO_ANY
);
6044 if ((result
->m_flags
& M_PKTHDR
) == 0) {
6049 if (result
->m_len
< sizeof(struct sadb_msg
)) {
6050 result
= m_pullup(result
, sizeof(struct sadb_msg
));
6051 if (result
== NULL
) {
6056 result
->m_pkthdr
.len
= m_lengthm(result
, NULL
);
6057 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
6058 PFKEY_UNIT64(result
->m_pkthdr
.len
);
6061 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
6071 * SADB_FLUSH processing
6074 * from the ikmpd, and free all entries in secastree.
6078 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6080 * m will always be freed.
6083 key_flush(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6085 struct sadb_msg
*newmsg
;
6086 struct secashead
*sah
;
6091 if (so
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6092 panic("key_flush: NULL pointer is passed.\n");
6094 /* map satype to proto */
6095 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6096 ipseclog((LOG_DEBUG
, "key_flush: invalid satype is passed.\n"));
6097 return key_senderror(so
, m
, EINVAL
);
6100 /* no SATYPE specified, i.e. flushing all SA. */
6101 LIST_FOREACH(sah
, &sahtree
, chain
) {
6102 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
&&
6103 proto
!= sah
->saidx
.proto
)
6106 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
);
6108 struct secasvar
*sav
, *nextsav
;
6109 u_int8_t state
= saorder_state_any
[stateidx
];
6111 LIST_FOREACH_MUTABLE(sav
, &sah
->savtree
[state
], chain
,
6113 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6118 sah
->state
= SADB_SASTATE_DEAD
;
6121 if (m
->m_len
< sizeof(struct sadb_msg
) ||
6122 sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
6123 ipseclog((LOG_DEBUG
, "key_flush: No more memory.\n"));
6124 return key_senderror(so
, m
, ENOBUFS
);
6130 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct sadb_msg
);
6131 newmsg
= mtod(m
, struct sadb_msg
*);
6132 newmsg
->sadb_msg_errno
= 0;
6133 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
6135 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6139 * SADB_DUMP processing
6140 * dump all entries including status of DEAD in SAD.
6143 * from the ikmpd, and dump all secasvar leaves
6148 * m will always be freed.
6151 key_dump(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6153 struct secashead
*sah
;
6154 struct secasvar
*sav
;
6160 struct sadb_msg
*newmsg
;
6164 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6165 panic("key_dump: NULL pointer is passed.\n");
6167 /* map satype to proto */
6168 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6169 ipseclog((LOG_DEBUG
, "key_dump: invalid satype is passed.\n"));
6170 return key_senderror(so
, m
, EINVAL
);
6173 /* count sav entries to be sent to the userland. */
6175 LIST_FOREACH(sah
, &sahtree
, chain
) {
6176 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
&&
6177 proto
!= sah
->saidx
.proto
)
6180 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
6182 state
= saorder_state_any
[stateidx
];
6183 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
6190 return key_senderror(so
, m
, ENOENT
);
6192 /* send this to the userland, one at a time. */
6194 LIST_FOREACH(sah
, &sahtree
, chain
) {
6195 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
6196 && proto
!= sah
->saidx
.proto
)
6199 /* map proto to satype */
6200 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
6201 ipseclog((LOG_DEBUG
, "key_dump: there was invalid proto in SAD.\n"));
6202 return key_senderror(so
, m
, EINVAL
);
6205 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_any
);
6207 state
= saorder_state_any
[stateidx
];
6208 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
6209 n
= key_setdumpsa(sav
, SADB_DUMP
, satype
,
6210 --cnt
, mhp
->msg
->sadb_msg_pid
);
6212 return key_senderror(so
, m
, ENOBUFS
);
6214 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
6224 * SADB_X_PROMISC processing
6226 * m will always be freed.
6229 key_promisc(struct socket
*so
, struct mbuf
*m
, const struct sadb_msghdr
*mhp
)
6234 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6235 panic("key_promisc: NULL pointer is passed.\n");
6237 olen
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
6239 if (olen
< sizeof(struct sadb_msg
)) {
6241 return key_senderror(so
, m
, EINVAL
);
6246 } else if (olen
== sizeof(struct sadb_msg
)) {
6247 /* enable/disable promisc mode */
6250 if ((kp
= (struct keycb
*)sotorawcb(so
)) == NULL
)
6251 return key_senderror(so
, m
, EINVAL
);
6252 mhp
->msg
->sadb_msg_errno
= 0;
6253 switch (mhp
->msg
->sadb_msg_satype
) {
6256 kp
->kp_promisc
= mhp
->msg
->sadb_msg_satype
;
6259 return key_senderror(so
, m
, EINVAL
);
6262 /* send the original message back to everyone */
6263 mhp
->msg
->sadb_msg_errno
= 0;
6264 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6266 /* send packet as is */
6268 m_adj(m
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)));
6270 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6271 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
6275 static int (*key_typesw
[]) (struct socket
*, struct mbuf
*,
6276 const struct sadb_msghdr
*) = {
6277 NULL
, /* SADB_RESERVED */
6278 key_getspi
, /* SADB_GETSPI */
6279 key_update
, /* SADB_UPDATE */
6280 key_add
, /* SADB_ADD */
6281 key_delete
, /* SADB_DELETE */
6282 key_get
, /* SADB_GET */
6283 key_acquire2
, /* SADB_ACQUIRE */
6284 key_register
, /* SADB_REGISTER */
6285 NULL
, /* SADB_EXPIRE */
6286 key_flush
, /* SADB_FLUSH */
6287 key_dump
, /* SADB_DUMP */
6288 key_promisc
, /* SADB_X_PROMISC */
6289 NULL
, /* SADB_X_PCHANGE */
6290 key_spdadd
, /* SADB_X_SPDUPDATE */
6291 key_spdadd
, /* SADB_X_SPDADD */
6292 key_spddelete
, /* SADB_X_SPDDELETE */
6293 key_spdget
, /* SADB_X_SPDGET */
6294 NULL
, /* SADB_X_SPDACQUIRE */
6295 key_spddump
, /* SADB_X_SPDDUMP */
6296 key_spdflush
, /* SADB_X_SPDFLUSH */
6297 key_spdadd
, /* SADB_X_SPDSETIDX */
6298 NULL
, /* SADB_X_SPDEXPIRE */
6299 key_spddelete2
, /* SADB_X_SPDDELETE2 */
6303 * parse sadb_msg buffer to process PFKEYv2,
6304 * and create a data to response if needed.
6305 * I think to be dealed with mbuf directly.
6307 * msgp : pointer to pointer to a received buffer pulluped.
6308 * This is rewrited to response.
6309 * so : pointer to socket.
6311 * length for buffer to send to user process.
6314 key_parse(struct mbuf
*m
, struct socket
*so
)
6316 struct sadb_msg
*msg
;
6317 struct sadb_msghdr mh
;
6323 if (m
== NULL
|| so
== NULL
)
6324 panic("key_parse: NULL pointer is passed.\n");
6326 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6327 KEYDEBUG(KEYDEBUG_KEY_DUMP
,
6328 ipseclog((LOG_DEBUG
, "key_parse: passed sadb_msg\n"));
6332 if (m
->m_len
< sizeof(struct sadb_msg
)) {
6333 m
= m_pullup(m
, sizeof(struct sadb_msg
));
6337 msg
= mtod(m
, struct sadb_msg
*);
6338 orglen
= PFKEY_UNUNIT64(msg
->sadb_msg_len
);
6339 target
= KEY_SENDUP_ONE
;
6341 if ((m
->m_flags
& M_PKTHDR
) == 0 ||
6342 m
->m_pkthdr
.len
!= m
->m_pkthdr
.len
) {
6343 ipseclog((LOG_DEBUG
, "key_parse: invalid message length.\n"));
6344 pfkeystat
.out_invlen
++;
6349 if (msg
->sadb_msg_version
!= PF_KEY_V2
) {
6350 ipseclog((LOG_DEBUG
,
6351 "key_parse: PF_KEY version %u is mismatched.\n",
6352 msg
->sadb_msg_version
));
6353 pfkeystat
.out_invver
++;
6358 if (msg
->sadb_msg_type
> SADB_MAX
) {
6359 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
6360 msg
->sadb_msg_type
));
6361 pfkeystat
.out_invmsgtype
++;
6366 /* for old-fashioned code - should be nuked */
6367 if (m
->m_pkthdr
.len
> MCLBYTES
) {
6374 n
= m_getb(m
->m_pkthdr
.len
, MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
6379 m_copydata(m
, 0, m
->m_pkthdr
.len
, mtod(n
, caddr_t
));
6380 n
->m_pkthdr
.len
= n
->m_len
= m
->m_pkthdr
.len
;
6385 /* align the mbuf chain so that extensions are in contiguous region. */
6386 error
= key_align(m
, &mh
);
6393 switch (msg
->sadb_msg_satype
) {
6394 case SADB_SATYPE_UNSPEC
:
6395 switch (msg
->sadb_msg_type
) {
6403 ipseclog((LOG_DEBUG
, "key_parse: must specify satype "
6404 "when msg type=%u.\n", msg
->sadb_msg_type
));
6405 pfkeystat
.out_invsatype
++;
6410 case SADB_SATYPE_AH
:
6411 case SADB_SATYPE_ESP
:
6412 case SADB_X_SATYPE_IPCOMP
:
6413 switch (msg
->sadb_msg_type
) {
6415 case SADB_X_SPDDELETE
:
6417 case SADB_X_SPDDUMP
:
6418 case SADB_X_SPDFLUSH
:
6419 case SADB_X_SPDSETIDX
:
6420 case SADB_X_SPDUPDATE
:
6421 case SADB_X_SPDDELETE2
:
6422 ipseclog((LOG_DEBUG
, "key_parse: illegal satype=%u\n",
6423 msg
->sadb_msg_type
));
6424 pfkeystat
.out_invsatype
++;
6429 case SADB_SATYPE_RSVP
:
6430 case SADB_SATYPE_OSPFV2
:
6431 case SADB_SATYPE_RIPV2
:
6432 case SADB_SATYPE_MIP
:
6433 ipseclog((LOG_DEBUG
, "key_parse: type %u isn't supported.\n",
6434 msg
->sadb_msg_satype
));
6435 pfkeystat
.out_invsatype
++;
6438 case 1: /* XXX: What does it do? */
6439 if (msg
->sadb_msg_type
== SADB_X_PROMISC
)
6443 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
6444 msg
->sadb_msg_satype
));
6445 pfkeystat
.out_invsatype
++;
6450 /* check field of upper layer protocol and address family */
6451 if (mh
.ext
[SADB_EXT_ADDRESS_SRC
] != NULL
6452 && mh
.ext
[SADB_EXT_ADDRESS_DST
] != NULL
) {
6453 struct sadb_address
*src0
, *dst0
;
6456 src0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_SRC
]);
6457 dst0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_DST
]);
6459 /* check upper layer protocol */
6460 if (src0
->sadb_address_proto
!= dst0
->sadb_address_proto
) {
6461 ipseclog((LOG_DEBUG
, "key_parse: upper layer protocol mismatched.\n"));
6462 pfkeystat
.out_invaddr
++;
6468 if (PFKEY_ADDR_SADDR(src0
)->sa_family
!=
6469 PFKEY_ADDR_SADDR(dst0
)->sa_family
) {
6470 ipseclog((LOG_DEBUG
, "key_parse: address family mismatched.\n"));
6471 pfkeystat
.out_invaddr
++;
6475 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6476 PFKEY_ADDR_SADDR(dst0
)->sa_len
) {
6477 ipseclog((LOG_DEBUG
,
6478 "key_parse: address struct size mismatched.\n"));
6479 pfkeystat
.out_invaddr
++;
6484 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
6486 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6487 sizeof(struct sockaddr_in
)) {
6488 pfkeystat
.out_invaddr
++;
6494 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
6495 sizeof(struct sockaddr_in6
)) {
6496 pfkeystat
.out_invaddr
++;
6502 ipseclog((LOG_DEBUG
,
6503 "key_parse: unsupported address family.\n"));
6504 pfkeystat
.out_invaddr
++;
6505 error
= EAFNOSUPPORT
;
6509 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
6511 plen
= sizeof(struct in_addr
) << 3;
6514 plen
= sizeof(struct in6_addr
) << 3;
6517 plen
= 0; /*fool gcc*/
6521 /* check max prefix length */
6522 if (src0
->sadb_address_prefixlen
> plen
||
6523 dst0
->sadb_address_prefixlen
> plen
) {
6524 ipseclog((LOG_DEBUG
,
6525 "key_parse: illegal prefixlen.\n"));
6526 pfkeystat
.out_invaddr
++;
6532 * prefixlen == 0 is valid because there can be a case when
6533 * all addresses are matched.
6537 if (msg
->sadb_msg_type
>= sizeof(key_typesw
)/sizeof(key_typesw
[0]) ||
6538 key_typesw
[msg
->sadb_msg_type
] == NULL
) {
6539 pfkeystat
.out_invmsgtype
++;
6544 return (*key_typesw
[msg
->sadb_msg_type
])(so
, m
, &mh
);
6547 msg
->sadb_msg_errno
= error
;
6548 return key_sendup_mbuf(so
, m
, target
);
6552 key_senderror(struct socket
*so
, struct mbuf
*m
, int code
)
6554 struct sadb_msg
*msg
;
6556 if (m
->m_len
< sizeof(struct sadb_msg
))
6557 panic("invalid mbuf passed to key_senderror");
6559 msg
= mtod(m
, struct sadb_msg
*);
6560 msg
->sadb_msg_errno
= code
;
6561 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
6565 * set the pointer to each header into message buffer.
6566 * m will be freed on error.
6567 * XXX larger-than-MCLBYTES extension?
6570 key_align(struct mbuf
*m
, struct sadb_msghdr
*mhp
)
6573 struct sadb_ext
*ext
;
6579 if (m
== NULL
|| mhp
== NULL
)
6580 panic("key_align: NULL pointer is passed.\n");
6581 if (m
->m_len
< sizeof(struct sadb_msg
))
6582 panic("invalid mbuf passed to key_align");
6585 bzero(mhp
, sizeof(*mhp
));
6587 mhp
->msg
= mtod(m
, struct sadb_msg
*);
6588 mhp
->ext
[0] = (struct sadb_ext
*)mhp
->msg
; /*XXX backward compat */
6590 end
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
6591 extlen
= end
; /*just in case extlen is not updated*/
6592 for (off
= sizeof(struct sadb_msg
); off
< end
; off
+= extlen
) {
6593 n
= m_pulldown(m
, off
, sizeof(struct sadb_ext
), &toff
);
6595 /* m is already freed */
6598 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
6601 switch (ext
->sadb_ext_type
) {
6603 case SADB_EXT_ADDRESS_SRC
:
6604 case SADB_EXT_ADDRESS_DST
:
6605 case SADB_EXT_ADDRESS_PROXY
:
6606 case SADB_EXT_LIFETIME_CURRENT
:
6607 case SADB_EXT_LIFETIME_HARD
:
6608 case SADB_EXT_LIFETIME_SOFT
:
6609 case SADB_EXT_KEY_AUTH
:
6610 case SADB_EXT_KEY_ENCRYPT
:
6611 case SADB_EXT_IDENTITY_SRC
:
6612 case SADB_EXT_IDENTITY_DST
:
6613 case SADB_EXT_SENSITIVITY
:
6614 case SADB_EXT_PROPOSAL
:
6615 case SADB_EXT_SUPPORTED_AUTH
:
6616 case SADB_EXT_SUPPORTED_ENCRYPT
:
6617 case SADB_EXT_SPIRANGE
:
6618 case SADB_X_EXT_POLICY
:
6619 case SADB_X_EXT_SA2
:
6620 /* duplicate check */
6622 * XXX Are there duplication payloads of either
6623 * KEY_AUTH or KEY_ENCRYPT ?
6625 if (mhp
->ext
[ext
->sadb_ext_type
] != NULL
) {
6626 ipseclog((LOG_DEBUG
,
6627 "key_align: duplicate ext_type %u "
6628 "is passed.\n", ext
->sadb_ext_type
));
6630 pfkeystat
.out_dupext
++;
6635 ipseclog((LOG_DEBUG
,
6636 "key_align: invalid ext_type %u is passed.\n",
6637 ext
->sadb_ext_type
));
6639 pfkeystat
.out_invexttype
++;
6643 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
6645 if (key_validate_ext(ext
, extlen
)) {
6647 pfkeystat
.out_invlen
++;
6651 n
= m_pulldown(m
, off
, extlen
, &toff
);
6653 /* m is already freed */
6656 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
6658 mhp
->ext
[ext
->sadb_ext_type
] = ext
;
6659 mhp
->extoff
[ext
->sadb_ext_type
] = off
;
6660 mhp
->extlen
[ext
->sadb_ext_type
] = extlen
;
6665 pfkeystat
.out_invlen
++;
6673 key_validate_ext(const struct sadb_ext
*ext
, int len
)
6675 const struct sockaddr
*sa
;
6676 enum { NONE
, ADDR
} checktype
= NONE
;
6678 const int sal
= offsetof(struct sockaddr
, sa_len
) + sizeof(sa
->sa_len
);
6680 if (len
!= PFKEY_UNUNIT64(ext
->sadb_ext_len
))
6683 /* if it does not match minimum/maximum length, bail */
6684 if (ext
->sadb_ext_type
>= sizeof(minsize
) / sizeof(minsize
[0]) ||
6685 ext
->sadb_ext_type
>= sizeof(maxsize
) / sizeof(maxsize
[0]))
6687 if (!minsize
[ext
->sadb_ext_type
] || len
< minsize
[ext
->sadb_ext_type
])
6689 if (maxsize
[ext
->sadb_ext_type
] && len
> maxsize
[ext
->sadb_ext_type
])
6692 /* more checks based on sadb_ext_type XXX need more */
6693 switch (ext
->sadb_ext_type
) {
6694 case SADB_EXT_ADDRESS_SRC
:
6695 case SADB_EXT_ADDRESS_DST
:
6696 case SADB_EXT_ADDRESS_PROXY
:
6697 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_address
));
6700 case SADB_EXT_IDENTITY_SRC
:
6701 case SADB_EXT_IDENTITY_DST
:
6702 if (((const struct sadb_ident
*)ext
)->sadb_ident_type
==
6703 SADB_X_IDENTTYPE_ADDR
) {
6704 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_ident
));
6714 switch (checktype
) {
6718 sa
= (const struct sockaddr
*)(((const u_int8_t
*)ext
)+baselen
);
6719 if (len
< baselen
+ sal
)
6721 if (baselen
+ PFKEY_ALIGN8(sa
->sa_len
) != len
)
6734 for (i
= 0; i
< IPSEC_DIR_MAX
; i
++) {
6735 LIST_INIT(&sptree
[i
]);
6738 LIST_INIT(&sahtree
);
6740 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
6741 LIST_INIT(®tree
[i
]);
6744 #ifndef IPSEC_NONBLOCK_ACQUIRE
6745 LIST_INIT(&acqtree
);
6747 LIST_INIT(&spacqtree
);
6749 /* system default */
6750 ip4_def_policy
.policy
= IPSEC_POLICY_NONE
;
6751 ip4_def_policy
.refcnt
++; /*never reclaim this*/
6753 #ifndef IPSEC_DEBUG2
6754 callout_init(&key_timehandler_ch
);
6755 callout_reset(&key_timehandler_ch
, hz
, key_timehandler
, NULL
);
6756 #endif /*IPSEC_DEBUG2*/
6758 /* initialize key statistics */
6759 keystat
.getspi_count
= 1;
6761 kprintf("IPsec: Initialized Security Association Processing.\n");
6767 * XXX: maybe This function is called after INBOUND IPsec processing.
6769 * Special check for tunnel-mode packets.
6770 * We must make some checks for consistency between inner and outer IP header.
6772 * xxx more checks to be provided
6775 key_checktunnelsanity(struct secasvar
*sav
, u_int family
, caddr_t src
,
6779 if (sav
->sah
== NULL
)
6780 panic("sav->sah == NULL at key_checktunnelsanity");
6782 /* XXX: check inner IP header */
6788 #define hostnamelen strlen(hostname)
6791 * Get FQDN for the host.
6792 * If the administrator configured hostname (by hostname(1)) without
6793 * domain name, returns nothing.
6800 static char fqdn
[MAXHOSTNAMELEN
+ 1];
6805 /* check if it comes with domain name. */
6807 for (i
= 0; i
< hostnamelen
; i
++) {
6808 if (hostname
[i
] == '.')
6814 /* NOTE: hostname may not be NUL-terminated. */
6815 bzero(fqdn
, sizeof(fqdn
));
6816 bcopy(hostname
, fqdn
, hostnamelen
);
6817 fqdn
[hostnamelen
] = '\0';
6822 * get username@FQDN for the host/user.
6825 key_getuserfqdn(void)
6828 static char userfqdn
[MAXHOSTNAMELEN
+ MAXLOGNAME
+ 2];
6829 struct proc
*p
= curproc
;
6832 if (!p
|| !p
->p_pgrp
|| !p
->p_pgrp
->pg_session
)
6834 if (!(host
= key_getfqdn()))
6837 /* NOTE: s_login may not be-NUL terminated. */
6838 bzero(userfqdn
, sizeof(userfqdn
));
6839 bcopy(p
->p_pgrp
->pg_session
->s_login
, userfqdn
, MAXLOGNAME
);
6840 userfqdn
[MAXLOGNAME
] = '\0'; /* safeguard */
6841 q
= userfqdn
+ strlen(userfqdn
);
6843 bcopy(host
, q
, strlen(host
));
6851 /* record data transfer on SA, and update timestamps */
6853 key_sa_recordxfer(struct secasvar
*sav
, struct mbuf
*m
)
6855 KASSERT(sav
!= NULL
, ("key_sa_recordxfer: Null secasvar"));
6856 KASSERT(m
!= NULL
, ("key_sa_recordxfer: Null mbuf"));
6861 * XXX Currently, there is a difference of bytes size
6862 * between inbound and outbound processing.
6864 sav
->lft_c
->sadb_lifetime_bytes
+= m
->m_pkthdr
.len
;
6865 /* to check bytes lifetime is done in key_timehandler(). */
6868 * We use the number of packets as the unit of
6869 * sadb_lifetime_allocations. We increment the variable
6870 * whenever {esp,ah}_{in,out}put is called.
6872 sav
->lft_c
->sadb_lifetime_allocations
++;
6873 /* XXX check for expires? */
6876 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
6877 * in seconds. HARD and SOFT lifetime are measured by the time
6878 * difference (again in seconds) from sadb_lifetime_usetime.
6882 * -----+-----+--------+---> t
6883 * <--------------> HARD
6886 sav
->lft_c
->sadb_lifetime_usetime
= time_second
;
6887 /* XXX check for expires? */
6894 key_sa_routechange(struct sockaddr
*dst
)
6896 struct secashead
*sah
;
6899 LIST_FOREACH(sah
, &sahtree
, chain
) {
6900 ro
= &sah
->sa_route
;
6901 if (ro
->ro_rt
&& dst
->sa_len
== ro
->ro_dst
.sa_len
6902 && bcmp(dst
, &ro
->ro_dst
, dst
->sa_len
) == 0) {
6904 ro
->ro_rt
= (struct rtentry
*)NULL
;
6912 key_sa_chgstate(struct secasvar
*sav
, u_int8_t state
)
6915 panic("key_sa_chgstate called with sav == NULL");
6917 if (sav
->state
== state
)
6920 if (__LIST_CHAINED(sav
))
6921 LIST_REMOVE(sav
, chain
);
6924 LIST_INSERT_HEAD(&sav
->sah
->savtree
[state
], sav
, chain
);
6928 key_sa_stir_iv(struct secasvar
*sav
)
6932 panic("key_sa_stir_iv called with sav == NULL");
6933 key_randomfill(sav
->iv
, sav
->ivlen
);
6937 static struct mbuf
*
6938 key_alloc_mbuf(int l
)
6940 struct mbuf
*m
= NULL
, *n
;
6945 n
= m_getb(len
, MB_DONTWAIT
, MT_DATA
, 0);
6951 n
->m_len
= M_TRAILINGSPACE(n
);
6952 /* use the bottom of mbuf, hoping we can prepend afterwards */
6953 if (n
->m_len
> len
) {
6954 t
= (n
->m_len
- len
) & ~(sizeof(long) - 1);