4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
25 * Copyright (c) 2017 Joyent, Inc.
28 #include <sys/types.h>
29 #include <sys/stream.h>
30 #include <sys/stropts.h>
31 #include <sys/errno.h>
32 #include <sys/strlog.h>
33 #include <sys/tihdr.h>
34 #include <sys/socket.h>
36 #include <sys/sunddi.h>
39 #include <sys/sysmacros.h>
40 #include <sys/cmn_err.h>
41 #include <sys/vtrace.h>
42 #include <sys/debug.h>
43 #include <sys/atomic.h>
44 #include <sys/strsun.h>
45 #include <sys/random.h>
46 #include <netinet/in.h>
48 #include <netinet/ip6.h>
49 #include <net/pfkeyv2.h>
50 #include <net/pfpolicy.h>
52 #include <inet/common.h>
56 #include <inet/ip_impl.h>
58 #include <inet/ip_if.h>
59 #include <inet/ip_ndp.h>
60 #include <inet/sadb.h>
61 #include <inet/ipsec_info.h>
62 #include <inet/ipsec_impl.h>
63 #include <inet/ipsecesp.h>
64 #include <inet/ipdrop.h>
66 #include <sys/kstat.h>
67 #include <sys/policy.h>
68 #include <sys/strsun.h>
69 #include <sys/strsubr.h>
70 #include <inet/udp_impl.h>
71 #include <sys/taskq.h>
75 * Table of ND variables supported by ipsecesp. These are loaded into
76 * ipsecesp_g_nd in ipsecesp_init_nd.
77 * All of these are alterable, within the min/max values given, at run time.
79 static ipsecespparam_t lcl_param_arr
[] = {
80 /* min max value name */
81 { 0, 3, 0, "ipsecesp_debug"},
82 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT
, "ipsecesp_age_interval"},
83 { 1, 10, 1, "ipsecesp_reap_delay"},
84 { 1, SADB_MAX_REPLAY
, 64, "ipsecesp_replay_size"},
85 { 1, 300, 15, "ipsecesp_acquire_timeout"},
86 { 1, 1800, 90, "ipsecesp_larval_timeout"},
87 /* Default lifetime values for ACQUIRE messages. */
88 { 0, 0xffffffffU
, 0, "ipsecesp_default_soft_bytes"},
89 { 0, 0xffffffffU
, 0, "ipsecesp_default_hard_bytes"},
90 { 0, 0xffffffffU
, 24000, "ipsecesp_default_soft_addtime"},
91 { 0, 0xffffffffU
, 28800, "ipsecesp_default_hard_addtime"},
92 { 0, 0xffffffffU
, 0, "ipsecesp_default_soft_usetime"},
93 { 0, 0xffffffffU
, 0, "ipsecesp_default_hard_usetime"},
94 { 0, 1, 0, "ipsecesp_log_unknown_spi"},
95 { 0, 2, 1, "ipsecesp_padding_check"},
96 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"},
98 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */
100 #define esp0dbg(a) printf a
101 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
102 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a
103 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a
104 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a
106 static int ipsecesp_open(queue_t
*, dev_t
*, int, int, cred_t
*);
107 static int ipsecesp_close(queue_t
*);
108 static void ipsecesp_wput(queue_t
*, mblk_t
*);
109 static void *ipsecesp_stack_init(netstackid_t stackid
, netstack_t
*ns
);
110 static void ipsecesp_stack_fini(netstackid_t stackid
, void *arg
);
112 static void esp_prepare_udp(netstack_t
*, mblk_t
*, ipha_t
*);
113 static void esp_outbound_finish(mblk_t
*, ip_xmit_attr_t
*);
114 static void esp_inbound_restart(mblk_t
*, ip_recv_attr_t
*);
116 static boolean_t
esp_register_out(uint32_t, uint32_t, uint_t
,
117 ipsecesp_stack_t
*, cred_t
*);
118 static boolean_t
esp_strip_header(mblk_t
*, boolean_t
, uint32_t,
119 kstat_named_t
**, ipsecesp_stack_t
*);
120 static mblk_t
*esp_submit_req_inbound(mblk_t
*, ip_recv_attr_t
*,
122 static mblk_t
*esp_submit_req_outbound(mblk_t
*, ip_xmit_attr_t
*,
123 ipsa_t
*, uchar_t
*, uint_t
);
125 /* Setable in /etc/system */
126 uint32_t esp_hash_size
= IPSEC_DEFAULT_HASH_SIZE
;
128 static struct module_info info
= {
129 5137, "ipsecesp", 0, INFPSZ
, 65536, 1024
132 static struct qinit rinit
= {
133 (pfi_t
)putnext
, NULL
, ipsecesp_open
, ipsecesp_close
, NULL
, &info
,
137 static struct qinit winit
= {
138 (pfi_t
)ipsecesp_wput
, NULL
, ipsecesp_open
, ipsecesp_close
, NULL
, &info
,
142 struct streamtab ipsecespinfo
= {
143 &rinit
, &winit
, NULL
, NULL
146 static taskq_t
*esp_taskq
;
149 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now.
151 * Question: Do I need this, given that all instance's esps->esps_wq point
154 * Answer: Yes, because I need to know which queue is BOUND to
158 static int esp_kstat_update(kstat_t
*, int);
161 esp_kstat_init(ipsecesp_stack_t
*espstack
, netstackid_t stackid
)
163 espstack
->esp_ksp
= kstat_create_netstack("ipsecesp", 0, "esp_stat",
164 "net", KSTAT_TYPE_NAMED
,
165 sizeof (esp_kstats_t
) / sizeof (kstat_named_t
),
166 KSTAT_FLAG_PERSISTENT
, stackid
);
168 if (espstack
->esp_ksp
== NULL
|| espstack
->esp_ksp
->ks_data
== NULL
)
171 espstack
->esp_kstats
= espstack
->esp_ksp
->ks_data
;
173 espstack
->esp_ksp
->ks_update
= esp_kstat_update
;
174 espstack
->esp_ksp
->ks_private
= (void *)(uintptr_t)stackid
;
176 #define K64 KSTAT_DATA_UINT64
177 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
185 KI(replay_early_failures
);
188 KI(acquire_requests
);
195 KI(sa_port_renumbers
);
200 kstat_install(espstack
->esp_ksp
);
206 esp_kstat_update(kstat_t
*kp
, int rw
)
209 netstackid_t stackid
= (zoneid_t
)(uintptr_t)kp
->ks_private
;
213 if ((kp
== NULL
) || (kp
->ks_data
== NULL
))
216 if (rw
== KSTAT_WRITE
)
219 ns
= netstack_find_by_stackid(stackid
);
222 ipss
= ns
->netstack_ipsec
;
227 ekp
= (esp_kstats_t
*)kp
->ks_data
;
229 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
230 ekp
->esp_stat_num_aalgs
.value
.ui64
=
231 ipss
->ipsec_nalgs
[IPSEC_ALG_AUTH
];
232 ekp
->esp_stat_num_ealgs
.value
.ui64
=
233 ipss
->ipsec_nalgs
[IPSEC_ALG_ENCR
];
234 rw_exit(&ipss
->ipsec_alg_lock
);
242 * Debug routine, useful to see pre-encryption data.
247 char tmp_str
[3], tmp_line
[256];
252 printf("mblk address 0x%p, length %ld, db_ref %d "
253 "type %d, base 0x%p, lim 0x%p\n",
254 (void *) mp
, (long)(mp
->b_wptr
- mp
->b_rptr
),
255 mp
->b_datap
->db_ref
, mp
->b_datap
->db_type
,
256 (void *)mp
->b_datap
->db_base
, (void *)mp
->b_datap
->db_lim
);
260 while (ptr
< mp
->b_wptr
) {
263 diff
= (ptr
- mp
->b_rptr
);
264 if (!(diff
& 0x1f)) {
265 if (strlen(tmp_line
) > 0) {
266 printf("bytes: %s\n", tmp_line
);
271 (void) strcat(tmp_line
, " ");
272 (void) sprintf(tmp_str
, "%02x", *ptr
);
273 (void) strcat(tmp_line
, tmp_str
);
276 if (strlen(tmp_line
) > 0)
277 printf("bytes: %s\n", tmp_line
);
289 printf("Find value of mp %p.\n", mp
);
295 * Don't have to lock age_interval, as only one thread will access it at
296 * a time, because I control the one function that does with timeout().
301 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)arg
;
302 netstack_t
*ns
= espstack
->ipsecesp_netstack
;
303 hrtime_t begin
= gethrtime();
305 sadb_ager(&espstack
->esp_sadb
.s_v4
, espstack
->esp_pfkey_q
,
306 espstack
->ipsecesp_reap_delay
, ns
);
307 sadb_ager(&espstack
->esp_sadb
.s_v6
, espstack
->esp_pfkey_q
,
308 espstack
->ipsecesp_reap_delay
, ns
);
310 espstack
->esp_event
= sadb_retimeout(begin
, espstack
->esp_pfkey_q
,
312 &espstack
->ipsecesp_age_interval
, espstack
->ipsecesp_age_int_max
,
317 * Get an ESP NDD parameter.
327 ipsecespparam_t
*ipsecesppa
= (ipsecespparam_t
*)cp
;
329 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
331 mutex_enter(&espstack
->ipsecesp_param_lock
);
332 value
= ipsecesppa
->ipsecesp_param_value
;
333 mutex_exit(&espstack
->ipsecesp_param_lock
);
335 (void) mi_mpprintf(mp
, "%u", value
);
340 * This routine sets an NDD variable in a ipsecespparam_t structure.
352 ipsecespparam_t
*ipsecesppa
= (ipsecespparam_t
*)cp
;
353 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
356 * Fail the request if the new value does not lie within the
359 if (ddi_strtoul(value
, NULL
, 10, &new_value
) != 0 ||
360 new_value
< ipsecesppa
->ipsecesp_param_min
||
361 new_value
> ipsecesppa
->ipsecesp_param_max
) {
365 /* Set the new value */
366 mutex_enter(&espstack
->ipsecesp_param_lock
);
367 ipsecesppa
->ipsecesp_param_value
= new_value
;
368 mutex_exit(&espstack
->ipsecesp_param_lock
);
373 * Using lifetime NDD variables, fill in an extended combination's
374 * lifetime information.
377 ipsecesp_fill_defs(sadb_x_ecomb_t
*ecomb
, netstack_t
*ns
)
379 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
381 ecomb
->sadb_x_ecomb_soft_bytes
= espstack
->ipsecesp_default_soft_bytes
;
382 ecomb
->sadb_x_ecomb_hard_bytes
= espstack
->ipsecesp_default_hard_bytes
;
383 ecomb
->sadb_x_ecomb_soft_addtime
=
384 espstack
->ipsecesp_default_soft_addtime
;
385 ecomb
->sadb_x_ecomb_hard_addtime
=
386 espstack
->ipsecesp_default_hard_addtime
;
387 ecomb
->sadb_x_ecomb_soft_usetime
=
388 espstack
->ipsecesp_default_soft_usetime
;
389 ecomb
->sadb_x_ecomb_hard_usetime
=
390 espstack
->ipsecesp_default_hard_usetime
;
394 * Initialize things for ESP at module load time.
397 ipsecesp_ddi_init(void)
399 esp_taskq
= taskq_create("esp_taskq", 1, minclsyspri
,
400 IPSEC_TASKQ_MIN
, IPSEC_TASKQ_MAX
, 0);
403 * We want to be informed each time a stack is created or
404 * destroyed in the kernel, so we can maintain the
405 * set of ipsecesp_stack_t's.
407 netstack_register(NS_IPSECESP
, ipsecesp_stack_init
, NULL
,
408 ipsecesp_stack_fini
);
414 * Walk through the param array specified registering each element with the
415 * named dispatch handler.
418 ipsecesp_param_register(IDP
*ndp
, ipsecespparam_t
*espp
, int cnt
)
420 for (; cnt
-- > 0; espp
++) {
421 if (espp
->ipsecesp_param_name
!= NULL
&&
422 espp
->ipsecesp_param_name
[0]) {
424 espp
->ipsecesp_param_name
,
425 ipsecesp_param_get
, ipsecesp_param_set
,
436 * Initialize things for ESP for each stack instance
439 ipsecesp_stack_init(netstackid_t stackid
, netstack_t
*ns
)
441 ipsecesp_stack_t
*espstack
;
442 ipsecespparam_t
*espp
;
444 espstack
= (ipsecesp_stack_t
*)kmem_zalloc(sizeof (*espstack
),
446 espstack
->ipsecesp_netstack
= ns
;
448 espp
= (ipsecespparam_t
*)kmem_alloc(sizeof (lcl_param_arr
), KM_SLEEP
);
449 espstack
->ipsecesp_params
= espp
;
450 bcopy(lcl_param_arr
, espp
, sizeof (lcl_param_arr
));
452 (void) ipsecesp_param_register(&espstack
->ipsecesp_g_nd
, espp
,
453 A_CNT(lcl_param_arr
));
455 (void) esp_kstat_init(espstack
, stackid
);
457 espstack
->esp_sadb
.s_acquire_timeout
=
458 &espstack
->ipsecesp_acquire_timeout
;
459 sadbp_init("ESP", &espstack
->esp_sadb
, SADB_SATYPE_ESP
, esp_hash_size
,
460 espstack
->ipsecesp_netstack
);
462 mutex_init(&espstack
->ipsecesp_param_lock
, NULL
, MUTEX_DEFAULT
, 0);
464 ip_drop_register(&espstack
->esp_dropper
, "IPsec ESP");
469 * Destroy things for ESP at module unload time.
472 ipsecesp_ddi_destroy(void)
474 netstack_unregister(NS_IPSECESP
);
475 taskq_destroy(esp_taskq
);
479 * Destroy things for ESP for one stack instance
482 ipsecesp_stack_fini(netstackid_t stackid
, void *arg
)
484 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)arg
;
486 if (espstack
->esp_pfkey_q
!= NULL
) {
487 (void) quntimeout(espstack
->esp_pfkey_q
, espstack
->esp_event
);
489 espstack
->esp_sadb
.s_acquire_timeout
= NULL
;
490 sadbp_destroy(&espstack
->esp_sadb
, espstack
->ipsecesp_netstack
);
491 ip_drop_unregister(&espstack
->esp_dropper
);
492 mutex_destroy(&espstack
->ipsecesp_param_lock
);
493 nd_free(&espstack
->ipsecesp_g_nd
);
495 kmem_free(espstack
->ipsecesp_params
, sizeof (lcl_param_arr
));
496 espstack
->ipsecesp_params
= NULL
;
497 kstat_delete_netstack(espstack
->esp_ksp
, stackid
);
498 espstack
->esp_ksp
= NULL
;
499 espstack
->esp_kstats
= NULL
;
500 kmem_free(espstack
, sizeof (*espstack
));
504 * ESP module open routine, which is here for keysock plumbing.
505 * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old
506 * Days of export control, and fears that ESP would not be allowed
507 * to be shipped at all by default. Eventually, keysock should
508 * either access AH and ESP via modstubs or krtld dependencies, or
509 * perhaps be folded in with AH and ESP into a single IPsec/netsec
510 * module ("netsec" if PF_KEY provides more than AH/ESP keying tables).
514 ipsecesp_open(queue_t
*q
, dev_t
*devp
, int flag
, int sflag
, cred_t
*credp
)
517 ipsecesp_stack_t
*espstack
;
519 if (secpolicy_ip_config(credp
, B_FALSE
) != 0)
522 if (q
->q_ptr
!= NULL
)
523 return (0); /* Re-open of an already open instance. */
525 if (sflag
!= MODOPEN
)
528 ns
= netstack_find_by_cred(credp
);
530 espstack
= ns
->netstack_ipsecesp
;
531 ASSERT(espstack
!= NULL
);
534 WR(q
)->q_ptr
= q
->q_ptr
;
541 * ESP module close routine.
544 ipsecesp_close(queue_t
*q
)
546 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
549 * Clean up q_ptr, if needed.
553 /* Keysock queue check is safe, because of OCEXCL perimeter. */
555 if (q
== espstack
->esp_pfkey_q
) {
557 ("ipsecesp_close: Ummm... keysock is closing ESP.\n"));
558 espstack
->esp_pfkey_q
= NULL
;
559 /* Detach qtimeouts. */
560 (void) quntimeout(q
, espstack
->esp_event
);
563 netstack_rele(espstack
->ipsecesp_netstack
);
568 * Add a number of bytes to what the SA has protected so far. Return
569 * B_TRUE if the SA can still protect that many bytes.
571 * Caller must REFRELE the passed-in assoc. This function must REFRELE
572 * any obtained peer SA.
575 esp_age_bytes(ipsa_t
*assoc
, uint64_t bytes
, boolean_t inbound
)
577 ipsa_t
*inassoc
, *outassoc
;
579 boolean_t inrc
, outrc
, isv6
;
582 netstack_t
*ns
= assoc
->ipsa_netstack
;
583 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
585 /* No peer? No problem! */
586 if (!assoc
->ipsa_haspeer
) {
587 return (sadb_age_bytes(espstack
->esp_pfkey_q
, assoc
, bytes
,
592 * Otherwise, we want to grab both the original assoc and its peer.
593 * There might be a race for this, but if it's a real race, two
594 * expire messages may occur. We limit this by only sending the
595 * expire message on one of the peers, we'll pick the inbound
598 * If we need tight synchronization on the peer SA, then we need to
602 /* Use address length to select IPv6/IPv4 */
603 isv6
= (assoc
->ipsa_addrfam
== AF_INET6
);
604 sp
= isv6
? &espstack
->esp_sadb
.s_v6
: &espstack
->esp_sadb
.s_v4
;
609 outhash
= OUTBOUND_HASH_V6(sp
, *((in6_addr_t
*)
610 &inassoc
->ipsa_dstaddr
));
612 outhash
= OUTBOUND_HASH_V4(sp
, *((ipaddr_t
*)
613 &inassoc
->ipsa_dstaddr
));
615 bucket
= &sp
->sdb_of
[outhash
];
616 mutex_enter(&bucket
->isaf_lock
);
617 outassoc
= ipsec_getassocbyspi(bucket
, inassoc
->ipsa_spi
,
618 inassoc
->ipsa_srcaddr
, inassoc
->ipsa_dstaddr
,
619 inassoc
->ipsa_addrfam
);
620 mutex_exit(&bucket
->isaf_lock
);
621 if (outassoc
== NULL
) {
622 /* Q: Do we wish to set haspeer == B_FALSE? */
623 esp0dbg(("esp_age_bytes: "
624 "can't find peer for inbound.\n"));
625 return (sadb_age_bytes(espstack
->esp_pfkey_q
, inassoc
,
630 bucket
= INBOUND_BUCKET(sp
, outassoc
->ipsa_spi
);
631 mutex_enter(&bucket
->isaf_lock
);
632 inassoc
= ipsec_getassocbyspi(bucket
, outassoc
->ipsa_spi
,
633 outassoc
->ipsa_srcaddr
, outassoc
->ipsa_dstaddr
,
634 outassoc
->ipsa_addrfam
);
635 mutex_exit(&bucket
->isaf_lock
);
636 if (inassoc
== NULL
) {
637 /* Q: Do we wish to set haspeer == B_FALSE? */
638 esp0dbg(("esp_age_bytes: "
639 "can't find peer for outbound.\n"));
640 return (sadb_age_bytes(espstack
->esp_pfkey_q
, outassoc
,
645 inrc
= sadb_age_bytes(espstack
->esp_pfkey_q
, inassoc
, bytes
, B_TRUE
);
646 outrc
= sadb_age_bytes(espstack
->esp_pfkey_q
, outassoc
, bytes
, B_FALSE
);
649 * REFRELE any peer SA.
651 * Because of the multi-line macro nature of IPSA_REFRELE, keep
655 IPSA_REFRELE(outassoc
);
657 IPSA_REFRELE(inassoc
);
660 return (inrc
&& outrc
);
664 * Do incoming NAT-T manipulations for packet.
665 * Returns NULL if the mblk chain is consumed.
668 esp_fix_natt_checksums(mblk_t
*data_mp
, ipsa_t
*assoc
)
670 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
673 /* Initialize to our inbound cksum adjustment... */
674 uint32_t sum
= assoc
->ipsa_inbound_cksum
;
676 switch (ipha
->ipha_protocol
) {
678 tcpha
= (tcpha_t
*)(data_mp
->b_rptr
+
679 IPH_HDR_LENGTH(ipha
));
681 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16)
682 sum
+= ~ntohs(tcpha
->tha_sum
) & 0xFFFF;
685 tcpha
->tha_sum
= ~htons(sum
);
688 udpha
= (udpha_t
*)(data_mp
->b_rptr
+ IPH_HDR_LENGTH(ipha
));
690 if (udpha
->uha_checksum
!= 0) {
691 /* Adujst if the inbound one was not zero. */
692 sum
+= ~ntohs(udpha
->uha_checksum
) & 0xFFFF;
695 udpha
->uha_checksum
= ~htons(sum
);
696 if (udpha
->uha_checksum
== 0)
697 udpha
->uha_checksum
= 0xFFFF;
703 * This case is only an issue for self-encapsulated
704 * packets. So for now, fall through.
713 * Strip ESP header, check padding, and fix IP header.
714 * Returns B_TRUE on success, B_FALSE if an error occured.
717 esp_strip_header(mblk_t
*data_mp
, boolean_t isv4
, uint32_t ivlen
,
718 kstat_named_t
**counter
, ipsecesp_stack_t
*espstack
)
724 uint8_t nexthdr
, padlen
;
726 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
730 * Strip ESP data and fix IP header.
732 * XXX In case the beginning of esp_inbound() changes to not do a
733 * pullup, this part of the code can remain unchanged.
736 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (ipha_t
));
737 ipha
= (ipha_t
*)data_mp
->b_rptr
;
738 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (esph_t
) +
739 IPH_HDR_LENGTH(ipha
));
740 divpoint
= IPH_HDR_LENGTH(ipha
);
742 ASSERT((data_mp
->b_wptr
- data_mp
->b_rptr
) >= sizeof (ip6_t
));
743 ip6h
= (ip6_t
*)data_mp
->b_rptr
;
744 divpoint
= ip_hdr_length_v6(data_mp
, ip6h
);
748 while (scratch
->b_cont
!= NULL
)
749 scratch
= scratch
->b_cont
;
751 ASSERT((scratch
->b_wptr
- scratch
->b_rptr
) >= 3);
754 * "Next header" and padding length are the last two bytes in the
755 * ESP-protected datagram, thus the explicit - 1 and - 2.
756 * lastpad is the last byte of the padding, which can be used for
757 * a quick check to see if the padding is correct.
759 lastbyte
= scratch
->b_wptr
- 1;
760 nexthdr
= *lastbyte
--;
761 padlen
= *lastbyte
--;
764 /* Fix part of the IP header. */
765 ipha
->ipha_protocol
= nexthdr
;
767 * Reality check the padlen. The explicit - 2 is for the
768 * padding length and the next-header bytes.
770 if (padlen
>= ntohs(ipha
->ipha_length
) - sizeof (ipha_t
) - 2 -
771 sizeof (esph_t
) - ivlen
) {
772 ESP_BUMP_STAT(espstack
, bad_decrypt
);
773 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
776 "Corrupt ESP packet (padlen too big).\n");
777 esp1dbg(espstack
, ("padlen (%d) is greater than:\n",
779 esp1dbg(espstack
, ("pkt len(%d) - ip hdr - esp "
780 "hdr - ivlen(%d) = %d.\n",
781 ntohs(ipha
->ipha_length
), ivlen
,
782 (int)(ntohs(ipha
->ipha_length
) - sizeof (ipha_t
) -
783 2 - sizeof (esph_t
) - ivlen
)));
784 *counter
= DROPPER(ipss
, ipds_esp_bad_padlen
);
789 * Fix the rest of the header. The explicit - 2 is for the
790 * padding length and the next-header bytes.
792 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) - padlen
-
793 2 - sizeof (esph_t
) - ivlen
);
794 ipha
->ipha_hdr_checksum
= 0;
795 ipha
->ipha_hdr_checksum
= (uint16_t)ip_csum_hdr(ipha
);
797 if (ip6h
->ip6_nxt
== IPPROTO_ESP
) {
798 ip6h
->ip6_nxt
= nexthdr
;
802 bzero(&ipp
, sizeof (ipp
));
803 (void) ip_find_hdr_v6(data_mp
, ip6h
, &ipp
, NULL
);
804 if (ipp
.ipp_dstopts
!= NULL
) {
805 ipp
.ipp_dstopts
->ip6d_nxt
= nexthdr
;
806 } else if (ipp
.ipp_rthdr
!= NULL
) {
807 ipp
.ipp_rthdr
->ip6r_nxt
= nexthdr
;
808 } else if (ipp
.ipp_hopopts
!= NULL
) {
809 ipp
.ipp_hopopts
->ip6h_nxt
= nexthdr
;
811 /* Panic a DEBUG kernel. */
812 ASSERT(ipp
.ipp_hopopts
!= NULL
);
813 /* Otherwise, pretend it's IP + ESP. */
814 cmn_err(CE_WARN
, "ESP IPv6 headers wrong.\n");
815 ip6h
->ip6_nxt
= nexthdr
;
819 if (padlen
>= ntohs(ip6h
->ip6_plen
) - 2 - sizeof (esph_t
) -
821 ESP_BUMP_STAT(espstack
, bad_decrypt
);
822 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
825 "Corrupt ESP packet (v6 padlen too big).\n");
826 esp1dbg(espstack
, ("padlen (%d) is greater than:\n",
829 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = "
830 "%u.\n", (unsigned)(ntohs(ip6h
->ip6_plen
)
831 + sizeof (ip6_t
)), ivlen
,
832 (unsigned)(ntohs(ip6h
->ip6_plen
) - 2 -
833 sizeof (esph_t
) - ivlen
)));
834 *counter
= DROPPER(ipss
, ipds_esp_bad_padlen
);
840 * Fix the rest of the header. The explicit - 2 is for the
841 * padding length and the next-header bytes. IPv6 is nice,
842 * because there's no hdr checksum!
844 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) - padlen
-
845 2 - sizeof (esph_t
) - ivlen
);
848 if (espstack
->ipsecesp_padding_check
> 0 && padlen
> 0) {
850 * Weak padding check: compare last-byte to length, they
853 lastpad
= *lastbyte
--;
855 if (padlen
!= lastpad
) {
856 ipsec_rl_strlog(espstack
->ipsecesp_netstack
,
857 info
.mi_idnum
, 0, 0, SL_ERROR
| SL_WARN
,
858 "Corrupt ESP packet (lastpad != padlen).\n");
860 ("lastpad (%d) not equal to padlen (%d):\n",
862 ESP_BUMP_STAT(espstack
, bad_padding
);
863 *counter
= DROPPER(ipss
, ipds_esp_bad_padding
);
868 * Strong padding check: Check all pad bytes to see that
869 * they're ascending. Go backwards using a descending counter
870 * to verify. padlen == 1 is checked by previous block, so
871 * only bother if we've more than 1 byte of padding.
872 * Consequently, start the check one byte before the location
875 if (espstack
->ipsecesp_padding_check
> 1) {
877 * This assert may have to become an if and a pullup
878 * if we start accepting multi-dblk mblks. For now,
879 * though, any packet here will have been pulled up in
882 ASSERT(MBLKL(scratch
) >= lastpad
+ 3);
885 * Use "--lastpad" because we already checked the very
886 * last pad byte previously.
888 while (--lastpad
!= 0) {
889 if (lastpad
!= *lastbyte
) {
891 espstack
->ipsecesp_netstack
,
893 SL_ERROR
| SL_WARN
, "Corrupt ESP "
894 "packet (bad padding).\n");
896 ("padding not in correct"
898 ESP_BUMP_STAT(espstack
, bad_padding
);
899 *counter
= DROPPER(ipss
,
900 ipds_esp_bad_padding
);
908 /* Trim off the padding. */
909 ASSERT(data_mp
->b_cont
== NULL
);
910 data_mp
->b_wptr
-= (padlen
+ 2);
913 * Remove the ESP header.
915 * The above assertions about data_mp's size will make this work.
917 * XXX Question: If I send up and get back a contiguous mblk,
918 * would it be quicker to bcopy over, or keep doing the dupb stuff?
919 * I go with copying for now.
922 if (IS_P2ALIGNED(data_mp
->b_rptr
, sizeof (uint32_t)) &&
923 IS_P2ALIGNED(ivlen
, sizeof (uint32_t))) {
924 uint8_t *start
= data_mp
->b_rptr
;
927 src
= (uint32_t *)(start
+ divpoint
);
928 dst
= (uint32_t *)(start
+ divpoint
+ sizeof (esph_t
) + ivlen
);
930 ASSERT(IS_P2ALIGNED(dst
, sizeof (uint32_t)) &&
931 IS_P2ALIGNED(src
, sizeof (uint32_t)));
937 } while (src
!= (uint32_t *)start
);
939 data_mp
->b_rptr
= (uchar_t
*)dst
;
941 uint8_t *start
= data_mp
->b_rptr
;
944 src
= start
+ divpoint
;
945 dst
= src
+ sizeof (esph_t
) + ivlen
;
951 } while (src
!= start
);
953 data_mp
->b_rptr
= dst
;
956 esp2dbg(espstack
, ("data_mp after inbound ESP adjustment:\n"));
957 esp2dbg(espstack
, (dump_msg(data_mp
)));
963 * Updating use times can be tricky business if the ipsa_haspeer flag is
964 * set. This function is called once in an SA's lifetime.
966 * Caller has to REFRELE "assoc" which is passed in. This function has
967 * to REFRELE any peer SA that is obtained.
970 esp_set_usetime(ipsa_t
*assoc
, boolean_t inbound
)
972 ipsa_t
*inassoc
, *outassoc
;
977 netstack_t
*ns
= assoc
->ipsa_netstack
;
978 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
980 /* No peer? No problem! */
981 if (!assoc
->ipsa_haspeer
) {
982 sadb_set_usetime(assoc
);
987 * Otherwise, we want to grab both the original assoc and its peer.
988 * There might be a race for this, but if it's a real race, the times
989 * will be out-of-synch by at most a second, and since our time
990 * granularity is a second, this won't be a problem.
992 * If we need tight synchronization on the peer SA, then we need to
996 /* Use address length to select IPv6/IPv4 */
997 isv6
= (assoc
->ipsa_addrfam
== AF_INET6
);
998 sp
= isv6
? &espstack
->esp_sadb
.s_v6
: &espstack
->esp_sadb
.s_v4
;
1003 outhash
= OUTBOUND_HASH_V6(sp
, *((in6_addr_t
*)
1004 &inassoc
->ipsa_dstaddr
));
1006 outhash
= OUTBOUND_HASH_V4(sp
, *((ipaddr_t
*)
1007 &inassoc
->ipsa_dstaddr
));
1009 bucket
= &sp
->sdb_of
[outhash
];
1010 mutex_enter(&bucket
->isaf_lock
);
1011 outassoc
= ipsec_getassocbyspi(bucket
, inassoc
->ipsa_spi
,
1012 inassoc
->ipsa_srcaddr
, inassoc
->ipsa_dstaddr
,
1013 inassoc
->ipsa_addrfam
);
1014 mutex_exit(&bucket
->isaf_lock
);
1015 if (outassoc
== NULL
) {
1016 /* Q: Do we wish to set haspeer == B_FALSE? */
1017 esp0dbg(("esp_set_usetime: "
1018 "can't find peer for inbound.\n"));
1019 sadb_set_usetime(inassoc
);
1024 bucket
= INBOUND_BUCKET(sp
, outassoc
->ipsa_spi
);
1025 mutex_enter(&bucket
->isaf_lock
);
1026 inassoc
= ipsec_getassocbyspi(bucket
, outassoc
->ipsa_spi
,
1027 outassoc
->ipsa_srcaddr
, outassoc
->ipsa_dstaddr
,
1028 outassoc
->ipsa_addrfam
);
1029 mutex_exit(&bucket
->isaf_lock
);
1030 if (inassoc
== NULL
) {
1031 /* Q: Do we wish to set haspeer == B_FALSE? */
1032 esp0dbg(("esp_set_usetime: "
1033 "can't find peer for outbound.\n"));
1034 sadb_set_usetime(outassoc
);
1039 /* Update usetime on both. */
1040 sadb_set_usetime(inassoc
);
1041 sadb_set_usetime(outassoc
);
1044 * REFRELE any peer SA.
1046 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1050 IPSA_REFRELE(outassoc
);
1052 IPSA_REFRELE(inassoc
);
1057 * Handle ESP inbound data for IPv4 and IPv6.
1058 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1059 * mblk chain data_mp.
1062 esp_inbound(mblk_t
*data_mp
, void *arg
, ip_recv_attr_t
*ira
)
1064 esph_t
*esph
= (esph_t
*)arg
;
1065 ipsa_t
*ipsa
= ira
->ira_ipsec_esp_sa
;
1066 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1067 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1068 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1071 * We may wish to check replay in-range-only here as an optimization.
1072 * Include the reality check of ipsa->ipsa_replay >
1073 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
1074 * where N == ipsa->ipsa_replay_wsize.
1076 * Another check that may come here later is the "collision" check.
1077 * If legitimate packets flow quickly enough, this won't be a problem,
1078 * but collisions may cause authentication algorithm crunching to
1079 * take place when it doesn't need to.
1081 if (!sadb_replay_peek(ipsa
, esph
->esph_replay
)) {
1082 ESP_BUMP_STAT(espstack
, replay_early_failures
);
1083 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1084 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
,
1085 DROPPER(ipss
, ipds_esp_early_replay
),
1086 &espstack
->esp_dropper
);
1087 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1092 * Adjust the IP header's payload length to reflect the removal
1095 if (!(ira
->ira_flags
& IRAF_IS_IPV4
)) {
1096 ip6_t
*ip6h
= (ip6_t
*)data_mp
->b_rptr
;
1097 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) -
1098 ipsa
->ipsa_mac_len
);
1100 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
1101 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) -
1102 ipsa
->ipsa_mac_len
);
1105 /* submit the request to the crypto framework */
1106 return (esp_submit_req_inbound(data_mp
, ira
, ipsa
,
1107 (uint8_t *)esph
- data_mp
->b_rptr
));
1110 /* XXX refactor me */
1112 * Handle the SADB_GETSPI message. Create a larval SA.
1115 esp_getspi(mblk_t
*mp
, keysock_in_t
*ksi
, ipsecesp_stack_t
*espstack
)
1117 ipsa_t
*newbie
, *target
;
1118 isaf_t
*outbound
, *inbound
;
1125 * Randomly generate a proposed SPI value
1127 (void) random_get_pseudo_bytes((uint8_t *)&newspi
, sizeof (uint32_t));
1129 newbie
= sadb_getspi(ksi
, newspi
, &diagnostic
,
1130 espstack
->ipsecesp_netstack
);
1131 if (newbie
== NULL
) {
1132 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, ENOMEM
, diagnostic
,
1135 } else if (newbie
== (ipsa_t
*)-1) {
1136 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
, diagnostic
,
1142 * XXX - We may randomly collide. We really should recover from this.
1143 * Unfortunately, that could require spending way-too-much-time
1144 * in here. For now, let the user retry.
1147 if (newbie
->ipsa_addrfam
== AF_INET6
) {
1148 outbound
= OUTBOUND_BUCKET_V6(&espstack
->esp_sadb
.s_v6
,
1149 *(uint32_t *)(newbie
->ipsa_dstaddr
));
1150 inbound
= INBOUND_BUCKET(&espstack
->esp_sadb
.s_v6
,
1153 ASSERT(newbie
->ipsa_addrfam
== AF_INET
);
1154 outbound
= OUTBOUND_BUCKET_V4(&espstack
->esp_sadb
.s_v4
,
1155 *(uint32_t *)(newbie
->ipsa_dstaddr
));
1156 inbound
= INBOUND_BUCKET(&espstack
->esp_sadb
.s_v4
,
1160 mutex_enter(&outbound
->isaf_lock
);
1161 mutex_enter(&inbound
->isaf_lock
);
1164 * Check for collisions (i.e. did sadb_getspi() return with something
1165 * that already exists?).
1167 * Try outbound first. Even though SADB_GETSPI is traditionally
1168 * for inbound SAs, you never know what a user might do.
1170 target
= ipsec_getassocbyspi(outbound
, newbie
->ipsa_spi
,
1171 newbie
->ipsa_srcaddr
, newbie
->ipsa_dstaddr
, newbie
->ipsa_addrfam
);
1172 if (target
== NULL
) {
1173 target
= ipsec_getassocbyspi(inbound
, newbie
->ipsa_spi
,
1174 newbie
->ipsa_srcaddr
, newbie
->ipsa_dstaddr
,
1175 newbie
->ipsa_addrfam
);
1179 * I don't have collisions elsewhere!
1180 * (Nor will I because I'm still holding inbound/outbound locks.)
1183 if (target
!= NULL
) {
1185 IPSA_REFRELE(target
);
1188 * sadb_insertassoc() also checks for collisions, so
1189 * if there's a colliding entry, rc will be set
1192 rc
= sadb_insertassoc(newbie
, inbound
);
1193 newbie
->ipsa_hardexpiretime
= gethrestime_sec();
1194 newbie
->ipsa_hardexpiretime
+=
1195 espstack
->ipsecesp_larval_timeout
;
1199 * Can exit outbound mutex. Hold inbound until we're done
1202 mutex_exit(&outbound
->isaf_lock
);
1205 mutex_exit(&inbound
->isaf_lock
);
1206 IPSA_REFRELE(newbie
);
1207 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, rc
,
1208 SADB_X_DIAGNOSTIC_NONE
, ksi
->ks_in_serial
);
1213 /* Can write here because I'm still holding the bucket lock. */
1214 newbie
->ipsa_type
= SADB_SATYPE_ESP
;
1217 * Construct successful return message. We have one thing going
1218 * for us in PF_KEY v2. That's the fact that
1219 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1221 assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SPIRANGE
];
1222 assoc
->sadb_sa_exttype
= SADB_EXT_SA
;
1223 assoc
->sadb_sa_spi
= newbie
->ipsa_spi
;
1224 *((uint64_t *)(&assoc
->sadb_sa_replay
)) = 0;
1225 mutex_exit(&inbound
->isaf_lock
);
1227 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1228 kso
= (keysock_out_t
*)ksi
;
1229 kso
->ks_out_len
= sizeof (*kso
);
1230 kso
->ks_out_serial
= ksi
->ks_in_serial
;
1231 kso
->ks_out_type
= KEYSOCK_OUT
;
1234 * Can safely putnext() to esp_pfkey_q, because this is a turnaround
1235 * from the esp_pfkey_q.
1237 putnext(espstack
->esp_pfkey_q
, mp
);
1241 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly
1242 * allocated mblk with the ESP header in between the two.
1245 esp_insert_esp(mblk_t
*mp
, mblk_t
*esp_mp
, uint_t divpoint
,
1246 ipsecesp_stack_t
*espstack
)
1248 mblk_t
*split_mp
= mp
;
1249 uint_t wheretodiv
= divpoint
;
1251 while ((split_mp
->b_wptr
- split_mp
->b_rptr
) < wheretodiv
) {
1252 wheretodiv
-= (split_mp
->b_wptr
- split_mp
->b_rptr
);
1253 split_mp
= split_mp
->b_cont
;
1254 ASSERT(split_mp
!= NULL
);
1257 if (split_mp
->b_wptr
- split_mp
->b_rptr
!= wheretodiv
) {
1260 /* "scratch" is the 2nd half, split_mp is the first. */
1261 scratch
= dupb(split_mp
);
1262 if (scratch
== NULL
) {
1264 ("esp_insert_esp: can't allocate scratch.\n"));
1267 /* NOTE: dupb() doesn't set b_cont appropriately. */
1268 scratch
->b_cont
= split_mp
->b_cont
;
1269 scratch
->b_rptr
+= wheretodiv
;
1270 split_mp
->b_wptr
= split_mp
->b_rptr
+ wheretodiv
;
1271 split_mp
->b_cont
= scratch
;
1274 * At this point, split_mp is exactly "wheretodiv" bytes long, and
1275 * holds the end of the pre-ESP part of the datagram.
1277 esp_mp
->b_cont
= split_mp
->b_cont
;
1278 split_mp
->b_cont
= esp_mp
;
1284 * Section 7 of RFC 3947 says:
1286 * 7. Recovering from the Expiring NAT Mappings
1288 * There are cases where NAT box decides to remove mappings that are still
1289 * alive (for example, when the keepalive interval is too long, or when the
1290 * NAT box is rebooted). To recover from this, ends that are NOT behind
1291 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from
1292 * the other end to determine which IP and port addresses should be used.
1293 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a
1294 * DoS attack possibility because the IP address or port of the other host
1295 * will not change (it is not behind NAT).
1297 * Keepalives cannot be used for these purposes, as they are not
1298 * authenticated, but any IKE authenticated IKE packet or ESP packet can be
1299 * used to detect whether the IP address or the port has changed.
1301 * The following function will check an SA and its explicitly-set pair to see
1302 * if the NAT-T remote port matches the received packet (which must have
1303 * passed ESP authentication, see esp_in_done() for the caller context). If
1304 * there is a mismatch, the SAs are updated. It is not important if we race
1305 * with a transmitting thread, as if there is a transmitting thread, it will
1306 * merely emit a packet that will most-likely be dropped.
1308 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should
1309 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port.
1311 #ifdef _LITTLE_ENDIAN
1312 #define FIRST_16(x) ((x) & 0xFFFF)
1313 #define NEXT_16(x) (((x) >> 16) & 0xFFFF)
1315 #define FIRST_16(x) (((x) >> 16) & 0xFFFF)
1316 #define NEXT_16(x) ((x) & 0xFFFF)
1319 esp_port_freshness(uint32_t ports
, ipsa_t
*assoc
)
1321 uint16_t remote
= FIRST_16(ports
);
1322 uint16_t local
= NEXT_16(ports
);
1323 ipsa_t
*outbound_peer
;
1325 ipsecesp_stack_t
*espstack
= assoc
->ipsa_netstack
->netstack_ipsecesp
;
1327 /* We found a conn_t, therefore local != 0. */
1329 /* Assume an IPv4 SA. */
1330 ASSERT(assoc
->ipsa_addrfam
== AF_INET
);
1333 * On-the-wire rport == 0 means something's very wrong.
1334 * An unpaired SA is also useless to us.
1335 * If we are behind the NAT, don't bother.
1336 * A zero local NAT port defaults to 4500, so check that too.
1337 * And, of course, if the ports already match, we don't need to
1340 if (remote
== 0 || assoc
->ipsa_otherspi
== 0 ||
1341 (assoc
->ipsa_flags
& IPSA_F_BEHIND_NAT
) ||
1342 (assoc
->ipsa_remote_nat_port
== 0 &&
1343 remote
== htons(IPPORT_IKE_NATT
)) ||
1344 remote
== assoc
->ipsa_remote_nat_port
)
1347 /* Try and snag the peer. NOTE: Assume IPv4 for now. */
1348 bucket
= OUTBOUND_BUCKET_V4(&(espstack
->esp_sadb
.s_v4
),
1349 assoc
->ipsa_srcaddr
[0]);
1350 mutex_enter(&bucket
->isaf_lock
);
1351 outbound_peer
= ipsec_getassocbyspi(bucket
, assoc
->ipsa_otherspi
,
1352 assoc
->ipsa_dstaddr
, assoc
->ipsa_srcaddr
, AF_INET
);
1353 mutex_exit(&bucket
->isaf_lock
);
1355 /* We probably lost a race to a deleting or expiring thread. */
1356 if (outbound_peer
== NULL
)
1360 * Hold the mutexes for both SAs so we don't race another inbound
1361 * thread. A lock-entry order shouldn't matter, since all other
1362 * per-ipsa locks are individually held-then-released.
1364 * Luckily, this has nothing to do with the remote-NAT address,
1365 * so we don't have to re-scribble the cached-checksum differential.
1367 mutex_enter(&outbound_peer
->ipsa_lock
);
1368 mutex_enter(&assoc
->ipsa_lock
);
1369 outbound_peer
->ipsa_remote_nat_port
= assoc
->ipsa_remote_nat_port
=
1371 mutex_exit(&assoc
->ipsa_lock
);
1372 mutex_exit(&outbound_peer
->ipsa_lock
);
1373 IPSA_REFRELE(outbound_peer
);
1374 ESP_BUMP_STAT(espstack
, sa_port_renumbers
);
1377 * Finish processing of an inbound ESP packet after processing by the
1379 * - Remove the ESP header.
1380 * - Send packet back to IP.
1381 * If authentication was performed on the packet, this function is called
1382 * only if the authentication succeeded.
1383 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1384 * mblk chain data_mp.
1387 esp_in_done(mblk_t
*data_mp
, ip_recv_attr_t
*ira
, ipsec_crypto_t
*ic
)
1392 uint_t processed_len
;
1394 kstat_named_t
*counter
;
1396 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1397 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1398 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1400 assoc
= ira
->ira_ipsec_esp_sa
;
1401 ASSERT(assoc
!= NULL
);
1403 is_natt
= ((assoc
->ipsa_flags
& IPSA_F_NATT
) != 0);
1405 /* get the pointer to the ESP header */
1406 if (assoc
->ipsa_encr_alg
== SADB_EALG_NULL
) {
1407 /* authentication-only ESP */
1408 espstart
= ic
->ic_crypto_data
.cd_offset
;
1409 processed_len
= ic
->ic_crypto_data
.cd_length
;
1411 /* encryption present */
1412 ivlen
= assoc
->ipsa_iv_len
;
1413 if (assoc
->ipsa_auth_alg
== SADB_AALG_NONE
) {
1414 /* encryption-only ESP */
1415 espstart
= ic
->ic_crypto_data
.cd_offset
-
1416 sizeof (esph_t
) - assoc
->ipsa_iv_len
;
1417 processed_len
= ic
->ic_crypto_data
.cd_length
+
1420 /* encryption with authentication */
1421 espstart
= ic
->ic_crypto_dual_data
.dd_offset1
;
1422 processed_len
= ic
->ic_crypto_dual_data
.dd_len2
+
1427 esph
= (esph_t
*)(data_mp
->b_rptr
+ espstart
);
1429 if (assoc
->ipsa_auth_alg
!= IPSA_AALG_NONE
||
1430 (assoc
->ipsa_flags
& IPSA_F_COMBINED
)) {
1432 * Authentication passed if we reach this point.
1433 * Packets with authentication will have the ICV
1434 * after the crypto data. Adjust b_wptr before
1435 * making padlen checks.
1437 ESP_BUMP_STAT(espstack
, good_auth
);
1438 data_mp
->b_wptr
-= assoc
->ipsa_mac_len
;
1441 * Check replay window here!
1442 * For right now, assume keysock will set the replay window
1443 * size to zero for SAs that have an unspecified sender.
1444 * This may change...
1447 if (!sadb_replay_check(assoc
, esph
->esph_replay
)) {
1449 * Log the event. As of now we print out an event.
1450 * Do not print the replay failure number, or else
1451 * syslog cannot collate the error messages. Printing
1452 * the replay number that failed opens a denial-of-
1455 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
1457 "Replay failed for ESP spi 0x%x, dst %s.\n",
1458 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
,
1459 assoc
->ipsa_addrfam
, espstack
->ipsecesp_netstack
);
1460 ESP_BUMP_STAT(espstack
, replay_failures
);
1461 counter
= DROPPER(ipss
, ipds_esp_replay
);
1466 ASSERT(ira
->ira_flags
& IRAF_ESP_UDP_PORTS
);
1467 ASSERT(ira
->ira_esp_udp_ports
!= 0);
1468 esp_port_freshness(ira
->ira_esp_udp_ports
, assoc
);
1472 esp_set_usetime(assoc
, B_TRUE
);
1474 if (!esp_age_bytes(assoc
, processed_len
, B_TRUE
)) {
1475 /* The ipsa has hit hard expiration, LOG and AUDIT. */
1476 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
1478 "ESP association 0x%x, dst %s had bytes expire.\n",
1479 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
, assoc
->ipsa_addrfam
,
1480 espstack
->ipsecesp_netstack
);
1481 ESP_BUMP_STAT(espstack
, bytes_expired
);
1482 counter
= DROPPER(ipss
, ipds_esp_bytes_expire
);
1487 * Remove ESP header and padding from packet. I hope the compiler
1488 * spews "branch, predict taken" code for this.
1491 if (esp_strip_header(data_mp
, (ira
->ira_flags
& IRAF_IS_IPV4
),
1492 ivlen
, &counter
, espstack
)) {
1495 return (esp_fix_natt_checksums(data_mp
, assoc
));
1497 if (assoc
->ipsa_state
== IPSA_STATE_IDLE
) {
1499 * Cluster buffering case. Tell caller that we're
1500 * handling the packet.
1502 sadb_buf_pkt(assoc
, data_mp
, ira
);
1509 esp1dbg(espstack
, ("esp_in_done: esp_strip_header() failed\n"));
1511 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1512 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
, counter
,
1513 &espstack
->esp_dropper
);
1514 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1519 * Called upon failing the inbound ICV check. The message passed as
1520 * argument is freed.
1523 esp_log_bad_auth(mblk_t
*mp
, ip_recv_attr_t
*ira
)
1525 ipsa_t
*assoc
= ira
->ira_ipsec_esp_sa
;
1526 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1527 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1528 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1531 * Log the event. Don't print to the console, block
1532 * potential denial-of-service attack.
1534 ESP_BUMP_STAT(espstack
, bad_auth
);
1536 ipsec_assocfailure(info
.mi_idnum
, 0, 0, SL_ERROR
| SL_WARN
,
1537 "ESP Authentication failed for spi 0x%x, dst %s.\n",
1538 assoc
->ipsa_spi
, assoc
->ipsa_dstaddr
, assoc
->ipsa_addrfam
,
1539 espstack
->ipsecesp_netstack
);
1541 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1542 ip_drop_packet(mp
, B_TRUE
, ira
->ira_ill
,
1543 DROPPER(ipss
, ipds_esp_bad_auth
),
1544 &espstack
->esp_dropper
);
1549 * Invoked for outbound packets after ESP processing. If the packet
1550 * also requires AH, performs the AH SA selection and AH processing.
1552 * Returns data_mp (possibly with AH added) unless data_mp was consumed
1553 * due to an error, or queued due to async. crypto or an ACQUIRE trigger.
1556 esp_do_outbound_ah(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
1560 ap
= ixa
->ixa_ipsec_action
;
1562 ipsec_policy_t
*pp
= ixa
->ixa_ipsec_policy
;
1566 if (!ap
->ipa_want_ah
)
1570 * Normally the AH SA would have already been put in place
1571 * but it could have been flushed so we need to look for it.
1573 if (ixa
->ixa_ipsec_ah_sa
== NULL
) {
1574 if (!ipsec_outbound_sa(data_mp
, ixa
, IPPROTO_AH
)) {
1575 sadb_acquire(data_mp
, ixa
, B_TRUE
, B_FALSE
);
1579 ASSERT(ixa
->ixa_ipsec_ah_sa
!= NULL
);
1581 data_mp
= ixa
->ixa_ipsec_ah_sa
->ipsa_output_func(data_mp
, ixa
);
1587 * Kernel crypto framework callback invoked after completion of async
1588 * crypto requests for outbound packets.
1591 esp_kcf_callback_outbound(void *arg
, int status
)
1593 mblk_t
*mp
= (mblk_t
*)arg
;
1596 ipsec_stack_t
*ipss
;
1597 ipsecesp_stack_t
*espstack
;
1599 ip_xmit_attr_t ixas
;
1604 * First remove the ipsec_crypto_t mblk
1605 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1607 async_mp
= ipsec_remove_crypto_data(mp
, &ic
);
1608 ASSERT(async_mp
!= NULL
);
1611 * Extract the ip_xmit_attr_t from the first mblk.
1612 * Verifies that the netstack and ill is still around; could
1613 * have vanished while kEf was doing its work.
1614 * On succesful return we have a nce_t and the ill/ipst can't
1615 * disappear until we do the nce_refrele in ixa_cleanup.
1617 data_mp
= async_mp
->b_cont
;
1618 async_mp
->b_cont
= NULL
;
1619 if (!ip_xmit_attr_from_mblk(async_mp
, &ixas
)) {
1620 /* Disappeared on us - no ill/ipst for MIB */
1621 /* We have nowhere to do stats since ixa_ipst could be NULL */
1622 if (ixas
.ixa_nce
!= NULL
) {
1623 ill
= ixas
.ixa_nce
->nce_ill
;
1624 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
1625 ip_drop_output("ipIfStatsOutDiscards", data_mp
, ill
);
1630 ns
= ixas
.ixa_ipst
->ips_netstack
;
1631 espstack
= ns
->netstack_ipsecesp
;
1632 ipss
= ns
->netstack_ipsec
;
1633 ill
= ixas
.ixa_nce
->nce_ill
;
1635 if (status
== CRYPTO_SUCCESS
) {
1637 * If a ICV was computed, it was stored by the
1638 * crypto framework at the end of the packet.
1640 ipha_t
*ipha
= (ipha_t
*)data_mp
->b_rptr
;
1642 esp_set_usetime(ixas
.ixa_ipsec_esp_sa
, B_FALSE
);
1644 if (IPH_HDR_VERSION(ipha
) == IP_VERSION
&&
1645 ipha
->ipha_protocol
== IPPROTO_UDP
)
1646 esp_prepare_udp(ns
, data_mp
, ipha
);
1648 /* do AH processing if needed */
1649 data_mp
= esp_do_outbound_ah(data_mp
, &ixas
);
1650 if (data_mp
== NULL
)
1653 (void) ip_output_post_ipsec(data_mp
, &ixas
);
1655 /* Outbound shouldn't see invalid MAC */
1656 ASSERT(status
!= CRYPTO_INVALID_MAC
);
1659 ("esp_kcf_callback_outbound: crypto failed with 0x%x\n",
1661 ESP_BUMP_STAT(espstack
, crypto_failures
);
1662 ESP_BUMP_STAT(espstack
, out_discards
);
1663 ip_drop_packet(data_mp
, B_FALSE
, ill
,
1664 DROPPER(ipss
, ipds_esp_crypto_failed
),
1665 &espstack
->esp_dropper
);
1666 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
1670 (void) ipsec_free_crypto_data(mp
);
1674 * Kernel crypto framework callback invoked after completion of async
1675 * crypto requests for inbound packets.
1678 esp_kcf_callback_inbound(void *arg
, int status
)
1680 mblk_t
*mp
= (mblk_t
*)arg
;
1683 ipsecesp_stack_t
*espstack
;
1684 ipsec_stack_t
*ipss
;
1686 ip_recv_attr_t iras
;
1690 * First remove the ipsec_crypto_t mblk
1691 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1693 async_mp
= ipsec_remove_crypto_data(mp
, &ic
);
1694 ASSERT(async_mp
!= NULL
);
1697 * Extract the ip_recv_attr_t from the first mblk.
1698 * Verifies that the netstack and ill is still around; could
1699 * have vanished while kEf was doing its work.
1701 data_mp
= async_mp
->b_cont
;
1702 async_mp
->b_cont
= NULL
;
1703 if (!ip_recv_attr_from_mblk(async_mp
, &iras
)) {
1704 /* The ill or ip_stack_t disappeared on us */
1705 ip_drop_input("ip_recv_attr_from_mblk", data_mp
, NULL
);
1710 ns
= iras
.ira_ill
->ill_ipst
->ips_netstack
;
1711 espstack
= ns
->netstack_ipsecesp
;
1712 ipss
= ns
->netstack_ipsec
;
1714 if (status
== CRYPTO_SUCCESS
) {
1715 data_mp
= esp_in_done(data_mp
, &iras
, ic
);
1716 if (data_mp
== NULL
)
1719 /* finish IPsec processing */
1720 ip_input_post_ipsec(data_mp
, &iras
);
1721 } else if (status
== CRYPTO_INVALID_MAC
) {
1722 esp_log_bad_auth(data_mp
, &iras
);
1725 ("esp_kcf_callback: crypto failed with 0x%x\n",
1727 ESP_BUMP_STAT(espstack
, crypto_failures
);
1728 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1729 ip_drop_packet(data_mp
, B_TRUE
, iras
.ira_ill
,
1730 DROPPER(ipss
, ipds_esp_crypto_failed
),
1731 &espstack
->esp_dropper
);
1732 BUMP_MIB(iras
.ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1735 ira_cleanup(&iras
, B_TRUE
);
1736 (void) ipsec_free_crypto_data(mp
);
1740 * Invoked on crypto framework failure during inbound and outbound processing.
1743 esp_crypto_failed(mblk_t
*data_mp
, boolean_t is_inbound
, int kef_rc
,
1744 ill_t
*ill
, ipsecesp_stack_t
*espstack
)
1746 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
1748 esp1dbg(espstack
, ("crypto failed for %s ESP with 0x%x\n",
1749 is_inbound
? "inbound" : "outbound", kef_rc
));
1750 ip_drop_packet(data_mp
, is_inbound
, ill
,
1751 DROPPER(ipss
, ipds_esp_crypto_failed
),
1752 &espstack
->esp_dropper
);
1753 ESP_BUMP_STAT(espstack
, crypto_failures
);
1755 IP_ESP_BUMP_STAT(ipss
, in_discards
);
1757 ESP_BUMP_STAT(espstack
, out_discards
);
1761 * A statement-equivalent macro, _cr MUST point to a modifiable
1762 * crypto_call_req_t.
1764 #define ESP_INIT_CALLREQ(_cr, _mp, _callback) \
1765 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE; \
1766 (_cr)->cr_callback_arg = (_mp); \
1767 (_cr)->cr_callback_func = (_callback)
1769 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \
1770 (mac)->cd_format = CRYPTO_DATA_RAW; \
1771 (mac)->cd_offset = 0; \
1772 (mac)->cd_length = icvlen; \
1773 (mac)->cd_raw.iov_base = (char *)icvbuf; \
1774 (mac)->cd_raw.iov_len = icvlen; \
1777 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \
1778 if (MBLKL(mp) >= (len) + (off)) { \
1779 (data)->cd_format = CRYPTO_DATA_RAW; \
1780 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \
1781 (data)->cd_raw.iov_len = MBLKL(mp); \
1782 (data)->cd_offset = off; \
1784 (data)->cd_format = CRYPTO_DATA_MBLK; \
1785 (data)->cd_mp = mp; \
1786 (data)->cd_offset = off; \
1788 (data)->cd_length = len; \
1791 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \
1792 (data)->dd_format = CRYPTO_DATA_MBLK; \
1793 (data)->dd_mp = mp; \
1794 (data)->dd_len1 = len1; \
1795 (data)->dd_offset1 = off1; \
1796 (data)->dd_len2 = len2; \
1797 (data)->dd_offset2 = off2; \
1801 * Returns data_mp if successfully completed the request. Returns
1802 * NULL if it failed (and increments InDiscards) or if it is pending.
1805 esp_submit_req_inbound(mblk_t
*esp_mp
, ip_recv_attr_t
*ira
,
1806 ipsa_t
*assoc
, uint_t esph_offset
)
1808 uint_t auth_offset
, msg_len
, auth_len
;
1809 crypto_call_req_t call_req
, *callrp
;
1813 uint_t icv_len
= assoc
->ipsa_mac_len
;
1814 crypto_ctx_template_t auth_ctx_tmpl
;
1815 boolean_t do_auth
, do_encr
, force
;
1816 uint_t encr_offset
, encr_len
;
1817 uint_t iv_len
= assoc
->ipsa_iv_len
;
1818 crypto_ctx_template_t encr_ctx_tmpl
;
1819 ipsec_crypto_t
*ic
, icstack
;
1821 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
1822 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
1823 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
1825 do_auth
= assoc
->ipsa_auth_alg
!= SADB_AALG_NONE
;
1826 do_encr
= assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
;
1827 force
= (assoc
->ipsa_flags
& IPSA_F_ASYNC
);
1829 #ifdef IPSEC_LATENCY_TEST
1830 kef_rc
= CRYPTO_SUCCESS
;
1832 kef_rc
= CRYPTO_FAILED
;
1836 * An inbound packet is of the form:
1837 * [IP,options,ESP,IV,data,ICV,pad]
1839 esph_ptr
= (esph_t
*)(esp_mp
->b_rptr
+ esph_offset
);
1840 iv_ptr
= (uchar_t
*)(esph_ptr
+ 1);
1841 /* Packet length starting at IP header ending after ESP ICV. */
1842 msg_len
= MBLKL(esp_mp
);
1844 encr_offset
= esph_offset
+ sizeof (esph_t
) + iv_len
;
1845 encr_len
= msg_len
- encr_offset
;
1848 * Counter mode algs need a nonce. This is setup in sadb_common_add().
1849 * If for some reason we are using a SA which does not have a nonce
1850 * then we must fail here.
1852 if ((assoc
->ipsa_flags
& IPSA_F_COUNTERMODE
) &&
1853 (assoc
->ipsa_nonce
== NULL
)) {
1854 ip_drop_packet(esp_mp
, B_TRUE
, ira
->ira_ill
,
1855 DROPPER(ipss
, ipds_esp_nomem
), &espstack
->esp_dropper
);
1860 /* We are doing asynch; allocate mblks to hold state */
1861 if ((mp
= ip_recv_attr_to_mblk(ira
)) == NULL
||
1862 (mp
= ipsec_add_crypto_data(mp
, &ic
)) == NULL
) {
1863 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1864 ip_drop_input("ipIfStatsInDiscards", esp_mp
,
1870 ESP_INIT_CALLREQ(callrp
, mp
, esp_kcf_callback_inbound
);
1873 * If we know we are going to do sync then ipsec_crypto_t
1874 * should be on the stack.
1877 bzero(ic
, sizeof (*ic
));
1882 /* authentication context template */
1883 IPSEC_CTX_TMPL(assoc
, ipsa_authtmpl
, IPSEC_ALG_AUTH
,
1886 /* ICV to be verified */
1887 ESP_INIT_CRYPTO_MAC(&ic
->ic_crypto_mac
,
1888 icv_len
, esp_mp
->b_wptr
- icv_len
);
1890 /* authentication starts at the ESP header */
1891 auth_offset
= esph_offset
;
1892 auth_len
= msg_len
- auth_offset
- icv_len
;
1894 /* authentication only */
1895 /* initialize input data argument */
1896 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
1897 esp_mp
, auth_offset
, auth_len
);
1899 /* call the crypto framework */
1900 kef_rc
= crypto_mac_verify(&assoc
->ipsa_amech
,
1901 &ic
->ic_crypto_data
,
1902 &assoc
->ipsa_kcfauthkey
, auth_ctx_tmpl
,
1903 &ic
->ic_crypto_mac
, callrp
);
1908 /* encryption template */
1909 IPSEC_CTX_TMPL(assoc
, ipsa_encrtmpl
, IPSEC_ALG_ENCR
,
1912 /* Call the nonce update function. Also passes in IV */
1913 (assoc
->ipsa_noncefunc
)(assoc
, (uchar_t
*)esph_ptr
, encr_len
,
1914 iv_ptr
, &ic
->ic_cmm
, &ic
->ic_crypto_data
);
1917 /* decryption only */
1918 /* initialize input data argument */
1919 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
1920 esp_mp
, encr_offset
, encr_len
);
1922 /* call the crypto framework */
1923 kef_rc
= crypto_decrypt((crypto_mechanism_t
*)
1924 &ic
->ic_cmm
, &ic
->ic_crypto_data
,
1925 &assoc
->ipsa_kcfencrkey
, encr_ctx_tmpl
,
1930 if (do_auth
&& do_encr
) {
1931 /* dual operation */
1932 /* initialize input data argument */
1933 ESP_INIT_CRYPTO_DUAL_DATA(&ic
->ic_crypto_dual_data
,
1934 esp_mp
, auth_offset
, auth_len
,
1935 encr_offset
, encr_len
- icv_len
);
1938 ic
->ic_crypto_dual_data
.dd_miscdata
= (char *)iv_ptr
;
1940 /* call the framework */
1941 kef_rc
= crypto_mac_verify_decrypt(&assoc
->ipsa_amech
,
1942 &assoc
->ipsa_emech
, &ic
->ic_crypto_dual_data
,
1943 &assoc
->ipsa_kcfauthkey
, &assoc
->ipsa_kcfencrkey
,
1944 auth_ctx_tmpl
, encr_ctx_tmpl
, &ic
->ic_crypto_mac
,
1949 case CRYPTO_SUCCESS
:
1950 ESP_BUMP_STAT(espstack
, crypto_sync
);
1951 esp_mp
= esp_in_done(esp_mp
, ira
, ic
);
1953 /* Free mp after we are done with ic */
1954 mp
= ipsec_free_crypto_data(mp
);
1955 (void) ip_recv_attr_free_mblk(mp
);
1959 /* esp_kcf_callback_inbound() will be invoked on completion */
1960 ESP_BUMP_STAT(espstack
, crypto_async
);
1962 case CRYPTO_INVALID_MAC
:
1964 mp
= ipsec_free_crypto_data(mp
);
1965 esp_mp
= ip_recv_attr_free_mblk(mp
);
1967 ESP_BUMP_STAT(espstack
, crypto_sync
);
1968 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1969 esp_log_bad_auth(esp_mp
, ira
);
1970 /* esp_mp was passed to ip_drop_packet */
1975 mp
= ipsec_free_crypto_data(mp
);
1976 esp_mp
= ip_recv_attr_free_mblk(mp
);
1978 BUMP_MIB(ira
->ira_ill
->ill_ip_mib
, ipIfStatsInDiscards
);
1979 esp_crypto_failed(esp_mp
, B_TRUE
, kef_rc
, ira
->ira_ill
, espstack
);
1980 /* esp_mp was passed to ip_drop_packet */
1985 * Compute the IP and UDP checksums -- common code for both keepalives and
1986 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP
1987 * uses mblk-insertion to insert the UDP header.
1988 * TODO - If there is an easy way to prep a packet for HW checksums, make
1990 * Note that this is used before both before calling ip_output_simple and
1991 * in the esp datapath. The former could use IXAF_SET_ULP_CKSUM but not the
1995 esp_prepare_udp(netstack_t
*ns
, mblk_t
*mp
, ipha_t
*ipha
)
2001 uint_t hlen
= IPH_HDR_LENGTH(ipha
);
2003 ASSERT(MBLKL(mp
) >= sizeof (ipha_t
));
2005 ipha
->ipha_hdr_checksum
= 0;
2006 ipha
->ipha_hdr_checksum
= ip_csum_hdr(ipha
);
2008 if (ns
->netstack_udp
->us_do_checksum
) {
2009 ASSERT(MBLKL(udpmp
) >= sizeof (udpha_t
));
2010 /* arr points to the IP header. */
2011 arr
= (uint16_t *)ipha
;
2012 IP_STAT(ns
->netstack_ip
, ip_out_sw_cksum
);
2013 IP_STAT_UPDATE(ns
->netstack_ip
, ip_out_sw_cksum_bytes
,
2014 ntohs(htons(ipha
->ipha_length
) - hlen
));
2015 /* arr[6-9] are the IP addresses. */
2016 cksum
= IP_UDP_CSUM_COMP
+ arr
[6] + arr
[7] + arr
[8] + arr
[9] +
2017 ntohs(htons(ipha
->ipha_length
) - hlen
);
2018 cksum
= IP_CSUM(mp
, hlen
, cksum
);
2019 offset
= hlen
+ UDP_CHECKSUM_OFFSET
;
2020 while (offset
>= MBLKL(udpmp
)) {
2021 offset
-= MBLKL(udpmp
);
2022 udpmp
= udpmp
->b_cont
;
2024 /* arr points to the UDP header's checksum field. */
2025 arr
= (uint16_t *)(udpmp
->b_rptr
+ offset
);
2031 * taskq handler so we can send the NAT-T keepalive on a separate thread.
2034 actually_send_keepalive(void *arg
)
2036 mblk_t
*mp
= (mblk_t
*)arg
;
2037 ip_xmit_attr_t ixas
;
2039 netstackid_t stackid
;
2041 stackid
= (netstackid_t
)(uintptr_t)mp
->b_prev
;
2043 ns
= netstack_find_by_stackid(stackid
);
2046 ip_drop_output("ipIfStatsOutDiscards", mp
, NULL
);
2051 bzero(&ixas
, sizeof (ixas
));
2052 ixas
.ixa_zoneid
= ALL_ZONES
;
2053 ixas
.ixa_cred
= kcred
;
2054 ixas
.ixa_cpid
= NOPID
;
2055 ixas
.ixa_ipst
= ns
->netstack_ip
;
2056 /* No ULP checksum; done by esp_prepare_udp */
2057 ixas
.ixa_flags
= (IXAF_IS_IPV4
| IXAF_NO_IPSEC
| IXAF_VERIFY_SOURCE
);
2059 (void) ip_output_simple(mp
, &ixas
);
2065 * Send a one-byte UDP NAT-T keepalive.
2068 ipsecesp_send_keepalive(ipsa_t
*assoc
)
2073 netstack_t
*ns
= assoc
->ipsa_netstack
;
2075 ASSERT(MUTEX_NOT_HELD(&assoc
->ipsa_lock
));
2077 mp
= allocb(sizeof (ipha_t
) + sizeof (udpha_t
) + 1, BPRI_HI
);
2080 ipha
= (ipha_t
*)mp
->b_rptr
;
2081 ipha
->ipha_version_and_hdr_length
= IP_SIMPLE_HDR_VERSION
;
2082 ipha
->ipha_type_of_service
= 0;
2083 ipha
->ipha_length
= htons(sizeof (ipha_t
) + sizeof (udpha_t
) + 1);
2084 /* Use the low-16 of the SPI so we have some clue where it came from. */
2085 ipha
->ipha_ident
= *(((uint16_t *)(&assoc
->ipsa_spi
)) + 1);
2086 ipha
->ipha_fragment_offset_and_flags
= 0; /* Too small to fragment! */
2087 ipha
->ipha_ttl
= 0xFF;
2088 ipha
->ipha_protocol
= IPPROTO_UDP
;
2089 ipha
->ipha_hdr_checksum
= 0;
2090 ipha
->ipha_src
= assoc
->ipsa_srcaddr
[0];
2091 ipha
->ipha_dst
= assoc
->ipsa_dstaddr
[0];
2092 udpha
= (udpha_t
*)(ipha
+ 1);
2093 udpha
->uha_src_port
= (assoc
->ipsa_local_nat_port
!= 0) ?
2094 assoc
->ipsa_local_nat_port
: htons(IPPORT_IKE_NATT
);
2095 udpha
->uha_dst_port
= (assoc
->ipsa_remote_nat_port
!= 0) ?
2096 assoc
->ipsa_remote_nat_port
: htons(IPPORT_IKE_NATT
);
2097 udpha
->uha_length
= htons(sizeof (udpha_t
) + 1);
2098 udpha
->uha_checksum
= 0;
2099 mp
->b_wptr
= (uint8_t *)(udpha
+ 1);
2100 *(mp
->b_wptr
++) = 0xFF;
2102 esp_prepare_udp(ns
, mp
, ipha
);
2105 * We're holding an isaf_t bucket lock, so pawn off the actual
2106 * packet transmission to another thread. Just in case syncq
2107 * processing causes a same-bucket packet to be processed.
2109 mp
->b_prev
= (mblk_t
*)(uintptr_t)ns
->netstack_stackid
;
2111 if (taskq_dispatch(esp_taskq
, actually_send_keepalive
, mp
,
2113 /* Assume no memory if taskq_dispatch() fails. */
2115 ip_drop_packet(mp
, B_FALSE
, NULL
,
2116 DROPPER(ns
->netstack_ipsec
, ipds_esp_nomem
),
2117 &ns
->netstack_ipsecesp
->esp_dropper
);
2122 * Returns mp if successfully completed the request. Returns
2123 * NULL if it failed (and increments InDiscards) or if it is pending.
2126 esp_submit_req_outbound(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
, ipsa_t
*assoc
,
2127 uchar_t
*icv_buf
, uint_t payload_len
)
2130 crypto_call_req_t call_req
, *callrp
;
2134 int kef_rc
= CRYPTO_FAILED
;
2135 uint_t icv_len
= assoc
->ipsa_mac_len
;
2136 crypto_ctx_template_t auth_ctx_tmpl
;
2137 boolean_t do_auth
, do_encr
, force
;
2138 uint_t iv_len
= assoc
->ipsa_iv_len
;
2139 crypto_ctx_template_t encr_ctx_tmpl
;
2140 boolean_t is_natt
= ((assoc
->ipsa_flags
& IPSA_F_NATT
) != 0);
2141 size_t esph_offset
= (is_natt
? UDPH_SIZE
: 0);
2142 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
2143 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2144 ipsec_crypto_t
*ic
, icstack
;
2146 crypto_data_t
*cd_ptr
= NULL
;
2147 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
2148 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2150 esp3dbg(espstack
, ("esp_submit_req_outbound:%s",
2151 is_natt
? "natt" : "not natt"));
2153 do_encr
= assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
;
2154 do_auth
= assoc
->ipsa_auth_alg
!= SADB_AALG_NONE
;
2155 force
= (assoc
->ipsa_flags
& IPSA_F_ASYNC
);
2157 #ifdef IPSEC_LATENCY_TEST
2158 kef_rc
= CRYPTO_SUCCESS
;
2160 kef_rc
= CRYPTO_FAILED
;
2164 * Outbound IPsec packets are of the form:
2165 * [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
2166 * unless it's NATT, then it's
2167 * [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
2168 * Get a pointer to the mblk containing the ESP header.
2170 ASSERT(data_mp
->b_cont
!= NULL
);
2171 esp_mp
= data_mp
->b_cont
;
2172 esph_ptr
= (esph_t
*)(esp_mp
->b_rptr
+ esph_offset
);
2173 iv_ptr
= (uchar_t
*)(esph_ptr
+ 1);
2176 * Combined mode algs need a nonce. This is setup in sadb_common_add().
2177 * If for some reason we are using a SA which does not have a nonce
2178 * then we must fail here.
2180 if ((assoc
->ipsa_flags
& IPSA_F_COUNTERMODE
) &&
2181 (assoc
->ipsa_nonce
== NULL
)) {
2182 ip_drop_packet(data_mp
, B_FALSE
, NULL
,
2183 DROPPER(ipss
, ipds_esp_nomem
), &espstack
->esp_dropper
);
2188 /* We are doing asynch; allocate mblks to hold state */
2189 if ((mp
= ip_xmit_attr_to_mblk(ixa
)) == NULL
||
2190 (mp
= ipsec_add_crypto_data(mp
, &ic
)) == NULL
) {
2191 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2192 ip_drop_output("ipIfStatsOutDiscards", data_mp
, ill
);
2199 ESP_INIT_CALLREQ(callrp
, mp
, esp_kcf_callback_outbound
);
2202 * If we know we are going to do sync then ipsec_crypto_t
2203 * should be on the stack.
2206 bzero(ic
, sizeof (*ic
));
2212 /* authentication context template */
2213 IPSEC_CTX_TMPL(assoc
, ipsa_authtmpl
, IPSEC_ALG_AUTH
,
2216 /* where to store the computed mac */
2217 ESP_INIT_CRYPTO_MAC(&ic
->ic_crypto_mac
,
2220 /* authentication starts at the ESP header */
2221 auth_len
= payload_len
+ iv_len
+ sizeof (esph_t
);
2223 /* authentication only */
2224 /* initialize input data argument */
2225 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
2226 esp_mp
, esph_offset
, auth_len
);
2228 /* call the crypto framework */
2229 kef_rc
= crypto_mac(&assoc
->ipsa_amech
,
2230 &ic
->ic_crypto_data
,
2231 &assoc
->ipsa_kcfauthkey
, auth_ctx_tmpl
,
2232 &ic
->ic_crypto_mac
, callrp
);
2237 /* encryption context template */
2238 IPSEC_CTX_TMPL(assoc
, ipsa_encrtmpl
, IPSEC_ALG_ENCR
,
2240 /* Call the nonce update function. */
2241 (assoc
->ipsa_noncefunc
)(assoc
, (uchar_t
*)esph_ptr
, payload_len
,
2242 iv_ptr
, &ic
->ic_cmm
, &ic
->ic_crypto_data
);
2245 /* encryption only, skip mblk that contains ESP hdr */
2246 /* initialize input data argument */
2247 ESP_INIT_CRYPTO_DATA(&ic
->ic_crypto_data
,
2248 esp_mp
->b_cont
, 0, payload_len
);
2251 * For combined mode ciphers, the ciphertext is the same
2252 * size as the clear text, the ICV should follow the
2253 * ciphertext. To convince the kcf to allow in-line
2254 * encryption, with an ICV, use ipsec_out_crypto_mac
2255 * to point to the same buffer as the data. The calling
2256 * function need to ensure the buffer is large enough to
2259 * The IV is already written to the packet buffer, the
2260 * nonce setup function copied it to the params struct
2261 * for the cipher to use.
2263 if (assoc
->ipsa_flags
& IPSA_F_COMBINED
) {
2264 bcopy(&ic
->ic_crypto_data
,
2266 sizeof (crypto_data_t
));
2267 ic
->ic_crypto_mac
.cd_length
=
2268 payload_len
+ icv_len
;
2269 cd_ptr
= &ic
->ic_crypto_mac
;
2272 /* call the crypto framework */
2273 kef_rc
= crypto_encrypt((crypto_mechanism_t
*)
2274 &ic
->ic_cmm
, &ic
->ic_crypto_data
,
2275 &assoc
->ipsa_kcfencrkey
, encr_ctx_tmpl
,
2281 if (do_auth
&& do_encr
) {
2283 * Encryption and authentication:
2284 * Pass the pointer to the mblk chain starting at the ESP
2285 * header to the framework. Skip the ESP header mblk
2286 * for encryption, which is reflected by an encryption
2287 * offset equal to the length of that mblk. Start
2288 * the authentication at the ESP header, i.e. use an
2289 * authentication offset of zero.
2291 ESP_INIT_CRYPTO_DUAL_DATA(&ic
->ic_crypto_dual_data
,
2292 esp_mp
, MBLKL(esp_mp
), payload_len
, esph_offset
, auth_len
);
2295 ic
->ic_crypto_dual_data
.dd_miscdata
= (char *)iv_ptr
;
2297 /* call the framework */
2298 kef_rc
= crypto_encrypt_mac(&assoc
->ipsa_emech
,
2299 &assoc
->ipsa_amech
, NULL
,
2300 &assoc
->ipsa_kcfencrkey
, &assoc
->ipsa_kcfauthkey
,
2301 encr_ctx_tmpl
, auth_ctx_tmpl
,
2302 &ic
->ic_crypto_dual_data
,
2303 &ic
->ic_crypto_mac
, callrp
);
2307 case CRYPTO_SUCCESS
:
2308 ESP_BUMP_STAT(espstack
, crypto_sync
);
2309 esp_set_usetime(assoc
, B_FALSE
);
2311 mp
= ipsec_free_crypto_data(mp
);
2312 data_mp
= ip_xmit_attr_free_mblk(mp
);
2315 esp_prepare_udp(ns
, data_mp
, (ipha_t
*)data_mp
->b_rptr
);
2318 /* esp_kcf_callback_outbound() will be invoked on completion */
2319 ESP_BUMP_STAT(espstack
, crypto_async
);
2324 mp
= ipsec_free_crypto_data(mp
);
2325 data_mp
= ip_xmit_attr_free_mblk(mp
);
2327 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2328 esp_crypto_failed(data_mp
, B_FALSE
, kef_rc
, NULL
, espstack
);
2329 /* data_mp was passed to ip_drop_packet */
2334 * Handle outbound IPsec processing for IPv4 and IPv6
2336 * Returns data_mp if successfully completed the request. Returns
2337 * NULL if it failed (and increments InDiscards) or if it is pending.
2340 esp_outbound(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
2342 mblk_t
*espmp
, *tailmp
;
2345 esph_t
*esph_ptr
, *iv_ptr
;
2348 uintptr_t divpoint
, datalen
, adj
, padlen
, i
, alloclen
;
2349 uintptr_t esplen
= sizeof (esph_t
);
2352 uint_t iv_len
, block_size
, mac_len
= 0;
2355 boolean_t is_natt
= B_FALSE
;
2356 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
2357 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2358 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2359 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
2360 boolean_t need_refrele
= B_FALSE
;
2362 ESP_BUMP_STAT(espstack
, out_requests
);
2365 * <sigh> We have to copy the message here, because TCP (for example)
2366 * keeps a dupb() of the message lying around for retransmission.
2367 * Since ESP changes the whole of the datagram, we have to create our
2368 * own copy lest we clobber TCP's data. Since we have to copy anyway,
2369 * we might as well make use of msgpullup() and get the mblk into one
2372 tailmp
= msgpullup(data_mp
, -1);
2373 if (tailmp
== NULL
) {
2374 esp0dbg(("esp_outbound: msgpullup() failed, "
2375 "dropping packet.\n"));
2376 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2377 DROPPER(ipss
, ipds_esp_nomem
),
2378 &espstack
->esp_dropper
);
2379 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2385 assoc
= ixa
->ixa_ipsec_esp_sa
;
2386 ASSERT(assoc
!= NULL
);
2391 ipha
= (ipha_t
*)data_mp
->b_rptr
; /* So we can call esp_acquire(). */
2393 if (ixa
->ixa_flags
& IXAF_IS_IPV4
) {
2394 ASSERT(IPH_HDR_VERSION(ipha
) == IPV4_VERSION
);
2397 divpoint
= IPH_HDR_LENGTH(ipha
);
2398 datalen
= ntohs(ipha
->ipha_length
) - divpoint
;
2399 nhp
= (uint8_t *)&ipha
->ipha_protocol
;
2403 ASSERT(IPH_HDR_VERSION(ipha
) == IPV6_VERSION
);
2406 ip6h
= (ip6_t
*)ipha
;
2407 bzero(&ipp
, sizeof (ipp
));
2408 divpoint
= ip_find_hdr_v6(data_mp
, ip6h
, &ipp
, NULL
);
2409 if (ipp
.ipp_dstopts
!= NULL
&&
2410 ipp
.ipp_dstopts
->ip6d_nxt
!= IPPROTO_ROUTING
) {
2412 * Destination options are tricky. If we get in here,
2413 * then we have a terminal header following the
2414 * destination options. We need to adjust backwards
2415 * so we insert ESP BEFORE the destination options
2416 * bag. (So that the dstopts get encrypted!)
2418 * Since this is for outbound packets only, we know
2419 * that non-terminal destination options only precede
2422 divpoint
-= ipp
.ipp_dstoptslen
;
2424 datalen
= ntohs(ip6h
->ip6_plen
) + sizeof (ip6_t
) - divpoint
;
2426 if (ipp
.ipp_rthdr
!= NULL
) {
2427 nhp
= &ipp
.ipp_rthdr
->ip6r_nxt
;
2428 } else if (ipp
.ipp_hopopts
!= NULL
) {
2429 nhp
= &ipp
.ipp_hopopts
->ip6h_nxt
;
2431 ASSERT(divpoint
== sizeof (ip6_t
));
2432 /* It's probably IP + ESP. */
2433 nhp
= &ip6h
->ip6_nxt
;
2437 mac_len
= assoc
->ipsa_mac_len
;
2439 if (assoc
->ipsa_flags
& IPSA_F_NATT
) {
2440 /* wedge in UDP header */
2442 esplen
+= UDPH_SIZE
;
2446 * Set up ESP header and encryption padding for ENCR PI request.
2449 /* Determine the padding length. Pad to 4-bytes for no-encryption. */
2450 if (assoc
->ipsa_encr_alg
!= SADB_EALG_NULL
) {
2451 iv_len
= assoc
->ipsa_iv_len
;
2452 block_size
= assoc
->ipsa_datalen
;
2455 * Pad the data to the length of the cipher block size.
2456 * Include the two additional bytes (hence the - 2) for the
2457 * padding length and the next header. Take this into account
2458 * when calculating the actual length of the padding.
2460 ASSERT(ISP2(iv_len
));
2461 padlen
= ((unsigned)(block_size
- datalen
- 2)) &
2465 padlen
= ((unsigned)(sizeof (uint32_t) - datalen
- 2)) &
2466 (sizeof (uint32_t) - 1);
2469 /* Allocate ESP header and IV. */
2473 * Update association byte-count lifetimes. Don't forget to take
2474 * into account the padding length and next-header (hence the + 2).
2476 * Use the amount of data fed into the "encryption algorithm". This
2477 * is the IV, the data length, the padding length, and the final two
2478 * bytes (padlen, and next-header).
2482 if (!esp_age_bytes(assoc
, datalen
+ padlen
+ iv_len
+ 2, B_FALSE
)) {
2483 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2484 DROPPER(ipss
, ipds_esp_bytes_expire
),
2485 &espstack
->esp_dropper
);
2486 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2492 espmp
= allocb(esplen
, BPRI_HI
);
2493 if (espmp
== NULL
) {
2494 ESP_BUMP_STAT(espstack
, out_discards
);
2495 esp1dbg(espstack
, ("esp_outbound: can't allocate espmp.\n"));
2496 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2497 DROPPER(ipss
, ipds_esp_nomem
),
2498 &espstack
->esp_dropper
);
2499 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2504 espmp
->b_wptr
+= esplen
;
2505 esph_ptr
= (esph_t
*)espmp
->b_rptr
;
2508 esp3dbg(espstack
, ("esp_outbound: NATT"));
2510 udpha
= (udpha_t
*)espmp
->b_rptr
;
2511 udpha
->uha_src_port
= (assoc
->ipsa_local_nat_port
!= 0) ?
2512 assoc
->ipsa_local_nat_port
: htons(IPPORT_IKE_NATT
);
2513 udpha
->uha_dst_port
= (assoc
->ipsa_remote_nat_port
!= 0) ?
2514 assoc
->ipsa_remote_nat_port
: htons(IPPORT_IKE_NATT
);
2516 * Set the checksum to 0, so that the esp_prepare_udp() call
2517 * can do the right thing.
2519 udpha
->uha_checksum
= 0;
2520 esph_ptr
= (esph_t
*)(udpha
+ 1);
2523 esph_ptr
->esph_spi
= assoc
->ipsa_spi
;
2525 esph_ptr
->esph_replay
= htonl(atomic_inc_32_nv(&assoc
->ipsa_replay
));
2526 if (esph_ptr
->esph_replay
== 0 && assoc
->ipsa_replay_wsize
!= 0) {
2528 * XXX We have replay counter wrapping.
2529 * We probably want to nuke this SA (and its peer).
2531 ipsec_assocfailure(info
.mi_idnum
, 0, 0,
2532 SL_ERROR
| SL_CONSOLE
| SL_WARN
,
2533 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n",
2534 esph_ptr
->esph_spi
, assoc
->ipsa_dstaddr
, af
,
2535 espstack
->ipsecesp_netstack
);
2537 ESP_BUMP_STAT(espstack
, out_discards
);
2538 sadb_replay_delete(assoc
);
2539 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2540 DROPPER(ipss
, ipds_esp_replay
),
2541 &espstack
->esp_dropper
);
2542 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2548 iv_ptr
= (esph_ptr
+ 1);
2550 * iv_ptr points to the mblk which will contain the IV once we have
2551 * written it there. This mblk will be part of a mblk chain that
2552 * will make up the packet.
2554 * For counter mode algorithms, the IV is a 64 bit quantity, it
2555 * must NEVER repeat in the lifetime of the SA, otherwise an
2556 * attacker who had recorded enough packets might be able to
2557 * determine some clear text.
2559 * To ensure this does not happen, the IV is stored in the SA and
2560 * incremented for each packet, the IV is then copied into the
2561 * "packet" for transmission to the receiving system. The IV will
2562 * also be copied into the nonce, when the packet is encrypted.
2564 * CBC mode algorithms use a random IV for each packet. We do not
2565 * require the highest quality random bits, but for best security
2566 * with CBC mode ciphers, the value must be unlikely to repeat and
2567 * must not be known in advance to an adversary capable of influencing
2570 if (!update_iv((uint8_t *)iv_ptr
, espstack
->esp_pfkey_q
, assoc
,
2572 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2573 DROPPER(ipss
, ipds_esp_iv_wrap
), &espstack
->esp_dropper
);
2579 /* Fix the IP header. */
2580 alloclen
= padlen
+ 2 + mac_len
;
2581 adj
= alloclen
+ (espmp
->b_wptr
- espmp
->b_rptr
);
2585 if (ixa
->ixa_flags
& IXAF_IS_IPV4
) {
2586 ipha
->ipha_length
= htons(ntohs(ipha
->ipha_length
) + adj
);
2589 udpha
->uha_length
= htons(ntohs(ipha
->ipha_length
) -
2590 IPH_HDR_LENGTH(ipha
));
2594 ipha
->ipha_hdr_checksum
= 0;
2595 ipha
->ipha_hdr_checksum
= (uint16_t)ip_csum_hdr(ipha
);
2597 ip6h
->ip6_plen
= htons(ntohs(ip6h
->ip6_plen
) + adj
);
2601 /* I've got the two ESP mblks, now insert them. */
2603 esp2dbg(espstack
, ("data_mp before outbound ESP adjustment:\n"));
2604 esp2dbg(espstack
, (dump_msg(data_mp
)));
2606 if (!esp_insert_esp(data_mp
, espmp
, divpoint
, espstack
)) {
2607 ESP_BUMP_STAT(espstack
, out_discards
);
2608 /* NOTE: esp_insert_esp() only fails if there's no memory. */
2609 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2610 DROPPER(ipss
, ipds_esp_nomem
),
2611 &espstack
->esp_dropper
);
2613 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2619 /* Append padding (and leave room for ICV). */
2620 for (tailmp
= data_mp
; tailmp
->b_cont
!= NULL
; tailmp
= tailmp
->b_cont
)
2622 if (tailmp
->b_wptr
+ alloclen
> tailmp
->b_datap
->db_lim
) {
2623 tailmp
->b_cont
= allocb(alloclen
, BPRI_HI
);
2624 if (tailmp
->b_cont
== NULL
) {
2625 ESP_BUMP_STAT(espstack
, out_discards
);
2626 esp0dbg(("esp_outbound: Can't allocate tailmp.\n"));
2627 ip_drop_packet(data_mp
, B_FALSE
, ill
,
2628 DROPPER(ipss
, ipds_esp_nomem
),
2629 &espstack
->esp_dropper
);
2630 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
2635 tailmp
= tailmp
->b_cont
;
2639 * If there's padding, N bytes of padding must be of the form 0x1,
2642 for (i
= 0; i
< padlen
; ) {
2644 *tailmp
->b_wptr
++ = i
;
2646 *tailmp
->b_wptr
++ = i
;
2647 *tailmp
->b_wptr
++ = protocol
;
2649 esp2dbg(espstack
, ("data_Mp before encryption:\n"));
2650 esp2dbg(espstack
, (dump_msg(data_mp
)));
2653 * Okay. I've set up the pre-encryption ESP. Let's do it!
2657 ASSERT(tailmp
->b_wptr
+ mac_len
<= tailmp
->b_datap
->db_lim
);
2658 icv_buf
= tailmp
->b_wptr
;
2659 tailmp
->b_wptr
+= mac_len
;
2664 data_mp
= esp_submit_req_outbound(data_mp
, ixa
, assoc
, icv_buf
,
2665 datalen
+ padlen
+ 2);
2672 * IP calls this to validate the ICMP errors that
2673 * we got from the network.
2676 ipsecesp_icmp_error(mblk_t
*data_mp
, ip_recv_attr_t
*ira
)
2678 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
2679 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2680 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
2683 * Unless we get an entire packet back, this function is useless.
2686 * 1.) Partial packets are useless, because the "next header"
2687 * is at the end of the decrypted ESP packet. Without the
2688 * whole packet, this is useless.
2690 * 2.) If we every use a stateful cipher, such as a stream or a
2691 * one-time pad, we can't do anything.
2693 * Since the chances of us getting an entire packet back are very
2694 * very small, we discard here.
2696 IP_ESP_BUMP_STAT(ipss
, in_discards
);
2697 ip_drop_packet(data_mp
, B_TRUE
, ira
->ira_ill
,
2698 DROPPER(ipss
, ipds_esp_icmp
),
2699 &espstack
->esp_dropper
);
2704 * Construct an SADB_REGISTER message with the current algorithms.
2705 * This function gets called when 'ipsecalgs -s' is run or when
2706 * in.iked (or other KMD) starts.
2709 esp_register_out(uint32_t sequence
, uint32_t pid
, uint_t serial
,
2710 ipsecesp_stack_t
*espstack
, cred_t
*cr
)
2712 mblk_t
*pfkey_msg_mp
, *keysock_out_mp
;
2714 sadb_supported_t
*sasupp_auth
= NULL
;
2715 sadb_supported_t
*sasupp_encr
= NULL
;
2717 uint_t allocsize
= sizeof (*samsg
);
2718 uint_t i
, numalgs_snap
;
2720 ipsec_alginfo_t
**authalgs
;
2723 ipsec_alginfo_t
**encralgs
;
2725 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
2726 sadb_ext_t
*nextext
;
2728 /* Allocate the KEYSOCK_OUT. */
2729 keysock_out_mp
= sadb_keysock_out(serial
);
2730 if (keysock_out_mp
== NULL
) {
2731 esp0dbg(("esp_register_out: couldn't allocate mblk.\n"));
2736 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
2739 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
2741 * Fill SADB_REGISTER message's algorithm descriptors. Hold
2742 * down the lock while filling it.
2744 * Return only valid algorithms, so the number of algorithms
2745 * to send up may be less than the number of algorithm entries
2748 authalgs
= ipss
->ipsec_alglists
[IPSEC_ALG_AUTH
];
2749 for (num_aalgs
= 0, i
= 0; i
< IPSEC_MAX_ALGS
; i
++)
2750 if (authalgs
[i
] != NULL
&& ALG_VALID(authalgs
[i
]))
2753 if (num_aalgs
!= 0) {
2754 allocsize
+= (num_aalgs
* sizeof (*saalg
));
2755 allocsize
+= sizeof (*sasupp_auth
);
2757 encralgs
= ipss
->ipsec_alglists
[IPSEC_ALG_ENCR
];
2758 for (num_ealgs
= 0, i
= 0; i
< IPSEC_MAX_ALGS
; i
++)
2759 if (encralgs
[i
] != NULL
&& ALG_VALID(encralgs
[i
]))
2762 if (num_ealgs
!= 0) {
2763 allocsize
+= (num_ealgs
* sizeof (*saalg
));
2764 allocsize
+= sizeof (*sasupp_encr
);
2766 keysock_out_mp
->b_cont
= allocb(allocsize
, BPRI_HI
);
2767 if (keysock_out_mp
->b_cont
== NULL
) {
2768 rw_exit(&ipss
->ipsec_alg_lock
);
2769 freemsg(keysock_out_mp
);
2772 pfkey_msg_mp
= keysock_out_mp
->b_cont
;
2773 pfkey_msg_mp
->b_wptr
+= allocsize
;
2775 nextext
= (sadb_ext_t
*)(pfkey_msg_mp
->b_rptr
+ sizeof (*samsg
));
2777 if (num_aalgs
!= 0) {
2778 sasupp_auth
= (sadb_supported_t
*)nextext
;
2779 saalg
= (sadb_alg_t
*)(sasupp_auth
+ 1);
2781 ASSERT(((ulong_t
)saalg
& 0x7) == 0);
2785 ((i
< IPSEC_MAX_ALGS
) && (numalgs_snap
< num_aalgs
));
2787 if (authalgs
[i
] == NULL
|| !ALG_VALID(authalgs
[i
]))
2790 saalg
->sadb_alg_id
= authalgs
[i
]->alg_id
;
2791 saalg
->sadb_alg_ivlen
= 0;
2792 saalg
->sadb_alg_minbits
= authalgs
[i
]->alg_ef_minbits
;
2793 saalg
->sadb_alg_maxbits
= authalgs
[i
]->alg_ef_maxbits
;
2794 saalg
->sadb_x_alg_increment
=
2795 authalgs
[i
]->alg_increment
;
2796 saalg
->sadb_x_alg_saltbits
= SADB_8TO1(
2797 authalgs
[i
]->alg_saltlen
);
2801 ASSERT(numalgs_snap
== num_aalgs
);
2804 * Reality check to make sure I snagged all of the
2807 for (; i
< IPSEC_MAX_ALGS
; i
++) {
2808 if (authalgs
[i
] != NULL
&& ALG_VALID(authalgs
[i
])) {
2809 cmn_err(CE_PANIC
, "esp_register_out()! "
2810 "Missed aalg #%d.\n", i
);
2814 nextext
= (sadb_ext_t
*)saalg
;
2817 if (num_ealgs
!= 0) {
2818 sasupp_encr
= (sadb_supported_t
*)nextext
;
2819 saalg
= (sadb_alg_t
*)(sasupp_encr
+ 1);
2823 ((i
< IPSEC_MAX_ALGS
) && (numalgs_snap
< num_ealgs
)); i
++) {
2824 if (encralgs
[i
] == NULL
|| !ALG_VALID(encralgs
[i
]))
2826 saalg
->sadb_alg_id
= encralgs
[i
]->alg_id
;
2827 saalg
->sadb_alg_ivlen
= encralgs
[i
]->alg_ivlen
;
2828 saalg
->sadb_alg_minbits
= encralgs
[i
]->alg_ef_minbits
;
2829 saalg
->sadb_alg_maxbits
= encralgs
[i
]->alg_ef_maxbits
;
2831 * We could advertise the ICV length, except there
2832 * is not a value in sadb_x_algb to do this.
2833 * saalg->sadb_alg_maclen = encralgs[i]->alg_maclen;
2835 saalg
->sadb_x_alg_increment
=
2836 encralgs
[i
]->alg_increment
;
2837 saalg
->sadb_x_alg_saltbits
=
2838 SADB_8TO1(encralgs
[i
]->alg_saltlen
);
2843 ASSERT(numalgs_snap
== num_ealgs
);
2846 * Reality check to make sure I snagged all of the
2849 for (; i
< IPSEC_MAX_ALGS
; i
++) {
2850 if (encralgs
[i
] != NULL
&& ALG_VALID(encralgs
[i
])) {
2851 cmn_err(CE_PANIC
, "esp_register_out()! "
2852 "Missed ealg #%d.\n", i
);
2856 nextext
= (sadb_ext_t
*)saalg
;
2859 current_aalgs
= num_aalgs
;
2860 current_ealgs
= num_ealgs
;
2862 rw_exit(&ipss
->ipsec_alg_lock
);
2864 /* Now fill the rest of the SADB_REGISTER message. */
2866 samsg
= (sadb_msg_t
*)pfkey_msg_mp
->b_rptr
;
2867 samsg
->sadb_msg_version
= PF_KEY_V2
;
2868 samsg
->sadb_msg_type
= SADB_REGISTER
;
2869 samsg
->sadb_msg_errno
= 0;
2870 samsg
->sadb_msg_satype
= SADB_SATYPE_ESP
;
2871 samsg
->sadb_msg_len
= SADB_8TO64(allocsize
);
2872 samsg
->sadb_msg_reserved
= 0;
2874 * Assume caller has sufficient sequence/pid number info. If it's one
2875 * from me over a new alg., I could give two hoots about sequence.
2877 samsg
->sadb_msg_seq
= sequence
;
2878 samsg
->sadb_msg_pid
= pid
;
2880 if (sasupp_auth
!= NULL
) {
2881 sasupp_auth
->sadb_supported_len
= SADB_8TO64(
2882 sizeof (*sasupp_auth
) + sizeof (*saalg
) * current_aalgs
);
2883 sasupp_auth
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
2884 sasupp_auth
->sadb_supported_reserved
= 0;
2887 if (sasupp_encr
!= NULL
) {
2888 sasupp_encr
->sadb_supported_len
= SADB_8TO64(
2889 sizeof (*sasupp_encr
) + sizeof (*saalg
) * current_ealgs
);
2890 sasupp_encr
->sadb_supported_exttype
=
2891 SADB_EXT_SUPPORTED_ENCRYPT
;
2892 sasupp_encr
->sadb_supported_reserved
= 0;
2895 if (espstack
->esp_pfkey_q
!= NULL
)
2896 putnext(espstack
->esp_pfkey_q
, keysock_out_mp
);
2898 freemsg(keysock_out_mp
);
2906 * Invoked when the algorithm table changes. Causes SADB_REGISTER
2907 * messages continaining the current list of algorithms to be
2908 * sent up to the ESP listeners.
2911 ipsecesp_algs_changed(netstack_t
*ns
)
2913 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2916 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners
2917 * everywhere. (The function itself checks for NULL esp_pfkey_q.)
2919 (void) esp_register_out(0, 0, 0, espstack
, NULL
);
2923 * Stub function that taskq_dispatch() invokes to take the mblk (in arg)
2924 * and send() it into ESP and IP again.
2927 inbound_task(void *arg
)
2929 mblk_t
*mp
= (mblk_t
*)arg
;
2931 ip_recv_attr_t iras
;
2934 mp
= async_mp
->b_cont
;
2935 async_mp
->b_cont
= NULL
;
2936 if (!ip_recv_attr_from_mblk(async_mp
, &iras
)) {
2937 /* The ill or ip_stack_t disappeared on us */
2938 ip_drop_input("ip_recv_attr_from_mblk", mp
, NULL
);
2943 esp_inbound_restart(mp
, &iras
);
2945 ira_cleanup(&iras
, B_TRUE
);
2949 * Restart ESP after the SA has been added.
2952 esp_inbound_restart(mblk_t
*mp
, ip_recv_attr_t
*ira
)
2955 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
2956 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
2958 esp2dbg(espstack
, ("in ESP inbound_task"));
2959 ASSERT(espstack
!= NULL
);
2961 mp
= ipsec_inbound_esp_sa(mp
, ira
, &esph
);
2965 ASSERT(esph
!= NULL
);
2966 ASSERT(ira
->ira_flags
& IRAF_IPSEC_SECURE
);
2967 ASSERT(ira
->ira_ipsec_esp_sa
!= NULL
);
2969 mp
= ira
->ira_ipsec_esp_sa
->ipsa_input_func(mp
, esph
, ira
);
2972 * Either it failed or is pending. In the former case
2973 * ipIfStatsInDiscards was increased.
2978 ip_input_post_ipsec(mp
, ira
);
2982 * Now that weak-key passed, actually ADD the security association, and
2983 * send back a reply ADD message.
2986 esp_add_sa_finish(mblk_t
*mp
, sadb_msg_t
*samsg
, keysock_in_t
*ksi
,
2987 int *diagnostic
, ipsecesp_stack_t
*espstack
)
2989 isaf_t
*primary
= NULL
, *secondary
;
2990 boolean_t clone
= B_FALSE
, is_inbound
= B_FALSE
;
2991 ipsa_t
*larval
= NULL
;
2993 iacqf_t
*acq_bucket
;
2994 mblk_t
*acq_msgs
= NULL
;
2999 ipsec_stack_t
*ipss
= espstack
->ipsecesp_netstack
->netstack_ipsec
;
3002 * Locate the appropriate table(s).
3004 sq
.spp
= &espstack
->esp_sadb
; /* XXX */
3005 error
= sadb_form_query(ksi
, IPSA_Q_SA
|IPSA_Q_DST
,
3006 IPSA_Q_SA
|IPSA_Q_DST
|IPSA_Q_INBOUND
|IPSA_Q_OUTBOUND
,
3012 * Use the direction flags provided by the KMD to determine
3013 * if the inbound or outbound table should be the primary
3014 * for this SA. If these flags were absent then make this
3015 * decision based on the addresses.
3017 if (sq
.assoc
->sadb_sa_flags
& IPSA_F_INBOUND
) {
3018 primary
= sq
.inbound
;
3019 secondary
= sq
.outbound
;
3020 is_inbound
= B_TRUE
;
3021 if (sq
.assoc
->sadb_sa_flags
& IPSA_F_OUTBOUND
)
3023 } else if (sq
.assoc
->sadb_sa_flags
& IPSA_F_OUTBOUND
) {
3024 primary
= sq
.outbound
;
3025 secondary
= sq
.inbound
;
3028 if (primary
== NULL
) {
3030 * The KMD did not set a direction flag, determine which
3031 * table to insert the SA into based on addresses.
3033 switch (ksi
->ks_in_dsttype
) {
3034 case KS_IN_ADDR_MBCAST
:
3035 clone
= B_TRUE
; /* All mcast SAs can be bidirectional */
3036 sq
.assoc
->sadb_sa_flags
|= IPSA_F_OUTBOUND
;
3039 * If the source address is either one of mine, or unspecified
3040 * (which is best summed up by saying "not 'not mine'"),
3041 * then the association is potentially bi-directional,
3042 * in that it can be used for inbound traffic and outbound
3043 * traffic. The best example of such an SA is a multicast
3044 * SA (which allows me to receive the outbound traffic).
3047 sq
.assoc
->sadb_sa_flags
|= IPSA_F_INBOUND
;
3048 primary
= sq
.inbound
;
3049 secondary
= sq
.outbound
;
3050 if (ksi
->ks_in_srctype
!= KS_IN_ADDR_NOTME
)
3052 is_inbound
= B_TRUE
;
3055 * If the source address literally not mine (either
3056 * unspecified or not mine), then this SA may have an
3057 * address that WILL be mine after some configuration.
3058 * We pay the price for this by making it a bi-directional
3061 case KS_IN_ADDR_NOTME
:
3062 sq
.assoc
->sadb_sa_flags
|= IPSA_F_OUTBOUND
;
3063 primary
= sq
.outbound
;
3064 secondary
= sq
.inbound
;
3065 if (ksi
->ks_in_srctype
!= KS_IN_ADDR_ME
) {
3066 sq
.assoc
->sadb_sa_flags
|= IPSA_F_INBOUND
;
3071 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_DST
;
3077 * Find a ACQUIRE list entry if possible. If we've added an SA that
3078 * suits the needs of an ACQUIRE list entry, we can eliminate the
3079 * ACQUIRE list entry and transmit the enqueued packets. Use the
3080 * high-bit of the sequence number to queue it. Key off destination
3081 * addr, and change acqrec's state.
3084 if (samsg
->sadb_msg_seq
& IACQF_LOWEST_SEQ
) {
3085 acq_bucket
= &(sq
.sp
->sdb_acq
[sq
.outhash
]);
3086 mutex_enter(&acq_bucket
->iacqf_lock
);
3087 for (acqrec
= acq_bucket
->iacqf_ipsacq
; acqrec
!= NULL
;
3088 acqrec
= acqrec
->ipsacq_next
) {
3089 mutex_enter(&acqrec
->ipsacq_lock
);
3091 * Q: I only check sequence. Should I check dst?
3092 * A: Yes, check dest because those are the packets
3093 * that are queued up.
3095 if (acqrec
->ipsacq_seq
== samsg
->sadb_msg_seq
&&
3096 IPSA_ARE_ADDR_EQUAL(sq
.dstaddr
,
3097 acqrec
->ipsacq_dstaddr
, acqrec
->ipsacq_addrfam
))
3099 mutex_exit(&acqrec
->ipsacq_lock
);
3101 if (acqrec
!= NULL
) {
3103 * AHA! I found an ACQUIRE record for this SA.
3104 * Grab the msg list, and free the acquire record.
3105 * I already am holding the lock for this record,
3106 * so all I have to do is free it.
3108 acq_msgs
= acqrec
->ipsacq_mp
;
3109 acqrec
->ipsacq_mp
= NULL
;
3110 mutex_exit(&acqrec
->ipsacq_lock
);
3111 sadb_destroy_acquire(acqrec
,
3112 espstack
->ipsecesp_netstack
);
3114 mutex_exit(&acq_bucket
->iacqf_lock
);
3118 * Find PF_KEY message, and see if I'm an update. If so, find entry
3119 * in larval list (if there).
3121 if (samsg
->sadb_msg_type
== SADB_UPDATE
) {
3122 mutex_enter(&sq
.inbound
->isaf_lock
);
3123 larval
= ipsec_getassocbyspi(sq
.inbound
, sq
.assoc
->sadb_sa_spi
,
3124 ALL_ZEROES_PTR
, sq
.dstaddr
, sq
.dst
->sin_family
);
3125 mutex_exit(&sq
.inbound
->isaf_lock
);
3127 if ((larval
== NULL
) ||
3128 (larval
->ipsa_state
!= IPSA_STATE_LARVAL
)) {
3129 *diagnostic
= SADB_X_DIAGNOSTIC_SA_NOTFOUND
;
3130 if (larval
!= NULL
) {
3131 IPSA_REFRELE(larval
);
3133 esp0dbg(("Larval update, but larval disappeared.\n"));
3135 } /* Else sadb_common_add unlinks it for me! */
3138 if (larval
!= NULL
) {
3140 * Hold again, because sadb_common_add() consumes a reference,
3141 * and we don't want to clear_lpkt() without a reference.
3143 IPSA_REFHOLD(larval
);
3146 rc
= sadb_common_add(espstack
->esp_pfkey_q
,
3147 mp
, samsg
, ksi
, primary
, secondary
, larval
, clone
, is_inbound
,
3148 diagnostic
, espstack
->ipsecesp_netstack
, &espstack
->esp_sadb
);
3150 if (larval
!= NULL
) {
3152 lpkt
= sadb_clear_lpkt(larval
);
3154 rc
= !taskq_dispatch(esp_taskq
, inbound_task
,
3158 IPSA_REFRELE(larval
);
3162 * How much more stack will I create with all of these
3163 * esp_outbound() calls?
3166 /* Handle the packets queued waiting for the SA */
3167 while (acq_msgs
!= NULL
) {
3170 ip_xmit_attr_t ixas
;
3174 acq_msgs
= acq_msgs
->b_next
;
3175 asyncmp
->b_next
= NULL
;
3178 * Extract the ip_xmit_attr_t from the first mblk.
3179 * Verifies that the netstack and ill is still around; could
3180 * have vanished while iked was doing its work.
3181 * On succesful return we have a nce_t and the ill/ipst can't
3182 * disappear until we do the nce_refrele in ixa_cleanup.
3184 data_mp
= asyncmp
->b_cont
;
3185 asyncmp
->b_cont
= NULL
;
3186 if (!ip_xmit_attr_from_mblk(asyncmp
, &ixas
)) {
3187 ESP_BUMP_STAT(espstack
, out_discards
);
3188 ip_drop_packet(data_mp
, B_FALSE
, NULL
,
3189 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3190 &espstack
->esp_dropper
);
3191 } else if (rc
!= 0) {
3192 ill
= ixas
.ixa_nce
->nce_ill
;
3193 ESP_BUMP_STAT(espstack
, out_discards
);
3194 ip_drop_packet(data_mp
, B_FALSE
, ill
,
3195 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3196 &espstack
->esp_dropper
);
3197 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
3199 esp_outbound_finish(data_mp
, &ixas
);
3208 * Process one of the queued messages (from ipsacq_mp) once the SA
3212 esp_outbound_finish(mblk_t
*data_mp
, ip_xmit_attr_t
*ixa
)
3214 netstack_t
*ns
= ixa
->ixa_ipst
->ips_netstack
;
3215 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3216 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3217 ill_t
*ill
= ixa
->ixa_nce
->nce_ill
;
3219 if (!ipsec_outbound_sa(data_mp
, ixa
, IPPROTO_ESP
)) {
3220 ESP_BUMP_STAT(espstack
, out_discards
);
3221 ip_drop_packet(data_mp
, B_FALSE
, ill
,
3222 DROPPER(ipss
, ipds_sadb_acquire_timeout
),
3223 &espstack
->esp_dropper
);
3224 BUMP_MIB(ill
->ill_ip_mib
, ipIfStatsOutDiscards
);
3228 data_mp
= esp_outbound(data_mp
, ixa
);
3229 if (data_mp
== NULL
)
3232 /* do AH processing if needed */
3233 data_mp
= esp_do_outbound_ah(data_mp
, ixa
);
3234 if (data_mp
== NULL
)
3237 (void) ip_output_post_ipsec(data_mp
, ixa
);
3241 * Add new ESP security association. This may become a generic AH/ESP
3242 * routine eventually.
3245 esp_add_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
, netstack_t
*ns
)
3247 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3248 sadb_address_t
*srcext
=
3249 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_SRC
];
3250 sadb_address_t
*dstext
=
3251 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3252 sadb_address_t
*isrcext
=
3253 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_INNER_SRC
];
3254 sadb_address_t
*idstext
=
3255 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_INNER_DST
];
3256 sadb_address_t
*nttext_loc
=
3257 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_NATT_LOC
];
3258 sadb_address_t
*nttext_rem
=
3259 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_X_EXT_ADDRESS_NATT_REM
];
3260 sadb_key_t
*akey
= (sadb_key_t
*)ksi
->ks_in_extv
[SADB_EXT_KEY_AUTH
];
3261 sadb_key_t
*ekey
= (sadb_key_t
*)ksi
->ks_in_extv
[SADB_EXT_KEY_ENCRYPT
];
3262 struct sockaddr_in
*src
, *dst
;
3263 struct sockaddr_in
*natt_loc
, *natt_rem
;
3264 struct sockaddr_in6
*natt_loc6
, *natt_rem6
;
3265 sadb_lifetime_t
*soft
=
3266 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_EXT_LIFETIME_SOFT
];
3267 sadb_lifetime_t
*hard
=
3268 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_EXT_LIFETIME_HARD
];
3269 sadb_lifetime_t
*idle
=
3270 (sadb_lifetime_t
*)ksi
->ks_in_extv
[SADB_X_EXT_LIFETIME_IDLE
];
3271 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3272 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3276 /* I need certain extensions present for an ADD message. */
3277 if (srcext
== NULL
) {
3278 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SRC
;
3281 if (dstext
== NULL
) {
3282 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_DST
;
3285 if (isrcext
== NULL
&& idstext
!= NULL
) {
3286 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_INNER_SRC
;
3289 if (isrcext
!= NULL
&& idstext
== NULL
) {
3290 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_INNER_DST
;
3293 if (assoc
== NULL
) {
3294 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SA
;
3297 if (ekey
== NULL
&& assoc
->sadb_sa_encrypt
!= SADB_EALG_NULL
) {
3298 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_EKEY
;
3302 src
= (struct sockaddr_in
*)(srcext
+ 1);
3303 dst
= (struct sockaddr_in
*)(dstext
+ 1);
3304 natt_loc
= (struct sockaddr_in
*)(nttext_loc
+ 1);
3305 natt_loc6
= (struct sockaddr_in6
*)(nttext_loc
+ 1);
3306 natt_rem
= (struct sockaddr_in
*)(nttext_rem
+ 1);
3307 natt_rem6
= (struct sockaddr_in6
*)(nttext_rem
+ 1);
3309 /* Sundry ADD-specific reality checks. */
3310 /* XXX STATS : Logging/stats here? */
3312 if ((assoc
->sadb_sa_state
!= SADB_SASTATE_MATURE
) &&
3313 (assoc
->sadb_sa_state
!= SADB_X_SASTATE_ACTIVE_ELSEWHERE
)) {
3314 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_SASTATE
;
3317 if (assoc
->sadb_sa_encrypt
== SADB_EALG_NONE
) {
3318 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EALG
;
3322 #ifndef IPSEC_LATENCY_TEST
3323 if (assoc
->sadb_sa_encrypt
== SADB_EALG_NULL
&&
3324 assoc
->sadb_sa_auth
== SADB_AALG_NONE
) {
3325 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AALG
;
3330 if (assoc
->sadb_sa_flags
& ~espstack
->esp_sadb
.s_addflags
) {
3331 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_SAFLAGS
;
3335 if ((*diagnostic
= sadb_hardsoftchk(hard
, soft
, idle
)) != 0) {
3338 ASSERT(src
->sin_family
== dst
->sin_family
);
3340 if (assoc
->sadb_sa_flags
& SADB_X_SAFLAGS_NATT_LOC
) {
3341 if (nttext_loc
== NULL
) {
3342 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_NATT_LOC
;
3346 if (natt_loc
->sin_family
== AF_INET6
&&
3347 !IN6_IS_ADDR_V4MAPPED(&natt_loc6
->sin6_addr
)) {
3348 *diagnostic
= SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC
;
3353 if (assoc
->sadb_sa_flags
& SADB_X_SAFLAGS_NATT_REM
) {
3354 if (nttext_rem
== NULL
) {
3355 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_NATT_REM
;
3358 if (natt_rem
->sin_family
== AF_INET6
&&
3359 !IN6_IS_ADDR_V4MAPPED(&natt_rem6
->sin6_addr
)) {
3360 *diagnostic
= SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM
;
3366 /* Stuff I don't support, for now. XXX Diagnostic? */
3367 if (ksi
->ks_in_extv
[SADB_EXT_LIFETIME_CURRENT
] != NULL
)
3368 return (EOPNOTSUPP
);
3371 * XXX Policy : I'm not checking identities at this time,
3372 * but if I did, I'd do them here, before I sent
3373 * the weak key check up to the algorithm.
3376 rw_enter(&ipss
->ipsec_alg_lock
, RW_READER
);
3379 * First locate the authentication algorithm.
3381 #ifdef IPSEC_LATENCY_TEST
3382 if (akey
!= NULL
&& assoc
->sadb_sa_auth
!= SADB_AALG_NONE
) {
3386 ipsec_alginfo_t
*aalg
;
3388 aalg
= ipss
->ipsec_alglists
[IPSEC_ALG_AUTH
]
3389 [assoc
->sadb_sa_auth
];
3390 if (aalg
== NULL
|| !ALG_VALID(aalg
)) {
3391 rw_exit(&ipss
->ipsec_alg_lock
);
3392 esp1dbg(espstack
, ("Couldn't find auth alg #%d.\n",
3393 assoc
->sadb_sa_auth
));
3394 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AALG
;
3399 * Sanity check key sizes.
3400 * Note: It's not possible to use SADB_AALG_NONE because
3401 * this auth_alg is not defined with ALG_FLAG_VALID. If this
3402 * ever changes, the same check for SADB_AALG_NONE and
3403 * a auth_key != NULL should be made here ( see below).
3405 if (!ipsec_valid_key_size(akey
->sadb_key_bits
, aalg
)) {
3406 rw_exit(&ipss
->ipsec_alg_lock
);
3407 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_AKEYBITS
;
3410 ASSERT(aalg
->alg_mech_type
!= CRYPTO_MECHANISM_INVALID
);
3412 /* check key and fix parity if needed */
3413 if (ipsec_check_key(aalg
->alg_mech_type
, akey
, B_TRUE
,
3415 rw_exit(&ipss
->ipsec_alg_lock
);
3421 * Then locate the encryption algorithm.
3425 ipsec_alginfo_t
*ealg
;
3427 ealg
= ipss
->ipsec_alglists
[IPSEC_ALG_ENCR
]
3428 [assoc
->sadb_sa_encrypt
];
3429 if (ealg
== NULL
|| !ALG_VALID(ealg
)) {
3430 rw_exit(&ipss
->ipsec_alg_lock
);
3431 esp1dbg(espstack
, ("Couldn't find encr alg #%d.\n",
3432 assoc
->sadb_sa_encrypt
));
3433 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EALG
;
3438 * Sanity check key sizes. If the encryption algorithm is
3439 * SADB_EALG_NULL but the encryption key is NOT
3440 * NULL then complain.
3442 * The keying material includes salt bits if required by
3443 * algorithm and optionally the Initial IV, check the
3444 * length of whats left.
3446 keybits
= ekey
->sadb_key_bits
;
3447 keybits
-= ekey
->sadb_key_reserved
;
3448 keybits
-= SADB_8TO1(ealg
->alg_saltlen
);
3449 if ((assoc
->sadb_sa_encrypt
== SADB_EALG_NULL
) ||
3450 (!ipsec_valid_key_size(keybits
, ealg
))) {
3451 rw_exit(&ipss
->ipsec_alg_lock
);
3452 *diagnostic
= SADB_X_DIAGNOSTIC_BAD_EKEYBITS
;
3455 ASSERT(ealg
->alg_mech_type
!= CRYPTO_MECHANISM_INVALID
);
3458 if (ipsec_check_key(ealg
->alg_mech_type
, ekey
, B_FALSE
,
3460 rw_exit(&ipss
->ipsec_alg_lock
);
3464 rw_exit(&ipss
->ipsec_alg_lock
);
3466 return (esp_add_sa_finish(mp
, (sadb_msg_t
*)mp
->b_cont
->b_rptr
, ksi
,
3467 diagnostic
, espstack
));
3471 * Update a security association. Updates come in two varieties. The first
3472 * is an update of lifetimes on a non-larval SA. The second is an update of
3473 * a larval SA, which ends up looking a lot more like an add.
3476 esp_update_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
,
3477 ipsecesp_stack_t
*espstack
, uint8_t sadb_msg_type
)
3479 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3483 sadb_address_t
*dstext
=
3484 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3486 if (dstext
== NULL
) {
3487 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_DST
;
3491 rcode
= sadb_update_sa(mp
, ksi
, &buf_pkt
, &espstack
->esp_sadb
,
3492 diagnostic
, espstack
->esp_pfkey_q
, esp_add_sa
,
3493 espstack
->ipsecesp_netstack
, sadb_msg_type
);
3495 if ((assoc
->sadb_sa_state
!= SADB_X_SASTATE_ACTIVE
) ||
3500 HANDLE_BUF_PKT(esp_taskq
, espstack
->ipsecesp_netstack
->netstack_ipsec
,
3501 espstack
->esp_dropper
, buf_pkt
);
3506 /* XXX refactor me */
3508 * Delete a security association. This is REALLY likely to be code common to
3509 * both AH and ESP. Find the association, then unlink it.
3512 esp_del_sa(mblk_t
*mp
, keysock_in_t
*ksi
, int *diagnostic
,
3513 ipsecesp_stack_t
*espstack
, uint8_t sadb_msg_type
)
3515 sadb_sa_t
*assoc
= (sadb_sa_t
*)ksi
->ks_in_extv
[SADB_EXT_SA
];
3516 sadb_address_t
*dstext
=
3517 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_DST
];
3518 sadb_address_t
*srcext
=
3519 (sadb_address_t
*)ksi
->ks_in_extv
[SADB_EXT_ADDRESS_SRC
];
3520 struct sockaddr_in
*sin
;
3522 if (assoc
== NULL
) {
3523 if (dstext
!= NULL
) {
3524 sin
= (struct sockaddr_in
*)(dstext
+ 1);
3525 } else if (srcext
!= NULL
) {
3526 sin
= (struct sockaddr_in
*)(srcext
+ 1);
3528 *diagnostic
= SADB_X_DIAGNOSTIC_MISSING_SA
;
3531 return (sadb_purge_sa(mp
, ksi
,
3532 (sin
->sin_family
== AF_INET6
) ? &espstack
->esp_sadb
.s_v6
:
3533 &espstack
->esp_sadb
.s_v4
, diagnostic
,
3534 espstack
->esp_pfkey_q
));
3537 return (sadb_delget_sa(mp
, ksi
, &espstack
->esp_sadb
, diagnostic
,
3538 espstack
->esp_pfkey_q
, sadb_msg_type
));
3541 /* XXX refactor me */
3543 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP
3547 esp_dump(mblk_t
*mp
, keysock_in_t
*ksi
, ipsecesp_stack_t
*espstack
)
3553 * Dump each fanout, bailing if error is non-zero.
3556 error
= sadb_dump(espstack
->esp_pfkey_q
, mp
, ksi
,
3557 &espstack
->esp_sadb
.s_v4
);
3561 error
= sadb_dump(espstack
->esp_pfkey_q
, mp
, ksi
,
3562 &espstack
->esp_sadb
.s_v6
);
3564 ASSERT(mp
->b_cont
!= NULL
);
3565 samsg
= (sadb_msg_t
*)mp
->b_cont
->b_rptr
;
3566 samsg
->sadb_msg_errno
= (uint8_t)error
;
3567 sadb_pfkey_echo(espstack
->esp_pfkey_q
, mp
,
3568 (sadb_msg_t
*)mp
->b_cont
->b_rptr
, ksi
, NULL
);
3572 * First-cut reality check for an inbound PF_KEY message.
3575 esp_pfkey_reality_failures(mblk_t
*mp
, keysock_in_t
*ksi
,
3576 ipsecesp_stack_t
*espstack
)
3580 if (ksi
->ks_in_extv
[SADB_EXT_PROPOSAL
] != NULL
) {
3581 diagnostic
= SADB_X_DIAGNOSTIC_PROP_PRESENT
;
3584 if (ksi
->ks_in_extv
[SADB_EXT_SUPPORTED_AUTH
] != NULL
||
3585 ksi
->ks_in_extv
[SADB_EXT_SUPPORTED_ENCRYPT
] != NULL
) {
3586 diagnostic
= SADB_X_DIAGNOSTIC_SUPP_PRESENT
;
3589 return (B_FALSE
); /* False ==> no failures */
3592 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
, diagnostic
,
3594 return (B_TRUE
); /* True ==> failures */
3598 * ESP parsing of PF_KEY messages. Keysock did most of the really silly
3599 * error cases. What I receive is a fully-formed, syntactically legal
3600 * PF_KEY message. I then need to check semantics...
3602 * This code may become common to AH and ESP. Stay tuned.
3604 * I also make the assumption that db_ref's are cool. If this assumption
3605 * is wrong, this means that someone other than keysock or me has been
3606 * mucking with PF_KEY messages.
3609 esp_parse_pfkey(mblk_t
*mp
, ipsecesp_stack_t
*espstack
)
3611 mblk_t
*msg
= mp
->b_cont
;
3615 int diagnostic
= SADB_X_DIAGNOSTIC_NONE
;
3617 ASSERT(msg
!= NULL
);
3619 samsg
= (sadb_msg_t
*)msg
->b_rptr
;
3620 ksi
= (keysock_in_t
*)mp
->b_rptr
;
3623 * If applicable, convert unspecified AF_INET6 to unspecified
3624 * AF_INET. And do other address reality checks.
3626 if (!sadb_addrfix(ksi
, espstack
->esp_pfkey_q
, mp
,
3627 espstack
->ipsecesp_netstack
) ||
3628 esp_pfkey_reality_failures(mp
, ksi
, espstack
)) {
3632 switch (samsg
->sadb_msg_type
) {
3634 error
= esp_add_sa(mp
, ksi
, &diagnostic
,
3635 espstack
->ipsecesp_netstack
);
3637 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3638 diagnostic
, ksi
->ks_in_serial
);
3640 /* else esp_add_sa() took care of things. */
3643 case SADB_X_DELPAIR
:
3644 case SADB_X_DELPAIR_STATE
:
3645 error
= esp_del_sa(mp
, ksi
, &diagnostic
, espstack
,
3646 samsg
->sadb_msg_type
);
3648 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3649 diagnostic
, ksi
->ks_in_serial
);
3651 /* Else esp_del_sa() took care of things. */
3654 error
= sadb_delget_sa(mp
, ksi
, &espstack
->esp_sadb
,
3655 &diagnostic
, espstack
->esp_pfkey_q
, samsg
->sadb_msg_type
);
3657 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3658 diagnostic
, ksi
->ks_in_serial
);
3660 /* Else sadb_get_sa() took care of things. */
3663 sadbp_flush(&espstack
->esp_sadb
, espstack
->ipsecesp_netstack
);
3664 sadb_pfkey_echo(espstack
->esp_pfkey_q
, mp
, samsg
, ksi
, NULL
);
3668 * Hmmm, let's do it! Check for extensions (there should
3669 * be none), extract the fields, call esp_register_out(),
3670 * then either free or report an error.
3672 * Keysock takes care of the PF_KEY bookkeeping for this.
3674 if (esp_register_out(samsg
->sadb_msg_seq
, samsg
->sadb_msg_pid
,
3675 ksi
->ks_in_serial
, espstack
, msg_getcred(mp
, NULL
))) {
3679 * Only way this path hits is if there is a memory
3680 * failure. It will not return B_FALSE because of
3681 * lack of esp_pfkey_q if I am in wput().
3683 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, ENOMEM
,
3684 diagnostic
, ksi
->ks_in_serial
);
3688 case SADB_X_UPDATEPAIR
:
3690 * Find a larval, if not there, find a full one and get
3693 error
= esp_update_sa(mp
, ksi
, &diagnostic
, espstack
,
3694 samsg
->sadb_msg_type
);
3696 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, error
,
3697 diagnostic
, ksi
->ks_in_serial
);
3699 /* else esp_update_sa() took care of things. */
3703 * Reserve a new larval entry.
3705 esp_getspi(mp
, ksi
, espstack
);
3709 * Find larval and/or ACQUIRE record and kill it (them), I'm
3710 * most likely an error. Inbound ACQUIRE messages should only
3711 * have the base header.
3713 sadb_in_acquire(samsg
, &espstack
->esp_sadb
,
3714 espstack
->esp_pfkey_q
, espstack
->ipsecesp_netstack
);
3721 esp_dump(mp
, ksi
, espstack
);
3722 /* esp_dump will take care of the return message, etc. */
3725 /* Should never reach me. */
3726 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EOPNOTSUPP
,
3727 diagnostic
, ksi
->ks_in_serial
);
3730 sadb_pfkey_error(espstack
->esp_pfkey_q
, mp
, EINVAL
,
3731 SADB_X_DIAGNOSTIC_UNKNOWN_MSG
, ksi
->ks_in_serial
);
3737 * Handle case where PF_KEY says it can't find a keysock for one of my
3741 esp_keysock_no_socket(mblk_t
*mp
, ipsecesp_stack_t
*espstack
)
3744 keysock_out_err_t
*kse
= (keysock_out_err_t
*)mp
->b_rptr
;
3746 if (mp
->b_cont
== NULL
) {
3750 samsg
= (sadb_msg_t
*)mp
->b_cont
->b_rptr
;
3753 * If keysock can't find any registered, delete the acquire record
3754 * immediately, and handle errors.
3756 if (samsg
->sadb_msg_type
== SADB_ACQUIRE
) {
3757 samsg
->sadb_msg_errno
= kse
->ks_err_errno
;
3758 samsg
->sadb_msg_len
= SADB_8TO64(sizeof (*samsg
));
3760 * Use the write-side of the esp_pfkey_q
3762 sadb_in_acquire(samsg
, &espstack
->esp_sadb
,
3763 WR(espstack
->esp_pfkey_q
), espstack
->ipsecesp_netstack
);
3770 * ESP module write put routine.
3773 ipsecesp_wput(queue_t
*q
, mblk_t
*mp
)
3776 struct iocblk
*iocp
;
3777 ipsecesp_stack_t
*espstack
= (ipsecesp_stack_t
*)q
->q_ptr
;
3779 esp3dbg(espstack
, ("In esp_wput().\n"));
3781 /* NOTE: Each case must take care of freeing or passing mp. */
3782 switch (mp
->b_datap
->db_type
) {
3784 if ((mp
->b_wptr
- mp
->b_rptr
) < sizeof (ipsec_info_t
)) {
3785 /* Not big enough message. */
3789 ii
= (ipsec_info_t
*)mp
->b_rptr
;
3791 switch (ii
->ipsec_info_type
) {
3792 case KEYSOCK_OUT_ERR
:
3793 esp1dbg(espstack
, ("Got KEYSOCK_OUT_ERR message.\n"));
3794 esp_keysock_no_socket(mp
, espstack
);
3797 ESP_BUMP_STAT(espstack
, keysock_in
);
3798 esp3dbg(espstack
, ("Got KEYSOCK_IN message.\n"));
3800 /* Parse the message. */
3801 esp_parse_pfkey(mp
, espstack
);
3804 sadb_keysock_hello(&espstack
->esp_pfkey_q
, q
, mp
,
3805 esp_ager
, (void *)espstack
, &espstack
->esp_event
,
3809 esp2dbg(espstack
, ("Got M_CTL from above of 0x%x.\n",
3810 ii
->ipsec_info_type
));
3816 iocp
= (struct iocblk
*)mp
->b_rptr
;
3817 switch (iocp
->ioc_cmd
) {
3820 if (nd_getset(q
, espstack
->ipsecesp_g_nd
, mp
)) {
3824 iocp
->ioc_error
= ENOENT
;
3828 /* We really don't support any other ioctls, do we? */
3831 if (iocp
->ioc_error
!= ENOENT
)
3832 iocp
->ioc_error
= EINVAL
;
3833 iocp
->ioc_count
= 0;
3834 mp
->b_datap
->db_type
= M_IOCACK
;
3840 ("Got default message, type %d, passing to IP.\n",
3841 mp
->b_datap
->db_type
));
3847 * Wrapper to allow IP to trigger an ESP association failure message
3848 * during inbound SA selection.
3851 ipsecesp_in_assocfailure(mblk_t
*mp
, char level
, ushort_t sl
, char *fmt
,
3852 uint32_t spi
, void *addr
, int af
, ip_recv_attr_t
*ira
)
3854 netstack_t
*ns
= ira
->ira_ill
->ill_ipst
->ips_netstack
;
3855 ipsecesp_stack_t
*espstack
= ns
->netstack_ipsecesp
;
3856 ipsec_stack_t
*ipss
= ns
->netstack_ipsec
;
3858 if (espstack
->ipsecesp_log_unknown_spi
) {
3859 ipsec_assocfailure(info
.mi_idnum
, 0, level
, sl
, fmt
, spi
,
3860 addr
, af
, espstack
->ipsecesp_netstack
);
3863 ip_drop_packet(mp
, B_TRUE
, ira
->ira_ill
,
3864 DROPPER(ipss
, ipds_esp_no_sa
),
3865 &espstack
->esp_dropper
);
3869 * Initialize the ESP input and output processing functions.
3872 ipsecesp_init_funcs(ipsa_t
*sa
)
3874 if (sa
->ipsa_output_func
== NULL
)
3875 sa
->ipsa_output_func
= esp_outbound
;
3876 if (sa
->ipsa_input_func
== NULL
)
3877 sa
->ipsa_input_func
= esp_inbound
;