1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /*
26 * Copyright 2017 Joyent, Inc.
27 * Copyright 2024 Oxide Computer Company
28 */
29
30 #include <sys/param.h>
31 #include <sys/types.h>
32 #include <sys/stream.h>
33 #include <sys/strsubr.h>
34 #include <sys/strsun.h>
35 #include <sys/stropts.h>
36 #include <sys/vnode.h>
37 #include <sys/zone.h>
38 #include <sys/strlog.h>
39 #include <sys/sysmacros.h>
40 #define _SUN_TPI_VERSION 2
41 #include <sys/tihdr.h>
42 #include <sys/timod.h>
43 #include <sys/tiuser.h>
44 #include <sys/ddi.h>
45 #include <sys/sunddi.h>
46 #include <sys/sunldi.h>
47 #include <sys/file.h>
48 #include <sys/modctl.h>
49 #include <sys/debug.h>
50 #include <sys/kmem.h>
51 #include <sys/cmn_err.h>
52 #include <sys/proc.h>
53 #include <sys/suntpi.h>
54 #include <sys/atomic.h>
55 #include <sys/mkdev.h>
56 #include <sys/policy.h>
57 #include <sys/disp.h>
58
59 #include <sys/socket.h>
60 #include <netinet/in.h>
61 #include <net/pfkeyv2.h>
62
63 #include <inet/common.h>
64 #include <netinet/ip6.h>
65 #include <inet/ip.h>
66 #include <inet/proto_set.h>
67 #include <inet/nd.h>
68 #include <inet/optcom.h>
69 #include <inet/ipsec_info.h>
70 #include <inet/ipsec_impl.h>
71 #include <inet/tcp_sig.h>
72 #include <inet/keysock.h>
73
74 #include <sys/isa_defs.h>
75
76 /*
77 * This is a transport provider for the PF_KEY key management socket.
78 * (See RFC 2367 for details.)
79 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN
80 * messages (see ipsec_info.h), and passed to the appropriate consumer.
81 * Upstream messages are generated for all open PF_KEY sockets, when
82 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled)
83 * in reply to downstream messages.
84 *
85 * Upstream messages must be created asynchronously for the following
86 * situations:
87 *
88 * 1.) A keysock consumer requires an SA, and there is currently none.
89 * 2.) An SA expires, either hard or soft lifetime.
90 * 3.) Other events a consumer deems fit.
91 *
92 * The MT model of this is PERMOD, with shared put procedures. Two types of
93 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send
94 * down the *multiple* messages they create.
95 */
96
97 static vmem_t *keysock_vmem; /* for minor numbers. */
98
99 #define KEYSOCK_MAX_CONSUMERS 256
100
101 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */
102 static struct T_info_ack keysock_g_t_info_ack = {
103 T_INFO_ACK,
104 T_INFINITE, /* TSDU_size. Maximum size messages. */
105 T_INVALID, /* ETSDU_size. No expedited data. */
106 T_INVALID, /* CDATA_size. No connect data. */
107 T_INVALID, /* DDATA_size. No disconnect data. */
108 0, /* ADDR_size. */
109 0, /* OPT_size. No user-settable options */
110 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */
111 T_COTS, /* SERV_type. keysock supports connection oriented. */
112 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */
113 (XPG4_1) /* Provider flags */
114 };
115
116 /* Named Dispatch Parameter Management Structure */
117 typedef struct keysockparam_s {
118 uint_t keysock_param_min;
119 uint_t keysock_param_max;
120 uint_t keysock_param_value;
121 char *keysock_param_name;
122 } keysockparam_t;
123
124 /*
125 * Table of NDD variables supported by keysock. These are loaded into
126 * keysock_g_nd in keysock_init_nd.
127 * All of these are alterable, within the min/max values given, at run time.
128 */
129 static keysockparam_t lcl_param_arr[] = {
130 /* min max value name */
131 { 4096, 65536, 8192, "keysock_xmit_hiwat"},
132 { 0, 65536, 1024, "keysock_xmit_lowat"},
133 { 4096, 65536, 8192, "keysock_recv_hiwat"},
134 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"},
135 { 0, 3, 0, "keysock_debug"},
136 };
137 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value
138 #define keystack_xmit_lowat keystack_params[1].keysock_param_value
139 #define keystack_recv_hiwat keystack_params[2].keysock_param_value
140 #define keystack_max_buf keystack_params[3].keysock_param_value
141 #define keystack_debug keystack_params[4].keysock_param_value
142
143 #define ks0dbg(a) printf a
144 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
145 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a
146 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a
147 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a
148
149 static int keysock_close(queue_t *, int, cred_t *);
150 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *);
151 static int keysock_wput(queue_t *, mblk_t *);
152 static int keysock_rput(queue_t *, mblk_t *);
153 static int keysock_rsrv(queue_t *);
154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns);
155 static void keysock_stack_fini(netstackid_t stackid, void *arg);
156
157 static struct module_info info = {
158 5138, "keysock", 1, INFPSZ, 512, 128
159 };
160
161 static struct qinit rinit = {
162 keysock_rput, keysock_rsrv, keysock_open, keysock_close,
163 NULL, &info
164 };
165
166 static struct qinit winit = {
167 keysock_wput, NULL, NULL, NULL, NULL, &info
168 };
169
170 struct streamtab keysockinfo = {
171 &rinit, &winit
172 };
173
174 extern struct modlinkage *keysock_modlp;
175
176 /*
177 * Plumb IPsec.
178 *
179 * NOTE: New "default" modules will need to be loaded here if needed before
180 * boot time.
181 */
182
183 /* Keep these in global space to keep the lint from complaining. */
184 static char *IPSECESP = "ipsecesp";
185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp";
186 static char *IPSECAH = "ipsecah";
187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah";
188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6";
189 static char *KEYSOCK = "keysock";
190 static char *STRMOD = "strmod";
191
192 /*
193 * Load the other ipsec modules and plumb them together.
194 */
195 int
keysock_plumb_ipsec(netstack_t * ns)196 keysock_plumb_ipsec(netstack_t *ns)
197 {
198 ldi_handle_t lh, ip6_lh = NULL;
199 ldi_ident_t li = NULL;
200 int err = 0;
201 int muxid, rval;
202 boolean_t esp_present = B_TRUE;
203 cred_t *cr;
204 keysock_stack_t *keystack = ns->netstack_keysock;
205
206 #ifdef NS_DEBUG
207 (void) printf("keysock_plumb_ipsec(%d)\n",
208 ns->netstack_stackid);
209 #endif
210
211 keystack->keystack_plumbed = 0; /* we're trying again.. */
212
213 cr = zone_get_kcred(netstackid_to_zoneid(
214 keystack->keystack_netstack->netstack_stackid));
215 ASSERT(cr != NULL);
216 /*
217 * Load up the drivers (AH/ESP).
218 *
219 * I do this separately from the actual plumbing in case this function
220 * ever gets called from a diskless boot before the root filesystem is
221 * up. I don't have to worry about "keysock" because, well, if I'm
222 * here, keysock must've loaded successfully.
223 */
224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) {
225 ks0dbg(("IPsec: AH failed to attach.\n"));
226 goto bail;
227 }
228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) {
229 ks0dbg(("IPsec: ESP failed to attach.\n"));
230 esp_present = B_FALSE;
231 }
232
233 /*
234 * Set up the IP streams for AH and ESP, as well as tacking keysock
235 * on top of them. Assume keysock has set the autopushes up already.
236 */
237
238 /* Open IP. */
239 err = ldi_ident_from_mod(keysock_modlp, &li);
240 if (err) {
241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n",
242 err));
243 goto bail;
244 }
245
246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li);
247 if (err) {
248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err));
249 goto bail;
250 }
251
252 /* PLINK KEYSOCK/AH */
253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li);
254 if (err) {
255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err));
256 goto bail;
257 }
258 err = ldi_ioctl(lh,
259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
260 if (err) {
261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n",
262 err));
263 (void) ldi_close(lh, FREAD|FWRITE, cr);
264 goto bail;
265 }
266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
268 if (err) {
269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err));
270 (void) ldi_close(lh, FREAD|FWRITE, cr);
271 goto bail;
272 }
273 (void) ldi_close(lh, FREAD|FWRITE, cr);
274
275 /* PLINK KEYSOCK/ESP */
276 if (esp_present) {
277 err = ldi_open_by_name(IPSECESPDEV,
278 FREAD|FWRITE, cr, &lh, li);
279 if (err) {
280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err));
281 goto bail;
282 }
283 err = ldi_ioctl(lh,
284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
285 if (err) {
286 ks0dbg(("IPsec: "
287 "Push of KEYSOCK onto ESP failed (err %d).\n",
288 err));
289 (void) ldi_close(lh, FREAD|FWRITE, cr);
290 goto bail;
291 }
292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
294 if (err) {
295 ks0dbg(("IPsec: "
296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err));
297 (void) ldi_close(lh, FREAD|FWRITE, cr);
298 goto bail;
299 }
300 (void) ldi_close(lh, FREAD|FWRITE, cr);
301 }
302
303 bail:
304 keystack->keystack_plumbed = (err == 0) ? 1 : -1;
305 if (ip6_lh != NULL) {
306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr);
307 }
308 if (li != NULL)
309 ldi_ident_release(li);
310 #ifdef NS_DEBUG
311 (void) printf("keysock_plumb_ipsec -> %d\n",
312 keystack->keystack_plumbed);
313 #endif
314 crfree(cr);
315 return (err);
316 }
317
318 /* ARGSUSED */
319 static int
keysock_param_get(queue_t * q,mblk_t * mp,caddr_t cp,cred_t * cr)320 keysock_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr)
321 {
322 keysockparam_t *keysockpa = (keysockparam_t *)cp;
323 uint_t value;
324 keysock_t *ks = (keysock_t *)q->q_ptr;
325 keysock_stack_t *keystack = ks->keysock_keystack;
326
327 mutex_enter(&keystack->keystack_param_lock);
328 value = keysockpa->keysock_param_value;
329 mutex_exit(&keystack->keystack_param_lock);
330
331 (void) mi_mpprintf(mp, "%u", value);
332 return (0);
333 }
334
335 /* This routine sets an NDD variable in a keysockparam_t structure. */
336 /* ARGSUSED */
337 static int
keysock_param_set(queue_t * q,mblk_t * mp,char * value,caddr_t cp,cred_t * cr)338 keysock_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, cred_t *cr)
339 {
340 ulong_t new_value;
341 keysockparam_t *keysockpa = (keysockparam_t *)cp;
342 keysock_t *ks = (keysock_t *)q->q_ptr;
343 keysock_stack_t *keystack = ks->keysock_keystack;
344
345 /* Convert the value from a string into a long integer. */
346 if (ddi_strtoul(value, NULL, 10, &new_value) != 0)
347 return (EINVAL);
348
349 mutex_enter(&keystack->keystack_param_lock);
350 /*
351 * Fail the request if the new value does not lie within the
352 * required bounds.
353 */
354 if (new_value < keysockpa->keysock_param_min ||
355 new_value > keysockpa->keysock_param_max) {
356 mutex_exit(&keystack->keystack_param_lock);
357 return (EINVAL);
358 }
359
360 /* Set the new value */
361 keysockpa->keysock_param_value = new_value;
362 mutex_exit(&keystack->keystack_param_lock);
363
364 return (0);
365 }
366
367 /*
368 * Initialize keysock at module load time
369 */
370 boolean_t
keysock_ddi_init(void)371 keysock_ddi_init(void)
372 {
373 keysock_max_optsize = optcom_max_optsize(
374 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt);
375
376 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1,
377 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER);
378
379 /*
380 * We want to be informed each time a stack is created or
381 * destroyed in the kernel, so we can maintain the
382 * set of keysock_stack_t's.
383 */
384 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL,
385 keysock_stack_fini);
386
387 return (B_TRUE);
388 }
389
390 /*
391 * Walk through the param array specified registering each element with the
392 * named dispatch handler.
393 */
394 static boolean_t
keysock_param_register(IDP * ndp,keysockparam_t * ksp,int cnt)395 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt)
396 {
397 for (; cnt-- > 0; ksp++) {
398 if (ksp->keysock_param_name != NULL &&
399 ksp->keysock_param_name[0]) {
400 if (!nd_load(ndp,
401 ksp->keysock_param_name,
402 keysock_param_get, keysock_param_set,
403 (caddr_t)ksp)) {
404 nd_free(ndp);
405 return (B_FALSE);
406 }
407 }
408 }
409 return (B_TRUE);
410 }
411
412 /*
413 * Initialize keysock for one stack instance
414 */
415 /* ARGSUSED */
416 static void *
keysock_stack_init(netstackid_t stackid,netstack_t * ns)417 keysock_stack_init(netstackid_t stackid, netstack_t *ns)
418 {
419 keysock_stack_t *keystack;
420 keysockparam_t *ksp;
421
422 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP);
423 keystack->keystack_netstack = ns;
424
425 keystack->keystack_acquire_seq = 0xffffffff;
426
427 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
428 keystack->keystack_params = ksp;
429 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr));
430
431 (void) keysock_param_register(&keystack->keystack_g_nd, ksp,
432 A_CNT(lcl_param_arr));
433
434 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL);
435 mutex_init(&keystack->keystack_consumers_lock,
436 NULL, MUTEX_DEFAULT, NULL);
437 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL);
438 return (keystack);
439 }
440
441 /*
442 * Free NDD variable space, and other destructors, for keysock.
443 */
444 void
keysock_ddi_destroy(void)445 keysock_ddi_destroy(void)
446 {
447 netstack_unregister(NS_KEYSOCK);
448 vmem_destroy(keysock_vmem);
449 }
450
451 /*
452 * Remove one stack instance from keysock
453 */
454 /* ARGSUSED */
455 static void
keysock_stack_fini(netstackid_t stackid,void * arg)456 keysock_stack_fini(netstackid_t stackid, void *arg)
457 {
458 keysock_stack_t *keystack = (keysock_stack_t *)arg;
459
460 nd_free(&keystack->keystack_g_nd);
461 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr));
462 keystack->keystack_params = NULL;
463
464 mutex_destroy(&keystack->keystack_list_lock);
465 mutex_destroy(&keystack->keystack_consumers_lock);
466 mutex_destroy(&keystack->keystack_param_lock);
467
468 kmem_free(keystack, sizeof (*keystack));
469 }
470
471 /*
472 * Close routine for keysock.
473 */
474 /* ARGSUSED */
475 static int
keysock_close(queue_t * q,int flags __unused,cred_t * credp __unused)476 keysock_close(queue_t *q, int flags __unused, cred_t *credp __unused)
477 {
478 keysock_t *ks;
479 keysock_consumer_t *kc;
480 void *ptr = q->q_ptr;
481 int size;
482 keysock_stack_t *keystack;
483
484
485 qprocsoff(q);
486
487 /* Safe assumption. */
488 ASSERT(ptr != NULL);
489
490 if (WR(q)->q_next) {
491 kc = (keysock_consumer_t *)ptr;
492 keystack = kc->kc_keystack;
493
494 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n",
495 kc->kc_sa_type));
496 /*
497 * Because of PERMOD open/close exclusive perimeter, I
498 * can inspect KC_FLUSHING w/o locking down kc->kc_lock.
499 */
500 if (kc->kc_flags & KC_FLUSHING) {
501 /*
502 * If this decrement was the last one, send
503 * down the next pending one, if any.
504 *
505 * With a PERMOD perimeter, the mutexes ops aren't
506 * really necessary, but if we ever loosen up, we will
507 * have this bit covered already.
508 */
509 keystack->keystack_flushdump--;
510 if (keystack->keystack_flushdump == 0) {
511 /*
512 * The flush/dump terminated by having a
513 * consumer go away. I need to send up to the
514 * appropriate keysock all of the relevant
515 * information. Unfortunately, I don't
516 * have that handy.
517 */
518 ks0dbg(("Consumer went away while flushing or"
519 " dumping.\n"));
520 }
521 }
522 size = sizeof (keysock_consumer_t);
523 mutex_enter(&keystack->keystack_consumers_lock);
524 keystack->keystack_consumers[kc->kc_sa_type] = NULL;
525 mutex_exit(&keystack->keystack_consumers_lock);
526 mutex_destroy(&kc->kc_lock);
527 netstack_rele(kc->kc_keystack->keystack_netstack);
528 } else {
529 ks = (keysock_t *)ptr;
530 keystack = ks->keysock_keystack;
531
532 ks3dbg(keystack,
533 ("Driver close, PF_KEY socket is going away.\n"));
534 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0)
535 atomic_dec_32(&keystack->keystack_num_extended);
536 size = sizeof (keysock_t);
537 mutex_enter(&keystack->keystack_list_lock);
538 *(ks->keysock_ptpn) = ks->keysock_next;
539 if (ks->keysock_next != NULL)
540 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn;
541 mutex_exit(&keystack->keystack_list_lock);
542 mutex_destroy(&ks->keysock_lock);
543 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial,
544 1);
545 netstack_rele(ks->keysock_keystack->keystack_netstack);
546 }
547
548 /* Now I'm free. */
549 kmem_free(ptr, size);
550 return (0);
551 }
552 /*
553 * Open routine for keysock.
554 */
555 /* ARGSUSED */
556 static int
keysock_open(queue_t * q,dev_t * devp,int flag,int sflag,cred_t * credp)557 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
558 {
559 keysock_t *ks;
560 keysock_consumer_t *kc;
561 mblk_t *mp;
562 ipsec_info_t *ii;
563 netstack_t *ns;
564 keysock_stack_t *keystack;
565
566 if (secpolicy_ip_config(credp, B_FALSE) != 0) {
567 /* Privilege debugging will log the error */
568 return (EPERM);
569 }
570
571 if (q->q_ptr != NULL)
572 return (0); /* Re-open of an already open instance. */
573
574 ns = netstack_find_by_cred(credp);
575 ASSERT(ns != NULL);
576 keystack = ns->netstack_keysock;
577 ASSERT(keystack != NULL);
578
579 ks3dbg(keystack, ("Entering keysock open.\n"));
580
581 if (keystack->keystack_plumbed < 1) {
582 netstack_t *ns = keystack->keystack_netstack;
583
584 keystack->keystack_plumbed = 0;
585 #ifdef NS_DEBUG
586 printf("keysock_open(%d) - plumb\n",
587 keystack->keystack_netstack->netstack_stackid);
588 #endif
589 /*
590 * Don't worry about ipsec_failure being true here.
591 * (See ip.c). An open of keysock should try and force
592 * the issue. Maybe it was a transient failure.
593 */
594 ipsec_loader_loadnow(ns->netstack_ipsec);
595 }
596
597 if (sflag & MODOPEN) {
598 /* Initialize keysock_consumer state here. */
599 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP);
600 if (kc == NULL) {
601 netstack_rele(keystack->keystack_netstack);
602 return (ENOMEM);
603 }
604 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0);
605 kc->kc_rq = q;
606 kc->kc_wq = WR(q);
607
608 q->q_ptr = kc;
609 WR(q)->q_ptr = kc;
610
611 kc->kc_keystack = keystack;
612 qprocson(q);
613
614 /*
615 * Send down initial message to whatever I was pushed on top
616 * of asking for its consumer type. The reply will set it.
617 */
618
619 /* Allocate it. */
620 mp = allocb(sizeof (ipsec_info_t), BPRI_HI);
621 if (mp == NULL) {
622 ks1dbg(keystack, (
623 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n"));
624 /* Do I need to set these to null? */
625 q->q_ptr = NULL;
626 WR(q)->q_ptr = NULL;
627 mutex_destroy(&kc->kc_lock);
628 kmem_free(kc, sizeof (*kc));
629 netstack_rele(keystack->keystack_netstack);
630 return (ENOMEM);
631 }
632
633 /* If I allocated okay, putnext to what I was pushed atop. */
634 mp->b_wptr += sizeof (ipsec_info_t);
635 mp->b_datap->db_type = M_CTL;
636 ii = (ipsec_info_t *)mp->b_rptr;
637 ii->ipsec_info_type = KEYSOCK_HELLO;
638 /* Length only of type/len. */
639 ii->ipsec_info_len = sizeof (ii->ipsec_allu);
640 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n"));
641 putnext(kc->kc_wq, mp);
642 } else {
643 minor_t ksminor;
644
645 /* Initialize keysock state. */
646
647 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n"));
648
649 ksminor = (minor_t)(uintptr_t)
650 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP);
651 if (ksminor == 0) {
652 netstack_rele(keystack->keystack_netstack);
653 return (ENOMEM);
654 }
655 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP);
656 if (ks == NULL) {
657 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1);
658 netstack_rele(keystack->keystack_netstack);
659 return (ENOMEM);
660 }
661
662 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0);
663 ks->keysock_rq = q;
664 ks->keysock_wq = WR(q);
665 ks->keysock_state = TS_UNBND;
666 ks->keysock_serial = ksminor;
667
668 q->q_ptr = ks;
669 WR(q)->q_ptr = ks;
670 ks->keysock_keystack = keystack;
671
672 /*
673 * The receive hiwat is only looked at on the stream head
674 * queue. Store in q_hiwat in order to return on SO_RCVBUF
675 * getsockopts.
676 */
677
678 q->q_hiwat = keystack->keystack_recv_hiwat;
679
680 /*
681 * The transmit hiwat/lowat is only looked at on IP's queue.
682 * Store in q_hiwat/q_lowat in order to return on
683 * SO_SNDBUF/SO_SNDLOWAT getsockopts.
684 */
685
686 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat;
687 WR(q)->q_lowat = keystack->keystack_xmit_lowat;
688
689 *devp = makedevice(getmajor(*devp), ksminor);
690
691 /*
692 * Thread keysock into the global keysock list.
693 */
694 mutex_enter(&keystack->keystack_list_lock);
695 ks->keysock_next = keystack->keystack_list;
696 ks->keysock_ptpn = &keystack->keystack_list;
697 if (keystack->keystack_list != NULL) {
698 keystack->keystack_list->keysock_ptpn =
699 &ks->keysock_next;
700 }
701 keystack->keystack_list = ks;
702 mutex_exit(&keystack->keystack_list_lock);
703
704 qprocson(q);
705 (void) proto_set_rx_hiwat(q, NULL,
706 keystack->keystack_recv_hiwat);
707 /*
708 * Wait outside the keysock module perimeter for IPsec
709 * plumbing to be completed. If it fails, keysock_close()
710 * undoes everything we just did.
711 */
712 if (!ipsec_loader_wait(q,
713 keystack->keystack_netstack->netstack_ipsec)) {
714 (void) keysock_close(q, 0, credp);
715 return (EPFNOSUPPORT);
716 }
717 }
718
719 return (0);
720 }
721
722 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */
723
724 /*
725 * Copy relevant state bits.
726 */
727 static void
keysock_copy_info(struct T_info_ack * tap,keysock_t * ks)728 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks)
729 {
730 *tap = keysock_g_t_info_ack;
731 tap->CURRENT_state = ks->keysock_state;
732 tap->OPT_size = keysock_max_optsize;
733 }
734
735 /*
736 * This routine responds to T_CAPABILITY_REQ messages. It is called by
737 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from
738 * keysock_g_t_info_ack. The current state of the stream is copied from
739 * keysock_state.
740 */
741 static void
keysock_capability_req(queue_t * q,mblk_t * mp)742 keysock_capability_req(queue_t *q, mblk_t *mp)
743 {
744 keysock_t *ks = (keysock_t *)q->q_ptr;
745 t_uscalar_t cap_bits1;
746 struct T_capability_ack *tcap;
747
748 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
749
750 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
751 mp->b_datap->db_type, T_CAPABILITY_ACK);
752 if (mp == NULL)
753 return;
754
755 tcap = (struct T_capability_ack *)mp->b_rptr;
756 tcap->CAP_bits1 = 0;
757
758 if (cap_bits1 & TC1_INFO) {
759 keysock_copy_info(&tcap->INFO_ack, ks);
760 tcap->CAP_bits1 |= TC1_INFO;
761 }
762
763 qreply(q, mp);
764 }
765
766 /*
767 * This routine responds to T_INFO_REQ messages. It is called by
768 * keysock_wput_other.
769 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack.
770 * The current state of the stream is copied from keysock_state.
771 */
772 static void
keysock_info_req(queue_t * q,mblk_t * mp)773 keysock_info_req(queue_t *q, mblk_t *mp)
774 {
775 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO,
776 T_INFO_ACK);
777 if (mp == NULL)
778 return;
779 keysock_copy_info((struct T_info_ack *)mp->b_rptr,
780 (keysock_t *)q->q_ptr);
781 qreply(q, mp);
782 }
783
784 /*
785 * keysock_err_ack. This routine creates a
786 * T_ERROR_ACK message and passes it
787 * upstream.
788 */
789 static void
keysock_err_ack(queue_t * q,mblk_t * mp,int t_error,int sys_error)790 keysock_err_ack(queue_t *q, mblk_t *mp, int t_error, int sys_error)
791 {
792 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL)
793 qreply(q, mp);
794 }
795
796 /*
797 * This routine retrieves the current status of socket options.
798 * It returns the size of the option retrieved.
799 */
800 /* ARGSUSED */
801 int
keysock_opt_get(queue_t * q,int level,int name,uchar_t * ptr)802 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr)
803 {
804 int *i1 = (int *)ptr;
805 keysock_t *ks = (keysock_t *)q->q_ptr;
806
807 switch (level) {
808 case SOL_SOCKET:
809 mutex_enter(&ks->keysock_lock);
810 switch (name) {
811 case SO_TYPE:
812 *i1 = SOCK_RAW;
813 break;
814 case SO_USELOOPBACK:
815 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) ==
816 KEYSOCK_NOLOOP));
817 break;
818 /*
819 * The following two items can be manipulated,
820 * but changing them should do nothing.
821 */
822 case SO_SNDBUF:
823 *i1 = (int)q->q_hiwat;
824 break;
825 case SO_RCVBUF:
826 *i1 = (int)(RD(q)->q_hiwat);
827 break;
828 }
829 mutex_exit(&ks->keysock_lock);
830 break;
831 default:
832 return (0);
833 }
834 return (sizeof (int));
835 }
836
837 /*
838 * This routine sets socket options.
839 */
840 /* ARGSUSED */
841 int
keysock_opt_set(queue_t * q,uint_t mgmt_flags,int level,int name,uint_t inlen,uchar_t * invalp,uint_t * outlenp,uchar_t * outvalp,void * thisdg_attrs,cred_t * cr)842 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level,
843 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp,
844 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr)
845 {
846 int *i1 = (int *)invalp, errno = 0;
847 keysock_t *ks = (keysock_t *)q->q_ptr;
848 keysock_stack_t *keystack = ks->keysock_keystack;
849
850 switch (level) {
851 case SOL_SOCKET:
852 mutex_enter(&ks->keysock_lock);
853 switch (name) {
854 case SO_USELOOPBACK:
855 if (!(*i1))
856 ks->keysock_flags |= KEYSOCK_NOLOOP;
857 else ks->keysock_flags &= ~KEYSOCK_NOLOOP;
858 break;
859 case SO_SNDBUF:
860 if (*i1 > keystack->keystack_max_buf)
861 errno = ENOBUFS;
862 else q->q_hiwat = *i1;
863 break;
864 case SO_RCVBUF:
865 if (*i1 > keystack->keystack_max_buf) {
866 errno = ENOBUFS;
867 } else {
868 RD(q)->q_hiwat = *i1;
869 (void) proto_set_rx_hiwat(RD(q), NULL, *i1);
870 }
871 break;
872 default:
873 errno = EINVAL;
874 }
875 mutex_exit(&ks->keysock_lock);
876 break;
877 default:
878 errno = EINVAL;
879 }
880 return (errno);
881 }
882
883 /*
884 * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and
885 * PF_POLICY.
886 */
887 void
keysock_spdsock_wput_iocdata(queue_t * q,mblk_t * mp,sa_family_t family)888 keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family)
889 {
890 mblk_t *mp1;
891 STRUCT_HANDLE(strbuf, sb);
892 /* What size of sockaddr do we need? */
893 const uint_t addrlen = sizeof (struct sockaddr);
894
895 /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */
896 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) {
897 case TI_GETMYNAME:
898 case TI_GETPEERNAME:
899 break;
900 default:
901 freemsg(mp);
902 return;
903 }
904
905 switch (mi_copy_state(q, mp, &mp1)) {
906 case -1:
907 return;
908 case MI_COPY_CASE(MI_COPY_IN, 1):
909 break;
910 case MI_COPY_CASE(MI_COPY_OUT, 1):
911 /*
912 * The address has been copied out, so now
913 * copyout the strbuf.
914 */
915 mi_copyout(q, mp);
916 return;
917 case MI_COPY_CASE(MI_COPY_OUT, 2):
918 /*
919 * The address and strbuf have been copied out.
920 * We're done, so just acknowledge the original
921 * M_IOCTL.
922 */
923 mi_copy_done(q, mp, 0);
924 return;
925 default:
926 /*
927 * Something strange has happened, so acknowledge
928 * the original M_IOCTL with an EPROTO error.
929 */
930 mi_copy_done(q, mp, EPROTO);
931 return;
932 }
933
934 /*
935 * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we
936 * copyout the requested address and then we'll copyout the strbuf.
937 * Regardless of sockname or peername, we just return a sockaddr with
938 * sa_family set.
939 */
940 STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag,
941 (void *)mp1->b_rptr);
942
943 if (STRUCT_FGET(sb, maxlen) < addrlen) {
944 mi_copy_done(q, mp, EINVAL);
945 return;
946 }
947
948 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE);
949 if (mp1 == NULL)
950 return;
951
952 STRUCT_FSET(sb, len, addrlen);
953 ((struct sockaddr *)mp1->b_wptr)->sa_family = family;
954 mp1->b_wptr += addrlen;
955 mi_copyout(q, mp);
956 }
957
958 /*
959 * Handle STREAMS messages.
960 */
961 static void
keysock_wput_other(queue_t * q,mblk_t * mp)962 keysock_wput_other(queue_t *q, mblk_t *mp)
963 {
964 struct iocblk *iocp;
965 int error;
966 keysock_t *ks = (keysock_t *)q->q_ptr;
967 keysock_stack_t *keystack = ks->keysock_keystack;
968 cred_t *cr;
969
970 switch (mp->b_datap->db_type) {
971 case M_PROTO:
972 case M_PCPROTO:
973 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) {
974 ks3dbg(keystack, (
975 "keysock_wput_other: Not big enough M_PROTO\n"));
976 freemsg(mp);
977 return;
978 }
979 switch (((union T_primitives *)mp->b_rptr)->type) {
980 case T_CAPABILITY_REQ:
981 keysock_capability_req(q, mp);
982 break;
983 case T_INFO_REQ:
984 keysock_info_req(q, mp);
985 break;
986 case T_SVR4_OPTMGMT_REQ:
987 case T_OPTMGMT_REQ:
988 /*
989 * All Solaris components should pass a db_credp
990 * for this TPI message, hence we ASSERT.
991 * But in case there is some other M_PROTO that looks
992 * like a TPI message sent by some other kernel
993 * component, we check and return an error.
994 */
995 cr = msg_getcred(mp, NULL);
996 ASSERT(cr != NULL);
997 if (cr == NULL) {
998 keysock_err_ack(q, mp, TSYSERR, EINVAL);
999 return;
1000 }
1001 if (((union T_primitives *)mp->b_rptr)->type ==
1002 T_SVR4_OPTMGMT_REQ) {
1003 svr4_optcom_req(q, mp, cr, &keysock_opt_obj);
1004 } else {
1005 tpi_optcom_req(q, mp, cr, &keysock_opt_obj);
1006 }
1007 break;
1008 case T_DATA_REQ:
1009 case T_EXDATA_REQ:
1010 case T_ORDREL_REQ:
1011 /* Illegal for keysock. */
1012 freemsg(mp);
1013 (void) putnextctl1(RD(q), M_ERROR, EPROTO);
1014 break;
1015 default:
1016 /* Not supported by keysock. */
1017 keysock_err_ack(q, mp, TNOTSUPPORT, 0);
1018 break;
1019 }
1020 return;
1021 case M_IOCDATA:
1022 keysock_spdsock_wput_iocdata(q, mp, PF_KEY);
1023 return;
1024 case M_IOCTL:
1025 iocp = (struct iocblk *)mp->b_rptr;
1026 error = EINVAL;
1027
1028 switch (iocp->ioc_cmd) {
1029 case TI_GETMYNAME:
1030 case TI_GETPEERNAME:
1031 /*
1032 * For pfiles(1) observability with getsockname().
1033 * See keysock_spdsock_wput_iocdata() for the rest of
1034 * this.
1035 */
1036 mi_copyin(q, mp, NULL,
1037 SIZEOF_STRUCT(strbuf, iocp->ioc_flag));
1038 return;
1039 case ND_SET:
1040 case ND_GET:
1041 if (nd_getset(q, keystack->keystack_g_nd, mp)) {
1042 qreply(q, mp);
1043 return;
1044 } else
1045 error = ENOENT;
1046 /* FALLTHRU */
1047 default:
1048 miocnak(q, mp, 0, error);
1049 return;
1050 }
1051 case M_FLUSH:
1052 if (*mp->b_rptr & FLUSHW) {
1053 flushq(q, FLUSHALL);
1054 *mp->b_rptr &= ~FLUSHW;
1055 }
1056 if (*mp->b_rptr & FLUSHR) {
1057 qreply(q, mp);
1058 return;
1059 }
1060 /* Else FALLTHRU */
1061 }
1062
1063 /* If fell through, just black-hole the message. */
1064 freemsg(mp);
1065 }
1066
1067 /*
1068 * Transmit a PF_KEY error message to the instance either pointed to
1069 * by ks, the instance with serial number serial, or more, depending.
1070 *
1071 * The faulty message (or a reasonable facsimile thereof) is in mp.
1072 * This function will free mp or recycle it for delivery, thereby causing
1073 * the stream head to free it.
1074 */
1075 void
keysock_error(keysock_t * ks,mblk_t * mp,int error,int diagnostic)1076 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic)
1077 {
1078 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1079 keysock_stack_t *keystack = ks->keysock_keystack;
1080
1081 ASSERT(mp->b_datap->db_type == M_DATA);
1082
1083 if (samsg->sadb_msg_type < SADB_GETSPI ||
1084 samsg->sadb_msg_type > SADB_MAX)
1085 samsg->sadb_msg_type = SADB_RESERVED;
1086
1087 /*
1088 * Strip out extension headers.
1089 */
1090 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim);
1091 mp->b_wptr = mp->b_rptr + sizeof (*samsg);
1092 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t));
1093 samsg->sadb_msg_errno = (uint8_t)error;
1094 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic;
1095
1096 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack);
1097 }
1098
1099 /*
1100 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy
1101 * in the extv if passed in.
1102 */
1103 static void
keysock_passdown(keysock_t * ks,mblk_t * mp,uint8_t satype,sadb_ext_t * extv[],boolean_t flushmsg)1104 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
1105 boolean_t flushmsg)
1106 {
1107 keysock_consumer_t *kc;
1108 mblk_t *wrapper;
1109 keysock_in_t *ksi;
1110 int i;
1111 keysock_stack_t *keystack = ks->keysock_keystack;
1112
1113 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI);
1114 if (wrapper == NULL) {
1115 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n"));
1116 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL) {
1117 bzero(extv[SADB_EXT_KEY_ENCRYPT],
1118 SADB_64TO8(
1119 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len));
1120 }
1121 if (extv[SADB_EXT_KEY_AUTH] != NULL) {
1122 bzero(extv[SADB_EXT_KEY_AUTH],
1123 SADB_64TO8(
1124 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len));
1125 }
1126 if (extv[SADB_X_EXT_STR_AUTH] != NULL) {
1127 bzero(extv[SADB_X_EXT_STR_AUTH],
1128 SADB_64TO8(
1129 extv[SADB_X_EXT_STR_AUTH]->sadb_ext_len));
1130 }
1131 if (flushmsg) {
1132 ks0dbg((
1133 "keysock: Downwards flush/dump message failed!\n"));
1134 /* If this is true, I hold the perimeter. */
1135 keystack->keystack_flushdump--;
1136 }
1137 freemsg(mp);
1138 return;
1139 }
1140
1141 wrapper->b_datap->db_type = M_CTL;
1142 ksi = (keysock_in_t *)wrapper->b_rptr;
1143 ksi->ks_in_type = KEYSOCK_IN;
1144 ksi->ks_in_len = sizeof (keysock_in_t);
1145 if (extv[SADB_EXT_ADDRESS_SRC] != NULL)
1146 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN;
1147 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE;
1148 if (extv[SADB_EXT_ADDRESS_DST] != NULL)
1149 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
1150 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
1151 for (i = 0; i <= SADB_EXT_MAX; i++)
1152 ksi->ks_in_extv[i] = extv[i];
1153 ksi->ks_in_serial = ks->keysock_serial;
1154 wrapper->b_wptr += sizeof (ipsec_info_t);
1155 wrapper->b_cont = mp;
1156
1157 /*
1158 * Find the appropriate consumer where the message is passed down.
1159 */
1160 kc = keystack->keystack_consumers[satype];
1161 if (kc == NULL) {
1162 freeb(wrapper);
1163 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1164 if (flushmsg) {
1165 ks0dbg((
1166 "keysock: Downwards flush/dump message failed!\n"));
1167 /* If this is true, I hold the perimeter. */
1168 keystack->keystack_flushdump--;
1169 }
1170 return;
1171 }
1172
1173 /*
1174 * NOTE: There used to be code in here to spin while a flush or
1175 * dump finished. Keysock now assumes that consumers have enough
1176 * MT-savviness to deal with that.
1177 */
1178
1179 /*
1180 * Current consumers (AH and ESP) are guaranteed to return a
1181 * FLUSH or DUMP message back, so when we reach here, we don't
1182 * have to worry about keysock_flushdumps.
1183 */
1184
1185 putnext(kc->kc_wq, wrapper);
1186 }
1187
1188 /*
1189 * High-level reality checking of extensions.
1190 */
1191 static boolean_t
ext_check(sadb_ext_t * ext,keysock_stack_t * keystack)1192 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack)
1193 {
1194 int i;
1195 uint64_t *lp;
1196 sadb_ident_t *id;
1197 char *idstr;
1198
1199 switch (ext->sadb_ext_type) {
1200 case SADB_EXT_ADDRESS_SRC:
1201 case SADB_EXT_ADDRESS_DST:
1202 case SADB_X_EXT_ADDRESS_INNER_SRC:
1203 case SADB_X_EXT_ADDRESS_INNER_DST:
1204 /* Check for at least enough addtl length for a sockaddr. */
1205 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
1206 return (B_FALSE);
1207 break;
1208 case SADB_EXT_LIFETIME_HARD:
1209 case SADB_EXT_LIFETIME_SOFT:
1210 case SADB_EXT_LIFETIME_CURRENT:
1211 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t)))
1212 return (B_FALSE);
1213 break;
1214 case SADB_EXT_SPIRANGE:
1215 /* See if the SPI range is legit. */
1216 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) >
1217 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max))
1218 return (B_FALSE);
1219 break;
1220 case SADB_EXT_KEY_AUTH:
1221 case SADB_EXT_KEY_ENCRYPT:
1222 /* Key length check. */
1223 if (((sadb_key_t *)ext)->sadb_key_bits == 0)
1224 return (B_FALSE);
1225 /*
1226 * Check to see if the key length (in bits) is less than the
1227 * extension length (in 8-bits words).
1228 */
1229 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) +
1230 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) {
1231 ks1dbg(keystack, (
1232 "ext_check: Key bits/length inconsistent.\n"));
1233 ks1dbg(keystack, ("%d bits, len is %d bytes.\n",
1234 ((sadb_key_t *)ext)->sadb_key_bits,
1235 SADB_64TO8(ext->sadb_ext_len)));
1236 return (B_FALSE);
1237 }
1238
1239 /* All-zeroes key check. */
1240 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t));
1241 for (i = 0;
1242 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t)));
1243 i++)
1244 if (lp[i] != 0)
1245 break; /* Out of for loop. */
1246 /* If finished the loop naturally, it's an all zero key. */
1247 if (lp[i] == 0)
1248 return (B_FALSE);
1249 break;
1250 case SADB_X_EXT_STR_AUTH: {
1251 sadb_key_t *key = (sadb_key_t *)ext;
1252
1253 if (key->sadb_key_bits == 0)
1254 return (B_FALSE);
1255 if (key->sadb_key_bits > SADB_8TO1(TCPSIG_MD5_KEY_LEN))
1256 return (B_FALSE);
1257 break;
1258 }
1259 case SADB_EXT_IDENTITY_SRC:
1260 case SADB_EXT_IDENTITY_DST:
1261 /*
1262 * Make sure the strings in these identities are
1263 * null-terminated. RFC 2367 underspecified how to handle
1264 * such a case. I "proactively" null-terminate the string
1265 * at the last byte if it's not terminated sooner.
1266 */
1267 id = (sadb_ident_t *)ext;
1268 i = SADB_64TO8(id->sadb_ident_len);
1269 i -= sizeof (sadb_ident_t);
1270 idstr = (char *)(id + 1);
1271 while (*idstr != '\0' && i > 0) {
1272 i--;
1273 idstr++;
1274 }
1275 if (i == 0) {
1276 /*
1277 * I.e., if the bozo user didn't NULL-terminate the
1278 * string...
1279 */
1280 idstr--;
1281 *idstr = '\0';
1282 }
1283 break;
1284 }
1285 return (B_TRUE); /* For now... */
1286 }
1287
1288 /* Return values for keysock_get_ext(). */
1289 #define KGE_OK 0
1290 #define KGE_DUP 1
1291 #define KGE_UNK 2
1292 #define KGE_LEN 3
1293 #define KGE_CHK 4
1294
1295 /*
1296 * Parse basic extension headers and return in the passed-in pointer vector.
1297 * Return values include:
1298 *
1299 * KGE_OK Everything's nice and parsed out.
1300 * If there are no extensions, place NULL in extv[0].
1301 * KGE_DUP There is a duplicate extension.
1302 * First instance in appropriate bin. First duplicate in
1303 * extv[0].
1304 * KGE_UNK Unknown extension type encountered. extv[0] contains
1305 * unknown header.
1306 * KGE_LEN Extension length error.
1307 * KGE_CHK High-level reality check failed on specific extension.
1308 *
1309 * My apologies for some of the pointer arithmetic in here. I'm thinking
1310 * like an assembly programmer, yet trying to make the compiler happy.
1311 */
1312 static int
keysock_get_ext(sadb_ext_t * extv[],sadb_msg_t * basehdr,uint_t msgsize,keysock_stack_t * keystack)1313 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize,
1314 keysock_stack_t *keystack)
1315 {
1316 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1));
1317
1318 /* Use extv[0] as the "current working pointer". */
1319
1320 extv[0] = (sadb_ext_t *)(basehdr + 1);
1321
1322 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) {
1323 /* Check for unknown headers. */
1324 if (extv[0]->sadb_ext_type == 0 ||
1325 extv[0]->sadb_ext_type > SADB_EXT_MAX)
1326 return (KGE_UNK);
1327
1328 /*
1329 * Check length. Use uint64_t because extlen is in units
1330 * of 64-bit words. If length goes beyond the msgsize,
1331 * return an error. (Zero length also qualifies here.)
1332 */
1333 if (extv[0]->sadb_ext_len == 0 ||
1334 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) >
1335 (void *)((uint8_t *)basehdr + msgsize))
1336 return (KGE_LEN);
1337
1338 /* Check for redundant headers. */
1339 if (extv[extv[0]->sadb_ext_type] != NULL)
1340 return (KGE_DUP);
1341
1342 /*
1343 * Reality check the extension if possible at the keysock
1344 * level.
1345 */
1346 if (!ext_check(extv[0], keystack))
1347 return (KGE_CHK);
1348
1349 /* If I make it here, assign the appropriate bin. */
1350 extv[extv[0]->sadb_ext_type] = extv[0];
1351
1352 /* Advance pointer (See above for uint64_t ptr reasoning.) */
1353 extv[0] = (sadb_ext_t *)
1354 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len);
1355 }
1356
1357 /* Everything's cool. */
1358
1359 /*
1360 * If extv[0] == NULL, then there are no extension headers in this
1361 * message. Ensure that this is the case.
1362 */
1363 if (extv[0] == (sadb_ext_t *)(basehdr + 1))
1364 extv[0] = NULL;
1365
1366 return (KGE_OK);
1367 }
1368
1369 /*
1370 * qwriter() callback to handle flushes and dumps. This routine will hold
1371 * the inner perimeter.
1372 */
1373 void
keysock_do_flushdump(queue_t * q,mblk_t * mp)1374 keysock_do_flushdump(queue_t *q, mblk_t *mp)
1375 {
1376 int i, start, finish;
1377 mblk_t *mp1 = NULL;
1378 keysock_t *ks = (keysock_t *)q->q_ptr;
1379 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1380 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1381 keysock_stack_t *keystack = ks->keysock_keystack;
1382
1383 /*
1384 * I am guaranteed this will work. I did the work in keysock_parse()
1385 * already.
1386 */
1387 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len),
1388 keystack);
1389
1390 /*
1391 * I hold the perimeter, therefore I don't need to use atomic ops.
1392 */
1393 if (keystack->keystack_flushdump != 0) {
1394 /* XXX Should I instead use EBUSY? */
1395 /* XXX Or is there a way to queue these up? */
1396 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE);
1397 return;
1398 }
1399
1400 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1401 start = 0;
1402 finish = KEYSOCK_MAX_CONSUMERS - 1;
1403 } else {
1404 start = samsg->sadb_msg_satype;
1405 finish = samsg->sadb_msg_satype;
1406 }
1407
1408 /*
1409 * Fill up keysock_flushdump with the number of outstanding dumps
1410 * and/or flushes.
1411 */
1412
1413 keystack->keystack_flushdump_errno = 0;
1414
1415 /*
1416 * Okay, I hold the perimeter. Eventually keysock_flushdump will
1417 * contain the number of consumers with outstanding flush operations.
1418 *
1419 * SO, here's the plan:
1420 * * For each relevant consumer (Might be one, might be all)
1421 * * Twiddle on the FLUSHING flag.
1422 * * Pass down the FLUSH/DUMP message.
1423 *
1424 * When I see upbound FLUSH/DUMP messages, I will decrement the
1425 * keysock_flushdump. When I decrement it to 0, I will pass the
1426 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will
1427 * pass down the right SA type to the consumer (either its own, or
1428 * that of UNSPEC), the right one will be reflected from each consumer,
1429 * and accordingly back to the socket.
1430 */
1431
1432 mutex_enter(&keystack->keystack_consumers_lock);
1433 for (i = start; i <= finish; i++) {
1434 if (keystack->keystack_consumers[i] != NULL) {
1435 mp1 = copymsg(mp);
1436 if (mp1 == NULL) {
1437 ks0dbg(("SADB_FLUSH copymsg() failed.\n"));
1438 /*
1439 * Error? And what about outstanding
1440 * flushes? Oh, yeah, they get sucked up and
1441 * the counter is decremented. Consumers
1442 * (see keysock_passdown()) are guaranteed
1443 * to deliver back a flush request, even if
1444 * it's an error.
1445 */
1446 keysock_error(ks, mp, ENOMEM,
1447 SADB_X_DIAGNOSTIC_NONE);
1448 return;
1449 }
1450 /*
1451 * Because my entry conditions are met above, the
1452 * following assertion should hold true.
1453 */
1454 mutex_enter(&keystack->keystack_consumers[i]->kc_lock);
1455 ASSERT((keystack->keystack_consumers[i]->kc_flags &
1456 KC_FLUSHING) == 0);
1457 keystack->keystack_consumers[i]->kc_flags |=
1458 KC_FLUSHING;
1459 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock));
1460 /* Always increment the number of flushes... */
1461 keystack->keystack_flushdump++;
1462 /* Guaranteed to return a message. */
1463 keysock_passdown(ks, mp1, i, extv, B_TRUE);
1464 } else if (start == finish) {
1465 /*
1466 * In case where start == finish, and there's no
1467 * consumer, should we force an error? Yes.
1468 */
1469 mutex_exit(&keystack->keystack_consumers_lock);
1470 keysock_error(ks, mp, EINVAL,
1471 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1472 return;
1473 }
1474 }
1475 mutex_exit(&keystack->keystack_consumers_lock);
1476
1477 if (keystack->keystack_flushdump == 0) {
1478 /*
1479 * There were no consumers at all for this message.
1480 * XXX For now return ESRCH.
1481 */
1482 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS);
1483 } else {
1484 /* Otherwise, free the original message. */
1485 freemsg(mp);
1486 }
1487 }
1488
1489 /*
1490 * Get the right diagnostic for a duplicate. Should probably use a static
1491 * table lookup.
1492 */
1493 int
keysock_duplicate(int ext_type)1494 keysock_duplicate(int ext_type)
1495 {
1496 int rc = 0;
1497
1498 switch (ext_type) {
1499 case SADB_EXT_ADDRESS_SRC:
1500 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC;
1501 break;
1502 case SADB_EXT_ADDRESS_DST:
1503 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
1504 break;
1505 case SADB_X_EXT_ADDRESS_INNER_SRC:
1506 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
1507 break;
1508 case SADB_X_EXT_ADDRESS_INNER_DST:
1509 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
1510 break;
1511 case SADB_EXT_SA:
1512 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
1513 break;
1514 case SADB_EXT_SPIRANGE:
1515 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE;
1516 break;
1517 case SADB_EXT_KEY_AUTH:
1518 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY;
1519 break;
1520 case SADB_EXT_KEY_ENCRYPT:
1521 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY;
1522 break;
1523 case SADB_X_EXT_STR_AUTH:
1524 rc = SADB_X_DIAGNOSTIC_DUPLICATE_ASTR;
1525 break;
1526 }
1527 return (rc);
1528 }
1529
1530 /*
1531 * Get the right diagnostic for a reality check failure. Should probably use
1532 * a static table lookup.
1533 */
1534 int
keysock_malformed(int ext_type)1535 keysock_malformed(int ext_type)
1536 {
1537 int rc = 0;
1538
1539 switch (ext_type) {
1540 case SADB_EXT_ADDRESS_SRC:
1541 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC;
1542 break;
1543 case SADB_EXT_ADDRESS_DST:
1544 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
1545 break;
1546 case SADB_X_EXT_ADDRESS_INNER_SRC:
1547 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
1548 break;
1549 case SADB_X_EXT_ADDRESS_INNER_DST:
1550 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
1551 break;
1552 case SADB_EXT_SA:
1553 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
1554 break;
1555 case SADB_EXT_SPIRANGE:
1556 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE;
1557 break;
1558 case SADB_EXT_KEY_AUTH:
1559 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY;
1560 break;
1561 case SADB_EXT_KEY_ENCRYPT:
1562 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY;
1563 break;
1564 case SADB_X_EXT_STR_AUTH:
1565 rc = SADB_X_DIAGNOSTIC_MALFORMED_ASTR;
1566 break;
1567 }
1568 return (rc);
1569 }
1570
1571 /*
1572 * Keysock massaging of an inverse ACQUIRE. Consult policy,
1573 * and construct an appropriate response.
1574 */
1575 static void
keysock_inverse_acquire(mblk_t * mp,sadb_msg_t * samsg,sadb_ext_t * extv[],keysock_t * ks)1576 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
1577 keysock_t *ks)
1578 {
1579 mblk_t *reply_mp;
1580 keysock_stack_t *keystack = ks->keysock_keystack;
1581
1582 /*
1583 * Reality check things...
1584 */
1585 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) {
1586 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC);
1587 return;
1588 }
1589 if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
1590 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
1591 return;
1592 }
1593
1594 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
1595 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
1596 keysock_error(ks, mp, EINVAL,
1597 SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
1598 return;
1599 }
1600
1601 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
1602 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
1603 keysock_error(ks, mp, EINVAL,
1604 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
1605 return;
1606 }
1607
1608 reply_mp = ipsec_construct_inverse_acquire(samsg, extv,
1609 keystack->keystack_netstack);
1610
1611 if (reply_mp != NULL) {
1612 freemsg(mp);
1613 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr,
1614 ks->keysock_serial, NULL, B_FALSE, keystack);
1615 } else {
1616 keysock_error(ks, mp, samsg->sadb_msg_errno,
1617 samsg->sadb_x_msg_diagnostic);
1618 }
1619 }
1620
1621 /*
1622 * Spew an extended REGISTER down to the relevant consumers.
1623 */
1624 static void
keysock_extended_register(keysock_t * ks,mblk_t * mp,sadb_ext_t * extv[])1625 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1626 {
1627 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG];
1628 uint8_t *satypes, *fencepost;
1629 mblk_t *downmp;
1630 sadb_ext_t *downextv[SADB_EXT_MAX + 1];
1631 keysock_stack_t *keystack = ks->keysock_keystack;
1632
1633 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 ||
1634 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) {
1635 keysock_error(ks, mp, EBUSY, 0);
1636 }
1637
1638 ks->keysock_flags |= KEYSOCK_EXTENDED;
1639 if (ereg == NULL) {
1640 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1641 } else {
1642 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr);
1643 fencepost = (uint8_t *)mp->b_wptr;
1644 satypes = ereg->sadb_x_ereg_satypes;
1645 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) {
1646 downmp = copymsg(mp);
1647 if (downmp == NULL) {
1648 keysock_error(ks, mp, ENOMEM, 0);
1649 return;
1650 }
1651 /*
1652 * Since we've made it here, keysock_get_ext will work!
1653 */
1654 (void) keysock_get_ext(downextv,
1655 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp),
1656 keystack);
1657 keysock_passdown(ks, downmp, *satypes, downextv,
1658 B_FALSE);
1659 ++satypes;
1660 }
1661 freemsg(mp);
1662 }
1663
1664 /*
1665 * Set global to indicate we prefer an extended ACQUIRE.
1666 */
1667 atomic_inc_32(&keystack->keystack_num_extended);
1668 }
1669
1670 static void
keysock_delpair_all(keysock_t * ks,mblk_t * mp,sadb_ext_t * extv[])1671 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1672 {
1673 int i, start, finish;
1674 mblk_t *mp1 = NULL;
1675 keysock_stack_t *keystack = ks->keysock_keystack;
1676
1677 start = 0;
1678 finish = KEYSOCK_MAX_CONSUMERS - 1;
1679
1680 for (i = start; i <= finish; i++) {
1681 if (keystack->keystack_consumers[i] != NULL) {
1682 mp1 = copymsg(mp);
1683 if (mp1 == NULL) {
1684 keysock_error(ks, mp, ENOMEM,
1685 SADB_X_DIAGNOSTIC_NONE);
1686 return;
1687 }
1688 keysock_passdown(ks, mp1, i, extv, B_FALSE);
1689 }
1690 }
1691 }
1692
1693 /*
1694 * Handle PF_KEY messages.
1695 */
1696 static void
keysock_parse(queue_t * q,mblk_t * mp)1697 keysock_parse(queue_t *q, mblk_t *mp)
1698 {
1699 sadb_msg_t *samsg;
1700 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1701 keysock_t *ks = (keysock_t *)q->q_ptr;
1702 uint_t msgsize;
1703 uint8_t satype;
1704 keysock_stack_t *keystack = ks->keysock_keystack;
1705
1706 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */
1707 ASSERT(WR(q)->q_next == NULL);
1708
1709 samsg = (sadb_msg_t *)mp->b_rptr;
1710 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n",
1711 samsg->sadb_msg_type));
1712
1713 msgsize = SADB_64TO8(samsg->sadb_msg_len);
1714
1715 if (msgdsize(mp) != msgsize) {
1716 /*
1717 * Message len incorrect w.r.t. actual size. Send an error
1718 * (EMSGSIZE). It may be necessary to massage things a
1719 * bit. For example, if the sadb_msg_type is hosed,
1720 * I need to set it to SADB_RESERVED to get delivery to
1721 * do the right thing. Then again, maybe just letting
1722 * the error delivery do the right thing.
1723 */
1724 ks2dbg(keystack,
1725 ("mblk (%lu) and base (%d) message sizes don't jibe.\n",
1726 msgdsize(mp), msgsize));
1727 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE);
1728 return;
1729 }
1730
1731 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) {
1732 /* Get all message into one mblk. */
1733 if (pullupmsg(mp, -1) == 0) {
1734 /*
1735 * Something screwy happened.
1736 */
1737 ks3dbg(keystack,
1738 ("keysock_parse: pullupmsg() failed.\n"));
1739 return;
1740 } else {
1741 samsg = (sadb_msg_t *)mp->b_rptr;
1742 }
1743 }
1744
1745 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) {
1746 case KGE_DUP:
1747 /* Handle duplicate extension. */
1748 ks1dbg(keystack, ("Got duplicate extension of type %d.\n",
1749 extv[0]->sadb_ext_type));
1750 keysock_error(ks, mp, EINVAL,
1751 keysock_duplicate(extv[0]->sadb_ext_type));
1752 return;
1753 case KGE_UNK:
1754 /* Handle unknown extension. */
1755 ks1dbg(keystack, ("Got unknown extension of type %d.\n",
1756 extv[0]->sadb_ext_type));
1757 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT);
1758 return;
1759 case KGE_LEN:
1760 /* Length error. */
1761 ks1dbg(keystack,
1762 ("Length %d on extension type %d overrun or 0.\n",
1763 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type));
1764 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN);
1765 return;
1766 case KGE_CHK:
1767 /* Reality check failed. */
1768 ks1dbg(keystack,
1769 ("Reality check failed on extension type %d.\n",
1770 extv[0]->sadb_ext_type));
1771 keysock_error(ks, mp, EINVAL,
1772 keysock_malformed(extv[0]->sadb_ext_type));
1773 return;
1774 default:
1775 /* Default case is no errors. */
1776 break;
1777 }
1778
1779 /*
1780 * If this is a TCPSIG SA message, pass it off to the handler in
1781 * tcp_sig.c and return. This is not implemented as a downstream
1782 * module.
1783 */
1784 if (samsg->sadb_msg_satype == SADB_X_SATYPE_TCPSIG) {
1785 tcpsig_sa_handler(ks, mp, samsg, extv);
1786 return;
1787 }
1788
1789 switch (samsg->sadb_msg_type) {
1790 case SADB_REGISTER:
1791 /*
1792 * There's a semantic weirdness in that a message OTHER than
1793 * the return REGISTER message may be passed up if I set the
1794 * registered bit BEFORE I pass it down.
1795 *
1796 * SOOOO, I'll not twiddle any registered bits until I see
1797 * the upbound REGISTER (with a serial number in it).
1798 */
1799 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1800 /* Handle extended register here. */
1801 keysock_extended_register(ks, mp, extv);
1802 return;
1803 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) {
1804 keysock_error(ks, mp, EBUSY, 0);
1805 return;
1806 }
1807 /* FALLTHRU */
1808 case SADB_GETSPI:
1809 case SADB_ADD:
1810 case SADB_UPDATE:
1811 case SADB_X_UPDATEPAIR:
1812 case SADB_DELETE:
1813 case SADB_X_DELPAIR:
1814 case SADB_GET:
1815 /*
1816 * Pass down to appropriate consumer.
1817 */
1818 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC) {
1819 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1820 B_FALSE);
1821 } else {
1822 keysock_error(ks, mp, EINVAL,
1823 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1824 }
1825 return;
1826 case SADB_X_DELPAIR_STATE:
1827 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1828 keysock_delpair_all(ks, mp, extv);
1829 } else {
1830 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1831 B_FALSE);
1832 }
1833 return;
1834 case SADB_ACQUIRE:
1835 /*
1836 * If I _receive_ an acquire, this means I should spread it
1837 * out to registered sockets. Unless there's an errno...
1838 *
1839 * Need ADDRESS, may have ID, SENS, and PROP, unless errno,
1840 * in which case there should be NO extensions.
1841 *
1842 * Return to registered.
1843 */
1844 if (samsg->sadb_msg_errno != 0) {
1845 satype = samsg->sadb_msg_satype;
1846 if (satype == SADB_SATYPE_UNSPEC) {
1847 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) {
1848 keysock_error(ks, mp, EINVAL,
1849 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1850 return;
1851 }
1852 /*
1853 * Reassign satype based on the first
1854 * flags that KEYSOCK_SETREG says.
1855 */
1856 while (satype <= SADB_SATYPE_MAX) {
1857 if (KEYSOCK_ISREG(ks, satype))
1858 break;
1859 satype++;
1860 }
1861 if (satype > SADB_SATYPE_MAX) {
1862 keysock_error(ks, mp, EBUSY, 0);
1863 return;
1864 }
1865 }
1866 keysock_passdown(ks, mp, satype, extv, B_FALSE);
1867 } else {
1868 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1869 keysock_error(ks, mp, EINVAL,
1870 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1871 } else {
1872 keysock_passup(mp, samsg, 0, NULL, B_FALSE,
1873 keystack);
1874 }
1875 }
1876 return;
1877 case SADB_EXPIRE:
1878 /*
1879 * If someone sends this in, then send out to all senders.
1880 * (Save maybe ESP or AH, I have to be careful here.)
1881 *
1882 * Need ADDRESS, may have ID and SENS.
1883 *
1884 * XXX for now this is unsupported.
1885 */
1886 break;
1887 case SADB_FLUSH:
1888 /*
1889 * Nuke all SAs.
1890 *
1891 * No extensions at all. Return to all listeners.
1892 *
1893 * Question: Should I hold a lock here to prevent
1894 * additions/deletions while flushing?
1895 * Answer: No. (See keysock_passdown() for details.)
1896 */
1897 if (extv[0] != NULL) {
1898 /*
1899 * FLUSH messages shouldn't have extensions.
1900 * Return EINVAL.
1901 */
1902 ks2dbg(keystack, ("FLUSH message with extension.\n"));
1903 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT);
1904 return;
1905 }
1906
1907 /* Passing down of DUMP/FLUSH messages are special. */
1908 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1909 return;
1910 case SADB_DUMP: /* not used by normal applications */
1911 if ((extv[0] != NULL) &&
1912 ((msgsize >
1913 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) ||
1914 (extv[SADB_X_EXT_EDUMP] == NULL))) {
1915 keysock_error(ks, mp, EINVAL,
1916 SADB_X_DIAGNOSTIC_NO_EXT);
1917 return;
1918 }
1919 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1920 return;
1921 case SADB_X_PROMISC:
1922 /*
1923 * Promiscuous processing message.
1924 */
1925 if (samsg->sadb_msg_satype == 0)
1926 ks->keysock_flags &= ~KEYSOCK_PROMISC;
1927 else
1928 ks->keysock_flags |= KEYSOCK_PROMISC;
1929 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE,
1930 keystack);
1931 return;
1932 case SADB_X_INVERSE_ACQUIRE:
1933 keysock_inverse_acquire(mp, samsg, extv, ks);
1934 return;
1935 default:
1936 ks2dbg(keystack, ("Got unknown message type %d.\n",
1937 samsg->sadb_msg_type));
1938 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG);
1939 return;
1940 }
1941
1942 /* As a placeholder... */
1943 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n"));
1944 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE);
1945 }
1946
1947 /*
1948 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket,
1949 * I don't convert to ioctl()'s for IP. I am the end-all driver as far
1950 * as PF_KEY sockets are concerned. I do some conversion, but not as much
1951 * as IP/rts does.
1952 */
1953 static int
keysock_wput(queue_t * q,mblk_t * mp)1954 keysock_wput(queue_t *q, mblk_t *mp)
1955 {
1956 uchar_t *rptr = mp->b_rptr;
1957 mblk_t *mp1;
1958 keysock_t *ks;
1959 keysock_stack_t *keystack;
1960
1961 if (WR(q)->q_next) {
1962 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
1963 keystack = kc->kc_keystack;
1964
1965 ks3dbg(keystack, ("In keysock_wput\n"));
1966
1967 /*
1968 * We shouldn't get writes on a consumer instance.
1969 * But for now, just passthru.
1970 */
1971 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n",
1972 kc->kc_sa_type));
1973 putnext(q, mp);
1974 return (0);
1975 }
1976 ks = (keysock_t *)q->q_ptr;
1977 keystack = ks->keysock_keystack;
1978
1979 ks3dbg(keystack, ("In keysock_wput\n"));
1980
1981 switch (mp->b_datap->db_type) {
1982 case M_DATA:
1983 /*
1984 * Silently discard.
1985 */
1986 ks2dbg(keystack, ("raw M_DATA in keysock.\n"));
1987 freemsg(mp);
1988 return (0);
1989 case M_PROTO:
1990 case M_PCPROTO:
1991 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) {
1992 if (((union T_primitives *)rptr)->type == T_DATA_REQ) {
1993 if ((mp1 = mp->b_cont) == NULL) {
1994 /* No data after T_DATA_REQ. */
1995 ks2dbg(keystack,
1996 ("No data after DATA_REQ.\n"));
1997 freemsg(mp);
1998 return (0);
1999 }
2000 freeb(mp);
2001 mp = mp1;
2002 ks2dbg(keystack, ("T_DATA_REQ\n"));
2003 break; /* Out of switch. */
2004 }
2005 }
2006 /* FALLTHRU */
2007 default:
2008 ks3dbg(keystack, ("In default wput case (%d %d).\n",
2009 mp->b_datap->db_type, ((union T_primitives *)rptr)->type));
2010 keysock_wput_other(q, mp);
2011 return (0);
2012 }
2013
2014 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */
2015 keysock_parse(q, mp);
2016 return (0);
2017 }
2018
2019 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */
2020
2021 /*
2022 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate
2023 * state vectors.
2024 */
2025 static void
keysock_link_consumer(uint8_t satype,keysock_consumer_t * kc)2026 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc)
2027 {
2028 keysock_t *ks;
2029 keysock_stack_t *keystack = kc->kc_keystack;
2030
2031 mutex_enter(&keystack->keystack_consumers_lock);
2032 mutex_enter(&kc->kc_lock);
2033 if (keystack->keystack_consumers[satype] != NULL) {
2034 ks0dbg((
2035 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n",
2036 satype));
2037 /*
2038 * Perhaps updating the new below-me consumer with what I have
2039 * so far would work too?
2040 */
2041 mutex_exit(&kc->kc_lock);
2042 mutex_exit(&keystack->keystack_consumers_lock);
2043 } else {
2044 /* Add new below-me consumer. */
2045 keystack->keystack_consumers[satype] = kc;
2046
2047 kc->kc_flags = 0;
2048 kc->kc_sa_type = satype;
2049 mutex_exit(&kc->kc_lock);
2050 mutex_exit(&keystack->keystack_consumers_lock);
2051
2052 /* Scan the keysock list. */
2053 mutex_enter(&keystack->keystack_list_lock);
2054 for (ks = keystack->keystack_list; ks != NULL;
2055 ks = ks->keysock_next) {
2056 if (KEYSOCK_ISREG(ks, satype)) {
2057 /*
2058 * XXX Perhaps send an SADB_REGISTER down on
2059 * the socket's behalf.
2060 */
2061 ks1dbg(keystack,
2062 ("Socket %u registered already for "
2063 "new consumer.\n", ks->keysock_serial));
2064 }
2065 }
2066 mutex_exit(&keystack->keystack_list_lock);
2067 }
2068 }
2069
2070 /*
2071 * Generate a KEYSOCK_OUT_ERR message for my consumer.
2072 */
2073 static void
keysock_out_err(keysock_consumer_t * kc,int ks_errno,mblk_t * mp)2074 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp)
2075 {
2076 keysock_out_err_t *kse;
2077 mblk_t *imp;
2078 keysock_stack_t *keystack = kc->kc_keystack;
2079
2080 imp = allocb(sizeof (ipsec_info_t), BPRI_HI);
2081 if (imp == NULL) {
2082 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n"));
2083 return;
2084 }
2085
2086 imp->b_datap->db_type = M_CTL;
2087 imp->b_wptr += sizeof (ipsec_info_t);
2088
2089 kse = (keysock_out_err_t *)imp->b_rptr;
2090 imp->b_cont = mp;
2091 kse->ks_err_type = KEYSOCK_OUT_ERR;
2092 kse->ks_err_len = sizeof (*kse);
2093 /* Is serial necessary? */
2094 kse->ks_err_serial = 0;
2095 kse->ks_err_errno = ks_errno;
2096
2097 /*
2098 * XXX What else do I need to do here w.r.t. information
2099 * to tell the consumer what caused this error?
2100 *
2101 * I believe the answer is the PF_KEY ACQUIRE (or other) message
2102 * attached in mp, which is appended at the end. I believe the
2103 * db_ref won't matter here, because the PF_KEY message is only read
2104 * for KEYSOCK_OUT_ERR.
2105 */
2106
2107 putnext(kc->kc_wq, imp);
2108 }
2109
2110 /* XXX this is a hack errno. */
2111 #define EIPSECNOSA 255
2112
2113 /*
2114 * Route message (pointed by mp, header in samsg) toward appropriate
2115 * sockets. Assume the message's creator did its job correctly.
2116 *
2117 * This should be a function that is followed by a return in its caller.
2118 * The compiler _should_ be able to use tail-call optimizations to make the
2119 * large ## of parameters not a huge deal.
2120 */
2121 void
keysock_passup(mblk_t * mp,sadb_msg_t * samsg,minor_t serial,keysock_consumer_t * kc,boolean_t persistent,keysock_stack_t * keystack)2122 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial,
2123 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack)
2124 {
2125 keysock_t *ks;
2126 uint8_t satype = samsg->sadb_msg_satype;
2127 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE,
2128 setalg = B_FALSE;
2129 mblk_t *mp1;
2130 int err = EIPSECNOSA;
2131
2132 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */
2133 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI);
2134 if (mp1 == NULL) {
2135 err = ENOMEM;
2136 goto error;
2137 }
2138 mp1->b_wptr += sizeof (struct T_data_req);
2139 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND;
2140 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0;
2141 mp1->b_datap->db_type = M_PROTO;
2142 mp1->b_cont = mp;
2143 mp = mp1;
2144
2145 switch (samsg->sadb_msg_type) {
2146 case SADB_FLUSH:
2147 case SADB_GETSPI:
2148 case SADB_UPDATE:
2149 case SADB_X_UPDATEPAIR:
2150 case SADB_ADD:
2151 case SADB_DELETE:
2152 case SADB_X_DELPAIR:
2153 case SADB_EXPIRE:
2154 /*
2155 * These are most likely replies. Don't worry about
2156 * KEYSOCK_OUT_ERR handling. Deliver to all sockets.
2157 */
2158 ks3dbg(keystack,
2159 ("Delivering normal message (%d) to all sockets.\n",
2160 samsg->sadb_msg_type));
2161 toall = B_TRUE;
2162 break;
2163 case SADB_REGISTER:
2164 /*
2165 * REGISTERs come up for one of three reasons:
2166 *
2167 * 1.) In response to a normal SADB_REGISTER
2168 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2169 * serial != 0)
2170 * Deliver to normal SADB_REGISTERed sockets.
2171 * 2.) In response to an extended REGISTER
2172 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
2173 * Deliver to extended REGISTERed socket.
2174 * 3.) Spontaneous algorithm changes
2175 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2176 * serial == 0)
2177 * Deliver to REGISTERed sockets of all sorts.
2178 */
2179 if (kc == NULL) {
2180 /* Here because of keysock_error() call. */
2181 ASSERT(samsg->sadb_msg_errno != 0);
2182 break; /* Out of switch. */
2183 }
2184 ks3dbg(keystack, ("Delivering REGISTER.\n"));
2185 if (satype == SADB_SATYPE_UNSPEC) {
2186 /* REGISTER Reason #2 */
2187 allereg = B_TRUE;
2188 /*
2189 * Rewhack SA type so PF_KEY socket holder knows what
2190 * consumer generated this algorithm list.
2191 */
2192 satype = kc->kc_sa_type;
2193 samsg->sadb_msg_satype = satype;
2194 setalg = B_TRUE;
2195 } else if (serial == 0) {
2196 /* REGISTER Reason #3 */
2197 allreg = B_TRUE;
2198 allereg = B_TRUE;
2199 } else {
2200 /* REGISTER Reason #1 */
2201 allreg = B_TRUE;
2202 setalg = B_TRUE;
2203 }
2204 break;
2205 case SADB_ACQUIRE:
2206 /*
2207 * ACQUIREs are either extended (sadb_msg_satype == 0) or
2208 * regular (sadb_msg_satype != 0). And we're guaranteed
2209 * that serial == 0 for an ACQUIRE.
2210 */
2211 ks3dbg(keystack, ("Delivering ACQUIRE.\n"));
2212 allereg = (satype == SADB_SATYPE_UNSPEC);
2213 allreg = !allereg;
2214 /*
2215 * Corner case - if we send a regular ACQUIRE and there's
2216 * extended ones registered, don't send an error down to
2217 * consumers if nobody's listening and prematurely destroy
2218 * their ACQUIRE record. This might be too hackish of a
2219 * solution.
2220 */
2221 if (allreg && keystack->keystack_num_extended > 0)
2222 err = 0;
2223 break;
2224 case SADB_X_PROMISC:
2225 case SADB_X_INVERSE_ACQUIRE:
2226 case SADB_DUMP:
2227 case SADB_GET:
2228 default:
2229 /*
2230 * Deliver to the sender and promiscuous only.
2231 */
2232 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n",
2233 samsg->sadb_msg_type));
2234 break;
2235 }
2236
2237 mutex_enter(&keystack->keystack_list_lock);
2238 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) {
2239 /* Delivery loop. */
2240
2241 /*
2242 * Check special keysock-setting cases (REGISTER replies)
2243 * here.
2244 */
2245 if (setalg && serial == ks->keysock_serial) {
2246 ASSERT(kc != NULL);
2247 ASSERT(kc->kc_sa_type == satype);
2248 KEYSOCK_SETREG(ks, satype);
2249 }
2250
2251 /*
2252 * NOLOOP takes precedence over PROMISC. So if you've set
2253 * !SO_USELOOPBACK, don't expect to see any data...
2254 */
2255 if (ks->keysock_flags & KEYSOCK_NOLOOP)
2256 continue;
2257
2258 /*
2259 * Messages to all, or promiscuous sockets just GET the
2260 * message. Perform rules-type checking iff it's not for all
2261 * listeners or the socket is in promiscuous mode.
2262 *
2263 * NOTE:Because of the (kc != NULL && ISREG()), make sure
2264 * extended ACQUIREs arrive off a consumer that is
2265 * part of the extended REGISTER set of consumers.
2266 */
2267 if (serial != ks->keysock_serial &&
2268 !toall &&
2269 !(ks->keysock_flags & KEYSOCK_PROMISC) &&
2270 !((ks->keysock_flags & KEYSOCK_EXTENDED) ?
2271 allereg : allreg && kc != NULL &&
2272 KEYSOCK_ISREG(ks, kc->kc_sa_type)))
2273 continue;
2274
2275 mp1 = dupmsg(mp);
2276 if (mp1 == NULL) {
2277 ks2dbg(keystack, (
2278 "keysock_passup(): dupmsg() failed.\n"));
2279 mp1 = mp;
2280 mp = NULL;
2281 err = ENOMEM;
2282 }
2283
2284 /*
2285 * At this point, we can deliver or attempt to deliver
2286 * this message. We're free of obligation to report
2287 * no listening PF_KEY sockets. So set err to 0.
2288 */
2289 err = 0;
2290
2291 /*
2292 * See if we canputnext(), as well as see if the message
2293 * needs to be queued if we can't.
2294 */
2295 if (!canputnext(ks->keysock_rq)) {
2296 if (persistent) {
2297 if (putq(ks->keysock_rq, mp1) == 0) {
2298 ks1dbg(keystack, (
2299 "keysock_passup: putq failed.\n"));
2300 } else {
2301 continue;
2302 }
2303 }
2304 freemsg(mp1);
2305 continue;
2306 }
2307
2308 ks3dbg(keystack,
2309 ("Putting to serial %d.\n", ks->keysock_serial));
2310 /*
2311 * Unlike the specific keysock instance case, this
2312 * will only hit for listeners, so we will only
2313 * putnext() if we can.
2314 */
2315 putnext(ks->keysock_rq, mp1);
2316 if (mp == NULL)
2317 break; /* out of for loop. */
2318 }
2319 mutex_exit(&keystack->keystack_list_lock);
2320
2321 error:
2322 if ((err != 0) && (kc != NULL)) {
2323 /*
2324 * Generate KEYSOCK_OUT_ERR for consumer.
2325 * Basically, I send this back if I have not been able to
2326 * transmit (for whatever reason)
2327 */
2328 ks1dbg(keystack,
2329 ("keysock_passup(): No registered of type %d.\n",
2330 satype));
2331 if (mp != NULL) {
2332 if (mp->b_datap->db_type == M_PROTO) {
2333 mp1 = mp;
2334 mp = mp->b_cont;
2335 freeb(mp1);
2336 }
2337 /*
2338 * Do a copymsg() because people who get
2339 * KEYSOCK_OUT_ERR may alter the message contents.
2340 */
2341 mp1 = copymsg(mp);
2342 if (mp1 == NULL) {
2343 ks2dbg(keystack,
2344 ("keysock_passup: copymsg() failed.\n"));
2345 mp1 = mp;
2346 mp = NULL;
2347 }
2348 keysock_out_err(kc, err, mp1);
2349 }
2350 }
2351
2352 /*
2353 * XXX Blank the message somehow. This is difficult because we don't
2354 * know at this point if the message has db_ref > 1, etc.
2355 *
2356 * Optimally, keysock messages containing actual keying material would
2357 * be allocated with esballoc(), with a zeroing free function.
2358 */
2359 if (mp != NULL)
2360 freemsg(mp);
2361 }
2362
2363 /*
2364 * Keysock's read service procedure is there only for PF_KEY reply
2365 * messages that really need to reach the top.
2366 */
2367 static int
keysock_rsrv(queue_t * q)2368 keysock_rsrv(queue_t *q)
2369 {
2370 mblk_t *mp;
2371
2372 while ((mp = getq(q)) != NULL) {
2373 if (canputnext(q)) {
2374 putnext(q, mp);
2375 } else {
2376 (void) putbq(q, mp);
2377 return (0);
2378 }
2379 }
2380 return (0);
2381 }
2382
2383 /*
2384 * The read procedure should only be invoked by a keysock consumer, like
2385 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK
2386 * messages on my read queues.
2387 */
2388 static int
keysock_rput(queue_t * q,mblk_t * mp)2389 keysock_rput(queue_t *q, mblk_t *mp)
2390 {
2391 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
2392 ipsec_info_t *ii;
2393 keysock_hello_ack_t *ksa;
2394 minor_t serial;
2395 mblk_t *mp1;
2396 sadb_msg_t *samsg;
2397 keysock_stack_t *keystack = kc->kc_keystack;
2398
2399 /* Make sure I'm a consumer instance. (i.e. something's below me) */
2400 ASSERT(WR(q)->q_next != NULL);
2401
2402 if (mp->b_datap->db_type != M_CTL) {
2403 /*
2404 * Keysock should only see keysock consumer interface
2405 * messages (see ipsec_info.h) on its read procedure.
2406 * To be robust, however, putnext() up so the STREAM head can
2407 * deal with it appropriately.
2408 */
2409 ks1dbg(keystack,
2410 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n",
2411 mp->b_datap->db_type, mp->b_datap->db_type));
2412 putnext(q, mp);
2413 return (0);
2414 }
2415
2416 ii = (ipsec_info_t *)mp->b_rptr;
2417
2418 switch (ii->ipsec_info_type) {
2419 case KEYSOCK_OUT:
2420 /*
2421 * A consumer needs to pass a response message or an ACQUIRE
2422 * UP. I assume that the consumer has done the right
2423 * thing w.r.t. message creation, etc.
2424 */
2425 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial;
2426 mp1 = mp->b_cont; /* Get M_DATA portion. */
2427 freeb(mp);
2428 samsg = (sadb_msg_t *)mp1->b_rptr;
2429 if (samsg->sadb_msg_type == SADB_FLUSH ||
2430 (samsg->sadb_msg_type == SADB_DUMP &&
2431 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) {
2432 /*
2433 * If I'm an end-of-FLUSH or an end-of-DUMP marker...
2434 */
2435 ASSERT(keystack->keystack_flushdump != 0);
2436 /* Am I flushing? */
2437
2438 mutex_enter(&kc->kc_lock);
2439 kc->kc_flags &= ~KC_FLUSHING;
2440 mutex_exit(&kc->kc_lock);
2441
2442 if (samsg->sadb_msg_errno != 0)
2443 keystack->keystack_flushdump_errno =
2444 samsg->sadb_msg_errno;
2445
2446 /*
2447 * Lower the atomic "flushing" count. If it's
2448 * the last one, send up the end-of-{FLUSH,DUMP} to
2449 * the appropriate PF_KEY socket.
2450 */
2451 if (atomic_dec_32_nv(&keystack->keystack_flushdump) !=
2452 0) {
2453 ks1dbg(keystack,
2454 ("One flush/dump message back from %d,"
2455 " more to go.\n", samsg->sadb_msg_satype));
2456 freemsg(mp1);
2457 return (0);
2458 }
2459
2460 samsg->sadb_msg_errno =
2461 (uint8_t)keystack->keystack_flushdump_errno;
2462 if (samsg->sadb_msg_type == SADB_DUMP) {
2463 samsg->sadb_msg_seq = 0;
2464 }
2465 }
2466 keysock_passup(mp1, samsg, serial, kc,
2467 (samsg->sadb_msg_type == SADB_DUMP), keystack);
2468 return (0);
2469 case KEYSOCK_HELLO_ACK:
2470 /* Aha, now we can link in the consumer! */
2471 ksa = (keysock_hello_ack_t *)ii;
2472 keysock_link_consumer(ksa->ks_hello_satype, kc);
2473 freemsg(mp);
2474 return (0);
2475 default:
2476 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n",
2477 ii->ipsec_info_type));
2478 putnext(q, mp);
2479 }
2480 return (0);
2481 }
2482
2483 /*
2484 * So we can avoid external linking problems....
2485 */
2486 boolean_t
keysock_extended_reg(netstack_t * ns)2487 keysock_extended_reg(netstack_t *ns)
2488 {
2489 keysock_stack_t *keystack = ns->netstack_keysock;
2490
2491 return (keystack->keystack_num_extended != 0);
2492 }
2493
2494 uint32_t
keysock_next_seq(netstack_t * ns)2495 keysock_next_seq(netstack_t *ns)
2496 {
2497 keysock_stack_t *keystack = ns->netstack_keysock;
2498
2499 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq));
2500 }
2501