1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 #define UINT32_80PCT 0xcccccccc 105 /* 106 * Note on SA reference counting: 107 * - SAs that are not in DEAD state will have (total external reference + 1) 108 * following value in reference count field. they cannot be freed and are 109 * referenced from SA header. 110 * - SAs that are in DEAD state will have (total external reference) 111 * in reference count field. they are ready to be freed. reference from 112 * SA header will be removed in key_delsav(), when the reference count 113 * field hits 0 (= no external reference other than from SA header. 114 */ 115 116 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 117 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 119 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 120 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 121 /*interval to initialize randseed,1(m)*/ 122 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 123 /* interval to expire acquiring, 30(s)*/ 124 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 125 /* counter for blocking SADB_ACQUIRE.*/ 126 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 127 /* lifetime for blocking SADB_ACQUIRE.*/ 128 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 129 /* preferred old sa rather than new sa.*/ 130 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 131 #define V_key_spi_trycnt VNET(key_spi_trycnt) 132 #define V_key_spi_minval VNET(key_spi_minval) 133 #define V_key_spi_maxval VNET(key_spi_maxval) 134 #define V_policy_id VNET(policy_id) 135 #define V_key_int_random VNET(key_int_random) 136 #define V_key_larval_lifetime VNET(key_larval_lifetime) 137 #define V_key_blockacq_count VNET(key_blockacq_count) 138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 139 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 140 141 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 142 #define V_acq_seq VNET(acq_seq) 143 144 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 145 #define V_sp_genid VNET(sp_genid) 146 147 /* SPD */ 148 TAILQ_HEAD(secpolicy_queue, secpolicy); 149 LIST_HEAD(secpolicy_list, secpolicy); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 151 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 152 static struct rmlock sptree_lock; 153 #define V_sptree VNET(sptree) 154 #define V_sptree_ifnet VNET(sptree_ifnet) 155 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 156 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 157 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 158 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 160 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 161 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 162 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 163 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 164 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 165 166 /* Hash table for lookup SP using unique id */ 167 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 168 VNET_DEFINE_STATIC(u_long, sphash_mask); 169 #define V_sphashtbl VNET(sphashtbl) 170 #define V_sphash_mask VNET(sphash_mask) 171 172 #define SPHASH_NHASH_LOG2 7 173 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 174 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 175 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 176 177 /* SPD cache */ 178 struct spdcache_entry { 179 struct secpolicyindex spidx; /* secpolicyindex */ 180 struct secpolicy *sp; /* cached policy to be used */ 181 182 LIST_ENTRY(spdcache_entry) chain; 183 }; 184 LIST_HEAD(spdcache_entry_list, spdcache_entry); 185 186 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 187 188 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 189 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 190 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 191 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 192 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 193 #define V_spd_size VNET(spd_size) 194 195 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 196 #define SPDCACHE_ACTIVE() \ 197 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 198 199 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 200 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 201 #define V_spdcachehashtbl VNET(spdcachehashtbl) 202 #define V_spdcachehash_mask VNET(spdcachehash_mask) 203 204 #define SPDCACHE_HASHVAL(idx) \ 205 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 206 V_spdcachehash_mask) 207 208 /* Each cache line is protected by a mutex */ 209 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 210 #define V_spdcache_lock VNET(spdcache_lock) 211 212 #define SPDCACHE_LOCK_INIT(a) \ 213 mtx_init(&V_spdcache_lock[a], "spdcache", \ 214 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 215 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 216 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 217 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 218 219 static struct sx spi_alloc_lock; 220 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 221 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 222 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 223 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 224 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 225 226 /* SAD */ 227 TAILQ_HEAD(secashead_queue, secashead); 228 LIST_HEAD(secashead_list, secashead); 229 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 230 static struct rmlock sahtree_lock; 231 #define V_sahtree VNET(sahtree) 232 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 233 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 234 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 235 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 236 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 237 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 238 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 239 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 240 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 241 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 242 243 /* Hash table for lookup in SAD using SA addresses */ 244 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 245 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 246 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 247 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 248 249 #define SAHHASH_NHASH_LOG2 7 250 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 251 #define SAHADDRHASH_HASHVAL(idx) \ 252 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 253 V_sahaddrhash_mask) 254 #define SAHADDRHASH_HASH(saidx) \ 255 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 256 257 /* Hash table for lookup in SAD using SPI */ 258 LIST_HEAD(secasvar_list, secasvar); 259 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 260 VNET_DEFINE_STATIC(u_long, savhash_mask); 261 #define V_savhashtbl VNET(savhashtbl) 262 #define V_savhash_mask VNET(savhash_mask) 263 #define SAVHASH_NHASH_LOG2 7 264 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 265 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 266 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 267 268 static uint32_t 269 key_addrprotohash(const union sockaddr_union *src, 270 const union sockaddr_union *dst, const uint8_t *proto) 271 { 272 uint32_t hval; 273 274 hval = fnv_32_buf(proto, sizeof(*proto), 275 FNV1_32_INIT); 276 switch (dst->sa.sa_family) { 277 #ifdef INET 278 case AF_INET: 279 hval = fnv_32_buf(&src->sin.sin_addr, 280 sizeof(in_addr_t), hval); 281 hval = fnv_32_buf(&dst->sin.sin_addr, 282 sizeof(in_addr_t), hval); 283 break; 284 #endif 285 #ifdef INET6 286 case AF_INET6: 287 hval = fnv_32_buf(&src->sin6.sin6_addr, 288 sizeof(struct in6_addr), hval); 289 hval = fnv_32_buf(&dst->sin6.sin6_addr, 290 sizeof(struct in6_addr), hval); 291 break; 292 #endif 293 default: 294 hval = 0; 295 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 296 __func__, dst->sa.sa_family)); 297 } 298 return (hval); 299 } 300 301 static uint32_t 302 key_u32hash(uint32_t val) 303 { 304 305 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 306 } 307 308 /* registed list */ 309 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 310 #define V_regtree VNET(regtree) 311 static struct mtx regtree_lock; 312 #define REGTREE_LOCK_INIT() \ 313 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 314 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 315 #define REGTREE_LOCK() mtx_lock(®tree_lock) 316 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 317 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 318 319 /* Acquiring list */ 320 LIST_HEAD(secacq_list, secacq); 321 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 322 #define V_acqtree VNET(acqtree) 323 static struct mtx acq_lock; 324 #define ACQ_LOCK_INIT() \ 325 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 326 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 327 #define ACQ_LOCK() mtx_lock(&acq_lock) 328 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 329 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 330 331 /* Hash table for lookup in ACQ list using SA addresses */ 332 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 333 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 334 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 335 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 336 337 /* Hash table for lookup in ACQ list using SEQ number */ 338 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 339 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 340 #define V_acqseqhashtbl VNET(acqseqhashtbl) 341 #define V_acqseqhash_mask VNET(acqseqhash_mask) 342 343 #define ACQHASH_NHASH_LOG2 7 344 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 345 #define ACQADDRHASH_HASHVAL(idx) \ 346 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 347 V_acqaddrhash_mask) 348 #define ACQSEQHASH_HASHVAL(seq) \ 349 (key_u32hash(seq) & V_acqseqhash_mask) 350 #define ACQADDRHASH_HASH(saidx) \ 351 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 352 #define ACQSEQHASH_HASH(seq) \ 353 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 354 /* SP acquiring list */ 355 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 356 #define V_spacqtree VNET(spacqtree) 357 static struct mtx spacq_lock; 358 #define SPACQ_LOCK_INIT() \ 359 mtx_init(&spacq_lock, "spacqtree", \ 360 "fast ipsec security policy acquire list", MTX_DEF) 361 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 362 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 363 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 364 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 365 366 static const int minsize[] = { 367 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 368 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 369 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 370 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 371 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 372 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 373 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 374 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 375 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 376 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 377 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 378 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 379 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 380 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 381 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 382 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 383 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 384 0, /* SADB_X_EXT_KMPRIVATE */ 385 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 386 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 387 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 388 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 389 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 390 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 391 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 392 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 393 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 394 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 395 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 396 }; 397 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 398 399 static const int maxsize[] = { 400 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 401 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 402 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 403 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 404 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 405 0, /* SADB_EXT_ADDRESS_SRC */ 406 0, /* SADB_EXT_ADDRESS_DST */ 407 0, /* SADB_EXT_ADDRESS_PROXY */ 408 0, /* SADB_EXT_KEY_AUTH */ 409 0, /* SADB_EXT_KEY_ENCRYPT */ 410 0, /* SADB_EXT_IDENTITY_SRC */ 411 0, /* SADB_EXT_IDENTITY_DST */ 412 0, /* SADB_EXT_SENSITIVITY */ 413 0, /* SADB_EXT_PROPOSAL */ 414 0, /* SADB_EXT_SUPPORTED_AUTH */ 415 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 416 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 417 0, /* SADB_X_EXT_KMPRIVATE */ 418 0, /* SADB_X_EXT_POLICY */ 419 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 420 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 421 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 422 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 423 0, /* SADB_X_EXT_NAT_T_OAI */ 424 0, /* SADB_X_EXT_NAT_T_OAR */ 425 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 426 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 427 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 428 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 429 }; 430 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 431 432 /* 433 * Internal values for SA flags: 434 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 435 * thus we will not free the most of SA content in key_delsav(). 436 */ 437 #define SADB_X_EXT_F_CLONED 0x80000000 438 439 #define SADB_CHECKLEN(_mhp, _ext) \ 440 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 441 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 442 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 443 444 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 445 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 446 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 447 448 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 449 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 450 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 451 452 #ifdef IPSEC_DEBUG 453 VNET_DEFINE(int, ipsec_debug) = 1; 454 #else 455 VNET_DEFINE(int, ipsec_debug) = 0; 456 #endif 457 458 #ifdef INET 459 SYSCTL_DECL(_net_inet_ipsec); 460 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 461 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 462 "Enable IPsec debugging output when set."); 463 #endif 464 #ifdef INET6 465 SYSCTL_DECL(_net_inet6_ipsec6); 466 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 467 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 468 "Enable IPsec debugging output when set."); 469 #endif 470 471 SYSCTL_DECL(_net_key); 472 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 473 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 474 475 /* max count of trial for the decision of spi value */ 476 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 477 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 478 479 /* minimum spi value to allocate automatically. */ 480 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 481 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 482 483 /* maximun spi value to allocate automatically. */ 484 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 486 487 /* interval to initialize randseed */ 488 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 489 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 490 491 /* lifetime for larval SA */ 492 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 494 495 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 496 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 497 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 498 499 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 500 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 501 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 502 503 /* ESP auth */ 504 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 505 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 506 507 /* minimum ESP key length */ 508 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 509 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 510 511 /* minimum AH key length */ 512 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 513 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 514 515 /* perfered old SA rather than new SA */ 516 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 517 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 518 519 static SYSCTL_NODE(_net_key, OID_AUTO, spdcache, 520 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 521 "SPD cache"); 522 523 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 524 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 525 "Maximum number of entries in the SPD cache" 526 " (power of 2, 0 to disable)"); 527 528 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 529 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 530 "Number of SPs that make the SPD cache active"); 531 532 #define __LIST_CHAINED(elm) \ 533 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 534 535 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 536 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 537 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 538 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 539 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 540 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 541 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 542 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 543 544 static uma_zone_t __read_mostly ipsec_key_lft_zone; 545 546 /* 547 * set parameters into secpolicyindex buffer. 548 * Must allocate secpolicyindex buffer passed to this function. 549 */ 550 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 551 do { \ 552 bzero((idx), sizeof(struct secpolicyindex)); \ 553 (idx)->dir = (_dir); \ 554 (idx)->prefs = (ps); \ 555 (idx)->prefd = (pd); \ 556 (idx)->ul_proto = (ulp); \ 557 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 558 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 559 } while (0) 560 561 /* 562 * set parameters into secasindex buffer. 563 * Must allocate secasindex buffer before calling this function. 564 */ 565 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 566 do { \ 567 bzero((idx), sizeof(struct secasindex)); \ 568 (idx)->proto = (p); \ 569 (idx)->mode = (m); \ 570 (idx)->reqid = (r); \ 571 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 572 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 573 key_porttosaddr(&(idx)->src.sa, 0); \ 574 key_porttosaddr(&(idx)->dst.sa, 0); \ 575 } while (0) 576 577 /* key statistics */ 578 struct _keystat { 579 u_long getspi_count; /* the avarage of count to try to get new SPI */ 580 } keystat; 581 582 struct sadb_msghdr { 583 struct sadb_msg *msg; 584 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 585 int extoff[SADB_EXT_MAX + 1]; 586 int extlen[SADB_EXT_MAX + 1]; 587 }; 588 589 static struct supported_ealgs { 590 int sadb_alg; 591 const struct enc_xform *xform; 592 } supported_ealgs[] = { 593 { SADB_X_EALG_AES, &enc_xform_rijndael128 }, 594 { SADB_EALG_NULL, &enc_xform_null }, 595 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 596 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 597 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 598 }; 599 600 static struct supported_aalgs { 601 int sadb_alg; 602 const struct auth_hash *xform; 603 } supported_aalgs[] = { 604 { SADB_X_AALG_NULL, &auth_hash_null }, 605 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 606 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 607 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 608 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 609 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 610 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 611 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 612 }; 613 614 static struct supported_calgs { 615 int sadb_alg; 616 const struct comp_algo *xform; 617 } supported_calgs[] = { 618 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 619 }; 620 621 #ifndef IPSEC_DEBUG2 622 static struct callout key_timer; 623 #endif 624 625 static void key_unlink(struct secpolicy *); 626 static void key_detach(struct secpolicy *); 627 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 628 static struct secpolicy *key_getsp(struct secpolicyindex *); 629 static struct secpolicy *key_getspbyid(u_int32_t); 630 static struct mbuf *key_gather_mbuf(struct mbuf *, 631 const struct sadb_msghdr *, int, int, ...); 632 static int key_spdadd(struct socket *, struct mbuf *, 633 const struct sadb_msghdr *); 634 static uint32_t key_getnewspid(void); 635 static int key_spddelete(struct socket *, struct mbuf *, 636 const struct sadb_msghdr *); 637 static int key_spddelete2(struct socket *, struct mbuf *, 638 const struct sadb_msghdr *); 639 static int key_spdget(struct socket *, struct mbuf *, 640 const struct sadb_msghdr *); 641 static int key_spdflush(struct socket *, struct mbuf *, 642 const struct sadb_msghdr *); 643 static int key_spddump(struct socket *, struct mbuf *, 644 const struct sadb_msghdr *); 645 static struct mbuf *key_setdumpsp(struct secpolicy *, 646 u_int8_t, u_int32_t, u_int32_t); 647 static struct mbuf *key_sp2mbuf(struct secpolicy *); 648 static size_t key_getspreqmsglen(struct secpolicy *); 649 static int key_spdexpire(struct secpolicy *); 650 static struct secashead *key_newsah(struct secasindex *); 651 static void key_freesah(struct secashead **); 652 static void key_delsah(struct secashead *); 653 static struct secasvar *key_newsav(const struct sadb_msghdr *, 654 struct secasindex *, uint32_t, int *); 655 static void key_delsav(struct secasvar *); 656 static void key_unlinksav(struct secasvar *); 657 static struct secashead *key_getsah(struct secasindex *); 658 static int key_checkspidup(uint32_t); 659 static struct secasvar *key_getsavbyspi(uint32_t); 660 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 661 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 663 static int key_updateaddresses(struct socket *, struct mbuf *, 664 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 665 666 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 667 u_int8_t, u_int32_t, u_int32_t); 668 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 669 u_int32_t, pid_t, u_int16_t); 670 static struct mbuf *key_setsadbsa(struct secasvar *); 671 static struct mbuf *key_setsadbaddr(u_int16_t, 672 const struct sockaddr *, u_int8_t, u_int16_t); 673 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 674 static struct mbuf *key_setsadbxtype(u_int16_t); 675 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 676 static struct mbuf *key_setsadbxsareplay(u_int32_t); 677 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 678 u_int32_t, u_int32_t); 679 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 680 struct malloc_type *); 681 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 682 struct malloc_type *); 683 684 /* flags for key_cmpsaidx() */ 685 #define CMP_HEAD 1 /* protocol, addresses. */ 686 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 687 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 688 #define CMP_EXACTLY 4 /* all elements. */ 689 static int key_cmpsaidx(const struct secasindex *, 690 const struct secasindex *, int); 691 static int key_cmpspidx_exactly(struct secpolicyindex *, 692 struct secpolicyindex *); 693 static int key_cmpspidx_withmask(struct secpolicyindex *, 694 struct secpolicyindex *); 695 static int key_bbcmp(const void *, const void *, u_int); 696 static uint8_t key_satype2proto(uint8_t); 697 static uint8_t key_proto2satype(uint8_t); 698 699 static int key_getspi(struct socket *, struct mbuf *, 700 const struct sadb_msghdr *); 701 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 702 static int key_update(struct socket *, struct mbuf *, 703 const struct sadb_msghdr *); 704 static int key_add(struct socket *, struct mbuf *, 705 const struct sadb_msghdr *); 706 static int key_setident(struct secashead *, const struct sadb_msghdr *); 707 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 708 const struct sadb_msghdr *); 709 static int key_delete(struct socket *, struct mbuf *, 710 const struct sadb_msghdr *); 711 static int key_delete_all(struct socket *, struct mbuf *, 712 const struct sadb_msghdr *, struct secasindex *); 713 static int key_get(struct socket *, struct mbuf *, 714 const struct sadb_msghdr *); 715 716 static void key_getcomb_setlifetime(struct sadb_comb *); 717 static struct mbuf *key_getcomb_ealg(void); 718 static struct mbuf *key_getcomb_ah(void); 719 static struct mbuf *key_getcomb_ipcomp(void); 720 static struct mbuf *key_getprop(const struct secasindex *); 721 722 static int key_acquire(const struct secasindex *, struct secpolicy *); 723 static uint32_t key_newacq(const struct secasindex *, int *); 724 static uint32_t key_getacq(const struct secasindex *, int *); 725 static int key_acqdone(const struct secasindex *, uint32_t); 726 static int key_acqreset(uint32_t); 727 static struct secspacq *key_newspacq(struct secpolicyindex *); 728 static struct secspacq *key_getspacq(struct secpolicyindex *); 729 static int key_acquire2(struct socket *, struct mbuf *, 730 const struct sadb_msghdr *); 731 static int key_register(struct socket *, struct mbuf *, 732 const struct sadb_msghdr *); 733 static int key_expire(struct secasvar *, int); 734 static int key_flush(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *); 736 static int key_dump(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *); 738 static int key_promisc(struct socket *, struct mbuf *, 739 const struct sadb_msghdr *); 740 static int key_senderror(struct socket *, struct mbuf *, int); 741 static int key_validate_ext(const struct sadb_ext *, int); 742 static int key_align(struct mbuf *, struct sadb_msghdr *); 743 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 744 static struct mbuf *key_setkey(struct seckey *, uint16_t); 745 746 static void spdcache_init(void); 747 static void spdcache_clear(void); 748 static struct spdcache_entry *spdcache_entry_alloc( 749 const struct secpolicyindex *spidx, 750 struct secpolicy *policy); 751 static void spdcache_entry_free(struct spdcache_entry *entry); 752 #ifdef VIMAGE 753 static void spdcache_destroy(void); 754 #endif 755 756 #define DBG_IPSEC_INITREF(t, p) do { \ 757 refcount_init(&(p)->refcnt, 1); \ 758 KEYDBG(KEY_STAMP, \ 759 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 760 __func__, #t, (p), (p)->refcnt)); \ 761 } while (0) 762 #define DBG_IPSEC_ADDREF(t, p) do { \ 763 refcount_acquire(&(p)->refcnt); \ 764 KEYDBG(KEY_STAMP, \ 765 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 766 __func__, #t, (p), (p)->refcnt)); \ 767 } while (0) 768 #define DBG_IPSEC_DELREF(t, p) do { \ 769 KEYDBG(KEY_STAMP, \ 770 printf("%s: Release refcnt %s(%p) -> %u\n", \ 771 __func__, #t, (p), (p)->refcnt - 1)); \ 772 refcount_release(&(p)->refcnt); \ 773 } while (0) 774 775 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 776 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 777 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 778 779 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 780 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 781 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 782 783 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 784 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 785 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 786 787 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 788 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 789 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 790 791 /* 792 * Update the refcnt while holding the SPTREE lock. 793 */ 794 void 795 key_addref(struct secpolicy *sp) 796 { 797 798 SP_ADDREF(sp); 799 } 800 801 /* 802 * Return 0 when there are known to be no SP's for the specified 803 * direction. Otherwise return 1. This is used by IPsec code 804 * to optimize performance. 805 */ 806 int 807 key_havesp(u_int dir) 808 { 809 810 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 811 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 812 } 813 814 /* %%% IPsec policy management */ 815 /* 816 * Return current SPDB generation. 817 */ 818 uint32_t 819 key_getspgen(void) 820 { 821 822 return (V_sp_genid); 823 } 824 825 void 826 key_bumpspgen(void) 827 { 828 829 V_sp_genid++; 830 } 831 832 static int 833 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 834 { 835 836 /* family match */ 837 if (src->sa_family != dst->sa_family) 838 return (EINVAL); 839 /* sa_len match */ 840 if (src->sa_len != dst->sa_len) 841 return (EINVAL); 842 switch (src->sa_family) { 843 #ifdef INET 844 case AF_INET: 845 if (src->sa_len != sizeof(struct sockaddr_in)) 846 return (EINVAL); 847 break; 848 #endif 849 #ifdef INET6 850 case AF_INET6: 851 if (src->sa_len != sizeof(struct sockaddr_in6)) 852 return (EINVAL); 853 break; 854 #endif 855 default: 856 return (EAFNOSUPPORT); 857 } 858 return (0); 859 } 860 861 struct secpolicy * 862 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 863 { 864 SPTREE_RLOCK_TRACKER; 865 struct secpolicy *sp; 866 867 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 868 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 869 ("invalid direction %u", dir)); 870 871 SPTREE_RLOCK(); 872 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 873 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 874 SP_ADDREF(sp); 875 break; 876 } 877 } 878 SPTREE_RUNLOCK(); 879 return (sp); 880 } 881 882 /* 883 * allocating a SP for OUTBOUND or INBOUND packet. 884 * Must call key_freesp() later. 885 * OUT: NULL: not found 886 * others: found and return the pointer. 887 */ 888 struct secpolicy * 889 key_allocsp(struct secpolicyindex *spidx, u_int dir) 890 { 891 struct spdcache_entry *entry, *lastentry, *tmpentry; 892 struct secpolicy *sp; 893 uint32_t hashv; 894 int nb_entries; 895 896 if (!SPDCACHE_ACTIVE()) { 897 sp = key_do_allocsp(spidx, dir); 898 goto out; 899 } 900 901 hashv = SPDCACHE_HASHVAL(spidx); 902 SPDCACHE_LOCK(hashv); 903 nb_entries = 0; 904 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 905 /* Removed outdated entries */ 906 if (entry->sp != NULL && 907 entry->sp->state == IPSEC_SPSTATE_DEAD) { 908 LIST_REMOVE(entry, chain); 909 spdcache_entry_free(entry); 910 continue; 911 } 912 913 nb_entries++; 914 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 915 lastentry = entry; 916 continue; 917 } 918 919 sp = entry->sp; 920 if (entry->sp != NULL) 921 SP_ADDREF(sp); 922 923 /* IPSECSTAT_INC(ips_spdcache_hits); */ 924 925 SPDCACHE_UNLOCK(hashv); 926 goto out; 927 } 928 929 /* IPSECSTAT_INC(ips_spdcache_misses); */ 930 931 sp = key_do_allocsp(spidx, dir); 932 entry = spdcache_entry_alloc(spidx, sp); 933 if (entry != NULL) { 934 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 935 LIST_REMOVE(lastentry, chain); 936 spdcache_entry_free(lastentry); 937 } 938 939 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 940 } 941 942 SPDCACHE_UNLOCK(hashv); 943 944 out: 945 if (sp != NULL) { /* found a SPD entry */ 946 sp->lastused = time_second; 947 KEYDBG(IPSEC_STAMP, 948 printf("%s: return SP(%p)\n", __func__, sp)); 949 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 950 } else { 951 KEYDBG(IPSEC_DATA, 952 printf("%s: lookup failed for ", __func__); 953 kdebug_secpolicyindex(spidx, NULL)); 954 } 955 return (sp); 956 } 957 958 /* 959 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 960 * or should be signed by MD5 signature. 961 * We don't use key_allocsa() for such lookups, because we don't know SPI. 962 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 963 * signed packet. We use SADB only as storage for password. 964 * OUT: positive: corresponding SA for given saidx found. 965 * NULL: SA not found 966 */ 967 struct secasvar * 968 key_allocsa_tcpmd5(struct secasindex *saidx) 969 { 970 SAHTREE_RLOCK_TRACKER; 971 struct secashead *sah; 972 struct secasvar *sav; 973 974 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 975 ("unexpected security protocol %u", saidx->proto)); 976 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 977 ("unexpected mode %u", saidx->mode)); 978 979 SAHTREE_RLOCK(); 980 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 981 KEYDBG(IPSEC_DUMP, 982 printf("%s: checking SAH\n", __func__); 983 kdebug_secash(sah, " ")); 984 if (sah->saidx.proto != IPPROTO_TCP) 985 continue; 986 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 987 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 988 break; 989 } 990 if (sah != NULL) { 991 if (V_key_preferred_oldsa) 992 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 993 else 994 sav = TAILQ_FIRST(&sah->savtree_alive); 995 if (sav != NULL) 996 SAV_ADDREF(sav); 997 } else 998 sav = NULL; 999 SAHTREE_RUNLOCK(); 1000 1001 if (sav != NULL) { 1002 KEYDBG(IPSEC_STAMP, 1003 printf("%s: return SA(%p)\n", __func__, sav)); 1004 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1005 } else { 1006 KEYDBG(IPSEC_STAMP, 1007 printf("%s: SA not found\n", __func__)); 1008 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1009 } 1010 return (sav); 1011 } 1012 1013 /* 1014 * Allocating an SA entry for an *OUTBOUND* packet. 1015 * OUT: positive: corresponding SA for given saidx found. 1016 * NULL: SA not found, but will be acquired, check *error 1017 * for acquiring status. 1018 */ 1019 struct secasvar * 1020 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1021 int *error) 1022 { 1023 SAHTREE_RLOCK_TRACKER; 1024 struct secashead *sah; 1025 struct secasvar *sav; 1026 1027 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1028 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1029 saidx->mode == IPSEC_MODE_TUNNEL, 1030 ("unexpected policy %u", saidx->mode)); 1031 1032 /* 1033 * We check new SA in the IPsec request because a different 1034 * SA may be involved each time this request is checked, either 1035 * because new SAs are being configured, or this request is 1036 * associated with an unconnected datagram socket, or this request 1037 * is associated with a system default policy. 1038 */ 1039 SAHTREE_RLOCK(); 1040 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1041 KEYDBG(IPSEC_DUMP, 1042 printf("%s: checking SAH\n", __func__); 1043 kdebug_secash(sah, " ")); 1044 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1045 break; 1046 } 1047 if (sah != NULL) { 1048 /* 1049 * Allocate the oldest SA available according to 1050 * draft-jenkins-ipsec-rekeying-03. 1051 */ 1052 if (V_key_preferred_oldsa) 1053 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1054 else 1055 sav = TAILQ_FIRST(&sah->savtree_alive); 1056 if (sav != NULL) 1057 SAV_ADDREF(sav); 1058 } else 1059 sav = NULL; 1060 SAHTREE_RUNLOCK(); 1061 1062 if (sav != NULL) { 1063 *error = 0; 1064 KEYDBG(IPSEC_STAMP, 1065 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1066 sav, sp)); 1067 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1068 return (sav); /* return referenced SA */ 1069 } 1070 1071 /* there is no SA */ 1072 *error = key_acquire(saidx, sp); 1073 if ((*error) != 0) 1074 ipseclog((LOG_DEBUG, 1075 "%s: error %d returned from key_acquire()\n", 1076 __func__, *error)); 1077 KEYDBG(IPSEC_STAMP, 1078 printf("%s: acquire SA for SP(%p), error %d\n", 1079 __func__, sp, *error)); 1080 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1081 return (NULL); 1082 } 1083 1084 /* 1085 * allocating a usable SA entry for a *INBOUND* packet. 1086 * Must call key_freesav() later. 1087 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1088 * NULL: not found, or error occurred. 1089 * 1090 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1091 * destination address, and security protocol. But according to RFC 4301, 1092 * SPI by itself suffices to specify an SA. 1093 * 1094 * Note that, however, we do need to keep source address in IPsec SA. 1095 * IKE specification and PF_KEY specification do assume that we 1096 * keep source address in IPsec SA. We see a tricky situation here. 1097 */ 1098 struct secasvar * 1099 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1100 { 1101 SAHTREE_RLOCK_TRACKER; 1102 struct secasvar *sav; 1103 1104 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1105 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1106 proto)); 1107 1108 SAHTREE_RLOCK(); 1109 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1110 if (sav->spi == spi) 1111 break; 1112 } 1113 /* 1114 * We use single SPI namespace for all protocols, so it is 1115 * impossible to have SPI duplicates in the SAVHASH. 1116 */ 1117 if (sav != NULL) { 1118 if (sav->state != SADB_SASTATE_LARVAL && 1119 sav->sah->saidx.proto == proto && 1120 key_sockaddrcmp(&dst->sa, 1121 &sav->sah->saidx.dst.sa, 0) == 0) 1122 SAV_ADDREF(sav); 1123 else 1124 sav = NULL; 1125 } 1126 SAHTREE_RUNLOCK(); 1127 1128 if (sav == NULL) { 1129 KEYDBG(IPSEC_STAMP, 1130 char buf[IPSEC_ADDRSTRLEN]; 1131 printf("%s: SA not found for spi %u proto %u dst %s\n", 1132 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1133 sizeof(buf)))); 1134 } else { 1135 KEYDBG(IPSEC_STAMP, 1136 printf("%s: return SA(%p)\n", __func__, sav)); 1137 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1138 } 1139 return (sav); 1140 } 1141 1142 struct secasvar * 1143 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1144 uint8_t proto) 1145 { 1146 SAHTREE_RLOCK_TRACKER; 1147 struct secasindex saidx; 1148 struct secashead *sah; 1149 struct secasvar *sav; 1150 1151 IPSEC_ASSERT(src != NULL, ("null src address")); 1152 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1153 1154 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1155 &dst->sa, &saidx); 1156 1157 sav = NULL; 1158 SAHTREE_RLOCK(); 1159 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1160 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1161 continue; 1162 if (proto != sah->saidx.proto) 1163 continue; 1164 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1165 continue; 1166 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1167 continue; 1168 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1169 if (V_key_preferred_oldsa) 1170 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1171 else 1172 sav = TAILQ_FIRST(&sah->savtree_alive); 1173 if (sav != NULL) { 1174 SAV_ADDREF(sav); 1175 break; 1176 } 1177 } 1178 SAHTREE_RUNLOCK(); 1179 KEYDBG(IPSEC_STAMP, 1180 printf("%s: return SA(%p)\n", __func__, sav)); 1181 if (sav != NULL) 1182 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1183 return (sav); 1184 } 1185 1186 /* 1187 * Must be called after calling key_allocsp(). 1188 */ 1189 void 1190 key_freesp(struct secpolicy **spp) 1191 { 1192 struct secpolicy *sp = *spp; 1193 1194 IPSEC_ASSERT(sp != NULL, ("null sp")); 1195 if (SP_DELREF(sp) == 0) 1196 return; 1197 1198 KEYDBG(IPSEC_STAMP, 1199 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1200 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1201 1202 *spp = NULL; 1203 while (sp->tcount > 0) 1204 ipsec_delisr(sp->req[--sp->tcount]); 1205 free(sp, M_IPSEC_SP); 1206 } 1207 1208 static void 1209 key_unlink(struct secpolicy *sp) 1210 { 1211 SPTREE_WLOCK(); 1212 key_detach(sp); 1213 SPTREE_WUNLOCK(); 1214 if (SPDCACHE_ENABLED()) 1215 spdcache_clear(); 1216 key_freesp(&sp); 1217 } 1218 1219 static void 1220 key_detach(struct secpolicy *sp) 1221 { 1222 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1223 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1224 ("invalid direction %u", sp->spidx.dir)); 1225 SPTREE_WLOCK_ASSERT(); 1226 1227 KEYDBG(KEY_STAMP, 1228 printf("%s: SP(%p)\n", __func__, sp)); 1229 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1230 /* SP is already unlinked */ 1231 return; 1232 } 1233 sp->state = IPSEC_SPSTATE_DEAD; 1234 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1235 V_spd_size--; 1236 LIST_REMOVE(sp, idhash); 1237 V_sp_genid++; 1238 } 1239 1240 /* 1241 * insert a secpolicy into the SP database. Lower priorities first 1242 */ 1243 static void 1244 key_insertsp(struct secpolicy *newsp) 1245 { 1246 struct secpolicy *sp; 1247 1248 SPTREE_WLOCK_ASSERT(); 1249 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1250 if (newsp->priority < sp->priority) { 1251 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1252 goto done; 1253 } 1254 } 1255 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1256 done: 1257 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1258 newsp->state = IPSEC_SPSTATE_ALIVE; 1259 V_spd_size++; 1260 V_sp_genid++; 1261 } 1262 1263 /* 1264 * Insert a bunch of VTI secpolicies into the SPDB. 1265 * We keep VTI policies in the separate list due to following reasons: 1266 * 1) they should be immutable to user's or some deamon's attempts to 1267 * delete. The only way delete such policies - destroy or unconfigure 1268 * corresponding virtual inteface. 1269 * 2) such policies have traffic selector that matches all traffic per 1270 * address family. 1271 * Since all VTI policies have the same priority, we don't care about 1272 * policies order. 1273 */ 1274 int 1275 key_register_ifnet(struct secpolicy **spp, u_int count) 1276 { 1277 struct mbuf *m; 1278 u_int i; 1279 1280 SPTREE_WLOCK(); 1281 /* 1282 * First of try to acquire id for each SP. 1283 */ 1284 for (i = 0; i < count; i++) { 1285 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1286 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1287 ("invalid direction %u", spp[i]->spidx.dir)); 1288 1289 if ((spp[i]->id = key_getnewspid()) == 0) { 1290 SPTREE_WUNLOCK(); 1291 return (EAGAIN); 1292 } 1293 } 1294 for (i = 0; i < count; i++) { 1295 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1296 spp[i], chain); 1297 /* 1298 * NOTE: despite the fact that we keep VTI SP in the 1299 * separate list, SPHASH contains policies from both 1300 * sources. Thus SADB_X_SPDGET will correctly return 1301 * SP by id, because it uses SPHASH for lookups. 1302 */ 1303 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1304 spp[i]->state = IPSEC_SPSTATE_IFNET; 1305 } 1306 SPTREE_WUNLOCK(); 1307 /* 1308 * Notify user processes about new SP. 1309 */ 1310 for (i = 0; i < count; i++) { 1311 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1312 if (m != NULL) 1313 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1314 } 1315 return (0); 1316 } 1317 1318 void 1319 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1320 { 1321 struct mbuf *m; 1322 u_int i; 1323 1324 SPTREE_WLOCK(); 1325 for (i = 0; i < count; i++) { 1326 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1327 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1328 ("invalid direction %u", spp[i]->spidx.dir)); 1329 1330 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1331 continue; 1332 spp[i]->state = IPSEC_SPSTATE_DEAD; 1333 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1334 spp[i], chain); 1335 V_spd_size--; 1336 LIST_REMOVE(spp[i], idhash); 1337 } 1338 SPTREE_WUNLOCK(); 1339 if (SPDCACHE_ENABLED()) 1340 spdcache_clear(); 1341 1342 for (i = 0; i < count; i++) { 1343 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1344 if (m != NULL) 1345 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1346 } 1347 } 1348 1349 /* 1350 * Must be called after calling key_allocsa(). 1351 * This function is called by key_freesp() to free some SA allocated 1352 * for a policy. 1353 */ 1354 void 1355 key_freesav(struct secasvar **psav) 1356 { 1357 struct secasvar *sav = *psav; 1358 1359 IPSEC_ASSERT(sav != NULL, ("null sav")); 1360 if (SAV_DELREF(sav) == 0) 1361 return; 1362 1363 KEYDBG(IPSEC_STAMP, 1364 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1365 1366 *psav = NULL; 1367 key_delsav(sav); 1368 } 1369 1370 /* 1371 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1372 * Expect that SA has extra reference due to lookup. 1373 * Release this references, also release SAH reference after unlink. 1374 */ 1375 static void 1376 key_unlinksav(struct secasvar *sav) 1377 { 1378 struct secashead *sah; 1379 1380 KEYDBG(KEY_STAMP, 1381 printf("%s: SA(%p)\n", __func__, sav)); 1382 1383 SAHTREE_UNLOCK_ASSERT(); 1384 SAHTREE_WLOCK(); 1385 if (sav->state == SADB_SASTATE_DEAD) { 1386 /* SA is already unlinked */ 1387 SAHTREE_WUNLOCK(); 1388 return; 1389 } 1390 /* Unlink from SAH */ 1391 if (sav->state == SADB_SASTATE_LARVAL) 1392 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1393 else 1394 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1395 /* Unlink from SPI hash */ 1396 LIST_REMOVE(sav, spihash); 1397 sav->state = SADB_SASTATE_DEAD; 1398 sah = sav->sah; 1399 SAHTREE_WUNLOCK(); 1400 key_freesav(&sav); 1401 /* Since we are unlinked, release reference to SAH */ 1402 key_freesah(&sah); 1403 } 1404 1405 /* %%% SPD management */ 1406 /* 1407 * search SPD 1408 * OUT: NULL : not found 1409 * others : found, pointer to a SP. 1410 */ 1411 static struct secpolicy * 1412 key_getsp(struct secpolicyindex *spidx) 1413 { 1414 SPTREE_RLOCK_TRACKER; 1415 struct secpolicy *sp; 1416 1417 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1418 1419 SPTREE_RLOCK(); 1420 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1421 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1422 SP_ADDREF(sp); 1423 break; 1424 } 1425 } 1426 SPTREE_RUNLOCK(); 1427 1428 return sp; 1429 } 1430 1431 /* 1432 * get SP by index. 1433 * OUT: NULL : not found 1434 * others : found, pointer to referenced SP. 1435 */ 1436 static struct secpolicy * 1437 key_getspbyid(uint32_t id) 1438 { 1439 SPTREE_RLOCK_TRACKER; 1440 struct secpolicy *sp; 1441 1442 SPTREE_RLOCK(); 1443 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1444 if (sp->id == id) { 1445 SP_ADDREF(sp); 1446 break; 1447 } 1448 } 1449 SPTREE_RUNLOCK(); 1450 return (sp); 1451 } 1452 1453 struct secpolicy * 1454 key_newsp(void) 1455 { 1456 struct secpolicy *sp; 1457 1458 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1459 if (sp != NULL) 1460 SP_INITREF(sp); 1461 return (sp); 1462 } 1463 1464 struct ipsecrequest * 1465 ipsec_newisr(void) 1466 { 1467 1468 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1469 M_NOWAIT | M_ZERO)); 1470 } 1471 1472 void 1473 ipsec_delisr(struct ipsecrequest *p) 1474 { 1475 1476 free(p, M_IPSEC_SR); 1477 } 1478 1479 /* 1480 * create secpolicy structure from sadb_x_policy structure. 1481 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1482 * are not set, so must be set properly later. 1483 */ 1484 struct secpolicy * 1485 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1486 { 1487 struct secpolicy *newsp; 1488 1489 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1490 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1491 1492 if (len != PFKEY_EXTLEN(xpl0)) { 1493 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1494 *error = EINVAL; 1495 return NULL; 1496 } 1497 1498 if ((newsp = key_newsp()) == NULL) { 1499 *error = ENOBUFS; 1500 return NULL; 1501 } 1502 1503 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1504 newsp->policy = xpl0->sadb_x_policy_type; 1505 newsp->priority = xpl0->sadb_x_policy_priority; 1506 newsp->tcount = 0; 1507 1508 /* check policy */ 1509 switch (xpl0->sadb_x_policy_type) { 1510 case IPSEC_POLICY_DISCARD: 1511 case IPSEC_POLICY_NONE: 1512 case IPSEC_POLICY_ENTRUST: 1513 case IPSEC_POLICY_BYPASS: 1514 break; 1515 1516 case IPSEC_POLICY_IPSEC: 1517 { 1518 struct sadb_x_ipsecrequest *xisr; 1519 struct ipsecrequest *isr; 1520 int tlen; 1521 1522 /* validity check */ 1523 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1524 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1525 __func__)); 1526 key_freesp(&newsp); 1527 *error = EINVAL; 1528 return NULL; 1529 } 1530 1531 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1532 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1533 1534 while (tlen > 0) { 1535 /* length check */ 1536 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1537 xisr->sadb_x_ipsecrequest_len > tlen) { 1538 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1539 "length.\n", __func__)); 1540 key_freesp(&newsp); 1541 *error = EINVAL; 1542 return NULL; 1543 } 1544 1545 if (newsp->tcount >= IPSEC_MAXREQ) { 1546 ipseclog((LOG_DEBUG, 1547 "%s: too many ipsecrequests.\n", 1548 __func__)); 1549 key_freesp(&newsp); 1550 *error = EINVAL; 1551 return (NULL); 1552 } 1553 1554 /* allocate request buffer */ 1555 /* NB: data structure is zero'd */ 1556 isr = ipsec_newisr(); 1557 if (isr == NULL) { 1558 ipseclog((LOG_DEBUG, 1559 "%s: No more memory.\n", __func__)); 1560 key_freesp(&newsp); 1561 *error = ENOBUFS; 1562 return NULL; 1563 } 1564 1565 newsp->req[newsp->tcount++] = isr; 1566 1567 /* set values */ 1568 switch (xisr->sadb_x_ipsecrequest_proto) { 1569 case IPPROTO_ESP: 1570 case IPPROTO_AH: 1571 case IPPROTO_IPCOMP: 1572 break; 1573 default: 1574 ipseclog((LOG_DEBUG, 1575 "%s: invalid proto type=%u\n", __func__, 1576 xisr->sadb_x_ipsecrequest_proto)); 1577 key_freesp(&newsp); 1578 *error = EPROTONOSUPPORT; 1579 return NULL; 1580 } 1581 isr->saidx.proto = 1582 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1583 1584 switch (xisr->sadb_x_ipsecrequest_mode) { 1585 case IPSEC_MODE_TRANSPORT: 1586 case IPSEC_MODE_TUNNEL: 1587 break; 1588 case IPSEC_MODE_ANY: 1589 default: 1590 ipseclog((LOG_DEBUG, 1591 "%s: invalid mode=%u\n", __func__, 1592 xisr->sadb_x_ipsecrequest_mode)); 1593 key_freesp(&newsp); 1594 *error = EINVAL; 1595 return NULL; 1596 } 1597 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1598 1599 switch (xisr->sadb_x_ipsecrequest_level) { 1600 case IPSEC_LEVEL_DEFAULT: 1601 case IPSEC_LEVEL_USE: 1602 case IPSEC_LEVEL_REQUIRE: 1603 break; 1604 case IPSEC_LEVEL_UNIQUE: 1605 /* validity check */ 1606 /* 1607 * If range violation of reqid, kernel will 1608 * update it, don't refuse it. 1609 */ 1610 if (xisr->sadb_x_ipsecrequest_reqid 1611 > IPSEC_MANUAL_REQID_MAX) { 1612 ipseclog((LOG_DEBUG, 1613 "%s: reqid=%d range " 1614 "violation, updated by kernel.\n", 1615 __func__, 1616 xisr->sadb_x_ipsecrequest_reqid)); 1617 xisr->sadb_x_ipsecrequest_reqid = 0; 1618 } 1619 1620 /* allocate new reqid id if reqid is zero. */ 1621 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1622 u_int32_t reqid; 1623 if ((reqid = key_newreqid()) == 0) { 1624 key_freesp(&newsp); 1625 *error = ENOBUFS; 1626 return NULL; 1627 } 1628 isr->saidx.reqid = reqid; 1629 xisr->sadb_x_ipsecrequest_reqid = reqid; 1630 } else { 1631 /* set it for manual keying. */ 1632 isr->saidx.reqid = 1633 xisr->sadb_x_ipsecrequest_reqid; 1634 } 1635 break; 1636 1637 default: 1638 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1639 __func__, 1640 xisr->sadb_x_ipsecrequest_level)); 1641 key_freesp(&newsp); 1642 *error = EINVAL; 1643 return NULL; 1644 } 1645 isr->level = xisr->sadb_x_ipsecrequest_level; 1646 1647 /* set IP addresses if there */ 1648 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1649 struct sockaddr *paddr; 1650 1651 len = tlen - sizeof(*xisr); 1652 paddr = (struct sockaddr *)(xisr + 1); 1653 /* validity check */ 1654 if (len < sizeof(struct sockaddr) || 1655 len < 2 * paddr->sa_len || 1656 paddr->sa_len > sizeof(isr->saidx.src)) { 1657 ipseclog((LOG_DEBUG, "%s: invalid " 1658 "request address length.\n", 1659 __func__)); 1660 key_freesp(&newsp); 1661 *error = EINVAL; 1662 return NULL; 1663 } 1664 /* 1665 * Request length should be enough to keep 1666 * source and destination addresses. 1667 */ 1668 if (xisr->sadb_x_ipsecrequest_len < 1669 sizeof(*xisr) + 2 * paddr->sa_len) { 1670 ipseclog((LOG_DEBUG, "%s: invalid " 1671 "ipsecrequest length.\n", 1672 __func__)); 1673 key_freesp(&newsp); 1674 *error = EINVAL; 1675 return (NULL); 1676 } 1677 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1678 paddr = (struct sockaddr *)((caddr_t)paddr + 1679 paddr->sa_len); 1680 1681 /* validity check */ 1682 if (paddr->sa_len != 1683 isr->saidx.src.sa.sa_len) { 1684 ipseclog((LOG_DEBUG, "%s: invalid " 1685 "request address length.\n", 1686 __func__)); 1687 key_freesp(&newsp); 1688 *error = EINVAL; 1689 return NULL; 1690 } 1691 /* AF family should match */ 1692 if (paddr->sa_family != 1693 isr->saidx.src.sa.sa_family) { 1694 ipseclog((LOG_DEBUG, "%s: address " 1695 "family doesn't match.\n", 1696 __func__)); 1697 key_freesp(&newsp); 1698 *error = EINVAL; 1699 return (NULL); 1700 } 1701 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1702 } else { 1703 /* 1704 * Addresses for TUNNEL mode requests are 1705 * mandatory. 1706 */ 1707 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1708 ipseclog((LOG_DEBUG, "%s: missing " 1709 "request addresses.\n", __func__)); 1710 key_freesp(&newsp); 1711 *error = EINVAL; 1712 return (NULL); 1713 } 1714 } 1715 tlen -= xisr->sadb_x_ipsecrequest_len; 1716 1717 /* validity check */ 1718 if (tlen < 0) { 1719 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1720 __func__)); 1721 key_freesp(&newsp); 1722 *error = EINVAL; 1723 return NULL; 1724 } 1725 1726 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1727 + xisr->sadb_x_ipsecrequest_len); 1728 } 1729 /* XXXAE: LARVAL SP */ 1730 if (newsp->tcount < 1) { 1731 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1732 "not found.\n", __func__)); 1733 key_freesp(&newsp); 1734 *error = EINVAL; 1735 return (NULL); 1736 } 1737 } 1738 break; 1739 default: 1740 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1741 key_freesp(&newsp); 1742 *error = EINVAL; 1743 return NULL; 1744 } 1745 1746 *error = 0; 1747 return (newsp); 1748 } 1749 1750 uint32_t 1751 key_newreqid(void) 1752 { 1753 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1754 1755 if (auto_reqid == ~0) 1756 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1757 else 1758 auto_reqid++; 1759 1760 /* XXX should be unique check */ 1761 return (auto_reqid); 1762 } 1763 1764 /* 1765 * copy secpolicy struct to sadb_x_policy structure indicated. 1766 */ 1767 static struct mbuf * 1768 key_sp2mbuf(struct secpolicy *sp) 1769 { 1770 struct mbuf *m; 1771 size_t tlen; 1772 1773 tlen = key_getspreqmsglen(sp); 1774 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1775 if (m == NULL) 1776 return (NULL); 1777 m_align(m, tlen); 1778 m->m_len = tlen; 1779 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1780 m_freem(m); 1781 return (NULL); 1782 } 1783 return (m); 1784 } 1785 1786 int 1787 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1788 { 1789 struct sadb_x_ipsecrequest *xisr; 1790 struct sadb_x_policy *xpl; 1791 struct ipsecrequest *isr; 1792 size_t xlen, ilen; 1793 caddr_t p; 1794 int error, i; 1795 1796 IPSEC_ASSERT(sp != NULL, ("null policy")); 1797 1798 xlen = sizeof(*xpl); 1799 if (*len < xlen) 1800 return (EINVAL); 1801 1802 error = 0; 1803 bzero(request, *len); 1804 xpl = (struct sadb_x_policy *)request; 1805 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1806 xpl->sadb_x_policy_type = sp->policy; 1807 xpl->sadb_x_policy_dir = sp->spidx.dir; 1808 xpl->sadb_x_policy_id = sp->id; 1809 xpl->sadb_x_policy_priority = sp->priority; 1810 switch (sp->state) { 1811 case IPSEC_SPSTATE_IFNET: 1812 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1813 break; 1814 case IPSEC_SPSTATE_PCB: 1815 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1816 break; 1817 default: 1818 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1819 } 1820 1821 /* if is the policy for ipsec ? */ 1822 if (sp->policy == IPSEC_POLICY_IPSEC) { 1823 p = (caddr_t)xpl + sizeof(*xpl); 1824 for (i = 0; i < sp->tcount; i++) { 1825 isr = sp->req[i]; 1826 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1827 isr->saidx.src.sa.sa_len + 1828 isr->saidx.dst.sa.sa_len); 1829 xlen += ilen; 1830 if (xlen > *len) { 1831 error = ENOBUFS; 1832 /* Calculate needed size */ 1833 continue; 1834 } 1835 xisr = (struct sadb_x_ipsecrequest *)p; 1836 xisr->sadb_x_ipsecrequest_len = ilen; 1837 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1838 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1839 xisr->sadb_x_ipsecrequest_level = isr->level; 1840 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1841 1842 p += sizeof(*xisr); 1843 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1844 p += isr->saidx.src.sa.sa_len; 1845 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1846 p += isr->saidx.dst.sa.sa_len; 1847 } 1848 } 1849 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1850 if (error == 0) 1851 *len = xlen; 1852 else 1853 *len = sizeof(*xpl); 1854 return (error); 1855 } 1856 1857 /* m will not be freed nor modified */ 1858 static struct mbuf * 1859 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1860 int ndeep, int nitem, ...) 1861 { 1862 va_list ap; 1863 int idx; 1864 int i; 1865 struct mbuf *result = NULL, *n; 1866 int len; 1867 1868 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1869 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1870 1871 va_start(ap, nitem); 1872 for (i = 0; i < nitem; i++) { 1873 idx = va_arg(ap, int); 1874 if (idx < 0 || idx > SADB_EXT_MAX) 1875 goto fail; 1876 /* don't attempt to pull empty extension */ 1877 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1878 continue; 1879 if (idx != SADB_EXT_RESERVED && 1880 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1881 continue; 1882 1883 if (idx == SADB_EXT_RESERVED) { 1884 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1885 1886 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1887 1888 MGETHDR(n, M_NOWAIT, MT_DATA); 1889 if (!n) 1890 goto fail; 1891 n->m_len = len; 1892 n->m_next = NULL; 1893 m_copydata(m, 0, sizeof(struct sadb_msg), 1894 mtod(n, caddr_t)); 1895 } else if (i < ndeep) { 1896 len = mhp->extlen[idx]; 1897 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1898 if (n == NULL) 1899 goto fail; 1900 m_align(n, len); 1901 n->m_len = len; 1902 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1903 mtod(n, caddr_t)); 1904 } else { 1905 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1906 M_NOWAIT); 1907 } 1908 if (n == NULL) 1909 goto fail; 1910 1911 if (result) 1912 m_cat(result, n); 1913 else 1914 result = n; 1915 } 1916 va_end(ap); 1917 1918 if ((result->m_flags & M_PKTHDR) != 0) { 1919 result->m_pkthdr.len = 0; 1920 for (n = result; n; n = n->m_next) 1921 result->m_pkthdr.len += n->m_len; 1922 } 1923 1924 return result; 1925 1926 fail: 1927 m_freem(result); 1928 va_end(ap); 1929 return NULL; 1930 } 1931 1932 /* 1933 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1934 * add an entry to SP database, when received 1935 * <base, address(SD), (lifetime(H),) policy> 1936 * from the user(?). 1937 * Adding to SP database, 1938 * and send 1939 * <base, address(SD), (lifetime(H),) policy> 1940 * to the socket which was send. 1941 * 1942 * SPDADD set a unique policy entry. 1943 * SPDSETIDX like SPDADD without a part of policy requests. 1944 * SPDUPDATE replace a unique policy entry. 1945 * 1946 * XXXAE: serialize this in PF_KEY to avoid races. 1947 * m will always be freed. 1948 */ 1949 static int 1950 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1951 { 1952 struct secpolicyindex spidx; 1953 struct sadb_address *src0, *dst0; 1954 struct sadb_x_policy *xpl0, *xpl; 1955 struct sadb_lifetime *lft = NULL; 1956 struct secpolicy *newsp, *oldsp; 1957 int error; 1958 1959 IPSEC_ASSERT(so != NULL, ("null socket")); 1960 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1961 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1962 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1963 1964 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1965 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1966 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1967 ipseclog((LOG_DEBUG, 1968 "%s: invalid message: missing required header.\n", 1969 __func__)); 1970 return key_senderror(so, m, EINVAL); 1971 } 1972 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1973 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1974 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1975 ipseclog((LOG_DEBUG, 1976 "%s: invalid message: wrong header size.\n", __func__)); 1977 return key_senderror(so, m, EINVAL); 1978 } 1979 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1980 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1981 ipseclog((LOG_DEBUG, 1982 "%s: invalid message: wrong header size.\n", 1983 __func__)); 1984 return key_senderror(so, m, EINVAL); 1985 } 1986 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1987 } 1988 1989 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1990 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1991 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1992 1993 /* check the direciton */ 1994 switch (xpl0->sadb_x_policy_dir) { 1995 case IPSEC_DIR_INBOUND: 1996 case IPSEC_DIR_OUTBOUND: 1997 break; 1998 default: 1999 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2000 return key_senderror(so, m, EINVAL); 2001 } 2002 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2003 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2004 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2005 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2006 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2007 return key_senderror(so, m, EINVAL); 2008 } 2009 2010 /* policy requests are mandatory when action is ipsec. */ 2011 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2012 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2013 ipseclog((LOG_DEBUG, 2014 "%s: policy requests required.\n", __func__)); 2015 return key_senderror(so, m, EINVAL); 2016 } 2017 2018 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2019 (struct sockaddr *)(dst0 + 1)); 2020 if (error != 0 || 2021 src0->sadb_address_proto != dst0->sadb_address_proto) { 2022 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2023 return key_senderror(so, m, error); 2024 } 2025 /* make secindex */ 2026 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2027 src0 + 1, 2028 dst0 + 1, 2029 src0->sadb_address_prefixlen, 2030 dst0->sadb_address_prefixlen, 2031 src0->sadb_address_proto, 2032 &spidx); 2033 /* Checking there is SP already or not. */ 2034 oldsp = key_getsp(&spidx); 2035 if (oldsp != NULL) { 2036 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2037 KEYDBG(KEY_STAMP, 2038 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2039 __func__, oldsp)); 2040 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2041 } else { 2042 key_freesp(&newsp); 2043 ipseclog((LOG_DEBUG, 2044 "%s: a SP entry exists already.\n", __func__)); 2045 return (key_senderror(so, m, EEXIST)); 2046 } 2047 } 2048 2049 /* allocate new SP entry */ 2050 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2051 if (oldsp != NULL) { 2052 key_unlink(oldsp); 2053 key_freesp(&oldsp); /* second for our reference */ 2054 } 2055 return key_senderror(so, m, error); 2056 } 2057 2058 newsp->lastused = newsp->created = time_second; 2059 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2060 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2061 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2062 2063 SPTREE_WLOCK(); 2064 if ((newsp->id = key_getnewspid()) == 0) { 2065 if (oldsp != NULL) 2066 key_detach(oldsp); 2067 SPTREE_WUNLOCK(); 2068 if (oldsp != NULL) { 2069 key_freesp(&oldsp); /* first for key_detach */ 2070 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2071 key_freesp(&oldsp); /* second for our reference */ 2072 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2073 spdcache_clear(); 2074 } 2075 key_freesp(&newsp); 2076 return key_senderror(so, m, ENOBUFS); 2077 } 2078 if (oldsp != NULL) 2079 key_detach(oldsp); 2080 key_insertsp(newsp); 2081 SPTREE_WUNLOCK(); 2082 if (oldsp != NULL) { 2083 key_freesp(&oldsp); /* first for key_detach */ 2084 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2085 key_freesp(&oldsp); /* second for our reference */ 2086 } 2087 if (SPDCACHE_ENABLED()) 2088 spdcache_clear(); 2089 KEYDBG(KEY_STAMP, 2090 printf("%s: SP(%p)\n", __func__, newsp)); 2091 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2092 2093 { 2094 struct mbuf *n, *mpolicy; 2095 struct sadb_msg *newmsg; 2096 int off; 2097 2098 /* create new sadb_msg to reply. */ 2099 if (lft) { 2100 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2101 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2102 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2103 } else { 2104 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2105 SADB_X_EXT_POLICY, 2106 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2107 } 2108 if (!n) 2109 return key_senderror(so, m, ENOBUFS); 2110 2111 if (n->m_len < sizeof(*newmsg)) { 2112 n = m_pullup(n, sizeof(*newmsg)); 2113 if (!n) 2114 return key_senderror(so, m, ENOBUFS); 2115 } 2116 newmsg = mtod(n, struct sadb_msg *); 2117 newmsg->sadb_msg_errno = 0; 2118 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2119 2120 off = 0; 2121 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2122 sizeof(*xpl), &off); 2123 if (mpolicy == NULL) { 2124 /* n is already freed */ 2125 return key_senderror(so, m, ENOBUFS); 2126 } 2127 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2128 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2129 m_freem(n); 2130 return key_senderror(so, m, EINVAL); 2131 } 2132 xpl->sadb_x_policy_id = newsp->id; 2133 2134 m_freem(m); 2135 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2136 } 2137 } 2138 2139 /* 2140 * get new policy id. 2141 * OUT: 2142 * 0: failure. 2143 * others: success. 2144 */ 2145 static uint32_t 2146 key_getnewspid(void) 2147 { 2148 struct secpolicy *sp; 2149 uint32_t newid = 0; 2150 int count = V_key_spi_trycnt; /* XXX */ 2151 2152 SPTREE_WLOCK_ASSERT(); 2153 while (count--) { 2154 if (V_policy_id == ~0) /* overflowed */ 2155 newid = V_policy_id = 1; 2156 else 2157 newid = ++V_policy_id; 2158 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2159 if (sp->id == newid) 2160 break; 2161 } 2162 if (sp == NULL) 2163 break; 2164 } 2165 if (count == 0 || newid == 0) { 2166 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2167 __func__)); 2168 return (0); 2169 } 2170 return (newid); 2171 } 2172 2173 /* 2174 * SADB_SPDDELETE processing 2175 * receive 2176 * <base, address(SD), policy(*)> 2177 * from the user(?), and set SADB_SASTATE_DEAD, 2178 * and send, 2179 * <base, address(SD), policy(*)> 2180 * to the ikmpd. 2181 * policy(*) including direction of policy. 2182 * 2183 * m will always be freed. 2184 */ 2185 static int 2186 key_spddelete(struct socket *so, struct mbuf *m, 2187 const struct sadb_msghdr *mhp) 2188 { 2189 struct secpolicyindex spidx; 2190 struct sadb_address *src0, *dst0; 2191 struct sadb_x_policy *xpl0; 2192 struct secpolicy *sp; 2193 2194 IPSEC_ASSERT(so != NULL, ("null so")); 2195 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2196 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2197 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2198 2199 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2200 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2201 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2202 ipseclog((LOG_DEBUG, 2203 "%s: invalid message: missing required header.\n", 2204 __func__)); 2205 return key_senderror(so, m, EINVAL); 2206 } 2207 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2208 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2209 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2210 ipseclog((LOG_DEBUG, 2211 "%s: invalid message: wrong header size.\n", __func__)); 2212 return key_senderror(so, m, EINVAL); 2213 } 2214 2215 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2216 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2217 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2218 2219 /* check the direciton */ 2220 switch (xpl0->sadb_x_policy_dir) { 2221 case IPSEC_DIR_INBOUND: 2222 case IPSEC_DIR_OUTBOUND: 2223 break; 2224 default: 2225 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2226 return key_senderror(so, m, EINVAL); 2227 } 2228 /* Only DISCARD, NONE and IPSEC are allowed */ 2229 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2230 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2231 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2232 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2233 return key_senderror(so, m, EINVAL); 2234 } 2235 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2236 (struct sockaddr *)(dst0 + 1)) != 0 || 2237 src0->sadb_address_proto != dst0->sadb_address_proto) { 2238 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2239 return key_senderror(so, m, EINVAL); 2240 } 2241 /* make secindex */ 2242 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2243 src0 + 1, 2244 dst0 + 1, 2245 src0->sadb_address_prefixlen, 2246 dst0->sadb_address_prefixlen, 2247 src0->sadb_address_proto, 2248 &spidx); 2249 2250 /* Is there SP in SPD ? */ 2251 if ((sp = key_getsp(&spidx)) == NULL) { 2252 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2253 return key_senderror(so, m, EINVAL); 2254 } 2255 2256 /* save policy id to buffer to be returned. */ 2257 xpl0->sadb_x_policy_id = sp->id; 2258 2259 KEYDBG(KEY_STAMP, 2260 printf("%s: SP(%p)\n", __func__, sp)); 2261 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2262 key_unlink(sp); 2263 key_freesp(&sp); 2264 2265 { 2266 struct mbuf *n; 2267 struct sadb_msg *newmsg; 2268 2269 /* create new sadb_msg to reply. */ 2270 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2271 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2272 if (!n) 2273 return key_senderror(so, m, ENOBUFS); 2274 2275 newmsg = mtod(n, struct sadb_msg *); 2276 newmsg->sadb_msg_errno = 0; 2277 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2278 2279 m_freem(m); 2280 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2281 } 2282 } 2283 2284 /* 2285 * SADB_SPDDELETE2 processing 2286 * receive 2287 * <base, policy(*)> 2288 * from the user(?), and set SADB_SASTATE_DEAD, 2289 * and send, 2290 * <base, policy(*)> 2291 * to the ikmpd. 2292 * policy(*) including direction of policy. 2293 * 2294 * m will always be freed. 2295 */ 2296 static int 2297 key_spddelete2(struct socket *so, struct mbuf *m, 2298 const struct sadb_msghdr *mhp) 2299 { 2300 struct secpolicy *sp; 2301 uint32_t id; 2302 2303 IPSEC_ASSERT(so != NULL, ("null socket")); 2304 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2305 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2306 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2307 2308 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2309 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2310 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2311 __func__)); 2312 return key_senderror(so, m, EINVAL); 2313 } 2314 2315 id = ((struct sadb_x_policy *) 2316 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2317 2318 /* Is there SP in SPD ? */ 2319 if ((sp = key_getspbyid(id)) == NULL) { 2320 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2321 __func__, id)); 2322 return key_senderror(so, m, EINVAL); 2323 } 2324 2325 KEYDBG(KEY_STAMP, 2326 printf("%s: SP(%p)\n", __func__, sp)); 2327 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2328 key_unlink(sp); 2329 if (sp->state != IPSEC_SPSTATE_DEAD) { 2330 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2331 __func__, id)); 2332 key_freesp(&sp); 2333 return (key_senderror(so, m, EACCES)); 2334 } 2335 key_freesp(&sp); 2336 2337 { 2338 struct mbuf *n, *nn; 2339 struct sadb_msg *newmsg; 2340 int off, len; 2341 2342 /* create new sadb_msg to reply. */ 2343 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2344 2345 MGETHDR(n, M_NOWAIT, MT_DATA); 2346 if (n && len > MHLEN) { 2347 if (!(MCLGET(n, M_NOWAIT))) { 2348 m_freem(n); 2349 n = NULL; 2350 } 2351 } 2352 if (!n) 2353 return key_senderror(so, m, ENOBUFS); 2354 2355 n->m_len = len; 2356 n->m_next = NULL; 2357 off = 0; 2358 2359 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2360 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2361 2362 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2363 off, len)); 2364 2365 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2366 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2367 if (!n->m_next) { 2368 m_freem(n); 2369 return key_senderror(so, m, ENOBUFS); 2370 } 2371 2372 n->m_pkthdr.len = 0; 2373 for (nn = n; nn; nn = nn->m_next) 2374 n->m_pkthdr.len += nn->m_len; 2375 2376 newmsg = mtod(n, struct sadb_msg *); 2377 newmsg->sadb_msg_errno = 0; 2378 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2379 2380 m_freem(m); 2381 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2382 } 2383 } 2384 2385 /* 2386 * SADB_X_SPDGET processing 2387 * receive 2388 * <base, policy(*)> 2389 * from the user(?), 2390 * and send, 2391 * <base, address(SD), policy> 2392 * to the ikmpd. 2393 * policy(*) including direction of policy. 2394 * 2395 * m will always be freed. 2396 */ 2397 static int 2398 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2399 { 2400 struct secpolicy *sp; 2401 struct mbuf *n; 2402 uint32_t id; 2403 2404 IPSEC_ASSERT(so != NULL, ("null socket")); 2405 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2406 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2407 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2408 2409 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2410 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2411 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2412 __func__)); 2413 return key_senderror(so, m, EINVAL); 2414 } 2415 2416 id = ((struct sadb_x_policy *) 2417 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2418 2419 /* Is there SP in SPD ? */ 2420 if ((sp = key_getspbyid(id)) == NULL) { 2421 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2422 __func__, id)); 2423 return key_senderror(so, m, ENOENT); 2424 } 2425 2426 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2427 mhp->msg->sadb_msg_pid); 2428 key_freesp(&sp); 2429 if (n != NULL) { 2430 m_freem(m); 2431 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2432 } else 2433 return key_senderror(so, m, ENOBUFS); 2434 } 2435 2436 /* 2437 * SADB_X_SPDACQUIRE processing. 2438 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2439 * send 2440 * <base, policy(*)> 2441 * to KMD, and expect to receive 2442 * <base> with SADB_X_SPDACQUIRE if error occurred, 2443 * or 2444 * <base, policy> 2445 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2446 * policy(*) is without policy requests. 2447 * 2448 * 0 : succeed 2449 * others: error number 2450 */ 2451 int 2452 key_spdacquire(struct secpolicy *sp) 2453 { 2454 struct mbuf *result = NULL, *m; 2455 struct secspacq *newspacq; 2456 2457 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2458 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2459 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2460 ("policy not IPSEC %u", sp->policy)); 2461 2462 /* Get an entry to check whether sent message or not. */ 2463 newspacq = key_getspacq(&sp->spidx); 2464 if (newspacq != NULL) { 2465 if (V_key_blockacq_count < newspacq->count) { 2466 /* reset counter and do send message. */ 2467 newspacq->count = 0; 2468 } else { 2469 /* increment counter and do nothing. */ 2470 newspacq->count++; 2471 SPACQ_UNLOCK(); 2472 return (0); 2473 } 2474 SPACQ_UNLOCK(); 2475 } else { 2476 /* make new entry for blocking to send SADB_ACQUIRE. */ 2477 newspacq = key_newspacq(&sp->spidx); 2478 if (newspacq == NULL) 2479 return ENOBUFS; 2480 } 2481 2482 /* create new sadb_msg to reply. */ 2483 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2484 if (!m) 2485 return ENOBUFS; 2486 2487 result = m; 2488 2489 result->m_pkthdr.len = 0; 2490 for (m = result; m; m = m->m_next) 2491 result->m_pkthdr.len += m->m_len; 2492 2493 mtod(result, struct sadb_msg *)->sadb_msg_len = 2494 PFKEY_UNIT64(result->m_pkthdr.len); 2495 2496 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2497 } 2498 2499 /* 2500 * SADB_SPDFLUSH processing 2501 * receive 2502 * <base> 2503 * from the user, and free all entries in secpctree. 2504 * and send, 2505 * <base> 2506 * to the user. 2507 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2508 * 2509 * m will always be freed. 2510 */ 2511 static int 2512 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2513 { 2514 struct secpolicy_queue drainq; 2515 struct sadb_msg *newmsg; 2516 struct secpolicy *sp, *nextsp; 2517 u_int dir; 2518 2519 IPSEC_ASSERT(so != NULL, ("null socket")); 2520 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2521 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2522 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2523 2524 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2525 return key_senderror(so, m, EINVAL); 2526 2527 TAILQ_INIT(&drainq); 2528 SPTREE_WLOCK(); 2529 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2530 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2531 } 2532 /* 2533 * We need to set state to DEAD for each policy to be sure, 2534 * that another thread won't try to unlink it. 2535 * Also remove SP from sphash. 2536 */ 2537 TAILQ_FOREACH(sp, &drainq, chain) { 2538 sp->state = IPSEC_SPSTATE_DEAD; 2539 LIST_REMOVE(sp, idhash); 2540 } 2541 V_sp_genid++; 2542 V_spd_size = 0; 2543 SPTREE_WUNLOCK(); 2544 if (SPDCACHE_ENABLED()) 2545 spdcache_clear(); 2546 sp = TAILQ_FIRST(&drainq); 2547 while (sp != NULL) { 2548 nextsp = TAILQ_NEXT(sp, chain); 2549 key_freesp(&sp); 2550 sp = nextsp; 2551 } 2552 2553 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2554 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2555 return key_senderror(so, m, ENOBUFS); 2556 } 2557 2558 if (m->m_next) 2559 m_freem(m->m_next); 2560 m->m_next = NULL; 2561 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2562 newmsg = mtod(m, struct sadb_msg *); 2563 newmsg->sadb_msg_errno = 0; 2564 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2565 2566 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2567 } 2568 2569 static uint8_t 2570 key_satype2scopemask(uint8_t satype) 2571 { 2572 2573 if (satype == IPSEC_POLICYSCOPE_ANY) 2574 return (0xff); 2575 return (satype); 2576 } 2577 /* 2578 * SADB_SPDDUMP processing 2579 * receive 2580 * <base> 2581 * from the user, and dump all SP leaves and send, 2582 * <base> ..... 2583 * to the ikmpd. 2584 * 2585 * NOTE: 2586 * sadb_msg_satype is considered as mask of policy scopes. 2587 * m will always be freed. 2588 */ 2589 static int 2590 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2591 { 2592 SPTREE_RLOCK_TRACKER; 2593 struct secpolicy *sp; 2594 struct mbuf *n; 2595 int cnt; 2596 u_int dir, scope; 2597 2598 IPSEC_ASSERT(so != NULL, ("null socket")); 2599 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2600 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2601 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2602 2603 /* search SPD entry and get buffer size. */ 2604 cnt = 0; 2605 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2606 SPTREE_RLOCK(); 2607 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2608 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2609 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2610 cnt++; 2611 } 2612 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2613 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2614 cnt++; 2615 } 2616 } 2617 2618 if (cnt == 0) { 2619 SPTREE_RUNLOCK(); 2620 return key_senderror(so, m, ENOENT); 2621 } 2622 2623 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2624 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2625 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2626 --cnt; 2627 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2628 mhp->msg->sadb_msg_pid); 2629 2630 if (n != NULL) 2631 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2632 } 2633 } 2634 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2635 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2636 --cnt; 2637 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2638 mhp->msg->sadb_msg_pid); 2639 2640 if (n != NULL) 2641 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2642 } 2643 } 2644 } 2645 2646 SPTREE_RUNLOCK(); 2647 m_freem(m); 2648 return (0); 2649 } 2650 2651 static struct mbuf * 2652 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2653 u_int32_t pid) 2654 { 2655 struct mbuf *result = NULL, *m; 2656 struct seclifetime lt; 2657 2658 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2659 if (!m) 2660 goto fail; 2661 result = m; 2662 2663 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2664 &sp->spidx.src.sa, sp->spidx.prefs, 2665 sp->spidx.ul_proto); 2666 if (!m) 2667 goto fail; 2668 m_cat(result, m); 2669 2670 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2671 &sp->spidx.dst.sa, sp->spidx.prefd, 2672 sp->spidx.ul_proto); 2673 if (!m) 2674 goto fail; 2675 m_cat(result, m); 2676 2677 m = key_sp2mbuf(sp); 2678 if (!m) 2679 goto fail; 2680 m_cat(result, m); 2681 2682 if(sp->lifetime){ 2683 lt.addtime=sp->created; 2684 lt.usetime= sp->lastused; 2685 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2686 if (!m) 2687 goto fail; 2688 m_cat(result, m); 2689 2690 lt.addtime=sp->lifetime; 2691 lt.usetime= sp->validtime; 2692 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2693 if (!m) 2694 goto fail; 2695 m_cat(result, m); 2696 } 2697 2698 if ((result->m_flags & M_PKTHDR) == 0) 2699 goto fail; 2700 2701 if (result->m_len < sizeof(struct sadb_msg)) { 2702 result = m_pullup(result, sizeof(struct sadb_msg)); 2703 if (result == NULL) 2704 goto fail; 2705 } 2706 2707 result->m_pkthdr.len = 0; 2708 for (m = result; m; m = m->m_next) 2709 result->m_pkthdr.len += m->m_len; 2710 2711 mtod(result, struct sadb_msg *)->sadb_msg_len = 2712 PFKEY_UNIT64(result->m_pkthdr.len); 2713 2714 return result; 2715 2716 fail: 2717 m_freem(result); 2718 return NULL; 2719 } 2720 /* 2721 * get PFKEY message length for security policy and request. 2722 */ 2723 static size_t 2724 key_getspreqmsglen(struct secpolicy *sp) 2725 { 2726 size_t tlen, len; 2727 int i; 2728 2729 tlen = sizeof(struct sadb_x_policy); 2730 /* if is the policy for ipsec ? */ 2731 if (sp->policy != IPSEC_POLICY_IPSEC) 2732 return (tlen); 2733 2734 /* get length of ipsec requests */ 2735 for (i = 0; i < sp->tcount; i++) { 2736 len = sizeof(struct sadb_x_ipsecrequest) 2737 + sp->req[i]->saidx.src.sa.sa_len 2738 + sp->req[i]->saidx.dst.sa.sa_len; 2739 2740 tlen += PFKEY_ALIGN8(len); 2741 } 2742 return (tlen); 2743 } 2744 2745 /* 2746 * SADB_SPDEXPIRE processing 2747 * send 2748 * <base, address(SD), lifetime(CH), policy> 2749 * to KMD by PF_KEY. 2750 * 2751 * OUT: 0 : succeed 2752 * others : error number 2753 */ 2754 static int 2755 key_spdexpire(struct secpolicy *sp) 2756 { 2757 struct sadb_lifetime *lt; 2758 struct mbuf *result = NULL, *m; 2759 int len, error = -1; 2760 2761 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2762 2763 KEYDBG(KEY_STAMP, 2764 printf("%s: SP(%p)\n", __func__, sp)); 2765 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2766 2767 /* set msg header */ 2768 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2769 if (!m) { 2770 error = ENOBUFS; 2771 goto fail; 2772 } 2773 result = m; 2774 2775 /* create lifetime extension (current and hard) */ 2776 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2777 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2778 if (m == NULL) { 2779 error = ENOBUFS; 2780 goto fail; 2781 } 2782 m_align(m, len); 2783 m->m_len = len; 2784 bzero(mtod(m, caddr_t), len); 2785 lt = mtod(m, struct sadb_lifetime *); 2786 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2787 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2788 lt->sadb_lifetime_allocations = 0; 2789 lt->sadb_lifetime_bytes = 0; 2790 lt->sadb_lifetime_addtime = sp->created; 2791 lt->sadb_lifetime_usetime = sp->lastused; 2792 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2793 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2794 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2795 lt->sadb_lifetime_allocations = 0; 2796 lt->sadb_lifetime_bytes = 0; 2797 lt->sadb_lifetime_addtime = sp->lifetime; 2798 lt->sadb_lifetime_usetime = sp->validtime; 2799 m_cat(result, m); 2800 2801 /* set sadb_address for source */ 2802 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2803 &sp->spidx.src.sa, 2804 sp->spidx.prefs, sp->spidx.ul_proto); 2805 if (!m) { 2806 error = ENOBUFS; 2807 goto fail; 2808 } 2809 m_cat(result, m); 2810 2811 /* set sadb_address for destination */ 2812 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2813 &sp->spidx.dst.sa, 2814 sp->spidx.prefd, sp->spidx.ul_proto); 2815 if (!m) { 2816 error = ENOBUFS; 2817 goto fail; 2818 } 2819 m_cat(result, m); 2820 2821 /* set secpolicy */ 2822 m = key_sp2mbuf(sp); 2823 if (!m) { 2824 error = ENOBUFS; 2825 goto fail; 2826 } 2827 m_cat(result, m); 2828 2829 if ((result->m_flags & M_PKTHDR) == 0) { 2830 error = EINVAL; 2831 goto fail; 2832 } 2833 2834 if (result->m_len < sizeof(struct sadb_msg)) { 2835 result = m_pullup(result, sizeof(struct sadb_msg)); 2836 if (result == NULL) { 2837 error = ENOBUFS; 2838 goto fail; 2839 } 2840 } 2841 2842 result->m_pkthdr.len = 0; 2843 for (m = result; m; m = m->m_next) 2844 result->m_pkthdr.len += m->m_len; 2845 2846 mtod(result, struct sadb_msg *)->sadb_msg_len = 2847 PFKEY_UNIT64(result->m_pkthdr.len); 2848 2849 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2850 2851 fail: 2852 if (result) 2853 m_freem(result); 2854 return error; 2855 } 2856 2857 /* %%% SAD management */ 2858 /* 2859 * allocating and initialize new SA head. 2860 * OUT: NULL : failure due to the lack of memory. 2861 * others : pointer to new SA head. 2862 */ 2863 static struct secashead * 2864 key_newsah(struct secasindex *saidx) 2865 { 2866 struct secashead *sah; 2867 2868 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2869 M_NOWAIT | M_ZERO); 2870 if (sah == NULL) { 2871 PFKEYSTAT_INC(in_nomem); 2872 return (NULL); 2873 } 2874 TAILQ_INIT(&sah->savtree_larval); 2875 TAILQ_INIT(&sah->savtree_alive); 2876 sah->saidx = *saidx; 2877 sah->state = SADB_SASTATE_DEAD; 2878 SAH_INITREF(sah); 2879 2880 KEYDBG(KEY_STAMP, 2881 printf("%s: SAH(%p)\n", __func__, sah)); 2882 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2883 return (sah); 2884 } 2885 2886 static void 2887 key_freesah(struct secashead **psah) 2888 { 2889 struct secashead *sah = *psah; 2890 2891 if (SAH_DELREF(sah) == 0) 2892 return; 2893 2894 KEYDBG(KEY_STAMP, 2895 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2896 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2897 2898 *psah = NULL; 2899 key_delsah(sah); 2900 } 2901 2902 static void 2903 key_delsah(struct secashead *sah) 2904 { 2905 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2906 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2907 ("Attempt to free non DEAD SAH %p", sah)); 2908 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2909 ("Attempt to free SAH %p with LARVAL SA", sah)); 2910 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2911 ("Attempt to free SAH %p with ALIVE SA", sah)); 2912 2913 free(sah, M_IPSEC_SAH); 2914 } 2915 2916 /* 2917 * allocating a new SA for key_add() and key_getspi() call, 2918 * and copy the values of mhp into new buffer. 2919 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2920 * For SADB_ADD create and initialize SA with MATURE state. 2921 * OUT: NULL : fail 2922 * others : pointer to new secasvar. 2923 */ 2924 static struct secasvar * 2925 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2926 uint32_t spi, int *errp) 2927 { 2928 struct secashead *sah; 2929 struct secasvar *sav; 2930 int isnew; 2931 2932 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2933 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2934 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2935 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2936 2937 sav = NULL; 2938 sah = NULL; 2939 /* check SPI value */ 2940 switch (saidx->proto) { 2941 case IPPROTO_ESP: 2942 case IPPROTO_AH: 2943 /* 2944 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2945 * 1-255 reserved by IANA for future use, 2946 * 0 for implementation specific, local use. 2947 */ 2948 if (ntohl(spi) <= 255) { 2949 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2950 __func__, ntohl(spi))); 2951 *errp = EINVAL; 2952 goto done; 2953 } 2954 break; 2955 } 2956 2957 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2958 if (sav == NULL) { 2959 *errp = ENOBUFS; 2960 goto done; 2961 } 2962 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC, 2963 M_NOWAIT | M_ZERO); 2964 if (sav->lock == NULL) { 2965 *errp = ENOBUFS; 2966 goto done; 2967 } 2968 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2969 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2970 if (sav->lft_c == NULL) { 2971 *errp = ENOBUFS; 2972 goto done; 2973 } 2974 2975 sav->spi = spi; 2976 sav->seq = mhp->msg->sadb_msg_seq; 2977 sav->state = SADB_SASTATE_LARVAL; 2978 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2979 SAV_INITREF(sav); 2980 again: 2981 sah = key_getsah(saidx); 2982 if (sah == NULL) { 2983 /* create a new SA index */ 2984 sah = key_newsah(saidx); 2985 if (sah == NULL) { 2986 ipseclog((LOG_DEBUG, 2987 "%s: No more memory.\n", __func__)); 2988 *errp = ENOBUFS; 2989 goto done; 2990 } 2991 isnew = 1; 2992 } else 2993 isnew = 0; 2994 2995 sav->sah = sah; 2996 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 2997 sav->created = time_second; 2998 } else if (sav->state == SADB_SASTATE_LARVAL) { 2999 /* 3000 * Do not call key_setsaval() second time in case 3001 * of `goto again`. We will have MATURE state. 3002 */ 3003 *errp = key_setsaval(sav, mhp); 3004 if (*errp != 0) 3005 goto done; 3006 sav->state = SADB_SASTATE_MATURE; 3007 } 3008 3009 SAHTREE_WLOCK(); 3010 /* 3011 * Check that existing SAH wasn't unlinked. 3012 * Since we didn't hold the SAHTREE lock, it is possible, 3013 * that callout handler or key_flush() or key_delete() could 3014 * unlink this SAH. 3015 */ 3016 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3017 SAHTREE_WUNLOCK(); 3018 key_freesah(&sah); /* reference from key_getsah() */ 3019 goto again; 3020 } 3021 if (isnew != 0) { 3022 /* 3023 * Add new SAH into SADB. 3024 * 3025 * XXXAE: we can serialize key_add and key_getspi calls, so 3026 * several threads will not fight in the race. 3027 * Otherwise we should check under SAHTREE lock, that this 3028 * SAH would not added twice. 3029 */ 3030 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3031 /* Add new SAH into hash by addresses */ 3032 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3033 /* Now we are linked in the chain */ 3034 sah->state = SADB_SASTATE_MATURE; 3035 /* 3036 * SAV references this new SAH. 3037 * In case of existing SAH we reuse reference 3038 * from key_getsah(). 3039 */ 3040 SAH_ADDREF(sah); 3041 } 3042 /* Link SAV with SAH */ 3043 if (sav->state == SADB_SASTATE_MATURE) 3044 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3045 else 3046 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3047 /* Add SAV into SPI hash */ 3048 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3049 SAHTREE_WUNLOCK(); 3050 *errp = 0; /* success */ 3051 done: 3052 if (*errp != 0) { 3053 if (sav != NULL) { 3054 if (sav->lock != NULL) { 3055 mtx_destroy(sav->lock); 3056 free(sav->lock, M_IPSEC_MISC); 3057 } 3058 if (sav->lft_c != NULL) 3059 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3060 free(sav, M_IPSEC_SA), sav = NULL; 3061 } 3062 if (sah != NULL) 3063 key_freesah(&sah); 3064 if (*errp == ENOBUFS) { 3065 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3066 __func__)); 3067 PFKEYSTAT_INC(in_nomem); 3068 } 3069 } 3070 return (sav); 3071 } 3072 3073 /* 3074 * free() SA variable entry. 3075 */ 3076 static void 3077 key_cleansav(struct secasvar *sav) 3078 { 3079 3080 if (sav->natt != NULL) { 3081 free(sav->natt, M_IPSEC_MISC); 3082 sav->natt = NULL; 3083 } 3084 if (sav->flags & SADB_X_EXT_F_CLONED) 3085 return; 3086 if (sav->tdb_xform != NULL) { 3087 sav->tdb_xform->xf_cleanup(sav); 3088 sav->tdb_xform = NULL; 3089 } 3090 if (sav->key_auth != NULL) { 3091 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3092 free(sav->key_auth, M_IPSEC_MISC); 3093 sav->key_auth = NULL; 3094 } 3095 if (sav->key_enc != NULL) { 3096 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3097 free(sav->key_enc, M_IPSEC_MISC); 3098 sav->key_enc = NULL; 3099 } 3100 if (sav->replay != NULL) { 3101 if (sav->replay->bitmap != NULL) 3102 free(sav->replay->bitmap, M_IPSEC_MISC); 3103 free(sav->replay, M_IPSEC_MISC); 3104 sav->replay = NULL; 3105 } 3106 if (sav->lft_h != NULL) { 3107 free(sav->lft_h, M_IPSEC_MISC); 3108 sav->lft_h = NULL; 3109 } 3110 if (sav->lft_s != NULL) { 3111 free(sav->lft_s, M_IPSEC_MISC); 3112 sav->lft_s = NULL; 3113 } 3114 } 3115 3116 /* 3117 * free() SA variable entry. 3118 */ 3119 static void 3120 key_delsav(struct secasvar *sav) 3121 { 3122 IPSEC_ASSERT(sav != NULL, ("null sav")); 3123 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3124 ("attempt to free non DEAD SA %p", sav)); 3125 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3126 sav->refcnt)); 3127 3128 /* 3129 * SA must be unlinked from the chain and hashtbl. 3130 * If SA was cloned, we leave all fields untouched, 3131 * except NAT-T config. 3132 */ 3133 key_cleansav(sav); 3134 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3135 mtx_destroy(sav->lock); 3136 free(sav->lock, M_IPSEC_MISC); 3137 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3138 } 3139 free(sav, M_IPSEC_SA); 3140 } 3141 3142 /* 3143 * search SAH. 3144 * OUT: 3145 * NULL : not found 3146 * others : found, referenced pointer to a SAH. 3147 */ 3148 static struct secashead * 3149 key_getsah(struct secasindex *saidx) 3150 { 3151 SAHTREE_RLOCK_TRACKER; 3152 struct secashead *sah; 3153 3154 SAHTREE_RLOCK(); 3155 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3156 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3157 SAH_ADDREF(sah); 3158 break; 3159 } 3160 } 3161 SAHTREE_RUNLOCK(); 3162 return (sah); 3163 } 3164 3165 /* 3166 * Check not to be duplicated SPI. 3167 * OUT: 3168 * 0 : not found 3169 * 1 : found SA with given SPI. 3170 */ 3171 static int 3172 key_checkspidup(uint32_t spi) 3173 { 3174 SAHTREE_RLOCK_TRACKER; 3175 struct secasvar *sav; 3176 3177 /* Assume SPI is in network byte order */ 3178 SAHTREE_RLOCK(); 3179 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3180 if (sav->spi == spi) 3181 break; 3182 } 3183 SAHTREE_RUNLOCK(); 3184 return (sav != NULL); 3185 } 3186 3187 /* 3188 * Search SA by SPI. 3189 * OUT: 3190 * NULL : not found 3191 * others : found, referenced pointer to a SA. 3192 */ 3193 static struct secasvar * 3194 key_getsavbyspi(uint32_t spi) 3195 { 3196 SAHTREE_RLOCK_TRACKER; 3197 struct secasvar *sav; 3198 3199 /* Assume SPI is in network byte order */ 3200 SAHTREE_RLOCK(); 3201 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3202 if (sav->spi != spi) 3203 continue; 3204 SAV_ADDREF(sav); 3205 break; 3206 } 3207 SAHTREE_RUNLOCK(); 3208 return (sav); 3209 } 3210 3211 static int 3212 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3213 { 3214 struct seclifetime *lft_h, *lft_s, *tmp; 3215 3216 /* Lifetime extension is optional, check that it is present. */ 3217 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3218 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3219 /* 3220 * In case of SADB_UPDATE we may need to change 3221 * existing lifetimes. 3222 */ 3223 if (sav->state == SADB_SASTATE_MATURE) { 3224 lft_h = lft_s = NULL; 3225 goto reset; 3226 } 3227 return (0); 3228 } 3229 /* Both HARD and SOFT extensions must present */ 3230 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3231 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3232 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3233 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3234 ipseclog((LOG_DEBUG, 3235 "%s: invalid message: missing required header.\n", 3236 __func__)); 3237 return (EINVAL); 3238 } 3239 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3240 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3241 ipseclog((LOG_DEBUG, 3242 "%s: invalid message: wrong header size.\n", __func__)); 3243 return (EINVAL); 3244 } 3245 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3246 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3247 if (lft_h == NULL) { 3248 PFKEYSTAT_INC(in_nomem); 3249 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3250 return (ENOBUFS); 3251 } 3252 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3253 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3254 if (lft_s == NULL) { 3255 PFKEYSTAT_INC(in_nomem); 3256 free(lft_h, M_IPSEC_MISC); 3257 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3258 return (ENOBUFS); 3259 } 3260 reset: 3261 if (sav->state != SADB_SASTATE_LARVAL) { 3262 /* 3263 * key_update() holds reference to this SA, 3264 * so it won't be deleted in meanwhile. 3265 */ 3266 SECASVAR_LOCK(sav); 3267 tmp = sav->lft_h; 3268 sav->lft_h = lft_h; 3269 lft_h = tmp; 3270 3271 tmp = sav->lft_s; 3272 sav->lft_s = lft_s; 3273 lft_s = tmp; 3274 SECASVAR_UNLOCK(sav); 3275 if (lft_h != NULL) 3276 free(lft_h, M_IPSEC_MISC); 3277 if (lft_s != NULL) 3278 free(lft_s, M_IPSEC_MISC); 3279 return (0); 3280 } 3281 /* We can update lifetime without holding a lock */ 3282 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3283 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3284 sav->lft_h = lft_h; 3285 sav->lft_s = lft_s; 3286 return (0); 3287 } 3288 3289 /* 3290 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3291 * You must update these if need. Expects only LARVAL SAs. 3292 * OUT: 0: success. 3293 * !0: failure. 3294 */ 3295 static int 3296 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3297 { 3298 const struct sadb_sa *sa0; 3299 const struct sadb_key *key0; 3300 uint32_t replay; 3301 size_t len; 3302 int error; 3303 3304 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3305 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3306 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3307 ("Attempt to update non LARVAL SA")); 3308 3309 /* XXX rewrite */ 3310 error = key_setident(sav->sah, mhp); 3311 if (error != 0) 3312 goto fail; 3313 3314 /* SA */ 3315 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3316 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3317 error = EINVAL; 3318 goto fail; 3319 } 3320 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3321 sav->alg_auth = sa0->sadb_sa_auth; 3322 sav->alg_enc = sa0->sadb_sa_encrypt; 3323 sav->flags = sa0->sadb_sa_flags; 3324 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3325 ipseclog((LOG_DEBUG, 3326 "%s: invalid sa_flags 0x%08x.\n", __func__, 3327 sav->flags)); 3328 error = EINVAL; 3329 goto fail; 3330 } 3331 3332 /* Optional replay window */ 3333 replay = 0; 3334 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3335 replay = sa0->sadb_sa_replay; 3336 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3337 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3338 error = EINVAL; 3339 goto fail; 3340 } 3341 replay = ((const struct sadb_x_sa_replay *) 3342 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3343 3344 if (replay > UINT32_MAX - 32) { 3345 ipseclog((LOG_DEBUG, 3346 "%s: replay window too big.\n", __func__)); 3347 error = EINVAL; 3348 goto fail; 3349 } 3350 3351 replay = (replay + 7) >> 3; 3352 } 3353 3354 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3355 M_NOWAIT | M_ZERO); 3356 if (sav->replay == NULL) { 3357 PFKEYSTAT_INC(in_nomem); 3358 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3359 __func__)); 3360 error = ENOBUFS; 3361 goto fail; 3362 } 3363 3364 if (replay != 0) { 3365 /* number of 32b blocks to be allocated */ 3366 uint32_t bitmap_size; 3367 3368 /* RFC 6479: 3369 * - the allocated replay window size must be 3370 * a power of two. 3371 * - use an extra 32b block as a redundant window. 3372 */ 3373 bitmap_size = 1; 3374 while (replay + 4 > bitmap_size) 3375 bitmap_size <<= 1; 3376 bitmap_size = bitmap_size / 4; 3377 3378 sav->replay->bitmap = malloc( 3379 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3380 M_NOWAIT | M_ZERO); 3381 if (sav->replay->bitmap == NULL) { 3382 PFKEYSTAT_INC(in_nomem); 3383 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3384 __func__)); 3385 error = ENOBUFS; 3386 goto fail; 3387 } 3388 sav->replay->bitmap_size = bitmap_size; 3389 sav->replay->wsize = replay; 3390 } 3391 } 3392 3393 /* Authentication keys */ 3394 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3395 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3396 error = EINVAL; 3397 goto fail; 3398 } 3399 error = 0; 3400 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3401 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3402 switch (mhp->msg->sadb_msg_satype) { 3403 case SADB_SATYPE_AH: 3404 case SADB_SATYPE_ESP: 3405 case SADB_X_SATYPE_TCPSIGNATURE: 3406 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3407 sav->alg_auth != SADB_X_AALG_NULL) 3408 error = EINVAL; 3409 break; 3410 case SADB_X_SATYPE_IPCOMP: 3411 default: 3412 error = EINVAL; 3413 break; 3414 } 3415 if (error) { 3416 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3417 __func__)); 3418 goto fail; 3419 } 3420 3421 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3422 if (sav->key_auth == NULL ) { 3423 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3424 __func__)); 3425 PFKEYSTAT_INC(in_nomem); 3426 error = ENOBUFS; 3427 goto fail; 3428 } 3429 } 3430 3431 /* Encryption key */ 3432 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3433 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3434 error = EINVAL; 3435 goto fail; 3436 } 3437 error = 0; 3438 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3439 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3440 switch (mhp->msg->sadb_msg_satype) { 3441 case SADB_SATYPE_ESP: 3442 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3443 sav->alg_enc != SADB_EALG_NULL) { 3444 error = EINVAL; 3445 break; 3446 } 3447 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3448 if (sav->key_enc == NULL) { 3449 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3450 __func__)); 3451 PFKEYSTAT_INC(in_nomem); 3452 error = ENOBUFS; 3453 goto fail; 3454 } 3455 break; 3456 case SADB_X_SATYPE_IPCOMP: 3457 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3458 error = EINVAL; 3459 sav->key_enc = NULL; /*just in case*/ 3460 break; 3461 case SADB_SATYPE_AH: 3462 case SADB_X_SATYPE_TCPSIGNATURE: 3463 default: 3464 error = EINVAL; 3465 break; 3466 } 3467 if (error) { 3468 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3469 __func__)); 3470 goto fail; 3471 } 3472 } 3473 3474 /* set iv */ 3475 sav->ivlen = 0; 3476 switch (mhp->msg->sadb_msg_satype) { 3477 case SADB_SATYPE_AH: 3478 if (sav->flags & SADB_X_EXT_DERIV) { 3479 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3480 "given to AH SA.\n", __func__)); 3481 error = EINVAL; 3482 goto fail; 3483 } 3484 if (sav->alg_enc != SADB_EALG_NONE) { 3485 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3486 "mismated.\n", __func__)); 3487 error = EINVAL; 3488 goto fail; 3489 } 3490 error = xform_init(sav, XF_AH); 3491 break; 3492 case SADB_SATYPE_ESP: 3493 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3494 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3495 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3496 "given to old-esp.\n", __func__)); 3497 error = EINVAL; 3498 goto fail; 3499 } 3500 error = xform_init(sav, XF_ESP); 3501 break; 3502 case SADB_X_SATYPE_IPCOMP: 3503 if (sav->alg_auth != SADB_AALG_NONE) { 3504 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3505 "mismated.\n", __func__)); 3506 error = EINVAL; 3507 goto fail; 3508 } 3509 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3510 ntohl(sav->spi) >= 0x10000) { 3511 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3512 __func__)); 3513 error = EINVAL; 3514 goto fail; 3515 } 3516 error = xform_init(sav, XF_IPCOMP); 3517 break; 3518 case SADB_X_SATYPE_TCPSIGNATURE: 3519 if (sav->alg_enc != SADB_EALG_NONE) { 3520 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3521 "mismated.\n", __func__)); 3522 error = EINVAL; 3523 goto fail; 3524 } 3525 error = xform_init(sav, XF_TCPSIGNATURE); 3526 break; 3527 default: 3528 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3529 error = EPROTONOSUPPORT; 3530 goto fail; 3531 } 3532 if (error) { 3533 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3534 __func__, mhp->msg->sadb_msg_satype)); 3535 goto fail; 3536 } 3537 3538 /* Handle NAT-T headers */ 3539 error = key_setnatt(sav, mhp); 3540 if (error != 0) 3541 goto fail; 3542 3543 /* Initialize lifetime for CURRENT */ 3544 sav->firstused = 0; 3545 sav->created = time_second; 3546 3547 /* lifetimes for HARD and SOFT */ 3548 error = key_updatelifetimes(sav, mhp); 3549 if (error == 0) 3550 return (0); 3551 fail: 3552 key_cleansav(sav); 3553 return (error); 3554 } 3555 3556 /* 3557 * subroutine for SADB_GET and SADB_DUMP. 3558 */ 3559 static struct mbuf * 3560 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3561 uint32_t seq, uint32_t pid) 3562 { 3563 struct seclifetime lft_c; 3564 struct mbuf *result = NULL, *tres = NULL, *m; 3565 int i, dumporder[] = { 3566 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3567 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3568 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3569 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3570 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3571 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3572 SADB_EXT_SENSITIVITY, 3573 SADB_X_EXT_NAT_T_TYPE, 3574 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3575 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3576 SADB_X_EXT_NAT_T_FRAG, 3577 }; 3578 uint32_t replay_count; 3579 3580 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3581 if (m == NULL) 3582 goto fail; 3583 result = m; 3584 3585 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3586 m = NULL; 3587 switch (dumporder[i]) { 3588 case SADB_EXT_SA: 3589 m = key_setsadbsa(sav); 3590 if (!m) 3591 goto fail; 3592 break; 3593 3594 case SADB_X_EXT_SA2: 3595 SECASVAR_LOCK(sav); 3596 replay_count = sav->replay ? sav->replay->count : 0; 3597 SECASVAR_UNLOCK(sav); 3598 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3599 sav->sah->saidx.reqid); 3600 if (!m) 3601 goto fail; 3602 break; 3603 3604 case SADB_X_EXT_SA_REPLAY: 3605 if (sav->replay == NULL || 3606 sav->replay->wsize <= UINT8_MAX) 3607 continue; 3608 3609 m = key_setsadbxsareplay(sav->replay->wsize); 3610 if (!m) 3611 goto fail; 3612 break; 3613 3614 case SADB_EXT_ADDRESS_SRC: 3615 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3616 &sav->sah->saidx.src.sa, 3617 FULLMASK, IPSEC_ULPROTO_ANY); 3618 if (!m) 3619 goto fail; 3620 break; 3621 3622 case SADB_EXT_ADDRESS_DST: 3623 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3624 &sav->sah->saidx.dst.sa, 3625 FULLMASK, IPSEC_ULPROTO_ANY); 3626 if (!m) 3627 goto fail; 3628 break; 3629 3630 case SADB_EXT_KEY_AUTH: 3631 if (!sav->key_auth) 3632 continue; 3633 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3634 if (!m) 3635 goto fail; 3636 break; 3637 3638 case SADB_EXT_KEY_ENCRYPT: 3639 if (!sav->key_enc) 3640 continue; 3641 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3642 if (!m) 3643 goto fail; 3644 break; 3645 3646 case SADB_EXT_LIFETIME_CURRENT: 3647 lft_c.addtime = sav->created; 3648 lft_c.allocations = (uint32_t)counter_u64_fetch( 3649 sav->lft_c_allocations); 3650 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3651 lft_c.usetime = sav->firstused; 3652 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3653 if (!m) 3654 goto fail; 3655 break; 3656 3657 case SADB_EXT_LIFETIME_HARD: 3658 if (!sav->lft_h) 3659 continue; 3660 m = key_setlifetime(sav->lft_h, 3661 SADB_EXT_LIFETIME_HARD); 3662 if (!m) 3663 goto fail; 3664 break; 3665 3666 case SADB_EXT_LIFETIME_SOFT: 3667 if (!sav->lft_s) 3668 continue; 3669 m = key_setlifetime(sav->lft_s, 3670 SADB_EXT_LIFETIME_SOFT); 3671 3672 if (!m) 3673 goto fail; 3674 break; 3675 3676 case SADB_X_EXT_NAT_T_TYPE: 3677 if (sav->natt == NULL) 3678 continue; 3679 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3680 if (!m) 3681 goto fail; 3682 break; 3683 3684 case SADB_X_EXT_NAT_T_DPORT: 3685 if (sav->natt == NULL) 3686 continue; 3687 m = key_setsadbxport(sav->natt->dport, 3688 SADB_X_EXT_NAT_T_DPORT); 3689 if (!m) 3690 goto fail; 3691 break; 3692 3693 case SADB_X_EXT_NAT_T_SPORT: 3694 if (sav->natt == NULL) 3695 continue; 3696 m = key_setsadbxport(sav->natt->sport, 3697 SADB_X_EXT_NAT_T_SPORT); 3698 if (!m) 3699 goto fail; 3700 break; 3701 3702 case SADB_X_EXT_NAT_T_OAI: 3703 if (sav->natt == NULL || 3704 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3705 continue; 3706 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3707 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3708 if (!m) 3709 goto fail; 3710 break; 3711 case SADB_X_EXT_NAT_T_OAR: 3712 if (sav->natt == NULL || 3713 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3714 continue; 3715 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3716 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3717 if (!m) 3718 goto fail; 3719 break; 3720 case SADB_X_EXT_NAT_T_FRAG: 3721 /* We do not (yet) support those. */ 3722 continue; 3723 3724 case SADB_EXT_ADDRESS_PROXY: 3725 case SADB_EXT_IDENTITY_SRC: 3726 case SADB_EXT_IDENTITY_DST: 3727 /* XXX: should we brought from SPD ? */ 3728 case SADB_EXT_SENSITIVITY: 3729 default: 3730 continue; 3731 } 3732 3733 if (!m) 3734 goto fail; 3735 if (tres) 3736 m_cat(m, tres); 3737 tres = m; 3738 } 3739 3740 m_cat(result, tres); 3741 tres = NULL; 3742 if (result->m_len < sizeof(struct sadb_msg)) { 3743 result = m_pullup(result, sizeof(struct sadb_msg)); 3744 if (result == NULL) 3745 goto fail; 3746 } 3747 3748 result->m_pkthdr.len = 0; 3749 for (m = result; m; m = m->m_next) 3750 result->m_pkthdr.len += m->m_len; 3751 3752 mtod(result, struct sadb_msg *)->sadb_msg_len = 3753 PFKEY_UNIT64(result->m_pkthdr.len); 3754 3755 return result; 3756 3757 fail: 3758 m_freem(result); 3759 m_freem(tres); 3760 return NULL; 3761 } 3762 3763 /* 3764 * set data into sadb_msg. 3765 */ 3766 static struct mbuf * 3767 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3768 pid_t pid, u_int16_t reserved) 3769 { 3770 struct mbuf *m; 3771 struct sadb_msg *p; 3772 int len; 3773 3774 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3775 if (len > MCLBYTES) 3776 return NULL; 3777 MGETHDR(m, M_NOWAIT, MT_DATA); 3778 if (m && len > MHLEN) { 3779 if (!(MCLGET(m, M_NOWAIT))) { 3780 m_freem(m); 3781 m = NULL; 3782 } 3783 } 3784 if (!m) 3785 return NULL; 3786 m->m_pkthdr.len = m->m_len = len; 3787 m->m_next = NULL; 3788 3789 p = mtod(m, struct sadb_msg *); 3790 3791 bzero(p, len); 3792 p->sadb_msg_version = PF_KEY_V2; 3793 p->sadb_msg_type = type; 3794 p->sadb_msg_errno = 0; 3795 p->sadb_msg_satype = satype; 3796 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3797 p->sadb_msg_reserved = reserved; 3798 p->sadb_msg_seq = seq; 3799 p->sadb_msg_pid = (u_int32_t)pid; 3800 3801 return m; 3802 } 3803 3804 /* 3805 * copy secasvar data into sadb_address. 3806 */ 3807 static struct mbuf * 3808 key_setsadbsa(struct secasvar *sav) 3809 { 3810 struct mbuf *m; 3811 struct sadb_sa *p; 3812 int len; 3813 3814 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3815 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3816 if (m == NULL) 3817 return (NULL); 3818 m_align(m, len); 3819 m->m_len = len; 3820 p = mtod(m, struct sadb_sa *); 3821 bzero(p, len); 3822 p->sadb_sa_len = PFKEY_UNIT64(len); 3823 p->sadb_sa_exttype = SADB_EXT_SA; 3824 p->sadb_sa_spi = sav->spi; 3825 p->sadb_sa_replay = sav->replay ? 3826 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3827 sav->replay->wsize): 0; 3828 p->sadb_sa_state = sav->state; 3829 p->sadb_sa_auth = sav->alg_auth; 3830 p->sadb_sa_encrypt = sav->alg_enc; 3831 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3832 return (m); 3833 } 3834 3835 /* 3836 * set data into sadb_address. 3837 */ 3838 static struct mbuf * 3839 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3840 u_int8_t prefixlen, u_int16_t ul_proto) 3841 { 3842 struct mbuf *m; 3843 struct sadb_address *p; 3844 size_t len; 3845 3846 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3847 PFKEY_ALIGN8(saddr->sa_len); 3848 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3849 if (m == NULL) 3850 return (NULL); 3851 m_align(m, len); 3852 m->m_len = len; 3853 p = mtod(m, struct sadb_address *); 3854 3855 bzero(p, len); 3856 p->sadb_address_len = PFKEY_UNIT64(len); 3857 p->sadb_address_exttype = exttype; 3858 p->sadb_address_proto = ul_proto; 3859 if (prefixlen == FULLMASK) { 3860 switch (saddr->sa_family) { 3861 case AF_INET: 3862 prefixlen = sizeof(struct in_addr) << 3; 3863 break; 3864 case AF_INET6: 3865 prefixlen = sizeof(struct in6_addr) << 3; 3866 break; 3867 default: 3868 ; /*XXX*/ 3869 } 3870 } 3871 p->sadb_address_prefixlen = prefixlen; 3872 p->sadb_address_reserved = 0; 3873 3874 bcopy(saddr, 3875 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3876 saddr->sa_len); 3877 3878 return m; 3879 } 3880 3881 /* 3882 * set data into sadb_x_sa2. 3883 */ 3884 static struct mbuf * 3885 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3886 { 3887 struct mbuf *m; 3888 struct sadb_x_sa2 *p; 3889 size_t len; 3890 3891 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3892 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3893 if (m == NULL) 3894 return (NULL); 3895 m_align(m, len); 3896 m->m_len = len; 3897 p = mtod(m, struct sadb_x_sa2 *); 3898 3899 bzero(p, len); 3900 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3901 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3902 p->sadb_x_sa2_mode = mode; 3903 p->sadb_x_sa2_reserved1 = 0; 3904 p->sadb_x_sa2_reserved2 = 0; 3905 p->sadb_x_sa2_sequence = seq; 3906 p->sadb_x_sa2_reqid = reqid; 3907 3908 return m; 3909 } 3910 3911 /* 3912 * Set data into sadb_x_sa_replay. 3913 */ 3914 static struct mbuf * 3915 key_setsadbxsareplay(u_int32_t replay) 3916 { 3917 struct mbuf *m; 3918 struct sadb_x_sa_replay *p; 3919 size_t len; 3920 3921 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3922 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3923 if (m == NULL) 3924 return (NULL); 3925 m_align(m, len); 3926 m->m_len = len; 3927 p = mtod(m, struct sadb_x_sa_replay *); 3928 3929 bzero(p, len); 3930 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3931 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3932 p->sadb_x_sa_replay_replay = (replay << 3); 3933 3934 return m; 3935 } 3936 3937 /* 3938 * Set a type in sadb_x_nat_t_type. 3939 */ 3940 static struct mbuf * 3941 key_setsadbxtype(u_int16_t type) 3942 { 3943 struct mbuf *m; 3944 size_t len; 3945 struct sadb_x_nat_t_type *p; 3946 3947 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3948 3949 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3950 if (m == NULL) 3951 return (NULL); 3952 m_align(m, len); 3953 m->m_len = len; 3954 p = mtod(m, struct sadb_x_nat_t_type *); 3955 3956 bzero(p, len); 3957 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3958 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3959 p->sadb_x_nat_t_type_type = type; 3960 3961 return (m); 3962 } 3963 /* 3964 * Set a port in sadb_x_nat_t_port. 3965 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3966 */ 3967 static struct mbuf * 3968 key_setsadbxport(u_int16_t port, u_int16_t type) 3969 { 3970 struct mbuf *m; 3971 size_t len; 3972 struct sadb_x_nat_t_port *p; 3973 3974 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3975 3976 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3977 if (m == NULL) 3978 return (NULL); 3979 m_align(m, len); 3980 m->m_len = len; 3981 p = mtod(m, struct sadb_x_nat_t_port *); 3982 3983 bzero(p, len); 3984 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3985 p->sadb_x_nat_t_port_exttype = type; 3986 p->sadb_x_nat_t_port_port = port; 3987 3988 return (m); 3989 } 3990 3991 /* 3992 * Get port from sockaddr. Port is in network byte order. 3993 */ 3994 uint16_t 3995 key_portfromsaddr(struct sockaddr *sa) 3996 { 3997 3998 switch (sa->sa_family) { 3999 #ifdef INET 4000 case AF_INET: 4001 return ((struct sockaddr_in *)sa)->sin_port; 4002 #endif 4003 #ifdef INET6 4004 case AF_INET6: 4005 return ((struct sockaddr_in6 *)sa)->sin6_port; 4006 #endif 4007 } 4008 return (0); 4009 } 4010 4011 /* 4012 * Set port in struct sockaddr. Port is in network byte order. 4013 */ 4014 void 4015 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4016 { 4017 4018 switch (sa->sa_family) { 4019 #ifdef INET 4020 case AF_INET: 4021 ((struct sockaddr_in *)sa)->sin_port = port; 4022 break; 4023 #endif 4024 #ifdef INET6 4025 case AF_INET6: 4026 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4027 break; 4028 #endif 4029 default: 4030 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4031 __func__, sa->sa_family)); 4032 break; 4033 } 4034 } 4035 4036 /* 4037 * set data into sadb_x_policy 4038 */ 4039 static struct mbuf * 4040 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4041 { 4042 struct mbuf *m; 4043 struct sadb_x_policy *p; 4044 size_t len; 4045 4046 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4047 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4048 if (m == NULL) 4049 return (NULL); 4050 m_align(m, len); 4051 m->m_len = len; 4052 p = mtod(m, struct sadb_x_policy *); 4053 4054 bzero(p, len); 4055 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4056 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4057 p->sadb_x_policy_type = type; 4058 p->sadb_x_policy_dir = dir; 4059 p->sadb_x_policy_id = id; 4060 p->sadb_x_policy_priority = priority; 4061 4062 return m; 4063 } 4064 4065 /* %%% utilities */ 4066 /* Take a key message (sadb_key) from the socket and turn it into one 4067 * of the kernel's key structures (seckey). 4068 * 4069 * IN: pointer to the src 4070 * OUT: NULL no more memory 4071 */ 4072 struct seckey * 4073 key_dup_keymsg(const struct sadb_key *src, size_t len, 4074 struct malloc_type *type) 4075 { 4076 struct seckey *dst; 4077 4078 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4079 if (dst != NULL) { 4080 dst->bits = src->sadb_key_bits; 4081 dst->key_data = malloc(len, type, M_NOWAIT); 4082 if (dst->key_data != NULL) { 4083 bcopy((const char *)(src + 1), dst->key_data, len); 4084 } else { 4085 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4086 __func__)); 4087 free(dst, type); 4088 dst = NULL; 4089 } 4090 } else { 4091 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4092 __func__)); 4093 } 4094 return (dst); 4095 } 4096 4097 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4098 * turn it into one of the kernel's lifetime structures (seclifetime). 4099 * 4100 * IN: pointer to the destination, source and malloc type 4101 * OUT: NULL, no more memory 4102 */ 4103 4104 static struct seclifetime * 4105 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4106 { 4107 struct seclifetime *dst; 4108 4109 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4110 if (dst == NULL) { 4111 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4112 return (NULL); 4113 } 4114 dst->allocations = src->sadb_lifetime_allocations; 4115 dst->bytes = src->sadb_lifetime_bytes; 4116 dst->addtime = src->sadb_lifetime_addtime; 4117 dst->usetime = src->sadb_lifetime_usetime; 4118 return (dst); 4119 } 4120 4121 /* 4122 * compare two secasindex structure. 4123 * flag can specify to compare 2 saidxes. 4124 * compare two secasindex structure without both mode and reqid. 4125 * don't compare port. 4126 * IN: 4127 * saidx0: source, it can be in SAD. 4128 * saidx1: object. 4129 * OUT: 4130 * 1 : equal 4131 * 0 : not equal 4132 */ 4133 static int 4134 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4135 int flag) 4136 { 4137 4138 /* sanity */ 4139 if (saidx0 == NULL && saidx1 == NULL) 4140 return 1; 4141 4142 if (saidx0 == NULL || saidx1 == NULL) 4143 return 0; 4144 4145 if (saidx0->proto != saidx1->proto) 4146 return 0; 4147 4148 if (flag == CMP_EXACTLY) { 4149 if (saidx0->mode != saidx1->mode) 4150 return 0; 4151 if (saidx0->reqid != saidx1->reqid) 4152 return 0; 4153 if (bcmp(&saidx0->src, &saidx1->src, 4154 saidx0->src.sa.sa_len) != 0 || 4155 bcmp(&saidx0->dst, &saidx1->dst, 4156 saidx0->dst.sa.sa_len) != 0) 4157 return 0; 4158 } else { 4159 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4160 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4161 /* 4162 * If reqid of SPD is non-zero, unique SA is required. 4163 * The result must be of same reqid in this case. 4164 */ 4165 if (saidx1->reqid != 0 && 4166 saidx0->reqid != saidx1->reqid) 4167 return 0; 4168 } 4169 4170 if (flag == CMP_MODE_REQID) { 4171 if (saidx0->mode != IPSEC_MODE_ANY 4172 && saidx0->mode != saidx1->mode) 4173 return 0; 4174 } 4175 4176 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4177 return 0; 4178 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4179 return 0; 4180 } 4181 4182 return 1; 4183 } 4184 4185 /* 4186 * compare two secindex structure exactly. 4187 * IN: 4188 * spidx0: source, it is often in SPD. 4189 * spidx1: object, it is often from PFKEY message. 4190 * OUT: 4191 * 1 : equal 4192 * 0 : not equal 4193 */ 4194 static int 4195 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4196 struct secpolicyindex *spidx1) 4197 { 4198 /* sanity */ 4199 if (spidx0 == NULL && spidx1 == NULL) 4200 return 1; 4201 4202 if (spidx0 == NULL || spidx1 == NULL) 4203 return 0; 4204 4205 if (spidx0->prefs != spidx1->prefs 4206 || spidx0->prefd != spidx1->prefd 4207 || spidx0->ul_proto != spidx1->ul_proto 4208 || spidx0->dir != spidx1->dir) 4209 return 0; 4210 4211 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4212 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4213 } 4214 4215 /* 4216 * compare two secindex structure with mask. 4217 * IN: 4218 * spidx0: source, it is often in SPD. 4219 * spidx1: object, it is often from IP header. 4220 * OUT: 4221 * 1 : equal 4222 * 0 : not equal 4223 */ 4224 static int 4225 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4226 struct secpolicyindex *spidx1) 4227 { 4228 /* sanity */ 4229 if (spidx0 == NULL && spidx1 == NULL) 4230 return 1; 4231 4232 if (spidx0 == NULL || spidx1 == NULL) 4233 return 0; 4234 4235 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4236 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4237 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4238 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4239 return 0; 4240 4241 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4242 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4243 && spidx0->ul_proto != spidx1->ul_proto) 4244 return 0; 4245 4246 switch (spidx0->src.sa.sa_family) { 4247 case AF_INET: 4248 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4249 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4250 return 0; 4251 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4252 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4253 return 0; 4254 break; 4255 case AF_INET6: 4256 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4257 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4258 return 0; 4259 /* 4260 * scope_id check. if sin6_scope_id is 0, we regard it 4261 * as a wildcard scope, which matches any scope zone ID. 4262 */ 4263 if (spidx0->src.sin6.sin6_scope_id && 4264 spidx1->src.sin6.sin6_scope_id && 4265 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4266 return 0; 4267 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4268 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4269 return 0; 4270 break; 4271 default: 4272 /* XXX */ 4273 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4274 return 0; 4275 break; 4276 } 4277 4278 switch (spidx0->dst.sa.sa_family) { 4279 case AF_INET: 4280 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4281 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4282 return 0; 4283 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4284 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4285 return 0; 4286 break; 4287 case AF_INET6: 4288 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4289 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4290 return 0; 4291 /* 4292 * scope_id check. if sin6_scope_id is 0, we regard it 4293 * as a wildcard scope, which matches any scope zone ID. 4294 */ 4295 if (spidx0->dst.sin6.sin6_scope_id && 4296 spidx1->dst.sin6.sin6_scope_id && 4297 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4298 return 0; 4299 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4300 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4301 return 0; 4302 break; 4303 default: 4304 /* XXX */ 4305 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4306 return 0; 4307 break; 4308 } 4309 4310 /* XXX Do we check other field ? e.g. flowinfo */ 4311 4312 return 1; 4313 } 4314 4315 #ifdef satosin 4316 #undef satosin 4317 #endif 4318 #define satosin(s) ((const struct sockaddr_in *)s) 4319 #ifdef satosin6 4320 #undef satosin6 4321 #endif 4322 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4323 /* returns 0 on match */ 4324 int 4325 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4326 int port) 4327 { 4328 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4329 return 1; 4330 4331 switch (sa1->sa_family) { 4332 #ifdef INET 4333 case AF_INET: 4334 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4335 return 1; 4336 if (satosin(sa1)->sin_addr.s_addr != 4337 satosin(sa2)->sin_addr.s_addr) { 4338 return 1; 4339 } 4340 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4341 return 1; 4342 break; 4343 #endif 4344 #ifdef INET6 4345 case AF_INET6: 4346 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4347 return 1; /*EINVAL*/ 4348 if (satosin6(sa1)->sin6_scope_id != 4349 satosin6(sa2)->sin6_scope_id) { 4350 return 1; 4351 } 4352 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4353 &satosin6(sa2)->sin6_addr)) { 4354 return 1; 4355 } 4356 if (port && 4357 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4358 return 1; 4359 } 4360 break; 4361 #endif 4362 default: 4363 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4364 return 1; 4365 break; 4366 } 4367 4368 return 0; 4369 } 4370 4371 /* returns 0 on match */ 4372 int 4373 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4374 const struct sockaddr *sa2, size_t mask) 4375 { 4376 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4377 return (1); 4378 4379 switch (sa1->sa_family) { 4380 #ifdef INET 4381 case AF_INET: 4382 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4383 &satosin(sa2)->sin_addr, mask)); 4384 #endif 4385 #ifdef INET6 4386 case AF_INET6: 4387 if (satosin6(sa1)->sin6_scope_id != 4388 satosin6(sa2)->sin6_scope_id) 4389 return (1); 4390 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4391 &satosin6(sa2)->sin6_addr, mask)); 4392 #endif 4393 } 4394 return (1); 4395 } 4396 #undef satosin 4397 #undef satosin6 4398 4399 /* 4400 * compare two buffers with mask. 4401 * IN: 4402 * addr1: source 4403 * addr2: object 4404 * bits: Number of bits to compare 4405 * OUT: 4406 * 1 : equal 4407 * 0 : not equal 4408 */ 4409 static int 4410 key_bbcmp(const void *a1, const void *a2, u_int bits) 4411 { 4412 const unsigned char *p1 = a1; 4413 const unsigned char *p2 = a2; 4414 4415 /* XXX: This could be considerably faster if we compare a word 4416 * at a time, but it is complicated on LSB Endian machines */ 4417 4418 /* Handle null pointers */ 4419 if (p1 == NULL || p2 == NULL) 4420 return (p1 == p2); 4421 4422 while (bits >= 8) { 4423 if (*p1++ != *p2++) 4424 return 0; 4425 bits -= 8; 4426 } 4427 4428 if (bits > 0) { 4429 u_int8_t mask = ~((1<<(8-bits))-1); 4430 if ((*p1 & mask) != (*p2 & mask)) 4431 return 0; 4432 } 4433 return 1; /* Match! */ 4434 } 4435 4436 static void 4437 key_flush_spd(time_t now) 4438 { 4439 SPTREE_RLOCK_TRACKER; 4440 struct secpolicy_list drainq; 4441 struct secpolicy *sp, *nextsp; 4442 u_int dir; 4443 4444 LIST_INIT(&drainq); 4445 SPTREE_RLOCK(); 4446 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4447 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4448 if (sp->lifetime == 0 && sp->validtime == 0) 4449 continue; 4450 if ((sp->lifetime && 4451 now - sp->created > sp->lifetime) || 4452 (sp->validtime && 4453 now - sp->lastused > sp->validtime)) { 4454 /* Hold extra reference to send SPDEXPIRE */ 4455 SP_ADDREF(sp); 4456 LIST_INSERT_HEAD(&drainq, sp, drainq); 4457 } 4458 } 4459 } 4460 SPTREE_RUNLOCK(); 4461 if (LIST_EMPTY(&drainq)) 4462 return; 4463 4464 SPTREE_WLOCK(); 4465 sp = LIST_FIRST(&drainq); 4466 while (sp != NULL) { 4467 nextsp = LIST_NEXT(sp, drainq); 4468 /* Check that SP is still linked */ 4469 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4470 LIST_REMOVE(sp, drainq); 4471 key_freesp(&sp); /* release extra reference */ 4472 sp = nextsp; 4473 continue; 4474 } 4475 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4476 V_spd_size--; 4477 LIST_REMOVE(sp, idhash); 4478 sp->state = IPSEC_SPSTATE_DEAD; 4479 sp = nextsp; 4480 } 4481 V_sp_genid++; 4482 SPTREE_WUNLOCK(); 4483 if (SPDCACHE_ENABLED()) 4484 spdcache_clear(); 4485 4486 sp = LIST_FIRST(&drainq); 4487 while (sp != NULL) { 4488 nextsp = LIST_NEXT(sp, drainq); 4489 key_spdexpire(sp); 4490 key_freesp(&sp); /* release extra reference */ 4491 key_freesp(&sp); /* release last reference */ 4492 sp = nextsp; 4493 } 4494 } 4495 4496 static void 4497 key_flush_sad(time_t now) 4498 { 4499 SAHTREE_RLOCK_TRACKER; 4500 struct secashead_list emptyq; 4501 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4502 struct secashead *sah, *nextsah; 4503 struct secasvar *sav, *nextsav; 4504 4505 LIST_INIT(&drainq); 4506 LIST_INIT(&hexpireq); 4507 LIST_INIT(&sexpireq); 4508 LIST_INIT(&emptyq); 4509 4510 SAHTREE_RLOCK(); 4511 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4512 /* Check for empty SAH */ 4513 if (TAILQ_EMPTY(&sah->savtree_larval) && 4514 TAILQ_EMPTY(&sah->savtree_alive)) { 4515 SAH_ADDREF(sah); 4516 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4517 continue; 4518 } 4519 /* Add all stale LARVAL SAs into drainq */ 4520 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4521 if (now - sav->created < V_key_larval_lifetime) 4522 continue; 4523 SAV_ADDREF(sav); 4524 LIST_INSERT_HEAD(&drainq, sav, drainq); 4525 } 4526 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4527 /* lifetimes aren't specified */ 4528 if (sav->lft_h == NULL) 4529 continue; 4530 SECASVAR_LOCK(sav); 4531 /* 4532 * Check again with lock held, because it may 4533 * be updated by SADB_UPDATE. 4534 */ 4535 if (sav->lft_h == NULL) { 4536 SECASVAR_UNLOCK(sav); 4537 continue; 4538 } 4539 /* 4540 * RFC 2367: 4541 * HARD lifetimes MUST take precedence over SOFT 4542 * lifetimes, meaning if the HARD and SOFT lifetimes 4543 * are the same, the HARD lifetime will appear on the 4544 * EXPIRE message. 4545 */ 4546 /* check HARD lifetime */ 4547 if ((sav->lft_h->addtime != 0 && 4548 now - sav->created > sav->lft_h->addtime) || 4549 (sav->lft_h->usetime != 0 && sav->firstused && 4550 now - sav->firstused > sav->lft_h->usetime) || 4551 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4552 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4553 SECASVAR_UNLOCK(sav); 4554 SAV_ADDREF(sav); 4555 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4556 continue; 4557 } 4558 /* check SOFT lifetime (only for MATURE SAs) */ 4559 if (sav->state == SADB_SASTATE_MATURE && ( 4560 (sav->lft_s->addtime != 0 && 4561 now - sav->created > sav->lft_s->addtime) || 4562 (sav->lft_s->usetime != 0 && sav->firstused && 4563 now - sav->firstused > sav->lft_s->usetime) || 4564 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4565 sav->lft_c_bytes) > sav->lft_s->bytes) || 4566 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4567 (sav->replay != NULL) && ( 4568 (sav->replay->count > UINT32_80PCT) || 4569 (sav->replay->last > UINT32_80PCT))))) { 4570 SECASVAR_UNLOCK(sav); 4571 SAV_ADDREF(sav); 4572 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4573 continue; 4574 } 4575 SECASVAR_UNLOCK(sav); 4576 } 4577 } 4578 SAHTREE_RUNLOCK(); 4579 4580 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4581 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4582 return; 4583 4584 LIST_INIT(&freeq); 4585 SAHTREE_WLOCK(); 4586 /* Unlink stale LARVAL SAs */ 4587 sav = LIST_FIRST(&drainq); 4588 while (sav != NULL) { 4589 nextsav = LIST_NEXT(sav, drainq); 4590 /* Check that SA is still LARVAL */ 4591 if (sav->state != SADB_SASTATE_LARVAL) { 4592 LIST_REMOVE(sav, drainq); 4593 LIST_INSERT_HEAD(&freeq, sav, drainq); 4594 sav = nextsav; 4595 continue; 4596 } 4597 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4598 LIST_REMOVE(sav, spihash); 4599 sav->state = SADB_SASTATE_DEAD; 4600 sav = nextsav; 4601 } 4602 /* Unlink all SAs with expired HARD lifetime */ 4603 sav = LIST_FIRST(&hexpireq); 4604 while (sav != NULL) { 4605 nextsav = LIST_NEXT(sav, drainq); 4606 /* Check that SA is not unlinked */ 4607 if (sav->state == SADB_SASTATE_DEAD) { 4608 LIST_REMOVE(sav, drainq); 4609 LIST_INSERT_HEAD(&freeq, sav, drainq); 4610 sav = nextsav; 4611 continue; 4612 } 4613 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4614 LIST_REMOVE(sav, spihash); 4615 sav->state = SADB_SASTATE_DEAD; 4616 sav = nextsav; 4617 } 4618 /* Mark all SAs with expired SOFT lifetime as DYING */ 4619 sav = LIST_FIRST(&sexpireq); 4620 while (sav != NULL) { 4621 nextsav = LIST_NEXT(sav, drainq); 4622 /* Check that SA is not unlinked */ 4623 if (sav->state == SADB_SASTATE_DEAD) { 4624 LIST_REMOVE(sav, drainq); 4625 LIST_INSERT_HEAD(&freeq, sav, drainq); 4626 sav = nextsav; 4627 continue; 4628 } 4629 /* 4630 * NOTE: this doesn't change SA order in the chain. 4631 */ 4632 sav->state = SADB_SASTATE_DYING; 4633 sav = nextsav; 4634 } 4635 /* Unlink empty SAHs */ 4636 sah = LIST_FIRST(&emptyq); 4637 while (sah != NULL) { 4638 nextsah = LIST_NEXT(sah, drainq); 4639 /* Check that SAH is still empty and not unlinked */ 4640 if (sah->state == SADB_SASTATE_DEAD || 4641 !TAILQ_EMPTY(&sah->savtree_larval) || 4642 !TAILQ_EMPTY(&sah->savtree_alive)) { 4643 LIST_REMOVE(sah, drainq); 4644 key_freesah(&sah); /* release extra reference */ 4645 sah = nextsah; 4646 continue; 4647 } 4648 TAILQ_REMOVE(&V_sahtree, sah, chain); 4649 LIST_REMOVE(sah, addrhash); 4650 sah->state = SADB_SASTATE_DEAD; 4651 sah = nextsah; 4652 } 4653 SAHTREE_WUNLOCK(); 4654 4655 /* Send SPDEXPIRE messages */ 4656 sav = LIST_FIRST(&hexpireq); 4657 while (sav != NULL) { 4658 nextsav = LIST_NEXT(sav, drainq); 4659 key_expire(sav, 1); 4660 key_freesah(&sav->sah); /* release reference from SAV */ 4661 key_freesav(&sav); /* release extra reference */ 4662 key_freesav(&sav); /* release last reference */ 4663 sav = nextsav; 4664 } 4665 sav = LIST_FIRST(&sexpireq); 4666 while (sav != NULL) { 4667 nextsav = LIST_NEXT(sav, drainq); 4668 key_expire(sav, 0); 4669 key_freesav(&sav); /* release extra reference */ 4670 sav = nextsav; 4671 } 4672 /* Free stale LARVAL SAs */ 4673 sav = LIST_FIRST(&drainq); 4674 while (sav != NULL) { 4675 nextsav = LIST_NEXT(sav, drainq); 4676 key_freesah(&sav->sah); /* release reference from SAV */ 4677 key_freesav(&sav); /* release extra reference */ 4678 key_freesav(&sav); /* release last reference */ 4679 sav = nextsav; 4680 } 4681 /* Free SAs that were unlinked/changed by someone else */ 4682 sav = LIST_FIRST(&freeq); 4683 while (sav != NULL) { 4684 nextsav = LIST_NEXT(sav, drainq); 4685 key_freesav(&sav); /* release extra reference */ 4686 sav = nextsav; 4687 } 4688 /* Free empty SAH */ 4689 sah = LIST_FIRST(&emptyq); 4690 while (sah != NULL) { 4691 nextsah = LIST_NEXT(sah, drainq); 4692 key_freesah(&sah); /* release extra reference */ 4693 key_freesah(&sah); /* release last reference */ 4694 sah = nextsah; 4695 } 4696 } 4697 4698 static void 4699 key_flush_acq(time_t now) 4700 { 4701 struct secacq *acq, *nextacq; 4702 4703 /* ACQ tree */ 4704 ACQ_LOCK(); 4705 acq = LIST_FIRST(&V_acqtree); 4706 while (acq != NULL) { 4707 nextacq = LIST_NEXT(acq, chain); 4708 if (now - acq->created > V_key_blockacq_lifetime) { 4709 LIST_REMOVE(acq, chain); 4710 LIST_REMOVE(acq, addrhash); 4711 LIST_REMOVE(acq, seqhash); 4712 free(acq, M_IPSEC_SAQ); 4713 } 4714 acq = nextacq; 4715 } 4716 ACQ_UNLOCK(); 4717 } 4718 4719 static void 4720 key_flush_spacq(time_t now) 4721 { 4722 struct secspacq *acq, *nextacq; 4723 4724 /* SP ACQ tree */ 4725 SPACQ_LOCK(); 4726 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4727 nextacq = LIST_NEXT(acq, chain); 4728 if (now - acq->created > V_key_blockacq_lifetime 4729 && __LIST_CHAINED(acq)) { 4730 LIST_REMOVE(acq, chain); 4731 free(acq, M_IPSEC_SAQ); 4732 } 4733 } 4734 SPACQ_UNLOCK(); 4735 } 4736 4737 /* 4738 * time handler. 4739 * scanning SPD and SAD to check status for each entries, 4740 * and do to remove or to expire. 4741 * XXX: year 2038 problem may remain. 4742 */ 4743 static void 4744 key_timehandler(void *arg) 4745 { 4746 VNET_ITERATOR_DECL(vnet_iter); 4747 time_t now = time_second; 4748 4749 VNET_LIST_RLOCK_NOSLEEP(); 4750 VNET_FOREACH(vnet_iter) { 4751 CURVNET_SET(vnet_iter); 4752 key_flush_spd(now); 4753 key_flush_sad(now); 4754 key_flush_acq(now); 4755 key_flush_spacq(now); 4756 CURVNET_RESTORE(); 4757 } 4758 VNET_LIST_RUNLOCK_NOSLEEP(); 4759 4760 #ifndef IPSEC_DEBUG2 4761 /* do exchange to tick time !! */ 4762 callout_schedule(&key_timer, hz); 4763 #endif /* IPSEC_DEBUG2 */ 4764 } 4765 4766 u_long 4767 key_random(void) 4768 { 4769 u_long value; 4770 4771 arc4random_buf(&value, sizeof(value)); 4772 return value; 4773 } 4774 4775 /* 4776 * map SADB_SATYPE_* to IPPROTO_*. 4777 * if satype == SADB_SATYPE then satype is mapped to ~0. 4778 * OUT: 4779 * 0: invalid satype. 4780 */ 4781 static uint8_t 4782 key_satype2proto(uint8_t satype) 4783 { 4784 switch (satype) { 4785 case SADB_SATYPE_UNSPEC: 4786 return IPSEC_PROTO_ANY; 4787 case SADB_SATYPE_AH: 4788 return IPPROTO_AH; 4789 case SADB_SATYPE_ESP: 4790 return IPPROTO_ESP; 4791 case SADB_X_SATYPE_IPCOMP: 4792 return IPPROTO_IPCOMP; 4793 case SADB_X_SATYPE_TCPSIGNATURE: 4794 return IPPROTO_TCP; 4795 default: 4796 return 0; 4797 } 4798 /* NOTREACHED */ 4799 } 4800 4801 /* 4802 * map IPPROTO_* to SADB_SATYPE_* 4803 * OUT: 4804 * 0: invalid protocol type. 4805 */ 4806 static uint8_t 4807 key_proto2satype(uint8_t proto) 4808 { 4809 switch (proto) { 4810 case IPPROTO_AH: 4811 return SADB_SATYPE_AH; 4812 case IPPROTO_ESP: 4813 return SADB_SATYPE_ESP; 4814 case IPPROTO_IPCOMP: 4815 return SADB_X_SATYPE_IPCOMP; 4816 case IPPROTO_TCP: 4817 return SADB_X_SATYPE_TCPSIGNATURE; 4818 default: 4819 return 0; 4820 } 4821 /* NOTREACHED */ 4822 } 4823 4824 /* %%% PF_KEY */ 4825 /* 4826 * SADB_GETSPI processing is to receive 4827 * <base, (SA2), src address, dst address, (SPI range)> 4828 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4829 * tree with the status of LARVAL, and send 4830 * <base, SA(*), address(SD)> 4831 * to the IKMPd. 4832 * 4833 * IN: mhp: pointer to the pointer to each header. 4834 * OUT: NULL if fail. 4835 * other if success, return pointer to the message to send. 4836 */ 4837 static int 4838 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4839 { 4840 struct secasindex saidx; 4841 struct sadb_address *src0, *dst0; 4842 struct secasvar *sav; 4843 uint32_t reqid, spi; 4844 int error; 4845 uint8_t mode, proto; 4846 4847 IPSEC_ASSERT(so != NULL, ("null socket")); 4848 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4849 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4850 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4851 4852 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4853 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4854 #ifdef PFKEY_STRICT_CHECKS 4855 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4856 #endif 4857 ) { 4858 ipseclog((LOG_DEBUG, 4859 "%s: invalid message: missing required header.\n", 4860 __func__)); 4861 error = EINVAL; 4862 goto fail; 4863 } 4864 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4865 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4866 #ifdef PFKEY_STRICT_CHECKS 4867 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4868 #endif 4869 ) { 4870 ipseclog((LOG_DEBUG, 4871 "%s: invalid message: wrong header size.\n", __func__)); 4872 error = EINVAL; 4873 goto fail; 4874 } 4875 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4876 mode = IPSEC_MODE_ANY; 4877 reqid = 0; 4878 } else { 4879 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4880 ipseclog((LOG_DEBUG, 4881 "%s: invalid message: wrong header size.\n", 4882 __func__)); 4883 error = EINVAL; 4884 goto fail; 4885 } 4886 mode = ((struct sadb_x_sa2 *) 4887 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4888 reqid = ((struct sadb_x_sa2 *) 4889 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4890 } 4891 4892 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4893 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4894 4895 /* map satype to proto */ 4896 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4897 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4898 __func__)); 4899 error = EINVAL; 4900 goto fail; 4901 } 4902 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4903 (struct sockaddr *)(dst0 + 1)); 4904 if (error != 0) { 4905 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4906 error = EINVAL; 4907 goto fail; 4908 } 4909 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4910 4911 /* SPI allocation */ 4912 SPI_ALLOC_LOCK(); 4913 spi = key_do_getnewspi( 4914 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4915 if (spi == 0) { 4916 /* 4917 * Requested SPI or SPI range is not available or 4918 * already used. 4919 */ 4920 SPI_ALLOC_UNLOCK(); 4921 error = EEXIST; 4922 goto fail; 4923 } 4924 sav = key_newsav(mhp, &saidx, spi, &error); 4925 SPI_ALLOC_UNLOCK(); 4926 if (sav == NULL) 4927 goto fail; 4928 4929 if (sav->seq != 0) { 4930 /* 4931 * RFC2367: 4932 * If the SADB_GETSPI message is in response to a 4933 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4934 * MUST be the same as the SADB_ACQUIRE message. 4935 * 4936 * XXXAE: However it doesn't definethe behaviour how to 4937 * check this and what to do if it doesn't match. 4938 * Also what we should do if it matches? 4939 * 4940 * We can compare saidx used in SADB_ACQUIRE with saidx 4941 * used in SADB_GETSPI, but this probably can break 4942 * existing software. For now just warn if it doesn't match. 4943 * 4944 * XXXAE: anyway it looks useless. 4945 */ 4946 key_acqdone(&saidx, sav->seq); 4947 } 4948 KEYDBG(KEY_STAMP, 4949 printf("%s: SA(%p)\n", __func__, sav)); 4950 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4951 4952 { 4953 struct mbuf *n, *nn; 4954 struct sadb_sa *m_sa; 4955 struct sadb_msg *newmsg; 4956 int off, len; 4957 4958 /* create new sadb_msg to reply. */ 4959 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4960 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4961 4962 MGETHDR(n, M_NOWAIT, MT_DATA); 4963 if (len > MHLEN) { 4964 if (!(MCLGET(n, M_NOWAIT))) { 4965 m_freem(n); 4966 n = NULL; 4967 } 4968 } 4969 if (!n) { 4970 error = ENOBUFS; 4971 goto fail; 4972 } 4973 4974 n->m_len = len; 4975 n->m_next = NULL; 4976 off = 0; 4977 4978 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4979 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4980 4981 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4982 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4983 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4984 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4985 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4986 4987 IPSEC_ASSERT(off == len, 4988 ("length inconsistency (off %u len %u)", off, len)); 4989 4990 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4991 SADB_EXT_ADDRESS_DST); 4992 if (!n->m_next) { 4993 m_freem(n); 4994 error = ENOBUFS; 4995 goto fail; 4996 } 4997 4998 if (n->m_len < sizeof(struct sadb_msg)) { 4999 n = m_pullup(n, sizeof(struct sadb_msg)); 5000 if (n == NULL) 5001 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5002 } 5003 5004 n->m_pkthdr.len = 0; 5005 for (nn = n; nn; nn = nn->m_next) 5006 n->m_pkthdr.len += nn->m_len; 5007 5008 newmsg = mtod(n, struct sadb_msg *); 5009 newmsg->sadb_msg_seq = sav->seq; 5010 newmsg->sadb_msg_errno = 0; 5011 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5012 5013 m_freem(m); 5014 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5015 } 5016 5017 fail: 5018 return (key_senderror(so, m, error)); 5019 } 5020 5021 /* 5022 * allocating new SPI 5023 * called by key_getspi(). 5024 * OUT: 5025 * 0: failure. 5026 * others: success, SPI in network byte order. 5027 */ 5028 static uint32_t 5029 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5030 { 5031 uint32_t min, max, newspi, t; 5032 int tries, limit; 5033 5034 SPI_ALLOC_LOCK_ASSERT(); 5035 5036 /* set spi range to allocate */ 5037 if (spirange != NULL) { 5038 min = spirange->sadb_spirange_min; 5039 max = spirange->sadb_spirange_max; 5040 } else { 5041 min = V_key_spi_minval; 5042 max = V_key_spi_maxval; 5043 } 5044 /* IPCOMP needs 2-byte SPI */ 5045 if (saidx->proto == IPPROTO_IPCOMP) { 5046 if (min >= 0x10000) 5047 min = 0xffff; 5048 if (max >= 0x10000) 5049 max = 0xffff; 5050 if (min > max) { 5051 t = min; min = max; max = t; 5052 } 5053 } 5054 5055 if (min == max) { 5056 if (!key_checkspidup(htonl(min))) { 5057 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5058 __func__, min)); 5059 return 0; 5060 } 5061 5062 tries = 1; 5063 newspi = min; 5064 } else { 5065 /* init SPI */ 5066 newspi = 0; 5067 5068 limit = atomic_load_int(&V_key_spi_trycnt); 5069 /* when requesting to allocate spi ranged */ 5070 for (tries = 0; tries < limit; tries++) { 5071 /* generate pseudo-random SPI value ranged. */ 5072 newspi = min + (key_random() % (max - min + 1)); 5073 if (!key_checkspidup(htonl(newspi))) 5074 break; 5075 } 5076 5077 if (tries == limit || newspi == 0) { 5078 ipseclog((LOG_DEBUG, 5079 "%s: failed to allocate SPI.\n", __func__)); 5080 return 0; 5081 } 5082 } 5083 5084 /* statistics */ 5085 keystat.getspi_count = 5086 (keystat.getspi_count + tries) / 2; 5087 5088 return (htonl(newspi)); 5089 } 5090 5091 /* 5092 * Find TCP-MD5 SA with corresponding secasindex. 5093 * If not found, return NULL and fill SPI with usable value if needed. 5094 */ 5095 static struct secasvar * 5096 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5097 { 5098 SAHTREE_RLOCK_TRACKER; 5099 struct secashead *sah; 5100 struct secasvar *sav; 5101 5102 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5103 SAHTREE_RLOCK(); 5104 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5105 if (sah->saidx.proto != IPPROTO_TCP) 5106 continue; 5107 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5108 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5109 break; 5110 } 5111 if (sah != NULL) { 5112 if (V_key_preferred_oldsa) 5113 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5114 else 5115 sav = TAILQ_FIRST(&sah->savtree_alive); 5116 if (sav != NULL) { 5117 SAV_ADDREF(sav); 5118 SAHTREE_RUNLOCK(); 5119 return (sav); 5120 } 5121 } 5122 if (spi == NULL) { 5123 /* No SPI required */ 5124 SAHTREE_RUNLOCK(); 5125 return (NULL); 5126 } 5127 /* Check that SPI is unique */ 5128 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5129 if (sav->spi == *spi) 5130 break; 5131 } 5132 if (sav == NULL) { 5133 SAHTREE_RUNLOCK(); 5134 /* SPI is already unique */ 5135 return (NULL); 5136 } 5137 SAHTREE_RUNLOCK(); 5138 /* XXX: not optimal */ 5139 *spi = key_do_getnewspi(NULL, saidx); 5140 return (NULL); 5141 } 5142 5143 static int 5144 key_updateaddresses(struct socket *so, struct mbuf *m, 5145 const struct sadb_msghdr *mhp, struct secasvar *sav, 5146 struct secasindex *saidx) 5147 { 5148 struct sockaddr *newaddr; 5149 struct secashead *sah; 5150 struct secasvar *newsav, *tmp; 5151 struct mbuf *n; 5152 int error, isnew; 5153 5154 /* Check that we need to change SAH */ 5155 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5156 newaddr = (struct sockaddr *)( 5157 ((struct sadb_address *) 5158 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5159 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5160 key_porttosaddr(&saidx->src.sa, 0); 5161 } 5162 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5163 newaddr = (struct sockaddr *)( 5164 ((struct sadb_address *) 5165 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5166 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5167 key_porttosaddr(&saidx->dst.sa, 0); 5168 } 5169 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5170 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5171 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5172 if (error != 0) { 5173 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5174 __func__)); 5175 return (error); 5176 } 5177 5178 sah = key_getsah(saidx); 5179 if (sah == NULL) { 5180 /* create a new SA index */ 5181 sah = key_newsah(saidx); 5182 if (sah == NULL) { 5183 ipseclog((LOG_DEBUG, 5184 "%s: No more memory.\n", __func__)); 5185 return (ENOBUFS); 5186 } 5187 isnew = 2; /* SAH is new */ 5188 } else 5189 isnew = 1; /* existing SAH is referenced */ 5190 } else { 5191 /* 5192 * src and dst addresses are still the same. 5193 * Do we want to change NAT-T config? 5194 */ 5195 if (sav->sah->saidx.proto != IPPROTO_ESP || 5196 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5197 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5198 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5199 ipseclog((LOG_DEBUG, 5200 "%s: invalid message: missing required header.\n", 5201 __func__)); 5202 return (EINVAL); 5203 } 5204 /* We hold reference to SA, thus SAH will be referenced too. */ 5205 sah = sav->sah; 5206 isnew = 0; 5207 } 5208 5209 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5210 M_NOWAIT | M_ZERO); 5211 if (newsav == NULL) { 5212 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5213 error = ENOBUFS; 5214 goto fail; 5215 } 5216 5217 /* Clone SA's content into newsav */ 5218 SAV_INITREF(newsav); 5219 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5220 /* 5221 * We create new NAT-T config if it is needed. 5222 * Old NAT-T config will be freed by key_cleansav() when 5223 * last reference to SA will be released. 5224 */ 5225 newsav->natt = NULL; 5226 newsav->sah = sah; 5227 newsav->state = SADB_SASTATE_MATURE; 5228 error = key_setnatt(newsav, mhp); 5229 if (error != 0) 5230 goto fail; 5231 5232 SAHTREE_WLOCK(); 5233 /* Check that SA is still alive */ 5234 if (sav->state == SADB_SASTATE_DEAD) { 5235 /* SA was unlinked */ 5236 SAHTREE_WUNLOCK(); 5237 error = ESRCH; 5238 goto fail; 5239 } 5240 5241 /* Unlink SA from SAH and SPI hash */ 5242 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5243 ("SA is already cloned")); 5244 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5245 sav->state == SADB_SASTATE_DYING, 5246 ("Wrong SA state %u\n", sav->state)); 5247 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5248 LIST_REMOVE(sav, spihash); 5249 sav->state = SADB_SASTATE_DEAD; 5250 5251 /* 5252 * Link new SA with SAH. Keep SAs ordered by 5253 * create time (newer are first). 5254 */ 5255 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5256 if (newsav->created > tmp->created) { 5257 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5258 break; 5259 } 5260 } 5261 if (tmp == NULL) 5262 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5263 5264 /* Add new SA into SPI hash. */ 5265 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5266 5267 /* Add new SAH into SADB. */ 5268 if (isnew == 2) { 5269 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5270 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5271 sah->state = SADB_SASTATE_MATURE; 5272 SAH_ADDREF(sah); /* newsav references new SAH */ 5273 } 5274 /* 5275 * isnew == 1 -> @sah was referenced by key_getsah(). 5276 * isnew == 0 -> we use the same @sah, that was used by @sav, 5277 * and we use its reference for @newsav. 5278 */ 5279 SECASVAR_LOCK(sav); 5280 /* XXX: replace cntr with pointer? */ 5281 newsav->cntr = sav->cntr; 5282 sav->flags |= SADB_X_EXT_F_CLONED; 5283 SECASVAR_UNLOCK(sav); 5284 5285 SAHTREE_WUNLOCK(); 5286 5287 KEYDBG(KEY_STAMP, 5288 printf("%s: SA(%p) cloned into SA(%p)\n", 5289 __func__, sav, newsav)); 5290 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5291 5292 key_freesav(&sav); /* release last reference */ 5293 5294 /* set msg buf from mhp */ 5295 n = key_getmsgbuf_x1(m, mhp); 5296 if (n == NULL) { 5297 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5298 return (ENOBUFS); 5299 } 5300 m_freem(m); 5301 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5302 return (0); 5303 fail: 5304 if (isnew != 0) 5305 key_freesah(&sah); 5306 if (newsav != NULL) { 5307 if (newsav->natt != NULL) 5308 free(newsav->natt, M_IPSEC_MISC); 5309 free(newsav, M_IPSEC_SA); 5310 } 5311 return (error); 5312 } 5313 5314 /* 5315 * SADB_UPDATE processing 5316 * receive 5317 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5318 * key(AE), (identity(SD),) (sensitivity)> 5319 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5320 * and send 5321 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5322 * (identity(SD),) (sensitivity)> 5323 * to the ikmpd. 5324 * 5325 * m will always be freed. 5326 */ 5327 static int 5328 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5329 { 5330 struct secasindex saidx; 5331 struct sadb_address *src0, *dst0; 5332 struct sadb_sa *sa0; 5333 struct secasvar *sav; 5334 uint32_t reqid; 5335 int error; 5336 uint8_t mode, proto; 5337 5338 IPSEC_ASSERT(so != NULL, ("null socket")); 5339 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5340 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5341 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5342 5343 /* map satype to proto */ 5344 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5345 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5346 __func__)); 5347 return key_senderror(so, m, EINVAL); 5348 } 5349 5350 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5351 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5352 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5353 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5354 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5355 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5356 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5357 ipseclog((LOG_DEBUG, 5358 "%s: invalid message: missing required header.\n", 5359 __func__)); 5360 return key_senderror(so, m, EINVAL); 5361 } 5362 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5363 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5364 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5365 ipseclog((LOG_DEBUG, 5366 "%s: invalid message: wrong header size.\n", __func__)); 5367 return key_senderror(so, m, EINVAL); 5368 } 5369 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5370 mode = IPSEC_MODE_ANY; 5371 reqid = 0; 5372 } else { 5373 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5374 ipseclog((LOG_DEBUG, 5375 "%s: invalid message: wrong header size.\n", 5376 __func__)); 5377 return key_senderror(so, m, EINVAL); 5378 } 5379 mode = ((struct sadb_x_sa2 *) 5380 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5381 reqid = ((struct sadb_x_sa2 *) 5382 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5383 } 5384 5385 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5386 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5387 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5388 5389 /* 5390 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5391 * SADB_UPDATE message. 5392 */ 5393 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5394 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5395 #ifdef PFKEY_STRICT_CHECKS 5396 return key_senderror(so, m, EINVAL); 5397 #endif 5398 } 5399 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5400 (struct sockaddr *)(dst0 + 1)); 5401 if (error != 0) { 5402 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5403 return key_senderror(so, m, error); 5404 } 5405 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5406 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5407 if (sav == NULL) { 5408 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5409 __func__, ntohl(sa0->sadb_sa_spi))); 5410 return key_senderror(so, m, EINVAL); 5411 } 5412 /* 5413 * Check that SADB_UPDATE issued by the same process that did 5414 * SADB_GETSPI or SADB_ADD. 5415 */ 5416 if (sav->pid != mhp->msg->sadb_msg_pid) { 5417 ipseclog((LOG_DEBUG, 5418 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5419 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5420 key_freesav(&sav); 5421 return key_senderror(so, m, EINVAL); 5422 } 5423 /* saidx should match with SA. */ 5424 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5425 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5426 __func__, ntohl(sav->spi))); 5427 key_freesav(&sav); 5428 return key_senderror(so, m, ESRCH); 5429 } 5430 5431 if (sav->state == SADB_SASTATE_LARVAL) { 5432 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5433 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5434 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5435 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5436 ipseclog((LOG_DEBUG, 5437 "%s: invalid message: missing required header.\n", 5438 __func__)); 5439 key_freesav(&sav); 5440 return key_senderror(so, m, EINVAL); 5441 } 5442 /* 5443 * We can set any values except src, dst and SPI. 5444 */ 5445 error = key_setsaval(sav, mhp); 5446 if (error != 0) { 5447 key_freesav(&sav); 5448 return (key_senderror(so, m, error)); 5449 } 5450 /* Change SA state to MATURE */ 5451 SAHTREE_WLOCK(); 5452 if (sav->state != SADB_SASTATE_LARVAL) { 5453 /* SA was deleted or another thread made it MATURE. */ 5454 SAHTREE_WUNLOCK(); 5455 key_freesav(&sav); 5456 return (key_senderror(so, m, ESRCH)); 5457 } 5458 /* 5459 * NOTE: we keep SAs in savtree_alive ordered by created 5460 * time. When SA's state changed from LARVAL to MATURE, 5461 * we update its created time in key_setsaval() and move 5462 * it into head of savtree_alive. 5463 */ 5464 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5465 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5466 sav->state = SADB_SASTATE_MATURE; 5467 SAHTREE_WUNLOCK(); 5468 } else { 5469 /* 5470 * For DYING and MATURE SA we can change only state 5471 * and lifetimes. Report EINVAL if something else attempted 5472 * to change. 5473 */ 5474 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5475 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5476 key_freesav(&sav); 5477 return (key_senderror(so, m, EINVAL)); 5478 } 5479 error = key_updatelifetimes(sav, mhp); 5480 if (error != 0) { 5481 key_freesav(&sav); 5482 return (key_senderror(so, m, error)); 5483 } 5484 /* 5485 * This is FreeBSD extension to RFC2367. 5486 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5487 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5488 * SA addresses (for example to implement MOBIKE protocol 5489 * as described in RFC4555). Also we allow to change 5490 * NAT-T config. 5491 */ 5492 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5493 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5494 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5495 sav->natt != NULL) { 5496 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5497 key_freesav(&sav); 5498 if (error != 0) 5499 return (key_senderror(so, m, error)); 5500 return (0); 5501 } 5502 /* Check that SA is still alive */ 5503 SAHTREE_WLOCK(); 5504 if (sav->state == SADB_SASTATE_DEAD) { 5505 /* SA was unlinked */ 5506 SAHTREE_WUNLOCK(); 5507 key_freesav(&sav); 5508 return (key_senderror(so, m, ESRCH)); 5509 } 5510 /* 5511 * NOTE: there is possible state moving from DYING to MATURE, 5512 * but this doesn't change created time, so we won't reorder 5513 * this SA. 5514 */ 5515 sav->state = SADB_SASTATE_MATURE; 5516 SAHTREE_WUNLOCK(); 5517 } 5518 KEYDBG(KEY_STAMP, 5519 printf("%s: SA(%p)\n", __func__, sav)); 5520 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5521 key_freesav(&sav); 5522 5523 { 5524 struct mbuf *n; 5525 5526 /* set msg buf from mhp */ 5527 n = key_getmsgbuf_x1(m, mhp); 5528 if (n == NULL) { 5529 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5530 return key_senderror(so, m, ENOBUFS); 5531 } 5532 5533 m_freem(m); 5534 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5535 } 5536 } 5537 5538 /* 5539 * SADB_ADD processing 5540 * add an entry to SA database, when received 5541 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5542 * key(AE), (identity(SD),) (sensitivity)> 5543 * from the ikmpd, 5544 * and send 5545 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5546 * (identity(SD),) (sensitivity)> 5547 * to the ikmpd. 5548 * 5549 * IGNORE identity and sensitivity messages. 5550 * 5551 * m will always be freed. 5552 */ 5553 static int 5554 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5555 { 5556 struct secasindex saidx; 5557 struct sadb_address *src0, *dst0; 5558 struct sadb_sa *sa0; 5559 struct secasvar *sav; 5560 uint32_t reqid, spi; 5561 uint8_t mode, proto; 5562 int error; 5563 5564 IPSEC_ASSERT(so != NULL, ("null socket")); 5565 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5566 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5567 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5568 5569 /* map satype to proto */ 5570 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5571 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5572 __func__)); 5573 return key_senderror(so, m, EINVAL); 5574 } 5575 5576 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5577 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5578 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5579 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5580 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5581 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5582 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5583 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5584 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5585 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5586 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5587 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5588 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5589 ipseclog((LOG_DEBUG, 5590 "%s: invalid message: missing required header.\n", 5591 __func__)); 5592 return key_senderror(so, m, EINVAL); 5593 } 5594 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5595 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5596 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5597 ipseclog((LOG_DEBUG, 5598 "%s: invalid message: wrong header size.\n", __func__)); 5599 return key_senderror(so, m, EINVAL); 5600 } 5601 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5602 mode = IPSEC_MODE_ANY; 5603 reqid = 0; 5604 } else { 5605 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5606 ipseclog((LOG_DEBUG, 5607 "%s: invalid message: wrong header size.\n", 5608 __func__)); 5609 return key_senderror(so, m, EINVAL); 5610 } 5611 mode = ((struct sadb_x_sa2 *) 5612 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5613 reqid = ((struct sadb_x_sa2 *) 5614 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5615 } 5616 5617 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5618 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5619 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5620 5621 /* 5622 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5623 * SADB_ADD message. 5624 */ 5625 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5626 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5627 #ifdef PFKEY_STRICT_CHECKS 5628 return key_senderror(so, m, EINVAL); 5629 #endif 5630 } 5631 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5632 (struct sockaddr *)(dst0 + 1)); 5633 if (error != 0) { 5634 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5635 return key_senderror(so, m, error); 5636 } 5637 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5638 spi = sa0->sadb_sa_spi; 5639 /* 5640 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5641 * secasindex. 5642 * XXXAE: IPComp seems also doesn't use SPI. 5643 */ 5644 SPI_ALLOC_LOCK(); 5645 if (proto == IPPROTO_TCP) { 5646 sav = key_getsav_tcpmd5(&saidx, &spi); 5647 if (sav == NULL && spi == 0) { 5648 SPI_ALLOC_UNLOCK(); 5649 /* Failed to allocate SPI */ 5650 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5651 __func__)); 5652 return key_senderror(so, m, EEXIST); 5653 } 5654 /* XXX: SPI that we report back can have another value */ 5655 } else { 5656 /* We can create new SA only if SPI is different. */ 5657 sav = key_getsavbyspi(spi); 5658 } 5659 if (sav != NULL) { 5660 SPI_ALLOC_UNLOCK(); 5661 key_freesav(&sav); 5662 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5663 return key_senderror(so, m, EEXIST); 5664 } 5665 5666 sav = key_newsav(mhp, &saidx, spi, &error); 5667 SPI_ALLOC_UNLOCK(); 5668 if (sav == NULL) 5669 return key_senderror(so, m, error); 5670 KEYDBG(KEY_STAMP, 5671 printf("%s: return SA(%p)\n", __func__, sav)); 5672 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5673 /* 5674 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5675 * ACQ for deletion. 5676 */ 5677 if (sav->seq != 0) 5678 key_acqdone(&saidx, sav->seq); 5679 5680 { 5681 /* 5682 * Don't call key_freesav() on error here, as we would like to 5683 * keep the SA in the database. 5684 */ 5685 struct mbuf *n; 5686 5687 /* set msg buf from mhp */ 5688 n = key_getmsgbuf_x1(m, mhp); 5689 if (n == NULL) { 5690 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5691 return key_senderror(so, m, ENOBUFS); 5692 } 5693 5694 m_freem(m); 5695 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5696 } 5697 } 5698 5699 /* 5700 * NAT-T support. 5701 * IKEd may request the use ESP in UDP encapsulation when it detects the 5702 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5703 * parameters needed for encapsulation and decapsulation. These PF_KEY 5704 * extension headers are not standardized, so this comment addresses our 5705 * implementation. 5706 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5707 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5708 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5709 * UDP header. We use these ports in UDP encapsulation procedure, also we 5710 * can check them in UDP decapsulation procedure. 5711 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5712 * responder. These addresses can be used for transport mode to adjust 5713 * checksum after decapsulation and decryption. Since original IP addresses 5714 * used by peer usually different (we detected presence of NAT), TCP/UDP 5715 * pseudo header checksum and IP header checksum was calculated using original 5716 * addresses. After decapsulation and decryption we need to adjust checksum 5717 * to have correct datagram. 5718 * 5719 * We expect presence of NAT-T extension headers only in SADB_ADD and 5720 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5721 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5722 */ 5723 static int 5724 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5725 { 5726 struct sadb_x_nat_t_port *port; 5727 struct sadb_x_nat_t_type *type; 5728 struct sadb_address *oai, *oar; 5729 struct sockaddr *sa; 5730 uint32_t addr; 5731 uint16_t cksum; 5732 5733 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5734 /* 5735 * Ignore NAT-T headers if sproto isn't ESP. 5736 */ 5737 if (sav->sah->saidx.proto != IPPROTO_ESP) 5738 return (0); 5739 5740 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5741 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5742 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5743 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5744 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5745 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5746 ipseclog((LOG_DEBUG, 5747 "%s: invalid message: wrong header size.\n", 5748 __func__)); 5749 return (EINVAL); 5750 } 5751 } else 5752 return (0); 5753 5754 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5755 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5756 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5757 __func__, type->sadb_x_nat_t_type_type)); 5758 return (EINVAL); 5759 } 5760 /* 5761 * Allocate storage for NAT-T config. 5762 * On error it will be released by key_cleansav(). 5763 */ 5764 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5765 M_NOWAIT | M_ZERO); 5766 if (sav->natt == NULL) { 5767 PFKEYSTAT_INC(in_nomem); 5768 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5769 return (ENOBUFS); 5770 } 5771 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5772 if (port->sadb_x_nat_t_port_port == 0) { 5773 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5774 __func__)); 5775 return (EINVAL); 5776 } 5777 sav->natt->sport = port->sadb_x_nat_t_port_port; 5778 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5779 if (port->sadb_x_nat_t_port_port == 0) { 5780 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5781 __func__)); 5782 return (EINVAL); 5783 } 5784 sav->natt->dport = port->sadb_x_nat_t_port_port; 5785 5786 /* 5787 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5788 * and needed only for transport mode IPsec. 5789 * Usually NAT translates only one address, but it is possible, 5790 * that both addresses could be translated. 5791 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5792 */ 5793 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5794 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5795 ipseclog((LOG_DEBUG, 5796 "%s: invalid message: wrong header size.\n", 5797 __func__)); 5798 return (EINVAL); 5799 } 5800 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5801 } else 5802 oai = NULL; 5803 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5804 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5805 ipseclog((LOG_DEBUG, 5806 "%s: invalid message: wrong header size.\n", 5807 __func__)); 5808 return (EINVAL); 5809 } 5810 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5811 } else 5812 oar = NULL; 5813 5814 /* Initialize addresses only for transport mode */ 5815 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5816 cksum = 0; 5817 if (oai != NULL) { 5818 /* Currently we support only AF_INET */ 5819 sa = (struct sockaddr *)(oai + 1); 5820 if (sa->sa_family != AF_INET || 5821 sa->sa_len != sizeof(struct sockaddr_in)) { 5822 ipseclog((LOG_DEBUG, 5823 "%s: wrong NAT-OAi header.\n", 5824 __func__)); 5825 return (EINVAL); 5826 } 5827 /* Ignore address if it the same */ 5828 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5829 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5830 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5831 sav->natt->flags |= IPSEC_NATT_F_OAI; 5832 /* Calculate checksum delta */ 5833 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5834 cksum = in_addword(cksum, ~addr >> 16); 5835 cksum = in_addword(cksum, ~addr & 0xffff); 5836 addr = sav->natt->oai.sin.sin_addr.s_addr; 5837 cksum = in_addword(cksum, addr >> 16); 5838 cksum = in_addword(cksum, addr & 0xffff); 5839 } 5840 } 5841 if (oar != NULL) { 5842 /* Currently we support only AF_INET */ 5843 sa = (struct sockaddr *)(oar + 1); 5844 if (sa->sa_family != AF_INET || 5845 sa->sa_len != sizeof(struct sockaddr_in)) { 5846 ipseclog((LOG_DEBUG, 5847 "%s: wrong NAT-OAr header.\n", 5848 __func__)); 5849 return (EINVAL); 5850 } 5851 /* Ignore address if it the same */ 5852 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5853 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5854 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5855 sav->natt->flags |= IPSEC_NATT_F_OAR; 5856 /* Calculate checksum delta */ 5857 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5858 cksum = in_addword(cksum, ~addr >> 16); 5859 cksum = in_addword(cksum, ~addr & 0xffff); 5860 addr = sav->natt->oar.sin.sin_addr.s_addr; 5861 cksum = in_addword(cksum, addr >> 16); 5862 cksum = in_addword(cksum, addr & 0xffff); 5863 } 5864 } 5865 sav->natt->cksum = cksum; 5866 } 5867 return (0); 5868 } 5869 5870 static int 5871 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5872 { 5873 const struct sadb_ident *idsrc, *iddst; 5874 5875 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5876 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5877 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5878 5879 /* don't make buffer if not there */ 5880 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5881 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5882 sah->idents = NULL; 5883 sah->identd = NULL; 5884 return (0); 5885 } 5886 5887 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5888 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5889 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5890 return (EINVAL); 5891 } 5892 5893 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5894 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5895 5896 /* validity check */ 5897 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5898 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5899 return EINVAL; 5900 } 5901 5902 switch (idsrc->sadb_ident_type) { 5903 case SADB_IDENTTYPE_PREFIX: 5904 case SADB_IDENTTYPE_FQDN: 5905 case SADB_IDENTTYPE_USERFQDN: 5906 default: 5907 /* XXX do nothing */ 5908 sah->idents = NULL; 5909 sah->identd = NULL; 5910 return 0; 5911 } 5912 5913 /* make structure */ 5914 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5915 if (sah->idents == NULL) { 5916 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5917 return ENOBUFS; 5918 } 5919 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5920 if (sah->identd == NULL) { 5921 free(sah->idents, M_IPSEC_MISC); 5922 sah->idents = NULL; 5923 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5924 return ENOBUFS; 5925 } 5926 sah->idents->type = idsrc->sadb_ident_type; 5927 sah->idents->id = idsrc->sadb_ident_id; 5928 5929 sah->identd->type = iddst->sadb_ident_type; 5930 sah->identd->id = iddst->sadb_ident_id; 5931 5932 return 0; 5933 } 5934 5935 /* 5936 * m will not be freed on return. 5937 * it is caller's responsibility to free the result. 5938 * 5939 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5940 * from the request in defined order. 5941 */ 5942 static struct mbuf * 5943 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5944 { 5945 struct mbuf *n; 5946 5947 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5948 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5949 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5950 5951 /* create new sadb_msg to reply. */ 5952 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5953 SADB_EXT_SA, SADB_X_EXT_SA2, 5954 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5955 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5956 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5957 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5958 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5959 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5960 SADB_X_EXT_NEW_ADDRESS_DST); 5961 if (!n) 5962 return NULL; 5963 5964 if (n->m_len < sizeof(struct sadb_msg)) { 5965 n = m_pullup(n, sizeof(struct sadb_msg)); 5966 if (n == NULL) 5967 return NULL; 5968 } 5969 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5970 mtod(n, struct sadb_msg *)->sadb_msg_len = 5971 PFKEY_UNIT64(n->m_pkthdr.len); 5972 5973 return n; 5974 } 5975 5976 /* 5977 * SADB_DELETE processing 5978 * receive 5979 * <base, SA(*), address(SD)> 5980 * from the ikmpd, and set SADB_SASTATE_DEAD, 5981 * and send, 5982 * <base, SA(*), address(SD)> 5983 * to the ikmpd. 5984 * 5985 * m will always be freed. 5986 */ 5987 static int 5988 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5989 { 5990 struct secasindex saidx; 5991 struct sadb_address *src0, *dst0; 5992 struct secasvar *sav; 5993 struct sadb_sa *sa0; 5994 uint8_t proto; 5995 5996 IPSEC_ASSERT(so != NULL, ("null socket")); 5997 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5998 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5999 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6000 6001 /* map satype to proto */ 6002 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6003 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6004 __func__)); 6005 return key_senderror(so, m, EINVAL); 6006 } 6007 6008 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6009 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6010 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6011 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6012 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6013 __func__)); 6014 return key_senderror(so, m, EINVAL); 6015 } 6016 6017 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6018 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6019 6020 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6021 (struct sockaddr *)(dst0 + 1)) != 0) { 6022 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6023 return (key_senderror(so, m, EINVAL)); 6024 } 6025 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6026 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6027 /* 6028 * Caller wants us to delete all non-LARVAL SAs 6029 * that match the src/dst. This is used during 6030 * IKE INITIAL-CONTACT. 6031 * XXXAE: this looks like some extension to RFC2367. 6032 */ 6033 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6034 return (key_delete_all(so, m, mhp, &saidx)); 6035 } 6036 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6037 ipseclog((LOG_DEBUG, 6038 "%s: invalid message: wrong header size.\n", __func__)); 6039 return (key_senderror(so, m, EINVAL)); 6040 } 6041 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6042 SPI_ALLOC_LOCK(); 6043 if (proto == IPPROTO_TCP) 6044 sav = key_getsav_tcpmd5(&saidx, NULL); 6045 else 6046 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6047 SPI_ALLOC_UNLOCK(); 6048 if (sav == NULL) { 6049 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6050 __func__, ntohl(sa0->sadb_sa_spi))); 6051 return (key_senderror(so, m, ESRCH)); 6052 } 6053 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6054 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6055 __func__, ntohl(sav->spi))); 6056 key_freesav(&sav); 6057 return (key_senderror(so, m, ESRCH)); 6058 } 6059 KEYDBG(KEY_STAMP, 6060 printf("%s: SA(%p)\n", __func__, sav)); 6061 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6062 key_unlinksav(sav); 6063 key_freesav(&sav); 6064 6065 { 6066 struct mbuf *n; 6067 struct sadb_msg *newmsg; 6068 6069 /* create new sadb_msg to reply. */ 6070 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6071 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6072 if (!n) 6073 return key_senderror(so, m, ENOBUFS); 6074 6075 if (n->m_len < sizeof(struct sadb_msg)) { 6076 n = m_pullup(n, sizeof(struct sadb_msg)); 6077 if (n == NULL) 6078 return key_senderror(so, m, ENOBUFS); 6079 } 6080 newmsg = mtod(n, struct sadb_msg *); 6081 newmsg->sadb_msg_errno = 0; 6082 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6083 6084 m_freem(m); 6085 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6086 } 6087 } 6088 6089 /* 6090 * delete all SAs for src/dst. Called from key_delete(). 6091 */ 6092 static int 6093 key_delete_all(struct socket *so, struct mbuf *m, 6094 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6095 { 6096 struct secasvar_queue drainq; 6097 struct secashead *sah; 6098 struct secasvar *sav, *nextsav; 6099 6100 TAILQ_INIT(&drainq); 6101 SAHTREE_WLOCK(); 6102 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6103 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6104 continue; 6105 /* Move all ALIVE SAs into drainq */ 6106 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6107 } 6108 /* Unlink all queued SAs from SPI hash */ 6109 TAILQ_FOREACH(sav, &drainq, chain) { 6110 sav->state = SADB_SASTATE_DEAD; 6111 LIST_REMOVE(sav, spihash); 6112 } 6113 SAHTREE_WUNLOCK(); 6114 /* Now we can release reference for all SAs in drainq */ 6115 sav = TAILQ_FIRST(&drainq); 6116 while (sav != NULL) { 6117 KEYDBG(KEY_STAMP, 6118 printf("%s: SA(%p)\n", __func__, sav)); 6119 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6120 nextsav = TAILQ_NEXT(sav, chain); 6121 key_freesah(&sav->sah); /* release reference from SAV */ 6122 key_freesav(&sav); /* release last reference */ 6123 sav = nextsav; 6124 } 6125 6126 { 6127 struct mbuf *n; 6128 struct sadb_msg *newmsg; 6129 6130 /* create new sadb_msg to reply. */ 6131 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6132 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6133 if (!n) 6134 return key_senderror(so, m, ENOBUFS); 6135 6136 if (n->m_len < sizeof(struct sadb_msg)) { 6137 n = m_pullup(n, sizeof(struct sadb_msg)); 6138 if (n == NULL) 6139 return key_senderror(so, m, ENOBUFS); 6140 } 6141 newmsg = mtod(n, struct sadb_msg *); 6142 newmsg->sadb_msg_errno = 0; 6143 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6144 6145 m_freem(m); 6146 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6147 } 6148 } 6149 6150 /* 6151 * Delete all alive SAs for corresponding xform. 6152 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6153 * here when xform disappears. 6154 */ 6155 void 6156 key_delete_xform(const struct xformsw *xsp) 6157 { 6158 struct secasvar_queue drainq; 6159 struct secashead *sah; 6160 struct secasvar *sav, *nextsav; 6161 6162 TAILQ_INIT(&drainq); 6163 SAHTREE_WLOCK(); 6164 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6165 sav = TAILQ_FIRST(&sah->savtree_alive); 6166 if (sav == NULL) 6167 continue; 6168 if (sav->tdb_xform != xsp) 6169 continue; 6170 /* 6171 * It is supposed that all SAs in the chain are related to 6172 * one xform. 6173 */ 6174 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6175 } 6176 /* Unlink all queued SAs from SPI hash */ 6177 TAILQ_FOREACH(sav, &drainq, chain) { 6178 sav->state = SADB_SASTATE_DEAD; 6179 LIST_REMOVE(sav, spihash); 6180 } 6181 SAHTREE_WUNLOCK(); 6182 6183 /* Now we can release reference for all SAs in drainq */ 6184 sav = TAILQ_FIRST(&drainq); 6185 while (sav != NULL) { 6186 KEYDBG(KEY_STAMP, 6187 printf("%s: SA(%p)\n", __func__, sav)); 6188 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6189 nextsav = TAILQ_NEXT(sav, chain); 6190 key_freesah(&sav->sah); /* release reference from SAV */ 6191 key_freesav(&sav); /* release last reference */ 6192 sav = nextsav; 6193 } 6194 } 6195 6196 /* 6197 * SADB_GET processing 6198 * receive 6199 * <base, SA(*), address(SD)> 6200 * from the ikmpd, and get a SP and a SA to respond, 6201 * and send, 6202 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6203 * (identity(SD),) (sensitivity)> 6204 * to the ikmpd. 6205 * 6206 * m will always be freed. 6207 */ 6208 static int 6209 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6210 { 6211 struct secasindex saidx; 6212 struct sadb_address *src0, *dst0; 6213 struct sadb_sa *sa0; 6214 struct secasvar *sav; 6215 uint8_t proto; 6216 6217 IPSEC_ASSERT(so != NULL, ("null socket")); 6218 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6219 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6220 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6221 6222 /* map satype to proto */ 6223 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6224 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6225 __func__)); 6226 return key_senderror(so, m, EINVAL); 6227 } 6228 6229 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6230 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6231 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6232 ipseclog((LOG_DEBUG, 6233 "%s: invalid message: missing required header.\n", 6234 __func__)); 6235 return key_senderror(so, m, EINVAL); 6236 } 6237 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6238 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6239 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6240 ipseclog((LOG_DEBUG, 6241 "%s: invalid message: wrong header size.\n", __func__)); 6242 return key_senderror(so, m, EINVAL); 6243 } 6244 6245 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6246 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6247 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6248 6249 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6250 (struct sockaddr *)(dst0 + 1)) != 0) { 6251 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6252 return key_senderror(so, m, EINVAL); 6253 } 6254 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6255 6256 SPI_ALLOC_LOCK(); 6257 if (proto == IPPROTO_TCP) 6258 sav = key_getsav_tcpmd5(&saidx, NULL); 6259 else 6260 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6261 SPI_ALLOC_UNLOCK(); 6262 if (sav == NULL) { 6263 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6264 return key_senderror(so, m, ESRCH); 6265 } 6266 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6267 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6268 __func__, ntohl(sa0->sadb_sa_spi))); 6269 key_freesav(&sav); 6270 return (key_senderror(so, m, ESRCH)); 6271 } 6272 6273 { 6274 struct mbuf *n; 6275 uint8_t satype; 6276 6277 /* map proto to satype */ 6278 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6279 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6280 __func__)); 6281 key_freesav(&sav); 6282 return key_senderror(so, m, EINVAL); 6283 } 6284 6285 /* create new sadb_msg to reply. */ 6286 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6287 mhp->msg->sadb_msg_pid); 6288 6289 key_freesav(&sav); 6290 if (!n) 6291 return key_senderror(so, m, ENOBUFS); 6292 6293 m_freem(m); 6294 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6295 } 6296 } 6297 6298 /* XXX make it sysctl-configurable? */ 6299 static void 6300 key_getcomb_setlifetime(struct sadb_comb *comb) 6301 { 6302 6303 comb->sadb_comb_soft_allocations = 1; 6304 comb->sadb_comb_hard_allocations = 1; 6305 comb->sadb_comb_soft_bytes = 0; 6306 comb->sadb_comb_hard_bytes = 0; 6307 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6308 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6309 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6310 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6311 } 6312 6313 /* 6314 * XXX reorder combinations by preference 6315 * XXX no idea if the user wants ESP authentication or not 6316 */ 6317 static struct mbuf * 6318 key_getcomb_ealg(void) 6319 { 6320 struct sadb_comb *comb; 6321 const struct enc_xform *algo; 6322 struct mbuf *result = NULL, *m, *n; 6323 int encmin; 6324 int i, off, o; 6325 int totlen; 6326 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6327 6328 m = NULL; 6329 for (i = 1; i <= SADB_EALG_MAX; i++) { 6330 algo = enc_algorithm_lookup(i); 6331 if (algo == NULL) 6332 continue; 6333 6334 /* discard algorithms with key size smaller than system min */ 6335 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6336 continue; 6337 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6338 encmin = V_ipsec_esp_keymin; 6339 else 6340 encmin = _BITS(algo->minkey); 6341 6342 if (V_ipsec_esp_auth) 6343 m = key_getcomb_ah(); 6344 else { 6345 IPSEC_ASSERT(l <= MLEN, 6346 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6347 MGET(m, M_NOWAIT, MT_DATA); 6348 if (m) { 6349 M_ALIGN(m, l); 6350 m->m_len = l; 6351 m->m_next = NULL; 6352 bzero(mtod(m, caddr_t), m->m_len); 6353 } 6354 } 6355 if (!m) 6356 goto fail; 6357 6358 totlen = 0; 6359 for (n = m; n; n = n->m_next) 6360 totlen += n->m_len; 6361 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6362 6363 for (off = 0; off < totlen; off += l) { 6364 n = m_pulldown(m, off, l, &o); 6365 if (!n) { 6366 /* m is already freed */ 6367 goto fail; 6368 } 6369 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6370 bzero(comb, sizeof(*comb)); 6371 key_getcomb_setlifetime(comb); 6372 comb->sadb_comb_encrypt = i; 6373 comb->sadb_comb_encrypt_minbits = encmin; 6374 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6375 } 6376 6377 if (!result) 6378 result = m; 6379 else 6380 m_cat(result, m); 6381 } 6382 6383 return result; 6384 6385 fail: 6386 if (result) 6387 m_freem(result); 6388 return NULL; 6389 } 6390 6391 static void 6392 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6393 u_int16_t* max) 6394 { 6395 6396 *min = *max = ah->hashsize; 6397 if (ah->keysize == 0) { 6398 /* 6399 * Transform takes arbitrary key size but algorithm 6400 * key size is restricted. Enforce this here. 6401 */ 6402 switch (alg) { 6403 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6404 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6405 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6406 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6407 default: 6408 DPRINTF(("%s: unknown AH algorithm %u\n", 6409 __func__, alg)); 6410 break; 6411 } 6412 } 6413 } 6414 6415 /* 6416 * XXX reorder combinations by preference 6417 */ 6418 static struct mbuf * 6419 key_getcomb_ah() 6420 { 6421 const struct auth_hash *algo; 6422 struct sadb_comb *comb; 6423 struct mbuf *m; 6424 u_int16_t minkeysize, maxkeysize; 6425 int i; 6426 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6427 6428 m = NULL; 6429 for (i = 1; i <= SADB_AALG_MAX; i++) { 6430 #if 1 6431 /* we prefer HMAC algorithms, not old algorithms */ 6432 if (i != SADB_AALG_SHA1HMAC && 6433 i != SADB_X_AALG_SHA2_256 && 6434 i != SADB_X_AALG_SHA2_384 && 6435 i != SADB_X_AALG_SHA2_512) 6436 continue; 6437 #endif 6438 algo = auth_algorithm_lookup(i); 6439 if (!algo) 6440 continue; 6441 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6442 /* discard algorithms with key size smaller than system min */ 6443 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6444 continue; 6445 6446 if (!m) { 6447 IPSEC_ASSERT(l <= MLEN, 6448 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6449 MGET(m, M_NOWAIT, MT_DATA); 6450 if (m) { 6451 M_ALIGN(m, l); 6452 m->m_len = l; 6453 m->m_next = NULL; 6454 } 6455 } else 6456 M_PREPEND(m, l, M_NOWAIT); 6457 if (!m) 6458 return NULL; 6459 6460 comb = mtod(m, struct sadb_comb *); 6461 bzero(comb, sizeof(*comb)); 6462 key_getcomb_setlifetime(comb); 6463 comb->sadb_comb_auth = i; 6464 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6465 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6466 } 6467 6468 return m; 6469 } 6470 6471 /* 6472 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6473 * XXX reorder combinations by preference 6474 */ 6475 static struct mbuf * 6476 key_getcomb_ipcomp() 6477 { 6478 const struct comp_algo *algo; 6479 struct sadb_comb *comb; 6480 struct mbuf *m; 6481 int i; 6482 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6483 6484 m = NULL; 6485 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6486 algo = comp_algorithm_lookup(i); 6487 if (!algo) 6488 continue; 6489 6490 if (!m) { 6491 IPSEC_ASSERT(l <= MLEN, 6492 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6493 MGET(m, M_NOWAIT, MT_DATA); 6494 if (m) { 6495 M_ALIGN(m, l); 6496 m->m_len = l; 6497 m->m_next = NULL; 6498 } 6499 } else 6500 M_PREPEND(m, l, M_NOWAIT); 6501 if (!m) 6502 return NULL; 6503 6504 comb = mtod(m, struct sadb_comb *); 6505 bzero(comb, sizeof(*comb)); 6506 key_getcomb_setlifetime(comb); 6507 comb->sadb_comb_encrypt = i; 6508 /* what should we set into sadb_comb_*_{min,max}bits? */ 6509 } 6510 6511 return m; 6512 } 6513 6514 /* 6515 * XXX no way to pass mode (transport/tunnel) to userland 6516 * XXX replay checking? 6517 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6518 */ 6519 static struct mbuf * 6520 key_getprop(const struct secasindex *saidx) 6521 { 6522 struct sadb_prop *prop; 6523 struct mbuf *m, *n; 6524 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6525 int totlen; 6526 6527 switch (saidx->proto) { 6528 case IPPROTO_ESP: 6529 m = key_getcomb_ealg(); 6530 break; 6531 case IPPROTO_AH: 6532 m = key_getcomb_ah(); 6533 break; 6534 case IPPROTO_IPCOMP: 6535 m = key_getcomb_ipcomp(); 6536 break; 6537 default: 6538 return NULL; 6539 } 6540 6541 if (!m) 6542 return NULL; 6543 M_PREPEND(m, l, M_NOWAIT); 6544 if (!m) 6545 return NULL; 6546 6547 totlen = 0; 6548 for (n = m; n; n = n->m_next) 6549 totlen += n->m_len; 6550 6551 prop = mtod(m, struct sadb_prop *); 6552 bzero(prop, sizeof(*prop)); 6553 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6554 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6555 prop->sadb_prop_replay = 32; /* XXX */ 6556 6557 return m; 6558 } 6559 6560 /* 6561 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6562 * send 6563 * <base, SA, address(SD), (address(P)), x_policy, 6564 * (identity(SD),) (sensitivity,) proposal> 6565 * to KMD, and expect to receive 6566 * <base> with SADB_ACQUIRE if error occurred, 6567 * or 6568 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6569 * from KMD by PF_KEY. 6570 * 6571 * XXX x_policy is outside of RFC2367 (KAME extension). 6572 * XXX sensitivity is not supported. 6573 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6574 * see comment for key_getcomb_ipcomp(). 6575 * 6576 * OUT: 6577 * 0 : succeed 6578 * others: error number 6579 */ 6580 static int 6581 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6582 { 6583 union sockaddr_union addr; 6584 struct mbuf *result, *m; 6585 uint32_t seq; 6586 int error; 6587 uint16_t ul_proto; 6588 uint8_t mask, satype; 6589 6590 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6591 satype = key_proto2satype(saidx->proto); 6592 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6593 6594 error = -1; 6595 result = NULL; 6596 ul_proto = IPSEC_ULPROTO_ANY; 6597 6598 /* Get seq number to check whether sending message or not. */ 6599 seq = key_getacq(saidx, &error); 6600 if (seq == 0) 6601 return (error); 6602 6603 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6604 if (!m) { 6605 error = ENOBUFS; 6606 goto fail; 6607 } 6608 result = m; 6609 6610 /* 6611 * set sadb_address for saidx's. 6612 * 6613 * Note that if sp is supplied, then we're being called from 6614 * key_allocsa_policy() and should supply port and protocol 6615 * information. 6616 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6617 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6618 * XXXAE: it looks like we should save this info in the ACQ entry. 6619 */ 6620 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6621 sp->spidx.ul_proto == IPPROTO_UDP)) 6622 ul_proto = sp->spidx.ul_proto; 6623 6624 addr = saidx->src; 6625 mask = FULLMASK; 6626 if (ul_proto != IPSEC_ULPROTO_ANY) { 6627 switch (sp->spidx.src.sa.sa_family) { 6628 case AF_INET: 6629 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6630 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6631 mask = sp->spidx.prefs; 6632 } 6633 break; 6634 case AF_INET6: 6635 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6636 addr.sin6.sin6_port = 6637 sp->spidx.src.sin6.sin6_port; 6638 mask = sp->spidx.prefs; 6639 } 6640 break; 6641 default: 6642 break; 6643 } 6644 } 6645 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6646 if (!m) { 6647 error = ENOBUFS; 6648 goto fail; 6649 } 6650 m_cat(result, m); 6651 6652 addr = saidx->dst; 6653 mask = FULLMASK; 6654 if (ul_proto != IPSEC_ULPROTO_ANY) { 6655 switch (sp->spidx.dst.sa.sa_family) { 6656 case AF_INET: 6657 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6658 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6659 mask = sp->spidx.prefd; 6660 } 6661 break; 6662 case AF_INET6: 6663 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6664 addr.sin6.sin6_port = 6665 sp->spidx.dst.sin6.sin6_port; 6666 mask = sp->spidx.prefd; 6667 } 6668 break; 6669 default: 6670 break; 6671 } 6672 } 6673 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6674 if (!m) { 6675 error = ENOBUFS; 6676 goto fail; 6677 } 6678 m_cat(result, m); 6679 6680 /* XXX proxy address (optional) */ 6681 6682 /* 6683 * Set sadb_x_policy. This is KAME extension to RFC2367. 6684 */ 6685 if (sp != NULL) { 6686 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6687 sp->priority); 6688 if (!m) { 6689 error = ENOBUFS; 6690 goto fail; 6691 } 6692 m_cat(result, m); 6693 } 6694 6695 /* 6696 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6697 * This is FreeBSD extension to RFC2367. 6698 */ 6699 if (saidx->reqid != 0) { 6700 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6701 if (m == NULL) { 6702 error = ENOBUFS; 6703 goto fail; 6704 } 6705 m_cat(result, m); 6706 } 6707 /* XXX identity (optional) */ 6708 #if 0 6709 if (idexttype && fqdn) { 6710 /* create identity extension (FQDN) */ 6711 struct sadb_ident *id; 6712 int fqdnlen; 6713 6714 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6715 id = (struct sadb_ident *)p; 6716 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6717 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6718 id->sadb_ident_exttype = idexttype; 6719 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6720 bcopy(fqdn, id + 1, fqdnlen); 6721 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6722 } 6723 6724 if (idexttype) { 6725 /* create identity extension (USERFQDN) */ 6726 struct sadb_ident *id; 6727 int userfqdnlen; 6728 6729 if (userfqdn) { 6730 /* +1 for terminating-NUL */ 6731 userfqdnlen = strlen(userfqdn) + 1; 6732 } else 6733 userfqdnlen = 0; 6734 id = (struct sadb_ident *)p; 6735 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6736 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6737 id->sadb_ident_exttype = idexttype; 6738 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6739 /* XXX is it correct? */ 6740 if (curproc && curproc->p_cred) 6741 id->sadb_ident_id = curproc->p_cred->p_ruid; 6742 if (userfqdn && userfqdnlen) 6743 bcopy(userfqdn, id + 1, userfqdnlen); 6744 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6745 } 6746 #endif 6747 6748 /* XXX sensitivity (optional) */ 6749 6750 /* create proposal/combination extension */ 6751 m = key_getprop(saidx); 6752 #if 0 6753 /* 6754 * spec conformant: always attach proposal/combination extension, 6755 * the problem is that we have no way to attach it for ipcomp, 6756 * due to the way sadb_comb is declared in RFC2367. 6757 */ 6758 if (!m) { 6759 error = ENOBUFS; 6760 goto fail; 6761 } 6762 m_cat(result, m); 6763 #else 6764 /* 6765 * outside of spec; make proposal/combination extension optional. 6766 */ 6767 if (m) 6768 m_cat(result, m); 6769 #endif 6770 6771 if ((result->m_flags & M_PKTHDR) == 0) { 6772 error = EINVAL; 6773 goto fail; 6774 } 6775 6776 if (result->m_len < sizeof(struct sadb_msg)) { 6777 result = m_pullup(result, sizeof(struct sadb_msg)); 6778 if (result == NULL) { 6779 error = ENOBUFS; 6780 goto fail; 6781 } 6782 } 6783 6784 result->m_pkthdr.len = 0; 6785 for (m = result; m; m = m->m_next) 6786 result->m_pkthdr.len += m->m_len; 6787 6788 mtod(result, struct sadb_msg *)->sadb_msg_len = 6789 PFKEY_UNIT64(result->m_pkthdr.len); 6790 6791 KEYDBG(KEY_STAMP, 6792 printf("%s: SP(%p)\n", __func__, sp)); 6793 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6794 6795 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6796 6797 fail: 6798 if (result) 6799 m_freem(result); 6800 return error; 6801 } 6802 6803 static uint32_t 6804 key_newacq(const struct secasindex *saidx, int *perror) 6805 { 6806 struct secacq *acq; 6807 uint32_t seq; 6808 6809 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6810 if (acq == NULL) { 6811 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6812 *perror = ENOBUFS; 6813 return (0); 6814 } 6815 6816 /* copy secindex */ 6817 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6818 acq->created = time_second; 6819 acq->count = 0; 6820 6821 /* add to acqtree */ 6822 ACQ_LOCK(); 6823 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6824 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6825 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6826 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6827 ACQ_UNLOCK(); 6828 *perror = 0; 6829 return (seq); 6830 } 6831 6832 static uint32_t 6833 key_getacq(const struct secasindex *saidx, int *perror) 6834 { 6835 struct secacq *acq; 6836 uint32_t seq; 6837 6838 ACQ_LOCK(); 6839 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6840 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6841 if (acq->count > V_key_blockacq_count) { 6842 /* 6843 * Reset counter and send message. 6844 * Also reset created time to keep ACQ for 6845 * this saidx. 6846 */ 6847 acq->created = time_second; 6848 acq->count = 0; 6849 seq = acq->seq; 6850 } else { 6851 /* 6852 * Increment counter and do nothing. 6853 * We send SADB_ACQUIRE message only 6854 * for each V_key_blockacq_count packet. 6855 */ 6856 acq->count++; 6857 seq = 0; 6858 } 6859 break; 6860 } 6861 } 6862 ACQ_UNLOCK(); 6863 if (acq != NULL) { 6864 *perror = 0; 6865 return (seq); 6866 } 6867 /* allocate new entry */ 6868 return (key_newacq(saidx, perror)); 6869 } 6870 6871 static int 6872 key_acqreset(uint32_t seq) 6873 { 6874 struct secacq *acq; 6875 6876 ACQ_LOCK(); 6877 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6878 if (acq->seq == seq) { 6879 acq->count = 0; 6880 acq->created = time_second; 6881 break; 6882 } 6883 } 6884 ACQ_UNLOCK(); 6885 if (acq == NULL) 6886 return (ESRCH); 6887 return (0); 6888 } 6889 /* 6890 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6891 * Called after successful SADB_GETSPI message. 6892 */ 6893 static int 6894 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6895 { 6896 struct secacq *acq; 6897 6898 ACQ_LOCK(); 6899 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6900 if (acq->seq == seq) 6901 break; 6902 } 6903 if (acq != NULL) { 6904 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6905 ipseclog((LOG_DEBUG, 6906 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6907 acq = NULL; 6908 } else { 6909 acq->created = 0; 6910 } 6911 } else { 6912 ipseclog((LOG_DEBUG, 6913 "%s: ACQ %u is not found.\n", __func__, seq)); 6914 } 6915 ACQ_UNLOCK(); 6916 if (acq == NULL) 6917 return (ESRCH); 6918 return (0); 6919 } 6920 6921 static struct secspacq * 6922 key_newspacq(struct secpolicyindex *spidx) 6923 { 6924 struct secspacq *acq; 6925 6926 /* get new entry */ 6927 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6928 if (acq == NULL) { 6929 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6930 return NULL; 6931 } 6932 6933 /* copy secindex */ 6934 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6935 acq->created = time_second; 6936 acq->count = 0; 6937 6938 /* add to spacqtree */ 6939 SPACQ_LOCK(); 6940 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6941 SPACQ_UNLOCK(); 6942 6943 return acq; 6944 } 6945 6946 static struct secspacq * 6947 key_getspacq(struct secpolicyindex *spidx) 6948 { 6949 struct secspacq *acq; 6950 6951 SPACQ_LOCK(); 6952 LIST_FOREACH(acq, &V_spacqtree, chain) { 6953 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6954 /* NB: return holding spacq_lock */ 6955 return acq; 6956 } 6957 } 6958 SPACQ_UNLOCK(); 6959 6960 return NULL; 6961 } 6962 6963 /* 6964 * SADB_ACQUIRE processing, 6965 * in first situation, is receiving 6966 * <base> 6967 * from the ikmpd, and clear sequence of its secasvar entry. 6968 * 6969 * In second situation, is receiving 6970 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6971 * from a user land process, and return 6972 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6973 * to the socket. 6974 * 6975 * m will always be freed. 6976 */ 6977 static int 6978 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6979 { 6980 SAHTREE_RLOCK_TRACKER; 6981 struct sadb_address *src0, *dst0; 6982 struct secasindex saidx; 6983 struct secashead *sah; 6984 uint32_t reqid; 6985 int error; 6986 uint8_t mode, proto; 6987 6988 IPSEC_ASSERT(so != NULL, ("null socket")); 6989 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6990 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6991 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6992 6993 /* 6994 * Error message from KMd. 6995 * We assume that if error was occurred in IKEd, the length of PFKEY 6996 * message is equal to the size of sadb_msg structure. 6997 * We do not raise error even if error occurred in this function. 6998 */ 6999 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7000 /* check sequence number */ 7001 if (mhp->msg->sadb_msg_seq == 0 || 7002 mhp->msg->sadb_msg_errno == 0) { 7003 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7004 "number and errno.\n", __func__)); 7005 } else { 7006 /* 7007 * IKEd reported that error occurred. 7008 * XXXAE: what it expects from the kernel? 7009 * Probably we should send SADB_ACQUIRE again? 7010 * If so, reset ACQ's state. 7011 * XXXAE: it looks useless. 7012 */ 7013 key_acqreset(mhp->msg->sadb_msg_seq); 7014 } 7015 m_freem(m); 7016 return (0); 7017 } 7018 7019 /* 7020 * This message is from user land. 7021 */ 7022 7023 /* map satype to proto */ 7024 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7025 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7026 __func__)); 7027 return key_senderror(so, m, EINVAL); 7028 } 7029 7030 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7031 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7032 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7033 ipseclog((LOG_DEBUG, 7034 "%s: invalid message: missing required header.\n", 7035 __func__)); 7036 return key_senderror(so, m, EINVAL); 7037 } 7038 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7039 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7040 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7041 ipseclog((LOG_DEBUG, 7042 "%s: invalid message: wrong header size.\n", __func__)); 7043 return key_senderror(so, m, EINVAL); 7044 } 7045 7046 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7047 mode = IPSEC_MODE_ANY; 7048 reqid = 0; 7049 } else { 7050 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7051 ipseclog((LOG_DEBUG, 7052 "%s: invalid message: wrong header size.\n", 7053 __func__)); 7054 return key_senderror(so, m, EINVAL); 7055 } 7056 mode = ((struct sadb_x_sa2 *) 7057 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7058 reqid = ((struct sadb_x_sa2 *) 7059 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7060 } 7061 7062 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7063 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7064 7065 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7066 (struct sockaddr *)(dst0 + 1)); 7067 if (error != 0) { 7068 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7069 return key_senderror(so, m, EINVAL); 7070 } 7071 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7072 7073 /* get a SA index */ 7074 SAHTREE_RLOCK(); 7075 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7076 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7077 break; 7078 } 7079 SAHTREE_RUNLOCK(); 7080 if (sah != NULL) { 7081 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7082 return key_senderror(so, m, EEXIST); 7083 } 7084 7085 error = key_acquire(&saidx, NULL); 7086 if (error != 0) { 7087 ipseclog((LOG_DEBUG, 7088 "%s: error %d returned from key_acquire()\n", 7089 __func__, error)); 7090 return key_senderror(so, m, error); 7091 } 7092 m_freem(m); 7093 return (0); 7094 } 7095 7096 /* 7097 * SADB_REGISTER processing. 7098 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7099 * receive 7100 * <base> 7101 * from the ikmpd, and register a socket to send PF_KEY messages, 7102 * and send 7103 * <base, supported> 7104 * to KMD by PF_KEY. 7105 * If socket is detached, must free from regnode. 7106 * 7107 * m will always be freed. 7108 */ 7109 static int 7110 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7111 { 7112 struct secreg *reg, *newreg = NULL; 7113 7114 IPSEC_ASSERT(so != NULL, ("null socket")); 7115 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7116 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7117 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7118 7119 /* check for invalid register message */ 7120 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7121 return key_senderror(so, m, EINVAL); 7122 7123 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7124 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7125 goto setmsg; 7126 7127 /* check whether existing or not */ 7128 REGTREE_LOCK(); 7129 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7130 if (reg->so == so) { 7131 REGTREE_UNLOCK(); 7132 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7133 __func__)); 7134 return key_senderror(so, m, EEXIST); 7135 } 7136 } 7137 7138 /* create regnode */ 7139 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7140 if (newreg == NULL) { 7141 REGTREE_UNLOCK(); 7142 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7143 return key_senderror(so, m, ENOBUFS); 7144 } 7145 7146 newreg->so = so; 7147 ((struct keycb *)sotorawcb(so))->kp_registered++; 7148 7149 /* add regnode to regtree. */ 7150 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7151 REGTREE_UNLOCK(); 7152 7153 setmsg: 7154 { 7155 struct mbuf *n; 7156 struct sadb_msg *newmsg; 7157 struct sadb_supported *sup; 7158 u_int len, alen, elen; 7159 int off; 7160 int i; 7161 struct sadb_alg *alg; 7162 7163 /* create new sadb_msg to reply. */ 7164 alen = 0; 7165 for (i = 1; i <= SADB_AALG_MAX; i++) { 7166 if (auth_algorithm_lookup(i)) 7167 alen += sizeof(struct sadb_alg); 7168 } 7169 if (alen) 7170 alen += sizeof(struct sadb_supported); 7171 elen = 0; 7172 for (i = 1; i <= SADB_EALG_MAX; i++) { 7173 if (enc_algorithm_lookup(i)) 7174 elen += sizeof(struct sadb_alg); 7175 } 7176 if (elen) 7177 elen += sizeof(struct sadb_supported); 7178 7179 len = sizeof(struct sadb_msg) + alen + elen; 7180 7181 if (len > MCLBYTES) 7182 return key_senderror(so, m, ENOBUFS); 7183 7184 MGETHDR(n, M_NOWAIT, MT_DATA); 7185 if (n != NULL && len > MHLEN) { 7186 if (!(MCLGET(n, M_NOWAIT))) { 7187 m_freem(n); 7188 n = NULL; 7189 } 7190 } 7191 if (!n) 7192 return key_senderror(so, m, ENOBUFS); 7193 7194 n->m_pkthdr.len = n->m_len = len; 7195 n->m_next = NULL; 7196 off = 0; 7197 7198 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7199 newmsg = mtod(n, struct sadb_msg *); 7200 newmsg->sadb_msg_errno = 0; 7201 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7202 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7203 7204 /* for authentication algorithm */ 7205 if (alen) { 7206 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7207 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7208 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7209 off += PFKEY_ALIGN8(sizeof(*sup)); 7210 7211 for (i = 1; i <= SADB_AALG_MAX; i++) { 7212 const struct auth_hash *aalgo; 7213 u_int16_t minkeysize, maxkeysize; 7214 7215 aalgo = auth_algorithm_lookup(i); 7216 if (!aalgo) 7217 continue; 7218 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7219 alg->sadb_alg_id = i; 7220 alg->sadb_alg_ivlen = 0; 7221 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7222 alg->sadb_alg_minbits = _BITS(minkeysize); 7223 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7224 off += PFKEY_ALIGN8(sizeof(*alg)); 7225 } 7226 } 7227 7228 /* for encryption algorithm */ 7229 if (elen) { 7230 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7231 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7232 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7233 off += PFKEY_ALIGN8(sizeof(*sup)); 7234 7235 for (i = 1; i <= SADB_EALG_MAX; i++) { 7236 const struct enc_xform *ealgo; 7237 7238 ealgo = enc_algorithm_lookup(i); 7239 if (!ealgo) 7240 continue; 7241 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7242 alg->sadb_alg_id = i; 7243 alg->sadb_alg_ivlen = ealgo->ivsize; 7244 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7245 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7246 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7247 } 7248 } 7249 7250 IPSEC_ASSERT(off == len, 7251 ("length assumption failed (off %u len %u)", off, len)); 7252 7253 m_freem(m); 7254 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7255 } 7256 } 7257 7258 /* 7259 * free secreg entry registered. 7260 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7261 */ 7262 void 7263 key_freereg(struct socket *so) 7264 { 7265 struct secreg *reg; 7266 int i; 7267 7268 IPSEC_ASSERT(so != NULL, ("NULL so")); 7269 7270 /* 7271 * check whether existing or not. 7272 * check all type of SA, because there is a potential that 7273 * one socket is registered to multiple type of SA. 7274 */ 7275 REGTREE_LOCK(); 7276 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7277 LIST_FOREACH(reg, &V_regtree[i], chain) { 7278 if (reg->so == so && __LIST_CHAINED(reg)) { 7279 LIST_REMOVE(reg, chain); 7280 free(reg, M_IPSEC_SAR); 7281 break; 7282 } 7283 } 7284 } 7285 REGTREE_UNLOCK(); 7286 } 7287 7288 /* 7289 * SADB_EXPIRE processing 7290 * send 7291 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7292 * to KMD by PF_KEY. 7293 * NOTE: We send only soft lifetime extension. 7294 * 7295 * OUT: 0 : succeed 7296 * others : error number 7297 */ 7298 static int 7299 key_expire(struct secasvar *sav, int hard) 7300 { 7301 struct mbuf *result = NULL, *m; 7302 struct sadb_lifetime *lt; 7303 uint32_t replay_count; 7304 int error, len; 7305 uint8_t satype; 7306 7307 IPSEC_ASSERT (sav != NULL, ("null sav")); 7308 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7309 7310 KEYDBG(KEY_STAMP, 7311 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7312 sav, hard ? "hard": "soft")); 7313 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7314 /* set msg header */ 7315 satype = key_proto2satype(sav->sah->saidx.proto); 7316 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7317 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7318 if (!m) { 7319 error = ENOBUFS; 7320 goto fail; 7321 } 7322 result = m; 7323 7324 /* create SA extension */ 7325 m = key_setsadbsa(sav); 7326 if (!m) { 7327 error = ENOBUFS; 7328 goto fail; 7329 } 7330 m_cat(result, m); 7331 7332 /* create SA extension */ 7333 SECASVAR_LOCK(sav); 7334 replay_count = sav->replay ? sav->replay->count : 0; 7335 SECASVAR_UNLOCK(sav); 7336 7337 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7338 sav->sah->saidx.reqid); 7339 if (!m) { 7340 error = ENOBUFS; 7341 goto fail; 7342 } 7343 m_cat(result, m); 7344 7345 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7346 m = key_setsadbxsareplay(sav->replay->wsize); 7347 if (!m) { 7348 error = ENOBUFS; 7349 goto fail; 7350 } 7351 m_cat(result, m); 7352 } 7353 7354 /* create lifetime extension (current and soft) */ 7355 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7356 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7357 if (m == NULL) { 7358 error = ENOBUFS; 7359 goto fail; 7360 } 7361 m_align(m, len); 7362 m->m_len = len; 7363 bzero(mtod(m, caddr_t), len); 7364 lt = mtod(m, struct sadb_lifetime *); 7365 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7366 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7367 lt->sadb_lifetime_allocations = 7368 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7369 lt->sadb_lifetime_bytes = 7370 counter_u64_fetch(sav->lft_c_bytes); 7371 lt->sadb_lifetime_addtime = sav->created; 7372 lt->sadb_lifetime_usetime = sav->firstused; 7373 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7374 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7375 if (hard) { 7376 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7377 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7378 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7379 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7380 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7381 } else { 7382 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7383 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7384 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7385 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7386 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7387 } 7388 m_cat(result, m); 7389 7390 /* set sadb_address for source */ 7391 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7392 &sav->sah->saidx.src.sa, 7393 FULLMASK, IPSEC_ULPROTO_ANY); 7394 if (!m) { 7395 error = ENOBUFS; 7396 goto fail; 7397 } 7398 m_cat(result, m); 7399 7400 /* set sadb_address for destination */ 7401 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7402 &sav->sah->saidx.dst.sa, 7403 FULLMASK, IPSEC_ULPROTO_ANY); 7404 if (!m) { 7405 error = ENOBUFS; 7406 goto fail; 7407 } 7408 m_cat(result, m); 7409 7410 /* 7411 * XXX-BZ Handle NAT-T extensions here. 7412 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7413 * this information, we report only significant SA fields. 7414 */ 7415 7416 if ((result->m_flags & M_PKTHDR) == 0) { 7417 error = EINVAL; 7418 goto fail; 7419 } 7420 7421 if (result->m_len < sizeof(struct sadb_msg)) { 7422 result = m_pullup(result, sizeof(struct sadb_msg)); 7423 if (result == NULL) { 7424 error = ENOBUFS; 7425 goto fail; 7426 } 7427 } 7428 7429 result->m_pkthdr.len = 0; 7430 for (m = result; m; m = m->m_next) 7431 result->m_pkthdr.len += m->m_len; 7432 7433 mtod(result, struct sadb_msg *)->sadb_msg_len = 7434 PFKEY_UNIT64(result->m_pkthdr.len); 7435 7436 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7437 7438 fail: 7439 if (result) 7440 m_freem(result); 7441 return error; 7442 } 7443 7444 static void 7445 key_freesah_flushed(struct secashead_queue *flushq) 7446 { 7447 struct secashead *sah, *nextsah; 7448 struct secasvar *sav, *nextsav; 7449 7450 sah = TAILQ_FIRST(flushq); 7451 while (sah != NULL) { 7452 sav = TAILQ_FIRST(&sah->savtree_larval); 7453 while (sav != NULL) { 7454 nextsav = TAILQ_NEXT(sav, chain); 7455 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7456 key_freesav(&sav); /* release last reference */ 7457 key_freesah(&sah); /* release reference from SAV */ 7458 sav = nextsav; 7459 } 7460 sav = TAILQ_FIRST(&sah->savtree_alive); 7461 while (sav != NULL) { 7462 nextsav = TAILQ_NEXT(sav, chain); 7463 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7464 key_freesav(&sav); /* release last reference */ 7465 key_freesah(&sah); /* release reference from SAV */ 7466 sav = nextsav; 7467 } 7468 nextsah = TAILQ_NEXT(sah, chain); 7469 key_freesah(&sah); /* release last reference */ 7470 sah = nextsah; 7471 } 7472 } 7473 7474 /* 7475 * SADB_FLUSH processing 7476 * receive 7477 * <base> 7478 * from the ikmpd, and free all entries in secastree. 7479 * and send, 7480 * <base> 7481 * to the ikmpd. 7482 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7483 * 7484 * m will always be freed. 7485 */ 7486 static int 7487 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7488 { 7489 struct secashead_queue flushq; 7490 struct sadb_msg *newmsg; 7491 struct secashead *sah, *nextsah; 7492 struct secasvar *sav; 7493 uint8_t proto; 7494 int i; 7495 7496 IPSEC_ASSERT(so != NULL, ("null socket")); 7497 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7498 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7499 7500 /* map satype to proto */ 7501 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7502 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7503 __func__)); 7504 return key_senderror(so, m, EINVAL); 7505 } 7506 KEYDBG(KEY_STAMP, 7507 printf("%s: proto %u\n", __func__, proto)); 7508 7509 TAILQ_INIT(&flushq); 7510 if (proto == IPSEC_PROTO_ANY) { 7511 /* no SATYPE specified, i.e. flushing all SA. */ 7512 SAHTREE_WLOCK(); 7513 /* Move all SAHs into flushq */ 7514 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7515 /* Flush all buckets in SPI hash */ 7516 for (i = 0; i < V_savhash_mask + 1; i++) 7517 LIST_INIT(&V_savhashtbl[i]); 7518 /* Flush all buckets in SAHADDRHASH */ 7519 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7520 LIST_INIT(&V_sahaddrhashtbl[i]); 7521 /* Mark all SAHs as unlinked */ 7522 TAILQ_FOREACH(sah, &flushq, chain) { 7523 sah->state = SADB_SASTATE_DEAD; 7524 /* 7525 * Callout handler makes its job using 7526 * RLOCK and drain queues. In case, when this 7527 * function will be called just before it 7528 * acquires WLOCK, we need to mark SAs as 7529 * unlinked to prevent second unlink. 7530 */ 7531 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7532 sav->state = SADB_SASTATE_DEAD; 7533 } 7534 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7535 sav->state = SADB_SASTATE_DEAD; 7536 } 7537 } 7538 SAHTREE_WUNLOCK(); 7539 } else { 7540 SAHTREE_WLOCK(); 7541 sah = TAILQ_FIRST(&V_sahtree); 7542 while (sah != NULL) { 7543 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7544 ("DEAD SAH %p in SADB_FLUSH", sah)); 7545 nextsah = TAILQ_NEXT(sah, chain); 7546 if (sah->saidx.proto != proto) { 7547 sah = nextsah; 7548 continue; 7549 } 7550 sah->state = SADB_SASTATE_DEAD; 7551 TAILQ_REMOVE(&V_sahtree, sah, chain); 7552 LIST_REMOVE(sah, addrhash); 7553 /* Unlink all SAs from SPI hash */ 7554 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7555 LIST_REMOVE(sav, spihash); 7556 sav->state = SADB_SASTATE_DEAD; 7557 } 7558 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7559 LIST_REMOVE(sav, spihash); 7560 sav->state = SADB_SASTATE_DEAD; 7561 } 7562 /* Add SAH into flushq */ 7563 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7564 sah = nextsah; 7565 } 7566 SAHTREE_WUNLOCK(); 7567 } 7568 7569 key_freesah_flushed(&flushq); 7570 /* Free all queued SAs and SAHs */ 7571 if (m->m_len < sizeof(struct sadb_msg) || 7572 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7573 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7574 return key_senderror(so, m, ENOBUFS); 7575 } 7576 7577 if (m->m_next) 7578 m_freem(m->m_next); 7579 m->m_next = NULL; 7580 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7581 newmsg = mtod(m, struct sadb_msg *); 7582 newmsg->sadb_msg_errno = 0; 7583 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7584 7585 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7586 } 7587 7588 /* 7589 * SADB_DUMP processing 7590 * dump all entries including status of DEAD in SAD. 7591 * receive 7592 * <base> 7593 * from the ikmpd, and dump all secasvar leaves 7594 * and send, 7595 * <base> ..... 7596 * to the ikmpd. 7597 * 7598 * m will always be freed. 7599 */ 7600 static int 7601 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7602 { 7603 SAHTREE_RLOCK_TRACKER; 7604 struct secashead *sah; 7605 struct secasvar *sav; 7606 struct mbuf *n; 7607 uint32_t cnt; 7608 uint8_t proto, satype; 7609 7610 IPSEC_ASSERT(so != NULL, ("null socket")); 7611 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7612 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7613 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7614 7615 /* map satype to proto */ 7616 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7617 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7618 __func__)); 7619 return key_senderror(so, m, EINVAL); 7620 } 7621 7622 /* count sav entries to be sent to the userland. */ 7623 cnt = 0; 7624 SAHTREE_RLOCK(); 7625 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7626 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7627 proto != sah->saidx.proto) 7628 continue; 7629 7630 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7631 cnt++; 7632 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7633 cnt++; 7634 } 7635 7636 if (cnt == 0) { 7637 SAHTREE_RUNLOCK(); 7638 return key_senderror(so, m, ENOENT); 7639 } 7640 7641 /* send this to the userland, one at a time. */ 7642 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7643 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7644 proto != sah->saidx.proto) 7645 continue; 7646 7647 /* map proto to satype */ 7648 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7649 SAHTREE_RUNLOCK(); 7650 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7651 "SAD.\n", __func__)); 7652 return key_senderror(so, m, EINVAL); 7653 } 7654 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7655 n = key_setdumpsa(sav, SADB_DUMP, satype, 7656 --cnt, mhp->msg->sadb_msg_pid); 7657 if (n == NULL) { 7658 SAHTREE_RUNLOCK(); 7659 return key_senderror(so, m, ENOBUFS); 7660 } 7661 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7662 } 7663 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7664 n = key_setdumpsa(sav, SADB_DUMP, satype, 7665 --cnt, mhp->msg->sadb_msg_pid); 7666 if (n == NULL) { 7667 SAHTREE_RUNLOCK(); 7668 return key_senderror(so, m, ENOBUFS); 7669 } 7670 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7671 } 7672 } 7673 SAHTREE_RUNLOCK(); 7674 m_freem(m); 7675 return (0); 7676 } 7677 /* 7678 * SADB_X_PROMISC processing 7679 * 7680 * m will always be freed. 7681 */ 7682 static int 7683 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7684 { 7685 int olen; 7686 7687 IPSEC_ASSERT(so != NULL, ("null socket")); 7688 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7689 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7690 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7691 7692 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7693 7694 if (olen < sizeof(struct sadb_msg)) { 7695 #if 1 7696 return key_senderror(so, m, EINVAL); 7697 #else 7698 m_freem(m); 7699 return 0; 7700 #endif 7701 } else if (olen == sizeof(struct sadb_msg)) { 7702 /* enable/disable promisc mode */ 7703 struct keycb *kp; 7704 7705 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7706 return key_senderror(so, m, EINVAL); 7707 mhp->msg->sadb_msg_errno = 0; 7708 switch (mhp->msg->sadb_msg_satype) { 7709 case 0: 7710 case 1: 7711 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7712 break; 7713 default: 7714 return key_senderror(so, m, EINVAL); 7715 } 7716 7717 /* send the original message back to everyone */ 7718 mhp->msg->sadb_msg_errno = 0; 7719 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7720 } else { 7721 /* send packet as is */ 7722 7723 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7724 7725 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7726 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7727 } 7728 } 7729 7730 static int (*key_typesw[])(struct socket *, struct mbuf *, 7731 const struct sadb_msghdr *) = { 7732 NULL, /* SADB_RESERVED */ 7733 key_getspi, /* SADB_GETSPI */ 7734 key_update, /* SADB_UPDATE */ 7735 key_add, /* SADB_ADD */ 7736 key_delete, /* SADB_DELETE */ 7737 key_get, /* SADB_GET */ 7738 key_acquire2, /* SADB_ACQUIRE */ 7739 key_register, /* SADB_REGISTER */ 7740 NULL, /* SADB_EXPIRE */ 7741 key_flush, /* SADB_FLUSH */ 7742 key_dump, /* SADB_DUMP */ 7743 key_promisc, /* SADB_X_PROMISC */ 7744 NULL, /* SADB_X_PCHANGE */ 7745 key_spdadd, /* SADB_X_SPDUPDATE */ 7746 key_spdadd, /* SADB_X_SPDADD */ 7747 key_spddelete, /* SADB_X_SPDDELETE */ 7748 key_spdget, /* SADB_X_SPDGET */ 7749 NULL, /* SADB_X_SPDACQUIRE */ 7750 key_spddump, /* SADB_X_SPDDUMP */ 7751 key_spdflush, /* SADB_X_SPDFLUSH */ 7752 key_spdadd, /* SADB_X_SPDSETIDX */ 7753 NULL, /* SADB_X_SPDEXPIRE */ 7754 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7755 }; 7756 7757 /* 7758 * parse sadb_msg buffer to process PFKEYv2, 7759 * and create a data to response if needed. 7760 * I think to be dealed with mbuf directly. 7761 * IN: 7762 * msgp : pointer to pointer to a received buffer pulluped. 7763 * This is rewrited to response. 7764 * so : pointer to socket. 7765 * OUT: 7766 * length for buffer to send to user process. 7767 */ 7768 int 7769 key_parse(struct mbuf *m, struct socket *so) 7770 { 7771 struct sadb_msg *msg; 7772 struct sadb_msghdr mh; 7773 u_int orglen; 7774 int error; 7775 int target; 7776 7777 IPSEC_ASSERT(so != NULL, ("null socket")); 7778 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7779 7780 if (m->m_len < sizeof(struct sadb_msg)) { 7781 m = m_pullup(m, sizeof(struct sadb_msg)); 7782 if (!m) 7783 return ENOBUFS; 7784 } 7785 msg = mtod(m, struct sadb_msg *); 7786 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7787 target = KEY_SENDUP_ONE; 7788 7789 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7790 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7791 PFKEYSTAT_INC(out_invlen); 7792 error = EINVAL; 7793 goto senderror; 7794 } 7795 7796 if (msg->sadb_msg_version != PF_KEY_V2) { 7797 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7798 __func__, msg->sadb_msg_version)); 7799 PFKEYSTAT_INC(out_invver); 7800 error = EINVAL; 7801 goto senderror; 7802 } 7803 7804 if (msg->sadb_msg_type > SADB_MAX) { 7805 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7806 __func__, msg->sadb_msg_type)); 7807 PFKEYSTAT_INC(out_invmsgtype); 7808 error = EINVAL; 7809 goto senderror; 7810 } 7811 7812 /* for old-fashioned code - should be nuked */ 7813 if (m->m_pkthdr.len > MCLBYTES) { 7814 m_freem(m); 7815 return ENOBUFS; 7816 } 7817 if (m->m_next) { 7818 struct mbuf *n; 7819 7820 MGETHDR(n, M_NOWAIT, MT_DATA); 7821 if (n && m->m_pkthdr.len > MHLEN) { 7822 if (!(MCLGET(n, M_NOWAIT))) { 7823 m_free(n); 7824 n = NULL; 7825 } 7826 } 7827 if (!n) { 7828 m_freem(m); 7829 return ENOBUFS; 7830 } 7831 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7832 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7833 n->m_next = NULL; 7834 m_freem(m); 7835 m = n; 7836 } 7837 7838 /* align the mbuf chain so that extensions are in contiguous region. */ 7839 error = key_align(m, &mh); 7840 if (error) 7841 return error; 7842 7843 msg = mh.msg; 7844 7845 /* We use satype as scope mask for spddump */ 7846 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7847 switch (msg->sadb_msg_satype) { 7848 case IPSEC_POLICYSCOPE_ANY: 7849 case IPSEC_POLICYSCOPE_GLOBAL: 7850 case IPSEC_POLICYSCOPE_IFNET: 7851 case IPSEC_POLICYSCOPE_PCB: 7852 break; 7853 default: 7854 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7855 __func__, msg->sadb_msg_type)); 7856 PFKEYSTAT_INC(out_invsatype); 7857 error = EINVAL; 7858 goto senderror; 7859 } 7860 } else { 7861 switch (msg->sadb_msg_satype) { /* check SA type */ 7862 case SADB_SATYPE_UNSPEC: 7863 switch (msg->sadb_msg_type) { 7864 case SADB_GETSPI: 7865 case SADB_UPDATE: 7866 case SADB_ADD: 7867 case SADB_DELETE: 7868 case SADB_GET: 7869 case SADB_ACQUIRE: 7870 case SADB_EXPIRE: 7871 ipseclog((LOG_DEBUG, "%s: must specify satype " 7872 "when msg type=%u.\n", __func__, 7873 msg->sadb_msg_type)); 7874 PFKEYSTAT_INC(out_invsatype); 7875 error = EINVAL; 7876 goto senderror; 7877 } 7878 break; 7879 case SADB_SATYPE_AH: 7880 case SADB_SATYPE_ESP: 7881 case SADB_X_SATYPE_IPCOMP: 7882 case SADB_X_SATYPE_TCPSIGNATURE: 7883 switch (msg->sadb_msg_type) { 7884 case SADB_X_SPDADD: 7885 case SADB_X_SPDDELETE: 7886 case SADB_X_SPDGET: 7887 case SADB_X_SPDFLUSH: 7888 case SADB_X_SPDSETIDX: 7889 case SADB_X_SPDUPDATE: 7890 case SADB_X_SPDDELETE2: 7891 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7892 __func__, msg->sadb_msg_type)); 7893 PFKEYSTAT_INC(out_invsatype); 7894 error = EINVAL; 7895 goto senderror; 7896 } 7897 break; 7898 case SADB_SATYPE_RSVP: 7899 case SADB_SATYPE_OSPFV2: 7900 case SADB_SATYPE_RIPV2: 7901 case SADB_SATYPE_MIP: 7902 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7903 __func__, msg->sadb_msg_satype)); 7904 PFKEYSTAT_INC(out_invsatype); 7905 error = EOPNOTSUPP; 7906 goto senderror; 7907 case 1: /* XXX: What does it do? */ 7908 if (msg->sadb_msg_type == SADB_X_PROMISC) 7909 break; 7910 /*FALLTHROUGH*/ 7911 default: 7912 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7913 __func__, msg->sadb_msg_satype)); 7914 PFKEYSTAT_INC(out_invsatype); 7915 error = EINVAL; 7916 goto senderror; 7917 } 7918 } 7919 7920 /* check field of upper layer protocol and address family */ 7921 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7922 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7923 struct sadb_address *src0, *dst0; 7924 u_int plen; 7925 7926 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7927 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7928 7929 /* check upper layer protocol */ 7930 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7931 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7932 "mismatched.\n", __func__)); 7933 PFKEYSTAT_INC(out_invaddr); 7934 error = EINVAL; 7935 goto senderror; 7936 } 7937 7938 /* check family */ 7939 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7940 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7941 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7942 __func__)); 7943 PFKEYSTAT_INC(out_invaddr); 7944 error = EINVAL; 7945 goto senderror; 7946 } 7947 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7948 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7949 ipseclog((LOG_DEBUG, "%s: address struct size " 7950 "mismatched.\n", __func__)); 7951 PFKEYSTAT_INC(out_invaddr); 7952 error = EINVAL; 7953 goto senderror; 7954 } 7955 7956 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7957 case AF_INET: 7958 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7959 sizeof(struct sockaddr_in)) { 7960 PFKEYSTAT_INC(out_invaddr); 7961 error = EINVAL; 7962 goto senderror; 7963 } 7964 break; 7965 case AF_INET6: 7966 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7967 sizeof(struct sockaddr_in6)) { 7968 PFKEYSTAT_INC(out_invaddr); 7969 error = EINVAL; 7970 goto senderror; 7971 } 7972 break; 7973 default: 7974 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7975 __func__)); 7976 PFKEYSTAT_INC(out_invaddr); 7977 error = EAFNOSUPPORT; 7978 goto senderror; 7979 } 7980 7981 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7982 case AF_INET: 7983 plen = sizeof(struct in_addr) << 3; 7984 break; 7985 case AF_INET6: 7986 plen = sizeof(struct in6_addr) << 3; 7987 break; 7988 default: 7989 plen = 0; /*fool gcc*/ 7990 break; 7991 } 7992 7993 /* check max prefix length */ 7994 if (src0->sadb_address_prefixlen > plen || 7995 dst0->sadb_address_prefixlen > plen) { 7996 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7997 __func__)); 7998 PFKEYSTAT_INC(out_invaddr); 7999 error = EINVAL; 8000 goto senderror; 8001 } 8002 8003 /* 8004 * prefixlen == 0 is valid because there can be a case when 8005 * all addresses are matched. 8006 */ 8007 } 8008 8009 if (msg->sadb_msg_type >= nitems(key_typesw) || 8010 key_typesw[msg->sadb_msg_type] == NULL) { 8011 PFKEYSTAT_INC(out_invmsgtype); 8012 error = EINVAL; 8013 goto senderror; 8014 } 8015 8016 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8017 8018 senderror: 8019 msg->sadb_msg_errno = error; 8020 return key_sendup_mbuf(so, m, target); 8021 } 8022 8023 static int 8024 key_senderror(struct socket *so, struct mbuf *m, int code) 8025 { 8026 struct sadb_msg *msg; 8027 8028 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8029 ("mbuf too small, len %u", m->m_len)); 8030 8031 msg = mtod(m, struct sadb_msg *); 8032 msg->sadb_msg_errno = code; 8033 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8034 } 8035 8036 /* 8037 * set the pointer to each header into message buffer. 8038 * m will be freed on error. 8039 * XXX larger-than-MCLBYTES extension? 8040 */ 8041 static int 8042 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8043 { 8044 struct mbuf *n; 8045 struct sadb_ext *ext; 8046 size_t off, end; 8047 int extlen; 8048 int toff; 8049 8050 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8051 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8052 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8053 ("mbuf too small, len %u", m->m_len)); 8054 8055 /* initialize */ 8056 bzero(mhp, sizeof(*mhp)); 8057 8058 mhp->msg = mtod(m, struct sadb_msg *); 8059 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8060 8061 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8062 extlen = end; /*just in case extlen is not updated*/ 8063 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8064 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8065 if (!n) { 8066 /* m is already freed */ 8067 return ENOBUFS; 8068 } 8069 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8070 8071 /* set pointer */ 8072 switch (ext->sadb_ext_type) { 8073 case SADB_EXT_SA: 8074 case SADB_EXT_ADDRESS_SRC: 8075 case SADB_EXT_ADDRESS_DST: 8076 case SADB_EXT_ADDRESS_PROXY: 8077 case SADB_EXT_LIFETIME_CURRENT: 8078 case SADB_EXT_LIFETIME_HARD: 8079 case SADB_EXT_LIFETIME_SOFT: 8080 case SADB_EXT_KEY_AUTH: 8081 case SADB_EXT_KEY_ENCRYPT: 8082 case SADB_EXT_IDENTITY_SRC: 8083 case SADB_EXT_IDENTITY_DST: 8084 case SADB_EXT_SENSITIVITY: 8085 case SADB_EXT_PROPOSAL: 8086 case SADB_EXT_SUPPORTED_AUTH: 8087 case SADB_EXT_SUPPORTED_ENCRYPT: 8088 case SADB_EXT_SPIRANGE: 8089 case SADB_X_EXT_POLICY: 8090 case SADB_X_EXT_SA2: 8091 case SADB_X_EXT_NAT_T_TYPE: 8092 case SADB_X_EXT_NAT_T_SPORT: 8093 case SADB_X_EXT_NAT_T_DPORT: 8094 case SADB_X_EXT_NAT_T_OAI: 8095 case SADB_X_EXT_NAT_T_OAR: 8096 case SADB_X_EXT_NAT_T_FRAG: 8097 case SADB_X_EXT_SA_REPLAY: 8098 case SADB_X_EXT_NEW_ADDRESS_SRC: 8099 case SADB_X_EXT_NEW_ADDRESS_DST: 8100 /* duplicate check */ 8101 /* 8102 * XXX Are there duplication payloads of either 8103 * KEY_AUTH or KEY_ENCRYPT ? 8104 */ 8105 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8106 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8107 "%u\n", __func__, ext->sadb_ext_type)); 8108 m_freem(m); 8109 PFKEYSTAT_INC(out_dupext); 8110 return EINVAL; 8111 } 8112 break; 8113 default: 8114 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8115 __func__, ext->sadb_ext_type)); 8116 m_freem(m); 8117 PFKEYSTAT_INC(out_invexttype); 8118 return EINVAL; 8119 } 8120 8121 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8122 8123 if (key_validate_ext(ext, extlen)) { 8124 m_freem(m); 8125 PFKEYSTAT_INC(out_invlen); 8126 return EINVAL; 8127 } 8128 8129 n = m_pulldown(m, off, extlen, &toff); 8130 if (!n) { 8131 /* m is already freed */ 8132 return ENOBUFS; 8133 } 8134 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8135 8136 mhp->ext[ext->sadb_ext_type] = ext; 8137 mhp->extoff[ext->sadb_ext_type] = off; 8138 mhp->extlen[ext->sadb_ext_type] = extlen; 8139 } 8140 8141 if (off != end) { 8142 m_freem(m); 8143 PFKEYSTAT_INC(out_invlen); 8144 return EINVAL; 8145 } 8146 8147 return 0; 8148 } 8149 8150 static int 8151 key_validate_ext(const struct sadb_ext *ext, int len) 8152 { 8153 const struct sockaddr *sa; 8154 enum { NONE, ADDR } checktype = NONE; 8155 int baselen = 0; 8156 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8157 8158 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8159 return EINVAL; 8160 8161 /* if it does not match minimum/maximum length, bail */ 8162 if (ext->sadb_ext_type >= nitems(minsize) || 8163 ext->sadb_ext_type >= nitems(maxsize)) 8164 return EINVAL; 8165 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8166 return EINVAL; 8167 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8168 return EINVAL; 8169 8170 /* more checks based on sadb_ext_type XXX need more */ 8171 switch (ext->sadb_ext_type) { 8172 case SADB_EXT_ADDRESS_SRC: 8173 case SADB_EXT_ADDRESS_DST: 8174 case SADB_EXT_ADDRESS_PROXY: 8175 case SADB_X_EXT_NAT_T_OAI: 8176 case SADB_X_EXT_NAT_T_OAR: 8177 case SADB_X_EXT_NEW_ADDRESS_SRC: 8178 case SADB_X_EXT_NEW_ADDRESS_DST: 8179 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8180 checktype = ADDR; 8181 break; 8182 case SADB_EXT_IDENTITY_SRC: 8183 case SADB_EXT_IDENTITY_DST: 8184 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8185 SADB_X_IDENTTYPE_ADDR) { 8186 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8187 checktype = ADDR; 8188 } else 8189 checktype = NONE; 8190 break; 8191 default: 8192 checktype = NONE; 8193 break; 8194 } 8195 8196 switch (checktype) { 8197 case NONE: 8198 break; 8199 case ADDR: 8200 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8201 if (len < baselen + sal) 8202 return EINVAL; 8203 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8204 return EINVAL; 8205 break; 8206 } 8207 8208 return 0; 8209 } 8210 8211 void 8212 spdcache_init(void) 8213 { 8214 int i; 8215 8216 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8217 &V_key_spdcache_maxentries); 8218 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8219 &V_key_spdcache_threshold); 8220 8221 if (V_key_spdcache_maxentries) { 8222 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8223 SPDCACHE_MAX_ENTRIES_PER_HASH); 8224 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8225 SPDCACHE_MAX_ENTRIES_PER_HASH, 8226 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8227 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8228 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8229 8230 V_spdcache_lock = malloc(sizeof(struct mtx) * 8231 (V_spdcachehash_mask + 1), 8232 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8233 8234 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8235 SPDCACHE_LOCK_INIT(i); 8236 } 8237 } 8238 8239 struct spdcache_entry * 8240 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8241 { 8242 struct spdcache_entry *entry; 8243 8244 entry = malloc(sizeof(struct spdcache_entry), 8245 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8246 if (entry == NULL) 8247 return NULL; 8248 8249 if (sp != NULL) 8250 SP_ADDREF(sp); 8251 8252 entry->spidx = *spidx; 8253 entry->sp = sp; 8254 8255 return (entry); 8256 } 8257 8258 void 8259 spdcache_entry_free(struct spdcache_entry *entry) 8260 { 8261 8262 if (entry->sp != NULL) 8263 key_freesp(&entry->sp); 8264 free(entry, M_IPSEC_SPDCACHE); 8265 } 8266 8267 void 8268 spdcache_clear(void) 8269 { 8270 struct spdcache_entry *entry; 8271 int i; 8272 8273 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8274 SPDCACHE_LOCK(i); 8275 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8276 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8277 LIST_REMOVE(entry, chain); 8278 spdcache_entry_free(entry); 8279 } 8280 SPDCACHE_UNLOCK(i); 8281 } 8282 } 8283 8284 #ifdef VIMAGE 8285 void 8286 spdcache_destroy(void) 8287 { 8288 int i; 8289 8290 if (SPDCACHE_ENABLED()) { 8291 spdcache_clear(); 8292 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8293 8294 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8295 SPDCACHE_LOCK_DESTROY(i); 8296 8297 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8298 } 8299 } 8300 #endif 8301 void 8302 key_init(void) 8303 { 8304 int i; 8305 8306 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8307 TAILQ_INIT(&V_sptree[i]); 8308 TAILQ_INIT(&V_sptree_ifnet[i]); 8309 } 8310 8311 TAILQ_INIT(&V_sahtree); 8312 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8313 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8314 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8315 &V_sahaddrhash_mask); 8316 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8317 &V_acqaddrhash_mask); 8318 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8319 &V_acqseqhash_mask); 8320 8321 spdcache_init(); 8322 8323 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8324 LIST_INIT(&V_regtree[i]); 8325 8326 LIST_INIT(&V_acqtree); 8327 LIST_INIT(&V_spacqtree); 8328 8329 if (!IS_DEFAULT_VNET(curvnet)) 8330 return; 8331 8332 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8333 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8334 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8335 8336 SPTREE_LOCK_INIT(); 8337 REGTREE_LOCK_INIT(); 8338 SAHTREE_LOCK_INIT(); 8339 ACQ_LOCK_INIT(); 8340 SPACQ_LOCK_INIT(); 8341 SPI_ALLOC_LOCK_INIT(); 8342 8343 #ifndef IPSEC_DEBUG2 8344 callout_init(&key_timer, 1); 8345 callout_reset(&key_timer, hz, key_timehandler, NULL); 8346 #endif /*IPSEC_DEBUG2*/ 8347 8348 /* initialize key statistics */ 8349 keystat.getspi_count = 1; 8350 8351 if (bootverbose) 8352 printf("IPsec: Initialized Security Association Processing.\n"); 8353 } 8354 8355 #ifdef VIMAGE 8356 void 8357 key_destroy(void) 8358 { 8359 struct secashead_queue sahdrainq; 8360 struct secpolicy_queue drainq; 8361 struct secpolicy *sp, *nextsp; 8362 struct secacq *acq, *nextacq; 8363 struct secspacq *spacq, *nextspacq; 8364 struct secashead *sah; 8365 struct secasvar *sav; 8366 struct secreg *reg; 8367 int i; 8368 8369 /* 8370 * XXX: can we just call free() for each object without 8371 * walking through safe way with releasing references? 8372 */ 8373 TAILQ_INIT(&drainq); 8374 SPTREE_WLOCK(); 8375 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8376 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8377 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8378 } 8379 for (i = 0; i < V_sphash_mask + 1; i++) 8380 LIST_INIT(&V_sphashtbl[i]); 8381 SPTREE_WUNLOCK(); 8382 spdcache_destroy(); 8383 8384 sp = TAILQ_FIRST(&drainq); 8385 while (sp != NULL) { 8386 nextsp = TAILQ_NEXT(sp, chain); 8387 key_freesp(&sp); 8388 sp = nextsp; 8389 } 8390 8391 TAILQ_INIT(&sahdrainq); 8392 SAHTREE_WLOCK(); 8393 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8394 for (i = 0; i < V_savhash_mask + 1; i++) 8395 LIST_INIT(&V_savhashtbl[i]); 8396 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8397 LIST_INIT(&V_sahaddrhashtbl[i]); 8398 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8399 sah->state = SADB_SASTATE_DEAD; 8400 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8401 sav->state = SADB_SASTATE_DEAD; 8402 } 8403 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8404 sav->state = SADB_SASTATE_DEAD; 8405 } 8406 } 8407 SAHTREE_WUNLOCK(); 8408 8409 key_freesah_flushed(&sahdrainq); 8410 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8411 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8412 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8413 8414 REGTREE_LOCK(); 8415 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8416 LIST_FOREACH(reg, &V_regtree[i], chain) { 8417 if (__LIST_CHAINED(reg)) { 8418 LIST_REMOVE(reg, chain); 8419 free(reg, M_IPSEC_SAR); 8420 break; 8421 } 8422 } 8423 } 8424 REGTREE_UNLOCK(); 8425 8426 ACQ_LOCK(); 8427 acq = LIST_FIRST(&V_acqtree); 8428 while (acq != NULL) { 8429 nextacq = LIST_NEXT(acq, chain); 8430 LIST_REMOVE(acq, chain); 8431 free(acq, M_IPSEC_SAQ); 8432 acq = nextacq; 8433 } 8434 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8435 LIST_INIT(&V_acqaddrhashtbl[i]); 8436 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8437 LIST_INIT(&V_acqseqhashtbl[i]); 8438 ACQ_UNLOCK(); 8439 8440 SPACQ_LOCK(); 8441 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8442 spacq = nextspacq) { 8443 nextspacq = LIST_NEXT(spacq, chain); 8444 if (__LIST_CHAINED(spacq)) { 8445 LIST_REMOVE(spacq, chain); 8446 free(spacq, M_IPSEC_SAQ); 8447 } 8448 } 8449 SPACQ_UNLOCK(); 8450 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8451 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8452 8453 if (!IS_DEFAULT_VNET(curvnet)) 8454 return; 8455 8456 uma_zdestroy(ipsec_key_lft_zone); 8457 8458 #ifndef IPSEC_DEBUG2 8459 callout_drain(&key_timer); 8460 #endif 8461 SPTREE_LOCK_DESTROY(); 8462 REGTREE_LOCK_DESTROY(); 8463 SAHTREE_LOCK_DESTROY(); 8464 ACQ_LOCK_DESTROY(); 8465 SPACQ_LOCK_DESTROY(); 8466 SPI_ALLOC_LOCK_DESTROY(); 8467 } 8468 #endif 8469 8470 /* record data transfer on SA, and update timestamps */ 8471 void 8472 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8473 { 8474 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8475 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8476 8477 /* 8478 * XXX Currently, there is a difference of bytes size 8479 * between inbound and outbound processing. 8480 */ 8481 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8482 8483 /* 8484 * We use the number of packets as the unit of 8485 * allocations. We increment the variable 8486 * whenever {esp,ah}_{in,out}put is called. 8487 */ 8488 counter_u64_add(sav->lft_c_allocations, 1); 8489 8490 /* 8491 * NOTE: We record CURRENT usetime by using wall clock, 8492 * in seconds. HARD and SOFT lifetime are measured by the time 8493 * difference (again in seconds) from usetime. 8494 * 8495 * usetime 8496 * v expire expire 8497 * -----+-----+--------+---> t 8498 * <--------------> HARD 8499 * <-----> SOFT 8500 */ 8501 if (sav->firstused == 0) 8502 sav->firstused = time_second; 8503 } 8504 8505 /* 8506 * Take one of the kernel's security keys and convert it into a PF_KEY 8507 * structure within an mbuf, suitable for sending up to a waiting 8508 * application in user land. 8509 * 8510 * IN: 8511 * src: A pointer to a kernel security key. 8512 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8513 * OUT: 8514 * a valid mbuf or NULL indicating an error 8515 * 8516 */ 8517 8518 static struct mbuf * 8519 key_setkey(struct seckey *src, uint16_t exttype) 8520 { 8521 struct mbuf *m; 8522 struct sadb_key *p; 8523 int len; 8524 8525 if (src == NULL) 8526 return NULL; 8527 8528 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8529 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8530 if (m == NULL) 8531 return NULL; 8532 m_align(m, len); 8533 m->m_len = len; 8534 p = mtod(m, struct sadb_key *); 8535 bzero(p, len); 8536 p->sadb_key_len = PFKEY_UNIT64(len); 8537 p->sadb_key_exttype = exttype; 8538 p->sadb_key_bits = src->bits; 8539 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8540 8541 return m; 8542 } 8543 8544 /* 8545 * Take one of the kernel's lifetime data structures and convert it 8546 * into a PF_KEY structure within an mbuf, suitable for sending up to 8547 * a waiting application in user land. 8548 * 8549 * IN: 8550 * src: A pointer to a kernel lifetime structure. 8551 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8552 * data structures for more information. 8553 * OUT: 8554 * a valid mbuf or NULL indicating an error 8555 * 8556 */ 8557 8558 static struct mbuf * 8559 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8560 { 8561 struct mbuf *m = NULL; 8562 struct sadb_lifetime *p; 8563 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8564 8565 if (src == NULL) 8566 return NULL; 8567 8568 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8569 if (m == NULL) 8570 return m; 8571 m_align(m, len); 8572 m->m_len = len; 8573 p = mtod(m, struct sadb_lifetime *); 8574 8575 bzero(p, len); 8576 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8577 p->sadb_lifetime_exttype = exttype; 8578 p->sadb_lifetime_allocations = src->allocations; 8579 p->sadb_lifetime_bytes = src->bytes; 8580 p->sadb_lifetime_addtime = src->addtime; 8581 p->sadb_lifetime_usetime = src->usetime; 8582 8583 return m; 8584 8585 } 8586 8587 const struct enc_xform * 8588 enc_algorithm_lookup(int alg) 8589 { 8590 int i; 8591 8592 for (i = 0; i < nitems(supported_ealgs); i++) 8593 if (alg == supported_ealgs[i].sadb_alg) 8594 return (supported_ealgs[i].xform); 8595 return (NULL); 8596 } 8597 8598 const struct auth_hash * 8599 auth_algorithm_lookup(int alg) 8600 { 8601 int i; 8602 8603 for (i = 0; i < nitems(supported_aalgs); i++) 8604 if (alg == supported_aalgs[i].sadb_alg) 8605 return (supported_aalgs[i].xform); 8606 return (NULL); 8607 } 8608 8609 const struct comp_algo * 8610 comp_algorithm_lookup(int alg) 8611 { 8612 int i; 8613 8614 for (i = 0; i < nitems(supported_calgs); i++) 8615 if (alg == supported_calgs[i].sadb_alg) 8616 return (supported_calgs[i].xform); 8617 return (NULL); 8618 } 8619