1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 70 #include <netinet/in.h> 71 #include <netinet/in_systm.h> 72 #include <netinet/ip.h> 73 #include <netinet/in_var.h> 74 #include <netinet/udp.h> 75 76 #ifdef INET6 77 #include <netinet/ip6.h> 78 #include <netinet6/in6_var.h> 79 #include <netinet6/ip6_var.h> 80 #endif /* INET6 */ 81 82 #include <net/pfkeyv2.h> 83 #include <netipsec/keydb.h> 84 #include <netipsec/key.h> 85 #include <netipsec/keysock.h> 86 #include <netipsec/key_debug.h> 87 88 #include <netipsec/ipsec.h> 89 #ifdef INET6 90 #include <netipsec/ipsec6.h> 91 #endif 92 93 #include <netipsec/xform.h> 94 #include <machine/in_cksum.h> 95 #include <machine/stdarg.h> 96 97 /* randomness */ 98 #include <sys/random.h> 99 100 #define FULLMASK 0xff 101 #define _BITS(bytes) ((bytes) << 3) 102 103 #define UINT32_80PCT 0xcccccccc 104 /* 105 * Note on SA reference counting: 106 * - SAs that are not in DEAD state will have (total external reference + 1) 107 * following value in reference count field. they cannot be freed and are 108 * referenced from SA header. 109 * - SAs that are in DEAD state will have (total external reference) 110 * in reference count field. they are ready to be freed. reference from 111 * SA header will be removed in key_delsav(), when the reference count 112 * field hits 0 (= no external reference other than from SA header. 113 */ 114 115 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 116 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 117 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 119 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 120 /*interval to initialize randseed,1(m)*/ 121 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 122 /* interval to expire acquiring, 30(s)*/ 123 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 124 /* counter for blocking SADB_ACQUIRE.*/ 125 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 126 /* lifetime for blocking SADB_ACQUIRE.*/ 127 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 128 /* preferred old sa rather than new sa.*/ 129 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 130 #define V_key_spi_trycnt VNET(key_spi_trycnt) 131 #define V_key_spi_minval VNET(key_spi_minval) 132 #define V_key_spi_maxval VNET(key_spi_maxval) 133 #define V_policy_id VNET(policy_id) 134 #define V_key_int_random VNET(key_int_random) 135 #define V_key_larval_lifetime VNET(key_larval_lifetime) 136 #define V_key_blockacq_count VNET(key_blockacq_count) 137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 138 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 139 140 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 141 #define V_acq_seq VNET(acq_seq) 142 143 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 144 #define V_sp_genid VNET(sp_genid) 145 146 /* SPD */ 147 TAILQ_HEAD(secpolicy_queue, secpolicy); 148 LIST_HEAD(secpolicy_list, secpolicy); 149 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 151 static struct rmlock sptree_lock; 152 #define V_sptree VNET(sptree) 153 #define V_sptree_ifnet VNET(sptree_ifnet) 154 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 155 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 156 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 157 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 160 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 161 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 162 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 163 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 164 165 /* Hash table for lookup SP using unique id */ 166 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 167 VNET_DEFINE_STATIC(u_long, sphash_mask); 168 #define V_sphashtbl VNET(sphashtbl) 169 #define V_sphash_mask VNET(sphash_mask) 170 171 #define SPHASH_NHASH_LOG2 7 172 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 173 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 174 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 175 176 /* SPD cache */ 177 struct spdcache_entry { 178 struct secpolicyindex spidx; /* secpolicyindex */ 179 struct secpolicy *sp; /* cached policy to be used */ 180 181 LIST_ENTRY(spdcache_entry) chain; 182 }; 183 LIST_HEAD(spdcache_entry_list, spdcache_entry); 184 185 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 186 187 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 188 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 189 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 190 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 191 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 192 #define V_spd_size VNET(spd_size) 193 194 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 195 #define SPDCACHE_ACTIVE() \ 196 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 197 198 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 199 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 200 #define V_spdcachehashtbl VNET(spdcachehashtbl) 201 #define V_spdcachehash_mask VNET(spdcachehash_mask) 202 203 #define SPDCACHE_HASHVAL(idx) \ 204 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 205 V_spdcachehash_mask) 206 207 /* Each cache line is protected by a mutex */ 208 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 209 #define V_spdcache_lock VNET(spdcache_lock) 210 211 #define SPDCACHE_LOCK_INIT(a) \ 212 mtx_init(&V_spdcache_lock[a], "spdcache", \ 213 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 214 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 215 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 216 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 217 218 static struct sx spi_alloc_lock; 219 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 220 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 221 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 222 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 223 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 224 225 /* SAD */ 226 TAILQ_HEAD(secashead_queue, secashead); 227 LIST_HEAD(secashead_list, secashead); 228 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 229 static struct rmlock sahtree_lock; 230 #define V_sahtree VNET(sahtree) 231 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 232 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 233 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 234 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 235 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 236 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 237 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 238 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 239 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 240 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 241 242 /* Hash table for lookup in SAD using SA addresses */ 243 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 244 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 245 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 246 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 247 248 #define SAHHASH_NHASH_LOG2 7 249 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 250 #define SAHADDRHASH_HASHVAL(idx) \ 251 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 252 V_sahaddrhash_mask) 253 #define SAHADDRHASH_HASH(saidx) \ 254 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 255 256 /* Hash table for lookup in SAD using SPI */ 257 LIST_HEAD(secasvar_list, secasvar); 258 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 259 VNET_DEFINE_STATIC(u_long, savhash_mask); 260 #define V_savhashtbl VNET(savhashtbl) 261 #define V_savhash_mask VNET(savhash_mask) 262 #define SAVHASH_NHASH_LOG2 7 263 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 264 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 265 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 266 267 static uint32_t 268 key_addrprotohash(const union sockaddr_union *src, 269 const union sockaddr_union *dst, const uint8_t *proto) 270 { 271 uint32_t hval; 272 273 hval = fnv_32_buf(proto, sizeof(*proto), 274 FNV1_32_INIT); 275 switch (dst->sa.sa_family) { 276 #ifdef INET 277 case AF_INET: 278 hval = fnv_32_buf(&src->sin.sin_addr, 279 sizeof(in_addr_t), hval); 280 hval = fnv_32_buf(&dst->sin.sin_addr, 281 sizeof(in_addr_t), hval); 282 break; 283 #endif 284 #ifdef INET6 285 case AF_INET6: 286 hval = fnv_32_buf(&src->sin6.sin6_addr, 287 sizeof(struct in6_addr), hval); 288 hval = fnv_32_buf(&dst->sin6.sin6_addr, 289 sizeof(struct in6_addr), hval); 290 break; 291 #endif 292 default: 293 hval = 0; 294 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 295 __func__, dst->sa.sa_family)); 296 } 297 return (hval); 298 } 299 300 static uint32_t 301 key_u32hash(uint32_t val) 302 { 303 304 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 305 } 306 307 /* registed list */ 308 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 309 #define V_regtree VNET(regtree) 310 static struct mtx regtree_lock; 311 #define REGTREE_LOCK_INIT() \ 312 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 313 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 314 #define REGTREE_LOCK() mtx_lock(®tree_lock) 315 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 316 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 317 318 /* Acquiring list */ 319 LIST_HEAD(secacq_list, secacq); 320 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 321 #define V_acqtree VNET(acqtree) 322 static struct mtx acq_lock; 323 #define ACQ_LOCK_INIT() \ 324 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 325 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 326 #define ACQ_LOCK() mtx_lock(&acq_lock) 327 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 328 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 329 330 /* Hash table for lookup in ACQ list using SA addresses */ 331 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 332 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 333 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 334 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 335 336 /* Hash table for lookup in ACQ list using SEQ number */ 337 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 338 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 339 #define V_acqseqhashtbl VNET(acqseqhashtbl) 340 #define V_acqseqhash_mask VNET(acqseqhash_mask) 341 342 #define ACQHASH_NHASH_LOG2 7 343 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 344 #define ACQADDRHASH_HASHVAL(idx) \ 345 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 346 V_acqaddrhash_mask) 347 #define ACQSEQHASH_HASHVAL(seq) \ 348 (key_u32hash(seq) & V_acqseqhash_mask) 349 #define ACQADDRHASH_HASH(saidx) \ 350 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 351 #define ACQSEQHASH_HASH(seq) \ 352 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 353 /* SP acquiring list */ 354 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 355 #define V_spacqtree VNET(spacqtree) 356 static struct mtx spacq_lock; 357 #define SPACQ_LOCK_INIT() \ 358 mtx_init(&spacq_lock, "spacqtree", \ 359 "fast ipsec security policy acquire list", MTX_DEF) 360 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 361 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 362 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 363 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 364 365 static const int minsize[] = { 366 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 367 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 368 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 369 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 370 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 371 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 372 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 373 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 374 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 375 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 376 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 377 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 378 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 379 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 380 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 381 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 382 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 383 0, /* SADB_X_EXT_KMPRIVATE */ 384 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 385 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 386 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 387 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 388 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 389 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 390 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 391 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 392 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 393 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 394 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 395 }; 396 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 397 398 static const int maxsize[] = { 399 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 400 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 401 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 402 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 403 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 404 0, /* SADB_EXT_ADDRESS_SRC */ 405 0, /* SADB_EXT_ADDRESS_DST */ 406 0, /* SADB_EXT_ADDRESS_PROXY */ 407 0, /* SADB_EXT_KEY_AUTH */ 408 0, /* SADB_EXT_KEY_ENCRYPT */ 409 0, /* SADB_EXT_IDENTITY_SRC */ 410 0, /* SADB_EXT_IDENTITY_DST */ 411 0, /* SADB_EXT_SENSITIVITY */ 412 0, /* SADB_EXT_PROPOSAL */ 413 0, /* SADB_EXT_SUPPORTED_AUTH */ 414 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 415 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 416 0, /* SADB_X_EXT_KMPRIVATE */ 417 0, /* SADB_X_EXT_POLICY */ 418 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 419 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 420 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 421 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 422 0, /* SADB_X_EXT_NAT_T_OAI */ 423 0, /* SADB_X_EXT_NAT_T_OAR */ 424 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 425 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 426 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 427 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 428 }; 429 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 430 431 /* 432 * Internal values for SA flags: 433 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 434 * thus we will not free the most of SA content in key_delsav(). 435 */ 436 #define SADB_X_EXT_F_CLONED 0x80000000 437 438 #define SADB_CHECKLEN(_mhp, _ext) \ 439 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 440 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 441 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 442 443 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 444 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 445 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 446 447 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 448 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 449 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 450 451 #ifdef IPSEC_DEBUG 452 VNET_DEFINE(int, ipsec_debug) = 1; 453 #else 454 VNET_DEFINE(int, ipsec_debug) = 0; 455 #endif 456 457 #ifdef INET 458 SYSCTL_DECL(_net_inet_ipsec); 459 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 460 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 461 "Enable IPsec debugging output when set."); 462 #endif 463 #ifdef INET6 464 SYSCTL_DECL(_net_inet6_ipsec6); 465 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 466 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 467 "Enable IPsec debugging output when set."); 468 #endif 469 470 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 471 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 472 473 /* max count of trial for the decision of spi value */ 474 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 475 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 476 477 /* minimum spi value to allocate automatically. */ 478 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 479 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 480 481 /* maximun spi value to allocate automatically. */ 482 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 483 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 484 485 /* interval to initialize randseed */ 486 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 487 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 488 489 /* lifetime for larval SA */ 490 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 491 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 492 493 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 494 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 495 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 496 497 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 498 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 499 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 500 501 /* ESP auth */ 502 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 503 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 504 505 /* minimum ESP key length */ 506 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 507 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 508 509 /* minimum AH key length */ 510 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 511 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 512 513 /* perfered old SA rather than new SA */ 514 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 515 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 516 517 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 518 "SPD cache"); 519 520 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 521 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 522 "Maximum number of entries in the SPD cache" 523 " (power of 2, 0 to disable)"); 524 525 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 526 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 527 "Number of SPs that make the SPD cache active"); 528 529 #define __LIST_CHAINED(elm) \ 530 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 531 532 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 533 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 534 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 535 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 536 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 537 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 538 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 539 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 540 541 static uma_zone_t __read_mostly ipsec_key_lft_zone; 542 543 /* 544 * set parameters into secpolicyindex buffer. 545 * Must allocate secpolicyindex buffer passed to this function. 546 */ 547 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 548 do { \ 549 bzero((idx), sizeof(struct secpolicyindex)); \ 550 (idx)->dir = (_dir); \ 551 (idx)->prefs = (ps); \ 552 (idx)->prefd = (pd); \ 553 (idx)->ul_proto = (ulp); \ 554 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 555 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 556 } while (0) 557 558 /* 559 * set parameters into secasindex buffer. 560 * Must allocate secasindex buffer before calling this function. 561 */ 562 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 563 do { \ 564 bzero((idx), sizeof(struct secasindex)); \ 565 (idx)->proto = (p); \ 566 (idx)->mode = (m); \ 567 (idx)->reqid = (r); \ 568 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 569 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 570 key_porttosaddr(&(idx)->src.sa, 0); \ 571 key_porttosaddr(&(idx)->dst.sa, 0); \ 572 } while (0) 573 574 /* key statistics */ 575 struct _keystat { 576 u_long getspi_count; /* the avarage of count to try to get new SPI */ 577 } keystat; 578 579 struct sadb_msghdr { 580 struct sadb_msg *msg; 581 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 582 int extoff[SADB_EXT_MAX + 1]; 583 int extlen[SADB_EXT_MAX + 1]; 584 }; 585 586 static struct supported_ealgs { 587 int sadb_alg; 588 const struct enc_xform *xform; 589 } supported_ealgs[] = { 590 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 591 { SADB_EALG_NULL, &enc_xform_null }, 592 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 593 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 594 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 595 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 }, 596 }; 597 598 static struct supported_aalgs { 599 int sadb_alg; 600 const struct auth_hash *xform; 601 } supported_aalgs[] = { 602 { SADB_X_AALG_NULL, &auth_hash_null }, 603 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 604 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 605 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 606 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 607 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 608 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 609 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 610 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 }, 611 }; 612 613 static struct supported_calgs { 614 int sadb_alg; 615 const struct comp_algo *xform; 616 } supported_calgs[] = { 617 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 618 }; 619 620 #ifndef IPSEC_DEBUG2 621 static struct callout key_timer; 622 #endif 623 624 static void key_unlink(struct secpolicy *); 625 static void key_detach(struct secpolicy *); 626 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 627 static struct secpolicy *key_getsp(struct secpolicyindex *); 628 static struct secpolicy *key_getspbyid(u_int32_t); 629 static struct mbuf *key_gather_mbuf(struct mbuf *, 630 const struct sadb_msghdr *, int, int, ...); 631 static int key_spdadd(struct socket *, struct mbuf *, 632 const struct sadb_msghdr *); 633 static uint32_t key_getnewspid(void); 634 static int key_spddelete(struct socket *, struct mbuf *, 635 const struct sadb_msghdr *); 636 static int key_spddelete2(struct socket *, struct mbuf *, 637 const struct sadb_msghdr *); 638 static int key_spdget(struct socket *, struct mbuf *, 639 const struct sadb_msghdr *); 640 static int key_spdflush(struct socket *, struct mbuf *, 641 const struct sadb_msghdr *); 642 static int key_spddump(struct socket *, struct mbuf *, 643 const struct sadb_msghdr *); 644 static struct mbuf *key_setdumpsp(struct secpolicy *, 645 u_int8_t, u_int32_t, u_int32_t); 646 static struct mbuf *key_sp2mbuf(struct secpolicy *); 647 static size_t key_getspreqmsglen(struct secpolicy *); 648 static int key_spdexpire(struct secpolicy *); 649 static struct secashead *key_newsah(struct secasindex *); 650 static void key_freesah(struct secashead **); 651 static void key_delsah(struct secashead *); 652 static struct secasvar *key_newsav(const struct sadb_msghdr *, 653 struct secasindex *, uint32_t, int *); 654 static void key_delsav(struct secasvar *); 655 static void key_unlinksav(struct secasvar *); 656 static struct secashead *key_getsah(struct secasindex *); 657 static int key_checkspidup(uint32_t); 658 static struct secasvar *key_getsavbyspi(uint32_t); 659 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 660 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 661 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updateaddresses(struct socket *, struct mbuf *, 663 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 664 665 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 666 u_int8_t, u_int32_t, u_int32_t); 667 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 668 u_int32_t, pid_t, u_int16_t); 669 static struct mbuf *key_setsadbsa(struct secasvar *); 670 static struct mbuf *key_setsadbaddr(u_int16_t, 671 const struct sockaddr *, u_int8_t, u_int16_t); 672 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 673 static struct mbuf *key_setsadbxtype(u_int16_t); 674 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 675 static struct mbuf *key_setsadbxsareplay(u_int32_t); 676 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 677 u_int32_t, u_int32_t); 678 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 679 struct malloc_type *); 680 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 681 struct malloc_type *); 682 683 /* flags for key_cmpsaidx() */ 684 #define CMP_HEAD 1 /* protocol, addresses. */ 685 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 686 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 687 #define CMP_EXACTLY 4 /* all elements. */ 688 static int key_cmpsaidx(const struct secasindex *, 689 const struct secasindex *, int); 690 static int key_cmpspidx_exactly(struct secpolicyindex *, 691 struct secpolicyindex *); 692 static int key_cmpspidx_withmask(struct secpolicyindex *, 693 struct secpolicyindex *); 694 static int key_bbcmp(const void *, const void *, u_int); 695 static uint8_t key_satype2proto(uint8_t); 696 static uint8_t key_proto2satype(uint8_t); 697 698 static int key_getspi(struct socket *, struct mbuf *, 699 const struct sadb_msghdr *); 700 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 701 static int key_update(struct socket *, struct mbuf *, 702 const struct sadb_msghdr *); 703 static int key_add(struct socket *, struct mbuf *, 704 const struct sadb_msghdr *); 705 static int key_setident(struct secashead *, const struct sadb_msghdr *); 706 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 707 const struct sadb_msghdr *); 708 static int key_delete(struct socket *, struct mbuf *, 709 const struct sadb_msghdr *); 710 static int key_delete_all(struct socket *, struct mbuf *, 711 const struct sadb_msghdr *, struct secasindex *); 712 static int key_get(struct socket *, struct mbuf *, 713 const struct sadb_msghdr *); 714 715 static void key_getcomb_setlifetime(struct sadb_comb *); 716 static struct mbuf *key_getcomb_ealg(void); 717 static struct mbuf *key_getcomb_ah(void); 718 static struct mbuf *key_getcomb_ipcomp(void); 719 static struct mbuf *key_getprop(const struct secasindex *); 720 721 static int key_acquire(const struct secasindex *, struct secpolicy *); 722 static uint32_t key_newacq(const struct secasindex *, int *); 723 static uint32_t key_getacq(const struct secasindex *, int *); 724 static int key_acqdone(const struct secasindex *, uint32_t); 725 static int key_acqreset(uint32_t); 726 static struct secspacq *key_newspacq(struct secpolicyindex *); 727 static struct secspacq *key_getspacq(struct secpolicyindex *); 728 static int key_acquire2(struct socket *, struct mbuf *, 729 const struct sadb_msghdr *); 730 static int key_register(struct socket *, struct mbuf *, 731 const struct sadb_msghdr *); 732 static int key_expire(struct secasvar *, int); 733 static int key_flush(struct socket *, struct mbuf *, 734 const struct sadb_msghdr *); 735 static int key_dump(struct socket *, struct mbuf *, 736 const struct sadb_msghdr *); 737 static int key_promisc(struct socket *, struct mbuf *, 738 const struct sadb_msghdr *); 739 static int key_senderror(struct socket *, struct mbuf *, int); 740 static int key_validate_ext(const struct sadb_ext *, int); 741 static int key_align(struct mbuf *, struct sadb_msghdr *); 742 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 743 static struct mbuf *key_setkey(struct seckey *, uint16_t); 744 745 static void spdcache_init(void); 746 static void spdcache_clear(void); 747 static struct spdcache_entry *spdcache_entry_alloc( 748 const struct secpolicyindex *spidx, 749 struct secpolicy *policy); 750 static void spdcache_entry_free(struct spdcache_entry *entry); 751 #ifdef VIMAGE 752 static void spdcache_destroy(void); 753 #endif 754 755 #define DBG_IPSEC_INITREF(t, p) do { \ 756 refcount_init(&(p)->refcnt, 1); \ 757 KEYDBG(KEY_STAMP, \ 758 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 759 __func__, #t, (p), (p)->refcnt)); \ 760 } while (0) 761 #define DBG_IPSEC_ADDREF(t, p) do { \ 762 refcount_acquire(&(p)->refcnt); \ 763 KEYDBG(KEY_STAMP, \ 764 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 765 __func__, #t, (p), (p)->refcnt)); \ 766 } while (0) 767 #define DBG_IPSEC_DELREF(t, p) do { \ 768 KEYDBG(KEY_STAMP, \ 769 printf("%s: Release refcnt %s(%p) -> %u\n", \ 770 __func__, #t, (p), (p)->refcnt - 1)); \ 771 refcount_release(&(p)->refcnt); \ 772 } while (0) 773 774 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 775 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 776 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 777 778 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 779 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 780 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 781 782 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 783 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 784 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 785 786 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 787 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 788 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 789 790 /* 791 * Update the refcnt while holding the SPTREE lock. 792 */ 793 void 794 key_addref(struct secpolicy *sp) 795 { 796 797 SP_ADDREF(sp); 798 } 799 800 /* 801 * Return 0 when there are known to be no SP's for the specified 802 * direction. Otherwise return 1. This is used by IPsec code 803 * to optimize performance. 804 */ 805 int 806 key_havesp(u_int dir) 807 { 808 809 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 810 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 811 } 812 813 /* %%% IPsec policy management */ 814 /* 815 * Return current SPDB generation. 816 */ 817 uint32_t 818 key_getspgen(void) 819 { 820 821 return (V_sp_genid); 822 } 823 824 void 825 key_bumpspgen(void) 826 { 827 828 V_sp_genid++; 829 } 830 831 static int 832 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 833 { 834 835 /* family match */ 836 if (src->sa_family != dst->sa_family) 837 return (EINVAL); 838 /* sa_len match */ 839 if (src->sa_len != dst->sa_len) 840 return (EINVAL); 841 switch (src->sa_family) { 842 #ifdef INET 843 case AF_INET: 844 if (src->sa_len != sizeof(struct sockaddr_in)) 845 return (EINVAL); 846 break; 847 #endif 848 #ifdef INET6 849 case AF_INET6: 850 if (src->sa_len != sizeof(struct sockaddr_in6)) 851 return (EINVAL); 852 break; 853 #endif 854 default: 855 return (EAFNOSUPPORT); 856 } 857 return (0); 858 } 859 860 struct secpolicy * 861 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 862 { 863 SPTREE_RLOCK_TRACKER; 864 struct secpolicy *sp; 865 866 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 867 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 868 ("invalid direction %u", dir)); 869 870 SPTREE_RLOCK(); 871 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 872 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 873 SP_ADDREF(sp); 874 break; 875 } 876 } 877 SPTREE_RUNLOCK(); 878 return (sp); 879 } 880 881 /* 882 * allocating a SP for OUTBOUND or INBOUND packet. 883 * Must call key_freesp() later. 884 * OUT: NULL: not found 885 * others: found and return the pointer. 886 */ 887 struct secpolicy * 888 key_allocsp(struct secpolicyindex *spidx, u_int dir) 889 { 890 struct spdcache_entry *entry, *lastentry, *tmpentry; 891 struct secpolicy *sp; 892 uint32_t hashv; 893 int nb_entries; 894 895 if (!SPDCACHE_ACTIVE()) { 896 sp = key_do_allocsp(spidx, dir); 897 goto out; 898 } 899 900 hashv = SPDCACHE_HASHVAL(spidx); 901 SPDCACHE_LOCK(hashv); 902 nb_entries = 0; 903 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 904 /* Removed outdated entries */ 905 if (entry->sp != NULL && 906 entry->sp->state == IPSEC_SPSTATE_DEAD) { 907 LIST_REMOVE(entry, chain); 908 spdcache_entry_free(entry); 909 continue; 910 } 911 912 nb_entries++; 913 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 914 lastentry = entry; 915 continue; 916 } 917 918 sp = entry->sp; 919 if (entry->sp != NULL) 920 SP_ADDREF(sp); 921 922 /* IPSECSTAT_INC(ips_spdcache_hits); */ 923 924 SPDCACHE_UNLOCK(hashv); 925 goto out; 926 } 927 928 /* IPSECSTAT_INC(ips_spdcache_misses); */ 929 930 sp = key_do_allocsp(spidx, dir); 931 entry = spdcache_entry_alloc(spidx, sp); 932 if (entry != NULL) { 933 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 934 LIST_REMOVE(lastentry, chain); 935 spdcache_entry_free(lastentry); 936 } 937 938 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 939 } 940 941 SPDCACHE_UNLOCK(hashv); 942 943 out: 944 if (sp != NULL) { /* found a SPD entry */ 945 sp->lastused = time_second; 946 KEYDBG(IPSEC_STAMP, 947 printf("%s: return SP(%p)\n", __func__, sp)); 948 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 949 } else { 950 KEYDBG(IPSEC_DATA, 951 printf("%s: lookup failed for ", __func__); 952 kdebug_secpolicyindex(spidx, NULL)); 953 } 954 return (sp); 955 } 956 957 /* 958 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 959 * or should be signed by MD5 signature. 960 * We don't use key_allocsa() for such lookups, because we don't know SPI. 961 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 962 * signed packet. We use SADB only as storage for password. 963 * OUT: positive: corresponding SA for given saidx found. 964 * NULL: SA not found 965 */ 966 struct secasvar * 967 key_allocsa_tcpmd5(struct secasindex *saidx) 968 { 969 SAHTREE_RLOCK_TRACKER; 970 struct secashead *sah; 971 struct secasvar *sav; 972 973 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 974 ("unexpected security protocol %u", saidx->proto)); 975 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 976 ("unexpected mode %u", saidx->mode)); 977 978 SAHTREE_RLOCK(); 979 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 980 KEYDBG(IPSEC_DUMP, 981 printf("%s: checking SAH\n", __func__); 982 kdebug_secash(sah, " ")); 983 if (sah->saidx.proto != IPPROTO_TCP) 984 continue; 985 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 986 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 987 break; 988 } 989 if (sah != NULL) { 990 if (V_key_preferred_oldsa) 991 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 992 else 993 sav = TAILQ_FIRST(&sah->savtree_alive); 994 if (sav != NULL) 995 SAV_ADDREF(sav); 996 } else 997 sav = NULL; 998 SAHTREE_RUNLOCK(); 999 1000 if (sav != NULL) { 1001 KEYDBG(IPSEC_STAMP, 1002 printf("%s: return SA(%p)\n", __func__, sav)); 1003 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1004 } else { 1005 KEYDBG(IPSEC_STAMP, 1006 printf("%s: SA not found\n", __func__)); 1007 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1008 } 1009 return (sav); 1010 } 1011 1012 /* 1013 * Allocating an SA entry for an *OUTBOUND* packet. 1014 * OUT: positive: corresponding SA for given saidx found. 1015 * NULL: SA not found, but will be acquired, check *error 1016 * for acquiring status. 1017 */ 1018 struct secasvar * 1019 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1020 int *error) 1021 { 1022 SAHTREE_RLOCK_TRACKER; 1023 struct secashead *sah; 1024 struct secasvar *sav; 1025 1026 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1027 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1028 saidx->mode == IPSEC_MODE_TUNNEL, 1029 ("unexpected policy %u", saidx->mode)); 1030 1031 /* 1032 * We check new SA in the IPsec request because a different 1033 * SA may be involved each time this request is checked, either 1034 * because new SAs are being configured, or this request is 1035 * associated with an unconnected datagram socket, or this request 1036 * is associated with a system default policy. 1037 */ 1038 SAHTREE_RLOCK(); 1039 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1040 KEYDBG(IPSEC_DUMP, 1041 printf("%s: checking SAH\n", __func__); 1042 kdebug_secash(sah, " ")); 1043 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1044 break; 1045 } 1046 if (sah != NULL) { 1047 /* 1048 * Allocate the oldest SA available according to 1049 * draft-jenkins-ipsec-rekeying-03. 1050 */ 1051 if (V_key_preferred_oldsa) 1052 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1053 else 1054 sav = TAILQ_FIRST(&sah->savtree_alive); 1055 if (sav != NULL) 1056 SAV_ADDREF(sav); 1057 } else 1058 sav = NULL; 1059 SAHTREE_RUNLOCK(); 1060 1061 if (sav != NULL) { 1062 *error = 0; 1063 KEYDBG(IPSEC_STAMP, 1064 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1065 sav, sp)); 1066 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1067 return (sav); /* return referenced SA */ 1068 } 1069 1070 /* there is no SA */ 1071 *error = key_acquire(saidx, sp); 1072 if ((*error) != 0) 1073 ipseclog((LOG_DEBUG, 1074 "%s: error %d returned from key_acquire()\n", 1075 __func__, *error)); 1076 KEYDBG(IPSEC_STAMP, 1077 printf("%s: acquire SA for SP(%p), error %d\n", 1078 __func__, sp, *error)); 1079 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1080 return (NULL); 1081 } 1082 1083 /* 1084 * allocating a usable SA entry for a *INBOUND* packet. 1085 * Must call key_freesav() later. 1086 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1087 * NULL: not found, or error occurred. 1088 * 1089 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1090 * destination address, and security protocol. But according to RFC 4301, 1091 * SPI by itself suffices to specify an SA. 1092 * 1093 * Note that, however, we do need to keep source address in IPsec SA. 1094 * IKE specification and PF_KEY specification do assume that we 1095 * keep source address in IPsec SA. We see a tricky situation here. 1096 */ 1097 struct secasvar * 1098 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1099 { 1100 SAHTREE_RLOCK_TRACKER; 1101 struct secasvar *sav; 1102 1103 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1104 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1105 proto)); 1106 1107 SAHTREE_RLOCK(); 1108 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1109 if (sav->spi == spi) 1110 break; 1111 } 1112 /* 1113 * We use single SPI namespace for all protocols, so it is 1114 * impossible to have SPI duplicates in the SAVHASH. 1115 */ 1116 if (sav != NULL) { 1117 if (sav->state != SADB_SASTATE_LARVAL && 1118 sav->sah->saidx.proto == proto && 1119 key_sockaddrcmp(&dst->sa, 1120 &sav->sah->saidx.dst.sa, 0) == 0) 1121 SAV_ADDREF(sav); 1122 else 1123 sav = NULL; 1124 } 1125 SAHTREE_RUNLOCK(); 1126 1127 if (sav == NULL) { 1128 KEYDBG(IPSEC_STAMP, 1129 char buf[IPSEC_ADDRSTRLEN]; 1130 printf("%s: SA not found for spi %u proto %u dst %s\n", 1131 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1132 sizeof(buf)))); 1133 } else { 1134 KEYDBG(IPSEC_STAMP, 1135 printf("%s: return SA(%p)\n", __func__, sav)); 1136 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1137 } 1138 return (sav); 1139 } 1140 1141 struct secasvar * 1142 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1143 uint8_t proto) 1144 { 1145 SAHTREE_RLOCK_TRACKER; 1146 struct secasindex saidx; 1147 struct secashead *sah; 1148 struct secasvar *sav; 1149 1150 IPSEC_ASSERT(src != NULL, ("null src address")); 1151 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1152 1153 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1154 &dst->sa, &saidx); 1155 1156 sav = NULL; 1157 SAHTREE_RLOCK(); 1158 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1159 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1160 continue; 1161 if (proto != sah->saidx.proto) 1162 continue; 1163 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1164 continue; 1165 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1166 continue; 1167 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1168 if (V_key_preferred_oldsa) 1169 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1170 else 1171 sav = TAILQ_FIRST(&sah->savtree_alive); 1172 if (sav != NULL) { 1173 SAV_ADDREF(sav); 1174 break; 1175 } 1176 } 1177 SAHTREE_RUNLOCK(); 1178 KEYDBG(IPSEC_STAMP, 1179 printf("%s: return SA(%p)\n", __func__, sav)); 1180 if (sav != NULL) 1181 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1182 return (sav); 1183 } 1184 1185 /* 1186 * Must be called after calling key_allocsp(). 1187 */ 1188 void 1189 key_freesp(struct secpolicy **spp) 1190 { 1191 struct secpolicy *sp = *spp; 1192 1193 IPSEC_ASSERT(sp != NULL, ("null sp")); 1194 if (SP_DELREF(sp) == 0) 1195 return; 1196 1197 KEYDBG(IPSEC_STAMP, 1198 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1199 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1200 1201 *spp = NULL; 1202 while (sp->tcount > 0) 1203 ipsec_delisr(sp->req[--sp->tcount]); 1204 free(sp, M_IPSEC_SP); 1205 } 1206 1207 static void 1208 key_unlink(struct secpolicy *sp) 1209 { 1210 SPTREE_WLOCK(); 1211 key_detach(sp); 1212 SPTREE_WUNLOCK(); 1213 if (SPDCACHE_ENABLED()) 1214 spdcache_clear(); 1215 key_freesp(&sp); 1216 } 1217 1218 static void 1219 key_detach(struct secpolicy *sp) 1220 { 1221 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1222 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1223 ("invalid direction %u", sp->spidx.dir)); 1224 SPTREE_WLOCK_ASSERT(); 1225 1226 KEYDBG(KEY_STAMP, 1227 printf("%s: SP(%p)\n", __func__, sp)); 1228 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1229 /* SP is already unlinked */ 1230 return; 1231 } 1232 sp->state = IPSEC_SPSTATE_DEAD; 1233 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1234 V_spd_size--; 1235 LIST_REMOVE(sp, idhash); 1236 V_sp_genid++; 1237 } 1238 1239 /* 1240 * insert a secpolicy into the SP database. Lower priorities first 1241 */ 1242 static void 1243 key_insertsp(struct secpolicy *newsp) 1244 { 1245 struct secpolicy *sp; 1246 1247 SPTREE_WLOCK_ASSERT(); 1248 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1249 if (newsp->priority < sp->priority) { 1250 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1251 goto done; 1252 } 1253 } 1254 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1255 done: 1256 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1257 newsp->state = IPSEC_SPSTATE_ALIVE; 1258 V_spd_size++; 1259 V_sp_genid++; 1260 } 1261 1262 /* 1263 * Insert a bunch of VTI secpolicies into the SPDB. 1264 * We keep VTI policies in the separate list due to following reasons: 1265 * 1) they should be immutable to user's or some deamon's attempts to 1266 * delete. The only way delete such policies - destroy or unconfigure 1267 * corresponding virtual inteface. 1268 * 2) such policies have traffic selector that matches all traffic per 1269 * address family. 1270 * Since all VTI policies have the same priority, we don't care about 1271 * policies order. 1272 */ 1273 int 1274 key_register_ifnet(struct secpolicy **spp, u_int count) 1275 { 1276 struct mbuf *m; 1277 u_int i; 1278 1279 SPTREE_WLOCK(); 1280 /* 1281 * First of try to acquire id for each SP. 1282 */ 1283 for (i = 0; i < count; i++) { 1284 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1285 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1286 ("invalid direction %u", spp[i]->spidx.dir)); 1287 1288 if ((spp[i]->id = key_getnewspid()) == 0) { 1289 SPTREE_WUNLOCK(); 1290 return (EAGAIN); 1291 } 1292 } 1293 for (i = 0; i < count; i++) { 1294 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1295 spp[i], chain); 1296 /* 1297 * NOTE: despite the fact that we keep VTI SP in the 1298 * separate list, SPHASH contains policies from both 1299 * sources. Thus SADB_X_SPDGET will correctly return 1300 * SP by id, because it uses SPHASH for lookups. 1301 */ 1302 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1303 spp[i]->state = IPSEC_SPSTATE_IFNET; 1304 } 1305 SPTREE_WUNLOCK(); 1306 /* 1307 * Notify user processes about new SP. 1308 */ 1309 for (i = 0; i < count; i++) { 1310 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1311 if (m != NULL) 1312 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1313 } 1314 return (0); 1315 } 1316 1317 void 1318 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1319 { 1320 struct mbuf *m; 1321 u_int i; 1322 1323 SPTREE_WLOCK(); 1324 for (i = 0; i < count; i++) { 1325 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1326 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1327 ("invalid direction %u", spp[i]->spidx.dir)); 1328 1329 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1330 continue; 1331 spp[i]->state = IPSEC_SPSTATE_DEAD; 1332 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1333 spp[i], chain); 1334 V_spd_size--; 1335 LIST_REMOVE(spp[i], idhash); 1336 } 1337 SPTREE_WUNLOCK(); 1338 if (SPDCACHE_ENABLED()) 1339 spdcache_clear(); 1340 1341 for (i = 0; i < count; i++) { 1342 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1343 if (m != NULL) 1344 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1345 } 1346 } 1347 1348 /* 1349 * Must be called after calling key_allocsa(). 1350 * This function is called by key_freesp() to free some SA allocated 1351 * for a policy. 1352 */ 1353 void 1354 key_freesav(struct secasvar **psav) 1355 { 1356 struct secasvar *sav = *psav; 1357 1358 IPSEC_ASSERT(sav != NULL, ("null sav")); 1359 CURVNET_ASSERT_SET(); 1360 if (SAV_DELREF(sav) == 0) 1361 return; 1362 1363 KEYDBG(IPSEC_STAMP, 1364 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1365 1366 *psav = NULL; 1367 key_delsav(sav); 1368 } 1369 1370 /* 1371 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1372 * Expect that SA has extra reference due to lookup. 1373 * Release this references, also release SAH reference after unlink. 1374 */ 1375 static void 1376 key_unlinksav(struct secasvar *sav) 1377 { 1378 struct secashead *sah; 1379 1380 KEYDBG(KEY_STAMP, 1381 printf("%s: SA(%p)\n", __func__, sav)); 1382 1383 CURVNET_ASSERT_SET(); 1384 SAHTREE_UNLOCK_ASSERT(); 1385 SAHTREE_WLOCK(); 1386 if (sav->state == SADB_SASTATE_DEAD) { 1387 /* SA is already unlinked */ 1388 SAHTREE_WUNLOCK(); 1389 return; 1390 } 1391 /* Unlink from SAH */ 1392 if (sav->state == SADB_SASTATE_LARVAL) 1393 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1394 else 1395 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1396 /* Unlink from SPI hash */ 1397 LIST_REMOVE(sav, spihash); 1398 sav->state = SADB_SASTATE_DEAD; 1399 sah = sav->sah; 1400 SAHTREE_WUNLOCK(); 1401 key_freesav(&sav); 1402 /* Since we are unlinked, release reference to SAH */ 1403 key_freesah(&sah); 1404 } 1405 1406 /* %%% SPD management */ 1407 /* 1408 * search SPD 1409 * OUT: NULL : not found 1410 * others : found, pointer to a SP. 1411 */ 1412 static struct secpolicy * 1413 key_getsp(struct secpolicyindex *spidx) 1414 { 1415 SPTREE_RLOCK_TRACKER; 1416 struct secpolicy *sp; 1417 1418 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1419 1420 SPTREE_RLOCK(); 1421 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1422 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1423 SP_ADDREF(sp); 1424 break; 1425 } 1426 } 1427 SPTREE_RUNLOCK(); 1428 1429 return sp; 1430 } 1431 1432 /* 1433 * get SP by index. 1434 * OUT: NULL : not found 1435 * others : found, pointer to referenced SP. 1436 */ 1437 static struct secpolicy * 1438 key_getspbyid(uint32_t id) 1439 { 1440 SPTREE_RLOCK_TRACKER; 1441 struct secpolicy *sp; 1442 1443 SPTREE_RLOCK(); 1444 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1445 if (sp->id == id) { 1446 SP_ADDREF(sp); 1447 break; 1448 } 1449 } 1450 SPTREE_RUNLOCK(); 1451 return (sp); 1452 } 1453 1454 struct secpolicy * 1455 key_newsp(void) 1456 { 1457 struct secpolicy *sp; 1458 1459 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1460 if (sp != NULL) 1461 SP_INITREF(sp); 1462 return (sp); 1463 } 1464 1465 struct ipsecrequest * 1466 ipsec_newisr(void) 1467 { 1468 1469 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1470 M_NOWAIT | M_ZERO)); 1471 } 1472 1473 void 1474 ipsec_delisr(struct ipsecrequest *p) 1475 { 1476 1477 free(p, M_IPSEC_SR); 1478 } 1479 1480 /* 1481 * create secpolicy structure from sadb_x_policy structure. 1482 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1483 * are not set, so must be set properly later. 1484 */ 1485 struct secpolicy * 1486 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1487 { 1488 struct secpolicy *newsp; 1489 1490 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1491 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1492 1493 if (len != PFKEY_EXTLEN(xpl0)) { 1494 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1495 *error = EINVAL; 1496 return NULL; 1497 } 1498 1499 if ((newsp = key_newsp()) == NULL) { 1500 *error = ENOBUFS; 1501 return NULL; 1502 } 1503 1504 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1505 newsp->policy = xpl0->sadb_x_policy_type; 1506 newsp->priority = xpl0->sadb_x_policy_priority; 1507 newsp->tcount = 0; 1508 1509 /* check policy */ 1510 switch (xpl0->sadb_x_policy_type) { 1511 case IPSEC_POLICY_DISCARD: 1512 case IPSEC_POLICY_NONE: 1513 case IPSEC_POLICY_ENTRUST: 1514 case IPSEC_POLICY_BYPASS: 1515 break; 1516 1517 case IPSEC_POLICY_IPSEC: 1518 { 1519 struct sadb_x_ipsecrequest *xisr; 1520 struct ipsecrequest *isr; 1521 int tlen; 1522 1523 /* validity check */ 1524 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1525 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1526 __func__)); 1527 key_freesp(&newsp); 1528 *error = EINVAL; 1529 return NULL; 1530 } 1531 1532 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1533 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1534 1535 while (tlen > 0) { 1536 /* length check */ 1537 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1538 xisr->sadb_x_ipsecrequest_len > tlen) { 1539 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1540 "length.\n", __func__)); 1541 key_freesp(&newsp); 1542 *error = EINVAL; 1543 return NULL; 1544 } 1545 1546 if (newsp->tcount >= IPSEC_MAXREQ) { 1547 ipseclog((LOG_DEBUG, 1548 "%s: too many ipsecrequests.\n", 1549 __func__)); 1550 key_freesp(&newsp); 1551 *error = EINVAL; 1552 return (NULL); 1553 } 1554 1555 /* allocate request buffer */ 1556 /* NB: data structure is zero'd */ 1557 isr = ipsec_newisr(); 1558 if (isr == NULL) { 1559 ipseclog((LOG_DEBUG, 1560 "%s: No more memory.\n", __func__)); 1561 key_freesp(&newsp); 1562 *error = ENOBUFS; 1563 return NULL; 1564 } 1565 1566 newsp->req[newsp->tcount++] = isr; 1567 1568 /* set values */ 1569 switch (xisr->sadb_x_ipsecrequest_proto) { 1570 case IPPROTO_ESP: 1571 case IPPROTO_AH: 1572 case IPPROTO_IPCOMP: 1573 break; 1574 default: 1575 ipseclog((LOG_DEBUG, 1576 "%s: invalid proto type=%u\n", __func__, 1577 xisr->sadb_x_ipsecrequest_proto)); 1578 key_freesp(&newsp); 1579 *error = EPROTONOSUPPORT; 1580 return NULL; 1581 } 1582 isr->saidx.proto = 1583 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1584 1585 switch (xisr->sadb_x_ipsecrequest_mode) { 1586 case IPSEC_MODE_TRANSPORT: 1587 case IPSEC_MODE_TUNNEL: 1588 break; 1589 case IPSEC_MODE_ANY: 1590 default: 1591 ipseclog((LOG_DEBUG, 1592 "%s: invalid mode=%u\n", __func__, 1593 xisr->sadb_x_ipsecrequest_mode)); 1594 key_freesp(&newsp); 1595 *error = EINVAL; 1596 return NULL; 1597 } 1598 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1599 1600 switch (xisr->sadb_x_ipsecrequest_level) { 1601 case IPSEC_LEVEL_DEFAULT: 1602 case IPSEC_LEVEL_USE: 1603 case IPSEC_LEVEL_REQUIRE: 1604 break; 1605 case IPSEC_LEVEL_UNIQUE: 1606 /* validity check */ 1607 /* 1608 * If range violation of reqid, kernel will 1609 * update it, don't refuse it. 1610 */ 1611 if (xisr->sadb_x_ipsecrequest_reqid 1612 > IPSEC_MANUAL_REQID_MAX) { 1613 ipseclog((LOG_DEBUG, 1614 "%s: reqid=%d range " 1615 "violation, updated by kernel.\n", 1616 __func__, 1617 xisr->sadb_x_ipsecrequest_reqid)); 1618 xisr->sadb_x_ipsecrequest_reqid = 0; 1619 } 1620 1621 /* allocate new reqid id if reqid is zero. */ 1622 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1623 u_int32_t reqid; 1624 if ((reqid = key_newreqid()) == 0) { 1625 key_freesp(&newsp); 1626 *error = ENOBUFS; 1627 return NULL; 1628 } 1629 isr->saidx.reqid = reqid; 1630 xisr->sadb_x_ipsecrequest_reqid = reqid; 1631 } else { 1632 /* set it for manual keying. */ 1633 isr->saidx.reqid = 1634 xisr->sadb_x_ipsecrequest_reqid; 1635 } 1636 break; 1637 1638 default: 1639 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1640 __func__, 1641 xisr->sadb_x_ipsecrequest_level)); 1642 key_freesp(&newsp); 1643 *error = EINVAL; 1644 return NULL; 1645 } 1646 isr->level = xisr->sadb_x_ipsecrequest_level; 1647 1648 /* set IP addresses if there */ 1649 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1650 struct sockaddr *paddr; 1651 1652 len = tlen - sizeof(*xisr); 1653 paddr = (struct sockaddr *)(xisr + 1); 1654 /* validity check */ 1655 if (len < sizeof(struct sockaddr) || 1656 len < 2 * paddr->sa_len || 1657 paddr->sa_len > sizeof(isr->saidx.src)) { 1658 ipseclog((LOG_DEBUG, "%s: invalid " 1659 "request address length.\n", 1660 __func__)); 1661 key_freesp(&newsp); 1662 *error = EINVAL; 1663 return NULL; 1664 } 1665 /* 1666 * Request length should be enough to keep 1667 * source and destination addresses. 1668 */ 1669 if (xisr->sadb_x_ipsecrequest_len < 1670 sizeof(*xisr) + 2 * paddr->sa_len) { 1671 ipseclog((LOG_DEBUG, "%s: invalid " 1672 "ipsecrequest length.\n", 1673 __func__)); 1674 key_freesp(&newsp); 1675 *error = EINVAL; 1676 return (NULL); 1677 } 1678 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1679 paddr = (struct sockaddr *)((caddr_t)paddr + 1680 paddr->sa_len); 1681 1682 /* validity check */ 1683 if (paddr->sa_len != 1684 isr->saidx.src.sa.sa_len) { 1685 ipseclog((LOG_DEBUG, "%s: invalid " 1686 "request address length.\n", 1687 __func__)); 1688 key_freesp(&newsp); 1689 *error = EINVAL; 1690 return NULL; 1691 } 1692 /* AF family should match */ 1693 if (paddr->sa_family != 1694 isr->saidx.src.sa.sa_family) { 1695 ipseclog((LOG_DEBUG, "%s: address " 1696 "family doesn't match.\n", 1697 __func__)); 1698 key_freesp(&newsp); 1699 *error = EINVAL; 1700 return (NULL); 1701 } 1702 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1703 } else { 1704 /* 1705 * Addresses for TUNNEL mode requests are 1706 * mandatory. 1707 */ 1708 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1709 ipseclog((LOG_DEBUG, "%s: missing " 1710 "request addresses.\n", __func__)); 1711 key_freesp(&newsp); 1712 *error = EINVAL; 1713 return (NULL); 1714 } 1715 } 1716 tlen -= xisr->sadb_x_ipsecrequest_len; 1717 1718 /* validity check */ 1719 if (tlen < 0) { 1720 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1721 __func__)); 1722 key_freesp(&newsp); 1723 *error = EINVAL; 1724 return NULL; 1725 } 1726 1727 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1728 + xisr->sadb_x_ipsecrequest_len); 1729 } 1730 /* XXXAE: LARVAL SP */ 1731 if (newsp->tcount < 1) { 1732 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1733 "not found.\n", __func__)); 1734 key_freesp(&newsp); 1735 *error = EINVAL; 1736 return (NULL); 1737 } 1738 } 1739 break; 1740 default: 1741 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1742 key_freesp(&newsp); 1743 *error = EINVAL; 1744 return NULL; 1745 } 1746 1747 *error = 0; 1748 return (newsp); 1749 } 1750 1751 uint32_t 1752 key_newreqid(void) 1753 { 1754 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1755 1756 if (auto_reqid == ~0) 1757 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1758 else 1759 auto_reqid++; 1760 1761 /* XXX should be unique check */ 1762 return (auto_reqid); 1763 } 1764 1765 /* 1766 * copy secpolicy struct to sadb_x_policy structure indicated. 1767 */ 1768 static struct mbuf * 1769 key_sp2mbuf(struct secpolicy *sp) 1770 { 1771 struct mbuf *m; 1772 size_t tlen; 1773 1774 tlen = key_getspreqmsglen(sp); 1775 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1776 if (m == NULL) 1777 return (NULL); 1778 m_align(m, tlen); 1779 m->m_len = tlen; 1780 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1781 m_freem(m); 1782 return (NULL); 1783 } 1784 return (m); 1785 } 1786 1787 int 1788 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1789 { 1790 struct sadb_x_ipsecrequest *xisr; 1791 struct sadb_x_policy *xpl; 1792 struct ipsecrequest *isr; 1793 size_t xlen, ilen; 1794 caddr_t p; 1795 int error, i; 1796 1797 IPSEC_ASSERT(sp != NULL, ("null policy")); 1798 1799 xlen = sizeof(*xpl); 1800 if (*len < xlen) 1801 return (EINVAL); 1802 1803 error = 0; 1804 bzero(request, *len); 1805 xpl = (struct sadb_x_policy *)request; 1806 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1807 xpl->sadb_x_policy_type = sp->policy; 1808 xpl->sadb_x_policy_dir = sp->spidx.dir; 1809 xpl->sadb_x_policy_id = sp->id; 1810 xpl->sadb_x_policy_priority = sp->priority; 1811 switch (sp->state) { 1812 case IPSEC_SPSTATE_IFNET: 1813 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1814 break; 1815 case IPSEC_SPSTATE_PCB: 1816 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1817 break; 1818 default: 1819 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1820 } 1821 1822 /* if is the policy for ipsec ? */ 1823 if (sp->policy == IPSEC_POLICY_IPSEC) { 1824 p = (caddr_t)xpl + sizeof(*xpl); 1825 for (i = 0; i < sp->tcount; i++) { 1826 isr = sp->req[i]; 1827 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1828 isr->saidx.src.sa.sa_len + 1829 isr->saidx.dst.sa.sa_len); 1830 xlen += ilen; 1831 if (xlen > *len) { 1832 error = ENOBUFS; 1833 /* Calculate needed size */ 1834 continue; 1835 } 1836 xisr = (struct sadb_x_ipsecrequest *)p; 1837 xisr->sadb_x_ipsecrequest_len = ilen; 1838 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1839 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1840 xisr->sadb_x_ipsecrequest_level = isr->level; 1841 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1842 1843 p += sizeof(*xisr); 1844 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1845 p += isr->saidx.src.sa.sa_len; 1846 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1847 p += isr->saidx.dst.sa.sa_len; 1848 } 1849 } 1850 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1851 if (error == 0) 1852 *len = xlen; 1853 else 1854 *len = sizeof(*xpl); 1855 return (error); 1856 } 1857 1858 /* m will not be freed nor modified */ 1859 static struct mbuf * 1860 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1861 int ndeep, int nitem, ...) 1862 { 1863 va_list ap; 1864 int idx; 1865 int i; 1866 struct mbuf *result = NULL, *n; 1867 int len; 1868 1869 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1870 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1871 1872 va_start(ap, nitem); 1873 for (i = 0; i < nitem; i++) { 1874 idx = va_arg(ap, int); 1875 if (idx < 0 || idx > SADB_EXT_MAX) 1876 goto fail; 1877 /* don't attempt to pull empty extension */ 1878 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1879 continue; 1880 if (idx != SADB_EXT_RESERVED && 1881 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1882 continue; 1883 1884 if (idx == SADB_EXT_RESERVED) { 1885 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1886 1887 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1888 1889 MGETHDR(n, M_NOWAIT, MT_DATA); 1890 if (!n) 1891 goto fail; 1892 n->m_len = len; 1893 n->m_next = NULL; 1894 m_copydata(m, 0, sizeof(struct sadb_msg), 1895 mtod(n, caddr_t)); 1896 } else if (i < ndeep) { 1897 len = mhp->extlen[idx]; 1898 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1899 if (n == NULL) 1900 goto fail; 1901 m_align(n, len); 1902 n->m_len = len; 1903 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1904 mtod(n, caddr_t)); 1905 } else { 1906 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1907 M_NOWAIT); 1908 } 1909 if (n == NULL) 1910 goto fail; 1911 1912 if (result) 1913 m_cat(result, n); 1914 else 1915 result = n; 1916 } 1917 va_end(ap); 1918 1919 if ((result->m_flags & M_PKTHDR) != 0) { 1920 result->m_pkthdr.len = 0; 1921 for (n = result; n; n = n->m_next) 1922 result->m_pkthdr.len += n->m_len; 1923 } 1924 1925 return result; 1926 1927 fail: 1928 m_freem(result); 1929 va_end(ap); 1930 return NULL; 1931 } 1932 1933 /* 1934 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1935 * add an entry to SP database, when received 1936 * <base, address(SD), (lifetime(H),) policy> 1937 * from the user(?). 1938 * Adding to SP database, 1939 * and send 1940 * <base, address(SD), (lifetime(H),) policy> 1941 * to the socket which was send. 1942 * 1943 * SPDADD set a unique policy entry. 1944 * SPDSETIDX like SPDADD without a part of policy requests. 1945 * SPDUPDATE replace a unique policy entry. 1946 * 1947 * XXXAE: serialize this in PF_KEY to avoid races. 1948 * m will always be freed. 1949 */ 1950 static int 1951 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1952 { 1953 struct secpolicyindex spidx; 1954 struct sadb_address *src0, *dst0; 1955 struct sadb_x_policy *xpl0, *xpl; 1956 struct sadb_lifetime *lft = NULL; 1957 struct secpolicy *newsp, *oldsp; 1958 int error; 1959 1960 IPSEC_ASSERT(so != NULL, ("null socket")); 1961 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1962 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1963 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1964 1965 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1966 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1967 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1968 ipseclog((LOG_DEBUG, 1969 "%s: invalid message: missing required header.\n", 1970 __func__)); 1971 return key_senderror(so, m, EINVAL); 1972 } 1973 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1974 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1975 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1976 ipseclog((LOG_DEBUG, 1977 "%s: invalid message: wrong header size.\n", __func__)); 1978 return key_senderror(so, m, EINVAL); 1979 } 1980 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1981 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1982 ipseclog((LOG_DEBUG, 1983 "%s: invalid message: wrong header size.\n", 1984 __func__)); 1985 return key_senderror(so, m, EINVAL); 1986 } 1987 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1988 } 1989 1990 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1991 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1992 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1993 1994 /* check the direciton */ 1995 switch (xpl0->sadb_x_policy_dir) { 1996 case IPSEC_DIR_INBOUND: 1997 case IPSEC_DIR_OUTBOUND: 1998 break; 1999 default: 2000 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2001 return key_senderror(so, m, EINVAL); 2002 } 2003 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2004 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2005 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2006 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2007 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2008 return key_senderror(so, m, EINVAL); 2009 } 2010 2011 /* policy requests are mandatory when action is ipsec. */ 2012 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2013 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2014 ipseclog((LOG_DEBUG, 2015 "%s: policy requests required.\n", __func__)); 2016 return key_senderror(so, m, EINVAL); 2017 } 2018 2019 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2020 (struct sockaddr *)(dst0 + 1)); 2021 if (error != 0 || 2022 src0->sadb_address_proto != dst0->sadb_address_proto) { 2023 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2024 return key_senderror(so, m, error); 2025 } 2026 /* make secindex */ 2027 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2028 src0 + 1, 2029 dst0 + 1, 2030 src0->sadb_address_prefixlen, 2031 dst0->sadb_address_prefixlen, 2032 src0->sadb_address_proto, 2033 &spidx); 2034 /* Checking there is SP already or not. */ 2035 oldsp = key_getsp(&spidx); 2036 if (oldsp != NULL) { 2037 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2038 KEYDBG(KEY_STAMP, 2039 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2040 __func__, oldsp)); 2041 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2042 } else { 2043 key_freesp(&oldsp); 2044 ipseclog((LOG_DEBUG, 2045 "%s: a SP entry exists already.\n", __func__)); 2046 return (key_senderror(so, m, EEXIST)); 2047 } 2048 } 2049 2050 /* allocate new SP entry */ 2051 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2052 if (oldsp != NULL) { 2053 key_unlink(oldsp); 2054 key_freesp(&oldsp); /* second for our reference */ 2055 } 2056 return key_senderror(so, m, error); 2057 } 2058 2059 newsp->lastused = newsp->created = time_second; 2060 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2061 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2062 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2063 2064 SPTREE_WLOCK(); 2065 if ((newsp->id = key_getnewspid()) == 0) { 2066 if (oldsp != NULL) 2067 key_detach(oldsp); 2068 SPTREE_WUNLOCK(); 2069 if (oldsp != NULL) { 2070 key_freesp(&oldsp); /* first for key_detach */ 2071 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2072 key_freesp(&oldsp); /* second for our reference */ 2073 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2074 spdcache_clear(); 2075 } 2076 key_freesp(&newsp); 2077 return key_senderror(so, m, ENOBUFS); 2078 } 2079 if (oldsp != NULL) 2080 key_detach(oldsp); 2081 key_insertsp(newsp); 2082 SPTREE_WUNLOCK(); 2083 if (oldsp != NULL) { 2084 key_freesp(&oldsp); /* first for key_detach */ 2085 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2086 key_freesp(&oldsp); /* second for our reference */ 2087 } 2088 if (SPDCACHE_ENABLED()) 2089 spdcache_clear(); 2090 KEYDBG(KEY_STAMP, 2091 printf("%s: SP(%p)\n", __func__, newsp)); 2092 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2093 2094 { 2095 struct mbuf *n, *mpolicy; 2096 struct sadb_msg *newmsg; 2097 int off; 2098 2099 /* create new sadb_msg to reply. */ 2100 if (lft) { 2101 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2102 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2103 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2104 } else { 2105 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2106 SADB_X_EXT_POLICY, 2107 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2108 } 2109 if (!n) 2110 return key_senderror(so, m, ENOBUFS); 2111 2112 if (n->m_len < sizeof(*newmsg)) { 2113 n = m_pullup(n, sizeof(*newmsg)); 2114 if (!n) 2115 return key_senderror(so, m, ENOBUFS); 2116 } 2117 newmsg = mtod(n, struct sadb_msg *); 2118 newmsg->sadb_msg_errno = 0; 2119 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2120 2121 off = 0; 2122 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2123 sizeof(*xpl), &off); 2124 if (mpolicy == NULL) { 2125 /* n is already freed */ 2126 return key_senderror(so, m, ENOBUFS); 2127 } 2128 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2129 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2130 m_freem(n); 2131 return key_senderror(so, m, EINVAL); 2132 } 2133 xpl->sadb_x_policy_id = newsp->id; 2134 2135 m_freem(m); 2136 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2137 } 2138 } 2139 2140 /* 2141 * get new policy id. 2142 * OUT: 2143 * 0: failure. 2144 * others: success. 2145 */ 2146 static uint32_t 2147 key_getnewspid(void) 2148 { 2149 struct secpolicy *sp; 2150 uint32_t newid = 0; 2151 int tries, limit; 2152 2153 SPTREE_WLOCK_ASSERT(); 2154 2155 limit = atomic_load_int(&V_key_spi_trycnt); 2156 for (tries = 0; tries < limit; tries++) { 2157 if (V_policy_id == ~0) /* overflowed */ 2158 newid = V_policy_id = 1; 2159 else 2160 newid = ++V_policy_id; 2161 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2162 if (sp->id == newid) 2163 break; 2164 } 2165 if (sp == NULL) 2166 break; 2167 } 2168 if (tries == limit || newid == 0) { 2169 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2170 __func__)); 2171 return (0); 2172 } 2173 return (newid); 2174 } 2175 2176 /* 2177 * SADB_SPDDELETE processing 2178 * receive 2179 * <base, address(SD), policy(*)> 2180 * from the user(?), and set SADB_SASTATE_DEAD, 2181 * and send, 2182 * <base, address(SD), policy(*)> 2183 * to the ikmpd. 2184 * policy(*) including direction of policy. 2185 * 2186 * m will always be freed. 2187 */ 2188 static int 2189 key_spddelete(struct socket *so, struct mbuf *m, 2190 const struct sadb_msghdr *mhp) 2191 { 2192 struct secpolicyindex spidx; 2193 struct sadb_address *src0, *dst0; 2194 struct sadb_x_policy *xpl0; 2195 struct secpolicy *sp; 2196 2197 IPSEC_ASSERT(so != NULL, ("null so")); 2198 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2199 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2200 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2201 2202 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2203 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2204 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2205 ipseclog((LOG_DEBUG, 2206 "%s: invalid message: missing required header.\n", 2207 __func__)); 2208 return key_senderror(so, m, EINVAL); 2209 } 2210 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2211 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2212 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2213 ipseclog((LOG_DEBUG, 2214 "%s: invalid message: wrong header size.\n", __func__)); 2215 return key_senderror(so, m, EINVAL); 2216 } 2217 2218 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2219 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2220 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2221 2222 /* check the direciton */ 2223 switch (xpl0->sadb_x_policy_dir) { 2224 case IPSEC_DIR_INBOUND: 2225 case IPSEC_DIR_OUTBOUND: 2226 break; 2227 default: 2228 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2229 return key_senderror(so, m, EINVAL); 2230 } 2231 /* Only DISCARD, NONE and IPSEC are allowed */ 2232 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2233 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2234 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2235 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2236 return key_senderror(so, m, EINVAL); 2237 } 2238 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2239 (struct sockaddr *)(dst0 + 1)) != 0 || 2240 src0->sadb_address_proto != dst0->sadb_address_proto) { 2241 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2242 return key_senderror(so, m, EINVAL); 2243 } 2244 /* make secindex */ 2245 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2246 src0 + 1, 2247 dst0 + 1, 2248 src0->sadb_address_prefixlen, 2249 dst0->sadb_address_prefixlen, 2250 src0->sadb_address_proto, 2251 &spidx); 2252 2253 /* Is there SP in SPD ? */ 2254 if ((sp = key_getsp(&spidx)) == NULL) { 2255 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2256 return key_senderror(so, m, EINVAL); 2257 } 2258 2259 /* save policy id to buffer to be returned. */ 2260 xpl0->sadb_x_policy_id = sp->id; 2261 2262 KEYDBG(KEY_STAMP, 2263 printf("%s: SP(%p)\n", __func__, sp)); 2264 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2265 key_unlink(sp); 2266 key_freesp(&sp); 2267 2268 { 2269 struct mbuf *n; 2270 struct sadb_msg *newmsg; 2271 2272 /* create new sadb_msg to reply. */ 2273 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2274 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2275 if (!n) 2276 return key_senderror(so, m, ENOBUFS); 2277 2278 newmsg = mtod(n, struct sadb_msg *); 2279 newmsg->sadb_msg_errno = 0; 2280 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2281 2282 m_freem(m); 2283 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2284 } 2285 } 2286 2287 /* 2288 * SADB_SPDDELETE2 processing 2289 * receive 2290 * <base, policy(*)> 2291 * from the user(?), and set SADB_SASTATE_DEAD, 2292 * and send, 2293 * <base, policy(*)> 2294 * to the ikmpd. 2295 * policy(*) including direction of policy. 2296 * 2297 * m will always be freed. 2298 */ 2299 static int 2300 key_spddelete2(struct socket *so, struct mbuf *m, 2301 const struct sadb_msghdr *mhp) 2302 { 2303 struct secpolicy *sp; 2304 uint32_t id; 2305 2306 IPSEC_ASSERT(so != NULL, ("null socket")); 2307 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2308 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2309 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2310 2311 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2312 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2313 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2314 __func__)); 2315 return key_senderror(so, m, EINVAL); 2316 } 2317 2318 id = ((struct sadb_x_policy *) 2319 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2320 2321 /* Is there SP in SPD ? */ 2322 if ((sp = key_getspbyid(id)) == NULL) { 2323 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2324 __func__, id)); 2325 return key_senderror(so, m, EINVAL); 2326 } 2327 2328 KEYDBG(KEY_STAMP, 2329 printf("%s: SP(%p)\n", __func__, sp)); 2330 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2331 key_unlink(sp); 2332 if (sp->state != IPSEC_SPSTATE_DEAD) { 2333 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2334 __func__, id)); 2335 key_freesp(&sp); 2336 return (key_senderror(so, m, EACCES)); 2337 } 2338 key_freesp(&sp); 2339 2340 { 2341 struct mbuf *n, *nn; 2342 struct sadb_msg *newmsg; 2343 int off, len; 2344 2345 /* create new sadb_msg to reply. */ 2346 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2347 2348 MGETHDR(n, M_NOWAIT, MT_DATA); 2349 if (n && len > MHLEN) { 2350 if (!(MCLGET(n, M_NOWAIT))) { 2351 m_freem(n); 2352 n = NULL; 2353 } 2354 } 2355 if (!n) 2356 return key_senderror(so, m, ENOBUFS); 2357 2358 n->m_len = len; 2359 n->m_next = NULL; 2360 off = 0; 2361 2362 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2363 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2364 2365 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2366 off, len)); 2367 2368 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2369 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2370 if (!n->m_next) { 2371 m_freem(n); 2372 return key_senderror(so, m, ENOBUFS); 2373 } 2374 2375 n->m_pkthdr.len = 0; 2376 for (nn = n; nn; nn = nn->m_next) 2377 n->m_pkthdr.len += nn->m_len; 2378 2379 newmsg = mtod(n, struct sadb_msg *); 2380 newmsg->sadb_msg_errno = 0; 2381 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2382 2383 m_freem(m); 2384 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2385 } 2386 } 2387 2388 /* 2389 * SADB_X_SPDGET processing 2390 * receive 2391 * <base, policy(*)> 2392 * from the user(?), 2393 * and send, 2394 * <base, address(SD), policy> 2395 * to the ikmpd. 2396 * policy(*) including direction of policy. 2397 * 2398 * m will always be freed. 2399 */ 2400 static int 2401 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2402 { 2403 struct secpolicy *sp; 2404 struct mbuf *n; 2405 uint32_t id; 2406 2407 IPSEC_ASSERT(so != NULL, ("null socket")); 2408 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2409 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2410 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2411 2412 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2413 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2414 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2415 __func__)); 2416 return key_senderror(so, m, EINVAL); 2417 } 2418 2419 id = ((struct sadb_x_policy *) 2420 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2421 2422 /* Is there SP in SPD ? */ 2423 if ((sp = key_getspbyid(id)) == NULL) { 2424 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2425 __func__, id)); 2426 return key_senderror(so, m, ENOENT); 2427 } 2428 2429 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2430 mhp->msg->sadb_msg_pid); 2431 key_freesp(&sp); 2432 if (n != NULL) { 2433 m_freem(m); 2434 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2435 } else 2436 return key_senderror(so, m, ENOBUFS); 2437 } 2438 2439 /* 2440 * SADB_X_SPDACQUIRE processing. 2441 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2442 * send 2443 * <base, policy(*)> 2444 * to KMD, and expect to receive 2445 * <base> with SADB_X_SPDACQUIRE if error occurred, 2446 * or 2447 * <base, policy> 2448 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2449 * policy(*) is without policy requests. 2450 * 2451 * 0 : succeed 2452 * others: error number 2453 */ 2454 int 2455 key_spdacquire(struct secpolicy *sp) 2456 { 2457 struct mbuf *result = NULL, *m; 2458 struct secspacq *newspacq; 2459 2460 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2461 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2462 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2463 ("policy not IPSEC %u", sp->policy)); 2464 2465 /* Get an entry to check whether sent message or not. */ 2466 newspacq = key_getspacq(&sp->spidx); 2467 if (newspacq != NULL) { 2468 if (V_key_blockacq_count < newspacq->count) { 2469 /* reset counter and do send message. */ 2470 newspacq->count = 0; 2471 } else { 2472 /* increment counter and do nothing. */ 2473 newspacq->count++; 2474 SPACQ_UNLOCK(); 2475 return (0); 2476 } 2477 SPACQ_UNLOCK(); 2478 } else { 2479 /* make new entry for blocking to send SADB_ACQUIRE. */ 2480 newspacq = key_newspacq(&sp->spidx); 2481 if (newspacq == NULL) 2482 return ENOBUFS; 2483 } 2484 2485 /* create new sadb_msg to reply. */ 2486 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2487 if (!m) 2488 return ENOBUFS; 2489 2490 result = m; 2491 2492 result->m_pkthdr.len = 0; 2493 for (m = result; m; m = m->m_next) 2494 result->m_pkthdr.len += m->m_len; 2495 2496 mtod(result, struct sadb_msg *)->sadb_msg_len = 2497 PFKEY_UNIT64(result->m_pkthdr.len); 2498 2499 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2500 } 2501 2502 /* 2503 * SADB_SPDFLUSH processing 2504 * receive 2505 * <base> 2506 * from the user, and free all entries in secpctree. 2507 * and send, 2508 * <base> 2509 * to the user. 2510 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2511 * 2512 * m will always be freed. 2513 */ 2514 static int 2515 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2516 { 2517 struct secpolicy_queue drainq; 2518 struct sadb_msg *newmsg; 2519 struct secpolicy *sp, *nextsp; 2520 u_int dir; 2521 2522 IPSEC_ASSERT(so != NULL, ("null socket")); 2523 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2524 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2525 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2526 2527 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2528 return key_senderror(so, m, EINVAL); 2529 2530 TAILQ_INIT(&drainq); 2531 SPTREE_WLOCK(); 2532 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2533 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2534 } 2535 /* 2536 * We need to set state to DEAD for each policy to be sure, 2537 * that another thread won't try to unlink it. 2538 * Also remove SP from sphash. 2539 */ 2540 TAILQ_FOREACH(sp, &drainq, chain) { 2541 sp->state = IPSEC_SPSTATE_DEAD; 2542 LIST_REMOVE(sp, idhash); 2543 } 2544 V_sp_genid++; 2545 V_spd_size = 0; 2546 SPTREE_WUNLOCK(); 2547 if (SPDCACHE_ENABLED()) 2548 spdcache_clear(); 2549 sp = TAILQ_FIRST(&drainq); 2550 while (sp != NULL) { 2551 nextsp = TAILQ_NEXT(sp, chain); 2552 key_freesp(&sp); 2553 sp = nextsp; 2554 } 2555 2556 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2557 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2558 return key_senderror(so, m, ENOBUFS); 2559 } 2560 2561 if (m->m_next) 2562 m_freem(m->m_next); 2563 m->m_next = NULL; 2564 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2565 newmsg = mtod(m, struct sadb_msg *); 2566 newmsg->sadb_msg_errno = 0; 2567 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2568 2569 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2570 } 2571 2572 static uint8_t 2573 key_satype2scopemask(uint8_t satype) 2574 { 2575 2576 if (satype == IPSEC_POLICYSCOPE_ANY) 2577 return (0xff); 2578 return (satype); 2579 } 2580 /* 2581 * SADB_SPDDUMP processing 2582 * receive 2583 * <base> 2584 * from the user, and dump all SP leaves and send, 2585 * <base> ..... 2586 * to the ikmpd. 2587 * 2588 * NOTE: 2589 * sadb_msg_satype is considered as mask of policy scopes. 2590 * m will always be freed. 2591 */ 2592 static int 2593 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2594 { 2595 SPTREE_RLOCK_TRACKER; 2596 struct secpolicy *sp; 2597 struct mbuf *n; 2598 int cnt; 2599 u_int dir, scope; 2600 2601 IPSEC_ASSERT(so != NULL, ("null socket")); 2602 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2603 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2604 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2605 2606 /* search SPD entry and get buffer size. */ 2607 cnt = 0; 2608 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2609 SPTREE_RLOCK(); 2610 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2611 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2612 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2613 cnt++; 2614 } 2615 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2616 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2617 cnt++; 2618 } 2619 } 2620 2621 if (cnt == 0) { 2622 SPTREE_RUNLOCK(); 2623 return key_senderror(so, m, ENOENT); 2624 } 2625 2626 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2627 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2628 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2629 --cnt; 2630 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2631 mhp->msg->sadb_msg_pid); 2632 2633 if (n != NULL) 2634 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2635 } 2636 } 2637 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2638 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2639 --cnt; 2640 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2641 mhp->msg->sadb_msg_pid); 2642 2643 if (n != NULL) 2644 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2645 } 2646 } 2647 } 2648 2649 SPTREE_RUNLOCK(); 2650 m_freem(m); 2651 return (0); 2652 } 2653 2654 static struct mbuf * 2655 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2656 u_int32_t pid) 2657 { 2658 struct mbuf *result = NULL, *m; 2659 struct seclifetime lt; 2660 2661 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2662 if (!m) 2663 goto fail; 2664 result = m; 2665 2666 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2667 &sp->spidx.src.sa, sp->spidx.prefs, 2668 sp->spidx.ul_proto); 2669 if (!m) 2670 goto fail; 2671 m_cat(result, m); 2672 2673 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2674 &sp->spidx.dst.sa, sp->spidx.prefd, 2675 sp->spidx.ul_proto); 2676 if (!m) 2677 goto fail; 2678 m_cat(result, m); 2679 2680 m = key_sp2mbuf(sp); 2681 if (!m) 2682 goto fail; 2683 m_cat(result, m); 2684 2685 if(sp->lifetime){ 2686 lt.addtime=sp->created; 2687 lt.usetime= sp->lastused; 2688 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2689 if (!m) 2690 goto fail; 2691 m_cat(result, m); 2692 2693 lt.addtime=sp->lifetime; 2694 lt.usetime= sp->validtime; 2695 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2696 if (!m) 2697 goto fail; 2698 m_cat(result, m); 2699 } 2700 2701 if ((result->m_flags & M_PKTHDR) == 0) 2702 goto fail; 2703 2704 if (result->m_len < sizeof(struct sadb_msg)) { 2705 result = m_pullup(result, sizeof(struct sadb_msg)); 2706 if (result == NULL) 2707 goto fail; 2708 } 2709 2710 result->m_pkthdr.len = 0; 2711 for (m = result; m; m = m->m_next) 2712 result->m_pkthdr.len += m->m_len; 2713 2714 mtod(result, struct sadb_msg *)->sadb_msg_len = 2715 PFKEY_UNIT64(result->m_pkthdr.len); 2716 2717 return result; 2718 2719 fail: 2720 m_freem(result); 2721 return NULL; 2722 } 2723 /* 2724 * get PFKEY message length for security policy and request. 2725 */ 2726 static size_t 2727 key_getspreqmsglen(struct secpolicy *sp) 2728 { 2729 size_t tlen, len; 2730 int i; 2731 2732 tlen = sizeof(struct sadb_x_policy); 2733 /* if is the policy for ipsec ? */ 2734 if (sp->policy != IPSEC_POLICY_IPSEC) 2735 return (tlen); 2736 2737 /* get length of ipsec requests */ 2738 for (i = 0; i < sp->tcount; i++) { 2739 len = sizeof(struct sadb_x_ipsecrequest) 2740 + sp->req[i]->saidx.src.sa.sa_len 2741 + sp->req[i]->saidx.dst.sa.sa_len; 2742 2743 tlen += PFKEY_ALIGN8(len); 2744 } 2745 return (tlen); 2746 } 2747 2748 /* 2749 * SADB_SPDEXPIRE processing 2750 * send 2751 * <base, address(SD), lifetime(CH), policy> 2752 * to KMD by PF_KEY. 2753 * 2754 * OUT: 0 : succeed 2755 * others : error number 2756 */ 2757 static int 2758 key_spdexpire(struct secpolicy *sp) 2759 { 2760 struct sadb_lifetime *lt; 2761 struct mbuf *result = NULL, *m; 2762 int len, error = -1; 2763 2764 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2765 2766 KEYDBG(KEY_STAMP, 2767 printf("%s: SP(%p)\n", __func__, sp)); 2768 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2769 2770 /* set msg header */ 2771 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2772 if (!m) { 2773 error = ENOBUFS; 2774 goto fail; 2775 } 2776 result = m; 2777 2778 /* create lifetime extension (current and hard) */ 2779 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2780 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2781 if (m == NULL) { 2782 error = ENOBUFS; 2783 goto fail; 2784 } 2785 m_align(m, len); 2786 m->m_len = len; 2787 bzero(mtod(m, caddr_t), len); 2788 lt = mtod(m, struct sadb_lifetime *); 2789 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2790 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2791 lt->sadb_lifetime_allocations = 0; 2792 lt->sadb_lifetime_bytes = 0; 2793 lt->sadb_lifetime_addtime = sp->created; 2794 lt->sadb_lifetime_usetime = sp->lastused; 2795 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2796 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2797 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2798 lt->sadb_lifetime_allocations = 0; 2799 lt->sadb_lifetime_bytes = 0; 2800 lt->sadb_lifetime_addtime = sp->lifetime; 2801 lt->sadb_lifetime_usetime = sp->validtime; 2802 m_cat(result, m); 2803 2804 /* set sadb_address for source */ 2805 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2806 &sp->spidx.src.sa, 2807 sp->spidx.prefs, sp->spidx.ul_proto); 2808 if (!m) { 2809 error = ENOBUFS; 2810 goto fail; 2811 } 2812 m_cat(result, m); 2813 2814 /* set sadb_address for destination */ 2815 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2816 &sp->spidx.dst.sa, 2817 sp->spidx.prefd, sp->spidx.ul_proto); 2818 if (!m) { 2819 error = ENOBUFS; 2820 goto fail; 2821 } 2822 m_cat(result, m); 2823 2824 /* set secpolicy */ 2825 m = key_sp2mbuf(sp); 2826 if (!m) { 2827 error = ENOBUFS; 2828 goto fail; 2829 } 2830 m_cat(result, m); 2831 2832 if ((result->m_flags & M_PKTHDR) == 0) { 2833 error = EINVAL; 2834 goto fail; 2835 } 2836 2837 if (result->m_len < sizeof(struct sadb_msg)) { 2838 result = m_pullup(result, sizeof(struct sadb_msg)); 2839 if (result == NULL) { 2840 error = ENOBUFS; 2841 goto fail; 2842 } 2843 } 2844 2845 result->m_pkthdr.len = 0; 2846 for (m = result; m; m = m->m_next) 2847 result->m_pkthdr.len += m->m_len; 2848 2849 mtod(result, struct sadb_msg *)->sadb_msg_len = 2850 PFKEY_UNIT64(result->m_pkthdr.len); 2851 2852 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2853 2854 fail: 2855 if (result) 2856 m_freem(result); 2857 return error; 2858 } 2859 2860 /* %%% SAD management */ 2861 /* 2862 * allocating and initialize new SA head. 2863 * OUT: NULL : failure due to the lack of memory. 2864 * others : pointer to new SA head. 2865 */ 2866 static struct secashead * 2867 key_newsah(struct secasindex *saidx) 2868 { 2869 struct secashead *sah; 2870 2871 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2872 M_NOWAIT | M_ZERO); 2873 if (sah == NULL) { 2874 PFKEYSTAT_INC(in_nomem); 2875 return (NULL); 2876 } 2877 TAILQ_INIT(&sah->savtree_larval); 2878 TAILQ_INIT(&sah->savtree_alive); 2879 sah->saidx = *saidx; 2880 sah->state = SADB_SASTATE_DEAD; 2881 SAH_INITREF(sah); 2882 2883 KEYDBG(KEY_STAMP, 2884 printf("%s: SAH(%p)\n", __func__, sah)); 2885 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2886 return (sah); 2887 } 2888 2889 static void 2890 key_freesah(struct secashead **psah) 2891 { 2892 struct secashead *sah = *psah; 2893 2894 CURVNET_ASSERT_SET(); 2895 2896 if (SAH_DELREF(sah) == 0) 2897 return; 2898 2899 KEYDBG(KEY_STAMP, 2900 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2901 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2902 2903 *psah = NULL; 2904 key_delsah(sah); 2905 } 2906 2907 static void 2908 key_delsah(struct secashead *sah) 2909 { 2910 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2911 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2912 ("Attempt to free non DEAD SAH %p", sah)); 2913 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2914 ("Attempt to free SAH %p with LARVAL SA", sah)); 2915 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2916 ("Attempt to free SAH %p with ALIVE SA", sah)); 2917 2918 free(sah, M_IPSEC_SAH); 2919 } 2920 2921 /* 2922 * allocating a new SA for key_add() and key_getspi() call, 2923 * and copy the values of mhp into new buffer. 2924 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2925 * For SADB_ADD create and initialize SA with MATURE state. 2926 * OUT: NULL : fail 2927 * others : pointer to new secasvar. 2928 */ 2929 static struct secasvar * 2930 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2931 uint32_t spi, int *errp) 2932 { 2933 struct secashead *sah; 2934 struct secasvar *sav; 2935 int isnew; 2936 2937 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2938 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2939 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2940 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2941 2942 sav = NULL; 2943 sah = NULL; 2944 /* check SPI value */ 2945 switch (saidx->proto) { 2946 case IPPROTO_ESP: 2947 case IPPROTO_AH: 2948 /* 2949 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2950 * 1-255 reserved by IANA for future use, 2951 * 0 for implementation specific, local use. 2952 */ 2953 if (ntohl(spi) <= 255) { 2954 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2955 __func__, ntohl(spi))); 2956 *errp = EINVAL; 2957 goto done; 2958 } 2959 break; 2960 } 2961 2962 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2963 if (sav == NULL) { 2964 *errp = ENOBUFS; 2965 goto done; 2966 } 2967 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 2968 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 2969 M_NOWAIT | M_ZERO); 2970 if (sav->lock == NULL) { 2971 *errp = ENOBUFS; 2972 goto done; 2973 } 2974 rm_init(sav->lock, "ipsec association"); 2975 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2976 if (sav->lft_c == NULL) { 2977 *errp = ENOBUFS; 2978 goto done; 2979 } 2980 2981 sav->spi = spi; 2982 sav->seq = mhp->msg->sadb_msg_seq; 2983 sav->state = SADB_SASTATE_LARVAL; 2984 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2985 SAV_INITREF(sav); 2986 again: 2987 sah = key_getsah(saidx); 2988 if (sah == NULL) { 2989 /* create a new SA index */ 2990 sah = key_newsah(saidx); 2991 if (sah == NULL) { 2992 ipseclog((LOG_DEBUG, 2993 "%s: No more memory.\n", __func__)); 2994 *errp = ENOBUFS; 2995 goto done; 2996 } 2997 isnew = 1; 2998 } else 2999 isnew = 0; 3000 3001 sav->sah = sah; 3002 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3003 sav->created = time_second; 3004 } else if (sav->state == SADB_SASTATE_LARVAL) { 3005 /* 3006 * Do not call key_setsaval() second time in case 3007 * of `goto again`. We will have MATURE state. 3008 */ 3009 *errp = key_setsaval(sav, mhp); 3010 if (*errp != 0) 3011 goto done; 3012 sav->state = SADB_SASTATE_MATURE; 3013 } 3014 3015 SAHTREE_WLOCK(); 3016 /* 3017 * Check that existing SAH wasn't unlinked. 3018 * Since we didn't hold the SAHTREE lock, it is possible, 3019 * that callout handler or key_flush() or key_delete() could 3020 * unlink this SAH. 3021 */ 3022 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3023 SAHTREE_WUNLOCK(); 3024 key_freesah(&sah); /* reference from key_getsah() */ 3025 goto again; 3026 } 3027 if (isnew != 0) { 3028 /* 3029 * Add new SAH into SADB. 3030 * 3031 * XXXAE: we can serialize key_add and key_getspi calls, so 3032 * several threads will not fight in the race. 3033 * Otherwise we should check under SAHTREE lock, that this 3034 * SAH would not added twice. 3035 */ 3036 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3037 /* Add new SAH into hash by addresses */ 3038 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3039 /* Now we are linked in the chain */ 3040 sah->state = SADB_SASTATE_MATURE; 3041 /* 3042 * SAV references this new SAH. 3043 * In case of existing SAH we reuse reference 3044 * from key_getsah(). 3045 */ 3046 SAH_ADDREF(sah); 3047 } 3048 /* Link SAV with SAH */ 3049 if (sav->state == SADB_SASTATE_MATURE) 3050 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3051 else 3052 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3053 /* Add SAV into SPI hash */ 3054 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3055 SAHTREE_WUNLOCK(); 3056 *errp = 0; /* success */ 3057 done: 3058 if (*errp != 0) { 3059 if (sav != NULL) { 3060 if (sav->lock != NULL) { 3061 rm_destroy(sav->lock); 3062 free(sav->lock, M_IPSEC_MISC); 3063 } 3064 if (sav->lft_c != NULL) 3065 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3066 free(sav, M_IPSEC_SA), sav = NULL; 3067 } 3068 if (sah != NULL) 3069 key_freesah(&sah); 3070 if (*errp == ENOBUFS) { 3071 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3072 __func__)); 3073 PFKEYSTAT_INC(in_nomem); 3074 } 3075 } 3076 return (sav); 3077 } 3078 3079 /* 3080 * free() SA variable entry. 3081 */ 3082 static void 3083 key_cleansav(struct secasvar *sav) 3084 { 3085 3086 if (sav->natt != NULL) { 3087 free(sav->natt, M_IPSEC_MISC); 3088 sav->natt = NULL; 3089 } 3090 if (sav->flags & SADB_X_EXT_F_CLONED) 3091 return; 3092 if (sav->tdb_xform != NULL) { 3093 sav->tdb_xform->xf_cleanup(sav); 3094 sav->tdb_xform = NULL; 3095 } 3096 if (sav->key_auth != NULL) { 3097 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3098 free(sav->key_auth, M_IPSEC_MISC); 3099 sav->key_auth = NULL; 3100 } 3101 if (sav->key_enc != NULL) { 3102 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3103 free(sav->key_enc, M_IPSEC_MISC); 3104 sav->key_enc = NULL; 3105 } 3106 if (sav->replay != NULL) { 3107 mtx_destroy(&sav->replay->lock); 3108 if (sav->replay->bitmap != NULL) 3109 free(sav->replay->bitmap, M_IPSEC_MISC); 3110 free(sav->replay, M_IPSEC_MISC); 3111 sav->replay = NULL; 3112 } 3113 if (sav->lft_h != NULL) { 3114 free(sav->lft_h, M_IPSEC_MISC); 3115 sav->lft_h = NULL; 3116 } 3117 if (sav->lft_s != NULL) { 3118 free(sav->lft_s, M_IPSEC_MISC); 3119 sav->lft_s = NULL; 3120 } 3121 } 3122 3123 /* 3124 * free() SA variable entry. 3125 */ 3126 static void 3127 key_delsav(struct secasvar *sav) 3128 { 3129 IPSEC_ASSERT(sav != NULL, ("null sav")); 3130 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3131 ("attempt to free non DEAD SA %p", sav)); 3132 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3133 sav->refcnt)); 3134 3135 /* 3136 * SA must be unlinked from the chain and hashtbl. 3137 * If SA was cloned, we leave all fields untouched, 3138 * except NAT-T config. 3139 */ 3140 key_cleansav(sav); 3141 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3142 rm_destroy(sav->lock); 3143 free(sav->lock, M_IPSEC_MISC); 3144 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3145 } 3146 free(sav, M_IPSEC_SA); 3147 } 3148 3149 /* 3150 * search SAH. 3151 * OUT: 3152 * NULL : not found 3153 * others : found, referenced pointer to a SAH. 3154 */ 3155 static struct secashead * 3156 key_getsah(struct secasindex *saidx) 3157 { 3158 SAHTREE_RLOCK_TRACKER; 3159 struct secashead *sah; 3160 3161 SAHTREE_RLOCK(); 3162 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3163 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3164 SAH_ADDREF(sah); 3165 break; 3166 } 3167 } 3168 SAHTREE_RUNLOCK(); 3169 return (sah); 3170 } 3171 3172 /* 3173 * Check not to be duplicated SPI. 3174 * OUT: 3175 * 0 : not found 3176 * 1 : found SA with given SPI. 3177 */ 3178 static int 3179 key_checkspidup(uint32_t spi) 3180 { 3181 SAHTREE_RLOCK_TRACKER; 3182 struct secasvar *sav; 3183 3184 /* Assume SPI is in network byte order */ 3185 SAHTREE_RLOCK(); 3186 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3187 if (sav->spi == spi) 3188 break; 3189 } 3190 SAHTREE_RUNLOCK(); 3191 return (sav != NULL); 3192 } 3193 3194 /* 3195 * Search SA by SPI. 3196 * OUT: 3197 * NULL : not found 3198 * others : found, referenced pointer to a SA. 3199 */ 3200 static struct secasvar * 3201 key_getsavbyspi(uint32_t spi) 3202 { 3203 SAHTREE_RLOCK_TRACKER; 3204 struct secasvar *sav; 3205 3206 /* Assume SPI is in network byte order */ 3207 SAHTREE_RLOCK(); 3208 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3209 if (sav->spi != spi) 3210 continue; 3211 SAV_ADDREF(sav); 3212 break; 3213 } 3214 SAHTREE_RUNLOCK(); 3215 return (sav); 3216 } 3217 3218 static int 3219 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3220 { 3221 struct seclifetime *lft_h, *lft_s, *tmp; 3222 3223 /* Lifetime extension is optional, check that it is present. */ 3224 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3225 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3226 /* 3227 * In case of SADB_UPDATE we may need to change 3228 * existing lifetimes. 3229 */ 3230 if (sav->state == SADB_SASTATE_MATURE) { 3231 lft_h = lft_s = NULL; 3232 goto reset; 3233 } 3234 return (0); 3235 } 3236 /* Both HARD and SOFT extensions must present */ 3237 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3238 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3239 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3240 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3241 ipseclog((LOG_DEBUG, 3242 "%s: invalid message: missing required header.\n", 3243 __func__)); 3244 return (EINVAL); 3245 } 3246 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3247 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3248 ipseclog((LOG_DEBUG, 3249 "%s: invalid message: wrong header size.\n", __func__)); 3250 return (EINVAL); 3251 } 3252 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3253 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3254 if (lft_h == NULL) { 3255 PFKEYSTAT_INC(in_nomem); 3256 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3257 return (ENOBUFS); 3258 } 3259 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3260 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3261 if (lft_s == NULL) { 3262 PFKEYSTAT_INC(in_nomem); 3263 free(lft_h, M_IPSEC_MISC); 3264 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3265 return (ENOBUFS); 3266 } 3267 reset: 3268 if (sav->state != SADB_SASTATE_LARVAL) { 3269 /* 3270 * key_update() holds reference to this SA, 3271 * so it won't be deleted in meanwhile. 3272 */ 3273 SECASVAR_WLOCK(sav); 3274 tmp = sav->lft_h; 3275 sav->lft_h = lft_h; 3276 lft_h = tmp; 3277 3278 tmp = sav->lft_s; 3279 sav->lft_s = lft_s; 3280 lft_s = tmp; 3281 SECASVAR_WUNLOCK(sav); 3282 if (lft_h != NULL) 3283 free(lft_h, M_IPSEC_MISC); 3284 if (lft_s != NULL) 3285 free(lft_s, M_IPSEC_MISC); 3286 return (0); 3287 } 3288 /* We can update lifetime without holding a lock */ 3289 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3290 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3291 sav->lft_h = lft_h; 3292 sav->lft_s = lft_s; 3293 return (0); 3294 } 3295 3296 /* 3297 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3298 * You must update these if need. Expects only LARVAL SAs. 3299 * OUT: 0: success. 3300 * !0: failure. 3301 */ 3302 static int 3303 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3304 { 3305 const struct sadb_sa *sa0; 3306 const struct sadb_key *key0; 3307 uint32_t replay; 3308 size_t len; 3309 int error; 3310 3311 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3312 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3313 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3314 ("Attempt to update non LARVAL SA")); 3315 3316 /* XXX rewrite */ 3317 error = key_setident(sav->sah, mhp); 3318 if (error != 0) 3319 goto fail; 3320 3321 /* SA */ 3322 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3323 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3324 error = EINVAL; 3325 goto fail; 3326 } 3327 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3328 sav->alg_auth = sa0->sadb_sa_auth; 3329 sav->alg_enc = sa0->sadb_sa_encrypt; 3330 sav->flags = sa0->sadb_sa_flags; 3331 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3332 ipseclog((LOG_DEBUG, 3333 "%s: invalid sa_flags 0x%08x.\n", __func__, 3334 sav->flags)); 3335 error = EINVAL; 3336 goto fail; 3337 } 3338 3339 /* Optional replay window */ 3340 replay = 0; 3341 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3342 replay = sa0->sadb_sa_replay; 3343 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3344 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3345 error = EINVAL; 3346 goto fail; 3347 } 3348 replay = ((const struct sadb_x_sa_replay *) 3349 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3350 3351 if (replay > UINT32_MAX - 32) { 3352 ipseclog((LOG_DEBUG, 3353 "%s: replay window too big.\n", __func__)); 3354 error = EINVAL; 3355 goto fail; 3356 } 3357 3358 replay = (replay + 7) >> 3; 3359 } 3360 3361 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3362 M_NOWAIT | M_ZERO); 3363 if (sav->replay == NULL) { 3364 PFKEYSTAT_INC(in_nomem); 3365 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3366 __func__)); 3367 error = ENOBUFS; 3368 goto fail; 3369 } 3370 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3371 3372 if (replay != 0) { 3373 /* number of 32b blocks to be allocated */ 3374 uint32_t bitmap_size; 3375 3376 /* RFC 6479: 3377 * - the allocated replay window size must be 3378 * a power of two. 3379 * - use an extra 32b block as a redundant window. 3380 */ 3381 bitmap_size = 1; 3382 while (replay + 4 > bitmap_size) 3383 bitmap_size <<= 1; 3384 bitmap_size = bitmap_size / 4; 3385 3386 sav->replay->bitmap = malloc( 3387 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3388 M_NOWAIT | M_ZERO); 3389 if (sav->replay->bitmap == NULL) { 3390 PFKEYSTAT_INC(in_nomem); 3391 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3392 __func__)); 3393 error = ENOBUFS; 3394 goto fail; 3395 } 3396 sav->replay->bitmap_size = bitmap_size; 3397 sav->replay->wsize = replay; 3398 } 3399 } 3400 3401 /* Authentication keys */ 3402 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3403 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3404 error = EINVAL; 3405 goto fail; 3406 } 3407 error = 0; 3408 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3409 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3410 switch (mhp->msg->sadb_msg_satype) { 3411 case SADB_SATYPE_AH: 3412 case SADB_SATYPE_ESP: 3413 case SADB_X_SATYPE_TCPSIGNATURE: 3414 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3415 sav->alg_auth != SADB_X_AALG_NULL) 3416 error = EINVAL; 3417 break; 3418 case SADB_X_SATYPE_IPCOMP: 3419 default: 3420 error = EINVAL; 3421 break; 3422 } 3423 if (error) { 3424 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3425 __func__)); 3426 goto fail; 3427 } 3428 3429 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3430 if (sav->key_auth == NULL ) { 3431 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3432 __func__)); 3433 PFKEYSTAT_INC(in_nomem); 3434 error = ENOBUFS; 3435 goto fail; 3436 } 3437 } 3438 3439 /* Encryption key */ 3440 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3441 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3442 error = EINVAL; 3443 goto fail; 3444 } 3445 error = 0; 3446 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3447 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3448 switch (mhp->msg->sadb_msg_satype) { 3449 case SADB_SATYPE_ESP: 3450 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3451 sav->alg_enc != SADB_EALG_NULL) { 3452 error = EINVAL; 3453 break; 3454 } 3455 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3456 if (sav->key_enc == NULL) { 3457 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3458 __func__)); 3459 PFKEYSTAT_INC(in_nomem); 3460 error = ENOBUFS; 3461 goto fail; 3462 } 3463 break; 3464 case SADB_X_SATYPE_IPCOMP: 3465 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3466 error = EINVAL; 3467 sav->key_enc = NULL; /*just in case*/ 3468 break; 3469 case SADB_SATYPE_AH: 3470 case SADB_X_SATYPE_TCPSIGNATURE: 3471 default: 3472 error = EINVAL; 3473 break; 3474 } 3475 if (error) { 3476 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3477 __func__)); 3478 goto fail; 3479 } 3480 } 3481 3482 /* set iv */ 3483 sav->ivlen = 0; 3484 switch (mhp->msg->sadb_msg_satype) { 3485 case SADB_SATYPE_AH: 3486 if (sav->flags & SADB_X_EXT_DERIV) { 3487 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3488 "given to AH SA.\n", __func__)); 3489 error = EINVAL; 3490 goto fail; 3491 } 3492 if (sav->alg_enc != SADB_EALG_NONE) { 3493 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3494 "mismated.\n", __func__)); 3495 error = EINVAL; 3496 goto fail; 3497 } 3498 error = xform_init(sav, XF_AH); 3499 break; 3500 case SADB_SATYPE_ESP: 3501 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3502 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3503 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3504 "given to old-esp.\n", __func__)); 3505 error = EINVAL; 3506 goto fail; 3507 } 3508 error = xform_init(sav, XF_ESP); 3509 break; 3510 case SADB_X_SATYPE_IPCOMP: 3511 if (sav->alg_auth != SADB_AALG_NONE) { 3512 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3513 "mismated.\n", __func__)); 3514 error = EINVAL; 3515 goto fail; 3516 } 3517 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3518 ntohl(sav->spi) >= 0x10000) { 3519 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3520 __func__)); 3521 error = EINVAL; 3522 goto fail; 3523 } 3524 error = xform_init(sav, XF_IPCOMP); 3525 break; 3526 case SADB_X_SATYPE_TCPSIGNATURE: 3527 if (sav->alg_enc != SADB_EALG_NONE) { 3528 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3529 "mismated.\n", __func__)); 3530 error = EINVAL; 3531 goto fail; 3532 } 3533 error = xform_init(sav, XF_TCPSIGNATURE); 3534 break; 3535 default: 3536 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3537 error = EPROTONOSUPPORT; 3538 goto fail; 3539 } 3540 if (error) { 3541 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3542 __func__, mhp->msg->sadb_msg_satype)); 3543 goto fail; 3544 } 3545 3546 /* Handle NAT-T headers */ 3547 error = key_setnatt(sav, mhp); 3548 if (error != 0) 3549 goto fail; 3550 3551 /* Initialize lifetime for CURRENT */ 3552 sav->firstused = 0; 3553 sav->created = time_second; 3554 3555 /* lifetimes for HARD and SOFT */ 3556 error = key_updatelifetimes(sav, mhp); 3557 if (error == 0) 3558 return (0); 3559 fail: 3560 key_cleansav(sav); 3561 return (error); 3562 } 3563 3564 /* 3565 * subroutine for SADB_GET and SADB_DUMP. 3566 */ 3567 static struct mbuf * 3568 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3569 uint32_t seq, uint32_t pid) 3570 { 3571 struct seclifetime lft_c; 3572 struct mbuf *result = NULL, *tres = NULL, *m; 3573 int i, dumporder[] = { 3574 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3575 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3576 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3577 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3578 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3579 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3580 SADB_EXT_SENSITIVITY, 3581 SADB_X_EXT_NAT_T_TYPE, 3582 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3583 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3584 SADB_X_EXT_NAT_T_FRAG, 3585 }; 3586 uint32_t replay_count; 3587 3588 SECASVAR_RLOCK_TRACKER; 3589 3590 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3591 if (m == NULL) 3592 goto fail; 3593 result = m; 3594 3595 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3596 m = NULL; 3597 switch (dumporder[i]) { 3598 case SADB_EXT_SA: 3599 m = key_setsadbsa(sav); 3600 if (!m) 3601 goto fail; 3602 break; 3603 3604 case SADB_X_EXT_SA2: { 3605 SECASVAR_RLOCK(sav); 3606 replay_count = sav->replay ? sav->replay->count : 0; 3607 SECASVAR_RUNLOCK(sav); 3608 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3609 sav->sah->saidx.reqid); 3610 if (!m) 3611 goto fail; 3612 break; 3613 } 3614 case SADB_X_EXT_SA_REPLAY: 3615 if (sav->replay == NULL || 3616 sav->replay->wsize <= UINT8_MAX) 3617 continue; 3618 3619 m = key_setsadbxsareplay(sav->replay->wsize); 3620 if (!m) 3621 goto fail; 3622 break; 3623 3624 case SADB_EXT_ADDRESS_SRC: 3625 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3626 &sav->sah->saidx.src.sa, 3627 FULLMASK, IPSEC_ULPROTO_ANY); 3628 if (!m) 3629 goto fail; 3630 break; 3631 3632 case SADB_EXT_ADDRESS_DST: 3633 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3634 &sav->sah->saidx.dst.sa, 3635 FULLMASK, IPSEC_ULPROTO_ANY); 3636 if (!m) 3637 goto fail; 3638 break; 3639 3640 case SADB_EXT_KEY_AUTH: 3641 if (!sav->key_auth) 3642 continue; 3643 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3644 if (!m) 3645 goto fail; 3646 break; 3647 3648 case SADB_EXT_KEY_ENCRYPT: 3649 if (!sav->key_enc) 3650 continue; 3651 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3652 if (!m) 3653 goto fail; 3654 break; 3655 3656 case SADB_EXT_LIFETIME_CURRENT: 3657 lft_c.addtime = sav->created; 3658 lft_c.allocations = (uint32_t)counter_u64_fetch( 3659 sav->lft_c_allocations); 3660 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3661 lft_c.usetime = sav->firstused; 3662 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3663 if (!m) 3664 goto fail; 3665 break; 3666 3667 case SADB_EXT_LIFETIME_HARD: 3668 if (!sav->lft_h) 3669 continue; 3670 m = key_setlifetime(sav->lft_h, 3671 SADB_EXT_LIFETIME_HARD); 3672 if (!m) 3673 goto fail; 3674 break; 3675 3676 case SADB_EXT_LIFETIME_SOFT: 3677 if (!sav->lft_s) 3678 continue; 3679 m = key_setlifetime(sav->lft_s, 3680 SADB_EXT_LIFETIME_SOFT); 3681 3682 if (!m) 3683 goto fail; 3684 break; 3685 3686 case SADB_X_EXT_NAT_T_TYPE: 3687 if (sav->natt == NULL) 3688 continue; 3689 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3690 if (!m) 3691 goto fail; 3692 break; 3693 3694 case SADB_X_EXT_NAT_T_DPORT: 3695 if (sav->natt == NULL) 3696 continue; 3697 m = key_setsadbxport(sav->natt->dport, 3698 SADB_X_EXT_NAT_T_DPORT); 3699 if (!m) 3700 goto fail; 3701 break; 3702 3703 case SADB_X_EXT_NAT_T_SPORT: 3704 if (sav->natt == NULL) 3705 continue; 3706 m = key_setsadbxport(sav->natt->sport, 3707 SADB_X_EXT_NAT_T_SPORT); 3708 if (!m) 3709 goto fail; 3710 break; 3711 3712 case SADB_X_EXT_NAT_T_OAI: 3713 if (sav->natt == NULL || 3714 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3715 continue; 3716 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3717 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3718 if (!m) 3719 goto fail; 3720 break; 3721 case SADB_X_EXT_NAT_T_OAR: 3722 if (sav->natt == NULL || 3723 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3724 continue; 3725 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3726 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3727 if (!m) 3728 goto fail; 3729 break; 3730 case SADB_X_EXT_NAT_T_FRAG: 3731 /* We do not (yet) support those. */ 3732 continue; 3733 3734 case SADB_EXT_ADDRESS_PROXY: 3735 case SADB_EXT_IDENTITY_SRC: 3736 case SADB_EXT_IDENTITY_DST: 3737 /* XXX: should we brought from SPD ? */ 3738 case SADB_EXT_SENSITIVITY: 3739 default: 3740 continue; 3741 } 3742 3743 if (!m) 3744 goto fail; 3745 if (tres) 3746 m_cat(m, tres); 3747 tres = m; 3748 } 3749 3750 m_cat(result, tres); 3751 tres = NULL; 3752 if (result->m_len < sizeof(struct sadb_msg)) { 3753 result = m_pullup(result, sizeof(struct sadb_msg)); 3754 if (result == NULL) 3755 goto fail; 3756 } 3757 3758 result->m_pkthdr.len = 0; 3759 for (m = result; m; m = m->m_next) 3760 result->m_pkthdr.len += m->m_len; 3761 3762 mtod(result, struct sadb_msg *)->sadb_msg_len = 3763 PFKEY_UNIT64(result->m_pkthdr.len); 3764 3765 return result; 3766 3767 fail: 3768 m_freem(result); 3769 m_freem(tres); 3770 return NULL; 3771 } 3772 3773 /* 3774 * set data into sadb_msg. 3775 */ 3776 static struct mbuf * 3777 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3778 pid_t pid, u_int16_t reserved) 3779 { 3780 struct mbuf *m; 3781 struct sadb_msg *p; 3782 int len; 3783 3784 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3785 if (len > MCLBYTES) 3786 return NULL; 3787 MGETHDR(m, M_NOWAIT, MT_DATA); 3788 if (m && len > MHLEN) { 3789 if (!(MCLGET(m, M_NOWAIT))) { 3790 m_freem(m); 3791 m = NULL; 3792 } 3793 } 3794 if (!m) 3795 return NULL; 3796 m->m_pkthdr.len = m->m_len = len; 3797 m->m_next = NULL; 3798 3799 p = mtod(m, struct sadb_msg *); 3800 3801 bzero(p, len); 3802 p->sadb_msg_version = PF_KEY_V2; 3803 p->sadb_msg_type = type; 3804 p->sadb_msg_errno = 0; 3805 p->sadb_msg_satype = satype; 3806 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3807 p->sadb_msg_reserved = reserved; 3808 p->sadb_msg_seq = seq; 3809 p->sadb_msg_pid = (u_int32_t)pid; 3810 3811 return m; 3812 } 3813 3814 /* 3815 * copy secasvar data into sadb_address. 3816 */ 3817 static struct mbuf * 3818 key_setsadbsa(struct secasvar *sav) 3819 { 3820 struct mbuf *m; 3821 struct sadb_sa *p; 3822 int len; 3823 3824 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3825 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3826 if (m == NULL) 3827 return (NULL); 3828 m_align(m, len); 3829 m->m_len = len; 3830 p = mtod(m, struct sadb_sa *); 3831 bzero(p, len); 3832 p->sadb_sa_len = PFKEY_UNIT64(len); 3833 p->sadb_sa_exttype = SADB_EXT_SA; 3834 p->sadb_sa_spi = sav->spi; 3835 p->sadb_sa_replay = sav->replay ? 3836 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3837 sav->replay->wsize): 0; 3838 p->sadb_sa_state = sav->state; 3839 p->sadb_sa_auth = sav->alg_auth; 3840 p->sadb_sa_encrypt = sav->alg_enc; 3841 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3842 return (m); 3843 } 3844 3845 /* 3846 * set data into sadb_address. 3847 */ 3848 static struct mbuf * 3849 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3850 u_int8_t prefixlen, u_int16_t ul_proto) 3851 { 3852 struct mbuf *m; 3853 struct sadb_address *p; 3854 size_t len; 3855 3856 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3857 PFKEY_ALIGN8(saddr->sa_len); 3858 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3859 if (m == NULL) 3860 return (NULL); 3861 m_align(m, len); 3862 m->m_len = len; 3863 p = mtod(m, struct sadb_address *); 3864 3865 bzero(p, len); 3866 p->sadb_address_len = PFKEY_UNIT64(len); 3867 p->sadb_address_exttype = exttype; 3868 p->sadb_address_proto = ul_proto; 3869 if (prefixlen == FULLMASK) { 3870 switch (saddr->sa_family) { 3871 case AF_INET: 3872 prefixlen = sizeof(struct in_addr) << 3; 3873 break; 3874 case AF_INET6: 3875 prefixlen = sizeof(struct in6_addr) << 3; 3876 break; 3877 default: 3878 ; /*XXX*/ 3879 } 3880 } 3881 p->sadb_address_prefixlen = prefixlen; 3882 p->sadb_address_reserved = 0; 3883 3884 bcopy(saddr, 3885 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3886 saddr->sa_len); 3887 3888 return m; 3889 } 3890 3891 /* 3892 * set data into sadb_x_sa2. 3893 */ 3894 static struct mbuf * 3895 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3896 { 3897 struct mbuf *m; 3898 struct sadb_x_sa2 *p; 3899 size_t len; 3900 3901 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3902 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3903 if (m == NULL) 3904 return (NULL); 3905 m_align(m, len); 3906 m->m_len = len; 3907 p = mtod(m, struct sadb_x_sa2 *); 3908 3909 bzero(p, len); 3910 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3911 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3912 p->sadb_x_sa2_mode = mode; 3913 p->sadb_x_sa2_reserved1 = 0; 3914 p->sadb_x_sa2_reserved2 = 0; 3915 p->sadb_x_sa2_sequence = seq; 3916 p->sadb_x_sa2_reqid = reqid; 3917 3918 return m; 3919 } 3920 3921 /* 3922 * Set data into sadb_x_sa_replay. 3923 */ 3924 static struct mbuf * 3925 key_setsadbxsareplay(u_int32_t replay) 3926 { 3927 struct mbuf *m; 3928 struct sadb_x_sa_replay *p; 3929 size_t len; 3930 3931 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3932 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3933 if (m == NULL) 3934 return (NULL); 3935 m_align(m, len); 3936 m->m_len = len; 3937 p = mtod(m, struct sadb_x_sa_replay *); 3938 3939 bzero(p, len); 3940 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3941 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3942 p->sadb_x_sa_replay_replay = (replay << 3); 3943 3944 return m; 3945 } 3946 3947 /* 3948 * Set a type in sadb_x_nat_t_type. 3949 */ 3950 static struct mbuf * 3951 key_setsadbxtype(u_int16_t type) 3952 { 3953 struct mbuf *m; 3954 size_t len; 3955 struct sadb_x_nat_t_type *p; 3956 3957 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3958 3959 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3960 if (m == NULL) 3961 return (NULL); 3962 m_align(m, len); 3963 m->m_len = len; 3964 p = mtod(m, struct sadb_x_nat_t_type *); 3965 3966 bzero(p, len); 3967 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3968 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3969 p->sadb_x_nat_t_type_type = type; 3970 3971 return (m); 3972 } 3973 /* 3974 * Set a port in sadb_x_nat_t_port. 3975 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3976 */ 3977 static struct mbuf * 3978 key_setsadbxport(u_int16_t port, u_int16_t type) 3979 { 3980 struct mbuf *m; 3981 size_t len; 3982 struct sadb_x_nat_t_port *p; 3983 3984 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3985 3986 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3987 if (m == NULL) 3988 return (NULL); 3989 m_align(m, len); 3990 m->m_len = len; 3991 p = mtod(m, struct sadb_x_nat_t_port *); 3992 3993 bzero(p, len); 3994 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3995 p->sadb_x_nat_t_port_exttype = type; 3996 p->sadb_x_nat_t_port_port = port; 3997 3998 return (m); 3999 } 4000 4001 /* 4002 * Get port from sockaddr. Port is in network byte order. 4003 */ 4004 uint16_t 4005 key_portfromsaddr(struct sockaddr *sa) 4006 { 4007 4008 switch (sa->sa_family) { 4009 #ifdef INET 4010 case AF_INET: 4011 return ((struct sockaddr_in *)sa)->sin_port; 4012 #endif 4013 #ifdef INET6 4014 case AF_INET6: 4015 return ((struct sockaddr_in6 *)sa)->sin6_port; 4016 #endif 4017 } 4018 return (0); 4019 } 4020 4021 /* 4022 * Set port in struct sockaddr. Port is in network byte order. 4023 */ 4024 void 4025 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4026 { 4027 4028 switch (sa->sa_family) { 4029 #ifdef INET 4030 case AF_INET: 4031 ((struct sockaddr_in *)sa)->sin_port = port; 4032 break; 4033 #endif 4034 #ifdef INET6 4035 case AF_INET6: 4036 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4037 break; 4038 #endif 4039 default: 4040 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4041 __func__, sa->sa_family)); 4042 break; 4043 } 4044 } 4045 4046 /* 4047 * set data into sadb_x_policy 4048 */ 4049 static struct mbuf * 4050 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4051 { 4052 struct mbuf *m; 4053 struct sadb_x_policy *p; 4054 size_t len; 4055 4056 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4057 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4058 if (m == NULL) 4059 return (NULL); 4060 m_align(m, len); 4061 m->m_len = len; 4062 p = mtod(m, struct sadb_x_policy *); 4063 4064 bzero(p, len); 4065 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4066 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4067 p->sadb_x_policy_type = type; 4068 p->sadb_x_policy_dir = dir; 4069 p->sadb_x_policy_id = id; 4070 p->sadb_x_policy_priority = priority; 4071 4072 return m; 4073 } 4074 4075 /* %%% utilities */ 4076 /* Take a key message (sadb_key) from the socket and turn it into one 4077 * of the kernel's key structures (seckey). 4078 * 4079 * IN: pointer to the src 4080 * OUT: NULL no more memory 4081 */ 4082 struct seckey * 4083 key_dup_keymsg(const struct sadb_key *src, size_t len, 4084 struct malloc_type *type) 4085 { 4086 struct seckey *dst; 4087 4088 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4089 if (dst != NULL) { 4090 dst->bits = src->sadb_key_bits; 4091 dst->key_data = malloc(len, type, M_NOWAIT); 4092 if (dst->key_data != NULL) { 4093 bcopy((const char *)(src + 1), dst->key_data, len); 4094 } else { 4095 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4096 __func__)); 4097 free(dst, type); 4098 dst = NULL; 4099 } 4100 } else { 4101 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4102 __func__)); 4103 } 4104 return (dst); 4105 } 4106 4107 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4108 * turn it into one of the kernel's lifetime structures (seclifetime). 4109 * 4110 * IN: pointer to the destination, source and malloc type 4111 * OUT: NULL, no more memory 4112 */ 4113 4114 static struct seclifetime * 4115 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4116 { 4117 struct seclifetime *dst; 4118 4119 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4120 if (dst == NULL) { 4121 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4122 return (NULL); 4123 } 4124 dst->allocations = src->sadb_lifetime_allocations; 4125 dst->bytes = src->sadb_lifetime_bytes; 4126 dst->addtime = src->sadb_lifetime_addtime; 4127 dst->usetime = src->sadb_lifetime_usetime; 4128 return (dst); 4129 } 4130 4131 /* 4132 * compare two secasindex structure. 4133 * flag can specify to compare 2 saidxes. 4134 * compare two secasindex structure without both mode and reqid. 4135 * don't compare port. 4136 * IN: 4137 * saidx0: source, it can be in SAD. 4138 * saidx1: object. 4139 * OUT: 4140 * 1 : equal 4141 * 0 : not equal 4142 */ 4143 static int 4144 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4145 int flag) 4146 { 4147 4148 /* sanity */ 4149 if (saidx0 == NULL && saidx1 == NULL) 4150 return 1; 4151 4152 if (saidx0 == NULL || saidx1 == NULL) 4153 return 0; 4154 4155 if (saidx0->proto != saidx1->proto) 4156 return 0; 4157 4158 if (flag == CMP_EXACTLY) { 4159 if (saidx0->mode != saidx1->mode) 4160 return 0; 4161 if (saidx0->reqid != saidx1->reqid) 4162 return 0; 4163 if (bcmp(&saidx0->src, &saidx1->src, 4164 saidx0->src.sa.sa_len) != 0 || 4165 bcmp(&saidx0->dst, &saidx1->dst, 4166 saidx0->dst.sa.sa_len) != 0) 4167 return 0; 4168 } else { 4169 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4170 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4171 /* 4172 * If reqid of SPD is non-zero, unique SA is required. 4173 * The result must be of same reqid in this case. 4174 */ 4175 if (saidx1->reqid != 0 && 4176 saidx0->reqid != saidx1->reqid) 4177 return 0; 4178 } 4179 4180 if (flag == CMP_MODE_REQID) { 4181 if (saidx0->mode != IPSEC_MODE_ANY 4182 && saidx0->mode != saidx1->mode) 4183 return 0; 4184 } 4185 4186 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4187 return 0; 4188 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4189 return 0; 4190 } 4191 4192 return 1; 4193 } 4194 4195 /* 4196 * compare two secindex structure exactly. 4197 * IN: 4198 * spidx0: source, it is often in SPD. 4199 * spidx1: object, it is often from PFKEY message. 4200 * OUT: 4201 * 1 : equal 4202 * 0 : not equal 4203 */ 4204 static int 4205 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4206 struct secpolicyindex *spidx1) 4207 { 4208 /* sanity */ 4209 if (spidx0 == NULL && spidx1 == NULL) 4210 return 1; 4211 4212 if (spidx0 == NULL || spidx1 == NULL) 4213 return 0; 4214 4215 if (spidx0->prefs != spidx1->prefs 4216 || spidx0->prefd != spidx1->prefd 4217 || spidx0->ul_proto != spidx1->ul_proto 4218 || spidx0->dir != spidx1->dir) 4219 return 0; 4220 4221 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4222 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4223 } 4224 4225 /* 4226 * compare two secindex structure with mask. 4227 * IN: 4228 * spidx0: source, it is often in SPD. 4229 * spidx1: object, it is often from IP header. 4230 * OUT: 4231 * 1 : equal 4232 * 0 : not equal 4233 */ 4234 static int 4235 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4236 struct secpolicyindex *spidx1) 4237 { 4238 /* sanity */ 4239 if (spidx0 == NULL && spidx1 == NULL) 4240 return 1; 4241 4242 if (spidx0 == NULL || spidx1 == NULL) 4243 return 0; 4244 4245 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4246 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4247 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4248 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4249 return 0; 4250 4251 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4252 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4253 && spidx0->ul_proto != spidx1->ul_proto) 4254 return 0; 4255 4256 switch (spidx0->src.sa.sa_family) { 4257 case AF_INET: 4258 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4259 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4260 return 0; 4261 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4262 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4263 return 0; 4264 break; 4265 case AF_INET6: 4266 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4267 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4268 return 0; 4269 /* 4270 * scope_id check. if sin6_scope_id is 0, we regard it 4271 * as a wildcard scope, which matches any scope zone ID. 4272 */ 4273 if (spidx0->src.sin6.sin6_scope_id && 4274 spidx1->src.sin6.sin6_scope_id && 4275 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4276 return 0; 4277 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4278 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4279 return 0; 4280 break; 4281 default: 4282 /* XXX */ 4283 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4284 return 0; 4285 break; 4286 } 4287 4288 switch (spidx0->dst.sa.sa_family) { 4289 case AF_INET: 4290 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4291 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4292 return 0; 4293 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4294 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4295 return 0; 4296 break; 4297 case AF_INET6: 4298 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4299 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4300 return 0; 4301 /* 4302 * scope_id check. if sin6_scope_id is 0, we regard it 4303 * as a wildcard scope, which matches any scope zone ID. 4304 */ 4305 if (spidx0->dst.sin6.sin6_scope_id && 4306 spidx1->dst.sin6.sin6_scope_id && 4307 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4308 return 0; 4309 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4310 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4311 return 0; 4312 break; 4313 default: 4314 /* XXX */ 4315 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4316 return 0; 4317 break; 4318 } 4319 4320 /* XXX Do we check other field ? e.g. flowinfo */ 4321 4322 return 1; 4323 } 4324 4325 #ifdef satosin 4326 #undef satosin 4327 #endif 4328 #define satosin(s) ((const struct sockaddr_in *)s) 4329 #ifdef satosin6 4330 #undef satosin6 4331 #endif 4332 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4333 /* returns 0 on match */ 4334 int 4335 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4336 int port) 4337 { 4338 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4339 return 1; 4340 4341 switch (sa1->sa_family) { 4342 #ifdef INET 4343 case AF_INET: 4344 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4345 return 1; 4346 if (satosin(sa1)->sin_addr.s_addr != 4347 satosin(sa2)->sin_addr.s_addr) { 4348 return 1; 4349 } 4350 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4351 return 1; 4352 break; 4353 #endif 4354 #ifdef INET6 4355 case AF_INET6: 4356 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4357 return 1; /*EINVAL*/ 4358 if (satosin6(sa1)->sin6_scope_id != 4359 satosin6(sa2)->sin6_scope_id) { 4360 return 1; 4361 } 4362 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4363 &satosin6(sa2)->sin6_addr)) { 4364 return 1; 4365 } 4366 if (port && 4367 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4368 return 1; 4369 } 4370 break; 4371 #endif 4372 default: 4373 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4374 return 1; 4375 break; 4376 } 4377 4378 return 0; 4379 } 4380 4381 /* returns 0 on match */ 4382 int 4383 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4384 const struct sockaddr *sa2, size_t mask) 4385 { 4386 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4387 return (1); 4388 4389 switch (sa1->sa_family) { 4390 #ifdef INET 4391 case AF_INET: 4392 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4393 &satosin(sa2)->sin_addr, mask)); 4394 #endif 4395 #ifdef INET6 4396 case AF_INET6: 4397 if (satosin6(sa1)->sin6_scope_id != 4398 satosin6(sa2)->sin6_scope_id) 4399 return (1); 4400 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4401 &satosin6(sa2)->sin6_addr, mask)); 4402 #endif 4403 } 4404 return (1); 4405 } 4406 #undef satosin 4407 #undef satosin6 4408 4409 /* 4410 * compare two buffers with mask. 4411 * IN: 4412 * addr1: source 4413 * addr2: object 4414 * bits: Number of bits to compare 4415 * OUT: 4416 * 1 : equal 4417 * 0 : not equal 4418 */ 4419 static int 4420 key_bbcmp(const void *a1, const void *a2, u_int bits) 4421 { 4422 const unsigned char *p1 = a1; 4423 const unsigned char *p2 = a2; 4424 4425 /* XXX: This could be considerably faster if we compare a word 4426 * at a time, but it is complicated on LSB Endian machines */ 4427 4428 /* Handle null pointers */ 4429 if (p1 == NULL || p2 == NULL) 4430 return (p1 == p2); 4431 4432 while (bits >= 8) { 4433 if (*p1++ != *p2++) 4434 return 0; 4435 bits -= 8; 4436 } 4437 4438 if (bits > 0) { 4439 u_int8_t mask = ~((1<<(8-bits))-1); 4440 if ((*p1 & mask) != (*p2 & mask)) 4441 return 0; 4442 } 4443 return 1; /* Match! */ 4444 } 4445 4446 static void 4447 key_flush_spd(time_t now) 4448 { 4449 SPTREE_RLOCK_TRACKER; 4450 struct secpolicy_list drainq; 4451 struct secpolicy *sp, *nextsp; 4452 u_int dir; 4453 4454 LIST_INIT(&drainq); 4455 SPTREE_RLOCK(); 4456 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4457 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4458 if (sp->lifetime == 0 && sp->validtime == 0) 4459 continue; 4460 if ((sp->lifetime && 4461 now - sp->created > sp->lifetime) || 4462 (sp->validtime && 4463 now - sp->lastused > sp->validtime)) { 4464 /* Hold extra reference to send SPDEXPIRE */ 4465 SP_ADDREF(sp); 4466 LIST_INSERT_HEAD(&drainq, sp, drainq); 4467 } 4468 } 4469 } 4470 SPTREE_RUNLOCK(); 4471 if (LIST_EMPTY(&drainq)) 4472 return; 4473 4474 SPTREE_WLOCK(); 4475 sp = LIST_FIRST(&drainq); 4476 while (sp != NULL) { 4477 nextsp = LIST_NEXT(sp, drainq); 4478 /* Check that SP is still linked */ 4479 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4480 LIST_REMOVE(sp, drainq); 4481 key_freesp(&sp); /* release extra reference */ 4482 sp = nextsp; 4483 continue; 4484 } 4485 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4486 V_spd_size--; 4487 LIST_REMOVE(sp, idhash); 4488 sp->state = IPSEC_SPSTATE_DEAD; 4489 sp = nextsp; 4490 } 4491 V_sp_genid++; 4492 SPTREE_WUNLOCK(); 4493 if (SPDCACHE_ENABLED()) 4494 spdcache_clear(); 4495 4496 sp = LIST_FIRST(&drainq); 4497 while (sp != NULL) { 4498 nextsp = LIST_NEXT(sp, drainq); 4499 key_spdexpire(sp); 4500 key_freesp(&sp); /* release extra reference */ 4501 key_freesp(&sp); /* release last reference */ 4502 sp = nextsp; 4503 } 4504 } 4505 4506 static void 4507 key_flush_sad(time_t now) 4508 { 4509 SAHTREE_RLOCK_TRACKER; 4510 struct secashead_list emptyq; 4511 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4512 struct secashead *sah, *nextsah; 4513 struct secasvar *sav, *nextsav; 4514 4515 SECASVAR_RLOCK_TRACKER; 4516 4517 LIST_INIT(&drainq); 4518 LIST_INIT(&hexpireq); 4519 LIST_INIT(&sexpireq); 4520 LIST_INIT(&emptyq); 4521 4522 SAHTREE_RLOCK(); 4523 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4524 /* Check for empty SAH */ 4525 if (TAILQ_EMPTY(&sah->savtree_larval) && 4526 TAILQ_EMPTY(&sah->savtree_alive)) { 4527 SAH_ADDREF(sah); 4528 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4529 continue; 4530 } 4531 /* Add all stale LARVAL SAs into drainq */ 4532 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4533 if (now - sav->created < V_key_larval_lifetime) 4534 continue; 4535 SAV_ADDREF(sav); 4536 LIST_INSERT_HEAD(&drainq, sav, drainq); 4537 } 4538 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4539 /* lifetimes aren't specified */ 4540 if (sav->lft_h == NULL) 4541 continue; 4542 SECASVAR_RLOCK(sav); 4543 /* 4544 * Check again with lock held, because it may 4545 * be updated by SADB_UPDATE. 4546 */ 4547 if (sav->lft_h == NULL) { 4548 SECASVAR_RUNLOCK(sav); 4549 continue; 4550 } 4551 /* 4552 * RFC 2367: 4553 * HARD lifetimes MUST take precedence over SOFT 4554 * lifetimes, meaning if the HARD and SOFT lifetimes 4555 * are the same, the HARD lifetime will appear on the 4556 * EXPIRE message. 4557 */ 4558 /* check HARD lifetime */ 4559 if ((sav->lft_h->addtime != 0 && 4560 now - sav->created > sav->lft_h->addtime) || 4561 (sav->lft_h->usetime != 0 && sav->firstused && 4562 now - sav->firstused > sav->lft_h->usetime) || 4563 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4564 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4565 SECASVAR_RUNLOCK(sav); 4566 SAV_ADDREF(sav); 4567 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4568 continue; 4569 } 4570 /* check SOFT lifetime (only for MATURE SAs) */ 4571 if (sav->state == SADB_SASTATE_MATURE && ( 4572 (sav->lft_s->addtime != 0 && 4573 now - sav->created > sav->lft_s->addtime) || 4574 (sav->lft_s->usetime != 0 && sav->firstused && 4575 now - sav->firstused > sav->lft_s->usetime) || 4576 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4577 sav->lft_c_bytes) > sav->lft_s->bytes) || 4578 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4579 (sav->replay != NULL) && ( 4580 (sav->replay->count > UINT32_80PCT) || 4581 (sav->replay->last > UINT32_80PCT))))) { 4582 SECASVAR_RUNLOCK(sav); 4583 SAV_ADDREF(sav); 4584 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4585 continue; 4586 } 4587 SECASVAR_RUNLOCK(sav); 4588 } 4589 } 4590 SAHTREE_RUNLOCK(); 4591 4592 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4593 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4594 return; 4595 4596 LIST_INIT(&freeq); 4597 SAHTREE_WLOCK(); 4598 /* Unlink stale LARVAL SAs */ 4599 sav = LIST_FIRST(&drainq); 4600 while (sav != NULL) { 4601 nextsav = LIST_NEXT(sav, drainq); 4602 /* Check that SA is still LARVAL */ 4603 if (sav->state != SADB_SASTATE_LARVAL) { 4604 LIST_REMOVE(sav, drainq); 4605 LIST_INSERT_HEAD(&freeq, sav, drainq); 4606 sav = nextsav; 4607 continue; 4608 } 4609 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4610 LIST_REMOVE(sav, spihash); 4611 sav->state = SADB_SASTATE_DEAD; 4612 sav = nextsav; 4613 } 4614 /* Unlink all SAs with expired HARD lifetime */ 4615 sav = LIST_FIRST(&hexpireq); 4616 while (sav != NULL) { 4617 nextsav = LIST_NEXT(sav, drainq); 4618 /* Check that SA is not unlinked */ 4619 if (sav->state == SADB_SASTATE_DEAD) { 4620 LIST_REMOVE(sav, drainq); 4621 LIST_INSERT_HEAD(&freeq, sav, drainq); 4622 sav = nextsav; 4623 continue; 4624 } 4625 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4626 LIST_REMOVE(sav, spihash); 4627 sav->state = SADB_SASTATE_DEAD; 4628 sav = nextsav; 4629 } 4630 /* Mark all SAs with expired SOFT lifetime as DYING */ 4631 sav = LIST_FIRST(&sexpireq); 4632 while (sav != NULL) { 4633 nextsav = LIST_NEXT(sav, drainq); 4634 /* Check that SA is not unlinked */ 4635 if (sav->state == SADB_SASTATE_DEAD) { 4636 LIST_REMOVE(sav, drainq); 4637 LIST_INSERT_HEAD(&freeq, sav, drainq); 4638 sav = nextsav; 4639 continue; 4640 } 4641 /* 4642 * NOTE: this doesn't change SA order in the chain. 4643 */ 4644 sav->state = SADB_SASTATE_DYING; 4645 sav = nextsav; 4646 } 4647 /* Unlink empty SAHs */ 4648 sah = LIST_FIRST(&emptyq); 4649 while (sah != NULL) { 4650 nextsah = LIST_NEXT(sah, drainq); 4651 /* Check that SAH is still empty and not unlinked */ 4652 if (sah->state == SADB_SASTATE_DEAD || 4653 !TAILQ_EMPTY(&sah->savtree_larval) || 4654 !TAILQ_EMPTY(&sah->savtree_alive)) { 4655 LIST_REMOVE(sah, drainq); 4656 key_freesah(&sah); /* release extra reference */ 4657 sah = nextsah; 4658 continue; 4659 } 4660 TAILQ_REMOVE(&V_sahtree, sah, chain); 4661 LIST_REMOVE(sah, addrhash); 4662 sah->state = SADB_SASTATE_DEAD; 4663 sah = nextsah; 4664 } 4665 SAHTREE_WUNLOCK(); 4666 4667 /* Send SPDEXPIRE messages */ 4668 sav = LIST_FIRST(&hexpireq); 4669 while (sav != NULL) { 4670 nextsav = LIST_NEXT(sav, drainq); 4671 key_expire(sav, 1); 4672 key_freesah(&sav->sah); /* release reference from SAV */ 4673 key_freesav(&sav); /* release extra reference */ 4674 key_freesav(&sav); /* release last reference */ 4675 sav = nextsav; 4676 } 4677 sav = LIST_FIRST(&sexpireq); 4678 while (sav != NULL) { 4679 nextsav = LIST_NEXT(sav, drainq); 4680 key_expire(sav, 0); 4681 key_freesav(&sav); /* release extra reference */ 4682 sav = nextsav; 4683 } 4684 /* Free stale LARVAL SAs */ 4685 sav = LIST_FIRST(&drainq); 4686 while (sav != NULL) { 4687 nextsav = LIST_NEXT(sav, drainq); 4688 key_freesah(&sav->sah); /* release reference from SAV */ 4689 key_freesav(&sav); /* release extra reference */ 4690 key_freesav(&sav); /* release last reference */ 4691 sav = nextsav; 4692 } 4693 /* Free SAs that were unlinked/changed by someone else */ 4694 sav = LIST_FIRST(&freeq); 4695 while (sav != NULL) { 4696 nextsav = LIST_NEXT(sav, drainq); 4697 key_freesav(&sav); /* release extra reference */ 4698 sav = nextsav; 4699 } 4700 /* Free empty SAH */ 4701 sah = LIST_FIRST(&emptyq); 4702 while (sah != NULL) { 4703 nextsah = LIST_NEXT(sah, drainq); 4704 key_freesah(&sah); /* release extra reference */ 4705 key_freesah(&sah); /* release last reference */ 4706 sah = nextsah; 4707 } 4708 } 4709 4710 static void 4711 key_flush_acq(time_t now) 4712 { 4713 struct secacq *acq, *nextacq; 4714 4715 /* ACQ tree */ 4716 ACQ_LOCK(); 4717 acq = LIST_FIRST(&V_acqtree); 4718 while (acq != NULL) { 4719 nextacq = LIST_NEXT(acq, chain); 4720 if (now - acq->created > V_key_blockacq_lifetime) { 4721 LIST_REMOVE(acq, chain); 4722 LIST_REMOVE(acq, addrhash); 4723 LIST_REMOVE(acq, seqhash); 4724 free(acq, M_IPSEC_SAQ); 4725 } 4726 acq = nextacq; 4727 } 4728 ACQ_UNLOCK(); 4729 } 4730 4731 static void 4732 key_flush_spacq(time_t now) 4733 { 4734 struct secspacq *acq, *nextacq; 4735 4736 /* SP ACQ tree */ 4737 SPACQ_LOCK(); 4738 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4739 nextacq = LIST_NEXT(acq, chain); 4740 if (now - acq->created > V_key_blockacq_lifetime 4741 && __LIST_CHAINED(acq)) { 4742 LIST_REMOVE(acq, chain); 4743 free(acq, M_IPSEC_SAQ); 4744 } 4745 } 4746 SPACQ_UNLOCK(); 4747 } 4748 4749 /* 4750 * time handler. 4751 * scanning SPD and SAD to check status for each entries, 4752 * and do to remove or to expire. 4753 * XXX: year 2038 problem may remain. 4754 */ 4755 static void 4756 key_timehandler(void *arg) 4757 { 4758 VNET_ITERATOR_DECL(vnet_iter); 4759 time_t now = time_second; 4760 4761 VNET_LIST_RLOCK_NOSLEEP(); 4762 VNET_FOREACH(vnet_iter) { 4763 CURVNET_SET(vnet_iter); 4764 key_flush_spd(now); 4765 key_flush_sad(now); 4766 key_flush_acq(now); 4767 key_flush_spacq(now); 4768 CURVNET_RESTORE(); 4769 } 4770 VNET_LIST_RUNLOCK_NOSLEEP(); 4771 4772 #ifndef IPSEC_DEBUG2 4773 /* do exchange to tick time !! */ 4774 callout_schedule(&key_timer, hz); 4775 #endif /* IPSEC_DEBUG2 */ 4776 } 4777 4778 u_long 4779 key_random(void) 4780 { 4781 u_long value; 4782 4783 arc4random_buf(&value, sizeof(value)); 4784 return value; 4785 } 4786 4787 /* 4788 * map SADB_SATYPE_* to IPPROTO_*. 4789 * if satype == SADB_SATYPE then satype is mapped to ~0. 4790 * OUT: 4791 * 0: invalid satype. 4792 */ 4793 static uint8_t 4794 key_satype2proto(uint8_t satype) 4795 { 4796 switch (satype) { 4797 case SADB_SATYPE_UNSPEC: 4798 return IPSEC_PROTO_ANY; 4799 case SADB_SATYPE_AH: 4800 return IPPROTO_AH; 4801 case SADB_SATYPE_ESP: 4802 return IPPROTO_ESP; 4803 case SADB_X_SATYPE_IPCOMP: 4804 return IPPROTO_IPCOMP; 4805 case SADB_X_SATYPE_TCPSIGNATURE: 4806 return IPPROTO_TCP; 4807 default: 4808 return 0; 4809 } 4810 /* NOTREACHED */ 4811 } 4812 4813 /* 4814 * map IPPROTO_* to SADB_SATYPE_* 4815 * OUT: 4816 * 0: invalid protocol type. 4817 */ 4818 static uint8_t 4819 key_proto2satype(uint8_t proto) 4820 { 4821 switch (proto) { 4822 case IPPROTO_AH: 4823 return SADB_SATYPE_AH; 4824 case IPPROTO_ESP: 4825 return SADB_SATYPE_ESP; 4826 case IPPROTO_IPCOMP: 4827 return SADB_X_SATYPE_IPCOMP; 4828 case IPPROTO_TCP: 4829 return SADB_X_SATYPE_TCPSIGNATURE; 4830 default: 4831 return 0; 4832 } 4833 /* NOTREACHED */ 4834 } 4835 4836 /* %%% PF_KEY */ 4837 /* 4838 * SADB_GETSPI processing is to receive 4839 * <base, (SA2), src address, dst address, (SPI range)> 4840 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4841 * tree with the status of LARVAL, and send 4842 * <base, SA(*), address(SD)> 4843 * to the IKMPd. 4844 * 4845 * IN: mhp: pointer to the pointer to each header. 4846 * OUT: NULL if fail. 4847 * other if success, return pointer to the message to send. 4848 */ 4849 static int 4850 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4851 { 4852 struct secasindex saidx; 4853 struct sadb_address *src0, *dst0; 4854 struct secasvar *sav; 4855 uint32_t reqid, spi; 4856 int error; 4857 uint8_t mode, proto; 4858 4859 IPSEC_ASSERT(so != NULL, ("null socket")); 4860 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4861 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4862 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4863 4864 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4865 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4866 #ifdef PFKEY_STRICT_CHECKS 4867 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4868 #endif 4869 ) { 4870 ipseclog((LOG_DEBUG, 4871 "%s: invalid message: missing required header.\n", 4872 __func__)); 4873 error = EINVAL; 4874 goto fail; 4875 } 4876 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4877 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4878 #ifdef PFKEY_STRICT_CHECKS 4879 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4880 #endif 4881 ) { 4882 ipseclog((LOG_DEBUG, 4883 "%s: invalid message: wrong header size.\n", __func__)); 4884 error = EINVAL; 4885 goto fail; 4886 } 4887 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4888 mode = IPSEC_MODE_ANY; 4889 reqid = 0; 4890 } else { 4891 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4892 ipseclog((LOG_DEBUG, 4893 "%s: invalid message: wrong header size.\n", 4894 __func__)); 4895 error = EINVAL; 4896 goto fail; 4897 } 4898 mode = ((struct sadb_x_sa2 *) 4899 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4900 reqid = ((struct sadb_x_sa2 *) 4901 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4902 } 4903 4904 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4905 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4906 4907 /* map satype to proto */ 4908 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4909 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4910 __func__)); 4911 error = EINVAL; 4912 goto fail; 4913 } 4914 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4915 (struct sockaddr *)(dst0 + 1)); 4916 if (error != 0) { 4917 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4918 error = EINVAL; 4919 goto fail; 4920 } 4921 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4922 4923 /* SPI allocation */ 4924 SPI_ALLOC_LOCK(); 4925 spi = key_do_getnewspi( 4926 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4927 if (spi == 0) { 4928 /* 4929 * Requested SPI or SPI range is not available or 4930 * already used. 4931 */ 4932 SPI_ALLOC_UNLOCK(); 4933 error = EEXIST; 4934 goto fail; 4935 } 4936 sav = key_newsav(mhp, &saidx, spi, &error); 4937 SPI_ALLOC_UNLOCK(); 4938 if (sav == NULL) 4939 goto fail; 4940 4941 if (sav->seq != 0) { 4942 /* 4943 * RFC2367: 4944 * If the SADB_GETSPI message is in response to a 4945 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4946 * MUST be the same as the SADB_ACQUIRE message. 4947 * 4948 * XXXAE: However it doesn't definethe behaviour how to 4949 * check this and what to do if it doesn't match. 4950 * Also what we should do if it matches? 4951 * 4952 * We can compare saidx used in SADB_ACQUIRE with saidx 4953 * used in SADB_GETSPI, but this probably can break 4954 * existing software. For now just warn if it doesn't match. 4955 * 4956 * XXXAE: anyway it looks useless. 4957 */ 4958 key_acqdone(&saidx, sav->seq); 4959 } 4960 KEYDBG(KEY_STAMP, 4961 printf("%s: SA(%p)\n", __func__, sav)); 4962 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4963 4964 { 4965 struct mbuf *n, *nn; 4966 struct sadb_sa *m_sa; 4967 struct sadb_msg *newmsg; 4968 int off, len; 4969 4970 /* create new sadb_msg to reply. */ 4971 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4972 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4973 4974 MGETHDR(n, M_NOWAIT, MT_DATA); 4975 if (len > MHLEN) { 4976 if (!(MCLGET(n, M_NOWAIT))) { 4977 m_freem(n); 4978 n = NULL; 4979 } 4980 } 4981 if (!n) { 4982 error = ENOBUFS; 4983 goto fail; 4984 } 4985 4986 n->m_len = len; 4987 n->m_next = NULL; 4988 off = 0; 4989 4990 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4991 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4992 4993 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4994 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4995 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4996 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4997 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4998 4999 IPSEC_ASSERT(off == len, 5000 ("length inconsistency (off %u len %u)", off, len)); 5001 5002 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5003 SADB_EXT_ADDRESS_DST); 5004 if (!n->m_next) { 5005 m_freem(n); 5006 error = ENOBUFS; 5007 goto fail; 5008 } 5009 5010 if (n->m_len < sizeof(struct sadb_msg)) { 5011 n = m_pullup(n, sizeof(struct sadb_msg)); 5012 if (n == NULL) 5013 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5014 } 5015 5016 n->m_pkthdr.len = 0; 5017 for (nn = n; nn; nn = nn->m_next) 5018 n->m_pkthdr.len += nn->m_len; 5019 5020 newmsg = mtod(n, struct sadb_msg *); 5021 newmsg->sadb_msg_seq = sav->seq; 5022 newmsg->sadb_msg_errno = 0; 5023 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5024 5025 m_freem(m); 5026 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5027 } 5028 5029 fail: 5030 return (key_senderror(so, m, error)); 5031 } 5032 5033 /* 5034 * allocating new SPI 5035 * called by key_getspi(). 5036 * OUT: 5037 * 0: failure. 5038 * others: success, SPI in network byte order. 5039 */ 5040 static uint32_t 5041 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5042 { 5043 uint32_t min, max, newspi, t; 5044 int tries, limit; 5045 5046 SPI_ALLOC_LOCK_ASSERT(); 5047 5048 /* set spi range to allocate */ 5049 if (spirange != NULL) { 5050 min = spirange->sadb_spirange_min; 5051 max = spirange->sadb_spirange_max; 5052 } else { 5053 min = V_key_spi_minval; 5054 max = V_key_spi_maxval; 5055 } 5056 /* IPCOMP needs 2-byte SPI */ 5057 if (saidx->proto == IPPROTO_IPCOMP) { 5058 if (min >= 0x10000) 5059 min = 0xffff; 5060 if (max >= 0x10000) 5061 max = 0xffff; 5062 if (min > max) { 5063 t = min; min = max; max = t; 5064 } 5065 } 5066 5067 if (min == max) { 5068 if (key_checkspidup(htonl(min))) { 5069 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5070 __func__, min)); 5071 return 0; 5072 } 5073 5074 tries = 1; 5075 newspi = min; 5076 } else { 5077 /* init SPI */ 5078 newspi = 0; 5079 5080 limit = atomic_load_int(&V_key_spi_trycnt); 5081 /* when requesting to allocate spi ranged */ 5082 for (tries = 0; tries < limit; tries++) { 5083 /* generate pseudo-random SPI value ranged. */ 5084 newspi = min + (key_random() % (max - min + 1)); 5085 if (!key_checkspidup(htonl(newspi))) 5086 break; 5087 } 5088 5089 if (tries == limit || newspi == 0) { 5090 ipseclog((LOG_DEBUG, 5091 "%s: failed to allocate SPI.\n", __func__)); 5092 return 0; 5093 } 5094 } 5095 5096 /* statistics */ 5097 keystat.getspi_count = 5098 (keystat.getspi_count + tries) / 2; 5099 5100 return (htonl(newspi)); 5101 } 5102 5103 /* 5104 * Find TCP-MD5 SA with corresponding secasindex. 5105 * If not found, return NULL and fill SPI with usable value if needed. 5106 */ 5107 static struct secasvar * 5108 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5109 { 5110 SAHTREE_RLOCK_TRACKER; 5111 struct secashead *sah; 5112 struct secasvar *sav; 5113 5114 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5115 SAHTREE_RLOCK(); 5116 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5117 if (sah->saidx.proto != IPPROTO_TCP) 5118 continue; 5119 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5120 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5121 break; 5122 } 5123 if (sah != NULL) { 5124 if (V_key_preferred_oldsa) 5125 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5126 else 5127 sav = TAILQ_FIRST(&sah->savtree_alive); 5128 if (sav != NULL) { 5129 SAV_ADDREF(sav); 5130 SAHTREE_RUNLOCK(); 5131 return (sav); 5132 } 5133 } 5134 if (spi == NULL) { 5135 /* No SPI required */ 5136 SAHTREE_RUNLOCK(); 5137 return (NULL); 5138 } 5139 /* Check that SPI is unique */ 5140 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5141 if (sav->spi == *spi) 5142 break; 5143 } 5144 if (sav == NULL) { 5145 SAHTREE_RUNLOCK(); 5146 /* SPI is already unique */ 5147 return (NULL); 5148 } 5149 SAHTREE_RUNLOCK(); 5150 /* XXX: not optimal */ 5151 *spi = key_do_getnewspi(NULL, saidx); 5152 return (NULL); 5153 } 5154 5155 static int 5156 key_updateaddresses(struct socket *so, struct mbuf *m, 5157 const struct sadb_msghdr *mhp, struct secasvar *sav, 5158 struct secasindex *saidx) 5159 { 5160 struct sockaddr *newaddr; 5161 struct secashead *sah; 5162 struct secasvar *newsav, *tmp; 5163 struct mbuf *n; 5164 int error, isnew; 5165 5166 /* Check that we need to change SAH */ 5167 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5168 newaddr = (struct sockaddr *)( 5169 ((struct sadb_address *) 5170 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5171 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5172 key_porttosaddr(&saidx->src.sa, 0); 5173 } 5174 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5175 newaddr = (struct sockaddr *)( 5176 ((struct sadb_address *) 5177 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5178 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5179 key_porttosaddr(&saidx->dst.sa, 0); 5180 } 5181 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5182 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5183 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5184 if (error != 0) { 5185 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5186 __func__)); 5187 return (error); 5188 } 5189 5190 sah = key_getsah(saidx); 5191 if (sah == NULL) { 5192 /* create a new SA index */ 5193 sah = key_newsah(saidx); 5194 if (sah == NULL) { 5195 ipseclog((LOG_DEBUG, 5196 "%s: No more memory.\n", __func__)); 5197 return (ENOBUFS); 5198 } 5199 isnew = 2; /* SAH is new */ 5200 } else 5201 isnew = 1; /* existing SAH is referenced */ 5202 } else { 5203 /* 5204 * src and dst addresses are still the same. 5205 * Do we want to change NAT-T config? 5206 */ 5207 if (sav->sah->saidx.proto != IPPROTO_ESP || 5208 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5209 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5210 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5211 ipseclog((LOG_DEBUG, 5212 "%s: invalid message: missing required header.\n", 5213 __func__)); 5214 return (EINVAL); 5215 } 5216 /* We hold reference to SA, thus SAH will be referenced too. */ 5217 sah = sav->sah; 5218 isnew = 0; 5219 } 5220 5221 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5222 M_NOWAIT | M_ZERO); 5223 if (newsav == NULL) { 5224 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5225 error = ENOBUFS; 5226 goto fail; 5227 } 5228 5229 /* Clone SA's content into newsav */ 5230 SAV_INITREF(newsav); 5231 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5232 /* 5233 * We create new NAT-T config if it is needed. 5234 * Old NAT-T config will be freed by key_cleansav() when 5235 * last reference to SA will be released. 5236 */ 5237 newsav->natt = NULL; 5238 newsav->sah = sah; 5239 newsav->state = SADB_SASTATE_MATURE; 5240 error = key_setnatt(newsav, mhp); 5241 if (error != 0) 5242 goto fail; 5243 5244 SAHTREE_WLOCK(); 5245 /* Check that SA is still alive */ 5246 if (sav->state == SADB_SASTATE_DEAD) { 5247 /* SA was unlinked */ 5248 SAHTREE_WUNLOCK(); 5249 error = ESRCH; 5250 goto fail; 5251 } 5252 5253 /* Unlink SA from SAH and SPI hash */ 5254 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5255 ("SA is already cloned")); 5256 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5257 sav->state == SADB_SASTATE_DYING, 5258 ("Wrong SA state %u\n", sav->state)); 5259 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5260 LIST_REMOVE(sav, spihash); 5261 sav->state = SADB_SASTATE_DEAD; 5262 5263 /* 5264 * Link new SA with SAH. Keep SAs ordered by 5265 * create time (newer are first). 5266 */ 5267 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5268 if (newsav->created > tmp->created) { 5269 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5270 break; 5271 } 5272 } 5273 if (tmp == NULL) 5274 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5275 5276 /* Add new SA into SPI hash. */ 5277 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5278 5279 /* Add new SAH into SADB. */ 5280 if (isnew == 2) { 5281 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5282 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5283 sah->state = SADB_SASTATE_MATURE; 5284 SAH_ADDREF(sah); /* newsav references new SAH */ 5285 } 5286 /* 5287 * isnew == 1 -> @sah was referenced by key_getsah(). 5288 * isnew == 0 -> we use the same @sah, that was used by @sav, 5289 * and we use its reference for @newsav. 5290 */ 5291 SECASVAR_WLOCK(sav); 5292 /* XXX: replace cntr with pointer? */ 5293 newsav->cntr = sav->cntr; 5294 sav->flags |= SADB_X_EXT_F_CLONED; 5295 SECASVAR_WUNLOCK(sav); 5296 5297 SAHTREE_WUNLOCK(); 5298 5299 KEYDBG(KEY_STAMP, 5300 printf("%s: SA(%p) cloned into SA(%p)\n", 5301 __func__, sav, newsav)); 5302 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5303 5304 key_freesav(&sav); /* release last reference */ 5305 5306 /* set msg buf from mhp */ 5307 n = key_getmsgbuf_x1(m, mhp); 5308 if (n == NULL) { 5309 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5310 return (ENOBUFS); 5311 } 5312 m_freem(m); 5313 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5314 return (0); 5315 fail: 5316 if (isnew != 0) 5317 key_freesah(&sah); 5318 if (newsav != NULL) { 5319 if (newsav->natt != NULL) 5320 free(newsav->natt, M_IPSEC_MISC); 5321 free(newsav, M_IPSEC_SA); 5322 } 5323 return (error); 5324 } 5325 5326 /* 5327 * SADB_UPDATE processing 5328 * receive 5329 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5330 * key(AE), (identity(SD),) (sensitivity)> 5331 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5332 * and send 5333 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5334 * (identity(SD),) (sensitivity)> 5335 * to the ikmpd. 5336 * 5337 * m will always be freed. 5338 */ 5339 static int 5340 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5341 { 5342 struct secasindex saidx; 5343 struct sadb_address *src0, *dst0; 5344 struct sadb_sa *sa0; 5345 struct secasvar *sav; 5346 uint32_t reqid; 5347 int error; 5348 uint8_t mode, proto; 5349 5350 IPSEC_ASSERT(so != NULL, ("null socket")); 5351 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5352 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5353 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5354 5355 /* map satype to proto */ 5356 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5357 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5358 __func__)); 5359 return key_senderror(so, m, EINVAL); 5360 } 5361 5362 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5363 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5364 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5365 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5366 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5367 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5368 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5369 ipseclog((LOG_DEBUG, 5370 "%s: invalid message: missing required header.\n", 5371 __func__)); 5372 return key_senderror(so, m, EINVAL); 5373 } 5374 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5375 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5376 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5377 ipseclog((LOG_DEBUG, 5378 "%s: invalid message: wrong header size.\n", __func__)); 5379 return key_senderror(so, m, EINVAL); 5380 } 5381 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5382 mode = IPSEC_MODE_ANY; 5383 reqid = 0; 5384 } else { 5385 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5386 ipseclog((LOG_DEBUG, 5387 "%s: invalid message: wrong header size.\n", 5388 __func__)); 5389 return key_senderror(so, m, EINVAL); 5390 } 5391 mode = ((struct sadb_x_sa2 *) 5392 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5393 reqid = ((struct sadb_x_sa2 *) 5394 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5395 } 5396 5397 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5398 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5399 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5400 5401 /* 5402 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5403 * SADB_UPDATE message. 5404 */ 5405 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5406 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5407 #ifdef PFKEY_STRICT_CHECKS 5408 return key_senderror(so, m, EINVAL); 5409 #endif 5410 } 5411 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5412 (struct sockaddr *)(dst0 + 1)); 5413 if (error != 0) { 5414 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5415 return key_senderror(so, m, error); 5416 } 5417 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5418 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5419 if (sav == NULL) { 5420 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5421 __func__, ntohl(sa0->sadb_sa_spi))); 5422 return key_senderror(so, m, EINVAL); 5423 } 5424 /* 5425 * Check that SADB_UPDATE issued by the same process that did 5426 * SADB_GETSPI or SADB_ADD. 5427 */ 5428 if (sav->pid != mhp->msg->sadb_msg_pid) { 5429 ipseclog((LOG_DEBUG, 5430 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5431 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5432 key_freesav(&sav); 5433 return key_senderror(so, m, EINVAL); 5434 } 5435 /* saidx should match with SA. */ 5436 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5437 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5438 __func__, ntohl(sav->spi))); 5439 key_freesav(&sav); 5440 return key_senderror(so, m, ESRCH); 5441 } 5442 5443 if (sav->state == SADB_SASTATE_LARVAL) { 5444 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5445 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5446 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5447 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5448 ipseclog((LOG_DEBUG, 5449 "%s: invalid message: missing required header.\n", 5450 __func__)); 5451 key_freesav(&sav); 5452 return key_senderror(so, m, EINVAL); 5453 } 5454 /* 5455 * We can set any values except src, dst and SPI. 5456 */ 5457 error = key_setsaval(sav, mhp); 5458 if (error != 0) { 5459 key_freesav(&sav); 5460 return (key_senderror(so, m, error)); 5461 } 5462 /* Change SA state to MATURE */ 5463 SAHTREE_WLOCK(); 5464 if (sav->state != SADB_SASTATE_LARVAL) { 5465 /* SA was deleted or another thread made it MATURE. */ 5466 SAHTREE_WUNLOCK(); 5467 key_freesav(&sav); 5468 return (key_senderror(so, m, ESRCH)); 5469 } 5470 /* 5471 * NOTE: we keep SAs in savtree_alive ordered by created 5472 * time. When SA's state changed from LARVAL to MATURE, 5473 * we update its created time in key_setsaval() and move 5474 * it into head of savtree_alive. 5475 */ 5476 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5477 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5478 sav->state = SADB_SASTATE_MATURE; 5479 SAHTREE_WUNLOCK(); 5480 } else { 5481 /* 5482 * For DYING and MATURE SA we can change only state 5483 * and lifetimes. Report EINVAL if something else attempted 5484 * to change. 5485 */ 5486 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5487 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5488 key_freesav(&sav); 5489 return (key_senderror(so, m, EINVAL)); 5490 } 5491 error = key_updatelifetimes(sav, mhp); 5492 if (error != 0) { 5493 key_freesav(&sav); 5494 return (key_senderror(so, m, error)); 5495 } 5496 /* 5497 * This is FreeBSD extension to RFC2367. 5498 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5499 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5500 * SA addresses (for example to implement MOBIKE protocol 5501 * as described in RFC4555). Also we allow to change 5502 * NAT-T config. 5503 */ 5504 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5505 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5506 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5507 sav->natt != NULL) { 5508 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5509 key_freesav(&sav); 5510 if (error != 0) 5511 return (key_senderror(so, m, error)); 5512 return (0); 5513 } 5514 /* Check that SA is still alive */ 5515 SAHTREE_WLOCK(); 5516 if (sav->state == SADB_SASTATE_DEAD) { 5517 /* SA was unlinked */ 5518 SAHTREE_WUNLOCK(); 5519 key_freesav(&sav); 5520 return (key_senderror(so, m, ESRCH)); 5521 } 5522 /* 5523 * NOTE: there is possible state moving from DYING to MATURE, 5524 * but this doesn't change created time, so we won't reorder 5525 * this SA. 5526 */ 5527 sav->state = SADB_SASTATE_MATURE; 5528 SAHTREE_WUNLOCK(); 5529 } 5530 KEYDBG(KEY_STAMP, 5531 printf("%s: SA(%p)\n", __func__, sav)); 5532 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5533 key_freesav(&sav); 5534 5535 { 5536 struct mbuf *n; 5537 5538 /* set msg buf from mhp */ 5539 n = key_getmsgbuf_x1(m, mhp); 5540 if (n == NULL) { 5541 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5542 return key_senderror(so, m, ENOBUFS); 5543 } 5544 5545 m_freem(m); 5546 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5547 } 5548 } 5549 5550 /* 5551 * SADB_ADD processing 5552 * add an entry to SA database, when received 5553 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5554 * key(AE), (identity(SD),) (sensitivity)> 5555 * from the ikmpd, 5556 * and send 5557 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5558 * (identity(SD),) (sensitivity)> 5559 * to the ikmpd. 5560 * 5561 * IGNORE identity and sensitivity messages. 5562 * 5563 * m will always be freed. 5564 */ 5565 static int 5566 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5567 { 5568 struct secasindex saidx; 5569 struct sadb_address *src0, *dst0; 5570 struct sadb_sa *sa0; 5571 struct secasvar *sav; 5572 uint32_t reqid, spi; 5573 uint8_t mode, proto; 5574 int error; 5575 5576 IPSEC_ASSERT(so != NULL, ("null socket")); 5577 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5578 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5579 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5580 5581 /* map satype to proto */ 5582 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5583 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5584 __func__)); 5585 return key_senderror(so, m, EINVAL); 5586 } 5587 5588 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5589 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5590 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5591 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5592 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5593 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5594 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5595 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5596 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5597 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5598 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5599 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5600 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5601 ipseclog((LOG_DEBUG, 5602 "%s: invalid message: missing required header.\n", 5603 __func__)); 5604 return key_senderror(so, m, EINVAL); 5605 } 5606 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5607 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5608 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5609 ipseclog((LOG_DEBUG, 5610 "%s: invalid message: wrong header size.\n", __func__)); 5611 return key_senderror(so, m, EINVAL); 5612 } 5613 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5614 mode = IPSEC_MODE_ANY; 5615 reqid = 0; 5616 } else { 5617 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5618 ipseclog((LOG_DEBUG, 5619 "%s: invalid message: wrong header size.\n", 5620 __func__)); 5621 return key_senderror(so, m, EINVAL); 5622 } 5623 mode = ((struct sadb_x_sa2 *) 5624 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5625 reqid = ((struct sadb_x_sa2 *) 5626 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5627 } 5628 5629 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5630 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5631 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5632 5633 /* 5634 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5635 * SADB_ADD message. 5636 */ 5637 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5638 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5639 #ifdef PFKEY_STRICT_CHECKS 5640 return key_senderror(so, m, EINVAL); 5641 #endif 5642 } 5643 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5644 (struct sockaddr *)(dst0 + 1)); 5645 if (error != 0) { 5646 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5647 return key_senderror(so, m, error); 5648 } 5649 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5650 spi = sa0->sadb_sa_spi; 5651 /* 5652 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5653 * secasindex. 5654 * XXXAE: IPComp seems also doesn't use SPI. 5655 */ 5656 SPI_ALLOC_LOCK(); 5657 if (proto == IPPROTO_TCP) { 5658 sav = key_getsav_tcpmd5(&saidx, &spi); 5659 if (sav == NULL && spi == 0) { 5660 SPI_ALLOC_UNLOCK(); 5661 /* Failed to allocate SPI */ 5662 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5663 __func__)); 5664 return key_senderror(so, m, EEXIST); 5665 } 5666 /* XXX: SPI that we report back can have another value */ 5667 } else { 5668 /* We can create new SA only if SPI is different. */ 5669 sav = key_getsavbyspi(spi); 5670 } 5671 if (sav != NULL) { 5672 SPI_ALLOC_UNLOCK(); 5673 key_freesav(&sav); 5674 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5675 return key_senderror(so, m, EEXIST); 5676 } 5677 5678 sav = key_newsav(mhp, &saidx, spi, &error); 5679 SPI_ALLOC_UNLOCK(); 5680 if (sav == NULL) 5681 return key_senderror(so, m, error); 5682 KEYDBG(KEY_STAMP, 5683 printf("%s: return SA(%p)\n", __func__, sav)); 5684 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5685 /* 5686 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5687 * ACQ for deletion. 5688 */ 5689 if (sav->seq != 0) 5690 key_acqdone(&saidx, sav->seq); 5691 5692 { 5693 /* 5694 * Don't call key_freesav() on error here, as we would like to 5695 * keep the SA in the database. 5696 */ 5697 struct mbuf *n; 5698 5699 /* set msg buf from mhp */ 5700 n = key_getmsgbuf_x1(m, mhp); 5701 if (n == NULL) { 5702 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5703 return key_senderror(so, m, ENOBUFS); 5704 } 5705 5706 m_freem(m); 5707 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5708 } 5709 } 5710 5711 /* 5712 * NAT-T support. 5713 * IKEd may request the use ESP in UDP encapsulation when it detects the 5714 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5715 * parameters needed for encapsulation and decapsulation. These PF_KEY 5716 * extension headers are not standardized, so this comment addresses our 5717 * implementation. 5718 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5719 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5720 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5721 * UDP header. We use these ports in UDP encapsulation procedure, also we 5722 * can check them in UDP decapsulation procedure. 5723 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5724 * responder. These addresses can be used for transport mode to adjust 5725 * checksum after decapsulation and decryption. Since original IP addresses 5726 * used by peer usually different (we detected presence of NAT), TCP/UDP 5727 * pseudo header checksum and IP header checksum was calculated using original 5728 * addresses. After decapsulation and decryption we need to adjust checksum 5729 * to have correct datagram. 5730 * 5731 * We expect presence of NAT-T extension headers only in SADB_ADD and 5732 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5733 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5734 */ 5735 static int 5736 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5737 { 5738 struct sadb_x_nat_t_port *port; 5739 struct sadb_x_nat_t_type *type; 5740 struct sadb_address *oai, *oar; 5741 struct sockaddr *sa; 5742 uint32_t addr; 5743 uint16_t cksum; 5744 5745 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5746 /* 5747 * Ignore NAT-T headers if sproto isn't ESP. 5748 */ 5749 if (sav->sah->saidx.proto != IPPROTO_ESP) 5750 return (0); 5751 5752 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5753 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5754 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5755 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5756 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5757 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5758 ipseclog((LOG_DEBUG, 5759 "%s: invalid message: wrong header size.\n", 5760 __func__)); 5761 return (EINVAL); 5762 } 5763 } else 5764 return (0); 5765 5766 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5767 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5768 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5769 __func__, type->sadb_x_nat_t_type_type)); 5770 return (EINVAL); 5771 } 5772 /* 5773 * Allocate storage for NAT-T config. 5774 * On error it will be released by key_cleansav(). 5775 */ 5776 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5777 M_NOWAIT | M_ZERO); 5778 if (sav->natt == NULL) { 5779 PFKEYSTAT_INC(in_nomem); 5780 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5781 return (ENOBUFS); 5782 } 5783 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5784 if (port->sadb_x_nat_t_port_port == 0) { 5785 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5786 __func__)); 5787 return (EINVAL); 5788 } 5789 sav->natt->sport = port->sadb_x_nat_t_port_port; 5790 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5791 if (port->sadb_x_nat_t_port_port == 0) { 5792 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5793 __func__)); 5794 return (EINVAL); 5795 } 5796 sav->natt->dport = port->sadb_x_nat_t_port_port; 5797 5798 /* 5799 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5800 * and needed only for transport mode IPsec. 5801 * Usually NAT translates only one address, but it is possible, 5802 * that both addresses could be translated. 5803 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5804 */ 5805 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5806 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5807 ipseclog((LOG_DEBUG, 5808 "%s: invalid message: wrong header size.\n", 5809 __func__)); 5810 return (EINVAL); 5811 } 5812 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5813 } else 5814 oai = NULL; 5815 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5816 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5817 ipseclog((LOG_DEBUG, 5818 "%s: invalid message: wrong header size.\n", 5819 __func__)); 5820 return (EINVAL); 5821 } 5822 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5823 } else 5824 oar = NULL; 5825 5826 /* Initialize addresses only for transport mode */ 5827 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5828 cksum = 0; 5829 if (oai != NULL) { 5830 /* Currently we support only AF_INET */ 5831 sa = (struct sockaddr *)(oai + 1); 5832 if (sa->sa_family != AF_INET || 5833 sa->sa_len != sizeof(struct sockaddr_in)) { 5834 ipseclog((LOG_DEBUG, 5835 "%s: wrong NAT-OAi header.\n", 5836 __func__)); 5837 return (EINVAL); 5838 } 5839 /* Ignore address if it the same */ 5840 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5841 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5842 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5843 sav->natt->flags |= IPSEC_NATT_F_OAI; 5844 /* Calculate checksum delta */ 5845 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5846 cksum = in_addword(cksum, ~addr >> 16); 5847 cksum = in_addword(cksum, ~addr & 0xffff); 5848 addr = sav->natt->oai.sin.sin_addr.s_addr; 5849 cksum = in_addword(cksum, addr >> 16); 5850 cksum = in_addword(cksum, addr & 0xffff); 5851 } 5852 } 5853 if (oar != NULL) { 5854 /* Currently we support only AF_INET */ 5855 sa = (struct sockaddr *)(oar + 1); 5856 if (sa->sa_family != AF_INET || 5857 sa->sa_len != sizeof(struct sockaddr_in)) { 5858 ipseclog((LOG_DEBUG, 5859 "%s: wrong NAT-OAr header.\n", 5860 __func__)); 5861 return (EINVAL); 5862 } 5863 /* Ignore address if it the same */ 5864 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5865 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5866 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5867 sav->natt->flags |= IPSEC_NATT_F_OAR; 5868 /* Calculate checksum delta */ 5869 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5870 cksum = in_addword(cksum, ~addr >> 16); 5871 cksum = in_addword(cksum, ~addr & 0xffff); 5872 addr = sav->natt->oar.sin.sin_addr.s_addr; 5873 cksum = in_addword(cksum, addr >> 16); 5874 cksum = in_addword(cksum, addr & 0xffff); 5875 } 5876 } 5877 sav->natt->cksum = cksum; 5878 } 5879 return (0); 5880 } 5881 5882 static int 5883 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5884 { 5885 const struct sadb_ident *idsrc, *iddst; 5886 5887 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5888 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5889 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5890 5891 /* don't make buffer if not there */ 5892 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5893 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5894 sah->idents = NULL; 5895 sah->identd = NULL; 5896 return (0); 5897 } 5898 5899 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5900 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5901 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5902 return (EINVAL); 5903 } 5904 5905 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5906 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5907 5908 /* validity check */ 5909 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5910 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5911 return EINVAL; 5912 } 5913 5914 switch (idsrc->sadb_ident_type) { 5915 case SADB_IDENTTYPE_PREFIX: 5916 case SADB_IDENTTYPE_FQDN: 5917 case SADB_IDENTTYPE_USERFQDN: 5918 default: 5919 /* XXX do nothing */ 5920 sah->idents = NULL; 5921 sah->identd = NULL; 5922 return 0; 5923 } 5924 5925 /* make structure */ 5926 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5927 if (sah->idents == NULL) { 5928 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5929 return ENOBUFS; 5930 } 5931 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5932 if (sah->identd == NULL) { 5933 free(sah->idents, M_IPSEC_MISC); 5934 sah->idents = NULL; 5935 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5936 return ENOBUFS; 5937 } 5938 sah->idents->type = idsrc->sadb_ident_type; 5939 sah->idents->id = idsrc->sadb_ident_id; 5940 5941 sah->identd->type = iddst->sadb_ident_type; 5942 sah->identd->id = iddst->sadb_ident_id; 5943 5944 return 0; 5945 } 5946 5947 /* 5948 * m will not be freed on return. 5949 * it is caller's responsibility to free the result. 5950 * 5951 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5952 * from the request in defined order. 5953 */ 5954 static struct mbuf * 5955 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5956 { 5957 struct mbuf *n; 5958 5959 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5960 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5961 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5962 5963 /* create new sadb_msg to reply. */ 5964 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5965 SADB_EXT_SA, SADB_X_EXT_SA2, 5966 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5967 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5968 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5969 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5970 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5971 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5972 SADB_X_EXT_NEW_ADDRESS_DST); 5973 if (!n) 5974 return NULL; 5975 5976 if (n->m_len < sizeof(struct sadb_msg)) { 5977 n = m_pullup(n, sizeof(struct sadb_msg)); 5978 if (n == NULL) 5979 return NULL; 5980 } 5981 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5982 mtod(n, struct sadb_msg *)->sadb_msg_len = 5983 PFKEY_UNIT64(n->m_pkthdr.len); 5984 5985 return n; 5986 } 5987 5988 /* 5989 * SADB_DELETE processing 5990 * receive 5991 * <base, SA(*), address(SD)> 5992 * from the ikmpd, and set SADB_SASTATE_DEAD, 5993 * and send, 5994 * <base, SA(*), address(SD)> 5995 * to the ikmpd. 5996 * 5997 * m will always be freed. 5998 */ 5999 static int 6000 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6001 { 6002 struct secasindex saidx; 6003 struct sadb_address *src0, *dst0; 6004 struct secasvar *sav; 6005 struct sadb_sa *sa0; 6006 uint8_t proto; 6007 6008 IPSEC_ASSERT(so != NULL, ("null socket")); 6009 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6010 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6011 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6012 6013 /* map satype to proto */ 6014 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6015 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6016 __func__)); 6017 return key_senderror(so, m, EINVAL); 6018 } 6019 6020 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6021 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6022 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6023 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6024 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6025 __func__)); 6026 return key_senderror(so, m, EINVAL); 6027 } 6028 6029 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6030 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6031 6032 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6033 (struct sockaddr *)(dst0 + 1)) != 0) { 6034 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6035 return (key_senderror(so, m, EINVAL)); 6036 } 6037 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6038 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6039 /* 6040 * Caller wants us to delete all non-LARVAL SAs 6041 * that match the src/dst. This is used during 6042 * IKE INITIAL-CONTACT. 6043 * XXXAE: this looks like some extension to RFC2367. 6044 */ 6045 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6046 return (key_delete_all(so, m, mhp, &saidx)); 6047 } 6048 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6049 ipseclog((LOG_DEBUG, 6050 "%s: invalid message: wrong header size.\n", __func__)); 6051 return (key_senderror(so, m, EINVAL)); 6052 } 6053 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6054 SPI_ALLOC_LOCK(); 6055 if (proto == IPPROTO_TCP) 6056 sav = key_getsav_tcpmd5(&saidx, NULL); 6057 else 6058 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6059 SPI_ALLOC_UNLOCK(); 6060 if (sav == NULL) { 6061 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6062 __func__, ntohl(sa0->sadb_sa_spi))); 6063 return (key_senderror(so, m, ESRCH)); 6064 } 6065 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6066 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6067 __func__, ntohl(sav->spi))); 6068 key_freesav(&sav); 6069 return (key_senderror(so, m, ESRCH)); 6070 } 6071 KEYDBG(KEY_STAMP, 6072 printf("%s: SA(%p)\n", __func__, sav)); 6073 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6074 key_unlinksav(sav); 6075 key_freesav(&sav); 6076 6077 { 6078 struct mbuf *n; 6079 struct sadb_msg *newmsg; 6080 6081 /* create new sadb_msg to reply. */ 6082 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6083 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6084 if (!n) 6085 return key_senderror(so, m, ENOBUFS); 6086 6087 if (n->m_len < sizeof(struct sadb_msg)) { 6088 n = m_pullup(n, sizeof(struct sadb_msg)); 6089 if (n == NULL) 6090 return key_senderror(so, m, ENOBUFS); 6091 } 6092 newmsg = mtod(n, struct sadb_msg *); 6093 newmsg->sadb_msg_errno = 0; 6094 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6095 6096 m_freem(m); 6097 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6098 } 6099 } 6100 6101 /* 6102 * delete all SAs for src/dst. Called from key_delete(). 6103 */ 6104 static int 6105 key_delete_all(struct socket *so, struct mbuf *m, 6106 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6107 { 6108 struct secasvar_queue drainq; 6109 struct secashead *sah; 6110 struct secasvar *sav, *nextsav; 6111 6112 TAILQ_INIT(&drainq); 6113 SAHTREE_WLOCK(); 6114 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6115 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6116 continue; 6117 /* Move all ALIVE SAs into drainq */ 6118 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6119 } 6120 /* Unlink all queued SAs from SPI hash */ 6121 TAILQ_FOREACH(sav, &drainq, chain) { 6122 sav->state = SADB_SASTATE_DEAD; 6123 LIST_REMOVE(sav, spihash); 6124 } 6125 SAHTREE_WUNLOCK(); 6126 /* Now we can release reference for all SAs in drainq */ 6127 sav = TAILQ_FIRST(&drainq); 6128 while (sav != NULL) { 6129 KEYDBG(KEY_STAMP, 6130 printf("%s: SA(%p)\n", __func__, sav)); 6131 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6132 nextsav = TAILQ_NEXT(sav, chain); 6133 key_freesah(&sav->sah); /* release reference from SAV */ 6134 key_freesav(&sav); /* release last reference */ 6135 sav = nextsav; 6136 } 6137 6138 { 6139 struct mbuf *n; 6140 struct sadb_msg *newmsg; 6141 6142 /* create new sadb_msg to reply. */ 6143 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6144 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6145 if (!n) 6146 return key_senderror(so, m, ENOBUFS); 6147 6148 if (n->m_len < sizeof(struct sadb_msg)) { 6149 n = m_pullup(n, sizeof(struct sadb_msg)); 6150 if (n == NULL) 6151 return key_senderror(so, m, ENOBUFS); 6152 } 6153 newmsg = mtod(n, struct sadb_msg *); 6154 newmsg->sadb_msg_errno = 0; 6155 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6156 6157 m_freem(m); 6158 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6159 } 6160 } 6161 6162 /* 6163 * Delete all alive SAs for corresponding xform. 6164 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6165 * here when xform disappears. 6166 */ 6167 void 6168 key_delete_xform(const struct xformsw *xsp) 6169 { 6170 struct secasvar_queue drainq; 6171 struct secashead *sah; 6172 struct secasvar *sav, *nextsav; 6173 6174 TAILQ_INIT(&drainq); 6175 SAHTREE_WLOCK(); 6176 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6177 sav = TAILQ_FIRST(&sah->savtree_alive); 6178 if (sav == NULL) 6179 continue; 6180 if (sav->tdb_xform != xsp) 6181 continue; 6182 /* 6183 * It is supposed that all SAs in the chain are related to 6184 * one xform. 6185 */ 6186 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6187 } 6188 /* Unlink all queued SAs from SPI hash */ 6189 TAILQ_FOREACH(sav, &drainq, chain) { 6190 sav->state = SADB_SASTATE_DEAD; 6191 LIST_REMOVE(sav, spihash); 6192 } 6193 SAHTREE_WUNLOCK(); 6194 6195 /* Now we can release reference for all SAs in drainq */ 6196 sav = TAILQ_FIRST(&drainq); 6197 while (sav != NULL) { 6198 KEYDBG(KEY_STAMP, 6199 printf("%s: SA(%p)\n", __func__, sav)); 6200 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6201 nextsav = TAILQ_NEXT(sav, chain); 6202 key_freesah(&sav->sah); /* release reference from SAV */ 6203 key_freesav(&sav); /* release last reference */ 6204 sav = nextsav; 6205 } 6206 } 6207 6208 /* 6209 * SADB_GET processing 6210 * receive 6211 * <base, SA(*), address(SD)> 6212 * from the ikmpd, and get a SP and a SA to respond, 6213 * and send, 6214 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6215 * (identity(SD),) (sensitivity)> 6216 * to the ikmpd. 6217 * 6218 * m will always be freed. 6219 */ 6220 static int 6221 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6222 { 6223 struct secasindex saidx; 6224 struct sadb_address *src0, *dst0; 6225 struct sadb_sa *sa0; 6226 struct secasvar *sav; 6227 uint8_t proto; 6228 6229 IPSEC_ASSERT(so != NULL, ("null socket")); 6230 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6231 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6232 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6233 6234 /* map satype to proto */ 6235 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6236 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6237 __func__)); 6238 return key_senderror(so, m, EINVAL); 6239 } 6240 6241 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6242 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6243 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6244 ipseclog((LOG_DEBUG, 6245 "%s: invalid message: missing required header.\n", 6246 __func__)); 6247 return key_senderror(so, m, EINVAL); 6248 } 6249 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6250 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6251 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6252 ipseclog((LOG_DEBUG, 6253 "%s: invalid message: wrong header size.\n", __func__)); 6254 return key_senderror(so, m, EINVAL); 6255 } 6256 6257 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6258 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6259 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6260 6261 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6262 (struct sockaddr *)(dst0 + 1)) != 0) { 6263 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6264 return key_senderror(so, m, EINVAL); 6265 } 6266 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6267 6268 SPI_ALLOC_LOCK(); 6269 if (proto == IPPROTO_TCP) 6270 sav = key_getsav_tcpmd5(&saidx, NULL); 6271 else 6272 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6273 SPI_ALLOC_UNLOCK(); 6274 if (sav == NULL) { 6275 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6276 return key_senderror(so, m, ESRCH); 6277 } 6278 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6279 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6280 __func__, ntohl(sa0->sadb_sa_spi))); 6281 key_freesav(&sav); 6282 return (key_senderror(so, m, ESRCH)); 6283 } 6284 6285 { 6286 struct mbuf *n; 6287 uint8_t satype; 6288 6289 /* map proto to satype */ 6290 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6291 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6292 __func__)); 6293 key_freesav(&sav); 6294 return key_senderror(so, m, EINVAL); 6295 } 6296 6297 /* create new sadb_msg to reply. */ 6298 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6299 mhp->msg->sadb_msg_pid); 6300 6301 key_freesav(&sav); 6302 if (!n) 6303 return key_senderror(so, m, ENOBUFS); 6304 6305 m_freem(m); 6306 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6307 } 6308 } 6309 6310 /* XXX make it sysctl-configurable? */ 6311 static void 6312 key_getcomb_setlifetime(struct sadb_comb *comb) 6313 { 6314 6315 comb->sadb_comb_soft_allocations = 1; 6316 comb->sadb_comb_hard_allocations = 1; 6317 comb->sadb_comb_soft_bytes = 0; 6318 comb->sadb_comb_hard_bytes = 0; 6319 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6320 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6321 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6322 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6323 } 6324 6325 /* 6326 * XXX reorder combinations by preference 6327 * XXX no idea if the user wants ESP authentication or not 6328 */ 6329 static struct mbuf * 6330 key_getcomb_ealg(void) 6331 { 6332 struct sadb_comb *comb; 6333 const struct enc_xform *algo; 6334 struct mbuf *result = NULL, *m, *n; 6335 int encmin; 6336 int i, off, o; 6337 int totlen; 6338 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6339 6340 m = NULL; 6341 for (i = 1; i <= SADB_EALG_MAX; i++) { 6342 algo = enc_algorithm_lookup(i); 6343 if (algo == NULL) 6344 continue; 6345 6346 /* discard algorithms with key size smaller than system min */ 6347 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6348 continue; 6349 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6350 encmin = V_ipsec_esp_keymin; 6351 else 6352 encmin = _BITS(algo->minkey); 6353 6354 if (V_ipsec_esp_auth) 6355 m = key_getcomb_ah(); 6356 else { 6357 IPSEC_ASSERT(l <= MLEN, 6358 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6359 MGET(m, M_NOWAIT, MT_DATA); 6360 if (m) { 6361 M_ALIGN(m, l); 6362 m->m_len = l; 6363 m->m_next = NULL; 6364 bzero(mtod(m, caddr_t), m->m_len); 6365 } 6366 } 6367 if (!m) 6368 goto fail; 6369 6370 totlen = 0; 6371 for (n = m; n; n = n->m_next) 6372 totlen += n->m_len; 6373 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6374 6375 for (off = 0; off < totlen; off += l) { 6376 n = m_pulldown(m, off, l, &o); 6377 if (!n) { 6378 /* m is already freed */ 6379 goto fail; 6380 } 6381 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6382 bzero(comb, sizeof(*comb)); 6383 key_getcomb_setlifetime(comb); 6384 comb->sadb_comb_encrypt = i; 6385 comb->sadb_comb_encrypt_minbits = encmin; 6386 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6387 } 6388 6389 if (!result) 6390 result = m; 6391 else 6392 m_cat(result, m); 6393 } 6394 6395 return result; 6396 6397 fail: 6398 if (result) 6399 m_freem(result); 6400 return NULL; 6401 } 6402 6403 static void 6404 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6405 u_int16_t* max) 6406 { 6407 6408 *min = *max = ah->hashsize; 6409 if (ah->keysize == 0) { 6410 /* 6411 * Transform takes arbitrary key size but algorithm 6412 * key size is restricted. Enforce this here. 6413 */ 6414 switch (alg) { 6415 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6416 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6417 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6418 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6419 default: 6420 DPRINTF(("%s: unknown AH algorithm %u\n", 6421 __func__, alg)); 6422 break; 6423 } 6424 } 6425 } 6426 6427 /* 6428 * XXX reorder combinations by preference 6429 */ 6430 static struct mbuf * 6431 key_getcomb_ah(void) 6432 { 6433 const struct auth_hash *algo; 6434 struct sadb_comb *comb; 6435 struct mbuf *m; 6436 u_int16_t minkeysize, maxkeysize; 6437 int i; 6438 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6439 6440 m = NULL; 6441 for (i = 1; i <= SADB_AALG_MAX; i++) { 6442 #if 1 6443 /* we prefer HMAC algorithms, not old algorithms */ 6444 if (i != SADB_AALG_SHA1HMAC && 6445 i != SADB_X_AALG_SHA2_256 && 6446 i != SADB_X_AALG_SHA2_384 && 6447 i != SADB_X_AALG_SHA2_512) 6448 continue; 6449 #endif 6450 algo = auth_algorithm_lookup(i); 6451 if (!algo) 6452 continue; 6453 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6454 /* discard algorithms with key size smaller than system min */ 6455 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6456 continue; 6457 6458 if (!m) { 6459 IPSEC_ASSERT(l <= MLEN, 6460 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6461 MGET(m, M_NOWAIT, MT_DATA); 6462 if (m) { 6463 M_ALIGN(m, l); 6464 m->m_len = l; 6465 m->m_next = NULL; 6466 } 6467 } else 6468 M_PREPEND(m, l, M_NOWAIT); 6469 if (!m) 6470 return NULL; 6471 6472 comb = mtod(m, struct sadb_comb *); 6473 bzero(comb, sizeof(*comb)); 6474 key_getcomb_setlifetime(comb); 6475 comb->sadb_comb_auth = i; 6476 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6477 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6478 } 6479 6480 return m; 6481 } 6482 6483 /* 6484 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6485 * XXX reorder combinations by preference 6486 */ 6487 static struct mbuf * 6488 key_getcomb_ipcomp(void) 6489 { 6490 const struct comp_algo *algo; 6491 struct sadb_comb *comb; 6492 struct mbuf *m; 6493 int i; 6494 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6495 6496 m = NULL; 6497 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6498 algo = comp_algorithm_lookup(i); 6499 if (!algo) 6500 continue; 6501 6502 if (!m) { 6503 IPSEC_ASSERT(l <= MLEN, 6504 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6505 MGET(m, M_NOWAIT, MT_DATA); 6506 if (m) { 6507 M_ALIGN(m, l); 6508 m->m_len = l; 6509 m->m_next = NULL; 6510 } 6511 } else 6512 M_PREPEND(m, l, M_NOWAIT); 6513 if (!m) 6514 return NULL; 6515 6516 comb = mtod(m, struct sadb_comb *); 6517 bzero(comb, sizeof(*comb)); 6518 key_getcomb_setlifetime(comb); 6519 comb->sadb_comb_encrypt = i; 6520 /* what should we set into sadb_comb_*_{min,max}bits? */ 6521 } 6522 6523 return m; 6524 } 6525 6526 /* 6527 * XXX no way to pass mode (transport/tunnel) to userland 6528 * XXX replay checking? 6529 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6530 */ 6531 static struct mbuf * 6532 key_getprop(const struct secasindex *saidx) 6533 { 6534 struct sadb_prop *prop; 6535 struct mbuf *m, *n; 6536 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6537 int totlen; 6538 6539 switch (saidx->proto) { 6540 case IPPROTO_ESP: 6541 m = key_getcomb_ealg(); 6542 break; 6543 case IPPROTO_AH: 6544 m = key_getcomb_ah(); 6545 break; 6546 case IPPROTO_IPCOMP: 6547 m = key_getcomb_ipcomp(); 6548 break; 6549 default: 6550 return NULL; 6551 } 6552 6553 if (!m) 6554 return NULL; 6555 M_PREPEND(m, l, M_NOWAIT); 6556 if (!m) 6557 return NULL; 6558 6559 totlen = 0; 6560 for (n = m; n; n = n->m_next) 6561 totlen += n->m_len; 6562 6563 prop = mtod(m, struct sadb_prop *); 6564 bzero(prop, sizeof(*prop)); 6565 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6566 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6567 prop->sadb_prop_replay = 32; /* XXX */ 6568 6569 return m; 6570 } 6571 6572 /* 6573 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6574 * send 6575 * <base, SA, address(SD), (address(P)), x_policy, 6576 * (identity(SD),) (sensitivity,) proposal> 6577 * to KMD, and expect to receive 6578 * <base> with SADB_ACQUIRE if error occurred, 6579 * or 6580 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6581 * from KMD by PF_KEY. 6582 * 6583 * XXX x_policy is outside of RFC2367 (KAME extension). 6584 * XXX sensitivity is not supported. 6585 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6586 * see comment for key_getcomb_ipcomp(). 6587 * 6588 * OUT: 6589 * 0 : succeed 6590 * others: error number 6591 */ 6592 static int 6593 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6594 { 6595 union sockaddr_union addr; 6596 struct mbuf *result, *m; 6597 uint32_t seq; 6598 int error; 6599 uint16_t ul_proto; 6600 uint8_t mask, satype; 6601 6602 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6603 satype = key_proto2satype(saidx->proto); 6604 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6605 6606 error = -1; 6607 result = NULL; 6608 ul_proto = IPSEC_ULPROTO_ANY; 6609 6610 /* Get seq number to check whether sending message or not. */ 6611 seq = key_getacq(saidx, &error); 6612 if (seq == 0) 6613 return (error); 6614 6615 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6616 if (!m) { 6617 error = ENOBUFS; 6618 goto fail; 6619 } 6620 result = m; 6621 6622 /* 6623 * set sadb_address for saidx's. 6624 * 6625 * Note that if sp is supplied, then we're being called from 6626 * key_allocsa_policy() and should supply port and protocol 6627 * information. 6628 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6629 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6630 * XXXAE: it looks like we should save this info in the ACQ entry. 6631 */ 6632 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6633 sp->spidx.ul_proto == IPPROTO_UDP)) 6634 ul_proto = sp->spidx.ul_proto; 6635 6636 addr = saidx->src; 6637 mask = FULLMASK; 6638 if (ul_proto != IPSEC_ULPROTO_ANY) { 6639 switch (sp->spidx.src.sa.sa_family) { 6640 case AF_INET: 6641 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6642 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6643 mask = sp->spidx.prefs; 6644 } 6645 break; 6646 case AF_INET6: 6647 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6648 addr.sin6.sin6_port = 6649 sp->spidx.src.sin6.sin6_port; 6650 mask = sp->spidx.prefs; 6651 } 6652 break; 6653 default: 6654 break; 6655 } 6656 } 6657 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6658 if (!m) { 6659 error = ENOBUFS; 6660 goto fail; 6661 } 6662 m_cat(result, m); 6663 6664 addr = saidx->dst; 6665 mask = FULLMASK; 6666 if (ul_proto != IPSEC_ULPROTO_ANY) { 6667 switch (sp->spidx.dst.sa.sa_family) { 6668 case AF_INET: 6669 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6670 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6671 mask = sp->spidx.prefd; 6672 } 6673 break; 6674 case AF_INET6: 6675 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6676 addr.sin6.sin6_port = 6677 sp->spidx.dst.sin6.sin6_port; 6678 mask = sp->spidx.prefd; 6679 } 6680 break; 6681 default: 6682 break; 6683 } 6684 } 6685 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6686 if (!m) { 6687 error = ENOBUFS; 6688 goto fail; 6689 } 6690 m_cat(result, m); 6691 6692 /* XXX proxy address (optional) */ 6693 6694 /* 6695 * Set sadb_x_policy. This is KAME extension to RFC2367. 6696 */ 6697 if (sp != NULL) { 6698 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6699 sp->priority); 6700 if (!m) { 6701 error = ENOBUFS; 6702 goto fail; 6703 } 6704 m_cat(result, m); 6705 } 6706 6707 /* 6708 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6709 * This is FreeBSD extension to RFC2367. 6710 */ 6711 if (saidx->reqid != 0) { 6712 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6713 if (m == NULL) { 6714 error = ENOBUFS; 6715 goto fail; 6716 } 6717 m_cat(result, m); 6718 } 6719 /* XXX identity (optional) */ 6720 #if 0 6721 if (idexttype && fqdn) { 6722 /* create identity extension (FQDN) */ 6723 struct sadb_ident *id; 6724 int fqdnlen; 6725 6726 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6727 id = (struct sadb_ident *)p; 6728 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6729 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6730 id->sadb_ident_exttype = idexttype; 6731 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6732 bcopy(fqdn, id + 1, fqdnlen); 6733 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6734 } 6735 6736 if (idexttype) { 6737 /* create identity extension (USERFQDN) */ 6738 struct sadb_ident *id; 6739 int userfqdnlen; 6740 6741 if (userfqdn) { 6742 /* +1 for terminating-NUL */ 6743 userfqdnlen = strlen(userfqdn) + 1; 6744 } else 6745 userfqdnlen = 0; 6746 id = (struct sadb_ident *)p; 6747 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6748 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6749 id->sadb_ident_exttype = idexttype; 6750 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6751 /* XXX is it correct? */ 6752 if (curproc && curproc->p_cred) 6753 id->sadb_ident_id = curproc->p_cred->p_ruid; 6754 if (userfqdn && userfqdnlen) 6755 bcopy(userfqdn, id + 1, userfqdnlen); 6756 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6757 } 6758 #endif 6759 6760 /* XXX sensitivity (optional) */ 6761 6762 /* create proposal/combination extension */ 6763 m = key_getprop(saidx); 6764 #if 0 6765 /* 6766 * spec conformant: always attach proposal/combination extension, 6767 * the problem is that we have no way to attach it for ipcomp, 6768 * due to the way sadb_comb is declared in RFC2367. 6769 */ 6770 if (!m) { 6771 error = ENOBUFS; 6772 goto fail; 6773 } 6774 m_cat(result, m); 6775 #else 6776 /* 6777 * outside of spec; make proposal/combination extension optional. 6778 */ 6779 if (m) 6780 m_cat(result, m); 6781 #endif 6782 6783 if ((result->m_flags & M_PKTHDR) == 0) { 6784 error = EINVAL; 6785 goto fail; 6786 } 6787 6788 if (result->m_len < sizeof(struct sadb_msg)) { 6789 result = m_pullup(result, sizeof(struct sadb_msg)); 6790 if (result == NULL) { 6791 error = ENOBUFS; 6792 goto fail; 6793 } 6794 } 6795 6796 result->m_pkthdr.len = 0; 6797 for (m = result; m; m = m->m_next) 6798 result->m_pkthdr.len += m->m_len; 6799 6800 mtod(result, struct sadb_msg *)->sadb_msg_len = 6801 PFKEY_UNIT64(result->m_pkthdr.len); 6802 6803 KEYDBG(KEY_STAMP, 6804 printf("%s: SP(%p)\n", __func__, sp)); 6805 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6806 6807 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6808 6809 fail: 6810 if (result) 6811 m_freem(result); 6812 return error; 6813 } 6814 6815 static uint32_t 6816 key_newacq(const struct secasindex *saidx, int *perror) 6817 { 6818 struct secacq *acq; 6819 uint32_t seq; 6820 6821 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6822 if (acq == NULL) { 6823 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6824 *perror = ENOBUFS; 6825 return (0); 6826 } 6827 6828 /* copy secindex */ 6829 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6830 acq->created = time_second; 6831 acq->count = 0; 6832 6833 /* add to acqtree */ 6834 ACQ_LOCK(); 6835 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6836 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6837 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6838 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6839 ACQ_UNLOCK(); 6840 *perror = 0; 6841 return (seq); 6842 } 6843 6844 static uint32_t 6845 key_getacq(const struct secasindex *saidx, int *perror) 6846 { 6847 struct secacq *acq; 6848 uint32_t seq; 6849 6850 ACQ_LOCK(); 6851 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6852 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6853 if (acq->count > V_key_blockacq_count) { 6854 /* 6855 * Reset counter and send message. 6856 * Also reset created time to keep ACQ for 6857 * this saidx. 6858 */ 6859 acq->created = time_second; 6860 acq->count = 0; 6861 seq = acq->seq; 6862 } else { 6863 /* 6864 * Increment counter and do nothing. 6865 * We send SADB_ACQUIRE message only 6866 * for each V_key_blockacq_count packet. 6867 */ 6868 acq->count++; 6869 seq = 0; 6870 } 6871 break; 6872 } 6873 } 6874 ACQ_UNLOCK(); 6875 if (acq != NULL) { 6876 *perror = 0; 6877 return (seq); 6878 } 6879 /* allocate new entry */ 6880 return (key_newacq(saidx, perror)); 6881 } 6882 6883 static int 6884 key_acqreset(uint32_t seq) 6885 { 6886 struct secacq *acq; 6887 6888 ACQ_LOCK(); 6889 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6890 if (acq->seq == seq) { 6891 acq->count = 0; 6892 acq->created = time_second; 6893 break; 6894 } 6895 } 6896 ACQ_UNLOCK(); 6897 if (acq == NULL) 6898 return (ESRCH); 6899 return (0); 6900 } 6901 /* 6902 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6903 * Called after successful SADB_GETSPI message. 6904 */ 6905 static int 6906 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6907 { 6908 struct secacq *acq; 6909 6910 ACQ_LOCK(); 6911 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6912 if (acq->seq == seq) 6913 break; 6914 } 6915 if (acq != NULL) { 6916 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6917 ipseclog((LOG_DEBUG, 6918 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6919 acq = NULL; 6920 } else { 6921 acq->created = 0; 6922 } 6923 } else { 6924 ipseclog((LOG_DEBUG, 6925 "%s: ACQ %u is not found.\n", __func__, seq)); 6926 } 6927 ACQ_UNLOCK(); 6928 if (acq == NULL) 6929 return (ESRCH); 6930 return (0); 6931 } 6932 6933 static struct secspacq * 6934 key_newspacq(struct secpolicyindex *spidx) 6935 { 6936 struct secspacq *acq; 6937 6938 /* get new entry */ 6939 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6940 if (acq == NULL) { 6941 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6942 return NULL; 6943 } 6944 6945 /* copy secindex */ 6946 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6947 acq->created = time_second; 6948 acq->count = 0; 6949 6950 /* add to spacqtree */ 6951 SPACQ_LOCK(); 6952 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6953 SPACQ_UNLOCK(); 6954 6955 return acq; 6956 } 6957 6958 static struct secspacq * 6959 key_getspacq(struct secpolicyindex *spidx) 6960 { 6961 struct secspacq *acq; 6962 6963 SPACQ_LOCK(); 6964 LIST_FOREACH(acq, &V_spacqtree, chain) { 6965 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6966 /* NB: return holding spacq_lock */ 6967 return acq; 6968 } 6969 } 6970 SPACQ_UNLOCK(); 6971 6972 return NULL; 6973 } 6974 6975 /* 6976 * SADB_ACQUIRE processing, 6977 * in first situation, is receiving 6978 * <base> 6979 * from the ikmpd, and clear sequence of its secasvar entry. 6980 * 6981 * In second situation, is receiving 6982 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6983 * from a user land process, and return 6984 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6985 * to the socket. 6986 * 6987 * m will always be freed. 6988 */ 6989 static int 6990 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6991 { 6992 SAHTREE_RLOCK_TRACKER; 6993 struct sadb_address *src0, *dst0; 6994 struct secasindex saidx; 6995 struct secashead *sah; 6996 uint32_t reqid; 6997 int error; 6998 uint8_t mode, proto; 6999 7000 IPSEC_ASSERT(so != NULL, ("null socket")); 7001 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7002 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7003 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7004 7005 /* 7006 * Error message from KMd. 7007 * We assume that if error was occurred in IKEd, the length of PFKEY 7008 * message is equal to the size of sadb_msg structure. 7009 * We do not raise error even if error occurred in this function. 7010 */ 7011 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7012 /* check sequence number */ 7013 if (mhp->msg->sadb_msg_seq == 0 || 7014 mhp->msg->sadb_msg_errno == 0) { 7015 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7016 "number and errno.\n", __func__)); 7017 } else { 7018 /* 7019 * IKEd reported that error occurred. 7020 * XXXAE: what it expects from the kernel? 7021 * Probably we should send SADB_ACQUIRE again? 7022 * If so, reset ACQ's state. 7023 * XXXAE: it looks useless. 7024 */ 7025 key_acqreset(mhp->msg->sadb_msg_seq); 7026 } 7027 m_freem(m); 7028 return (0); 7029 } 7030 7031 /* 7032 * This message is from user land. 7033 */ 7034 7035 /* map satype to proto */ 7036 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7037 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7038 __func__)); 7039 return key_senderror(so, m, EINVAL); 7040 } 7041 7042 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7043 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7044 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7045 ipseclog((LOG_DEBUG, 7046 "%s: invalid message: missing required header.\n", 7047 __func__)); 7048 return key_senderror(so, m, EINVAL); 7049 } 7050 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7051 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7052 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7053 ipseclog((LOG_DEBUG, 7054 "%s: invalid message: wrong header size.\n", __func__)); 7055 return key_senderror(so, m, EINVAL); 7056 } 7057 7058 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7059 mode = IPSEC_MODE_ANY; 7060 reqid = 0; 7061 } else { 7062 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7063 ipseclog((LOG_DEBUG, 7064 "%s: invalid message: wrong header size.\n", 7065 __func__)); 7066 return key_senderror(so, m, EINVAL); 7067 } 7068 mode = ((struct sadb_x_sa2 *) 7069 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7070 reqid = ((struct sadb_x_sa2 *) 7071 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7072 } 7073 7074 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7075 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7076 7077 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7078 (struct sockaddr *)(dst0 + 1)); 7079 if (error != 0) { 7080 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7081 return key_senderror(so, m, EINVAL); 7082 } 7083 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7084 7085 /* get a SA index */ 7086 SAHTREE_RLOCK(); 7087 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7088 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7089 break; 7090 } 7091 SAHTREE_RUNLOCK(); 7092 if (sah != NULL) { 7093 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7094 return key_senderror(so, m, EEXIST); 7095 } 7096 7097 error = key_acquire(&saidx, NULL); 7098 if (error != 0) { 7099 ipseclog((LOG_DEBUG, 7100 "%s: error %d returned from key_acquire()\n", 7101 __func__, error)); 7102 return key_senderror(so, m, error); 7103 } 7104 m_freem(m); 7105 return (0); 7106 } 7107 7108 /* 7109 * SADB_REGISTER processing. 7110 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7111 * receive 7112 * <base> 7113 * from the ikmpd, and register a socket to send PF_KEY messages, 7114 * and send 7115 * <base, supported> 7116 * to KMD by PF_KEY. 7117 * If socket is detached, must free from regnode. 7118 * 7119 * m will always be freed. 7120 */ 7121 static int 7122 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7123 { 7124 struct secreg *reg, *newreg = NULL; 7125 7126 IPSEC_ASSERT(so != NULL, ("null socket")); 7127 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7128 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7129 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7130 7131 /* check for invalid register message */ 7132 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7133 return key_senderror(so, m, EINVAL); 7134 7135 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7136 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7137 goto setmsg; 7138 7139 /* check whether existing or not */ 7140 REGTREE_LOCK(); 7141 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7142 if (reg->so == so) { 7143 REGTREE_UNLOCK(); 7144 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7145 __func__)); 7146 return key_senderror(so, m, EEXIST); 7147 } 7148 } 7149 7150 /* create regnode */ 7151 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7152 if (newreg == NULL) { 7153 REGTREE_UNLOCK(); 7154 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7155 return key_senderror(so, m, ENOBUFS); 7156 } 7157 7158 newreg->so = so; 7159 ((struct keycb *)(so->so_pcb))->kp_registered++; 7160 7161 /* add regnode to regtree. */ 7162 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7163 REGTREE_UNLOCK(); 7164 7165 setmsg: 7166 { 7167 struct mbuf *n; 7168 struct sadb_msg *newmsg; 7169 struct sadb_supported *sup; 7170 u_int len, alen, elen; 7171 int off; 7172 int i; 7173 struct sadb_alg *alg; 7174 7175 /* create new sadb_msg to reply. */ 7176 alen = 0; 7177 for (i = 1; i <= SADB_AALG_MAX; i++) { 7178 if (auth_algorithm_lookup(i)) 7179 alen += sizeof(struct sadb_alg); 7180 } 7181 if (alen) 7182 alen += sizeof(struct sadb_supported); 7183 elen = 0; 7184 for (i = 1; i <= SADB_EALG_MAX; i++) { 7185 if (enc_algorithm_lookup(i)) 7186 elen += sizeof(struct sadb_alg); 7187 } 7188 if (elen) 7189 elen += sizeof(struct sadb_supported); 7190 7191 len = sizeof(struct sadb_msg) + alen + elen; 7192 7193 if (len > MCLBYTES) 7194 return key_senderror(so, m, ENOBUFS); 7195 7196 MGETHDR(n, M_NOWAIT, MT_DATA); 7197 if (n != NULL && len > MHLEN) { 7198 if (!(MCLGET(n, M_NOWAIT))) { 7199 m_freem(n); 7200 n = NULL; 7201 } 7202 } 7203 if (!n) 7204 return key_senderror(so, m, ENOBUFS); 7205 7206 n->m_pkthdr.len = n->m_len = len; 7207 n->m_next = NULL; 7208 off = 0; 7209 7210 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7211 newmsg = mtod(n, struct sadb_msg *); 7212 newmsg->sadb_msg_errno = 0; 7213 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7214 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7215 7216 /* for authentication algorithm */ 7217 if (alen) { 7218 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7219 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7220 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7221 off += PFKEY_ALIGN8(sizeof(*sup)); 7222 7223 for (i = 1; i <= SADB_AALG_MAX; i++) { 7224 const struct auth_hash *aalgo; 7225 u_int16_t minkeysize, maxkeysize; 7226 7227 aalgo = auth_algorithm_lookup(i); 7228 if (!aalgo) 7229 continue; 7230 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7231 alg->sadb_alg_id = i; 7232 alg->sadb_alg_ivlen = 0; 7233 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7234 alg->sadb_alg_minbits = _BITS(minkeysize); 7235 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7236 off += PFKEY_ALIGN8(sizeof(*alg)); 7237 } 7238 } 7239 7240 /* for encryption algorithm */ 7241 if (elen) { 7242 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7243 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7244 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7245 off += PFKEY_ALIGN8(sizeof(*sup)); 7246 7247 for (i = 1; i <= SADB_EALG_MAX; i++) { 7248 const struct enc_xform *ealgo; 7249 7250 ealgo = enc_algorithm_lookup(i); 7251 if (!ealgo) 7252 continue; 7253 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7254 alg->sadb_alg_id = i; 7255 alg->sadb_alg_ivlen = ealgo->ivsize; 7256 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7257 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7258 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7259 } 7260 } 7261 7262 IPSEC_ASSERT(off == len, 7263 ("length assumption failed (off %u len %u)", off, len)); 7264 7265 m_freem(m); 7266 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7267 } 7268 } 7269 7270 /* 7271 * free secreg entry registered. 7272 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7273 */ 7274 void 7275 key_freereg(struct socket *so) 7276 { 7277 struct secreg *reg; 7278 int i; 7279 7280 IPSEC_ASSERT(so != NULL, ("NULL so")); 7281 7282 /* 7283 * check whether existing or not. 7284 * check all type of SA, because there is a potential that 7285 * one socket is registered to multiple type of SA. 7286 */ 7287 REGTREE_LOCK(); 7288 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7289 LIST_FOREACH(reg, &V_regtree[i], chain) { 7290 if (reg->so == so && __LIST_CHAINED(reg)) { 7291 LIST_REMOVE(reg, chain); 7292 free(reg, M_IPSEC_SAR); 7293 break; 7294 } 7295 } 7296 } 7297 REGTREE_UNLOCK(); 7298 } 7299 7300 /* 7301 * SADB_EXPIRE processing 7302 * send 7303 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7304 * to KMD by PF_KEY. 7305 * NOTE: We send only soft lifetime extension. 7306 * 7307 * OUT: 0 : succeed 7308 * others : error number 7309 */ 7310 static int 7311 key_expire(struct secasvar *sav, int hard) 7312 { 7313 struct mbuf *result = NULL, *m; 7314 struct sadb_lifetime *lt; 7315 uint32_t replay_count; 7316 int error, len; 7317 uint8_t satype; 7318 7319 SECASVAR_RLOCK_TRACKER; 7320 7321 IPSEC_ASSERT (sav != NULL, ("null sav")); 7322 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7323 7324 KEYDBG(KEY_STAMP, 7325 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7326 sav, hard ? "hard": "soft")); 7327 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7328 /* set msg header */ 7329 satype = key_proto2satype(sav->sah->saidx.proto); 7330 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7331 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7332 if (!m) { 7333 error = ENOBUFS; 7334 goto fail; 7335 } 7336 result = m; 7337 7338 /* create SA extension */ 7339 m = key_setsadbsa(sav); 7340 if (!m) { 7341 error = ENOBUFS; 7342 goto fail; 7343 } 7344 m_cat(result, m); 7345 7346 /* create SA extension */ 7347 SECASVAR_RLOCK(sav); 7348 replay_count = sav->replay ? sav->replay->count : 0; 7349 SECASVAR_RUNLOCK(sav); 7350 7351 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7352 sav->sah->saidx.reqid); 7353 if (!m) { 7354 error = ENOBUFS; 7355 goto fail; 7356 } 7357 m_cat(result, m); 7358 7359 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7360 m = key_setsadbxsareplay(sav->replay->wsize); 7361 if (!m) { 7362 error = ENOBUFS; 7363 goto fail; 7364 } 7365 m_cat(result, m); 7366 } 7367 7368 /* create lifetime extension (current and soft) */ 7369 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7370 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7371 if (m == NULL) { 7372 error = ENOBUFS; 7373 goto fail; 7374 } 7375 m_align(m, len); 7376 m->m_len = len; 7377 bzero(mtod(m, caddr_t), len); 7378 lt = mtod(m, struct sadb_lifetime *); 7379 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7380 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7381 lt->sadb_lifetime_allocations = 7382 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7383 lt->sadb_lifetime_bytes = 7384 counter_u64_fetch(sav->lft_c_bytes); 7385 lt->sadb_lifetime_addtime = sav->created; 7386 lt->sadb_lifetime_usetime = sav->firstused; 7387 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7388 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7389 if (hard) { 7390 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7391 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7392 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7393 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7394 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7395 } else { 7396 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7397 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7398 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7399 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7400 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7401 } 7402 m_cat(result, m); 7403 7404 /* set sadb_address for source */ 7405 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7406 &sav->sah->saidx.src.sa, 7407 FULLMASK, IPSEC_ULPROTO_ANY); 7408 if (!m) { 7409 error = ENOBUFS; 7410 goto fail; 7411 } 7412 m_cat(result, m); 7413 7414 /* set sadb_address for destination */ 7415 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7416 &sav->sah->saidx.dst.sa, 7417 FULLMASK, IPSEC_ULPROTO_ANY); 7418 if (!m) { 7419 error = ENOBUFS; 7420 goto fail; 7421 } 7422 m_cat(result, m); 7423 7424 /* 7425 * XXX-BZ Handle NAT-T extensions here. 7426 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7427 * this information, we report only significant SA fields. 7428 */ 7429 7430 if ((result->m_flags & M_PKTHDR) == 0) { 7431 error = EINVAL; 7432 goto fail; 7433 } 7434 7435 if (result->m_len < sizeof(struct sadb_msg)) { 7436 result = m_pullup(result, sizeof(struct sadb_msg)); 7437 if (result == NULL) { 7438 error = ENOBUFS; 7439 goto fail; 7440 } 7441 } 7442 7443 result->m_pkthdr.len = 0; 7444 for (m = result; m; m = m->m_next) 7445 result->m_pkthdr.len += m->m_len; 7446 7447 mtod(result, struct sadb_msg *)->sadb_msg_len = 7448 PFKEY_UNIT64(result->m_pkthdr.len); 7449 7450 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7451 7452 fail: 7453 if (result) 7454 m_freem(result); 7455 return error; 7456 } 7457 7458 static void 7459 key_freesah_flushed(struct secashead_queue *flushq) 7460 { 7461 struct secashead *sah, *nextsah; 7462 struct secasvar *sav, *nextsav; 7463 7464 sah = TAILQ_FIRST(flushq); 7465 while (sah != NULL) { 7466 sav = TAILQ_FIRST(&sah->savtree_larval); 7467 while (sav != NULL) { 7468 nextsav = TAILQ_NEXT(sav, chain); 7469 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7470 key_freesav(&sav); /* release last reference */ 7471 key_freesah(&sah); /* release reference from SAV */ 7472 sav = nextsav; 7473 } 7474 sav = TAILQ_FIRST(&sah->savtree_alive); 7475 while (sav != NULL) { 7476 nextsav = TAILQ_NEXT(sav, chain); 7477 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7478 key_freesav(&sav); /* release last reference */ 7479 key_freesah(&sah); /* release reference from SAV */ 7480 sav = nextsav; 7481 } 7482 nextsah = TAILQ_NEXT(sah, chain); 7483 key_freesah(&sah); /* release last reference */ 7484 sah = nextsah; 7485 } 7486 } 7487 7488 /* 7489 * SADB_FLUSH processing 7490 * receive 7491 * <base> 7492 * from the ikmpd, and free all entries in secastree. 7493 * and send, 7494 * <base> 7495 * to the ikmpd. 7496 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7497 * 7498 * m will always be freed. 7499 */ 7500 static int 7501 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7502 { 7503 struct secashead_queue flushq; 7504 struct sadb_msg *newmsg; 7505 struct secashead *sah, *nextsah; 7506 struct secasvar *sav; 7507 uint8_t proto; 7508 int i; 7509 7510 IPSEC_ASSERT(so != NULL, ("null socket")); 7511 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7512 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7513 7514 /* map satype to proto */ 7515 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7516 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7517 __func__)); 7518 return key_senderror(so, m, EINVAL); 7519 } 7520 KEYDBG(KEY_STAMP, 7521 printf("%s: proto %u\n", __func__, proto)); 7522 7523 TAILQ_INIT(&flushq); 7524 if (proto == IPSEC_PROTO_ANY) { 7525 /* no SATYPE specified, i.e. flushing all SA. */ 7526 SAHTREE_WLOCK(); 7527 /* Move all SAHs into flushq */ 7528 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7529 /* Flush all buckets in SPI hash */ 7530 for (i = 0; i < V_savhash_mask + 1; i++) 7531 LIST_INIT(&V_savhashtbl[i]); 7532 /* Flush all buckets in SAHADDRHASH */ 7533 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7534 LIST_INIT(&V_sahaddrhashtbl[i]); 7535 /* Mark all SAHs as unlinked */ 7536 TAILQ_FOREACH(sah, &flushq, chain) { 7537 sah->state = SADB_SASTATE_DEAD; 7538 /* 7539 * Callout handler makes its job using 7540 * RLOCK and drain queues. In case, when this 7541 * function will be called just before it 7542 * acquires WLOCK, we need to mark SAs as 7543 * unlinked to prevent second unlink. 7544 */ 7545 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7546 sav->state = SADB_SASTATE_DEAD; 7547 } 7548 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7549 sav->state = SADB_SASTATE_DEAD; 7550 } 7551 } 7552 SAHTREE_WUNLOCK(); 7553 } else { 7554 SAHTREE_WLOCK(); 7555 sah = TAILQ_FIRST(&V_sahtree); 7556 while (sah != NULL) { 7557 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7558 ("DEAD SAH %p in SADB_FLUSH", sah)); 7559 nextsah = TAILQ_NEXT(sah, chain); 7560 if (sah->saidx.proto != proto) { 7561 sah = nextsah; 7562 continue; 7563 } 7564 sah->state = SADB_SASTATE_DEAD; 7565 TAILQ_REMOVE(&V_sahtree, sah, chain); 7566 LIST_REMOVE(sah, addrhash); 7567 /* Unlink all SAs from SPI hash */ 7568 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7569 LIST_REMOVE(sav, spihash); 7570 sav->state = SADB_SASTATE_DEAD; 7571 } 7572 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7573 LIST_REMOVE(sav, spihash); 7574 sav->state = SADB_SASTATE_DEAD; 7575 } 7576 /* Add SAH into flushq */ 7577 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7578 sah = nextsah; 7579 } 7580 SAHTREE_WUNLOCK(); 7581 } 7582 7583 key_freesah_flushed(&flushq); 7584 /* Free all queued SAs and SAHs */ 7585 if (m->m_len < sizeof(struct sadb_msg) || 7586 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7587 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7588 return key_senderror(so, m, ENOBUFS); 7589 } 7590 7591 if (m->m_next) 7592 m_freem(m->m_next); 7593 m->m_next = NULL; 7594 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7595 newmsg = mtod(m, struct sadb_msg *); 7596 newmsg->sadb_msg_errno = 0; 7597 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7598 7599 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7600 } 7601 7602 /* 7603 * SADB_DUMP processing 7604 * dump all entries including status of DEAD in SAD. 7605 * receive 7606 * <base> 7607 * from the ikmpd, and dump all secasvar leaves 7608 * and send, 7609 * <base> ..... 7610 * to the ikmpd. 7611 * 7612 * m will always be freed. 7613 */ 7614 static int 7615 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7616 { 7617 SAHTREE_RLOCK_TRACKER; 7618 struct secashead *sah; 7619 struct secasvar *sav; 7620 struct mbuf *n; 7621 uint32_t cnt; 7622 uint8_t proto, satype; 7623 7624 IPSEC_ASSERT(so != NULL, ("null socket")); 7625 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7626 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7627 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7628 7629 /* map satype to proto */ 7630 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7631 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7632 __func__)); 7633 return key_senderror(so, m, EINVAL); 7634 } 7635 7636 /* count sav entries to be sent to the userland. */ 7637 cnt = 0; 7638 SAHTREE_RLOCK(); 7639 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7640 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7641 proto != sah->saidx.proto) 7642 continue; 7643 7644 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7645 cnt++; 7646 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7647 cnt++; 7648 } 7649 7650 if (cnt == 0) { 7651 SAHTREE_RUNLOCK(); 7652 return key_senderror(so, m, ENOENT); 7653 } 7654 7655 /* send this to the userland, one at a time. */ 7656 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7657 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7658 proto != sah->saidx.proto) 7659 continue; 7660 7661 /* map proto to satype */ 7662 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7663 SAHTREE_RUNLOCK(); 7664 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7665 "SAD.\n", __func__)); 7666 return key_senderror(so, m, EINVAL); 7667 } 7668 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7669 n = key_setdumpsa(sav, SADB_DUMP, satype, 7670 --cnt, mhp->msg->sadb_msg_pid); 7671 if (n == NULL) { 7672 SAHTREE_RUNLOCK(); 7673 return key_senderror(so, m, ENOBUFS); 7674 } 7675 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7676 } 7677 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7678 n = key_setdumpsa(sav, SADB_DUMP, satype, 7679 --cnt, mhp->msg->sadb_msg_pid); 7680 if (n == NULL) { 7681 SAHTREE_RUNLOCK(); 7682 return key_senderror(so, m, ENOBUFS); 7683 } 7684 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7685 } 7686 } 7687 SAHTREE_RUNLOCK(); 7688 m_freem(m); 7689 return (0); 7690 } 7691 /* 7692 * SADB_X_PROMISC processing 7693 * 7694 * m will always be freed. 7695 */ 7696 static int 7697 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7698 { 7699 int olen; 7700 7701 IPSEC_ASSERT(so != NULL, ("null socket")); 7702 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7703 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7704 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7705 7706 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7707 7708 if (olen < sizeof(struct sadb_msg)) { 7709 #if 1 7710 return key_senderror(so, m, EINVAL); 7711 #else 7712 m_freem(m); 7713 return 0; 7714 #endif 7715 } else if (olen == sizeof(struct sadb_msg)) { 7716 /* enable/disable promisc mode */ 7717 struct keycb *kp; 7718 7719 if ((kp = so->so_pcb) == NULL) 7720 return key_senderror(so, m, EINVAL); 7721 mhp->msg->sadb_msg_errno = 0; 7722 switch (mhp->msg->sadb_msg_satype) { 7723 case 0: 7724 case 1: 7725 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7726 break; 7727 default: 7728 return key_senderror(so, m, EINVAL); 7729 } 7730 7731 /* send the original message back to everyone */ 7732 mhp->msg->sadb_msg_errno = 0; 7733 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7734 } else { 7735 /* send packet as is */ 7736 7737 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7738 7739 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7740 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7741 } 7742 } 7743 7744 static int (*key_typesw[])(struct socket *, struct mbuf *, 7745 const struct sadb_msghdr *) = { 7746 NULL, /* SADB_RESERVED */ 7747 key_getspi, /* SADB_GETSPI */ 7748 key_update, /* SADB_UPDATE */ 7749 key_add, /* SADB_ADD */ 7750 key_delete, /* SADB_DELETE */ 7751 key_get, /* SADB_GET */ 7752 key_acquire2, /* SADB_ACQUIRE */ 7753 key_register, /* SADB_REGISTER */ 7754 NULL, /* SADB_EXPIRE */ 7755 key_flush, /* SADB_FLUSH */ 7756 key_dump, /* SADB_DUMP */ 7757 key_promisc, /* SADB_X_PROMISC */ 7758 NULL, /* SADB_X_PCHANGE */ 7759 key_spdadd, /* SADB_X_SPDUPDATE */ 7760 key_spdadd, /* SADB_X_SPDADD */ 7761 key_spddelete, /* SADB_X_SPDDELETE */ 7762 key_spdget, /* SADB_X_SPDGET */ 7763 NULL, /* SADB_X_SPDACQUIRE */ 7764 key_spddump, /* SADB_X_SPDDUMP */ 7765 key_spdflush, /* SADB_X_SPDFLUSH */ 7766 key_spdadd, /* SADB_X_SPDSETIDX */ 7767 NULL, /* SADB_X_SPDEXPIRE */ 7768 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7769 }; 7770 7771 /* 7772 * parse sadb_msg buffer to process PFKEYv2, 7773 * and create a data to response if needed. 7774 * I think to be dealed with mbuf directly. 7775 * IN: 7776 * msgp : pointer to pointer to a received buffer pulluped. 7777 * This is rewrited to response. 7778 * so : pointer to socket. 7779 * OUT: 7780 * length for buffer to send to user process. 7781 */ 7782 int 7783 key_parse(struct mbuf *m, struct socket *so) 7784 { 7785 struct sadb_msg *msg; 7786 struct sadb_msghdr mh; 7787 u_int orglen; 7788 int error; 7789 int target; 7790 7791 IPSEC_ASSERT(so != NULL, ("null socket")); 7792 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7793 7794 if (m->m_len < sizeof(struct sadb_msg)) { 7795 m = m_pullup(m, sizeof(struct sadb_msg)); 7796 if (!m) 7797 return ENOBUFS; 7798 } 7799 msg = mtod(m, struct sadb_msg *); 7800 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7801 target = KEY_SENDUP_ONE; 7802 7803 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7804 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7805 PFKEYSTAT_INC(out_invlen); 7806 error = EINVAL; 7807 goto senderror; 7808 } 7809 7810 if (msg->sadb_msg_version != PF_KEY_V2) { 7811 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7812 __func__, msg->sadb_msg_version)); 7813 PFKEYSTAT_INC(out_invver); 7814 error = EINVAL; 7815 goto senderror; 7816 } 7817 7818 if (msg->sadb_msg_type > SADB_MAX) { 7819 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7820 __func__, msg->sadb_msg_type)); 7821 PFKEYSTAT_INC(out_invmsgtype); 7822 error = EINVAL; 7823 goto senderror; 7824 } 7825 7826 /* for old-fashioned code - should be nuked */ 7827 if (m->m_pkthdr.len > MCLBYTES) { 7828 m_freem(m); 7829 return ENOBUFS; 7830 } 7831 if (m->m_next) { 7832 struct mbuf *n; 7833 7834 MGETHDR(n, M_NOWAIT, MT_DATA); 7835 if (n && m->m_pkthdr.len > MHLEN) { 7836 if (!(MCLGET(n, M_NOWAIT))) { 7837 m_free(n); 7838 n = NULL; 7839 } 7840 } 7841 if (!n) { 7842 m_freem(m); 7843 return ENOBUFS; 7844 } 7845 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7846 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7847 n->m_next = NULL; 7848 m_freem(m); 7849 m = n; 7850 } 7851 7852 /* align the mbuf chain so that extensions are in contiguous region. */ 7853 error = key_align(m, &mh); 7854 if (error) 7855 return error; 7856 7857 msg = mh.msg; 7858 7859 /* We use satype as scope mask for spddump */ 7860 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7861 switch (msg->sadb_msg_satype) { 7862 case IPSEC_POLICYSCOPE_ANY: 7863 case IPSEC_POLICYSCOPE_GLOBAL: 7864 case IPSEC_POLICYSCOPE_IFNET: 7865 case IPSEC_POLICYSCOPE_PCB: 7866 break; 7867 default: 7868 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7869 __func__, msg->sadb_msg_type)); 7870 PFKEYSTAT_INC(out_invsatype); 7871 error = EINVAL; 7872 goto senderror; 7873 } 7874 } else { 7875 switch (msg->sadb_msg_satype) { /* check SA type */ 7876 case SADB_SATYPE_UNSPEC: 7877 switch (msg->sadb_msg_type) { 7878 case SADB_GETSPI: 7879 case SADB_UPDATE: 7880 case SADB_ADD: 7881 case SADB_DELETE: 7882 case SADB_GET: 7883 case SADB_ACQUIRE: 7884 case SADB_EXPIRE: 7885 ipseclog((LOG_DEBUG, "%s: must specify satype " 7886 "when msg type=%u.\n", __func__, 7887 msg->sadb_msg_type)); 7888 PFKEYSTAT_INC(out_invsatype); 7889 error = EINVAL; 7890 goto senderror; 7891 } 7892 break; 7893 case SADB_SATYPE_AH: 7894 case SADB_SATYPE_ESP: 7895 case SADB_X_SATYPE_IPCOMP: 7896 case SADB_X_SATYPE_TCPSIGNATURE: 7897 switch (msg->sadb_msg_type) { 7898 case SADB_X_SPDADD: 7899 case SADB_X_SPDDELETE: 7900 case SADB_X_SPDGET: 7901 case SADB_X_SPDFLUSH: 7902 case SADB_X_SPDSETIDX: 7903 case SADB_X_SPDUPDATE: 7904 case SADB_X_SPDDELETE2: 7905 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7906 __func__, msg->sadb_msg_type)); 7907 PFKEYSTAT_INC(out_invsatype); 7908 error = EINVAL; 7909 goto senderror; 7910 } 7911 break; 7912 case SADB_SATYPE_RSVP: 7913 case SADB_SATYPE_OSPFV2: 7914 case SADB_SATYPE_RIPV2: 7915 case SADB_SATYPE_MIP: 7916 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7917 __func__, msg->sadb_msg_satype)); 7918 PFKEYSTAT_INC(out_invsatype); 7919 error = EOPNOTSUPP; 7920 goto senderror; 7921 case 1: /* XXX: What does it do? */ 7922 if (msg->sadb_msg_type == SADB_X_PROMISC) 7923 break; 7924 /*FALLTHROUGH*/ 7925 default: 7926 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7927 __func__, msg->sadb_msg_satype)); 7928 PFKEYSTAT_INC(out_invsatype); 7929 error = EINVAL; 7930 goto senderror; 7931 } 7932 } 7933 7934 /* check field of upper layer protocol and address family */ 7935 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7936 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7937 struct sadb_address *src0, *dst0; 7938 u_int plen; 7939 7940 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7941 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7942 7943 /* check upper layer protocol */ 7944 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7945 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7946 "mismatched.\n", __func__)); 7947 PFKEYSTAT_INC(out_invaddr); 7948 error = EINVAL; 7949 goto senderror; 7950 } 7951 7952 /* check family */ 7953 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7954 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7955 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7956 __func__)); 7957 PFKEYSTAT_INC(out_invaddr); 7958 error = EINVAL; 7959 goto senderror; 7960 } 7961 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7962 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7963 ipseclog((LOG_DEBUG, "%s: address struct size " 7964 "mismatched.\n", __func__)); 7965 PFKEYSTAT_INC(out_invaddr); 7966 error = EINVAL; 7967 goto senderror; 7968 } 7969 7970 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7971 case AF_INET: 7972 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7973 sizeof(struct sockaddr_in)) { 7974 PFKEYSTAT_INC(out_invaddr); 7975 error = EINVAL; 7976 goto senderror; 7977 } 7978 break; 7979 case AF_INET6: 7980 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7981 sizeof(struct sockaddr_in6)) { 7982 PFKEYSTAT_INC(out_invaddr); 7983 error = EINVAL; 7984 goto senderror; 7985 } 7986 break; 7987 default: 7988 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7989 __func__)); 7990 PFKEYSTAT_INC(out_invaddr); 7991 error = EAFNOSUPPORT; 7992 goto senderror; 7993 } 7994 7995 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7996 case AF_INET: 7997 plen = sizeof(struct in_addr) << 3; 7998 break; 7999 case AF_INET6: 8000 plen = sizeof(struct in6_addr) << 3; 8001 break; 8002 default: 8003 plen = 0; /*fool gcc*/ 8004 break; 8005 } 8006 8007 /* check max prefix length */ 8008 if (src0->sadb_address_prefixlen > plen || 8009 dst0->sadb_address_prefixlen > plen) { 8010 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8011 __func__)); 8012 PFKEYSTAT_INC(out_invaddr); 8013 error = EINVAL; 8014 goto senderror; 8015 } 8016 8017 /* 8018 * prefixlen == 0 is valid because there can be a case when 8019 * all addresses are matched. 8020 */ 8021 } 8022 8023 if (msg->sadb_msg_type >= nitems(key_typesw) || 8024 key_typesw[msg->sadb_msg_type] == NULL) { 8025 PFKEYSTAT_INC(out_invmsgtype); 8026 error = EINVAL; 8027 goto senderror; 8028 } 8029 8030 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8031 8032 senderror: 8033 msg->sadb_msg_errno = error; 8034 return key_sendup_mbuf(so, m, target); 8035 } 8036 8037 static int 8038 key_senderror(struct socket *so, struct mbuf *m, int code) 8039 { 8040 struct sadb_msg *msg; 8041 8042 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8043 ("mbuf too small, len %u", m->m_len)); 8044 8045 msg = mtod(m, struct sadb_msg *); 8046 msg->sadb_msg_errno = code; 8047 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8048 } 8049 8050 /* 8051 * set the pointer to each header into message buffer. 8052 * m will be freed on error. 8053 * XXX larger-than-MCLBYTES extension? 8054 */ 8055 static int 8056 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8057 { 8058 struct mbuf *n; 8059 struct sadb_ext *ext; 8060 size_t off, end; 8061 int extlen; 8062 int toff; 8063 8064 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8065 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8066 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8067 ("mbuf too small, len %u", m->m_len)); 8068 8069 /* initialize */ 8070 bzero(mhp, sizeof(*mhp)); 8071 8072 mhp->msg = mtod(m, struct sadb_msg *); 8073 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8074 8075 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8076 extlen = end; /*just in case extlen is not updated*/ 8077 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8078 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8079 if (!n) { 8080 /* m is already freed */ 8081 return ENOBUFS; 8082 } 8083 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8084 8085 /* set pointer */ 8086 switch (ext->sadb_ext_type) { 8087 case SADB_EXT_SA: 8088 case SADB_EXT_ADDRESS_SRC: 8089 case SADB_EXT_ADDRESS_DST: 8090 case SADB_EXT_ADDRESS_PROXY: 8091 case SADB_EXT_LIFETIME_CURRENT: 8092 case SADB_EXT_LIFETIME_HARD: 8093 case SADB_EXT_LIFETIME_SOFT: 8094 case SADB_EXT_KEY_AUTH: 8095 case SADB_EXT_KEY_ENCRYPT: 8096 case SADB_EXT_IDENTITY_SRC: 8097 case SADB_EXT_IDENTITY_DST: 8098 case SADB_EXT_SENSITIVITY: 8099 case SADB_EXT_PROPOSAL: 8100 case SADB_EXT_SUPPORTED_AUTH: 8101 case SADB_EXT_SUPPORTED_ENCRYPT: 8102 case SADB_EXT_SPIRANGE: 8103 case SADB_X_EXT_POLICY: 8104 case SADB_X_EXT_SA2: 8105 case SADB_X_EXT_NAT_T_TYPE: 8106 case SADB_X_EXT_NAT_T_SPORT: 8107 case SADB_X_EXT_NAT_T_DPORT: 8108 case SADB_X_EXT_NAT_T_OAI: 8109 case SADB_X_EXT_NAT_T_OAR: 8110 case SADB_X_EXT_NAT_T_FRAG: 8111 case SADB_X_EXT_SA_REPLAY: 8112 case SADB_X_EXT_NEW_ADDRESS_SRC: 8113 case SADB_X_EXT_NEW_ADDRESS_DST: 8114 /* duplicate check */ 8115 /* 8116 * XXX Are there duplication payloads of either 8117 * KEY_AUTH or KEY_ENCRYPT ? 8118 */ 8119 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8120 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8121 "%u\n", __func__, ext->sadb_ext_type)); 8122 m_freem(m); 8123 PFKEYSTAT_INC(out_dupext); 8124 return EINVAL; 8125 } 8126 break; 8127 default: 8128 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8129 __func__, ext->sadb_ext_type)); 8130 m_freem(m); 8131 PFKEYSTAT_INC(out_invexttype); 8132 return EINVAL; 8133 } 8134 8135 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8136 8137 if (key_validate_ext(ext, extlen)) { 8138 m_freem(m); 8139 PFKEYSTAT_INC(out_invlen); 8140 return EINVAL; 8141 } 8142 8143 n = m_pulldown(m, off, extlen, &toff); 8144 if (!n) { 8145 /* m is already freed */ 8146 return ENOBUFS; 8147 } 8148 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8149 8150 mhp->ext[ext->sadb_ext_type] = ext; 8151 mhp->extoff[ext->sadb_ext_type] = off; 8152 mhp->extlen[ext->sadb_ext_type] = extlen; 8153 } 8154 8155 if (off != end) { 8156 m_freem(m); 8157 PFKEYSTAT_INC(out_invlen); 8158 return EINVAL; 8159 } 8160 8161 return 0; 8162 } 8163 8164 static int 8165 key_validate_ext(const struct sadb_ext *ext, int len) 8166 { 8167 const struct sockaddr *sa; 8168 enum { NONE, ADDR } checktype = NONE; 8169 int baselen = 0; 8170 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8171 8172 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8173 return EINVAL; 8174 8175 /* if it does not match minimum/maximum length, bail */ 8176 if (ext->sadb_ext_type >= nitems(minsize) || 8177 ext->sadb_ext_type >= nitems(maxsize)) 8178 return EINVAL; 8179 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8180 return EINVAL; 8181 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8182 return EINVAL; 8183 8184 /* more checks based on sadb_ext_type XXX need more */ 8185 switch (ext->sadb_ext_type) { 8186 case SADB_EXT_ADDRESS_SRC: 8187 case SADB_EXT_ADDRESS_DST: 8188 case SADB_EXT_ADDRESS_PROXY: 8189 case SADB_X_EXT_NAT_T_OAI: 8190 case SADB_X_EXT_NAT_T_OAR: 8191 case SADB_X_EXT_NEW_ADDRESS_SRC: 8192 case SADB_X_EXT_NEW_ADDRESS_DST: 8193 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8194 checktype = ADDR; 8195 break; 8196 case SADB_EXT_IDENTITY_SRC: 8197 case SADB_EXT_IDENTITY_DST: 8198 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8199 SADB_X_IDENTTYPE_ADDR) { 8200 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8201 checktype = ADDR; 8202 } else 8203 checktype = NONE; 8204 break; 8205 default: 8206 checktype = NONE; 8207 break; 8208 } 8209 8210 switch (checktype) { 8211 case NONE: 8212 break; 8213 case ADDR: 8214 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8215 if (len < baselen + sal) 8216 return EINVAL; 8217 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8218 return EINVAL; 8219 break; 8220 } 8221 8222 return 0; 8223 } 8224 8225 void 8226 spdcache_init(void) 8227 { 8228 int i; 8229 8230 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8231 &V_key_spdcache_maxentries); 8232 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8233 &V_key_spdcache_threshold); 8234 8235 if (V_key_spdcache_maxentries) { 8236 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8237 SPDCACHE_MAX_ENTRIES_PER_HASH); 8238 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8239 SPDCACHE_MAX_ENTRIES_PER_HASH, 8240 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8241 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8242 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8243 8244 V_spdcache_lock = malloc(sizeof(struct mtx) * 8245 (V_spdcachehash_mask + 1), 8246 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8247 8248 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8249 SPDCACHE_LOCK_INIT(i); 8250 } 8251 } 8252 8253 struct spdcache_entry * 8254 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8255 { 8256 struct spdcache_entry *entry; 8257 8258 entry = malloc(sizeof(struct spdcache_entry), 8259 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8260 if (entry == NULL) 8261 return NULL; 8262 8263 if (sp != NULL) 8264 SP_ADDREF(sp); 8265 8266 entry->spidx = *spidx; 8267 entry->sp = sp; 8268 8269 return (entry); 8270 } 8271 8272 void 8273 spdcache_entry_free(struct spdcache_entry *entry) 8274 { 8275 8276 if (entry->sp != NULL) 8277 key_freesp(&entry->sp); 8278 free(entry, M_IPSEC_SPDCACHE); 8279 } 8280 8281 void 8282 spdcache_clear(void) 8283 { 8284 struct spdcache_entry *entry; 8285 int i; 8286 8287 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8288 SPDCACHE_LOCK(i); 8289 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8290 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8291 LIST_REMOVE(entry, chain); 8292 spdcache_entry_free(entry); 8293 } 8294 SPDCACHE_UNLOCK(i); 8295 } 8296 } 8297 8298 #ifdef VIMAGE 8299 void 8300 spdcache_destroy(void) 8301 { 8302 int i; 8303 8304 if (SPDCACHE_ENABLED()) { 8305 spdcache_clear(); 8306 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8307 8308 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8309 SPDCACHE_LOCK_DESTROY(i); 8310 8311 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8312 } 8313 } 8314 #endif 8315 8316 static void 8317 key_vnet_init(void *arg __unused) 8318 { 8319 int i; 8320 8321 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8322 TAILQ_INIT(&V_sptree[i]); 8323 TAILQ_INIT(&V_sptree_ifnet[i]); 8324 } 8325 8326 TAILQ_INIT(&V_sahtree); 8327 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8328 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8329 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8330 &V_sahaddrhash_mask); 8331 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8332 &V_acqaddrhash_mask); 8333 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8334 &V_acqseqhash_mask); 8335 8336 spdcache_init(); 8337 8338 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8339 LIST_INIT(&V_regtree[i]); 8340 8341 LIST_INIT(&V_acqtree); 8342 LIST_INIT(&V_spacqtree); 8343 } 8344 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8345 key_vnet_init, NULL); 8346 8347 static void 8348 key_init(void *arg __unused) 8349 { 8350 8351 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8352 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8353 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8354 8355 SPTREE_LOCK_INIT(); 8356 REGTREE_LOCK_INIT(); 8357 SAHTREE_LOCK_INIT(); 8358 ACQ_LOCK_INIT(); 8359 SPACQ_LOCK_INIT(); 8360 SPI_ALLOC_LOCK_INIT(); 8361 8362 #ifndef IPSEC_DEBUG2 8363 callout_init(&key_timer, 1); 8364 callout_reset(&key_timer, hz, key_timehandler, NULL); 8365 #endif /*IPSEC_DEBUG2*/ 8366 8367 /* initialize key statistics */ 8368 keystat.getspi_count = 1; 8369 8370 if (bootverbose) 8371 printf("IPsec: Initialized Security Association Processing.\n"); 8372 } 8373 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8374 8375 #ifdef VIMAGE 8376 static void 8377 key_vnet_destroy(void *arg __unused) 8378 { 8379 struct secashead_queue sahdrainq; 8380 struct secpolicy_queue drainq; 8381 struct secpolicy *sp, *nextsp; 8382 struct secacq *acq, *nextacq; 8383 struct secspacq *spacq, *nextspacq; 8384 struct secashead *sah; 8385 struct secasvar *sav; 8386 struct secreg *reg; 8387 int i; 8388 8389 /* 8390 * XXX: can we just call free() for each object without 8391 * walking through safe way with releasing references? 8392 */ 8393 TAILQ_INIT(&drainq); 8394 SPTREE_WLOCK(); 8395 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8396 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8397 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8398 } 8399 for (i = 0; i < V_sphash_mask + 1; i++) 8400 LIST_INIT(&V_sphashtbl[i]); 8401 SPTREE_WUNLOCK(); 8402 spdcache_destroy(); 8403 8404 sp = TAILQ_FIRST(&drainq); 8405 while (sp != NULL) { 8406 nextsp = TAILQ_NEXT(sp, chain); 8407 key_freesp(&sp); 8408 sp = nextsp; 8409 } 8410 8411 TAILQ_INIT(&sahdrainq); 8412 SAHTREE_WLOCK(); 8413 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8414 for (i = 0; i < V_savhash_mask + 1; i++) 8415 LIST_INIT(&V_savhashtbl[i]); 8416 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8417 LIST_INIT(&V_sahaddrhashtbl[i]); 8418 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8419 sah->state = SADB_SASTATE_DEAD; 8420 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8421 sav->state = SADB_SASTATE_DEAD; 8422 } 8423 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8424 sav->state = SADB_SASTATE_DEAD; 8425 } 8426 } 8427 SAHTREE_WUNLOCK(); 8428 8429 key_freesah_flushed(&sahdrainq); 8430 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8431 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8432 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8433 8434 REGTREE_LOCK(); 8435 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8436 LIST_FOREACH(reg, &V_regtree[i], chain) { 8437 if (__LIST_CHAINED(reg)) { 8438 LIST_REMOVE(reg, chain); 8439 free(reg, M_IPSEC_SAR); 8440 break; 8441 } 8442 } 8443 } 8444 REGTREE_UNLOCK(); 8445 8446 ACQ_LOCK(); 8447 acq = LIST_FIRST(&V_acqtree); 8448 while (acq != NULL) { 8449 nextacq = LIST_NEXT(acq, chain); 8450 LIST_REMOVE(acq, chain); 8451 free(acq, M_IPSEC_SAQ); 8452 acq = nextacq; 8453 } 8454 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8455 LIST_INIT(&V_acqaddrhashtbl[i]); 8456 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8457 LIST_INIT(&V_acqseqhashtbl[i]); 8458 ACQ_UNLOCK(); 8459 8460 SPACQ_LOCK(); 8461 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8462 spacq = nextspacq) { 8463 nextspacq = LIST_NEXT(spacq, chain); 8464 if (__LIST_CHAINED(spacq)) { 8465 LIST_REMOVE(spacq, chain); 8466 free(spacq, M_IPSEC_SAQ); 8467 } 8468 } 8469 SPACQ_UNLOCK(); 8470 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8471 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8472 } 8473 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8474 key_vnet_destroy, NULL); 8475 #endif 8476 8477 /* 8478 * XXX: as long as domains are not unloadable, this function is never called, 8479 * provided for consistensy and future unload support. 8480 */ 8481 static void 8482 key_destroy(void *arg __unused) 8483 { 8484 uma_zdestroy(ipsec_key_lft_zone); 8485 8486 #ifndef IPSEC_DEBUG2 8487 callout_drain(&key_timer); 8488 #endif 8489 SPTREE_LOCK_DESTROY(); 8490 REGTREE_LOCK_DESTROY(); 8491 SAHTREE_LOCK_DESTROY(); 8492 ACQ_LOCK_DESTROY(); 8493 SPACQ_LOCK_DESTROY(); 8494 SPI_ALLOC_LOCK_DESTROY(); 8495 } 8496 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8497 8498 /* record data transfer on SA, and update timestamps */ 8499 void 8500 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8501 { 8502 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8503 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8504 8505 /* 8506 * XXX Currently, there is a difference of bytes size 8507 * between inbound and outbound processing. 8508 */ 8509 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8510 8511 /* 8512 * We use the number of packets as the unit of 8513 * allocations. We increment the variable 8514 * whenever {esp,ah}_{in,out}put is called. 8515 */ 8516 counter_u64_add(sav->lft_c_allocations, 1); 8517 8518 /* 8519 * NOTE: We record CURRENT usetime by using wall clock, 8520 * in seconds. HARD and SOFT lifetime are measured by the time 8521 * difference (again in seconds) from usetime. 8522 * 8523 * usetime 8524 * v expire expire 8525 * -----+-----+--------+---> t 8526 * <--------------> HARD 8527 * <-----> SOFT 8528 */ 8529 if (sav->firstused == 0) 8530 sav->firstused = time_second; 8531 } 8532 8533 /* 8534 * Take one of the kernel's security keys and convert it into a PF_KEY 8535 * structure within an mbuf, suitable for sending up to a waiting 8536 * application in user land. 8537 * 8538 * IN: 8539 * src: A pointer to a kernel security key. 8540 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8541 * OUT: 8542 * a valid mbuf or NULL indicating an error 8543 * 8544 */ 8545 8546 static struct mbuf * 8547 key_setkey(struct seckey *src, uint16_t exttype) 8548 { 8549 struct mbuf *m; 8550 struct sadb_key *p; 8551 int len; 8552 8553 if (src == NULL) 8554 return NULL; 8555 8556 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8557 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8558 if (m == NULL) 8559 return NULL; 8560 m_align(m, len); 8561 m->m_len = len; 8562 p = mtod(m, struct sadb_key *); 8563 bzero(p, len); 8564 p->sadb_key_len = PFKEY_UNIT64(len); 8565 p->sadb_key_exttype = exttype; 8566 p->sadb_key_bits = src->bits; 8567 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8568 8569 return m; 8570 } 8571 8572 /* 8573 * Take one of the kernel's lifetime data structures and convert it 8574 * into a PF_KEY structure within an mbuf, suitable for sending up to 8575 * a waiting application in user land. 8576 * 8577 * IN: 8578 * src: A pointer to a kernel lifetime structure. 8579 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8580 * data structures for more information. 8581 * OUT: 8582 * a valid mbuf or NULL indicating an error 8583 * 8584 */ 8585 8586 static struct mbuf * 8587 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8588 { 8589 struct mbuf *m = NULL; 8590 struct sadb_lifetime *p; 8591 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8592 8593 if (src == NULL) 8594 return NULL; 8595 8596 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8597 if (m == NULL) 8598 return m; 8599 m_align(m, len); 8600 m->m_len = len; 8601 p = mtod(m, struct sadb_lifetime *); 8602 8603 bzero(p, len); 8604 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8605 p->sadb_lifetime_exttype = exttype; 8606 p->sadb_lifetime_allocations = src->allocations; 8607 p->sadb_lifetime_bytes = src->bytes; 8608 p->sadb_lifetime_addtime = src->addtime; 8609 p->sadb_lifetime_usetime = src->usetime; 8610 8611 return m; 8612 8613 } 8614 8615 const struct enc_xform * 8616 enc_algorithm_lookup(int alg) 8617 { 8618 int i; 8619 8620 for (i = 0; i < nitems(supported_ealgs); i++) 8621 if (alg == supported_ealgs[i].sadb_alg) 8622 return (supported_ealgs[i].xform); 8623 return (NULL); 8624 } 8625 8626 const struct auth_hash * 8627 auth_algorithm_lookup(int alg) 8628 { 8629 int i; 8630 8631 for (i = 0; i < nitems(supported_aalgs); i++) 8632 if (alg == supported_aalgs[i].sadb_alg) 8633 return (supported_aalgs[i].xform); 8634 return (NULL); 8635 } 8636 8637 const struct comp_algo * 8638 comp_algorithm_lookup(int alg) 8639 { 8640 int i; 8641 8642 for (i = 0; i < nitems(supported_calgs); i++) 8643 if (alg == supported_calgs[i].sadb_alg) 8644 return (supported_calgs[i].xform); 8645 return (NULL); 8646 } 8647