1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 70 #include <netinet/in.h> 71 #include <netinet/in_systm.h> 72 #include <netinet/ip.h> 73 #include <netinet/in_var.h> 74 #include <netinet/udp.h> 75 76 #ifdef INET6 77 #include <netinet/ip6.h> 78 #include <netinet6/in6_var.h> 79 #include <netinet6/ip6_var.h> 80 #endif /* INET6 */ 81 82 #include <net/pfkeyv2.h> 83 #include <netipsec/keydb.h> 84 #include <netipsec/key.h> 85 #include <netipsec/keysock.h> 86 #include <netipsec/key_debug.h> 87 88 #include <netipsec/ipsec.h> 89 #ifdef INET6 90 #include <netipsec/ipsec6.h> 91 #endif 92 93 #include <netipsec/xform.h> 94 #include <machine/in_cksum.h> 95 #include <machine/stdarg.h> 96 97 /* randomness */ 98 #include <sys/random.h> 99 100 #define FULLMASK 0xff 101 #define _BITS(bytes) ((bytes) << 3) 102 103 #define UINT32_80PCT 0xcccccccc 104 /* 105 * Note on SA reference counting: 106 * - SAs that are not in DEAD state will have (total external reference + 1) 107 * following value in reference count field. they cannot be freed and are 108 * referenced from SA header. 109 * - SAs that are in DEAD state will have (total external reference) 110 * in reference count field. they are ready to be freed. reference from 111 * SA header will be removed in key_delsav(), when the reference count 112 * field hits 0 (= no external reference other than from SA header. 113 */ 114 115 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 116 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 117 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 119 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 120 /*interval to initialize randseed,1(m)*/ 121 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 122 /* interval to expire acquiring, 30(s)*/ 123 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 124 /* counter for blocking SADB_ACQUIRE.*/ 125 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 126 /* lifetime for blocking SADB_ACQUIRE.*/ 127 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 128 /* preferred old sa rather than new sa.*/ 129 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 130 #define V_key_spi_trycnt VNET(key_spi_trycnt) 131 #define V_key_spi_minval VNET(key_spi_minval) 132 #define V_key_spi_maxval VNET(key_spi_maxval) 133 #define V_policy_id VNET(policy_id) 134 #define V_key_int_random VNET(key_int_random) 135 #define V_key_larval_lifetime VNET(key_larval_lifetime) 136 #define V_key_blockacq_count VNET(key_blockacq_count) 137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 138 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 139 140 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 141 #define V_acq_seq VNET(acq_seq) 142 143 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 144 #define V_sp_genid VNET(sp_genid) 145 146 /* SPD */ 147 TAILQ_HEAD(secpolicy_queue, secpolicy); 148 LIST_HEAD(secpolicy_list, secpolicy); 149 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 151 static struct rmlock sptree_lock; 152 #define V_sptree VNET(sptree) 153 #define V_sptree_ifnet VNET(sptree_ifnet) 154 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 155 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 156 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 157 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 160 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 161 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 162 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 163 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 164 165 /* Hash table for lookup SP using unique id */ 166 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 167 VNET_DEFINE_STATIC(u_long, sphash_mask); 168 #define V_sphashtbl VNET(sphashtbl) 169 #define V_sphash_mask VNET(sphash_mask) 170 171 #define SPHASH_NHASH_LOG2 7 172 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 173 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 174 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 175 176 /* SPD cache */ 177 struct spdcache_entry { 178 struct secpolicyindex spidx; /* secpolicyindex */ 179 struct secpolicy *sp; /* cached policy to be used */ 180 181 LIST_ENTRY(spdcache_entry) chain; 182 }; 183 LIST_HEAD(spdcache_entry_list, spdcache_entry); 184 185 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 186 187 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 188 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 189 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 190 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 191 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 192 #define V_spd_size VNET(spd_size) 193 194 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 195 #define SPDCACHE_ACTIVE() \ 196 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 197 198 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 199 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 200 #define V_spdcachehashtbl VNET(spdcachehashtbl) 201 #define V_spdcachehash_mask VNET(spdcachehash_mask) 202 203 #define SPDCACHE_HASHVAL(idx) \ 204 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 205 V_spdcachehash_mask) 206 207 /* Each cache line is protected by a mutex */ 208 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 209 #define V_spdcache_lock VNET(spdcache_lock) 210 211 #define SPDCACHE_LOCK_INIT(a) \ 212 mtx_init(&V_spdcache_lock[a], "spdcache", \ 213 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 214 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 215 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 216 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 217 218 static struct sx spi_alloc_lock; 219 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 220 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 221 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 222 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 223 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 224 225 /* SAD */ 226 TAILQ_HEAD(secashead_queue, secashead); 227 LIST_HEAD(secashead_list, secashead); 228 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 229 static struct rmlock sahtree_lock; 230 #define V_sahtree VNET(sahtree) 231 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 232 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 233 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 234 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 235 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 236 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 237 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 238 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 239 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 240 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 241 242 /* Hash table for lookup in SAD using SA addresses */ 243 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 244 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 245 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 246 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 247 248 #define SAHHASH_NHASH_LOG2 7 249 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 250 #define SAHADDRHASH_HASHVAL(idx) \ 251 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 252 V_sahaddrhash_mask) 253 #define SAHADDRHASH_HASH(saidx) \ 254 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 255 256 /* Hash table for lookup in SAD using SPI */ 257 LIST_HEAD(secasvar_list, secasvar); 258 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 259 VNET_DEFINE_STATIC(u_long, savhash_mask); 260 #define V_savhashtbl VNET(savhashtbl) 261 #define V_savhash_mask VNET(savhash_mask) 262 #define SAVHASH_NHASH_LOG2 7 263 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 264 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 265 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 266 267 static uint32_t 268 key_addrprotohash(const union sockaddr_union *src, 269 const union sockaddr_union *dst, const uint8_t *proto) 270 { 271 uint32_t hval; 272 273 hval = fnv_32_buf(proto, sizeof(*proto), 274 FNV1_32_INIT); 275 switch (dst->sa.sa_family) { 276 #ifdef INET 277 case AF_INET: 278 hval = fnv_32_buf(&src->sin.sin_addr, 279 sizeof(in_addr_t), hval); 280 hval = fnv_32_buf(&dst->sin.sin_addr, 281 sizeof(in_addr_t), hval); 282 break; 283 #endif 284 #ifdef INET6 285 case AF_INET6: 286 hval = fnv_32_buf(&src->sin6.sin6_addr, 287 sizeof(struct in6_addr), hval); 288 hval = fnv_32_buf(&dst->sin6.sin6_addr, 289 sizeof(struct in6_addr), hval); 290 break; 291 #endif 292 default: 293 hval = 0; 294 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 295 __func__, dst->sa.sa_family)); 296 } 297 return (hval); 298 } 299 300 static uint32_t 301 key_u32hash(uint32_t val) 302 { 303 304 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 305 } 306 307 /* registed list */ 308 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 309 #define V_regtree VNET(regtree) 310 static struct mtx regtree_lock; 311 #define REGTREE_LOCK_INIT() \ 312 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 313 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 314 #define REGTREE_LOCK() mtx_lock(®tree_lock) 315 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 316 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 317 318 /* Acquiring list */ 319 LIST_HEAD(secacq_list, secacq); 320 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 321 #define V_acqtree VNET(acqtree) 322 static struct mtx acq_lock; 323 #define ACQ_LOCK_INIT() \ 324 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 325 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 326 #define ACQ_LOCK() mtx_lock(&acq_lock) 327 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 328 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 329 330 /* Hash table for lookup in ACQ list using SA addresses */ 331 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 332 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 333 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 334 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 335 336 /* Hash table for lookup in ACQ list using SEQ number */ 337 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 338 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 339 #define V_acqseqhashtbl VNET(acqseqhashtbl) 340 #define V_acqseqhash_mask VNET(acqseqhash_mask) 341 342 #define ACQHASH_NHASH_LOG2 7 343 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 344 #define ACQADDRHASH_HASHVAL(idx) \ 345 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 346 V_acqaddrhash_mask) 347 #define ACQSEQHASH_HASHVAL(seq) \ 348 (key_u32hash(seq) & V_acqseqhash_mask) 349 #define ACQADDRHASH_HASH(saidx) \ 350 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 351 #define ACQSEQHASH_HASH(seq) \ 352 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 353 /* SP acquiring list */ 354 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 355 #define V_spacqtree VNET(spacqtree) 356 static struct mtx spacq_lock; 357 #define SPACQ_LOCK_INIT() \ 358 mtx_init(&spacq_lock, "spacqtree", \ 359 "fast ipsec security policy acquire list", MTX_DEF) 360 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 361 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 362 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 363 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 364 365 static const int minsize[] = { 366 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 367 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 368 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 369 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 370 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 371 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 372 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 373 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 374 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 375 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 376 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 377 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 378 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 379 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 380 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 381 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 382 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 383 0, /* SADB_X_EXT_KMPRIVATE */ 384 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 385 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 386 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 387 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 388 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 389 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 390 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 391 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 392 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 393 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 394 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 395 }; 396 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 397 398 static const int maxsize[] = { 399 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 400 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 401 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 402 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 403 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 404 0, /* SADB_EXT_ADDRESS_SRC */ 405 0, /* SADB_EXT_ADDRESS_DST */ 406 0, /* SADB_EXT_ADDRESS_PROXY */ 407 0, /* SADB_EXT_KEY_AUTH */ 408 0, /* SADB_EXT_KEY_ENCRYPT */ 409 0, /* SADB_EXT_IDENTITY_SRC */ 410 0, /* SADB_EXT_IDENTITY_DST */ 411 0, /* SADB_EXT_SENSITIVITY */ 412 0, /* SADB_EXT_PROPOSAL */ 413 0, /* SADB_EXT_SUPPORTED_AUTH */ 414 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 415 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 416 0, /* SADB_X_EXT_KMPRIVATE */ 417 0, /* SADB_X_EXT_POLICY */ 418 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 419 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 420 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 421 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 422 0, /* SADB_X_EXT_NAT_T_OAI */ 423 0, /* SADB_X_EXT_NAT_T_OAR */ 424 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 425 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 426 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 427 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 428 }; 429 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 430 431 /* 432 * Internal values for SA flags: 433 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 434 * thus we will not free the most of SA content in key_delsav(). 435 */ 436 #define SADB_X_EXT_F_CLONED 0x80000000 437 438 #define SADB_CHECKLEN(_mhp, _ext) \ 439 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 440 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 441 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 442 443 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 444 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 445 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 446 447 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 448 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 449 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 450 451 #ifdef IPSEC_DEBUG 452 VNET_DEFINE(int, ipsec_debug) = 1; 453 #else 454 VNET_DEFINE(int, ipsec_debug) = 0; 455 #endif 456 457 #ifdef INET 458 SYSCTL_DECL(_net_inet_ipsec); 459 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 460 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 461 "Enable IPsec debugging output when set."); 462 #endif 463 #ifdef INET6 464 SYSCTL_DECL(_net_inet6_ipsec6); 465 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 466 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 467 "Enable IPsec debugging output when set."); 468 #endif 469 470 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 471 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 472 473 /* max count of trial for the decision of spi value */ 474 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 475 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 476 477 /* minimum spi value to allocate automatically. */ 478 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 479 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 480 481 /* maximun spi value to allocate automatically. */ 482 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 483 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 484 485 /* interval to initialize randseed */ 486 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 487 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 488 489 /* lifetime for larval SA */ 490 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 491 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 492 493 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 494 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 495 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 496 497 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 498 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 499 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 500 501 /* ESP auth */ 502 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 503 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 504 505 /* minimum ESP key length */ 506 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 507 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 508 509 /* minimum AH key length */ 510 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 511 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 512 513 /* perfered old SA rather than new SA */ 514 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 515 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 516 517 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 518 "SPD cache"); 519 520 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 521 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 522 "Maximum number of entries in the SPD cache" 523 " (power of 2, 0 to disable)"); 524 525 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 526 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 527 "Number of SPs that make the SPD cache active"); 528 529 #define __LIST_CHAINED(elm) \ 530 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 531 532 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 533 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 534 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 535 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 536 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 537 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 538 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 539 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 540 541 static uma_zone_t __read_mostly ipsec_key_lft_zone; 542 543 /* 544 * set parameters into secpolicyindex buffer. 545 * Must allocate secpolicyindex buffer passed to this function. 546 */ 547 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 548 do { \ 549 bzero((idx), sizeof(struct secpolicyindex)); \ 550 (idx)->dir = (_dir); \ 551 (idx)->prefs = (ps); \ 552 (idx)->prefd = (pd); \ 553 (idx)->ul_proto = (ulp); \ 554 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 555 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 556 } while (0) 557 558 /* 559 * set parameters into secasindex buffer. 560 * Must allocate secasindex buffer before calling this function. 561 */ 562 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 563 do { \ 564 bzero((idx), sizeof(struct secasindex)); \ 565 (idx)->proto = (p); \ 566 (idx)->mode = (m); \ 567 (idx)->reqid = (r); \ 568 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 569 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 570 key_porttosaddr(&(idx)->src.sa, 0); \ 571 key_porttosaddr(&(idx)->dst.sa, 0); \ 572 } while (0) 573 574 /* key statistics */ 575 struct _keystat { 576 u_long getspi_count; /* the avarage of count to try to get new SPI */ 577 } keystat; 578 579 struct sadb_msghdr { 580 struct sadb_msg *msg; 581 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 582 int extoff[SADB_EXT_MAX + 1]; 583 int extlen[SADB_EXT_MAX + 1]; 584 }; 585 586 static struct supported_ealgs { 587 int sadb_alg; 588 const struct enc_xform *xform; 589 } supported_ealgs[] = { 590 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 591 { SADB_EALG_NULL, &enc_xform_null }, 592 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 593 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 594 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 595 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 }, 596 }; 597 598 static struct supported_aalgs { 599 int sadb_alg; 600 const struct auth_hash *xform; 601 } supported_aalgs[] = { 602 { SADB_X_AALG_NULL, &auth_hash_null }, 603 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 604 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 605 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 606 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 607 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 608 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 609 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 610 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 }, 611 }; 612 613 static struct supported_calgs { 614 int sadb_alg; 615 const struct comp_algo *xform; 616 } supported_calgs[] = { 617 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 618 }; 619 620 #ifndef IPSEC_DEBUG2 621 static struct callout key_timer; 622 #endif 623 624 static void key_unlink(struct secpolicy *); 625 static void key_detach(struct secpolicy *); 626 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 627 static struct secpolicy *key_getsp(struct secpolicyindex *); 628 static struct secpolicy *key_getspbyid(u_int32_t); 629 static struct mbuf *key_gather_mbuf(struct mbuf *, 630 const struct sadb_msghdr *, int, int, ...); 631 static int key_spdadd(struct socket *, struct mbuf *, 632 const struct sadb_msghdr *); 633 static uint32_t key_getnewspid(void); 634 static int key_spddelete(struct socket *, struct mbuf *, 635 const struct sadb_msghdr *); 636 static int key_spddelete2(struct socket *, struct mbuf *, 637 const struct sadb_msghdr *); 638 static int key_spdget(struct socket *, struct mbuf *, 639 const struct sadb_msghdr *); 640 static int key_spdflush(struct socket *, struct mbuf *, 641 const struct sadb_msghdr *); 642 static int key_spddump(struct socket *, struct mbuf *, 643 const struct sadb_msghdr *); 644 static struct mbuf *key_setdumpsp(struct secpolicy *, 645 u_int8_t, u_int32_t, u_int32_t); 646 static struct mbuf *key_sp2mbuf(struct secpolicy *); 647 static size_t key_getspreqmsglen(struct secpolicy *); 648 static int key_spdexpire(struct secpolicy *); 649 static struct secashead *key_newsah(struct secasindex *); 650 static void key_freesah(struct secashead **); 651 static void key_delsah(struct secashead *); 652 static struct secasvar *key_newsav(const struct sadb_msghdr *, 653 struct secasindex *, uint32_t, int *); 654 static void key_delsav(struct secasvar *); 655 static void key_unlinksav(struct secasvar *); 656 static struct secashead *key_getsah(struct secasindex *); 657 static int key_checkspidup(uint32_t); 658 static struct secasvar *key_getsavbyspi(uint32_t); 659 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 660 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 661 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updateaddresses(struct socket *, struct mbuf *, 663 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 664 665 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 666 u_int8_t, u_int32_t, u_int32_t); 667 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 668 u_int32_t, pid_t, u_int16_t); 669 static struct mbuf *key_setsadbsa(struct secasvar *); 670 static struct mbuf *key_setsadbaddr(u_int16_t, 671 const struct sockaddr *, u_int8_t, u_int16_t); 672 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 673 static struct mbuf *key_setsadbxtype(u_int16_t); 674 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 675 static struct mbuf *key_setsadbxsareplay(u_int32_t); 676 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 677 u_int32_t, u_int32_t); 678 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 679 struct malloc_type *); 680 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 681 struct malloc_type *); 682 683 /* flags for key_cmpsaidx() */ 684 #define CMP_HEAD 1 /* protocol, addresses. */ 685 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 686 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 687 #define CMP_EXACTLY 4 /* all elements. */ 688 static int key_cmpsaidx(const struct secasindex *, 689 const struct secasindex *, int); 690 static int key_cmpspidx_exactly(struct secpolicyindex *, 691 struct secpolicyindex *); 692 static int key_cmpspidx_withmask(struct secpolicyindex *, 693 struct secpolicyindex *); 694 static int key_bbcmp(const void *, const void *, u_int); 695 static uint8_t key_satype2proto(uint8_t); 696 static uint8_t key_proto2satype(uint8_t); 697 698 static int key_getspi(struct socket *, struct mbuf *, 699 const struct sadb_msghdr *); 700 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 701 static int key_update(struct socket *, struct mbuf *, 702 const struct sadb_msghdr *); 703 static int key_add(struct socket *, struct mbuf *, 704 const struct sadb_msghdr *); 705 static int key_setident(struct secashead *, const struct sadb_msghdr *); 706 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 707 const struct sadb_msghdr *); 708 static int key_delete(struct socket *, struct mbuf *, 709 const struct sadb_msghdr *); 710 static int key_delete_all(struct socket *, struct mbuf *, 711 const struct sadb_msghdr *, struct secasindex *); 712 static int key_get(struct socket *, struct mbuf *, 713 const struct sadb_msghdr *); 714 715 static void key_getcomb_setlifetime(struct sadb_comb *); 716 static struct mbuf *key_getcomb_ealg(void); 717 static struct mbuf *key_getcomb_ah(void); 718 static struct mbuf *key_getcomb_ipcomp(void); 719 static struct mbuf *key_getprop(const struct secasindex *); 720 721 static int key_acquire(const struct secasindex *, struct secpolicy *); 722 static uint32_t key_newacq(const struct secasindex *, int *); 723 static uint32_t key_getacq(const struct secasindex *, int *); 724 static int key_acqdone(const struct secasindex *, uint32_t); 725 static int key_acqreset(uint32_t); 726 static struct secspacq *key_newspacq(struct secpolicyindex *); 727 static struct secspacq *key_getspacq(struct secpolicyindex *); 728 static int key_acquire2(struct socket *, struct mbuf *, 729 const struct sadb_msghdr *); 730 static int key_register(struct socket *, struct mbuf *, 731 const struct sadb_msghdr *); 732 static int key_expire(struct secasvar *, int); 733 static int key_flush(struct socket *, struct mbuf *, 734 const struct sadb_msghdr *); 735 static int key_dump(struct socket *, struct mbuf *, 736 const struct sadb_msghdr *); 737 static int key_promisc(struct socket *, struct mbuf *, 738 const struct sadb_msghdr *); 739 static int key_senderror(struct socket *, struct mbuf *, int); 740 static int key_validate_ext(const struct sadb_ext *, int); 741 static int key_align(struct mbuf *, struct sadb_msghdr *); 742 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 743 static struct mbuf *key_setkey(struct seckey *, uint16_t); 744 745 static void spdcache_init(void); 746 static void spdcache_clear(void); 747 static struct spdcache_entry *spdcache_entry_alloc( 748 const struct secpolicyindex *spidx, 749 struct secpolicy *policy); 750 static void spdcache_entry_free(struct spdcache_entry *entry); 751 #ifdef VIMAGE 752 static void spdcache_destroy(void); 753 #endif 754 755 #define DBG_IPSEC_INITREF(t, p) do { \ 756 refcount_init(&(p)->refcnt, 1); \ 757 KEYDBG(KEY_STAMP, \ 758 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 759 __func__, #t, (p), (p)->refcnt)); \ 760 } while (0) 761 #define DBG_IPSEC_ADDREF(t, p) do { \ 762 refcount_acquire(&(p)->refcnt); \ 763 KEYDBG(KEY_STAMP, \ 764 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 765 __func__, #t, (p), (p)->refcnt)); \ 766 } while (0) 767 #define DBG_IPSEC_DELREF(t, p) do { \ 768 KEYDBG(KEY_STAMP, \ 769 printf("%s: Release refcnt %s(%p) -> %u\n", \ 770 __func__, #t, (p), (p)->refcnt - 1)); \ 771 refcount_release(&(p)->refcnt); \ 772 } while (0) 773 774 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 775 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 776 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 777 778 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 779 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 780 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 781 782 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 783 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 784 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 785 786 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 787 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 788 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 789 790 /* 791 * Update the refcnt while holding the SPTREE lock. 792 */ 793 void 794 key_addref(struct secpolicy *sp) 795 { 796 797 SP_ADDREF(sp); 798 } 799 800 /* 801 * Return 0 when there are known to be no SP's for the specified 802 * direction. Otherwise return 1. This is used by IPsec code 803 * to optimize performance. 804 */ 805 int 806 key_havesp(u_int dir) 807 { 808 809 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 810 ("invalid direction %u", dir)); 811 return (TAILQ_FIRST(&V_sptree[dir]) != NULL); 812 } 813 814 int 815 key_havesp_any(void) 816 { 817 818 return (V_spd_size != 0); 819 } 820 821 /* %%% IPsec policy management */ 822 /* 823 * Return current SPDB generation. 824 */ 825 uint32_t 826 key_getspgen(void) 827 { 828 829 return (V_sp_genid); 830 } 831 832 void 833 key_bumpspgen(void) 834 { 835 836 V_sp_genid++; 837 } 838 839 static int 840 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 841 { 842 843 /* family match */ 844 if (src->sa_family != dst->sa_family) 845 return (EINVAL); 846 /* sa_len match */ 847 if (src->sa_len != dst->sa_len) 848 return (EINVAL); 849 switch (src->sa_family) { 850 #ifdef INET 851 case AF_INET: 852 if (src->sa_len != sizeof(struct sockaddr_in)) 853 return (EINVAL); 854 break; 855 #endif 856 #ifdef INET6 857 case AF_INET6: 858 if (src->sa_len != sizeof(struct sockaddr_in6)) 859 return (EINVAL); 860 break; 861 #endif 862 default: 863 return (EAFNOSUPPORT); 864 } 865 return (0); 866 } 867 868 struct secpolicy * 869 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 870 { 871 SPTREE_RLOCK_TRACKER; 872 struct secpolicy *sp; 873 874 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 875 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 876 ("invalid direction %u", dir)); 877 878 SPTREE_RLOCK(); 879 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 880 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 881 SP_ADDREF(sp); 882 break; 883 } 884 } 885 SPTREE_RUNLOCK(); 886 return (sp); 887 } 888 889 /* 890 * allocating a SP for OUTBOUND or INBOUND packet. 891 * Must call key_freesp() later. 892 * OUT: NULL: not found 893 * others: found and return the pointer. 894 */ 895 struct secpolicy * 896 key_allocsp(struct secpolicyindex *spidx, u_int dir) 897 { 898 struct spdcache_entry *entry, *lastentry, *tmpentry; 899 struct secpolicy *sp; 900 uint32_t hashv; 901 int nb_entries; 902 903 if (!SPDCACHE_ACTIVE()) { 904 sp = key_do_allocsp(spidx, dir); 905 goto out; 906 } 907 908 hashv = SPDCACHE_HASHVAL(spidx); 909 SPDCACHE_LOCK(hashv); 910 nb_entries = 0; 911 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 912 /* Removed outdated entries */ 913 if (entry->sp != NULL && 914 entry->sp->state == IPSEC_SPSTATE_DEAD) { 915 LIST_REMOVE(entry, chain); 916 spdcache_entry_free(entry); 917 continue; 918 } 919 920 nb_entries++; 921 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 922 lastentry = entry; 923 continue; 924 } 925 926 sp = entry->sp; 927 if (entry->sp != NULL) 928 SP_ADDREF(sp); 929 930 /* IPSECSTAT_INC(ips_spdcache_hits); */ 931 932 SPDCACHE_UNLOCK(hashv); 933 goto out; 934 } 935 936 /* IPSECSTAT_INC(ips_spdcache_misses); */ 937 938 sp = key_do_allocsp(spidx, dir); 939 entry = spdcache_entry_alloc(spidx, sp); 940 if (entry != NULL) { 941 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 942 LIST_REMOVE(lastentry, chain); 943 spdcache_entry_free(lastentry); 944 } 945 946 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 947 } 948 949 SPDCACHE_UNLOCK(hashv); 950 951 out: 952 if (sp != NULL) { /* found a SPD entry */ 953 sp->lastused = time_second; 954 KEYDBG(IPSEC_STAMP, 955 printf("%s: return SP(%p)\n", __func__, sp)); 956 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 957 } else { 958 KEYDBG(IPSEC_DATA, 959 printf("%s: lookup failed for ", __func__); 960 kdebug_secpolicyindex(spidx, NULL)); 961 } 962 return (sp); 963 } 964 965 /* 966 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 967 * or should be signed by MD5 signature. 968 * We don't use key_allocsa() for such lookups, because we don't know SPI. 969 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 970 * signed packet. We use SADB only as storage for password. 971 * OUT: positive: corresponding SA for given saidx found. 972 * NULL: SA not found 973 */ 974 struct secasvar * 975 key_allocsa_tcpmd5(struct secasindex *saidx) 976 { 977 SAHTREE_RLOCK_TRACKER; 978 struct secashead *sah; 979 struct secasvar *sav; 980 981 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 982 ("unexpected security protocol %u", saidx->proto)); 983 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 984 ("unexpected mode %u", saidx->mode)); 985 986 SAHTREE_RLOCK(); 987 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 988 KEYDBG(IPSEC_DUMP, 989 printf("%s: checking SAH\n", __func__); 990 kdebug_secash(sah, " ")); 991 if (sah->saidx.proto != IPPROTO_TCP) 992 continue; 993 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 994 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 995 break; 996 } 997 if (sah != NULL) { 998 if (V_key_preferred_oldsa) 999 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1000 else 1001 sav = TAILQ_FIRST(&sah->savtree_alive); 1002 if (sav != NULL) 1003 SAV_ADDREF(sav); 1004 } else 1005 sav = NULL; 1006 SAHTREE_RUNLOCK(); 1007 1008 if (sav != NULL) { 1009 KEYDBG(IPSEC_STAMP, 1010 printf("%s: return SA(%p)\n", __func__, sav)); 1011 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1012 } else { 1013 KEYDBG(IPSEC_STAMP, 1014 printf("%s: SA not found\n", __func__)); 1015 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1016 } 1017 return (sav); 1018 } 1019 1020 /* 1021 * Allocating an SA entry for an *OUTBOUND* packet. 1022 * OUT: positive: corresponding SA for given saidx found. 1023 * NULL: SA not found, but will be acquired, check *error 1024 * for acquiring status. 1025 */ 1026 struct secasvar * 1027 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1028 int *error) 1029 { 1030 SAHTREE_RLOCK_TRACKER; 1031 struct secashead *sah; 1032 struct secasvar *sav; 1033 1034 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1035 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1036 saidx->mode == IPSEC_MODE_TUNNEL, 1037 ("unexpected policy %u", saidx->mode)); 1038 1039 /* 1040 * We check new SA in the IPsec request because a different 1041 * SA may be involved each time this request is checked, either 1042 * because new SAs are being configured, or this request is 1043 * associated with an unconnected datagram socket, or this request 1044 * is associated with a system default policy. 1045 */ 1046 SAHTREE_RLOCK(); 1047 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1048 KEYDBG(IPSEC_DUMP, 1049 printf("%s: checking SAH\n", __func__); 1050 kdebug_secash(sah, " ")); 1051 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1052 break; 1053 } 1054 if (sah != NULL) { 1055 /* 1056 * Allocate the oldest SA available according to 1057 * draft-jenkins-ipsec-rekeying-03. 1058 */ 1059 if (V_key_preferred_oldsa) 1060 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1061 else 1062 sav = TAILQ_FIRST(&sah->savtree_alive); 1063 if (sav != NULL) 1064 SAV_ADDREF(sav); 1065 } else 1066 sav = NULL; 1067 SAHTREE_RUNLOCK(); 1068 1069 if (sav != NULL) { 1070 *error = 0; 1071 KEYDBG(IPSEC_STAMP, 1072 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1073 sav, sp)); 1074 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1075 return (sav); /* return referenced SA */ 1076 } 1077 1078 /* there is no SA */ 1079 *error = key_acquire(saidx, sp); 1080 if ((*error) != 0) 1081 ipseclog((LOG_DEBUG, 1082 "%s: error %d returned from key_acquire()\n", 1083 __func__, *error)); 1084 KEYDBG(IPSEC_STAMP, 1085 printf("%s: acquire SA for SP(%p), error %d\n", 1086 __func__, sp, *error)); 1087 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1088 return (NULL); 1089 } 1090 1091 /* 1092 * allocating a usable SA entry for a *INBOUND* packet. 1093 * Must call key_freesav() later. 1094 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1095 * NULL: not found, or error occurred. 1096 * 1097 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1098 * destination address, and security protocol. But according to RFC 4301, 1099 * SPI by itself suffices to specify an SA. 1100 * 1101 * Note that, however, we do need to keep source address in IPsec SA. 1102 * IKE specification and PF_KEY specification do assume that we 1103 * keep source address in IPsec SA. We see a tricky situation here. 1104 */ 1105 struct secasvar * 1106 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1107 { 1108 SAHTREE_RLOCK_TRACKER; 1109 struct secasvar *sav; 1110 1111 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1112 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1113 proto)); 1114 1115 SAHTREE_RLOCK(); 1116 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1117 if (sav->spi == spi) 1118 break; 1119 } 1120 /* 1121 * We use single SPI namespace for all protocols, so it is 1122 * impossible to have SPI duplicates in the SAVHASH. 1123 */ 1124 if (sav != NULL) { 1125 if (sav->state != SADB_SASTATE_LARVAL && 1126 sav->sah->saidx.proto == proto && 1127 key_sockaddrcmp(&dst->sa, 1128 &sav->sah->saidx.dst.sa, 0) == 0) 1129 SAV_ADDREF(sav); 1130 else 1131 sav = NULL; 1132 } 1133 SAHTREE_RUNLOCK(); 1134 1135 if (sav == NULL) { 1136 KEYDBG(IPSEC_STAMP, 1137 char buf[IPSEC_ADDRSTRLEN]; 1138 printf("%s: SA not found for spi %u proto %u dst %s\n", 1139 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1140 sizeof(buf)))); 1141 } else { 1142 KEYDBG(IPSEC_STAMP, 1143 printf("%s: return SA(%p)\n", __func__, sav)); 1144 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1145 } 1146 return (sav); 1147 } 1148 1149 struct secasvar * 1150 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1151 uint8_t proto) 1152 { 1153 SAHTREE_RLOCK_TRACKER; 1154 struct secasindex saidx; 1155 struct secashead *sah; 1156 struct secasvar *sav; 1157 1158 IPSEC_ASSERT(src != NULL, ("null src address")); 1159 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1160 1161 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1162 &dst->sa, &saidx); 1163 1164 sav = NULL; 1165 SAHTREE_RLOCK(); 1166 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1167 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1168 continue; 1169 if (proto != sah->saidx.proto) 1170 continue; 1171 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1172 continue; 1173 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1174 continue; 1175 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1176 if (V_key_preferred_oldsa) 1177 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1178 else 1179 sav = TAILQ_FIRST(&sah->savtree_alive); 1180 if (sav != NULL) { 1181 SAV_ADDREF(sav); 1182 break; 1183 } 1184 } 1185 SAHTREE_RUNLOCK(); 1186 KEYDBG(IPSEC_STAMP, 1187 printf("%s: return SA(%p)\n", __func__, sav)); 1188 if (sav != NULL) 1189 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1190 return (sav); 1191 } 1192 1193 /* 1194 * Must be called after calling key_allocsp(). 1195 */ 1196 void 1197 key_freesp(struct secpolicy **spp) 1198 { 1199 struct secpolicy *sp = *spp; 1200 1201 IPSEC_ASSERT(sp != NULL, ("null sp")); 1202 if (SP_DELREF(sp) == 0) 1203 return; 1204 1205 KEYDBG(IPSEC_STAMP, 1206 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1207 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1208 1209 *spp = NULL; 1210 while (sp->tcount > 0) 1211 ipsec_delisr(sp->req[--sp->tcount]); 1212 free(sp, M_IPSEC_SP); 1213 } 1214 1215 static void 1216 key_unlink(struct secpolicy *sp) 1217 { 1218 SPTREE_WLOCK(); 1219 key_detach(sp); 1220 SPTREE_WUNLOCK(); 1221 if (SPDCACHE_ENABLED()) 1222 spdcache_clear(); 1223 key_freesp(&sp); 1224 } 1225 1226 static void 1227 key_detach(struct secpolicy *sp) 1228 { 1229 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1230 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1231 ("invalid direction %u", sp->spidx.dir)); 1232 SPTREE_WLOCK_ASSERT(); 1233 1234 KEYDBG(KEY_STAMP, 1235 printf("%s: SP(%p)\n", __func__, sp)); 1236 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1237 /* SP is already unlinked */ 1238 return; 1239 } 1240 sp->state = IPSEC_SPSTATE_DEAD; 1241 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1242 V_spd_size--; 1243 LIST_REMOVE(sp, idhash); 1244 V_sp_genid++; 1245 } 1246 1247 /* 1248 * insert a secpolicy into the SP database. Lower priorities first 1249 */ 1250 static void 1251 key_insertsp(struct secpolicy *newsp) 1252 { 1253 struct secpolicy *sp; 1254 1255 SPTREE_WLOCK_ASSERT(); 1256 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1257 if (newsp->priority < sp->priority) { 1258 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1259 goto done; 1260 } 1261 } 1262 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1263 done: 1264 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1265 newsp->state = IPSEC_SPSTATE_ALIVE; 1266 V_spd_size++; 1267 V_sp_genid++; 1268 } 1269 1270 /* 1271 * Insert a bunch of VTI secpolicies into the SPDB. 1272 * We keep VTI policies in the separate list due to following reasons: 1273 * 1) they should be immutable to user's or some deamon's attempts to 1274 * delete. The only way delete such policies - destroy or unconfigure 1275 * corresponding virtual inteface. 1276 * 2) such policies have traffic selector that matches all traffic per 1277 * address family. 1278 * Since all VTI policies have the same priority, we don't care about 1279 * policies order. 1280 */ 1281 int 1282 key_register_ifnet(struct secpolicy **spp, u_int count) 1283 { 1284 struct mbuf *m; 1285 u_int i; 1286 1287 SPTREE_WLOCK(); 1288 /* 1289 * First of try to acquire id for each SP. 1290 */ 1291 for (i = 0; i < count; i++) { 1292 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1293 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1294 ("invalid direction %u", spp[i]->spidx.dir)); 1295 1296 if ((spp[i]->id = key_getnewspid()) == 0) { 1297 SPTREE_WUNLOCK(); 1298 return (EAGAIN); 1299 } 1300 } 1301 for (i = 0; i < count; i++) { 1302 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1303 spp[i], chain); 1304 /* 1305 * NOTE: despite the fact that we keep VTI SP in the 1306 * separate list, SPHASH contains policies from both 1307 * sources. Thus SADB_X_SPDGET will correctly return 1308 * SP by id, because it uses SPHASH for lookups. 1309 */ 1310 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1311 spp[i]->state = IPSEC_SPSTATE_IFNET; 1312 } 1313 SPTREE_WUNLOCK(); 1314 /* 1315 * Notify user processes about new SP. 1316 */ 1317 for (i = 0; i < count; i++) { 1318 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1319 if (m != NULL) 1320 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1321 } 1322 return (0); 1323 } 1324 1325 void 1326 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1327 { 1328 struct mbuf *m; 1329 u_int i; 1330 1331 SPTREE_WLOCK(); 1332 for (i = 0; i < count; i++) { 1333 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1334 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1335 ("invalid direction %u", spp[i]->spidx.dir)); 1336 1337 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1338 continue; 1339 spp[i]->state = IPSEC_SPSTATE_DEAD; 1340 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1341 spp[i], chain); 1342 V_spd_size--; 1343 LIST_REMOVE(spp[i], idhash); 1344 } 1345 SPTREE_WUNLOCK(); 1346 if (SPDCACHE_ENABLED()) 1347 spdcache_clear(); 1348 1349 for (i = 0; i < count; i++) { 1350 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1351 if (m != NULL) 1352 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1353 } 1354 } 1355 1356 /* 1357 * Must be called after calling key_allocsa(). 1358 * This function is called by key_freesp() to free some SA allocated 1359 * for a policy. 1360 */ 1361 void 1362 key_freesav(struct secasvar **psav) 1363 { 1364 struct secasvar *sav = *psav; 1365 1366 IPSEC_ASSERT(sav != NULL, ("null sav")); 1367 CURVNET_ASSERT_SET(); 1368 if (SAV_DELREF(sav) == 0) 1369 return; 1370 1371 KEYDBG(IPSEC_STAMP, 1372 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1373 1374 *psav = NULL; 1375 key_delsav(sav); 1376 } 1377 1378 /* 1379 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1380 * Expect that SA has extra reference due to lookup. 1381 * Release this references, also release SAH reference after unlink. 1382 */ 1383 static void 1384 key_unlinksav(struct secasvar *sav) 1385 { 1386 struct secashead *sah; 1387 1388 KEYDBG(KEY_STAMP, 1389 printf("%s: SA(%p)\n", __func__, sav)); 1390 1391 CURVNET_ASSERT_SET(); 1392 SAHTREE_UNLOCK_ASSERT(); 1393 SAHTREE_WLOCK(); 1394 if (sav->state == SADB_SASTATE_DEAD) { 1395 /* SA is already unlinked */ 1396 SAHTREE_WUNLOCK(); 1397 return; 1398 } 1399 /* Unlink from SAH */ 1400 if (sav->state == SADB_SASTATE_LARVAL) 1401 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1402 else 1403 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1404 /* Unlink from SPI hash */ 1405 LIST_REMOVE(sav, spihash); 1406 sav->state = SADB_SASTATE_DEAD; 1407 sah = sav->sah; 1408 SAHTREE_WUNLOCK(); 1409 key_freesav(&sav); 1410 /* Since we are unlinked, release reference to SAH */ 1411 key_freesah(&sah); 1412 } 1413 1414 /* %%% SPD management */ 1415 /* 1416 * search SPD 1417 * OUT: NULL : not found 1418 * others : found, pointer to a SP. 1419 */ 1420 static struct secpolicy * 1421 key_getsp(struct secpolicyindex *spidx) 1422 { 1423 SPTREE_RLOCK_TRACKER; 1424 struct secpolicy *sp; 1425 1426 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1427 1428 SPTREE_RLOCK(); 1429 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1430 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1431 SP_ADDREF(sp); 1432 break; 1433 } 1434 } 1435 SPTREE_RUNLOCK(); 1436 1437 return sp; 1438 } 1439 1440 /* 1441 * get SP by index. 1442 * OUT: NULL : not found 1443 * others : found, pointer to referenced SP. 1444 */ 1445 static struct secpolicy * 1446 key_getspbyid(uint32_t id) 1447 { 1448 SPTREE_RLOCK_TRACKER; 1449 struct secpolicy *sp; 1450 1451 SPTREE_RLOCK(); 1452 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1453 if (sp->id == id) { 1454 SP_ADDREF(sp); 1455 break; 1456 } 1457 } 1458 SPTREE_RUNLOCK(); 1459 return (sp); 1460 } 1461 1462 struct secpolicy * 1463 key_newsp(void) 1464 { 1465 struct secpolicy *sp; 1466 1467 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1468 if (sp != NULL) 1469 SP_INITREF(sp); 1470 return (sp); 1471 } 1472 1473 struct ipsecrequest * 1474 ipsec_newisr(void) 1475 { 1476 1477 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1478 M_NOWAIT | M_ZERO)); 1479 } 1480 1481 void 1482 ipsec_delisr(struct ipsecrequest *p) 1483 { 1484 1485 free(p, M_IPSEC_SR); 1486 } 1487 1488 /* 1489 * create secpolicy structure from sadb_x_policy structure. 1490 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1491 * are not set, so must be set properly later. 1492 */ 1493 struct secpolicy * 1494 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1495 { 1496 struct secpolicy *newsp; 1497 1498 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1499 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1500 1501 if (len != PFKEY_EXTLEN(xpl0)) { 1502 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1503 *error = EINVAL; 1504 return NULL; 1505 } 1506 1507 if ((newsp = key_newsp()) == NULL) { 1508 *error = ENOBUFS; 1509 return NULL; 1510 } 1511 1512 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1513 newsp->policy = xpl0->sadb_x_policy_type; 1514 newsp->priority = xpl0->sadb_x_policy_priority; 1515 newsp->tcount = 0; 1516 1517 /* check policy */ 1518 switch (xpl0->sadb_x_policy_type) { 1519 case IPSEC_POLICY_DISCARD: 1520 case IPSEC_POLICY_NONE: 1521 case IPSEC_POLICY_ENTRUST: 1522 case IPSEC_POLICY_BYPASS: 1523 break; 1524 1525 case IPSEC_POLICY_IPSEC: 1526 { 1527 struct sadb_x_ipsecrequest *xisr; 1528 struct ipsecrequest *isr; 1529 int tlen; 1530 1531 /* validity check */ 1532 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1533 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1534 __func__)); 1535 key_freesp(&newsp); 1536 *error = EINVAL; 1537 return NULL; 1538 } 1539 1540 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1541 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1542 1543 while (tlen > 0) { 1544 /* length check */ 1545 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1546 xisr->sadb_x_ipsecrequest_len > tlen) { 1547 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1548 "length.\n", __func__)); 1549 key_freesp(&newsp); 1550 *error = EINVAL; 1551 return NULL; 1552 } 1553 1554 if (newsp->tcount >= IPSEC_MAXREQ) { 1555 ipseclog((LOG_DEBUG, 1556 "%s: too many ipsecrequests.\n", 1557 __func__)); 1558 key_freesp(&newsp); 1559 *error = EINVAL; 1560 return (NULL); 1561 } 1562 1563 /* allocate request buffer */ 1564 /* NB: data structure is zero'd */ 1565 isr = ipsec_newisr(); 1566 if (isr == NULL) { 1567 ipseclog((LOG_DEBUG, 1568 "%s: No more memory.\n", __func__)); 1569 key_freesp(&newsp); 1570 *error = ENOBUFS; 1571 return NULL; 1572 } 1573 1574 newsp->req[newsp->tcount++] = isr; 1575 1576 /* set values */ 1577 switch (xisr->sadb_x_ipsecrequest_proto) { 1578 case IPPROTO_ESP: 1579 case IPPROTO_AH: 1580 case IPPROTO_IPCOMP: 1581 break; 1582 default: 1583 ipseclog((LOG_DEBUG, 1584 "%s: invalid proto type=%u\n", __func__, 1585 xisr->sadb_x_ipsecrequest_proto)); 1586 key_freesp(&newsp); 1587 *error = EPROTONOSUPPORT; 1588 return NULL; 1589 } 1590 isr->saidx.proto = 1591 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1592 1593 switch (xisr->sadb_x_ipsecrequest_mode) { 1594 case IPSEC_MODE_TRANSPORT: 1595 case IPSEC_MODE_TUNNEL: 1596 break; 1597 case IPSEC_MODE_ANY: 1598 default: 1599 ipseclog((LOG_DEBUG, 1600 "%s: invalid mode=%u\n", __func__, 1601 xisr->sadb_x_ipsecrequest_mode)); 1602 key_freesp(&newsp); 1603 *error = EINVAL; 1604 return NULL; 1605 } 1606 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1607 1608 switch (xisr->sadb_x_ipsecrequest_level) { 1609 case IPSEC_LEVEL_DEFAULT: 1610 case IPSEC_LEVEL_USE: 1611 case IPSEC_LEVEL_REQUIRE: 1612 break; 1613 case IPSEC_LEVEL_UNIQUE: 1614 /* validity check */ 1615 /* 1616 * If range violation of reqid, kernel will 1617 * update it, don't refuse it. 1618 */ 1619 if (xisr->sadb_x_ipsecrequest_reqid 1620 > IPSEC_MANUAL_REQID_MAX) { 1621 ipseclog((LOG_DEBUG, 1622 "%s: reqid=%d range " 1623 "violation, updated by kernel.\n", 1624 __func__, 1625 xisr->sadb_x_ipsecrequest_reqid)); 1626 xisr->sadb_x_ipsecrequest_reqid = 0; 1627 } 1628 1629 /* allocate new reqid id if reqid is zero. */ 1630 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1631 u_int32_t reqid; 1632 if ((reqid = key_newreqid()) == 0) { 1633 key_freesp(&newsp); 1634 *error = ENOBUFS; 1635 return NULL; 1636 } 1637 isr->saidx.reqid = reqid; 1638 xisr->sadb_x_ipsecrequest_reqid = reqid; 1639 } else { 1640 /* set it for manual keying. */ 1641 isr->saidx.reqid = 1642 xisr->sadb_x_ipsecrequest_reqid; 1643 } 1644 break; 1645 1646 default: 1647 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1648 __func__, 1649 xisr->sadb_x_ipsecrequest_level)); 1650 key_freesp(&newsp); 1651 *error = EINVAL; 1652 return NULL; 1653 } 1654 isr->level = xisr->sadb_x_ipsecrequest_level; 1655 1656 /* set IP addresses if there */ 1657 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1658 struct sockaddr *paddr; 1659 1660 len = tlen - sizeof(*xisr); 1661 paddr = (struct sockaddr *)(xisr + 1); 1662 /* validity check */ 1663 if (len < sizeof(struct sockaddr) || 1664 len < 2 * paddr->sa_len || 1665 paddr->sa_len > sizeof(isr->saidx.src)) { 1666 ipseclog((LOG_DEBUG, "%s: invalid " 1667 "request address length.\n", 1668 __func__)); 1669 key_freesp(&newsp); 1670 *error = EINVAL; 1671 return NULL; 1672 } 1673 /* 1674 * Request length should be enough to keep 1675 * source and destination addresses. 1676 */ 1677 if (xisr->sadb_x_ipsecrequest_len < 1678 sizeof(*xisr) + 2 * paddr->sa_len) { 1679 ipseclog((LOG_DEBUG, "%s: invalid " 1680 "ipsecrequest length.\n", 1681 __func__)); 1682 key_freesp(&newsp); 1683 *error = EINVAL; 1684 return (NULL); 1685 } 1686 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1687 paddr = (struct sockaddr *)((caddr_t)paddr + 1688 paddr->sa_len); 1689 1690 /* validity check */ 1691 if (paddr->sa_len != 1692 isr->saidx.src.sa.sa_len) { 1693 ipseclog((LOG_DEBUG, "%s: invalid " 1694 "request address length.\n", 1695 __func__)); 1696 key_freesp(&newsp); 1697 *error = EINVAL; 1698 return NULL; 1699 } 1700 /* AF family should match */ 1701 if (paddr->sa_family != 1702 isr->saidx.src.sa.sa_family) { 1703 ipseclog((LOG_DEBUG, "%s: address " 1704 "family doesn't match.\n", 1705 __func__)); 1706 key_freesp(&newsp); 1707 *error = EINVAL; 1708 return (NULL); 1709 } 1710 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1711 } else { 1712 /* 1713 * Addresses for TUNNEL mode requests are 1714 * mandatory. 1715 */ 1716 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1717 ipseclog((LOG_DEBUG, "%s: missing " 1718 "request addresses.\n", __func__)); 1719 key_freesp(&newsp); 1720 *error = EINVAL; 1721 return (NULL); 1722 } 1723 } 1724 tlen -= xisr->sadb_x_ipsecrequest_len; 1725 1726 /* validity check */ 1727 if (tlen < 0) { 1728 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1729 __func__)); 1730 key_freesp(&newsp); 1731 *error = EINVAL; 1732 return NULL; 1733 } 1734 1735 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1736 + xisr->sadb_x_ipsecrequest_len); 1737 } 1738 /* XXXAE: LARVAL SP */ 1739 if (newsp->tcount < 1) { 1740 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1741 "not found.\n", __func__)); 1742 key_freesp(&newsp); 1743 *error = EINVAL; 1744 return (NULL); 1745 } 1746 } 1747 break; 1748 default: 1749 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1750 key_freesp(&newsp); 1751 *error = EINVAL; 1752 return NULL; 1753 } 1754 1755 *error = 0; 1756 return (newsp); 1757 } 1758 1759 uint32_t 1760 key_newreqid(void) 1761 { 1762 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1763 1764 if (auto_reqid == ~0) 1765 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1766 else 1767 auto_reqid++; 1768 1769 /* XXX should be unique check */ 1770 return (auto_reqid); 1771 } 1772 1773 /* 1774 * copy secpolicy struct to sadb_x_policy structure indicated. 1775 */ 1776 static struct mbuf * 1777 key_sp2mbuf(struct secpolicy *sp) 1778 { 1779 struct mbuf *m; 1780 size_t tlen; 1781 1782 tlen = key_getspreqmsglen(sp); 1783 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1784 if (m == NULL) 1785 return (NULL); 1786 m_align(m, tlen); 1787 m->m_len = tlen; 1788 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1789 m_freem(m); 1790 return (NULL); 1791 } 1792 return (m); 1793 } 1794 1795 int 1796 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1797 { 1798 struct sadb_x_ipsecrequest *xisr; 1799 struct sadb_x_policy *xpl; 1800 struct ipsecrequest *isr; 1801 size_t xlen, ilen; 1802 caddr_t p; 1803 int error, i; 1804 1805 IPSEC_ASSERT(sp != NULL, ("null policy")); 1806 1807 xlen = sizeof(*xpl); 1808 if (*len < xlen) 1809 return (EINVAL); 1810 1811 error = 0; 1812 bzero(request, *len); 1813 xpl = (struct sadb_x_policy *)request; 1814 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1815 xpl->sadb_x_policy_type = sp->policy; 1816 xpl->sadb_x_policy_dir = sp->spidx.dir; 1817 xpl->sadb_x_policy_id = sp->id; 1818 xpl->sadb_x_policy_priority = sp->priority; 1819 switch (sp->state) { 1820 case IPSEC_SPSTATE_IFNET: 1821 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1822 break; 1823 case IPSEC_SPSTATE_PCB: 1824 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1825 break; 1826 default: 1827 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1828 } 1829 1830 /* if is the policy for ipsec ? */ 1831 if (sp->policy == IPSEC_POLICY_IPSEC) { 1832 p = (caddr_t)xpl + sizeof(*xpl); 1833 for (i = 0; i < sp->tcount; i++) { 1834 isr = sp->req[i]; 1835 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1836 isr->saidx.src.sa.sa_len + 1837 isr->saidx.dst.sa.sa_len); 1838 xlen += ilen; 1839 if (xlen > *len) { 1840 error = ENOBUFS; 1841 /* Calculate needed size */ 1842 continue; 1843 } 1844 xisr = (struct sadb_x_ipsecrequest *)p; 1845 xisr->sadb_x_ipsecrequest_len = ilen; 1846 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1847 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1848 xisr->sadb_x_ipsecrequest_level = isr->level; 1849 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1850 1851 p += sizeof(*xisr); 1852 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1853 p += isr->saidx.src.sa.sa_len; 1854 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1855 p += isr->saidx.dst.sa.sa_len; 1856 } 1857 } 1858 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1859 if (error == 0) 1860 *len = xlen; 1861 else 1862 *len = sizeof(*xpl); 1863 return (error); 1864 } 1865 1866 /* m will not be freed nor modified */ 1867 static struct mbuf * 1868 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1869 int ndeep, int nitem, ...) 1870 { 1871 va_list ap; 1872 int idx; 1873 int i; 1874 struct mbuf *result = NULL, *n; 1875 int len; 1876 1877 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1878 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1879 1880 va_start(ap, nitem); 1881 for (i = 0; i < nitem; i++) { 1882 idx = va_arg(ap, int); 1883 if (idx < 0 || idx > SADB_EXT_MAX) 1884 goto fail; 1885 /* don't attempt to pull empty extension */ 1886 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1887 continue; 1888 if (idx != SADB_EXT_RESERVED && 1889 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1890 continue; 1891 1892 if (idx == SADB_EXT_RESERVED) { 1893 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1894 1895 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1896 1897 MGETHDR(n, M_NOWAIT, MT_DATA); 1898 if (!n) 1899 goto fail; 1900 n->m_len = len; 1901 n->m_next = NULL; 1902 m_copydata(m, 0, sizeof(struct sadb_msg), 1903 mtod(n, caddr_t)); 1904 } else if (i < ndeep) { 1905 len = mhp->extlen[idx]; 1906 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1907 if (n == NULL) 1908 goto fail; 1909 m_align(n, len); 1910 n->m_len = len; 1911 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1912 mtod(n, caddr_t)); 1913 } else { 1914 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1915 M_NOWAIT); 1916 } 1917 if (n == NULL) 1918 goto fail; 1919 1920 if (result) 1921 m_cat(result, n); 1922 else 1923 result = n; 1924 } 1925 va_end(ap); 1926 1927 if ((result->m_flags & M_PKTHDR) != 0) { 1928 result->m_pkthdr.len = 0; 1929 for (n = result; n; n = n->m_next) 1930 result->m_pkthdr.len += n->m_len; 1931 } 1932 1933 return result; 1934 1935 fail: 1936 m_freem(result); 1937 va_end(ap); 1938 return NULL; 1939 } 1940 1941 /* 1942 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1943 * add an entry to SP database, when received 1944 * <base, address(SD), (lifetime(H),) policy> 1945 * from the user(?). 1946 * Adding to SP database, 1947 * and send 1948 * <base, address(SD), (lifetime(H),) policy> 1949 * to the socket which was send. 1950 * 1951 * SPDADD set a unique policy entry. 1952 * SPDSETIDX like SPDADD without a part of policy requests. 1953 * SPDUPDATE replace a unique policy entry. 1954 * 1955 * XXXAE: serialize this in PF_KEY to avoid races. 1956 * m will always be freed. 1957 */ 1958 static int 1959 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1960 { 1961 struct secpolicyindex spidx; 1962 struct sadb_address *src0, *dst0; 1963 struct sadb_x_policy *xpl0, *xpl; 1964 struct sadb_lifetime *lft = NULL; 1965 struct secpolicy *newsp, *oldsp; 1966 int error; 1967 1968 IPSEC_ASSERT(so != NULL, ("null socket")); 1969 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1970 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1971 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1972 1973 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1974 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1975 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1976 ipseclog((LOG_DEBUG, 1977 "%s: invalid message: missing required header.\n", 1978 __func__)); 1979 return key_senderror(so, m, EINVAL); 1980 } 1981 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1982 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1983 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1984 ipseclog((LOG_DEBUG, 1985 "%s: invalid message: wrong header size.\n", __func__)); 1986 return key_senderror(so, m, EINVAL); 1987 } 1988 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1989 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1990 ipseclog((LOG_DEBUG, 1991 "%s: invalid message: wrong header size.\n", 1992 __func__)); 1993 return key_senderror(so, m, EINVAL); 1994 } 1995 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1996 } 1997 1998 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1999 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2000 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2001 2002 /* check the direciton */ 2003 switch (xpl0->sadb_x_policy_dir) { 2004 case IPSEC_DIR_INBOUND: 2005 case IPSEC_DIR_OUTBOUND: 2006 break; 2007 default: 2008 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2009 return key_senderror(so, m, EINVAL); 2010 } 2011 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2012 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2013 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2014 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2015 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2016 return key_senderror(so, m, EINVAL); 2017 } 2018 2019 /* policy requests are mandatory when action is ipsec. */ 2020 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2021 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2022 ipseclog((LOG_DEBUG, 2023 "%s: policy requests required.\n", __func__)); 2024 return key_senderror(so, m, EINVAL); 2025 } 2026 2027 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2028 (struct sockaddr *)(dst0 + 1)); 2029 if (error != 0 || 2030 src0->sadb_address_proto != dst0->sadb_address_proto) { 2031 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2032 return key_senderror(so, m, error); 2033 } 2034 /* make secindex */ 2035 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2036 src0 + 1, 2037 dst0 + 1, 2038 src0->sadb_address_prefixlen, 2039 dst0->sadb_address_prefixlen, 2040 src0->sadb_address_proto, 2041 &spidx); 2042 /* Checking there is SP already or not. */ 2043 oldsp = key_getsp(&spidx); 2044 if (oldsp != NULL) { 2045 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2046 KEYDBG(KEY_STAMP, 2047 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2048 __func__, oldsp)); 2049 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2050 } else { 2051 key_freesp(&oldsp); 2052 ipseclog((LOG_DEBUG, 2053 "%s: a SP entry exists already.\n", __func__)); 2054 return (key_senderror(so, m, EEXIST)); 2055 } 2056 } 2057 2058 /* allocate new SP entry */ 2059 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2060 if (oldsp != NULL) { 2061 key_unlink(oldsp); 2062 key_freesp(&oldsp); /* second for our reference */ 2063 } 2064 return key_senderror(so, m, error); 2065 } 2066 2067 newsp->lastused = newsp->created = time_second; 2068 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2069 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2070 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2071 2072 SPTREE_WLOCK(); 2073 if ((newsp->id = key_getnewspid()) == 0) { 2074 if (oldsp != NULL) 2075 key_detach(oldsp); 2076 SPTREE_WUNLOCK(); 2077 if (oldsp != NULL) { 2078 key_freesp(&oldsp); /* first for key_detach */ 2079 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2080 key_freesp(&oldsp); /* second for our reference */ 2081 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2082 spdcache_clear(); 2083 } 2084 key_freesp(&newsp); 2085 return key_senderror(so, m, ENOBUFS); 2086 } 2087 if (oldsp != NULL) 2088 key_detach(oldsp); 2089 key_insertsp(newsp); 2090 SPTREE_WUNLOCK(); 2091 if (oldsp != NULL) { 2092 key_freesp(&oldsp); /* first for key_detach */ 2093 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2094 key_freesp(&oldsp); /* second for our reference */ 2095 } 2096 if (SPDCACHE_ENABLED()) 2097 spdcache_clear(); 2098 KEYDBG(KEY_STAMP, 2099 printf("%s: SP(%p)\n", __func__, newsp)); 2100 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2101 2102 { 2103 struct mbuf *n, *mpolicy; 2104 struct sadb_msg *newmsg; 2105 int off; 2106 2107 /* create new sadb_msg to reply. */ 2108 if (lft) { 2109 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2110 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2111 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2112 } else { 2113 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2114 SADB_X_EXT_POLICY, 2115 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2116 } 2117 if (!n) 2118 return key_senderror(so, m, ENOBUFS); 2119 2120 if (n->m_len < sizeof(*newmsg)) { 2121 n = m_pullup(n, sizeof(*newmsg)); 2122 if (!n) 2123 return key_senderror(so, m, ENOBUFS); 2124 } 2125 newmsg = mtod(n, struct sadb_msg *); 2126 newmsg->sadb_msg_errno = 0; 2127 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2128 2129 off = 0; 2130 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2131 sizeof(*xpl), &off); 2132 if (mpolicy == NULL) { 2133 /* n is already freed */ 2134 return key_senderror(so, m, ENOBUFS); 2135 } 2136 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2137 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2138 m_freem(n); 2139 return key_senderror(so, m, EINVAL); 2140 } 2141 xpl->sadb_x_policy_id = newsp->id; 2142 2143 m_freem(m); 2144 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2145 } 2146 } 2147 2148 /* 2149 * get new policy id. 2150 * OUT: 2151 * 0: failure. 2152 * others: success. 2153 */ 2154 static uint32_t 2155 key_getnewspid(void) 2156 { 2157 struct secpolicy *sp; 2158 uint32_t newid = 0; 2159 int tries, limit; 2160 2161 SPTREE_WLOCK_ASSERT(); 2162 2163 limit = atomic_load_int(&V_key_spi_trycnt); 2164 for (tries = 0; tries < limit; tries++) { 2165 if (V_policy_id == ~0) /* overflowed */ 2166 newid = V_policy_id = 1; 2167 else 2168 newid = ++V_policy_id; 2169 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2170 if (sp->id == newid) 2171 break; 2172 } 2173 if (sp == NULL) 2174 break; 2175 } 2176 if (tries == limit || newid == 0) { 2177 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2178 __func__)); 2179 return (0); 2180 } 2181 return (newid); 2182 } 2183 2184 /* 2185 * SADB_SPDDELETE processing 2186 * receive 2187 * <base, address(SD), policy(*)> 2188 * from the user(?), and set SADB_SASTATE_DEAD, 2189 * and send, 2190 * <base, address(SD), policy(*)> 2191 * to the ikmpd. 2192 * policy(*) including direction of policy. 2193 * 2194 * m will always be freed. 2195 */ 2196 static int 2197 key_spddelete(struct socket *so, struct mbuf *m, 2198 const struct sadb_msghdr *mhp) 2199 { 2200 struct secpolicyindex spidx; 2201 struct sadb_address *src0, *dst0; 2202 struct sadb_x_policy *xpl0; 2203 struct secpolicy *sp; 2204 2205 IPSEC_ASSERT(so != NULL, ("null so")); 2206 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2207 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2208 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2209 2210 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2211 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2212 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2213 ipseclog((LOG_DEBUG, 2214 "%s: invalid message: missing required header.\n", 2215 __func__)); 2216 return key_senderror(so, m, EINVAL); 2217 } 2218 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2219 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2220 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2221 ipseclog((LOG_DEBUG, 2222 "%s: invalid message: wrong header size.\n", __func__)); 2223 return key_senderror(so, m, EINVAL); 2224 } 2225 2226 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2227 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2228 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2229 2230 /* check the direciton */ 2231 switch (xpl0->sadb_x_policy_dir) { 2232 case IPSEC_DIR_INBOUND: 2233 case IPSEC_DIR_OUTBOUND: 2234 break; 2235 default: 2236 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2237 return key_senderror(so, m, EINVAL); 2238 } 2239 /* Only DISCARD, NONE and IPSEC are allowed */ 2240 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2241 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2242 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2243 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2244 return key_senderror(so, m, EINVAL); 2245 } 2246 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2247 (struct sockaddr *)(dst0 + 1)) != 0 || 2248 src0->sadb_address_proto != dst0->sadb_address_proto) { 2249 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2250 return key_senderror(so, m, EINVAL); 2251 } 2252 /* make secindex */ 2253 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2254 src0 + 1, 2255 dst0 + 1, 2256 src0->sadb_address_prefixlen, 2257 dst0->sadb_address_prefixlen, 2258 src0->sadb_address_proto, 2259 &spidx); 2260 2261 /* Is there SP in SPD ? */ 2262 if ((sp = key_getsp(&spidx)) == NULL) { 2263 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2264 return key_senderror(so, m, EINVAL); 2265 } 2266 2267 /* save policy id to buffer to be returned. */ 2268 xpl0->sadb_x_policy_id = sp->id; 2269 2270 KEYDBG(KEY_STAMP, 2271 printf("%s: SP(%p)\n", __func__, sp)); 2272 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2273 key_unlink(sp); 2274 key_freesp(&sp); 2275 2276 { 2277 struct mbuf *n; 2278 struct sadb_msg *newmsg; 2279 2280 /* create new sadb_msg to reply. */ 2281 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2282 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2283 if (!n) 2284 return key_senderror(so, m, ENOBUFS); 2285 2286 newmsg = mtod(n, struct sadb_msg *); 2287 newmsg->sadb_msg_errno = 0; 2288 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2289 2290 m_freem(m); 2291 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2292 } 2293 } 2294 2295 /* 2296 * SADB_SPDDELETE2 processing 2297 * receive 2298 * <base, policy(*)> 2299 * from the user(?), and set SADB_SASTATE_DEAD, 2300 * and send, 2301 * <base, policy(*)> 2302 * to the ikmpd. 2303 * policy(*) including direction of policy. 2304 * 2305 * m will always be freed. 2306 */ 2307 static int 2308 key_spddelete2(struct socket *so, struct mbuf *m, 2309 const struct sadb_msghdr *mhp) 2310 { 2311 struct secpolicy *sp; 2312 uint32_t id; 2313 2314 IPSEC_ASSERT(so != NULL, ("null socket")); 2315 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2316 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2317 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2318 2319 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2320 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2321 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2322 __func__)); 2323 return key_senderror(so, m, EINVAL); 2324 } 2325 2326 id = ((struct sadb_x_policy *) 2327 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2328 2329 /* Is there SP in SPD ? */ 2330 if ((sp = key_getspbyid(id)) == NULL) { 2331 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2332 __func__, id)); 2333 return key_senderror(so, m, EINVAL); 2334 } 2335 2336 KEYDBG(KEY_STAMP, 2337 printf("%s: SP(%p)\n", __func__, sp)); 2338 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2339 key_unlink(sp); 2340 if (sp->state != IPSEC_SPSTATE_DEAD) { 2341 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2342 __func__, id)); 2343 key_freesp(&sp); 2344 return (key_senderror(so, m, EACCES)); 2345 } 2346 key_freesp(&sp); 2347 2348 { 2349 struct mbuf *n, *nn; 2350 struct sadb_msg *newmsg; 2351 int off, len; 2352 2353 /* create new sadb_msg to reply. */ 2354 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2355 2356 MGETHDR(n, M_NOWAIT, MT_DATA); 2357 if (n && len > MHLEN) { 2358 if (!(MCLGET(n, M_NOWAIT))) { 2359 m_freem(n); 2360 n = NULL; 2361 } 2362 } 2363 if (!n) 2364 return key_senderror(so, m, ENOBUFS); 2365 2366 n->m_len = len; 2367 n->m_next = NULL; 2368 off = 0; 2369 2370 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2371 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2372 2373 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2374 off, len)); 2375 2376 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2377 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2378 if (!n->m_next) { 2379 m_freem(n); 2380 return key_senderror(so, m, ENOBUFS); 2381 } 2382 2383 n->m_pkthdr.len = 0; 2384 for (nn = n; nn; nn = nn->m_next) 2385 n->m_pkthdr.len += nn->m_len; 2386 2387 newmsg = mtod(n, struct sadb_msg *); 2388 newmsg->sadb_msg_errno = 0; 2389 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2390 2391 m_freem(m); 2392 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2393 } 2394 } 2395 2396 /* 2397 * SADB_X_SPDGET processing 2398 * receive 2399 * <base, policy(*)> 2400 * from the user(?), 2401 * and send, 2402 * <base, address(SD), policy> 2403 * to the ikmpd. 2404 * policy(*) including direction of policy. 2405 * 2406 * m will always be freed. 2407 */ 2408 static int 2409 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2410 { 2411 struct secpolicy *sp; 2412 struct mbuf *n; 2413 uint32_t id; 2414 2415 IPSEC_ASSERT(so != NULL, ("null socket")); 2416 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2417 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2418 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2419 2420 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2421 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2422 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2423 __func__)); 2424 return key_senderror(so, m, EINVAL); 2425 } 2426 2427 id = ((struct sadb_x_policy *) 2428 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2429 2430 /* Is there SP in SPD ? */ 2431 if ((sp = key_getspbyid(id)) == NULL) { 2432 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2433 __func__, id)); 2434 return key_senderror(so, m, ENOENT); 2435 } 2436 2437 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2438 mhp->msg->sadb_msg_pid); 2439 key_freesp(&sp); 2440 if (n != NULL) { 2441 m_freem(m); 2442 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2443 } else 2444 return key_senderror(so, m, ENOBUFS); 2445 } 2446 2447 /* 2448 * SADB_X_SPDACQUIRE processing. 2449 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2450 * send 2451 * <base, policy(*)> 2452 * to KMD, and expect to receive 2453 * <base> with SADB_X_SPDACQUIRE if error occurred, 2454 * or 2455 * <base, policy> 2456 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2457 * policy(*) is without policy requests. 2458 * 2459 * 0 : succeed 2460 * others: error number 2461 */ 2462 int 2463 key_spdacquire(struct secpolicy *sp) 2464 { 2465 struct mbuf *result = NULL, *m; 2466 struct secspacq *newspacq; 2467 2468 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2469 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2470 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2471 ("policy not IPSEC %u", sp->policy)); 2472 2473 /* Get an entry to check whether sent message or not. */ 2474 newspacq = key_getspacq(&sp->spidx); 2475 if (newspacq != NULL) { 2476 if (V_key_blockacq_count < newspacq->count) { 2477 /* reset counter and do send message. */ 2478 newspacq->count = 0; 2479 } else { 2480 /* increment counter and do nothing. */ 2481 newspacq->count++; 2482 SPACQ_UNLOCK(); 2483 return (0); 2484 } 2485 SPACQ_UNLOCK(); 2486 } else { 2487 /* make new entry for blocking to send SADB_ACQUIRE. */ 2488 newspacq = key_newspacq(&sp->spidx); 2489 if (newspacq == NULL) 2490 return ENOBUFS; 2491 } 2492 2493 /* create new sadb_msg to reply. */ 2494 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2495 if (!m) 2496 return ENOBUFS; 2497 2498 result = m; 2499 2500 result->m_pkthdr.len = 0; 2501 for (m = result; m; m = m->m_next) 2502 result->m_pkthdr.len += m->m_len; 2503 2504 mtod(result, struct sadb_msg *)->sadb_msg_len = 2505 PFKEY_UNIT64(result->m_pkthdr.len); 2506 2507 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2508 } 2509 2510 /* 2511 * SADB_SPDFLUSH processing 2512 * receive 2513 * <base> 2514 * from the user, and free all entries in secpctree. 2515 * and send, 2516 * <base> 2517 * to the user. 2518 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2519 * 2520 * m will always be freed. 2521 */ 2522 static int 2523 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2524 { 2525 struct secpolicy_queue drainq; 2526 struct sadb_msg *newmsg; 2527 struct secpolicy *sp, *nextsp; 2528 u_int dir; 2529 2530 IPSEC_ASSERT(so != NULL, ("null socket")); 2531 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2532 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2533 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2534 2535 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2536 return key_senderror(so, m, EINVAL); 2537 2538 TAILQ_INIT(&drainq); 2539 SPTREE_WLOCK(); 2540 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2541 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2542 } 2543 /* 2544 * We need to set state to DEAD for each policy to be sure, 2545 * that another thread won't try to unlink it. 2546 * Also remove SP from sphash. 2547 */ 2548 TAILQ_FOREACH(sp, &drainq, chain) { 2549 sp->state = IPSEC_SPSTATE_DEAD; 2550 LIST_REMOVE(sp, idhash); 2551 } 2552 V_sp_genid++; 2553 V_spd_size = 0; 2554 SPTREE_WUNLOCK(); 2555 if (SPDCACHE_ENABLED()) 2556 spdcache_clear(); 2557 sp = TAILQ_FIRST(&drainq); 2558 while (sp != NULL) { 2559 nextsp = TAILQ_NEXT(sp, chain); 2560 key_freesp(&sp); 2561 sp = nextsp; 2562 } 2563 2564 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2565 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2566 return key_senderror(so, m, ENOBUFS); 2567 } 2568 2569 if (m->m_next) 2570 m_freem(m->m_next); 2571 m->m_next = NULL; 2572 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2573 newmsg = mtod(m, struct sadb_msg *); 2574 newmsg->sadb_msg_errno = 0; 2575 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2576 2577 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2578 } 2579 2580 static uint8_t 2581 key_satype2scopemask(uint8_t satype) 2582 { 2583 2584 if (satype == IPSEC_POLICYSCOPE_ANY) 2585 return (0xff); 2586 return (satype); 2587 } 2588 /* 2589 * SADB_SPDDUMP processing 2590 * receive 2591 * <base> 2592 * from the user, and dump all SP leaves and send, 2593 * <base> ..... 2594 * to the ikmpd. 2595 * 2596 * NOTE: 2597 * sadb_msg_satype is considered as mask of policy scopes. 2598 * m will always be freed. 2599 */ 2600 static int 2601 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2602 { 2603 SPTREE_RLOCK_TRACKER; 2604 struct secpolicy *sp; 2605 struct mbuf *n; 2606 int cnt; 2607 u_int dir, scope; 2608 2609 IPSEC_ASSERT(so != NULL, ("null socket")); 2610 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2611 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2612 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2613 2614 /* search SPD entry and get buffer size. */ 2615 cnt = 0; 2616 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2617 SPTREE_RLOCK(); 2618 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2619 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2620 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2621 cnt++; 2622 } 2623 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2624 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2625 cnt++; 2626 } 2627 } 2628 2629 if (cnt == 0) { 2630 SPTREE_RUNLOCK(); 2631 return key_senderror(so, m, ENOENT); 2632 } 2633 2634 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2635 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2636 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2637 --cnt; 2638 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2639 mhp->msg->sadb_msg_pid); 2640 2641 if (n != NULL) 2642 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2643 } 2644 } 2645 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2646 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2647 --cnt; 2648 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2649 mhp->msg->sadb_msg_pid); 2650 2651 if (n != NULL) 2652 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2653 } 2654 } 2655 } 2656 2657 SPTREE_RUNLOCK(); 2658 m_freem(m); 2659 return (0); 2660 } 2661 2662 static struct mbuf * 2663 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2664 u_int32_t pid) 2665 { 2666 struct mbuf *result = NULL, *m; 2667 struct seclifetime lt; 2668 2669 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2670 if (!m) 2671 goto fail; 2672 result = m; 2673 2674 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2675 &sp->spidx.src.sa, sp->spidx.prefs, 2676 sp->spidx.ul_proto); 2677 if (!m) 2678 goto fail; 2679 m_cat(result, m); 2680 2681 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2682 &sp->spidx.dst.sa, sp->spidx.prefd, 2683 sp->spidx.ul_proto); 2684 if (!m) 2685 goto fail; 2686 m_cat(result, m); 2687 2688 m = key_sp2mbuf(sp); 2689 if (!m) 2690 goto fail; 2691 m_cat(result, m); 2692 2693 if(sp->lifetime){ 2694 lt.addtime=sp->created; 2695 lt.usetime= sp->lastused; 2696 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2697 if (!m) 2698 goto fail; 2699 m_cat(result, m); 2700 2701 lt.addtime=sp->lifetime; 2702 lt.usetime= sp->validtime; 2703 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2704 if (!m) 2705 goto fail; 2706 m_cat(result, m); 2707 } 2708 2709 if ((result->m_flags & M_PKTHDR) == 0) 2710 goto fail; 2711 2712 if (result->m_len < sizeof(struct sadb_msg)) { 2713 result = m_pullup(result, sizeof(struct sadb_msg)); 2714 if (result == NULL) 2715 goto fail; 2716 } 2717 2718 result->m_pkthdr.len = 0; 2719 for (m = result; m; m = m->m_next) 2720 result->m_pkthdr.len += m->m_len; 2721 2722 mtod(result, struct sadb_msg *)->sadb_msg_len = 2723 PFKEY_UNIT64(result->m_pkthdr.len); 2724 2725 return result; 2726 2727 fail: 2728 m_freem(result); 2729 return NULL; 2730 } 2731 /* 2732 * get PFKEY message length for security policy and request. 2733 */ 2734 static size_t 2735 key_getspreqmsglen(struct secpolicy *sp) 2736 { 2737 size_t tlen, len; 2738 int i; 2739 2740 tlen = sizeof(struct sadb_x_policy); 2741 /* if is the policy for ipsec ? */ 2742 if (sp->policy != IPSEC_POLICY_IPSEC) 2743 return (tlen); 2744 2745 /* get length of ipsec requests */ 2746 for (i = 0; i < sp->tcount; i++) { 2747 len = sizeof(struct sadb_x_ipsecrequest) 2748 + sp->req[i]->saidx.src.sa.sa_len 2749 + sp->req[i]->saidx.dst.sa.sa_len; 2750 2751 tlen += PFKEY_ALIGN8(len); 2752 } 2753 return (tlen); 2754 } 2755 2756 /* 2757 * SADB_SPDEXPIRE processing 2758 * send 2759 * <base, address(SD), lifetime(CH), policy> 2760 * to KMD by PF_KEY. 2761 * 2762 * OUT: 0 : succeed 2763 * others : error number 2764 */ 2765 static int 2766 key_spdexpire(struct secpolicy *sp) 2767 { 2768 struct sadb_lifetime *lt; 2769 struct mbuf *result = NULL, *m; 2770 int len, error = -1; 2771 2772 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2773 2774 KEYDBG(KEY_STAMP, 2775 printf("%s: SP(%p)\n", __func__, sp)); 2776 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2777 2778 /* set msg header */ 2779 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2780 if (!m) { 2781 error = ENOBUFS; 2782 goto fail; 2783 } 2784 result = m; 2785 2786 /* create lifetime extension (current and hard) */ 2787 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2788 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2789 if (m == NULL) { 2790 error = ENOBUFS; 2791 goto fail; 2792 } 2793 m_align(m, len); 2794 m->m_len = len; 2795 bzero(mtod(m, caddr_t), len); 2796 lt = mtod(m, struct sadb_lifetime *); 2797 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2798 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2799 lt->sadb_lifetime_allocations = 0; 2800 lt->sadb_lifetime_bytes = 0; 2801 lt->sadb_lifetime_addtime = sp->created; 2802 lt->sadb_lifetime_usetime = sp->lastused; 2803 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2804 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2805 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2806 lt->sadb_lifetime_allocations = 0; 2807 lt->sadb_lifetime_bytes = 0; 2808 lt->sadb_lifetime_addtime = sp->lifetime; 2809 lt->sadb_lifetime_usetime = sp->validtime; 2810 m_cat(result, m); 2811 2812 /* set sadb_address for source */ 2813 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2814 &sp->spidx.src.sa, 2815 sp->spidx.prefs, sp->spidx.ul_proto); 2816 if (!m) { 2817 error = ENOBUFS; 2818 goto fail; 2819 } 2820 m_cat(result, m); 2821 2822 /* set sadb_address for destination */ 2823 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2824 &sp->spidx.dst.sa, 2825 sp->spidx.prefd, sp->spidx.ul_proto); 2826 if (!m) { 2827 error = ENOBUFS; 2828 goto fail; 2829 } 2830 m_cat(result, m); 2831 2832 /* set secpolicy */ 2833 m = key_sp2mbuf(sp); 2834 if (!m) { 2835 error = ENOBUFS; 2836 goto fail; 2837 } 2838 m_cat(result, m); 2839 2840 if ((result->m_flags & M_PKTHDR) == 0) { 2841 error = EINVAL; 2842 goto fail; 2843 } 2844 2845 if (result->m_len < sizeof(struct sadb_msg)) { 2846 result = m_pullup(result, sizeof(struct sadb_msg)); 2847 if (result == NULL) { 2848 error = ENOBUFS; 2849 goto fail; 2850 } 2851 } 2852 2853 result->m_pkthdr.len = 0; 2854 for (m = result; m; m = m->m_next) 2855 result->m_pkthdr.len += m->m_len; 2856 2857 mtod(result, struct sadb_msg *)->sadb_msg_len = 2858 PFKEY_UNIT64(result->m_pkthdr.len); 2859 2860 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2861 2862 fail: 2863 if (result) 2864 m_freem(result); 2865 return error; 2866 } 2867 2868 /* %%% SAD management */ 2869 /* 2870 * allocating and initialize new SA head. 2871 * OUT: NULL : failure due to the lack of memory. 2872 * others : pointer to new SA head. 2873 */ 2874 static struct secashead * 2875 key_newsah(struct secasindex *saidx) 2876 { 2877 struct secashead *sah; 2878 2879 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2880 M_NOWAIT | M_ZERO); 2881 if (sah == NULL) { 2882 PFKEYSTAT_INC(in_nomem); 2883 return (NULL); 2884 } 2885 TAILQ_INIT(&sah->savtree_larval); 2886 TAILQ_INIT(&sah->savtree_alive); 2887 sah->saidx = *saidx; 2888 sah->state = SADB_SASTATE_DEAD; 2889 SAH_INITREF(sah); 2890 2891 KEYDBG(KEY_STAMP, 2892 printf("%s: SAH(%p)\n", __func__, sah)); 2893 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2894 return (sah); 2895 } 2896 2897 static void 2898 key_freesah(struct secashead **psah) 2899 { 2900 struct secashead *sah = *psah; 2901 2902 CURVNET_ASSERT_SET(); 2903 2904 if (SAH_DELREF(sah) == 0) 2905 return; 2906 2907 KEYDBG(KEY_STAMP, 2908 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2909 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2910 2911 *psah = NULL; 2912 key_delsah(sah); 2913 } 2914 2915 static void 2916 key_delsah(struct secashead *sah) 2917 { 2918 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2919 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2920 ("Attempt to free non DEAD SAH %p", sah)); 2921 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2922 ("Attempt to free SAH %p with LARVAL SA", sah)); 2923 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2924 ("Attempt to free SAH %p with ALIVE SA", sah)); 2925 2926 free(sah, M_IPSEC_SAH); 2927 } 2928 2929 /* 2930 * allocating a new SA for key_add() and key_getspi() call, 2931 * and copy the values of mhp into new buffer. 2932 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2933 * For SADB_ADD create and initialize SA with MATURE state. 2934 * OUT: NULL : fail 2935 * others : pointer to new secasvar. 2936 */ 2937 static struct secasvar * 2938 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2939 uint32_t spi, int *errp) 2940 { 2941 struct secashead *sah; 2942 struct secasvar *sav; 2943 int isnew; 2944 2945 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2946 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2947 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2948 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2949 2950 sav = NULL; 2951 sah = NULL; 2952 /* check SPI value */ 2953 switch (saidx->proto) { 2954 case IPPROTO_ESP: 2955 case IPPROTO_AH: 2956 /* 2957 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2958 * 1-255 reserved by IANA for future use, 2959 * 0 for implementation specific, local use. 2960 */ 2961 if (ntohl(spi) <= 255) { 2962 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2963 __func__, ntohl(spi))); 2964 *errp = EINVAL; 2965 goto done; 2966 } 2967 break; 2968 } 2969 2970 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2971 if (sav == NULL) { 2972 *errp = ENOBUFS; 2973 goto done; 2974 } 2975 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 2976 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 2977 M_NOWAIT | M_ZERO); 2978 if (sav->lock == NULL) { 2979 *errp = ENOBUFS; 2980 goto done; 2981 } 2982 rm_init(sav->lock, "ipsec association"); 2983 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2984 if (sav->lft_c == NULL) { 2985 *errp = ENOBUFS; 2986 goto done; 2987 } 2988 2989 sav->spi = spi; 2990 sav->seq = mhp->msg->sadb_msg_seq; 2991 sav->state = SADB_SASTATE_LARVAL; 2992 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2993 SAV_INITREF(sav); 2994 again: 2995 sah = key_getsah(saidx); 2996 if (sah == NULL) { 2997 /* create a new SA index */ 2998 sah = key_newsah(saidx); 2999 if (sah == NULL) { 3000 ipseclog((LOG_DEBUG, 3001 "%s: No more memory.\n", __func__)); 3002 *errp = ENOBUFS; 3003 goto done; 3004 } 3005 isnew = 1; 3006 } else 3007 isnew = 0; 3008 3009 sav->sah = sah; 3010 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3011 sav->created = time_second; 3012 } else if (sav->state == SADB_SASTATE_LARVAL) { 3013 /* 3014 * Do not call key_setsaval() second time in case 3015 * of `goto again`. We will have MATURE state. 3016 */ 3017 *errp = key_setsaval(sav, mhp); 3018 if (*errp != 0) 3019 goto done; 3020 sav->state = SADB_SASTATE_MATURE; 3021 } 3022 3023 SAHTREE_WLOCK(); 3024 /* 3025 * Check that existing SAH wasn't unlinked. 3026 * Since we didn't hold the SAHTREE lock, it is possible, 3027 * that callout handler or key_flush() or key_delete() could 3028 * unlink this SAH. 3029 */ 3030 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3031 SAHTREE_WUNLOCK(); 3032 key_freesah(&sah); /* reference from key_getsah() */ 3033 goto again; 3034 } 3035 if (isnew != 0) { 3036 /* 3037 * Add new SAH into SADB. 3038 * 3039 * XXXAE: we can serialize key_add and key_getspi calls, so 3040 * several threads will not fight in the race. 3041 * Otherwise we should check under SAHTREE lock, that this 3042 * SAH would not added twice. 3043 */ 3044 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3045 /* Add new SAH into hash by addresses */ 3046 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3047 /* Now we are linked in the chain */ 3048 sah->state = SADB_SASTATE_MATURE; 3049 /* 3050 * SAV references this new SAH. 3051 * In case of existing SAH we reuse reference 3052 * from key_getsah(). 3053 */ 3054 SAH_ADDREF(sah); 3055 } 3056 /* Link SAV with SAH */ 3057 if (sav->state == SADB_SASTATE_MATURE) 3058 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3059 else 3060 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3061 /* Add SAV into SPI hash */ 3062 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3063 SAHTREE_WUNLOCK(); 3064 *errp = 0; /* success */ 3065 done: 3066 if (*errp != 0) { 3067 if (sav != NULL) { 3068 if (sav->lock != NULL) { 3069 rm_destroy(sav->lock); 3070 free(sav->lock, M_IPSEC_MISC); 3071 } 3072 if (sav->lft_c != NULL) 3073 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3074 free(sav, M_IPSEC_SA), sav = NULL; 3075 } 3076 if (sah != NULL) 3077 key_freesah(&sah); 3078 if (*errp == ENOBUFS) { 3079 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3080 __func__)); 3081 PFKEYSTAT_INC(in_nomem); 3082 } 3083 } 3084 return (sav); 3085 } 3086 3087 /* 3088 * free() SA variable entry. 3089 */ 3090 static void 3091 key_cleansav(struct secasvar *sav) 3092 { 3093 3094 if (sav->natt != NULL) { 3095 free(sav->natt, M_IPSEC_MISC); 3096 sav->natt = NULL; 3097 } 3098 if (sav->flags & SADB_X_EXT_F_CLONED) 3099 return; 3100 if (sav->tdb_xform != NULL) { 3101 sav->tdb_xform->xf_cleanup(sav); 3102 sav->tdb_xform = NULL; 3103 } 3104 if (sav->key_auth != NULL) { 3105 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3106 free(sav->key_auth, M_IPSEC_MISC); 3107 sav->key_auth = NULL; 3108 } 3109 if (sav->key_enc != NULL) { 3110 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3111 free(sav->key_enc, M_IPSEC_MISC); 3112 sav->key_enc = NULL; 3113 } 3114 if (sav->replay != NULL) { 3115 mtx_destroy(&sav->replay->lock); 3116 if (sav->replay->bitmap != NULL) 3117 free(sav->replay->bitmap, M_IPSEC_MISC); 3118 free(sav->replay, M_IPSEC_MISC); 3119 sav->replay = NULL; 3120 } 3121 if (sav->lft_h != NULL) { 3122 free(sav->lft_h, M_IPSEC_MISC); 3123 sav->lft_h = NULL; 3124 } 3125 if (sav->lft_s != NULL) { 3126 free(sav->lft_s, M_IPSEC_MISC); 3127 sav->lft_s = NULL; 3128 } 3129 } 3130 3131 /* 3132 * free() SA variable entry. 3133 */ 3134 static void 3135 key_delsav(struct secasvar *sav) 3136 { 3137 IPSEC_ASSERT(sav != NULL, ("null sav")); 3138 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3139 ("attempt to free non DEAD SA %p", sav)); 3140 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3141 sav->refcnt)); 3142 3143 /* 3144 * SA must be unlinked from the chain and hashtbl. 3145 * If SA was cloned, we leave all fields untouched, 3146 * except NAT-T config. 3147 */ 3148 key_cleansav(sav); 3149 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3150 rm_destroy(sav->lock); 3151 free(sav->lock, M_IPSEC_MISC); 3152 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3153 } 3154 free(sav, M_IPSEC_SA); 3155 } 3156 3157 /* 3158 * search SAH. 3159 * OUT: 3160 * NULL : not found 3161 * others : found, referenced pointer to a SAH. 3162 */ 3163 static struct secashead * 3164 key_getsah(struct secasindex *saidx) 3165 { 3166 SAHTREE_RLOCK_TRACKER; 3167 struct secashead *sah; 3168 3169 SAHTREE_RLOCK(); 3170 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3171 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3172 SAH_ADDREF(sah); 3173 break; 3174 } 3175 } 3176 SAHTREE_RUNLOCK(); 3177 return (sah); 3178 } 3179 3180 /* 3181 * Check not to be duplicated SPI. 3182 * OUT: 3183 * 0 : not found 3184 * 1 : found SA with given SPI. 3185 */ 3186 static int 3187 key_checkspidup(uint32_t spi) 3188 { 3189 SAHTREE_RLOCK_TRACKER; 3190 struct secasvar *sav; 3191 3192 /* Assume SPI is in network byte order */ 3193 SAHTREE_RLOCK(); 3194 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3195 if (sav->spi == spi) 3196 break; 3197 } 3198 SAHTREE_RUNLOCK(); 3199 return (sav != NULL); 3200 } 3201 3202 /* 3203 * Search SA by SPI. 3204 * OUT: 3205 * NULL : not found 3206 * others : found, referenced pointer to a SA. 3207 */ 3208 static struct secasvar * 3209 key_getsavbyspi(uint32_t spi) 3210 { 3211 SAHTREE_RLOCK_TRACKER; 3212 struct secasvar *sav; 3213 3214 /* Assume SPI is in network byte order */ 3215 SAHTREE_RLOCK(); 3216 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3217 if (sav->spi != spi) 3218 continue; 3219 SAV_ADDREF(sav); 3220 break; 3221 } 3222 SAHTREE_RUNLOCK(); 3223 return (sav); 3224 } 3225 3226 static int 3227 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3228 { 3229 struct seclifetime *lft_h, *lft_s, *tmp; 3230 3231 /* Lifetime extension is optional, check that it is present. */ 3232 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3233 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3234 /* 3235 * In case of SADB_UPDATE we may need to change 3236 * existing lifetimes. 3237 */ 3238 if (sav->state == SADB_SASTATE_MATURE) { 3239 lft_h = lft_s = NULL; 3240 goto reset; 3241 } 3242 return (0); 3243 } 3244 /* Both HARD and SOFT extensions must present */ 3245 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3246 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3247 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3248 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3249 ipseclog((LOG_DEBUG, 3250 "%s: invalid message: missing required header.\n", 3251 __func__)); 3252 return (EINVAL); 3253 } 3254 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3255 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3256 ipseclog((LOG_DEBUG, 3257 "%s: invalid message: wrong header size.\n", __func__)); 3258 return (EINVAL); 3259 } 3260 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3261 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3262 if (lft_h == NULL) { 3263 PFKEYSTAT_INC(in_nomem); 3264 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3265 return (ENOBUFS); 3266 } 3267 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3268 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3269 if (lft_s == NULL) { 3270 PFKEYSTAT_INC(in_nomem); 3271 free(lft_h, M_IPSEC_MISC); 3272 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3273 return (ENOBUFS); 3274 } 3275 reset: 3276 if (sav->state != SADB_SASTATE_LARVAL) { 3277 /* 3278 * key_update() holds reference to this SA, 3279 * so it won't be deleted in meanwhile. 3280 */ 3281 SECASVAR_WLOCK(sav); 3282 tmp = sav->lft_h; 3283 sav->lft_h = lft_h; 3284 lft_h = tmp; 3285 3286 tmp = sav->lft_s; 3287 sav->lft_s = lft_s; 3288 lft_s = tmp; 3289 SECASVAR_WUNLOCK(sav); 3290 if (lft_h != NULL) 3291 free(lft_h, M_IPSEC_MISC); 3292 if (lft_s != NULL) 3293 free(lft_s, M_IPSEC_MISC); 3294 return (0); 3295 } 3296 /* We can update lifetime without holding a lock */ 3297 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3298 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3299 sav->lft_h = lft_h; 3300 sav->lft_s = lft_s; 3301 return (0); 3302 } 3303 3304 /* 3305 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3306 * You must update these if need. Expects only LARVAL SAs. 3307 * OUT: 0: success. 3308 * !0: failure. 3309 */ 3310 static int 3311 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3312 { 3313 const struct sadb_sa *sa0; 3314 const struct sadb_key *key0; 3315 uint32_t replay; 3316 size_t len; 3317 int error; 3318 3319 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3320 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3321 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3322 ("Attempt to update non LARVAL SA")); 3323 3324 /* XXX rewrite */ 3325 error = key_setident(sav->sah, mhp); 3326 if (error != 0) 3327 goto fail; 3328 3329 /* SA */ 3330 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3331 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3332 error = EINVAL; 3333 goto fail; 3334 } 3335 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3336 sav->alg_auth = sa0->sadb_sa_auth; 3337 sav->alg_enc = sa0->sadb_sa_encrypt; 3338 sav->flags = sa0->sadb_sa_flags; 3339 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3340 ipseclog((LOG_DEBUG, 3341 "%s: invalid sa_flags 0x%08x.\n", __func__, 3342 sav->flags)); 3343 error = EINVAL; 3344 goto fail; 3345 } 3346 3347 /* Optional replay window */ 3348 replay = 0; 3349 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3350 replay = sa0->sadb_sa_replay; 3351 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3352 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3353 error = EINVAL; 3354 goto fail; 3355 } 3356 replay = ((const struct sadb_x_sa_replay *) 3357 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3358 3359 if (replay > UINT32_MAX - 32) { 3360 ipseclog((LOG_DEBUG, 3361 "%s: replay window too big.\n", __func__)); 3362 error = EINVAL; 3363 goto fail; 3364 } 3365 3366 replay = (replay + 7) >> 3; 3367 } 3368 3369 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3370 M_NOWAIT | M_ZERO); 3371 if (sav->replay == NULL) { 3372 PFKEYSTAT_INC(in_nomem); 3373 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3374 __func__)); 3375 error = ENOBUFS; 3376 goto fail; 3377 } 3378 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3379 3380 if (replay != 0) { 3381 /* number of 32b blocks to be allocated */ 3382 uint32_t bitmap_size; 3383 3384 /* RFC 6479: 3385 * - the allocated replay window size must be 3386 * a power of two. 3387 * - use an extra 32b block as a redundant window. 3388 */ 3389 bitmap_size = 1; 3390 while (replay + 4 > bitmap_size) 3391 bitmap_size <<= 1; 3392 bitmap_size = bitmap_size / 4; 3393 3394 sav->replay->bitmap = malloc( 3395 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3396 M_NOWAIT | M_ZERO); 3397 if (sav->replay->bitmap == NULL) { 3398 PFKEYSTAT_INC(in_nomem); 3399 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3400 __func__)); 3401 error = ENOBUFS; 3402 goto fail; 3403 } 3404 sav->replay->bitmap_size = bitmap_size; 3405 sav->replay->wsize = replay; 3406 } 3407 } 3408 3409 /* Authentication keys */ 3410 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3411 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3412 error = EINVAL; 3413 goto fail; 3414 } 3415 error = 0; 3416 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3417 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3418 switch (mhp->msg->sadb_msg_satype) { 3419 case SADB_SATYPE_AH: 3420 case SADB_SATYPE_ESP: 3421 case SADB_X_SATYPE_TCPSIGNATURE: 3422 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3423 sav->alg_auth != SADB_X_AALG_NULL) 3424 error = EINVAL; 3425 break; 3426 case SADB_X_SATYPE_IPCOMP: 3427 default: 3428 error = EINVAL; 3429 break; 3430 } 3431 if (error) { 3432 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3433 __func__)); 3434 goto fail; 3435 } 3436 3437 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3438 if (sav->key_auth == NULL ) { 3439 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3440 __func__)); 3441 PFKEYSTAT_INC(in_nomem); 3442 error = ENOBUFS; 3443 goto fail; 3444 } 3445 } 3446 3447 /* Encryption key */ 3448 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3449 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3450 error = EINVAL; 3451 goto fail; 3452 } 3453 error = 0; 3454 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3455 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3456 switch (mhp->msg->sadb_msg_satype) { 3457 case SADB_SATYPE_ESP: 3458 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3459 sav->alg_enc != SADB_EALG_NULL) { 3460 error = EINVAL; 3461 break; 3462 } 3463 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3464 if (sav->key_enc == NULL) { 3465 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3466 __func__)); 3467 PFKEYSTAT_INC(in_nomem); 3468 error = ENOBUFS; 3469 goto fail; 3470 } 3471 break; 3472 case SADB_X_SATYPE_IPCOMP: 3473 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3474 error = EINVAL; 3475 sav->key_enc = NULL; /*just in case*/ 3476 break; 3477 case SADB_SATYPE_AH: 3478 case SADB_X_SATYPE_TCPSIGNATURE: 3479 default: 3480 error = EINVAL; 3481 break; 3482 } 3483 if (error) { 3484 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3485 __func__)); 3486 goto fail; 3487 } 3488 } 3489 3490 /* set iv */ 3491 sav->ivlen = 0; 3492 switch (mhp->msg->sadb_msg_satype) { 3493 case SADB_SATYPE_AH: 3494 if (sav->flags & SADB_X_EXT_DERIV) { 3495 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3496 "given to AH SA.\n", __func__)); 3497 error = EINVAL; 3498 goto fail; 3499 } 3500 if (sav->alg_enc != SADB_EALG_NONE) { 3501 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3502 "mismated.\n", __func__)); 3503 error = EINVAL; 3504 goto fail; 3505 } 3506 error = xform_init(sav, XF_AH); 3507 break; 3508 case SADB_SATYPE_ESP: 3509 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3510 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3511 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3512 "given to old-esp.\n", __func__)); 3513 error = EINVAL; 3514 goto fail; 3515 } 3516 error = xform_init(sav, XF_ESP); 3517 break; 3518 case SADB_X_SATYPE_IPCOMP: 3519 if (sav->alg_auth != SADB_AALG_NONE) { 3520 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3521 "mismated.\n", __func__)); 3522 error = EINVAL; 3523 goto fail; 3524 } 3525 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3526 ntohl(sav->spi) >= 0x10000) { 3527 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3528 __func__)); 3529 error = EINVAL; 3530 goto fail; 3531 } 3532 error = xform_init(sav, XF_IPCOMP); 3533 break; 3534 case SADB_X_SATYPE_TCPSIGNATURE: 3535 if (sav->alg_enc != SADB_EALG_NONE) { 3536 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3537 "mismated.\n", __func__)); 3538 error = EINVAL; 3539 goto fail; 3540 } 3541 error = xform_init(sav, XF_TCPSIGNATURE); 3542 break; 3543 default: 3544 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3545 error = EPROTONOSUPPORT; 3546 goto fail; 3547 } 3548 if (error) { 3549 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3550 __func__, mhp->msg->sadb_msg_satype)); 3551 goto fail; 3552 } 3553 3554 /* Handle NAT-T headers */ 3555 error = key_setnatt(sav, mhp); 3556 if (error != 0) 3557 goto fail; 3558 3559 /* Initialize lifetime for CURRENT */ 3560 sav->firstused = 0; 3561 sav->created = time_second; 3562 3563 /* lifetimes for HARD and SOFT */ 3564 error = key_updatelifetimes(sav, mhp); 3565 if (error == 0) 3566 return (0); 3567 fail: 3568 key_cleansav(sav); 3569 return (error); 3570 } 3571 3572 /* 3573 * subroutine for SADB_GET and SADB_DUMP. 3574 */ 3575 static struct mbuf * 3576 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3577 uint32_t seq, uint32_t pid) 3578 { 3579 struct seclifetime lft_c; 3580 struct mbuf *result = NULL, *tres = NULL, *m; 3581 int i, dumporder[] = { 3582 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3583 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3584 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3585 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3586 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3587 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3588 SADB_EXT_SENSITIVITY, 3589 SADB_X_EXT_NAT_T_TYPE, 3590 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3591 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3592 SADB_X_EXT_NAT_T_FRAG, 3593 }; 3594 uint32_t replay_count; 3595 3596 SECASVAR_RLOCK_TRACKER; 3597 3598 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3599 if (m == NULL) 3600 goto fail; 3601 result = m; 3602 3603 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3604 m = NULL; 3605 switch (dumporder[i]) { 3606 case SADB_EXT_SA: 3607 m = key_setsadbsa(sav); 3608 if (!m) 3609 goto fail; 3610 break; 3611 3612 case SADB_X_EXT_SA2: { 3613 SECASVAR_RLOCK(sav); 3614 replay_count = sav->replay ? sav->replay->count : 0; 3615 SECASVAR_RUNLOCK(sav); 3616 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3617 sav->sah->saidx.reqid); 3618 if (!m) 3619 goto fail; 3620 break; 3621 } 3622 case SADB_X_EXT_SA_REPLAY: 3623 if (sav->replay == NULL || 3624 sav->replay->wsize <= UINT8_MAX) 3625 continue; 3626 3627 m = key_setsadbxsareplay(sav->replay->wsize); 3628 if (!m) 3629 goto fail; 3630 break; 3631 3632 case SADB_EXT_ADDRESS_SRC: 3633 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3634 &sav->sah->saidx.src.sa, 3635 FULLMASK, IPSEC_ULPROTO_ANY); 3636 if (!m) 3637 goto fail; 3638 break; 3639 3640 case SADB_EXT_ADDRESS_DST: 3641 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3642 &sav->sah->saidx.dst.sa, 3643 FULLMASK, IPSEC_ULPROTO_ANY); 3644 if (!m) 3645 goto fail; 3646 break; 3647 3648 case SADB_EXT_KEY_AUTH: 3649 if (!sav->key_auth) 3650 continue; 3651 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3652 if (!m) 3653 goto fail; 3654 break; 3655 3656 case SADB_EXT_KEY_ENCRYPT: 3657 if (!sav->key_enc) 3658 continue; 3659 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3660 if (!m) 3661 goto fail; 3662 break; 3663 3664 case SADB_EXT_LIFETIME_CURRENT: 3665 lft_c.addtime = sav->created; 3666 lft_c.allocations = (uint32_t)counter_u64_fetch( 3667 sav->lft_c_allocations); 3668 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3669 lft_c.usetime = sav->firstused; 3670 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3671 if (!m) 3672 goto fail; 3673 break; 3674 3675 case SADB_EXT_LIFETIME_HARD: 3676 if (!sav->lft_h) 3677 continue; 3678 m = key_setlifetime(sav->lft_h, 3679 SADB_EXT_LIFETIME_HARD); 3680 if (!m) 3681 goto fail; 3682 break; 3683 3684 case SADB_EXT_LIFETIME_SOFT: 3685 if (!sav->lft_s) 3686 continue; 3687 m = key_setlifetime(sav->lft_s, 3688 SADB_EXT_LIFETIME_SOFT); 3689 3690 if (!m) 3691 goto fail; 3692 break; 3693 3694 case SADB_X_EXT_NAT_T_TYPE: 3695 if (sav->natt == NULL) 3696 continue; 3697 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3698 if (!m) 3699 goto fail; 3700 break; 3701 3702 case SADB_X_EXT_NAT_T_DPORT: 3703 if (sav->natt == NULL) 3704 continue; 3705 m = key_setsadbxport(sav->natt->dport, 3706 SADB_X_EXT_NAT_T_DPORT); 3707 if (!m) 3708 goto fail; 3709 break; 3710 3711 case SADB_X_EXT_NAT_T_SPORT: 3712 if (sav->natt == NULL) 3713 continue; 3714 m = key_setsadbxport(sav->natt->sport, 3715 SADB_X_EXT_NAT_T_SPORT); 3716 if (!m) 3717 goto fail; 3718 break; 3719 3720 case SADB_X_EXT_NAT_T_OAI: 3721 if (sav->natt == NULL || 3722 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3723 continue; 3724 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3725 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3726 if (!m) 3727 goto fail; 3728 break; 3729 case SADB_X_EXT_NAT_T_OAR: 3730 if (sav->natt == NULL || 3731 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3732 continue; 3733 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3734 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3735 if (!m) 3736 goto fail; 3737 break; 3738 case SADB_X_EXT_NAT_T_FRAG: 3739 /* We do not (yet) support those. */ 3740 continue; 3741 3742 case SADB_EXT_ADDRESS_PROXY: 3743 case SADB_EXT_IDENTITY_SRC: 3744 case SADB_EXT_IDENTITY_DST: 3745 /* XXX: should we brought from SPD ? */ 3746 case SADB_EXT_SENSITIVITY: 3747 default: 3748 continue; 3749 } 3750 3751 if (!m) 3752 goto fail; 3753 if (tres) 3754 m_cat(m, tres); 3755 tres = m; 3756 } 3757 3758 m_cat(result, tres); 3759 tres = NULL; 3760 if (result->m_len < sizeof(struct sadb_msg)) { 3761 result = m_pullup(result, sizeof(struct sadb_msg)); 3762 if (result == NULL) 3763 goto fail; 3764 } 3765 3766 result->m_pkthdr.len = 0; 3767 for (m = result; m; m = m->m_next) 3768 result->m_pkthdr.len += m->m_len; 3769 3770 mtod(result, struct sadb_msg *)->sadb_msg_len = 3771 PFKEY_UNIT64(result->m_pkthdr.len); 3772 3773 return result; 3774 3775 fail: 3776 m_freem(result); 3777 m_freem(tres); 3778 return NULL; 3779 } 3780 3781 /* 3782 * set data into sadb_msg. 3783 */ 3784 static struct mbuf * 3785 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3786 pid_t pid, u_int16_t reserved) 3787 { 3788 struct mbuf *m; 3789 struct sadb_msg *p; 3790 int len; 3791 3792 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3793 if (len > MCLBYTES) 3794 return NULL; 3795 MGETHDR(m, M_NOWAIT, MT_DATA); 3796 if (m && len > MHLEN) { 3797 if (!(MCLGET(m, M_NOWAIT))) { 3798 m_freem(m); 3799 m = NULL; 3800 } 3801 } 3802 if (!m) 3803 return NULL; 3804 m->m_pkthdr.len = m->m_len = len; 3805 m->m_next = NULL; 3806 3807 p = mtod(m, struct sadb_msg *); 3808 3809 bzero(p, len); 3810 p->sadb_msg_version = PF_KEY_V2; 3811 p->sadb_msg_type = type; 3812 p->sadb_msg_errno = 0; 3813 p->sadb_msg_satype = satype; 3814 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3815 p->sadb_msg_reserved = reserved; 3816 p->sadb_msg_seq = seq; 3817 p->sadb_msg_pid = (u_int32_t)pid; 3818 3819 return m; 3820 } 3821 3822 /* 3823 * copy secasvar data into sadb_address. 3824 */ 3825 static struct mbuf * 3826 key_setsadbsa(struct secasvar *sav) 3827 { 3828 struct mbuf *m; 3829 struct sadb_sa *p; 3830 int len; 3831 3832 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3833 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3834 if (m == NULL) 3835 return (NULL); 3836 m_align(m, len); 3837 m->m_len = len; 3838 p = mtod(m, struct sadb_sa *); 3839 bzero(p, len); 3840 p->sadb_sa_len = PFKEY_UNIT64(len); 3841 p->sadb_sa_exttype = SADB_EXT_SA; 3842 p->sadb_sa_spi = sav->spi; 3843 p->sadb_sa_replay = sav->replay ? 3844 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3845 sav->replay->wsize): 0; 3846 p->sadb_sa_state = sav->state; 3847 p->sadb_sa_auth = sav->alg_auth; 3848 p->sadb_sa_encrypt = sav->alg_enc; 3849 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3850 return (m); 3851 } 3852 3853 /* 3854 * set data into sadb_address. 3855 */ 3856 static struct mbuf * 3857 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3858 u_int8_t prefixlen, u_int16_t ul_proto) 3859 { 3860 struct mbuf *m; 3861 struct sadb_address *p; 3862 size_t len; 3863 3864 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3865 PFKEY_ALIGN8(saddr->sa_len); 3866 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3867 if (m == NULL) 3868 return (NULL); 3869 m_align(m, len); 3870 m->m_len = len; 3871 p = mtod(m, struct sadb_address *); 3872 3873 bzero(p, len); 3874 p->sadb_address_len = PFKEY_UNIT64(len); 3875 p->sadb_address_exttype = exttype; 3876 p->sadb_address_proto = ul_proto; 3877 if (prefixlen == FULLMASK) { 3878 switch (saddr->sa_family) { 3879 case AF_INET: 3880 prefixlen = sizeof(struct in_addr) << 3; 3881 break; 3882 case AF_INET6: 3883 prefixlen = sizeof(struct in6_addr) << 3; 3884 break; 3885 default: 3886 ; /*XXX*/ 3887 } 3888 } 3889 p->sadb_address_prefixlen = prefixlen; 3890 p->sadb_address_reserved = 0; 3891 3892 bcopy(saddr, 3893 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3894 saddr->sa_len); 3895 3896 return m; 3897 } 3898 3899 /* 3900 * set data into sadb_x_sa2. 3901 */ 3902 static struct mbuf * 3903 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3904 { 3905 struct mbuf *m; 3906 struct sadb_x_sa2 *p; 3907 size_t len; 3908 3909 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3910 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3911 if (m == NULL) 3912 return (NULL); 3913 m_align(m, len); 3914 m->m_len = len; 3915 p = mtod(m, struct sadb_x_sa2 *); 3916 3917 bzero(p, len); 3918 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3919 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3920 p->sadb_x_sa2_mode = mode; 3921 p->sadb_x_sa2_reserved1 = 0; 3922 p->sadb_x_sa2_reserved2 = 0; 3923 p->sadb_x_sa2_sequence = seq; 3924 p->sadb_x_sa2_reqid = reqid; 3925 3926 return m; 3927 } 3928 3929 /* 3930 * Set data into sadb_x_sa_replay. 3931 */ 3932 static struct mbuf * 3933 key_setsadbxsareplay(u_int32_t replay) 3934 { 3935 struct mbuf *m; 3936 struct sadb_x_sa_replay *p; 3937 size_t len; 3938 3939 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3940 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3941 if (m == NULL) 3942 return (NULL); 3943 m_align(m, len); 3944 m->m_len = len; 3945 p = mtod(m, struct sadb_x_sa_replay *); 3946 3947 bzero(p, len); 3948 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3949 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3950 p->sadb_x_sa_replay_replay = (replay << 3); 3951 3952 return m; 3953 } 3954 3955 /* 3956 * Set a type in sadb_x_nat_t_type. 3957 */ 3958 static struct mbuf * 3959 key_setsadbxtype(u_int16_t type) 3960 { 3961 struct mbuf *m; 3962 size_t len; 3963 struct sadb_x_nat_t_type *p; 3964 3965 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3966 3967 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3968 if (m == NULL) 3969 return (NULL); 3970 m_align(m, len); 3971 m->m_len = len; 3972 p = mtod(m, struct sadb_x_nat_t_type *); 3973 3974 bzero(p, len); 3975 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3976 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3977 p->sadb_x_nat_t_type_type = type; 3978 3979 return (m); 3980 } 3981 /* 3982 * Set a port in sadb_x_nat_t_port. 3983 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3984 */ 3985 static struct mbuf * 3986 key_setsadbxport(u_int16_t port, u_int16_t type) 3987 { 3988 struct mbuf *m; 3989 size_t len; 3990 struct sadb_x_nat_t_port *p; 3991 3992 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3993 3994 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3995 if (m == NULL) 3996 return (NULL); 3997 m_align(m, len); 3998 m->m_len = len; 3999 p = mtod(m, struct sadb_x_nat_t_port *); 4000 4001 bzero(p, len); 4002 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4003 p->sadb_x_nat_t_port_exttype = type; 4004 p->sadb_x_nat_t_port_port = port; 4005 4006 return (m); 4007 } 4008 4009 /* 4010 * Get port from sockaddr. Port is in network byte order. 4011 */ 4012 uint16_t 4013 key_portfromsaddr(struct sockaddr *sa) 4014 { 4015 4016 switch (sa->sa_family) { 4017 #ifdef INET 4018 case AF_INET: 4019 return ((struct sockaddr_in *)sa)->sin_port; 4020 #endif 4021 #ifdef INET6 4022 case AF_INET6: 4023 return ((struct sockaddr_in6 *)sa)->sin6_port; 4024 #endif 4025 } 4026 return (0); 4027 } 4028 4029 /* 4030 * Set port in struct sockaddr. Port is in network byte order. 4031 */ 4032 void 4033 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4034 { 4035 4036 switch (sa->sa_family) { 4037 #ifdef INET 4038 case AF_INET: 4039 ((struct sockaddr_in *)sa)->sin_port = port; 4040 break; 4041 #endif 4042 #ifdef INET6 4043 case AF_INET6: 4044 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4045 break; 4046 #endif 4047 default: 4048 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4049 __func__, sa->sa_family)); 4050 break; 4051 } 4052 } 4053 4054 /* 4055 * set data into sadb_x_policy 4056 */ 4057 static struct mbuf * 4058 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4059 { 4060 struct mbuf *m; 4061 struct sadb_x_policy *p; 4062 size_t len; 4063 4064 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4065 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4066 if (m == NULL) 4067 return (NULL); 4068 m_align(m, len); 4069 m->m_len = len; 4070 p = mtod(m, struct sadb_x_policy *); 4071 4072 bzero(p, len); 4073 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4074 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4075 p->sadb_x_policy_type = type; 4076 p->sadb_x_policy_dir = dir; 4077 p->sadb_x_policy_id = id; 4078 p->sadb_x_policy_priority = priority; 4079 4080 return m; 4081 } 4082 4083 /* %%% utilities */ 4084 /* Take a key message (sadb_key) from the socket and turn it into one 4085 * of the kernel's key structures (seckey). 4086 * 4087 * IN: pointer to the src 4088 * OUT: NULL no more memory 4089 */ 4090 struct seckey * 4091 key_dup_keymsg(const struct sadb_key *src, size_t len, 4092 struct malloc_type *type) 4093 { 4094 struct seckey *dst; 4095 4096 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4097 if (dst != NULL) { 4098 dst->bits = src->sadb_key_bits; 4099 dst->key_data = malloc(len, type, M_NOWAIT); 4100 if (dst->key_data != NULL) { 4101 bcopy((const char *)(src + 1), dst->key_data, len); 4102 } else { 4103 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4104 __func__)); 4105 free(dst, type); 4106 dst = NULL; 4107 } 4108 } else { 4109 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4110 __func__)); 4111 } 4112 return (dst); 4113 } 4114 4115 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4116 * turn it into one of the kernel's lifetime structures (seclifetime). 4117 * 4118 * IN: pointer to the destination, source and malloc type 4119 * OUT: NULL, no more memory 4120 */ 4121 4122 static struct seclifetime * 4123 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4124 { 4125 struct seclifetime *dst; 4126 4127 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4128 if (dst == NULL) { 4129 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4130 return (NULL); 4131 } 4132 dst->allocations = src->sadb_lifetime_allocations; 4133 dst->bytes = src->sadb_lifetime_bytes; 4134 dst->addtime = src->sadb_lifetime_addtime; 4135 dst->usetime = src->sadb_lifetime_usetime; 4136 return (dst); 4137 } 4138 4139 /* 4140 * compare two secasindex structure. 4141 * flag can specify to compare 2 saidxes. 4142 * compare two secasindex structure without both mode and reqid. 4143 * don't compare port. 4144 * IN: 4145 * saidx0: source, it can be in SAD. 4146 * saidx1: object. 4147 * OUT: 4148 * 1 : equal 4149 * 0 : not equal 4150 */ 4151 static int 4152 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4153 int flag) 4154 { 4155 4156 /* sanity */ 4157 if (saidx0 == NULL && saidx1 == NULL) 4158 return 1; 4159 4160 if (saidx0 == NULL || saidx1 == NULL) 4161 return 0; 4162 4163 if (saidx0->proto != saidx1->proto) 4164 return 0; 4165 4166 if (flag == CMP_EXACTLY) { 4167 if (saidx0->mode != saidx1->mode) 4168 return 0; 4169 if (saidx0->reqid != saidx1->reqid) 4170 return 0; 4171 if (bcmp(&saidx0->src, &saidx1->src, 4172 saidx0->src.sa.sa_len) != 0 || 4173 bcmp(&saidx0->dst, &saidx1->dst, 4174 saidx0->dst.sa.sa_len) != 0) 4175 return 0; 4176 } else { 4177 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4178 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4179 /* 4180 * If reqid of SPD is non-zero, unique SA is required. 4181 * The result must be of same reqid in this case. 4182 */ 4183 if (saidx1->reqid != 0 && 4184 saidx0->reqid != saidx1->reqid) 4185 return 0; 4186 } 4187 4188 if (flag == CMP_MODE_REQID) { 4189 if (saidx0->mode != IPSEC_MODE_ANY 4190 && saidx0->mode != saidx1->mode) 4191 return 0; 4192 } 4193 4194 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4195 return 0; 4196 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4197 return 0; 4198 } 4199 4200 return 1; 4201 } 4202 4203 /* 4204 * compare two secindex structure exactly. 4205 * IN: 4206 * spidx0: source, it is often in SPD. 4207 * spidx1: object, it is often from PFKEY message. 4208 * OUT: 4209 * 1 : equal 4210 * 0 : not equal 4211 */ 4212 static int 4213 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4214 struct secpolicyindex *spidx1) 4215 { 4216 /* sanity */ 4217 if (spidx0 == NULL && spidx1 == NULL) 4218 return 1; 4219 4220 if (spidx0 == NULL || spidx1 == NULL) 4221 return 0; 4222 4223 if (spidx0->prefs != spidx1->prefs 4224 || spidx0->prefd != spidx1->prefd 4225 || spidx0->ul_proto != spidx1->ul_proto 4226 || spidx0->dir != spidx1->dir) 4227 return 0; 4228 4229 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4230 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4231 } 4232 4233 /* 4234 * compare two secindex structure with mask. 4235 * IN: 4236 * spidx0: source, it is often in SPD. 4237 * spidx1: object, it is often from IP header. 4238 * OUT: 4239 * 1 : equal 4240 * 0 : not equal 4241 */ 4242 static int 4243 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4244 struct secpolicyindex *spidx1) 4245 { 4246 /* sanity */ 4247 if (spidx0 == NULL && spidx1 == NULL) 4248 return 1; 4249 4250 if (spidx0 == NULL || spidx1 == NULL) 4251 return 0; 4252 4253 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4254 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4255 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4256 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4257 return 0; 4258 4259 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4260 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4261 && spidx0->ul_proto != spidx1->ul_proto) 4262 return 0; 4263 4264 switch (spidx0->src.sa.sa_family) { 4265 case AF_INET: 4266 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4267 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4268 return 0; 4269 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4270 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4271 return 0; 4272 break; 4273 case AF_INET6: 4274 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4275 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4276 return 0; 4277 /* 4278 * scope_id check. if sin6_scope_id is 0, we regard it 4279 * as a wildcard scope, which matches any scope zone ID. 4280 */ 4281 if (spidx0->src.sin6.sin6_scope_id && 4282 spidx1->src.sin6.sin6_scope_id && 4283 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4284 return 0; 4285 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4286 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4287 return 0; 4288 break; 4289 default: 4290 /* XXX */ 4291 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4292 return 0; 4293 break; 4294 } 4295 4296 switch (spidx0->dst.sa.sa_family) { 4297 case AF_INET: 4298 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4299 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4300 return 0; 4301 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4302 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4303 return 0; 4304 break; 4305 case AF_INET6: 4306 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4307 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4308 return 0; 4309 /* 4310 * scope_id check. if sin6_scope_id is 0, we regard it 4311 * as a wildcard scope, which matches any scope zone ID. 4312 */ 4313 if (spidx0->dst.sin6.sin6_scope_id && 4314 spidx1->dst.sin6.sin6_scope_id && 4315 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4316 return 0; 4317 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4318 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4319 return 0; 4320 break; 4321 default: 4322 /* XXX */ 4323 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4324 return 0; 4325 break; 4326 } 4327 4328 /* XXX Do we check other field ? e.g. flowinfo */ 4329 4330 return 1; 4331 } 4332 4333 #ifdef satosin 4334 #undef satosin 4335 #endif 4336 #define satosin(s) ((const struct sockaddr_in *)s) 4337 #ifdef satosin6 4338 #undef satosin6 4339 #endif 4340 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4341 /* returns 0 on match */ 4342 int 4343 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4344 int port) 4345 { 4346 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4347 return 1; 4348 4349 switch (sa1->sa_family) { 4350 #ifdef INET 4351 case AF_INET: 4352 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4353 return 1; 4354 if (satosin(sa1)->sin_addr.s_addr != 4355 satosin(sa2)->sin_addr.s_addr) { 4356 return 1; 4357 } 4358 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4359 return 1; 4360 break; 4361 #endif 4362 #ifdef INET6 4363 case AF_INET6: 4364 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4365 return 1; /*EINVAL*/ 4366 if (satosin6(sa1)->sin6_scope_id != 4367 satosin6(sa2)->sin6_scope_id) { 4368 return 1; 4369 } 4370 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4371 &satosin6(sa2)->sin6_addr)) { 4372 return 1; 4373 } 4374 if (port && 4375 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4376 return 1; 4377 } 4378 break; 4379 #endif 4380 default: 4381 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4382 return 1; 4383 break; 4384 } 4385 4386 return 0; 4387 } 4388 4389 /* returns 0 on match */ 4390 int 4391 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4392 const struct sockaddr *sa2, size_t mask) 4393 { 4394 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4395 return (1); 4396 4397 switch (sa1->sa_family) { 4398 #ifdef INET 4399 case AF_INET: 4400 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4401 &satosin(sa2)->sin_addr, mask)); 4402 #endif 4403 #ifdef INET6 4404 case AF_INET6: 4405 if (satosin6(sa1)->sin6_scope_id != 4406 satosin6(sa2)->sin6_scope_id) 4407 return (1); 4408 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4409 &satosin6(sa2)->sin6_addr, mask)); 4410 #endif 4411 } 4412 return (1); 4413 } 4414 #undef satosin 4415 #undef satosin6 4416 4417 /* 4418 * compare two buffers with mask. 4419 * IN: 4420 * addr1: source 4421 * addr2: object 4422 * bits: Number of bits to compare 4423 * OUT: 4424 * 1 : equal 4425 * 0 : not equal 4426 */ 4427 static int 4428 key_bbcmp(const void *a1, const void *a2, u_int bits) 4429 { 4430 const unsigned char *p1 = a1; 4431 const unsigned char *p2 = a2; 4432 4433 /* XXX: This could be considerably faster if we compare a word 4434 * at a time, but it is complicated on LSB Endian machines */ 4435 4436 /* Handle null pointers */ 4437 if (p1 == NULL || p2 == NULL) 4438 return (p1 == p2); 4439 4440 while (bits >= 8) { 4441 if (*p1++ != *p2++) 4442 return 0; 4443 bits -= 8; 4444 } 4445 4446 if (bits > 0) { 4447 u_int8_t mask = ~((1<<(8-bits))-1); 4448 if ((*p1 & mask) != (*p2 & mask)) 4449 return 0; 4450 } 4451 return 1; /* Match! */ 4452 } 4453 4454 static void 4455 key_flush_spd(time_t now) 4456 { 4457 SPTREE_RLOCK_TRACKER; 4458 struct secpolicy_list drainq; 4459 struct secpolicy *sp, *nextsp; 4460 u_int dir; 4461 4462 LIST_INIT(&drainq); 4463 SPTREE_RLOCK(); 4464 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4465 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4466 if (sp->lifetime == 0 && sp->validtime == 0) 4467 continue; 4468 if ((sp->lifetime && 4469 now - sp->created > sp->lifetime) || 4470 (sp->validtime && 4471 now - sp->lastused > sp->validtime)) { 4472 /* Hold extra reference to send SPDEXPIRE */ 4473 SP_ADDREF(sp); 4474 LIST_INSERT_HEAD(&drainq, sp, drainq); 4475 } 4476 } 4477 } 4478 SPTREE_RUNLOCK(); 4479 if (LIST_EMPTY(&drainq)) 4480 return; 4481 4482 SPTREE_WLOCK(); 4483 sp = LIST_FIRST(&drainq); 4484 while (sp != NULL) { 4485 nextsp = LIST_NEXT(sp, drainq); 4486 /* Check that SP is still linked */ 4487 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4488 LIST_REMOVE(sp, drainq); 4489 key_freesp(&sp); /* release extra reference */ 4490 sp = nextsp; 4491 continue; 4492 } 4493 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4494 V_spd_size--; 4495 LIST_REMOVE(sp, idhash); 4496 sp->state = IPSEC_SPSTATE_DEAD; 4497 sp = nextsp; 4498 } 4499 V_sp_genid++; 4500 SPTREE_WUNLOCK(); 4501 if (SPDCACHE_ENABLED()) 4502 spdcache_clear(); 4503 4504 sp = LIST_FIRST(&drainq); 4505 while (sp != NULL) { 4506 nextsp = LIST_NEXT(sp, drainq); 4507 key_spdexpire(sp); 4508 key_freesp(&sp); /* release extra reference */ 4509 key_freesp(&sp); /* release last reference */ 4510 sp = nextsp; 4511 } 4512 } 4513 4514 static void 4515 key_flush_sad(time_t now) 4516 { 4517 SAHTREE_RLOCK_TRACKER; 4518 struct secashead_list emptyq; 4519 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4520 struct secashead *sah, *nextsah; 4521 struct secasvar *sav, *nextsav; 4522 4523 SECASVAR_RLOCK_TRACKER; 4524 4525 LIST_INIT(&drainq); 4526 LIST_INIT(&hexpireq); 4527 LIST_INIT(&sexpireq); 4528 LIST_INIT(&emptyq); 4529 4530 SAHTREE_RLOCK(); 4531 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4532 /* Check for empty SAH */ 4533 if (TAILQ_EMPTY(&sah->savtree_larval) && 4534 TAILQ_EMPTY(&sah->savtree_alive)) { 4535 SAH_ADDREF(sah); 4536 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4537 continue; 4538 } 4539 /* Add all stale LARVAL SAs into drainq */ 4540 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4541 if (now - sav->created < V_key_larval_lifetime) 4542 continue; 4543 SAV_ADDREF(sav); 4544 LIST_INSERT_HEAD(&drainq, sav, drainq); 4545 } 4546 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4547 /* lifetimes aren't specified */ 4548 if (sav->lft_h == NULL) 4549 continue; 4550 SECASVAR_RLOCK(sav); 4551 /* 4552 * Check again with lock held, because it may 4553 * be updated by SADB_UPDATE. 4554 */ 4555 if (sav->lft_h == NULL) { 4556 SECASVAR_RUNLOCK(sav); 4557 continue; 4558 } 4559 /* 4560 * RFC 2367: 4561 * HARD lifetimes MUST take precedence over SOFT 4562 * lifetimes, meaning if the HARD and SOFT lifetimes 4563 * are the same, the HARD lifetime will appear on the 4564 * EXPIRE message. 4565 */ 4566 /* check HARD lifetime */ 4567 if ((sav->lft_h->addtime != 0 && 4568 now - sav->created > sav->lft_h->addtime) || 4569 (sav->lft_h->usetime != 0 && sav->firstused && 4570 now - sav->firstused > sav->lft_h->usetime) || 4571 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4572 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4573 SECASVAR_RUNLOCK(sav); 4574 SAV_ADDREF(sav); 4575 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4576 continue; 4577 } 4578 /* check SOFT lifetime (only for MATURE SAs) */ 4579 if (sav->state == SADB_SASTATE_MATURE && ( 4580 (sav->lft_s->addtime != 0 && 4581 now - sav->created > sav->lft_s->addtime) || 4582 (sav->lft_s->usetime != 0 && sav->firstused && 4583 now - sav->firstused > sav->lft_s->usetime) || 4584 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4585 sav->lft_c_bytes) > sav->lft_s->bytes) || 4586 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4587 (sav->replay != NULL) && ( 4588 (sav->replay->count > UINT32_80PCT) || 4589 (sav->replay->last > UINT32_80PCT))))) { 4590 SECASVAR_RUNLOCK(sav); 4591 SAV_ADDREF(sav); 4592 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4593 continue; 4594 } 4595 SECASVAR_RUNLOCK(sav); 4596 } 4597 } 4598 SAHTREE_RUNLOCK(); 4599 4600 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4601 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4602 return; 4603 4604 LIST_INIT(&freeq); 4605 SAHTREE_WLOCK(); 4606 /* Unlink stale LARVAL SAs */ 4607 sav = LIST_FIRST(&drainq); 4608 while (sav != NULL) { 4609 nextsav = LIST_NEXT(sav, drainq); 4610 /* Check that SA is still LARVAL */ 4611 if (sav->state != SADB_SASTATE_LARVAL) { 4612 LIST_REMOVE(sav, drainq); 4613 LIST_INSERT_HEAD(&freeq, sav, drainq); 4614 sav = nextsav; 4615 continue; 4616 } 4617 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4618 LIST_REMOVE(sav, spihash); 4619 sav->state = SADB_SASTATE_DEAD; 4620 sav = nextsav; 4621 } 4622 /* Unlink all SAs with expired HARD lifetime */ 4623 sav = LIST_FIRST(&hexpireq); 4624 while (sav != NULL) { 4625 nextsav = LIST_NEXT(sav, drainq); 4626 /* Check that SA is not unlinked */ 4627 if (sav->state == SADB_SASTATE_DEAD) { 4628 LIST_REMOVE(sav, drainq); 4629 LIST_INSERT_HEAD(&freeq, sav, drainq); 4630 sav = nextsav; 4631 continue; 4632 } 4633 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4634 LIST_REMOVE(sav, spihash); 4635 sav->state = SADB_SASTATE_DEAD; 4636 sav = nextsav; 4637 } 4638 /* Mark all SAs with expired SOFT lifetime as DYING */ 4639 sav = LIST_FIRST(&sexpireq); 4640 while (sav != NULL) { 4641 nextsav = LIST_NEXT(sav, drainq); 4642 /* Check that SA is not unlinked */ 4643 if (sav->state == SADB_SASTATE_DEAD) { 4644 LIST_REMOVE(sav, drainq); 4645 LIST_INSERT_HEAD(&freeq, sav, drainq); 4646 sav = nextsav; 4647 continue; 4648 } 4649 /* 4650 * NOTE: this doesn't change SA order in the chain. 4651 */ 4652 sav->state = SADB_SASTATE_DYING; 4653 sav = nextsav; 4654 } 4655 /* Unlink empty SAHs */ 4656 sah = LIST_FIRST(&emptyq); 4657 while (sah != NULL) { 4658 nextsah = LIST_NEXT(sah, drainq); 4659 /* Check that SAH is still empty and not unlinked */ 4660 if (sah->state == SADB_SASTATE_DEAD || 4661 !TAILQ_EMPTY(&sah->savtree_larval) || 4662 !TAILQ_EMPTY(&sah->savtree_alive)) { 4663 LIST_REMOVE(sah, drainq); 4664 key_freesah(&sah); /* release extra reference */ 4665 sah = nextsah; 4666 continue; 4667 } 4668 TAILQ_REMOVE(&V_sahtree, sah, chain); 4669 LIST_REMOVE(sah, addrhash); 4670 sah->state = SADB_SASTATE_DEAD; 4671 sah = nextsah; 4672 } 4673 SAHTREE_WUNLOCK(); 4674 4675 /* Send SPDEXPIRE messages */ 4676 sav = LIST_FIRST(&hexpireq); 4677 while (sav != NULL) { 4678 nextsav = LIST_NEXT(sav, drainq); 4679 key_expire(sav, 1); 4680 key_freesah(&sav->sah); /* release reference from SAV */ 4681 key_freesav(&sav); /* release extra reference */ 4682 key_freesav(&sav); /* release last reference */ 4683 sav = nextsav; 4684 } 4685 sav = LIST_FIRST(&sexpireq); 4686 while (sav != NULL) { 4687 nextsav = LIST_NEXT(sav, drainq); 4688 key_expire(sav, 0); 4689 key_freesav(&sav); /* release extra reference */ 4690 sav = nextsav; 4691 } 4692 /* Free stale LARVAL SAs */ 4693 sav = LIST_FIRST(&drainq); 4694 while (sav != NULL) { 4695 nextsav = LIST_NEXT(sav, drainq); 4696 key_freesah(&sav->sah); /* release reference from SAV */ 4697 key_freesav(&sav); /* release extra reference */ 4698 key_freesav(&sav); /* release last reference */ 4699 sav = nextsav; 4700 } 4701 /* Free SAs that were unlinked/changed by someone else */ 4702 sav = LIST_FIRST(&freeq); 4703 while (sav != NULL) { 4704 nextsav = LIST_NEXT(sav, drainq); 4705 key_freesav(&sav); /* release extra reference */ 4706 sav = nextsav; 4707 } 4708 /* Free empty SAH */ 4709 sah = LIST_FIRST(&emptyq); 4710 while (sah != NULL) { 4711 nextsah = LIST_NEXT(sah, drainq); 4712 key_freesah(&sah); /* release extra reference */ 4713 key_freesah(&sah); /* release last reference */ 4714 sah = nextsah; 4715 } 4716 } 4717 4718 static void 4719 key_flush_acq(time_t now) 4720 { 4721 struct secacq *acq, *nextacq; 4722 4723 /* ACQ tree */ 4724 ACQ_LOCK(); 4725 acq = LIST_FIRST(&V_acqtree); 4726 while (acq != NULL) { 4727 nextacq = LIST_NEXT(acq, chain); 4728 if (now - acq->created > V_key_blockacq_lifetime) { 4729 LIST_REMOVE(acq, chain); 4730 LIST_REMOVE(acq, addrhash); 4731 LIST_REMOVE(acq, seqhash); 4732 free(acq, M_IPSEC_SAQ); 4733 } 4734 acq = nextacq; 4735 } 4736 ACQ_UNLOCK(); 4737 } 4738 4739 static void 4740 key_flush_spacq(time_t now) 4741 { 4742 struct secspacq *acq, *nextacq; 4743 4744 /* SP ACQ tree */ 4745 SPACQ_LOCK(); 4746 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4747 nextacq = LIST_NEXT(acq, chain); 4748 if (now - acq->created > V_key_blockacq_lifetime 4749 && __LIST_CHAINED(acq)) { 4750 LIST_REMOVE(acq, chain); 4751 free(acq, M_IPSEC_SAQ); 4752 } 4753 } 4754 SPACQ_UNLOCK(); 4755 } 4756 4757 /* 4758 * time handler. 4759 * scanning SPD and SAD to check status for each entries, 4760 * and do to remove or to expire. 4761 * XXX: year 2038 problem may remain. 4762 */ 4763 static void 4764 key_timehandler(void *arg) 4765 { 4766 VNET_ITERATOR_DECL(vnet_iter); 4767 time_t now = time_second; 4768 4769 VNET_LIST_RLOCK_NOSLEEP(); 4770 VNET_FOREACH(vnet_iter) { 4771 CURVNET_SET(vnet_iter); 4772 key_flush_spd(now); 4773 key_flush_sad(now); 4774 key_flush_acq(now); 4775 key_flush_spacq(now); 4776 CURVNET_RESTORE(); 4777 } 4778 VNET_LIST_RUNLOCK_NOSLEEP(); 4779 4780 #ifndef IPSEC_DEBUG2 4781 /* do exchange to tick time !! */ 4782 callout_schedule(&key_timer, hz); 4783 #endif /* IPSEC_DEBUG2 */ 4784 } 4785 4786 u_long 4787 key_random(void) 4788 { 4789 u_long value; 4790 4791 arc4random_buf(&value, sizeof(value)); 4792 return value; 4793 } 4794 4795 /* 4796 * map SADB_SATYPE_* to IPPROTO_*. 4797 * if satype == SADB_SATYPE then satype is mapped to ~0. 4798 * OUT: 4799 * 0: invalid satype. 4800 */ 4801 static uint8_t 4802 key_satype2proto(uint8_t satype) 4803 { 4804 switch (satype) { 4805 case SADB_SATYPE_UNSPEC: 4806 return IPSEC_PROTO_ANY; 4807 case SADB_SATYPE_AH: 4808 return IPPROTO_AH; 4809 case SADB_SATYPE_ESP: 4810 return IPPROTO_ESP; 4811 case SADB_X_SATYPE_IPCOMP: 4812 return IPPROTO_IPCOMP; 4813 case SADB_X_SATYPE_TCPSIGNATURE: 4814 return IPPROTO_TCP; 4815 default: 4816 return 0; 4817 } 4818 /* NOTREACHED */ 4819 } 4820 4821 /* 4822 * map IPPROTO_* to SADB_SATYPE_* 4823 * OUT: 4824 * 0: invalid protocol type. 4825 */ 4826 static uint8_t 4827 key_proto2satype(uint8_t proto) 4828 { 4829 switch (proto) { 4830 case IPPROTO_AH: 4831 return SADB_SATYPE_AH; 4832 case IPPROTO_ESP: 4833 return SADB_SATYPE_ESP; 4834 case IPPROTO_IPCOMP: 4835 return SADB_X_SATYPE_IPCOMP; 4836 case IPPROTO_TCP: 4837 return SADB_X_SATYPE_TCPSIGNATURE; 4838 default: 4839 return 0; 4840 } 4841 /* NOTREACHED */ 4842 } 4843 4844 /* %%% PF_KEY */ 4845 /* 4846 * SADB_GETSPI processing is to receive 4847 * <base, (SA2), src address, dst address, (SPI range)> 4848 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4849 * tree with the status of LARVAL, and send 4850 * <base, SA(*), address(SD)> 4851 * to the IKMPd. 4852 * 4853 * IN: mhp: pointer to the pointer to each header. 4854 * OUT: NULL if fail. 4855 * other if success, return pointer to the message to send. 4856 */ 4857 static int 4858 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4859 { 4860 struct secasindex saidx; 4861 struct sadb_address *src0, *dst0; 4862 struct secasvar *sav; 4863 uint32_t reqid, spi; 4864 int error; 4865 uint8_t mode, proto; 4866 4867 IPSEC_ASSERT(so != NULL, ("null socket")); 4868 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4869 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4870 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4871 4872 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4873 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4874 #ifdef PFKEY_STRICT_CHECKS 4875 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4876 #endif 4877 ) { 4878 ipseclog((LOG_DEBUG, 4879 "%s: invalid message: missing required header.\n", 4880 __func__)); 4881 error = EINVAL; 4882 goto fail; 4883 } 4884 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4885 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4886 #ifdef PFKEY_STRICT_CHECKS 4887 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4888 #endif 4889 ) { 4890 ipseclog((LOG_DEBUG, 4891 "%s: invalid message: wrong header size.\n", __func__)); 4892 error = EINVAL; 4893 goto fail; 4894 } 4895 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4896 mode = IPSEC_MODE_ANY; 4897 reqid = 0; 4898 } else { 4899 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4900 ipseclog((LOG_DEBUG, 4901 "%s: invalid message: wrong header size.\n", 4902 __func__)); 4903 error = EINVAL; 4904 goto fail; 4905 } 4906 mode = ((struct sadb_x_sa2 *) 4907 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4908 reqid = ((struct sadb_x_sa2 *) 4909 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4910 } 4911 4912 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4913 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4914 4915 /* map satype to proto */ 4916 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4917 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4918 __func__)); 4919 error = EINVAL; 4920 goto fail; 4921 } 4922 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4923 (struct sockaddr *)(dst0 + 1)); 4924 if (error != 0) { 4925 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4926 error = EINVAL; 4927 goto fail; 4928 } 4929 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4930 4931 /* SPI allocation */ 4932 SPI_ALLOC_LOCK(); 4933 spi = key_do_getnewspi( 4934 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4935 if (spi == 0) { 4936 /* 4937 * Requested SPI or SPI range is not available or 4938 * already used. 4939 */ 4940 SPI_ALLOC_UNLOCK(); 4941 error = EEXIST; 4942 goto fail; 4943 } 4944 sav = key_newsav(mhp, &saidx, spi, &error); 4945 SPI_ALLOC_UNLOCK(); 4946 if (sav == NULL) 4947 goto fail; 4948 4949 if (sav->seq != 0) { 4950 /* 4951 * RFC2367: 4952 * If the SADB_GETSPI message is in response to a 4953 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4954 * MUST be the same as the SADB_ACQUIRE message. 4955 * 4956 * XXXAE: However it doesn't definethe behaviour how to 4957 * check this and what to do if it doesn't match. 4958 * Also what we should do if it matches? 4959 * 4960 * We can compare saidx used in SADB_ACQUIRE with saidx 4961 * used in SADB_GETSPI, but this probably can break 4962 * existing software. For now just warn if it doesn't match. 4963 * 4964 * XXXAE: anyway it looks useless. 4965 */ 4966 key_acqdone(&saidx, sav->seq); 4967 } 4968 KEYDBG(KEY_STAMP, 4969 printf("%s: SA(%p)\n", __func__, sav)); 4970 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4971 4972 { 4973 struct mbuf *n, *nn; 4974 struct sadb_sa *m_sa; 4975 struct sadb_msg *newmsg; 4976 int off, len; 4977 4978 /* create new sadb_msg to reply. */ 4979 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4980 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4981 4982 MGETHDR(n, M_NOWAIT, MT_DATA); 4983 if (len > MHLEN) { 4984 if (!(MCLGET(n, M_NOWAIT))) { 4985 m_freem(n); 4986 n = NULL; 4987 } 4988 } 4989 if (!n) { 4990 error = ENOBUFS; 4991 goto fail; 4992 } 4993 4994 n->m_len = len; 4995 n->m_next = NULL; 4996 off = 0; 4997 4998 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4999 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5000 5001 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 5002 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5003 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5004 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 5005 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5006 5007 IPSEC_ASSERT(off == len, 5008 ("length inconsistency (off %u len %u)", off, len)); 5009 5010 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5011 SADB_EXT_ADDRESS_DST); 5012 if (!n->m_next) { 5013 m_freem(n); 5014 error = ENOBUFS; 5015 goto fail; 5016 } 5017 5018 if (n->m_len < sizeof(struct sadb_msg)) { 5019 n = m_pullup(n, sizeof(struct sadb_msg)); 5020 if (n == NULL) 5021 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5022 } 5023 5024 n->m_pkthdr.len = 0; 5025 for (nn = n; nn; nn = nn->m_next) 5026 n->m_pkthdr.len += nn->m_len; 5027 5028 newmsg = mtod(n, struct sadb_msg *); 5029 newmsg->sadb_msg_seq = sav->seq; 5030 newmsg->sadb_msg_errno = 0; 5031 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5032 5033 m_freem(m); 5034 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5035 } 5036 5037 fail: 5038 return (key_senderror(so, m, error)); 5039 } 5040 5041 /* 5042 * allocating new SPI 5043 * called by key_getspi(). 5044 * OUT: 5045 * 0: failure. 5046 * others: success, SPI in network byte order. 5047 */ 5048 static uint32_t 5049 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5050 { 5051 uint32_t min, max, newspi, t; 5052 int tries, limit; 5053 5054 SPI_ALLOC_LOCK_ASSERT(); 5055 5056 /* set spi range to allocate */ 5057 if (spirange != NULL) { 5058 min = spirange->sadb_spirange_min; 5059 max = spirange->sadb_spirange_max; 5060 } else { 5061 min = V_key_spi_minval; 5062 max = V_key_spi_maxval; 5063 } 5064 /* IPCOMP needs 2-byte SPI */ 5065 if (saidx->proto == IPPROTO_IPCOMP) { 5066 if (min >= 0x10000) 5067 min = 0xffff; 5068 if (max >= 0x10000) 5069 max = 0xffff; 5070 if (min > max) { 5071 t = min; min = max; max = t; 5072 } 5073 } 5074 5075 if (min == max) { 5076 if (key_checkspidup(htonl(min))) { 5077 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5078 __func__, min)); 5079 return 0; 5080 } 5081 5082 tries = 1; 5083 newspi = min; 5084 } else { 5085 /* init SPI */ 5086 newspi = 0; 5087 5088 limit = atomic_load_int(&V_key_spi_trycnt); 5089 /* when requesting to allocate spi ranged */ 5090 for (tries = 0; tries < limit; tries++) { 5091 /* generate pseudo-random SPI value ranged. */ 5092 newspi = min + (key_random() % (max - min + 1)); 5093 if (!key_checkspidup(htonl(newspi))) 5094 break; 5095 } 5096 5097 if (tries == limit || newspi == 0) { 5098 ipseclog((LOG_DEBUG, 5099 "%s: failed to allocate SPI.\n", __func__)); 5100 return 0; 5101 } 5102 } 5103 5104 /* statistics */ 5105 keystat.getspi_count = 5106 (keystat.getspi_count + tries) / 2; 5107 5108 return (htonl(newspi)); 5109 } 5110 5111 /* 5112 * Find TCP-MD5 SA with corresponding secasindex. 5113 * If not found, return NULL and fill SPI with usable value if needed. 5114 */ 5115 static struct secasvar * 5116 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5117 { 5118 SAHTREE_RLOCK_TRACKER; 5119 struct secashead *sah; 5120 struct secasvar *sav; 5121 5122 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5123 SAHTREE_RLOCK(); 5124 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5125 if (sah->saidx.proto != IPPROTO_TCP) 5126 continue; 5127 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5128 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5129 break; 5130 } 5131 if (sah != NULL) { 5132 if (V_key_preferred_oldsa) 5133 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5134 else 5135 sav = TAILQ_FIRST(&sah->savtree_alive); 5136 if (sav != NULL) { 5137 SAV_ADDREF(sav); 5138 SAHTREE_RUNLOCK(); 5139 return (sav); 5140 } 5141 } 5142 if (spi == NULL) { 5143 /* No SPI required */ 5144 SAHTREE_RUNLOCK(); 5145 return (NULL); 5146 } 5147 /* Check that SPI is unique */ 5148 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5149 if (sav->spi == *spi) 5150 break; 5151 } 5152 if (sav == NULL) { 5153 SAHTREE_RUNLOCK(); 5154 /* SPI is already unique */ 5155 return (NULL); 5156 } 5157 SAHTREE_RUNLOCK(); 5158 /* XXX: not optimal */ 5159 *spi = key_do_getnewspi(NULL, saidx); 5160 return (NULL); 5161 } 5162 5163 static int 5164 key_updateaddresses(struct socket *so, struct mbuf *m, 5165 const struct sadb_msghdr *mhp, struct secasvar *sav, 5166 struct secasindex *saidx) 5167 { 5168 struct sockaddr *newaddr; 5169 struct secashead *sah; 5170 struct secasvar *newsav, *tmp; 5171 struct mbuf *n; 5172 int error, isnew; 5173 5174 /* Check that we need to change SAH */ 5175 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5176 newaddr = (struct sockaddr *)( 5177 ((struct sadb_address *) 5178 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5179 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5180 key_porttosaddr(&saidx->src.sa, 0); 5181 } 5182 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5183 newaddr = (struct sockaddr *)( 5184 ((struct sadb_address *) 5185 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5186 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5187 key_porttosaddr(&saidx->dst.sa, 0); 5188 } 5189 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5190 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5191 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5192 if (error != 0) { 5193 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5194 __func__)); 5195 return (error); 5196 } 5197 5198 sah = key_getsah(saidx); 5199 if (sah == NULL) { 5200 /* create a new SA index */ 5201 sah = key_newsah(saidx); 5202 if (sah == NULL) { 5203 ipseclog((LOG_DEBUG, 5204 "%s: No more memory.\n", __func__)); 5205 return (ENOBUFS); 5206 } 5207 isnew = 2; /* SAH is new */ 5208 } else 5209 isnew = 1; /* existing SAH is referenced */ 5210 } else { 5211 /* 5212 * src and dst addresses are still the same. 5213 * Do we want to change NAT-T config? 5214 */ 5215 if (sav->sah->saidx.proto != IPPROTO_ESP || 5216 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5217 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5218 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5219 ipseclog((LOG_DEBUG, 5220 "%s: invalid message: missing required header.\n", 5221 __func__)); 5222 return (EINVAL); 5223 } 5224 /* We hold reference to SA, thus SAH will be referenced too. */ 5225 sah = sav->sah; 5226 isnew = 0; 5227 } 5228 5229 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5230 M_NOWAIT | M_ZERO); 5231 if (newsav == NULL) { 5232 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5233 error = ENOBUFS; 5234 goto fail; 5235 } 5236 5237 /* Clone SA's content into newsav */ 5238 SAV_INITREF(newsav); 5239 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5240 /* 5241 * We create new NAT-T config if it is needed. 5242 * Old NAT-T config will be freed by key_cleansav() when 5243 * last reference to SA will be released. 5244 */ 5245 newsav->natt = NULL; 5246 newsav->sah = sah; 5247 newsav->state = SADB_SASTATE_MATURE; 5248 error = key_setnatt(newsav, mhp); 5249 if (error != 0) 5250 goto fail; 5251 5252 SAHTREE_WLOCK(); 5253 /* Check that SA is still alive */ 5254 if (sav->state == SADB_SASTATE_DEAD) { 5255 /* SA was unlinked */ 5256 SAHTREE_WUNLOCK(); 5257 error = ESRCH; 5258 goto fail; 5259 } 5260 5261 /* Unlink SA from SAH and SPI hash */ 5262 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5263 ("SA is already cloned")); 5264 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5265 sav->state == SADB_SASTATE_DYING, 5266 ("Wrong SA state %u\n", sav->state)); 5267 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5268 LIST_REMOVE(sav, spihash); 5269 sav->state = SADB_SASTATE_DEAD; 5270 5271 /* 5272 * Link new SA with SAH. Keep SAs ordered by 5273 * create time (newer are first). 5274 */ 5275 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5276 if (newsav->created > tmp->created) { 5277 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5278 break; 5279 } 5280 } 5281 if (tmp == NULL) 5282 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5283 5284 /* Add new SA into SPI hash. */ 5285 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5286 5287 /* Add new SAH into SADB. */ 5288 if (isnew == 2) { 5289 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5290 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5291 sah->state = SADB_SASTATE_MATURE; 5292 SAH_ADDREF(sah); /* newsav references new SAH */ 5293 } 5294 /* 5295 * isnew == 1 -> @sah was referenced by key_getsah(). 5296 * isnew == 0 -> we use the same @sah, that was used by @sav, 5297 * and we use its reference for @newsav. 5298 */ 5299 SECASVAR_WLOCK(sav); 5300 /* XXX: replace cntr with pointer? */ 5301 newsav->cntr = sav->cntr; 5302 sav->flags |= SADB_X_EXT_F_CLONED; 5303 SECASVAR_WUNLOCK(sav); 5304 5305 SAHTREE_WUNLOCK(); 5306 5307 KEYDBG(KEY_STAMP, 5308 printf("%s: SA(%p) cloned into SA(%p)\n", 5309 __func__, sav, newsav)); 5310 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5311 5312 key_freesav(&sav); /* release last reference */ 5313 5314 /* set msg buf from mhp */ 5315 n = key_getmsgbuf_x1(m, mhp); 5316 if (n == NULL) { 5317 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5318 return (ENOBUFS); 5319 } 5320 m_freem(m); 5321 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5322 return (0); 5323 fail: 5324 if (isnew != 0) 5325 key_freesah(&sah); 5326 if (newsav != NULL) { 5327 if (newsav->natt != NULL) 5328 free(newsav->natt, M_IPSEC_MISC); 5329 free(newsav, M_IPSEC_SA); 5330 } 5331 return (error); 5332 } 5333 5334 /* 5335 * SADB_UPDATE processing 5336 * receive 5337 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5338 * key(AE), (identity(SD),) (sensitivity)> 5339 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5340 * and send 5341 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5342 * (identity(SD),) (sensitivity)> 5343 * to the ikmpd. 5344 * 5345 * m will always be freed. 5346 */ 5347 static int 5348 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5349 { 5350 struct secasindex saidx; 5351 struct sadb_address *src0, *dst0; 5352 struct sadb_sa *sa0; 5353 struct secasvar *sav; 5354 uint32_t reqid; 5355 int error; 5356 uint8_t mode, proto; 5357 5358 IPSEC_ASSERT(so != NULL, ("null socket")); 5359 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5360 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5361 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5362 5363 /* map satype to proto */ 5364 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5365 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5366 __func__)); 5367 return key_senderror(so, m, EINVAL); 5368 } 5369 5370 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5371 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5372 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5373 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5374 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5375 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5376 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5377 ipseclog((LOG_DEBUG, 5378 "%s: invalid message: missing required header.\n", 5379 __func__)); 5380 return key_senderror(so, m, EINVAL); 5381 } 5382 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5383 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5384 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5385 ipseclog((LOG_DEBUG, 5386 "%s: invalid message: wrong header size.\n", __func__)); 5387 return key_senderror(so, m, EINVAL); 5388 } 5389 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5390 mode = IPSEC_MODE_ANY; 5391 reqid = 0; 5392 } else { 5393 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5394 ipseclog((LOG_DEBUG, 5395 "%s: invalid message: wrong header size.\n", 5396 __func__)); 5397 return key_senderror(so, m, EINVAL); 5398 } 5399 mode = ((struct sadb_x_sa2 *) 5400 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5401 reqid = ((struct sadb_x_sa2 *) 5402 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5403 } 5404 5405 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5406 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5407 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5408 5409 /* 5410 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5411 * SADB_UPDATE message. 5412 */ 5413 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5414 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5415 #ifdef PFKEY_STRICT_CHECKS 5416 return key_senderror(so, m, EINVAL); 5417 #endif 5418 } 5419 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5420 (struct sockaddr *)(dst0 + 1)); 5421 if (error != 0) { 5422 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5423 return key_senderror(so, m, error); 5424 } 5425 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5426 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5427 if (sav == NULL) { 5428 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5429 __func__, ntohl(sa0->sadb_sa_spi))); 5430 return key_senderror(so, m, EINVAL); 5431 } 5432 /* 5433 * Check that SADB_UPDATE issued by the same process that did 5434 * SADB_GETSPI or SADB_ADD. 5435 */ 5436 if (sav->pid != mhp->msg->sadb_msg_pid) { 5437 ipseclog((LOG_DEBUG, 5438 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5439 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5440 key_freesav(&sav); 5441 return key_senderror(so, m, EINVAL); 5442 } 5443 /* saidx should match with SA. */ 5444 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5445 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5446 __func__, ntohl(sav->spi))); 5447 key_freesav(&sav); 5448 return key_senderror(so, m, ESRCH); 5449 } 5450 5451 if (sav->state == SADB_SASTATE_LARVAL) { 5452 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5453 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5454 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5455 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5456 ipseclog((LOG_DEBUG, 5457 "%s: invalid message: missing required header.\n", 5458 __func__)); 5459 key_freesav(&sav); 5460 return key_senderror(so, m, EINVAL); 5461 } 5462 /* 5463 * We can set any values except src, dst and SPI. 5464 */ 5465 error = key_setsaval(sav, mhp); 5466 if (error != 0) { 5467 key_freesav(&sav); 5468 return (key_senderror(so, m, error)); 5469 } 5470 /* Change SA state to MATURE */ 5471 SAHTREE_WLOCK(); 5472 if (sav->state != SADB_SASTATE_LARVAL) { 5473 /* SA was deleted or another thread made it MATURE. */ 5474 SAHTREE_WUNLOCK(); 5475 key_freesav(&sav); 5476 return (key_senderror(so, m, ESRCH)); 5477 } 5478 /* 5479 * NOTE: we keep SAs in savtree_alive ordered by created 5480 * time. When SA's state changed from LARVAL to MATURE, 5481 * we update its created time in key_setsaval() and move 5482 * it into head of savtree_alive. 5483 */ 5484 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5485 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5486 sav->state = SADB_SASTATE_MATURE; 5487 SAHTREE_WUNLOCK(); 5488 } else { 5489 /* 5490 * For DYING and MATURE SA we can change only state 5491 * and lifetimes. Report EINVAL if something else attempted 5492 * to change. 5493 */ 5494 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5495 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5496 key_freesav(&sav); 5497 return (key_senderror(so, m, EINVAL)); 5498 } 5499 error = key_updatelifetimes(sav, mhp); 5500 if (error != 0) { 5501 key_freesav(&sav); 5502 return (key_senderror(so, m, error)); 5503 } 5504 /* 5505 * This is FreeBSD extension to RFC2367. 5506 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5507 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5508 * SA addresses (for example to implement MOBIKE protocol 5509 * as described in RFC4555). Also we allow to change 5510 * NAT-T config. 5511 */ 5512 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5513 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5514 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5515 sav->natt != NULL) { 5516 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5517 key_freesav(&sav); 5518 if (error != 0) 5519 return (key_senderror(so, m, error)); 5520 return (0); 5521 } 5522 /* Check that SA is still alive */ 5523 SAHTREE_WLOCK(); 5524 if (sav->state == SADB_SASTATE_DEAD) { 5525 /* SA was unlinked */ 5526 SAHTREE_WUNLOCK(); 5527 key_freesav(&sav); 5528 return (key_senderror(so, m, ESRCH)); 5529 } 5530 /* 5531 * NOTE: there is possible state moving from DYING to MATURE, 5532 * but this doesn't change created time, so we won't reorder 5533 * this SA. 5534 */ 5535 sav->state = SADB_SASTATE_MATURE; 5536 SAHTREE_WUNLOCK(); 5537 } 5538 KEYDBG(KEY_STAMP, 5539 printf("%s: SA(%p)\n", __func__, sav)); 5540 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5541 key_freesav(&sav); 5542 5543 { 5544 struct mbuf *n; 5545 5546 /* set msg buf from mhp */ 5547 n = key_getmsgbuf_x1(m, mhp); 5548 if (n == NULL) { 5549 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5550 return key_senderror(so, m, ENOBUFS); 5551 } 5552 5553 m_freem(m); 5554 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5555 } 5556 } 5557 5558 /* 5559 * SADB_ADD processing 5560 * add an entry to SA database, when received 5561 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5562 * key(AE), (identity(SD),) (sensitivity)> 5563 * from the ikmpd, 5564 * and send 5565 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5566 * (identity(SD),) (sensitivity)> 5567 * to the ikmpd. 5568 * 5569 * IGNORE identity and sensitivity messages. 5570 * 5571 * m will always be freed. 5572 */ 5573 static int 5574 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5575 { 5576 struct secasindex saidx; 5577 struct sadb_address *src0, *dst0; 5578 struct sadb_sa *sa0; 5579 struct secasvar *sav; 5580 uint32_t reqid, spi; 5581 uint8_t mode, proto; 5582 int error; 5583 5584 IPSEC_ASSERT(so != NULL, ("null socket")); 5585 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5586 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5587 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5588 5589 /* map satype to proto */ 5590 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5591 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5592 __func__)); 5593 return key_senderror(so, m, EINVAL); 5594 } 5595 5596 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5597 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5598 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5599 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5600 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5601 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5602 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5603 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5604 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5605 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5606 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5607 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5608 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5609 ipseclog((LOG_DEBUG, 5610 "%s: invalid message: missing required header.\n", 5611 __func__)); 5612 return key_senderror(so, m, EINVAL); 5613 } 5614 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5615 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5616 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5617 ipseclog((LOG_DEBUG, 5618 "%s: invalid message: wrong header size.\n", __func__)); 5619 return key_senderror(so, m, EINVAL); 5620 } 5621 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5622 mode = IPSEC_MODE_ANY; 5623 reqid = 0; 5624 } else { 5625 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5626 ipseclog((LOG_DEBUG, 5627 "%s: invalid message: wrong header size.\n", 5628 __func__)); 5629 return key_senderror(so, m, EINVAL); 5630 } 5631 mode = ((struct sadb_x_sa2 *) 5632 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5633 reqid = ((struct sadb_x_sa2 *) 5634 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5635 } 5636 5637 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5638 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5639 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5640 5641 /* 5642 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5643 * SADB_ADD message. 5644 */ 5645 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5646 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5647 #ifdef PFKEY_STRICT_CHECKS 5648 return key_senderror(so, m, EINVAL); 5649 #endif 5650 } 5651 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5652 (struct sockaddr *)(dst0 + 1)); 5653 if (error != 0) { 5654 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5655 return key_senderror(so, m, error); 5656 } 5657 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5658 spi = sa0->sadb_sa_spi; 5659 /* 5660 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5661 * secasindex. 5662 * XXXAE: IPComp seems also doesn't use SPI. 5663 */ 5664 SPI_ALLOC_LOCK(); 5665 if (proto == IPPROTO_TCP) { 5666 sav = key_getsav_tcpmd5(&saidx, &spi); 5667 if (sav == NULL && spi == 0) { 5668 SPI_ALLOC_UNLOCK(); 5669 /* Failed to allocate SPI */ 5670 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5671 __func__)); 5672 return key_senderror(so, m, EEXIST); 5673 } 5674 /* XXX: SPI that we report back can have another value */ 5675 } else { 5676 /* We can create new SA only if SPI is different. */ 5677 sav = key_getsavbyspi(spi); 5678 } 5679 if (sav != NULL) { 5680 SPI_ALLOC_UNLOCK(); 5681 key_freesav(&sav); 5682 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5683 return key_senderror(so, m, EEXIST); 5684 } 5685 5686 sav = key_newsav(mhp, &saidx, spi, &error); 5687 SPI_ALLOC_UNLOCK(); 5688 if (sav == NULL) 5689 return key_senderror(so, m, error); 5690 KEYDBG(KEY_STAMP, 5691 printf("%s: return SA(%p)\n", __func__, sav)); 5692 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5693 /* 5694 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5695 * ACQ for deletion. 5696 */ 5697 if (sav->seq != 0) 5698 key_acqdone(&saidx, sav->seq); 5699 5700 { 5701 /* 5702 * Don't call key_freesav() on error here, as we would like to 5703 * keep the SA in the database. 5704 */ 5705 struct mbuf *n; 5706 5707 /* set msg buf from mhp */ 5708 n = key_getmsgbuf_x1(m, mhp); 5709 if (n == NULL) { 5710 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5711 return key_senderror(so, m, ENOBUFS); 5712 } 5713 5714 m_freem(m); 5715 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5716 } 5717 } 5718 5719 /* 5720 * NAT-T support. 5721 * IKEd may request the use ESP in UDP encapsulation when it detects the 5722 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5723 * parameters needed for encapsulation and decapsulation. These PF_KEY 5724 * extension headers are not standardized, so this comment addresses our 5725 * implementation. 5726 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5727 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5728 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5729 * UDP header. We use these ports in UDP encapsulation procedure, also we 5730 * can check them in UDP decapsulation procedure. 5731 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5732 * responder. These addresses can be used for transport mode to adjust 5733 * checksum after decapsulation and decryption. Since original IP addresses 5734 * used by peer usually different (we detected presence of NAT), TCP/UDP 5735 * pseudo header checksum and IP header checksum was calculated using original 5736 * addresses. After decapsulation and decryption we need to adjust checksum 5737 * to have correct datagram. 5738 * 5739 * We expect presence of NAT-T extension headers only in SADB_ADD and 5740 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5741 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5742 */ 5743 static int 5744 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5745 { 5746 struct sadb_x_nat_t_port *port; 5747 struct sadb_x_nat_t_type *type; 5748 struct sadb_address *oai, *oar; 5749 struct sockaddr *sa; 5750 uint32_t addr; 5751 uint16_t cksum; 5752 5753 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5754 /* 5755 * Ignore NAT-T headers if sproto isn't ESP. 5756 */ 5757 if (sav->sah->saidx.proto != IPPROTO_ESP) 5758 return (0); 5759 5760 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5761 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5762 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5763 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5764 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5765 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5766 ipseclog((LOG_DEBUG, 5767 "%s: invalid message: wrong header size.\n", 5768 __func__)); 5769 return (EINVAL); 5770 } 5771 } else 5772 return (0); 5773 5774 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5775 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5776 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5777 __func__, type->sadb_x_nat_t_type_type)); 5778 return (EINVAL); 5779 } 5780 /* 5781 * Allocate storage for NAT-T config. 5782 * On error it will be released by key_cleansav(). 5783 */ 5784 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5785 M_NOWAIT | M_ZERO); 5786 if (sav->natt == NULL) { 5787 PFKEYSTAT_INC(in_nomem); 5788 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5789 return (ENOBUFS); 5790 } 5791 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5792 if (port->sadb_x_nat_t_port_port == 0) { 5793 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5794 __func__)); 5795 return (EINVAL); 5796 } 5797 sav->natt->sport = port->sadb_x_nat_t_port_port; 5798 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5799 if (port->sadb_x_nat_t_port_port == 0) { 5800 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5801 __func__)); 5802 return (EINVAL); 5803 } 5804 sav->natt->dport = port->sadb_x_nat_t_port_port; 5805 5806 /* 5807 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5808 * and needed only for transport mode IPsec. 5809 * Usually NAT translates only one address, but it is possible, 5810 * that both addresses could be translated. 5811 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5812 */ 5813 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5814 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5815 ipseclog((LOG_DEBUG, 5816 "%s: invalid message: wrong header size.\n", 5817 __func__)); 5818 return (EINVAL); 5819 } 5820 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5821 } else 5822 oai = NULL; 5823 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5824 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5825 ipseclog((LOG_DEBUG, 5826 "%s: invalid message: wrong header size.\n", 5827 __func__)); 5828 return (EINVAL); 5829 } 5830 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5831 } else 5832 oar = NULL; 5833 5834 /* Initialize addresses only for transport mode */ 5835 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5836 cksum = 0; 5837 if (oai != NULL) { 5838 /* Currently we support only AF_INET */ 5839 sa = (struct sockaddr *)(oai + 1); 5840 if (sa->sa_family != AF_INET || 5841 sa->sa_len != sizeof(struct sockaddr_in)) { 5842 ipseclog((LOG_DEBUG, 5843 "%s: wrong NAT-OAi header.\n", 5844 __func__)); 5845 return (EINVAL); 5846 } 5847 /* Ignore address if it the same */ 5848 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5849 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5850 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5851 sav->natt->flags |= IPSEC_NATT_F_OAI; 5852 /* Calculate checksum delta */ 5853 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5854 cksum = in_addword(cksum, ~addr >> 16); 5855 cksum = in_addword(cksum, ~addr & 0xffff); 5856 addr = sav->natt->oai.sin.sin_addr.s_addr; 5857 cksum = in_addword(cksum, addr >> 16); 5858 cksum = in_addword(cksum, addr & 0xffff); 5859 } 5860 } 5861 if (oar != NULL) { 5862 /* Currently we support only AF_INET */ 5863 sa = (struct sockaddr *)(oar + 1); 5864 if (sa->sa_family != AF_INET || 5865 sa->sa_len != sizeof(struct sockaddr_in)) { 5866 ipseclog((LOG_DEBUG, 5867 "%s: wrong NAT-OAr header.\n", 5868 __func__)); 5869 return (EINVAL); 5870 } 5871 /* Ignore address if it the same */ 5872 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5873 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5874 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5875 sav->natt->flags |= IPSEC_NATT_F_OAR; 5876 /* Calculate checksum delta */ 5877 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5878 cksum = in_addword(cksum, ~addr >> 16); 5879 cksum = in_addword(cksum, ~addr & 0xffff); 5880 addr = sav->natt->oar.sin.sin_addr.s_addr; 5881 cksum = in_addword(cksum, addr >> 16); 5882 cksum = in_addword(cksum, addr & 0xffff); 5883 } 5884 } 5885 sav->natt->cksum = cksum; 5886 } 5887 return (0); 5888 } 5889 5890 static int 5891 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5892 { 5893 const struct sadb_ident *idsrc, *iddst; 5894 5895 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5896 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5897 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5898 5899 /* don't make buffer if not there */ 5900 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5901 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5902 sah->idents = NULL; 5903 sah->identd = NULL; 5904 return (0); 5905 } 5906 5907 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5908 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5909 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5910 return (EINVAL); 5911 } 5912 5913 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5914 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5915 5916 /* validity check */ 5917 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5918 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5919 return EINVAL; 5920 } 5921 5922 switch (idsrc->sadb_ident_type) { 5923 case SADB_IDENTTYPE_PREFIX: 5924 case SADB_IDENTTYPE_FQDN: 5925 case SADB_IDENTTYPE_USERFQDN: 5926 default: 5927 /* XXX do nothing */ 5928 sah->idents = NULL; 5929 sah->identd = NULL; 5930 return 0; 5931 } 5932 5933 /* make structure */ 5934 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5935 if (sah->idents == NULL) { 5936 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5937 return ENOBUFS; 5938 } 5939 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5940 if (sah->identd == NULL) { 5941 free(sah->idents, M_IPSEC_MISC); 5942 sah->idents = NULL; 5943 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5944 return ENOBUFS; 5945 } 5946 sah->idents->type = idsrc->sadb_ident_type; 5947 sah->idents->id = idsrc->sadb_ident_id; 5948 5949 sah->identd->type = iddst->sadb_ident_type; 5950 sah->identd->id = iddst->sadb_ident_id; 5951 5952 return 0; 5953 } 5954 5955 /* 5956 * m will not be freed on return. 5957 * it is caller's responsibility to free the result. 5958 * 5959 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5960 * from the request in defined order. 5961 */ 5962 static struct mbuf * 5963 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5964 { 5965 struct mbuf *n; 5966 5967 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5968 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5969 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5970 5971 /* create new sadb_msg to reply. */ 5972 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5973 SADB_EXT_SA, SADB_X_EXT_SA2, 5974 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5975 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5976 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5977 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5978 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5979 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5980 SADB_X_EXT_NEW_ADDRESS_DST); 5981 if (!n) 5982 return NULL; 5983 5984 if (n->m_len < sizeof(struct sadb_msg)) { 5985 n = m_pullup(n, sizeof(struct sadb_msg)); 5986 if (n == NULL) 5987 return NULL; 5988 } 5989 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5990 mtod(n, struct sadb_msg *)->sadb_msg_len = 5991 PFKEY_UNIT64(n->m_pkthdr.len); 5992 5993 return n; 5994 } 5995 5996 /* 5997 * SADB_DELETE processing 5998 * receive 5999 * <base, SA(*), address(SD)> 6000 * from the ikmpd, and set SADB_SASTATE_DEAD, 6001 * and send, 6002 * <base, SA(*), address(SD)> 6003 * to the ikmpd. 6004 * 6005 * m will always be freed. 6006 */ 6007 static int 6008 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6009 { 6010 struct secasindex saidx; 6011 struct sadb_address *src0, *dst0; 6012 struct secasvar *sav; 6013 struct sadb_sa *sa0; 6014 uint8_t proto; 6015 6016 IPSEC_ASSERT(so != NULL, ("null socket")); 6017 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6018 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6019 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6020 6021 /* map satype to proto */ 6022 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6023 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6024 __func__)); 6025 return key_senderror(so, m, EINVAL); 6026 } 6027 6028 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6029 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6030 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6031 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6032 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6033 __func__)); 6034 return key_senderror(so, m, EINVAL); 6035 } 6036 6037 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6038 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6039 6040 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6041 (struct sockaddr *)(dst0 + 1)) != 0) { 6042 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6043 return (key_senderror(so, m, EINVAL)); 6044 } 6045 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6046 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6047 /* 6048 * Caller wants us to delete all non-LARVAL SAs 6049 * that match the src/dst. This is used during 6050 * IKE INITIAL-CONTACT. 6051 * XXXAE: this looks like some extension to RFC2367. 6052 */ 6053 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6054 return (key_delete_all(so, m, mhp, &saidx)); 6055 } 6056 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6057 ipseclog((LOG_DEBUG, 6058 "%s: invalid message: wrong header size.\n", __func__)); 6059 return (key_senderror(so, m, EINVAL)); 6060 } 6061 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6062 SPI_ALLOC_LOCK(); 6063 if (proto == IPPROTO_TCP) 6064 sav = key_getsav_tcpmd5(&saidx, NULL); 6065 else 6066 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6067 SPI_ALLOC_UNLOCK(); 6068 if (sav == NULL) { 6069 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6070 __func__, ntohl(sa0->sadb_sa_spi))); 6071 return (key_senderror(so, m, ESRCH)); 6072 } 6073 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6074 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6075 __func__, ntohl(sav->spi))); 6076 key_freesav(&sav); 6077 return (key_senderror(so, m, ESRCH)); 6078 } 6079 KEYDBG(KEY_STAMP, 6080 printf("%s: SA(%p)\n", __func__, sav)); 6081 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6082 key_unlinksav(sav); 6083 key_freesav(&sav); 6084 6085 { 6086 struct mbuf *n; 6087 struct sadb_msg *newmsg; 6088 6089 /* create new sadb_msg to reply. */ 6090 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6091 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6092 if (!n) 6093 return key_senderror(so, m, ENOBUFS); 6094 6095 if (n->m_len < sizeof(struct sadb_msg)) { 6096 n = m_pullup(n, sizeof(struct sadb_msg)); 6097 if (n == NULL) 6098 return key_senderror(so, m, ENOBUFS); 6099 } 6100 newmsg = mtod(n, struct sadb_msg *); 6101 newmsg->sadb_msg_errno = 0; 6102 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6103 6104 m_freem(m); 6105 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6106 } 6107 } 6108 6109 /* 6110 * delete all SAs for src/dst. Called from key_delete(). 6111 */ 6112 static int 6113 key_delete_all(struct socket *so, struct mbuf *m, 6114 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6115 { 6116 struct secasvar_queue drainq; 6117 struct secashead *sah; 6118 struct secasvar *sav, *nextsav; 6119 6120 TAILQ_INIT(&drainq); 6121 SAHTREE_WLOCK(); 6122 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6123 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6124 continue; 6125 /* Move all ALIVE SAs into drainq */ 6126 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6127 } 6128 /* Unlink all queued SAs from SPI hash */ 6129 TAILQ_FOREACH(sav, &drainq, chain) { 6130 sav->state = SADB_SASTATE_DEAD; 6131 LIST_REMOVE(sav, spihash); 6132 } 6133 SAHTREE_WUNLOCK(); 6134 /* Now we can release reference for all SAs in drainq */ 6135 sav = TAILQ_FIRST(&drainq); 6136 while (sav != NULL) { 6137 KEYDBG(KEY_STAMP, 6138 printf("%s: SA(%p)\n", __func__, sav)); 6139 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6140 nextsav = TAILQ_NEXT(sav, chain); 6141 key_freesah(&sav->sah); /* release reference from SAV */ 6142 key_freesav(&sav); /* release last reference */ 6143 sav = nextsav; 6144 } 6145 6146 { 6147 struct mbuf *n; 6148 struct sadb_msg *newmsg; 6149 6150 /* create new sadb_msg to reply. */ 6151 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6152 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6153 if (!n) 6154 return key_senderror(so, m, ENOBUFS); 6155 6156 if (n->m_len < sizeof(struct sadb_msg)) { 6157 n = m_pullup(n, sizeof(struct sadb_msg)); 6158 if (n == NULL) 6159 return key_senderror(so, m, ENOBUFS); 6160 } 6161 newmsg = mtod(n, struct sadb_msg *); 6162 newmsg->sadb_msg_errno = 0; 6163 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6164 6165 m_freem(m); 6166 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6167 } 6168 } 6169 6170 /* 6171 * Delete all alive SAs for corresponding xform. 6172 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6173 * here when xform disappears. 6174 */ 6175 void 6176 key_delete_xform(const struct xformsw *xsp) 6177 { 6178 struct secasvar_queue drainq; 6179 struct secashead *sah; 6180 struct secasvar *sav, *nextsav; 6181 6182 TAILQ_INIT(&drainq); 6183 SAHTREE_WLOCK(); 6184 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6185 sav = TAILQ_FIRST(&sah->savtree_alive); 6186 if (sav == NULL) 6187 continue; 6188 if (sav->tdb_xform != xsp) 6189 continue; 6190 /* 6191 * It is supposed that all SAs in the chain are related to 6192 * one xform. 6193 */ 6194 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6195 } 6196 /* Unlink all queued SAs from SPI hash */ 6197 TAILQ_FOREACH(sav, &drainq, chain) { 6198 sav->state = SADB_SASTATE_DEAD; 6199 LIST_REMOVE(sav, spihash); 6200 } 6201 SAHTREE_WUNLOCK(); 6202 6203 /* Now we can release reference for all SAs in drainq */ 6204 sav = TAILQ_FIRST(&drainq); 6205 while (sav != NULL) { 6206 KEYDBG(KEY_STAMP, 6207 printf("%s: SA(%p)\n", __func__, sav)); 6208 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6209 nextsav = TAILQ_NEXT(sav, chain); 6210 key_freesah(&sav->sah); /* release reference from SAV */ 6211 key_freesav(&sav); /* release last reference */ 6212 sav = nextsav; 6213 } 6214 } 6215 6216 /* 6217 * SADB_GET processing 6218 * receive 6219 * <base, SA(*), address(SD)> 6220 * from the ikmpd, and get a SP and a SA to respond, 6221 * and send, 6222 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6223 * (identity(SD),) (sensitivity)> 6224 * to the ikmpd. 6225 * 6226 * m will always be freed. 6227 */ 6228 static int 6229 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6230 { 6231 struct secasindex saidx; 6232 struct sadb_address *src0, *dst0; 6233 struct sadb_sa *sa0; 6234 struct secasvar *sav; 6235 uint8_t proto; 6236 6237 IPSEC_ASSERT(so != NULL, ("null socket")); 6238 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6239 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6240 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6241 6242 /* map satype to proto */ 6243 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6244 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6245 __func__)); 6246 return key_senderror(so, m, EINVAL); 6247 } 6248 6249 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6250 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6251 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6252 ipseclog((LOG_DEBUG, 6253 "%s: invalid message: missing required header.\n", 6254 __func__)); 6255 return key_senderror(so, m, EINVAL); 6256 } 6257 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6258 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6259 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6260 ipseclog((LOG_DEBUG, 6261 "%s: invalid message: wrong header size.\n", __func__)); 6262 return key_senderror(so, m, EINVAL); 6263 } 6264 6265 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6266 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6267 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6268 6269 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6270 (struct sockaddr *)(dst0 + 1)) != 0) { 6271 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6272 return key_senderror(so, m, EINVAL); 6273 } 6274 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6275 6276 SPI_ALLOC_LOCK(); 6277 if (proto == IPPROTO_TCP) 6278 sav = key_getsav_tcpmd5(&saidx, NULL); 6279 else 6280 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6281 SPI_ALLOC_UNLOCK(); 6282 if (sav == NULL) { 6283 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6284 return key_senderror(so, m, ESRCH); 6285 } 6286 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6287 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6288 __func__, ntohl(sa0->sadb_sa_spi))); 6289 key_freesav(&sav); 6290 return (key_senderror(so, m, ESRCH)); 6291 } 6292 6293 { 6294 struct mbuf *n; 6295 uint8_t satype; 6296 6297 /* map proto to satype */ 6298 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6299 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6300 __func__)); 6301 key_freesav(&sav); 6302 return key_senderror(so, m, EINVAL); 6303 } 6304 6305 /* create new sadb_msg to reply. */ 6306 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6307 mhp->msg->sadb_msg_pid); 6308 6309 key_freesav(&sav); 6310 if (!n) 6311 return key_senderror(so, m, ENOBUFS); 6312 6313 m_freem(m); 6314 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6315 } 6316 } 6317 6318 /* XXX make it sysctl-configurable? */ 6319 static void 6320 key_getcomb_setlifetime(struct sadb_comb *comb) 6321 { 6322 6323 comb->sadb_comb_soft_allocations = 1; 6324 comb->sadb_comb_hard_allocations = 1; 6325 comb->sadb_comb_soft_bytes = 0; 6326 comb->sadb_comb_hard_bytes = 0; 6327 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6328 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6329 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6330 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6331 } 6332 6333 /* 6334 * XXX reorder combinations by preference 6335 * XXX no idea if the user wants ESP authentication or not 6336 */ 6337 static struct mbuf * 6338 key_getcomb_ealg(void) 6339 { 6340 struct sadb_comb *comb; 6341 const struct enc_xform *algo; 6342 struct mbuf *result = NULL, *m, *n; 6343 int encmin; 6344 int i, off, o; 6345 int totlen; 6346 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6347 6348 m = NULL; 6349 for (i = 1; i <= SADB_EALG_MAX; i++) { 6350 algo = enc_algorithm_lookup(i); 6351 if (algo == NULL) 6352 continue; 6353 6354 /* discard algorithms with key size smaller than system min */ 6355 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6356 continue; 6357 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6358 encmin = V_ipsec_esp_keymin; 6359 else 6360 encmin = _BITS(algo->minkey); 6361 6362 if (V_ipsec_esp_auth) 6363 m = key_getcomb_ah(); 6364 else { 6365 IPSEC_ASSERT(l <= MLEN, 6366 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6367 MGET(m, M_NOWAIT, MT_DATA); 6368 if (m) { 6369 M_ALIGN(m, l); 6370 m->m_len = l; 6371 m->m_next = NULL; 6372 bzero(mtod(m, caddr_t), m->m_len); 6373 } 6374 } 6375 if (!m) 6376 goto fail; 6377 6378 totlen = 0; 6379 for (n = m; n; n = n->m_next) 6380 totlen += n->m_len; 6381 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6382 6383 for (off = 0; off < totlen; off += l) { 6384 n = m_pulldown(m, off, l, &o); 6385 if (!n) { 6386 /* m is already freed */ 6387 goto fail; 6388 } 6389 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6390 bzero(comb, sizeof(*comb)); 6391 key_getcomb_setlifetime(comb); 6392 comb->sadb_comb_encrypt = i; 6393 comb->sadb_comb_encrypt_minbits = encmin; 6394 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6395 } 6396 6397 if (!result) 6398 result = m; 6399 else 6400 m_cat(result, m); 6401 } 6402 6403 return result; 6404 6405 fail: 6406 if (result) 6407 m_freem(result); 6408 return NULL; 6409 } 6410 6411 static void 6412 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6413 u_int16_t* max) 6414 { 6415 6416 *min = *max = ah->hashsize; 6417 if (ah->keysize == 0) { 6418 /* 6419 * Transform takes arbitrary key size but algorithm 6420 * key size is restricted. Enforce this here. 6421 */ 6422 switch (alg) { 6423 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6424 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6425 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6426 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6427 default: 6428 DPRINTF(("%s: unknown AH algorithm %u\n", 6429 __func__, alg)); 6430 break; 6431 } 6432 } 6433 } 6434 6435 /* 6436 * XXX reorder combinations by preference 6437 */ 6438 static struct mbuf * 6439 key_getcomb_ah(void) 6440 { 6441 const struct auth_hash *algo; 6442 struct sadb_comb *comb; 6443 struct mbuf *m; 6444 u_int16_t minkeysize, maxkeysize; 6445 int i; 6446 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6447 6448 m = NULL; 6449 for (i = 1; i <= SADB_AALG_MAX; i++) { 6450 #if 1 6451 /* we prefer HMAC algorithms, not old algorithms */ 6452 if (i != SADB_AALG_SHA1HMAC && 6453 i != SADB_X_AALG_SHA2_256 && 6454 i != SADB_X_AALG_SHA2_384 && 6455 i != SADB_X_AALG_SHA2_512) 6456 continue; 6457 #endif 6458 algo = auth_algorithm_lookup(i); 6459 if (!algo) 6460 continue; 6461 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6462 /* discard algorithms with key size smaller than system min */ 6463 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6464 continue; 6465 6466 if (!m) { 6467 IPSEC_ASSERT(l <= MLEN, 6468 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6469 MGET(m, M_NOWAIT, MT_DATA); 6470 if (m) { 6471 M_ALIGN(m, l); 6472 m->m_len = l; 6473 m->m_next = NULL; 6474 } 6475 } else 6476 M_PREPEND(m, l, M_NOWAIT); 6477 if (!m) 6478 return NULL; 6479 6480 comb = mtod(m, struct sadb_comb *); 6481 bzero(comb, sizeof(*comb)); 6482 key_getcomb_setlifetime(comb); 6483 comb->sadb_comb_auth = i; 6484 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6485 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6486 } 6487 6488 return m; 6489 } 6490 6491 /* 6492 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6493 * XXX reorder combinations by preference 6494 */ 6495 static struct mbuf * 6496 key_getcomb_ipcomp(void) 6497 { 6498 const struct comp_algo *algo; 6499 struct sadb_comb *comb; 6500 struct mbuf *m; 6501 int i; 6502 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6503 6504 m = NULL; 6505 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6506 algo = comp_algorithm_lookup(i); 6507 if (!algo) 6508 continue; 6509 6510 if (!m) { 6511 IPSEC_ASSERT(l <= MLEN, 6512 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6513 MGET(m, M_NOWAIT, MT_DATA); 6514 if (m) { 6515 M_ALIGN(m, l); 6516 m->m_len = l; 6517 m->m_next = NULL; 6518 } 6519 } else 6520 M_PREPEND(m, l, M_NOWAIT); 6521 if (!m) 6522 return NULL; 6523 6524 comb = mtod(m, struct sadb_comb *); 6525 bzero(comb, sizeof(*comb)); 6526 key_getcomb_setlifetime(comb); 6527 comb->sadb_comb_encrypt = i; 6528 /* what should we set into sadb_comb_*_{min,max}bits? */ 6529 } 6530 6531 return m; 6532 } 6533 6534 /* 6535 * XXX no way to pass mode (transport/tunnel) to userland 6536 * XXX replay checking? 6537 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6538 */ 6539 static struct mbuf * 6540 key_getprop(const struct secasindex *saidx) 6541 { 6542 struct sadb_prop *prop; 6543 struct mbuf *m, *n; 6544 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6545 int totlen; 6546 6547 switch (saidx->proto) { 6548 case IPPROTO_ESP: 6549 m = key_getcomb_ealg(); 6550 break; 6551 case IPPROTO_AH: 6552 m = key_getcomb_ah(); 6553 break; 6554 case IPPROTO_IPCOMP: 6555 m = key_getcomb_ipcomp(); 6556 break; 6557 default: 6558 return NULL; 6559 } 6560 6561 if (!m) 6562 return NULL; 6563 M_PREPEND(m, l, M_NOWAIT); 6564 if (!m) 6565 return NULL; 6566 6567 totlen = 0; 6568 for (n = m; n; n = n->m_next) 6569 totlen += n->m_len; 6570 6571 prop = mtod(m, struct sadb_prop *); 6572 bzero(prop, sizeof(*prop)); 6573 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6574 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6575 prop->sadb_prop_replay = 32; /* XXX */ 6576 6577 return m; 6578 } 6579 6580 /* 6581 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6582 * send 6583 * <base, SA, address(SD), (address(P)), x_policy, 6584 * (identity(SD),) (sensitivity,) proposal> 6585 * to KMD, and expect to receive 6586 * <base> with SADB_ACQUIRE if error occurred, 6587 * or 6588 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6589 * from KMD by PF_KEY. 6590 * 6591 * XXX x_policy is outside of RFC2367 (KAME extension). 6592 * XXX sensitivity is not supported. 6593 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6594 * see comment for key_getcomb_ipcomp(). 6595 * 6596 * OUT: 6597 * 0 : succeed 6598 * others: error number 6599 */ 6600 static int 6601 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6602 { 6603 union sockaddr_union addr; 6604 struct mbuf *result, *m; 6605 uint32_t seq; 6606 int error; 6607 uint16_t ul_proto; 6608 uint8_t mask, satype; 6609 6610 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6611 satype = key_proto2satype(saidx->proto); 6612 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6613 6614 error = -1; 6615 result = NULL; 6616 ul_proto = IPSEC_ULPROTO_ANY; 6617 6618 /* Get seq number to check whether sending message or not. */ 6619 seq = key_getacq(saidx, &error); 6620 if (seq == 0) 6621 return (error); 6622 6623 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6624 if (!m) { 6625 error = ENOBUFS; 6626 goto fail; 6627 } 6628 result = m; 6629 6630 /* 6631 * set sadb_address for saidx's. 6632 * 6633 * Note that if sp is supplied, then we're being called from 6634 * key_allocsa_policy() and should supply port and protocol 6635 * information. 6636 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6637 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6638 * XXXAE: it looks like we should save this info in the ACQ entry. 6639 */ 6640 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6641 sp->spidx.ul_proto == IPPROTO_UDP)) 6642 ul_proto = sp->spidx.ul_proto; 6643 6644 addr = saidx->src; 6645 mask = FULLMASK; 6646 if (ul_proto != IPSEC_ULPROTO_ANY) { 6647 switch (sp->spidx.src.sa.sa_family) { 6648 case AF_INET: 6649 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6650 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6651 mask = sp->spidx.prefs; 6652 } 6653 break; 6654 case AF_INET6: 6655 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6656 addr.sin6.sin6_port = 6657 sp->spidx.src.sin6.sin6_port; 6658 mask = sp->spidx.prefs; 6659 } 6660 break; 6661 default: 6662 break; 6663 } 6664 } 6665 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6666 if (!m) { 6667 error = ENOBUFS; 6668 goto fail; 6669 } 6670 m_cat(result, m); 6671 6672 addr = saidx->dst; 6673 mask = FULLMASK; 6674 if (ul_proto != IPSEC_ULPROTO_ANY) { 6675 switch (sp->spidx.dst.sa.sa_family) { 6676 case AF_INET: 6677 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6678 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6679 mask = sp->spidx.prefd; 6680 } 6681 break; 6682 case AF_INET6: 6683 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6684 addr.sin6.sin6_port = 6685 sp->spidx.dst.sin6.sin6_port; 6686 mask = sp->spidx.prefd; 6687 } 6688 break; 6689 default: 6690 break; 6691 } 6692 } 6693 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6694 if (!m) { 6695 error = ENOBUFS; 6696 goto fail; 6697 } 6698 m_cat(result, m); 6699 6700 /* XXX proxy address (optional) */ 6701 6702 /* 6703 * Set sadb_x_policy. This is KAME extension to RFC2367. 6704 */ 6705 if (sp != NULL) { 6706 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6707 sp->priority); 6708 if (!m) { 6709 error = ENOBUFS; 6710 goto fail; 6711 } 6712 m_cat(result, m); 6713 } 6714 6715 /* 6716 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6717 * This is FreeBSD extension to RFC2367. 6718 */ 6719 if (saidx->reqid != 0) { 6720 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6721 if (m == NULL) { 6722 error = ENOBUFS; 6723 goto fail; 6724 } 6725 m_cat(result, m); 6726 } 6727 /* XXX identity (optional) */ 6728 #if 0 6729 if (idexttype && fqdn) { 6730 /* create identity extension (FQDN) */ 6731 struct sadb_ident *id; 6732 int fqdnlen; 6733 6734 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6735 id = (struct sadb_ident *)p; 6736 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6737 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6738 id->sadb_ident_exttype = idexttype; 6739 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6740 bcopy(fqdn, id + 1, fqdnlen); 6741 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6742 } 6743 6744 if (idexttype) { 6745 /* create identity extension (USERFQDN) */ 6746 struct sadb_ident *id; 6747 int userfqdnlen; 6748 6749 if (userfqdn) { 6750 /* +1 for terminating-NUL */ 6751 userfqdnlen = strlen(userfqdn) + 1; 6752 } else 6753 userfqdnlen = 0; 6754 id = (struct sadb_ident *)p; 6755 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6756 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6757 id->sadb_ident_exttype = idexttype; 6758 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6759 /* XXX is it correct? */ 6760 if (curproc && curproc->p_cred) 6761 id->sadb_ident_id = curproc->p_cred->p_ruid; 6762 if (userfqdn && userfqdnlen) 6763 bcopy(userfqdn, id + 1, userfqdnlen); 6764 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6765 } 6766 #endif 6767 6768 /* XXX sensitivity (optional) */ 6769 6770 /* create proposal/combination extension */ 6771 m = key_getprop(saidx); 6772 #if 0 6773 /* 6774 * spec conformant: always attach proposal/combination extension, 6775 * the problem is that we have no way to attach it for ipcomp, 6776 * due to the way sadb_comb is declared in RFC2367. 6777 */ 6778 if (!m) { 6779 error = ENOBUFS; 6780 goto fail; 6781 } 6782 m_cat(result, m); 6783 #else 6784 /* 6785 * outside of spec; make proposal/combination extension optional. 6786 */ 6787 if (m) 6788 m_cat(result, m); 6789 #endif 6790 6791 if ((result->m_flags & M_PKTHDR) == 0) { 6792 error = EINVAL; 6793 goto fail; 6794 } 6795 6796 if (result->m_len < sizeof(struct sadb_msg)) { 6797 result = m_pullup(result, sizeof(struct sadb_msg)); 6798 if (result == NULL) { 6799 error = ENOBUFS; 6800 goto fail; 6801 } 6802 } 6803 6804 result->m_pkthdr.len = 0; 6805 for (m = result; m; m = m->m_next) 6806 result->m_pkthdr.len += m->m_len; 6807 6808 mtod(result, struct sadb_msg *)->sadb_msg_len = 6809 PFKEY_UNIT64(result->m_pkthdr.len); 6810 6811 KEYDBG(KEY_STAMP, 6812 printf("%s: SP(%p)\n", __func__, sp)); 6813 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6814 6815 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6816 6817 fail: 6818 if (result) 6819 m_freem(result); 6820 return error; 6821 } 6822 6823 static uint32_t 6824 key_newacq(const struct secasindex *saidx, int *perror) 6825 { 6826 struct secacq *acq; 6827 uint32_t seq; 6828 6829 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6830 if (acq == NULL) { 6831 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6832 *perror = ENOBUFS; 6833 return (0); 6834 } 6835 6836 /* copy secindex */ 6837 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6838 acq->created = time_second; 6839 acq->count = 0; 6840 6841 /* add to acqtree */ 6842 ACQ_LOCK(); 6843 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6844 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6845 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6846 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6847 ACQ_UNLOCK(); 6848 *perror = 0; 6849 return (seq); 6850 } 6851 6852 static uint32_t 6853 key_getacq(const struct secasindex *saidx, int *perror) 6854 { 6855 struct secacq *acq; 6856 uint32_t seq; 6857 6858 ACQ_LOCK(); 6859 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6860 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6861 if (acq->count > V_key_blockacq_count) { 6862 /* 6863 * Reset counter and send message. 6864 * Also reset created time to keep ACQ for 6865 * this saidx. 6866 */ 6867 acq->created = time_second; 6868 acq->count = 0; 6869 seq = acq->seq; 6870 } else { 6871 /* 6872 * Increment counter and do nothing. 6873 * We send SADB_ACQUIRE message only 6874 * for each V_key_blockacq_count packet. 6875 */ 6876 acq->count++; 6877 seq = 0; 6878 } 6879 break; 6880 } 6881 } 6882 ACQ_UNLOCK(); 6883 if (acq != NULL) { 6884 *perror = 0; 6885 return (seq); 6886 } 6887 /* allocate new entry */ 6888 return (key_newacq(saidx, perror)); 6889 } 6890 6891 static int 6892 key_acqreset(uint32_t seq) 6893 { 6894 struct secacq *acq; 6895 6896 ACQ_LOCK(); 6897 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6898 if (acq->seq == seq) { 6899 acq->count = 0; 6900 acq->created = time_second; 6901 break; 6902 } 6903 } 6904 ACQ_UNLOCK(); 6905 if (acq == NULL) 6906 return (ESRCH); 6907 return (0); 6908 } 6909 /* 6910 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6911 * Called after successful SADB_GETSPI message. 6912 */ 6913 static int 6914 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6915 { 6916 struct secacq *acq; 6917 6918 ACQ_LOCK(); 6919 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6920 if (acq->seq == seq) 6921 break; 6922 } 6923 if (acq != NULL) { 6924 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6925 ipseclog((LOG_DEBUG, 6926 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6927 acq = NULL; 6928 } else { 6929 acq->created = 0; 6930 } 6931 } else { 6932 ipseclog((LOG_DEBUG, 6933 "%s: ACQ %u is not found.\n", __func__, seq)); 6934 } 6935 ACQ_UNLOCK(); 6936 if (acq == NULL) 6937 return (ESRCH); 6938 return (0); 6939 } 6940 6941 static struct secspacq * 6942 key_newspacq(struct secpolicyindex *spidx) 6943 { 6944 struct secspacq *acq; 6945 6946 /* get new entry */ 6947 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6948 if (acq == NULL) { 6949 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6950 return NULL; 6951 } 6952 6953 /* copy secindex */ 6954 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6955 acq->created = time_second; 6956 acq->count = 0; 6957 6958 /* add to spacqtree */ 6959 SPACQ_LOCK(); 6960 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6961 SPACQ_UNLOCK(); 6962 6963 return acq; 6964 } 6965 6966 static struct secspacq * 6967 key_getspacq(struct secpolicyindex *spidx) 6968 { 6969 struct secspacq *acq; 6970 6971 SPACQ_LOCK(); 6972 LIST_FOREACH(acq, &V_spacqtree, chain) { 6973 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6974 /* NB: return holding spacq_lock */ 6975 return acq; 6976 } 6977 } 6978 SPACQ_UNLOCK(); 6979 6980 return NULL; 6981 } 6982 6983 /* 6984 * SADB_ACQUIRE processing, 6985 * in first situation, is receiving 6986 * <base> 6987 * from the ikmpd, and clear sequence of its secasvar entry. 6988 * 6989 * In second situation, is receiving 6990 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6991 * from a user land process, and return 6992 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6993 * to the socket. 6994 * 6995 * m will always be freed. 6996 */ 6997 static int 6998 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6999 { 7000 SAHTREE_RLOCK_TRACKER; 7001 struct sadb_address *src0, *dst0; 7002 struct secasindex saidx; 7003 struct secashead *sah; 7004 uint32_t reqid; 7005 int error; 7006 uint8_t mode, proto; 7007 7008 IPSEC_ASSERT(so != NULL, ("null socket")); 7009 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7010 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7011 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7012 7013 /* 7014 * Error message from KMd. 7015 * We assume that if error was occurred in IKEd, the length of PFKEY 7016 * message is equal to the size of sadb_msg structure. 7017 * We do not raise error even if error occurred in this function. 7018 */ 7019 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7020 /* check sequence number */ 7021 if (mhp->msg->sadb_msg_seq == 0 || 7022 mhp->msg->sadb_msg_errno == 0) { 7023 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7024 "number and errno.\n", __func__)); 7025 } else { 7026 /* 7027 * IKEd reported that error occurred. 7028 * XXXAE: what it expects from the kernel? 7029 * Probably we should send SADB_ACQUIRE again? 7030 * If so, reset ACQ's state. 7031 * XXXAE: it looks useless. 7032 */ 7033 key_acqreset(mhp->msg->sadb_msg_seq); 7034 } 7035 m_freem(m); 7036 return (0); 7037 } 7038 7039 /* 7040 * This message is from user land. 7041 */ 7042 7043 /* map satype to proto */ 7044 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7045 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7046 __func__)); 7047 return key_senderror(so, m, EINVAL); 7048 } 7049 7050 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7051 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7052 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7053 ipseclog((LOG_DEBUG, 7054 "%s: invalid message: missing required header.\n", 7055 __func__)); 7056 return key_senderror(so, m, EINVAL); 7057 } 7058 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7059 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7060 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7061 ipseclog((LOG_DEBUG, 7062 "%s: invalid message: wrong header size.\n", __func__)); 7063 return key_senderror(so, m, EINVAL); 7064 } 7065 7066 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7067 mode = IPSEC_MODE_ANY; 7068 reqid = 0; 7069 } else { 7070 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7071 ipseclog((LOG_DEBUG, 7072 "%s: invalid message: wrong header size.\n", 7073 __func__)); 7074 return key_senderror(so, m, EINVAL); 7075 } 7076 mode = ((struct sadb_x_sa2 *) 7077 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7078 reqid = ((struct sadb_x_sa2 *) 7079 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7080 } 7081 7082 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7083 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7084 7085 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7086 (struct sockaddr *)(dst0 + 1)); 7087 if (error != 0) { 7088 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7089 return key_senderror(so, m, EINVAL); 7090 } 7091 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7092 7093 /* get a SA index */ 7094 SAHTREE_RLOCK(); 7095 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7096 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7097 break; 7098 } 7099 SAHTREE_RUNLOCK(); 7100 if (sah != NULL) { 7101 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7102 return key_senderror(so, m, EEXIST); 7103 } 7104 7105 error = key_acquire(&saidx, NULL); 7106 if (error != 0) { 7107 ipseclog((LOG_DEBUG, 7108 "%s: error %d returned from key_acquire()\n", 7109 __func__, error)); 7110 return key_senderror(so, m, error); 7111 } 7112 m_freem(m); 7113 return (0); 7114 } 7115 7116 /* 7117 * SADB_REGISTER processing. 7118 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7119 * receive 7120 * <base> 7121 * from the ikmpd, and register a socket to send PF_KEY messages, 7122 * and send 7123 * <base, supported> 7124 * to KMD by PF_KEY. 7125 * If socket is detached, must free from regnode. 7126 * 7127 * m will always be freed. 7128 */ 7129 static int 7130 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7131 { 7132 struct secreg *reg, *newreg = NULL; 7133 7134 IPSEC_ASSERT(so != NULL, ("null socket")); 7135 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7136 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7137 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7138 7139 /* check for invalid register message */ 7140 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7141 return key_senderror(so, m, EINVAL); 7142 7143 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7144 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7145 goto setmsg; 7146 7147 /* check whether existing or not */ 7148 REGTREE_LOCK(); 7149 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7150 if (reg->so == so) { 7151 REGTREE_UNLOCK(); 7152 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7153 __func__)); 7154 return key_senderror(so, m, EEXIST); 7155 } 7156 } 7157 7158 /* create regnode */ 7159 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7160 if (newreg == NULL) { 7161 REGTREE_UNLOCK(); 7162 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7163 return key_senderror(so, m, ENOBUFS); 7164 } 7165 7166 newreg->so = so; 7167 ((struct keycb *)(so->so_pcb))->kp_registered++; 7168 7169 /* add regnode to regtree. */ 7170 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7171 REGTREE_UNLOCK(); 7172 7173 setmsg: 7174 { 7175 struct mbuf *n; 7176 struct sadb_msg *newmsg; 7177 struct sadb_supported *sup; 7178 u_int len, alen, elen; 7179 int off; 7180 int i; 7181 struct sadb_alg *alg; 7182 7183 /* create new sadb_msg to reply. */ 7184 alen = 0; 7185 for (i = 1; i <= SADB_AALG_MAX; i++) { 7186 if (auth_algorithm_lookup(i)) 7187 alen += sizeof(struct sadb_alg); 7188 } 7189 if (alen) 7190 alen += sizeof(struct sadb_supported); 7191 elen = 0; 7192 for (i = 1; i <= SADB_EALG_MAX; i++) { 7193 if (enc_algorithm_lookup(i)) 7194 elen += sizeof(struct sadb_alg); 7195 } 7196 if (elen) 7197 elen += sizeof(struct sadb_supported); 7198 7199 len = sizeof(struct sadb_msg) + alen + elen; 7200 7201 if (len > MCLBYTES) 7202 return key_senderror(so, m, ENOBUFS); 7203 7204 MGETHDR(n, M_NOWAIT, MT_DATA); 7205 if (n != NULL && len > MHLEN) { 7206 if (!(MCLGET(n, M_NOWAIT))) { 7207 m_freem(n); 7208 n = NULL; 7209 } 7210 } 7211 if (!n) 7212 return key_senderror(so, m, ENOBUFS); 7213 7214 n->m_pkthdr.len = n->m_len = len; 7215 n->m_next = NULL; 7216 off = 0; 7217 7218 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7219 newmsg = mtod(n, struct sadb_msg *); 7220 newmsg->sadb_msg_errno = 0; 7221 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7222 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7223 7224 /* for authentication algorithm */ 7225 if (alen) { 7226 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7227 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7228 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7229 off += PFKEY_ALIGN8(sizeof(*sup)); 7230 7231 for (i = 1; i <= SADB_AALG_MAX; i++) { 7232 const struct auth_hash *aalgo; 7233 u_int16_t minkeysize, maxkeysize; 7234 7235 aalgo = auth_algorithm_lookup(i); 7236 if (!aalgo) 7237 continue; 7238 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7239 alg->sadb_alg_id = i; 7240 alg->sadb_alg_ivlen = 0; 7241 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7242 alg->sadb_alg_minbits = _BITS(minkeysize); 7243 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7244 off += PFKEY_ALIGN8(sizeof(*alg)); 7245 } 7246 } 7247 7248 /* for encryption algorithm */ 7249 if (elen) { 7250 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7251 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7252 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7253 off += PFKEY_ALIGN8(sizeof(*sup)); 7254 7255 for (i = 1; i <= SADB_EALG_MAX; i++) { 7256 const struct enc_xform *ealgo; 7257 7258 ealgo = enc_algorithm_lookup(i); 7259 if (!ealgo) 7260 continue; 7261 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7262 alg->sadb_alg_id = i; 7263 alg->sadb_alg_ivlen = ealgo->ivsize; 7264 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7265 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7266 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7267 } 7268 } 7269 7270 IPSEC_ASSERT(off == len, 7271 ("length assumption failed (off %u len %u)", off, len)); 7272 7273 m_freem(m); 7274 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7275 } 7276 } 7277 7278 /* 7279 * free secreg entry registered. 7280 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7281 */ 7282 void 7283 key_freereg(struct socket *so) 7284 { 7285 struct secreg *reg; 7286 int i; 7287 7288 IPSEC_ASSERT(so != NULL, ("NULL so")); 7289 7290 /* 7291 * check whether existing or not. 7292 * check all type of SA, because there is a potential that 7293 * one socket is registered to multiple type of SA. 7294 */ 7295 REGTREE_LOCK(); 7296 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7297 LIST_FOREACH(reg, &V_regtree[i], chain) { 7298 if (reg->so == so && __LIST_CHAINED(reg)) { 7299 LIST_REMOVE(reg, chain); 7300 free(reg, M_IPSEC_SAR); 7301 break; 7302 } 7303 } 7304 } 7305 REGTREE_UNLOCK(); 7306 } 7307 7308 /* 7309 * SADB_EXPIRE processing 7310 * send 7311 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7312 * to KMD by PF_KEY. 7313 * NOTE: We send only soft lifetime extension. 7314 * 7315 * OUT: 0 : succeed 7316 * others : error number 7317 */ 7318 static int 7319 key_expire(struct secasvar *sav, int hard) 7320 { 7321 struct mbuf *result = NULL, *m; 7322 struct sadb_lifetime *lt; 7323 uint32_t replay_count; 7324 int error, len; 7325 uint8_t satype; 7326 7327 SECASVAR_RLOCK_TRACKER; 7328 7329 IPSEC_ASSERT (sav != NULL, ("null sav")); 7330 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7331 7332 KEYDBG(KEY_STAMP, 7333 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7334 sav, hard ? "hard": "soft")); 7335 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7336 /* set msg header */ 7337 satype = key_proto2satype(sav->sah->saidx.proto); 7338 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7339 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7340 if (!m) { 7341 error = ENOBUFS; 7342 goto fail; 7343 } 7344 result = m; 7345 7346 /* create SA extension */ 7347 m = key_setsadbsa(sav); 7348 if (!m) { 7349 error = ENOBUFS; 7350 goto fail; 7351 } 7352 m_cat(result, m); 7353 7354 /* create SA extension */ 7355 SECASVAR_RLOCK(sav); 7356 replay_count = sav->replay ? sav->replay->count : 0; 7357 SECASVAR_RUNLOCK(sav); 7358 7359 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7360 sav->sah->saidx.reqid); 7361 if (!m) { 7362 error = ENOBUFS; 7363 goto fail; 7364 } 7365 m_cat(result, m); 7366 7367 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7368 m = key_setsadbxsareplay(sav->replay->wsize); 7369 if (!m) { 7370 error = ENOBUFS; 7371 goto fail; 7372 } 7373 m_cat(result, m); 7374 } 7375 7376 /* create lifetime extension (current and soft) */ 7377 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7378 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7379 if (m == NULL) { 7380 error = ENOBUFS; 7381 goto fail; 7382 } 7383 m_align(m, len); 7384 m->m_len = len; 7385 bzero(mtod(m, caddr_t), len); 7386 lt = mtod(m, struct sadb_lifetime *); 7387 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7388 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7389 lt->sadb_lifetime_allocations = 7390 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7391 lt->sadb_lifetime_bytes = 7392 counter_u64_fetch(sav->lft_c_bytes); 7393 lt->sadb_lifetime_addtime = sav->created; 7394 lt->sadb_lifetime_usetime = sav->firstused; 7395 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7396 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7397 if (hard) { 7398 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7399 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7400 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7401 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7402 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7403 } else { 7404 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7405 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7406 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7407 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7408 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7409 } 7410 m_cat(result, m); 7411 7412 /* set sadb_address for source */ 7413 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7414 &sav->sah->saidx.src.sa, 7415 FULLMASK, IPSEC_ULPROTO_ANY); 7416 if (!m) { 7417 error = ENOBUFS; 7418 goto fail; 7419 } 7420 m_cat(result, m); 7421 7422 /* set sadb_address for destination */ 7423 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7424 &sav->sah->saidx.dst.sa, 7425 FULLMASK, IPSEC_ULPROTO_ANY); 7426 if (!m) { 7427 error = ENOBUFS; 7428 goto fail; 7429 } 7430 m_cat(result, m); 7431 7432 /* 7433 * XXX-BZ Handle NAT-T extensions here. 7434 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7435 * this information, we report only significant SA fields. 7436 */ 7437 7438 if ((result->m_flags & M_PKTHDR) == 0) { 7439 error = EINVAL; 7440 goto fail; 7441 } 7442 7443 if (result->m_len < sizeof(struct sadb_msg)) { 7444 result = m_pullup(result, sizeof(struct sadb_msg)); 7445 if (result == NULL) { 7446 error = ENOBUFS; 7447 goto fail; 7448 } 7449 } 7450 7451 result->m_pkthdr.len = 0; 7452 for (m = result; m; m = m->m_next) 7453 result->m_pkthdr.len += m->m_len; 7454 7455 mtod(result, struct sadb_msg *)->sadb_msg_len = 7456 PFKEY_UNIT64(result->m_pkthdr.len); 7457 7458 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7459 7460 fail: 7461 if (result) 7462 m_freem(result); 7463 return error; 7464 } 7465 7466 static void 7467 key_freesah_flushed(struct secashead_queue *flushq) 7468 { 7469 struct secashead *sah, *nextsah; 7470 struct secasvar *sav, *nextsav; 7471 7472 sah = TAILQ_FIRST(flushq); 7473 while (sah != NULL) { 7474 sav = TAILQ_FIRST(&sah->savtree_larval); 7475 while (sav != NULL) { 7476 nextsav = TAILQ_NEXT(sav, chain); 7477 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7478 key_freesav(&sav); /* release last reference */ 7479 key_freesah(&sah); /* release reference from SAV */ 7480 sav = nextsav; 7481 } 7482 sav = TAILQ_FIRST(&sah->savtree_alive); 7483 while (sav != NULL) { 7484 nextsav = TAILQ_NEXT(sav, chain); 7485 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7486 key_freesav(&sav); /* release last reference */ 7487 key_freesah(&sah); /* release reference from SAV */ 7488 sav = nextsav; 7489 } 7490 nextsah = TAILQ_NEXT(sah, chain); 7491 key_freesah(&sah); /* release last reference */ 7492 sah = nextsah; 7493 } 7494 } 7495 7496 /* 7497 * SADB_FLUSH processing 7498 * receive 7499 * <base> 7500 * from the ikmpd, and free all entries in secastree. 7501 * and send, 7502 * <base> 7503 * to the ikmpd. 7504 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7505 * 7506 * m will always be freed. 7507 */ 7508 static int 7509 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7510 { 7511 struct secashead_queue flushq; 7512 struct sadb_msg *newmsg; 7513 struct secashead *sah, *nextsah; 7514 struct secasvar *sav; 7515 uint8_t proto; 7516 int i; 7517 7518 IPSEC_ASSERT(so != NULL, ("null socket")); 7519 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7520 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7521 7522 /* map satype to proto */ 7523 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7524 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7525 __func__)); 7526 return key_senderror(so, m, EINVAL); 7527 } 7528 KEYDBG(KEY_STAMP, 7529 printf("%s: proto %u\n", __func__, proto)); 7530 7531 TAILQ_INIT(&flushq); 7532 if (proto == IPSEC_PROTO_ANY) { 7533 /* no SATYPE specified, i.e. flushing all SA. */ 7534 SAHTREE_WLOCK(); 7535 /* Move all SAHs into flushq */ 7536 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7537 /* Flush all buckets in SPI hash */ 7538 for (i = 0; i < V_savhash_mask + 1; i++) 7539 LIST_INIT(&V_savhashtbl[i]); 7540 /* Flush all buckets in SAHADDRHASH */ 7541 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7542 LIST_INIT(&V_sahaddrhashtbl[i]); 7543 /* Mark all SAHs as unlinked */ 7544 TAILQ_FOREACH(sah, &flushq, chain) { 7545 sah->state = SADB_SASTATE_DEAD; 7546 /* 7547 * Callout handler makes its job using 7548 * RLOCK and drain queues. In case, when this 7549 * function will be called just before it 7550 * acquires WLOCK, we need to mark SAs as 7551 * unlinked to prevent second unlink. 7552 */ 7553 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7554 sav->state = SADB_SASTATE_DEAD; 7555 } 7556 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7557 sav->state = SADB_SASTATE_DEAD; 7558 } 7559 } 7560 SAHTREE_WUNLOCK(); 7561 } else { 7562 SAHTREE_WLOCK(); 7563 sah = TAILQ_FIRST(&V_sahtree); 7564 while (sah != NULL) { 7565 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7566 ("DEAD SAH %p in SADB_FLUSH", sah)); 7567 nextsah = TAILQ_NEXT(sah, chain); 7568 if (sah->saidx.proto != proto) { 7569 sah = nextsah; 7570 continue; 7571 } 7572 sah->state = SADB_SASTATE_DEAD; 7573 TAILQ_REMOVE(&V_sahtree, sah, chain); 7574 LIST_REMOVE(sah, addrhash); 7575 /* Unlink all SAs from SPI hash */ 7576 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7577 LIST_REMOVE(sav, spihash); 7578 sav->state = SADB_SASTATE_DEAD; 7579 } 7580 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7581 LIST_REMOVE(sav, spihash); 7582 sav->state = SADB_SASTATE_DEAD; 7583 } 7584 /* Add SAH into flushq */ 7585 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7586 sah = nextsah; 7587 } 7588 SAHTREE_WUNLOCK(); 7589 } 7590 7591 key_freesah_flushed(&flushq); 7592 /* Free all queued SAs and SAHs */ 7593 if (m->m_len < sizeof(struct sadb_msg) || 7594 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7595 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7596 return key_senderror(so, m, ENOBUFS); 7597 } 7598 7599 if (m->m_next) 7600 m_freem(m->m_next); 7601 m->m_next = NULL; 7602 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7603 newmsg = mtod(m, struct sadb_msg *); 7604 newmsg->sadb_msg_errno = 0; 7605 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7606 7607 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7608 } 7609 7610 /* 7611 * SADB_DUMP processing 7612 * dump all entries including status of DEAD in SAD. 7613 * receive 7614 * <base> 7615 * from the ikmpd, and dump all secasvar leaves 7616 * and send, 7617 * <base> ..... 7618 * to the ikmpd. 7619 * 7620 * m will always be freed. 7621 */ 7622 static int 7623 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7624 { 7625 SAHTREE_RLOCK_TRACKER; 7626 struct secashead *sah; 7627 struct secasvar *sav; 7628 struct mbuf *n; 7629 uint32_t cnt; 7630 uint8_t proto, satype; 7631 7632 IPSEC_ASSERT(so != NULL, ("null socket")); 7633 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7634 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7635 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7636 7637 /* map satype to proto */ 7638 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7639 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7640 __func__)); 7641 return key_senderror(so, m, EINVAL); 7642 } 7643 7644 /* count sav entries to be sent to the userland. */ 7645 cnt = 0; 7646 SAHTREE_RLOCK(); 7647 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7648 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7649 proto != sah->saidx.proto) 7650 continue; 7651 7652 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7653 cnt++; 7654 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7655 cnt++; 7656 } 7657 7658 if (cnt == 0) { 7659 SAHTREE_RUNLOCK(); 7660 return key_senderror(so, m, ENOENT); 7661 } 7662 7663 /* send this to the userland, one at a time. */ 7664 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7665 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7666 proto != sah->saidx.proto) 7667 continue; 7668 7669 /* map proto to satype */ 7670 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7671 SAHTREE_RUNLOCK(); 7672 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7673 "SAD.\n", __func__)); 7674 return key_senderror(so, m, EINVAL); 7675 } 7676 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7677 n = key_setdumpsa(sav, SADB_DUMP, satype, 7678 --cnt, mhp->msg->sadb_msg_pid); 7679 if (n == NULL) { 7680 SAHTREE_RUNLOCK(); 7681 return key_senderror(so, m, ENOBUFS); 7682 } 7683 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7684 } 7685 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7686 n = key_setdumpsa(sav, SADB_DUMP, satype, 7687 --cnt, mhp->msg->sadb_msg_pid); 7688 if (n == NULL) { 7689 SAHTREE_RUNLOCK(); 7690 return key_senderror(so, m, ENOBUFS); 7691 } 7692 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7693 } 7694 } 7695 SAHTREE_RUNLOCK(); 7696 m_freem(m); 7697 return (0); 7698 } 7699 /* 7700 * SADB_X_PROMISC processing 7701 * 7702 * m will always be freed. 7703 */ 7704 static int 7705 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7706 { 7707 int olen; 7708 7709 IPSEC_ASSERT(so != NULL, ("null socket")); 7710 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7711 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7712 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7713 7714 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7715 7716 if (olen < sizeof(struct sadb_msg)) { 7717 #if 1 7718 return key_senderror(so, m, EINVAL); 7719 #else 7720 m_freem(m); 7721 return 0; 7722 #endif 7723 } else if (olen == sizeof(struct sadb_msg)) { 7724 /* enable/disable promisc mode */ 7725 struct keycb *kp; 7726 7727 if ((kp = so->so_pcb) == NULL) 7728 return key_senderror(so, m, EINVAL); 7729 mhp->msg->sadb_msg_errno = 0; 7730 switch (mhp->msg->sadb_msg_satype) { 7731 case 0: 7732 case 1: 7733 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7734 break; 7735 default: 7736 return key_senderror(so, m, EINVAL); 7737 } 7738 7739 /* send the original message back to everyone */ 7740 mhp->msg->sadb_msg_errno = 0; 7741 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7742 } else { 7743 /* send packet as is */ 7744 7745 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7746 7747 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7748 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7749 } 7750 } 7751 7752 static int (*key_typesw[])(struct socket *, struct mbuf *, 7753 const struct sadb_msghdr *) = { 7754 NULL, /* SADB_RESERVED */ 7755 key_getspi, /* SADB_GETSPI */ 7756 key_update, /* SADB_UPDATE */ 7757 key_add, /* SADB_ADD */ 7758 key_delete, /* SADB_DELETE */ 7759 key_get, /* SADB_GET */ 7760 key_acquire2, /* SADB_ACQUIRE */ 7761 key_register, /* SADB_REGISTER */ 7762 NULL, /* SADB_EXPIRE */ 7763 key_flush, /* SADB_FLUSH */ 7764 key_dump, /* SADB_DUMP */ 7765 key_promisc, /* SADB_X_PROMISC */ 7766 NULL, /* SADB_X_PCHANGE */ 7767 key_spdadd, /* SADB_X_SPDUPDATE */ 7768 key_spdadd, /* SADB_X_SPDADD */ 7769 key_spddelete, /* SADB_X_SPDDELETE */ 7770 key_spdget, /* SADB_X_SPDGET */ 7771 NULL, /* SADB_X_SPDACQUIRE */ 7772 key_spddump, /* SADB_X_SPDDUMP */ 7773 key_spdflush, /* SADB_X_SPDFLUSH */ 7774 key_spdadd, /* SADB_X_SPDSETIDX */ 7775 NULL, /* SADB_X_SPDEXPIRE */ 7776 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7777 }; 7778 7779 /* 7780 * parse sadb_msg buffer to process PFKEYv2, 7781 * and create a data to response if needed. 7782 * I think to be dealed with mbuf directly. 7783 * IN: 7784 * msgp : pointer to pointer to a received buffer pulluped. 7785 * This is rewrited to response. 7786 * so : pointer to socket. 7787 * OUT: 7788 * length for buffer to send to user process. 7789 */ 7790 int 7791 key_parse(struct mbuf *m, struct socket *so) 7792 { 7793 struct sadb_msg *msg; 7794 struct sadb_msghdr mh; 7795 u_int orglen; 7796 int error; 7797 int target; 7798 7799 IPSEC_ASSERT(so != NULL, ("null socket")); 7800 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7801 7802 if (m->m_len < sizeof(struct sadb_msg)) { 7803 m = m_pullup(m, sizeof(struct sadb_msg)); 7804 if (!m) 7805 return ENOBUFS; 7806 } 7807 msg = mtod(m, struct sadb_msg *); 7808 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7809 target = KEY_SENDUP_ONE; 7810 7811 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7812 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7813 PFKEYSTAT_INC(out_invlen); 7814 error = EINVAL; 7815 goto senderror; 7816 } 7817 7818 if (msg->sadb_msg_version != PF_KEY_V2) { 7819 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7820 __func__, msg->sadb_msg_version)); 7821 PFKEYSTAT_INC(out_invver); 7822 error = EINVAL; 7823 goto senderror; 7824 } 7825 7826 if (msg->sadb_msg_type > SADB_MAX) { 7827 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7828 __func__, msg->sadb_msg_type)); 7829 PFKEYSTAT_INC(out_invmsgtype); 7830 error = EINVAL; 7831 goto senderror; 7832 } 7833 7834 /* for old-fashioned code - should be nuked */ 7835 if (m->m_pkthdr.len > MCLBYTES) { 7836 m_freem(m); 7837 return ENOBUFS; 7838 } 7839 if (m->m_next) { 7840 struct mbuf *n; 7841 7842 MGETHDR(n, M_NOWAIT, MT_DATA); 7843 if (n && m->m_pkthdr.len > MHLEN) { 7844 if (!(MCLGET(n, M_NOWAIT))) { 7845 m_free(n); 7846 n = NULL; 7847 } 7848 } 7849 if (!n) { 7850 m_freem(m); 7851 return ENOBUFS; 7852 } 7853 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7854 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7855 n->m_next = NULL; 7856 m_freem(m); 7857 m = n; 7858 } 7859 7860 /* align the mbuf chain so that extensions are in contiguous region. */ 7861 error = key_align(m, &mh); 7862 if (error) 7863 return error; 7864 7865 msg = mh.msg; 7866 7867 /* We use satype as scope mask for spddump */ 7868 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7869 switch (msg->sadb_msg_satype) { 7870 case IPSEC_POLICYSCOPE_ANY: 7871 case IPSEC_POLICYSCOPE_GLOBAL: 7872 case IPSEC_POLICYSCOPE_IFNET: 7873 case IPSEC_POLICYSCOPE_PCB: 7874 break; 7875 default: 7876 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7877 __func__, msg->sadb_msg_type)); 7878 PFKEYSTAT_INC(out_invsatype); 7879 error = EINVAL; 7880 goto senderror; 7881 } 7882 } else { 7883 switch (msg->sadb_msg_satype) { /* check SA type */ 7884 case SADB_SATYPE_UNSPEC: 7885 switch (msg->sadb_msg_type) { 7886 case SADB_GETSPI: 7887 case SADB_UPDATE: 7888 case SADB_ADD: 7889 case SADB_DELETE: 7890 case SADB_GET: 7891 case SADB_ACQUIRE: 7892 case SADB_EXPIRE: 7893 ipseclog((LOG_DEBUG, "%s: must specify satype " 7894 "when msg type=%u.\n", __func__, 7895 msg->sadb_msg_type)); 7896 PFKEYSTAT_INC(out_invsatype); 7897 error = EINVAL; 7898 goto senderror; 7899 } 7900 break; 7901 case SADB_SATYPE_AH: 7902 case SADB_SATYPE_ESP: 7903 case SADB_X_SATYPE_IPCOMP: 7904 case SADB_X_SATYPE_TCPSIGNATURE: 7905 switch (msg->sadb_msg_type) { 7906 case SADB_X_SPDADD: 7907 case SADB_X_SPDDELETE: 7908 case SADB_X_SPDGET: 7909 case SADB_X_SPDFLUSH: 7910 case SADB_X_SPDSETIDX: 7911 case SADB_X_SPDUPDATE: 7912 case SADB_X_SPDDELETE2: 7913 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7914 __func__, msg->sadb_msg_type)); 7915 PFKEYSTAT_INC(out_invsatype); 7916 error = EINVAL; 7917 goto senderror; 7918 } 7919 break; 7920 case SADB_SATYPE_RSVP: 7921 case SADB_SATYPE_OSPFV2: 7922 case SADB_SATYPE_RIPV2: 7923 case SADB_SATYPE_MIP: 7924 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7925 __func__, msg->sadb_msg_satype)); 7926 PFKEYSTAT_INC(out_invsatype); 7927 error = EOPNOTSUPP; 7928 goto senderror; 7929 case 1: /* XXX: What does it do? */ 7930 if (msg->sadb_msg_type == SADB_X_PROMISC) 7931 break; 7932 /*FALLTHROUGH*/ 7933 default: 7934 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7935 __func__, msg->sadb_msg_satype)); 7936 PFKEYSTAT_INC(out_invsatype); 7937 error = EINVAL; 7938 goto senderror; 7939 } 7940 } 7941 7942 /* check field of upper layer protocol and address family */ 7943 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7944 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7945 struct sadb_address *src0, *dst0; 7946 u_int plen; 7947 7948 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7949 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7950 7951 /* check upper layer protocol */ 7952 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7953 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7954 "mismatched.\n", __func__)); 7955 PFKEYSTAT_INC(out_invaddr); 7956 error = EINVAL; 7957 goto senderror; 7958 } 7959 7960 /* check family */ 7961 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7962 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7963 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7964 __func__)); 7965 PFKEYSTAT_INC(out_invaddr); 7966 error = EINVAL; 7967 goto senderror; 7968 } 7969 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7970 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7971 ipseclog((LOG_DEBUG, "%s: address struct size " 7972 "mismatched.\n", __func__)); 7973 PFKEYSTAT_INC(out_invaddr); 7974 error = EINVAL; 7975 goto senderror; 7976 } 7977 7978 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7979 case AF_INET: 7980 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7981 sizeof(struct sockaddr_in)) { 7982 PFKEYSTAT_INC(out_invaddr); 7983 error = EINVAL; 7984 goto senderror; 7985 } 7986 break; 7987 case AF_INET6: 7988 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7989 sizeof(struct sockaddr_in6)) { 7990 PFKEYSTAT_INC(out_invaddr); 7991 error = EINVAL; 7992 goto senderror; 7993 } 7994 break; 7995 default: 7996 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7997 __func__)); 7998 PFKEYSTAT_INC(out_invaddr); 7999 error = EAFNOSUPPORT; 8000 goto senderror; 8001 } 8002 8003 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 8004 case AF_INET: 8005 plen = sizeof(struct in_addr) << 3; 8006 break; 8007 case AF_INET6: 8008 plen = sizeof(struct in6_addr) << 3; 8009 break; 8010 default: 8011 plen = 0; /*fool gcc*/ 8012 break; 8013 } 8014 8015 /* check max prefix length */ 8016 if (src0->sadb_address_prefixlen > plen || 8017 dst0->sadb_address_prefixlen > plen) { 8018 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8019 __func__)); 8020 PFKEYSTAT_INC(out_invaddr); 8021 error = EINVAL; 8022 goto senderror; 8023 } 8024 8025 /* 8026 * prefixlen == 0 is valid because there can be a case when 8027 * all addresses are matched. 8028 */ 8029 } 8030 8031 if (msg->sadb_msg_type >= nitems(key_typesw) || 8032 key_typesw[msg->sadb_msg_type] == NULL) { 8033 PFKEYSTAT_INC(out_invmsgtype); 8034 error = EINVAL; 8035 goto senderror; 8036 } 8037 8038 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8039 8040 senderror: 8041 msg->sadb_msg_errno = error; 8042 return key_sendup_mbuf(so, m, target); 8043 } 8044 8045 static int 8046 key_senderror(struct socket *so, struct mbuf *m, int code) 8047 { 8048 struct sadb_msg *msg; 8049 8050 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8051 ("mbuf too small, len %u", m->m_len)); 8052 8053 msg = mtod(m, struct sadb_msg *); 8054 msg->sadb_msg_errno = code; 8055 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8056 } 8057 8058 /* 8059 * set the pointer to each header into message buffer. 8060 * m will be freed on error. 8061 * XXX larger-than-MCLBYTES extension? 8062 */ 8063 static int 8064 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8065 { 8066 struct mbuf *n; 8067 struct sadb_ext *ext; 8068 size_t off, end; 8069 int extlen; 8070 int toff; 8071 8072 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8073 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8074 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8075 ("mbuf too small, len %u", m->m_len)); 8076 8077 /* initialize */ 8078 bzero(mhp, sizeof(*mhp)); 8079 8080 mhp->msg = mtod(m, struct sadb_msg *); 8081 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8082 8083 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8084 extlen = end; /*just in case extlen is not updated*/ 8085 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8086 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8087 if (!n) { 8088 /* m is already freed */ 8089 return ENOBUFS; 8090 } 8091 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8092 8093 /* set pointer */ 8094 switch (ext->sadb_ext_type) { 8095 case SADB_EXT_SA: 8096 case SADB_EXT_ADDRESS_SRC: 8097 case SADB_EXT_ADDRESS_DST: 8098 case SADB_EXT_ADDRESS_PROXY: 8099 case SADB_EXT_LIFETIME_CURRENT: 8100 case SADB_EXT_LIFETIME_HARD: 8101 case SADB_EXT_LIFETIME_SOFT: 8102 case SADB_EXT_KEY_AUTH: 8103 case SADB_EXT_KEY_ENCRYPT: 8104 case SADB_EXT_IDENTITY_SRC: 8105 case SADB_EXT_IDENTITY_DST: 8106 case SADB_EXT_SENSITIVITY: 8107 case SADB_EXT_PROPOSAL: 8108 case SADB_EXT_SUPPORTED_AUTH: 8109 case SADB_EXT_SUPPORTED_ENCRYPT: 8110 case SADB_EXT_SPIRANGE: 8111 case SADB_X_EXT_POLICY: 8112 case SADB_X_EXT_SA2: 8113 case SADB_X_EXT_NAT_T_TYPE: 8114 case SADB_X_EXT_NAT_T_SPORT: 8115 case SADB_X_EXT_NAT_T_DPORT: 8116 case SADB_X_EXT_NAT_T_OAI: 8117 case SADB_X_EXT_NAT_T_OAR: 8118 case SADB_X_EXT_NAT_T_FRAG: 8119 case SADB_X_EXT_SA_REPLAY: 8120 case SADB_X_EXT_NEW_ADDRESS_SRC: 8121 case SADB_X_EXT_NEW_ADDRESS_DST: 8122 /* duplicate check */ 8123 /* 8124 * XXX Are there duplication payloads of either 8125 * KEY_AUTH or KEY_ENCRYPT ? 8126 */ 8127 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8128 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8129 "%u\n", __func__, ext->sadb_ext_type)); 8130 m_freem(m); 8131 PFKEYSTAT_INC(out_dupext); 8132 return EINVAL; 8133 } 8134 break; 8135 default: 8136 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8137 __func__, ext->sadb_ext_type)); 8138 m_freem(m); 8139 PFKEYSTAT_INC(out_invexttype); 8140 return EINVAL; 8141 } 8142 8143 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8144 8145 if (key_validate_ext(ext, extlen)) { 8146 m_freem(m); 8147 PFKEYSTAT_INC(out_invlen); 8148 return EINVAL; 8149 } 8150 8151 n = m_pulldown(m, off, extlen, &toff); 8152 if (!n) { 8153 /* m is already freed */ 8154 return ENOBUFS; 8155 } 8156 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8157 8158 mhp->ext[ext->sadb_ext_type] = ext; 8159 mhp->extoff[ext->sadb_ext_type] = off; 8160 mhp->extlen[ext->sadb_ext_type] = extlen; 8161 } 8162 8163 if (off != end) { 8164 m_freem(m); 8165 PFKEYSTAT_INC(out_invlen); 8166 return EINVAL; 8167 } 8168 8169 return 0; 8170 } 8171 8172 static int 8173 key_validate_ext(const struct sadb_ext *ext, int len) 8174 { 8175 const struct sockaddr *sa; 8176 enum { NONE, ADDR } checktype = NONE; 8177 int baselen = 0; 8178 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8179 8180 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8181 return EINVAL; 8182 8183 /* if it does not match minimum/maximum length, bail */ 8184 if (ext->sadb_ext_type >= nitems(minsize) || 8185 ext->sadb_ext_type >= nitems(maxsize)) 8186 return EINVAL; 8187 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8188 return EINVAL; 8189 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8190 return EINVAL; 8191 8192 /* more checks based on sadb_ext_type XXX need more */ 8193 switch (ext->sadb_ext_type) { 8194 case SADB_EXT_ADDRESS_SRC: 8195 case SADB_EXT_ADDRESS_DST: 8196 case SADB_EXT_ADDRESS_PROXY: 8197 case SADB_X_EXT_NAT_T_OAI: 8198 case SADB_X_EXT_NAT_T_OAR: 8199 case SADB_X_EXT_NEW_ADDRESS_SRC: 8200 case SADB_X_EXT_NEW_ADDRESS_DST: 8201 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8202 checktype = ADDR; 8203 break; 8204 case SADB_EXT_IDENTITY_SRC: 8205 case SADB_EXT_IDENTITY_DST: 8206 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8207 SADB_X_IDENTTYPE_ADDR) { 8208 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8209 checktype = ADDR; 8210 } else 8211 checktype = NONE; 8212 break; 8213 default: 8214 checktype = NONE; 8215 break; 8216 } 8217 8218 switch (checktype) { 8219 case NONE: 8220 break; 8221 case ADDR: 8222 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8223 if (len < baselen + sal) 8224 return EINVAL; 8225 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8226 return EINVAL; 8227 break; 8228 } 8229 8230 return 0; 8231 } 8232 8233 void 8234 spdcache_init(void) 8235 { 8236 int i; 8237 8238 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8239 &V_key_spdcache_maxentries); 8240 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8241 &V_key_spdcache_threshold); 8242 8243 if (V_key_spdcache_maxentries) { 8244 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8245 SPDCACHE_MAX_ENTRIES_PER_HASH); 8246 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8247 SPDCACHE_MAX_ENTRIES_PER_HASH, 8248 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8249 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8250 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8251 8252 V_spdcache_lock = malloc(sizeof(struct mtx) * 8253 (V_spdcachehash_mask + 1), 8254 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8255 8256 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8257 SPDCACHE_LOCK_INIT(i); 8258 } 8259 } 8260 8261 struct spdcache_entry * 8262 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8263 { 8264 struct spdcache_entry *entry; 8265 8266 entry = malloc(sizeof(struct spdcache_entry), 8267 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8268 if (entry == NULL) 8269 return NULL; 8270 8271 if (sp != NULL) 8272 SP_ADDREF(sp); 8273 8274 entry->spidx = *spidx; 8275 entry->sp = sp; 8276 8277 return (entry); 8278 } 8279 8280 void 8281 spdcache_entry_free(struct spdcache_entry *entry) 8282 { 8283 8284 if (entry->sp != NULL) 8285 key_freesp(&entry->sp); 8286 free(entry, M_IPSEC_SPDCACHE); 8287 } 8288 8289 void 8290 spdcache_clear(void) 8291 { 8292 struct spdcache_entry *entry; 8293 int i; 8294 8295 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8296 SPDCACHE_LOCK(i); 8297 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8298 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8299 LIST_REMOVE(entry, chain); 8300 spdcache_entry_free(entry); 8301 } 8302 SPDCACHE_UNLOCK(i); 8303 } 8304 } 8305 8306 #ifdef VIMAGE 8307 void 8308 spdcache_destroy(void) 8309 { 8310 int i; 8311 8312 if (SPDCACHE_ENABLED()) { 8313 spdcache_clear(); 8314 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8315 8316 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8317 SPDCACHE_LOCK_DESTROY(i); 8318 8319 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8320 } 8321 } 8322 #endif 8323 8324 static void 8325 key_vnet_init(void *arg __unused) 8326 { 8327 int i; 8328 8329 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8330 TAILQ_INIT(&V_sptree[i]); 8331 TAILQ_INIT(&V_sptree_ifnet[i]); 8332 } 8333 8334 TAILQ_INIT(&V_sahtree); 8335 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8336 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8337 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8338 &V_sahaddrhash_mask); 8339 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8340 &V_acqaddrhash_mask); 8341 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8342 &V_acqseqhash_mask); 8343 8344 spdcache_init(); 8345 8346 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8347 LIST_INIT(&V_regtree[i]); 8348 8349 LIST_INIT(&V_acqtree); 8350 LIST_INIT(&V_spacqtree); 8351 } 8352 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8353 key_vnet_init, NULL); 8354 8355 static void 8356 key_init(void *arg __unused) 8357 { 8358 8359 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8360 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8361 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8362 8363 SPTREE_LOCK_INIT(); 8364 REGTREE_LOCK_INIT(); 8365 SAHTREE_LOCK_INIT(); 8366 ACQ_LOCK_INIT(); 8367 SPACQ_LOCK_INIT(); 8368 SPI_ALLOC_LOCK_INIT(); 8369 8370 #ifndef IPSEC_DEBUG2 8371 callout_init(&key_timer, 1); 8372 callout_reset(&key_timer, hz, key_timehandler, NULL); 8373 #endif /*IPSEC_DEBUG2*/ 8374 8375 /* initialize key statistics */ 8376 keystat.getspi_count = 1; 8377 8378 if (bootverbose) 8379 printf("IPsec: Initialized Security Association Processing.\n"); 8380 } 8381 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8382 8383 #ifdef VIMAGE 8384 static void 8385 key_vnet_destroy(void *arg __unused) 8386 { 8387 struct secashead_queue sahdrainq; 8388 struct secpolicy_queue drainq; 8389 struct secpolicy *sp, *nextsp; 8390 struct secacq *acq, *nextacq; 8391 struct secspacq *spacq, *nextspacq; 8392 struct secashead *sah; 8393 struct secasvar *sav; 8394 struct secreg *reg; 8395 int i; 8396 8397 /* 8398 * XXX: can we just call free() for each object without 8399 * walking through safe way with releasing references? 8400 */ 8401 TAILQ_INIT(&drainq); 8402 SPTREE_WLOCK(); 8403 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8404 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8405 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8406 } 8407 for (i = 0; i < V_sphash_mask + 1; i++) 8408 LIST_INIT(&V_sphashtbl[i]); 8409 SPTREE_WUNLOCK(); 8410 spdcache_destroy(); 8411 8412 sp = TAILQ_FIRST(&drainq); 8413 while (sp != NULL) { 8414 nextsp = TAILQ_NEXT(sp, chain); 8415 key_freesp(&sp); 8416 sp = nextsp; 8417 } 8418 8419 TAILQ_INIT(&sahdrainq); 8420 SAHTREE_WLOCK(); 8421 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8422 for (i = 0; i < V_savhash_mask + 1; i++) 8423 LIST_INIT(&V_savhashtbl[i]); 8424 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8425 LIST_INIT(&V_sahaddrhashtbl[i]); 8426 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8427 sah->state = SADB_SASTATE_DEAD; 8428 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8429 sav->state = SADB_SASTATE_DEAD; 8430 } 8431 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8432 sav->state = SADB_SASTATE_DEAD; 8433 } 8434 } 8435 SAHTREE_WUNLOCK(); 8436 8437 key_freesah_flushed(&sahdrainq); 8438 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8439 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8440 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8441 8442 REGTREE_LOCK(); 8443 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8444 LIST_FOREACH(reg, &V_regtree[i], chain) { 8445 if (__LIST_CHAINED(reg)) { 8446 LIST_REMOVE(reg, chain); 8447 free(reg, M_IPSEC_SAR); 8448 break; 8449 } 8450 } 8451 } 8452 REGTREE_UNLOCK(); 8453 8454 ACQ_LOCK(); 8455 acq = LIST_FIRST(&V_acqtree); 8456 while (acq != NULL) { 8457 nextacq = LIST_NEXT(acq, chain); 8458 LIST_REMOVE(acq, chain); 8459 free(acq, M_IPSEC_SAQ); 8460 acq = nextacq; 8461 } 8462 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8463 LIST_INIT(&V_acqaddrhashtbl[i]); 8464 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8465 LIST_INIT(&V_acqseqhashtbl[i]); 8466 ACQ_UNLOCK(); 8467 8468 SPACQ_LOCK(); 8469 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8470 spacq = nextspacq) { 8471 nextspacq = LIST_NEXT(spacq, chain); 8472 if (__LIST_CHAINED(spacq)) { 8473 LIST_REMOVE(spacq, chain); 8474 free(spacq, M_IPSEC_SAQ); 8475 } 8476 } 8477 SPACQ_UNLOCK(); 8478 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8479 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8480 } 8481 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8482 key_vnet_destroy, NULL); 8483 #endif 8484 8485 /* 8486 * XXX: as long as domains are not unloadable, this function is never called, 8487 * provided for consistensy and future unload support. 8488 */ 8489 static void 8490 key_destroy(void *arg __unused) 8491 { 8492 uma_zdestroy(ipsec_key_lft_zone); 8493 8494 #ifndef IPSEC_DEBUG2 8495 callout_drain(&key_timer); 8496 #endif 8497 SPTREE_LOCK_DESTROY(); 8498 REGTREE_LOCK_DESTROY(); 8499 SAHTREE_LOCK_DESTROY(); 8500 ACQ_LOCK_DESTROY(); 8501 SPACQ_LOCK_DESTROY(); 8502 SPI_ALLOC_LOCK_DESTROY(); 8503 } 8504 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8505 8506 /* record data transfer on SA, and update timestamps */ 8507 void 8508 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8509 { 8510 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8511 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8512 8513 /* 8514 * XXX Currently, there is a difference of bytes size 8515 * between inbound and outbound processing. 8516 */ 8517 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8518 8519 /* 8520 * We use the number of packets as the unit of 8521 * allocations. We increment the variable 8522 * whenever {esp,ah}_{in,out}put is called. 8523 */ 8524 counter_u64_add(sav->lft_c_allocations, 1); 8525 8526 /* 8527 * NOTE: We record CURRENT usetime by using wall clock, 8528 * in seconds. HARD and SOFT lifetime are measured by the time 8529 * difference (again in seconds) from usetime. 8530 * 8531 * usetime 8532 * v expire expire 8533 * -----+-----+--------+---> t 8534 * <--------------> HARD 8535 * <-----> SOFT 8536 */ 8537 if (sav->firstused == 0) 8538 sav->firstused = time_second; 8539 } 8540 8541 /* 8542 * Take one of the kernel's security keys and convert it into a PF_KEY 8543 * structure within an mbuf, suitable for sending up to a waiting 8544 * application in user land. 8545 * 8546 * IN: 8547 * src: A pointer to a kernel security key. 8548 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8549 * OUT: 8550 * a valid mbuf or NULL indicating an error 8551 * 8552 */ 8553 8554 static struct mbuf * 8555 key_setkey(struct seckey *src, uint16_t exttype) 8556 { 8557 struct mbuf *m; 8558 struct sadb_key *p; 8559 int len; 8560 8561 if (src == NULL) 8562 return NULL; 8563 8564 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8565 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8566 if (m == NULL) 8567 return NULL; 8568 m_align(m, len); 8569 m->m_len = len; 8570 p = mtod(m, struct sadb_key *); 8571 bzero(p, len); 8572 p->sadb_key_len = PFKEY_UNIT64(len); 8573 p->sadb_key_exttype = exttype; 8574 p->sadb_key_bits = src->bits; 8575 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8576 8577 return m; 8578 } 8579 8580 /* 8581 * Take one of the kernel's lifetime data structures and convert it 8582 * into a PF_KEY structure within an mbuf, suitable for sending up to 8583 * a waiting application in user land. 8584 * 8585 * IN: 8586 * src: A pointer to a kernel lifetime structure. 8587 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8588 * data structures for more information. 8589 * OUT: 8590 * a valid mbuf or NULL indicating an error 8591 * 8592 */ 8593 8594 static struct mbuf * 8595 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8596 { 8597 struct mbuf *m = NULL; 8598 struct sadb_lifetime *p; 8599 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8600 8601 if (src == NULL) 8602 return NULL; 8603 8604 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8605 if (m == NULL) 8606 return m; 8607 m_align(m, len); 8608 m->m_len = len; 8609 p = mtod(m, struct sadb_lifetime *); 8610 8611 bzero(p, len); 8612 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8613 p->sadb_lifetime_exttype = exttype; 8614 p->sadb_lifetime_allocations = src->allocations; 8615 p->sadb_lifetime_bytes = src->bytes; 8616 p->sadb_lifetime_addtime = src->addtime; 8617 p->sadb_lifetime_usetime = src->usetime; 8618 8619 return m; 8620 8621 } 8622 8623 const struct enc_xform * 8624 enc_algorithm_lookup(int alg) 8625 { 8626 int i; 8627 8628 for (i = 0; i < nitems(supported_ealgs); i++) 8629 if (alg == supported_ealgs[i].sadb_alg) 8630 return (supported_ealgs[i].xform); 8631 return (NULL); 8632 } 8633 8634 const struct auth_hash * 8635 auth_algorithm_lookup(int alg) 8636 { 8637 int i; 8638 8639 for (i = 0; i < nitems(supported_aalgs); i++) 8640 if (alg == supported_aalgs[i].sadb_alg) 8641 return (supported_aalgs[i].xform); 8642 return (NULL); 8643 } 8644 8645 const struct comp_algo * 8646 comp_algorithm_lookup(int alg) 8647 { 8648 int i; 8649 8650 for (i = 0; i < nitems(supported_calgs); i++) 8651 if (alg == supported_calgs[i].sadb_alg) 8652 return (supported_calgs[i].xform); 8653 return (NULL); 8654 } 8655