1 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * This code is referd to RFC 2367 36 */ 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 #include "opt_ipsec.h" 41 42 #include <sys/types.h> 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/kernel.h> 46 #include <sys/fnv_hash.h> 47 #include <sys/lock.h> 48 #include <sys/mutex.h> 49 #include <sys/mbuf.h> 50 #include <sys/domain.h> 51 #include <sys/protosw.h> 52 #include <sys/malloc.h> 53 #include <sys/rmlock.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/sysctl.h> 57 #include <sys/errno.h> 58 #include <sys/proc.h> 59 #include <sys/queue.h> 60 #include <sys/refcount.h> 61 #include <sys/syslog.h> 62 63 #include <vm/uma.h> 64 65 #include <net/if.h> 66 #include <net/if_var.h> 67 #include <net/vnet.h> 68 69 #include <netinet/in.h> 70 #include <netinet/in_systm.h> 71 #include <netinet/ip.h> 72 #include <netinet/in_var.h> 73 #include <netinet/udp.h> 74 75 #ifdef INET6 76 #include <netinet/ip6.h> 77 #include <netinet6/in6_var.h> 78 #include <netinet6/ip6_var.h> 79 #endif /* INET6 */ 80 81 #include <net/pfkeyv2.h> 82 #include <netipsec/keydb.h> 83 #include <netipsec/key.h> 84 #include <netipsec/keysock.h> 85 #include <netipsec/key_debug.h> 86 #include <netipsec/ipsec_offload.h> 87 88 #include <netipsec/ipsec.h> 89 #ifdef INET6 90 #include <netipsec/ipsec6.h> 91 #endif 92 93 #include <netipsec/xform.h> 94 #include <netipsec/ipsec_offload.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #ifdef IPSEC_OFFLOAD 102 void (*ipsec_accel_sa_newkey_p)(struct secasvar *sav); 103 void (*ipsec_accel_forget_sav_p)(struct secasvar *sav); 104 void (*ipsec_accel_spdadd_p)(struct secpolicy *sp, struct inpcb *inp); 105 void (*ipsec_accel_spddel_p)(struct secpolicy *sp); 106 int (*ipsec_accel_sa_lifetime_op_p)(struct secasvar *sav, 107 struct seclifetime *lft_c, if_t ifp, enum IF_SA_CNT_WHICH op, 108 struct rm_priotracker *sahtree_trackerp); 109 void (*ipsec_accel_sync_p)(void); 110 bool (*ipsec_accel_is_accel_sav_p)(struct secasvar *sav); 111 struct mbuf *(*ipsec_accel_key_setaccelif_p)(struct secasvar *sav); 112 void (*ipsec_accel_on_ifdown_p)(struct ifnet *ifp); 113 void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp, 114 u_int drv_spi, uint64_t octets, uint64_t allocs); 115 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp, 116 u_int drv_spi, uint64_t *octets, uint64_t *allocs); 117 #endif 118 119 #define FULLMASK 0xff 120 #define _BITS(bytes) ((bytes) << 3) 121 122 #define UINT32_80PCT 0xcccccccc 123 /* 124 * Note on SA reference counting: 125 * - SAs that are not in DEAD state will have (total external reference + 1) 126 * following value in reference count field. they cannot be freed and are 127 * referenced from SA header. 128 * - SAs that are in DEAD state will have (total external reference) 129 * in reference count field. they are ready to be freed. reference from 130 * SA header will be removed in key_delsav(), when the reference count 131 * field hits 0 (= no external reference other than from SA header. 132 */ 133 134 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 135 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 136 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 137 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 138 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 139 /*interval to initialize randseed,1(m)*/ 140 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 141 /* interval to expire acquiring, 30(s)*/ 142 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 143 /* counter for blocking SADB_ACQUIRE.*/ 144 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 145 /* lifetime for blocking SADB_ACQUIRE.*/ 146 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 147 /* preferred old sa rather than new sa.*/ 148 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 149 #define V_key_spi_trycnt VNET(key_spi_trycnt) 150 #define V_key_spi_minval VNET(key_spi_minval) 151 #define V_key_spi_maxval VNET(key_spi_maxval) 152 #define V_policy_id VNET(policy_id) 153 #define V_key_int_random VNET(key_int_random) 154 #define V_key_larval_lifetime VNET(key_larval_lifetime) 155 #define V_key_blockacq_count VNET(key_blockacq_count) 156 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 157 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 158 159 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 160 #define V_acq_seq VNET(acq_seq) 161 162 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 163 #define V_sp_genid VNET(sp_genid) 164 165 /* SPD */ 166 TAILQ_HEAD(secpolicy_queue, secpolicy); 167 LIST_HEAD(secpolicy_list, secpolicy); 168 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 169 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 170 static struct rmlock sptree_lock; 171 #define V_sptree VNET(sptree) 172 #define V_sptree_ifnet VNET(sptree_ifnet) 173 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 174 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 175 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 176 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 177 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 178 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 179 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 180 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 181 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 182 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 183 184 /* Hash table for lookup SP using unique id */ 185 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 186 VNET_DEFINE_STATIC(u_long, sphash_mask); 187 #define V_sphashtbl VNET(sphashtbl) 188 #define V_sphash_mask VNET(sphash_mask) 189 190 #define SPHASH_NHASH_LOG2 7 191 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 192 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 193 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 194 195 /* SPD cache */ 196 struct spdcache_entry { 197 struct secpolicyindex spidx; /* secpolicyindex */ 198 struct secpolicy *sp; /* cached policy to be used */ 199 200 LIST_ENTRY(spdcache_entry) chain; 201 }; 202 LIST_HEAD(spdcache_entry_list, spdcache_entry); 203 204 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 205 206 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 207 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 208 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 209 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 210 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 211 #define V_spd_size VNET(spd_size) 212 213 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 214 #define SPDCACHE_ACTIVE() \ 215 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 216 217 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 218 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 219 #define V_spdcachehashtbl VNET(spdcachehashtbl) 220 #define V_spdcachehash_mask VNET(spdcachehash_mask) 221 222 #define SPDCACHE_HASHVAL(idx) \ 223 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 224 V_spdcachehash_mask) 225 226 /* Each cache line is protected by a mutex */ 227 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 228 #define V_spdcache_lock VNET(spdcache_lock) 229 230 #define SPDCACHE_LOCK_INIT(a) \ 231 mtx_init(&V_spdcache_lock[a], "spdcache", \ 232 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 233 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 234 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 235 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 236 237 static struct sx spi_alloc_lock; 238 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 239 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 240 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 241 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 242 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 243 244 /* SAD */ 245 TAILQ_HEAD(secashead_queue, secashead); 246 LIST_HEAD(secashead_list, secashead); 247 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 248 static struct rmlock sahtree_lock; 249 #define V_sahtree VNET(sahtree) 250 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 251 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 252 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 253 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 254 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 255 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 256 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 257 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 258 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 259 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 260 261 /* Hash table for lookup in SAD using SA addresses */ 262 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 263 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 264 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 265 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 266 267 #define SAHHASH_NHASH_LOG2 7 268 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 269 #define SAHADDRHASH_HASHVAL(idx) \ 270 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 271 V_sahaddrhash_mask) 272 #define SAHADDRHASH_HASH(saidx) \ 273 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 274 275 /* Hash table for lookup in SAD using SPI */ 276 LIST_HEAD(secasvar_list, secasvar); 277 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 278 VNET_DEFINE_STATIC(u_long, savhash_mask); 279 #define V_savhashtbl VNET(savhashtbl) 280 #define V_savhash_mask VNET(savhash_mask) 281 #define SAVHASH_NHASH_LOG2 7 282 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 283 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 284 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 285 286 static uint32_t 287 key_addrprotohash(const union sockaddr_union *src, 288 const union sockaddr_union *dst, const uint8_t *proto) 289 { 290 uint32_t hval; 291 292 hval = fnv_32_buf(proto, sizeof(*proto), 293 FNV1_32_INIT); 294 switch (dst->sa.sa_family) { 295 #ifdef INET 296 case AF_INET: 297 hval = fnv_32_buf(&src->sin.sin_addr, 298 sizeof(in_addr_t), hval); 299 hval = fnv_32_buf(&dst->sin.sin_addr, 300 sizeof(in_addr_t), hval); 301 break; 302 #endif 303 #ifdef INET6 304 case AF_INET6: 305 hval = fnv_32_buf(&src->sin6.sin6_addr, 306 sizeof(struct in6_addr), hval); 307 hval = fnv_32_buf(&dst->sin6.sin6_addr, 308 sizeof(struct in6_addr), hval); 309 break; 310 #endif 311 default: 312 hval = 0; 313 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 314 __func__, dst->sa.sa_family)); 315 } 316 return (hval); 317 } 318 319 static uint32_t 320 key_u32hash(uint32_t val) 321 { 322 323 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 324 } 325 326 /* registed list */ 327 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 328 #define V_regtree VNET(regtree) 329 static struct mtx regtree_lock; 330 #define REGTREE_LOCK_INIT() \ 331 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 332 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 333 #define REGTREE_LOCK() mtx_lock(®tree_lock) 334 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 335 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 336 337 /* Acquiring list */ 338 LIST_HEAD(secacq_list, secacq); 339 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 340 #define V_acqtree VNET(acqtree) 341 static struct mtx acq_lock; 342 #define ACQ_LOCK_INIT() \ 343 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 344 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 345 #define ACQ_LOCK() mtx_lock(&acq_lock) 346 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 347 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 348 349 /* Hash table for lookup in ACQ list using SA addresses */ 350 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 351 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 352 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 353 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 354 355 /* Hash table for lookup in ACQ list using SEQ number */ 356 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 357 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 358 #define V_acqseqhashtbl VNET(acqseqhashtbl) 359 #define V_acqseqhash_mask VNET(acqseqhash_mask) 360 361 #define ACQHASH_NHASH_LOG2 7 362 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 363 #define ACQADDRHASH_HASHVAL(idx) \ 364 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 365 V_acqaddrhash_mask) 366 #define ACQSEQHASH_HASHVAL(seq) \ 367 (key_u32hash(seq) & V_acqseqhash_mask) 368 #define ACQADDRHASH_HASH(saidx) \ 369 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 370 #define ACQSEQHASH_HASH(seq) \ 371 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 372 /* SP acquiring list */ 373 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 374 #define V_spacqtree VNET(spacqtree) 375 static struct mtx spacq_lock; 376 #define SPACQ_LOCK_INIT() \ 377 mtx_init(&spacq_lock, "spacqtree", \ 378 "fast ipsec security policy acquire list", MTX_DEF) 379 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 380 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 381 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 382 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 383 384 static const int minsize[] = { 385 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 386 [SADB_EXT_SA] = sizeof(struct sadb_sa), 387 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 388 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 389 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 390 [SADB_EXT_ADDRESS_SRC] = sizeof(struct sadb_address), 391 [SADB_EXT_ADDRESS_DST] = sizeof(struct sadb_address), 392 [SADB_EXT_ADDRESS_PROXY] = sizeof(struct sadb_address), 393 [SADB_EXT_KEY_AUTH] = sizeof(struct sadb_key), 394 [SADB_EXT_KEY_ENCRYPT] = sizeof(struct sadb_key), 395 [SADB_EXT_IDENTITY_SRC] = sizeof(struct sadb_ident), 396 [SADB_EXT_IDENTITY_DST] = sizeof(struct sadb_ident), 397 [SADB_EXT_SENSITIVITY] = sizeof(struct sadb_sens), 398 [SADB_EXT_PROPOSAL] = sizeof(struct sadb_prop), 399 [SADB_EXT_SUPPORTED_AUTH] = sizeof(struct sadb_supported), 400 [SADB_EXT_SUPPORTED_ENCRYPT] = sizeof(struct sadb_supported), 401 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 402 [SADB_X_EXT_KMPRIVATE] = 0, 403 [SADB_X_EXT_POLICY] = sizeof(struct sadb_x_policy), 404 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 405 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 406 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 407 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 408 [SADB_X_EXT_NAT_T_OAI] = sizeof(struct sadb_address), 409 [SADB_X_EXT_NAT_T_OAR] = sizeof(struct sadb_address), 410 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 411 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 412 [SADB_X_EXT_NEW_ADDRESS_SRC] = sizeof(struct sadb_address), 413 [SADB_X_EXT_NEW_ADDRESS_DST] = sizeof(struct sadb_address), 414 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime), 415 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime), 416 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl), 417 }; 418 _Static_assert(nitems(minsize) == SADB_EXT_MAX + 1, "minsize size mismatch"); 419 420 static const int maxsize[] = { 421 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 422 [SADB_EXT_SA] = sizeof(struct sadb_sa), 423 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 424 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 425 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 426 [SADB_EXT_ADDRESS_SRC] = 0, 427 [SADB_EXT_ADDRESS_DST] = 0, 428 [SADB_EXT_ADDRESS_PROXY] = 0, 429 [SADB_EXT_KEY_AUTH] = 0, 430 [SADB_EXT_KEY_ENCRYPT] = 0, 431 [SADB_EXT_IDENTITY_SRC] = 0, 432 [SADB_EXT_IDENTITY_DST] = 0, 433 [SADB_EXT_SENSITIVITY] = 0, 434 [SADB_EXT_PROPOSAL] = 0, 435 [SADB_EXT_SUPPORTED_AUTH] = 0, 436 [SADB_EXT_SUPPORTED_ENCRYPT] = 0, 437 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 438 [SADB_X_EXT_KMPRIVATE] = 0, 439 [SADB_X_EXT_POLICY] = 0, 440 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 441 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 442 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 443 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 444 [SADB_X_EXT_NAT_T_OAI] = 0, 445 [SADB_X_EXT_NAT_T_OAR] = 0, 446 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 447 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 448 [SADB_X_EXT_NEW_ADDRESS_SRC] = 0, 449 [SADB_X_EXT_NEW_ADDRESS_DST] = 0, 450 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime), 451 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime), 452 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl), 453 }; 454 _Static_assert(nitems(maxsize) == SADB_EXT_MAX + 1, "maxsize size mismatch"); 455 456 /* 457 * Internal values for SA flags: 458 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 459 * thus we will not free the most of SA content in key_delsav(). 460 */ 461 #define SADB_X_EXT_F_CLONED 0x80000000 462 463 #define SADB_CHECKLEN(_mhp, _ext) \ 464 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 465 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 466 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 467 468 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 469 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 470 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 471 472 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 473 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 474 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 475 476 #ifdef IPSEC_DEBUG 477 VNET_DEFINE(int, ipsec_debug) = 1; 478 #else 479 VNET_DEFINE(int, ipsec_debug) = 0; 480 #endif 481 482 #ifdef INET 483 SYSCTL_DECL(_net_inet_ipsec); 484 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 486 "Enable IPsec debugging output when set."); 487 #endif 488 #ifdef INET6 489 SYSCTL_DECL(_net_inet6_ipsec6); 490 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 491 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 492 "Enable IPsec debugging output when set."); 493 #endif 494 495 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 496 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 497 498 /* max count of trial for the decision of spi value */ 499 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 500 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 501 502 /* minimum spi value to allocate automatically. */ 503 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 504 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 505 506 /* maximun spi value to allocate automatically. */ 507 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 508 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 509 510 /* interval to initialize randseed */ 511 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 512 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 513 514 /* lifetime for larval SA */ 515 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 516 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 517 518 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 519 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 520 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 521 522 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 523 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 524 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 525 526 /* ESP auth */ 527 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 528 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 529 530 /* minimum ESP key length */ 531 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 532 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 533 534 /* minimum AH key length */ 535 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 536 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 537 538 /* perfered old SA rather than new SA */ 539 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 540 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 541 542 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 543 "SPD cache"); 544 545 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 546 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 547 "Maximum number of entries in the SPD cache" 548 " (power of 2, 0 to disable)"); 549 550 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 551 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 552 "Number of SPs that make the SPD cache active"); 553 554 #define __LIST_CHAINED(elm) \ 555 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 556 557 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 558 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 559 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 560 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 561 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 562 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 563 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 564 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 565 566 static uma_zone_t __read_mostly ipsec_key_lft_zone; 567 568 /* 569 * set parameters into secpolicyindex buffer. 570 * Must allocate secpolicyindex buffer passed to this function. 571 */ 572 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 573 do { \ 574 bzero((idx), sizeof(struct secpolicyindex)); \ 575 (idx)->dir = (_dir); \ 576 (idx)->prefs = (ps); \ 577 (idx)->prefd = (pd); \ 578 (idx)->ul_proto = (ulp); \ 579 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 580 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 581 } while (0) 582 583 /* 584 * set parameters into secasindex buffer. 585 * Must allocate secasindex buffer before calling this function. 586 */ 587 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 588 do { \ 589 bzero((idx), sizeof(struct secasindex)); \ 590 (idx)->proto = (p); \ 591 (idx)->mode = (m); \ 592 (idx)->reqid = (r); \ 593 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 594 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 595 key_porttosaddr(&(idx)->src.sa, 0); \ 596 key_porttosaddr(&(idx)->dst.sa, 0); \ 597 } while (0) 598 599 /* key statistics */ 600 struct _keystat { 601 u_long getspi_count; /* the avarage of count to try to get new SPI */ 602 } keystat; 603 604 struct sadb_msghdr { 605 struct sadb_msg *msg; 606 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 607 int extoff[SADB_EXT_MAX + 1]; 608 int extlen[SADB_EXT_MAX + 1]; 609 }; 610 611 static const struct supported_ealgs { 612 int sadb_alg; 613 const struct enc_xform *xform; 614 } supported_ealgs[] = { 615 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 616 { SADB_EALG_NULL, &enc_xform_null }, 617 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 618 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 619 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 620 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 }, 621 }; 622 623 static const struct supported_aalgs { 624 int sadb_alg; 625 const struct auth_hash *xform; 626 } supported_aalgs[] = { 627 { SADB_X_AALG_NULL, &auth_hash_null }, 628 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 629 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 630 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 631 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 632 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 633 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 634 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 635 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 }, 636 }; 637 638 static const struct supported_calgs { 639 int sadb_alg; 640 const struct comp_algo *xform; 641 } supported_calgs[] = { 642 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 643 }; 644 645 #ifndef IPSEC_DEBUG2 646 static struct callout key_timer; 647 #endif 648 649 static void key_unlink(struct secpolicy *); 650 static void key_detach(struct secpolicy *); 651 static struct secpolicy *key_getsp(struct secpolicyindex *); 652 static struct secpolicy *key_getspbyid(u_int32_t); 653 static struct mbuf *key_gather_mbuf(struct mbuf *, 654 const struct sadb_msghdr *, int, int, ...); 655 static int key_spdadd(struct socket *, struct mbuf *, 656 const struct sadb_msghdr *); 657 static uint32_t key_getnewspid(void); 658 static int key_spddelete(struct socket *, struct mbuf *, 659 const struct sadb_msghdr *); 660 static int key_spddelete2(struct socket *, struct mbuf *, 661 const struct sadb_msghdr *); 662 static int key_spdget(struct socket *, struct mbuf *, 663 const struct sadb_msghdr *); 664 static int key_spdflush(struct socket *, struct mbuf *, 665 const struct sadb_msghdr *); 666 static int key_spddump(struct socket *, struct mbuf *, 667 const struct sadb_msghdr *); 668 static struct mbuf *key_setdumpsp(struct secpolicy *, 669 u_int8_t, u_int32_t, u_int32_t); 670 static struct mbuf *key_sp2mbuf(struct secpolicy *); 671 static size_t key_getspreqmsglen(struct secpolicy *); 672 static int key_spdexpire(struct secpolicy *); 673 static struct secashead *key_newsah(struct secasindex *); 674 static void key_freesah(struct secashead **); 675 static void key_delsah(struct secashead *); 676 static struct secasvar *key_newsav(const struct sadb_msghdr *, 677 struct secasindex *, uint32_t, int *); 678 static void key_delsav(struct secasvar *); 679 static void key_unlinksav(struct secasvar *); 680 static struct secashead *key_getsah(struct secasindex *); 681 static int key_checkspidup(uint32_t); 682 static struct secasvar *key_getsavbyspi(uint32_t); 683 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 684 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 685 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 686 static int key_updateaddresses(struct socket *, struct mbuf *, 687 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 688 689 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 690 u_int8_t, u_int32_t, u_int32_t, struct rm_priotracker *); 691 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 692 u_int32_t, pid_t, u_int16_t); 693 static struct mbuf *key_setsadbsa(struct secasvar *); 694 static struct mbuf *key_setsadbaddr(u_int16_t, 695 const struct sockaddr *, u_int8_t, u_int16_t); 696 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 697 static struct mbuf *key_setsadbxtype(u_int16_t); 698 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 699 static struct mbuf *key_setsadbxsareplay(u_int32_t); 700 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 701 u_int32_t, u_int32_t); 702 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 703 struct malloc_type *); 704 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 705 struct malloc_type *); 706 707 /* flags for key_cmpsaidx() */ 708 #define CMP_HEAD 1 /* protocol, addresses. */ 709 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 710 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 711 #define CMP_EXACTLY 4 /* all elements. */ 712 static int key_cmpsaidx(const struct secasindex *, 713 const struct secasindex *, int); 714 static int key_cmpspidx_exactly(struct secpolicyindex *, 715 struct secpolicyindex *); 716 static int key_cmpspidx_withmask(struct secpolicyindex *, 717 struct secpolicyindex *); 718 static int key_bbcmp(const void *, const void *, u_int); 719 static uint8_t key_satype2proto(uint8_t); 720 static uint8_t key_proto2satype(uint8_t); 721 722 static int key_getspi(struct socket *, struct mbuf *, 723 const struct sadb_msghdr *); 724 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 725 static int key_update(struct socket *, struct mbuf *, 726 const struct sadb_msghdr *); 727 static int key_add(struct socket *, struct mbuf *, 728 const struct sadb_msghdr *); 729 static int key_setident(struct secashead *, const struct sadb_msghdr *); 730 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 731 const struct sadb_msghdr *); 732 static int key_delete(struct socket *, struct mbuf *, 733 const struct sadb_msghdr *); 734 static int key_delete_all(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *, struct secasindex *); 736 static int key_get(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *); 738 739 static void key_getcomb_setlifetime(struct sadb_comb *); 740 static struct mbuf *key_getcomb_ealg(void); 741 static struct mbuf *key_getcomb_ah(void); 742 static struct mbuf *key_getcomb_ipcomp(void); 743 static struct mbuf *key_getprop(const struct secasindex *); 744 745 static int key_acquire(const struct secasindex *, struct secpolicy *); 746 static uint32_t key_newacq(const struct secasindex *, int *); 747 static uint32_t key_getacq(const struct secasindex *, int *); 748 static int key_acqdone(const struct secasindex *, uint32_t); 749 static int key_acqreset(uint32_t); 750 static struct secspacq *key_newspacq(struct secpolicyindex *); 751 static struct secspacq *key_getspacq(struct secpolicyindex *); 752 static int key_acquire2(struct socket *, struct mbuf *, 753 const struct sadb_msghdr *); 754 static int key_register(struct socket *, struct mbuf *, 755 const struct sadb_msghdr *); 756 static int key_expire(struct secasvar *, int); 757 static int key_flush(struct socket *, struct mbuf *, 758 const struct sadb_msghdr *); 759 static int key_dump(struct socket *, struct mbuf *, 760 const struct sadb_msghdr *); 761 static int key_promisc(struct socket *, struct mbuf *, 762 const struct sadb_msghdr *); 763 static int key_senderror(struct socket *, struct mbuf *, int); 764 static int key_validate_ext(const struct sadb_ext *, int); 765 static int key_align(struct mbuf *, struct sadb_msghdr *); 766 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 767 static struct mbuf *key_setkey(struct seckey *, uint16_t); 768 769 static void spdcache_init(void); 770 static void spdcache_clear(void); 771 static struct spdcache_entry *spdcache_entry_alloc( 772 const struct secpolicyindex *spidx, 773 struct secpolicy *policy); 774 static void spdcache_entry_free(struct spdcache_entry *entry); 775 #ifdef VIMAGE 776 static void spdcache_destroy(void); 777 #endif 778 779 #define DBG_IPSEC_INITREF(t, p) do { \ 780 refcount_init(&(p)->refcnt, 1); \ 781 KEYDBG(KEY_STAMP, \ 782 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 783 __func__, #t, (p), (p)->refcnt)); \ 784 } while (0) 785 #define DBG_IPSEC_ADDREF(t, p) do { \ 786 refcount_acquire(&(p)->refcnt); \ 787 KEYDBG(KEY_STAMP, \ 788 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 789 __func__, #t, (p), (p)->refcnt)); \ 790 } while (0) 791 #define DBG_IPSEC_DELREF(t, p) do { \ 792 KEYDBG(KEY_STAMP, \ 793 printf("%s: Release refcnt %s(%p) -> %u\n", \ 794 __func__, #t, (p), (p)->refcnt - 1)); \ 795 refcount_release(&(p)->refcnt); \ 796 } while (0) 797 798 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 799 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 800 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 801 802 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 803 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 804 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 805 806 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 807 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 808 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 809 810 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 811 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 812 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 813 814 /* 815 * Update the refcnt while holding the SPTREE lock. 816 */ 817 void 818 key_addref(struct secpolicy *sp) 819 { 820 821 SP_ADDREF(sp); 822 } 823 824 /* 825 * Return 0 when there are known to be no SP's for the specified 826 * direction. Otherwise return 1. This is used by IPsec code 827 * to optimize performance. 828 */ 829 int 830 key_havesp(u_int dir) 831 { 832 833 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 834 ("invalid direction %u", dir)); 835 return (TAILQ_FIRST(&V_sptree[dir]) != NULL); 836 } 837 838 int 839 key_havesp_any(void) 840 { 841 842 return (V_spd_size != 0); 843 } 844 845 /* 846 * Allocate a single mbuf with a buffer of the desired length. The buffer is 847 * pre-zeroed to help ensure that uninitialized pad bytes are not leaked. 848 */ 849 static struct mbuf * 850 key_mget(u_int len) 851 { 852 struct mbuf *m; 853 854 KASSERT(len <= MCLBYTES, 855 ("%s: invalid buffer length %u", __func__, len)); 856 857 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); 858 if (m == NULL) 859 return (NULL); 860 memset(mtod(m, void *), 0, len); 861 return (m); 862 } 863 864 /* %%% IPsec policy management */ 865 /* 866 * Return current SPDB generation. 867 */ 868 uint32_t 869 key_getspgen(void) 870 { 871 872 return (V_sp_genid); 873 } 874 875 void 876 key_bumpspgen(void) 877 { 878 879 V_sp_genid++; 880 } 881 882 static int 883 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 884 { 885 886 /* family match */ 887 if (src->sa_family != dst->sa_family) 888 return (EINVAL); 889 /* sa_len match */ 890 if (src->sa_len != dst->sa_len) 891 return (EINVAL); 892 switch (src->sa_family) { 893 #ifdef INET 894 case AF_INET: 895 if (src->sa_len != sizeof(struct sockaddr_in)) 896 return (EINVAL); 897 break; 898 #endif 899 #ifdef INET6 900 case AF_INET6: 901 if (src->sa_len != sizeof(struct sockaddr_in6)) 902 return (EINVAL); 903 break; 904 #endif 905 default: 906 return (EAFNOSUPPORT); 907 } 908 return (0); 909 } 910 911 struct secpolicy * 912 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 913 { 914 SPTREE_RLOCK_TRACKER; 915 struct secpolicy *sp; 916 917 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 918 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 919 ("invalid direction %u", dir)); 920 921 SPTREE_RLOCK(); 922 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 923 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 924 SP_ADDREF(sp); 925 break; 926 } 927 } 928 SPTREE_RUNLOCK(); 929 return (sp); 930 } 931 932 /* 933 * allocating a SP for OUTBOUND or INBOUND packet. 934 * Must call key_freesp() later. 935 * OUT: NULL: not found 936 * others: found and return the pointer. 937 */ 938 struct secpolicy * 939 key_allocsp(struct secpolicyindex *spidx, u_int dir) 940 { 941 struct spdcache_entry *entry, *lastentry, *tmpentry; 942 struct secpolicy *sp; 943 uint32_t hashv; 944 time_t ts; 945 int nb_entries; 946 947 if (!SPDCACHE_ACTIVE()) { 948 sp = key_do_allocsp(spidx, dir); 949 goto out; 950 } 951 952 hashv = SPDCACHE_HASHVAL(spidx); 953 SPDCACHE_LOCK(hashv); 954 nb_entries = 0; 955 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 956 /* Removed outdated entries */ 957 if (entry->sp != NULL && 958 entry->sp->state == IPSEC_SPSTATE_DEAD) { 959 LIST_REMOVE(entry, chain); 960 spdcache_entry_free(entry); 961 continue; 962 } 963 964 nb_entries++; 965 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 966 lastentry = entry; 967 continue; 968 } 969 970 sp = entry->sp; 971 if (entry->sp != NULL) 972 SP_ADDREF(sp); 973 974 /* IPSECSTAT_INC(ips_spdcache_hits); */ 975 976 SPDCACHE_UNLOCK(hashv); 977 goto out; 978 } 979 980 /* IPSECSTAT_INC(ips_spdcache_misses); */ 981 982 sp = key_do_allocsp(spidx, dir); 983 entry = spdcache_entry_alloc(spidx, sp); 984 if (entry != NULL) { 985 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 986 LIST_REMOVE(lastentry, chain); 987 spdcache_entry_free(lastentry); 988 } 989 990 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 991 } 992 993 SPDCACHE_UNLOCK(hashv); 994 995 out: 996 if (sp != NULL) { /* found a SPD entry */ 997 ts = time_second; 998 if (__predict_false(sp->lastused != ts)) 999 sp->lastused = ts; 1000 KEYDBG(IPSEC_STAMP, 1001 printf("%s: return SP(%p)\n", __func__, sp)); 1002 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1003 } else { 1004 KEYDBG(IPSEC_DATA, 1005 printf("%s: lookup failed for ", __func__); 1006 kdebug_secpolicyindex(spidx, NULL)); 1007 } 1008 return (sp); 1009 } 1010 1011 /* 1012 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 1013 * or should be signed by MD5 signature. 1014 * We don't use key_allocsa() for such lookups, because we don't know SPI. 1015 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 1016 * signed packet. We use SADB only as storage for password. 1017 * OUT: positive: corresponding SA for given saidx found. 1018 * NULL: SA not found 1019 */ 1020 struct secasvar * 1021 key_allocsa_tcpmd5(struct secasindex *saidx) 1022 { 1023 SAHTREE_RLOCK_TRACKER; 1024 struct secashead *sah; 1025 struct secasvar *sav; 1026 1027 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 1028 ("unexpected security protocol %u", saidx->proto)); 1029 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 1030 ("unexpected mode %u", saidx->mode)); 1031 1032 SAHTREE_RLOCK(); 1033 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1034 KEYDBG(IPSEC_DUMP, 1035 printf("%s: checking SAH\n", __func__); 1036 kdebug_secash(sah, " ")); 1037 if (sah->saidx.proto != IPPROTO_TCP) 1038 continue; 1039 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 1040 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 1041 break; 1042 } 1043 if (sah != NULL) { 1044 if (V_key_preferred_oldsa) 1045 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1046 else 1047 sav = TAILQ_FIRST(&sah->savtree_alive); 1048 if (sav != NULL) 1049 SAV_ADDREF(sav); 1050 } else 1051 sav = NULL; 1052 SAHTREE_RUNLOCK(); 1053 1054 if (sav != NULL) { 1055 KEYDBG(IPSEC_STAMP, 1056 printf("%s: return SA(%p)\n", __func__, sav)); 1057 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1058 } else { 1059 KEYDBG(IPSEC_STAMP, 1060 printf("%s: SA not found\n", __func__)); 1061 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1062 } 1063 return (sav); 1064 } 1065 1066 /* 1067 * Allocating an SA entry for an *OUTBOUND* packet. 1068 * OUT: positive: corresponding SA for given saidx found. 1069 * NULL: SA not found, but will be acquired, check *error 1070 * for acquiring status. 1071 */ 1072 struct secasvar * 1073 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1074 int *error) 1075 { 1076 SAHTREE_RLOCK_TRACKER; 1077 struct secashead *sah; 1078 struct secasvar *sav; 1079 1080 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1081 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1082 saidx->mode == IPSEC_MODE_TUNNEL, 1083 ("unexpected policy %u", saidx->mode)); 1084 1085 /* 1086 * We check new SA in the IPsec request because a different 1087 * SA may be involved each time this request is checked, either 1088 * because new SAs are being configured, or this request is 1089 * associated with an unconnected datagram socket, or this request 1090 * is associated with a system default policy. 1091 */ 1092 SAHTREE_RLOCK(); 1093 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1094 KEYDBG(IPSEC_DUMP, 1095 printf("%s: checking SAH\n", __func__); 1096 kdebug_secash(sah, " ")); 1097 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1098 break; 1099 } 1100 if (sah != NULL) { 1101 /* 1102 * Allocate the oldest SA available according to 1103 * draft-jenkins-ipsec-rekeying-03. 1104 */ 1105 if (V_key_preferred_oldsa) 1106 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1107 else 1108 sav = TAILQ_FIRST(&sah->savtree_alive); 1109 if (sav != NULL) 1110 SAV_ADDREF(sav); 1111 } else 1112 sav = NULL; 1113 SAHTREE_RUNLOCK(); 1114 1115 if (sav != NULL) { 1116 *error = 0; 1117 KEYDBG(IPSEC_STAMP, 1118 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1119 sav, sp)); 1120 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1121 return (sav); /* return referenced SA */ 1122 } 1123 1124 /* there is no SA */ 1125 *error = key_acquire(saidx, sp); 1126 if ((*error) != 0) 1127 ipseclog((LOG_DEBUG, 1128 "%s: error %d returned from key_acquire()\n", 1129 __func__, *error)); 1130 KEYDBG(IPSEC_STAMP, 1131 printf("%s: acquire SA for SP(%p), error %d\n", 1132 __func__, sp, *error)); 1133 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1134 return (NULL); 1135 } 1136 1137 /* 1138 * allocating a usable SA entry for a *INBOUND* packet. 1139 * Must call key_freesav() later. 1140 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1141 * NULL: not found, or error occurred. 1142 * 1143 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1144 * destination address, and security protocol. But according to RFC 4301, 1145 * SPI by itself suffices to specify an SA. 1146 * 1147 * Note that, however, we do need to keep source address in IPsec SA. 1148 * IKE specification and PF_KEY specification do assume that we 1149 * keep source address in IPsec SA. We see a tricky situation here. 1150 */ 1151 struct secasvar * 1152 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1153 { 1154 SAHTREE_RLOCK_TRACKER; 1155 struct secasvar *sav; 1156 1157 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1158 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1159 proto)); 1160 1161 SAHTREE_RLOCK(); 1162 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1163 if (sav->spi == spi) 1164 break; 1165 } 1166 /* 1167 * We use single SPI namespace for all protocols, so it is 1168 * impossible to have SPI duplicates in the SAVHASH. 1169 */ 1170 if (sav != NULL) { 1171 if (sav->state != SADB_SASTATE_LARVAL && 1172 sav->sah->saidx.proto == proto && 1173 key_sockaddrcmp(&dst->sa, 1174 &sav->sah->saidx.dst.sa, 0) == 0) 1175 SAV_ADDREF(sav); 1176 else 1177 sav = NULL; 1178 } 1179 SAHTREE_RUNLOCK(); 1180 1181 if (sav == NULL) { 1182 KEYDBG(IPSEC_STAMP, 1183 char buf[IPSEC_ADDRSTRLEN]; 1184 printf("%s: SA not found for spi %u proto %u dst %s\n", 1185 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1186 sizeof(buf)))); 1187 } else { 1188 KEYDBG(IPSEC_STAMP, 1189 printf("%s: return SA(%p)\n", __func__, sav)); 1190 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1191 } 1192 return (sav); 1193 } 1194 1195 struct secasvar * 1196 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1197 uint8_t proto) 1198 { 1199 SAHTREE_RLOCK_TRACKER; 1200 struct secasindex saidx; 1201 struct secashead *sah; 1202 struct secasvar *sav; 1203 1204 IPSEC_ASSERT(src != NULL, ("null src address")); 1205 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1206 1207 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1208 &dst->sa, &saidx); 1209 1210 sav = NULL; 1211 SAHTREE_RLOCK(); 1212 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1213 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1214 continue; 1215 if (proto != sah->saidx.proto) 1216 continue; 1217 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1218 continue; 1219 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1220 continue; 1221 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1222 if (V_key_preferred_oldsa) 1223 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1224 else 1225 sav = TAILQ_FIRST(&sah->savtree_alive); 1226 if (sav != NULL) { 1227 SAV_ADDREF(sav); 1228 break; 1229 } 1230 } 1231 SAHTREE_RUNLOCK(); 1232 KEYDBG(IPSEC_STAMP, 1233 printf("%s: return SA(%p)\n", __func__, sav)); 1234 if (sav != NULL) 1235 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1236 return (sav); 1237 } 1238 1239 /* 1240 * Must be called after calling key_allocsp(). 1241 */ 1242 void 1243 key_freesp(struct secpolicy **spp) 1244 { 1245 struct secpolicy *sp = *spp; 1246 1247 IPSEC_ASSERT(sp != NULL, ("null sp")); 1248 if (SP_DELREF(sp) == 0) 1249 return; 1250 1251 KEYDBG(IPSEC_STAMP, 1252 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1253 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1254 1255 *spp = NULL; 1256 #ifdef IPSEC_OFFLOAD 1257 KASSERT(CK_LIST_EMPTY(&sp->accel_ifps), 1258 ("key_freesp: sp %p still offloaded", sp)); 1259 free(__DECONST(char *, sp->accel_ifname), M_IPSEC_MISC); 1260 #endif 1261 while (sp->tcount > 0) 1262 ipsec_delisr(sp->req[--sp->tcount]); 1263 free(sp, M_IPSEC_SP); 1264 } 1265 1266 static void 1267 key_unlink(struct secpolicy *sp) 1268 { 1269 SPTREE_WLOCK(); 1270 key_detach(sp); 1271 SPTREE_WUNLOCK(); 1272 if (SPDCACHE_ENABLED()) 1273 spdcache_clear(); 1274 ipsec_accel_sync(); 1275 key_freesp(&sp); 1276 } 1277 1278 static void 1279 key_detach(struct secpolicy *sp) 1280 { 1281 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1282 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1283 ("invalid direction %u", sp->spidx.dir)); 1284 SPTREE_WLOCK_ASSERT(); 1285 1286 KEYDBG(KEY_STAMP, 1287 printf("%s: SP(%p)\n", __func__, sp)); 1288 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1289 /* SP is already unlinked */ 1290 return; 1291 } 1292 sp->state = IPSEC_SPSTATE_DEAD; 1293 ipsec_accel_spddel(sp); 1294 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1295 V_spd_size--; 1296 LIST_REMOVE(sp, idhash); 1297 V_sp_genid++; 1298 } 1299 1300 /* 1301 * insert a secpolicy into the SP database. Lower priorities first 1302 */ 1303 static void 1304 key_insertsp(struct secpolicy *newsp) 1305 { 1306 struct secpolicy *sp; 1307 1308 SPTREE_WLOCK_ASSERT(); 1309 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1310 if (newsp->priority < sp->priority) { 1311 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1312 goto done; 1313 } 1314 } 1315 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1316 done: 1317 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1318 newsp->state = IPSEC_SPSTATE_ALIVE; 1319 V_spd_size++; 1320 V_sp_genid++; 1321 ipsec_accel_spdadd(newsp, NULL); 1322 } 1323 1324 /* 1325 * Insert a bunch of VTI secpolicies into the SPDB. 1326 * We keep VTI policies in the separate list due to following reasons: 1327 * 1) they should be immutable to user's or some deamon's attempts to 1328 * delete. The only way delete such policies - destroy or unconfigure 1329 * corresponding virtual inteface. 1330 * 2) such policies have traffic selector that matches all traffic per 1331 * address family. 1332 * Since all VTI policies have the same priority, we don't care about 1333 * policies order. 1334 */ 1335 int 1336 key_register_ifnet(struct secpolicy **spp, u_int count) 1337 { 1338 struct mbuf *m; 1339 u_int i; 1340 1341 SPTREE_WLOCK(); 1342 /* 1343 * First of try to acquire id for each SP. 1344 */ 1345 for (i = 0; i < count; i++) { 1346 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1347 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1348 ("invalid direction %u", spp[i]->spidx.dir)); 1349 1350 if ((spp[i]->id = key_getnewspid()) == 0) { 1351 SPTREE_WUNLOCK(); 1352 return (EAGAIN); 1353 } 1354 } 1355 for (i = 0; i < count; i++) { 1356 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1357 spp[i], chain); 1358 /* 1359 * NOTE: despite the fact that we keep VTI SP in the 1360 * separate list, SPHASH contains policies from both 1361 * sources. Thus SADB_X_SPDGET will correctly return 1362 * SP by id, because it uses SPHASH for lookups. 1363 */ 1364 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1365 spp[i]->state = IPSEC_SPSTATE_IFNET; 1366 ipsec_accel_spdadd(spp[i], NULL); 1367 } 1368 SPTREE_WUNLOCK(); 1369 /* 1370 * Notify user processes about new SP. 1371 */ 1372 for (i = 0; i < count; i++) { 1373 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1374 if (m != NULL) 1375 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1376 } 1377 return (0); 1378 } 1379 1380 void 1381 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1382 { 1383 struct mbuf *m; 1384 u_int i; 1385 1386 SPTREE_WLOCK(); 1387 for (i = 0; i < count; i++) { 1388 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1389 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1390 ("invalid direction %u", spp[i]->spidx.dir)); 1391 1392 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1393 continue; 1394 spp[i]->state = IPSEC_SPSTATE_DEAD; 1395 ipsec_accel_spddel(spp[i]); 1396 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1397 spp[i], chain); 1398 V_spd_size--; 1399 LIST_REMOVE(spp[i], idhash); 1400 } 1401 SPTREE_WUNLOCK(); 1402 if (SPDCACHE_ENABLED()) 1403 spdcache_clear(); 1404 ipsec_accel_sync(); 1405 1406 for (i = 0; i < count; i++) { 1407 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1408 if (m != NULL) 1409 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1410 } 1411 } 1412 1413 /* 1414 * Must be called after calling key_allocsa(). 1415 * This function is called by key_freesp() to free some SA allocated 1416 * for a policy. 1417 */ 1418 void 1419 key_freesav(struct secasvar **psav) 1420 { 1421 struct secasvar *sav = *psav; 1422 1423 IPSEC_ASSERT(sav != NULL, ("null sav")); 1424 CURVNET_ASSERT_SET(); 1425 if (SAV_DELREF(sav) == 0) 1426 return; 1427 1428 KEYDBG(IPSEC_STAMP, 1429 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1430 1431 *psav = NULL; 1432 key_delsav(sav); 1433 } 1434 1435 /* 1436 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1437 * Expect that SA has extra reference due to lookup. 1438 * Release this references, also release SAH reference after unlink. 1439 */ 1440 static void 1441 key_unlinksav(struct secasvar *sav) 1442 { 1443 struct secashead *sah; 1444 1445 KEYDBG(KEY_STAMP, 1446 printf("%s: SA(%p)\n", __func__, sav)); 1447 1448 CURVNET_ASSERT_SET(); 1449 SAHTREE_UNLOCK_ASSERT(); 1450 SAHTREE_WLOCK(); 1451 if (sav->state == SADB_SASTATE_DEAD) { 1452 /* SA is already unlinked */ 1453 SAHTREE_WUNLOCK(); 1454 return; 1455 } 1456 /* Unlink from SAH */ 1457 if (sav->state == SADB_SASTATE_LARVAL) 1458 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1459 else 1460 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1461 /* Unlink from SPI hash */ 1462 LIST_REMOVE(sav, spihash); 1463 sav->state = SADB_SASTATE_DEAD; 1464 ipsec_accel_forget_sav(sav); 1465 sah = sav->sah; 1466 SAHTREE_WUNLOCK(); 1467 key_freesav(&sav); 1468 /* Since we are unlinked, release reference to SAH */ 1469 key_freesah(&sah); 1470 } 1471 1472 /* %%% SPD management */ 1473 /* 1474 * search SPD 1475 * OUT: NULL : not found 1476 * others : found, pointer to a SP. 1477 */ 1478 static struct secpolicy * 1479 key_getsp(struct secpolicyindex *spidx) 1480 { 1481 SPTREE_RLOCK_TRACKER; 1482 struct secpolicy *sp; 1483 1484 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1485 1486 SPTREE_RLOCK(); 1487 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1488 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1489 SP_ADDREF(sp); 1490 break; 1491 } 1492 } 1493 SPTREE_RUNLOCK(); 1494 1495 return sp; 1496 } 1497 1498 /* 1499 * get SP by index. 1500 * OUT: NULL : not found 1501 * others : found, pointer to referenced SP. 1502 */ 1503 static struct secpolicy * 1504 key_getspbyid(uint32_t id) 1505 { 1506 SPTREE_RLOCK_TRACKER; 1507 struct secpolicy *sp; 1508 1509 SPTREE_RLOCK(); 1510 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1511 if (sp->id == id) { 1512 SP_ADDREF(sp); 1513 break; 1514 } 1515 } 1516 SPTREE_RUNLOCK(); 1517 return (sp); 1518 } 1519 1520 struct secpolicy * 1521 key_newsp(void) 1522 { 1523 struct secpolicy *sp; 1524 1525 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1526 if (sp != NULL) 1527 SP_INITREF(sp); 1528 return (sp); 1529 } 1530 1531 struct ipsecrequest * 1532 ipsec_newisr(void) 1533 { 1534 1535 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1536 M_NOWAIT | M_ZERO)); 1537 } 1538 1539 void 1540 ipsec_delisr(struct ipsecrequest *p) 1541 { 1542 1543 free(p, M_IPSEC_SR); 1544 } 1545 1546 /* 1547 * create secpolicy structure from sadb_x_policy structure. 1548 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1549 * are not set, so must be set properly later. 1550 */ 1551 struct secpolicy * 1552 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1553 { 1554 struct secpolicy *newsp; 1555 1556 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1557 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1558 1559 if (len != PFKEY_EXTLEN(xpl0)) { 1560 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1561 *error = EINVAL; 1562 return NULL; 1563 } 1564 1565 if ((newsp = key_newsp()) == NULL) { 1566 *error = ENOBUFS; 1567 return NULL; 1568 } 1569 1570 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1571 newsp->policy = xpl0->sadb_x_policy_type; 1572 newsp->priority = xpl0->sadb_x_policy_priority; 1573 newsp->tcount = 0; 1574 1575 /* check policy */ 1576 switch (xpl0->sadb_x_policy_type) { 1577 case IPSEC_POLICY_DISCARD: 1578 case IPSEC_POLICY_NONE: 1579 case IPSEC_POLICY_ENTRUST: 1580 case IPSEC_POLICY_BYPASS: 1581 break; 1582 1583 case IPSEC_POLICY_IPSEC: 1584 { 1585 struct sadb_x_ipsecrequest *xisr; 1586 struct ipsecrequest *isr; 1587 int tlen; 1588 1589 /* validity check */ 1590 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1591 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1592 __func__)); 1593 key_freesp(&newsp); 1594 *error = EINVAL; 1595 return NULL; 1596 } 1597 1598 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1599 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1600 1601 while (tlen > 0) { 1602 /* length check */ 1603 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1604 xisr->sadb_x_ipsecrequest_len > tlen) { 1605 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1606 "length.\n", __func__)); 1607 key_freesp(&newsp); 1608 *error = EINVAL; 1609 return NULL; 1610 } 1611 1612 if (newsp->tcount >= IPSEC_MAXREQ) { 1613 ipseclog((LOG_DEBUG, 1614 "%s: too many ipsecrequests.\n", 1615 __func__)); 1616 key_freesp(&newsp); 1617 *error = EINVAL; 1618 return (NULL); 1619 } 1620 1621 /* allocate request buffer */ 1622 /* NB: data structure is zero'd */ 1623 isr = ipsec_newisr(); 1624 if (isr == NULL) { 1625 ipseclog((LOG_DEBUG, 1626 "%s: No more memory.\n", __func__)); 1627 key_freesp(&newsp); 1628 *error = ENOBUFS; 1629 return NULL; 1630 } 1631 1632 newsp->req[newsp->tcount++] = isr; 1633 1634 /* set values */ 1635 switch (xisr->sadb_x_ipsecrequest_proto) { 1636 case IPPROTO_ESP: 1637 case IPPROTO_AH: 1638 case IPPROTO_IPCOMP: 1639 break; 1640 default: 1641 ipseclog((LOG_DEBUG, 1642 "%s: invalid proto type=%u\n", __func__, 1643 xisr->sadb_x_ipsecrequest_proto)); 1644 key_freesp(&newsp); 1645 *error = EPROTONOSUPPORT; 1646 return NULL; 1647 } 1648 isr->saidx.proto = 1649 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1650 1651 switch (xisr->sadb_x_ipsecrequest_mode) { 1652 case IPSEC_MODE_TRANSPORT: 1653 case IPSEC_MODE_TUNNEL: 1654 break; 1655 case IPSEC_MODE_ANY: 1656 default: 1657 ipseclog((LOG_DEBUG, 1658 "%s: invalid mode=%u\n", __func__, 1659 xisr->sadb_x_ipsecrequest_mode)); 1660 key_freesp(&newsp); 1661 *error = EINVAL; 1662 return NULL; 1663 } 1664 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1665 1666 switch (xisr->sadb_x_ipsecrequest_level) { 1667 case IPSEC_LEVEL_DEFAULT: 1668 case IPSEC_LEVEL_USE: 1669 case IPSEC_LEVEL_REQUIRE: 1670 break; 1671 case IPSEC_LEVEL_UNIQUE: 1672 /* validity check */ 1673 /* 1674 * If range violation of reqid, kernel will 1675 * update it, don't refuse it. 1676 */ 1677 if (xisr->sadb_x_ipsecrequest_reqid 1678 > IPSEC_MANUAL_REQID_MAX) { 1679 ipseclog((LOG_DEBUG, 1680 "%s: reqid=%d range " 1681 "violation, updated by kernel.\n", 1682 __func__, 1683 xisr->sadb_x_ipsecrequest_reqid)); 1684 xisr->sadb_x_ipsecrequest_reqid = 0; 1685 } 1686 1687 /* allocate new reqid id if reqid is zero. */ 1688 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1689 u_int32_t reqid; 1690 if ((reqid = key_newreqid()) == 0) { 1691 key_freesp(&newsp); 1692 *error = ENOBUFS; 1693 return NULL; 1694 } 1695 isr->saidx.reqid = reqid; 1696 xisr->sadb_x_ipsecrequest_reqid = reqid; 1697 } else { 1698 /* set it for manual keying. */ 1699 isr->saidx.reqid = 1700 xisr->sadb_x_ipsecrequest_reqid; 1701 } 1702 break; 1703 1704 default: 1705 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1706 __func__, 1707 xisr->sadb_x_ipsecrequest_level)); 1708 key_freesp(&newsp); 1709 *error = EINVAL; 1710 return NULL; 1711 } 1712 isr->level = xisr->sadb_x_ipsecrequest_level; 1713 1714 /* set IP addresses if there */ 1715 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1716 struct sockaddr *paddr; 1717 1718 len = tlen - sizeof(*xisr); 1719 paddr = (struct sockaddr *)(xisr + 1); 1720 /* validity check */ 1721 if (len < sizeof(struct sockaddr) || 1722 len < 2 * paddr->sa_len || 1723 paddr->sa_len > sizeof(isr->saidx.src)) { 1724 ipseclog((LOG_DEBUG, "%s: invalid " 1725 "request address length.\n", 1726 __func__)); 1727 key_freesp(&newsp); 1728 *error = EINVAL; 1729 return NULL; 1730 } 1731 /* 1732 * Request length should be enough to keep 1733 * source and destination addresses. 1734 */ 1735 if (xisr->sadb_x_ipsecrequest_len < 1736 sizeof(*xisr) + 2 * paddr->sa_len) { 1737 ipseclog((LOG_DEBUG, "%s: invalid " 1738 "ipsecrequest length.\n", 1739 __func__)); 1740 key_freesp(&newsp); 1741 *error = EINVAL; 1742 return (NULL); 1743 } 1744 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1745 paddr = (struct sockaddr *)((caddr_t)paddr + 1746 paddr->sa_len); 1747 1748 /* validity check */ 1749 if (paddr->sa_len != 1750 isr->saidx.src.sa.sa_len) { 1751 ipseclog((LOG_DEBUG, "%s: invalid " 1752 "request address length.\n", 1753 __func__)); 1754 key_freesp(&newsp); 1755 *error = EINVAL; 1756 return NULL; 1757 } 1758 /* AF family should match */ 1759 if (paddr->sa_family != 1760 isr->saidx.src.sa.sa_family) { 1761 ipseclog((LOG_DEBUG, "%s: address " 1762 "family doesn't match.\n", 1763 __func__)); 1764 key_freesp(&newsp); 1765 *error = EINVAL; 1766 return (NULL); 1767 } 1768 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1769 } else { 1770 /* 1771 * Addresses for TUNNEL mode requests are 1772 * mandatory. 1773 */ 1774 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1775 ipseclog((LOG_DEBUG, "%s: missing " 1776 "request addresses.\n", __func__)); 1777 key_freesp(&newsp); 1778 *error = EINVAL; 1779 return (NULL); 1780 } 1781 } 1782 tlen -= xisr->sadb_x_ipsecrequest_len; 1783 1784 /* validity check */ 1785 if (tlen < 0) { 1786 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1787 __func__)); 1788 key_freesp(&newsp); 1789 *error = EINVAL; 1790 return NULL; 1791 } 1792 1793 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1794 + xisr->sadb_x_ipsecrequest_len); 1795 } 1796 /* XXXAE: LARVAL SP */ 1797 if (newsp->tcount < 1) { 1798 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1799 "not found.\n", __func__)); 1800 key_freesp(&newsp); 1801 *error = EINVAL; 1802 return (NULL); 1803 } 1804 } 1805 break; 1806 default: 1807 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1808 key_freesp(&newsp); 1809 *error = EINVAL; 1810 return NULL; 1811 } 1812 1813 *error = 0; 1814 return (newsp); 1815 } 1816 1817 uint32_t 1818 key_newreqid(void) 1819 { 1820 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1821 1822 if (auto_reqid == ~0) 1823 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1824 else 1825 auto_reqid++; 1826 1827 /* XXX should be unique check */ 1828 return (auto_reqid); 1829 } 1830 1831 /* 1832 * copy secpolicy struct to sadb_x_policy structure indicated. 1833 */ 1834 static struct mbuf * 1835 key_sp2mbuf(struct secpolicy *sp) 1836 { 1837 struct mbuf *m; 1838 size_t tlen; 1839 1840 tlen = key_getspreqmsglen(sp); 1841 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1842 if (m == NULL) 1843 return (NULL); 1844 m_align(m, tlen); 1845 m->m_len = tlen; 1846 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1847 m_freem(m); 1848 return (NULL); 1849 } 1850 return (m); 1851 } 1852 1853 int 1854 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1855 { 1856 struct sadb_x_ipsecrequest *xisr; 1857 struct sadb_x_policy *xpl; 1858 struct ipsecrequest *isr; 1859 size_t xlen, ilen; 1860 caddr_t p; 1861 int error, i; 1862 #ifdef IPSEC_OFFLOAD 1863 struct sadb_x_if_hw_offl *xif; 1864 #endif 1865 1866 IPSEC_ASSERT(sp != NULL, ("null policy")); 1867 1868 xlen = sizeof(*xpl); 1869 if (*len < xlen) 1870 return (EINVAL); 1871 1872 error = 0; 1873 bzero(request, *len); 1874 xpl = (struct sadb_x_policy *)request; 1875 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1876 xpl->sadb_x_policy_type = sp->policy; 1877 xpl->sadb_x_policy_dir = sp->spidx.dir; 1878 xpl->sadb_x_policy_id = sp->id; 1879 xpl->sadb_x_policy_priority = sp->priority; 1880 switch (sp->state) { 1881 case IPSEC_SPSTATE_IFNET: 1882 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1883 break; 1884 case IPSEC_SPSTATE_PCB: 1885 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1886 break; 1887 default: 1888 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1889 } 1890 1891 /* if is the policy for ipsec ? */ 1892 if (sp->policy == IPSEC_POLICY_IPSEC) { 1893 p = (caddr_t)xpl + sizeof(*xpl); 1894 for (i = 0; i < sp->tcount; i++) { 1895 isr = sp->req[i]; 1896 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1897 isr->saidx.src.sa.sa_len + 1898 isr->saidx.dst.sa.sa_len); 1899 xlen += ilen; 1900 if (xlen > *len) { 1901 error = ENOBUFS; 1902 /* Calculate needed size */ 1903 continue; 1904 } 1905 xisr = (struct sadb_x_ipsecrequest *)p; 1906 xisr->sadb_x_ipsecrequest_len = ilen; 1907 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1908 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1909 xisr->sadb_x_ipsecrequest_level = isr->level; 1910 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1911 1912 p += sizeof(*xisr); 1913 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1914 p += isr->saidx.src.sa.sa_len; 1915 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1916 p += isr->saidx.dst.sa.sa_len; 1917 } 1918 } 1919 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1920 #ifdef IPSEC_OFFLOAD 1921 if (error == 0 && sp->accel_ifname != NULL) { 1922 xif = (struct sadb_x_if_hw_offl *)(xpl + 1); 1923 bzero(xif, sizeof(*xif)); 1924 xif->sadb_x_if_hw_offl_len = PFKEY_UNIT64(sizeof(*xif)); 1925 xif->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; 1926 xif->sadb_x_if_hw_offl_flags = 0; 1927 strncpy(xif->sadb_x_if_hw_offl_if, sp->accel_ifname, 1928 sizeof(xif->sadb_x_if_hw_offl_if)); 1929 xlen += sizeof(*xif); 1930 } 1931 #endif 1932 if (error == 0) 1933 *len = xlen; 1934 else 1935 *len = sizeof(*xpl); 1936 return (error); 1937 } 1938 1939 /* m will not be freed nor modified */ 1940 static struct mbuf * 1941 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1942 int ndeep, int nitem, ...) 1943 { 1944 va_list ap; 1945 int idx; 1946 int i; 1947 struct mbuf *result = NULL, *n; 1948 int len; 1949 1950 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1951 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1952 1953 va_start(ap, nitem); 1954 for (i = 0; i < nitem; i++) { 1955 idx = va_arg(ap, int); 1956 if (idx < 0 || idx > SADB_EXT_MAX) 1957 goto fail; 1958 /* don't attempt to pull empty extension */ 1959 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1960 continue; 1961 if (idx != SADB_EXT_RESERVED && 1962 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1963 continue; 1964 1965 if (idx == SADB_EXT_RESERVED) { 1966 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1967 1968 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1969 1970 MGETHDR(n, M_NOWAIT, MT_DATA); 1971 if (!n) 1972 goto fail; 1973 n->m_len = len; 1974 n->m_next = NULL; 1975 m_copydata(m, 0, sizeof(struct sadb_msg), 1976 mtod(n, caddr_t)); 1977 } else if (i < ndeep) { 1978 len = mhp->extlen[idx]; 1979 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1980 if (n == NULL) 1981 goto fail; 1982 m_align(n, len); 1983 n->m_len = len; 1984 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1985 mtod(n, caddr_t)); 1986 } else { 1987 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1988 M_NOWAIT); 1989 } 1990 if (n == NULL) 1991 goto fail; 1992 1993 if (result) 1994 m_cat(result, n); 1995 else 1996 result = n; 1997 } 1998 va_end(ap); 1999 2000 if ((result->m_flags & M_PKTHDR) != 0) { 2001 result->m_pkthdr.len = 0; 2002 for (n = result; n; n = n->m_next) 2003 result->m_pkthdr.len += n->m_len; 2004 } 2005 2006 return result; 2007 2008 fail: 2009 m_freem(result); 2010 va_end(ap); 2011 return NULL; 2012 } 2013 2014 /* 2015 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 2016 * add an entry to SP database, when received 2017 * <base, address(SD), (lifetime(H),) policy> 2018 * from the user(?). 2019 * Adding to SP database, 2020 * and send 2021 * <base, address(SD), (lifetime(H),) policy> 2022 * to the socket which was send. 2023 * 2024 * SPDADD set a unique policy entry. 2025 * SPDSETIDX like SPDADD without a part of policy requests. 2026 * SPDUPDATE replace a unique policy entry. 2027 * 2028 * XXXAE: serialize this in PF_KEY to avoid races. 2029 * m will always be freed. 2030 */ 2031 static int 2032 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2033 { 2034 struct secpolicyindex spidx; 2035 struct sadb_address *src0, *dst0; 2036 struct sadb_x_policy *xpl0, *xpl; 2037 struct sadb_lifetime *lft = NULL; 2038 struct secpolicy *newsp, *oldsp; 2039 int error; 2040 2041 IPSEC_ASSERT(so != NULL, ("null socket")); 2042 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2043 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2044 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2045 2046 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2047 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2048 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2049 ipseclog((LOG_DEBUG, 2050 "%s: invalid message: missing required header.\n", 2051 __func__)); 2052 return key_senderror(so, m, EINVAL); 2053 } 2054 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2055 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2056 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2057 ipseclog((LOG_DEBUG, 2058 "%s: invalid message: wrong header size.\n", __func__)); 2059 return key_senderror(so, m, EINVAL); 2060 } 2061 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 2062 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 2063 ipseclog((LOG_DEBUG, 2064 "%s: invalid message: wrong header size.\n", 2065 __func__)); 2066 return key_senderror(so, m, EINVAL); 2067 } 2068 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 2069 } 2070 2071 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2072 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2073 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2074 2075 /* check the direciton */ 2076 switch (xpl0->sadb_x_policy_dir) { 2077 case IPSEC_DIR_INBOUND: 2078 case IPSEC_DIR_OUTBOUND: 2079 break; 2080 default: 2081 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2082 return key_senderror(so, m, EINVAL); 2083 } 2084 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2085 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2086 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2087 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2088 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2089 return key_senderror(so, m, EINVAL); 2090 } 2091 2092 /* policy requests are mandatory when action is ipsec. */ 2093 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2094 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2095 ipseclog((LOG_DEBUG, 2096 "%s: policy requests required.\n", __func__)); 2097 return key_senderror(so, m, EINVAL); 2098 } 2099 2100 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2101 (struct sockaddr *)(dst0 + 1)); 2102 if (error != 0 || 2103 src0->sadb_address_proto != dst0->sadb_address_proto) { 2104 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2105 return key_senderror(so, m, error); 2106 } 2107 /* make secindex */ 2108 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2109 src0 + 1, 2110 dst0 + 1, 2111 src0->sadb_address_prefixlen, 2112 dst0->sadb_address_prefixlen, 2113 src0->sadb_address_proto, 2114 &spidx); 2115 /* Checking there is SP already or not. */ 2116 oldsp = key_getsp(&spidx); 2117 if (oldsp != NULL) { 2118 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2119 KEYDBG(KEY_STAMP, 2120 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2121 __func__, oldsp)); 2122 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2123 } else { 2124 key_freesp(&oldsp); 2125 ipseclog((LOG_DEBUG, 2126 "%s: a SP entry exists already.\n", __func__)); 2127 return (key_senderror(so, m, EEXIST)); 2128 } 2129 } 2130 2131 /* allocate new SP entry */ 2132 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2133 if (oldsp != NULL) { 2134 key_unlink(oldsp); 2135 key_freesp(&oldsp); /* second for our reference */ 2136 } 2137 return key_senderror(so, m, error); 2138 } 2139 2140 newsp->lastused = newsp->created = time_second; 2141 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2142 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2143 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2144 #ifdef IPSEC_OFFLOAD 2145 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) && 2146 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) { 2147 struct sadb_x_if_hw_offl *xof; 2148 2149 xof = (struct sadb_x_if_hw_offl *)mhp->ext[ 2150 SADB_X_EXT_IF_HW_OFFL]; 2151 newsp->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if), 2152 M_IPSEC_MISC, M_NOWAIT); 2153 if (newsp->accel_ifname == NULL) { 2154 ipseclog((LOG_DEBUG, "%s: cannot alloc accel_ifname.\n", 2155 __func__)); 2156 key_freesp(&newsp); 2157 return (key_senderror(so, m, error)); 2158 } 2159 strncpy(__DECONST(char *, newsp->accel_ifname), 2160 xof->sadb_x_if_hw_offl_if, 2161 sizeof(xof->sadb_x_if_hw_offl_if)); 2162 } 2163 2164 #endif 2165 2166 SPTREE_WLOCK(); 2167 if ((newsp->id = key_getnewspid()) == 0) { 2168 if (oldsp != NULL) 2169 key_detach(oldsp); 2170 SPTREE_WUNLOCK(); 2171 if (oldsp != NULL) { 2172 ipsec_accel_sync(); 2173 key_freesp(&oldsp); /* first for key_detach */ 2174 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2175 key_freesp(&oldsp); /* second for our reference */ 2176 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2177 spdcache_clear(); 2178 } 2179 key_freesp(&newsp); 2180 return key_senderror(so, m, ENOBUFS); 2181 } 2182 if (oldsp != NULL) 2183 key_detach(oldsp); 2184 key_insertsp(newsp); 2185 SPTREE_WUNLOCK(); 2186 if (oldsp != NULL) { 2187 ipsec_accel_sync(); 2188 key_freesp(&oldsp); /* first for key_detach */ 2189 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2190 key_freesp(&oldsp); /* second for our reference */ 2191 } 2192 if (SPDCACHE_ENABLED()) 2193 spdcache_clear(); 2194 KEYDBG(KEY_STAMP, 2195 printf("%s: SP(%p)\n", __func__, newsp)); 2196 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2197 2198 { 2199 struct mbuf *n, *mpolicy; 2200 struct sadb_msg *newmsg; 2201 int off; 2202 2203 /* create new sadb_msg to reply. */ 2204 if (lft) { 2205 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2206 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2207 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2208 } else { 2209 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2210 SADB_X_EXT_POLICY, 2211 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2212 } 2213 if (!n) 2214 return key_senderror(so, m, ENOBUFS); 2215 2216 if (n->m_len < sizeof(*newmsg)) { 2217 n = m_pullup(n, sizeof(*newmsg)); 2218 if (!n) 2219 return key_senderror(so, m, ENOBUFS); 2220 } 2221 newmsg = mtod(n, struct sadb_msg *); 2222 newmsg->sadb_msg_errno = 0; 2223 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2224 2225 off = 0; 2226 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2227 sizeof(*xpl), &off); 2228 if (mpolicy == NULL) { 2229 /* n is already freed */ 2230 return key_senderror(so, m, ENOBUFS); 2231 } 2232 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2233 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2234 m_freem(n); 2235 return key_senderror(so, m, EINVAL); 2236 } 2237 xpl->sadb_x_policy_id = newsp->id; 2238 2239 m_freem(m); 2240 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2241 } 2242 } 2243 2244 /* 2245 * get new policy id. 2246 * OUT: 2247 * 0: failure. 2248 * others: success. 2249 */ 2250 static uint32_t 2251 key_getnewspid(void) 2252 { 2253 struct secpolicy *sp; 2254 uint32_t newid = 0; 2255 int tries, limit; 2256 2257 SPTREE_WLOCK_ASSERT(); 2258 2259 limit = atomic_load_int(&V_key_spi_trycnt); 2260 for (tries = 0; tries < limit; tries++) { 2261 if (V_policy_id == ~0) /* overflowed */ 2262 newid = V_policy_id = 1; 2263 else 2264 newid = ++V_policy_id; 2265 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2266 if (sp->id == newid) 2267 break; 2268 } 2269 if (sp == NULL) 2270 break; 2271 } 2272 if (tries == limit || newid == 0) { 2273 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2274 __func__)); 2275 return (0); 2276 } 2277 return (newid); 2278 } 2279 2280 /* 2281 * SADB_SPDDELETE processing 2282 * receive 2283 * <base, address(SD), policy(*)> 2284 * from the user(?), and set SADB_SASTATE_DEAD, 2285 * and send, 2286 * <base, address(SD), policy(*)> 2287 * to the ikmpd. 2288 * policy(*) including direction of policy. 2289 * 2290 * m will always be freed. 2291 */ 2292 static int 2293 key_spddelete(struct socket *so, struct mbuf *m, 2294 const struct sadb_msghdr *mhp) 2295 { 2296 struct secpolicyindex spidx; 2297 struct sadb_address *src0, *dst0; 2298 struct sadb_x_policy *xpl0; 2299 struct secpolicy *sp; 2300 2301 IPSEC_ASSERT(so != NULL, ("null so")); 2302 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2303 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2304 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2305 2306 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2307 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2308 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2309 ipseclog((LOG_DEBUG, 2310 "%s: invalid message: missing required header.\n", 2311 __func__)); 2312 return key_senderror(so, m, EINVAL); 2313 } 2314 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2315 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2316 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2317 ipseclog((LOG_DEBUG, 2318 "%s: invalid message: wrong header size.\n", __func__)); 2319 return key_senderror(so, m, EINVAL); 2320 } 2321 2322 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2323 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2324 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2325 2326 /* check the direciton */ 2327 switch (xpl0->sadb_x_policy_dir) { 2328 case IPSEC_DIR_INBOUND: 2329 case IPSEC_DIR_OUTBOUND: 2330 break; 2331 default: 2332 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2333 return key_senderror(so, m, EINVAL); 2334 } 2335 /* Only DISCARD, NONE and IPSEC are allowed */ 2336 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2337 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2338 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2339 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2340 return key_senderror(so, m, EINVAL); 2341 } 2342 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2343 (struct sockaddr *)(dst0 + 1)) != 0 || 2344 src0->sadb_address_proto != dst0->sadb_address_proto) { 2345 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2346 return key_senderror(so, m, EINVAL); 2347 } 2348 /* make secindex */ 2349 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2350 src0 + 1, 2351 dst0 + 1, 2352 src0->sadb_address_prefixlen, 2353 dst0->sadb_address_prefixlen, 2354 src0->sadb_address_proto, 2355 &spidx); 2356 2357 /* Is there SP in SPD ? */ 2358 if ((sp = key_getsp(&spidx)) == NULL) { 2359 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2360 return key_senderror(so, m, EINVAL); 2361 } 2362 2363 /* save policy id to buffer to be returned. */ 2364 xpl0->sadb_x_policy_id = sp->id; 2365 2366 KEYDBG(KEY_STAMP, 2367 printf("%s: SP(%p)\n", __func__, sp)); 2368 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2369 ipsec_accel_spddel(sp); 2370 key_unlink(sp); 2371 key_freesp(&sp); 2372 2373 { 2374 struct mbuf *n; 2375 struct sadb_msg *newmsg; 2376 2377 /* create new sadb_msg to reply. */ 2378 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2379 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2380 if (!n) 2381 return key_senderror(so, m, ENOBUFS); 2382 2383 newmsg = mtod(n, struct sadb_msg *); 2384 newmsg->sadb_msg_errno = 0; 2385 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2386 2387 m_freem(m); 2388 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2389 } 2390 } 2391 2392 /* 2393 * SADB_SPDDELETE2 processing 2394 * receive 2395 * <base, policy(*)> 2396 * from the user(?), and set SADB_SASTATE_DEAD, 2397 * and send, 2398 * <base, policy(*)> 2399 * to the ikmpd. 2400 * policy(*) including direction of policy. 2401 * 2402 * m will always be freed. 2403 */ 2404 static int 2405 key_spddelete2(struct socket *so, struct mbuf *m, 2406 const struct sadb_msghdr *mhp) 2407 { 2408 struct secpolicy *sp; 2409 uint32_t id; 2410 2411 IPSEC_ASSERT(so != NULL, ("null socket")); 2412 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2413 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2414 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2415 2416 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2417 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2418 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2419 __func__)); 2420 return key_senderror(so, m, EINVAL); 2421 } 2422 2423 id = ((struct sadb_x_policy *) 2424 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2425 2426 /* Is there SP in SPD ? */ 2427 if ((sp = key_getspbyid(id)) == NULL) { 2428 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2429 __func__, id)); 2430 return key_senderror(so, m, EINVAL); 2431 } 2432 2433 KEYDBG(KEY_STAMP, 2434 printf("%s: SP(%p)\n", __func__, sp)); 2435 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2436 key_unlink(sp); 2437 if (sp->state != IPSEC_SPSTATE_DEAD) { 2438 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2439 __func__, id)); 2440 key_freesp(&sp); 2441 return (key_senderror(so, m, EACCES)); 2442 } 2443 key_freesp(&sp); 2444 2445 { 2446 struct mbuf *n, *nn; 2447 struct sadb_msg *newmsg; 2448 int off, len; 2449 2450 /* create new sadb_msg to reply. */ 2451 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2452 2453 n = key_mget(len); 2454 if (n == NULL) 2455 return key_senderror(so, m, ENOBUFS); 2456 2457 n->m_len = len; 2458 n->m_next = NULL; 2459 off = 0; 2460 2461 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2462 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2463 2464 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2465 off, len)); 2466 2467 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2468 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2469 if (!n->m_next) { 2470 m_freem(n); 2471 return key_senderror(so, m, ENOBUFS); 2472 } 2473 2474 n->m_pkthdr.len = 0; 2475 for (nn = n; nn; nn = nn->m_next) 2476 n->m_pkthdr.len += nn->m_len; 2477 2478 newmsg = mtod(n, struct sadb_msg *); 2479 newmsg->sadb_msg_errno = 0; 2480 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2481 2482 m_freem(m); 2483 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2484 } 2485 } 2486 2487 /* 2488 * SADB_X_SPDGET processing 2489 * receive 2490 * <base, policy(*)> 2491 * from the user(?), 2492 * and send, 2493 * <base, address(SD), policy> 2494 * to the ikmpd. 2495 * policy(*) including direction of policy. 2496 * 2497 * m will always be freed. 2498 */ 2499 static int 2500 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2501 { 2502 struct secpolicy *sp; 2503 struct mbuf *n; 2504 uint32_t id; 2505 2506 IPSEC_ASSERT(so != NULL, ("null socket")); 2507 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2508 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2509 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2510 2511 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2512 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2513 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2514 __func__)); 2515 return key_senderror(so, m, EINVAL); 2516 } 2517 2518 id = ((struct sadb_x_policy *) 2519 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2520 2521 /* Is there SP in SPD ? */ 2522 if ((sp = key_getspbyid(id)) == NULL) { 2523 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2524 __func__, id)); 2525 return key_senderror(so, m, ENOENT); 2526 } 2527 2528 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2529 mhp->msg->sadb_msg_pid); 2530 key_freesp(&sp); 2531 if (n != NULL) { 2532 m_freem(m); 2533 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2534 } else 2535 return key_senderror(so, m, ENOBUFS); 2536 } 2537 2538 /* 2539 * SADB_X_SPDACQUIRE processing. 2540 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2541 * send 2542 * <base, policy(*)> 2543 * to KMD, and expect to receive 2544 * <base> with SADB_X_SPDACQUIRE if error occurred, 2545 * or 2546 * <base, policy> 2547 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2548 * policy(*) is without policy requests. 2549 * 2550 * 0 : succeed 2551 * others: error number 2552 */ 2553 int 2554 key_spdacquire(struct secpolicy *sp) 2555 { 2556 struct mbuf *result = NULL, *m; 2557 struct secspacq *newspacq; 2558 2559 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2560 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2561 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2562 ("policy not IPSEC %u", sp->policy)); 2563 2564 /* Get an entry to check whether sent message or not. */ 2565 newspacq = key_getspacq(&sp->spidx); 2566 if (newspacq != NULL) { 2567 if (V_key_blockacq_count < newspacq->count) { 2568 /* reset counter and do send message. */ 2569 newspacq->count = 0; 2570 } else { 2571 /* increment counter and do nothing. */ 2572 newspacq->count++; 2573 SPACQ_UNLOCK(); 2574 return (0); 2575 } 2576 SPACQ_UNLOCK(); 2577 } else { 2578 /* make new entry for blocking to send SADB_ACQUIRE. */ 2579 newspacq = key_newspacq(&sp->spidx); 2580 if (newspacq == NULL) 2581 return ENOBUFS; 2582 } 2583 2584 /* create new sadb_msg to reply. */ 2585 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2586 if (!m) 2587 return ENOBUFS; 2588 2589 result = m; 2590 2591 result->m_pkthdr.len = 0; 2592 for (m = result; m; m = m->m_next) 2593 result->m_pkthdr.len += m->m_len; 2594 2595 mtod(result, struct sadb_msg *)->sadb_msg_len = 2596 PFKEY_UNIT64(result->m_pkthdr.len); 2597 2598 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2599 } 2600 2601 /* 2602 * SADB_SPDFLUSH processing 2603 * receive 2604 * <base> 2605 * from the user, and free all entries in secpctree. 2606 * and send, 2607 * <base> 2608 * to the user. 2609 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2610 * 2611 * m will always be freed. 2612 */ 2613 static int 2614 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2615 { 2616 struct secpolicy_queue drainq; 2617 struct sadb_msg *newmsg; 2618 struct secpolicy *sp, *nextsp; 2619 u_int dir; 2620 2621 IPSEC_ASSERT(so != NULL, ("null socket")); 2622 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2623 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2624 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2625 2626 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2627 return key_senderror(so, m, EINVAL); 2628 2629 TAILQ_INIT(&drainq); 2630 SPTREE_WLOCK(); 2631 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2632 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2633 } 2634 /* 2635 * We need to set state to DEAD for each policy to be sure, 2636 * that another thread won't try to unlink it. 2637 * Also remove SP from sphash. 2638 */ 2639 TAILQ_FOREACH(sp, &drainq, chain) { 2640 sp->state = IPSEC_SPSTATE_DEAD; 2641 ipsec_accel_spddel(sp); 2642 LIST_REMOVE(sp, idhash); 2643 } 2644 V_sp_genid++; 2645 V_spd_size = 0; 2646 SPTREE_WUNLOCK(); 2647 if (SPDCACHE_ENABLED()) 2648 spdcache_clear(); 2649 sp = TAILQ_FIRST(&drainq); 2650 while (sp != NULL) { 2651 nextsp = TAILQ_NEXT(sp, chain); 2652 key_freesp(&sp); 2653 sp = nextsp; 2654 } 2655 2656 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2657 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2658 return key_senderror(so, m, ENOBUFS); 2659 } 2660 2661 if (m->m_next) 2662 m_freem(m->m_next); 2663 m->m_next = NULL; 2664 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2665 newmsg = mtod(m, struct sadb_msg *); 2666 newmsg->sadb_msg_errno = 0; 2667 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2668 2669 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2670 } 2671 2672 static uint8_t 2673 key_satype2scopemask(uint8_t satype) 2674 { 2675 2676 if (satype == IPSEC_POLICYSCOPE_ANY) 2677 return (0xff); 2678 return (satype); 2679 } 2680 /* 2681 * SADB_SPDDUMP processing 2682 * receive 2683 * <base> 2684 * from the user, and dump all SP leaves and send, 2685 * <base> ..... 2686 * to the ikmpd. 2687 * 2688 * NOTE: 2689 * sadb_msg_satype is considered as mask of policy scopes. 2690 * m will always be freed. 2691 */ 2692 static int 2693 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2694 { 2695 SPTREE_RLOCK_TRACKER; 2696 struct secpolicy *sp; 2697 struct mbuf *n; 2698 int cnt; 2699 u_int dir, scope; 2700 2701 IPSEC_ASSERT(so != NULL, ("null socket")); 2702 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2703 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2704 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2705 2706 /* search SPD entry and get buffer size. */ 2707 cnt = 0; 2708 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2709 SPTREE_RLOCK(); 2710 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2711 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2712 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2713 cnt++; 2714 } 2715 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2716 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2717 cnt++; 2718 } 2719 } 2720 2721 if (cnt == 0) { 2722 SPTREE_RUNLOCK(); 2723 return key_senderror(so, m, ENOENT); 2724 } 2725 2726 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2727 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2728 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2729 --cnt; 2730 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2731 mhp->msg->sadb_msg_pid); 2732 2733 if (n != NULL) 2734 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2735 } 2736 } 2737 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2738 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2739 --cnt; 2740 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2741 mhp->msg->sadb_msg_pid); 2742 2743 if (n != NULL) 2744 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2745 } 2746 } 2747 } 2748 2749 SPTREE_RUNLOCK(); 2750 m_freem(m); 2751 return (0); 2752 } 2753 2754 static struct mbuf * 2755 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2756 u_int32_t pid) 2757 { 2758 struct mbuf *result = NULL, *m; 2759 struct seclifetime lt; 2760 2761 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2762 if (!m) 2763 goto fail; 2764 result = m; 2765 2766 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2767 &sp->spidx.src.sa, sp->spidx.prefs, 2768 sp->spidx.ul_proto); 2769 if (!m) 2770 goto fail; 2771 m_cat(result, m); 2772 2773 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2774 &sp->spidx.dst.sa, sp->spidx.prefd, 2775 sp->spidx.ul_proto); 2776 if (!m) 2777 goto fail; 2778 m_cat(result, m); 2779 2780 m = key_sp2mbuf(sp); 2781 if (!m) 2782 goto fail; 2783 m_cat(result, m); 2784 2785 if(sp->lifetime){ 2786 lt.addtime=sp->created; 2787 lt.usetime= sp->lastused; 2788 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2789 if (!m) 2790 goto fail; 2791 m_cat(result, m); 2792 2793 lt.addtime=sp->lifetime; 2794 lt.usetime= sp->validtime; 2795 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2796 if (!m) 2797 goto fail; 2798 m_cat(result, m); 2799 } 2800 2801 if ((result->m_flags & M_PKTHDR) == 0) 2802 goto fail; 2803 2804 if (result->m_len < sizeof(struct sadb_msg)) { 2805 result = m_pullup(result, sizeof(struct sadb_msg)); 2806 if (result == NULL) 2807 goto fail; 2808 } 2809 2810 result->m_pkthdr.len = 0; 2811 for (m = result; m; m = m->m_next) 2812 result->m_pkthdr.len += m->m_len; 2813 2814 mtod(result, struct sadb_msg *)->sadb_msg_len = 2815 PFKEY_UNIT64(result->m_pkthdr.len); 2816 2817 return result; 2818 2819 fail: 2820 m_freem(result); 2821 return NULL; 2822 } 2823 /* 2824 * get PFKEY message length for security policy and request. 2825 */ 2826 static size_t 2827 key_getspreqmsglen(struct secpolicy *sp) 2828 { 2829 size_t tlen, len; 2830 int i; 2831 2832 tlen = sizeof(struct sadb_x_policy); 2833 /* if is the policy for ipsec ? */ 2834 if (sp->policy != IPSEC_POLICY_IPSEC) 2835 return (tlen); 2836 2837 /* get length of ipsec requests */ 2838 for (i = 0; i < sp->tcount; i++) { 2839 len = sizeof(struct sadb_x_ipsecrequest) 2840 + sp->req[i]->saidx.src.sa.sa_len 2841 + sp->req[i]->saidx.dst.sa.sa_len; 2842 2843 tlen += PFKEY_ALIGN8(len); 2844 } 2845 #ifdef IPSEC_OFFLOAD 2846 if (sp->accel_ifname != NULL) 2847 tlen += sizeof(struct sadb_x_if_hw_offl); 2848 #endif 2849 return (tlen); 2850 } 2851 2852 /* 2853 * SADB_SPDEXPIRE processing 2854 * send 2855 * <base, address(SD), lifetime(CH), policy> 2856 * to KMD by PF_KEY. 2857 * 2858 * OUT: 0 : succeed 2859 * others : error number 2860 */ 2861 static int 2862 key_spdexpire(struct secpolicy *sp) 2863 { 2864 struct sadb_lifetime *lt; 2865 struct mbuf *result = NULL, *m; 2866 int len, error = -1; 2867 2868 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2869 2870 KEYDBG(KEY_STAMP, 2871 printf("%s: SP(%p)\n", __func__, sp)); 2872 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2873 2874 /* set msg header */ 2875 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2876 if (!m) { 2877 error = ENOBUFS; 2878 goto fail; 2879 } 2880 result = m; 2881 2882 /* create lifetime extension (current and hard) */ 2883 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2884 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2885 if (m == NULL) { 2886 error = ENOBUFS; 2887 goto fail; 2888 } 2889 m_align(m, len); 2890 m->m_len = len; 2891 bzero(mtod(m, caddr_t), len); 2892 lt = mtod(m, struct sadb_lifetime *); 2893 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2894 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2895 lt->sadb_lifetime_allocations = 0; 2896 lt->sadb_lifetime_bytes = 0; 2897 lt->sadb_lifetime_addtime = sp->created; 2898 lt->sadb_lifetime_usetime = sp->lastused; 2899 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2900 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2901 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2902 lt->sadb_lifetime_allocations = 0; 2903 lt->sadb_lifetime_bytes = 0; 2904 lt->sadb_lifetime_addtime = sp->lifetime; 2905 lt->sadb_lifetime_usetime = sp->validtime; 2906 m_cat(result, m); 2907 2908 /* set sadb_address for source */ 2909 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2910 &sp->spidx.src.sa, 2911 sp->spidx.prefs, sp->spidx.ul_proto); 2912 if (!m) { 2913 error = ENOBUFS; 2914 goto fail; 2915 } 2916 m_cat(result, m); 2917 2918 /* set sadb_address for destination */ 2919 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2920 &sp->spidx.dst.sa, 2921 sp->spidx.prefd, sp->spidx.ul_proto); 2922 if (!m) { 2923 error = ENOBUFS; 2924 goto fail; 2925 } 2926 m_cat(result, m); 2927 2928 /* set secpolicy */ 2929 m = key_sp2mbuf(sp); 2930 if (!m) { 2931 error = ENOBUFS; 2932 goto fail; 2933 } 2934 m_cat(result, m); 2935 2936 if ((result->m_flags & M_PKTHDR) == 0) { 2937 error = EINVAL; 2938 goto fail; 2939 } 2940 2941 if (result->m_len < sizeof(struct sadb_msg)) { 2942 result = m_pullup(result, sizeof(struct sadb_msg)); 2943 if (result == NULL) { 2944 error = ENOBUFS; 2945 goto fail; 2946 } 2947 } 2948 2949 result->m_pkthdr.len = 0; 2950 for (m = result; m; m = m->m_next) 2951 result->m_pkthdr.len += m->m_len; 2952 2953 mtod(result, struct sadb_msg *)->sadb_msg_len = 2954 PFKEY_UNIT64(result->m_pkthdr.len); 2955 2956 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2957 2958 fail: 2959 if (result) 2960 m_freem(result); 2961 return error; 2962 } 2963 2964 /* %%% SAD management */ 2965 /* 2966 * allocating and initialize new SA head. 2967 * OUT: NULL : failure due to the lack of memory. 2968 * others : pointer to new SA head. 2969 */ 2970 static struct secashead * 2971 key_newsah(struct secasindex *saidx) 2972 { 2973 struct secashead *sah; 2974 2975 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2976 M_NOWAIT | M_ZERO); 2977 if (sah == NULL) { 2978 PFKEYSTAT_INC(in_nomem); 2979 return (NULL); 2980 } 2981 TAILQ_INIT(&sah->savtree_larval); 2982 TAILQ_INIT(&sah->savtree_alive); 2983 sah->saidx = *saidx; 2984 sah->state = SADB_SASTATE_DEAD; 2985 SAH_INITREF(sah); 2986 2987 KEYDBG(KEY_STAMP, 2988 printf("%s: SAH(%p)\n", __func__, sah)); 2989 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2990 return (sah); 2991 } 2992 2993 static void 2994 key_freesah(struct secashead **psah) 2995 { 2996 struct secashead *sah = *psah; 2997 2998 CURVNET_ASSERT_SET(); 2999 3000 if (SAH_DELREF(sah) == 0) 3001 return; 3002 3003 KEYDBG(KEY_STAMP, 3004 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 3005 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 3006 3007 *psah = NULL; 3008 key_delsah(sah); 3009 } 3010 3011 static void 3012 key_delsah(struct secashead *sah) 3013 { 3014 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 3015 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 3016 ("Attempt to free non DEAD SAH %p", sah)); 3017 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 3018 ("Attempt to free SAH %p with LARVAL SA", sah)); 3019 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 3020 ("Attempt to free SAH %p with ALIVE SA", sah)); 3021 3022 free(sah, M_IPSEC_SAH); 3023 } 3024 3025 /* 3026 * allocating a new SA for key_add() and key_getspi() call, 3027 * and copy the values of mhp into new buffer. 3028 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 3029 * For SADB_ADD create and initialize SA with MATURE state. 3030 * OUT: NULL : fail 3031 * others : pointer to new secasvar. 3032 */ 3033 static struct secasvar * 3034 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 3035 uint32_t spi, int *errp) 3036 { 3037 struct secashead *sah; 3038 struct secasvar *sav; 3039 int isnew; 3040 3041 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3042 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3043 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 3044 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 3045 3046 sav = NULL; 3047 sah = NULL; 3048 /* check SPI value */ 3049 switch (saidx->proto) { 3050 case IPPROTO_ESP: 3051 case IPPROTO_AH: 3052 /* 3053 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 3054 * 1-255 reserved by IANA for future use, 3055 * 0 for implementation specific, local use. 3056 */ 3057 if (ntohl(spi) <= 255) { 3058 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 3059 __func__, ntohl(spi))); 3060 *errp = EINVAL; 3061 goto done; 3062 } 3063 break; 3064 } 3065 3066 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 3067 if (sav == NULL) { 3068 *errp = ENOBUFS; 3069 goto done; 3070 } 3071 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 3072 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 3073 M_NOWAIT | M_ZERO); 3074 if (sav->lock == NULL) { 3075 *errp = ENOBUFS; 3076 goto done; 3077 } 3078 rm_init(sav->lock, "ipsec association"); 3079 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 3080 if (sav->lft_c == NULL) { 3081 *errp = ENOBUFS; 3082 goto done; 3083 } 3084 3085 sav->spi = spi; 3086 sav->seq = mhp->msg->sadb_msg_seq; 3087 sav->state = SADB_SASTATE_LARVAL; 3088 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 3089 SAV_INITREF(sav); 3090 #ifdef IPSEC_OFFLOAD 3091 CK_LIST_INIT(&sav->accel_ifps); 3092 sav->accel_forget_tq = 0; 3093 sav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone, 3094 M_NOWAIT | M_ZERO); 3095 if (sav->accel_lft_sw == NULL) { 3096 *errp = ENOBUFS; 3097 goto done; 3098 } 3099 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) && 3100 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) { 3101 struct sadb_x_if_hw_offl *xof; 3102 3103 xof = (struct sadb_x_if_hw_offl *)mhp->ext[ 3104 SADB_X_EXT_IF_HW_OFFL]; 3105 sav->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if), 3106 M_IPSEC_MISC, M_NOWAIT); 3107 if (sav->accel_ifname == NULL) { 3108 *errp = ENOBUFS; 3109 goto done; 3110 } 3111 strncpy(__DECONST(char *, sav->accel_ifname), 3112 xof->sadb_x_if_hw_offl_if, 3113 sizeof(xof->sadb_x_if_hw_offl_if)); 3114 } 3115 #endif 3116 again: 3117 sah = key_getsah(saidx); 3118 if (sah == NULL) { 3119 /* create a new SA index */ 3120 sah = key_newsah(saidx); 3121 if (sah == NULL) { 3122 ipseclog((LOG_DEBUG, 3123 "%s: No more memory.\n", __func__)); 3124 *errp = ENOBUFS; 3125 goto done; 3126 } 3127 isnew = 1; 3128 } else 3129 isnew = 0; 3130 3131 sav->sah = sah; 3132 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3133 sav->created = time_second; 3134 } else if (sav->state == SADB_SASTATE_LARVAL) { 3135 /* 3136 * Do not call key_setsaval() second time in case 3137 * of `goto again`. We will have MATURE state. 3138 */ 3139 *errp = key_setsaval(sav, mhp); 3140 if (*errp != 0) 3141 goto done; 3142 sav->state = SADB_SASTATE_MATURE; 3143 } 3144 3145 SAHTREE_WLOCK(); 3146 /* 3147 * Check that existing SAH wasn't unlinked. 3148 * Since we didn't hold the SAHTREE lock, it is possible, 3149 * that callout handler or key_flush() or key_delete() could 3150 * unlink this SAH. 3151 */ 3152 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3153 SAHTREE_WUNLOCK(); 3154 key_freesah(&sah); /* reference from key_getsah() */ 3155 goto again; 3156 } 3157 if (isnew != 0) { 3158 /* 3159 * Add new SAH into SADB. 3160 * 3161 * XXXAE: we can serialize key_add and key_getspi calls, so 3162 * several threads will not fight in the race. 3163 * Otherwise we should check under SAHTREE lock, that this 3164 * SAH would not added twice. 3165 */ 3166 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3167 /* Add new SAH into hash by addresses */ 3168 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3169 /* Now we are linked in the chain */ 3170 sah->state = SADB_SASTATE_MATURE; 3171 /* 3172 * SAV references this new SAH. 3173 * In case of existing SAH we reuse reference 3174 * from key_getsah(). 3175 */ 3176 SAH_ADDREF(sah); 3177 } 3178 /* Link SAV with SAH */ 3179 if (sav->state == SADB_SASTATE_MATURE) { 3180 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3181 ipsec_accel_sa_newkey(sav); 3182 } else 3183 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3184 /* Add SAV into SPI hash */ 3185 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3186 SAHTREE_WUNLOCK(); 3187 *errp = 0; /* success */ 3188 done: 3189 if (*errp != 0) { 3190 if (sav != NULL) { 3191 if (sav->lock != NULL) { 3192 rm_destroy(sav->lock); 3193 free(sav->lock, M_IPSEC_MISC); 3194 } 3195 if (sav->lft_c != NULL) 3196 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3197 #ifdef IPSEC_OFFLOAD 3198 if (sav->accel_lft_sw != NULL) 3199 uma_zfree_pcpu(ipsec_key_lft_zone, 3200 sav->accel_lft_sw); 3201 free(__DECONST(char *, sav->accel_ifname), 3202 M_IPSEC_MISC); 3203 #endif 3204 free(sav, M_IPSEC_SA), sav = NULL; 3205 } 3206 if (sah != NULL) 3207 key_freesah(&sah); 3208 if (*errp == ENOBUFS) { 3209 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3210 __func__)); 3211 PFKEYSTAT_INC(in_nomem); 3212 } 3213 } 3214 return (sav); 3215 } 3216 3217 /* 3218 * free() SA variable entry. 3219 */ 3220 static void 3221 key_cleansav(struct secasvar *sav) 3222 { 3223 3224 if (sav->natt != NULL) { 3225 free(sav->natt, M_IPSEC_MISC); 3226 sav->natt = NULL; 3227 } 3228 if (sav->flags & SADB_X_EXT_F_CLONED) 3229 return; 3230 if (sav->tdb_xform != NULL) { 3231 sav->tdb_xform->xf_cleanup(sav); 3232 sav->tdb_xform = NULL; 3233 } 3234 if (sav->key_auth != NULL) { 3235 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3236 free(sav->key_auth, M_IPSEC_MISC); 3237 sav->key_auth = NULL; 3238 } 3239 if (sav->key_enc != NULL) { 3240 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3241 free(sav->key_enc, M_IPSEC_MISC); 3242 sav->key_enc = NULL; 3243 } 3244 if (sav->replay != NULL) { 3245 mtx_destroy(&sav->replay->lock); 3246 if (sav->replay->bitmap != NULL) 3247 free(sav->replay->bitmap, M_IPSEC_MISC); 3248 free(sav->replay, M_IPSEC_MISC); 3249 sav->replay = NULL; 3250 } 3251 if (sav->lft_h != NULL) { 3252 free(sav->lft_h, M_IPSEC_MISC); 3253 sav->lft_h = NULL; 3254 } 3255 if (sav->lft_s != NULL) { 3256 free(sav->lft_s, M_IPSEC_MISC); 3257 sav->lft_s = NULL; 3258 } 3259 } 3260 3261 /* 3262 * free() SA variable entry. 3263 */ 3264 static void 3265 key_delsav(struct secasvar *sav) 3266 { 3267 IPSEC_ASSERT(sav != NULL, ("null sav")); 3268 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3269 ("attempt to free non DEAD SA %p", sav)); 3270 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3271 sav->refcnt)); 3272 #ifdef IPSEC_OFFLOAD 3273 KASSERT(CK_LIST_EMPTY(&sav->accel_ifps), 3274 ("key_unlinksav: sav %p still offloaded", sav)); 3275 #endif 3276 3277 /* 3278 * SA must be unlinked from the chain and hashtbl. 3279 * If SA was cloned, we leave all fields untouched, 3280 * except NAT-T config. 3281 */ 3282 key_cleansav(sav); 3283 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3284 rm_destroy(sav->lock); 3285 free(sav->lock, M_IPSEC_MISC); 3286 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3287 } 3288 #ifdef IPSEC_OFFLOAD 3289 /* XXXKIB should this be moved to key_cleansav()? */ 3290 uma_zfree_pcpu(ipsec_key_lft_zone, sav->accel_lft_sw); 3291 free(__DECONST(char *, sav->accel_ifname), M_IPSEC_MISC); 3292 #endif 3293 free(sav, M_IPSEC_SA); 3294 } 3295 3296 /* 3297 * search SAH. 3298 * OUT: 3299 * NULL : not found 3300 * others : found, referenced pointer to a SAH. 3301 */ 3302 static struct secashead * 3303 key_getsah(struct secasindex *saidx) 3304 { 3305 SAHTREE_RLOCK_TRACKER; 3306 struct secashead *sah; 3307 3308 SAHTREE_RLOCK(); 3309 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3310 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3311 SAH_ADDREF(sah); 3312 break; 3313 } 3314 } 3315 SAHTREE_RUNLOCK(); 3316 return (sah); 3317 } 3318 3319 /* 3320 * Check not to be duplicated SPI. 3321 * OUT: 3322 * 0 : not found 3323 * 1 : found SA with given SPI. 3324 */ 3325 static int 3326 key_checkspidup(uint32_t spi) 3327 { 3328 SAHTREE_RLOCK_TRACKER; 3329 struct secasvar *sav; 3330 3331 /* Assume SPI is in network byte order */ 3332 SAHTREE_RLOCK(); 3333 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3334 if (sav->spi == spi) 3335 break; 3336 } 3337 SAHTREE_RUNLOCK(); 3338 return (sav != NULL); 3339 } 3340 3341 /* 3342 * Search SA by SPI. 3343 * OUT: 3344 * NULL : not found 3345 * others : found, referenced pointer to a SA. 3346 */ 3347 static struct secasvar * 3348 key_getsavbyspi(uint32_t spi) 3349 { 3350 SAHTREE_RLOCK_TRACKER; 3351 struct secasvar *sav; 3352 3353 /* Assume SPI is in network byte order */ 3354 SAHTREE_RLOCK(); 3355 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3356 if (sav->spi != spi) 3357 continue; 3358 SAV_ADDREF(sav); 3359 break; 3360 } 3361 SAHTREE_RUNLOCK(); 3362 return (sav); 3363 } 3364 3365 static int 3366 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3367 { 3368 struct seclifetime *lft_h, *lft_s, *tmp; 3369 3370 /* Lifetime extension is optional, check that it is present. */ 3371 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3372 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3373 /* 3374 * In case of SADB_UPDATE we may need to change 3375 * existing lifetimes. 3376 */ 3377 if (sav->state == SADB_SASTATE_MATURE) { 3378 lft_h = lft_s = NULL; 3379 goto reset; 3380 } 3381 return (0); 3382 } 3383 /* Both HARD and SOFT extensions must present */ 3384 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3385 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3386 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3387 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3388 ipseclog((LOG_DEBUG, 3389 "%s: invalid message: missing required header.\n", 3390 __func__)); 3391 return (EINVAL); 3392 } 3393 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3394 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3395 ipseclog((LOG_DEBUG, 3396 "%s: invalid message: wrong header size.\n", __func__)); 3397 return (EINVAL); 3398 } 3399 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3400 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3401 if (lft_h == NULL) { 3402 PFKEYSTAT_INC(in_nomem); 3403 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3404 return (ENOBUFS); 3405 } 3406 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3407 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3408 if (lft_s == NULL) { 3409 PFKEYSTAT_INC(in_nomem); 3410 free(lft_h, M_IPSEC_MISC); 3411 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3412 return (ENOBUFS); 3413 } 3414 reset: 3415 if (sav->state != SADB_SASTATE_LARVAL) { 3416 /* 3417 * key_update() holds reference to this SA, 3418 * so it won't be deleted in meanwhile. 3419 */ 3420 SECASVAR_WLOCK(sav); 3421 tmp = sav->lft_h; 3422 sav->lft_h = lft_h; 3423 lft_h = tmp; 3424 3425 tmp = sav->lft_s; 3426 sav->lft_s = lft_s; 3427 lft_s = tmp; 3428 SECASVAR_WUNLOCK(sav); 3429 if (lft_h != NULL) 3430 free(lft_h, M_IPSEC_MISC); 3431 if (lft_s != NULL) 3432 free(lft_s, M_IPSEC_MISC); 3433 return (0); 3434 } 3435 /* We can update lifetime without holding a lock */ 3436 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3437 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3438 sav->lft_h = lft_h; 3439 sav->lft_s = lft_s; 3440 return (0); 3441 } 3442 3443 /* 3444 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3445 * You must update these if need. Expects only LARVAL SAs. 3446 * OUT: 0: success. 3447 * !0: failure. 3448 */ 3449 static int 3450 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3451 { 3452 const struct sadb_sa *sa0; 3453 const struct sadb_key *key0; 3454 uint32_t replay; 3455 size_t len; 3456 int error; 3457 3458 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3459 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3460 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3461 ("Attempt to update non LARVAL SA")); 3462 3463 /* XXX rewrite */ 3464 error = key_setident(sav->sah, mhp); 3465 if (error != 0) 3466 goto fail; 3467 3468 /* SA */ 3469 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3470 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3471 error = EINVAL; 3472 goto fail; 3473 } 3474 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3475 sav->alg_auth = sa0->sadb_sa_auth; 3476 sav->alg_enc = sa0->sadb_sa_encrypt; 3477 sav->flags = sa0->sadb_sa_flags; 3478 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3479 ipseclog((LOG_DEBUG, 3480 "%s: invalid sa_flags 0x%08x.\n", __func__, 3481 sav->flags)); 3482 error = EINVAL; 3483 goto fail; 3484 } 3485 3486 /* Optional replay window */ 3487 replay = 0; 3488 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3489 replay = sa0->sadb_sa_replay; 3490 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3491 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3492 error = EINVAL; 3493 goto fail; 3494 } 3495 replay = ((const struct sadb_x_sa_replay *) 3496 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3497 3498 if (replay > UINT32_MAX - 32) { 3499 ipseclog((LOG_DEBUG, 3500 "%s: replay window too big.\n", __func__)); 3501 error = EINVAL; 3502 goto fail; 3503 } 3504 3505 replay = (replay + 7) >> 3; 3506 } 3507 3508 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3509 M_NOWAIT | M_ZERO); 3510 if (sav->replay == NULL) { 3511 PFKEYSTAT_INC(in_nomem); 3512 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3513 __func__)); 3514 error = ENOBUFS; 3515 goto fail; 3516 } 3517 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3518 3519 if (replay != 0) { 3520 /* number of 32b blocks to be allocated */ 3521 uint32_t bitmap_size; 3522 3523 /* RFC 6479: 3524 * - the allocated replay window size must be 3525 * a power of two. 3526 * - use an extra 32b block as a redundant window. 3527 */ 3528 bitmap_size = 1; 3529 while (replay + 4 > bitmap_size) 3530 bitmap_size <<= 1; 3531 bitmap_size = bitmap_size / 4; 3532 3533 sav->replay->bitmap = malloc( 3534 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3535 M_NOWAIT | M_ZERO); 3536 if (sav->replay->bitmap == NULL) { 3537 PFKEYSTAT_INC(in_nomem); 3538 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3539 __func__)); 3540 error = ENOBUFS; 3541 goto fail; 3542 } 3543 sav->replay->bitmap_size = bitmap_size; 3544 sav->replay->wsize = replay; 3545 } 3546 } 3547 3548 /* Authentication keys */ 3549 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3550 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3551 error = EINVAL; 3552 goto fail; 3553 } 3554 error = 0; 3555 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3556 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3557 switch (mhp->msg->sadb_msg_satype) { 3558 case SADB_SATYPE_AH: 3559 case SADB_SATYPE_ESP: 3560 case SADB_X_SATYPE_TCPSIGNATURE: 3561 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3562 sav->alg_auth != SADB_X_AALG_NULL) 3563 error = EINVAL; 3564 break; 3565 case SADB_X_SATYPE_IPCOMP: 3566 default: 3567 error = EINVAL; 3568 break; 3569 } 3570 if (error) { 3571 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3572 __func__)); 3573 goto fail; 3574 } 3575 3576 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3577 if (sav->key_auth == NULL ) { 3578 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3579 __func__)); 3580 PFKEYSTAT_INC(in_nomem); 3581 error = ENOBUFS; 3582 goto fail; 3583 } 3584 } 3585 3586 /* Encryption key */ 3587 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3588 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3589 error = EINVAL; 3590 goto fail; 3591 } 3592 error = 0; 3593 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3594 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3595 switch (mhp->msg->sadb_msg_satype) { 3596 case SADB_SATYPE_ESP: 3597 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3598 sav->alg_enc != SADB_EALG_NULL) { 3599 error = EINVAL; 3600 break; 3601 } 3602 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3603 if (sav->key_enc == NULL) { 3604 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3605 __func__)); 3606 PFKEYSTAT_INC(in_nomem); 3607 error = ENOBUFS; 3608 goto fail; 3609 } 3610 break; 3611 case SADB_X_SATYPE_IPCOMP: 3612 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3613 error = EINVAL; 3614 sav->key_enc = NULL; /*just in case*/ 3615 break; 3616 case SADB_SATYPE_AH: 3617 case SADB_X_SATYPE_TCPSIGNATURE: 3618 default: 3619 error = EINVAL; 3620 break; 3621 } 3622 if (error) { 3623 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3624 __func__)); 3625 goto fail; 3626 } 3627 } 3628 3629 /* set iv */ 3630 sav->ivlen = 0; 3631 switch (mhp->msg->sadb_msg_satype) { 3632 case SADB_SATYPE_AH: 3633 if (sav->flags & SADB_X_EXT_DERIV) { 3634 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3635 "given to AH SA.\n", __func__)); 3636 error = EINVAL; 3637 goto fail; 3638 } 3639 if (sav->alg_enc != SADB_EALG_NONE) { 3640 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3641 "mismated.\n", __func__)); 3642 error = EINVAL; 3643 goto fail; 3644 } 3645 error = xform_init(sav, XF_AH); 3646 break; 3647 case SADB_SATYPE_ESP: 3648 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3649 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3650 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3651 "given to old-esp.\n", __func__)); 3652 error = EINVAL; 3653 goto fail; 3654 } 3655 error = xform_init(sav, XF_ESP); 3656 break; 3657 case SADB_X_SATYPE_IPCOMP: 3658 if (sav->alg_auth != SADB_AALG_NONE) { 3659 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3660 "mismated.\n", __func__)); 3661 error = EINVAL; 3662 goto fail; 3663 } 3664 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3665 ntohl(sav->spi) >= 0x10000) { 3666 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3667 __func__)); 3668 error = EINVAL; 3669 goto fail; 3670 } 3671 error = xform_init(sav, XF_IPCOMP); 3672 break; 3673 case SADB_X_SATYPE_TCPSIGNATURE: 3674 if (sav->alg_enc != SADB_EALG_NONE) { 3675 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3676 "mismated.\n", __func__)); 3677 error = EINVAL; 3678 goto fail; 3679 } 3680 error = xform_init(sav, XF_TCPSIGNATURE); 3681 break; 3682 default: 3683 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3684 error = EPROTONOSUPPORT; 3685 goto fail; 3686 } 3687 if (error) { 3688 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3689 __func__, mhp->msg->sadb_msg_satype)); 3690 goto fail; 3691 } 3692 3693 /* Handle NAT-T headers */ 3694 error = key_setnatt(sav, mhp); 3695 if (error != 0) 3696 goto fail; 3697 3698 /* Initialize lifetime for CURRENT */ 3699 sav->firstused = 0; 3700 sav->created = time_second; 3701 3702 /* lifetimes for HARD and SOFT */ 3703 error = key_updatelifetimes(sav, mhp); 3704 if (error == 0) 3705 return (0); 3706 fail: 3707 key_cleansav(sav); 3708 return (error); 3709 } 3710 3711 /* 3712 * subroutine for SADB_GET and SADB_DUMP. 3713 */ 3714 static struct mbuf * 3715 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3716 uint32_t seq, uint32_t pid, struct rm_priotracker *sahtree_trackerp) 3717 { 3718 struct seclifetime lft_c; 3719 struct mbuf *result = NULL, *tres = NULL, *m; 3720 int i, dumporder[] = { 3721 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3722 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3723 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3724 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3725 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3726 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3727 SADB_EXT_SENSITIVITY, 3728 SADB_X_EXT_NAT_T_TYPE, 3729 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3730 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3731 SADB_X_EXT_NAT_T_FRAG, 3732 #ifdef IPSEC_OFFLOAD 3733 SADB_X_EXT_LFT_CUR_SW_OFFL, SADB_X_EXT_LFT_CUR_HW_OFFL, 3734 SADB_X_EXT_IF_HW_OFFL, 3735 #endif 3736 }; 3737 uint32_t replay_count; 3738 #ifdef IPSEC_OFFLOAD 3739 int error; 3740 #endif 3741 3742 SECASVAR_RLOCK_TRACKER; 3743 3744 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3745 if (m == NULL) 3746 goto fail; 3747 result = m; 3748 3749 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3750 m = NULL; 3751 switch (dumporder[i]) { 3752 case SADB_EXT_SA: 3753 m = key_setsadbsa(sav); 3754 if (!m) 3755 goto fail; 3756 break; 3757 3758 case SADB_X_EXT_SA2: { 3759 SECASVAR_RLOCK(sav); 3760 replay_count = sav->replay ? sav->replay->count : 0; 3761 SECASVAR_RUNLOCK(sav); 3762 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3763 sav->sah->saidx.reqid); 3764 if (!m) 3765 goto fail; 3766 break; 3767 } 3768 case SADB_X_EXT_SA_REPLAY: 3769 if (sav->replay == NULL || 3770 sav->replay->wsize <= UINT8_MAX) 3771 continue; 3772 3773 m = key_setsadbxsareplay(sav->replay->wsize); 3774 if (!m) 3775 goto fail; 3776 break; 3777 3778 case SADB_EXT_ADDRESS_SRC: 3779 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3780 &sav->sah->saidx.src.sa, 3781 FULLMASK, IPSEC_ULPROTO_ANY); 3782 if (!m) 3783 goto fail; 3784 break; 3785 3786 case SADB_EXT_ADDRESS_DST: 3787 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3788 &sav->sah->saidx.dst.sa, 3789 FULLMASK, IPSEC_ULPROTO_ANY); 3790 if (!m) 3791 goto fail; 3792 break; 3793 3794 case SADB_EXT_KEY_AUTH: 3795 if (!sav->key_auth) 3796 continue; 3797 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3798 if (!m) 3799 goto fail; 3800 break; 3801 3802 case SADB_EXT_KEY_ENCRYPT: 3803 if (!sav->key_enc) 3804 continue; 3805 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3806 if (!m) 3807 goto fail; 3808 break; 3809 3810 case SADB_EXT_LIFETIME_CURRENT: 3811 lft_c.addtime = sav->created; 3812 lft_c.allocations = (uint32_t)counter_u64_fetch( 3813 sav->lft_c_allocations); 3814 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3815 lft_c.usetime = sav->firstused; 3816 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3817 if (!m) 3818 goto fail; 3819 break; 3820 3821 case SADB_EXT_LIFETIME_HARD: 3822 if (!sav->lft_h) 3823 continue; 3824 m = key_setlifetime(sav->lft_h, 3825 SADB_EXT_LIFETIME_HARD); 3826 if (!m) 3827 goto fail; 3828 break; 3829 3830 case SADB_EXT_LIFETIME_SOFT: 3831 if (!sav->lft_s) 3832 continue; 3833 m = key_setlifetime(sav->lft_s, 3834 SADB_EXT_LIFETIME_SOFT); 3835 3836 if (!m) 3837 goto fail; 3838 break; 3839 3840 case SADB_X_EXT_NAT_T_TYPE: 3841 if (sav->natt == NULL) 3842 continue; 3843 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3844 if (!m) 3845 goto fail; 3846 break; 3847 3848 case SADB_X_EXT_NAT_T_DPORT: 3849 if (sav->natt == NULL) 3850 continue; 3851 m = key_setsadbxport(sav->natt->dport, 3852 SADB_X_EXT_NAT_T_DPORT); 3853 if (!m) 3854 goto fail; 3855 break; 3856 3857 case SADB_X_EXT_NAT_T_SPORT: 3858 if (sav->natt == NULL) 3859 continue; 3860 m = key_setsadbxport(sav->natt->sport, 3861 SADB_X_EXT_NAT_T_SPORT); 3862 if (!m) 3863 goto fail; 3864 break; 3865 3866 case SADB_X_EXT_NAT_T_OAI: 3867 if (sav->natt == NULL || 3868 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3869 continue; 3870 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3871 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3872 if (!m) 3873 goto fail; 3874 break; 3875 case SADB_X_EXT_NAT_T_OAR: 3876 if (sav->natt == NULL || 3877 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3878 continue; 3879 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3880 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3881 if (!m) 3882 goto fail; 3883 break; 3884 case SADB_X_EXT_NAT_T_FRAG: 3885 /* We do not (yet) support those. */ 3886 continue; 3887 #ifdef IPSEC_OFFLOAD 3888 case SADB_X_EXT_LFT_CUR_SW_OFFL: 3889 if (!ipsec_accel_is_accel_sav(sav)) 3890 continue; 3891 SAV_ADDREF(sav); 3892 error = ipsec_accel_sa_lifetime_op(sav, &lft_c, 3893 NULL, IF_SA_CNT_TOTAL_SW_VAL, sahtree_trackerp); 3894 if (error != 0) { 3895 m = NULL; 3896 goto fail; 3897 } 3898 m = key_setlifetime(&lft_c, dumporder[i]); 3899 if (m == NULL) 3900 goto fail; 3901 key_freesav(&sav); 3902 if (sav == NULL) { 3903 m_freem(m); 3904 goto fail; 3905 } 3906 break; 3907 case SADB_X_EXT_LFT_CUR_HW_OFFL: 3908 if (!ipsec_accel_is_accel_sav(sav)) 3909 continue; 3910 memset(&lft_c, 0, sizeof(lft_c)); 3911 lft_c.bytes = sav->accel_hw_octets; 3912 lft_c.allocations = sav->accel_hw_allocs; 3913 m = key_setlifetime(&lft_c, dumporder[i]); 3914 if (m == NULL) 3915 goto fail; 3916 break; 3917 case SADB_X_EXT_IF_HW_OFFL: 3918 if (!ipsec_accel_is_accel_sav(sav)) 3919 continue; 3920 m = ipsec_accel_key_setaccelif(sav); 3921 if (m == NULL) 3922 continue; /* benigh */ 3923 break; 3924 #endif 3925 3926 case SADB_EXT_ADDRESS_PROXY: 3927 case SADB_EXT_IDENTITY_SRC: 3928 case SADB_EXT_IDENTITY_DST: 3929 /* XXX: should we brought from SPD ? */ 3930 case SADB_EXT_SENSITIVITY: 3931 default: 3932 continue; 3933 } 3934 3935 if (!m) 3936 goto fail; 3937 if (tres) 3938 m_cat(m, tres); 3939 tres = m; 3940 } 3941 3942 m_cat(result, tres); 3943 tres = NULL; 3944 if (result->m_len < sizeof(struct sadb_msg)) { 3945 result = m_pullup(result, sizeof(struct sadb_msg)); 3946 if (result == NULL) 3947 goto fail; 3948 } 3949 3950 result->m_pkthdr.len = 0; 3951 for (m = result; m; m = m->m_next) 3952 result->m_pkthdr.len += m->m_len; 3953 3954 mtod(result, struct sadb_msg *)->sadb_msg_len = 3955 PFKEY_UNIT64(result->m_pkthdr.len); 3956 3957 return result; 3958 3959 fail: 3960 m_freem(result); 3961 m_freem(tres); 3962 return NULL; 3963 } 3964 3965 /* 3966 * set data into sadb_msg. 3967 */ 3968 static struct mbuf * 3969 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3970 pid_t pid, u_int16_t reserved) 3971 { 3972 struct mbuf *m; 3973 struct sadb_msg *p; 3974 int len; 3975 3976 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3977 if (len > MCLBYTES) 3978 return NULL; 3979 m = key_mget(len); 3980 if (m == NULL) 3981 return NULL; 3982 m->m_pkthdr.len = m->m_len = len; 3983 m->m_next = NULL; 3984 3985 p = mtod(m, struct sadb_msg *); 3986 3987 bzero(p, len); 3988 p->sadb_msg_version = PF_KEY_V2; 3989 p->sadb_msg_type = type; 3990 p->sadb_msg_errno = 0; 3991 p->sadb_msg_satype = satype; 3992 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3993 p->sadb_msg_reserved = reserved; 3994 p->sadb_msg_seq = seq; 3995 p->sadb_msg_pid = (u_int32_t)pid; 3996 3997 return m; 3998 } 3999 4000 /* 4001 * copy secasvar data into sadb_address. 4002 */ 4003 static struct mbuf * 4004 key_setsadbsa(struct secasvar *sav) 4005 { 4006 struct mbuf *m; 4007 struct sadb_sa *p; 4008 int len; 4009 4010 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4011 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4012 if (m == NULL) 4013 return (NULL); 4014 m_align(m, len); 4015 m->m_len = len; 4016 p = mtod(m, struct sadb_sa *); 4017 bzero(p, len); 4018 p->sadb_sa_len = PFKEY_UNIT64(len); 4019 p->sadb_sa_exttype = SADB_EXT_SA; 4020 p->sadb_sa_spi = sav->spi; 4021 p->sadb_sa_replay = sav->replay ? 4022 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 4023 sav->replay->wsize): 0; 4024 p->sadb_sa_state = sav->state; 4025 p->sadb_sa_auth = sav->alg_auth; 4026 p->sadb_sa_encrypt = sav->alg_enc; 4027 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 4028 return (m); 4029 } 4030 4031 /* 4032 * set data into sadb_address. 4033 */ 4034 static struct mbuf * 4035 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 4036 u_int8_t prefixlen, u_int16_t ul_proto) 4037 { 4038 struct mbuf *m; 4039 struct sadb_address *p; 4040 size_t len; 4041 4042 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 4043 PFKEY_ALIGN8(saddr->sa_len); 4044 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4045 if (m == NULL) 4046 return (NULL); 4047 m_align(m, len); 4048 m->m_len = len; 4049 p = mtod(m, struct sadb_address *); 4050 4051 bzero(p, len); 4052 p->sadb_address_len = PFKEY_UNIT64(len); 4053 p->sadb_address_exttype = exttype; 4054 p->sadb_address_proto = ul_proto; 4055 if (prefixlen == FULLMASK) { 4056 switch (saddr->sa_family) { 4057 case AF_INET: 4058 prefixlen = sizeof(struct in_addr) << 3; 4059 break; 4060 case AF_INET6: 4061 prefixlen = sizeof(struct in6_addr) << 3; 4062 break; 4063 default: 4064 ; /*XXX*/ 4065 } 4066 } 4067 p->sadb_address_prefixlen = prefixlen; 4068 p->sadb_address_reserved = 0; 4069 4070 bcopy(saddr, 4071 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 4072 saddr->sa_len); 4073 4074 return m; 4075 } 4076 4077 /* 4078 * set data into sadb_x_sa2. 4079 */ 4080 static struct mbuf * 4081 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 4082 { 4083 struct mbuf *m; 4084 struct sadb_x_sa2 *p; 4085 size_t len; 4086 4087 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 4088 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4089 if (m == NULL) 4090 return (NULL); 4091 m_align(m, len); 4092 m->m_len = len; 4093 p = mtod(m, struct sadb_x_sa2 *); 4094 4095 bzero(p, len); 4096 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 4097 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 4098 p->sadb_x_sa2_mode = mode; 4099 p->sadb_x_sa2_reserved1 = 0; 4100 p->sadb_x_sa2_reserved2 = 0; 4101 p->sadb_x_sa2_sequence = seq; 4102 p->sadb_x_sa2_reqid = reqid; 4103 4104 return m; 4105 } 4106 4107 /* 4108 * Set data into sadb_x_sa_replay. 4109 */ 4110 static struct mbuf * 4111 key_setsadbxsareplay(u_int32_t replay) 4112 { 4113 struct mbuf *m; 4114 struct sadb_x_sa_replay *p; 4115 size_t len; 4116 4117 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 4118 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4119 if (m == NULL) 4120 return (NULL); 4121 m_align(m, len); 4122 m->m_len = len; 4123 p = mtod(m, struct sadb_x_sa_replay *); 4124 4125 bzero(p, len); 4126 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 4127 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 4128 p->sadb_x_sa_replay_replay = (replay << 3); 4129 4130 return m; 4131 } 4132 4133 /* 4134 * Set a type in sadb_x_nat_t_type. 4135 */ 4136 static struct mbuf * 4137 key_setsadbxtype(u_int16_t type) 4138 { 4139 struct mbuf *m; 4140 size_t len; 4141 struct sadb_x_nat_t_type *p; 4142 4143 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 4144 4145 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4146 if (m == NULL) 4147 return (NULL); 4148 m_align(m, len); 4149 m->m_len = len; 4150 p = mtod(m, struct sadb_x_nat_t_type *); 4151 4152 bzero(p, len); 4153 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 4154 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 4155 p->sadb_x_nat_t_type_type = type; 4156 4157 return (m); 4158 } 4159 /* 4160 * Set a port in sadb_x_nat_t_port. 4161 * In contrast to default RFC 2367 behaviour, port is in network byte order. 4162 */ 4163 static struct mbuf * 4164 key_setsadbxport(u_int16_t port, u_int16_t type) 4165 { 4166 struct mbuf *m; 4167 size_t len; 4168 struct sadb_x_nat_t_port *p; 4169 4170 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4171 4172 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4173 if (m == NULL) 4174 return (NULL); 4175 m_align(m, len); 4176 m->m_len = len; 4177 p = mtod(m, struct sadb_x_nat_t_port *); 4178 4179 bzero(p, len); 4180 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4181 p->sadb_x_nat_t_port_exttype = type; 4182 p->sadb_x_nat_t_port_port = port; 4183 4184 return (m); 4185 } 4186 4187 /* 4188 * Get port from sockaddr. Port is in network byte order. 4189 */ 4190 uint16_t 4191 key_portfromsaddr(struct sockaddr *sa) 4192 { 4193 4194 switch (sa->sa_family) { 4195 #ifdef INET 4196 case AF_INET: 4197 return ((struct sockaddr_in *)sa)->sin_port; 4198 #endif 4199 #ifdef INET6 4200 case AF_INET6: 4201 return ((struct sockaddr_in6 *)sa)->sin6_port; 4202 #endif 4203 } 4204 return (0); 4205 } 4206 4207 /* 4208 * Set port in struct sockaddr. Port is in network byte order. 4209 */ 4210 void 4211 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4212 { 4213 4214 switch (sa->sa_family) { 4215 #ifdef INET 4216 case AF_INET: 4217 ((struct sockaddr_in *)sa)->sin_port = port; 4218 break; 4219 #endif 4220 #ifdef INET6 4221 case AF_INET6: 4222 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4223 break; 4224 #endif 4225 default: 4226 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4227 __func__, sa->sa_family)); 4228 break; 4229 } 4230 } 4231 4232 /* 4233 * set data into sadb_x_policy 4234 */ 4235 static struct mbuf * 4236 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4237 { 4238 struct mbuf *m; 4239 struct sadb_x_policy *p; 4240 size_t len; 4241 4242 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4243 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4244 if (m == NULL) 4245 return (NULL); 4246 m_align(m, len); 4247 m->m_len = len; 4248 p = mtod(m, struct sadb_x_policy *); 4249 4250 bzero(p, len); 4251 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4252 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4253 p->sadb_x_policy_type = type; 4254 p->sadb_x_policy_dir = dir; 4255 p->sadb_x_policy_id = id; 4256 p->sadb_x_policy_priority = priority; 4257 4258 return m; 4259 } 4260 4261 /* %%% utilities */ 4262 /* Take a key message (sadb_key) from the socket and turn it into one 4263 * of the kernel's key structures (seckey). 4264 * 4265 * IN: pointer to the src 4266 * OUT: NULL no more memory 4267 */ 4268 struct seckey * 4269 key_dup_keymsg(const struct sadb_key *src, size_t len, 4270 struct malloc_type *type) 4271 { 4272 struct seckey *dst; 4273 4274 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4275 if (dst != NULL) { 4276 dst->bits = src->sadb_key_bits; 4277 dst->key_data = malloc(len, type, M_NOWAIT); 4278 if (dst->key_data != NULL) { 4279 bcopy((const char *)(src + 1), dst->key_data, len); 4280 } else { 4281 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4282 __func__)); 4283 free(dst, type); 4284 dst = NULL; 4285 } 4286 } else { 4287 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4288 __func__)); 4289 } 4290 return (dst); 4291 } 4292 4293 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4294 * turn it into one of the kernel's lifetime structures (seclifetime). 4295 * 4296 * IN: pointer to the destination, source and malloc type 4297 * OUT: NULL, no more memory 4298 */ 4299 4300 static struct seclifetime * 4301 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4302 { 4303 struct seclifetime *dst; 4304 4305 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4306 if (dst == NULL) { 4307 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4308 return (NULL); 4309 } 4310 dst->allocations = src->sadb_lifetime_allocations; 4311 dst->bytes = src->sadb_lifetime_bytes; 4312 dst->addtime = src->sadb_lifetime_addtime; 4313 dst->usetime = src->sadb_lifetime_usetime; 4314 return (dst); 4315 } 4316 4317 /* 4318 * compare two secasindex structure. 4319 * flag can specify to compare 2 saidxes. 4320 * compare two secasindex structure without both mode and reqid. 4321 * don't compare port. 4322 * IN: 4323 * saidx0: source, it can be in SAD. 4324 * saidx1: object. 4325 * OUT: 4326 * 1 : equal 4327 * 0 : not equal 4328 */ 4329 static int 4330 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4331 int flag) 4332 { 4333 4334 /* sanity */ 4335 if (saidx0 == NULL && saidx1 == NULL) 4336 return 1; 4337 4338 if (saidx0 == NULL || saidx1 == NULL) 4339 return 0; 4340 4341 if (saidx0->proto != saidx1->proto) 4342 return 0; 4343 4344 if (flag == CMP_EXACTLY) { 4345 if (saidx0->mode != saidx1->mode) 4346 return 0; 4347 if (saidx0->reqid != saidx1->reqid) 4348 return 0; 4349 if (bcmp(&saidx0->src, &saidx1->src, 4350 saidx0->src.sa.sa_len) != 0 || 4351 bcmp(&saidx0->dst, &saidx1->dst, 4352 saidx0->dst.sa.sa_len) != 0) 4353 return 0; 4354 } else { 4355 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4356 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4357 /* 4358 * If reqid of SPD is non-zero, unique SA is required. 4359 * The result must be of same reqid in this case. 4360 */ 4361 if (saidx1->reqid != 0 && 4362 saidx0->reqid != saidx1->reqid) 4363 return 0; 4364 } 4365 4366 if (flag == CMP_MODE_REQID) { 4367 if (saidx0->mode != IPSEC_MODE_ANY 4368 && saidx0->mode != saidx1->mode) 4369 return 0; 4370 } 4371 4372 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4373 return 0; 4374 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4375 return 0; 4376 } 4377 4378 return 1; 4379 } 4380 4381 /* 4382 * compare two secindex structure exactly. 4383 * IN: 4384 * spidx0: source, it is often in SPD. 4385 * spidx1: object, it is often from PFKEY message. 4386 * OUT: 4387 * 1 : equal 4388 * 0 : not equal 4389 */ 4390 static int 4391 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4392 struct secpolicyindex *spidx1) 4393 { 4394 /* sanity */ 4395 if (spidx0 == NULL && spidx1 == NULL) 4396 return 1; 4397 4398 if (spidx0 == NULL || spidx1 == NULL) 4399 return 0; 4400 4401 if (spidx0->prefs != spidx1->prefs 4402 || spidx0->prefd != spidx1->prefd 4403 || spidx0->ul_proto != spidx1->ul_proto 4404 || spidx0->dir != spidx1->dir) 4405 return 0; 4406 4407 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4408 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4409 } 4410 4411 /* 4412 * compare two secindex structure with mask. 4413 * IN: 4414 * spidx0: source, it is often in SPD. 4415 * spidx1: object, it is often from IP header. 4416 * OUT: 4417 * 1 : equal 4418 * 0 : not equal 4419 */ 4420 static int 4421 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4422 struct secpolicyindex *spidx1) 4423 { 4424 /* sanity */ 4425 if (spidx0 == NULL && spidx1 == NULL) 4426 return 1; 4427 4428 if (spidx0 == NULL || spidx1 == NULL) 4429 return 0; 4430 4431 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4432 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4433 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4434 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4435 return 0; 4436 4437 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4438 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4439 && spidx0->ul_proto != spidx1->ul_proto) 4440 return 0; 4441 4442 switch (spidx0->src.sa.sa_family) { 4443 case AF_INET: 4444 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4445 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4446 return 0; 4447 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4448 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4449 return 0; 4450 break; 4451 case AF_INET6: 4452 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4453 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4454 return 0; 4455 /* 4456 * scope_id check. if sin6_scope_id is 0, we regard it 4457 * as a wildcard scope, which matches any scope zone ID. 4458 */ 4459 if (spidx0->src.sin6.sin6_scope_id && 4460 spidx1->src.sin6.sin6_scope_id && 4461 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4462 return 0; 4463 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4464 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4465 return 0; 4466 break; 4467 default: 4468 /* XXX */ 4469 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4470 return 0; 4471 break; 4472 } 4473 4474 switch (spidx0->dst.sa.sa_family) { 4475 case AF_INET: 4476 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4477 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4478 return 0; 4479 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4480 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4481 return 0; 4482 break; 4483 case AF_INET6: 4484 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4485 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4486 return 0; 4487 /* 4488 * scope_id check. if sin6_scope_id is 0, we regard it 4489 * as a wildcard scope, which matches any scope zone ID. 4490 */ 4491 if (spidx0->dst.sin6.sin6_scope_id && 4492 spidx1->dst.sin6.sin6_scope_id && 4493 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4494 return 0; 4495 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4496 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4497 return 0; 4498 break; 4499 default: 4500 /* XXX */ 4501 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4502 return 0; 4503 break; 4504 } 4505 4506 /* XXX Do we check other field ? e.g. flowinfo */ 4507 4508 return 1; 4509 } 4510 4511 #ifdef satosin 4512 #undef satosin 4513 #endif 4514 #define satosin(s) ((const struct sockaddr_in *)s) 4515 #ifdef satosin6 4516 #undef satosin6 4517 #endif 4518 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4519 /* returns 0 on match */ 4520 int 4521 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4522 int port) 4523 { 4524 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4525 return 1; 4526 4527 switch (sa1->sa_family) { 4528 #ifdef INET 4529 case AF_INET: 4530 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4531 return 1; 4532 if (satosin(sa1)->sin_addr.s_addr != 4533 satosin(sa2)->sin_addr.s_addr) { 4534 return 1; 4535 } 4536 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4537 return 1; 4538 break; 4539 #endif 4540 #ifdef INET6 4541 case AF_INET6: 4542 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4543 return 1; /*EINVAL*/ 4544 if (satosin6(sa1)->sin6_scope_id != 4545 satosin6(sa2)->sin6_scope_id) { 4546 return 1; 4547 } 4548 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4549 &satosin6(sa2)->sin6_addr)) { 4550 return 1; 4551 } 4552 if (port && 4553 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4554 return 1; 4555 } 4556 break; 4557 #endif 4558 default: 4559 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4560 return 1; 4561 break; 4562 } 4563 4564 return 0; 4565 } 4566 4567 /* returns 0 on match */ 4568 int 4569 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4570 const struct sockaddr *sa2, size_t mask) 4571 { 4572 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4573 return (1); 4574 4575 switch (sa1->sa_family) { 4576 #ifdef INET 4577 case AF_INET: 4578 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4579 &satosin(sa2)->sin_addr, mask)); 4580 #endif 4581 #ifdef INET6 4582 case AF_INET6: 4583 if (satosin6(sa1)->sin6_scope_id != 4584 satosin6(sa2)->sin6_scope_id) 4585 return (1); 4586 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4587 &satosin6(sa2)->sin6_addr, mask)); 4588 #endif 4589 } 4590 return (1); 4591 } 4592 #undef satosin 4593 #undef satosin6 4594 4595 /* 4596 * compare two buffers with mask. 4597 * IN: 4598 * addr1: source 4599 * addr2: object 4600 * bits: Number of bits to compare 4601 * OUT: 4602 * 1 : equal 4603 * 0 : not equal 4604 */ 4605 static int 4606 key_bbcmp(const void *a1, const void *a2, u_int bits) 4607 { 4608 const unsigned char *p1 = a1; 4609 const unsigned char *p2 = a2; 4610 4611 /* XXX: This could be considerably faster if we compare a word 4612 * at a time, but it is complicated on LSB Endian machines */ 4613 4614 /* Handle null pointers */ 4615 if (p1 == NULL || p2 == NULL) 4616 return (p1 == p2); 4617 4618 while (bits >= 8) { 4619 if (*p1++ != *p2++) 4620 return 0; 4621 bits -= 8; 4622 } 4623 4624 if (bits > 0) { 4625 u_int8_t mask = ~((1<<(8-bits))-1); 4626 if ((*p1 & mask) != (*p2 & mask)) 4627 return 0; 4628 } 4629 return 1; /* Match! */ 4630 } 4631 4632 static void 4633 key_flush_spd(time_t now) 4634 { 4635 SPTREE_RLOCK_TRACKER; 4636 struct secpolicy_list drainq; 4637 struct secpolicy *sp, *nextsp; 4638 u_int dir; 4639 4640 LIST_INIT(&drainq); 4641 SPTREE_RLOCK(); 4642 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4643 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4644 if (sp->lifetime == 0 && sp->validtime == 0) 4645 continue; 4646 if ((sp->lifetime && 4647 now - sp->created > sp->lifetime) || 4648 (sp->validtime && 4649 now - sp->lastused > sp->validtime)) { 4650 /* Hold extra reference to send SPDEXPIRE */ 4651 SP_ADDREF(sp); 4652 LIST_INSERT_HEAD(&drainq, sp, drainq); 4653 } 4654 } 4655 } 4656 SPTREE_RUNLOCK(); 4657 if (LIST_EMPTY(&drainq)) 4658 return; 4659 4660 SPTREE_WLOCK(); 4661 sp = LIST_FIRST(&drainq); 4662 while (sp != NULL) { 4663 nextsp = LIST_NEXT(sp, drainq); 4664 /* Check that SP is still linked */ 4665 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4666 LIST_REMOVE(sp, drainq); 4667 key_freesp(&sp); /* release extra reference */ 4668 sp = nextsp; 4669 continue; 4670 } 4671 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4672 V_spd_size--; 4673 LIST_REMOVE(sp, idhash); 4674 sp->state = IPSEC_SPSTATE_DEAD; 4675 ipsec_accel_spddel(sp); 4676 sp = nextsp; 4677 } 4678 V_sp_genid++; 4679 SPTREE_WUNLOCK(); 4680 if (SPDCACHE_ENABLED()) 4681 spdcache_clear(); 4682 4683 sp = LIST_FIRST(&drainq); 4684 while (sp != NULL) { 4685 nextsp = LIST_NEXT(sp, drainq); 4686 key_spdexpire(sp); 4687 key_freesp(&sp); /* release extra reference */ 4688 key_freesp(&sp); /* release last reference */ 4689 sp = nextsp; 4690 } 4691 } 4692 4693 static void 4694 key_flush_sad(time_t now) 4695 { 4696 SAHTREE_RLOCK_TRACKER; 4697 struct secashead_list emptyq; 4698 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4699 struct secashead *sah, *nextsah; 4700 struct secasvar *sav, *nextsav; 4701 4702 SECASVAR_RLOCK_TRACKER; 4703 4704 LIST_INIT(&drainq); 4705 LIST_INIT(&hexpireq); 4706 LIST_INIT(&sexpireq); 4707 LIST_INIT(&emptyq); 4708 4709 SAHTREE_RLOCK(); 4710 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4711 /* Check for empty SAH */ 4712 if (TAILQ_EMPTY(&sah->savtree_larval) && 4713 TAILQ_EMPTY(&sah->savtree_alive)) { 4714 SAH_ADDREF(sah); 4715 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4716 continue; 4717 } 4718 /* Add all stale LARVAL SAs into drainq */ 4719 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4720 if (now - sav->created < V_key_larval_lifetime) 4721 continue; 4722 SAV_ADDREF(sav); 4723 LIST_INSERT_HEAD(&drainq, sav, drainq); 4724 } 4725 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4726 /* lifetimes aren't specified */ 4727 if (sav->lft_h == NULL) 4728 continue; 4729 SECASVAR_RLOCK(sav); 4730 /* 4731 * Check again with lock held, because it may 4732 * be updated by SADB_UPDATE. 4733 */ 4734 if (sav->lft_h == NULL) { 4735 SECASVAR_RUNLOCK(sav); 4736 continue; 4737 } 4738 /* 4739 * RFC 2367: 4740 * HARD lifetimes MUST take precedence over SOFT 4741 * lifetimes, meaning if the HARD and SOFT lifetimes 4742 * are the same, the HARD lifetime will appear on the 4743 * EXPIRE message. 4744 */ 4745 /* check HARD lifetime */ 4746 if ((sav->lft_h->addtime != 0 && 4747 now - sav->created > sav->lft_h->addtime) || 4748 (sav->lft_h->usetime != 0 && sav->firstused && 4749 now - sav->firstused > sav->lft_h->usetime) || 4750 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4751 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4752 SECASVAR_RUNLOCK(sav); 4753 SAV_ADDREF(sav); 4754 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4755 continue; 4756 } 4757 /* check SOFT lifetime (only for MATURE SAs) */ 4758 if (sav->state == SADB_SASTATE_MATURE && ( 4759 (sav->lft_s->addtime != 0 && 4760 now - sav->created > sav->lft_s->addtime) || 4761 (sav->lft_s->usetime != 0 && sav->firstused && 4762 now - sav->firstused > sav->lft_s->usetime) || 4763 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4764 sav->lft_c_bytes) > sav->lft_s->bytes) || 4765 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4766 (sav->replay != NULL) && ( 4767 (sav->replay->count > UINT32_80PCT) || 4768 (sav->replay->last > UINT32_80PCT))))) { 4769 SECASVAR_RUNLOCK(sav); 4770 SAV_ADDREF(sav); 4771 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4772 continue; 4773 } 4774 SECASVAR_RUNLOCK(sav); 4775 } 4776 } 4777 SAHTREE_RUNLOCK(); 4778 4779 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4780 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4781 return; 4782 4783 LIST_INIT(&freeq); 4784 SAHTREE_WLOCK(); 4785 /* Unlink stale LARVAL SAs */ 4786 sav = LIST_FIRST(&drainq); 4787 while (sav != NULL) { 4788 nextsav = LIST_NEXT(sav, drainq); 4789 /* Check that SA is still LARVAL */ 4790 if (sav->state != SADB_SASTATE_LARVAL) { 4791 LIST_REMOVE(sav, drainq); 4792 LIST_INSERT_HEAD(&freeq, sav, drainq); 4793 sav = nextsav; 4794 continue; 4795 } 4796 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4797 LIST_REMOVE(sav, spihash); 4798 sav->state = SADB_SASTATE_DEAD; 4799 ipsec_accel_forget_sav(sav); 4800 sav = nextsav; 4801 } 4802 /* Unlink all SAs with expired HARD lifetime */ 4803 sav = LIST_FIRST(&hexpireq); 4804 while (sav != NULL) { 4805 nextsav = LIST_NEXT(sav, drainq); 4806 /* Check that SA is not unlinked */ 4807 if (sav->state == SADB_SASTATE_DEAD) { 4808 LIST_REMOVE(sav, drainq); 4809 LIST_INSERT_HEAD(&freeq, sav, drainq); 4810 sav = nextsav; 4811 continue; 4812 } 4813 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4814 LIST_REMOVE(sav, spihash); 4815 sav->state = SADB_SASTATE_DEAD; 4816 ipsec_accel_forget_sav(sav); 4817 sav = nextsav; 4818 } 4819 /* Mark all SAs with expired SOFT lifetime as DYING */ 4820 sav = LIST_FIRST(&sexpireq); 4821 while (sav != NULL) { 4822 nextsav = LIST_NEXT(sav, drainq); 4823 /* Check that SA is not unlinked */ 4824 if (sav->state == SADB_SASTATE_DEAD) { 4825 LIST_REMOVE(sav, drainq); 4826 LIST_INSERT_HEAD(&freeq, sav, drainq); 4827 sav = nextsav; 4828 continue; 4829 } 4830 /* 4831 * NOTE: this doesn't change SA order in the chain. 4832 */ 4833 sav->state = SADB_SASTATE_DYING; 4834 sav = nextsav; 4835 } 4836 /* Unlink empty SAHs */ 4837 sah = LIST_FIRST(&emptyq); 4838 while (sah != NULL) { 4839 nextsah = LIST_NEXT(sah, drainq); 4840 /* Check that SAH is still empty and not unlinked */ 4841 if (sah->state == SADB_SASTATE_DEAD || 4842 !TAILQ_EMPTY(&sah->savtree_larval) || 4843 !TAILQ_EMPTY(&sah->savtree_alive)) { 4844 LIST_REMOVE(sah, drainq); 4845 key_freesah(&sah); /* release extra reference */ 4846 sah = nextsah; 4847 continue; 4848 } 4849 TAILQ_REMOVE(&V_sahtree, sah, chain); 4850 LIST_REMOVE(sah, addrhash); 4851 sah->state = SADB_SASTATE_DEAD; 4852 sah = nextsah; 4853 } 4854 SAHTREE_WUNLOCK(); 4855 4856 /* Send SPDEXPIRE messages */ 4857 sav = LIST_FIRST(&hexpireq); 4858 while (sav != NULL) { 4859 nextsav = LIST_NEXT(sav, drainq); 4860 key_expire(sav, 1); 4861 key_freesah(&sav->sah); /* release reference from SAV */ 4862 key_freesav(&sav); /* release extra reference */ 4863 key_freesav(&sav); /* release last reference */ 4864 sav = nextsav; 4865 } 4866 sav = LIST_FIRST(&sexpireq); 4867 while (sav != NULL) { 4868 nextsav = LIST_NEXT(sav, drainq); 4869 key_expire(sav, 0); 4870 key_freesav(&sav); /* release extra reference */ 4871 sav = nextsav; 4872 } 4873 /* Free stale LARVAL SAs */ 4874 sav = LIST_FIRST(&drainq); 4875 while (sav != NULL) { 4876 nextsav = LIST_NEXT(sav, drainq); 4877 key_freesah(&sav->sah); /* release reference from SAV */ 4878 key_freesav(&sav); /* release extra reference */ 4879 key_freesav(&sav); /* release last reference */ 4880 sav = nextsav; 4881 } 4882 /* Free SAs that were unlinked/changed by someone else */ 4883 sav = LIST_FIRST(&freeq); 4884 while (sav != NULL) { 4885 nextsav = LIST_NEXT(sav, drainq); 4886 key_freesav(&sav); /* release extra reference */ 4887 sav = nextsav; 4888 } 4889 /* Free empty SAH */ 4890 sah = LIST_FIRST(&emptyq); 4891 while (sah != NULL) { 4892 nextsah = LIST_NEXT(sah, drainq); 4893 key_freesah(&sah); /* release extra reference */ 4894 key_freesah(&sah); /* release last reference */ 4895 sah = nextsah; 4896 } 4897 } 4898 4899 static void 4900 key_flush_acq(time_t now) 4901 { 4902 struct secacq *acq, *nextacq; 4903 4904 /* ACQ tree */ 4905 ACQ_LOCK(); 4906 acq = LIST_FIRST(&V_acqtree); 4907 while (acq != NULL) { 4908 nextacq = LIST_NEXT(acq, chain); 4909 if (now - acq->created > V_key_blockacq_lifetime) { 4910 LIST_REMOVE(acq, chain); 4911 LIST_REMOVE(acq, addrhash); 4912 LIST_REMOVE(acq, seqhash); 4913 free(acq, M_IPSEC_SAQ); 4914 } 4915 acq = nextacq; 4916 } 4917 ACQ_UNLOCK(); 4918 } 4919 4920 static void 4921 key_flush_spacq(time_t now) 4922 { 4923 struct secspacq *acq, *nextacq; 4924 4925 /* SP ACQ tree */ 4926 SPACQ_LOCK(); 4927 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4928 nextacq = LIST_NEXT(acq, chain); 4929 if (now - acq->created > V_key_blockacq_lifetime 4930 && __LIST_CHAINED(acq)) { 4931 LIST_REMOVE(acq, chain); 4932 free(acq, M_IPSEC_SAQ); 4933 } 4934 } 4935 SPACQ_UNLOCK(); 4936 } 4937 4938 /* 4939 * time handler. 4940 * scanning SPD and SAD to check status for each entries, 4941 * and do to remove or to expire. 4942 * XXX: year 2038 problem may remain. 4943 */ 4944 static void 4945 key_timehandler(void *arg) 4946 { 4947 VNET_ITERATOR_DECL(vnet_iter); 4948 time_t now = time_second; 4949 4950 VNET_LIST_RLOCK_NOSLEEP(); 4951 VNET_FOREACH(vnet_iter) { 4952 CURVNET_SET(vnet_iter); 4953 key_flush_spd(now); 4954 key_flush_sad(now); 4955 key_flush_acq(now); 4956 key_flush_spacq(now); 4957 CURVNET_RESTORE(); 4958 } 4959 VNET_LIST_RUNLOCK_NOSLEEP(); 4960 4961 #ifndef IPSEC_DEBUG2 4962 /* do exchange to tick time !! */ 4963 callout_schedule(&key_timer, hz); 4964 #endif /* IPSEC_DEBUG2 */ 4965 } 4966 4967 u_long 4968 key_random(void) 4969 { 4970 u_long value; 4971 4972 arc4random_buf(&value, sizeof(value)); 4973 return value; 4974 } 4975 4976 /* 4977 * map SADB_SATYPE_* to IPPROTO_*. 4978 * if satype == SADB_SATYPE then satype is mapped to ~0. 4979 * OUT: 4980 * 0: invalid satype. 4981 */ 4982 static uint8_t 4983 key_satype2proto(uint8_t satype) 4984 { 4985 switch (satype) { 4986 case SADB_SATYPE_UNSPEC: 4987 return IPSEC_PROTO_ANY; 4988 case SADB_SATYPE_AH: 4989 return IPPROTO_AH; 4990 case SADB_SATYPE_ESP: 4991 return IPPROTO_ESP; 4992 case SADB_X_SATYPE_IPCOMP: 4993 return IPPROTO_IPCOMP; 4994 case SADB_X_SATYPE_TCPSIGNATURE: 4995 return IPPROTO_TCP; 4996 default: 4997 return 0; 4998 } 4999 /* NOTREACHED */ 5000 } 5001 5002 /* 5003 * map IPPROTO_* to SADB_SATYPE_* 5004 * OUT: 5005 * 0: invalid protocol type. 5006 */ 5007 static uint8_t 5008 key_proto2satype(uint8_t proto) 5009 { 5010 switch (proto) { 5011 case IPPROTO_AH: 5012 return SADB_SATYPE_AH; 5013 case IPPROTO_ESP: 5014 return SADB_SATYPE_ESP; 5015 case IPPROTO_IPCOMP: 5016 return SADB_X_SATYPE_IPCOMP; 5017 case IPPROTO_TCP: 5018 return SADB_X_SATYPE_TCPSIGNATURE; 5019 default: 5020 return 0; 5021 } 5022 /* NOTREACHED */ 5023 } 5024 5025 /* %%% PF_KEY */ 5026 /* 5027 * SADB_GETSPI processing is to receive 5028 * <base, (SA2), src address, dst address, (SPI range)> 5029 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 5030 * tree with the status of LARVAL, and send 5031 * <base, SA(*), address(SD)> 5032 * to the IKMPd. 5033 * 5034 * IN: mhp: pointer to the pointer to each header. 5035 * OUT: NULL if fail. 5036 * other if success, return pointer to the message to send. 5037 */ 5038 static int 5039 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5040 { 5041 struct secasindex saidx; 5042 struct sadb_address *src0, *dst0; 5043 struct secasvar *sav; 5044 uint32_t reqid, spi; 5045 int error; 5046 uint8_t mode, proto; 5047 5048 IPSEC_ASSERT(so != NULL, ("null socket")); 5049 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5050 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5051 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5052 5053 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5054 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 5055 #ifdef PFKEY_STRICT_CHECKS 5056 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 5057 #endif 5058 ) { 5059 ipseclog((LOG_DEBUG, 5060 "%s: invalid message: missing required header.\n", 5061 __func__)); 5062 error = EINVAL; 5063 goto fail; 5064 } 5065 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5066 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 5067 #ifdef PFKEY_STRICT_CHECKS 5068 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 5069 #endif 5070 ) { 5071 ipseclog((LOG_DEBUG, 5072 "%s: invalid message: wrong header size.\n", __func__)); 5073 error = EINVAL; 5074 goto fail; 5075 } 5076 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5077 mode = IPSEC_MODE_ANY; 5078 reqid = 0; 5079 } else { 5080 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5081 ipseclog((LOG_DEBUG, 5082 "%s: invalid message: wrong header size.\n", 5083 __func__)); 5084 error = EINVAL; 5085 goto fail; 5086 } 5087 mode = ((struct sadb_x_sa2 *) 5088 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5089 reqid = ((struct sadb_x_sa2 *) 5090 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5091 } 5092 5093 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5094 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5095 5096 /* map satype to proto */ 5097 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5098 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5099 __func__)); 5100 error = EINVAL; 5101 goto fail; 5102 } 5103 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5104 (struct sockaddr *)(dst0 + 1)); 5105 if (error != 0) { 5106 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5107 error = EINVAL; 5108 goto fail; 5109 } 5110 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5111 5112 /* SPI allocation */ 5113 SPI_ALLOC_LOCK(); 5114 spi = key_do_getnewspi( 5115 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 5116 if (spi == 0) { 5117 /* 5118 * Requested SPI or SPI range is not available or 5119 * already used. 5120 */ 5121 SPI_ALLOC_UNLOCK(); 5122 error = EEXIST; 5123 goto fail; 5124 } 5125 sav = key_newsav(mhp, &saidx, spi, &error); 5126 SPI_ALLOC_UNLOCK(); 5127 if (sav == NULL) 5128 goto fail; 5129 5130 if (sav->seq != 0) { 5131 /* 5132 * RFC2367: 5133 * If the SADB_GETSPI message is in response to a 5134 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 5135 * MUST be the same as the SADB_ACQUIRE message. 5136 * 5137 * XXXAE: However it doesn't definethe behaviour how to 5138 * check this and what to do if it doesn't match. 5139 * Also what we should do if it matches? 5140 * 5141 * We can compare saidx used in SADB_ACQUIRE with saidx 5142 * used in SADB_GETSPI, but this probably can break 5143 * existing software. For now just warn if it doesn't match. 5144 * 5145 * XXXAE: anyway it looks useless. 5146 */ 5147 key_acqdone(&saidx, sav->seq); 5148 } 5149 KEYDBG(KEY_STAMP, 5150 printf("%s: SA(%p)\n", __func__, sav)); 5151 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5152 5153 { 5154 struct mbuf *n, *nn; 5155 struct sadb_sa *m_sa; 5156 struct sadb_msg *newmsg; 5157 int off, len; 5158 5159 /* create new sadb_msg to reply. */ 5160 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5161 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5162 5163 n = key_mget(len); 5164 if (n == NULL) { 5165 error = ENOBUFS; 5166 goto fail; 5167 } 5168 5169 n->m_len = len; 5170 n->m_next = NULL; 5171 off = 0; 5172 5173 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 5174 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5175 5176 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 5177 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5178 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5179 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 5180 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5181 5182 IPSEC_ASSERT(off == len, 5183 ("length inconsistency (off %u len %u)", off, len)); 5184 5185 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5186 SADB_EXT_ADDRESS_DST); 5187 if (!n->m_next) { 5188 m_freem(n); 5189 error = ENOBUFS; 5190 goto fail; 5191 } 5192 5193 if (n->m_len < sizeof(struct sadb_msg)) { 5194 n = m_pullup(n, sizeof(struct sadb_msg)); 5195 if (n == NULL) 5196 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5197 } 5198 5199 n->m_pkthdr.len = 0; 5200 for (nn = n; nn; nn = nn->m_next) 5201 n->m_pkthdr.len += nn->m_len; 5202 5203 newmsg = mtod(n, struct sadb_msg *); 5204 newmsg->sadb_msg_seq = sav->seq; 5205 newmsg->sadb_msg_errno = 0; 5206 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5207 5208 m_freem(m); 5209 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5210 } 5211 5212 fail: 5213 return (key_senderror(so, m, error)); 5214 } 5215 5216 /* 5217 * allocating new SPI 5218 * called by key_getspi(). 5219 * OUT: 5220 * 0: failure. 5221 * others: success, SPI in network byte order. 5222 */ 5223 static uint32_t 5224 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5225 { 5226 uint32_t min, max, newspi, t; 5227 int tries, limit; 5228 5229 SPI_ALLOC_LOCK_ASSERT(); 5230 5231 /* set spi range to allocate */ 5232 if (spirange != NULL) { 5233 min = spirange->sadb_spirange_min; 5234 max = spirange->sadb_spirange_max; 5235 } else { 5236 min = V_key_spi_minval; 5237 max = V_key_spi_maxval; 5238 } 5239 /* IPCOMP needs 2-byte SPI */ 5240 if (saidx->proto == IPPROTO_IPCOMP) { 5241 if (min >= 0x10000) 5242 min = 0xffff; 5243 if (max >= 0x10000) 5244 max = 0xffff; 5245 if (min > max) { 5246 t = min; min = max; max = t; 5247 } 5248 } 5249 5250 if (min == max) { 5251 if (key_checkspidup(htonl(min))) { 5252 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5253 __func__, min)); 5254 return 0; 5255 } 5256 5257 tries = 1; 5258 newspi = min; 5259 } else { 5260 /* init SPI */ 5261 newspi = 0; 5262 5263 limit = atomic_load_int(&V_key_spi_trycnt); 5264 /* when requesting to allocate spi ranged */ 5265 for (tries = 0; tries < limit; tries++) { 5266 /* generate pseudo-random SPI value ranged. */ 5267 newspi = min + (key_random() % (max - min + 1)); 5268 if (!key_checkspidup(htonl(newspi))) 5269 break; 5270 } 5271 5272 if (tries == limit || newspi == 0) { 5273 ipseclog((LOG_DEBUG, 5274 "%s: failed to allocate SPI.\n", __func__)); 5275 return 0; 5276 } 5277 } 5278 5279 /* statistics */ 5280 keystat.getspi_count = 5281 (keystat.getspi_count + tries) / 2; 5282 5283 return (htonl(newspi)); 5284 } 5285 5286 /* 5287 * Find TCP-MD5 SA with corresponding secasindex. 5288 * If not found, return NULL and fill SPI with usable value if needed. 5289 */ 5290 static struct secasvar * 5291 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5292 { 5293 SAHTREE_RLOCK_TRACKER; 5294 struct secashead *sah; 5295 struct secasvar *sav; 5296 5297 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5298 SAHTREE_RLOCK(); 5299 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5300 if (sah->saidx.proto != IPPROTO_TCP) 5301 continue; 5302 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5303 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5304 break; 5305 } 5306 if (sah != NULL) { 5307 if (V_key_preferred_oldsa) 5308 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5309 else 5310 sav = TAILQ_FIRST(&sah->savtree_alive); 5311 if (sav != NULL) { 5312 SAV_ADDREF(sav); 5313 SAHTREE_RUNLOCK(); 5314 return (sav); 5315 } 5316 } 5317 if (spi == NULL) { 5318 /* No SPI required */ 5319 SAHTREE_RUNLOCK(); 5320 return (NULL); 5321 } 5322 /* Check that SPI is unique */ 5323 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5324 if (sav->spi == *spi) 5325 break; 5326 } 5327 if (sav == NULL) { 5328 SAHTREE_RUNLOCK(); 5329 /* SPI is already unique */ 5330 return (NULL); 5331 } 5332 SAHTREE_RUNLOCK(); 5333 /* XXX: not optimal */ 5334 *spi = key_do_getnewspi(NULL, saidx); 5335 return (NULL); 5336 } 5337 5338 static int 5339 key_updateaddresses(struct socket *so, struct mbuf *m, 5340 const struct sadb_msghdr *mhp, struct secasvar *sav, 5341 struct secasindex *saidx) 5342 { 5343 struct sockaddr *newaddr; 5344 struct secashead *sah; 5345 struct secasvar *newsav, *tmp; 5346 struct mbuf *n; 5347 int error, isnew; 5348 5349 /* Check that we need to change SAH */ 5350 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5351 newaddr = (struct sockaddr *)( 5352 ((struct sadb_address *) 5353 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5354 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5355 key_porttosaddr(&saidx->src.sa, 0); 5356 } 5357 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5358 newaddr = (struct sockaddr *)( 5359 ((struct sadb_address *) 5360 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5361 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5362 key_porttosaddr(&saidx->dst.sa, 0); 5363 } 5364 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5365 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5366 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5367 if (error != 0) { 5368 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5369 __func__)); 5370 return (error); 5371 } 5372 5373 sah = key_getsah(saidx); 5374 if (sah == NULL) { 5375 /* create a new SA index */ 5376 sah = key_newsah(saidx); 5377 if (sah == NULL) { 5378 ipseclog((LOG_DEBUG, 5379 "%s: No more memory.\n", __func__)); 5380 return (ENOBUFS); 5381 } 5382 isnew = 2; /* SAH is new */ 5383 } else 5384 isnew = 1; /* existing SAH is referenced */ 5385 } else { 5386 /* 5387 * src and dst addresses are still the same. 5388 * Do we want to change NAT-T config? 5389 */ 5390 if (sav->sah->saidx.proto != IPPROTO_ESP || 5391 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5392 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5393 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5394 ipseclog((LOG_DEBUG, 5395 "%s: invalid message: missing required header.\n", 5396 __func__)); 5397 return (EINVAL); 5398 } 5399 /* We hold reference to SA, thus SAH will be referenced too. */ 5400 sah = sav->sah; 5401 isnew = 0; 5402 } 5403 5404 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5405 M_NOWAIT | M_ZERO); 5406 if (newsav == NULL) { 5407 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5408 error = ENOBUFS; 5409 goto fail; 5410 } 5411 5412 /* Clone SA's content into newsav */ 5413 SAV_INITREF(newsav); 5414 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5415 #ifdef IPSEC_OFFLOAD 5416 CK_LIST_INIT(&newsav->accel_ifps); 5417 newsav->accel_forget_tq = 0; 5418 newsav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone, 5419 M_NOWAIT | M_ZERO); 5420 if (newsav->accel_lft_sw == NULL) { 5421 error = ENOBUFS; 5422 goto fail; 5423 } 5424 if (sav->accel_ifname != NULL) { 5425 struct sadb_x_if_hw_offl xof; 5426 5427 newsav->accel_ifname = malloc(sizeof(xof.sadb_x_if_hw_offl_if), 5428 M_IPSEC_MISC, M_NOWAIT); 5429 if (newsav->accel_ifname == NULL) { 5430 error = ENOBUFS; 5431 goto fail; 5432 } 5433 strncpy(__DECONST(char *, sav->accel_ifname), 5434 newsav->accel_ifname, 5435 sizeof(xof.sadb_x_if_hw_offl_if)); 5436 } 5437 #endif 5438 5439 /* 5440 * We create new NAT-T config if it is needed. 5441 * Old NAT-T config will be freed by key_cleansav() when 5442 * last reference to SA will be released. 5443 */ 5444 newsav->natt = NULL; 5445 newsav->sah = sah; 5446 newsav->state = SADB_SASTATE_MATURE; 5447 error = key_setnatt(newsav, mhp); 5448 if (error != 0) 5449 goto fail; 5450 5451 SAHTREE_WLOCK(); 5452 /* Check that SA is still alive */ 5453 if (sav->state == SADB_SASTATE_DEAD) { 5454 /* SA was unlinked */ 5455 SAHTREE_WUNLOCK(); 5456 error = ESRCH; 5457 goto fail; 5458 } 5459 5460 /* Unlink SA from SAH and SPI hash */ 5461 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5462 ("SA is already cloned")); 5463 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5464 sav->state == SADB_SASTATE_DYING, 5465 ("Wrong SA state %u\n", sav->state)); 5466 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5467 LIST_REMOVE(sav, spihash); 5468 sav->state = SADB_SASTATE_DEAD; 5469 ipsec_accel_forget_sav(sav); 5470 5471 /* 5472 * Link new SA with SAH. Keep SAs ordered by 5473 * create time (newer are first). 5474 */ 5475 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5476 if (newsav->created > tmp->created) { 5477 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5478 break; 5479 } 5480 } 5481 if (tmp == NULL) 5482 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5483 5484 /* Add new SA into SPI hash. */ 5485 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5486 5487 /* Add new SAH into SADB. */ 5488 if (isnew == 2) { 5489 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5490 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5491 sah->state = SADB_SASTATE_MATURE; 5492 SAH_ADDREF(sah); /* newsav references new SAH */ 5493 } 5494 /* 5495 * isnew == 1 -> @sah was referenced by key_getsah(). 5496 * isnew == 0 -> we use the same @sah, that was used by @sav, 5497 * and we use its reference for @newsav. 5498 */ 5499 SECASVAR_WLOCK(sav); 5500 /* XXX: replace cntr with pointer? */ 5501 newsav->cntr = sav->cntr; 5502 sav->flags |= SADB_X_EXT_F_CLONED; 5503 SECASVAR_WUNLOCK(sav); 5504 5505 SAHTREE_WUNLOCK(); 5506 5507 KEYDBG(KEY_STAMP, 5508 printf("%s: SA(%p) cloned into SA(%p)\n", 5509 __func__, sav, newsav)); 5510 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5511 5512 key_freesav(&sav); /* release last reference */ 5513 5514 /* set msg buf from mhp */ 5515 n = key_getmsgbuf_x1(m, mhp); 5516 if (n == NULL) { 5517 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5518 return (ENOBUFS); 5519 } 5520 m_freem(m); 5521 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5522 return (0); 5523 fail: 5524 if (isnew != 0) 5525 key_freesah(&sah); 5526 if (newsav != NULL) { 5527 #ifdef IPSEC_OFFLOAD 5528 uma_zfree_pcpu(ipsec_key_lft_zone, newsav->accel_lft_sw); 5529 free(__DECONST(char *, newsav->accel_ifname), M_IPSEC_MISC); 5530 #endif 5531 if (newsav->natt != NULL) 5532 free(newsav->natt, M_IPSEC_MISC); 5533 free(newsav, M_IPSEC_SA); 5534 } 5535 return (error); 5536 } 5537 5538 /* 5539 * SADB_UPDATE processing 5540 * receive 5541 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5542 * key(AE), (identity(SD),) (sensitivity)> 5543 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5544 * and send 5545 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5546 * (identity(SD),) (sensitivity)> 5547 * to the ikmpd. 5548 * 5549 * m will always be freed. 5550 */ 5551 static int 5552 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5553 { 5554 struct secasindex saidx; 5555 struct sadb_address *src0, *dst0; 5556 struct sadb_sa *sa0; 5557 struct secasvar *sav; 5558 uint32_t reqid; 5559 int error; 5560 uint8_t mode, proto; 5561 5562 IPSEC_ASSERT(so != NULL, ("null socket")); 5563 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5564 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5565 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5566 5567 /* map satype to proto */ 5568 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5569 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5570 __func__)); 5571 return key_senderror(so, m, EINVAL); 5572 } 5573 5574 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5575 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5576 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5577 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5578 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5579 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5580 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5581 ipseclog((LOG_DEBUG, 5582 "%s: invalid message: missing required header.\n", 5583 __func__)); 5584 return key_senderror(so, m, EINVAL); 5585 } 5586 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5587 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5588 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5589 ipseclog((LOG_DEBUG, 5590 "%s: invalid message: wrong header size.\n", __func__)); 5591 return key_senderror(so, m, EINVAL); 5592 } 5593 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5594 mode = IPSEC_MODE_ANY; 5595 reqid = 0; 5596 } else { 5597 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5598 ipseclog((LOG_DEBUG, 5599 "%s: invalid message: wrong header size.\n", 5600 __func__)); 5601 return key_senderror(so, m, EINVAL); 5602 } 5603 mode = ((struct sadb_x_sa2 *) 5604 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5605 reqid = ((struct sadb_x_sa2 *) 5606 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5607 } 5608 5609 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5610 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5611 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5612 5613 /* 5614 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5615 * SADB_UPDATE message. 5616 */ 5617 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5618 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5619 #ifdef PFKEY_STRICT_CHECKS 5620 return key_senderror(so, m, EINVAL); 5621 #endif 5622 } 5623 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5624 (struct sockaddr *)(dst0 + 1)); 5625 if (error != 0) { 5626 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5627 return key_senderror(so, m, error); 5628 } 5629 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5630 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5631 if (sav == NULL) { 5632 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5633 __func__, ntohl(sa0->sadb_sa_spi))); 5634 return key_senderror(so, m, EINVAL); 5635 } 5636 /* 5637 * Check that SADB_UPDATE issued by the same process that did 5638 * SADB_GETSPI or SADB_ADD. 5639 */ 5640 if (sav->pid != mhp->msg->sadb_msg_pid) { 5641 ipseclog((LOG_DEBUG, 5642 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5643 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5644 key_freesav(&sav); 5645 return key_senderror(so, m, EINVAL); 5646 } 5647 /* saidx should match with SA. */ 5648 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5649 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5650 __func__, ntohl(sav->spi))); 5651 key_freesav(&sav); 5652 return key_senderror(so, m, ESRCH); 5653 } 5654 5655 if (sav->state == SADB_SASTATE_LARVAL) { 5656 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5657 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5658 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5659 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5660 ipseclog((LOG_DEBUG, 5661 "%s: invalid message: missing required header.\n", 5662 __func__)); 5663 key_freesav(&sav); 5664 return key_senderror(so, m, EINVAL); 5665 } 5666 /* 5667 * We can set any values except src, dst and SPI. 5668 */ 5669 error = key_setsaval(sav, mhp); 5670 if (error != 0) { 5671 key_freesav(&sav); 5672 return (key_senderror(so, m, error)); 5673 } 5674 /* Change SA state to MATURE */ 5675 SAHTREE_WLOCK(); 5676 if (sav->state != SADB_SASTATE_LARVAL) { 5677 /* SA was deleted or another thread made it MATURE. */ 5678 SAHTREE_WUNLOCK(); 5679 key_freesav(&sav); 5680 return (key_senderror(so, m, ESRCH)); 5681 } 5682 /* 5683 * NOTE: we keep SAs in savtree_alive ordered by created 5684 * time. When SA's state changed from LARVAL to MATURE, 5685 * we update its created time in key_setsaval() and move 5686 * it into head of savtree_alive. 5687 */ 5688 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5689 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5690 sav->state = SADB_SASTATE_MATURE; 5691 SAHTREE_WUNLOCK(); 5692 } else { 5693 /* 5694 * For DYING and MATURE SA we can change only state 5695 * and lifetimes. Report EINVAL if something else attempted 5696 * to change. 5697 */ 5698 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5699 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5700 key_freesav(&sav); 5701 return (key_senderror(so, m, EINVAL)); 5702 } 5703 error = key_updatelifetimes(sav, mhp); 5704 if (error != 0) { 5705 key_freesav(&sav); 5706 return (key_senderror(so, m, error)); 5707 } 5708 /* 5709 * This is FreeBSD extension to RFC2367. 5710 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5711 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5712 * SA addresses (for example to implement MOBIKE protocol 5713 * as described in RFC4555). Also we allow to change 5714 * NAT-T config. 5715 */ 5716 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5717 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5718 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5719 sav->natt != NULL) { 5720 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5721 key_freesav(&sav); 5722 if (error != 0) 5723 return (key_senderror(so, m, error)); 5724 return (0); 5725 } 5726 /* Check that SA is still alive */ 5727 SAHTREE_WLOCK(); 5728 if (sav->state == SADB_SASTATE_DEAD) { 5729 /* SA was unlinked */ 5730 SAHTREE_WUNLOCK(); 5731 key_freesav(&sav); 5732 return (key_senderror(so, m, ESRCH)); 5733 } 5734 /* 5735 * NOTE: there is possible state moving from DYING to MATURE, 5736 * but this doesn't change created time, so we won't reorder 5737 * this SA. 5738 */ 5739 sav->state = SADB_SASTATE_MATURE; 5740 SAHTREE_WUNLOCK(); 5741 } 5742 KEYDBG(KEY_STAMP, 5743 printf("%s: SA(%p)\n", __func__, sav)); 5744 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5745 ipsec_accel_sa_newkey(sav); 5746 key_freesav(&sav); 5747 5748 { 5749 struct mbuf *n; 5750 5751 /* set msg buf from mhp */ 5752 n = key_getmsgbuf_x1(m, mhp); 5753 if (n == NULL) { 5754 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5755 return key_senderror(so, m, ENOBUFS); 5756 } 5757 5758 m_freem(m); 5759 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5760 } 5761 } 5762 5763 /* 5764 * SADB_ADD processing 5765 * add an entry to SA database, when received 5766 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5767 * key(AE), (identity(SD),) (sensitivity)> 5768 * from the ikmpd, 5769 * and send 5770 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5771 * (identity(SD),) (sensitivity)> 5772 * to the ikmpd. 5773 * 5774 * IGNORE identity and sensitivity messages. 5775 * 5776 * m will always be freed. 5777 */ 5778 static int 5779 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5780 { 5781 struct secasindex saidx; 5782 struct sadb_address *src0, *dst0; 5783 struct sadb_sa *sa0; 5784 struct secasvar *sav; 5785 uint32_t reqid, spi; 5786 uint8_t mode, proto; 5787 int error; 5788 5789 IPSEC_ASSERT(so != NULL, ("null socket")); 5790 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5791 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5792 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5793 5794 /* map satype to proto */ 5795 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5796 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5797 __func__)); 5798 return key_senderror(so, m, EINVAL); 5799 } 5800 5801 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5802 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5803 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5804 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5805 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5806 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5807 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5808 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5809 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5810 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5811 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5812 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5813 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5814 ipseclog((LOG_DEBUG, 5815 "%s: invalid message: missing required header.\n", 5816 __func__)); 5817 return key_senderror(so, m, EINVAL); 5818 } 5819 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5820 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5821 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5822 ipseclog((LOG_DEBUG, 5823 "%s: invalid message: wrong header size.\n", __func__)); 5824 return key_senderror(so, m, EINVAL); 5825 } 5826 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5827 mode = IPSEC_MODE_ANY; 5828 reqid = 0; 5829 } else { 5830 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5831 ipseclog((LOG_DEBUG, 5832 "%s: invalid message: wrong header size.\n", 5833 __func__)); 5834 return key_senderror(so, m, EINVAL); 5835 } 5836 mode = ((struct sadb_x_sa2 *) 5837 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5838 reqid = ((struct sadb_x_sa2 *) 5839 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5840 } 5841 5842 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5843 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5844 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5845 5846 /* 5847 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5848 * SADB_ADD message. 5849 */ 5850 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5851 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5852 #ifdef PFKEY_STRICT_CHECKS 5853 return key_senderror(so, m, EINVAL); 5854 #endif 5855 } 5856 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5857 (struct sockaddr *)(dst0 + 1)); 5858 if (error != 0) { 5859 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5860 return key_senderror(so, m, error); 5861 } 5862 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5863 spi = sa0->sadb_sa_spi; 5864 /* 5865 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5866 * secasindex. 5867 * XXXAE: IPComp seems also doesn't use SPI. 5868 */ 5869 SPI_ALLOC_LOCK(); 5870 if (proto == IPPROTO_TCP) { 5871 sav = key_getsav_tcpmd5(&saidx, &spi); 5872 if (sav == NULL && spi == 0) { 5873 SPI_ALLOC_UNLOCK(); 5874 /* Failed to allocate SPI */ 5875 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5876 __func__)); 5877 return key_senderror(so, m, EEXIST); 5878 } 5879 /* XXX: SPI that we report back can have another value */ 5880 } else { 5881 /* We can create new SA only if SPI is different. */ 5882 sav = key_getsavbyspi(spi); 5883 } 5884 if (sav != NULL) { 5885 SPI_ALLOC_UNLOCK(); 5886 key_freesav(&sav); 5887 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5888 return key_senderror(so, m, EEXIST); 5889 } 5890 5891 sav = key_newsav(mhp, &saidx, spi, &error); 5892 SPI_ALLOC_UNLOCK(); 5893 if (sav == NULL) 5894 return key_senderror(so, m, error); 5895 KEYDBG(KEY_STAMP, 5896 printf("%s: return SA(%p)\n", __func__, sav)); 5897 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5898 ipsec_accel_sa_newkey(sav); 5899 /* 5900 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5901 * ACQ for deletion. 5902 */ 5903 if (sav->seq != 0) 5904 key_acqdone(&saidx, sav->seq); 5905 5906 { 5907 /* 5908 * Don't call key_freesav() on error here, as we would like to 5909 * keep the SA in the database. 5910 */ 5911 struct mbuf *n; 5912 5913 /* set msg buf from mhp */ 5914 n = key_getmsgbuf_x1(m, mhp); 5915 if (n == NULL) { 5916 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5917 return key_senderror(so, m, ENOBUFS); 5918 } 5919 5920 m_freem(m); 5921 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5922 } 5923 } 5924 5925 /* 5926 * NAT-T support. 5927 * IKEd may request the use ESP in UDP encapsulation when it detects the 5928 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5929 * parameters needed for encapsulation and decapsulation. These PF_KEY 5930 * extension headers are not standardized, so this comment addresses our 5931 * implementation. 5932 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5933 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5934 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5935 * UDP header. We use these ports in UDP encapsulation procedure, also we 5936 * can check them in UDP decapsulation procedure. 5937 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5938 * responder. These addresses can be used for transport mode to adjust 5939 * checksum after decapsulation and decryption. Since original IP addresses 5940 * used by peer usually different (we detected presence of NAT), TCP/UDP 5941 * pseudo header checksum and IP header checksum was calculated using original 5942 * addresses. After decapsulation and decryption we need to adjust checksum 5943 * to have correct datagram. 5944 * 5945 * We expect presence of NAT-T extension headers only in SADB_ADD and 5946 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5947 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5948 */ 5949 static int 5950 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5951 { 5952 struct sadb_x_nat_t_port *port; 5953 struct sadb_x_nat_t_type *type; 5954 struct sadb_address *oai, *oar; 5955 struct sockaddr *sa; 5956 uint32_t addr; 5957 uint16_t cksum; 5958 int i; 5959 5960 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5961 /* 5962 * Ignore NAT-T headers if sproto isn't ESP. 5963 */ 5964 if (sav->sah->saidx.proto != IPPROTO_ESP) 5965 return (0); 5966 5967 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5968 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5969 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5970 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5971 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5972 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5973 ipseclog((LOG_DEBUG, 5974 "%s: invalid message: wrong header size.\n", 5975 __func__)); 5976 return (EINVAL); 5977 } 5978 } else 5979 return (0); 5980 5981 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5982 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5983 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5984 __func__, type->sadb_x_nat_t_type_type)); 5985 return (EINVAL); 5986 } 5987 /* 5988 * Allocate storage for NAT-T config. 5989 * On error it will be released by key_cleansav(). 5990 */ 5991 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5992 M_NOWAIT | M_ZERO); 5993 if (sav->natt == NULL) { 5994 PFKEYSTAT_INC(in_nomem); 5995 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5996 return (ENOBUFS); 5997 } 5998 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5999 if (port->sadb_x_nat_t_port_port == 0) { 6000 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 6001 __func__)); 6002 return (EINVAL); 6003 } 6004 sav->natt->sport = port->sadb_x_nat_t_port_port; 6005 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 6006 if (port->sadb_x_nat_t_port_port == 0) { 6007 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 6008 __func__)); 6009 return (EINVAL); 6010 } 6011 sav->natt->dport = port->sadb_x_nat_t_port_port; 6012 6013 /* 6014 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 6015 * and needed only for transport mode IPsec. 6016 * Usually NAT translates only one address, but it is possible, 6017 * that both addresses could be translated. 6018 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 6019 */ 6020 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 6021 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 6022 ipseclog((LOG_DEBUG, 6023 "%s: invalid message: wrong header size.\n", 6024 __func__)); 6025 return (EINVAL); 6026 } 6027 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 6028 } else 6029 oai = NULL; 6030 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 6031 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 6032 ipseclog((LOG_DEBUG, 6033 "%s: invalid message: wrong header size.\n", 6034 __func__)); 6035 return (EINVAL); 6036 } 6037 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 6038 } else 6039 oar = NULL; 6040 6041 /* Initialize addresses only for transport mode */ 6042 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 6043 cksum = 0; 6044 if (oai != NULL) { 6045 sa = (struct sockaddr *)(oai + 1); 6046 switch (sa->sa_family) { 6047 #ifdef AF_INET 6048 case AF_INET: 6049 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6050 ipseclog((LOG_DEBUG, 6051 "%s: wrong NAT-OAi header.\n", 6052 __func__)); 6053 return (EINVAL); 6054 } 6055 /* Ignore address if it the same */ 6056 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 6057 sav->sah->saidx.src.sin.sin_addr.s_addr) { 6058 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 6059 sav->natt->flags |= IPSEC_NATT_F_OAI; 6060 /* Calculate checksum delta */ 6061 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 6062 cksum = in_addword(cksum, ~addr >> 16); 6063 cksum = in_addword(cksum, ~addr & 0xffff); 6064 addr = sav->natt->oai.sin.sin_addr.s_addr; 6065 cksum = in_addword(cksum, addr >> 16); 6066 cksum = in_addword(cksum, addr & 0xffff); 6067 } 6068 break; 6069 #endif 6070 #ifdef AF_INET6 6071 case AF_INET6: 6072 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6073 ipseclog((LOG_DEBUG, 6074 "%s: wrong NAT-OAi header.\n", 6075 __func__)); 6076 return (EINVAL); 6077 } 6078 /* Ignore address if it the same */ 6079 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr, 6080 &sav->sah->saidx.src.sin6.sin6_addr.s6_addr, 6081 sizeof(struct in6_addr)) != 0) { 6082 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 6083 sav->natt->flags |= IPSEC_NATT_F_OAI; 6084 /* Calculate checksum delta */ 6085 for (i = 0; i < 8; i++) { 6086 cksum = in_addword(cksum, 6087 ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]); 6088 cksum = in_addword(cksum, 6089 sav->natt->oai.sin6.sin6_addr.s6_addr16[i]); 6090 } 6091 } 6092 break; 6093 #endif 6094 default: 6095 ipseclog((LOG_DEBUG, 6096 "%s: wrong NAT-OAi header.\n", 6097 __func__)); 6098 return (EINVAL); 6099 } 6100 } 6101 if (oar != NULL) { 6102 sa = (struct sockaddr *)(oar + 1); 6103 switch (sa->sa_family) { 6104 #ifdef AF_INET 6105 case AF_INET: 6106 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6107 ipseclog((LOG_DEBUG, 6108 "%s: wrong NAT-OAr header.\n", 6109 __func__)); 6110 return (EINVAL); 6111 } 6112 /* Ignore address if it the same */ 6113 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 6114 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 6115 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 6116 sav->natt->flags |= IPSEC_NATT_F_OAR; 6117 /* Calculate checksum delta */ 6118 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 6119 cksum = in_addword(cksum, ~addr >> 16); 6120 cksum = in_addword(cksum, ~addr & 0xffff); 6121 addr = sav->natt->oar.sin.sin_addr.s_addr; 6122 cksum = in_addword(cksum, addr >> 16); 6123 cksum = in_addword(cksum, addr & 0xffff); 6124 } 6125 break; 6126 #endif 6127 #ifdef AF_INET6 6128 case AF_INET6: 6129 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6130 ipseclog((LOG_DEBUG, 6131 "%s: wrong NAT-OAr header.\n", 6132 __func__)); 6133 return (EINVAL); 6134 } 6135 /* Ignore address if it the same */ 6136 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr, 6137 &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) { 6138 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 6139 sav->natt->flags |= IPSEC_NATT_F_OAR; 6140 /* Calculate checksum delta */ 6141 for (i = 0; i < 8; i++) { 6142 cksum = in_addword(cksum, 6143 ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]); 6144 cksum = in_addword(cksum, 6145 sav->natt->oar.sin6.sin6_addr.s6_addr16[i]); 6146 } 6147 } 6148 break; 6149 #endif 6150 default: 6151 ipseclog((LOG_DEBUG, 6152 "%s: wrong NAT-OAr header.\n", 6153 __func__)); 6154 return (EINVAL); 6155 } 6156 } 6157 sav->natt->cksum = cksum; 6158 } 6159 return (0); 6160 } 6161 6162 static int 6163 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 6164 { 6165 const struct sadb_ident *idsrc, *iddst; 6166 6167 IPSEC_ASSERT(sah != NULL, ("null secashead")); 6168 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6169 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6170 6171 /* don't make buffer if not there */ 6172 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 6173 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 6174 sah->idents = NULL; 6175 sah->identd = NULL; 6176 return (0); 6177 } 6178 6179 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 6180 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 6181 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 6182 return (EINVAL); 6183 } 6184 6185 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 6186 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 6187 6188 /* validity check */ 6189 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 6190 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 6191 return EINVAL; 6192 } 6193 6194 switch (idsrc->sadb_ident_type) { 6195 case SADB_IDENTTYPE_PREFIX: 6196 case SADB_IDENTTYPE_FQDN: 6197 case SADB_IDENTTYPE_USERFQDN: 6198 default: 6199 /* XXX do nothing */ 6200 sah->idents = NULL; 6201 sah->identd = NULL; 6202 return 0; 6203 } 6204 6205 /* make structure */ 6206 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 6207 if (sah->idents == NULL) { 6208 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6209 return ENOBUFS; 6210 } 6211 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 6212 if (sah->identd == NULL) { 6213 free(sah->idents, M_IPSEC_MISC); 6214 sah->idents = NULL; 6215 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6216 return ENOBUFS; 6217 } 6218 sah->idents->type = idsrc->sadb_ident_type; 6219 sah->idents->id = idsrc->sadb_ident_id; 6220 6221 sah->identd->type = iddst->sadb_ident_type; 6222 sah->identd->id = iddst->sadb_ident_id; 6223 6224 return 0; 6225 } 6226 6227 /* 6228 * m will not be freed on return. 6229 * it is caller's responsibility to free the result. 6230 * 6231 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 6232 * from the request in defined order. 6233 */ 6234 static struct mbuf * 6235 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 6236 { 6237 struct mbuf *n; 6238 6239 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6240 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6241 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6242 6243 /* create new sadb_msg to reply. */ 6244 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 6245 SADB_EXT_SA, SADB_X_EXT_SA2, 6246 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 6247 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 6248 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 6249 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 6250 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 6251 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 6252 SADB_X_EXT_NEW_ADDRESS_DST); 6253 if (!n) 6254 return NULL; 6255 6256 if (n->m_len < sizeof(struct sadb_msg)) { 6257 n = m_pullup(n, sizeof(struct sadb_msg)); 6258 if (n == NULL) 6259 return NULL; 6260 } 6261 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 6262 mtod(n, struct sadb_msg *)->sadb_msg_len = 6263 PFKEY_UNIT64(n->m_pkthdr.len); 6264 6265 return n; 6266 } 6267 6268 /* 6269 * SADB_DELETE processing 6270 * receive 6271 * <base, SA(*), address(SD)> 6272 * from the ikmpd, and set SADB_SASTATE_DEAD, 6273 * and send, 6274 * <base, SA(*), address(SD)> 6275 * to the ikmpd. 6276 * 6277 * m will always be freed. 6278 */ 6279 static int 6280 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6281 { 6282 struct secasindex saidx; 6283 struct sadb_address *src0, *dst0; 6284 struct secasvar *sav; 6285 struct sadb_sa *sa0; 6286 uint8_t proto; 6287 6288 IPSEC_ASSERT(so != NULL, ("null socket")); 6289 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6290 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6291 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6292 6293 /* map satype to proto */ 6294 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6295 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6296 __func__)); 6297 return key_senderror(so, m, EINVAL); 6298 } 6299 6300 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6301 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6302 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6303 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6304 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6305 __func__)); 6306 return key_senderror(so, m, EINVAL); 6307 } 6308 6309 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6310 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6311 6312 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6313 (struct sockaddr *)(dst0 + 1)) != 0) { 6314 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6315 return (key_senderror(so, m, EINVAL)); 6316 } 6317 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6318 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6319 /* 6320 * Caller wants us to delete all non-LARVAL SAs 6321 * that match the src/dst. This is used during 6322 * IKE INITIAL-CONTACT. 6323 * XXXAE: this looks like some extension to RFC2367. 6324 */ 6325 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6326 return (key_delete_all(so, m, mhp, &saidx)); 6327 } 6328 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6329 ipseclog((LOG_DEBUG, 6330 "%s: invalid message: wrong header size.\n", __func__)); 6331 return (key_senderror(so, m, EINVAL)); 6332 } 6333 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6334 SPI_ALLOC_LOCK(); 6335 if (proto == IPPROTO_TCP) 6336 sav = key_getsav_tcpmd5(&saidx, NULL); 6337 else 6338 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6339 SPI_ALLOC_UNLOCK(); 6340 if (sav == NULL) { 6341 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6342 __func__, ntohl(sa0->sadb_sa_spi))); 6343 return (key_senderror(so, m, ESRCH)); 6344 } 6345 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6346 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6347 __func__, ntohl(sav->spi))); 6348 key_freesav(&sav); 6349 return (key_senderror(so, m, ESRCH)); 6350 } 6351 KEYDBG(KEY_STAMP, 6352 printf("%s: SA(%p)\n", __func__, sav)); 6353 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6354 key_unlinksav(sav); 6355 key_freesav(&sav); 6356 6357 { 6358 struct mbuf *n; 6359 struct sadb_msg *newmsg; 6360 6361 /* create new sadb_msg to reply. */ 6362 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6363 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6364 if (!n) 6365 return key_senderror(so, m, ENOBUFS); 6366 6367 if (n->m_len < sizeof(struct sadb_msg)) { 6368 n = m_pullup(n, sizeof(struct sadb_msg)); 6369 if (n == NULL) 6370 return key_senderror(so, m, ENOBUFS); 6371 } 6372 newmsg = mtod(n, struct sadb_msg *); 6373 newmsg->sadb_msg_errno = 0; 6374 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6375 6376 m_freem(m); 6377 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6378 } 6379 } 6380 6381 /* 6382 * delete all SAs for src/dst. Called from key_delete(). 6383 */ 6384 static int 6385 key_delete_all(struct socket *so, struct mbuf *m, 6386 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6387 { 6388 struct secasvar_queue drainq; 6389 struct secashead *sah; 6390 struct secasvar *sav, *nextsav; 6391 6392 TAILQ_INIT(&drainq); 6393 SAHTREE_WLOCK(); 6394 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6395 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6396 continue; 6397 /* Move all ALIVE SAs into drainq */ 6398 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6399 } 6400 /* Unlink all queued SAs from SPI hash */ 6401 TAILQ_FOREACH(sav, &drainq, chain) { 6402 sav->state = SADB_SASTATE_DEAD; 6403 ipsec_accel_forget_sav(sav); 6404 LIST_REMOVE(sav, spihash); 6405 } 6406 SAHTREE_WUNLOCK(); 6407 /* Now we can release reference for all SAs in drainq */ 6408 sav = TAILQ_FIRST(&drainq); 6409 while (sav != NULL) { 6410 KEYDBG(KEY_STAMP, 6411 printf("%s: SA(%p)\n", __func__, sav)); 6412 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6413 nextsav = TAILQ_NEXT(sav, chain); 6414 key_freesah(&sav->sah); /* release reference from SAV */ 6415 key_freesav(&sav); /* release last reference */ 6416 sav = nextsav; 6417 } 6418 6419 { 6420 struct mbuf *n; 6421 struct sadb_msg *newmsg; 6422 6423 /* create new sadb_msg to reply. */ 6424 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6425 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6426 if (!n) 6427 return key_senderror(so, m, ENOBUFS); 6428 6429 if (n->m_len < sizeof(struct sadb_msg)) { 6430 n = m_pullup(n, sizeof(struct sadb_msg)); 6431 if (n == NULL) 6432 return key_senderror(so, m, ENOBUFS); 6433 } 6434 newmsg = mtod(n, struct sadb_msg *); 6435 newmsg->sadb_msg_errno = 0; 6436 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6437 6438 m_freem(m); 6439 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6440 } 6441 } 6442 6443 /* 6444 * Delete all alive SAs for corresponding xform. 6445 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6446 * here when xform disappears. 6447 */ 6448 void 6449 key_delete_xform(const struct xformsw *xsp) 6450 { 6451 struct secasvar_queue drainq; 6452 struct secashead *sah; 6453 struct secasvar *sav, *nextsav; 6454 6455 TAILQ_INIT(&drainq); 6456 SAHTREE_WLOCK(); 6457 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6458 sav = TAILQ_FIRST(&sah->savtree_alive); 6459 if (sav == NULL) 6460 continue; 6461 if (sav->tdb_xform != xsp) 6462 continue; 6463 /* 6464 * It is supposed that all SAs in the chain are related to 6465 * one xform. 6466 */ 6467 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6468 } 6469 /* Unlink all queued SAs from SPI hash */ 6470 TAILQ_FOREACH(sav, &drainq, chain) { 6471 sav->state = SADB_SASTATE_DEAD; 6472 ipsec_accel_forget_sav(sav); 6473 LIST_REMOVE(sav, spihash); 6474 } 6475 SAHTREE_WUNLOCK(); 6476 6477 /* Now we can release reference for all SAs in drainq */ 6478 sav = TAILQ_FIRST(&drainq); 6479 while (sav != NULL) { 6480 KEYDBG(KEY_STAMP, 6481 printf("%s: SA(%p)\n", __func__, sav)); 6482 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6483 nextsav = TAILQ_NEXT(sav, chain); 6484 key_freesah(&sav->sah); /* release reference from SAV */ 6485 key_freesav(&sav); /* release last reference */ 6486 sav = nextsav; 6487 } 6488 } 6489 6490 /* 6491 * SADB_GET processing 6492 * receive 6493 * <base, SA(*), address(SD)> 6494 * from the ikmpd, and get a SP and a SA to respond, 6495 * and send, 6496 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6497 * (identity(SD),) (sensitivity)> 6498 * to the ikmpd. 6499 * 6500 * m will always be freed. 6501 */ 6502 static int 6503 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6504 { 6505 struct secasindex saidx; 6506 struct sadb_address *src0, *dst0; 6507 struct sadb_sa *sa0; 6508 struct secasvar *sav; 6509 uint8_t proto; 6510 6511 IPSEC_ASSERT(so != NULL, ("null socket")); 6512 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6513 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6514 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6515 6516 /* map satype to proto */ 6517 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6518 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6519 __func__)); 6520 return key_senderror(so, m, EINVAL); 6521 } 6522 6523 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6524 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6525 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6526 ipseclog((LOG_DEBUG, 6527 "%s: invalid message: missing required header.\n", 6528 __func__)); 6529 return key_senderror(so, m, EINVAL); 6530 } 6531 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6532 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6533 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6534 ipseclog((LOG_DEBUG, 6535 "%s: invalid message: wrong header size.\n", __func__)); 6536 return key_senderror(so, m, EINVAL); 6537 } 6538 6539 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6540 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6541 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6542 6543 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6544 (struct sockaddr *)(dst0 + 1)) != 0) { 6545 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6546 return key_senderror(so, m, EINVAL); 6547 } 6548 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6549 6550 SPI_ALLOC_LOCK(); 6551 if (proto == IPPROTO_TCP) 6552 sav = key_getsav_tcpmd5(&saidx, NULL); 6553 else 6554 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6555 SPI_ALLOC_UNLOCK(); 6556 if (sav == NULL) { 6557 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6558 return key_senderror(so, m, ESRCH); 6559 } 6560 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6561 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6562 __func__, ntohl(sa0->sadb_sa_spi))); 6563 key_freesav(&sav); 6564 return (key_senderror(so, m, ESRCH)); 6565 } 6566 6567 { 6568 struct mbuf *n; 6569 uint8_t satype; 6570 6571 /* map proto to satype */ 6572 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6573 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6574 __func__)); 6575 key_freesav(&sav); 6576 return key_senderror(so, m, EINVAL); 6577 } 6578 6579 /* create new sadb_msg to reply. */ 6580 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6581 mhp->msg->sadb_msg_pid, NULL); 6582 6583 key_freesav(&sav); 6584 if (!n) 6585 return key_senderror(so, m, ENOBUFS); 6586 6587 m_freem(m); 6588 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6589 } 6590 } 6591 6592 /* XXX make it sysctl-configurable? */ 6593 static void 6594 key_getcomb_setlifetime(struct sadb_comb *comb) 6595 { 6596 6597 comb->sadb_comb_soft_allocations = 1; 6598 comb->sadb_comb_hard_allocations = 1; 6599 comb->sadb_comb_soft_bytes = 0; 6600 comb->sadb_comb_hard_bytes = 0; 6601 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6602 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6603 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6604 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6605 } 6606 6607 /* 6608 * XXX reorder combinations by preference 6609 * XXX no idea if the user wants ESP authentication or not 6610 */ 6611 static struct mbuf * 6612 key_getcomb_ealg(void) 6613 { 6614 struct sadb_comb *comb; 6615 const struct enc_xform *algo; 6616 struct mbuf *result = NULL, *m, *n; 6617 int encmin; 6618 int i, off, o; 6619 int totlen; 6620 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6621 6622 m = NULL; 6623 for (i = 1; i <= SADB_EALG_MAX; i++) { 6624 algo = enc_algorithm_lookup(i); 6625 if (algo == NULL) 6626 continue; 6627 6628 /* discard algorithms with key size smaller than system min */ 6629 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6630 continue; 6631 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6632 encmin = V_ipsec_esp_keymin; 6633 else 6634 encmin = _BITS(algo->minkey); 6635 6636 if (V_ipsec_esp_auth) 6637 m = key_getcomb_ah(); 6638 else { 6639 IPSEC_ASSERT(l <= MLEN, 6640 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6641 MGET(m, M_NOWAIT, MT_DATA); 6642 if (m) { 6643 M_ALIGN(m, l); 6644 m->m_len = l; 6645 m->m_next = NULL; 6646 bzero(mtod(m, caddr_t), m->m_len); 6647 } 6648 } 6649 if (!m) 6650 goto fail; 6651 6652 totlen = 0; 6653 for (n = m; n; n = n->m_next) 6654 totlen += n->m_len; 6655 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6656 6657 for (off = 0; off < totlen; off += l) { 6658 n = m_pulldown(m, off, l, &o); 6659 if (!n) { 6660 /* m is already freed */ 6661 goto fail; 6662 } 6663 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6664 bzero(comb, sizeof(*comb)); 6665 key_getcomb_setlifetime(comb); 6666 comb->sadb_comb_encrypt = i; 6667 comb->sadb_comb_encrypt_minbits = encmin; 6668 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6669 } 6670 6671 if (!result) 6672 result = m; 6673 else 6674 m_cat(result, m); 6675 } 6676 6677 return result; 6678 6679 fail: 6680 if (result) 6681 m_freem(result); 6682 return NULL; 6683 } 6684 6685 static void 6686 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6687 u_int16_t* max) 6688 { 6689 6690 *min = *max = ah->hashsize; 6691 if (ah->keysize == 0) { 6692 /* 6693 * Transform takes arbitrary key size but algorithm 6694 * key size is restricted. Enforce this here. 6695 */ 6696 switch (alg) { 6697 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6698 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6699 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6700 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6701 default: 6702 DPRINTF(("%s: unknown AH algorithm %u\n", 6703 __func__, alg)); 6704 break; 6705 } 6706 } 6707 } 6708 6709 /* 6710 * XXX reorder combinations by preference 6711 */ 6712 static struct mbuf * 6713 key_getcomb_ah(void) 6714 { 6715 const struct auth_hash *algo; 6716 struct sadb_comb *comb; 6717 struct mbuf *m; 6718 u_int16_t minkeysize, maxkeysize; 6719 int i; 6720 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6721 6722 m = NULL; 6723 for (i = 1; i <= SADB_AALG_MAX; i++) { 6724 #if 1 6725 /* we prefer HMAC algorithms, not old algorithms */ 6726 if (i != SADB_AALG_SHA1HMAC && 6727 i != SADB_X_AALG_SHA2_256 && 6728 i != SADB_X_AALG_SHA2_384 && 6729 i != SADB_X_AALG_SHA2_512) 6730 continue; 6731 #endif 6732 algo = auth_algorithm_lookup(i); 6733 if (!algo) 6734 continue; 6735 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6736 /* discard algorithms with key size smaller than system min */ 6737 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6738 continue; 6739 6740 if (!m) { 6741 IPSEC_ASSERT(l <= MLEN, 6742 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6743 MGET(m, M_NOWAIT, MT_DATA); 6744 if (m) { 6745 M_ALIGN(m, l); 6746 m->m_len = l; 6747 m->m_next = NULL; 6748 } 6749 } else 6750 M_PREPEND(m, l, M_NOWAIT); 6751 if (!m) 6752 return NULL; 6753 6754 comb = mtod(m, struct sadb_comb *); 6755 bzero(comb, sizeof(*comb)); 6756 key_getcomb_setlifetime(comb); 6757 comb->sadb_comb_auth = i; 6758 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6759 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6760 } 6761 6762 return m; 6763 } 6764 6765 /* 6766 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6767 * XXX reorder combinations by preference 6768 */ 6769 static struct mbuf * 6770 key_getcomb_ipcomp(void) 6771 { 6772 const struct comp_algo *algo; 6773 struct sadb_comb *comb; 6774 struct mbuf *m; 6775 int i; 6776 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6777 6778 m = NULL; 6779 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6780 algo = comp_algorithm_lookup(i); 6781 if (!algo) 6782 continue; 6783 6784 if (!m) { 6785 IPSEC_ASSERT(l <= MLEN, 6786 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6787 MGET(m, M_NOWAIT, MT_DATA); 6788 if (m) { 6789 M_ALIGN(m, l); 6790 m->m_len = l; 6791 m->m_next = NULL; 6792 } 6793 } else 6794 M_PREPEND(m, l, M_NOWAIT); 6795 if (!m) 6796 return NULL; 6797 6798 comb = mtod(m, struct sadb_comb *); 6799 bzero(comb, sizeof(*comb)); 6800 key_getcomb_setlifetime(comb); 6801 comb->sadb_comb_encrypt = i; 6802 /* what should we set into sadb_comb_*_{min,max}bits? */ 6803 } 6804 6805 return m; 6806 } 6807 6808 /* 6809 * XXX no way to pass mode (transport/tunnel) to userland 6810 * XXX replay checking? 6811 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6812 */ 6813 static struct mbuf * 6814 key_getprop(const struct secasindex *saidx) 6815 { 6816 struct sadb_prop *prop; 6817 struct mbuf *m, *n; 6818 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6819 int totlen; 6820 6821 switch (saidx->proto) { 6822 case IPPROTO_ESP: 6823 m = key_getcomb_ealg(); 6824 break; 6825 case IPPROTO_AH: 6826 m = key_getcomb_ah(); 6827 break; 6828 case IPPROTO_IPCOMP: 6829 m = key_getcomb_ipcomp(); 6830 break; 6831 default: 6832 return NULL; 6833 } 6834 6835 if (!m) 6836 return NULL; 6837 M_PREPEND(m, l, M_NOWAIT); 6838 if (!m) 6839 return NULL; 6840 6841 totlen = 0; 6842 for (n = m; n; n = n->m_next) 6843 totlen += n->m_len; 6844 6845 prop = mtod(m, struct sadb_prop *); 6846 bzero(prop, sizeof(*prop)); 6847 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6848 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6849 prop->sadb_prop_replay = 32; /* XXX */ 6850 6851 return m; 6852 } 6853 6854 /* 6855 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6856 * send 6857 * <base, SA, address(SD), (address(P)), x_policy, 6858 * (identity(SD),) (sensitivity,) proposal> 6859 * to KMD, and expect to receive 6860 * <base> with SADB_ACQUIRE if error occurred, 6861 * or 6862 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6863 * from KMD by PF_KEY. 6864 * 6865 * XXX x_policy is outside of RFC2367 (KAME extension). 6866 * XXX sensitivity is not supported. 6867 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6868 * see comment for key_getcomb_ipcomp(). 6869 * 6870 * OUT: 6871 * 0 : succeed 6872 * others: error number 6873 */ 6874 static int 6875 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6876 { 6877 union sockaddr_union addr; 6878 struct mbuf *result, *m; 6879 uint32_t seq; 6880 int error; 6881 uint16_t ul_proto; 6882 uint8_t mask, satype; 6883 6884 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6885 satype = key_proto2satype(saidx->proto); 6886 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6887 6888 error = -1; 6889 result = NULL; 6890 ul_proto = IPSEC_ULPROTO_ANY; 6891 6892 /* Get seq number to check whether sending message or not. */ 6893 seq = key_getacq(saidx, &error); 6894 if (seq == 0) 6895 return (error); 6896 6897 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6898 if (!m) { 6899 error = ENOBUFS; 6900 goto fail; 6901 } 6902 result = m; 6903 6904 /* 6905 * set sadb_address for saidx's. 6906 * 6907 * Note that if sp is supplied, then we're being called from 6908 * key_allocsa_policy() and should supply port and protocol 6909 * information. 6910 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6911 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6912 * XXXAE: it looks like we should save this info in the ACQ entry. 6913 */ 6914 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6915 sp->spidx.ul_proto == IPPROTO_UDP)) 6916 ul_proto = sp->spidx.ul_proto; 6917 6918 addr = saidx->src; 6919 mask = FULLMASK; 6920 if (ul_proto != IPSEC_ULPROTO_ANY) { 6921 switch (sp->spidx.src.sa.sa_family) { 6922 case AF_INET: 6923 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6924 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6925 mask = sp->spidx.prefs; 6926 } 6927 break; 6928 case AF_INET6: 6929 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6930 addr.sin6.sin6_port = 6931 sp->spidx.src.sin6.sin6_port; 6932 mask = sp->spidx.prefs; 6933 } 6934 break; 6935 default: 6936 break; 6937 } 6938 } 6939 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6940 if (!m) { 6941 error = ENOBUFS; 6942 goto fail; 6943 } 6944 m_cat(result, m); 6945 6946 addr = saidx->dst; 6947 mask = FULLMASK; 6948 if (ul_proto != IPSEC_ULPROTO_ANY) { 6949 switch (sp->spidx.dst.sa.sa_family) { 6950 case AF_INET: 6951 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6952 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6953 mask = sp->spidx.prefd; 6954 } 6955 break; 6956 case AF_INET6: 6957 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6958 addr.sin6.sin6_port = 6959 sp->spidx.dst.sin6.sin6_port; 6960 mask = sp->spidx.prefd; 6961 } 6962 break; 6963 default: 6964 break; 6965 } 6966 } 6967 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6968 if (!m) { 6969 error = ENOBUFS; 6970 goto fail; 6971 } 6972 m_cat(result, m); 6973 6974 /* XXX proxy address (optional) */ 6975 6976 /* 6977 * Set sadb_x_policy. This is KAME extension to RFC2367. 6978 */ 6979 if (sp != NULL) { 6980 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6981 sp->priority); 6982 if (!m) { 6983 error = ENOBUFS; 6984 goto fail; 6985 } 6986 m_cat(result, m); 6987 } 6988 6989 /* 6990 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6991 * This is FreeBSD extension to RFC2367. 6992 */ 6993 if (saidx->reqid != 0) { 6994 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6995 if (m == NULL) { 6996 error = ENOBUFS; 6997 goto fail; 6998 } 6999 m_cat(result, m); 7000 } 7001 /* XXX identity (optional) */ 7002 #if 0 7003 if (idexttype && fqdn) { 7004 /* create identity extension (FQDN) */ 7005 struct sadb_ident *id; 7006 int fqdnlen; 7007 7008 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 7009 id = (struct sadb_ident *)p; 7010 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 7011 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 7012 id->sadb_ident_exttype = idexttype; 7013 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 7014 bcopy(fqdn, id + 1, fqdnlen); 7015 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 7016 } 7017 7018 if (idexttype) { 7019 /* create identity extension (USERFQDN) */ 7020 struct sadb_ident *id; 7021 int userfqdnlen; 7022 7023 if (userfqdn) { 7024 /* +1 for terminating-NUL */ 7025 userfqdnlen = strlen(userfqdn) + 1; 7026 } else 7027 userfqdnlen = 0; 7028 id = (struct sadb_ident *)p; 7029 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 7030 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 7031 id->sadb_ident_exttype = idexttype; 7032 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 7033 /* XXX is it correct? */ 7034 if (curproc && curproc->p_cred) 7035 id->sadb_ident_id = curproc->p_cred->p_ruid; 7036 if (userfqdn && userfqdnlen) 7037 bcopy(userfqdn, id + 1, userfqdnlen); 7038 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 7039 } 7040 #endif 7041 7042 /* XXX sensitivity (optional) */ 7043 7044 /* create proposal/combination extension */ 7045 m = key_getprop(saidx); 7046 #if 0 7047 /* 7048 * spec conformant: always attach proposal/combination extension, 7049 * the problem is that we have no way to attach it for ipcomp, 7050 * due to the way sadb_comb is declared in RFC2367. 7051 */ 7052 if (!m) { 7053 error = ENOBUFS; 7054 goto fail; 7055 } 7056 m_cat(result, m); 7057 #else 7058 /* 7059 * outside of spec; make proposal/combination extension optional. 7060 */ 7061 if (m) 7062 m_cat(result, m); 7063 #endif 7064 7065 if ((result->m_flags & M_PKTHDR) == 0) { 7066 error = EINVAL; 7067 goto fail; 7068 } 7069 7070 if (result->m_len < sizeof(struct sadb_msg)) { 7071 result = m_pullup(result, sizeof(struct sadb_msg)); 7072 if (result == NULL) { 7073 error = ENOBUFS; 7074 goto fail; 7075 } 7076 } 7077 7078 result->m_pkthdr.len = 0; 7079 for (m = result; m; m = m->m_next) 7080 result->m_pkthdr.len += m->m_len; 7081 7082 mtod(result, struct sadb_msg *)->sadb_msg_len = 7083 PFKEY_UNIT64(result->m_pkthdr.len); 7084 7085 KEYDBG(KEY_STAMP, 7086 printf("%s: SP(%p)\n", __func__, sp)); 7087 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 7088 7089 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7090 7091 fail: 7092 if (result) 7093 m_freem(result); 7094 return error; 7095 } 7096 7097 static uint32_t 7098 key_newacq(const struct secasindex *saidx, int *perror) 7099 { 7100 struct secacq *acq; 7101 uint32_t seq; 7102 7103 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 7104 if (acq == NULL) { 7105 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7106 *perror = ENOBUFS; 7107 return (0); 7108 } 7109 7110 /* copy secindex */ 7111 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 7112 acq->created = time_second; 7113 acq->count = 0; 7114 7115 /* add to acqtree */ 7116 ACQ_LOCK(); 7117 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 7118 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 7119 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 7120 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 7121 ACQ_UNLOCK(); 7122 *perror = 0; 7123 return (seq); 7124 } 7125 7126 static uint32_t 7127 key_getacq(const struct secasindex *saidx, int *perror) 7128 { 7129 struct secacq *acq; 7130 uint32_t seq; 7131 7132 ACQ_LOCK(); 7133 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 7134 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 7135 if (acq->count > V_key_blockacq_count) { 7136 /* 7137 * Reset counter and send message. 7138 * Also reset created time to keep ACQ for 7139 * this saidx. 7140 */ 7141 acq->created = time_second; 7142 acq->count = 0; 7143 seq = acq->seq; 7144 } else { 7145 /* 7146 * Increment counter and do nothing. 7147 * We send SADB_ACQUIRE message only 7148 * for each V_key_blockacq_count packet. 7149 */ 7150 acq->count++; 7151 seq = 0; 7152 } 7153 break; 7154 } 7155 } 7156 ACQ_UNLOCK(); 7157 if (acq != NULL) { 7158 *perror = 0; 7159 return (seq); 7160 } 7161 /* allocate new entry */ 7162 return (key_newacq(saidx, perror)); 7163 } 7164 7165 static int 7166 key_acqreset(uint32_t seq) 7167 { 7168 struct secacq *acq; 7169 7170 ACQ_LOCK(); 7171 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 7172 if (acq->seq == seq) { 7173 acq->count = 0; 7174 acq->created = time_second; 7175 break; 7176 } 7177 } 7178 ACQ_UNLOCK(); 7179 if (acq == NULL) 7180 return (ESRCH); 7181 return (0); 7182 } 7183 /* 7184 * Mark ACQ entry as stale to remove it in key_flush_acq(). 7185 * Called after successful SADB_GETSPI message. 7186 */ 7187 static int 7188 key_acqdone(const struct secasindex *saidx, uint32_t seq) 7189 { 7190 struct secacq *acq; 7191 7192 ACQ_LOCK(); 7193 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 7194 if (acq->seq == seq) 7195 break; 7196 } 7197 if (acq != NULL) { 7198 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 7199 ipseclog((LOG_DEBUG, 7200 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 7201 acq = NULL; 7202 } else { 7203 acq->created = 0; 7204 } 7205 } else { 7206 ipseclog((LOG_DEBUG, 7207 "%s: ACQ %u is not found.\n", __func__, seq)); 7208 } 7209 ACQ_UNLOCK(); 7210 if (acq == NULL) 7211 return (ESRCH); 7212 return (0); 7213 } 7214 7215 static struct secspacq * 7216 key_newspacq(struct secpolicyindex *spidx) 7217 { 7218 struct secspacq *acq; 7219 7220 /* get new entry */ 7221 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 7222 if (acq == NULL) { 7223 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7224 return NULL; 7225 } 7226 7227 /* copy secindex */ 7228 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 7229 acq->created = time_second; 7230 acq->count = 0; 7231 7232 /* add to spacqtree */ 7233 SPACQ_LOCK(); 7234 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 7235 SPACQ_UNLOCK(); 7236 7237 return acq; 7238 } 7239 7240 static struct secspacq * 7241 key_getspacq(struct secpolicyindex *spidx) 7242 { 7243 struct secspacq *acq; 7244 7245 SPACQ_LOCK(); 7246 LIST_FOREACH(acq, &V_spacqtree, chain) { 7247 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 7248 /* NB: return holding spacq_lock */ 7249 return acq; 7250 } 7251 } 7252 SPACQ_UNLOCK(); 7253 7254 return NULL; 7255 } 7256 7257 /* 7258 * SADB_ACQUIRE processing, 7259 * in first situation, is receiving 7260 * <base> 7261 * from the ikmpd, and clear sequence of its secasvar entry. 7262 * 7263 * In second situation, is receiving 7264 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7265 * from a user land process, and return 7266 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7267 * to the socket. 7268 * 7269 * m will always be freed. 7270 */ 7271 static int 7272 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7273 { 7274 SAHTREE_RLOCK_TRACKER; 7275 struct sadb_address *src0, *dst0; 7276 struct secasindex saidx; 7277 struct secashead *sah; 7278 uint32_t reqid; 7279 int error; 7280 uint8_t mode, proto; 7281 7282 IPSEC_ASSERT(so != NULL, ("null socket")); 7283 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7284 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7285 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7286 7287 /* 7288 * Error message from KMd. 7289 * We assume that if error was occurred in IKEd, the length of PFKEY 7290 * message is equal to the size of sadb_msg structure. 7291 * We do not raise error even if error occurred in this function. 7292 */ 7293 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7294 /* check sequence number */ 7295 if (mhp->msg->sadb_msg_seq == 0 || 7296 mhp->msg->sadb_msg_errno == 0) { 7297 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7298 "number and errno.\n", __func__)); 7299 } else { 7300 /* 7301 * IKEd reported that error occurred. 7302 * XXXAE: what it expects from the kernel? 7303 * Probably we should send SADB_ACQUIRE again? 7304 * If so, reset ACQ's state. 7305 * XXXAE: it looks useless. 7306 */ 7307 key_acqreset(mhp->msg->sadb_msg_seq); 7308 } 7309 m_freem(m); 7310 return (0); 7311 } 7312 7313 /* 7314 * This message is from user land. 7315 */ 7316 7317 /* map satype to proto */ 7318 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7319 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7320 __func__)); 7321 return key_senderror(so, m, EINVAL); 7322 } 7323 7324 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7325 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7326 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7327 ipseclog((LOG_DEBUG, 7328 "%s: invalid message: missing required header.\n", 7329 __func__)); 7330 return key_senderror(so, m, EINVAL); 7331 } 7332 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7333 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7334 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7335 ipseclog((LOG_DEBUG, 7336 "%s: invalid message: wrong header size.\n", __func__)); 7337 return key_senderror(so, m, EINVAL); 7338 } 7339 7340 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7341 mode = IPSEC_MODE_ANY; 7342 reqid = 0; 7343 } else { 7344 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7345 ipseclog((LOG_DEBUG, 7346 "%s: invalid message: wrong header size.\n", 7347 __func__)); 7348 return key_senderror(so, m, EINVAL); 7349 } 7350 mode = ((struct sadb_x_sa2 *) 7351 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7352 reqid = ((struct sadb_x_sa2 *) 7353 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7354 } 7355 7356 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7357 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7358 7359 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7360 (struct sockaddr *)(dst0 + 1)); 7361 if (error != 0) { 7362 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7363 return key_senderror(so, m, EINVAL); 7364 } 7365 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7366 7367 /* get a SA index */ 7368 SAHTREE_RLOCK(); 7369 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7370 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7371 break; 7372 } 7373 SAHTREE_RUNLOCK(); 7374 if (sah != NULL) { 7375 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7376 return key_senderror(so, m, EEXIST); 7377 } 7378 7379 error = key_acquire(&saidx, NULL); 7380 if (error != 0) { 7381 ipseclog((LOG_DEBUG, 7382 "%s: error %d returned from key_acquire()\n", 7383 __func__, error)); 7384 return key_senderror(so, m, error); 7385 } 7386 m_freem(m); 7387 return (0); 7388 } 7389 7390 /* 7391 * SADB_REGISTER processing. 7392 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7393 * receive 7394 * <base> 7395 * from the ikmpd, and register a socket to send PF_KEY messages, 7396 * and send 7397 * <base, supported> 7398 * to KMD by PF_KEY. 7399 * If socket is detached, must free from regnode. 7400 * 7401 * m will always be freed. 7402 */ 7403 static int 7404 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7405 { 7406 struct secreg *reg, *newreg = NULL; 7407 7408 IPSEC_ASSERT(so != NULL, ("null socket")); 7409 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7410 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7411 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7412 7413 /* check for invalid register message */ 7414 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7415 return key_senderror(so, m, EINVAL); 7416 7417 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7418 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7419 goto setmsg; 7420 7421 /* check whether existing or not */ 7422 REGTREE_LOCK(); 7423 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7424 if (reg->so == so) { 7425 REGTREE_UNLOCK(); 7426 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7427 __func__)); 7428 return key_senderror(so, m, EEXIST); 7429 } 7430 } 7431 7432 /* create regnode */ 7433 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7434 if (newreg == NULL) { 7435 REGTREE_UNLOCK(); 7436 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7437 return key_senderror(so, m, ENOBUFS); 7438 } 7439 7440 newreg->so = so; 7441 ((struct keycb *)(so->so_pcb))->kp_registered++; 7442 7443 /* add regnode to regtree. */ 7444 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7445 REGTREE_UNLOCK(); 7446 7447 setmsg: 7448 { 7449 struct mbuf *n; 7450 struct sadb_msg *newmsg; 7451 struct sadb_supported *sup; 7452 u_int len, alen, elen; 7453 int off; 7454 int i; 7455 struct sadb_alg *alg; 7456 7457 /* create new sadb_msg to reply. */ 7458 alen = 0; 7459 for (i = 1; i <= SADB_AALG_MAX; i++) { 7460 if (auth_algorithm_lookup(i)) 7461 alen += sizeof(struct sadb_alg); 7462 } 7463 if (alen) 7464 alen += sizeof(struct sadb_supported); 7465 elen = 0; 7466 for (i = 1; i <= SADB_EALG_MAX; i++) { 7467 if (enc_algorithm_lookup(i)) 7468 elen += sizeof(struct sadb_alg); 7469 } 7470 if (elen) 7471 elen += sizeof(struct sadb_supported); 7472 7473 len = sizeof(struct sadb_msg) + alen + elen; 7474 7475 if (len > MCLBYTES) 7476 return key_senderror(so, m, ENOBUFS); 7477 7478 n = key_mget(len); 7479 if (n == NULL) 7480 return key_senderror(so, m, ENOBUFS); 7481 7482 n->m_pkthdr.len = n->m_len = len; 7483 n->m_next = NULL; 7484 off = 0; 7485 7486 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7487 newmsg = mtod(n, struct sadb_msg *); 7488 newmsg->sadb_msg_errno = 0; 7489 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7490 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7491 7492 /* for authentication algorithm */ 7493 if (alen) { 7494 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7495 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7496 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7497 off += PFKEY_ALIGN8(sizeof(*sup)); 7498 7499 for (i = 1; i <= SADB_AALG_MAX; i++) { 7500 const struct auth_hash *aalgo; 7501 u_int16_t minkeysize, maxkeysize; 7502 7503 aalgo = auth_algorithm_lookup(i); 7504 if (!aalgo) 7505 continue; 7506 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7507 alg->sadb_alg_id = i; 7508 alg->sadb_alg_ivlen = 0; 7509 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7510 alg->sadb_alg_minbits = _BITS(minkeysize); 7511 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7512 off += PFKEY_ALIGN8(sizeof(*alg)); 7513 } 7514 } 7515 7516 /* for encryption algorithm */ 7517 if (elen) { 7518 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7519 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7520 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7521 off += PFKEY_ALIGN8(sizeof(*sup)); 7522 7523 for (i = 1; i <= SADB_EALG_MAX; i++) { 7524 const struct enc_xform *ealgo; 7525 7526 ealgo = enc_algorithm_lookup(i); 7527 if (!ealgo) 7528 continue; 7529 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7530 alg->sadb_alg_id = i; 7531 alg->sadb_alg_ivlen = ealgo->ivsize; 7532 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7533 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7534 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7535 } 7536 } 7537 7538 IPSEC_ASSERT(off == len, 7539 ("length assumption failed (off %u len %u)", off, len)); 7540 7541 m_freem(m); 7542 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7543 } 7544 } 7545 7546 /* 7547 * free secreg entry registered. 7548 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7549 */ 7550 void 7551 key_freereg(struct socket *so) 7552 { 7553 struct secreg *reg; 7554 int i; 7555 7556 IPSEC_ASSERT(so != NULL, ("NULL so")); 7557 7558 /* 7559 * check whether existing or not. 7560 * check all type of SA, because there is a potential that 7561 * one socket is registered to multiple type of SA. 7562 */ 7563 REGTREE_LOCK(); 7564 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7565 LIST_FOREACH(reg, &V_regtree[i], chain) { 7566 if (reg->so == so && __LIST_CHAINED(reg)) { 7567 LIST_REMOVE(reg, chain); 7568 free(reg, M_IPSEC_SAR); 7569 break; 7570 } 7571 } 7572 } 7573 REGTREE_UNLOCK(); 7574 } 7575 7576 /* 7577 * SADB_EXPIRE processing 7578 * send 7579 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7580 * to KMD by PF_KEY. 7581 * NOTE: We send only soft lifetime extension. 7582 * 7583 * OUT: 0 : succeed 7584 * others : error number 7585 */ 7586 static int 7587 key_expire(struct secasvar *sav, int hard) 7588 { 7589 struct mbuf *result = NULL, *m; 7590 struct sadb_lifetime *lt; 7591 uint32_t replay_count; 7592 int error, len; 7593 uint8_t satype; 7594 7595 SECASVAR_RLOCK_TRACKER; 7596 7597 IPSEC_ASSERT (sav != NULL, ("null sav")); 7598 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7599 7600 KEYDBG(KEY_STAMP, 7601 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7602 sav, hard ? "hard": "soft")); 7603 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7604 /* set msg header */ 7605 satype = key_proto2satype(sav->sah->saidx.proto); 7606 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7607 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7608 if (!m) { 7609 error = ENOBUFS; 7610 goto fail; 7611 } 7612 result = m; 7613 7614 /* create SA extension */ 7615 m = key_setsadbsa(sav); 7616 if (!m) { 7617 error = ENOBUFS; 7618 goto fail; 7619 } 7620 m_cat(result, m); 7621 7622 /* create SA extension */ 7623 SECASVAR_RLOCK(sav); 7624 replay_count = sav->replay ? sav->replay->count : 0; 7625 SECASVAR_RUNLOCK(sav); 7626 7627 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7628 sav->sah->saidx.reqid); 7629 if (!m) { 7630 error = ENOBUFS; 7631 goto fail; 7632 } 7633 m_cat(result, m); 7634 7635 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7636 m = key_setsadbxsareplay(sav->replay->wsize); 7637 if (!m) { 7638 error = ENOBUFS; 7639 goto fail; 7640 } 7641 m_cat(result, m); 7642 } 7643 7644 /* create lifetime extension (current and soft) */ 7645 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7646 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7647 if (m == NULL) { 7648 error = ENOBUFS; 7649 goto fail; 7650 } 7651 m_align(m, len); 7652 m->m_len = len; 7653 bzero(mtod(m, caddr_t), len); 7654 lt = mtod(m, struct sadb_lifetime *); 7655 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7656 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7657 lt->sadb_lifetime_allocations = 7658 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7659 lt->sadb_lifetime_bytes = 7660 counter_u64_fetch(sav->lft_c_bytes); 7661 lt->sadb_lifetime_addtime = sav->created; 7662 lt->sadb_lifetime_usetime = sav->firstused; 7663 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7664 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7665 if (hard) { 7666 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7667 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7668 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7669 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7670 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7671 } else { 7672 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7673 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7674 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7675 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7676 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7677 } 7678 m_cat(result, m); 7679 7680 /* set sadb_address for source */ 7681 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7682 &sav->sah->saidx.src.sa, 7683 FULLMASK, IPSEC_ULPROTO_ANY); 7684 if (!m) { 7685 error = ENOBUFS; 7686 goto fail; 7687 } 7688 m_cat(result, m); 7689 7690 /* set sadb_address for destination */ 7691 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7692 &sav->sah->saidx.dst.sa, 7693 FULLMASK, IPSEC_ULPROTO_ANY); 7694 if (!m) { 7695 error = ENOBUFS; 7696 goto fail; 7697 } 7698 m_cat(result, m); 7699 7700 /* 7701 * XXX-BZ Handle NAT-T extensions here. 7702 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7703 * this information, we report only significant SA fields. 7704 */ 7705 7706 if ((result->m_flags & M_PKTHDR) == 0) { 7707 error = EINVAL; 7708 goto fail; 7709 } 7710 7711 if (result->m_len < sizeof(struct sadb_msg)) { 7712 result = m_pullup(result, sizeof(struct sadb_msg)); 7713 if (result == NULL) { 7714 error = ENOBUFS; 7715 goto fail; 7716 } 7717 } 7718 7719 result->m_pkthdr.len = 0; 7720 for (m = result; m; m = m->m_next) 7721 result->m_pkthdr.len += m->m_len; 7722 7723 mtod(result, struct sadb_msg *)->sadb_msg_len = 7724 PFKEY_UNIT64(result->m_pkthdr.len); 7725 7726 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7727 7728 fail: 7729 if (result) 7730 m_freem(result); 7731 return error; 7732 } 7733 7734 static void 7735 key_freesah_flushed(struct secashead_queue *flushq) 7736 { 7737 struct secashead *sah, *nextsah; 7738 struct secasvar *sav, *nextsav; 7739 7740 sah = TAILQ_FIRST(flushq); 7741 while (sah != NULL) { 7742 sav = TAILQ_FIRST(&sah->savtree_larval); 7743 while (sav != NULL) { 7744 nextsav = TAILQ_NEXT(sav, chain); 7745 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7746 key_freesav(&sav); /* release last reference */ 7747 key_freesah(&sah); /* release reference from SAV */ 7748 sav = nextsav; 7749 } 7750 sav = TAILQ_FIRST(&sah->savtree_alive); 7751 while (sav != NULL) { 7752 nextsav = TAILQ_NEXT(sav, chain); 7753 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7754 key_freesav(&sav); /* release last reference */ 7755 key_freesah(&sah); /* release reference from SAV */ 7756 sav = nextsav; 7757 } 7758 nextsah = TAILQ_NEXT(sah, chain); 7759 key_freesah(&sah); /* release last reference */ 7760 sah = nextsah; 7761 } 7762 } 7763 7764 /* 7765 * SADB_FLUSH processing 7766 * receive 7767 * <base> 7768 * from the ikmpd, and free all entries in secastree. 7769 * and send, 7770 * <base> 7771 * to the ikmpd. 7772 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7773 * 7774 * m will always be freed. 7775 */ 7776 static int 7777 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7778 { 7779 struct secashead_queue flushq; 7780 struct sadb_msg *newmsg; 7781 struct secashead *sah, *nextsah; 7782 struct secasvar *sav; 7783 uint8_t proto; 7784 int i; 7785 7786 IPSEC_ASSERT(so != NULL, ("null socket")); 7787 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7788 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7789 7790 /* map satype to proto */ 7791 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7792 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7793 __func__)); 7794 return key_senderror(so, m, EINVAL); 7795 } 7796 KEYDBG(KEY_STAMP, 7797 printf("%s: proto %u\n", __func__, proto)); 7798 7799 TAILQ_INIT(&flushq); 7800 if (proto == IPSEC_PROTO_ANY) { 7801 /* no SATYPE specified, i.e. flushing all SA. */ 7802 SAHTREE_WLOCK(); 7803 /* Move all SAHs into flushq */ 7804 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7805 /* Flush all buckets in SPI hash */ 7806 for (i = 0; i < V_savhash_mask + 1; i++) 7807 LIST_INIT(&V_savhashtbl[i]); 7808 /* Flush all buckets in SAHADDRHASH */ 7809 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7810 LIST_INIT(&V_sahaddrhashtbl[i]); 7811 /* Mark all SAHs as unlinked */ 7812 TAILQ_FOREACH(sah, &flushq, chain) { 7813 sah->state = SADB_SASTATE_DEAD; 7814 /* 7815 * Callout handler makes its job using 7816 * RLOCK and drain queues. In case, when this 7817 * function will be called just before it 7818 * acquires WLOCK, we need to mark SAs as 7819 * unlinked to prevent second unlink. 7820 */ 7821 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7822 sav->state = SADB_SASTATE_DEAD; 7823 ipsec_accel_forget_sav(sav); 7824 } 7825 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7826 sav->state = SADB_SASTATE_DEAD; 7827 ipsec_accel_forget_sav(sav); 7828 } 7829 } 7830 SAHTREE_WUNLOCK(); 7831 } else { 7832 SAHTREE_WLOCK(); 7833 sah = TAILQ_FIRST(&V_sahtree); 7834 while (sah != NULL) { 7835 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7836 ("DEAD SAH %p in SADB_FLUSH", sah)); 7837 nextsah = TAILQ_NEXT(sah, chain); 7838 if (sah->saidx.proto != proto) { 7839 sah = nextsah; 7840 continue; 7841 } 7842 sah->state = SADB_SASTATE_DEAD; 7843 TAILQ_REMOVE(&V_sahtree, sah, chain); 7844 LIST_REMOVE(sah, addrhash); 7845 /* Unlink all SAs from SPI hash */ 7846 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7847 LIST_REMOVE(sav, spihash); 7848 sav->state = SADB_SASTATE_DEAD; 7849 ipsec_accel_forget_sav(sav); 7850 } 7851 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7852 LIST_REMOVE(sav, spihash); 7853 sav->state = SADB_SASTATE_DEAD; 7854 ipsec_accel_forget_sav(sav); 7855 } 7856 /* Add SAH into flushq */ 7857 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7858 sah = nextsah; 7859 } 7860 SAHTREE_WUNLOCK(); 7861 } 7862 7863 key_freesah_flushed(&flushq); 7864 /* Free all queued SAs and SAHs */ 7865 if (m->m_len < sizeof(struct sadb_msg) || 7866 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7867 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7868 return key_senderror(so, m, ENOBUFS); 7869 } 7870 7871 if (m->m_next) 7872 m_freem(m->m_next); 7873 m->m_next = NULL; 7874 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7875 newmsg = mtod(m, struct sadb_msg *); 7876 newmsg->sadb_msg_errno = 0; 7877 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7878 7879 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7880 } 7881 7882 /* 7883 * SADB_DUMP processing 7884 * dump all entries including status of DEAD in SAD. 7885 * receive 7886 * <base> 7887 * from the ikmpd, and dump all secasvar leaves 7888 * and send, 7889 * <base> ..... 7890 * to the ikmpd. 7891 * 7892 * m will always be freed. 7893 */ 7894 static int 7895 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7896 { 7897 SAHTREE_RLOCK_TRACKER; 7898 struct secashead *sah; 7899 struct secasvar *sav; 7900 struct mbuf *n; 7901 uint32_t cnt; 7902 uint8_t proto, satype; 7903 7904 IPSEC_ASSERT(so != NULL, ("null socket")); 7905 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7906 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7907 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7908 7909 /* map satype to proto */ 7910 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7911 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7912 __func__)); 7913 return key_senderror(so, m, EINVAL); 7914 } 7915 7916 /* count sav entries to be sent to the userland. */ 7917 cnt = 0; 7918 IFNET_RLOCK(); 7919 SAHTREE_RLOCK(); 7920 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7921 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7922 proto != sah->saidx.proto) 7923 continue; 7924 7925 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7926 cnt++; 7927 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7928 cnt++; 7929 } 7930 7931 if (cnt == 0) { 7932 SAHTREE_RUNLOCK(); 7933 IFNET_RUNLOCK(); 7934 return key_senderror(so, m, ENOENT); 7935 } 7936 7937 /* send this to the userland, one at a time. */ 7938 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7939 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7940 proto != sah->saidx.proto) 7941 continue; 7942 7943 /* map proto to satype */ 7944 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7945 SAHTREE_RUNLOCK(); 7946 IFNET_RUNLOCK(); 7947 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7948 "SAD.\n", __func__)); 7949 return key_senderror(so, m, EINVAL); 7950 } 7951 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7952 n = key_setdumpsa(sav, SADB_DUMP, satype, 7953 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker); 7954 if (n == NULL) { 7955 SAHTREE_RUNLOCK(); 7956 IFNET_RUNLOCK(); 7957 return key_senderror(so, m, ENOBUFS); 7958 } 7959 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7960 } 7961 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7962 n = key_setdumpsa(sav, SADB_DUMP, satype, 7963 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker); 7964 if (n == NULL) { 7965 SAHTREE_RUNLOCK(); 7966 IFNET_RUNLOCK(); 7967 return key_senderror(so, m, ENOBUFS); 7968 } 7969 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7970 } 7971 } 7972 SAHTREE_RUNLOCK(); 7973 IFNET_RUNLOCK(); 7974 m_freem(m); 7975 return (0); 7976 } 7977 /* 7978 * SADB_X_PROMISC processing 7979 * 7980 * m will always be freed. 7981 */ 7982 static int 7983 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7984 { 7985 int olen; 7986 7987 IPSEC_ASSERT(so != NULL, ("null socket")); 7988 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7989 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7990 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7991 7992 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7993 7994 if (olen < sizeof(struct sadb_msg)) { 7995 #if 1 7996 return key_senderror(so, m, EINVAL); 7997 #else 7998 m_freem(m); 7999 return 0; 8000 #endif 8001 } else if (olen == sizeof(struct sadb_msg)) { 8002 /* enable/disable promisc mode */ 8003 struct keycb *kp; 8004 8005 if ((kp = so->so_pcb) == NULL) 8006 return key_senderror(so, m, EINVAL); 8007 mhp->msg->sadb_msg_errno = 0; 8008 switch (mhp->msg->sadb_msg_satype) { 8009 case 0: 8010 case 1: 8011 kp->kp_promisc = mhp->msg->sadb_msg_satype; 8012 break; 8013 default: 8014 return key_senderror(so, m, EINVAL); 8015 } 8016 8017 /* send the original message back to everyone */ 8018 mhp->msg->sadb_msg_errno = 0; 8019 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 8020 } else { 8021 /* send packet as is */ 8022 8023 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 8024 8025 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 8026 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 8027 } 8028 } 8029 8030 static int (*key_typesw[])(struct socket *, struct mbuf *, 8031 const struct sadb_msghdr *) = { 8032 [SADB_RESERVED] = NULL, 8033 [SADB_GETSPI] = key_getspi, 8034 [SADB_UPDATE] = key_update, 8035 [SADB_ADD] = key_add, 8036 [SADB_DELETE] = key_delete, 8037 [SADB_GET] = key_get, 8038 [SADB_ACQUIRE] = key_acquire2, 8039 [SADB_REGISTER] = key_register, 8040 [SADB_EXPIRE] = NULL, 8041 [SADB_FLUSH] = key_flush, 8042 [SADB_DUMP] = key_dump, 8043 [SADB_X_PROMISC] = key_promisc, 8044 [SADB_X_PCHANGE] = NULL, 8045 [SADB_X_SPDUPDATE] = key_spdadd, 8046 [SADB_X_SPDADD] = key_spdadd, 8047 [SADB_X_SPDDELETE] = key_spddelete, 8048 [SADB_X_SPDGET] = key_spdget, 8049 [SADB_X_SPDACQUIRE] = NULL, 8050 [SADB_X_SPDDUMP] = key_spddump, 8051 [SADB_X_SPDFLUSH] = key_spdflush, 8052 [SADB_X_SPDSETIDX] = key_spdadd, 8053 [SADB_X_SPDEXPIRE] = NULL, 8054 [SADB_X_SPDDELETE2] = key_spddelete2, 8055 }; 8056 8057 /* 8058 * parse sadb_msg buffer to process PFKEYv2, 8059 * and create a data to response if needed. 8060 * I think to be dealed with mbuf directly. 8061 * IN: 8062 * msgp : pointer to pointer to a received buffer pulluped. 8063 * This is rewrited to response. 8064 * so : pointer to socket. 8065 * OUT: 8066 * length for buffer to send to user process. 8067 */ 8068 int 8069 key_parse(struct mbuf *m, struct socket *so) 8070 { 8071 struct sadb_msg *msg; 8072 struct sadb_msghdr mh; 8073 u_int orglen; 8074 int error; 8075 int target; 8076 8077 IPSEC_ASSERT(so != NULL, ("null socket")); 8078 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8079 8080 if (m->m_len < sizeof(struct sadb_msg)) { 8081 m = m_pullup(m, sizeof(struct sadb_msg)); 8082 if (!m) 8083 return ENOBUFS; 8084 } 8085 msg = mtod(m, struct sadb_msg *); 8086 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 8087 target = KEY_SENDUP_ONE; 8088 8089 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 8090 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 8091 PFKEYSTAT_INC(out_invlen); 8092 error = EINVAL; 8093 goto senderror; 8094 } 8095 8096 if (msg->sadb_msg_version != PF_KEY_V2) { 8097 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 8098 __func__, msg->sadb_msg_version)); 8099 PFKEYSTAT_INC(out_invver); 8100 error = EINVAL; 8101 goto senderror; 8102 } 8103 8104 if (msg->sadb_msg_type > SADB_MAX) { 8105 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 8106 __func__, msg->sadb_msg_type)); 8107 PFKEYSTAT_INC(out_invmsgtype); 8108 error = EINVAL; 8109 goto senderror; 8110 } 8111 8112 /* for old-fashioned code - should be nuked */ 8113 if (m->m_pkthdr.len > MCLBYTES) { 8114 m_freem(m); 8115 return ENOBUFS; 8116 } 8117 if (m->m_next) { 8118 struct mbuf *n; 8119 8120 n = key_mget(m->m_pkthdr.len); 8121 if (n == NULL) { 8122 m_freem(m); 8123 return ENOBUFS; 8124 } 8125 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 8126 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 8127 n->m_next = NULL; 8128 m_freem(m); 8129 m = n; 8130 } 8131 8132 /* align the mbuf chain so that extensions are in contiguous region. */ 8133 error = key_align(m, &mh); 8134 if (error) 8135 return error; 8136 8137 msg = mh.msg; 8138 8139 /* We use satype as scope mask for spddump */ 8140 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 8141 switch (msg->sadb_msg_satype) { 8142 case IPSEC_POLICYSCOPE_ANY: 8143 case IPSEC_POLICYSCOPE_GLOBAL: 8144 case IPSEC_POLICYSCOPE_IFNET: 8145 case IPSEC_POLICYSCOPE_PCB: 8146 break; 8147 default: 8148 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 8149 __func__, msg->sadb_msg_type)); 8150 PFKEYSTAT_INC(out_invsatype); 8151 error = EINVAL; 8152 goto senderror; 8153 } 8154 } else { 8155 switch (msg->sadb_msg_satype) { /* check SA type */ 8156 case SADB_SATYPE_UNSPEC: 8157 switch (msg->sadb_msg_type) { 8158 case SADB_GETSPI: 8159 case SADB_UPDATE: 8160 case SADB_ADD: 8161 case SADB_DELETE: 8162 case SADB_GET: 8163 case SADB_ACQUIRE: 8164 case SADB_EXPIRE: 8165 ipseclog((LOG_DEBUG, "%s: must specify satype " 8166 "when msg type=%u.\n", __func__, 8167 msg->sadb_msg_type)); 8168 PFKEYSTAT_INC(out_invsatype); 8169 error = EINVAL; 8170 goto senderror; 8171 } 8172 break; 8173 case SADB_SATYPE_AH: 8174 case SADB_SATYPE_ESP: 8175 case SADB_X_SATYPE_IPCOMP: 8176 case SADB_X_SATYPE_TCPSIGNATURE: 8177 switch (msg->sadb_msg_type) { 8178 case SADB_X_SPDADD: 8179 case SADB_X_SPDDELETE: 8180 case SADB_X_SPDGET: 8181 case SADB_X_SPDFLUSH: 8182 case SADB_X_SPDSETIDX: 8183 case SADB_X_SPDUPDATE: 8184 case SADB_X_SPDDELETE2: 8185 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 8186 __func__, msg->sadb_msg_type)); 8187 PFKEYSTAT_INC(out_invsatype); 8188 error = EINVAL; 8189 goto senderror; 8190 } 8191 break; 8192 case SADB_SATYPE_RSVP: 8193 case SADB_SATYPE_OSPFV2: 8194 case SADB_SATYPE_RIPV2: 8195 case SADB_SATYPE_MIP: 8196 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 8197 __func__, msg->sadb_msg_satype)); 8198 PFKEYSTAT_INC(out_invsatype); 8199 error = EOPNOTSUPP; 8200 goto senderror; 8201 case 1: /* XXX: What does it do? */ 8202 if (msg->sadb_msg_type == SADB_X_PROMISC) 8203 break; 8204 /*FALLTHROUGH*/ 8205 default: 8206 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 8207 __func__, msg->sadb_msg_satype)); 8208 PFKEYSTAT_INC(out_invsatype); 8209 error = EINVAL; 8210 goto senderror; 8211 } 8212 } 8213 8214 /* check field of upper layer protocol and address family */ 8215 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 8216 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 8217 struct sadb_address *src0, *dst0; 8218 u_int plen; 8219 8220 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 8221 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 8222 8223 /* check upper layer protocol */ 8224 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 8225 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 8226 "mismatched.\n", __func__)); 8227 PFKEYSTAT_INC(out_invaddr); 8228 error = EINVAL; 8229 goto senderror; 8230 } 8231 8232 /* check family */ 8233 if (PFKEY_ADDR_SADDR(src0)->sa_family != 8234 PFKEY_ADDR_SADDR(dst0)->sa_family) { 8235 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 8236 __func__)); 8237 PFKEYSTAT_INC(out_invaddr); 8238 error = EINVAL; 8239 goto senderror; 8240 } 8241 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8242 PFKEY_ADDR_SADDR(dst0)->sa_len) { 8243 ipseclog((LOG_DEBUG, "%s: address struct size " 8244 "mismatched.\n", __func__)); 8245 PFKEYSTAT_INC(out_invaddr); 8246 error = EINVAL; 8247 goto senderror; 8248 } 8249 8250 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 8251 case AF_INET: 8252 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8253 sizeof(struct sockaddr_in)) { 8254 PFKEYSTAT_INC(out_invaddr); 8255 error = EINVAL; 8256 goto senderror; 8257 } 8258 break; 8259 case AF_INET6: 8260 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8261 sizeof(struct sockaddr_in6)) { 8262 PFKEYSTAT_INC(out_invaddr); 8263 error = EINVAL; 8264 goto senderror; 8265 } 8266 break; 8267 default: 8268 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 8269 __func__)); 8270 PFKEYSTAT_INC(out_invaddr); 8271 error = EAFNOSUPPORT; 8272 goto senderror; 8273 } 8274 8275 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 8276 case AF_INET: 8277 plen = sizeof(struct in_addr) << 3; 8278 break; 8279 case AF_INET6: 8280 plen = sizeof(struct in6_addr) << 3; 8281 break; 8282 default: 8283 plen = 0; /*fool gcc*/ 8284 break; 8285 } 8286 8287 /* check max prefix length */ 8288 if (src0->sadb_address_prefixlen > plen || 8289 dst0->sadb_address_prefixlen > plen) { 8290 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8291 __func__)); 8292 PFKEYSTAT_INC(out_invaddr); 8293 error = EINVAL; 8294 goto senderror; 8295 } 8296 8297 /* 8298 * prefixlen == 0 is valid because there can be a case when 8299 * all addresses are matched. 8300 */ 8301 } 8302 8303 if (msg->sadb_msg_type >= nitems(key_typesw) || 8304 key_typesw[msg->sadb_msg_type] == NULL) { 8305 PFKEYSTAT_INC(out_invmsgtype); 8306 error = EINVAL; 8307 goto senderror; 8308 } 8309 8310 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8311 8312 senderror: 8313 msg->sadb_msg_errno = error; 8314 return key_sendup_mbuf(so, m, target); 8315 } 8316 8317 static int 8318 key_senderror(struct socket *so, struct mbuf *m, int code) 8319 { 8320 struct sadb_msg *msg; 8321 8322 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8323 ("mbuf too small, len %u", m->m_len)); 8324 8325 msg = mtod(m, struct sadb_msg *); 8326 msg->sadb_msg_errno = code; 8327 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8328 } 8329 8330 /* 8331 * set the pointer to each header into message buffer. 8332 * m will be freed on error. 8333 * XXX larger-than-MCLBYTES extension? 8334 */ 8335 static int 8336 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8337 { 8338 struct mbuf *n; 8339 struct sadb_ext *ext; 8340 size_t off, end; 8341 int extlen; 8342 int toff; 8343 8344 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8345 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8346 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8347 ("mbuf too small, len %u", m->m_len)); 8348 8349 /* initialize */ 8350 bzero(mhp, sizeof(*mhp)); 8351 8352 mhp->msg = mtod(m, struct sadb_msg *); 8353 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8354 8355 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8356 extlen = end; /*just in case extlen is not updated*/ 8357 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8358 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8359 if (!n) { 8360 /* m is already freed */ 8361 return ENOBUFS; 8362 } 8363 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8364 8365 /* set pointer */ 8366 switch (ext->sadb_ext_type) { 8367 case SADB_EXT_SA: 8368 case SADB_EXT_ADDRESS_SRC: 8369 case SADB_EXT_ADDRESS_DST: 8370 case SADB_EXT_ADDRESS_PROXY: 8371 case SADB_EXT_LIFETIME_CURRENT: 8372 case SADB_EXT_LIFETIME_HARD: 8373 case SADB_EXT_LIFETIME_SOFT: 8374 case SADB_EXT_KEY_AUTH: 8375 case SADB_EXT_KEY_ENCRYPT: 8376 case SADB_EXT_IDENTITY_SRC: 8377 case SADB_EXT_IDENTITY_DST: 8378 case SADB_EXT_SENSITIVITY: 8379 case SADB_EXT_PROPOSAL: 8380 case SADB_EXT_SUPPORTED_AUTH: 8381 case SADB_EXT_SUPPORTED_ENCRYPT: 8382 case SADB_EXT_SPIRANGE: 8383 case SADB_X_EXT_POLICY: 8384 case SADB_X_EXT_SA2: 8385 case SADB_X_EXT_NAT_T_TYPE: 8386 case SADB_X_EXT_NAT_T_SPORT: 8387 case SADB_X_EXT_NAT_T_DPORT: 8388 case SADB_X_EXT_NAT_T_OAI: 8389 case SADB_X_EXT_NAT_T_OAR: 8390 case SADB_X_EXT_NAT_T_FRAG: 8391 case SADB_X_EXT_SA_REPLAY: 8392 case SADB_X_EXT_NEW_ADDRESS_SRC: 8393 case SADB_X_EXT_NEW_ADDRESS_DST: 8394 #ifdef IPSEC_OFFLOAD 8395 case SADB_X_EXT_LFT_CUR_SW_OFFL: 8396 case SADB_X_EXT_LFT_CUR_HW_OFFL: 8397 case SADB_X_EXT_IF_HW_OFFL: 8398 #endif 8399 /* duplicate check */ 8400 /* 8401 * XXX Are there duplication payloads of either 8402 * KEY_AUTH or KEY_ENCRYPT ? 8403 */ 8404 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8405 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8406 "%u\n", __func__, ext->sadb_ext_type)); 8407 m_freem(m); 8408 PFKEYSTAT_INC(out_dupext); 8409 return EINVAL; 8410 } 8411 break; 8412 default: 8413 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8414 __func__, ext->sadb_ext_type)); 8415 m_freem(m); 8416 PFKEYSTAT_INC(out_invexttype); 8417 return EINVAL; 8418 } 8419 8420 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8421 8422 if (key_validate_ext(ext, extlen)) { 8423 m_freem(m); 8424 PFKEYSTAT_INC(out_invlen); 8425 return EINVAL; 8426 } 8427 8428 n = m_pulldown(m, off, extlen, &toff); 8429 if (!n) { 8430 /* m is already freed */ 8431 return ENOBUFS; 8432 } 8433 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8434 8435 mhp->ext[ext->sadb_ext_type] = ext; 8436 mhp->extoff[ext->sadb_ext_type] = off; 8437 mhp->extlen[ext->sadb_ext_type] = extlen; 8438 } 8439 8440 if (off != end) { 8441 m_freem(m); 8442 PFKEYSTAT_INC(out_invlen); 8443 return EINVAL; 8444 } 8445 8446 return 0; 8447 } 8448 8449 static int 8450 key_validate_ext(const struct sadb_ext *ext, int len) 8451 { 8452 const struct sockaddr *sa; 8453 enum { NONE, ADDR } checktype = NONE; 8454 int baselen = 0; 8455 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8456 8457 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8458 return EINVAL; 8459 8460 /* if it does not match minimum/maximum length, bail */ 8461 if (ext->sadb_ext_type >= nitems(minsize) || 8462 ext->sadb_ext_type >= nitems(maxsize)) 8463 return EINVAL; 8464 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8465 return EINVAL; 8466 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8467 return EINVAL; 8468 8469 /* more checks based on sadb_ext_type XXX need more */ 8470 switch (ext->sadb_ext_type) { 8471 case SADB_EXT_ADDRESS_SRC: 8472 case SADB_EXT_ADDRESS_DST: 8473 case SADB_EXT_ADDRESS_PROXY: 8474 case SADB_X_EXT_NAT_T_OAI: 8475 case SADB_X_EXT_NAT_T_OAR: 8476 case SADB_X_EXT_NEW_ADDRESS_SRC: 8477 case SADB_X_EXT_NEW_ADDRESS_DST: 8478 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8479 checktype = ADDR; 8480 break; 8481 case SADB_EXT_IDENTITY_SRC: 8482 case SADB_EXT_IDENTITY_DST: 8483 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8484 SADB_X_IDENTTYPE_ADDR) { 8485 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8486 checktype = ADDR; 8487 } else 8488 checktype = NONE; 8489 break; 8490 default: 8491 checktype = NONE; 8492 break; 8493 } 8494 8495 switch (checktype) { 8496 case NONE: 8497 break; 8498 case ADDR: 8499 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8500 if (len < baselen + sal) 8501 return EINVAL; 8502 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8503 return EINVAL; 8504 break; 8505 } 8506 8507 return 0; 8508 } 8509 8510 void 8511 spdcache_init(void) 8512 { 8513 int i; 8514 8515 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8516 &V_key_spdcache_maxentries); 8517 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8518 &V_key_spdcache_threshold); 8519 8520 if (V_key_spdcache_maxentries) { 8521 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8522 SPDCACHE_MAX_ENTRIES_PER_HASH); 8523 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8524 SPDCACHE_MAX_ENTRIES_PER_HASH, 8525 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8526 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8527 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8528 8529 V_spdcache_lock = malloc(sizeof(struct mtx) * 8530 (V_spdcachehash_mask + 1), 8531 M_IPSEC_SPDCACHE, M_WAITOK | M_ZERO); 8532 8533 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8534 SPDCACHE_LOCK_INIT(i); 8535 } 8536 } 8537 8538 struct spdcache_entry * 8539 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8540 { 8541 struct spdcache_entry *entry; 8542 8543 entry = malloc(sizeof(struct spdcache_entry), M_IPSEC_SPDCACHE, 8544 M_NOWAIT | M_ZERO); 8545 if (entry == NULL) 8546 return (NULL); 8547 8548 if (sp != NULL) 8549 SP_ADDREF(sp); 8550 8551 entry->spidx = *spidx; 8552 entry->sp = sp; 8553 8554 return (entry); 8555 } 8556 8557 void 8558 spdcache_entry_free(struct spdcache_entry *entry) 8559 { 8560 8561 if (entry->sp != NULL) 8562 key_freesp(&entry->sp); 8563 free(entry, M_IPSEC_SPDCACHE); 8564 } 8565 8566 void 8567 spdcache_clear(void) 8568 { 8569 struct spdcache_entry *entry; 8570 int i; 8571 8572 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8573 SPDCACHE_LOCK(i); 8574 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8575 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8576 LIST_REMOVE(entry, chain); 8577 spdcache_entry_free(entry); 8578 } 8579 SPDCACHE_UNLOCK(i); 8580 } 8581 } 8582 8583 #ifdef VIMAGE 8584 void 8585 spdcache_destroy(void) 8586 { 8587 int i; 8588 8589 if (SPDCACHE_ENABLED()) { 8590 spdcache_clear(); 8591 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8592 8593 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8594 SPDCACHE_LOCK_DESTROY(i); 8595 8596 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8597 } 8598 } 8599 #endif 8600 8601 static void 8602 key_vnet_init(void *arg __unused) 8603 { 8604 int i; 8605 8606 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8607 TAILQ_INIT(&V_sptree[i]); 8608 TAILQ_INIT(&V_sptree_ifnet[i]); 8609 } 8610 8611 TAILQ_INIT(&V_sahtree); 8612 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8613 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8614 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8615 &V_sahaddrhash_mask); 8616 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8617 &V_acqaddrhash_mask); 8618 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8619 &V_acqseqhash_mask); 8620 8621 spdcache_init(); 8622 8623 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8624 LIST_INIT(&V_regtree[i]); 8625 8626 LIST_INIT(&V_acqtree); 8627 LIST_INIT(&V_spacqtree); 8628 } 8629 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8630 key_vnet_init, NULL); 8631 8632 static void 8633 key_init(void *arg __unused) 8634 { 8635 8636 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8637 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8638 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8639 8640 SPTREE_LOCK_INIT(); 8641 REGTREE_LOCK_INIT(); 8642 SAHTREE_LOCK_INIT(); 8643 ACQ_LOCK_INIT(); 8644 SPACQ_LOCK_INIT(); 8645 SPI_ALLOC_LOCK_INIT(); 8646 8647 #ifndef IPSEC_DEBUG2 8648 callout_init(&key_timer, 1); 8649 callout_reset(&key_timer, hz, key_timehandler, NULL); 8650 #endif /*IPSEC_DEBUG2*/ 8651 8652 /* initialize key statistics */ 8653 keystat.getspi_count = 1; 8654 8655 if (bootverbose) 8656 printf("IPsec: Initialized Security Association Processing.\n"); 8657 } 8658 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8659 8660 #ifdef VIMAGE 8661 static void 8662 key_vnet_destroy(void *arg __unused) 8663 { 8664 struct secashead_queue sahdrainq; 8665 struct secpolicy_queue drainq; 8666 struct secpolicy *sp, *nextsp; 8667 struct secacq *acq, *nextacq; 8668 struct secspacq *spacq, *nextspacq; 8669 struct secashead *sah; 8670 struct secasvar *sav; 8671 struct secreg *reg; 8672 int i; 8673 8674 /* 8675 * XXX: can we just call free() for each object without 8676 * walking through safe way with releasing references? 8677 */ 8678 TAILQ_INIT(&drainq); 8679 SPTREE_WLOCK(); 8680 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8681 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8682 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8683 } 8684 for (i = 0; i < V_sphash_mask + 1; i++) 8685 LIST_INIT(&V_sphashtbl[i]); 8686 SPTREE_WUNLOCK(); 8687 spdcache_destroy(); 8688 8689 sp = TAILQ_FIRST(&drainq); 8690 while (sp != NULL) { 8691 nextsp = TAILQ_NEXT(sp, chain); 8692 key_freesp(&sp); 8693 sp = nextsp; 8694 } 8695 8696 TAILQ_INIT(&sahdrainq); 8697 SAHTREE_WLOCK(); 8698 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8699 for (i = 0; i < V_savhash_mask + 1; i++) 8700 LIST_INIT(&V_savhashtbl[i]); 8701 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8702 LIST_INIT(&V_sahaddrhashtbl[i]); 8703 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8704 sah->state = SADB_SASTATE_DEAD; 8705 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8706 sav->state = SADB_SASTATE_DEAD; 8707 ipsec_accel_forget_sav(sav); 8708 } 8709 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8710 sav->state = SADB_SASTATE_DEAD; 8711 ipsec_accel_forget_sav(sav); 8712 } 8713 } 8714 SAHTREE_WUNLOCK(); 8715 8716 /* Wait for async work referencing this VNET to finish. */ 8717 ipsec_accel_sync(); 8718 8719 key_freesah_flushed(&sahdrainq); 8720 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8721 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8722 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8723 8724 REGTREE_LOCK(); 8725 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8726 LIST_FOREACH(reg, &V_regtree[i], chain) { 8727 if (__LIST_CHAINED(reg)) { 8728 LIST_REMOVE(reg, chain); 8729 free(reg, M_IPSEC_SAR); 8730 break; 8731 } 8732 } 8733 } 8734 REGTREE_UNLOCK(); 8735 8736 ACQ_LOCK(); 8737 acq = LIST_FIRST(&V_acqtree); 8738 while (acq != NULL) { 8739 nextacq = LIST_NEXT(acq, chain); 8740 LIST_REMOVE(acq, chain); 8741 free(acq, M_IPSEC_SAQ); 8742 acq = nextacq; 8743 } 8744 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8745 LIST_INIT(&V_acqaddrhashtbl[i]); 8746 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8747 LIST_INIT(&V_acqseqhashtbl[i]); 8748 ACQ_UNLOCK(); 8749 8750 SPACQ_LOCK(); 8751 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8752 spacq = nextspacq) { 8753 nextspacq = LIST_NEXT(spacq, chain); 8754 if (__LIST_CHAINED(spacq)) { 8755 LIST_REMOVE(spacq, chain); 8756 free(spacq, M_IPSEC_SAQ); 8757 } 8758 } 8759 SPACQ_UNLOCK(); 8760 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8761 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8762 } 8763 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8764 key_vnet_destroy, NULL); 8765 #endif 8766 8767 /* 8768 * XXX: as long as domains are not unloadable, this function is never called, 8769 * provided for consistensy and future unload support. 8770 */ 8771 static void 8772 key_destroy(void *arg __unused) 8773 { 8774 uma_zdestroy(ipsec_key_lft_zone); 8775 8776 #ifndef IPSEC_DEBUG2 8777 callout_drain(&key_timer); 8778 #endif 8779 SPTREE_LOCK_DESTROY(); 8780 REGTREE_LOCK_DESTROY(); 8781 SAHTREE_LOCK_DESTROY(); 8782 ACQ_LOCK_DESTROY(); 8783 SPACQ_LOCK_DESTROY(); 8784 SPI_ALLOC_LOCK_DESTROY(); 8785 } 8786 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8787 8788 /* record data transfer on SA, and update timestamps */ 8789 void 8790 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8791 { 8792 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8793 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8794 8795 /* 8796 * XXX Currently, there is a difference of bytes size 8797 * between inbound and outbound processing. 8798 */ 8799 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8800 8801 /* 8802 * We use the number of packets as the unit of 8803 * allocations. We increment the variable 8804 * whenever {esp,ah}_{in,out}put is called. 8805 */ 8806 counter_u64_add(sav->lft_c_allocations, 1); 8807 8808 /* 8809 * NOTE: We record CURRENT usetime by using wall clock, 8810 * in seconds. HARD and SOFT lifetime are measured by the time 8811 * difference (again in seconds) from usetime. 8812 * 8813 * usetime 8814 * v expire expire 8815 * -----+-----+--------+---> t 8816 * <--------------> HARD 8817 * <-----> SOFT 8818 */ 8819 if (sav->firstused == 0) 8820 sav->firstused = time_second; 8821 } 8822 8823 /* 8824 * Take one of the kernel's security keys and convert it into a PF_KEY 8825 * structure within an mbuf, suitable for sending up to a waiting 8826 * application in user land. 8827 * 8828 * IN: 8829 * src: A pointer to a kernel security key. 8830 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8831 * OUT: 8832 * a valid mbuf or NULL indicating an error 8833 * 8834 */ 8835 8836 static struct mbuf * 8837 key_setkey(struct seckey *src, uint16_t exttype) 8838 { 8839 struct mbuf *m; 8840 struct sadb_key *p; 8841 int len; 8842 8843 if (src == NULL) 8844 return NULL; 8845 8846 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8847 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8848 if (m == NULL) 8849 return NULL; 8850 m_align(m, len); 8851 m->m_len = len; 8852 p = mtod(m, struct sadb_key *); 8853 bzero(p, len); 8854 p->sadb_key_len = PFKEY_UNIT64(len); 8855 p->sadb_key_exttype = exttype; 8856 p->sadb_key_bits = src->bits; 8857 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8858 8859 return m; 8860 } 8861 8862 #ifdef IPSEC_OFFLOAD 8863 struct mbuf * 8864 key_setaccelif(const char *ifname) 8865 { 8866 struct mbuf *m = NULL; 8867 struct sadb_x_if_hw_offl *p; 8868 int len = PFKEY_ALIGN8(sizeof(*p)); 8869 8870 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8871 if (m == NULL) 8872 return (m); 8873 m_align(m, len); 8874 m->m_len = len; 8875 p = mtod(m, struct sadb_x_if_hw_offl *); 8876 8877 bzero(p, len); 8878 p->sadb_x_if_hw_offl_len = PFKEY_UNIT64(len); 8879 p->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; 8880 p->sadb_x_if_hw_offl_flags = 0; 8881 strncpy(p->sadb_x_if_hw_offl_if, ifname, 8882 sizeof(p->sadb_x_if_hw_offl_if)); 8883 8884 return (m); 8885 } 8886 #endif 8887 8888 /* 8889 * Take one of the kernel's lifetime data structures and convert it 8890 * into a PF_KEY structure within an mbuf, suitable for sending up to 8891 * a waiting application in user land. 8892 * 8893 * IN: 8894 * src: A pointer to a kernel lifetime structure. 8895 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8896 * data structures for more information. 8897 * OUT: 8898 * a valid mbuf or NULL indicating an error 8899 * 8900 */ 8901 8902 static struct mbuf * 8903 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8904 { 8905 struct mbuf *m = NULL; 8906 struct sadb_lifetime *p; 8907 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8908 8909 if (src == NULL) 8910 return NULL; 8911 8912 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8913 if (m == NULL) 8914 return m; 8915 m_align(m, len); 8916 m->m_len = len; 8917 p = mtod(m, struct sadb_lifetime *); 8918 8919 bzero(p, len); 8920 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8921 p->sadb_lifetime_exttype = exttype; 8922 p->sadb_lifetime_allocations = src->allocations; 8923 p->sadb_lifetime_bytes = src->bytes; 8924 p->sadb_lifetime_addtime = src->addtime; 8925 p->sadb_lifetime_usetime = src->usetime; 8926 8927 return m; 8928 8929 } 8930 8931 const struct enc_xform * 8932 enc_algorithm_lookup(int alg) 8933 { 8934 int i; 8935 8936 for (i = 0; i < nitems(supported_ealgs); i++) 8937 if (alg == supported_ealgs[i].sadb_alg) 8938 return (supported_ealgs[i].xform); 8939 return (NULL); 8940 } 8941 8942 const struct auth_hash * 8943 auth_algorithm_lookup(int alg) 8944 { 8945 int i; 8946 8947 for (i = 0; i < nitems(supported_aalgs); i++) 8948 if (alg == supported_aalgs[i].sadb_alg) 8949 return (supported_aalgs[i].xform); 8950 return (NULL); 8951 } 8952 8953 const struct comp_algo * 8954 comp_algorithm_lookup(int alg) 8955 { 8956 int i; 8957 8958 for (i = 0; i < nitems(supported_calgs); i++) 8959 if (alg == supported_calgs[i].sadb_alg) 8960 return (supported_calgs[i].xform); 8961 return (NULL); 8962 } 8963 8964 void 8965 ipsec_sahtree_runlock(struct rm_priotracker *sahtree_trackerp) 8966 { 8967 rm_runlock(&sahtree_lock, sahtree_trackerp); 8968 } 8969 8970 void 8971 ipsec_sahtree_rlock(struct rm_priotracker *sahtree_trackerp) 8972 { 8973 rm_rlock(&sahtree_lock, sahtree_trackerp); 8974 } 8975 8976 #ifdef IPSEC_OFFLOAD 8977 void 8978 ipsec_accel_on_ifdown(struct ifnet *ifp) 8979 { 8980 void (*p)(struct ifnet *ifp); 8981 8982 p = atomic_load_ptr(&ipsec_accel_on_ifdown_p); 8983 if (p != NULL) 8984 p(ifp); 8985 } 8986 8987 void 8988 ipsec_accel_drv_sa_lifetime_update(struct secasvar *sav, if_t ifp, 8989 u_int drv_spi, uint64_t octets, uint64_t allocs) 8990 { 8991 void (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, 8992 uint64_t octets, uint64_t allocs); 8993 8994 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_update_p); 8995 if (p != NULL) 8996 p(sav, ifp, drv_spi, octets, allocs); 8997 } 8998 8999 int 9000 ipsec_accel_drv_sa_lifetime_fetch(struct secasvar *sav, 9001 if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs) 9002 { 9003 int (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, 9004 uint64_t *octets, uint64_t *allocs); 9005 9006 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_fetch_p); 9007 if (p == NULL) 9008 return (EOPNOTSUPP); 9009 return (p(sav, ifp, drv_spi, octets, allocs)); 9010 } 9011 #endif 9012