1 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * This code is referd to RFC 2367 36 */ 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 #include "opt_ipsec.h" 41 42 #include <sys/types.h> 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/kernel.h> 46 #include <sys/fnv_hash.h> 47 #include <sys/lock.h> 48 #include <sys/mutex.h> 49 #include <sys/mbuf.h> 50 #include <sys/domain.h> 51 #include <sys/protosw.h> 52 #include <sys/malloc.h> 53 #include <sys/rmlock.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/sysctl.h> 57 #include <sys/errno.h> 58 #include <sys/proc.h> 59 #include <sys/queue.h> 60 #include <sys/refcount.h> 61 #include <sys/stdarg.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 70 #include <netinet/in.h> 71 #include <netinet/in_systm.h> 72 #include <netinet/ip.h> 73 #include <netinet/in_var.h> 74 #include <netinet/udp.h> 75 76 #ifdef INET6 77 #include <netinet/ip6.h> 78 #include <netinet6/in6_var.h> 79 #include <netinet6/ip6_var.h> 80 #endif /* INET6 */ 81 82 #include <net/pfkeyv2.h> 83 #include <netipsec/keydb.h> 84 #include <netipsec/key.h> 85 #include <netipsec/keysock.h> 86 #include <netipsec/key_debug.h> 87 #include <netipsec/ipsec_offload.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <netipsec/ipsec_offload.h> 96 #include <machine/in_cksum.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #ifdef IPSEC_OFFLOAD 102 void (*ipsec_accel_sa_newkey_p)(struct secasvar *sav); 103 void (*ipsec_accel_forget_sav_p)(struct secasvar *sav); 104 void (*ipsec_accel_spdadd_p)(struct secpolicy *sp, struct inpcb *inp); 105 void (*ipsec_accel_spddel_p)(struct secpolicy *sp); 106 int (*ipsec_accel_sa_lifetime_op_p)(struct secasvar *sav, 107 struct seclifetime *lft_c, if_t ifp, enum IF_SA_CNT_WHICH op, 108 struct rm_priotracker *sahtree_trackerp); 109 void (*ipsec_accel_sync_p)(void); 110 bool (*ipsec_accel_is_accel_sav_p)(struct secasvar *sav); 111 struct mbuf *(*ipsec_accel_key_setaccelif_p)(struct secasvar *sav); 112 void (*ipsec_accel_on_ifdown_p)(struct ifnet *ifp); 113 void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp, 114 u_int drv_spi, uint64_t octets, uint64_t allocs); 115 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp, 116 u_int drv_spi, uint64_t *octets, uint64_t *allocs); 117 bool (*ipsec_accel_fill_xh_p)(if_t ifp, uint32_t drv_spi, 118 struct xform_history *xh); 119 #endif 120 121 #define FULLMASK 0xff 122 #define _BITS(bytes) ((bytes) << 3) 123 124 #define UINT32_80PCT 0xcccccccc 125 /* 126 * Note on SA reference counting: 127 * - SAs that are not in DEAD state will have (total external reference + 1) 128 * following value in reference count field. they cannot be freed and are 129 * referenced from SA header. 130 * - SAs that are in DEAD state will have (total external reference) 131 * in reference count field. they are ready to be freed. reference from 132 * SA header will be removed in key_delsav(), when the reference count 133 * field hits 0 (= no external reference other than from SA header. 134 */ 135 136 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 137 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 138 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 139 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 140 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 141 /*interval to initialize randseed,1(m)*/ 142 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 143 /* interval to expire acquiring, 30(s)*/ 144 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 145 /* counter for blocking SADB_ACQUIRE.*/ 146 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 147 /* lifetime for blocking SADB_ACQUIRE.*/ 148 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 149 /* preferred old sa rather than new sa.*/ 150 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 151 #define V_key_spi_trycnt VNET(key_spi_trycnt) 152 #define V_key_spi_minval VNET(key_spi_minval) 153 #define V_key_spi_maxval VNET(key_spi_maxval) 154 #define V_policy_id VNET(policy_id) 155 #define V_key_int_random VNET(key_int_random) 156 #define V_key_larval_lifetime VNET(key_larval_lifetime) 157 #define V_key_blockacq_count VNET(key_blockacq_count) 158 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 159 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 160 161 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 162 #define V_acq_seq VNET(acq_seq) 163 164 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 165 #define V_sp_genid VNET(sp_genid) 166 167 /* SPD */ 168 TAILQ_HEAD(secpolicy_queue, secpolicy); 169 LIST_HEAD(secpolicy_list, secpolicy); 170 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 171 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 172 static struct rmlock sptree_lock; 173 #define V_sptree VNET(sptree) 174 #define V_sptree_ifnet VNET(sptree_ifnet) 175 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 176 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 177 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 178 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 179 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 180 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 181 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 182 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 183 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 184 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 185 186 /* Hash table for lookup SP using unique id */ 187 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 188 VNET_DEFINE_STATIC(u_long, sphash_mask); 189 #define V_sphashtbl VNET(sphashtbl) 190 #define V_sphash_mask VNET(sphash_mask) 191 192 #define SPHASH_NHASH_LOG2 7 193 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 194 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 195 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 196 197 /* SPD cache */ 198 struct spdcache_entry { 199 struct secpolicyindex spidx; /* secpolicyindex */ 200 struct secpolicy *sp; /* cached policy to be used */ 201 202 LIST_ENTRY(spdcache_entry) chain; 203 }; 204 LIST_HEAD(spdcache_entry_list, spdcache_entry); 205 206 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 207 208 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 209 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 210 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 211 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 212 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 213 #define V_spd_size VNET(spd_size) 214 215 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 216 #define SPDCACHE_ACTIVE() \ 217 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 218 219 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 220 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 221 #define V_spdcachehashtbl VNET(spdcachehashtbl) 222 #define V_spdcachehash_mask VNET(spdcachehash_mask) 223 224 #define SPDCACHE_HASHVAL(idx) \ 225 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 226 V_spdcachehash_mask) 227 228 /* Each cache line is protected by a mutex */ 229 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 230 #define V_spdcache_lock VNET(spdcache_lock) 231 232 #define SPDCACHE_LOCK_INIT(a) \ 233 mtx_init(&V_spdcache_lock[a], "spdcache", \ 234 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 235 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 236 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 237 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 238 239 static struct sx spi_alloc_lock; 240 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 241 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 242 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 243 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 244 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 245 246 /* SAD */ 247 TAILQ_HEAD(secashead_queue, secashead); 248 LIST_HEAD(secashead_list, secashead); 249 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 250 static struct rmlock sahtree_lock; 251 #define V_sahtree VNET(sahtree) 252 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 253 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 254 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 255 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 256 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 257 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 258 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 259 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 260 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 261 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 262 263 /* Hash table for lookup in SAD using SA addresses */ 264 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 265 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 266 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 267 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 268 269 #define SAHHASH_NHASH_LOG2 7 270 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 271 #define SAHADDRHASH_HASHVAL(idx) \ 272 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 273 V_sahaddrhash_mask) 274 #define SAHADDRHASH_HASH(saidx) \ 275 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 276 277 /* Hash table for lookup in SAD using SPI */ 278 LIST_HEAD(secasvar_list, secasvar); 279 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 280 VNET_DEFINE_STATIC(u_long, savhash_mask); 281 #define V_savhashtbl VNET(savhashtbl) 282 #define V_savhash_mask VNET(savhash_mask) 283 #define SAVHASH_NHASH_LOG2 7 284 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 285 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 286 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 287 288 static uint32_t 289 key_addrprotohash(const union sockaddr_union *src, 290 const union sockaddr_union *dst, const uint8_t *proto) 291 { 292 uint32_t hval; 293 294 hval = fnv_32_buf(proto, sizeof(*proto), 295 FNV1_32_INIT); 296 switch (dst->sa.sa_family) { 297 #ifdef INET 298 case AF_INET: 299 hval = fnv_32_buf(&src->sin.sin_addr, 300 sizeof(in_addr_t), hval); 301 hval = fnv_32_buf(&dst->sin.sin_addr, 302 sizeof(in_addr_t), hval); 303 break; 304 #endif 305 #ifdef INET6 306 case AF_INET6: 307 hval = fnv_32_buf(&src->sin6.sin6_addr, 308 sizeof(struct in6_addr), hval); 309 hval = fnv_32_buf(&dst->sin6.sin6_addr, 310 sizeof(struct in6_addr), hval); 311 break; 312 #endif 313 default: 314 hval = 0; 315 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 316 __func__, dst->sa.sa_family)); 317 } 318 return (hval); 319 } 320 321 static uint32_t 322 key_u32hash(uint32_t val) 323 { 324 325 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 326 } 327 328 /* registed list */ 329 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 330 #define V_regtree VNET(regtree) 331 static struct mtx regtree_lock; 332 #define REGTREE_LOCK_INIT() \ 333 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 334 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 335 #define REGTREE_LOCK() mtx_lock(®tree_lock) 336 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 337 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 338 339 /* Acquiring list */ 340 LIST_HEAD(secacq_list, secacq); 341 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 342 #define V_acqtree VNET(acqtree) 343 static struct mtx acq_lock; 344 #define ACQ_LOCK_INIT() \ 345 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 346 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 347 #define ACQ_LOCK() mtx_lock(&acq_lock) 348 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 349 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 350 351 /* Hash table for lookup in ACQ list using SA addresses */ 352 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 353 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 354 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 355 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 356 357 /* Hash table for lookup in ACQ list using SEQ number */ 358 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 359 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 360 #define V_acqseqhashtbl VNET(acqseqhashtbl) 361 #define V_acqseqhash_mask VNET(acqseqhash_mask) 362 363 #define ACQHASH_NHASH_LOG2 7 364 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 365 #define ACQADDRHASH_HASHVAL(idx) \ 366 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 367 V_acqaddrhash_mask) 368 #define ACQSEQHASH_HASHVAL(seq) \ 369 (key_u32hash(seq) & V_acqseqhash_mask) 370 #define ACQADDRHASH_HASH(saidx) \ 371 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 372 #define ACQSEQHASH_HASH(seq) \ 373 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 374 /* SP acquiring list */ 375 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 376 #define V_spacqtree VNET(spacqtree) 377 static struct mtx spacq_lock; 378 #define SPACQ_LOCK_INIT() \ 379 mtx_init(&spacq_lock, "spacqtree", \ 380 "fast ipsec security policy acquire list", MTX_DEF) 381 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 382 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 383 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 384 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 385 386 static const int minsize[] = { 387 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 388 [SADB_EXT_SA] = sizeof(struct sadb_sa), 389 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 390 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 391 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 392 [SADB_EXT_ADDRESS_SRC] = sizeof(struct sadb_address), 393 [SADB_EXT_ADDRESS_DST] = sizeof(struct sadb_address), 394 [SADB_EXT_ADDRESS_PROXY] = sizeof(struct sadb_address), 395 [SADB_EXT_KEY_AUTH] = sizeof(struct sadb_key), 396 [SADB_EXT_KEY_ENCRYPT] = sizeof(struct sadb_key), 397 [SADB_EXT_IDENTITY_SRC] = sizeof(struct sadb_ident), 398 [SADB_EXT_IDENTITY_DST] = sizeof(struct sadb_ident), 399 [SADB_EXT_SENSITIVITY] = sizeof(struct sadb_sens), 400 [SADB_EXT_PROPOSAL] = sizeof(struct sadb_prop), 401 [SADB_EXT_SUPPORTED_AUTH] = sizeof(struct sadb_supported), 402 [SADB_EXT_SUPPORTED_ENCRYPT] = sizeof(struct sadb_supported), 403 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 404 [SADB_X_EXT_KMPRIVATE] = 0, 405 [SADB_X_EXT_POLICY] = sizeof(struct sadb_x_policy), 406 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 407 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 408 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 409 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 410 [SADB_X_EXT_NAT_T_OAI] = sizeof(struct sadb_address), 411 [SADB_X_EXT_NAT_T_OAR] = sizeof(struct sadb_address), 412 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 413 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 414 [SADB_X_EXT_NEW_ADDRESS_SRC] = sizeof(struct sadb_address), 415 [SADB_X_EXT_NEW_ADDRESS_DST] = sizeof(struct sadb_address), 416 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime), 417 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime), 418 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl), 419 }; 420 _Static_assert(nitems(minsize) == SADB_EXT_MAX + 1, "minsize size mismatch"); 421 422 static const int maxsize[] = { 423 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 424 [SADB_EXT_SA] = sizeof(struct sadb_sa), 425 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 426 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 427 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 428 [SADB_EXT_ADDRESS_SRC] = 0, 429 [SADB_EXT_ADDRESS_DST] = 0, 430 [SADB_EXT_ADDRESS_PROXY] = 0, 431 [SADB_EXT_KEY_AUTH] = 0, 432 [SADB_EXT_KEY_ENCRYPT] = 0, 433 [SADB_EXT_IDENTITY_SRC] = 0, 434 [SADB_EXT_IDENTITY_DST] = 0, 435 [SADB_EXT_SENSITIVITY] = 0, 436 [SADB_EXT_PROPOSAL] = 0, 437 [SADB_EXT_SUPPORTED_AUTH] = 0, 438 [SADB_EXT_SUPPORTED_ENCRYPT] = 0, 439 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 440 [SADB_X_EXT_KMPRIVATE] = 0, 441 [SADB_X_EXT_POLICY] = 0, 442 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 443 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 444 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 445 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 446 [SADB_X_EXT_NAT_T_OAI] = 0, 447 [SADB_X_EXT_NAT_T_OAR] = 0, 448 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 449 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 450 [SADB_X_EXT_NEW_ADDRESS_SRC] = 0, 451 [SADB_X_EXT_NEW_ADDRESS_DST] = 0, 452 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime), 453 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime), 454 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl), 455 }; 456 _Static_assert(nitems(maxsize) == SADB_EXT_MAX + 1, "maxsize size mismatch"); 457 458 /* 459 * Internal values for SA flags: 460 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 461 * thus we will not free the most of SA content in key_delsav(). 462 */ 463 #define SADB_X_EXT_F_CLONED 0x80000000 464 465 #define SADB_CHECKLEN(_mhp, _ext) \ 466 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 467 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 468 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 469 470 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 471 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 472 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 473 474 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 475 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 476 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 477 478 #ifdef IPSEC_DEBUG 479 VNET_DEFINE(int, ipsec_debug) = 1; 480 #else 481 VNET_DEFINE(int, ipsec_debug) = 0; 482 #endif 483 484 #ifdef INET 485 SYSCTL_DECL(_net_inet_ipsec); 486 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 487 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 488 "Enable IPsec debugging output when set."); 489 #endif 490 #ifdef INET6 491 SYSCTL_DECL(_net_inet6_ipsec6); 492 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 494 "Enable IPsec debugging output when set."); 495 #endif 496 497 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 498 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 499 500 /* max count of trial for the decision of spi value */ 501 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 502 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 503 504 /* minimum spi value to allocate automatically. */ 505 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 506 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 507 508 /* maximun spi value to allocate automatically. */ 509 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 510 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 511 512 /* interval to initialize randseed */ 513 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 514 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 515 516 /* lifetime for larval SA */ 517 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 518 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 519 520 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 521 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 522 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 523 524 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 525 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 526 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 527 528 /* ESP auth */ 529 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 530 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 531 532 /* minimum ESP key length */ 533 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 534 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 535 536 /* minimum AH key length */ 537 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 538 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 539 540 /* perfered old SA rather than new SA */ 541 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 542 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 543 544 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 545 "SPD cache"); 546 547 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 548 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 549 "Maximum number of entries in the SPD cache" 550 " (power of 2, 0 to disable)"); 551 552 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 553 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 554 "Number of SPs that make the SPD cache active"); 555 556 #define __LIST_CHAINED(elm) \ 557 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 558 559 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 560 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 561 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 562 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 563 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 564 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 565 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 566 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 567 568 static uma_zone_t __read_mostly ipsec_key_lft_zone; 569 570 /* 571 * set parameters into secpolicyindex buffer. 572 * Must allocate secpolicyindex buffer passed to this function. 573 */ 574 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 575 do { \ 576 bzero((idx), sizeof(struct secpolicyindex)); \ 577 (idx)->dir = (_dir); \ 578 (idx)->prefs = (ps); \ 579 (idx)->prefd = (pd); \ 580 (idx)->ul_proto = (ulp); \ 581 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 582 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 583 } while (0) 584 585 /* 586 * set parameters into secasindex buffer. 587 * Must allocate secasindex buffer before calling this function. 588 */ 589 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 590 do { \ 591 bzero((idx), sizeof(struct secasindex)); \ 592 (idx)->proto = (p); \ 593 (idx)->mode = (m); \ 594 (idx)->reqid = (r); \ 595 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 596 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 597 key_porttosaddr(&(idx)->src.sa, 0); \ 598 key_porttosaddr(&(idx)->dst.sa, 0); \ 599 } while (0) 600 601 /* key statistics */ 602 struct _keystat { 603 u_long getspi_count; /* the avarage of count to try to get new SPI */ 604 } keystat; 605 606 struct sadb_msghdr { 607 struct sadb_msg *msg; 608 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 609 int extoff[SADB_EXT_MAX + 1]; 610 int extlen[SADB_EXT_MAX + 1]; 611 }; 612 613 static const struct supported_ealgs { 614 int sadb_alg; 615 const struct enc_xform *xform; 616 } supported_ealgs[] = { 617 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 618 { SADB_EALG_NULL, &enc_xform_null }, 619 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 620 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 621 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 622 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 }, 623 }; 624 625 static const struct supported_aalgs { 626 int sadb_alg; 627 const struct auth_hash *xform; 628 } supported_aalgs[] = { 629 { SADB_X_AALG_NULL, &auth_hash_null }, 630 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 631 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 632 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 633 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 634 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 635 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 636 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 637 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 }, 638 }; 639 640 static const struct supported_calgs { 641 int sadb_alg; 642 const struct comp_algo *xform; 643 } supported_calgs[] = { 644 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 645 }; 646 647 #ifndef IPSEC_DEBUG2 648 static struct callout key_timer; 649 #endif 650 651 static void key_unlink(struct secpolicy *); 652 static void key_detach(struct secpolicy *); 653 static struct secpolicy *key_getsp(struct secpolicyindex *); 654 static struct secpolicy *key_getspbyid(u_int32_t); 655 static struct mbuf *key_gather_mbuf(struct mbuf *, 656 const struct sadb_msghdr *, int, int, ...); 657 static int key_spdadd(struct socket *, struct mbuf *, 658 const struct sadb_msghdr *); 659 static uint32_t key_getnewspid(void); 660 static int key_spddelete(struct socket *, struct mbuf *, 661 const struct sadb_msghdr *); 662 static int key_spddelete2(struct socket *, struct mbuf *, 663 const struct sadb_msghdr *); 664 static int key_spdget(struct socket *, struct mbuf *, 665 const struct sadb_msghdr *); 666 static int key_spdflush(struct socket *, struct mbuf *, 667 const struct sadb_msghdr *); 668 static int key_spddump(struct socket *, struct mbuf *, 669 const struct sadb_msghdr *); 670 static struct mbuf *key_setdumpsp(struct secpolicy *, 671 u_int8_t, u_int32_t, u_int32_t); 672 static struct mbuf *key_sp2mbuf(struct secpolicy *); 673 static size_t key_getspreqmsglen(struct secpolicy *); 674 static int key_spdexpire(struct secpolicy *); 675 static struct secashead *key_newsah(struct secasindex *); 676 static void key_freesah(struct secashead **); 677 static void key_delsah(struct secashead *); 678 static struct secasvar *key_newsav(const struct sadb_msghdr *, 679 struct secasindex *, uint32_t, int *); 680 static void key_delsav(struct secasvar *); 681 static void key_unlinksav(struct secasvar *); 682 static struct secashead *key_getsah(struct secasindex *); 683 static int key_checkspidup(uint32_t); 684 static struct secasvar *key_getsavbyspi(uint32_t); 685 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 686 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 687 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 688 static int key_updateaddresses(struct socket *, struct mbuf *, 689 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 690 691 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 692 u_int8_t, u_int32_t, u_int32_t, struct rm_priotracker *); 693 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 694 u_int32_t, pid_t, u_int16_t); 695 static struct mbuf *key_setsadbsa(struct secasvar *); 696 static struct mbuf *key_setsadbaddr(u_int16_t, 697 const struct sockaddr *, u_int8_t, u_int16_t); 698 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 699 static struct mbuf *key_setsadbxtype(u_int16_t); 700 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 701 static struct mbuf *key_setsadbxsareplay(u_int32_t); 702 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 703 u_int32_t, u_int32_t); 704 static struct seckey *key_dup_keymsg(const struct sadb_key *, 705 struct malloc_type *); 706 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 707 struct malloc_type *); 708 709 /* flags for key_cmpsaidx() */ 710 #define CMP_HEAD 1 /* protocol, addresses. */ 711 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 712 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 713 #define CMP_EXACTLY 4 /* all elements. */ 714 static int key_cmpsaidx(const struct secasindex *, 715 const struct secasindex *, int); 716 static int key_cmpspidx_exactly(struct secpolicyindex *, 717 struct secpolicyindex *); 718 static int key_cmpspidx_withmask(struct secpolicyindex *, 719 struct secpolicyindex *); 720 static int key_bbcmp(const void *, const void *, u_int); 721 static uint8_t key_satype2proto(uint8_t); 722 static uint8_t key_proto2satype(uint8_t); 723 724 static int key_getspi(struct socket *, struct mbuf *, 725 const struct sadb_msghdr *); 726 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 727 static int key_update(struct socket *, struct mbuf *, 728 const struct sadb_msghdr *); 729 static int key_add(struct socket *, struct mbuf *, 730 const struct sadb_msghdr *); 731 static int key_setident(struct secashead *, const struct sadb_msghdr *); 732 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 733 const struct sadb_msghdr *); 734 static int key_delete(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *); 736 static int key_delete_all(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *, struct secasindex *); 738 static int key_get(struct socket *, struct mbuf *, 739 const struct sadb_msghdr *); 740 741 static void key_getcomb_setlifetime(struct sadb_comb *); 742 static struct mbuf *key_getcomb_ealg(void); 743 static struct mbuf *key_getcomb_ah(void); 744 static struct mbuf *key_getcomb_ipcomp(void); 745 static struct mbuf *key_getprop(const struct secasindex *); 746 747 static int key_acquire(const struct secasindex *, struct secpolicy *); 748 static uint32_t key_newacq(const struct secasindex *, int *); 749 static uint32_t key_getacq(const struct secasindex *, int *); 750 static int key_acqdone(const struct secasindex *, uint32_t); 751 static int key_acqreset(uint32_t); 752 static struct secspacq *key_newspacq(struct secpolicyindex *); 753 static struct secspacq *key_getspacq(struct secpolicyindex *); 754 static int key_acquire2(struct socket *, struct mbuf *, 755 const struct sadb_msghdr *); 756 static int key_register(struct socket *, struct mbuf *, 757 const struct sadb_msghdr *); 758 static int key_expire(struct secasvar *, int); 759 static int key_flush(struct socket *, struct mbuf *, 760 const struct sadb_msghdr *); 761 static int key_dump(struct socket *, struct mbuf *, 762 const struct sadb_msghdr *); 763 static int key_promisc(struct socket *, struct mbuf *, 764 const struct sadb_msghdr *); 765 static int key_senderror(struct socket *, struct mbuf *, int); 766 static int key_validate_ext(const struct sadb_ext *, int); 767 static int key_align(struct mbuf *, struct sadb_msghdr *); 768 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 769 static struct mbuf *key_setkey(struct seckey *, uint16_t); 770 771 static void spdcache_init(void); 772 static void spdcache_clear(void); 773 static struct spdcache_entry *spdcache_entry_alloc( 774 const struct secpolicyindex *spidx, 775 struct secpolicy *policy); 776 static void spdcache_entry_free(struct spdcache_entry *entry); 777 #ifdef VIMAGE 778 static void spdcache_destroy(void); 779 #endif 780 781 #define DBG_IPSEC_INITREF(t, p) do { \ 782 refcount_init(&(p)->refcnt, 1); \ 783 KEYDBG(KEY_STAMP, \ 784 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 785 __func__, #t, (p), (p)->refcnt)); \ 786 } while (0) 787 #define DBG_IPSEC_ADDREF(t, p) do { \ 788 refcount_acquire(&(p)->refcnt); \ 789 KEYDBG(KEY_STAMP, \ 790 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 791 __func__, #t, (p), (p)->refcnt)); \ 792 } while (0) 793 #define DBG_IPSEC_DELREF(t, p) do { \ 794 KEYDBG(KEY_STAMP, \ 795 printf("%s: Release refcnt %s(%p) -> %u\n", \ 796 __func__, #t, (p), (p)->refcnt - 1)); \ 797 refcount_release(&(p)->refcnt); \ 798 } while (0) 799 800 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 801 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 802 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 803 804 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 805 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 806 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 807 808 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 809 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 810 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 811 812 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 813 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 814 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 815 816 /* 817 * Update the refcnt while holding the SPTREE lock. 818 */ 819 void 820 key_addref(struct secpolicy *sp) 821 { 822 823 SP_ADDREF(sp); 824 } 825 826 /* 827 * Return 0 when there are known to be no SP's for the specified 828 * direction. Otherwise return 1. This is used by IPsec code 829 * to optimize performance. 830 */ 831 int 832 key_havesp(u_int dir) 833 { 834 835 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 836 ("invalid direction %u", dir)); 837 return (TAILQ_FIRST(&V_sptree[dir]) != NULL); 838 } 839 840 int 841 key_havesp_any(void) 842 { 843 844 return (V_spd_size != 0); 845 } 846 847 /* 848 * Allocate a single mbuf with a buffer of the desired length. The buffer is 849 * pre-zeroed to help ensure that uninitialized pad bytes are not leaked. 850 */ 851 static struct mbuf * 852 key_mget(u_int len) 853 { 854 struct mbuf *m; 855 856 KASSERT(len <= MCLBYTES, 857 ("%s: invalid buffer length %u", __func__, len)); 858 859 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); 860 if (m == NULL) 861 return (NULL); 862 memset(mtod(m, void *), 0, len); 863 return (m); 864 } 865 866 /* %%% IPsec policy management */ 867 /* 868 * Return current SPDB generation. 869 */ 870 uint32_t 871 key_getspgen(void) 872 { 873 874 return (V_sp_genid); 875 } 876 877 void 878 key_bumpspgen(void) 879 { 880 881 V_sp_genid++; 882 } 883 884 static int 885 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 886 { 887 888 /* family match */ 889 if (src->sa_family != dst->sa_family) 890 return (EINVAL); 891 /* sa_len match */ 892 if (src->sa_len != dst->sa_len) 893 return (EINVAL); 894 switch (src->sa_family) { 895 #ifdef INET 896 case AF_INET: 897 if (src->sa_len != sizeof(struct sockaddr_in)) 898 return (EINVAL); 899 break; 900 #endif 901 #ifdef INET6 902 case AF_INET6: 903 if (src->sa_len != sizeof(struct sockaddr_in6)) 904 return (EINVAL); 905 break; 906 #endif 907 default: 908 return (EAFNOSUPPORT); 909 } 910 return (0); 911 } 912 913 struct secpolicy * 914 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 915 { 916 SPTREE_RLOCK_TRACKER; 917 struct secpolicy *sp; 918 919 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 920 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 921 ("invalid direction %u", dir)); 922 923 SPTREE_RLOCK(); 924 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 925 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 926 SP_ADDREF(sp); 927 break; 928 } 929 } 930 SPTREE_RUNLOCK(); 931 return (sp); 932 } 933 934 /* 935 * allocating a SP for OUTBOUND or INBOUND packet. 936 * Must call key_freesp() later. 937 * OUT: NULL: not found 938 * others: found and return the pointer. 939 */ 940 struct secpolicy * 941 key_allocsp(struct secpolicyindex *spidx, u_int dir) 942 { 943 struct spdcache_entry *entry, *lastentry, *tmpentry; 944 struct secpolicy *sp; 945 uint32_t hashv; 946 time_t ts; 947 int nb_entries; 948 949 if (!SPDCACHE_ACTIVE()) { 950 sp = key_do_allocsp(spidx, dir); 951 goto out; 952 } 953 954 hashv = SPDCACHE_HASHVAL(spidx); 955 SPDCACHE_LOCK(hashv); 956 nb_entries = 0; 957 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 958 /* Removed outdated entries */ 959 if (entry->sp != NULL && 960 entry->sp->state == IPSEC_SPSTATE_DEAD) { 961 LIST_REMOVE(entry, chain); 962 spdcache_entry_free(entry); 963 continue; 964 } 965 966 nb_entries++; 967 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 968 lastentry = entry; 969 continue; 970 } 971 972 sp = entry->sp; 973 if (entry->sp != NULL) 974 SP_ADDREF(sp); 975 976 /* IPSECSTAT_INC(ips_spdcache_hits); */ 977 978 SPDCACHE_UNLOCK(hashv); 979 goto out; 980 } 981 982 /* IPSECSTAT_INC(ips_spdcache_misses); */ 983 984 sp = key_do_allocsp(spidx, dir); 985 entry = spdcache_entry_alloc(spidx, sp); 986 if (entry != NULL) { 987 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 988 LIST_REMOVE(lastentry, chain); 989 spdcache_entry_free(lastentry); 990 } 991 992 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 993 } 994 995 SPDCACHE_UNLOCK(hashv); 996 997 out: 998 if (sp != NULL) { /* found a SPD entry */ 999 ts = time_second; 1000 if (__predict_false(sp->lastused != ts)) 1001 sp->lastused = ts; 1002 KEYDBG(IPSEC_STAMP, 1003 printf("%s: return SP(%p)\n", __func__, sp)); 1004 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1005 } else { 1006 KEYDBG(IPSEC_DATA, 1007 printf("%s: lookup failed for ", __func__); 1008 kdebug_secpolicyindex(spidx, NULL)); 1009 } 1010 return (sp); 1011 } 1012 1013 /* 1014 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 1015 * or should be signed by MD5 signature. 1016 * We don't use key_allocsa() for such lookups, because we don't know SPI. 1017 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 1018 * signed packet. We use SADB only as storage for password. 1019 * OUT: positive: corresponding SA for given saidx found. 1020 * NULL: SA not found 1021 */ 1022 struct secasvar * 1023 key_allocsa_tcpmd5(struct secasindex *saidx) 1024 { 1025 SAHTREE_RLOCK_TRACKER; 1026 struct secashead *sah; 1027 struct secasvar *sav; 1028 1029 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 1030 ("unexpected security protocol %u", saidx->proto)); 1031 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 1032 ("unexpected mode %u", saidx->mode)); 1033 1034 SAHTREE_RLOCK(); 1035 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1036 KEYDBG(IPSEC_DUMP, 1037 printf("%s: checking SAH\n", __func__); 1038 kdebug_secash(sah, " ")); 1039 if (sah->saidx.proto != IPPROTO_TCP) 1040 continue; 1041 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 1042 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 1043 break; 1044 } 1045 if (sah != NULL) { 1046 if (V_key_preferred_oldsa) 1047 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1048 else 1049 sav = TAILQ_FIRST(&sah->savtree_alive); 1050 if (sav != NULL) 1051 SAV_ADDREF(sav); 1052 } else 1053 sav = NULL; 1054 SAHTREE_RUNLOCK(); 1055 1056 if (sav != NULL) { 1057 KEYDBG(IPSEC_STAMP, 1058 printf("%s: return SA(%p)\n", __func__, sav)); 1059 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1060 } else { 1061 KEYDBG(IPSEC_STAMP, 1062 printf("%s: SA not found\n", __func__)); 1063 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1064 } 1065 return (sav); 1066 } 1067 1068 /* 1069 * Allocating an SA entry for an *OUTBOUND* packet. 1070 * OUT: positive: corresponding SA for given saidx found. 1071 * NULL: SA not found, but will be acquired, check *error 1072 * for acquiring status. 1073 */ 1074 struct secasvar * 1075 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1076 int *error) 1077 { 1078 SAHTREE_RLOCK_TRACKER; 1079 struct secashead *sah; 1080 struct secasvar *sav; 1081 1082 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1083 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1084 saidx->mode == IPSEC_MODE_TUNNEL, 1085 ("unexpected policy %u", saidx->mode)); 1086 1087 /* 1088 * We check new SA in the IPsec request because a different 1089 * SA may be involved each time this request is checked, either 1090 * because new SAs are being configured, or this request is 1091 * associated with an unconnected datagram socket, or this request 1092 * is associated with a system default policy. 1093 */ 1094 SAHTREE_RLOCK(); 1095 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1096 KEYDBG(IPSEC_DUMP, 1097 printf("%s: checking SAH\n", __func__); 1098 kdebug_secash(sah, " ")); 1099 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1100 break; 1101 } 1102 if (sah != NULL) { 1103 /* 1104 * Allocate the oldest SA available according to 1105 * draft-jenkins-ipsec-rekeying-03. 1106 */ 1107 if (V_key_preferred_oldsa) 1108 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1109 else 1110 sav = TAILQ_FIRST(&sah->savtree_alive); 1111 if (sav != NULL) 1112 SAV_ADDREF(sav); 1113 } else 1114 sav = NULL; 1115 SAHTREE_RUNLOCK(); 1116 1117 if (sav != NULL) { 1118 *error = 0; 1119 KEYDBG(IPSEC_STAMP, 1120 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1121 sav, sp)); 1122 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1123 return (sav); /* return referenced SA */ 1124 } 1125 1126 /* there is no SA */ 1127 *error = key_acquire(saidx, sp); 1128 if ((*error) != 0) 1129 ipseclog((LOG_DEBUG, 1130 "%s: error %d returned from key_acquire()\n", 1131 __func__, *error)); 1132 KEYDBG(IPSEC_STAMP, 1133 printf("%s: acquire SA for SP(%p), error %d\n", 1134 __func__, sp, *error)); 1135 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1136 return (NULL); 1137 } 1138 1139 /* 1140 * allocating a usable SA entry for a *INBOUND* packet. 1141 * Must call key_freesav() later. 1142 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1143 * NULL: not found, or error occurred. 1144 * 1145 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1146 * destination address, and security protocol. But according to RFC 4301, 1147 * SPI by itself suffices to specify an SA. 1148 * 1149 * Note that, however, we do need to keep source address in IPsec SA. 1150 * IKE specification and PF_KEY specification do assume that we 1151 * keep source address in IPsec SA. We see a tricky situation here. 1152 */ 1153 struct secasvar * 1154 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1155 { 1156 SAHTREE_RLOCK_TRACKER; 1157 struct secasvar *sav; 1158 1159 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1160 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1161 proto)); 1162 1163 SAHTREE_RLOCK(); 1164 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1165 if (sav->spi == spi) 1166 break; 1167 } 1168 /* 1169 * We use single SPI namespace for all protocols, so it is 1170 * impossible to have SPI duplicates in the SAVHASH. 1171 */ 1172 if (sav != NULL) { 1173 if (sav->state != SADB_SASTATE_LARVAL && 1174 sav->sah->saidx.proto == proto && 1175 key_sockaddrcmp(&dst->sa, 1176 &sav->sah->saidx.dst.sa, 0) == 0) 1177 SAV_ADDREF(sav); 1178 else 1179 sav = NULL; 1180 } 1181 SAHTREE_RUNLOCK(); 1182 1183 if (sav == NULL) { 1184 KEYDBG(IPSEC_STAMP, 1185 char buf[IPSEC_ADDRSTRLEN]; 1186 printf("%s: SA not found for spi %u proto %u dst %s\n", 1187 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1188 sizeof(buf)))); 1189 } else { 1190 KEYDBG(IPSEC_STAMP, 1191 printf("%s: return SA(%p)\n", __func__, sav)); 1192 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1193 } 1194 return (sav); 1195 } 1196 1197 struct secasvar * 1198 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1199 uint8_t proto) 1200 { 1201 SAHTREE_RLOCK_TRACKER; 1202 struct secasindex saidx; 1203 struct secashead *sah; 1204 struct secasvar *sav; 1205 1206 IPSEC_ASSERT(src != NULL, ("null src address")); 1207 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1208 1209 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1210 &dst->sa, &saidx); 1211 1212 sav = NULL; 1213 SAHTREE_RLOCK(); 1214 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1215 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1216 continue; 1217 if (proto != sah->saidx.proto) 1218 continue; 1219 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1220 continue; 1221 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1222 continue; 1223 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1224 if (V_key_preferred_oldsa) 1225 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1226 else 1227 sav = TAILQ_FIRST(&sah->savtree_alive); 1228 if (sav != NULL) { 1229 SAV_ADDREF(sav); 1230 break; 1231 } 1232 } 1233 SAHTREE_RUNLOCK(); 1234 KEYDBG(IPSEC_STAMP, 1235 printf("%s: return SA(%p)\n", __func__, sav)); 1236 if (sav != NULL) 1237 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1238 return (sav); 1239 } 1240 1241 /* 1242 * Must be called after calling key_allocsp(). 1243 */ 1244 void 1245 key_freesp(struct secpolicy **spp) 1246 { 1247 struct secpolicy *sp = *spp; 1248 1249 IPSEC_ASSERT(sp != NULL, ("null sp")); 1250 if (SP_DELREF(sp) == 0) 1251 return; 1252 1253 KEYDBG(IPSEC_STAMP, 1254 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1255 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1256 1257 *spp = NULL; 1258 #ifdef IPSEC_OFFLOAD 1259 KASSERT(CK_LIST_EMPTY(&sp->accel_ifps), 1260 ("key_freesp: sp %p still offloaded", sp)); 1261 free(__DECONST(char *, sp->accel_ifname), M_IPSEC_MISC); 1262 #endif 1263 while (sp->tcount > 0) 1264 ipsec_delisr(sp->req[--sp->tcount]); 1265 free(sp, M_IPSEC_SP); 1266 } 1267 1268 static void 1269 key_unlink(struct secpolicy *sp) 1270 { 1271 SPTREE_WLOCK(); 1272 key_detach(sp); 1273 SPTREE_WUNLOCK(); 1274 if (SPDCACHE_ENABLED()) 1275 spdcache_clear(); 1276 ipsec_accel_sync(); 1277 key_freesp(&sp); 1278 } 1279 1280 static void 1281 key_detach(struct secpolicy *sp) 1282 { 1283 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1284 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1285 ("invalid direction %u", sp->spidx.dir)); 1286 SPTREE_WLOCK_ASSERT(); 1287 1288 KEYDBG(KEY_STAMP, 1289 printf("%s: SP(%p)\n", __func__, sp)); 1290 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1291 /* SP is already unlinked */ 1292 return; 1293 } 1294 sp->state = IPSEC_SPSTATE_DEAD; 1295 ipsec_accel_spddel(sp); 1296 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1297 V_spd_size--; 1298 LIST_REMOVE(sp, idhash); 1299 V_sp_genid++; 1300 } 1301 1302 /* 1303 * insert a secpolicy into the SP database. Lower priorities first 1304 */ 1305 static void 1306 key_insertsp(struct secpolicy *newsp) 1307 { 1308 struct secpolicy *sp; 1309 1310 SPTREE_WLOCK_ASSERT(); 1311 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1312 if (newsp->priority < sp->priority) { 1313 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1314 goto done; 1315 } 1316 } 1317 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1318 done: 1319 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1320 newsp->state = IPSEC_SPSTATE_ALIVE; 1321 V_spd_size++; 1322 V_sp_genid++; 1323 ipsec_accel_spdadd(newsp, NULL); 1324 } 1325 1326 /* 1327 * Insert a bunch of VTI secpolicies into the SPDB. 1328 * We keep VTI policies in the separate list due to following reasons: 1329 * 1) they should be immutable to user's or some deamon's attempts to 1330 * delete. The only way delete such policies - destroy or unconfigure 1331 * corresponding virtual inteface. 1332 * 2) such policies have traffic selector that matches all traffic per 1333 * address family. 1334 * Since all VTI policies have the same priority, we don't care about 1335 * policies order. 1336 */ 1337 int 1338 key_register_ifnet(struct secpolicy **spp, u_int count) 1339 { 1340 struct mbuf *m; 1341 u_int i; 1342 1343 SPTREE_WLOCK(); 1344 /* 1345 * First of try to acquire id for each SP. 1346 */ 1347 for (i = 0; i < count; i++) { 1348 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1349 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1350 ("invalid direction %u", spp[i]->spidx.dir)); 1351 1352 if ((spp[i]->id = key_getnewspid()) == 0) { 1353 SPTREE_WUNLOCK(); 1354 return (EAGAIN); 1355 } 1356 } 1357 for (i = 0; i < count; i++) { 1358 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1359 spp[i], chain); 1360 /* 1361 * NOTE: despite the fact that we keep VTI SP in the 1362 * separate list, SPHASH contains policies from both 1363 * sources. Thus SADB_X_SPDGET will correctly return 1364 * SP by id, because it uses SPHASH for lookups. 1365 */ 1366 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1367 spp[i]->state = IPSEC_SPSTATE_IFNET; 1368 ipsec_accel_spdadd(spp[i], NULL); 1369 } 1370 SPTREE_WUNLOCK(); 1371 /* 1372 * Notify user processes about new SP. 1373 */ 1374 for (i = 0; i < count; i++) { 1375 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1376 if (m != NULL) 1377 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1378 } 1379 return (0); 1380 } 1381 1382 void 1383 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1384 { 1385 struct mbuf *m; 1386 u_int i; 1387 1388 SPTREE_WLOCK(); 1389 for (i = 0; i < count; i++) { 1390 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1391 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1392 ("invalid direction %u", spp[i]->spidx.dir)); 1393 1394 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1395 continue; 1396 spp[i]->state = IPSEC_SPSTATE_DEAD; 1397 ipsec_accel_spddel(spp[i]); 1398 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1399 spp[i], chain); 1400 V_spd_size--; 1401 LIST_REMOVE(spp[i], idhash); 1402 } 1403 SPTREE_WUNLOCK(); 1404 if (SPDCACHE_ENABLED()) 1405 spdcache_clear(); 1406 ipsec_accel_sync(); 1407 1408 for (i = 0; i < count; i++) { 1409 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1410 if (m != NULL) 1411 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1412 } 1413 } 1414 1415 /* 1416 * Must be called after calling key_allocsa(). 1417 * This function is called by key_freesp() to free some SA allocated 1418 * for a policy. 1419 */ 1420 void 1421 key_freesav(struct secasvar **psav) 1422 { 1423 struct secasvar *sav = *psav; 1424 1425 IPSEC_ASSERT(sav != NULL, ("null sav")); 1426 CURVNET_ASSERT_SET(); 1427 if (SAV_DELREF(sav) == 0) 1428 return; 1429 1430 KEYDBG(IPSEC_STAMP, 1431 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1432 1433 *psav = NULL; 1434 key_delsav(sav); 1435 } 1436 1437 /* 1438 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1439 * Expect that SA has extra reference due to lookup. 1440 * Release this references, also release SAH reference after unlink. 1441 */ 1442 static void 1443 key_unlinksav(struct secasvar *sav) 1444 { 1445 struct secashead *sah; 1446 1447 KEYDBG(KEY_STAMP, 1448 printf("%s: SA(%p)\n", __func__, sav)); 1449 1450 CURVNET_ASSERT_SET(); 1451 SAHTREE_UNLOCK_ASSERT(); 1452 SAHTREE_WLOCK(); 1453 if (sav->state == SADB_SASTATE_DEAD) { 1454 /* SA is already unlinked */ 1455 SAHTREE_WUNLOCK(); 1456 return; 1457 } 1458 /* Unlink from SAH */ 1459 if (sav->state == SADB_SASTATE_LARVAL) 1460 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1461 else 1462 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1463 /* Unlink from SPI hash */ 1464 LIST_REMOVE(sav, spihash); 1465 sav->state = SADB_SASTATE_DEAD; 1466 ipsec_accel_forget_sav(sav); 1467 sah = sav->sah; 1468 SAHTREE_WUNLOCK(); 1469 key_freesav(&sav); 1470 /* Since we are unlinked, release reference to SAH */ 1471 key_freesah(&sah); 1472 } 1473 1474 /* %%% SPD management */ 1475 /* 1476 * search SPD 1477 * OUT: NULL : not found 1478 * others : found, pointer to a SP. 1479 */ 1480 static struct secpolicy * 1481 key_getsp(struct secpolicyindex *spidx) 1482 { 1483 SPTREE_RLOCK_TRACKER; 1484 struct secpolicy *sp; 1485 1486 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1487 1488 SPTREE_RLOCK(); 1489 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1490 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1491 SP_ADDREF(sp); 1492 break; 1493 } 1494 } 1495 SPTREE_RUNLOCK(); 1496 1497 return sp; 1498 } 1499 1500 /* 1501 * get SP by index. 1502 * OUT: NULL : not found 1503 * others : found, pointer to referenced SP. 1504 */ 1505 static struct secpolicy * 1506 key_getspbyid(uint32_t id) 1507 { 1508 SPTREE_RLOCK_TRACKER; 1509 struct secpolicy *sp; 1510 1511 SPTREE_RLOCK(); 1512 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1513 if (sp->id == id) { 1514 SP_ADDREF(sp); 1515 break; 1516 } 1517 } 1518 SPTREE_RUNLOCK(); 1519 return (sp); 1520 } 1521 1522 struct secpolicy * 1523 key_newsp(void) 1524 { 1525 struct secpolicy *sp; 1526 1527 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1528 if (sp != NULL) 1529 SP_INITREF(sp); 1530 return (sp); 1531 } 1532 1533 struct ipsecrequest * 1534 ipsec_newisr(void) 1535 { 1536 1537 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1538 M_NOWAIT | M_ZERO)); 1539 } 1540 1541 void 1542 ipsec_delisr(struct ipsecrequest *p) 1543 { 1544 1545 free(p, M_IPSEC_SR); 1546 } 1547 1548 /* 1549 * create secpolicy structure from sadb_x_policy structure. 1550 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1551 * are not set, so must be set properly later. 1552 */ 1553 struct secpolicy * 1554 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1555 { 1556 struct secpolicy *newsp; 1557 1558 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1559 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1560 1561 if (len != PFKEY_EXTLEN(xpl0)) { 1562 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1563 *error = EINVAL; 1564 return NULL; 1565 } 1566 1567 if ((newsp = key_newsp()) == NULL) { 1568 *error = ENOBUFS; 1569 return NULL; 1570 } 1571 1572 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1573 newsp->policy = xpl0->sadb_x_policy_type; 1574 newsp->priority = xpl0->sadb_x_policy_priority; 1575 newsp->tcount = 0; 1576 1577 /* check policy */ 1578 switch (xpl0->sadb_x_policy_type) { 1579 case IPSEC_POLICY_DISCARD: 1580 case IPSEC_POLICY_NONE: 1581 case IPSEC_POLICY_ENTRUST: 1582 case IPSEC_POLICY_BYPASS: 1583 break; 1584 1585 case IPSEC_POLICY_IPSEC: 1586 { 1587 struct sadb_x_ipsecrequest *xisr; 1588 struct ipsecrequest *isr; 1589 int tlen; 1590 1591 /* validity check */ 1592 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1593 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1594 __func__)); 1595 key_freesp(&newsp); 1596 *error = EINVAL; 1597 return NULL; 1598 } 1599 1600 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1601 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1602 1603 while (tlen > 0) { 1604 /* length check */ 1605 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1606 xisr->sadb_x_ipsecrequest_len > tlen) { 1607 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1608 "length.\n", __func__)); 1609 key_freesp(&newsp); 1610 *error = EINVAL; 1611 return NULL; 1612 } 1613 1614 if (newsp->tcount >= IPSEC_MAXREQ) { 1615 ipseclog((LOG_DEBUG, 1616 "%s: too many ipsecrequests.\n", 1617 __func__)); 1618 key_freesp(&newsp); 1619 *error = EINVAL; 1620 return (NULL); 1621 } 1622 1623 /* allocate request buffer */ 1624 /* NB: data structure is zero'd */ 1625 isr = ipsec_newisr(); 1626 if (isr == NULL) { 1627 ipseclog((LOG_DEBUG, 1628 "%s: No more memory.\n", __func__)); 1629 key_freesp(&newsp); 1630 *error = ENOBUFS; 1631 return NULL; 1632 } 1633 1634 newsp->req[newsp->tcount++] = isr; 1635 1636 /* set values */ 1637 switch (xisr->sadb_x_ipsecrequest_proto) { 1638 case IPPROTO_ESP: 1639 case IPPROTO_AH: 1640 case IPPROTO_IPCOMP: 1641 break; 1642 default: 1643 ipseclog((LOG_DEBUG, 1644 "%s: invalid proto type=%u\n", __func__, 1645 xisr->sadb_x_ipsecrequest_proto)); 1646 key_freesp(&newsp); 1647 *error = EPROTONOSUPPORT; 1648 return NULL; 1649 } 1650 isr->saidx.proto = 1651 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1652 1653 switch (xisr->sadb_x_ipsecrequest_mode) { 1654 case IPSEC_MODE_TRANSPORT: 1655 case IPSEC_MODE_TUNNEL: 1656 break; 1657 case IPSEC_MODE_ANY: 1658 default: 1659 ipseclog((LOG_DEBUG, 1660 "%s: invalid mode=%u\n", __func__, 1661 xisr->sadb_x_ipsecrequest_mode)); 1662 key_freesp(&newsp); 1663 *error = EINVAL; 1664 return NULL; 1665 } 1666 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1667 1668 switch (xisr->sadb_x_ipsecrequest_level) { 1669 case IPSEC_LEVEL_DEFAULT: 1670 case IPSEC_LEVEL_USE: 1671 case IPSEC_LEVEL_REQUIRE: 1672 break; 1673 case IPSEC_LEVEL_UNIQUE: 1674 /* validity check */ 1675 /* 1676 * If range violation of reqid, kernel will 1677 * update it, don't refuse it. 1678 */ 1679 if (xisr->sadb_x_ipsecrequest_reqid 1680 > IPSEC_MANUAL_REQID_MAX) { 1681 ipseclog((LOG_DEBUG, 1682 "%s: reqid=%d range " 1683 "violation, updated by kernel.\n", 1684 __func__, 1685 xisr->sadb_x_ipsecrequest_reqid)); 1686 xisr->sadb_x_ipsecrequest_reqid = 0; 1687 } 1688 1689 /* allocate new reqid id if reqid is zero. */ 1690 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1691 u_int32_t reqid; 1692 if ((reqid = key_newreqid()) == 0) { 1693 key_freesp(&newsp); 1694 *error = ENOBUFS; 1695 return NULL; 1696 } 1697 isr->saidx.reqid = reqid; 1698 xisr->sadb_x_ipsecrequest_reqid = reqid; 1699 } else { 1700 /* set it for manual keying. */ 1701 isr->saidx.reqid = 1702 xisr->sadb_x_ipsecrequest_reqid; 1703 } 1704 break; 1705 1706 default: 1707 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1708 __func__, 1709 xisr->sadb_x_ipsecrequest_level)); 1710 key_freesp(&newsp); 1711 *error = EINVAL; 1712 return NULL; 1713 } 1714 isr->level = xisr->sadb_x_ipsecrequest_level; 1715 1716 /* set IP addresses if there */ 1717 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1718 struct sockaddr *paddr; 1719 1720 len = tlen - sizeof(*xisr); 1721 paddr = (struct sockaddr *)(xisr + 1); 1722 /* validity check */ 1723 if (len < sizeof(struct sockaddr) || 1724 len < 2 * paddr->sa_len || 1725 paddr->sa_len > sizeof(isr->saidx.src)) { 1726 ipseclog((LOG_DEBUG, "%s: invalid " 1727 "request address length.\n", 1728 __func__)); 1729 key_freesp(&newsp); 1730 *error = EINVAL; 1731 return NULL; 1732 } 1733 /* 1734 * Request length should be enough to keep 1735 * source and destination addresses. 1736 */ 1737 if (xisr->sadb_x_ipsecrequest_len < 1738 sizeof(*xisr) + 2 * paddr->sa_len) { 1739 ipseclog((LOG_DEBUG, "%s: invalid " 1740 "ipsecrequest length.\n", 1741 __func__)); 1742 key_freesp(&newsp); 1743 *error = EINVAL; 1744 return (NULL); 1745 } 1746 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1747 paddr = (struct sockaddr *)((caddr_t)paddr + 1748 paddr->sa_len); 1749 1750 /* validity check */ 1751 if (paddr->sa_len != 1752 isr->saidx.src.sa.sa_len) { 1753 ipseclog((LOG_DEBUG, "%s: invalid " 1754 "request address length.\n", 1755 __func__)); 1756 key_freesp(&newsp); 1757 *error = EINVAL; 1758 return NULL; 1759 } 1760 /* AF family should match */ 1761 if (paddr->sa_family != 1762 isr->saidx.src.sa.sa_family) { 1763 ipseclog((LOG_DEBUG, "%s: address " 1764 "family doesn't match.\n", 1765 __func__)); 1766 key_freesp(&newsp); 1767 *error = EINVAL; 1768 return (NULL); 1769 } 1770 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1771 } else { 1772 /* 1773 * Addresses for TUNNEL mode requests are 1774 * mandatory. 1775 */ 1776 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1777 ipseclog((LOG_DEBUG, "%s: missing " 1778 "request addresses.\n", __func__)); 1779 key_freesp(&newsp); 1780 *error = EINVAL; 1781 return (NULL); 1782 } 1783 } 1784 tlen -= xisr->sadb_x_ipsecrequest_len; 1785 1786 /* validity check */ 1787 if (tlen < 0) { 1788 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1789 __func__)); 1790 key_freesp(&newsp); 1791 *error = EINVAL; 1792 return NULL; 1793 } 1794 1795 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1796 + xisr->sadb_x_ipsecrequest_len); 1797 } 1798 /* XXXAE: LARVAL SP */ 1799 if (newsp->tcount < 1) { 1800 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1801 "not found.\n", __func__)); 1802 key_freesp(&newsp); 1803 *error = EINVAL; 1804 return (NULL); 1805 } 1806 } 1807 break; 1808 default: 1809 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1810 key_freesp(&newsp); 1811 *error = EINVAL; 1812 return NULL; 1813 } 1814 1815 *error = 0; 1816 return (newsp); 1817 } 1818 1819 uint32_t 1820 key_newreqid(void) 1821 { 1822 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1823 1824 if (auto_reqid == ~0) 1825 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1826 else 1827 auto_reqid++; 1828 1829 /* XXX should be unique check */ 1830 return (auto_reqid); 1831 } 1832 1833 /* 1834 * copy secpolicy struct to sadb_x_policy structure indicated. 1835 */ 1836 static struct mbuf * 1837 key_sp2mbuf(struct secpolicy *sp) 1838 { 1839 struct mbuf *m; 1840 size_t tlen; 1841 1842 tlen = key_getspreqmsglen(sp); 1843 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1844 if (m == NULL) 1845 return (NULL); 1846 m_align(m, tlen); 1847 m->m_len = tlen; 1848 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1849 m_freem(m); 1850 return (NULL); 1851 } 1852 return (m); 1853 } 1854 1855 int 1856 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1857 { 1858 struct sadb_x_ipsecrequest *xisr; 1859 struct sadb_x_policy *xpl; 1860 struct ipsecrequest *isr; 1861 size_t xlen, ilen; 1862 caddr_t p; 1863 int error, i; 1864 #ifdef IPSEC_OFFLOAD 1865 struct sadb_x_if_hw_offl *xif; 1866 #endif 1867 1868 IPSEC_ASSERT(sp != NULL, ("null policy")); 1869 1870 xlen = sizeof(*xpl); 1871 if (*len < xlen) 1872 return (EINVAL); 1873 1874 error = 0; 1875 bzero(request, *len); 1876 xpl = (struct sadb_x_policy *)request; 1877 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1878 xpl->sadb_x_policy_type = sp->policy; 1879 xpl->sadb_x_policy_dir = sp->spidx.dir; 1880 xpl->sadb_x_policy_id = sp->id; 1881 xpl->sadb_x_policy_priority = sp->priority; 1882 switch (sp->state) { 1883 case IPSEC_SPSTATE_IFNET: 1884 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1885 break; 1886 case IPSEC_SPSTATE_PCB: 1887 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1888 break; 1889 default: 1890 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1891 } 1892 1893 /* if is the policy for ipsec ? */ 1894 if (sp->policy == IPSEC_POLICY_IPSEC) { 1895 p = (caddr_t)xpl + sizeof(*xpl); 1896 for (i = 0; i < sp->tcount; i++) { 1897 isr = sp->req[i]; 1898 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1899 isr->saidx.src.sa.sa_len + 1900 isr->saidx.dst.sa.sa_len); 1901 xlen += ilen; 1902 if (xlen > *len) { 1903 error = ENOBUFS; 1904 /* Calculate needed size */ 1905 continue; 1906 } 1907 xisr = (struct sadb_x_ipsecrequest *)p; 1908 xisr->sadb_x_ipsecrequest_len = ilen; 1909 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1910 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1911 xisr->sadb_x_ipsecrequest_level = isr->level; 1912 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1913 1914 p += sizeof(*xisr); 1915 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1916 p += isr->saidx.src.sa.sa_len; 1917 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1918 p += isr->saidx.dst.sa.sa_len; 1919 } 1920 } 1921 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1922 #ifdef IPSEC_OFFLOAD 1923 if (error == 0 && sp->accel_ifname != NULL) { 1924 xif = (struct sadb_x_if_hw_offl *)(xpl + 1); 1925 bzero(xif, sizeof(*xif)); 1926 xif->sadb_x_if_hw_offl_len = PFKEY_UNIT64(sizeof(*xif)); 1927 xif->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; 1928 xif->sadb_x_if_hw_offl_flags = 0; 1929 strncpy(xif->sadb_x_if_hw_offl_if, sp->accel_ifname, 1930 sizeof(xif->sadb_x_if_hw_offl_if)); 1931 xlen += sizeof(*xif); 1932 } 1933 #endif 1934 if (error == 0) 1935 *len = xlen; 1936 else 1937 *len = sizeof(*xpl); 1938 return (error); 1939 } 1940 1941 /* m will not be freed nor modified */ 1942 static struct mbuf * 1943 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1944 int ndeep, int nitem, ...) 1945 { 1946 va_list ap; 1947 int idx; 1948 int i; 1949 struct mbuf *result = NULL, *n; 1950 int len; 1951 1952 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1953 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1954 1955 va_start(ap, nitem); 1956 for (i = 0; i < nitem; i++) { 1957 idx = va_arg(ap, int); 1958 if (idx < 0 || idx > SADB_EXT_MAX) 1959 goto fail; 1960 /* don't attempt to pull empty extension */ 1961 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1962 continue; 1963 if (idx != SADB_EXT_RESERVED && 1964 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1965 continue; 1966 1967 if (idx == SADB_EXT_RESERVED) { 1968 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1969 1970 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1971 1972 MGETHDR(n, M_NOWAIT, MT_DATA); 1973 if (!n) 1974 goto fail; 1975 n->m_len = len; 1976 n->m_next = NULL; 1977 m_copydata(m, 0, sizeof(struct sadb_msg), 1978 mtod(n, caddr_t)); 1979 } else if (i < ndeep) { 1980 len = mhp->extlen[idx]; 1981 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1982 if (n == NULL) 1983 goto fail; 1984 m_align(n, len); 1985 n->m_len = len; 1986 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1987 mtod(n, caddr_t)); 1988 } else { 1989 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1990 M_NOWAIT); 1991 } 1992 if (n == NULL) 1993 goto fail; 1994 1995 if (result) 1996 m_cat(result, n); 1997 else 1998 result = n; 1999 } 2000 va_end(ap); 2001 2002 if ((result->m_flags & M_PKTHDR) != 0) { 2003 result->m_pkthdr.len = 0; 2004 for (n = result; n; n = n->m_next) 2005 result->m_pkthdr.len += n->m_len; 2006 } 2007 2008 return result; 2009 2010 fail: 2011 m_freem(result); 2012 va_end(ap); 2013 return NULL; 2014 } 2015 2016 /* 2017 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 2018 * add an entry to SP database, when received 2019 * <base, address(SD), (lifetime(H),) policy> 2020 * from the user(?). 2021 * Adding to SP database, 2022 * and send 2023 * <base, address(SD), (lifetime(H),) policy> 2024 * to the socket which was send. 2025 * 2026 * SPDADD set a unique policy entry. 2027 * SPDSETIDX like SPDADD without a part of policy requests. 2028 * SPDUPDATE replace a unique policy entry. 2029 * 2030 * XXXAE: serialize this in PF_KEY to avoid races. 2031 * m will always be freed. 2032 */ 2033 static int 2034 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2035 { 2036 struct secpolicyindex spidx; 2037 struct sadb_address *src0, *dst0; 2038 struct sadb_x_policy *xpl0, *xpl; 2039 struct sadb_lifetime *lft = NULL; 2040 struct secpolicy *newsp, *oldsp; 2041 int error; 2042 2043 IPSEC_ASSERT(so != NULL, ("null socket")); 2044 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2045 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2046 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2047 2048 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2049 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2050 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2051 ipseclog((LOG_DEBUG, 2052 "%s: invalid message: missing required header.\n", 2053 __func__)); 2054 return key_senderror(so, m, EINVAL); 2055 } 2056 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2057 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2058 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2059 ipseclog((LOG_DEBUG, 2060 "%s: invalid message: wrong header size.\n", __func__)); 2061 return key_senderror(so, m, EINVAL); 2062 } 2063 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 2064 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 2065 ipseclog((LOG_DEBUG, 2066 "%s: invalid message: wrong header size.\n", 2067 __func__)); 2068 return key_senderror(so, m, EINVAL); 2069 } 2070 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 2071 } 2072 2073 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2074 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2075 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2076 2077 /* check the direciton */ 2078 switch (xpl0->sadb_x_policy_dir) { 2079 case IPSEC_DIR_INBOUND: 2080 case IPSEC_DIR_OUTBOUND: 2081 break; 2082 default: 2083 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2084 return key_senderror(so, m, EINVAL); 2085 } 2086 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2087 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2088 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2089 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2090 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2091 return key_senderror(so, m, EINVAL); 2092 } 2093 2094 /* policy requests are mandatory when action is ipsec. */ 2095 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2096 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2097 ipseclog((LOG_DEBUG, 2098 "%s: policy requests required.\n", __func__)); 2099 return key_senderror(so, m, EINVAL); 2100 } 2101 2102 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2103 (struct sockaddr *)(dst0 + 1)); 2104 if (error != 0 || 2105 src0->sadb_address_proto != dst0->sadb_address_proto) { 2106 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2107 return key_senderror(so, m, error); 2108 } 2109 /* make secindex */ 2110 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2111 src0 + 1, 2112 dst0 + 1, 2113 src0->sadb_address_prefixlen, 2114 dst0->sadb_address_prefixlen, 2115 src0->sadb_address_proto, 2116 &spidx); 2117 /* Checking there is SP already or not. */ 2118 oldsp = key_getsp(&spidx); 2119 if (oldsp != NULL) { 2120 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2121 KEYDBG(KEY_STAMP, 2122 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2123 __func__, oldsp)); 2124 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2125 } else { 2126 key_freesp(&oldsp); 2127 ipseclog((LOG_DEBUG, 2128 "%s: a SP entry exists already.\n", __func__)); 2129 return (key_senderror(so, m, EEXIST)); 2130 } 2131 } 2132 2133 /* allocate new SP entry */ 2134 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2135 if (oldsp != NULL) { 2136 key_unlink(oldsp); 2137 key_freesp(&oldsp); /* second for our reference */ 2138 } 2139 return key_senderror(so, m, error); 2140 } 2141 2142 newsp->lastused = newsp->created = time_second; 2143 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2144 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2145 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2146 #ifdef IPSEC_OFFLOAD 2147 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) && 2148 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) { 2149 struct sadb_x_if_hw_offl *xof; 2150 2151 xof = (struct sadb_x_if_hw_offl *)mhp->ext[ 2152 SADB_X_EXT_IF_HW_OFFL]; 2153 newsp->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if), 2154 M_IPSEC_MISC, M_NOWAIT); 2155 if (newsp->accel_ifname == NULL) { 2156 ipseclog((LOG_DEBUG, "%s: cannot alloc accel_ifname.\n", 2157 __func__)); 2158 key_freesp(&newsp); 2159 return (key_senderror(so, m, error)); 2160 } 2161 strncpy(__DECONST(char *, newsp->accel_ifname), 2162 xof->sadb_x_if_hw_offl_if, 2163 sizeof(xof->sadb_x_if_hw_offl_if)); 2164 } 2165 2166 #endif 2167 2168 SPTREE_WLOCK(); 2169 if ((newsp->id = key_getnewspid()) == 0) { 2170 if (oldsp != NULL) 2171 key_detach(oldsp); 2172 SPTREE_WUNLOCK(); 2173 if (oldsp != NULL) { 2174 ipsec_accel_sync(); 2175 key_freesp(&oldsp); /* first for key_detach */ 2176 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2177 key_freesp(&oldsp); /* second for our reference */ 2178 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2179 spdcache_clear(); 2180 } 2181 key_freesp(&newsp); 2182 return key_senderror(so, m, ENOBUFS); 2183 } 2184 if (oldsp != NULL) 2185 key_detach(oldsp); 2186 key_insertsp(newsp); 2187 SPTREE_WUNLOCK(); 2188 if (oldsp != NULL) { 2189 ipsec_accel_sync(); 2190 key_freesp(&oldsp); /* first for key_detach */ 2191 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2192 key_freesp(&oldsp); /* second for our reference */ 2193 } 2194 if (SPDCACHE_ENABLED()) 2195 spdcache_clear(); 2196 KEYDBG(KEY_STAMP, 2197 printf("%s: SP(%p)\n", __func__, newsp)); 2198 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2199 2200 { 2201 struct mbuf *n, *mpolicy; 2202 struct sadb_msg *newmsg; 2203 int off; 2204 2205 /* create new sadb_msg to reply. */ 2206 if (lft) { 2207 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2208 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2209 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2210 } else { 2211 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2212 SADB_X_EXT_POLICY, 2213 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2214 } 2215 if (!n) 2216 return key_senderror(so, m, ENOBUFS); 2217 2218 if (n->m_len < sizeof(*newmsg)) { 2219 n = m_pullup(n, sizeof(*newmsg)); 2220 if (!n) 2221 return key_senderror(so, m, ENOBUFS); 2222 } 2223 newmsg = mtod(n, struct sadb_msg *); 2224 newmsg->sadb_msg_errno = 0; 2225 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2226 2227 off = 0; 2228 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2229 sizeof(*xpl), &off); 2230 if (mpolicy == NULL) { 2231 /* n is already freed */ 2232 return key_senderror(so, m, ENOBUFS); 2233 } 2234 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2235 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2236 m_freem(n); 2237 return key_senderror(so, m, EINVAL); 2238 } 2239 xpl->sadb_x_policy_id = newsp->id; 2240 2241 m_freem(m); 2242 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2243 } 2244 } 2245 2246 /* 2247 * get new policy id. 2248 * OUT: 2249 * 0: failure. 2250 * others: success. 2251 */ 2252 static uint32_t 2253 key_getnewspid(void) 2254 { 2255 struct secpolicy *sp; 2256 uint32_t newid = 0; 2257 int tries, limit; 2258 2259 SPTREE_WLOCK_ASSERT(); 2260 2261 limit = atomic_load_int(&V_key_spi_trycnt); 2262 for (tries = 0; tries < limit; tries++) { 2263 if (V_policy_id == ~0) /* overflowed */ 2264 newid = V_policy_id = 1; 2265 else 2266 newid = ++V_policy_id; 2267 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2268 if (sp->id == newid) 2269 break; 2270 } 2271 if (sp == NULL) 2272 break; 2273 } 2274 if (tries == limit || newid == 0) { 2275 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2276 __func__)); 2277 return (0); 2278 } 2279 return (newid); 2280 } 2281 2282 /* 2283 * SADB_SPDDELETE processing 2284 * receive 2285 * <base, address(SD), policy(*)> 2286 * from the user(?), and set SADB_SASTATE_DEAD, 2287 * and send, 2288 * <base, address(SD), policy(*)> 2289 * to the ikmpd. 2290 * policy(*) including direction of policy. 2291 * 2292 * m will always be freed. 2293 */ 2294 static int 2295 key_spddelete(struct socket *so, struct mbuf *m, 2296 const struct sadb_msghdr *mhp) 2297 { 2298 struct secpolicyindex spidx; 2299 struct sadb_address *src0, *dst0; 2300 struct sadb_x_policy *xpl0; 2301 struct secpolicy *sp; 2302 2303 IPSEC_ASSERT(so != NULL, ("null so")); 2304 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2305 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2306 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2307 2308 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2309 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2310 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2311 ipseclog((LOG_DEBUG, 2312 "%s: invalid message: missing required header.\n", 2313 __func__)); 2314 return key_senderror(so, m, EINVAL); 2315 } 2316 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2317 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2318 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2319 ipseclog((LOG_DEBUG, 2320 "%s: invalid message: wrong header size.\n", __func__)); 2321 return key_senderror(so, m, EINVAL); 2322 } 2323 2324 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2325 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2326 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2327 2328 /* check the direciton */ 2329 switch (xpl0->sadb_x_policy_dir) { 2330 case IPSEC_DIR_INBOUND: 2331 case IPSEC_DIR_OUTBOUND: 2332 break; 2333 default: 2334 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2335 return key_senderror(so, m, EINVAL); 2336 } 2337 /* Only DISCARD, NONE and IPSEC are allowed */ 2338 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2339 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2340 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2341 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2342 return key_senderror(so, m, EINVAL); 2343 } 2344 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2345 (struct sockaddr *)(dst0 + 1)) != 0 || 2346 src0->sadb_address_proto != dst0->sadb_address_proto) { 2347 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2348 return key_senderror(so, m, EINVAL); 2349 } 2350 /* make secindex */ 2351 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2352 src0 + 1, 2353 dst0 + 1, 2354 src0->sadb_address_prefixlen, 2355 dst0->sadb_address_prefixlen, 2356 src0->sadb_address_proto, 2357 &spidx); 2358 2359 /* Is there SP in SPD ? */ 2360 if ((sp = key_getsp(&spidx)) == NULL) { 2361 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2362 return key_senderror(so, m, EINVAL); 2363 } 2364 2365 /* save policy id to buffer to be returned. */ 2366 xpl0->sadb_x_policy_id = sp->id; 2367 2368 KEYDBG(KEY_STAMP, 2369 printf("%s: SP(%p)\n", __func__, sp)); 2370 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2371 ipsec_accel_spddel(sp); 2372 key_unlink(sp); 2373 key_freesp(&sp); 2374 2375 { 2376 struct mbuf *n; 2377 struct sadb_msg *newmsg; 2378 2379 /* create new sadb_msg to reply. */ 2380 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2381 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2382 if (!n) 2383 return key_senderror(so, m, ENOBUFS); 2384 2385 newmsg = mtod(n, struct sadb_msg *); 2386 newmsg->sadb_msg_errno = 0; 2387 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2388 2389 m_freem(m); 2390 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2391 } 2392 } 2393 2394 /* 2395 * SADB_SPDDELETE2 processing 2396 * receive 2397 * <base, policy(*)> 2398 * from the user(?), and set SADB_SASTATE_DEAD, 2399 * and send, 2400 * <base, policy(*)> 2401 * to the ikmpd. 2402 * policy(*) including direction of policy. 2403 * 2404 * m will always be freed. 2405 */ 2406 static int 2407 key_spddelete2(struct socket *so, struct mbuf *m, 2408 const struct sadb_msghdr *mhp) 2409 { 2410 struct secpolicy *sp; 2411 uint32_t id; 2412 2413 IPSEC_ASSERT(so != NULL, ("null socket")); 2414 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2415 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2416 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2417 2418 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2419 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2420 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2421 __func__)); 2422 return key_senderror(so, m, EINVAL); 2423 } 2424 2425 id = ((struct sadb_x_policy *) 2426 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2427 2428 /* Is there SP in SPD ? */ 2429 if ((sp = key_getspbyid(id)) == NULL) { 2430 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2431 __func__, id)); 2432 return key_senderror(so, m, EINVAL); 2433 } 2434 2435 KEYDBG(KEY_STAMP, 2436 printf("%s: SP(%p)\n", __func__, sp)); 2437 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2438 key_unlink(sp); 2439 if (sp->state != IPSEC_SPSTATE_DEAD) { 2440 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2441 __func__, id)); 2442 key_freesp(&sp); 2443 return (key_senderror(so, m, EACCES)); 2444 } 2445 key_freesp(&sp); 2446 2447 { 2448 struct mbuf *n, *nn; 2449 struct sadb_msg *newmsg; 2450 int off, len; 2451 2452 /* create new sadb_msg to reply. */ 2453 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2454 2455 n = key_mget(len); 2456 if (n == NULL) 2457 return key_senderror(so, m, ENOBUFS); 2458 2459 n->m_len = len; 2460 n->m_next = NULL; 2461 off = 0; 2462 2463 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2464 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2465 2466 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2467 off, len)); 2468 2469 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2470 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2471 if (!n->m_next) { 2472 m_freem(n); 2473 return key_senderror(so, m, ENOBUFS); 2474 } 2475 2476 n->m_pkthdr.len = 0; 2477 for (nn = n; nn; nn = nn->m_next) 2478 n->m_pkthdr.len += nn->m_len; 2479 2480 newmsg = mtod(n, struct sadb_msg *); 2481 newmsg->sadb_msg_errno = 0; 2482 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2483 2484 m_freem(m); 2485 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2486 } 2487 } 2488 2489 /* 2490 * SADB_X_SPDGET processing 2491 * receive 2492 * <base, policy(*)> 2493 * from the user(?), 2494 * and send, 2495 * <base, address(SD), policy> 2496 * to the ikmpd. 2497 * policy(*) including direction of policy. 2498 * 2499 * m will always be freed. 2500 */ 2501 static int 2502 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2503 { 2504 struct secpolicy *sp; 2505 struct mbuf *n; 2506 uint32_t id; 2507 2508 IPSEC_ASSERT(so != NULL, ("null socket")); 2509 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2510 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2511 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2512 2513 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2514 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2515 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2516 __func__)); 2517 return key_senderror(so, m, EINVAL); 2518 } 2519 2520 id = ((struct sadb_x_policy *) 2521 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2522 2523 /* Is there SP in SPD ? */ 2524 if ((sp = key_getspbyid(id)) == NULL) { 2525 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2526 __func__, id)); 2527 return key_senderror(so, m, ENOENT); 2528 } 2529 2530 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2531 mhp->msg->sadb_msg_pid); 2532 key_freesp(&sp); 2533 if (n != NULL) { 2534 m_freem(m); 2535 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2536 } else 2537 return key_senderror(so, m, ENOBUFS); 2538 } 2539 2540 /* 2541 * SADB_X_SPDACQUIRE processing. 2542 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2543 * send 2544 * <base, policy(*)> 2545 * to KMD, and expect to receive 2546 * <base> with SADB_X_SPDACQUIRE if error occurred, 2547 * or 2548 * <base, policy> 2549 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2550 * policy(*) is without policy requests. 2551 * 2552 * 0 : succeed 2553 * others: error number 2554 */ 2555 int 2556 key_spdacquire(struct secpolicy *sp) 2557 { 2558 struct mbuf *result = NULL, *m; 2559 struct secspacq *newspacq; 2560 2561 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2562 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2563 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2564 ("policy not IPSEC %u", sp->policy)); 2565 2566 /* Get an entry to check whether sent message or not. */ 2567 newspacq = key_getspacq(&sp->spidx); 2568 if (newspacq != NULL) { 2569 if (V_key_blockacq_count < newspacq->count) { 2570 /* reset counter and do send message. */ 2571 newspacq->count = 0; 2572 } else { 2573 /* increment counter and do nothing. */ 2574 newspacq->count++; 2575 SPACQ_UNLOCK(); 2576 return (0); 2577 } 2578 SPACQ_UNLOCK(); 2579 } else { 2580 /* make new entry for blocking to send SADB_ACQUIRE. */ 2581 newspacq = key_newspacq(&sp->spidx); 2582 if (newspacq == NULL) 2583 return ENOBUFS; 2584 } 2585 2586 /* create new sadb_msg to reply. */ 2587 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2588 if (!m) 2589 return ENOBUFS; 2590 2591 result = m; 2592 2593 result->m_pkthdr.len = 0; 2594 for (m = result; m; m = m->m_next) 2595 result->m_pkthdr.len += m->m_len; 2596 2597 mtod(result, struct sadb_msg *)->sadb_msg_len = 2598 PFKEY_UNIT64(result->m_pkthdr.len); 2599 2600 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2601 } 2602 2603 /* 2604 * SADB_SPDFLUSH processing 2605 * receive 2606 * <base> 2607 * from the user, and free all entries in secpctree. 2608 * and send, 2609 * <base> 2610 * to the user. 2611 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2612 * 2613 * m will always be freed. 2614 */ 2615 static int 2616 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2617 { 2618 struct secpolicy_queue drainq; 2619 struct sadb_msg *newmsg; 2620 struct secpolicy *sp, *nextsp; 2621 u_int dir; 2622 2623 IPSEC_ASSERT(so != NULL, ("null socket")); 2624 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2625 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2626 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2627 2628 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2629 return key_senderror(so, m, EINVAL); 2630 2631 TAILQ_INIT(&drainq); 2632 SPTREE_WLOCK(); 2633 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2634 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2635 } 2636 /* 2637 * We need to set state to DEAD for each policy to be sure, 2638 * that another thread won't try to unlink it. 2639 * Also remove SP from sphash. 2640 */ 2641 TAILQ_FOREACH(sp, &drainq, chain) { 2642 sp->state = IPSEC_SPSTATE_DEAD; 2643 ipsec_accel_spddel(sp); 2644 LIST_REMOVE(sp, idhash); 2645 } 2646 V_sp_genid++; 2647 V_spd_size = 0; 2648 SPTREE_WUNLOCK(); 2649 if (SPDCACHE_ENABLED()) 2650 spdcache_clear(); 2651 sp = TAILQ_FIRST(&drainq); 2652 while (sp != NULL) { 2653 nextsp = TAILQ_NEXT(sp, chain); 2654 key_freesp(&sp); 2655 sp = nextsp; 2656 } 2657 2658 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2659 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2660 return key_senderror(so, m, ENOBUFS); 2661 } 2662 2663 if (m->m_next) 2664 m_freem(m->m_next); 2665 m->m_next = NULL; 2666 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2667 newmsg = mtod(m, struct sadb_msg *); 2668 newmsg->sadb_msg_errno = 0; 2669 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2670 2671 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2672 } 2673 2674 static uint8_t 2675 key_satype2scopemask(uint8_t satype) 2676 { 2677 2678 if (satype == IPSEC_POLICYSCOPE_ANY) 2679 return (0xff); 2680 return (satype); 2681 } 2682 /* 2683 * SADB_SPDDUMP processing 2684 * receive 2685 * <base> 2686 * from the user, and dump all SP leaves and send, 2687 * <base> ..... 2688 * to the ikmpd. 2689 * 2690 * NOTE: 2691 * sadb_msg_satype is considered as mask of policy scopes. 2692 * m will always be freed. 2693 */ 2694 static int 2695 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2696 { 2697 SPTREE_RLOCK_TRACKER; 2698 struct secpolicy *sp; 2699 struct mbuf *n; 2700 int cnt; 2701 u_int dir, scope; 2702 2703 IPSEC_ASSERT(so != NULL, ("null socket")); 2704 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2705 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2706 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2707 2708 /* search SPD entry and get buffer size. */ 2709 cnt = 0; 2710 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2711 SPTREE_RLOCK(); 2712 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2713 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2714 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2715 cnt++; 2716 } 2717 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2718 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2719 cnt++; 2720 } 2721 } 2722 2723 if (cnt == 0) { 2724 SPTREE_RUNLOCK(); 2725 return key_senderror(so, m, ENOENT); 2726 } 2727 2728 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2729 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2730 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2731 --cnt; 2732 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2733 mhp->msg->sadb_msg_pid); 2734 2735 if (n != NULL) 2736 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2737 } 2738 } 2739 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2740 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2741 --cnt; 2742 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2743 mhp->msg->sadb_msg_pid); 2744 2745 if (n != NULL) 2746 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2747 } 2748 } 2749 } 2750 2751 SPTREE_RUNLOCK(); 2752 m_freem(m); 2753 return (0); 2754 } 2755 2756 static struct mbuf * 2757 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2758 u_int32_t pid) 2759 { 2760 struct mbuf *result = NULL, *m; 2761 struct seclifetime lt; 2762 2763 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2764 if (!m) 2765 goto fail; 2766 result = m; 2767 2768 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2769 &sp->spidx.src.sa, sp->spidx.prefs, 2770 sp->spidx.ul_proto); 2771 if (!m) 2772 goto fail; 2773 m_cat(result, m); 2774 2775 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2776 &sp->spidx.dst.sa, sp->spidx.prefd, 2777 sp->spidx.ul_proto); 2778 if (!m) 2779 goto fail; 2780 m_cat(result, m); 2781 2782 m = key_sp2mbuf(sp); 2783 if (!m) 2784 goto fail; 2785 m_cat(result, m); 2786 2787 if(sp->lifetime){ 2788 lt.addtime=sp->created; 2789 lt.usetime= sp->lastused; 2790 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2791 if (!m) 2792 goto fail; 2793 m_cat(result, m); 2794 2795 lt.addtime=sp->lifetime; 2796 lt.usetime= sp->validtime; 2797 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2798 if (!m) 2799 goto fail; 2800 m_cat(result, m); 2801 } 2802 2803 if ((result->m_flags & M_PKTHDR) == 0) 2804 goto fail; 2805 2806 if (result->m_len < sizeof(struct sadb_msg)) { 2807 result = m_pullup(result, sizeof(struct sadb_msg)); 2808 if (result == NULL) 2809 goto fail; 2810 } 2811 2812 result->m_pkthdr.len = 0; 2813 for (m = result; m; m = m->m_next) 2814 result->m_pkthdr.len += m->m_len; 2815 2816 mtod(result, struct sadb_msg *)->sadb_msg_len = 2817 PFKEY_UNIT64(result->m_pkthdr.len); 2818 2819 return result; 2820 2821 fail: 2822 m_freem(result); 2823 return NULL; 2824 } 2825 /* 2826 * get PFKEY message length for security policy and request. 2827 */ 2828 static size_t 2829 key_getspreqmsglen(struct secpolicy *sp) 2830 { 2831 size_t tlen, len; 2832 int i; 2833 2834 tlen = sizeof(struct sadb_x_policy); 2835 /* if is the policy for ipsec ? */ 2836 if (sp->policy != IPSEC_POLICY_IPSEC) 2837 return (tlen); 2838 2839 /* get length of ipsec requests */ 2840 for (i = 0; i < sp->tcount; i++) { 2841 len = sizeof(struct sadb_x_ipsecrequest) 2842 + sp->req[i]->saidx.src.sa.sa_len 2843 + sp->req[i]->saidx.dst.sa.sa_len; 2844 2845 tlen += PFKEY_ALIGN8(len); 2846 } 2847 #ifdef IPSEC_OFFLOAD 2848 if (sp->accel_ifname != NULL) 2849 tlen += sizeof(struct sadb_x_if_hw_offl); 2850 #endif 2851 return (tlen); 2852 } 2853 2854 /* 2855 * SADB_SPDEXPIRE processing 2856 * send 2857 * <base, address(SD), lifetime(CH), policy> 2858 * to KMD by PF_KEY. 2859 * 2860 * OUT: 0 : succeed 2861 * others : error number 2862 */ 2863 static int 2864 key_spdexpire(struct secpolicy *sp) 2865 { 2866 struct sadb_lifetime *lt; 2867 struct mbuf *result = NULL, *m; 2868 int len, error = -1; 2869 2870 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2871 2872 KEYDBG(KEY_STAMP, 2873 printf("%s: SP(%p)\n", __func__, sp)); 2874 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2875 2876 /* set msg header */ 2877 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2878 if (!m) { 2879 error = ENOBUFS; 2880 goto fail; 2881 } 2882 result = m; 2883 2884 /* create lifetime extension (current and hard) */ 2885 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2886 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2887 if (m == NULL) { 2888 error = ENOBUFS; 2889 goto fail; 2890 } 2891 m_align(m, len); 2892 m->m_len = len; 2893 bzero(mtod(m, caddr_t), len); 2894 lt = mtod(m, struct sadb_lifetime *); 2895 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2896 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2897 lt->sadb_lifetime_allocations = 0; 2898 lt->sadb_lifetime_bytes = 0; 2899 lt->sadb_lifetime_addtime = sp->created; 2900 lt->sadb_lifetime_usetime = sp->lastused; 2901 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2902 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2903 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2904 lt->sadb_lifetime_allocations = 0; 2905 lt->sadb_lifetime_bytes = 0; 2906 lt->sadb_lifetime_addtime = sp->lifetime; 2907 lt->sadb_lifetime_usetime = sp->validtime; 2908 m_cat(result, m); 2909 2910 /* set sadb_address for source */ 2911 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2912 &sp->spidx.src.sa, 2913 sp->spidx.prefs, sp->spidx.ul_proto); 2914 if (!m) { 2915 error = ENOBUFS; 2916 goto fail; 2917 } 2918 m_cat(result, m); 2919 2920 /* set sadb_address for destination */ 2921 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2922 &sp->spidx.dst.sa, 2923 sp->spidx.prefd, sp->spidx.ul_proto); 2924 if (!m) { 2925 error = ENOBUFS; 2926 goto fail; 2927 } 2928 m_cat(result, m); 2929 2930 /* set secpolicy */ 2931 m = key_sp2mbuf(sp); 2932 if (!m) { 2933 error = ENOBUFS; 2934 goto fail; 2935 } 2936 m_cat(result, m); 2937 2938 if ((result->m_flags & M_PKTHDR) == 0) { 2939 error = EINVAL; 2940 goto fail; 2941 } 2942 2943 if (result->m_len < sizeof(struct sadb_msg)) { 2944 result = m_pullup(result, sizeof(struct sadb_msg)); 2945 if (result == NULL) { 2946 error = ENOBUFS; 2947 goto fail; 2948 } 2949 } 2950 2951 result->m_pkthdr.len = 0; 2952 for (m = result; m; m = m->m_next) 2953 result->m_pkthdr.len += m->m_len; 2954 2955 mtod(result, struct sadb_msg *)->sadb_msg_len = 2956 PFKEY_UNIT64(result->m_pkthdr.len); 2957 2958 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2959 2960 fail: 2961 if (result) 2962 m_freem(result); 2963 return error; 2964 } 2965 2966 /* %%% SAD management */ 2967 /* 2968 * allocating and initialize new SA head. 2969 * OUT: NULL : failure due to the lack of memory. 2970 * others : pointer to new SA head. 2971 */ 2972 static struct secashead * 2973 key_newsah(struct secasindex *saidx) 2974 { 2975 struct secashead *sah; 2976 2977 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2978 M_NOWAIT | M_ZERO); 2979 if (sah == NULL) { 2980 PFKEYSTAT_INC(in_nomem); 2981 return (NULL); 2982 } 2983 TAILQ_INIT(&sah->savtree_larval); 2984 TAILQ_INIT(&sah->savtree_alive); 2985 sah->saidx = *saidx; 2986 sah->state = SADB_SASTATE_DEAD; 2987 SAH_INITREF(sah); 2988 2989 KEYDBG(KEY_STAMP, 2990 printf("%s: SAH(%p)\n", __func__, sah)); 2991 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2992 return (sah); 2993 } 2994 2995 static void 2996 key_freesah(struct secashead **psah) 2997 { 2998 struct secashead *sah = *psah; 2999 3000 CURVNET_ASSERT_SET(); 3001 3002 if (SAH_DELREF(sah) == 0) 3003 return; 3004 3005 KEYDBG(KEY_STAMP, 3006 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 3007 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 3008 3009 *psah = NULL; 3010 key_delsah(sah); 3011 } 3012 3013 static void 3014 key_delsah(struct secashead *sah) 3015 { 3016 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 3017 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 3018 ("Attempt to free non DEAD SAH %p", sah)); 3019 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 3020 ("Attempt to free SAH %p with LARVAL SA", sah)); 3021 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 3022 ("Attempt to free SAH %p with ALIVE SA", sah)); 3023 3024 free(sah, M_IPSEC_SAH); 3025 } 3026 3027 /* 3028 * allocating a new SA for key_add() and key_getspi() call, 3029 * and copy the values of mhp into new buffer. 3030 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 3031 * For SADB_ADD create and initialize SA with MATURE state. 3032 * OUT: NULL : fail 3033 * others : pointer to new secasvar. 3034 */ 3035 static struct secasvar * 3036 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 3037 uint32_t spi, int *errp) 3038 { 3039 struct secashead *sah; 3040 struct secasvar *sav; 3041 int isnew; 3042 3043 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3044 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3045 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 3046 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 3047 3048 sav = NULL; 3049 sah = NULL; 3050 /* check SPI value */ 3051 switch (saidx->proto) { 3052 case IPPROTO_ESP: 3053 case IPPROTO_AH: 3054 /* 3055 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 3056 * 1-255 reserved by IANA for future use, 3057 * 0 for implementation specific, local use. 3058 */ 3059 if (ntohl(spi) <= 255) { 3060 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 3061 __func__, ntohl(spi))); 3062 *errp = EINVAL; 3063 goto done; 3064 } 3065 break; 3066 } 3067 3068 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 3069 if (sav == NULL) { 3070 *errp = ENOBUFS; 3071 goto done; 3072 } 3073 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 3074 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 3075 M_NOWAIT | M_ZERO); 3076 if (sav->lock == NULL) { 3077 *errp = ENOBUFS; 3078 goto done; 3079 } 3080 rm_init(sav->lock, "ipsec association"); 3081 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 3082 if (sav->lft_c == NULL) { 3083 *errp = ENOBUFS; 3084 goto done; 3085 } 3086 3087 sav->spi = spi; 3088 sav->seq = mhp->msg->sadb_msg_seq; 3089 sav->state = SADB_SASTATE_LARVAL; 3090 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 3091 SAV_INITREF(sav); 3092 #ifdef IPSEC_OFFLOAD 3093 CK_LIST_INIT(&sav->accel_ifps); 3094 sav->accel_forget_tq = 0; 3095 sav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone, 3096 M_NOWAIT | M_ZERO); 3097 if (sav->accel_lft_sw == NULL) { 3098 *errp = ENOBUFS; 3099 goto done; 3100 } 3101 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) && 3102 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) { 3103 struct sadb_x_if_hw_offl *xof; 3104 3105 xof = (struct sadb_x_if_hw_offl *)mhp->ext[ 3106 SADB_X_EXT_IF_HW_OFFL]; 3107 sav->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if), 3108 M_IPSEC_MISC, M_NOWAIT); 3109 if (sav->accel_ifname == NULL) { 3110 *errp = ENOBUFS; 3111 goto done; 3112 } 3113 strncpy(__DECONST(char *, sav->accel_ifname), 3114 xof->sadb_x_if_hw_offl_if, 3115 sizeof(xof->sadb_x_if_hw_offl_if)); 3116 } 3117 #endif 3118 again: 3119 sah = key_getsah(saidx); 3120 if (sah == NULL) { 3121 /* create a new SA index */ 3122 sah = key_newsah(saidx); 3123 if (sah == NULL) { 3124 ipseclog((LOG_DEBUG, 3125 "%s: No more memory.\n", __func__)); 3126 *errp = ENOBUFS; 3127 goto done; 3128 } 3129 isnew = 1; 3130 } else 3131 isnew = 0; 3132 3133 sav->sah = sah; 3134 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3135 sav->created = time_second; 3136 } else if (sav->state == SADB_SASTATE_LARVAL) { 3137 /* 3138 * Do not call key_setsaval() second time in case 3139 * of `goto again`. We will have MATURE state. 3140 */ 3141 *errp = key_setsaval(sav, mhp); 3142 if (*errp != 0) 3143 goto done; 3144 sav->state = SADB_SASTATE_MATURE; 3145 } 3146 3147 SAHTREE_WLOCK(); 3148 /* 3149 * Check that existing SAH wasn't unlinked. 3150 * Since we didn't hold the SAHTREE lock, it is possible, 3151 * that callout handler or key_flush() or key_delete() could 3152 * unlink this SAH. 3153 */ 3154 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3155 SAHTREE_WUNLOCK(); 3156 key_freesah(&sah); /* reference from key_getsah() */ 3157 goto again; 3158 } 3159 if (isnew != 0) { 3160 /* 3161 * Add new SAH into SADB. 3162 * 3163 * XXXAE: we can serialize key_add and key_getspi calls, so 3164 * several threads will not fight in the race. 3165 * Otherwise we should check under SAHTREE lock, that this 3166 * SAH would not added twice. 3167 */ 3168 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3169 /* Add new SAH into hash by addresses */ 3170 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3171 /* Now we are linked in the chain */ 3172 sah->state = SADB_SASTATE_MATURE; 3173 /* 3174 * SAV references this new SAH. 3175 * In case of existing SAH we reuse reference 3176 * from key_getsah(). 3177 */ 3178 SAH_ADDREF(sah); 3179 } 3180 /* Link SAV with SAH */ 3181 if (sav->state == SADB_SASTATE_MATURE) { 3182 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3183 ipsec_accel_sa_newkey(sav); 3184 } else 3185 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3186 /* Add SAV into SPI hash */ 3187 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3188 SAHTREE_WUNLOCK(); 3189 *errp = 0; /* success */ 3190 done: 3191 if (*errp != 0) { 3192 if (sav != NULL) { 3193 if (sav->lock != NULL) { 3194 rm_destroy(sav->lock); 3195 free(sav->lock, M_IPSEC_MISC); 3196 } 3197 if (sav->lft_c != NULL) 3198 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3199 #ifdef IPSEC_OFFLOAD 3200 if (sav->accel_lft_sw != NULL) 3201 uma_zfree_pcpu(ipsec_key_lft_zone, 3202 sav->accel_lft_sw); 3203 free(__DECONST(char *, sav->accel_ifname), 3204 M_IPSEC_MISC); 3205 #endif 3206 free(sav, M_IPSEC_SA), sav = NULL; 3207 } 3208 if (sah != NULL) 3209 key_freesah(&sah); 3210 if (*errp == ENOBUFS) { 3211 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3212 __func__)); 3213 PFKEYSTAT_INC(in_nomem); 3214 } 3215 } 3216 return (sav); 3217 } 3218 3219 /* 3220 * free() SA variable entry. 3221 */ 3222 static void 3223 key_cleansav(struct secasvar *sav) 3224 { 3225 3226 if (sav->natt != NULL) { 3227 free(sav->natt, M_IPSEC_MISC); 3228 sav->natt = NULL; 3229 } 3230 if (sav->flags & SADB_X_EXT_F_CLONED) 3231 return; 3232 if (sav->tdb_xform != NULL) { 3233 sav->tdb_xform->xf_cleanup(sav); 3234 sav->tdb_xform = NULL; 3235 } 3236 if (sav->key_auth != NULL) { 3237 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3238 free(sav->key_auth, M_IPSEC_MISC); 3239 sav->key_auth = NULL; 3240 } 3241 if (sav->key_enc != NULL) { 3242 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3243 free(sav->key_enc, M_IPSEC_MISC); 3244 sav->key_enc = NULL; 3245 } 3246 if (sav->replay != NULL) { 3247 mtx_destroy(&sav->replay->lock); 3248 if (sav->replay->bitmap != NULL) 3249 free(sav->replay->bitmap, M_IPSEC_MISC); 3250 free(sav->replay, M_IPSEC_MISC); 3251 sav->replay = NULL; 3252 } 3253 if (sav->lft_h != NULL) { 3254 free(sav->lft_h, M_IPSEC_MISC); 3255 sav->lft_h = NULL; 3256 } 3257 if (sav->lft_s != NULL) { 3258 free(sav->lft_s, M_IPSEC_MISC); 3259 sav->lft_s = NULL; 3260 } 3261 } 3262 3263 /* 3264 * free() SA variable entry. 3265 */ 3266 static void 3267 key_delsav(struct secasvar *sav) 3268 { 3269 IPSEC_ASSERT(sav != NULL, ("null sav")); 3270 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3271 ("attempt to free non DEAD SA %p", sav)); 3272 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3273 sav->refcnt)); 3274 #ifdef IPSEC_OFFLOAD 3275 KASSERT(CK_LIST_EMPTY(&sav->accel_ifps), 3276 ("key_unlinksav: sav %p still offloaded", sav)); 3277 #endif 3278 3279 /* 3280 * SA must be unlinked from the chain and hashtbl. 3281 * If SA was cloned, we leave all fields untouched, 3282 * except NAT-T config. 3283 */ 3284 key_cleansav(sav); 3285 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3286 rm_destroy(sav->lock); 3287 free(sav->lock, M_IPSEC_MISC); 3288 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3289 } 3290 #ifdef IPSEC_OFFLOAD 3291 /* XXXKIB should this be moved to key_cleansav()? */ 3292 uma_zfree_pcpu(ipsec_key_lft_zone, sav->accel_lft_sw); 3293 free(__DECONST(char *, sav->accel_ifname), M_IPSEC_MISC); 3294 #endif 3295 free(sav, M_IPSEC_SA); 3296 } 3297 3298 /* 3299 * search SAH. 3300 * OUT: 3301 * NULL : not found 3302 * others : found, referenced pointer to a SAH. 3303 */ 3304 static struct secashead * 3305 key_getsah(struct secasindex *saidx) 3306 { 3307 SAHTREE_RLOCK_TRACKER; 3308 struct secashead *sah; 3309 3310 SAHTREE_RLOCK(); 3311 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3312 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3313 SAH_ADDREF(sah); 3314 break; 3315 } 3316 } 3317 SAHTREE_RUNLOCK(); 3318 return (sah); 3319 } 3320 3321 /* 3322 * Check not to be duplicated SPI. 3323 * OUT: 3324 * 0 : not found 3325 * 1 : found SA with given SPI. 3326 */ 3327 static int 3328 key_checkspidup(uint32_t spi) 3329 { 3330 SAHTREE_RLOCK_TRACKER; 3331 struct secasvar *sav; 3332 3333 /* Assume SPI is in network byte order */ 3334 SAHTREE_RLOCK(); 3335 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3336 if (sav->spi == spi) 3337 break; 3338 } 3339 SAHTREE_RUNLOCK(); 3340 return (sav != NULL); 3341 } 3342 3343 /* 3344 * Search SA by SPI. 3345 * OUT: 3346 * NULL : not found 3347 * others : found, referenced pointer to a SA. 3348 */ 3349 static struct secasvar * 3350 key_getsavbyspi(uint32_t spi) 3351 { 3352 SAHTREE_RLOCK_TRACKER; 3353 struct secasvar *sav; 3354 3355 /* Assume SPI is in network byte order */ 3356 SAHTREE_RLOCK(); 3357 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3358 if (sav->spi != spi) 3359 continue; 3360 SAV_ADDREF(sav); 3361 break; 3362 } 3363 SAHTREE_RUNLOCK(); 3364 return (sav); 3365 } 3366 3367 static int 3368 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3369 { 3370 struct seclifetime *lft_h, *lft_s, *tmp; 3371 3372 /* Lifetime extension is optional, check that it is present. */ 3373 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3374 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3375 /* 3376 * In case of SADB_UPDATE we may need to change 3377 * existing lifetimes. 3378 */ 3379 if (sav->state == SADB_SASTATE_MATURE) { 3380 lft_h = lft_s = NULL; 3381 goto reset; 3382 } 3383 return (0); 3384 } 3385 /* Both HARD and SOFT extensions must present */ 3386 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3387 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3388 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3389 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3390 ipseclog((LOG_DEBUG, 3391 "%s: invalid message: missing required header.\n", 3392 __func__)); 3393 return (EINVAL); 3394 } 3395 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3396 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3397 ipseclog((LOG_DEBUG, 3398 "%s: invalid message: wrong header size.\n", __func__)); 3399 return (EINVAL); 3400 } 3401 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3402 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3403 if (lft_h == NULL) { 3404 PFKEYSTAT_INC(in_nomem); 3405 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3406 return (ENOBUFS); 3407 } 3408 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3409 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3410 if (lft_s == NULL) { 3411 PFKEYSTAT_INC(in_nomem); 3412 free(lft_h, M_IPSEC_MISC); 3413 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3414 return (ENOBUFS); 3415 } 3416 reset: 3417 if (sav->state != SADB_SASTATE_LARVAL) { 3418 /* 3419 * key_update() holds reference to this SA, 3420 * so it won't be deleted in meanwhile. 3421 */ 3422 SECASVAR_WLOCK(sav); 3423 tmp = sav->lft_h; 3424 sav->lft_h = lft_h; 3425 lft_h = tmp; 3426 3427 tmp = sav->lft_s; 3428 sav->lft_s = lft_s; 3429 lft_s = tmp; 3430 SECASVAR_WUNLOCK(sav); 3431 if (lft_h != NULL) 3432 free(lft_h, M_IPSEC_MISC); 3433 if (lft_s != NULL) 3434 free(lft_s, M_IPSEC_MISC); 3435 return (0); 3436 } 3437 /* We can update lifetime without holding a lock */ 3438 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3439 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3440 sav->lft_h = lft_h; 3441 sav->lft_s = lft_s; 3442 return (0); 3443 } 3444 3445 /* 3446 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3447 * You must update these if need. Expects only LARVAL SAs. 3448 * OUT: 0: success. 3449 * !0: failure. 3450 */ 3451 static int 3452 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3453 { 3454 const struct sadb_sa *sa0; 3455 const struct sadb_key *key0; 3456 uint32_t replay; 3457 size_t len; 3458 int error; 3459 3460 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3461 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3462 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3463 ("Attempt to update non LARVAL SA")); 3464 3465 /* XXX rewrite */ 3466 error = key_setident(sav->sah, mhp); 3467 if (error != 0) 3468 goto fail; 3469 3470 /* SA */ 3471 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3472 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3473 error = EINVAL; 3474 goto fail; 3475 } 3476 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3477 sav->alg_auth = sa0->sadb_sa_auth; 3478 sav->alg_enc = sa0->sadb_sa_encrypt; 3479 sav->flags = sa0->sadb_sa_flags; 3480 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3481 ipseclog((LOG_DEBUG, 3482 "%s: invalid sa_flags 0x%08x.\n", __func__, 3483 sav->flags)); 3484 error = EINVAL; 3485 goto fail; 3486 } 3487 3488 /* Optional replay window */ 3489 replay = 0; 3490 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3491 replay = sa0->sadb_sa_replay; 3492 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3493 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3494 error = EINVAL; 3495 goto fail; 3496 } 3497 replay = ((const struct sadb_x_sa_replay *) 3498 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3499 3500 if (replay > UINT32_MAX - 32) { 3501 ipseclog((LOG_DEBUG, 3502 "%s: replay window too big.\n", __func__)); 3503 error = EINVAL; 3504 goto fail; 3505 } 3506 3507 replay = (replay + 7) >> 3; 3508 } 3509 3510 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3511 M_NOWAIT | M_ZERO); 3512 if (sav->replay == NULL) { 3513 PFKEYSTAT_INC(in_nomem); 3514 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3515 __func__)); 3516 error = ENOBUFS; 3517 goto fail; 3518 } 3519 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3520 3521 if (replay != 0) { 3522 /* number of 32b blocks to be allocated */ 3523 uint32_t bitmap_size; 3524 3525 /* RFC 6479: 3526 * - the allocated replay window size must be 3527 * a power of two. 3528 * - use an extra 32b block as a redundant window. 3529 */ 3530 bitmap_size = 1; 3531 while (replay + 4 > bitmap_size) 3532 bitmap_size <<= 1; 3533 bitmap_size = bitmap_size / 4; 3534 3535 sav->replay->bitmap = malloc( 3536 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3537 M_NOWAIT | M_ZERO); 3538 if (sav->replay->bitmap == NULL) { 3539 PFKEYSTAT_INC(in_nomem); 3540 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3541 __func__)); 3542 error = ENOBUFS; 3543 goto fail; 3544 } 3545 sav->replay->bitmap_size = bitmap_size; 3546 sav->replay->wsize = replay; 3547 } 3548 } 3549 3550 /* Authentication keys */ 3551 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3552 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3553 error = EINVAL; 3554 goto fail; 3555 } 3556 error = 0; 3557 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3558 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3559 switch (mhp->msg->sadb_msg_satype) { 3560 case SADB_SATYPE_AH: 3561 case SADB_SATYPE_ESP: 3562 case SADB_X_SATYPE_TCPSIGNATURE: 3563 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3564 sav->alg_auth != SADB_X_AALG_NULL) 3565 error = EINVAL; 3566 if (key0->sadb_key_bits == 0 || (sizeof(struct sadb_key) + 3567 (key0->sadb_key_bits >> 3)) > len) 3568 error = EINVAL; 3569 break; 3570 case SADB_X_SATYPE_IPCOMP: 3571 default: 3572 error = EINVAL; 3573 break; 3574 } 3575 if (error) { 3576 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3577 __func__)); 3578 goto fail; 3579 } 3580 3581 sav->key_auth = key_dup_keymsg(key0, M_IPSEC_MISC); 3582 if (sav->key_auth == NULL ) { 3583 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3584 __func__)); 3585 PFKEYSTAT_INC(in_nomem); 3586 error = ENOBUFS; 3587 goto fail; 3588 } 3589 } 3590 3591 /* Encryption key */ 3592 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3593 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3594 error = EINVAL; 3595 goto fail; 3596 } 3597 error = 0; 3598 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3599 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3600 switch (mhp->msg->sadb_msg_satype) { 3601 case SADB_SATYPE_ESP: 3602 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3603 sav->alg_enc != SADB_EALG_NULL) { 3604 error = EINVAL; 3605 break; 3606 } 3607 if (key0->sadb_key_bits == 0 || (sizeof(struct sadb_key) + 3608 (key0->sadb_key_bits >> 3)) > len) { 3609 error = EINVAL; 3610 break; 3611 } 3612 sav->key_enc = key_dup_keymsg(key0, M_IPSEC_MISC); 3613 if (sav->key_enc == NULL) { 3614 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3615 __func__)); 3616 PFKEYSTAT_INC(in_nomem); 3617 error = ENOBUFS; 3618 goto fail; 3619 } 3620 break; 3621 case SADB_X_SATYPE_IPCOMP: 3622 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3623 error = EINVAL; 3624 sav->key_enc = NULL; /*just in case*/ 3625 break; 3626 case SADB_SATYPE_AH: 3627 case SADB_X_SATYPE_TCPSIGNATURE: 3628 default: 3629 error = EINVAL; 3630 break; 3631 } 3632 if (error) { 3633 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3634 __func__)); 3635 goto fail; 3636 } 3637 } 3638 3639 /* set iv */ 3640 sav->ivlen = 0; 3641 switch (mhp->msg->sadb_msg_satype) { 3642 case SADB_SATYPE_AH: 3643 if (sav->flags & SADB_X_EXT_DERIV) { 3644 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3645 "given to AH SA.\n", __func__)); 3646 error = EINVAL; 3647 goto fail; 3648 } 3649 if (sav->alg_enc != SADB_EALG_NONE) { 3650 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3651 "mismated.\n", __func__)); 3652 error = EINVAL; 3653 goto fail; 3654 } 3655 error = xform_init(sav, XF_AH); 3656 break; 3657 case SADB_SATYPE_ESP: 3658 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3659 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3660 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3661 "given to old-esp.\n", __func__)); 3662 error = EINVAL; 3663 goto fail; 3664 } 3665 error = xform_init(sav, XF_ESP); 3666 break; 3667 case SADB_X_SATYPE_IPCOMP: 3668 if (sav->alg_auth != SADB_AALG_NONE) { 3669 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3670 "mismated.\n", __func__)); 3671 error = EINVAL; 3672 goto fail; 3673 } 3674 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3675 ntohl(sav->spi) >= 0x10000) { 3676 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3677 __func__)); 3678 error = EINVAL; 3679 goto fail; 3680 } 3681 error = xform_init(sav, XF_IPCOMP); 3682 break; 3683 case SADB_X_SATYPE_TCPSIGNATURE: 3684 if (sav->alg_enc != SADB_EALG_NONE) { 3685 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3686 "mismated.\n", __func__)); 3687 error = EINVAL; 3688 goto fail; 3689 } 3690 error = xform_init(sav, XF_TCPSIGNATURE); 3691 break; 3692 default: 3693 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3694 error = EPROTONOSUPPORT; 3695 goto fail; 3696 } 3697 if (error) { 3698 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3699 __func__, mhp->msg->sadb_msg_satype)); 3700 goto fail; 3701 } 3702 3703 /* Handle NAT-T headers */ 3704 error = key_setnatt(sav, mhp); 3705 if (error != 0) 3706 goto fail; 3707 3708 /* Initialize lifetime for CURRENT */ 3709 sav->firstused = 0; 3710 sav->created = time_second; 3711 3712 /* lifetimes for HARD and SOFT */ 3713 error = key_updatelifetimes(sav, mhp); 3714 if (error == 0) 3715 return (0); 3716 fail: 3717 key_cleansav(sav); 3718 return (error); 3719 } 3720 3721 /* 3722 * subroutine for SADB_GET and SADB_DUMP. 3723 */ 3724 static struct mbuf * 3725 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3726 uint32_t seq, uint32_t pid, struct rm_priotracker *sahtree_trackerp) 3727 { 3728 struct seclifetime lft_c; 3729 struct mbuf *result = NULL, *tres = NULL, *m; 3730 int i, dumporder[] = { 3731 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3732 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3733 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3734 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3735 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3736 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3737 SADB_EXT_SENSITIVITY, 3738 SADB_X_EXT_NAT_T_TYPE, 3739 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3740 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3741 SADB_X_EXT_NAT_T_FRAG, 3742 #ifdef IPSEC_OFFLOAD 3743 SADB_X_EXT_LFT_CUR_SW_OFFL, SADB_X_EXT_LFT_CUR_HW_OFFL, 3744 SADB_X_EXT_IF_HW_OFFL, 3745 #endif 3746 }; 3747 uint32_t replay_count; 3748 #ifdef IPSEC_OFFLOAD 3749 int error; 3750 #endif 3751 3752 SECASVAR_RLOCK_TRACKER; 3753 3754 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3755 if (m == NULL) 3756 goto fail; 3757 result = m; 3758 3759 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3760 m = NULL; 3761 switch (dumporder[i]) { 3762 case SADB_EXT_SA: 3763 m = key_setsadbsa(sav); 3764 if (!m) 3765 goto fail; 3766 break; 3767 3768 case SADB_X_EXT_SA2: { 3769 SECASVAR_RLOCK(sav); 3770 replay_count = sav->replay ? sav->replay->count : 0; 3771 SECASVAR_RUNLOCK(sav); 3772 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3773 sav->sah->saidx.reqid); 3774 if (!m) 3775 goto fail; 3776 break; 3777 } 3778 case SADB_X_EXT_SA_REPLAY: 3779 if (sav->replay == NULL || 3780 sav->replay->wsize <= UINT8_MAX) 3781 continue; 3782 3783 m = key_setsadbxsareplay(sav->replay->wsize); 3784 if (!m) 3785 goto fail; 3786 break; 3787 3788 case SADB_EXT_ADDRESS_SRC: 3789 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3790 &sav->sah->saidx.src.sa, 3791 FULLMASK, IPSEC_ULPROTO_ANY); 3792 if (!m) 3793 goto fail; 3794 break; 3795 3796 case SADB_EXT_ADDRESS_DST: 3797 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3798 &sav->sah->saidx.dst.sa, 3799 FULLMASK, IPSEC_ULPROTO_ANY); 3800 if (!m) 3801 goto fail; 3802 break; 3803 3804 case SADB_EXT_KEY_AUTH: 3805 if (!sav->key_auth) 3806 continue; 3807 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3808 if (!m) 3809 goto fail; 3810 break; 3811 3812 case SADB_EXT_KEY_ENCRYPT: 3813 if (!sav->key_enc) 3814 continue; 3815 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3816 if (!m) 3817 goto fail; 3818 break; 3819 3820 case SADB_EXT_LIFETIME_CURRENT: 3821 lft_c.addtime = sav->created; 3822 lft_c.allocations = (uint32_t)counter_u64_fetch( 3823 sav->lft_c_allocations); 3824 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3825 lft_c.usetime = sav->firstused; 3826 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3827 if (!m) 3828 goto fail; 3829 break; 3830 3831 case SADB_EXT_LIFETIME_HARD: 3832 if (!sav->lft_h) 3833 continue; 3834 m = key_setlifetime(sav->lft_h, 3835 SADB_EXT_LIFETIME_HARD); 3836 if (!m) 3837 goto fail; 3838 break; 3839 3840 case SADB_EXT_LIFETIME_SOFT: 3841 if (!sav->lft_s) 3842 continue; 3843 m = key_setlifetime(sav->lft_s, 3844 SADB_EXT_LIFETIME_SOFT); 3845 3846 if (!m) 3847 goto fail; 3848 break; 3849 3850 case SADB_X_EXT_NAT_T_TYPE: 3851 if (sav->natt == NULL) 3852 continue; 3853 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3854 if (!m) 3855 goto fail; 3856 break; 3857 3858 case SADB_X_EXT_NAT_T_DPORT: 3859 if (sav->natt == NULL) 3860 continue; 3861 m = key_setsadbxport(sav->natt->dport, 3862 SADB_X_EXT_NAT_T_DPORT); 3863 if (!m) 3864 goto fail; 3865 break; 3866 3867 case SADB_X_EXT_NAT_T_SPORT: 3868 if (sav->natt == NULL) 3869 continue; 3870 m = key_setsadbxport(sav->natt->sport, 3871 SADB_X_EXT_NAT_T_SPORT); 3872 if (!m) 3873 goto fail; 3874 break; 3875 3876 case SADB_X_EXT_NAT_T_OAI: 3877 if (sav->natt == NULL || 3878 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3879 continue; 3880 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3881 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3882 if (!m) 3883 goto fail; 3884 break; 3885 case SADB_X_EXT_NAT_T_OAR: 3886 if (sav->natt == NULL || 3887 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3888 continue; 3889 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3890 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3891 if (!m) 3892 goto fail; 3893 break; 3894 case SADB_X_EXT_NAT_T_FRAG: 3895 /* We do not (yet) support those. */ 3896 continue; 3897 #ifdef IPSEC_OFFLOAD 3898 case SADB_X_EXT_LFT_CUR_SW_OFFL: 3899 if (!ipsec_accel_is_accel_sav(sav)) 3900 continue; 3901 SAV_ADDREF(sav); 3902 error = ipsec_accel_sa_lifetime_op(sav, &lft_c, 3903 NULL, IF_SA_CNT_TOTAL_SW_VAL, sahtree_trackerp); 3904 if (error != 0) { 3905 m = NULL; 3906 goto fail; 3907 } 3908 m = key_setlifetime(&lft_c, dumporder[i]); 3909 if (m == NULL) 3910 goto fail; 3911 key_freesav(&sav); 3912 if (sav == NULL) { 3913 m_freem(m); 3914 goto fail; 3915 } 3916 break; 3917 case SADB_X_EXT_LFT_CUR_HW_OFFL: 3918 if (!ipsec_accel_is_accel_sav(sav)) 3919 continue; 3920 memset(&lft_c, 0, sizeof(lft_c)); 3921 lft_c.bytes = sav->accel_hw_octets; 3922 lft_c.allocations = sav->accel_hw_allocs; 3923 m = key_setlifetime(&lft_c, dumporder[i]); 3924 if (m == NULL) 3925 goto fail; 3926 break; 3927 case SADB_X_EXT_IF_HW_OFFL: 3928 if (!ipsec_accel_is_accel_sav(sav)) 3929 continue; 3930 m = ipsec_accel_key_setaccelif(sav); 3931 if (m == NULL) 3932 continue; /* benigh */ 3933 break; 3934 #endif 3935 3936 case SADB_EXT_ADDRESS_PROXY: 3937 case SADB_EXT_IDENTITY_SRC: 3938 case SADB_EXT_IDENTITY_DST: 3939 /* XXX: should we brought from SPD ? */ 3940 case SADB_EXT_SENSITIVITY: 3941 default: 3942 continue; 3943 } 3944 3945 if (!m) 3946 goto fail; 3947 if (tres) 3948 m_cat(m, tres); 3949 tres = m; 3950 } 3951 3952 m_cat(result, tres); 3953 tres = NULL; 3954 if (result->m_len < sizeof(struct sadb_msg)) { 3955 result = m_pullup(result, sizeof(struct sadb_msg)); 3956 if (result == NULL) 3957 goto fail; 3958 } 3959 3960 result->m_pkthdr.len = 0; 3961 for (m = result; m; m = m->m_next) 3962 result->m_pkthdr.len += m->m_len; 3963 3964 mtod(result, struct sadb_msg *)->sadb_msg_len = 3965 PFKEY_UNIT64(result->m_pkthdr.len); 3966 3967 return result; 3968 3969 fail: 3970 m_freem(result); 3971 m_freem(tres); 3972 return NULL; 3973 } 3974 3975 /* 3976 * set data into sadb_msg. 3977 */ 3978 static struct mbuf * 3979 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3980 pid_t pid, u_int16_t reserved) 3981 { 3982 struct mbuf *m; 3983 struct sadb_msg *p; 3984 int len; 3985 3986 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3987 if (len > MCLBYTES) 3988 return NULL; 3989 m = key_mget(len); 3990 if (m == NULL) 3991 return NULL; 3992 m->m_pkthdr.len = m->m_len = len; 3993 m->m_next = NULL; 3994 3995 p = mtod(m, struct sadb_msg *); 3996 3997 bzero(p, len); 3998 p->sadb_msg_version = PF_KEY_V2; 3999 p->sadb_msg_type = type; 4000 p->sadb_msg_errno = 0; 4001 p->sadb_msg_satype = satype; 4002 p->sadb_msg_len = PFKEY_UNIT64(tlen); 4003 p->sadb_msg_reserved = reserved; 4004 p->sadb_msg_seq = seq; 4005 p->sadb_msg_pid = (u_int32_t)pid; 4006 4007 return m; 4008 } 4009 4010 /* 4011 * copy secasvar data into sadb_address. 4012 */ 4013 static struct mbuf * 4014 key_setsadbsa(struct secasvar *sav) 4015 { 4016 struct mbuf *m; 4017 struct sadb_sa *p; 4018 int len; 4019 4020 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4021 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4022 if (m == NULL) 4023 return (NULL); 4024 m_align(m, len); 4025 m->m_len = len; 4026 p = mtod(m, struct sadb_sa *); 4027 bzero(p, len); 4028 p->sadb_sa_len = PFKEY_UNIT64(len); 4029 p->sadb_sa_exttype = SADB_EXT_SA; 4030 p->sadb_sa_spi = sav->spi; 4031 p->sadb_sa_replay = sav->replay ? 4032 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 4033 sav->replay->wsize): 0; 4034 p->sadb_sa_state = sav->state; 4035 p->sadb_sa_auth = sav->alg_auth; 4036 p->sadb_sa_encrypt = sav->alg_enc; 4037 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 4038 return (m); 4039 } 4040 4041 /* 4042 * set data into sadb_address. 4043 */ 4044 static struct mbuf * 4045 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 4046 u_int8_t prefixlen, u_int16_t ul_proto) 4047 { 4048 struct mbuf *m; 4049 struct sadb_address *p; 4050 size_t len; 4051 4052 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 4053 PFKEY_ALIGN8(saddr->sa_len); 4054 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4055 if (m == NULL) 4056 return (NULL); 4057 m_align(m, len); 4058 m->m_len = len; 4059 p = mtod(m, struct sadb_address *); 4060 4061 bzero(p, len); 4062 p->sadb_address_len = PFKEY_UNIT64(len); 4063 p->sadb_address_exttype = exttype; 4064 p->sadb_address_proto = ul_proto; 4065 if (prefixlen == FULLMASK) { 4066 switch (saddr->sa_family) { 4067 case AF_INET: 4068 prefixlen = sizeof(struct in_addr) << 3; 4069 break; 4070 case AF_INET6: 4071 prefixlen = sizeof(struct in6_addr) << 3; 4072 break; 4073 default: 4074 ; /*XXX*/ 4075 } 4076 } 4077 p->sadb_address_prefixlen = prefixlen; 4078 p->sadb_address_reserved = 0; 4079 4080 bcopy(saddr, 4081 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 4082 saddr->sa_len); 4083 4084 return m; 4085 } 4086 4087 /* 4088 * set data into sadb_x_sa2. 4089 */ 4090 static struct mbuf * 4091 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 4092 { 4093 struct mbuf *m; 4094 struct sadb_x_sa2 *p; 4095 size_t len; 4096 4097 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 4098 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4099 if (m == NULL) 4100 return (NULL); 4101 m_align(m, len); 4102 m->m_len = len; 4103 p = mtod(m, struct sadb_x_sa2 *); 4104 4105 bzero(p, len); 4106 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 4107 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 4108 p->sadb_x_sa2_mode = mode; 4109 p->sadb_x_sa2_reserved1 = 0; 4110 p->sadb_x_sa2_reserved2 = 0; 4111 p->sadb_x_sa2_sequence = seq; 4112 p->sadb_x_sa2_reqid = reqid; 4113 4114 return m; 4115 } 4116 4117 /* 4118 * Set data into sadb_x_sa_replay. 4119 */ 4120 static struct mbuf * 4121 key_setsadbxsareplay(u_int32_t replay) 4122 { 4123 struct mbuf *m; 4124 struct sadb_x_sa_replay *p; 4125 size_t len; 4126 4127 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 4128 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4129 if (m == NULL) 4130 return (NULL); 4131 m_align(m, len); 4132 m->m_len = len; 4133 p = mtod(m, struct sadb_x_sa_replay *); 4134 4135 bzero(p, len); 4136 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 4137 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 4138 p->sadb_x_sa_replay_replay = (replay << 3); 4139 4140 return m; 4141 } 4142 4143 /* 4144 * Set a type in sadb_x_nat_t_type. 4145 */ 4146 static struct mbuf * 4147 key_setsadbxtype(u_int16_t type) 4148 { 4149 struct mbuf *m; 4150 size_t len; 4151 struct sadb_x_nat_t_type *p; 4152 4153 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 4154 4155 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4156 if (m == NULL) 4157 return (NULL); 4158 m_align(m, len); 4159 m->m_len = len; 4160 p = mtod(m, struct sadb_x_nat_t_type *); 4161 4162 bzero(p, len); 4163 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 4164 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 4165 p->sadb_x_nat_t_type_type = type; 4166 4167 return (m); 4168 } 4169 /* 4170 * Set a port in sadb_x_nat_t_port. 4171 * In contrast to default RFC 2367 behaviour, port is in network byte order. 4172 */ 4173 static struct mbuf * 4174 key_setsadbxport(u_int16_t port, u_int16_t type) 4175 { 4176 struct mbuf *m; 4177 size_t len; 4178 struct sadb_x_nat_t_port *p; 4179 4180 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4181 4182 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4183 if (m == NULL) 4184 return (NULL); 4185 m_align(m, len); 4186 m->m_len = len; 4187 p = mtod(m, struct sadb_x_nat_t_port *); 4188 4189 bzero(p, len); 4190 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4191 p->sadb_x_nat_t_port_exttype = type; 4192 p->sadb_x_nat_t_port_port = port; 4193 4194 return (m); 4195 } 4196 4197 /* 4198 * Get port from sockaddr. Port is in network byte order. 4199 */ 4200 uint16_t 4201 key_portfromsaddr(struct sockaddr *sa) 4202 { 4203 4204 switch (sa->sa_family) { 4205 #ifdef INET 4206 case AF_INET: 4207 return ((struct sockaddr_in *)sa)->sin_port; 4208 #endif 4209 #ifdef INET6 4210 case AF_INET6: 4211 return ((struct sockaddr_in6 *)sa)->sin6_port; 4212 #endif 4213 } 4214 return (0); 4215 } 4216 4217 /* 4218 * Set port in struct sockaddr. Port is in network byte order. 4219 */ 4220 void 4221 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4222 { 4223 4224 switch (sa->sa_family) { 4225 #ifdef INET 4226 case AF_INET: 4227 ((struct sockaddr_in *)sa)->sin_port = port; 4228 break; 4229 #endif 4230 #ifdef INET6 4231 case AF_INET6: 4232 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4233 break; 4234 #endif 4235 default: 4236 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4237 __func__, sa->sa_family)); 4238 break; 4239 } 4240 } 4241 4242 /* 4243 * set data into sadb_x_policy 4244 */ 4245 static struct mbuf * 4246 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4247 { 4248 struct mbuf *m; 4249 struct sadb_x_policy *p; 4250 size_t len; 4251 4252 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4253 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4254 if (m == NULL) 4255 return (NULL); 4256 m_align(m, len); 4257 m->m_len = len; 4258 p = mtod(m, struct sadb_x_policy *); 4259 4260 bzero(p, len); 4261 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4262 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4263 p->sadb_x_policy_type = type; 4264 p->sadb_x_policy_dir = dir; 4265 p->sadb_x_policy_id = id; 4266 p->sadb_x_policy_priority = priority; 4267 4268 return m; 4269 } 4270 4271 /* %%% utilities */ 4272 /* Take a key message (sadb_key) from the socket and turn it into one 4273 * of the kernel's key structures (seckey). 4274 * 4275 * IN: pointer to the src 4276 * OUT: NULL no more memory 4277 */ 4278 struct seckey * 4279 key_dup_keymsg(const struct sadb_key *src, struct malloc_type *type) 4280 { 4281 struct seckey *dst; 4282 size_t len; 4283 4284 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4285 if (dst != NULL) { 4286 len = src->sadb_key_bits >> 3; 4287 dst->bits = src->sadb_key_bits; 4288 dst->key_data = malloc(len, type, M_NOWAIT); 4289 if (dst->key_data != NULL) { 4290 bcopy((const char *)(src + 1), dst->key_data, len); 4291 } else { 4292 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4293 __func__)); 4294 free(dst, type); 4295 dst = NULL; 4296 } 4297 } else { 4298 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4299 __func__)); 4300 } 4301 return (dst); 4302 } 4303 4304 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4305 * turn it into one of the kernel's lifetime structures (seclifetime). 4306 * 4307 * IN: pointer to the destination, source and malloc type 4308 * OUT: NULL, no more memory 4309 */ 4310 4311 static struct seclifetime * 4312 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4313 { 4314 struct seclifetime *dst; 4315 4316 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4317 if (dst == NULL) { 4318 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4319 return (NULL); 4320 } 4321 dst->allocations = src->sadb_lifetime_allocations; 4322 dst->bytes = src->sadb_lifetime_bytes; 4323 dst->addtime = src->sadb_lifetime_addtime; 4324 dst->usetime = src->sadb_lifetime_usetime; 4325 return (dst); 4326 } 4327 4328 /* 4329 * compare two secasindex structure. 4330 * flag can specify to compare 2 saidxes. 4331 * compare two secasindex structure without both mode and reqid. 4332 * don't compare port. 4333 * IN: 4334 * saidx0: source, it can be in SAD. 4335 * saidx1: object. 4336 * OUT: 4337 * 1 : equal 4338 * 0 : not equal 4339 */ 4340 static int 4341 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4342 int flag) 4343 { 4344 4345 /* sanity */ 4346 if (saidx0 == NULL && saidx1 == NULL) 4347 return 1; 4348 4349 if (saidx0 == NULL || saidx1 == NULL) 4350 return 0; 4351 4352 if (saidx0->proto != saidx1->proto) 4353 return 0; 4354 4355 if (flag == CMP_EXACTLY) { 4356 if (saidx0->mode != saidx1->mode) 4357 return 0; 4358 if (saidx0->reqid != saidx1->reqid) 4359 return 0; 4360 if (bcmp(&saidx0->src, &saidx1->src, 4361 saidx0->src.sa.sa_len) != 0 || 4362 bcmp(&saidx0->dst, &saidx1->dst, 4363 saidx0->dst.sa.sa_len) != 0) 4364 return 0; 4365 } else { 4366 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4367 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4368 /* 4369 * If reqid of SPD is non-zero, unique SA is required. 4370 * The result must be of same reqid in this case. 4371 */ 4372 if (saidx1->reqid != 0 && 4373 saidx0->reqid != saidx1->reqid) 4374 return 0; 4375 } 4376 4377 if (flag == CMP_MODE_REQID) { 4378 if (saidx0->mode != IPSEC_MODE_ANY 4379 && saidx0->mode != saidx1->mode) 4380 return 0; 4381 } 4382 4383 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4384 return 0; 4385 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4386 return 0; 4387 } 4388 4389 return 1; 4390 } 4391 4392 /* 4393 * compare two secindex structure exactly. 4394 * IN: 4395 * spidx0: source, it is often in SPD. 4396 * spidx1: object, it is often from PFKEY message. 4397 * OUT: 4398 * 1 : equal 4399 * 0 : not equal 4400 */ 4401 static int 4402 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4403 struct secpolicyindex *spidx1) 4404 { 4405 /* sanity */ 4406 if (spidx0 == NULL && spidx1 == NULL) 4407 return 1; 4408 4409 if (spidx0 == NULL || spidx1 == NULL) 4410 return 0; 4411 4412 if (spidx0->prefs != spidx1->prefs 4413 || spidx0->prefd != spidx1->prefd 4414 || spidx0->ul_proto != spidx1->ul_proto 4415 || spidx0->dir != spidx1->dir) 4416 return 0; 4417 4418 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4419 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4420 } 4421 4422 /* 4423 * compare two secindex structure with mask. 4424 * IN: 4425 * spidx0: source, it is often in SPD. 4426 * spidx1: object, it is often from IP header. 4427 * OUT: 4428 * 1 : equal 4429 * 0 : not equal 4430 */ 4431 static int 4432 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4433 struct secpolicyindex *spidx1) 4434 { 4435 /* sanity */ 4436 if (spidx0 == NULL && spidx1 == NULL) 4437 return 1; 4438 4439 if (spidx0 == NULL || spidx1 == NULL) 4440 return 0; 4441 4442 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4443 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4444 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4445 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4446 return 0; 4447 4448 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4449 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4450 && spidx0->ul_proto != spidx1->ul_proto) 4451 return 0; 4452 4453 switch (spidx0->src.sa.sa_family) { 4454 case AF_INET: 4455 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4456 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4457 return 0; 4458 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4459 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4460 return 0; 4461 break; 4462 case AF_INET6: 4463 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4464 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4465 return 0; 4466 /* 4467 * scope_id check. if sin6_scope_id is 0, we regard it 4468 * as a wildcard scope, which matches any scope zone ID. 4469 */ 4470 if (spidx0->src.sin6.sin6_scope_id && 4471 spidx1->src.sin6.sin6_scope_id && 4472 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4473 return 0; 4474 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4475 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4476 return 0; 4477 break; 4478 default: 4479 /* XXX */ 4480 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4481 return 0; 4482 break; 4483 } 4484 4485 switch (spidx0->dst.sa.sa_family) { 4486 case AF_INET: 4487 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4488 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4489 return 0; 4490 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4491 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4492 return 0; 4493 break; 4494 case AF_INET6: 4495 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4496 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4497 return 0; 4498 /* 4499 * scope_id check. if sin6_scope_id is 0, we regard it 4500 * as a wildcard scope, which matches any scope zone ID. 4501 */ 4502 if (spidx0->dst.sin6.sin6_scope_id && 4503 spidx1->dst.sin6.sin6_scope_id && 4504 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4505 return 0; 4506 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4507 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4508 return 0; 4509 break; 4510 default: 4511 /* XXX */ 4512 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4513 return 0; 4514 break; 4515 } 4516 4517 /* XXX Do we check other field ? e.g. flowinfo */ 4518 4519 return 1; 4520 } 4521 4522 #ifdef satosin 4523 #undef satosin 4524 #endif 4525 #define satosin(s) ((const struct sockaddr_in *)s) 4526 #ifdef satosin6 4527 #undef satosin6 4528 #endif 4529 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4530 /* returns 0 on match */ 4531 int 4532 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4533 int port) 4534 { 4535 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4536 return 1; 4537 4538 switch (sa1->sa_family) { 4539 #ifdef INET 4540 case AF_INET: 4541 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4542 return 1; 4543 if (satosin(sa1)->sin_addr.s_addr != 4544 satosin(sa2)->sin_addr.s_addr) { 4545 return 1; 4546 } 4547 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4548 return 1; 4549 break; 4550 #endif 4551 #ifdef INET6 4552 case AF_INET6: 4553 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4554 return 1; /*EINVAL*/ 4555 if (satosin6(sa1)->sin6_scope_id != 4556 satosin6(sa2)->sin6_scope_id) { 4557 return 1; 4558 } 4559 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4560 &satosin6(sa2)->sin6_addr)) { 4561 return 1; 4562 } 4563 if (port && 4564 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4565 return 1; 4566 } 4567 break; 4568 #endif 4569 default: 4570 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4571 return 1; 4572 break; 4573 } 4574 4575 return 0; 4576 } 4577 4578 /* returns 0 on match */ 4579 int 4580 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4581 const struct sockaddr *sa2, size_t mask) 4582 { 4583 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4584 return (1); 4585 4586 switch (sa1->sa_family) { 4587 #ifdef INET 4588 case AF_INET: 4589 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4590 &satosin(sa2)->sin_addr, mask)); 4591 #endif 4592 #ifdef INET6 4593 case AF_INET6: 4594 if (satosin6(sa1)->sin6_scope_id != 4595 satosin6(sa2)->sin6_scope_id) 4596 return (1); 4597 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4598 &satosin6(sa2)->sin6_addr, mask)); 4599 #endif 4600 } 4601 return (1); 4602 } 4603 #undef satosin 4604 #undef satosin6 4605 4606 /* 4607 * compare two buffers with mask. 4608 * IN: 4609 * addr1: source 4610 * addr2: object 4611 * bits: Number of bits to compare 4612 * OUT: 4613 * 1 : equal 4614 * 0 : not equal 4615 */ 4616 static int 4617 key_bbcmp(const void *a1, const void *a2, u_int bits) 4618 { 4619 const unsigned char *p1 = a1; 4620 const unsigned char *p2 = a2; 4621 4622 /* XXX: This could be considerably faster if we compare a word 4623 * at a time, but it is complicated on LSB Endian machines */ 4624 4625 /* Handle null pointers */ 4626 if (p1 == NULL || p2 == NULL) 4627 return (p1 == p2); 4628 4629 while (bits >= 8) { 4630 if (*p1++ != *p2++) 4631 return 0; 4632 bits -= 8; 4633 } 4634 4635 if (bits > 0) { 4636 u_int8_t mask = ~((1<<(8-bits))-1); 4637 if ((*p1 & mask) != (*p2 & mask)) 4638 return 0; 4639 } 4640 return 1; /* Match! */ 4641 } 4642 4643 static void 4644 key_flush_spd(time_t now) 4645 { 4646 SPTREE_RLOCK_TRACKER; 4647 struct secpolicy_list drainq; 4648 struct secpolicy *sp, *nextsp; 4649 u_int dir; 4650 4651 LIST_INIT(&drainq); 4652 SPTREE_RLOCK(); 4653 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4654 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4655 if (sp->lifetime == 0 && sp->validtime == 0) 4656 continue; 4657 if ((sp->lifetime && 4658 now - sp->created > sp->lifetime) || 4659 (sp->validtime && 4660 now - sp->lastused > sp->validtime)) { 4661 /* Hold extra reference to send SPDEXPIRE */ 4662 SP_ADDREF(sp); 4663 LIST_INSERT_HEAD(&drainq, sp, drainq); 4664 } 4665 } 4666 } 4667 SPTREE_RUNLOCK(); 4668 if (LIST_EMPTY(&drainq)) 4669 return; 4670 4671 SPTREE_WLOCK(); 4672 sp = LIST_FIRST(&drainq); 4673 while (sp != NULL) { 4674 nextsp = LIST_NEXT(sp, drainq); 4675 /* Check that SP is still linked */ 4676 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4677 LIST_REMOVE(sp, drainq); 4678 key_freesp(&sp); /* release extra reference */ 4679 sp = nextsp; 4680 continue; 4681 } 4682 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4683 V_spd_size--; 4684 LIST_REMOVE(sp, idhash); 4685 sp->state = IPSEC_SPSTATE_DEAD; 4686 ipsec_accel_spddel(sp); 4687 sp = nextsp; 4688 } 4689 V_sp_genid++; 4690 SPTREE_WUNLOCK(); 4691 if (SPDCACHE_ENABLED()) 4692 spdcache_clear(); 4693 4694 sp = LIST_FIRST(&drainq); 4695 while (sp != NULL) { 4696 nextsp = LIST_NEXT(sp, drainq); 4697 key_spdexpire(sp); 4698 key_freesp(&sp); /* release extra reference */ 4699 key_freesp(&sp); /* release last reference */ 4700 sp = nextsp; 4701 } 4702 } 4703 4704 static void 4705 key_flush_sad(time_t now) 4706 { 4707 SAHTREE_RLOCK_TRACKER; 4708 struct secashead_list emptyq; 4709 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4710 struct secashead *sah, *nextsah; 4711 struct secasvar *sav, *nextsav; 4712 4713 SECASVAR_RLOCK_TRACKER; 4714 4715 LIST_INIT(&drainq); 4716 LIST_INIT(&hexpireq); 4717 LIST_INIT(&sexpireq); 4718 LIST_INIT(&emptyq); 4719 4720 SAHTREE_RLOCK(); 4721 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4722 /* Check for empty SAH */ 4723 if (TAILQ_EMPTY(&sah->savtree_larval) && 4724 TAILQ_EMPTY(&sah->savtree_alive)) { 4725 SAH_ADDREF(sah); 4726 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4727 continue; 4728 } 4729 /* Add all stale LARVAL SAs into drainq */ 4730 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4731 if (now - sav->created < V_key_larval_lifetime) 4732 continue; 4733 SAV_ADDREF(sav); 4734 LIST_INSERT_HEAD(&drainq, sav, drainq); 4735 } 4736 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4737 /* lifetimes aren't specified */ 4738 if (sav->lft_h == NULL) 4739 continue; 4740 SECASVAR_RLOCK(sav); 4741 /* 4742 * Check again with lock held, because it may 4743 * be updated by SADB_UPDATE. 4744 */ 4745 if (sav->lft_h == NULL) { 4746 SECASVAR_RUNLOCK(sav); 4747 continue; 4748 } 4749 /* 4750 * RFC 2367: 4751 * HARD lifetimes MUST take precedence over SOFT 4752 * lifetimes, meaning if the HARD and SOFT lifetimes 4753 * are the same, the HARD lifetime will appear on the 4754 * EXPIRE message. 4755 */ 4756 /* check HARD lifetime */ 4757 if ((sav->lft_h->addtime != 0 && 4758 now - sav->created > sav->lft_h->addtime) || 4759 (sav->lft_h->usetime != 0 && sav->firstused && 4760 now - sav->firstused > sav->lft_h->usetime) || 4761 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4762 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4763 SECASVAR_RUNLOCK(sav); 4764 SAV_ADDREF(sav); 4765 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4766 continue; 4767 } 4768 /* check SOFT lifetime (only for MATURE SAs) */ 4769 if (sav->state == SADB_SASTATE_MATURE && ( 4770 (sav->lft_s->addtime != 0 && 4771 now - sav->created > sav->lft_s->addtime) || 4772 (sav->lft_s->usetime != 0 && sav->firstused && 4773 now - sav->firstused > sav->lft_s->usetime) || 4774 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4775 sav->lft_c_bytes) > sav->lft_s->bytes) || 4776 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4777 (sav->replay != NULL) && ( 4778 (sav->replay->count > UINT32_80PCT) || 4779 (sav->replay->last > UINT32_80PCT))))) { 4780 SECASVAR_RUNLOCK(sav); 4781 SAV_ADDREF(sav); 4782 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4783 continue; 4784 } 4785 SECASVAR_RUNLOCK(sav); 4786 } 4787 } 4788 SAHTREE_RUNLOCK(); 4789 4790 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4791 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4792 return; 4793 4794 LIST_INIT(&freeq); 4795 SAHTREE_WLOCK(); 4796 /* Unlink stale LARVAL SAs */ 4797 sav = LIST_FIRST(&drainq); 4798 while (sav != NULL) { 4799 nextsav = LIST_NEXT(sav, drainq); 4800 /* Check that SA is still LARVAL */ 4801 if (sav->state != SADB_SASTATE_LARVAL) { 4802 LIST_REMOVE(sav, drainq); 4803 LIST_INSERT_HEAD(&freeq, sav, drainq); 4804 sav = nextsav; 4805 continue; 4806 } 4807 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4808 LIST_REMOVE(sav, spihash); 4809 sav->state = SADB_SASTATE_DEAD; 4810 ipsec_accel_forget_sav(sav); 4811 sav = nextsav; 4812 } 4813 /* Unlink all SAs with expired HARD lifetime */ 4814 sav = LIST_FIRST(&hexpireq); 4815 while (sav != NULL) { 4816 nextsav = LIST_NEXT(sav, drainq); 4817 /* Check that SA is not unlinked */ 4818 if (sav->state == SADB_SASTATE_DEAD) { 4819 LIST_REMOVE(sav, drainq); 4820 LIST_INSERT_HEAD(&freeq, sav, drainq); 4821 sav = nextsav; 4822 continue; 4823 } 4824 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4825 LIST_REMOVE(sav, spihash); 4826 sav->state = SADB_SASTATE_DEAD; 4827 ipsec_accel_forget_sav(sav); 4828 sav = nextsav; 4829 } 4830 /* Mark all SAs with expired SOFT lifetime as DYING */ 4831 sav = LIST_FIRST(&sexpireq); 4832 while (sav != NULL) { 4833 nextsav = LIST_NEXT(sav, drainq); 4834 /* Check that SA is not unlinked */ 4835 if (sav->state == SADB_SASTATE_DEAD) { 4836 LIST_REMOVE(sav, drainq); 4837 LIST_INSERT_HEAD(&freeq, sav, drainq); 4838 sav = nextsav; 4839 continue; 4840 } 4841 /* 4842 * NOTE: this doesn't change SA order in the chain. 4843 */ 4844 sav->state = SADB_SASTATE_DYING; 4845 sav = nextsav; 4846 } 4847 /* Unlink empty SAHs */ 4848 sah = LIST_FIRST(&emptyq); 4849 while (sah != NULL) { 4850 nextsah = LIST_NEXT(sah, drainq); 4851 /* Check that SAH is still empty and not unlinked */ 4852 if (sah->state == SADB_SASTATE_DEAD || 4853 !TAILQ_EMPTY(&sah->savtree_larval) || 4854 !TAILQ_EMPTY(&sah->savtree_alive)) { 4855 LIST_REMOVE(sah, drainq); 4856 key_freesah(&sah); /* release extra reference */ 4857 sah = nextsah; 4858 continue; 4859 } 4860 TAILQ_REMOVE(&V_sahtree, sah, chain); 4861 LIST_REMOVE(sah, addrhash); 4862 sah->state = SADB_SASTATE_DEAD; 4863 sah = nextsah; 4864 } 4865 SAHTREE_WUNLOCK(); 4866 4867 /* Send SPDEXPIRE messages */ 4868 sav = LIST_FIRST(&hexpireq); 4869 while (sav != NULL) { 4870 nextsav = LIST_NEXT(sav, drainq); 4871 key_expire(sav, 1); 4872 key_freesah(&sav->sah); /* release reference from SAV */ 4873 key_freesav(&sav); /* release extra reference */ 4874 key_freesav(&sav); /* release last reference */ 4875 sav = nextsav; 4876 } 4877 sav = LIST_FIRST(&sexpireq); 4878 while (sav != NULL) { 4879 nextsav = LIST_NEXT(sav, drainq); 4880 key_expire(sav, 0); 4881 key_freesav(&sav); /* release extra reference */ 4882 sav = nextsav; 4883 } 4884 /* Free stale LARVAL SAs */ 4885 sav = LIST_FIRST(&drainq); 4886 while (sav != NULL) { 4887 nextsav = LIST_NEXT(sav, drainq); 4888 key_freesah(&sav->sah); /* release reference from SAV */ 4889 key_freesav(&sav); /* release extra reference */ 4890 key_freesav(&sav); /* release last reference */ 4891 sav = nextsav; 4892 } 4893 /* Free SAs that were unlinked/changed by someone else */ 4894 sav = LIST_FIRST(&freeq); 4895 while (sav != NULL) { 4896 nextsav = LIST_NEXT(sav, drainq); 4897 key_freesav(&sav); /* release extra reference */ 4898 sav = nextsav; 4899 } 4900 /* Free empty SAH */ 4901 sah = LIST_FIRST(&emptyq); 4902 while (sah != NULL) { 4903 nextsah = LIST_NEXT(sah, drainq); 4904 key_freesah(&sah); /* release extra reference */ 4905 key_freesah(&sah); /* release last reference */ 4906 sah = nextsah; 4907 } 4908 } 4909 4910 static void 4911 key_flush_acq(time_t now) 4912 { 4913 struct secacq *acq, *nextacq; 4914 4915 /* ACQ tree */ 4916 ACQ_LOCK(); 4917 acq = LIST_FIRST(&V_acqtree); 4918 while (acq != NULL) { 4919 nextacq = LIST_NEXT(acq, chain); 4920 if (now - acq->created > V_key_blockacq_lifetime) { 4921 LIST_REMOVE(acq, chain); 4922 LIST_REMOVE(acq, addrhash); 4923 LIST_REMOVE(acq, seqhash); 4924 free(acq, M_IPSEC_SAQ); 4925 } 4926 acq = nextacq; 4927 } 4928 ACQ_UNLOCK(); 4929 } 4930 4931 static void 4932 key_flush_spacq(time_t now) 4933 { 4934 struct secspacq *acq, *nextacq; 4935 4936 /* SP ACQ tree */ 4937 SPACQ_LOCK(); 4938 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4939 nextacq = LIST_NEXT(acq, chain); 4940 if (now - acq->created > V_key_blockacq_lifetime 4941 && __LIST_CHAINED(acq)) { 4942 LIST_REMOVE(acq, chain); 4943 free(acq, M_IPSEC_SAQ); 4944 } 4945 } 4946 SPACQ_UNLOCK(); 4947 } 4948 4949 /* 4950 * time handler. 4951 * scanning SPD and SAD to check status for each entries, 4952 * and do to remove or to expire. 4953 * XXX: year 2038 problem may remain. 4954 */ 4955 static void 4956 key_timehandler(void *arg) 4957 { 4958 VNET_ITERATOR_DECL(vnet_iter); 4959 time_t now = time_second; 4960 4961 VNET_LIST_RLOCK_NOSLEEP(); 4962 VNET_FOREACH(vnet_iter) { 4963 CURVNET_SET(vnet_iter); 4964 key_flush_spd(now); 4965 key_flush_sad(now); 4966 key_flush_acq(now); 4967 key_flush_spacq(now); 4968 CURVNET_RESTORE(); 4969 } 4970 VNET_LIST_RUNLOCK_NOSLEEP(); 4971 4972 #ifndef IPSEC_DEBUG2 4973 /* do exchange to tick time !! */ 4974 callout_schedule(&key_timer, hz); 4975 #endif /* IPSEC_DEBUG2 */ 4976 } 4977 4978 u_long 4979 key_random(void) 4980 { 4981 u_long value; 4982 4983 arc4random_buf(&value, sizeof(value)); 4984 return value; 4985 } 4986 4987 /* 4988 * map SADB_SATYPE_* to IPPROTO_*. 4989 * if satype == SADB_SATYPE then satype is mapped to ~0. 4990 * OUT: 4991 * 0: invalid satype. 4992 */ 4993 static uint8_t 4994 key_satype2proto(uint8_t satype) 4995 { 4996 switch (satype) { 4997 case SADB_SATYPE_UNSPEC: 4998 return IPSEC_PROTO_ANY; 4999 case SADB_SATYPE_AH: 5000 return IPPROTO_AH; 5001 case SADB_SATYPE_ESP: 5002 return IPPROTO_ESP; 5003 case SADB_X_SATYPE_IPCOMP: 5004 return IPPROTO_IPCOMP; 5005 case SADB_X_SATYPE_TCPSIGNATURE: 5006 return IPPROTO_TCP; 5007 default: 5008 return 0; 5009 } 5010 /* NOTREACHED */ 5011 } 5012 5013 /* 5014 * map IPPROTO_* to SADB_SATYPE_* 5015 * OUT: 5016 * 0: invalid protocol type. 5017 */ 5018 static uint8_t 5019 key_proto2satype(uint8_t proto) 5020 { 5021 switch (proto) { 5022 case IPPROTO_AH: 5023 return SADB_SATYPE_AH; 5024 case IPPROTO_ESP: 5025 return SADB_SATYPE_ESP; 5026 case IPPROTO_IPCOMP: 5027 return SADB_X_SATYPE_IPCOMP; 5028 case IPPROTO_TCP: 5029 return SADB_X_SATYPE_TCPSIGNATURE; 5030 default: 5031 return 0; 5032 } 5033 /* NOTREACHED */ 5034 } 5035 5036 /* %%% PF_KEY */ 5037 /* 5038 * SADB_GETSPI processing is to receive 5039 * <base, (SA2), src address, dst address, (SPI range)> 5040 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 5041 * tree with the status of LARVAL, and send 5042 * <base, SA(*), address(SD)> 5043 * to the IKMPd. 5044 * 5045 * IN: mhp: pointer to the pointer to each header. 5046 * OUT: NULL if fail. 5047 * other if success, return pointer to the message to send. 5048 */ 5049 static int 5050 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5051 { 5052 struct secasindex saidx; 5053 struct sadb_address *src0, *dst0; 5054 struct secasvar *sav; 5055 uint32_t reqid, spi; 5056 int error; 5057 uint8_t mode, proto; 5058 5059 IPSEC_ASSERT(so != NULL, ("null socket")); 5060 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5061 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5062 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5063 5064 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5065 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 5066 #ifdef PFKEY_STRICT_CHECKS 5067 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 5068 #endif 5069 ) { 5070 ipseclog((LOG_DEBUG, 5071 "%s: invalid message: missing required header.\n", 5072 __func__)); 5073 error = EINVAL; 5074 goto fail; 5075 } 5076 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5077 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 5078 #ifdef PFKEY_STRICT_CHECKS 5079 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 5080 #endif 5081 ) { 5082 ipseclog((LOG_DEBUG, 5083 "%s: invalid message: wrong header size.\n", __func__)); 5084 error = EINVAL; 5085 goto fail; 5086 } 5087 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5088 mode = IPSEC_MODE_ANY; 5089 reqid = 0; 5090 } else { 5091 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5092 ipseclog((LOG_DEBUG, 5093 "%s: invalid message: wrong header size.\n", 5094 __func__)); 5095 error = EINVAL; 5096 goto fail; 5097 } 5098 mode = ((struct sadb_x_sa2 *) 5099 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5100 reqid = ((struct sadb_x_sa2 *) 5101 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5102 } 5103 5104 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5105 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5106 5107 /* map satype to proto */ 5108 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5109 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5110 __func__)); 5111 error = EINVAL; 5112 goto fail; 5113 } 5114 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5115 (struct sockaddr *)(dst0 + 1)); 5116 if (error != 0) { 5117 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5118 error = EINVAL; 5119 goto fail; 5120 } 5121 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5122 5123 /* SPI allocation */ 5124 SPI_ALLOC_LOCK(); 5125 spi = key_do_getnewspi( 5126 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 5127 if (spi == 0) { 5128 /* 5129 * Requested SPI or SPI range is not available or 5130 * already used. 5131 */ 5132 SPI_ALLOC_UNLOCK(); 5133 error = EEXIST; 5134 goto fail; 5135 } 5136 sav = key_newsav(mhp, &saidx, spi, &error); 5137 SPI_ALLOC_UNLOCK(); 5138 if (sav == NULL) 5139 goto fail; 5140 5141 if (sav->seq != 0) { 5142 /* 5143 * RFC2367: 5144 * If the SADB_GETSPI message is in response to a 5145 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 5146 * MUST be the same as the SADB_ACQUIRE message. 5147 * 5148 * XXXAE: However it doesn't definethe behaviour how to 5149 * check this and what to do if it doesn't match. 5150 * Also what we should do if it matches? 5151 * 5152 * We can compare saidx used in SADB_ACQUIRE with saidx 5153 * used in SADB_GETSPI, but this probably can break 5154 * existing software. For now just warn if it doesn't match. 5155 * 5156 * XXXAE: anyway it looks useless. 5157 */ 5158 key_acqdone(&saidx, sav->seq); 5159 } 5160 KEYDBG(KEY_STAMP, 5161 printf("%s: SA(%p)\n", __func__, sav)); 5162 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5163 5164 { 5165 struct mbuf *n, *nn; 5166 struct sadb_sa *m_sa; 5167 struct sadb_msg *newmsg; 5168 int off, len; 5169 5170 /* create new sadb_msg to reply. */ 5171 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 5172 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5173 5174 n = key_mget(len); 5175 if (n == NULL) { 5176 error = ENOBUFS; 5177 goto fail; 5178 } 5179 5180 n->m_len = len; 5181 n->m_next = NULL; 5182 off = 0; 5183 5184 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 5185 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5186 5187 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 5188 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5189 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5190 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 5191 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5192 5193 IPSEC_ASSERT(off == len, 5194 ("length inconsistency (off %u len %u)", off, len)); 5195 5196 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5197 SADB_EXT_ADDRESS_DST); 5198 if (!n->m_next) { 5199 m_freem(n); 5200 error = ENOBUFS; 5201 goto fail; 5202 } 5203 5204 if (n->m_len < sizeof(struct sadb_msg)) { 5205 n = m_pullup(n, sizeof(struct sadb_msg)); 5206 if (n == NULL) 5207 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5208 } 5209 5210 n->m_pkthdr.len = 0; 5211 for (nn = n; nn; nn = nn->m_next) 5212 n->m_pkthdr.len += nn->m_len; 5213 5214 newmsg = mtod(n, struct sadb_msg *); 5215 newmsg->sadb_msg_seq = sav->seq; 5216 newmsg->sadb_msg_errno = 0; 5217 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5218 5219 m_freem(m); 5220 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5221 } 5222 5223 fail: 5224 return (key_senderror(so, m, error)); 5225 } 5226 5227 /* 5228 * allocating new SPI 5229 * called by key_getspi(). 5230 * OUT: 5231 * 0: failure. 5232 * others: success, SPI in network byte order. 5233 */ 5234 static uint32_t 5235 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5236 { 5237 uint32_t min, max, newspi, t; 5238 int tries, limit; 5239 5240 SPI_ALLOC_LOCK_ASSERT(); 5241 5242 /* set spi range to allocate */ 5243 if (spirange != NULL) { 5244 min = spirange->sadb_spirange_min; 5245 max = spirange->sadb_spirange_max; 5246 } else { 5247 min = V_key_spi_minval; 5248 max = V_key_spi_maxval; 5249 } 5250 /* IPCOMP needs 2-byte SPI */ 5251 if (saidx->proto == IPPROTO_IPCOMP) { 5252 if (min >= 0x10000) 5253 min = 0xffff; 5254 if (max >= 0x10000) 5255 max = 0xffff; 5256 if (min > max) { 5257 t = min; min = max; max = t; 5258 } 5259 } 5260 5261 if (min == max) { 5262 if (key_checkspidup(htonl(min))) { 5263 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5264 __func__, min)); 5265 return 0; 5266 } 5267 5268 tries = 1; 5269 newspi = min; 5270 } else { 5271 /* init SPI */ 5272 newspi = 0; 5273 5274 limit = atomic_load_int(&V_key_spi_trycnt); 5275 /* when requesting to allocate spi ranged */ 5276 for (tries = 0; tries < limit; tries++) { 5277 /* generate pseudo-random SPI value ranged. */ 5278 newspi = min + (key_random() % (max - min + 1)); 5279 if (!key_checkspidup(htonl(newspi))) 5280 break; 5281 } 5282 5283 if (tries == limit || newspi == 0) { 5284 ipseclog((LOG_DEBUG, 5285 "%s: failed to allocate SPI.\n", __func__)); 5286 return 0; 5287 } 5288 } 5289 5290 /* statistics */ 5291 keystat.getspi_count = 5292 (keystat.getspi_count + tries) / 2; 5293 5294 return (htonl(newspi)); 5295 } 5296 5297 /* 5298 * Find TCP-MD5 SA with corresponding secasindex. 5299 * If not found, return NULL and fill SPI with usable value if needed. 5300 */ 5301 static struct secasvar * 5302 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5303 { 5304 SAHTREE_RLOCK_TRACKER; 5305 struct secashead *sah; 5306 struct secasvar *sav; 5307 5308 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5309 SAHTREE_RLOCK(); 5310 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5311 if (sah->saidx.proto != IPPROTO_TCP) 5312 continue; 5313 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5314 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5315 break; 5316 } 5317 if (sah != NULL) { 5318 if (V_key_preferred_oldsa) 5319 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5320 else 5321 sav = TAILQ_FIRST(&sah->savtree_alive); 5322 if (sav != NULL) { 5323 SAV_ADDREF(sav); 5324 SAHTREE_RUNLOCK(); 5325 return (sav); 5326 } 5327 } 5328 if (spi == NULL) { 5329 /* No SPI required */ 5330 SAHTREE_RUNLOCK(); 5331 return (NULL); 5332 } 5333 /* Check that SPI is unique */ 5334 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5335 if (sav->spi == *spi) 5336 break; 5337 } 5338 if (sav == NULL) { 5339 SAHTREE_RUNLOCK(); 5340 /* SPI is already unique */ 5341 return (NULL); 5342 } 5343 SAHTREE_RUNLOCK(); 5344 /* XXX: not optimal */ 5345 *spi = key_do_getnewspi(NULL, saidx); 5346 return (NULL); 5347 } 5348 5349 static int 5350 key_updateaddresses(struct socket *so, struct mbuf *m, 5351 const struct sadb_msghdr *mhp, struct secasvar *sav, 5352 struct secasindex *saidx) 5353 { 5354 struct sockaddr *newaddr; 5355 struct secashead *sah; 5356 struct secasvar *newsav, *tmp; 5357 struct mbuf *n; 5358 int error, isnew; 5359 5360 /* Check that we need to change SAH */ 5361 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5362 newaddr = (struct sockaddr *)( 5363 ((struct sadb_address *) 5364 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5365 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5366 key_porttosaddr(&saidx->src.sa, 0); 5367 } 5368 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5369 newaddr = (struct sockaddr *)( 5370 ((struct sadb_address *) 5371 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5372 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5373 key_porttosaddr(&saidx->dst.sa, 0); 5374 } 5375 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5376 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5377 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5378 if (error != 0) { 5379 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5380 __func__)); 5381 return (error); 5382 } 5383 5384 sah = key_getsah(saidx); 5385 if (sah == NULL) { 5386 /* create a new SA index */ 5387 sah = key_newsah(saidx); 5388 if (sah == NULL) { 5389 ipseclog((LOG_DEBUG, 5390 "%s: No more memory.\n", __func__)); 5391 return (ENOBUFS); 5392 } 5393 isnew = 2; /* SAH is new */ 5394 } else 5395 isnew = 1; /* existing SAH is referenced */ 5396 } else { 5397 /* 5398 * src and dst addresses are still the same. 5399 * Do we want to change NAT-T config? 5400 */ 5401 if (sav->sah->saidx.proto != IPPROTO_ESP || 5402 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5403 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5404 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5405 ipseclog((LOG_DEBUG, 5406 "%s: invalid message: missing required header.\n", 5407 __func__)); 5408 return (EINVAL); 5409 } 5410 /* We hold reference to SA, thus SAH will be referenced too. */ 5411 sah = sav->sah; 5412 isnew = 0; 5413 } 5414 5415 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5416 M_NOWAIT | M_ZERO); 5417 if (newsav == NULL) { 5418 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5419 error = ENOBUFS; 5420 goto fail; 5421 } 5422 5423 /* Clone SA's content into newsav */ 5424 SAV_INITREF(newsav); 5425 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5426 #ifdef IPSEC_OFFLOAD 5427 CK_LIST_INIT(&newsav->accel_ifps); 5428 newsav->accel_forget_tq = 0; 5429 newsav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone, 5430 M_NOWAIT | M_ZERO); 5431 if (newsav->accel_lft_sw == NULL) { 5432 error = ENOBUFS; 5433 goto fail; 5434 } 5435 if (sav->accel_ifname != NULL) { 5436 struct sadb_x_if_hw_offl xof; 5437 5438 newsav->accel_ifname = malloc(sizeof(xof.sadb_x_if_hw_offl_if), 5439 M_IPSEC_MISC, M_NOWAIT); 5440 if (newsav->accel_ifname == NULL) { 5441 error = ENOBUFS; 5442 goto fail; 5443 } 5444 strncpy(__DECONST(char *, sav->accel_ifname), 5445 newsav->accel_ifname, 5446 sizeof(xof.sadb_x_if_hw_offl_if)); 5447 } 5448 #endif 5449 5450 /* 5451 * We create new NAT-T config if it is needed. 5452 * Old NAT-T config will be freed by key_cleansav() when 5453 * last reference to SA will be released. 5454 */ 5455 newsav->natt = NULL; 5456 newsav->sah = sah; 5457 newsav->state = SADB_SASTATE_MATURE; 5458 error = key_setnatt(newsav, mhp); 5459 if (error != 0) 5460 goto fail; 5461 5462 SAHTREE_WLOCK(); 5463 /* Check that SA is still alive */ 5464 if (sav->state == SADB_SASTATE_DEAD) { 5465 /* SA was unlinked */ 5466 SAHTREE_WUNLOCK(); 5467 error = ESRCH; 5468 goto fail; 5469 } 5470 5471 /* Unlink SA from SAH and SPI hash */ 5472 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5473 ("SA is already cloned")); 5474 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5475 sav->state == SADB_SASTATE_DYING, 5476 ("Wrong SA state %u\n", sav->state)); 5477 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5478 LIST_REMOVE(sav, spihash); 5479 sav->state = SADB_SASTATE_DEAD; 5480 ipsec_accel_forget_sav(sav); 5481 5482 /* 5483 * Link new SA with SAH. Keep SAs ordered by 5484 * create time (newer are first). 5485 */ 5486 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5487 if (newsav->created > tmp->created) { 5488 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5489 break; 5490 } 5491 } 5492 if (tmp == NULL) 5493 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5494 5495 /* Add new SA into SPI hash. */ 5496 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5497 5498 /* Add new SAH into SADB. */ 5499 if (isnew == 2) { 5500 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5501 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5502 sah->state = SADB_SASTATE_MATURE; 5503 SAH_ADDREF(sah); /* newsav references new SAH */ 5504 } 5505 /* 5506 * isnew == 1 -> @sah was referenced by key_getsah(). 5507 * isnew == 0 -> we use the same @sah, that was used by @sav, 5508 * and we use its reference for @newsav. 5509 */ 5510 SECASVAR_WLOCK(sav); 5511 /* XXX: replace cntr with pointer? */ 5512 newsav->cntr = sav->cntr; 5513 sav->flags |= SADB_X_EXT_F_CLONED; 5514 SECASVAR_WUNLOCK(sav); 5515 5516 SAHTREE_WUNLOCK(); 5517 5518 KEYDBG(KEY_STAMP, 5519 printf("%s: SA(%p) cloned into SA(%p)\n", 5520 __func__, sav, newsav)); 5521 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5522 5523 key_freesav(&sav); /* release last reference */ 5524 5525 /* set msg buf from mhp */ 5526 n = key_getmsgbuf_x1(m, mhp); 5527 if (n == NULL) { 5528 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5529 return (ENOBUFS); 5530 } 5531 m_freem(m); 5532 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5533 return (0); 5534 fail: 5535 if (isnew != 0) 5536 key_freesah(&sah); 5537 if (newsav != NULL) { 5538 #ifdef IPSEC_OFFLOAD 5539 uma_zfree_pcpu(ipsec_key_lft_zone, newsav->accel_lft_sw); 5540 free(__DECONST(char *, newsav->accel_ifname), M_IPSEC_MISC); 5541 #endif 5542 if (newsav->natt != NULL) 5543 free(newsav->natt, M_IPSEC_MISC); 5544 free(newsav, M_IPSEC_SA); 5545 } 5546 return (error); 5547 } 5548 5549 /* 5550 * SADB_UPDATE processing 5551 * receive 5552 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5553 * key(AE), (identity(SD),) (sensitivity)> 5554 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5555 * and send 5556 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5557 * (identity(SD),) (sensitivity)> 5558 * to the ikmpd. 5559 * 5560 * m will always be freed. 5561 */ 5562 static int 5563 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5564 { 5565 struct secasindex saidx; 5566 struct sadb_address *src0, *dst0; 5567 struct sadb_sa *sa0; 5568 struct secasvar *sav; 5569 uint32_t reqid; 5570 int error; 5571 uint8_t mode, proto; 5572 5573 IPSEC_ASSERT(so != NULL, ("null socket")); 5574 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5575 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5576 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5577 5578 /* map satype to proto */ 5579 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5580 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5581 __func__)); 5582 return key_senderror(so, m, EINVAL); 5583 } 5584 5585 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5586 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5587 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5588 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5589 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5590 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5591 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5592 ipseclog((LOG_DEBUG, 5593 "%s: invalid message: missing required header.\n", 5594 __func__)); 5595 return key_senderror(so, m, EINVAL); 5596 } 5597 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5598 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5599 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5600 ipseclog((LOG_DEBUG, 5601 "%s: invalid message: wrong header size.\n", __func__)); 5602 return key_senderror(so, m, EINVAL); 5603 } 5604 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5605 mode = IPSEC_MODE_ANY; 5606 reqid = 0; 5607 } else { 5608 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5609 ipseclog((LOG_DEBUG, 5610 "%s: invalid message: wrong header size.\n", 5611 __func__)); 5612 return key_senderror(so, m, EINVAL); 5613 } 5614 mode = ((struct sadb_x_sa2 *) 5615 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5616 reqid = ((struct sadb_x_sa2 *) 5617 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5618 } 5619 5620 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5621 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5622 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5623 5624 /* 5625 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5626 * SADB_UPDATE message. 5627 */ 5628 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5629 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5630 #ifdef PFKEY_STRICT_CHECKS 5631 return key_senderror(so, m, EINVAL); 5632 #endif 5633 } 5634 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5635 (struct sockaddr *)(dst0 + 1)); 5636 if (error != 0) { 5637 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5638 return key_senderror(so, m, error); 5639 } 5640 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5641 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5642 if (sav == NULL) { 5643 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5644 __func__, ntohl(sa0->sadb_sa_spi))); 5645 return key_senderror(so, m, EINVAL); 5646 } 5647 /* 5648 * Check that SADB_UPDATE issued by the same process that did 5649 * SADB_GETSPI or SADB_ADD. 5650 */ 5651 if (sav->pid != mhp->msg->sadb_msg_pid) { 5652 ipseclog((LOG_DEBUG, 5653 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5654 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5655 key_freesav(&sav); 5656 return key_senderror(so, m, EINVAL); 5657 } 5658 /* saidx should match with SA. */ 5659 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5660 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5661 __func__, ntohl(sav->spi))); 5662 key_freesav(&sav); 5663 return key_senderror(so, m, ESRCH); 5664 } 5665 5666 if (sav->state == SADB_SASTATE_LARVAL) { 5667 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5668 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5669 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5670 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5671 ipseclog((LOG_DEBUG, 5672 "%s: invalid message: missing required header.\n", 5673 __func__)); 5674 key_freesav(&sav); 5675 return key_senderror(so, m, EINVAL); 5676 } 5677 /* 5678 * We can set any values except src, dst and SPI. 5679 */ 5680 error = key_setsaval(sav, mhp); 5681 if (error != 0) { 5682 key_freesav(&sav); 5683 return (key_senderror(so, m, error)); 5684 } 5685 /* Change SA state to MATURE */ 5686 SAHTREE_WLOCK(); 5687 if (sav->state != SADB_SASTATE_LARVAL) { 5688 /* SA was deleted or another thread made it MATURE. */ 5689 SAHTREE_WUNLOCK(); 5690 key_freesav(&sav); 5691 return (key_senderror(so, m, ESRCH)); 5692 } 5693 /* 5694 * NOTE: we keep SAs in savtree_alive ordered by created 5695 * time. When SA's state changed from LARVAL to MATURE, 5696 * we update its created time in key_setsaval() and move 5697 * it into head of savtree_alive. 5698 */ 5699 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5700 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5701 sav->state = SADB_SASTATE_MATURE; 5702 SAHTREE_WUNLOCK(); 5703 } else { 5704 /* 5705 * For DYING and MATURE SA we can change only state 5706 * and lifetimes. Report EINVAL if something else attempted 5707 * to change. 5708 */ 5709 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5710 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5711 key_freesav(&sav); 5712 return (key_senderror(so, m, EINVAL)); 5713 } 5714 error = key_updatelifetimes(sav, mhp); 5715 if (error != 0) { 5716 key_freesav(&sav); 5717 return (key_senderror(so, m, error)); 5718 } 5719 /* 5720 * This is FreeBSD extension to RFC2367. 5721 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5722 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5723 * SA addresses (for example to implement MOBIKE protocol 5724 * as described in RFC4555). Also we allow to change 5725 * NAT-T config. 5726 */ 5727 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5728 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5729 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5730 sav->natt != NULL) { 5731 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5732 key_freesav(&sav); 5733 if (error != 0) 5734 return (key_senderror(so, m, error)); 5735 return (0); 5736 } 5737 /* Check that SA is still alive */ 5738 SAHTREE_WLOCK(); 5739 if (sav->state == SADB_SASTATE_DEAD) { 5740 /* SA was unlinked */ 5741 SAHTREE_WUNLOCK(); 5742 key_freesav(&sav); 5743 return (key_senderror(so, m, ESRCH)); 5744 } 5745 /* 5746 * NOTE: there is possible state moving from DYING to MATURE, 5747 * but this doesn't change created time, so we won't reorder 5748 * this SA. 5749 */ 5750 sav->state = SADB_SASTATE_MATURE; 5751 SAHTREE_WUNLOCK(); 5752 } 5753 KEYDBG(KEY_STAMP, 5754 printf("%s: SA(%p)\n", __func__, sav)); 5755 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5756 ipsec_accel_sa_newkey(sav); 5757 key_freesav(&sav); 5758 5759 { 5760 struct mbuf *n; 5761 5762 /* set msg buf from mhp */ 5763 n = key_getmsgbuf_x1(m, mhp); 5764 if (n == NULL) { 5765 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5766 return key_senderror(so, m, ENOBUFS); 5767 } 5768 5769 m_freem(m); 5770 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5771 } 5772 } 5773 5774 /* 5775 * SADB_ADD processing 5776 * add an entry to SA database, when received 5777 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5778 * key(AE), (identity(SD),) (sensitivity)> 5779 * from the ikmpd, 5780 * and send 5781 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5782 * (identity(SD),) (sensitivity)> 5783 * to the ikmpd. 5784 * 5785 * IGNORE identity and sensitivity messages. 5786 * 5787 * m will always be freed. 5788 */ 5789 static int 5790 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5791 { 5792 struct secasindex saidx; 5793 struct sadb_address *src0, *dst0; 5794 struct sadb_sa *sa0; 5795 struct secasvar *sav; 5796 uint32_t reqid, spi; 5797 uint8_t mode, proto; 5798 int error; 5799 5800 IPSEC_ASSERT(so != NULL, ("null socket")); 5801 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5802 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5803 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5804 5805 /* map satype to proto */ 5806 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5807 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5808 __func__)); 5809 return key_senderror(so, m, EINVAL); 5810 } 5811 5812 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5813 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5814 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5815 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5816 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5817 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5818 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5819 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5820 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5821 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5822 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5823 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5824 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5825 ipseclog((LOG_DEBUG, 5826 "%s: invalid message: missing required header.\n", 5827 __func__)); 5828 return key_senderror(so, m, EINVAL); 5829 } 5830 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5831 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5832 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5833 ipseclog((LOG_DEBUG, 5834 "%s: invalid message: wrong header size.\n", __func__)); 5835 return key_senderror(so, m, EINVAL); 5836 } 5837 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5838 mode = IPSEC_MODE_ANY; 5839 reqid = 0; 5840 } else { 5841 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5842 ipseclog((LOG_DEBUG, 5843 "%s: invalid message: wrong header size.\n", 5844 __func__)); 5845 return key_senderror(so, m, EINVAL); 5846 } 5847 mode = ((struct sadb_x_sa2 *) 5848 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5849 reqid = ((struct sadb_x_sa2 *) 5850 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5851 } 5852 5853 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5854 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5855 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5856 5857 /* 5858 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5859 * SADB_ADD message. 5860 */ 5861 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5862 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5863 #ifdef PFKEY_STRICT_CHECKS 5864 return key_senderror(so, m, EINVAL); 5865 #endif 5866 } 5867 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5868 (struct sockaddr *)(dst0 + 1)); 5869 if (error != 0) { 5870 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5871 return key_senderror(so, m, error); 5872 } 5873 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5874 spi = sa0->sadb_sa_spi; 5875 /* 5876 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5877 * secasindex. 5878 * XXXAE: IPComp seems also doesn't use SPI. 5879 */ 5880 SPI_ALLOC_LOCK(); 5881 if (proto == IPPROTO_TCP) { 5882 sav = key_getsav_tcpmd5(&saidx, &spi); 5883 if (sav == NULL && spi == 0) { 5884 SPI_ALLOC_UNLOCK(); 5885 /* Failed to allocate SPI */ 5886 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5887 __func__)); 5888 return key_senderror(so, m, EEXIST); 5889 } 5890 /* XXX: SPI that we report back can have another value */ 5891 } else { 5892 /* We can create new SA only if SPI is different. */ 5893 sav = key_getsavbyspi(spi); 5894 } 5895 if (sav != NULL) { 5896 SPI_ALLOC_UNLOCK(); 5897 key_freesav(&sav); 5898 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5899 return key_senderror(so, m, EEXIST); 5900 } 5901 5902 sav = key_newsav(mhp, &saidx, spi, &error); 5903 SPI_ALLOC_UNLOCK(); 5904 if (sav == NULL) 5905 return key_senderror(so, m, error); 5906 KEYDBG(KEY_STAMP, 5907 printf("%s: return SA(%p)\n", __func__, sav)); 5908 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5909 ipsec_accel_sa_newkey(sav); 5910 /* 5911 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5912 * ACQ for deletion. 5913 */ 5914 if (sav->seq != 0) 5915 key_acqdone(&saidx, sav->seq); 5916 5917 { 5918 /* 5919 * Don't call key_freesav() on error here, as we would like to 5920 * keep the SA in the database. 5921 */ 5922 struct mbuf *n; 5923 5924 /* set msg buf from mhp */ 5925 n = key_getmsgbuf_x1(m, mhp); 5926 if (n == NULL) { 5927 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5928 return key_senderror(so, m, ENOBUFS); 5929 } 5930 5931 m_freem(m); 5932 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5933 } 5934 } 5935 5936 /* 5937 * NAT-T support. 5938 * IKEd may request the use ESP in UDP encapsulation when it detects the 5939 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5940 * parameters needed for encapsulation and decapsulation. These PF_KEY 5941 * extension headers are not standardized, so this comment addresses our 5942 * implementation. 5943 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5944 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5945 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5946 * UDP header. We use these ports in UDP encapsulation procedure, also we 5947 * can check them in UDP decapsulation procedure. 5948 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5949 * responder. These addresses can be used for transport mode to adjust 5950 * checksum after decapsulation and decryption. Since original IP addresses 5951 * used by peer usually different (we detected presence of NAT), TCP/UDP 5952 * pseudo header checksum and IP header checksum was calculated using original 5953 * addresses. After decapsulation and decryption we need to adjust checksum 5954 * to have correct datagram. 5955 * 5956 * We expect presence of NAT-T extension headers only in SADB_ADD and 5957 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5958 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5959 */ 5960 static int 5961 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5962 { 5963 struct sadb_x_nat_t_port *port; 5964 struct sadb_x_nat_t_type *type; 5965 struct sadb_address *oai, *oar; 5966 struct sockaddr *sa; 5967 uint32_t addr; 5968 uint16_t cksum; 5969 int i; 5970 5971 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5972 /* 5973 * Ignore NAT-T headers if sproto isn't ESP. 5974 */ 5975 if (sav->sah->saidx.proto != IPPROTO_ESP) 5976 return (0); 5977 5978 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5979 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5980 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5981 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5982 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5983 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5984 ipseclog((LOG_DEBUG, 5985 "%s: invalid message: wrong header size.\n", 5986 __func__)); 5987 return (EINVAL); 5988 } 5989 } else 5990 return (0); 5991 5992 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5993 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5994 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5995 __func__, type->sadb_x_nat_t_type_type)); 5996 return (EINVAL); 5997 } 5998 /* 5999 * Allocate storage for NAT-T config. 6000 * On error it will be released by key_cleansav(). 6001 */ 6002 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 6003 M_NOWAIT | M_ZERO); 6004 if (sav->natt == NULL) { 6005 PFKEYSTAT_INC(in_nomem); 6006 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6007 return (ENOBUFS); 6008 } 6009 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 6010 if (port->sadb_x_nat_t_port_port == 0) { 6011 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 6012 __func__)); 6013 return (EINVAL); 6014 } 6015 sav->natt->sport = port->sadb_x_nat_t_port_port; 6016 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 6017 if (port->sadb_x_nat_t_port_port == 0) { 6018 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 6019 __func__)); 6020 return (EINVAL); 6021 } 6022 sav->natt->dport = port->sadb_x_nat_t_port_port; 6023 6024 /* 6025 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 6026 * and needed only for transport mode IPsec. 6027 * Usually NAT translates only one address, but it is possible, 6028 * that both addresses could be translated. 6029 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 6030 */ 6031 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 6032 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 6033 ipseclog((LOG_DEBUG, 6034 "%s: invalid message: wrong header size.\n", 6035 __func__)); 6036 return (EINVAL); 6037 } 6038 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 6039 } else 6040 oai = NULL; 6041 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 6042 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 6043 ipseclog((LOG_DEBUG, 6044 "%s: invalid message: wrong header size.\n", 6045 __func__)); 6046 return (EINVAL); 6047 } 6048 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 6049 } else 6050 oar = NULL; 6051 6052 /* Initialize addresses only for transport mode */ 6053 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 6054 cksum = 0; 6055 if (oai != NULL) { 6056 sa = (struct sockaddr *)(oai + 1); 6057 switch (sa->sa_family) { 6058 #ifdef AF_INET 6059 case AF_INET: 6060 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6061 ipseclog((LOG_DEBUG, 6062 "%s: wrong NAT-OAi header.\n", 6063 __func__)); 6064 return (EINVAL); 6065 } 6066 /* Ignore address if it the same */ 6067 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 6068 sav->sah->saidx.src.sin.sin_addr.s_addr) { 6069 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 6070 sav->natt->flags |= IPSEC_NATT_F_OAI; 6071 /* Calculate checksum delta */ 6072 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 6073 cksum = in_addword(cksum, ~addr >> 16); 6074 cksum = in_addword(cksum, ~addr & 0xffff); 6075 addr = sav->natt->oai.sin.sin_addr.s_addr; 6076 cksum = in_addword(cksum, addr >> 16); 6077 cksum = in_addword(cksum, addr & 0xffff); 6078 } 6079 break; 6080 #endif 6081 #ifdef AF_INET6 6082 case AF_INET6: 6083 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6084 ipseclog((LOG_DEBUG, 6085 "%s: wrong NAT-OAi header.\n", 6086 __func__)); 6087 return (EINVAL); 6088 } 6089 /* Ignore address if it the same */ 6090 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr, 6091 &sav->sah->saidx.src.sin6.sin6_addr.s6_addr, 6092 sizeof(struct in6_addr)) != 0) { 6093 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 6094 sav->natt->flags |= IPSEC_NATT_F_OAI; 6095 /* Calculate checksum delta */ 6096 for (i = 0; i < 8; i++) { 6097 cksum = in_addword(cksum, 6098 ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]); 6099 cksum = in_addword(cksum, 6100 sav->natt->oai.sin6.sin6_addr.s6_addr16[i]); 6101 } 6102 } 6103 break; 6104 #endif 6105 default: 6106 ipseclog((LOG_DEBUG, 6107 "%s: wrong NAT-OAi header.\n", 6108 __func__)); 6109 return (EINVAL); 6110 } 6111 } 6112 if (oar != NULL) { 6113 sa = (struct sockaddr *)(oar + 1); 6114 switch (sa->sa_family) { 6115 #ifdef AF_INET 6116 case AF_INET: 6117 if (sa->sa_len != sizeof(struct sockaddr_in)) { 6118 ipseclog((LOG_DEBUG, 6119 "%s: wrong NAT-OAr header.\n", 6120 __func__)); 6121 return (EINVAL); 6122 } 6123 /* Ignore address if it the same */ 6124 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 6125 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 6126 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 6127 sav->natt->flags |= IPSEC_NATT_F_OAR; 6128 /* Calculate checksum delta */ 6129 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 6130 cksum = in_addword(cksum, ~addr >> 16); 6131 cksum = in_addword(cksum, ~addr & 0xffff); 6132 addr = sav->natt->oar.sin.sin_addr.s_addr; 6133 cksum = in_addword(cksum, addr >> 16); 6134 cksum = in_addword(cksum, addr & 0xffff); 6135 } 6136 break; 6137 #endif 6138 #ifdef AF_INET6 6139 case AF_INET6: 6140 if (sa->sa_len != sizeof(struct sockaddr_in6)) { 6141 ipseclog((LOG_DEBUG, 6142 "%s: wrong NAT-OAr header.\n", 6143 __func__)); 6144 return (EINVAL); 6145 } 6146 /* Ignore address if it the same */ 6147 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr, 6148 &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) { 6149 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 6150 sav->natt->flags |= IPSEC_NATT_F_OAR; 6151 /* Calculate checksum delta */ 6152 for (i = 0; i < 8; i++) { 6153 cksum = in_addword(cksum, 6154 ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]); 6155 cksum = in_addword(cksum, 6156 sav->natt->oar.sin6.sin6_addr.s6_addr16[i]); 6157 } 6158 } 6159 break; 6160 #endif 6161 default: 6162 ipseclog((LOG_DEBUG, 6163 "%s: wrong NAT-OAr header.\n", 6164 __func__)); 6165 return (EINVAL); 6166 } 6167 } 6168 sav->natt->cksum = cksum; 6169 } 6170 return (0); 6171 } 6172 6173 static int 6174 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 6175 { 6176 const struct sadb_ident *idsrc, *iddst; 6177 6178 IPSEC_ASSERT(sah != NULL, ("null secashead")); 6179 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6180 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6181 6182 /* don't make buffer if not there */ 6183 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 6184 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 6185 sah->idents = NULL; 6186 sah->identd = NULL; 6187 return (0); 6188 } 6189 6190 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 6191 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 6192 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 6193 return (EINVAL); 6194 } 6195 6196 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 6197 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 6198 6199 /* validity check */ 6200 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 6201 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 6202 return EINVAL; 6203 } 6204 6205 switch (idsrc->sadb_ident_type) { 6206 case SADB_IDENTTYPE_PREFIX: 6207 case SADB_IDENTTYPE_FQDN: 6208 case SADB_IDENTTYPE_USERFQDN: 6209 default: 6210 /* XXX do nothing */ 6211 sah->idents = NULL; 6212 sah->identd = NULL; 6213 return 0; 6214 } 6215 6216 /* make structure */ 6217 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 6218 if (sah->idents == NULL) { 6219 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6220 return ENOBUFS; 6221 } 6222 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 6223 if (sah->identd == NULL) { 6224 free(sah->idents, M_IPSEC_MISC); 6225 sah->idents = NULL; 6226 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6227 return ENOBUFS; 6228 } 6229 sah->idents->type = idsrc->sadb_ident_type; 6230 sah->idents->id = idsrc->sadb_ident_id; 6231 6232 sah->identd->type = iddst->sadb_ident_type; 6233 sah->identd->id = iddst->sadb_ident_id; 6234 6235 return 0; 6236 } 6237 6238 /* 6239 * m will not be freed on return. 6240 * it is caller's responsibility to free the result. 6241 * 6242 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 6243 * from the request in defined order. 6244 */ 6245 static struct mbuf * 6246 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 6247 { 6248 struct mbuf *n; 6249 6250 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6251 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6252 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6253 6254 /* create new sadb_msg to reply. */ 6255 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 6256 SADB_EXT_SA, SADB_X_EXT_SA2, 6257 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 6258 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 6259 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 6260 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 6261 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 6262 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 6263 SADB_X_EXT_NEW_ADDRESS_DST); 6264 if (!n) 6265 return NULL; 6266 6267 if (n->m_len < sizeof(struct sadb_msg)) { 6268 n = m_pullup(n, sizeof(struct sadb_msg)); 6269 if (n == NULL) 6270 return NULL; 6271 } 6272 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 6273 mtod(n, struct sadb_msg *)->sadb_msg_len = 6274 PFKEY_UNIT64(n->m_pkthdr.len); 6275 6276 return n; 6277 } 6278 6279 /* 6280 * SADB_DELETE processing 6281 * receive 6282 * <base, SA(*), address(SD)> 6283 * from the ikmpd, and set SADB_SASTATE_DEAD, 6284 * and send, 6285 * <base, SA(*), address(SD)> 6286 * to the ikmpd. 6287 * 6288 * m will always be freed. 6289 */ 6290 static int 6291 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6292 { 6293 struct secasindex saidx; 6294 struct sadb_address *src0, *dst0; 6295 struct secasvar *sav; 6296 struct sadb_sa *sa0; 6297 uint8_t proto; 6298 6299 IPSEC_ASSERT(so != NULL, ("null socket")); 6300 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6301 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6302 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6303 6304 /* map satype to proto */ 6305 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6306 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6307 __func__)); 6308 return key_senderror(so, m, EINVAL); 6309 } 6310 6311 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6312 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6313 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6314 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6315 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6316 __func__)); 6317 return key_senderror(so, m, EINVAL); 6318 } 6319 6320 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6321 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6322 6323 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6324 (struct sockaddr *)(dst0 + 1)) != 0) { 6325 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6326 return (key_senderror(so, m, EINVAL)); 6327 } 6328 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6329 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6330 /* 6331 * Caller wants us to delete all non-LARVAL SAs 6332 * that match the src/dst. This is used during 6333 * IKE INITIAL-CONTACT. 6334 * XXXAE: this looks like some extension to RFC2367. 6335 */ 6336 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6337 return (key_delete_all(so, m, mhp, &saidx)); 6338 } 6339 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6340 ipseclog((LOG_DEBUG, 6341 "%s: invalid message: wrong header size.\n", __func__)); 6342 return (key_senderror(so, m, EINVAL)); 6343 } 6344 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6345 SPI_ALLOC_LOCK(); 6346 if (proto == IPPROTO_TCP) 6347 sav = key_getsav_tcpmd5(&saidx, NULL); 6348 else 6349 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6350 SPI_ALLOC_UNLOCK(); 6351 if (sav == NULL) { 6352 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6353 __func__, ntohl(sa0->sadb_sa_spi))); 6354 return (key_senderror(so, m, ESRCH)); 6355 } 6356 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6357 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6358 __func__, ntohl(sav->spi))); 6359 key_freesav(&sav); 6360 return (key_senderror(so, m, ESRCH)); 6361 } 6362 KEYDBG(KEY_STAMP, 6363 printf("%s: SA(%p)\n", __func__, sav)); 6364 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6365 key_unlinksav(sav); 6366 key_freesav(&sav); 6367 6368 { 6369 struct mbuf *n; 6370 struct sadb_msg *newmsg; 6371 6372 /* create new sadb_msg to reply. */ 6373 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6374 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6375 if (!n) 6376 return key_senderror(so, m, ENOBUFS); 6377 6378 if (n->m_len < sizeof(struct sadb_msg)) { 6379 n = m_pullup(n, sizeof(struct sadb_msg)); 6380 if (n == NULL) 6381 return key_senderror(so, m, ENOBUFS); 6382 } 6383 newmsg = mtod(n, struct sadb_msg *); 6384 newmsg->sadb_msg_errno = 0; 6385 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6386 6387 m_freem(m); 6388 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6389 } 6390 } 6391 6392 /* 6393 * delete all SAs for src/dst. Called from key_delete(). 6394 */ 6395 static int 6396 key_delete_all(struct socket *so, struct mbuf *m, 6397 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6398 { 6399 struct secasvar_queue drainq; 6400 struct secashead *sah; 6401 struct secasvar *sav, *nextsav; 6402 6403 TAILQ_INIT(&drainq); 6404 SAHTREE_WLOCK(); 6405 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6406 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6407 continue; 6408 /* Move all ALIVE SAs into drainq */ 6409 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6410 } 6411 /* Unlink all queued SAs from SPI hash */ 6412 TAILQ_FOREACH(sav, &drainq, chain) { 6413 sav->state = SADB_SASTATE_DEAD; 6414 ipsec_accel_forget_sav(sav); 6415 LIST_REMOVE(sav, spihash); 6416 } 6417 SAHTREE_WUNLOCK(); 6418 /* Now we can release reference for all SAs in drainq */ 6419 sav = TAILQ_FIRST(&drainq); 6420 while (sav != NULL) { 6421 KEYDBG(KEY_STAMP, 6422 printf("%s: SA(%p)\n", __func__, sav)); 6423 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6424 nextsav = TAILQ_NEXT(sav, chain); 6425 key_freesah(&sav->sah); /* release reference from SAV */ 6426 key_freesav(&sav); /* release last reference */ 6427 sav = nextsav; 6428 } 6429 6430 { 6431 struct mbuf *n; 6432 struct sadb_msg *newmsg; 6433 6434 /* create new sadb_msg to reply. */ 6435 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6436 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6437 if (!n) 6438 return key_senderror(so, m, ENOBUFS); 6439 6440 if (n->m_len < sizeof(struct sadb_msg)) { 6441 n = m_pullup(n, sizeof(struct sadb_msg)); 6442 if (n == NULL) 6443 return key_senderror(so, m, ENOBUFS); 6444 } 6445 newmsg = mtod(n, struct sadb_msg *); 6446 newmsg->sadb_msg_errno = 0; 6447 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6448 6449 m_freem(m); 6450 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6451 } 6452 } 6453 6454 /* 6455 * Delete all alive SAs for corresponding xform. 6456 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6457 * here when xform disappears. 6458 */ 6459 void 6460 key_delete_xform(const struct xformsw *xsp) 6461 { 6462 struct secasvar_queue drainq; 6463 struct secashead *sah; 6464 struct secasvar *sav, *nextsav; 6465 6466 TAILQ_INIT(&drainq); 6467 SAHTREE_WLOCK(); 6468 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6469 sav = TAILQ_FIRST(&sah->savtree_alive); 6470 if (sav == NULL) 6471 continue; 6472 if (sav->tdb_xform != xsp) 6473 continue; 6474 /* 6475 * It is supposed that all SAs in the chain are related to 6476 * one xform. 6477 */ 6478 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6479 } 6480 /* Unlink all queued SAs from SPI hash */ 6481 TAILQ_FOREACH(sav, &drainq, chain) { 6482 sav->state = SADB_SASTATE_DEAD; 6483 ipsec_accel_forget_sav(sav); 6484 LIST_REMOVE(sav, spihash); 6485 } 6486 SAHTREE_WUNLOCK(); 6487 6488 /* Now we can release reference for all SAs in drainq */ 6489 sav = TAILQ_FIRST(&drainq); 6490 while (sav != NULL) { 6491 KEYDBG(KEY_STAMP, 6492 printf("%s: SA(%p)\n", __func__, sav)); 6493 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6494 nextsav = TAILQ_NEXT(sav, chain); 6495 key_freesah(&sav->sah); /* release reference from SAV */ 6496 key_freesav(&sav); /* release last reference */ 6497 sav = nextsav; 6498 } 6499 } 6500 6501 /* 6502 * SADB_GET processing 6503 * receive 6504 * <base, SA(*), address(SD)> 6505 * from the ikmpd, and get a SP and a SA to respond, 6506 * and send, 6507 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6508 * (identity(SD),) (sensitivity)> 6509 * to the ikmpd. 6510 * 6511 * m will always be freed. 6512 */ 6513 static int 6514 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6515 { 6516 struct secasindex saidx; 6517 struct sadb_address *src0, *dst0; 6518 struct sadb_sa *sa0; 6519 struct secasvar *sav; 6520 uint8_t proto; 6521 6522 IPSEC_ASSERT(so != NULL, ("null socket")); 6523 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6524 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6525 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6526 6527 /* map satype to proto */ 6528 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6529 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6530 __func__)); 6531 return key_senderror(so, m, EINVAL); 6532 } 6533 6534 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6535 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6536 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6537 ipseclog((LOG_DEBUG, 6538 "%s: invalid message: missing required header.\n", 6539 __func__)); 6540 return key_senderror(so, m, EINVAL); 6541 } 6542 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6543 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6544 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6545 ipseclog((LOG_DEBUG, 6546 "%s: invalid message: wrong header size.\n", __func__)); 6547 return key_senderror(so, m, EINVAL); 6548 } 6549 6550 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6551 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6552 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6553 6554 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6555 (struct sockaddr *)(dst0 + 1)) != 0) { 6556 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6557 return key_senderror(so, m, EINVAL); 6558 } 6559 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6560 6561 SPI_ALLOC_LOCK(); 6562 if (proto == IPPROTO_TCP) 6563 sav = key_getsav_tcpmd5(&saidx, NULL); 6564 else 6565 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6566 SPI_ALLOC_UNLOCK(); 6567 if (sav == NULL) { 6568 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6569 return key_senderror(so, m, ESRCH); 6570 } 6571 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6572 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6573 __func__, ntohl(sa0->sadb_sa_spi))); 6574 key_freesav(&sav); 6575 return (key_senderror(so, m, ESRCH)); 6576 } 6577 6578 { 6579 struct mbuf *n; 6580 uint8_t satype; 6581 6582 /* map proto to satype */ 6583 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6584 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6585 __func__)); 6586 key_freesav(&sav); 6587 return key_senderror(so, m, EINVAL); 6588 } 6589 6590 /* create new sadb_msg to reply. */ 6591 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6592 mhp->msg->sadb_msg_pid, NULL); 6593 6594 key_freesav(&sav); 6595 if (!n) 6596 return key_senderror(so, m, ENOBUFS); 6597 6598 m_freem(m); 6599 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6600 } 6601 } 6602 6603 /* XXX make it sysctl-configurable? */ 6604 static void 6605 key_getcomb_setlifetime(struct sadb_comb *comb) 6606 { 6607 6608 comb->sadb_comb_soft_allocations = 1; 6609 comb->sadb_comb_hard_allocations = 1; 6610 comb->sadb_comb_soft_bytes = 0; 6611 comb->sadb_comb_hard_bytes = 0; 6612 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6613 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6614 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6615 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6616 } 6617 6618 /* 6619 * XXX reorder combinations by preference 6620 * XXX no idea if the user wants ESP authentication or not 6621 */ 6622 static struct mbuf * 6623 key_getcomb_ealg(void) 6624 { 6625 struct sadb_comb *comb; 6626 const struct enc_xform *algo; 6627 struct mbuf *result = NULL, *m, *n; 6628 int encmin; 6629 int i, off, o; 6630 int totlen; 6631 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6632 6633 m = NULL; 6634 for (i = 1; i <= SADB_EALG_MAX; i++) { 6635 algo = enc_algorithm_lookup(i); 6636 if (algo == NULL) 6637 continue; 6638 6639 /* discard algorithms with key size smaller than system min */ 6640 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6641 continue; 6642 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6643 encmin = V_ipsec_esp_keymin; 6644 else 6645 encmin = _BITS(algo->minkey); 6646 6647 if (V_ipsec_esp_auth) 6648 m = key_getcomb_ah(); 6649 else { 6650 IPSEC_ASSERT(l <= MLEN, 6651 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6652 MGET(m, M_NOWAIT, MT_DATA); 6653 if (m) { 6654 M_ALIGN(m, l); 6655 m->m_len = l; 6656 m->m_next = NULL; 6657 bzero(mtod(m, caddr_t), m->m_len); 6658 } 6659 } 6660 if (!m) 6661 goto fail; 6662 6663 totlen = 0; 6664 for (n = m; n; n = n->m_next) 6665 totlen += n->m_len; 6666 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6667 6668 for (off = 0; off < totlen; off += l) { 6669 n = m_pulldown(m, off, l, &o); 6670 if (!n) { 6671 /* m is already freed */ 6672 goto fail; 6673 } 6674 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6675 bzero(comb, sizeof(*comb)); 6676 key_getcomb_setlifetime(comb); 6677 comb->sadb_comb_encrypt = i; 6678 comb->sadb_comb_encrypt_minbits = encmin; 6679 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6680 } 6681 6682 if (!result) 6683 result = m; 6684 else 6685 m_cat(result, m); 6686 } 6687 6688 return result; 6689 6690 fail: 6691 if (result) 6692 m_freem(result); 6693 return NULL; 6694 } 6695 6696 static void 6697 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6698 u_int16_t* max) 6699 { 6700 6701 *min = *max = ah->hashsize; 6702 if (ah->keysize == 0) { 6703 /* 6704 * Transform takes arbitrary key size but algorithm 6705 * key size is restricted. Enforce this here. 6706 */ 6707 switch (alg) { 6708 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6709 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6710 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6711 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6712 default: 6713 DPRINTF(("%s: unknown AH algorithm %u\n", 6714 __func__, alg)); 6715 break; 6716 } 6717 } 6718 } 6719 6720 /* 6721 * XXX reorder combinations by preference 6722 */ 6723 static struct mbuf * 6724 key_getcomb_ah(void) 6725 { 6726 const struct auth_hash *algo; 6727 struct sadb_comb *comb; 6728 struct mbuf *m; 6729 u_int16_t minkeysize, maxkeysize; 6730 int i; 6731 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6732 6733 m = NULL; 6734 for (i = 1; i <= SADB_AALG_MAX; i++) { 6735 #if 1 6736 /* we prefer HMAC algorithms, not old algorithms */ 6737 if (i != SADB_AALG_SHA1HMAC && 6738 i != SADB_X_AALG_SHA2_256 && 6739 i != SADB_X_AALG_SHA2_384 && 6740 i != SADB_X_AALG_SHA2_512) 6741 continue; 6742 #endif 6743 algo = auth_algorithm_lookup(i); 6744 if (!algo) 6745 continue; 6746 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6747 /* discard algorithms with key size smaller than system min */ 6748 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6749 continue; 6750 6751 if (!m) { 6752 IPSEC_ASSERT(l <= MLEN, 6753 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6754 MGET(m, M_NOWAIT, MT_DATA); 6755 if (m) { 6756 M_ALIGN(m, l); 6757 m->m_len = l; 6758 m->m_next = NULL; 6759 } 6760 } else 6761 M_PREPEND(m, l, M_NOWAIT); 6762 if (!m) 6763 return NULL; 6764 6765 comb = mtod(m, struct sadb_comb *); 6766 bzero(comb, sizeof(*comb)); 6767 key_getcomb_setlifetime(comb); 6768 comb->sadb_comb_auth = i; 6769 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6770 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6771 } 6772 6773 return m; 6774 } 6775 6776 /* 6777 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6778 * XXX reorder combinations by preference 6779 */ 6780 static struct mbuf * 6781 key_getcomb_ipcomp(void) 6782 { 6783 const struct comp_algo *algo; 6784 struct sadb_comb *comb; 6785 struct mbuf *m; 6786 int i; 6787 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6788 6789 m = NULL; 6790 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6791 algo = comp_algorithm_lookup(i); 6792 if (!algo) 6793 continue; 6794 6795 if (!m) { 6796 IPSEC_ASSERT(l <= MLEN, 6797 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6798 MGET(m, M_NOWAIT, MT_DATA); 6799 if (m) { 6800 M_ALIGN(m, l); 6801 m->m_len = l; 6802 m->m_next = NULL; 6803 } 6804 } else 6805 M_PREPEND(m, l, M_NOWAIT); 6806 if (!m) 6807 return NULL; 6808 6809 comb = mtod(m, struct sadb_comb *); 6810 bzero(comb, sizeof(*comb)); 6811 key_getcomb_setlifetime(comb); 6812 comb->sadb_comb_encrypt = i; 6813 /* what should we set into sadb_comb_*_{min,max}bits? */ 6814 } 6815 6816 return m; 6817 } 6818 6819 /* 6820 * XXX no way to pass mode (transport/tunnel) to userland 6821 * XXX replay checking? 6822 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6823 */ 6824 static struct mbuf * 6825 key_getprop(const struct secasindex *saidx) 6826 { 6827 struct sadb_prop *prop; 6828 struct mbuf *m, *n; 6829 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6830 int totlen; 6831 6832 switch (saidx->proto) { 6833 case IPPROTO_ESP: 6834 m = key_getcomb_ealg(); 6835 break; 6836 case IPPROTO_AH: 6837 m = key_getcomb_ah(); 6838 break; 6839 case IPPROTO_IPCOMP: 6840 m = key_getcomb_ipcomp(); 6841 break; 6842 default: 6843 return NULL; 6844 } 6845 6846 if (!m) 6847 return NULL; 6848 M_PREPEND(m, l, M_NOWAIT); 6849 if (!m) 6850 return NULL; 6851 6852 totlen = 0; 6853 for (n = m; n; n = n->m_next) 6854 totlen += n->m_len; 6855 6856 prop = mtod(m, struct sadb_prop *); 6857 bzero(prop, sizeof(*prop)); 6858 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6859 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6860 prop->sadb_prop_replay = 32; /* XXX */ 6861 6862 return m; 6863 } 6864 6865 /* 6866 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6867 * send 6868 * <base, SA, address(SD), (address(P)), x_policy, 6869 * (identity(SD),) (sensitivity,) proposal> 6870 * to KMD, and expect to receive 6871 * <base> with SADB_ACQUIRE if error occurred, 6872 * or 6873 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6874 * from KMD by PF_KEY. 6875 * 6876 * XXX x_policy is outside of RFC2367 (KAME extension). 6877 * XXX sensitivity is not supported. 6878 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6879 * see comment for key_getcomb_ipcomp(). 6880 * 6881 * OUT: 6882 * 0 : succeed 6883 * others: error number 6884 */ 6885 static int 6886 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6887 { 6888 union sockaddr_union addr; 6889 struct mbuf *result, *m; 6890 uint32_t seq; 6891 int error; 6892 uint16_t ul_proto; 6893 uint8_t mask, satype; 6894 6895 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6896 satype = key_proto2satype(saidx->proto); 6897 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6898 6899 error = -1; 6900 result = NULL; 6901 ul_proto = IPSEC_ULPROTO_ANY; 6902 6903 /* Get seq number to check whether sending message or not. */ 6904 seq = key_getacq(saidx, &error); 6905 if (seq == 0) 6906 return (error); 6907 6908 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6909 if (!m) { 6910 error = ENOBUFS; 6911 goto fail; 6912 } 6913 result = m; 6914 6915 /* 6916 * set sadb_address for saidx's. 6917 * 6918 * Note that if sp is supplied, then we're being called from 6919 * key_allocsa_policy() and should supply port and protocol 6920 * information. 6921 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6922 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6923 * XXXAE: it looks like we should save this info in the ACQ entry. 6924 */ 6925 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6926 sp->spidx.ul_proto == IPPROTO_UDP)) 6927 ul_proto = sp->spidx.ul_proto; 6928 6929 addr = saidx->src; 6930 mask = FULLMASK; 6931 if (ul_proto != IPSEC_ULPROTO_ANY) { 6932 switch (sp->spidx.src.sa.sa_family) { 6933 case AF_INET: 6934 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6935 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6936 mask = sp->spidx.prefs; 6937 } 6938 break; 6939 case AF_INET6: 6940 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6941 addr.sin6.sin6_port = 6942 sp->spidx.src.sin6.sin6_port; 6943 mask = sp->spidx.prefs; 6944 } 6945 break; 6946 default: 6947 break; 6948 } 6949 } 6950 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6951 if (!m) { 6952 error = ENOBUFS; 6953 goto fail; 6954 } 6955 m_cat(result, m); 6956 6957 addr = saidx->dst; 6958 mask = FULLMASK; 6959 if (ul_proto != IPSEC_ULPROTO_ANY) { 6960 switch (sp->spidx.dst.sa.sa_family) { 6961 case AF_INET: 6962 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6963 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6964 mask = sp->spidx.prefd; 6965 } 6966 break; 6967 case AF_INET6: 6968 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6969 addr.sin6.sin6_port = 6970 sp->spidx.dst.sin6.sin6_port; 6971 mask = sp->spidx.prefd; 6972 } 6973 break; 6974 default: 6975 break; 6976 } 6977 } 6978 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6979 if (!m) { 6980 error = ENOBUFS; 6981 goto fail; 6982 } 6983 m_cat(result, m); 6984 6985 /* XXX proxy address (optional) */ 6986 6987 /* 6988 * Set sadb_x_policy. This is KAME extension to RFC2367. 6989 */ 6990 if (sp != NULL) { 6991 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6992 sp->priority); 6993 if (!m) { 6994 error = ENOBUFS; 6995 goto fail; 6996 } 6997 m_cat(result, m); 6998 } 6999 7000 /* 7001 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 7002 * This is FreeBSD extension to RFC2367. 7003 */ 7004 if (saidx->reqid != 0) { 7005 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 7006 if (m == NULL) { 7007 error = ENOBUFS; 7008 goto fail; 7009 } 7010 m_cat(result, m); 7011 } 7012 /* XXX identity (optional) */ 7013 #if 0 7014 if (idexttype && fqdn) { 7015 /* create identity extension (FQDN) */ 7016 struct sadb_ident *id; 7017 int fqdnlen; 7018 7019 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 7020 id = (struct sadb_ident *)p; 7021 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 7022 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 7023 id->sadb_ident_exttype = idexttype; 7024 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 7025 bcopy(fqdn, id + 1, fqdnlen); 7026 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 7027 } 7028 7029 if (idexttype) { 7030 /* create identity extension (USERFQDN) */ 7031 struct sadb_ident *id; 7032 int userfqdnlen; 7033 7034 if (userfqdn) { 7035 /* +1 for terminating-NUL */ 7036 userfqdnlen = strlen(userfqdn) + 1; 7037 } else 7038 userfqdnlen = 0; 7039 id = (struct sadb_ident *)p; 7040 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 7041 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 7042 id->sadb_ident_exttype = idexttype; 7043 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 7044 /* XXX is it correct? */ 7045 if (curproc && curproc->p_cred) 7046 id->sadb_ident_id = curproc->p_cred->p_ruid; 7047 if (userfqdn && userfqdnlen) 7048 bcopy(userfqdn, id + 1, userfqdnlen); 7049 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 7050 } 7051 #endif 7052 7053 /* XXX sensitivity (optional) */ 7054 7055 /* create proposal/combination extension */ 7056 m = key_getprop(saidx); 7057 #if 0 7058 /* 7059 * spec conformant: always attach proposal/combination extension, 7060 * the problem is that we have no way to attach it for ipcomp, 7061 * due to the way sadb_comb is declared in RFC2367. 7062 */ 7063 if (!m) { 7064 error = ENOBUFS; 7065 goto fail; 7066 } 7067 m_cat(result, m); 7068 #else 7069 /* 7070 * outside of spec; make proposal/combination extension optional. 7071 */ 7072 if (m) 7073 m_cat(result, m); 7074 #endif 7075 7076 if ((result->m_flags & M_PKTHDR) == 0) { 7077 error = EINVAL; 7078 goto fail; 7079 } 7080 7081 if (result->m_len < sizeof(struct sadb_msg)) { 7082 result = m_pullup(result, sizeof(struct sadb_msg)); 7083 if (result == NULL) { 7084 error = ENOBUFS; 7085 goto fail; 7086 } 7087 } 7088 7089 result->m_pkthdr.len = 0; 7090 for (m = result; m; m = m->m_next) 7091 result->m_pkthdr.len += m->m_len; 7092 7093 mtod(result, struct sadb_msg *)->sadb_msg_len = 7094 PFKEY_UNIT64(result->m_pkthdr.len); 7095 7096 KEYDBG(KEY_STAMP, 7097 printf("%s: SP(%p)\n", __func__, sp)); 7098 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 7099 7100 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7101 7102 fail: 7103 if (result) 7104 m_freem(result); 7105 return error; 7106 } 7107 7108 static uint32_t 7109 key_newacq(const struct secasindex *saidx, int *perror) 7110 { 7111 struct secacq *acq; 7112 uint32_t seq; 7113 7114 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 7115 if (acq == NULL) { 7116 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7117 *perror = ENOBUFS; 7118 return (0); 7119 } 7120 7121 /* copy secindex */ 7122 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 7123 acq->created = time_second; 7124 acq->count = 0; 7125 7126 /* add to acqtree */ 7127 ACQ_LOCK(); 7128 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 7129 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 7130 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 7131 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 7132 ACQ_UNLOCK(); 7133 *perror = 0; 7134 return (seq); 7135 } 7136 7137 static uint32_t 7138 key_getacq(const struct secasindex *saidx, int *perror) 7139 { 7140 struct secacq *acq; 7141 uint32_t seq; 7142 7143 ACQ_LOCK(); 7144 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 7145 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 7146 if (acq->count > V_key_blockacq_count) { 7147 /* 7148 * Reset counter and send message. 7149 * Also reset created time to keep ACQ for 7150 * this saidx. 7151 */ 7152 acq->created = time_second; 7153 acq->count = 0; 7154 seq = acq->seq; 7155 } else { 7156 /* 7157 * Increment counter and do nothing. 7158 * We send SADB_ACQUIRE message only 7159 * for each V_key_blockacq_count packet. 7160 */ 7161 acq->count++; 7162 seq = 0; 7163 } 7164 break; 7165 } 7166 } 7167 ACQ_UNLOCK(); 7168 if (acq != NULL) { 7169 *perror = 0; 7170 return (seq); 7171 } 7172 /* allocate new entry */ 7173 return (key_newacq(saidx, perror)); 7174 } 7175 7176 static int 7177 key_acqreset(uint32_t seq) 7178 { 7179 struct secacq *acq; 7180 7181 ACQ_LOCK(); 7182 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 7183 if (acq->seq == seq) { 7184 acq->count = 0; 7185 acq->created = time_second; 7186 break; 7187 } 7188 } 7189 ACQ_UNLOCK(); 7190 if (acq == NULL) 7191 return (ESRCH); 7192 return (0); 7193 } 7194 /* 7195 * Mark ACQ entry as stale to remove it in key_flush_acq(). 7196 * Called after successful SADB_GETSPI message. 7197 */ 7198 static int 7199 key_acqdone(const struct secasindex *saidx, uint32_t seq) 7200 { 7201 struct secacq *acq; 7202 7203 ACQ_LOCK(); 7204 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 7205 if (acq->seq == seq) 7206 break; 7207 } 7208 if (acq != NULL) { 7209 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 7210 ipseclog((LOG_DEBUG, 7211 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 7212 acq = NULL; 7213 } else { 7214 acq->created = 0; 7215 } 7216 } else { 7217 ipseclog((LOG_DEBUG, 7218 "%s: ACQ %u is not found.\n", __func__, seq)); 7219 } 7220 ACQ_UNLOCK(); 7221 if (acq == NULL) 7222 return (ESRCH); 7223 return (0); 7224 } 7225 7226 static struct secspacq * 7227 key_newspacq(struct secpolicyindex *spidx) 7228 { 7229 struct secspacq *acq; 7230 7231 /* get new entry */ 7232 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 7233 if (acq == NULL) { 7234 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7235 return NULL; 7236 } 7237 7238 /* copy secindex */ 7239 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 7240 acq->created = time_second; 7241 acq->count = 0; 7242 7243 /* add to spacqtree */ 7244 SPACQ_LOCK(); 7245 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 7246 SPACQ_UNLOCK(); 7247 7248 return acq; 7249 } 7250 7251 static struct secspacq * 7252 key_getspacq(struct secpolicyindex *spidx) 7253 { 7254 struct secspacq *acq; 7255 7256 SPACQ_LOCK(); 7257 LIST_FOREACH(acq, &V_spacqtree, chain) { 7258 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 7259 /* NB: return holding spacq_lock */ 7260 return acq; 7261 } 7262 } 7263 SPACQ_UNLOCK(); 7264 7265 return NULL; 7266 } 7267 7268 /* 7269 * SADB_ACQUIRE processing, 7270 * in first situation, is receiving 7271 * <base> 7272 * from the ikmpd, and clear sequence of its secasvar entry. 7273 * 7274 * In second situation, is receiving 7275 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7276 * from a user land process, and return 7277 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 7278 * to the socket. 7279 * 7280 * m will always be freed. 7281 */ 7282 static int 7283 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7284 { 7285 SAHTREE_RLOCK_TRACKER; 7286 struct sadb_address *src0, *dst0; 7287 struct secasindex saidx; 7288 struct secashead *sah; 7289 uint32_t reqid; 7290 int error; 7291 uint8_t mode, proto; 7292 7293 IPSEC_ASSERT(so != NULL, ("null socket")); 7294 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7295 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7296 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7297 7298 /* 7299 * Error message from KMd. 7300 * We assume that if error was occurred in IKEd, the length of PFKEY 7301 * message is equal to the size of sadb_msg structure. 7302 * We do not raise error even if error occurred in this function. 7303 */ 7304 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7305 /* check sequence number */ 7306 if (mhp->msg->sadb_msg_seq == 0 || 7307 mhp->msg->sadb_msg_errno == 0) { 7308 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7309 "number and errno.\n", __func__)); 7310 } else { 7311 /* 7312 * IKEd reported that error occurred. 7313 * XXXAE: what it expects from the kernel? 7314 * Probably we should send SADB_ACQUIRE again? 7315 * If so, reset ACQ's state. 7316 * XXXAE: it looks useless. 7317 */ 7318 key_acqreset(mhp->msg->sadb_msg_seq); 7319 } 7320 m_freem(m); 7321 return (0); 7322 } 7323 7324 /* 7325 * This message is from user land. 7326 */ 7327 7328 /* map satype to proto */ 7329 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7330 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7331 __func__)); 7332 return key_senderror(so, m, EINVAL); 7333 } 7334 7335 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7336 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7337 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7338 ipseclog((LOG_DEBUG, 7339 "%s: invalid message: missing required header.\n", 7340 __func__)); 7341 return key_senderror(so, m, EINVAL); 7342 } 7343 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7344 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7345 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7346 ipseclog((LOG_DEBUG, 7347 "%s: invalid message: wrong header size.\n", __func__)); 7348 return key_senderror(so, m, EINVAL); 7349 } 7350 7351 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7352 mode = IPSEC_MODE_ANY; 7353 reqid = 0; 7354 } else { 7355 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7356 ipseclog((LOG_DEBUG, 7357 "%s: invalid message: wrong header size.\n", 7358 __func__)); 7359 return key_senderror(so, m, EINVAL); 7360 } 7361 mode = ((struct sadb_x_sa2 *) 7362 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7363 reqid = ((struct sadb_x_sa2 *) 7364 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7365 } 7366 7367 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7368 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7369 7370 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7371 (struct sockaddr *)(dst0 + 1)); 7372 if (error != 0) { 7373 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7374 return key_senderror(so, m, EINVAL); 7375 } 7376 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7377 7378 /* get a SA index */ 7379 SAHTREE_RLOCK(); 7380 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7381 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7382 break; 7383 } 7384 SAHTREE_RUNLOCK(); 7385 if (sah != NULL) { 7386 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7387 return key_senderror(so, m, EEXIST); 7388 } 7389 7390 error = key_acquire(&saidx, NULL); 7391 if (error != 0) { 7392 ipseclog((LOG_DEBUG, 7393 "%s: error %d returned from key_acquire()\n", 7394 __func__, error)); 7395 return key_senderror(so, m, error); 7396 } 7397 m_freem(m); 7398 return (0); 7399 } 7400 7401 /* 7402 * SADB_REGISTER processing. 7403 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7404 * receive 7405 * <base> 7406 * from the ikmpd, and register a socket to send PF_KEY messages, 7407 * and send 7408 * <base, supported> 7409 * to KMD by PF_KEY. 7410 * If socket is detached, must free from regnode. 7411 * 7412 * m will always be freed. 7413 */ 7414 static int 7415 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7416 { 7417 struct secreg *reg, *newreg = NULL; 7418 7419 IPSEC_ASSERT(so != NULL, ("null socket")); 7420 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7421 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7422 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7423 7424 /* check for invalid register message */ 7425 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7426 return key_senderror(so, m, EINVAL); 7427 7428 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7429 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7430 goto setmsg; 7431 7432 /* check whether existing or not */ 7433 REGTREE_LOCK(); 7434 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7435 if (reg->so == so) { 7436 REGTREE_UNLOCK(); 7437 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7438 __func__)); 7439 return key_senderror(so, m, EEXIST); 7440 } 7441 } 7442 7443 /* create regnode */ 7444 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7445 if (newreg == NULL) { 7446 REGTREE_UNLOCK(); 7447 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7448 return key_senderror(so, m, ENOBUFS); 7449 } 7450 7451 newreg->so = so; 7452 ((struct keycb *)(so->so_pcb))->kp_registered++; 7453 7454 /* add regnode to regtree. */ 7455 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7456 REGTREE_UNLOCK(); 7457 7458 setmsg: 7459 { 7460 struct mbuf *n; 7461 struct sadb_msg *newmsg; 7462 struct sadb_supported *sup; 7463 u_int len, alen, elen; 7464 int off; 7465 int i; 7466 struct sadb_alg *alg; 7467 7468 /* create new sadb_msg to reply. */ 7469 alen = 0; 7470 for (i = 1; i <= SADB_AALG_MAX; i++) { 7471 if (auth_algorithm_lookup(i)) 7472 alen += sizeof(struct sadb_alg); 7473 } 7474 if (alen) 7475 alen += sizeof(struct sadb_supported); 7476 elen = 0; 7477 for (i = 1; i <= SADB_EALG_MAX; i++) { 7478 if (enc_algorithm_lookup(i)) 7479 elen += sizeof(struct sadb_alg); 7480 } 7481 if (elen) 7482 elen += sizeof(struct sadb_supported); 7483 7484 len = sizeof(struct sadb_msg) + alen + elen; 7485 7486 if (len > MCLBYTES) 7487 return key_senderror(so, m, ENOBUFS); 7488 7489 n = key_mget(len); 7490 if (n == NULL) 7491 return key_senderror(so, m, ENOBUFS); 7492 7493 n->m_pkthdr.len = n->m_len = len; 7494 n->m_next = NULL; 7495 off = 0; 7496 7497 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7498 newmsg = mtod(n, struct sadb_msg *); 7499 newmsg->sadb_msg_errno = 0; 7500 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7501 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7502 7503 /* for authentication algorithm */ 7504 if (alen) { 7505 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7506 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7507 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7508 off += PFKEY_ALIGN8(sizeof(*sup)); 7509 7510 for (i = 1; i <= SADB_AALG_MAX; i++) { 7511 const struct auth_hash *aalgo; 7512 u_int16_t minkeysize, maxkeysize; 7513 7514 aalgo = auth_algorithm_lookup(i); 7515 if (!aalgo) 7516 continue; 7517 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7518 alg->sadb_alg_id = i; 7519 alg->sadb_alg_ivlen = 0; 7520 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7521 alg->sadb_alg_minbits = _BITS(minkeysize); 7522 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7523 off += PFKEY_ALIGN8(sizeof(*alg)); 7524 } 7525 } 7526 7527 /* for encryption algorithm */ 7528 if (elen) { 7529 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7530 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7531 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7532 off += PFKEY_ALIGN8(sizeof(*sup)); 7533 7534 for (i = 1; i <= SADB_EALG_MAX; i++) { 7535 const struct enc_xform *ealgo; 7536 7537 ealgo = enc_algorithm_lookup(i); 7538 if (!ealgo) 7539 continue; 7540 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7541 alg->sadb_alg_id = i; 7542 alg->sadb_alg_ivlen = ealgo->ivsize; 7543 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7544 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7545 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7546 } 7547 } 7548 7549 IPSEC_ASSERT(off == len, 7550 ("length assumption failed (off %u len %u)", off, len)); 7551 7552 m_freem(m); 7553 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7554 } 7555 } 7556 7557 /* 7558 * free secreg entry registered. 7559 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7560 */ 7561 void 7562 key_freereg(struct socket *so) 7563 { 7564 struct secreg *reg; 7565 int i; 7566 7567 IPSEC_ASSERT(so != NULL, ("NULL so")); 7568 7569 /* 7570 * check whether existing or not. 7571 * check all type of SA, because there is a potential that 7572 * one socket is registered to multiple type of SA. 7573 */ 7574 REGTREE_LOCK(); 7575 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7576 LIST_FOREACH(reg, &V_regtree[i], chain) { 7577 if (reg->so == so && __LIST_CHAINED(reg)) { 7578 LIST_REMOVE(reg, chain); 7579 free(reg, M_IPSEC_SAR); 7580 break; 7581 } 7582 } 7583 } 7584 REGTREE_UNLOCK(); 7585 } 7586 7587 /* 7588 * SADB_EXPIRE processing 7589 * send 7590 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7591 * to KMD by PF_KEY. 7592 * NOTE: We send only soft lifetime extension. 7593 * 7594 * OUT: 0 : succeed 7595 * others : error number 7596 */ 7597 static int 7598 key_expire(struct secasvar *sav, int hard) 7599 { 7600 struct mbuf *result = NULL, *m; 7601 struct sadb_lifetime *lt; 7602 uint32_t replay_count; 7603 int error, len; 7604 uint8_t satype; 7605 7606 SECASVAR_RLOCK_TRACKER; 7607 7608 IPSEC_ASSERT (sav != NULL, ("null sav")); 7609 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7610 7611 KEYDBG(KEY_STAMP, 7612 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7613 sav, hard ? "hard": "soft")); 7614 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7615 /* set msg header */ 7616 satype = key_proto2satype(sav->sah->saidx.proto); 7617 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7618 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7619 if (!m) { 7620 error = ENOBUFS; 7621 goto fail; 7622 } 7623 result = m; 7624 7625 /* create SA extension */ 7626 m = key_setsadbsa(sav); 7627 if (!m) { 7628 error = ENOBUFS; 7629 goto fail; 7630 } 7631 m_cat(result, m); 7632 7633 /* create SA extension */ 7634 SECASVAR_RLOCK(sav); 7635 replay_count = sav->replay ? sav->replay->count : 0; 7636 SECASVAR_RUNLOCK(sav); 7637 7638 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7639 sav->sah->saidx.reqid); 7640 if (!m) { 7641 error = ENOBUFS; 7642 goto fail; 7643 } 7644 m_cat(result, m); 7645 7646 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7647 m = key_setsadbxsareplay(sav->replay->wsize); 7648 if (!m) { 7649 error = ENOBUFS; 7650 goto fail; 7651 } 7652 m_cat(result, m); 7653 } 7654 7655 /* create lifetime extension (current and soft) */ 7656 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7657 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7658 if (m == NULL) { 7659 error = ENOBUFS; 7660 goto fail; 7661 } 7662 m_align(m, len); 7663 m->m_len = len; 7664 bzero(mtod(m, caddr_t), len); 7665 lt = mtod(m, struct sadb_lifetime *); 7666 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7667 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7668 lt->sadb_lifetime_allocations = 7669 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7670 lt->sadb_lifetime_bytes = 7671 counter_u64_fetch(sav->lft_c_bytes); 7672 lt->sadb_lifetime_addtime = sav->created; 7673 lt->sadb_lifetime_usetime = sav->firstused; 7674 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7675 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7676 if (hard) { 7677 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7678 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7679 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7680 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7681 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7682 } else { 7683 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7684 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7685 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7686 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7687 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7688 } 7689 m_cat(result, m); 7690 7691 /* set sadb_address for source */ 7692 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7693 &sav->sah->saidx.src.sa, 7694 FULLMASK, IPSEC_ULPROTO_ANY); 7695 if (!m) { 7696 error = ENOBUFS; 7697 goto fail; 7698 } 7699 m_cat(result, m); 7700 7701 /* set sadb_address for destination */ 7702 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7703 &sav->sah->saidx.dst.sa, 7704 FULLMASK, IPSEC_ULPROTO_ANY); 7705 if (!m) { 7706 error = ENOBUFS; 7707 goto fail; 7708 } 7709 m_cat(result, m); 7710 7711 /* 7712 * XXX-BZ Handle NAT-T extensions here. 7713 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7714 * this information, we report only significant SA fields. 7715 */ 7716 7717 if ((result->m_flags & M_PKTHDR) == 0) { 7718 error = EINVAL; 7719 goto fail; 7720 } 7721 7722 if (result->m_len < sizeof(struct sadb_msg)) { 7723 result = m_pullup(result, sizeof(struct sadb_msg)); 7724 if (result == NULL) { 7725 error = ENOBUFS; 7726 goto fail; 7727 } 7728 } 7729 7730 result->m_pkthdr.len = 0; 7731 for (m = result; m; m = m->m_next) 7732 result->m_pkthdr.len += m->m_len; 7733 7734 mtod(result, struct sadb_msg *)->sadb_msg_len = 7735 PFKEY_UNIT64(result->m_pkthdr.len); 7736 7737 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7738 7739 fail: 7740 if (result) 7741 m_freem(result); 7742 return error; 7743 } 7744 7745 static void 7746 key_freesah_flushed(struct secashead_queue *flushq) 7747 { 7748 struct secashead *sah, *nextsah; 7749 struct secasvar *sav, *nextsav; 7750 7751 sah = TAILQ_FIRST(flushq); 7752 while (sah != NULL) { 7753 sav = TAILQ_FIRST(&sah->savtree_larval); 7754 while (sav != NULL) { 7755 nextsav = TAILQ_NEXT(sav, chain); 7756 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7757 key_freesav(&sav); /* release last reference */ 7758 key_freesah(&sah); /* release reference from SAV */ 7759 sav = nextsav; 7760 } 7761 sav = TAILQ_FIRST(&sah->savtree_alive); 7762 while (sav != NULL) { 7763 nextsav = TAILQ_NEXT(sav, chain); 7764 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7765 key_freesav(&sav); /* release last reference */ 7766 key_freesah(&sah); /* release reference from SAV */ 7767 sav = nextsav; 7768 } 7769 nextsah = TAILQ_NEXT(sah, chain); 7770 key_freesah(&sah); /* release last reference */ 7771 sah = nextsah; 7772 } 7773 } 7774 7775 /* 7776 * SADB_FLUSH processing 7777 * receive 7778 * <base> 7779 * from the ikmpd, and free all entries in secastree. 7780 * and send, 7781 * <base> 7782 * to the ikmpd. 7783 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7784 * 7785 * m will always be freed. 7786 */ 7787 static int 7788 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7789 { 7790 struct secashead_queue flushq; 7791 struct sadb_msg *newmsg; 7792 struct secashead *sah, *nextsah; 7793 struct secasvar *sav; 7794 uint8_t proto; 7795 int i; 7796 7797 IPSEC_ASSERT(so != NULL, ("null socket")); 7798 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7799 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7800 7801 /* map satype to proto */ 7802 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7803 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7804 __func__)); 7805 return key_senderror(so, m, EINVAL); 7806 } 7807 KEYDBG(KEY_STAMP, 7808 printf("%s: proto %u\n", __func__, proto)); 7809 7810 TAILQ_INIT(&flushq); 7811 if (proto == IPSEC_PROTO_ANY) { 7812 /* no SATYPE specified, i.e. flushing all SA. */ 7813 SAHTREE_WLOCK(); 7814 /* Move all SAHs into flushq */ 7815 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7816 /* Flush all buckets in SPI hash */ 7817 for (i = 0; i < V_savhash_mask + 1; i++) 7818 LIST_INIT(&V_savhashtbl[i]); 7819 /* Flush all buckets in SAHADDRHASH */ 7820 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7821 LIST_INIT(&V_sahaddrhashtbl[i]); 7822 /* Mark all SAHs as unlinked */ 7823 TAILQ_FOREACH(sah, &flushq, chain) { 7824 sah->state = SADB_SASTATE_DEAD; 7825 /* 7826 * Callout handler makes its job using 7827 * RLOCK and drain queues. In case, when this 7828 * function will be called just before it 7829 * acquires WLOCK, we need to mark SAs as 7830 * unlinked to prevent second unlink. 7831 */ 7832 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7833 sav->state = SADB_SASTATE_DEAD; 7834 ipsec_accel_forget_sav(sav); 7835 } 7836 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7837 sav->state = SADB_SASTATE_DEAD; 7838 ipsec_accel_forget_sav(sav); 7839 } 7840 } 7841 SAHTREE_WUNLOCK(); 7842 } else { 7843 SAHTREE_WLOCK(); 7844 sah = TAILQ_FIRST(&V_sahtree); 7845 while (sah != NULL) { 7846 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7847 ("DEAD SAH %p in SADB_FLUSH", sah)); 7848 nextsah = TAILQ_NEXT(sah, chain); 7849 if (sah->saidx.proto != proto) { 7850 sah = nextsah; 7851 continue; 7852 } 7853 sah->state = SADB_SASTATE_DEAD; 7854 TAILQ_REMOVE(&V_sahtree, sah, chain); 7855 LIST_REMOVE(sah, addrhash); 7856 /* Unlink all SAs from SPI hash */ 7857 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7858 LIST_REMOVE(sav, spihash); 7859 sav->state = SADB_SASTATE_DEAD; 7860 ipsec_accel_forget_sav(sav); 7861 } 7862 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7863 LIST_REMOVE(sav, spihash); 7864 sav->state = SADB_SASTATE_DEAD; 7865 ipsec_accel_forget_sav(sav); 7866 } 7867 /* Add SAH into flushq */ 7868 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7869 sah = nextsah; 7870 } 7871 SAHTREE_WUNLOCK(); 7872 } 7873 7874 key_freesah_flushed(&flushq); 7875 /* Free all queued SAs and SAHs */ 7876 if (m->m_len < sizeof(struct sadb_msg) || 7877 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7878 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7879 return key_senderror(so, m, ENOBUFS); 7880 } 7881 7882 if (m->m_next) 7883 m_freem(m->m_next); 7884 m->m_next = NULL; 7885 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7886 newmsg = mtod(m, struct sadb_msg *); 7887 newmsg->sadb_msg_errno = 0; 7888 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7889 7890 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7891 } 7892 7893 /* 7894 * SADB_DUMP processing 7895 * dump all entries including status of DEAD in SAD. 7896 * receive 7897 * <base> 7898 * from the ikmpd, and dump all secasvar leaves 7899 * and send, 7900 * <base> ..... 7901 * to the ikmpd. 7902 * 7903 * m will always be freed. 7904 */ 7905 static int 7906 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7907 { 7908 SAHTREE_RLOCK_TRACKER; 7909 struct secashead *sah; 7910 struct secasvar *sav; 7911 struct mbuf *n; 7912 uint32_t cnt; 7913 uint8_t proto, satype; 7914 7915 IPSEC_ASSERT(so != NULL, ("null socket")); 7916 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7917 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7918 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7919 7920 /* map satype to proto */ 7921 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7922 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7923 __func__)); 7924 return key_senderror(so, m, EINVAL); 7925 } 7926 7927 /* count sav entries to be sent to the userland. */ 7928 cnt = 0; 7929 IFNET_RLOCK(); 7930 SAHTREE_RLOCK(); 7931 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7932 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7933 proto != sah->saidx.proto) 7934 continue; 7935 7936 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7937 cnt++; 7938 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7939 cnt++; 7940 } 7941 7942 if (cnt == 0) { 7943 SAHTREE_RUNLOCK(); 7944 IFNET_RUNLOCK(); 7945 return key_senderror(so, m, ENOENT); 7946 } 7947 7948 /* send this to the userland, one at a time. */ 7949 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7950 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7951 proto != sah->saidx.proto) 7952 continue; 7953 7954 /* map proto to satype */ 7955 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7956 SAHTREE_RUNLOCK(); 7957 IFNET_RUNLOCK(); 7958 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7959 "SAD.\n", __func__)); 7960 return key_senderror(so, m, EINVAL); 7961 } 7962 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7963 n = key_setdumpsa(sav, SADB_DUMP, satype, 7964 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker); 7965 if (n == NULL) { 7966 SAHTREE_RUNLOCK(); 7967 IFNET_RUNLOCK(); 7968 return key_senderror(so, m, ENOBUFS); 7969 } 7970 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7971 } 7972 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7973 n = key_setdumpsa(sav, SADB_DUMP, satype, 7974 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker); 7975 if (n == NULL) { 7976 SAHTREE_RUNLOCK(); 7977 IFNET_RUNLOCK(); 7978 return key_senderror(so, m, ENOBUFS); 7979 } 7980 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7981 } 7982 } 7983 SAHTREE_RUNLOCK(); 7984 IFNET_RUNLOCK(); 7985 m_freem(m); 7986 return (0); 7987 } 7988 /* 7989 * SADB_X_PROMISC processing 7990 * 7991 * m will always be freed. 7992 */ 7993 static int 7994 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7995 { 7996 int olen; 7997 7998 IPSEC_ASSERT(so != NULL, ("null socket")); 7999 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8000 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8001 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 8002 8003 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8004 8005 if (olen < sizeof(struct sadb_msg)) { 8006 #if 1 8007 return key_senderror(so, m, EINVAL); 8008 #else 8009 m_freem(m); 8010 return 0; 8011 #endif 8012 } else if (olen == sizeof(struct sadb_msg)) { 8013 /* enable/disable promisc mode */ 8014 struct keycb *kp; 8015 8016 if ((kp = so->so_pcb) == NULL) 8017 return key_senderror(so, m, EINVAL); 8018 mhp->msg->sadb_msg_errno = 0; 8019 switch (mhp->msg->sadb_msg_satype) { 8020 case 0: 8021 case 1: 8022 kp->kp_promisc = mhp->msg->sadb_msg_satype; 8023 break; 8024 default: 8025 return key_senderror(so, m, EINVAL); 8026 } 8027 8028 /* send the original message back to everyone */ 8029 mhp->msg->sadb_msg_errno = 0; 8030 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 8031 } else { 8032 /* send packet as is */ 8033 8034 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 8035 8036 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 8037 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 8038 } 8039 } 8040 8041 static int (*key_typesw[])(struct socket *, struct mbuf *, 8042 const struct sadb_msghdr *) = { 8043 [SADB_RESERVED] = NULL, 8044 [SADB_GETSPI] = key_getspi, 8045 [SADB_UPDATE] = key_update, 8046 [SADB_ADD] = key_add, 8047 [SADB_DELETE] = key_delete, 8048 [SADB_GET] = key_get, 8049 [SADB_ACQUIRE] = key_acquire2, 8050 [SADB_REGISTER] = key_register, 8051 [SADB_EXPIRE] = NULL, 8052 [SADB_FLUSH] = key_flush, 8053 [SADB_DUMP] = key_dump, 8054 [SADB_X_PROMISC] = key_promisc, 8055 [SADB_X_PCHANGE] = NULL, 8056 [SADB_X_SPDUPDATE] = key_spdadd, 8057 [SADB_X_SPDADD] = key_spdadd, 8058 [SADB_X_SPDDELETE] = key_spddelete, 8059 [SADB_X_SPDGET] = key_spdget, 8060 [SADB_X_SPDACQUIRE] = NULL, 8061 [SADB_X_SPDDUMP] = key_spddump, 8062 [SADB_X_SPDFLUSH] = key_spdflush, 8063 [SADB_X_SPDSETIDX] = key_spdadd, 8064 [SADB_X_SPDEXPIRE] = NULL, 8065 [SADB_X_SPDDELETE2] = key_spddelete2, 8066 }; 8067 8068 /* 8069 * parse sadb_msg buffer to process PFKEYv2, 8070 * and create a data to response if needed. 8071 * I think to be dealed with mbuf directly. 8072 * IN: 8073 * msgp : pointer to pointer to a received buffer pulluped. 8074 * This is rewrited to response. 8075 * so : pointer to socket. 8076 * OUT: 8077 * length for buffer to send to user process. 8078 */ 8079 int 8080 key_parse(struct mbuf *m, struct socket *so) 8081 { 8082 struct sadb_msg *msg; 8083 struct sadb_msghdr mh; 8084 u_int orglen; 8085 int error; 8086 int target; 8087 8088 IPSEC_ASSERT(so != NULL, ("null socket")); 8089 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8090 8091 if (m->m_len < sizeof(struct sadb_msg)) { 8092 m = m_pullup(m, sizeof(struct sadb_msg)); 8093 if (!m) 8094 return ENOBUFS; 8095 } 8096 msg = mtod(m, struct sadb_msg *); 8097 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 8098 target = KEY_SENDUP_ONE; 8099 8100 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 8101 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 8102 PFKEYSTAT_INC(out_invlen); 8103 error = EINVAL; 8104 goto senderror; 8105 } 8106 8107 if (msg->sadb_msg_version != PF_KEY_V2) { 8108 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 8109 __func__, msg->sadb_msg_version)); 8110 PFKEYSTAT_INC(out_invver); 8111 error = EINVAL; 8112 goto senderror; 8113 } 8114 8115 if (msg->sadb_msg_type > SADB_MAX) { 8116 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 8117 __func__, msg->sadb_msg_type)); 8118 PFKEYSTAT_INC(out_invmsgtype); 8119 error = EINVAL; 8120 goto senderror; 8121 } 8122 8123 /* for old-fashioned code - should be nuked */ 8124 if (m->m_pkthdr.len > MCLBYTES) { 8125 m_freem(m); 8126 return ENOBUFS; 8127 } 8128 if (m->m_next) { 8129 struct mbuf *n; 8130 8131 n = key_mget(m->m_pkthdr.len); 8132 if (n == NULL) { 8133 m_freem(m); 8134 return ENOBUFS; 8135 } 8136 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 8137 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 8138 n->m_next = NULL; 8139 m_freem(m); 8140 m = n; 8141 } 8142 8143 /* align the mbuf chain so that extensions are in contiguous region. */ 8144 error = key_align(m, &mh); 8145 if (error) 8146 return error; 8147 8148 msg = mh.msg; 8149 8150 /* We use satype as scope mask for spddump */ 8151 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 8152 switch (msg->sadb_msg_satype) { 8153 case IPSEC_POLICYSCOPE_ANY: 8154 case IPSEC_POLICYSCOPE_GLOBAL: 8155 case IPSEC_POLICYSCOPE_IFNET: 8156 case IPSEC_POLICYSCOPE_PCB: 8157 break; 8158 default: 8159 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 8160 __func__, msg->sadb_msg_type)); 8161 PFKEYSTAT_INC(out_invsatype); 8162 error = EINVAL; 8163 goto senderror; 8164 } 8165 } else { 8166 switch (msg->sadb_msg_satype) { /* check SA type */ 8167 case SADB_SATYPE_UNSPEC: 8168 switch (msg->sadb_msg_type) { 8169 case SADB_GETSPI: 8170 case SADB_UPDATE: 8171 case SADB_ADD: 8172 case SADB_DELETE: 8173 case SADB_GET: 8174 case SADB_ACQUIRE: 8175 case SADB_EXPIRE: 8176 ipseclog((LOG_DEBUG, "%s: must specify satype " 8177 "when msg type=%u.\n", __func__, 8178 msg->sadb_msg_type)); 8179 PFKEYSTAT_INC(out_invsatype); 8180 error = EINVAL; 8181 goto senderror; 8182 } 8183 break; 8184 case SADB_SATYPE_AH: 8185 case SADB_SATYPE_ESP: 8186 case SADB_X_SATYPE_IPCOMP: 8187 case SADB_X_SATYPE_TCPSIGNATURE: 8188 switch (msg->sadb_msg_type) { 8189 case SADB_X_SPDADD: 8190 case SADB_X_SPDDELETE: 8191 case SADB_X_SPDGET: 8192 case SADB_X_SPDFLUSH: 8193 case SADB_X_SPDSETIDX: 8194 case SADB_X_SPDUPDATE: 8195 case SADB_X_SPDDELETE2: 8196 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 8197 __func__, msg->sadb_msg_type)); 8198 PFKEYSTAT_INC(out_invsatype); 8199 error = EINVAL; 8200 goto senderror; 8201 } 8202 break; 8203 case SADB_SATYPE_RSVP: 8204 case SADB_SATYPE_OSPFV2: 8205 case SADB_SATYPE_RIPV2: 8206 case SADB_SATYPE_MIP: 8207 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 8208 __func__, msg->sadb_msg_satype)); 8209 PFKEYSTAT_INC(out_invsatype); 8210 error = EOPNOTSUPP; 8211 goto senderror; 8212 case 1: /* XXX: What does it do? */ 8213 if (msg->sadb_msg_type == SADB_X_PROMISC) 8214 break; 8215 /*FALLTHROUGH*/ 8216 default: 8217 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 8218 __func__, msg->sadb_msg_satype)); 8219 PFKEYSTAT_INC(out_invsatype); 8220 error = EINVAL; 8221 goto senderror; 8222 } 8223 } 8224 8225 /* check field of upper layer protocol and address family */ 8226 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 8227 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 8228 struct sadb_address *src0, *dst0; 8229 u_int plen; 8230 8231 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 8232 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 8233 8234 /* check upper layer protocol */ 8235 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 8236 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 8237 "mismatched.\n", __func__)); 8238 PFKEYSTAT_INC(out_invaddr); 8239 error = EINVAL; 8240 goto senderror; 8241 } 8242 8243 /* check family */ 8244 if (PFKEY_ADDR_SADDR(src0)->sa_family != 8245 PFKEY_ADDR_SADDR(dst0)->sa_family) { 8246 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 8247 __func__)); 8248 PFKEYSTAT_INC(out_invaddr); 8249 error = EINVAL; 8250 goto senderror; 8251 } 8252 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8253 PFKEY_ADDR_SADDR(dst0)->sa_len) { 8254 ipseclog((LOG_DEBUG, "%s: address struct size " 8255 "mismatched.\n", __func__)); 8256 PFKEYSTAT_INC(out_invaddr); 8257 error = EINVAL; 8258 goto senderror; 8259 } 8260 8261 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 8262 case AF_INET: 8263 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8264 sizeof(struct sockaddr_in)) { 8265 PFKEYSTAT_INC(out_invaddr); 8266 error = EINVAL; 8267 goto senderror; 8268 } 8269 break; 8270 case AF_INET6: 8271 if (PFKEY_ADDR_SADDR(src0)->sa_len != 8272 sizeof(struct sockaddr_in6)) { 8273 PFKEYSTAT_INC(out_invaddr); 8274 error = EINVAL; 8275 goto senderror; 8276 } 8277 break; 8278 default: 8279 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 8280 __func__)); 8281 PFKEYSTAT_INC(out_invaddr); 8282 error = EAFNOSUPPORT; 8283 goto senderror; 8284 } 8285 8286 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 8287 case AF_INET: 8288 plen = sizeof(struct in_addr) << 3; 8289 break; 8290 case AF_INET6: 8291 plen = sizeof(struct in6_addr) << 3; 8292 break; 8293 default: 8294 plen = 0; /*fool gcc*/ 8295 break; 8296 } 8297 8298 /* check max prefix length */ 8299 if (src0->sadb_address_prefixlen > plen || 8300 dst0->sadb_address_prefixlen > plen) { 8301 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8302 __func__)); 8303 PFKEYSTAT_INC(out_invaddr); 8304 error = EINVAL; 8305 goto senderror; 8306 } 8307 8308 /* 8309 * prefixlen == 0 is valid because there can be a case when 8310 * all addresses are matched. 8311 */ 8312 } 8313 8314 if (msg->sadb_msg_type >= nitems(key_typesw) || 8315 key_typesw[msg->sadb_msg_type] == NULL) { 8316 PFKEYSTAT_INC(out_invmsgtype); 8317 error = EINVAL; 8318 goto senderror; 8319 } 8320 8321 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8322 8323 senderror: 8324 msg->sadb_msg_errno = error; 8325 return key_sendup_mbuf(so, m, target); 8326 } 8327 8328 static int 8329 key_senderror(struct socket *so, struct mbuf *m, int code) 8330 { 8331 struct sadb_msg *msg; 8332 8333 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8334 ("mbuf too small, len %u", m->m_len)); 8335 8336 msg = mtod(m, struct sadb_msg *); 8337 msg->sadb_msg_errno = code; 8338 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8339 } 8340 8341 /* 8342 * set the pointer to each header into message buffer. 8343 * m will be freed on error. 8344 * XXX larger-than-MCLBYTES extension? 8345 */ 8346 static int 8347 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8348 { 8349 struct mbuf *n; 8350 struct sadb_ext *ext; 8351 size_t off, end; 8352 int extlen; 8353 int toff; 8354 8355 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8356 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8357 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8358 ("mbuf too small, len %u", m->m_len)); 8359 8360 /* initialize */ 8361 bzero(mhp, sizeof(*mhp)); 8362 8363 mhp->msg = mtod(m, struct sadb_msg *); 8364 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8365 8366 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8367 extlen = end; /*just in case extlen is not updated*/ 8368 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8369 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8370 if (!n) { 8371 /* m is already freed */ 8372 return ENOBUFS; 8373 } 8374 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8375 8376 /* set pointer */ 8377 switch (ext->sadb_ext_type) { 8378 case SADB_EXT_SA: 8379 case SADB_EXT_ADDRESS_SRC: 8380 case SADB_EXT_ADDRESS_DST: 8381 case SADB_EXT_ADDRESS_PROXY: 8382 case SADB_EXT_LIFETIME_CURRENT: 8383 case SADB_EXT_LIFETIME_HARD: 8384 case SADB_EXT_LIFETIME_SOFT: 8385 case SADB_EXT_KEY_AUTH: 8386 case SADB_EXT_KEY_ENCRYPT: 8387 case SADB_EXT_IDENTITY_SRC: 8388 case SADB_EXT_IDENTITY_DST: 8389 case SADB_EXT_SENSITIVITY: 8390 case SADB_EXT_PROPOSAL: 8391 case SADB_EXT_SUPPORTED_AUTH: 8392 case SADB_EXT_SUPPORTED_ENCRYPT: 8393 case SADB_EXT_SPIRANGE: 8394 case SADB_X_EXT_POLICY: 8395 case SADB_X_EXT_SA2: 8396 case SADB_X_EXT_NAT_T_TYPE: 8397 case SADB_X_EXT_NAT_T_SPORT: 8398 case SADB_X_EXT_NAT_T_DPORT: 8399 case SADB_X_EXT_NAT_T_OAI: 8400 case SADB_X_EXT_NAT_T_OAR: 8401 case SADB_X_EXT_NAT_T_FRAG: 8402 case SADB_X_EXT_SA_REPLAY: 8403 case SADB_X_EXT_NEW_ADDRESS_SRC: 8404 case SADB_X_EXT_NEW_ADDRESS_DST: 8405 #ifdef IPSEC_OFFLOAD 8406 case SADB_X_EXT_LFT_CUR_SW_OFFL: 8407 case SADB_X_EXT_LFT_CUR_HW_OFFL: 8408 case SADB_X_EXT_IF_HW_OFFL: 8409 #endif 8410 /* duplicate check */ 8411 /* 8412 * XXX Are there duplication payloads of either 8413 * KEY_AUTH or KEY_ENCRYPT ? 8414 */ 8415 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8416 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8417 "%u\n", __func__, ext->sadb_ext_type)); 8418 m_freem(m); 8419 PFKEYSTAT_INC(out_dupext); 8420 return EINVAL; 8421 } 8422 break; 8423 default: 8424 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8425 __func__, ext->sadb_ext_type)); 8426 m_freem(m); 8427 PFKEYSTAT_INC(out_invexttype); 8428 return EINVAL; 8429 } 8430 8431 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8432 8433 if (key_validate_ext(ext, extlen)) { 8434 m_freem(m); 8435 PFKEYSTAT_INC(out_invlen); 8436 return EINVAL; 8437 } 8438 8439 n = m_pulldown(m, off, extlen, &toff); 8440 if (!n) { 8441 /* m is already freed */ 8442 return ENOBUFS; 8443 } 8444 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8445 8446 mhp->ext[ext->sadb_ext_type] = ext; 8447 mhp->extoff[ext->sadb_ext_type] = off; 8448 mhp->extlen[ext->sadb_ext_type] = extlen; 8449 } 8450 8451 if (off != end) { 8452 m_freem(m); 8453 PFKEYSTAT_INC(out_invlen); 8454 return EINVAL; 8455 } 8456 8457 return 0; 8458 } 8459 8460 static int 8461 key_validate_ext(const struct sadb_ext *ext, int len) 8462 { 8463 const struct sockaddr *sa; 8464 enum { NONE, ADDR } checktype = NONE; 8465 int baselen = 0; 8466 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8467 8468 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8469 return EINVAL; 8470 8471 /* if it does not match minimum/maximum length, bail */ 8472 if (ext->sadb_ext_type >= nitems(minsize) || 8473 ext->sadb_ext_type >= nitems(maxsize)) 8474 return EINVAL; 8475 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8476 return EINVAL; 8477 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8478 return EINVAL; 8479 8480 /* more checks based on sadb_ext_type XXX need more */ 8481 switch (ext->sadb_ext_type) { 8482 case SADB_EXT_ADDRESS_SRC: 8483 case SADB_EXT_ADDRESS_DST: 8484 case SADB_EXT_ADDRESS_PROXY: 8485 case SADB_X_EXT_NAT_T_OAI: 8486 case SADB_X_EXT_NAT_T_OAR: 8487 case SADB_X_EXT_NEW_ADDRESS_SRC: 8488 case SADB_X_EXT_NEW_ADDRESS_DST: 8489 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8490 checktype = ADDR; 8491 break; 8492 case SADB_EXT_IDENTITY_SRC: 8493 case SADB_EXT_IDENTITY_DST: 8494 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8495 SADB_X_IDENTTYPE_ADDR) { 8496 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8497 checktype = ADDR; 8498 } else 8499 checktype = NONE; 8500 break; 8501 default: 8502 checktype = NONE; 8503 break; 8504 } 8505 8506 switch (checktype) { 8507 case NONE: 8508 break; 8509 case ADDR: 8510 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8511 if (len < baselen + sal) 8512 return EINVAL; 8513 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8514 return EINVAL; 8515 break; 8516 } 8517 8518 return 0; 8519 } 8520 8521 void 8522 spdcache_init(void) 8523 { 8524 int i; 8525 8526 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8527 &V_key_spdcache_maxentries); 8528 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8529 &V_key_spdcache_threshold); 8530 8531 if (V_key_spdcache_maxentries) { 8532 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8533 SPDCACHE_MAX_ENTRIES_PER_HASH); 8534 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8535 SPDCACHE_MAX_ENTRIES_PER_HASH, 8536 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8537 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8538 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8539 8540 V_spdcache_lock = malloc(sizeof(struct mtx) * 8541 (V_spdcachehash_mask + 1), 8542 M_IPSEC_SPDCACHE, M_WAITOK | M_ZERO); 8543 8544 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8545 SPDCACHE_LOCK_INIT(i); 8546 } 8547 } 8548 8549 struct spdcache_entry * 8550 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8551 { 8552 struct spdcache_entry *entry; 8553 8554 entry = malloc(sizeof(struct spdcache_entry), M_IPSEC_SPDCACHE, 8555 M_NOWAIT | M_ZERO); 8556 if (entry == NULL) 8557 return (NULL); 8558 8559 if (sp != NULL) 8560 SP_ADDREF(sp); 8561 8562 entry->spidx = *spidx; 8563 entry->sp = sp; 8564 8565 return (entry); 8566 } 8567 8568 void 8569 spdcache_entry_free(struct spdcache_entry *entry) 8570 { 8571 8572 if (entry->sp != NULL) 8573 key_freesp(&entry->sp); 8574 free(entry, M_IPSEC_SPDCACHE); 8575 } 8576 8577 void 8578 spdcache_clear(void) 8579 { 8580 struct spdcache_entry *entry; 8581 int i; 8582 8583 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8584 SPDCACHE_LOCK(i); 8585 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8586 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8587 LIST_REMOVE(entry, chain); 8588 spdcache_entry_free(entry); 8589 } 8590 SPDCACHE_UNLOCK(i); 8591 } 8592 } 8593 8594 #ifdef VIMAGE 8595 void 8596 spdcache_destroy(void) 8597 { 8598 int i; 8599 8600 if (SPDCACHE_ENABLED()) { 8601 spdcache_clear(); 8602 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8603 8604 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8605 SPDCACHE_LOCK_DESTROY(i); 8606 8607 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8608 } 8609 } 8610 #endif 8611 8612 static void 8613 key_vnet_init(void *arg __unused) 8614 { 8615 int i; 8616 8617 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8618 TAILQ_INIT(&V_sptree[i]); 8619 TAILQ_INIT(&V_sptree_ifnet[i]); 8620 } 8621 8622 TAILQ_INIT(&V_sahtree); 8623 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8624 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8625 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8626 &V_sahaddrhash_mask); 8627 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8628 &V_acqaddrhash_mask); 8629 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8630 &V_acqseqhash_mask); 8631 8632 spdcache_init(); 8633 8634 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8635 LIST_INIT(&V_regtree[i]); 8636 8637 LIST_INIT(&V_acqtree); 8638 LIST_INIT(&V_spacqtree); 8639 } 8640 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8641 key_vnet_init, NULL); 8642 8643 static void 8644 key_init(void *arg __unused) 8645 { 8646 8647 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8648 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8649 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8650 8651 SPTREE_LOCK_INIT(); 8652 REGTREE_LOCK_INIT(); 8653 SAHTREE_LOCK_INIT(); 8654 ACQ_LOCK_INIT(); 8655 SPACQ_LOCK_INIT(); 8656 SPI_ALLOC_LOCK_INIT(); 8657 8658 #ifndef IPSEC_DEBUG2 8659 callout_init(&key_timer, 1); 8660 callout_reset(&key_timer, hz, key_timehandler, NULL); 8661 #endif /*IPSEC_DEBUG2*/ 8662 8663 /* initialize key statistics */ 8664 keystat.getspi_count = 1; 8665 8666 if (bootverbose) 8667 printf("IPsec: Initialized Security Association Processing.\n"); 8668 } 8669 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8670 8671 #ifdef VIMAGE 8672 static void 8673 key_vnet_destroy(void *arg __unused) 8674 { 8675 struct secashead_queue sahdrainq; 8676 struct secpolicy_queue drainq; 8677 struct secpolicy *sp, *nextsp; 8678 struct secacq *acq, *nextacq; 8679 struct secspacq *spacq, *nextspacq; 8680 struct secashead *sah; 8681 struct secasvar *sav; 8682 struct secreg *reg; 8683 int i; 8684 8685 /* 8686 * XXX: can we just call free() for each object without 8687 * walking through safe way with releasing references? 8688 */ 8689 TAILQ_INIT(&drainq); 8690 SPTREE_WLOCK(); 8691 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8692 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8693 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8694 } 8695 for (i = 0; i < V_sphash_mask + 1; i++) 8696 LIST_INIT(&V_sphashtbl[i]); 8697 SPTREE_WUNLOCK(); 8698 spdcache_destroy(); 8699 8700 sp = TAILQ_FIRST(&drainq); 8701 while (sp != NULL) { 8702 nextsp = TAILQ_NEXT(sp, chain); 8703 key_freesp(&sp); 8704 sp = nextsp; 8705 } 8706 8707 TAILQ_INIT(&sahdrainq); 8708 SAHTREE_WLOCK(); 8709 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8710 for (i = 0; i < V_savhash_mask + 1; i++) 8711 LIST_INIT(&V_savhashtbl[i]); 8712 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8713 LIST_INIT(&V_sahaddrhashtbl[i]); 8714 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8715 sah->state = SADB_SASTATE_DEAD; 8716 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8717 sav->state = SADB_SASTATE_DEAD; 8718 ipsec_accel_forget_sav(sav); 8719 } 8720 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8721 sav->state = SADB_SASTATE_DEAD; 8722 ipsec_accel_forget_sav(sav); 8723 } 8724 } 8725 SAHTREE_WUNLOCK(); 8726 8727 /* Wait for async work referencing this VNET to finish. */ 8728 ipsec_accel_sync(); 8729 8730 key_freesah_flushed(&sahdrainq); 8731 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8732 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8733 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8734 8735 REGTREE_LOCK(); 8736 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8737 LIST_FOREACH(reg, &V_regtree[i], chain) { 8738 if (__LIST_CHAINED(reg)) { 8739 LIST_REMOVE(reg, chain); 8740 free(reg, M_IPSEC_SAR); 8741 break; 8742 } 8743 } 8744 } 8745 REGTREE_UNLOCK(); 8746 8747 ACQ_LOCK(); 8748 acq = LIST_FIRST(&V_acqtree); 8749 while (acq != NULL) { 8750 nextacq = LIST_NEXT(acq, chain); 8751 LIST_REMOVE(acq, chain); 8752 free(acq, M_IPSEC_SAQ); 8753 acq = nextacq; 8754 } 8755 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8756 LIST_INIT(&V_acqaddrhashtbl[i]); 8757 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8758 LIST_INIT(&V_acqseqhashtbl[i]); 8759 ACQ_UNLOCK(); 8760 8761 SPACQ_LOCK(); 8762 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8763 spacq = nextspacq) { 8764 nextspacq = LIST_NEXT(spacq, chain); 8765 if (__LIST_CHAINED(spacq)) { 8766 LIST_REMOVE(spacq, chain); 8767 free(spacq, M_IPSEC_SAQ); 8768 } 8769 } 8770 SPACQ_UNLOCK(); 8771 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8772 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8773 } 8774 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8775 key_vnet_destroy, NULL); 8776 #endif 8777 8778 /* 8779 * XXX: as long as domains are not unloadable, this function is never called, 8780 * provided for consistensy and future unload support. 8781 */ 8782 static void 8783 key_destroy(void *arg __unused) 8784 { 8785 uma_zdestroy(ipsec_key_lft_zone); 8786 8787 #ifndef IPSEC_DEBUG2 8788 callout_drain(&key_timer); 8789 #endif 8790 SPTREE_LOCK_DESTROY(); 8791 REGTREE_LOCK_DESTROY(); 8792 SAHTREE_LOCK_DESTROY(); 8793 ACQ_LOCK_DESTROY(); 8794 SPACQ_LOCK_DESTROY(); 8795 SPI_ALLOC_LOCK_DESTROY(); 8796 } 8797 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8798 8799 /* record data transfer on SA, and update timestamps */ 8800 void 8801 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8802 { 8803 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8804 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8805 8806 /* 8807 * XXX Currently, there is a difference of bytes size 8808 * between inbound and outbound processing. 8809 */ 8810 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8811 8812 /* 8813 * We use the number of packets as the unit of 8814 * allocations. We increment the variable 8815 * whenever {esp,ah}_{in,out}put is called. 8816 */ 8817 counter_u64_add(sav->lft_c_allocations, 1); 8818 8819 /* 8820 * NOTE: We record CURRENT usetime by using wall clock, 8821 * in seconds. HARD and SOFT lifetime are measured by the time 8822 * difference (again in seconds) from usetime. 8823 * 8824 * usetime 8825 * v expire expire 8826 * -----+-----+--------+---> t 8827 * <--------------> HARD 8828 * <-----> SOFT 8829 */ 8830 if (sav->firstused == 0) 8831 sav->firstused = time_second; 8832 } 8833 8834 /* 8835 * Take one of the kernel's security keys and convert it into a PF_KEY 8836 * structure within an mbuf, suitable for sending up to a waiting 8837 * application in user land. 8838 * 8839 * IN: 8840 * src: A pointer to a kernel security key. 8841 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8842 * OUT: 8843 * a valid mbuf or NULL indicating an error 8844 * 8845 */ 8846 8847 static struct mbuf * 8848 key_setkey(struct seckey *src, uint16_t exttype) 8849 { 8850 struct mbuf *m; 8851 struct sadb_key *p; 8852 int len; 8853 8854 if (src == NULL) 8855 return NULL; 8856 8857 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8858 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8859 if (m == NULL) 8860 return NULL; 8861 m_align(m, len); 8862 m->m_len = len; 8863 p = mtod(m, struct sadb_key *); 8864 bzero(p, len); 8865 p->sadb_key_len = PFKEY_UNIT64(len); 8866 p->sadb_key_exttype = exttype; 8867 p->sadb_key_bits = src->bits; 8868 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8869 8870 return m; 8871 } 8872 8873 #ifdef IPSEC_OFFLOAD 8874 struct mbuf * 8875 key_setaccelif(const char *ifname) 8876 { 8877 struct mbuf *m = NULL; 8878 struct sadb_x_if_hw_offl *p; 8879 int len = PFKEY_ALIGN8(sizeof(*p)); 8880 8881 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8882 if (m == NULL) 8883 return (m); 8884 m_align(m, len); 8885 m->m_len = len; 8886 p = mtod(m, struct sadb_x_if_hw_offl *); 8887 8888 bzero(p, len); 8889 p->sadb_x_if_hw_offl_len = PFKEY_UNIT64(len); 8890 p->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL; 8891 p->sadb_x_if_hw_offl_flags = 0; 8892 strncpy(p->sadb_x_if_hw_offl_if, ifname, 8893 sizeof(p->sadb_x_if_hw_offl_if)); 8894 8895 return (m); 8896 } 8897 #endif 8898 8899 /* 8900 * Take one of the kernel's lifetime data structures and convert it 8901 * into a PF_KEY structure within an mbuf, suitable for sending up to 8902 * a waiting application in user land. 8903 * 8904 * IN: 8905 * src: A pointer to a kernel lifetime structure. 8906 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8907 * data structures for more information. 8908 * OUT: 8909 * a valid mbuf or NULL indicating an error 8910 * 8911 */ 8912 8913 static struct mbuf * 8914 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8915 { 8916 struct mbuf *m = NULL; 8917 struct sadb_lifetime *p; 8918 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8919 8920 if (src == NULL) 8921 return NULL; 8922 8923 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8924 if (m == NULL) 8925 return m; 8926 m_align(m, len); 8927 m->m_len = len; 8928 p = mtod(m, struct sadb_lifetime *); 8929 8930 bzero(p, len); 8931 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8932 p->sadb_lifetime_exttype = exttype; 8933 p->sadb_lifetime_allocations = src->allocations; 8934 p->sadb_lifetime_bytes = src->bytes; 8935 p->sadb_lifetime_addtime = src->addtime; 8936 p->sadb_lifetime_usetime = src->usetime; 8937 8938 return m; 8939 8940 } 8941 8942 const struct enc_xform * 8943 enc_algorithm_lookup(int alg) 8944 { 8945 int i; 8946 8947 for (i = 0; i < nitems(supported_ealgs); i++) 8948 if (alg == supported_ealgs[i].sadb_alg) 8949 return (supported_ealgs[i].xform); 8950 return (NULL); 8951 } 8952 8953 const struct auth_hash * 8954 auth_algorithm_lookup(int alg) 8955 { 8956 int i; 8957 8958 for (i = 0; i < nitems(supported_aalgs); i++) 8959 if (alg == supported_aalgs[i].sadb_alg) 8960 return (supported_aalgs[i].xform); 8961 return (NULL); 8962 } 8963 8964 const struct comp_algo * 8965 comp_algorithm_lookup(int alg) 8966 { 8967 int i; 8968 8969 for (i = 0; i < nitems(supported_calgs); i++) 8970 if (alg == supported_calgs[i].sadb_alg) 8971 return (supported_calgs[i].xform); 8972 return (NULL); 8973 } 8974 8975 void 8976 ipsec_sahtree_runlock(struct rm_priotracker *sahtree_trackerp) 8977 { 8978 rm_runlock(&sahtree_lock, sahtree_trackerp); 8979 } 8980 8981 void 8982 ipsec_sahtree_rlock(struct rm_priotracker *sahtree_trackerp) 8983 { 8984 rm_rlock(&sahtree_lock, sahtree_trackerp); 8985 } 8986 8987 #ifdef IPSEC_OFFLOAD 8988 void 8989 ipsec_accel_on_ifdown(struct ifnet *ifp) 8990 { 8991 void (*p)(struct ifnet *ifp); 8992 8993 p = atomic_load_ptr(&ipsec_accel_on_ifdown_p); 8994 if (p != NULL) 8995 p(ifp); 8996 } 8997 8998 void 8999 ipsec_accel_drv_sa_lifetime_update(struct secasvar *sav, if_t ifp, 9000 u_int drv_spi, uint64_t octets, uint64_t allocs) 9001 { 9002 void (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, 9003 uint64_t octets, uint64_t allocs); 9004 9005 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_update_p); 9006 if (p != NULL) 9007 p(sav, ifp, drv_spi, octets, allocs); 9008 } 9009 9010 int 9011 ipsec_accel_drv_sa_lifetime_fetch(struct secasvar *sav, 9012 if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs) 9013 { 9014 int (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi, 9015 uint64_t *octets, uint64_t *allocs); 9016 9017 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_fetch_p); 9018 if (p == NULL) 9019 return (EOPNOTSUPP); 9020 return (p(sav, ifp, drv_spi, octets, allocs)); 9021 } 9022 #endif 9023