xref: /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c (revision aedf2b3bb56b025fcaf87b49ec6c8aeea07f16d7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/types.h>
27 #include <sys/stream.h>
28 #include <sys/stropts.h>
29 #include <sys/errno.h>
30 #include <sys/strlog.h>
31 #include <sys/tihdr.h>
32 #include <sys/socket.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/mkdev.h>
36 #include <sys/kmem.h>
37 #include <sys/zone.h>
38 #include <sys/sysmacros.h>
39 #include <sys/cmn_err.h>
40 #include <sys/vtrace.h>
41 #include <sys/debug.h>
42 #include <sys/atomic.h>
43 #include <sys/strsun.h>
44 #include <sys/random.h>
45 #include <netinet/in.h>
46 #include <net/if.h>
47 #include <netinet/ip6.h>
48 #include <netinet/icmp6.h>
49 #include <net/pfkeyv2.h>
50 #include <net/pfpolicy.h>
51 
52 #include <inet/common.h>
53 #include <inet/mi.h>
54 #include <inet/ip.h>
55 #include <inet/ip6.h>
56 #include <inet/nd.h>
57 #include <inet/ip_if.h>
58 #include <inet/ip_ndp.h>
59 #include <inet/ipsec_info.h>
60 #include <inet/ipsec_impl.h>
61 #include <inet/sadb.h>
62 #include <inet/ipsecah.h>
63 #include <inet/ipsec_impl.h>
64 #include <inet/ipdrop.h>
65 #include <sys/taskq.h>
66 #include <sys/policy.h>
67 #include <sys/strsun.h>
68 
69 #include <sys/crypto/common.h>
70 #include <sys/crypto/api.h>
71 #include <sys/kstat.h>
72 #include <sys/strsubr.h>
73 
74 #include <sys/tsol/tnet.h>
75 
76 /*
77  * Table of ND variables supported by ipsecah. These are loaded into
78  * ipsecah_g_nd in ipsecah_init_nd.
79  * All of these are alterable, within the min/max values given, at run time.
80  */
81 static	ipsecahparam_t	lcl_param_arr[] = {
82 	/* min	max			value	name */
83 	{ 0,	3,			0,	"ipsecah_debug"},
84 	{ 125,	32000, SADB_AGE_INTERVAL_DEFAULT,	"ipsecah_age_interval"},
85 	{ 1,	10,			1,	"ipsecah_reap_delay"},
86 	{ 1,	SADB_MAX_REPLAY,	64,	"ipsecah_replay_size"},
87 	{ 1,	300,			15,	"ipsecah_acquire_timeout"},
88 	{ 1,	1800,			90,	"ipsecah_larval_timeout"},
89 	/* Default lifetime values for ACQUIRE messages. */
90 	{ 0,	0xffffffffU,		0,	"ipsecah_default_soft_bytes"},
91 	{ 0,	0xffffffffU,		0,	"ipsecah_default_hard_bytes"},
92 	{ 0,	0xffffffffU,		24000,	"ipsecah_default_soft_addtime"},
93 	{ 0,	0xffffffffU,		28800,	"ipsecah_default_hard_addtime"},
94 	{ 0,	0xffffffffU,		0,	"ipsecah_default_soft_usetime"},
95 	{ 0,	0xffffffffU,		0,	"ipsecah_default_hard_usetime"},
96 	{ 0,	1,			0,	"ipsecah_log_unknown_spi"},
97 };
98 #define	ipsecah_debug			ipsecah_params[0].ipsecah_param_value
99 #define	ipsecah_age_interval		ipsecah_params[1].ipsecah_param_value
100 #define	ipsecah_age_int_max		ipsecah_params[1].ipsecah_param_max
101 #define	ipsecah_reap_delay		ipsecah_params[2].ipsecah_param_value
102 #define	ipsecah_replay_size		ipsecah_params[3].ipsecah_param_value
103 #define	ipsecah_acquire_timeout		ipsecah_params[4].ipsecah_param_value
104 #define	ipsecah_larval_timeout		ipsecah_params[5].ipsecah_param_value
105 #define	ipsecah_default_soft_bytes	ipsecah_params[6].ipsecah_param_value
106 #define	ipsecah_default_hard_bytes	ipsecah_params[7].ipsecah_param_value
107 #define	ipsecah_default_soft_addtime	ipsecah_params[8].ipsecah_param_value
108 #define	ipsecah_default_hard_addtime	ipsecah_params[9].ipsecah_param_value
109 #define	ipsecah_default_soft_usetime	ipsecah_params[10].ipsecah_param_value
110 #define	ipsecah_default_hard_usetime	ipsecah_params[11].ipsecah_param_value
111 #define	ipsecah_log_unknown_spi		ipsecah_params[12].ipsecah_param_value
112 
113 #define	ah0dbg(a)	printf a
114 /* NOTE:  != 0 instead of > 0 so lint doesn't complain. */
115 #define	ah1dbg(ahstack, a)	if (ahstack->ipsecah_debug != 0) printf a
116 #define	ah2dbg(ahstack, a)	if (ahstack->ipsecah_debug > 1) printf a
117 #define	ah3dbg(ahstack, a)	if (ahstack->ipsecah_debug > 2) printf a
118 
119 /*
120  * XXX This is broken. Padding should be determined dynamically
121  * depending on the ICV size and IP version number so that the
122  * total AH header size is a multiple of 32 bits or 64 bits
123  * for V4 and V6 respectively. For 96bit ICVs we have no problems.
124  * Anything different from that, we need to fix our code.
125  */
126 #define	IPV4_PADDING_ALIGN	0x04	/* Multiple of 32 bits */
127 #define	IPV6_PADDING_ALIGN	0x04	/* Multiple of 32 bits */
128 
129 /*
130  * Helper macro. Avoids a call to msgdsize if there is only one
131  * mblk in the chain.
132  */
133 #define	AH_MSGSIZE(mp) ((mp)->b_cont != NULL ? msgdsize(mp) : MBLKL(mp))
134 
135 
136 static mblk_t *ah_auth_out_done(mblk_t *, ip_xmit_attr_t *, ipsec_crypto_t *);
137 static mblk_t *ah_auth_in_done(mblk_t *, ip_recv_attr_t *, ipsec_crypto_t *);
138 static mblk_t *ah_process_ip_options_v4(mblk_t *, ipsa_t *, int *, uint_t,
139     boolean_t, ipsecah_stack_t *);
140 static mblk_t *ah_process_ip_options_v6(mblk_t *, ipsa_t *, int *, uint_t,
141     boolean_t, ipsecah_stack_t *);
142 static void ah_getspi(mblk_t *, keysock_in_t *, ipsecah_stack_t *);
143 static void ah_inbound_restart(mblk_t *, ip_recv_attr_t *);
144 
145 static mblk_t *ah_outbound(mblk_t *, ip_xmit_attr_t *);
146 static void ah_outbound_finish(mblk_t *, ip_xmit_attr_t *);
147 
148 static int ipsecah_open(queue_t *, dev_t *, int, int, cred_t *);
149 static int ipsecah_close(queue_t *);
150 static void ipsecah_wput(queue_t *, mblk_t *);
151 static void ah_send_acquire(ipsacq_t *, mblk_t *, netstack_t *);
152 static boolean_t ah_register_out(uint32_t, uint32_t, uint_t, ipsecah_stack_t *,
153     cred_t *);
154 static void	*ipsecah_stack_init(netstackid_t stackid, netstack_t *ns);
155 static void	ipsecah_stack_fini(netstackid_t stackid, void *arg);
156 
157 /* Setable in /etc/system */
158 uint32_t ah_hash_size = IPSEC_DEFAULT_HASH_SIZE;
159 
160 static taskq_t *ah_taskq;
161 
162 static struct module_info info = {
163 	5136, "ipsecah", 0, INFPSZ, 65536, 1024
164 };
165 
166 static struct qinit rinit = {
167 	(pfi_t)putnext, NULL, ipsecah_open, ipsecah_close, NULL, &info,
168 	NULL
169 };
170 
171 static struct qinit winit = {
172 	(pfi_t)ipsecah_wput, NULL, ipsecah_open, ipsecah_close, NULL, &info,
173 	NULL
174 };
175 
176 struct streamtab ipsecahinfo = {
177 	&rinit, &winit, NULL, NULL
178 };
179 
180 static int ah_kstat_update(kstat_t *, int);
181 
182 uint64_t ipsacq_maxpackets = IPSACQ_MAXPACKETS;
183 
184 static boolean_t
185 ah_kstat_init(ipsecah_stack_t *ahstack, netstackid_t stackid)
186 {
187 	ipsec_stack_t	*ipss = ahstack->ipsecah_netstack->netstack_ipsec;
188 
189 	ahstack->ah_ksp = kstat_create_netstack("ipsecah", 0, "ah_stat", "net",
190 	    KSTAT_TYPE_NAMED, sizeof (ah_kstats_t) / sizeof (kstat_named_t),
191 	    KSTAT_FLAG_PERSISTENT, stackid);
192 
193 	if (ahstack->ah_ksp == NULL || ahstack->ah_ksp->ks_data == NULL)
194 		return (B_FALSE);
195 
196 	ahstack->ah_kstats = ahstack->ah_ksp->ks_data;
197 
198 	ahstack->ah_ksp->ks_update = ah_kstat_update;
199 	ahstack->ah_ksp->ks_private = (void *)(uintptr_t)stackid;
200 
201 #define	K64 KSTAT_DATA_UINT64
202 #define	KI(x) kstat_named_init(&(ahstack->ah_kstats->ah_stat_##x), #x, K64)
203 
204 	KI(num_aalgs);
205 	KI(good_auth);
206 	KI(bad_auth);
207 	KI(replay_failures);
208 	KI(replay_early_failures);
209 	KI(keysock_in);
210 	KI(out_requests);
211 	KI(acquire_requests);
212 	KI(bytes_expired);
213 	KI(out_discards);
214 	KI(crypto_sync);
215 	KI(crypto_async);
216 	KI(crypto_failures);
217 
218 #undef KI
219 #undef K64
220 
221 	kstat_install(ahstack->ah_ksp);
222 	IP_ACQUIRE_STAT(ipss, maxpackets, ipsacq_maxpackets);
223 	return (B_TRUE);
224 }
225 
226 static int
227 ah_kstat_update(kstat_t *kp, int rw)
228 {
229 	ah_kstats_t	*ekp;
230 	netstackid_t	stackid = (netstackid_t)(uintptr_t)kp->ks_private;
231 	netstack_t	*ns;
232 	ipsec_stack_t	*ipss;
233 
234 	if ((kp == NULL) || (kp->ks_data == NULL))
235 		return (EIO);
236 
237 	if (rw == KSTAT_WRITE)
238 		return (EACCES);
239 
240 	ns = netstack_find_by_stackid(stackid);
241 	if (ns == NULL)
242 		return (-1);
243 	ipss = ns->netstack_ipsec;
244 	if (ipss == NULL) {
245 		netstack_rele(ns);
246 		return (-1);
247 	}
248 	ekp = (ah_kstats_t *)kp->ks_data;
249 
250 	mutex_enter(&ipss->ipsec_alg_lock);
251 	ekp->ah_stat_num_aalgs.value.ui64 = ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
252 	mutex_exit(&ipss->ipsec_alg_lock);
253 
254 	netstack_rele(ns);
255 	return (0);
256 }
257 
258 /*
259  * Don't have to lock ipsec_age_interval, as only one thread will access it at
260  * a time, because I control the one function that does a qtimeout() on
261  * ah_pfkey_q.
262  */
263 static void
264 ah_ager(void *arg)
265 {
266 	ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
267 	netstack_t	*ns = ahstack->ipsecah_netstack;
268 	hrtime_t begin = gethrtime();
269 
270 	sadb_ager(&ahstack->ah_sadb.s_v4, ahstack->ah_pfkey_q,
271 	    ahstack->ipsecah_reap_delay, ns);
272 	sadb_ager(&ahstack->ah_sadb.s_v6, ahstack->ah_pfkey_q,
273 	    ahstack->ipsecah_reap_delay, ns);
274 
275 	ahstack->ah_event = sadb_retimeout(begin, ahstack->ah_pfkey_q,
276 	    ah_ager, ahstack,
277 	    &ahstack->ipsecah_age_interval, ahstack->ipsecah_age_int_max,
278 	    info.mi_idnum);
279 }
280 
281 /*
282  * Get an AH NDD parameter.
283  */
284 /* ARGSUSED */
285 static int
286 ipsecah_param_get(q, mp, cp, cr)
287 	queue_t	*q;
288 	mblk_t	*mp;
289 	caddr_t	cp;
290 	cred_t *cr;
291 {
292 	ipsecahparam_t	*ipsecahpa = (ipsecahparam_t *)cp;
293 	uint_t value;
294 	ipsecah_stack_t	*ahstack = (ipsecah_stack_t *)q->q_ptr;
295 
296 	mutex_enter(&ahstack->ipsecah_param_lock);
297 	value = ipsecahpa->ipsecah_param_value;
298 	mutex_exit(&ahstack->ipsecah_param_lock);
299 
300 	(void) mi_mpprintf(mp, "%u", value);
301 	return (0);
302 }
303 
304 /*
305  * This routine sets an NDD variable in a ipsecahparam_t structure.
306  */
307 /* ARGSUSED */
308 static int
309 ipsecah_param_set(q, mp, value, cp, cr)
310 	queue_t	*q;
311 	mblk_t	*mp;
312 	char	*value;
313 	caddr_t	cp;
314 	cred_t *cr;
315 {
316 	ulong_t	new_value;
317 	ipsecahparam_t	*ipsecahpa = (ipsecahparam_t *)cp;
318 	ipsecah_stack_t	*ahstack = (ipsecah_stack_t *)q->q_ptr;
319 
320 	/*
321 	 * Fail the request if the new value does not lie within the
322 	 * required bounds.
323 	 */
324 	if (ddi_strtoul(value, NULL, 10, &new_value) != 0 ||
325 	    new_value < ipsecahpa->ipsecah_param_min ||
326 	    new_value > ipsecahpa->ipsecah_param_max) {
327 		    return (EINVAL);
328 	}
329 
330 	/* Set the new value */
331 	mutex_enter(&ahstack->ipsecah_param_lock);
332 	ipsecahpa->ipsecah_param_value = new_value;
333 	mutex_exit(&ahstack->ipsecah_param_lock);
334 	return (0);
335 }
336 
337 /*
338  * Using lifetime NDD variables, fill in an extended combination's
339  * lifetime information.
340  */
341 void
342 ipsecah_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns)
343 {
344 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
345 
346 	ecomb->sadb_x_ecomb_soft_bytes = ahstack->ipsecah_default_soft_bytes;
347 	ecomb->sadb_x_ecomb_hard_bytes = ahstack->ipsecah_default_hard_bytes;
348 	ecomb->sadb_x_ecomb_soft_addtime =
349 	    ahstack->ipsecah_default_soft_addtime;
350 	ecomb->sadb_x_ecomb_hard_addtime =
351 	    ahstack->ipsecah_default_hard_addtime;
352 	ecomb->sadb_x_ecomb_soft_usetime =
353 	    ahstack->ipsecah_default_soft_usetime;
354 	ecomb->sadb_x_ecomb_hard_usetime =
355 	    ahstack->ipsecah_default_hard_usetime;
356 }
357 
358 /*
359  * Initialize things for AH at module load time.
360  */
361 boolean_t
362 ipsecah_ddi_init(void)
363 {
364 	ah_taskq = taskq_create("ah_taskq", 1, minclsyspri,
365 	    IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0);
366 
367 	/*
368 	 * We want to be informed each time a stack is created or
369 	 * destroyed in the kernel, so we can maintain the
370 	 * set of ipsecah_stack_t's.
371 	 */
372 	netstack_register(NS_IPSECAH, ipsecah_stack_init, NULL,
373 	    ipsecah_stack_fini);
374 
375 	return (B_TRUE);
376 }
377 
378 /*
379  * Walk through the param array specified registering each element with the
380  * named dispatch handler.
381  */
382 static boolean_t
383 ipsecah_param_register(IDP *ndp, ipsecahparam_t *ahp, int cnt)
384 {
385 	for (; cnt-- > 0; ahp++) {
386 		if (ahp->ipsecah_param_name != NULL &&
387 		    ahp->ipsecah_param_name[0]) {
388 			if (!nd_load(ndp,
389 			    ahp->ipsecah_param_name,
390 			    ipsecah_param_get, ipsecah_param_set,
391 			    (caddr_t)ahp)) {
392 				nd_free(ndp);
393 				return (B_FALSE);
394 			}
395 		}
396 	}
397 	return (B_TRUE);
398 }
399 
400 /*
401  * Initialize things for AH for each stack instance
402  */
403 static void *
404 ipsecah_stack_init(netstackid_t stackid, netstack_t *ns)
405 {
406 	ipsecah_stack_t	*ahstack;
407 	ipsecahparam_t	*ahp;
408 
409 	ahstack = (ipsecah_stack_t *)kmem_zalloc(sizeof (*ahstack), KM_SLEEP);
410 	ahstack->ipsecah_netstack = ns;
411 
412 	ahp = (ipsecahparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
413 	ahstack->ipsecah_params = ahp;
414 	bcopy(lcl_param_arr, ahp, sizeof (lcl_param_arr));
415 
416 	(void) ipsecah_param_register(&ahstack->ipsecah_g_nd, ahp,
417 	    A_CNT(lcl_param_arr));
418 
419 	(void) ah_kstat_init(ahstack, stackid);
420 
421 	ahstack->ah_sadb.s_acquire_timeout = &ahstack->ipsecah_acquire_timeout;
422 	ahstack->ah_sadb.s_acqfn = ah_send_acquire;
423 	sadbp_init("AH", &ahstack->ah_sadb, SADB_SATYPE_AH, ah_hash_size,
424 	    ahstack->ipsecah_netstack);
425 
426 	mutex_init(&ahstack->ipsecah_param_lock, NULL, MUTEX_DEFAULT, 0);
427 
428 	ip_drop_register(&ahstack->ah_dropper, "IPsec AH");
429 	return (ahstack);
430 }
431 
432 /*
433  * Destroy things for AH at module unload time.
434  */
435 void
436 ipsecah_ddi_destroy(void)
437 {
438 	netstack_unregister(NS_IPSECAH);
439 	taskq_destroy(ah_taskq);
440 }
441 
442 /*
443  * Destroy things for AH for one stack... Never called?
444  */
445 static void
446 ipsecah_stack_fini(netstackid_t stackid, void *arg)
447 {
448 	ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
449 
450 	if (ahstack->ah_pfkey_q != NULL) {
451 		(void) quntimeout(ahstack->ah_pfkey_q, ahstack->ah_event);
452 	}
453 	ahstack->ah_sadb.s_acqfn = NULL;
454 	ahstack->ah_sadb.s_acquire_timeout = NULL;
455 	sadbp_destroy(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
456 	ip_drop_unregister(&ahstack->ah_dropper);
457 	mutex_destroy(&ahstack->ipsecah_param_lock);
458 	nd_free(&ahstack->ipsecah_g_nd);
459 
460 	kmem_free(ahstack->ipsecah_params, sizeof (lcl_param_arr));
461 	ahstack->ipsecah_params = NULL;
462 	kstat_delete_netstack(ahstack->ah_ksp, stackid);
463 	ahstack->ah_ksp = NULL;
464 	ahstack->ah_kstats = NULL;
465 
466 	kmem_free(ahstack, sizeof (*ahstack));
467 }
468 
469 /*
470  * AH module open routine, which is here for keysock plumbing.
471  * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old
472  * Days of export control, and fears that ESP would not be allowed
473  * to be shipped at all by default.  Eventually, keysock should
474  * either access AH and ESP via modstubs or krtld dependencies, or
475  * perhaps be folded in with AH and ESP into a single IPsec/netsec
476  * module ("netsec" if PF_KEY provides more than AH/ESP keying tables).
477  */
478 /* ARGSUSED */
479 static int
480 ipsecah_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
481 {
482 	netstack_t	*ns;
483 	ipsecah_stack_t	*ahstack;
484 
485 	if (secpolicy_ip_config(credp, B_FALSE) != 0)
486 		return (EPERM);
487 
488 	if (q->q_ptr != NULL)
489 		return (0);  /* Re-open of an already open instance. */
490 
491 	if (sflag != MODOPEN)
492 		return (EINVAL);
493 
494 	ns = netstack_find_by_cred(credp);
495 	ASSERT(ns != NULL);
496 	ahstack = ns->netstack_ipsecah;
497 	ASSERT(ahstack != NULL);
498 
499 	q->q_ptr = ahstack;
500 	WR(q)->q_ptr = q->q_ptr;
501 
502 	qprocson(q);
503 	return (0);
504 }
505 
506 /*
507  * AH module close routine.
508  */
509 static int
510 ipsecah_close(queue_t *q)
511 {
512 	ipsecah_stack_t	*ahstack = (ipsecah_stack_t *)q->q_ptr;
513 
514 	/*
515 	 * Clean up q_ptr, if needed.
516 	 */
517 	qprocsoff(q);
518 
519 	/* Keysock queue check is safe, because of OCEXCL perimeter. */
520 
521 	if (q == ahstack->ah_pfkey_q) {
522 		ah1dbg(ahstack,
523 		    ("ipsecah_close:  Ummm... keysock is closing AH.\n"));
524 		ahstack->ah_pfkey_q = NULL;
525 		/* Detach qtimeouts. */
526 		(void) quntimeout(q, ahstack->ah_event);
527 	}
528 
529 	netstack_rele(ahstack->ipsecah_netstack);
530 	return (0);
531 }
532 
533 /*
534  * Construct an SADB_REGISTER message with the current algorithms.
535  */
536 static boolean_t
537 ah_register_out(uint32_t sequence, uint32_t pid, uint_t serial,
538     ipsecah_stack_t *ahstack, cred_t *cr)
539 {
540 	mblk_t *mp;
541 	boolean_t rc = B_TRUE;
542 	sadb_msg_t *samsg;
543 	sadb_supported_t *sasupp;
544 	sadb_alg_t *saalg;
545 	uint_t allocsize = sizeof (*samsg);
546 	uint_t i, numalgs_snap;
547 	ipsec_alginfo_t **authalgs;
548 	uint_t num_aalgs;
549 	ipsec_stack_t	*ipss = ahstack->ipsecah_netstack->netstack_ipsec;
550 	sadb_sens_t *sens;
551 	size_t sens_len = 0;
552 	sadb_ext_t *nextext;
553 	ts_label_t *sens_tsl = NULL;
554 
555 	/* Allocate the KEYSOCK_OUT. */
556 	mp = sadb_keysock_out(serial);
557 	if (mp == NULL) {
558 		ah0dbg(("ah_register_out: couldn't allocate mblk.\n"));
559 		return (B_FALSE);
560 	}
561 
562 	if (is_system_labeled() && (cr != NULL)) {
563 		sens_tsl = crgetlabel(cr);
564 		if (sens_tsl != NULL) {
565 			sens_len = sadb_sens_len_from_label(sens_tsl);
566 			allocsize += sens_len;
567 		}
568 	}
569 
570 	/*
571 	 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
572 	 * The alg reader lock needs to be held while allocating
573 	 * the variable part (i.e. the algorithms) of the message.
574 	 */
575 
576 	mutex_enter(&ipss->ipsec_alg_lock);
577 
578 	/*
579 	 * Return only valid algorithms, so the number of algorithms
580 	 * to send up may be less than the number of algorithm entries
581 	 * in the table.
582 	 */
583 	authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH];
584 	for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
585 		if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
586 			num_aalgs++;
587 
588 	/*
589 	 * Fill SADB_REGISTER message's algorithm descriptors.  Hold
590 	 * down the lock while filling it.
591 	 */
592 	if (num_aalgs != 0) {
593 		allocsize += (num_aalgs * sizeof (*saalg));
594 		allocsize += sizeof (*sasupp);
595 	}
596 	mp->b_cont = allocb(allocsize, BPRI_HI);
597 	if (mp->b_cont == NULL) {
598 		mutex_exit(&ipss->ipsec_alg_lock);
599 		freemsg(mp);
600 		return (B_FALSE);
601 	}
602 
603 	mp->b_cont->b_wptr += allocsize;
604 	nextext = (sadb_ext_t *)(mp->b_cont->b_rptr + sizeof (*samsg));
605 
606 	if (num_aalgs != 0) {
607 
608 		saalg = (sadb_alg_t *)(((uint8_t *)nextext) + sizeof (*sasupp));
609 		ASSERT(((ulong_t)saalg & 0x7) == 0);
610 
611 		numalgs_snap = 0;
612 		for (i = 0;
613 		    ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs));
614 		    i++) {
615 			if (authalgs[i] == NULL || !ALG_VALID(authalgs[i]))
616 				continue;
617 
618 			saalg->sadb_alg_id = authalgs[i]->alg_id;
619 			saalg->sadb_alg_ivlen = 0;
620 			saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits;
621 			saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits;
622 			saalg->sadb_x_alg_increment =
623 			    authalgs[i]->alg_increment;
624 			/* For now, salt is meaningless in AH. */
625 			ASSERT(authalgs[i]->alg_saltlen == 0);
626 			saalg->sadb_x_alg_saltbits =
627 			    SADB_8TO1(authalgs[i]->alg_saltlen);
628 			numalgs_snap++;
629 			saalg++;
630 		}
631 		ASSERT(numalgs_snap == num_aalgs);
632 #ifdef DEBUG
633 		/*
634 		 * Reality check to make sure I snagged all of the
635 		 * algorithms.
636 		 */
637 		for (; i < IPSEC_MAX_ALGS; i++)
638 			if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
639 				cmn_err(CE_PANIC,
640 				    "ah_register_out()!  Missed #%d.\n", i);
641 #endif /* DEBUG */
642 		nextext = (sadb_ext_t *)saalg;
643 	}
644 
645 	mutex_exit(&ipss->ipsec_alg_lock);
646 
647 	if (sens_tsl != NULL) {
648 		sens = (sadb_sens_t *)nextext;
649 		sadb_sens_from_label(sens, SADB_EXT_SENSITIVITY,
650 		    sens_tsl, sens_len);
651 
652 		nextext = (sadb_ext_t *)(((uint8_t *)sens) + sens_len);
653 	}
654 
655 	/* Now fill the restof the SADB_REGISTER message. */
656 
657 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
658 	samsg->sadb_msg_version = PF_KEY_V2;
659 	samsg->sadb_msg_type = SADB_REGISTER;
660 	samsg->sadb_msg_errno = 0;
661 	samsg->sadb_msg_satype = SADB_SATYPE_AH;
662 	samsg->sadb_msg_len = SADB_8TO64(allocsize);
663 	samsg->sadb_msg_reserved = 0;
664 	/*
665 	 * Assume caller has sufficient sequence/pid number info.  If it's one
666 	 * from me over a new alg., I could give two hoots about sequence.
667 	 */
668 	samsg->sadb_msg_seq = sequence;
669 	samsg->sadb_msg_pid = pid;
670 
671 	if (num_aalgs != 0) {
672 		sasupp = (sadb_supported_t *)(samsg + 1);
673 		sasupp->sadb_supported_len = SADB_8TO64(
674 		    sizeof (*sasupp) + sizeof (*saalg) * num_aalgs);
675 		sasupp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
676 		sasupp->sadb_supported_reserved = 0;
677 	}
678 
679 	if (ahstack->ah_pfkey_q != NULL)
680 		putnext(ahstack->ah_pfkey_q, mp);
681 	else {
682 		rc = B_FALSE;
683 		freemsg(mp);
684 	}
685 
686 	return (rc);
687 }
688 
689 /*
690  * Invoked when the algorithm table changes. Causes SADB_REGISTER
691  * messages continaining the current list of algorithms to be
692  * sent up to the AH listeners.
693  */
694 void
695 ipsecah_algs_changed(netstack_t *ns)
696 {
697 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
698 
699 	/*
700 	 * Time to send a PF_KEY SADB_REGISTER message to AH listeners
701 	 * everywhere.  (The function itself checks for NULL ah_pfkey_q.)
702 	 */
703 	(void) ah_register_out(0, 0, 0, ahstack, NULL);
704 }
705 
706 /*
707  * Stub function that taskq_dispatch() invokes to take the mblk (in arg)
708  * and send it into AH and IP again.
709  */
710 static void
711 inbound_task(void *arg)
712 {
713 	mblk_t		*mp = (mblk_t *)arg;
714 	mblk_t		*async_mp;
715 	ip_recv_attr_t	iras;
716 
717 	async_mp = mp;
718 	mp = async_mp->b_cont;
719 	async_mp->b_cont = NULL;
720 	if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
721 		/* The ill or ip_stack_t disappeared on us */
722 		ip_drop_input("ip_recv_attr_from_mblk", mp, NULL);
723 		freemsg(mp);
724 		goto done;
725 	}
726 
727 	ah_inbound_restart(mp, &iras);
728 done:
729 	ira_cleanup(&iras, B_TRUE);
730 }
731 
732 /*
733  * Restart ESP after the SA has been added.
734  */
735 static void
736 ah_inbound_restart(mblk_t *mp, ip_recv_attr_t *ira)
737 {
738 	ah_t		*ah;
739 	netstack_t	*ns;
740 	ipsecah_stack_t	*ahstack;
741 
742 	ns = ira->ira_ill->ill_ipst->ips_netstack;
743 	ahstack = ns->netstack_ipsecah;
744 
745 	ASSERT(ahstack != NULL);
746 	mp = ipsec_inbound_ah_sa(mp, ira, &ah);
747 	if (mp == NULL)
748 		return;
749 
750 	ASSERT(ah != NULL);
751 	ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
752 	ASSERT(ira->ira_ipsec_ah_sa != NULL);
753 
754 	mp = ira->ira_ipsec_ah_sa->ipsa_input_func(mp, ah, ira);
755 	if (mp == NULL) {
756 		/*
757 		 * Either it failed or is pending. In the former case
758 		 * ipIfStatsInDiscards was increased.
759 		 */
760 		return;
761 	}
762 	ip_input_post_ipsec(mp, ira);
763 }
764 
765 /*
766  * Now that weak-key passed, actually ADD the security association, and
767  * send back a reply ADD message.
768  */
769 static int
770 ah_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi,
771     int *diagnostic, ipsecah_stack_t *ahstack)
772 {
773 	isaf_t *primary = NULL, *secondary;
774 	boolean_t clone = B_FALSE, is_inbound = B_FALSE;
775 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
776 	ipsa_t *larval;
777 	ipsacq_t *acqrec;
778 	iacqf_t *acq_bucket;
779 	mblk_t *acq_msgs = NULL;
780 	mblk_t *lpkt;
781 	int rc;
782 	ipsa_query_t sq;
783 	int error;
784 	netstack_t	*ns = ahstack->ipsecah_netstack;
785 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
786 
787 	/*
788 	 * Locate the appropriate table(s).
789 	 */
790 
791 	sq.spp = &ahstack->ah_sadb;
792 	error = sadb_form_query(ksi, IPSA_Q_SA|IPSA_Q_DST,
793 	    IPSA_Q_SA|IPSA_Q_DST|IPSA_Q_INBOUND|IPSA_Q_OUTBOUND,
794 	    &sq, diagnostic);
795 	if (error)
796 		return (error);
797 
798 	/*
799 	 * Use the direction flags provided by the KMD to determine
800 	 * if the inbound or outbound table should be the primary
801 	 * for this SA. If these flags were absent then make this
802 	 * decision based on the addresses.
803 	 */
804 	if (assoc->sadb_sa_flags & IPSA_F_INBOUND) {
805 		primary = sq.inbound;
806 		secondary = sq.outbound;
807 		is_inbound = B_TRUE;
808 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND)
809 			clone = B_TRUE;
810 	} else {
811 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) {
812 			primary = sq.outbound;
813 			secondary = sq.inbound;
814 		}
815 	}
816 	if (primary == NULL) {
817 		/*
818 		 * The KMD did not set a direction flag, determine which
819 		 * table to insert the SA into based on addresses.
820 		 */
821 		switch (ksi->ks_in_dsttype) {
822 		case KS_IN_ADDR_MBCAST:
823 			clone = B_TRUE;	/* All mcast SAs can be bidirectional */
824 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
825 			/* FALLTHRU */
826 		/*
827 		 * If the source address is either one of mine, or unspecified
828 		 * (which is best summed up by saying "not 'not mine'"),
829 		 * then the association is potentially bi-directional,
830 		 * in that it can be used for inbound traffic and outbound
831 		 * traffic.  The best example of such and SA is a multicast
832 		 * SA (which allows me to receive the outbound traffic).
833 		 */
834 		case KS_IN_ADDR_ME:
835 			assoc->sadb_sa_flags |= IPSA_F_INBOUND;
836 			primary = sq.inbound;
837 			secondary = sq.outbound;
838 			if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME)
839 				clone = B_TRUE;
840 			is_inbound = B_TRUE;
841 			break;
842 
843 		/*
844 		 * If the source address literally not mine (either
845 		 * unspecified or not mine), then this SA may have an
846 		 * address that WILL be mine after some configuration.
847 		 * We pay the price for this by making it a bi-directional
848 		 * SA.
849 		 */
850 		case KS_IN_ADDR_NOTME:
851 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
852 			primary = sq.outbound;
853 			secondary = sq.inbound;
854 			if (ksi->ks_in_srctype != KS_IN_ADDR_ME) {
855 				assoc->sadb_sa_flags |= IPSA_F_INBOUND;
856 				clone = B_TRUE;
857 			}
858 			break;
859 		default:
860 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_DST;
861 			return (EINVAL);
862 		}
863 	}
864 
865 	/*
866 	 * Find a ACQUIRE list entry if possible.  If we've added an SA that
867 	 * suits the needs of an ACQUIRE list entry, we can eliminate the
868 	 * ACQUIRE list entry and transmit the enqueued packets.  Use the
869 	 * high-bit of the sequence number to queue it.  Key off destination
870 	 * addr, and change acqrec's state.
871 	 */
872 
873 	if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) {
874 		acq_bucket = &(sq.sp->sdb_acq[sq.outhash]);
875 		mutex_enter(&acq_bucket->iacqf_lock);
876 		for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL;
877 		    acqrec = acqrec->ipsacq_next) {
878 			mutex_enter(&acqrec->ipsacq_lock);
879 			/*
880 			 * Q:  I only check sequence.  Should I check dst?
881 			 * A: Yes, check dest because those are the packets
882 			 *    that are queued up.
883 			 */
884 			if (acqrec->ipsacq_seq == samsg->sadb_msg_seq &&
885 			    IPSA_ARE_ADDR_EQUAL(sq.dstaddr,
886 			    acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam))
887 				break;
888 			mutex_exit(&acqrec->ipsacq_lock);
889 		}
890 		if (acqrec != NULL) {
891 			/*
892 			 * AHA!  I found an ACQUIRE record for this SA.
893 			 * Grab the msg list, and free the acquire record.
894 			 * I already am holding the lock for this record,
895 			 * so all I have to do is free it.
896 			 */
897 			acq_msgs = acqrec->ipsacq_mp;
898 			acqrec->ipsacq_mp = NULL;
899 			mutex_exit(&acqrec->ipsacq_lock);
900 			sadb_destroy_acquire(acqrec, ns);
901 		}
902 		mutex_exit(&acq_bucket->iacqf_lock);
903 	}
904 
905 	/*
906 	 * Find PF_KEY message, and see if I'm an update.  If so, find entry
907 	 * in larval list (if there).
908 	 */
909 
910 	larval = NULL;
911 
912 	if (samsg->sadb_msg_type == SADB_UPDATE) {
913 		mutex_enter(&sq.inbound->isaf_lock);
914 		larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi,
915 		    ALL_ZEROES_PTR, sq.dstaddr, sq.dst->sin_family);
916 		mutex_exit(&sq.inbound->isaf_lock);
917 
918 		if ((larval == NULL) ||
919 		    (larval->ipsa_state != IPSA_STATE_LARVAL)) {
920 			*diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND;
921 			if (larval != NULL) {
922 				IPSA_REFRELE(larval);
923 			}
924 			ah0dbg(("Larval update, but larval disappeared.\n"));
925 			return (ESRCH);
926 		} /* Else sadb_common_add unlinks it for me! */
927 	}
928 
929 	lpkt = NULL;
930 	if (larval != NULL)
931 		lpkt = sadb_clear_lpkt(larval);
932 
933 	rc = sadb_common_add(ahstack->ah_pfkey_q, mp,
934 	    samsg, ksi, primary, secondary, larval, clone, is_inbound,
935 	    diagnostic, ns, &ahstack->ah_sadb);
936 
937 	if (lpkt != NULL) {
938 		if (rc == 0) {
939 			rc = !taskq_dispatch(ah_taskq, inbound_task, lpkt,
940 			    TQ_NOSLEEP);
941 		}
942 		if (rc != 0) {
943 			lpkt = ip_recv_attr_free_mblk(lpkt);
944 			ip_drop_packet(lpkt, B_TRUE, NULL,
945 			    DROPPER(ipss, ipds_sadb_inlarval_timeout),
946 			    &ahstack->ah_dropper);
947 		}
948 	}
949 
950 	/*
951 	 * How much more stack will I create with all of these
952 	 * ah_outbound_*() calls?
953 	 */
954 
955 	/* Handle the packets queued waiting for the SA */
956 	while (acq_msgs != NULL) {
957 		mblk_t		*asyncmp;
958 		mblk_t		*data_mp;
959 		ip_xmit_attr_t	ixas;
960 		ill_t		*ill;
961 
962 		asyncmp = acq_msgs;
963 		acq_msgs = acq_msgs->b_next;
964 		asyncmp->b_next = NULL;
965 
966 		/*
967 		 * Extract the ip_xmit_attr_t from the first mblk.
968 		 * Verifies that the netstack and ill is still around; could
969 		 * have vanished while iked was doing its work.
970 		 * On succesful return we have a nce_t and the ill/ipst can't
971 		 * disappear until we do the nce_refrele in ixa_cleanup.
972 		 */
973 		data_mp = asyncmp->b_cont;
974 		asyncmp->b_cont = NULL;
975 		if (!ip_xmit_attr_from_mblk(asyncmp, &ixas)) {
976 			AH_BUMP_STAT(ahstack, out_discards);
977 			ip_drop_packet(data_mp, B_FALSE, NULL,
978 			    DROPPER(ipss, ipds_sadb_acquire_timeout),
979 			    &ahstack->ah_dropper);
980 		} else if (rc != 0) {
981 			ill = ixas.ixa_nce->nce_ill;
982 			AH_BUMP_STAT(ahstack, out_discards);
983 			ip_drop_packet(data_mp, B_FALSE, ill,
984 			    DROPPER(ipss, ipds_sadb_acquire_timeout),
985 			    &ahstack->ah_dropper);
986 			BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
987 		} else {
988 			ah_outbound_finish(data_mp, &ixas);
989 		}
990 		ixa_cleanup(&ixas);
991 	}
992 
993 	return (rc);
994 }
995 
996 
997 /*
998  * Process one of the queued messages (from ipsacq_mp) once the SA
999  * has been added.
1000  */
1001 static void
1002 ah_outbound_finish(mblk_t *data_mp, ip_xmit_attr_t *ixa)
1003 {
1004 	netstack_t	*ns = ixa->ixa_ipst->ips_netstack;
1005 	ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1006 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1007 	ill_t		*ill = ixa->ixa_nce->nce_ill;
1008 
1009 	if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_AH)) {
1010 		AH_BUMP_STAT(ahstack, out_discards);
1011 		ip_drop_packet(data_mp, B_FALSE, ill,
1012 		    DROPPER(ipss, ipds_sadb_acquire_timeout),
1013 		    &ahstack->ah_dropper);
1014 		BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1015 		return;
1016 	}
1017 
1018 	data_mp = ah_outbound(data_mp, ixa);
1019 	if (data_mp == NULL)
1020 		return;
1021 
1022 	(void) ip_output_post_ipsec(data_mp, ixa);
1023 }
1024 
1025 /*
1026  * Add new AH security association.  This may become a generic AH/ESP
1027  * routine eventually.
1028  */
1029 static int
1030 ah_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns)
1031 {
1032 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
1033 	sadb_address_t *srcext =
1034 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
1035 	sadb_address_t *dstext =
1036 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1037 	sadb_address_t *isrcext =
1038 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC];
1039 	sadb_address_t *idstext =
1040 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST];
1041 	sadb_key_t *key = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH];
1042 	struct sockaddr_in *src, *dst;
1043 	/* We don't need sockaddr_in6 for now. */
1044 	sadb_lifetime_t *soft =
1045 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT];
1046 	sadb_lifetime_t *hard =
1047 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD];
1048 	sadb_lifetime_t *idle =
1049 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE];
1050 	ipsec_alginfo_t *aalg;
1051 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
1052 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1053 
1054 	/* I need certain extensions present for an ADD message. */
1055 	if (srcext == NULL) {
1056 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC;
1057 		return (EINVAL);
1058 	}
1059 	if (dstext == NULL) {
1060 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
1061 		return (EINVAL);
1062 	}
1063 	if (isrcext == NULL && idstext != NULL) {
1064 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC;
1065 		return (EINVAL);
1066 	}
1067 	if (isrcext != NULL && idstext == NULL) {
1068 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST;
1069 		return (EINVAL);
1070 	}
1071 	if (assoc == NULL) {
1072 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
1073 		return (EINVAL);
1074 	}
1075 	if (key == NULL) {
1076 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_AKEY;
1077 		return (EINVAL);
1078 	}
1079 
1080 	src = (struct sockaddr_in *)(srcext + 1);
1081 	dst = (struct sockaddr_in *)(dstext + 1);
1082 
1083 	/* Sundry ADD-specific reality checks. */
1084 	/* XXX STATS : Logging/stats here? */
1085 
1086 	if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
1087 	    (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
1088 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
1089 		return (EINVAL);
1090 	}
1091 	if (assoc->sadb_sa_encrypt != SADB_EALG_NONE) {
1092 		*diagnostic = SADB_X_DIAGNOSTIC_ENCR_NOTSUPP;
1093 		return (EINVAL);
1094 	}
1095 	if (assoc->sadb_sa_flags & ~ahstack->ah_sadb.s_addflags) {
1096 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS;
1097 		return (EINVAL);
1098 	}
1099 	if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0)
1100 		return (EINVAL);
1101 
1102 	ASSERT(src->sin_family == dst->sin_family);
1103 
1104 	/* Stuff I don't support, for now.  XXX Diagnostic? */
1105 	if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL)
1106 		return (EOPNOTSUPP);
1107 
1108 	if (ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) {
1109 		if (!is_system_labeled())
1110 			return (EOPNOTSUPP);
1111 	}
1112 
1113 	if (ksi->ks_in_extv[SADB_X_EXT_OUTER_SENS] != NULL) {
1114 		if (!is_system_labeled())
1115 			return (EOPNOTSUPP);
1116 	}
1117 	/*
1118 	 * XXX Policy : I'm not checking identities at this time, but
1119 	 * if I did, I'd do them here, before I sent the weak key
1120 	 * check up to the algorithm.
1121 	 */
1122 
1123 	/* verify that there is a mapping for the specified algorithm */
1124 	mutex_enter(&ipss->ipsec_alg_lock);
1125 	aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH][assoc->sadb_sa_auth];
1126 	if (aalg == NULL || !ALG_VALID(aalg)) {
1127 		mutex_exit(&ipss->ipsec_alg_lock);
1128 		ah1dbg(ahstack, ("Couldn't find auth alg #%d.\n",
1129 		    assoc->sadb_sa_auth));
1130 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
1131 		return (EINVAL);
1132 	}
1133 	ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
1134 
1135 	/* sanity check key sizes */
1136 	if (!ipsec_valid_key_size(key->sadb_key_bits, aalg)) {
1137 		mutex_exit(&ipss->ipsec_alg_lock);
1138 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
1139 		return (EINVAL);
1140 	}
1141 
1142 	/* check key and fix parity if needed */
1143 	if (ipsec_check_key(aalg->alg_mech_type, key, B_TRUE,
1144 	    diagnostic) != 0) {
1145 		mutex_exit(&ipss->ipsec_alg_lock);
1146 		return (EINVAL);
1147 	}
1148 
1149 	mutex_exit(&ipss->ipsec_alg_lock);
1150 
1151 	return (ah_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
1152 	    diagnostic, ahstack));
1153 }
1154 
1155 /* Refactor me */
1156 /*
1157  * Update a security association.  Updates come in two varieties.  The first
1158  * is an update of lifetimes on a non-larval SA.  The second is an update of
1159  * a larval SA, which ends up looking a lot more like an add.
1160  */
1161 static int
1162 ah_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
1163     ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1164 {
1165 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
1166 	sadb_address_t *dstext =
1167 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1168 	mblk_t	*buf_pkt;
1169 	int rcode;
1170 
1171 	if (dstext == NULL) {
1172 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
1173 		return (EINVAL);
1174 	}
1175 
1176 	rcode = sadb_update_sa(mp, ksi, &buf_pkt, &ahstack->ah_sadb,
1177 	    diagnostic, ahstack->ah_pfkey_q, ah_add_sa,
1178 	    ahstack->ipsecah_netstack, sadb_msg_type);
1179 
1180 	if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
1181 	    (rcode != 0)) {
1182 		return (rcode);
1183 	}
1184 
1185 	HANDLE_BUF_PKT(ah_taskq, ahstack->ipsecah_netstack->netstack_ipsec,
1186 	    ahstack->ah_dropper, buf_pkt);
1187 
1188 	return (rcode);
1189 }
1190 
1191 /* Refactor me */
1192 /*
1193  * Delete a security association.  This is REALLY likely to be code common to
1194  * both AH and ESP.  Find the association, then unlink it.
1195  */
1196 static int
1197 ah_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
1198     ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1199 {
1200 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
1201 	sadb_address_t *dstext =
1202 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1203 	sadb_address_t *srcext =
1204 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
1205 	struct sockaddr_in *sin;
1206 
1207 	if (assoc == NULL) {
1208 		if (dstext != NULL)
1209 			sin = (struct sockaddr_in *)(dstext + 1);
1210 		else if (srcext != NULL)
1211 			sin = (struct sockaddr_in *)(srcext + 1);
1212 		else {
1213 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
1214 			return (EINVAL);
1215 		}
1216 		return (sadb_purge_sa(mp, ksi,
1217 		    (sin->sin_family == AF_INET6) ? &ahstack->ah_sadb.s_v6 :
1218 		    &ahstack->ah_sadb.s_v4, diagnostic, ahstack->ah_pfkey_q));
1219 	}
1220 
1221 	return (sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
1222 	    ahstack->ah_pfkey_q, sadb_msg_type));
1223 }
1224 
1225 /* Refactor me */
1226 /*
1227  * Convert the entire contents of all of AH's SA tables into PF_KEY SADB_DUMP
1228  * messages.
1229  */
1230 static void
1231 ah_dump(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1232 {
1233 	int error;
1234 	sadb_msg_t *samsg;
1235 
1236 	/*
1237 	 * Dump each fanout, bailing if error is non-zero.
1238 	 */
1239 
1240 	error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v4);
1241 	if (error != 0)
1242 		goto bail;
1243 
1244 	error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v6);
1245 bail:
1246 	ASSERT(mp->b_cont != NULL);
1247 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
1248 	samsg->sadb_msg_errno = (uint8_t)error;
1249 	sadb_pfkey_echo(ahstack->ah_pfkey_q, mp,
1250 	    (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL);
1251 }
1252 
1253 /*
1254  * First-cut reality check for an inbound PF_KEY message.
1255  */
1256 static boolean_t
1257 ah_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi,
1258     ipsecah_stack_t *ahstack)
1259 {
1260 	int diagnostic;
1261 
1262 	if (mp->b_cont == NULL) {
1263 		freemsg(mp);
1264 		return (B_TRUE);
1265 	}
1266 
1267 	if (ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT] != NULL) {
1268 		diagnostic = SADB_X_DIAGNOSTIC_EKEY_PRESENT;
1269 		goto badmsg;
1270 	}
1271 	if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) {
1272 		diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT;
1273 		goto badmsg;
1274 	}
1275 	if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL ||
1276 	    ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) {
1277 		diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT;
1278 		goto badmsg;
1279 	}
1280 	return (B_FALSE);	/* False ==> no failures */
1281 
1282 badmsg:
1283 	sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1284 	    diagnostic, ksi->ks_in_serial);
1285 	return (B_TRUE);	/* True ==> failures */
1286 }
1287 
1288 /*
1289  * AH parsing of PF_KEY messages.  Keysock did most of the really silly
1290  * error cases.  What I receive is a fully-formed, syntactically legal
1291  * PF_KEY message.  I then need to check semantics...
1292  *
1293  * This code may become common to AH and ESP.  Stay tuned.
1294  *
1295  * I also make the assumption that db_ref's are cool.  If this assumption
1296  * is wrong, this means that someone other than keysock or me has been
1297  * mucking with PF_KEY messages.
1298  */
1299 static void
1300 ah_parse_pfkey(mblk_t *mp, ipsecah_stack_t *ahstack)
1301 {
1302 	mblk_t *msg = mp->b_cont;
1303 	sadb_msg_t *samsg;
1304 	keysock_in_t *ksi;
1305 	int error;
1306 	int diagnostic = SADB_X_DIAGNOSTIC_NONE;
1307 
1308 	ASSERT(msg != NULL);
1309 
1310 	samsg = (sadb_msg_t *)msg->b_rptr;
1311 	ksi = (keysock_in_t *)mp->b_rptr;
1312 
1313 	/*
1314 	 * If applicable, convert unspecified AF_INET6 to unspecified
1315 	 * AF_INET.
1316 	 */
1317 	if (!sadb_addrfix(ksi, ahstack->ah_pfkey_q, mp,
1318 	    ahstack->ipsecah_netstack) ||
1319 	    ah_pfkey_reality_failures(mp, ksi, ahstack)) {
1320 		return;
1321 	}
1322 
1323 	switch (samsg->sadb_msg_type) {
1324 	case SADB_ADD:
1325 		error = ah_add_sa(mp, ksi, &diagnostic,
1326 		    ahstack->ipsecah_netstack);
1327 		if (error != 0) {
1328 			sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1329 			    diagnostic, ksi->ks_in_serial);
1330 		}
1331 		/* else ah_add_sa() took care of things. */
1332 		break;
1333 	case SADB_DELETE:
1334 	case SADB_X_DELPAIR:
1335 	case SADB_X_DELPAIR_STATE:
1336 		error = ah_del_sa(mp, ksi, &diagnostic, ahstack,
1337 		    samsg->sadb_msg_type);
1338 		if (error != 0) {
1339 			sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1340 			    diagnostic, ksi->ks_in_serial);
1341 		}
1342 		/* Else ah_del_sa() took care of things. */
1343 		break;
1344 	case SADB_GET:
1345 		error = sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, &diagnostic,
1346 		    ahstack->ah_pfkey_q, samsg->sadb_msg_type);
1347 		if (error != 0) {
1348 			sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1349 			    diagnostic, ksi->ks_in_serial);
1350 		}
1351 		/* Else sadb_get_sa() took care of things. */
1352 		break;
1353 	case SADB_FLUSH:
1354 		sadbp_flush(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
1355 		sadb_pfkey_echo(ahstack->ah_pfkey_q, mp, samsg, ksi, NULL);
1356 		break;
1357 	case SADB_REGISTER:
1358 		/*
1359 		 * Hmmm, let's do it!  Check for extensions (there should
1360 		 * be none), extract the fields, call ah_register_out(),
1361 		 * then either free or report an error.
1362 		 *
1363 		 * Keysock takes care of the PF_KEY bookkeeping for this.
1364 		 */
1365 		if (ah_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid,
1366 		    ksi->ks_in_serial, ahstack, msg_getcred(mp, NULL))) {
1367 			freemsg(mp);
1368 		} else {
1369 			/*
1370 			 * Only way this path hits is if there is a memory
1371 			 * failure.  It will not return B_FALSE because of
1372 			 * lack of ah_pfkey_q if I am in wput().
1373 			 */
1374 			sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM,
1375 			    diagnostic, ksi->ks_in_serial);
1376 		}
1377 		break;
1378 	case SADB_UPDATE:
1379 	case SADB_X_UPDATEPAIR:
1380 		/*
1381 		 * Find a larval, if not there, find a full one and get
1382 		 * strict.
1383 		 */
1384 		error = ah_update_sa(mp, ksi, &diagnostic, ahstack,
1385 		    samsg->sadb_msg_type);
1386 		if (error != 0) {
1387 			sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1388 			    diagnostic, ksi->ks_in_serial);
1389 		}
1390 		/* else ah_update_sa() took care of things. */
1391 		break;
1392 	case SADB_GETSPI:
1393 		/*
1394 		 * Reserve a new larval entry.
1395 		 */
1396 		ah_getspi(mp, ksi, ahstack);
1397 		break;
1398 	case SADB_ACQUIRE:
1399 		/*
1400 		 * Find larval and/or ACQUIRE record and kill it (them), I'm
1401 		 * most likely an error.  Inbound ACQUIRE messages should only
1402 		 * have the base header.
1403 		 */
1404 		sadb_in_acquire(samsg, &ahstack->ah_sadb, ahstack->ah_pfkey_q,
1405 		    ahstack->ipsecah_netstack);
1406 		freemsg(mp);
1407 		break;
1408 	case SADB_DUMP:
1409 		/*
1410 		 * Dump all entries.
1411 		 */
1412 		ah_dump(mp, ksi, ahstack);
1413 		/* ah_dump will take care of the return message, etc. */
1414 		break;
1415 	case SADB_EXPIRE:
1416 		/* Should never reach me. */
1417 		sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EOPNOTSUPP,
1418 		    diagnostic, ksi->ks_in_serial);
1419 		break;
1420 	default:
1421 		sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1422 		    SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial);
1423 		break;
1424 	}
1425 }
1426 
1427 /*
1428  * Handle case where PF_KEY says it can't find a keysock for one of my
1429  * ACQUIRE messages.
1430  */
1431 static void
1432 ah_keysock_no_socket(mblk_t *mp, ipsecah_stack_t *ahstack)
1433 {
1434 	sadb_msg_t *samsg;
1435 	keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr;
1436 
1437 	if (mp->b_cont == NULL) {
1438 		freemsg(mp);
1439 		return;
1440 	}
1441 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
1442 
1443 	/*
1444 	 * If keysock can't find any registered, delete the acquire record
1445 	 * immediately, and handle errors.
1446 	 */
1447 	if (samsg->sadb_msg_type == SADB_ACQUIRE) {
1448 		samsg->sadb_msg_errno = kse->ks_err_errno;
1449 		samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg));
1450 		/*
1451 		 * Use the write-side of the ah_pfkey_q
1452 		 */
1453 		sadb_in_acquire(samsg, &ahstack->ah_sadb,
1454 		    WR(ahstack->ah_pfkey_q), ahstack->ipsecah_netstack);
1455 	}
1456 
1457 	freemsg(mp);
1458 }
1459 
1460 /*
1461  * AH module write put routine.
1462  */
1463 static void
1464 ipsecah_wput(queue_t *q, mblk_t *mp)
1465 {
1466 	ipsec_info_t *ii;
1467 	struct iocblk *iocp;
1468 	ipsecah_stack_t	*ahstack = (ipsecah_stack_t *)q->q_ptr;
1469 
1470 	ah3dbg(ahstack, ("In ah_wput().\n"));
1471 
1472 	/* NOTE:  Each case must take care of freeing or passing mp. */
1473 	switch (mp->b_datap->db_type) {
1474 	case M_CTL:
1475 		if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) {
1476 			/* Not big enough message. */
1477 			freemsg(mp);
1478 			break;
1479 		}
1480 		ii = (ipsec_info_t *)mp->b_rptr;
1481 
1482 		switch (ii->ipsec_info_type) {
1483 		case KEYSOCK_OUT_ERR:
1484 			ah1dbg(ahstack, ("Got KEYSOCK_OUT_ERR message.\n"));
1485 			ah_keysock_no_socket(mp, ahstack);
1486 			break;
1487 		case KEYSOCK_IN:
1488 			AH_BUMP_STAT(ahstack, keysock_in);
1489 			ah3dbg(ahstack, ("Got KEYSOCK_IN message.\n"));
1490 
1491 			/* Parse the message. */
1492 			ah_parse_pfkey(mp, ahstack);
1493 			break;
1494 		case KEYSOCK_HELLO:
1495 			sadb_keysock_hello(&ahstack->ah_pfkey_q, q, mp,
1496 			    ah_ager, (void *)ahstack, &ahstack->ah_event,
1497 			    SADB_SATYPE_AH);
1498 			break;
1499 		default:
1500 			ah1dbg(ahstack, ("Got M_CTL from above of 0x%x.\n",
1501 			    ii->ipsec_info_type));
1502 			freemsg(mp);
1503 			break;
1504 		}
1505 		break;
1506 	case M_IOCTL:
1507 		iocp = (struct iocblk *)mp->b_rptr;
1508 		switch (iocp->ioc_cmd) {
1509 		case ND_SET:
1510 		case ND_GET:
1511 			if (nd_getset(q, ahstack->ipsecah_g_nd, mp)) {
1512 				qreply(q, mp);
1513 				return;
1514 			} else {
1515 				iocp->ioc_error = ENOENT;
1516 			}
1517 			/* FALLTHRU */
1518 		default:
1519 			/* We really don't support any other ioctls, do we? */
1520 
1521 			/* Return EINVAL */
1522 			if (iocp->ioc_error != ENOENT)
1523 				iocp->ioc_error = EINVAL;
1524 			iocp->ioc_count = 0;
1525 			mp->b_datap->db_type = M_IOCACK;
1526 			qreply(q, mp);
1527 			return;
1528 		}
1529 	default:
1530 		ah3dbg(ahstack,
1531 		    ("Got default message, type %d, passing to IP.\n",
1532 		    mp->b_datap->db_type));
1533 		putnext(q, mp);
1534 	}
1535 }
1536 
1537 /* Refactor me */
1538 /*
1539  * Updating use times can be tricky business if the ipsa_haspeer flag is
1540  * set.  This function is called once in an SA's lifetime.
1541  *
1542  * Caller has to REFRELE "assoc" which is passed in.  This function has
1543  * to REFRELE any peer SA that is obtained.
1544  */
1545 static void
1546 ah_set_usetime(ipsa_t *assoc, boolean_t inbound)
1547 {
1548 	ipsa_t *inassoc, *outassoc;
1549 	isaf_t *bucket;
1550 	sadb_t *sp;
1551 	int outhash;
1552 	boolean_t isv6;
1553 	netstack_t	*ns = assoc->ipsa_netstack;
1554 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
1555 
1556 	/* No peer?  No problem! */
1557 	if (!assoc->ipsa_haspeer) {
1558 		sadb_set_usetime(assoc);
1559 		return;
1560 	}
1561 
1562 	/*
1563 	 * Otherwise, we want to grab both the original assoc and its peer.
1564 	 * There might be a race for this, but if it's a real race, the times
1565 	 * will be out-of-synch by at most a second, and since our time
1566 	 * granularity is a second, this won't be a problem.
1567 	 *
1568 	 * If we need tight synchronization on the peer SA, then we need to
1569 	 * reconsider.
1570 	 */
1571 
1572 	/* Use address family to select IPv6/IPv4 */
1573 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
1574 	if (isv6) {
1575 		sp = &ahstack->ah_sadb.s_v6;
1576 	} else {
1577 		sp = &ahstack->ah_sadb.s_v4;
1578 		ASSERT(assoc->ipsa_addrfam == AF_INET);
1579 	}
1580 	if (inbound) {
1581 		inassoc = assoc;
1582 		if (isv6)
1583 			outhash = OUTBOUND_HASH_V6(sp,
1584 			    *((in6_addr_t *)&inassoc->ipsa_dstaddr));
1585 		else
1586 			outhash = OUTBOUND_HASH_V4(sp,
1587 			    *((ipaddr_t *)&inassoc->ipsa_dstaddr));
1588 		bucket = &sp->sdb_of[outhash];
1589 
1590 		mutex_enter(&bucket->isaf_lock);
1591 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1592 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1593 		    inassoc->ipsa_addrfam);
1594 		mutex_exit(&bucket->isaf_lock);
1595 		if (outassoc == NULL) {
1596 			/* Q: Do we wish to set haspeer == B_FALSE? */
1597 			ah0dbg(("ah_set_usetime: "
1598 			    "can't find peer for inbound.\n"));
1599 			sadb_set_usetime(inassoc);
1600 			return;
1601 		}
1602 	} else {
1603 		outassoc = assoc;
1604 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1605 		mutex_enter(&bucket->isaf_lock);
1606 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1607 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1608 		    outassoc->ipsa_addrfam);
1609 		mutex_exit(&bucket->isaf_lock);
1610 		if (inassoc == NULL) {
1611 			/* Q: Do we wish to set haspeer == B_FALSE? */
1612 			ah0dbg(("ah_set_usetime: "
1613 			    "can't find peer for outbound.\n"));
1614 			sadb_set_usetime(outassoc);
1615 			return;
1616 		}
1617 	}
1618 
1619 	/* Update usetime on both. */
1620 	sadb_set_usetime(inassoc);
1621 	sadb_set_usetime(outassoc);
1622 
1623 	/*
1624 	 * REFRELE any peer SA.
1625 	 *
1626 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1627 	 * them in { }.
1628 	 */
1629 	if (inbound) {
1630 		IPSA_REFRELE(outassoc);
1631 	} else {
1632 		IPSA_REFRELE(inassoc);
1633 	}
1634 }
1635 
1636 /* Refactor me */
1637 /*
1638  * Add a number of bytes to what the SA has protected so far.  Return
1639  * B_TRUE if the SA can still protect that many bytes.
1640  *
1641  * Caller must REFRELE the passed-in assoc.  This function must REFRELE
1642  * any obtained peer SA.
1643  */
1644 static boolean_t
1645 ah_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound)
1646 {
1647 	ipsa_t *inassoc, *outassoc;
1648 	isaf_t *bucket;
1649 	boolean_t inrc, outrc, isv6;
1650 	sadb_t *sp;
1651 	int outhash;
1652 	netstack_t	*ns = assoc->ipsa_netstack;
1653 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
1654 
1655 	/* No peer?  No problem! */
1656 	if (!assoc->ipsa_haspeer) {
1657 		return (sadb_age_bytes(ahstack->ah_pfkey_q, assoc, bytes,
1658 		    B_TRUE));
1659 	}
1660 
1661 	/*
1662 	 * Otherwise, we want to grab both the original assoc and its peer.
1663 	 * There might be a race for this, but if it's a real race, two
1664 	 * expire messages may occur.  We limit this by only sending the
1665 	 * expire message on one of the peers, we'll pick the inbound
1666 	 * arbitrarily.
1667 	 *
1668 	 * If we need tight synchronization on the peer SA, then we need to
1669 	 * reconsider.
1670 	 */
1671 
1672 	/* Pick v4/v6 bucket based on addrfam. */
1673 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
1674 	if (isv6) {
1675 		sp = &ahstack->ah_sadb.s_v6;
1676 	} else {
1677 		sp = &ahstack->ah_sadb.s_v4;
1678 		ASSERT(assoc->ipsa_addrfam == AF_INET);
1679 	}
1680 	if (inbound) {
1681 		inassoc = assoc;
1682 		if (isv6)
1683 			outhash = OUTBOUND_HASH_V6(sp,
1684 			    *((in6_addr_t *)&inassoc->ipsa_dstaddr));
1685 		else
1686 			outhash = OUTBOUND_HASH_V4(sp,
1687 			    *((ipaddr_t *)&inassoc->ipsa_dstaddr));
1688 		bucket = &sp->sdb_of[outhash];
1689 		mutex_enter(&bucket->isaf_lock);
1690 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1691 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1692 		    inassoc->ipsa_addrfam);
1693 		mutex_exit(&bucket->isaf_lock);
1694 		if (outassoc == NULL) {
1695 			/* Q: Do we wish to set haspeer == B_FALSE? */
1696 			ah0dbg(("ah_age_bytes: "
1697 			    "can't find peer for inbound.\n"));
1698 			return (sadb_age_bytes(ahstack->ah_pfkey_q, inassoc,
1699 			    bytes, B_TRUE));
1700 		}
1701 	} else {
1702 		outassoc = assoc;
1703 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1704 		mutex_enter(&bucket->isaf_lock);
1705 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1706 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1707 		    outassoc->ipsa_addrfam);
1708 		mutex_exit(&bucket->isaf_lock);
1709 		if (inassoc == NULL) {
1710 			/* Q: Do we wish to set haspeer == B_FALSE? */
1711 			ah0dbg(("ah_age_bytes: "
1712 			    "can't find peer for outbound.\n"));
1713 			return (sadb_age_bytes(ahstack->ah_pfkey_q, outassoc,
1714 			    bytes, B_TRUE));
1715 		}
1716 	}
1717 
1718 	inrc = sadb_age_bytes(ahstack->ah_pfkey_q, inassoc, bytes, B_TRUE);
1719 	outrc = sadb_age_bytes(ahstack->ah_pfkey_q, outassoc, bytes, B_FALSE);
1720 
1721 	/*
1722 	 * REFRELE any peer SA.
1723 	 *
1724 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1725 	 * them in { }.
1726 	 */
1727 	if (inbound) {
1728 		IPSA_REFRELE(outassoc);
1729 	} else {
1730 		IPSA_REFRELE(inassoc);
1731 	}
1732 
1733 	return (inrc && outrc);
1734 }
1735 
1736 /*
1737  * Perform the really difficult work of inserting the proposed situation.
1738  * Called while holding the algorithm lock.
1739  */
1740 static void
1741 ah_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs,
1742     netstack_t *ns)
1743 {
1744 	sadb_comb_t *comb = (sadb_comb_t *)(prop + 1);
1745 	ipsec_action_t *ap;
1746 	ipsec_prot_t *prot;
1747 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
1748 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1749 
1750 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1751 
1752 	prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
1753 	prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
1754 	*(uint32_t *)(&prop->sadb_prop_replay) = 0;	/* Quick zero-out! */
1755 
1756 	prop->sadb_prop_replay = ahstack->ipsecah_replay_size;
1757 
1758 	/*
1759 	 * Based upon algorithm properties, and what-not, prioritize a
1760 	 * proposal, based on the ordering of the AH algorithms in the
1761 	 * alternatives in the policy rule or socket that was placed
1762 	 * in the acquire record.
1763 	 */
1764 
1765 	for (ap = acqrec->ipsacq_act; ap != NULL;
1766 	    ap = ap->ipa_next) {
1767 		ipsec_alginfo_t *aalg;
1768 
1769 		if ((ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) ||
1770 		    (!ap->ipa_act.ipa_apply.ipp_use_ah))
1771 			continue;
1772 
1773 		prot = &ap->ipa_act.ipa_apply;
1774 
1775 		ASSERT(prot->ipp_auth_alg > 0);
1776 
1777 		aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
1778 		    [prot->ipp_auth_alg];
1779 		if (aalg == NULL || !ALG_VALID(aalg))
1780 			continue;
1781 
1782 		/* XXX check aalg for duplicates??.. */
1783 
1784 		comb->sadb_comb_flags = 0;
1785 		comb->sadb_comb_reserved = 0;
1786 		comb->sadb_comb_encrypt = 0;
1787 		comb->sadb_comb_encrypt_minbits = 0;
1788 		comb->sadb_comb_encrypt_maxbits = 0;
1789 
1790 		comb->sadb_comb_auth = aalg->alg_id;
1791 		comb->sadb_comb_auth_minbits =
1792 		    MAX(prot->ipp_ah_minbits, aalg->alg_ef_minbits);
1793 		comb->sadb_comb_auth_maxbits =
1794 		    MIN(prot->ipp_ah_maxbits, aalg->alg_ef_maxbits);
1795 
1796 		/*
1797 		 * The following may be based on algorithm
1798 		 * properties, but in the meantime, we just pick
1799 		 * some good, sensible numbers.  Key mgmt. can
1800 		 * (and perhaps should) be the place to finalize
1801 		 * such decisions.
1802 		 */
1803 
1804 		/*
1805 		 * No limits on allocations, since we really don't
1806 		 * support that concept currently.
1807 		 */
1808 		comb->sadb_comb_soft_allocations = 0;
1809 		comb->sadb_comb_hard_allocations = 0;
1810 
1811 		/*
1812 		 * These may want to come from policy rule..
1813 		 */
1814 		comb->sadb_comb_soft_bytes =
1815 		    ahstack->ipsecah_default_soft_bytes;
1816 		comb->sadb_comb_hard_bytes =
1817 		    ahstack->ipsecah_default_hard_bytes;
1818 		comb->sadb_comb_soft_addtime =
1819 		    ahstack->ipsecah_default_soft_addtime;
1820 		comb->sadb_comb_hard_addtime =
1821 		    ahstack->ipsecah_default_hard_addtime;
1822 		comb->sadb_comb_soft_usetime =
1823 		    ahstack->ipsecah_default_soft_usetime;
1824 		comb->sadb_comb_hard_usetime =
1825 		    ahstack->ipsecah_default_hard_usetime;
1826 
1827 		prop->sadb_prop_len += SADB_8TO64(sizeof (*comb));
1828 		if (--combs == 0)
1829 			return;	/* out of space.. */
1830 		comb++;
1831 	}
1832 }
1833 
1834 /*
1835  * Prepare and actually send the SADB_ACQUIRE message to PF_KEY.
1836  */
1837 static void
1838 ah_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns)
1839 {
1840 	uint_t combs;
1841 	sadb_msg_t *samsg;
1842 	sadb_prop_t *prop;
1843 	mblk_t *pfkeymp, *msgmp;
1844 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
1845 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1846 
1847 	AH_BUMP_STAT(ahstack, acquire_requests);
1848 
1849 	if (ahstack->ah_pfkey_q == NULL) {
1850 		mutex_exit(&acqrec->ipsacq_lock);
1851 		return;
1852 	}
1853 
1854 	/* Set up ACQUIRE. */
1855 	pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_AH,
1856 	    ns->netstack_ipsec);
1857 	if (pfkeymp == NULL) {
1858 		ah0dbg(("sadb_setup_acquire failed.\n"));
1859 		mutex_exit(&acqrec->ipsacq_lock);
1860 		return;
1861 	}
1862 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1863 	combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
1864 	msgmp = pfkeymp->b_cont;
1865 	samsg = (sadb_msg_t *)(msgmp->b_rptr);
1866 
1867 	/* Insert proposal here. */
1868 
1869 	prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
1870 	ah_insert_prop(prop, acqrec, combs, ns);
1871 	samsg->sadb_msg_len += prop->sadb_prop_len;
1872 	msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
1873 
1874 	mutex_exit(&ipss->ipsec_alg_lock);
1875 
1876 	/*
1877 	 * Must mutex_exit() before sending PF_KEY message up, in
1878 	 * order to avoid recursive mutex_enter() if there are no registered
1879 	 * listeners.
1880 	 *
1881 	 * Once I've sent the message, I'm cool anyway.
1882 	 */
1883 	mutex_exit(&acqrec->ipsacq_lock);
1884 	if (extended != NULL) {
1885 		putnext(ahstack->ah_pfkey_q, extended);
1886 	}
1887 	putnext(ahstack->ah_pfkey_q, pfkeymp);
1888 }
1889 
1890 /* Refactor me */
1891 /*
1892  * Handle the SADB_GETSPI message.  Create a larval SA.
1893  */
1894 static void
1895 ah_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1896 {
1897 	ipsa_t *newbie, *target;
1898 	isaf_t *outbound, *inbound;
1899 	int rc, diagnostic;
1900 	sadb_sa_t *assoc;
1901 	keysock_out_t *kso;
1902 	uint32_t newspi;
1903 
1904 	/*
1905 	 * Randomly generate a proposed SPI value.
1906 	 */
1907 	if (cl_inet_getspi != NULL) {
1908 		cl_inet_getspi(ahstack->ipsecah_netstack->netstack_stackid,
1909 		    IPPROTO_AH, (uint8_t *)&newspi, sizeof (uint32_t), NULL);
1910 	} else {
1911 		(void) random_get_pseudo_bytes((uint8_t *)&newspi,
1912 		    sizeof (uint32_t));
1913 	}
1914 	newbie = sadb_getspi(ksi, newspi, &diagnostic,
1915 	    ahstack->ipsecah_netstack, IPPROTO_AH);
1916 
1917 	if (newbie == NULL) {
1918 		sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
1919 		    ksi->ks_in_serial);
1920 		return;
1921 	} else if (newbie == (ipsa_t *)-1) {
1922 		sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL, diagnostic,
1923 		    ksi->ks_in_serial);
1924 		return;
1925 	}
1926 
1927 	/*
1928 	 * XXX - We may randomly collide.  We really should recover from this.
1929 	 *	 Unfortunately, that could require spending way-too-much-time
1930 	 *	 in here.  For now, let the user retry.
1931 	 */
1932 
1933 	if (newbie->ipsa_addrfam == AF_INET6) {
1934 		outbound = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6,
1935 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1936 		inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v6,
1937 		    newbie->ipsa_spi);
1938 	} else {
1939 		outbound = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4,
1940 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1941 		inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v4,
1942 		    newbie->ipsa_spi);
1943 	}
1944 
1945 	mutex_enter(&outbound->isaf_lock);
1946 	mutex_enter(&inbound->isaf_lock);
1947 
1948 	/*
1949 	 * Check for collisions (i.e. did sadb_getspi() return with something
1950 	 * that already exists?).
1951 	 *
1952 	 * Try outbound first.  Even though SADB_GETSPI is traditionally
1953 	 * for inbound SAs, you never know what a user might do.
1954 	 */
1955 	target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi,
1956 	    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam);
1957 	if (target == NULL) {
1958 		target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi,
1959 		    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr,
1960 		    newbie->ipsa_addrfam);
1961 	}
1962 
1963 	/*
1964 	 * I don't have collisions elsewhere!
1965 	 * (Nor will I because I'm still holding inbound/outbound locks.)
1966 	 */
1967 
1968 	if (target != NULL) {
1969 		rc = EEXIST;
1970 		IPSA_REFRELE(target);
1971 	} else {
1972 		/*
1973 		 * sadb_insertassoc() also checks for collisions, so
1974 		 * if there's a colliding larval entry, rc will be set
1975 		 * to EEXIST.
1976 		 */
1977 		rc = sadb_insertassoc(newbie, inbound);
1978 		newbie->ipsa_hardexpiretime = gethrestime_sec();
1979 		newbie->ipsa_hardexpiretime += ahstack->ipsecah_larval_timeout;
1980 	}
1981 
1982 	/*
1983 	 * Can exit outbound mutex.  Hold inbound until we're done with
1984 	 * newbie.
1985 	 */
1986 	mutex_exit(&outbound->isaf_lock);
1987 
1988 	if (rc != 0) {
1989 		mutex_exit(&inbound->isaf_lock);
1990 		IPSA_REFRELE(newbie);
1991 		sadb_pfkey_error(ahstack->ah_pfkey_q, mp, rc,
1992 		    SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial);
1993 		return;
1994 	}
1995 
1996 	/* Can write here because I'm still holding the bucket lock. */
1997 	newbie->ipsa_type = SADB_SATYPE_AH;
1998 
1999 	/*
2000 	 * Construct successful return message.  We have one thing going
2001 	 * for us in PF_KEY v2.  That's the fact that
2002 	 *	sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
2003 	 */
2004 	assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE];
2005 	assoc->sadb_sa_exttype = SADB_EXT_SA;
2006 	assoc->sadb_sa_spi = newbie->ipsa_spi;
2007 	*((uint64_t *)(&assoc->sadb_sa_replay)) = 0;
2008 	mutex_exit(&inbound->isaf_lock);
2009 
2010 	/* Convert KEYSOCK_IN to KEYSOCK_OUT. */
2011 	kso = (keysock_out_t *)ksi;
2012 	kso->ks_out_len = sizeof (*kso);
2013 	kso->ks_out_serial = ksi->ks_in_serial;
2014 	kso->ks_out_type = KEYSOCK_OUT;
2015 
2016 	/*
2017 	 * Can safely putnext() to ah_pfkey_q, because this is a turnaround
2018 	 * from the ah_pfkey_q.
2019 	 */
2020 	putnext(ahstack->ah_pfkey_q, mp);
2021 }
2022 
2023 /*
2024  * IPv6 sends up the ICMP errors for validation and the removal of the AH
2025  * header.
2026  * If succesful, the mp has been modified to not include the AH header so
2027  * that the caller can fanout to the ULP's icmp error handler.
2028  */
2029 static mblk_t *
2030 ah_icmp_error_v6(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2031 {
2032 	ip6_t *ip6h, *oip6h;
2033 	uint16_t hdr_length, ah_length;
2034 	uint8_t *nexthdrp;
2035 	ah_t *ah;
2036 	icmp6_t *icmp6;
2037 	isaf_t *isaf;
2038 	ipsa_t *assoc;
2039 	uint8_t *post_ah_ptr;
2040 	ipsec_stack_t	*ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2041 
2042 	/*
2043 	 * Eat the cost of a pullupmsg() for now.  It makes the rest of this
2044 	 * code far less convoluted.
2045 	 */
2046 	if (!pullupmsg(mp, -1) ||
2047 	    !ip_hdr_length_nexthdr_v6(mp, (ip6_t *)mp->b_rptr, &hdr_length,
2048 	    &nexthdrp) ||
2049 	    mp->b_rptr + hdr_length + sizeof (icmp6_t) + sizeof (ip6_t) +
2050 	    sizeof (ah_t) > mp->b_wptr) {
2051 		IP_AH_BUMP_STAT(ipss, in_discards);
2052 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2053 		    DROPPER(ipss, ipds_ah_nomem),
2054 		    &ahstack->ah_dropper);
2055 		return (NULL);
2056 	}
2057 
2058 	oip6h = (ip6_t *)mp->b_rptr;
2059 	icmp6 = (icmp6_t *)((uint8_t *)oip6h + hdr_length);
2060 	ip6h = (ip6_t *)(icmp6 + 1);
2061 	if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &hdr_length, &nexthdrp)) {
2062 		IP_AH_BUMP_STAT(ipss, in_discards);
2063 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2064 		    DROPPER(ipss, ipds_ah_bad_v6_hdrs),
2065 		    &ahstack->ah_dropper);
2066 		return (NULL);
2067 	}
2068 	ah = (ah_t *)((uint8_t *)ip6h + hdr_length);
2069 
2070 	isaf = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6, ip6h->ip6_dst);
2071 	mutex_enter(&isaf->isaf_lock);
2072 	assoc = ipsec_getassocbyspi(isaf, ah->ah_spi,
2073 	    (uint32_t *)&ip6h->ip6_src, (uint32_t *)&ip6h->ip6_dst, AF_INET6);
2074 	mutex_exit(&isaf->isaf_lock);
2075 
2076 	if (assoc == NULL) {
2077 		IP_AH_BUMP_STAT(ipss, lookup_failure);
2078 		IP_AH_BUMP_STAT(ipss, in_discards);
2079 		if (ahstack->ipsecah_log_unknown_spi) {
2080 			ipsec_assocfailure(info.mi_idnum, 0, 0,
2081 			    SL_CONSOLE | SL_WARN | SL_ERROR,
2082 			    "Bad ICMP message - No association for the "
2083 			    "attached AH header whose spi is 0x%x, "
2084 			    "sender is 0x%x\n",
2085 			    ah->ah_spi, &oip6h->ip6_src, AF_INET6,
2086 			    ahstack->ipsecah_netstack);
2087 		}
2088 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2089 		    DROPPER(ipss, ipds_ah_no_sa),
2090 		    &ahstack->ah_dropper);
2091 		return (NULL);
2092 	}
2093 
2094 	IPSA_REFRELE(assoc);
2095 
2096 	/*
2097 	 * There seems to be a valid association. If there is enough of AH
2098 	 * header remove it, otherwise bail.  One could check whether it has
2099 	 * complete AH header plus 8 bytes but it does not make sense if an
2100 	 * icmp error is returned for ICMP messages e.g ICMP time exceeded,
2101 	 * that are being sent up. Let the caller figure out.
2102 	 *
2103 	 * NOTE: ah_length is the number of 32 bit words minus 2.
2104 	 */
2105 	ah_length = (ah->ah_length << 2) + 8;
2106 	post_ah_ptr = (uint8_t *)ah + ah_length;
2107 
2108 	if (post_ah_ptr > mp->b_wptr) {
2109 		IP_AH_BUMP_STAT(ipss, in_discards);
2110 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2111 		    DROPPER(ipss, ipds_ah_bad_length),
2112 		    &ahstack->ah_dropper);
2113 		return (NULL);
2114 	}
2115 
2116 	ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - ah_length);
2117 	*nexthdrp = ah->ah_nexthdr;
2118 	ovbcopy(post_ah_ptr, ah,
2119 	    (size_t)((uintptr_t)mp->b_wptr - (uintptr_t)post_ah_ptr));
2120 	mp->b_wptr -= ah_length;
2121 
2122 	return (mp);
2123 }
2124 
2125 /*
2126  * IP sends up the ICMP errors for validation and the removal of
2127  * the AH header.
2128  * If succesful, the mp has been modified to not include the AH header so
2129  * that the caller can fanout to the ULP's icmp error handler.
2130  */
2131 static mblk_t *
2132 ah_icmp_error_v4(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2133 {
2134 	mblk_t *mp1;
2135 	icmph_t *icmph;
2136 	int iph_hdr_length;
2137 	int hdr_length;
2138 	isaf_t *hptr;
2139 	ipsa_t *assoc;
2140 	int ah_length;
2141 	ipha_t *ipha;
2142 	ipha_t *oipha;
2143 	ah_t *ah;
2144 	uint32_t length;
2145 	int alloc_size;
2146 	uint8_t nexthdr;
2147 	ipsec_stack_t	*ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2148 
2149 	oipha = ipha = (ipha_t *)mp->b_rptr;
2150 	iph_hdr_length = IPH_HDR_LENGTH(ipha);
2151 	icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2152 
2153 	ipha = (ipha_t *)&icmph[1];
2154 	hdr_length = IPH_HDR_LENGTH(ipha);
2155 
2156 	/*
2157 	 * See if we have enough to locate the SPI
2158 	 */
2159 	if ((uchar_t *)ipha + hdr_length + 8 > mp->b_wptr) {
2160 		if (!pullupmsg(mp, (uchar_t *)ipha + hdr_length + 8 -
2161 		    mp->b_rptr)) {
2162 			ipsec_rl_strlog(ahstack->ipsecah_netstack,
2163 			    info.mi_idnum, 0, 0,
2164 			    SL_WARN | SL_ERROR,
2165 			    "ICMP error: Small AH header\n");
2166 			IP_AH_BUMP_STAT(ipss, in_discards);
2167 			ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2168 			    DROPPER(ipss, ipds_ah_bad_length),
2169 			    &ahstack->ah_dropper);
2170 			return (NULL);
2171 		}
2172 		icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2173 		ipha = (ipha_t *)&icmph[1];
2174 	}
2175 
2176 	ah = (ah_t *)((uint8_t *)ipha + hdr_length);
2177 	nexthdr = ah->ah_nexthdr;
2178 
2179 	hptr = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4, ipha->ipha_dst);
2180 	mutex_enter(&hptr->isaf_lock);
2181 	assoc = ipsec_getassocbyspi(hptr, ah->ah_spi,
2182 	    (uint32_t *)&ipha->ipha_src, (uint32_t *)&ipha->ipha_dst, AF_INET);
2183 	mutex_exit(&hptr->isaf_lock);
2184 
2185 	if (assoc == NULL) {
2186 		IP_AH_BUMP_STAT(ipss, lookup_failure);
2187 		IP_AH_BUMP_STAT(ipss, in_discards);
2188 		if (ahstack->ipsecah_log_unknown_spi) {
2189 			ipsec_assocfailure(info.mi_idnum, 0, 0,
2190 			    SL_CONSOLE | SL_WARN | SL_ERROR,
2191 			    "Bad ICMP message - No association for the "
2192 			    "attached AH header whose spi is 0x%x, "
2193 			    "sender is 0x%x\n",
2194 			    ah->ah_spi, &oipha->ipha_src, AF_INET,
2195 			    ahstack->ipsecah_netstack);
2196 		}
2197 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2198 		    DROPPER(ipss, ipds_ah_no_sa),
2199 		    &ahstack->ah_dropper);
2200 		return (NULL);
2201 	}
2202 
2203 	IPSA_REFRELE(assoc);
2204 	/*
2205 	 * There seems to be a valid association. If there
2206 	 * is enough of AH header remove it, otherwise remove
2207 	 * as much as possible and send it back. One could check
2208 	 * whether it has complete AH header plus 8 bytes but it
2209 	 * does not make sense if an icmp error is returned for
2210 	 * ICMP messages e.g ICMP time exceeded, that are being
2211 	 * sent up. Let the caller figure out.
2212 	 *
2213 	 * NOTE: ah_length is the number of 32 bit words minus 2.
2214 	 */
2215 	ah_length = (ah->ah_length << 2) + 8;
2216 
2217 	if ((uchar_t *)ipha + hdr_length + ah_length > mp->b_wptr) {
2218 		if (mp->b_cont == NULL) {
2219 			/*
2220 			 * There is nothing to pullup. Just remove as
2221 			 * much as possible. This is a common case for
2222 			 * IPV4.
2223 			 */
2224 			ah_length = (mp->b_wptr - ((uchar_t *)ipha +
2225 			    hdr_length));
2226 			goto done;
2227 		}
2228 		/* Pullup the full ah header */
2229 		if (!pullupmsg(mp, (uchar_t *)ah + ah_length - mp->b_rptr)) {
2230 			/*
2231 			 * pullupmsg could have failed if there was not
2232 			 * enough to pullup or memory allocation failed.
2233 			 * We tried hard, give up now.
2234 			 */
2235 			IP_AH_BUMP_STAT(ipss, in_discards);
2236 			ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2237 			    DROPPER(ipss, ipds_ah_nomem),
2238 			    &ahstack->ah_dropper);
2239 			return (NULL);
2240 		}
2241 		icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2242 		ipha = (ipha_t *)&icmph[1];
2243 	}
2244 done:
2245 	/*
2246 	 * Remove the AH header and change the protocol.
2247 	 * Don't update the spi fields in the ip_recv_attr_t
2248 	 * as we are called just to validate the
2249 	 * message attached to the ICMP message.
2250 	 *
2251 	 * If we never pulled up since all of the message
2252 	 * is in one single mblk, we can't remove the AH header
2253 	 * by just setting the b_wptr to the beginning of the
2254 	 * AH header. We need to allocate a mblk that can hold
2255 	 * up until the inner IP header and copy them.
2256 	 */
2257 	alloc_size = iph_hdr_length + sizeof (icmph_t) + hdr_length;
2258 
2259 	if ((mp1 = allocb(alloc_size, BPRI_LO)) == NULL) {
2260 		IP_AH_BUMP_STAT(ipss, in_discards);
2261 		ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2262 		    DROPPER(ipss, ipds_ah_nomem),
2263 		    &ahstack->ah_dropper);
2264 		return (NULL);
2265 	}
2266 	bcopy(mp->b_rptr, mp1->b_rptr, alloc_size);
2267 	mp1->b_wptr += alloc_size;
2268 
2269 	/*
2270 	 * Skip whatever we have copied and as much of AH header
2271 	 * possible. If we still have something left in the original
2272 	 * message, tag on.
2273 	 */
2274 	mp->b_rptr = (uchar_t *)ipha + hdr_length + ah_length;
2275 
2276 	if (mp->b_rptr != mp->b_wptr) {
2277 		mp1->b_cont = mp;
2278 	} else {
2279 		if (mp->b_cont != NULL)
2280 			mp1->b_cont = mp->b_cont;
2281 		freeb(mp);
2282 	}
2283 
2284 	ipha = (ipha_t *)(mp1->b_rptr + iph_hdr_length + sizeof (icmph_t));
2285 	ipha->ipha_protocol = nexthdr;
2286 	length = ntohs(ipha->ipha_length);
2287 	length -= ah_length;
2288 	ipha->ipha_length = htons((uint16_t)length);
2289 	ipha->ipha_hdr_checksum = 0;
2290 	ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
2291 
2292 	return (mp1);
2293 }
2294 
2295 /*
2296  * IP calls this to validate the ICMP errors that
2297  * we got from the network.
2298  */
2299 mblk_t *
2300 ipsecah_icmp_error(mblk_t *data_mp, ip_recv_attr_t *ira)
2301 {
2302 	netstack_t	*ns = ira->ira_ill->ill_ipst->ips_netstack;
2303 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
2304 
2305 	if (ira->ira_flags & IRAF_IS_IPV4)
2306 		return (ah_icmp_error_v4(data_mp, ira, ahstack));
2307 	else
2308 		return (ah_icmp_error_v6(data_mp, ira, ahstack));
2309 }
2310 
2311 static int
2312 ah_fix_tlv_options_v6(uint8_t *oi_opt, uint8_t *pi_opt, uint_t ehdrlen,
2313     uint8_t hdr_type, boolean_t copy_always)
2314 {
2315 	uint8_t opt_type;
2316 	uint_t optlen;
2317 
2318 	ASSERT(hdr_type == IPPROTO_DSTOPTS || hdr_type == IPPROTO_HOPOPTS);
2319 
2320 	/*
2321 	 * Copy the next header and hdr ext. len of the HOP-by-HOP
2322 	 * and Destination option.
2323 	 */
2324 	*pi_opt++ = *oi_opt++;
2325 	*pi_opt++ = *oi_opt++;
2326 	ehdrlen -= 2;
2327 
2328 	/*
2329 	 * Now handle all the TLV encoded options.
2330 	 */
2331 	while (ehdrlen != 0) {
2332 		opt_type = *oi_opt;
2333 
2334 		if (opt_type == IP6OPT_PAD1) {
2335 			optlen = 1;
2336 		} else {
2337 			if (ehdrlen < 2)
2338 				goto bad_opt;
2339 			optlen = 2 + oi_opt[1];
2340 			if (optlen > ehdrlen)
2341 				goto bad_opt;
2342 		}
2343 		if (copy_always || !(opt_type & IP6OPT_MUTABLE)) {
2344 			bcopy(oi_opt, pi_opt, optlen);
2345 		} else {
2346 			if (optlen == 1) {
2347 				*pi_opt = 0;
2348 			} else {
2349 				/*
2350 				 * Copy the type and data length fields.
2351 				 * Zero the option data by skipping
2352 				 * option type and option data len
2353 				 * fields.
2354 				 */
2355 				*pi_opt = *oi_opt;
2356 				*(pi_opt + 1) = *(oi_opt + 1);
2357 				bzero(pi_opt + 2, optlen - 2);
2358 			}
2359 		}
2360 		ehdrlen -= optlen;
2361 		oi_opt += optlen;
2362 		pi_opt += optlen;
2363 	}
2364 	return (0);
2365 bad_opt:
2366 	return (-1);
2367 }
2368 
2369 /*
2370  * Construct a pseudo header for AH, processing all the options.
2371  *
2372  * oip6h is the IPv6 header of the incoming or outgoing packet.
2373  * ip6h is the pointer to the pseudo headers IPV6 header. All
2374  * the space needed for the options have been allocated including
2375  * the AH header.
2376  *
2377  * If copy_always is set, all the options that appear before AH are copied
2378  * blindly without checking for IP6OPT_MUTABLE. This is used by
2379  * ah_auth_out_done().  Please refer to that function for details.
2380  *
2381  * NOTE :
2382  *
2383  * *  AH header is never copied in this function even if copy_always
2384  *    is set. It just returns the ah_offset - offset of the AH header
2385  *    and the caller needs to do the copying. This is done so that we
2386  *    don't have pass extra arguments e.g. SA etc. and also,
2387  *    it is not needed when ah_auth_out_done is calling this function.
2388  */
2389 static uint_t
2390 ah_fix_phdr_v6(ip6_t *ip6h, ip6_t *oip6h, boolean_t outbound,
2391     boolean_t copy_always)
2392 {
2393 	uint8_t	*oi_opt;
2394 	uint8_t	*pi_opt;
2395 	uint8_t nexthdr;
2396 	uint8_t *prev_nexthdr;
2397 	ip6_hbh_t *hbhhdr;
2398 	ip6_dest_t *dsthdr = NULL;
2399 	ip6_rthdr0_t *rthdr;
2400 	int ehdrlen;
2401 	ah_t *ah;
2402 	int ret;
2403 
2404 	/*
2405 	 * In the outbound case for source route, ULP has already moved
2406 	 * the first hop, which is now in ip6_dst. We need to re-arrange
2407 	 * the header to make it look like how it would appear in the
2408 	 * receiver i.e
2409 	 *
2410 	 * Because of ip_massage_options_v6 the header looks like
2411 	 * this :
2412 	 *
2413 	 * ip6_src = S, ip6_dst = I1. followed by I2,I3,D.
2414 	 *
2415 	 * When it reaches the receiver, it would look like
2416 	 *
2417 	 * ip6_src = S, ip6_dst = D. followed by I1,I2,I3.
2418 	 *
2419 	 * NOTE : We assume that there are no problems with the options
2420 	 * as IP should have already checked this.
2421 	 */
2422 
2423 	oi_opt = (uchar_t *)&oip6h[1];
2424 	pi_opt = (uchar_t *)&ip6h[1];
2425 
2426 	/*
2427 	 * We set the prev_nexthdr properly in the pseudo header.
2428 	 * After we finish authentication and come back from the
2429 	 * algorithm module, pseudo header will become the real
2430 	 * IP header.
2431 	 */
2432 	prev_nexthdr = (uint8_t *)&ip6h->ip6_nxt;
2433 	nexthdr = oip6h->ip6_nxt;
2434 	/* Assume IP has already stripped it */
2435 	ASSERT(nexthdr != IPPROTO_FRAGMENT);
2436 	ah = NULL;
2437 	dsthdr = NULL;
2438 	for (;;) {
2439 		switch (nexthdr) {
2440 		case IPPROTO_HOPOPTS:
2441 			hbhhdr = (ip6_hbh_t *)oi_opt;
2442 			nexthdr = hbhhdr->ip6h_nxt;
2443 			ehdrlen = 8 * (hbhhdr->ip6h_len + 1);
2444 			ret = ah_fix_tlv_options_v6(oi_opt, pi_opt, ehdrlen,
2445 			    IPPROTO_HOPOPTS, copy_always);
2446 			/*
2447 			 * Return a zero offset indicating error if there
2448 			 * was error.
2449 			 */
2450 			if (ret == -1)
2451 				return (0);
2452 			hbhhdr = (ip6_hbh_t *)pi_opt;
2453 			prev_nexthdr = (uint8_t *)&hbhhdr->ip6h_nxt;
2454 			break;
2455 		case IPPROTO_ROUTING:
2456 			rthdr = (ip6_rthdr0_t *)oi_opt;
2457 			nexthdr = rthdr->ip6r0_nxt;
2458 			ehdrlen = 8 * (rthdr->ip6r0_len + 1);
2459 			if (!copy_always && outbound) {
2460 				int i, left;
2461 				ip6_rthdr0_t *prthdr;
2462 				in6_addr_t *ap, *pap;
2463 
2464 				left = rthdr->ip6r0_segleft;
2465 				prthdr = (ip6_rthdr0_t *)pi_opt;
2466 				pap = (in6_addr_t *)(prthdr + 1);
2467 				ap = (in6_addr_t *)(rthdr + 1);
2468 				/*
2469 				 * First eight bytes except seg_left
2470 				 * does not change en route.
2471 				 */
2472 				bcopy(oi_opt, pi_opt, 8);
2473 				prthdr->ip6r0_segleft = 0;
2474 				/*
2475 				 * First address has been moved to
2476 				 * the destination address of the
2477 				 * ip header by ip_massage_options_v6.
2478 				 * And the real destination address is
2479 				 * in the last address part of the
2480 				 * option.
2481 				 */
2482 				*pap = oip6h->ip6_dst;
2483 				for (i = 1; i < left - 1; i++)
2484 					pap[i] = ap[i - 1];
2485 				ip6h->ip6_dst = *(ap + left - 1);
2486 			} else {
2487 				bcopy(oi_opt, pi_opt, ehdrlen);
2488 			}
2489 			rthdr = (ip6_rthdr0_t *)pi_opt;
2490 			prev_nexthdr = (uint8_t *)&rthdr->ip6r0_nxt;
2491 			break;
2492 		case IPPROTO_DSTOPTS:
2493 			/*
2494 			 * Destination options are tricky.  If there is
2495 			 * a terminal (e.g. non-IPv6-extension) header
2496 			 * following the destination options, don't
2497 			 * reset prev_nexthdr or advance the AH insertion
2498 			 * point and just treat this as a terminal header.
2499 			 *
2500 			 * If this is an inbound packet, just deal with
2501 			 * it as is.
2502 			 */
2503 			dsthdr = (ip6_dest_t *)oi_opt;
2504 			/*
2505 			 * XXX I hope common-subexpression elimination
2506 			 * saves us the double-evaluate.
2507 			 */
2508 			if (outbound && dsthdr->ip6d_nxt != IPPROTO_ROUTING &&
2509 			    dsthdr->ip6d_nxt != IPPROTO_HOPOPTS)
2510 				goto terminal_hdr;
2511 			nexthdr = dsthdr->ip6d_nxt;
2512 			ehdrlen = 8 * (dsthdr->ip6d_len + 1);
2513 			ret = ah_fix_tlv_options_v6(oi_opt, pi_opt, ehdrlen,
2514 			    IPPROTO_DSTOPTS, copy_always);
2515 			/*
2516 			 * Return a zero offset indicating error if there
2517 			 * was error.
2518 			 */
2519 			if (ret == -1)
2520 				return (0);
2521 			break;
2522 		case IPPROTO_AH:
2523 			/*
2524 			 * Be conservative in what you send.  We shouldn't
2525 			 * see two same-scoped AH's in one packet.
2526 			 * (Inner-IP-scoped AH will be hit by terminal
2527 			 * header of IP or IPv6.)
2528 			 */
2529 			ASSERT(!outbound);
2530 			return ((uint_t)(pi_opt - (uint8_t *)ip6h));
2531 		default:
2532 			ASSERT(outbound);
2533 terminal_hdr:
2534 			*prev_nexthdr = IPPROTO_AH;
2535 			ah = (ah_t *)pi_opt;
2536 			ah->ah_nexthdr = nexthdr;
2537 			return ((uint_t)(pi_opt - (uint8_t *)ip6h));
2538 		}
2539 		pi_opt += ehdrlen;
2540 		oi_opt += ehdrlen;
2541 	}
2542 	/* NOTREACHED */
2543 }
2544 
2545 static boolean_t
2546 ah_finish_up(ah_t *phdr_ah, ah_t *inbound_ah, ipsa_t *assoc,
2547     int ah_data_sz, int ah_align_sz, ipsecah_stack_t *ahstack)
2548 {
2549 	int i;
2550 
2551 	/*
2552 	 * Padding :
2553 	 *
2554 	 * 1) Authentication data may have to be padded
2555 	 * before ICV calculation if ICV is not a multiple
2556 	 * of 64 bits. This padding is arbitrary and transmitted
2557 	 * with the packet at the end of the authentication data.
2558 	 * Payload length should include the padding bytes.
2559 	 *
2560 	 * 2) Explicit padding of the whole datagram may be
2561 	 * required by the algorithm which need not be
2562 	 * transmitted. It is assumed that this will be taken
2563 	 * care by the algorithm module.
2564 	 */
2565 	bzero(phdr_ah + 1, ah_data_sz);	/* Zero out ICV for pseudo-hdr. */
2566 
2567 	if (inbound_ah == NULL) {
2568 		/* Outbound AH datagram. */
2569 
2570 		phdr_ah->ah_length = (ah_align_sz >> 2) + 1;
2571 		phdr_ah->ah_reserved = 0;
2572 		phdr_ah->ah_spi = assoc->ipsa_spi;
2573 
2574 		phdr_ah->ah_replay =
2575 		    htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1));
2576 		if (phdr_ah->ah_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2577 			/*
2578 			 * XXX We have replay counter wrapping.  We probably
2579 			 * want to nuke this SA (and its peer).
2580 			 */
2581 			ipsec_assocfailure(info.mi_idnum, 0, 0,
2582 			    SL_ERROR | SL_CONSOLE | SL_WARN,
2583 			    "Outbound AH SA (0x%x), dst %s has wrapped "
2584 			    "sequence.\n", phdr_ah->ah_spi,
2585 			    assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
2586 			    ahstack->ipsecah_netstack);
2587 
2588 			sadb_replay_delete(assoc);
2589 			/* Caller will free phdr_mp and return NULL. */
2590 			return (B_FALSE);
2591 		}
2592 
2593 		if (ah_data_sz != ah_align_sz) {
2594 			uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2595 			    ah_data_sz);
2596 
2597 			for (i = 0; i < (ah_align_sz - ah_data_sz); i++) {
2598 				pad[i] = (uchar_t)i;	/* Fill the padding */
2599 			}
2600 		}
2601 	} else {
2602 		/* Inbound AH datagram. */
2603 		phdr_ah->ah_nexthdr = inbound_ah->ah_nexthdr;
2604 		phdr_ah->ah_length = inbound_ah->ah_length;
2605 		phdr_ah->ah_reserved = 0;
2606 		ASSERT(inbound_ah->ah_spi == assoc->ipsa_spi);
2607 		phdr_ah->ah_spi = inbound_ah->ah_spi;
2608 		phdr_ah->ah_replay = inbound_ah->ah_replay;
2609 
2610 		if (ah_data_sz != ah_align_sz) {
2611 			uchar_t *opad = ((uchar_t *)inbound_ah +
2612 			    sizeof (ah_t) + ah_data_sz);
2613 			uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2614 			    ah_data_sz);
2615 
2616 			for (i = 0; i < (ah_align_sz - ah_data_sz); i++) {
2617 				pad[i] = opad[i];	/* Copy the padding */
2618 			}
2619 		}
2620 	}
2621 
2622 	return (B_TRUE);
2623 }
2624 
2625 /*
2626  * Called upon failing the inbound ICV check. The message passed as
2627  * argument is freed.
2628  */
2629 static void
2630 ah_log_bad_auth(mblk_t *mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic)
2631 {
2632 	boolean_t	isv4 = (ira->ira_flags & IRAF_IS_IPV4);
2633 	ipsa_t		*assoc = ira->ira_ipsec_ah_sa;
2634 	int		af;
2635 	void		*addr;
2636 	netstack_t	*ns = ira->ira_ill->ill_ipst->ips_netstack;
2637 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
2638 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
2639 
2640 	ASSERT(mp->b_datap->db_type == M_DATA);
2641 
2642 	mp->b_rptr -= ic->ic_skip_len;
2643 
2644 	if (isv4) {
2645 		ipha_t *ipha = (ipha_t *)mp->b_rptr;
2646 		addr = &ipha->ipha_dst;
2647 		af = AF_INET;
2648 	} else {
2649 		ip6_t *ip6h = (ip6_t *)mp->b_rptr;
2650 		addr = &ip6h->ip6_dst;
2651 		af = AF_INET6;
2652 	}
2653 
2654 	/*
2655 	 * Log the event. Don't print to the console, block
2656 	 * potential denial-of-service attack.
2657 	 */
2658 	AH_BUMP_STAT(ahstack, bad_auth);
2659 
2660 	ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
2661 	    "AH Authentication failed spi %x, dst_addr %s",
2662 	    assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
2663 
2664 	IP_AH_BUMP_STAT(ipss, in_discards);
2665 	ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2666 	    DROPPER(ipss, ipds_ah_bad_auth),
2667 	    &ahstack->ah_dropper);
2668 }
2669 
2670 /*
2671  * Kernel crypto framework callback invoked after completion of async
2672  * crypto requests for outbound packets.
2673  */
2674 static void
2675 ah_kcf_callback_outbound(void *arg, int status)
2676 {
2677 	mblk_t		*mp = (mblk_t *)arg;
2678 	mblk_t		*async_mp;
2679 	netstack_t	*ns;
2680 	ipsec_stack_t	*ipss;
2681 	ipsecah_stack_t	*ahstack;
2682 	mblk_t		*data_mp;
2683 	ip_xmit_attr_t	ixas;
2684 	ipsec_crypto_t	*ic;
2685 	ill_t		*ill;
2686 
2687 	/*
2688 	 * First remove the ipsec_crypto_t mblk
2689 	 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
2690 	 */
2691 	async_mp = ipsec_remove_crypto_data(mp, &ic);
2692 	ASSERT(async_mp != NULL);
2693 
2694 	/*
2695 	 * Extract the ip_xmit_attr_t from the first mblk.
2696 	 * Verifies that the netstack and ill is still around; could
2697 	 * have vanished while kEf was doing its work.
2698 	 * On succesful return we have a nce_t and the ill/ipst can't
2699 	 * disappear until we do the nce_refrele in ixa_cleanup.
2700 	 */
2701 	data_mp = async_mp->b_cont;
2702 	async_mp->b_cont = NULL;
2703 	if (!ip_xmit_attr_from_mblk(async_mp, &ixas)) {
2704 		/* Disappeared on us - no ill/ipst for MIB */
2705 		if (ixas.ixa_nce != NULL) {
2706 			ill = ixas.ixa_nce->nce_ill;
2707 			BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2708 			ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
2709 		}
2710 		freemsg(data_mp);
2711 		goto done;
2712 	}
2713 	ns = ixas.ixa_ipst->ips_netstack;
2714 	ahstack = ns->netstack_ipsecah;
2715 	ipss = ns->netstack_ipsec;
2716 	ill = ixas.ixa_nce->nce_ill;
2717 
2718 	if (status == CRYPTO_SUCCESS) {
2719 		data_mp = ah_auth_out_done(data_mp, &ixas, ic);
2720 		if (data_mp == NULL)
2721 			goto done;
2722 
2723 		(void) ip_output_post_ipsec(data_mp, &ixas);
2724 	} else {
2725 		/* Outbound shouldn't see invalid MAC */
2726 		ASSERT(status != CRYPTO_INVALID_MAC);
2727 
2728 		ah1dbg(ahstack,
2729 		    ("ah_kcf_callback_outbound: crypto failed with 0x%x\n",
2730 		    status));
2731 		AH_BUMP_STAT(ahstack, crypto_failures);
2732 		AH_BUMP_STAT(ahstack, out_discards);
2733 
2734 		ip_drop_packet(data_mp, B_FALSE, ill,
2735 		    DROPPER(ipss, ipds_ah_crypto_failed),
2736 		    &ahstack->ah_dropper);
2737 		BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2738 	}
2739 done:
2740 	ixa_cleanup(&ixas);
2741 	(void) ipsec_free_crypto_data(mp);
2742 }
2743 
2744 /*
2745  * Kernel crypto framework callback invoked after completion of async
2746  * crypto requests for inbound packets.
2747  */
2748 static void
2749 ah_kcf_callback_inbound(void *arg, int status)
2750 {
2751 	mblk_t		*mp = (mblk_t *)arg;
2752 	mblk_t		*async_mp;
2753 	netstack_t	*ns;
2754 	ipsec_stack_t	*ipss;
2755 	ipsecah_stack_t	*ahstack;
2756 	mblk_t		*data_mp;
2757 	ip_recv_attr_t	iras;
2758 	ipsec_crypto_t	*ic;
2759 
2760 	/*
2761 	 * First remove the ipsec_crypto_t mblk
2762 	 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
2763 	 */
2764 	async_mp = ipsec_remove_crypto_data(mp, &ic);
2765 	ASSERT(async_mp != NULL);
2766 
2767 	/*
2768 	 * Extract the ip_xmit_attr_t from the first mblk.
2769 	 * Verifies that the netstack and ill is still around; could
2770 	 * have vanished while kEf was doing its work.
2771 	 */
2772 	data_mp = async_mp->b_cont;
2773 	async_mp->b_cont = NULL;
2774 	if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
2775 		/* The ill or ip_stack_t disappeared on us */
2776 		ip_drop_input("ip_recv_attr_from_mblk", data_mp, NULL);
2777 		freemsg(data_mp);
2778 		goto done;
2779 	}
2780 	ns = iras.ira_ill->ill_ipst->ips_netstack;
2781 	ahstack = ns->netstack_ipsecah;
2782 	ipss = ns->netstack_ipsec;
2783 
2784 	if (status == CRYPTO_SUCCESS) {
2785 		data_mp = ah_auth_in_done(data_mp, &iras, ic);
2786 		if (data_mp == NULL)
2787 			goto done;
2788 
2789 		/* finish IPsec processing */
2790 		ip_input_post_ipsec(data_mp, &iras);
2791 
2792 	} else if (status == CRYPTO_INVALID_MAC) {
2793 		ah_log_bad_auth(data_mp, &iras, ic);
2794 	} else {
2795 		ah1dbg(ahstack,
2796 		    ("ah_kcf_callback_inbound: crypto failed with 0x%x\n",
2797 		    status));
2798 		AH_BUMP_STAT(ahstack, crypto_failures);
2799 		IP_AH_BUMP_STAT(ipss, in_discards);
2800 		ip_drop_packet(data_mp, B_TRUE, iras.ira_ill,
2801 		    DROPPER(ipss, ipds_ah_crypto_failed),
2802 		    &ahstack->ah_dropper);
2803 		BUMP_MIB(iras.ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2804 	}
2805 done:
2806 	ira_cleanup(&iras, B_TRUE);
2807 	(void) ipsec_free_crypto_data(mp);
2808 }
2809 
2810 /*
2811  * Invoked on kernel crypto failure during inbound and outbound processing.
2812  */
2813 static void
2814 ah_crypto_failed(mblk_t *data_mp, boolean_t is_inbound, int kef_rc,
2815     ill_t *ill, ipsecah_stack_t *ahstack)
2816 {
2817 	ipsec_stack_t	*ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2818 
2819 	ah1dbg(ahstack, ("crypto failed for %s AH with 0x%x\n",
2820 	    is_inbound ? "inbound" : "outbound", kef_rc));
2821 	ip_drop_packet(data_mp, is_inbound, ill,
2822 	    DROPPER(ipss, ipds_ah_crypto_failed),
2823 	    &ahstack->ah_dropper);
2824 	AH_BUMP_STAT(ahstack, crypto_failures);
2825 	if (is_inbound)
2826 		IP_AH_BUMP_STAT(ipss, in_discards);
2827 	else
2828 		AH_BUMP_STAT(ahstack, out_discards);
2829 }
2830 
2831 /*
2832  * Helper macros for the ah_submit_req_{inbound,outbound}() functions.
2833  */
2834 
2835 /*
2836  * A statement-equivalent macro, _cr MUST point to a modifiable
2837  * crypto_call_req_t.
2838  */
2839 #define	AH_INIT_CALLREQ(_cr, _mp, _callback)		\
2840 	(_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE;	\
2841 	(_cr)->cr_callback_arg = (_mp);				\
2842 	(_cr)->cr_callback_func = (_callback)
2843 
2844 #define	AH_INIT_CRYPTO_DATA(data, msglen, mblk) {			\
2845 	(data)->cd_format = CRYPTO_DATA_MBLK;				\
2846 	(data)->cd_mp = mblk;						\
2847 	(data)->cd_offset = 0;						\
2848 	(data)->cd_length = msglen;					\
2849 }
2850 
2851 #define	AH_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) {			\
2852 	(mac)->cd_format = CRYPTO_DATA_RAW;				\
2853 	(mac)->cd_offset = 0;						\
2854 	(mac)->cd_length = icvlen;					\
2855 	(mac)->cd_raw.iov_base = icvbuf;				\
2856 	(mac)->cd_raw.iov_len = icvlen;					\
2857 }
2858 
2859 /*
2860  * Submit an inbound packet for processing by the crypto framework.
2861  */
2862 static mblk_t *
2863 ah_submit_req_inbound(mblk_t *phdr_mp, ip_recv_attr_t *ira,
2864     size_t skip_len, uint32_t ah_offset, ipsa_t *assoc)
2865 {
2866 	int kef_rc;
2867 	mblk_t *mp;
2868 	crypto_call_req_t call_req, *callrp;
2869 	uint_t icv_len = assoc->ipsa_mac_len;
2870 	crypto_ctx_template_t ctx_tmpl;
2871 	ipsecah_stack_t	*ahstack;
2872 	ipsec_crypto_t	*ic, icstack;
2873 	boolean_t force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2874 
2875 	ahstack = ira->ira_ill->ill_ipst->ips_netstack->netstack_ipsecah;
2876 
2877 	ASSERT(phdr_mp != NULL);
2878 	ASSERT(phdr_mp->b_datap->db_type == M_DATA);
2879 
2880 	if (force) {
2881 		/* We are doing asynch; allocate mblks to hold state */
2882 		if ((mp = ip_recv_attr_to_mblk(ira)) == NULL ||
2883 		    (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2884 			BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2885 			ip_drop_input("ipIfStatsInDiscards", phdr_mp,
2886 			    ira->ira_ill);
2887 			freemsg(phdr_mp);
2888 			return (NULL);
2889 		}
2890 
2891 		linkb(mp, phdr_mp);
2892 		callrp = &call_req;
2893 		AH_INIT_CALLREQ(callrp, mp, ah_kcf_callback_inbound);
2894 	} else {
2895 		/*
2896 		 * If we know we are going to do sync then ipsec_crypto_t
2897 		 * should be on the stack.
2898 		 */
2899 		ic = &icstack;
2900 		bzero(ic, sizeof (*ic));
2901 		callrp = NULL;
2902 	}
2903 
2904 	/* init arguments for the crypto framework */
2905 	AH_INIT_CRYPTO_DATA(&ic->ic_crypto_data, AH_MSGSIZE(phdr_mp),
2906 	    phdr_mp);
2907 
2908 	AH_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, icv_len,
2909 	    (char *)phdr_mp->b_cont->b_rptr - skip_len + ah_offset +
2910 	    sizeof (ah_t));
2911 
2912 	ic->ic_skip_len = skip_len;
2913 
2914 	IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, ctx_tmpl);
2915 
2916 	/* call KEF to do the MAC operation */
2917 	kef_rc = crypto_mac_verify(&assoc->ipsa_amech,
2918 	    &ic->ic_crypto_data, &assoc->ipsa_kcfauthkey, ctx_tmpl,
2919 	    &ic->ic_crypto_mac, callrp);
2920 
2921 	switch (kef_rc) {
2922 	case CRYPTO_SUCCESS:
2923 		AH_BUMP_STAT(ahstack, crypto_sync);
2924 		phdr_mp = ah_auth_in_done(phdr_mp, ira, ic);
2925 		if (force) {
2926 			/* Free mp after we are done with ic */
2927 			mp = ipsec_free_crypto_data(mp);
2928 			(void) ip_recv_attr_free_mblk(mp);
2929 		}
2930 		return (phdr_mp);
2931 	case CRYPTO_QUEUED:
2932 		/* ah_kcf_callback_inbound() will be invoked on completion */
2933 		AH_BUMP_STAT(ahstack, crypto_async);
2934 		return (NULL);
2935 	case CRYPTO_INVALID_MAC:
2936 		/* Free mp after we are done with ic */
2937 		AH_BUMP_STAT(ahstack, crypto_sync);
2938 		BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2939 		ah_log_bad_auth(phdr_mp, ira, ic);
2940 		/* phdr_mp was passed to ip_drop_packet */
2941 		if (force) {
2942 			mp = ipsec_free_crypto_data(mp);
2943 			(void) ip_recv_attr_free_mblk(mp);
2944 		}
2945 		return (NULL);
2946 	}
2947 
2948 	if (force) {
2949 		mp = ipsec_free_crypto_data(mp);
2950 		phdr_mp = ip_recv_attr_free_mblk(mp);
2951 	}
2952 	BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2953 	ah_crypto_failed(phdr_mp, B_TRUE, kef_rc, ira->ira_ill, ahstack);
2954 	/* phdr_mp was passed to ip_drop_packet */
2955 	return (NULL);
2956 }
2957 
2958 /*
2959  * Submit an outbound packet for processing by the crypto framework.
2960  */
2961 static mblk_t *
2962 ah_submit_req_outbound(mblk_t *phdr_mp, ip_xmit_attr_t *ixa,
2963     size_t skip_len, ipsa_t *assoc)
2964 {
2965 	int kef_rc;
2966 	mblk_t *mp;
2967 	crypto_call_req_t call_req, *callrp;
2968 	uint_t icv_len = assoc->ipsa_mac_len;
2969 	ipsecah_stack_t	*ahstack;
2970 	ipsec_crypto_t	*ic, icstack;
2971 	ill_t		*ill = ixa->ixa_nce->nce_ill;
2972 	boolean_t force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2973 
2974 	ahstack = ill->ill_ipst->ips_netstack->netstack_ipsecah;
2975 
2976 	ASSERT(phdr_mp != NULL);
2977 	ASSERT(phdr_mp->b_datap->db_type == M_DATA);
2978 
2979 	if (force) {
2980 		/* We are doing asynch; allocate mblks to hold state */
2981 		if ((mp = ip_xmit_attr_to_mblk(ixa)) == NULL ||
2982 		    (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2983 			BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2984 			ip_drop_output("ipIfStatsOutDiscards", phdr_mp, ill);
2985 			freemsg(phdr_mp);
2986 			return (NULL);
2987 		}
2988 		linkb(mp, phdr_mp);
2989 		callrp = &call_req;
2990 		AH_INIT_CALLREQ(callrp, mp, ah_kcf_callback_outbound);
2991 	} else {
2992 		/*
2993 		 * If we know we are going to do sync then ipsec_crypto_t
2994 		 * should be on the stack.
2995 		 */
2996 		ic = &icstack;
2997 		bzero(ic, sizeof (*ic));
2998 		callrp = NULL;
2999 	}
3000 
3001 	/* init arguments for the crypto framework */
3002 	AH_INIT_CRYPTO_DATA(&ic->ic_crypto_data, AH_MSGSIZE(phdr_mp),
3003 	    phdr_mp);
3004 
3005 	AH_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, icv_len,
3006 	    (char *)phdr_mp->b_wptr);
3007 
3008 	ic->ic_skip_len = skip_len;
3009 
3010 	ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
3011 
3012 	/* call KEF to do the MAC operation */
3013 	kef_rc = crypto_mac(&assoc->ipsa_amech, &ic->ic_crypto_data,
3014 	    &assoc->ipsa_kcfauthkey, assoc->ipsa_authtmpl,
3015 	    &ic->ic_crypto_mac, callrp);
3016 
3017 	switch (kef_rc) {
3018 	case CRYPTO_SUCCESS:
3019 		AH_BUMP_STAT(ahstack, crypto_sync);
3020 		phdr_mp = ah_auth_out_done(phdr_mp, ixa, ic);
3021 		if (force) {
3022 			/* Free mp after we are done with ic */
3023 			mp = ipsec_free_crypto_data(mp);
3024 			(void) ip_xmit_attr_free_mblk(mp);
3025 		}
3026 		return (phdr_mp);
3027 	case CRYPTO_QUEUED:
3028 		/* ah_kcf_callback_outbound() will be invoked on completion */
3029 		AH_BUMP_STAT(ahstack, crypto_async);
3030 		return (NULL);
3031 	}
3032 
3033 	if (force) {
3034 		mp = ipsec_free_crypto_data(mp);
3035 		phdr_mp = ip_xmit_attr_free_mblk(mp);
3036 	}
3037 	BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3038 	ah_crypto_failed(phdr_mp, B_FALSE, kef_rc, NULL, ahstack);
3039 	/* phdr_mp was passed to ip_drop_packet */
3040 	return (NULL);
3041 }
3042 
3043 /*
3044  * This function constructs a pseudo header by looking at the IP header
3045  * and options if any. This is called for both outbound and inbound,
3046  * before computing the ICV.
3047  */
3048 static mblk_t *
3049 ah_process_ip_options_v6(mblk_t *mp, ipsa_t *assoc, int *length_to_skip,
3050     uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3051 {
3052 	ip6_t	*ip6h;
3053 	ip6_t	*oip6h;
3054 	mblk_t 	*phdr_mp;
3055 	int option_length;
3056 	uint_t	ah_align_sz;
3057 	uint_t ah_offset;
3058 	int hdr_size;
3059 
3060 	/*
3061 	 * Allocate space for the authentication data also. It is
3062 	 * useful both during the ICV calculation where we need to
3063 	 * feed in zeroes and while sending the datagram back to IP
3064 	 * where we will be using the same space.
3065 	 *
3066 	 * We need to allocate space for padding bytes if it is not
3067 	 * a multiple of IPV6_PADDING_ALIGN.
3068 	 *
3069 	 * In addition, we allocate space for the ICV computed by
3070 	 * the kernel crypto framework, saving us a separate kmem
3071 	 * allocation down the road.
3072 	 */
3073 
3074 	ah_align_sz = P2ALIGN(ah_data_sz + IPV6_PADDING_ALIGN - 1,
3075 	    IPV6_PADDING_ALIGN);
3076 
3077 	ASSERT(ah_align_sz >= ah_data_sz);
3078 
3079 	hdr_size = ipsec_ah_get_hdr_size_v6(mp, B_FALSE);
3080 	option_length = hdr_size - IPV6_HDR_LEN;
3081 
3082 	/* This was not included in ipsec_ah_get_hdr_size_v6() */
3083 	hdr_size += (sizeof (ah_t) + ah_align_sz);
3084 
3085 	if (!outbound && (MBLKL(mp) < hdr_size)) {
3086 		/*
3087 		 * We have post-AH header options in a separate mblk,
3088 		 * a pullup is required.
3089 		 */
3090 		if (!pullupmsg(mp, hdr_size))
3091 			return (NULL);
3092 	}
3093 
3094 	if ((phdr_mp = allocb_tmpl(hdr_size + ah_data_sz, mp)) == NULL) {
3095 		return (NULL);
3096 	}
3097 
3098 	oip6h = (ip6_t *)mp->b_rptr;
3099 
3100 	/*
3101 	 * Form the basic IP header first. Zero out the header
3102 	 * so that the mutable fields are zeroed out.
3103 	 */
3104 	ip6h = (ip6_t *)phdr_mp->b_rptr;
3105 	bzero(ip6h, sizeof (ip6_t));
3106 	ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW;
3107 
3108 	if (outbound) {
3109 		/*
3110 		 * Include the size of AH and authentication data.
3111 		 * This is how our recipient would compute the
3112 		 * authentication data. Look at what we do in the
3113 		 * inbound case below.
3114 		 */
3115 		ip6h->ip6_plen = htons(ntohs(oip6h->ip6_plen) +
3116 		    sizeof (ah_t) + ah_align_sz);
3117 	} else {
3118 		ip6h->ip6_plen = oip6h->ip6_plen;
3119 	}
3120 
3121 	ip6h->ip6_src = oip6h->ip6_src;
3122 	ip6h->ip6_dst = oip6h->ip6_dst;
3123 
3124 	*length_to_skip = IPV6_HDR_LEN;
3125 	if (option_length == 0) {
3126 		/* Form the AH header */
3127 		ip6h->ip6_nxt = IPPROTO_AH;
3128 		((ah_t *)(ip6h + 1))->ah_nexthdr = oip6h->ip6_nxt;
3129 		ah_offset = *length_to_skip;
3130 	} else {
3131 		ip6h->ip6_nxt = oip6h->ip6_nxt;
3132 		/* option_length does not include the AH header's size */
3133 		*length_to_skip += option_length;
3134 
3135 		ah_offset = ah_fix_phdr_v6(ip6h, oip6h, outbound, B_FALSE);
3136 		if (ah_offset == 0) {
3137 			return (NULL);
3138 		}
3139 	}
3140 
3141 	if (!ah_finish_up(((ah_t *)((uint8_t *)ip6h + ah_offset)),
3142 	    (outbound ? NULL : ((ah_t *)((uint8_t *)oip6h + ah_offset))),
3143 	    assoc, ah_data_sz, ah_align_sz, ahstack)) {
3144 		freeb(phdr_mp);
3145 		/*
3146 		 * Returning NULL will tell the caller to
3147 		 * IPSA_REFELE(), free the memory, etc.
3148 		 */
3149 		return (NULL);
3150 	}
3151 
3152 	phdr_mp->b_wptr = ((uint8_t *)ip6h + ah_offset + sizeof (ah_t) +
3153 	    ah_align_sz);
3154 	if (!outbound)
3155 		*length_to_skip += sizeof (ah_t) + ah_align_sz;
3156 	return (phdr_mp);
3157 }
3158 
3159 /*
3160  * This function constructs a pseudo header by looking at the IP header
3161  * and options if any. This is called for both outbound and inbound,
3162  * before computing the ICV.
3163  */
3164 static mblk_t *
3165 ah_process_ip_options_v4(mblk_t *mp, ipsa_t *assoc, int *length_to_skip,
3166     uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3167 {
3168 	ipoptp_t opts;
3169 	uint32_t option_length;
3170 	ipha_t	*ipha;
3171 	ipha_t	*oipha;
3172 	mblk_t 	*phdr_mp;
3173 	int	 size;
3174 	uchar_t	*optptr;
3175 	uint8_t optval;
3176 	uint8_t optlen;
3177 	ipaddr_t dst;
3178 	uint32_t v_hlen_tos_len;
3179 	int ip_hdr_length;
3180 	uint_t	ah_align_sz;
3181 	uint32_t off;
3182 
3183 #ifdef	_BIG_ENDIAN
3184 #define	V_HLEN	(v_hlen_tos_len >> 24)
3185 #else
3186 #define	V_HLEN	(v_hlen_tos_len & 0xFF)
3187 #endif
3188 
3189 	oipha = (ipha_t *)mp->b_rptr;
3190 	v_hlen_tos_len = ((uint32_t *)oipha)[0];
3191 
3192 	/*
3193 	 * Allocate space for the authentication data also. It is
3194 	 * useful both during the ICV calculation where we need to
3195 	 * feed in zeroes and while sending the datagram back to IP
3196 	 * where we will be using the same space.
3197 	 *
3198 	 * We need to allocate space for padding bytes if it is not
3199 	 * a multiple of IPV4_PADDING_ALIGN.
3200 	 *
3201 	 * In addition, we allocate space for the ICV computed by
3202 	 * the kernel crypto framework, saving us a separate kmem
3203 	 * allocation down the road.
3204 	 */
3205 
3206 	ah_align_sz = P2ALIGN(ah_data_sz + IPV4_PADDING_ALIGN - 1,
3207 	    IPV4_PADDING_ALIGN);
3208 
3209 	ASSERT(ah_align_sz >= ah_data_sz);
3210 
3211 	size = IP_SIMPLE_HDR_LENGTH + sizeof (ah_t) + ah_align_sz +
3212 	    ah_data_sz;
3213 
3214 	if (V_HLEN != IP_SIMPLE_HDR_VERSION) {
3215 		option_length = oipha->ipha_version_and_hdr_length -
3216 		    (uint8_t)((IP_VERSION << 4) +
3217 		    IP_SIMPLE_HDR_LENGTH_IN_WORDS);
3218 		option_length <<= 2;
3219 		size += option_length;
3220 	}
3221 
3222 	if ((phdr_mp = allocb_tmpl(size, mp)) == NULL) {
3223 		return (NULL);
3224 	}
3225 
3226 	/*
3227 	 * Form the basic IP header first.
3228 	 */
3229 	ipha = (ipha_t *)phdr_mp->b_rptr;
3230 	ipha->ipha_version_and_hdr_length = oipha->ipha_version_and_hdr_length;
3231 	ipha->ipha_type_of_service = 0;
3232 
3233 	if (outbound) {
3234 		/*
3235 		 * Include the size of AH and authentication data.
3236 		 * This is how our recipient would compute the
3237 		 * authentication data. Look at what we do in the
3238 		 * inbound case below.
3239 		 */
3240 		ipha->ipha_length = ntohs(htons(oipha->ipha_length) +
3241 		    sizeof (ah_t) + ah_align_sz);
3242 	} else {
3243 		ipha->ipha_length = oipha->ipha_length;
3244 	}
3245 
3246 	ipha->ipha_ident = oipha->ipha_ident;
3247 	ipha->ipha_fragment_offset_and_flags = 0;
3248 	ipha->ipha_ttl = 0;
3249 	ipha->ipha_protocol = IPPROTO_AH;
3250 	ipha->ipha_hdr_checksum = 0;
3251 	ipha->ipha_src = oipha->ipha_src;
3252 	ipha->ipha_dst = dst = oipha->ipha_dst;
3253 
3254 	/*
3255 	 * If there is no option to process return now.
3256 	 */
3257 	ip_hdr_length = IP_SIMPLE_HDR_LENGTH;
3258 
3259 	if (V_HLEN == IP_SIMPLE_HDR_VERSION) {
3260 		/* Form the AH header */
3261 		goto ah_hdr;
3262 	}
3263 
3264 	ip_hdr_length += option_length;
3265 
3266 	/*
3267 	 * We have options. In the outbound case for source route,
3268 	 * ULP has already moved the first hop, which is now in
3269 	 * ipha_dst. We need the final destination for the calculation
3270 	 * of authentication data. And also make sure that mutable
3271 	 * and experimental fields are zeroed out in the IP options.
3272 	 */
3273 
3274 	bcopy(&oipha[1], &ipha[1], option_length);
3275 
3276 	for (optval = ipoptp_first(&opts, ipha);
3277 	    optval != IPOPT_EOL;
3278 	    optval = ipoptp_next(&opts)) {
3279 		optptr = opts.ipoptp_cur;
3280 		optlen = opts.ipoptp_len;
3281 		switch (optval) {
3282 		case IPOPT_EXTSEC:
3283 		case IPOPT_COMSEC:
3284 		case IPOPT_RA:
3285 		case IPOPT_SDMDD:
3286 		case IPOPT_SECURITY:
3287 			/*
3288 			 * These options are Immutable, leave them as-is.
3289 			 * Note that IPOPT_NOP is also Immutable, but it
3290 			 * was skipped by ipoptp_next() and thus remains
3291 			 * intact in the header.
3292 			 */
3293 			break;
3294 		case IPOPT_SSRR:
3295 		case IPOPT_LSRR:
3296 			if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0)
3297 				goto bad_ipv4opt;
3298 			/*
3299 			 * These two are mutable and will be zeroed, but
3300 			 * first get the final destination.
3301 			 */
3302 			off = optptr[IPOPT_OFFSET];
3303 			/*
3304 			 * If one of the conditions is true, it means
3305 			 * end of options and dst already has the right
3306 			 * value. So, just fall through.
3307 			 */
3308 			if (!(optlen < IP_ADDR_LEN || off > optlen - 3)) {
3309 				off = optlen - IP_ADDR_LEN;
3310 				bcopy(&optptr[off], &dst, IP_ADDR_LEN);
3311 			}
3312 			/* FALLTHRU */
3313 		case IPOPT_RR:
3314 		case IPOPT_TS:
3315 		case IPOPT_SATID:
3316 		default:
3317 			/*
3318 			 * optlen should include from the beginning of an
3319 			 * option.
3320 			 * NOTE : Stream Identifier Option (SID): RFC 791
3321 			 * shows the bit pattern of optlen as 2 and documents
3322 			 * the length as 4. We assume it to be 2 here.
3323 			 */
3324 			bzero(optptr, optlen);
3325 			break;
3326 		}
3327 	}
3328 
3329 	if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
3330 bad_ipv4opt:
3331 		ah1dbg(ahstack, ("AH : bad IPv4 option"));
3332 		freeb(phdr_mp);
3333 		return (NULL);
3334 	}
3335 
3336 	/*
3337 	 * Don't change ipha_dst for an inbound datagram as it points
3338 	 * to the right value. Only for the outbound with LSRR/SSRR,
3339 	 * because of ip_massage_options called by the ULP, ipha_dst
3340 	 * points to the first hop and we need to use the final
3341 	 * destination for computing the ICV.
3342 	 */
3343 
3344 	if (outbound)
3345 		ipha->ipha_dst = dst;
3346 ah_hdr:
3347 	((ah_t *)((uint8_t *)ipha + ip_hdr_length))->ah_nexthdr =
3348 	    oipha->ipha_protocol;
3349 	if (!ah_finish_up(((ah_t *)((uint8_t *)ipha + ip_hdr_length)),
3350 	    (outbound ? NULL : ((ah_t *)((uint8_t *)oipha + ip_hdr_length))),
3351 	    assoc, ah_data_sz, ah_align_sz, ahstack)) {
3352 		freeb(phdr_mp);
3353 		/*
3354 		 * Returning NULL will tell the caller to IPSA_REFELE(), free
3355 		 * the memory, etc.
3356 		 */
3357 		return (NULL);
3358 	}
3359 
3360 	phdr_mp->b_wptr = ((uchar_t *)ipha + ip_hdr_length +
3361 	    sizeof (ah_t) + ah_align_sz);
3362 
3363 	ASSERT(phdr_mp->b_wptr <= phdr_mp->b_datap->db_lim);
3364 	if (outbound)
3365 		*length_to_skip = ip_hdr_length;
3366 	else
3367 		*length_to_skip = ip_hdr_length + sizeof (ah_t) + ah_align_sz;
3368 	return (phdr_mp);
3369 }
3370 
3371 /*
3372  * Authenticate an outbound datagram. This function is called
3373  * whenever IP sends an outbound datagram that needs authentication.
3374  * Returns a modified packet if done. Returns NULL if error or queued.
3375  * If error return then ipIfStatsOutDiscards has been increased.
3376  */
3377 static mblk_t *
3378 ah_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa)
3379 {
3380 	mblk_t *phdr_mp;
3381 	ipsa_t *assoc;
3382 	int length_to_skip;
3383 	uint_t ah_align_sz;
3384 	uint_t age_bytes;
3385 	netstack_t	*ns = ixa->ixa_ipst->ips_netstack;
3386 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
3387 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3388 	ill_t		*ill = ixa->ixa_nce->nce_ill;
3389 	boolean_t	need_refrele = B_FALSE;
3390 
3391 	/*
3392 	 * Construct the chain of mblks
3393 	 *
3394 	 * PSEUDO_HDR->DATA
3395 	 *
3396 	 * one by one.
3397 	 */
3398 
3399 	AH_BUMP_STAT(ahstack, out_requests);
3400 
3401 	ASSERT(data_mp->b_datap->db_type == M_DATA);
3402 
3403 	assoc = ixa->ixa_ipsec_ah_sa;
3404 	ASSERT(assoc != NULL);
3405 
3406 
3407 	/*
3408 	 * Get the outer IP header in shape to escape this system..
3409 	 */
3410 	if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) {
3411 		/*
3412 		 * Need to update packet with any CIPSO option and update
3413 		 * ixa_tsl to capture the new label.
3414 		 * We allocate a separate ixa for that purpose.
3415 		 */
3416 		ixa = ip_xmit_attr_duplicate(ixa);
3417 		if (ixa == NULL) {
3418 			ip_drop_packet(data_mp, B_FALSE, ill,
3419 			    DROPPER(ipss, ipds_ah_nomem),
3420 			    &ahstack->ah_dropper);
3421 			return (NULL);
3422 		}
3423 		need_refrele = B_TRUE;
3424 
3425 		label_hold(assoc->ipsa_otsl);
3426 		ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl);
3427 
3428 		data_mp = sadb_whack_label(data_mp, assoc, ixa,
3429 		    DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3430 		if (data_mp == NULL) {
3431 			/* Packet dropped by sadb_whack_label */
3432 			ixa_refrele(ixa);
3433 			return (NULL);
3434 		}
3435 	}
3436 
3437 	/*
3438 	 * Age SA according to number of bytes that will be sent after
3439 	 * adding the AH header, ICV, and padding to the packet.
3440 	 */
3441 
3442 	if (ixa->ixa_flags & IXAF_IS_IPV4) {
3443 		ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
3444 		ah_align_sz = P2ALIGN(assoc->ipsa_mac_len +
3445 		    IPV4_PADDING_ALIGN - 1, IPV4_PADDING_ALIGN);
3446 		age_bytes = ntohs(ipha->ipha_length) + sizeof (ah_t) +
3447 		    ah_align_sz;
3448 	} else {
3449 		ip6_t *ip6h = (ip6_t *)data_mp->b_rptr;
3450 		ah_align_sz = P2ALIGN(assoc->ipsa_mac_len +
3451 		    IPV6_PADDING_ALIGN - 1, IPV6_PADDING_ALIGN);
3452 		age_bytes = sizeof (ip6_t) + ntohs(ip6h->ip6_plen) +
3453 		    sizeof (ah_t) + ah_align_sz;
3454 	}
3455 
3456 	if (!ah_age_bytes(assoc, age_bytes, B_FALSE)) {
3457 		/* rig things as if ipsec_getassocbyconn() failed */
3458 		ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
3459 		    "AH association 0x%x, dst %s had bytes expire.\n",
3460 		    ntohl(assoc->ipsa_spi), assoc->ipsa_dstaddr, AF_INET,
3461 		    ahstack->ipsecah_netstack);
3462 		BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3463 		ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
3464 		freemsg(data_mp);
3465 		if (need_refrele)
3466 			ixa_refrele(ixa);
3467 		return (NULL);
3468 	}
3469 
3470 	/*
3471 	 * XXX We need to have fixed up the outer label before we get here.
3472 	 * (AH is computing the checksum over the outer label).
3473 	 */
3474 
3475 	/*
3476 	 * Insert pseudo header:
3477 	 * [IP, ULP] => [IP, AH, ICV] -> ULP
3478 	 */
3479 
3480 	if (ixa->ixa_flags & IXAF_IS_IPV4) {
3481 		phdr_mp = ah_process_ip_options_v4(data_mp, assoc,
3482 		    &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3483 	} else {
3484 		phdr_mp = ah_process_ip_options_v6(data_mp, assoc,
3485 		    &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3486 	}
3487 
3488 	if (phdr_mp == NULL) {
3489 		AH_BUMP_STAT(ahstack, out_discards);
3490 		ip_drop_packet(data_mp, B_FALSE, ixa->ixa_nce->nce_ill,
3491 		    DROPPER(ipss, ipds_ah_bad_v4_opts),
3492 		    &ahstack->ah_dropper);
3493 		BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3494 		if (need_refrele)
3495 			ixa_refrele(ixa);
3496 		return (NULL);
3497 	}
3498 
3499 	phdr_mp->b_cont = data_mp;
3500 	data_mp->b_rptr += length_to_skip;
3501 	data_mp = phdr_mp;
3502 
3503 	/*
3504 	 * At this point data_mp points to
3505 	 * an mblk containing the pseudo header (IP header,
3506 	 * AH header, and ICV with mutable fields zero'ed out).
3507 	 * mp points to the mblk containing the ULP data. The original
3508 	 * IP header is kept before the ULP data in data_mp.
3509 	 */
3510 
3511 	/* submit MAC request to KCF */
3512 	data_mp = ah_submit_req_outbound(data_mp, ixa, length_to_skip, assoc);
3513 	if (need_refrele)
3514 		ixa_refrele(ixa);
3515 	return (data_mp);
3516 }
3517 
3518 static mblk_t *
3519 ah_inbound(mblk_t *data_mp, void *arg, ip_recv_attr_t *ira)
3520 {
3521 	ah_t		*ah = (ah_t *)arg;
3522 	ipsa_t		*assoc = ira->ira_ipsec_ah_sa;
3523 	int		length_to_skip;
3524 	int		ah_length;
3525 	mblk_t		*phdr_mp;
3526 	uint32_t	ah_offset;
3527 	netstack_t	*ns = ira->ira_ill->ill_ipst->ips_netstack;
3528 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
3529 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3530 
3531 	ASSERT(assoc != NULL);
3532 
3533 	/*
3534 	 * We may wish to check replay in-range-only here as an optimization.
3535 	 * Include the reality check of ipsa->ipsa_replay >
3536 	 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
3537 	 * where N == ipsa->ipsa_replay_wsize.
3538 	 *
3539 	 * Another check that may come here later is the "collision" check.
3540 	 * If legitimate packets flow quickly enough, this won't be a problem,
3541 	 * but collisions may cause authentication algorithm crunching to
3542 	 * take place when it doesn't need to.
3543 	 */
3544 	if (!sadb_replay_peek(assoc, ah->ah_replay)) {
3545 		AH_BUMP_STAT(ahstack, replay_early_failures);
3546 		IP_AH_BUMP_STAT(ipss, in_discards);
3547 		ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3548 		    DROPPER(ipss, ipds_ah_early_replay),
3549 		    &ahstack->ah_dropper);
3550 		BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3551 		return (NULL);
3552 	}
3553 
3554 	/*
3555 	 * The offset of the AH header can be computed from its pointer
3556 	 * within the data mblk, which was pulled up until the AH header
3557 	 * by ipsec_inbound_ah_sa() during SA selection.
3558 	 */
3559 	ah_offset = (uchar_t *)ah - data_mp->b_rptr;
3560 
3561 	/*
3562 	 * We need to pullup until the ICV before we call
3563 	 * ah_process_ip_options_v6.
3564 	 */
3565 	ah_length = (ah->ah_length << 2) + 8;
3566 
3567 	/*
3568 	 * NOTE : If we want to use any field of IP/AH header, you need
3569 	 * to re-assign following the pullup.
3570 	 */
3571 	if (((uchar_t *)ah + ah_length) > data_mp->b_wptr) {
3572 		if (!pullupmsg(data_mp, (uchar_t *)ah + ah_length -
3573 		    data_mp->b_rptr)) {
3574 			(void) ipsec_rl_strlog(ns, info.mi_idnum, 0, 0,
3575 			    SL_WARN | SL_ERROR,
3576 			    "ah_inbound: Small AH header\n");
3577 			IP_AH_BUMP_STAT(ipss, in_discards);
3578 			ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3579 			    DROPPER(ipss, ipds_ah_nomem),
3580 			    &ahstack->ah_dropper);
3581 			BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3582 			return (NULL);
3583 		}
3584 	}
3585 
3586 	/*
3587 	 * Insert pseudo header:
3588 	 * [IP, ULP] => [IP, AH, ICV] -> ULP
3589 	 */
3590 	if (ira->ira_flags & IRAF_IS_IPV4) {
3591 		phdr_mp = ah_process_ip_options_v4(data_mp, assoc,
3592 		    &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3593 	} else {
3594 		phdr_mp = ah_process_ip_options_v6(data_mp, assoc,
3595 		    &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3596 	}
3597 
3598 	if (phdr_mp == NULL) {
3599 		IP_AH_BUMP_STAT(ipss, in_discards);
3600 		ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3601 		    ((ira->ira_flags & IRAF_IS_IPV4) ?
3602 		    DROPPER(ipss, ipds_ah_bad_v4_opts) :
3603 		    DROPPER(ipss, ipds_ah_bad_v6_hdrs)),
3604 		    &ahstack->ah_dropper);
3605 		BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3606 		return (NULL);
3607 	}
3608 
3609 	phdr_mp->b_cont = data_mp;
3610 	data_mp->b_rptr += length_to_skip;
3611 	data_mp = phdr_mp;
3612 
3613 	/* submit request to KCF */
3614 	return (ah_submit_req_inbound(data_mp, ira, length_to_skip, ah_offset,
3615 	    assoc));
3616 }
3617 
3618 /*
3619  * Invoked after processing of an inbound packet by the
3620  * kernel crypto framework. Called by ah_submit_req() for a sync request,
3621  * or by the kcf callback for an async request.
3622  * Returns NULL if the mblk chain is consumed.
3623  */
3624 static mblk_t *
3625 ah_auth_in_done(mblk_t *phdr_mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic)
3626 {
3627 	ipha_t *ipha;
3628 	uint_t ah_offset = 0;
3629 	mblk_t *mp;
3630 	int align_len, newpos;
3631 	ah_t *ah;
3632 	uint32_t length;
3633 	uint32_t *dest32;
3634 	uint8_t *dest;
3635 	boolean_t isv4;
3636 	ip6_t *ip6h;
3637 	uint_t icv_len;
3638 	ipsa_t *assoc;
3639 	kstat_named_t *counter;
3640 	netstack_t	*ns = ira->ira_ill->ill_ipst->ips_netstack;
3641 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
3642 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3643 
3644 	isv4 = (ira->ira_flags & IRAF_IS_IPV4);
3645 	assoc = ira->ira_ipsec_ah_sa;
3646 	icv_len = (uint_t)ic->ic_crypto_mac.cd_raw.iov_len;
3647 
3648 	if (phdr_mp == NULL) {
3649 		ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill,
3650 		    DROPPER(ipss, ipds_ah_nomem),
3651 		    &ahstack->ah_dropper);
3652 		BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3653 		return (NULL);
3654 	}
3655 
3656 	mp = phdr_mp->b_cont;
3657 	if (mp == NULL) {
3658 		ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill,
3659 		    DROPPER(ipss, ipds_ah_nomem),
3660 		    &ahstack->ah_dropper);
3661 		BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3662 		return (NULL);
3663 	}
3664 	mp->b_rptr -= ic->ic_skip_len;
3665 
3666 	ah_set_usetime(assoc, B_TRUE);
3667 
3668 	if (isv4) {
3669 		ipha = (ipha_t *)mp->b_rptr;
3670 		ah_offset = ipha->ipha_version_and_hdr_length -
3671 		    (uint8_t)((IP_VERSION << 4));
3672 		ah_offset <<= 2;
3673 		align_len = P2ALIGN(icv_len + IPV4_PADDING_ALIGN - 1,
3674 		    IPV4_PADDING_ALIGN);
3675 	} else {
3676 		ip6h = (ip6_t *)mp->b_rptr;
3677 		ah_offset = ipsec_ah_get_hdr_size_v6(mp, B_TRUE);
3678 		ASSERT((mp->b_wptr - mp->b_rptr) >= ah_offset);
3679 		align_len = P2ALIGN(icv_len + IPV6_PADDING_ALIGN - 1,
3680 		    IPV6_PADDING_ALIGN);
3681 	}
3682 
3683 	ah = (ah_t *)(mp->b_rptr + ah_offset);
3684 	newpos = sizeof (ah_t) + align_len;
3685 
3686 	/*
3687 	 * We get here only when authentication passed.
3688 	 */
3689 
3690 	ah3dbg(ahstack, ("AH succeeded, checking replay\n"));
3691 	AH_BUMP_STAT(ahstack, good_auth);
3692 
3693 	if (!sadb_replay_check(assoc, ah->ah_replay)) {
3694 		int af;
3695 		void *addr;
3696 
3697 		if (isv4) {
3698 			addr = &ipha->ipha_dst;
3699 			af = AF_INET;
3700 		} else {
3701 			addr = &ip6h->ip6_dst;
3702 			af = AF_INET6;
3703 		}
3704 
3705 		/*
3706 		 * Log the event. As of now we print out an event.
3707 		 * Do not print the replay failure number, or else
3708 		 * syslog cannot collate the error messages.  Printing
3709 		 * the replay number that failed (or printing to the
3710 		 * console) opens a denial-of-service attack.
3711 		 */
3712 		AH_BUMP_STAT(ahstack, replay_failures);
3713 		ipsec_assocfailure(info.mi_idnum, 0, 0,
3714 		    SL_ERROR | SL_WARN,
3715 		    "Replay failed for AH spi %x, dst_addr %s",
3716 		    assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
3717 		counter = DROPPER(ipss, ipds_ah_replay);
3718 		goto ah_in_discard;
3719 	}
3720 
3721 	/*
3722 	 * We need to remove the AH header from the original
3723 	 * datagram. Best way to do this is to move the pre-AH headers
3724 	 * forward in the (relatively simple) IPv4 case.  In IPv6, it's
3725 	 * a bit more complicated because of IPv6's next-header chaining,
3726 	 * but it's doable.
3727 	 */
3728 	if (isv4) {
3729 		/*
3730 		 * Assign the right protocol, adjust the length as we
3731 		 * are removing the AH header and adjust the checksum to
3732 		 * account for the protocol and length.
3733 		 */
3734 		length = ntohs(ipha->ipha_length);
3735 		if (!ah_age_bytes(assoc, length, B_TRUE)) {
3736 			/* The ipsa has hit hard expiration, LOG and AUDIT. */
3737 			ipsec_assocfailure(info.mi_idnum, 0, 0,
3738 			    SL_ERROR | SL_WARN,
3739 			    "AH Association 0x%x, dst %s had bytes expire.\n",
3740 			    assoc->ipsa_spi, assoc->ipsa_dstaddr,
3741 			    AF_INET, ahstack->ipsecah_netstack);
3742 			AH_BUMP_STAT(ahstack, bytes_expired);
3743 			counter = DROPPER(ipss, ipds_ah_bytes_expire);
3744 			goto ah_in_discard;
3745 		}
3746 		ipha->ipha_protocol = ah->ah_nexthdr;
3747 		length -= newpos;
3748 
3749 		ipha->ipha_length = htons((uint16_t)length);
3750 		ipha->ipha_hdr_checksum = 0;
3751 		ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
3752 	} else {
3753 		uchar_t *whereptr;
3754 		int hdrlen;
3755 		uint8_t *nexthdr;
3756 		ip6_hbh_t *hbhhdr;
3757 		ip6_dest_t *dsthdr;
3758 		ip6_rthdr0_t *rthdr;
3759 
3760 		/*
3761 		 * Make phdr_mp hold until the AH header and make
3762 		 * mp hold everything past AH header.
3763 		 */
3764 		length = ntohs(ip6h->ip6_plen);
3765 		if (!ah_age_bytes(assoc, length + sizeof (ip6_t), B_TRUE)) {
3766 			/* The ipsa has hit hard expiration, LOG and AUDIT. */
3767 			ipsec_assocfailure(info.mi_idnum, 0, 0,
3768 			    SL_ERROR | SL_WARN,
3769 			    "AH Association 0x%x, dst %s had bytes "
3770 			    "expire.\n", assoc->ipsa_spi, &ip6h->ip6_dst,
3771 			    AF_INET6, ahstack->ipsecah_netstack);
3772 			AH_BUMP_STAT(ahstack, bytes_expired);
3773 			counter = DROPPER(ipss, ipds_ah_bytes_expire);
3774 			goto ah_in_discard;
3775 		}
3776 
3777 		/*
3778 		 * Update the next header field of the header preceding
3779 		 * AH with the next header field of AH. Start with the
3780 		 * IPv6 header and proceed with the extension headers
3781 		 * until we find what we're looking for.
3782 		 */
3783 		nexthdr = &ip6h->ip6_nxt;
3784 		whereptr =  (uchar_t *)ip6h;
3785 		hdrlen = sizeof (ip6_t);
3786 
3787 		while (*nexthdr != IPPROTO_AH) {
3788 			whereptr += hdrlen;
3789 			/* Assume IP has already stripped it */
3790 			ASSERT(*nexthdr != IPPROTO_FRAGMENT);
3791 			switch (*nexthdr) {
3792 			case IPPROTO_HOPOPTS:
3793 				hbhhdr = (ip6_hbh_t *)whereptr;
3794 				nexthdr = &hbhhdr->ip6h_nxt;
3795 				hdrlen = 8 * (hbhhdr->ip6h_len + 1);
3796 				break;
3797 			case IPPROTO_DSTOPTS:
3798 				dsthdr = (ip6_dest_t *)whereptr;
3799 				nexthdr = &dsthdr->ip6d_nxt;
3800 				hdrlen = 8 * (dsthdr->ip6d_len + 1);
3801 				break;
3802 			case IPPROTO_ROUTING:
3803 				rthdr = (ip6_rthdr0_t *)whereptr;
3804 				nexthdr = &rthdr->ip6r0_nxt;
3805 				hdrlen = 8 * (rthdr->ip6r0_len + 1);
3806 				break;
3807 			}
3808 		}
3809 		*nexthdr = ah->ah_nexthdr;
3810 		length -= newpos;
3811 		ip6h->ip6_plen = htons((uint16_t)length);
3812 	}
3813 
3814 	/* Now that we've fixed the IP header, move it forward. */
3815 	mp->b_rptr += newpos;
3816 	if (IS_P2ALIGNED(mp->b_rptr, sizeof (uint32_t))) {
3817 		dest32 = (uint32_t *)(mp->b_rptr + ah_offset);
3818 		while (--dest32 >= (uint32_t *)mp->b_rptr)
3819 			*dest32 = *(dest32 - (newpos >> 2));
3820 	} else {
3821 		dest = mp->b_rptr + ah_offset;
3822 		while (--dest >= mp->b_rptr)
3823 			*dest = *(dest - newpos);
3824 	}
3825 	freeb(phdr_mp);
3826 
3827 	/*
3828 	 * If SA is labelled, use its label, else inherit the label
3829 	 */
3830 	if (is_system_labeled() && (assoc->ipsa_tsl != NULL)) {
3831 		if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) {
3832 			ip_drop_packet(mp, B_TRUE, ira->ira_ill,
3833 			    DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3834 			BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3835 			return (NULL);
3836 		}
3837 	}
3838 
3839 	if (assoc->ipsa_state == IPSA_STATE_IDLE) {
3840 		/*
3841 		 * Cluster buffering case.  Tell caller that we're
3842 		 * handling the packet.
3843 		 */
3844 		sadb_buf_pkt(assoc, mp, ira);
3845 		return (NULL);
3846 	}
3847 
3848 	return (mp);
3849 
3850 ah_in_discard:
3851 	IP_AH_BUMP_STAT(ipss, in_discards);
3852 	ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill, counter,
3853 	    &ahstack->ah_dropper);
3854 	BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3855 	return (NULL);
3856 }
3857 
3858 /*
3859  * Invoked after processing of an outbound packet by the
3860  * kernel crypto framework, either by ah_submit_req() for a request
3861  * executed syncrhonously, or by the KEF callback for a request
3862  * executed asynchronously.
3863  */
3864 static mblk_t *
3865 ah_auth_out_done(mblk_t *phdr_mp, ip_xmit_attr_t *ixa, ipsec_crypto_t *ic)
3866 {
3867 	mblk_t *mp;
3868 	int align_len;
3869 	uint32_t hdrs_length;
3870 	uchar_t *ptr;
3871 	uint32_t length;
3872 	boolean_t isv4;
3873 	size_t icv_len;
3874 	netstack_t	*ns = ixa->ixa_ipst->ips_netstack;
3875 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
3876 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3877 	ill_t		*ill = ixa->ixa_nce->nce_ill;
3878 
3879 	isv4 = (ixa->ixa_flags & IXAF_IS_IPV4);
3880 	icv_len = ic->ic_crypto_mac.cd_raw.iov_len;
3881 
3882 	mp = phdr_mp->b_cont;
3883 	if (mp == NULL) {
3884 		ip_drop_packet(phdr_mp, B_FALSE, ill,
3885 		    DROPPER(ipss, ipds_ah_nomem),
3886 		    &ahstack->ah_dropper);
3887 		BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3888 		return (NULL);
3889 	}
3890 	mp->b_rptr -= ic->ic_skip_len;
3891 
3892 	ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
3893 	ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
3894 	ah_set_usetime(ixa->ixa_ipsec_ah_sa, B_FALSE);
3895 
3896 	if (isv4) {
3897 		ipha_t *ipha;
3898 		ipha_t *nipha;
3899 
3900 		ipha = (ipha_t *)mp->b_rptr;
3901 		hdrs_length = ipha->ipha_version_and_hdr_length -
3902 		    (uint8_t)((IP_VERSION << 4));
3903 		hdrs_length <<= 2;
3904 		align_len = P2ALIGN(icv_len + IPV4_PADDING_ALIGN - 1,
3905 		    IPV4_PADDING_ALIGN);
3906 		/*
3907 		 * phdr_mp must have the right amount of space for the
3908 		 * combined IP and AH header. Copy the IP header and
3909 		 * the ack_data onto AH. Note that the AH header was
3910 		 * already formed before the ICV calculation and hence
3911 		 * you don't have to copy it here.
3912 		 */
3913 		bcopy(mp->b_rptr, phdr_mp->b_rptr, hdrs_length);
3914 
3915 		ptr = phdr_mp->b_rptr + hdrs_length + sizeof (ah_t);
3916 		bcopy(phdr_mp->b_wptr, ptr, icv_len);
3917 
3918 		/*
3919 		 * Compute the new header checksum as we are assigning
3920 		 * IPPROTO_AH and adjusting the length here.
3921 		 */
3922 		nipha = (ipha_t *)phdr_mp->b_rptr;
3923 
3924 		nipha->ipha_protocol = IPPROTO_AH;
3925 		length = ntohs(nipha->ipha_length);
3926 		length += (sizeof (ah_t) + align_len);
3927 		nipha->ipha_length = htons((uint16_t)length);
3928 		nipha->ipha_hdr_checksum = 0;
3929 		nipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(nipha);
3930 	} else {
3931 		ip6_t *ip6h;
3932 		ip6_t *nip6h;
3933 		uint_t ah_offset;
3934 
3935 		ip6h = (ip6_t *)mp->b_rptr;
3936 		nip6h = (ip6_t *)phdr_mp->b_rptr;
3937 		align_len = P2ALIGN(icv_len + IPV6_PADDING_ALIGN - 1,
3938 		    IPV6_PADDING_ALIGN);
3939 		/*
3940 		 * phdr_mp must have the right amount of space for the
3941 		 * combined IP and AH header. Copy the IP header with
3942 		 * options into the pseudo header. When we constructed
3943 		 * a pseudo header, we did not copy some of the mutable
3944 		 * fields. We do it now by calling ah_fix_phdr_v6()
3945 		 * with the last argument B_TRUE. It returns the
3946 		 * ah_offset into the pseudo header.
3947 		 */
3948 
3949 		bcopy(ip6h, nip6h, IPV6_HDR_LEN);
3950 		ah_offset = ah_fix_phdr_v6(nip6h, ip6h, B_TRUE, B_TRUE);
3951 		ASSERT(ah_offset != 0);
3952 		/*
3953 		 * phdr_mp can hold exactly the whole IP header with options
3954 		 * plus the AH header also. Thus subtracting the AH header's
3955 		 * size should give exactly how much of the original header
3956 		 * should be skipped.
3957 		 */
3958 		hdrs_length = (phdr_mp->b_wptr - phdr_mp->b_rptr) -
3959 		    sizeof (ah_t) - icv_len;
3960 		bcopy(phdr_mp->b_wptr, ((uint8_t *)nip6h + ah_offset +
3961 		    sizeof (ah_t)), icv_len);
3962 		length = ntohs(nip6h->ip6_plen);
3963 		length += (sizeof (ah_t) + align_len);
3964 		nip6h->ip6_plen = htons((uint16_t)length);
3965 	}
3966 
3967 	/* Skip the original IP header */
3968 	mp->b_rptr += hdrs_length;
3969 	if (mp->b_rptr == mp->b_wptr) {
3970 		phdr_mp->b_cont = mp->b_cont;
3971 		freeb(mp);
3972 	}
3973 
3974 	return (phdr_mp);
3975 }
3976 
3977 /* Refactor me */
3978 /*
3979  * Wrapper to allow IP to trigger an AH association failure message
3980  * during SA inbound selection.
3981  */
3982 void
3983 ipsecah_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt,
3984     uint32_t spi, void *addr, int af, ip_recv_attr_t *ira)
3985 {
3986 	netstack_t	*ns = ira->ira_ill->ill_ipst->ips_netstack;
3987 	ipsecah_stack_t	*ahstack = ns->netstack_ipsecah;
3988 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3989 
3990 	if (ahstack->ipsecah_log_unknown_spi) {
3991 		ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi,
3992 		    addr, af, ahstack->ipsecah_netstack);
3993 	}
3994 
3995 	ip_drop_packet(mp, B_TRUE, ira->ira_ill,
3996 	    DROPPER(ipss, ipds_ah_no_sa),
3997 	    &ahstack->ah_dropper);
3998 }
3999 
4000 /*
4001  * Initialize the AH input and output processing functions.
4002  */
4003 void
4004 ipsecah_init_funcs(ipsa_t *sa)
4005 {
4006 	if (sa->ipsa_output_func == NULL)
4007 		sa->ipsa_output_func = ah_outbound;
4008 	if (sa->ipsa_input_func == NULL)
4009 		sa->ipsa_input_func = ah_inbound;
4010 }
4011