1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 /* 26 * Copyright 2017 Joyent, Inc. 27 * Copyright 2024 Oxide Computer Company 28 */ 29 30 #include <sys/param.h> 31 #include <sys/types.h> 32 #include <sys/stream.h> 33 #include <sys/strsubr.h> 34 #include <sys/strsun.h> 35 #include <sys/stropts.h> 36 #include <sys/vnode.h> 37 #include <sys/zone.h> 38 #include <sys/strlog.h> 39 #include <sys/sysmacros.h> 40 #define _SUN_TPI_VERSION 2 41 #include <sys/tihdr.h> 42 #include <sys/timod.h> 43 #include <sys/tiuser.h> 44 #include <sys/ddi.h> 45 #include <sys/sunddi.h> 46 #include <sys/sunldi.h> 47 #include <sys/file.h> 48 #include <sys/modctl.h> 49 #include <sys/debug.h> 50 #include <sys/kmem.h> 51 #include <sys/cmn_err.h> 52 #include <sys/proc.h> 53 #include <sys/suntpi.h> 54 #include <sys/atomic.h> 55 #include <sys/mkdev.h> 56 #include <sys/policy.h> 57 #include <sys/disp.h> 58 59 #include <sys/socket.h> 60 #include <netinet/in.h> 61 #include <net/pfkeyv2.h> 62 63 #include <inet/common.h> 64 #include <netinet/ip6.h> 65 #include <inet/ip.h> 66 #include <inet/proto_set.h> 67 #include <inet/nd.h> 68 #include <inet/optcom.h> 69 #include <inet/ipsec_info.h> 70 #include <inet/ipsec_impl.h> 71 #include <inet/tcp_sig.h> 72 #include <inet/keysock.h> 73 74 #include <sys/isa_defs.h> 75 76 /* 77 * This is a transport provider for the PF_KEY key management socket. 78 * (See RFC 2367 for details.) 79 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN 80 * messages (see ipsec_info.h), and passed to the appropriate consumer. 81 * Upstream messages are generated for all open PF_KEY sockets, when 82 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled) 83 * in reply to downstream messages. 84 * 85 * Upstream messages must be created asynchronously for the following 86 * situations: 87 * 88 * 1.) A keysock consumer requires an SA, and there is currently none. 89 * 2.) An SA expires, either hard or soft lifetime. 90 * 3.) Other events a consumer deems fit. 91 * 92 * The MT model of this is PERMOD, with shared put procedures. Two types of 93 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send 94 * down the *multiple* messages they create. 95 */ 96 97 static vmem_t *keysock_vmem; /* for minor numbers. */ 98 99 #define KEYSOCK_MAX_CONSUMERS 256 100 101 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */ 102 static struct T_info_ack keysock_g_t_info_ack = { 103 T_INFO_ACK, 104 T_INFINITE, /* TSDU_size. Maximum size messages. */ 105 T_INVALID, /* ETSDU_size. No expedited data. */ 106 T_INVALID, /* CDATA_size. No connect data. */ 107 T_INVALID, /* DDATA_size. No disconnect data. */ 108 0, /* ADDR_size. */ 109 0, /* OPT_size. No user-settable options */ 110 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */ 111 T_COTS, /* SERV_type. keysock supports connection oriented. */ 112 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */ 113 (XPG4_1) /* Provider flags */ 114 }; 115 116 /* Named Dispatch Parameter Management Structure */ 117 typedef struct keysockparam_s { 118 uint_t keysock_param_min; 119 uint_t keysock_param_max; 120 uint_t keysock_param_value; 121 char *keysock_param_name; 122 } keysockparam_t; 123 124 /* 125 * Table of NDD variables supported by keysock. These are loaded into 126 * keysock_g_nd in keysock_init_nd. 127 * All of these are alterable, within the min/max values given, at run time. 128 */ 129 static keysockparam_t lcl_param_arr[] = { 130 /* min max value name */ 131 { 4096, 65536, 8192, "keysock_xmit_hiwat"}, 132 { 0, 65536, 1024, "keysock_xmit_lowat"}, 133 { 4096, 65536, 8192, "keysock_recv_hiwat"}, 134 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"}, 135 { 0, 3, 0, "keysock_debug"}, 136 }; 137 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value 138 #define keystack_xmit_lowat keystack_params[1].keysock_param_value 139 #define keystack_recv_hiwat keystack_params[2].keysock_param_value 140 #define keystack_max_buf keystack_params[3].keysock_param_value 141 #define keystack_debug keystack_params[4].keysock_param_value 142 143 #define ks0dbg(a) printf a 144 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 145 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a 146 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a 147 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a 148 149 static int keysock_close(queue_t *, int, cred_t *); 150 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *); 151 static int keysock_wput(queue_t *, mblk_t *); 152 static int keysock_rput(queue_t *, mblk_t *); 153 static int keysock_rsrv(queue_t *); 154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns); 155 static void keysock_stack_fini(netstackid_t stackid, void *arg); 156 157 static struct module_info info = { 158 5138, "keysock", 1, INFPSZ, 512, 128 159 }; 160 161 static struct qinit rinit = { 162 keysock_rput, keysock_rsrv, keysock_open, keysock_close, 163 NULL, &info 164 }; 165 166 static struct qinit winit = { 167 keysock_wput, NULL, NULL, NULL, NULL, &info 168 }; 169 170 struct streamtab keysockinfo = { 171 &rinit, &winit 172 }; 173 174 extern struct modlinkage *keysock_modlp; 175 176 /* 177 * Plumb IPsec. 178 * 179 * NOTE: New "default" modules will need to be loaded here if needed before 180 * boot time. 181 */ 182 183 /* Keep these in global space to keep the lint from complaining. */ 184 static char *IPSECESP = "ipsecesp"; 185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp"; 186 static char *IPSECAH = "ipsecah"; 187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah"; 188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6"; 189 static char *KEYSOCK = "keysock"; 190 static char *STRMOD = "strmod"; 191 192 /* 193 * Load the other ipsec modules and plumb them together. 194 */ 195 int 196 keysock_plumb_ipsec(netstack_t *ns) 197 { 198 ldi_handle_t lh, ip6_lh = NULL; 199 ldi_ident_t li = NULL; 200 int err = 0; 201 int muxid, rval; 202 boolean_t esp_present = B_TRUE; 203 cred_t *cr; 204 keysock_stack_t *keystack = ns->netstack_keysock; 205 206 #ifdef NS_DEBUG 207 (void) printf("keysock_plumb_ipsec(%d)\n", 208 ns->netstack_stackid); 209 #endif 210 211 keystack->keystack_plumbed = 0; /* we're trying again.. */ 212 213 cr = zone_get_kcred(netstackid_to_zoneid( 214 keystack->keystack_netstack->netstack_stackid)); 215 ASSERT(cr != NULL); 216 /* 217 * Load up the drivers (AH/ESP). 218 * 219 * I do this separately from the actual plumbing in case this function 220 * ever gets called from a diskless boot before the root filesystem is 221 * up. I don't have to worry about "keysock" because, well, if I'm 222 * here, keysock must've loaded successfully. 223 */ 224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) { 225 ks0dbg(("IPsec: AH failed to attach.\n")); 226 goto bail; 227 } 228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) { 229 ks0dbg(("IPsec: ESP failed to attach.\n")); 230 esp_present = B_FALSE; 231 } 232 233 /* 234 * Set up the IP streams for AH and ESP, as well as tacking keysock 235 * on top of them. Assume keysock has set the autopushes up already. 236 */ 237 238 /* Open IP. */ 239 err = ldi_ident_from_mod(keysock_modlp, &li); 240 if (err) { 241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n", 242 err)); 243 goto bail; 244 } 245 246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li); 247 if (err) { 248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err)); 249 goto bail; 250 } 251 252 /* PLINK KEYSOCK/AH */ 253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li); 254 if (err) { 255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err)); 256 goto bail; 257 } 258 err = ldi_ioctl(lh, 259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 260 if (err) { 261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n", 262 err)); 263 (void) ldi_close(lh, FREAD|FWRITE, cr); 264 goto bail; 265 } 266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 268 if (err) { 269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err)); 270 (void) ldi_close(lh, FREAD|FWRITE, cr); 271 goto bail; 272 } 273 (void) ldi_close(lh, FREAD|FWRITE, cr); 274 275 /* PLINK KEYSOCK/ESP */ 276 if (esp_present) { 277 err = ldi_open_by_name(IPSECESPDEV, 278 FREAD|FWRITE, cr, &lh, li); 279 if (err) { 280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err)); 281 goto bail; 282 } 283 err = ldi_ioctl(lh, 284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 285 if (err) { 286 ks0dbg(("IPsec: " 287 "Push of KEYSOCK onto ESP failed (err %d).\n", 288 err)); 289 (void) ldi_close(lh, FREAD|FWRITE, cr); 290 goto bail; 291 } 292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 294 if (err) { 295 ks0dbg(("IPsec: " 296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err)); 297 (void) ldi_close(lh, FREAD|FWRITE, cr); 298 goto bail; 299 } 300 (void) ldi_close(lh, FREAD|FWRITE, cr); 301 } 302 303 bail: 304 keystack->keystack_plumbed = (err == 0) ? 1 : -1; 305 if (ip6_lh != NULL) { 306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr); 307 } 308 if (li != NULL) 309 ldi_ident_release(li); 310 #ifdef NS_DEBUG 311 (void) printf("keysock_plumb_ipsec -> %d\n", 312 keystack->keystack_plumbed); 313 #endif 314 crfree(cr); 315 return (err); 316 } 317 318 /* ARGSUSED */ 319 static int 320 keysock_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 321 { 322 keysockparam_t *keysockpa = (keysockparam_t *)cp; 323 uint_t value; 324 keysock_t *ks = (keysock_t *)q->q_ptr; 325 keysock_stack_t *keystack = ks->keysock_keystack; 326 327 mutex_enter(&keystack->keystack_param_lock); 328 value = keysockpa->keysock_param_value; 329 mutex_exit(&keystack->keystack_param_lock); 330 331 (void) mi_mpprintf(mp, "%u", value); 332 return (0); 333 } 334 335 /* This routine sets an NDD variable in a keysockparam_t structure. */ 336 /* ARGSUSED */ 337 static int 338 keysock_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, cred_t *cr) 339 { 340 ulong_t new_value; 341 keysockparam_t *keysockpa = (keysockparam_t *)cp; 342 keysock_t *ks = (keysock_t *)q->q_ptr; 343 keysock_stack_t *keystack = ks->keysock_keystack; 344 345 /* Convert the value from a string into a long integer. */ 346 if (ddi_strtoul(value, NULL, 10, &new_value) != 0) 347 return (EINVAL); 348 349 mutex_enter(&keystack->keystack_param_lock); 350 /* 351 * Fail the request if the new value does not lie within the 352 * required bounds. 353 */ 354 if (new_value < keysockpa->keysock_param_min || 355 new_value > keysockpa->keysock_param_max) { 356 mutex_exit(&keystack->keystack_param_lock); 357 return (EINVAL); 358 } 359 360 /* Set the new value */ 361 keysockpa->keysock_param_value = new_value; 362 mutex_exit(&keystack->keystack_param_lock); 363 364 return (0); 365 } 366 367 /* 368 * Initialize keysock at module load time 369 */ 370 boolean_t 371 keysock_ddi_init(void) 372 { 373 keysock_max_optsize = optcom_max_optsize( 374 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt); 375 376 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1, 377 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER); 378 379 /* 380 * We want to be informed each time a stack is created or 381 * destroyed in the kernel, so we can maintain the 382 * set of keysock_stack_t's. 383 */ 384 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL, 385 keysock_stack_fini); 386 387 return (B_TRUE); 388 } 389 390 /* 391 * Walk through the param array specified registering each element with the 392 * named dispatch handler. 393 */ 394 static boolean_t 395 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt) 396 { 397 for (; cnt-- > 0; ksp++) { 398 if (ksp->keysock_param_name != NULL && 399 ksp->keysock_param_name[0]) { 400 if (!nd_load(ndp, 401 ksp->keysock_param_name, 402 keysock_param_get, keysock_param_set, 403 (caddr_t)ksp)) { 404 nd_free(ndp); 405 return (B_FALSE); 406 } 407 } 408 } 409 return (B_TRUE); 410 } 411 412 /* 413 * Initialize keysock for one stack instance 414 */ 415 /* ARGSUSED */ 416 static void * 417 keysock_stack_init(netstackid_t stackid, netstack_t *ns) 418 { 419 keysock_stack_t *keystack; 420 keysockparam_t *ksp; 421 422 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP); 423 keystack->keystack_netstack = ns; 424 425 keystack->keystack_acquire_seq = 0xffffffff; 426 427 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 428 keystack->keystack_params = ksp; 429 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr)); 430 431 (void) keysock_param_register(&keystack->keystack_g_nd, ksp, 432 A_CNT(lcl_param_arr)); 433 434 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL); 435 mutex_init(&keystack->keystack_consumers_lock, 436 NULL, MUTEX_DEFAULT, NULL); 437 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL); 438 return (keystack); 439 } 440 441 /* 442 * Free NDD variable space, and other destructors, for keysock. 443 */ 444 void 445 keysock_ddi_destroy(void) 446 { 447 netstack_unregister(NS_KEYSOCK); 448 vmem_destroy(keysock_vmem); 449 } 450 451 /* 452 * Remove one stack instance from keysock 453 */ 454 /* ARGSUSED */ 455 static void 456 keysock_stack_fini(netstackid_t stackid, void *arg) 457 { 458 keysock_stack_t *keystack = (keysock_stack_t *)arg; 459 460 nd_free(&keystack->keystack_g_nd); 461 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr)); 462 keystack->keystack_params = NULL; 463 464 mutex_destroy(&keystack->keystack_list_lock); 465 mutex_destroy(&keystack->keystack_consumers_lock); 466 mutex_destroy(&keystack->keystack_param_lock); 467 468 kmem_free(keystack, sizeof (*keystack)); 469 } 470 471 /* 472 * Close routine for keysock. 473 */ 474 /* ARGSUSED */ 475 static int 476 keysock_close(queue_t *q, int flags __unused, cred_t *credp __unused) 477 { 478 keysock_t *ks; 479 keysock_consumer_t *kc; 480 void *ptr = q->q_ptr; 481 int size; 482 keysock_stack_t *keystack; 483 484 485 qprocsoff(q); 486 487 /* Safe assumption. */ 488 ASSERT(ptr != NULL); 489 490 if (WR(q)->q_next) { 491 kc = (keysock_consumer_t *)ptr; 492 keystack = kc->kc_keystack; 493 494 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n", 495 kc->kc_sa_type)); 496 /* 497 * Because of PERMOD open/close exclusive perimeter, I 498 * can inspect KC_FLUSHING w/o locking down kc->kc_lock. 499 */ 500 if (kc->kc_flags & KC_FLUSHING) { 501 /* 502 * If this decrement was the last one, send 503 * down the next pending one, if any. 504 * 505 * With a PERMOD perimeter, the mutexes ops aren't 506 * really necessary, but if we ever loosen up, we will 507 * have this bit covered already. 508 */ 509 keystack->keystack_flushdump--; 510 if (keystack->keystack_flushdump == 0) { 511 /* 512 * The flush/dump terminated by having a 513 * consumer go away. I need to send up to the 514 * appropriate keysock all of the relevant 515 * information. Unfortunately, I don't 516 * have that handy. 517 */ 518 ks0dbg(("Consumer went away while flushing or" 519 " dumping.\n")); 520 } 521 } 522 size = sizeof (keysock_consumer_t); 523 mutex_enter(&keystack->keystack_consumers_lock); 524 keystack->keystack_consumers[kc->kc_sa_type] = NULL; 525 mutex_exit(&keystack->keystack_consumers_lock); 526 mutex_destroy(&kc->kc_lock); 527 netstack_rele(kc->kc_keystack->keystack_netstack); 528 } else { 529 ks = (keysock_t *)ptr; 530 keystack = ks->keysock_keystack; 531 532 ks3dbg(keystack, 533 ("Driver close, PF_KEY socket is going away.\n")); 534 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0) 535 atomic_dec_32(&keystack->keystack_num_extended); 536 size = sizeof (keysock_t); 537 mutex_enter(&keystack->keystack_list_lock); 538 *(ks->keysock_ptpn) = ks->keysock_next; 539 if (ks->keysock_next != NULL) 540 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn; 541 mutex_exit(&keystack->keystack_list_lock); 542 mutex_destroy(&ks->keysock_lock); 543 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial, 544 1); 545 netstack_rele(ks->keysock_keystack->keystack_netstack); 546 } 547 548 /* Now I'm free. */ 549 kmem_free(ptr, size); 550 return (0); 551 } 552 /* 553 * Open routine for keysock. 554 */ 555 /* ARGSUSED */ 556 static int 557 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 558 { 559 keysock_t *ks; 560 keysock_consumer_t *kc; 561 mblk_t *mp; 562 ipsec_info_t *ii; 563 netstack_t *ns; 564 keysock_stack_t *keystack; 565 566 if (secpolicy_ip_config(credp, B_FALSE) != 0) { 567 /* Privilege debugging will log the error */ 568 return (EPERM); 569 } 570 571 if (q->q_ptr != NULL) 572 return (0); /* Re-open of an already open instance. */ 573 574 ns = netstack_find_by_cred(credp); 575 ASSERT(ns != NULL); 576 keystack = ns->netstack_keysock; 577 ASSERT(keystack != NULL); 578 579 ks3dbg(keystack, ("Entering keysock open.\n")); 580 581 if (keystack->keystack_plumbed < 1) { 582 netstack_t *ns = keystack->keystack_netstack; 583 584 keystack->keystack_plumbed = 0; 585 #ifdef NS_DEBUG 586 printf("keysock_open(%d) - plumb\n", 587 keystack->keystack_netstack->netstack_stackid); 588 #endif 589 /* 590 * Don't worry about ipsec_failure being true here. 591 * (See ip.c). An open of keysock should try and force 592 * the issue. Maybe it was a transient failure. 593 */ 594 ipsec_loader_loadnow(ns->netstack_ipsec); 595 } 596 597 if (sflag & MODOPEN) { 598 /* Initialize keysock_consumer state here. */ 599 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP); 600 if (kc == NULL) { 601 netstack_rele(keystack->keystack_netstack); 602 return (ENOMEM); 603 } 604 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0); 605 kc->kc_rq = q; 606 kc->kc_wq = WR(q); 607 608 q->q_ptr = kc; 609 WR(q)->q_ptr = kc; 610 611 kc->kc_keystack = keystack; 612 qprocson(q); 613 614 /* 615 * Send down initial message to whatever I was pushed on top 616 * of asking for its consumer type. The reply will set it. 617 */ 618 619 /* Allocate it. */ 620 mp = allocb(sizeof (ipsec_info_t), BPRI_HI); 621 if (mp == NULL) { 622 ks1dbg(keystack, ( 623 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n")); 624 /* Do I need to set these to null? */ 625 q->q_ptr = NULL; 626 WR(q)->q_ptr = NULL; 627 mutex_destroy(&kc->kc_lock); 628 kmem_free(kc, sizeof (*kc)); 629 netstack_rele(keystack->keystack_netstack); 630 return (ENOMEM); 631 } 632 633 /* If I allocated okay, putnext to what I was pushed atop. */ 634 mp->b_wptr += sizeof (ipsec_info_t); 635 mp->b_datap->db_type = M_CTL; 636 ii = (ipsec_info_t *)mp->b_rptr; 637 ii->ipsec_info_type = KEYSOCK_HELLO; 638 /* Length only of type/len. */ 639 ii->ipsec_info_len = sizeof (ii->ipsec_allu); 640 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n")); 641 putnext(kc->kc_wq, mp); 642 } else { 643 minor_t ksminor; 644 645 /* Initialize keysock state. */ 646 647 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n")); 648 649 ksminor = (minor_t)(uintptr_t) 650 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP); 651 if (ksminor == 0) { 652 netstack_rele(keystack->keystack_netstack); 653 return (ENOMEM); 654 } 655 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP); 656 if (ks == NULL) { 657 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1); 658 netstack_rele(keystack->keystack_netstack); 659 return (ENOMEM); 660 } 661 662 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0); 663 ks->keysock_rq = q; 664 ks->keysock_wq = WR(q); 665 ks->keysock_state = TS_UNBND; 666 ks->keysock_serial = ksminor; 667 668 q->q_ptr = ks; 669 WR(q)->q_ptr = ks; 670 ks->keysock_keystack = keystack; 671 672 /* 673 * The receive hiwat is only looked at on the stream head 674 * queue. Store in q_hiwat in order to return on SO_RCVBUF 675 * getsockopts. 676 */ 677 678 q->q_hiwat = keystack->keystack_recv_hiwat; 679 680 /* 681 * The transmit hiwat/lowat is only looked at on IP's queue. 682 * Store in q_hiwat/q_lowat in order to return on 683 * SO_SNDBUF/SO_SNDLOWAT getsockopts. 684 */ 685 686 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat; 687 WR(q)->q_lowat = keystack->keystack_xmit_lowat; 688 689 *devp = makedevice(getmajor(*devp), ksminor); 690 691 /* 692 * Thread keysock into the global keysock list. 693 */ 694 mutex_enter(&keystack->keystack_list_lock); 695 ks->keysock_next = keystack->keystack_list; 696 ks->keysock_ptpn = &keystack->keystack_list; 697 if (keystack->keystack_list != NULL) { 698 keystack->keystack_list->keysock_ptpn = 699 &ks->keysock_next; 700 } 701 keystack->keystack_list = ks; 702 mutex_exit(&keystack->keystack_list_lock); 703 704 qprocson(q); 705 (void) proto_set_rx_hiwat(q, NULL, 706 keystack->keystack_recv_hiwat); 707 /* 708 * Wait outside the keysock module perimeter for IPsec 709 * plumbing to be completed. If it fails, keysock_close() 710 * undoes everything we just did. 711 */ 712 if (!ipsec_loader_wait(q, 713 keystack->keystack_netstack->netstack_ipsec)) { 714 (void) keysock_close(q, 0, credp); 715 return (EPFNOSUPPORT); 716 } 717 } 718 719 return (0); 720 } 721 722 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */ 723 724 /* 725 * Copy relevant state bits. 726 */ 727 static void 728 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks) 729 { 730 *tap = keysock_g_t_info_ack; 731 tap->CURRENT_state = ks->keysock_state; 732 tap->OPT_size = keysock_max_optsize; 733 } 734 735 /* 736 * This routine responds to T_CAPABILITY_REQ messages. It is called by 737 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from 738 * keysock_g_t_info_ack. The current state of the stream is copied from 739 * keysock_state. 740 */ 741 static void 742 keysock_capability_req(queue_t *q, mblk_t *mp) 743 { 744 keysock_t *ks = (keysock_t *)q->q_ptr; 745 t_uscalar_t cap_bits1; 746 struct T_capability_ack *tcap; 747 748 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 749 750 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 751 mp->b_datap->db_type, T_CAPABILITY_ACK); 752 if (mp == NULL) 753 return; 754 755 tcap = (struct T_capability_ack *)mp->b_rptr; 756 tcap->CAP_bits1 = 0; 757 758 if (cap_bits1 & TC1_INFO) { 759 keysock_copy_info(&tcap->INFO_ack, ks); 760 tcap->CAP_bits1 |= TC1_INFO; 761 } 762 763 qreply(q, mp); 764 } 765 766 /* 767 * This routine responds to T_INFO_REQ messages. It is called by 768 * keysock_wput_other. 769 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack. 770 * The current state of the stream is copied from keysock_state. 771 */ 772 static void 773 keysock_info_req(queue_t *q, mblk_t *mp) 774 { 775 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO, 776 T_INFO_ACK); 777 if (mp == NULL) 778 return; 779 keysock_copy_info((struct T_info_ack *)mp->b_rptr, 780 (keysock_t *)q->q_ptr); 781 qreply(q, mp); 782 } 783 784 /* 785 * keysock_err_ack. This routine creates a 786 * T_ERROR_ACK message and passes it 787 * upstream. 788 */ 789 static void 790 keysock_err_ack(queue_t *q, mblk_t *mp, int t_error, int sys_error) 791 { 792 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL) 793 qreply(q, mp); 794 } 795 796 /* 797 * This routine retrieves the current status of socket options. 798 * It returns the size of the option retrieved. 799 */ 800 /* ARGSUSED */ 801 int 802 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr) 803 { 804 int *i1 = (int *)ptr; 805 keysock_t *ks = (keysock_t *)q->q_ptr; 806 807 switch (level) { 808 case SOL_SOCKET: 809 mutex_enter(&ks->keysock_lock); 810 switch (name) { 811 case SO_TYPE: 812 *i1 = SOCK_RAW; 813 break; 814 case SO_USELOOPBACK: 815 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) == 816 KEYSOCK_NOLOOP)); 817 break; 818 /* 819 * The following two items can be manipulated, 820 * but changing them should do nothing. 821 */ 822 case SO_SNDBUF: 823 *i1 = (int)q->q_hiwat; 824 break; 825 case SO_RCVBUF: 826 *i1 = (int)(RD(q)->q_hiwat); 827 break; 828 } 829 mutex_exit(&ks->keysock_lock); 830 break; 831 default: 832 return (0); 833 } 834 return (sizeof (int)); 835 } 836 837 /* 838 * This routine sets socket options. 839 */ 840 /* ARGSUSED */ 841 int 842 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level, 843 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 844 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr) 845 { 846 int *i1 = (int *)invalp, errno = 0; 847 keysock_t *ks = (keysock_t *)q->q_ptr; 848 keysock_stack_t *keystack = ks->keysock_keystack; 849 850 switch (level) { 851 case SOL_SOCKET: 852 mutex_enter(&ks->keysock_lock); 853 switch (name) { 854 case SO_USELOOPBACK: 855 if (!(*i1)) 856 ks->keysock_flags |= KEYSOCK_NOLOOP; 857 else ks->keysock_flags &= ~KEYSOCK_NOLOOP; 858 break; 859 case SO_SNDBUF: 860 if (*i1 > keystack->keystack_max_buf) 861 errno = ENOBUFS; 862 else q->q_hiwat = *i1; 863 break; 864 case SO_RCVBUF: 865 if (*i1 > keystack->keystack_max_buf) { 866 errno = ENOBUFS; 867 } else { 868 RD(q)->q_hiwat = *i1; 869 (void) proto_set_rx_hiwat(RD(q), NULL, *i1); 870 } 871 break; 872 default: 873 errno = EINVAL; 874 } 875 mutex_exit(&ks->keysock_lock); 876 break; 877 default: 878 errno = EINVAL; 879 } 880 return (errno); 881 } 882 883 /* 884 * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and 885 * PF_POLICY. 886 */ 887 void 888 keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family) 889 { 890 mblk_t *mp1; 891 STRUCT_HANDLE(strbuf, sb); 892 /* What size of sockaddr do we need? */ 893 const uint_t addrlen = sizeof (struct sockaddr); 894 895 /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */ 896 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) { 897 case TI_GETMYNAME: 898 case TI_GETPEERNAME: 899 break; 900 default: 901 freemsg(mp); 902 return; 903 } 904 905 switch (mi_copy_state(q, mp, &mp1)) { 906 case -1: 907 return; 908 case MI_COPY_CASE(MI_COPY_IN, 1): 909 break; 910 case MI_COPY_CASE(MI_COPY_OUT, 1): 911 /* 912 * The address has been copied out, so now 913 * copyout the strbuf. 914 */ 915 mi_copyout(q, mp); 916 return; 917 case MI_COPY_CASE(MI_COPY_OUT, 2): 918 /* 919 * The address and strbuf have been copied out. 920 * We're done, so just acknowledge the original 921 * M_IOCTL. 922 */ 923 mi_copy_done(q, mp, 0); 924 return; 925 default: 926 /* 927 * Something strange has happened, so acknowledge 928 * the original M_IOCTL with an EPROTO error. 929 */ 930 mi_copy_done(q, mp, EPROTO); 931 return; 932 } 933 934 /* 935 * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we 936 * copyout the requested address and then we'll copyout the strbuf. 937 * Regardless of sockname or peername, we just return a sockaddr with 938 * sa_family set. 939 */ 940 STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag, 941 (void *)mp1->b_rptr); 942 943 if (STRUCT_FGET(sb, maxlen) < addrlen) { 944 mi_copy_done(q, mp, EINVAL); 945 return; 946 } 947 948 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE); 949 if (mp1 == NULL) 950 return; 951 952 STRUCT_FSET(sb, len, addrlen); 953 ((struct sockaddr *)mp1->b_wptr)->sa_family = family; 954 mp1->b_wptr += addrlen; 955 mi_copyout(q, mp); 956 } 957 958 /* 959 * Handle STREAMS messages. 960 */ 961 static void 962 keysock_wput_other(queue_t *q, mblk_t *mp) 963 { 964 struct iocblk *iocp; 965 int error; 966 keysock_t *ks = (keysock_t *)q->q_ptr; 967 keysock_stack_t *keystack = ks->keysock_keystack; 968 cred_t *cr; 969 970 switch (mp->b_datap->db_type) { 971 case M_PROTO: 972 case M_PCPROTO: 973 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) { 974 ks3dbg(keystack, ( 975 "keysock_wput_other: Not big enough M_PROTO\n")); 976 freemsg(mp); 977 return; 978 } 979 switch (((union T_primitives *)mp->b_rptr)->type) { 980 case T_CAPABILITY_REQ: 981 keysock_capability_req(q, mp); 982 break; 983 case T_INFO_REQ: 984 keysock_info_req(q, mp); 985 break; 986 case T_SVR4_OPTMGMT_REQ: 987 case T_OPTMGMT_REQ: 988 /* 989 * All Solaris components should pass a db_credp 990 * for this TPI message, hence we ASSERT. 991 * But in case there is some other M_PROTO that looks 992 * like a TPI message sent by some other kernel 993 * component, we check and return an error. 994 */ 995 cr = msg_getcred(mp, NULL); 996 ASSERT(cr != NULL); 997 if (cr == NULL) { 998 keysock_err_ack(q, mp, TSYSERR, EINVAL); 999 return; 1000 } 1001 if (((union T_primitives *)mp->b_rptr)->type == 1002 T_SVR4_OPTMGMT_REQ) { 1003 svr4_optcom_req(q, mp, cr, &keysock_opt_obj); 1004 } else { 1005 tpi_optcom_req(q, mp, cr, &keysock_opt_obj); 1006 } 1007 break; 1008 case T_DATA_REQ: 1009 case T_EXDATA_REQ: 1010 case T_ORDREL_REQ: 1011 /* Illegal for keysock. */ 1012 freemsg(mp); 1013 (void) putnextctl1(RD(q), M_ERROR, EPROTO); 1014 break; 1015 default: 1016 /* Not supported by keysock. */ 1017 keysock_err_ack(q, mp, TNOTSUPPORT, 0); 1018 break; 1019 } 1020 return; 1021 case M_IOCDATA: 1022 keysock_spdsock_wput_iocdata(q, mp, PF_KEY); 1023 return; 1024 case M_IOCTL: 1025 iocp = (struct iocblk *)mp->b_rptr; 1026 error = EINVAL; 1027 1028 switch (iocp->ioc_cmd) { 1029 case TI_GETMYNAME: 1030 case TI_GETPEERNAME: 1031 /* 1032 * For pfiles(1) observability with getsockname(). 1033 * See keysock_spdsock_wput_iocdata() for the rest of 1034 * this. 1035 */ 1036 mi_copyin(q, mp, NULL, 1037 SIZEOF_STRUCT(strbuf, iocp->ioc_flag)); 1038 return; 1039 case ND_SET: 1040 case ND_GET: 1041 if (nd_getset(q, keystack->keystack_g_nd, mp)) { 1042 qreply(q, mp); 1043 return; 1044 } else 1045 error = ENOENT; 1046 /* FALLTHRU */ 1047 default: 1048 miocnak(q, mp, 0, error); 1049 return; 1050 } 1051 case M_FLUSH: 1052 if (*mp->b_rptr & FLUSHW) { 1053 flushq(q, FLUSHALL); 1054 *mp->b_rptr &= ~FLUSHW; 1055 } 1056 if (*mp->b_rptr & FLUSHR) { 1057 qreply(q, mp); 1058 return; 1059 } 1060 /* Else FALLTHRU */ 1061 } 1062 1063 /* If fell through, just black-hole the message. */ 1064 freemsg(mp); 1065 } 1066 1067 /* 1068 * Transmit a PF_KEY error message to the instance either pointed to 1069 * by ks, the instance with serial number serial, or more, depending. 1070 * 1071 * The faulty message (or a reasonable facsimile thereof) is in mp. 1072 * This function will free mp or recycle it for delivery, thereby causing 1073 * the stream head to free it. 1074 */ 1075 void 1076 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic) 1077 { 1078 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1079 keysock_stack_t *keystack = ks->keysock_keystack; 1080 1081 ASSERT(mp->b_datap->db_type == M_DATA); 1082 1083 if (samsg->sadb_msg_type < SADB_GETSPI || 1084 samsg->sadb_msg_type > SADB_MAX) 1085 samsg->sadb_msg_type = SADB_RESERVED; 1086 1087 /* 1088 * Strip out extension headers. 1089 */ 1090 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim); 1091 mp->b_wptr = mp->b_rptr + sizeof (*samsg); 1092 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t)); 1093 samsg->sadb_msg_errno = (uint8_t)error; 1094 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic; 1095 1096 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack); 1097 } 1098 1099 /* 1100 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy 1101 * in the extv if passed in. 1102 */ 1103 static void 1104 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[], 1105 boolean_t flushmsg) 1106 { 1107 keysock_consumer_t *kc; 1108 mblk_t *wrapper; 1109 keysock_in_t *ksi; 1110 int i; 1111 keysock_stack_t *keystack = ks->keysock_keystack; 1112 1113 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI); 1114 if (wrapper == NULL) { 1115 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n")); 1116 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL) { 1117 bzero(extv[SADB_EXT_KEY_ENCRYPT], 1118 SADB_64TO8( 1119 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len)); 1120 } 1121 if (extv[SADB_EXT_KEY_AUTH] != NULL) { 1122 bzero(extv[SADB_EXT_KEY_AUTH], 1123 SADB_64TO8( 1124 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len)); 1125 } 1126 if (extv[SADB_X_EXT_STR_AUTH] != NULL) { 1127 bzero(extv[SADB_X_EXT_STR_AUTH], 1128 SADB_64TO8( 1129 extv[SADB_X_EXT_STR_AUTH]->sadb_ext_len)); 1130 } 1131 if (flushmsg) { 1132 ks0dbg(( 1133 "keysock: Downwards flush/dump message failed!\n")); 1134 /* If this is true, I hold the perimeter. */ 1135 keystack->keystack_flushdump--; 1136 } 1137 freemsg(mp); 1138 return; 1139 } 1140 1141 wrapper->b_datap->db_type = M_CTL; 1142 ksi = (keysock_in_t *)wrapper->b_rptr; 1143 ksi->ks_in_type = KEYSOCK_IN; 1144 ksi->ks_in_len = sizeof (keysock_in_t); 1145 if (extv[SADB_EXT_ADDRESS_SRC] != NULL) 1146 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN; 1147 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE; 1148 if (extv[SADB_EXT_ADDRESS_DST] != NULL) 1149 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN; 1150 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE; 1151 for (i = 0; i <= SADB_EXT_MAX; i++) 1152 ksi->ks_in_extv[i] = extv[i]; 1153 ksi->ks_in_serial = ks->keysock_serial; 1154 wrapper->b_wptr += sizeof (ipsec_info_t); 1155 wrapper->b_cont = mp; 1156 1157 /* 1158 * Find the appropriate consumer where the message is passed down. 1159 */ 1160 kc = keystack->keystack_consumers[satype]; 1161 if (kc == NULL) { 1162 freeb(wrapper); 1163 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1164 if (flushmsg) { 1165 ks0dbg(( 1166 "keysock: Downwards flush/dump message failed!\n")); 1167 /* If this is true, I hold the perimeter. */ 1168 keystack->keystack_flushdump--; 1169 } 1170 return; 1171 } 1172 1173 /* 1174 * NOTE: There used to be code in here to spin while a flush or 1175 * dump finished. Keysock now assumes that consumers have enough 1176 * MT-savviness to deal with that. 1177 */ 1178 1179 /* 1180 * Current consumers (AH and ESP) are guaranteed to return a 1181 * FLUSH or DUMP message back, so when we reach here, we don't 1182 * have to worry about keysock_flushdumps. 1183 */ 1184 1185 putnext(kc->kc_wq, wrapper); 1186 } 1187 1188 /* 1189 * High-level reality checking of extensions. 1190 */ 1191 static boolean_t 1192 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack) 1193 { 1194 int i; 1195 uint64_t *lp; 1196 sadb_ident_t *id; 1197 char *idstr; 1198 1199 switch (ext->sadb_ext_type) { 1200 case SADB_EXT_ADDRESS_SRC: 1201 case SADB_EXT_ADDRESS_DST: 1202 case SADB_X_EXT_ADDRESS_INNER_SRC: 1203 case SADB_X_EXT_ADDRESS_INNER_DST: 1204 /* Check for at least enough addtl length for a sockaddr. */ 1205 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t))) 1206 return (B_FALSE); 1207 break; 1208 case SADB_EXT_LIFETIME_HARD: 1209 case SADB_EXT_LIFETIME_SOFT: 1210 case SADB_EXT_LIFETIME_CURRENT: 1211 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t))) 1212 return (B_FALSE); 1213 break; 1214 case SADB_EXT_SPIRANGE: 1215 /* See if the SPI range is legit. */ 1216 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) > 1217 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max)) 1218 return (B_FALSE); 1219 break; 1220 case SADB_EXT_KEY_AUTH: 1221 case SADB_EXT_KEY_ENCRYPT: 1222 /* Key length check. */ 1223 if (((sadb_key_t *)ext)->sadb_key_bits == 0) 1224 return (B_FALSE); 1225 /* 1226 * Check to see if the key length (in bits) is less than the 1227 * extension length (in 8-bits words). 1228 */ 1229 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) + 1230 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) { 1231 ks1dbg(keystack, ( 1232 "ext_check: Key bits/length inconsistent.\n")); 1233 ks1dbg(keystack, ("%d bits, len is %d bytes.\n", 1234 ((sadb_key_t *)ext)->sadb_key_bits, 1235 SADB_64TO8(ext->sadb_ext_len))); 1236 return (B_FALSE); 1237 } 1238 1239 /* All-zeroes key check. */ 1240 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t)); 1241 for (i = 0; 1242 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t))); 1243 i++) 1244 if (lp[i] != 0) 1245 break; /* Out of for loop. */ 1246 /* If finished the loop naturally, it's an all zero key. */ 1247 if (lp[i] == 0) 1248 return (B_FALSE); 1249 break; 1250 case SADB_X_EXT_STR_AUTH: { 1251 sadb_key_t *key = (sadb_key_t *)ext; 1252 1253 if (key->sadb_key_bits == 0) 1254 return (B_FALSE); 1255 if (key->sadb_key_bits > SADB_8TO1(TCPSIG_MD5_KEY_LEN)) 1256 return (B_FALSE); 1257 break; 1258 } 1259 case SADB_EXT_IDENTITY_SRC: 1260 case SADB_EXT_IDENTITY_DST: 1261 /* 1262 * Make sure the strings in these identities are 1263 * null-terminated. RFC 2367 underspecified how to handle 1264 * such a case. I "proactively" null-terminate the string 1265 * at the last byte if it's not terminated sooner. 1266 */ 1267 id = (sadb_ident_t *)ext; 1268 i = SADB_64TO8(id->sadb_ident_len); 1269 i -= sizeof (sadb_ident_t); 1270 idstr = (char *)(id + 1); 1271 while (*idstr != '\0' && i > 0) { 1272 i--; 1273 idstr++; 1274 } 1275 if (i == 0) { 1276 /* 1277 * I.e., if the bozo user didn't NULL-terminate the 1278 * string... 1279 */ 1280 idstr--; 1281 *idstr = '\0'; 1282 } 1283 break; 1284 } 1285 return (B_TRUE); /* For now... */ 1286 } 1287 1288 /* Return values for keysock_get_ext(). */ 1289 #define KGE_OK 0 1290 #define KGE_DUP 1 1291 #define KGE_UNK 2 1292 #define KGE_LEN 3 1293 #define KGE_CHK 4 1294 1295 /* 1296 * Parse basic extension headers and return in the passed-in pointer vector. 1297 * Return values include: 1298 * 1299 * KGE_OK Everything's nice and parsed out. 1300 * If there are no extensions, place NULL in extv[0]. 1301 * KGE_DUP There is a duplicate extension. 1302 * First instance in appropriate bin. First duplicate in 1303 * extv[0]. 1304 * KGE_UNK Unknown extension type encountered. extv[0] contains 1305 * unknown header. 1306 * KGE_LEN Extension length error. 1307 * KGE_CHK High-level reality check failed on specific extension. 1308 * 1309 * My apologies for some of the pointer arithmetic in here. I'm thinking 1310 * like an assembly programmer, yet trying to make the compiler happy. 1311 */ 1312 static int 1313 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize, 1314 keysock_stack_t *keystack) 1315 { 1316 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1)); 1317 1318 /* Use extv[0] as the "current working pointer". */ 1319 1320 extv[0] = (sadb_ext_t *)(basehdr + 1); 1321 1322 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) { 1323 /* Check for unknown headers. */ 1324 if (extv[0]->sadb_ext_type == 0 || 1325 extv[0]->sadb_ext_type > SADB_EXT_MAX) 1326 return (KGE_UNK); 1327 1328 /* 1329 * Check length. Use uint64_t because extlen is in units 1330 * of 64-bit words. If length goes beyond the msgsize, 1331 * return an error. (Zero length also qualifies here.) 1332 */ 1333 if (extv[0]->sadb_ext_len == 0 || 1334 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) > 1335 (void *)((uint8_t *)basehdr + msgsize)) 1336 return (KGE_LEN); 1337 1338 /* Check for redundant headers. */ 1339 if (extv[extv[0]->sadb_ext_type] != NULL) 1340 return (KGE_DUP); 1341 1342 /* 1343 * Reality check the extension if possible at the keysock 1344 * level. 1345 */ 1346 if (!ext_check(extv[0], keystack)) 1347 return (KGE_CHK); 1348 1349 /* If I make it here, assign the appropriate bin. */ 1350 extv[extv[0]->sadb_ext_type] = extv[0]; 1351 1352 /* Advance pointer (See above for uint64_t ptr reasoning.) */ 1353 extv[0] = (sadb_ext_t *) 1354 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len); 1355 } 1356 1357 /* Everything's cool. */ 1358 1359 /* 1360 * If extv[0] == NULL, then there are no extension headers in this 1361 * message. Ensure that this is the case. 1362 */ 1363 if (extv[0] == (sadb_ext_t *)(basehdr + 1)) 1364 extv[0] = NULL; 1365 1366 return (KGE_OK); 1367 } 1368 1369 /* 1370 * qwriter() callback to handle flushes and dumps. This routine will hold 1371 * the inner perimeter. 1372 */ 1373 void 1374 keysock_do_flushdump(queue_t *q, mblk_t *mp) 1375 { 1376 int i, start, finish; 1377 mblk_t *mp1 = NULL; 1378 keysock_t *ks = (keysock_t *)q->q_ptr; 1379 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1380 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1381 keysock_stack_t *keystack = ks->keysock_keystack; 1382 1383 /* 1384 * I am guaranteed this will work. I did the work in keysock_parse() 1385 * already. 1386 */ 1387 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len), 1388 keystack); 1389 1390 /* 1391 * I hold the perimeter, therefore I don't need to use atomic ops. 1392 */ 1393 if (keystack->keystack_flushdump != 0) { 1394 /* XXX Should I instead use EBUSY? */ 1395 /* XXX Or is there a way to queue these up? */ 1396 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE); 1397 return; 1398 } 1399 1400 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1401 start = 0; 1402 finish = KEYSOCK_MAX_CONSUMERS - 1; 1403 } else { 1404 start = samsg->sadb_msg_satype; 1405 finish = samsg->sadb_msg_satype; 1406 } 1407 1408 /* 1409 * Fill up keysock_flushdump with the number of outstanding dumps 1410 * and/or flushes. 1411 */ 1412 1413 keystack->keystack_flushdump_errno = 0; 1414 1415 /* 1416 * Okay, I hold the perimeter. Eventually keysock_flushdump will 1417 * contain the number of consumers with outstanding flush operations. 1418 * 1419 * SO, here's the plan: 1420 * * For each relevant consumer (Might be one, might be all) 1421 * * Twiddle on the FLUSHING flag. 1422 * * Pass down the FLUSH/DUMP message. 1423 * 1424 * When I see upbound FLUSH/DUMP messages, I will decrement the 1425 * keysock_flushdump. When I decrement it to 0, I will pass the 1426 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will 1427 * pass down the right SA type to the consumer (either its own, or 1428 * that of UNSPEC), the right one will be reflected from each consumer, 1429 * and accordingly back to the socket. 1430 */ 1431 1432 mutex_enter(&keystack->keystack_consumers_lock); 1433 for (i = start; i <= finish; i++) { 1434 if (keystack->keystack_consumers[i] != NULL) { 1435 mp1 = copymsg(mp); 1436 if (mp1 == NULL) { 1437 ks0dbg(("SADB_FLUSH copymsg() failed.\n")); 1438 /* 1439 * Error? And what about outstanding 1440 * flushes? Oh, yeah, they get sucked up and 1441 * the counter is decremented. Consumers 1442 * (see keysock_passdown()) are guaranteed 1443 * to deliver back a flush request, even if 1444 * it's an error. 1445 */ 1446 keysock_error(ks, mp, ENOMEM, 1447 SADB_X_DIAGNOSTIC_NONE); 1448 return; 1449 } 1450 /* 1451 * Because my entry conditions are met above, the 1452 * following assertion should hold true. 1453 */ 1454 mutex_enter(&keystack->keystack_consumers[i]->kc_lock); 1455 ASSERT((keystack->keystack_consumers[i]->kc_flags & 1456 KC_FLUSHING) == 0); 1457 keystack->keystack_consumers[i]->kc_flags |= 1458 KC_FLUSHING; 1459 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock)); 1460 /* Always increment the number of flushes... */ 1461 keystack->keystack_flushdump++; 1462 /* Guaranteed to return a message. */ 1463 keysock_passdown(ks, mp1, i, extv, B_TRUE); 1464 } else if (start == finish) { 1465 /* 1466 * In case where start == finish, and there's no 1467 * consumer, should we force an error? Yes. 1468 */ 1469 mutex_exit(&keystack->keystack_consumers_lock); 1470 keysock_error(ks, mp, EINVAL, 1471 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1472 return; 1473 } 1474 } 1475 mutex_exit(&keystack->keystack_consumers_lock); 1476 1477 if (keystack->keystack_flushdump == 0) { 1478 /* 1479 * There were no consumers at all for this message. 1480 * XXX For now return ESRCH. 1481 */ 1482 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS); 1483 } else { 1484 /* Otherwise, free the original message. */ 1485 freemsg(mp); 1486 } 1487 } 1488 1489 /* 1490 * Get the right diagnostic for a duplicate. Should probably use a static 1491 * table lookup. 1492 */ 1493 int 1494 keysock_duplicate(int ext_type) 1495 { 1496 int rc = 0; 1497 1498 switch (ext_type) { 1499 case SADB_EXT_ADDRESS_SRC: 1500 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC; 1501 break; 1502 case SADB_EXT_ADDRESS_DST: 1503 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST; 1504 break; 1505 case SADB_X_EXT_ADDRESS_INNER_SRC: 1506 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC; 1507 break; 1508 case SADB_X_EXT_ADDRESS_INNER_DST: 1509 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST; 1510 break; 1511 case SADB_EXT_SA: 1512 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA; 1513 break; 1514 case SADB_EXT_SPIRANGE: 1515 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE; 1516 break; 1517 case SADB_EXT_KEY_AUTH: 1518 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY; 1519 break; 1520 case SADB_EXT_KEY_ENCRYPT: 1521 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY; 1522 break; 1523 case SADB_X_EXT_STR_AUTH: 1524 rc = SADB_X_DIAGNOSTIC_DUPLICATE_ASTR; 1525 break; 1526 } 1527 return (rc); 1528 } 1529 1530 /* 1531 * Get the right diagnostic for a reality check failure. Should probably use 1532 * a static table lookup. 1533 */ 1534 int 1535 keysock_malformed(int ext_type) 1536 { 1537 int rc = 0; 1538 1539 switch (ext_type) { 1540 case SADB_EXT_ADDRESS_SRC: 1541 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC; 1542 break; 1543 case SADB_EXT_ADDRESS_DST: 1544 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST; 1545 break; 1546 case SADB_X_EXT_ADDRESS_INNER_SRC: 1547 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC; 1548 break; 1549 case SADB_X_EXT_ADDRESS_INNER_DST: 1550 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST; 1551 break; 1552 case SADB_EXT_SA: 1553 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA; 1554 break; 1555 case SADB_EXT_SPIRANGE: 1556 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE; 1557 break; 1558 case SADB_EXT_KEY_AUTH: 1559 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY; 1560 break; 1561 case SADB_EXT_KEY_ENCRYPT: 1562 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY; 1563 break; 1564 case SADB_X_EXT_STR_AUTH: 1565 rc = SADB_X_DIAGNOSTIC_MALFORMED_ASTR; 1566 break; 1567 } 1568 return (rc); 1569 } 1570 1571 /* 1572 * Keysock massaging of an inverse ACQUIRE. Consult policy, 1573 * and construct an appropriate response. 1574 */ 1575 static void 1576 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[], 1577 keysock_t *ks) 1578 { 1579 mblk_t *reply_mp; 1580 keysock_stack_t *keystack = ks->keysock_keystack; 1581 1582 /* 1583 * Reality check things... 1584 */ 1585 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) { 1586 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC); 1587 return; 1588 } 1589 if (extv[SADB_EXT_ADDRESS_DST] == NULL) { 1590 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST); 1591 return; 1592 } 1593 1594 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL && 1595 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) { 1596 keysock_error(ks, mp, EINVAL, 1597 SADB_X_DIAGNOSTIC_MISSING_INNER_DST); 1598 return; 1599 } 1600 1601 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL && 1602 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) { 1603 keysock_error(ks, mp, EINVAL, 1604 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC); 1605 return; 1606 } 1607 1608 reply_mp = ipsec_construct_inverse_acquire(samsg, extv, 1609 keystack->keystack_netstack); 1610 1611 if (reply_mp != NULL) { 1612 freemsg(mp); 1613 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr, 1614 ks->keysock_serial, NULL, B_FALSE, keystack); 1615 } else { 1616 keysock_error(ks, mp, samsg->sadb_msg_errno, 1617 samsg->sadb_x_msg_diagnostic); 1618 } 1619 } 1620 1621 /* 1622 * Spew an extended REGISTER down to the relevant consumers. 1623 */ 1624 static void 1625 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1626 { 1627 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG]; 1628 uint8_t *satypes, *fencepost; 1629 mblk_t *downmp; 1630 sadb_ext_t *downextv[SADB_EXT_MAX + 1]; 1631 keysock_stack_t *keystack = ks->keysock_keystack; 1632 1633 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 || 1634 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) { 1635 keysock_error(ks, mp, EBUSY, 0); 1636 } 1637 1638 ks->keysock_flags |= KEYSOCK_EXTENDED; 1639 if (ereg == NULL) { 1640 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1641 } else { 1642 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr); 1643 fencepost = (uint8_t *)mp->b_wptr; 1644 satypes = ereg->sadb_x_ereg_satypes; 1645 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) { 1646 downmp = copymsg(mp); 1647 if (downmp == NULL) { 1648 keysock_error(ks, mp, ENOMEM, 0); 1649 return; 1650 } 1651 /* 1652 * Since we've made it here, keysock_get_ext will work! 1653 */ 1654 (void) keysock_get_ext(downextv, 1655 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp), 1656 keystack); 1657 keysock_passdown(ks, downmp, *satypes, downextv, 1658 B_FALSE); 1659 ++satypes; 1660 } 1661 freemsg(mp); 1662 } 1663 1664 /* 1665 * Set global to indicate we prefer an extended ACQUIRE. 1666 */ 1667 atomic_inc_32(&keystack->keystack_num_extended); 1668 } 1669 1670 static void 1671 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1672 { 1673 int i, start, finish; 1674 mblk_t *mp1 = NULL; 1675 keysock_stack_t *keystack = ks->keysock_keystack; 1676 1677 start = 0; 1678 finish = KEYSOCK_MAX_CONSUMERS - 1; 1679 1680 for (i = start; i <= finish; i++) { 1681 if (keystack->keystack_consumers[i] != NULL) { 1682 mp1 = copymsg(mp); 1683 if (mp1 == NULL) { 1684 keysock_error(ks, mp, ENOMEM, 1685 SADB_X_DIAGNOSTIC_NONE); 1686 return; 1687 } 1688 keysock_passdown(ks, mp1, i, extv, B_FALSE); 1689 } 1690 } 1691 } 1692 1693 /* 1694 * Handle PF_KEY messages. 1695 */ 1696 static void 1697 keysock_parse(queue_t *q, mblk_t *mp) 1698 { 1699 sadb_msg_t *samsg; 1700 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1701 keysock_t *ks = (keysock_t *)q->q_ptr; 1702 uint_t msgsize; 1703 uint8_t satype; 1704 keysock_stack_t *keystack = ks->keysock_keystack; 1705 1706 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */ 1707 ASSERT(WR(q)->q_next == NULL); 1708 1709 samsg = (sadb_msg_t *)mp->b_rptr; 1710 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n", 1711 samsg->sadb_msg_type)); 1712 1713 msgsize = SADB_64TO8(samsg->sadb_msg_len); 1714 1715 if (msgdsize(mp) != msgsize) { 1716 /* 1717 * Message len incorrect w.r.t. actual size. Send an error 1718 * (EMSGSIZE). It may be necessary to massage things a 1719 * bit. For example, if the sadb_msg_type is hosed, 1720 * I need to set it to SADB_RESERVED to get delivery to 1721 * do the right thing. Then again, maybe just letting 1722 * the error delivery do the right thing. 1723 */ 1724 ks2dbg(keystack, 1725 ("mblk (%lu) and base (%d) message sizes don't jibe.\n", 1726 msgdsize(mp), msgsize)); 1727 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE); 1728 return; 1729 } 1730 1731 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) { 1732 /* Get all message into one mblk. */ 1733 if (pullupmsg(mp, -1) == 0) { 1734 /* 1735 * Something screwy happened. 1736 */ 1737 ks3dbg(keystack, 1738 ("keysock_parse: pullupmsg() failed.\n")); 1739 return; 1740 } else { 1741 samsg = (sadb_msg_t *)mp->b_rptr; 1742 } 1743 } 1744 1745 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) { 1746 case KGE_DUP: 1747 /* Handle duplicate extension. */ 1748 ks1dbg(keystack, ("Got duplicate extension of type %d.\n", 1749 extv[0]->sadb_ext_type)); 1750 keysock_error(ks, mp, EINVAL, 1751 keysock_duplicate(extv[0]->sadb_ext_type)); 1752 return; 1753 case KGE_UNK: 1754 /* Handle unknown extension. */ 1755 ks1dbg(keystack, ("Got unknown extension of type %d.\n", 1756 extv[0]->sadb_ext_type)); 1757 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT); 1758 return; 1759 case KGE_LEN: 1760 /* Length error. */ 1761 ks1dbg(keystack, 1762 ("Length %d on extension type %d overrun or 0.\n", 1763 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type)); 1764 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN); 1765 return; 1766 case KGE_CHK: 1767 /* Reality check failed. */ 1768 ks1dbg(keystack, 1769 ("Reality check failed on extension type %d.\n", 1770 extv[0]->sadb_ext_type)); 1771 keysock_error(ks, mp, EINVAL, 1772 keysock_malformed(extv[0]->sadb_ext_type)); 1773 return; 1774 default: 1775 /* Default case is no errors. */ 1776 break; 1777 } 1778 1779 /* 1780 * If this is a TCPSIG SA message, pass it off to the handler in 1781 * tcp_sig.c and return. This is not implemented as a downstream 1782 * module. 1783 */ 1784 if (samsg->sadb_msg_satype == SADB_X_SATYPE_TCPSIG) { 1785 tcpsig_sa_handler(ks, mp, samsg, extv); 1786 return; 1787 } 1788 1789 switch (samsg->sadb_msg_type) { 1790 case SADB_REGISTER: 1791 /* 1792 * There's a semantic weirdness in that a message OTHER than 1793 * the return REGISTER message may be passed up if I set the 1794 * registered bit BEFORE I pass it down. 1795 * 1796 * SOOOO, I'll not twiddle any registered bits until I see 1797 * the upbound REGISTER (with a serial number in it). 1798 */ 1799 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1800 /* Handle extended register here. */ 1801 keysock_extended_register(ks, mp, extv); 1802 return; 1803 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) { 1804 keysock_error(ks, mp, EBUSY, 0); 1805 return; 1806 } 1807 /* FALLTHRU */ 1808 case SADB_GETSPI: 1809 case SADB_ADD: 1810 case SADB_UPDATE: 1811 case SADB_X_UPDATEPAIR: 1812 case SADB_DELETE: 1813 case SADB_X_DELPAIR: 1814 case SADB_GET: 1815 /* 1816 * Pass down to appropriate consumer. 1817 */ 1818 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC) { 1819 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1820 B_FALSE); 1821 } else { 1822 keysock_error(ks, mp, EINVAL, 1823 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1824 } 1825 return; 1826 case SADB_X_DELPAIR_STATE: 1827 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1828 keysock_delpair_all(ks, mp, extv); 1829 } else { 1830 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1831 B_FALSE); 1832 } 1833 return; 1834 case SADB_ACQUIRE: 1835 /* 1836 * If I _receive_ an acquire, this means I should spread it 1837 * out to registered sockets. Unless there's an errno... 1838 * 1839 * Need ADDRESS, may have ID, SENS, and PROP, unless errno, 1840 * in which case there should be NO extensions. 1841 * 1842 * Return to registered. 1843 */ 1844 if (samsg->sadb_msg_errno != 0) { 1845 satype = samsg->sadb_msg_satype; 1846 if (satype == SADB_SATYPE_UNSPEC) { 1847 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) { 1848 keysock_error(ks, mp, EINVAL, 1849 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1850 return; 1851 } 1852 /* 1853 * Reassign satype based on the first 1854 * flags that KEYSOCK_SETREG says. 1855 */ 1856 while (satype <= SADB_SATYPE_MAX) { 1857 if (KEYSOCK_ISREG(ks, satype)) 1858 break; 1859 satype++; 1860 } 1861 if (satype > SADB_SATYPE_MAX) { 1862 keysock_error(ks, mp, EBUSY, 0); 1863 return; 1864 } 1865 } 1866 keysock_passdown(ks, mp, satype, extv, B_FALSE); 1867 } else { 1868 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1869 keysock_error(ks, mp, EINVAL, 1870 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1871 } else { 1872 keysock_passup(mp, samsg, 0, NULL, B_FALSE, 1873 keystack); 1874 } 1875 } 1876 return; 1877 case SADB_EXPIRE: 1878 /* 1879 * If someone sends this in, then send out to all senders. 1880 * (Save maybe ESP or AH, I have to be careful here.) 1881 * 1882 * Need ADDRESS, may have ID and SENS. 1883 * 1884 * XXX for now this is unsupported. 1885 */ 1886 break; 1887 case SADB_FLUSH: 1888 /* 1889 * Nuke all SAs. 1890 * 1891 * No extensions at all. Return to all listeners. 1892 * 1893 * Question: Should I hold a lock here to prevent 1894 * additions/deletions while flushing? 1895 * Answer: No. (See keysock_passdown() for details.) 1896 */ 1897 if (extv[0] != NULL) { 1898 /* 1899 * FLUSH messages shouldn't have extensions. 1900 * Return EINVAL. 1901 */ 1902 ks2dbg(keystack, ("FLUSH message with extension.\n")); 1903 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT); 1904 return; 1905 } 1906 1907 /* Passing down of DUMP/FLUSH messages are special. */ 1908 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1909 return; 1910 case SADB_DUMP: /* not used by normal applications */ 1911 if ((extv[0] != NULL) && 1912 ((msgsize > 1913 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) || 1914 (extv[SADB_X_EXT_EDUMP] == NULL))) { 1915 keysock_error(ks, mp, EINVAL, 1916 SADB_X_DIAGNOSTIC_NO_EXT); 1917 return; 1918 } 1919 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1920 return; 1921 case SADB_X_PROMISC: 1922 /* 1923 * Promiscuous processing message. 1924 */ 1925 if (samsg->sadb_msg_satype == 0) 1926 ks->keysock_flags &= ~KEYSOCK_PROMISC; 1927 else 1928 ks->keysock_flags |= KEYSOCK_PROMISC; 1929 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, 1930 keystack); 1931 return; 1932 case SADB_X_INVERSE_ACQUIRE: 1933 keysock_inverse_acquire(mp, samsg, extv, ks); 1934 return; 1935 default: 1936 ks2dbg(keystack, ("Got unknown message type %d.\n", 1937 samsg->sadb_msg_type)); 1938 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG); 1939 return; 1940 } 1941 1942 /* As a placeholder... */ 1943 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n")); 1944 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE); 1945 } 1946 1947 /* 1948 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket, 1949 * I don't convert to ioctl()'s for IP. I am the end-all driver as far 1950 * as PF_KEY sockets are concerned. I do some conversion, but not as much 1951 * as IP/rts does. 1952 */ 1953 static int 1954 keysock_wput(queue_t *q, mblk_t *mp) 1955 { 1956 uchar_t *rptr = mp->b_rptr; 1957 mblk_t *mp1; 1958 keysock_t *ks; 1959 keysock_stack_t *keystack; 1960 1961 if (WR(q)->q_next) { 1962 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 1963 keystack = kc->kc_keystack; 1964 1965 ks3dbg(keystack, ("In keysock_wput\n")); 1966 1967 /* 1968 * We shouldn't get writes on a consumer instance. 1969 * But for now, just passthru. 1970 */ 1971 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n", 1972 kc->kc_sa_type)); 1973 putnext(q, mp); 1974 return (0); 1975 } 1976 ks = (keysock_t *)q->q_ptr; 1977 keystack = ks->keysock_keystack; 1978 1979 ks3dbg(keystack, ("In keysock_wput\n")); 1980 1981 switch (mp->b_datap->db_type) { 1982 case M_DATA: 1983 /* 1984 * Silently discard. 1985 */ 1986 ks2dbg(keystack, ("raw M_DATA in keysock.\n")); 1987 freemsg(mp); 1988 return (0); 1989 case M_PROTO: 1990 case M_PCPROTO: 1991 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) { 1992 if (((union T_primitives *)rptr)->type == T_DATA_REQ) { 1993 if ((mp1 = mp->b_cont) == NULL) { 1994 /* No data after T_DATA_REQ. */ 1995 ks2dbg(keystack, 1996 ("No data after DATA_REQ.\n")); 1997 freemsg(mp); 1998 return (0); 1999 } 2000 freeb(mp); 2001 mp = mp1; 2002 ks2dbg(keystack, ("T_DATA_REQ\n")); 2003 break; /* Out of switch. */ 2004 } 2005 } 2006 /* FALLTHRU */ 2007 default: 2008 ks3dbg(keystack, ("In default wput case (%d %d).\n", 2009 mp->b_datap->db_type, ((union T_primitives *)rptr)->type)); 2010 keysock_wput_other(q, mp); 2011 return (0); 2012 } 2013 2014 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */ 2015 keysock_parse(q, mp); 2016 return (0); 2017 } 2018 2019 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */ 2020 2021 /* 2022 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate 2023 * state vectors. 2024 */ 2025 static void 2026 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc) 2027 { 2028 keysock_t *ks; 2029 keysock_stack_t *keystack = kc->kc_keystack; 2030 2031 mutex_enter(&keystack->keystack_consumers_lock); 2032 mutex_enter(&kc->kc_lock); 2033 if (keystack->keystack_consumers[satype] != NULL) { 2034 ks0dbg(( 2035 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n", 2036 satype)); 2037 /* 2038 * Perhaps updating the new below-me consumer with what I have 2039 * so far would work too? 2040 */ 2041 mutex_exit(&kc->kc_lock); 2042 mutex_exit(&keystack->keystack_consumers_lock); 2043 } else { 2044 /* Add new below-me consumer. */ 2045 keystack->keystack_consumers[satype] = kc; 2046 2047 kc->kc_flags = 0; 2048 kc->kc_sa_type = satype; 2049 mutex_exit(&kc->kc_lock); 2050 mutex_exit(&keystack->keystack_consumers_lock); 2051 2052 /* Scan the keysock list. */ 2053 mutex_enter(&keystack->keystack_list_lock); 2054 for (ks = keystack->keystack_list; ks != NULL; 2055 ks = ks->keysock_next) { 2056 if (KEYSOCK_ISREG(ks, satype)) { 2057 /* 2058 * XXX Perhaps send an SADB_REGISTER down on 2059 * the socket's behalf. 2060 */ 2061 ks1dbg(keystack, 2062 ("Socket %u registered already for " 2063 "new consumer.\n", ks->keysock_serial)); 2064 } 2065 } 2066 mutex_exit(&keystack->keystack_list_lock); 2067 } 2068 } 2069 2070 /* 2071 * Generate a KEYSOCK_OUT_ERR message for my consumer. 2072 */ 2073 static void 2074 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp) 2075 { 2076 keysock_out_err_t *kse; 2077 mblk_t *imp; 2078 keysock_stack_t *keystack = kc->kc_keystack; 2079 2080 imp = allocb(sizeof (ipsec_info_t), BPRI_HI); 2081 if (imp == NULL) { 2082 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n")); 2083 return; 2084 } 2085 2086 imp->b_datap->db_type = M_CTL; 2087 imp->b_wptr += sizeof (ipsec_info_t); 2088 2089 kse = (keysock_out_err_t *)imp->b_rptr; 2090 imp->b_cont = mp; 2091 kse->ks_err_type = KEYSOCK_OUT_ERR; 2092 kse->ks_err_len = sizeof (*kse); 2093 /* Is serial necessary? */ 2094 kse->ks_err_serial = 0; 2095 kse->ks_err_errno = ks_errno; 2096 2097 /* 2098 * XXX What else do I need to do here w.r.t. information 2099 * to tell the consumer what caused this error? 2100 * 2101 * I believe the answer is the PF_KEY ACQUIRE (or other) message 2102 * attached in mp, which is appended at the end. I believe the 2103 * db_ref won't matter here, because the PF_KEY message is only read 2104 * for KEYSOCK_OUT_ERR. 2105 */ 2106 2107 putnext(kc->kc_wq, imp); 2108 } 2109 2110 /* XXX this is a hack errno. */ 2111 #define EIPSECNOSA 255 2112 2113 /* 2114 * Route message (pointed by mp, header in samsg) toward appropriate 2115 * sockets. Assume the message's creator did its job correctly. 2116 * 2117 * This should be a function that is followed by a return in its caller. 2118 * The compiler _should_ be able to use tail-call optimizations to make the 2119 * large ## of parameters not a huge deal. 2120 */ 2121 void 2122 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial, 2123 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack) 2124 { 2125 keysock_t *ks; 2126 uint8_t satype = samsg->sadb_msg_satype; 2127 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE, 2128 setalg = B_FALSE; 2129 mblk_t *mp1; 2130 int err = EIPSECNOSA; 2131 2132 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */ 2133 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI); 2134 if (mp1 == NULL) { 2135 err = ENOMEM; 2136 goto error; 2137 } 2138 mp1->b_wptr += sizeof (struct T_data_req); 2139 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND; 2140 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0; 2141 mp1->b_datap->db_type = M_PROTO; 2142 mp1->b_cont = mp; 2143 mp = mp1; 2144 2145 switch (samsg->sadb_msg_type) { 2146 case SADB_FLUSH: 2147 case SADB_GETSPI: 2148 case SADB_UPDATE: 2149 case SADB_X_UPDATEPAIR: 2150 case SADB_ADD: 2151 case SADB_DELETE: 2152 case SADB_X_DELPAIR: 2153 case SADB_EXPIRE: 2154 /* 2155 * These are most likely replies. Don't worry about 2156 * KEYSOCK_OUT_ERR handling. Deliver to all sockets. 2157 */ 2158 ks3dbg(keystack, 2159 ("Delivering normal message (%d) to all sockets.\n", 2160 samsg->sadb_msg_type)); 2161 toall = B_TRUE; 2162 break; 2163 case SADB_REGISTER: 2164 /* 2165 * REGISTERs come up for one of three reasons: 2166 * 2167 * 1.) In response to a normal SADB_REGISTER 2168 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2169 * serial != 0) 2170 * Deliver to normal SADB_REGISTERed sockets. 2171 * 2.) In response to an extended REGISTER 2172 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 2173 * Deliver to extended REGISTERed socket. 2174 * 3.) Spontaneous algorithm changes 2175 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2176 * serial == 0) 2177 * Deliver to REGISTERed sockets of all sorts. 2178 */ 2179 if (kc == NULL) { 2180 /* Here because of keysock_error() call. */ 2181 ASSERT(samsg->sadb_msg_errno != 0); 2182 break; /* Out of switch. */ 2183 } 2184 ks3dbg(keystack, ("Delivering REGISTER.\n")); 2185 if (satype == SADB_SATYPE_UNSPEC) { 2186 /* REGISTER Reason #2 */ 2187 allereg = B_TRUE; 2188 /* 2189 * Rewhack SA type so PF_KEY socket holder knows what 2190 * consumer generated this algorithm list. 2191 */ 2192 satype = kc->kc_sa_type; 2193 samsg->sadb_msg_satype = satype; 2194 setalg = B_TRUE; 2195 } else if (serial == 0) { 2196 /* REGISTER Reason #3 */ 2197 allreg = B_TRUE; 2198 allereg = B_TRUE; 2199 } else { 2200 /* REGISTER Reason #1 */ 2201 allreg = B_TRUE; 2202 setalg = B_TRUE; 2203 } 2204 break; 2205 case SADB_ACQUIRE: 2206 /* 2207 * ACQUIREs are either extended (sadb_msg_satype == 0) or 2208 * regular (sadb_msg_satype != 0). And we're guaranteed 2209 * that serial == 0 for an ACQUIRE. 2210 */ 2211 ks3dbg(keystack, ("Delivering ACQUIRE.\n")); 2212 allereg = (satype == SADB_SATYPE_UNSPEC); 2213 allreg = !allereg; 2214 /* 2215 * Corner case - if we send a regular ACQUIRE and there's 2216 * extended ones registered, don't send an error down to 2217 * consumers if nobody's listening and prematurely destroy 2218 * their ACQUIRE record. This might be too hackish of a 2219 * solution. 2220 */ 2221 if (allreg && keystack->keystack_num_extended > 0) 2222 err = 0; 2223 break; 2224 case SADB_X_PROMISC: 2225 case SADB_X_INVERSE_ACQUIRE: 2226 case SADB_DUMP: 2227 case SADB_GET: 2228 default: 2229 /* 2230 * Deliver to the sender and promiscuous only. 2231 */ 2232 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n", 2233 samsg->sadb_msg_type)); 2234 break; 2235 } 2236 2237 mutex_enter(&keystack->keystack_list_lock); 2238 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) { 2239 /* Delivery loop. */ 2240 2241 /* 2242 * Check special keysock-setting cases (REGISTER replies) 2243 * here. 2244 */ 2245 if (setalg && serial == ks->keysock_serial) { 2246 ASSERT(kc != NULL); 2247 ASSERT(kc->kc_sa_type == satype); 2248 KEYSOCK_SETREG(ks, satype); 2249 } 2250 2251 /* 2252 * NOLOOP takes precedence over PROMISC. So if you've set 2253 * !SO_USELOOPBACK, don't expect to see any data... 2254 */ 2255 if (ks->keysock_flags & KEYSOCK_NOLOOP) 2256 continue; 2257 2258 /* 2259 * Messages to all, or promiscuous sockets just GET the 2260 * message. Perform rules-type checking iff it's not for all 2261 * listeners or the socket is in promiscuous mode. 2262 * 2263 * NOTE:Because of the (kc != NULL && ISREG()), make sure 2264 * extended ACQUIREs arrive off a consumer that is 2265 * part of the extended REGISTER set of consumers. 2266 */ 2267 if (serial != ks->keysock_serial && 2268 !toall && 2269 !(ks->keysock_flags & KEYSOCK_PROMISC) && 2270 !((ks->keysock_flags & KEYSOCK_EXTENDED) ? 2271 allereg : allreg && kc != NULL && 2272 KEYSOCK_ISREG(ks, kc->kc_sa_type))) 2273 continue; 2274 2275 mp1 = dupmsg(mp); 2276 if (mp1 == NULL) { 2277 ks2dbg(keystack, ( 2278 "keysock_passup(): dupmsg() failed.\n")); 2279 mp1 = mp; 2280 mp = NULL; 2281 err = ENOMEM; 2282 } 2283 2284 /* 2285 * At this point, we can deliver or attempt to deliver 2286 * this message. We're free of obligation to report 2287 * no listening PF_KEY sockets. So set err to 0. 2288 */ 2289 err = 0; 2290 2291 /* 2292 * See if we canputnext(), as well as see if the message 2293 * needs to be queued if we can't. 2294 */ 2295 if (!canputnext(ks->keysock_rq)) { 2296 if (persistent) { 2297 if (putq(ks->keysock_rq, mp1) == 0) { 2298 ks1dbg(keystack, ( 2299 "keysock_passup: putq failed.\n")); 2300 } else { 2301 continue; 2302 } 2303 } 2304 freemsg(mp1); 2305 continue; 2306 } 2307 2308 ks3dbg(keystack, 2309 ("Putting to serial %d.\n", ks->keysock_serial)); 2310 /* 2311 * Unlike the specific keysock instance case, this 2312 * will only hit for listeners, so we will only 2313 * putnext() if we can. 2314 */ 2315 putnext(ks->keysock_rq, mp1); 2316 if (mp == NULL) 2317 break; /* out of for loop. */ 2318 } 2319 mutex_exit(&keystack->keystack_list_lock); 2320 2321 error: 2322 if ((err != 0) && (kc != NULL)) { 2323 /* 2324 * Generate KEYSOCK_OUT_ERR for consumer. 2325 * Basically, I send this back if I have not been able to 2326 * transmit (for whatever reason) 2327 */ 2328 ks1dbg(keystack, 2329 ("keysock_passup(): No registered of type %d.\n", 2330 satype)); 2331 if (mp != NULL) { 2332 if (mp->b_datap->db_type == M_PROTO) { 2333 mp1 = mp; 2334 mp = mp->b_cont; 2335 freeb(mp1); 2336 } 2337 /* 2338 * Do a copymsg() because people who get 2339 * KEYSOCK_OUT_ERR may alter the message contents. 2340 */ 2341 mp1 = copymsg(mp); 2342 if (mp1 == NULL) { 2343 ks2dbg(keystack, 2344 ("keysock_passup: copymsg() failed.\n")); 2345 mp1 = mp; 2346 mp = NULL; 2347 } 2348 keysock_out_err(kc, err, mp1); 2349 } 2350 } 2351 2352 /* 2353 * XXX Blank the message somehow. This is difficult because we don't 2354 * know at this point if the message has db_ref > 1, etc. 2355 * 2356 * Optimally, keysock messages containing actual keying material would 2357 * be allocated with esballoc(), with a zeroing free function. 2358 */ 2359 if (mp != NULL) 2360 freemsg(mp); 2361 } 2362 2363 /* 2364 * Keysock's read service procedure is there only for PF_KEY reply 2365 * messages that really need to reach the top. 2366 */ 2367 static int 2368 keysock_rsrv(queue_t *q) 2369 { 2370 mblk_t *mp; 2371 2372 while ((mp = getq(q)) != NULL) { 2373 if (canputnext(q)) { 2374 putnext(q, mp); 2375 } else { 2376 (void) putbq(q, mp); 2377 return (0); 2378 } 2379 } 2380 return (0); 2381 } 2382 2383 /* 2384 * The read procedure should only be invoked by a keysock consumer, like 2385 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK 2386 * messages on my read queues. 2387 */ 2388 static int 2389 keysock_rput(queue_t *q, mblk_t *mp) 2390 { 2391 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 2392 ipsec_info_t *ii; 2393 keysock_hello_ack_t *ksa; 2394 minor_t serial; 2395 mblk_t *mp1; 2396 sadb_msg_t *samsg; 2397 keysock_stack_t *keystack = kc->kc_keystack; 2398 2399 /* Make sure I'm a consumer instance. (i.e. something's below me) */ 2400 ASSERT(WR(q)->q_next != NULL); 2401 2402 if (mp->b_datap->db_type != M_CTL) { 2403 /* 2404 * Keysock should only see keysock consumer interface 2405 * messages (see ipsec_info.h) on its read procedure. 2406 * To be robust, however, putnext() up so the STREAM head can 2407 * deal with it appropriately. 2408 */ 2409 ks1dbg(keystack, 2410 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n", 2411 mp->b_datap->db_type, mp->b_datap->db_type)); 2412 putnext(q, mp); 2413 return (0); 2414 } 2415 2416 ii = (ipsec_info_t *)mp->b_rptr; 2417 2418 switch (ii->ipsec_info_type) { 2419 case KEYSOCK_OUT: 2420 /* 2421 * A consumer needs to pass a response message or an ACQUIRE 2422 * UP. I assume that the consumer has done the right 2423 * thing w.r.t. message creation, etc. 2424 */ 2425 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial; 2426 mp1 = mp->b_cont; /* Get M_DATA portion. */ 2427 freeb(mp); 2428 samsg = (sadb_msg_t *)mp1->b_rptr; 2429 if (samsg->sadb_msg_type == SADB_FLUSH || 2430 (samsg->sadb_msg_type == SADB_DUMP && 2431 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) { 2432 /* 2433 * If I'm an end-of-FLUSH or an end-of-DUMP marker... 2434 */ 2435 ASSERT(keystack->keystack_flushdump != 0); 2436 /* Am I flushing? */ 2437 2438 mutex_enter(&kc->kc_lock); 2439 kc->kc_flags &= ~KC_FLUSHING; 2440 mutex_exit(&kc->kc_lock); 2441 2442 if (samsg->sadb_msg_errno != 0) 2443 keystack->keystack_flushdump_errno = 2444 samsg->sadb_msg_errno; 2445 2446 /* 2447 * Lower the atomic "flushing" count. If it's 2448 * the last one, send up the end-of-{FLUSH,DUMP} to 2449 * the appropriate PF_KEY socket. 2450 */ 2451 if (atomic_dec_32_nv(&keystack->keystack_flushdump) != 2452 0) { 2453 ks1dbg(keystack, 2454 ("One flush/dump message back from %d," 2455 " more to go.\n", samsg->sadb_msg_satype)); 2456 freemsg(mp1); 2457 return (0); 2458 } 2459 2460 samsg->sadb_msg_errno = 2461 (uint8_t)keystack->keystack_flushdump_errno; 2462 if (samsg->sadb_msg_type == SADB_DUMP) { 2463 samsg->sadb_msg_seq = 0; 2464 } 2465 } 2466 keysock_passup(mp1, samsg, serial, kc, 2467 (samsg->sadb_msg_type == SADB_DUMP), keystack); 2468 return (0); 2469 case KEYSOCK_HELLO_ACK: 2470 /* Aha, now we can link in the consumer! */ 2471 ksa = (keysock_hello_ack_t *)ii; 2472 keysock_link_consumer(ksa->ks_hello_satype, kc); 2473 freemsg(mp); 2474 return (0); 2475 default: 2476 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n", 2477 ii->ipsec_info_type)); 2478 putnext(q, mp); 2479 } 2480 return (0); 2481 } 2482 2483 /* 2484 * So we can avoid external linking problems.... 2485 */ 2486 boolean_t 2487 keysock_extended_reg(netstack_t *ns) 2488 { 2489 keysock_stack_t *keystack = ns->netstack_keysock; 2490 2491 return (keystack->keystack_num_extended != 0); 2492 } 2493 2494 uint32_t 2495 keysock_next_seq(netstack_t *ns) 2496 { 2497 keysock_stack_t *keystack = ns->netstack_keysock; 2498 2499 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq)); 2500 } 2501