1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 30 #include <sys/param.h> 31 #include <sys/types.h> 32 #include <sys/stream.h> 33 #include <sys/strsubr.h> 34 #include <sys/strsun.h> 35 #include <sys/stropts.h> 36 #include <sys/vnode.h> 37 #include <sys/strlog.h> 38 #include <sys/sysmacros.h> 39 #define _SUN_TPI_VERSION 2 40 #include <sys/tihdr.h> 41 #include <sys/timod.h> 42 #include <sys/tiuser.h> 43 #include <sys/ddi.h> 44 #include <sys/sunddi.h> 45 #include <sys/sunldi.h> 46 #include <sys/file.h> 47 #include <sys/modctl.h> 48 #include <sys/debug.h> 49 #include <sys/kmem.h> 50 #include <sys/cmn_err.h> 51 #include <sys/proc.h> 52 #include <sys/suntpi.h> 53 #include <sys/atomic.h> 54 #include <sys/mkdev.h> 55 #include <sys/policy.h> 56 57 #include <sys/socket.h> 58 #include <netinet/in.h> 59 #include <net/pfkeyv2.h> 60 61 #include <inet/common.h> 62 #include <netinet/ip6.h> 63 #include <inet/ip.h> 64 #include <inet/mi.h> 65 #include <inet/nd.h> 66 #include <inet/optcom.h> 67 #include <inet/ipsec_info.h> 68 #include <inet/ipsec_impl.h> 69 #include <inet/keysock.h> 70 71 #include <sys/isa_defs.h> 72 73 /* 74 * This is a transport provider for the PF_KEY key mangement socket. 75 * (See RFC 2367 for details.) 76 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN 77 * messages (see ipsec_info.h), and passed to the appropriate consumer. 78 * Upstream messages are generated for all open PF_KEY sockets, when 79 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled) 80 * in reply to downstream messages. 81 * 82 * Upstream messages must be created asynchronously for the following 83 * situations: 84 * 85 * 1.) A keysock consumer requires an SA, and there is currently none. 86 * 2.) An SA expires, either hard or soft lifetime. 87 * 3.) Other events a consumer deems fit. 88 * 89 * The MT model of this is PERMOD, with shared put procedures. Two types of 90 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send 91 * down the *multiple* messages they create. 92 */ 93 94 /* List of open PF_KEY sockets, protected by keysock_list_lock. */ 95 static kmutex_t keysock_list_lock; 96 static keysock_t *keysock_list; 97 98 static vmem_t *keysock_vmem; /* for minor numbers. */ 99 100 /* Consumers table. If an entry is NULL, keysock maintains the table. */ 101 static kmutex_t keysock_consumers_lock; 102 103 #define KEYSOCK_MAX_CONSUMERS 256 104 static keysock_consumer_t *keysock_consumers[KEYSOCK_MAX_CONSUMERS]; 105 106 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */ 107 static struct T_info_ack keysock_g_t_info_ack = { 108 T_INFO_ACK, 109 T_INFINITE, /* TSDU_size. Maximum size messages. */ 110 T_INVALID, /* ETSDU_size. No expedited data. */ 111 T_INVALID, /* CDATA_size. No connect data. */ 112 T_INVALID, /* DDATA_size. No disconnect data. */ 113 0, /* ADDR_size. */ 114 0, /* OPT_size. No user-settable options */ 115 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */ 116 T_COTS, /* SERV_type. keysock supports connection oriented. */ 117 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */ 118 (XPG4_1) /* Provider flags */ 119 }; 120 121 /* Named Dispatch Parameter Management Structure */ 122 typedef struct keysockpparam_s { 123 uint_t keysock_param_min; 124 uint_t keysock_param_max; 125 uint_t keysock_param_value; 126 char *keysock_param_name; 127 } keysockparam_t; 128 129 /* 130 * Table of NDD variables supported by keysock. These are loaded into 131 * keysock_g_nd in keysock_init_nd. 132 * All of these are alterable, within the min/max values given, at run time. 133 */ 134 static keysockparam_t keysock_param_arr[] = { 135 /* min max value name */ 136 { 4096, 65536, 8192, "keysock_xmit_hiwat"}, 137 { 0, 65536, 1024, "keysock_xmit_lowat"}, 138 { 4096, 65536, 8192, "keysock_recv_hiwat"}, 139 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"}, 140 { 0, 3, 0, "keysock_debug"}, 141 }; 142 #define keysock_xmit_hiwat keysock_param_arr[0].keysock_param_value 143 #define keysock_xmit_lowat keysock_param_arr[1].keysock_param_value 144 #define keysock_recv_hiwat keysock_param_arr[2].keysock_param_value 145 #define keysock_max_buf keysock_param_arr[3].keysock_param_value 146 #define keysock_debug keysock_param_arr[4].keysock_param_value 147 148 kmutex_t keysock_param_lock; /* Protects the NDD variables. */ 149 150 #define ks0dbg(a) printf a 151 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 152 #define ks1dbg(a) if (keysock_debug != 0) printf a 153 #define ks2dbg(a) if (keysock_debug > 1) printf a 154 #define ks3dbg(a) if (keysock_debug > 2) printf a 155 156 static IDP keysock_g_nd; 157 158 /* 159 * State for flush/dump. This would normally be a boolean_t, but 160 * cas32() works best for a known 32-bit quantity. 161 */ 162 static uint32_t keysock_flushdump; 163 static int keysock_flushdump_errno; 164 165 static int keysock_close(queue_t *); 166 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *); 167 static void keysock_wput(queue_t *, mblk_t *); 168 static void keysock_rput(queue_t *, mblk_t *); 169 static void keysock_rsrv(queue_t *); 170 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t, 171 keysock_consumer_t *, boolean_t); 172 173 static struct module_info info = { 174 5138, "keysock", 1, INFPSZ, 512, 128 175 }; 176 177 static struct qinit rinit = { 178 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close, 179 NULL, &info 180 }; 181 182 static struct qinit winit = { 183 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info 184 }; 185 186 struct streamtab keysockinfo = { 187 &rinit, &winit 188 }; 189 190 extern struct modlinkage *keysock_modlp; 191 192 /* 193 * Plumb IPsec. 194 * 195 * NOTE: New "default" modules will need to be loaded here if needed before 196 * boot time. 197 */ 198 199 /* Keep these in global space to keep the lint from complaining. */ 200 static char *IPSECESP = "ipsecesp"; 201 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp"; 202 static char *IPSECAH = "ipsecah"; 203 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah"; 204 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6"; 205 static char *KEYSOCK = "keysock"; 206 static char *STRMOD = "strmod"; 207 208 /* 209 * keysock_plumbed: zero if plumb not attempted, positive if it succeeded, 210 * negative if it failed. 211 */ 212 static int keysock_plumbed = 0; 213 214 /* 215 * This integer counts the number of extended REGISTERed sockets. This 216 * determines if we should send extended REGISTERs. 217 */ 218 static uint32_t keysock_num_extended = 0; 219 220 /* 221 * Global sequence space for SADB_ACQUIRE messages of any sort. 222 */ 223 static uint32_t keysock_acquire_seq = 0xffffffff; 224 225 /* 226 * Load the other ipsec modules and plumb them together. 227 */ 228 int 229 keysock_plumb_ipsec(void) 230 { 231 ldi_handle_t lh, ip6_lh = NULL; 232 ldi_ident_t li = NULL; 233 int err = 0; 234 int muxid, rval; 235 boolean_t esp_present = B_TRUE; 236 237 238 keysock_plumbed = 0; /* we're trying again.. */ 239 240 /* 241 * Load up the drivers (AH/ESP). 242 * 243 * I do this separately from the actual plumbing in case this function 244 * ever gets called from a diskless boot before the root filesystem is 245 * up. I don't have to worry about "keysock" because, well, if I'm 246 * here, keysock must've loaded successfully. 247 */ 248 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) { 249 ks0dbg(("IPsec: AH failed to attach.\n")); 250 goto bail; 251 } 252 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) { 253 ks0dbg(("IPsec: ESP failed to attach.\n")); 254 esp_present = B_FALSE; 255 } 256 257 /* 258 * Set up the IP streams for AH and ESP, as well as tacking keysock 259 * on top of them. Assume keysock has set the autopushes up already. 260 */ 261 262 /* Open IP. */ 263 err = ldi_ident_from_mod(keysock_modlp, &li); 264 if (err) { 265 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n", 266 err)); 267 goto bail; 268 } 269 270 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, CRED(), &ip6_lh, li); 271 if (err) { 272 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err)); 273 goto bail; 274 } 275 276 /* PLINK KEYSOCK/AH */ 277 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, CRED(), &lh, li); 278 if (err) { 279 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err)); 280 goto bail; 281 } 282 err = ldi_ioctl(lh, 283 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, CRED(), &rval); 284 if (err) { 285 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n", 286 err)); 287 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 288 goto bail; 289 } 290 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 291 FREAD+FWRITE+FNOCTTY+FKIOCTL, kcred, &muxid); 292 if (err) { 293 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err)); 294 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 295 goto bail; 296 } 297 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 298 299 /* PLINK KEYSOCK/ESP */ 300 if (esp_present) { 301 err = ldi_open_by_name(IPSECESPDEV, 302 FREAD|FWRITE, CRED(), &lh, li); 303 if (err) { 304 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err)); 305 goto bail; 306 } 307 err = ldi_ioctl(lh, 308 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, CRED(), &rval); 309 if (err) { 310 ks0dbg(("IPsec: " 311 "Push of KEYSOCK onto ESP failed (err %d).\n", 312 err)); 313 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 314 goto bail; 315 } 316 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 317 FREAD+FWRITE+FNOCTTY+FKIOCTL, kcred, &muxid); 318 if (err) { 319 ks0dbg(("IPsec: " 320 "PLINK of KEYSOCK/ESP failed (err %d).\n", err)); 321 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 322 goto bail; 323 } 324 (void) ldi_close(lh, FREAD|FWRITE, CRED()); 325 } 326 327 bail: 328 keysock_plumbed = (err == 0) ? 1 : -1; 329 if (ip6_lh != NULL) { 330 (void) ldi_close(ip6_lh, FREAD|FWRITE, CRED()); 331 } 332 if (li != NULL) 333 ldi_ident_release(li); 334 return (err); 335 } 336 337 /* ARGSUSED */ 338 static int 339 keysock_param_get(q, mp, cp, cr) 340 queue_t *q; 341 mblk_t *mp; 342 caddr_t cp; 343 cred_t *cr; 344 { 345 keysockparam_t *keysockpa = (keysockparam_t *)cp; 346 uint_t value; 347 348 mutex_enter(&keysock_param_lock); 349 value = keysockpa->keysock_param_value; 350 mutex_exit(&keysock_param_lock); 351 352 (void) mi_mpprintf(mp, "%u", value); 353 return (0); 354 } 355 356 /* This routine sets an NDD variable in a keysockparam_t structure. */ 357 /* ARGSUSED */ 358 static int 359 keysock_param_set(q, mp, value, cp, cr) 360 queue_t *q; 361 mblk_t *mp; 362 char *value; 363 caddr_t cp; 364 cred_t *cr; 365 { 366 ulong_t new_value; 367 keysockparam_t *keysockpa = (keysockparam_t *)cp; 368 369 /* Convert the value from a string into a long integer. */ 370 if (ddi_strtoul(value, NULL, 10, &new_value) != 0) 371 return (EINVAL); 372 373 mutex_enter(&keysock_param_lock); 374 /* 375 * Fail the request if the new value does not lie within the 376 * required bounds. 377 */ 378 if (new_value < keysockpa->keysock_param_min || 379 new_value > keysockpa->keysock_param_max) { 380 mutex_exit(&keysock_param_lock); 381 return (EINVAL); 382 } 383 384 /* Set the new value */ 385 keysockpa->keysock_param_value = new_value; 386 mutex_exit(&keysock_param_lock); 387 388 return (0); 389 } 390 391 /* 392 * Initialize NDD variables, and other things, for keysock. 393 */ 394 boolean_t 395 keysock_ddi_init(void) 396 { 397 keysockparam_t *ksp = keysock_param_arr; 398 int count = A_CNT(keysock_param_arr); 399 400 if (!keysock_g_nd) { 401 for (; count-- > 0; ksp++) { 402 if (ksp->keysock_param_name != NULL && 403 ksp->keysock_param_name[0]) { 404 if (!nd_load(&keysock_g_nd, 405 ksp->keysock_param_name, 406 keysock_param_get, keysock_param_set, 407 (caddr_t)ksp)) { 408 nd_free(&keysock_g_nd); 409 return (B_FALSE); 410 } 411 } 412 } 413 } 414 415 keysock_max_optsize = optcom_max_optsize( 416 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt); 417 418 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1, 419 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER); 420 421 mutex_init(&keysock_list_lock, NULL, MUTEX_DEFAULT, NULL); 422 mutex_init(&keysock_consumers_lock, NULL, MUTEX_DEFAULT, NULL); 423 mutex_init(&keysock_param_lock, NULL, MUTEX_DEFAULT, NULL); 424 425 return (B_TRUE); 426 } 427 428 /* 429 * Free NDD variable space, and other destructors, for keysock. 430 */ 431 void 432 keysock_ddi_destroy(void) 433 { 434 /* XXX Free instances? */ 435 ks0dbg(("keysock_ddi_destroy being called.\n")); 436 437 vmem_destroy(keysock_vmem); 438 mutex_destroy(&keysock_list_lock); 439 mutex_destroy(&keysock_consumers_lock); 440 mutex_destroy(&keysock_param_lock); 441 nd_free(&keysock_g_nd); 442 } 443 444 /* 445 * Close routine for keysock. 446 */ 447 static int 448 keysock_close(queue_t *q) 449 { 450 keysock_t *ks; 451 keysock_consumer_t *kc; 452 void *ptr = q->q_ptr; 453 int size; 454 455 qprocsoff(q); 456 457 /* Safe assumption. */ 458 ASSERT(ptr != NULL); 459 460 if (WR(q)->q_next) { 461 kc = (keysock_consumer_t *)ptr; 462 ks0dbg(("Module close, removing a consumer (%d).\n", 463 kc->kc_sa_type)); 464 /* 465 * Because of PERMOD open/close exclusive perimeter, I 466 * can inspect KC_FLUSHING w/o locking down kc->kc_lock. 467 */ 468 if (kc->kc_flags & KC_FLUSHING) { 469 /* 470 * If this decrement was the last one, send 471 * down the next pending one, if any. 472 * 473 * With a PERMOD perimeter, the mutexes ops aren't 474 * really necessary, but if we ever loosen up, we will 475 * have this bit covered already. 476 */ 477 keysock_flushdump--; 478 if (keysock_flushdump == 0) { 479 /* 480 * The flush/dump terminated by having a 481 * consumer go away. I need to send up to the 482 * appropriate keysock all of the relevant 483 * information. Unfortunately, I don't 484 * have that handy. 485 */ 486 ks0dbg(("Consumer went away while flushing or" 487 " dumping.\n")); 488 } 489 } 490 size = sizeof (keysock_consumer_t); 491 mutex_enter(&keysock_consumers_lock); 492 keysock_consumers[kc->kc_sa_type] = NULL; 493 mutex_exit(&keysock_consumers_lock); 494 mutex_destroy(&kc->kc_lock); 495 } else { 496 ks3dbg(("Driver close, PF_KEY socket is going away.\n")); 497 ks = (keysock_t *)ptr; 498 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0) 499 atomic_add_32(&keysock_num_extended, -1); 500 size = sizeof (keysock_t); 501 mutex_enter(&keysock_list_lock); 502 *(ks->keysock_ptpn) = ks->keysock_next; 503 if (ks->keysock_next != NULL) 504 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn; 505 mutex_exit(&keysock_list_lock); 506 mutex_destroy(&ks->keysock_lock); 507 } 508 509 /* Now I'm free. */ 510 kmem_free(ptr, size); 511 return (0); 512 } 513 /* 514 * Open routine for keysock. 515 */ 516 /* ARGSUSED */ 517 static int 518 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 519 { 520 keysock_t *ks; 521 keysock_consumer_t *kc; 522 mblk_t *mp; 523 ipsec_info_t *ii; 524 525 ks3dbg(("Entering keysock open.\n")); 526 527 if (secpolicy_net_config(credp, B_FALSE) != 0) { 528 /* Privilege debugging will log the error */ 529 return (EPERM); 530 } 531 532 if (q->q_ptr != NULL) 533 return (0); /* Re-open of an already open instance. */ 534 535 if (keysock_plumbed < 1) { 536 keysock_plumbed = 0; 537 /* 538 * Don't worry about ipsec_failure being true here. 539 * (See ip.c). An open of keysock should try and force 540 * the issue. Maybe it was a transient failure. 541 */ 542 ipsec_loader_loadnow(); 543 } 544 545 if (sflag & MODOPEN) { 546 /* Initialize keysock_consumer state here. */ 547 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP); 548 if (kc == NULL) 549 return (ENOMEM); 550 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0); 551 kc->kc_rq = q; 552 kc->kc_wq = WR(q); 553 554 q->q_ptr = kc; 555 WR(q)->q_ptr = kc; 556 557 qprocson(q); 558 559 /* 560 * Send down initial message to whatever I was pushed on top 561 * of asking for its consumer type. The reply will set it. 562 */ 563 564 /* Allocate it. */ 565 mp = allocb(sizeof (ipsec_info_t), BPRI_HI); 566 if (mp == NULL) { 567 ks1dbg(( 568 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n")); 569 /* Do I need to set these to null? */ 570 q->q_ptr = NULL; 571 WR(q)->q_ptr = NULL; 572 mutex_destroy(&kc->kc_lock); 573 kmem_free(kc, sizeof (*kc)); 574 return (ENOMEM); 575 } 576 577 /* If I allocated okay, putnext to what I was pushed atop. */ 578 mp->b_wptr += sizeof (ipsec_info_t); 579 mp->b_datap->db_type = M_CTL; 580 ii = (ipsec_info_t *)mp->b_rptr; 581 ii->ipsec_info_type = KEYSOCK_HELLO; 582 /* Length only of type/len. */ 583 ii->ipsec_info_len = sizeof (ii->ipsec_allu); 584 ks2dbg(("Ready to putnext KEYSOCK_HELLO.\n")); 585 putnext(kc->kc_wq, mp); 586 } else { 587 minor_t ksminor; 588 589 /* Initialize keysock state. */ 590 591 ks2dbg(("Made it into PF_KEY socket open.\n")); 592 593 ksminor = (minor_t)(uintptr_t) 594 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP); 595 if (ksminor == 0) 596 return (ENOMEM); 597 598 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP); 599 if (ks == NULL) { 600 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1); 601 return (ENOMEM); 602 } 603 604 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0); 605 ks->keysock_rq = q; 606 ks->keysock_wq = WR(q); 607 ks->keysock_state = TS_UNBND; 608 ks->keysock_serial = ksminor; 609 610 q->q_ptr = ks; 611 WR(q)->q_ptr = ks; 612 613 /* 614 * The receive hiwat is only looked at on the stream head 615 * queue. Store in q_hiwat in order to return on SO_RCVBUF 616 * getsockopts. 617 */ 618 619 q->q_hiwat = keysock_recv_hiwat; 620 621 /* 622 * The transmit hiwat/lowat is only looked at on IP's queue. 623 * Store in q_hiwat/q_lowat in order to return on 624 * SO_SNDBUF/SO_SNDLOWAT getsockopts. 625 */ 626 627 WR(q)->q_hiwat = keysock_xmit_hiwat; 628 WR(q)->q_lowat = keysock_xmit_lowat; 629 630 *devp = makedevice(getmajor(*devp), ksminor); 631 632 /* 633 * Thread keysock into the global keysock list. 634 */ 635 mutex_enter(&keysock_list_lock); 636 ks->keysock_next = keysock_list; 637 ks->keysock_ptpn = &keysock_list; 638 if (keysock_list != NULL) 639 keysock_list->keysock_ptpn = &ks->keysock_next; 640 keysock_list = ks; 641 mutex_exit(&keysock_list_lock); 642 643 qprocson(q); 644 (void) mi_set_sth_hiwat(q, keysock_recv_hiwat); 645 /* 646 * Wait outside the keysock module perimeter for IPsec 647 * plumbing to be completed. If it fails, keysock_close() 648 * undoes everything we just did. 649 */ 650 if (!ipsec_loader_wait(q)) { 651 (void) keysock_close(q); 652 return (EPFNOSUPPORT); 653 } 654 } 655 656 return (0); 657 } 658 659 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */ 660 661 /* 662 * Copy relevant state bits. 663 */ 664 static void 665 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks) 666 { 667 *tap = keysock_g_t_info_ack; 668 tap->CURRENT_state = ks->keysock_state; 669 tap->OPT_size = keysock_max_optsize; 670 } 671 672 /* 673 * This routine responds to T_CAPABILITY_REQ messages. It is called by 674 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from 675 * keysock_g_t_info_ack. The current state of the stream is copied from 676 * keysock_state. 677 */ 678 static void 679 keysock_capability_req(queue_t *q, mblk_t *mp) 680 { 681 keysock_t *ks = (keysock_t *)q->q_ptr; 682 t_uscalar_t cap_bits1; 683 struct T_capability_ack *tcap; 684 685 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 686 687 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 688 mp->b_datap->db_type, T_CAPABILITY_ACK); 689 if (mp == NULL) 690 return; 691 692 tcap = (struct T_capability_ack *)mp->b_rptr; 693 tcap->CAP_bits1 = 0; 694 695 if (cap_bits1 & TC1_INFO) { 696 keysock_copy_info(&tcap->INFO_ack, ks); 697 tcap->CAP_bits1 |= TC1_INFO; 698 } 699 700 qreply(q, mp); 701 } 702 703 /* 704 * This routine responds to T_INFO_REQ messages. It is called by 705 * keysock_wput_other. 706 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack. 707 * The current state of the stream is copied from keysock_state. 708 */ 709 static void 710 keysock_info_req(q, mp) 711 queue_t *q; 712 mblk_t *mp; 713 { 714 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO, 715 T_INFO_ACK); 716 if (mp == NULL) 717 return; 718 keysock_copy_info((struct T_info_ack *)mp->b_rptr, 719 (keysock_t *)q->q_ptr); 720 qreply(q, mp); 721 } 722 723 /* 724 * keysock_err_ack. This routine creates a 725 * T_ERROR_ACK message and passes it 726 * upstream. 727 */ 728 static void 729 keysock_err_ack(q, mp, t_error, sys_error) 730 queue_t *q; 731 mblk_t *mp; 732 int t_error; 733 int sys_error; 734 { 735 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL) 736 qreply(q, mp); 737 } 738 739 /* 740 * This routine retrieves the current status of socket options. 741 * It returns the size of the option retrieved. 742 */ 743 /* ARGSUSED */ 744 int 745 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr) 746 { 747 int *i1 = (int *)ptr; 748 keysock_t *ks = (keysock_t *)q->q_ptr; 749 750 switch (level) { 751 case SOL_SOCKET: 752 mutex_enter(&ks->keysock_lock); 753 switch (name) { 754 case SO_TYPE: 755 *i1 = SOCK_RAW; 756 break; 757 case SO_USELOOPBACK: 758 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) == 759 KEYSOCK_NOLOOP)); 760 break; 761 /* 762 * The following two items can be manipulated, 763 * but changing them should do nothing. 764 */ 765 case SO_SNDBUF: 766 *i1 = (int)q->q_hiwat; 767 break; 768 case SO_RCVBUF: 769 *i1 = (int)(RD(q)->q_hiwat); 770 break; 771 } 772 mutex_exit(&ks->keysock_lock); 773 break; 774 default: 775 return (0); 776 } 777 return (sizeof (int)); 778 } 779 780 /* 781 * This routine sets socket options. 782 */ 783 /* ARGSUSED */ 784 int 785 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level, 786 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 787 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr, mblk_t *mblk) 788 { 789 int *i1 = (int *)invalp; 790 keysock_t *ks = (keysock_t *)q->q_ptr; 791 792 switch (level) { 793 case SOL_SOCKET: 794 mutex_enter(&ks->keysock_lock); 795 switch (name) { 796 case SO_USELOOPBACK: 797 if (!(*i1)) 798 ks->keysock_flags |= KEYSOCK_NOLOOP; 799 else ks->keysock_flags &= ~KEYSOCK_NOLOOP; 800 break; 801 case SO_SNDBUF: 802 if (*i1 > keysock_max_buf) 803 return (ENOBUFS); 804 q->q_hiwat = *i1; 805 break; 806 case SO_RCVBUF: 807 if (*i1 > keysock_max_buf) 808 return (ENOBUFS); 809 RD(q)->q_hiwat = *i1; 810 (void) mi_set_sth_hiwat(RD(q), *i1); 811 break; 812 } 813 mutex_exit(&ks->keysock_lock); 814 break; 815 } 816 return (0); 817 } 818 819 /* 820 * Handle STREAMS messages. 821 */ 822 static void 823 keysock_wput_other(queue_t *q, mblk_t *mp) 824 { 825 struct iocblk *iocp; 826 int error; 827 828 switch (mp->b_datap->db_type) { 829 case M_PROTO: 830 case M_PCPROTO: 831 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) { 832 ks3dbg(( 833 "keysock_wput_other: Not big enough M_PROTO\n")); 834 freemsg(mp); 835 return; 836 } 837 switch (((union T_primitives *)mp->b_rptr)->type) { 838 case T_CAPABILITY_REQ: 839 keysock_capability_req(q, mp); 840 return; 841 case T_INFO_REQ: 842 keysock_info_req(q, mp); 843 return; 844 case T_SVR4_OPTMGMT_REQ: 845 (void) svr4_optcom_req(q, mp, DB_CREDDEF(mp, kcred), 846 &keysock_opt_obj); 847 return; 848 case T_OPTMGMT_REQ: 849 (void) tpi_optcom_req(q, mp, DB_CREDDEF(mp, kcred), 850 &keysock_opt_obj); 851 return; 852 case T_DATA_REQ: 853 case T_EXDATA_REQ: 854 case T_ORDREL_REQ: 855 /* Illegal for keysock. */ 856 freemsg(mp); 857 (void) putnextctl1(RD(q), M_ERROR, EPROTO); 858 return; 859 default: 860 /* Not supported by keysock. */ 861 keysock_err_ack(q, mp, TNOTSUPPORT, 0); 862 return; 863 } 864 case M_IOCTL: 865 iocp = (struct iocblk *)mp->b_rptr; 866 error = EINVAL; 867 868 switch (iocp->ioc_cmd) { 869 case ND_SET: 870 case ND_GET: 871 if (nd_getset(q, keysock_g_nd, mp)) { 872 qreply(q, mp); 873 return; 874 } else 875 error = ENOENT; 876 /* FALLTHRU */ 877 default: 878 miocnak(q, mp, 0, error); 879 return; 880 } 881 case M_FLUSH: 882 if (*mp->b_rptr & FLUSHW) { 883 flushq(q, FLUSHALL); 884 *mp->b_rptr &= ~FLUSHW; 885 } 886 if (*mp->b_rptr & FLUSHR) { 887 qreply(q, mp); 888 return; 889 } 890 /* Else FALLTHRU */ 891 } 892 893 /* If fell through, just black-hole the message. */ 894 freemsg(mp); 895 } 896 897 /* 898 * Transmit a PF_KEY error message to the instance either pointed to 899 * by ks, the instance with serial number serial, or more, depending. 900 * 901 * The faulty message (or a reasonable facsimile thereof) is in mp. 902 * This function will free mp or recycle it for delivery, thereby causing 903 * the stream head to free it. 904 */ 905 static void 906 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic) 907 { 908 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 909 910 ASSERT(mp->b_datap->db_type == M_DATA); 911 912 if (samsg->sadb_msg_type < SADB_GETSPI || 913 samsg->sadb_msg_type > SADB_MAX) 914 samsg->sadb_msg_type = SADB_RESERVED; 915 916 /* 917 * Strip out extension headers. 918 */ 919 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim); 920 mp->b_wptr = mp->b_rptr + sizeof (*samsg); 921 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t)); 922 samsg->sadb_msg_errno = (uint8_t)error; 923 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic; 924 925 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE); 926 } 927 928 /* 929 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy 930 * in the extv if passed in. 931 */ 932 static void 933 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[], 934 boolean_t flushmsg) 935 { 936 keysock_consumer_t *kc; 937 mblk_t *wrapper; 938 keysock_in_t *ksi; 939 int i; 940 941 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI); 942 if (wrapper == NULL) { 943 ks3dbg(("keysock_passdown: allocb failed.\n")); 944 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL) 945 bzero(extv[SADB_EXT_KEY_ENCRYPT], 946 SADB_64TO8( 947 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len)); 948 if (extv[SADB_EXT_KEY_AUTH] != NULL) 949 bzero(extv[SADB_EXT_KEY_AUTH], 950 SADB_64TO8( 951 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len)); 952 if (flushmsg) { 953 ks0dbg(( 954 "keysock: Downwards flush/dump message failed!\n")); 955 /* If this is true, I hold the perimeter. */ 956 keysock_flushdump--; 957 } 958 freemsg(mp); 959 return; 960 } 961 962 wrapper->b_datap->db_type = M_CTL; 963 ksi = (keysock_in_t *)wrapper->b_rptr; 964 ksi->ks_in_type = KEYSOCK_IN; 965 ksi->ks_in_len = sizeof (keysock_in_t); 966 if (extv[SADB_EXT_ADDRESS_SRC] != NULL) 967 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN; 968 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE; 969 if (extv[SADB_EXT_ADDRESS_DST] != NULL) 970 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN; 971 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE; 972 if (extv[SADB_EXT_ADDRESS_PROXY] != NULL) 973 ksi->ks_in_proxytype = KS_IN_ADDR_UNKNOWN; 974 else ksi->ks_in_proxytype = KS_IN_ADDR_NOTTHERE; 975 for (i = 0; i <= SADB_EXT_MAX; i++) 976 ksi->ks_in_extv[i] = extv[i]; 977 ksi->ks_in_serial = ks->keysock_serial; 978 wrapper->b_wptr += sizeof (ipsec_info_t); 979 wrapper->b_cont = mp; 980 981 /* 982 * Find the appropriate consumer where the message is passed down. 983 */ 984 kc = keysock_consumers[satype]; 985 if (kc == NULL) { 986 freeb(wrapper); 987 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 988 if (flushmsg) { 989 ks0dbg(( 990 "keysock: Downwards flush/dump message failed!\n")); 991 /* If this is true, I hold the perimeter. */ 992 keysock_flushdump--; 993 } 994 return; 995 } 996 997 /* 998 * NOTE: There used to be code in here to spin while a flush or 999 * dump finished. Keysock now assumes that consumers have enough 1000 * MT-savviness to deal with that. 1001 */ 1002 1003 /* 1004 * Current consumers (AH and ESP) are guaranteed to return a 1005 * FLUSH or DUMP message back, so when we reach here, we don't 1006 * have to worry about keysock_flushdumps. 1007 */ 1008 1009 putnext(kc->kc_wq, wrapper); 1010 } 1011 1012 /* 1013 * High-level reality checking of extensions. 1014 */ 1015 static boolean_t 1016 ext_check(sadb_ext_t *ext) 1017 { 1018 int i; 1019 uint64_t *lp; 1020 sadb_ident_t *id; 1021 char *idstr; 1022 1023 switch (ext->sadb_ext_type) { 1024 case SADB_EXT_ADDRESS_SRC: 1025 case SADB_EXT_ADDRESS_DST: 1026 case SADB_EXT_ADDRESS_PROXY: 1027 /* Check for at least enough addtl length for a sockaddr. */ 1028 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t))) 1029 return (B_FALSE); 1030 break; 1031 case SADB_EXT_LIFETIME_HARD: 1032 case SADB_EXT_LIFETIME_SOFT: 1033 case SADB_EXT_LIFETIME_CURRENT: 1034 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t))) 1035 return (B_FALSE); 1036 break; 1037 case SADB_EXT_SPIRANGE: 1038 /* See if the SPI range is legit. */ 1039 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) > 1040 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max)) 1041 return (B_FALSE); 1042 break; 1043 case SADB_EXT_KEY_AUTH: 1044 case SADB_EXT_KEY_ENCRYPT: 1045 /* Key length check. */ 1046 if (((sadb_key_t *)ext)->sadb_key_bits == 0) 1047 return (B_FALSE); 1048 /* 1049 * Check to see if the key length (in bits) is less than the 1050 * extension length (in 8-bits words). 1051 */ 1052 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) + 1053 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) { 1054 ks1dbg(( 1055 "ext_check: Key bits/length inconsistent.\n")); 1056 ks1dbg(("%d bits, len is %d bytes.\n", 1057 ((sadb_key_t *)ext)->sadb_key_bits, 1058 SADB_64TO8(ext->sadb_ext_len))); 1059 return (B_FALSE); 1060 } 1061 1062 /* All-zeroes key check. */ 1063 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t)); 1064 for (i = 0; 1065 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t))); 1066 i++) 1067 if (lp[i] != 0) 1068 break; /* Out of for loop. */ 1069 /* If finished the loop naturally, it's an all zero key. */ 1070 if (lp[i] == 0) 1071 return (B_FALSE); 1072 break; 1073 case SADB_EXT_IDENTITY_SRC: 1074 case SADB_EXT_IDENTITY_DST: 1075 /* 1076 * Make sure the strings in these identities are 1077 * null-terminated. RFC 2367 underspecified how to handle 1078 * such a case. I "proactively" null-terminate the string 1079 * at the last byte if it's not terminated sooner. 1080 */ 1081 id = (sadb_ident_t *)ext; 1082 i = SADB_64TO8(id->sadb_ident_len); 1083 i -= sizeof (sadb_ident_t); 1084 idstr = (char *)(id + 1); 1085 while (*idstr != '\0' && i > 0) { 1086 i--; 1087 idstr++; 1088 } 1089 if (i == 0) { 1090 /* 1091 * I.e., if the bozo user didn't NULL-terminate the 1092 * string... 1093 */ 1094 idstr--; 1095 *idstr = '\0'; 1096 } 1097 break; 1098 } 1099 return (B_TRUE); /* For now... */ 1100 } 1101 1102 /* Return values for keysock_get_ext(). */ 1103 #define KGE_OK 0 1104 #define KGE_DUP 1 1105 #define KGE_UNK 2 1106 #define KGE_LEN 3 1107 #define KGE_CHK 4 1108 1109 /* 1110 * Parse basic extension headers and return in the passed-in pointer vector. 1111 * Return values include: 1112 * 1113 * KGE_OK Everything's nice and parsed out. 1114 * If there are no extensions, place NULL in extv[0]. 1115 * KGE_DUP There is a duplicate extension. 1116 * First instance in appropriate bin. First duplicate in 1117 * extv[0]. 1118 * KGE_UNK Unknown extension type encountered. extv[0] contains 1119 * unknown header. 1120 * KGE_LEN Extension length error. 1121 * KGE_CHK High-level reality check failed on specific extension. 1122 * 1123 * My apologies for some of the pointer arithmetic in here. I'm thinking 1124 * like an assembly programmer, yet trying to make the compiler happy. 1125 */ 1126 static int 1127 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize) 1128 { 1129 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1)); 1130 1131 /* Use extv[0] as the "current working pointer". */ 1132 1133 extv[0] = (sadb_ext_t *)(basehdr + 1); 1134 1135 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) { 1136 /* Check for unknown headers. */ 1137 if (extv[0]->sadb_ext_type == 0 || 1138 extv[0]->sadb_ext_type > SADB_EXT_MAX) 1139 return (KGE_UNK); 1140 1141 /* 1142 * Check length. Use uint64_t because extlen is in units 1143 * of 64-bit words. If length goes beyond the msgsize, 1144 * return an error. (Zero length also qualifies here.) 1145 */ 1146 if (extv[0]->sadb_ext_len == 0 || 1147 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) > 1148 (void *)((uint8_t *)basehdr + msgsize)) 1149 return (KGE_LEN); 1150 1151 /* Check for redundant headers. */ 1152 if (extv[extv[0]->sadb_ext_type] != NULL) 1153 return (KGE_DUP); 1154 1155 /* 1156 * Reality check the extension if possible at the keysock 1157 * level. 1158 */ 1159 if (!ext_check(extv[0])) 1160 return (KGE_CHK); 1161 1162 /* If I make it here, assign the appropriate bin. */ 1163 extv[extv[0]->sadb_ext_type] = extv[0]; 1164 1165 /* Advance pointer (See above for uint64_t ptr reasoning.) */ 1166 extv[0] = (sadb_ext_t *) 1167 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len); 1168 } 1169 1170 /* Everything's cool. */ 1171 1172 /* 1173 * If extv[0] == NULL, then there are no extension headers in this 1174 * message. Ensure that this is the case. 1175 */ 1176 if (extv[0] == (sadb_ext_t *)(basehdr + 1)) 1177 extv[0] = NULL; 1178 1179 return (KGE_OK); 1180 } 1181 1182 /* 1183 * qwriter() callback to handle flushes and dumps. This routine will hold 1184 * the inner perimeter. 1185 */ 1186 void 1187 keysock_do_flushdump(queue_t *q, mblk_t *mp) 1188 { 1189 int i, start, finish; 1190 mblk_t *mp1 = NULL; 1191 keysock_t *ks = (keysock_t *)q->q_ptr; 1192 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1193 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1194 1195 /* 1196 * I am guaranteed this will work. I did the work in keysock_parse() 1197 * already. 1198 */ 1199 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len)); 1200 1201 /* 1202 * I hold the perimeter, therefore I don't need to use atomic ops. 1203 */ 1204 if (keysock_flushdump != 0) { 1205 /* XXX Should I instead use EBUSY? */ 1206 /* XXX Or is there a way to queue these up? */ 1207 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE); 1208 return; 1209 } 1210 1211 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1212 start = 0; 1213 finish = KEYSOCK_MAX_CONSUMERS - 1; 1214 } else { 1215 start = samsg->sadb_msg_satype; 1216 finish = samsg->sadb_msg_satype; 1217 } 1218 1219 /* 1220 * Fill up keysock_flushdump with the number of outstanding dumps 1221 * and/or flushes. 1222 */ 1223 1224 keysock_flushdump_errno = 0; 1225 1226 /* 1227 * Okay, I hold the perimeter. Eventually keysock_flushdump will 1228 * contain the number of consumers with outstanding flush operations. 1229 * 1230 * SO, here's the plan: 1231 * * For each relevant consumer (Might be one, might be all) 1232 * * Twiddle on the FLUSHING flag. 1233 * * Pass down the FLUSH/DUMP message. 1234 * 1235 * When I see upbound FLUSH/DUMP messages, I will decrement the 1236 * keysock_flushdump. When I decrement it to 0, I will pass the 1237 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will 1238 * pass down the right SA type to the consumer (either its own, or 1239 * that of UNSPEC), the right one will be reflected from each consumer, 1240 * and accordingly back to the socket. 1241 */ 1242 1243 mutex_enter(&keysock_consumers_lock); 1244 for (i = start; i <= finish; i++) { 1245 if (keysock_consumers[i] != NULL) { 1246 mp1 = copymsg(mp); 1247 if (mp1 == NULL) { 1248 ks0dbg(("SADB_FLUSH copymsg() failed.\n")); 1249 /* 1250 * Error? And what about outstanding 1251 * flushes? Oh, yeah, they get sucked up and 1252 * the counter is decremented. Consumers 1253 * (see keysock_passdown()) are guaranteed 1254 * to deliver back a flush request, even if 1255 * it's an error. 1256 */ 1257 keysock_error(ks, mp, ENOMEM, 1258 SADB_X_DIAGNOSTIC_NONE); 1259 return; 1260 } 1261 /* 1262 * Because my entry conditions are met above, the 1263 * following assertion should hold true. 1264 */ 1265 mutex_enter(&(keysock_consumers[i]->kc_lock)); 1266 ASSERT((keysock_consumers[i]->kc_flags & KC_FLUSHING) 1267 == 0); 1268 keysock_consumers[i]->kc_flags |= KC_FLUSHING; 1269 mutex_exit(&(keysock_consumers[i]->kc_lock)); 1270 /* Always increment the number of flushes... */ 1271 keysock_flushdump++; 1272 /* Guaranteed to return a message. */ 1273 keysock_passdown(ks, mp1, i, extv, B_TRUE); 1274 } else if (start == finish) { 1275 /* 1276 * In case where start == finish, and there's no 1277 * consumer, should we force an error? Yes. 1278 */ 1279 mutex_exit(&keysock_consumers_lock); 1280 keysock_error(ks, mp, EINVAL, 1281 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1282 return; 1283 } 1284 } 1285 mutex_exit(&keysock_consumers_lock); 1286 1287 if (keysock_flushdump == 0) { 1288 /* 1289 * There were no consumers at all for this message. 1290 * XXX For now return ESRCH. 1291 */ 1292 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS); 1293 } else { 1294 /* Otherwise, free the original message. */ 1295 freemsg(mp); 1296 } 1297 } 1298 1299 /* 1300 * Get the right diagnostic for a duplicate. Should probably use a static 1301 * table lookup. 1302 */ 1303 int 1304 keysock_duplicate(int ext_type) 1305 { 1306 int rc = 0; 1307 1308 switch (ext_type) { 1309 case SADB_EXT_ADDRESS_SRC: 1310 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC; 1311 break; 1312 case SADB_EXT_ADDRESS_DST: 1313 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST; 1314 break; 1315 case SADB_EXT_SA: 1316 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA; 1317 break; 1318 case SADB_EXT_SPIRANGE: 1319 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE; 1320 break; 1321 case SADB_EXT_KEY_AUTH: 1322 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY; 1323 break; 1324 case SADB_EXT_KEY_ENCRYPT: 1325 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY; 1326 break; 1327 } 1328 return (rc); 1329 } 1330 1331 /* 1332 * Get the right diagnostic for a reality check failure. Should probably use 1333 * a static table lookup. 1334 */ 1335 int 1336 keysock_malformed(int ext_type) 1337 { 1338 int rc = 0; 1339 1340 switch (ext_type) { 1341 case SADB_EXT_ADDRESS_SRC: 1342 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC; 1343 break; 1344 case SADB_EXT_ADDRESS_DST: 1345 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST; 1346 break; 1347 case SADB_EXT_SA: 1348 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA; 1349 break; 1350 case SADB_EXT_SPIRANGE: 1351 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE; 1352 break; 1353 case SADB_EXT_KEY_AUTH: 1354 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY; 1355 break; 1356 case SADB_EXT_KEY_ENCRYPT: 1357 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY; 1358 break; 1359 } 1360 return (rc); 1361 } 1362 1363 /* 1364 * Keysock massaging of an inverse ACQUIRE. Consult policy, 1365 * and construct an appropriate response. 1366 */ 1367 static void 1368 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[], 1369 keysock_t *ks) 1370 { 1371 mblk_t *reply_mp; 1372 1373 /* 1374 * Reality check things... 1375 */ 1376 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) { 1377 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC); 1378 return; 1379 } 1380 if (extv[SADB_EXT_ADDRESS_DST] == NULL) { 1381 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST); 1382 } 1383 1384 reply_mp = ipsec_construct_inverse_acquire(samsg, extv); 1385 1386 if (reply_mp != NULL) { 1387 freemsg(mp); 1388 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr, 1389 ks->keysock_serial, NULL, B_FALSE); 1390 } else { 1391 keysock_error(ks, mp, samsg->sadb_msg_errno, 1392 samsg->sadb_x_msg_diagnostic); 1393 } 1394 } 1395 1396 /* 1397 * Spew an extended REGISTER down to the relevant consumers. 1398 */ 1399 static void 1400 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1401 { 1402 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG]; 1403 uint8_t *satypes, *fencepost; 1404 mblk_t *downmp; 1405 sadb_ext_t *downextv[SADB_EXT_MAX + 1]; 1406 1407 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 || 1408 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) { 1409 keysock_error(ks, mp, EBUSY, 0); 1410 } 1411 1412 ks->keysock_flags |= KEYSOCK_EXTENDED; 1413 if (ereg == NULL) { 1414 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1415 } else { 1416 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr); 1417 fencepost = (uint8_t *)mp->b_wptr; 1418 satypes = ereg->sadb_x_ereg_satypes; 1419 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) { 1420 downmp = copymsg(mp); 1421 if (downmp == NULL) { 1422 keysock_error(ks, mp, ENOMEM, 0); 1423 return; 1424 } 1425 /* 1426 * Since we've made it here, keysock_get_ext will work! 1427 */ 1428 (void) keysock_get_ext(downextv, 1429 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp)); 1430 keysock_passdown(ks, downmp, *satypes, downextv, 1431 B_FALSE); 1432 ++satypes; 1433 } 1434 freemsg(mp); 1435 } 1436 1437 /* 1438 * Set global to indicate we prefer an extended ACQUIRE. 1439 */ 1440 atomic_add_32(&keysock_num_extended, 1); 1441 } 1442 1443 /* 1444 * Handle PF_KEY messages. 1445 */ 1446 static void 1447 keysock_parse(queue_t *q, mblk_t *mp) 1448 { 1449 sadb_msg_t *samsg; 1450 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1451 keysock_t *ks = (keysock_t *)q->q_ptr; 1452 uint_t msgsize; 1453 uint8_t satype; 1454 1455 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */ 1456 ASSERT(WR(q)->q_next == NULL); 1457 1458 samsg = (sadb_msg_t *)mp->b_rptr; 1459 ks2dbg(("Received possible PF_KEY message, type %d.\n", 1460 samsg->sadb_msg_type)); 1461 1462 msgsize = SADB_64TO8(samsg->sadb_msg_len); 1463 1464 if (msgdsize(mp) != msgsize) { 1465 /* 1466 * Message len incorrect w.r.t. actual size. Send an error 1467 * (EMSGSIZE). It may be necessary to massage things a 1468 * bit. For example, if the sadb_msg_type is hosed, 1469 * I need to set it to SADB_RESERVED to get delivery to 1470 * do the right thing. Then again, maybe just letting 1471 * the error delivery do the right thing. 1472 */ 1473 ks2dbg(("mblk (%lu) and base (%d) message sizes don't jibe.\n", 1474 msgdsize(mp), msgsize)); 1475 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE); 1476 return; 1477 } 1478 1479 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) { 1480 /* Get all message into one mblk. */ 1481 if (pullupmsg(mp, -1) == 0) { 1482 /* 1483 * Something screwy happened. 1484 */ 1485 ks3dbg(("keysock_parse: pullupmsg() failed.\n")); 1486 return; 1487 } else { 1488 samsg = (sadb_msg_t *)mp->b_rptr; 1489 } 1490 } 1491 1492 switch (keysock_get_ext(extv, samsg, msgsize)) { 1493 case KGE_DUP: 1494 /* Handle duplicate extension. */ 1495 ks1dbg(("Got duplicate extension of type %d.\n", 1496 extv[0]->sadb_ext_type)); 1497 keysock_error(ks, mp, EINVAL, 1498 keysock_duplicate(extv[0]->sadb_ext_type)); 1499 return; 1500 case KGE_UNK: 1501 /* Handle unknown extension. */ 1502 ks1dbg(("Got unknown extension of type %d.\n", 1503 extv[0]->sadb_ext_type)); 1504 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT); 1505 return; 1506 case KGE_LEN: 1507 /* Length error. */ 1508 ks1dbg(("Length %d on extension type %d overrun or 0.\n", 1509 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type)); 1510 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN); 1511 return; 1512 case KGE_CHK: 1513 /* Reality check failed. */ 1514 ks1dbg(("Reality check failed on extension type %d.\n", 1515 extv[0]->sadb_ext_type)); 1516 keysock_error(ks, mp, EINVAL, 1517 keysock_malformed(extv[0]->sadb_ext_type)); 1518 return; 1519 default: 1520 /* Default case is no errors. */ 1521 break; 1522 } 1523 1524 switch (samsg->sadb_msg_type) { 1525 case SADB_REGISTER: 1526 /* 1527 * There's a semantic weirdness in that a message OTHER than 1528 * the return REGISTER message may be passed up if I set the 1529 * registered bit BEFORE I pass it down. 1530 * 1531 * SOOOO, I'll not twiddle any registered bits until I see 1532 * the upbound REGISTER (with a serial number in it). 1533 */ 1534 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1535 /* Handle extended register here. */ 1536 keysock_extended_register(ks, mp, extv); 1537 return; 1538 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) { 1539 keysock_error(ks, mp, EBUSY, 0); 1540 return; 1541 } 1542 /* FALLTHRU */ 1543 case SADB_GETSPI: 1544 case SADB_ADD: 1545 case SADB_UPDATE: 1546 case SADB_DELETE: 1547 case SADB_GET: 1548 /* 1549 * Pass down to appropriate consumer. 1550 */ 1551 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1552 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1553 B_FALSE); 1554 else keysock_error(ks, mp, EINVAL, 1555 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1556 return; 1557 case SADB_ACQUIRE: 1558 /* 1559 * If I _receive_ an acquire, this means I should spread it 1560 * out to registered sockets. Unless there's an errno... 1561 * 1562 * Need ADDRESS, may have ID, SENS, and PROP, unless errno, 1563 * in which case there should be NO extensions. 1564 * 1565 * Return to registered. 1566 */ 1567 if (samsg->sadb_msg_errno != 0) { 1568 satype = samsg->sadb_msg_satype; 1569 if (satype == SADB_SATYPE_UNSPEC) { 1570 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) { 1571 keysock_error(ks, mp, EINVAL, 1572 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1573 return; 1574 } 1575 /* 1576 * Reassign satype based on the first 1577 * flags that KEYSOCK_SETREG says. 1578 */ 1579 while (satype <= SADB_SATYPE_MAX) { 1580 if (KEYSOCK_ISREG(ks, satype)) 1581 break; 1582 satype++; 1583 } 1584 if (satype > SADB_SATYPE_MAX) { 1585 keysock_error(ks, mp, EBUSY, 0); 1586 return; 1587 } 1588 } 1589 keysock_passdown(ks, mp, satype, extv, B_FALSE); 1590 } else { 1591 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 1592 keysock_error(ks, mp, EINVAL, 1593 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1594 else 1595 keysock_passup(mp, samsg, 0, NULL, B_FALSE); 1596 } 1597 return; 1598 case SADB_EXPIRE: 1599 /* 1600 * If someone sends this in, then send out to all senders. 1601 * (Save maybe ESP or AH, I have to be careful here.) 1602 * 1603 * Need ADDRESS, may have ID and SENS. 1604 * 1605 * XXX for now this is unsupported. 1606 */ 1607 break; 1608 case SADB_FLUSH: 1609 case SADB_DUMP: /* not used by normal applications */ 1610 /* 1611 * Nuke all SAs, or dump out the whole SA table to sender only. 1612 * 1613 * No extensions at all. Return to all listeners. 1614 * 1615 * Question: Should I hold a lock here to prevent 1616 * additions/deletions while flushing? 1617 * Answer: No. (See keysock_passdown() for details.) 1618 */ 1619 if (extv[0] != NULL) { 1620 /* 1621 * FLUSH or DUMP messages shouldn't have extensions. 1622 * Return EINVAL. 1623 */ 1624 ks2dbg(("FLUSH message with extension.\n")); 1625 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT); 1626 return; 1627 } 1628 1629 /* Passing down of DUMP/FLUSH messages are special. */ 1630 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1631 return; 1632 case SADB_X_PROMISC: 1633 /* 1634 * Promiscuous processing message. 1635 */ 1636 if (samsg->sadb_msg_satype == 0) 1637 ks->keysock_flags &= ~KEYSOCK_PROMISC; 1638 else 1639 ks->keysock_flags |= KEYSOCK_PROMISC; 1640 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE); 1641 return; 1642 case SADB_X_INVERSE_ACQUIRE: 1643 keysock_inverse_acquire(mp, samsg, extv, ks); 1644 return; 1645 default: 1646 ks2dbg(("Got unknown message type %d.\n", 1647 samsg->sadb_msg_type)); 1648 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG); 1649 return; 1650 } 1651 1652 /* As a placeholder... */ 1653 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n")); 1654 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE); 1655 } 1656 1657 /* 1658 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket, 1659 * I don't convert to ioctl()'s for IP. I am the end-all driver as far 1660 * as PF_KEY sockets are concerned. I do some conversion, but not as much 1661 * as IP/rts does. 1662 */ 1663 static void 1664 keysock_wput(queue_t *q, mblk_t *mp) 1665 { 1666 uchar_t *rptr = mp->b_rptr; 1667 mblk_t *mp1; 1668 1669 ks3dbg(("In keysock_wput\n")); 1670 1671 if (WR(q)->q_next) { 1672 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 1673 1674 /* 1675 * We shouldn't get writes on a consumer instance. 1676 * But for now, just passthru. 1677 */ 1678 ks1dbg(("Huh? wput for an consumer instance (%d)?\n", 1679 kc->kc_sa_type)); 1680 putnext(q, mp); 1681 return; 1682 } 1683 1684 switch (mp->b_datap->db_type) { 1685 case M_DATA: 1686 /* 1687 * Silently discard. 1688 */ 1689 ks2dbg(("raw M_DATA in keysock.\n")); 1690 freemsg(mp); 1691 return; 1692 case M_PROTO: 1693 case M_PCPROTO: 1694 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) { 1695 if (((union T_primitives *)rptr)->type == T_DATA_REQ) { 1696 if ((mp1 = mp->b_cont) == NULL) { 1697 /* No data after T_DATA_REQ. */ 1698 ks2dbg(("No data after DATA_REQ.\n")); 1699 freemsg(mp); 1700 return; 1701 } 1702 freeb(mp); 1703 mp = mp1; 1704 ks2dbg(("T_DATA_REQ\n")); 1705 break; /* Out of switch. */ 1706 } 1707 } 1708 /* FALLTHRU */ 1709 default: 1710 ks3dbg(("In default wput case (%d %d).\n", 1711 mp->b_datap->db_type, ((union T_primitives *)rptr)->type)); 1712 keysock_wput_other(q, mp); 1713 return; 1714 } 1715 1716 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */ 1717 keysock_parse(q, mp); 1718 } 1719 1720 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */ 1721 1722 /* 1723 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate 1724 * state vectors. 1725 */ 1726 static void 1727 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc) 1728 { 1729 keysock_t *ks; 1730 1731 mutex_enter(&keysock_consumers_lock); 1732 mutex_enter(&kc->kc_lock); 1733 if (keysock_consumers[satype] != NULL) { 1734 ks0dbg(( 1735 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n", 1736 satype)); 1737 /* 1738 * Perhaps updating the new below-me consumer with what I have 1739 * so far would work too? 1740 */ 1741 mutex_exit(&kc->kc_lock); 1742 mutex_exit(&keysock_consumers_lock); 1743 } else { 1744 /* Add new below-me consumer. */ 1745 keysock_consumers[satype] = kc; 1746 1747 kc->kc_flags = 0; 1748 kc->kc_sa_type = satype; 1749 mutex_exit(&kc->kc_lock); 1750 mutex_exit(&keysock_consumers_lock); 1751 1752 /* Scan the keysock list. */ 1753 mutex_enter(&keysock_list_lock); 1754 for (ks = keysock_list; ks != NULL; ks = ks->keysock_next) { 1755 if (KEYSOCK_ISREG(ks, satype)) { 1756 /* 1757 * XXX Perhaps send an SADB_REGISTER down on 1758 * the socket's behalf. 1759 */ 1760 ks1dbg(("Socket %u registered already for " 1761 "new consumer.\n", ks->keysock_serial)); 1762 } 1763 } 1764 mutex_exit(&keysock_list_lock); 1765 } 1766 } 1767 1768 /* 1769 * Generate a KEYSOCK_OUT_ERR message for my consumer. 1770 */ 1771 static void 1772 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp) 1773 { 1774 keysock_out_err_t *kse; 1775 mblk_t *imp; 1776 1777 imp = allocb(sizeof (ipsec_info_t), BPRI_HI); 1778 if (imp == NULL) { 1779 ks1dbg(("keysock_out_err: Can't alloc message.\n")); 1780 return; 1781 } 1782 1783 imp->b_datap->db_type = M_CTL; 1784 imp->b_wptr += sizeof (ipsec_info_t); 1785 1786 kse = (keysock_out_err_t *)imp->b_rptr; 1787 imp->b_cont = mp; 1788 kse->ks_err_type = KEYSOCK_OUT_ERR; 1789 kse->ks_err_len = sizeof (*kse); 1790 /* Is serial necessary? */ 1791 kse->ks_err_serial = 0; 1792 kse->ks_err_errno = ks_errno; 1793 1794 /* 1795 * XXX What else do I need to do here w.r.t. information 1796 * to tell the consumer what caused this error? 1797 * 1798 * I believe the answer is the PF_KEY ACQUIRE (or other) message 1799 * attached in mp, which is appended at the end. I believe the 1800 * db_ref won't matter here, because the PF_KEY message is only read 1801 * for KEYSOCK_OUT_ERR. 1802 */ 1803 1804 putnext(kc->kc_wq, imp); 1805 } 1806 1807 /* XXX this is a hack errno. */ 1808 #define EIPSECNOSA 255 1809 1810 /* 1811 * Route message (pointed by mp, header in samsg) toward appropriate 1812 * sockets. Assume the message's creator did its job correctly. 1813 * 1814 * This should be a function that is followed by a return in its caller. 1815 * The compiler _should_ be able to use tail-call optimizations to make the 1816 * large ## of parameters not a huge deal. 1817 */ 1818 static void 1819 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial, 1820 keysock_consumer_t *kc, boolean_t persistent) 1821 { 1822 keysock_t *ks; 1823 uint8_t satype = samsg->sadb_msg_satype; 1824 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE, 1825 setalg = B_FALSE; 1826 mblk_t *mp1; 1827 int err = EIPSECNOSA; 1828 1829 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */ 1830 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI); 1831 if (mp1 == NULL) { 1832 err = ENOMEM; 1833 goto error; 1834 } 1835 mp1->b_wptr += sizeof (struct T_data_req); 1836 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND; 1837 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0; 1838 mp1->b_datap->db_type = M_PROTO; 1839 mp1->b_cont = mp; 1840 mp = mp1; 1841 1842 switch (samsg->sadb_msg_type) { 1843 case SADB_FLUSH: 1844 case SADB_GETSPI: 1845 case SADB_UPDATE: 1846 case SADB_ADD: 1847 case SADB_DELETE: 1848 case SADB_EXPIRE: 1849 /* 1850 * These are most likely replies. Don't worry about 1851 * KEYSOCK_OUT_ERR handling. Deliver to all sockets. 1852 */ 1853 ks3dbg(("Delivering normal message (%d) to all sockets.\n", 1854 samsg->sadb_msg_type)); 1855 toall = B_TRUE; 1856 break; 1857 case SADB_REGISTER: 1858 /* 1859 * REGISTERs come up for one of three reasons: 1860 * 1861 * 1.) In response to a normal SADB_REGISTER 1862 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 1863 * serial != 0) 1864 * Deliver to normal SADB_REGISTERed sockets. 1865 * 2.) In response to an extended REGISTER 1866 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 1867 * Deliver to extended REGISTERed socket. 1868 * 3.) Spontaneous algorithm changes 1869 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 1870 * serial == 0) 1871 * Deliver to REGISTERed sockets of all sorts. 1872 */ 1873 if (kc == NULL) { 1874 /* Here because of keysock_error() call. */ 1875 ASSERT(samsg->sadb_msg_errno != 0); 1876 break; /* Out of switch. */ 1877 } 1878 ks3dbg(("Delivering REGISTER.\n")); 1879 if (satype == SADB_SATYPE_UNSPEC) { 1880 /* REGISTER Reason #2 */ 1881 allereg = B_TRUE; 1882 /* 1883 * Rewhack SA type so PF_KEY socket holder knows what 1884 * consumer generated this algorithm list. 1885 */ 1886 satype = kc->kc_sa_type; 1887 samsg->sadb_msg_satype = satype; 1888 setalg = B_TRUE; 1889 } else if (serial == 0) { 1890 /* REGISTER Reason #3 */ 1891 allreg = B_TRUE; 1892 allereg = B_TRUE; 1893 } else { 1894 /* REGISTER Reason #1 */ 1895 allreg = B_TRUE; 1896 setalg = B_TRUE; 1897 } 1898 break; 1899 case SADB_ACQUIRE: 1900 /* 1901 * ACQUIREs are either extended (sadb_msg_satype == 0) or 1902 * regular (sadb_msg_satype != 0). And we're guaranteed 1903 * that serial == 0 for an ACQUIRE. 1904 */ 1905 ks3dbg(("Delivering ACQUIRE.\n")); 1906 allereg = (satype == SADB_SATYPE_UNSPEC); 1907 allreg = !allereg; 1908 /* 1909 * Corner case - if we send a regular ACQUIRE and there's 1910 * extended ones registered, don't send an error down to 1911 * consumers if nobody's listening and prematurely destroy 1912 * their ACQUIRE record. This might be too hackish of a 1913 * solution. 1914 */ 1915 if (allreg && keysock_num_extended > 0) 1916 err = 0; 1917 break; 1918 case SADB_X_PROMISC: 1919 case SADB_X_INVERSE_ACQUIRE: 1920 case SADB_DUMP: 1921 case SADB_GET: 1922 default: 1923 /* 1924 * Deliver to the sender and promiscuous only. 1925 */ 1926 ks3dbg(("Delivering sender/promisc only (%d).\n", 1927 samsg->sadb_msg_type)); 1928 break; 1929 } 1930 1931 mutex_enter(&keysock_list_lock); 1932 for (ks = keysock_list; ks != NULL; ks = ks->keysock_next) { 1933 /* Delivery loop. */ 1934 1935 /* 1936 * Check special keysock-setting cases (REGISTER replies) 1937 * here. 1938 */ 1939 if (setalg && serial == ks->keysock_serial) { 1940 ASSERT(kc != NULL); 1941 ASSERT(kc->kc_sa_type == satype); 1942 KEYSOCK_SETREG(ks, satype); 1943 } 1944 1945 /* 1946 * NOLOOP takes precedence over PROMISC. So if you've set 1947 * !SO_USELOOPBACK, don't expect to see any data... 1948 */ 1949 if (ks->keysock_flags & KEYSOCK_NOLOOP) 1950 continue; 1951 1952 /* 1953 * Messages to all, or promiscuous sockets just GET the 1954 * message. Perform rules-type checking iff it's not for all 1955 * listeners or the socket is in promiscuous mode. 1956 * 1957 * NOTE:Because of the (kc != NULL && ISREG()), make sure 1958 * extended ACQUIREs arrive off a consumer that is 1959 * part of the extended REGISTER set of consumers. 1960 */ 1961 if (serial != ks->keysock_serial && 1962 !toall && 1963 !(ks->keysock_flags & KEYSOCK_PROMISC) && 1964 !((ks->keysock_flags & KEYSOCK_EXTENDED) ? 1965 allereg : allreg && kc != NULL && 1966 KEYSOCK_ISREG(ks, kc->kc_sa_type))) 1967 continue; 1968 1969 mp1 = dupmsg(mp); 1970 if (mp1 == NULL) { 1971 ks2dbg(( 1972 "keysock_passup(): dupmsg() failed.\n")); 1973 mp1 = mp; 1974 mp = NULL; 1975 err = ENOMEM; 1976 } 1977 1978 /* 1979 * At this point, we can deliver or attempt to deliver 1980 * this message. We're free of obligation to report 1981 * no listening PF_KEY sockets. So set err to 0. 1982 */ 1983 err = 0; 1984 1985 /* 1986 * See if we canputnext(), as well as see if the message 1987 * needs to be queued if we can't. 1988 */ 1989 if (!canputnext(ks->keysock_rq)) { 1990 if (persistent) { 1991 if (putq(ks->keysock_rq, mp1) == 0) { 1992 ks1dbg(( 1993 "keysock_passup: putq failed.\n")); 1994 } else { 1995 continue; 1996 } 1997 } 1998 freemsg(mp1); 1999 continue; 2000 } 2001 2002 ks3dbg(("Putting to serial %d.\n", ks->keysock_serial)); 2003 /* 2004 * Unlike the specific keysock instance case, this 2005 * will only hit for listeners, so we will only 2006 * putnext() if we can. 2007 */ 2008 putnext(ks->keysock_rq, mp1); 2009 if (mp == NULL) 2010 break; /* out of for loop. */ 2011 } 2012 mutex_exit(&keysock_list_lock); 2013 2014 error: 2015 if ((err != 0) && (kc != NULL)) { 2016 /* 2017 * Generate KEYSOCK_OUT_ERR for consumer. 2018 * Basically, I send this back if I have not been able to 2019 * transmit (for whatever reason) 2020 */ 2021 ks1dbg(("keysock_passup(): No registered of type %d.\n", 2022 satype)); 2023 if (mp != NULL) { 2024 if (mp->b_datap->db_type == M_PROTO) { 2025 mp1 = mp; 2026 mp = mp->b_cont; 2027 freeb(mp1); 2028 } 2029 /* 2030 * Do a copymsg() because people who get 2031 * KEYSOCK_OUT_ERR may alter the message contents. 2032 */ 2033 mp1 = copymsg(mp); 2034 if (mp1 == NULL) { 2035 ks2dbg(("keysock_passup: copymsg() failed.\n")); 2036 mp1 = mp; 2037 mp = NULL; 2038 } 2039 keysock_out_err(kc, err, mp1); 2040 } 2041 } 2042 2043 /* 2044 * XXX Blank the message somehow. This is difficult because we don't 2045 * know at this point if the message has db_ref > 1, etc. 2046 * 2047 * Optimally, keysock messages containing actual keying material would 2048 * be allocated with esballoc(), with a zeroing free function. 2049 */ 2050 if (mp != NULL) 2051 freemsg(mp); 2052 } 2053 2054 /* 2055 * Keysock's read service procedure is there only for PF_KEY reply 2056 * messages that really need to reach the top. 2057 */ 2058 static void 2059 keysock_rsrv(queue_t *q) 2060 { 2061 mblk_t *mp; 2062 2063 while ((mp = getq(q)) != NULL) { 2064 if (canputnext(q)) { 2065 putnext(q, mp); 2066 } else { 2067 (void) putbq(q, mp); 2068 return; 2069 } 2070 } 2071 } 2072 2073 /* 2074 * The read procedure should only be invoked by a keysock consumer, like 2075 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK 2076 * messages on my read queues. 2077 */ 2078 static void 2079 keysock_rput(queue_t *q, mblk_t *mp) 2080 { 2081 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 2082 ipsec_info_t *ii; 2083 keysock_hello_ack_t *ksa; 2084 minor_t serial; 2085 mblk_t *mp1; 2086 sadb_msg_t *samsg; 2087 2088 /* Make sure I'm a consumer instance. (i.e. something's below me) */ 2089 ASSERT(WR(q)->q_next != NULL); 2090 2091 if (mp->b_datap->db_type != M_CTL) { 2092 /* 2093 * Keysock should only see keysock consumer interface 2094 * messages (see ipsec_info.h) on its read procedure. 2095 * To be robust, however, putnext() up so the STREAM head can 2096 * deal with it appropriately. 2097 */ 2098 ks1dbg(("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n", 2099 mp->b_datap->db_type, mp->b_datap->db_type)); 2100 putnext(q, mp); 2101 return; 2102 } 2103 2104 ii = (ipsec_info_t *)mp->b_rptr; 2105 2106 switch (ii->ipsec_info_type) { 2107 case KEYSOCK_OUT: 2108 /* 2109 * A consumer needs to pass a response message or an ACQUIRE 2110 * UP. I assume that the consumer has done the right 2111 * thing w.r.t. message creation, etc. 2112 */ 2113 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial; 2114 mp1 = mp->b_cont; /* Get M_DATA portion. */ 2115 freeb(mp); 2116 samsg = (sadb_msg_t *)mp1->b_rptr; 2117 if (samsg->sadb_msg_type == SADB_FLUSH || 2118 (samsg->sadb_msg_type == SADB_DUMP && 2119 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) { 2120 /* 2121 * If I'm an end-of-FLUSH or an end-of-DUMP marker... 2122 */ 2123 ASSERT(keysock_flushdump != 0); /* Am I flushing? */ 2124 2125 mutex_enter(&kc->kc_lock); 2126 kc->kc_flags &= ~KC_FLUSHING; 2127 mutex_exit(&kc->kc_lock); 2128 2129 if (samsg->sadb_msg_errno != 0) 2130 keysock_flushdump_errno = samsg->sadb_msg_errno; 2131 2132 /* 2133 * Lower the atomic "flushing" count. If it's 2134 * the last one, send up the end-of-{FLUSH,DUMP} to 2135 * the appropriate PF_KEY socket. 2136 */ 2137 if (atomic_add_32_nv(&keysock_flushdump, -1) != 0) { 2138 ks1dbg(("One flush/dump message back from %d," 2139 " more to go.\n", samsg->sadb_msg_satype)); 2140 freemsg(mp1); 2141 return; 2142 } 2143 2144 samsg->sadb_msg_errno = 2145 (uint8_t)keysock_flushdump_errno; 2146 if (samsg->sadb_msg_type == SADB_DUMP) { 2147 samsg->sadb_msg_seq = 0; 2148 } 2149 } 2150 keysock_passup(mp1, samsg, serial, kc, 2151 (samsg->sadb_msg_type == SADB_DUMP)); 2152 return; 2153 case KEYSOCK_HELLO_ACK: 2154 /* Aha, now we can link in the consumer! */ 2155 ksa = (keysock_hello_ack_t *)ii; 2156 keysock_link_consumer(ksa->ks_hello_satype, kc); 2157 freemsg(mp); 2158 return; 2159 default: 2160 ks1dbg(("Hmmm, an IPsec info I'm not used to, 0x%x\n", 2161 ii->ipsec_info_type)); 2162 putnext(q, mp); 2163 } 2164 } 2165 2166 /* 2167 * So we can avoid external linking problems.... 2168 */ 2169 boolean_t 2170 keysock_extended_reg(void) 2171 { 2172 return (keysock_num_extended != 0); 2173 } 2174 2175 uint32_t 2176 keysock_next_seq(void) 2177 { 2178 return (atomic_add_32_nv(&keysock_acquire_seq, -1)); 2179 } 2180