1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 /* 26 * Copyright 2017 Joyent, Inc. 27 */ 28 29 #include <sys/param.h> 30 #include <sys/types.h> 31 #include <sys/stream.h> 32 #include <sys/strsubr.h> 33 #include <sys/strsun.h> 34 #include <sys/stropts.h> 35 #include <sys/vnode.h> 36 #include <sys/zone.h> 37 #include <sys/strlog.h> 38 #include <sys/sysmacros.h> 39 #define _SUN_TPI_VERSION 2 40 #include <sys/tihdr.h> 41 #include <sys/timod.h> 42 #include <sys/tiuser.h> 43 #include <sys/ddi.h> 44 #include <sys/sunddi.h> 45 #include <sys/sunldi.h> 46 #include <sys/file.h> 47 #include <sys/modctl.h> 48 #include <sys/debug.h> 49 #include <sys/kmem.h> 50 #include <sys/cmn_err.h> 51 #include <sys/proc.h> 52 #include <sys/suntpi.h> 53 #include <sys/atomic.h> 54 #include <sys/mkdev.h> 55 #include <sys/policy.h> 56 #include <sys/disp.h> 57 58 #include <sys/socket.h> 59 #include <netinet/in.h> 60 #include <net/pfkeyv2.h> 61 62 #include <inet/common.h> 63 #include <netinet/ip6.h> 64 #include <inet/ip.h> 65 #include <inet/proto_set.h> 66 #include <inet/nd.h> 67 #include <inet/optcom.h> 68 #include <inet/ipsec_info.h> 69 #include <inet/ipsec_impl.h> 70 #include <inet/keysock.h> 71 72 #include <sys/isa_defs.h> 73 74 /* 75 * This is a transport provider for the PF_KEY key mangement socket. 76 * (See RFC 2367 for details.) 77 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN 78 * messages (see ipsec_info.h), and passed to the appropriate consumer. 79 * Upstream messages are generated for all open PF_KEY sockets, when 80 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled) 81 * in reply to downstream messages. 82 * 83 * Upstream messages must be created asynchronously for the following 84 * situations: 85 * 86 * 1.) A keysock consumer requires an SA, and there is currently none. 87 * 2.) An SA expires, either hard or soft lifetime. 88 * 3.) Other events a consumer deems fit. 89 * 90 * The MT model of this is PERMOD, with shared put procedures. Two types of 91 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send 92 * down the *multiple* messages they create. 93 */ 94 95 static vmem_t *keysock_vmem; /* for minor numbers. */ 96 97 #define KEYSOCK_MAX_CONSUMERS 256 98 99 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */ 100 static struct T_info_ack keysock_g_t_info_ack = { 101 T_INFO_ACK, 102 T_INFINITE, /* TSDU_size. Maximum size messages. */ 103 T_INVALID, /* ETSDU_size. No expedited data. */ 104 T_INVALID, /* CDATA_size. No connect data. */ 105 T_INVALID, /* DDATA_size. No disconnect data. */ 106 0, /* ADDR_size. */ 107 0, /* OPT_size. No user-settable options */ 108 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */ 109 T_COTS, /* SERV_type. keysock supports connection oriented. */ 110 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */ 111 (XPG4_1) /* Provider flags */ 112 }; 113 114 /* Named Dispatch Parameter Management Structure */ 115 typedef struct keysockparam_s { 116 uint_t keysock_param_min; 117 uint_t keysock_param_max; 118 uint_t keysock_param_value; 119 char *keysock_param_name; 120 } keysockparam_t; 121 122 /* 123 * Table of NDD variables supported by keysock. These are loaded into 124 * keysock_g_nd in keysock_init_nd. 125 * All of these are alterable, within the min/max values given, at run time. 126 */ 127 static keysockparam_t lcl_param_arr[] = { 128 /* min max value name */ 129 { 4096, 65536, 8192, "keysock_xmit_hiwat"}, 130 { 0, 65536, 1024, "keysock_xmit_lowat"}, 131 { 4096, 65536, 8192, "keysock_recv_hiwat"}, 132 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"}, 133 { 0, 3, 0, "keysock_debug"}, 134 }; 135 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value 136 #define keystack_xmit_lowat keystack_params[1].keysock_param_value 137 #define keystack_recv_hiwat keystack_params[2].keysock_param_value 138 #define keystack_max_buf keystack_params[3].keysock_param_value 139 #define keystack_debug keystack_params[4].keysock_param_value 140 141 #define ks0dbg(a) printf a 142 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 143 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a 144 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a 145 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a 146 147 static int keysock_close(queue_t *); 148 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *); 149 static void keysock_wput(queue_t *, mblk_t *); 150 static void keysock_rput(queue_t *, mblk_t *); 151 static void keysock_rsrv(queue_t *); 152 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t, 153 keysock_consumer_t *, boolean_t, keysock_stack_t *); 154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns); 155 static void keysock_stack_fini(netstackid_t stackid, void *arg); 156 157 static struct module_info info = { 158 5138, "keysock", 1, INFPSZ, 512, 128 159 }; 160 161 static struct qinit rinit = { 162 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close, 163 NULL, &info 164 }; 165 166 static struct qinit winit = { 167 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info 168 }; 169 170 struct streamtab keysockinfo = { 171 &rinit, &winit 172 }; 173 174 extern struct modlinkage *keysock_modlp; 175 176 /* 177 * Plumb IPsec. 178 * 179 * NOTE: New "default" modules will need to be loaded here if needed before 180 * boot time. 181 */ 182 183 /* Keep these in global space to keep the lint from complaining. */ 184 static char *IPSECESP = "ipsecesp"; 185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp"; 186 static char *IPSECAH = "ipsecah"; 187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah"; 188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6"; 189 static char *KEYSOCK = "keysock"; 190 static char *STRMOD = "strmod"; 191 192 /* 193 * Load the other ipsec modules and plumb them together. 194 */ 195 int 196 keysock_plumb_ipsec(netstack_t *ns) 197 { 198 ldi_handle_t lh, ip6_lh = NULL; 199 ldi_ident_t li = NULL; 200 int err = 0; 201 int muxid, rval; 202 boolean_t esp_present = B_TRUE; 203 cred_t *cr; 204 keysock_stack_t *keystack = ns->netstack_keysock; 205 206 #ifdef NS_DEBUG 207 (void) printf("keysock_plumb_ipsec(%d)\n", 208 ns->netstack_stackid); 209 #endif 210 211 keystack->keystack_plumbed = 0; /* we're trying again.. */ 212 213 cr = zone_get_kcred(netstackid_to_zoneid( 214 keystack->keystack_netstack->netstack_stackid)); 215 ASSERT(cr != NULL); 216 /* 217 * Load up the drivers (AH/ESP). 218 * 219 * I do this separately from the actual plumbing in case this function 220 * ever gets called from a diskless boot before the root filesystem is 221 * up. I don't have to worry about "keysock" because, well, if I'm 222 * here, keysock must've loaded successfully. 223 */ 224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) { 225 ks0dbg(("IPsec: AH failed to attach.\n")); 226 goto bail; 227 } 228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) { 229 ks0dbg(("IPsec: ESP failed to attach.\n")); 230 esp_present = B_FALSE; 231 } 232 233 /* 234 * Set up the IP streams for AH and ESP, as well as tacking keysock 235 * on top of them. Assume keysock has set the autopushes up already. 236 */ 237 238 /* Open IP. */ 239 err = ldi_ident_from_mod(keysock_modlp, &li); 240 if (err) { 241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n", 242 err)); 243 goto bail; 244 } 245 246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li); 247 if (err) { 248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err)); 249 goto bail; 250 } 251 252 /* PLINK KEYSOCK/AH */ 253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li); 254 if (err) { 255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err)); 256 goto bail; 257 } 258 err = ldi_ioctl(lh, 259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 260 if (err) { 261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n", 262 err)); 263 (void) ldi_close(lh, FREAD|FWRITE, cr); 264 goto bail; 265 } 266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 268 if (err) { 269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err)); 270 (void) ldi_close(lh, FREAD|FWRITE, cr); 271 goto bail; 272 } 273 (void) ldi_close(lh, FREAD|FWRITE, cr); 274 275 /* PLINK KEYSOCK/ESP */ 276 if (esp_present) { 277 err = ldi_open_by_name(IPSECESPDEV, 278 FREAD|FWRITE, cr, &lh, li); 279 if (err) { 280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err)); 281 goto bail; 282 } 283 err = ldi_ioctl(lh, 284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 285 if (err) { 286 ks0dbg(("IPsec: " 287 "Push of KEYSOCK onto ESP failed (err %d).\n", 288 err)); 289 (void) ldi_close(lh, FREAD|FWRITE, cr); 290 goto bail; 291 } 292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 294 if (err) { 295 ks0dbg(("IPsec: " 296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err)); 297 (void) ldi_close(lh, FREAD|FWRITE, cr); 298 goto bail; 299 } 300 (void) ldi_close(lh, FREAD|FWRITE, cr); 301 } 302 303 bail: 304 keystack->keystack_plumbed = (err == 0) ? 1 : -1; 305 if (ip6_lh != NULL) { 306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr); 307 } 308 if (li != NULL) 309 ldi_ident_release(li); 310 #ifdef NS_DEBUG 311 (void) printf("keysock_plumb_ipsec -> %d\n", 312 keystack->keystack_plumbed); 313 #endif 314 crfree(cr); 315 return (err); 316 } 317 318 /* ARGSUSED */ 319 static int 320 keysock_param_get(queue_t *q, mblk_t *mp, caddr_t cp, cred_t *cr) 321 { 322 keysockparam_t *keysockpa = (keysockparam_t *)cp; 323 uint_t value; 324 keysock_t *ks = (keysock_t *)q->q_ptr; 325 keysock_stack_t *keystack = ks->keysock_keystack; 326 327 mutex_enter(&keystack->keystack_param_lock); 328 value = keysockpa->keysock_param_value; 329 mutex_exit(&keystack->keystack_param_lock); 330 331 (void) mi_mpprintf(mp, "%u", value); 332 return (0); 333 } 334 335 /* This routine sets an NDD variable in a keysockparam_t structure. */ 336 /* ARGSUSED */ 337 static int 338 keysock_param_set(queue_t *q, mblk_t *mp, char *value, caddr_t cp, cred_t *cr) 339 { 340 ulong_t new_value; 341 keysockparam_t *keysockpa = (keysockparam_t *)cp; 342 keysock_t *ks = (keysock_t *)q->q_ptr; 343 keysock_stack_t *keystack = ks->keysock_keystack; 344 345 /* Convert the value from a string into a long integer. */ 346 if (ddi_strtoul(value, NULL, 10, &new_value) != 0) 347 return (EINVAL); 348 349 mutex_enter(&keystack->keystack_param_lock); 350 /* 351 * Fail the request if the new value does not lie within the 352 * required bounds. 353 */ 354 if (new_value < keysockpa->keysock_param_min || 355 new_value > keysockpa->keysock_param_max) { 356 mutex_exit(&keystack->keystack_param_lock); 357 return (EINVAL); 358 } 359 360 /* Set the new value */ 361 keysockpa->keysock_param_value = new_value; 362 mutex_exit(&keystack->keystack_param_lock); 363 364 return (0); 365 } 366 367 /* 368 * Initialize keysock at module load time 369 */ 370 boolean_t 371 keysock_ddi_init(void) 372 { 373 keysock_max_optsize = optcom_max_optsize( 374 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt); 375 376 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1, 377 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER); 378 379 /* 380 * We want to be informed each time a stack is created or 381 * destroyed in the kernel, so we can maintain the 382 * set of keysock_stack_t's. 383 */ 384 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL, 385 keysock_stack_fini); 386 387 return (B_TRUE); 388 } 389 390 /* 391 * Walk through the param array specified registering each element with the 392 * named dispatch handler. 393 */ 394 static boolean_t 395 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt) 396 { 397 for (; cnt-- > 0; ksp++) { 398 if (ksp->keysock_param_name != NULL && 399 ksp->keysock_param_name[0]) { 400 if (!nd_load(ndp, 401 ksp->keysock_param_name, 402 keysock_param_get, keysock_param_set, 403 (caddr_t)ksp)) { 404 nd_free(ndp); 405 return (B_FALSE); 406 } 407 } 408 } 409 return (B_TRUE); 410 } 411 412 /* 413 * Initialize keysock for one stack instance 414 */ 415 /* ARGSUSED */ 416 static void * 417 keysock_stack_init(netstackid_t stackid, netstack_t *ns) 418 { 419 keysock_stack_t *keystack; 420 keysockparam_t *ksp; 421 422 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP); 423 keystack->keystack_netstack = ns; 424 425 keystack->keystack_acquire_seq = 0xffffffff; 426 427 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 428 keystack->keystack_params = ksp; 429 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr)); 430 431 (void) keysock_param_register(&keystack->keystack_g_nd, ksp, 432 A_CNT(lcl_param_arr)); 433 434 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL); 435 mutex_init(&keystack->keystack_consumers_lock, 436 NULL, MUTEX_DEFAULT, NULL); 437 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL); 438 return (keystack); 439 } 440 441 /* 442 * Free NDD variable space, and other destructors, for keysock. 443 */ 444 void 445 keysock_ddi_destroy(void) 446 { 447 netstack_unregister(NS_KEYSOCK); 448 vmem_destroy(keysock_vmem); 449 } 450 451 /* 452 * Remove one stack instance from keysock 453 */ 454 /* ARGSUSED */ 455 static void 456 keysock_stack_fini(netstackid_t stackid, void *arg) 457 { 458 keysock_stack_t *keystack = (keysock_stack_t *)arg; 459 460 nd_free(&keystack->keystack_g_nd); 461 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr)); 462 keystack->keystack_params = NULL; 463 464 mutex_destroy(&keystack->keystack_list_lock); 465 mutex_destroy(&keystack->keystack_consumers_lock); 466 mutex_destroy(&keystack->keystack_param_lock); 467 468 kmem_free(keystack, sizeof (*keystack)); 469 } 470 471 /* 472 * Close routine for keysock. 473 */ 474 static int 475 keysock_close(queue_t *q) 476 { 477 keysock_t *ks; 478 keysock_consumer_t *kc; 479 void *ptr = q->q_ptr; 480 int size; 481 keysock_stack_t *keystack; 482 483 484 qprocsoff(q); 485 486 /* Safe assumption. */ 487 ASSERT(ptr != NULL); 488 489 if (WR(q)->q_next) { 490 kc = (keysock_consumer_t *)ptr; 491 keystack = kc->kc_keystack; 492 493 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n", 494 kc->kc_sa_type)); 495 /* 496 * Because of PERMOD open/close exclusive perimeter, I 497 * can inspect KC_FLUSHING w/o locking down kc->kc_lock. 498 */ 499 if (kc->kc_flags & KC_FLUSHING) { 500 /* 501 * If this decrement was the last one, send 502 * down the next pending one, if any. 503 * 504 * With a PERMOD perimeter, the mutexes ops aren't 505 * really necessary, but if we ever loosen up, we will 506 * have this bit covered already. 507 */ 508 keystack->keystack_flushdump--; 509 if (keystack->keystack_flushdump == 0) { 510 /* 511 * The flush/dump terminated by having a 512 * consumer go away. I need to send up to the 513 * appropriate keysock all of the relevant 514 * information. Unfortunately, I don't 515 * have that handy. 516 */ 517 ks0dbg(("Consumer went away while flushing or" 518 " dumping.\n")); 519 } 520 } 521 size = sizeof (keysock_consumer_t); 522 mutex_enter(&keystack->keystack_consumers_lock); 523 keystack->keystack_consumers[kc->kc_sa_type] = NULL; 524 mutex_exit(&keystack->keystack_consumers_lock); 525 mutex_destroy(&kc->kc_lock); 526 netstack_rele(kc->kc_keystack->keystack_netstack); 527 } else { 528 ks = (keysock_t *)ptr; 529 keystack = ks->keysock_keystack; 530 531 ks3dbg(keystack, 532 ("Driver close, PF_KEY socket is going away.\n")); 533 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0) 534 atomic_dec_32(&keystack->keystack_num_extended); 535 size = sizeof (keysock_t); 536 mutex_enter(&keystack->keystack_list_lock); 537 *(ks->keysock_ptpn) = ks->keysock_next; 538 if (ks->keysock_next != NULL) 539 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn; 540 mutex_exit(&keystack->keystack_list_lock); 541 mutex_destroy(&ks->keysock_lock); 542 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial, 543 1); 544 netstack_rele(ks->keysock_keystack->keystack_netstack); 545 } 546 547 /* Now I'm free. */ 548 kmem_free(ptr, size); 549 return (0); 550 } 551 /* 552 * Open routine for keysock. 553 */ 554 /* ARGSUSED */ 555 static int 556 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 557 { 558 keysock_t *ks; 559 keysock_consumer_t *kc; 560 mblk_t *mp; 561 ipsec_info_t *ii; 562 netstack_t *ns; 563 keysock_stack_t *keystack; 564 565 if (secpolicy_ip_config(credp, B_FALSE) != 0) { 566 /* Privilege debugging will log the error */ 567 return (EPERM); 568 } 569 570 if (q->q_ptr != NULL) 571 return (0); /* Re-open of an already open instance. */ 572 573 ns = netstack_find_by_cred(credp); 574 ASSERT(ns != NULL); 575 keystack = ns->netstack_keysock; 576 ASSERT(keystack != NULL); 577 578 ks3dbg(keystack, ("Entering keysock open.\n")); 579 580 if (keystack->keystack_plumbed < 1) { 581 netstack_t *ns = keystack->keystack_netstack; 582 583 keystack->keystack_plumbed = 0; 584 #ifdef NS_DEBUG 585 printf("keysock_open(%d) - plumb\n", 586 keystack->keystack_netstack->netstack_stackid); 587 #endif 588 /* 589 * Don't worry about ipsec_failure being true here. 590 * (See ip.c). An open of keysock should try and force 591 * the issue. Maybe it was a transient failure. 592 */ 593 ipsec_loader_loadnow(ns->netstack_ipsec); 594 } 595 596 if (sflag & MODOPEN) { 597 /* Initialize keysock_consumer state here. */ 598 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP); 599 if (kc == NULL) { 600 netstack_rele(keystack->keystack_netstack); 601 return (ENOMEM); 602 } 603 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0); 604 kc->kc_rq = q; 605 kc->kc_wq = WR(q); 606 607 q->q_ptr = kc; 608 WR(q)->q_ptr = kc; 609 610 kc->kc_keystack = keystack; 611 qprocson(q); 612 613 /* 614 * Send down initial message to whatever I was pushed on top 615 * of asking for its consumer type. The reply will set it. 616 */ 617 618 /* Allocate it. */ 619 mp = allocb(sizeof (ipsec_info_t), BPRI_HI); 620 if (mp == NULL) { 621 ks1dbg(keystack, ( 622 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n")); 623 /* Do I need to set these to null? */ 624 q->q_ptr = NULL; 625 WR(q)->q_ptr = NULL; 626 mutex_destroy(&kc->kc_lock); 627 kmem_free(kc, sizeof (*kc)); 628 netstack_rele(keystack->keystack_netstack); 629 return (ENOMEM); 630 } 631 632 /* If I allocated okay, putnext to what I was pushed atop. */ 633 mp->b_wptr += sizeof (ipsec_info_t); 634 mp->b_datap->db_type = M_CTL; 635 ii = (ipsec_info_t *)mp->b_rptr; 636 ii->ipsec_info_type = KEYSOCK_HELLO; 637 /* Length only of type/len. */ 638 ii->ipsec_info_len = sizeof (ii->ipsec_allu); 639 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n")); 640 putnext(kc->kc_wq, mp); 641 } else { 642 minor_t ksminor; 643 644 /* Initialize keysock state. */ 645 646 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n")); 647 648 ksminor = (minor_t)(uintptr_t) 649 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP); 650 if (ksminor == 0) { 651 netstack_rele(keystack->keystack_netstack); 652 return (ENOMEM); 653 } 654 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP); 655 if (ks == NULL) { 656 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1); 657 netstack_rele(keystack->keystack_netstack); 658 return (ENOMEM); 659 } 660 661 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0); 662 ks->keysock_rq = q; 663 ks->keysock_wq = WR(q); 664 ks->keysock_state = TS_UNBND; 665 ks->keysock_serial = ksminor; 666 667 q->q_ptr = ks; 668 WR(q)->q_ptr = ks; 669 ks->keysock_keystack = keystack; 670 671 /* 672 * The receive hiwat is only looked at on the stream head 673 * queue. Store in q_hiwat in order to return on SO_RCVBUF 674 * getsockopts. 675 */ 676 677 q->q_hiwat = keystack->keystack_recv_hiwat; 678 679 /* 680 * The transmit hiwat/lowat is only looked at on IP's queue. 681 * Store in q_hiwat/q_lowat in order to return on 682 * SO_SNDBUF/SO_SNDLOWAT getsockopts. 683 */ 684 685 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat; 686 WR(q)->q_lowat = keystack->keystack_xmit_lowat; 687 688 *devp = makedevice(getmajor(*devp), ksminor); 689 690 /* 691 * Thread keysock into the global keysock list. 692 */ 693 mutex_enter(&keystack->keystack_list_lock); 694 ks->keysock_next = keystack->keystack_list; 695 ks->keysock_ptpn = &keystack->keystack_list; 696 if (keystack->keystack_list != NULL) { 697 keystack->keystack_list->keysock_ptpn = 698 &ks->keysock_next; 699 } 700 keystack->keystack_list = ks; 701 mutex_exit(&keystack->keystack_list_lock); 702 703 qprocson(q); 704 (void) proto_set_rx_hiwat(q, NULL, 705 keystack->keystack_recv_hiwat); 706 /* 707 * Wait outside the keysock module perimeter for IPsec 708 * plumbing to be completed. If it fails, keysock_close() 709 * undoes everything we just did. 710 */ 711 if (!ipsec_loader_wait(q, 712 keystack->keystack_netstack->netstack_ipsec)) { 713 (void) keysock_close(q); 714 return (EPFNOSUPPORT); 715 } 716 } 717 718 return (0); 719 } 720 721 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */ 722 723 /* 724 * Copy relevant state bits. 725 */ 726 static void 727 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks) 728 { 729 *tap = keysock_g_t_info_ack; 730 tap->CURRENT_state = ks->keysock_state; 731 tap->OPT_size = keysock_max_optsize; 732 } 733 734 /* 735 * This routine responds to T_CAPABILITY_REQ messages. It is called by 736 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from 737 * keysock_g_t_info_ack. The current state of the stream is copied from 738 * keysock_state. 739 */ 740 static void 741 keysock_capability_req(queue_t *q, mblk_t *mp) 742 { 743 keysock_t *ks = (keysock_t *)q->q_ptr; 744 t_uscalar_t cap_bits1; 745 struct T_capability_ack *tcap; 746 747 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 748 749 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 750 mp->b_datap->db_type, T_CAPABILITY_ACK); 751 if (mp == NULL) 752 return; 753 754 tcap = (struct T_capability_ack *)mp->b_rptr; 755 tcap->CAP_bits1 = 0; 756 757 if (cap_bits1 & TC1_INFO) { 758 keysock_copy_info(&tcap->INFO_ack, ks); 759 tcap->CAP_bits1 |= TC1_INFO; 760 } 761 762 qreply(q, mp); 763 } 764 765 /* 766 * This routine responds to T_INFO_REQ messages. It is called by 767 * keysock_wput_other. 768 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack. 769 * The current state of the stream is copied from keysock_state. 770 */ 771 static void 772 keysock_info_req(queue_t *q, mblk_t *mp) 773 { 774 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO, 775 T_INFO_ACK); 776 if (mp == NULL) 777 return; 778 keysock_copy_info((struct T_info_ack *)mp->b_rptr, 779 (keysock_t *)q->q_ptr); 780 qreply(q, mp); 781 } 782 783 /* 784 * keysock_err_ack. This routine creates a 785 * T_ERROR_ACK message and passes it 786 * upstream. 787 */ 788 static void 789 keysock_err_ack(queue_t *q, mblk_t *mp, int t_error, int sys_error) 790 { 791 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL) 792 qreply(q, mp); 793 } 794 795 /* 796 * This routine retrieves the current status of socket options. 797 * It returns the size of the option retrieved. 798 */ 799 /* ARGSUSED */ 800 int 801 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr) 802 { 803 int *i1 = (int *)ptr; 804 keysock_t *ks = (keysock_t *)q->q_ptr; 805 806 switch (level) { 807 case SOL_SOCKET: 808 mutex_enter(&ks->keysock_lock); 809 switch (name) { 810 case SO_TYPE: 811 *i1 = SOCK_RAW; 812 break; 813 case SO_USELOOPBACK: 814 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) == 815 KEYSOCK_NOLOOP)); 816 break; 817 /* 818 * The following two items can be manipulated, 819 * but changing them should do nothing. 820 */ 821 case SO_SNDBUF: 822 *i1 = (int)q->q_hiwat; 823 break; 824 case SO_RCVBUF: 825 *i1 = (int)(RD(q)->q_hiwat); 826 break; 827 } 828 mutex_exit(&ks->keysock_lock); 829 break; 830 default: 831 return (0); 832 } 833 return (sizeof (int)); 834 } 835 836 /* 837 * This routine sets socket options. 838 */ 839 /* ARGSUSED */ 840 int 841 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level, 842 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 843 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr) 844 { 845 int *i1 = (int *)invalp, errno = 0; 846 keysock_t *ks = (keysock_t *)q->q_ptr; 847 keysock_stack_t *keystack = ks->keysock_keystack; 848 849 switch (level) { 850 case SOL_SOCKET: 851 mutex_enter(&ks->keysock_lock); 852 switch (name) { 853 case SO_USELOOPBACK: 854 if (!(*i1)) 855 ks->keysock_flags |= KEYSOCK_NOLOOP; 856 else ks->keysock_flags &= ~KEYSOCK_NOLOOP; 857 break; 858 case SO_SNDBUF: 859 if (*i1 > keystack->keystack_max_buf) 860 errno = ENOBUFS; 861 else q->q_hiwat = *i1; 862 break; 863 case SO_RCVBUF: 864 if (*i1 > keystack->keystack_max_buf) { 865 errno = ENOBUFS; 866 } else { 867 RD(q)->q_hiwat = *i1; 868 (void) proto_set_rx_hiwat(RD(q), NULL, *i1); 869 } 870 break; 871 default: 872 errno = EINVAL; 873 } 874 mutex_exit(&ks->keysock_lock); 875 break; 876 default: 877 errno = EINVAL; 878 } 879 return (errno); 880 } 881 882 /* 883 * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and 884 * PF_POLICY. 885 */ 886 void 887 keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family) 888 { 889 mblk_t *mp1; 890 STRUCT_HANDLE(strbuf, sb); 891 /* What size of sockaddr do we need? */ 892 const uint_t addrlen = sizeof (struct sockaddr); 893 894 /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */ 895 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) { 896 case TI_GETMYNAME: 897 case TI_GETPEERNAME: 898 break; 899 default: 900 freemsg(mp); 901 return; 902 } 903 904 switch (mi_copy_state(q, mp, &mp1)) { 905 case -1: 906 return; 907 case MI_COPY_CASE(MI_COPY_IN, 1): 908 break; 909 case MI_COPY_CASE(MI_COPY_OUT, 1): 910 /* 911 * The address has been copied out, so now 912 * copyout the strbuf. 913 */ 914 mi_copyout(q, mp); 915 return; 916 case MI_COPY_CASE(MI_COPY_OUT, 2): 917 /* 918 * The address and strbuf have been copied out. 919 * We're done, so just acknowledge the original 920 * M_IOCTL. 921 */ 922 mi_copy_done(q, mp, 0); 923 return; 924 default: 925 /* 926 * Something strange has happened, so acknowledge 927 * the original M_IOCTL with an EPROTO error. 928 */ 929 mi_copy_done(q, mp, EPROTO); 930 return; 931 } 932 933 /* 934 * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we 935 * copyout the requested address and then we'll copyout the strbuf. 936 * Regardless of sockname or peername, we just return a sockaddr with 937 * sa_family set. 938 */ 939 STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag, 940 (void *)mp1->b_rptr); 941 942 if (STRUCT_FGET(sb, maxlen) < addrlen) { 943 mi_copy_done(q, mp, EINVAL); 944 return; 945 } 946 947 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE); 948 if (mp1 == NULL) 949 return; 950 951 STRUCT_FSET(sb, len, addrlen); 952 ((struct sockaddr *)mp1->b_wptr)->sa_family = family; 953 mp1->b_wptr += addrlen; 954 mi_copyout(q, mp); 955 } 956 957 /* 958 * Handle STREAMS messages. 959 */ 960 static void 961 keysock_wput_other(queue_t *q, mblk_t *mp) 962 { 963 struct iocblk *iocp; 964 int error; 965 keysock_t *ks = (keysock_t *)q->q_ptr; 966 keysock_stack_t *keystack = ks->keysock_keystack; 967 cred_t *cr; 968 969 switch (mp->b_datap->db_type) { 970 case M_PROTO: 971 case M_PCPROTO: 972 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) { 973 ks3dbg(keystack, ( 974 "keysock_wput_other: Not big enough M_PROTO\n")); 975 freemsg(mp); 976 return; 977 } 978 switch (((union T_primitives *)mp->b_rptr)->type) { 979 case T_CAPABILITY_REQ: 980 keysock_capability_req(q, mp); 981 break; 982 case T_INFO_REQ: 983 keysock_info_req(q, mp); 984 break; 985 case T_SVR4_OPTMGMT_REQ: 986 case T_OPTMGMT_REQ: 987 /* 988 * All Solaris components should pass a db_credp 989 * for this TPI message, hence we ASSERT. 990 * But in case there is some other M_PROTO that looks 991 * like a TPI message sent by some other kernel 992 * component, we check and return an error. 993 */ 994 cr = msg_getcred(mp, NULL); 995 ASSERT(cr != NULL); 996 if (cr == NULL) { 997 keysock_err_ack(q, mp, TSYSERR, EINVAL); 998 return; 999 } 1000 if (((union T_primitives *)mp->b_rptr)->type == 1001 T_SVR4_OPTMGMT_REQ) { 1002 svr4_optcom_req(q, mp, cr, &keysock_opt_obj); 1003 } else { 1004 tpi_optcom_req(q, mp, cr, &keysock_opt_obj); 1005 } 1006 break; 1007 case T_DATA_REQ: 1008 case T_EXDATA_REQ: 1009 case T_ORDREL_REQ: 1010 /* Illegal for keysock. */ 1011 freemsg(mp); 1012 (void) putnextctl1(RD(q), M_ERROR, EPROTO); 1013 break; 1014 default: 1015 /* Not supported by keysock. */ 1016 keysock_err_ack(q, mp, TNOTSUPPORT, 0); 1017 break; 1018 } 1019 return; 1020 case M_IOCDATA: 1021 keysock_spdsock_wput_iocdata(q, mp, PF_KEY); 1022 return; 1023 case M_IOCTL: 1024 iocp = (struct iocblk *)mp->b_rptr; 1025 error = EINVAL; 1026 1027 switch (iocp->ioc_cmd) { 1028 case TI_GETMYNAME: 1029 case TI_GETPEERNAME: 1030 /* 1031 * For pfiles(1) observability with getsockname(). 1032 * See keysock_spdsock_wput_iocdata() for the rest of 1033 * this. 1034 */ 1035 mi_copyin(q, mp, NULL, 1036 SIZEOF_STRUCT(strbuf, iocp->ioc_flag)); 1037 return; 1038 case ND_SET: 1039 case ND_GET: 1040 if (nd_getset(q, keystack->keystack_g_nd, mp)) { 1041 qreply(q, mp); 1042 return; 1043 } else 1044 error = ENOENT; 1045 /* FALLTHRU */ 1046 default: 1047 miocnak(q, mp, 0, error); 1048 return; 1049 } 1050 case M_FLUSH: 1051 if (*mp->b_rptr & FLUSHW) { 1052 flushq(q, FLUSHALL); 1053 *mp->b_rptr &= ~FLUSHW; 1054 } 1055 if (*mp->b_rptr & FLUSHR) { 1056 qreply(q, mp); 1057 return; 1058 } 1059 /* Else FALLTHRU */ 1060 } 1061 1062 /* If fell through, just black-hole the message. */ 1063 freemsg(mp); 1064 } 1065 1066 /* 1067 * Transmit a PF_KEY error message to the instance either pointed to 1068 * by ks, the instance with serial number serial, or more, depending. 1069 * 1070 * The faulty message (or a reasonable facsimile thereof) is in mp. 1071 * This function will free mp or recycle it for delivery, thereby causing 1072 * the stream head to free it. 1073 */ 1074 static void 1075 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic) 1076 { 1077 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1078 keysock_stack_t *keystack = ks->keysock_keystack; 1079 1080 ASSERT(mp->b_datap->db_type == M_DATA); 1081 1082 if (samsg->sadb_msg_type < SADB_GETSPI || 1083 samsg->sadb_msg_type > SADB_MAX) 1084 samsg->sadb_msg_type = SADB_RESERVED; 1085 1086 /* 1087 * Strip out extension headers. 1088 */ 1089 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim); 1090 mp->b_wptr = mp->b_rptr + sizeof (*samsg); 1091 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t)); 1092 samsg->sadb_msg_errno = (uint8_t)error; 1093 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic; 1094 1095 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack); 1096 } 1097 1098 /* 1099 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy 1100 * in the extv if passed in. 1101 */ 1102 static void 1103 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[], 1104 boolean_t flushmsg) 1105 { 1106 keysock_consumer_t *kc; 1107 mblk_t *wrapper; 1108 keysock_in_t *ksi; 1109 int i; 1110 keysock_stack_t *keystack = ks->keysock_keystack; 1111 1112 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI); 1113 if (wrapper == NULL) { 1114 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n")); 1115 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL) 1116 bzero(extv[SADB_EXT_KEY_ENCRYPT], 1117 SADB_64TO8( 1118 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len)); 1119 if (extv[SADB_EXT_KEY_AUTH] != NULL) 1120 bzero(extv[SADB_EXT_KEY_AUTH], 1121 SADB_64TO8( 1122 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len)); 1123 if (flushmsg) { 1124 ks0dbg(( 1125 "keysock: Downwards flush/dump message failed!\n")); 1126 /* If this is true, I hold the perimeter. */ 1127 keystack->keystack_flushdump--; 1128 } 1129 freemsg(mp); 1130 return; 1131 } 1132 1133 wrapper->b_datap->db_type = M_CTL; 1134 ksi = (keysock_in_t *)wrapper->b_rptr; 1135 ksi->ks_in_type = KEYSOCK_IN; 1136 ksi->ks_in_len = sizeof (keysock_in_t); 1137 if (extv[SADB_EXT_ADDRESS_SRC] != NULL) 1138 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN; 1139 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE; 1140 if (extv[SADB_EXT_ADDRESS_DST] != NULL) 1141 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN; 1142 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE; 1143 for (i = 0; i <= SADB_EXT_MAX; i++) 1144 ksi->ks_in_extv[i] = extv[i]; 1145 ksi->ks_in_serial = ks->keysock_serial; 1146 wrapper->b_wptr += sizeof (ipsec_info_t); 1147 wrapper->b_cont = mp; 1148 1149 /* 1150 * Find the appropriate consumer where the message is passed down. 1151 */ 1152 kc = keystack->keystack_consumers[satype]; 1153 if (kc == NULL) { 1154 freeb(wrapper); 1155 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1156 if (flushmsg) { 1157 ks0dbg(( 1158 "keysock: Downwards flush/dump message failed!\n")); 1159 /* If this is true, I hold the perimeter. */ 1160 keystack->keystack_flushdump--; 1161 } 1162 return; 1163 } 1164 1165 /* 1166 * NOTE: There used to be code in here to spin while a flush or 1167 * dump finished. Keysock now assumes that consumers have enough 1168 * MT-savviness to deal with that. 1169 */ 1170 1171 /* 1172 * Current consumers (AH and ESP) are guaranteed to return a 1173 * FLUSH or DUMP message back, so when we reach here, we don't 1174 * have to worry about keysock_flushdumps. 1175 */ 1176 1177 putnext(kc->kc_wq, wrapper); 1178 } 1179 1180 /* 1181 * High-level reality checking of extensions. 1182 */ 1183 static boolean_t 1184 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack) 1185 { 1186 int i; 1187 uint64_t *lp; 1188 sadb_ident_t *id; 1189 char *idstr; 1190 1191 switch (ext->sadb_ext_type) { 1192 case SADB_EXT_ADDRESS_SRC: 1193 case SADB_EXT_ADDRESS_DST: 1194 case SADB_X_EXT_ADDRESS_INNER_SRC: 1195 case SADB_X_EXT_ADDRESS_INNER_DST: 1196 /* Check for at least enough addtl length for a sockaddr. */ 1197 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t))) 1198 return (B_FALSE); 1199 break; 1200 case SADB_EXT_LIFETIME_HARD: 1201 case SADB_EXT_LIFETIME_SOFT: 1202 case SADB_EXT_LIFETIME_CURRENT: 1203 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t))) 1204 return (B_FALSE); 1205 break; 1206 case SADB_EXT_SPIRANGE: 1207 /* See if the SPI range is legit. */ 1208 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) > 1209 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max)) 1210 return (B_FALSE); 1211 break; 1212 case SADB_EXT_KEY_AUTH: 1213 case SADB_EXT_KEY_ENCRYPT: 1214 /* Key length check. */ 1215 if (((sadb_key_t *)ext)->sadb_key_bits == 0) 1216 return (B_FALSE); 1217 /* 1218 * Check to see if the key length (in bits) is less than the 1219 * extension length (in 8-bits words). 1220 */ 1221 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) + 1222 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) { 1223 ks1dbg(keystack, ( 1224 "ext_check: Key bits/length inconsistent.\n")); 1225 ks1dbg(keystack, ("%d bits, len is %d bytes.\n", 1226 ((sadb_key_t *)ext)->sadb_key_bits, 1227 SADB_64TO8(ext->sadb_ext_len))); 1228 return (B_FALSE); 1229 } 1230 1231 /* All-zeroes key check. */ 1232 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t)); 1233 for (i = 0; 1234 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t))); 1235 i++) 1236 if (lp[i] != 0) 1237 break; /* Out of for loop. */ 1238 /* If finished the loop naturally, it's an all zero key. */ 1239 if (lp[i] == 0) 1240 return (B_FALSE); 1241 break; 1242 case SADB_EXT_IDENTITY_SRC: 1243 case SADB_EXT_IDENTITY_DST: 1244 /* 1245 * Make sure the strings in these identities are 1246 * null-terminated. RFC 2367 underspecified how to handle 1247 * such a case. I "proactively" null-terminate the string 1248 * at the last byte if it's not terminated sooner. 1249 */ 1250 id = (sadb_ident_t *)ext; 1251 i = SADB_64TO8(id->sadb_ident_len); 1252 i -= sizeof (sadb_ident_t); 1253 idstr = (char *)(id + 1); 1254 while (*idstr != '\0' && i > 0) { 1255 i--; 1256 idstr++; 1257 } 1258 if (i == 0) { 1259 /* 1260 * I.e., if the bozo user didn't NULL-terminate the 1261 * string... 1262 */ 1263 idstr--; 1264 *idstr = '\0'; 1265 } 1266 break; 1267 } 1268 return (B_TRUE); /* For now... */ 1269 } 1270 1271 /* Return values for keysock_get_ext(). */ 1272 #define KGE_OK 0 1273 #define KGE_DUP 1 1274 #define KGE_UNK 2 1275 #define KGE_LEN 3 1276 #define KGE_CHK 4 1277 1278 /* 1279 * Parse basic extension headers and return in the passed-in pointer vector. 1280 * Return values include: 1281 * 1282 * KGE_OK Everything's nice and parsed out. 1283 * If there are no extensions, place NULL in extv[0]. 1284 * KGE_DUP There is a duplicate extension. 1285 * First instance in appropriate bin. First duplicate in 1286 * extv[0]. 1287 * KGE_UNK Unknown extension type encountered. extv[0] contains 1288 * unknown header. 1289 * KGE_LEN Extension length error. 1290 * KGE_CHK High-level reality check failed on specific extension. 1291 * 1292 * My apologies for some of the pointer arithmetic in here. I'm thinking 1293 * like an assembly programmer, yet trying to make the compiler happy. 1294 */ 1295 static int 1296 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize, 1297 keysock_stack_t *keystack) 1298 { 1299 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1)); 1300 1301 /* Use extv[0] as the "current working pointer". */ 1302 1303 extv[0] = (sadb_ext_t *)(basehdr + 1); 1304 1305 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) { 1306 /* Check for unknown headers. */ 1307 if (extv[0]->sadb_ext_type == 0 || 1308 extv[0]->sadb_ext_type > SADB_EXT_MAX) 1309 return (KGE_UNK); 1310 1311 /* 1312 * Check length. Use uint64_t because extlen is in units 1313 * of 64-bit words. If length goes beyond the msgsize, 1314 * return an error. (Zero length also qualifies here.) 1315 */ 1316 if (extv[0]->sadb_ext_len == 0 || 1317 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) > 1318 (void *)((uint8_t *)basehdr + msgsize)) 1319 return (KGE_LEN); 1320 1321 /* Check for redundant headers. */ 1322 if (extv[extv[0]->sadb_ext_type] != NULL) 1323 return (KGE_DUP); 1324 1325 /* 1326 * Reality check the extension if possible at the keysock 1327 * level. 1328 */ 1329 if (!ext_check(extv[0], keystack)) 1330 return (KGE_CHK); 1331 1332 /* If I make it here, assign the appropriate bin. */ 1333 extv[extv[0]->sadb_ext_type] = extv[0]; 1334 1335 /* Advance pointer (See above for uint64_t ptr reasoning.) */ 1336 extv[0] = (sadb_ext_t *) 1337 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len); 1338 } 1339 1340 /* Everything's cool. */ 1341 1342 /* 1343 * If extv[0] == NULL, then there are no extension headers in this 1344 * message. Ensure that this is the case. 1345 */ 1346 if (extv[0] == (sadb_ext_t *)(basehdr + 1)) 1347 extv[0] = NULL; 1348 1349 return (KGE_OK); 1350 } 1351 1352 /* 1353 * qwriter() callback to handle flushes and dumps. This routine will hold 1354 * the inner perimeter. 1355 */ 1356 void 1357 keysock_do_flushdump(queue_t *q, mblk_t *mp) 1358 { 1359 int i, start, finish; 1360 mblk_t *mp1 = NULL; 1361 keysock_t *ks = (keysock_t *)q->q_ptr; 1362 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1363 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1364 keysock_stack_t *keystack = ks->keysock_keystack; 1365 1366 /* 1367 * I am guaranteed this will work. I did the work in keysock_parse() 1368 * already. 1369 */ 1370 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len), 1371 keystack); 1372 1373 /* 1374 * I hold the perimeter, therefore I don't need to use atomic ops. 1375 */ 1376 if (keystack->keystack_flushdump != 0) { 1377 /* XXX Should I instead use EBUSY? */ 1378 /* XXX Or is there a way to queue these up? */ 1379 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE); 1380 return; 1381 } 1382 1383 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1384 start = 0; 1385 finish = KEYSOCK_MAX_CONSUMERS - 1; 1386 } else { 1387 start = samsg->sadb_msg_satype; 1388 finish = samsg->sadb_msg_satype; 1389 } 1390 1391 /* 1392 * Fill up keysock_flushdump with the number of outstanding dumps 1393 * and/or flushes. 1394 */ 1395 1396 keystack->keystack_flushdump_errno = 0; 1397 1398 /* 1399 * Okay, I hold the perimeter. Eventually keysock_flushdump will 1400 * contain the number of consumers with outstanding flush operations. 1401 * 1402 * SO, here's the plan: 1403 * * For each relevant consumer (Might be one, might be all) 1404 * * Twiddle on the FLUSHING flag. 1405 * * Pass down the FLUSH/DUMP message. 1406 * 1407 * When I see upbound FLUSH/DUMP messages, I will decrement the 1408 * keysock_flushdump. When I decrement it to 0, I will pass the 1409 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will 1410 * pass down the right SA type to the consumer (either its own, or 1411 * that of UNSPEC), the right one will be reflected from each consumer, 1412 * and accordingly back to the socket. 1413 */ 1414 1415 mutex_enter(&keystack->keystack_consumers_lock); 1416 for (i = start; i <= finish; i++) { 1417 if (keystack->keystack_consumers[i] != NULL) { 1418 mp1 = copymsg(mp); 1419 if (mp1 == NULL) { 1420 ks0dbg(("SADB_FLUSH copymsg() failed.\n")); 1421 /* 1422 * Error? And what about outstanding 1423 * flushes? Oh, yeah, they get sucked up and 1424 * the counter is decremented. Consumers 1425 * (see keysock_passdown()) are guaranteed 1426 * to deliver back a flush request, even if 1427 * it's an error. 1428 */ 1429 keysock_error(ks, mp, ENOMEM, 1430 SADB_X_DIAGNOSTIC_NONE); 1431 return; 1432 } 1433 /* 1434 * Because my entry conditions are met above, the 1435 * following assertion should hold true. 1436 */ 1437 mutex_enter(&keystack->keystack_consumers[i]->kc_lock); 1438 ASSERT((keystack->keystack_consumers[i]->kc_flags & 1439 KC_FLUSHING) == 0); 1440 keystack->keystack_consumers[i]->kc_flags |= 1441 KC_FLUSHING; 1442 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock)); 1443 /* Always increment the number of flushes... */ 1444 keystack->keystack_flushdump++; 1445 /* Guaranteed to return a message. */ 1446 keysock_passdown(ks, mp1, i, extv, B_TRUE); 1447 } else if (start == finish) { 1448 /* 1449 * In case where start == finish, and there's no 1450 * consumer, should we force an error? Yes. 1451 */ 1452 mutex_exit(&keystack->keystack_consumers_lock); 1453 keysock_error(ks, mp, EINVAL, 1454 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1455 return; 1456 } 1457 } 1458 mutex_exit(&keystack->keystack_consumers_lock); 1459 1460 if (keystack->keystack_flushdump == 0) { 1461 /* 1462 * There were no consumers at all for this message. 1463 * XXX For now return ESRCH. 1464 */ 1465 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS); 1466 } else { 1467 /* Otherwise, free the original message. */ 1468 freemsg(mp); 1469 } 1470 } 1471 1472 /* 1473 * Get the right diagnostic for a duplicate. Should probably use a static 1474 * table lookup. 1475 */ 1476 int 1477 keysock_duplicate(int ext_type) 1478 { 1479 int rc = 0; 1480 1481 switch (ext_type) { 1482 case SADB_EXT_ADDRESS_SRC: 1483 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC; 1484 break; 1485 case SADB_EXT_ADDRESS_DST: 1486 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST; 1487 break; 1488 case SADB_X_EXT_ADDRESS_INNER_SRC: 1489 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC; 1490 break; 1491 case SADB_X_EXT_ADDRESS_INNER_DST: 1492 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST; 1493 break; 1494 case SADB_EXT_SA: 1495 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA; 1496 break; 1497 case SADB_EXT_SPIRANGE: 1498 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE; 1499 break; 1500 case SADB_EXT_KEY_AUTH: 1501 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY; 1502 break; 1503 case SADB_EXT_KEY_ENCRYPT: 1504 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY; 1505 break; 1506 } 1507 return (rc); 1508 } 1509 1510 /* 1511 * Get the right diagnostic for a reality check failure. Should probably use 1512 * a static table lookup. 1513 */ 1514 int 1515 keysock_malformed(int ext_type) 1516 { 1517 int rc = 0; 1518 1519 switch (ext_type) { 1520 case SADB_EXT_ADDRESS_SRC: 1521 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC; 1522 break; 1523 case SADB_EXT_ADDRESS_DST: 1524 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST; 1525 break; 1526 case SADB_X_EXT_ADDRESS_INNER_SRC: 1527 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC; 1528 break; 1529 case SADB_X_EXT_ADDRESS_INNER_DST: 1530 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST; 1531 break; 1532 case SADB_EXT_SA: 1533 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA; 1534 break; 1535 case SADB_EXT_SPIRANGE: 1536 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE; 1537 break; 1538 case SADB_EXT_KEY_AUTH: 1539 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY; 1540 break; 1541 case SADB_EXT_KEY_ENCRYPT: 1542 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY; 1543 break; 1544 } 1545 return (rc); 1546 } 1547 1548 /* 1549 * Keysock massaging of an inverse ACQUIRE. Consult policy, 1550 * and construct an appropriate response. 1551 */ 1552 static void 1553 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[], 1554 keysock_t *ks) 1555 { 1556 mblk_t *reply_mp; 1557 keysock_stack_t *keystack = ks->keysock_keystack; 1558 1559 /* 1560 * Reality check things... 1561 */ 1562 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) { 1563 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC); 1564 return; 1565 } 1566 if (extv[SADB_EXT_ADDRESS_DST] == NULL) { 1567 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST); 1568 return; 1569 } 1570 1571 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL && 1572 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) { 1573 keysock_error(ks, mp, EINVAL, 1574 SADB_X_DIAGNOSTIC_MISSING_INNER_DST); 1575 return; 1576 } 1577 1578 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL && 1579 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) { 1580 keysock_error(ks, mp, EINVAL, 1581 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC); 1582 return; 1583 } 1584 1585 reply_mp = ipsec_construct_inverse_acquire(samsg, extv, 1586 keystack->keystack_netstack); 1587 1588 if (reply_mp != NULL) { 1589 freemsg(mp); 1590 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr, 1591 ks->keysock_serial, NULL, B_FALSE, keystack); 1592 } else { 1593 keysock_error(ks, mp, samsg->sadb_msg_errno, 1594 samsg->sadb_x_msg_diagnostic); 1595 } 1596 } 1597 1598 /* 1599 * Spew an extended REGISTER down to the relevant consumers. 1600 */ 1601 static void 1602 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1603 { 1604 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG]; 1605 uint8_t *satypes, *fencepost; 1606 mblk_t *downmp; 1607 sadb_ext_t *downextv[SADB_EXT_MAX + 1]; 1608 keysock_stack_t *keystack = ks->keysock_keystack; 1609 1610 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 || 1611 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) { 1612 keysock_error(ks, mp, EBUSY, 0); 1613 } 1614 1615 ks->keysock_flags |= KEYSOCK_EXTENDED; 1616 if (ereg == NULL) { 1617 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1618 } else { 1619 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr); 1620 fencepost = (uint8_t *)mp->b_wptr; 1621 satypes = ereg->sadb_x_ereg_satypes; 1622 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) { 1623 downmp = copymsg(mp); 1624 if (downmp == NULL) { 1625 keysock_error(ks, mp, ENOMEM, 0); 1626 return; 1627 } 1628 /* 1629 * Since we've made it here, keysock_get_ext will work! 1630 */ 1631 (void) keysock_get_ext(downextv, 1632 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp), 1633 keystack); 1634 keysock_passdown(ks, downmp, *satypes, downextv, 1635 B_FALSE); 1636 ++satypes; 1637 } 1638 freemsg(mp); 1639 } 1640 1641 /* 1642 * Set global to indicate we prefer an extended ACQUIRE. 1643 */ 1644 atomic_inc_32(&keystack->keystack_num_extended); 1645 } 1646 1647 static void 1648 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1649 { 1650 int i, start, finish; 1651 mblk_t *mp1 = NULL; 1652 keysock_stack_t *keystack = ks->keysock_keystack; 1653 1654 start = 0; 1655 finish = KEYSOCK_MAX_CONSUMERS - 1; 1656 1657 for (i = start; i <= finish; i++) { 1658 if (keystack->keystack_consumers[i] != NULL) { 1659 mp1 = copymsg(mp); 1660 if (mp1 == NULL) { 1661 keysock_error(ks, mp, ENOMEM, 1662 SADB_X_DIAGNOSTIC_NONE); 1663 return; 1664 } 1665 keysock_passdown(ks, mp1, i, extv, B_FALSE); 1666 } 1667 } 1668 } 1669 1670 /* 1671 * Handle PF_KEY messages. 1672 */ 1673 static void 1674 keysock_parse(queue_t *q, mblk_t *mp) 1675 { 1676 sadb_msg_t *samsg; 1677 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1678 keysock_t *ks = (keysock_t *)q->q_ptr; 1679 uint_t msgsize; 1680 uint8_t satype; 1681 keysock_stack_t *keystack = ks->keysock_keystack; 1682 1683 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */ 1684 ASSERT(WR(q)->q_next == NULL); 1685 1686 samsg = (sadb_msg_t *)mp->b_rptr; 1687 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n", 1688 samsg->sadb_msg_type)); 1689 1690 msgsize = SADB_64TO8(samsg->sadb_msg_len); 1691 1692 if (msgdsize(mp) != msgsize) { 1693 /* 1694 * Message len incorrect w.r.t. actual size. Send an error 1695 * (EMSGSIZE). It may be necessary to massage things a 1696 * bit. For example, if the sadb_msg_type is hosed, 1697 * I need to set it to SADB_RESERVED to get delivery to 1698 * do the right thing. Then again, maybe just letting 1699 * the error delivery do the right thing. 1700 */ 1701 ks2dbg(keystack, 1702 ("mblk (%lu) and base (%d) message sizes don't jibe.\n", 1703 msgdsize(mp), msgsize)); 1704 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE); 1705 return; 1706 } 1707 1708 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) { 1709 /* Get all message into one mblk. */ 1710 if (pullupmsg(mp, -1) == 0) { 1711 /* 1712 * Something screwy happened. 1713 */ 1714 ks3dbg(keystack, 1715 ("keysock_parse: pullupmsg() failed.\n")); 1716 return; 1717 } else { 1718 samsg = (sadb_msg_t *)mp->b_rptr; 1719 } 1720 } 1721 1722 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) { 1723 case KGE_DUP: 1724 /* Handle duplicate extension. */ 1725 ks1dbg(keystack, ("Got duplicate extension of type %d.\n", 1726 extv[0]->sadb_ext_type)); 1727 keysock_error(ks, mp, EINVAL, 1728 keysock_duplicate(extv[0]->sadb_ext_type)); 1729 return; 1730 case KGE_UNK: 1731 /* Handle unknown extension. */ 1732 ks1dbg(keystack, ("Got unknown extension of type %d.\n", 1733 extv[0]->sadb_ext_type)); 1734 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT); 1735 return; 1736 case KGE_LEN: 1737 /* Length error. */ 1738 ks1dbg(keystack, 1739 ("Length %d on extension type %d overrun or 0.\n", 1740 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type)); 1741 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN); 1742 return; 1743 case KGE_CHK: 1744 /* Reality check failed. */ 1745 ks1dbg(keystack, 1746 ("Reality check failed on extension type %d.\n", 1747 extv[0]->sadb_ext_type)); 1748 keysock_error(ks, mp, EINVAL, 1749 keysock_malformed(extv[0]->sadb_ext_type)); 1750 return; 1751 default: 1752 /* Default case is no errors. */ 1753 break; 1754 } 1755 1756 switch (samsg->sadb_msg_type) { 1757 case SADB_REGISTER: 1758 /* 1759 * There's a semantic weirdness in that a message OTHER than 1760 * the return REGISTER message may be passed up if I set the 1761 * registered bit BEFORE I pass it down. 1762 * 1763 * SOOOO, I'll not twiddle any registered bits until I see 1764 * the upbound REGISTER (with a serial number in it). 1765 */ 1766 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1767 /* Handle extended register here. */ 1768 keysock_extended_register(ks, mp, extv); 1769 return; 1770 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) { 1771 keysock_error(ks, mp, EBUSY, 0); 1772 return; 1773 } 1774 /* FALLTHRU */ 1775 case SADB_GETSPI: 1776 case SADB_ADD: 1777 case SADB_UPDATE: 1778 case SADB_X_UPDATEPAIR: 1779 case SADB_DELETE: 1780 case SADB_X_DELPAIR: 1781 case SADB_GET: 1782 /* 1783 * Pass down to appropriate consumer. 1784 */ 1785 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1786 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1787 B_FALSE); 1788 else keysock_error(ks, mp, EINVAL, 1789 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1790 return; 1791 case SADB_X_DELPAIR_STATE: 1792 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1793 keysock_delpair_all(ks, mp, extv); 1794 } else { 1795 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1796 B_FALSE); 1797 } 1798 return; 1799 case SADB_ACQUIRE: 1800 /* 1801 * If I _receive_ an acquire, this means I should spread it 1802 * out to registered sockets. Unless there's an errno... 1803 * 1804 * Need ADDRESS, may have ID, SENS, and PROP, unless errno, 1805 * in which case there should be NO extensions. 1806 * 1807 * Return to registered. 1808 */ 1809 if (samsg->sadb_msg_errno != 0) { 1810 satype = samsg->sadb_msg_satype; 1811 if (satype == SADB_SATYPE_UNSPEC) { 1812 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) { 1813 keysock_error(ks, mp, EINVAL, 1814 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1815 return; 1816 } 1817 /* 1818 * Reassign satype based on the first 1819 * flags that KEYSOCK_SETREG says. 1820 */ 1821 while (satype <= SADB_SATYPE_MAX) { 1822 if (KEYSOCK_ISREG(ks, satype)) 1823 break; 1824 satype++; 1825 } 1826 if (satype > SADB_SATYPE_MAX) { 1827 keysock_error(ks, mp, EBUSY, 0); 1828 return; 1829 } 1830 } 1831 keysock_passdown(ks, mp, satype, extv, B_FALSE); 1832 } else { 1833 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1834 keysock_error(ks, mp, EINVAL, 1835 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1836 } else { 1837 keysock_passup(mp, samsg, 0, NULL, B_FALSE, 1838 keystack); 1839 } 1840 } 1841 return; 1842 case SADB_EXPIRE: 1843 /* 1844 * If someone sends this in, then send out to all senders. 1845 * (Save maybe ESP or AH, I have to be careful here.) 1846 * 1847 * Need ADDRESS, may have ID and SENS. 1848 * 1849 * XXX for now this is unsupported. 1850 */ 1851 break; 1852 case SADB_FLUSH: 1853 /* 1854 * Nuke all SAs. 1855 * 1856 * No extensions at all. Return to all listeners. 1857 * 1858 * Question: Should I hold a lock here to prevent 1859 * additions/deletions while flushing? 1860 * Answer: No. (See keysock_passdown() for details.) 1861 */ 1862 if (extv[0] != NULL) { 1863 /* 1864 * FLUSH messages shouldn't have extensions. 1865 * Return EINVAL. 1866 */ 1867 ks2dbg(keystack, ("FLUSH message with extension.\n")); 1868 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT); 1869 return; 1870 } 1871 1872 /* Passing down of DUMP/FLUSH messages are special. */ 1873 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1874 return; 1875 case SADB_DUMP: /* not used by normal applications */ 1876 if ((extv[0] != NULL) && 1877 ((msgsize > 1878 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) || 1879 (extv[SADB_X_EXT_EDUMP] == NULL))) { 1880 keysock_error(ks, mp, EINVAL, 1881 SADB_X_DIAGNOSTIC_NO_EXT); 1882 return; 1883 } 1884 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1885 return; 1886 case SADB_X_PROMISC: 1887 /* 1888 * Promiscuous processing message. 1889 */ 1890 if (samsg->sadb_msg_satype == 0) 1891 ks->keysock_flags &= ~KEYSOCK_PROMISC; 1892 else 1893 ks->keysock_flags |= KEYSOCK_PROMISC; 1894 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, 1895 keystack); 1896 return; 1897 case SADB_X_INVERSE_ACQUIRE: 1898 keysock_inverse_acquire(mp, samsg, extv, ks); 1899 return; 1900 default: 1901 ks2dbg(keystack, ("Got unknown message type %d.\n", 1902 samsg->sadb_msg_type)); 1903 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG); 1904 return; 1905 } 1906 1907 /* As a placeholder... */ 1908 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n")); 1909 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE); 1910 } 1911 1912 /* 1913 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket, 1914 * I don't convert to ioctl()'s for IP. I am the end-all driver as far 1915 * as PF_KEY sockets are concerned. I do some conversion, but not as much 1916 * as IP/rts does. 1917 */ 1918 static void 1919 keysock_wput(queue_t *q, mblk_t *mp) 1920 { 1921 uchar_t *rptr = mp->b_rptr; 1922 mblk_t *mp1; 1923 keysock_t *ks; 1924 keysock_stack_t *keystack; 1925 1926 if (WR(q)->q_next) { 1927 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 1928 keystack = kc->kc_keystack; 1929 1930 ks3dbg(keystack, ("In keysock_wput\n")); 1931 1932 /* 1933 * We shouldn't get writes on a consumer instance. 1934 * But for now, just passthru. 1935 */ 1936 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n", 1937 kc->kc_sa_type)); 1938 putnext(q, mp); 1939 return; 1940 } 1941 ks = (keysock_t *)q->q_ptr; 1942 keystack = ks->keysock_keystack; 1943 1944 ks3dbg(keystack, ("In keysock_wput\n")); 1945 1946 switch (mp->b_datap->db_type) { 1947 case M_DATA: 1948 /* 1949 * Silently discard. 1950 */ 1951 ks2dbg(keystack, ("raw M_DATA in keysock.\n")); 1952 freemsg(mp); 1953 return; 1954 case M_PROTO: 1955 case M_PCPROTO: 1956 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) { 1957 if (((union T_primitives *)rptr)->type == T_DATA_REQ) { 1958 if ((mp1 = mp->b_cont) == NULL) { 1959 /* No data after T_DATA_REQ. */ 1960 ks2dbg(keystack, 1961 ("No data after DATA_REQ.\n")); 1962 freemsg(mp); 1963 return; 1964 } 1965 freeb(mp); 1966 mp = mp1; 1967 ks2dbg(keystack, ("T_DATA_REQ\n")); 1968 break; /* Out of switch. */ 1969 } 1970 } 1971 /* FALLTHRU */ 1972 default: 1973 ks3dbg(keystack, ("In default wput case (%d %d).\n", 1974 mp->b_datap->db_type, ((union T_primitives *)rptr)->type)); 1975 keysock_wput_other(q, mp); 1976 return; 1977 } 1978 1979 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */ 1980 keysock_parse(q, mp); 1981 } 1982 1983 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */ 1984 1985 /* 1986 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate 1987 * state vectors. 1988 */ 1989 static void 1990 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc) 1991 { 1992 keysock_t *ks; 1993 keysock_stack_t *keystack = kc->kc_keystack; 1994 1995 mutex_enter(&keystack->keystack_consumers_lock); 1996 mutex_enter(&kc->kc_lock); 1997 if (keystack->keystack_consumers[satype] != NULL) { 1998 ks0dbg(( 1999 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n", 2000 satype)); 2001 /* 2002 * Perhaps updating the new below-me consumer with what I have 2003 * so far would work too? 2004 */ 2005 mutex_exit(&kc->kc_lock); 2006 mutex_exit(&keystack->keystack_consumers_lock); 2007 } else { 2008 /* Add new below-me consumer. */ 2009 keystack->keystack_consumers[satype] = kc; 2010 2011 kc->kc_flags = 0; 2012 kc->kc_sa_type = satype; 2013 mutex_exit(&kc->kc_lock); 2014 mutex_exit(&keystack->keystack_consumers_lock); 2015 2016 /* Scan the keysock list. */ 2017 mutex_enter(&keystack->keystack_list_lock); 2018 for (ks = keystack->keystack_list; ks != NULL; 2019 ks = ks->keysock_next) { 2020 if (KEYSOCK_ISREG(ks, satype)) { 2021 /* 2022 * XXX Perhaps send an SADB_REGISTER down on 2023 * the socket's behalf. 2024 */ 2025 ks1dbg(keystack, 2026 ("Socket %u registered already for " 2027 "new consumer.\n", ks->keysock_serial)); 2028 } 2029 } 2030 mutex_exit(&keystack->keystack_list_lock); 2031 } 2032 } 2033 2034 /* 2035 * Generate a KEYSOCK_OUT_ERR message for my consumer. 2036 */ 2037 static void 2038 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp) 2039 { 2040 keysock_out_err_t *kse; 2041 mblk_t *imp; 2042 keysock_stack_t *keystack = kc->kc_keystack; 2043 2044 imp = allocb(sizeof (ipsec_info_t), BPRI_HI); 2045 if (imp == NULL) { 2046 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n")); 2047 return; 2048 } 2049 2050 imp->b_datap->db_type = M_CTL; 2051 imp->b_wptr += sizeof (ipsec_info_t); 2052 2053 kse = (keysock_out_err_t *)imp->b_rptr; 2054 imp->b_cont = mp; 2055 kse->ks_err_type = KEYSOCK_OUT_ERR; 2056 kse->ks_err_len = sizeof (*kse); 2057 /* Is serial necessary? */ 2058 kse->ks_err_serial = 0; 2059 kse->ks_err_errno = ks_errno; 2060 2061 /* 2062 * XXX What else do I need to do here w.r.t. information 2063 * to tell the consumer what caused this error? 2064 * 2065 * I believe the answer is the PF_KEY ACQUIRE (or other) message 2066 * attached in mp, which is appended at the end. I believe the 2067 * db_ref won't matter here, because the PF_KEY message is only read 2068 * for KEYSOCK_OUT_ERR. 2069 */ 2070 2071 putnext(kc->kc_wq, imp); 2072 } 2073 2074 /* XXX this is a hack errno. */ 2075 #define EIPSECNOSA 255 2076 2077 /* 2078 * Route message (pointed by mp, header in samsg) toward appropriate 2079 * sockets. Assume the message's creator did its job correctly. 2080 * 2081 * This should be a function that is followed by a return in its caller. 2082 * The compiler _should_ be able to use tail-call optimizations to make the 2083 * large ## of parameters not a huge deal. 2084 */ 2085 static void 2086 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial, 2087 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack) 2088 { 2089 keysock_t *ks; 2090 uint8_t satype = samsg->sadb_msg_satype; 2091 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE, 2092 setalg = B_FALSE; 2093 mblk_t *mp1; 2094 int err = EIPSECNOSA; 2095 2096 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */ 2097 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI); 2098 if (mp1 == NULL) { 2099 err = ENOMEM; 2100 goto error; 2101 } 2102 mp1->b_wptr += sizeof (struct T_data_req); 2103 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND; 2104 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0; 2105 mp1->b_datap->db_type = M_PROTO; 2106 mp1->b_cont = mp; 2107 mp = mp1; 2108 2109 switch (samsg->sadb_msg_type) { 2110 case SADB_FLUSH: 2111 case SADB_GETSPI: 2112 case SADB_UPDATE: 2113 case SADB_X_UPDATEPAIR: 2114 case SADB_ADD: 2115 case SADB_DELETE: 2116 case SADB_X_DELPAIR: 2117 case SADB_EXPIRE: 2118 /* 2119 * These are most likely replies. Don't worry about 2120 * KEYSOCK_OUT_ERR handling. Deliver to all sockets. 2121 */ 2122 ks3dbg(keystack, 2123 ("Delivering normal message (%d) to all sockets.\n", 2124 samsg->sadb_msg_type)); 2125 toall = B_TRUE; 2126 break; 2127 case SADB_REGISTER: 2128 /* 2129 * REGISTERs come up for one of three reasons: 2130 * 2131 * 1.) In response to a normal SADB_REGISTER 2132 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2133 * serial != 0) 2134 * Deliver to normal SADB_REGISTERed sockets. 2135 * 2.) In response to an extended REGISTER 2136 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 2137 * Deliver to extended REGISTERed socket. 2138 * 3.) Spontaneous algorithm changes 2139 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2140 * serial == 0) 2141 * Deliver to REGISTERed sockets of all sorts. 2142 */ 2143 if (kc == NULL) { 2144 /* Here because of keysock_error() call. */ 2145 ASSERT(samsg->sadb_msg_errno != 0); 2146 break; /* Out of switch. */ 2147 } 2148 ks3dbg(keystack, ("Delivering REGISTER.\n")); 2149 if (satype == SADB_SATYPE_UNSPEC) { 2150 /* REGISTER Reason #2 */ 2151 allereg = B_TRUE; 2152 /* 2153 * Rewhack SA type so PF_KEY socket holder knows what 2154 * consumer generated this algorithm list. 2155 */ 2156 satype = kc->kc_sa_type; 2157 samsg->sadb_msg_satype = satype; 2158 setalg = B_TRUE; 2159 } else if (serial == 0) { 2160 /* REGISTER Reason #3 */ 2161 allreg = B_TRUE; 2162 allereg = B_TRUE; 2163 } else { 2164 /* REGISTER Reason #1 */ 2165 allreg = B_TRUE; 2166 setalg = B_TRUE; 2167 } 2168 break; 2169 case SADB_ACQUIRE: 2170 /* 2171 * ACQUIREs are either extended (sadb_msg_satype == 0) or 2172 * regular (sadb_msg_satype != 0). And we're guaranteed 2173 * that serial == 0 for an ACQUIRE. 2174 */ 2175 ks3dbg(keystack, ("Delivering ACQUIRE.\n")); 2176 allereg = (satype == SADB_SATYPE_UNSPEC); 2177 allreg = !allereg; 2178 /* 2179 * Corner case - if we send a regular ACQUIRE and there's 2180 * extended ones registered, don't send an error down to 2181 * consumers if nobody's listening and prematurely destroy 2182 * their ACQUIRE record. This might be too hackish of a 2183 * solution. 2184 */ 2185 if (allreg && keystack->keystack_num_extended > 0) 2186 err = 0; 2187 break; 2188 case SADB_X_PROMISC: 2189 case SADB_X_INVERSE_ACQUIRE: 2190 case SADB_DUMP: 2191 case SADB_GET: 2192 default: 2193 /* 2194 * Deliver to the sender and promiscuous only. 2195 */ 2196 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n", 2197 samsg->sadb_msg_type)); 2198 break; 2199 } 2200 2201 mutex_enter(&keystack->keystack_list_lock); 2202 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) { 2203 /* Delivery loop. */ 2204 2205 /* 2206 * Check special keysock-setting cases (REGISTER replies) 2207 * here. 2208 */ 2209 if (setalg && serial == ks->keysock_serial) { 2210 ASSERT(kc != NULL); 2211 ASSERT(kc->kc_sa_type == satype); 2212 KEYSOCK_SETREG(ks, satype); 2213 } 2214 2215 /* 2216 * NOLOOP takes precedence over PROMISC. So if you've set 2217 * !SO_USELOOPBACK, don't expect to see any data... 2218 */ 2219 if (ks->keysock_flags & KEYSOCK_NOLOOP) 2220 continue; 2221 2222 /* 2223 * Messages to all, or promiscuous sockets just GET the 2224 * message. Perform rules-type checking iff it's not for all 2225 * listeners or the socket is in promiscuous mode. 2226 * 2227 * NOTE:Because of the (kc != NULL && ISREG()), make sure 2228 * extended ACQUIREs arrive off a consumer that is 2229 * part of the extended REGISTER set of consumers. 2230 */ 2231 if (serial != ks->keysock_serial && 2232 !toall && 2233 !(ks->keysock_flags & KEYSOCK_PROMISC) && 2234 !((ks->keysock_flags & KEYSOCK_EXTENDED) ? 2235 allereg : allreg && kc != NULL && 2236 KEYSOCK_ISREG(ks, kc->kc_sa_type))) 2237 continue; 2238 2239 mp1 = dupmsg(mp); 2240 if (mp1 == NULL) { 2241 ks2dbg(keystack, ( 2242 "keysock_passup(): dupmsg() failed.\n")); 2243 mp1 = mp; 2244 mp = NULL; 2245 err = ENOMEM; 2246 } 2247 2248 /* 2249 * At this point, we can deliver or attempt to deliver 2250 * this message. We're free of obligation to report 2251 * no listening PF_KEY sockets. So set err to 0. 2252 */ 2253 err = 0; 2254 2255 /* 2256 * See if we canputnext(), as well as see if the message 2257 * needs to be queued if we can't. 2258 */ 2259 if (!canputnext(ks->keysock_rq)) { 2260 if (persistent) { 2261 if (putq(ks->keysock_rq, mp1) == 0) { 2262 ks1dbg(keystack, ( 2263 "keysock_passup: putq failed.\n")); 2264 } else { 2265 continue; 2266 } 2267 } 2268 freemsg(mp1); 2269 continue; 2270 } 2271 2272 ks3dbg(keystack, 2273 ("Putting to serial %d.\n", ks->keysock_serial)); 2274 /* 2275 * Unlike the specific keysock instance case, this 2276 * will only hit for listeners, so we will only 2277 * putnext() if we can. 2278 */ 2279 putnext(ks->keysock_rq, mp1); 2280 if (mp == NULL) 2281 break; /* out of for loop. */ 2282 } 2283 mutex_exit(&keystack->keystack_list_lock); 2284 2285 error: 2286 if ((err != 0) && (kc != NULL)) { 2287 /* 2288 * Generate KEYSOCK_OUT_ERR for consumer. 2289 * Basically, I send this back if I have not been able to 2290 * transmit (for whatever reason) 2291 */ 2292 ks1dbg(keystack, 2293 ("keysock_passup(): No registered of type %d.\n", 2294 satype)); 2295 if (mp != NULL) { 2296 if (mp->b_datap->db_type == M_PROTO) { 2297 mp1 = mp; 2298 mp = mp->b_cont; 2299 freeb(mp1); 2300 } 2301 /* 2302 * Do a copymsg() because people who get 2303 * KEYSOCK_OUT_ERR may alter the message contents. 2304 */ 2305 mp1 = copymsg(mp); 2306 if (mp1 == NULL) { 2307 ks2dbg(keystack, 2308 ("keysock_passup: copymsg() failed.\n")); 2309 mp1 = mp; 2310 mp = NULL; 2311 } 2312 keysock_out_err(kc, err, mp1); 2313 } 2314 } 2315 2316 /* 2317 * XXX Blank the message somehow. This is difficult because we don't 2318 * know at this point if the message has db_ref > 1, etc. 2319 * 2320 * Optimally, keysock messages containing actual keying material would 2321 * be allocated with esballoc(), with a zeroing free function. 2322 */ 2323 if (mp != NULL) 2324 freemsg(mp); 2325 } 2326 2327 /* 2328 * Keysock's read service procedure is there only for PF_KEY reply 2329 * messages that really need to reach the top. 2330 */ 2331 static void 2332 keysock_rsrv(queue_t *q) 2333 { 2334 mblk_t *mp; 2335 2336 while ((mp = getq(q)) != NULL) { 2337 if (canputnext(q)) { 2338 putnext(q, mp); 2339 } else { 2340 (void) putbq(q, mp); 2341 return; 2342 } 2343 } 2344 } 2345 2346 /* 2347 * The read procedure should only be invoked by a keysock consumer, like 2348 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK 2349 * messages on my read queues. 2350 */ 2351 static void 2352 keysock_rput(queue_t *q, mblk_t *mp) 2353 { 2354 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 2355 ipsec_info_t *ii; 2356 keysock_hello_ack_t *ksa; 2357 minor_t serial; 2358 mblk_t *mp1; 2359 sadb_msg_t *samsg; 2360 keysock_stack_t *keystack = kc->kc_keystack; 2361 2362 /* Make sure I'm a consumer instance. (i.e. something's below me) */ 2363 ASSERT(WR(q)->q_next != NULL); 2364 2365 if (mp->b_datap->db_type != M_CTL) { 2366 /* 2367 * Keysock should only see keysock consumer interface 2368 * messages (see ipsec_info.h) on its read procedure. 2369 * To be robust, however, putnext() up so the STREAM head can 2370 * deal with it appropriately. 2371 */ 2372 ks1dbg(keystack, 2373 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n", 2374 mp->b_datap->db_type, mp->b_datap->db_type)); 2375 putnext(q, mp); 2376 return; 2377 } 2378 2379 ii = (ipsec_info_t *)mp->b_rptr; 2380 2381 switch (ii->ipsec_info_type) { 2382 case KEYSOCK_OUT: 2383 /* 2384 * A consumer needs to pass a response message or an ACQUIRE 2385 * UP. I assume that the consumer has done the right 2386 * thing w.r.t. message creation, etc. 2387 */ 2388 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial; 2389 mp1 = mp->b_cont; /* Get M_DATA portion. */ 2390 freeb(mp); 2391 samsg = (sadb_msg_t *)mp1->b_rptr; 2392 if (samsg->sadb_msg_type == SADB_FLUSH || 2393 (samsg->sadb_msg_type == SADB_DUMP && 2394 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) { 2395 /* 2396 * If I'm an end-of-FLUSH or an end-of-DUMP marker... 2397 */ 2398 ASSERT(keystack->keystack_flushdump != 0); 2399 /* Am I flushing? */ 2400 2401 mutex_enter(&kc->kc_lock); 2402 kc->kc_flags &= ~KC_FLUSHING; 2403 mutex_exit(&kc->kc_lock); 2404 2405 if (samsg->sadb_msg_errno != 0) 2406 keystack->keystack_flushdump_errno = 2407 samsg->sadb_msg_errno; 2408 2409 /* 2410 * Lower the atomic "flushing" count. If it's 2411 * the last one, send up the end-of-{FLUSH,DUMP} to 2412 * the appropriate PF_KEY socket. 2413 */ 2414 if (atomic_dec_32_nv(&keystack->keystack_flushdump) != 2415 0) { 2416 ks1dbg(keystack, 2417 ("One flush/dump message back from %d," 2418 " more to go.\n", samsg->sadb_msg_satype)); 2419 freemsg(mp1); 2420 return; 2421 } 2422 2423 samsg->sadb_msg_errno = 2424 (uint8_t)keystack->keystack_flushdump_errno; 2425 if (samsg->sadb_msg_type == SADB_DUMP) { 2426 samsg->sadb_msg_seq = 0; 2427 } 2428 } 2429 keysock_passup(mp1, samsg, serial, kc, 2430 (samsg->sadb_msg_type == SADB_DUMP), keystack); 2431 return; 2432 case KEYSOCK_HELLO_ACK: 2433 /* Aha, now we can link in the consumer! */ 2434 ksa = (keysock_hello_ack_t *)ii; 2435 keysock_link_consumer(ksa->ks_hello_satype, kc); 2436 freemsg(mp); 2437 return; 2438 default: 2439 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n", 2440 ii->ipsec_info_type)); 2441 putnext(q, mp); 2442 } 2443 } 2444 2445 /* 2446 * So we can avoid external linking problems.... 2447 */ 2448 boolean_t 2449 keysock_extended_reg(netstack_t *ns) 2450 { 2451 keysock_stack_t *keystack = ns->netstack_keysock; 2452 2453 return (keystack->keystack_num_extended != 0); 2454 } 2455 2456 uint32_t 2457 keysock_next_seq(netstack_t *ns) 2458 { 2459 keysock_stack_t *keystack = ns->netstack_keysock; 2460 2461 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq)); 2462 } 2463