1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * Copyright 2024 Oxide Computer Company 26 */ 27 28 #ifndef _INET_KEYSOCK_H 29 #define _INET_KEYSOCK_H 30 31 #include <inet/optcom.h> 32 #include <net/pfkeyv2.h> 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 /* 39 * Object to represent database of options to search passed to 40 * {sock,tpi}optcom_req() interface routine to take care of option 41 * management and associated methods. 42 */ 43 44 extern optdb_obj_t keysock_opt_obj; 45 extern uint_t keysock_max_optsize; 46 47 /* 48 * KEYSOCK stack instances 49 */ 50 struct keysock_stack { 51 netstack_t *keystack_netstack; /* Common netstack */ 52 /* 53 * keysock_plumbed: zero if plumb not attempted, positive if it 54 * succeeded, negative if it failed. 55 */ 56 int keystack_plumbed; 57 caddr_t keystack_g_nd; 58 struct keysockparam_s *keystack_params; 59 60 kmutex_t keystack_param_lock; 61 /* Protects the NDD variables. */ 62 63 /* List of open PF_KEY sockets, protected by keysock_list_lock. */ 64 kmutex_t keystack_list_lock; 65 struct keysock_s *keystack_list; 66 67 /* 68 * Consumers table. If an entry is NULL, keysock maintains 69 * the table. 70 */ 71 kmutex_t keystack_consumers_lock; 72 73 #define KEYSOCK_MAX_CONSUMERS 256 74 struct keysock_consumer_s *keystack_consumers[KEYSOCK_MAX_CONSUMERS]; 75 76 /* 77 * State for flush/dump. This would normally be a boolean_t, but 78 * atomic_cas_32() works best for a known 32-bit quantity. 79 */ 80 uint32_t keystack_flushdump; 81 int keystack_flushdump_errno; 82 83 /* 84 * This integer counts the number of extended REGISTERed sockets. This 85 * determines if we should send extended REGISTERs. 86 */ 87 uint32_t keystack_num_extended; 88 89 /* 90 * Global sequence space for SADB_ACQUIRE messages of any sort. 91 */ 92 uint32_t keystack_acquire_seq; 93 }; 94 typedef struct keysock_stack keysock_stack_t; 95 96 /* 97 * keysock session state (one per open PF_KEY socket (i.e. as a driver)) 98 * 99 * I keep these in a linked list, and assign a monotonically increasing 100 * serial ## (which is also the minor number). 101 */ 102 103 typedef struct keysock_s { 104 /* Protected by keysock_list_lock. */ 105 struct keysock_s *keysock_next; /* Next in list */ 106 struct keysock_s **keysock_ptpn; /* Pointer to previous next */ 107 108 kmutex_t keysock_lock; /* Protects the following. */ 109 queue_t *keysock_rq; /* Read queue - putnext() to userland */ 110 queue_t *keysock_wq; /* Write queue */ 111 112 uint_t keysock_state; 113 uint_t keysock_flags; 114 /* If SADB_SATYPE_MAX (in net/pfkeyv2.h) > 255, rewhack this. */ 115 uint64_t keysock_registered[4]; /* Registered types for this socket. */ 116 117 /* Also protected by keysock_list_lock. */ 118 minor_t keysock_serial; /* Serial number of this socket. */ 119 keysock_stack_t *keysock_keystack; 120 } keysock_t; 121 122 #define KEYSOCK_NOLOOP 0x1 /* Don't loopback messages (no replies). */ 123 #define KEYSOCK_PROMISC 0x2 /* Give me all outbound messages. */ 124 /* DANGER: Setting this requires EXTRA */ 125 /* privilege on an MLS box. */ 126 #define KEYSOCK_EXTENDED 0x4 /* Extended REGISTER received. */ 127 128 /* My apologies for the ugliness of this macro. And using constants. */ 129 #define KEYSOCK_ISREG(ks, satype) (((ks)->keysock_registered[(satype) >> 3]) & \ 130 (1 << ((satype) & 63))) 131 #define KEYSOCK_SETREG(ks, satype) (ks)->keysock_registered[(satype) >> 3] |= \ 132 (1 << ((satype) & 63)) 133 134 /* 135 * Keysock consumers (i.e. AH, ESP), in array based on sadb_msg_satype. 136 * For module instances. 137 */ 138 139 typedef struct keysock_consumer_s { 140 kmutex_t kc_lock; /* Protects instance. */ 141 142 queue_t *kc_rq; /* Read queue, requests from AH, ESP. */ 143 queue_t *kc_wq; /* Write queue, putnext down */ 144 145 /* Other goodies as a need them. */ 146 uint8_t kc_sa_type; /* What sort of SA am I? */ 147 uint_t kc_flags; 148 keysock_stack_t *kc_keystack; 149 } keysock_consumer_t; 150 151 /* Can only set flags when keysock_consumer_lock is held. */ 152 #define KC_INTERNAL 0x1 /* Consumer maintained by keysock itself. */ 153 #define KC_FLUSHING 0x2 /* SADB_FLUSH pending on this consumer. */ 154 155 extern int keysock_plumb_ipsec(netstack_t *); 156 extern int keysock_opt_get(queue_t *, int, int, uchar_t *); 157 extern int keysock_opt_set(queue_t *, uint_t, int, int, uint_t, 158 uchar_t *, uint_t *, uchar_t *, void *, cred_t *cr); 159 extern void keysock_error(keysock_t *, mblk_t *, int, int); 160 extern void keysock_passup(mblk_t *, sadb_msg_t *, minor_t, 161 keysock_consumer_t *, boolean_t, keysock_stack_t *); 162 163 #ifdef __cplusplus 164 } 165 #endif 166 167 #endif /* _INET_KEYSOCK_H */ 168