xref: /illumos-gate/usr/src/uts/common/inet/keysock.h (revision 0250c53ad267726f2438e3c6556199a0bbf588a2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Copyright 2024 Oxide Computer Company
26  */
27 
28 #ifndef	_INET_KEYSOCK_H
29 #define	_INET_KEYSOCK_H
30 
31 #include <inet/optcom.h>
32 #include <net/pfkeyv2.h>
33 
34 #ifdef	__cplusplus
35 extern "C" {
36 #endif
37 
38 /*
39  * Object to represent database of options to search passed to
40  * {sock,tpi}optcom_req() interface routine to take care of option
41  * management and associated methods.
42  */
43 
44 extern optdb_obj_t	keysock_opt_obj;
45 extern uint_t		keysock_max_optsize;
46 
47 /*
48  * KEYSOCK stack instances
49  */
50 struct keysock_stack {
51 	netstack_t		*keystack_netstack;	/* Common netstack */
52 	/*
53 	 * keysock_plumbed: zero if plumb not attempted, positive if it
54 	 * succeeded,  negative if it failed.
55 	 */
56 	int			keystack_plumbed;
57 	caddr_t			keystack_g_nd;
58 	struct keysockparam_s	*keystack_params;
59 
60 	kmutex_t		keystack_param_lock;
61 				/* Protects the NDD variables. */
62 
63 	/* List of open PF_KEY sockets, protected by keysock_list_lock. */
64 	kmutex_t		keystack_list_lock;
65 	struct keysock_s	*keystack_list;
66 
67 	/*
68 	 * Consumers table. If an entry is NULL, keysock maintains
69 	 * the table.
70 	 */
71 	kmutex_t		keystack_consumers_lock;
72 
73 #define	KEYSOCK_MAX_CONSUMERS 256
74 	struct keysock_consumer_s *keystack_consumers[KEYSOCK_MAX_CONSUMERS];
75 
76 	/*
77 	 * State for flush/dump.  This would normally be a boolean_t, but
78 	 * atomic_cas_32() works best for a known 32-bit quantity.
79 	 */
80 	uint32_t		keystack_flushdump;
81 	int			keystack_flushdump_errno;
82 
83 	/*
84 	 * This integer counts the number of extended REGISTERed sockets.  This
85 	 * determines if we should send extended REGISTERs.
86 	 */
87 	uint32_t		keystack_num_extended;
88 
89 	/*
90 	 * Global sequence space for SADB_ACQUIRE messages of any sort.
91 	 */
92 	uint32_t		keystack_acquire_seq;
93 };
94 typedef struct keysock_stack keysock_stack_t;
95 
96 /*
97  * keysock session state (one per open PF_KEY socket (i.e. as a driver))
98  *
99  * I keep these in a linked list, and assign a monotonically increasing
100  * serial ## (which is also the minor number).
101  */
102 
103 typedef struct keysock_s {
104 	/* Protected by keysock_list_lock. */
105 	struct keysock_s *keysock_next; /* Next in list */
106 	struct keysock_s **keysock_ptpn; /* Pointer to previous next */
107 
108 	kmutex_t keysock_lock; /* Protects the following. */
109 	queue_t *keysock_rq;   /* Read queue - putnext() to userland */
110 	queue_t *keysock_wq;   /* Write queue */
111 
112 	uint_t keysock_state;
113 	uint_t keysock_flags;
114 	/* If SADB_SATYPE_MAX (in net/pfkeyv2.h) > 255, rewhack this. */
115 	uint64_t keysock_registered[4]; /* Registered types for this socket. */
116 
117 	/* Also protected by keysock_list_lock. */
118 	minor_t keysock_serial; /* Serial number of this socket. */
119 	keysock_stack_t		*keysock_keystack;
120 } keysock_t;
121 
122 #define	KEYSOCK_NOLOOP	0x1	/* Don't loopback messages (no replies). */
123 #define	KEYSOCK_PROMISC	0x2	/* Give me all outbound messages. */
124 				/* DANGER:	Setting this requires EXTRA */
125 				/*		privilege on an MLS box. */
126 #define	KEYSOCK_EXTENDED 0x4	/* Extended REGISTER received. */
127 
128 /* My apologies for the ugliness of this macro.  And using constants. */
129 #define	KEYSOCK_ISREG(ks, satype) (((ks)->keysock_registered[(satype) >> 3]) & \
130 	(1 << ((satype) & 63)))
131 #define	KEYSOCK_SETREG(ks, satype) (ks)->keysock_registered[(satype) >> 3] |= \
132 	(1 << ((satype) & 63))
133 
134 /*
135  * Keysock consumers (i.e. AH, ESP), in array based on sadb_msg_satype.
136  * For module instances.
137  */
138 
139 typedef struct keysock_consumer_s {
140 	kmutex_t kc_lock;	/* Protects instance. */
141 
142 	queue_t *kc_rq;		/* Read queue, requests from AH, ESP. */
143 	queue_t *kc_wq;		/* Write queue, putnext down */
144 
145 	/* Other goodies as a need them. */
146 	uint8_t			kc_sa_type;	/* What sort of SA am I? */
147 	uint_t			kc_flags;
148 	keysock_stack_t		*kc_keystack;
149 } keysock_consumer_t;
150 
151 /* Can only set flags when keysock_consumer_lock is held. */
152 #define	KC_INTERNAL 0x1		/* Consumer maintained by keysock itself. */
153 #define	KC_FLUSHING 0x2		/* SADB_FLUSH pending on this consumer. */
154 
155 extern int keysock_plumb_ipsec(netstack_t *);
156 extern int keysock_opt_get(queue_t *, int, int, uchar_t *);
157 extern int keysock_opt_set(queue_t *, uint_t, int, int, uint_t,
158     uchar_t *, uint_t *, uchar_t *, void *, cred_t *cr);
159 extern void keysock_error(keysock_t *, mblk_t *, int, int);
160 extern void keysock_passup(mblk_t *, sadb_msg_t *, minor_t,
161     keysock_consumer_t *, boolean_t, keysock_stack_t *);
162 
163 #ifdef	__cplusplus
164 }
165 #endif
166 
167 #endif /* _INET_KEYSOCK_H */
168