xref: /titanic_41/usr/src/uts/common/inet/ip/ipsecesp.c (revision 5e992ba3a9b8749890ab15d3ca96a0b1a79641ac)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/types.h>
27 #include <sys/stream.h>
28 #include <sys/stropts.h>
29 #include <sys/errno.h>
30 #include <sys/strlog.h>
31 #include <sys/tihdr.h>
32 #include <sys/socket.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/kmem.h>
36 #include <sys/zone.h>
37 #include <sys/sysmacros.h>
38 #include <sys/cmn_err.h>
39 #include <sys/vtrace.h>
40 #include <sys/debug.h>
41 #include <sys/atomic.h>
42 #include <sys/strsun.h>
43 #include <sys/random.h>
44 #include <netinet/in.h>
45 #include <net/if.h>
46 #include <netinet/ip6.h>
47 #include <net/pfkeyv2.h>
48 
49 #include <inet/common.h>
50 #include <inet/mi.h>
51 #include <inet/nd.h>
52 #include <inet/ip.h>
53 #include <inet/ip_impl.h>
54 #include <inet/ip6.h>
55 #include <inet/sadb.h>
56 #include <inet/ipsec_info.h>
57 #include <inet/ipsec_impl.h>
58 #include <inet/ipsecesp.h>
59 #include <inet/ipdrop.h>
60 #include <inet/tcp.h>
61 #include <sys/kstat.h>
62 #include <sys/policy.h>
63 #include <sys/strsun.h>
64 #include <inet/udp_impl.h>
65 #include <sys/taskq.h>
66 #include <sys/note.h>
67 
68 #include <sys/iphada.h>
69 
70 /*
71  * Table of ND variables supported by ipsecesp. These are loaded into
72  * ipsecesp_g_nd in ipsecesp_init_nd.
73  * All of these are alterable, within the min/max values given, at run time.
74  */
75 static	ipsecespparam_t	lcl_param_arr[] = {
76 	/* min	max			value	name */
77 	{ 0,	3,			0,	"ipsecesp_debug"},
78 	{ 125,	32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"},
79 	{ 1,	10,			1,	"ipsecesp_reap_delay"},
80 	{ 1,	SADB_MAX_REPLAY,	64,	"ipsecesp_replay_size"},
81 	{ 1,	300,			15,	"ipsecesp_acquire_timeout"},
82 	{ 1,	1800,			90,	"ipsecesp_larval_timeout"},
83 	/* Default lifetime values for ACQUIRE messages. */
84 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_soft_bytes"},
85 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_hard_bytes"},
86 	{ 0,	0xffffffffU,	24000,	"ipsecesp_default_soft_addtime"},
87 	{ 0,	0xffffffffU,	28800,	"ipsecesp_default_hard_addtime"},
88 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_soft_usetime"},
89 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_hard_usetime"},
90 	{ 0,	1,		0,	"ipsecesp_log_unknown_spi"},
91 	{ 0,	2,		1,	"ipsecesp_padding_check"},
92 	{ 0,	600,		20,	"ipsecesp_nat_keepalive_interval"},
93 };
94 #define	ipsecesp_debug	ipsecesp_params[0].ipsecesp_param_value
95 #define	ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value
96 #define	ipsecesp_age_int_max	ipsecesp_params[1].ipsecesp_param_max
97 #define	ipsecesp_reap_delay	ipsecesp_params[2].ipsecesp_param_value
98 #define	ipsecesp_replay_size	ipsecesp_params[3].ipsecesp_param_value
99 #define	ipsecesp_acquire_timeout	\
100 	ipsecesp_params[4].ipsecesp_param_value
101 #define	ipsecesp_larval_timeout	\
102 	ipsecesp_params[5].ipsecesp_param_value
103 #define	ipsecesp_default_soft_bytes	\
104 	ipsecesp_params[6].ipsecesp_param_value
105 #define	ipsecesp_default_hard_bytes	\
106 	ipsecesp_params[7].ipsecesp_param_value
107 #define	ipsecesp_default_soft_addtime	\
108 	ipsecesp_params[8].ipsecesp_param_value
109 #define	ipsecesp_default_hard_addtime	\
110 	ipsecesp_params[9].ipsecesp_param_value
111 #define	ipsecesp_default_soft_usetime	\
112 	ipsecesp_params[10].ipsecesp_param_value
113 #define	ipsecesp_default_hard_usetime	\
114 	ipsecesp_params[11].ipsecesp_param_value
115 #define	ipsecesp_log_unknown_spi	\
116 	ipsecesp_params[12].ipsecesp_param_value
117 #define	ipsecesp_padding_check	\
118 	ipsecesp_params[13].ipsecesp_param_value
119 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */
120 
121 #define	esp0dbg(a)	printf a
122 /* NOTE:  != 0 instead of > 0 so lint doesn't complain. */
123 #define	esp1dbg(espstack, a)	if (espstack->ipsecesp_debug != 0) printf a
124 #define	esp2dbg(espstack, a)	if (espstack->ipsecesp_debug > 1) printf a
125 #define	esp3dbg(espstack, a)	if (espstack->ipsecesp_debug > 2) printf a
126 
127 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *);
128 static int ipsecesp_close(queue_t *);
129 static void ipsecesp_rput(queue_t *, mblk_t *);
130 static void ipsecesp_wput(queue_t *, mblk_t *);
131 static void	*ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns);
132 static void	ipsecesp_stack_fini(netstackid_t stackid, void *arg);
133 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *);
134 
135 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *);
136 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t);
137 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *,
138     boolean_t, ipsa_t *);
139 
140 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t,
141     ipsecesp_stack_t *);
142 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t,
143     kstat_named_t **, ipsecesp_stack_t *);
144 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t);
145 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *,
146     uint_t);
147 extern void (*cl_inet_getspi)(uint8_t, uint8_t *, size_t);
148 
149 /* Setable in /etc/system */
150 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE;
151 
152 static struct module_info info = {
153 	5137, "ipsecesp", 0, INFPSZ, 65536, 1024
154 };
155 
156 static struct qinit rinit = {
157 	(pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
158 	NULL
159 };
160 
161 static struct qinit winit = {
162 	(pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
163 	NULL
164 };
165 
166 struct streamtab ipsecespinfo = {
167 	&rinit, &winit, NULL, NULL
168 };
169 
170 static taskq_t *esp_taskq;
171 
172 /*
173  * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now.
174  *
175  * Question:	Do I need this, given that all instance's esps->esps_wq point
176  *		to IP?
177  *
178  * Answer:	Yes, because I need to know which queue is BOUND to
179  *		IPPROTO_ESP
180  */
181 
182 /*
183  * Stats.  This may eventually become a full-blown SNMP MIB once that spec
184  * stabilizes.
185  */
186 
187 typedef struct esp_kstats_s {
188 	kstat_named_t esp_stat_num_aalgs;
189 	kstat_named_t esp_stat_good_auth;
190 	kstat_named_t esp_stat_bad_auth;
191 	kstat_named_t esp_stat_bad_padding;
192 	kstat_named_t esp_stat_replay_failures;
193 	kstat_named_t esp_stat_replay_early_failures;
194 	kstat_named_t esp_stat_keysock_in;
195 	kstat_named_t esp_stat_out_requests;
196 	kstat_named_t esp_stat_acquire_requests;
197 	kstat_named_t esp_stat_bytes_expired;
198 	kstat_named_t esp_stat_out_discards;
199 	kstat_named_t esp_stat_in_accelerated;
200 	kstat_named_t esp_stat_out_accelerated;
201 	kstat_named_t esp_stat_noaccel;
202 	kstat_named_t esp_stat_crypto_sync;
203 	kstat_named_t esp_stat_crypto_async;
204 	kstat_named_t esp_stat_crypto_failures;
205 	kstat_named_t esp_stat_num_ealgs;
206 	kstat_named_t esp_stat_bad_decrypt;
207 	kstat_named_t esp_stat_sa_port_renumbers;
208 } esp_kstats_t;
209 
210 /*
211  * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if
212  * kstat_create_netstack for espstack->esp_ksp succeeds, but when it
213  * fails, it will be NULL. Note this is done for all stack instances,
214  * so it *could* fail. hence a non-NULL checking is done for
215  * ESP_BUMP_STAT and ESP_DEBUMP_STAT
216  */
217 #define	ESP_BUMP_STAT(espstack, x)					\
218 do {									\
219 	if (espstack->esp_kstats != NULL)				\
220 		(espstack->esp_kstats->esp_stat_ ## x).value.ui64++;	\
221 _NOTE(CONSTCOND)							\
222 } while (0)
223 
224 #define	ESP_DEBUMP_STAT(espstack, x)					\
225 do {									\
226 	if (espstack->esp_kstats != NULL)				\
227 		(espstack->esp_kstats->esp_stat_ ## x).value.ui64--;	\
228 _NOTE(CONSTCOND)							\
229 } while (0)
230 
231 static int	esp_kstat_update(kstat_t *, int);
232 
233 static boolean_t
234 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
235 {
236 	espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
237 	    "net", KSTAT_TYPE_NAMED,
238 	    sizeof (esp_kstats_t) / sizeof (kstat_named_t),
239 	    KSTAT_FLAG_PERSISTENT, stackid);
240 
241 	if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
242 		return (B_FALSE);
243 
244 	espstack->esp_kstats = espstack->esp_ksp->ks_data;
245 
246 	espstack->esp_ksp->ks_update = esp_kstat_update;
247 	espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid;
248 
249 #define	K64 KSTAT_DATA_UINT64
250 #define	KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
251 
252 	KI(num_aalgs);
253 	KI(num_ealgs);
254 	KI(good_auth);
255 	KI(bad_auth);
256 	KI(bad_padding);
257 	KI(replay_failures);
258 	KI(replay_early_failures);
259 	KI(keysock_in);
260 	KI(out_requests);
261 	KI(acquire_requests);
262 	KI(bytes_expired);
263 	KI(out_discards);
264 	KI(in_accelerated);
265 	KI(out_accelerated);
266 	KI(noaccel);
267 	KI(crypto_sync);
268 	KI(crypto_async);
269 	KI(crypto_failures);
270 	KI(bad_decrypt);
271 	KI(sa_port_renumbers);
272 
273 #undef KI
274 #undef K64
275 
276 	kstat_install(espstack->esp_ksp);
277 
278 	return (B_TRUE);
279 }
280 
281 static int
282 esp_kstat_update(kstat_t *kp, int rw)
283 {
284 	esp_kstats_t *ekp;
285 	netstackid_t	stackid = (zoneid_t)(uintptr_t)kp->ks_private;
286 	netstack_t	*ns;
287 	ipsec_stack_t	*ipss;
288 
289 	if ((kp == NULL) || (kp->ks_data == NULL))
290 		return (EIO);
291 
292 	if (rw == KSTAT_WRITE)
293 		return (EACCES);
294 
295 	ns = netstack_find_by_stackid(stackid);
296 	if (ns == NULL)
297 		return (-1);
298 	ipss = ns->netstack_ipsec;
299 	if (ipss == NULL) {
300 		netstack_rele(ns);
301 		return (-1);
302 	}
303 	ekp = (esp_kstats_t *)kp->ks_data;
304 
305 	mutex_enter(&ipss->ipsec_alg_lock);
306 	ekp->esp_stat_num_aalgs.value.ui64 =
307 	    ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
308 	ekp->esp_stat_num_ealgs.value.ui64 =
309 	    ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
310 	mutex_exit(&ipss->ipsec_alg_lock);
311 
312 	netstack_rele(ns);
313 	return (0);
314 }
315 
316 #ifdef DEBUG
317 /*
318  * Debug routine, useful to see pre-encryption data.
319  */
320 static char *
321 dump_msg(mblk_t *mp)
322 {
323 	char tmp_str[3], tmp_line[256];
324 
325 	while (mp != NULL) {
326 		unsigned char *ptr;
327 
328 		printf("mblk address 0x%p, length %ld, db_ref %d "
329 		    "type %d, base 0x%p, lim 0x%p\n",
330 		    (void *) mp, (long)(mp->b_wptr - mp->b_rptr),
331 		    mp->b_datap->db_ref, mp->b_datap->db_type,
332 		    (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim);
333 		ptr = mp->b_rptr;
334 
335 		tmp_line[0] = '\0';
336 		while (ptr < mp->b_wptr) {
337 			uint_t diff;
338 
339 			diff = (ptr - mp->b_rptr);
340 			if (!(diff & 0x1f)) {
341 				if (strlen(tmp_line) > 0) {
342 					printf("bytes: %s\n", tmp_line);
343 					tmp_line[0] = '\0';
344 				}
345 			}
346 			if (!(diff & 0x3))
347 				(void) strcat(tmp_line, " ");
348 			(void) sprintf(tmp_str, "%02x", *ptr);
349 			(void) strcat(tmp_line, tmp_str);
350 			ptr++;
351 		}
352 		if (strlen(tmp_line) > 0)
353 			printf("bytes: %s\n", tmp_line);
354 
355 		mp = mp->b_cont;
356 	}
357 
358 	return ("\n");
359 }
360 
361 #else /* DEBUG */
362 static char *
363 dump_msg(mblk_t *mp)
364 {
365 	printf("Find value of mp %p.\n", mp);
366 	return ("\n");
367 }
368 #endif /* DEBUG */
369 
370 /*
371  * Don't have to lock age_interval, as only one thread will access it at
372  * a time, because I control the one function that does with timeout().
373  */
374 static void
375 esp_ager(void *arg)
376 {
377 	ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
378 	netstack_t	*ns = espstack->ipsecesp_netstack;
379 	hrtime_t begin = gethrtime();
380 
381 	sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
382 	    espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns);
383 	sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q,
384 	    espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns);
385 
386 	espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q,
387 	    esp_ager, espstack,
388 	    &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max,
389 	    info.mi_idnum);
390 }
391 
392 /*
393  * Get an ESP NDD parameter.
394  */
395 /* ARGSUSED */
396 static int
397 ipsecesp_param_get(q, mp, cp, cr)
398 	queue_t	*q;
399 	mblk_t	*mp;
400 	caddr_t	cp;
401 	cred_t *cr;
402 {
403 	ipsecespparam_t	*ipsecesppa = (ipsecespparam_t *)cp;
404 	uint_t value;
405 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
406 
407 	mutex_enter(&espstack->ipsecesp_param_lock);
408 	value = ipsecesppa->ipsecesp_param_value;
409 	mutex_exit(&espstack->ipsecesp_param_lock);
410 
411 	(void) mi_mpprintf(mp, "%u", value);
412 	return (0);
413 }
414 
415 /*
416  * This routine sets an NDD variable in a ipsecespparam_t structure.
417  */
418 /* ARGSUSED */
419 static int
420 ipsecesp_param_set(q, mp, value, cp, cr)
421 	queue_t	*q;
422 	mblk_t	*mp;
423 	char	*value;
424 	caddr_t	cp;
425 	cred_t *cr;
426 {
427 	ulong_t	new_value;
428 	ipsecespparam_t	*ipsecesppa = (ipsecespparam_t *)cp;
429 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
430 
431 	/*
432 	 * Fail the request if the new value does not lie within the
433 	 * required bounds.
434 	 */
435 	if (ddi_strtoul(value, NULL, 10, &new_value) != 0 ||
436 	    new_value < ipsecesppa->ipsecesp_param_min ||
437 	    new_value > ipsecesppa->ipsecesp_param_max) {
438 		return (EINVAL);
439 	}
440 
441 	/* Set the new value */
442 	mutex_enter(&espstack->ipsecesp_param_lock);
443 	ipsecesppa->ipsecesp_param_value = new_value;
444 	mutex_exit(&espstack->ipsecesp_param_lock);
445 	return (0);
446 }
447 
448 /*
449  * Using lifetime NDD variables, fill in an extended combination's
450  * lifetime information.
451  */
452 void
453 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns)
454 {
455 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
456 
457 	ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes;
458 	ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes;
459 	ecomb->sadb_x_ecomb_soft_addtime =
460 	    espstack->ipsecesp_default_soft_addtime;
461 	ecomb->sadb_x_ecomb_hard_addtime =
462 	    espstack->ipsecesp_default_hard_addtime;
463 	ecomb->sadb_x_ecomb_soft_usetime =
464 	    espstack->ipsecesp_default_soft_usetime;
465 	ecomb->sadb_x_ecomb_hard_usetime =
466 	    espstack->ipsecesp_default_hard_usetime;
467 }
468 
469 /*
470  * Initialize things for ESP at module load time.
471  */
472 boolean_t
473 ipsecesp_ddi_init(void)
474 {
475 	esp_taskq = taskq_create("esp_taskq", 1, minclsyspri,
476 	    IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0);
477 
478 	/*
479 	 * We want to be informed each time a stack is created or
480 	 * destroyed in the kernel, so we can maintain the
481 	 * set of ipsecesp_stack_t's.
482 	 */
483 	netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL,
484 	    ipsecesp_stack_fini);
485 
486 	return (B_TRUE);
487 }
488 
489 /*
490  * Walk through the param array specified registering each element with the
491  * named dispatch handler.
492  */
493 static boolean_t
494 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt)
495 {
496 	for (; cnt-- > 0; espp++) {
497 		if (espp->ipsecesp_param_name != NULL &&
498 		    espp->ipsecesp_param_name[0]) {
499 			if (!nd_load(ndp,
500 			    espp->ipsecesp_param_name,
501 			    ipsecesp_param_get, ipsecesp_param_set,
502 			    (caddr_t)espp)) {
503 				nd_free(ndp);
504 				return (B_FALSE);
505 			}
506 		}
507 	}
508 	return (B_TRUE);
509 }
510 /*
511  * Initialize things for ESP for each stack instance
512  */
513 static void *
514 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns)
515 {
516 	ipsecesp_stack_t	*espstack;
517 	ipsecespparam_t		*espp;
518 
519 	espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack),
520 	    KM_SLEEP);
521 	espstack->ipsecesp_netstack = ns;
522 
523 	espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
524 	espstack->ipsecesp_params = espp;
525 	bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr));
526 
527 	(void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp,
528 	    A_CNT(lcl_param_arr));
529 
530 	(void) esp_kstat_init(espstack, stackid);
531 
532 	espstack->esp_sadb.s_acquire_timeout =
533 	    &espstack->ipsecesp_acquire_timeout;
534 	espstack->esp_sadb.s_acqfn = esp_send_acquire;
535 	sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size,
536 	    espstack->ipsecesp_netstack);
537 
538 	mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0);
539 
540 	ip_drop_register(&espstack->esp_dropper, "IPsec ESP");
541 	return (espstack);
542 }
543 
544 /*
545  * Destroy things for ESP at module unload time.
546  */
547 void
548 ipsecesp_ddi_destroy(void)
549 {
550 	netstack_unregister(NS_IPSECESP);
551 	taskq_destroy(esp_taskq);
552 }
553 
554 /*
555  * Destroy things for ESP for one stack instance
556  */
557 static void
558 ipsecesp_stack_fini(netstackid_t stackid, void *arg)
559 {
560 	ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
561 
562 	if (espstack->esp_pfkey_q != NULL) {
563 		(void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event);
564 	}
565 	espstack->esp_sadb.s_acqfn = NULL;
566 	espstack->esp_sadb.s_acquire_timeout = NULL;
567 	sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack);
568 	ip_drop_unregister(&espstack->esp_dropper);
569 	mutex_destroy(&espstack->ipsecesp_param_lock);
570 	nd_free(&espstack->ipsecesp_g_nd);
571 
572 	kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr));
573 	espstack->ipsecesp_params = NULL;
574 	kstat_delete_netstack(espstack->esp_ksp, stackid);
575 	espstack->esp_ksp = NULL;
576 	espstack->esp_kstats = NULL;
577 	kmem_free(espstack, sizeof (*espstack));
578 }
579 
580 /*
581  * ESP module open routine.
582  */
583 /* ARGSUSED */
584 static int
585 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
586 {
587 	netstack_t		*ns;
588 	ipsecesp_stack_t	*espstack;
589 
590 	if (secpolicy_ip_config(credp, B_FALSE) != 0)
591 		return (EPERM);
592 
593 	if (q->q_ptr != NULL)
594 		return (0);  /* Re-open of an already open instance. */
595 
596 	if (sflag != MODOPEN)
597 		return (EINVAL);
598 
599 	ns = netstack_find_by_cred(credp);
600 	ASSERT(ns != NULL);
601 	espstack = ns->netstack_ipsecesp;
602 	ASSERT(espstack != NULL);
603 
604 	/*
605 	 * ASSUMPTIONS (because I'm MT_OCEXCL):
606 	 *
607 	 *	* I'm being pushed on top of IP for all my opens (incl. #1).
608 	 *	* Only ipsecesp_open() can write into esp_sadb.s_ip_q.
609 	 *	* Because of this, I can check lazily for esp_sadb.s_ip_q.
610 	 *
611 	 *  If these assumptions are wrong, I'm in BIG trouble...
612 	 */
613 
614 	q->q_ptr = espstack;
615 	WR(q)->q_ptr = q->q_ptr;
616 
617 	if (espstack->esp_sadb.s_ip_q == NULL) {
618 		struct T_unbind_req *tur;
619 
620 		espstack->esp_sadb.s_ip_q = WR(q);
621 		/* Allocate an unbind... */
622 		espstack->esp_ip_unbind = allocb(sizeof (struct T_unbind_req),
623 		    BPRI_HI);
624 
625 		/*
626 		 * Send down T_BIND_REQ to bind IPPROTO_ESP.
627 		 * Handle the ACK here in ESP.
628 		 */
629 		qprocson(q);
630 		if (espstack->esp_ip_unbind == NULL ||
631 		    !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) {
632 			if (espstack->esp_ip_unbind != NULL) {
633 				freeb(espstack->esp_ip_unbind);
634 				espstack->esp_ip_unbind = NULL;
635 			}
636 			q->q_ptr = NULL;
637 			netstack_rele(espstack->ipsecesp_netstack);
638 			return (ENOMEM);
639 		}
640 
641 		espstack->esp_ip_unbind->b_datap->db_type = M_PROTO;
642 		tur = (struct T_unbind_req *)espstack->esp_ip_unbind->b_rptr;
643 		tur->PRIM_type = T_UNBIND_REQ;
644 	} else {
645 		qprocson(q);
646 	}
647 
648 	/*
649 	 * For now, there's not much I can do.  I'll be getting a message
650 	 * passed down to me from keysock (in my wput), and a T_BIND_ACK
651 	 * up from IP (in my rput).
652 	 */
653 
654 	return (0);
655 }
656 
657 /*
658  * ESP module close routine.
659  */
660 static int
661 ipsecesp_close(queue_t *q)
662 {
663 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
664 
665 	/*
666 	 * If esp_sadb.s_ip_q is attached to this instance, send a
667 	 * T_UNBIND_REQ to IP for the instance before doing
668 	 * a qprocsoff().
669 	 */
670 	if (WR(q) == espstack->esp_sadb.s_ip_q &&
671 	    espstack->esp_ip_unbind != NULL) {
672 		putnext(WR(q), espstack->esp_ip_unbind);
673 		espstack->esp_ip_unbind = NULL;
674 	}
675 
676 	/*
677 	 * Clean up q_ptr, if needed.
678 	 */
679 	qprocsoff(q);
680 
681 	/* Keysock queue check is safe, because of OCEXCL perimeter. */
682 
683 	if (q == espstack->esp_pfkey_q) {
684 		esp1dbg(espstack,
685 		    ("ipsecesp_close:  Ummm... keysock is closing ESP.\n"));
686 		espstack->esp_pfkey_q = NULL;
687 		/* Detach qtimeouts. */
688 		(void) quntimeout(q, espstack->esp_event);
689 	}
690 
691 	if (WR(q) == espstack->esp_sadb.s_ip_q) {
692 		/*
693 		 * If the esp_sadb.s_ip_q is attached to this instance, find
694 		 * another.  The OCEXCL outer perimeter helps us here.
695 		 */
696 		espstack->esp_sadb.s_ip_q = NULL;
697 
698 		/*
699 		 * Find a replacement queue for esp_sadb.s_ip_q.
700 		 */
701 		if (espstack->esp_pfkey_q != NULL &&
702 		    espstack->esp_pfkey_q != RD(q)) {
703 			/*
704 			 * See if we can use the pfkey_q.
705 			 */
706 			espstack->esp_sadb.s_ip_q = WR(espstack->esp_pfkey_q);
707 		}
708 
709 		if (espstack->esp_sadb.s_ip_q == NULL ||
710 		    !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) {
711 			esp1dbg(espstack, ("ipsecesp: Can't reassign ip_q.\n"));
712 			espstack->esp_sadb.s_ip_q = NULL;
713 		} else {
714 			espstack->esp_ip_unbind =
715 			    allocb(sizeof (struct T_unbind_req), BPRI_HI);
716 
717 			if (espstack->esp_ip_unbind != NULL) {
718 				struct T_unbind_req *tur;
719 
720 				espstack->esp_ip_unbind->b_datap->db_type =
721 				    M_PROTO;
722 				tur = (struct T_unbind_req *)
723 				    espstack->esp_ip_unbind->b_rptr;
724 				tur->PRIM_type = T_UNBIND_REQ;
725 			}
726 			/* If it's NULL, I can't do much here. */
727 		}
728 	}
729 
730 	netstack_rele(espstack->ipsecesp_netstack);
731 	return (0);
732 }
733 
734 /*
735  * Add a number of bytes to what the SA has protected so far.  Return
736  * B_TRUE if the SA can still protect that many bytes.
737  *
738  * Caller must REFRELE the passed-in assoc.  This function must REFRELE
739  * any obtained peer SA.
740  */
741 static boolean_t
742 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound)
743 {
744 	ipsa_t *inassoc, *outassoc;
745 	isaf_t *bucket;
746 	boolean_t inrc, outrc, isv6;
747 	sadb_t *sp;
748 	int outhash;
749 	netstack_t		*ns = assoc->ipsa_netstack;
750 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
751 
752 	/* No peer?  No problem! */
753 	if (!assoc->ipsa_haspeer) {
754 		return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes,
755 		    B_TRUE));
756 	}
757 
758 	/*
759 	 * Otherwise, we want to grab both the original assoc and its peer.
760 	 * There might be a race for this, but if it's a real race, two
761 	 * expire messages may occur.  We limit this by only sending the
762 	 * expire message on one of the peers, we'll pick the inbound
763 	 * arbitrarily.
764 	 *
765 	 * If we need tight synchronization on the peer SA, then we need to
766 	 * reconsider.
767 	 */
768 
769 	/* Use address length to select IPv6/IPv4 */
770 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
771 	sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
772 
773 	if (inbound) {
774 		inassoc = assoc;
775 		if (isv6) {
776 			outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
777 			    &inassoc->ipsa_dstaddr));
778 		} else {
779 			outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
780 			    &inassoc->ipsa_dstaddr));
781 		}
782 		bucket = &sp->sdb_of[outhash];
783 		mutex_enter(&bucket->isaf_lock);
784 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
785 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
786 		    inassoc->ipsa_addrfam);
787 		mutex_exit(&bucket->isaf_lock);
788 		if (outassoc == NULL) {
789 			/* Q: Do we wish to set haspeer == B_FALSE? */
790 			esp0dbg(("esp_age_bytes: "
791 			    "can't find peer for inbound.\n"));
792 			return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc,
793 			    bytes, B_TRUE));
794 		}
795 	} else {
796 		outassoc = assoc;
797 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
798 		mutex_enter(&bucket->isaf_lock);
799 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
800 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
801 		    outassoc->ipsa_addrfam);
802 		mutex_exit(&bucket->isaf_lock);
803 		if (inassoc == NULL) {
804 			/* Q: Do we wish to set haspeer == B_FALSE? */
805 			esp0dbg(("esp_age_bytes: "
806 			    "can't find peer for outbound.\n"));
807 			return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc,
808 			    bytes, B_TRUE));
809 		}
810 	}
811 
812 	inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE);
813 	outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE);
814 
815 	/*
816 	 * REFRELE any peer SA.
817 	 *
818 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
819 	 * them in { }.
820 	 */
821 	if (inbound) {
822 		IPSA_REFRELE(outassoc);
823 	} else {
824 		IPSA_REFRELE(inassoc);
825 	}
826 
827 	return (inrc && outrc);
828 }
829 
830 /*
831  * Do incoming NAT-T manipulations for packet.
832  */
833 static ipsec_status_t
834 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc)
835 {
836 	ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
837 	tcpha_t *tcph;
838 	udpha_t *udpha;
839 	/* Initialize to our inbound cksum adjustment... */
840 	uint32_t sum = assoc->ipsa_inbound_cksum;
841 
842 	switch (ipha->ipha_protocol) {
843 	case IPPROTO_TCP:
844 		tcph = (tcpha_t *)(data_mp->b_rptr +
845 		    IPH_HDR_LENGTH(ipha));
846 
847 #define	DOWN_SUM(x) (x) = ((x) & 0xFFFF) +	 ((x) >> 16)
848 		sum += ~ntohs(tcph->tha_sum) & 0xFFFF;
849 		DOWN_SUM(sum);
850 		DOWN_SUM(sum);
851 		tcph->tha_sum = ~htons(sum);
852 		break;
853 	case IPPROTO_UDP:
854 		udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha));
855 
856 		if (udpha->uha_checksum != 0) {
857 			/* Adujst if the inbound one was not zero. */
858 			sum += ~ntohs(udpha->uha_checksum) & 0xFFFF;
859 			DOWN_SUM(sum);
860 			DOWN_SUM(sum);
861 			udpha->uha_checksum = ~htons(sum);
862 			if (udpha->uha_checksum == 0)
863 				udpha->uha_checksum = 0xFFFF;
864 		}
865 #undef DOWN_SUM
866 		break;
867 	case IPPROTO_IP:
868 		/*
869 		 * This case is only an issue for self-encapsulated
870 		 * packets.  So for now, fall through.
871 		 */
872 		break;
873 	}
874 	return (IPSEC_STATUS_SUCCESS);
875 }
876 
877 
878 /*
879  * Strip ESP header, check padding, and fix IP header.
880  * Returns B_TRUE on success, B_FALSE if an error occured.
881  */
882 static boolean_t
883 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen,
884     kstat_named_t **counter, ipsecesp_stack_t *espstack)
885 {
886 	ipha_t *ipha;
887 	ip6_t *ip6h;
888 	uint_t divpoint;
889 	mblk_t *scratch;
890 	uint8_t nexthdr, padlen;
891 	uint8_t lastpad;
892 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
893 	uint8_t *lastbyte;
894 
895 	/*
896 	 * Strip ESP data and fix IP header.
897 	 *
898 	 * XXX In case the beginning of esp_inbound() changes to not do a
899 	 * pullup, this part of the code can remain unchanged.
900 	 */
901 	if (isv4) {
902 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t));
903 		ipha = (ipha_t *)data_mp->b_rptr;
904 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) +
905 		    IPH_HDR_LENGTH(ipha));
906 		divpoint = IPH_HDR_LENGTH(ipha);
907 	} else {
908 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t));
909 		ip6h = (ip6_t *)data_mp->b_rptr;
910 		divpoint = ip_hdr_length_v6(data_mp, ip6h);
911 	}
912 
913 	scratch = data_mp;
914 	while (scratch->b_cont != NULL)
915 		scratch = scratch->b_cont;
916 
917 	ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3);
918 
919 	/*
920 	 * "Next header" and padding length are the last two bytes in the
921 	 * ESP-protected datagram, thus the explicit - 1 and - 2.
922 	 * lastpad is the last byte of the padding, which can be used for
923 	 * a quick check to see if the padding is correct.
924 	 */
925 	lastbyte = scratch->b_wptr - 1;
926 	nexthdr = *lastbyte--;
927 	padlen = *lastbyte--;
928 
929 	if (isv4) {
930 		/* Fix part of the IP header. */
931 		ipha->ipha_protocol = nexthdr;
932 		/*
933 		 * Reality check the padlen.  The explicit - 2 is for the
934 		 * padding length and the next-header bytes.
935 		 */
936 		if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 -
937 		    sizeof (esph_t) - ivlen) {
938 			ESP_BUMP_STAT(espstack, bad_decrypt);
939 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
940 			    info.mi_idnum, 0, 0,
941 			    SL_ERROR | SL_WARN,
942 			    "Corrupt ESP packet (padlen too big).\n");
943 			esp1dbg(espstack, ("padlen (%d) is greater than:\n",
944 			    padlen));
945 			esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp "
946 			    "hdr - ivlen(%d) = %d.\n",
947 			    ntohs(ipha->ipha_length), ivlen,
948 			    (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) -
949 			    2 - sizeof (esph_t) - ivlen)));
950 			*counter = DROPPER(ipss, ipds_esp_bad_padlen);
951 			return (B_FALSE);
952 		}
953 
954 		/*
955 		 * Fix the rest of the header.  The explicit - 2 is for the
956 		 * padding length and the next-header bytes.
957 		 */
958 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen -
959 		    2 - sizeof (esph_t) - ivlen);
960 		ipha->ipha_hdr_checksum = 0;
961 		ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
962 	} else {
963 		if (ip6h->ip6_nxt == IPPROTO_ESP) {
964 			ip6h->ip6_nxt = nexthdr;
965 		} else {
966 			ip6_pkt_t ipp;
967 
968 			bzero(&ipp, sizeof (ipp));
969 			(void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL);
970 			if (ipp.ipp_dstopts != NULL) {
971 				ipp.ipp_dstopts->ip6d_nxt = nexthdr;
972 			} else if (ipp.ipp_rthdr != NULL) {
973 				ipp.ipp_rthdr->ip6r_nxt = nexthdr;
974 			} else if (ipp.ipp_hopopts != NULL) {
975 				ipp.ipp_hopopts->ip6h_nxt = nexthdr;
976 			} else {
977 				/* Panic a DEBUG kernel. */
978 				ASSERT(ipp.ipp_hopopts != NULL);
979 				/* Otherwise, pretend it's IP + ESP. */
980 				cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n");
981 				ip6h->ip6_nxt = nexthdr;
982 			}
983 		}
984 
985 		if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) -
986 		    ivlen) {
987 			ESP_BUMP_STAT(espstack, bad_decrypt);
988 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
989 			    info.mi_idnum, 0, 0,
990 			    SL_ERROR | SL_WARN,
991 			    "Corrupt ESP packet (v6 padlen too big).\n");
992 			esp1dbg(espstack, ("padlen (%d) is greater than:\n",
993 			    padlen));
994 			esp1dbg(espstack,
995 			    ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = "
996 			    "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen)
997 			    + sizeof (ip6_t)), ivlen,
998 			    (unsigned)(ntohs(ip6h->ip6_plen) - 2 -
999 			    sizeof (esph_t) - ivlen)));
1000 			*counter = DROPPER(ipss, ipds_esp_bad_padlen);
1001 			return (B_FALSE);
1002 		}
1003 
1004 
1005 		/*
1006 		 * Fix the rest of the header.  The explicit - 2 is for the
1007 		 * padding length and the next-header bytes.  IPv6 is nice,
1008 		 * because there's no hdr checksum!
1009 		 */
1010 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen -
1011 		    2 - sizeof (esph_t) - ivlen);
1012 	}
1013 
1014 	if (espstack->ipsecesp_padding_check > 0 && padlen > 0) {
1015 		/*
1016 		 * Weak padding check: compare last-byte to length, they
1017 		 * should be equal.
1018 		 */
1019 		lastpad = *lastbyte--;
1020 
1021 		if (padlen != lastpad) {
1022 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
1023 			    info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
1024 			    "Corrupt ESP packet (lastpad != padlen).\n");
1025 			esp1dbg(espstack,
1026 			    ("lastpad (%d) not equal to padlen (%d):\n",
1027 			    lastpad, padlen));
1028 			ESP_BUMP_STAT(espstack, bad_padding);
1029 			*counter = DROPPER(ipss, ipds_esp_bad_padding);
1030 			return (B_FALSE);
1031 		}
1032 
1033 		/*
1034 		 * Strong padding check: Check all pad bytes to see that
1035 		 * they're ascending.  Go backwards using a descending counter
1036 		 * to verify.  padlen == 1 is checked by previous block, so
1037 		 * only bother if we've more than 1 byte of padding.
1038 		 * Consequently, start the check one byte before the location
1039 		 * of "lastpad".
1040 		 */
1041 		if (espstack->ipsecesp_padding_check > 1) {
1042 			/*
1043 			 * This assert may have to become an if and a pullup
1044 			 * if we start accepting multi-dblk mblks. For now,
1045 			 * though, any packet here will have been pulled up in
1046 			 * esp_inbound.
1047 			 */
1048 			ASSERT(MBLKL(scratch) >= lastpad + 3);
1049 
1050 			/*
1051 			 * Use "--lastpad" because we already checked the very
1052 			 * last pad byte previously.
1053 			 */
1054 			while (--lastpad != 0) {
1055 				if (lastpad != *lastbyte) {
1056 					ipsec_rl_strlog(
1057 					    espstack->ipsecesp_netstack,
1058 					    info.mi_idnum, 0, 0,
1059 					    SL_ERROR | SL_WARN, "Corrupt ESP "
1060 					    "packet (bad padding).\n");
1061 					esp1dbg(espstack,
1062 					    ("padding not in correct"
1063 					    " format:\n"));
1064 					ESP_BUMP_STAT(espstack, bad_padding);
1065 					*counter = DROPPER(ipss,
1066 					    ipds_esp_bad_padding);
1067 					return (B_FALSE);
1068 				}
1069 				lastbyte--;
1070 			}
1071 		}
1072 	}
1073 
1074 	/* Trim off the padding. */
1075 	ASSERT(data_mp->b_cont == NULL);
1076 	data_mp->b_wptr -= (padlen + 2);
1077 
1078 	/*
1079 	 * Remove the ESP header.
1080 	 *
1081 	 * The above assertions about data_mp's size will make this work.
1082 	 *
1083 	 * XXX  Question:  If I send up and get back a contiguous mblk,
1084 	 * would it be quicker to bcopy over, or keep doing the dupb stuff?
1085 	 * I go with copying for now.
1086 	 */
1087 
1088 	if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) &&
1089 	    IS_P2ALIGNED(ivlen, sizeof (uint32_t))) {
1090 		uint8_t *start = data_mp->b_rptr;
1091 		uint32_t *src, *dst;
1092 
1093 		src = (uint32_t *)(start + divpoint);
1094 		dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen);
1095 
1096 		ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1097 		    IS_P2ALIGNED(src, sizeof (uint32_t)));
1098 
1099 		do {
1100 			src--;
1101 			dst--;
1102 			*dst = *src;
1103 		} while (src != (uint32_t *)start);
1104 
1105 		data_mp->b_rptr = (uchar_t *)dst;
1106 	} else {
1107 		uint8_t *start = data_mp->b_rptr;
1108 		uint8_t *src, *dst;
1109 
1110 		src = start + divpoint;
1111 		dst = src + sizeof (esph_t) + ivlen;
1112 
1113 		do {
1114 			src--;
1115 			dst--;
1116 			*dst = *src;
1117 		} while (src != start);
1118 
1119 		data_mp->b_rptr = dst;
1120 	}
1121 
1122 	esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n"));
1123 	esp2dbg(espstack, (dump_msg(data_mp)));
1124 
1125 	return (B_TRUE);
1126 }
1127 
1128 /*
1129  * Updating use times can be tricky business if the ipsa_haspeer flag is
1130  * set.  This function is called once in an SA's lifetime.
1131  *
1132  * Caller has to REFRELE "assoc" which is passed in.  This function has
1133  * to REFRELE any peer SA that is obtained.
1134  */
1135 static void
1136 esp_set_usetime(ipsa_t *assoc, boolean_t inbound)
1137 {
1138 	ipsa_t *inassoc, *outassoc;
1139 	isaf_t *bucket;
1140 	sadb_t *sp;
1141 	int outhash;
1142 	boolean_t isv6;
1143 	netstack_t		*ns = assoc->ipsa_netstack;
1144 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
1145 
1146 	/* No peer?  No problem! */
1147 	if (!assoc->ipsa_haspeer) {
1148 		sadb_set_usetime(assoc);
1149 		return;
1150 	}
1151 
1152 	/*
1153 	 * Otherwise, we want to grab both the original assoc and its peer.
1154 	 * There might be a race for this, but if it's a real race, the times
1155 	 * will be out-of-synch by at most a second, and since our time
1156 	 * granularity is a second, this won't be a problem.
1157 	 *
1158 	 * If we need tight synchronization on the peer SA, then we need to
1159 	 * reconsider.
1160 	 */
1161 
1162 	/* Use address length to select IPv6/IPv4 */
1163 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
1164 	sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
1165 
1166 	if (inbound) {
1167 		inassoc = assoc;
1168 		if (isv6) {
1169 			outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
1170 			    &inassoc->ipsa_dstaddr));
1171 		} else {
1172 			outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
1173 			    &inassoc->ipsa_dstaddr));
1174 		}
1175 		bucket = &sp->sdb_of[outhash];
1176 		mutex_enter(&bucket->isaf_lock);
1177 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1178 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1179 		    inassoc->ipsa_addrfam);
1180 		mutex_exit(&bucket->isaf_lock);
1181 		if (outassoc == NULL) {
1182 			/* Q: Do we wish to set haspeer == B_FALSE? */
1183 			esp0dbg(("esp_set_usetime: "
1184 			    "can't find peer for inbound.\n"));
1185 			sadb_set_usetime(inassoc);
1186 			return;
1187 		}
1188 	} else {
1189 		outassoc = assoc;
1190 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1191 		mutex_enter(&bucket->isaf_lock);
1192 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1193 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1194 		    outassoc->ipsa_addrfam);
1195 		mutex_exit(&bucket->isaf_lock);
1196 		if (inassoc == NULL) {
1197 			/* Q: Do we wish to set haspeer == B_FALSE? */
1198 			esp0dbg(("esp_set_usetime: "
1199 			    "can't find peer for outbound.\n"));
1200 			sadb_set_usetime(outassoc);
1201 			return;
1202 		}
1203 	}
1204 
1205 	/* Update usetime on both. */
1206 	sadb_set_usetime(inassoc);
1207 	sadb_set_usetime(outassoc);
1208 
1209 	/*
1210 	 * REFRELE any peer SA.
1211 	 *
1212 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1213 	 * them in { }.
1214 	 */
1215 	if (inbound) {
1216 		IPSA_REFRELE(outassoc);
1217 	} else {
1218 		IPSA_REFRELE(inassoc);
1219 	}
1220 }
1221 
1222 /*
1223  * Handle ESP inbound data for IPv4 and IPv6.
1224  * On success returns B_TRUE, on failure returns B_FALSE and frees the
1225  * mblk chain ipsec_in_mp.
1226  */
1227 ipsec_status_t
1228 esp_inbound(mblk_t *ipsec_in_mp, void *arg)
1229 {
1230 	mblk_t *data_mp = ipsec_in_mp->b_cont;
1231 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr;
1232 	esph_t *esph = (esph_t *)arg;
1233 	ipsa_t *ipsa = ii->ipsec_in_esp_sa;
1234 	netstack_t	*ns = ii->ipsec_in_ns;
1235 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1236 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1237 
1238 	/*
1239 	 * We may wish to check replay in-range-only here as an optimization.
1240 	 * Include the reality check of ipsa->ipsa_replay >
1241 	 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
1242 	 * where N == ipsa->ipsa_replay_wsize.
1243 	 *
1244 	 * Another check that may come here later is the "collision" check.
1245 	 * If legitimate packets flow quickly enough, this won't be a problem,
1246 	 * but collisions may cause authentication algorithm crunching to
1247 	 * take place when it doesn't need to.
1248 	 */
1249 	if (!sadb_replay_peek(ipsa, esph->esph_replay)) {
1250 		ESP_BUMP_STAT(espstack, replay_early_failures);
1251 		IP_ESP_BUMP_STAT(ipss, in_discards);
1252 		/*
1253 		 * TODO: Extract inbound interface from the IPSEC_IN
1254 		 * message's ii->ipsec_in_rill_index.
1255 		 */
1256 		ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL,
1257 		    DROPPER(ipss, ipds_esp_early_replay),
1258 		    &espstack->esp_dropper);
1259 		return (IPSEC_STATUS_FAILED);
1260 	}
1261 
1262 	/*
1263 	 * Has this packet already been processed by a hardware
1264 	 * IPsec accelerator?
1265 	 */
1266 	if (ii->ipsec_in_accelerated) {
1267 		ipsec_status_t rv;
1268 		esp3dbg(espstack,
1269 		    ("esp_inbound: pkt processed by ill=%d isv6=%d\n",
1270 		    ii->ipsec_in_ill_index, !ii->ipsec_in_v4));
1271 		rv = esp_inbound_accelerated(ipsec_in_mp,
1272 		    data_mp, ii->ipsec_in_v4, ipsa);
1273 		return (rv);
1274 	}
1275 	ESP_BUMP_STAT(espstack, noaccel);
1276 
1277 	/*
1278 	 * Adjust the IP header's payload length to reflect the removal
1279 	 * of the ICV.
1280 	 */
1281 	if (!ii->ipsec_in_v4) {
1282 		ip6_t *ip6h = (ip6_t *)data_mp->b_rptr;
1283 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) -
1284 		    ipsa->ipsa_mac_len);
1285 	} else {
1286 		ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
1287 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) -
1288 		    ipsa->ipsa_mac_len);
1289 	}
1290 
1291 	/* submit the request to the crypto framework */
1292 	return (esp_submit_req_inbound(ipsec_in_mp, ipsa,
1293 	    (uint8_t *)esph - data_mp->b_rptr));
1294 }
1295 
1296 /*
1297  * Perform the really difficult work of inserting the proposed situation.
1298  * Called while holding the algorithm lock.
1299  */
1300 static void
1301 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs)
1302 {
1303 	sadb_comb_t *comb = (sadb_comb_t *)(prop + 1);
1304 	ipsec_out_t *io;
1305 	ipsec_action_t *ap;
1306 	ipsec_prot_t *prot;
1307 	netstack_t *ns;
1308 	ipsecesp_stack_t *espstack;
1309 	ipsec_stack_t *ipss;
1310 
1311 	io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr;
1312 	ASSERT(io->ipsec_out_type == IPSEC_OUT);
1313 	ns = io->ipsec_out_ns;
1314 	espstack = ns->netstack_ipsecesp;
1315 	ipss = ns->netstack_ipsec;
1316 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1317 
1318 	prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
1319 	prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
1320 	*(uint32_t *)(&prop->sadb_prop_replay) = 0;	/* Quick zero-out! */
1321 
1322 	prop->sadb_prop_replay = espstack->ipsecesp_replay_size;
1323 
1324 	/*
1325 	 * Based upon algorithm properties, and what-not, prioritize
1326 	 * a proposal.  If the IPSEC_OUT message has an algorithm specified,
1327 	 * use it first and foremost.
1328 	 *
1329 	 * For each action in policy list
1330 	 *   Add combination.  If I've hit limit, return.
1331 	 */
1332 
1333 	for (ap = acqrec->ipsacq_act; ap != NULL;
1334 	    ap = ap->ipa_next) {
1335 		ipsec_alginfo_t *ealg = NULL;
1336 		ipsec_alginfo_t *aalg = NULL;
1337 
1338 		if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY)
1339 			continue;
1340 
1341 		prot = &ap->ipa_act.ipa_apply;
1342 
1343 		if (!(prot->ipp_use_esp))
1344 			continue;
1345 
1346 		if (prot->ipp_esp_auth_alg != 0) {
1347 			aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
1348 			    [prot->ipp_esp_auth_alg];
1349 			if (aalg == NULL || !ALG_VALID(aalg))
1350 				continue;
1351 		}
1352 
1353 		ASSERT(prot->ipp_encr_alg > 0);
1354 		ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
1355 		    [prot->ipp_encr_alg];
1356 		if (ealg == NULL || !ALG_VALID(ealg))
1357 			continue;
1358 
1359 		comb->sadb_comb_flags = 0;
1360 		comb->sadb_comb_reserved = 0;
1361 		comb->sadb_comb_encrypt = ealg->alg_id;
1362 		comb->sadb_comb_encrypt_minbits =
1363 		    MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits);
1364 		comb->sadb_comb_encrypt_maxbits =
1365 		    MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits);
1366 		if (aalg == NULL) {
1367 			comb->sadb_comb_auth = 0;
1368 			comb->sadb_comb_auth_minbits = 0;
1369 			comb->sadb_comb_auth_maxbits = 0;
1370 		} else {
1371 			comb->sadb_comb_auth = aalg->alg_id;
1372 			comb->sadb_comb_auth_minbits =
1373 			    MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits);
1374 			comb->sadb_comb_auth_maxbits =
1375 			    MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits);
1376 		}
1377 
1378 		/*
1379 		 * The following may be based on algorithm
1380 		 * properties, but in the meantime, we just pick
1381 		 * some good, sensible numbers.  Key mgmt. can
1382 		 * (and perhaps should) be the place to finalize
1383 		 * such decisions.
1384 		 */
1385 
1386 		/*
1387 		 * No limits on allocations, since we really don't
1388 		 * support that concept currently.
1389 		 */
1390 		comb->sadb_comb_soft_allocations = 0;
1391 		comb->sadb_comb_hard_allocations = 0;
1392 
1393 		/*
1394 		 * These may want to come from policy rule..
1395 		 */
1396 		comb->sadb_comb_soft_bytes =
1397 		    espstack->ipsecesp_default_soft_bytes;
1398 		comb->sadb_comb_hard_bytes =
1399 		    espstack->ipsecesp_default_hard_bytes;
1400 		comb->sadb_comb_soft_addtime =
1401 		    espstack->ipsecesp_default_soft_addtime;
1402 		comb->sadb_comb_hard_addtime =
1403 		    espstack->ipsecesp_default_hard_addtime;
1404 		comb->sadb_comb_soft_usetime =
1405 		    espstack->ipsecesp_default_soft_usetime;
1406 		comb->sadb_comb_hard_usetime =
1407 		    espstack->ipsecesp_default_hard_usetime;
1408 
1409 		prop->sadb_prop_len += SADB_8TO64(sizeof (*comb));
1410 		if (--combs == 0)
1411 			break;	/* out of space.. */
1412 		comb++;
1413 	}
1414 }
1415 
1416 /*
1417  * Prepare and actually send the SADB_ACQUIRE message to PF_KEY.
1418  */
1419 static void
1420 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns)
1421 {
1422 	uint_t combs;
1423 	sadb_msg_t *samsg;
1424 	sadb_prop_t *prop;
1425 	mblk_t *pfkeymp, *msgmp;
1426 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1427 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1428 
1429 	ESP_BUMP_STAT(espstack, acquire_requests);
1430 
1431 	if (espstack->esp_pfkey_q == NULL) {
1432 		mutex_exit(&acqrec->ipsacq_lock);
1433 		return;
1434 	}
1435 
1436 	/* Set up ACQUIRE. */
1437 	pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP,
1438 	    ns->netstack_ipsec);
1439 	if (pfkeymp == NULL) {
1440 		esp0dbg(("sadb_setup_acquire failed.\n"));
1441 		mutex_exit(&acqrec->ipsacq_lock);
1442 		return;
1443 	}
1444 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1445 	combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] *
1446 	    ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
1447 	msgmp = pfkeymp->b_cont;
1448 	samsg = (sadb_msg_t *)(msgmp->b_rptr);
1449 
1450 	/* Insert proposal here. */
1451 
1452 	prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
1453 	esp_insert_prop(prop, acqrec, combs);
1454 	samsg->sadb_msg_len += prop->sadb_prop_len;
1455 	msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
1456 
1457 	mutex_exit(&ipss->ipsec_alg_lock);
1458 
1459 	/*
1460 	 * Must mutex_exit() before sending PF_KEY message up, in
1461 	 * order to avoid recursive mutex_enter() if there are no registered
1462 	 * listeners.
1463 	 *
1464 	 * Once I've sent the message, I'm cool anyway.
1465 	 */
1466 	mutex_exit(&acqrec->ipsacq_lock);
1467 	if (extended != NULL) {
1468 		putnext(espstack->esp_pfkey_q, extended);
1469 	}
1470 	putnext(espstack->esp_pfkey_q, pfkeymp);
1471 }
1472 
1473 /*
1474  * Handle the SADB_GETSPI message.  Create a larval SA.
1475  */
1476 static void
1477 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
1478 {
1479 	ipsa_t *newbie, *target;
1480 	isaf_t *outbound, *inbound;
1481 	int rc, diagnostic;
1482 	sadb_sa_t *assoc;
1483 	keysock_out_t *kso;
1484 	uint32_t newspi;
1485 
1486 	/*
1487 	 * Randomly generate a proposed SPI value
1488 	 */
1489 	if (cl_inet_getspi != NULL) {
1490 		cl_inet_getspi(IPPROTO_ESP, (uint8_t *)&newspi,
1491 		    sizeof (uint32_t));
1492 	} else {
1493 		(void) random_get_pseudo_bytes((uint8_t *)&newspi,
1494 		    sizeof (uint32_t));
1495 	}
1496 	newbie = sadb_getspi(ksi, newspi, &diagnostic,
1497 	    espstack->ipsecesp_netstack, IPPROTO_ESP);
1498 
1499 	if (newbie == NULL) {
1500 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic,
1501 		    ksi->ks_in_serial);
1502 		return;
1503 	} else if (newbie == (ipsa_t *)-1) {
1504 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
1505 		    ksi->ks_in_serial);
1506 		return;
1507 	}
1508 
1509 	/*
1510 	 * XXX - We may randomly collide.  We really should recover from this.
1511 	 *	 Unfortunately, that could require spending way-too-much-time
1512 	 *	 in here.  For now, let the user retry.
1513 	 */
1514 
1515 	if (newbie->ipsa_addrfam == AF_INET6) {
1516 		outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6,
1517 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1518 		inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6,
1519 		    newbie->ipsa_spi);
1520 	} else {
1521 		ASSERT(newbie->ipsa_addrfam == AF_INET);
1522 		outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4,
1523 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1524 		inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4,
1525 		    newbie->ipsa_spi);
1526 	}
1527 
1528 	mutex_enter(&outbound->isaf_lock);
1529 	mutex_enter(&inbound->isaf_lock);
1530 
1531 	/*
1532 	 * Check for collisions (i.e. did sadb_getspi() return with something
1533 	 * that already exists?).
1534 	 *
1535 	 * Try outbound first.  Even though SADB_GETSPI is traditionally
1536 	 * for inbound SAs, you never know what a user might do.
1537 	 */
1538 	target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi,
1539 	    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam);
1540 	if (target == NULL) {
1541 		target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi,
1542 		    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr,
1543 		    newbie->ipsa_addrfam);
1544 	}
1545 
1546 	/*
1547 	 * I don't have collisions elsewhere!
1548 	 * (Nor will I because I'm still holding inbound/outbound locks.)
1549 	 */
1550 
1551 	if (target != NULL) {
1552 		rc = EEXIST;
1553 		IPSA_REFRELE(target);
1554 	} else {
1555 		/*
1556 		 * sadb_insertassoc() also checks for collisions, so
1557 		 * if there's a colliding entry, rc will be set
1558 		 * to EEXIST.
1559 		 */
1560 		rc = sadb_insertassoc(newbie, inbound);
1561 		newbie->ipsa_hardexpiretime = gethrestime_sec();
1562 		newbie->ipsa_hardexpiretime +=
1563 		    espstack->ipsecesp_larval_timeout;
1564 	}
1565 
1566 	/*
1567 	 * Can exit outbound mutex.  Hold inbound until we're done
1568 	 * with newbie.
1569 	 */
1570 	mutex_exit(&outbound->isaf_lock);
1571 
1572 	if (rc != 0) {
1573 		mutex_exit(&inbound->isaf_lock);
1574 		IPSA_REFRELE(newbie);
1575 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc,
1576 		    SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial);
1577 		return;
1578 	}
1579 
1580 
1581 	/* Can write here because I'm still holding the bucket lock. */
1582 	newbie->ipsa_type = SADB_SATYPE_ESP;
1583 
1584 	/*
1585 	 * Construct successful return message. We have one thing going
1586 	 * for us in PF_KEY v2.  That's the fact that
1587 	 *	sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1588 	 */
1589 	assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE];
1590 	assoc->sadb_sa_exttype = SADB_EXT_SA;
1591 	assoc->sadb_sa_spi = newbie->ipsa_spi;
1592 	*((uint64_t *)(&assoc->sadb_sa_replay)) = 0;
1593 	mutex_exit(&inbound->isaf_lock);
1594 
1595 	/* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1596 	kso = (keysock_out_t *)ksi;
1597 	kso->ks_out_len = sizeof (*kso);
1598 	kso->ks_out_serial = ksi->ks_in_serial;
1599 	kso->ks_out_type = KEYSOCK_OUT;
1600 
1601 	/*
1602 	 * Can safely putnext() to esp_pfkey_q, because this is a turnaround
1603 	 * from the esp_pfkey_q.
1604 	 */
1605 	putnext(espstack->esp_pfkey_q, mp);
1606 }
1607 
1608 /*
1609  * Insert the ESP header into a packet.  Duplicate an mblk, and insert a newly
1610  * allocated mblk with the ESP header in between the two.
1611  */
1612 static boolean_t
1613 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint,
1614     ipsecesp_stack_t *espstack)
1615 {
1616 	mblk_t *split_mp = mp;
1617 	uint_t wheretodiv = divpoint;
1618 
1619 	while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) {
1620 		wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr);
1621 		split_mp = split_mp->b_cont;
1622 		ASSERT(split_mp != NULL);
1623 	}
1624 
1625 	if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) {
1626 		mblk_t *scratch;
1627 
1628 		/* "scratch" is the 2nd half, split_mp is the first. */
1629 		scratch = dupb(split_mp);
1630 		if (scratch == NULL) {
1631 			esp1dbg(espstack,
1632 			    ("esp_insert_esp: can't allocate scratch.\n"));
1633 			return (B_FALSE);
1634 		}
1635 		/* NOTE:  dupb() doesn't set b_cont appropriately. */
1636 		scratch->b_cont = split_mp->b_cont;
1637 		scratch->b_rptr += wheretodiv;
1638 		split_mp->b_wptr = split_mp->b_rptr + wheretodiv;
1639 		split_mp->b_cont = scratch;
1640 	}
1641 	/*
1642 	 * At this point, split_mp is exactly "wheretodiv" bytes long, and
1643 	 * holds the end of the pre-ESP part of the datagram.
1644 	 */
1645 	esp_mp->b_cont = split_mp->b_cont;
1646 	split_mp->b_cont = esp_mp;
1647 
1648 	return (B_TRUE);
1649 }
1650 
1651 /*
1652  * Section 7 of RFC 3947 says:
1653  *
1654  * 7.  Recovering from the Expiring NAT Mappings
1655  *
1656  *    There are cases where NAT box decides to remove mappings that are still
1657  *    alive (for example, when the keepalive interval is too long, or when the
1658  *    NAT box is rebooted).  To recover from this, ends that are NOT behind
1659  *    NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from
1660  *    the other end to determine which IP and port addresses should be used.
1661  *    The host behind dynamic NAT MUST NOT do this, as otherwise it opens a
1662  *    DoS attack possibility because the IP address or port of the other host
1663  *    will not change (it is not behind NAT).
1664  *
1665  *    Keepalives cannot be used for these purposes, as they are not
1666  *    authenticated, but any IKE authenticated IKE packet or ESP packet can be
1667  *    used to detect whether the IP address or the port has changed.
1668  *
1669  * The following function will check an SA and its explicitly-set pair to see
1670  * if the NAT-T remote port matches the received packet (which must have
1671  * passed ESP authentication, see esp_in_done() for the caller context).  If
1672  * there is a mismatch, the SAs are updated.  It is not important if we race
1673  * with a transmitting thread, as if there is a transmitting thread, it will
1674  * merely emit a packet that will most-likely be dropped.
1675  *
1676  * "ports" are ordered src,dst, and assoc is an inbound SA, where src should
1677  * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port.
1678  */
1679 #ifdef _LITTLE_ENDIAN
1680 #define	FIRST_16(x) ((x) & 0xFFFF)
1681 #define	NEXT_16(x) (((x) >> 16) & 0xFFFF)
1682 #else
1683 #define	FIRST_16(x) (((x) >> 16) & 0xFFFF)
1684 #define	NEXT_16(x) ((x) & 0xFFFF)
1685 #endif
1686 static void
1687 esp_port_freshness(uint32_t ports, ipsa_t *assoc)
1688 {
1689 	uint16_t remote = FIRST_16(ports);
1690 	uint16_t local = NEXT_16(ports);
1691 	ipsa_t *outbound_peer;
1692 	isaf_t *bucket;
1693 	ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp;
1694 
1695 	/* We found a conn_t, therefore local != 0. */
1696 	ASSERT(local != 0);
1697 	/* Assume an IPv4 SA. */
1698 	ASSERT(assoc->ipsa_addrfam == AF_INET);
1699 
1700 	/*
1701 	 * On-the-wire rport == 0 means something's very wrong.
1702 	 * An unpaired SA is also useless to us.
1703 	 * If we are behind the NAT, don't bother.
1704 	 * A zero local NAT port defaults to 4500, so check that too.
1705 	 * And, of course, if the ports already match, we don't need to
1706 	 * bother.
1707 	 */
1708 	if (remote == 0 || assoc->ipsa_otherspi == 0 ||
1709 	    (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) ||
1710 	    (assoc->ipsa_remote_nat_port == 0 &&
1711 	    remote == htons(IPPORT_IKE_NATT)) ||
1712 	    remote == assoc->ipsa_remote_nat_port)
1713 		return;
1714 
1715 	/* Try and snag the peer.   NOTE:  Assume IPv4 for now. */
1716 	bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4),
1717 	    assoc->ipsa_srcaddr[0]);
1718 	mutex_enter(&bucket->isaf_lock);
1719 	outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi,
1720 	    assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET);
1721 	mutex_exit(&bucket->isaf_lock);
1722 
1723 	/* We probably lost a race to a deleting or expiring thread. */
1724 	if (outbound_peer == NULL)
1725 		return;
1726 
1727 	/*
1728 	 * Hold the mutexes for both SAs so we don't race another inbound
1729 	 * thread.  A lock-entry order shouldn't matter, since all other
1730 	 * per-ipsa locks are individually held-then-released.
1731 	 *
1732 	 * Luckily, this has nothing to do with the remote-NAT address,
1733 	 * so we don't have to re-scribble the cached-checksum differential.
1734 	 */
1735 	mutex_enter(&outbound_peer->ipsa_lock);
1736 	mutex_enter(&assoc->ipsa_lock);
1737 	outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port =
1738 	    remote;
1739 	mutex_exit(&assoc->ipsa_lock);
1740 	mutex_exit(&outbound_peer->ipsa_lock);
1741 	IPSA_REFRELE(outbound_peer);
1742 	ESP_BUMP_STAT(espstack, sa_port_renumbers);
1743 }
1744 /*
1745  * Finish processing of an inbound ESP packet after processing by the
1746  * crypto framework.
1747  * - Remove the ESP header.
1748  * - Send packet back to IP.
1749  * If authentication was performed on the packet, this function is called
1750  * only if the authentication succeeded.
1751  * On success returns B_TRUE, on failure returns B_FALSE and frees the
1752  * mblk chain ipsec_in_mp.
1753  */
1754 static ipsec_status_t
1755 esp_in_done(mblk_t *ipsec_in_mp)
1756 {
1757 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr;
1758 	mblk_t *data_mp;
1759 	ipsa_t *assoc;
1760 	uint_t espstart;
1761 	uint32_t ivlen = 0;
1762 	uint_t processed_len;
1763 	esph_t *esph;
1764 	kstat_named_t *counter;
1765 	boolean_t is_natt;
1766 	netstack_t	*ns = ii->ipsec_in_ns;
1767 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1768 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1769 
1770 	assoc = ii->ipsec_in_esp_sa;
1771 	ASSERT(assoc != NULL);
1772 
1773 	is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
1774 
1775 	/* get the pointer to the ESP header */
1776 	if (assoc->ipsa_encr_alg == SADB_EALG_NULL) {
1777 		/* authentication-only ESP */
1778 		espstart = ii->ipsec_in_crypto_data.cd_offset;
1779 		processed_len = ii->ipsec_in_crypto_data.cd_length;
1780 	} else {
1781 		/* encryption present */
1782 		ivlen = assoc->ipsa_iv_len;
1783 		if (assoc->ipsa_auth_alg == SADB_AALG_NONE) {
1784 			/* encryption-only ESP */
1785 			espstart = ii->ipsec_in_crypto_data.cd_offset -
1786 			    sizeof (esph_t) - assoc->ipsa_iv_len;
1787 			processed_len = ii->ipsec_in_crypto_data.cd_length +
1788 			    ivlen;
1789 		} else {
1790 			/* encryption with authentication */
1791 			espstart = ii->ipsec_in_crypto_dual_data.dd_offset1;
1792 			processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 +
1793 			    ivlen;
1794 		}
1795 	}
1796 
1797 	data_mp = ipsec_in_mp->b_cont;
1798 	esph = (esph_t *)(data_mp->b_rptr + espstart);
1799 
1800 	if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) {
1801 		/* authentication passed if we reach this point */
1802 		ESP_BUMP_STAT(espstack, good_auth);
1803 		data_mp->b_wptr -= assoc->ipsa_mac_len;
1804 
1805 		/*
1806 		 * Check replay window here!
1807 		 * For right now, assume keysock will set the replay window
1808 		 * size to zero for SAs that have an unspecified sender.
1809 		 * This may change...
1810 		 */
1811 
1812 		if (!sadb_replay_check(assoc, esph->esph_replay)) {
1813 			/*
1814 			 * Log the event. As of now we print out an event.
1815 			 * Do not print the replay failure number, or else
1816 			 * syslog cannot collate the error messages.  Printing
1817 			 * the replay number that failed opens a denial-of-
1818 			 * service attack.
1819 			 */
1820 			ipsec_assocfailure(info.mi_idnum, 0, 0,
1821 			    SL_ERROR | SL_WARN,
1822 			    "Replay failed for ESP spi 0x%x, dst %s.\n",
1823 			    assoc->ipsa_spi, assoc->ipsa_dstaddr,
1824 			    assoc->ipsa_addrfam, espstack->ipsecesp_netstack);
1825 			ESP_BUMP_STAT(espstack, replay_failures);
1826 			counter = DROPPER(ipss, ipds_esp_replay);
1827 			goto drop_and_bail;
1828 		}
1829 
1830 		if (is_natt)
1831 			esp_port_freshness(ii->ipsec_in_esp_udp_ports, assoc);
1832 	}
1833 
1834 	esp_set_usetime(assoc, B_TRUE);
1835 
1836 	if (!esp_age_bytes(assoc, processed_len, B_TRUE)) {
1837 		/* The ipsa has hit hard expiration, LOG and AUDIT. */
1838 		ipsec_assocfailure(info.mi_idnum, 0, 0,
1839 		    SL_ERROR | SL_WARN,
1840 		    "ESP association 0x%x, dst %s had bytes expire.\n",
1841 		    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1842 		    espstack->ipsecesp_netstack);
1843 		ESP_BUMP_STAT(espstack, bytes_expired);
1844 		counter = DROPPER(ipss, ipds_esp_bytes_expire);
1845 		goto drop_and_bail;
1846 	}
1847 
1848 	/*
1849 	 * Remove ESP header and padding from packet.  I hope the compiler
1850 	 * spews "branch, predict taken" code for this.
1851 	 */
1852 
1853 	if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter,
1854 	    espstack)) {
1855 		if (is_natt)
1856 			return (esp_fix_natt_checksums(data_mp, assoc));
1857 		return (IPSEC_STATUS_SUCCESS);
1858 	}
1859 
1860 	esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n"));
1861 drop_and_bail:
1862 	IP_ESP_BUMP_STAT(ipss, in_discards);
1863 	/*
1864 	 * TODO: Extract inbound interface from the IPSEC_IN message's
1865 	 * ii->ipsec_in_rill_index.
1866 	 */
1867 	ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter,
1868 	    &espstack->esp_dropper);
1869 	return (IPSEC_STATUS_FAILED);
1870 }
1871 
1872 /*
1873  * Called upon failing the inbound ICV check. The message passed as
1874  * argument is freed.
1875  */
1876 static void
1877 esp_log_bad_auth(mblk_t *ipsec_in)
1878 {
1879 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr;
1880 	ipsa_t *assoc = ii->ipsec_in_esp_sa;
1881 	netstack_t	*ns = ii->ipsec_in_ns;
1882 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1883 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1884 
1885 	/*
1886 	 * Log the event. Don't print to the console, block
1887 	 * potential denial-of-service attack.
1888 	 */
1889 	ESP_BUMP_STAT(espstack, bad_auth);
1890 
1891 	ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
1892 	    "ESP Authentication failed for spi 0x%x, dst %s.\n",
1893 	    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1894 	    espstack->ipsecesp_netstack);
1895 
1896 	IP_ESP_BUMP_STAT(ipss, in_discards);
1897 	/*
1898 	 * TODO: Extract inbound interface from the IPSEC_IN
1899 	 * message's ii->ipsec_in_rill_index.
1900 	 */
1901 	ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL,
1902 	    DROPPER(ipss, ipds_esp_bad_auth),
1903 	    &espstack->esp_dropper);
1904 }
1905 
1906 
1907 /*
1908  * Invoked for outbound packets after ESP processing. If the packet
1909  * also requires AH, performs the AH SA selection and AH processing.
1910  * Returns B_TRUE if the AH processing was not needed or if it was
1911  * performed successfully. Returns B_FALSE and consumes the passed mblk
1912  * if AH processing was required but could not be performed.
1913  */
1914 static boolean_t
1915 esp_do_outbound_ah(mblk_t *ipsec_mp)
1916 {
1917 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
1918 	ipsec_status_t ipsec_rc;
1919 	ipsec_action_t *ap;
1920 
1921 	ap = io->ipsec_out_act;
1922 	if (ap == NULL) {
1923 		ipsec_policy_t *pp = io->ipsec_out_policy;
1924 		ap = pp->ipsp_act;
1925 	}
1926 
1927 	if (!ap->ipa_want_ah)
1928 		return (B_TRUE);
1929 
1930 	ASSERT(io->ipsec_out_ah_done == B_FALSE);
1931 
1932 	if (io->ipsec_out_ah_sa == NULL) {
1933 		if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) {
1934 			sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE);
1935 			return (B_FALSE);
1936 		}
1937 	}
1938 	ASSERT(io->ipsec_out_ah_sa != NULL);
1939 
1940 	io->ipsec_out_ah_done = B_TRUE;
1941 	ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp);
1942 	return (ipsec_rc == IPSEC_STATUS_SUCCESS);
1943 }
1944 
1945 
1946 /*
1947  * Kernel crypto framework callback invoked after completion of async
1948  * crypto requests.
1949  */
1950 static void
1951 esp_kcf_callback(void *arg, int status)
1952 {
1953 	mblk_t *ipsec_mp = (mblk_t *)arg;
1954 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
1955 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
1956 	boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN);
1957 	netstackid_t	stackid;
1958 	netstack_t	*ns, *ns_arg;
1959 	ipsecesp_stack_t *espstack;
1960 	ipsec_stack_t	*ipss;
1961 
1962 	ASSERT(ipsec_mp->b_cont != NULL);
1963 
1964 	if (is_inbound) {
1965 		stackid = ii->ipsec_in_stackid;
1966 		ns_arg = ii->ipsec_in_ns;
1967 	} else {
1968 		stackid = io->ipsec_out_stackid;
1969 		ns_arg = io->ipsec_out_ns;
1970 	}
1971 
1972 	/*
1973 	 * Verify that the netstack is still around; could have vanished
1974 	 * while kEf was doing its work.
1975 	 */
1976 	ns = netstack_find_by_stackid(stackid);
1977 	if (ns == NULL || ns != ns_arg) {
1978 		/* Disappeared on us */
1979 		if (ns != NULL)
1980 			netstack_rele(ns);
1981 		freemsg(ipsec_mp);
1982 		return;
1983 	}
1984 
1985 	espstack = ns->netstack_ipsecesp;
1986 	ipss = ns->netstack_ipsec;
1987 
1988 	if (status == CRYPTO_SUCCESS) {
1989 		if (is_inbound) {
1990 			if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) {
1991 				netstack_rele(ns);
1992 				return;
1993 			}
1994 			/* finish IPsec processing */
1995 			ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL);
1996 		} else {
1997 			/*
1998 			 * If a ICV was computed, it was stored by the
1999 			 * crypto framework at the end of the packet.
2000 			 */
2001 			ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr;
2002 
2003 			esp_set_usetime(io->ipsec_out_esp_sa, B_FALSE);
2004 			/* NAT-T packet. */
2005 			if (ipha->ipha_protocol == IPPROTO_UDP)
2006 				esp_prepare_udp(ns, ipsec_mp->b_cont, ipha);
2007 
2008 			/* do AH processing if needed */
2009 			if (!esp_do_outbound_ah(ipsec_mp)) {
2010 				netstack_rele(ns);
2011 				return;
2012 			}
2013 			/* finish IPsec processing */
2014 			if (IPH_HDR_VERSION(ipha) == IP_VERSION) {
2015 				ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL,
2016 				    NULL);
2017 			} else {
2018 				ip6_t *ip6h = (ip6_t *)ipha;
2019 				ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h,
2020 				    NULL, NULL);
2021 			}
2022 		}
2023 
2024 	} else if (status == CRYPTO_INVALID_MAC) {
2025 		esp_log_bad_auth(ipsec_mp);
2026 
2027 	} else {
2028 		esp1dbg(espstack,
2029 		    ("esp_kcf_callback: crypto failed with 0x%x\n",
2030 		    status));
2031 		ESP_BUMP_STAT(espstack, crypto_failures);
2032 		if (is_inbound)
2033 			IP_ESP_BUMP_STAT(ipss, in_discards);
2034 		else
2035 			ESP_BUMP_STAT(espstack, out_discards);
2036 		ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL,
2037 		    DROPPER(ipss, ipds_esp_crypto_failed),
2038 		    &espstack->esp_dropper);
2039 	}
2040 	netstack_rele(ns);
2041 }
2042 
2043 /*
2044  * Invoked on crypto framework failure during inbound and outbound processing.
2045  */
2046 static void
2047 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc,
2048     ipsecesp_stack_t *espstack)
2049 {
2050 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2051 
2052 	esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n",
2053 	    is_inbound ? "inbound" : "outbound", kef_rc));
2054 	ip_drop_packet(mp, is_inbound, NULL, NULL,
2055 	    DROPPER(ipss, ipds_esp_crypto_failed),
2056 	    &espstack->esp_dropper);
2057 	ESP_BUMP_STAT(espstack, crypto_failures);
2058 	if (is_inbound)
2059 		IP_ESP_BUMP_STAT(ipss, in_discards);
2060 	else
2061 		ESP_BUMP_STAT(espstack, out_discards);
2062 }
2063 
2064 #define	ESP_INIT_CALLREQ(_cr) {						\
2065 	(_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED;		\
2066 	(_cr)->cr_callback_arg = ipsec_mp;				\
2067 	(_cr)->cr_callback_func = esp_kcf_callback;			\
2068 }
2069 
2070 #define	ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) {			\
2071 	(mac)->cd_format = CRYPTO_DATA_RAW;				\
2072 	(mac)->cd_offset = 0;						\
2073 	(mac)->cd_length = icvlen;					\
2074 	(mac)->cd_raw.iov_base = (char *)icvbuf;			\
2075 	(mac)->cd_raw.iov_len = icvlen;					\
2076 }
2077 
2078 #define	ESP_INIT_CRYPTO_DATA(data, mp, off, len) {			\
2079 	if (MBLKL(mp) >= (len) + (off)) {				\
2080 		(data)->cd_format = CRYPTO_DATA_RAW;			\
2081 		(data)->cd_raw.iov_base = (char *)(mp)->b_rptr;		\
2082 		(data)->cd_raw.iov_len = MBLKL(mp);			\
2083 		(data)->cd_offset = off;				\
2084 	} else {							\
2085 		(data)->cd_format = CRYPTO_DATA_MBLK;			\
2086 		(data)->cd_mp = mp;			       		\
2087 		(data)->cd_offset = off;				\
2088 	}								\
2089 	(data)->cd_length = len;					\
2090 }
2091 
2092 #define	ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) {	\
2093 	(data)->dd_format = CRYPTO_DATA_MBLK;				\
2094 	(data)->dd_mp = mp;						\
2095 	(data)->dd_len1 = len1;						\
2096 	(data)->dd_offset1 = off1;					\
2097 	(data)->dd_len2 = len2;						\
2098 	(data)->dd_offset2 = off2;					\
2099 }
2100 
2101 static ipsec_status_t
2102 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
2103 {
2104 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
2105 	boolean_t do_auth;
2106 	uint_t auth_offset, msg_len, auth_len;
2107 	crypto_call_req_t call_req;
2108 	mblk_t *esp_mp;
2109 	int kef_rc = CRYPTO_FAILED;
2110 	uint_t icv_len = assoc->ipsa_mac_len;
2111 	crypto_ctx_template_t auth_ctx_tmpl;
2112 	boolean_t do_encr;
2113 	uint_t encr_offset, encr_len;
2114 	uint_t iv_len = assoc->ipsa_iv_len;
2115 	crypto_ctx_template_t encr_ctx_tmpl;
2116 	netstack_t	*ns = ii->ipsec_in_ns;
2117 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2118 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
2119 
2120 	ASSERT(ii->ipsec_in_type == IPSEC_IN);
2121 
2122 	/*
2123 	 * In case kEF queues and calls back, keep netstackid_t for
2124 	 * verification that the IP instance is still around in
2125 	 * esp_kcf_callback().
2126 	 */
2127 	ii->ipsec_in_stackid = ns->netstack_stackid;
2128 
2129 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2130 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2131 
2132 	/*
2133 	 * An inbound packet is of the form:
2134 	 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad]
2135 	 */
2136 	esp_mp = ipsec_mp->b_cont;
2137 	msg_len = MBLKL(esp_mp);
2138 
2139 	ESP_INIT_CALLREQ(&call_req);
2140 
2141 	if (do_auth) {
2142 		/* force asynchronous processing? */
2143 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] ==
2144 		    IPSEC_ALGS_EXEC_ASYNC)
2145 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2146 
2147 		/* authentication context template */
2148 		IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2149 		    auth_ctx_tmpl);
2150 
2151 		/* ICV to be verified */
2152 		ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac,
2153 		    icv_len, esp_mp->b_wptr - icv_len);
2154 
2155 		/* authentication starts at the ESP header */
2156 		auth_offset = esph_offset;
2157 		auth_len = msg_len - auth_offset - icv_len;
2158 		if (!do_encr) {
2159 			/* authentication only */
2160 			/* initialize input data argument */
2161 			ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data,
2162 			    esp_mp, auth_offset, auth_len);
2163 
2164 			/* call the crypto framework */
2165 			kef_rc = crypto_mac_verify(&assoc->ipsa_amech,
2166 			    &ii->ipsec_in_crypto_data,
2167 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2168 			    &ii->ipsec_in_crypto_mac, &call_req);
2169 		}
2170 	}
2171 
2172 	if (do_encr) {
2173 		/* force asynchronous processing? */
2174 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
2175 		    IPSEC_ALGS_EXEC_ASYNC)
2176 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2177 
2178 		/* encryption template */
2179 		IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2180 		    encr_ctx_tmpl);
2181 
2182 		/* skip IV, since it is passed separately */
2183 		encr_offset = esph_offset + sizeof (esph_t) + iv_len;
2184 		encr_len = msg_len - encr_offset;
2185 
2186 		if (!do_auth) {
2187 			/* decryption only */
2188 			/* initialize input data argument */
2189 			ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data,
2190 			    esp_mp, encr_offset, encr_len);
2191 
2192 			/* specify IV */
2193 			ii->ipsec_in_crypto_data.cd_miscdata =
2194 			    (char *)esp_mp->b_rptr + sizeof (esph_t) +
2195 			    esph_offset;
2196 
2197 			/* call the crypto framework */
2198 			kef_rc = crypto_decrypt(&assoc->ipsa_emech,
2199 			    &ii->ipsec_in_crypto_data,
2200 			    &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2201 			    NULL, &call_req);
2202 		}
2203 	}
2204 
2205 	if (do_auth && do_encr) {
2206 		/* dual operation */
2207 		/* initialize input data argument */
2208 		ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data,
2209 		    esp_mp, auth_offset, auth_len,
2210 		    encr_offset, encr_len - icv_len);
2211 
2212 		/* specify IV */
2213 		ii->ipsec_in_crypto_dual_data.dd_miscdata =
2214 		    (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset;
2215 
2216 		/* call the framework */
2217 		kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech,
2218 		    &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data,
2219 		    &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey,
2220 		    auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac,
2221 		    NULL, &call_req);
2222 	}
2223 
2224 	switch (kef_rc) {
2225 	case CRYPTO_SUCCESS:
2226 		ESP_BUMP_STAT(espstack, crypto_sync);
2227 		return (esp_in_done(ipsec_mp));
2228 	case CRYPTO_QUEUED:
2229 		/* esp_kcf_callback() will be invoked on completion */
2230 		ESP_BUMP_STAT(espstack, crypto_async);
2231 		return (IPSEC_STATUS_PENDING);
2232 	case CRYPTO_INVALID_MAC:
2233 		ESP_BUMP_STAT(espstack, crypto_sync);
2234 		esp_log_bad_auth(ipsec_mp);
2235 		return (IPSEC_STATUS_FAILED);
2236 	}
2237 
2238 	esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack);
2239 	return (IPSEC_STATUS_FAILED);
2240 }
2241 
2242 /*
2243  * Compute the IP and UDP checksums -- common code for both keepalives and
2244  * actual ESP-in-UDP packets.  Be flexible with multiple mblks because ESP
2245  * uses mblk-insertion to insert the UDP header.
2246  * TODO - If there is an easy way to prep a packet for HW checksums, make
2247  * it happen here.
2248  */
2249 static void
2250 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha)
2251 {
2252 	int offset;
2253 	uint32_t cksum;
2254 	uint16_t *arr;
2255 	mblk_t *udpmp = mp;
2256 	uint_t hlen = IPH_HDR_LENGTH(ipha);
2257 
2258 	ASSERT(MBLKL(mp) >= sizeof (ipha_t));
2259 
2260 	ipha->ipha_hdr_checksum = 0;
2261 	ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
2262 
2263 	if (ns->netstack_udp->us_do_checksum) {
2264 		ASSERT(MBLKL(udpmp) >= sizeof (udpha_t));
2265 		/* arr points to the IP header. */
2266 		arr = (uint16_t *)ipha;
2267 		IP_STAT(ns->netstack_ip, ip_out_sw_cksum);
2268 		IP_STAT_UPDATE(ns->netstack_ip, ip_udp_out_sw_cksum_bytes,
2269 		    ntohs(htons(ipha->ipha_length) - hlen));
2270 		/* arr[6-9] are the IP addresses. */
2271 		cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] +
2272 		    ntohs(htons(ipha->ipha_length) - hlen);
2273 		cksum = IP_CSUM(mp, hlen, cksum);
2274 		offset = hlen + UDP_CHECKSUM_OFFSET;
2275 		while (offset >= MBLKL(udpmp)) {
2276 			offset -= MBLKL(udpmp);
2277 			udpmp = udpmp->b_cont;
2278 		}
2279 		/* arr points to the UDP header's checksum field. */
2280 		arr = (uint16_t *)(udpmp->b_rptr + offset);
2281 		*arr = cksum;
2282 	}
2283 }
2284 
2285 /*
2286  * Send a one-byte UDP NAT-T keepalive.  Construct an IPSEC_OUT too that'll
2287  * get fed into esp_send_udp/ip_wput_ipsec_out.
2288  */
2289 void
2290 ipsecesp_send_keepalive(ipsa_t *assoc)
2291 {
2292 	mblk_t *mp = NULL, *ipsec_mp = NULL;
2293 	ipha_t *ipha;
2294 	udpha_t *udpha;
2295 	ipsec_out_t *io;
2296 
2297 	ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock));
2298 
2299 	mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI);
2300 	if (mp == NULL)
2301 		return;
2302 	ipha = (ipha_t *)mp->b_rptr;
2303 	ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION;
2304 	ipha->ipha_type_of_service = 0;
2305 	ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1);
2306 	/* Use the low-16 of the SPI so we have some clue where it came from. */
2307 	ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1);
2308 	ipha->ipha_fragment_offset_and_flags = 0;  /* Too small to fragment! */
2309 	ipha->ipha_ttl = 0xFF;
2310 	ipha->ipha_protocol = IPPROTO_UDP;
2311 	ipha->ipha_hdr_checksum = 0;
2312 	ipha->ipha_src = assoc->ipsa_srcaddr[0];
2313 	ipha->ipha_dst = assoc->ipsa_dstaddr[0];
2314 	udpha = (udpha_t *)(ipha + 1);
2315 	udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2316 	    assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2317 	udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2318 	    assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
2319 	udpha->uha_length = htons(sizeof (udpha_t) + 1);
2320 	udpha->uha_checksum = 0;
2321 	mp->b_wptr = (uint8_t *)(udpha + 1);
2322 	*(mp->b_wptr++) = 0xFF;
2323 
2324 	ipsec_mp = ipsec_alloc_ipsec_out(assoc->ipsa_netstack);
2325 	if (ipsec_mp == NULL) {
2326 		freeb(mp);
2327 		return;
2328 	}
2329 	ipsec_mp->b_cont = mp;
2330 	io = (ipsec_out_t *)ipsec_mp->b_rptr;
2331 	io->ipsec_out_zoneid =
2332 	    netstackid_to_zoneid(assoc->ipsa_netstack->netstack_stackid);
2333 
2334 	esp_prepare_udp(assoc->ipsa_netstack, mp, ipha);
2335 	ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, NULL);
2336 }
2337 
2338 static ipsec_status_t
2339 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
2340     uint_t payload_len)
2341 {
2342 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
2343 	uint_t auth_len;
2344 	crypto_call_req_t call_req;
2345 	mblk_t *esp_mp;
2346 	int kef_rc = CRYPTO_FAILED;
2347 	uint_t icv_len = assoc->ipsa_mac_len;
2348 	crypto_ctx_template_t auth_ctx_tmpl;
2349 	boolean_t do_auth;
2350 	boolean_t do_encr;
2351 	uint_t iv_len = assoc->ipsa_iv_len;
2352 	crypto_ctx_template_t encr_ctx_tmpl;
2353 	boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
2354 	size_t esph_offset = (is_natt ? UDPH_SIZE : 0);
2355 	netstack_t	*ns = io->ipsec_out_ns;
2356 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2357 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
2358 
2359 	esp3dbg(espstack, ("esp_submit_req_outbound:%s",
2360 	    is_natt ? "natt" : "not natt"));
2361 
2362 	ASSERT(io->ipsec_out_type == IPSEC_OUT);
2363 
2364 	/*
2365 	 * In case kEF queues and calls back, keep netstackid_t for
2366 	 * verification that the IP instance is still around in
2367 	 * esp_kcf_callback().
2368 	 */
2369 	io->ipsec_out_stackid = ns->netstack_stackid;
2370 
2371 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2372 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2373 
2374 	/*
2375 	 * Outbound IPsec packets are of the form:
2376 	 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
2377 	 * unless it's NATT, then it's
2378 	 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
2379 	 * Get a pointer to the mblk containing the ESP header.
2380 	 */
2381 	ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL);
2382 	esp_mp = ipsec_mp->b_cont->b_cont;
2383 
2384 	ESP_INIT_CALLREQ(&call_req);
2385 
2386 	if (do_auth) {
2387 		/* force asynchronous processing? */
2388 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] ==
2389 		    IPSEC_ALGS_EXEC_ASYNC)
2390 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2391 
2392 		/* authentication context template */
2393 		IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2394 		    auth_ctx_tmpl);
2395 
2396 		/* where to store the computed mac */
2397 		ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac,
2398 		    icv_len, icv_buf);
2399 
2400 		/* authentication starts at the ESP header */
2401 		auth_len = payload_len + iv_len + sizeof (esph_t);
2402 		if (!do_encr) {
2403 			/* authentication only */
2404 			/* initialize input data argument */
2405 			ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data,
2406 			    esp_mp, esph_offset, auth_len);
2407 
2408 			/* call the crypto framework */
2409 			kef_rc = crypto_mac(&assoc->ipsa_amech,
2410 			    &io->ipsec_out_crypto_data,
2411 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2412 			    &io->ipsec_out_crypto_mac, &call_req);
2413 		}
2414 	}
2415 
2416 	if (do_encr) {
2417 		/* force asynchronous processing? */
2418 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
2419 		    IPSEC_ALGS_EXEC_ASYNC)
2420 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2421 
2422 		/* encryption context template */
2423 		IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2424 		    encr_ctx_tmpl);
2425 
2426 		if (!do_auth) {
2427 			/* encryption only, skip mblk that contains ESP hdr */
2428 			/* initialize input data argument */
2429 			ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data,
2430 			    esp_mp->b_cont, 0, payload_len);
2431 
2432 			/* specify IV */
2433 			io->ipsec_out_crypto_data.cd_miscdata =
2434 			    (char *)esp_mp->b_rptr + sizeof (esph_t) +
2435 			    esph_offset;
2436 
2437 			/* call the crypto framework */
2438 			kef_rc = crypto_encrypt(&assoc->ipsa_emech,
2439 			    &io->ipsec_out_crypto_data,
2440 			    &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2441 			    NULL, &call_req);
2442 		}
2443 	}
2444 
2445 	if (do_auth && do_encr) {
2446 		/*
2447 		 * Encryption and authentication:
2448 		 * Pass the pointer to the mblk chain starting at the ESP
2449 		 * header to the framework. Skip the ESP header mblk
2450 		 * for encryption, which is reflected by an encryption
2451 		 * offset equal to the length of that mblk. Start
2452 		 * the authentication at the ESP header, i.e. use an
2453 		 * authentication offset of zero.
2454 		 */
2455 		ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data,
2456 		    esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len);
2457 
2458 		/* specify IV */
2459 		io->ipsec_out_crypto_dual_data.dd_miscdata =
2460 		    (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset;
2461 
2462 		/* call the framework */
2463 		kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech,
2464 		    &assoc->ipsa_amech, NULL,
2465 		    &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey,
2466 		    encr_ctx_tmpl, auth_ctx_tmpl,
2467 		    &io->ipsec_out_crypto_dual_data,
2468 		    &io->ipsec_out_crypto_mac, &call_req);
2469 	}
2470 
2471 	switch (kef_rc) {
2472 	case CRYPTO_SUCCESS:
2473 		ESP_BUMP_STAT(espstack, crypto_sync);
2474 		esp_set_usetime(assoc, B_FALSE);
2475 		if (is_natt)
2476 			esp_prepare_udp(ns, ipsec_mp->b_cont,
2477 			    (ipha_t *)ipsec_mp->b_cont->b_rptr);
2478 		return (IPSEC_STATUS_SUCCESS);
2479 	case CRYPTO_QUEUED:
2480 		/* esp_kcf_callback() will be invoked on completion */
2481 		ESP_BUMP_STAT(espstack, crypto_async);
2482 		return (IPSEC_STATUS_PENDING);
2483 	}
2484 
2485 	esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack);
2486 	return (IPSEC_STATUS_FAILED);
2487 }
2488 
2489 /*
2490  * Handle outbound IPsec processing for IPv4 and IPv6
2491  * On success returns B_TRUE, on failure returns B_FALSE and frees the
2492  * mblk chain ipsec_in_mp.
2493  */
2494 static ipsec_status_t
2495 esp_outbound(mblk_t *mp)
2496 {
2497 	mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp;
2498 	ipsec_out_t *io;
2499 	ipha_t *ipha;
2500 	ip6_t *ip6h;
2501 	esph_t *esph;
2502 	uint_t af;
2503 	uint8_t *nhp;
2504 	uintptr_t divpoint, datalen, adj, padlen, i, alloclen;
2505 	uintptr_t esplen = sizeof (esph_t);
2506 	uint8_t protocol;
2507 	ipsa_t *assoc;
2508 	uint_t iv_len, mac_len = 0;
2509 	uchar_t *icv_buf;
2510 	udpha_t *udpha;
2511 	boolean_t is_natt = B_FALSE;
2512 	netstack_t	*ns;
2513 	ipsecesp_stack_t *espstack;
2514 	ipsec_stack_t	*ipss;
2515 
2516 	ipsec_out_mp = mp;
2517 	data_mp = ipsec_out_mp->b_cont;
2518 
2519 	io = (ipsec_out_t *)ipsec_out_mp->b_rptr;
2520 	ns = io->ipsec_out_ns;
2521 	espstack = ns->netstack_ipsecesp;
2522 	ipss = ns->netstack_ipsec;
2523 
2524 	ESP_BUMP_STAT(espstack, out_requests);
2525 
2526 	/*
2527 	 * <sigh> We have to copy the message here, because TCP (for example)
2528 	 * keeps a dupb() of the message lying around for retransmission.
2529 	 * Since ESP changes the whole of the datagram, we have to create our
2530 	 * own copy lest we clobber TCP's data.  Since we have to copy anyway,
2531 	 * we might as well make use of msgpullup() and get the mblk into one
2532 	 * contiguous piece!
2533 	 */
2534 	ipsec_out_mp->b_cont = msgpullup(data_mp, -1);
2535 	if (ipsec_out_mp->b_cont == NULL) {
2536 		esp0dbg(("esp_outbound: msgpullup() failed, "
2537 		    "dropping packet.\n"));
2538 		ipsec_out_mp->b_cont = data_mp;
2539 		/*
2540 		 * TODO:  Find the outbound IRE for this packet and
2541 		 * pass it to ip_drop_packet().
2542 		 */
2543 		ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL,
2544 		    DROPPER(ipss, ipds_esp_nomem),
2545 		    &espstack->esp_dropper);
2546 		return (IPSEC_STATUS_FAILED);
2547 	} else {
2548 		freemsg(data_mp);
2549 		data_mp = ipsec_out_mp->b_cont;
2550 	}
2551 
2552 	/*
2553 	 * Reality check....
2554 	 */
2555 
2556 	ipha = (ipha_t *)data_mp->b_rptr;  /* So we can call esp_acquire(). */
2557 
2558 	if (io->ipsec_out_v4) {
2559 		af = AF_INET;
2560 		divpoint = IPH_HDR_LENGTH(ipha);
2561 		datalen = ntohs(ipha->ipha_length) - divpoint;
2562 		nhp = (uint8_t *)&ipha->ipha_protocol;
2563 	} else {
2564 		ip6_pkt_t ipp;
2565 
2566 		af = AF_INET6;
2567 		ip6h = (ip6_t *)ipha;
2568 		bzero(&ipp, sizeof (ipp));
2569 		divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL);
2570 		if (ipp.ipp_dstopts != NULL &&
2571 		    ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) {
2572 			/*
2573 			 * Destination options are tricky.  If we get in here,
2574 			 * then we have a terminal header following the
2575 			 * destination options.  We need to adjust backwards
2576 			 * so we insert ESP BEFORE the destination options
2577 			 * bag.  (So that the dstopts get encrypted!)
2578 			 *
2579 			 * Since this is for outbound packets only, we know
2580 			 * that non-terminal destination options only precede
2581 			 * routing headers.
2582 			 */
2583 			divpoint -= ipp.ipp_dstoptslen;
2584 		}
2585 		datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint;
2586 
2587 		if (ipp.ipp_rthdr != NULL) {
2588 			nhp = &ipp.ipp_rthdr->ip6r_nxt;
2589 		} else if (ipp.ipp_hopopts != NULL) {
2590 			nhp = &ipp.ipp_hopopts->ip6h_nxt;
2591 		} else {
2592 			ASSERT(divpoint == sizeof (ip6_t));
2593 			/* It's probably IP + ESP. */
2594 			nhp = &ip6h->ip6_nxt;
2595 		}
2596 	}
2597 	assoc = io->ipsec_out_esp_sa;
2598 	ASSERT(assoc != NULL);
2599 
2600 	if (assoc->ipsa_auth_alg != SADB_AALG_NONE)
2601 		mac_len = assoc->ipsa_mac_len;
2602 
2603 	if (assoc->ipsa_flags & IPSA_F_NATT) {
2604 		/* wedge in fake UDP */
2605 		is_natt = B_TRUE;
2606 		esplen += UDPH_SIZE;
2607 	}
2608 
2609 	/*
2610 	 * Set up ESP header and encryption padding for ENCR PI request.
2611 	 */
2612 
2613 	/* Determine the padding length.  Pad to 4-bytes for no-encryption. */
2614 	if (assoc->ipsa_encr_alg != SADB_EALG_NULL) {
2615 		iv_len = assoc->ipsa_iv_len;
2616 
2617 		/*
2618 		 * Include the two additional bytes (hence the - 2) for the
2619 		 * padding length and the next header.  Take this into account
2620 		 * when calculating the actual length of the padding.
2621 		 */
2622 		ASSERT(ISP2(iv_len));
2623 		padlen = ((unsigned)(iv_len - datalen - 2)) & (iv_len - 1);
2624 	} else {
2625 		iv_len = 0;
2626 		padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) &
2627 		    (sizeof (uint32_t) - 1);
2628 	}
2629 
2630 	/* Allocate ESP header and IV. */
2631 	esplen += iv_len;
2632 
2633 	/*
2634 	 * Update association byte-count lifetimes.  Don't forget to take
2635 	 * into account the padding length and next-header (hence the + 2).
2636 	 *
2637 	 * Use the amount of data fed into the "encryption algorithm".  This
2638 	 * is the IV, the data length, the padding length, and the final two
2639 	 * bytes (padlen, and next-header).
2640 	 *
2641 	 */
2642 
2643 	if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) {
2644 		/*
2645 		 * TODO:  Find the outbound IRE for this packet and
2646 		 * pass it to ip_drop_packet().
2647 		 */
2648 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2649 		    DROPPER(ipss, ipds_esp_bytes_expire),
2650 		    &espstack->esp_dropper);
2651 		return (IPSEC_STATUS_FAILED);
2652 	}
2653 
2654 	espmp = allocb(esplen, BPRI_HI);
2655 	if (espmp == NULL) {
2656 		ESP_BUMP_STAT(espstack, out_discards);
2657 		esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n"));
2658 		/*
2659 		 * TODO:  Find the outbound IRE for this packet and
2660 		 * pass it to ip_drop_packet().
2661 		 */
2662 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2663 		    DROPPER(ipss, ipds_esp_nomem),
2664 		    &espstack->esp_dropper);
2665 		return (IPSEC_STATUS_FAILED);
2666 	}
2667 	espmp->b_wptr += esplen;
2668 	esph = (esph_t *)espmp->b_rptr;
2669 
2670 	if (is_natt) {
2671 		esp3dbg(espstack, ("esp_outbound: NATT"));
2672 
2673 		udpha = (udpha_t *)espmp->b_rptr;
2674 		udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2675 		    assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2676 		udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2677 		    assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
2678 		/*
2679 		 * Set the checksum to 0, so that the esp_prepare_udp() call
2680 		 * can do the right thing.
2681 		 */
2682 		udpha->uha_checksum = 0;
2683 		esph = (esph_t *)(udpha + 1);
2684 	}
2685 
2686 	esph->esph_spi = assoc->ipsa_spi;
2687 
2688 	esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1));
2689 	if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2690 		/*
2691 		 * XXX We have replay counter wrapping.
2692 		 * We probably want to nuke this SA (and its peer).
2693 		 */
2694 		ipsec_assocfailure(info.mi_idnum, 0, 0,
2695 		    SL_ERROR | SL_CONSOLE | SL_WARN,
2696 		    "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n",
2697 		    esph->esph_spi, assoc->ipsa_dstaddr, af,
2698 		    espstack->ipsecesp_netstack);
2699 
2700 		ESP_BUMP_STAT(espstack, out_discards);
2701 		sadb_replay_delete(assoc);
2702 		/*
2703 		 * TODO:  Find the outbound IRE for this packet and
2704 		 * pass it to ip_drop_packet().
2705 		 */
2706 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2707 		    DROPPER(ipss, ipds_esp_replay),
2708 		    &espstack->esp_dropper);
2709 		return (IPSEC_STATUS_FAILED);
2710 	}
2711 
2712 	/*
2713 	 * Set the IV to a random quantity.  We do not require the
2714 	 * highest quality random bits, but for best security with CBC
2715 	 * mode ciphers, the value must be unlikely to repeat and also
2716 	 * must not be known in advance to an adversary capable of
2717 	 * influencing the plaintext.
2718 	 */
2719 	(void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len);
2720 
2721 	/* Fix the IP header. */
2722 	alloclen = padlen + 2 + mac_len;
2723 	adj = alloclen + (espmp->b_wptr - espmp->b_rptr);
2724 
2725 	protocol = *nhp;
2726 
2727 	if (io->ipsec_out_v4) {
2728 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj);
2729 		if (is_natt) {
2730 			*nhp = IPPROTO_UDP;
2731 			udpha->uha_length = htons(ntohs(ipha->ipha_length) -
2732 			    IPH_HDR_LENGTH(ipha));
2733 		} else {
2734 			*nhp = IPPROTO_ESP;
2735 		}
2736 		ipha->ipha_hdr_checksum = 0;
2737 		ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
2738 	} else {
2739 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj);
2740 		*nhp = IPPROTO_ESP;
2741 	}
2742 
2743 	/* I've got the two ESP mblks, now insert them. */
2744 
2745 	esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n"));
2746 	esp2dbg(espstack, (dump_msg(data_mp)));
2747 
2748 	if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) {
2749 		ESP_BUMP_STAT(espstack, out_discards);
2750 		/* NOTE:  esp_insert_esp() only fails if there's no memory. */
2751 		/*
2752 		 * TODO:  Find the outbound IRE for this packet and
2753 		 * pass it to ip_drop_packet().
2754 		 */
2755 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2756 		    DROPPER(ipss, ipds_esp_nomem),
2757 		    &espstack->esp_dropper);
2758 		freeb(espmp);
2759 		return (IPSEC_STATUS_FAILED);
2760 	}
2761 
2762 	/* Append padding (and leave room for ICV). */
2763 	for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont)
2764 		;
2765 	if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) {
2766 		tailmp->b_cont = allocb(alloclen, BPRI_HI);
2767 		if (tailmp->b_cont == NULL) {
2768 			ESP_BUMP_STAT(espstack, out_discards);
2769 			esp0dbg(("esp_outbound:  Can't allocate tailmp.\n"));
2770 			/*
2771 			 * TODO:  Find the outbound IRE for this packet and
2772 			 * pass it to ip_drop_packet().
2773 			 */
2774 			ip_drop_packet(mp, B_FALSE, NULL, NULL,
2775 			    DROPPER(ipss, ipds_esp_nomem),
2776 			    &espstack->esp_dropper);
2777 			return (IPSEC_STATUS_FAILED);
2778 		}
2779 		tailmp = tailmp->b_cont;
2780 	}
2781 
2782 	/*
2783 	 * If there's padding, N bytes of padding must be of the form 0x1,
2784 	 * 0x2, 0x3... 0xN.
2785 	 */
2786 	for (i = 0; i < padlen; ) {
2787 		i++;
2788 		*tailmp->b_wptr++ = i;
2789 	}
2790 	*tailmp->b_wptr++ = i;
2791 	*tailmp->b_wptr++ = protocol;
2792 
2793 	esp2dbg(espstack, ("data_Mp before encryption:\n"));
2794 	esp2dbg(espstack, (dump_msg(data_mp)));
2795 
2796 	/*
2797 	 * The packet is eligible for hardware acceleration if the
2798 	 * following conditions are satisfied:
2799 	 *
2800 	 * 1. the packet will not be fragmented
2801 	 * 2. the provider supports the algorithms specified by SA
2802 	 * 3. there is no pending control message being exchanged
2803 	 * 4. snoop is not attached
2804 	 * 5. the destination address is not a multicast address
2805 	 *
2806 	 * All five of these conditions are checked by IP prior to
2807 	 * sending the packet to ESP.
2808 	 *
2809 	 * But We, and We Alone, can, nay MUST check if the packet
2810 	 * is over NATT, and then disqualify it from hardware
2811 	 * acceleration.
2812 	 */
2813 
2814 	if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) {
2815 		return (esp_outbound_accelerated(ipsec_out_mp, mac_len));
2816 	}
2817 	ESP_BUMP_STAT(espstack, noaccel);
2818 
2819 	/*
2820 	 * Okay.  I've set up the pre-encryption ESP.  Let's do it!
2821 	 */
2822 
2823 	if (mac_len > 0) {
2824 		ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim);
2825 		icv_buf = tailmp->b_wptr;
2826 		tailmp->b_wptr += mac_len;
2827 	} else {
2828 		icv_buf = NULL;
2829 	}
2830 
2831 	return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf,
2832 	    datalen + padlen + 2));
2833 }
2834 
2835 /*
2836  * IP calls this to validate the ICMP errors that
2837  * we got from the network.
2838  */
2839 ipsec_status_t
2840 ipsecesp_icmp_error(mblk_t *ipsec_mp)
2841 {
2842 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
2843 	boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN);
2844 	netstack_t	*ns;
2845 	ipsecesp_stack_t *espstack;
2846 	ipsec_stack_t	*ipss;
2847 
2848 	if (is_inbound) {
2849 		ns = ii->ipsec_in_ns;
2850 	} else {
2851 		ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
2852 
2853 		ns = io->ipsec_out_ns;
2854 	}
2855 	espstack = ns->netstack_ipsecesp;
2856 	ipss = ns->netstack_ipsec;
2857 
2858 	/*
2859 	 * Unless we get an entire packet back, this function is useless.
2860 	 * Why?
2861 	 *
2862 	 * 1.)	Partial packets are useless, because the "next header"
2863 	 *	is at the end of the decrypted ESP packet.  Without the
2864 	 *	whole packet, this is useless.
2865 	 *
2866 	 * 2.)	If we every use a stateful cipher, such as a stream or a
2867 	 *	one-time pad, we can't do anything.
2868 	 *
2869 	 * Since the chances of us getting an entire packet back are very
2870 	 * very small, we discard here.
2871 	 */
2872 	IP_ESP_BUMP_STAT(ipss, in_discards);
2873 	ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL,
2874 	    DROPPER(ipss, ipds_esp_icmp),
2875 	    &espstack->esp_dropper);
2876 	return (IPSEC_STATUS_FAILED);
2877 }
2878 
2879 /*
2880  * ESP module read put routine.
2881  */
2882 /* ARGSUSED */
2883 static void
2884 ipsecesp_rput(queue_t *q, mblk_t *mp)
2885 {
2886 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
2887 
2888 	ASSERT(mp->b_datap->db_type != M_CTL);	/* No more IRE_DB_REQ. */
2889 
2890 	switch (mp->b_datap->db_type) {
2891 	case M_PROTO:
2892 	case M_PCPROTO:
2893 		/* TPI message of some sort. */
2894 		switch (*((t_scalar_t *)mp->b_rptr)) {
2895 		case T_BIND_ACK:
2896 			esp3dbg(espstack,
2897 			    ("Thank you IP from ESP for T_BIND_ACK\n"));
2898 			break;
2899 		case T_ERROR_ACK:
2900 			cmn_err(CE_WARN,
2901 			    "ipsecesp:  ESP received T_ERROR_ACK from IP.");
2902 			/*
2903 			 * Make esp_sadb.s_ip_q NULL, and in the
2904 			 * future, perhaps try again.
2905 			 */
2906 			espstack->esp_sadb.s_ip_q = NULL;
2907 			break;
2908 		case T_OK_ACK:
2909 			/* Probably from a (rarely sent) T_UNBIND_REQ. */
2910 			break;
2911 		default:
2912 			esp0dbg(("Unknown M_{,PC}PROTO message.\n"));
2913 		}
2914 		freemsg(mp);
2915 		break;
2916 	default:
2917 		/* For now, passthru message. */
2918 		esp2dbg(espstack, ("ESP got unknown mblk type %d.\n",
2919 		    mp->b_datap->db_type));
2920 		putnext(q, mp);
2921 	}
2922 }
2923 
2924 /*
2925  * Construct an SADB_REGISTER message with the current algorithms.
2926  */
2927 static boolean_t
2928 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial,
2929     ipsecesp_stack_t *espstack)
2930 {
2931 	mblk_t *pfkey_msg_mp, *keysock_out_mp;
2932 	sadb_msg_t *samsg;
2933 	sadb_supported_t *sasupp_auth = NULL;
2934 	sadb_supported_t *sasupp_encr = NULL;
2935 	sadb_alg_t *saalg;
2936 	uint_t allocsize = sizeof (*samsg);
2937 	uint_t i, numalgs_snap;
2938 	int current_aalgs;
2939 	ipsec_alginfo_t **authalgs;
2940 	uint_t num_aalgs;
2941 	int current_ealgs;
2942 	ipsec_alginfo_t **encralgs;
2943 	uint_t num_ealgs;
2944 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2945 
2946 	/* Allocate the KEYSOCK_OUT. */
2947 	keysock_out_mp = sadb_keysock_out(serial);
2948 	if (keysock_out_mp == NULL) {
2949 		esp0dbg(("esp_register_out: couldn't allocate mblk.\n"));
2950 		return (B_FALSE);
2951 	}
2952 
2953 	/*
2954 	 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
2955 	 */
2956 
2957 	mutex_enter(&ipss->ipsec_alg_lock);
2958 
2959 	/*
2960 	 * Fill SADB_REGISTER message's algorithm descriptors.  Hold
2961 	 * down the lock while filling it.
2962 	 *
2963 	 * Return only valid algorithms, so the number of algorithms
2964 	 * to send up may be less than the number of algorithm entries
2965 	 * in the table.
2966 	 */
2967 	authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH];
2968 	for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
2969 		if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
2970 			num_aalgs++;
2971 
2972 	if (num_aalgs != 0) {
2973 		allocsize += (num_aalgs * sizeof (*saalg));
2974 		allocsize += sizeof (*sasupp_auth);
2975 	}
2976 	encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR];
2977 	for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
2978 		if (encralgs[i] != NULL && ALG_VALID(encralgs[i]))
2979 			num_ealgs++;
2980 
2981 	if (num_ealgs != 0) {
2982 		allocsize += (num_ealgs * sizeof (*saalg));
2983 		allocsize += sizeof (*sasupp_encr);
2984 	}
2985 	keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI);
2986 	if (keysock_out_mp->b_cont == NULL) {
2987 		mutex_exit(&ipss->ipsec_alg_lock);
2988 		freemsg(keysock_out_mp);
2989 		return (B_FALSE);
2990 	}
2991 
2992 	pfkey_msg_mp = keysock_out_mp->b_cont;
2993 	pfkey_msg_mp->b_wptr += allocsize;
2994 	if (num_aalgs != 0) {
2995 		sasupp_auth = (sadb_supported_t *)
2996 		    (pfkey_msg_mp->b_rptr + sizeof (*samsg));
2997 		saalg = (sadb_alg_t *)(sasupp_auth + 1);
2998 
2999 		ASSERT(((ulong_t)saalg & 0x7) == 0);
3000 
3001 		numalgs_snap = 0;
3002 		for (i = 0;
3003 		    ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs));
3004 		    i++) {
3005 			if (authalgs[i] == NULL || !ALG_VALID(authalgs[i]))
3006 				continue;
3007 
3008 			saalg->sadb_alg_id = authalgs[i]->alg_id;
3009 			saalg->sadb_alg_ivlen = 0;
3010 			saalg->sadb_alg_minbits	= authalgs[i]->alg_ef_minbits;
3011 			saalg->sadb_alg_maxbits	= authalgs[i]->alg_ef_maxbits;
3012 			saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default;
3013 			saalg->sadb_x_alg_increment =
3014 			    authalgs[i]->alg_increment;
3015 			numalgs_snap++;
3016 			saalg++;
3017 		}
3018 		ASSERT(numalgs_snap == num_aalgs);
3019 #ifdef DEBUG
3020 		/*
3021 		 * Reality check to make sure I snagged all of the
3022 		 * algorithms.
3023 		 */
3024 		for (; i < IPSEC_MAX_ALGS; i++) {
3025 			if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) {
3026 				cmn_err(CE_PANIC, "esp_register_out()! "
3027 				    "Missed aalg #%d.\n", i);
3028 			}
3029 		}
3030 #endif /* DEBUG */
3031 	} else {
3032 		saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg));
3033 	}
3034 
3035 	if (num_ealgs != 0) {
3036 		sasupp_encr = (sadb_supported_t *)saalg;
3037 		saalg = (sadb_alg_t *)(sasupp_encr + 1);
3038 
3039 		numalgs_snap = 0;
3040 		for (i = 0;
3041 		    ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) {
3042 			if (encralgs[i] == NULL || !ALG_VALID(encralgs[i]))
3043 				continue;
3044 			saalg->sadb_alg_id = encralgs[i]->alg_id;
3045 			saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen;
3046 			saalg->sadb_alg_minbits	= encralgs[i]->alg_ef_minbits;
3047 			saalg->sadb_alg_maxbits	= encralgs[i]->alg_ef_maxbits;
3048 			saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default;
3049 			saalg->sadb_x_alg_increment =
3050 			    encralgs[i]->alg_increment;
3051 			numalgs_snap++;
3052 			saalg++;
3053 		}
3054 		ASSERT(numalgs_snap == num_ealgs);
3055 #ifdef DEBUG
3056 		/*
3057 		 * Reality check to make sure I snagged all of the
3058 		 * algorithms.
3059 		 */
3060 		for (; i < IPSEC_MAX_ALGS; i++) {
3061 			if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) {
3062 				cmn_err(CE_PANIC, "esp_register_out()! "
3063 				    "Missed ealg #%d.\n", i);
3064 			}
3065 		}
3066 #endif /* DEBUG */
3067 	}
3068 
3069 	current_aalgs = num_aalgs;
3070 	current_ealgs = num_ealgs;
3071 
3072 	mutex_exit(&ipss->ipsec_alg_lock);
3073 
3074 	/* Now fill the rest of the SADB_REGISTER message. */
3075 
3076 	samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr;
3077 	samsg->sadb_msg_version = PF_KEY_V2;
3078 	samsg->sadb_msg_type = SADB_REGISTER;
3079 	samsg->sadb_msg_errno = 0;
3080 	samsg->sadb_msg_satype = SADB_SATYPE_ESP;
3081 	samsg->sadb_msg_len = SADB_8TO64(allocsize);
3082 	samsg->sadb_msg_reserved = 0;
3083 	/*
3084 	 * Assume caller has sufficient sequence/pid number info.  If it's one
3085 	 * from me over a new alg., I could give two hoots about sequence.
3086 	 */
3087 	samsg->sadb_msg_seq = sequence;
3088 	samsg->sadb_msg_pid = pid;
3089 
3090 	if (sasupp_auth != NULL) {
3091 		sasupp_auth->sadb_supported_len = SADB_8TO64(
3092 		    sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs);
3093 		sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
3094 		sasupp_auth->sadb_supported_reserved = 0;
3095 	}
3096 
3097 	if (sasupp_encr != NULL) {
3098 		sasupp_encr->sadb_supported_len = SADB_8TO64(
3099 		    sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs);
3100 		sasupp_encr->sadb_supported_exttype =
3101 		    SADB_EXT_SUPPORTED_ENCRYPT;
3102 		sasupp_encr->sadb_supported_reserved = 0;
3103 	}
3104 
3105 	if (espstack->esp_pfkey_q != NULL)
3106 		putnext(espstack->esp_pfkey_q, keysock_out_mp);
3107 	else {
3108 		freemsg(keysock_out_mp);
3109 		return (B_FALSE);
3110 	}
3111 
3112 	return (B_TRUE);
3113 }
3114 
3115 /*
3116  * Invoked when the algorithm table changes. Causes SADB_REGISTER
3117  * messages continaining the current list of algorithms to be
3118  * sent up to the ESP listeners.
3119  */
3120 void
3121 ipsecesp_algs_changed(netstack_t *ns)
3122 {
3123 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
3124 
3125 	/*
3126 	 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners
3127 	 * everywhere.  (The function itself checks for NULL esp_pfkey_q.)
3128 	 */
3129 	(void) esp_register_out(0, 0, 0, espstack);
3130 }
3131 
3132 /*
3133  * taskq_dispatch handler.
3134  */
3135 static void
3136 inbound_task(void *arg)
3137 {
3138 	esph_t *esph;
3139 	mblk_t *mp = (mblk_t *)arg;
3140 	ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr;
3141 	netstack_t		*ns = ii->ipsec_in_ns;
3142 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
3143 	int ipsec_rc;
3144 
3145 	esp2dbg(espstack, ("in ESP inbound_task"));
3146 	ASSERT(espstack != NULL);
3147 
3148 	esph = ipsec_inbound_esp_sa(mp, ns);
3149 	if (esph == NULL)
3150 		return;
3151 	ASSERT(ii->ipsec_in_esp_sa != NULL);
3152 	ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph);
3153 	if (ipsec_rc != IPSEC_STATUS_SUCCESS)
3154 		return;
3155 	ip_fanout_proto_again(mp, NULL, NULL, NULL);
3156 }
3157 
3158 /*
3159  * Now that weak-key passed, actually ADD the security association, and
3160  * send back a reply ADD message.
3161  */
3162 static int
3163 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi,
3164     int *diagnostic, ipsecesp_stack_t *espstack)
3165 {
3166 	isaf_t *primary = NULL, *secondary, *inbound, *outbound;
3167 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3168 	sadb_address_t *dstext =
3169 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3170 	struct sockaddr_in *dst;
3171 	struct sockaddr_in6 *dst6;
3172 	boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE;
3173 	uint32_t *dstaddr;
3174 	ipsa_t *larval = NULL;
3175 	ipsacq_t *acqrec;
3176 	iacqf_t *acq_bucket;
3177 	mblk_t *acq_msgs = NULL;
3178 	int rc;
3179 	sadb_t *sp;
3180 	int outhash;
3181 	mblk_t *lpkt;
3182 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3183 
3184 	/*
3185 	 * Locate the appropriate table(s).
3186 	 */
3187 
3188 	dst = (struct sockaddr_in *)(dstext + 1);
3189 	dst6 = (struct sockaddr_in6 *)dst;
3190 	is_ipv4 = (dst->sin_family == AF_INET);
3191 	if (is_ipv4) {
3192 		sp = &espstack->esp_sadb.s_v4;
3193 		dstaddr = (uint32_t *)(&dst->sin_addr);
3194 		outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr);
3195 	} else {
3196 		sp = &espstack->esp_sadb.s_v6;
3197 		dstaddr = (uint32_t *)(&dst6->sin6_addr);
3198 		outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr);
3199 	}
3200 
3201 	inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi);
3202 	outbound = &sp->sdb_of[outhash];
3203 
3204 	/*
3205 	 * Use the direction flags provided by the KMD to determine
3206 	 * if the inbound or outbound table should be the primary
3207 	 * for this SA. If these flags were absent then make this
3208 	 * decision based on the addresses.
3209 	 */
3210 	if (assoc->sadb_sa_flags & IPSA_F_INBOUND) {
3211 		primary = inbound;
3212 		secondary = outbound;
3213 		is_inbound = B_TRUE;
3214 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND)
3215 			clone = B_TRUE;
3216 	} else {
3217 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) {
3218 			primary = outbound;
3219 			secondary = inbound;
3220 		}
3221 	}
3222 
3223 	if (primary == NULL) {
3224 		/*
3225 		 * The KMD did not set a direction flag, determine which
3226 		 * table to insert the SA into based on addresses.
3227 		 */
3228 		switch (ksi->ks_in_dsttype) {
3229 		case KS_IN_ADDR_MBCAST:
3230 			clone = B_TRUE;	/* All mcast SAs can be bidirectional */
3231 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3232 			/* FALLTHRU */
3233 		/*
3234 		 * If the source address is either one of mine, or unspecified
3235 		 * (which is best summed up by saying "not 'not mine'"),
3236 		 * then the association is potentially bi-directional,
3237 		 * in that it can be used for inbound traffic and outbound
3238 		 * traffic.  The best example of such an SA is a multicast
3239 		 * SA (which allows me to receive the outbound traffic).
3240 		 */
3241 		case KS_IN_ADDR_ME:
3242 			assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3243 			primary = inbound;
3244 			secondary = outbound;
3245 			if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME)
3246 				clone = B_TRUE;
3247 			is_inbound = B_TRUE;
3248 			break;
3249 		/*
3250 		 * If the source address literally not mine (either
3251 		 * unspecified or not mine), then this SA may have an
3252 		 * address that WILL be mine after some configuration.
3253 		 * We pay the price for this by making it a bi-directional
3254 		 * SA.
3255 		 */
3256 		case KS_IN_ADDR_NOTME:
3257 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3258 			primary = outbound;
3259 			secondary = inbound;
3260 			if (ksi->ks_in_srctype != KS_IN_ADDR_ME) {
3261 				assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3262 				clone = B_TRUE;
3263 			}
3264 			break;
3265 		default:
3266 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_DST;
3267 			return (EINVAL);
3268 		}
3269 	}
3270 
3271 	/*
3272 	 * Find a ACQUIRE list entry if possible.  If we've added an SA that
3273 	 * suits the needs of an ACQUIRE list entry, we can eliminate the
3274 	 * ACQUIRE list entry and transmit the enqueued packets.  Use the
3275 	 * high-bit of the sequence number to queue it.  Key off destination
3276 	 * addr, and change acqrec's state.
3277 	 */
3278 
3279 	if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) {
3280 		acq_bucket = &sp->sdb_acq[outhash];
3281 		mutex_enter(&acq_bucket->iacqf_lock);
3282 		for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL;
3283 		    acqrec = acqrec->ipsacq_next) {
3284 			mutex_enter(&acqrec->ipsacq_lock);
3285 			/*
3286 			 * Q:  I only check sequence.  Should I check dst?
3287 			 * A: Yes, check dest because those are the packets
3288 			 *    that are queued up.
3289 			 */
3290 			if (acqrec->ipsacq_seq == samsg->sadb_msg_seq &&
3291 			    IPSA_ARE_ADDR_EQUAL(dstaddr,
3292 			    acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam))
3293 				break;
3294 			mutex_exit(&acqrec->ipsacq_lock);
3295 		}
3296 		if (acqrec != NULL) {
3297 			/*
3298 			 * AHA!  I found an ACQUIRE record for this SA.
3299 			 * Grab the msg list, and free the acquire record.
3300 			 * I already am holding the lock for this record,
3301 			 * so all I have to do is free it.
3302 			 */
3303 			acq_msgs = acqrec->ipsacq_mp;
3304 			acqrec->ipsacq_mp = NULL;
3305 			mutex_exit(&acqrec->ipsacq_lock);
3306 			sadb_destroy_acquire(acqrec,
3307 			    espstack->ipsecesp_netstack);
3308 		}
3309 		mutex_exit(&acq_bucket->iacqf_lock);
3310 	}
3311 
3312 	/*
3313 	 * Find PF_KEY message, and see if I'm an update.  If so, find entry
3314 	 * in larval list (if there).
3315 	 */
3316 
3317 	if (samsg->sadb_msg_type == SADB_UPDATE) {
3318 		mutex_enter(&inbound->isaf_lock);
3319 		larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi,
3320 		    ALL_ZEROES_PTR, dstaddr, dst->sin_family);
3321 		mutex_exit(&inbound->isaf_lock);
3322 
3323 		if ((larval == NULL) ||
3324 		    (larval->ipsa_state != IPSA_STATE_LARVAL)) {
3325 			*diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND;
3326 			if (larval != NULL) {
3327 				IPSA_REFRELE(larval);
3328 			}
3329 			esp0dbg(("Larval update, but larval disappeared.\n"));
3330 			return (ESRCH);
3331 		} /* Else sadb_common_add unlinks it for me! */
3332 	}
3333 
3334 	lpkt = NULL;
3335 	if (larval != NULL)
3336 		lpkt = sadb_clear_lpkt(larval);
3337 
3338 	rc = sadb_common_add(espstack->esp_sadb.s_ip_q, espstack->esp_pfkey_q,
3339 	    mp, samsg, ksi, primary, secondary, larval, clone, is_inbound,
3340 	    diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb);
3341 
3342 	if (rc == 0 && lpkt != NULL) {
3343 		rc = !taskq_dispatch(esp_taskq, inbound_task,
3344 		    (void *) lpkt, TQ_NOSLEEP);
3345 	}
3346 
3347 	if (rc != 0) {
3348 		ip_drop_packet(lpkt, B_TRUE, NULL, NULL,
3349 		    DROPPER(ipss, ipds_sadb_inlarval_timeout),
3350 		    &espstack->esp_dropper);
3351 	}
3352 
3353 	/*
3354 	 * How much more stack will I create with all of these
3355 	 * esp_outbound() calls?
3356 	 */
3357 
3358 	while (acq_msgs != NULL) {
3359 		mblk_t *mp = acq_msgs;
3360 
3361 		acq_msgs = acq_msgs->b_next;
3362 		mp->b_next = NULL;
3363 		if (rc == 0) {
3364 			if (ipsec_outbound_sa(mp, IPPROTO_ESP)) {
3365 				((ipsec_out_t *)(mp->b_rptr))->
3366 				    ipsec_out_esp_done = B_TRUE;
3367 				if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) {
3368 					ipha_t *ipha;
3369 
3370 					/* do AH processing if needed */
3371 					if (!esp_do_outbound_ah(mp))
3372 						continue;
3373 
3374 					ipha = (ipha_t *)mp->b_cont->b_rptr;
3375 
3376 					/* finish IPsec processing */
3377 					if (is_ipv4) {
3378 						ip_wput_ipsec_out(NULL, mp,
3379 						    ipha, NULL, NULL);
3380 					} else {
3381 						ip6_t *ip6h = (ip6_t *)ipha;
3382 						ip_wput_ipsec_out_v6(NULL,
3383 						    mp, ip6h, NULL, NULL);
3384 					}
3385 				}
3386 				continue;
3387 			}
3388 		}
3389 		ESP_BUMP_STAT(espstack, out_discards);
3390 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
3391 		    DROPPER(ipss, ipds_sadb_acquire_timeout),
3392 		    &espstack->esp_dropper);
3393 	}
3394 
3395 	return (rc);
3396 }
3397 
3398 /*
3399  * Add new ESP security association.  This may become a generic AH/ESP
3400  * routine eventually.
3401  */
3402 static int
3403 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns)
3404 {
3405 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3406 	sadb_address_t *srcext =
3407 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3408 	sadb_address_t *dstext =
3409 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3410 	sadb_address_t *isrcext =
3411 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC];
3412 	sadb_address_t *idstext =
3413 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST];
3414 	sadb_address_t *nttext_loc =
3415 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC];
3416 	sadb_address_t *nttext_rem =
3417 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM];
3418 	sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH];
3419 	sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT];
3420 	struct sockaddr_in *src, *dst;
3421 	struct sockaddr_in *natt_loc, *natt_rem;
3422 	struct sockaddr_in6 *natt_loc6, *natt_rem6;
3423 	sadb_lifetime_t *soft =
3424 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT];
3425 	sadb_lifetime_t *hard =
3426 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD];
3427 	sadb_lifetime_t *idle =
3428 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE];
3429 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3430 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3431 
3432 	/* I need certain extensions present for an ADD message. */
3433 	if (srcext == NULL) {
3434 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC;
3435 		return (EINVAL);
3436 	}
3437 	if (dstext == NULL) {
3438 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3439 		return (EINVAL);
3440 	}
3441 	if (isrcext == NULL && idstext != NULL) {
3442 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC;
3443 		return (EINVAL);
3444 	}
3445 	if (isrcext != NULL && idstext == NULL) {
3446 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST;
3447 		return (EINVAL);
3448 	}
3449 	if (assoc == NULL) {
3450 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3451 		return (EINVAL);
3452 	}
3453 	if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
3454 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY;
3455 		return (EINVAL);
3456 	}
3457 
3458 	src = (struct sockaddr_in *)(srcext + 1);
3459 	dst = (struct sockaddr_in *)(dstext + 1);
3460 	natt_loc = (struct sockaddr_in *)(nttext_loc + 1);
3461 	natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1);
3462 	natt_rem = (struct sockaddr_in *)(nttext_rem + 1);
3463 	natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1);
3464 
3465 	/* Sundry ADD-specific reality checks. */
3466 	/* XXX STATS :  Logging/stats here? */
3467 
3468 	if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
3469 	    (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
3470 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
3471 		return (EINVAL);
3472 	}
3473 	if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) {
3474 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3475 		return (EINVAL);
3476 	}
3477 
3478 	if (assoc->sadb_sa_encrypt == SADB_EALG_NULL &&
3479 	    assoc->sadb_sa_auth == SADB_AALG_NONE) {
3480 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3481 		return (EINVAL);
3482 	}
3483 
3484 	if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3485 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS;
3486 		return (EINVAL);
3487 	}
3488 
3489 	if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0) {
3490 		return (EINVAL);
3491 	}
3492 	ASSERT(src->sin_family == dst->sin_family);
3493 
3494 	if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) {
3495 		if (nttext_loc == NULL) {
3496 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC;
3497 			return (EINVAL);
3498 		}
3499 
3500 		if (natt_loc->sin_family == AF_INET6 &&
3501 		    !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) {
3502 			*diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC;
3503 			return (EINVAL);
3504 		}
3505 	}
3506 
3507 	if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) {
3508 		if (nttext_rem == NULL) {
3509 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM;
3510 			return (EINVAL);
3511 		}
3512 		if (natt_rem->sin_family == AF_INET6 &&
3513 		    !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) {
3514 			*diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM;
3515 			return (EINVAL);
3516 		}
3517 	}
3518 
3519 
3520 	/* Stuff I don't support, for now.  XXX Diagnostic? */
3521 	if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL ||
3522 	    ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL)
3523 		return (EOPNOTSUPP);
3524 
3525 	/*
3526 	 * XXX Policy :  I'm not checking identities or sensitivity
3527 	 * labels at this time, but if I did, I'd do them here, before I sent
3528 	 * the weak key check up to the algorithm.
3529 	 */
3530 
3531 	mutex_enter(&ipss->ipsec_alg_lock);
3532 
3533 	/*
3534 	 * First locate the authentication algorithm.
3535 	 */
3536 	if (akey != NULL) {
3537 		ipsec_alginfo_t *aalg;
3538 
3539 		aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
3540 		    [assoc->sadb_sa_auth];
3541 		if (aalg == NULL || !ALG_VALID(aalg)) {
3542 			mutex_exit(&ipss->ipsec_alg_lock);
3543 			esp1dbg(espstack, ("Couldn't find auth alg #%d.\n",
3544 			    assoc->sadb_sa_auth));
3545 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3546 			return (EINVAL);
3547 		}
3548 
3549 		/*
3550 		 * Sanity check key sizes.
3551 		 * Note: It's not possible to use SADB_AALG_NONE because
3552 		 * this auth_alg is not defined with ALG_FLAG_VALID. If this
3553 		 * ever changes, the same check for SADB_AALG_NONE and
3554 		 * a auth_key != NULL should be made here ( see below).
3555 		 */
3556 		if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) {
3557 			mutex_exit(&ipss->ipsec_alg_lock);
3558 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
3559 			return (EINVAL);
3560 		}
3561 		ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3562 
3563 		/* check key and fix parity if needed */
3564 		if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE,
3565 		    diagnostic) != 0) {
3566 			mutex_exit(&ipss->ipsec_alg_lock);
3567 			return (EINVAL);
3568 		}
3569 	}
3570 
3571 	/*
3572 	 * Then locate the encryption algorithm.
3573 	 */
3574 	if (ekey != NULL) {
3575 		ipsec_alginfo_t *ealg;
3576 
3577 		ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
3578 		    [assoc->sadb_sa_encrypt];
3579 		if (ealg == NULL || !ALG_VALID(ealg)) {
3580 			mutex_exit(&ipss->ipsec_alg_lock);
3581 			esp1dbg(espstack, ("Couldn't find encr alg #%d.\n",
3582 			    assoc->sadb_sa_encrypt));
3583 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3584 			return (EINVAL);
3585 		}
3586 
3587 		/*
3588 		 * Sanity check key sizes. If the encryption algorithm is
3589 		 * SADB_EALG_NULL but the encryption key is NOT
3590 		 * NULL then complain.
3591 		 */
3592 		if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
3593 		    (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg))) {
3594 			mutex_exit(&ipss->ipsec_alg_lock);
3595 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS;
3596 			return (EINVAL);
3597 		}
3598 		ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3599 
3600 		/* check key */
3601 		if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE,
3602 		    diagnostic) != 0) {
3603 			mutex_exit(&ipss->ipsec_alg_lock);
3604 			return (EINVAL);
3605 		}
3606 	}
3607 	mutex_exit(&ipss->ipsec_alg_lock);
3608 
3609 	return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
3610 	    diagnostic, espstack));
3611 }
3612 
3613 /*
3614  * Update a security association.  Updates come in two varieties.  The first
3615  * is an update of lifetimes on a non-larval SA.  The second is an update of
3616  * a larval SA, which ends up looking a lot more like an add.
3617  */
3618 static int
3619 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3620     ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3621 {
3622 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3623 	mblk_t    *buf_pkt;
3624 	int rcode;
3625 
3626 	sadb_address_t *dstext =
3627 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3628 
3629 	if (dstext == NULL) {
3630 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3631 		return (EINVAL);
3632 	}
3633 
3634 	rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb,
3635 	    diagnostic, espstack->esp_pfkey_q, esp_add_sa,
3636 	    espstack->ipsecesp_netstack, sadb_msg_type);
3637 
3638 	if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
3639 	    (rcode != 0)) {
3640 		return (rcode);
3641 	}
3642 
3643 	HANDLE_BUF_PKT(esp_taskq,
3644 	    espstack->ipsecesp_netstack->netstack_ipsec,
3645 	    espstack->esp_dropper, buf_pkt);
3646 
3647 	return (rcode);
3648 }
3649 
3650 /*
3651  * Delete a security association.  This is REALLY likely to be code common to
3652  * both AH and ESP.  Find the association, then unlink it.
3653  */
3654 static int
3655 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3656     ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3657 {
3658 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3659 	sadb_address_t *dstext =
3660 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3661 	sadb_address_t *srcext =
3662 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3663 	struct sockaddr_in *sin;
3664 
3665 	if (assoc == NULL) {
3666 		if (dstext != NULL) {
3667 			sin = (struct sockaddr_in *)(dstext + 1);
3668 		} else if (srcext != NULL) {
3669 			sin = (struct sockaddr_in *)(srcext + 1);
3670 		} else {
3671 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3672 			return (EINVAL);
3673 		}
3674 		return (sadb_purge_sa(mp, ksi,
3675 		    (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 :
3676 		    &espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
3677 		    espstack->esp_sadb.s_ip_q));
3678 	}
3679 
3680 	return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic,
3681 	    espstack->esp_pfkey_q, sadb_msg_type));
3682 }
3683 
3684 /*
3685  * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP
3686  * messages.
3687  */
3688 static void
3689 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
3690 {
3691 	int error;
3692 	sadb_msg_t *samsg;
3693 
3694 	/*
3695 	 * Dump each fanout, bailing if error is non-zero.
3696 	 */
3697 
3698 	error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3699 	    &espstack->esp_sadb.s_v4);
3700 	if (error != 0)
3701 		goto bail;
3702 
3703 	error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3704 	    &espstack->esp_sadb.s_v6);
3705 bail:
3706 	ASSERT(mp->b_cont != NULL);
3707 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
3708 	samsg->sadb_msg_errno = (uint8_t)error;
3709 	sadb_pfkey_echo(espstack->esp_pfkey_q, mp,
3710 	    (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL);
3711 }
3712 
3713 /*
3714  * First-cut reality check for an inbound PF_KEY message.
3715  */
3716 static boolean_t
3717 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi,
3718     ipsecesp_stack_t *espstack)
3719 {
3720 	int diagnostic;
3721 
3722 	if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) {
3723 		diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT;
3724 		goto badmsg;
3725 	}
3726 	if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL ||
3727 	    ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) {
3728 		diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT;
3729 		goto badmsg;
3730 	}
3731 	return (B_FALSE);	/* False ==> no failures */
3732 
3733 badmsg:
3734 	sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
3735 	    ksi->ks_in_serial);
3736 	return (B_TRUE);	/* True ==> failures */
3737 }
3738 
3739 /*
3740  * ESP parsing of PF_KEY messages.  Keysock did most of the really silly
3741  * error cases.  What I receive is a fully-formed, syntactically legal
3742  * PF_KEY message.  I then need to check semantics...
3743  *
3744  * This code may become common to AH and ESP.  Stay tuned.
3745  *
3746  * I also make the assumption that db_ref's are cool.  If this assumption
3747  * is wrong, this means that someone other than keysock or me has been
3748  * mucking with PF_KEY messages.
3749  */
3750 static void
3751 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack)
3752 {
3753 	mblk_t *msg = mp->b_cont;
3754 	sadb_msg_t *samsg;
3755 	keysock_in_t *ksi;
3756 	int error;
3757 	int diagnostic = SADB_X_DIAGNOSTIC_NONE;
3758 
3759 	ASSERT(msg != NULL);
3760 
3761 	samsg = (sadb_msg_t *)msg->b_rptr;
3762 	ksi = (keysock_in_t *)mp->b_rptr;
3763 
3764 	/*
3765 	 * If applicable, convert unspecified AF_INET6 to unspecified
3766 	 * AF_INET.  And do other address reality checks.
3767 	 */
3768 	if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp,
3769 	    espstack->ipsecesp_netstack) ||
3770 	    esp_pfkey_reality_failures(mp, ksi, espstack)) {
3771 		return;
3772 	}
3773 
3774 	switch (samsg->sadb_msg_type) {
3775 	case SADB_ADD:
3776 		error = esp_add_sa(mp, ksi, &diagnostic,
3777 		    espstack->ipsecesp_netstack);
3778 		if (error != 0) {
3779 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3780 			    diagnostic, ksi->ks_in_serial);
3781 		}
3782 		/* else esp_add_sa() took care of things. */
3783 		break;
3784 	case SADB_DELETE:
3785 	case SADB_X_DELPAIR:
3786 	case SADB_X_DELPAIR_STATE:
3787 		error = esp_del_sa(mp, ksi, &diagnostic, espstack,
3788 		    samsg->sadb_msg_type);
3789 		if (error != 0) {
3790 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3791 			    diagnostic, ksi->ks_in_serial);
3792 		}
3793 		/* Else esp_del_sa() took care of things. */
3794 		break;
3795 	case SADB_GET:
3796 		error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb,
3797 		    &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type);
3798 		if (error != 0) {
3799 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3800 			    diagnostic, ksi->ks_in_serial);
3801 		}
3802 		/* Else sadb_get_sa() took care of things. */
3803 		break;
3804 	case SADB_FLUSH:
3805 		sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack);
3806 		sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL);
3807 		break;
3808 	case SADB_REGISTER:
3809 		/*
3810 		 * Hmmm, let's do it!  Check for extensions (there should
3811 		 * be none), extract the fields, call esp_register_out(),
3812 		 * then either free or report an error.
3813 		 *
3814 		 * Keysock takes care of the PF_KEY bookkeeping for this.
3815 		 */
3816 		if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid,
3817 		    ksi->ks_in_serial, espstack)) {
3818 			freemsg(mp);
3819 		} else {
3820 			/*
3821 			 * Only way this path hits is if there is a memory
3822 			 * failure.  It will not return B_FALSE because of
3823 			 * lack of esp_pfkey_q if I am in wput().
3824 			 */
3825 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM,
3826 			    diagnostic, ksi->ks_in_serial);
3827 		}
3828 		break;
3829 	case SADB_UPDATE:
3830 	case SADB_X_UPDATEPAIR:
3831 		/*
3832 		 * Find a larval, if not there, find a full one and get
3833 		 * strict.
3834 		 */
3835 		error = esp_update_sa(mp, ksi, &diagnostic, espstack,
3836 		    samsg->sadb_msg_type);
3837 		if (error != 0) {
3838 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3839 			    diagnostic, ksi->ks_in_serial);
3840 		}
3841 		/* else esp_update_sa() took care of things. */
3842 		break;
3843 	case SADB_GETSPI:
3844 		/*
3845 		 * Reserve a new larval entry.
3846 		 */
3847 		esp_getspi(mp, ksi, espstack);
3848 		break;
3849 	case SADB_ACQUIRE:
3850 		/*
3851 		 * Find larval and/or ACQUIRE record and kill it (them), I'm
3852 		 * most likely an error.  Inbound ACQUIRE messages should only
3853 		 * have the base header.
3854 		 */
3855 		sadb_in_acquire(samsg, &espstack->esp_sadb,
3856 		    espstack->esp_pfkey_q, espstack->ipsecesp_netstack);
3857 		freemsg(mp);
3858 		break;
3859 	case SADB_DUMP:
3860 		/*
3861 		 * Dump all entries.
3862 		 */
3863 		esp_dump(mp, ksi, espstack);
3864 		/* esp_dump will take care of the return message, etc. */
3865 		break;
3866 	case SADB_EXPIRE:
3867 		/* Should never reach me. */
3868 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP,
3869 		    diagnostic, ksi->ks_in_serial);
3870 		break;
3871 	default:
3872 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL,
3873 		    SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial);
3874 		break;
3875 	}
3876 }
3877 
3878 /*
3879  * Handle case where PF_KEY says it can't find a keysock for one of my
3880  * ACQUIRE messages.
3881  */
3882 static void
3883 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack)
3884 {
3885 	sadb_msg_t *samsg;
3886 	keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr;
3887 
3888 	if (mp->b_cont == NULL) {
3889 		freemsg(mp);
3890 		return;
3891 	}
3892 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
3893 
3894 	/*
3895 	 * If keysock can't find any registered, delete the acquire record
3896 	 * immediately, and handle errors.
3897 	 */
3898 	if (samsg->sadb_msg_type == SADB_ACQUIRE) {
3899 		samsg->sadb_msg_errno = kse->ks_err_errno;
3900 		samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg));
3901 		/*
3902 		 * Use the write-side of the esp_pfkey_q, in case there is
3903 		 * no esp_sadb.s_ip_q.
3904 		 */
3905 		sadb_in_acquire(samsg, &espstack->esp_sadb,
3906 		    WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack);
3907 	}
3908 
3909 	freemsg(mp);
3910 }
3911 
3912 /*
3913  * ESP module write put routine.
3914  */
3915 static void
3916 ipsecesp_wput(queue_t *q, mblk_t *mp)
3917 {
3918 	ipsec_info_t *ii;
3919 	struct iocblk *iocp;
3920 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
3921 
3922 	esp3dbg(espstack, ("In esp_wput().\n"));
3923 
3924 	/* NOTE: Each case must take care of freeing or passing mp. */
3925 	switch (mp->b_datap->db_type) {
3926 	case M_CTL:
3927 		if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) {
3928 			/* Not big enough message. */
3929 			freemsg(mp);
3930 			break;
3931 		}
3932 		ii = (ipsec_info_t *)mp->b_rptr;
3933 
3934 		switch (ii->ipsec_info_type) {
3935 		case KEYSOCK_OUT_ERR:
3936 			esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n"));
3937 			esp_keysock_no_socket(mp, espstack);
3938 			break;
3939 		case KEYSOCK_IN:
3940 			ESP_BUMP_STAT(espstack, keysock_in);
3941 			esp3dbg(espstack, ("Got KEYSOCK_IN message.\n"));
3942 
3943 			/* Parse the message. */
3944 			esp_parse_pfkey(mp, espstack);
3945 			break;
3946 		case KEYSOCK_HELLO:
3947 			sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp,
3948 			    esp_ager, (void *)espstack, &espstack->esp_event,
3949 			    SADB_SATYPE_ESP);
3950 			break;
3951 		default:
3952 			esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n",
3953 			    ii->ipsec_info_type));
3954 			freemsg(mp);
3955 			break;
3956 		}
3957 		break;
3958 	case M_IOCTL:
3959 		iocp = (struct iocblk *)mp->b_rptr;
3960 		switch (iocp->ioc_cmd) {
3961 		case ND_SET:
3962 		case ND_GET:
3963 			if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) {
3964 				qreply(q, mp);
3965 				return;
3966 			} else {
3967 				iocp->ioc_error = ENOENT;
3968 			}
3969 			/* FALLTHRU */
3970 		default:
3971 			/* We really don't support any other ioctls, do we? */
3972 
3973 			/* Return EINVAL */
3974 			if (iocp->ioc_error != ENOENT)
3975 				iocp->ioc_error = EINVAL;
3976 			iocp->ioc_count = 0;
3977 			mp->b_datap->db_type = M_IOCACK;
3978 			qreply(q, mp);
3979 			return;
3980 		}
3981 	default:
3982 		esp3dbg(espstack,
3983 		    ("Got default message, type %d, passing to IP.\n",
3984 		    mp->b_datap->db_type));
3985 		putnext(q, mp);
3986 	}
3987 }
3988 
3989 /*
3990  * Process an outbound ESP packet that can be accelerated by a IPsec
3991  * hardware acceleration capable Provider.
3992  * The caller already inserted and initialized the ESP header.
3993  * This function allocates a tagging M_CTL, and adds room at the end
3994  * of the packet to hold the ICV if authentication is needed.
3995  *
3996  * On success returns B_TRUE, on failure returns B_FALSE and frees the
3997  * mblk chain ipsec_out.
3998  */
3999 static ipsec_status_t
4000 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len)
4001 {
4002 	ipsec_out_t *io;
4003 	mblk_t *lastmp;
4004 	netstack_t	*ns;
4005 	ipsecesp_stack_t *espstack;
4006 	ipsec_stack_t	*ipss;
4007 
4008 	io = (ipsec_out_t *)ipsec_out->b_rptr;
4009 	ns = io->ipsec_out_ns;
4010 	espstack = ns->netstack_ipsecesp;
4011 	ipss = ns->netstack_ipsec;
4012 
4013 	ESP_BUMP_STAT(espstack, out_accelerated);
4014 
4015 	/* mark packet as being accelerated in IPSEC_OUT */
4016 	ASSERT(io->ipsec_out_accelerated == B_FALSE);
4017 	io->ipsec_out_accelerated = B_TRUE;
4018 
4019 	/*
4020 	 * add room at the end of the packet for the ICV if needed
4021 	 */
4022 	if (icv_len > 0) {
4023 		/* go to last mblk */
4024 		lastmp = ipsec_out;	/* For following while loop. */
4025 		do {
4026 			lastmp = lastmp->b_cont;
4027 		} while (lastmp->b_cont != NULL);
4028 
4029 		/* if not enough available room, allocate new mblk */
4030 		if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) {
4031 			lastmp->b_cont = allocb(icv_len, BPRI_HI);
4032 			if (lastmp->b_cont == NULL) {
4033 				ESP_BUMP_STAT(espstack, out_discards);
4034 				ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL,
4035 				    DROPPER(ipss, ipds_esp_nomem),
4036 				    &espstack->esp_dropper);
4037 				return (IPSEC_STATUS_FAILED);
4038 			}
4039 			lastmp = lastmp->b_cont;
4040 		}
4041 		lastmp->b_wptr += icv_len;
4042 	}
4043 
4044 	return (IPSEC_STATUS_SUCCESS);
4045 }
4046 
4047 /*
4048  * Process an inbound accelerated ESP packet.
4049  * On success returns B_TRUE, on failure returns B_FALSE and frees the
4050  * mblk chain ipsec_in.
4051  */
4052 static ipsec_status_t
4053 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4,
4054     ipsa_t *assoc)
4055 {
4056 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr;
4057 	mblk_t *hada_mp;
4058 	uint32_t icv_len = 0;
4059 	da_ipsec_t *hada;
4060 	ipha_t *ipha;
4061 	ip6_t *ip6h;
4062 	kstat_named_t *counter;
4063 	netstack_t	*ns = ii->ipsec_in_ns;
4064 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
4065 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
4066 
4067 	ESP_BUMP_STAT(espstack, in_accelerated);
4068 
4069 	hada_mp = ii->ipsec_in_da;
4070 	ASSERT(hada_mp != NULL);
4071 	hada = (da_ipsec_t *)hada_mp->b_rptr;
4072 
4073 	/*
4074 	 * We only support one level of decapsulation in hardware, so
4075 	 * nuke the pointer.
4076 	 */
4077 	ii->ipsec_in_da = NULL;
4078 	ii->ipsec_in_accelerated = B_FALSE;
4079 
4080 	if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) {
4081 		/*
4082 		 * ESP with authentication. We expect the Provider to have
4083 		 * computed the ICV and placed it in the hardware acceleration
4084 		 * data attributes.
4085 		 *
4086 		 * Extract ICV length from attributes M_CTL and sanity check
4087 		 * its value. We allow the mblk to be smaller than da_ipsec_t
4088 		 * for a small ICV, as long as the entire ICV fits within the
4089 		 * mblk.
4090 		 *
4091 		 * Also ensures that the ICV length computed by Provider
4092 		 * corresponds to the ICV length of the agorithm specified by
4093 		 * the SA.
4094 		 */
4095 		icv_len = hada->da_icv_len;
4096 		if ((icv_len != assoc->ipsa_mac_len) ||
4097 		    (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) <
4098 		    (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) {
4099 			esp0dbg(("esp_inbound_accelerated: "
4100 			    "ICV len (%u) incorrect or mblk too small (%u)\n",
4101 			    icv_len, (uint32_t)(MBLKL(hada_mp))));
4102 			counter = DROPPER(ipss, ipds_esp_bad_auth);
4103 			goto esp_in_discard;
4104 		}
4105 	}
4106 
4107 	/* get pointers to IP header */
4108 	if (isv4) {
4109 		ipha = (ipha_t *)data_mp->b_rptr;
4110 	} else {
4111 		ip6h = (ip6_t *)data_mp->b_rptr;
4112 	}
4113 
4114 	/*
4115 	 * Compare ICV in ESP packet vs ICV computed by adapter.
4116 	 * We also remove the ICV from the end of the packet since
4117 	 * it will no longer be needed.
4118 	 *
4119 	 * Assume that esp_inbound() already ensured that the pkt
4120 	 * was in one mblk.
4121 	 */
4122 	ASSERT(data_mp->b_cont == NULL);
4123 	data_mp->b_wptr -= icv_len;
4124 	/* adjust IP header */
4125 	if (isv4)
4126 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len);
4127 	else
4128 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len);
4129 	if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) {
4130 		int af;
4131 		void *addr;
4132 
4133 		if (isv4) {
4134 			addr = &ipha->ipha_dst;
4135 			af = AF_INET;
4136 		} else {
4137 			addr = &ip6h->ip6_dst;
4138 			af = AF_INET6;
4139 		}
4140 
4141 		/*
4142 		 * Log the event. Don't print to the console, block
4143 		 * potential denial-of-service attack.
4144 		 */
4145 		ESP_BUMP_STAT(espstack, bad_auth);
4146 		ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
4147 		    "ESP Authentication failed spi %x, dst_addr %s",
4148 		    assoc->ipsa_spi, addr, af, espstack->ipsecesp_netstack);
4149 		counter = DROPPER(ipss, ipds_esp_bad_auth);
4150 		goto esp_in_discard;
4151 	}
4152 
4153 	esp3dbg(espstack, ("esp_inbound_accelerated: ESP authentication "
4154 	    "succeeded, checking replay\n"));
4155 
4156 	ipsec_in->b_cont = data_mp;
4157 
4158 	/*
4159 	 * Remove ESP header and padding from packet.
4160 	 */
4161 	if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len,
4162 	    &counter, espstack)) {
4163 		esp1dbg(espstack, ("esp_inbound_accelerated: "
4164 		    "esp_strip_header() failed\n"));
4165 		goto esp_in_discard;
4166 	}
4167 
4168 	freeb(hada_mp);
4169 
4170 	/*
4171 	 * Account for usage..
4172 	 */
4173 	if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) {
4174 		/* The ipsa has hit hard expiration, LOG and AUDIT. */
4175 		ESP_BUMP_STAT(espstack, bytes_expired);
4176 		IP_ESP_BUMP_STAT(ipss, in_discards);
4177 		ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
4178 		    "ESP association 0x%x, dst %s had bytes expire.\n",
4179 		    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
4180 		    espstack->ipsecesp_netstack);
4181 		ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL,
4182 		    DROPPER(ipss, ipds_esp_bytes_expire),
4183 		    &espstack->esp_dropper);
4184 		return (IPSEC_STATUS_FAILED);
4185 	}
4186 
4187 	/* done processing the packet */
4188 	return (IPSEC_STATUS_SUCCESS);
4189 
4190 esp_in_discard:
4191 	IP_ESP_BUMP_STAT(ipss, in_discards);
4192 	freeb(hada_mp);
4193 
4194 	ipsec_in->b_cont = data_mp;	/* For ip_drop_packet()'s sake... */
4195 	ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter,
4196 	    &espstack->esp_dropper);
4197 
4198 	return (IPSEC_STATUS_FAILED);
4199 }
4200 
4201 /*
4202  * Wrapper to allow IP to trigger an ESP association failure message
4203  * during inbound SA selection.
4204  */
4205 void
4206 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt,
4207     uint32_t spi, void *addr, int af, ipsecesp_stack_t *espstack)
4208 {
4209 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
4210 
4211 	if (espstack->ipsecesp_log_unknown_spi) {
4212 		ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi,
4213 		    addr, af, espstack->ipsecesp_netstack);
4214 	}
4215 
4216 	ip_drop_packet(mp, B_TRUE, NULL, NULL,
4217 	    DROPPER(ipss, ipds_esp_no_sa),
4218 	    &espstack->esp_dropper);
4219 }
4220 
4221 /*
4222  * Initialize the ESP input and output processing functions.
4223  */
4224 void
4225 ipsecesp_init_funcs(ipsa_t *sa)
4226 {
4227 	if (sa->ipsa_output_func == NULL)
4228 		sa->ipsa_output_func = esp_outbound;
4229 	if (sa->ipsa_input_func == NULL)
4230 		sa->ipsa_input_func = esp_inbound;
4231 }
4232