1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/param.h> 27 #include <sys/types.h> 28 #include <sys/stream.h> 29 #include <sys/strsubr.h> 30 #include <sys/strsun.h> 31 #include <sys/stropts.h> 32 #include <sys/vnode.h> 33 #include <sys/zone.h> 34 #include <sys/strlog.h> 35 #include <sys/sysmacros.h> 36 #define _SUN_TPI_VERSION 2 37 #include <sys/tihdr.h> 38 #include <sys/timod.h> 39 #include <sys/tiuser.h> 40 #include <sys/ddi.h> 41 #include <sys/sunddi.h> 42 #include <sys/sunldi.h> 43 #include <sys/file.h> 44 #include <sys/modctl.h> 45 #include <sys/debug.h> 46 #include <sys/kmem.h> 47 #include <sys/cmn_err.h> 48 #include <sys/proc.h> 49 #include <sys/suntpi.h> 50 #include <sys/atomic.h> 51 #include <sys/mkdev.h> 52 #include <sys/policy.h> 53 #include <sys/disp.h> 54 55 #include <sys/socket.h> 56 #include <netinet/in.h> 57 #include <net/pfkeyv2.h> 58 59 #include <inet/common.h> 60 #include <netinet/ip6.h> 61 #include <inet/ip.h> 62 #include <inet/proto_set.h> 63 #include <inet/nd.h> 64 #include <inet/optcom.h> 65 #include <inet/ipsec_info.h> 66 #include <inet/ipsec_impl.h> 67 #include <inet/keysock.h> 68 69 #include <sys/isa_defs.h> 70 71 /* 72 * This is a transport provider for the PF_KEY key mangement socket. 73 * (See RFC 2367 for details.) 74 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN 75 * messages (see ipsec_info.h), and passed to the appropriate consumer. 76 * Upstream messages are generated for all open PF_KEY sockets, when 77 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled) 78 * in reply to downstream messages. 79 * 80 * Upstream messages must be created asynchronously for the following 81 * situations: 82 * 83 * 1.) A keysock consumer requires an SA, and there is currently none. 84 * 2.) An SA expires, either hard or soft lifetime. 85 * 3.) Other events a consumer deems fit. 86 * 87 * The MT model of this is PERMOD, with shared put procedures. Two types of 88 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send 89 * down the *multiple* messages they create. 90 */ 91 92 static vmem_t *keysock_vmem; /* for minor numbers. */ 93 94 #define KEYSOCK_MAX_CONSUMERS 256 95 96 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */ 97 static struct T_info_ack keysock_g_t_info_ack = { 98 T_INFO_ACK, 99 T_INFINITE, /* TSDU_size. Maximum size messages. */ 100 T_INVALID, /* ETSDU_size. No expedited data. */ 101 T_INVALID, /* CDATA_size. No connect data. */ 102 T_INVALID, /* DDATA_size. No disconnect data. */ 103 0, /* ADDR_size. */ 104 0, /* OPT_size. No user-settable options */ 105 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */ 106 T_COTS, /* SERV_type. keysock supports connection oriented. */ 107 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */ 108 (XPG4_1) /* Provider flags */ 109 }; 110 111 /* Named Dispatch Parameter Management Structure */ 112 typedef struct keysockparam_s { 113 uint_t keysock_param_min; 114 uint_t keysock_param_max; 115 uint_t keysock_param_value; 116 char *keysock_param_name; 117 } keysockparam_t; 118 119 /* 120 * Table of NDD variables supported by keysock. These are loaded into 121 * keysock_g_nd in keysock_init_nd. 122 * All of these are alterable, within the min/max values given, at run time. 123 */ 124 static keysockparam_t lcl_param_arr[] = { 125 /* min max value name */ 126 { 4096, 65536, 8192, "keysock_xmit_hiwat"}, 127 { 0, 65536, 1024, "keysock_xmit_lowat"}, 128 { 4096, 65536, 8192, "keysock_recv_hiwat"}, 129 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"}, 130 { 0, 3, 0, "keysock_debug"}, 131 }; 132 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value 133 #define keystack_xmit_lowat keystack_params[1].keysock_param_value 134 #define keystack_recv_hiwat keystack_params[2].keysock_param_value 135 #define keystack_max_buf keystack_params[3].keysock_param_value 136 #define keystack_debug keystack_params[4].keysock_param_value 137 138 #define ks0dbg(a) printf a 139 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 140 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a 141 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a 142 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a 143 144 static int keysock_close(queue_t *); 145 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *); 146 static void keysock_wput(queue_t *, mblk_t *); 147 static void keysock_rput(queue_t *, mblk_t *); 148 static void keysock_rsrv(queue_t *); 149 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t, 150 keysock_consumer_t *, boolean_t, keysock_stack_t *); 151 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns); 152 static void keysock_stack_fini(netstackid_t stackid, void *arg); 153 154 static struct module_info info = { 155 5138, "keysock", 1, INFPSZ, 512, 128 156 }; 157 158 static struct qinit rinit = { 159 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close, 160 NULL, &info 161 }; 162 163 static struct qinit winit = { 164 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info 165 }; 166 167 struct streamtab keysockinfo = { 168 &rinit, &winit 169 }; 170 171 extern struct modlinkage *keysock_modlp; 172 173 /* 174 * Plumb IPsec. 175 * 176 * NOTE: New "default" modules will need to be loaded here if needed before 177 * boot time. 178 */ 179 180 /* Keep these in global space to keep the lint from complaining. */ 181 static char *IPSECESP = "ipsecesp"; 182 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp"; 183 static char *IPSECAH = "ipsecah"; 184 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah"; 185 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6"; 186 static char *KEYSOCK = "keysock"; 187 static char *STRMOD = "strmod"; 188 189 /* 190 * Load the other ipsec modules and plumb them together. 191 */ 192 int 193 keysock_plumb_ipsec(netstack_t *ns) 194 { 195 ldi_handle_t lh, ip6_lh = NULL; 196 ldi_ident_t li = NULL; 197 int err = 0; 198 int muxid, rval; 199 boolean_t esp_present = B_TRUE; 200 cred_t *cr; 201 keysock_stack_t *keystack = ns->netstack_keysock; 202 203 #ifdef NS_DEBUG 204 (void) printf("keysock_plumb_ipsec(%d)\n", 205 ns->netstack_stackid); 206 #endif 207 208 keystack->keystack_plumbed = 0; /* we're trying again.. */ 209 210 cr = zone_get_kcred(netstackid_to_zoneid( 211 keystack->keystack_netstack->netstack_stackid)); 212 ASSERT(cr != NULL); 213 /* 214 * Load up the drivers (AH/ESP). 215 * 216 * I do this separately from the actual plumbing in case this function 217 * ever gets called from a diskless boot before the root filesystem is 218 * up. I don't have to worry about "keysock" because, well, if I'm 219 * here, keysock must've loaded successfully. 220 */ 221 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) { 222 ks0dbg(("IPsec: AH failed to attach.\n")); 223 goto bail; 224 } 225 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) { 226 ks0dbg(("IPsec: ESP failed to attach.\n")); 227 esp_present = B_FALSE; 228 } 229 230 /* 231 * Set up the IP streams for AH and ESP, as well as tacking keysock 232 * on top of them. Assume keysock has set the autopushes up already. 233 */ 234 235 /* Open IP. */ 236 err = ldi_ident_from_mod(keysock_modlp, &li); 237 if (err) { 238 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n", 239 err)); 240 goto bail; 241 } 242 243 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li); 244 if (err) { 245 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err)); 246 goto bail; 247 } 248 249 /* PLINK KEYSOCK/AH */ 250 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li); 251 if (err) { 252 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err)); 253 goto bail; 254 } 255 err = ldi_ioctl(lh, 256 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 257 if (err) { 258 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n", 259 err)); 260 (void) ldi_close(lh, FREAD|FWRITE, cr); 261 goto bail; 262 } 263 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 264 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 265 if (err) { 266 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err)); 267 (void) ldi_close(lh, FREAD|FWRITE, cr); 268 goto bail; 269 } 270 (void) ldi_close(lh, FREAD|FWRITE, cr); 271 272 /* PLINK KEYSOCK/ESP */ 273 if (esp_present) { 274 err = ldi_open_by_name(IPSECESPDEV, 275 FREAD|FWRITE, cr, &lh, li); 276 if (err) { 277 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err)); 278 goto bail; 279 } 280 err = ldi_ioctl(lh, 281 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval); 282 if (err) { 283 ks0dbg(("IPsec: " 284 "Push of KEYSOCK onto ESP failed (err %d).\n", 285 err)); 286 (void) ldi_close(lh, FREAD|FWRITE, cr); 287 goto bail; 288 } 289 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh, 290 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid); 291 if (err) { 292 ks0dbg(("IPsec: " 293 "PLINK of KEYSOCK/ESP failed (err %d).\n", err)); 294 (void) ldi_close(lh, FREAD|FWRITE, cr); 295 goto bail; 296 } 297 (void) ldi_close(lh, FREAD|FWRITE, cr); 298 } 299 300 bail: 301 keystack->keystack_plumbed = (err == 0) ? 1 : -1; 302 if (ip6_lh != NULL) { 303 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr); 304 } 305 if (li != NULL) 306 ldi_ident_release(li); 307 #ifdef NS_DEBUG 308 (void) printf("keysock_plumb_ipsec -> %d\n", 309 keystack->keystack_plumbed); 310 #endif 311 crfree(cr); 312 return (err); 313 } 314 315 /* ARGSUSED */ 316 static int 317 keysock_param_get(q, mp, cp, cr) 318 queue_t *q; 319 mblk_t *mp; 320 caddr_t cp; 321 cred_t *cr; 322 { 323 keysockparam_t *keysockpa = (keysockparam_t *)cp; 324 uint_t value; 325 keysock_t *ks = (keysock_t *)q->q_ptr; 326 keysock_stack_t *keystack = ks->keysock_keystack; 327 328 mutex_enter(&keystack->keystack_param_lock); 329 value = keysockpa->keysock_param_value; 330 mutex_exit(&keystack->keystack_param_lock); 331 332 (void) mi_mpprintf(mp, "%u", value); 333 return (0); 334 } 335 336 /* This routine sets an NDD variable in a keysockparam_t structure. */ 337 /* ARGSUSED */ 338 static int 339 keysock_param_set(q, mp, value, cp, cr) 340 queue_t *q; 341 mblk_t *mp; 342 char *value; 343 caddr_t cp; 344 cred_t *cr; 345 { 346 ulong_t new_value; 347 keysockparam_t *keysockpa = (keysockparam_t *)cp; 348 keysock_t *ks = (keysock_t *)q->q_ptr; 349 keysock_stack_t *keystack = ks->keysock_keystack; 350 351 /* Convert the value from a string into a long integer. */ 352 if (ddi_strtoul(value, NULL, 10, &new_value) != 0) 353 return (EINVAL); 354 355 mutex_enter(&keystack->keystack_param_lock); 356 /* 357 * Fail the request if the new value does not lie within the 358 * required bounds. 359 */ 360 if (new_value < keysockpa->keysock_param_min || 361 new_value > keysockpa->keysock_param_max) { 362 mutex_exit(&keystack->keystack_param_lock); 363 return (EINVAL); 364 } 365 366 /* Set the new value */ 367 keysockpa->keysock_param_value = new_value; 368 mutex_exit(&keystack->keystack_param_lock); 369 370 return (0); 371 } 372 373 /* 374 * Initialize keysock at module load time 375 */ 376 boolean_t 377 keysock_ddi_init(void) 378 { 379 keysock_max_optsize = optcom_max_optsize( 380 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt); 381 382 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1, 383 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER); 384 385 /* 386 * We want to be informed each time a stack is created or 387 * destroyed in the kernel, so we can maintain the 388 * set of keysock_stack_t's. 389 */ 390 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL, 391 keysock_stack_fini); 392 393 return (B_TRUE); 394 } 395 396 /* 397 * Walk through the param array specified registering each element with the 398 * named dispatch handler. 399 */ 400 static boolean_t 401 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt) 402 { 403 for (; cnt-- > 0; ksp++) { 404 if (ksp->keysock_param_name != NULL && 405 ksp->keysock_param_name[0]) { 406 if (!nd_load(ndp, 407 ksp->keysock_param_name, 408 keysock_param_get, keysock_param_set, 409 (caddr_t)ksp)) { 410 nd_free(ndp); 411 return (B_FALSE); 412 } 413 } 414 } 415 return (B_TRUE); 416 } 417 418 /* 419 * Initialize keysock for one stack instance 420 */ 421 /* ARGSUSED */ 422 static void * 423 keysock_stack_init(netstackid_t stackid, netstack_t *ns) 424 { 425 keysock_stack_t *keystack; 426 keysockparam_t *ksp; 427 428 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP); 429 keystack->keystack_netstack = ns; 430 431 keystack->keystack_acquire_seq = 0xffffffff; 432 433 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 434 keystack->keystack_params = ksp; 435 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr)); 436 437 (void) keysock_param_register(&keystack->keystack_g_nd, ksp, 438 A_CNT(lcl_param_arr)); 439 440 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL); 441 mutex_init(&keystack->keystack_consumers_lock, 442 NULL, MUTEX_DEFAULT, NULL); 443 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL); 444 return (keystack); 445 } 446 447 /* 448 * Free NDD variable space, and other destructors, for keysock. 449 */ 450 void 451 keysock_ddi_destroy(void) 452 { 453 netstack_unregister(NS_KEYSOCK); 454 vmem_destroy(keysock_vmem); 455 } 456 457 /* 458 * Remove one stack instance from keysock 459 */ 460 /* ARGSUSED */ 461 static void 462 keysock_stack_fini(netstackid_t stackid, void *arg) 463 { 464 keysock_stack_t *keystack = (keysock_stack_t *)arg; 465 466 nd_free(&keystack->keystack_g_nd); 467 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr)); 468 keystack->keystack_params = NULL; 469 470 mutex_destroy(&keystack->keystack_list_lock); 471 mutex_destroy(&keystack->keystack_consumers_lock); 472 mutex_destroy(&keystack->keystack_param_lock); 473 474 kmem_free(keystack, sizeof (*keystack)); 475 } 476 477 /* 478 * Close routine for keysock. 479 */ 480 static int 481 keysock_close(queue_t *q) 482 { 483 keysock_t *ks; 484 keysock_consumer_t *kc; 485 void *ptr = q->q_ptr; 486 int size; 487 keysock_stack_t *keystack; 488 489 490 qprocsoff(q); 491 492 /* Safe assumption. */ 493 ASSERT(ptr != NULL); 494 495 if (WR(q)->q_next) { 496 kc = (keysock_consumer_t *)ptr; 497 keystack = kc->kc_keystack; 498 499 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n", 500 kc->kc_sa_type)); 501 /* 502 * Because of PERMOD open/close exclusive perimeter, I 503 * can inspect KC_FLUSHING w/o locking down kc->kc_lock. 504 */ 505 if (kc->kc_flags & KC_FLUSHING) { 506 /* 507 * If this decrement was the last one, send 508 * down the next pending one, if any. 509 * 510 * With a PERMOD perimeter, the mutexes ops aren't 511 * really necessary, but if we ever loosen up, we will 512 * have this bit covered already. 513 */ 514 keystack->keystack_flushdump--; 515 if (keystack->keystack_flushdump == 0) { 516 /* 517 * The flush/dump terminated by having a 518 * consumer go away. I need to send up to the 519 * appropriate keysock all of the relevant 520 * information. Unfortunately, I don't 521 * have that handy. 522 */ 523 ks0dbg(("Consumer went away while flushing or" 524 " dumping.\n")); 525 } 526 } 527 size = sizeof (keysock_consumer_t); 528 mutex_enter(&keystack->keystack_consumers_lock); 529 keystack->keystack_consumers[kc->kc_sa_type] = NULL; 530 mutex_exit(&keystack->keystack_consumers_lock); 531 mutex_destroy(&kc->kc_lock); 532 netstack_rele(kc->kc_keystack->keystack_netstack); 533 } else { 534 ks = (keysock_t *)ptr; 535 keystack = ks->keysock_keystack; 536 537 ks3dbg(keystack, 538 ("Driver close, PF_KEY socket is going away.\n")); 539 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0) 540 atomic_add_32(&keystack->keystack_num_extended, -1); 541 size = sizeof (keysock_t); 542 mutex_enter(&keystack->keystack_list_lock); 543 *(ks->keysock_ptpn) = ks->keysock_next; 544 if (ks->keysock_next != NULL) 545 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn; 546 mutex_exit(&keystack->keystack_list_lock); 547 mutex_destroy(&ks->keysock_lock); 548 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial, 549 1); 550 netstack_rele(ks->keysock_keystack->keystack_netstack); 551 } 552 553 /* Now I'm free. */ 554 kmem_free(ptr, size); 555 return (0); 556 } 557 /* 558 * Open routine for keysock. 559 */ 560 /* ARGSUSED */ 561 static int 562 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 563 { 564 keysock_t *ks; 565 keysock_consumer_t *kc; 566 mblk_t *mp; 567 ipsec_info_t *ii; 568 netstack_t *ns; 569 keysock_stack_t *keystack; 570 571 if (secpolicy_ip_config(credp, B_FALSE) != 0) { 572 /* Privilege debugging will log the error */ 573 return (EPERM); 574 } 575 576 if (q->q_ptr != NULL) 577 return (0); /* Re-open of an already open instance. */ 578 579 ns = netstack_find_by_cred(credp); 580 ASSERT(ns != NULL); 581 keystack = ns->netstack_keysock; 582 ASSERT(keystack != NULL); 583 584 ks3dbg(keystack, ("Entering keysock open.\n")); 585 586 if (keystack->keystack_plumbed < 1) { 587 netstack_t *ns = keystack->keystack_netstack; 588 589 keystack->keystack_plumbed = 0; 590 #ifdef NS_DEBUG 591 printf("keysock_open(%d) - plumb\n", 592 keystack->keystack_netstack->netstack_stackid); 593 #endif 594 /* 595 * Don't worry about ipsec_failure being true here. 596 * (See ip.c). An open of keysock should try and force 597 * the issue. Maybe it was a transient failure. 598 */ 599 ipsec_loader_loadnow(ns->netstack_ipsec); 600 } 601 602 if (sflag & MODOPEN) { 603 /* Initialize keysock_consumer state here. */ 604 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP); 605 if (kc == NULL) { 606 netstack_rele(keystack->keystack_netstack); 607 return (ENOMEM); 608 } 609 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0); 610 kc->kc_rq = q; 611 kc->kc_wq = WR(q); 612 613 q->q_ptr = kc; 614 WR(q)->q_ptr = kc; 615 616 kc->kc_keystack = keystack; 617 qprocson(q); 618 619 /* 620 * Send down initial message to whatever I was pushed on top 621 * of asking for its consumer type. The reply will set it. 622 */ 623 624 /* Allocate it. */ 625 mp = allocb(sizeof (ipsec_info_t), BPRI_HI); 626 if (mp == NULL) { 627 ks1dbg(keystack, ( 628 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n")); 629 /* Do I need to set these to null? */ 630 q->q_ptr = NULL; 631 WR(q)->q_ptr = NULL; 632 mutex_destroy(&kc->kc_lock); 633 kmem_free(kc, sizeof (*kc)); 634 netstack_rele(keystack->keystack_netstack); 635 return (ENOMEM); 636 } 637 638 /* If I allocated okay, putnext to what I was pushed atop. */ 639 mp->b_wptr += sizeof (ipsec_info_t); 640 mp->b_datap->db_type = M_CTL; 641 ii = (ipsec_info_t *)mp->b_rptr; 642 ii->ipsec_info_type = KEYSOCK_HELLO; 643 /* Length only of type/len. */ 644 ii->ipsec_info_len = sizeof (ii->ipsec_allu); 645 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n")); 646 putnext(kc->kc_wq, mp); 647 } else { 648 minor_t ksminor; 649 650 /* Initialize keysock state. */ 651 652 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n")); 653 654 ksminor = (minor_t)(uintptr_t) 655 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP); 656 if (ksminor == 0) { 657 netstack_rele(keystack->keystack_netstack); 658 return (ENOMEM); 659 } 660 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP); 661 if (ks == NULL) { 662 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1); 663 netstack_rele(keystack->keystack_netstack); 664 return (ENOMEM); 665 } 666 667 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0); 668 ks->keysock_rq = q; 669 ks->keysock_wq = WR(q); 670 ks->keysock_state = TS_UNBND; 671 ks->keysock_serial = ksminor; 672 673 q->q_ptr = ks; 674 WR(q)->q_ptr = ks; 675 ks->keysock_keystack = keystack; 676 677 /* 678 * The receive hiwat is only looked at on the stream head 679 * queue. Store in q_hiwat in order to return on SO_RCVBUF 680 * getsockopts. 681 */ 682 683 q->q_hiwat = keystack->keystack_recv_hiwat; 684 685 /* 686 * The transmit hiwat/lowat is only looked at on IP's queue. 687 * Store in q_hiwat/q_lowat in order to return on 688 * SO_SNDBUF/SO_SNDLOWAT getsockopts. 689 */ 690 691 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat; 692 WR(q)->q_lowat = keystack->keystack_xmit_lowat; 693 694 *devp = makedevice(getmajor(*devp), ksminor); 695 696 /* 697 * Thread keysock into the global keysock list. 698 */ 699 mutex_enter(&keystack->keystack_list_lock); 700 ks->keysock_next = keystack->keystack_list; 701 ks->keysock_ptpn = &keystack->keystack_list; 702 if (keystack->keystack_list != NULL) { 703 keystack->keystack_list->keysock_ptpn = 704 &ks->keysock_next; 705 } 706 keystack->keystack_list = ks; 707 mutex_exit(&keystack->keystack_list_lock); 708 709 qprocson(q); 710 (void) proto_set_rx_hiwat(q, NULL, 711 keystack->keystack_recv_hiwat); 712 /* 713 * Wait outside the keysock module perimeter for IPsec 714 * plumbing to be completed. If it fails, keysock_close() 715 * undoes everything we just did. 716 */ 717 if (!ipsec_loader_wait(q, 718 keystack->keystack_netstack->netstack_ipsec)) { 719 (void) keysock_close(q); 720 return (EPFNOSUPPORT); 721 } 722 } 723 724 return (0); 725 } 726 727 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */ 728 729 /* 730 * Copy relevant state bits. 731 */ 732 static void 733 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks) 734 { 735 *tap = keysock_g_t_info_ack; 736 tap->CURRENT_state = ks->keysock_state; 737 tap->OPT_size = keysock_max_optsize; 738 } 739 740 /* 741 * This routine responds to T_CAPABILITY_REQ messages. It is called by 742 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from 743 * keysock_g_t_info_ack. The current state of the stream is copied from 744 * keysock_state. 745 */ 746 static void 747 keysock_capability_req(queue_t *q, mblk_t *mp) 748 { 749 keysock_t *ks = (keysock_t *)q->q_ptr; 750 t_uscalar_t cap_bits1; 751 struct T_capability_ack *tcap; 752 753 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1; 754 755 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack), 756 mp->b_datap->db_type, T_CAPABILITY_ACK); 757 if (mp == NULL) 758 return; 759 760 tcap = (struct T_capability_ack *)mp->b_rptr; 761 tcap->CAP_bits1 = 0; 762 763 if (cap_bits1 & TC1_INFO) { 764 keysock_copy_info(&tcap->INFO_ack, ks); 765 tcap->CAP_bits1 |= TC1_INFO; 766 } 767 768 qreply(q, mp); 769 } 770 771 /* 772 * This routine responds to T_INFO_REQ messages. It is called by 773 * keysock_wput_other. 774 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack. 775 * The current state of the stream is copied from keysock_state. 776 */ 777 static void 778 keysock_info_req(q, mp) 779 queue_t *q; 780 mblk_t *mp; 781 { 782 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO, 783 T_INFO_ACK); 784 if (mp == NULL) 785 return; 786 keysock_copy_info((struct T_info_ack *)mp->b_rptr, 787 (keysock_t *)q->q_ptr); 788 qreply(q, mp); 789 } 790 791 /* 792 * keysock_err_ack. This routine creates a 793 * T_ERROR_ACK message and passes it 794 * upstream. 795 */ 796 static void 797 keysock_err_ack(q, mp, t_error, sys_error) 798 queue_t *q; 799 mblk_t *mp; 800 int t_error; 801 int sys_error; 802 { 803 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL) 804 qreply(q, mp); 805 } 806 807 /* 808 * This routine retrieves the current status of socket options. 809 * It returns the size of the option retrieved. 810 */ 811 /* ARGSUSED */ 812 int 813 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr) 814 { 815 int *i1 = (int *)ptr; 816 keysock_t *ks = (keysock_t *)q->q_ptr; 817 818 switch (level) { 819 case SOL_SOCKET: 820 mutex_enter(&ks->keysock_lock); 821 switch (name) { 822 case SO_TYPE: 823 *i1 = SOCK_RAW; 824 break; 825 case SO_USELOOPBACK: 826 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) == 827 KEYSOCK_NOLOOP)); 828 break; 829 /* 830 * The following two items can be manipulated, 831 * but changing them should do nothing. 832 */ 833 case SO_SNDBUF: 834 *i1 = (int)q->q_hiwat; 835 break; 836 case SO_RCVBUF: 837 *i1 = (int)(RD(q)->q_hiwat); 838 break; 839 } 840 mutex_exit(&ks->keysock_lock); 841 break; 842 default: 843 return (0); 844 } 845 return (sizeof (int)); 846 } 847 848 /* 849 * This routine sets socket options. 850 */ 851 /* ARGSUSED */ 852 int 853 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level, 854 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp, 855 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr, mblk_t *mblk) 856 { 857 int *i1 = (int *)invalp, errno = 0; 858 keysock_t *ks = (keysock_t *)q->q_ptr; 859 keysock_stack_t *keystack = ks->keysock_keystack; 860 861 switch (level) { 862 case SOL_SOCKET: 863 mutex_enter(&ks->keysock_lock); 864 switch (name) { 865 case SO_USELOOPBACK: 866 if (!(*i1)) 867 ks->keysock_flags |= KEYSOCK_NOLOOP; 868 else ks->keysock_flags &= ~KEYSOCK_NOLOOP; 869 break; 870 case SO_SNDBUF: 871 if (*i1 > keystack->keystack_max_buf) 872 errno = ENOBUFS; 873 else q->q_hiwat = *i1; 874 break; 875 case SO_RCVBUF: 876 if (*i1 > keystack->keystack_max_buf) { 877 errno = ENOBUFS; 878 } else { 879 RD(q)->q_hiwat = *i1; 880 (void) proto_set_rx_hiwat(RD(q), NULL, *i1); 881 } 882 break; 883 default: 884 errno = EINVAL; 885 } 886 mutex_exit(&ks->keysock_lock); 887 break; 888 default: 889 errno = EINVAL; 890 } 891 return (errno); 892 } 893 894 /* 895 * Handle STREAMS messages. 896 */ 897 static void 898 keysock_wput_other(queue_t *q, mblk_t *mp) 899 { 900 struct iocblk *iocp; 901 int error; 902 keysock_t *ks = (keysock_t *)q->q_ptr; 903 keysock_stack_t *keystack = ks->keysock_keystack; 904 cred_t *cr; 905 906 switch (mp->b_datap->db_type) { 907 case M_PROTO: 908 case M_PCPROTO: 909 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) { 910 ks3dbg(keystack, ( 911 "keysock_wput_other: Not big enough M_PROTO\n")); 912 freemsg(mp); 913 return; 914 } 915 switch (((union T_primitives *)mp->b_rptr)->type) { 916 case T_CAPABILITY_REQ: 917 keysock_capability_req(q, mp); 918 break; 919 case T_INFO_REQ: 920 keysock_info_req(q, mp); 921 break; 922 case T_SVR4_OPTMGMT_REQ: 923 case T_OPTMGMT_REQ: 924 /* 925 * All Solaris components should pass a db_credp 926 * for this TPI message, hence we ASSERT. 927 * But in case there is some other M_PROTO that looks 928 * like a TPI message sent by some other kernel 929 * component, we check and return an error. 930 */ 931 cr = msg_getcred(mp, NULL); 932 ASSERT(cr != NULL); 933 if (cr == NULL) { 934 keysock_err_ack(q, mp, TSYSERR, EINVAL); 935 return; 936 } 937 if (((union T_primitives *)mp->b_rptr)->type == 938 T_SVR4_OPTMGMT_REQ) { 939 (void) svr4_optcom_req(q, mp, cr, 940 &keysock_opt_obj, B_FALSE); 941 } else { 942 (void) tpi_optcom_req(q, mp, cr, 943 &keysock_opt_obj, B_FALSE); 944 } 945 break; 946 case T_DATA_REQ: 947 case T_EXDATA_REQ: 948 case T_ORDREL_REQ: 949 /* Illegal for keysock. */ 950 freemsg(mp); 951 (void) putnextctl1(RD(q), M_ERROR, EPROTO); 952 break; 953 default: 954 /* Not supported by keysock. */ 955 keysock_err_ack(q, mp, TNOTSUPPORT, 0); 956 break; 957 } 958 return; 959 case M_IOCTL: 960 iocp = (struct iocblk *)mp->b_rptr; 961 error = EINVAL; 962 963 switch (iocp->ioc_cmd) { 964 case ND_SET: 965 case ND_GET: 966 if (nd_getset(q, keystack->keystack_g_nd, mp)) { 967 qreply(q, mp); 968 return; 969 } else 970 error = ENOENT; 971 /* FALLTHRU */ 972 default: 973 miocnak(q, mp, 0, error); 974 return; 975 } 976 case M_FLUSH: 977 if (*mp->b_rptr & FLUSHW) { 978 flushq(q, FLUSHALL); 979 *mp->b_rptr &= ~FLUSHW; 980 } 981 if (*mp->b_rptr & FLUSHR) { 982 qreply(q, mp); 983 return; 984 } 985 /* Else FALLTHRU */ 986 } 987 988 /* If fell through, just black-hole the message. */ 989 freemsg(mp); 990 } 991 992 /* 993 * Transmit a PF_KEY error message to the instance either pointed to 994 * by ks, the instance with serial number serial, or more, depending. 995 * 996 * The faulty message (or a reasonable facsimile thereof) is in mp. 997 * This function will free mp or recycle it for delivery, thereby causing 998 * the stream head to free it. 999 */ 1000 static void 1001 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic) 1002 { 1003 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1004 keysock_stack_t *keystack = ks->keysock_keystack; 1005 1006 ASSERT(mp->b_datap->db_type == M_DATA); 1007 1008 if (samsg->sadb_msg_type < SADB_GETSPI || 1009 samsg->sadb_msg_type > SADB_MAX) 1010 samsg->sadb_msg_type = SADB_RESERVED; 1011 1012 /* 1013 * Strip out extension headers. 1014 */ 1015 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim); 1016 mp->b_wptr = mp->b_rptr + sizeof (*samsg); 1017 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t)); 1018 samsg->sadb_msg_errno = (uint8_t)error; 1019 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic; 1020 1021 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack); 1022 } 1023 1024 /* 1025 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy 1026 * in the extv if passed in. 1027 */ 1028 static void 1029 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[], 1030 boolean_t flushmsg) 1031 { 1032 keysock_consumer_t *kc; 1033 mblk_t *wrapper; 1034 keysock_in_t *ksi; 1035 int i; 1036 keysock_stack_t *keystack = ks->keysock_keystack; 1037 1038 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI); 1039 if (wrapper == NULL) { 1040 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n")); 1041 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL) 1042 bzero(extv[SADB_EXT_KEY_ENCRYPT], 1043 SADB_64TO8( 1044 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len)); 1045 if (extv[SADB_EXT_KEY_AUTH] != NULL) 1046 bzero(extv[SADB_EXT_KEY_AUTH], 1047 SADB_64TO8( 1048 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len)); 1049 if (flushmsg) { 1050 ks0dbg(( 1051 "keysock: Downwards flush/dump message failed!\n")); 1052 /* If this is true, I hold the perimeter. */ 1053 keystack->keystack_flushdump--; 1054 } 1055 freemsg(mp); 1056 return; 1057 } 1058 1059 wrapper->b_datap->db_type = M_CTL; 1060 ksi = (keysock_in_t *)wrapper->b_rptr; 1061 ksi->ks_in_type = KEYSOCK_IN; 1062 ksi->ks_in_len = sizeof (keysock_in_t); 1063 if (extv[SADB_EXT_ADDRESS_SRC] != NULL) 1064 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN; 1065 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE; 1066 if (extv[SADB_EXT_ADDRESS_DST] != NULL) 1067 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN; 1068 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE; 1069 for (i = 0; i <= SADB_EXT_MAX; i++) 1070 ksi->ks_in_extv[i] = extv[i]; 1071 ksi->ks_in_serial = ks->keysock_serial; 1072 wrapper->b_wptr += sizeof (ipsec_info_t); 1073 wrapper->b_cont = mp; 1074 1075 /* 1076 * Find the appropriate consumer where the message is passed down. 1077 */ 1078 kc = keystack->keystack_consumers[satype]; 1079 if (kc == NULL) { 1080 freeb(wrapper); 1081 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1082 if (flushmsg) { 1083 ks0dbg(( 1084 "keysock: Downwards flush/dump message failed!\n")); 1085 /* If this is true, I hold the perimeter. */ 1086 keystack->keystack_flushdump--; 1087 } 1088 return; 1089 } 1090 1091 /* 1092 * NOTE: There used to be code in here to spin while a flush or 1093 * dump finished. Keysock now assumes that consumers have enough 1094 * MT-savviness to deal with that. 1095 */ 1096 1097 /* 1098 * Current consumers (AH and ESP) are guaranteed to return a 1099 * FLUSH or DUMP message back, so when we reach here, we don't 1100 * have to worry about keysock_flushdumps. 1101 */ 1102 1103 putnext(kc->kc_wq, wrapper); 1104 } 1105 1106 /* 1107 * High-level reality checking of extensions. 1108 */ 1109 static boolean_t 1110 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack) 1111 { 1112 int i; 1113 uint64_t *lp; 1114 sadb_ident_t *id; 1115 char *idstr; 1116 1117 switch (ext->sadb_ext_type) { 1118 case SADB_EXT_ADDRESS_SRC: 1119 case SADB_EXT_ADDRESS_DST: 1120 case SADB_X_EXT_ADDRESS_INNER_SRC: 1121 case SADB_X_EXT_ADDRESS_INNER_DST: 1122 /* Check for at least enough addtl length for a sockaddr. */ 1123 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t))) 1124 return (B_FALSE); 1125 break; 1126 case SADB_EXT_LIFETIME_HARD: 1127 case SADB_EXT_LIFETIME_SOFT: 1128 case SADB_EXT_LIFETIME_CURRENT: 1129 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t))) 1130 return (B_FALSE); 1131 break; 1132 case SADB_EXT_SPIRANGE: 1133 /* See if the SPI range is legit. */ 1134 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) > 1135 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max)) 1136 return (B_FALSE); 1137 break; 1138 case SADB_EXT_KEY_AUTH: 1139 case SADB_EXT_KEY_ENCRYPT: 1140 /* Key length check. */ 1141 if (((sadb_key_t *)ext)->sadb_key_bits == 0) 1142 return (B_FALSE); 1143 /* 1144 * Check to see if the key length (in bits) is less than the 1145 * extension length (in 8-bits words). 1146 */ 1147 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) + 1148 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) { 1149 ks1dbg(keystack, ( 1150 "ext_check: Key bits/length inconsistent.\n")); 1151 ks1dbg(keystack, ("%d bits, len is %d bytes.\n", 1152 ((sadb_key_t *)ext)->sadb_key_bits, 1153 SADB_64TO8(ext->sadb_ext_len))); 1154 return (B_FALSE); 1155 } 1156 1157 /* All-zeroes key check. */ 1158 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t)); 1159 for (i = 0; 1160 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t))); 1161 i++) 1162 if (lp[i] != 0) 1163 break; /* Out of for loop. */ 1164 /* If finished the loop naturally, it's an all zero key. */ 1165 if (lp[i] == 0) 1166 return (B_FALSE); 1167 break; 1168 case SADB_EXT_IDENTITY_SRC: 1169 case SADB_EXT_IDENTITY_DST: 1170 /* 1171 * Make sure the strings in these identities are 1172 * null-terminated. RFC 2367 underspecified how to handle 1173 * such a case. I "proactively" null-terminate the string 1174 * at the last byte if it's not terminated sooner. 1175 */ 1176 id = (sadb_ident_t *)ext; 1177 i = SADB_64TO8(id->sadb_ident_len); 1178 i -= sizeof (sadb_ident_t); 1179 idstr = (char *)(id + 1); 1180 while (*idstr != '\0' && i > 0) { 1181 i--; 1182 idstr++; 1183 } 1184 if (i == 0) { 1185 /* 1186 * I.e., if the bozo user didn't NULL-terminate the 1187 * string... 1188 */ 1189 idstr--; 1190 *idstr = '\0'; 1191 } 1192 break; 1193 } 1194 return (B_TRUE); /* For now... */ 1195 } 1196 1197 /* Return values for keysock_get_ext(). */ 1198 #define KGE_OK 0 1199 #define KGE_DUP 1 1200 #define KGE_UNK 2 1201 #define KGE_LEN 3 1202 #define KGE_CHK 4 1203 1204 /* 1205 * Parse basic extension headers and return in the passed-in pointer vector. 1206 * Return values include: 1207 * 1208 * KGE_OK Everything's nice and parsed out. 1209 * If there are no extensions, place NULL in extv[0]. 1210 * KGE_DUP There is a duplicate extension. 1211 * First instance in appropriate bin. First duplicate in 1212 * extv[0]. 1213 * KGE_UNK Unknown extension type encountered. extv[0] contains 1214 * unknown header. 1215 * KGE_LEN Extension length error. 1216 * KGE_CHK High-level reality check failed on specific extension. 1217 * 1218 * My apologies for some of the pointer arithmetic in here. I'm thinking 1219 * like an assembly programmer, yet trying to make the compiler happy. 1220 */ 1221 static int 1222 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize, 1223 keysock_stack_t *keystack) 1224 { 1225 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1)); 1226 1227 /* Use extv[0] as the "current working pointer". */ 1228 1229 extv[0] = (sadb_ext_t *)(basehdr + 1); 1230 1231 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) { 1232 /* Check for unknown headers. */ 1233 if (extv[0]->sadb_ext_type == 0 || 1234 extv[0]->sadb_ext_type > SADB_EXT_MAX) 1235 return (KGE_UNK); 1236 1237 /* 1238 * Check length. Use uint64_t because extlen is in units 1239 * of 64-bit words. If length goes beyond the msgsize, 1240 * return an error. (Zero length also qualifies here.) 1241 */ 1242 if (extv[0]->sadb_ext_len == 0 || 1243 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) > 1244 (void *)((uint8_t *)basehdr + msgsize)) 1245 return (KGE_LEN); 1246 1247 /* Check for redundant headers. */ 1248 if (extv[extv[0]->sadb_ext_type] != NULL) 1249 return (KGE_DUP); 1250 1251 /* 1252 * Reality check the extension if possible at the keysock 1253 * level. 1254 */ 1255 if (!ext_check(extv[0], keystack)) 1256 return (KGE_CHK); 1257 1258 /* If I make it here, assign the appropriate bin. */ 1259 extv[extv[0]->sadb_ext_type] = extv[0]; 1260 1261 /* Advance pointer (See above for uint64_t ptr reasoning.) */ 1262 extv[0] = (sadb_ext_t *) 1263 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len); 1264 } 1265 1266 /* Everything's cool. */ 1267 1268 /* 1269 * If extv[0] == NULL, then there are no extension headers in this 1270 * message. Ensure that this is the case. 1271 */ 1272 if (extv[0] == (sadb_ext_t *)(basehdr + 1)) 1273 extv[0] = NULL; 1274 1275 return (KGE_OK); 1276 } 1277 1278 /* 1279 * qwriter() callback to handle flushes and dumps. This routine will hold 1280 * the inner perimeter. 1281 */ 1282 void 1283 keysock_do_flushdump(queue_t *q, mblk_t *mp) 1284 { 1285 int i, start, finish; 1286 mblk_t *mp1 = NULL; 1287 keysock_t *ks = (keysock_t *)q->q_ptr; 1288 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1289 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr; 1290 keysock_stack_t *keystack = ks->keysock_keystack; 1291 1292 /* 1293 * I am guaranteed this will work. I did the work in keysock_parse() 1294 * already. 1295 */ 1296 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len), 1297 keystack); 1298 1299 /* 1300 * I hold the perimeter, therefore I don't need to use atomic ops. 1301 */ 1302 if (keystack->keystack_flushdump != 0) { 1303 /* XXX Should I instead use EBUSY? */ 1304 /* XXX Or is there a way to queue these up? */ 1305 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE); 1306 return; 1307 } 1308 1309 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1310 start = 0; 1311 finish = KEYSOCK_MAX_CONSUMERS - 1; 1312 } else { 1313 start = samsg->sadb_msg_satype; 1314 finish = samsg->sadb_msg_satype; 1315 } 1316 1317 /* 1318 * Fill up keysock_flushdump with the number of outstanding dumps 1319 * and/or flushes. 1320 */ 1321 1322 keystack->keystack_flushdump_errno = 0; 1323 1324 /* 1325 * Okay, I hold the perimeter. Eventually keysock_flushdump will 1326 * contain the number of consumers with outstanding flush operations. 1327 * 1328 * SO, here's the plan: 1329 * * For each relevant consumer (Might be one, might be all) 1330 * * Twiddle on the FLUSHING flag. 1331 * * Pass down the FLUSH/DUMP message. 1332 * 1333 * When I see upbound FLUSH/DUMP messages, I will decrement the 1334 * keysock_flushdump. When I decrement it to 0, I will pass the 1335 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will 1336 * pass down the right SA type to the consumer (either its own, or 1337 * that of UNSPEC), the right one will be reflected from each consumer, 1338 * and accordingly back to the socket. 1339 */ 1340 1341 mutex_enter(&keystack->keystack_consumers_lock); 1342 for (i = start; i <= finish; i++) { 1343 if (keystack->keystack_consumers[i] != NULL) { 1344 mp1 = copymsg(mp); 1345 if (mp1 == NULL) { 1346 ks0dbg(("SADB_FLUSH copymsg() failed.\n")); 1347 /* 1348 * Error? And what about outstanding 1349 * flushes? Oh, yeah, they get sucked up and 1350 * the counter is decremented. Consumers 1351 * (see keysock_passdown()) are guaranteed 1352 * to deliver back a flush request, even if 1353 * it's an error. 1354 */ 1355 keysock_error(ks, mp, ENOMEM, 1356 SADB_X_DIAGNOSTIC_NONE); 1357 return; 1358 } 1359 /* 1360 * Because my entry conditions are met above, the 1361 * following assertion should hold true. 1362 */ 1363 mutex_enter(&keystack->keystack_consumers[i]->kc_lock); 1364 ASSERT((keystack->keystack_consumers[i]->kc_flags & 1365 KC_FLUSHING) == 0); 1366 keystack->keystack_consumers[i]->kc_flags |= 1367 KC_FLUSHING; 1368 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock)); 1369 /* Always increment the number of flushes... */ 1370 keystack->keystack_flushdump++; 1371 /* Guaranteed to return a message. */ 1372 keysock_passdown(ks, mp1, i, extv, B_TRUE); 1373 } else if (start == finish) { 1374 /* 1375 * In case where start == finish, and there's no 1376 * consumer, should we force an error? Yes. 1377 */ 1378 mutex_exit(&keystack->keystack_consumers_lock); 1379 keysock_error(ks, mp, EINVAL, 1380 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE); 1381 return; 1382 } 1383 } 1384 mutex_exit(&keystack->keystack_consumers_lock); 1385 1386 if (keystack->keystack_flushdump == 0) { 1387 /* 1388 * There were no consumers at all for this message. 1389 * XXX For now return ESRCH. 1390 */ 1391 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS); 1392 } else { 1393 /* Otherwise, free the original message. */ 1394 freemsg(mp); 1395 } 1396 } 1397 1398 /* 1399 * Get the right diagnostic for a duplicate. Should probably use a static 1400 * table lookup. 1401 */ 1402 int 1403 keysock_duplicate(int ext_type) 1404 { 1405 int rc = 0; 1406 1407 switch (ext_type) { 1408 case SADB_EXT_ADDRESS_SRC: 1409 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC; 1410 break; 1411 case SADB_EXT_ADDRESS_DST: 1412 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST; 1413 break; 1414 case SADB_X_EXT_ADDRESS_INNER_SRC: 1415 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC; 1416 break; 1417 case SADB_X_EXT_ADDRESS_INNER_DST: 1418 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST; 1419 break; 1420 case SADB_EXT_SA: 1421 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA; 1422 break; 1423 case SADB_EXT_SPIRANGE: 1424 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE; 1425 break; 1426 case SADB_EXT_KEY_AUTH: 1427 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY; 1428 break; 1429 case SADB_EXT_KEY_ENCRYPT: 1430 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY; 1431 break; 1432 } 1433 return (rc); 1434 } 1435 1436 /* 1437 * Get the right diagnostic for a reality check failure. Should probably use 1438 * a static table lookup. 1439 */ 1440 int 1441 keysock_malformed(int ext_type) 1442 { 1443 int rc = 0; 1444 1445 switch (ext_type) { 1446 case SADB_EXT_ADDRESS_SRC: 1447 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC; 1448 break; 1449 case SADB_EXT_ADDRESS_DST: 1450 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST; 1451 break; 1452 case SADB_X_EXT_ADDRESS_INNER_SRC: 1453 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC; 1454 break; 1455 case SADB_X_EXT_ADDRESS_INNER_DST: 1456 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST; 1457 break; 1458 case SADB_EXT_SA: 1459 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA; 1460 break; 1461 case SADB_EXT_SPIRANGE: 1462 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE; 1463 break; 1464 case SADB_EXT_KEY_AUTH: 1465 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY; 1466 break; 1467 case SADB_EXT_KEY_ENCRYPT: 1468 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY; 1469 break; 1470 } 1471 return (rc); 1472 } 1473 1474 /* 1475 * Keysock massaging of an inverse ACQUIRE. Consult policy, 1476 * and construct an appropriate response. 1477 */ 1478 static void 1479 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[], 1480 keysock_t *ks) 1481 { 1482 mblk_t *reply_mp; 1483 keysock_stack_t *keystack = ks->keysock_keystack; 1484 1485 /* 1486 * Reality check things... 1487 */ 1488 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) { 1489 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC); 1490 return; 1491 } 1492 if (extv[SADB_EXT_ADDRESS_DST] == NULL) { 1493 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST); 1494 return; 1495 } 1496 1497 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL && 1498 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) { 1499 keysock_error(ks, mp, EINVAL, 1500 SADB_X_DIAGNOSTIC_MISSING_INNER_DST); 1501 return; 1502 } 1503 1504 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL && 1505 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) { 1506 keysock_error(ks, mp, EINVAL, 1507 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC); 1508 return; 1509 } 1510 1511 reply_mp = ipsec_construct_inverse_acquire(samsg, extv, 1512 keystack->keystack_netstack); 1513 1514 if (reply_mp != NULL) { 1515 freemsg(mp); 1516 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr, 1517 ks->keysock_serial, NULL, B_FALSE, keystack); 1518 } else { 1519 keysock_error(ks, mp, samsg->sadb_msg_errno, 1520 samsg->sadb_x_msg_diagnostic); 1521 } 1522 } 1523 1524 /* 1525 * Spew an extended REGISTER down to the relevant consumers. 1526 */ 1527 static void 1528 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1529 { 1530 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG]; 1531 uint8_t *satypes, *fencepost; 1532 mblk_t *downmp; 1533 sadb_ext_t *downextv[SADB_EXT_MAX + 1]; 1534 keysock_stack_t *keystack = ks->keysock_keystack; 1535 1536 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 || 1537 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) { 1538 keysock_error(ks, mp, EBUSY, 0); 1539 } 1540 1541 ks->keysock_flags |= KEYSOCK_EXTENDED; 1542 if (ereg == NULL) { 1543 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1544 } else { 1545 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr); 1546 fencepost = (uint8_t *)mp->b_wptr; 1547 satypes = ereg->sadb_x_ereg_satypes; 1548 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) { 1549 downmp = copymsg(mp); 1550 if (downmp == NULL) { 1551 keysock_error(ks, mp, ENOMEM, 0); 1552 return; 1553 } 1554 /* 1555 * Since we've made it here, keysock_get_ext will work! 1556 */ 1557 (void) keysock_get_ext(downextv, 1558 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp), 1559 keystack); 1560 keysock_passdown(ks, downmp, *satypes, downextv, 1561 B_FALSE); 1562 ++satypes; 1563 } 1564 freemsg(mp); 1565 } 1566 1567 /* 1568 * Set global to indicate we prefer an extended ACQUIRE. 1569 */ 1570 atomic_add_32(&keystack->keystack_num_extended, 1); 1571 } 1572 1573 static void 1574 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[]) 1575 { 1576 int i, start, finish; 1577 mblk_t *mp1 = NULL; 1578 keysock_stack_t *keystack = ks->keysock_keystack; 1579 1580 start = 0; 1581 finish = KEYSOCK_MAX_CONSUMERS - 1; 1582 1583 for (i = start; i <= finish; i++) { 1584 if (keystack->keystack_consumers[i] != NULL) { 1585 mp1 = copymsg(mp); 1586 if (mp1 == NULL) { 1587 keysock_error(ks, mp, ENOMEM, 1588 SADB_X_DIAGNOSTIC_NONE); 1589 return; 1590 } 1591 keysock_passdown(ks, mp1, i, extv, B_FALSE); 1592 } 1593 } 1594 } 1595 1596 /* 1597 * Handle PF_KEY messages. 1598 */ 1599 static void 1600 keysock_parse(queue_t *q, mblk_t *mp) 1601 { 1602 sadb_msg_t *samsg; 1603 sadb_ext_t *extv[SADB_EXT_MAX + 1]; 1604 keysock_t *ks = (keysock_t *)q->q_ptr; 1605 uint_t msgsize; 1606 uint8_t satype; 1607 keysock_stack_t *keystack = ks->keysock_keystack; 1608 1609 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */ 1610 ASSERT(WR(q)->q_next == NULL); 1611 1612 samsg = (sadb_msg_t *)mp->b_rptr; 1613 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n", 1614 samsg->sadb_msg_type)); 1615 1616 msgsize = SADB_64TO8(samsg->sadb_msg_len); 1617 1618 if (msgdsize(mp) != msgsize) { 1619 /* 1620 * Message len incorrect w.r.t. actual size. Send an error 1621 * (EMSGSIZE). It may be necessary to massage things a 1622 * bit. For example, if the sadb_msg_type is hosed, 1623 * I need to set it to SADB_RESERVED to get delivery to 1624 * do the right thing. Then again, maybe just letting 1625 * the error delivery do the right thing. 1626 */ 1627 ks2dbg(keystack, 1628 ("mblk (%lu) and base (%d) message sizes don't jibe.\n", 1629 msgdsize(mp), msgsize)); 1630 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE); 1631 return; 1632 } 1633 1634 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) { 1635 /* Get all message into one mblk. */ 1636 if (pullupmsg(mp, -1) == 0) { 1637 /* 1638 * Something screwy happened. 1639 */ 1640 ks3dbg(keystack, 1641 ("keysock_parse: pullupmsg() failed.\n")); 1642 return; 1643 } else { 1644 samsg = (sadb_msg_t *)mp->b_rptr; 1645 } 1646 } 1647 1648 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) { 1649 case KGE_DUP: 1650 /* Handle duplicate extension. */ 1651 ks1dbg(keystack, ("Got duplicate extension of type %d.\n", 1652 extv[0]->sadb_ext_type)); 1653 keysock_error(ks, mp, EINVAL, 1654 keysock_duplicate(extv[0]->sadb_ext_type)); 1655 return; 1656 case KGE_UNK: 1657 /* Handle unknown extension. */ 1658 ks1dbg(keystack, ("Got unknown extension of type %d.\n", 1659 extv[0]->sadb_ext_type)); 1660 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT); 1661 return; 1662 case KGE_LEN: 1663 /* Length error. */ 1664 ks1dbg(keystack, 1665 ("Length %d on extension type %d overrun or 0.\n", 1666 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type)); 1667 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN); 1668 return; 1669 case KGE_CHK: 1670 /* Reality check failed. */ 1671 ks1dbg(keystack, 1672 ("Reality check failed on extension type %d.\n", 1673 extv[0]->sadb_ext_type)); 1674 keysock_error(ks, mp, EINVAL, 1675 keysock_malformed(extv[0]->sadb_ext_type)); 1676 return; 1677 default: 1678 /* Default case is no errors. */ 1679 break; 1680 } 1681 1682 switch (samsg->sadb_msg_type) { 1683 case SADB_REGISTER: 1684 /* 1685 * There's a semantic weirdness in that a message OTHER than 1686 * the return REGISTER message may be passed up if I set the 1687 * registered bit BEFORE I pass it down. 1688 * 1689 * SOOOO, I'll not twiddle any registered bits until I see 1690 * the upbound REGISTER (with a serial number in it). 1691 */ 1692 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1693 /* Handle extended register here. */ 1694 keysock_extended_register(ks, mp, extv); 1695 return; 1696 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) { 1697 keysock_error(ks, mp, EBUSY, 0); 1698 return; 1699 } 1700 /* FALLTHRU */ 1701 case SADB_GETSPI: 1702 case SADB_ADD: 1703 case SADB_UPDATE: 1704 case SADB_X_UPDATEPAIR: 1705 case SADB_DELETE: 1706 case SADB_X_DELPAIR: 1707 case SADB_GET: 1708 /* 1709 * Pass down to appropriate consumer. 1710 */ 1711 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC) 1712 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1713 B_FALSE); 1714 else keysock_error(ks, mp, EINVAL, 1715 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1716 return; 1717 case SADB_X_DELPAIR_STATE: 1718 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1719 keysock_delpair_all(ks, mp, extv); 1720 } else { 1721 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv, 1722 B_FALSE); 1723 } 1724 return; 1725 case SADB_ACQUIRE: 1726 /* 1727 * If I _receive_ an acquire, this means I should spread it 1728 * out to registered sockets. Unless there's an errno... 1729 * 1730 * Need ADDRESS, may have ID, SENS, and PROP, unless errno, 1731 * in which case there should be NO extensions. 1732 * 1733 * Return to registered. 1734 */ 1735 if (samsg->sadb_msg_errno != 0) { 1736 satype = samsg->sadb_msg_satype; 1737 if (satype == SADB_SATYPE_UNSPEC) { 1738 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) { 1739 keysock_error(ks, mp, EINVAL, 1740 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1741 return; 1742 } 1743 /* 1744 * Reassign satype based on the first 1745 * flags that KEYSOCK_SETREG says. 1746 */ 1747 while (satype <= SADB_SATYPE_MAX) { 1748 if (KEYSOCK_ISREG(ks, satype)) 1749 break; 1750 satype++; 1751 } 1752 if (satype > SADB_SATYPE_MAX) { 1753 keysock_error(ks, mp, EBUSY, 0); 1754 return; 1755 } 1756 } 1757 keysock_passdown(ks, mp, satype, extv, B_FALSE); 1758 } else { 1759 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) { 1760 keysock_error(ks, mp, EINVAL, 1761 SADB_X_DIAGNOSTIC_SATYPE_NEEDED); 1762 } else { 1763 keysock_passup(mp, samsg, 0, NULL, B_FALSE, 1764 keystack); 1765 } 1766 } 1767 return; 1768 case SADB_EXPIRE: 1769 /* 1770 * If someone sends this in, then send out to all senders. 1771 * (Save maybe ESP or AH, I have to be careful here.) 1772 * 1773 * Need ADDRESS, may have ID and SENS. 1774 * 1775 * XXX for now this is unsupported. 1776 */ 1777 break; 1778 case SADB_FLUSH: 1779 /* 1780 * Nuke all SAs. 1781 * 1782 * No extensions at all. Return to all listeners. 1783 * 1784 * Question: Should I hold a lock here to prevent 1785 * additions/deletions while flushing? 1786 * Answer: No. (See keysock_passdown() for details.) 1787 */ 1788 if (extv[0] != NULL) { 1789 /* 1790 * FLUSH messages shouldn't have extensions. 1791 * Return EINVAL. 1792 */ 1793 ks2dbg(keystack, ("FLUSH message with extension.\n")); 1794 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT); 1795 return; 1796 } 1797 1798 /* Passing down of DUMP/FLUSH messages are special. */ 1799 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1800 return; 1801 case SADB_DUMP: /* not used by normal applications */ 1802 if ((extv[0] != NULL) && 1803 ((msgsize > 1804 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) || 1805 (extv[SADB_X_EXT_EDUMP] == NULL))) { 1806 keysock_error(ks, mp, EINVAL, 1807 SADB_X_DIAGNOSTIC_NO_EXT); 1808 return; 1809 } 1810 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER); 1811 return; 1812 case SADB_X_PROMISC: 1813 /* 1814 * Promiscuous processing message. 1815 */ 1816 if (samsg->sadb_msg_satype == 0) 1817 ks->keysock_flags &= ~KEYSOCK_PROMISC; 1818 else 1819 ks->keysock_flags |= KEYSOCK_PROMISC; 1820 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, 1821 keystack); 1822 return; 1823 case SADB_X_INVERSE_ACQUIRE: 1824 keysock_inverse_acquire(mp, samsg, extv, ks); 1825 return; 1826 default: 1827 ks2dbg(keystack, ("Got unknown message type %d.\n", 1828 samsg->sadb_msg_type)); 1829 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG); 1830 return; 1831 } 1832 1833 /* As a placeholder... */ 1834 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n")); 1835 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE); 1836 } 1837 1838 /* 1839 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket, 1840 * I don't convert to ioctl()'s for IP. I am the end-all driver as far 1841 * as PF_KEY sockets are concerned. I do some conversion, but not as much 1842 * as IP/rts does. 1843 */ 1844 static void 1845 keysock_wput(queue_t *q, mblk_t *mp) 1846 { 1847 uchar_t *rptr = mp->b_rptr; 1848 mblk_t *mp1; 1849 keysock_t *ks; 1850 keysock_stack_t *keystack; 1851 1852 if (WR(q)->q_next) { 1853 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 1854 keystack = kc->kc_keystack; 1855 1856 ks3dbg(keystack, ("In keysock_wput\n")); 1857 1858 /* 1859 * We shouldn't get writes on a consumer instance. 1860 * But for now, just passthru. 1861 */ 1862 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n", 1863 kc->kc_sa_type)); 1864 putnext(q, mp); 1865 return; 1866 } 1867 ks = (keysock_t *)q->q_ptr; 1868 keystack = ks->keysock_keystack; 1869 1870 ks3dbg(keystack, ("In keysock_wput\n")); 1871 1872 switch (mp->b_datap->db_type) { 1873 case M_DATA: 1874 /* 1875 * Silently discard. 1876 */ 1877 ks2dbg(keystack, ("raw M_DATA in keysock.\n")); 1878 freemsg(mp); 1879 return; 1880 case M_PROTO: 1881 case M_PCPROTO: 1882 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) { 1883 if (((union T_primitives *)rptr)->type == T_DATA_REQ) { 1884 if ((mp1 = mp->b_cont) == NULL) { 1885 /* No data after T_DATA_REQ. */ 1886 ks2dbg(keystack, 1887 ("No data after DATA_REQ.\n")); 1888 freemsg(mp); 1889 return; 1890 } 1891 freeb(mp); 1892 mp = mp1; 1893 ks2dbg(keystack, ("T_DATA_REQ\n")); 1894 break; /* Out of switch. */ 1895 } 1896 } 1897 /* FALLTHRU */ 1898 default: 1899 ks3dbg(keystack, ("In default wput case (%d %d).\n", 1900 mp->b_datap->db_type, ((union T_primitives *)rptr)->type)); 1901 keysock_wput_other(q, mp); 1902 return; 1903 } 1904 1905 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */ 1906 keysock_parse(q, mp); 1907 } 1908 1909 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */ 1910 1911 /* 1912 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate 1913 * state vectors. 1914 */ 1915 static void 1916 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc) 1917 { 1918 keysock_t *ks; 1919 keysock_stack_t *keystack = kc->kc_keystack; 1920 1921 mutex_enter(&keystack->keystack_consumers_lock); 1922 mutex_enter(&kc->kc_lock); 1923 if (keystack->keystack_consumers[satype] != NULL) { 1924 ks0dbg(( 1925 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n", 1926 satype)); 1927 /* 1928 * Perhaps updating the new below-me consumer with what I have 1929 * so far would work too? 1930 */ 1931 mutex_exit(&kc->kc_lock); 1932 mutex_exit(&keystack->keystack_consumers_lock); 1933 } else { 1934 /* Add new below-me consumer. */ 1935 keystack->keystack_consumers[satype] = kc; 1936 1937 kc->kc_flags = 0; 1938 kc->kc_sa_type = satype; 1939 mutex_exit(&kc->kc_lock); 1940 mutex_exit(&keystack->keystack_consumers_lock); 1941 1942 /* Scan the keysock list. */ 1943 mutex_enter(&keystack->keystack_list_lock); 1944 for (ks = keystack->keystack_list; ks != NULL; 1945 ks = ks->keysock_next) { 1946 if (KEYSOCK_ISREG(ks, satype)) { 1947 /* 1948 * XXX Perhaps send an SADB_REGISTER down on 1949 * the socket's behalf. 1950 */ 1951 ks1dbg(keystack, 1952 ("Socket %u registered already for " 1953 "new consumer.\n", ks->keysock_serial)); 1954 } 1955 } 1956 mutex_exit(&keystack->keystack_list_lock); 1957 } 1958 } 1959 1960 /* 1961 * Generate a KEYSOCK_OUT_ERR message for my consumer. 1962 */ 1963 static void 1964 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp) 1965 { 1966 keysock_out_err_t *kse; 1967 mblk_t *imp; 1968 keysock_stack_t *keystack = kc->kc_keystack; 1969 1970 imp = allocb(sizeof (ipsec_info_t), BPRI_HI); 1971 if (imp == NULL) { 1972 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n")); 1973 return; 1974 } 1975 1976 imp->b_datap->db_type = M_CTL; 1977 imp->b_wptr += sizeof (ipsec_info_t); 1978 1979 kse = (keysock_out_err_t *)imp->b_rptr; 1980 imp->b_cont = mp; 1981 kse->ks_err_type = KEYSOCK_OUT_ERR; 1982 kse->ks_err_len = sizeof (*kse); 1983 /* Is serial necessary? */ 1984 kse->ks_err_serial = 0; 1985 kse->ks_err_errno = ks_errno; 1986 1987 /* 1988 * XXX What else do I need to do here w.r.t. information 1989 * to tell the consumer what caused this error? 1990 * 1991 * I believe the answer is the PF_KEY ACQUIRE (or other) message 1992 * attached in mp, which is appended at the end. I believe the 1993 * db_ref won't matter here, because the PF_KEY message is only read 1994 * for KEYSOCK_OUT_ERR. 1995 */ 1996 1997 putnext(kc->kc_wq, imp); 1998 } 1999 2000 /* XXX this is a hack errno. */ 2001 #define EIPSECNOSA 255 2002 2003 /* 2004 * Route message (pointed by mp, header in samsg) toward appropriate 2005 * sockets. Assume the message's creator did its job correctly. 2006 * 2007 * This should be a function that is followed by a return in its caller. 2008 * The compiler _should_ be able to use tail-call optimizations to make the 2009 * large ## of parameters not a huge deal. 2010 */ 2011 static void 2012 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial, 2013 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack) 2014 { 2015 keysock_t *ks; 2016 uint8_t satype = samsg->sadb_msg_satype; 2017 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE, 2018 setalg = B_FALSE; 2019 mblk_t *mp1; 2020 int err = EIPSECNOSA; 2021 2022 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */ 2023 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI); 2024 if (mp1 == NULL) { 2025 err = ENOMEM; 2026 goto error; 2027 } 2028 mp1->b_wptr += sizeof (struct T_data_req); 2029 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND; 2030 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0; 2031 mp1->b_datap->db_type = M_PROTO; 2032 mp1->b_cont = mp; 2033 mp = mp1; 2034 2035 switch (samsg->sadb_msg_type) { 2036 case SADB_FLUSH: 2037 case SADB_GETSPI: 2038 case SADB_UPDATE: 2039 case SADB_X_UPDATEPAIR: 2040 case SADB_ADD: 2041 case SADB_DELETE: 2042 case SADB_X_DELPAIR: 2043 case SADB_EXPIRE: 2044 /* 2045 * These are most likely replies. Don't worry about 2046 * KEYSOCK_OUT_ERR handling. Deliver to all sockets. 2047 */ 2048 ks3dbg(keystack, 2049 ("Delivering normal message (%d) to all sockets.\n", 2050 samsg->sadb_msg_type)); 2051 toall = B_TRUE; 2052 break; 2053 case SADB_REGISTER: 2054 /* 2055 * REGISTERs come up for one of three reasons: 2056 * 2057 * 1.) In response to a normal SADB_REGISTER 2058 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2059 * serial != 0) 2060 * Deliver to normal SADB_REGISTERed sockets. 2061 * 2.) In response to an extended REGISTER 2062 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 2063 * Deliver to extended REGISTERed socket. 2064 * 3.) Spontaneous algorithm changes 2065 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 2066 * serial == 0) 2067 * Deliver to REGISTERed sockets of all sorts. 2068 */ 2069 if (kc == NULL) { 2070 /* Here because of keysock_error() call. */ 2071 ASSERT(samsg->sadb_msg_errno != 0); 2072 break; /* Out of switch. */ 2073 } 2074 ks3dbg(keystack, ("Delivering REGISTER.\n")); 2075 if (satype == SADB_SATYPE_UNSPEC) { 2076 /* REGISTER Reason #2 */ 2077 allereg = B_TRUE; 2078 /* 2079 * Rewhack SA type so PF_KEY socket holder knows what 2080 * consumer generated this algorithm list. 2081 */ 2082 satype = kc->kc_sa_type; 2083 samsg->sadb_msg_satype = satype; 2084 setalg = B_TRUE; 2085 } else if (serial == 0) { 2086 /* REGISTER Reason #3 */ 2087 allreg = B_TRUE; 2088 allereg = B_TRUE; 2089 } else { 2090 /* REGISTER Reason #1 */ 2091 allreg = B_TRUE; 2092 setalg = B_TRUE; 2093 } 2094 break; 2095 case SADB_ACQUIRE: 2096 /* 2097 * ACQUIREs are either extended (sadb_msg_satype == 0) or 2098 * regular (sadb_msg_satype != 0). And we're guaranteed 2099 * that serial == 0 for an ACQUIRE. 2100 */ 2101 ks3dbg(keystack, ("Delivering ACQUIRE.\n")); 2102 allereg = (satype == SADB_SATYPE_UNSPEC); 2103 allreg = !allereg; 2104 /* 2105 * Corner case - if we send a regular ACQUIRE and there's 2106 * extended ones registered, don't send an error down to 2107 * consumers if nobody's listening and prematurely destroy 2108 * their ACQUIRE record. This might be too hackish of a 2109 * solution. 2110 */ 2111 if (allreg && keystack->keystack_num_extended > 0) 2112 err = 0; 2113 break; 2114 case SADB_X_PROMISC: 2115 case SADB_X_INVERSE_ACQUIRE: 2116 case SADB_DUMP: 2117 case SADB_GET: 2118 default: 2119 /* 2120 * Deliver to the sender and promiscuous only. 2121 */ 2122 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n", 2123 samsg->sadb_msg_type)); 2124 break; 2125 } 2126 2127 mutex_enter(&keystack->keystack_list_lock); 2128 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) { 2129 /* Delivery loop. */ 2130 2131 /* 2132 * Check special keysock-setting cases (REGISTER replies) 2133 * here. 2134 */ 2135 if (setalg && serial == ks->keysock_serial) { 2136 ASSERT(kc != NULL); 2137 ASSERT(kc->kc_sa_type == satype); 2138 KEYSOCK_SETREG(ks, satype); 2139 } 2140 2141 /* 2142 * NOLOOP takes precedence over PROMISC. So if you've set 2143 * !SO_USELOOPBACK, don't expect to see any data... 2144 */ 2145 if (ks->keysock_flags & KEYSOCK_NOLOOP) 2146 continue; 2147 2148 /* 2149 * Messages to all, or promiscuous sockets just GET the 2150 * message. Perform rules-type checking iff it's not for all 2151 * listeners or the socket is in promiscuous mode. 2152 * 2153 * NOTE:Because of the (kc != NULL && ISREG()), make sure 2154 * extended ACQUIREs arrive off a consumer that is 2155 * part of the extended REGISTER set of consumers. 2156 */ 2157 if (serial != ks->keysock_serial && 2158 !toall && 2159 !(ks->keysock_flags & KEYSOCK_PROMISC) && 2160 !((ks->keysock_flags & KEYSOCK_EXTENDED) ? 2161 allereg : allreg && kc != NULL && 2162 KEYSOCK_ISREG(ks, kc->kc_sa_type))) 2163 continue; 2164 2165 mp1 = dupmsg(mp); 2166 if (mp1 == NULL) { 2167 ks2dbg(keystack, ( 2168 "keysock_passup(): dupmsg() failed.\n")); 2169 mp1 = mp; 2170 mp = NULL; 2171 err = ENOMEM; 2172 } 2173 2174 /* 2175 * At this point, we can deliver or attempt to deliver 2176 * this message. We're free of obligation to report 2177 * no listening PF_KEY sockets. So set err to 0. 2178 */ 2179 err = 0; 2180 2181 /* 2182 * See if we canputnext(), as well as see if the message 2183 * needs to be queued if we can't. 2184 */ 2185 if (!canputnext(ks->keysock_rq)) { 2186 if (persistent) { 2187 if (putq(ks->keysock_rq, mp1) == 0) { 2188 ks1dbg(keystack, ( 2189 "keysock_passup: putq failed.\n")); 2190 } else { 2191 continue; 2192 } 2193 } 2194 freemsg(mp1); 2195 continue; 2196 } 2197 2198 ks3dbg(keystack, 2199 ("Putting to serial %d.\n", ks->keysock_serial)); 2200 /* 2201 * Unlike the specific keysock instance case, this 2202 * will only hit for listeners, so we will only 2203 * putnext() if we can. 2204 */ 2205 putnext(ks->keysock_rq, mp1); 2206 if (mp == NULL) 2207 break; /* out of for loop. */ 2208 } 2209 mutex_exit(&keystack->keystack_list_lock); 2210 2211 error: 2212 if ((err != 0) && (kc != NULL)) { 2213 /* 2214 * Generate KEYSOCK_OUT_ERR for consumer. 2215 * Basically, I send this back if I have not been able to 2216 * transmit (for whatever reason) 2217 */ 2218 ks1dbg(keystack, 2219 ("keysock_passup(): No registered of type %d.\n", 2220 satype)); 2221 if (mp != NULL) { 2222 if (mp->b_datap->db_type == M_PROTO) { 2223 mp1 = mp; 2224 mp = mp->b_cont; 2225 freeb(mp1); 2226 } 2227 /* 2228 * Do a copymsg() because people who get 2229 * KEYSOCK_OUT_ERR may alter the message contents. 2230 */ 2231 mp1 = copymsg(mp); 2232 if (mp1 == NULL) { 2233 ks2dbg(keystack, 2234 ("keysock_passup: copymsg() failed.\n")); 2235 mp1 = mp; 2236 mp = NULL; 2237 } 2238 keysock_out_err(kc, err, mp1); 2239 } 2240 } 2241 2242 /* 2243 * XXX Blank the message somehow. This is difficult because we don't 2244 * know at this point if the message has db_ref > 1, etc. 2245 * 2246 * Optimally, keysock messages containing actual keying material would 2247 * be allocated with esballoc(), with a zeroing free function. 2248 */ 2249 if (mp != NULL) 2250 freemsg(mp); 2251 } 2252 2253 /* 2254 * Keysock's read service procedure is there only for PF_KEY reply 2255 * messages that really need to reach the top. 2256 */ 2257 static void 2258 keysock_rsrv(queue_t *q) 2259 { 2260 mblk_t *mp; 2261 2262 while ((mp = getq(q)) != NULL) { 2263 if (canputnext(q)) { 2264 putnext(q, mp); 2265 } else { 2266 (void) putbq(q, mp); 2267 return; 2268 } 2269 } 2270 } 2271 2272 /* 2273 * The read procedure should only be invoked by a keysock consumer, like 2274 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK 2275 * messages on my read queues. 2276 */ 2277 static void 2278 keysock_rput(queue_t *q, mblk_t *mp) 2279 { 2280 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr; 2281 ipsec_info_t *ii; 2282 keysock_hello_ack_t *ksa; 2283 minor_t serial; 2284 mblk_t *mp1; 2285 sadb_msg_t *samsg; 2286 keysock_stack_t *keystack = kc->kc_keystack; 2287 2288 /* Make sure I'm a consumer instance. (i.e. something's below me) */ 2289 ASSERT(WR(q)->q_next != NULL); 2290 2291 if (mp->b_datap->db_type != M_CTL) { 2292 /* 2293 * Keysock should only see keysock consumer interface 2294 * messages (see ipsec_info.h) on its read procedure. 2295 * To be robust, however, putnext() up so the STREAM head can 2296 * deal with it appropriately. 2297 */ 2298 ks1dbg(keystack, 2299 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n", 2300 mp->b_datap->db_type, mp->b_datap->db_type)); 2301 putnext(q, mp); 2302 return; 2303 } 2304 2305 ii = (ipsec_info_t *)mp->b_rptr; 2306 2307 switch (ii->ipsec_info_type) { 2308 case KEYSOCK_OUT: 2309 /* 2310 * A consumer needs to pass a response message or an ACQUIRE 2311 * UP. I assume that the consumer has done the right 2312 * thing w.r.t. message creation, etc. 2313 */ 2314 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial; 2315 mp1 = mp->b_cont; /* Get M_DATA portion. */ 2316 freeb(mp); 2317 samsg = (sadb_msg_t *)mp1->b_rptr; 2318 if (samsg->sadb_msg_type == SADB_FLUSH || 2319 (samsg->sadb_msg_type == SADB_DUMP && 2320 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) { 2321 /* 2322 * If I'm an end-of-FLUSH or an end-of-DUMP marker... 2323 */ 2324 ASSERT(keystack->keystack_flushdump != 0); 2325 /* Am I flushing? */ 2326 2327 mutex_enter(&kc->kc_lock); 2328 kc->kc_flags &= ~KC_FLUSHING; 2329 mutex_exit(&kc->kc_lock); 2330 2331 if (samsg->sadb_msg_errno != 0) 2332 keystack->keystack_flushdump_errno = 2333 samsg->sadb_msg_errno; 2334 2335 /* 2336 * Lower the atomic "flushing" count. If it's 2337 * the last one, send up the end-of-{FLUSH,DUMP} to 2338 * the appropriate PF_KEY socket. 2339 */ 2340 if (atomic_add_32_nv(&keystack->keystack_flushdump, 2341 -1) != 0) { 2342 ks1dbg(keystack, 2343 ("One flush/dump message back from %d," 2344 " more to go.\n", samsg->sadb_msg_satype)); 2345 freemsg(mp1); 2346 return; 2347 } 2348 2349 samsg->sadb_msg_errno = 2350 (uint8_t)keystack->keystack_flushdump_errno; 2351 if (samsg->sadb_msg_type == SADB_DUMP) { 2352 samsg->sadb_msg_seq = 0; 2353 } 2354 } 2355 keysock_passup(mp1, samsg, serial, kc, 2356 (samsg->sadb_msg_type == SADB_DUMP), keystack); 2357 return; 2358 case KEYSOCK_HELLO_ACK: 2359 /* Aha, now we can link in the consumer! */ 2360 ksa = (keysock_hello_ack_t *)ii; 2361 keysock_link_consumer(ksa->ks_hello_satype, kc); 2362 freemsg(mp); 2363 return; 2364 default: 2365 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n", 2366 ii->ipsec_info_type)); 2367 putnext(q, mp); 2368 } 2369 } 2370 2371 /* 2372 * So we can avoid external linking problems.... 2373 */ 2374 boolean_t 2375 keysock_extended_reg(netstack_t *ns) 2376 { 2377 keysock_stack_t *keystack = ns->netstack_keysock; 2378 2379 return (keystack->keystack_num_extended != 0); 2380 } 2381 2382 uint32_t 2383 keysock_next_seq(netstack_t *ns) 2384 { 2385 keysock_stack_t *keystack = ns->netstack_keysock; 2386 2387 return (atomic_add_32_nv(&keystack->keystack_acquire_seq, -1)); 2388 } 2389