xref: /titanic_50/usr/src/uts/common/inet/ip/ipsecesp.c (revision 090a8d9e70b0696e7d9bc114c6e021757c9f04fe)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/types.h>
27 #include <sys/stream.h>
28 #include <sys/stropts.h>
29 #include <sys/errno.h>
30 #include <sys/strlog.h>
31 #include <sys/tihdr.h>
32 #include <sys/socket.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/kmem.h>
36 #include <sys/zone.h>
37 #include <sys/sysmacros.h>
38 #include <sys/cmn_err.h>
39 #include <sys/vtrace.h>
40 #include <sys/debug.h>
41 #include <sys/atomic.h>
42 #include <sys/strsun.h>
43 #include <sys/random.h>
44 #include <netinet/in.h>
45 #include <net/if.h>
46 #include <netinet/ip6.h>
47 #include <net/pfkeyv2.h>
48 
49 #include <inet/common.h>
50 #include <inet/mi.h>
51 #include <inet/nd.h>
52 #include <inet/ip.h>
53 #include <inet/ip_impl.h>
54 #include <inet/ip6.h>
55 #include <inet/sadb.h>
56 #include <inet/ipsec_info.h>
57 #include <inet/ipsec_impl.h>
58 #include <inet/ipsecesp.h>
59 #include <inet/ipdrop.h>
60 #include <inet/tcp.h>
61 #include <sys/kstat.h>
62 #include <sys/policy.h>
63 #include <sys/strsun.h>
64 #include <inet/udp_impl.h>
65 #include <sys/taskq.h>
66 #include <sys/note.h>
67 
68 #include <sys/iphada.h>
69 
70 /*
71  * Table of ND variables supported by ipsecesp. These are loaded into
72  * ipsecesp_g_nd in ipsecesp_init_nd.
73  * All of these are alterable, within the min/max values given, at run time.
74  */
75 static	ipsecespparam_t	lcl_param_arr[] = {
76 	/* min	max			value	name */
77 	{ 0,	3,			0,	"ipsecesp_debug"},
78 	{ 125,	32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"},
79 	{ 1,	10,			1,	"ipsecesp_reap_delay"},
80 	{ 1,	SADB_MAX_REPLAY,	64,	"ipsecesp_replay_size"},
81 	{ 1,	300,			15,	"ipsecesp_acquire_timeout"},
82 	{ 1,	1800,			90,	"ipsecesp_larval_timeout"},
83 	/* Default lifetime values for ACQUIRE messages. */
84 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_soft_bytes"},
85 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_hard_bytes"},
86 	{ 0,	0xffffffffU,	24000,	"ipsecesp_default_soft_addtime"},
87 	{ 0,	0xffffffffU,	28800,	"ipsecesp_default_hard_addtime"},
88 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_soft_usetime"},
89 	{ 0,	0xffffffffU,	0,	"ipsecesp_default_hard_usetime"},
90 	{ 0,	1,		0,	"ipsecesp_log_unknown_spi"},
91 	{ 0,	2,		1,	"ipsecesp_padding_check"},
92 	{ 0,	600,		20,	"ipsecesp_nat_keepalive_interval"},
93 };
94 #define	ipsecesp_debug	ipsecesp_params[0].ipsecesp_param_value
95 #define	ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value
96 #define	ipsecesp_age_int_max	ipsecesp_params[1].ipsecesp_param_max
97 #define	ipsecesp_reap_delay	ipsecesp_params[2].ipsecesp_param_value
98 #define	ipsecesp_replay_size	ipsecesp_params[3].ipsecesp_param_value
99 #define	ipsecesp_acquire_timeout	\
100 	ipsecesp_params[4].ipsecesp_param_value
101 #define	ipsecesp_larval_timeout	\
102 	ipsecesp_params[5].ipsecesp_param_value
103 #define	ipsecesp_default_soft_bytes	\
104 	ipsecesp_params[6].ipsecesp_param_value
105 #define	ipsecesp_default_hard_bytes	\
106 	ipsecesp_params[7].ipsecesp_param_value
107 #define	ipsecesp_default_soft_addtime	\
108 	ipsecesp_params[8].ipsecesp_param_value
109 #define	ipsecesp_default_hard_addtime	\
110 	ipsecesp_params[9].ipsecesp_param_value
111 #define	ipsecesp_default_soft_usetime	\
112 	ipsecesp_params[10].ipsecesp_param_value
113 #define	ipsecesp_default_hard_usetime	\
114 	ipsecesp_params[11].ipsecesp_param_value
115 #define	ipsecesp_log_unknown_spi	\
116 	ipsecesp_params[12].ipsecesp_param_value
117 #define	ipsecesp_padding_check	\
118 	ipsecesp_params[13].ipsecesp_param_value
119 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */
120 
121 #define	esp0dbg(a)	printf a
122 /* NOTE:  != 0 instead of > 0 so lint doesn't complain. */
123 #define	esp1dbg(espstack, a)	if (espstack->ipsecesp_debug != 0) printf a
124 #define	esp2dbg(espstack, a)	if (espstack->ipsecesp_debug > 1) printf a
125 #define	esp3dbg(espstack, a)	if (espstack->ipsecesp_debug > 2) printf a
126 
127 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *);
128 static int ipsecesp_close(queue_t *);
129 static void ipsecesp_rput(queue_t *, mblk_t *);
130 static void ipsecesp_wput(queue_t *, mblk_t *);
131 static void	*ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns);
132 static void	ipsecesp_stack_fini(netstackid_t stackid, void *arg);
133 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *);
134 
135 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *);
136 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t);
137 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *,
138     boolean_t, ipsa_t *);
139 
140 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t,
141     ipsecesp_stack_t *);
142 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t,
143     kstat_named_t **, ipsecesp_stack_t *);
144 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t);
145 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *,
146     uint_t);
147 /* Setable in /etc/system */
148 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE;
149 
150 static struct module_info info = {
151 	5137, "ipsecesp", 0, INFPSZ, 65536, 1024
152 };
153 
154 static struct qinit rinit = {
155 	(pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
156 	NULL
157 };
158 
159 static struct qinit winit = {
160 	(pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
161 	NULL
162 };
163 
164 struct streamtab ipsecespinfo = {
165 	&rinit, &winit, NULL, NULL
166 };
167 
168 static taskq_t *esp_taskq;
169 
170 /*
171  * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now.
172  *
173  * Question:	Do I need this, given that all instance's esps->esps_wq point
174  *		to IP?
175  *
176  * Answer:	Yes, because I need to know which queue is BOUND to
177  *		IPPROTO_ESP
178  */
179 
180 /*
181  * Stats.  This may eventually become a full-blown SNMP MIB once that spec
182  * stabilizes.
183  */
184 
185 typedef struct esp_kstats_s {
186 	kstat_named_t esp_stat_num_aalgs;
187 	kstat_named_t esp_stat_good_auth;
188 	kstat_named_t esp_stat_bad_auth;
189 	kstat_named_t esp_stat_bad_padding;
190 	kstat_named_t esp_stat_replay_failures;
191 	kstat_named_t esp_stat_replay_early_failures;
192 	kstat_named_t esp_stat_keysock_in;
193 	kstat_named_t esp_stat_out_requests;
194 	kstat_named_t esp_stat_acquire_requests;
195 	kstat_named_t esp_stat_bytes_expired;
196 	kstat_named_t esp_stat_out_discards;
197 	kstat_named_t esp_stat_in_accelerated;
198 	kstat_named_t esp_stat_out_accelerated;
199 	kstat_named_t esp_stat_noaccel;
200 	kstat_named_t esp_stat_crypto_sync;
201 	kstat_named_t esp_stat_crypto_async;
202 	kstat_named_t esp_stat_crypto_failures;
203 	kstat_named_t esp_stat_num_ealgs;
204 	kstat_named_t esp_stat_bad_decrypt;
205 	kstat_named_t esp_stat_sa_port_renumbers;
206 } esp_kstats_t;
207 
208 /*
209  * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if
210  * kstat_create_netstack for espstack->esp_ksp succeeds, but when it
211  * fails, it will be NULL. Note this is done for all stack instances,
212  * so it *could* fail. hence a non-NULL checking is done for
213  * ESP_BUMP_STAT and ESP_DEBUMP_STAT
214  */
215 #define	ESP_BUMP_STAT(espstack, x)					\
216 do {									\
217 	if (espstack->esp_kstats != NULL)				\
218 		(espstack->esp_kstats->esp_stat_ ## x).value.ui64++;	\
219 _NOTE(CONSTCOND)							\
220 } while (0)
221 
222 #define	ESP_DEBUMP_STAT(espstack, x)					\
223 do {									\
224 	if (espstack->esp_kstats != NULL)				\
225 		(espstack->esp_kstats->esp_stat_ ## x).value.ui64--;	\
226 _NOTE(CONSTCOND)							\
227 } while (0)
228 
229 static int	esp_kstat_update(kstat_t *, int);
230 
231 static boolean_t
232 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
233 {
234 	espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
235 	    "net", KSTAT_TYPE_NAMED,
236 	    sizeof (esp_kstats_t) / sizeof (kstat_named_t),
237 	    KSTAT_FLAG_PERSISTENT, stackid);
238 
239 	if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
240 		return (B_FALSE);
241 
242 	espstack->esp_kstats = espstack->esp_ksp->ks_data;
243 
244 	espstack->esp_ksp->ks_update = esp_kstat_update;
245 	espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid;
246 
247 #define	K64 KSTAT_DATA_UINT64
248 #define	KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
249 
250 	KI(num_aalgs);
251 	KI(num_ealgs);
252 	KI(good_auth);
253 	KI(bad_auth);
254 	KI(bad_padding);
255 	KI(replay_failures);
256 	KI(replay_early_failures);
257 	KI(keysock_in);
258 	KI(out_requests);
259 	KI(acquire_requests);
260 	KI(bytes_expired);
261 	KI(out_discards);
262 	KI(in_accelerated);
263 	KI(out_accelerated);
264 	KI(noaccel);
265 	KI(crypto_sync);
266 	KI(crypto_async);
267 	KI(crypto_failures);
268 	KI(bad_decrypt);
269 	KI(sa_port_renumbers);
270 
271 #undef KI
272 #undef K64
273 
274 	kstat_install(espstack->esp_ksp);
275 
276 	return (B_TRUE);
277 }
278 
279 static int
280 esp_kstat_update(kstat_t *kp, int rw)
281 {
282 	esp_kstats_t *ekp;
283 	netstackid_t	stackid = (zoneid_t)(uintptr_t)kp->ks_private;
284 	netstack_t	*ns;
285 	ipsec_stack_t	*ipss;
286 
287 	if ((kp == NULL) || (kp->ks_data == NULL))
288 		return (EIO);
289 
290 	if (rw == KSTAT_WRITE)
291 		return (EACCES);
292 
293 	ns = netstack_find_by_stackid(stackid);
294 	if (ns == NULL)
295 		return (-1);
296 	ipss = ns->netstack_ipsec;
297 	if (ipss == NULL) {
298 		netstack_rele(ns);
299 		return (-1);
300 	}
301 	ekp = (esp_kstats_t *)kp->ks_data;
302 
303 	mutex_enter(&ipss->ipsec_alg_lock);
304 	ekp->esp_stat_num_aalgs.value.ui64 =
305 	    ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
306 	ekp->esp_stat_num_ealgs.value.ui64 =
307 	    ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
308 	mutex_exit(&ipss->ipsec_alg_lock);
309 
310 	netstack_rele(ns);
311 	return (0);
312 }
313 
314 #ifdef DEBUG
315 /*
316  * Debug routine, useful to see pre-encryption data.
317  */
318 static char *
319 dump_msg(mblk_t *mp)
320 {
321 	char tmp_str[3], tmp_line[256];
322 
323 	while (mp != NULL) {
324 		unsigned char *ptr;
325 
326 		printf("mblk address 0x%p, length %ld, db_ref %d "
327 		    "type %d, base 0x%p, lim 0x%p\n",
328 		    (void *) mp, (long)(mp->b_wptr - mp->b_rptr),
329 		    mp->b_datap->db_ref, mp->b_datap->db_type,
330 		    (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim);
331 		ptr = mp->b_rptr;
332 
333 		tmp_line[0] = '\0';
334 		while (ptr < mp->b_wptr) {
335 			uint_t diff;
336 
337 			diff = (ptr - mp->b_rptr);
338 			if (!(diff & 0x1f)) {
339 				if (strlen(tmp_line) > 0) {
340 					printf("bytes: %s\n", tmp_line);
341 					tmp_line[0] = '\0';
342 				}
343 			}
344 			if (!(diff & 0x3))
345 				(void) strcat(tmp_line, " ");
346 			(void) sprintf(tmp_str, "%02x", *ptr);
347 			(void) strcat(tmp_line, tmp_str);
348 			ptr++;
349 		}
350 		if (strlen(tmp_line) > 0)
351 			printf("bytes: %s\n", tmp_line);
352 
353 		mp = mp->b_cont;
354 	}
355 
356 	return ("\n");
357 }
358 
359 #else /* DEBUG */
360 static char *
361 dump_msg(mblk_t *mp)
362 {
363 	printf("Find value of mp %p.\n", mp);
364 	return ("\n");
365 }
366 #endif /* DEBUG */
367 
368 /*
369  * Don't have to lock age_interval, as only one thread will access it at
370  * a time, because I control the one function that does with timeout().
371  */
372 static void
373 esp_ager(void *arg)
374 {
375 	ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
376 	netstack_t	*ns = espstack->ipsecesp_netstack;
377 	hrtime_t begin = gethrtime();
378 
379 	sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
380 	    espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns);
381 	sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q,
382 	    espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns);
383 
384 	espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q,
385 	    esp_ager, espstack,
386 	    &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max,
387 	    info.mi_idnum);
388 }
389 
390 /*
391  * Get an ESP NDD parameter.
392  */
393 /* ARGSUSED */
394 static int
395 ipsecesp_param_get(q, mp, cp, cr)
396 	queue_t	*q;
397 	mblk_t	*mp;
398 	caddr_t	cp;
399 	cred_t *cr;
400 {
401 	ipsecespparam_t	*ipsecesppa = (ipsecespparam_t *)cp;
402 	uint_t value;
403 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
404 
405 	mutex_enter(&espstack->ipsecesp_param_lock);
406 	value = ipsecesppa->ipsecesp_param_value;
407 	mutex_exit(&espstack->ipsecesp_param_lock);
408 
409 	(void) mi_mpprintf(mp, "%u", value);
410 	return (0);
411 }
412 
413 /*
414  * This routine sets an NDD variable in a ipsecespparam_t structure.
415  */
416 /* ARGSUSED */
417 static int
418 ipsecesp_param_set(q, mp, value, cp, cr)
419 	queue_t	*q;
420 	mblk_t	*mp;
421 	char	*value;
422 	caddr_t	cp;
423 	cred_t *cr;
424 {
425 	ulong_t	new_value;
426 	ipsecespparam_t	*ipsecesppa = (ipsecespparam_t *)cp;
427 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
428 
429 	/*
430 	 * Fail the request if the new value does not lie within the
431 	 * required bounds.
432 	 */
433 	if (ddi_strtoul(value, NULL, 10, &new_value) != 0 ||
434 	    new_value < ipsecesppa->ipsecesp_param_min ||
435 	    new_value > ipsecesppa->ipsecesp_param_max) {
436 		return (EINVAL);
437 	}
438 
439 	/* Set the new value */
440 	mutex_enter(&espstack->ipsecesp_param_lock);
441 	ipsecesppa->ipsecesp_param_value = new_value;
442 	mutex_exit(&espstack->ipsecesp_param_lock);
443 	return (0);
444 }
445 
446 /*
447  * Using lifetime NDD variables, fill in an extended combination's
448  * lifetime information.
449  */
450 void
451 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns)
452 {
453 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
454 
455 	ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes;
456 	ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes;
457 	ecomb->sadb_x_ecomb_soft_addtime =
458 	    espstack->ipsecesp_default_soft_addtime;
459 	ecomb->sadb_x_ecomb_hard_addtime =
460 	    espstack->ipsecesp_default_hard_addtime;
461 	ecomb->sadb_x_ecomb_soft_usetime =
462 	    espstack->ipsecesp_default_soft_usetime;
463 	ecomb->sadb_x_ecomb_hard_usetime =
464 	    espstack->ipsecesp_default_hard_usetime;
465 }
466 
467 /*
468  * Initialize things for ESP at module load time.
469  */
470 boolean_t
471 ipsecesp_ddi_init(void)
472 {
473 	esp_taskq = taskq_create("esp_taskq", 1, minclsyspri,
474 	    IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0);
475 
476 	/*
477 	 * We want to be informed each time a stack is created or
478 	 * destroyed in the kernel, so we can maintain the
479 	 * set of ipsecesp_stack_t's.
480 	 */
481 	netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL,
482 	    ipsecesp_stack_fini);
483 
484 	return (B_TRUE);
485 }
486 
487 /*
488  * Walk through the param array specified registering each element with the
489  * named dispatch handler.
490  */
491 static boolean_t
492 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt)
493 {
494 	for (; cnt-- > 0; espp++) {
495 		if (espp->ipsecesp_param_name != NULL &&
496 		    espp->ipsecesp_param_name[0]) {
497 			if (!nd_load(ndp,
498 			    espp->ipsecesp_param_name,
499 			    ipsecesp_param_get, ipsecesp_param_set,
500 			    (caddr_t)espp)) {
501 				nd_free(ndp);
502 				return (B_FALSE);
503 			}
504 		}
505 	}
506 	return (B_TRUE);
507 }
508 /*
509  * Initialize things for ESP for each stack instance
510  */
511 static void *
512 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns)
513 {
514 	ipsecesp_stack_t	*espstack;
515 	ipsecespparam_t		*espp;
516 
517 	espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack),
518 	    KM_SLEEP);
519 	espstack->ipsecesp_netstack = ns;
520 
521 	espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
522 	espstack->ipsecesp_params = espp;
523 	bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr));
524 
525 	(void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp,
526 	    A_CNT(lcl_param_arr));
527 
528 	(void) esp_kstat_init(espstack, stackid);
529 
530 	espstack->esp_sadb.s_acquire_timeout =
531 	    &espstack->ipsecesp_acquire_timeout;
532 	espstack->esp_sadb.s_acqfn = esp_send_acquire;
533 	sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size,
534 	    espstack->ipsecesp_netstack);
535 
536 	mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0);
537 
538 	ip_drop_register(&espstack->esp_dropper, "IPsec ESP");
539 	return (espstack);
540 }
541 
542 /*
543  * Destroy things for ESP at module unload time.
544  */
545 void
546 ipsecesp_ddi_destroy(void)
547 {
548 	netstack_unregister(NS_IPSECESP);
549 	taskq_destroy(esp_taskq);
550 }
551 
552 /*
553  * Destroy things for ESP for one stack instance
554  */
555 static void
556 ipsecesp_stack_fini(netstackid_t stackid, void *arg)
557 {
558 	ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
559 
560 	if (espstack->esp_pfkey_q != NULL) {
561 		(void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event);
562 	}
563 	espstack->esp_sadb.s_acqfn = NULL;
564 	espstack->esp_sadb.s_acquire_timeout = NULL;
565 	sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack);
566 	ip_drop_unregister(&espstack->esp_dropper);
567 	mutex_destroy(&espstack->ipsecesp_param_lock);
568 	nd_free(&espstack->ipsecesp_g_nd);
569 
570 	kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr));
571 	espstack->ipsecesp_params = NULL;
572 	kstat_delete_netstack(espstack->esp_ksp, stackid);
573 	espstack->esp_ksp = NULL;
574 	espstack->esp_kstats = NULL;
575 	kmem_free(espstack, sizeof (*espstack));
576 }
577 
578 /*
579  * ESP module open routine.
580  */
581 /* ARGSUSED */
582 static int
583 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
584 {
585 	netstack_t		*ns;
586 	ipsecesp_stack_t	*espstack;
587 
588 	if (secpolicy_ip_config(credp, B_FALSE) != 0)
589 		return (EPERM);
590 
591 	if (q->q_ptr != NULL)
592 		return (0);  /* Re-open of an already open instance. */
593 
594 	if (sflag != MODOPEN)
595 		return (EINVAL);
596 
597 	ns = netstack_find_by_cred(credp);
598 	ASSERT(ns != NULL);
599 	espstack = ns->netstack_ipsecesp;
600 	ASSERT(espstack != NULL);
601 
602 	/*
603 	 * ASSUMPTIONS (because I'm MT_OCEXCL):
604 	 *
605 	 *	* I'm being pushed on top of IP for all my opens (incl. #1).
606 	 *	* Only ipsecesp_open() can write into esp_sadb.s_ip_q.
607 	 *	* Because of this, I can check lazily for esp_sadb.s_ip_q.
608 	 *
609 	 *  If these assumptions are wrong, I'm in BIG trouble...
610 	 */
611 
612 	q->q_ptr = espstack;
613 	WR(q)->q_ptr = q->q_ptr;
614 
615 	if (espstack->esp_sadb.s_ip_q == NULL) {
616 		struct T_unbind_req *tur;
617 
618 		espstack->esp_sadb.s_ip_q = WR(q);
619 		/* Allocate an unbind... */
620 		espstack->esp_ip_unbind = allocb(sizeof (struct T_unbind_req),
621 		    BPRI_HI);
622 
623 		/*
624 		 * Send down T_BIND_REQ to bind IPPROTO_ESP.
625 		 * Handle the ACK here in ESP.
626 		 */
627 		qprocson(q);
628 		if (espstack->esp_ip_unbind == NULL ||
629 		    !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) {
630 			if (espstack->esp_ip_unbind != NULL) {
631 				freeb(espstack->esp_ip_unbind);
632 				espstack->esp_ip_unbind = NULL;
633 			}
634 			q->q_ptr = NULL;
635 			netstack_rele(espstack->ipsecesp_netstack);
636 			return (ENOMEM);
637 		}
638 
639 		espstack->esp_ip_unbind->b_datap->db_type = M_PROTO;
640 		tur = (struct T_unbind_req *)espstack->esp_ip_unbind->b_rptr;
641 		tur->PRIM_type = T_UNBIND_REQ;
642 	} else {
643 		qprocson(q);
644 	}
645 
646 	/*
647 	 * For now, there's not much I can do.  I'll be getting a message
648 	 * passed down to me from keysock (in my wput), and a T_BIND_ACK
649 	 * up from IP (in my rput).
650 	 */
651 
652 	return (0);
653 }
654 
655 /*
656  * ESP module close routine.
657  */
658 static int
659 ipsecesp_close(queue_t *q)
660 {
661 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
662 
663 	/*
664 	 * If esp_sadb.s_ip_q is attached to this instance, send a
665 	 * T_UNBIND_REQ to IP for the instance before doing
666 	 * a qprocsoff().
667 	 */
668 	if (WR(q) == espstack->esp_sadb.s_ip_q &&
669 	    espstack->esp_ip_unbind != NULL) {
670 		putnext(WR(q), espstack->esp_ip_unbind);
671 		espstack->esp_ip_unbind = NULL;
672 	}
673 
674 	/*
675 	 * Clean up q_ptr, if needed.
676 	 */
677 	qprocsoff(q);
678 
679 	/* Keysock queue check is safe, because of OCEXCL perimeter. */
680 
681 	if (q == espstack->esp_pfkey_q) {
682 		esp1dbg(espstack,
683 		    ("ipsecesp_close:  Ummm... keysock is closing ESP.\n"));
684 		espstack->esp_pfkey_q = NULL;
685 		/* Detach qtimeouts. */
686 		(void) quntimeout(q, espstack->esp_event);
687 	}
688 
689 	if (WR(q) == espstack->esp_sadb.s_ip_q) {
690 		/*
691 		 * If the esp_sadb.s_ip_q is attached to this instance, find
692 		 * another.  The OCEXCL outer perimeter helps us here.
693 		 */
694 		espstack->esp_sadb.s_ip_q = NULL;
695 
696 		/*
697 		 * Find a replacement queue for esp_sadb.s_ip_q.
698 		 */
699 		if (espstack->esp_pfkey_q != NULL &&
700 		    espstack->esp_pfkey_q != RD(q)) {
701 			/*
702 			 * See if we can use the pfkey_q.
703 			 */
704 			espstack->esp_sadb.s_ip_q = WR(espstack->esp_pfkey_q);
705 		}
706 
707 		if (espstack->esp_sadb.s_ip_q == NULL ||
708 		    !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) {
709 			esp1dbg(espstack, ("ipsecesp: Can't reassign ip_q.\n"));
710 			espstack->esp_sadb.s_ip_q = NULL;
711 		} else {
712 			espstack->esp_ip_unbind =
713 			    allocb(sizeof (struct T_unbind_req), BPRI_HI);
714 
715 			if (espstack->esp_ip_unbind != NULL) {
716 				struct T_unbind_req *tur;
717 
718 				espstack->esp_ip_unbind->b_datap->db_type =
719 				    M_PROTO;
720 				tur = (struct T_unbind_req *)
721 				    espstack->esp_ip_unbind->b_rptr;
722 				tur->PRIM_type = T_UNBIND_REQ;
723 			}
724 			/* If it's NULL, I can't do much here. */
725 		}
726 	}
727 
728 	netstack_rele(espstack->ipsecesp_netstack);
729 	return (0);
730 }
731 
732 /*
733  * Add a number of bytes to what the SA has protected so far.  Return
734  * B_TRUE if the SA can still protect that many bytes.
735  *
736  * Caller must REFRELE the passed-in assoc.  This function must REFRELE
737  * any obtained peer SA.
738  */
739 static boolean_t
740 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound)
741 {
742 	ipsa_t *inassoc, *outassoc;
743 	isaf_t *bucket;
744 	boolean_t inrc, outrc, isv6;
745 	sadb_t *sp;
746 	int outhash;
747 	netstack_t		*ns = assoc->ipsa_netstack;
748 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
749 
750 	/* No peer?  No problem! */
751 	if (!assoc->ipsa_haspeer) {
752 		return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes,
753 		    B_TRUE));
754 	}
755 
756 	/*
757 	 * Otherwise, we want to grab both the original assoc and its peer.
758 	 * There might be a race for this, but if it's a real race, two
759 	 * expire messages may occur.  We limit this by only sending the
760 	 * expire message on one of the peers, we'll pick the inbound
761 	 * arbitrarily.
762 	 *
763 	 * If we need tight synchronization on the peer SA, then we need to
764 	 * reconsider.
765 	 */
766 
767 	/* Use address length to select IPv6/IPv4 */
768 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
769 	sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
770 
771 	if (inbound) {
772 		inassoc = assoc;
773 		if (isv6) {
774 			outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
775 			    &inassoc->ipsa_dstaddr));
776 		} else {
777 			outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
778 			    &inassoc->ipsa_dstaddr));
779 		}
780 		bucket = &sp->sdb_of[outhash];
781 		mutex_enter(&bucket->isaf_lock);
782 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
783 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
784 		    inassoc->ipsa_addrfam);
785 		mutex_exit(&bucket->isaf_lock);
786 		if (outassoc == NULL) {
787 			/* Q: Do we wish to set haspeer == B_FALSE? */
788 			esp0dbg(("esp_age_bytes: "
789 			    "can't find peer for inbound.\n"));
790 			return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc,
791 			    bytes, B_TRUE));
792 		}
793 	} else {
794 		outassoc = assoc;
795 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
796 		mutex_enter(&bucket->isaf_lock);
797 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
798 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
799 		    outassoc->ipsa_addrfam);
800 		mutex_exit(&bucket->isaf_lock);
801 		if (inassoc == NULL) {
802 			/* Q: Do we wish to set haspeer == B_FALSE? */
803 			esp0dbg(("esp_age_bytes: "
804 			    "can't find peer for outbound.\n"));
805 			return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc,
806 			    bytes, B_TRUE));
807 		}
808 	}
809 
810 	inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE);
811 	outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE);
812 
813 	/*
814 	 * REFRELE any peer SA.
815 	 *
816 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
817 	 * them in { }.
818 	 */
819 	if (inbound) {
820 		IPSA_REFRELE(outassoc);
821 	} else {
822 		IPSA_REFRELE(inassoc);
823 	}
824 
825 	return (inrc && outrc);
826 }
827 
828 /*
829  * Do incoming NAT-T manipulations for packet.
830  */
831 static ipsec_status_t
832 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc)
833 {
834 	ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
835 	tcpha_t *tcph;
836 	udpha_t *udpha;
837 	/* Initialize to our inbound cksum adjustment... */
838 	uint32_t sum = assoc->ipsa_inbound_cksum;
839 
840 	switch (ipha->ipha_protocol) {
841 	case IPPROTO_TCP:
842 		tcph = (tcpha_t *)(data_mp->b_rptr +
843 		    IPH_HDR_LENGTH(ipha));
844 
845 #define	DOWN_SUM(x) (x) = ((x) & 0xFFFF) +	 ((x) >> 16)
846 		sum += ~ntohs(tcph->tha_sum) & 0xFFFF;
847 		DOWN_SUM(sum);
848 		DOWN_SUM(sum);
849 		tcph->tha_sum = ~htons(sum);
850 		break;
851 	case IPPROTO_UDP:
852 		udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha));
853 
854 		if (udpha->uha_checksum != 0) {
855 			/* Adujst if the inbound one was not zero. */
856 			sum += ~ntohs(udpha->uha_checksum) & 0xFFFF;
857 			DOWN_SUM(sum);
858 			DOWN_SUM(sum);
859 			udpha->uha_checksum = ~htons(sum);
860 			if (udpha->uha_checksum == 0)
861 				udpha->uha_checksum = 0xFFFF;
862 		}
863 #undef DOWN_SUM
864 		break;
865 	case IPPROTO_IP:
866 		/*
867 		 * This case is only an issue for self-encapsulated
868 		 * packets.  So for now, fall through.
869 		 */
870 		break;
871 	}
872 	return (IPSEC_STATUS_SUCCESS);
873 }
874 
875 
876 /*
877  * Strip ESP header, check padding, and fix IP header.
878  * Returns B_TRUE on success, B_FALSE if an error occured.
879  */
880 static boolean_t
881 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen,
882     kstat_named_t **counter, ipsecesp_stack_t *espstack)
883 {
884 	ipha_t *ipha;
885 	ip6_t *ip6h;
886 	uint_t divpoint;
887 	mblk_t *scratch;
888 	uint8_t nexthdr, padlen;
889 	uint8_t lastpad;
890 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
891 	uint8_t *lastbyte;
892 
893 	/*
894 	 * Strip ESP data and fix IP header.
895 	 *
896 	 * XXX In case the beginning of esp_inbound() changes to not do a
897 	 * pullup, this part of the code can remain unchanged.
898 	 */
899 	if (isv4) {
900 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t));
901 		ipha = (ipha_t *)data_mp->b_rptr;
902 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) +
903 		    IPH_HDR_LENGTH(ipha));
904 		divpoint = IPH_HDR_LENGTH(ipha);
905 	} else {
906 		ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t));
907 		ip6h = (ip6_t *)data_mp->b_rptr;
908 		divpoint = ip_hdr_length_v6(data_mp, ip6h);
909 	}
910 
911 	scratch = data_mp;
912 	while (scratch->b_cont != NULL)
913 		scratch = scratch->b_cont;
914 
915 	ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3);
916 
917 	/*
918 	 * "Next header" and padding length are the last two bytes in the
919 	 * ESP-protected datagram, thus the explicit - 1 and - 2.
920 	 * lastpad is the last byte of the padding, which can be used for
921 	 * a quick check to see if the padding is correct.
922 	 */
923 	lastbyte = scratch->b_wptr - 1;
924 	nexthdr = *lastbyte--;
925 	padlen = *lastbyte--;
926 
927 	if (isv4) {
928 		/* Fix part of the IP header. */
929 		ipha->ipha_protocol = nexthdr;
930 		/*
931 		 * Reality check the padlen.  The explicit - 2 is for the
932 		 * padding length and the next-header bytes.
933 		 */
934 		if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 -
935 		    sizeof (esph_t) - ivlen) {
936 			ESP_BUMP_STAT(espstack, bad_decrypt);
937 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
938 			    info.mi_idnum, 0, 0,
939 			    SL_ERROR | SL_WARN,
940 			    "Corrupt ESP packet (padlen too big).\n");
941 			esp1dbg(espstack, ("padlen (%d) is greater than:\n",
942 			    padlen));
943 			esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp "
944 			    "hdr - ivlen(%d) = %d.\n",
945 			    ntohs(ipha->ipha_length), ivlen,
946 			    (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) -
947 			    2 - sizeof (esph_t) - ivlen)));
948 			*counter = DROPPER(ipss, ipds_esp_bad_padlen);
949 			return (B_FALSE);
950 		}
951 
952 		/*
953 		 * Fix the rest of the header.  The explicit - 2 is for the
954 		 * padding length and the next-header bytes.
955 		 */
956 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen -
957 		    2 - sizeof (esph_t) - ivlen);
958 		ipha->ipha_hdr_checksum = 0;
959 		ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
960 	} else {
961 		if (ip6h->ip6_nxt == IPPROTO_ESP) {
962 			ip6h->ip6_nxt = nexthdr;
963 		} else {
964 			ip6_pkt_t ipp;
965 
966 			bzero(&ipp, sizeof (ipp));
967 			(void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL);
968 			if (ipp.ipp_dstopts != NULL) {
969 				ipp.ipp_dstopts->ip6d_nxt = nexthdr;
970 			} else if (ipp.ipp_rthdr != NULL) {
971 				ipp.ipp_rthdr->ip6r_nxt = nexthdr;
972 			} else if (ipp.ipp_hopopts != NULL) {
973 				ipp.ipp_hopopts->ip6h_nxt = nexthdr;
974 			} else {
975 				/* Panic a DEBUG kernel. */
976 				ASSERT(ipp.ipp_hopopts != NULL);
977 				/* Otherwise, pretend it's IP + ESP. */
978 				cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n");
979 				ip6h->ip6_nxt = nexthdr;
980 			}
981 		}
982 
983 		if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) -
984 		    ivlen) {
985 			ESP_BUMP_STAT(espstack, bad_decrypt);
986 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
987 			    info.mi_idnum, 0, 0,
988 			    SL_ERROR | SL_WARN,
989 			    "Corrupt ESP packet (v6 padlen too big).\n");
990 			esp1dbg(espstack, ("padlen (%d) is greater than:\n",
991 			    padlen));
992 			esp1dbg(espstack,
993 			    ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = "
994 			    "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen)
995 			    + sizeof (ip6_t)), ivlen,
996 			    (unsigned)(ntohs(ip6h->ip6_plen) - 2 -
997 			    sizeof (esph_t) - ivlen)));
998 			*counter = DROPPER(ipss, ipds_esp_bad_padlen);
999 			return (B_FALSE);
1000 		}
1001 
1002 
1003 		/*
1004 		 * Fix the rest of the header.  The explicit - 2 is for the
1005 		 * padding length and the next-header bytes.  IPv6 is nice,
1006 		 * because there's no hdr checksum!
1007 		 */
1008 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen -
1009 		    2 - sizeof (esph_t) - ivlen);
1010 	}
1011 
1012 	if (espstack->ipsecesp_padding_check > 0 && padlen > 0) {
1013 		/*
1014 		 * Weak padding check: compare last-byte to length, they
1015 		 * should be equal.
1016 		 */
1017 		lastpad = *lastbyte--;
1018 
1019 		if (padlen != lastpad) {
1020 			ipsec_rl_strlog(espstack->ipsecesp_netstack,
1021 			    info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
1022 			    "Corrupt ESP packet (lastpad != padlen).\n");
1023 			esp1dbg(espstack,
1024 			    ("lastpad (%d) not equal to padlen (%d):\n",
1025 			    lastpad, padlen));
1026 			ESP_BUMP_STAT(espstack, bad_padding);
1027 			*counter = DROPPER(ipss, ipds_esp_bad_padding);
1028 			return (B_FALSE);
1029 		}
1030 
1031 		/*
1032 		 * Strong padding check: Check all pad bytes to see that
1033 		 * they're ascending.  Go backwards using a descending counter
1034 		 * to verify.  padlen == 1 is checked by previous block, so
1035 		 * only bother if we've more than 1 byte of padding.
1036 		 * Consequently, start the check one byte before the location
1037 		 * of "lastpad".
1038 		 */
1039 		if (espstack->ipsecesp_padding_check > 1) {
1040 			/*
1041 			 * This assert may have to become an if and a pullup
1042 			 * if we start accepting multi-dblk mblks. For now,
1043 			 * though, any packet here will have been pulled up in
1044 			 * esp_inbound.
1045 			 */
1046 			ASSERT(MBLKL(scratch) >= lastpad + 3);
1047 
1048 			/*
1049 			 * Use "--lastpad" because we already checked the very
1050 			 * last pad byte previously.
1051 			 */
1052 			while (--lastpad != 0) {
1053 				if (lastpad != *lastbyte) {
1054 					ipsec_rl_strlog(
1055 					    espstack->ipsecesp_netstack,
1056 					    info.mi_idnum, 0, 0,
1057 					    SL_ERROR | SL_WARN, "Corrupt ESP "
1058 					    "packet (bad padding).\n");
1059 					esp1dbg(espstack,
1060 					    ("padding not in correct"
1061 					    " format:\n"));
1062 					ESP_BUMP_STAT(espstack, bad_padding);
1063 					*counter = DROPPER(ipss,
1064 					    ipds_esp_bad_padding);
1065 					return (B_FALSE);
1066 				}
1067 				lastbyte--;
1068 			}
1069 		}
1070 	}
1071 
1072 	/* Trim off the padding. */
1073 	ASSERT(data_mp->b_cont == NULL);
1074 	data_mp->b_wptr -= (padlen + 2);
1075 
1076 	/*
1077 	 * Remove the ESP header.
1078 	 *
1079 	 * The above assertions about data_mp's size will make this work.
1080 	 *
1081 	 * XXX  Question:  If I send up and get back a contiguous mblk,
1082 	 * would it be quicker to bcopy over, or keep doing the dupb stuff?
1083 	 * I go with copying for now.
1084 	 */
1085 
1086 	if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) &&
1087 	    IS_P2ALIGNED(ivlen, sizeof (uint32_t))) {
1088 		uint8_t *start = data_mp->b_rptr;
1089 		uint32_t *src, *dst;
1090 
1091 		src = (uint32_t *)(start + divpoint);
1092 		dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen);
1093 
1094 		ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1095 		    IS_P2ALIGNED(src, sizeof (uint32_t)));
1096 
1097 		do {
1098 			src--;
1099 			dst--;
1100 			*dst = *src;
1101 		} while (src != (uint32_t *)start);
1102 
1103 		data_mp->b_rptr = (uchar_t *)dst;
1104 	} else {
1105 		uint8_t *start = data_mp->b_rptr;
1106 		uint8_t *src, *dst;
1107 
1108 		src = start + divpoint;
1109 		dst = src + sizeof (esph_t) + ivlen;
1110 
1111 		do {
1112 			src--;
1113 			dst--;
1114 			*dst = *src;
1115 		} while (src != start);
1116 
1117 		data_mp->b_rptr = dst;
1118 	}
1119 
1120 	esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n"));
1121 	esp2dbg(espstack, (dump_msg(data_mp)));
1122 
1123 	return (B_TRUE);
1124 }
1125 
1126 /*
1127  * Updating use times can be tricky business if the ipsa_haspeer flag is
1128  * set.  This function is called once in an SA's lifetime.
1129  *
1130  * Caller has to REFRELE "assoc" which is passed in.  This function has
1131  * to REFRELE any peer SA that is obtained.
1132  */
1133 static void
1134 esp_set_usetime(ipsa_t *assoc, boolean_t inbound)
1135 {
1136 	ipsa_t *inassoc, *outassoc;
1137 	isaf_t *bucket;
1138 	sadb_t *sp;
1139 	int outhash;
1140 	boolean_t isv6;
1141 	netstack_t		*ns = assoc->ipsa_netstack;
1142 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
1143 
1144 	/* No peer?  No problem! */
1145 	if (!assoc->ipsa_haspeer) {
1146 		sadb_set_usetime(assoc);
1147 		return;
1148 	}
1149 
1150 	/*
1151 	 * Otherwise, we want to grab both the original assoc and its peer.
1152 	 * There might be a race for this, but if it's a real race, the times
1153 	 * will be out-of-synch by at most a second, and since our time
1154 	 * granularity is a second, this won't be a problem.
1155 	 *
1156 	 * If we need tight synchronization on the peer SA, then we need to
1157 	 * reconsider.
1158 	 */
1159 
1160 	/* Use address length to select IPv6/IPv4 */
1161 	isv6 = (assoc->ipsa_addrfam == AF_INET6);
1162 	sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
1163 
1164 	if (inbound) {
1165 		inassoc = assoc;
1166 		if (isv6) {
1167 			outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
1168 			    &inassoc->ipsa_dstaddr));
1169 		} else {
1170 			outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
1171 			    &inassoc->ipsa_dstaddr));
1172 		}
1173 		bucket = &sp->sdb_of[outhash];
1174 		mutex_enter(&bucket->isaf_lock);
1175 		outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1176 		    inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1177 		    inassoc->ipsa_addrfam);
1178 		mutex_exit(&bucket->isaf_lock);
1179 		if (outassoc == NULL) {
1180 			/* Q: Do we wish to set haspeer == B_FALSE? */
1181 			esp0dbg(("esp_set_usetime: "
1182 			    "can't find peer for inbound.\n"));
1183 			sadb_set_usetime(inassoc);
1184 			return;
1185 		}
1186 	} else {
1187 		outassoc = assoc;
1188 		bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1189 		mutex_enter(&bucket->isaf_lock);
1190 		inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1191 		    outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1192 		    outassoc->ipsa_addrfam);
1193 		mutex_exit(&bucket->isaf_lock);
1194 		if (inassoc == NULL) {
1195 			/* Q: Do we wish to set haspeer == B_FALSE? */
1196 			esp0dbg(("esp_set_usetime: "
1197 			    "can't find peer for outbound.\n"));
1198 			sadb_set_usetime(outassoc);
1199 			return;
1200 		}
1201 	}
1202 
1203 	/* Update usetime on both. */
1204 	sadb_set_usetime(inassoc);
1205 	sadb_set_usetime(outassoc);
1206 
1207 	/*
1208 	 * REFRELE any peer SA.
1209 	 *
1210 	 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1211 	 * them in { }.
1212 	 */
1213 	if (inbound) {
1214 		IPSA_REFRELE(outassoc);
1215 	} else {
1216 		IPSA_REFRELE(inassoc);
1217 	}
1218 }
1219 
1220 /*
1221  * Handle ESP inbound data for IPv4 and IPv6.
1222  * On success returns B_TRUE, on failure returns B_FALSE and frees the
1223  * mblk chain ipsec_in_mp.
1224  */
1225 ipsec_status_t
1226 esp_inbound(mblk_t *ipsec_in_mp, void *arg)
1227 {
1228 	mblk_t *data_mp = ipsec_in_mp->b_cont;
1229 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr;
1230 	esph_t *esph = (esph_t *)arg;
1231 	ipsa_t *ipsa = ii->ipsec_in_esp_sa;
1232 	netstack_t	*ns = ii->ipsec_in_ns;
1233 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1234 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1235 
1236 	/*
1237 	 * We may wish to check replay in-range-only here as an optimization.
1238 	 * Include the reality check of ipsa->ipsa_replay >
1239 	 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
1240 	 * where N == ipsa->ipsa_replay_wsize.
1241 	 *
1242 	 * Another check that may come here later is the "collision" check.
1243 	 * If legitimate packets flow quickly enough, this won't be a problem,
1244 	 * but collisions may cause authentication algorithm crunching to
1245 	 * take place when it doesn't need to.
1246 	 */
1247 	if (!sadb_replay_peek(ipsa, esph->esph_replay)) {
1248 		ESP_BUMP_STAT(espstack, replay_early_failures);
1249 		IP_ESP_BUMP_STAT(ipss, in_discards);
1250 		/*
1251 		 * TODO: Extract inbound interface from the IPSEC_IN
1252 		 * message's ii->ipsec_in_rill_index.
1253 		 */
1254 		ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL,
1255 		    DROPPER(ipss, ipds_esp_early_replay),
1256 		    &espstack->esp_dropper);
1257 		return (IPSEC_STATUS_FAILED);
1258 	}
1259 
1260 	/*
1261 	 * Has this packet already been processed by a hardware
1262 	 * IPsec accelerator?
1263 	 */
1264 	if (ii->ipsec_in_accelerated) {
1265 		ipsec_status_t rv;
1266 		esp3dbg(espstack,
1267 		    ("esp_inbound: pkt processed by ill=%d isv6=%d\n",
1268 		    ii->ipsec_in_ill_index, !ii->ipsec_in_v4));
1269 		rv = esp_inbound_accelerated(ipsec_in_mp,
1270 		    data_mp, ii->ipsec_in_v4, ipsa);
1271 		return (rv);
1272 	}
1273 	ESP_BUMP_STAT(espstack, noaccel);
1274 
1275 	/*
1276 	 * Adjust the IP header's payload length to reflect the removal
1277 	 * of the ICV.
1278 	 */
1279 	if (!ii->ipsec_in_v4) {
1280 		ip6_t *ip6h = (ip6_t *)data_mp->b_rptr;
1281 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) -
1282 		    ipsa->ipsa_mac_len);
1283 	} else {
1284 		ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
1285 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) -
1286 		    ipsa->ipsa_mac_len);
1287 	}
1288 
1289 	/* submit the request to the crypto framework */
1290 	return (esp_submit_req_inbound(ipsec_in_mp, ipsa,
1291 	    (uint8_t *)esph - data_mp->b_rptr));
1292 }
1293 
1294 /*
1295  * Perform the really difficult work of inserting the proposed situation.
1296  * Called while holding the algorithm lock.
1297  */
1298 static void
1299 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs)
1300 {
1301 	sadb_comb_t *comb = (sadb_comb_t *)(prop + 1);
1302 	ipsec_out_t *io;
1303 	ipsec_action_t *ap;
1304 	ipsec_prot_t *prot;
1305 	netstack_t *ns;
1306 	ipsecesp_stack_t *espstack;
1307 	ipsec_stack_t *ipss;
1308 
1309 	io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr;
1310 	ASSERT(io->ipsec_out_type == IPSEC_OUT);
1311 	ns = io->ipsec_out_ns;
1312 	espstack = ns->netstack_ipsecesp;
1313 	ipss = ns->netstack_ipsec;
1314 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1315 
1316 	prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
1317 	prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
1318 	*(uint32_t *)(&prop->sadb_prop_replay) = 0;	/* Quick zero-out! */
1319 
1320 	prop->sadb_prop_replay = espstack->ipsecesp_replay_size;
1321 
1322 	/*
1323 	 * Based upon algorithm properties, and what-not, prioritize
1324 	 * a proposal.  If the IPSEC_OUT message has an algorithm specified,
1325 	 * use it first and foremost.
1326 	 *
1327 	 * For each action in policy list
1328 	 *   Add combination.  If I've hit limit, return.
1329 	 */
1330 
1331 	for (ap = acqrec->ipsacq_act; ap != NULL;
1332 	    ap = ap->ipa_next) {
1333 		ipsec_alginfo_t *ealg = NULL;
1334 		ipsec_alginfo_t *aalg = NULL;
1335 
1336 		if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY)
1337 			continue;
1338 
1339 		prot = &ap->ipa_act.ipa_apply;
1340 
1341 		if (!(prot->ipp_use_esp))
1342 			continue;
1343 
1344 		if (prot->ipp_esp_auth_alg != 0) {
1345 			aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
1346 			    [prot->ipp_esp_auth_alg];
1347 			if (aalg == NULL || !ALG_VALID(aalg))
1348 				continue;
1349 		}
1350 
1351 		ASSERT(prot->ipp_encr_alg > 0);
1352 		ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
1353 		    [prot->ipp_encr_alg];
1354 		if (ealg == NULL || !ALG_VALID(ealg))
1355 			continue;
1356 
1357 		comb->sadb_comb_flags = 0;
1358 		comb->sadb_comb_reserved = 0;
1359 		comb->sadb_comb_encrypt = ealg->alg_id;
1360 		comb->sadb_comb_encrypt_minbits =
1361 		    MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits);
1362 		comb->sadb_comb_encrypt_maxbits =
1363 		    MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits);
1364 		if (aalg == NULL) {
1365 			comb->sadb_comb_auth = 0;
1366 			comb->sadb_comb_auth_minbits = 0;
1367 			comb->sadb_comb_auth_maxbits = 0;
1368 		} else {
1369 			comb->sadb_comb_auth = aalg->alg_id;
1370 			comb->sadb_comb_auth_minbits =
1371 			    MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits);
1372 			comb->sadb_comb_auth_maxbits =
1373 			    MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits);
1374 		}
1375 
1376 		/*
1377 		 * The following may be based on algorithm
1378 		 * properties, but in the meantime, we just pick
1379 		 * some good, sensible numbers.  Key mgmt. can
1380 		 * (and perhaps should) be the place to finalize
1381 		 * such decisions.
1382 		 */
1383 
1384 		/*
1385 		 * No limits on allocations, since we really don't
1386 		 * support that concept currently.
1387 		 */
1388 		comb->sadb_comb_soft_allocations = 0;
1389 		comb->sadb_comb_hard_allocations = 0;
1390 
1391 		/*
1392 		 * These may want to come from policy rule..
1393 		 */
1394 		comb->sadb_comb_soft_bytes =
1395 		    espstack->ipsecesp_default_soft_bytes;
1396 		comb->sadb_comb_hard_bytes =
1397 		    espstack->ipsecesp_default_hard_bytes;
1398 		comb->sadb_comb_soft_addtime =
1399 		    espstack->ipsecesp_default_soft_addtime;
1400 		comb->sadb_comb_hard_addtime =
1401 		    espstack->ipsecesp_default_hard_addtime;
1402 		comb->sadb_comb_soft_usetime =
1403 		    espstack->ipsecesp_default_soft_usetime;
1404 		comb->sadb_comb_hard_usetime =
1405 		    espstack->ipsecesp_default_hard_usetime;
1406 
1407 		prop->sadb_prop_len += SADB_8TO64(sizeof (*comb));
1408 		if (--combs == 0)
1409 			break;	/* out of space.. */
1410 		comb++;
1411 	}
1412 }
1413 
1414 /*
1415  * Prepare and actually send the SADB_ACQUIRE message to PF_KEY.
1416  */
1417 static void
1418 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns)
1419 {
1420 	uint_t combs;
1421 	sadb_msg_t *samsg;
1422 	sadb_prop_t *prop;
1423 	mblk_t *pfkeymp, *msgmp;
1424 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1425 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1426 
1427 	ESP_BUMP_STAT(espstack, acquire_requests);
1428 
1429 	if (espstack->esp_pfkey_q == NULL) {
1430 		mutex_exit(&acqrec->ipsacq_lock);
1431 		return;
1432 	}
1433 
1434 	/* Set up ACQUIRE. */
1435 	pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP,
1436 	    ns->netstack_ipsec);
1437 	if (pfkeymp == NULL) {
1438 		esp0dbg(("sadb_setup_acquire failed.\n"));
1439 		mutex_exit(&acqrec->ipsacq_lock);
1440 		return;
1441 	}
1442 	ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1443 	combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] *
1444 	    ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
1445 	msgmp = pfkeymp->b_cont;
1446 	samsg = (sadb_msg_t *)(msgmp->b_rptr);
1447 
1448 	/* Insert proposal here. */
1449 
1450 	prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
1451 	esp_insert_prop(prop, acqrec, combs);
1452 	samsg->sadb_msg_len += prop->sadb_prop_len;
1453 	msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
1454 
1455 	mutex_exit(&ipss->ipsec_alg_lock);
1456 
1457 	/*
1458 	 * Must mutex_exit() before sending PF_KEY message up, in
1459 	 * order to avoid recursive mutex_enter() if there are no registered
1460 	 * listeners.
1461 	 *
1462 	 * Once I've sent the message, I'm cool anyway.
1463 	 */
1464 	mutex_exit(&acqrec->ipsacq_lock);
1465 	if (extended != NULL) {
1466 		putnext(espstack->esp_pfkey_q, extended);
1467 	}
1468 	putnext(espstack->esp_pfkey_q, pfkeymp);
1469 }
1470 
1471 /*
1472  * Handle the SADB_GETSPI message.  Create a larval SA.
1473  */
1474 static void
1475 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
1476 {
1477 	ipsa_t *newbie, *target;
1478 	isaf_t *outbound, *inbound;
1479 	int rc, diagnostic;
1480 	sadb_sa_t *assoc;
1481 	keysock_out_t *kso;
1482 	uint32_t newspi;
1483 
1484 	/*
1485 	 * Randomly generate a proposed SPI value
1486 	 */
1487 	(void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t));
1488 	newbie = sadb_getspi(ksi, newspi, &diagnostic,
1489 	    espstack->ipsecesp_netstack);
1490 
1491 	if (newbie == NULL) {
1492 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic,
1493 		    ksi->ks_in_serial);
1494 		return;
1495 	} else if (newbie == (ipsa_t *)-1) {
1496 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
1497 		    ksi->ks_in_serial);
1498 		return;
1499 	}
1500 
1501 	/*
1502 	 * XXX - We may randomly collide.  We really should recover from this.
1503 	 *	 Unfortunately, that could require spending way-too-much-time
1504 	 *	 in here.  For now, let the user retry.
1505 	 */
1506 
1507 	if (newbie->ipsa_addrfam == AF_INET6) {
1508 		outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6,
1509 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1510 		inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6,
1511 		    newbie->ipsa_spi);
1512 	} else {
1513 		ASSERT(newbie->ipsa_addrfam == AF_INET);
1514 		outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4,
1515 		    *(uint32_t *)(newbie->ipsa_dstaddr));
1516 		inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4,
1517 		    newbie->ipsa_spi);
1518 	}
1519 
1520 	mutex_enter(&outbound->isaf_lock);
1521 	mutex_enter(&inbound->isaf_lock);
1522 
1523 	/*
1524 	 * Check for collisions (i.e. did sadb_getspi() return with something
1525 	 * that already exists?).
1526 	 *
1527 	 * Try outbound first.  Even though SADB_GETSPI is traditionally
1528 	 * for inbound SAs, you never know what a user might do.
1529 	 */
1530 	target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi,
1531 	    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam);
1532 	if (target == NULL) {
1533 		target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi,
1534 		    newbie->ipsa_srcaddr, newbie->ipsa_dstaddr,
1535 		    newbie->ipsa_addrfam);
1536 	}
1537 
1538 	/*
1539 	 * I don't have collisions elsewhere!
1540 	 * (Nor will I because I'm still holding inbound/outbound locks.)
1541 	 */
1542 
1543 	if (target != NULL) {
1544 		rc = EEXIST;
1545 		IPSA_REFRELE(target);
1546 	} else {
1547 		/*
1548 		 * sadb_insertassoc() also checks for collisions, so
1549 		 * if there's a colliding entry, rc will be set
1550 		 * to EEXIST.
1551 		 */
1552 		rc = sadb_insertassoc(newbie, inbound);
1553 		newbie->ipsa_hardexpiretime = gethrestime_sec();
1554 		newbie->ipsa_hardexpiretime +=
1555 		    espstack->ipsecesp_larval_timeout;
1556 	}
1557 
1558 	/*
1559 	 * Can exit outbound mutex.  Hold inbound until we're done
1560 	 * with newbie.
1561 	 */
1562 	mutex_exit(&outbound->isaf_lock);
1563 
1564 	if (rc != 0) {
1565 		mutex_exit(&inbound->isaf_lock);
1566 		IPSA_REFRELE(newbie);
1567 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc,
1568 		    SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial);
1569 		return;
1570 	}
1571 
1572 
1573 	/* Can write here because I'm still holding the bucket lock. */
1574 	newbie->ipsa_type = SADB_SATYPE_ESP;
1575 
1576 	/*
1577 	 * Construct successful return message. We have one thing going
1578 	 * for us in PF_KEY v2.  That's the fact that
1579 	 *	sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1580 	 */
1581 	assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE];
1582 	assoc->sadb_sa_exttype = SADB_EXT_SA;
1583 	assoc->sadb_sa_spi = newbie->ipsa_spi;
1584 	*((uint64_t *)(&assoc->sadb_sa_replay)) = 0;
1585 	mutex_exit(&inbound->isaf_lock);
1586 
1587 	/* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1588 	kso = (keysock_out_t *)ksi;
1589 	kso->ks_out_len = sizeof (*kso);
1590 	kso->ks_out_serial = ksi->ks_in_serial;
1591 	kso->ks_out_type = KEYSOCK_OUT;
1592 
1593 	/*
1594 	 * Can safely putnext() to esp_pfkey_q, because this is a turnaround
1595 	 * from the esp_pfkey_q.
1596 	 */
1597 	putnext(espstack->esp_pfkey_q, mp);
1598 }
1599 
1600 /*
1601  * Insert the ESP header into a packet.  Duplicate an mblk, and insert a newly
1602  * allocated mblk with the ESP header in between the two.
1603  */
1604 static boolean_t
1605 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint,
1606     ipsecesp_stack_t *espstack)
1607 {
1608 	mblk_t *split_mp = mp;
1609 	uint_t wheretodiv = divpoint;
1610 
1611 	while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) {
1612 		wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr);
1613 		split_mp = split_mp->b_cont;
1614 		ASSERT(split_mp != NULL);
1615 	}
1616 
1617 	if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) {
1618 		mblk_t *scratch;
1619 
1620 		/* "scratch" is the 2nd half, split_mp is the first. */
1621 		scratch = dupb(split_mp);
1622 		if (scratch == NULL) {
1623 			esp1dbg(espstack,
1624 			    ("esp_insert_esp: can't allocate scratch.\n"));
1625 			return (B_FALSE);
1626 		}
1627 		/* NOTE:  dupb() doesn't set b_cont appropriately. */
1628 		scratch->b_cont = split_mp->b_cont;
1629 		scratch->b_rptr += wheretodiv;
1630 		split_mp->b_wptr = split_mp->b_rptr + wheretodiv;
1631 		split_mp->b_cont = scratch;
1632 	}
1633 	/*
1634 	 * At this point, split_mp is exactly "wheretodiv" bytes long, and
1635 	 * holds the end of the pre-ESP part of the datagram.
1636 	 */
1637 	esp_mp->b_cont = split_mp->b_cont;
1638 	split_mp->b_cont = esp_mp;
1639 
1640 	return (B_TRUE);
1641 }
1642 
1643 /*
1644  * Section 7 of RFC 3947 says:
1645  *
1646  * 7.  Recovering from the Expiring NAT Mappings
1647  *
1648  *    There are cases where NAT box decides to remove mappings that are still
1649  *    alive (for example, when the keepalive interval is too long, or when the
1650  *    NAT box is rebooted).  To recover from this, ends that are NOT behind
1651  *    NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from
1652  *    the other end to determine which IP and port addresses should be used.
1653  *    The host behind dynamic NAT MUST NOT do this, as otherwise it opens a
1654  *    DoS attack possibility because the IP address or port of the other host
1655  *    will not change (it is not behind NAT).
1656  *
1657  *    Keepalives cannot be used for these purposes, as they are not
1658  *    authenticated, but any IKE authenticated IKE packet or ESP packet can be
1659  *    used to detect whether the IP address or the port has changed.
1660  *
1661  * The following function will check an SA and its explicitly-set pair to see
1662  * if the NAT-T remote port matches the received packet (which must have
1663  * passed ESP authentication, see esp_in_done() for the caller context).  If
1664  * there is a mismatch, the SAs are updated.  It is not important if we race
1665  * with a transmitting thread, as if there is a transmitting thread, it will
1666  * merely emit a packet that will most-likely be dropped.
1667  *
1668  * "ports" are ordered src,dst, and assoc is an inbound SA, where src should
1669  * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port.
1670  */
1671 #ifdef _LITTLE_ENDIAN
1672 #define	FIRST_16(x) ((x) & 0xFFFF)
1673 #define	NEXT_16(x) (((x) >> 16) & 0xFFFF)
1674 #else
1675 #define	FIRST_16(x) (((x) >> 16) & 0xFFFF)
1676 #define	NEXT_16(x) ((x) & 0xFFFF)
1677 #endif
1678 static void
1679 esp_port_freshness(uint32_t ports, ipsa_t *assoc)
1680 {
1681 	uint16_t remote = FIRST_16(ports);
1682 	uint16_t local = NEXT_16(ports);
1683 	ipsa_t *outbound_peer;
1684 	isaf_t *bucket;
1685 	ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp;
1686 
1687 	/* We found a conn_t, therefore local != 0. */
1688 	ASSERT(local != 0);
1689 	/* Assume an IPv4 SA. */
1690 	ASSERT(assoc->ipsa_addrfam == AF_INET);
1691 
1692 	/*
1693 	 * On-the-wire rport == 0 means something's very wrong.
1694 	 * An unpaired SA is also useless to us.
1695 	 * If we are behind the NAT, don't bother.
1696 	 * A zero local NAT port defaults to 4500, so check that too.
1697 	 * And, of course, if the ports already match, we don't need to
1698 	 * bother.
1699 	 */
1700 	if (remote == 0 || assoc->ipsa_otherspi == 0 ||
1701 	    (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) ||
1702 	    (assoc->ipsa_remote_nat_port == 0 &&
1703 	    remote == htons(IPPORT_IKE_NATT)) ||
1704 	    remote == assoc->ipsa_remote_nat_port)
1705 		return;
1706 
1707 	/* Try and snag the peer.   NOTE:  Assume IPv4 for now. */
1708 	bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4),
1709 	    assoc->ipsa_srcaddr[0]);
1710 	mutex_enter(&bucket->isaf_lock);
1711 	outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi,
1712 	    assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET);
1713 	mutex_exit(&bucket->isaf_lock);
1714 
1715 	/* We probably lost a race to a deleting or expiring thread. */
1716 	if (outbound_peer == NULL)
1717 		return;
1718 
1719 	/*
1720 	 * Hold the mutexes for both SAs so we don't race another inbound
1721 	 * thread.  A lock-entry order shouldn't matter, since all other
1722 	 * per-ipsa locks are individually held-then-released.
1723 	 *
1724 	 * Luckily, this has nothing to do with the remote-NAT address,
1725 	 * so we don't have to re-scribble the cached-checksum differential.
1726 	 */
1727 	mutex_enter(&outbound_peer->ipsa_lock);
1728 	mutex_enter(&assoc->ipsa_lock);
1729 	outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port =
1730 	    remote;
1731 	mutex_exit(&assoc->ipsa_lock);
1732 	mutex_exit(&outbound_peer->ipsa_lock);
1733 	IPSA_REFRELE(outbound_peer);
1734 	ESP_BUMP_STAT(espstack, sa_port_renumbers);
1735 }
1736 
1737 /*
1738  * Finish processing of an inbound ESP packet after processing by the
1739  * crypto framework.
1740  * - Remove the ESP header.
1741  * - Send packet back to IP.
1742  * If authentication was performed on the packet, this function is called
1743  * only if the authentication succeeded.
1744  * On success returns B_TRUE, on failure returns B_FALSE and frees the
1745  * mblk chain ipsec_in_mp.
1746  */
1747 static ipsec_status_t
1748 esp_in_done(mblk_t *ipsec_in_mp)
1749 {
1750 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr;
1751 	mblk_t *data_mp;
1752 	ipsa_t *assoc;
1753 	uint_t espstart;
1754 	uint32_t ivlen = 0;
1755 	uint_t processed_len;
1756 	esph_t *esph;
1757 	kstat_named_t *counter;
1758 	boolean_t is_natt;
1759 	netstack_t	*ns = ii->ipsec_in_ns;
1760 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1761 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1762 
1763 	assoc = ii->ipsec_in_esp_sa;
1764 	ASSERT(assoc != NULL);
1765 
1766 	is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
1767 
1768 	/* get the pointer to the ESP header */
1769 	if (assoc->ipsa_encr_alg == SADB_EALG_NULL) {
1770 		/* authentication-only ESP */
1771 		espstart = ii->ipsec_in_crypto_data.cd_offset;
1772 		processed_len = ii->ipsec_in_crypto_data.cd_length;
1773 	} else {
1774 		/* encryption present */
1775 		ivlen = assoc->ipsa_iv_len;
1776 		if (assoc->ipsa_auth_alg == SADB_AALG_NONE) {
1777 			/* encryption-only ESP */
1778 			espstart = ii->ipsec_in_crypto_data.cd_offset -
1779 			    sizeof (esph_t) - assoc->ipsa_iv_len;
1780 			processed_len = ii->ipsec_in_crypto_data.cd_length +
1781 			    ivlen;
1782 		} else {
1783 			/* encryption with authentication */
1784 			espstart = ii->ipsec_in_crypto_dual_data.dd_offset1;
1785 			processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 +
1786 			    ivlen;
1787 		}
1788 	}
1789 
1790 	data_mp = ipsec_in_mp->b_cont;
1791 	esph = (esph_t *)(data_mp->b_rptr + espstart);
1792 
1793 	if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) {
1794 		/* authentication passed if we reach this point */
1795 		ESP_BUMP_STAT(espstack, good_auth);
1796 		data_mp->b_wptr -= assoc->ipsa_mac_len;
1797 
1798 		/*
1799 		 * Check replay window here!
1800 		 * For right now, assume keysock will set the replay window
1801 		 * size to zero for SAs that have an unspecified sender.
1802 		 * This may change...
1803 		 */
1804 
1805 		if (!sadb_replay_check(assoc, esph->esph_replay)) {
1806 			/*
1807 			 * Log the event. As of now we print out an event.
1808 			 * Do not print the replay failure number, or else
1809 			 * syslog cannot collate the error messages.  Printing
1810 			 * the replay number that failed opens a denial-of-
1811 			 * service attack.
1812 			 */
1813 			ipsec_assocfailure(info.mi_idnum, 0, 0,
1814 			    SL_ERROR | SL_WARN,
1815 			    "Replay failed for ESP spi 0x%x, dst %s.\n",
1816 			    assoc->ipsa_spi, assoc->ipsa_dstaddr,
1817 			    assoc->ipsa_addrfam, espstack->ipsecesp_netstack);
1818 			ESP_BUMP_STAT(espstack, replay_failures);
1819 			counter = DROPPER(ipss, ipds_esp_replay);
1820 			goto drop_and_bail;
1821 		}
1822 
1823 		if (is_natt)
1824 			esp_port_freshness(ii->ipsec_in_esp_udp_ports, assoc);
1825 	}
1826 
1827 	esp_set_usetime(assoc, B_TRUE);
1828 
1829 	if (!esp_age_bytes(assoc, processed_len, B_TRUE)) {
1830 		/* The ipsa has hit hard expiration, LOG and AUDIT. */
1831 		ipsec_assocfailure(info.mi_idnum, 0, 0,
1832 		    SL_ERROR | SL_WARN,
1833 		    "ESP association 0x%x, dst %s had bytes expire.\n",
1834 		    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1835 		    espstack->ipsecesp_netstack);
1836 		ESP_BUMP_STAT(espstack, bytes_expired);
1837 		counter = DROPPER(ipss, ipds_esp_bytes_expire);
1838 		goto drop_and_bail;
1839 	}
1840 
1841 	/*
1842 	 * Remove ESP header and padding from packet.  I hope the compiler
1843 	 * spews "branch, predict taken" code for this.
1844 	 */
1845 
1846 	if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter,
1847 	    espstack)) {
1848 		if (is_natt)
1849 			return (esp_fix_natt_checksums(data_mp, assoc));
1850 		return (IPSEC_STATUS_SUCCESS);
1851 	}
1852 
1853 	esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n"));
1854 drop_and_bail:
1855 	IP_ESP_BUMP_STAT(ipss, in_discards);
1856 	/*
1857 	 * TODO: Extract inbound interface from the IPSEC_IN message's
1858 	 * ii->ipsec_in_rill_index.
1859 	 */
1860 	ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter,
1861 	    &espstack->esp_dropper);
1862 	return (IPSEC_STATUS_FAILED);
1863 }
1864 
1865 /*
1866  * Called upon failing the inbound ICV check. The message passed as
1867  * argument is freed.
1868  */
1869 static void
1870 esp_log_bad_auth(mblk_t *ipsec_in)
1871 {
1872 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr;
1873 	ipsa_t *assoc = ii->ipsec_in_esp_sa;
1874 	netstack_t	*ns = ii->ipsec_in_ns;
1875 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1876 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
1877 
1878 	/*
1879 	 * Log the event. Don't print to the console, block
1880 	 * potential denial-of-service attack.
1881 	 */
1882 	ESP_BUMP_STAT(espstack, bad_auth);
1883 
1884 	ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
1885 	    "ESP Authentication failed for spi 0x%x, dst %s.\n",
1886 	    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1887 	    espstack->ipsecesp_netstack);
1888 
1889 	IP_ESP_BUMP_STAT(ipss, in_discards);
1890 	/*
1891 	 * TODO: Extract inbound interface from the IPSEC_IN
1892 	 * message's ii->ipsec_in_rill_index.
1893 	 */
1894 	ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL,
1895 	    DROPPER(ipss, ipds_esp_bad_auth),
1896 	    &espstack->esp_dropper);
1897 }
1898 
1899 
1900 /*
1901  * Invoked for outbound packets after ESP processing. If the packet
1902  * also requires AH, performs the AH SA selection and AH processing.
1903  * Returns B_TRUE if the AH processing was not needed or if it was
1904  * performed successfully. Returns B_FALSE and consumes the passed mblk
1905  * if AH processing was required but could not be performed.
1906  */
1907 static boolean_t
1908 esp_do_outbound_ah(mblk_t *ipsec_mp)
1909 {
1910 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
1911 	ipsec_status_t ipsec_rc;
1912 	ipsec_action_t *ap;
1913 
1914 	ap = io->ipsec_out_act;
1915 	if (ap == NULL) {
1916 		ipsec_policy_t *pp = io->ipsec_out_policy;
1917 		ap = pp->ipsp_act;
1918 	}
1919 
1920 	if (!ap->ipa_want_ah)
1921 		return (B_TRUE);
1922 
1923 	ASSERT(io->ipsec_out_ah_done == B_FALSE);
1924 
1925 	if (io->ipsec_out_ah_sa == NULL) {
1926 		if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) {
1927 			sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE);
1928 			return (B_FALSE);
1929 		}
1930 	}
1931 	ASSERT(io->ipsec_out_ah_sa != NULL);
1932 
1933 	io->ipsec_out_ah_done = B_TRUE;
1934 	ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp);
1935 	return (ipsec_rc == IPSEC_STATUS_SUCCESS);
1936 }
1937 
1938 
1939 /*
1940  * Kernel crypto framework callback invoked after completion of async
1941  * crypto requests.
1942  */
1943 static void
1944 esp_kcf_callback(void *arg, int status)
1945 {
1946 	mblk_t *ipsec_mp = (mblk_t *)arg;
1947 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
1948 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
1949 	boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN);
1950 	netstackid_t	stackid;
1951 	netstack_t	*ns, *ns_arg;
1952 	ipsecesp_stack_t *espstack;
1953 	ipsec_stack_t	*ipss;
1954 
1955 	ASSERT(ipsec_mp->b_cont != NULL);
1956 
1957 	if (is_inbound) {
1958 		stackid = ii->ipsec_in_stackid;
1959 		ns_arg = ii->ipsec_in_ns;
1960 	} else {
1961 		stackid = io->ipsec_out_stackid;
1962 		ns_arg = io->ipsec_out_ns;
1963 	}
1964 
1965 	/*
1966 	 * Verify that the netstack is still around; could have vanished
1967 	 * while kEf was doing its work.
1968 	 */
1969 	ns = netstack_find_by_stackid(stackid);
1970 	if (ns == NULL || ns != ns_arg) {
1971 		/* Disappeared on us */
1972 		if (ns != NULL)
1973 			netstack_rele(ns);
1974 		freemsg(ipsec_mp);
1975 		return;
1976 	}
1977 
1978 	espstack = ns->netstack_ipsecesp;
1979 	ipss = ns->netstack_ipsec;
1980 
1981 	if (status == CRYPTO_SUCCESS) {
1982 		if (is_inbound) {
1983 			if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) {
1984 				netstack_rele(ns);
1985 				return;
1986 			}
1987 			/* finish IPsec processing */
1988 			ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL);
1989 		} else {
1990 			/*
1991 			 * If a ICV was computed, it was stored by the
1992 			 * crypto framework at the end of the packet.
1993 			 */
1994 			ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr;
1995 
1996 			esp_set_usetime(io->ipsec_out_esp_sa, B_FALSE);
1997 			/* NAT-T packet. */
1998 			if (ipha->ipha_protocol == IPPROTO_UDP)
1999 				esp_prepare_udp(ns, ipsec_mp->b_cont, ipha);
2000 
2001 			/* do AH processing if needed */
2002 			if (!esp_do_outbound_ah(ipsec_mp)) {
2003 				netstack_rele(ns);
2004 				return;
2005 			}
2006 			/* finish IPsec processing */
2007 			if (IPH_HDR_VERSION(ipha) == IP_VERSION) {
2008 				ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL,
2009 				    NULL);
2010 			} else {
2011 				ip6_t *ip6h = (ip6_t *)ipha;
2012 				ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h,
2013 				    NULL, NULL);
2014 			}
2015 		}
2016 
2017 	} else if (status == CRYPTO_INVALID_MAC) {
2018 		esp_log_bad_auth(ipsec_mp);
2019 
2020 	} else {
2021 		esp1dbg(espstack,
2022 		    ("esp_kcf_callback: crypto failed with 0x%x\n",
2023 		    status));
2024 		ESP_BUMP_STAT(espstack, crypto_failures);
2025 		if (is_inbound)
2026 			IP_ESP_BUMP_STAT(ipss, in_discards);
2027 		else
2028 			ESP_BUMP_STAT(espstack, out_discards);
2029 		ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL,
2030 		    DROPPER(ipss, ipds_esp_crypto_failed),
2031 		    &espstack->esp_dropper);
2032 	}
2033 	netstack_rele(ns);
2034 }
2035 
2036 /*
2037  * Invoked on crypto framework failure during inbound and outbound processing.
2038  */
2039 static void
2040 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc,
2041     ipsecesp_stack_t *espstack)
2042 {
2043 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2044 
2045 	esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n",
2046 	    is_inbound ? "inbound" : "outbound", kef_rc));
2047 	ip_drop_packet(mp, is_inbound, NULL, NULL,
2048 	    DROPPER(ipss, ipds_esp_crypto_failed),
2049 	    &espstack->esp_dropper);
2050 	ESP_BUMP_STAT(espstack, crypto_failures);
2051 	if (is_inbound)
2052 		IP_ESP_BUMP_STAT(ipss, in_discards);
2053 	else
2054 		ESP_BUMP_STAT(espstack, out_discards);
2055 }
2056 
2057 #define	ESP_INIT_CALLREQ(_cr) {						\
2058 	(_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED;		\
2059 	(_cr)->cr_callback_arg = ipsec_mp;				\
2060 	(_cr)->cr_callback_func = esp_kcf_callback;			\
2061 }
2062 
2063 #define	ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) {			\
2064 	(mac)->cd_format = CRYPTO_DATA_RAW;				\
2065 	(mac)->cd_offset = 0;						\
2066 	(mac)->cd_length = icvlen;					\
2067 	(mac)->cd_raw.iov_base = (char *)icvbuf;			\
2068 	(mac)->cd_raw.iov_len = icvlen;					\
2069 }
2070 
2071 #define	ESP_INIT_CRYPTO_DATA(data, mp, off, len) {			\
2072 	if (MBLKL(mp) >= (len) + (off)) {				\
2073 		(data)->cd_format = CRYPTO_DATA_RAW;			\
2074 		(data)->cd_raw.iov_base = (char *)(mp)->b_rptr;		\
2075 		(data)->cd_raw.iov_len = MBLKL(mp);			\
2076 		(data)->cd_offset = off;				\
2077 	} else {							\
2078 		(data)->cd_format = CRYPTO_DATA_MBLK;			\
2079 		(data)->cd_mp = mp;			       		\
2080 		(data)->cd_offset = off;				\
2081 	}								\
2082 	(data)->cd_length = len;					\
2083 }
2084 
2085 #define	ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) {	\
2086 	(data)->dd_format = CRYPTO_DATA_MBLK;				\
2087 	(data)->dd_mp = mp;						\
2088 	(data)->dd_len1 = len1;						\
2089 	(data)->dd_offset1 = off1;					\
2090 	(data)->dd_len2 = len2;						\
2091 	(data)->dd_offset2 = off2;					\
2092 }
2093 
2094 static ipsec_status_t
2095 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset)
2096 {
2097 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
2098 	boolean_t do_auth;
2099 	uint_t auth_offset, msg_len, auth_len;
2100 	crypto_call_req_t call_req;
2101 	mblk_t *esp_mp;
2102 	int kef_rc = CRYPTO_FAILED;
2103 	uint_t icv_len = assoc->ipsa_mac_len;
2104 	crypto_ctx_template_t auth_ctx_tmpl;
2105 	boolean_t do_encr;
2106 	uint_t encr_offset, encr_len;
2107 	uint_t iv_len = assoc->ipsa_iv_len;
2108 	crypto_ctx_template_t encr_ctx_tmpl;
2109 	netstack_t	*ns = ii->ipsec_in_ns;
2110 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2111 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
2112 
2113 	ASSERT(ii->ipsec_in_type == IPSEC_IN);
2114 
2115 	/*
2116 	 * In case kEF queues and calls back, keep netstackid_t for
2117 	 * verification that the IP instance is still around in
2118 	 * esp_kcf_callback().
2119 	 */
2120 	ii->ipsec_in_stackid = ns->netstack_stackid;
2121 
2122 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2123 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2124 
2125 	/*
2126 	 * An inbound packet is of the form:
2127 	 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad]
2128 	 */
2129 	esp_mp = ipsec_mp->b_cont;
2130 	msg_len = MBLKL(esp_mp);
2131 
2132 	ESP_INIT_CALLREQ(&call_req);
2133 
2134 	if (do_auth) {
2135 		/* force asynchronous processing? */
2136 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] ==
2137 		    IPSEC_ALGS_EXEC_ASYNC)
2138 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2139 
2140 		/* authentication context template */
2141 		IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2142 		    auth_ctx_tmpl);
2143 
2144 		/* ICV to be verified */
2145 		ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac,
2146 		    icv_len, esp_mp->b_wptr - icv_len);
2147 
2148 		/* authentication starts at the ESP header */
2149 		auth_offset = esph_offset;
2150 		auth_len = msg_len - auth_offset - icv_len;
2151 		if (!do_encr) {
2152 			/* authentication only */
2153 			/* initialize input data argument */
2154 			ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data,
2155 			    esp_mp, auth_offset, auth_len);
2156 
2157 			/* call the crypto framework */
2158 			kef_rc = crypto_mac_verify(&assoc->ipsa_amech,
2159 			    &ii->ipsec_in_crypto_data,
2160 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2161 			    &ii->ipsec_in_crypto_mac, &call_req);
2162 		}
2163 	}
2164 
2165 	if (do_encr) {
2166 		/* force asynchronous processing? */
2167 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
2168 		    IPSEC_ALGS_EXEC_ASYNC)
2169 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2170 
2171 		/* encryption template */
2172 		IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2173 		    encr_ctx_tmpl);
2174 
2175 		/* skip IV, since it is passed separately */
2176 		encr_offset = esph_offset + sizeof (esph_t) + iv_len;
2177 		encr_len = msg_len - encr_offset;
2178 
2179 		if (!do_auth) {
2180 			/* decryption only */
2181 			/* initialize input data argument */
2182 			ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data,
2183 			    esp_mp, encr_offset, encr_len);
2184 
2185 			/* specify IV */
2186 			ii->ipsec_in_crypto_data.cd_miscdata =
2187 			    (char *)esp_mp->b_rptr + sizeof (esph_t) +
2188 			    esph_offset;
2189 
2190 			/* call the crypto framework */
2191 			kef_rc = crypto_decrypt(&assoc->ipsa_emech,
2192 			    &ii->ipsec_in_crypto_data,
2193 			    &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2194 			    NULL, &call_req);
2195 		}
2196 	}
2197 
2198 	if (do_auth && do_encr) {
2199 		/* dual operation */
2200 		/* initialize input data argument */
2201 		ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data,
2202 		    esp_mp, auth_offset, auth_len,
2203 		    encr_offset, encr_len - icv_len);
2204 
2205 		/* specify IV */
2206 		ii->ipsec_in_crypto_dual_data.dd_miscdata =
2207 		    (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset;
2208 
2209 		/* call the framework */
2210 		kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech,
2211 		    &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data,
2212 		    &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey,
2213 		    auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac,
2214 		    NULL, &call_req);
2215 	}
2216 
2217 	switch (kef_rc) {
2218 	case CRYPTO_SUCCESS:
2219 		ESP_BUMP_STAT(espstack, crypto_sync);
2220 		return (esp_in_done(ipsec_mp));
2221 	case CRYPTO_QUEUED:
2222 		/* esp_kcf_callback() will be invoked on completion */
2223 		ESP_BUMP_STAT(espstack, crypto_async);
2224 		return (IPSEC_STATUS_PENDING);
2225 	case CRYPTO_INVALID_MAC:
2226 		ESP_BUMP_STAT(espstack, crypto_sync);
2227 		esp_log_bad_auth(ipsec_mp);
2228 		return (IPSEC_STATUS_FAILED);
2229 	}
2230 
2231 	esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack);
2232 	return (IPSEC_STATUS_FAILED);
2233 }
2234 
2235 /*
2236  * Compute the IP and UDP checksums -- common code for both keepalives and
2237  * actual ESP-in-UDP packets.  Be flexible with multiple mblks because ESP
2238  * uses mblk-insertion to insert the UDP header.
2239  * TODO - If there is an easy way to prep a packet for HW checksums, make
2240  * it happen here.
2241  */
2242 static void
2243 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha)
2244 {
2245 	int offset;
2246 	uint32_t cksum;
2247 	uint16_t *arr;
2248 	mblk_t *udpmp = mp;
2249 	uint_t hlen = IPH_HDR_LENGTH(ipha);
2250 
2251 	ASSERT(MBLKL(mp) >= sizeof (ipha_t));
2252 
2253 	ipha->ipha_hdr_checksum = 0;
2254 	ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
2255 
2256 	if (ns->netstack_udp->us_do_checksum) {
2257 		ASSERT(MBLKL(udpmp) >= sizeof (udpha_t));
2258 		/* arr points to the IP header. */
2259 		arr = (uint16_t *)ipha;
2260 		IP_STAT(ns->netstack_ip, ip_out_sw_cksum);
2261 		IP_STAT_UPDATE(ns->netstack_ip, ip_udp_out_sw_cksum_bytes,
2262 		    ntohs(htons(ipha->ipha_length) - hlen));
2263 		/* arr[6-9] are the IP addresses. */
2264 		cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] +
2265 		    ntohs(htons(ipha->ipha_length) - hlen);
2266 		cksum = IP_CSUM(mp, hlen, cksum);
2267 		offset = hlen + UDP_CHECKSUM_OFFSET;
2268 		while (offset >= MBLKL(udpmp)) {
2269 			offset -= MBLKL(udpmp);
2270 			udpmp = udpmp->b_cont;
2271 		}
2272 		/* arr points to the UDP header's checksum field. */
2273 		arr = (uint16_t *)(udpmp->b_rptr + offset);
2274 		*arr = cksum;
2275 	}
2276 }
2277 
2278 /*
2279  * Send a one-byte UDP NAT-T keepalive.  Construct an IPSEC_OUT too that'll
2280  * get fed into esp_send_udp/ip_wput_ipsec_out.
2281  */
2282 void
2283 ipsecesp_send_keepalive(ipsa_t *assoc)
2284 {
2285 	mblk_t *mp = NULL, *ipsec_mp = NULL;
2286 	ipha_t *ipha;
2287 	udpha_t *udpha;
2288 	ipsec_out_t *io;
2289 
2290 	ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock));
2291 
2292 	mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI);
2293 	if (mp == NULL)
2294 		return;
2295 	ipha = (ipha_t *)mp->b_rptr;
2296 	ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION;
2297 	ipha->ipha_type_of_service = 0;
2298 	ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1);
2299 	/* Use the low-16 of the SPI so we have some clue where it came from. */
2300 	ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1);
2301 	ipha->ipha_fragment_offset_and_flags = 0;  /* Too small to fragment! */
2302 	ipha->ipha_ttl = 0xFF;
2303 	ipha->ipha_protocol = IPPROTO_UDP;
2304 	ipha->ipha_hdr_checksum = 0;
2305 	ipha->ipha_src = assoc->ipsa_srcaddr[0];
2306 	ipha->ipha_dst = assoc->ipsa_dstaddr[0];
2307 	udpha = (udpha_t *)(ipha + 1);
2308 	udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2309 	    assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2310 	udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2311 	    assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
2312 	udpha->uha_length = htons(sizeof (udpha_t) + 1);
2313 	udpha->uha_checksum = 0;
2314 	mp->b_wptr = (uint8_t *)(udpha + 1);
2315 	*(mp->b_wptr++) = 0xFF;
2316 
2317 	ipsec_mp = ipsec_alloc_ipsec_out(assoc->ipsa_netstack);
2318 	if (ipsec_mp == NULL) {
2319 		freeb(mp);
2320 		return;
2321 	}
2322 	ipsec_mp->b_cont = mp;
2323 	io = (ipsec_out_t *)ipsec_mp->b_rptr;
2324 	io->ipsec_out_zoneid =
2325 	    netstackid_to_zoneid(assoc->ipsa_netstack->netstack_stackid);
2326 
2327 	esp_prepare_udp(assoc->ipsa_netstack, mp, ipha);
2328 	ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, NULL);
2329 }
2330 
2331 static ipsec_status_t
2332 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf,
2333     uint_t payload_len)
2334 {
2335 	ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
2336 	uint_t auth_len;
2337 	crypto_call_req_t call_req;
2338 	mblk_t *esp_mp;
2339 	int kef_rc = CRYPTO_FAILED;
2340 	uint_t icv_len = assoc->ipsa_mac_len;
2341 	crypto_ctx_template_t auth_ctx_tmpl;
2342 	boolean_t do_auth;
2343 	boolean_t do_encr;
2344 	uint_t iv_len = assoc->ipsa_iv_len;
2345 	crypto_ctx_template_t encr_ctx_tmpl;
2346 	boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
2347 	size_t esph_offset = (is_natt ? UDPH_SIZE : 0);
2348 	netstack_t	*ns = io->ipsec_out_ns;
2349 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2350 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
2351 
2352 	esp3dbg(espstack, ("esp_submit_req_outbound:%s",
2353 	    is_natt ? "natt" : "not natt"));
2354 
2355 	ASSERT(io->ipsec_out_type == IPSEC_OUT);
2356 
2357 	/*
2358 	 * In case kEF queues and calls back, keep netstackid_t for
2359 	 * verification that the IP instance is still around in
2360 	 * esp_kcf_callback().
2361 	 */
2362 	io->ipsec_out_stackid = ns->netstack_stackid;
2363 
2364 	do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2365 	do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2366 
2367 	/*
2368 	 * Outbound IPsec packets are of the form:
2369 	 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
2370 	 * unless it's NATT, then it's
2371 	 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
2372 	 * Get a pointer to the mblk containing the ESP header.
2373 	 */
2374 	ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL);
2375 	esp_mp = ipsec_mp->b_cont->b_cont;
2376 
2377 	ESP_INIT_CALLREQ(&call_req);
2378 
2379 	if (do_auth) {
2380 		/* force asynchronous processing? */
2381 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] ==
2382 		    IPSEC_ALGS_EXEC_ASYNC)
2383 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2384 
2385 		/* authentication context template */
2386 		IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2387 		    auth_ctx_tmpl);
2388 
2389 		/* where to store the computed mac */
2390 		ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac,
2391 		    icv_len, icv_buf);
2392 
2393 		/* authentication starts at the ESP header */
2394 		auth_len = payload_len + iv_len + sizeof (esph_t);
2395 		if (!do_encr) {
2396 			/* authentication only */
2397 			/* initialize input data argument */
2398 			ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data,
2399 			    esp_mp, esph_offset, auth_len);
2400 
2401 			/* call the crypto framework */
2402 			kef_rc = crypto_mac(&assoc->ipsa_amech,
2403 			    &io->ipsec_out_crypto_data,
2404 			    &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2405 			    &io->ipsec_out_crypto_mac, &call_req);
2406 		}
2407 	}
2408 
2409 	if (do_encr) {
2410 		/* force asynchronous processing? */
2411 		if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] ==
2412 		    IPSEC_ALGS_EXEC_ASYNC)
2413 			call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE;
2414 
2415 		/* encryption context template */
2416 		IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2417 		    encr_ctx_tmpl);
2418 
2419 		if (!do_auth) {
2420 			/* encryption only, skip mblk that contains ESP hdr */
2421 			/* initialize input data argument */
2422 			ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data,
2423 			    esp_mp->b_cont, 0, payload_len);
2424 
2425 			/* specify IV */
2426 			io->ipsec_out_crypto_data.cd_miscdata =
2427 			    (char *)esp_mp->b_rptr + sizeof (esph_t) +
2428 			    esph_offset;
2429 
2430 			/* call the crypto framework */
2431 			kef_rc = crypto_encrypt(&assoc->ipsa_emech,
2432 			    &io->ipsec_out_crypto_data,
2433 			    &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2434 			    NULL, &call_req);
2435 		}
2436 	}
2437 
2438 	if (do_auth && do_encr) {
2439 		/*
2440 		 * Encryption and authentication:
2441 		 * Pass the pointer to the mblk chain starting at the ESP
2442 		 * header to the framework. Skip the ESP header mblk
2443 		 * for encryption, which is reflected by an encryption
2444 		 * offset equal to the length of that mblk. Start
2445 		 * the authentication at the ESP header, i.e. use an
2446 		 * authentication offset of zero.
2447 		 */
2448 		ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data,
2449 		    esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len);
2450 
2451 		/* specify IV */
2452 		io->ipsec_out_crypto_dual_data.dd_miscdata =
2453 		    (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset;
2454 
2455 		/* call the framework */
2456 		kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech,
2457 		    &assoc->ipsa_amech, NULL,
2458 		    &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey,
2459 		    encr_ctx_tmpl, auth_ctx_tmpl,
2460 		    &io->ipsec_out_crypto_dual_data,
2461 		    &io->ipsec_out_crypto_mac, &call_req);
2462 	}
2463 
2464 	switch (kef_rc) {
2465 	case CRYPTO_SUCCESS:
2466 		ESP_BUMP_STAT(espstack, crypto_sync);
2467 		esp_set_usetime(assoc, B_FALSE);
2468 		if (is_natt)
2469 			esp_prepare_udp(ns, ipsec_mp->b_cont,
2470 			    (ipha_t *)ipsec_mp->b_cont->b_rptr);
2471 		return (IPSEC_STATUS_SUCCESS);
2472 	case CRYPTO_QUEUED:
2473 		/* esp_kcf_callback() will be invoked on completion */
2474 		ESP_BUMP_STAT(espstack, crypto_async);
2475 		return (IPSEC_STATUS_PENDING);
2476 	}
2477 
2478 	esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack);
2479 	return (IPSEC_STATUS_FAILED);
2480 }
2481 
2482 /*
2483  * Handle outbound IPsec processing for IPv4 and IPv6
2484  * On success returns B_TRUE, on failure returns B_FALSE and frees the
2485  * mblk chain ipsec_in_mp.
2486  */
2487 static ipsec_status_t
2488 esp_outbound(mblk_t *mp)
2489 {
2490 	mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp;
2491 	ipsec_out_t *io;
2492 	ipha_t *ipha;
2493 	ip6_t *ip6h;
2494 	esph_t *esph;
2495 	uint_t af;
2496 	uint8_t *nhp;
2497 	uintptr_t divpoint, datalen, adj, padlen, i, alloclen;
2498 	uintptr_t esplen = sizeof (esph_t);
2499 	uint8_t protocol;
2500 	ipsa_t *assoc;
2501 	uint_t iv_len, mac_len = 0;
2502 	uchar_t *icv_buf;
2503 	udpha_t *udpha;
2504 	boolean_t is_natt = B_FALSE;
2505 	netstack_t	*ns;
2506 	ipsecesp_stack_t *espstack;
2507 	ipsec_stack_t	*ipss;
2508 
2509 	ipsec_out_mp = mp;
2510 	data_mp = ipsec_out_mp->b_cont;
2511 
2512 	io = (ipsec_out_t *)ipsec_out_mp->b_rptr;
2513 	ns = io->ipsec_out_ns;
2514 	espstack = ns->netstack_ipsecesp;
2515 	ipss = ns->netstack_ipsec;
2516 
2517 	ESP_BUMP_STAT(espstack, out_requests);
2518 
2519 	/*
2520 	 * <sigh> We have to copy the message here, because TCP (for example)
2521 	 * keeps a dupb() of the message lying around for retransmission.
2522 	 * Since ESP changes the whole of the datagram, we have to create our
2523 	 * own copy lest we clobber TCP's data.  Since we have to copy anyway,
2524 	 * we might as well make use of msgpullup() and get the mblk into one
2525 	 * contiguous piece!
2526 	 */
2527 	ipsec_out_mp->b_cont = msgpullup(data_mp, -1);
2528 	if (ipsec_out_mp->b_cont == NULL) {
2529 		esp0dbg(("esp_outbound: msgpullup() failed, "
2530 		    "dropping packet.\n"));
2531 		ipsec_out_mp->b_cont = data_mp;
2532 		/*
2533 		 * TODO:  Find the outbound IRE for this packet and
2534 		 * pass it to ip_drop_packet().
2535 		 */
2536 		ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL,
2537 		    DROPPER(ipss, ipds_esp_nomem),
2538 		    &espstack->esp_dropper);
2539 		return (IPSEC_STATUS_FAILED);
2540 	} else {
2541 		freemsg(data_mp);
2542 		data_mp = ipsec_out_mp->b_cont;
2543 	}
2544 
2545 	/*
2546 	 * Reality check....
2547 	 */
2548 
2549 	ipha = (ipha_t *)data_mp->b_rptr;  /* So we can call esp_acquire(). */
2550 
2551 	if (io->ipsec_out_v4) {
2552 		af = AF_INET;
2553 		divpoint = IPH_HDR_LENGTH(ipha);
2554 		datalen = ntohs(ipha->ipha_length) - divpoint;
2555 		nhp = (uint8_t *)&ipha->ipha_protocol;
2556 	} else {
2557 		ip6_pkt_t ipp;
2558 
2559 		af = AF_INET6;
2560 		ip6h = (ip6_t *)ipha;
2561 		bzero(&ipp, sizeof (ipp));
2562 		divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL);
2563 		if (ipp.ipp_dstopts != NULL &&
2564 		    ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) {
2565 			/*
2566 			 * Destination options are tricky.  If we get in here,
2567 			 * then we have a terminal header following the
2568 			 * destination options.  We need to adjust backwards
2569 			 * so we insert ESP BEFORE the destination options
2570 			 * bag.  (So that the dstopts get encrypted!)
2571 			 *
2572 			 * Since this is for outbound packets only, we know
2573 			 * that non-terminal destination options only precede
2574 			 * routing headers.
2575 			 */
2576 			divpoint -= ipp.ipp_dstoptslen;
2577 		}
2578 		datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint;
2579 
2580 		if (ipp.ipp_rthdr != NULL) {
2581 			nhp = &ipp.ipp_rthdr->ip6r_nxt;
2582 		} else if (ipp.ipp_hopopts != NULL) {
2583 			nhp = &ipp.ipp_hopopts->ip6h_nxt;
2584 		} else {
2585 			ASSERT(divpoint == sizeof (ip6_t));
2586 			/* It's probably IP + ESP. */
2587 			nhp = &ip6h->ip6_nxt;
2588 		}
2589 	}
2590 	assoc = io->ipsec_out_esp_sa;
2591 	ASSERT(assoc != NULL);
2592 
2593 	if (assoc->ipsa_auth_alg != SADB_AALG_NONE)
2594 		mac_len = assoc->ipsa_mac_len;
2595 
2596 	if (assoc->ipsa_flags & IPSA_F_NATT) {
2597 		/* wedge in fake UDP */
2598 		is_natt = B_TRUE;
2599 		esplen += UDPH_SIZE;
2600 	}
2601 
2602 	/*
2603 	 * Set up ESP header and encryption padding for ENCR PI request.
2604 	 */
2605 
2606 	/* Determine the padding length.  Pad to 4-bytes for no-encryption. */
2607 	if (assoc->ipsa_encr_alg != SADB_EALG_NULL) {
2608 		iv_len = assoc->ipsa_iv_len;
2609 
2610 		/*
2611 		 * Include the two additional bytes (hence the - 2) for the
2612 		 * padding length and the next header.  Take this into account
2613 		 * when calculating the actual length of the padding.
2614 		 */
2615 		ASSERT(ISP2(iv_len));
2616 		padlen = ((unsigned)(iv_len - datalen - 2)) & (iv_len - 1);
2617 	} else {
2618 		iv_len = 0;
2619 		padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) &
2620 		    (sizeof (uint32_t) - 1);
2621 	}
2622 
2623 	/* Allocate ESP header and IV. */
2624 	esplen += iv_len;
2625 
2626 	/*
2627 	 * Update association byte-count lifetimes.  Don't forget to take
2628 	 * into account the padding length and next-header (hence the + 2).
2629 	 *
2630 	 * Use the amount of data fed into the "encryption algorithm".  This
2631 	 * is the IV, the data length, the padding length, and the final two
2632 	 * bytes (padlen, and next-header).
2633 	 *
2634 	 */
2635 
2636 	if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) {
2637 		/*
2638 		 * TODO:  Find the outbound IRE for this packet and
2639 		 * pass it to ip_drop_packet().
2640 		 */
2641 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2642 		    DROPPER(ipss, ipds_esp_bytes_expire),
2643 		    &espstack->esp_dropper);
2644 		return (IPSEC_STATUS_FAILED);
2645 	}
2646 
2647 	espmp = allocb(esplen, BPRI_HI);
2648 	if (espmp == NULL) {
2649 		ESP_BUMP_STAT(espstack, out_discards);
2650 		esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n"));
2651 		/*
2652 		 * TODO:  Find the outbound IRE for this packet and
2653 		 * pass it to ip_drop_packet().
2654 		 */
2655 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2656 		    DROPPER(ipss, ipds_esp_nomem),
2657 		    &espstack->esp_dropper);
2658 		return (IPSEC_STATUS_FAILED);
2659 	}
2660 	espmp->b_wptr += esplen;
2661 	esph = (esph_t *)espmp->b_rptr;
2662 
2663 	if (is_natt) {
2664 		esp3dbg(espstack, ("esp_outbound: NATT"));
2665 
2666 		udpha = (udpha_t *)espmp->b_rptr;
2667 		udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2668 		    assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2669 		udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2670 		    assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
2671 		/*
2672 		 * Set the checksum to 0, so that the esp_prepare_udp() call
2673 		 * can do the right thing.
2674 		 */
2675 		udpha->uha_checksum = 0;
2676 		esph = (esph_t *)(udpha + 1);
2677 	}
2678 
2679 	esph->esph_spi = assoc->ipsa_spi;
2680 
2681 	esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1));
2682 	if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2683 		/*
2684 		 * XXX We have replay counter wrapping.
2685 		 * We probably want to nuke this SA (and its peer).
2686 		 */
2687 		ipsec_assocfailure(info.mi_idnum, 0, 0,
2688 		    SL_ERROR | SL_CONSOLE | SL_WARN,
2689 		    "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n",
2690 		    esph->esph_spi, assoc->ipsa_dstaddr, af,
2691 		    espstack->ipsecesp_netstack);
2692 
2693 		ESP_BUMP_STAT(espstack, out_discards);
2694 		sadb_replay_delete(assoc);
2695 		/*
2696 		 * TODO:  Find the outbound IRE for this packet and
2697 		 * pass it to ip_drop_packet().
2698 		 */
2699 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2700 		    DROPPER(ipss, ipds_esp_replay),
2701 		    &espstack->esp_dropper);
2702 		return (IPSEC_STATUS_FAILED);
2703 	}
2704 
2705 	/*
2706 	 * Set the IV to a random quantity.  We do not require the
2707 	 * highest quality random bits, but for best security with CBC
2708 	 * mode ciphers, the value must be unlikely to repeat and also
2709 	 * must not be known in advance to an adversary capable of
2710 	 * influencing the plaintext.
2711 	 */
2712 	(void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len);
2713 
2714 	/* Fix the IP header. */
2715 	alloclen = padlen + 2 + mac_len;
2716 	adj = alloclen + (espmp->b_wptr - espmp->b_rptr);
2717 
2718 	protocol = *nhp;
2719 
2720 	if (io->ipsec_out_v4) {
2721 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj);
2722 		if (is_natt) {
2723 			*nhp = IPPROTO_UDP;
2724 			udpha->uha_length = htons(ntohs(ipha->ipha_length) -
2725 			    IPH_HDR_LENGTH(ipha));
2726 		} else {
2727 			*nhp = IPPROTO_ESP;
2728 		}
2729 		ipha->ipha_hdr_checksum = 0;
2730 		ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
2731 	} else {
2732 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj);
2733 		*nhp = IPPROTO_ESP;
2734 	}
2735 
2736 	/* I've got the two ESP mblks, now insert them. */
2737 
2738 	esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n"));
2739 	esp2dbg(espstack, (dump_msg(data_mp)));
2740 
2741 	if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) {
2742 		ESP_BUMP_STAT(espstack, out_discards);
2743 		/* NOTE:  esp_insert_esp() only fails if there's no memory. */
2744 		/*
2745 		 * TODO:  Find the outbound IRE for this packet and
2746 		 * pass it to ip_drop_packet().
2747 		 */
2748 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
2749 		    DROPPER(ipss, ipds_esp_nomem),
2750 		    &espstack->esp_dropper);
2751 		freeb(espmp);
2752 		return (IPSEC_STATUS_FAILED);
2753 	}
2754 
2755 	/* Append padding (and leave room for ICV). */
2756 	for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont)
2757 		;
2758 	if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) {
2759 		tailmp->b_cont = allocb(alloclen, BPRI_HI);
2760 		if (tailmp->b_cont == NULL) {
2761 			ESP_BUMP_STAT(espstack, out_discards);
2762 			esp0dbg(("esp_outbound:  Can't allocate tailmp.\n"));
2763 			/*
2764 			 * TODO:  Find the outbound IRE for this packet and
2765 			 * pass it to ip_drop_packet().
2766 			 */
2767 			ip_drop_packet(mp, B_FALSE, NULL, NULL,
2768 			    DROPPER(ipss, ipds_esp_nomem),
2769 			    &espstack->esp_dropper);
2770 			return (IPSEC_STATUS_FAILED);
2771 		}
2772 		tailmp = tailmp->b_cont;
2773 	}
2774 
2775 	/*
2776 	 * If there's padding, N bytes of padding must be of the form 0x1,
2777 	 * 0x2, 0x3... 0xN.
2778 	 */
2779 	for (i = 0; i < padlen; ) {
2780 		i++;
2781 		*tailmp->b_wptr++ = i;
2782 	}
2783 	*tailmp->b_wptr++ = i;
2784 	*tailmp->b_wptr++ = protocol;
2785 
2786 	esp2dbg(espstack, ("data_Mp before encryption:\n"));
2787 	esp2dbg(espstack, (dump_msg(data_mp)));
2788 
2789 	/*
2790 	 * The packet is eligible for hardware acceleration if the
2791 	 * following conditions are satisfied:
2792 	 *
2793 	 * 1. the packet will not be fragmented
2794 	 * 2. the provider supports the algorithms specified by SA
2795 	 * 3. there is no pending control message being exchanged
2796 	 * 4. snoop is not attached
2797 	 * 5. the destination address is not a multicast address
2798 	 *
2799 	 * All five of these conditions are checked by IP prior to
2800 	 * sending the packet to ESP.
2801 	 *
2802 	 * But We, and We Alone, can, nay MUST check if the packet
2803 	 * is over NATT, and then disqualify it from hardware
2804 	 * acceleration.
2805 	 */
2806 
2807 	if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) {
2808 		return (esp_outbound_accelerated(ipsec_out_mp, mac_len));
2809 	}
2810 	ESP_BUMP_STAT(espstack, noaccel);
2811 
2812 	/*
2813 	 * Okay.  I've set up the pre-encryption ESP.  Let's do it!
2814 	 */
2815 
2816 	if (mac_len > 0) {
2817 		ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim);
2818 		icv_buf = tailmp->b_wptr;
2819 		tailmp->b_wptr += mac_len;
2820 	} else {
2821 		icv_buf = NULL;
2822 	}
2823 
2824 	return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf,
2825 	    datalen + padlen + 2));
2826 }
2827 
2828 /*
2829  * IP calls this to validate the ICMP errors that
2830  * we got from the network.
2831  */
2832 ipsec_status_t
2833 ipsecesp_icmp_error(mblk_t *ipsec_mp)
2834 {
2835 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr;
2836 	boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN);
2837 	netstack_t	*ns;
2838 	ipsecesp_stack_t *espstack;
2839 	ipsec_stack_t	*ipss;
2840 
2841 	if (is_inbound) {
2842 		ns = ii->ipsec_in_ns;
2843 	} else {
2844 		ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr;
2845 
2846 		ns = io->ipsec_out_ns;
2847 	}
2848 	espstack = ns->netstack_ipsecesp;
2849 	ipss = ns->netstack_ipsec;
2850 
2851 	/*
2852 	 * Unless we get an entire packet back, this function is useless.
2853 	 * Why?
2854 	 *
2855 	 * 1.)	Partial packets are useless, because the "next header"
2856 	 *	is at the end of the decrypted ESP packet.  Without the
2857 	 *	whole packet, this is useless.
2858 	 *
2859 	 * 2.)	If we every use a stateful cipher, such as a stream or a
2860 	 *	one-time pad, we can't do anything.
2861 	 *
2862 	 * Since the chances of us getting an entire packet back are very
2863 	 * very small, we discard here.
2864 	 */
2865 	IP_ESP_BUMP_STAT(ipss, in_discards);
2866 	ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL,
2867 	    DROPPER(ipss, ipds_esp_icmp),
2868 	    &espstack->esp_dropper);
2869 	return (IPSEC_STATUS_FAILED);
2870 }
2871 
2872 /*
2873  * ESP module read put routine.
2874  */
2875 /* ARGSUSED */
2876 static void
2877 ipsecesp_rput(queue_t *q, mblk_t *mp)
2878 {
2879 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
2880 
2881 	ASSERT(mp->b_datap->db_type != M_CTL);	/* No more IRE_DB_REQ. */
2882 
2883 	switch (mp->b_datap->db_type) {
2884 	case M_PROTO:
2885 	case M_PCPROTO:
2886 		/* TPI message of some sort. */
2887 		switch (*((t_scalar_t *)mp->b_rptr)) {
2888 		case T_BIND_ACK:
2889 			esp3dbg(espstack,
2890 			    ("Thank you IP from ESP for T_BIND_ACK\n"));
2891 			break;
2892 		case T_ERROR_ACK:
2893 			cmn_err(CE_WARN,
2894 			    "ipsecesp:  ESP received T_ERROR_ACK from IP.");
2895 			/*
2896 			 * Make esp_sadb.s_ip_q NULL, and in the
2897 			 * future, perhaps try again.
2898 			 */
2899 			espstack->esp_sadb.s_ip_q = NULL;
2900 			break;
2901 		case T_OK_ACK:
2902 			/* Probably from a (rarely sent) T_UNBIND_REQ. */
2903 			break;
2904 		default:
2905 			esp0dbg(("Unknown M_{,PC}PROTO message.\n"));
2906 		}
2907 		freemsg(mp);
2908 		break;
2909 	default:
2910 		/* For now, passthru message. */
2911 		esp2dbg(espstack, ("ESP got unknown mblk type %d.\n",
2912 		    mp->b_datap->db_type));
2913 		putnext(q, mp);
2914 	}
2915 }
2916 
2917 /*
2918  * Construct an SADB_REGISTER message with the current algorithms.
2919  */
2920 static boolean_t
2921 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial,
2922     ipsecesp_stack_t *espstack)
2923 {
2924 	mblk_t *pfkey_msg_mp, *keysock_out_mp;
2925 	sadb_msg_t *samsg;
2926 	sadb_supported_t *sasupp_auth = NULL;
2927 	sadb_supported_t *sasupp_encr = NULL;
2928 	sadb_alg_t *saalg;
2929 	uint_t allocsize = sizeof (*samsg);
2930 	uint_t i, numalgs_snap;
2931 	int current_aalgs;
2932 	ipsec_alginfo_t **authalgs;
2933 	uint_t num_aalgs;
2934 	int current_ealgs;
2935 	ipsec_alginfo_t **encralgs;
2936 	uint_t num_ealgs;
2937 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2938 
2939 	/* Allocate the KEYSOCK_OUT. */
2940 	keysock_out_mp = sadb_keysock_out(serial);
2941 	if (keysock_out_mp == NULL) {
2942 		esp0dbg(("esp_register_out: couldn't allocate mblk.\n"));
2943 		return (B_FALSE);
2944 	}
2945 
2946 	/*
2947 	 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
2948 	 */
2949 
2950 	mutex_enter(&ipss->ipsec_alg_lock);
2951 
2952 	/*
2953 	 * Fill SADB_REGISTER message's algorithm descriptors.  Hold
2954 	 * down the lock while filling it.
2955 	 *
2956 	 * Return only valid algorithms, so the number of algorithms
2957 	 * to send up may be less than the number of algorithm entries
2958 	 * in the table.
2959 	 */
2960 	authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH];
2961 	for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
2962 		if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
2963 			num_aalgs++;
2964 
2965 	if (num_aalgs != 0) {
2966 		allocsize += (num_aalgs * sizeof (*saalg));
2967 		allocsize += sizeof (*sasupp_auth);
2968 	}
2969 	encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR];
2970 	for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
2971 		if (encralgs[i] != NULL && ALG_VALID(encralgs[i]))
2972 			num_ealgs++;
2973 
2974 	if (num_ealgs != 0) {
2975 		allocsize += (num_ealgs * sizeof (*saalg));
2976 		allocsize += sizeof (*sasupp_encr);
2977 	}
2978 	keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI);
2979 	if (keysock_out_mp->b_cont == NULL) {
2980 		mutex_exit(&ipss->ipsec_alg_lock);
2981 		freemsg(keysock_out_mp);
2982 		return (B_FALSE);
2983 	}
2984 
2985 	pfkey_msg_mp = keysock_out_mp->b_cont;
2986 	pfkey_msg_mp->b_wptr += allocsize;
2987 	if (num_aalgs != 0) {
2988 		sasupp_auth = (sadb_supported_t *)
2989 		    (pfkey_msg_mp->b_rptr + sizeof (*samsg));
2990 		saalg = (sadb_alg_t *)(sasupp_auth + 1);
2991 
2992 		ASSERT(((ulong_t)saalg & 0x7) == 0);
2993 
2994 		numalgs_snap = 0;
2995 		for (i = 0;
2996 		    ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs));
2997 		    i++) {
2998 			if (authalgs[i] == NULL || !ALG_VALID(authalgs[i]))
2999 				continue;
3000 
3001 			saalg->sadb_alg_id = authalgs[i]->alg_id;
3002 			saalg->sadb_alg_ivlen = 0;
3003 			saalg->sadb_alg_minbits	= authalgs[i]->alg_ef_minbits;
3004 			saalg->sadb_alg_maxbits	= authalgs[i]->alg_ef_maxbits;
3005 			saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default;
3006 			saalg->sadb_x_alg_increment =
3007 			    authalgs[i]->alg_increment;
3008 			numalgs_snap++;
3009 			saalg++;
3010 		}
3011 		ASSERT(numalgs_snap == num_aalgs);
3012 #ifdef DEBUG
3013 		/*
3014 		 * Reality check to make sure I snagged all of the
3015 		 * algorithms.
3016 		 */
3017 		for (; i < IPSEC_MAX_ALGS; i++) {
3018 			if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) {
3019 				cmn_err(CE_PANIC, "esp_register_out()! "
3020 				    "Missed aalg #%d.\n", i);
3021 			}
3022 		}
3023 #endif /* DEBUG */
3024 	} else {
3025 		saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg));
3026 	}
3027 
3028 	if (num_ealgs != 0) {
3029 		sasupp_encr = (sadb_supported_t *)saalg;
3030 		saalg = (sadb_alg_t *)(sasupp_encr + 1);
3031 
3032 		numalgs_snap = 0;
3033 		for (i = 0;
3034 		    ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) {
3035 			if (encralgs[i] == NULL || !ALG_VALID(encralgs[i]))
3036 				continue;
3037 			saalg->sadb_alg_id = encralgs[i]->alg_id;
3038 			saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen;
3039 			saalg->sadb_alg_minbits	= encralgs[i]->alg_ef_minbits;
3040 			saalg->sadb_alg_maxbits	= encralgs[i]->alg_ef_maxbits;
3041 			saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default;
3042 			saalg->sadb_x_alg_increment =
3043 			    encralgs[i]->alg_increment;
3044 			numalgs_snap++;
3045 			saalg++;
3046 		}
3047 		ASSERT(numalgs_snap == num_ealgs);
3048 #ifdef DEBUG
3049 		/*
3050 		 * Reality check to make sure I snagged all of the
3051 		 * algorithms.
3052 		 */
3053 		for (; i < IPSEC_MAX_ALGS; i++) {
3054 			if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) {
3055 				cmn_err(CE_PANIC, "esp_register_out()! "
3056 				    "Missed ealg #%d.\n", i);
3057 			}
3058 		}
3059 #endif /* DEBUG */
3060 	}
3061 
3062 	current_aalgs = num_aalgs;
3063 	current_ealgs = num_ealgs;
3064 
3065 	mutex_exit(&ipss->ipsec_alg_lock);
3066 
3067 	/* Now fill the rest of the SADB_REGISTER message. */
3068 
3069 	samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr;
3070 	samsg->sadb_msg_version = PF_KEY_V2;
3071 	samsg->sadb_msg_type = SADB_REGISTER;
3072 	samsg->sadb_msg_errno = 0;
3073 	samsg->sadb_msg_satype = SADB_SATYPE_ESP;
3074 	samsg->sadb_msg_len = SADB_8TO64(allocsize);
3075 	samsg->sadb_msg_reserved = 0;
3076 	/*
3077 	 * Assume caller has sufficient sequence/pid number info.  If it's one
3078 	 * from me over a new alg., I could give two hoots about sequence.
3079 	 */
3080 	samsg->sadb_msg_seq = sequence;
3081 	samsg->sadb_msg_pid = pid;
3082 
3083 	if (sasupp_auth != NULL) {
3084 		sasupp_auth->sadb_supported_len = SADB_8TO64(
3085 		    sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs);
3086 		sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
3087 		sasupp_auth->sadb_supported_reserved = 0;
3088 	}
3089 
3090 	if (sasupp_encr != NULL) {
3091 		sasupp_encr->sadb_supported_len = SADB_8TO64(
3092 		    sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs);
3093 		sasupp_encr->sadb_supported_exttype =
3094 		    SADB_EXT_SUPPORTED_ENCRYPT;
3095 		sasupp_encr->sadb_supported_reserved = 0;
3096 	}
3097 
3098 	if (espstack->esp_pfkey_q != NULL)
3099 		putnext(espstack->esp_pfkey_q, keysock_out_mp);
3100 	else {
3101 		freemsg(keysock_out_mp);
3102 		return (B_FALSE);
3103 	}
3104 
3105 	return (B_TRUE);
3106 }
3107 
3108 /*
3109  * Invoked when the algorithm table changes. Causes SADB_REGISTER
3110  * messages continaining the current list of algorithms to be
3111  * sent up to the ESP listeners.
3112  */
3113 void
3114 ipsecesp_algs_changed(netstack_t *ns)
3115 {
3116 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
3117 
3118 	/*
3119 	 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners
3120 	 * everywhere.  (The function itself checks for NULL esp_pfkey_q.)
3121 	 */
3122 	(void) esp_register_out(0, 0, 0, espstack);
3123 }
3124 
3125 /*
3126  * taskq_dispatch handler.
3127  */
3128 static void
3129 inbound_task(void *arg)
3130 {
3131 	esph_t *esph;
3132 	mblk_t *mp = (mblk_t *)arg;
3133 	ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr;
3134 	netstack_t		*ns = ii->ipsec_in_ns;
3135 	ipsecesp_stack_t	*espstack = ns->netstack_ipsecesp;
3136 	int ipsec_rc;
3137 
3138 	esp2dbg(espstack, ("in ESP inbound_task"));
3139 	ASSERT(espstack != NULL);
3140 
3141 	esph = ipsec_inbound_esp_sa(mp, ns);
3142 	if (esph == NULL)
3143 		return;
3144 	ASSERT(ii->ipsec_in_esp_sa != NULL);
3145 	ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph);
3146 	if (ipsec_rc != IPSEC_STATUS_SUCCESS)
3147 		return;
3148 	ip_fanout_proto_again(mp, NULL, NULL, NULL);
3149 }
3150 
3151 /*
3152  * Now that weak-key passed, actually ADD the security association, and
3153  * send back a reply ADD message.
3154  */
3155 static int
3156 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi,
3157     int *diagnostic, ipsecesp_stack_t *espstack)
3158 {
3159 	isaf_t *primary = NULL, *secondary, *inbound, *outbound;
3160 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3161 	sadb_address_t *dstext =
3162 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3163 	struct sockaddr_in *dst;
3164 	struct sockaddr_in6 *dst6;
3165 	boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE;
3166 	uint32_t *dstaddr;
3167 	ipsa_t *larval = NULL;
3168 	ipsacq_t *acqrec;
3169 	iacqf_t *acq_bucket;
3170 	mblk_t *acq_msgs = NULL;
3171 	int rc;
3172 	sadb_t *sp;
3173 	int outhash;
3174 	mblk_t *lpkt;
3175 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3176 
3177 	/*
3178 	 * Locate the appropriate table(s).
3179 	 */
3180 
3181 	dst = (struct sockaddr_in *)(dstext + 1);
3182 	dst6 = (struct sockaddr_in6 *)dst;
3183 	is_ipv4 = (dst->sin_family == AF_INET);
3184 	if (is_ipv4) {
3185 		sp = &espstack->esp_sadb.s_v4;
3186 		dstaddr = (uint32_t *)(&dst->sin_addr);
3187 		outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr);
3188 	} else {
3189 		sp = &espstack->esp_sadb.s_v6;
3190 		dstaddr = (uint32_t *)(&dst6->sin6_addr);
3191 		outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr);
3192 	}
3193 
3194 	inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi);
3195 	outbound = &sp->sdb_of[outhash];
3196 
3197 	/*
3198 	 * Use the direction flags provided by the KMD to determine
3199 	 * if the inbound or outbound table should be the primary
3200 	 * for this SA. If these flags were absent then make this
3201 	 * decision based on the addresses.
3202 	 */
3203 	if (assoc->sadb_sa_flags & IPSA_F_INBOUND) {
3204 		primary = inbound;
3205 		secondary = outbound;
3206 		is_inbound = B_TRUE;
3207 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND)
3208 			clone = B_TRUE;
3209 	} else {
3210 		if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) {
3211 			primary = outbound;
3212 			secondary = inbound;
3213 		}
3214 	}
3215 
3216 	if (primary == NULL) {
3217 		/*
3218 		 * The KMD did not set a direction flag, determine which
3219 		 * table to insert the SA into based on addresses.
3220 		 */
3221 		switch (ksi->ks_in_dsttype) {
3222 		case KS_IN_ADDR_MBCAST:
3223 			clone = B_TRUE;	/* All mcast SAs can be bidirectional */
3224 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3225 			/* FALLTHRU */
3226 		/*
3227 		 * If the source address is either one of mine, or unspecified
3228 		 * (which is best summed up by saying "not 'not mine'"),
3229 		 * then the association is potentially bi-directional,
3230 		 * in that it can be used for inbound traffic and outbound
3231 		 * traffic.  The best example of such an SA is a multicast
3232 		 * SA (which allows me to receive the outbound traffic).
3233 		 */
3234 		case KS_IN_ADDR_ME:
3235 			assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3236 			primary = inbound;
3237 			secondary = outbound;
3238 			if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME)
3239 				clone = B_TRUE;
3240 			is_inbound = B_TRUE;
3241 			break;
3242 		/*
3243 		 * If the source address literally not mine (either
3244 		 * unspecified or not mine), then this SA may have an
3245 		 * address that WILL be mine after some configuration.
3246 		 * We pay the price for this by making it a bi-directional
3247 		 * SA.
3248 		 */
3249 		case KS_IN_ADDR_NOTME:
3250 			assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3251 			primary = outbound;
3252 			secondary = inbound;
3253 			if (ksi->ks_in_srctype != KS_IN_ADDR_ME) {
3254 				assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3255 				clone = B_TRUE;
3256 			}
3257 			break;
3258 		default:
3259 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_DST;
3260 			return (EINVAL);
3261 		}
3262 	}
3263 
3264 	/*
3265 	 * Find a ACQUIRE list entry if possible.  If we've added an SA that
3266 	 * suits the needs of an ACQUIRE list entry, we can eliminate the
3267 	 * ACQUIRE list entry and transmit the enqueued packets.  Use the
3268 	 * high-bit of the sequence number to queue it.  Key off destination
3269 	 * addr, and change acqrec's state.
3270 	 */
3271 
3272 	if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) {
3273 		acq_bucket = &sp->sdb_acq[outhash];
3274 		mutex_enter(&acq_bucket->iacqf_lock);
3275 		for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL;
3276 		    acqrec = acqrec->ipsacq_next) {
3277 			mutex_enter(&acqrec->ipsacq_lock);
3278 			/*
3279 			 * Q:  I only check sequence.  Should I check dst?
3280 			 * A: Yes, check dest because those are the packets
3281 			 *    that are queued up.
3282 			 */
3283 			if (acqrec->ipsacq_seq == samsg->sadb_msg_seq &&
3284 			    IPSA_ARE_ADDR_EQUAL(dstaddr,
3285 			    acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam))
3286 				break;
3287 			mutex_exit(&acqrec->ipsacq_lock);
3288 		}
3289 		if (acqrec != NULL) {
3290 			/*
3291 			 * AHA!  I found an ACQUIRE record for this SA.
3292 			 * Grab the msg list, and free the acquire record.
3293 			 * I already am holding the lock for this record,
3294 			 * so all I have to do is free it.
3295 			 */
3296 			acq_msgs = acqrec->ipsacq_mp;
3297 			acqrec->ipsacq_mp = NULL;
3298 			mutex_exit(&acqrec->ipsacq_lock);
3299 			sadb_destroy_acquire(acqrec,
3300 			    espstack->ipsecesp_netstack);
3301 		}
3302 		mutex_exit(&acq_bucket->iacqf_lock);
3303 	}
3304 
3305 	/*
3306 	 * Find PF_KEY message, and see if I'm an update.  If so, find entry
3307 	 * in larval list (if there).
3308 	 */
3309 
3310 	if (samsg->sadb_msg_type == SADB_UPDATE) {
3311 		mutex_enter(&inbound->isaf_lock);
3312 		larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi,
3313 		    ALL_ZEROES_PTR, dstaddr, dst->sin_family);
3314 		mutex_exit(&inbound->isaf_lock);
3315 
3316 		if ((larval == NULL) ||
3317 		    (larval->ipsa_state != IPSA_STATE_LARVAL)) {
3318 			*diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND;
3319 			if (larval != NULL) {
3320 				IPSA_REFRELE(larval);
3321 			}
3322 			esp0dbg(("Larval update, but larval disappeared.\n"));
3323 			return (ESRCH);
3324 		} /* Else sadb_common_add unlinks it for me! */
3325 	}
3326 
3327 	lpkt = NULL;
3328 	if (larval != NULL)
3329 		lpkt = sadb_clear_lpkt(larval);
3330 
3331 	rc = sadb_common_add(espstack->esp_sadb.s_ip_q, espstack->esp_pfkey_q,
3332 	    mp, samsg, ksi, primary, secondary, larval, clone, is_inbound,
3333 	    diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb);
3334 
3335 	if (rc == 0 && lpkt != NULL) {
3336 		rc = !taskq_dispatch(esp_taskq, inbound_task,
3337 		    (void *) lpkt, TQ_NOSLEEP);
3338 	}
3339 
3340 	if (rc != 0) {
3341 		ip_drop_packet(lpkt, B_TRUE, NULL, NULL,
3342 		    DROPPER(ipss, ipds_sadb_inlarval_timeout),
3343 		    &espstack->esp_dropper);
3344 	}
3345 
3346 	/*
3347 	 * How much more stack will I create with all of these
3348 	 * esp_outbound() calls?
3349 	 */
3350 
3351 	while (acq_msgs != NULL) {
3352 		mblk_t *mp = acq_msgs;
3353 
3354 		acq_msgs = acq_msgs->b_next;
3355 		mp->b_next = NULL;
3356 		if (rc == 0) {
3357 			if (ipsec_outbound_sa(mp, IPPROTO_ESP)) {
3358 				((ipsec_out_t *)(mp->b_rptr))->
3359 				    ipsec_out_esp_done = B_TRUE;
3360 				if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) {
3361 					ipha_t *ipha;
3362 
3363 					/* do AH processing if needed */
3364 					if (!esp_do_outbound_ah(mp))
3365 						continue;
3366 
3367 					ipha = (ipha_t *)mp->b_cont->b_rptr;
3368 
3369 					/* finish IPsec processing */
3370 					if (is_ipv4) {
3371 						ip_wput_ipsec_out(NULL, mp,
3372 						    ipha, NULL, NULL);
3373 					} else {
3374 						ip6_t *ip6h = (ip6_t *)ipha;
3375 						ip_wput_ipsec_out_v6(NULL,
3376 						    mp, ip6h, NULL, NULL);
3377 					}
3378 				}
3379 				continue;
3380 			}
3381 		}
3382 		ESP_BUMP_STAT(espstack, out_discards);
3383 		ip_drop_packet(mp, B_FALSE, NULL, NULL,
3384 		    DROPPER(ipss, ipds_sadb_acquire_timeout),
3385 		    &espstack->esp_dropper);
3386 	}
3387 
3388 	return (rc);
3389 }
3390 
3391 /*
3392  * Add new ESP security association.  This may become a generic AH/ESP
3393  * routine eventually.
3394  */
3395 static int
3396 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns)
3397 {
3398 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3399 	sadb_address_t *srcext =
3400 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3401 	sadb_address_t *dstext =
3402 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3403 	sadb_address_t *isrcext =
3404 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC];
3405 	sadb_address_t *idstext =
3406 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST];
3407 	sadb_address_t *nttext_loc =
3408 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC];
3409 	sadb_address_t *nttext_rem =
3410 	    (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM];
3411 	sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH];
3412 	sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT];
3413 	struct sockaddr_in *src, *dst;
3414 	struct sockaddr_in *natt_loc, *natt_rem;
3415 	struct sockaddr_in6 *natt_loc6, *natt_rem6;
3416 	sadb_lifetime_t *soft =
3417 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT];
3418 	sadb_lifetime_t *hard =
3419 	    (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD];
3420 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3421 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
3422 
3423 	/* I need certain extensions present for an ADD message. */
3424 	if (srcext == NULL) {
3425 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC;
3426 		return (EINVAL);
3427 	}
3428 	if (dstext == NULL) {
3429 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3430 		return (EINVAL);
3431 	}
3432 	if (isrcext == NULL && idstext != NULL) {
3433 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC;
3434 		return (EINVAL);
3435 	}
3436 	if (isrcext != NULL && idstext == NULL) {
3437 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST;
3438 		return (EINVAL);
3439 	}
3440 	if (assoc == NULL) {
3441 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3442 		return (EINVAL);
3443 	}
3444 	if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
3445 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY;
3446 		return (EINVAL);
3447 	}
3448 
3449 	src = (struct sockaddr_in *)(srcext + 1);
3450 	dst = (struct sockaddr_in *)(dstext + 1);
3451 	natt_loc = (struct sockaddr_in *)(nttext_loc + 1);
3452 	natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1);
3453 	natt_rem = (struct sockaddr_in *)(nttext_rem + 1);
3454 	natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1);
3455 
3456 	/* Sundry ADD-specific reality checks. */
3457 	/* XXX STATS :  Logging/stats here? */
3458 	if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) {
3459 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
3460 		return (EINVAL);
3461 	}
3462 	if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) {
3463 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3464 		return (EINVAL);
3465 	}
3466 
3467 	if (assoc->sadb_sa_encrypt == SADB_EALG_NULL &&
3468 	    assoc->sadb_sa_auth == SADB_AALG_NONE) {
3469 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3470 		return (EINVAL);
3471 	}
3472 
3473 	if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3474 		*diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS;
3475 		return (EINVAL);
3476 	}
3477 
3478 	if ((*diagnostic = sadb_hardsoftchk(hard, soft)) != 0) {
3479 		return (EINVAL);
3480 	}
3481 	ASSERT(src->sin_family == dst->sin_family);
3482 
3483 	if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) {
3484 		if (nttext_loc == NULL) {
3485 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC;
3486 			return (EINVAL);
3487 		}
3488 
3489 		if (natt_loc->sin_family == AF_INET6 &&
3490 		    !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) {
3491 			*diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC;
3492 			return (EINVAL);
3493 		}
3494 	}
3495 
3496 	if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) {
3497 		if (nttext_rem == NULL) {
3498 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM;
3499 			return (EINVAL);
3500 		}
3501 		if (natt_rem->sin_family == AF_INET6 &&
3502 		    !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) {
3503 			*diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM;
3504 			return (EINVAL);
3505 		}
3506 	}
3507 
3508 
3509 	/* Stuff I don't support, for now.  XXX Diagnostic? */
3510 	if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL ||
3511 	    ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL)
3512 		return (EOPNOTSUPP);
3513 
3514 	/*
3515 	 * XXX Policy :  I'm not checking identities or sensitivity
3516 	 * labels at this time, but if I did, I'd do them here, before I sent
3517 	 * the weak key check up to the algorithm.
3518 	 */
3519 
3520 	mutex_enter(&ipss->ipsec_alg_lock);
3521 
3522 	/*
3523 	 * First locate the authentication algorithm.
3524 	 */
3525 	if (akey != NULL) {
3526 		ipsec_alginfo_t *aalg;
3527 
3528 		aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
3529 		    [assoc->sadb_sa_auth];
3530 		if (aalg == NULL || !ALG_VALID(aalg)) {
3531 			mutex_exit(&ipss->ipsec_alg_lock);
3532 			esp1dbg(espstack, ("Couldn't find auth alg #%d.\n",
3533 			    assoc->sadb_sa_auth));
3534 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3535 			return (EINVAL);
3536 		}
3537 
3538 		/*
3539 		 * Sanity check key sizes.
3540 		 * Note: It's not possible to use SADB_AALG_NONE because
3541 		 * this auth_alg is not defined with ALG_FLAG_VALID. If this
3542 		 * ever changes, the same check for SADB_AALG_NONE and
3543 		 * a auth_key != NULL should be made here ( see below).
3544 		 */
3545 		if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) {
3546 			mutex_exit(&ipss->ipsec_alg_lock);
3547 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
3548 			return (EINVAL);
3549 		}
3550 		ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3551 
3552 		/* check key and fix parity if needed */
3553 		if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE,
3554 		    diagnostic) != 0) {
3555 			mutex_exit(&ipss->ipsec_alg_lock);
3556 			return (EINVAL);
3557 		}
3558 	}
3559 
3560 	/*
3561 	 * Then locate the encryption algorithm.
3562 	 */
3563 	if (ekey != NULL) {
3564 		ipsec_alginfo_t *ealg;
3565 
3566 		ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
3567 		    [assoc->sadb_sa_encrypt];
3568 		if (ealg == NULL || !ALG_VALID(ealg)) {
3569 			mutex_exit(&ipss->ipsec_alg_lock);
3570 			esp1dbg(espstack, ("Couldn't find encr alg #%d.\n",
3571 			    assoc->sadb_sa_encrypt));
3572 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3573 			return (EINVAL);
3574 		}
3575 
3576 		/*
3577 		 * Sanity check key sizes. If the encryption algorithm is
3578 		 * SADB_EALG_NULL but the encryption key is NOT
3579 		 * NULL then complain.
3580 		 */
3581 		if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
3582 		    (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg))) {
3583 			mutex_exit(&ipss->ipsec_alg_lock);
3584 			*diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS;
3585 			return (EINVAL);
3586 		}
3587 		ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3588 
3589 		/* check key */
3590 		if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE,
3591 		    diagnostic) != 0) {
3592 			mutex_exit(&ipss->ipsec_alg_lock);
3593 			return (EINVAL);
3594 		}
3595 	}
3596 	mutex_exit(&ipss->ipsec_alg_lock);
3597 
3598 	return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
3599 	    diagnostic, espstack));
3600 }
3601 
3602 /*
3603  * Update a security association.  Updates come in two varieties.  The first
3604  * is an update of lifetimes on a non-larval SA.  The second is an update of
3605  * a larval SA, which ends up looking a lot more like an add.
3606  */
3607 static int
3608 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3609     ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3610 {
3611 	sadb_address_t *dstext =
3612 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3613 
3614 	if (dstext == NULL) {
3615 		*diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3616 		return (EINVAL);
3617 	}
3618 
3619 	return (sadb_update_sa(mp, ksi, &espstack->esp_sadb,
3620 	    diagnostic, espstack->esp_pfkey_q,
3621 	    esp_add_sa, espstack->ipsecesp_netstack, sadb_msg_type));
3622 }
3623 
3624 /*
3625  * Delete a security association.  This is REALLY likely to be code common to
3626  * both AH and ESP.  Find the association, then unlink it.
3627  */
3628 static int
3629 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3630     ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3631 {
3632 	sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3633 	sadb_address_t *dstext =
3634 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3635 	sadb_address_t *srcext =
3636 	    (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3637 	struct sockaddr_in *sin;
3638 
3639 	if (assoc == NULL) {
3640 		if (dstext != NULL) {
3641 			sin = (struct sockaddr_in *)(dstext + 1);
3642 		} else if (srcext != NULL) {
3643 			sin = (struct sockaddr_in *)(srcext + 1);
3644 		} else {
3645 			*diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3646 			return (EINVAL);
3647 		}
3648 		return (sadb_purge_sa(mp, ksi,
3649 		    (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 :
3650 		    &espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
3651 		    espstack->esp_sadb.s_ip_q));
3652 	}
3653 
3654 	return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic,
3655 	    espstack->esp_pfkey_q, sadb_msg_type));
3656 }
3657 
3658 /*
3659  * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP
3660  * messages.
3661  */
3662 static void
3663 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
3664 {
3665 	int error;
3666 	sadb_msg_t *samsg;
3667 
3668 	/*
3669 	 * Dump each fanout, bailing if error is non-zero.
3670 	 */
3671 
3672 	error = sadb_dump(espstack->esp_pfkey_q, mp, ksi->ks_in_serial,
3673 	    &espstack->esp_sadb.s_v4);
3674 	if (error != 0)
3675 		goto bail;
3676 
3677 	error = sadb_dump(espstack->esp_pfkey_q, mp, ksi->ks_in_serial,
3678 	    &espstack->esp_sadb.s_v6);
3679 bail:
3680 	ASSERT(mp->b_cont != NULL);
3681 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
3682 	samsg->sadb_msg_errno = (uint8_t)error;
3683 	sadb_pfkey_echo(espstack->esp_pfkey_q, mp,
3684 	    (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL);
3685 }
3686 
3687 /*
3688  * First-cut reality check for an inbound PF_KEY message.
3689  */
3690 static boolean_t
3691 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi,
3692     ipsecesp_stack_t *espstack)
3693 {
3694 	int diagnostic;
3695 
3696 	if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) {
3697 		diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT;
3698 		goto badmsg;
3699 	}
3700 	if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL ||
3701 	    ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) {
3702 		diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT;
3703 		goto badmsg;
3704 	}
3705 	return (B_FALSE);	/* False ==> no failures */
3706 
3707 badmsg:
3708 	sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
3709 	    ksi->ks_in_serial);
3710 	return (B_TRUE);	/* True ==> failures */
3711 }
3712 
3713 /*
3714  * ESP parsing of PF_KEY messages.  Keysock did most of the really silly
3715  * error cases.  What I receive is a fully-formed, syntactically legal
3716  * PF_KEY message.  I then need to check semantics...
3717  *
3718  * This code may become common to AH and ESP.  Stay tuned.
3719  *
3720  * I also make the assumption that db_ref's are cool.  If this assumption
3721  * is wrong, this means that someone other than keysock or me has been
3722  * mucking with PF_KEY messages.
3723  */
3724 static void
3725 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack)
3726 {
3727 	mblk_t *msg = mp->b_cont;
3728 	sadb_msg_t *samsg;
3729 	keysock_in_t *ksi;
3730 	int error;
3731 	int diagnostic = SADB_X_DIAGNOSTIC_NONE;
3732 
3733 	ASSERT(msg != NULL);
3734 
3735 	samsg = (sadb_msg_t *)msg->b_rptr;
3736 	ksi = (keysock_in_t *)mp->b_rptr;
3737 
3738 	/*
3739 	 * If applicable, convert unspecified AF_INET6 to unspecified
3740 	 * AF_INET.  And do other address reality checks.
3741 	 */
3742 	if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp,
3743 	    espstack->ipsecesp_netstack) ||
3744 	    esp_pfkey_reality_failures(mp, ksi, espstack)) {
3745 		return;
3746 	}
3747 
3748 	switch (samsg->sadb_msg_type) {
3749 	case SADB_ADD:
3750 		error = esp_add_sa(mp, ksi, &diagnostic,
3751 		    espstack->ipsecesp_netstack);
3752 		if (error != 0) {
3753 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3754 			    diagnostic, ksi->ks_in_serial);
3755 		}
3756 		/* else esp_add_sa() took care of things. */
3757 		break;
3758 	case SADB_DELETE:
3759 	case SADB_X_DELPAIR:
3760 		error = esp_del_sa(mp, ksi, &diagnostic, espstack,
3761 		    samsg->sadb_msg_type);
3762 		if (error != 0) {
3763 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3764 			    diagnostic, ksi->ks_in_serial);
3765 		}
3766 		/* Else esp_del_sa() took care of things. */
3767 		break;
3768 	case SADB_GET:
3769 		error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb,
3770 		    &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type);
3771 		if (error != 0) {
3772 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3773 			    diagnostic, ksi->ks_in_serial);
3774 		}
3775 		/* Else sadb_get_sa() took care of things. */
3776 		break;
3777 	case SADB_FLUSH:
3778 		sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack);
3779 		sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL);
3780 		break;
3781 	case SADB_REGISTER:
3782 		/*
3783 		 * Hmmm, let's do it!  Check for extensions (there should
3784 		 * be none), extract the fields, call esp_register_out(),
3785 		 * then either free or report an error.
3786 		 *
3787 		 * Keysock takes care of the PF_KEY bookkeeping for this.
3788 		 */
3789 		if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid,
3790 		    ksi->ks_in_serial, espstack)) {
3791 			freemsg(mp);
3792 		} else {
3793 			/*
3794 			 * Only way this path hits is if there is a memory
3795 			 * failure.  It will not return B_FALSE because of
3796 			 * lack of esp_pfkey_q if I am in wput().
3797 			 */
3798 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM,
3799 			    diagnostic, ksi->ks_in_serial);
3800 		}
3801 		break;
3802 	case SADB_UPDATE:
3803 	case SADB_X_UPDATEPAIR:
3804 		/*
3805 		 * Find a larval, if not there, find a full one and get
3806 		 * strict.
3807 		 */
3808 		error = esp_update_sa(mp, ksi, &diagnostic, espstack,
3809 		    samsg->sadb_msg_type);
3810 		if (error != 0) {
3811 			sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3812 			    diagnostic, ksi->ks_in_serial);
3813 		}
3814 		/* else esp_update_sa() took care of things. */
3815 		break;
3816 	case SADB_GETSPI:
3817 		/*
3818 		 * Reserve a new larval entry.
3819 		 */
3820 		esp_getspi(mp, ksi, espstack);
3821 		break;
3822 	case SADB_ACQUIRE:
3823 		/*
3824 		 * Find larval and/or ACQUIRE record and kill it (them), I'm
3825 		 * most likely an error.  Inbound ACQUIRE messages should only
3826 		 * have the base header.
3827 		 */
3828 		sadb_in_acquire(samsg, &espstack->esp_sadb,
3829 		    espstack->esp_pfkey_q, espstack->ipsecesp_netstack);
3830 		freemsg(mp);
3831 		break;
3832 	case SADB_DUMP:
3833 		/*
3834 		 * Dump all entries.
3835 		 */
3836 		esp_dump(mp, ksi, espstack);
3837 		/* esp_dump will take care of the return message, etc. */
3838 		break;
3839 	case SADB_EXPIRE:
3840 		/* Should never reach me. */
3841 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP,
3842 		    diagnostic, ksi->ks_in_serial);
3843 		break;
3844 	default:
3845 		sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL,
3846 		    SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial);
3847 		break;
3848 	}
3849 }
3850 
3851 /*
3852  * Handle case where PF_KEY says it can't find a keysock for one of my
3853  * ACQUIRE messages.
3854  */
3855 static void
3856 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack)
3857 {
3858 	sadb_msg_t *samsg;
3859 	keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr;
3860 
3861 	if (mp->b_cont == NULL) {
3862 		freemsg(mp);
3863 		return;
3864 	}
3865 	samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
3866 
3867 	/*
3868 	 * If keysock can't find any registered, delete the acquire record
3869 	 * immediately, and handle errors.
3870 	 */
3871 	if (samsg->sadb_msg_type == SADB_ACQUIRE) {
3872 		samsg->sadb_msg_errno = kse->ks_err_errno;
3873 		samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg));
3874 		/*
3875 		 * Use the write-side of the esp_pfkey_q, in case there is
3876 		 * no esp_sadb.s_ip_q.
3877 		 */
3878 		sadb_in_acquire(samsg, &espstack->esp_sadb,
3879 		    WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack);
3880 	}
3881 
3882 	freemsg(mp);
3883 }
3884 
3885 /*
3886  * ESP module write put routine.
3887  */
3888 static void
3889 ipsecesp_wput(queue_t *q, mblk_t *mp)
3890 {
3891 	ipsec_info_t *ii;
3892 	struct iocblk *iocp;
3893 	ipsecesp_stack_t	*espstack = (ipsecesp_stack_t *)q->q_ptr;
3894 
3895 	esp3dbg(espstack, ("In esp_wput().\n"));
3896 
3897 	/* NOTE: Each case must take care of freeing or passing mp. */
3898 	switch (mp->b_datap->db_type) {
3899 	case M_CTL:
3900 		if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) {
3901 			/* Not big enough message. */
3902 			freemsg(mp);
3903 			break;
3904 		}
3905 		ii = (ipsec_info_t *)mp->b_rptr;
3906 
3907 		switch (ii->ipsec_info_type) {
3908 		case KEYSOCK_OUT_ERR:
3909 			esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n"));
3910 			esp_keysock_no_socket(mp, espstack);
3911 			break;
3912 		case KEYSOCK_IN:
3913 			ESP_BUMP_STAT(espstack, keysock_in);
3914 			esp3dbg(espstack, ("Got KEYSOCK_IN message.\n"));
3915 
3916 			/* Parse the message. */
3917 			esp_parse_pfkey(mp, espstack);
3918 			break;
3919 		case KEYSOCK_HELLO:
3920 			sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp,
3921 			    esp_ager, (void *)espstack, &espstack->esp_event,
3922 			    SADB_SATYPE_ESP);
3923 			break;
3924 		default:
3925 			esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n",
3926 			    ii->ipsec_info_type));
3927 			freemsg(mp);
3928 			break;
3929 		}
3930 		break;
3931 	case M_IOCTL:
3932 		iocp = (struct iocblk *)mp->b_rptr;
3933 		switch (iocp->ioc_cmd) {
3934 		case ND_SET:
3935 		case ND_GET:
3936 			if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) {
3937 				qreply(q, mp);
3938 				return;
3939 			} else {
3940 				iocp->ioc_error = ENOENT;
3941 			}
3942 			/* FALLTHRU */
3943 		default:
3944 			/* We really don't support any other ioctls, do we? */
3945 
3946 			/* Return EINVAL */
3947 			if (iocp->ioc_error != ENOENT)
3948 				iocp->ioc_error = EINVAL;
3949 			iocp->ioc_count = 0;
3950 			mp->b_datap->db_type = M_IOCACK;
3951 			qreply(q, mp);
3952 			return;
3953 		}
3954 	default:
3955 		esp3dbg(espstack,
3956 		    ("Got default message, type %d, passing to IP.\n",
3957 		    mp->b_datap->db_type));
3958 		putnext(q, mp);
3959 	}
3960 }
3961 
3962 /*
3963  * Process an outbound ESP packet that can be accelerated by a IPsec
3964  * hardware acceleration capable Provider.
3965  * The caller already inserted and initialized the ESP header.
3966  * This function allocates a tagging M_CTL, and adds room at the end
3967  * of the packet to hold the ICV if authentication is needed.
3968  *
3969  * On success returns B_TRUE, on failure returns B_FALSE and frees the
3970  * mblk chain ipsec_out.
3971  */
3972 static ipsec_status_t
3973 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len)
3974 {
3975 	ipsec_out_t *io;
3976 	mblk_t *lastmp;
3977 	netstack_t	*ns;
3978 	ipsecesp_stack_t *espstack;
3979 	ipsec_stack_t	*ipss;
3980 
3981 	io = (ipsec_out_t *)ipsec_out->b_rptr;
3982 	ns = io->ipsec_out_ns;
3983 	espstack = ns->netstack_ipsecesp;
3984 	ipss = ns->netstack_ipsec;
3985 
3986 	ESP_BUMP_STAT(espstack, out_accelerated);
3987 
3988 	/* mark packet as being accelerated in IPSEC_OUT */
3989 	ASSERT(io->ipsec_out_accelerated == B_FALSE);
3990 	io->ipsec_out_accelerated = B_TRUE;
3991 
3992 	/*
3993 	 * add room at the end of the packet for the ICV if needed
3994 	 */
3995 	if (icv_len > 0) {
3996 		/* go to last mblk */
3997 		lastmp = ipsec_out;	/* For following while loop. */
3998 		do {
3999 			lastmp = lastmp->b_cont;
4000 		} while (lastmp->b_cont != NULL);
4001 
4002 		/* if not enough available room, allocate new mblk */
4003 		if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) {
4004 			lastmp->b_cont = allocb(icv_len, BPRI_HI);
4005 			if (lastmp->b_cont == NULL) {
4006 				ESP_BUMP_STAT(espstack, out_discards);
4007 				ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL,
4008 				    DROPPER(ipss, ipds_esp_nomem),
4009 				    &espstack->esp_dropper);
4010 				return (IPSEC_STATUS_FAILED);
4011 			}
4012 			lastmp = lastmp->b_cont;
4013 		}
4014 		lastmp->b_wptr += icv_len;
4015 	}
4016 
4017 	return (IPSEC_STATUS_SUCCESS);
4018 }
4019 
4020 /*
4021  * Process an inbound accelerated ESP packet.
4022  * On success returns B_TRUE, on failure returns B_FALSE and frees the
4023  * mblk chain ipsec_in.
4024  */
4025 static ipsec_status_t
4026 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4,
4027     ipsa_t *assoc)
4028 {
4029 	ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr;
4030 	mblk_t *hada_mp;
4031 	uint32_t icv_len = 0;
4032 	da_ipsec_t *hada;
4033 	ipha_t *ipha;
4034 	ip6_t *ip6h;
4035 	kstat_named_t *counter;
4036 	netstack_t	*ns = ii->ipsec_in_ns;
4037 	ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
4038 	ipsec_stack_t	*ipss = ns->netstack_ipsec;
4039 
4040 	ESP_BUMP_STAT(espstack, in_accelerated);
4041 
4042 	hada_mp = ii->ipsec_in_da;
4043 	ASSERT(hada_mp != NULL);
4044 	hada = (da_ipsec_t *)hada_mp->b_rptr;
4045 
4046 	/*
4047 	 * We only support one level of decapsulation in hardware, so
4048 	 * nuke the pointer.
4049 	 */
4050 	ii->ipsec_in_da = NULL;
4051 	ii->ipsec_in_accelerated = B_FALSE;
4052 
4053 	if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) {
4054 		/*
4055 		 * ESP with authentication. We expect the Provider to have
4056 		 * computed the ICV and placed it in the hardware acceleration
4057 		 * data attributes.
4058 		 *
4059 		 * Extract ICV length from attributes M_CTL and sanity check
4060 		 * its value. We allow the mblk to be smaller than da_ipsec_t
4061 		 * for a small ICV, as long as the entire ICV fits within the
4062 		 * mblk.
4063 		 *
4064 		 * Also ensures that the ICV length computed by Provider
4065 		 * corresponds to the ICV length of the agorithm specified by
4066 		 * the SA.
4067 		 */
4068 		icv_len = hada->da_icv_len;
4069 		if ((icv_len != assoc->ipsa_mac_len) ||
4070 		    (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) <
4071 		    (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) {
4072 			esp0dbg(("esp_inbound_accelerated: "
4073 			    "ICV len (%u) incorrect or mblk too small (%u)\n",
4074 			    icv_len, (uint32_t)(MBLKL(hada_mp))));
4075 			counter = DROPPER(ipss, ipds_esp_bad_auth);
4076 			goto esp_in_discard;
4077 		}
4078 	}
4079 
4080 	/* get pointers to IP header */
4081 	if (isv4) {
4082 		ipha = (ipha_t *)data_mp->b_rptr;
4083 	} else {
4084 		ip6h = (ip6_t *)data_mp->b_rptr;
4085 	}
4086 
4087 	/*
4088 	 * Compare ICV in ESP packet vs ICV computed by adapter.
4089 	 * We also remove the ICV from the end of the packet since
4090 	 * it will no longer be needed.
4091 	 *
4092 	 * Assume that esp_inbound() already ensured that the pkt
4093 	 * was in one mblk.
4094 	 */
4095 	ASSERT(data_mp->b_cont == NULL);
4096 	data_mp->b_wptr -= icv_len;
4097 	/* adjust IP header */
4098 	if (isv4)
4099 		ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len);
4100 	else
4101 		ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len);
4102 	if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) {
4103 		int af;
4104 		void *addr;
4105 
4106 		if (isv4) {
4107 			addr = &ipha->ipha_dst;
4108 			af = AF_INET;
4109 		} else {
4110 			addr = &ip6h->ip6_dst;
4111 			af = AF_INET6;
4112 		}
4113 
4114 		/*
4115 		 * Log the event. Don't print to the console, block
4116 		 * potential denial-of-service attack.
4117 		 */
4118 		ESP_BUMP_STAT(espstack, bad_auth);
4119 		ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
4120 		    "ESP Authentication failed spi %x, dst_addr %s",
4121 		    assoc->ipsa_spi, addr, af, espstack->ipsecesp_netstack);
4122 		counter = DROPPER(ipss, ipds_esp_bad_auth);
4123 		goto esp_in_discard;
4124 	}
4125 
4126 	esp3dbg(espstack, ("esp_inbound_accelerated: ESP authentication "
4127 	    "succeeded, checking replay\n"));
4128 
4129 	ipsec_in->b_cont = data_mp;
4130 
4131 	/*
4132 	 * Remove ESP header and padding from packet.
4133 	 */
4134 	if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len,
4135 	    &counter, espstack)) {
4136 		esp1dbg(espstack, ("esp_inbound_accelerated: "
4137 		    "esp_strip_header() failed\n"));
4138 		goto esp_in_discard;
4139 	}
4140 
4141 	freeb(hada_mp);
4142 
4143 	/*
4144 	 * Account for usage..
4145 	 */
4146 	if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) {
4147 		/* The ipsa has hit hard expiration, LOG and AUDIT. */
4148 		ESP_BUMP_STAT(espstack, bytes_expired);
4149 		IP_ESP_BUMP_STAT(ipss, in_discards);
4150 		ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
4151 		    "ESP association 0x%x, dst %s had bytes expire.\n",
4152 		    assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
4153 		    espstack->ipsecesp_netstack);
4154 		ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL,
4155 		    DROPPER(ipss, ipds_esp_bytes_expire),
4156 		    &espstack->esp_dropper);
4157 		return (IPSEC_STATUS_FAILED);
4158 	}
4159 
4160 	/* done processing the packet */
4161 	return (IPSEC_STATUS_SUCCESS);
4162 
4163 esp_in_discard:
4164 	IP_ESP_BUMP_STAT(ipss, in_discards);
4165 	freeb(hada_mp);
4166 
4167 	ipsec_in->b_cont = data_mp;	/* For ip_drop_packet()'s sake... */
4168 	ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter,
4169 	    &espstack->esp_dropper);
4170 
4171 	return (IPSEC_STATUS_FAILED);
4172 }
4173 
4174 /*
4175  * Wrapper to allow IP to trigger an ESP association failure message
4176  * during inbound SA selection.
4177  */
4178 void
4179 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt,
4180     uint32_t spi, void *addr, int af, ipsecesp_stack_t *espstack)
4181 {
4182 	ipsec_stack_t	*ipss = espstack->ipsecesp_netstack->netstack_ipsec;
4183 
4184 	if (espstack->ipsecesp_log_unknown_spi) {
4185 		ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi,
4186 		    addr, af, espstack->ipsecesp_netstack);
4187 	}
4188 
4189 	ip_drop_packet(mp, B_TRUE, NULL, NULL,
4190 	    DROPPER(ipss, ipds_esp_no_sa),
4191 	    &espstack->esp_dropper);
4192 }
4193 
4194 /*
4195  * Initialize the ESP input and output processing functions.
4196  */
4197 void
4198 ipsecesp_init_funcs(ipsa_t *sa)
4199 {
4200 	if (sa->ipsa_output_func == NULL)
4201 		sa->ipsa_output_func = esp_outbound;
4202 	if (sa->ipsa_input_func == NULL)
4203 		sa->ipsa_input_func = esp_inbound;
4204 }
4205