]> git.saurik.com Git - apple/xnu.git/blame - bsd/netkey/keysock.c
xnu-6153.61.1.tar.gz
[apple/xnu.git] / bsd / netkey / keysock.c
CommitLineData
39037602 1/*
cb323159 2 * Copyright (c) 2019 Apple Inc. All rights reserved.
39037602
A
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
1c79356b
A
29/* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
30
31/*
32 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. Neither the name of the project nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
1c79356b
A
60/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
61
1c79356b
A
62#include <sys/types.h>
63#include <sys/param.h>
64#include <sys/systm.h>
65#include <sys/kernel.h>
1c79356b 66#include <sys/sysctl.h>
1c79356b 67#include <sys/mbuf.h>
39236c6e 68#include <sys/mcache.h>
1c79356b 69#include <sys/malloc.h>
1c79356b
A
70#include <sys/socket.h>
71#include <sys/socketvar.h>
72#include <sys/domain.h>
73#include <sys/protosw.h>
74#include <sys/errno.h>
1c79356b 75
91447636 76#include <kern/locks.h>
1c79356b
A
77
78#include <net/raw_cb.h>
79#include <net/route.h>
80
81#include <net/pfkeyv2.h>
82#include <netkey/keydb.h>
83#include <netkey/key.h>
84#include <netkey/keysock.h>
85#include <netkey/key_debug.h>
86
91447636 87extern lck_mtx_t *raw_mtx;
39236c6e 88extern void key_init(struct protosw *, struct domain *);
91447636 89
cb323159
A
90struct sockaddr key_dst = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
91struct sockaddr key_src = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
1c79356b 92
39236c6e 93static void key_dinit(struct domain *);
91447636 94static int key_sendup0(struct rawcb *, struct mbuf *, int);
1c79356b
A
95
96struct pfkeystat pfkeystat;
97
39236c6e 98static struct domain *keydomain = NULL;
2d21ac55
A
99
100extern lck_mtx_t *pfkey_stat_mutex;
101
1c79356b 102/*
9bccf70c 103 * key_output()
1c79356b 104 */
1c79356b 105int
9bccf70c
A
106#ifdef __APPLE__
107/* No variable argument support? */
108key_output(struct mbuf *m, struct socket *so)
1c79356b 109#else
9bccf70c
A
110#if __STDC__
111key_output(struct mbuf *m, ...)
1c79356b 112#else
9bccf70c 113key_output(m, va_alist)
0a7de745
A
114struct mbuf *m;
115va_dcl
1c79356b 116#endif
1c79356b 117#endif
1c79356b 118{
9bccf70c 119 struct sadb_msg *msg;
1c79356b 120 int len, error = 0;
9bccf70c
A
121#ifndef __APPLE__
122 struct socket *so;
123 va_list ap;
124
125 va_start(ap, m);
126 so = va_arg(ap, struct socket *);
127 va_end(ap);
128#endif
1c79356b 129
0a7de745 130 if (m == 0) {
1c79356b 131 panic("key_output: NULL pointer was passed.\n");
0a7de745 132 }
1c79356b 133
91447636 134 socket_unlock(so, 0);
2d21ac55 135 lck_mtx_lock(pfkey_stat_mutex);
1c79356b
A
136 pfkeystat.out_total++;
137 pfkeystat.out_bytes += m->m_pkthdr.len;
2d21ac55 138 lck_mtx_unlock(pfkey_stat_mutex);
1c79356b
A
139
140 len = m->m_pkthdr.len;
141 if (len < sizeof(struct sadb_msg)) {
142#if IPSEC_DEBUG
143 printf("key_output: Invalid message length.\n");
144#endif
2d21ac55 145 PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
1c79356b
A
146 error = EINVAL;
147 goto end;
148 }
149
150 if (m->m_len < sizeof(struct sadb_msg)) {
151 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
152#if IPSEC_DEBUG
153 printf("key_output: can't pullup mbuf\n");
154#endif
2d21ac55 155 PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
1c79356b
A
156 error = ENOBUFS;
157 goto end;
158 }
159 }
160
0a7de745 161 if ((m->m_flags & M_PKTHDR) == 0) {
1c79356b 162 panic("key_output: not M_PKTHDR ??");
0a7de745 163 }
1c79356b 164
9bccf70c 165#if IPSEC_DEBUG
1c79356b
A
166 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
167#endif /* defined(IPSEC_DEBUG) */
168
169 msg = mtod(m, struct sadb_msg *);
2d21ac55 170 PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
1c79356b
A
171 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
172#if IPSEC_DEBUG
173 printf("key_output: Invalid message length.\n");
174#endif
2d21ac55 175 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
1c79356b
A
176 error = EINVAL;
177 goto end;
178 }
179
9bccf70c
A
180 error = key_parse(m, so);
181 m = NULL;
91447636 182
1c79356b 183end:
0a7de745 184 if (m) {
9bccf70c 185 m_freem(m);
0a7de745 186 }
91447636 187 socket_lock(so, 0);
9bccf70c 188 return error;
1c79356b
A
189}
190
191/*
192 * send message to the socket.
193 */
194static int
39037602 195key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
1c79356b 196{
9bccf70c
A
197 int error;
198
1c79356b
A
199 if (promisc) {
200 struct sadb_msg *pmsg;
201
3e170ce0 202 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
0a7de745 203 if (m && m->m_len < sizeof(struct sadb_msg)) {
1c79356b 204 m = m_pullup(m, sizeof(struct sadb_msg));
0a7de745 205 }
1c79356b
A
206 if (!m) {
207#if IPSEC_DEBUG
208 printf("key_sendup0: cannot pullup\n");
209#endif
2d21ac55 210 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b
A
211 m_freem(m);
212 return ENOBUFS;
213 }
214 m->m_pkthdr.len += sizeof(*pmsg);
215
216 pmsg = mtod(m, struct sadb_msg *);
217 bzero(pmsg, sizeof(*pmsg));
218 pmsg->sadb_msg_version = PF_KEY_V2;
219 pmsg->sadb_msg_type = SADB_X_PROMISC;
220 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
221 /* pid and seq? */
222
2d21ac55 223 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
1c79356b
A
224 }
225
9bccf70c 226 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
91447636 227 m, NULL, &error)) {
1c79356b
A
228#if IPSEC_DEBUG
229 printf("key_sendup0: sbappendaddr failed\n");
230#endif
2d21ac55 231 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
0a7de745 232 } else {
91447636
A
233 sorwakeup(rp->rcb_socket);
234 }
9bccf70c 235 return error;
1c79356b
A
236}
237
1c79356b 238
9bccf70c 239/* so can be NULL if target != KEY_SENDUP_ONE */
1c79356b 240int
39037602 241key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
1c79356b
A
242{
243 struct mbuf *n;
244 struct keycb *kp;
245 int sendup;
246 struct rawcb *rp;
9bccf70c 247 int error = 0;
1c79356b 248
0a7de745 249 if (m == NULL) {
9bccf70c 250 panic("key_sendup_mbuf: NULL pointer was passed.\n");
0a7de745
A
251 }
252 if (so == NULL && target == KEY_SENDUP_ONE) {
1c79356b 253 panic("key_sendup_mbuf: NULL pointer was passed.\n");
0a7de745 254 }
1c79356b 255
2d21ac55 256 lck_mtx_lock(pfkey_stat_mutex);
1c79356b
A
257 pfkeystat.in_total++;
258 pfkeystat.in_bytes += m->m_pkthdr.len;
2d21ac55 259 lck_mtx_unlock(pfkey_stat_mutex);
1c79356b
A
260 if (m->m_len < sizeof(struct sadb_msg)) {
261#if 1
262 m = m_pullup(m, sizeof(struct sadb_msg));
263 if (m == NULL) {
2d21ac55 264 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b
A
265 return ENOBUFS;
266 }
267#else
268 /* don't bother pulling it up just for stats */
269#endif
270 }
271 if (m->m_len >= sizeof(struct sadb_msg)) {
272 struct sadb_msg *msg;
273 msg = mtod(m, struct sadb_msg *);
2d21ac55 274 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
1c79356b 275 }
0a7de745 276
91447636 277 lck_mtx_lock(raw_mtx);
1c79356b 278 LIST_FOREACH(rp, &rawcb_list, list)
1c79356b 279 {
0a7de745 280 if (rp->rcb_proto.sp_family != PF_KEY) {
1c79356b 281 continue;
0a7de745 282 }
1c79356b 283 if (rp->rcb_proto.sp_protocol
0a7de745 284 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
1c79356b
A
285 continue;
286 }
287
288 kp = (struct keycb *)rp;
0a7de745 289
91447636 290 socket_lock(rp->rcb_socket, 1);
1c79356b
A
291 /*
292 * If you are in promiscuous mode, and when you get broadcasted
293 * reply, you'll get two PF_KEY messages.
294 * (based on pf_key@inner.net message on 14 Oct 1998)
295 */
296 if (((struct keycb *)rp)->kp_promisc) {
297 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
298 (void)key_sendup0(rp, n, 1);
299 n = NULL;
300 }
301 }
302
303 /* the exact target will be processed later */
91447636
A
304 if (so && sotorawcb(so) == rp) {
305 socket_unlock(rp->rcb_socket, 1);
1c79356b 306 continue;
91447636 307 }
1c79356b
A
308
309 sendup = 0;
310 switch (target) {
311 case KEY_SENDUP_ONE:
312 /* the statement has no effect */
1c79356b
A
313 break;
314 case KEY_SENDUP_ALL:
315 sendup++;
316 break;
317 case KEY_SENDUP_REGISTERED:
0a7de745 318 if (kp->kp_registered) {
1c79356b 319 sendup++;
0a7de745 320 }
1c79356b
A
321 break;
322 }
2d21ac55 323 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
1c79356b 324
91447636
A
325 if (!sendup) {
326 socket_unlock(rp->rcb_socket, 1);
1c79356b 327 continue;
0a7de745 328 } else {
91447636 329 sendup = 0; // clear for next iteration
0a7de745 330 }
1c79356b
A
331 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
332#if IPSEC_DEBUG
333 printf("key_sendup: m_copy fail\n");
334#endif
335 m_freem(m);
2d21ac55 336 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636
A
337 socket_unlock(rp->rcb_socket, 1);
338 lck_mtx_unlock(raw_mtx);
1c79356b
A
339 return ENOBUFS;
340 }
341
91447636
A
342 /*
343 * ignore error even if queue is full. PF_KEY does not
344 * guarantee the delivery of the message.
345 * this is important when target == KEY_SENDUP_ALL.
346 */
347 key_sendup0(rp, n, 0);
348 socket_unlock(rp->rcb_socket, 1);
1c79356b
A
349 n = NULL;
350 }
351
91447636 352 lck_mtx_unlock(raw_mtx);
9bccf70c 353 if (so) {
91447636 354 socket_lock(so, 1);
9bccf70c 355 error = key_sendup0(sotorawcb(so), m, 0);
91447636 356 socket_unlock(so, 1);
9bccf70c
A
357 m = NULL;
358 } else {
359 error = 0;
360 m_freem(m);
361 }
1c79356b
A
362 return error;
363}
364
1c79356b
A
365/*
366 * key_abort()
367 * derived from net/rtsock.c:rts_abort()
368 */
369static int
370key_abort(struct socket *so)
371{
91447636 372 int error;
1c79356b 373 error = raw_usrreqs.pru_abort(so);
1c79356b
A
374 return error;
375}
376
377/*
378 * key_attach()
379 * derived from net/rtsock.c:rts_attach()
380 */
381static int
382key_attach(struct socket *so, int proto, struct proc *p)
383{
384 struct keycb *kp;
91447636 385 int error;
1c79356b 386
0a7de745
A
387 if (sotorawcb(so) != 0) {
388 return EISCONN; /* XXX panic? */
389 }
390 kp = (struct keycb *)_MALLOC(sizeof(*kp), M_PCB,
3e170ce0 391 M_WAITOK | M_ZERO); /* XXX */
0a7de745 392 if (kp == 0) {
1c79356b 393 return ENOBUFS;
0a7de745 394 }
1c79356b 395
1c79356b 396 so->so_pcb = (caddr_t)kp;
91447636
A
397 kp->kp_promisc = kp->kp_registered = 0;
398 kp->kp_raw.rcb_laddr = &key_src;
399 kp->kp_raw.rcb_faddr = &key_dst;
400
1c79356b
A
401 error = raw_usrreqs.pru_attach(so, proto, p);
402 kp = (struct keycb *)sotorawcb(so);
403 if (error) {
404 _FREE(kp, M_PCB);
405 so->so_pcb = (caddr_t) 0;
91447636 406 so->so_flags |= SOF_PCBCLEARING;
1c79356b
A
407 printf("key_usrreq: key_usrreq results %d\n", error);
408 return error;
409 }
410
37839358 411 /* so is already locked when calling key_attach */
0a7de745 412 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
1c79356b 413 key_cb.key_count++;
0a7de745 414 }
1c79356b 415 key_cb.any_count++;
1c79356b
A
416 soisconnected(so);
417 so->so_options |= SO_USELOOPBACK;
418
1c79356b
A
419 return 0;
420}
421
422/*
423 * key_bind()
424 * derived from net/rtsock.c:rts_bind()
425 */
426static int
427key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
428{
91447636 429 int error;
1c79356b 430 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
1c79356b
A
431 return error;
432}
433
434/*
435 * key_connect()
436 * derived from net/rtsock.c:rts_connect()
437 */
438static int
439key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
440{
91447636 441 int error;
1c79356b 442 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
1c79356b
A
443 return error;
444}
445
446/*
447 * key_detach()
448 * derived from net/rtsock.c:rts_detach()
449 */
450static int
451key_detach(struct socket *so)
452{
453 struct keycb *kp = (struct keycb *)sotorawcb(so);
91447636 454 int error;
1c79356b 455
1c79356b 456 if (kp != 0) {
0a7de745 457 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
1c79356b 458 key_cb.key_count--;
0a7de745 459 }
1c79356b 460 key_cb.any_count--;
91447636 461 socket_unlock(so, 0);
1c79356b 462 key_freereg(so);
91447636 463 socket_lock(so, 0);
1c79356b
A
464 }
465 error = raw_usrreqs.pru_detach(so);
1c79356b
A
466 return error;
467}
468
469/*
470 * key_disconnect()
471 * derived from net/rtsock.c:key_disconnect()
472 */
473static int
474key_disconnect(struct socket *so)
475{
91447636 476 int error;
1c79356b 477 error = raw_usrreqs.pru_disconnect(so);
1c79356b
A
478 return error;
479}
480
481/*
482 * key_peeraddr()
483 * derived from net/rtsock.c:rts_peeraddr()
484 */
485static int
486key_peeraddr(struct socket *so, struct sockaddr **nam)
487{
91447636 488 int error;
1c79356b 489 error = raw_usrreqs.pru_peeraddr(so, nam);
1c79356b
A
490 return error;
491}
492
493/*
494 * key_send()
495 * derived from net/rtsock.c:rts_send()
496 */
497static int
498key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
0a7de745 499 struct mbuf *control, struct proc *p)
1c79356b 500{
91447636 501 int error;
1c79356b 502 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
1c79356b
A
503 return error;
504}
505
506/*
507 * key_shutdown()
508 * derived from net/rtsock.c:rts_shutdown()
509 */
510static int
511key_shutdown(struct socket *so)
512{
91447636 513 int error;
1c79356b 514 error = raw_usrreqs.pru_shutdown(so);
1c79356b
A
515 return error;
516}
517
518/*
519 * key_sockaddr()
520 * derived from net/rtsock.c:rts_sockaddr()
521 */
522static int
523key_sockaddr(struct socket *so, struct sockaddr **nam)
524{
91447636 525 int error;
1c79356b 526 error = raw_usrreqs.pru_sockaddr(so, nam);
1c79356b
A
527 return error;
528}
529
39236c6e 530static struct pr_usrreqs key_usrreqs = {
0a7de745
A
531 .pru_abort = key_abort,
532 .pru_attach = key_attach,
533 .pru_bind = key_bind,
534 .pru_connect = key_connect,
535 .pru_detach = key_detach,
536 .pru_disconnect = key_disconnect,
537 .pru_peeraddr = key_peeraddr,
538 .pru_send = key_send,
539 .pru_shutdown = key_shutdown,
540 .pru_sockaddr = key_sockaddr,
541 .pru_sosend = sosend,
542 .pru_soreceive = soreceive,
1c79356b 543};
1c79356b 544
1c79356b 545/* sysctl */
0a7de745 546SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Key Family");
1c79356b
A
547
548/*
549 * Definitions of protocols supported in the KEY domain.
550 */
551
39236c6e
A
552extern struct domain keydomain_s;
553
554static struct protosw keysw[] = {
0a7de745
A
555 {
556 .pr_type = SOCK_RAW,
557 .pr_protocol = PF_KEY_V2,
558 .pr_flags = PR_ATOMIC | PR_ADDR,
559 .pr_output = key_output,
560 .pr_ctlinput = raw_ctlinput,
561 .pr_init = key_init,
562 .pr_usrreqs = &key_usrreqs,
563 }
1c79356b
A
564};
565
0a7de745 566static int key_proto_count = (sizeof(keysw) / sizeof(struct protosw));
39236c6e
A
567
568struct domain keydomain_s = {
0a7de745
A
569 .dom_family = PF_KEY,
570 .dom_name = "key",
571 .dom_init = key_dinit,
572 .dom_maxrtkey = sizeof(struct key_cb),
2d21ac55 573};
1c79356b 574
39236c6e
A
575static void
576key_dinit(struct domain *dp)
577{
578 struct protosw *pr;
579 int i;
580
581 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
582 VERIFY(keydomain == NULL);
583
584 keydomain = dp;
585
0a7de745 586 for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) {
39236c6e 587 net_add_proto(pr, dp, 1);
0a7de745 588 }
39236c6e 589}