[apple/xnu.git] / bsd / netkey / keysock.c

/*	$KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/mbuf.h>
#include <sys/mcache.h>
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/domain.h>
#include <sys/protosw.h>
#include <sys/errno.h>

#include <kern/locks.h>

#include <net/raw_cb.h>
#include <net/route.h>

#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
#include <netkey/key.h>
#include <netkey/keysock.h>
#include <netkey/key_debug.h>

extern lck_mtx_t *raw_mtx;
extern void key_init(struct protosw *, struct domain *);

struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };

static void key_dinit(struct domain *);
static int key_sendup0(struct rawcb *, struct mbuf *, int);

struct pfkeystat pfkeystat;

static struct domain *keydomain = NULL;

extern lck_mtx_t *pfkey_stat_mutex;

/*
 * key_output()
 */
int
#ifdef __APPLE__
/* No variable argument support? */
key_output(struct mbuf *m, struct socket *so)
#else
#if __STDC__
key_output(struct mbuf *m, ...)
#else
key_output(m, va_alist)
	struct mbuf *m;
	va_dcl
#endif
#endif
{
	struct sadb_msg *msg;
	int len, error = 0;
#ifndef __APPLE__
	struct socket *so;
	va_list ap;

	va_start(ap, m);
	so = va_arg(ap, struct socket *);
	va_end(ap);
#endif

	if (m == 0)
		panic("key_output: NULL pointer was passed.\n");

	socket_unlock(so, 0);
	lck_mtx_lock(pfkey_stat_mutex);
	pfkeystat.out_total++;
	pfkeystat.out_bytes += m->m_pkthdr.len;
	lck_mtx_unlock(pfkey_stat_mutex);

	len = m->m_pkthdr.len;
	if (len < sizeof(struct sadb_msg)) {
#if IPSEC_DEBUG
		printf("key_output: Invalid message length.\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
		error = EINVAL;
		goto end;
	}

	if (m->m_len < sizeof(struct sadb_msg)) {
		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
#if IPSEC_DEBUG
			printf("key_output: can't pullup mbuf\n");
#endif
			PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
			error = ENOBUFS;
			goto end;
		}
	}

	if ((m->m_flags & M_PKTHDR) == 0)
		panic("key_output: not M_PKTHDR ??");

#if IPSEC_DEBUG
	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
#endif /* defined(IPSEC_DEBUG) */

	msg = mtod(m, struct sadb_msg *);
	PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
#if IPSEC_DEBUG
		printf("key_output: Invalid message length.\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
		error = EINVAL;
		goto end;
	}

	error = key_parse(m, so);
	m = NULL;

end:
	if (m)
		m_freem(m);
	socket_lock(so, 0);
	return error;
}

/*
 * send message to the socket.
 */
static int
key_sendup0(rp, m, promisc)
	struct rawcb *rp;
	struct mbuf *m;
	int promisc;
{
	int error;

	if (promisc) {
		struct sadb_msg *pmsg;

		M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
		if (m && m->m_len < sizeof(struct sadb_msg))
			m = m_pullup(m, sizeof(struct sadb_msg));
		if (!m) {
#if IPSEC_DEBUG
			printf("key_sendup0: cannot pullup\n");
#endif
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			m_freem(m);
			return ENOBUFS;
		}
		m->m_pkthdr.len += sizeof(*pmsg);

		pmsg = mtod(m, struct sadb_msg *);
		bzero(pmsg, sizeof(*pmsg));
		pmsg->sadb_msg_version = PF_KEY_V2;
		pmsg->sadb_msg_type = SADB_X_PROMISC;
		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
		/* pid and seq? */

		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
	}

	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
	    m, NULL, &error)) {
#if IPSEC_DEBUG
		printf("key_sendup0: sbappendaddr failed\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
	}
	else {
		sorwakeup(rp->rcb_socket);
	}
	return error;
}


/* so can be NULL if target != KEY_SENDUP_ONE */
int
key_sendup_mbuf(so, m, target)
	struct socket *so;
	struct mbuf *m;
	int target;
{
	struct mbuf *n;
	struct keycb *kp;
	int sendup;
	struct rawcb *rp;
	int error = 0;

	if (m == NULL)
		panic("key_sendup_mbuf: NULL pointer was passed.\n");
	if (so == NULL && target == KEY_SENDUP_ONE)
		panic("key_sendup_mbuf: NULL pointer was passed.\n");

	lck_mtx_lock(pfkey_stat_mutex);
	pfkeystat.in_total++;
	pfkeystat.in_bytes += m->m_pkthdr.len;
	lck_mtx_unlock(pfkey_stat_mutex);
	if (m->m_len < sizeof(struct sadb_msg)) {
#if 1
		m = m_pullup(m, sizeof(struct sadb_msg));
		if (m == NULL) {
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			return ENOBUFS;
		}
#else
		/* don't bother pulling it up just for stats */
#endif
	}
	if (m->m_len >= sizeof(struct sadb_msg)) {
		struct sadb_msg *msg;
		msg = mtod(m, struct sadb_msg *);
		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
	}
	
	lck_mtx_lock(raw_mtx);
	LIST_FOREACH(rp, &rawcb_list, list)
	{
		if (rp->rcb_proto.sp_family != PF_KEY)
			continue;
		if (rp->rcb_proto.sp_protocol
		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
			continue;
		}

		kp = (struct keycb *)rp;
		
		socket_lock(rp->rcb_socket, 1);
		/*
		 * If you are in promiscuous mode, and when you get broadcasted
		 * reply, you'll get two PF_KEY messages.
		 * (based on pf_key@inner.net message on 14 Oct 1998)
		 */
		if (((struct keycb *)rp)->kp_promisc) {
			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
				(void)key_sendup0(rp, n, 1);
				n = NULL;
			}
		}

		/* the exact target will be processed later */
		if (so && sotorawcb(so) == rp) {
			socket_unlock(rp->rcb_socket, 1);
			continue;
		}

		sendup = 0;
		switch (target) {
		case KEY_SENDUP_ONE:
			/* the statement has no effect */
			break;
		case KEY_SENDUP_ALL:
			sendup++;
			break;
		case KEY_SENDUP_REGISTERED:
			if (kp->kp_registered)
				sendup++;
			break;
		}
		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);

		if (!sendup) {
			socket_unlock(rp->rcb_socket, 1);
			continue;
		}
		else
			sendup = 0;  // clear for next iteration

		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
#if IPSEC_DEBUG
			printf("key_sendup: m_copy fail\n");
#endif
			m_freem(m);
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			socket_unlock(rp->rcb_socket, 1);
			lck_mtx_unlock(raw_mtx);
			return ENOBUFS;
		}

		/*
		 * ignore error even if queue is full.  PF_KEY does not
		 * guarantee the delivery of the message.
		 * this is important when target == KEY_SENDUP_ALL.
		 */
		key_sendup0(rp, n, 0);
		socket_unlock(rp->rcb_socket, 1);
		n = NULL;
	}

	lck_mtx_unlock(raw_mtx);
	if (so) {
		socket_lock(so, 1);
		error = key_sendup0(sotorawcb(so), m, 0);
		socket_unlock(so, 1);
		m = NULL;
	} else {
		error = 0;
		m_freem(m);
	}
	return error;
}

/*
 * key_abort()
 * derived from net/rtsock.c:rts_abort()
 */
static int
key_abort(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_abort(so);
	return error;
}

/*
 * key_attach()
 * derived from net/rtsock.c:rts_attach()
 */
static int
key_attach(struct socket *so, int proto, struct proc *p)
{
	struct keycb *kp;
	int error;

	if (sotorawcb(so) != 0)
		return EISCONN;	/* XXX panic? */
	kp = (struct keycb *)_MALLOC(sizeof (*kp), M_PCB,
	    M_WAITOK | M_ZERO); /* XXX */
	if (kp == 0)
		return ENOBUFS;

	so->so_pcb = (caddr_t)kp;
	kp->kp_promisc = kp->kp_registered = 0;
	kp->kp_raw.rcb_laddr = &key_src;
	kp->kp_raw.rcb_faddr = &key_dst;

	error = raw_usrreqs.pru_attach(so, proto, p);
	kp = (struct keycb *)sotorawcb(so);
	if (error) {
		_FREE(kp, M_PCB);
		so->so_pcb = (caddr_t) 0;
		so->so_flags |= SOF_PCBCLEARING;
		printf("key_usrreq: key_usrreq results %d\n", error);
		return error;
	}

	/* so is already locked when calling key_attach */
	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
		key_cb.key_count++;
	key_cb.any_count++;
	soisconnected(so);
	so->so_options |= SO_USELOOPBACK;

	return 0;
}

/*
 * key_bind()
 * derived from net/rtsock.c:rts_bind()
 */
static int
key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
	return error;
}

/*
 * key_connect()
 * derived from net/rtsock.c:rts_connect()
 */
static int
key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
	return error;
}

/*
 * key_detach()
 * derived from net/rtsock.c:rts_detach()
 */
static int
key_detach(struct socket *so)
{
	struct keycb *kp = (struct keycb *)sotorawcb(so);
	int error;

	if (kp != 0) {
		if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
			key_cb.key_count--;
		key_cb.any_count--;
		socket_unlock(so, 0);
		key_freereg(so);
		socket_lock(so, 0);
	}
	error = raw_usrreqs.pru_detach(so);
	return error;
}

/*
 * key_disconnect()
 * derived from net/rtsock.c:key_disconnect()
 */
static int
key_disconnect(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_disconnect(so);
	return error;
}

/*
 * key_peeraddr()
 * derived from net/rtsock.c:rts_peeraddr()
 */
static int
key_peeraddr(struct socket *so, struct sockaddr **nam)
{
	int error;
	error = raw_usrreqs.pru_peeraddr(so, nam);
	return error;
}

/*
 * key_send()
 * derived from net/rtsock.c:rts_send()
 */
static int
key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
	 struct mbuf *control, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
	return error;
}

/*
 * key_shutdown()
 * derived from net/rtsock.c:rts_shutdown()
 */
static int
key_shutdown(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_shutdown(so);
	return error;
}

/*
 * key_sockaddr()
 * derived from net/rtsock.c:rts_sockaddr()
 */
static int
key_sockaddr(struct socket *so, struct sockaddr **nam)
{
	int error;
	error = raw_usrreqs.pru_sockaddr(so, nam);
	return error;
}

static struct pr_usrreqs key_usrreqs = {
	.pru_abort =		key_abort,
	.pru_attach =		key_attach,
	.pru_bind =		key_bind,
	.pru_connect =		key_connect,
	.pru_detach =		key_detach,
	.pru_disconnect =	key_disconnect,
	.pru_peeraddr =		key_peeraddr,
	.pru_send =		key_send,
	.pru_shutdown =		key_shutdown,
	.pru_sockaddr =		key_sockaddr,
	.pru_sosend =		sosend,
	.pru_soreceive =	soreceive,
};

/* sysctl */
SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Key Family");

/*
 * Definitions of protocols supported in the KEY domain.
 */

extern struct domain keydomain_s;

static struct protosw keysw[] = {
{
	.pr_type =		SOCK_RAW,
	.pr_protocol =		PF_KEY_V2,
	.pr_flags =		PR_ATOMIC|PR_ADDR,
	.pr_output =		key_output,
	.pr_ctlinput =		raw_ctlinput,
	.pr_init =		key_init,
	.pr_usrreqs =		&key_usrreqs,
}
};

static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));

struct domain keydomain_s = {
	.dom_family =		PF_KEY,
	.dom_name =		"key",
	.dom_init =		key_dinit,
	.dom_maxrtkey =		sizeof (struct key_cb),
};

static void
key_dinit(struct domain *dp)
{
	struct protosw *pr;
	int i;

	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
	VERIFY(keydomain == NULL);

	keydomain = dp;

	for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++)
		net_add_proto(pr, dp, 1);
}
Commit	Line	Data
1c79356b A	1	/* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
	2
	3	/*
	4	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	5	* All rights reserved.
	6	*
	7	* Redistribution and use in source and binary forms, with or without
	8	* modification, are permitted provided that the following conditions
	9	* are met:
	10	* 1. Redistributions of source code must retain the above copyright
	11	* notice, this list of conditions and the following disclaimer.
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in the
	14	* documentation and/or other materials provided with the distribution.
	15	* 3. Neither the name of the project nor the names of its contributors
	16	* may be used to endorse or promote products derived from this software
	17	* without specific prior written permission.
	18	*
	19	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	* SUCH DAMAGE.
	30	*/
	31
1c79356b A	32	/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
1c79356b A	33
1c79356b A	34	#include <sys/types.h>
	35	#include <sys/param.h>
	36	#include <sys/systm.h>
	37	#include <sys/kernel.h>
1c79356b	38	#include <sys/sysctl.h>
1c79356b	39	#include <sys/mbuf.h>
39236c6e	40	#include <sys/mcache.h>
1c79356b	41	#include <sys/malloc.h>
1c79356b A	42	#include <sys/socket.h>
	43	#include <sys/socketvar.h>
	44	#include <sys/domain.h>
	45	#include <sys/protosw.h>
	46	#include <sys/errno.h>
1c79356b	47
91447636	48	#include <kern/locks.h>
1c79356b A	49
	50	#include <net/raw_cb.h>
	51	#include <net/route.h>
	52
	53	#include <net/pfkeyv2.h>
	54	#include <netkey/keydb.h>
	55	#include <netkey/key.h>
	56	#include <netkey/keysock.h>
	57	#include <netkey/key_debug.h>
	58
91447636	59	extern lck_mtx_t *raw_mtx;
39236c6e	60	extern void key_init(struct protosw , struct domain );
91447636	61
2d21ac55 A	62	struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
2d21ac55 A	63	struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
1c79356b	64
39236c6e	65	static void key_dinit(struct domain *);
91447636	66	static int key_sendup0(struct rawcb , struct mbuf , int);
1c79356b A	67
	68	struct pfkeystat pfkeystat;
	69
39236c6e	70	static struct domain *keydomain = NULL;
2d21ac55 A	71
	72	extern lck_mtx_t *pfkey_stat_mutex;
	73
1c79356b	74	/*
9bccf70c	75	* key_output()
1c79356b	76	*/
1c79356b	77	int
9bccf70c A	78	#ifdef __APPLE__
	79	/* No variable argument support? */
	80	key_output(struct mbuf m, struct socket so)
1c79356b	81	#else
9bccf70c A	82	#if __STDC__
9bccf70c A	83	key_output(struct mbuf *m, ...)
1c79356b	84	#else
9bccf70c A	85	key_output(m, va_alist)
	86	struct mbuf *m;
	87	va_dcl
1c79356b	88	#endif
1c79356b	89	#endif
1c79356b	90	{
9bccf70c	91	struct sadb_msg *msg;
1c79356b	92	int len, error = 0;
9bccf70c A	93	#ifndef __APPLE__
	94	struct socket *so;
	95	va_list ap;
	96
	97	va_start(ap, m);
	98	so = va_arg(ap, struct socket *);
	99	va_end(ap);
	100	#endif
1c79356b A	101
	102	if (m == 0)
	103	panic("key_output: NULL pointer was passed.\n");
	104
91447636	105	socket_unlock(so, 0);
2d21ac55	106	lck_mtx_lock(pfkey_stat_mutex);
1c79356b A	107	pfkeystat.out_total++;
1c79356b A	108	pfkeystat.out_bytes += m->m_pkthdr.len;
2d21ac55	109	lck_mtx_unlock(pfkey_stat_mutex);
1c79356b A	110
	111	len = m->m_pkthdr.len;
	112	if (len < sizeof(struct sadb_msg)) {
	113	#if IPSEC_DEBUG
	114	printf("key_output: Invalid message length.\n");
	115	#endif
2d21ac55	116	PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
1c79356b A	117	error = EINVAL;
	118	goto end;
	119	}
	120
	121	if (m->m_len < sizeof(struct sadb_msg)) {
	122	if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
	123	#if IPSEC_DEBUG
	124	printf("key_output: can't pullup mbuf\n");
	125	#endif
2d21ac55	126	PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
1c79356b A	127	error = ENOBUFS;
	128	goto end;
	129	}
	130	}
	131
	132	if ((m->m_flags & M_PKTHDR) == 0)
	133	panic("key_output: not M_PKTHDR ??");
	134
9bccf70c	135	#if IPSEC_DEBUG
1c79356b A	136	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
	137	#endif /* defined(IPSEC_DEBUG) */
	138
	139	msg = mtod(m, struct sadb_msg *);
2d21ac55	140	PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
1c79356b A	141	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
	142	#if IPSEC_DEBUG
	143	printf("key_output: Invalid message length.\n");
	144	#endif
2d21ac55	145	PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
1c79356b A	146	error = EINVAL;
	147	goto end;
	148	}
	149
9bccf70c A	150	error = key_parse(m, so);
9bccf70c A	151	m = NULL;
91447636	152
1c79356b	153	end:
9bccf70c A	154	if (m)
9bccf70c A	155	m_freem(m);
91447636	156	socket_lock(so, 0);
9bccf70c	157	return error;
1c79356b A	158	}
	159
	160	/*
	161	* send message to the socket.
	162	*/
	163	static int
	164	key_sendup0(rp, m, promisc)
	165	struct rawcb *rp;
	166	struct mbuf *m;
	167	int promisc;
	168	{
9bccf70c A	169	int error;
9bccf70c A	170
1c79356b A	171	if (promisc) {
	172	struct sadb_msg *pmsg;
	173
3e170ce0	174	M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
1c79356b A	175	if (m && m->m_len < sizeof(struct sadb_msg))
	176	m = m_pullup(m, sizeof(struct sadb_msg));
	177	if (!m) {
	178	#if IPSEC_DEBUG
	179	printf("key_sendup0: cannot pullup\n");
	180	#endif
2d21ac55	181	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b A	182	m_freem(m);
	183	return ENOBUFS;
	184	}
	185	m->m_pkthdr.len += sizeof(*pmsg);
	186
	187	pmsg = mtod(m, struct sadb_msg *);
	188	bzero(pmsg, sizeof(*pmsg));
	189	pmsg->sadb_msg_version = PF_KEY_V2;
	190	pmsg->sadb_msg_type = SADB_X_PROMISC;
	191	pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
	192	/* pid and seq? */
	193
2d21ac55	194	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
1c79356b A	195	}
1c79356b A	196
9bccf70c	197	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
91447636	198	m, NULL, &error)) {
1c79356b A	199	#if IPSEC_DEBUG
	200	printf("key_sendup0: sbappendaddr failed\n");
	201	#endif
2d21ac55	202	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636 A	203	}
	204	else {
	205	sorwakeup(rp->rcb_socket);
	206	}
9bccf70c	207	return error;
1c79356b A	208	}
1c79356b A	209
1c79356b	210
9bccf70c	211	/* so can be NULL if target != KEY_SENDUP_ONE */
1c79356b A	212	int
	213	key_sendup_mbuf(so, m, target)
	214	struct socket *so;
	215	struct mbuf *m;
	216	int target;
	217	{
	218	struct mbuf *n;
	219	struct keycb *kp;
	220	int sendup;
	221	struct rawcb *rp;
9bccf70c	222	int error = 0;
1c79356b	223
9bccf70c A	224	if (m == NULL)
	225	panic("key_sendup_mbuf: NULL pointer was passed.\n");
	226	if (so == NULL && target == KEY_SENDUP_ONE)
1c79356b A	227	panic("key_sendup_mbuf: NULL pointer was passed.\n");
1c79356b A	228
2d21ac55	229	lck_mtx_lock(pfkey_stat_mutex);
1c79356b A	230	pfkeystat.in_total++;
1c79356b A	231	pfkeystat.in_bytes += m->m_pkthdr.len;
2d21ac55	232	lck_mtx_unlock(pfkey_stat_mutex);
1c79356b A	233	if (m->m_len < sizeof(struct sadb_msg)) {
	234	#if 1
	235	m = m_pullup(m, sizeof(struct sadb_msg));
	236	if (m == NULL) {
2d21ac55	237	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b A	238	return ENOBUFS;
	239	}
	240	#else
	241	/* don't bother pulling it up just for stats */
	242	#endif
	243	}
	244	if (m->m_len >= sizeof(struct sadb_msg)) {
	245	struct sadb_msg *msg;
	246	msg = mtod(m, struct sadb_msg *);
2d21ac55	247	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
1c79356b	248	}
91447636 A	249
91447636 A	250	lck_mtx_lock(raw_mtx);
1c79356b	251	LIST_FOREACH(rp, &rawcb_list, list)
1c79356b A	252	{
	253	if (rp->rcb_proto.sp_family != PF_KEY)
	254	continue;
	255	if (rp->rcb_proto.sp_protocol
	256	&& rp->rcb_proto.sp_protocol != PF_KEY_V2) {
	257	continue;
	258	}
	259
	260	kp = (struct keycb *)rp;
91447636 A	261
91447636 A	262	socket_lock(rp->rcb_socket, 1);
1c79356b A	263	/*
	264	* If you are in promiscuous mode, and when you get broadcasted
	265	* reply, you'll get two PF_KEY messages.
	266	* (based on pf_key@inner.net message on 14 Oct 1998)
	267	*/
	268	if (((struct keycb *)rp)->kp_promisc) {
	269	if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
	270	(void)key_sendup0(rp, n, 1);
	271	n = NULL;
	272	}
	273	}
	274
	275	/* the exact target will be processed later */
91447636 A	276	if (so && sotorawcb(so) == rp) {
91447636 A	277	socket_unlock(rp->rcb_socket, 1);
1c79356b	278	continue;
91447636	279	}
1c79356b A	280
	281	sendup = 0;
	282	switch (target) {
	283	case KEY_SENDUP_ONE:
	284	/* the statement has no effect */
1c79356b A	285	break;
	286	case KEY_SENDUP_ALL:
	287	sendup++;
	288	break;
	289	case KEY_SENDUP_REGISTERED:
	290	if (kp->kp_registered)
	291	sendup++;
	292	break;
	293	}
2d21ac55	294	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
1c79356b	295
91447636 A	296	if (!sendup) {
91447636 A	297	socket_unlock(rp->rcb_socket, 1);
1c79356b	298	continue;
91447636 A	299	}
	300	else
	301	sendup = 0; // clear for next iteration
1c79356b A	302
	303	if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
	304	#if IPSEC_DEBUG
	305	printf("key_sendup: m_copy fail\n");
	306	#endif
	307	m_freem(m);
2d21ac55	308	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636 A	309	socket_unlock(rp->rcb_socket, 1);
91447636 A	310	lck_mtx_unlock(raw_mtx);
1c79356b A	311	return ENOBUFS;
	312	}
	313
91447636 A	314	/*
	315	* ignore error even if queue is full. PF_KEY does not
	316	* guarantee the delivery of the message.
	317	* this is important when target == KEY_SENDUP_ALL.
	318	*/
	319	key_sendup0(rp, n, 0);
	320	socket_unlock(rp->rcb_socket, 1);
1c79356b A	321	n = NULL;
	322	}
	323
91447636	324	lck_mtx_unlock(raw_mtx);
9bccf70c	325	if (so) {
91447636	326	socket_lock(so, 1);
9bccf70c	327	error = key_sendup0(sotorawcb(so), m, 0);
91447636	328	socket_unlock(so, 1);
9bccf70c A	329	m = NULL;
	330	} else {
	331	error = 0;
	332	m_freem(m);
	333	}
1c79356b A	334	return error;
	335	}
	336
1c79356b A	337	/*
	338	* key_abort()
	339	* derived from net/rtsock.c:rts_abort()
	340	*/
	341	static int
	342	key_abort(struct socket *so)
	343	{
91447636	344	int error;
1c79356b	345	error = raw_usrreqs.pru_abort(so);
1c79356b A	346	return error;
	347	}
	348
	349	/*
	350	* key_attach()
	351	* derived from net/rtsock.c:rts_attach()
	352	*/
	353	static int
	354	key_attach(struct socket so, int proto, struct proc p)
	355	{
	356	struct keycb *kp;
91447636	357	int error;
1c79356b A	358
	359	if (sotorawcb(so) != 0)
	360	return EISCONN; /* XXX panic? */
3e170ce0 A	361	kp = (struct keycb )_MALLOC(sizeof (kp), M_PCB,
3e170ce0 A	362	M_WAITOK \| M_ZERO); /* XXX */
1c79356b A	363	if (kp == 0)
1c79356b A	364	return ENOBUFS;
1c79356b	365
1c79356b	366	so->so_pcb = (caddr_t)kp;
91447636 A	367	kp->kp_promisc = kp->kp_registered = 0;
	368	kp->kp_raw.rcb_laddr = &key_src;
	369	kp->kp_raw.rcb_faddr = &key_dst;
	370
1c79356b A	371	error = raw_usrreqs.pru_attach(so, proto, p);
	372	kp = (struct keycb *)sotorawcb(so);
	373	if (error) {
	374	_FREE(kp, M_PCB);
	375	so->so_pcb = (caddr_t) 0;
91447636	376	so->so_flags \|= SOF_PCBCLEARING;
1c79356b A	377	printf("key_usrreq: key_usrreq results %d\n", error);
	378	return error;
	379	}
	380
37839358	381	/* so is already locked when calling key_attach */
1c79356b A	382	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
	383	key_cb.key_count++;
	384	key_cb.any_count++;
1c79356b A	385	soisconnected(so);
	386	so->so_options \|= SO_USELOOPBACK;
	387
1c79356b A	388	return 0;
	389	}
	390
	391	/*
	392	* key_bind()
	393	* derived from net/rtsock.c:rts_bind()
	394	*/
	395	static int
	396	key_bind(struct socket so, struct sockaddr nam, struct proc *p)
	397	{
91447636	398	int error;
1c79356b	399	error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
1c79356b A	400	return error;
	401	}
	402
	403	/*
	404	* key_connect()
	405	* derived from net/rtsock.c:rts_connect()
	406	*/
	407	static int
	408	key_connect(struct socket so, struct sockaddr nam, struct proc *p)
	409	{
91447636	410	int error;
1c79356b	411	error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
1c79356b A	412	return error;
	413	}
	414
	415	/*
	416	* key_detach()
	417	* derived from net/rtsock.c:rts_detach()
	418	*/
	419	static int
	420	key_detach(struct socket *so)
	421	{
	422	struct keycb kp = (struct keycb )sotorawcb(so);
91447636	423	int error;
1c79356b	424
1c79356b	425	if (kp != 0) {
91447636	426	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
1c79356b A	427	key_cb.key_count--;
1c79356b A	428	key_cb.any_count--;
91447636	429	socket_unlock(so, 0);
1c79356b	430	key_freereg(so);
91447636	431	socket_lock(so, 0);
1c79356b A	432	}
1c79356b A	433	error = raw_usrreqs.pru_detach(so);
1c79356b A	434	return error;
	435	}
	436
	437	/*
	438	* key_disconnect()
	439	* derived from net/rtsock.c:key_disconnect()
	440	*/
	441	static int
	442	key_disconnect(struct socket *so)
	443	{
91447636	444	int error;
1c79356b	445	error = raw_usrreqs.pru_disconnect(so);
1c79356b A	446	return error;
	447	}
	448
	449	/*
	450	* key_peeraddr()
	451	* derived from net/rtsock.c:rts_peeraddr()
	452	*/
	453	static int
	454	key_peeraddr(struct socket so, struct sockaddr *nam)
	455	{
91447636	456	int error;
1c79356b	457	error = raw_usrreqs.pru_peeraddr(so, nam);
1c79356b A	458	return error;
	459	}
	460
	461	/*
	462	* key_send()
	463	* derived from net/rtsock.c:rts_send()
	464	*/
	465	static int
	466	key_send(struct socket so, int flags, struct mbuf m, struct sockaddr *nam,
	467	struct mbuf control, struct proc p)
	468	{
91447636	469	int error;
1c79356b	470	error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
1c79356b A	471	return error;
	472	}
	473
	474	/*
	475	* key_shutdown()
	476	* derived from net/rtsock.c:rts_shutdown()
	477	*/
	478	static int
	479	key_shutdown(struct socket *so)
	480	{
91447636	481	int error;
1c79356b	482	error = raw_usrreqs.pru_shutdown(so);
1c79356b A	483	return error;
	484	}
	485
	486	/*
	487	* key_sockaddr()
	488	* derived from net/rtsock.c:rts_sockaddr()
	489	*/
	490	static int
	491	key_sockaddr(struct socket so, struct sockaddr *nam)
	492	{
91447636	493	int error;
1c79356b	494	error = raw_usrreqs.pru_sockaddr(so, nam);
1c79356b A	495	return error;
	496	}
	497
39236c6e A	498	static struct pr_usrreqs key_usrreqs = {
	499	.pru_abort = key_abort,
	500	.pru_attach = key_attach,
	501	.pru_bind = key_bind,
	502	.pru_connect = key_connect,
	503	.pru_detach = key_detach,
	504	.pru_disconnect = key_disconnect,
	505	.pru_peeraddr = key_peeraddr,
	506	.pru_send = key_send,
	507	.pru_shutdown = key_shutdown,
	508	.pru_sockaddr = key_sockaddr,
	509	.pru_sosend = sosend,
	510	.pru_soreceive = soreceive,
1c79356b	511	};
1c79356b	512
1c79356b	513	/* sysctl */
2d21ac55	514	SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW\|CTLFLAG_LOCKED, 0, "Key Family");
1c79356b A	515
	516	/*
	517	* Definitions of protocols supported in the KEY domain.
	518	*/
	519
39236c6e A	520	extern struct domain keydomain_s;
	521
	522	static struct protosw keysw[] = {
	523	{
	524	.pr_type = SOCK_RAW,
	525	.pr_protocol = PF_KEY_V2,
	526	.pr_flags = PR_ATOMIC\|PR_ADDR,
	527	.pr_output = key_output,
	528	.pr_ctlinput = raw_ctlinput,
	529	.pr_init = key_init,
	530	.pr_usrreqs = &key_usrreqs,
1c79356b A	531	}
	532	};
	533
39236c6e A	534	static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));
	535
	536	struct domain keydomain_s = {
	537	.dom_family = PF_KEY,
	538	.dom_name = "key",
	539	.dom_init = key_dinit,
	540	.dom_maxrtkey = sizeof (struct key_cb),
2d21ac55	541	};
1c79356b	542
39236c6e A	543	static void
	544	key_dinit(struct domain *dp)
	545	{
	546	struct protosw *pr;
	547	int i;
	548
	549	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
	550	VERIFY(keydomain == NULL);
	551
	552	keydomain = dp;
	553
	554	for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++)
	555	net_add_proto(pr, dp, 1);
	556	}