]> git.saurik.com Git - apple/xnu.git/blame - bsd/netkey/keysock.c
xnu-2782.40.9.tar.gz
[apple/xnu.git] / bsd / netkey / keysock.c
CommitLineData
1c79356b
A
1/* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
1c79356b
A
32/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
33
1c79356b
A
34#include <sys/types.h>
35#include <sys/param.h>
36#include <sys/systm.h>
37#include <sys/kernel.h>
1c79356b 38#include <sys/sysctl.h>
1c79356b 39#include <sys/mbuf.h>
39236c6e 40#include <sys/mcache.h>
1c79356b 41#include <sys/malloc.h>
1c79356b
A
42#include <sys/socket.h>
43#include <sys/socketvar.h>
44#include <sys/domain.h>
45#include <sys/protosw.h>
46#include <sys/errno.h>
1c79356b 47
91447636 48#include <kern/locks.h>
1c79356b
A
49
50#include <net/raw_cb.h>
51#include <net/route.h>
52
53#include <net/pfkeyv2.h>
54#include <netkey/keydb.h>
55#include <netkey/key.h>
56#include <netkey/keysock.h>
57#include <netkey/key_debug.h>
58
91447636 59extern lck_mtx_t *raw_mtx;
39236c6e 60extern void key_init(struct protosw *, struct domain *);
91447636 61
2d21ac55
A
62struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
63struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
1c79356b 64
39236c6e 65static void key_dinit(struct domain *);
91447636 66static int key_sendup0(struct rawcb *, struct mbuf *, int);
1c79356b
A
67
68struct pfkeystat pfkeystat;
69
39236c6e 70static struct domain *keydomain = NULL;
2d21ac55
A
71
72extern lck_mtx_t *pfkey_stat_mutex;
73
1c79356b 74/*
9bccf70c 75 * key_output()
1c79356b 76 */
1c79356b 77int
9bccf70c
A
78#ifdef __APPLE__
79/* No variable argument support? */
80key_output(struct mbuf *m, struct socket *so)
1c79356b 81#else
9bccf70c
A
82#if __STDC__
83key_output(struct mbuf *m, ...)
1c79356b 84#else
9bccf70c
A
85key_output(m, va_alist)
86 struct mbuf *m;
87 va_dcl
1c79356b 88#endif
1c79356b 89#endif
1c79356b 90{
9bccf70c 91 struct sadb_msg *msg;
1c79356b 92 int len, error = 0;
9bccf70c
A
93#ifndef __APPLE__
94 struct socket *so;
95 va_list ap;
96
97 va_start(ap, m);
98 so = va_arg(ap, struct socket *);
99 va_end(ap);
100#endif
1c79356b
A
101
102 if (m == 0)
103 panic("key_output: NULL pointer was passed.\n");
104
91447636 105 socket_unlock(so, 0);
2d21ac55 106 lck_mtx_lock(pfkey_stat_mutex);
1c79356b
A
107 pfkeystat.out_total++;
108 pfkeystat.out_bytes += m->m_pkthdr.len;
2d21ac55 109 lck_mtx_unlock(pfkey_stat_mutex);
1c79356b
A
110
111 len = m->m_pkthdr.len;
112 if (len < sizeof(struct sadb_msg)) {
113#if IPSEC_DEBUG
114 printf("key_output: Invalid message length.\n");
115#endif
2d21ac55 116 PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
1c79356b
A
117 error = EINVAL;
118 goto end;
119 }
120
121 if (m->m_len < sizeof(struct sadb_msg)) {
122 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
123#if IPSEC_DEBUG
124 printf("key_output: can't pullup mbuf\n");
125#endif
2d21ac55 126 PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
1c79356b
A
127 error = ENOBUFS;
128 goto end;
129 }
130 }
131
132 if ((m->m_flags & M_PKTHDR) == 0)
133 panic("key_output: not M_PKTHDR ??");
134
9bccf70c 135#if IPSEC_DEBUG
1c79356b
A
136 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
137#endif /* defined(IPSEC_DEBUG) */
138
139 msg = mtod(m, struct sadb_msg *);
2d21ac55 140 PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
1c79356b
A
141 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
142#if IPSEC_DEBUG
143 printf("key_output: Invalid message length.\n");
144#endif
2d21ac55 145 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
1c79356b
A
146 error = EINVAL;
147 goto end;
148 }
149
9bccf70c
A
150 error = key_parse(m, so);
151 m = NULL;
91447636 152
1c79356b 153end:
9bccf70c
A
154 if (m)
155 m_freem(m);
91447636 156 socket_lock(so, 0);
9bccf70c 157 return error;
1c79356b
A
158}
159
160/*
161 * send message to the socket.
162 */
163static int
164key_sendup0(rp, m, promisc)
165 struct rawcb *rp;
166 struct mbuf *m;
167 int promisc;
168{
9bccf70c
A
169 int error;
170
1c79356b
A
171 if (promisc) {
172 struct sadb_msg *pmsg;
173
174 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
175 if (m && m->m_len < sizeof(struct sadb_msg))
176 m = m_pullup(m, sizeof(struct sadb_msg));
177 if (!m) {
178#if IPSEC_DEBUG
179 printf("key_sendup0: cannot pullup\n");
180#endif
2d21ac55 181 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b
A
182 m_freem(m);
183 return ENOBUFS;
184 }
185 m->m_pkthdr.len += sizeof(*pmsg);
186
187 pmsg = mtod(m, struct sadb_msg *);
188 bzero(pmsg, sizeof(*pmsg));
189 pmsg->sadb_msg_version = PF_KEY_V2;
190 pmsg->sadb_msg_type = SADB_X_PROMISC;
191 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
192 /* pid and seq? */
193
2d21ac55 194 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
1c79356b
A
195 }
196
9bccf70c 197 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
91447636 198 m, NULL, &error)) {
1c79356b
A
199#if IPSEC_DEBUG
200 printf("key_sendup0: sbappendaddr failed\n");
201#endif
2d21ac55 202 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636
A
203 }
204 else {
205 sorwakeup(rp->rcb_socket);
206 }
9bccf70c 207 return error;
1c79356b
A
208}
209
1c79356b 210
9bccf70c 211/* so can be NULL if target != KEY_SENDUP_ONE */
1c79356b
A
212int
213key_sendup_mbuf(so, m, target)
214 struct socket *so;
215 struct mbuf *m;
216 int target;
217{
218 struct mbuf *n;
219 struct keycb *kp;
220 int sendup;
221 struct rawcb *rp;
9bccf70c 222 int error = 0;
1c79356b 223
9bccf70c
A
224 if (m == NULL)
225 panic("key_sendup_mbuf: NULL pointer was passed.\n");
226 if (so == NULL && target == KEY_SENDUP_ONE)
1c79356b
A
227 panic("key_sendup_mbuf: NULL pointer was passed.\n");
228
2d21ac55 229 lck_mtx_lock(pfkey_stat_mutex);
1c79356b
A
230 pfkeystat.in_total++;
231 pfkeystat.in_bytes += m->m_pkthdr.len;
2d21ac55 232 lck_mtx_unlock(pfkey_stat_mutex);
1c79356b
A
233 if (m->m_len < sizeof(struct sadb_msg)) {
234#if 1
235 m = m_pullup(m, sizeof(struct sadb_msg));
236 if (m == NULL) {
2d21ac55 237 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b
A
238 return ENOBUFS;
239 }
240#else
241 /* don't bother pulling it up just for stats */
242#endif
243 }
244 if (m->m_len >= sizeof(struct sadb_msg)) {
245 struct sadb_msg *msg;
246 msg = mtod(m, struct sadb_msg *);
2d21ac55 247 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
1c79356b 248 }
91447636
A
249
250 lck_mtx_lock(raw_mtx);
1c79356b 251 LIST_FOREACH(rp, &rawcb_list, list)
1c79356b
A
252 {
253 if (rp->rcb_proto.sp_family != PF_KEY)
254 continue;
255 if (rp->rcb_proto.sp_protocol
256 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
257 continue;
258 }
259
260 kp = (struct keycb *)rp;
91447636
A
261
262 socket_lock(rp->rcb_socket, 1);
1c79356b
A
263 /*
264 * If you are in promiscuous mode, and when you get broadcasted
265 * reply, you'll get two PF_KEY messages.
266 * (based on pf_key@inner.net message on 14 Oct 1998)
267 */
268 if (((struct keycb *)rp)->kp_promisc) {
269 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
270 (void)key_sendup0(rp, n, 1);
271 n = NULL;
272 }
273 }
274
275 /* the exact target will be processed later */
91447636
A
276 if (so && sotorawcb(so) == rp) {
277 socket_unlock(rp->rcb_socket, 1);
1c79356b 278 continue;
91447636 279 }
1c79356b
A
280
281 sendup = 0;
282 switch (target) {
283 case KEY_SENDUP_ONE:
284 /* the statement has no effect */
1c79356b
A
285 break;
286 case KEY_SENDUP_ALL:
287 sendup++;
288 break;
289 case KEY_SENDUP_REGISTERED:
290 if (kp->kp_registered)
291 sendup++;
292 break;
293 }
2d21ac55 294 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
1c79356b 295
91447636
A
296 if (!sendup) {
297 socket_unlock(rp->rcb_socket, 1);
1c79356b 298 continue;
91447636
A
299 }
300 else
301 sendup = 0; // clear for next iteration
1c79356b
A
302
303 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
304#if IPSEC_DEBUG
305 printf("key_sendup: m_copy fail\n");
306#endif
307 m_freem(m);
2d21ac55 308 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636
A
309 socket_unlock(rp->rcb_socket, 1);
310 lck_mtx_unlock(raw_mtx);
1c79356b
A
311 return ENOBUFS;
312 }
313
91447636
A
314 /*
315 * ignore error even if queue is full. PF_KEY does not
316 * guarantee the delivery of the message.
317 * this is important when target == KEY_SENDUP_ALL.
318 */
319 key_sendup0(rp, n, 0);
320 socket_unlock(rp->rcb_socket, 1);
1c79356b
A
321 n = NULL;
322 }
323
91447636 324 lck_mtx_unlock(raw_mtx);
9bccf70c 325 if (so) {
91447636 326 socket_lock(so, 1);
9bccf70c 327 error = key_sendup0(sotorawcb(so), m, 0);
91447636 328 socket_unlock(so, 1);
9bccf70c
A
329 m = NULL;
330 } else {
331 error = 0;
332 m_freem(m);
333 }
1c79356b
A
334 return error;
335}
336
1c79356b
A
337/*
338 * key_abort()
339 * derived from net/rtsock.c:rts_abort()
340 */
341static int
342key_abort(struct socket *so)
343{
91447636 344 int error;
1c79356b 345 error = raw_usrreqs.pru_abort(so);
1c79356b
A
346 return error;
347}
348
349/*
350 * key_attach()
351 * derived from net/rtsock.c:rts_attach()
352 */
353static int
354key_attach(struct socket *so, int proto, struct proc *p)
355{
356 struct keycb *kp;
91447636 357 int error;
1c79356b
A
358
359 if (sotorawcb(so) != 0)
360 return EISCONN; /* XXX panic? */
361 kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */
362 if (kp == 0)
363 return ENOBUFS;
364 bzero(kp, sizeof *kp);
365
1c79356b 366 so->so_pcb = (caddr_t)kp;
91447636
A
367 kp->kp_promisc = kp->kp_registered = 0;
368 kp->kp_raw.rcb_laddr = &key_src;
369 kp->kp_raw.rcb_faddr = &key_dst;
370
1c79356b
A
371 error = raw_usrreqs.pru_attach(so, proto, p);
372 kp = (struct keycb *)sotorawcb(so);
373 if (error) {
374 _FREE(kp, M_PCB);
375 so->so_pcb = (caddr_t) 0;
91447636 376 so->so_flags |= SOF_PCBCLEARING;
1c79356b
A
377 printf("key_usrreq: key_usrreq results %d\n", error);
378 return error;
379 }
380
37839358 381 /* so is already locked when calling key_attach */
1c79356b
A
382 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
383 key_cb.key_count++;
384 key_cb.any_count++;
1c79356b
A
385 soisconnected(so);
386 so->so_options |= SO_USELOOPBACK;
387
1c79356b
A
388 return 0;
389}
390
391/*
392 * key_bind()
393 * derived from net/rtsock.c:rts_bind()
394 */
395static int
396key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
397{
91447636 398 int error;
1c79356b 399 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
1c79356b
A
400 return error;
401}
402
403/*
404 * key_connect()
405 * derived from net/rtsock.c:rts_connect()
406 */
407static int
408key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
409{
91447636 410 int error;
1c79356b 411 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
1c79356b
A
412 return error;
413}
414
415/*
416 * key_detach()
417 * derived from net/rtsock.c:rts_detach()
418 */
419static int
420key_detach(struct socket *so)
421{
422 struct keycb *kp = (struct keycb *)sotorawcb(so);
91447636 423 int error;
1c79356b 424
1c79356b 425 if (kp != 0) {
91447636 426 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
1c79356b
A
427 key_cb.key_count--;
428 key_cb.any_count--;
91447636 429 socket_unlock(so, 0);
1c79356b 430 key_freereg(so);
91447636 431 socket_lock(so, 0);
1c79356b
A
432 }
433 error = raw_usrreqs.pru_detach(so);
1c79356b
A
434 return error;
435}
436
437/*
438 * key_disconnect()
439 * derived from net/rtsock.c:key_disconnect()
440 */
441static int
442key_disconnect(struct socket *so)
443{
91447636 444 int error;
1c79356b 445 error = raw_usrreqs.pru_disconnect(so);
1c79356b
A
446 return error;
447}
448
449/*
450 * key_peeraddr()
451 * derived from net/rtsock.c:rts_peeraddr()
452 */
453static int
454key_peeraddr(struct socket *so, struct sockaddr **nam)
455{
91447636 456 int error;
1c79356b 457 error = raw_usrreqs.pru_peeraddr(so, nam);
1c79356b
A
458 return error;
459}
460
461/*
462 * key_send()
463 * derived from net/rtsock.c:rts_send()
464 */
465static int
466key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
467 struct mbuf *control, struct proc *p)
468{
91447636 469 int error;
1c79356b 470 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
1c79356b
A
471 return error;
472}
473
474/*
475 * key_shutdown()
476 * derived from net/rtsock.c:rts_shutdown()
477 */
478static int
479key_shutdown(struct socket *so)
480{
91447636 481 int error;
1c79356b 482 error = raw_usrreqs.pru_shutdown(so);
1c79356b
A
483 return error;
484}
485
486/*
487 * key_sockaddr()
488 * derived from net/rtsock.c:rts_sockaddr()
489 */
490static int
491key_sockaddr(struct socket *so, struct sockaddr **nam)
492{
91447636 493 int error;
1c79356b 494 error = raw_usrreqs.pru_sockaddr(so, nam);
1c79356b
A
495 return error;
496}
497
39236c6e
A
498static struct pr_usrreqs key_usrreqs = {
499 .pru_abort = key_abort,
500 .pru_attach = key_attach,
501 .pru_bind = key_bind,
502 .pru_connect = key_connect,
503 .pru_detach = key_detach,
504 .pru_disconnect = key_disconnect,
505 .pru_peeraddr = key_peeraddr,
506 .pru_send = key_send,
507 .pru_shutdown = key_shutdown,
508 .pru_sockaddr = key_sockaddr,
509 .pru_sosend = sosend,
510 .pru_soreceive = soreceive,
1c79356b 511};
1c79356b 512
1c79356b 513/* sysctl */
2d21ac55 514SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Key Family");
1c79356b
A
515
516/*
517 * Definitions of protocols supported in the KEY domain.
518 */
519
39236c6e
A
520extern struct domain keydomain_s;
521
522static struct protosw keysw[] = {
523{
524 .pr_type = SOCK_RAW,
525 .pr_protocol = PF_KEY_V2,
526 .pr_flags = PR_ATOMIC|PR_ADDR,
527 .pr_output = key_output,
528 .pr_ctlinput = raw_ctlinput,
529 .pr_init = key_init,
530 .pr_usrreqs = &key_usrreqs,
1c79356b
A
531}
532};
533
39236c6e
A
534static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));
535
536struct domain keydomain_s = {
537 .dom_family = PF_KEY,
538 .dom_name = "key",
539 .dom_init = key_dinit,
540 .dom_maxrtkey = sizeof (struct key_cb),
2d21ac55 541};
1c79356b 542
39236c6e
A
543static void
544key_dinit(struct domain *dp)
545{
546 struct protosw *pr;
547 int i;
548
549 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
550 VERIFY(keydomain == NULL);
551
552 keydomain = dp;
553
554 for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++)
555 net_add_proto(pr, dp, 1);
556}