[apple/xnu.git] / bsd / netkey / keysock.c

/*
 * Copyright (c) 2019 Apple Inc. All rights reserved.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. The rights granted to you under the License
 * may not be used to create, or enable the creation or redistribution of,
 * unlawful or unlicensed copies of an Apple operating system, or to
 * circumvent, violate, or enable the circumvention or violation of, any
 * terms of an Apple operating system software license agreement.
 *
 * Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
 */

/*	$KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */

#include <sys/types.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/mbuf.h>
#include <sys/mcache.h>
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/domain.h>
#include <sys/protosw.h>
#include <sys/errno.h>

#include <kern/locks.h>

#include <net/raw_cb.h>
#include <net/route.h>

#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
#include <netkey/key.h>
#include <netkey/keysock.h>
#include <netkey/key_debug.h>

extern lck_mtx_t *raw_mtx;
extern void key_init(struct protosw *, struct domain *);

struct sockaddr key_dst = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
struct sockaddr key_src = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };

static void key_dinit(struct domain *);
static int key_sendup0(struct rawcb *, struct mbuf *, int);

struct pfkeystat pfkeystat;

static struct domain *keydomain = NULL;

extern lck_mtx_t *pfkey_stat_mutex;

/*
 * key_output()
 */
int
#ifdef __APPLE__
/* No variable argument support? */
key_output(struct mbuf *m, struct socket *so)
#else
#if __STDC__
key_output(struct mbuf *m, ...)
#else
key_output(m, va_alist)
struct mbuf *m;
va_dcl
#endif
#endif
{
	struct sadb_msg *msg;
	int len, error = 0;
#ifndef __APPLE__
	struct socket *so;
	va_list ap;

	va_start(ap, m);
	so = va_arg(ap, struct socket *);
	va_end(ap);
#endif

	if (m == 0) {
		panic("key_output: NULL pointer was passed.\n");
	}

	socket_unlock(so, 0);
	lck_mtx_lock(pfkey_stat_mutex);
	pfkeystat.out_total++;
	pfkeystat.out_bytes += m->m_pkthdr.len;
	lck_mtx_unlock(pfkey_stat_mutex);

	len = m->m_pkthdr.len;
	if (len < sizeof(struct sadb_msg)) {
#if IPSEC_DEBUG
		printf("key_output: Invalid message length.\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
		error = EINVAL;
		goto end;
	}

	if (m->m_len < sizeof(struct sadb_msg)) {
		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
#if IPSEC_DEBUG
			printf("key_output: can't pullup mbuf\n");
#endif
			PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
			error = ENOBUFS;
			goto end;
		}
	}

	if ((m->m_flags & M_PKTHDR) == 0) {
		panic("key_output: not M_PKTHDR ??");
	}

#if IPSEC_DEBUG
	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
#endif /* defined(IPSEC_DEBUG) */

	msg = mtod(m, struct sadb_msg *);
	PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
#if IPSEC_DEBUG
		printf("key_output: Invalid message length.\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
		error = EINVAL;
		goto end;
	}

	error = key_parse(m, so);
	m = NULL;

end:
	if (m) {
		m_freem(m);
	}
	socket_lock(so, 0);
	return error;
}

/*
 * send message to the socket.
 */
static int
key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
{
	int error;

	if (promisc) {
		struct sadb_msg *pmsg;

		M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
		if (m && m->m_len < sizeof(struct sadb_msg)) {
			m = m_pullup(m, sizeof(struct sadb_msg));
		}
		if (!m) {
#if IPSEC_DEBUG
			printf("key_sendup0: cannot pullup\n");
#endif
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			m_freem(m);
			return ENOBUFS;
		}
		m->m_pkthdr.len += sizeof(*pmsg);
		VERIFY(PFKEY_UNIT64(m->m_pkthdr.len) <= UINT16_MAX);

		pmsg = mtod(m, struct sadb_msg *);
		bzero(pmsg, sizeof(*pmsg));
		pmsg->sadb_msg_version = PF_KEY_V2;
		pmsg->sadb_msg_type = SADB_X_PROMISC;
		pmsg->sadb_msg_len = (u_int16_t)PFKEY_UNIT64(m->m_pkthdr.len);
		/* pid and seq? */

		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
	}

	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
	    m, NULL, &error)) {
#if IPSEC_DEBUG
		printf("key_sendup0: sbappendaddr failed\n");
#endif
		PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
	} else {
		sorwakeup(rp->rcb_socket);
	}
	return error;
}


/* so can be NULL if target != KEY_SENDUP_ONE */
int
key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
{
	struct mbuf *n;
	struct keycb *kp;
	int sendup;
	struct rawcb *rp;
	int error = 0;

	if (m == NULL) {
		panic("key_sendup_mbuf: NULL pointer was passed.\n");
	}
	if (so == NULL && target == KEY_SENDUP_ONE) {
		panic("key_sendup_mbuf: NULL pointer was passed.\n");
	}

	lck_mtx_lock(pfkey_stat_mutex);
	pfkeystat.in_total++;
	pfkeystat.in_bytes += m->m_pkthdr.len;
	lck_mtx_unlock(pfkey_stat_mutex);
	if (m->m_len < sizeof(struct sadb_msg)) {
#if 1
		m = m_pullup(m, sizeof(struct sadb_msg));
		if (m == NULL) {
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			return ENOBUFS;
		}
#else
		/* don't bother pulling it up just for stats */
#endif
	}
	if (m->m_len >= sizeof(struct sadb_msg)) {
		struct sadb_msg *msg;
		msg = mtod(m, struct sadb_msg *);
		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
	}

	lck_mtx_lock(raw_mtx);
	LIST_FOREACH(rp, &rawcb_list, list)
	{
		if (rp->rcb_proto.sp_family != PF_KEY) {
			continue;
		}
		if (rp->rcb_proto.sp_protocol
		    && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
			continue;
		}

		kp = (struct keycb *)rp;

		socket_lock(rp->rcb_socket, 1);
		/*
		 * If you are in promiscuous mode, and when you get broadcasted
		 * reply, you'll get two PF_KEY messages.
		 * (based on pf_key@inner.net message on 14 Oct 1998)
		 */
		if (((struct keycb *)rp)->kp_promisc) {
			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
				(void)key_sendup0(rp, n, 1);
				n = NULL;
			}
		}

		/* the exact target will be processed later */
		if (so && sotorawcb(so) == rp) {
			socket_unlock(rp->rcb_socket, 1);
			continue;
		}

		sendup = 0;
		switch (target) {
		case KEY_SENDUP_ONE:
			/* the statement has no effect */
			break;
		case KEY_SENDUP_ALL:
			sendup++;
			break;
		case KEY_SENDUP_REGISTERED:
			if (kp->kp_registered) {
				sendup++;
			}
			break;
		}
		PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);

		if (!sendup) {
			socket_unlock(rp->rcb_socket, 1);
			continue;
		} else {
			sendup = 0;  // clear for next iteration
		}
		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
#if IPSEC_DEBUG
			printf("key_sendup: m_copy fail\n");
#endif
			m_freem(m);
			PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
			socket_unlock(rp->rcb_socket, 1);
			lck_mtx_unlock(raw_mtx);
			return ENOBUFS;
		}

		/*
		 * ignore error even if queue is full.  PF_KEY does not
		 * guarantee the delivery of the message.
		 * this is important when target == KEY_SENDUP_ALL.
		 */
		key_sendup0(rp, n, 0);
		socket_unlock(rp->rcb_socket, 1);
		n = NULL;
	}

	lck_mtx_unlock(raw_mtx);
	if (so) {
		socket_lock(so, 1);
		error = key_sendup0(sotorawcb(so), m, 0);
		socket_unlock(so, 1);
		m = NULL;
	} else {
		error = 0;
		m_freem(m);
	}
	return error;
}

/*
 * key_abort()
 * derived from net/rtsock.c:rts_abort()
 */
static int
key_abort(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_abort(so);
	return error;
}

/*
 * key_attach()
 * derived from net/rtsock.c:rts_attach()
 */
static int
key_attach(struct socket *so, int proto, struct proc *p)
{
	struct keycb *kp;
	int error;

	if (sotorawcb(so) != 0) {
		return EISCONN; /* XXX panic? */
	}
	kp = (struct keycb *)_MALLOC(sizeof(*kp), M_PCB,
	    M_WAITOK | M_ZERO); /* XXX */
	if (kp == 0) {
		return ENOBUFS;
	}

	so->so_pcb = (caddr_t)kp;
	kp->kp_promisc = kp->kp_registered = 0;
	kp->kp_raw.rcb_laddr = &key_src;
	kp->kp_raw.rcb_faddr = &key_dst;

	error = raw_usrreqs.pru_attach(so, proto, p);
	kp = (struct keycb *)sotorawcb(so);
	if (error) {
		_FREE(kp, M_PCB);
		so->so_pcb = (caddr_t) 0;
		so->so_flags |= SOF_PCBCLEARING;
		printf("key_usrreq: key_usrreq results %d\n", error);
		return error;
	}

	/* so is already locked when calling key_attach */
	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
		key_cb.key_count++;
	}
	key_cb.any_count++;
	soisconnected(so);
	so->so_options |= SO_USELOOPBACK;

	return 0;
}

/*
 * key_bind()
 * derived from net/rtsock.c:rts_bind()
 */
static int
key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
	return error;
}

/*
 * key_connect()
 * derived from net/rtsock.c:rts_connect()
 */
static int
key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
	return error;
}

/*
 * key_detach()
 * derived from net/rtsock.c:rts_detach()
 */
static int
key_detach(struct socket *so)
{
	struct keycb *kp = (struct keycb *)sotorawcb(so);
	int error;

	if (kp != 0) {
		if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
			key_cb.key_count--;
		}
		key_cb.any_count--;
		socket_unlock(so, 0);
		key_freereg(so);
		socket_lock(so, 0);
	}
	error = raw_usrreqs.pru_detach(so);
	return error;
}

/*
 * key_disconnect()
 * derived from net/rtsock.c:key_disconnect()
 */
static int
key_disconnect(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_disconnect(so);
	return error;
}

/*
 * key_peeraddr()
 * derived from net/rtsock.c:rts_peeraddr()
 */
static int
key_peeraddr(struct socket *so, struct sockaddr **nam)
{
	int error;
	error = raw_usrreqs.pru_peeraddr(so, nam);
	return error;
}

/*
 * key_send()
 * derived from net/rtsock.c:rts_send()
 */
static int
key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
    struct mbuf *control, struct proc *p)
{
	int error;
	error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
	return error;
}

/*
 * key_shutdown()
 * derived from net/rtsock.c:rts_shutdown()
 */
static int
key_shutdown(struct socket *so)
{
	int error;
	error = raw_usrreqs.pru_shutdown(so);
	return error;
}

/*
 * key_sockaddr()
 * derived from net/rtsock.c:rts_sockaddr()
 */
static int
key_sockaddr(struct socket *so, struct sockaddr **nam)
{
	int error;
	error = raw_usrreqs.pru_sockaddr(so, nam);
	return error;
}

static struct pr_usrreqs key_usrreqs = {
	.pru_abort =            key_abort,
	.pru_attach =           key_attach,
	.pru_bind =             key_bind,
	.pru_connect =          key_connect,
	.pru_detach =           key_detach,
	.pru_disconnect =       key_disconnect,
	.pru_peeraddr =         key_peeraddr,
	.pru_send =             key_send,
	.pru_shutdown =         key_shutdown,
	.pru_sockaddr =         key_sockaddr,
	.pru_sosend =           sosend,
	.pru_soreceive =        soreceive,
};

/* sysctl */
SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Key Family");

/*
 * Definitions of protocols supported in the KEY domain.
 */

extern struct domain keydomain_s;

static struct protosw keysw[] = {
	{
		.pr_type =              SOCK_RAW,
		.pr_protocol =          PF_KEY_V2,
		.pr_flags =             PR_ATOMIC | PR_ADDR,
		.pr_output =            key_output,
		.pr_ctlinput =          raw_ctlinput,
		.pr_init =              key_init,
		.pr_usrreqs =           &key_usrreqs,
	}
};

static int key_proto_count = (sizeof(keysw) / sizeof(struct protosw));

struct domain keydomain_s = {
	.dom_family =           PF_KEY,
	.dom_name =             "key",
	.dom_init =             key_dinit,
	.dom_maxrtkey =         sizeof(struct key_cb),
};

static void
key_dinit(struct domain *dp)
{
	struct protosw *pr;
	int i;

	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
	VERIFY(keydomain == NULL);

	keydomain = dp;

	for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) {
		net_add_proto(pr, dp, 1);
	}
}
Commit	Line	Data
39037602	1	/*
cb323159	2	* Copyright (c) 2019 Apple Inc. All rights reserved.
39037602 A	3	*
	4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. The rights granted to you under the License
	10	* may not be used to create, or enable the creation or redistribution of,
	11	* unlawful or unlicensed copies of an Apple operating system, or to
	12	* circumvent, violate, or enable the circumvention or violation of, any
	13	* terms of an Apple operating system software license agreement.
	14	*
	15	* Please obtain a copy of the License at
	16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	*
	18	* The Original Code and all software distributed under the License are
	19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	* Please see the License for the specific language governing rights and
	24	* limitations under the License.
	25	*
	26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	*/
	28
1c79356b A	29	/* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
	30
	31	/*
	32	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	33	* All rights reserved.
	34	*
	35	* Redistribution and use in source and binary forms, with or without
	36	* modification, are permitted provided that the following conditions
	37	* are met:
	38	* 1. Redistributions of source code must retain the above copyright
	39	* notice, this list of conditions and the following disclaimer.
	40	* 2. Redistributions in binary form must reproduce the above copyright
	41	* notice, this list of conditions and the following disclaimer in the
	42	* documentation and/or other materials provided with the distribution.
	43	* 3. Neither the name of the project nor the names of its contributors
	44	* may be used to endorse or promote products derived from this software
	45	* without specific prior written permission.
	46	*
	47	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	48	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	49	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	50	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	51	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	52	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	53	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	54	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	55	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	56	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	57	* SUCH DAMAGE.
	58	*/
	59
1c79356b A	60	/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
1c79356b A	61
1c79356b A	62	#include <sys/types.h>
	63	#include <sys/param.h>
	64	#include <sys/systm.h>
	65	#include <sys/kernel.h>
1c79356b	66	#include <sys/sysctl.h>
1c79356b	67	#include <sys/mbuf.h>
39236c6e	68	#include <sys/mcache.h>
1c79356b	69	#include <sys/malloc.h>
1c79356b A	70	#include <sys/socket.h>
	71	#include <sys/socketvar.h>
	72	#include <sys/domain.h>
	73	#include <sys/protosw.h>
	74	#include <sys/errno.h>
1c79356b	75
91447636	76	#include <kern/locks.h>
1c79356b A	77
	78	#include <net/raw_cb.h>
	79	#include <net/route.h>
	80
	81	#include <net/pfkeyv2.h>
	82	#include <netkey/keydb.h>
	83	#include <netkey/key.h>
	84	#include <netkey/keysock.h>
	85	#include <netkey/key_debug.h>
	86
91447636	87	extern lck_mtx_t *raw_mtx;
39236c6e	88	extern void key_init(struct protosw , struct domain );
91447636	89
cb323159 A	90	struct sockaddr key_dst = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
cb323159 A	91	struct sockaddr key_src = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
1c79356b	92
39236c6e	93	static void key_dinit(struct domain *);
91447636	94	static int key_sendup0(struct rawcb , struct mbuf , int);
1c79356b A	95
	96	struct pfkeystat pfkeystat;
	97
39236c6e	98	static struct domain *keydomain = NULL;
2d21ac55 A	99
	100	extern lck_mtx_t *pfkey_stat_mutex;
	101
1c79356b	102	/*
9bccf70c	103	* key_output()
1c79356b	104	*/
1c79356b	105	int
9bccf70c A	106	#ifdef __APPLE__
	107	/* No variable argument support? */
	108	key_output(struct mbuf m, struct socket so)
1c79356b	109	#else
9bccf70c A	110	#if __STDC__
9bccf70c A	111	key_output(struct mbuf *m, ...)
1c79356b	112	#else
9bccf70c	113	key_output(m, va_alist)
0a7de745 A	114	struct mbuf *m;
0a7de745 A	115	va_dcl
1c79356b	116	#endif
1c79356b	117	#endif
1c79356b	118	{
9bccf70c	119	struct sadb_msg *msg;
1c79356b	120	int len, error = 0;
9bccf70c A	121	#ifndef __APPLE__
	122	struct socket *so;
	123	va_list ap;
	124
	125	va_start(ap, m);
	126	so = va_arg(ap, struct socket *);
	127	va_end(ap);
	128	#endif
1c79356b	129
0a7de745	130	if (m == 0) {
1c79356b	131	panic("key_output: NULL pointer was passed.\n");
0a7de745	132	}
1c79356b	133
91447636	134	socket_unlock(so, 0);
2d21ac55	135	lck_mtx_lock(pfkey_stat_mutex);
1c79356b A	136	pfkeystat.out_total++;
1c79356b A	137	pfkeystat.out_bytes += m->m_pkthdr.len;
2d21ac55	138	lck_mtx_unlock(pfkey_stat_mutex);
1c79356b A	139
	140	len = m->m_pkthdr.len;
	141	if (len < sizeof(struct sadb_msg)) {
	142	#if IPSEC_DEBUG
	143	printf("key_output: Invalid message length.\n");
	144	#endif
2d21ac55	145	PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
1c79356b A	146	error = EINVAL;
	147	goto end;
	148	}
	149
	150	if (m->m_len < sizeof(struct sadb_msg)) {
	151	if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
	152	#if IPSEC_DEBUG
	153	printf("key_output: can't pullup mbuf\n");
	154	#endif
2d21ac55	155	PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
1c79356b A	156	error = ENOBUFS;
	157	goto end;
	158	}
	159	}
	160
0a7de745	161	if ((m->m_flags & M_PKTHDR) == 0) {
1c79356b	162	panic("key_output: not M_PKTHDR ??");
0a7de745	163	}
1c79356b	164
9bccf70c	165	#if IPSEC_DEBUG
1c79356b A	166	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
	167	#endif /* defined(IPSEC_DEBUG) */
	168
	169	msg = mtod(m, struct sadb_msg *);
2d21ac55	170	PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
1c79356b A	171	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
	172	#if IPSEC_DEBUG
	173	printf("key_output: Invalid message length.\n");
	174	#endif
2d21ac55	175	PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
1c79356b A	176	error = EINVAL;
	177	goto end;
	178	}
	179
9bccf70c A	180	error = key_parse(m, so);
9bccf70c A	181	m = NULL;
91447636	182
1c79356b	183	end:
0a7de745	184	if (m) {
9bccf70c	185	m_freem(m);
0a7de745	186	}
91447636	187	socket_lock(so, 0);
9bccf70c	188	return error;
1c79356b A	189	}
	190
	191	/*
	192	* send message to the socket.
	193	*/
	194	static int
39037602	195	key_sendup0(struct rawcb rp, struct mbuf m, int promisc)
1c79356b	196	{
9bccf70c A	197	int error;
9bccf70c A	198
1c79356b A	199	if (promisc) {
	200	struct sadb_msg *pmsg;
	201
3e170ce0	202	M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
0a7de745	203	if (m && m->m_len < sizeof(struct sadb_msg)) {
1c79356b	204	m = m_pullup(m, sizeof(struct sadb_msg));
0a7de745	205	}
1c79356b A	206	if (!m) {
	207	#if IPSEC_DEBUG
	208	printf("key_sendup0: cannot pullup\n");
	209	#endif
2d21ac55	210	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b A	211	m_freem(m);
	212	return ENOBUFS;
	213	}
	214	m->m_pkthdr.len += sizeof(*pmsg);
f427ee49	215	VERIFY(PFKEY_UNIT64(m->m_pkthdr.len) <= UINT16_MAX);
1c79356b A	216
	217	pmsg = mtod(m, struct sadb_msg *);
	218	bzero(pmsg, sizeof(*pmsg));
	219	pmsg->sadb_msg_version = PF_KEY_V2;
	220	pmsg->sadb_msg_type = SADB_X_PROMISC;
f427ee49	221	pmsg->sadb_msg_len = (u_int16_t)PFKEY_UNIT64(m->m_pkthdr.len);
1c79356b A	222	/* pid and seq? */
1c79356b A	223
2d21ac55	224	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
1c79356b A	225	}
1c79356b A	226
9bccf70c	227	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
91447636	228	m, NULL, &error)) {
1c79356b A	229	#if IPSEC_DEBUG
	230	printf("key_sendup0: sbappendaddr failed\n");
	231	#endif
2d21ac55	232	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
0a7de745	233	} else {
91447636 A	234	sorwakeup(rp->rcb_socket);
91447636 A	235	}
9bccf70c	236	return error;
1c79356b A	237	}
1c79356b A	238
1c79356b	239
9bccf70c	240	/* so can be NULL if target != KEY_SENDUP_ONE */
1c79356b	241	int
39037602	242	key_sendup_mbuf(struct socket so, struct mbuf m, int target)
1c79356b A	243	{
	244	struct mbuf *n;
	245	struct keycb *kp;
	246	int sendup;
	247	struct rawcb *rp;
9bccf70c	248	int error = 0;
1c79356b	249
0a7de745	250	if (m == NULL) {
9bccf70c	251	panic("key_sendup_mbuf: NULL pointer was passed.\n");
0a7de745 A	252	}
0a7de745 A	253	if (so == NULL && target == KEY_SENDUP_ONE) {
1c79356b	254	panic("key_sendup_mbuf: NULL pointer was passed.\n");
0a7de745	255	}
1c79356b	256
2d21ac55	257	lck_mtx_lock(pfkey_stat_mutex);
1c79356b A	258	pfkeystat.in_total++;
1c79356b A	259	pfkeystat.in_bytes += m->m_pkthdr.len;
2d21ac55	260	lck_mtx_unlock(pfkey_stat_mutex);
1c79356b A	261	if (m->m_len < sizeof(struct sadb_msg)) {
	262	#if 1
	263	m = m_pullup(m, sizeof(struct sadb_msg));
	264	if (m == NULL) {
2d21ac55	265	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
1c79356b A	266	return ENOBUFS;
	267	}
	268	#else
	269	/* don't bother pulling it up just for stats */
	270	#endif
	271	}
	272	if (m->m_len >= sizeof(struct sadb_msg)) {
	273	struct sadb_msg *msg;
	274	msg = mtod(m, struct sadb_msg *);
2d21ac55	275	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
1c79356b	276	}
0a7de745	277
91447636	278	lck_mtx_lock(raw_mtx);
1c79356b	279	LIST_FOREACH(rp, &rawcb_list, list)
1c79356b	280	{
0a7de745	281	if (rp->rcb_proto.sp_family != PF_KEY) {
1c79356b	282	continue;
0a7de745	283	}
1c79356b	284	if (rp->rcb_proto.sp_protocol
0a7de745	285	&& rp->rcb_proto.sp_protocol != PF_KEY_V2) {
1c79356b A	286	continue;
	287	}
	288
	289	kp = (struct keycb *)rp;
0a7de745	290
91447636	291	socket_lock(rp->rcb_socket, 1);
1c79356b A	292	/*
	293	* If you are in promiscuous mode, and when you get broadcasted
	294	* reply, you'll get two PF_KEY messages.
	295	* (based on pf_key@inner.net message on 14 Oct 1998)
	296	*/
	297	if (((struct keycb *)rp)->kp_promisc) {
	298	if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
	299	(void)key_sendup0(rp, n, 1);
	300	n = NULL;
	301	}
	302	}
	303
	304	/* the exact target will be processed later */
91447636 A	305	if (so && sotorawcb(so) == rp) {
91447636 A	306	socket_unlock(rp->rcb_socket, 1);
1c79356b	307	continue;
91447636	308	}
1c79356b A	309
	310	sendup = 0;
	311	switch (target) {
	312	case KEY_SENDUP_ONE:
	313	/* the statement has no effect */
1c79356b A	314	break;
	315	case KEY_SENDUP_ALL:
	316	sendup++;
	317	break;
	318	case KEY_SENDUP_REGISTERED:
0a7de745	319	if (kp->kp_registered) {
1c79356b	320	sendup++;
0a7de745	321	}
1c79356b A	322	break;
1c79356b A	323	}
2d21ac55	324	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
1c79356b	325
91447636 A	326	if (!sendup) {
91447636 A	327	socket_unlock(rp->rcb_socket, 1);
1c79356b	328	continue;
0a7de745	329	} else {
91447636	330	sendup = 0; // clear for next iteration
0a7de745	331	}
1c79356b A	332	if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
	333	#if IPSEC_DEBUG
	334	printf("key_sendup: m_copy fail\n");
	335	#endif
	336	m_freem(m);
2d21ac55	337	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
91447636 A	338	socket_unlock(rp->rcb_socket, 1);
91447636 A	339	lck_mtx_unlock(raw_mtx);
1c79356b A	340	return ENOBUFS;
	341	}
	342
91447636 A	343	/*
	344	* ignore error even if queue is full. PF_KEY does not
	345	* guarantee the delivery of the message.
	346	* this is important when target == KEY_SENDUP_ALL.
	347	*/
	348	key_sendup0(rp, n, 0);
	349	socket_unlock(rp->rcb_socket, 1);
1c79356b A	350	n = NULL;
	351	}
	352
91447636	353	lck_mtx_unlock(raw_mtx);
9bccf70c	354	if (so) {
91447636	355	socket_lock(so, 1);
9bccf70c	356	error = key_sendup0(sotorawcb(so), m, 0);
91447636	357	socket_unlock(so, 1);
9bccf70c A	358	m = NULL;
	359	} else {
	360	error = 0;
	361	m_freem(m);
	362	}
1c79356b A	363	return error;
	364	}
	365
1c79356b A	366	/*
	367	* key_abort()
	368	* derived from net/rtsock.c:rts_abort()
	369	*/
	370	static int
	371	key_abort(struct socket *so)
	372	{
91447636	373	int error;
1c79356b	374	error = raw_usrreqs.pru_abort(so);
1c79356b A	375	return error;
	376	}
	377
	378	/*
	379	* key_attach()
	380	* derived from net/rtsock.c:rts_attach()
	381	*/
	382	static int
	383	key_attach(struct socket so, int proto, struct proc p)
	384	{
	385	struct keycb *kp;
91447636	386	int error;
1c79356b	387
0a7de745 A	388	if (sotorawcb(so) != 0) {
	389	return EISCONN; /* XXX panic? */
	390	}
	391	kp = (struct keycb )_MALLOC(sizeof(kp), M_PCB,
3e170ce0	392	M_WAITOK \| M_ZERO); /* XXX */
0a7de745	393	if (kp == 0) {
1c79356b	394	return ENOBUFS;
0a7de745	395	}
1c79356b	396
1c79356b	397	so->so_pcb = (caddr_t)kp;
91447636 A	398	kp->kp_promisc = kp->kp_registered = 0;
	399	kp->kp_raw.rcb_laddr = &key_src;
	400	kp->kp_raw.rcb_faddr = &key_dst;
	401
1c79356b A	402	error = raw_usrreqs.pru_attach(so, proto, p);
	403	kp = (struct keycb *)sotorawcb(so);
	404	if (error) {
	405	_FREE(kp, M_PCB);
	406	so->so_pcb = (caddr_t) 0;
91447636	407	so->so_flags \|= SOF_PCBCLEARING;
1c79356b A	408	printf("key_usrreq: key_usrreq results %d\n", error);
	409	return error;
	410	}
	411
37839358	412	/* so is already locked when calling key_attach */
0a7de745	413	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
1c79356b	414	key_cb.key_count++;
0a7de745	415	}
1c79356b	416	key_cb.any_count++;
1c79356b A	417	soisconnected(so);
	418	so->so_options \|= SO_USELOOPBACK;
	419
1c79356b A	420	return 0;
	421	}
	422
	423	/*
	424	* key_bind()
	425	* derived from net/rtsock.c:rts_bind()
	426	*/
	427	static int
	428	key_bind(struct socket so, struct sockaddr nam, struct proc *p)
	429	{
91447636	430	int error;
1c79356b	431	error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
1c79356b A	432	return error;
	433	}
	434
	435	/*
	436	* key_connect()
	437	* derived from net/rtsock.c:rts_connect()
	438	*/
	439	static int
	440	key_connect(struct socket so, struct sockaddr nam, struct proc *p)
	441	{
91447636	442	int error;
1c79356b	443	error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
1c79356b A	444	return error;
	445	}
	446
	447	/*
	448	* key_detach()
	449	* derived from net/rtsock.c:rts_detach()
	450	*/
	451	static int
	452	key_detach(struct socket *so)
	453	{
	454	struct keycb kp = (struct keycb )sotorawcb(so);
91447636	455	int error;
1c79356b	456
1c79356b	457	if (kp != 0) {
0a7de745	458	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
1c79356b	459	key_cb.key_count--;
0a7de745	460	}
1c79356b	461	key_cb.any_count--;
91447636	462	socket_unlock(so, 0);
1c79356b	463	key_freereg(so);
91447636	464	socket_lock(so, 0);
1c79356b A	465	}
1c79356b A	466	error = raw_usrreqs.pru_detach(so);
1c79356b A	467	return error;
	468	}
	469
	470	/*
	471	* key_disconnect()
	472	* derived from net/rtsock.c:key_disconnect()
	473	*/
	474	static int
	475	key_disconnect(struct socket *so)
	476	{
91447636	477	int error;
1c79356b	478	error = raw_usrreqs.pru_disconnect(so);
1c79356b A	479	return error;
	480	}
	481
	482	/*
	483	* key_peeraddr()
	484	* derived from net/rtsock.c:rts_peeraddr()
	485	*/
	486	static int
	487	key_peeraddr(struct socket so, struct sockaddr *nam)
	488	{
91447636	489	int error;
1c79356b	490	error = raw_usrreqs.pru_peeraddr(so, nam);
1c79356b A	491	return error;
	492	}
	493
	494	/*
	495	* key_send()
	496	* derived from net/rtsock.c:rts_send()
	497	*/
	498	static int
	499	key_send(struct socket so, int flags, struct mbuf m, struct sockaddr *nam,
0a7de745	500	struct mbuf control, struct proc p)
1c79356b	501	{
91447636	502	int error;
1c79356b	503	error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
1c79356b A	504	return error;
	505	}
	506
	507	/*
	508	* key_shutdown()
	509	* derived from net/rtsock.c:rts_shutdown()
	510	*/
	511	static int
	512	key_shutdown(struct socket *so)
	513	{
91447636	514	int error;
1c79356b	515	error = raw_usrreqs.pru_shutdown(so);
1c79356b A	516	return error;
	517	}
	518
	519	/*
	520	* key_sockaddr()
	521	* derived from net/rtsock.c:rts_sockaddr()
	522	*/
	523	static int
	524	key_sockaddr(struct socket so, struct sockaddr *nam)
	525	{
91447636	526	int error;
1c79356b	527	error = raw_usrreqs.pru_sockaddr(so, nam);
1c79356b A	528	return error;
	529	}
	530
39236c6e	531	static struct pr_usrreqs key_usrreqs = {
0a7de745 A	532	.pru_abort = key_abort,
	533	.pru_attach = key_attach,
	534	.pru_bind = key_bind,
	535	.pru_connect = key_connect,
	536	.pru_detach = key_detach,
	537	.pru_disconnect = key_disconnect,
	538	.pru_peeraddr = key_peeraddr,
	539	.pru_send = key_send,
	540	.pru_shutdown = key_shutdown,
	541	.pru_sockaddr = key_sockaddr,
	542	.pru_sosend = sosend,
	543	.pru_soreceive = soreceive,
1c79356b	544	};
1c79356b	545
1c79356b	546	/* sysctl */
0a7de745	547	SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW \| CTLFLAG_LOCKED, 0, "Key Family");
1c79356b A	548
	549	/*
	550	* Definitions of protocols supported in the KEY domain.
	551	*/
	552
39236c6e A	553	extern struct domain keydomain_s;
	554
	555	static struct protosw keysw[] = {
0a7de745 A	556	{
	557	.pr_type = SOCK_RAW,
	558	.pr_protocol = PF_KEY_V2,
	559	.pr_flags = PR_ATOMIC \| PR_ADDR,
	560	.pr_output = key_output,
	561	.pr_ctlinput = raw_ctlinput,
	562	.pr_init = key_init,
	563	.pr_usrreqs = &key_usrreqs,
	564	}
1c79356b A	565	};
1c79356b A	566
0a7de745	567	static int key_proto_count = (sizeof(keysw) / sizeof(struct protosw));
39236c6e A	568
39236c6e A	569	struct domain keydomain_s = {
0a7de745 A	570	.dom_family = PF_KEY,
	571	.dom_name = "key",
	572	.dom_init = key_dinit,
	573	.dom_maxrtkey = sizeof(struct key_cb),
2d21ac55	574	};
1c79356b	575
39236c6e A	576	static void
	577	key_dinit(struct domain *dp)
	578	{
	579	struct protosw *pr;
	580	int i;
	581
	582	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
	583	VERIFY(keydomain == NULL);
	584
	585	keydomain = dp;
	586
0a7de745	587	for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) {
39236c6e	588	net_add_proto(pr, dp, 1);
0a7de745	589	}
39236c6e	590	}