]>
Commit | Line | Data |
---|---|---|
1 | /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */ | |
2 | ||
3 | /* | |
4 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in the | |
14 | * documentation and/or other materials provided with the distribution. | |
15 | * 3. Neither the name of the project nor the names of its contributors | |
16 | * may be used to endorse or promote products derived from this software | |
17 | * without specific prior written permission. | |
18 | * | |
19 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
20 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
21 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
22 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
23 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
24 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
25 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
26 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
27 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
28 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | |
30 | */ | |
31 | ||
32 | /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */ | |
33 | ||
34 | #include <sys/types.h> | |
35 | #include <sys/param.h> | |
36 | #include <sys/systm.h> | |
37 | #include <sys/kernel.h> | |
38 | #include <sys/sysctl.h> | |
39 | #include <sys/mbuf.h> | |
40 | #include <sys/malloc.h> | |
41 | #include <sys/socket.h> | |
42 | #include <sys/socketvar.h> | |
43 | #include <sys/domain.h> | |
44 | #include <sys/protosw.h> | |
45 | #include <sys/errno.h> | |
46 | ||
47 | #include <kern/locks.h> | |
48 | ||
49 | #include <net/raw_cb.h> | |
50 | #include <net/route.h> | |
51 | ||
52 | #include <net/pfkeyv2.h> | |
53 | #include <netkey/keydb.h> | |
54 | #include <netkey/key.h> | |
55 | #include <netkey/keysock.h> | |
56 | #include <netkey/key_debug.h> | |
57 | ||
58 | extern lck_mtx_t *raw_mtx; | |
59 | extern lck_mtx_t *sadb_mutex; | |
60 | extern void key_init(void); | |
61 | ||
62 | struct sockaddr key_dst = { 2, PF_KEY, }; | |
63 | struct sockaddr key_src = { 2, PF_KEY, }; | |
64 | ||
65 | static int key_sendup0(struct rawcb *, struct mbuf *, int); | |
66 | ||
67 | struct pfkeystat pfkeystat; | |
68 | ||
69 | /* | |
70 | * key_output() | |
71 | */ | |
72 | int | |
73 | #ifdef __APPLE__ | |
74 | /* No variable argument support? */ | |
75 | key_output(struct mbuf *m, struct socket *so) | |
76 | #else | |
77 | #if __STDC__ | |
78 | key_output(struct mbuf *m, ...) | |
79 | #else | |
80 | key_output(m, va_alist) | |
81 | struct mbuf *m; | |
82 | va_dcl | |
83 | #endif | |
84 | #endif | |
85 | { | |
86 | struct sadb_msg *msg; | |
87 | int len, error = 0; | |
88 | #ifndef __APPLE__ | |
89 | struct socket *so; | |
90 | va_list ap; | |
91 | ||
92 | va_start(ap, m); | |
93 | so = va_arg(ap, struct socket *); | |
94 | va_end(ap); | |
95 | #endif | |
96 | ||
97 | if (m == 0) | |
98 | panic("key_output: NULL pointer was passed.\n"); | |
99 | ||
100 | socket_unlock(so, 0); | |
101 | lck_mtx_lock(sadb_mutex); | |
102 | pfkeystat.out_total++; | |
103 | pfkeystat.out_bytes += m->m_pkthdr.len; | |
104 | ||
105 | len = m->m_pkthdr.len; | |
106 | if (len < sizeof(struct sadb_msg)) { | |
107 | #if IPSEC_DEBUG | |
108 | printf("key_output: Invalid message length.\n"); | |
109 | #endif | |
110 | pfkeystat.out_tooshort++; | |
111 | error = EINVAL; | |
112 | goto end; | |
113 | } | |
114 | ||
115 | if (m->m_len < sizeof(struct sadb_msg)) { | |
116 | if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { | |
117 | #if IPSEC_DEBUG | |
118 | printf("key_output: can't pullup mbuf\n"); | |
119 | #endif | |
120 | pfkeystat.out_nomem++; | |
121 | error = ENOBUFS; | |
122 | goto end; | |
123 | } | |
124 | } | |
125 | ||
126 | if ((m->m_flags & M_PKTHDR) == 0) | |
127 | panic("key_output: not M_PKTHDR ??"); | |
128 | ||
129 | #if IPSEC_DEBUG | |
130 | KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); | |
131 | #endif /* defined(IPSEC_DEBUG) */ | |
132 | ||
133 | msg = mtod(m, struct sadb_msg *); | |
134 | pfkeystat.out_msgtype[msg->sadb_msg_type]++; | |
135 | if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { | |
136 | #if IPSEC_DEBUG | |
137 | printf("key_output: Invalid message length.\n"); | |
138 | #endif | |
139 | pfkeystat.out_invlen++; | |
140 | error = EINVAL; | |
141 | goto end; | |
142 | } | |
143 | ||
144 | error = key_parse(m, so); | |
145 | m = NULL; | |
146 | ||
147 | end: | |
148 | if (m) | |
149 | m_freem(m); | |
150 | lck_mtx_unlock(sadb_mutex); | |
151 | socket_lock(so, 0); | |
152 | return error; | |
153 | } | |
154 | ||
155 | /* | |
156 | * send message to the socket. | |
157 | */ | |
158 | static int | |
159 | key_sendup0(rp, m, promisc) | |
160 | struct rawcb *rp; | |
161 | struct mbuf *m; | |
162 | int promisc; | |
163 | { | |
164 | int error; | |
165 | ||
166 | lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); | |
167 | if (promisc) { | |
168 | struct sadb_msg *pmsg; | |
169 | ||
170 | M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT); | |
171 | if (m && m->m_len < sizeof(struct sadb_msg)) | |
172 | m = m_pullup(m, sizeof(struct sadb_msg)); | |
173 | if (!m) { | |
174 | #if IPSEC_DEBUG | |
175 | printf("key_sendup0: cannot pullup\n"); | |
176 | #endif | |
177 | pfkeystat.in_nomem++; | |
178 | m_freem(m); | |
179 | return ENOBUFS; | |
180 | } | |
181 | m->m_pkthdr.len += sizeof(*pmsg); | |
182 | ||
183 | pmsg = mtod(m, struct sadb_msg *); | |
184 | bzero(pmsg, sizeof(*pmsg)); | |
185 | pmsg->sadb_msg_version = PF_KEY_V2; | |
186 | pmsg->sadb_msg_type = SADB_X_PROMISC; | |
187 | pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); | |
188 | /* pid and seq? */ | |
189 | ||
190 | pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; | |
191 | } | |
192 | ||
193 | if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, | |
194 | m, NULL, &error)) { | |
195 | #if IPSEC_DEBUG | |
196 | printf("key_sendup0: sbappendaddr failed\n"); | |
197 | #endif | |
198 | pfkeystat.in_nomem++; | |
199 | } | |
200 | else { | |
201 | sorwakeup(rp->rcb_socket); | |
202 | } | |
203 | return error; | |
204 | } | |
205 | ||
206 | ||
207 | /* so can be NULL if target != KEY_SENDUP_ONE */ | |
208 | int | |
209 | key_sendup_mbuf(so, m, target) | |
210 | struct socket *so; | |
211 | struct mbuf *m; | |
212 | int target; | |
213 | { | |
214 | struct mbuf *n; | |
215 | struct keycb *kp; | |
216 | int sendup; | |
217 | struct rawcb *rp; | |
218 | int error = 0; | |
219 | ||
220 | lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); | |
221 | if (m == NULL) | |
222 | panic("key_sendup_mbuf: NULL pointer was passed.\n"); | |
223 | if (so == NULL && target == KEY_SENDUP_ONE) | |
224 | panic("key_sendup_mbuf: NULL pointer was passed.\n"); | |
225 | ||
226 | pfkeystat.in_total++; | |
227 | pfkeystat.in_bytes += m->m_pkthdr.len; | |
228 | if (m->m_len < sizeof(struct sadb_msg)) { | |
229 | #if 1 | |
230 | m = m_pullup(m, sizeof(struct sadb_msg)); | |
231 | if (m == NULL) { | |
232 | pfkeystat.in_nomem++; | |
233 | return ENOBUFS; | |
234 | } | |
235 | #else | |
236 | /* don't bother pulling it up just for stats */ | |
237 | #endif | |
238 | } | |
239 | if (m->m_len >= sizeof(struct sadb_msg)) { | |
240 | struct sadb_msg *msg; | |
241 | msg = mtod(m, struct sadb_msg *); | |
242 | pfkeystat.in_msgtype[msg->sadb_msg_type]++; | |
243 | } | |
244 | ||
245 | lck_mtx_lock(raw_mtx); | |
246 | LIST_FOREACH(rp, &rawcb_list, list) | |
247 | { | |
248 | if (rp->rcb_proto.sp_family != PF_KEY) | |
249 | continue; | |
250 | if (rp->rcb_proto.sp_protocol | |
251 | && rp->rcb_proto.sp_protocol != PF_KEY_V2) { | |
252 | continue; | |
253 | } | |
254 | ||
255 | kp = (struct keycb *)rp; | |
256 | ||
257 | socket_lock(rp->rcb_socket, 1); | |
258 | /* | |
259 | * If you are in promiscuous mode, and when you get broadcasted | |
260 | * reply, you'll get two PF_KEY messages. | |
261 | * (based on pf_key@inner.net message on 14 Oct 1998) | |
262 | */ | |
263 | if (((struct keycb *)rp)->kp_promisc) { | |
264 | if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { | |
265 | (void)key_sendup0(rp, n, 1); | |
266 | n = NULL; | |
267 | } | |
268 | } | |
269 | ||
270 | /* the exact target will be processed later */ | |
271 | if (so && sotorawcb(so) == rp) { | |
272 | socket_unlock(rp->rcb_socket, 1); | |
273 | continue; | |
274 | } | |
275 | ||
276 | sendup = 0; | |
277 | switch (target) { | |
278 | case KEY_SENDUP_ONE: | |
279 | /* the statement has no effect */ | |
280 | break; | |
281 | case KEY_SENDUP_ALL: | |
282 | sendup++; | |
283 | break; | |
284 | case KEY_SENDUP_REGISTERED: | |
285 | if (kp->kp_registered) | |
286 | sendup++; | |
287 | break; | |
288 | } | |
289 | pfkeystat.in_msgtarget[target]++; | |
290 | ||
291 | if (!sendup) { | |
292 | socket_unlock(rp->rcb_socket, 1); | |
293 | continue; | |
294 | } | |
295 | else | |
296 | sendup = 0; // clear for next iteration | |
297 | ||
298 | if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { | |
299 | #if IPSEC_DEBUG | |
300 | printf("key_sendup: m_copy fail\n"); | |
301 | #endif | |
302 | m_freem(m); | |
303 | pfkeystat.in_nomem++; | |
304 | socket_unlock(rp->rcb_socket, 1); | |
305 | lck_mtx_unlock(raw_mtx); | |
306 | return ENOBUFS; | |
307 | } | |
308 | ||
309 | /* | |
310 | * ignore error even if queue is full. PF_KEY does not | |
311 | * guarantee the delivery of the message. | |
312 | * this is important when target == KEY_SENDUP_ALL. | |
313 | */ | |
314 | key_sendup0(rp, n, 0); | |
315 | socket_unlock(rp->rcb_socket, 1); | |
316 | n = NULL; | |
317 | } | |
318 | ||
319 | lck_mtx_unlock(raw_mtx); | |
320 | if (so) { | |
321 | socket_lock(so, 1); | |
322 | error = key_sendup0(sotorawcb(so), m, 0); | |
323 | socket_unlock(so, 1); | |
324 | m = NULL; | |
325 | } else { | |
326 | error = 0; | |
327 | m_freem(m); | |
328 | } | |
329 | return error; | |
330 | } | |
331 | ||
332 | /* | |
333 | * key_abort() | |
334 | * derived from net/rtsock.c:rts_abort() | |
335 | */ | |
336 | static int | |
337 | key_abort(struct socket *so) | |
338 | { | |
339 | int error; | |
340 | error = raw_usrreqs.pru_abort(so); | |
341 | return error; | |
342 | } | |
343 | ||
344 | /* | |
345 | * key_attach() | |
346 | * derived from net/rtsock.c:rts_attach() | |
347 | */ | |
348 | static int | |
349 | key_attach(struct socket *so, int proto, struct proc *p) | |
350 | { | |
351 | struct keycb *kp; | |
352 | int error; | |
353 | ||
354 | if (sotorawcb(so) != 0) | |
355 | return EISCONN; /* XXX panic? */ | |
356 | kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */ | |
357 | if (kp == 0) | |
358 | return ENOBUFS; | |
359 | bzero(kp, sizeof *kp); | |
360 | ||
361 | so->so_pcb = (caddr_t)kp; | |
362 | kp->kp_promisc = kp->kp_registered = 0; | |
363 | kp->kp_raw.rcb_laddr = &key_src; | |
364 | kp->kp_raw.rcb_faddr = &key_dst; | |
365 | ||
366 | error = raw_usrreqs.pru_attach(so, proto, p); | |
367 | kp = (struct keycb *)sotorawcb(so); | |
368 | if (error) { | |
369 | _FREE(kp, M_PCB); | |
370 | so->so_pcb = (caddr_t) 0; | |
371 | so->so_flags |= SOF_PCBCLEARING; | |
372 | printf("key_usrreq: key_usrreq results %d\n", error); | |
373 | return error; | |
374 | } | |
375 | ||
376 | /* so is already locked when calling key_attach */ | |
377 | if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ | |
378 | key_cb.key_count++; | |
379 | key_cb.any_count++; | |
380 | soisconnected(so); | |
381 | so->so_options |= SO_USELOOPBACK; | |
382 | ||
383 | return 0; | |
384 | } | |
385 | ||
386 | /* | |
387 | * key_bind() | |
388 | * derived from net/rtsock.c:rts_bind() | |
389 | */ | |
390 | static int | |
391 | key_bind(struct socket *so, struct sockaddr *nam, struct proc *p) | |
392 | { | |
393 | int error; | |
394 | error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */ | |
395 | return error; | |
396 | } | |
397 | ||
398 | /* | |
399 | * key_connect() | |
400 | * derived from net/rtsock.c:rts_connect() | |
401 | */ | |
402 | static int | |
403 | key_connect(struct socket *so, struct sockaddr *nam, struct proc *p) | |
404 | { | |
405 | int error; | |
406 | error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */ | |
407 | return error; | |
408 | } | |
409 | ||
410 | /* | |
411 | * key_detach() | |
412 | * derived from net/rtsock.c:rts_detach() | |
413 | */ | |
414 | static int | |
415 | key_detach(struct socket *so) | |
416 | { | |
417 | struct keycb *kp = (struct keycb *)sotorawcb(so); | |
418 | int error; | |
419 | ||
420 | if (kp != 0) { | |
421 | if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ | |
422 | key_cb.key_count--; | |
423 | key_cb.any_count--; | |
424 | socket_unlock(so, 0); | |
425 | lck_mtx_lock(sadb_mutex); | |
426 | key_freereg(so); | |
427 | lck_mtx_unlock(sadb_mutex); | |
428 | socket_lock(so, 0); | |
429 | } | |
430 | error = raw_usrreqs.pru_detach(so); | |
431 | return error; | |
432 | } | |
433 | ||
434 | /* | |
435 | * key_disconnect() | |
436 | * derived from net/rtsock.c:key_disconnect() | |
437 | */ | |
438 | static int | |
439 | key_disconnect(struct socket *so) | |
440 | { | |
441 | int error; | |
442 | error = raw_usrreqs.pru_disconnect(so); | |
443 | return error; | |
444 | } | |
445 | ||
446 | /* | |
447 | * key_peeraddr() | |
448 | * derived from net/rtsock.c:rts_peeraddr() | |
449 | */ | |
450 | static int | |
451 | key_peeraddr(struct socket *so, struct sockaddr **nam) | |
452 | { | |
453 | int error; | |
454 | error = raw_usrreqs.pru_peeraddr(so, nam); | |
455 | return error; | |
456 | } | |
457 | ||
458 | /* | |
459 | * key_send() | |
460 | * derived from net/rtsock.c:rts_send() | |
461 | */ | |
462 | static int | |
463 | key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, | |
464 | struct mbuf *control, struct proc *p) | |
465 | { | |
466 | int error; | |
467 | error = raw_usrreqs.pru_send(so, flags, m, nam, control, p); | |
468 | return error; | |
469 | } | |
470 | ||
471 | /* | |
472 | * key_shutdown() | |
473 | * derived from net/rtsock.c:rts_shutdown() | |
474 | */ | |
475 | static int | |
476 | key_shutdown(struct socket *so) | |
477 | { | |
478 | int error; | |
479 | error = raw_usrreqs.pru_shutdown(so); | |
480 | return error; | |
481 | } | |
482 | ||
483 | /* | |
484 | * key_sockaddr() | |
485 | * derived from net/rtsock.c:rts_sockaddr() | |
486 | */ | |
487 | static int | |
488 | key_sockaddr(struct socket *so, struct sockaddr **nam) | |
489 | { | |
490 | int error; | |
491 | error = raw_usrreqs.pru_sockaddr(so, nam); | |
492 | return error; | |
493 | } | |
494 | ||
495 | struct pr_usrreqs key_usrreqs = { | |
496 | key_abort, pru_accept_notsupp, key_attach, key_bind, | |
497 | key_connect, | |
498 | pru_connect2_notsupp, pru_control_notsupp, key_detach, | |
499 | key_disconnect, pru_listen_notsupp, key_peeraddr, | |
500 | pru_rcvd_notsupp, | |
501 | pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown, | |
502 | key_sockaddr, sosend, soreceive, pru_sopoll_notsupp | |
503 | }; | |
504 | ||
505 | /* sysctl */ | |
506 | SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); | |
507 | ||
508 | /* | |
509 | * Definitions of protocols supported in the KEY domain. | |
510 | */ | |
511 | ||
512 | extern struct domain keydomain; | |
513 | ||
514 | struct protosw keysw[] = { | |
515 | { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, | |
516 | 0, key_output, raw_ctlinput, 0, | |
517 | 0, | |
518 | key_init, 0, 0, 0, | |
519 | 0, | |
520 | &key_usrreqs, | |
521 | 0, 0, 0, | |
522 | } | |
523 | }; | |
524 | ||
525 | struct domain keydomain = | |
526 | { PF_KEY, "key", key_domain_init, 0, 0, | |
527 | keysw, 0, | |
528 | 0,0, | |
529 | sizeof(struct key_cb), 0 | |
530 | }; | |
531 | ||
532 | DOMAIN_SET(key); |