]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/netkey/key.c
projects / apple / xnu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
xnu-2782.1.97.tar.gz
[apple/xnu.git] / bsd / netkey / key.c
... / ...
CommitLineData
1/*
2 * Copyright (c) 2008-2014 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29/* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
30/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
31
32/*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61/*
62 * This code is referd to RFC 2367
63 */
64
65#include <machine/endian.h>
66#include <sys/types.h>
67#include <sys/param.h>
68#include <sys/systm.h>
69#include <sys/kernel.h>
70#include <sys/mbuf.h>
71#include <sys/domain.h>
72#include <sys/protosw.h>
73#include <sys/malloc.h>
74#include <sys/socket.h>
75#include <sys/socketvar.h>
76#include <sys/sysctl.h>
77#include <sys/errno.h>
78#include <sys/proc.h>
79#include <sys/queue.h>
80#include <sys/syslog.h>
81#include <sys/mcache.h>
82
83#include <kern/locks.h>
84
85#include <net/if.h>
86#include <net/route.h>
87#include <net/raw_cb.h>
88
89#include <netinet/in.h>
90#include <netinet/in_systm.h>
91#include <netinet/ip.h>
92#include <netinet/in_var.h>
93
94#if INET6
95#include <netinet/ip6.h>
96#include <netinet6/in6_var.h>
97#include <netinet6/ip6_var.h>
98#endif /* INET6 */
99
100#include <net/pfkeyv2.h>
101#include <netkey/keydb.h>
102#include <netkey/key.h>
103#include <netkey/keysock.h>
104#include <netkey/key_debug.h>
105#include <stdarg.h>
106
107
108#include <netinet6/ipsec.h>
109#if INET6
110#include <netinet6/ipsec6.h>
111#endif
112#include <netinet6/ah.h>
113#if INET6
114#include <netinet6/ah6.h>
115#endif
116#if IPSEC_ESP
117#include <netinet6/esp.h>
118#if INET6
119#include <netinet6/esp6.h>
120#endif
121#endif
122#include <netinet6/ipcomp.h>
123#if INET6
124#include <netinet6/ipcomp6.h>
125#endif
126
127
128/* randomness */
129#include <sys/random.h>
130
131#include <net/net_osdep.h>
132
133#define FULLMASK 0xff
134
135lck_grp_t *sadb_mutex_grp;
136lck_grp_attr_t *sadb_mutex_grp_attr;
137lck_attr_t *sadb_mutex_attr;
138decl_lck_mtx_data(, sadb_mutex_data);
139lck_mtx_t *sadb_mutex = &sadb_mutex_data;
140
141lck_grp_t *pfkey_stat_mutex_grp;
142lck_grp_attr_t *pfkey_stat_mutex_grp_attr;
143lck_attr_t *pfkey_stat_mutex_attr;
144decl_lck_mtx_data(, pfkey_stat_mutex_data);
145lck_mtx_t *pfkey_stat_mutex = &pfkey_stat_mutex_data;
146
147/*
148 * Note on SA reference counting:
149 * - SAs that are not in DEAD state will have (total external reference + 1)
150 * following value in reference count field. they cannot be freed and are
151 * referenced from SA header.
152 * - SAs that are in DEAD state will have (total external reference)
153 * in reference count field. they are ready to be freed. reference from
154 * SA header will be removed in key_delsav(), when the reference count
155 * field hits 0 (= no external reference other than from SA header.
156 */
157
158u_int32_t key_debug_level = 0; //### our sysctl is not dynamic
159static int key_timehandler_running = 0;
160static u_int key_spi_trycnt = 1000;
161static u_int32_t key_spi_minval = 0x100;
162static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
163static u_int32_t policy_id = 0;
164static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
165static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
166static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
167static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
168static int key_preferred_oldsa = 0; /* preferred old sa rather than new sa.*/
169__private_extern__ int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
170__private_extern__ int ipsec_policy_count = 0;
171static int ipsec_sav_count = 0;
172
173static u_int32_t acq_seq = 0;
174static int key_tick_init_random = 0;
175__private_extern__ u_int32_t natt_now = 0;
176
177static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
178static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
179static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
180/* registed list */
181
182#define SPIHASHSIZE 128
183#define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
184static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
185
186#ifndef IPSEC_NONBLOCK_ACQUIRE
187static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
188#endif
189static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
190
191struct key_cb key_cb;
192
193/* search order for SAs */
194static const u_int saorder_state_valid_prefer_old[] = {
195 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
196};
197static const u_int saorder_state_valid_prefer_new[] = {
198 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
199};
200static const u_int saorder_state_alive[] = {
201 /* except DEAD */
202 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
203};
204static const u_int saorder_state_any[] = {
205 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
206 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
207};
208
209static const int minsize[] = {
210 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
211 sizeof(struct sadb_sa), /* SADB_EXT_SA */
212 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
214 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
215 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
216 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
217 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
218 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
219 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
220 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
221 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
222 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
223 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
224 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
225 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
226 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
227 0, /* SADB_X_EXT_KMPRIVATE */
228 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
229 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
230 sizeof(struct sadb_session_id), /* SADB_EXT_SESSION_ID */
231 sizeof(struct sadb_sastat), /* SADB_EXT_SASTAT */
232 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
233 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_START */
234 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_END */
235 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_START */
236 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_END */
237};
238static const int maxsize[] = {
239 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
240 sizeof(struct sadb_sa_2), /* SADB_EXT_SA */
241 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
242 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
243 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
244 0, /* SADB_EXT_ADDRESS_SRC */
245 0, /* SADB_EXT_ADDRESS_DST */
246 0, /* SADB_EXT_ADDRESS_PROXY */
247 0, /* SADB_EXT_KEY_AUTH */
248 0, /* SADB_EXT_KEY_ENCRYPT */
249 0, /* SADB_EXT_IDENTITY_SRC */
250 0, /* SADB_EXT_IDENTITY_DST */
251 0, /* SADB_EXT_SENSITIVITY */
252 0, /* SADB_EXT_PROPOSAL */
253 0, /* SADB_EXT_SUPPORTED_AUTH */
254 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
255 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
256 0, /* SADB_X_EXT_KMPRIVATE */
257 0, /* SADB_X_EXT_POLICY */
258 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
259 0, /* SADB_EXT_SESSION_ID */
260 0, /* SADB_EXT_SASTAT */
261 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
262 0, /* SADB_X_EXT_ADDR_RANGE_SRC_START */
263 0, /* SADB_X_EXT_ADDR_RANGE_SRC_END */
264 0, /* SADB_X_EXT_ADDR_RANGE_DST_START */
265 0, /* SADB_X_EXT_ADDR_RANGE_DST_END */
266};
267
268static int ipsec_esp_keymin = 256;
269static int ipsec_esp_auth = 0;
270static int ipsec_ah_keymin = 128;
271
272SYSCTL_DECL(_net_key);
273/* Thread safe: no accumulated state */
274SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW | CTLFLAG_LOCKED, \
275 &key_debug_level, 0, "");
276
277
278/* max count of trial for the decision of spi value */
279SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW | CTLFLAG_LOCKED, \
280 &key_spi_trycnt, 0, "");
281
282/* minimum spi value to allocate automatically. */
283SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW | CTLFLAG_LOCKED, \
284 &key_spi_minval, 0, "");
285
286/* maximun spi value to allocate automatically. */
287SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW | CTLFLAG_LOCKED, \
288 &key_spi_maxval, 0, "");
289
290/* interval to initialize randseed */
291SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW | CTLFLAG_LOCKED, \
292 &key_int_random, 0, "");
293
294/* lifetime for larval SA; thread safe due to > compare */
295SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
296 &key_larval_lifetime, 0, "");
297
298/* counter for blocking to send SADB_ACQUIRE to IKEd */
299SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW | CTLFLAG_LOCKED, \
300 &key_blockacq_count, 0, "");
301
302/* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
303SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
304 &key_blockacq_lifetime, 0, "");
305
306/* ESP auth */
307SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW | CTLFLAG_LOCKED, \
308 &ipsec_esp_auth, 0, "");
309
310/* minimum ESP key length */
311SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
312 &ipsec_esp_keymin, 0, "");
313
314/* minimum AH key length */
315SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
316 &ipsec_ah_keymin, 0, "");
317
318/* perfered old SA rather than new SA */
319SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW | CTLFLAG_LOCKED,\
320 &key_preferred_oldsa, 0, "");
321
322/* time between NATT keepalives in seconds, 0 disabled */
323SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW | CTLFLAG_LOCKED,\
324 &natt_keepalive_interval, 0, "");
325
326/* PF_KEY statistics */
327SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD | CTLFLAG_LOCKED,\
328 &pfkeystat, pfkeystat, "");
329
330#ifndef LIST_FOREACH
331#define LIST_FOREACH(elm, head, field) \
332for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
333#endif
334#define __LIST_CHAINED(elm) \
335(!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
336#define LIST_INSERT_TAIL(head, elm, type, field) \
337do {\
338struct type *curelm = LIST_FIRST(head); \
339if (curelm == NULL) {\
340LIST_INSERT_HEAD(head, elm, field); \
341} else { \
342while (LIST_NEXT(curelm, field)) \
343curelm = LIST_NEXT(curelm, field);\
344LIST_INSERT_AFTER(curelm, elm, field);\
345}\
346} while (0)
347
348#define KEY_CHKSASTATE(head, sav, name) \
349do { \
350if ((head) != (sav)) { \
351ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
352(name), (head), (sav))); \
353continue; \
354} \
355} while (0)
356
357#define KEY_CHKSPDIR(head, sp, name) \
358do { \
359if ((head) != (sp)) { \
360ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
361"anyway continue.\n", \
362(name), (head), (sp))); \
363} \
364} while (0)
365
366#if 1
367#define KMALLOC_WAIT(p, t, n) \
368((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
369#define KMALLOC_NOWAIT(p, t, n) \
370((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
371#define KFREE(p) \
372_FREE((caddr_t)(p), M_SECA);
373#else
374#define KMALLOC_WAIT(p, t, n) \
375do { \
376((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
377printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
378__FILE__, __LINE__, (p), #t, n); \
379} while (0)
380#define KMALLOC_NOWAIT(p, t, n) \
381do { \
382((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
383printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
384__FILE__, __LINE__, (p), #t, n); \
385} while (0)
386
387#define KFREE(p) \
388do { \
389printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
390_FREE((caddr_t)(p), M_SECA); \
391} while (0)
392#endif
393
394/*
395 * set parameters into secpolicyindex buffer.
396 * Must allocate secpolicyindex buffer passed to this function.
397 */
398#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, ifp, s_s, s_e, d_s, d_e, idx) \
399do { \
400bzero((idx), sizeof(struct secpolicyindex)); \
401(idx)->dir = (_dir); \
402(idx)->prefs = (ps); \
403(idx)->prefd = (pd); \
404(idx)->ul_proto = (ulp); \
405(idx)->internal_if = (ifp); \
406if (s) bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
407if (d) bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
408if (s_s) bcopy((s_s), &(idx)->src_range.start, ((struct sockaddr *)(s_s))->sa_len); \
409if (s_e) bcopy((s_e), &(idx)->src_range.end, ((struct sockaddr *)(s_e))->sa_len); \
410if (d_s) bcopy((d_s), &(idx)->dst_range.start, ((struct sockaddr *)(d_s))->sa_len); \
411if (d_e) bcopy((d_e), &(idx)->dst_range.end, ((struct sockaddr *)(d_e))->sa_len); \
412} while (0)
413
414/*
415 * set parameters into secasindex buffer.
416 * Must allocate secasindex buffer before calling this function.
417 */
418#define KEY_SETSECASIDX(p, m, r, s, d, ifi, idx) \
419do { \
420bzero((idx), sizeof(struct secasindex)); \
421(idx)->proto = (p); \
422(idx)->mode = (m); \
423(idx)->reqid = (r); \
424bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
425bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
426(idx)->ipsec_ifindex = (ifi); \
427} while (0)
428
429/* key statistics */
430struct _keystat {
431 u_int32_t getspi_count; /* the avarage of count to try to get new SPI */
432} keystat;
433
434struct sadb_msghdr {
435 struct sadb_msg *msg;
436 struct sadb_ext *ext[SADB_EXT_MAX + 1];
437 int extoff[SADB_EXT_MAX + 1];
438 int extlen[SADB_EXT_MAX + 1];
439};
440
441static struct secpolicy *__key_getspbyid(u_int32_t id);
442static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int, u_int16_t);
443static int key_do_get_translated_port(struct secashead *, struct secasvar *, u_int);
444static void key_delsp(struct secpolicy *);
445static struct secpolicy *key_getsp(struct secpolicyindex *);
446static u_int32_t key_newreqid(void);
447static struct mbuf *key_gather_mbuf(struct mbuf *,
448 const struct sadb_msghdr *, int, int, int *);
449static int key_spdadd(struct socket *, struct mbuf *,
450 const struct sadb_msghdr *);
451static u_int32_t key_getnewspid(void);
452static int key_spddelete(struct socket *, struct mbuf *,
453 const struct sadb_msghdr *);
454static int key_spddelete2(struct socket *, struct mbuf *,
455 const struct sadb_msghdr *);
456static int key_spdenable(struct socket *, struct mbuf *,
457 const struct sadb_msghdr *);
458static int key_spddisable(struct socket *, struct mbuf *,
459 const struct sadb_msghdr *);
460static int key_spdget(struct socket *, struct mbuf *,
461 const struct sadb_msghdr *);
462static int key_spdflush(struct socket *, struct mbuf *,
463 const struct sadb_msghdr *);
464static int key_spddump(struct socket *, struct mbuf *,
465 const struct sadb_msghdr *);
466static struct mbuf *key_setdumpsp(struct secpolicy *,
467 u_int8_t, u_int32_t, u_int32_t);
468static u_int key_getspreqmsglen(struct secpolicy *);
469static int key_spdexpire(struct secpolicy *);
470static struct secashead *key_newsah(struct secasindex *, ifnet_t, u_int, u_int8_t);
471static struct secasvar *key_newsav(struct mbuf *,
472 const struct sadb_msghdr *, struct secashead *, int *,
473 struct socket *);
474static struct secashead *key_getsah(struct secasindex *);
475static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
476static void key_setspi __P((struct secasvar *, u_int32_t));
477static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
478static int key_setsaval(struct secasvar *, struct mbuf *,
479 const struct sadb_msghdr *);
480static int key_mature(struct secasvar *);
481static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
482 u_int8_t, u_int32_t, u_int32_t);
483static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
484 u_int32_t, pid_t, u_int16_t);
485static struct mbuf *key_setsadbsa(struct secasvar *);
486static struct mbuf *key_setsadbaddr(u_int16_t,
487 struct sockaddr *, u_int8_t, u_int16_t);
488static struct mbuf *key_setsadbipsecif(ifnet_t, ifnet_t, ifnet_t, int);
489#if 0
490static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
491 int, u_int64_t);
492#endif
493static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t, u_int16_t);
494static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
495 u_int32_t);
496static void *key_newbuf(const void *, u_int);
497#if INET6
498static int key_ismyaddr6(struct sockaddr_in6 *);
499#endif
500static void key_update_natt_keepalive_timestamp(struct secasvar *, struct secasvar *);
501
502/* flags for key_cmpsaidx() */
503#define CMP_HEAD 0x1 /* protocol, addresses. */
504#define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
505#define CMP_REQID 0x4 /* additionally HEAD, reqid. */
506#define CMP_MODE 0x8 /* additionally mode. */
507#define CMP_EXACTLY 0xF /* all elements. */
508static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
509
510static int key_cmpspidx_exactly(struct secpolicyindex *,
511 struct secpolicyindex *);
512static int key_cmpspidx_withmask(struct secpolicyindex *,
513 struct secpolicyindex *);
514static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
515static int key_is_addr_in_range(struct sockaddr_storage *, struct secpolicyaddrrange *);
516static int key_bbcmp(caddr_t, caddr_t, u_int);
517static void key_srandom(void);
518static u_int16_t key_satype2proto(u_int8_t);
519static u_int8_t key_proto2satype(u_int16_t);
520
521static int key_getspi(struct socket *, struct mbuf *,
522 const struct sadb_msghdr *);
523static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
524static int key_update(struct socket *, struct mbuf *,
525 const struct sadb_msghdr *);
526#if IPSEC_DOSEQCHECK
527static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
528#endif
529static int key_add(struct socket *, struct mbuf *, const struct sadb_msghdr *);
530static int key_setident(struct secashead *, struct mbuf *,
531 const struct sadb_msghdr *);
532static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *);
533static int key_delete(struct socket *, struct mbuf *,
534 const struct sadb_msghdr *);
535static int key_get(struct socket *, struct mbuf *, const struct sadb_msghdr *);
536
537static void key_getcomb_setlifetime(struct sadb_comb *);
538#if IPSEC_ESP
539static struct mbuf *key_getcomb_esp(void);
540#endif
541static struct mbuf *key_getcomb_ah(void);
542static struct mbuf *key_getcomb_ipcomp(void);
543static struct mbuf *key_getprop(const struct secasindex *);
544
545static int key_acquire(struct secasindex *, struct secpolicy *);
546#ifndef IPSEC_NONBLOCK_ACQUIRE
547static struct secacq *key_newacq(struct secasindex *);
548static struct secacq *key_getacq(struct secasindex *);
549static struct secacq *key_getacqbyseq(u_int32_t);
550#endif
551static struct secspacq *key_newspacq(struct secpolicyindex *);
552static struct secspacq *key_getspacq(struct secpolicyindex *);
553static int key_acquire2(struct socket *, struct mbuf *,
554 const struct sadb_msghdr *);
555static int key_register(struct socket *, struct mbuf *,
556 const struct sadb_msghdr *);
557static int key_expire(struct secasvar *);
558static int key_flush(struct socket *, struct mbuf *,
559 const struct sadb_msghdr *);
560static int key_dump(struct socket *, struct mbuf *, const struct sadb_msghdr *);
561static int key_promisc(struct socket *, struct mbuf *,
562 const struct sadb_msghdr *);
563static int key_senderror(struct socket *, struct mbuf *, int);
564static int key_validate_ext(const struct sadb_ext *, int);
565static int key_align(struct mbuf *, struct sadb_msghdr *);
566static struct mbuf *key_alloc_mbuf(int);
567static int key_getsastat (struct socket *, struct mbuf *, const struct sadb_msghdr *);
568static int key_setsaval2(struct secasvar *sav,
569 u_int8_t satype,
570 u_int8_t alg_auth,
571 u_int8_t alg_enc,
572 u_int32_t flags,
573 u_int8_t replay,
574 struct sadb_key *key_auth,
575 u_int16_t key_auth_len,
576 struct sadb_key *key_enc,
577 u_int16_t key_enc_len,
578 u_int16_t natt_port,
579 u_int32_t seq,
580 u_int32_t spi,
581 u_int32_t pid,
582 struct sadb_lifetime *lifetime_hard,
583 struct sadb_lifetime *lifetime_soft);
584
585extern int ipsec_bypass;
586extern int esp_udp_encap_port;
587int ipsec_send_natt_keepalive(struct secasvar *sav);
588bool ipsec_fill_offload_frame(ifnet_t ifp, struct secasvar *sav, struct ipsec_offload_frame *frame, size_t frame_data_offset);
589u_int32_t key_fill_offload_frames_for_savs (ifnet_t ifp, struct ipsec_offload_frame *frames_array, u_int32_t frames_array_count, size_t frame_data_offset);
590
591void key_init(struct protosw *, struct domain *);
592
593/*
594 * PF_KEY init
595 * setup locks, call raw_init(), and then init timer and associated data
596 *
597 */
598void
599key_init(struct protosw *pp, struct domain *dp)
600{
601 static int key_initialized = 0;
602 int i;
603
604 VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
605
606 _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= _MHLEN);
607
608 if (key_initialized)
609 return;
610 key_initialized = 1;
611
612 sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
613 sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
614 sadb_mutex_attr = lck_attr_alloc_init();
615
616 lck_mtx_init(sadb_mutex, sadb_mutex_grp, sadb_mutex_attr);
617
618 pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
619 pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
620 pfkey_stat_mutex_attr = lck_attr_alloc_init();
621
622 lck_mtx_init(pfkey_stat_mutex, pfkey_stat_mutex_grp, pfkey_stat_mutex_attr);
623
624 for (i = 0; i < SPIHASHSIZE; i++)
625 LIST_INIT(&spihash[i]);
626
627 raw_init(pp, dp);
628
629 bzero((caddr_t)&key_cb, sizeof(key_cb));
630
631 for (i = 0; i < IPSEC_DIR_MAX; i++) {
632 LIST_INIT(&sptree[i]);
633 }
634 ipsec_policy_count = 0;
635
636 LIST_INIT(&sahtree);
637
638 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
639 LIST_INIT(&regtree[i]);
640 }
641 ipsec_sav_count = 0;
642
643#ifndef IPSEC_NONBLOCK_ACQUIRE
644 LIST_INIT(&acqtree);
645#endif
646 LIST_INIT(&spacqtree);
647
648 /* system default */
649#if INET
650 ip4_def_policy.policy = IPSEC_POLICY_NONE;
651 ip4_def_policy.refcnt++; /*never reclaim this*/
652#endif
653#if INET6
654 ip6_def_policy.policy = IPSEC_POLICY_NONE;
655 ip6_def_policy.refcnt++; /*never reclaim this*/
656#endif
657
658 key_timehandler_running = 0;
659
660 /* initialize key statistics */
661 keystat.getspi_count = 1;
662
663#ifndef __APPLE__
664 printf("IPsec: Initialized Security Association Processing.\n");
665#endif
666}
667
668static void
669key_start_timehandler(void)
670{
671 /* must be called while locked */
672 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
673 if (key_timehandler_running == 0) {
674 key_timehandler_running = 1;
675 (void)timeout((void *)key_timehandler, (void *)0, hz);
676 }
677
678 /* Turn off the ipsec bypass */
679 if (ipsec_bypass != 0)
680 ipsec_bypass = 0;
681}
682
683/* %%% IPsec policy management */
684/*
685 * allocating a SP for OUTBOUND or INBOUND packet.
686 * Must call key_freesp() later.
687 * OUT: NULL: not found
688 * others: found and return the pointer.
689 */
690struct secpolicy *
691key_allocsp(
692 struct secpolicyindex *spidx,
693 u_int dir)
694{
695 struct secpolicy *sp;
696 struct timeval tv;
697
698 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
699 /* sanity check */
700 if (spidx == NULL)
701 panic("key_allocsp: NULL pointer is passed.\n");
702
703 /* check direction */
704 switch (dir) {
705 case IPSEC_DIR_INBOUND:
706 case IPSEC_DIR_OUTBOUND:
707 break;
708 default:
709 panic("key_allocsp: Invalid direction is passed.\n");
710 }
711
712 /* get a SP entry */
713 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
714 printf("*** objects\n");
715 kdebug_secpolicyindex(spidx));
716
717 lck_mtx_lock(sadb_mutex);
718 LIST_FOREACH(sp, &sptree[dir], chain) {
719 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
720 printf("*** in SPD\n");
721 kdebug_secpolicyindex(&sp->spidx));
722
723 if (sp->state == IPSEC_SPSTATE_DEAD)
724 continue;
725
726 /* If the policy is disabled, skip */
727 if (sp->disabled > 0)
728 continue;
729
730 /* If the incoming spidx specifies bound if,
731 ignore unbound policies*/
732 if (spidx->internal_if != NULL
733 && (sp->spidx.internal_if == NULL || sp->ipsec_if == NULL))
734 continue;
735
736 if (key_cmpspidx_withmask(&sp->spidx, spidx))
737 goto found;
738 }
739 lck_mtx_unlock(sadb_mutex);
740 return NULL;
741
742found:
743
744 /* found a SPD entry */
745 microtime(&tv);
746 sp->lastused = tv.tv_sec;
747 sp->refcnt++;
748 lck_mtx_unlock(sadb_mutex);
749
750 /* sanity check */
751 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
752 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
753 printf("DP key_allocsp cause refcnt++:%d SP:0x%llx\n",
754 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
755 return sp;
756}
757
758/*
759 * return a policy that matches this particular inbound packet.
760 * XXX slow
761 */
762struct secpolicy *
763key_gettunnel(
764 struct sockaddr *osrc,
765 struct sockaddr *odst,
766 struct sockaddr *isrc,
767 struct sockaddr *idst)
768{
769 struct secpolicy *sp;
770 const int dir = IPSEC_DIR_INBOUND;
771 struct timeval tv;
772 struct ipsecrequest *r1, *r2, *p;
773 struct sockaddr *os, *od, *is, *id;
774 struct secpolicyindex spidx;
775
776 if (isrc->sa_family != idst->sa_family) {
777 ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
778 isrc->sa_family, idst->sa_family));
779 return NULL;
780 }
781
782 lck_mtx_lock(sadb_mutex);
783 LIST_FOREACH(sp, &sptree[dir], chain) {
784 if (sp->state == IPSEC_SPSTATE_DEAD)
785 continue;
786
787 r1 = r2 = NULL;
788 for (p = sp->req; p; p = p->next) {
789 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
790 continue;
791
792 r1 = r2;
793 r2 = p;
794
795 if (!r1) {
796 /* here we look at address matches only */
797 spidx = sp->spidx;
798 if (isrc->sa_len > sizeof(spidx.src) ||
799 idst->sa_len > sizeof(spidx.dst))
800 continue;
801 bcopy(isrc, &spidx.src, isrc->sa_len);
802 bcopy(idst, &spidx.dst, idst->sa_len);
803 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
804 continue;
805 } else {
806 is = (struct sockaddr *)&r1->saidx.src;
807 id = (struct sockaddr *)&r1->saidx.dst;
808 if (key_sockaddrcmp(is, isrc, 0) ||
809 key_sockaddrcmp(id, idst, 0))
810 continue;
811 }
812
813 os = (struct sockaddr *)&r2->saidx.src;
814 od = (struct sockaddr *)&r2->saidx.dst;
815 if (key_sockaddrcmp(os, osrc, 0) ||
816 key_sockaddrcmp(od, odst, 0))
817 continue;
818
819 goto found;
820 }
821 }
822 lck_mtx_unlock(sadb_mutex);
823 return NULL;
824
825found:
826 microtime(&tv);
827 sp->lastused = tv.tv_sec;
828 sp->refcnt++;
829 lck_mtx_unlock(sadb_mutex);
830 return sp;
831}
832
833struct secasvar *key_alloc_outbound_sav_for_interface(ifnet_t interface, int family)
834{
835 struct secashead *sah;
836 struct secasvar *sav;
837 u_int stateidx;
838 u_int state;
839 const u_int *saorder_state_valid;
840 int arraysize;
841 struct sockaddr_in *sin;
842 u_int16_t dstport;
843
844 if (interface == NULL)
845 return NULL;
846
847 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
848
849 lck_mtx_lock(sadb_mutex);
850
851 LIST_FOREACH(sah, &sahtree, chain) {
852 if (sah->ipsec_if == interface &&
853 (family == AF_INET6 || sah->saidx.dst.ss_family == family) && /* IPv6 can go over IPv4 */
854 sah->dir == IPSEC_DIR_OUTBOUND) {
855 /* This SAH is linked to the IPSec interface, and the right family. We found it! */
856 if (key_preferred_oldsa) {
857 saorder_state_valid = saorder_state_valid_prefer_old;
858 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
859 } else {
860 saorder_state_valid = saorder_state_valid_prefer_new;
861 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
862 }
863
864 sin = (struct sockaddr_in *)&sah->saidx.dst;
865 dstport = sin->sin_port;
866 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT)
867 sin->sin_port = IPSEC_PORT_ANY;
868
869 for (stateidx = 0; stateidx < arraysize; stateidx++) {
870 state = saorder_state_valid[stateidx];
871 sav = key_do_allocsa_policy(sah, state, dstport);
872 if (sav != NULL) {
873 lck_mtx_unlock(sadb_mutex);
874 return sav;
875 }
876 }
877
878 break;
879 }
880 }
881
882 lck_mtx_unlock(sadb_mutex);
883 return NULL;
884}
885
886/*
887 * allocating an SA entry for an *OUTBOUND* packet.
888 * checking each request entries in SP, and acquire an SA if need.
889 * OUT: 0: there are valid requests.
890 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
891 */
892int
893key_checkrequest(
894 struct ipsecrequest *isr,
895 struct secasindex *saidx,
896 struct secasvar **sav)
897{
898 u_int level;
899 int error;
900 struct sockaddr_in *sin;
901
902 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
903
904 *sav = NULL;
905
906 /* sanity check */
907 if (isr == NULL || saidx == NULL)
908 panic("key_checkrequest: NULL pointer is passed.\n");
909
910 /* check mode */
911 switch (saidx->mode) {
912 case IPSEC_MODE_TRANSPORT:
913 case IPSEC_MODE_TUNNEL:
914 break;
915 case IPSEC_MODE_ANY:
916 default:
917 panic("key_checkrequest: Invalid policy defined.\n");
918 }
919
920 /* get current level */
921 level = ipsec_get_reqlevel(isr);
922
923
924 /*
925 * key_allocsa_policy should allocate the oldest SA available.
926 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
927 */
928 if (*sav == NULL)
929 *sav = key_allocsa_policy(saidx);
930
931 /* When there is SA. */
932 if (*sav != NULL)
933 return 0;
934
935 /* There is no SA.
936 *
937 * Remove dst port - used for special natt support - don't call
938 * key_acquire with it.
939 */
940 if (saidx->mode == IPSEC_MODE_TRANSPORT) {
941 sin = (struct sockaddr_in *)&saidx->dst;
942 sin->sin_port = IPSEC_PORT_ANY;
943 }
944 if ((error = key_acquire(saidx, isr->sp)) != 0) {
945 /* XXX What should I do ? */
946 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
947 "from key_acquire.\n", error));
948 return error;
949 }
950
951 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
952}
953
954/*
955 * allocating a SA for policy entry from SAD.
956 * NOTE: searching SAD of aliving state.
957 * OUT: NULL: not found.
958 * others: found and return the pointer.
959 */
960u_int32_t sah_search_calls = 0;
961u_int32_t sah_search_count = 0;
962struct secasvar *
963key_allocsa_policy(
964 struct secasindex *saidx)
965{
966 struct secashead *sah;
967 struct secasvar *sav;
968 u_int stateidx, state;
969 const u_int *saorder_state_valid;
970 int arraysize;
971 struct sockaddr_in *sin;
972 u_int16_t dstport;
973
974 lck_mtx_lock(sadb_mutex);
975 sah_search_calls++;
976 LIST_FOREACH(sah, &sahtree, chain) {
977 sah_search_count++;
978 if (sah->state == SADB_SASTATE_DEAD)
979 continue;
980 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
981 goto found;
982 }
983 lck_mtx_unlock(sadb_mutex);
984 return NULL;
985
986found:
987
988 /*
989 * search a valid state list for outbound packet.
990 * This search order is important.
991 */
992 if (key_preferred_oldsa) {
993 saorder_state_valid = saorder_state_valid_prefer_old;
994 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
995 } else {
996 saorder_state_valid = saorder_state_valid_prefer_new;
997 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
998 }
999
1000
1001 sin = (struct sockaddr_in *)&saidx->dst;
1002 dstport = sin->sin_port;
1003 if (saidx->mode == IPSEC_MODE_TRANSPORT)
1004 sin->sin_port = IPSEC_PORT_ANY;
1005
1006 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1007
1008 state = saorder_state_valid[stateidx];
1009
1010 sav = key_do_allocsa_policy(sah, state, dstport);
1011 if (sav != NULL) {
1012 lck_mtx_unlock(sadb_mutex);
1013 return sav;
1014 }
1015 }
1016 lck_mtx_unlock(sadb_mutex);
1017 return NULL;
1018}
1019
1020static void
1021key_send_delete (struct secasvar *sav)
1022{
1023 struct mbuf *m, *result;
1024 u_int8_t satype;
1025
1026 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
1027
1028 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
1029 panic("key_do_allocsa_policy: invalid proto is passed.\n");
1030
1031 m = key_setsadbmsg(SADB_DELETE, 0,
1032 satype, 0, 0, sav->refcnt - 1);
1033 if (!m)
1034 goto msgfail;
1035 result = m;
1036
1037 /* set sadb_address for saidx's. */
1038 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
1039 (struct sockaddr *)&sav->sah->saidx.src,
1040 sav->sah->saidx.src.ss_len << 3,
1041 IPSEC_ULPROTO_ANY);
1042 if (!m)
1043 goto msgfail;
1044 m_cat(result, m);
1045
1046 /* set sadb_address for saidx's. */
1047 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
1048 (struct sockaddr *)&sav->sah->saidx.dst,
1049 sav->sah->saidx.src.ss_len << 3,
1050 IPSEC_ULPROTO_ANY);
1051 if (!m)
1052 goto msgfail;
1053 m_cat(result, m);
1054
1055 /* create SA extension */
1056 m = key_setsadbsa(sav);
1057 if (!m)
1058 goto msgfail;
1059 m_cat(result, m);
1060
1061 if (result->m_len < sizeof(struct sadb_msg)) {
1062 result = m_pullup(result,
1063 sizeof(struct sadb_msg));
1064 if (result == NULL)
1065 goto msgfail;
1066 }
1067
1068 result->m_pkthdr.len = 0;
1069 for (m = result; m; m = m->m_next)
1070 result->m_pkthdr.len += m->m_len;
1071 mtod(result, struct sadb_msg *)->sadb_msg_len =
1072 PFKEY_UNIT64(result->m_pkthdr.len);
1073
1074 if (key_sendup_mbuf(NULL, result,
1075 KEY_SENDUP_REGISTERED))
1076 goto msgfail;
1077msgfail:
1078 key_freesav(sav, KEY_SADB_LOCKED);
1079}
1080
1081/*
1082 * searching SAD with direction, protocol, mode and state.
1083 * called by key_allocsa_policy().
1084 * OUT:
1085 * NULL : not found
1086 * others : found, pointer to a SA.
1087 */
1088static struct secasvar *
1089key_do_allocsa_policy(
1090 struct secashead *sah,
1091 u_int state,
1092 u_int16_t dstport)
1093{
1094 struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
1095
1096 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1097
1098 /* initialize */
1099 candidate = NULL;
1100 natt_candidate = NULL;
1101 no_natt_candidate = NULL;
1102
1103 for (sav = LIST_FIRST(&sah->savtree[state]);
1104 sav != NULL;
1105 sav = nextsav) {
1106
1107 nextsav = LIST_NEXT(sav, chain);
1108
1109 /* sanity check */
1110 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
1111
1112 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
1113 ((sav->flags & SADB_X_EXT_NATT) != 0) &&
1114 ntohs(dstport) != sav->remote_ike_port)
1115 continue;
1116
1117 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1118 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) &&
1119 ntohs(dstport) != sav->remote_ike_port)
1120 continue; /* skip this one - not a match - or not UDP */
1121
1122 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
1123 ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
1124 (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1125 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
1126 if (natt_candidate == NULL) {
1127 natt_candidate = sav;
1128 continue;
1129 } else
1130 candidate = natt_candidate;
1131 } else {
1132 if (no_natt_candidate == NULL) {
1133 no_natt_candidate = sav;
1134 continue;
1135 } else
1136 candidate = no_natt_candidate;
1137 }
1138
1139 /* Which SA is the better ? */
1140
1141 /* sanity check 2 */
1142 if (candidate->lft_c == NULL || sav->lft_c == NULL)
1143 panic("key_do_allocsa_policy: "
1144 "lifetime_current is NULL.\n");
1145
1146 /* What the best method is to compare ? */
1147 if (key_preferred_oldsa) {
1148 if (candidate->lft_c->sadb_lifetime_addtime >
1149 sav->lft_c->sadb_lifetime_addtime) {
1150 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
1151 natt_candidate = sav;
1152 else
1153 no_natt_candidate = sav;
1154 }
1155 continue;
1156 /*NOTREACHED*/
1157 }
1158
1159 /* prefered new sa rather than old sa */
1160 if (candidate->lft_c->sadb_lifetime_addtime <
1161 sav->lft_c->sadb_lifetime_addtime) {
1162 d = candidate;
1163 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
1164 natt_candidate = sav;
1165 else
1166 no_natt_candidate = sav;
1167 } else
1168 d = sav;
1169
1170 /*
1171 * prepared to delete the SA when there is more
1172 * suitable candidate and the lifetime of the SA is not
1173 * permanent.
1174 */
1175 if (d->lft_c->sadb_lifetime_addtime != 0) {
1176 key_send_delete(d);
1177 }
1178 }
1179
1180 /* choose latest if both types present */
1181 if (natt_candidate == NULL)
1182 candidate = no_natt_candidate;
1183 else if (no_natt_candidate == NULL)
1184 candidate = natt_candidate;
1185 else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
1186 candidate = natt_candidate;
1187 else if (natt_candidate->lft_c->sadb_lifetime_addtime >
1188 no_natt_candidate->lft_c->sadb_lifetime_addtime)
1189 candidate = natt_candidate;
1190 else
1191 candidate = no_natt_candidate;
1192
1193 if (candidate) {
1194 candidate->refcnt++;
1195 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1196 printf("DP allocsa_policy cause "
1197 "refcnt++:%d SA:0x%llx\n", candidate->refcnt,
1198 (uint64_t)VM_KERNEL_ADDRPERM(candidate)));
1199 }
1200 return candidate;
1201}
1202
1203/*
1204 * allocating a SA entry for a *INBOUND* packet.
1205 * Must call key_freesav() later.
1206 * OUT: positive: pointer to a sav.
1207 * NULL: not found, or error occurred.
1208 *
1209 * In the comparison, source address will be ignored for RFC2401 conformance.
1210 * To quote, from section 4.1:
1211 * A security association is uniquely identified by a triple consisting
1212 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1213 * security protocol (AH or ESP) identifier.
1214 * Note that, however, we do need to keep source address in IPsec SA.
1215 * IKE specification and PF_KEY specification do assume that we
1216 * keep source address in IPsec SA. We see a tricky situation here.
1217 */
1218struct secasvar *
1219key_allocsa(
1220 u_int family,
1221 caddr_t src,
1222 caddr_t dst,
1223 u_int proto,
1224 u_int32_t spi)
1225{
1226 struct secasvar *sav, *match;
1227 u_int stateidx, state, tmpidx, matchidx;
1228 struct sockaddr_in sin;
1229 struct sockaddr_in6 sin6;
1230 const u_int *saorder_state_valid;
1231 int arraysize;
1232
1233 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1234
1235 /* sanity check */
1236 if (src == NULL || dst == NULL)
1237 panic("key_allocsa: NULL pointer is passed.\n");
1238
1239 /*
1240 * when both systems employ similar strategy to use a SA.
1241 * the search order is important even in the inbound case.
1242 */
1243 if (key_preferred_oldsa) {
1244 saorder_state_valid = saorder_state_valid_prefer_old;
1245 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1246 } else {
1247 saorder_state_valid = saorder_state_valid_prefer_new;
1248 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1249 }
1250
1251 /*
1252 * searching SAD.
1253 * XXX: to be checked internal IP header somewhere. Also when
1254 * IPsec tunnel packet is received. But ESP tunnel mode is
1255 * encrypted so we can't check internal IP header.
1256 */
1257 /*
1258 * search a valid state list for inbound packet.
1259 * the search order is not important.
1260 */
1261 match = NULL;
1262 matchidx = arraysize;
1263 lck_mtx_lock(sadb_mutex);
1264 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
1265 if (sav->spi != spi)
1266 continue;
1267 if (proto != sav->sah->saidx.proto)
1268 continue;
1269 if (family != sav->sah->saidx.src.ss_family ||
1270 family != sav->sah->saidx.dst.ss_family)
1271 continue;
1272 tmpidx = arraysize;
1273 for (stateidx = 0; stateidx < matchidx; stateidx++) {
1274 state = saorder_state_valid[stateidx];
1275 if (sav->state == state) {
1276 tmpidx = stateidx;
1277 break;
1278 }
1279 }
1280 if (tmpidx >= matchidx)
1281 continue;
1282
1283#if 0 /* don't check src */
1284 /* check src address */
1285 switch (family) {
1286 case AF_INET:
1287 bzero(&sin, sizeof(sin));
1288 sin.sin_family = AF_INET;
1289 sin.sin_len = sizeof(sin);
1290 bcopy(src, &sin.sin_addr,
1291 sizeof(sin.sin_addr));
1292 if (key_sockaddrcmp((struct sockaddr*)&sin,
1293 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1294 continue;
1295 break;
1296 case AF_INET6:
1297 bzero(&sin6, sizeof(sin6));
1298 sin6.sin6_family = AF_INET6;
1299 sin6.sin6_len = sizeof(sin6);
1300 bcopy(src, &sin6.sin6_addr,
1301 sizeof(sin6.sin6_addr));
1302 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1303 /* kame fake scopeid */
1304 sin6.sin6_scope_id =
1305 ntohs(sin6.sin6_addr.s6_addr16[1]);
1306 sin6.sin6_addr.s6_addr16[1] = 0;
1307 }
1308 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1309 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1310 continue;
1311 break;
1312 default:
1313 ipseclog((LOG_DEBUG, "key_allocsa: "
1314 "unknown address family=%d.\n",
1315 family));
1316 continue;
1317 }
1318
1319#endif
1320 /* check dst address */
1321 switch (family) {
1322 case AF_INET:
1323 bzero(&sin, sizeof(sin));
1324 sin.sin_family = AF_INET;
1325 sin.sin_len = sizeof(sin);
1326 bcopy(dst, &sin.sin_addr,
1327 sizeof(sin.sin_addr));
1328 if (key_sockaddrcmp((struct sockaddr*)&sin,
1329 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1330 continue;
1331
1332 break;
1333 case AF_INET6:
1334 bzero(&sin6, sizeof(sin6));
1335 sin6.sin6_family = AF_INET6;
1336 sin6.sin6_len = sizeof(sin6);
1337 bcopy(dst, &sin6.sin6_addr,
1338 sizeof(sin6.sin6_addr));
1339 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1340 /* kame fake scopeid */
1341 sin6.sin6_scope_id =
1342 ntohs(sin6.sin6_addr.s6_addr16[1]);
1343 sin6.sin6_addr.s6_addr16[1] = 0;
1344 }
1345 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1346 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1347 continue;
1348 break;
1349 default:
1350 ipseclog((LOG_DEBUG, "key_allocsa: "
1351 "unknown address family=%d.\n", family));
1352 continue;
1353 }
1354
1355 match = sav;
1356 matchidx = tmpidx;
1357 }
1358 if (match)
1359 goto found;
1360
1361 /* not found */
1362 lck_mtx_unlock(sadb_mutex);
1363 return NULL;
1364
1365found:
1366 match->refcnt++;
1367 lck_mtx_unlock(sadb_mutex);
1368 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1369 printf("DP allocsa cause refcnt++:%d SA:0x%llx\n",
1370 match->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(match)));
1371 return match;
1372}
1373
1374u_int16_t
1375key_natt_get_translated_port(
1376 struct secasvar *outsav)
1377{
1378
1379 struct secasindex saidx;
1380 struct secashead *sah;
1381 u_int stateidx, state;
1382 const u_int *saorder_state_valid;
1383 int arraysize;
1384
1385 /* get sa for incoming */
1386 saidx.mode = outsav->sah->saidx.mode;
1387 saidx.reqid = 0;
1388 saidx.proto = outsav->sah->saidx.proto;
1389 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
1390 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
1391
1392 lck_mtx_lock(sadb_mutex);
1393 LIST_FOREACH(sah, &sahtree, chain) {
1394 if (sah->state == SADB_SASTATE_DEAD)
1395 continue;
1396 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
1397 goto found;
1398 }
1399 lck_mtx_unlock(sadb_mutex);
1400 return 0;
1401
1402found:
1403 /*
1404 * Found sah - now go thru list of SAs and find
1405 * matching remote ike port. If found - set
1406 * sav->natt_encapsulated_src_port and return the port.
1407 */
1408 /*
1409 * search a valid state list for outbound packet.
1410 * This search order is important.
1411 */
1412 if (key_preferred_oldsa) {
1413 saorder_state_valid = saorder_state_valid_prefer_old;
1414 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1415 } else {
1416 saorder_state_valid = saorder_state_valid_prefer_new;
1417 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1418 }
1419
1420 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1421 state = saorder_state_valid[stateidx];
1422 if (key_do_get_translated_port(sah, outsav, state)) {
1423 lck_mtx_unlock(sadb_mutex);
1424 return outsav->natt_encapsulated_src_port;
1425 }
1426 }
1427 lck_mtx_unlock(sadb_mutex);
1428 return 0;
1429}
1430
1431static int
1432key_do_get_translated_port(
1433 struct secashead *sah,
1434 struct secasvar *outsav,
1435 u_int state)
1436{
1437 struct secasvar *currsav, *nextsav, *candidate;
1438
1439
1440 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1441
1442 /* initilize */
1443 candidate = NULL;
1444
1445 for (currsav = LIST_FIRST(&sah->savtree[state]);
1446 currsav != NULL;
1447 currsav = nextsav) {
1448
1449 nextsav = LIST_NEXT(currsav, chain);
1450
1451 /* sanity check */
1452 KEY_CHKSASTATE(currsav->state, state, "key_do_get_translated_port");
1453
1454 if ((currsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) == 0 ||
1455 currsav->remote_ike_port != outsav->remote_ike_port)
1456 continue;
1457
1458 if (candidate == NULL) {
1459 candidate = currsav;
1460 continue;
1461 }
1462
1463 /* Which SA is the better ? */
1464
1465 /* sanity check 2 */
1466 if (candidate->lft_c == NULL || currsav->lft_c == NULL)
1467 panic("key_do_get_translated_port: "
1468 "lifetime_current is NULL.\n");
1469
1470 /* What the best method is to compare ? */
1471 if (key_preferred_oldsa) {
1472 if (candidate->lft_c->sadb_lifetime_addtime >
1473 currsav->lft_c->sadb_lifetime_addtime) {
1474 candidate = currsav;
1475 }
1476 continue;
1477 /*NOTREACHED*/
1478 }
1479
1480 /* prefered new sa rather than old sa */
1481 if (candidate->lft_c->sadb_lifetime_addtime <
1482 currsav->lft_c->sadb_lifetime_addtime)
1483 candidate = currsav;
1484 }
1485
1486 if (candidate) {
1487 outsav->natt_encapsulated_src_port = candidate->natt_encapsulated_src_port;
1488 return 1;
1489 }
1490
1491 return 0;
1492}
1493
1494/*
1495 * Must be called after calling key_allocsp().
1496 */
1497void
1498key_freesp(
1499 struct secpolicy *sp,
1500 int locked)
1501{
1502
1503 /* sanity check */
1504 if (sp == NULL)
1505 panic("key_freesp: NULL pointer is passed.\n");
1506
1507 if (!locked)
1508 lck_mtx_lock(sadb_mutex);
1509 else
1510 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1511 sp->refcnt--;
1512 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1513 printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
1514 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
1515
1516 if (sp->refcnt == 0)
1517 key_delsp(sp);
1518 if (!locked)
1519 lck_mtx_unlock(sadb_mutex);
1520 return;
1521}
1522
1523/*
1524 * Must be called after calling key_allocsa().
1525 * This function is called by key_freesp() to free some SA allocated
1526 * for a policy.
1527 */
1528void
1529key_freesav(
1530 struct secasvar *sav,
1531 int locked)
1532{
1533
1534 /* sanity check */
1535 if (sav == NULL)
1536 panic("key_freesav: NULL pointer is passed.\n");
1537
1538 if (!locked)
1539 lck_mtx_lock(sadb_mutex);
1540 else
1541 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1542 sav->refcnt--;
1543 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1544 printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
1545 sav->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sav),
1546 (u_int32_t)ntohl(sav->spi)));
1547
1548 if (sav->refcnt == 0)
1549 key_delsav(sav);
1550 if (!locked)
1551 lck_mtx_unlock(sadb_mutex);
1552 return;
1553}
1554
1555/* %%% SPD management */
1556/*
1557 * free security policy entry.
1558 */
1559static void
1560key_delsp(
1561 struct secpolicy *sp)
1562{
1563
1564 /* sanity check */
1565 if (sp == NULL)
1566 panic("key_delsp: NULL pointer is passed.\n");
1567
1568 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1569 sp->state = IPSEC_SPSTATE_DEAD;
1570
1571 if (sp->refcnt > 0)
1572 return; /* can't free */
1573
1574 /* remove from SP index */
1575 if (__LIST_CHAINED(sp)) {
1576 LIST_REMOVE(sp, chain);
1577 ipsec_policy_count--;
1578 }
1579
1580 if (sp->spidx.internal_if) {
1581 ifnet_release(sp->spidx.internal_if);
1582 sp->spidx.internal_if = NULL;
1583 }
1584
1585 if (sp->ipsec_if) {
1586 ifnet_release(sp->ipsec_if);
1587 sp->ipsec_if = NULL;
1588 }
1589
1590 if (sp->outgoing_if) {
1591 ifnet_release(sp->outgoing_if);
1592 sp->outgoing_if = NULL;
1593 }
1594
1595 {
1596 struct ipsecrequest *isr = sp->req, *nextisr;
1597
1598 while (isr != NULL) {
1599 nextisr = isr->next;
1600 KFREE(isr);
1601 isr = nextisr;
1602 }
1603 }
1604 keydb_delsecpolicy(sp);
1605
1606 return;
1607}
1608
1609/*
1610 * search SPD
1611 * OUT: NULL : not found
1612 * others : found, pointer to a SP.
1613 */
1614static struct secpolicy *
1615key_getsp(
1616 struct secpolicyindex *spidx)
1617{
1618 struct secpolicy *sp;
1619
1620 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1621
1622 /* sanity check */
1623 if (spidx == NULL)
1624 panic("key_getsp: NULL pointer is passed.\n");
1625
1626 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1627 if (sp->state == IPSEC_SPSTATE_DEAD)
1628 continue;
1629 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1630 sp->refcnt++;
1631 return sp;
1632 }
1633 }
1634
1635 return NULL;
1636}
1637
1638/*
1639 * get SP by index.
1640 * OUT: NULL : not found
1641 * others : found, pointer to a SP.
1642 */
1643struct secpolicy *
1644key_getspbyid(
1645 u_int32_t id)
1646{
1647 struct secpolicy *sp;
1648
1649 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1650
1651 lck_mtx_lock(sadb_mutex);
1652 sp = __key_getspbyid(id);
1653 lck_mtx_unlock(sadb_mutex);
1654
1655 return sp;
1656}
1657
1658static struct secpolicy *
1659__key_getspbyid(u_int32_t id)
1660{
1661 struct secpolicy *sp;
1662
1663 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1664
1665 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1666 if (sp->state == IPSEC_SPSTATE_DEAD)
1667 continue;
1668 if (sp->id == id) {
1669 sp->refcnt++;
1670 return sp;
1671 }
1672 }
1673
1674 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1675 if (sp->state == IPSEC_SPSTATE_DEAD)
1676 continue;
1677 if (sp->id == id) {
1678 sp->refcnt++;
1679 return sp;
1680 }
1681 }
1682
1683 return NULL;
1684}
1685
1686struct secpolicy *
1687key_newsp(void)
1688{
1689 struct secpolicy *newsp = NULL;
1690
1691 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1692 newsp = keydb_newsecpolicy();
1693 if (!newsp)
1694 return newsp;
1695
1696 newsp->refcnt = 1;
1697 newsp->req = NULL;
1698
1699 return newsp;
1700}
1701
1702/*
1703 * create secpolicy structure from sadb_x_policy structure.
1704 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1705 * so must be set properly later.
1706 */
1707struct secpolicy *
1708key_msg2sp(
1709 struct sadb_x_policy *xpl0,
1710 size_t len,
1711 int *error)
1712{
1713 struct secpolicy *newsp;
1714
1715 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1716
1717 /* sanity check */
1718 if (xpl0 == NULL)
1719 panic("key_msg2sp: NULL pointer was passed.\n");
1720 if (len < sizeof(*xpl0))
1721 panic("key_msg2sp: invalid length.\n");
1722 if (len != PFKEY_EXTLEN(xpl0)) {
1723 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1724 *error = EINVAL;
1725 return NULL;
1726 }
1727
1728 if ((newsp = key_newsp()) == NULL) {
1729 *error = ENOBUFS;
1730 return NULL;
1731 }
1732
1733 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1734 newsp->policy = xpl0->sadb_x_policy_type;
1735
1736 /* check policy */
1737 switch (xpl0->sadb_x_policy_type) {
1738 case IPSEC_POLICY_DISCARD:
1739 case IPSEC_POLICY_GENERATE:
1740 case IPSEC_POLICY_NONE:
1741 case IPSEC_POLICY_ENTRUST:
1742 case IPSEC_POLICY_BYPASS:
1743 newsp->req = NULL;
1744 break;
1745
1746 case IPSEC_POLICY_IPSEC:
1747 {
1748 int tlen;
1749 struct sadb_x_ipsecrequest *xisr;
1750 struct ipsecrequest **p_isr = &newsp->req;
1751
1752 /* validity check */
1753 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1754 ipseclog((LOG_DEBUG,
1755 "key_msg2sp: Invalid msg length.\n"));
1756 key_freesp(newsp, KEY_SADB_UNLOCKED);
1757 *error = EINVAL;
1758 return NULL;
1759 }
1760
1761 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1762 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1763
1764 while (tlen > 0) {
1765
1766 /* length check */
1767 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1768 ipseclog((LOG_DEBUG, "key_msg2sp: "
1769 "invalid ipsecrequest length.\n"));
1770 key_freesp(newsp, KEY_SADB_UNLOCKED);
1771 *error = EINVAL;
1772 return NULL;
1773 }
1774
1775 /* allocate request buffer */
1776 KMALLOC_WAIT(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1777 if ((*p_isr) == NULL) {
1778 ipseclog((LOG_DEBUG,
1779 "key_msg2sp: No more memory.\n"));
1780 key_freesp(newsp, KEY_SADB_UNLOCKED);
1781 *error = ENOBUFS;
1782 return NULL;
1783 }
1784 bzero(*p_isr, sizeof(**p_isr));
1785
1786 /* set values */
1787 (*p_isr)->next = NULL;
1788
1789 switch (xisr->sadb_x_ipsecrequest_proto) {
1790 case IPPROTO_ESP:
1791 case IPPROTO_AH:
1792 case IPPROTO_IPCOMP:
1793 break;
1794 default:
1795 ipseclog((LOG_DEBUG,
1796 "key_msg2sp: invalid proto type=%u\n",
1797 xisr->sadb_x_ipsecrequest_proto));
1798 key_freesp(newsp, KEY_SADB_UNLOCKED);
1799 *error = EPROTONOSUPPORT;
1800 return NULL;
1801 }
1802 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1803
1804 switch (xisr->sadb_x_ipsecrequest_mode) {
1805 case IPSEC_MODE_TRANSPORT:
1806 case IPSEC_MODE_TUNNEL:
1807 break;
1808 case IPSEC_MODE_ANY:
1809 default:
1810 ipseclog((LOG_DEBUG,
1811 "key_msg2sp: invalid mode=%u\n",
1812 xisr->sadb_x_ipsecrequest_mode));
1813 key_freesp(newsp, KEY_SADB_UNLOCKED);
1814 *error = EINVAL;
1815 return NULL;
1816 }
1817 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1818
1819 switch (xisr->sadb_x_ipsecrequest_level) {
1820 case IPSEC_LEVEL_DEFAULT:
1821 case IPSEC_LEVEL_USE:
1822 case IPSEC_LEVEL_REQUIRE:
1823 break;
1824 case IPSEC_LEVEL_UNIQUE:
1825 /* validity check */
1826 /*
1827 * If range violation of reqid, kernel will
1828 * update it, don't refuse it.
1829 */
1830 if (xisr->sadb_x_ipsecrequest_reqid
1831 > IPSEC_MANUAL_REQID_MAX) {
1832 ipseclog((LOG_DEBUG,
1833 "key_msg2sp: reqid=%d range "
1834 "violation, updated by kernel.\n",
1835 xisr->sadb_x_ipsecrequest_reqid));
1836 xisr->sadb_x_ipsecrequest_reqid = 0;
1837 }
1838
1839 /* allocate new reqid id if reqid is zero. */
1840 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1841 u_int32_t reqid;
1842 if ((reqid = key_newreqid()) == 0) {
1843 key_freesp(newsp, KEY_SADB_UNLOCKED);
1844 *error = ENOBUFS;
1845 return NULL;
1846 }
1847 (*p_isr)->saidx.reqid = reqid;
1848 xisr->sadb_x_ipsecrequest_reqid = reqid;
1849 } else {
1850 /* set it for manual keying. */
1851 (*p_isr)->saidx.reqid =
1852 xisr->sadb_x_ipsecrequest_reqid;
1853 }
1854 break;
1855
1856 default:
1857 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1858 xisr->sadb_x_ipsecrequest_level));
1859 key_freesp(newsp, KEY_SADB_UNLOCKED);
1860 *error = EINVAL;
1861 return NULL;
1862 }
1863 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1864
1865 /* set IP addresses if there */
1866 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1867 struct sockaddr *paddr;
1868
1869 paddr = (struct sockaddr *)(xisr + 1);
1870
1871 /* validity check */
1872 if (paddr->sa_len
1873 > sizeof((*p_isr)->saidx.src)) {
1874 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1875 "address length.\n"));
1876 key_freesp(newsp, KEY_SADB_UNLOCKED);
1877 *error = EINVAL;
1878 return NULL;
1879 }
1880 bcopy(paddr, &(*p_isr)->saidx.src,
1881 paddr->sa_len);
1882
1883 paddr = (struct sockaddr *)((caddr_t)paddr
1884 + paddr->sa_len);
1885
1886 /* validity check */
1887 if (paddr->sa_len
1888 > sizeof((*p_isr)->saidx.dst)) {
1889 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1890 "address length.\n"));
1891 key_freesp(newsp, KEY_SADB_UNLOCKED);
1892 *error = EINVAL;
1893 return NULL;
1894 }
1895 bcopy(paddr, &(*p_isr)->saidx.dst,
1896 paddr->sa_len);
1897 }
1898
1899 (*p_isr)->sp = newsp;
1900
1901 /* initialization for the next. */
1902 p_isr = &(*p_isr)->next;
1903 tlen -= xisr->sadb_x_ipsecrequest_len;
1904
1905 /* validity check */
1906 if (tlen < 0) {
1907 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1908 key_freesp(newsp, KEY_SADB_UNLOCKED);
1909 *error = EINVAL;
1910 return NULL;
1911 }
1912
1913 xisr = (struct sadb_x_ipsecrequest *)(void *)
1914 ((caddr_t)xisr + xisr->sadb_x_ipsecrequest_len);
1915 }
1916 }
1917 break;
1918 default:
1919 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1920 key_freesp(newsp, KEY_SADB_UNLOCKED);
1921 *error = EINVAL;
1922 return NULL;
1923 }
1924
1925 *error = 0;
1926 return newsp;
1927}
1928
1929static u_int32_t
1930key_newreqid(void)
1931{
1932 lck_mtx_lock(sadb_mutex);
1933 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1934 int done = 0;
1935
1936 /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
1937 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
1938 work anymore. Changing the PF_KEY message format would introduce compatibility
1939 issues. This code now tests to see if the tentative reqid is in use */
1940
1941 while (!done) {
1942 struct secpolicy *sp;
1943 struct ipsecrequest *isr;
1944 int dir;
1945
1946 auto_reqid = (auto_reqid == 0xFFFF
1947 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1948
1949 /* check for uniqueness */
1950 done = 1;
1951 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
1952 LIST_FOREACH(sp, &sptree[dir], chain) {
1953 for (isr = sp->req; isr != NULL; isr = isr->next) {
1954 if (isr->saidx.reqid == auto_reqid) {
1955 done = 0;
1956 break;
1957 }
1958 }
1959 if (done == 0)
1960 break;
1961 }
1962 if (done == 0)
1963 break;
1964 }
1965 }
1966
1967 lck_mtx_unlock(sadb_mutex);
1968 return auto_reqid;
1969}
1970
1971/*
1972 * copy secpolicy struct to sadb_x_policy structure indicated.
1973 */
1974struct mbuf *
1975key_sp2msg(
1976 struct secpolicy *sp)
1977{
1978 struct sadb_x_policy *xpl;
1979 int tlen;
1980 caddr_t p;
1981 struct mbuf *m;
1982
1983 /* sanity check. */
1984 if (sp == NULL)
1985 panic("key_sp2msg: NULL pointer was passed.\n");
1986
1987 tlen = key_getspreqmsglen(sp);
1988
1989 m = key_alloc_mbuf(tlen);
1990 if (!m || m->m_next) { /*XXX*/
1991 if (m)
1992 m_freem(m);
1993 return NULL;
1994 }
1995
1996 m->m_len = tlen;
1997 m->m_next = NULL;
1998 xpl = mtod(m, struct sadb_x_policy *);
1999 bzero(xpl, tlen);
2000
2001 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
2002 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2003 xpl->sadb_x_policy_type = sp->policy;
2004 xpl->sadb_x_policy_dir = sp->spidx.dir;
2005 xpl->sadb_x_policy_id = sp->id;
2006 p = (caddr_t)xpl + sizeof(*xpl);
2007
2008 /* if is the policy for ipsec ? */
2009 if (sp->policy == IPSEC_POLICY_IPSEC) {
2010 struct sadb_x_ipsecrequest *xisr;
2011 struct ipsecrequest *isr;
2012
2013 for (isr = sp->req; isr != NULL; isr = isr->next) {
2014
2015 xisr = (struct sadb_x_ipsecrequest *)(void *)p;
2016
2017 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
2018 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
2019 xisr->sadb_x_ipsecrequest_level = isr->level;
2020 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
2021
2022 p += sizeof(*xisr);
2023 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
2024 p += isr->saidx.src.ss_len;
2025 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
2026 p += isr->saidx.src.ss_len;
2027
2028 xisr->sadb_x_ipsecrequest_len =
2029 PFKEY_ALIGN8(sizeof(*xisr)
2030 + isr->saidx.src.ss_len
2031 + isr->saidx.dst.ss_len);
2032 }
2033 }
2034
2035 return m;
2036}
2037
2038/* m will not be freed nor modified */
2039static struct mbuf *
2040key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
2041 int ndeep, int nitem, int *items)
2042{
2043 int idx;
2044 int i;
2045 struct mbuf *result = NULL, *n;
2046 int len;
2047
2048 if (m == NULL || mhp == NULL)
2049 panic("null pointer passed to key_gather");
2050
2051 for (i = 0; i < nitem; i++) {
2052 idx = items[i];
2053 if (idx < 0 || idx > SADB_EXT_MAX)
2054 goto fail;
2055 /* don't attempt to pull empty extension */
2056 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
2057 continue;
2058 if (idx != SADB_EXT_RESERVED &&
2059 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
2060 continue;
2061
2062 if (idx == SADB_EXT_RESERVED) {
2063 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2064 MGETHDR(n, M_WAITOK, MT_DATA); // sadb_msg len < MHLEN - enforced by _CASSERT
2065 if (!n)
2066 goto fail;
2067 n->m_len = len;
2068 n->m_next = NULL;
2069 m_copydata(m, 0, sizeof(struct sadb_msg),
2070 mtod(n, caddr_t));
2071 } else if (i < ndeep) {
2072 len = mhp->extlen[idx];
2073 n = key_alloc_mbuf(len);
2074 if (!n || n->m_next) { /*XXX*/
2075 if (n)
2076 m_freem(n);
2077 goto fail;
2078 }
2079 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
2080 mtod(n, caddr_t));
2081 } else {
2082 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
2083 M_WAITOK);
2084 }
2085 if (n == NULL)
2086 goto fail;
2087
2088 if (result)
2089 m_cat(result, n);
2090 else
2091 result = n;
2092 }
2093
2094 if ((result->m_flags & M_PKTHDR) != 0) {
2095 result->m_pkthdr.len = 0;
2096 for (n = result; n; n = n->m_next)
2097 result->m_pkthdr.len += n->m_len;
2098 }
2099
2100 return result;
2101
2102fail:
2103 m_freem(result);
2104 return NULL;
2105}
2106
2107/*
2108 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2109 * add a entry to SP database, when received
2110 * <base, address(SD), (lifetime(H),) policy>
2111 * from the user(?).
2112 * Adding to SP database,
2113 * and send
2114 * <base, address(SD), (lifetime(H),) policy>
2115 * to the socket which was send.
2116 *
2117 * SPDADD set a unique policy entry.
2118 * SPDSETIDX like SPDADD without a part of policy requests.
2119 * SPDUPDATE replace a unique policy entry.
2120 *
2121 * m will always be freed.
2122 */
2123static int
2124key_spdadd(
2125 struct socket *so,
2126 struct mbuf *m,
2127 const struct sadb_msghdr *mhp)
2128{
2129 struct sadb_address *src0, *dst0, *src1, *dst1;
2130 struct sadb_x_policy *xpl0, *xpl;
2131 struct sadb_lifetime *lft = NULL;
2132 struct secpolicyindex spidx;
2133 struct secpolicy *newsp;
2134 struct timeval tv;
2135 ifnet_t internal_if = NULL;
2136 char *outgoing_if = NULL;
2137 char *ipsec_if = NULL;
2138 struct sadb_x_ipsecif *ipsecifopts = NULL;
2139 int error;
2140 int use_src_range = 0;
2141 int use_dst_range = 0;
2142 int init_disabled = 0;
2143 int address_family, address_len;
2144
2145 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2146
2147 /* sanity check */
2148 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2149 panic("key_spdadd: NULL pointer is passed.\n");
2150
2151 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2152 use_src_range = 1;
2153 }
2154 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2155 use_dst_range = 1;
2156 }
2157
2158 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2159 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2160 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2161 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2162 return key_senderror(so, m, EINVAL);
2163 }
2164 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2165 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2166 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2167 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2168 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2169 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2170 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2171 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2172 return key_senderror(so, m, EINVAL);
2173 }
2174 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
2175 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
2176 < sizeof(struct sadb_lifetime)) {
2177 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2178 return key_senderror(so, m, EINVAL);
2179 }
2180 lft = (struct sadb_lifetime *)
2181 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2182 }
2183 if (mhp->ext[SADB_X_EXT_IPSECIF] != NULL) {
2184 if (mhp->extlen[SADB_X_EXT_IPSECIF] < sizeof(struct sadb_x_ipsecif)) {
2185 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2186 return key_senderror(so, m, EINVAL);
2187 }
2188 }
2189
2190 if (use_src_range) {
2191 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2192 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2193 } else {
2194 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2195 }
2196 if (use_dst_range) {
2197 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2198 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2199 } else {
2200 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2201 }
2202 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2203 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2204
2205 /* check addresses */
2206 address_family = ((struct sockaddr *)(src0 + 1))->sa_family;
2207 address_len = ((struct sockaddr *)(src0 + 1))->sa_len;
2208 if (use_src_range) {
2209 if (((struct sockaddr *)(src1+ 1))->sa_family != address_family ||
2210 ((struct sockaddr *)(src1+ 1))->sa_len != address_len) {
2211 return key_senderror(so, m, EINVAL);
2212 }
2213 }
2214 if (((struct sockaddr *)(dst0+ 1))->sa_family != address_family ||
2215 ((struct sockaddr *)(dst0+ 1))->sa_len != address_len) {
2216 return key_senderror(so, m, EINVAL);
2217 }
2218 if (use_dst_range) {
2219 if (((struct sockaddr *)(dst1+ 1))->sa_family != address_family ||
2220 ((struct sockaddr *)(dst1+ 1))->sa_len != address_len) {
2221 return key_senderror(so, m, EINVAL);
2222 }
2223 }
2224
2225 /* checking the direction. */
2226 switch (xpl0->sadb_x_policy_dir) {
2227 case IPSEC_DIR_INBOUND:
2228 case IPSEC_DIR_OUTBOUND:
2229 break;
2230 default:
2231 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
2232 mhp->msg->sadb_msg_errno = EINVAL;
2233 return 0;
2234 }
2235
2236 /* check policy */
2237 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2238 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
2239 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
2240 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
2241 return key_senderror(so, m, EINVAL);
2242 }
2243
2244 /* policy requests are mandatory when action is ipsec. */
2245 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
2246 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
2247 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2248 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
2249 return key_senderror(so, m, EINVAL);
2250 }
2251
2252 /* Process interfaces */
2253 if (ipsecifopts != NULL) {
2254 if (ipsecifopts->sadb_x_ipsecif_internal_if) {
2255 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2256 }
2257 if (ipsecifopts->sadb_x_ipsecif_outgoing_if) {
2258 outgoing_if = ipsecifopts->sadb_x_ipsecif_outgoing_if;
2259 }
2260 if (ipsecifopts->sadb_x_ipsecif_ipsec_if) {
2261 ipsec_if = ipsecifopts->sadb_x_ipsecif_ipsec_if;
2262 }
2263 init_disabled = ipsecifopts->sadb_x_ipsecif_init_disabled;
2264 }
2265
2266 /* make secindex */
2267 /* XXX boundary check against sa_len */
2268 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2269 src0 + 1,
2270 dst0 + 1,
2271 src0->sadb_address_prefixlen,
2272 dst0->sadb_address_prefixlen,
2273 src0->sadb_address_proto,
2274 internal_if,
2275 use_src_range ? src0 + 1 : NULL,
2276 use_src_range ? src1 + 1 : NULL,
2277 use_dst_range ? dst0 + 1 : NULL,
2278 use_dst_range ? dst1 + 1 : NULL,
2279 &spidx);
2280
2281 /*
2282 * checking there is SP already or not.
2283 * SPDUPDATE doesn't depend on whether there is a SP or not.
2284 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2285 * then error.
2286 */
2287 lck_mtx_lock(sadb_mutex);
2288 newsp = key_getsp(&spidx);
2289 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2290 if (newsp) {
2291 newsp->state = IPSEC_SPSTATE_DEAD;
2292 key_freesp(newsp, KEY_SADB_LOCKED);
2293 }
2294 } else {
2295 if (newsp != NULL) {
2296 key_freesp(newsp, KEY_SADB_LOCKED);
2297 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
2298 lck_mtx_unlock(sadb_mutex);
2299 if (internal_if) {
2300 ifnet_release(internal_if);
2301 internal_if = NULL;
2302 }
2303 return key_senderror(so, m, EEXIST);
2304 }
2305 }
2306 lck_mtx_unlock(sadb_mutex);
2307
2308 /* allocation new SP entry */
2309 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2310 if (internal_if) {
2311 ifnet_release(internal_if);
2312 internal_if = NULL;
2313 }
2314 return key_senderror(so, m, error);
2315 }
2316
2317 if ((newsp->id = key_getnewspid()) == 0) {
2318 keydb_delsecpolicy(newsp);
2319 if (internal_if) {
2320 ifnet_release(internal_if);
2321 internal_if = NULL;
2322 }
2323 return key_senderror(so, m, ENOBUFS);
2324 }
2325
2326 /* XXX boundary check against sa_len */
2327 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2328 src0 + 1,
2329 dst0 + 1,
2330 src0->sadb_address_prefixlen,
2331 dst0->sadb_address_prefixlen,
2332 src0->sadb_address_proto,
2333 internal_if,
2334 use_src_range ? src0 + 1 : NULL,
2335 use_src_range ? src1 + 1 : NULL,
2336 use_dst_range ? dst0 + 1 : NULL,
2337 use_dst_range ? dst1 + 1 : NULL,
2338 &newsp->spidx);
2339
2340#if 1
2341 /*
2342 * allow IPv6 over IPv4 tunnels using ESP -
2343 * otherwise reject if inner and outer address families not equal
2344 */
2345 if (newsp->req && newsp->req->saidx.src.ss_family) {
2346 struct sockaddr *sa;
2347 sa = (struct sockaddr *)(src0 + 1);
2348 if (sa->sa_family != newsp->req->saidx.src.ss_family) {
2349 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
2350 || sa->sa_family != AF_INET6 || newsp->req->saidx.src.ss_family != AF_INET) {
2351 keydb_delsecpolicy(newsp);
2352 if (internal_if) {
2353 ifnet_release(internal_if);
2354 internal_if = NULL;
2355 }
2356 return key_senderror(so, m, EINVAL);
2357 }
2358 }
2359 }
2360 if (newsp->req && newsp->req->saidx.dst.ss_family) {
2361 struct sockaddr *sa;
2362 sa = (struct sockaddr *)(dst0 + 1);
2363 if (sa->sa_family != newsp->req->saidx.dst.ss_family) {
2364 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
2365 || sa->sa_family != AF_INET6 || newsp->req->saidx.dst.ss_family != AF_INET) {
2366 keydb_delsecpolicy(newsp);
2367 if (internal_if) {
2368 ifnet_release(internal_if);
2369 internal_if = NULL;
2370 }
2371 return key_senderror(so, m, EINVAL);
2372 }
2373 }
2374 }
2375#endif
2376
2377 microtime(&tv);
2378 newsp->created = tv.tv_sec;
2379 newsp->lastused = tv.tv_sec;
2380 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2381 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2382
2383 if (outgoing_if != NULL) {
2384 ifnet_find_by_name(outgoing_if, &newsp->outgoing_if);
2385 }
2386 if (ipsec_if != NULL) {
2387 ifnet_find_by_name(ipsec_if, &newsp->ipsec_if);
2388 }
2389 if (init_disabled > 0) {
2390 newsp->disabled = 1;
2391 }
2392
2393 newsp->refcnt = 1; /* do not reclaim until I say I do */
2394 newsp->state = IPSEC_SPSTATE_ALIVE;
2395 lck_mtx_lock(sadb_mutex);
2396 /*
2397 * policies of type generate should be at the end of the SPD
2398 * because they function as default discard policies
2399 * Don't start timehandler for generate policies
2400 */
2401 if (newsp->policy == IPSEC_POLICY_GENERATE)
2402 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2403 else { /* XXX until we have policy ordering in the kernel */
2404 struct secpolicy *tmpsp;
2405
2406 LIST_FOREACH(tmpsp, &sptree[newsp->spidx.dir], chain)
2407 if (tmpsp->policy == IPSEC_POLICY_GENERATE)
2408 break;
2409 if (tmpsp)
2410 LIST_INSERT_BEFORE(tmpsp, newsp, chain);
2411 else
2412 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2413 key_start_timehandler();
2414 }
2415
2416 ipsec_policy_count++;
2417 /* Turn off the ipsec bypass */
2418 if (ipsec_bypass != 0)
2419 ipsec_bypass = 0;
2420
2421 /* delete the entry in spacqtree */
2422 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2423 struct secspacq *spacq;
2424 if ((spacq = key_getspacq(&spidx)) != NULL) {
2425 /* reset counter in order to deletion by timehandler. */
2426 microtime(&tv);
2427 spacq->created = tv.tv_sec;
2428 spacq->count = 0;
2429 }
2430 }
2431 lck_mtx_unlock(sadb_mutex);
2432
2433 {
2434 struct mbuf *n, *mpolicy;
2435 struct sadb_msg *newmsg;
2436 int off;
2437
2438 /* create new sadb_msg to reply. */
2439 if (lft) {
2440 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2441 SADB_EXT_LIFETIME_HARD, SADB_EXT_ADDRESS_SRC,
2442 SADB_EXT_ADDRESS_DST, SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2443 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2444 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2445 } else {
2446 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2447 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2448 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2449 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2450 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2451 }
2452 if (!n)
2453 return key_senderror(so, m, ENOBUFS);
2454
2455 if (n->m_len < sizeof(*newmsg)) {
2456 n = m_pullup(n, sizeof(*newmsg));
2457 if (!n)
2458 return key_senderror(so, m, ENOBUFS);
2459 }
2460 newmsg = mtod(n, struct sadb_msg *);
2461 newmsg->sadb_msg_errno = 0;
2462 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2463
2464 off = 0;
2465 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2466 sizeof(*xpl), &off);
2467 if (mpolicy == NULL) {
2468 /* n is already freed */
2469 return key_senderror(so, m, ENOBUFS);
2470 }
2471 xpl = (struct sadb_x_policy *)(void *)(mtod(mpolicy, caddr_t) + off);
2472 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2473 m_freem(n);
2474 return key_senderror(so, m, EINVAL);
2475 }
2476 xpl->sadb_x_policy_id = newsp->id;
2477
2478 m_freem(m);
2479 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2480 }
2481}
2482
2483/*
2484 * get new policy id.
2485 * OUT:
2486 * 0: failure.
2487 * others: success.
2488 */
2489static u_int32_t
2490key_getnewspid(void)
2491{
2492 u_int32_t newid = 0;
2493 int count = key_spi_trycnt; /* XXX */
2494 struct secpolicy *sp;
2495
2496 /* when requesting to allocate spi ranged */
2497 lck_mtx_lock(sadb_mutex);
2498 while (count--) {
2499 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2500
2501 if ((sp = __key_getspbyid(newid)) == NULL)
2502 break;
2503
2504 key_freesp(sp, KEY_SADB_LOCKED);
2505 }
2506 lck_mtx_unlock(sadb_mutex);
2507 if (count == 0 || newid == 0) {
2508 ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
2509 return 0;
2510 }
2511
2512 return newid;
2513}
2514
2515/*
2516 * SADB_SPDDELETE processing
2517 * receive
2518 * <base, address(SD), policy(*)>
2519 * from the user(?), and set SADB_SASTATE_DEAD,
2520 * and send,
2521 * <base, address(SD), policy(*)>
2522 * to the ikmpd.
2523 * policy(*) including direction of policy.
2524 *
2525 * m will always be freed.
2526 */
2527static int
2528key_spddelete(
2529 struct socket *so,
2530 struct mbuf *m,
2531 const struct sadb_msghdr *mhp)
2532{
2533 struct sadb_address *src0, *dst0, *src1, *dst1;
2534 struct sadb_x_policy *xpl0;
2535 struct secpolicyindex spidx;
2536 struct secpolicy *sp;
2537 ifnet_t internal_if = NULL;
2538 struct sadb_x_ipsecif *ipsecifopts = NULL;
2539 int use_src_range = 0;
2540 int use_dst_range = 0;
2541
2542 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2543
2544 /* sanity check */
2545 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2546 panic("key_spddelete: NULL pointer is passed.\n");
2547
2548 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2549 use_src_range = 1;
2550 }
2551 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2552 use_dst_range = 1;
2553 }
2554
2555 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2556 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2557 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2558 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2559 return key_senderror(so, m, EINVAL);
2560 }
2561 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2562 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2563 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2564 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2565 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2566 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2567 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2568 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2569 return key_senderror(so, m, EINVAL);
2570 }
2571
2572 if (use_src_range) {
2573 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2574 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2575 } else {
2576 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2577 }
2578 if (use_dst_range) {
2579 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2580 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2581 } else {
2582 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2583 }
2584 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2585 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2586
2587 /* checking the direction. */
2588 switch (xpl0->sadb_x_policy_dir) {
2589 case IPSEC_DIR_INBOUND:
2590 case IPSEC_DIR_OUTBOUND:
2591 break;
2592 default:
2593 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2594 return key_senderror(so, m, EINVAL);
2595 }
2596
2597 /* Process interfaces */
2598 if (ipsecifopts != NULL) {
2599 if (ipsecifopts->sadb_x_ipsecif_internal_if) {
2600 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2601 }
2602 }
2603
2604 /* make secindex */
2605 /* XXX boundary check against sa_len */
2606 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2607 src0 + 1,
2608 dst0 + 1,
2609 src0->sadb_address_prefixlen,
2610 dst0->sadb_address_prefixlen,
2611 src0->sadb_address_proto,
2612 internal_if,
2613 use_src_range ? src0 + 1 : NULL,
2614 use_src_range ? src1 + 1 : NULL,
2615 use_dst_range ? dst0 + 1 : NULL,
2616 use_dst_range ? dst1 + 1 : NULL,
2617 &spidx);
2618
2619 /* Is there SP in SPD ? */
2620 lck_mtx_lock(sadb_mutex);
2621 if ((sp = key_getsp(&spidx)) == NULL) {
2622 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2623 lck_mtx_unlock(sadb_mutex);
2624 if (internal_if) {
2625 ifnet_release(internal_if);
2626 internal_if = NULL;
2627 }
2628 return key_senderror(so, m, EINVAL);
2629 }
2630
2631 if (internal_if) {
2632 ifnet_release(internal_if);
2633 internal_if = NULL;
2634 }
2635
2636 /* save policy id to buffer to be returned. */
2637 xpl0->sadb_x_policy_id = sp->id;
2638
2639 sp->state = IPSEC_SPSTATE_DEAD;
2640 key_freesp(sp, KEY_SADB_LOCKED);
2641 lck_mtx_unlock(sadb_mutex);
2642
2643
2644 {
2645 struct mbuf *n;
2646 struct sadb_msg *newmsg;
2647 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2648 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2649 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2650 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2651
2652 /* create new sadb_msg to reply. */
2653 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2654 if (!n)
2655 return key_senderror(so, m, ENOBUFS);
2656
2657 newmsg = mtod(n, struct sadb_msg *);
2658 newmsg->sadb_msg_errno = 0;
2659 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2660
2661 m_freem(m);
2662 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2663 }
2664}
2665
2666/*
2667 * SADB_SPDDELETE2 processing
2668 * receive
2669 * <base, policy(*)>
2670 * from the user(?), and set SADB_SASTATE_DEAD,
2671 * and send,
2672 * <base, policy(*)>
2673 * to the ikmpd.
2674 * policy(*) including direction of policy.
2675 *
2676 * m will always be freed.
2677 */
2678static int
2679key_spddelete2(
2680 struct socket *so,
2681 struct mbuf *m,
2682 const struct sadb_msghdr *mhp)
2683{
2684 u_int32_t id;
2685 struct secpolicy *sp;
2686
2687 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2688
2689 /* sanity check */
2690 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2691 panic("key_spddelete2: NULL pointer is passed.\n");
2692
2693 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2694 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2695 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2696 key_senderror(so, m, EINVAL);
2697 return 0;
2698 }
2699
2700 id = ((struct sadb_x_policy *)
2701 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2702
2703 /* Is there SP in SPD ? */
2704 lck_mtx_lock(sadb_mutex);
2705 if ((sp = __key_getspbyid(id)) == NULL) {
2706 lck_mtx_unlock(sadb_mutex);
2707 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2708 return key_senderror(so, m, EINVAL);
2709 }
2710
2711 sp->state = IPSEC_SPSTATE_DEAD;
2712 key_freesp(sp, KEY_SADB_LOCKED);
2713 lck_mtx_unlock(sadb_mutex);
2714
2715 {
2716 struct mbuf *n, *nn;
2717 struct sadb_msg *newmsg;
2718 int off, len;
2719
2720 /* create new sadb_msg to reply. */
2721 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2722
2723 if (len > MCLBYTES)
2724 return key_senderror(so, m, ENOBUFS);
2725 MGETHDR(n, M_WAITOK, MT_DATA);
2726 if (n && len > MHLEN) {
2727 MCLGET(n, M_WAITOK);
2728 if ((n->m_flags & M_EXT) == 0) {
2729 m_freem(n);
2730 n = NULL;
2731 }
2732 }
2733 if (!n)
2734 return key_senderror(so, m, ENOBUFS);
2735
2736 n->m_len = len;
2737 n->m_next = NULL;
2738 off = 0;
2739
2740 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2741 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2742
2743#if DIAGNOSTIC
2744 if (off != len)
2745 panic("length inconsistency in key_spddelete2");
2746#endif
2747
2748 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2749 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK);
2750 if (!n->m_next) {
2751 m_freem(n);
2752 return key_senderror(so, m, ENOBUFS);
2753 }
2754
2755 n->m_pkthdr.len = 0;
2756 for (nn = n; nn; nn = nn->m_next)
2757 n->m_pkthdr.len += nn->m_len;
2758
2759 newmsg = mtod(n, struct sadb_msg *);
2760 newmsg->sadb_msg_errno = 0;
2761 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2762
2763 m_freem(m);
2764 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2765 }
2766}
2767
2768static int
2769key_spdenable(
2770 struct socket *so,
2771 struct mbuf *m,
2772 const struct sadb_msghdr *mhp)
2773{
2774 u_int32_t id;
2775 struct secpolicy *sp;
2776
2777 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2778
2779 /* sanity check */
2780 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2781 panic("key_spdenable: NULL pointer is passed.\n");
2782
2783 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2784 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2785 ipseclog((LOG_DEBUG, "key_spdenable: invalid message is passed.\n"));
2786 key_senderror(so, m, EINVAL);
2787 return 0;
2788 }
2789
2790 id = ((struct sadb_x_policy *)
2791 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2792
2793 /* Is there SP in SPD ? */
2794 lck_mtx_lock(sadb_mutex);
2795 if ((sp = __key_getspbyid(id)) == NULL) {
2796 lck_mtx_unlock(sadb_mutex);
2797 ipseclog((LOG_DEBUG, "key_spdenable: no SP found id:%u.\n", id));
2798 return key_senderror(so, m, EINVAL);
2799 }
2800
2801 sp->disabled = 0;
2802 lck_mtx_unlock(sadb_mutex);
2803
2804 {
2805 struct mbuf *n;
2806 struct sadb_msg *newmsg;
2807 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2808
2809 /* create new sadb_msg to reply. */
2810 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2811 if (!n)
2812 return key_senderror(so, m, ENOBUFS);
2813
2814 if (n->m_len < sizeof(struct sadb_msg)) {
2815 n = m_pullup(n, sizeof(struct sadb_msg));
2816 if (n == NULL)
2817 return key_senderror(so, m, ENOBUFS);
2818 }
2819 newmsg = mtod(n, struct sadb_msg *);
2820 newmsg->sadb_msg_errno = 0;
2821 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2822
2823 m_freem(m);
2824 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2825 }
2826}
2827
2828static int
2829key_spddisable(
2830 struct socket *so,
2831 struct mbuf *m,
2832 const struct sadb_msghdr *mhp)
2833{
2834 u_int32_t id;
2835 struct secpolicy *sp;
2836
2837 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2838
2839 /* sanity check */
2840 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2841 panic("key_spddisable: NULL pointer is passed.\n");
2842
2843 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2844 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2845 ipseclog((LOG_DEBUG, "key_spddisable: invalid message is passed.\n"));
2846 key_senderror(so, m, EINVAL);
2847 return 0;
2848 }
2849
2850 id = ((struct sadb_x_policy *)
2851 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2852
2853 /* Is there SP in SPD ? */
2854 lck_mtx_lock(sadb_mutex);
2855 if ((sp = __key_getspbyid(id)) == NULL) {
2856 lck_mtx_unlock(sadb_mutex);
2857 ipseclog((LOG_DEBUG, "key_spddisable: no SP found id:%u.\n", id));
2858 return key_senderror(so, m, EINVAL);
2859 }
2860
2861 sp->disabled = 1;
2862 lck_mtx_unlock(sadb_mutex);
2863
2864 {
2865 struct mbuf *n;
2866 struct sadb_msg *newmsg;
2867 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2868
2869 /* create new sadb_msg to reply. */
2870 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2871 if (!n)
2872 return key_senderror(so, m, ENOBUFS);
2873
2874 if (n->m_len < sizeof(struct sadb_msg)) {
2875 n = m_pullup(n, sizeof(struct sadb_msg));
2876 if (n == NULL)
2877 return key_senderror(so, m, ENOBUFS);
2878 }
2879 newmsg = mtod(n, struct sadb_msg *);
2880 newmsg->sadb_msg_errno = 0;
2881 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2882
2883 m_freem(m);
2884 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2885 }
2886}
2887
2888/*
2889 * SADB_X_GET processing
2890 * receive
2891 * <base, policy(*)>
2892 * from the user(?),
2893 * and send,
2894 * <base, address(SD), policy>
2895 * to the ikmpd.
2896 * policy(*) including direction of policy.
2897 *
2898 * m will always be freed.
2899 */
2900static int
2901key_spdget(
2902 struct socket *so,
2903 struct mbuf *m,
2904 const struct sadb_msghdr *mhp)
2905{
2906 u_int32_t id;
2907 struct secpolicy *sp;
2908 struct mbuf *n;
2909
2910 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2911
2912 /* sanity check */
2913 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2914 panic("key_spdget: NULL pointer is passed.\n");
2915
2916 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2917 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2918 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2919 return key_senderror(so, m, EINVAL);
2920 }
2921
2922 id = ((struct sadb_x_policy *)
2923 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2924
2925 /* Is there SP in SPD ? */
2926 lck_mtx_lock(sadb_mutex);
2927 if ((sp = __key_getspbyid(id)) == NULL) {
2928 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2929 lck_mtx_unlock(sadb_mutex);
2930 return key_senderror(so, m, ENOENT);
2931 }
2932 lck_mtx_unlock(sadb_mutex);
2933 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2934 if (n != NULL) {
2935 m_freem(m);
2936 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2937 } else
2938 return key_senderror(so, m, ENOBUFS);
2939}
2940
2941/*
2942 * SADB_X_SPDACQUIRE processing.
2943 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2944 * send
2945 * <base, policy(*)>
2946 * to KMD, and expect to receive
2947 * <base> with SADB_X_SPDACQUIRE if error occurred,
2948 * or
2949 * <base, policy>
2950 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2951 * policy(*) is without policy requests.
2952 *
2953 * 0 : succeed
2954 * others: error number
2955 */
2956int
2957key_spdacquire(
2958 struct secpolicy *sp)
2959{
2960 struct mbuf *result = NULL, *m;
2961 struct secspacq *newspacq;
2962 int error;
2963
2964 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2965
2966 /* sanity check */
2967 if (sp == NULL)
2968 panic("key_spdacquire: NULL pointer is passed.\n");
2969 if (sp->req != NULL)
2970 panic("key_spdacquire: called but there is request.\n");
2971 if (sp->policy != IPSEC_POLICY_IPSEC)
2972 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2973
2974 /* get a entry to check whether sent message or not. */
2975 lck_mtx_lock(sadb_mutex);
2976 if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
2977 if (key_blockacq_count < newspacq->count) {
2978 /* reset counter and do send message. */
2979 newspacq->count = 0;
2980 } else {
2981 /* increment counter and do nothing. */
2982 newspacq->count++;
2983 lck_mtx_unlock(sadb_mutex);
2984 return 0;
2985 }
2986 } else {
2987 /* make new entry for blocking to send SADB_ACQUIRE. */
2988 if ((newspacq = key_newspacq(&sp->spidx)) == NULL) {
2989 lck_mtx_unlock(sadb_mutex);
2990 return ENOBUFS;
2991 }
2992 /* add to acqtree */
2993 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2994 key_start_timehandler();
2995 }
2996 lck_mtx_unlock(sadb_mutex);
2997 /* create new sadb_msg to reply. */
2998 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2999 if (!m) {
3000 error = ENOBUFS;
3001 goto fail;
3002 }
3003 result = m;
3004
3005 result->m_pkthdr.len = 0;
3006 for (m = result; m; m = m->m_next)
3007 result->m_pkthdr.len += m->m_len;
3008
3009 mtod(result, struct sadb_msg *)->sadb_msg_len =
3010 PFKEY_UNIT64(result->m_pkthdr.len);
3011
3012 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
3013
3014fail:
3015 if (result)
3016 m_freem(result);
3017 return error;
3018}
3019
3020/*
3021 * SADB_SPDFLUSH processing
3022 * receive
3023 * <base>
3024 * from the user, and free all entries in secpctree.
3025 * and send,
3026 * <base>
3027 * to the user.
3028 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
3029 *
3030 * m will always be freed.
3031 */
3032static int
3033key_spdflush(
3034 struct socket *so,
3035 struct mbuf *m,
3036 const struct sadb_msghdr *mhp)
3037{
3038 struct sadb_msg *newmsg;
3039 struct secpolicy *sp;
3040 u_int dir;
3041
3042 /* sanity check */
3043 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3044 panic("key_spdflush: NULL pointer is passed.\n");
3045
3046 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
3047 return key_senderror(so, m, EINVAL);
3048
3049 lck_mtx_lock(sadb_mutex);
3050 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3051 LIST_FOREACH(sp, &sptree[dir], chain) {
3052 sp->state = IPSEC_SPSTATE_DEAD;
3053 }
3054 }
3055 lck_mtx_unlock(sadb_mutex);
3056
3057 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
3058 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
3059 return key_senderror(so, m, ENOBUFS);
3060 }
3061
3062 if (m->m_next)
3063 m_freem(m->m_next);
3064 m->m_next = NULL;
3065 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3066 newmsg = mtod(m, struct sadb_msg *);
3067 newmsg->sadb_msg_errno = 0;
3068 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
3069
3070 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
3071}
3072
3073/*
3074 * SADB_SPDDUMP processing
3075 * receive
3076 * <base>
3077 * from the user, and dump all SP leaves
3078 * and send,
3079 * <base> .....
3080 * to the ikmpd.
3081 *
3082 * m will always be freed.
3083 */
3084
3085static int
3086key_spddump(
3087 struct socket *so,
3088 struct mbuf *m,
3089 const struct sadb_msghdr *mhp)
3090{
3091 struct secpolicy *sp, **spbuf = NULL, **sp_ptr;
3092 int cnt = 0, bufcount;
3093 u_int dir;
3094 struct mbuf *n;
3095 int error = 0;
3096
3097 /* sanity check */
3098 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3099 panic("key_spddump: NULL pointer is passed.\n");
3100
3101 if ((bufcount = ipsec_policy_count) == 0) {
3102 error = ENOENT;
3103 goto end;
3104 }
3105 bufcount += 256; /* extra */
3106 KMALLOC_WAIT(spbuf, struct secpolicy**, bufcount * sizeof(struct secpolicy*));
3107 if (spbuf == NULL) {
3108 ipseclog((LOG_DEBUG, "key_spddump: No more memory.\n"));
3109 error = ENOMEM;
3110 goto end;
3111 }
3112 lck_mtx_lock(sadb_mutex);
3113 /* search SPD entry, make list. */
3114 sp_ptr = spbuf;
3115 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3116 LIST_FOREACH(sp, &sptree[dir], chain) {
3117 if (cnt == bufcount)
3118 break; /* buffer full */
3119 *sp_ptr++ = sp;
3120 sp->refcnt++;
3121 cnt++;
3122 }
3123 }
3124 lck_mtx_unlock(sadb_mutex);
3125
3126 if (cnt == 0) {
3127 error = ENOENT;
3128 goto end;
3129 }
3130
3131 sp_ptr = spbuf;
3132 while (cnt) {
3133 --cnt;
3134 n = key_setdumpsp(*sp_ptr++, SADB_X_SPDDUMP, cnt,
3135 mhp->msg->sadb_msg_pid);
3136
3137 if (n)
3138 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
3139 }
3140
3141 lck_mtx_lock(sadb_mutex);
3142 while (sp_ptr > spbuf)
3143 key_freesp(*(--sp_ptr), KEY_SADB_LOCKED);
3144 lck_mtx_unlock(sadb_mutex);
3145
3146end:
3147 if (spbuf)
3148 KFREE(spbuf);
3149 if (error)
3150 return key_senderror(so, m, error);
3151
3152 m_freem(m);
3153 return 0;
3154
3155}
3156
3157static struct mbuf *
3158key_setdumpsp(
3159 struct secpolicy *sp,
3160 u_int8_t type,
3161 u_int32_t seq,
3162 u_int32_t pid)
3163{
3164 struct mbuf *result = NULL, *m;
3165
3166 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
3167 if (!m)
3168 goto fail;
3169 result = m;
3170
3171 if (sp->spidx.src_range.start.ss_len > 0) {
3172 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3173 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3174 sp->spidx.ul_proto);
3175 if (!m)
3176 goto fail;
3177 m_cat(result, m);
3178
3179 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3180 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3181 sp->spidx.ul_proto);
3182 if (!m)
3183 goto fail;
3184 m_cat(result, m);
3185 } else {
3186 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3187 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3188 sp->spidx.ul_proto);
3189 if (!m)
3190 goto fail;
3191 m_cat(result, m);
3192 }
3193
3194 if (sp->spidx.dst_range.start.ss_len > 0) {
3195 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3196 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3197 sp->spidx.ul_proto);
3198 if (!m)
3199 goto fail;
3200 m_cat(result, m);
3201
3202 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3203 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3204 sp->spidx.ul_proto);
3205 if (!m)
3206 goto fail;
3207 m_cat(result, m);
3208 } else {
3209 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3210 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3211 sp->spidx.ul_proto);
3212 if (!m)
3213 goto fail;
3214 m_cat(result, m);
3215 }
3216
3217 if (sp->spidx.internal_if || sp->outgoing_if || sp->ipsec_if || sp->disabled) {
3218 m = key_setsadbipsecif(sp->spidx.internal_if, sp->outgoing_if, sp->ipsec_if, sp->disabled);
3219 if (!m)
3220 goto fail;
3221 m_cat(result, m);
3222 }
3223
3224 m = key_sp2msg(sp);
3225 if (!m)
3226 goto fail;
3227 m_cat(result, m);
3228
3229 if ((result->m_flags & M_PKTHDR) == 0)
3230 goto fail;
3231
3232 if (result->m_len < sizeof(struct sadb_msg)) {
3233 result = m_pullup(result, sizeof(struct sadb_msg));
3234 if (result == NULL)
3235 goto fail;
3236 }
3237
3238 result->m_pkthdr.len = 0;
3239 for (m = result; m; m = m->m_next)
3240 result->m_pkthdr.len += m->m_len;
3241
3242 mtod(result, struct sadb_msg *)->sadb_msg_len =
3243 PFKEY_UNIT64(result->m_pkthdr.len);
3244
3245 return result;
3246
3247fail:
3248 m_freem(result);
3249 return NULL;
3250}
3251
3252/*
3253 * get PFKEY message length for security policy and request.
3254 */
3255static u_int
3256key_getspreqmsglen(
3257 struct secpolicy *sp)
3258{
3259 u_int tlen;
3260
3261 tlen = sizeof(struct sadb_x_policy);
3262
3263 /* if is the policy for ipsec ? */
3264 if (sp->policy != IPSEC_POLICY_IPSEC)
3265 return tlen;
3266
3267 /* get length of ipsec requests */
3268 {
3269 struct ipsecrequest *isr;
3270 int len;
3271
3272 for (isr = sp->req; isr != NULL; isr = isr->next) {
3273 len = sizeof(struct sadb_x_ipsecrequest)
3274 + isr->saidx.src.ss_len
3275 + isr->saidx.dst.ss_len;
3276
3277 tlen += PFKEY_ALIGN8(len);
3278 }
3279 }
3280
3281 return tlen;
3282}
3283
3284/*
3285 * SADB_SPDEXPIRE processing
3286 * send
3287 * <base, address(SD), lifetime(CH), policy>
3288 * to KMD by PF_KEY.
3289 *
3290 * OUT: 0 : succeed
3291 * others : error number
3292 */
3293static int
3294key_spdexpire(
3295 struct secpolicy *sp)
3296{
3297 struct mbuf *result = NULL, *m;
3298 int len;
3299 int error = EINVAL;
3300 struct sadb_lifetime *lt;
3301
3302 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
3303
3304 /* sanity check */
3305 if (sp == NULL)
3306 panic("key_spdexpire: NULL pointer is passed.\n");
3307
3308 /* set msg header */
3309 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
3310 if (!m) {
3311 error = ENOBUFS;
3312 goto fail;
3313 }
3314 result = m;
3315
3316 /* create lifetime extension (current and hard) */
3317 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
3318 m = key_alloc_mbuf(len);
3319 if (!m || m->m_next) { /*XXX*/
3320 if (m)
3321 m_freem(m);
3322 error = ENOBUFS;
3323 goto fail;
3324 }
3325 bzero(mtod(m, caddr_t), len);
3326 lt = mtod(m, struct sadb_lifetime *);
3327 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3328 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3329 lt->sadb_lifetime_allocations = 0;
3330 lt->sadb_lifetime_bytes = 0;
3331 lt->sadb_lifetime_addtime = sp->created;
3332 lt->sadb_lifetime_usetime = sp->lastused;
3333 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
3334 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3335 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3336 lt->sadb_lifetime_allocations = 0;
3337 lt->sadb_lifetime_bytes = 0;
3338 lt->sadb_lifetime_addtime = sp->lifetime;
3339 lt->sadb_lifetime_usetime = sp->validtime;
3340 m_cat(result, m);
3341
3342 /* set sadb_address(es) for source */
3343 if (sp->spidx.src_range.start.ss_len > 0) {
3344 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3345 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3346 sp->spidx.ul_proto);
3347 if (!m) {
3348 error = ENOBUFS;
3349 goto fail;
3350 }
3351 m_cat(result, m);
3352
3353 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3354 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3355 sp->spidx.ul_proto);
3356 if (!m) {
3357 error = ENOBUFS;
3358 goto fail;
3359 }
3360 m_cat(result, m);
3361 } else {
3362 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3363 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3364 sp->spidx.ul_proto);
3365 if (!m) {
3366 error = ENOBUFS;
3367 goto fail;
3368 }
3369 m_cat(result, m);
3370 }
3371
3372 /* set sadb_address(es) for dest */
3373 if (sp->spidx.dst_range.start.ss_len > 0) {
3374 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3375 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3376 sp->spidx.ul_proto);
3377 if (!m) {
3378 error = ENOBUFS;
3379 goto fail;
3380 }
3381 m_cat(result, m);
3382
3383 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3384 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3385 sp->spidx.ul_proto);
3386 if (!m) {
3387 error = ENOBUFS;
3388 goto fail;
3389 }
3390 m_cat(result, m);
3391 } else {
3392 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3393 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3394 sp->spidx.ul_proto);
3395 if (!m) {
3396 error = ENOBUFS;
3397 goto fail;
3398 }
3399 m_cat(result, m);
3400 }
3401
3402 /* set secpolicy */
3403 m = key_sp2msg(sp);
3404 if (!m) {
3405 error = ENOBUFS;
3406 goto fail;
3407 }
3408 m_cat(result, m);
3409
3410 if ((result->m_flags & M_PKTHDR) == 0) {
3411 error = EINVAL;
3412 goto fail;
3413 }
3414
3415 if (result->m_len < sizeof(struct sadb_msg)) {
3416 result = m_pullup(result, sizeof(struct sadb_msg));
3417 if (result == NULL) {
3418 error = ENOBUFS;
3419 goto fail;
3420 }
3421 }
3422
3423 result->m_pkthdr.len = 0;
3424 for (m = result; m; m = m->m_next)
3425 result->m_pkthdr.len += m->m_len;
3426
3427 mtod(result, struct sadb_msg *)->sadb_msg_len =
3428 PFKEY_UNIT64(result->m_pkthdr.len);
3429
3430 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
3431
3432fail:
3433 if (result)
3434 m_freem(result);
3435 return error;
3436}
3437
3438/* %%% SAD management */
3439/*
3440 * allocating a memory for new SA head, and copy from the values of mhp.
3441 * OUT: NULL : failure due to the lack of memory.
3442 * others : pointer to new SA head.
3443 */
3444static struct secashead *
3445key_newsah(struct secasindex *saidx,
3446 ifnet_t ipsec_if,
3447 u_int outgoing_if,
3448 u_int8_t dir)
3449{
3450 struct secashead *newsah;
3451
3452 /* sanity check */
3453 if (saidx == NULL)
3454 panic("key_newsaidx: NULL pointer is passed.\n");
3455
3456 newsah = keydb_newsecashead();
3457 if (newsah == NULL)
3458 return NULL;
3459
3460 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
3461
3462 /* remove the ports */
3463 switch (saidx->src.ss_family) {
3464 case AF_INET:
3465 ((struct sockaddr_in *)(&newsah->saidx.src))->sin_port = IPSEC_PORT_ANY;
3466 break;
3467 case AF_INET6:
3468 ((struct sockaddr_in6 *)(&newsah->saidx.src))->sin6_port = IPSEC_PORT_ANY;
3469 break;
3470 default:
3471 break;
3472 }
3473 switch (saidx->dst.ss_family) {
3474 case AF_INET:
3475 ((struct sockaddr_in *)(&newsah->saidx.dst))->sin_port = IPSEC_PORT_ANY;
3476 break;
3477 case AF_INET6:
3478 ((struct sockaddr_in6 *)(&newsah->saidx.dst))->sin6_port = IPSEC_PORT_ANY;
3479 break;
3480 default:
3481 break;
3482 }
3483
3484 newsah->outgoing_if = outgoing_if;
3485 if (ipsec_if) {
3486 ifnet_reference(ipsec_if);
3487 newsah->ipsec_if = ipsec_if;
3488 }
3489 newsah->dir = dir;
3490 /* add to saidxtree */
3491 newsah->state = SADB_SASTATE_MATURE;
3492 LIST_INSERT_HEAD(&sahtree, newsah, chain);
3493 key_start_timehandler();
3494
3495 return(newsah);
3496}
3497
3498/*
3499 * delete SA index and all SA registerd.
3500 */
3501void
3502key_delsah(
3503 struct secashead *sah)
3504{
3505 struct secasvar *sav, *nextsav;
3506 u_int stateidx, state;
3507 int zombie = 0;
3508
3509 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3510
3511 /* sanity check */
3512 if (sah == NULL)
3513 panic("key_delsah: NULL pointer is passed.\n");
3514
3515 /* searching all SA registerd in the secindex. */
3516 for (stateidx = 0;
3517 stateidx < _ARRAYLEN(saorder_state_any);
3518 stateidx++) {
3519
3520 state = saorder_state_any[stateidx];
3521 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
3522 sav != NULL;
3523 sav = nextsav) {
3524
3525 nextsav = LIST_NEXT(sav, chain);
3526
3527 if (sav->refcnt > 0) {
3528 /* give up to delete this sa */
3529 zombie++;
3530 continue;
3531 }
3532
3533 /* sanity check */
3534 KEY_CHKSASTATE(state, sav->state, "key_delsah");
3535
3536 key_freesav(sav, KEY_SADB_LOCKED);
3537
3538 /* remove back pointer */
3539 sav->sah = NULL;
3540 sav = NULL;
3541 }
3542 }
3543
3544 /* don't delete sah only if there are savs. */
3545 if (zombie)
3546 return;
3547
3548 ROUTE_RELEASE(&sah->sa_route);
3549
3550 if (sah->ipsec_if) {
3551 ifnet_release(sah->ipsec_if);
3552 sah->ipsec_if = NULL;
3553 }
3554
3555 if (sah->idents) {
3556 KFREE(sah->idents);
3557 }
3558
3559 if (sah->identd) {
3560 KFREE(sah->identd);
3561 }
3562
3563 /* remove from tree of SA index */
3564 if (__LIST_CHAINED(sah))
3565 LIST_REMOVE(sah, chain);
3566
3567 KFREE(sah);
3568
3569 return;
3570}
3571
3572/*
3573 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3574 * and copy the values of mhp into new buffer.
3575 * When SAD message type is GETSPI:
3576 * to set sequence number from acq_seq++,
3577 * to set zero to SPI.
3578 * not to call key_setsava().
3579 * OUT: NULL : fail
3580 * others : pointer to new secasvar.
3581 *
3582 * does not modify mbuf. does not free mbuf on error.
3583 */
3584static struct secasvar *
3585key_newsav(
3586 struct mbuf *m,
3587 const struct sadb_msghdr *mhp,
3588 struct secashead *sah,
3589 int *errp,
3590 struct socket *so)
3591{
3592 struct secasvar *newsav;
3593 const struct sadb_sa *xsa;
3594
3595 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3596
3597 /* sanity check */
3598 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
3599 panic("key_newsa: NULL pointer is passed.\n");
3600
3601 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3602 if (newsav == NULL) {
3603 lck_mtx_unlock(sadb_mutex);
3604 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3605 lck_mtx_lock(sadb_mutex);
3606 if (newsav == NULL) {
3607 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3608 *errp = ENOBUFS;
3609 return NULL;
3610 }
3611 }
3612 bzero((caddr_t)newsav, sizeof(struct secasvar));
3613
3614 switch (mhp->msg->sadb_msg_type) {
3615 case SADB_GETSPI:
3616 key_setspi(newsav, 0);
3617
3618#if IPSEC_DOSEQCHECK
3619 /* sync sequence number */
3620 if (mhp->msg->sadb_msg_seq == 0)
3621 newsav->seq =
3622 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3623 else
3624#endif
3625 newsav->seq = mhp->msg->sadb_msg_seq;
3626 break;
3627
3628 case SADB_ADD:
3629 /* sanity check */
3630 if (mhp->ext[SADB_EXT_SA] == NULL) {
3631 key_delsav(newsav);
3632 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
3633 *errp = EINVAL;
3634 return NULL;
3635 }
3636 xsa = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
3637 key_setspi(newsav, xsa->sadb_sa_spi);
3638 newsav->seq = mhp->msg->sadb_msg_seq;
3639 break;
3640 default:
3641 key_delsav(newsav);
3642 *errp = EINVAL;
3643 return NULL;
3644 }
3645
3646 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
3647 if (((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_alwaysexpire)
3648 newsav->always_expire = 1;
3649 newsav->flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
3650 if (newsav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
3651 newsav->so = so;
3652 }
3653 }
3654
3655 /* copy sav values */
3656 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3657 *errp = key_setsaval(newsav, m, mhp);
3658 if (*errp) {
3659 key_delsav(newsav);
3660 return NULL;
3661 }
3662 } else {
3663 /* For get SPI, if has a hard lifetime, apply */
3664 const struct sadb_lifetime *lft0;
3665 struct timeval tv;
3666
3667 lft0 = (struct sadb_lifetime *)(void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3668 if (lft0 != NULL) {
3669 /* make lifetime for CURRENT */
3670 KMALLOC_NOWAIT(newsav->lft_c, struct sadb_lifetime *,
3671 sizeof(struct sadb_lifetime));
3672 if (newsav->lft_c == NULL) {
3673 lck_mtx_unlock(sadb_mutex);
3674 KMALLOC_WAIT(newsav->lft_c, struct sadb_lifetime *,
3675 sizeof(struct sadb_lifetime));
3676 lck_mtx_lock(sadb_mutex);
3677 if (newsav->lft_c == NULL) {
3678 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3679 key_delsav(newsav);
3680 *errp = ENOBUFS;
3681 return NULL;
3682 }
3683 }
3684
3685 microtime(&tv);
3686
3687 newsav->lft_c->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3688 newsav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3689 newsav->lft_c->sadb_lifetime_allocations = 0;
3690 newsav->lft_c->sadb_lifetime_bytes = 0;
3691 newsav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
3692 newsav->lft_c->sadb_lifetime_usetime = 0;
3693
3694 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3695 ipseclog((LOG_DEBUG, "key_newsa: invalid hard lifetime ext len.\n"));
3696 key_delsav(newsav);
3697 *errp = EINVAL;
3698 return NULL;
3699 }
3700 newsav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0, sizeof(*lft0));
3701 if (newsav->lft_h == NULL) {
3702 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3703 key_delsav(newsav);
3704 *errp = ENOBUFS;
3705 return NULL;
3706 }
3707 }
3708 }
3709
3710 /* reset created */
3711 {
3712 struct timeval tv;
3713 microtime(&tv);
3714 newsav->created = tv.tv_sec;
3715 }
3716
3717 newsav->pid = mhp->msg->sadb_msg_pid;
3718
3719 /* add to satree */
3720 newsav->sah = sah;
3721 newsav->refcnt = 1;
3722 newsav->state = SADB_SASTATE_LARVAL;
3723 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3724 secasvar, chain);
3725 ipsec_sav_count++;
3726
3727 return newsav;
3728}
3729
3730/*
3731 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3732 * and copy the values passed into new buffer.
3733 * When SAD message type is GETSPI:
3734 * to set sequence number from acq_seq++,
3735 * to set zero to SPI.
3736 * not to call key_setsava().
3737 * OUT: NULL : fail
3738 * others : pointer to new secasvar.
3739 */
3740struct secasvar *
3741key_newsav2(struct secashead *sah,
3742 u_int8_t satype,
3743 u_int8_t alg_auth,
3744 u_int8_t alg_enc,
3745 u_int32_t flags,
3746 u_int8_t replay,
3747 struct sadb_key *key_auth,
3748 u_int16_t key_auth_len,
3749 struct sadb_key *key_enc,
3750 u_int16_t key_enc_len,
3751 u_int16_t natt_port,
3752 u_int32_t seq,
3753 u_int32_t spi,
3754 u_int32_t pid,
3755 struct sadb_lifetime *lifetime_hard,
3756 struct sadb_lifetime *lifetime_soft)
3757{
3758 struct secasvar *newsav;
3759
3760 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3761
3762 /* sanity check */
3763 if (sah == NULL)
3764 panic("key_newsa: NULL pointer is passed.\n");
3765
3766 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3767 if (newsav == NULL) {
3768 lck_mtx_unlock(sadb_mutex);
3769 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3770 lck_mtx_lock(sadb_mutex);
3771 if (newsav == NULL) {
3772 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3773 return NULL;
3774 }
3775 }
3776 bzero((caddr_t)newsav, sizeof(struct secasvar));
3777
3778#if IPSEC_DOSEQCHECK
3779 /* sync sequence number */
3780 if (seq == 0)
3781 newsav->seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3782 else
3783#endif
3784 newsav->seq = seq;
3785 key_setspi(newsav, spi);
3786
3787 if (key_setsaval2(newsav,
3788 satype,
3789 alg_auth,
3790 alg_enc,
3791 flags,
3792 replay,
3793 key_auth,
3794 key_auth_len,
3795 key_enc,
3796 key_enc_len,
3797 natt_port,
3798 seq,
3799 spi,
3800 pid,
3801 lifetime_hard,
3802 lifetime_soft)) {
3803 key_delsav(newsav);
3804 return NULL;
3805 }
3806
3807 /* reset created */
3808 {
3809 struct timeval tv;
3810 microtime(&tv);
3811 newsav->created = tv.tv_sec;
3812 }
3813
3814 newsav->pid = pid;
3815
3816 /* add to satree */
3817 newsav->sah = sah;
3818 newsav->refcnt = 1;
3819 if (spi && key_auth && key_auth_len && key_enc && key_enc_len) {
3820 newsav->state = SADB_SASTATE_MATURE;
3821 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_MATURE], newsav,
3822 secasvar, chain);
3823 } else {
3824 newsav->state = SADB_SASTATE_LARVAL;
3825 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3826 secasvar, chain);
3827 }
3828 ipsec_sav_count++;
3829
3830 return newsav;
3831}
3832
3833/*
3834 * free() SA variable entry.
3835 */
3836void
3837key_delsav(
3838 struct secasvar *sav)
3839{
3840
3841 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3842
3843 /* sanity check */
3844 if (sav == NULL)
3845 panic("key_delsav: NULL pointer is passed.\n");
3846
3847 if (sav->refcnt > 0)
3848 return; /* can't free */
3849
3850 /* remove from SA header */
3851 if (__LIST_CHAINED(sav))
3852 LIST_REMOVE(sav, chain);
3853 ipsec_sav_count--;
3854
3855 if (sav->spihash.le_prev || sav->spihash.le_next)
3856 LIST_REMOVE(sav, spihash);
3857
3858 if (sav->key_auth != NULL) {
3859 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3860 KFREE(sav->key_auth);
3861 sav->key_auth = NULL;
3862 }
3863 if (sav->key_enc != NULL) {
3864 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3865 KFREE(sav->key_enc);
3866 sav->key_enc = NULL;
3867 }
3868 if (sav->sched) {
3869 bzero(sav->sched, sav->schedlen);
3870 KFREE(sav->sched);
3871 sav->sched = NULL;
3872 }
3873 if (sav->replay != NULL) {
3874 keydb_delsecreplay(sav->replay);
3875 sav->replay = NULL;
3876 }
3877 if (sav->lft_c != NULL) {
3878 KFREE(sav->lft_c);
3879 sav->lft_c = NULL;
3880 }
3881 if (sav->lft_h != NULL) {
3882 KFREE(sav->lft_h);
3883 sav->lft_h = NULL;
3884 }
3885 if (sav->lft_s != NULL) {
3886 KFREE(sav->lft_s);
3887 sav->lft_s = NULL;
3888 }
3889 if (sav->iv != NULL) {
3890 KFREE(sav->iv);
3891 sav->iv = NULL;
3892 }
3893
3894 KFREE(sav);
3895
3896 return;
3897}
3898
3899/*
3900 * search SAD.
3901 * OUT:
3902 * NULL : not found
3903 * others : found, pointer to a SA.
3904 */
3905static struct secashead *
3906key_getsah(struct secasindex *saidx)
3907{
3908 struct secashead *sah;
3909
3910 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3911
3912 LIST_FOREACH(sah, &sahtree, chain) {
3913 if (sah->state == SADB_SASTATE_DEAD)
3914 continue;
3915 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3916 return sah;
3917 }
3918
3919 return NULL;
3920}
3921
3922struct secashead *
3923key_newsah2 (struct secasindex *saidx,
3924 u_int8_t dir)
3925{
3926 struct secashead *sah;
3927
3928 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3929
3930 sah = key_getsah(saidx);
3931 if (!sah) {
3932 return(key_newsah(saidx, NULL, 0, dir));
3933 }
3934 return sah;
3935}
3936
3937/*
3938 * check not to be duplicated SPI.
3939 * NOTE: this function is too slow due to searching all SAD.
3940 * OUT:
3941 * NULL : not found
3942 * others : found, pointer to a SA.
3943 */
3944static struct secasvar *
3945key_checkspidup(
3946 struct secasindex *saidx,
3947 u_int32_t spi)
3948{
3949 struct secasvar *sav;
3950 u_int stateidx, state;
3951
3952 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3953
3954 /* check address family */
3955 if (saidx->src.ss_family != saidx->dst.ss_family) {
3956 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
3957 return NULL;
3958 }
3959
3960 /* check all SAD */
3961 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
3962 if (sav->spi != spi)
3963 continue;
3964 for (stateidx = 0;
3965 stateidx < _ARRAYLEN(saorder_state_alive);
3966 stateidx++) {
3967 state = saorder_state_alive[stateidx];
3968 if (sav->state == state &&
3969 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
3970 return sav;
3971 }
3972 }
3973
3974 return NULL;
3975}
3976
3977static void
3978key_setspi(
3979 struct secasvar *sav,
3980 u_int32_t spi)
3981{
3982 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3983 sav->spi = spi;
3984 if (sav->spihash.le_prev || sav->spihash.le_next)
3985 LIST_REMOVE(sav, spihash);
3986 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
3987}
3988
3989
3990/*
3991 * search SAD litmited alive SA, protocol, SPI.
3992 * OUT:
3993 * NULL : not found
3994 * others : found, pointer to a SA.
3995 */
3996static struct secasvar *
3997key_getsavbyspi(
3998 struct secashead *sah,
3999 u_int32_t spi)
4000{
4001 struct secasvar *sav, *match;
4002 u_int stateidx, state, matchidx;
4003
4004 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4005 match = NULL;
4006 matchidx = _ARRAYLEN(saorder_state_alive);
4007 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
4008 if (sav->spi != spi)
4009 continue;
4010 if (sav->sah != sah)
4011 continue;
4012 for (stateidx = 0; stateidx < matchidx; stateidx++) {
4013 state = saorder_state_alive[stateidx];
4014 if (sav->state == state) {
4015 match = sav;
4016 matchidx = stateidx;
4017 break;
4018 }
4019 }
4020 }
4021
4022 return match;
4023}
4024
4025/*
4026 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4027 * You must update these if need.
4028 * OUT: 0: success.
4029 * !0: failure.
4030 *
4031 * does not modify mbuf. does not free mbuf on error.
4032 */
4033static int
4034key_setsaval(
4035 struct secasvar *sav,
4036 struct mbuf *m,
4037 const struct sadb_msghdr *mhp)
4038{
4039#if IPSEC_ESP
4040 const struct esp_algorithm *algo;
4041#endif
4042 int error = 0;
4043 struct timeval tv;
4044
4045 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4046
4047 /* sanity check */
4048 if (m == NULL || mhp == NULL || mhp->msg == NULL)
4049 panic("key_setsaval: NULL pointer is passed.\n");
4050
4051 /* initialization */
4052 sav->replay = NULL;
4053 sav->key_auth = NULL;
4054 sav->key_enc = NULL;
4055 sav->sched = NULL;
4056 sav->schedlen = 0;
4057 sav->iv = NULL;
4058 sav->lft_c = NULL;
4059 sav->lft_h = NULL;
4060 sav->lft_s = NULL;
4061 sav->remote_ike_port = 0;
4062 sav->natt_last_activity = natt_now;
4063 sav->natt_encapsulated_src_port = 0;
4064
4065 /* SA */
4066 if (mhp->ext[SADB_EXT_SA] != NULL) {
4067 const struct sadb_sa *sa0;
4068
4069 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
4070 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
4071 ipseclog((LOG_DEBUG, "key_setsaval: invalid message size.\n"));
4072 error = EINVAL;
4073 goto fail;
4074 }
4075
4076 sav->alg_auth = sa0->sadb_sa_auth;
4077 sav->alg_enc = sa0->sadb_sa_encrypt;
4078 sav->flags = sa0->sadb_sa_flags;
4079
4080 /*
4081 * Verify that a nat-traversal port was specified if
4082 * the nat-traversal flag is set.
4083 */
4084 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4085 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa_2) ||
4086 ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
4087 ipseclog((LOG_DEBUG, "key_setsaval: natt port not set.\n"));
4088 error = EINVAL;
4089 goto fail;
4090 }
4091 sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
4092 sav->natt_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_interval;
4093 }
4094
4095 /*
4096 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4097 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4098 * set (we're not behind nat) - otherwise clear it.
4099 */
4100 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4101 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4102 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4103 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4104
4105 /* replay window */
4106 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
4107 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
4108 if (sav->replay == NULL) {
4109 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4110 error = ENOBUFS;
4111 goto fail;
4112 }
4113 }
4114 }
4115
4116 /* Authentication keys */
4117 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
4118 const struct sadb_key *key0;
4119 int len;
4120
4121 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
4122 len = mhp->extlen[SADB_EXT_KEY_AUTH];
4123
4124 error = 0;
4125 if (len < sizeof(*key0)) {
4126 ipseclog((LOG_DEBUG, "key_setsaval: invalid auth key ext len. len = %d\n", len));
4127 error = EINVAL;
4128 goto fail;
4129 }
4130 switch (mhp->msg->sadb_msg_satype) {
4131 case SADB_SATYPE_AH:
4132 case SADB_SATYPE_ESP:
4133 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4134 sav->alg_auth != SADB_X_AALG_NULL)
4135 error = EINVAL;
4136 break;
4137 case SADB_X_SATYPE_IPCOMP:
4138 default:
4139 error = EINVAL;
4140 break;
4141 }
4142 if (error) {
4143 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
4144 goto fail;
4145 }
4146
4147 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
4148 if (sav->key_auth == NULL) {
4149 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4150 error = ENOBUFS;
4151 goto fail;
4152 }
4153 }
4154
4155 /* Encryption key */
4156 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
4157 const struct sadb_key *key0;
4158 int len;
4159
4160 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
4161 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
4162
4163 error = 0;
4164 if (len < sizeof(*key0)) {
4165 ipseclog((LOG_DEBUG, "key_setsaval: invalid encryption key ext len. len = %d\n", len));
4166 error = EINVAL;
4167 goto fail;
4168 }
4169 switch (mhp->msg->sadb_msg_satype) {
4170 case SADB_SATYPE_ESP:
4171 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4172 sav->alg_enc != SADB_EALG_NULL) {
4173 ipseclog((LOG_DEBUG, "key_setsaval: invalid ESP algorithm.\n"));
4174 error = EINVAL;
4175 break;
4176 }
4177 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
4178 if (sav->key_enc == NULL) {
4179 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4180 error = ENOBUFS;
4181 goto fail;
4182 }
4183 break;
4184 case SADB_X_SATYPE_IPCOMP:
4185 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
4186 error = EINVAL;
4187 sav->key_enc = NULL; /*just in case*/
4188 break;
4189 case SADB_SATYPE_AH:
4190 default:
4191 error = EINVAL;
4192 break;
4193 }
4194 if (error) {
4195 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_enc value.\n"));
4196 goto fail;
4197 }
4198 }
4199
4200 /* set iv */
4201 sav->ivlen = 0;
4202
4203 switch (mhp->msg->sadb_msg_satype) {
4204 case SADB_SATYPE_ESP:
4205#if IPSEC_ESP
4206 algo = esp_algorithm_lookup(sav->alg_enc);
4207 if (algo && algo->ivlen)
4208 sav->ivlen = (*algo->ivlen)(algo, sav);
4209 if (sav->ivlen == 0)
4210 break;
4211 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4212 if (sav->iv == 0) {
4213 lck_mtx_unlock(sadb_mutex);
4214 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4215 lck_mtx_lock(sadb_mutex);
4216 if (sav->iv == 0) {
4217 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4218 error = ENOBUFS;
4219 goto fail;
4220 }
4221 }
4222
4223 /* initialize */
4224 key_randomfill(sav->iv, sav->ivlen);
4225#endif
4226 break;
4227 case SADB_SATYPE_AH:
4228 case SADB_X_SATYPE_IPCOMP:
4229 break;
4230 default:
4231 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
4232 error = EINVAL;
4233 goto fail;
4234 }
4235
4236 /* reset created */
4237 microtime(&tv);
4238 sav->created = tv.tv_sec;
4239
4240 /* make lifetime for CURRENT */
4241 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4242 sizeof(struct sadb_lifetime));
4243 if (sav->lft_c == NULL) {
4244 lck_mtx_unlock(sadb_mutex);
4245 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4246 sizeof(struct sadb_lifetime));
4247 lck_mtx_lock(sadb_mutex);
4248 if (sav->lft_c == NULL) {
4249 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4250 error = ENOBUFS;
4251 goto fail;
4252 }
4253 }
4254
4255 microtime(&tv);
4256
4257 sav->lft_c->sadb_lifetime_len =
4258 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4259 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4260 sav->lft_c->sadb_lifetime_allocations = 0;
4261 sav->lft_c->sadb_lifetime_bytes = 0;
4262 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4263 sav->lft_c->sadb_lifetime_usetime = 0;
4264
4265 /* lifetimes for HARD and SOFT */
4266 {
4267 const struct sadb_lifetime *lft0;
4268
4269 lft0 = (struct sadb_lifetime *)
4270 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
4271 if (lft0 != NULL) {
4272 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
4273 ipseclog((LOG_DEBUG, "key_setsaval: invalid hard lifetime ext len.\n"));
4274 error = EINVAL;
4275 goto fail;
4276 }
4277 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
4278 sizeof(*lft0));
4279 if (sav->lft_h == NULL) {
4280 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4281 error = ENOBUFS;
4282 goto fail;
4283 }
4284 /* to be initialize ? */
4285 }
4286
4287 lft0 = (struct sadb_lifetime *)
4288 (void *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
4289 if (lft0 != NULL) {
4290 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
4291 ipseclog((LOG_DEBUG, "key_setsaval: invalid soft lifetime ext len.\n"));
4292 error = EINVAL;
4293 goto fail;
4294 }
4295 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
4296 sizeof(*lft0));
4297 if (sav->lft_s == NULL) {
4298 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4299 error = ENOBUFS;
4300 goto fail;
4301 }
4302 /* to be initialize ? */
4303 }
4304 }
4305
4306 return 0;
4307
4308fail:
4309 /* initialization */
4310 if (sav->replay != NULL) {
4311 keydb_delsecreplay(sav->replay);
4312 sav->replay = NULL;
4313 }
4314 if (sav->key_auth != NULL) {
4315 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4316 KFREE(sav->key_auth);
4317 sav->key_auth = NULL;
4318 }
4319 if (sav->key_enc != NULL) {
4320 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4321 KFREE(sav->key_enc);
4322 sav->key_enc = NULL;
4323 }
4324 if (sav->sched) {
4325 bzero(sav->sched, sav->schedlen);
4326 KFREE(sav->sched);
4327 sav->sched = NULL;
4328 }
4329 if (sav->iv != NULL) {
4330 KFREE(sav->iv);
4331 sav->iv = NULL;
4332 }
4333 if (sav->lft_c != NULL) {
4334 KFREE(sav->lft_c);
4335 sav->lft_c = NULL;
4336 }
4337 if (sav->lft_h != NULL) {
4338 KFREE(sav->lft_h);
4339 sav->lft_h = NULL;
4340 }
4341 if (sav->lft_s != NULL) {
4342 KFREE(sav->lft_s);
4343 sav->lft_s = NULL;
4344 }
4345
4346 return error;
4347}
4348
4349/*
4350 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4351 * You must update these if need.
4352 * OUT: 0: success.
4353 * !0: failure.
4354 *
4355 * does not modify mbuf. does not free mbuf on error.
4356 */
4357int
4358key_setsaval2(struct secasvar *sav,
4359 u_int8_t satype,
4360 u_int8_t alg_auth,
4361 u_int8_t alg_enc,
4362 u_int32_t flags,
4363 u_int8_t replay,
4364 struct sadb_key *key_auth,
4365 u_int16_t key_auth_len,
4366 struct sadb_key *key_enc,
4367 u_int16_t key_enc_len,
4368 u_int16_t natt_port,
4369 u_int32_t seq,
4370 u_int32_t spi,
4371 u_int32_t pid,
4372 struct sadb_lifetime *lifetime_hard,
4373 struct sadb_lifetime *lifetime_soft)
4374{
4375#if IPSEC_ESP
4376 const struct esp_algorithm *algo;
4377#endif
4378 int error = 0;
4379 struct timeval tv;
4380
4381 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4382
4383 /* initialization */
4384 sav->replay = NULL;
4385 sav->key_auth = NULL;
4386 sav->key_enc = NULL;
4387 sav->sched = NULL;
4388 sav->schedlen = 0;
4389 sav->iv = NULL;
4390 sav->lft_c = NULL;
4391 sav->lft_h = NULL;
4392 sav->lft_s = NULL;
4393 sav->remote_ike_port = 0;
4394 sav->natt_last_activity = natt_now;
4395 sav->natt_encapsulated_src_port = 0;
4396
4397 sav->alg_auth = alg_auth;
4398 sav->alg_enc = alg_enc;
4399 sav->flags = flags;
4400 sav->pid = pid;
4401 sav->seq = seq;
4402 key_setspi(sav, htonl(spi));
4403
4404 /*
4405 * Verify that a nat-traversal port was specified if
4406 * the nat-traversal flag is set.
4407 */
4408 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4409 if (natt_port == 0) {
4410 ipseclog((LOG_DEBUG, "key_setsaval2: natt port not set.\n"));
4411 error = EINVAL;
4412 goto fail;
4413 }
4414 sav->remote_ike_port = natt_port;
4415 }
4416
4417 /*
4418 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4419 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4420 * set (we're not behind nat) - otherwise clear it.
4421 */
4422 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4423 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4424 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4425 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4426
4427 /* replay window */
4428 if ((flags & SADB_X_EXT_OLD) == 0) {
4429 sav->replay = keydb_newsecreplay(replay);
4430 if (sav->replay == NULL) {
4431 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4432 error = ENOBUFS;
4433 goto fail;
4434 }
4435 }
4436
4437 /* Authentication keys */
4438 sav->key_auth = (__typeof__(sav->key_auth))key_newbuf(key_auth, key_auth_len);
4439 if (sav->key_auth == NULL) {
4440 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4441 error = ENOBUFS;
4442 goto fail;
4443 }
4444
4445 /* Encryption key */
4446 sav->key_enc = (__typeof__(sav->key_enc))key_newbuf(key_enc, key_enc_len);
4447 if (sav->key_enc == NULL) {
4448 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4449 error = ENOBUFS;
4450 goto fail;
4451 }
4452
4453 /* set iv */
4454 sav->ivlen = 0;
4455
4456 if (satype == SADB_SATYPE_ESP) {
4457#if IPSEC_ESP
4458 algo = esp_algorithm_lookup(sav->alg_enc);
4459 if (algo && algo->ivlen)
4460 sav->ivlen = (*algo->ivlen)(algo, sav);
4461 if (sav->ivlen != 0) {
4462 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4463 if (sav->iv == 0) {
4464 lck_mtx_unlock(sadb_mutex);
4465 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4466 lck_mtx_lock(sadb_mutex);
4467 if (sav->iv == 0) {
4468 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4469 error = ENOBUFS;
4470 goto fail;
4471 }
4472 }
4473 /* initialize */
4474 key_randomfill(sav->iv, sav->ivlen);
4475 }
4476#endif
4477 }
4478
4479 /* reset created */
4480 microtime(&tv);
4481 sav->created = tv.tv_sec;
4482
4483 /* make lifetime for CURRENT */
4484 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4485 sizeof(struct sadb_lifetime));
4486 if (sav->lft_c == NULL) {
4487 lck_mtx_unlock(sadb_mutex);
4488 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4489 sizeof(struct sadb_lifetime));
4490 lck_mtx_lock(sadb_mutex);
4491 if (sav->lft_c == NULL) {
4492 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4493 error = ENOBUFS;
4494 goto fail;
4495 }
4496 }
4497
4498 microtime(&tv);
4499
4500 sav->lft_c->sadb_lifetime_len =
4501 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4502 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4503 sav->lft_c->sadb_lifetime_allocations = 0;
4504 sav->lft_c->sadb_lifetime_bytes = 0;
4505 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4506 sav->lft_c->sadb_lifetime_usetime = 0;
4507
4508 /* lifetimes for HARD and SOFT */
4509 sav->lft_h = (__typeof__(sav->lft_h))key_newbuf(lifetime_hard,
4510 sizeof(*lifetime_hard));
4511 if (sav->lft_h == NULL) {
4512 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4513 error = ENOBUFS;
4514 goto fail;
4515 }
4516 sav->lft_s = (__typeof__(sav->lft_s))key_newbuf(lifetime_soft,
4517 sizeof(*lifetime_soft));
4518 if (sav->lft_s == NULL) {
4519 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4520 error = ENOBUFS;
4521 goto fail;
4522 }
4523
4524 return 0;
4525
4526fail:
4527 /* initialization */
4528 if (sav->replay != NULL) {
4529 keydb_delsecreplay(sav->replay);
4530 sav->replay = NULL;
4531 }
4532 if (sav->key_auth != NULL) {
4533 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4534 KFREE(sav->key_auth);
4535 sav->key_auth = NULL;
4536 }
4537 if (sav->key_enc != NULL) {
4538 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4539 KFREE(sav->key_enc);
4540 sav->key_enc = NULL;
4541 }
4542 if (sav->sched) {
4543 bzero(sav->sched, sav->schedlen);
4544 KFREE(sav->sched);
4545 sav->sched = NULL;
4546 }
4547 if (sav->iv != NULL) {
4548 KFREE(sav->iv);
4549 sav->iv = NULL;
4550 }
4551 if (sav->lft_c != NULL) {
4552 KFREE(sav->lft_c);
4553 sav->lft_c = NULL;
4554 }
4555 if (sav->lft_h != NULL) {
4556 KFREE(sav->lft_h);
4557 sav->lft_h = NULL;
4558 }
4559 if (sav->lft_s != NULL) {
4560 KFREE(sav->lft_s);
4561 sav->lft_s = NULL;
4562 }
4563
4564 return error;
4565}
4566
4567/*
4568 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
4569 * OUT: 0: valid
4570 * other: errno
4571 */
4572static int
4573key_mature(
4574 struct secasvar *sav)
4575{
4576 int mature;
4577 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4578 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4579
4580 mature = 0;
4581
4582 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4583
4584 /* check SPI value */
4585 switch (sav->sah->saidx.proto) {
4586 case IPPROTO_ESP:
4587 case IPPROTO_AH:
4588
4589 /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
4590 if (ntohl(sav->spi) <= 255) {
4591 ipseclog((LOG_DEBUG,
4592 "key_mature: illegal range of SPI %u.\n",
4593 (u_int32_t)ntohl(sav->spi)));
4594 return EINVAL;
4595 }
4596 break;
4597 }
4598
4599 /* check satype */
4600 switch (sav->sah->saidx.proto) {
4601 case IPPROTO_ESP:
4602 /* check flags */
4603 if ((sav->flags & SADB_X_EXT_OLD)
4604 && (sav->flags & SADB_X_EXT_DERIV)) {
4605 ipseclog((LOG_DEBUG, "key_mature: "
4606 "invalid flag (derived) given to old-esp.\n"));
4607 return EINVAL;
4608 }
4609 if (sav->alg_auth == SADB_AALG_NONE)
4610 checkmask = 1;
4611 else
4612 checkmask = 3;
4613 mustmask = 1;
4614 break;
4615 case IPPROTO_AH:
4616 /* check flags */
4617 if (sav->flags & SADB_X_EXT_DERIV) {
4618 ipseclog((LOG_DEBUG, "key_mature: "
4619 "invalid flag (derived) given to AH SA.\n"));
4620 return EINVAL;
4621 }
4622 if (sav->alg_enc != SADB_EALG_NONE) {
4623 ipseclog((LOG_DEBUG, "key_mature: "
4624 "protocol and algorithm mismated.\n"));
4625 return(EINVAL);
4626 }
4627 checkmask = 2;
4628 mustmask = 2;
4629 break;
4630 case IPPROTO_IPCOMP:
4631 if (sav->alg_auth != SADB_AALG_NONE) {
4632 ipseclog((LOG_DEBUG, "key_mature: "
4633 "protocol and algorithm mismated.\n"));
4634 return(EINVAL);
4635 }
4636 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
4637 && ntohl(sav->spi) >= 0x10000) {
4638 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
4639 return(EINVAL);
4640 }
4641 checkmask = 4;
4642 mustmask = 4;
4643 break;
4644 default:
4645 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
4646 return EPROTONOSUPPORT;
4647 }
4648
4649 /* check authentication algorithm */
4650 if ((checkmask & 2) != 0) {
4651 const struct ah_algorithm *algo;
4652 int keylen;
4653
4654 algo = ah_algorithm_lookup(sav->alg_auth);
4655 if (!algo) {
4656 ipseclog((LOG_DEBUG,"key_mature: "
4657 "unknown authentication algorithm.\n"));
4658 return EINVAL;
4659 }
4660
4661 /* algorithm-dependent check */
4662 if (sav->key_auth)
4663 keylen = sav->key_auth->sadb_key_bits;
4664 else
4665 keylen = 0;
4666 if (keylen < algo->keymin || algo->keymax < keylen) {
4667 ipseclog((LOG_DEBUG,
4668 "key_mature: invalid AH key length %d "
4669 "(%d-%d allowed)\n",
4670 keylen, algo->keymin, algo->keymax));
4671 return EINVAL;
4672 }
4673
4674 if (algo->mature) {
4675 if ((*algo->mature)(sav)) {
4676 /* message generated in per-algorithm function*/
4677 return EINVAL;
4678 } else
4679 mature = SADB_SATYPE_AH;
4680 }
4681
4682 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
4683 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
4684 return EINVAL;
4685 }
4686 }
4687
4688 /* check encryption algorithm */
4689 if ((checkmask & 1) != 0) {
4690#if IPSEC_ESP
4691 const struct esp_algorithm *algo;
4692 int keylen;
4693
4694 algo = esp_algorithm_lookup(sav->alg_enc);
4695 if (!algo) {
4696 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
4697 return EINVAL;
4698 }
4699
4700 /* algorithm-dependent check */
4701 if (sav->key_enc)
4702 keylen = sav->key_enc->sadb_key_bits;
4703 else
4704 keylen = 0;
4705 if (keylen < algo->keymin || algo->keymax < keylen) {
4706 ipseclog((LOG_DEBUG,
4707 "key_mature: invalid ESP key length %d "
4708 "(%d-%d allowed)\n",
4709 keylen, algo->keymin, algo->keymax));
4710 return EINVAL;
4711 }
4712
4713 if (algo->mature) {
4714 if ((*algo->mature)(sav)) {
4715 /* message generated in per-algorithm function*/
4716 return EINVAL;
4717 } else
4718 mature = SADB_SATYPE_ESP;
4719 }
4720
4721 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
4722 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
4723 return EINVAL;
4724 }
4725#else /*IPSEC_ESP*/
4726 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
4727 return EINVAL;
4728#endif
4729 }
4730
4731 /* check compression algorithm */
4732 if ((checkmask & 4) != 0) {
4733 const struct ipcomp_algorithm *algo;
4734
4735 /* algorithm-dependent check */
4736 algo = ipcomp_algorithm_lookup(sav->alg_enc);
4737 if (!algo) {
4738 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
4739 return EINVAL;
4740 }
4741 }
4742
4743 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
4744
4745 return 0;
4746}
4747
4748/*
4749 * subroutine for SADB_GET and SADB_DUMP.
4750 */
4751static struct mbuf *
4752key_setdumpsa(
4753 struct secasvar *sav,
4754 u_int8_t type,
4755 u_int8_t satype,
4756 u_int32_t seq,
4757 u_int32_t pid)
4758{
4759 struct mbuf *result = NULL, *tres = NULL, *m;
4760 int l = 0;
4761 int i;
4762 void *p;
4763 int dumporder[] = {
4764 SADB_EXT_SA, SADB_X_EXT_SA2,
4765 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
4766 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
4767 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
4768 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
4769 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
4770 };
4771
4772 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
4773 if (m == NULL)
4774 goto fail;
4775 result = m;
4776
4777 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
4778 m = NULL;
4779 p = NULL;
4780 switch (dumporder[i]) {
4781 case SADB_EXT_SA:
4782 m = key_setsadbsa(sav);
4783 if (!m)
4784 goto fail;
4785 break;
4786
4787 case SADB_X_EXT_SA2:
4788 m = key_setsadbxsa2(sav->sah->saidx.mode,
4789 sav->replay ? sav->replay->count : 0,
4790 sav->sah->saidx.reqid,
4791 sav->flags2);
4792 if (!m)
4793 goto fail;
4794 break;
4795
4796 case SADB_EXT_ADDRESS_SRC:
4797 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
4798 (struct sockaddr *)&sav->sah->saidx.src,
4799 FULLMASK, IPSEC_ULPROTO_ANY);
4800 if (!m)
4801 goto fail;
4802 break;
4803
4804 case SADB_EXT_ADDRESS_DST:
4805 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
4806 (struct sockaddr *)&sav->sah->saidx.dst,
4807 FULLMASK, IPSEC_ULPROTO_ANY);
4808 if (!m)
4809 goto fail;
4810 break;
4811
4812 case SADB_EXT_KEY_AUTH:
4813 if (!sav->key_auth)
4814 continue;
4815 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
4816 p = sav->key_auth;
4817 break;
4818
4819 case SADB_EXT_KEY_ENCRYPT:
4820 if (!sav->key_enc)
4821 continue;
4822 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
4823 p = sav->key_enc;
4824 break;
4825
4826 case SADB_EXT_LIFETIME_CURRENT:
4827 if (!sav->lft_c)
4828 continue;
4829 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
4830 p = sav->lft_c;
4831 break;
4832
4833 case SADB_EXT_LIFETIME_HARD:
4834 if (!sav->lft_h)
4835 continue;
4836 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
4837 p = sav->lft_h;
4838 break;
4839
4840 case SADB_EXT_LIFETIME_SOFT:
4841 if (!sav->lft_s)
4842 continue;
4843 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
4844 p = sav->lft_s;
4845 break;
4846
4847 case SADB_EXT_ADDRESS_PROXY:
4848 case SADB_EXT_IDENTITY_SRC:
4849 case SADB_EXT_IDENTITY_DST:
4850 /* XXX: should we brought from SPD ? */
4851 case SADB_EXT_SENSITIVITY:
4852 default:
4853 continue;
4854 }
4855
4856 if ((!m && !p) || (m && p))
4857 goto fail;
4858 if (p && tres) {
4859 M_PREPEND(tres, l, M_WAITOK);
4860 if (!tres)
4861 goto fail;
4862 bcopy(p, mtod(tres, caddr_t), l);
4863 continue;
4864 }
4865 if (p) {
4866 m = key_alloc_mbuf(l);
4867 if (!m)
4868 goto fail;
4869 m_copyback(m, 0, l, p);
4870 }
4871
4872 if (tres)
4873 m_cat(m, tres);
4874 tres = m;
4875 }
4876
4877 m_cat(result, tres);
4878
4879 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) {
4880 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0);
4881 if (!m)
4882 goto fail;
4883 m_cat(result, m);
4884 }
4885
4886 if (result->m_len < sizeof(struct sadb_msg)) {
4887 result = m_pullup(result, sizeof(struct sadb_msg));
4888 if (result == NULL)
4889 goto fail;
4890 }
4891
4892 result->m_pkthdr.len = 0;
4893 for (m = result; m; m = m->m_next)
4894 result->m_pkthdr.len += m->m_len;
4895
4896 mtod(result, struct sadb_msg *)->sadb_msg_len =
4897 PFKEY_UNIT64(result->m_pkthdr.len);
4898
4899 return result;
4900
4901fail:
4902 m_freem(result);
4903 m_freem(tres);
4904 return NULL;
4905}
4906
4907/*
4908 * set data into sadb_msg.
4909 */
4910static struct mbuf *
4911key_setsadbmsg(
4912 u_int8_t type,
4913 u_int16_t tlen,
4914 u_int8_t satype,
4915 u_int32_t seq,
4916 pid_t pid,
4917 u_int16_t reserved)
4918{
4919 struct mbuf *m;
4920 struct sadb_msg *p;
4921 int len;
4922
4923 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
4924 if (len > MCLBYTES)
4925 return NULL;
4926 MGETHDR(m, M_DONTWAIT, MT_DATA);
4927 if (m && len > MHLEN) {
4928 MCLGET(m, M_DONTWAIT);
4929 if ((m->m_flags & M_EXT) == 0) {
4930 m_freem(m);
4931 m = NULL;
4932 }
4933 }
4934 if (!m)
4935 return NULL;
4936 m->m_pkthdr.len = m->m_len = len;
4937 m->m_next = NULL;
4938
4939 p = mtod(m, struct sadb_msg *);
4940
4941 bzero(p, len);
4942 p->sadb_msg_version = PF_KEY_V2;
4943 p->sadb_msg_type = type;
4944 p->sadb_msg_errno = 0;
4945 p->sadb_msg_satype = satype;
4946 p->sadb_msg_len = PFKEY_UNIT64(tlen);
4947 p->sadb_msg_reserved = reserved;
4948 p->sadb_msg_seq = seq;
4949 p->sadb_msg_pid = (u_int32_t)pid;
4950
4951 return m;
4952}
4953
4954/*
4955 * copy secasvar data into sadb_address.
4956 */
4957static struct mbuf *
4958key_setsadbsa(
4959 struct secasvar *sav)
4960{
4961 struct mbuf *m;
4962 struct sadb_sa *p;
4963 int len;
4964
4965 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4966 m = key_alloc_mbuf(len);
4967 if (!m || m->m_next) { /*XXX*/
4968 if (m)
4969 m_freem(m);
4970 return NULL;
4971 }
4972
4973 p = mtod(m, struct sadb_sa *);
4974
4975 bzero(p, len);
4976 p->sadb_sa_len = PFKEY_UNIT64(len);
4977 p->sadb_sa_exttype = SADB_EXT_SA;
4978 p->sadb_sa_spi = sav->spi;
4979 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
4980 p->sadb_sa_state = sav->state;
4981 p->sadb_sa_auth = sav->alg_auth;
4982 p->sadb_sa_encrypt = sav->alg_enc;
4983 p->sadb_sa_flags = sav->flags;
4984
4985 return m;
4986}
4987
4988/*
4989 * set data into sadb_address.
4990 */
4991static struct mbuf *
4992key_setsadbaddr(
4993 u_int16_t exttype,
4994 struct sockaddr *saddr,
4995 u_int8_t prefixlen,
4996 u_int16_t ul_proto)
4997{
4998 struct mbuf *m;
4999 struct sadb_address *p;
5000 size_t len;
5001
5002 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
5003 PFKEY_ALIGN8(saddr->sa_len);
5004 m = key_alloc_mbuf(len);
5005 if (!m || m->m_next) { /*XXX*/
5006 if (m)
5007 m_freem(m);
5008 return NULL;
5009 }
5010
5011 p = mtod(m, struct sadb_address *);
5012
5013 bzero(p, len);
5014 p->sadb_address_len = PFKEY_UNIT64(len);
5015 p->sadb_address_exttype = exttype;
5016 p->sadb_address_proto = ul_proto;
5017 if (prefixlen == FULLMASK) {
5018 switch (saddr->sa_family) {
5019 case AF_INET:
5020 prefixlen = sizeof(struct in_addr) << 3;
5021 break;
5022 case AF_INET6:
5023 prefixlen = sizeof(struct in6_addr) << 3;
5024 break;
5025 default:
5026 ; /*XXX*/
5027 }
5028 }
5029 p->sadb_address_prefixlen = prefixlen;
5030 p->sadb_address_reserved = 0;
5031
5032 bcopy(saddr,
5033 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
5034 saddr->sa_len);
5035
5036 return m;
5037}
5038
5039static struct mbuf *
5040key_setsadbipsecif(ifnet_t internal_if,
5041 ifnet_t outgoing_if,
5042 ifnet_t ipsec_if,
5043 int init_disabled)
5044{
5045 struct mbuf *m;
5046 struct sadb_x_ipsecif *p;
5047 size_t len;
5048
5049 len = PFKEY_ALIGN8(sizeof(struct sadb_x_ipsecif));
5050 m = key_alloc_mbuf(len);
5051 if (!m || m->m_next) { /*XXX*/
5052 if (m)
5053 m_freem(m);
5054 return NULL;
5055 }
5056
5057 p = mtod(m, struct sadb_x_ipsecif *);
5058
5059 bzero(p, len);
5060 p->sadb_x_ipsecif_len = PFKEY_UNIT64(len);
5061 p->sadb_x_ipsecif_exttype = SADB_X_EXT_IPSECIF;
5062
5063 if (internal_if && internal_if->if_xname)
5064 strlcpy(p->sadb_x_ipsecif_internal_if, internal_if->if_xname, IFXNAMSIZ);
5065 if (outgoing_if && outgoing_if->if_xname)
5066 strlcpy(p->sadb_x_ipsecif_outgoing_if, outgoing_if->if_xname, IFXNAMSIZ);
5067 if (ipsec_if && ipsec_if->if_xname)
5068 strlcpy(p->sadb_x_ipsecif_ipsec_if, ipsec_if->if_xname, IFXNAMSIZ);
5069
5070 p->sadb_x_ipsecif_init_disabled = init_disabled;
5071
5072 return m;
5073}
5074
5075/*
5076 * set data into sadb_session_id
5077 */
5078static struct mbuf *
5079key_setsadbsession_id (u_int64_t session_ids[])
5080{
5081 struct mbuf *m;
5082 struct sadb_session_id *p;
5083 size_t len;
5084
5085 len = PFKEY_ALIGN8(sizeof(*p));
5086 m = key_alloc_mbuf(len);
5087 if (!m || m->m_next) { /*XXX*/
5088 if (m)
5089 m_freem(m);
5090 return NULL;
5091 }
5092
5093 p = mtod(m, __typeof__(p));
5094
5095 bzero(p, len);
5096 p->sadb_session_id_len = PFKEY_UNIT64(len);
5097 p->sadb_session_id_exttype = SADB_EXT_SESSION_ID;
5098 p->sadb_session_id_v[0] = session_ids[0];
5099 p->sadb_session_id_v[1] = session_ids[1];
5100
5101 return m;
5102}
5103
5104/*
5105 * copy stats data into sadb_sastat type.
5106 */
5107static struct mbuf *
5108key_setsadbsastat (u_int32_t dir,
5109 struct sastat *stats,
5110 u_int32_t max_stats)
5111{
5112 struct mbuf *m;
5113 struct sadb_sastat *p;
5114 int list_len, len;
5115
5116 if (!stats) {
5117 return NULL;
5118 }
5119
5120 list_len = sizeof(*stats) * max_stats;
5121 len = PFKEY_ALIGN8(sizeof(*p)) + PFKEY_ALIGN8(list_len);
5122 m = key_alloc_mbuf(len);
5123 if (!m || m->m_next) { /*XXX*/
5124 if (m)
5125 m_freem(m);
5126 return NULL;
5127 }
5128
5129 p = mtod(m, __typeof__(p));
5130
5131 bzero(p, len);
5132 p->sadb_sastat_len = PFKEY_UNIT64(len);
5133 p->sadb_sastat_exttype = SADB_EXT_SASTAT;
5134 p->sadb_sastat_dir = dir;
5135 p->sadb_sastat_list_len = max_stats;
5136 if (list_len) {
5137 bcopy(stats,
5138 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(*p)),
5139 list_len);
5140 }
5141
5142 return m;
5143}
5144
5145#if 0
5146/*
5147 * set data into sadb_ident.
5148 */
5149static struct mbuf *
5150key_setsadbident(
5151 u_int16_t exttype,
5152 u_int16_t idtype,
5153 caddr_t string,
5154 int stringlen,
5155 u_int64_t id)
5156{
5157 struct mbuf *m;
5158 struct sadb_ident *p;
5159 size_t len;
5160
5161 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
5162 m = key_alloc_mbuf(len);
5163 if (!m || m->m_next) { /*XXX*/
5164 if (m)
5165 m_freem(m);
5166 return NULL;
5167 }
5168
5169 p = mtod(m, struct sadb_ident *);
5170
5171 bzero(p, len);
5172 p->sadb_ident_len = PFKEY_UNIT64(len);
5173 p->sadb_ident_exttype = exttype;
5174 p->sadb_ident_type = idtype;
5175 p->sadb_ident_reserved = 0;
5176 p->sadb_ident_id = id;
5177
5178 bcopy(string,
5179 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
5180 stringlen);
5181
5182 return m;
5183}
5184#endif
5185
5186/*
5187 * set data into sadb_x_sa2.
5188 */
5189static struct mbuf *
5190key_setsadbxsa2(
5191 u_int8_t mode,
5192 u_int32_t seq,
5193 u_int32_t reqid,
5194 u_int16_t flags)
5195{
5196 struct mbuf *m;
5197 struct sadb_x_sa2 *p;
5198 size_t len;
5199
5200 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
5201 m = key_alloc_mbuf(len);
5202 if (!m || m->m_next) { /*XXX*/
5203 if (m)
5204 m_freem(m);
5205 return NULL;
5206 }
5207
5208 p = mtod(m, struct sadb_x_sa2 *);
5209
5210 bzero(p, len);
5211 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
5212 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
5213 p->sadb_x_sa2_mode = mode;
5214 p->sadb_x_sa2_reserved1 = 0;
5215 p->sadb_x_sa2_reserved2 = 0;
5216 p->sadb_x_sa2_sequence = seq;
5217 p->sadb_x_sa2_reqid = reqid;
5218 p->sadb_x_sa2_flags = flags;
5219
5220 return m;
5221}
5222
5223/*
5224 * set data into sadb_x_policy
5225 */
5226static struct mbuf *
5227key_setsadbxpolicy(
5228 u_int16_t type,
5229 u_int8_t dir,
5230 u_int32_t id)
5231{
5232 struct mbuf *m;
5233 struct sadb_x_policy *p;
5234 size_t len;
5235
5236 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
5237 m = key_alloc_mbuf(len);
5238 if (!m || m->m_next) { /*XXX*/
5239 if (m)
5240 m_freem(m);
5241 return NULL;
5242 }
5243
5244 p = mtod(m, struct sadb_x_policy *);
5245
5246 bzero(p, len);
5247 p->sadb_x_policy_len = PFKEY_UNIT64(len);
5248 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
5249 p->sadb_x_policy_type = type;
5250 p->sadb_x_policy_dir = dir;
5251 p->sadb_x_policy_id = id;
5252
5253 return m;
5254}
5255
5256/* %%% utilities */
5257/*
5258 * copy a buffer into the new buffer allocated.
5259 */
5260static void *
5261key_newbuf(
5262 const void *src,
5263 u_int len)
5264{
5265 caddr_t new;
5266
5267 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5268 KMALLOC_NOWAIT(new, caddr_t, len);
5269 if (new == NULL) {
5270 lck_mtx_unlock(sadb_mutex);
5271 KMALLOC_WAIT(new, caddr_t, len);
5272 lck_mtx_lock(sadb_mutex);
5273 if (new == NULL) {
5274 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
5275 return NULL;
5276 }
5277 }
5278 bcopy(src, new, len);
5279
5280 return new;
5281}
5282
5283/* compare my own address
5284 * OUT: 1: true, i.e. my address.
5285 * 0: false
5286 */
5287int
5288key_ismyaddr(
5289 struct sockaddr *sa)
5290{
5291#if INET
5292 struct sockaddr_in *sin;
5293 struct in_ifaddr *ia;
5294#endif
5295
5296 /* sanity check */
5297 if (sa == NULL)
5298 panic("key_ismyaddr: NULL pointer is passed.\n");
5299
5300 switch (sa->sa_family) {
5301#if INET
5302 case AF_INET:
5303 lck_rw_lock_shared(in_ifaddr_rwlock);
5304 sin = (struct sockaddr_in *)(void *)sa;
5305 for (ia = in_ifaddrhead.tqh_first; ia;
5306 ia = ia->ia_link.tqe_next) {
5307 IFA_LOCK_SPIN(&ia->ia_ifa);
5308 if (sin->sin_family == ia->ia_addr.sin_family &&
5309 sin->sin_len == ia->ia_addr.sin_len &&
5310 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
5311 {
5312 IFA_UNLOCK(&ia->ia_ifa);
5313 lck_rw_done(in_ifaddr_rwlock);
5314 return 1;
5315 }
5316 IFA_UNLOCK(&ia->ia_ifa);
5317 }
5318 lck_rw_done(in_ifaddr_rwlock);
5319 break;
5320#endif
5321#if INET6
5322 case AF_INET6:
5323 return key_ismyaddr6((struct sockaddr_in6 *)(void *)sa);
5324#endif
5325 }
5326
5327 return 0;
5328}
5329
5330#if INET6
5331/*
5332 * compare my own address for IPv6.
5333 * 1: ours
5334 * 0: other
5335 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
5336 */
5337#include <netinet6/in6_var.h>
5338
5339static int
5340key_ismyaddr6(
5341 struct sockaddr_in6 *sin6)
5342{
5343 struct in6_ifaddr *ia;
5344 struct in6_multi *in6m;
5345
5346 lck_rw_lock_shared(&in6_ifaddr_rwlock);
5347 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
5348 IFA_LOCK(&ia->ia_ifa);
5349 if (key_sockaddrcmp((struct sockaddr *)&sin6,
5350 (struct sockaddr *)&ia->ia_addr, 0) == 0) {
5351 IFA_UNLOCK(&ia->ia_ifa);
5352 lck_rw_done(&in6_ifaddr_rwlock);
5353 return 1;
5354 }
5355 IFA_UNLOCK(&ia->ia_ifa);
5356
5357 /*
5358 * XXX Multicast
5359 * XXX why do we care about multlicast here while we don't care
5360 * about IPv4 multicast??
5361 * XXX scope
5362 */
5363 in6m = NULL;
5364 in6_multihead_lock_shared();
5365 IN6_LOOKUP_MULTI(&sin6->sin6_addr, ia->ia_ifp, in6m);
5366 in6_multihead_lock_done();
5367 if (in6m != NULL) {
5368 lck_rw_done(&in6_ifaddr_rwlock);
5369 IN6M_REMREF(in6m);
5370 return 1;
5371 }
5372 }
5373 lck_rw_done(&in6_ifaddr_rwlock);
5374
5375 /* loopback, just for safety */
5376 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
5377 return 1;
5378
5379 return 0;
5380}
5381#endif /*INET6*/
5382
5383/*
5384 * compare two secasindex structure.
5385 * flag can specify to compare 2 saidxes.
5386 * compare two secasindex structure without both mode and reqid.
5387 * don't compare port.
5388 * IN:
5389 * saidx0: source, it can be in SAD.
5390 * saidx1: object.
5391 * OUT:
5392 * 1 : equal
5393 * 0 : not equal
5394 */
5395static int
5396key_cmpsaidx(
5397 struct secasindex *saidx0,
5398 struct secasindex *saidx1,
5399 int flag)
5400{
5401 /* sanity */
5402 if (saidx0 == NULL && saidx1 == NULL)
5403 return 1;
5404
5405 if (saidx0 == NULL || saidx1 == NULL)
5406 return 0;
5407
5408 if (saidx0->ipsec_ifindex != 0 && saidx0->ipsec_ifindex != saidx1->ipsec_ifindex)
5409 return 0;
5410
5411 if (saidx0->proto != saidx1->proto)
5412 return 0;
5413
5414 if (flag == CMP_EXACTLY) {
5415 if (saidx0->mode != saidx1->mode)
5416 return 0;
5417 if (saidx0->reqid != saidx1->reqid)
5418 return 0;
5419 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
5420 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
5421 return 0;
5422 } else {
5423
5424 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
5425 if (flag & CMP_REQID) {
5426 /*
5427 * If reqid of SPD is non-zero, unique SA is required.
5428 * The result must be of same reqid in this case.
5429 */
5430 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
5431 return 0;
5432 }
5433
5434 if (flag & CMP_MODE) {
5435 if (saidx0->mode != IPSEC_MODE_ANY
5436 && saidx0->mode != saidx1->mode)
5437 return 0;
5438 }
5439
5440 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
5441 (struct sockaddr *)&saidx1->src, flag & CMP_PORT ? 1 : 0) != 0) {
5442 return 0;
5443 }
5444 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
5445 (struct sockaddr *)&saidx1->dst, flag & CMP_PORT ? 1 : 0) != 0) {
5446 return 0;
5447 }
5448 }
5449
5450 return 1;
5451}
5452
5453/*
5454 * compare two secindex structure exactly.
5455 * IN:
5456 * spidx0: source, it is often in SPD.
5457 * spidx1: object, it is often from PFKEY message.
5458 * OUT:
5459 * 1 : equal
5460 * 0 : not equal
5461 */
5462static int
5463key_cmpspidx_exactly(
5464 struct secpolicyindex *spidx0,
5465 struct secpolicyindex *spidx1)
5466{
5467 /* sanity */
5468 if (spidx0 == NULL && spidx1 == NULL)
5469 return 1;
5470
5471 if (spidx0 == NULL || spidx1 == NULL)
5472 return 0;
5473
5474 if (spidx0->prefs != spidx1->prefs
5475 || spidx0->prefd != spidx1->prefd
5476 || spidx0->ul_proto != spidx1->ul_proto
5477 || spidx0->internal_if != spidx1->internal_if)
5478 return 0;
5479
5480 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
5481 (struct sockaddr *)&spidx1->src, 1) != 0) {
5482 return 0;
5483 }
5484 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
5485 (struct sockaddr *)&spidx1->dst, 1) != 0) {
5486 return 0;
5487 }
5488
5489 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.start,
5490 (struct sockaddr *)&spidx1->src_range.start, 1) != 0) {
5491 return 0;
5492 }
5493 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.end,
5494 (struct sockaddr *)&spidx1->src_range.end, 1) != 0) {
5495 return 0;
5496 }
5497 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.start,
5498 (struct sockaddr *)&spidx1->dst_range.start, 1) != 0) {
5499 return 0;
5500 }
5501 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.end,
5502 (struct sockaddr *)&spidx1->dst_range.end, 1) != 0) {
5503 return 0;
5504 }
5505
5506 return 1;
5507}
5508
5509/*
5510 * compare two secindex structure with mask.
5511 * IN:
5512 * spidx0: source, it is often in SPD.
5513 * spidx1: object, it is often from IP header.
5514 * OUT:
5515 * 1 : equal
5516 * 0 : not equal
5517 */
5518static int
5519key_cmpspidx_withmask(
5520 struct secpolicyindex *spidx0,
5521 struct secpolicyindex *spidx1)
5522{
5523 int spidx0_src_is_range = 0;
5524 int spidx0_dst_is_range = 0;
5525
5526 /* sanity */
5527 if (spidx0 == NULL && spidx1 == NULL)
5528 return 1;
5529
5530 if (spidx0 == NULL || spidx1 == NULL)
5531 return 0;
5532
5533 if (spidx0->src_range.start.ss_len > 0)
5534 spidx0_src_is_range = 1;
5535
5536 if (spidx0->dst_range.start.ss_len > 0)
5537 spidx0_dst_is_range = 1;
5538
5539 if ((spidx0_src_is_range ? spidx0->src_range.start.ss_family : spidx0->src.ss_family) != spidx1->src.ss_family ||
5540 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_family : spidx0->dst.ss_family) != spidx1->dst.ss_family ||
5541 (spidx0_src_is_range ? spidx0->src_range.start.ss_len : spidx0->src.ss_len) != spidx1->src.ss_len ||
5542 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_len : spidx0->dst.ss_len) != spidx1->dst.ss_len)
5543 return 0;
5544
5545 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
5546 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
5547 && spidx0->ul_proto != spidx1->ul_proto)
5548 return 0;
5549
5550 /* If spidx1 specifies interface, ignore src addr */
5551 if (spidx1->internal_if != NULL) {
5552 if (spidx0->internal_if == NULL
5553 || spidx0->internal_if != spidx1->internal_if)
5554 return 0;
5555
5556 /* Still check ports */
5557 switch (spidx0->src.ss_family) {
5558 case AF_INET:
5559 if (spidx0_src_is_range &&
5560 (satosin(&spidx1->src)->sin_port < satosin(&spidx0->src_range.start)->sin_port
5561 || satosin(&spidx1->src)->sin_port > satosin(&spidx0->src_range.end)->sin_port))
5562 return 0;
5563 else if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5564 && satosin(&spidx0->src)->sin_port !=
5565 satosin(&spidx1->src)->sin_port)
5566 return 0;
5567 break;
5568 case AF_INET6:
5569 if (spidx0_src_is_range &&
5570 (satosin6(&spidx1->src)->sin6_port < satosin6(&spidx0->src_range.start)->sin6_port
5571 || satosin6(&spidx1->src)->sin6_port > satosin6(&spidx0->src_range.end)->sin6_port))
5572 return 0;
5573 else if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5574 && satosin6(&spidx0->src)->sin6_port !=
5575 satosin6(&spidx1->src)->sin6_port)
5576 return 0;
5577 break;
5578 default:
5579 break;
5580 }
5581 } else if (spidx0_src_is_range) {
5582 if (!key_is_addr_in_range(&spidx1->src, &spidx0->src_range))
5583 return 0;
5584 } else {
5585 switch (spidx0->src.ss_family) {
5586 case AF_INET:
5587 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5588 && satosin(&spidx0->src)->sin_port !=
5589 satosin(&spidx1->src)->sin_port)
5590 return 0;
5591 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
5592 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
5593 return 0;
5594 break;
5595 case AF_INET6:
5596 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5597 && satosin6(&spidx0->src)->sin6_port !=
5598 satosin6(&spidx1->src)->sin6_port)
5599 return 0;
5600 /*
5601 * scope_id check. if sin6_scope_id is 0, we regard it
5602 * as a wildcard scope, which matches any scope zone ID.
5603 */
5604 if (satosin6(&spidx0->src)->sin6_scope_id &&
5605 satosin6(&spidx1->src)->sin6_scope_id &&
5606 satosin6(&spidx0->src)->sin6_scope_id !=
5607 satosin6(&spidx1->src)->sin6_scope_id)
5608 return 0;
5609 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
5610 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
5611 return 0;
5612 break;
5613 default:
5614 /* XXX */
5615 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
5616 return 0;
5617 break;
5618 }
5619 }
5620
5621 if (spidx0_dst_is_range) {
5622 if (!key_is_addr_in_range(&spidx1->dst, &spidx0->dst_range))
5623 return 0;
5624 } else {
5625 switch (spidx0->dst.ss_family) {
5626 case AF_INET:
5627 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY
5628 && satosin(&spidx0->dst)->sin_port !=
5629 satosin(&spidx1->dst)->sin_port)
5630 return 0;
5631 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
5632 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
5633 return 0;
5634 break;
5635 case AF_INET6:
5636 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY
5637 && satosin6(&spidx0->dst)->sin6_port !=
5638 satosin6(&spidx1->dst)->sin6_port)
5639 return 0;
5640 /*
5641 * scope_id check. if sin6_scope_id is 0, we regard it
5642 * as a wildcard scope, which matches any scope zone ID.
5643 */
5644 if (satosin6(&spidx0->src)->sin6_scope_id &&
5645 satosin6(&spidx1->src)->sin6_scope_id &&
5646 satosin6(&spidx0->dst)->sin6_scope_id !=
5647 satosin6(&spidx1->dst)->sin6_scope_id)
5648 return 0;
5649 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
5650 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
5651 return 0;
5652 break;
5653 default:
5654 /* XXX */
5655 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
5656 return 0;
5657 break;
5658 }
5659 }
5660
5661 /* XXX Do we check other field ? e.g. flowinfo */
5662
5663 return 1;
5664}
5665
5666static int
5667key_is_addr_in_range(struct sockaddr_storage *addr, struct secpolicyaddrrange *addr_range)
5668{
5669 int cmp = 0;
5670
5671 if (addr == NULL || addr_range == NULL)
5672 return 0;
5673
5674 /* Must be greater than or equal to start */
5675 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->start, 1);
5676 if (cmp != 0 && cmp != 1)
5677 return 0;
5678
5679 /* Must be less than or equal to end */
5680 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->end, 1);
5681 if (cmp != 0 && cmp != -1)
5682 return 0;
5683
5684 return 1;
5685}
5686
5687/*
5688 Return values:
5689 -1: sa1 < sa2
5690 0: sa1 == sa2
5691 1: sa1 > sa2
5692 2: Not comparable or error
5693 */
5694static int
5695key_sockaddrcmp(
5696 struct sockaddr *sa1,
5697 struct sockaddr *sa2,
5698 int port)
5699{
5700 int result = 0;
5701 int port_result = 0;
5702
5703 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
5704 return 2;
5705
5706 if (sa1->sa_len == 0)
5707 return 0;
5708
5709 switch (sa1->sa_family) {
5710 case AF_INET:
5711 if (sa1->sa_len != sizeof(struct sockaddr_in))
5712 return 2;
5713
5714 result = memcmp(&satosin(sa1)->sin_addr.s_addr, &satosin(sa2)->sin_addr.s_addr, sizeof(satosin(sa1)->sin_addr.s_addr));
5715
5716 if (port) {
5717 if (satosin(sa1)->sin_port < satosin(sa2)->sin_port) {
5718 port_result = -1;
5719 } else if (satosin(sa1)->sin_port > satosin(sa2)->sin_port) {
5720 port_result = 1;
5721 }
5722
5723 if (result == 0)
5724 result = port_result;
5725 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5726 return 2;
5727 }
5728
5729 break;
5730 case AF_INET6:
5731 if (sa1->sa_len != sizeof(struct sockaddr_in6))
5732 return 2; /*EINVAL*/
5733
5734 if (satosin6(sa1)->sin6_scope_id !=
5735 satosin6(sa2)->sin6_scope_id) {
5736 return 2;
5737 }
5738
5739 result = memcmp(&satosin6(sa1)->sin6_addr.s6_addr[0], &satosin6(sa2)->sin6_addr.s6_addr[0], sizeof(struct in6_addr));
5740
5741 if (port) {
5742 if (satosin6(sa1)->sin6_port < satosin6(sa2)->sin6_port) {
5743 port_result = -1;
5744 } else if (satosin6(sa1)->sin6_port > satosin6(sa2)->sin6_port) {
5745 port_result = 1;
5746 }
5747
5748 if (result == 0)
5749 result = port_result;
5750 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5751 return 2;
5752 }
5753
5754 break;
5755 default:
5756 result = memcmp(sa1, sa2, sa1->sa_len);
5757 break;
5758 }
5759
5760 if (result < 0) result = -1;
5761 else if (result > 0) result = 1;
5762
5763 return result;
5764}
5765
5766/*
5767 * compare two buffers with mask.
5768 * IN:
5769 * addr1: source
5770 * addr2: object
5771 * bits: Number of bits to compare
5772 * OUT:
5773 * 1 : equal
5774 * 0 : not equal
5775 */
5776static int
5777key_bbcmp(
5778 caddr_t p1,
5779 caddr_t p2,
5780 u_int bits)
5781{
5782 u_int8_t mask;
5783
5784 /* XXX: This could be considerably faster if we compare a word
5785 * at a time, but it is complicated on LSB Endian machines */
5786
5787 /* Handle null pointers */
5788 if (p1 == NULL || p2 == NULL)
5789 return (p1 == p2);
5790
5791 while (bits >= 8) {
5792 if (*p1++ != *p2++)
5793 return 0;
5794 bits -= 8;
5795 }
5796
5797 if (bits > 0) {
5798 mask = ~((1<<(8-bits))-1);
5799 if ((*p1 & mask) != (*p2 & mask))
5800 return 0;
5801 }
5802 return 1; /* Match! */
5803}
5804
5805/*
5806 * time handler.
5807 * scanning SPD and SAD to check status for each entries,
5808 * and do to remove or to expire.
5809 * XXX: year 2038 problem may remain.
5810 */
5811int key_timehandler_debug = 0;
5812u_int32_t spd_count = 0, sah_count = 0, dead_sah_count = 0, empty_sah_count = 0, larval_sav_count = 0, mature_sav_count = 0, dying_sav_count = 0, dead_sav_count = 0;
5813u_int64_t total_sav_count = 0;
5814void
5815key_timehandler(void)
5816{
5817 u_int dir;
5818 struct timeval tv;
5819 struct secpolicy **spbuf = NULL, **spptr = NULL;
5820 struct secasvar **savexbuf = NULL, **savexptr = NULL;
5821 struct secasvar **savkabuf = NULL, **savkaptr = NULL;
5822 int spbufcount = 0, savbufcount = 0, spcount = 0, savexcount = 0, savkacount = 0, cnt;
5823 int stop_handler = 1; /* stop the timehandler */
5824
5825 microtime(&tv);
5826
5827 /* pre-allocate buffers before taking the lock */
5828 /* if allocation failures occur - portions of the processing will be skipped */
5829 if ((spbufcount = ipsec_policy_count) != 0) {
5830 spbufcount += 256;
5831 KMALLOC_WAIT(spbuf, struct secpolicy **, spbufcount * sizeof(struct secpolicy *));
5832 if (spbuf)
5833 spptr = spbuf;
5834 }
5835 if ((savbufcount = ipsec_sav_count) != 0) {
5836 savbufcount += 512;
5837 KMALLOC_WAIT(savexbuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5838 if (savexbuf)
5839 savexptr = savexbuf;
5840 KMALLOC_WAIT(savkabuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5841 if (savkabuf)
5842 savkaptr = savkabuf;
5843 }
5844 lck_mtx_lock(sadb_mutex);
5845 /* SPD */
5846 if (spbuf) {
5847
5848 struct secpolicy *sp, *nextsp;
5849
5850 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
5851 for (sp = LIST_FIRST(&sptree[dir]);
5852 sp != NULL;
5853 sp = nextsp) {
5854
5855 /* don't prevent timehandler from stopping for generate policy */
5856 if (sp->policy != IPSEC_POLICY_GENERATE)
5857 stop_handler = 0;
5858 spd_count++;
5859 nextsp = LIST_NEXT(sp, chain);
5860
5861 if (sp->state == IPSEC_SPSTATE_DEAD) {
5862 key_freesp(sp, KEY_SADB_LOCKED);
5863 continue;
5864 }
5865
5866 if (sp->lifetime == 0 && sp->validtime == 0)
5867 continue;
5868 if (spbuf && spcount < spbufcount) {
5869 /* the deletion will occur next time */
5870 if ((sp->lifetime
5871 && tv.tv_sec - sp->created > sp->lifetime)
5872 || (sp->validtime
5873 && tv.tv_sec - sp->lastused > sp->validtime)) {
5874 //key_spdexpire(sp);
5875 sp->state = IPSEC_SPSTATE_DEAD;
5876 sp->refcnt++;
5877 *spptr++ = sp;
5878 spcount++;
5879 }
5880 }
5881 }
5882 }
5883 }
5884
5885 /* SAD */
5886 {
5887 struct secashead *sah, *nextsah;
5888 struct secasvar *sav, *nextsav;
5889
5890 for (sah = LIST_FIRST(&sahtree);
5891 sah != NULL;
5892 sah = nextsah) {
5893
5894 sah_count++;
5895 nextsah = LIST_NEXT(sah, chain);
5896
5897 /* if sah has been dead, then delete it and process next sah. */
5898 if (sah->state == SADB_SASTATE_DEAD) {
5899 key_delsah(sah);
5900 dead_sah_count++;
5901 continue;
5902 }
5903
5904 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL &&
5905 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL &&
5906 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL &&
5907 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) {
5908 key_delsah(sah);
5909 empty_sah_count++;
5910 continue;
5911 }
5912
5913 if (savbufcount == 0) {
5914 continue;
5915 }
5916
5917 stop_handler = 0;
5918
5919 /* if LARVAL entry doesn't become MATURE, delete it. */
5920 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
5921 sav != NULL;
5922 sav = nextsav) {
5923
5924 larval_sav_count++;
5925 total_sav_count++;
5926 nextsav = LIST_NEXT(sav, chain);
5927
5928 if (sav->lft_h != NULL) {
5929 /* If a hard lifetime is defined for the LARVAL SA, use it */
5930 if (sav->lft_h->sadb_lifetime_addtime != 0
5931 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
5932 if (sav->always_expire) {
5933 key_send_delete(sav);
5934 sav = NULL;
5935 } else {
5936 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5937 key_freesav(sav, KEY_SADB_LOCKED);
5938 sav = NULL;
5939 }
5940 }
5941 } else {
5942 if (tv.tv_sec - sav->created > key_larval_lifetime) {
5943 key_freesav(sav, KEY_SADB_LOCKED);
5944 }
5945 }
5946 }
5947
5948 /*
5949 * If this is a NAT traversal SA with no activity,
5950 * we need to send a keep alive.
5951 *
5952 * Performed outside of the loop before so we will
5953 * only ever send one keepalive. The first SA on
5954 * the list is the one that will be used for sending
5955 * traffic, so this is the one we use for determining
5956 * when to send the keepalive.
5957 */
5958 if (savkabuf && savkacount < savbufcount) {
5959 sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this is empty???
5960 if (sav && (natt_keepalive_interval || sav->natt_interval) &&
5961 (sav->flags & (SADB_X_EXT_NATT_KEEPALIVE | SADB_X_EXT_ESP_KEEPALIVE)) != 0) {
5962 sav->refcnt++;
5963 *savkaptr++ = sav;
5964 savkacount++;
5965 }
5966 }
5967
5968 /*
5969 * check MATURE entry to start to send expire message
5970 * whether or not.
5971 */
5972 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
5973 sav != NULL;
5974 sav = nextsav) {
5975
5976 mature_sav_count++;
5977 total_sav_count++;
5978 nextsav = LIST_NEXT(sav, chain);
5979
5980 /* we don't need to check. */
5981 if (sav->lft_s == NULL)
5982 continue;
5983
5984 /* sanity check */
5985 if (sav->lft_c == NULL) {
5986 ipseclog((LOG_DEBUG,"key_timehandler: "
5987 "There is no CURRENT time, why?\n"));
5988 continue;
5989 }
5990
5991 /* check SOFT lifetime */
5992 if (sav->lft_s->sadb_lifetime_addtime != 0
5993 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
5994 /*
5995 * If always_expire is set, expire. Otherwise,
5996 * if the SA has not been used, delete immediately.
5997 */
5998 if (sav->lft_c->sadb_lifetime_usetime == 0
5999 && sav->always_expire == 0) {
6000 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6001 key_freesav(sav, KEY_SADB_LOCKED);
6002 sav = NULL;
6003 } else if (savexbuf && savexcount < savbufcount) {
6004 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6005 sav->refcnt++;
6006 *savexptr++ = sav;
6007 savexcount++;
6008 }
6009 }
6010
6011 /* check SOFT lifetime by bytes */
6012 /*
6013 * XXX I don't know the way to delete this SA
6014 * when new SA is installed. Caution when it's
6015 * installed too big lifetime by time.
6016 */
6017 else if (savexbuf && savexcount < savbufcount
6018 && sav->lft_s->sadb_lifetime_bytes != 0
6019 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6020
6021 /*
6022 * XXX If we keep to send expire
6023 * message in the status of
6024 * DYING. Do remove below code.
6025 */
6026 //key_expire(sav);
6027 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6028 sav->refcnt++;
6029 *savexptr++ = sav;
6030 savexcount++;
6031 }
6032 }
6033
6034 /* check DYING entry to change status to DEAD. */
6035 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
6036 sav != NULL;
6037 sav = nextsav) {
6038
6039 dying_sav_count++;
6040 total_sav_count++;
6041 nextsav = LIST_NEXT(sav, chain);
6042
6043 /* we don't need to check. */
6044 if (sav->lft_h == NULL)
6045 continue;
6046
6047 /* sanity check */
6048 if (sav->lft_c == NULL) {
6049 ipseclog((LOG_DEBUG, "key_timehandler: "
6050 "There is no CURRENT time, why?\n"));
6051 continue;
6052 }
6053
6054 if (sav->lft_h->sadb_lifetime_addtime != 0
6055 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
6056 if (sav->always_expire) {
6057 key_send_delete(sav);
6058 sav = NULL;
6059 } else {
6060 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6061 key_freesav(sav, KEY_SADB_LOCKED);
6062 sav = NULL;
6063 }
6064 }
6065#if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
6066 else if (savbuf && savexcount < savbufcount
6067 && sav->lft_s != NULL
6068 && sav->lft_s->sadb_lifetime_addtime != 0
6069 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
6070 /*
6071 * XXX: should be checked to be
6072 * installed the valid SA.
6073 */
6074
6075 /*
6076 * If there is no SA then sending
6077 * expire message.
6078 */
6079 //key_expire(sav);
6080 sav->refcnt++;
6081 *savexptr++ = sav;
6082 savexcount++;
6083 }
6084#endif
6085 /* check HARD lifetime by bytes */
6086 else if (sav->lft_h->sadb_lifetime_bytes != 0
6087 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6088 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6089 key_freesav(sav, KEY_SADB_LOCKED);
6090 sav = NULL;
6091 }
6092 }
6093
6094 /* delete entry in DEAD */
6095 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
6096 sav != NULL;
6097 sav = nextsav) {
6098
6099 dead_sav_count++;
6100 total_sav_count++;
6101 nextsav = LIST_NEXT(sav, chain);
6102
6103 /* sanity check */
6104 if (sav->state != SADB_SASTATE_DEAD) {
6105 ipseclog((LOG_DEBUG, "key_timehandler: "
6106 "invalid sav->state "
6107 "(queue: %d SA: %d): "
6108 "kill it anyway\n",
6109 SADB_SASTATE_DEAD, sav->state));
6110 }
6111
6112 /*
6113 * do not call key_freesav() here.
6114 * sav should already be freed, and sav->refcnt
6115 * shows other references to sav
6116 * (such as from SPD).
6117 */
6118 }
6119 }
6120 }
6121
6122 if (++key_timehandler_debug >= 300) {
6123 if (key_debug_level) {
6124 printf("%s: total stats for %u calls\n", __FUNCTION__, key_timehandler_debug);
6125 printf("%s: walked %u SPDs\n", __FUNCTION__, spd_count);
6126 printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__,
6127 total_sav_count, larval_sav_count, mature_sav_count, dying_sav_count, dead_sav_count);
6128 printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__,
6129 sah_count, dead_sah_count, empty_sah_count);
6130 if (sah_search_calls) {
6131 printf("%s: SAH search cost %d iters per call\n", __FUNCTION__,
6132 (sah_search_count/sah_search_calls));
6133 }
6134 }
6135 spd_count = 0;
6136 sah_count = 0;
6137 dead_sah_count = 0;
6138 empty_sah_count = 0;
6139 larval_sav_count = 0;
6140 mature_sav_count = 0;
6141 dying_sav_count = 0;
6142 dead_sav_count = 0;
6143 total_sav_count = 0;
6144 sah_search_count = 0;
6145 sah_search_calls = 0;
6146 key_timehandler_debug = 0;
6147 }
6148#ifndef IPSEC_NONBLOCK_ACQUIRE
6149 /* ACQ tree */
6150 {
6151 struct secacq *acq, *nextacq;
6152
6153 for (acq = LIST_FIRST(&acqtree);
6154 acq != NULL;
6155 acq = nextacq) {
6156
6157 stop_handler = 0;
6158 nextacq = LIST_NEXT(acq, chain);
6159
6160 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6161 && __LIST_CHAINED(acq)) {
6162 LIST_REMOVE(acq, chain);
6163 KFREE(acq);
6164 }
6165 }
6166 }
6167#endif
6168
6169 /* SP ACQ tree */
6170 {
6171 struct secspacq *acq, *nextacq;
6172
6173 for (acq = LIST_FIRST(&spacqtree);
6174 acq != NULL;
6175 acq = nextacq) {
6176
6177 stop_handler = 0;
6178 nextacq = LIST_NEXT(acq, chain);
6179
6180 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6181 && __LIST_CHAINED(acq)) {
6182 LIST_REMOVE(acq, chain);
6183 KFREE(acq);
6184 }
6185 }
6186 }
6187
6188 /* initialize random seed */
6189 if (key_tick_init_random++ > key_int_random) {
6190 key_tick_init_random = 0;
6191 key_srandom();
6192 }
6193
6194 natt_now++;
6195
6196 lck_mtx_unlock(sadb_mutex);
6197
6198 /* send messages outside of sadb_mutex */
6199 if (spbuf && spcount > 0) {
6200 cnt = spcount;
6201 while (cnt--)
6202 key_spdexpire(*(--spptr));
6203 }
6204 if (savkabuf && savkacount > 0) {
6205 struct secasvar **savkaptr_sav = savkaptr;
6206 int cnt_send = savkacount;
6207
6208 while (cnt_send--) {
6209 if (ipsec_send_natt_keepalive(*(--savkaptr))) {
6210 // <rdar://6768487> iterate (all over again) and update timestamps
6211 struct secasvar **savkaptr_update = savkaptr_sav;
6212 int cnt_update = savkacount;
6213 while (cnt_update--) {
6214 key_update_natt_keepalive_timestamp(*savkaptr,
6215 *(--savkaptr_update));
6216 }
6217 }
6218 }
6219 }
6220 if (savexbuf && savexcount > 0) {
6221 cnt = savexcount;
6222 while (cnt--)
6223 key_expire(*(--savexptr));
6224 }
6225
6226 /* decrement ref counts and free buffers */
6227 lck_mtx_lock(sadb_mutex);
6228 if (spbuf) {
6229 while (spcount--)
6230 key_freesp(*spptr++, KEY_SADB_LOCKED);
6231 KFREE(spbuf);
6232 }
6233 if (savkabuf) {
6234 while (savkacount--)
6235 key_freesav(*savkaptr++, KEY_SADB_LOCKED);
6236 KFREE(savkabuf);
6237 }
6238 if (savexbuf) {
6239 while (savexcount--)
6240 key_freesav(*savexptr++, KEY_SADB_LOCKED);
6241 KFREE(savexbuf);
6242 }
6243
6244 if (stop_handler) {
6245 key_timehandler_running = 0;
6246 /* Turn on the ipsec bypass */
6247 ipsec_bypass = 1;
6248 } else {
6249 /* do exchange to tick time !! */
6250 (void)timeout((void *)key_timehandler, (void *)0, hz);
6251 }
6252
6253 lck_mtx_unlock(sadb_mutex);
6254 return;
6255}
6256
6257/*
6258 * to initialize a seed for random()
6259 */
6260static void
6261key_srandom(void)
6262{
6263#ifdef __APPLE__
6264 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
6265 random();
6266#else
6267 struct timeval tv;
6268
6269 microtime(&tv);
6270
6271 srandom(tv.tv_usec);
6272#endif
6273
6274 return;
6275}
6276
6277u_int32_t
6278key_random(void)
6279{
6280 u_int32_t value;
6281
6282 key_randomfill(&value, sizeof(value));
6283 return value;
6284}
6285
6286void
6287key_randomfill(
6288 void *p,
6289 size_t l)
6290{
6291#ifdef __APPLE__
6292
6293 read_random(p, (u_int)l);
6294#else
6295 size_t n;
6296 u_int32_t v;
6297 static int warn = 1;
6298
6299 n = 0;
6300 n = (size_t)read_random(p, (u_int)l);
6301 /* last resort */
6302 while (n < l) {
6303 v = random();
6304 bcopy(&v, (u_int8_t *)p + n,
6305 l - n < sizeof(v) ? l - n : sizeof(v));
6306 n += sizeof(v);
6307
6308 if (warn) {
6309 printf("WARNING: pseudo-random number generator "
6310 "used for IPsec processing\n");
6311 warn = 0;
6312 }
6313 }
6314#endif
6315}
6316
6317/*
6318 * map SADB_SATYPE_* to IPPROTO_*.
6319 * if satype == SADB_SATYPE then satype is mapped to ~0.
6320 * OUT:
6321 * 0: invalid satype.
6322 */
6323static u_int16_t
6324key_satype2proto(
6325 u_int8_t satype)
6326{
6327 switch (satype) {
6328 case SADB_SATYPE_UNSPEC:
6329 return IPSEC_PROTO_ANY;
6330 case SADB_SATYPE_AH:
6331 return IPPROTO_AH;
6332 case SADB_SATYPE_ESP:
6333 return IPPROTO_ESP;
6334 case SADB_X_SATYPE_IPCOMP:
6335 return IPPROTO_IPCOMP;
6336 break;
6337 default:
6338 return 0;
6339 }
6340 /* NOTREACHED */
6341}
6342
6343/*
6344 * map IPPROTO_* to SADB_SATYPE_*
6345 * OUT:
6346 * 0: invalid protocol type.
6347 */
6348static u_int8_t
6349key_proto2satype(
6350 u_int16_t proto)
6351{
6352 switch (proto) {
6353 case IPPROTO_AH:
6354 return SADB_SATYPE_AH;
6355 case IPPROTO_ESP:
6356 return SADB_SATYPE_ESP;
6357 case IPPROTO_IPCOMP:
6358 return SADB_X_SATYPE_IPCOMP;
6359 break;
6360 default:
6361 return 0;
6362 }
6363 /* NOTREACHED */
6364}
6365
6366static ifnet_t
6367key_get_ipsec_if_from_message (const struct sadb_msghdr *mhp)
6368{
6369 struct sadb_x_ipsecif *ipsecifopts = NULL;
6370 ifnet_t ipsec_if = NULL;
6371
6372 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
6373 if (ipsecifopts != NULL) {
6374 if (ipsecifopts->sadb_x_ipsecif_internal_if) {
6375 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_ipsec_if, &ipsec_if);
6376 }
6377 }
6378
6379 return ipsec_if;
6380}
6381
6382static u_int
6383key_get_outgoing_ifindex_from_message (const struct sadb_msghdr *mhp)
6384{
6385 struct sadb_x_ipsecif *ipsecifopts = NULL;
6386 ifnet_t outgoing_if = NULL;
6387
6388 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
6389 if (ipsecifopts != NULL) {
6390 if (ipsecifopts->sadb_x_ipsecif_outgoing_if) {
6391 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_outgoing_if, &outgoing_if);
6392 }
6393 }
6394
6395 return outgoing_if ? outgoing_if->if_index : 0;
6396}
6397
6398/* %%% PF_KEY */
6399/*
6400 * SADB_GETSPI processing is to receive
6401 * <base, (SA2), src address, dst address, (SPI range)>
6402 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
6403 * tree with the status of LARVAL, and send
6404 * <base, SA(*), address(SD)>
6405 * to the IKMPd.
6406 *
6407 * IN: mhp: pointer to the pointer to each header.
6408 * OUT: NULL if fail.
6409 * other if success, return pointer to the message to send.
6410 */
6411static int
6412key_getspi(
6413 struct socket *so,
6414 struct mbuf *m,
6415 const struct sadb_msghdr *mhp)
6416{
6417 struct sadb_address *src0, *dst0;
6418 struct secasindex saidx;
6419 struct secashead *newsah;
6420 struct secasvar *newsav;
6421 ifnet_t ipsec_if = NULL;
6422 u_int8_t proto;
6423 u_int32_t spi;
6424 u_int8_t mode;
6425 u_int32_t reqid;
6426 int error;
6427
6428 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6429
6430 /* sanity check */
6431 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6432 panic("key_getspi: NULL pointer is passed.\n");
6433
6434 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6435 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6436 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6437 return key_senderror(so, m, EINVAL);
6438 }
6439 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6440 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6441 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6442 return key_senderror(so, m, EINVAL);
6443 }
6444 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6445 mode = ((struct sadb_x_sa2 *)
6446 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6447 reqid = ((struct sadb_x_sa2 *)
6448 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6449 } else {
6450 mode = IPSEC_MODE_ANY;
6451 reqid = 0;
6452 }
6453
6454 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6455 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6456
6457 ipsec_if = key_get_ipsec_if_from_message(mhp);
6458
6459 /* map satype to proto */
6460 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6461 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
6462 return key_senderror(so, m, EINVAL);
6463 }
6464
6465 /* make sure if port number is zero. */
6466 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
6467 case AF_INET:
6468 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6469 sizeof(struct sockaddr_in))
6470 return key_senderror(so, m, EINVAL);
6471 ((struct sockaddr_in *)(void *)(src0 + 1))->sin_port = 0;
6472 break;
6473 case AF_INET6:
6474 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6475 sizeof(struct sockaddr_in6))
6476 return key_senderror(so, m, EINVAL);
6477 ((struct sockaddr_in6 *)(void *)(src0 + 1))->sin6_port = 0;
6478 break;
6479 default:
6480 ; /*???*/
6481 }
6482 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
6483 case AF_INET:
6484 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6485 sizeof(struct sockaddr_in))
6486 return key_senderror(so, m, EINVAL);
6487 ((struct sockaddr_in *)(void *)(dst0 + 1))->sin_port = 0;
6488 break;
6489 case AF_INET6:
6490 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6491 sizeof(struct sockaddr_in6))
6492 return key_senderror(so, m, EINVAL);
6493 ((struct sockaddr_in6 *)(void *)(dst0 + 1))->sin6_port = 0;
6494 break;
6495 default:
6496 ; /*???*/
6497 }
6498
6499 /* XXX boundary check against sa_len */
6500 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6501
6502 lck_mtx_lock(sadb_mutex);
6503
6504 /* SPI allocation */
6505 spi = key_do_getnewspi((struct sadb_spirange *)
6506 (void *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
6507 if (spi == 0) {
6508 lck_mtx_unlock(sadb_mutex);
6509 return key_senderror(so, m, EINVAL);
6510 }
6511
6512 /* get a SA index */
6513 if ((newsah = key_getsah(&saidx)) == NULL) {
6514 /* create a new SA index: key_addspi is always used for inbound spi */
6515 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp), IPSEC_DIR_INBOUND)) == NULL) {
6516 lck_mtx_unlock(sadb_mutex);
6517 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
6518 return key_senderror(so, m, ENOBUFS);
6519 }
6520 }
6521
6522 /* get a new SA */
6523 /* XXX rewrite */
6524 newsav = key_newsav(m, mhp, newsah, &error, so);
6525 if (newsav == NULL) {
6526 /* XXX don't free new SA index allocated in above. */
6527 lck_mtx_unlock(sadb_mutex);
6528 return key_senderror(so, m, error);
6529 }
6530
6531 /* set spi */
6532 key_setspi(newsav, htonl(spi));
6533
6534#ifndef IPSEC_NONBLOCK_ACQUIRE
6535 /* delete the entry in acqtree */
6536 if (mhp->msg->sadb_msg_seq != 0) {
6537 struct secacq *acq;
6538 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
6539 /* reset counter in order to deletion by timehandler. */
6540 struct timeval tv;
6541 microtime(&tv);
6542 acq->created = tv.tv_sec;
6543 acq->count = 0;
6544 }
6545 }
6546#endif
6547
6548 lck_mtx_unlock(sadb_mutex);
6549
6550 {
6551 struct mbuf *n, *nn;
6552 struct sadb_sa *m_sa;
6553 struct sadb_msg *newmsg;
6554 int off, len;
6555
6556 /* create new sadb_msg to reply. */
6557 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
6558 PFKEY_ALIGN8(sizeof(struct sadb_sa));
6559 if (len > MCLBYTES)
6560 return key_senderror(so, m, ENOBUFS);
6561
6562 MGETHDR(n, M_WAITOK, MT_DATA);
6563 if (n && len > MHLEN) {
6564 MCLGET(n, M_WAITOK);
6565 if ((n->m_flags & M_EXT) == 0) {
6566 m_freem(n);
6567 n = NULL;
6568 }
6569 }
6570 if (!n)
6571 return key_senderror(so, m, ENOBUFS);
6572
6573 n->m_len = len;
6574 n->m_next = NULL;
6575 off = 0;
6576
6577 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6578 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6579
6580 m_sa = (struct sadb_sa *)(void *)(mtod(n, caddr_t) + off);
6581 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
6582 m_sa->sadb_sa_exttype = SADB_EXT_SA;
6583 m_sa->sadb_sa_spi = htonl(spi);
6584 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
6585
6586#if DIAGNOSTIC
6587 if (off != len)
6588 panic("length inconsistency in key_getspi");
6589#endif
6590 {
6591 int mbufItems[] = {SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
6592 n->m_next = key_gather_mbuf(m, mhp, 0, sizeof(mbufItems)/sizeof(int), mbufItems);
6593 if (!n->m_next) {
6594 m_freem(n);
6595 return key_senderror(so, m, ENOBUFS);
6596 }
6597 }
6598
6599 if (n->m_len < sizeof(struct sadb_msg)) {
6600 n = m_pullup(n, sizeof(struct sadb_msg));
6601 if (n == NULL)
6602 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
6603 }
6604
6605 n->m_pkthdr.len = 0;
6606 for (nn = n; nn; nn = nn->m_next)
6607 n->m_pkthdr.len += nn->m_len;
6608
6609 newmsg = mtod(n, struct sadb_msg *);
6610 newmsg->sadb_msg_seq = newsav->seq;
6611 newmsg->sadb_msg_errno = 0;
6612 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6613
6614 m_freem(m);
6615 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6616 }
6617}
6618
6619u_int32_t
6620key_getspi2(struct sockaddr *src,
6621 struct sockaddr *dst,
6622 u_int8_t proto,
6623 u_int8_t mode,
6624 u_int32_t reqid,
6625 struct sadb_spirange *spirange)
6626{
6627 u_int32_t spi;
6628 struct secasindex saidx;
6629
6630 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6631
6632 /* XXX boundary check against sa_len */
6633 KEY_SETSECASIDX(proto, mode, reqid, src, dst, 0, &saidx);
6634
6635 /* make sure if port number is zero. */
6636 switch (((struct sockaddr *)&saidx.src)->sa_family) {
6637 case AF_INET:
6638 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in))
6639 return 0;
6640 ((struct sockaddr_in *)&saidx.src)->sin_port = 0;
6641 break;
6642 case AF_INET6:
6643 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in6))
6644 return 0;
6645 ((struct sockaddr_in6 *)&saidx.src)->sin6_port = 0;
6646 break;
6647 default:
6648 ; /*???*/
6649 }
6650 switch (((struct sockaddr *)&saidx.dst)->sa_family) {
6651 case AF_INET:
6652 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in))
6653 return 0;
6654 ((struct sockaddr_in *)&saidx.dst)->sin_port = 0;
6655 break;
6656 case AF_INET6:
6657 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in6))
6658 return 0;
6659 ((struct sockaddr_in6 *)&saidx.dst)->sin6_port = 0;
6660 break;
6661 default:
6662 ; /*???*/
6663 }
6664
6665 lck_mtx_lock(sadb_mutex);
6666
6667 /* SPI allocation */
6668 spi = key_do_getnewspi(spirange, &saidx);
6669
6670 lck_mtx_unlock(sadb_mutex);
6671
6672 return spi;
6673}
6674
6675/*
6676 * allocating new SPI
6677 * called by key_getspi() and key_getspi2().
6678 * OUT:
6679 * 0: failure.
6680 * others: success.
6681 */
6682static u_int32_t
6683key_do_getnewspi(
6684 struct sadb_spirange *spirange,
6685 struct secasindex *saidx)
6686{
6687 u_int32_t newspi;
6688 u_int32_t keymin, keymax;
6689 int count = key_spi_trycnt;
6690
6691 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6692
6693 /* set spi range to allocate */
6694 if (spirange != NULL) {
6695 keymin = spirange->sadb_spirange_min;
6696 keymax = spirange->sadb_spirange_max;
6697 } else {
6698 keymin = key_spi_minval;
6699 keymax = key_spi_maxval;
6700 }
6701 /* IPCOMP needs 2-byte SPI */
6702 if (saidx->proto == IPPROTO_IPCOMP) {
6703 u_int32_t t;
6704 if (keymin >= 0x10000)
6705 keymin = 0xffff;
6706 if (keymax >= 0x10000)
6707 keymax = 0xffff;
6708 if (keymin > keymax) {
6709 t = keymin; keymin = keymax; keymax = t;
6710 }
6711 }
6712
6713 if (keymin == keymax) {
6714 if (key_checkspidup(saidx, keymin) != NULL) {
6715 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", keymin));
6716 return 0;
6717 }
6718
6719 count--; /* taking one cost. */
6720 newspi = keymin;
6721
6722 } else {
6723
6724 u_int32_t range = keymax - keymin + 1; /* overflow value of zero means full range */
6725
6726 /* init SPI */
6727 newspi = 0;
6728
6729 /* when requesting to allocate spi ranged */
6730 while (count--) {
6731 u_int32_t rand_val = key_random();
6732
6733 /* generate pseudo-random SPI value ranged. */
6734 newspi = (range == 0 ? rand_val : keymin + (rand_val % range));
6735
6736 if (key_checkspidup(saidx, newspi) == NULL)
6737 break;
6738 }
6739
6740 if (count == 0 || newspi == 0) {
6741 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
6742 return 0;
6743 }
6744 }
6745
6746 /* statistics */
6747 keystat.getspi_count =
6748 (keystat.getspi_count + key_spi_trycnt - count) / 2;
6749
6750 return newspi;
6751}
6752
6753/*
6754 * SADB_UPDATE processing
6755 * receive
6756 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6757 * key(AE), (identity(SD),) (sensitivity)>
6758 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
6759 * and send
6760 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6761 * (identity(SD),) (sensitivity)>
6762 * to the ikmpd.
6763 *
6764 * m will always be freed.
6765 */
6766static int
6767key_update(
6768 struct socket *so,
6769 struct mbuf *m,
6770 const struct sadb_msghdr *mhp)
6771{
6772 struct sadb_sa *sa0;
6773 struct sadb_address *src0, *dst0;
6774 ifnet_t ipsec_if = NULL;
6775 struct secasindex saidx;
6776 struct secashead *sah;
6777 struct secasvar *sav;
6778 u_int16_t proto;
6779 u_int8_t mode;
6780 u_int32_t reqid;
6781 u_int16_t flags2;
6782 int error;
6783
6784 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6785
6786 /* sanity check */
6787 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6788 panic("key_update: NULL pointer is passed.\n");
6789
6790 /* map satype to proto */
6791 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6792 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
6793 return key_senderror(so, m, EINVAL);
6794 }
6795
6796 if (mhp->ext[SADB_EXT_SA] == NULL ||
6797 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6798 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6799 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
6800 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
6801 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
6802 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
6803 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
6804 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
6805 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
6806 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
6807 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6808 return key_senderror(so, m, EINVAL);
6809 }
6810 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6811 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6812 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6813 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6814 return key_senderror(so, m, EINVAL);
6815 }
6816 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6817 mode = ((struct sadb_x_sa2 *)
6818 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6819 reqid = ((struct sadb_x_sa2 *)
6820 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6821 flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
6822 } else {
6823 mode = IPSEC_MODE_ANY;
6824 reqid = 0;
6825 flags2 = 0;
6826 }
6827 /* XXX boundary checking for other extensions */
6828
6829 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
6830 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6831 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6832 ipsec_if = key_get_ipsec_if_from_message(mhp);
6833
6834 /* XXX boundary check against sa_len */
6835 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6836
6837 lck_mtx_lock(sadb_mutex);
6838
6839 /* get a SA header */
6840 if ((sah = key_getsah(&saidx)) == NULL) {
6841 lck_mtx_unlock(sadb_mutex);
6842 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
6843 return key_senderror(so, m, ENOENT);
6844 }
6845
6846 /* set spidx if there */
6847 /* XXX rewrite */
6848 error = key_setident(sah, m, mhp);
6849 if (error) {
6850 lck_mtx_unlock(sadb_mutex);
6851 return key_senderror(so, m, error);
6852 }
6853
6854 /* find a SA with sequence number. */
6855#if IPSEC_DOSEQCHECK
6856 if (mhp->msg->sadb_msg_seq != 0
6857 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
6858 lck_mtx_unlock(sadb_mutex);
6859 ipseclog((LOG_DEBUG,
6860 "key_update: no larval SA with sequence %u exists.\n",
6861 mhp->msg->sadb_msg_seq));
6862 return key_senderror(so, m, ENOENT);
6863 }
6864#else
6865 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
6866 lck_mtx_unlock(sadb_mutex);
6867 ipseclog((LOG_DEBUG,
6868 "key_update: no such a SA found (spi:%u)\n",
6869 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
6870 return key_senderror(so, m, EINVAL);
6871 }
6872#endif
6873
6874 /* validity check */
6875 if (sav->sah->saidx.proto != proto) {
6876 lck_mtx_unlock(sadb_mutex);
6877 ipseclog((LOG_DEBUG,
6878 "key_update: protocol mismatched (DB=%u param=%u)\n",
6879 sav->sah->saidx.proto, proto));
6880 return key_senderror(so, m, EINVAL);
6881 }
6882#if IPSEC_DOSEQCHECK
6883 if (sav->spi != sa0->sadb_sa_spi) {
6884 lck_mtx_unlock(sadb_mutex);
6885 ipseclog((LOG_DEBUG,
6886 "key_update: SPI mismatched (DB:%u param:%u)\n",
6887 (u_int32_t)ntohl(sav->spi),
6888 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
6889 return key_senderror(so, m, EINVAL);
6890 }
6891#endif
6892 if (sav->pid != mhp->msg->sadb_msg_pid) {
6893 lck_mtx_unlock(sadb_mutex);
6894 ipseclog((LOG_DEBUG,
6895 "key_update: pid mismatched (DB:%u param:%u)\n",
6896 sav->pid, mhp->msg->sadb_msg_pid));
6897 return key_senderror(so, m, EINVAL);
6898 }
6899
6900 /* copy sav values */
6901 error = key_setsaval(sav, m, mhp);
6902 if (error) {
6903 key_freesav(sav, KEY_SADB_LOCKED);
6904 lck_mtx_unlock(sadb_mutex);
6905 return key_senderror(so, m, error);
6906 }
6907
6908 sav->flags2 = flags2;
6909 if (flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
6910 sav->so = so;
6911 }
6912
6913 /*
6914 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
6915 * this SA is for transport mode - otherwise clear it.
6916 */
6917 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
6918 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
6919 sav->sah->saidx.src.ss_family != AF_INET))
6920 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
6921
6922 /* check SA values to be mature. */
6923 if ((error = key_mature(sav)) != 0) {
6924 key_freesav(sav, KEY_SADB_LOCKED);
6925 lck_mtx_unlock(sadb_mutex);
6926 return key_senderror(so, m, error);
6927 }
6928
6929 lck_mtx_unlock(sadb_mutex);
6930
6931 {
6932 struct mbuf *n;
6933
6934 /* set msg buf from mhp */
6935 n = key_getmsgbuf_x1(m, mhp);
6936 if (n == NULL) {
6937 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
6938 return key_senderror(so, m, ENOBUFS);
6939 }
6940
6941 m_freem(m);
6942 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6943 }
6944}
6945
6946/*
6947 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
6948 * only called by key_update().
6949 * OUT:
6950 * NULL : not found
6951 * others : found, pointer to a SA.
6952 */
6953#if IPSEC_DOSEQCHECK
6954static struct secasvar *
6955key_getsavbyseq(
6956 struct secashead *sah,
6957 u_int32_t seq)
6958{
6959 struct secasvar *sav;
6960 u_int state;
6961
6962 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6963
6964 state = SADB_SASTATE_LARVAL;
6965
6966 /* search SAD with sequence number ? */
6967 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6968
6969 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
6970
6971 if (sav->seq == seq) {
6972 sav->refcnt++;
6973 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
6974 printf("DP key_getsavbyseq cause "
6975 "refcnt++:%d SA:0x%llx\n", sav->refcnt,
6976 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
6977 return sav;
6978 }
6979 }
6980
6981 return NULL;
6982}
6983#endif
6984
6985/*
6986 * SADB_ADD processing
6987 * add a entry to SA database, when received
6988 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6989 * key(AE), (identity(SD),) (sensitivity)>
6990 * from the ikmpd,
6991 * and send
6992 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6993 * (identity(SD),) (sensitivity)>
6994 * to the ikmpd.
6995 *
6996 * IGNORE identity and sensitivity messages.
6997 *
6998 * m will always be freed.
6999 */
7000static int
7001key_add(
7002 struct socket *so,
7003 struct mbuf *m,
7004 const struct sadb_msghdr *mhp)
7005{
7006 struct sadb_sa *sa0;
7007 struct sadb_address *src0, *dst0;
7008 ifnet_t ipsec_if = NULL;
7009 struct secasindex saidx;
7010 struct secashead *newsah;
7011 struct secasvar *newsav;
7012 u_int16_t proto;
7013 u_int8_t mode;
7014 u_int32_t reqid;
7015 int error;
7016
7017 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7018
7019 /* sanity check */
7020 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7021 panic("key_add: NULL pointer is passed.\n");
7022
7023 /* map satype to proto */
7024 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7025 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
7026 return key_senderror(so, m, EINVAL);
7027 }
7028
7029 if (mhp->ext[SADB_EXT_SA] == NULL ||
7030 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7031 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7032 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
7033 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
7034 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
7035 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
7036 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
7037 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
7038 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
7039 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
7040 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7041 return key_senderror(so, m, EINVAL);
7042 }
7043 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7044 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7045 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7046 /* XXX need more */
7047 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7048 return key_senderror(so, m, EINVAL);
7049 }
7050 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
7051 mode = ((struct sadb_x_sa2 *)
7052 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
7053 reqid = ((struct sadb_x_sa2 *)
7054 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
7055 } else {
7056 mode = IPSEC_MODE_ANY;
7057 reqid = 0;
7058 }
7059
7060 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7061 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7062 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7063 ipsec_if = key_get_ipsec_if_from_message(mhp);
7064
7065 /* XXX boundary check against sa_len */
7066 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7067
7068 lck_mtx_lock(sadb_mutex);
7069
7070 /* get a SA header */
7071 if ((newsah = key_getsah(&saidx)) == NULL) {
7072 /* create a new SA header: key_addspi is always used for outbound spi */
7073 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp), IPSEC_DIR_OUTBOUND)) == NULL) {
7074 lck_mtx_unlock(sadb_mutex);
7075 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
7076 return key_senderror(so, m, ENOBUFS);
7077 }
7078 }
7079
7080 /* set spidx if there */
7081 /* XXX rewrite */
7082 error = key_setident(newsah, m, mhp);
7083 if (error) {
7084 lck_mtx_unlock(sadb_mutex);
7085 return key_senderror(so, m, error);
7086 }
7087
7088 /* create new SA entry. */
7089 /* We can create new SA only if SPI is different. */
7090 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
7091 lck_mtx_unlock(sadb_mutex);
7092 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
7093 return key_senderror(so, m, EEXIST);
7094 }
7095 newsav = key_newsav(m, mhp, newsah, &error, so);
7096 if (newsav == NULL) {
7097 lck_mtx_unlock(sadb_mutex);
7098 return key_senderror(so, m, error);
7099 }
7100
7101 /*
7102 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7103 * this SA is for transport mode - otherwise clear it.
7104 */
7105 if ((newsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
7106 (newsah->saidx.mode != IPSEC_MODE_TRANSPORT ||
7107 newsah->saidx.dst.ss_family != AF_INET))
7108 newsav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7109
7110 /* check SA values to be mature. */
7111 if ((error = key_mature(newsav)) != 0) {
7112 key_freesav(newsav, KEY_SADB_LOCKED);
7113 lck_mtx_unlock(sadb_mutex);
7114 return key_senderror(so, m, error);
7115 }
7116
7117 lck_mtx_unlock(sadb_mutex);
7118
7119 /*
7120 * don't call key_freesav() here, as we would like to keep the SA
7121 * in the database on success.
7122 */
7123
7124 {
7125 struct mbuf *n;
7126
7127 /* set msg buf from mhp */
7128 n = key_getmsgbuf_x1(m, mhp);
7129 if (n == NULL) {
7130 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
7131 return key_senderror(so, m, ENOBUFS);
7132 }
7133
7134 m_freem(m);
7135 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7136 }
7137}
7138
7139/* m is retained */
7140static int
7141key_setident(
7142 struct secashead *sah,
7143 struct mbuf *m,
7144 const struct sadb_msghdr *mhp)
7145{
7146 const struct sadb_ident *idsrc, *iddst;
7147 int idsrclen, iddstlen;
7148
7149 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7150
7151 /* sanity check */
7152 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7153 panic("key_setident: NULL pointer is passed.\n");
7154
7155 /* don't make buffer if not there */
7156 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
7157 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7158 sah->idents = NULL;
7159 sah->identd = NULL;
7160 return 0;
7161 }
7162
7163 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
7164 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7165 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
7166 return EINVAL;
7167 }
7168
7169 idsrc = (const struct sadb_ident *)
7170 (void *)mhp->ext[SADB_EXT_IDENTITY_SRC];
7171 iddst = (const struct sadb_ident *)
7172 (void *)mhp->ext[SADB_EXT_IDENTITY_DST];
7173 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
7174 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
7175
7176 /* validity check */
7177 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
7178 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
7179 return EINVAL;
7180 }
7181
7182 switch (idsrc->sadb_ident_type) {
7183 case SADB_IDENTTYPE_PREFIX:
7184 case SADB_IDENTTYPE_FQDN:
7185 case SADB_IDENTTYPE_USERFQDN:
7186 default:
7187 /* XXX do nothing */
7188 sah->idents = NULL;
7189 sah->identd = NULL;
7190 return 0;
7191 }
7192
7193 /* make structure */
7194 KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
7195 if (sah->idents == NULL) {
7196 lck_mtx_unlock(sadb_mutex);
7197 KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
7198 lck_mtx_lock(sadb_mutex);
7199 if (sah->idents == NULL) {
7200 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7201 return ENOBUFS;
7202 }
7203 }
7204 KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
7205 if (sah->identd == NULL) {
7206 lck_mtx_unlock(sadb_mutex);
7207 KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
7208 lck_mtx_lock(sadb_mutex);
7209 if (sah->identd == NULL) {
7210 KFREE(sah->idents);
7211 sah->idents = NULL;
7212 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7213 return ENOBUFS;
7214 }
7215 }
7216 bcopy(idsrc, sah->idents, idsrclen);
7217 bcopy(iddst, sah->identd, iddstlen);
7218
7219 return 0;
7220}
7221
7222/*
7223 * m will not be freed on return.
7224 * it is caller's responsibility to free the result.
7225 */
7226static struct mbuf *
7227key_getmsgbuf_x1(
7228 struct mbuf *m,
7229 const struct sadb_msghdr *mhp)
7230{
7231 struct mbuf *n;
7232 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7233 SADB_X_EXT_SA2, SADB_EXT_ADDRESS_SRC,
7234 SADB_EXT_ADDRESS_DST, SADB_EXT_LIFETIME_HARD,
7235 SADB_EXT_LIFETIME_SOFT, SADB_EXT_IDENTITY_SRC,
7236 SADB_EXT_IDENTITY_DST};
7237
7238 /* sanity check */
7239 if (m == NULL || mhp == NULL || mhp->msg == NULL)
7240 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
7241
7242 /* create new sadb_msg to reply. */
7243 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7244 if (!n)
7245 return NULL;
7246
7247 if (n->m_len < sizeof(struct sadb_msg)) {
7248 n = m_pullup(n, sizeof(struct sadb_msg));
7249 if (n == NULL)
7250 return NULL;
7251 }
7252 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
7253 mtod(n, struct sadb_msg *)->sadb_msg_len =
7254 PFKEY_UNIT64(n->m_pkthdr.len);
7255
7256 return n;
7257}
7258
7259static int key_delete_all(struct socket *, struct mbuf *,
7260 const struct sadb_msghdr *, u_int16_t);
7261
7262/*
7263 * SADB_DELETE processing
7264 * receive
7265 * <base, SA(*), address(SD)>
7266 * from the ikmpd, and set SADB_SASTATE_DEAD,
7267 * and send,
7268 * <base, SA(*), address(SD)>
7269 * to the ikmpd.
7270 *
7271 * m will always be freed.
7272 */
7273static int
7274key_delete(
7275 struct socket *so,
7276 struct mbuf *m,
7277 const struct sadb_msghdr *mhp)
7278{
7279 struct sadb_sa *sa0;
7280 struct sadb_address *src0, *dst0;
7281 ifnet_t ipsec_if = NULL;
7282 struct secasindex saidx;
7283 struct secashead *sah;
7284 struct secasvar *sav = NULL;
7285 u_int16_t proto;
7286
7287 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7288
7289 /* sanity check */
7290 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7291 panic("key_delete: NULL pointer is passed.\n");
7292
7293 /* map satype to proto */
7294 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7295 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
7296 return key_senderror(so, m, EINVAL);
7297 }
7298
7299 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7300 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7301 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7302 return key_senderror(so, m, EINVAL);
7303 }
7304
7305 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7306 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7307 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7308 return key_senderror(so, m, EINVAL);
7309 }
7310
7311 lck_mtx_lock(sadb_mutex);
7312
7313 if (mhp->ext[SADB_EXT_SA] == NULL) {
7314 /*
7315 * Caller wants us to delete all non-LARVAL SAs
7316 * that match the src/dst. This is used during
7317 * IKE INITIAL-CONTACT.
7318 */
7319 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
7320 /* key_delete_all will unlock sadb_mutex */
7321 return key_delete_all(so, m, mhp, proto);
7322 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
7323 lck_mtx_unlock(sadb_mutex);
7324 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7325 return key_senderror(so, m, EINVAL);
7326 }
7327
7328 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7329 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7330 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7331 ipsec_if = key_get_ipsec_if_from_message(mhp);
7332
7333 /* XXX boundary check against sa_len */
7334 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7335
7336 /* get a SA header */
7337 LIST_FOREACH(sah, &sahtree, chain) {
7338 if (sah->state == SADB_SASTATE_DEAD)
7339 continue;
7340 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7341 continue;
7342
7343 /* get a SA with SPI. */
7344 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7345 if (sav)
7346 break;
7347 }
7348 if (sah == NULL) {
7349 lck_mtx_unlock(sadb_mutex);
7350 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
7351 return key_senderror(so, m, ENOENT);
7352 }
7353
7354 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7355 key_freesav(sav, KEY_SADB_LOCKED);
7356
7357 lck_mtx_unlock(sadb_mutex);
7358 sav = NULL;
7359
7360 {
7361 struct mbuf *n;
7362 struct sadb_msg *newmsg;
7363 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7364 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
7365
7366 /* create new sadb_msg to reply. */
7367 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7368 if (!n)
7369 return key_senderror(so, m, ENOBUFS);
7370
7371 if (n->m_len < sizeof(struct sadb_msg)) {
7372 n = m_pullup(n, sizeof(struct sadb_msg));
7373 if (n == NULL)
7374 return key_senderror(so, m, ENOBUFS);
7375 }
7376 newmsg = mtod(n, struct sadb_msg *);
7377 newmsg->sadb_msg_errno = 0;
7378 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7379
7380 m_freem(m);
7381 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7382 }
7383}
7384
7385/*
7386 * delete all SAs for src/dst. Called from key_delete().
7387 */
7388static int
7389key_delete_all(
7390 struct socket *so,
7391 struct mbuf *m,
7392 const struct sadb_msghdr *mhp,
7393 u_int16_t proto)
7394{
7395 struct sadb_address *src0, *dst0;
7396 ifnet_t ipsec_if = NULL;
7397 struct secasindex saidx;
7398 struct secashead *sah;
7399 struct secasvar *sav, *nextsav;
7400 u_int stateidx, state;
7401
7402 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7403
7404 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7405 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7406 ipsec_if = key_get_ipsec_if_from_message(mhp);
7407
7408 /* XXX boundary check against sa_len */
7409 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7410
7411 LIST_FOREACH(sah, &sahtree, chain) {
7412 if (sah->state == SADB_SASTATE_DEAD)
7413 continue;
7414 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7415 continue;
7416
7417 /* Delete all non-LARVAL SAs. */
7418 for (stateidx = 0;
7419 stateidx < _ARRAYLEN(saorder_state_alive);
7420 stateidx++) {
7421 state = saorder_state_alive[stateidx];
7422 if (state == SADB_SASTATE_LARVAL)
7423 continue;
7424 for (sav = LIST_FIRST(&sah->savtree[state]);
7425 sav != NULL; sav = nextsav) {
7426 nextsav = LIST_NEXT(sav, chain);
7427 /* sanity check */
7428 if (sav->state != state) {
7429 ipseclog((LOG_DEBUG, "key_delete_all: "
7430 "invalid sav->state "
7431 "(queue: %d SA: %d)\n",
7432 state, sav->state));
7433 continue;
7434 }
7435
7436 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7437 key_freesav(sav, KEY_SADB_LOCKED);
7438 }
7439 }
7440 }
7441 lck_mtx_unlock(sadb_mutex);
7442
7443 {
7444 struct mbuf *n;
7445 struct sadb_msg *newmsg;
7446 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_ADDRESS_SRC,
7447 SADB_EXT_ADDRESS_DST};
7448
7449 /* create new sadb_msg to reply. */
7450 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7451 if (!n)
7452 return key_senderror(so, m, ENOBUFS);
7453
7454 if (n->m_len < sizeof(struct sadb_msg)) {
7455 n = m_pullup(n, sizeof(struct sadb_msg));
7456 if (n == NULL)
7457 return key_senderror(so, m, ENOBUFS);
7458 }
7459 newmsg = mtod(n, struct sadb_msg *);
7460 newmsg->sadb_msg_errno = 0;
7461 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7462
7463 m_freem(m);
7464 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7465 }
7466}
7467
7468/*
7469 * SADB_GET processing
7470 * receive
7471 * <base, SA(*), address(SD)>
7472 * from the ikmpd, and get a SP and a SA to respond,
7473 * and send,
7474 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
7475 * (identity(SD),) (sensitivity)>
7476 * to the ikmpd.
7477 *
7478 * m will always be freed.
7479 */
7480static int
7481key_get(
7482 struct socket *so,
7483 struct mbuf *m,
7484 const struct sadb_msghdr *mhp)
7485{
7486 struct sadb_sa *sa0;
7487 struct sadb_address *src0, *dst0;
7488 ifnet_t ipsec_if = NULL;
7489 struct secasindex saidx;
7490 struct secashead *sah;
7491 struct secasvar *sav = NULL;
7492 u_int16_t proto;
7493
7494 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7495
7496 /* sanity check */
7497 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7498 panic("key_get: NULL pointer is passed.\n");
7499
7500 /* map satype to proto */
7501 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7502 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
7503 return key_senderror(so, m, EINVAL);
7504 }
7505
7506 if (mhp->ext[SADB_EXT_SA] == NULL ||
7507 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7508 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7509 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7510 return key_senderror(so, m, EINVAL);
7511 }
7512 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7513 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7514 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7515 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7516 return key_senderror(so, m, EINVAL);
7517 }
7518
7519 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7520 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7521 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7522 ipsec_if = key_get_ipsec_if_from_message(mhp);
7523
7524 /* XXX boundary check against sa_len */
7525 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7526
7527 lck_mtx_lock(sadb_mutex);
7528
7529 /* get a SA header */
7530 LIST_FOREACH(sah, &sahtree, chain) {
7531 if (sah->state == SADB_SASTATE_DEAD)
7532 continue;
7533 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7534 continue;
7535
7536 /* get a SA with SPI. */
7537 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7538 if (sav)
7539 break;
7540 }
7541 if (sah == NULL) {
7542 lck_mtx_unlock(sadb_mutex);
7543 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
7544 return key_senderror(so, m, ENOENT);
7545 }
7546
7547 {
7548 struct mbuf *n;
7549 u_int8_t satype;
7550
7551 /* map proto to satype */
7552 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7553 lck_mtx_unlock(sadb_mutex);
7554 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
7555 return key_senderror(so, m, EINVAL);
7556 }
7557 lck_mtx_unlock(sadb_mutex);
7558
7559 /* create new sadb_msg to reply. */
7560 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
7561 mhp->msg->sadb_msg_pid);
7562
7563
7564
7565 if (!n)
7566 return key_senderror(so, m, ENOBUFS);
7567
7568 m_freem(m);
7569 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7570 }
7571}
7572
7573/*
7574 * get SA stats by spi.
7575 * OUT: -1 : not found
7576 * 0 : found, arg pointer to a SA stats is updated.
7577 */
7578static int
7579key_getsastatbyspi_one (u_int32_t spi,
7580 struct sastat *stat)
7581{
7582 struct secashead *sah;
7583 struct secasvar *sav = NULL;
7584
7585 if ((void *)stat == NULL) {
7586 return -1;
7587 }
7588
7589 lck_mtx_lock(sadb_mutex);
7590
7591 /* get a SA header */
7592 LIST_FOREACH(sah, &sahtree, chain) {
7593 if (sah->state == SADB_SASTATE_DEAD)
7594 continue;
7595
7596 /* get a SA with SPI. */
7597 sav = key_getsavbyspi(sah, spi);
7598 if (sav) {
7599 stat->spi = sav->spi;
7600 stat->created = sav->created;
7601 if (sav->lft_c) {
7602 bcopy(sav->lft_c,&stat->lft_c, sizeof(stat->lft_c));
7603 } else {
7604 bzero(&stat->lft_c, sizeof(stat->lft_c));
7605 }
7606 lck_mtx_unlock(sadb_mutex);
7607 return 0;
7608 }
7609 }
7610
7611 lck_mtx_unlock(sadb_mutex);
7612
7613 return -1;
7614}
7615
7616/*
7617 * get SA stats collection by indices.
7618 * OUT: -1 : not found
7619 * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
7620 */
7621static int
7622key_getsastatbyspi (struct sastat *stat_arg,
7623 u_int32_t max_stat_arg,
7624 struct sastat *stat_res,
7625 u_int32_t *max_stat_res)
7626{
7627 int cur, found = 0;
7628
7629 if (stat_arg == NULL ||
7630 stat_res == NULL ||
7631 max_stat_res == NULL) {
7632 return -1;
7633 }
7634
7635 for (cur = 0; cur < max_stat_arg; cur++) {
7636 if (key_getsastatbyspi_one(stat_arg[cur].spi,
7637 &stat_res[found]) == 0) {
7638 found++;
7639 }
7640 }
7641 *max_stat_res = found;
7642
7643 if (found) {
7644 return 0;
7645 }
7646 return -1;
7647}
7648
7649/* XXX make it sysctl-configurable? */
7650static void
7651key_getcomb_setlifetime(
7652 struct sadb_comb *comb)
7653{
7654
7655 comb->sadb_comb_soft_allocations = 1;
7656 comb->sadb_comb_hard_allocations = 1;
7657 comb->sadb_comb_soft_bytes = 0;
7658 comb->sadb_comb_hard_bytes = 0;
7659 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
7660 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
7661 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
7662 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
7663}
7664
7665#if IPSEC_ESP
7666/*
7667 * XXX reorder combinations by preference
7668 * XXX no idea if the user wants ESP authentication or not
7669 */
7670static struct mbuf *
7671key_getcomb_esp(void)
7672{
7673 struct sadb_comb *comb;
7674 const struct esp_algorithm *algo;
7675 struct mbuf *result = NULL, *m, *n;
7676 int encmin;
7677 int i, off, o;
7678 int totlen;
7679 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7680
7681 m = NULL;
7682 for (i = 1; i <= SADB_EALG_MAX; i++) {
7683 algo = esp_algorithm_lookup(i);
7684 if (!algo)
7685 continue;
7686
7687 if (algo->keymax < ipsec_esp_keymin)
7688 continue;
7689 if (algo->keymin < ipsec_esp_keymin)
7690 encmin = ipsec_esp_keymin;
7691 else
7692 encmin = algo->keymin;
7693
7694 if (ipsec_esp_auth)
7695 m = key_getcomb_ah();
7696 else {
7697#if DIAGNOSTIC
7698 if (l > MLEN)
7699 panic("assumption failed in key_getcomb_esp");
7700#endif
7701 MGET(m, M_WAITOK, MT_DATA);
7702 if (m) {
7703 M_ALIGN(m, l);
7704 m->m_len = l;
7705 m->m_next = NULL;
7706 bzero(mtod(m, caddr_t), m->m_len);
7707 }
7708 }
7709 if (!m)
7710 goto fail;
7711
7712 totlen = 0;
7713 for (n = m; n; n = n->m_next)
7714 totlen += n->m_len;
7715#if DIAGNOSTIC
7716 if (totlen % l)
7717 panic("assumption failed in key_getcomb_esp");
7718#endif
7719
7720 for (off = 0; off < totlen; off += l) {
7721 n = m_pulldown(m, off, l, &o);
7722 if (!n) {
7723 /* m is already freed */
7724 goto fail;
7725 }
7726 comb = (struct sadb_comb *)
7727 (void *)(mtod(n, caddr_t) + o);
7728 bzero(comb, sizeof(*comb));
7729 key_getcomb_setlifetime(comb);
7730 comb->sadb_comb_encrypt = i;
7731 comb->sadb_comb_encrypt_minbits = encmin;
7732 comb->sadb_comb_encrypt_maxbits = algo->keymax;
7733 }
7734
7735 if (!result)
7736 result = m;
7737 else
7738 m_cat(result, m);
7739 }
7740
7741 return result;
7742
7743fail:
7744 if (result)
7745 m_freem(result);
7746 return NULL;
7747}
7748#endif
7749
7750/*
7751 * XXX reorder combinations by preference
7752 */
7753static struct mbuf *
7754key_getcomb_ah(void)
7755{
7756 struct sadb_comb *comb;
7757 const struct ah_algorithm *algo;
7758 struct mbuf *m;
7759 int keymin;
7760 int i;
7761 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7762
7763 m = NULL;
7764 for (i = 1; i <= SADB_AALG_MAX; i++) {
7765#if 1
7766 /* we prefer HMAC algorithms, not old algorithms */
7767 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
7768 continue;
7769#endif
7770 algo = ah_algorithm_lookup(i);
7771 if (!algo)
7772 continue;
7773
7774 if (algo->keymax < ipsec_ah_keymin)
7775 continue;
7776 if (algo->keymin < ipsec_ah_keymin)
7777 keymin = ipsec_ah_keymin;
7778 else
7779 keymin = algo->keymin;
7780
7781 if (!m) {
7782#if DIAGNOSTIC
7783 if (l > MLEN)
7784 panic("assumption failed in key_getcomb_ah");
7785#endif
7786 MGET(m, M_WAITOK, MT_DATA);
7787 if (m) {
7788 M_ALIGN(m, l);
7789 m->m_len = l;
7790 m->m_next = NULL;
7791 }
7792 } else
7793 M_PREPEND(m, l, M_WAITOK);
7794 if (!m)
7795 return NULL;
7796
7797 comb = mtod(m, struct sadb_comb *);
7798 bzero(comb, sizeof(*comb));
7799 key_getcomb_setlifetime(comb);
7800 comb->sadb_comb_auth = i;
7801 comb->sadb_comb_auth_minbits = keymin;
7802 comb->sadb_comb_auth_maxbits = algo->keymax;
7803 }
7804
7805 return m;
7806}
7807
7808/*
7809 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
7810 * XXX reorder combinations by preference
7811 */
7812static struct mbuf *
7813key_getcomb_ipcomp(void)
7814{
7815 struct sadb_comb *comb;
7816 const struct ipcomp_algorithm *algo;
7817 struct mbuf *m;
7818 int i;
7819 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7820
7821 m = NULL;
7822 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
7823 algo = ipcomp_algorithm_lookup(i);
7824 if (!algo)
7825 continue;
7826
7827 if (!m) {
7828#if DIAGNOSTIC
7829 if (l > MLEN)
7830 panic("assumption failed in key_getcomb_ipcomp");
7831#endif
7832 MGET(m, M_WAITOK, MT_DATA);
7833 if (m) {
7834 M_ALIGN(m, l);
7835 m->m_len = l;
7836 m->m_next = NULL;
7837 }
7838 } else
7839 M_PREPEND(m, l, M_WAITOK);
7840 if (!m)
7841 return NULL;
7842
7843 comb = mtod(m, struct sadb_comb *);
7844 bzero(comb, sizeof(*comb));
7845 key_getcomb_setlifetime(comb);
7846 comb->sadb_comb_encrypt = i;
7847 /* what should we set into sadb_comb_*_{min,max}bits? */
7848 }
7849
7850 return m;
7851}
7852
7853/*
7854 * XXX no way to pass mode (transport/tunnel) to userland
7855 * XXX replay checking?
7856 * XXX sysctl interface to ipsec_{ah,esp}_keymin
7857 */
7858static struct mbuf *
7859key_getprop(
7860 const struct secasindex *saidx)
7861{
7862 struct sadb_prop *prop;
7863 struct mbuf *m, *n;
7864 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
7865 int totlen;
7866
7867 switch (saidx->proto) {
7868#if IPSEC_ESP
7869 case IPPROTO_ESP:
7870 m = key_getcomb_esp();
7871 break;
7872#endif
7873 case IPPROTO_AH:
7874 m = key_getcomb_ah();
7875 break;
7876 case IPPROTO_IPCOMP:
7877 m = key_getcomb_ipcomp();
7878 break;
7879 default:
7880 return NULL;
7881 }
7882
7883 if (!m)
7884 return NULL;
7885 M_PREPEND(m, l, M_WAITOK);
7886 if (!m)
7887 return NULL;
7888
7889 totlen = 0;
7890 for (n = m; n; n = n->m_next)
7891 totlen += n->m_len;
7892
7893 prop = mtod(m, struct sadb_prop *);
7894 bzero(prop, sizeof(*prop));
7895 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
7896 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
7897 prop->sadb_prop_replay = 32; /* XXX */
7898
7899 return m;
7900}
7901
7902/*
7903 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
7904 * send
7905 * <base, SA, address(SD), (address(P)), x_policy,
7906 * (identity(SD),) (sensitivity,) proposal>
7907 * to KMD, and expect to receive
7908 * <base> with SADB_ACQUIRE if error occurred,
7909 * or
7910 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
7911 * from KMD by PF_KEY.
7912 *
7913 * XXX x_policy is outside of RFC2367 (KAME extension).
7914 * XXX sensitivity is not supported.
7915 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
7916 * see comment for key_getcomb_ipcomp().
7917 *
7918 * OUT:
7919 * 0 : succeed
7920 * others: error number
7921 */
7922static int
7923key_acquire(
7924 struct secasindex *saidx,
7925 struct secpolicy *sp)
7926{
7927 struct mbuf *result = NULL, *m;
7928#ifndef IPSEC_NONBLOCK_ACQUIRE
7929 struct secacq *newacq;
7930#endif
7931 u_int8_t satype;
7932 int error = -1;
7933 u_int32_t seq;
7934
7935 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7936
7937 /* sanity check */
7938 if (saidx == NULL)
7939 panic("key_acquire: NULL pointer is passed.\n");
7940 if ((satype = key_proto2satype(saidx->proto)) == 0)
7941 panic("key_acquire: invalid proto is passed.\n");
7942
7943#ifndef IPSEC_NONBLOCK_ACQUIRE
7944 /*
7945 * We never do anything about acquirng SA. There is anather
7946 * solution that kernel blocks to send SADB_ACQUIRE message until
7947 * getting something message from IKEd. In later case, to be
7948 * managed with ACQUIRING list.
7949 */
7950 /* get a entry to check whether sending message or not. */
7951 lck_mtx_lock(sadb_mutex);
7952 if ((newacq = key_getacq(saidx)) != NULL) {
7953 if (key_blockacq_count < newacq->count) {
7954 /* reset counter and do send message. */
7955 newacq->count = 0;
7956 } else {
7957 /* increment counter and do nothing. */
7958 newacq->count++;
7959 lck_mtx_unlock(sadb_mutex);
7960 return 0;
7961 }
7962 } else {
7963 /* make new entry for blocking to send SADB_ACQUIRE. */
7964 if ((newacq = key_newacq(saidx)) == NULL) {
7965 lck_mtx_unlock(sadb_mutex);
7966 return ENOBUFS;
7967 }
7968
7969 /* add to acqtree */
7970 LIST_INSERT_HEAD(&acqtree, newacq, chain);
7971 key_start_timehandler();
7972 }
7973 seq = newacq->seq;
7974 lck_mtx_unlock(sadb_mutex);
7975
7976#else
7977 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
7978#endif
7979 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
7980 if (!m) {
7981 error = ENOBUFS;
7982 goto fail;
7983 }
7984 result = m;
7985
7986 /* set sadb_address for saidx's. */
7987 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
7988 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
7989 if (!m) {
7990 error = ENOBUFS;
7991 goto fail;
7992 }
7993 m_cat(result, m);
7994
7995 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
7996 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
7997 if (!m) {
7998 error = ENOBUFS;
7999 goto fail;
8000 }
8001 m_cat(result, m);
8002
8003 /* XXX proxy address (optional) */
8004
8005 /* set sadb_x_policy */
8006 if (sp) {
8007 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
8008 if (!m) {
8009 error = ENOBUFS;
8010 goto fail;
8011 }
8012 m_cat(result, m);
8013 }
8014
8015 /* XXX identity (optional) */
8016#if 0
8017 if (idexttype && fqdn) {
8018 /* create identity extension (FQDN) */
8019 struct sadb_ident *id;
8020 int fqdnlen;
8021
8022 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
8023 id = (struct sadb_ident *)p;
8024 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8025 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8026 id->sadb_ident_exttype = idexttype;
8027 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
8028 bcopy(fqdn, id + 1, fqdnlen);
8029 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
8030 }
8031
8032 if (idexttype) {
8033 /* create identity extension (USERFQDN) */
8034 struct sadb_ident *id;
8035 int userfqdnlen;
8036
8037 if (userfqdn) {
8038 /* +1 for terminating-NUL */
8039 userfqdnlen = strlen(userfqdn) + 1;
8040 } else
8041 userfqdnlen = 0;
8042 id = (struct sadb_ident *)p;
8043 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8044 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8045 id->sadb_ident_exttype = idexttype;
8046 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
8047 /* XXX is it correct? */
8048 if (curproc && curproc->p_cred)
8049 id->sadb_ident_id = curproc->p_cred->p_ruid;
8050 if (userfqdn && userfqdnlen)
8051 bcopy(userfqdn, id + 1, userfqdnlen);
8052 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
8053 }
8054#endif
8055
8056 /* XXX sensitivity (optional) */
8057
8058 /* create proposal/combination extension */
8059 m = key_getprop(saidx);
8060#if 0
8061 /*
8062 * spec conformant: always attach proposal/combination extension,
8063 * the problem is that we have no way to attach it for ipcomp,
8064 * due to the way sadb_comb is declared in RFC2367.
8065 */
8066 if (!m) {
8067 error = ENOBUFS;
8068 goto fail;
8069 }
8070 m_cat(result, m);
8071#else
8072 /*
8073 * outside of spec; make proposal/combination extension optional.
8074 */
8075 if (m)
8076 m_cat(result, m);
8077#endif
8078
8079 if ((result->m_flags & M_PKTHDR) == 0) {
8080 error = EINVAL;
8081 goto fail;
8082 }
8083
8084 if (result->m_len < sizeof(struct sadb_msg)) {
8085 result = m_pullup(result, sizeof(struct sadb_msg));
8086 if (result == NULL) {
8087 error = ENOBUFS;
8088 goto fail;
8089 }
8090 }
8091
8092 result->m_pkthdr.len = 0;
8093 for (m = result; m; m = m->m_next)
8094 result->m_pkthdr.len += m->m_len;
8095
8096 mtod(result, struct sadb_msg *)->sadb_msg_len =
8097 PFKEY_UNIT64(result->m_pkthdr.len);
8098
8099 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8100
8101fail:
8102 if (result)
8103 m_freem(result);
8104 return error;
8105}
8106
8107#ifndef IPSEC_NONBLOCK_ACQUIRE
8108static struct secacq *
8109key_newacq(
8110 struct secasindex *saidx)
8111{
8112 struct secacq *newacq;
8113 struct timeval tv;
8114
8115 /* get new entry */
8116 KMALLOC_NOWAIT(newacq, struct secacq *, sizeof(struct secacq));
8117 if (newacq == NULL) {
8118 lck_mtx_unlock(sadb_mutex);
8119 KMALLOC_WAIT(newacq, struct secacq *, sizeof(struct secacq));
8120 lck_mtx_lock(sadb_mutex);
8121 if (newacq == NULL) {
8122 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
8123 return NULL;
8124 }
8125 }
8126 bzero(newacq, sizeof(*newacq));
8127
8128 /* copy secindex */
8129 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
8130 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
8131 microtime(&tv);
8132 newacq->created = tv.tv_sec;
8133 newacq->count = 0;
8134
8135 return newacq;
8136}
8137
8138static struct secacq *
8139key_getacq(
8140 struct secasindex *saidx)
8141{
8142 struct secacq *acq;
8143
8144 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8145
8146 LIST_FOREACH(acq, &acqtree, chain) {
8147 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
8148 return acq;
8149 }
8150
8151 return NULL;
8152}
8153
8154static struct secacq *
8155key_getacqbyseq(
8156 u_int32_t seq)
8157{
8158 struct secacq *acq;
8159
8160 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8161
8162 LIST_FOREACH(acq, &acqtree, chain) {
8163 if (acq->seq == seq)
8164 return acq;
8165 }
8166
8167 return NULL;
8168}
8169#endif
8170
8171static struct secspacq *
8172key_newspacq(
8173 struct secpolicyindex *spidx)
8174{
8175 struct secspacq *acq;
8176 struct timeval tv;
8177
8178 /* get new entry */
8179 KMALLOC_NOWAIT(acq, struct secspacq *, sizeof(struct secspacq));
8180 if (acq == NULL) {
8181 lck_mtx_unlock(sadb_mutex);
8182 KMALLOC_WAIT(acq, struct secspacq *, sizeof(struct secspacq));
8183 lck_mtx_lock(sadb_mutex);
8184 if (acq == NULL) {
8185 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
8186 return NULL;
8187 }
8188 }
8189 bzero(acq, sizeof(*acq));
8190
8191 /* copy secindex */
8192 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
8193 microtime(&tv);
8194 acq->created = tv.tv_sec;
8195 acq->count = 0;
8196
8197 return acq;
8198}
8199
8200static struct secspacq *
8201key_getspacq(
8202 struct secpolicyindex *spidx)
8203{
8204 struct secspacq *acq;
8205
8206 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8207
8208 LIST_FOREACH(acq, &spacqtree, chain) {
8209 if (key_cmpspidx_exactly(spidx, &acq->spidx))
8210 return acq;
8211 }
8212
8213 return NULL;
8214}
8215
8216/*
8217 * SADB_ACQUIRE processing,
8218 * in first situation, is receiving
8219 * <base>
8220 * from the ikmpd, and clear sequence of its secasvar entry.
8221 *
8222 * In second situation, is receiving
8223 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8224 * from a user land process, and return
8225 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8226 * to the socket.
8227 *
8228 * m will always be freed.
8229 */
8230static int
8231key_acquire2(
8232 struct socket *so,
8233 struct mbuf *m,
8234 const struct sadb_msghdr *mhp)
8235{
8236 const struct sadb_address *src0, *dst0;
8237 ifnet_t ipsec_if = NULL;
8238 struct secasindex saidx;
8239 struct secashead *sah;
8240 u_int16_t proto;
8241 int error;
8242
8243
8244 /* sanity check */
8245 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8246 panic("key_acquire2: NULL pointer is passed.\n");
8247
8248 /*
8249 * Error message from KMd.
8250 * We assume that if error was occurred in IKEd, the length of PFKEY
8251 * message is equal to the size of sadb_msg structure.
8252 * We do not raise error even if error occurred in this function.
8253 */
8254 lck_mtx_lock(sadb_mutex);
8255
8256 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
8257#ifndef IPSEC_NONBLOCK_ACQUIRE
8258 struct secacq *acq;
8259 struct timeval tv;
8260
8261 /* check sequence number */
8262 if (mhp->msg->sadb_msg_seq == 0) {
8263 lck_mtx_unlock(sadb_mutex);
8264 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
8265 m_freem(m);
8266 return 0;
8267 }
8268
8269 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
8270 /*
8271 * the specified larval SA is already gone, or we got
8272 * a bogus sequence number. we can silently ignore it.
8273 */
8274 lck_mtx_unlock(sadb_mutex);
8275 m_freem(m);
8276 return 0;
8277 }
8278
8279 /* reset acq counter in order to deletion by timehander. */
8280 microtime(&tv);
8281 acq->created = tv.tv_sec;
8282 acq->count = 0;
8283#endif
8284 lck_mtx_unlock(sadb_mutex);
8285 m_freem(m);
8286 return 0;
8287 }
8288
8289 /*
8290 * This message is from user land.
8291 */
8292
8293 /* map satype to proto */
8294 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8295 lck_mtx_unlock(sadb_mutex);
8296 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
8297 return key_senderror(so, m, EINVAL);
8298 }
8299
8300 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
8301 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
8302 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
8303 /* error */
8304 lck_mtx_unlock(sadb_mutex);
8305 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8306 return key_senderror(so, m, EINVAL);
8307 }
8308 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
8309 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
8310 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
8311 /* error */
8312 lck_mtx_unlock(sadb_mutex);
8313 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8314 return key_senderror(so, m, EINVAL);
8315 }
8316
8317 src0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
8318 dst0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
8319 ipsec_if = key_get_ipsec_if_from_message(mhp);
8320
8321 /* XXX boundary check against sa_len */
8322 /* cast warnings */
8323 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
8324
8325 /* get a SA index */
8326 LIST_FOREACH(sah, &sahtree, chain) {
8327 if (sah->state == SADB_SASTATE_DEAD)
8328 continue;
8329 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
8330 break;
8331 }
8332 if (sah != NULL) {
8333 lck_mtx_unlock(sadb_mutex);
8334 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
8335 return key_senderror(so, m, EEXIST);
8336 }
8337 lck_mtx_unlock(sadb_mutex);
8338 error = key_acquire(&saidx, NULL);
8339 if (error != 0) {
8340 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
8341 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
8342 return key_senderror(so, m, error);
8343 }
8344
8345 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
8346}
8347
8348/*
8349 * SADB_REGISTER processing.
8350 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
8351 * receive
8352 * <base>
8353 * from the ikmpd, and register a socket to send PF_KEY messages,
8354 * and send
8355 * <base, supported>
8356 * to KMD by PF_KEY.
8357 * If socket is detached, must free from regnode.
8358 *
8359 * m will always be freed.
8360 */
8361static int
8362key_register(
8363 struct socket *so,
8364 struct mbuf *m,
8365 const struct sadb_msghdr *mhp)
8366{
8367 struct secreg *reg, *newreg = 0;
8368
8369 /* sanity check */
8370 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8371 panic("key_register: NULL pointer is passed.\n");
8372
8373 /* check for invalid register message */
8374 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
8375 return key_senderror(so, m, EINVAL);
8376
8377 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
8378 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
8379 goto setmsg;
8380
8381 /* create regnode */
8382 KMALLOC_WAIT(newreg, struct secreg *, sizeof(*newreg));
8383 if (newreg == NULL) {
8384 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
8385 return key_senderror(so, m, ENOBUFS);
8386 }
8387 bzero((caddr_t)newreg, sizeof(*newreg));
8388
8389 lck_mtx_lock(sadb_mutex);
8390 /* check whether existing or not */
8391 LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
8392 if (reg->so == so) {
8393 lck_mtx_unlock(sadb_mutex);
8394 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
8395 KFREE(newreg);
8396 return key_senderror(so, m, EEXIST);
8397 }
8398 }
8399
8400 socket_lock(so, 1);
8401 newreg->so = so;
8402 ((struct keycb *)sotorawcb(so))->kp_registered++;
8403 socket_unlock(so, 1);
8404
8405 /* add regnode to regtree. */
8406 LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
8407 lck_mtx_unlock(sadb_mutex);
8408setmsg:
8409 {
8410 struct mbuf *n;
8411 struct sadb_msg *newmsg;
8412 struct sadb_supported *sup;
8413 u_int len, alen, elen;
8414 int off;
8415 int i;
8416 struct sadb_alg *alg;
8417
8418 /* create new sadb_msg to reply. */
8419 alen = 0;
8420 for (i = 1; i <= SADB_AALG_MAX; i++) {
8421 if (ah_algorithm_lookup(i))
8422 alen += sizeof(struct sadb_alg);
8423 }
8424 if (alen)
8425 alen += sizeof(struct sadb_supported);
8426 elen = 0;
8427#if IPSEC_ESP
8428 for (i = 1; i <= SADB_EALG_MAX; i++) {
8429 if (esp_algorithm_lookup(i))
8430 elen += sizeof(struct sadb_alg);
8431 }
8432 if (elen)
8433 elen += sizeof(struct sadb_supported);
8434#endif
8435
8436 len = sizeof(struct sadb_msg) + alen + elen;
8437
8438 if (len > MCLBYTES)
8439 return key_senderror(so, m, ENOBUFS);
8440
8441 MGETHDR(n, M_WAITOK, MT_DATA);
8442 if (n && len > MHLEN) {
8443 MCLGET(n, M_WAITOK);
8444 if ((n->m_flags & M_EXT) == 0) {
8445 m_freem(n);
8446 n = NULL;
8447 }
8448 }
8449 if (!n)
8450 return key_senderror(so, m, ENOBUFS);
8451
8452 n->m_pkthdr.len = n->m_len = len;
8453 n->m_next = NULL;
8454 off = 0;
8455
8456 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
8457 newmsg = mtod(n, struct sadb_msg *);
8458 newmsg->sadb_msg_errno = 0;
8459 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
8460 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
8461
8462 /* for authentication algorithm */
8463 if (alen) {
8464 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8465 sup->sadb_supported_len = PFKEY_UNIT64(alen);
8466 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
8467 off += PFKEY_ALIGN8(sizeof(*sup));
8468
8469 for (i = 1; i <= SADB_AALG_MAX; i++) {
8470 const struct ah_algorithm *aalgo;
8471
8472 aalgo = ah_algorithm_lookup(i);
8473 if (!aalgo)
8474 continue;
8475 alg = (struct sadb_alg *)
8476 (void *)(mtod(n, caddr_t) + off);
8477 alg->sadb_alg_id = i;
8478 alg->sadb_alg_ivlen = 0;
8479 alg->sadb_alg_minbits = aalgo->keymin;
8480 alg->sadb_alg_maxbits = aalgo->keymax;
8481 off += PFKEY_ALIGN8(sizeof(*alg));
8482 }
8483 }
8484
8485#if IPSEC_ESP
8486 /* for encryption algorithm */
8487 if (elen) {
8488 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8489 sup->sadb_supported_len = PFKEY_UNIT64(elen);
8490 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
8491 off += PFKEY_ALIGN8(sizeof(*sup));
8492
8493 for (i = 1; i <= SADB_EALG_MAX; i++) {
8494 const struct esp_algorithm *ealgo;
8495
8496 ealgo = esp_algorithm_lookup(i);
8497 if (!ealgo)
8498 continue;
8499 alg = (struct sadb_alg *)
8500 (void *)(mtod(n, caddr_t) + off);
8501 alg->sadb_alg_id = i;
8502 if (ealgo && ealgo->ivlen) {
8503 /*
8504 * give NULL to get the value preferred by
8505 * algorithm XXX SADB_X_EXT_DERIV ?
8506 */
8507 alg->sadb_alg_ivlen =
8508 (*ealgo->ivlen)(ealgo, NULL);
8509 } else
8510 alg->sadb_alg_ivlen = 0;
8511 alg->sadb_alg_minbits = ealgo->keymin;
8512 alg->sadb_alg_maxbits = ealgo->keymax;
8513 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
8514 }
8515 }
8516#endif
8517
8518#if DIGAGNOSTIC
8519 if (off != len)
8520 panic("length assumption failed in key_register");
8521#endif
8522
8523 m_freem(m);
8524 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
8525 }
8526}
8527
8528static void
8529key_delete_all_for_socket (struct socket *so)
8530{
8531 struct secashead *sah, *nextsah;
8532 struct secasvar *sav, *nextsav;
8533 u_int stateidx;
8534 u_int state;
8535
8536 for (sah = LIST_FIRST(&sahtree);
8537 sah != NULL;
8538 sah = nextsah) {
8539 nextsah = LIST_NEXT(sah, chain);
8540 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
8541 state = saorder_state_any[stateidx];
8542 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
8543 nextsav = LIST_NEXT(sav, chain);
8544 if (sav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH &&
8545 sav->so == so) {
8546 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
8547 key_freesav(sav, KEY_SADB_LOCKED);
8548 }
8549 }
8550 }
8551 }
8552}
8553
8554/*
8555 * free secreg entry registered.
8556 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
8557 */
8558void
8559key_freereg(
8560 struct socket *so)
8561{
8562 struct secreg *reg;
8563 int i;
8564
8565 /* sanity check */
8566 if (so == NULL)
8567 panic("key_freereg: NULL pointer is passed.\n");
8568
8569 /*
8570 * check whether existing or not.
8571 * check all type of SA, because there is a potential that
8572 * one socket is registered to multiple type of SA.
8573 */
8574 lck_mtx_lock(sadb_mutex);
8575 key_delete_all_for_socket(so);
8576 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8577 LIST_FOREACH(reg, &regtree[i], chain) {
8578 if (reg->so == so
8579 && __LIST_CHAINED(reg)) {
8580 LIST_REMOVE(reg, chain);
8581 KFREE(reg);
8582 break;
8583 }
8584 }
8585 }
8586 lck_mtx_unlock(sadb_mutex);
8587 return;
8588}
8589
8590/*
8591 * SADB_EXPIRE processing
8592 * send
8593 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
8594 * to KMD by PF_KEY.
8595 * NOTE: We send only soft lifetime extension.
8596 *
8597 * OUT: 0 : succeed
8598 * others : error number
8599 */
8600static int
8601key_expire(
8602 struct secasvar *sav)
8603{
8604 int satype;
8605 struct mbuf *result = NULL, *m;
8606 int len;
8607 int error = -1;
8608 struct sadb_lifetime *lt;
8609
8610 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8611
8612 /* sanity check */
8613 if (sav == NULL)
8614 panic("key_expire: NULL pointer is passed.\n");
8615 if (sav->sah == NULL)
8616 panic("key_expire: Why was SA index in SA NULL.\n");
8617 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
8618 panic("key_expire: invalid proto is passed.\n");
8619
8620 /* set msg header */
8621 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
8622 if (!m) {
8623 error = ENOBUFS;
8624 goto fail;
8625 }
8626 result = m;
8627
8628 /* create SA extension */
8629 m = key_setsadbsa(sav);
8630 if (!m) {
8631 error = ENOBUFS;
8632 goto fail;
8633 }
8634 m_cat(result, m);
8635
8636 /* create SA extension */
8637 m = key_setsadbxsa2(sav->sah->saidx.mode,
8638 sav->replay ? sav->replay->count : 0,
8639 sav->sah->saidx.reqid,
8640 sav->flags2);
8641 if (!m) {
8642 error = ENOBUFS;
8643 goto fail;
8644 }
8645 m_cat(result, m);
8646
8647 /* create lifetime extension (current and soft) */
8648 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
8649 m = key_alloc_mbuf(len);
8650 if (!m || m->m_next) { /*XXX*/
8651 if (m)
8652 m_freem(m);
8653 error = ENOBUFS;
8654 goto fail;
8655 }
8656 bzero(mtod(m, caddr_t), len);
8657 lt = mtod(m, struct sadb_lifetime *);
8658 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
8659 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
8660 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
8661 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
8662 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
8663 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
8664 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
8665 bcopy(sav->lft_s, lt, sizeof(*lt));
8666 m_cat(result, m);
8667
8668 /* set sadb_address for source */
8669 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
8670 (struct sockaddr *)&sav->sah->saidx.src,
8671 FULLMASK, IPSEC_ULPROTO_ANY);
8672 if (!m) {
8673 error = ENOBUFS;
8674 goto fail;
8675 }
8676 m_cat(result, m);
8677
8678 /* set sadb_address for destination */
8679 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
8680 (struct sockaddr *)&sav->sah->saidx.dst,
8681 FULLMASK, IPSEC_ULPROTO_ANY);
8682 if (!m) {
8683 error = ENOBUFS;
8684 goto fail;
8685 }
8686 m_cat(result, m);
8687
8688 if ((result->m_flags & M_PKTHDR) == 0) {
8689 error = EINVAL;
8690 goto fail;
8691 }
8692
8693 if (result->m_len < sizeof(struct sadb_msg)) {
8694 result = m_pullup(result, sizeof(struct sadb_msg));
8695 if (result == NULL) {
8696 error = ENOBUFS;
8697 goto fail;
8698 }
8699 }
8700
8701 result->m_pkthdr.len = 0;
8702 for (m = result; m; m = m->m_next)
8703 result->m_pkthdr.len += m->m_len;
8704
8705 mtod(result, struct sadb_msg *)->sadb_msg_len =
8706 PFKEY_UNIT64(result->m_pkthdr.len);
8707
8708 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8709
8710fail:
8711 if (result)
8712 m_freem(result);
8713 return error;
8714}
8715
8716/*
8717 * SADB_FLUSH processing
8718 * receive
8719 * <base>
8720 * from the ikmpd, and free all entries in secastree.
8721 * and send,
8722 * <base>
8723 * to the ikmpd.
8724 * NOTE: to do is only marking SADB_SASTATE_DEAD.
8725 *
8726 * m will always be freed.
8727 */
8728static int
8729key_flush(
8730 struct socket *so,
8731 struct mbuf *m,
8732 const struct sadb_msghdr *mhp)
8733{
8734 struct sadb_msg *newmsg;
8735 struct secashead *sah, *nextsah;
8736 struct secasvar *sav, *nextsav;
8737 u_int16_t proto;
8738 u_int8_t state;
8739 u_int stateidx;
8740
8741 /* sanity check */
8742 if (so == NULL || mhp == NULL || mhp->msg == NULL)
8743 panic("key_flush: NULL pointer is passed.\n");
8744
8745 /* map satype to proto */
8746 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8747 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
8748 return key_senderror(so, m, EINVAL);
8749 }
8750
8751 lck_mtx_lock(sadb_mutex);
8752
8753 /* no SATYPE specified, i.e. flushing all SA. */
8754 for (sah = LIST_FIRST(&sahtree);
8755 sah != NULL;
8756 sah = nextsah) {
8757 nextsah = LIST_NEXT(sah, chain);
8758
8759 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
8760 && proto != sah->saidx.proto)
8761 continue;
8762
8763 for (stateidx = 0;
8764 stateidx < _ARRAYLEN(saorder_state_alive);
8765 stateidx++) {
8766 state = saorder_state_any[stateidx];
8767 for (sav = LIST_FIRST(&sah->savtree[state]);
8768 sav != NULL;
8769 sav = nextsav) {
8770
8771 nextsav = LIST_NEXT(sav, chain);
8772
8773 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
8774 key_freesav(sav, KEY_SADB_LOCKED);
8775 }
8776 }
8777
8778 sah->state = SADB_SASTATE_DEAD;
8779 }
8780 lck_mtx_unlock(sadb_mutex);
8781
8782 if (m->m_len < sizeof(struct sadb_msg) ||
8783 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
8784 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
8785 return key_senderror(so, m, ENOBUFS);
8786 }
8787
8788 if (m->m_next)
8789 m_freem(m->m_next);
8790 m->m_next = NULL;
8791 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
8792 newmsg = mtod(m, struct sadb_msg *);
8793 newmsg->sadb_msg_errno = 0;
8794 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
8795
8796 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8797}
8798
8799/*
8800 * SADB_DUMP processing
8801 * dump all entries including status of DEAD in SAD.
8802 * receive
8803 * <base>
8804 * from the ikmpd, and dump all secasvar leaves
8805 * and send,
8806 * <base> .....
8807 * to the ikmpd.
8808 *
8809 * m will always be freed.
8810 */
8811
8812struct sav_dump_elem {
8813 struct secasvar *sav;
8814 u_int8_t satype;
8815};
8816
8817static int
8818key_dump(
8819 struct socket *so,
8820 struct mbuf *m,
8821 const struct sadb_msghdr *mhp)
8822{
8823 struct secashead *sah;
8824 struct secasvar *sav;
8825 struct sav_dump_elem *savbuf = NULL, *elem_ptr;
8826 u_int16_t proto;
8827 u_int stateidx;
8828 u_int8_t satype;
8829 u_int8_t state;
8830 int cnt = 0, cnt2, bufcount;
8831 struct mbuf *n;
8832 int error = 0;
8833
8834 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8835
8836 /* sanity check */
8837 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8838 panic("key_dump: NULL pointer is passed.\n");
8839
8840 /* map satype to proto */
8841 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8842 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
8843 return key_senderror(so, m, EINVAL);
8844 }
8845
8846 if ((bufcount = ipsec_sav_count) <= 0) {
8847 error = ENOENT;
8848 goto end;
8849 }
8850 bufcount += 512; /* extra */
8851 KMALLOC_WAIT(savbuf, struct sav_dump_elem*, bufcount * sizeof(struct sav_dump_elem));
8852 if (savbuf == NULL) {
8853 ipseclog((LOG_DEBUG, "key_dump: No more memory.\n"));
8854 error = ENOMEM;
8855 goto end;
8856 }
8857
8858 /* count sav entries to be sent to the userland. */
8859 lck_mtx_lock(sadb_mutex);
8860 elem_ptr = savbuf;
8861 LIST_FOREACH(sah, &sahtree, chain) {
8862 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
8863 && proto != sah->saidx.proto)
8864 continue;
8865
8866 /* map proto to satype */
8867 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
8868 lck_mtx_unlock(sadb_mutex);
8869 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
8870 error = EINVAL;
8871 goto end;
8872 }
8873
8874 for (stateidx = 0;
8875 stateidx < _ARRAYLEN(saorder_state_any);
8876 stateidx++) {
8877 state = saorder_state_any[stateidx];
8878 LIST_FOREACH(sav, &sah->savtree[state], chain) {
8879 if (cnt == bufcount)
8880 break; /* out of buffer space */
8881 elem_ptr->sav = sav;
8882 elem_ptr->satype = satype;
8883 sav->refcnt++;
8884 elem_ptr++;
8885 cnt++;
8886 }
8887 }
8888 }
8889 lck_mtx_unlock(sadb_mutex);
8890
8891 if (cnt == 0) {
8892 error = ENOENT;
8893 goto end;
8894 }
8895
8896 /* send this to the userland, one at a time. */
8897 elem_ptr = savbuf;
8898 cnt2 = cnt;
8899 while (cnt2) {
8900 n = key_setdumpsa(elem_ptr->sav, SADB_DUMP, elem_ptr->satype,
8901 --cnt2, mhp->msg->sadb_msg_pid);
8902
8903 if (!n) {
8904 error = ENOBUFS;
8905 goto end;
8906 }
8907
8908 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
8909 elem_ptr++;
8910 }
8911
8912end:
8913 if (savbuf) {
8914 if (cnt) {
8915 elem_ptr = savbuf;
8916 lck_mtx_lock(sadb_mutex);
8917 while (cnt--)
8918 key_freesav((elem_ptr++)->sav, KEY_SADB_LOCKED);
8919 lck_mtx_unlock(sadb_mutex);
8920 }
8921 KFREE(savbuf);
8922 }
8923
8924 if (error)
8925 return key_senderror(so, m, error);
8926
8927 m_freem(m);
8928 return 0;
8929}
8930
8931/*
8932 * SADB_X_PROMISC processing
8933 *
8934 * m will always be freed.
8935 */
8936static int
8937key_promisc(
8938 struct socket *so,
8939 struct mbuf *m,
8940 const struct sadb_msghdr *mhp)
8941{
8942 int olen;
8943
8944 /* sanity check */
8945 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8946 panic("key_promisc: NULL pointer is passed.\n");
8947
8948 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
8949
8950 if (olen < sizeof(struct sadb_msg)) {
8951#if 1
8952 return key_senderror(so, m, EINVAL);
8953#else
8954 m_freem(m);
8955 return 0;
8956#endif
8957 } else if (olen == sizeof(struct sadb_msg)) {
8958 /* enable/disable promisc mode */
8959 struct keycb *kp;
8960
8961 socket_lock(so, 1);
8962 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
8963 return key_senderror(so, m, EINVAL);
8964 mhp->msg->sadb_msg_errno = 0;
8965 switch (mhp->msg->sadb_msg_satype) {
8966 case 0:
8967 case 1:
8968 kp->kp_promisc = mhp->msg->sadb_msg_satype;
8969 break;
8970 default:
8971 socket_unlock(so, 1);
8972 return key_senderror(so, m, EINVAL);
8973 }
8974 socket_unlock(so, 1);
8975
8976 /* send the original message back to everyone */
8977 mhp->msg->sadb_msg_errno = 0;
8978 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8979 } else {
8980 /* send packet as is */
8981
8982 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
8983
8984 /* TODO: if sadb_msg_seq is specified, send to specific pid */
8985 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8986 }
8987}
8988
8989static int (*key_typesw[])(struct socket *, struct mbuf *,
8990 const struct sadb_msghdr *) = {
8991 NULL, /* SADB_RESERVED */
8992 key_getspi, /* SADB_GETSPI */
8993 key_update, /* SADB_UPDATE */
8994 key_add, /* SADB_ADD */
8995 key_delete, /* SADB_DELETE */
8996 key_get, /* SADB_GET */
8997 key_acquire2, /* SADB_ACQUIRE */
8998 key_register, /* SADB_REGISTER */
8999 NULL, /* SADB_EXPIRE */
9000 key_flush, /* SADB_FLUSH */
9001 key_dump, /* SADB_DUMP */
9002 key_promisc, /* SADB_X_PROMISC */
9003 NULL, /* SADB_X_PCHANGE */
9004 key_spdadd, /* SADB_X_SPDUPDATE */
9005 key_spdadd, /* SADB_X_SPDADD */
9006 key_spddelete, /* SADB_X_SPDDELETE */
9007 key_spdget, /* SADB_X_SPDGET */
9008 NULL, /* SADB_X_SPDACQUIRE */
9009 key_spddump, /* SADB_X_SPDDUMP */
9010 key_spdflush, /* SADB_X_SPDFLUSH */
9011 key_spdadd, /* SADB_X_SPDSETIDX */
9012 NULL, /* SADB_X_SPDEXPIRE */
9013 key_spddelete2, /* SADB_X_SPDDELETE2 */
9014 key_getsastat, /* SADB_GETSASTAT */
9015 key_spdenable, /* SADB_X_SPDENABLE */
9016 key_spddisable, /* SADB_X_SPDDISABLE */
9017};
9018
9019/*
9020 * parse sadb_msg buffer to process PFKEYv2,
9021 * and create a data to response if needed.
9022 * I think to be dealed with mbuf directly.
9023 * IN:
9024 * msgp : pointer to pointer to a received buffer pulluped.
9025 * This is rewrited to response.
9026 * so : pointer to socket.
9027 * OUT:
9028 * length for buffer to send to user process.
9029 */
9030int
9031key_parse(
9032 struct mbuf *m,
9033 struct socket *so)
9034{
9035 struct sadb_msg *msg;
9036 struct sadb_msghdr mh;
9037 u_int orglen;
9038 int error;
9039 int target;
9040
9041 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9042
9043 /* sanity check */
9044 if (m == NULL || so == NULL)
9045 panic("key_parse: NULL pointer is passed.\n");
9046
9047#if 0 /*kdebug_sadb assumes msg in linear buffer*/
9048 KEYDEBUG(KEYDEBUG_KEY_DUMP,
9049 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
9050 kdebug_sadb(msg));
9051#endif
9052
9053 if (m->m_len < sizeof(struct sadb_msg)) {
9054 m = m_pullup(m, sizeof(struct sadb_msg));
9055 if (!m)
9056 return ENOBUFS;
9057 }
9058 msg = mtod(m, struct sadb_msg *);
9059 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
9060 target = KEY_SENDUP_ONE;
9061
9062 if ((m->m_flags & M_PKTHDR) == 0 ||
9063 m->m_pkthdr.len != m->m_pkthdr.len) {
9064 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
9065 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9066 error = EINVAL;
9067 goto senderror;
9068 }
9069
9070 if (msg->sadb_msg_version != PF_KEY_V2) {
9071 ipseclog((LOG_DEBUG,
9072 "key_parse: PF_KEY version %u is mismatched.\n",
9073 msg->sadb_msg_version));
9074 PFKEY_STAT_INCREMENT(pfkeystat.out_invver);
9075 error = EINVAL;
9076 goto senderror;
9077 }
9078
9079 if (msg->sadb_msg_type > SADB_MAX) {
9080 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9081 msg->sadb_msg_type));
9082 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9083 error = EINVAL;
9084 goto senderror;
9085 }
9086
9087 /* for old-fashioned code - should be nuked */
9088 if (m->m_pkthdr.len > MCLBYTES) {
9089 m_freem(m);
9090 return ENOBUFS;
9091 }
9092 if (m->m_next) {
9093 struct mbuf *n;
9094
9095 MGETHDR(n, M_WAITOK, MT_DATA);
9096 if (n && m->m_pkthdr.len > MHLEN) {
9097 MCLGET(n, M_WAITOK);
9098 if ((n->m_flags & M_EXT) == 0) {
9099 m_free(n);
9100 n = NULL;
9101 }
9102 }
9103 if (!n) {
9104 m_freem(m);
9105 return ENOBUFS;
9106 }
9107 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
9108 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
9109 n->m_next = NULL;
9110 m_freem(m);
9111 m = n;
9112 }
9113
9114 /* align the mbuf chain so that extensions are in contiguous region. */
9115 error = key_align(m, &mh);
9116 if (error)
9117 return error;
9118
9119 if (m->m_next) { /*XXX*/
9120 m_freem(m);
9121 return ENOBUFS;
9122 }
9123
9124 msg = mh.msg;
9125
9126 /* check SA type */
9127 switch (msg->sadb_msg_satype) {
9128 case SADB_SATYPE_UNSPEC:
9129 switch (msg->sadb_msg_type) {
9130 case SADB_GETSPI:
9131 case SADB_UPDATE:
9132 case SADB_ADD:
9133 case SADB_DELETE:
9134 case SADB_GET:
9135 case SADB_ACQUIRE:
9136 case SADB_EXPIRE:
9137 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
9138 "when msg type=%u.\n", msg->sadb_msg_type));
9139 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9140 error = EINVAL;
9141 goto senderror;
9142 }
9143 break;
9144 case SADB_SATYPE_AH:
9145 case SADB_SATYPE_ESP:
9146 case SADB_X_SATYPE_IPCOMP:
9147 switch (msg->sadb_msg_type) {
9148 case SADB_X_SPDADD:
9149 case SADB_X_SPDDELETE:
9150 case SADB_X_SPDGET:
9151 case SADB_X_SPDDUMP:
9152 case SADB_X_SPDFLUSH:
9153 case SADB_X_SPDSETIDX:
9154 case SADB_X_SPDUPDATE:
9155 case SADB_X_SPDDELETE2:
9156 case SADB_X_SPDENABLE:
9157 case SADB_X_SPDDISABLE:
9158 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
9159 msg->sadb_msg_type));
9160 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9161 error = EINVAL;
9162 goto senderror;
9163 }
9164 break;
9165 case SADB_SATYPE_RSVP:
9166 case SADB_SATYPE_OSPFV2:
9167 case SADB_SATYPE_RIPV2:
9168 case SADB_SATYPE_MIP:
9169 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
9170 msg->sadb_msg_satype));
9171 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9172 error = EOPNOTSUPP;
9173 goto senderror;
9174 case 1: /* XXX: What does it do? */
9175 if (msg->sadb_msg_type == SADB_X_PROMISC)
9176 break;
9177 /*FALLTHROUGH*/
9178 default:
9179 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9180 msg->sadb_msg_satype));
9181 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9182 error = EINVAL;
9183 goto senderror;
9184 }
9185
9186 /* check field of upper layer protocol and address family */
9187 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
9188 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
9189 struct sadb_address *src0, *dst0;
9190 u_int plen;
9191
9192 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
9193 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
9194
9195 /* check upper layer protocol */
9196 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
9197 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
9198 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9199 error = EINVAL;
9200 goto senderror;
9201 }
9202
9203 /* check family */
9204 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
9205 PFKEY_ADDR_SADDR(dst0)->sa_family) {
9206 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
9207 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9208 error = EINVAL;
9209 goto senderror;
9210 }
9211 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9212 PFKEY_ADDR_SADDR(dst0)->sa_len) {
9213 ipseclog((LOG_DEBUG,
9214 "key_parse: address struct size mismatched.\n"));
9215 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9216 error = EINVAL;
9217 goto senderror;
9218 }
9219
9220 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9221 case AF_INET:
9222 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9223 sizeof(struct sockaddr_in)) {
9224 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9225 error = EINVAL;
9226 goto senderror;
9227 }
9228 break;
9229 case AF_INET6:
9230 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9231 sizeof(struct sockaddr_in6)) {
9232 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9233 error = EINVAL;
9234 goto senderror;
9235 }
9236 break;
9237 default:
9238 ipseclog((LOG_DEBUG,
9239 "key_parse: unsupported address family.\n"));
9240 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9241 error = EAFNOSUPPORT;
9242 goto senderror;
9243 }
9244
9245 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9246 case AF_INET:
9247 plen = sizeof(struct in_addr) << 3;
9248 break;
9249 case AF_INET6:
9250 plen = sizeof(struct in6_addr) << 3;
9251 break;
9252 default:
9253 plen = 0; /*fool gcc*/
9254 break;
9255 }
9256
9257 /* check max prefix length */
9258 if (src0->sadb_address_prefixlen > plen ||
9259 dst0->sadb_address_prefixlen > plen) {
9260 ipseclog((LOG_DEBUG,
9261 "key_parse: illegal prefixlen.\n"));
9262 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9263 error = EINVAL;
9264 goto senderror;
9265 }
9266
9267 /*
9268 * prefixlen == 0 is valid because there can be a case when
9269 * all addresses are matched.
9270 */
9271 }
9272
9273 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
9274 key_typesw[msg->sadb_msg_type] == NULL) {
9275 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9276 error = EINVAL;
9277 goto senderror;
9278 }
9279
9280 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
9281
9282senderror:
9283 msg->sadb_msg_errno = error;
9284 return key_sendup_mbuf(so, m, target);
9285}
9286
9287static int
9288key_senderror(
9289 struct socket *so,
9290 struct mbuf *m,
9291 int code)
9292{
9293 struct sadb_msg *msg;
9294
9295 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9296
9297 if (m->m_len < sizeof(struct sadb_msg))
9298 panic("invalid mbuf passed to key_senderror");
9299
9300 msg = mtod(m, struct sadb_msg *);
9301 msg->sadb_msg_errno = code;
9302 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
9303}
9304
9305/*
9306 * set the pointer to each header into message buffer.
9307 * m will be freed on error.
9308 * XXX larger-than-MCLBYTES extension?
9309 */
9310static int
9311key_align(
9312 struct mbuf *m,
9313 struct sadb_msghdr *mhp)
9314{
9315 struct mbuf *n;
9316 struct sadb_ext *ext;
9317 size_t off, end;
9318 int extlen;
9319 int toff;
9320
9321 /* sanity check */
9322 if (m == NULL || mhp == NULL)
9323 panic("key_align: NULL pointer is passed.\n");
9324 if (m->m_len < sizeof(struct sadb_msg))
9325 panic("invalid mbuf passed to key_align");
9326
9327 /* initialize */
9328 bzero(mhp, sizeof(*mhp));
9329
9330 mhp->msg = mtod(m, struct sadb_msg *);
9331 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
9332
9333 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
9334 extlen = end; /*just in case extlen is not updated*/
9335 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
9336 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
9337 if (!n) {
9338 /* m is already freed */
9339 return ENOBUFS;
9340 }
9341 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9342
9343 /* set pointer */
9344 switch (ext->sadb_ext_type) {
9345 case SADB_EXT_SA:
9346 case SADB_EXT_ADDRESS_SRC:
9347 case SADB_EXT_ADDRESS_DST:
9348 case SADB_EXT_ADDRESS_PROXY:
9349 case SADB_EXT_LIFETIME_CURRENT:
9350 case SADB_EXT_LIFETIME_HARD:
9351 case SADB_EXT_LIFETIME_SOFT:
9352 case SADB_EXT_KEY_AUTH:
9353 case SADB_EXT_KEY_ENCRYPT:
9354 case SADB_EXT_IDENTITY_SRC:
9355 case SADB_EXT_IDENTITY_DST:
9356 case SADB_EXT_SENSITIVITY:
9357 case SADB_EXT_PROPOSAL:
9358 case SADB_EXT_SUPPORTED_AUTH:
9359 case SADB_EXT_SUPPORTED_ENCRYPT:
9360 case SADB_EXT_SPIRANGE:
9361 case SADB_X_EXT_POLICY:
9362 case SADB_X_EXT_SA2:
9363 case SADB_EXT_SESSION_ID:
9364 case SADB_EXT_SASTAT:
9365 case SADB_X_EXT_IPSECIF:
9366 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9367 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9368 case SADB_X_EXT_ADDR_RANGE_DST_START:
9369 case SADB_X_EXT_ADDR_RANGE_DST_END:
9370 /* duplicate check */
9371 /*
9372 * XXX Are there duplication payloads of either
9373 * KEY_AUTH or KEY_ENCRYPT ?
9374 */
9375 if (mhp->ext[ext->sadb_ext_type] != NULL) {
9376 ipseclog((LOG_DEBUG,
9377 "key_align: duplicate ext_type %u "
9378 "is passed.\n", ext->sadb_ext_type));
9379 m_freem(m);
9380 PFKEY_STAT_INCREMENT(pfkeystat.out_dupext);
9381 return EINVAL;
9382 }
9383 break;
9384 default:
9385 ipseclog((LOG_DEBUG,
9386 "key_align: invalid ext_type %u is passed.\n",
9387 ext->sadb_ext_type));
9388 m_freem(m);
9389 PFKEY_STAT_INCREMENT(pfkeystat.out_invexttype);
9390 return EINVAL;
9391 }
9392
9393 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
9394
9395 if (key_validate_ext(ext, extlen)) {
9396 m_freem(m);
9397 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9398 return EINVAL;
9399 }
9400
9401 n = m_pulldown(m, off, extlen, &toff);
9402 if (!n) {
9403 /* m is already freed */
9404 return ENOBUFS;
9405 }
9406 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9407
9408 mhp->ext[ext->sadb_ext_type] = ext;
9409 mhp->extoff[ext->sadb_ext_type] = off;
9410 mhp->extlen[ext->sadb_ext_type] = extlen;
9411 }
9412
9413 if (off != end) {
9414 m_freem(m);
9415 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9416 return EINVAL;
9417 }
9418
9419 return 0;
9420}
9421
9422static int
9423key_validate_ext(
9424 const struct sadb_ext *ext,
9425 int len)
9426{
9427 struct sockaddr *sa;
9428 enum { NONE, ADDR } checktype = NONE;
9429 int baselen;
9430 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
9431
9432 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
9433 return EINVAL;
9434
9435 /* if it does not match minimum/maximum length, bail */
9436 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
9437 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
9438 return EINVAL;
9439 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
9440 return EINVAL;
9441 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
9442 return EINVAL;
9443
9444 /* more checks based on sadb_ext_type XXX need more */
9445 switch (ext->sadb_ext_type) {
9446 case SADB_EXT_ADDRESS_SRC:
9447 case SADB_EXT_ADDRESS_DST:
9448 case SADB_EXT_ADDRESS_PROXY:
9449 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9450 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9451 case SADB_X_EXT_ADDR_RANGE_DST_START:
9452 case SADB_X_EXT_ADDR_RANGE_DST_END:
9453 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
9454 checktype = ADDR;
9455 break;
9456 case SADB_EXT_IDENTITY_SRC:
9457 case SADB_EXT_IDENTITY_DST:
9458 if (((struct sadb_ident *)(uintptr_t)(size_t)ext)->
9459 sadb_ident_type == SADB_X_IDENTTYPE_ADDR) {
9460 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
9461 checktype = ADDR;
9462 } else
9463 checktype = NONE;
9464 break;
9465 default:
9466 checktype = NONE;
9467 break;
9468 }
9469
9470 switch (checktype) {
9471 case NONE:
9472 break;
9473 case ADDR:
9474 sa = (struct sockaddr *)((caddr_t)(uintptr_t)ext + baselen);
9475
9476 if (len < baselen + sal)
9477 return EINVAL;
9478 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
9479 return EINVAL;
9480 break;
9481 }
9482
9483 return 0;
9484}
9485
9486/*
9487 * XXX: maybe This function is called after INBOUND IPsec processing.
9488 *
9489 * Special check for tunnel-mode packets.
9490 * We must make some checks for consistency between inner and outer IP header.
9491 *
9492 * xxx more checks to be provided
9493 */
9494int
9495key_checktunnelsanity(
9496 struct secasvar *sav,
9497 __unused u_int family,
9498 __unused caddr_t src,
9499 __unused caddr_t dst)
9500{
9501
9502 /* sanity check */
9503 if (sav->sah == NULL)
9504 panic("sav->sah == NULL at key_checktunnelsanity");
9505
9506 /* XXX: check inner IP header */
9507
9508 return 1;
9509}
9510
9511/* record data transfer on SA, and update timestamps */
9512void
9513key_sa_recordxfer(
9514 struct secasvar *sav,
9515 struct mbuf *m)
9516{
9517
9518
9519 if (!sav)
9520 panic("key_sa_recordxfer called with sav == NULL");
9521 if (!m)
9522 panic("key_sa_recordxfer called with m == NULL");
9523 if (!sav->lft_c)
9524 return;
9525
9526 lck_mtx_lock(sadb_mutex);
9527 /*
9528 * XXX Currently, there is a difference of bytes size
9529 * between inbound and outbound processing.
9530 */
9531 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
9532 /* to check bytes lifetime is done in key_timehandler(). */
9533
9534 /*
9535 * We use the number of packets as the unit of
9536 * sadb_lifetime_allocations. We increment the variable
9537 * whenever {esp,ah}_{in,out}put is called.
9538 */
9539 sav->lft_c->sadb_lifetime_allocations++;
9540 /* XXX check for expires? */
9541
9542 /*
9543 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
9544 * in seconds. HARD and SOFT lifetime are measured by the time
9545 * difference (again in seconds) from sadb_lifetime_usetime.
9546 *
9547 * usetime
9548 * v expire expire
9549 * -----+-----+--------+---> t
9550 * <--------------> HARD
9551 * <-----> SOFT
9552 */
9553 {
9554 struct timeval tv;
9555 microtime(&tv);
9556 sav->lft_c->sadb_lifetime_usetime = tv.tv_sec;
9557 /* XXX check for expires? */
9558 }
9559 lck_mtx_unlock(sadb_mutex);
9560
9561 return;
9562}
9563
9564/* dumb version */
9565void
9566key_sa_routechange(
9567 struct sockaddr *dst)
9568{
9569 struct secashead *sah;
9570 struct route *ro;
9571
9572 lck_mtx_lock(sadb_mutex);
9573 LIST_FOREACH(sah, &sahtree, chain) {
9574 ro = &sah->sa_route;
9575 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
9576 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
9577 ROUTE_RELEASE(ro);
9578 }
9579 }
9580 lck_mtx_unlock(sadb_mutex);
9581
9582 return;
9583}
9584
9585void
9586key_sa_chgstate(
9587 struct secasvar *sav,
9588 u_int8_t state)
9589{
9590
9591 if (sav == NULL)
9592 panic("key_sa_chgstate called with sav == NULL");
9593
9594 if (sav->state == state)
9595 return;
9596
9597 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
9598
9599 if (__LIST_CHAINED(sav))
9600 LIST_REMOVE(sav, chain);
9601
9602 sav->state = state;
9603 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
9604
9605}
9606
9607void
9608key_sa_stir_iv(
9609 struct secasvar *sav)
9610{
9611 lck_mtx_lock(sadb_mutex);
9612 if (!sav->iv)
9613 panic("key_sa_stir_iv called with sav == NULL");
9614 key_randomfill(sav->iv, sav->ivlen);
9615 lck_mtx_unlock(sadb_mutex);
9616}
9617
9618/* XXX too much? */
9619static struct mbuf *
9620key_alloc_mbuf(
9621 int l)
9622{
9623 struct mbuf *m = NULL, *n;
9624 int len, t;
9625
9626 len = l;
9627 while (len > 0) {
9628 MGET(n, M_DONTWAIT, MT_DATA);
9629 if (n && len > MLEN)
9630 MCLGET(n, M_DONTWAIT);
9631 if (!n) {
9632 m_freem(m);
9633 return NULL;
9634 }
9635
9636 n->m_next = NULL;
9637 n->m_len = 0;
9638 n->m_len = M_TRAILINGSPACE(n);
9639 /* use the bottom of mbuf, hoping we can prepend afterwards */
9640 if (n->m_len > len) {
9641 t = (n->m_len - len) & ~(sizeof(long) - 1);
9642 n->m_data += t;
9643 n->m_len = len;
9644 }
9645
9646 len -= n->m_len;
9647
9648 if (m)
9649 m_cat(m, n);
9650 else
9651 m = n;
9652 }
9653
9654 return m;
9655}
9656
9657static struct mbuf *
9658key_setdumpsastats (u_int32_t dir,
9659 struct sastat *stats,
9660 u_int32_t max_stats,
9661 u_int64_t session_ids[],
9662 u_int32_t seq,
9663 u_int32_t pid)
9664{
9665 struct mbuf *result = NULL, *m = NULL;
9666
9667 m = key_setsadbmsg(SADB_GETSASTAT, 0, 0, seq, pid, 0);
9668 if (!m) {
9669 goto fail;
9670 }
9671 result = m;
9672
9673 m = key_setsadbsession_id(session_ids);
9674 if (!m) {
9675 goto fail;
9676 }
9677 m_cat(result, m);
9678
9679 m = key_setsadbsastat(dir,
9680 stats,
9681 max_stats);
9682 if (!m) {
9683 goto fail;
9684 }
9685 m_cat(result, m);
9686
9687 if ((result->m_flags & M_PKTHDR) == 0) {
9688 goto fail;
9689 }
9690
9691 if (result->m_len < sizeof(struct sadb_msg)) {
9692 result = m_pullup(result, sizeof(struct sadb_msg));
9693 if (result == NULL) {
9694 goto fail;
9695 }
9696 }
9697
9698 result->m_pkthdr.len = 0;
9699 for (m = result; m; m = m->m_next) {
9700 result->m_pkthdr.len += m->m_len;
9701 }
9702
9703 mtod(result, struct sadb_msg *)->sadb_msg_len =
9704 PFKEY_UNIT64(result->m_pkthdr.len);
9705
9706 return result;
9707
9708fail:
9709 if (result) {
9710 m_freem(result);
9711 }
9712 return NULL;
9713}
9714
9715/*
9716 * SADB_GETSASTAT processing
9717 * dump all stats for matching entries in SAD.
9718 *
9719 * m will always be freed.
9720 */
9721
9722static int
9723key_getsastat (struct socket *so,
9724 struct mbuf *m,
9725 const struct sadb_msghdr *mhp)
9726{
9727 struct sadb_session_id *session_id;
9728 u_int32_t bufsize, arg_count, res_count;
9729 struct sadb_sastat *sa_stats_arg;
9730 struct sastat *sa_stats_sav = NULL;
9731 struct mbuf *n;
9732 int error = 0;
9733
9734 /* sanity check */
9735 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
9736 panic("%s: NULL pointer is passed.\n", __FUNCTION__);
9737
9738 if (mhp->ext[SADB_EXT_SESSION_ID] == NULL) {
9739 printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__);
9740 return key_senderror(so, m, EINVAL);
9741 }
9742 if (mhp->extlen[SADB_EXT_SESSION_ID] < sizeof(struct sadb_session_id)) {
9743 printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__);
9744 return key_senderror(so, m, EINVAL);
9745 }
9746 if (mhp->ext[SADB_EXT_SASTAT] == NULL) {
9747 printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__);
9748 return key_senderror(so, m, EINVAL);
9749 }
9750 if (mhp->extlen[SADB_EXT_SASTAT] < sizeof(*sa_stats_arg)) {
9751 printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__);
9752 return key_senderror(so, m, EINVAL);
9753 }
9754
9755 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9756
9757 // exit early if there are no active SAs
9758 if (ipsec_sav_count <= 0) {
9759 printf("%s: No active SAs.\n", __FUNCTION__);
9760 error = ENOENT;
9761 goto end;
9762 }
9763 bufsize = (ipsec_sav_count + 1) * sizeof(*sa_stats_sav);
9764
9765 KMALLOC_WAIT(sa_stats_sav, __typeof__(sa_stats_sav), bufsize);
9766 if (sa_stats_sav == NULL) {
9767 printf("%s: No more memory.\n", __FUNCTION__);
9768 error = ENOMEM;
9769 goto end;
9770 }
9771 bzero(sa_stats_sav, bufsize);
9772
9773 sa_stats_arg = (__typeof__(sa_stats_arg))
9774 (void *)mhp->ext[SADB_EXT_SASTAT];
9775 arg_count = sa_stats_arg->sadb_sastat_list_len;
9776 // exit early if there are no requested SAs
9777 if (arg_count == 0) {
9778 printf("%s: No SAs requested.\n", __FUNCTION__);
9779 error = ENOENT;
9780 goto end;
9781 }
9782 res_count = 0;
9783
9784 if (key_getsastatbyspi((struct sastat *)(sa_stats_arg + 1),
9785 arg_count,
9786 sa_stats_sav,
9787 &res_count)) {
9788 printf("%s: Error finding SAs.\n", __FUNCTION__);
9789 error = ENOENT;
9790 goto end;
9791 }
9792 if (!res_count) {
9793 printf("%s: No SAs found.\n", __FUNCTION__);
9794 error = ENOENT;
9795 goto end;
9796 }
9797
9798 session_id = (__typeof__(session_id))
9799 (void *)mhp->ext[SADB_EXT_SESSION_ID];
9800
9801 /* send this to the userland. */
9802 n = key_setdumpsastats(sa_stats_arg->sadb_sastat_dir,
9803 sa_stats_sav,
9804 res_count,
9805 session_id->sadb_session_id_v,
9806 mhp->msg->sadb_msg_seq,
9807 mhp->msg->sadb_msg_pid);
9808 if (!n) {
9809 printf("%s: No bufs to dump stats.\n", __FUNCTION__);
9810 error = ENOBUFS;
9811 goto end;
9812 }
9813
9814 key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
9815end:
9816 if (sa_stats_sav) {
9817 KFREE(sa_stats_sav);
9818 }
9819
9820 if (error)
9821 return key_senderror(so, m, error);
9822
9823 m_freem(m);
9824 return 0;
9825}
9826
9827static void
9828key_update_natt_keepalive_timestamp (struct secasvar *sav_sent,
9829 struct secasvar *sav_update)
9830{
9831 struct secasindex saidx_swap_sent_addr;
9832
9833 // exit early if two SAs are identical, or if sav_update is current
9834 if (sav_sent == sav_update ||
9835 sav_update->natt_last_activity == natt_now) {
9836 return;
9837 }
9838
9839 // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
9840
9841 bzero(&saidx_swap_sent_addr, sizeof(saidx_swap_sent_addr));
9842 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src));
9843 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst));
9844 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto;
9845 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode;
9846 // we ignore reqid for split-tunnel setups
9847
9848 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) ||
9849 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) {
9850 sav_update->natt_last_activity = natt_now;
9851 }
9852}
9853
9854static int
9855key_send_delsp (struct secpolicy *sp)
9856{
9857 struct mbuf *result = NULL, *m;
9858
9859 if (sp == NULL)
9860 goto fail;
9861
9862 /* set msg header */
9863 m = key_setsadbmsg(SADB_X_SPDDELETE, 0, 0, 0, 0, 0);
9864 if (!m) {
9865 goto fail;
9866 }
9867 result = m;
9868
9869 /* set sadb_address(es) for source */
9870 if (sp->spidx.src_range.start.ss_len > 0) {
9871 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
9872 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
9873 sp->spidx.ul_proto);
9874 if (!m)
9875 goto fail;
9876 m_cat(result, m);
9877
9878 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
9879 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
9880 sp->spidx.ul_proto);
9881 if (!m)
9882 goto fail;
9883 m_cat(result, m);
9884 } else {
9885 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
9886 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
9887 sp->spidx.ul_proto);
9888 if (!m)
9889 goto fail;
9890 m_cat(result, m);
9891 }
9892
9893 /* set sadb_address(es) for destination */
9894 if (sp->spidx.dst_range.start.ss_len > 0) {
9895 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
9896 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
9897 sp->spidx.ul_proto);
9898 if (!m)
9899 goto fail;
9900 m_cat(result, m);
9901
9902 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
9903 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
9904 sp->spidx.ul_proto);
9905 if (!m)
9906 goto fail;
9907 m_cat(result, m);
9908 } else {
9909 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
9910 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
9911 sp->spidx.ul_proto);
9912 if (!m)
9913 goto fail;
9914 m_cat(result, m);
9915 }
9916
9917 /* set secpolicy */
9918 m = key_sp2msg(sp);
9919 if (!m) {
9920 goto fail;
9921 }
9922 m_cat(result, m);
9923
9924 if ((result->m_flags & M_PKTHDR) == 0) {
9925 goto fail;
9926 }
9927
9928 if (result->m_len < sizeof(struct sadb_msg)) {
9929 result = m_pullup(result, sizeof(struct sadb_msg));
9930 if (result == NULL) {
9931 goto fail;
9932 }
9933 }
9934
9935 result->m_pkthdr.len = 0;
9936 for (m = result; m; m = m->m_next)
9937 result->m_pkthdr.len += m->m_len;
9938
9939 mtod(result, struct sadb_msg *)->sadb_msg_len = PFKEY_UNIT64(result->m_pkthdr.len);
9940
9941 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
9942
9943fail:
9944 if (result)
9945 m_free(result);
9946 return -1;
9947}
9948
9949void
9950key_delsp_for_ipsec_if (ifnet_t ipsec_if)
9951{
9952 struct secashead *sah;
9953 struct secasvar *sav, *nextsav;
9954 u_int stateidx;
9955 u_int state;
9956 struct secpolicy *sp, *nextsp;
9957 int dir;
9958
9959 if (ipsec_if == NULL)
9960 return;
9961
9962 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9963
9964 lck_mtx_lock(sadb_mutex);
9965
9966 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
9967 for (sp = LIST_FIRST(&sptree[dir]);
9968 sp != NULL;
9969 sp = nextsp) {
9970
9971 nextsp = LIST_NEXT(sp, chain);
9972
9973 if (sp->ipsec_if == ipsec_if) {
9974 ifnet_release(sp->ipsec_if);
9975 sp->ipsec_if = NULL;
9976
9977 key_send_delsp(sp);
9978
9979 sp->state = IPSEC_SPSTATE_DEAD;
9980 key_freesp(sp, KEY_SADB_LOCKED);
9981 }
9982 }
9983 }
9984
9985 LIST_FOREACH(sah, &sahtree, chain) {
9986 if (sah->ipsec_if == ipsec_if) {
9987 /* This SAH is linked to the IPSec interface. It now needs to close. */
9988 ifnet_release(sah->ipsec_if);
9989 sah->ipsec_if = NULL;
9990
9991 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
9992 state = saorder_state_any[stateidx];
9993 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
9994 nextsav = LIST_NEXT(sav, chain);
9995
9996 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
9997 key_freesav(sav, KEY_SADB_LOCKED);
9998 }
9999 }
10000
10001 sah->state = SADB_SASTATE_DEAD;
10002 }
10003 }
10004
10005 lck_mtx_unlock(sadb_mutex);
10006}
10007
10008__private_extern__ u_int32_t
10009key_fill_offload_frames_for_savs (ifnet_t ifp,
10010 struct ipsec_offload_frame *frames_array,
10011 u_int32_t frames_array_count,
10012 size_t frame_data_offset)
10013{
10014 struct secashead *sah = NULL;
10015 struct secasvar *sav = NULL;
10016 struct ipsec_offload_frame *frame = frames_array;
10017 u_int32_t frame_index = 0;
10018
10019 if (frame == NULL || frames_array_count == 0) {
10020 return (frame_index);
10021 }
10022
10023 lck_mtx_lock(sadb_mutex);
10024 LIST_FOREACH(sah, &sahtree, chain) {
10025 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) {
10026 if (ipsec_fill_offload_frame(ifp, sav, frame, frame_data_offset)) {
10027 frame_index++;
10028 if (frame_index >= frames_array_count) {
10029 lck_mtx_unlock(sadb_mutex);
10030 return (frame_index);
10031 }
10032 frame = &(frames_array[frame_index]);
10033 }
10034 }
10035 }
10036 lck_mtx_unlock(sadb_mutex);
10037
10038 return (frame_index);
10039}
mirror of XNU