2 * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 /* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
30 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62 * This code is referd to RFC 2367
65 #include <machine/endian.h>
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/systm.h>
69 #include <sys/kernel.h>
71 #include <sys/domain.h>
72 #include <sys/protosw.h>
73 #include <sys/malloc.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/sysctl.h>
77 #include <sys/errno.h>
79 #include <sys/queue.h>
80 #include <sys/syslog.h>
81 #include <sys/mcache.h>
83 #include <kern/locks.h>
86 #include <net/route.h>
87 #include <net/raw_cb.h>
89 #include <netinet/in.h>
90 #include <netinet/in_systm.h>
91 #include <netinet/ip.h>
92 #include <netinet/in_var.h>
95 #include <netinet/ip6.h>
96 #include <netinet6/in6_var.h>
97 #include <netinet6/ip6_var.h>
100 #include <net/pfkeyv2.h>
101 #include <netkey/keydb.h>
102 #include <netkey/key.h>
103 #include <netkey/keysock.h>
104 #include <netkey/key_debug.h>
106 #include <libkern/crypto/rand.h>
108 #include <netinet6/ipsec.h>
110 #include <netinet6/ipsec6.h>
112 #include <netinet6/ah.h>
114 #include <netinet6/ah6.h>
117 #include <netinet6/esp.h>
119 #include <netinet6/esp6.h>
122 #include <netinet6/ipcomp.h>
124 #include <netinet6/ipcomp6.h>
129 #include <sys/random.h>
131 #include <net/net_osdep.h>
133 #define FULLMASK 0xff
135 lck_grp_t
*sadb_mutex_grp
;
136 lck_grp_attr_t
*sadb_mutex_grp_attr
;
137 lck_attr_t
*sadb_mutex_attr
;
138 decl_lck_mtx_data(, sadb_mutex_data
);
139 lck_mtx_t
*sadb_mutex
= &sadb_mutex_data
;
141 lck_grp_t
*pfkey_stat_mutex_grp
;
142 lck_grp_attr_t
*pfkey_stat_mutex_grp_attr
;
143 lck_attr_t
*pfkey_stat_mutex_attr
;
144 decl_lck_mtx_data(, pfkey_stat_mutex_data
);
145 lck_mtx_t
*pfkey_stat_mutex
= &pfkey_stat_mutex_data
;
148 * Note on SA reference counting:
149 * - SAs that are not in DEAD state will have (total external reference + 1)
150 * following value in reference count field. they cannot be freed and are
151 * referenced from SA header.
152 * - SAs that are in DEAD state will have (total external reference)
153 * in reference count field. they are ready to be freed. reference from
154 * SA header will be removed in key_delsav(), when the reference count
155 * field hits 0 (= no external reference other than from SA header.
158 u_int32_t key_debug_level
= 0; //### our sysctl is not dynamic
159 static int key_timehandler_running
= 0;
160 static u_int key_spi_trycnt
= 1000;
161 static u_int32_t key_spi_minval
= 0x100;
162 static u_int32_t key_spi_maxval
= 0x0fffffff; /* XXX */
163 static u_int32_t policy_id
= 0;
164 static u_int key_int_random
= 60; /*interval to initialize randseed,1(m)*/
165 static u_int key_larval_lifetime
= 30; /* interval to expire acquiring, 30(s)*/
166 static int key_blockacq_count
= 10; /* counter for blocking SADB_ACQUIRE.*/
167 static int key_blockacq_lifetime
= 20; /* lifetime for blocking SADB_ACQUIRE.*/
168 static int key_preferred_oldsa
= 0; /* preferred old sa rather than new sa.*/
169 __private_extern__
int natt_keepalive_interval
= 20; /* interval between natt keepalives.*/
170 __private_extern__
int ipsec_policy_count
= 0;
171 static int ipsec_sav_count
= 0;
173 static u_int32_t acq_seq
= 0;
174 static int key_tick_init_random
= 0;
175 static u_int64_t up_time
= 0;
176 __private_extern__ u_int64_t natt_now
= 0;
178 static LIST_HEAD(_sptree
, secpolicy
) sptree
[IPSEC_DIR_MAX
]; /* SPD */
179 static LIST_HEAD(_sahtree
, secashead
) sahtree
; /* SAD */
180 static LIST_HEAD(_regtree
, secreg
) regtree
[SADB_SATYPE_MAX
+ 1];
183 #define SPIHASHSIZE 128
184 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
185 static LIST_HEAD(_spihash
, secasvar
) spihash
[SPIHASHSIZE
];
187 #ifndef IPSEC_NONBLOCK_ACQUIRE
188 static LIST_HEAD(_acqtree
, secacq
) acqtree
; /* acquiring list */
190 static LIST_HEAD(_spacqtree
, secspacq
) spacqtree
; /* SP acquiring list */
192 struct key_cb key_cb
;
194 /* search order for SAs */
195 static const u_int saorder_state_valid_prefer_old
[] = {
196 SADB_SASTATE_DYING
, SADB_SASTATE_MATURE
,
198 static const u_int saorder_state_valid_prefer_new
[] = {
199 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
201 static const u_int saorder_state_alive
[] = {
203 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
, SADB_SASTATE_LARVAL
205 static const u_int saorder_state_any
[] = {
206 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
207 SADB_SASTATE_LARVAL
, SADB_SASTATE_DEAD
210 static const int minsize
[] = {
211 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
212 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
213 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
214 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
215 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
216 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_SRC */
217 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_DST */
218 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_PROXY */
219 sizeof(struct sadb_key
), /* SADB_EXT_KEY_AUTH */
220 sizeof(struct sadb_key
), /* SADB_EXT_KEY_ENCRYPT */
221 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_SRC */
222 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_DST */
223 sizeof(struct sadb_sens
), /* SADB_EXT_SENSITIVITY */
224 sizeof(struct sadb_prop
), /* SADB_EXT_PROPOSAL */
225 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_AUTH */
226 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_ENCRYPT */
227 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
228 0, /* SADB_X_EXT_KMPRIVATE */
229 sizeof(struct sadb_x_policy
), /* SADB_X_EXT_POLICY */
230 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
231 sizeof(struct sadb_session_id
), /* SADB_EXT_SESSION_ID */
232 sizeof(struct sadb_sastat
), /* SADB_EXT_SASTAT */
233 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_IPSECIF */
234 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_SRC_START */
235 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_SRC_END */
236 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_DST_START */
237 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_DST_END */
238 sizeof(struct sadb_address
), /* SADB_EXT_MIGRATE_ADDRESS_SRC */
239 sizeof(struct sadb_address
), /* SADB_EXT_MIGRATE_ADDRESS_DST */
240 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_MIGRATE_IPSECIF */
242 static const int maxsize
[] = {
243 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
244 sizeof(struct sadb_sa_2
), /* SADB_EXT_SA */
245 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
246 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
247 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
248 0, /* SADB_EXT_ADDRESS_SRC */
249 0, /* SADB_EXT_ADDRESS_DST */
250 0, /* SADB_EXT_ADDRESS_PROXY */
251 0, /* SADB_EXT_KEY_AUTH */
252 0, /* SADB_EXT_KEY_ENCRYPT */
253 0, /* SADB_EXT_IDENTITY_SRC */
254 0, /* SADB_EXT_IDENTITY_DST */
255 0, /* SADB_EXT_SENSITIVITY */
256 0, /* SADB_EXT_PROPOSAL */
257 0, /* SADB_EXT_SUPPORTED_AUTH */
258 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
259 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
260 0, /* SADB_X_EXT_KMPRIVATE */
261 0, /* SADB_X_EXT_POLICY */
262 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
263 0, /* SADB_EXT_SESSION_ID */
264 0, /* SADB_EXT_SASTAT */
265 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_IPSECIF */
266 0, /* SADB_X_EXT_ADDR_RANGE_SRC_START */
267 0, /* SADB_X_EXT_ADDR_RANGE_SRC_END */
268 0, /* SADB_X_EXT_ADDR_RANGE_DST_START */
269 0, /* SADB_X_EXT_ADDR_RANGE_DST_END */
270 0, /* SADB_EXT_MIGRATE_ADDRESS_SRC */
271 0, /* SADB_EXT_MIGRATE_ADDRESS_DST */
272 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_MIGRATE_IPSECIF */
275 static int ipsec_esp_keymin
= 256;
276 static int ipsec_esp_auth
= 0;
277 static int ipsec_ah_keymin
= 128;
279 SYSCTL_DECL(_net_key
);
280 /* Thread safe: no accumulated state */
281 SYSCTL_INT(_net_key
, KEYCTL_DEBUG_LEVEL
, debug
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
282 &key_debug_level
, 0, "");
285 /* max count of trial for the decision of spi value */
286 SYSCTL_INT(_net_key
, KEYCTL_SPI_TRY
, spi_trycnt
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
287 &key_spi_trycnt
, 0, "");
289 /* minimum spi value to allocate automatically. */
290 SYSCTL_INT(_net_key
, KEYCTL_SPI_MIN_VALUE
, spi_minval
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
291 &key_spi_minval
, 0, "");
293 /* maximun spi value to allocate automatically. */
294 SYSCTL_INT(_net_key
, KEYCTL_SPI_MAX_VALUE
, spi_maxval
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
295 &key_spi_maxval
, 0, "");
297 /* interval to initialize randseed */
298 SYSCTL_INT(_net_key
, KEYCTL_RANDOM_INT
, int_random
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
299 &key_int_random
, 0, "");
301 /* lifetime for larval SA; thread safe due to > compare */
302 SYSCTL_INT(_net_key
, KEYCTL_LARVAL_LIFETIME
, larval_lifetime
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
303 &key_larval_lifetime
, 0, "");
305 /* counter for blocking to send SADB_ACQUIRE to IKEd */
306 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_COUNT
, blockacq_count
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
307 &key_blockacq_count
, 0, "");
309 /* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
310 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_LIFETIME
, blockacq_lifetime
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
311 &key_blockacq_lifetime
, 0, "");
314 SYSCTL_INT(_net_key
, KEYCTL_ESP_AUTH
, esp_auth
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
315 &ipsec_esp_auth
, 0, "");
317 /* minimum ESP key length */
318 SYSCTL_INT(_net_key
, KEYCTL_ESP_KEYMIN
, esp_keymin
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
319 &ipsec_esp_keymin
, 0, "");
321 /* minimum AH key length */
322 SYSCTL_INT(_net_key
, KEYCTL_AH_KEYMIN
, ah_keymin
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
323 &ipsec_ah_keymin
, 0, "");
325 /* perfered old SA rather than new SA */
326 SYSCTL_INT(_net_key
, KEYCTL_PREFERED_OLDSA
, prefered_oldsa
, CTLFLAG_RW
| CTLFLAG_LOCKED
,\
327 &key_preferred_oldsa
, 0, "");
329 /* time between NATT keepalives in seconds, 0 disabled */
330 SYSCTL_INT(_net_key
, KEYCTL_NATT_KEEPALIVE_INTERVAL
, natt_keepalive_interval
, CTLFLAG_RW
| CTLFLAG_LOCKED
,\
331 &natt_keepalive_interval
, 0, "");
333 /* PF_KEY statistics */
334 SYSCTL_STRUCT(_net_key
, KEYCTL_PFKEYSTAT
, pfkeystat
, CTLFLAG_RD
| CTLFLAG_LOCKED
,\
335 &pfkeystat
, pfkeystat
, "");
338 #define LIST_FOREACH(elm, head, field) \
339 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
341 #define __LIST_CHAINED(elm) \
342 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
343 #define LIST_INSERT_TAIL(head, elm, type, field) \
345 struct type *curelm = LIST_FIRST(head); \
346 if (curelm == NULL) {\
347 LIST_INSERT_HEAD(head, elm, field); \
349 while (LIST_NEXT(curelm, field)) \
350 curelm = LIST_NEXT(curelm, field);\
351 LIST_INSERT_AFTER(curelm, elm, field);\
355 #define KEY_CHKSASTATE(head, sav, name) \
357 if ((head) != (sav)) { \
358 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
359 (name), (head), (sav))); \
364 #define KEY_CHKSPDIR(head, sp, name) \
366 if ((head) != (sp)) { \
367 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
368 "anyway continue.\n", \
369 (name), (head), (sp))); \
374 #define KMALLOC_WAIT(p, t, n) \
375 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
376 #define KMALLOC_NOWAIT(p, t, n) \
377 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
379 _FREE((caddr_t)(p), M_SECA);
381 #define KMALLOC_WAIT(p, t, n) \
383 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
384 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
385 __FILE__, __LINE__, (p), #t, n); \
387 #define KMALLOC_NOWAIT(p, t, n) \
389 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
390 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
391 __FILE__, __LINE__, (p), #t, n); \
396 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
397 _FREE((caddr_t)(p), M_SECA); \
402 * set parameters into secpolicyindex buffer.
403 * Must allocate secpolicyindex buffer passed to this function.
405 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, ifp, s_s, s_e, d_s, d_e, idx) \
407 bzero((idx), sizeof(struct secpolicyindex)); \
408 (idx)->dir = (_dir); \
409 (idx)->prefs = (ps); \
410 (idx)->prefd = (pd); \
411 (idx)->ul_proto = (ulp); \
412 (idx)->internal_if = (ifp); \
413 if (s) bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
414 if (d) bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
415 if (s_s) bcopy((s_s), &(idx)->src_range.start, ((struct sockaddr *)(s_s))->sa_len); \
416 if (s_e) bcopy((s_e), &(idx)->src_range.end, ((struct sockaddr *)(s_e))->sa_len); \
417 if (d_s) bcopy((d_s), &(idx)->dst_range.start, ((struct sockaddr *)(d_s))->sa_len); \
418 if (d_e) bcopy((d_e), &(idx)->dst_range.end, ((struct sockaddr *)(d_e))->sa_len); \
422 * set parameters into secasindex buffer.
423 * Must allocate secasindex buffer before calling this function.
425 #define KEY_SETSECASIDX(p, m, r, s, d, ifi, idx) \
427 bzero((idx), sizeof(struct secasindex)); \
428 (idx)->proto = (p); \
430 (idx)->reqid = (r); \
431 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
432 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
433 (idx)->ipsec_ifindex = (ifi); \
438 u_int32_t getspi_count
; /* the avarage of count to try to get new SPI */
442 struct sadb_msg
*msg
;
443 struct sadb_ext
*ext
[SADB_EXT_MAX
+ 1];
444 int extoff
[SADB_EXT_MAX
+ 1];
445 int extlen
[SADB_EXT_MAX
+ 1];
448 static struct secpolicy
*__key_getspbyid(u_int32_t id
);
449 static struct secasvar
*key_do_allocsa_policy(struct secashead
*, u_int
, u_int16_t
);
450 static int key_do_get_translated_port(struct secashead
*, struct secasvar
*, u_int
);
451 static void key_delsp(struct secpolicy
*);
452 static struct secpolicy
*key_getsp(struct secpolicyindex
*);
453 static u_int32_t
key_newreqid(void);
454 static struct mbuf
*key_gather_mbuf(struct mbuf
*,
455 const struct sadb_msghdr
*, int, int, int *);
456 static int key_spdadd(struct socket
*, struct mbuf
*,
457 const struct sadb_msghdr
*);
458 static u_int32_t
key_getnewspid(void);
459 static int key_spddelete(struct socket
*, struct mbuf
*,
460 const struct sadb_msghdr
*);
461 static int key_spddelete2(struct socket
*, struct mbuf
*,
462 const struct sadb_msghdr
*);
463 static int key_spdenable(struct socket
*, struct mbuf
*,
464 const struct sadb_msghdr
*);
465 static int key_spddisable(struct socket
*, struct mbuf
*,
466 const struct sadb_msghdr
*);
467 static int key_spdget(struct socket
*, struct mbuf
*,
468 const struct sadb_msghdr
*);
469 static int key_spdflush(struct socket
*, struct mbuf
*,
470 const struct sadb_msghdr
*);
471 static int key_spddump(struct socket
*, struct mbuf
*,
472 const struct sadb_msghdr
*);
473 static struct mbuf
*key_setdumpsp(struct secpolicy
*,
474 u_int8_t
, u_int32_t
, u_int32_t
);
475 static u_int
key_getspreqmsglen(struct secpolicy
*);
476 static int key_spdexpire(struct secpolicy
*);
477 static struct secashead
*key_newsah(struct secasindex
*, ifnet_t
, u_int
, u_int8_t
);
478 static struct secasvar
*key_newsav(struct mbuf
*,
479 const struct sadb_msghdr
*, struct secashead
*, int *,
481 static struct secashead
*key_getsah(struct secasindex
*);
482 static struct secasvar
*key_checkspidup(struct secasindex
*, u_int32_t
);
483 static void key_setspi
__P((struct secasvar
*, u_int32_t
));
484 static struct secasvar
*key_getsavbyspi(struct secashead
*, u_int32_t
);
485 static int key_setsaval(struct secasvar
*, struct mbuf
*,
486 const struct sadb_msghdr
*);
487 static int key_mature(struct secasvar
*);
488 static struct mbuf
*key_setdumpsa(struct secasvar
*, u_int8_t
,
489 u_int8_t
, u_int32_t
, u_int32_t
);
490 static struct mbuf
*key_setsadbmsg(u_int8_t
, u_int16_t
, u_int8_t
,
491 u_int32_t
, pid_t
, u_int16_t
);
492 static struct mbuf
*key_setsadbsa(struct secasvar
*);
493 static struct mbuf
*key_setsadbaddr(u_int16_t
,
494 struct sockaddr
*, u_int8_t
, u_int16_t
);
495 static struct mbuf
*key_setsadbipsecif(ifnet_t
, ifnet_t
, ifnet_t
, int);
497 static struct mbuf
*key_setsadbident(u_int16_t
, u_int16_t
, caddr_t
,
500 static struct mbuf
*key_setsadbxsa2(u_int8_t
, u_int32_t
, u_int32_t
, u_int16_t
);
501 static struct mbuf
*key_setsadbxpolicy(u_int16_t
, u_int8_t
,
503 static void *key_newbuf(const void *, u_int
);
505 static int key_ismyaddr6(struct sockaddr_in6
*);
507 static void key_update_natt_keepalive_timestamp(struct secasvar
*, struct secasvar
*);
509 /* flags for key_cmpsaidx() */
510 #define CMP_HEAD 0x1 /* protocol, addresses. */
511 #define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
512 #define CMP_REQID 0x4 /* additionally HEAD, reqid. */
513 #define CMP_MODE 0x8 /* additionally mode. */
514 #define CMP_EXACTLY 0xF /* all elements. */
515 static int key_cmpsaidx(struct secasindex
*, struct secasindex
*, int);
517 static int key_cmpspidx_exactly(struct secpolicyindex
*,
518 struct secpolicyindex
*);
519 static int key_cmpspidx_withmask(struct secpolicyindex
*,
520 struct secpolicyindex
*);
521 static int key_sockaddrcmp(struct sockaddr
*, struct sockaddr
*, int);
522 static int key_is_addr_in_range(struct sockaddr_storage
*, struct secpolicyaddrrange
*);
523 static int key_bbcmp(caddr_t
, caddr_t
, u_int
);
524 static void key_srandom(void);
525 static u_int16_t
key_satype2proto(u_int8_t
);
526 static u_int8_t
key_proto2satype(u_int16_t
);
528 static int key_getspi(struct socket
*, struct mbuf
*,
529 const struct sadb_msghdr
*);
530 static u_int32_t
key_do_getnewspi(struct sadb_spirange
*, struct secasindex
*);
531 static int key_update(struct socket
*, struct mbuf
*,
532 const struct sadb_msghdr
*);
534 static struct secasvar
*key_getsavbyseq(struct secashead
*, u_int32_t
);
536 static int key_add(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
537 static int key_setident(struct secashead
*, struct mbuf
*,
538 const struct sadb_msghdr
*);
539 static struct mbuf
*key_getmsgbuf_x1(struct mbuf
*, const struct sadb_msghdr
*);
540 static int key_delete(struct socket
*, struct mbuf
*,
541 const struct sadb_msghdr
*);
542 static int key_get(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
544 static void key_getcomb_setlifetime(struct sadb_comb
*);
546 static struct mbuf
*key_getcomb_esp(void);
548 static struct mbuf
*key_getcomb_ah(void);
549 static struct mbuf
*key_getcomb_ipcomp(void);
550 static struct mbuf
*key_getprop(const struct secasindex
*);
552 static int key_acquire(struct secasindex
*, struct secpolicy
*);
553 #ifndef IPSEC_NONBLOCK_ACQUIRE
554 static struct secacq
*key_newacq(struct secasindex
*);
555 static struct secacq
*key_getacq(struct secasindex
*);
556 static struct secacq
*key_getacqbyseq(u_int32_t
);
558 static struct secspacq
*key_newspacq(struct secpolicyindex
*);
559 static struct secspacq
*key_getspacq(struct secpolicyindex
*);
560 static int key_acquire2(struct socket
*, struct mbuf
*,
561 const struct sadb_msghdr
*);
562 static int key_register(struct socket
*, struct mbuf
*,
563 const struct sadb_msghdr
*);
564 static int key_expire(struct secasvar
*);
565 static int key_flush(struct socket
*, struct mbuf
*,
566 const struct sadb_msghdr
*);
567 static int key_dump(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
568 static int key_promisc(struct socket
*, struct mbuf
*,
569 const struct sadb_msghdr
*);
570 static int key_senderror(struct socket
*, struct mbuf
*, int);
571 static int key_validate_ext(const struct sadb_ext
*, int);
572 static int key_align(struct mbuf
*, struct sadb_msghdr
*);
573 static struct mbuf
*key_alloc_mbuf(int);
574 static int key_getsastat (struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
575 static int key_migrate (struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
576 static int key_setsaval2(struct secasvar
*sav
,
582 struct sadb_key
*key_auth
,
583 u_int16_t key_auth_len
,
584 struct sadb_key
*key_enc
,
585 u_int16_t key_enc_len
,
590 struct sadb_lifetime
*lifetime_hard
,
591 struct sadb_lifetime
*lifetime_soft
);
592 static void bzero_keys(const struct sadb_msghdr
*);
594 extern int ipsec_bypass
;
595 extern int esp_udp_encap_port
;
596 int ipsec_send_natt_keepalive(struct secasvar
*sav
);
597 bool ipsec_fill_offload_frame(ifnet_t ifp
, struct secasvar
*sav
, struct ifnet_keepalive_offload_frame
*frame
, size_t frame_data_offset
);
599 void key_init(struct protosw
*, struct domain
*);
603 * setup locks, call raw_init(), and then init timer and associated data
607 key_init(struct protosw
*pp
, struct domain
*dp
)
609 static int key_initialized
= 0;
612 VERIFY((pp
->pr_flags
& (PR_INITIALIZED
|PR_ATTACHED
)) == PR_ATTACHED
);
614 _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg
)) <= _MHLEN
);
620 sadb_mutex_grp_attr
= lck_grp_attr_alloc_init();
621 sadb_mutex_grp
= lck_grp_alloc_init("sadb", sadb_mutex_grp_attr
);
622 sadb_mutex_attr
= lck_attr_alloc_init();
624 lck_mtx_init(sadb_mutex
, sadb_mutex_grp
, sadb_mutex_attr
);
626 pfkey_stat_mutex_grp_attr
= lck_grp_attr_alloc_init();
627 pfkey_stat_mutex_grp
= lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr
);
628 pfkey_stat_mutex_attr
= lck_attr_alloc_init();
630 lck_mtx_init(pfkey_stat_mutex
, pfkey_stat_mutex_grp
, pfkey_stat_mutex_attr
);
632 for (i
= 0; i
< SPIHASHSIZE
; i
++)
633 LIST_INIT(&spihash
[i
]);
637 bzero((caddr_t
)&key_cb
, sizeof(key_cb
));
639 for (i
= 0; i
< IPSEC_DIR_MAX
; i
++) {
640 LIST_INIT(&sptree
[i
]);
642 ipsec_policy_count
= 0;
646 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
647 LIST_INIT(®tree
[i
]);
651 #ifndef IPSEC_NONBLOCK_ACQUIRE
654 LIST_INIT(&spacqtree
);
658 ip4_def_policy
.policy
= IPSEC_POLICY_NONE
;
659 ip4_def_policy
.refcnt
++; /*never reclaim this*/
662 ip6_def_policy
.policy
= IPSEC_POLICY_NONE
;
663 ip6_def_policy
.refcnt
++; /*never reclaim this*/
666 key_timehandler_running
= 0;
668 /* initialize key statistics */
669 keystat
.getspi_count
= 1;
672 printf("IPsec: Initialized Security Association Processing.\n");
677 key_start_timehandler(void)
679 /* must be called while locked */
680 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
681 if (key_timehandler_running
== 0) {
682 key_timehandler_running
= 1;
683 (void)timeout((void *)key_timehandler
, (void *)0, hz
);
686 /* Turn off the ipsec bypass */
687 if (ipsec_bypass
!= 0)
691 /* %%% IPsec policy management */
693 * allocating a SP for OUTBOUND or INBOUND packet.
694 * Must call key_freesp() later.
695 * OUT: NULL: not found
696 * others: found and return the pointer.
700 struct secpolicyindex
*spidx
,
703 struct secpolicy
*sp
;
706 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
709 panic("key_allocsp: NULL pointer is passed.\n");
711 /* check direction */
713 case IPSEC_DIR_INBOUND
:
714 case IPSEC_DIR_OUTBOUND
:
717 panic("key_allocsp: Invalid direction is passed.\n");
721 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
722 printf("*** objects\n");
723 kdebug_secpolicyindex(spidx
));
725 lck_mtx_lock(sadb_mutex
);
726 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
727 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
728 printf("*** in SPD\n");
729 kdebug_secpolicyindex(&sp
->spidx
));
731 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
734 /* If the policy is disabled, skip */
735 if (sp
->disabled
> 0)
738 /* If the incoming spidx specifies bound if,
739 ignore unbound policies*/
740 if (spidx
->internal_if
!= NULL
741 && (sp
->spidx
.internal_if
== NULL
|| sp
->ipsec_if
== NULL
))
744 if (key_cmpspidx_withmask(&sp
->spidx
, spidx
))
747 lck_mtx_unlock(sadb_mutex
);
752 /* found a SPD entry */
754 sp
->lastused
= tv
.tv_sec
;
756 lck_mtx_unlock(sadb_mutex
);
759 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp");
760 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
761 printf("DP key_allocsp cause refcnt++:%d SP:0x%llx\n",
762 sp
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sp
)));
767 * return a policy that matches this particular inbound packet.
772 struct sockaddr
*osrc
,
773 struct sockaddr
*odst
,
774 struct sockaddr
*isrc
,
775 struct sockaddr
*idst
)
777 struct secpolicy
*sp
;
778 const int dir
= IPSEC_DIR_INBOUND
;
780 struct ipsecrequest
*r1
, *r2
, *p
;
781 struct sockaddr
*os
, *od
, *is
, *id
;
782 struct secpolicyindex spidx
;
784 if (isrc
->sa_family
!= idst
->sa_family
) {
785 ipseclog((LOG_ERR
, "protocol family mismatched %d != %d\n.",
786 isrc
->sa_family
, idst
->sa_family
));
790 lck_mtx_lock(sadb_mutex
);
791 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
792 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
796 for (p
= sp
->req
; p
; p
= p
->next
) {
797 if (p
->saidx
.mode
!= IPSEC_MODE_TUNNEL
)
804 /* here we look at address matches only */
806 if (isrc
->sa_len
> sizeof(spidx
.src
) ||
807 idst
->sa_len
> sizeof(spidx
.dst
))
809 bcopy(isrc
, &spidx
.src
, isrc
->sa_len
);
810 bcopy(idst
, &spidx
.dst
, idst
->sa_len
);
811 if (!key_cmpspidx_withmask(&sp
->spidx
, &spidx
))
814 is
= (struct sockaddr
*)&r1
->saidx
.src
;
815 id
= (struct sockaddr
*)&r1
->saidx
.dst
;
816 if (key_sockaddrcmp(is
, isrc
, 0) ||
817 key_sockaddrcmp(id
, idst
, 0))
821 os
= (struct sockaddr
*)&r2
->saidx
.src
;
822 od
= (struct sockaddr
*)&r2
->saidx
.dst
;
823 if (key_sockaddrcmp(os
, osrc
, 0) ||
824 key_sockaddrcmp(od
, odst
, 0))
830 lck_mtx_unlock(sadb_mutex
);
835 sp
->lastused
= tv
.tv_sec
;
837 lck_mtx_unlock(sadb_mutex
);
841 struct secasvar
*key_alloc_outbound_sav_for_interface(ifnet_t interface
, int family
)
843 struct secashead
*sah
;
844 struct secasvar
*sav
;
847 const u_int
*saorder_state_valid
;
849 struct sockaddr_in
*sin
;
852 if (interface
== NULL
)
855 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
857 lck_mtx_lock(sadb_mutex
);
859 LIST_FOREACH(sah
, &sahtree
, chain
) {
860 if (sah
->ipsec_if
== interface
&&
861 (family
== AF_INET6
|| family
== AF_INET
) &&
862 sah
->dir
== IPSEC_DIR_OUTBOUND
) {
863 /* This SAH is linked to the IPSec interface, and the right family. We found it! */
864 if (key_preferred_oldsa
) {
865 saorder_state_valid
= saorder_state_valid_prefer_old
;
866 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
868 saorder_state_valid
= saorder_state_valid_prefer_new
;
869 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
872 sin
= (struct sockaddr_in
*)&sah
->saidx
.dst
;
873 dstport
= sin
->sin_port
;
874 if (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
)
875 sin
->sin_port
= IPSEC_PORT_ANY
;
877 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
878 state
= saorder_state_valid
[stateidx
];
879 sav
= key_do_allocsa_policy(sah
, state
, dstport
);
881 lck_mtx_unlock(sadb_mutex
);
890 lck_mtx_unlock(sadb_mutex
);
895 * allocating an SA entry for an *OUTBOUND* packet.
896 * checking each request entries in SP, and acquire an SA if need.
897 * OUT: 0: there are valid requests.
898 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
902 struct ipsecrequest
*isr
,
903 struct secasindex
*saidx
,
904 struct secasvar
**sav
)
908 struct sockaddr_in
*sin
;
910 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
915 if (isr
== NULL
|| saidx
== NULL
)
916 panic("key_checkrequest: NULL pointer is passed.\n");
919 switch (saidx
->mode
) {
920 case IPSEC_MODE_TRANSPORT
:
921 case IPSEC_MODE_TUNNEL
:
925 panic("key_checkrequest: Invalid policy defined.\n");
928 /* get current level */
929 level
= ipsec_get_reqlevel(isr
);
933 * key_allocsa_policy should allocate the oldest SA available.
934 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
937 *sav
= key_allocsa_policy(saidx
);
939 /* When there is SA. */
945 * Remove dst port - used for special natt support - don't call
946 * key_acquire with it.
948 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
) {
949 sin
= (struct sockaddr_in
*)&saidx
->dst
;
950 sin
->sin_port
= IPSEC_PORT_ANY
;
952 if ((error
= key_acquire(saidx
, isr
->sp
)) != 0) {
953 /* XXX What should I do ? */
954 ipseclog((LOG_DEBUG
, "key_checkrequest: error %d returned "
955 "from key_acquire.\n", error
));
959 return level
== IPSEC_LEVEL_REQUIRE
? ENOENT
: 0;
963 * allocating a SA for policy entry from SAD.
964 * NOTE: searching SAD of aliving state.
965 * OUT: NULL: not found.
966 * others: found and return the pointer.
968 u_int32_t sah_search_calls
= 0;
969 u_int32_t sah_search_count
= 0;
972 struct secasindex
*saidx
)
974 struct secashead
*sah
;
975 struct secasvar
*sav
;
976 u_int stateidx
, state
;
977 const u_int
*saorder_state_valid
;
979 struct sockaddr_in
*sin
;
982 lck_mtx_lock(sadb_mutex
);
984 LIST_FOREACH(sah
, &sahtree
, chain
) {
986 if (sah
->state
== SADB_SASTATE_DEAD
)
988 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_MODE
| CMP_REQID
))
991 lck_mtx_unlock(sadb_mutex
);
997 * search a valid state list for outbound packet.
998 * This search order is important.
1000 if (key_preferred_oldsa
) {
1001 saorder_state_valid
= saorder_state_valid_prefer_old
;
1002 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1004 saorder_state_valid
= saorder_state_valid_prefer_new
;
1005 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1009 sin
= (struct sockaddr_in
*)&saidx
->dst
;
1010 dstport
= sin
->sin_port
;
1011 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
)
1012 sin
->sin_port
= IPSEC_PORT_ANY
;
1014 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
1016 state
= saorder_state_valid
[stateidx
];
1018 sav
= key_do_allocsa_policy(sah
, state
, dstport
);
1020 lck_mtx_unlock(sadb_mutex
);
1024 lck_mtx_unlock(sadb_mutex
);
1029 key_send_delete (struct secasvar
*sav
)
1031 struct mbuf
*m
, *result
;
1034 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
1036 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
1037 panic("key_do_allocsa_policy: invalid proto is passed.\n");
1039 m
= key_setsadbmsg(SADB_DELETE
, 0,
1040 satype
, 0, 0, sav
->refcnt
- 1);
1045 /* set sadb_address for saidx's. */
1046 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
1047 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
1048 sav
->sah
->saidx
.src
.ss_len
<< 3,
1054 /* set sadb_address for saidx's. */
1055 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
1056 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
1057 sav
->sah
->saidx
.src
.ss_len
<< 3,
1063 /* create SA extension */
1064 m
= key_setsadbsa(sav
);
1069 if (result
->m_len
< sizeof(struct sadb_msg
)) {
1070 result
= m_pullup(result
,
1071 sizeof(struct sadb_msg
));
1076 result
->m_pkthdr
.len
= 0;
1077 for (m
= result
; m
; m
= m
->m_next
)
1078 result
->m_pkthdr
.len
+= m
->m_len
;
1079 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
1080 PFKEY_UNIT64(result
->m_pkthdr
.len
);
1082 if (key_sendup_mbuf(NULL
, result
,
1083 KEY_SENDUP_REGISTERED
))
1086 key_freesav(sav
, KEY_SADB_LOCKED
);
1090 * searching SAD with direction, protocol, mode and state.
1091 * called by key_allocsa_policy().
1094 * others : found, pointer to a SA.
1096 static struct secasvar
*
1097 key_do_allocsa_policy(
1098 struct secashead
*sah
,
1102 struct secasvar
*sav
, *nextsav
, *candidate
, *natt_candidate
, *no_natt_candidate
, *d
;
1104 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1108 natt_candidate
= NULL
;
1109 no_natt_candidate
= NULL
;
1111 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
1115 nextsav
= LIST_NEXT(sav
, chain
);
1118 KEY_CHKSASTATE(sav
->state
, state
, "key_do_allocsa_policy");
1120 if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
&&
1121 ((sav
->flags
& SADB_X_EXT_NATT
) != 0) &&
1122 ntohs(dstport
) != sav
->remote_ike_port
)
1125 if (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
1126 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0) &&
1127 ntohs(dstport
) != sav
->remote_ike_port
)
1128 continue; /* skip this one - not a match - or not UDP */
1130 if ((sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&&
1131 ((sav
->flags
& SADB_X_EXT_NATT
) != 0)) ||
1132 (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
1133 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0))) {
1134 if (natt_candidate
== NULL
) {
1135 natt_candidate
= sav
;
1138 candidate
= natt_candidate
;
1140 if (no_natt_candidate
== NULL
) {
1141 no_natt_candidate
= sav
;
1144 candidate
= no_natt_candidate
;
1147 /* Which SA is the better ? */
1149 /* sanity check 2 */
1150 if (candidate
->lft_c
== NULL
|| sav
->lft_c
== NULL
)
1151 panic("key_do_allocsa_policy: "
1152 "lifetime_current is NULL.\n");
1154 /* What the best method is to compare ? */
1155 if (key_preferred_oldsa
) {
1156 if (candidate
->lft_c
->sadb_lifetime_addtime
>
1157 sav
->lft_c
->sadb_lifetime_addtime
) {
1158 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
1159 natt_candidate
= sav
;
1161 no_natt_candidate
= sav
;
1167 /* prefered new sa rather than old sa */
1168 if (candidate
->lft_c
->sadb_lifetime_addtime
<
1169 sav
->lft_c
->sadb_lifetime_addtime
) {
1171 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
1172 natt_candidate
= sav
;
1174 no_natt_candidate
= sav
;
1179 * prepared to delete the SA when there is more
1180 * suitable candidate and the lifetime of the SA is not
1183 if (d
->lft_c
->sadb_lifetime_addtime
!= 0) {
1188 /* choose latest if both types present */
1189 if (natt_candidate
== NULL
)
1190 candidate
= no_natt_candidate
;
1191 else if (no_natt_candidate
== NULL
)
1192 candidate
= natt_candidate
;
1193 else if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
)
1194 candidate
= natt_candidate
;
1195 else if (natt_candidate
->lft_c
->sadb_lifetime_addtime
>
1196 no_natt_candidate
->lft_c
->sadb_lifetime_addtime
)
1197 candidate
= natt_candidate
;
1199 candidate
= no_natt_candidate
;
1202 candidate
->refcnt
++;
1203 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1204 printf("DP allocsa_policy cause "
1205 "refcnt++:%d SA:0x%llx\n", candidate
->refcnt
,
1206 (uint64_t)VM_KERNEL_ADDRPERM(candidate
)));
1212 * allocating a SA entry for a *INBOUND* packet.
1213 * Must call key_freesav() later.
1214 * OUT: positive: pointer to a sav.
1215 * NULL: not found, or error occurred.
1217 * In the comparison, source address will be ignored for RFC2401 conformance.
1218 * To quote, from section 4.1:
1219 * A security association is uniquely identified by a triple consisting
1220 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1221 * security protocol (AH or ESP) identifier.
1222 * Note that, however, we do need to keep source address in IPsec SA.
1223 * IKE specification and PF_KEY specification do assume that we
1224 * keep source address in IPsec SA. We see a tricky situation here.
1234 struct secasvar
*sav
, *match
;
1235 u_int stateidx
, state
, tmpidx
, matchidx
;
1236 struct sockaddr_in sin
;
1237 struct sockaddr_in6 sin6
;
1238 const u_int
*saorder_state_valid
;
1241 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1244 if (src
== NULL
|| dst
== NULL
)
1245 panic("key_allocsa: NULL pointer is passed.\n");
1248 * when both systems employ similar strategy to use a SA.
1249 * the search order is important even in the inbound case.
1251 if (key_preferred_oldsa
) {
1252 saorder_state_valid
= saorder_state_valid_prefer_old
;
1253 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1255 saorder_state_valid
= saorder_state_valid_prefer_new
;
1256 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1261 * XXX: to be checked internal IP header somewhere. Also when
1262 * IPsec tunnel packet is received. But ESP tunnel mode is
1263 * encrypted so we can't check internal IP header.
1266 * search a valid state list for inbound packet.
1267 * the search order is not important.
1270 matchidx
= arraysize
;
1271 lck_mtx_lock(sadb_mutex
);
1272 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
1273 if (sav
->spi
!= spi
)
1275 if (proto
!= sav
->sah
->saidx
.proto
)
1277 if (family
!= sav
->sah
->saidx
.src
.ss_family
||
1278 family
!= sav
->sah
->saidx
.dst
.ss_family
)
1281 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
1282 state
= saorder_state_valid
[stateidx
];
1283 if (sav
->state
== state
) {
1288 if (tmpidx
>= matchidx
)
1291 #if 0 /* don't check src */
1292 /* check src address */
1295 bzero(&sin
, sizeof(sin
));
1296 sin
.sin_family
= AF_INET
;
1297 sin
.sin_len
= sizeof(sin
);
1298 bcopy(src
, &sin
.sin_addr
,
1299 sizeof(sin
.sin_addr
));
1300 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1301 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1305 bzero(&sin6
, sizeof(sin6
));
1306 sin6
.sin6_family
= AF_INET6
;
1307 sin6
.sin6_len
= sizeof(sin6
);
1308 bcopy(src
, &sin6
.sin6_addr
,
1309 sizeof(sin6
.sin6_addr
));
1310 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1311 /* kame fake scopeid */
1312 sin6
.sin6_scope_id
=
1313 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1314 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1316 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1317 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1321 ipseclog((LOG_DEBUG
, "key_allocsa: "
1322 "unknown address family=%d.\n",
1328 /* check dst address */
1331 bzero(&sin
, sizeof(sin
));
1332 sin
.sin_family
= AF_INET
;
1333 sin
.sin_len
= sizeof(sin
);
1334 bcopy(dst
, &sin
.sin_addr
,
1335 sizeof(sin
.sin_addr
));
1336 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1337 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1342 bzero(&sin6
, sizeof(sin6
));
1343 sin6
.sin6_family
= AF_INET6
;
1344 sin6
.sin6_len
= sizeof(sin6
);
1345 bcopy(dst
, &sin6
.sin6_addr
,
1346 sizeof(sin6
.sin6_addr
));
1347 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1348 /* kame fake scopeid */
1349 sin6
.sin6_scope_id
=
1350 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1351 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1353 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1354 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1358 ipseclog((LOG_DEBUG
, "key_allocsa: "
1359 "unknown address family=%d.\n", family
));
1370 lck_mtx_unlock(sadb_mutex
);
1375 lck_mtx_unlock(sadb_mutex
);
1376 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1377 printf("DP allocsa cause refcnt++:%d SA:0x%llx\n",
1378 match
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(match
)));
1383 key_natt_get_translated_port(
1384 struct secasvar
*outsav
)
1387 struct secasindex saidx
;
1388 struct secashead
*sah
;
1389 u_int stateidx
, state
;
1390 const u_int
*saorder_state_valid
;
1393 /* get sa for incoming */
1394 saidx
.mode
= outsav
->sah
->saidx
.mode
;
1396 saidx
.proto
= outsav
->sah
->saidx
.proto
;
1397 bcopy(&outsav
->sah
->saidx
.src
, &saidx
.dst
, sizeof(struct sockaddr_in
));
1398 bcopy(&outsav
->sah
->saidx
.dst
, &saidx
.src
, sizeof(struct sockaddr_in
));
1400 lck_mtx_lock(sadb_mutex
);
1401 LIST_FOREACH(sah
, &sahtree
, chain
) {
1402 if (sah
->state
== SADB_SASTATE_DEAD
)
1404 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
))
1407 lck_mtx_unlock(sadb_mutex
);
1412 * Found sah - now go thru list of SAs and find
1413 * matching remote ike port. If found - set
1414 * sav->natt_encapsulated_src_port and return the port.
1417 * search a valid state list for outbound packet.
1418 * This search order is important.
1420 if (key_preferred_oldsa
) {
1421 saorder_state_valid
= saorder_state_valid_prefer_old
;
1422 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1424 saorder_state_valid
= saorder_state_valid_prefer_new
;
1425 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1428 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
1429 state
= saorder_state_valid
[stateidx
];
1430 if (key_do_get_translated_port(sah
, outsav
, state
)) {
1431 lck_mtx_unlock(sadb_mutex
);
1432 return outsav
->natt_encapsulated_src_port
;
1435 lck_mtx_unlock(sadb_mutex
);
1440 key_do_get_translated_port(
1441 struct secashead
*sah
,
1442 struct secasvar
*outsav
,
1445 struct secasvar
*currsav
, *nextsav
, *candidate
;
1448 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1453 for (currsav
= LIST_FIRST(&sah
->savtree
[state
]);
1455 currsav
= nextsav
) {
1457 nextsav
= LIST_NEXT(currsav
, chain
);
1460 KEY_CHKSASTATE(currsav
->state
, state
, "key_do_get_translated_port");
1462 if ((currsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) == 0 ||
1463 currsav
->remote_ike_port
!= outsav
->remote_ike_port
)
1466 if (candidate
== NULL
) {
1467 candidate
= currsav
;
1471 /* Which SA is the better ? */
1473 /* sanity check 2 */
1474 if (candidate
->lft_c
== NULL
|| currsav
->lft_c
== NULL
)
1475 panic("key_do_get_translated_port: "
1476 "lifetime_current is NULL.\n");
1478 /* What the best method is to compare ? */
1479 if (key_preferred_oldsa
) {
1480 if (candidate
->lft_c
->sadb_lifetime_addtime
>
1481 currsav
->lft_c
->sadb_lifetime_addtime
) {
1482 candidate
= currsav
;
1488 /* prefered new sa rather than old sa */
1489 if (candidate
->lft_c
->sadb_lifetime_addtime
<
1490 currsav
->lft_c
->sadb_lifetime_addtime
)
1491 candidate
= currsav
;
1495 outsav
->natt_encapsulated_src_port
= candidate
->natt_encapsulated_src_port
;
1503 * Must be called after calling key_allocsp().
1507 struct secpolicy
*sp
,
1513 panic("key_freesp: NULL pointer is passed.\n");
1516 lck_mtx_lock(sadb_mutex
);
1518 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1520 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1521 printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
1522 sp
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sp
)));
1524 if (sp
->refcnt
== 0)
1527 lck_mtx_unlock(sadb_mutex
);
1532 * Must be called after calling key_allocsa().
1533 * This function is called by key_freesp() to free some SA allocated
1538 struct secasvar
*sav
,
1544 panic("key_freesav: NULL pointer is passed.\n");
1547 lck_mtx_lock(sadb_mutex
);
1549 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1551 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1552 printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
1553 sav
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sav
),
1554 (u_int32_t
)ntohl(sav
->spi
)));
1556 if (sav
->refcnt
== 0)
1559 lck_mtx_unlock(sadb_mutex
);
1563 /* %%% SPD management */
1565 * free security policy entry.
1569 struct secpolicy
*sp
)
1574 panic("key_delsp: NULL pointer is passed.\n");
1576 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1577 sp
->state
= IPSEC_SPSTATE_DEAD
;
1580 return; /* can't free */
1582 /* remove from SP index */
1583 if (__LIST_CHAINED(sp
)) {
1584 LIST_REMOVE(sp
, chain
);
1585 ipsec_policy_count
--;
1588 if (sp
->spidx
.internal_if
) {
1589 ifnet_release(sp
->spidx
.internal_if
);
1590 sp
->spidx
.internal_if
= NULL
;
1594 ifnet_release(sp
->ipsec_if
);
1595 sp
->ipsec_if
= NULL
;
1598 if (sp
->outgoing_if
) {
1599 ifnet_release(sp
->outgoing_if
);
1600 sp
->outgoing_if
= NULL
;
1604 struct ipsecrequest
*isr
= sp
->req
, *nextisr
;
1606 while (isr
!= NULL
) {
1607 nextisr
= isr
->next
;
1612 keydb_delsecpolicy(sp
);
1619 * OUT: NULL : not found
1620 * others : found, pointer to a SP.
1622 static struct secpolicy
*
1624 struct secpolicyindex
*spidx
)
1626 struct secpolicy
*sp
;
1628 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1632 panic("key_getsp: NULL pointer is passed.\n");
1634 LIST_FOREACH(sp
, &sptree
[spidx
->dir
], chain
) {
1635 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1637 if (key_cmpspidx_exactly(spidx
, &sp
->spidx
)) {
1648 * OUT: NULL : not found
1649 * others : found, pointer to a SP.
1655 struct secpolicy
*sp
;
1657 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1659 lck_mtx_lock(sadb_mutex
);
1660 sp
= __key_getspbyid(id
);
1661 lck_mtx_unlock(sadb_mutex
);
1666 static struct secpolicy
*
1667 __key_getspbyid(u_int32_t id
)
1669 struct secpolicy
*sp
;
1671 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1673 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_INBOUND
], chain
) {
1674 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1682 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_OUTBOUND
], chain
) {
1683 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1697 struct secpolicy
*newsp
= NULL
;
1699 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1700 newsp
= keydb_newsecpolicy();
1711 * create secpolicy structure from sadb_x_policy structure.
1712 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1713 * so must be set properly later.
1717 struct sadb_x_policy
*xpl0
,
1721 struct secpolicy
*newsp
;
1723 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1727 panic("key_msg2sp: NULL pointer was passed.\n");
1728 if (len
< sizeof(*xpl0
))
1729 panic("key_msg2sp: invalid length.\n");
1730 if (len
!= PFKEY_EXTLEN(xpl0
)) {
1731 ipseclog((LOG_DEBUG
, "key_msg2sp: Invalid msg length.\n"));
1736 if ((newsp
= key_newsp()) == NULL
) {
1741 newsp
->spidx
.dir
= xpl0
->sadb_x_policy_dir
;
1742 newsp
->policy
= xpl0
->sadb_x_policy_type
;
1745 switch (xpl0
->sadb_x_policy_type
) {
1746 case IPSEC_POLICY_DISCARD
:
1747 case IPSEC_POLICY_GENERATE
:
1748 case IPSEC_POLICY_NONE
:
1749 case IPSEC_POLICY_ENTRUST
:
1750 case IPSEC_POLICY_BYPASS
:
1754 case IPSEC_POLICY_IPSEC
:
1757 struct sadb_x_ipsecrequest
*xisr
;
1758 struct ipsecrequest
**p_isr
= &newsp
->req
;
1760 /* validity check */
1761 if (PFKEY_EXTLEN(xpl0
) < sizeof(*xpl0
)) {
1762 ipseclog((LOG_DEBUG
,
1763 "key_msg2sp: Invalid msg length.\n"));
1764 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1769 tlen
= PFKEY_EXTLEN(xpl0
) - sizeof(*xpl0
);
1770 xisr
= (struct sadb_x_ipsecrequest
*)(xpl0
+ 1);
1775 if (xisr
->sadb_x_ipsecrequest_len
< sizeof(*xisr
)) {
1776 ipseclog((LOG_DEBUG
, "key_msg2sp: "
1777 "invalid ipsecrequest length.\n"));
1778 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1783 /* allocate request buffer */
1784 KMALLOC_WAIT(*p_isr
, struct ipsecrequest
*, sizeof(**p_isr
));
1785 if ((*p_isr
) == NULL
) {
1786 ipseclog((LOG_DEBUG
,
1787 "key_msg2sp: No more memory.\n"));
1788 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1792 bzero(*p_isr
, sizeof(**p_isr
));
1795 (*p_isr
)->next
= NULL
;
1797 switch (xisr
->sadb_x_ipsecrequest_proto
) {
1800 case IPPROTO_IPCOMP
:
1803 ipseclog((LOG_DEBUG
,
1804 "key_msg2sp: invalid proto type=%u\n",
1805 xisr
->sadb_x_ipsecrequest_proto
));
1806 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1807 *error
= EPROTONOSUPPORT
;
1810 (*p_isr
)->saidx
.proto
= xisr
->sadb_x_ipsecrequest_proto
;
1812 switch (xisr
->sadb_x_ipsecrequest_mode
) {
1813 case IPSEC_MODE_TRANSPORT
:
1814 case IPSEC_MODE_TUNNEL
:
1816 case IPSEC_MODE_ANY
:
1818 ipseclog((LOG_DEBUG
,
1819 "key_msg2sp: invalid mode=%u\n",
1820 xisr
->sadb_x_ipsecrequest_mode
));
1821 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1825 (*p_isr
)->saidx
.mode
= xisr
->sadb_x_ipsecrequest_mode
;
1827 switch (xisr
->sadb_x_ipsecrequest_level
) {
1828 case IPSEC_LEVEL_DEFAULT
:
1829 case IPSEC_LEVEL_USE
:
1830 case IPSEC_LEVEL_REQUIRE
:
1832 case IPSEC_LEVEL_UNIQUE
:
1833 /* validity check */
1835 * If range violation of reqid, kernel will
1836 * update it, don't refuse it.
1838 if (xisr
->sadb_x_ipsecrequest_reqid
1839 > IPSEC_MANUAL_REQID_MAX
) {
1840 ipseclog((LOG_DEBUG
,
1841 "key_msg2sp: reqid=%d range "
1842 "violation, updated by kernel.\n",
1843 xisr
->sadb_x_ipsecrequest_reqid
));
1844 xisr
->sadb_x_ipsecrequest_reqid
= 0;
1847 /* allocate new reqid id if reqid is zero. */
1848 if (xisr
->sadb_x_ipsecrequest_reqid
== 0) {
1850 if ((reqid
= key_newreqid()) == 0) {
1851 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1855 (*p_isr
)->saidx
.reqid
= reqid
;
1856 xisr
->sadb_x_ipsecrequest_reqid
= reqid
;
1858 /* set it for manual keying. */
1859 (*p_isr
)->saidx
.reqid
=
1860 xisr
->sadb_x_ipsecrequest_reqid
;
1865 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid level=%u\n",
1866 xisr
->sadb_x_ipsecrequest_level
));
1867 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1871 (*p_isr
)->level
= xisr
->sadb_x_ipsecrequest_level
;
1873 /* set IP addresses if there */
1874 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
1875 struct sockaddr
*paddr
;
1877 paddr
= (struct sockaddr
*)(xisr
+ 1);
1879 /* validity check */
1881 > sizeof((*p_isr
)->saidx
.src
)) {
1882 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1883 "address length.\n"));
1884 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1888 bcopy(paddr
, &(*p_isr
)->saidx
.src
,
1891 paddr
= (struct sockaddr
*)((caddr_t
)paddr
1894 /* validity check */
1896 > sizeof((*p_isr
)->saidx
.dst
)) {
1897 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1898 "address length.\n"));
1899 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1903 bcopy(paddr
, &(*p_isr
)->saidx
.dst
,
1907 (*p_isr
)->sp
= newsp
;
1909 /* initialization for the next. */
1910 p_isr
= &(*p_isr
)->next
;
1911 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
1913 /* validity check */
1915 ipseclog((LOG_DEBUG
, "key_msg2sp: becoming tlen < 0.\n"));
1916 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1921 xisr
= (struct sadb_x_ipsecrequest
*)(void *)
1922 ((caddr_t
)xisr
+ xisr
->sadb_x_ipsecrequest_len
);
1927 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid policy type.\n"));
1928 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1940 lck_mtx_lock(sadb_mutex
);
1941 static u_int32_t auto_reqid
= IPSEC_MANUAL_REQID_MAX
+ 1;
1944 /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
1945 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
1946 work anymore. Changing the PF_KEY message format would introduce compatibility
1947 issues. This code now tests to see if the tentative reqid is in use */
1950 struct secpolicy
*sp
;
1951 struct ipsecrequest
*isr
;
1954 auto_reqid
= (auto_reqid
== 0xFFFF
1955 ? IPSEC_MANUAL_REQID_MAX
+ 1 : auto_reqid
+ 1);
1957 /* check for uniqueness */
1959 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
1960 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
1961 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
1962 if (isr
->saidx
.reqid
== auto_reqid
) {
1975 lck_mtx_unlock(sadb_mutex
);
1980 * copy secpolicy struct to sadb_x_policy structure indicated.
1984 struct secpolicy
*sp
)
1986 struct sadb_x_policy
*xpl
;
1993 panic("key_sp2msg: NULL pointer was passed.\n");
1995 tlen
= key_getspreqmsglen(sp
);
1997 m
= key_alloc_mbuf(tlen
);
1998 if (!m
|| m
->m_next
) { /*XXX*/
2006 xpl
= mtod(m
, struct sadb_x_policy
*);
2009 xpl
->sadb_x_policy_len
= PFKEY_UNIT64(tlen
);
2010 xpl
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
2011 xpl
->sadb_x_policy_type
= sp
->policy
;
2012 xpl
->sadb_x_policy_dir
= sp
->spidx
.dir
;
2013 xpl
->sadb_x_policy_id
= sp
->id
;
2014 p
= (caddr_t
)xpl
+ sizeof(*xpl
);
2016 /* if is the policy for ipsec ? */
2017 if (sp
->policy
== IPSEC_POLICY_IPSEC
) {
2018 struct sadb_x_ipsecrequest
*xisr
;
2019 struct ipsecrequest
*isr
;
2021 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
2023 xisr
= (struct sadb_x_ipsecrequest
*)(void *)p
;
2025 xisr
->sadb_x_ipsecrequest_proto
= isr
->saidx
.proto
;
2026 xisr
->sadb_x_ipsecrequest_mode
= isr
->saidx
.mode
;
2027 xisr
->sadb_x_ipsecrequest_level
= isr
->level
;
2028 xisr
->sadb_x_ipsecrequest_reqid
= isr
->saidx
.reqid
;
2031 bcopy(&isr
->saidx
.src
, p
, isr
->saidx
.src
.ss_len
);
2032 p
+= isr
->saidx
.src
.ss_len
;
2033 bcopy(&isr
->saidx
.dst
, p
, isr
->saidx
.dst
.ss_len
);
2034 p
+= isr
->saidx
.src
.ss_len
;
2036 xisr
->sadb_x_ipsecrequest_len
=
2037 PFKEY_ALIGN8(sizeof(*xisr
)
2038 + isr
->saidx
.src
.ss_len
2039 + isr
->saidx
.dst
.ss_len
);
2046 /* m will not be freed nor modified */
2047 static struct mbuf
*
2048 key_gather_mbuf(struct mbuf
*m
, const struct sadb_msghdr
*mhp
,
2049 int ndeep
, int nitem
, int *items
)
2053 struct mbuf
*result
= NULL
, *n
;
2056 if (m
== NULL
|| mhp
== NULL
)
2057 panic("null pointer passed to key_gather");
2059 for (i
= 0; i
< nitem
; i
++) {
2061 if (idx
< 0 || idx
> SADB_EXT_MAX
)
2063 /* don't attempt to pull empty extension */
2064 if (idx
== SADB_EXT_RESERVED
&& mhp
->msg
== NULL
)
2066 if (idx
!= SADB_EXT_RESERVED
&&
2067 (mhp
->ext
[idx
] == NULL
|| mhp
->extlen
[idx
] == 0))
2070 if (idx
== SADB_EXT_RESERVED
) {
2071 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2072 MGETHDR(n
, M_WAITOK
, MT_DATA
); // sadb_msg len < MHLEN - enforced by _CASSERT
2077 m_copydata(m
, 0, sizeof(struct sadb_msg
),
2079 } else if (i
< ndeep
) {
2080 len
= mhp
->extlen
[idx
];
2081 n
= key_alloc_mbuf(len
);
2082 if (!n
|| n
->m_next
) { /*XXX*/
2087 m_copydata(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
2090 n
= m_copym(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
2102 if ((result
->m_flags
& M_PKTHDR
) != 0) {
2103 result
->m_pkthdr
.len
= 0;
2104 for (n
= result
; n
; n
= n
->m_next
)
2105 result
->m_pkthdr
.len
+= n
->m_len
;
2116 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2117 * add a entry to SP database, when received
2118 * <base, address(SD), (lifetime(H),) policy>
2120 * Adding to SP database,
2122 * <base, address(SD), (lifetime(H),) policy>
2123 * to the socket which was send.
2125 * SPDADD set a unique policy entry.
2126 * SPDSETIDX like SPDADD without a part of policy requests.
2127 * SPDUPDATE replace a unique policy entry.
2129 * m will always be freed.
2135 const struct sadb_msghdr
*mhp
)
2137 struct sadb_address
*src0
, *dst0
, *src1
, *dst1
;
2138 struct sadb_x_policy
*xpl0
, *xpl
;
2139 struct sadb_lifetime
*lft
= NULL
;
2140 struct secpolicyindex spidx
;
2141 struct secpolicy
*newsp
;
2143 ifnet_t internal_if
= NULL
;
2144 char *outgoing_if
= NULL
;
2145 char *ipsec_if
= NULL
;
2146 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
2148 int use_src_range
= 0;
2149 int use_dst_range
= 0;
2150 int init_disabled
= 0;
2151 int address_family
, address_len
;
2153 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2156 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2157 panic("key_spdadd: NULL pointer is passed.\n");
2159 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
] != NULL
) {
2162 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
] != NULL
) {
2166 if ((!use_src_range
&& mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
) ||
2167 (!use_dst_range
&& mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) ||
2168 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
2169 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2170 return key_senderror(so
, m
, EINVAL
);
2172 if ((use_src_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_START
] < sizeof(struct sadb_address
)
2173 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_END
] < sizeof(struct sadb_address
))) ||
2174 (!use_src_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
)) ||
2175 (use_dst_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_START
] < sizeof(struct sadb_address
)
2176 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_END
] < sizeof(struct sadb_address
))) ||
2177 (!use_dst_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) ||
2178 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2179 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2180 return key_senderror(so
, m
, EINVAL
);
2182 if (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
) {
2183 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
]
2184 < sizeof(struct sadb_lifetime
)) {
2185 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2186 return key_senderror(so
, m
, EINVAL
);
2188 lft
= (struct sadb_lifetime
*)
2189 (void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
2191 if (mhp
->ext
[SADB_X_EXT_IPSECIF
] != NULL
) {
2192 if (mhp
->extlen
[SADB_X_EXT_IPSECIF
] < sizeof(struct sadb_x_ipsecif
)) {
2193 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2194 return key_senderror(so
, m
, EINVAL
);
2198 if (use_src_range
) {
2199 src0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
];
2200 src1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
];
2202 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2204 if (use_dst_range
) {
2205 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
];
2206 dst1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
];
2208 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2210 xpl0
= (struct sadb_x_policy
*)(void *)mhp
->ext
[SADB_X_EXT_POLICY
];
2211 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[SADB_X_EXT_IPSECIF
];
2213 /* check addresses */
2214 address_family
= ((struct sockaddr
*)(src0
+ 1))->sa_family
;
2215 address_len
= ((struct sockaddr
*)(src0
+ 1))->sa_len
;
2216 if (use_src_range
) {
2217 if (((struct sockaddr
*)(src1
+ 1))->sa_family
!= address_family
||
2218 ((struct sockaddr
*)(src1
+ 1))->sa_len
!= address_len
) {
2219 return key_senderror(so
, m
, EINVAL
);
2222 if (((struct sockaddr
*)(dst0
+ 1))->sa_family
!= address_family
||
2223 ((struct sockaddr
*)(dst0
+ 1))->sa_len
!= address_len
) {
2224 return key_senderror(so
, m
, EINVAL
);
2226 if (use_dst_range
) {
2227 if (((struct sockaddr
*)(dst1
+ 1))->sa_family
!= address_family
||
2228 ((struct sockaddr
*)(dst1
+ 1))->sa_len
!= address_len
) {
2229 return key_senderror(so
, m
, EINVAL
);
2233 /* checking the direction. */
2234 switch (xpl0
->sadb_x_policy_dir
) {
2235 case IPSEC_DIR_INBOUND
:
2236 case IPSEC_DIR_OUTBOUND
:
2239 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid SP direction.\n"));
2240 mhp
->msg
->sadb_msg_errno
= EINVAL
;
2245 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2246 if (xpl0
->sadb_x_policy_type
== IPSEC_POLICY_ENTRUST
2247 || xpl0
->sadb_x_policy_type
== IPSEC_POLICY_BYPASS
) {
2248 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid policy type.\n"));
2249 return key_senderror(so
, m
, EINVAL
);
2252 /* policy requests are mandatory when action is ipsec. */
2253 if (mhp
->msg
->sadb_msg_type
!= SADB_X_SPDSETIDX
2254 && xpl0
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
2255 && mhp
->extlen
[SADB_X_EXT_POLICY
] <= sizeof(*xpl0
)) {
2256 ipseclog((LOG_DEBUG
, "key_spdadd: some policy requests part required.\n"));
2257 return key_senderror(so
, m
, EINVAL
);
2260 /* Process interfaces */
2261 if (ipsecifopts
!= NULL
) {
2262 if (ipsecifopts
->sadb_x_ipsecif_internal_if
[0]) {
2263 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_internal_if
, &internal_if
);
2265 if (ipsecifopts
->sadb_x_ipsecif_outgoing_if
[0]) {
2266 outgoing_if
= ipsecifopts
->sadb_x_ipsecif_outgoing_if
;
2268 if (ipsecifopts
->sadb_x_ipsecif_ipsec_if
[0]) {
2269 ipsec_if
= ipsecifopts
->sadb_x_ipsecif_ipsec_if
;
2271 init_disabled
= ipsecifopts
->sadb_x_ipsecif_init_disabled
;
2275 /* XXX boundary check against sa_len */
2276 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2279 src0
->sadb_address_prefixlen
,
2280 dst0
->sadb_address_prefixlen
,
2281 src0
->sadb_address_proto
,
2283 use_src_range
? src0
+ 1 : NULL
,
2284 use_src_range
? src1
+ 1 : NULL
,
2285 use_dst_range
? dst0
+ 1 : NULL
,
2286 use_dst_range
? dst1
+ 1 : NULL
,
2290 * checking there is SP already or not.
2291 * SPDUPDATE doesn't depend on whether there is a SP or not.
2292 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2295 lck_mtx_lock(sadb_mutex
);
2296 newsp
= key_getsp(&spidx
);
2297 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2299 newsp
->state
= IPSEC_SPSTATE_DEAD
;
2300 key_freesp(newsp
, KEY_SADB_LOCKED
);
2303 if (newsp
!= NULL
) {
2304 key_freesp(newsp
, KEY_SADB_LOCKED
);
2305 ipseclog((LOG_DEBUG
, "key_spdadd: a SP entry exists already.\n"));
2306 lck_mtx_unlock(sadb_mutex
);
2308 ifnet_release(internal_if
);
2311 return key_senderror(so
, m
, EEXIST
);
2314 lck_mtx_unlock(sadb_mutex
);
2316 /* allocation new SP entry */
2317 if ((newsp
= key_msg2sp(xpl0
, PFKEY_EXTLEN(xpl0
), &error
)) == NULL
) {
2319 ifnet_release(internal_if
);
2322 return key_senderror(so
, m
, error
);
2325 if ((newsp
->id
= key_getnewspid()) == 0) {
2326 keydb_delsecpolicy(newsp
);
2328 ifnet_release(internal_if
);
2331 return key_senderror(so
, m
, ENOBUFS
);
2334 /* XXX boundary check against sa_len */
2335 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2338 src0
->sadb_address_prefixlen
,
2339 dst0
->sadb_address_prefixlen
,
2340 src0
->sadb_address_proto
,
2342 use_src_range
? src0
+ 1 : NULL
,
2343 use_src_range
? src1
+ 1 : NULL
,
2344 use_dst_range
? dst0
+ 1 : NULL
,
2345 use_dst_range
? dst1
+ 1 : NULL
,
2350 * allow IPv6 over IPv4 or IPv4 over IPv6 tunnels using ESP -
2351 * otherwise reject if inner and outer address families not equal
2353 if (newsp
->req
&& newsp
->req
->saidx
.src
.ss_family
) {
2354 struct sockaddr
*sa
;
2355 sa
= (struct sockaddr
*)(src0
+ 1);
2356 if (sa
->sa_family
!= newsp
->req
->saidx
.src
.ss_family
) {
2357 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
) {
2358 keydb_delsecpolicy(newsp
);
2360 ifnet_release(internal_if
);
2363 return key_senderror(so
, m
, EINVAL
);
2367 if (newsp
->req
&& newsp
->req
->saidx
.dst
.ss_family
) {
2368 struct sockaddr
*sa
;
2369 sa
= (struct sockaddr
*)(dst0
+ 1);
2370 if (sa
->sa_family
!= newsp
->req
->saidx
.dst
.ss_family
) {
2371 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
) {
2372 keydb_delsecpolicy(newsp
);
2374 ifnet_release(internal_if
);
2377 return key_senderror(so
, m
, EINVAL
);
2384 newsp
->created
= tv
.tv_sec
;
2385 newsp
->lastused
= tv
.tv_sec
;
2386 newsp
->lifetime
= lft
? lft
->sadb_lifetime_addtime
: 0;
2387 newsp
->validtime
= lft
? lft
->sadb_lifetime_usetime
: 0;
2389 if (outgoing_if
!= NULL
) {
2390 ifnet_find_by_name(outgoing_if
, &newsp
->outgoing_if
);
2392 if (ipsec_if
!= NULL
) {
2393 ifnet_find_by_name(ipsec_if
, &newsp
->ipsec_if
);
2395 if (init_disabled
> 0) {
2396 newsp
->disabled
= 1;
2399 newsp
->refcnt
= 1; /* do not reclaim until I say I do */
2400 newsp
->state
= IPSEC_SPSTATE_ALIVE
;
2401 lck_mtx_lock(sadb_mutex
);
2403 * policies of type generate should be at the end of the SPD
2404 * because they function as default discard policies
2405 * Don't start timehandler for generate policies
2407 if (newsp
->policy
== IPSEC_POLICY_GENERATE
)
2408 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2409 else { /* XXX until we have policy ordering in the kernel */
2410 struct secpolicy
*tmpsp
;
2412 LIST_FOREACH(tmpsp
, &sptree
[newsp
->spidx
.dir
], chain
)
2413 if (tmpsp
->policy
== IPSEC_POLICY_GENERATE
)
2416 LIST_INSERT_BEFORE(tmpsp
, newsp
, chain
);
2418 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2419 key_start_timehandler();
2422 ipsec_policy_count
++;
2423 /* Turn off the ipsec bypass */
2424 if (ipsec_bypass
!= 0)
2427 /* delete the entry in spacqtree */
2428 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2429 struct secspacq
*spacq
;
2430 if ((spacq
= key_getspacq(&spidx
)) != NULL
) {
2431 /* reset counter in order to deletion by timehandler. */
2433 spacq
->created
= tv
.tv_sec
;
2437 lck_mtx_unlock(sadb_mutex
);
2440 struct mbuf
*n
, *mpolicy
;
2441 struct sadb_msg
*newmsg
;
2444 /* create new sadb_msg to reply. */
2446 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2447 SADB_EXT_LIFETIME_HARD
, SADB_EXT_ADDRESS_SRC
,
2448 SADB_EXT_ADDRESS_DST
, SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2449 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2450 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2452 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2453 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
2454 SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2455 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2456 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2459 return key_senderror(so
, m
, ENOBUFS
);
2461 if (n
->m_len
< sizeof(*newmsg
)) {
2462 n
= m_pullup(n
, sizeof(*newmsg
));
2464 return key_senderror(so
, m
, ENOBUFS
);
2466 newmsg
= mtod(n
, struct sadb_msg
*);
2467 newmsg
->sadb_msg_errno
= 0;
2468 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2471 mpolicy
= m_pulldown(n
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)),
2472 sizeof(*xpl
), &off
);
2473 if (mpolicy
== NULL
) {
2474 /* n is already freed */
2475 return key_senderror(so
, m
, ENOBUFS
);
2477 xpl
= (struct sadb_x_policy
*)(void *)(mtod(mpolicy
, caddr_t
) + off
);
2478 if (xpl
->sadb_x_policy_exttype
!= SADB_X_EXT_POLICY
) {
2480 return key_senderror(so
, m
, EINVAL
);
2482 xpl
->sadb_x_policy_id
= newsp
->id
;
2485 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2490 * get new policy id.
2496 key_getnewspid(void)
2498 u_int32_t newid
= 0;
2499 int count
= key_spi_trycnt
; /* XXX */
2500 struct secpolicy
*sp
;
2502 /* when requesting to allocate spi ranged */
2503 lck_mtx_lock(sadb_mutex
);
2505 newid
= (policy_id
= (policy_id
== ~0 ? 1 : policy_id
+ 1));
2507 if ((sp
= __key_getspbyid(newid
)) == NULL
)
2510 key_freesp(sp
, KEY_SADB_LOCKED
);
2512 lck_mtx_unlock(sadb_mutex
);
2513 if (count
== 0 || newid
== 0) {
2514 ipseclog((LOG_DEBUG
, "key_getnewspid: to allocate policy id is failed.\n"));
2522 * SADB_SPDDELETE processing
2524 * <base, address(SD), policy(*)>
2525 * from the user(?), and set SADB_SASTATE_DEAD,
2527 * <base, address(SD), policy(*)>
2529 * policy(*) including direction of policy.
2531 * m will always be freed.
2537 const struct sadb_msghdr
*mhp
)
2539 struct sadb_address
*src0
, *dst0
, *src1
, *dst1
;
2540 struct sadb_x_policy
*xpl0
;
2541 struct secpolicyindex spidx
;
2542 struct secpolicy
*sp
;
2543 ifnet_t internal_if
= NULL
;
2544 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
2545 int use_src_range
= 0;
2546 int use_dst_range
= 0;
2548 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2551 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2552 panic("key_spddelete: NULL pointer is passed.\n");
2554 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
] != NULL
) {
2557 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
] != NULL
) {
2561 if ((!use_src_range
&& mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
) ||
2562 (!use_dst_range
&& mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) ||
2563 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
2564 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2565 return key_senderror(so
, m
, EINVAL
);
2567 if ((use_src_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_START
] < sizeof(struct sadb_address
)
2568 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_END
] < sizeof(struct sadb_address
))) ||
2569 (!use_src_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
)) ||
2570 (use_dst_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_START
] < sizeof(struct sadb_address
)
2571 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_END
] < sizeof(struct sadb_address
))) ||
2572 (!use_dst_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) ||
2573 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2574 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2575 return key_senderror(so
, m
, EINVAL
);
2578 if (use_src_range
) {
2579 src0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
];
2580 src1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
];
2582 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2584 if (use_dst_range
) {
2585 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
];
2586 dst1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
];
2588 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2590 xpl0
= (struct sadb_x_policy
*)(void *)mhp
->ext
[SADB_X_EXT_POLICY
];
2591 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[SADB_X_EXT_IPSECIF
];
2593 /* checking the direction. */
2594 switch (xpl0
->sadb_x_policy_dir
) {
2595 case IPSEC_DIR_INBOUND
:
2596 case IPSEC_DIR_OUTBOUND
:
2599 ipseclog((LOG_DEBUG
, "key_spddelete: Invalid SP direction.\n"));
2600 return key_senderror(so
, m
, EINVAL
);
2603 /* Process interfaces */
2604 if (ipsecifopts
!= NULL
) {
2605 if (ipsecifopts
->sadb_x_ipsecif_internal_if
[0]) {
2606 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_internal_if
, &internal_if
);
2611 /* XXX boundary check against sa_len */
2612 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2615 src0
->sadb_address_prefixlen
,
2616 dst0
->sadb_address_prefixlen
,
2617 src0
->sadb_address_proto
,
2619 use_src_range
? src0
+ 1 : NULL
,
2620 use_src_range
? src1
+ 1 : NULL
,
2621 use_dst_range
? dst0
+ 1 : NULL
,
2622 use_dst_range
? dst1
+ 1 : NULL
,
2625 /* Is there SP in SPD ? */
2626 lck_mtx_lock(sadb_mutex
);
2627 if ((sp
= key_getsp(&spidx
)) == NULL
) {
2628 ipseclog((LOG_DEBUG
, "key_spddelete: no SP found.\n"));
2629 lck_mtx_unlock(sadb_mutex
);
2631 ifnet_release(internal_if
);
2634 return key_senderror(so
, m
, EINVAL
);
2638 ifnet_release(internal_if
);
2642 /* save policy id to buffer to be returned. */
2643 xpl0
->sadb_x_policy_id
= sp
->id
;
2645 sp
->state
= IPSEC_SPSTATE_DEAD
;
2646 key_freesp(sp
, KEY_SADB_LOCKED
);
2647 lck_mtx_unlock(sadb_mutex
);
2652 struct sadb_msg
*newmsg
;
2653 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2654 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
2655 SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2656 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2658 /* create new sadb_msg to reply. */
2659 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2661 return key_senderror(so
, m
, ENOBUFS
);
2663 newmsg
= mtod(n
, struct sadb_msg
*);
2664 newmsg
->sadb_msg_errno
= 0;
2665 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2668 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2673 * SADB_SPDDELETE2 processing
2676 * from the user(?), and set SADB_SASTATE_DEAD,
2680 * policy(*) including direction of policy.
2682 * m will always be freed.
2688 const struct sadb_msghdr
*mhp
)
2691 struct secpolicy
*sp
;
2693 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2696 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2697 panic("key_spddelete2: NULL pointer is passed.\n");
2699 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2700 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2701 ipseclog((LOG_DEBUG
, "key_spddelete2: invalid message is passed.\n"));
2702 key_senderror(so
, m
, EINVAL
);
2706 id
= ((struct sadb_x_policy
*)
2707 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2709 /* Is there SP in SPD ? */
2710 lck_mtx_lock(sadb_mutex
);
2711 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2712 lck_mtx_unlock(sadb_mutex
);
2713 ipseclog((LOG_DEBUG
, "key_spddelete2: no SP found id:%u.\n", id
));
2714 return key_senderror(so
, m
, EINVAL
);
2717 sp
->state
= IPSEC_SPSTATE_DEAD
;
2718 key_freesp(sp
, KEY_SADB_LOCKED
);
2719 lck_mtx_unlock(sadb_mutex
);
2722 struct mbuf
*n
, *nn
;
2723 struct sadb_msg
*newmsg
;
2726 /* create new sadb_msg to reply. */
2727 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2730 return key_senderror(so
, m
, ENOBUFS
);
2731 MGETHDR(n
, M_WAITOK
, MT_DATA
);
2732 if (n
&& len
> MHLEN
) {
2733 MCLGET(n
, M_WAITOK
);
2734 if ((n
->m_flags
& M_EXT
) == 0) {
2740 return key_senderror(so
, m
, ENOBUFS
);
2746 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
2747 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2751 panic("length inconsistency in key_spddelete2");
2754 n
->m_next
= m_copym(m
, mhp
->extoff
[SADB_X_EXT_POLICY
],
2755 mhp
->extlen
[SADB_X_EXT_POLICY
], M_WAITOK
);
2758 return key_senderror(so
, m
, ENOBUFS
);
2761 n
->m_pkthdr
.len
= 0;
2762 for (nn
= n
; nn
; nn
= nn
->m_next
)
2763 n
->m_pkthdr
.len
+= nn
->m_len
;
2765 newmsg
= mtod(n
, struct sadb_msg
*);
2766 newmsg
->sadb_msg_errno
= 0;
2767 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2770 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2778 const struct sadb_msghdr
*mhp
)
2781 struct secpolicy
*sp
;
2783 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2786 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2787 panic("key_spdenable: NULL pointer is passed.\n");
2789 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2790 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2791 ipseclog((LOG_DEBUG
, "key_spdenable: invalid message is passed.\n"));
2792 key_senderror(so
, m
, EINVAL
);
2796 id
= ((struct sadb_x_policy
*)
2797 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2799 /* Is there SP in SPD ? */
2800 lck_mtx_lock(sadb_mutex
);
2801 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2802 lck_mtx_unlock(sadb_mutex
);
2803 ipseclog((LOG_DEBUG
, "key_spdenable: no SP found id:%u.\n", id
));
2804 return key_senderror(so
, m
, EINVAL
);
2808 lck_mtx_unlock(sadb_mutex
);
2812 struct sadb_msg
*newmsg
;
2813 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
};
2815 /* create new sadb_msg to reply. */
2816 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2818 return key_senderror(so
, m
, ENOBUFS
);
2820 if (n
->m_len
< sizeof(struct sadb_msg
)) {
2821 n
= m_pullup(n
, sizeof(struct sadb_msg
));
2823 return key_senderror(so
, m
, ENOBUFS
);
2825 newmsg
= mtod(n
, struct sadb_msg
*);
2826 newmsg
->sadb_msg_errno
= 0;
2827 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2830 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2838 const struct sadb_msghdr
*mhp
)
2841 struct secpolicy
*sp
;
2843 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2846 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2847 panic("key_spddisable: NULL pointer is passed.\n");
2849 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2850 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2851 ipseclog((LOG_DEBUG
, "key_spddisable: invalid message is passed.\n"));
2852 key_senderror(so
, m
, EINVAL
);
2856 id
= ((struct sadb_x_policy
*)
2857 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2859 /* Is there SP in SPD ? */
2860 lck_mtx_lock(sadb_mutex
);
2861 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2862 lck_mtx_unlock(sadb_mutex
);
2863 ipseclog((LOG_DEBUG
, "key_spddisable: no SP found id:%u.\n", id
));
2864 return key_senderror(so
, m
, EINVAL
);
2868 lck_mtx_unlock(sadb_mutex
);
2872 struct sadb_msg
*newmsg
;
2873 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
};
2875 /* create new sadb_msg to reply. */
2876 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2878 return key_senderror(so
, m
, ENOBUFS
);
2880 if (n
->m_len
< sizeof(struct sadb_msg
)) {
2881 n
= m_pullup(n
, sizeof(struct sadb_msg
));
2883 return key_senderror(so
, m
, ENOBUFS
);
2885 newmsg
= mtod(n
, struct sadb_msg
*);
2886 newmsg
->sadb_msg_errno
= 0;
2887 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2890 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2895 * SADB_X_GET processing
2900 * <base, address(SD), policy>
2902 * policy(*) including direction of policy.
2904 * m will always be freed.
2910 const struct sadb_msghdr
*mhp
)
2913 struct secpolicy
*sp
;
2916 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2919 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2920 panic("key_spdget: NULL pointer is passed.\n");
2922 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2923 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2924 ipseclog((LOG_DEBUG
, "key_spdget: invalid message is passed.\n"));
2925 return key_senderror(so
, m
, EINVAL
);
2928 id
= ((struct sadb_x_policy
*)
2929 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2931 /* Is there SP in SPD ? */
2932 lck_mtx_lock(sadb_mutex
);
2933 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2934 ipseclog((LOG_DEBUG
, "key_spdget: no SP found id:%u.\n", id
));
2935 lck_mtx_unlock(sadb_mutex
);
2936 return key_senderror(so
, m
, ENOENT
);
2938 lck_mtx_unlock(sadb_mutex
);
2939 n
= key_setdumpsp(sp
, SADB_X_SPDGET
, 0, mhp
->msg
->sadb_msg_pid
);
2942 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2944 return key_senderror(so
, m
, ENOBUFS
);
2948 * SADB_X_SPDACQUIRE processing.
2949 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2952 * to KMD, and expect to receive
2953 * <base> with SADB_X_SPDACQUIRE if error occurred,
2956 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2957 * policy(*) is without policy requests.
2960 * others: error number
2964 struct secpolicy
*sp
)
2966 struct mbuf
*result
= NULL
, *m
;
2967 struct secspacq
*newspacq
;
2970 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2974 panic("key_spdacquire: NULL pointer is passed.\n");
2975 if (sp
->req
!= NULL
)
2976 panic("key_spdacquire: called but there is request.\n");
2977 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2978 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2980 /* get a entry to check whether sent message or not. */
2981 lck_mtx_lock(sadb_mutex
);
2982 if ((newspacq
= key_getspacq(&sp
->spidx
)) != NULL
) {
2983 if (key_blockacq_count
< newspacq
->count
) {
2984 /* reset counter and do send message. */
2985 newspacq
->count
= 0;
2987 /* increment counter and do nothing. */
2989 lck_mtx_unlock(sadb_mutex
);
2993 /* make new entry for blocking to send SADB_ACQUIRE. */
2994 if ((newspacq
= key_newspacq(&sp
->spidx
)) == NULL
) {
2995 lck_mtx_unlock(sadb_mutex
);
2998 /* add to acqtree */
2999 LIST_INSERT_HEAD(&spacqtree
, newspacq
, chain
);
3000 key_start_timehandler();
3002 lck_mtx_unlock(sadb_mutex
);
3003 /* create new sadb_msg to reply. */
3004 m
= key_setsadbmsg(SADB_X_SPDACQUIRE
, 0, 0, 0, 0, 0);
3011 result
->m_pkthdr
.len
= 0;
3012 for (m
= result
; m
; m
= m
->m_next
)
3013 result
->m_pkthdr
.len
+= m
->m_len
;
3015 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3016 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3018 return key_sendup_mbuf(NULL
, m
, KEY_SENDUP_REGISTERED
);
3027 * SADB_SPDFLUSH processing
3030 * from the user, and free all entries in secpctree.
3034 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
3036 * m will always be freed.
3042 const struct sadb_msghdr
*mhp
)
3044 struct sadb_msg
*newmsg
;
3045 struct secpolicy
*sp
;
3049 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
3050 panic("key_spdflush: NULL pointer is passed.\n");
3052 if (m
->m_len
!= PFKEY_ALIGN8(sizeof(struct sadb_msg
)))
3053 return key_senderror(so
, m
, EINVAL
);
3055 lck_mtx_lock(sadb_mutex
);
3056 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3057 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
3058 sp
->state
= IPSEC_SPSTATE_DEAD
;
3061 lck_mtx_unlock(sadb_mutex
);
3063 if (sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
3064 ipseclog((LOG_DEBUG
, "key_spdflush: No more memory.\n"));
3065 return key_senderror(so
, m
, ENOBUFS
);
3071 m
->m_pkthdr
.len
= m
->m_len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
3072 newmsg
= mtod(m
, struct sadb_msg
*);
3073 newmsg
->sadb_msg_errno
= 0;
3074 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
3076 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
3080 * SADB_SPDDUMP processing
3083 * from the user, and dump all SP leaves
3088 * m will always be freed.
3095 const struct sadb_msghdr
*mhp
)
3097 struct secpolicy
*sp
, **spbuf
= NULL
, **sp_ptr
;
3098 int cnt
= 0, bufcount
;
3104 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
3105 panic("key_spddump: NULL pointer is passed.\n");
3107 if ((bufcount
= ipsec_policy_count
) == 0) {
3111 bufcount
+= 256; /* extra */
3112 KMALLOC_WAIT(spbuf
, struct secpolicy
**, bufcount
* sizeof(struct secpolicy
*));
3113 if (spbuf
== NULL
) {
3114 ipseclog((LOG_DEBUG
, "key_spddump: No more memory.\n"));
3118 lck_mtx_lock(sadb_mutex
);
3119 /* search SPD entry, make list. */
3121 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3122 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
3123 if (cnt
== bufcount
)
3124 break; /* buffer full */
3130 lck_mtx_unlock(sadb_mutex
);
3140 n
= key_setdumpsp(*sp_ptr
++, SADB_X_SPDDUMP
, cnt
,
3141 mhp
->msg
->sadb_msg_pid
);
3144 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
3147 lck_mtx_lock(sadb_mutex
);
3148 while (sp_ptr
> spbuf
)
3149 key_freesp(*(--sp_ptr
), KEY_SADB_LOCKED
);
3150 lck_mtx_unlock(sadb_mutex
);
3156 return key_senderror(so
, m
, error
);
3163 static struct mbuf
*
3165 struct secpolicy
*sp
,
3170 struct mbuf
*result
= NULL
, *m
;
3172 m
= key_setsadbmsg(type
, 0, SADB_SATYPE_UNSPEC
, seq
, pid
, sp
->refcnt
);
3177 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
3178 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
3179 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
3180 sp
->spidx
.ul_proto
);
3185 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
3186 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
3187 sp
->spidx
.ul_proto
);
3192 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3193 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
3194 sp
->spidx
.ul_proto
);
3200 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
3201 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
3202 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
3203 sp
->spidx
.ul_proto
);
3208 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
3209 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
3210 sp
->spidx
.ul_proto
);
3215 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3216 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
3217 sp
->spidx
.ul_proto
);
3223 if (sp
->spidx
.internal_if
|| sp
->outgoing_if
|| sp
->ipsec_if
|| sp
->disabled
) {
3224 m
= key_setsadbipsecif(sp
->spidx
.internal_if
, sp
->outgoing_if
, sp
->ipsec_if
, sp
->disabled
);
3235 if ((result
->m_flags
& M_PKTHDR
) == 0)
3238 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3239 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3244 result
->m_pkthdr
.len
= 0;
3245 for (m
= result
; m
; m
= m
->m_next
)
3246 result
->m_pkthdr
.len
+= m
->m_len
;
3248 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3249 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3259 * get PFKEY message length for security policy and request.
3263 struct secpolicy
*sp
)
3267 tlen
= sizeof(struct sadb_x_policy
);
3269 /* if is the policy for ipsec ? */
3270 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
3273 /* get length of ipsec requests */
3275 struct ipsecrequest
*isr
;
3278 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
3279 len
= sizeof(struct sadb_x_ipsecrequest
)
3280 + isr
->saidx
.src
.ss_len
3281 + isr
->saidx
.dst
.ss_len
;
3283 tlen
+= PFKEY_ALIGN8(len
);
3291 * SADB_SPDEXPIRE processing
3293 * <base, address(SD), lifetime(CH), policy>
3297 * others : error number
3301 struct secpolicy
*sp
)
3303 struct mbuf
*result
= NULL
, *m
;
3306 struct sadb_lifetime
*lt
;
3308 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
3312 panic("key_spdexpire: NULL pointer is passed.\n");
3314 /* set msg header */
3315 m
= key_setsadbmsg(SADB_X_SPDEXPIRE
, 0, 0, 0, 0, 0);
3322 /* create lifetime extension (current and hard) */
3323 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
3324 m
= key_alloc_mbuf(len
);
3325 if (!m
|| m
->m_next
) { /*XXX*/
3331 bzero(mtod(m
, caddr_t
), len
);
3332 lt
= mtod(m
, struct sadb_lifetime
*);
3333 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3334 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
3335 lt
->sadb_lifetime_allocations
= 0;
3336 lt
->sadb_lifetime_bytes
= 0;
3337 lt
->sadb_lifetime_addtime
= sp
->created
;
3338 lt
->sadb_lifetime_usetime
= sp
->lastused
;
3339 lt
= (struct sadb_lifetime
*)(void *)(mtod(m
, caddr_t
) + len
/ 2);
3340 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3341 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_HARD
;
3342 lt
->sadb_lifetime_allocations
= 0;
3343 lt
->sadb_lifetime_bytes
= 0;
3344 lt
->sadb_lifetime_addtime
= sp
->lifetime
;
3345 lt
->sadb_lifetime_usetime
= sp
->validtime
;
3348 /* set sadb_address(es) for source */
3349 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
3350 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
3351 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
3352 sp
->spidx
.ul_proto
);
3359 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
3360 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
3361 sp
->spidx
.ul_proto
);
3368 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3369 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
3370 sp
->spidx
.ul_proto
);
3378 /* set sadb_address(es) for dest */
3379 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
3380 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
3381 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
3382 sp
->spidx
.ul_proto
);
3389 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
3390 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
3391 sp
->spidx
.ul_proto
);
3398 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3399 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
3400 sp
->spidx
.ul_proto
);
3416 if ((result
->m_flags
& M_PKTHDR
) == 0) {
3421 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3422 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3423 if (result
== NULL
) {
3429 result
->m_pkthdr
.len
= 0;
3430 for (m
= result
; m
; m
= m
->m_next
)
3431 result
->m_pkthdr
.len
+= m
->m_len
;
3433 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3434 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3436 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
3444 /* %%% SAD management */
3446 * allocating a memory for new SA head, and copy from the values of mhp.
3447 * OUT: NULL : failure due to the lack of memory.
3448 * others : pointer to new SA head.
3450 static struct secashead
*
3451 key_newsah(struct secasindex
*saidx
,
3456 struct secashead
*newsah
;
3460 panic("key_newsaidx: NULL pointer is passed.\n");
3462 newsah
= keydb_newsecashead();
3466 bcopy(saidx
, &newsah
->saidx
, sizeof(newsah
->saidx
));
3468 /* remove the ports */
3469 switch (saidx
->src
.ss_family
) {
3471 ((struct sockaddr_in
*)(&newsah
->saidx
.src
))->sin_port
= IPSEC_PORT_ANY
;
3474 ((struct sockaddr_in6
*)(&newsah
->saidx
.src
))->sin6_port
= IPSEC_PORT_ANY
;
3479 switch (saidx
->dst
.ss_family
) {
3481 ((struct sockaddr_in
*)(&newsah
->saidx
.dst
))->sin_port
= IPSEC_PORT_ANY
;
3484 ((struct sockaddr_in6
*)(&newsah
->saidx
.dst
))->sin6_port
= IPSEC_PORT_ANY
;
3490 newsah
->outgoing_if
= outgoing_if
;
3492 ifnet_reference(ipsec_if
);
3493 newsah
->ipsec_if
= ipsec_if
;
3496 /* add to saidxtree */
3497 newsah
->state
= SADB_SASTATE_MATURE
;
3498 LIST_INSERT_HEAD(&sahtree
, newsah
, chain
);
3499 key_start_timehandler();
3505 * delete SA index and all SA registerd.
3509 struct secashead
*sah
)
3511 struct secasvar
*sav
, *nextsav
;
3512 u_int stateidx
, state
;
3515 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3519 panic("key_delsah: NULL pointer is passed.\n");
3521 /* searching all SA registerd in the secindex. */
3523 stateidx
< _ARRAYLEN(saorder_state_any
);
3526 state
= saorder_state_any
[stateidx
];
3527 for (sav
= (struct secasvar
*)LIST_FIRST(&sah
->savtree
[state
]);
3531 nextsav
= LIST_NEXT(sav
, chain
);
3533 if (sav
->refcnt
> 0) {
3534 /* give up to delete this sa */
3540 KEY_CHKSASTATE(state
, sav
->state
, "key_delsah");
3542 key_freesav(sav
, KEY_SADB_LOCKED
);
3544 /* remove back pointer */
3550 /* don't delete sah only if there are savs. */
3554 ROUTE_RELEASE(&sah
->sa_route
);
3556 if (sah
->ipsec_if
) {
3557 ifnet_release(sah
->ipsec_if
);
3558 sah
->ipsec_if
= NULL
;
3569 /* remove from tree of SA index */
3570 if (__LIST_CHAINED(sah
))
3571 LIST_REMOVE(sah
, chain
);
3579 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3580 * and copy the values of mhp into new buffer.
3581 * When SAD message type is GETSPI:
3582 * to set sequence number from acq_seq++,
3583 * to set zero to SPI.
3584 * not to call key_setsava().
3586 * others : pointer to new secasvar.
3588 * does not modify mbuf. does not free mbuf on error.
3590 static struct secasvar
*
3593 const struct sadb_msghdr
*mhp
,
3594 struct secashead
*sah
,
3598 struct secasvar
*newsav
;
3599 const struct sadb_sa
*xsa
;
3601 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3604 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
|| sah
== NULL
)
3605 panic("key_newsa: NULL pointer is passed.\n");
3607 KMALLOC_NOWAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3608 if (newsav
== NULL
) {
3609 lck_mtx_unlock(sadb_mutex
);
3610 KMALLOC_WAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3611 lck_mtx_lock(sadb_mutex
);
3612 if (newsav
== NULL
) {
3613 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3618 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
3620 switch (mhp
->msg
->sadb_msg_type
) {
3622 key_setspi(newsav
, 0);
3624 #if IPSEC_DOSEQCHECK
3625 /* sync sequence number */
3626 if (mhp
->msg
->sadb_msg_seq
== 0)
3628 (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
3631 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3636 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
3638 ipseclog((LOG_DEBUG
, "key_newsa: invalid message is passed.\n"));
3642 xsa
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
3643 key_setspi(newsav
, xsa
->sadb_sa_spi
);
3644 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3652 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
3653 if (((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_alwaysexpire
)
3654 newsav
->always_expire
= 1;
3655 newsav
->flags2
= ((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_flags
;
3656 if (newsav
->flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
) {
3661 /* copy sav values */
3662 if (mhp
->msg
->sadb_msg_type
!= SADB_GETSPI
) {
3663 *errp
= key_setsaval(newsav
, m
, mhp
);
3669 /* For get SPI, if has a hard lifetime, apply */
3670 const struct sadb_lifetime
*lft0
;
3673 lft0
= (struct sadb_lifetime
*)(void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
3675 /* make lifetime for CURRENT */
3676 KMALLOC_NOWAIT(newsav
->lft_c
, struct sadb_lifetime
*,
3677 sizeof(struct sadb_lifetime
));
3678 if (newsav
->lft_c
== NULL
) {
3679 lck_mtx_unlock(sadb_mutex
);
3680 KMALLOC_WAIT(newsav
->lft_c
, struct sadb_lifetime
*,
3681 sizeof(struct sadb_lifetime
));
3682 lck_mtx_lock(sadb_mutex
);
3683 if (newsav
->lft_c
== NULL
) {
3684 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3693 newsav
->lft_c
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3694 newsav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
3695 newsav
->lft_c
->sadb_lifetime_allocations
= 0;
3696 newsav
->lft_c
->sadb_lifetime_bytes
= 0;
3697 newsav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
3698 newsav
->lft_c
->sadb_lifetime_usetime
= 0;
3700 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
3701 ipseclog((LOG_DEBUG
, "key_newsa: invalid hard lifetime ext len.\n"));
3706 newsav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
, sizeof(*lft0
));
3707 if (newsav
->lft_h
== NULL
) {
3708 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3720 newsav
->created
= tv
.tv_sec
;
3723 newsav
->pid
= mhp
->msg
->sadb_msg_pid
;
3728 newsav
->state
= SADB_SASTATE_LARVAL
;
3729 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
3737 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3738 * and copy the values passed into new buffer.
3739 * When SAD message type is GETSPI:
3740 * to set sequence number from acq_seq++,
3741 * to set zero to SPI.
3742 * not to call key_setsava().
3744 * others : pointer to new secasvar.
3747 key_newsav2(struct secashead
*sah
,
3753 struct sadb_key
*key_auth
,
3754 u_int16_t key_auth_len
,
3755 struct sadb_key
*key_enc
,
3756 u_int16_t key_enc_len
,
3757 u_int16_t natt_port
,
3761 struct sadb_lifetime
*lifetime_hard
,
3762 struct sadb_lifetime
*lifetime_soft
)
3764 struct secasvar
*newsav
;
3766 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3770 panic("key_newsa: NULL pointer is passed.\n");
3772 KMALLOC_NOWAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3773 if (newsav
== NULL
) {
3774 lck_mtx_unlock(sadb_mutex
);
3775 KMALLOC_WAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3776 lck_mtx_lock(sadb_mutex
);
3777 if (newsav
== NULL
) {
3778 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3782 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
3784 #if IPSEC_DOSEQCHECK
3785 /* sync sequence number */
3787 newsav
->seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
3791 key_setspi(newsav
, spi
);
3793 if (key_setsaval2(newsav
,
3817 newsav
->created
= tv
.tv_sec
;
3825 if (spi
&& key_auth
&& key_auth_len
&& key_enc
&& key_enc_len
) {
3826 newsav
->state
= SADB_SASTATE_MATURE
;
3827 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_MATURE
], newsav
,
3830 newsav
->state
= SADB_SASTATE_LARVAL
;
3831 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
3840 key_migratesav(struct secasvar
*sav
,
3841 struct secashead
*newsah
)
3843 if (sav
== NULL
|| newsah
== NULL
|| sav
->state
!= SADB_SASTATE_MATURE
) {
3847 /* remove from SA header */
3848 if (__LIST_CHAINED(sav
))
3849 LIST_REMOVE(sav
, chain
);
3852 LIST_INSERT_TAIL(&newsah
->savtree
[SADB_SASTATE_MATURE
], sav
, secasvar
, chain
);
3857 * free() SA variable entry.
3861 struct secasvar
*sav
)
3864 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3868 panic("key_delsav: NULL pointer is passed.\n");
3870 if (sav
->refcnt
> 0)
3871 return; /* can't free */
3873 /* remove from SA header */
3874 if (__LIST_CHAINED(sav
))
3875 LIST_REMOVE(sav
, chain
);
3878 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
3879 LIST_REMOVE(sav
, spihash
);
3881 if (sav
->key_auth
!= NULL
) {
3882 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
3883 KFREE(sav
->key_auth
);
3884 sav
->key_auth
= NULL
;
3886 if (sav
->key_enc
!= NULL
) {
3887 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
3888 KFREE(sav
->key_enc
);
3889 sav
->key_enc
= NULL
;
3892 bzero(sav
->sched
, sav
->schedlen
);
3896 if (sav
->replay
!= NULL
) {
3897 keydb_delsecreplay(sav
->replay
);
3900 if (sav
->lft_c
!= NULL
) {
3904 if (sav
->lft_h
!= NULL
) {
3908 if (sav
->lft_s
!= NULL
) {
3912 if (sav
->iv
!= NULL
) {
3926 * others : found, pointer to a SA.
3928 static struct secashead
*
3929 key_getsah(struct secasindex
*saidx
)
3931 struct secashead
*sah
;
3933 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3935 LIST_FOREACH(sah
, &sahtree
, chain
) {
3936 if (sah
->state
== SADB_SASTATE_DEAD
)
3938 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_REQID
))
3946 key_newsah2 (struct secasindex
*saidx
,
3949 struct secashead
*sah
;
3951 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3953 sah
= key_getsah(saidx
);
3955 return(key_newsah(saidx
, NULL
, 0, dir
));
3961 * check not to be duplicated SPI.
3962 * NOTE: this function is too slow due to searching all SAD.
3965 * others : found, pointer to a SA.
3967 static struct secasvar
*
3969 struct secasindex
*saidx
,
3972 struct secasvar
*sav
;
3973 u_int stateidx
, state
;
3975 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3977 /* check address family */
3978 if (saidx
->src
.ss_family
!= saidx
->dst
.ss_family
) {
3979 ipseclog((LOG_DEBUG
, "key_checkspidup: address family mismatched.\n"));
3984 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
3985 if (sav
->spi
!= spi
)
3988 stateidx
< _ARRAYLEN(saorder_state_alive
);
3990 state
= saorder_state_alive
[stateidx
];
3991 if (sav
->state
== state
&&
3992 key_ismyaddr((struct sockaddr
*)&sav
->sah
->saidx
.dst
))
4002 struct secasvar
*sav
,
4005 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4007 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
4008 LIST_REMOVE(sav
, spihash
);
4009 LIST_INSERT_HEAD(&spihash
[SPIHASH(spi
)], sav
, spihash
);
4014 * search SAD litmited alive SA, protocol, SPI.
4017 * others : found, pointer to a SA.
4019 static struct secasvar
*
4021 struct secashead
*sah
,
4024 struct secasvar
*sav
, *match
;
4025 u_int stateidx
, state
, matchidx
;
4027 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4029 matchidx
= _ARRAYLEN(saorder_state_alive
);
4030 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
4031 if (sav
->spi
!= spi
)
4033 if (sav
->sah
!= sah
)
4035 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
4036 state
= saorder_state_alive
[stateidx
];
4037 if (sav
->state
== state
) {
4039 matchidx
= stateidx
;
4049 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4050 * You must update these if need.
4054 * does not modify mbuf. does not free mbuf on error.
4058 struct secasvar
*sav
,
4060 const struct sadb_msghdr
*mhp
)
4063 const struct esp_algorithm
*algo
;
4068 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4071 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4072 panic("key_setsaval: NULL pointer is passed.\n");
4074 /* initialization */
4076 sav
->key_auth
= NULL
;
4077 sav
->key_enc
= NULL
;
4084 sav
->remote_ike_port
= 0;
4085 sav
->natt_last_activity
= natt_now
;
4086 sav
->natt_encapsulated_src_port
= 0;
4089 if (mhp
->ext
[SADB_EXT_SA
] != NULL
) {
4090 const struct sadb_sa
*sa0
;
4092 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
4093 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(*sa0
)) {
4094 ipseclog((LOG_DEBUG
, "key_setsaval: invalid message size.\n"));
4099 sav
->alg_auth
= sa0
->sadb_sa_auth
;
4100 sav
->alg_enc
= sa0
->sadb_sa_encrypt
;
4101 sav
->flags
= sa0
->sadb_sa_flags
;
4104 * Verify that a nat-traversal port was specified if
4105 * the nat-traversal flag is set.
4107 if ((sav
->flags
& SADB_X_EXT_NATT
) != 0) {
4108 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa_2
) ||
4109 ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
== 0) {
4110 ipseclog((LOG_DEBUG
, "key_setsaval: natt port not set.\n"));
4114 sav
->remote_ike_port
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
;
4115 sav
->natt_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_interval
;
4116 sav
->natt_offload_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_offload_interval
;
4120 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4121 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4122 * set (we're not behind nat) - otherwise clear it.
4124 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
4125 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
4126 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
4127 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
4130 if ((sa0
->sadb_sa_flags
& SADB_X_EXT_OLD
) == 0) {
4131 sav
->replay
= keydb_newsecreplay(sa0
->sadb_sa_replay
);
4132 if (sav
->replay
== NULL
) {
4133 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4140 /* Authentication keys */
4141 if (mhp
->ext
[SADB_EXT_KEY_AUTH
] != NULL
) {
4142 const struct sadb_key
*key0
;
4145 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_AUTH
];
4146 len
= mhp
->extlen
[SADB_EXT_KEY_AUTH
];
4149 if (len
< sizeof(*key0
)) {
4150 ipseclog((LOG_DEBUG
, "key_setsaval: invalid auth key ext len. len = %d\n", len
));
4154 switch (mhp
->msg
->sadb_msg_satype
) {
4155 case SADB_SATYPE_AH
:
4156 case SADB_SATYPE_ESP
:
4157 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
4158 sav
->alg_auth
!= SADB_X_AALG_NULL
)
4161 case SADB_X_SATYPE_IPCOMP
:
4167 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_auth values.\n"));
4171 sav
->key_auth
= (struct sadb_key
*)key_newbuf(key0
, len
);
4172 if (sav
->key_auth
== NULL
) {
4173 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4179 /* Encryption key */
4180 if (mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] != NULL
) {
4181 const struct sadb_key
*key0
;
4184 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_ENCRYPT
];
4185 len
= mhp
->extlen
[SADB_EXT_KEY_ENCRYPT
];
4188 if (len
< sizeof(*key0
)) {
4189 ipseclog((LOG_DEBUG
, "key_setsaval: invalid encryption key ext len. len = %d\n", len
));
4193 switch (mhp
->msg
->sadb_msg_satype
) {
4194 case SADB_SATYPE_ESP
:
4195 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
4196 sav
->alg_enc
!= SADB_EALG_NULL
) {
4197 ipseclog((LOG_DEBUG
, "key_setsaval: invalid ESP algorithm.\n"));
4201 sav
->key_enc
= (struct sadb_key
*)key_newbuf(key0
, len
);
4202 if (sav
->key_enc
== NULL
) {
4203 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4208 case SADB_X_SATYPE_IPCOMP
:
4209 if (len
!= PFKEY_ALIGN8(sizeof(struct sadb_key
)))
4211 sav
->key_enc
= NULL
; /*just in case*/
4213 case SADB_SATYPE_AH
:
4219 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_enc value.\n"));
4227 switch (mhp
->msg
->sadb_msg_satype
) {
4228 case SADB_SATYPE_ESP
:
4230 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4231 if (algo
&& algo
->ivlen
)
4232 sav
->ivlen
= (*algo
->ivlen
)(algo
, sav
);
4233 if (sav
->ivlen
== 0)
4235 KMALLOC_NOWAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4237 lck_mtx_unlock(sadb_mutex
);
4238 KMALLOC_WAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4239 lck_mtx_lock(sadb_mutex
);
4241 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4248 if (sav
->alg_enc
== SADB_X_EALG_AES_GCM
) {
4249 bzero(sav
->iv
, sav
->ivlen
);
4251 key_randomfill(sav
->iv
, sav
->ivlen
);
4255 case SADB_SATYPE_AH
:
4256 case SADB_X_SATYPE_IPCOMP
:
4259 ipseclog((LOG_DEBUG
, "key_setsaval: invalid SA type.\n"));
4266 sav
->created
= tv
.tv_sec
;
4268 /* make lifetime for CURRENT */
4269 KMALLOC_NOWAIT(sav
->lft_c
, struct sadb_lifetime
*,
4270 sizeof(struct sadb_lifetime
));
4271 if (sav
->lft_c
== NULL
) {
4272 lck_mtx_unlock(sadb_mutex
);
4273 KMALLOC_WAIT(sav
->lft_c
, struct sadb_lifetime
*,
4274 sizeof(struct sadb_lifetime
));
4275 lck_mtx_lock(sadb_mutex
);
4276 if (sav
->lft_c
== NULL
) {
4277 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4285 sav
->lft_c
->sadb_lifetime_len
=
4286 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
4287 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
4288 sav
->lft_c
->sadb_lifetime_allocations
= 0;
4289 sav
->lft_c
->sadb_lifetime_bytes
= 0;
4290 sav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
4291 sav
->lft_c
->sadb_lifetime_usetime
= 0;
4293 /* lifetimes for HARD and SOFT */
4295 const struct sadb_lifetime
*lft0
;
4297 lft0
= (struct sadb_lifetime
*)
4298 (void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
4300 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
4301 ipseclog((LOG_DEBUG
, "key_setsaval: invalid hard lifetime ext len.\n"));
4305 sav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
,
4307 if (sav
->lft_h
== NULL
) {
4308 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4312 /* to be initialize ? */
4315 lft0
= (struct sadb_lifetime
*)
4316 (void *)mhp
->ext
[SADB_EXT_LIFETIME_SOFT
];
4318 if (mhp
->extlen
[SADB_EXT_LIFETIME_SOFT
] < sizeof(*lft0
)) {
4319 ipseclog((LOG_DEBUG
, "key_setsaval: invalid soft lifetime ext len.\n"));
4323 sav
->lft_s
= (struct sadb_lifetime
*)key_newbuf(lft0
,
4325 if (sav
->lft_s
== NULL
) {
4326 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4330 /* to be initialize ? */
4337 /* initialization */
4338 if (sav
->replay
!= NULL
) {
4339 keydb_delsecreplay(sav
->replay
);
4342 if (sav
->key_auth
!= NULL
) {
4343 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
4344 KFREE(sav
->key_auth
);
4345 sav
->key_auth
= NULL
;
4347 if (sav
->key_enc
!= NULL
) {
4348 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
4349 KFREE(sav
->key_enc
);
4350 sav
->key_enc
= NULL
;
4353 bzero(sav
->sched
, sav
->schedlen
);
4357 if (sav
->iv
!= NULL
) {
4361 if (sav
->lft_c
!= NULL
) {
4365 if (sav
->lft_h
!= NULL
) {
4369 if (sav
->lft_s
!= NULL
) {
4378 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4379 * You must update these if need.
4383 * does not modify mbuf. does not free mbuf on error.
4386 key_setsaval2(struct secasvar
*sav
,
4392 struct sadb_key
*key_auth
,
4393 u_int16_t key_auth_len
,
4394 struct sadb_key
*key_enc
,
4395 u_int16_t key_enc_len
,
4396 u_int16_t natt_port
,
4400 struct sadb_lifetime
*lifetime_hard
,
4401 struct sadb_lifetime
*lifetime_soft
)
4404 const struct esp_algorithm
*algo
;
4409 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4411 /* initialization */
4413 sav
->key_auth
= NULL
;
4414 sav
->key_enc
= NULL
;
4421 sav
->remote_ike_port
= 0;
4422 sav
->natt_last_activity
= natt_now
;
4423 sav
->natt_encapsulated_src_port
= 0;
4425 sav
->alg_auth
= alg_auth
;
4426 sav
->alg_enc
= alg_enc
;
4430 key_setspi(sav
, htonl(spi
));
4433 * Verify that a nat-traversal port was specified if
4434 * the nat-traversal flag is set.
4436 if ((sav
->flags
& SADB_X_EXT_NATT
) != 0) {
4437 if (natt_port
== 0) {
4438 ipseclog((LOG_DEBUG
, "key_setsaval2: natt port not set.\n"));
4442 sav
->remote_ike_port
= natt_port
;
4446 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4447 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4448 * set (we're not behind nat) - otherwise clear it.
4450 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
4451 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
4452 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
4453 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
4456 if ((flags
& SADB_X_EXT_OLD
) == 0) {
4457 sav
->replay
= keydb_newsecreplay(replay
);
4458 if (sav
->replay
== NULL
) {
4459 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4465 /* Authentication keys */
4466 sav
->key_auth
= (__typeof__(sav
->key_auth
))key_newbuf(key_auth
, key_auth_len
);
4467 if (sav
->key_auth
== NULL
) {
4468 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4473 /* Encryption key */
4474 sav
->key_enc
= (__typeof__(sav
->key_enc
))key_newbuf(key_enc
, key_enc_len
);
4475 if (sav
->key_enc
== NULL
) {
4476 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4484 if (satype
== SADB_SATYPE_ESP
) {
4486 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4487 if (algo
&& algo
->ivlen
)
4488 sav
->ivlen
= (*algo
->ivlen
)(algo
, sav
);
4489 if (sav
->ivlen
!= 0) {
4490 KMALLOC_NOWAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4492 lck_mtx_unlock(sadb_mutex
);
4493 KMALLOC_WAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4494 lck_mtx_lock(sadb_mutex
);
4496 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4502 if (sav
->alg_enc
== SADB_X_EALG_AES_GCM
) {
4503 bzero(sav
->iv
, sav
->ivlen
);
4505 key_randomfill(sav
->iv
, sav
->ivlen
);
4513 sav
->created
= tv
.tv_sec
;
4515 /* make lifetime for CURRENT */
4516 KMALLOC_NOWAIT(sav
->lft_c
, struct sadb_lifetime
*,
4517 sizeof(struct sadb_lifetime
));
4518 if (sav
->lft_c
== NULL
) {
4519 lck_mtx_unlock(sadb_mutex
);
4520 KMALLOC_WAIT(sav
->lft_c
, struct sadb_lifetime
*,
4521 sizeof(struct sadb_lifetime
));
4522 lck_mtx_lock(sadb_mutex
);
4523 if (sav
->lft_c
== NULL
) {
4524 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4532 sav
->lft_c
->sadb_lifetime_len
=
4533 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
4534 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
4535 sav
->lft_c
->sadb_lifetime_allocations
= 0;
4536 sav
->lft_c
->sadb_lifetime_bytes
= 0;
4537 sav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
4538 sav
->lft_c
->sadb_lifetime_usetime
= 0;
4540 /* lifetimes for HARD and SOFT */
4541 sav
->lft_h
= (__typeof__(sav
->lft_h
))key_newbuf(lifetime_hard
,
4542 sizeof(*lifetime_hard
));
4543 if (sav
->lft_h
== NULL
) {
4544 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4548 sav
->lft_s
= (__typeof__(sav
->lft_s
))key_newbuf(lifetime_soft
,
4549 sizeof(*lifetime_soft
));
4550 if (sav
->lft_s
== NULL
) {
4551 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4559 /* initialization */
4560 if (sav
->replay
!= NULL
) {
4561 keydb_delsecreplay(sav
->replay
);
4564 if (sav
->key_auth
!= NULL
) {
4565 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
4566 KFREE(sav
->key_auth
);
4567 sav
->key_auth
= NULL
;
4569 if (sav
->key_enc
!= NULL
) {
4570 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
4571 KFREE(sav
->key_enc
);
4572 sav
->key_enc
= NULL
;
4575 bzero(sav
->sched
, sav
->schedlen
);
4579 if (sav
->iv
!= NULL
) {
4583 if (sav
->lft_c
!= NULL
) {
4587 if (sav
->lft_h
!= NULL
) {
4591 if (sav
->lft_s
!= NULL
) {
4600 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
4606 struct secasvar
*sav
)
4609 int checkmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4610 int mustmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4614 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4616 /* check SPI value */
4617 switch (sav
->sah
->saidx
.proto
) {
4621 /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
4622 if (ntohl(sav
->spi
) <= 255) {
4623 ipseclog((LOG_DEBUG
,
4624 "key_mature: illegal range of SPI %u.\n",
4625 (u_int32_t
)ntohl(sav
->spi
)));
4632 switch (sav
->sah
->saidx
.proto
) {
4635 if ((sav
->flags
& SADB_X_EXT_OLD
)
4636 && (sav
->flags
& SADB_X_EXT_DERIV
)) {
4637 ipseclog((LOG_DEBUG
, "key_mature: "
4638 "invalid flag (derived) given to old-esp.\n"));
4641 if (sav
->alg_auth
== SADB_AALG_NONE
)
4649 if (sav
->flags
& SADB_X_EXT_DERIV
) {
4650 ipseclog((LOG_DEBUG
, "key_mature: "
4651 "invalid flag (derived) given to AH SA.\n"));
4654 if (sav
->alg_enc
!= SADB_EALG_NONE
) {
4655 ipseclog((LOG_DEBUG
, "key_mature: "
4656 "protocol and algorithm mismated.\n"));
4662 case IPPROTO_IPCOMP
:
4663 if (sav
->alg_auth
!= SADB_AALG_NONE
) {
4664 ipseclog((LOG_DEBUG
, "key_mature: "
4665 "protocol and algorithm mismated.\n"));
4668 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0
4669 && ntohl(sav
->spi
) >= 0x10000) {
4670 ipseclog((LOG_DEBUG
, "key_mature: invalid cpi for IPComp.\n"));
4677 ipseclog((LOG_DEBUG
, "key_mature: Invalid satype.\n"));
4678 return EPROTONOSUPPORT
;
4681 /* check authentication algorithm */
4682 if ((checkmask
& 2) != 0) {
4683 const struct ah_algorithm
*algo
;
4686 algo
= ah_algorithm_lookup(sav
->alg_auth
);
4688 ipseclog((LOG_DEBUG
,"key_mature: "
4689 "unknown authentication algorithm.\n"));
4693 /* algorithm-dependent check */
4695 keylen
= sav
->key_auth
->sadb_key_bits
;
4698 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
4699 ipseclog((LOG_DEBUG
,
4700 "key_mature: invalid AH key length %d "
4701 "(%d-%d allowed)\n",
4702 keylen
, algo
->keymin
, algo
->keymax
));
4707 if ((*algo
->mature
)(sav
)) {
4708 /* message generated in per-algorithm function*/
4711 mature
= SADB_SATYPE_AH
;
4714 if ((mustmask
& 2) != 0 && mature
!= SADB_SATYPE_AH
) {
4715 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for AH\n"));
4720 /* check encryption algorithm */
4721 if ((checkmask
& 1) != 0) {
4723 const struct esp_algorithm
*algo
;
4726 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4728 ipseclog((LOG_DEBUG
, "key_mature: unknown encryption algorithm.\n"));
4732 /* algorithm-dependent check */
4734 keylen
= sav
->key_enc
->sadb_key_bits
;
4737 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
4738 ipseclog((LOG_DEBUG
,
4739 "key_mature: invalid ESP key length %d "
4740 "(%d-%d allowed)\n",
4741 keylen
, algo
->keymin
, algo
->keymax
));
4746 if ((*algo
->mature
)(sav
)) {
4747 /* message generated in per-algorithm function*/
4750 mature
= SADB_SATYPE_ESP
;
4753 if ((mustmask
& 1) != 0 && mature
!= SADB_SATYPE_ESP
) {
4754 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for ESP\n"));
4758 ipseclog((LOG_DEBUG
, "key_mature: ESP not supported in this configuration\n"));
4763 /* check compression algorithm */
4764 if ((checkmask
& 4) != 0) {
4765 const struct ipcomp_algorithm
*algo
;
4767 /* algorithm-dependent check */
4768 algo
= ipcomp_algorithm_lookup(sav
->alg_enc
);
4770 ipseclog((LOG_DEBUG
, "key_mature: unknown compression algorithm.\n"));
4775 key_sa_chgstate(sav
, SADB_SASTATE_MATURE
);
4781 * subroutine for SADB_GET and SADB_DUMP.
4783 static struct mbuf
*
4785 struct secasvar
*sav
,
4791 struct mbuf
*result
= NULL
, *tres
= NULL
, *m
;
4796 SADB_EXT_SA
, SADB_X_EXT_SA2
,
4797 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
4798 SADB_EXT_LIFETIME_CURRENT
, SADB_EXT_ADDRESS_SRC
,
4799 SADB_EXT_ADDRESS_DST
, SADB_EXT_ADDRESS_PROXY
, SADB_EXT_KEY_AUTH
,
4800 SADB_EXT_KEY_ENCRYPT
, SADB_EXT_IDENTITY_SRC
,
4801 SADB_EXT_IDENTITY_DST
, SADB_EXT_SENSITIVITY
,
4804 m
= key_setsadbmsg(type
, 0, satype
, seq
, pid
, sav
->refcnt
);
4809 for (i
= sizeof(dumporder
)/sizeof(dumporder
[0]) - 1; i
>= 0; i
--) {
4812 switch (dumporder
[i
]) {
4814 m
= key_setsadbsa(sav
);
4819 case SADB_X_EXT_SA2
:
4820 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
4821 sav
->replay
? sav
->replay
->count
: 0,
4822 sav
->sah
->saidx
.reqid
,
4828 case SADB_EXT_ADDRESS_SRC
:
4829 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
4830 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
4831 FULLMASK
, IPSEC_ULPROTO_ANY
);
4836 case SADB_EXT_ADDRESS_DST
:
4837 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
4838 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
4839 FULLMASK
, IPSEC_ULPROTO_ANY
);
4844 case SADB_EXT_KEY_AUTH
:
4847 l
= PFKEY_UNUNIT64(sav
->key_auth
->sadb_key_len
);
4851 case SADB_EXT_KEY_ENCRYPT
:
4854 l
= PFKEY_UNUNIT64(sav
->key_enc
->sadb_key_len
);
4858 case SADB_EXT_LIFETIME_CURRENT
:
4861 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_c
)->sadb_ext_len
);
4865 case SADB_EXT_LIFETIME_HARD
:
4868 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_h
)->sadb_ext_len
);
4872 case SADB_EXT_LIFETIME_SOFT
:
4875 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_s
)->sadb_ext_len
);
4879 case SADB_EXT_ADDRESS_PROXY
:
4880 case SADB_EXT_IDENTITY_SRC
:
4881 case SADB_EXT_IDENTITY_DST
:
4882 /* XXX: should we brought from SPD ? */
4883 case SADB_EXT_SENSITIVITY
:
4888 if ((!m
&& !p
) || (m
&& p
))
4891 M_PREPEND(tres
, l
, M_WAITOK
, 1);
4894 bcopy(p
, mtod(tres
, caddr_t
), l
);
4898 m
= key_alloc_mbuf(l
);
4901 m_copyback(m
, 0, l
, p
);
4909 m_cat(result
, tres
);
4911 if (sav
->sah
&& (sav
->sah
->outgoing_if
|| sav
->sah
->ipsec_if
)) {
4912 m
= key_setsadbipsecif(NULL
, ifindex2ifnet
[sav
->sah
->outgoing_if
], sav
->sah
->ipsec_if
, 0);
4918 if (result
->m_len
< sizeof(struct sadb_msg
)) {
4919 result
= m_pullup(result
, sizeof(struct sadb_msg
));
4924 result
->m_pkthdr
.len
= 0;
4925 for (m
= result
; m
; m
= m
->m_next
)
4926 result
->m_pkthdr
.len
+= m
->m_len
;
4928 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
4929 PFKEY_UNIT64(result
->m_pkthdr
.len
);
4940 * set data into sadb_msg.
4942 static struct mbuf
*
4955 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
4958 MGETHDR(m
, M_DONTWAIT
, MT_DATA
);
4959 if (m
&& len
> MHLEN
) {
4960 MCLGET(m
, M_DONTWAIT
);
4961 if ((m
->m_flags
& M_EXT
) == 0) {
4968 m
->m_pkthdr
.len
= m
->m_len
= len
;
4971 p
= mtod(m
, struct sadb_msg
*);
4974 p
->sadb_msg_version
= PF_KEY_V2
;
4975 p
->sadb_msg_type
= type
;
4976 p
->sadb_msg_errno
= 0;
4977 p
->sadb_msg_satype
= satype
;
4978 p
->sadb_msg_len
= PFKEY_UNIT64(tlen
);
4979 p
->sadb_msg_reserved
= reserved
;
4980 p
->sadb_msg_seq
= seq
;
4981 p
->sadb_msg_pid
= (u_int32_t
)pid
;
4987 * copy secasvar data into sadb_address.
4989 static struct mbuf
*
4991 struct secasvar
*sav
)
4997 len
= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4998 m
= key_alloc_mbuf(len
);
4999 if (!m
|| m
->m_next
) { /*XXX*/
5005 p
= mtod(m
, struct sadb_sa
*);
5008 p
->sadb_sa_len
= PFKEY_UNIT64(len
);
5009 p
->sadb_sa_exttype
= SADB_EXT_SA
;
5010 p
->sadb_sa_spi
= sav
->spi
;
5011 p
->sadb_sa_replay
= (sav
->replay
!= NULL
? sav
->replay
->wsize
: 0);
5012 p
->sadb_sa_state
= sav
->state
;
5013 p
->sadb_sa_auth
= sav
->alg_auth
;
5014 p
->sadb_sa_encrypt
= sav
->alg_enc
;
5015 p
->sadb_sa_flags
= sav
->flags
;
5021 * set data into sadb_address.
5023 static struct mbuf
*
5026 struct sockaddr
*saddr
,
5031 struct sadb_address
*p
;
5034 len
= PFKEY_ALIGN8(sizeof(struct sadb_address
)) +
5035 PFKEY_ALIGN8(saddr
->sa_len
);
5036 m
= key_alloc_mbuf(len
);
5037 if (!m
|| m
->m_next
) { /*XXX*/
5043 p
= mtod(m
, struct sadb_address
*);
5046 p
->sadb_address_len
= PFKEY_UNIT64(len
);
5047 p
->sadb_address_exttype
= exttype
;
5048 p
->sadb_address_proto
= ul_proto
;
5049 if (prefixlen
== FULLMASK
) {
5050 switch (saddr
->sa_family
) {
5052 prefixlen
= sizeof(struct in_addr
) << 3;
5055 prefixlen
= sizeof(struct in6_addr
) << 3;
5061 p
->sadb_address_prefixlen
= prefixlen
;
5062 p
->sadb_address_reserved
= 0;
5065 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_address
)),
5071 static struct mbuf
*
5072 key_setsadbipsecif(ifnet_t internal_if
,
5073 ifnet_t outgoing_if
,
5078 struct sadb_x_ipsecif
*p
;
5081 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_ipsecif
));
5082 m
= key_alloc_mbuf(len
);
5083 if (!m
|| m
->m_next
) { /*XXX*/
5089 p
= mtod(m
, struct sadb_x_ipsecif
*);
5092 p
->sadb_x_ipsecif_len
= PFKEY_UNIT64(len
);
5093 p
->sadb_x_ipsecif_exttype
= SADB_X_EXT_IPSECIF
;
5095 if (internal_if
&& internal_if
->if_xname
)
5096 strlcpy(p
->sadb_x_ipsecif_internal_if
, internal_if
->if_xname
, IFXNAMSIZ
);
5097 if (outgoing_if
&& outgoing_if
->if_xname
)
5098 strlcpy(p
->sadb_x_ipsecif_outgoing_if
, outgoing_if
->if_xname
, IFXNAMSIZ
);
5099 if (ipsec_if
&& ipsec_if
->if_xname
)
5100 strlcpy(p
->sadb_x_ipsecif_ipsec_if
, ipsec_if
->if_xname
, IFXNAMSIZ
);
5102 p
->sadb_x_ipsecif_init_disabled
= init_disabled
;
5108 * set data into sadb_session_id
5110 static struct mbuf
*
5111 key_setsadbsession_id (u_int64_t session_ids
[])
5114 struct sadb_session_id
*p
;
5117 len
= PFKEY_ALIGN8(sizeof(*p
));
5118 m
= key_alloc_mbuf(len
);
5119 if (!m
|| m
->m_next
) { /*XXX*/
5125 p
= mtod(m
, __typeof__(p
));
5128 p
->sadb_session_id_len
= PFKEY_UNIT64(len
);
5129 p
->sadb_session_id_exttype
= SADB_EXT_SESSION_ID
;
5130 p
->sadb_session_id_v
[0] = session_ids
[0];
5131 p
->sadb_session_id_v
[1] = session_ids
[1];
5137 * copy stats data into sadb_sastat type.
5139 static struct mbuf
*
5140 key_setsadbsastat (u_int32_t dir
,
5141 struct sastat
*stats
,
5142 u_int32_t max_stats
)
5145 struct sadb_sastat
*p
;
5152 list_len
= sizeof(*stats
) * max_stats
;
5153 len
= PFKEY_ALIGN8(sizeof(*p
)) + PFKEY_ALIGN8(list_len
);
5154 m
= key_alloc_mbuf(len
);
5155 if (!m
|| m
->m_next
) { /*XXX*/
5161 p
= mtod(m
, __typeof__(p
));
5164 p
->sadb_sastat_len
= PFKEY_UNIT64(len
);
5165 p
->sadb_sastat_exttype
= SADB_EXT_SASTAT
;
5166 p
->sadb_sastat_dir
= dir
;
5167 p
->sadb_sastat_list_len
= max_stats
;
5170 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(*p
)),
5179 * set data into sadb_ident.
5181 static struct mbuf
*
5190 struct sadb_ident
*p
;
5193 len
= PFKEY_ALIGN8(sizeof(struct sadb_ident
)) + PFKEY_ALIGN8(stringlen
);
5194 m
= key_alloc_mbuf(len
);
5195 if (!m
|| m
->m_next
) { /*XXX*/
5201 p
= mtod(m
, struct sadb_ident
*);
5204 p
->sadb_ident_len
= PFKEY_UNIT64(len
);
5205 p
->sadb_ident_exttype
= exttype
;
5206 p
->sadb_ident_type
= idtype
;
5207 p
->sadb_ident_reserved
= 0;
5208 p
->sadb_ident_id
= id
;
5211 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_ident
)),
5219 * set data into sadb_x_sa2.
5221 static struct mbuf
*
5229 struct sadb_x_sa2
*p
;
5232 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_sa2
));
5233 m
= key_alloc_mbuf(len
);
5234 if (!m
|| m
->m_next
) { /*XXX*/
5240 p
= mtod(m
, struct sadb_x_sa2
*);
5243 p
->sadb_x_sa2_len
= PFKEY_UNIT64(len
);
5244 p
->sadb_x_sa2_exttype
= SADB_X_EXT_SA2
;
5245 p
->sadb_x_sa2_mode
= mode
;
5246 p
->sadb_x_sa2_reserved1
= 0;
5247 p
->sadb_x_sa2_reserved2
= 0;
5248 p
->sadb_x_sa2_sequence
= seq
;
5249 p
->sadb_x_sa2_reqid
= reqid
;
5250 p
->sadb_x_sa2_flags
= flags
;
5256 * set data into sadb_x_policy
5258 static struct mbuf
*
5265 struct sadb_x_policy
*p
;
5268 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_policy
));
5269 m
= key_alloc_mbuf(len
);
5270 if (!m
|| m
->m_next
) { /*XXX*/
5276 p
= mtod(m
, struct sadb_x_policy
*);
5279 p
->sadb_x_policy_len
= PFKEY_UNIT64(len
);
5280 p
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
5281 p
->sadb_x_policy_type
= type
;
5282 p
->sadb_x_policy_dir
= dir
;
5283 p
->sadb_x_policy_id
= id
;
5290 * copy a buffer into the new buffer allocated.
5299 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
5300 KMALLOC_NOWAIT(new, caddr_t
, len
);
5302 lck_mtx_unlock(sadb_mutex
);
5303 KMALLOC_WAIT(new, caddr_t
, len
);
5304 lck_mtx_lock(sadb_mutex
);
5306 ipseclog((LOG_DEBUG
, "key_newbuf: No more memory.\n"));
5310 bcopy(src
, new, len
);
5315 /* compare my own address
5316 * OUT: 1: true, i.e. my address.
5321 struct sockaddr
*sa
)
5324 struct sockaddr_in
*sin
;
5325 struct in_ifaddr
*ia
;
5330 panic("key_ismyaddr: NULL pointer is passed.\n");
5332 switch (sa
->sa_family
) {
5335 lck_rw_lock_shared(in_ifaddr_rwlock
);
5336 sin
= (struct sockaddr_in
*)(void *)sa
;
5337 for (ia
= in_ifaddrhead
.tqh_first
; ia
;
5338 ia
= ia
->ia_link
.tqe_next
) {
5339 IFA_LOCK_SPIN(&ia
->ia_ifa
);
5340 if (sin
->sin_family
== ia
->ia_addr
.sin_family
&&
5341 sin
->sin_len
== ia
->ia_addr
.sin_len
&&
5342 sin
->sin_addr
.s_addr
== ia
->ia_addr
.sin_addr
.s_addr
)
5344 IFA_UNLOCK(&ia
->ia_ifa
);
5345 lck_rw_done(in_ifaddr_rwlock
);
5348 IFA_UNLOCK(&ia
->ia_ifa
);
5350 lck_rw_done(in_ifaddr_rwlock
);
5355 return key_ismyaddr6((struct sockaddr_in6
*)(void *)sa
);
5364 * compare my own address for IPv6.
5367 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
5369 #include <netinet6/in6_var.h>
5373 struct sockaddr_in6
*sin6
)
5375 struct in6_ifaddr
*ia
;
5376 struct in6_multi
*in6m
;
5378 lck_rw_lock_shared(&in6_ifaddr_rwlock
);
5379 for (ia
= in6_ifaddrs
; ia
; ia
= ia
->ia_next
) {
5380 IFA_LOCK(&ia
->ia_ifa
);
5381 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
5382 (struct sockaddr
*)&ia
->ia_addr
, 0) == 0) {
5383 IFA_UNLOCK(&ia
->ia_ifa
);
5384 lck_rw_done(&in6_ifaddr_rwlock
);
5387 IFA_UNLOCK(&ia
->ia_ifa
);
5391 * XXX why do we care about multlicast here while we don't care
5392 * about IPv4 multicast??
5396 in6_multihead_lock_shared();
5397 IN6_LOOKUP_MULTI(&sin6
->sin6_addr
, ia
->ia_ifp
, in6m
);
5398 in6_multihead_lock_done();
5400 lck_rw_done(&in6_ifaddr_rwlock
);
5405 lck_rw_done(&in6_ifaddr_rwlock
);
5407 /* loopback, just for safety */
5408 if (IN6_IS_ADDR_LOOPBACK(&sin6
->sin6_addr
))
5416 * compare two secasindex structure.
5417 * flag can specify to compare 2 saidxes.
5418 * compare two secasindex structure without both mode and reqid.
5419 * don't compare port.
5421 * saidx0: source, it can be in SAD.
5429 struct secasindex
*saidx0
,
5430 struct secasindex
*saidx1
,
5434 if (saidx0
== NULL
&& saidx1
== NULL
)
5437 if (saidx0
== NULL
|| saidx1
== NULL
)
5440 if (saidx0
->ipsec_ifindex
!= 0 && saidx0
->ipsec_ifindex
!= saidx1
->ipsec_ifindex
)
5443 if (saidx0
->proto
!= saidx1
->proto
)
5446 if (flag
== CMP_EXACTLY
) {
5447 if (saidx0
->mode
!= saidx1
->mode
)
5449 if (saidx0
->reqid
!= saidx1
->reqid
)
5451 if (bcmp(&saidx0
->src
, &saidx1
->src
, saidx0
->src
.ss_len
) != 0 ||
5452 bcmp(&saidx0
->dst
, &saidx1
->dst
, saidx0
->dst
.ss_len
) != 0)
5456 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
5457 if (flag
& CMP_REQID
) {
5459 * If reqid of SPD is non-zero, unique SA is required.
5460 * The result must be of same reqid in this case.
5462 if (saidx1
->reqid
!= 0 && saidx0
->reqid
!= saidx1
->reqid
)
5466 if (flag
& CMP_MODE
) {
5467 if (saidx0
->mode
!= IPSEC_MODE_ANY
5468 && saidx0
->mode
!= saidx1
->mode
)
5472 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->src
,
5473 (struct sockaddr
*)&saidx1
->src
, flag
& CMP_PORT
? 1 : 0) != 0) {
5476 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->dst
,
5477 (struct sockaddr
*)&saidx1
->dst
, flag
& CMP_PORT
? 1 : 0) != 0) {
5486 * compare two secindex structure exactly.
5488 * spidx0: source, it is often in SPD.
5489 * spidx1: object, it is often from PFKEY message.
5495 key_cmpspidx_exactly(
5496 struct secpolicyindex
*spidx0
,
5497 struct secpolicyindex
*spidx1
)
5500 if (spidx0
== NULL
&& spidx1
== NULL
)
5503 if (spidx0
== NULL
|| spidx1
== NULL
)
5506 if (spidx0
->prefs
!= spidx1
->prefs
5507 || spidx0
->prefd
!= spidx1
->prefd
5508 || spidx0
->ul_proto
!= spidx1
->ul_proto
5509 || spidx0
->internal_if
!= spidx1
->internal_if
)
5512 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src
,
5513 (struct sockaddr
*)&spidx1
->src
, 1) != 0) {
5516 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst
,
5517 (struct sockaddr
*)&spidx1
->dst
, 1) != 0) {
5521 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src_range
.start
,
5522 (struct sockaddr
*)&spidx1
->src_range
.start
, 1) != 0) {
5525 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src_range
.end
,
5526 (struct sockaddr
*)&spidx1
->src_range
.end
, 1) != 0) {
5529 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst_range
.start
,
5530 (struct sockaddr
*)&spidx1
->dst_range
.start
, 1) != 0) {
5533 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst_range
.end
,
5534 (struct sockaddr
*)&spidx1
->dst_range
.end
, 1) != 0) {
5542 * compare two secindex structure with mask.
5544 * spidx0: source, it is often in SPD.
5545 * spidx1: object, it is often from IP header.
5551 key_cmpspidx_withmask(
5552 struct secpolicyindex
*spidx0
,
5553 struct secpolicyindex
*spidx1
)
5555 int spidx0_src_is_range
= 0;
5556 int spidx0_dst_is_range
= 0;
5559 if (spidx0
== NULL
&& spidx1
== NULL
)
5562 if (spidx0
== NULL
|| spidx1
== NULL
)
5565 if (spidx0
->src_range
.start
.ss_len
> 0)
5566 spidx0_src_is_range
= 1;
5568 if (spidx0
->dst_range
.start
.ss_len
> 0)
5569 spidx0_dst_is_range
= 1;
5571 if ((spidx0_src_is_range
? spidx0
->src_range
.start
.ss_family
: spidx0
->src
.ss_family
) != spidx1
->src
.ss_family
||
5572 (spidx0_dst_is_range
? spidx0
->dst_range
.start
.ss_family
: spidx0
->dst
.ss_family
) != spidx1
->dst
.ss_family
||
5573 (spidx0_src_is_range
? spidx0
->src_range
.start
.ss_len
: spidx0
->src
.ss_len
) != spidx1
->src
.ss_len
||
5574 (spidx0_dst_is_range
? spidx0
->dst_range
.start
.ss_len
: spidx0
->dst
.ss_len
) != spidx1
->dst
.ss_len
)
5577 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
5578 if (spidx0
->ul_proto
!= (u_int16_t
)IPSEC_ULPROTO_ANY
5579 && spidx0
->ul_proto
!= spidx1
->ul_proto
)
5582 /* If spidx1 specifies interface, ignore src addr */
5583 if (spidx1
->internal_if
!= NULL
) {
5584 if (spidx0
->internal_if
== NULL
5585 || spidx0
->internal_if
!= spidx1
->internal_if
)
5588 /* Still check ports */
5589 switch (spidx0
->src
.ss_family
) {
5591 if (spidx0_src_is_range
&&
5592 (satosin(&spidx1
->src
)->sin_port
< satosin(&spidx0
->src_range
.start
)->sin_port
5593 || satosin(&spidx1
->src
)->sin_port
> satosin(&spidx0
->src_range
.end
)->sin_port
))
5595 else if (satosin(&spidx0
->src
)->sin_port
!= IPSEC_PORT_ANY
5596 && satosin(&spidx0
->src
)->sin_port
!=
5597 satosin(&spidx1
->src
)->sin_port
)
5601 if (spidx0_src_is_range
&&
5602 (satosin6(&spidx1
->src
)->sin6_port
< satosin6(&spidx0
->src_range
.start
)->sin6_port
5603 || satosin6(&spidx1
->src
)->sin6_port
> satosin6(&spidx0
->src_range
.end
)->sin6_port
))
5605 else if (satosin6(&spidx0
->src
)->sin6_port
!= IPSEC_PORT_ANY
5606 && satosin6(&spidx0
->src
)->sin6_port
!=
5607 satosin6(&spidx1
->src
)->sin6_port
)
5613 } else if (spidx0_src_is_range
) {
5614 if (!key_is_addr_in_range(&spidx1
->src
, &spidx0
->src_range
))
5617 switch (spidx0
->src
.ss_family
) {
5619 if (satosin(&spidx0
->src
)->sin_port
!= IPSEC_PORT_ANY
5620 && satosin(&spidx0
->src
)->sin_port
!=
5621 satosin(&spidx1
->src
)->sin_port
)
5623 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->src
)->sin_addr
,
5624 (caddr_t
)&satosin(&spidx1
->src
)->sin_addr
, spidx0
->prefs
))
5628 if (satosin6(&spidx0
->src
)->sin6_port
!= IPSEC_PORT_ANY
5629 && satosin6(&spidx0
->src
)->sin6_port
!=
5630 satosin6(&spidx1
->src
)->sin6_port
)
5633 * scope_id check. if sin6_scope_id is 0, we regard it
5634 * as a wildcard scope, which matches any scope zone ID.
5636 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
5637 satosin6(&spidx1
->src
)->sin6_scope_id
&&
5638 satosin6(&spidx0
->src
)->sin6_scope_id
!=
5639 satosin6(&spidx1
->src
)->sin6_scope_id
)
5641 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->src
)->sin6_addr
,
5642 (caddr_t
)&satosin6(&spidx1
->src
)->sin6_addr
, spidx0
->prefs
))
5647 if (bcmp(&spidx0
->src
, &spidx1
->src
, spidx0
->src
.ss_len
) != 0)
5653 if (spidx0_dst_is_range
) {
5654 if (!key_is_addr_in_range(&spidx1
->dst
, &spidx0
->dst_range
))
5657 switch (spidx0
->dst
.ss_family
) {
5659 if (satosin(&spidx0
->dst
)->sin_port
!= IPSEC_PORT_ANY
5660 && satosin(&spidx0
->dst
)->sin_port
!=
5661 satosin(&spidx1
->dst
)->sin_port
)
5663 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->dst
)->sin_addr
,
5664 (caddr_t
)&satosin(&spidx1
->dst
)->sin_addr
, spidx0
->prefd
))
5668 if (satosin6(&spidx0
->dst
)->sin6_port
!= IPSEC_PORT_ANY
5669 && satosin6(&spidx0
->dst
)->sin6_port
!=
5670 satosin6(&spidx1
->dst
)->sin6_port
)
5673 * scope_id check. if sin6_scope_id is 0, we regard it
5674 * as a wildcard scope, which matches any scope zone ID.
5676 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
5677 satosin6(&spidx1
->src
)->sin6_scope_id
&&
5678 satosin6(&spidx0
->dst
)->sin6_scope_id
!=
5679 satosin6(&spidx1
->dst
)->sin6_scope_id
)
5681 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->dst
)->sin6_addr
,
5682 (caddr_t
)&satosin6(&spidx1
->dst
)->sin6_addr
, spidx0
->prefd
))
5687 if (bcmp(&spidx0
->dst
, &spidx1
->dst
, spidx0
->dst
.ss_len
) != 0)
5693 /* XXX Do we check other field ? e.g. flowinfo */
5699 key_is_addr_in_range(struct sockaddr_storage
*addr
, struct secpolicyaddrrange
*addr_range
)
5703 if (addr
== NULL
|| addr_range
== NULL
)
5706 /* Must be greater than or equal to start */
5707 cmp
= key_sockaddrcmp((struct sockaddr
*)addr
, (struct sockaddr
*)&addr_range
->start
, 1);
5708 if (cmp
!= 0 && cmp
!= 1)
5711 /* Must be less than or equal to end */
5712 cmp
= key_sockaddrcmp((struct sockaddr
*)addr
, (struct sockaddr
*)&addr_range
->end
, 1);
5713 if (cmp
!= 0 && cmp
!= -1)
5724 2: Not comparable or error
5728 struct sockaddr
*sa1
,
5729 struct sockaddr
*sa2
,
5733 int port_result
= 0;
5735 if (sa1
->sa_family
!= sa2
->sa_family
|| sa1
->sa_len
!= sa2
->sa_len
)
5738 if (sa1
->sa_len
== 0)
5741 switch (sa1
->sa_family
) {
5743 if (sa1
->sa_len
!= sizeof(struct sockaddr_in
))
5746 result
= memcmp(&satosin(sa1
)->sin_addr
.s_addr
, &satosin(sa2
)->sin_addr
.s_addr
, sizeof(satosin(sa1
)->sin_addr
.s_addr
));
5749 if (satosin(sa1
)->sin_port
< satosin(sa2
)->sin_port
) {
5751 } else if (satosin(sa1
)->sin_port
> satosin(sa2
)->sin_port
) {
5756 result
= port_result
;
5757 else if ((result
> 0 && port_result
< 0) || (result
< 0 && port_result
> 0))
5763 if (sa1
->sa_len
!= sizeof(struct sockaddr_in6
))
5764 return 2; /*EINVAL*/
5766 if (satosin6(sa1
)->sin6_scope_id
!=
5767 satosin6(sa2
)->sin6_scope_id
) {
5771 result
= memcmp(&satosin6(sa1
)->sin6_addr
.s6_addr
[0], &satosin6(sa2
)->sin6_addr
.s6_addr
[0], sizeof(struct in6_addr
));
5774 if (satosin6(sa1
)->sin6_port
< satosin6(sa2
)->sin6_port
) {
5776 } else if (satosin6(sa1
)->sin6_port
> satosin6(sa2
)->sin6_port
) {
5781 result
= port_result
;
5782 else if ((result
> 0 && port_result
< 0) || (result
< 0 && port_result
> 0))
5788 result
= memcmp(sa1
, sa2
, sa1
->sa_len
);
5792 if (result
< 0) result
= -1;
5793 else if (result
> 0) result
= 1;
5799 * compare two buffers with mask.
5803 * bits: Number of bits to compare
5816 /* XXX: This could be considerably faster if we compare a word
5817 * at a time, but it is complicated on LSB Endian machines */
5819 /* Handle null pointers */
5820 if (p1
== NULL
|| p2
== NULL
)
5830 mask
= ~((1<<(8-bits
))-1);
5831 if ((*p1
& mask
) != (*p2
& mask
))
5834 return 1; /* Match! */
5839 * scanning SPD and SAD to check status for each entries,
5840 * and do to remove or to expire.
5841 * XXX: year 2038 problem may remain.
5843 int key_timehandler_debug
= 0;
5844 u_int32_t spd_count
= 0, sah_count
= 0, dead_sah_count
= 0, empty_sah_count
= 0, larval_sav_count
= 0, mature_sav_count
= 0, dying_sav_count
= 0, dead_sav_count
= 0;
5845 u_int64_t total_sav_count
= 0;
5847 key_timehandler(void)
5851 struct secpolicy
**spbuf
= NULL
, **spptr
= NULL
;
5852 struct secasvar
**savexbuf
= NULL
, **savexptr
= NULL
;
5853 struct secasvar
**savkabuf
= NULL
, **savkaptr
= NULL
;
5854 int spbufcount
= 0, savbufcount
= 0, spcount
= 0, savexcount
= 0, savkacount
= 0, cnt
;
5855 int stop_handler
= 1; /* stop the timehandler */
5859 /* pre-allocate buffers before taking the lock */
5860 /* if allocation failures occur - portions of the processing will be skipped */
5861 if ((spbufcount
= ipsec_policy_count
) != 0) {
5863 KMALLOC_WAIT(spbuf
, struct secpolicy
**, spbufcount
* sizeof(struct secpolicy
*));
5867 if ((savbufcount
= ipsec_sav_count
) != 0) {
5869 KMALLOC_WAIT(savexbuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
5871 savexptr
= savexbuf
;
5872 KMALLOC_WAIT(savkabuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
5874 savkaptr
= savkabuf
;
5876 lck_mtx_lock(sadb_mutex
);
5880 struct secpolicy
*sp
, *nextsp
;
5882 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
5883 for (sp
= LIST_FIRST(&sptree
[dir
]);
5887 /* don't prevent timehandler from stopping for generate policy */
5888 if (sp
->policy
!= IPSEC_POLICY_GENERATE
)
5891 nextsp
= LIST_NEXT(sp
, chain
);
5893 if (sp
->state
== IPSEC_SPSTATE_DEAD
) {
5894 key_freesp(sp
, KEY_SADB_LOCKED
);
5898 if (sp
->lifetime
== 0 && sp
->validtime
== 0)
5900 if (spbuf
&& spcount
< spbufcount
) {
5901 /* the deletion will occur next time */
5903 && tv
.tv_sec
- sp
->created
> sp
->lifetime
)
5905 && tv
.tv_sec
- sp
->lastused
> sp
->validtime
)) {
5906 //key_spdexpire(sp);
5907 sp
->state
= IPSEC_SPSTATE_DEAD
;
5919 struct secashead
*sah
, *nextsah
;
5920 struct secasvar
*sav
, *nextsav
;
5922 for (sah
= LIST_FIRST(&sahtree
);
5927 nextsah
= LIST_NEXT(sah
, chain
);
5929 /* if sah has been dead, then delete it and process next sah. */
5930 if (sah
->state
== SADB_SASTATE_DEAD
) {
5936 if (LIST_FIRST(&sah
->savtree
[SADB_SASTATE_LARVAL
]) == NULL
&&
5937 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]) == NULL
&&
5938 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DYING
]) == NULL
&&
5939 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DEAD
]) == NULL
) {
5945 if (savbufcount
== 0) {
5951 /* if LARVAL entry doesn't become MATURE, delete it. */
5952 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_LARVAL
]);
5958 nextsav
= LIST_NEXT(sav
, chain
);
5960 if (sav
->lft_h
!= NULL
) {
5961 /* If a hard lifetime is defined for the LARVAL SA, use it */
5962 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
5963 && tv
.tv_sec
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
5964 if (sav
->always_expire
) {
5965 key_send_delete(sav
);
5968 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
5969 key_freesav(sav
, KEY_SADB_LOCKED
);
5974 if (tv
.tv_sec
- sav
->created
> key_larval_lifetime
) {
5975 key_freesav(sav
, KEY_SADB_LOCKED
);
5981 * If this is a NAT traversal SA with no activity,
5982 * we need to send a keep alive.
5984 * Performed outside of the loop before so we will
5985 * only ever send one keepalive. The first SA on
5986 * the list is the one that will be used for sending
5987 * traffic, so this is the one we use for determining
5988 * when to send the keepalive.
5990 if (savkabuf
&& savkacount
< savbufcount
) {
5991 sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]); //%%% should we check dying list if this is empty???
5992 if (sav
&& (natt_keepalive_interval
|| sav
->natt_interval
) &&
5993 (sav
->flags
& (SADB_X_EXT_NATT_KEEPALIVE
| SADB_X_EXT_ESP_KEEPALIVE
)) != 0) {
6001 * check MATURE entry to start to send expire message
6004 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]);
6010 nextsav
= LIST_NEXT(sav
, chain
);
6012 /* we don't need to check. */
6013 if (sav
->lft_s
== NULL
)
6017 if (sav
->lft_c
== NULL
) {
6018 ipseclog((LOG_DEBUG
,"key_timehandler: "
6019 "There is no CURRENT time, why?\n"));
6023 /* check SOFT lifetime */
6024 if (sav
->lft_s
->sadb_lifetime_addtime
!= 0
6025 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
6027 * If always_expire is set, expire. Otherwise,
6028 * if the SA has not been used, delete immediately.
6030 if (sav
->lft_c
->sadb_lifetime_usetime
== 0
6031 && sav
->always_expire
== 0) {
6032 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6033 key_freesav(sav
, KEY_SADB_LOCKED
);
6035 } else if (savexbuf
&& savexcount
< savbufcount
) {
6036 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
6043 /* check SOFT lifetime by bytes */
6045 * XXX I don't know the way to delete this SA
6046 * when new SA is installed. Caution when it's
6047 * installed too big lifetime by time.
6049 else if (savexbuf
&& savexcount
< savbufcount
6050 && sav
->lft_s
->sadb_lifetime_bytes
!= 0
6051 && sav
->lft_s
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
6054 * XXX If we keep to send expire
6055 * message in the status of
6056 * DYING. Do remove below code.
6059 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
6066 /* check DYING entry to change status to DEAD. */
6067 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DYING
]);
6073 nextsav
= LIST_NEXT(sav
, chain
);
6075 /* we don't need to check. */
6076 if (sav
->lft_h
== NULL
)
6080 if (sav
->lft_c
== NULL
) {
6081 ipseclog((LOG_DEBUG
, "key_timehandler: "
6082 "There is no CURRENT time, why?\n"));
6086 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
6087 && tv
.tv_sec
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
6088 if (sav
->always_expire
) {
6089 key_send_delete(sav
);
6092 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6093 key_freesav(sav
, KEY_SADB_LOCKED
);
6097 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
6098 else if (savbuf
&& savexcount
< savbufcount
6099 && sav
->lft_s
!= NULL
6100 && sav
->lft_s
->sadb_lifetime_addtime
!= 0
6101 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
6103 * XXX: should be checked to be
6104 * installed the valid SA.
6108 * If there is no SA then sending
6117 /* check HARD lifetime by bytes */
6118 else if (sav
->lft_h
->sadb_lifetime_bytes
!= 0
6119 && sav
->lft_h
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
6120 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6121 key_freesav(sav
, KEY_SADB_LOCKED
);
6126 /* delete entry in DEAD */
6127 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DEAD
]);
6133 nextsav
= LIST_NEXT(sav
, chain
);
6136 if (sav
->state
!= SADB_SASTATE_DEAD
) {
6137 ipseclog((LOG_DEBUG
, "key_timehandler: "
6138 "invalid sav->state "
6139 "(queue: %d SA: %d): "
6141 SADB_SASTATE_DEAD
, sav
->state
));
6145 * do not call key_freesav() here.
6146 * sav should already be freed, and sav->refcnt
6147 * shows other references to sav
6148 * (such as from SPD).
6154 if (++key_timehandler_debug
>= 300) {
6155 if (key_debug_level
) {
6156 printf("%s: total stats for %u calls\n", __FUNCTION__
, key_timehandler_debug
);
6157 printf("%s: walked %u SPDs\n", __FUNCTION__
, spd_count
);
6158 printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__
,
6159 total_sav_count
, larval_sav_count
, mature_sav_count
, dying_sav_count
, dead_sav_count
);
6160 printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__
,
6161 sah_count
, dead_sah_count
, empty_sah_count
);
6162 if (sah_search_calls
) {
6163 printf("%s: SAH search cost %d iters per call\n", __FUNCTION__
,
6164 (sah_search_count
/sah_search_calls
));
6170 empty_sah_count
= 0;
6171 larval_sav_count
= 0;
6172 mature_sav_count
= 0;
6173 dying_sav_count
= 0;
6175 total_sav_count
= 0;
6176 sah_search_count
= 0;
6177 sah_search_calls
= 0;
6178 key_timehandler_debug
= 0;
6180 #ifndef IPSEC_NONBLOCK_ACQUIRE
6183 struct secacq
*acq
, *nextacq
;
6185 for (acq
= LIST_FIRST(&acqtree
);
6190 nextacq
= LIST_NEXT(acq
, chain
);
6192 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
6193 && __LIST_CHAINED(acq
)) {
6194 LIST_REMOVE(acq
, chain
);
6203 struct secspacq
*acq
, *nextacq
;
6205 for (acq
= LIST_FIRST(&spacqtree
);
6210 nextacq
= LIST_NEXT(acq
, chain
);
6212 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
6213 && __LIST_CHAINED(acq
)) {
6214 LIST_REMOVE(acq
, chain
);
6220 /* initialize random seed */
6221 if (key_tick_init_random
++ > key_int_random
) {
6222 key_tick_init_random
= 0;
6226 uint64_t acc_sleep_time
= 0;
6227 absolutetime_to_nanoseconds(mach_absolutetime_asleep
, &acc_sleep_time
);
6228 natt_now
= ++up_time
+ (acc_sleep_time
/ NSEC_PER_SEC
);
6230 lck_mtx_unlock(sadb_mutex
);
6232 /* send messages outside of sadb_mutex */
6233 if (spbuf
&& spcount
> 0) {
6236 key_spdexpire(*(--spptr
));
6238 if (savkabuf
&& savkacount
> 0) {
6239 struct secasvar
**savkaptr_sav
= savkaptr
;
6240 int cnt_send
= savkacount
;
6242 while (cnt_send
--) {
6243 if (ipsec_send_natt_keepalive(*(--savkaptr
))) {
6244 // <rdar://6768487> iterate (all over again) and update timestamps
6245 struct secasvar
**savkaptr_update
= savkaptr_sav
;
6246 int cnt_update
= savkacount
;
6247 while (cnt_update
--) {
6248 key_update_natt_keepalive_timestamp(*savkaptr
,
6249 *(--savkaptr_update
));
6254 if (savexbuf
&& savexcount
> 0) {
6257 key_expire(*(--savexptr
));
6260 /* decrement ref counts and free buffers */
6261 lck_mtx_lock(sadb_mutex
);
6264 key_freesp(*spptr
++, KEY_SADB_LOCKED
);
6268 while (savkacount
--)
6269 key_freesav(*savkaptr
++, KEY_SADB_LOCKED
);
6273 while (savexcount
--)
6274 key_freesav(*savexptr
++, KEY_SADB_LOCKED
);
6279 key_timehandler_running
= 0;
6280 /* Turn on the ipsec bypass */
6283 /* do exchange to tick time !! */
6284 (void)timeout((void *)key_timehandler
, (void *)0, hz
);
6287 lck_mtx_unlock(sadb_mutex
);
6292 * to initialize a seed for random()
6298 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
6305 srandom(tv
.tv_usec
);
6316 key_randomfill(&value
, sizeof(value
));
6326 cc_rand_generate(p
, l
);
6330 static int warn
= 1;
6333 n
= (size_t)read_random(p
, (u_int
)l
);
6337 bcopy(&v
, (u_int8_t
*)p
+ n
,
6338 l
- n
< sizeof(v
) ? l
- n
: sizeof(v
));
6342 printf("WARNING: pseudo-random number generator "
6343 "used for IPsec processing\n");
6351 * map SADB_SATYPE_* to IPPROTO_*.
6352 * if satype == SADB_SATYPE then satype is mapped to ~0.
6354 * 0: invalid satype.
6361 case SADB_SATYPE_UNSPEC
:
6362 return IPSEC_PROTO_ANY
;
6363 case SADB_SATYPE_AH
:
6365 case SADB_SATYPE_ESP
:
6367 case SADB_X_SATYPE_IPCOMP
:
6368 return IPPROTO_IPCOMP
;
6376 * map IPPROTO_* to SADB_SATYPE_*
6378 * 0: invalid protocol type.
6386 return SADB_SATYPE_AH
;
6388 return SADB_SATYPE_ESP
;
6389 case IPPROTO_IPCOMP
:
6390 return SADB_X_SATYPE_IPCOMP
;
6398 key_get_ipsec_if_from_message (const struct sadb_msghdr
*mhp
, int message_type
)
6400 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
6401 ifnet_t ipsec_if
= NULL
;
6403 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[message_type
];
6404 if (ipsecifopts
!= NULL
) {
6405 if (ipsecifopts
->sadb_x_ipsecif_ipsec_if
[0]) {
6406 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_ipsec_if
, &ipsec_if
);
6414 key_get_outgoing_ifindex_from_message (const struct sadb_msghdr
*mhp
, int message_type
)
6416 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
6417 ifnet_t outgoing_if
= NULL
;
6419 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[message_type
];
6420 if (ipsecifopts
!= NULL
) {
6421 if (ipsecifopts
->sadb_x_ipsecif_outgoing_if
[0]) {
6422 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_outgoing_if
, &outgoing_if
);
6426 return outgoing_if
? outgoing_if
->if_index
: 0;
6431 * SADB_GETSPI processing is to receive
6432 * <base, (SA2), src address, dst address, (SPI range)>
6433 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
6434 * tree with the status of LARVAL, and send
6435 * <base, SA(*), address(SD)>
6438 * IN: mhp: pointer to the pointer to each header.
6439 * OUT: NULL if fail.
6440 * other if success, return pointer to the message to send.
6446 const struct sadb_msghdr
*mhp
)
6448 struct sadb_address
*src0
, *dst0
;
6449 struct secasindex saidx
;
6450 struct secashead
*newsah
;
6451 struct secasvar
*newsav
;
6452 ifnet_t ipsec_if
= NULL
;
6459 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6462 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6463 panic("key_getspi: NULL pointer is passed.\n");
6465 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6466 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
6467 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
6468 return key_senderror(so
, m
, EINVAL
);
6470 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6471 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
6472 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
6473 return key_senderror(so
, m
, EINVAL
);
6475 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
6476 mode
= ((struct sadb_x_sa2
*)
6477 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
6478 reqid
= ((struct sadb_x_sa2
*)
6479 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
6481 mode
= IPSEC_MODE_ANY
;
6485 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
6486 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
6488 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
6490 /* map satype to proto */
6491 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6492 ipseclog((LOG_DEBUG
, "key_getspi: invalid satype is passed.\n"));
6493 return key_senderror(so
, m
, EINVAL
);
6496 /* make sure if port number is zero. */
6497 switch (((struct sockaddr
*)(src0
+ 1))->sa_family
) {
6499 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
6500 sizeof(struct sockaddr_in
))
6501 return key_senderror(so
, m
, EINVAL
);
6502 ((struct sockaddr_in
*)(void *)(src0
+ 1))->sin_port
= 0;
6505 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
6506 sizeof(struct sockaddr_in6
))
6507 return key_senderror(so
, m
, EINVAL
);
6508 ((struct sockaddr_in6
*)(void *)(src0
+ 1))->sin6_port
= 0;
6513 switch (((struct sockaddr
*)(dst0
+ 1))->sa_family
) {
6515 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
6516 sizeof(struct sockaddr_in
))
6517 return key_senderror(so
, m
, EINVAL
);
6518 ((struct sockaddr_in
*)(void *)(dst0
+ 1))->sin_port
= 0;
6521 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
6522 sizeof(struct sockaddr_in6
))
6523 return key_senderror(so
, m
, EINVAL
);
6524 ((struct sockaddr_in6
*)(void *)(dst0
+ 1))->sin6_port
= 0;
6530 /* XXX boundary check against sa_len */
6531 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
6533 lck_mtx_lock(sadb_mutex
);
6535 /* SPI allocation */
6536 spi
= key_do_getnewspi((struct sadb_spirange
*)
6537 (void *)mhp
->ext
[SADB_EXT_SPIRANGE
], &saidx
);
6539 lck_mtx_unlock(sadb_mutex
);
6540 return key_senderror(so
, m
, EINVAL
);
6543 /* get a SA index */
6544 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
6545 /* create a new SA index: key_addspi is always used for inbound spi */
6546 if ((newsah
= key_newsah(&saidx
, ipsec_if
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_IPSECIF
), IPSEC_DIR_INBOUND
)) == NULL
) {
6547 lck_mtx_unlock(sadb_mutex
);
6548 ipseclog((LOG_DEBUG
, "key_getspi: No more memory.\n"));
6549 return key_senderror(so
, m
, ENOBUFS
);
6555 newsav
= key_newsav(m
, mhp
, newsah
, &error
, so
);
6556 if (newsav
== NULL
) {
6557 /* XXX don't free new SA index allocated in above. */
6558 lck_mtx_unlock(sadb_mutex
);
6559 return key_senderror(so
, m
, error
);
6563 key_setspi(newsav
, htonl(spi
));
6565 #ifndef IPSEC_NONBLOCK_ACQUIRE
6566 /* delete the entry in acqtree */
6567 if (mhp
->msg
->sadb_msg_seq
!= 0) {
6569 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) != NULL
) {
6570 /* reset counter in order to deletion by timehandler. */
6573 acq
->created
= tv
.tv_sec
;
6579 lck_mtx_unlock(sadb_mutex
);
6582 struct mbuf
*n
, *nn
;
6583 struct sadb_sa
*m_sa
;
6584 struct sadb_msg
*newmsg
;
6587 /* create new sadb_msg to reply. */
6588 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
)) +
6589 PFKEY_ALIGN8(sizeof(struct sadb_sa
));
6591 return key_senderror(so
, m
, ENOBUFS
);
6593 MGETHDR(n
, M_WAITOK
, MT_DATA
);
6594 if (n
&& len
> MHLEN
) {
6595 MCLGET(n
, M_WAITOK
);
6596 if ((n
->m_flags
& M_EXT
) == 0) {
6602 return key_senderror(so
, m
, ENOBUFS
);
6608 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
6609 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
6611 m_sa
= (struct sadb_sa
*)(void *)(mtod(n
, caddr_t
) + off
);
6612 m_sa
->sadb_sa_len
= PFKEY_UNIT64(sizeof(struct sadb_sa
));
6613 m_sa
->sadb_sa_exttype
= SADB_EXT_SA
;
6614 m_sa
->sadb_sa_spi
= htonl(spi
);
6615 off
+= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
6619 panic("length inconsistency in key_getspi");
6622 int mbufItems
[] = {SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
6623 n
->m_next
= key_gather_mbuf(m
, mhp
, 0, sizeof(mbufItems
)/sizeof(int), mbufItems
);
6626 return key_senderror(so
, m
, ENOBUFS
);
6630 if (n
->m_len
< sizeof(struct sadb_msg
)) {
6631 n
= m_pullup(n
, sizeof(struct sadb_msg
));
6633 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
6636 n
->m_pkthdr
.len
= 0;
6637 for (nn
= n
; nn
; nn
= nn
->m_next
)
6638 n
->m_pkthdr
.len
+= nn
->m_len
;
6640 newmsg
= mtod(n
, struct sadb_msg
*);
6641 newmsg
->sadb_msg_seq
= newsav
->seq
;
6642 newmsg
->sadb_msg_errno
= 0;
6643 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
6646 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
6651 key_getspi2(struct sockaddr
*src
,
6652 struct sockaddr
*dst
,
6656 struct sadb_spirange
*spirange
)
6659 struct secasindex saidx
;
6661 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6663 /* XXX boundary check against sa_len */
6664 KEY_SETSECASIDX(proto
, mode
, reqid
, src
, dst
, 0, &saidx
);
6666 /* make sure if port number is zero. */
6667 switch (((struct sockaddr
*)&saidx
.src
)->sa_family
) {
6669 if (((struct sockaddr
*)&saidx
.src
)->sa_len
!= sizeof(struct sockaddr_in
))
6671 ((struct sockaddr_in
*)&saidx
.src
)->sin_port
= 0;
6674 if (((struct sockaddr
*)&saidx
.src
)->sa_len
!= sizeof(struct sockaddr_in6
))
6676 ((struct sockaddr_in6
*)&saidx
.src
)->sin6_port
= 0;
6681 switch (((struct sockaddr
*)&saidx
.dst
)->sa_family
) {
6683 if (((struct sockaddr
*)&saidx
.dst
)->sa_len
!= sizeof(struct sockaddr_in
))
6685 ((struct sockaddr_in
*)&saidx
.dst
)->sin_port
= 0;
6688 if (((struct sockaddr
*)&saidx
.dst
)->sa_len
!= sizeof(struct sockaddr_in6
))
6690 ((struct sockaddr_in6
*)&saidx
.dst
)->sin6_port
= 0;
6696 lck_mtx_lock(sadb_mutex
);
6698 /* SPI allocation */
6699 spi
= key_do_getnewspi(spirange
, &saidx
);
6701 lck_mtx_unlock(sadb_mutex
);
6707 * allocating new SPI
6708 * called by key_getspi() and key_getspi2().
6715 struct sadb_spirange
*spirange
,
6716 struct secasindex
*saidx
)
6719 u_int32_t keymin
, keymax
;
6720 int count
= key_spi_trycnt
;
6722 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6724 /* set spi range to allocate */
6725 if (spirange
!= NULL
) {
6726 keymin
= spirange
->sadb_spirange_min
;
6727 keymax
= spirange
->sadb_spirange_max
;
6729 keymin
= key_spi_minval
;
6730 keymax
= key_spi_maxval
;
6732 /* IPCOMP needs 2-byte SPI */
6733 if (saidx
->proto
== IPPROTO_IPCOMP
) {
6735 if (keymin
>= 0x10000)
6737 if (keymax
>= 0x10000)
6739 if (keymin
> keymax
) {
6740 t
= keymin
; keymin
= keymax
; keymax
= t
;
6744 if (keymin
== keymax
) {
6745 if (key_checkspidup(saidx
, keymin
) != NULL
) {
6746 ipseclog((LOG_DEBUG
, "key_do_getnewspi: SPI %u exists already.\n", keymin
));
6750 count
--; /* taking one cost. */
6755 u_int32_t range
= keymax
- keymin
+ 1; /* overflow value of zero means full range */
6760 /* when requesting to allocate spi ranged */
6762 u_int32_t rand_val
= key_random();
6764 /* generate pseudo-random SPI value ranged. */
6765 newspi
= (range
== 0 ? rand_val
: keymin
+ (rand_val
% range
));
6767 if (key_checkspidup(saidx
, newspi
) == NULL
)
6771 if (count
== 0 || newspi
== 0) {
6772 ipseclog((LOG_DEBUG
, "key_do_getnewspi: to allocate spi is failed.\n"));
6778 keystat
.getspi_count
=
6779 (keystat
.getspi_count
+ key_spi_trycnt
- count
) / 2;
6785 * SADB_UPDATE processing
6787 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6788 * key(AE), (identity(SD),) (sensitivity)>
6789 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
6791 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6792 * (identity(SD),) (sensitivity)>
6795 * m will always be freed.
6801 const struct sadb_msghdr
*mhp
)
6803 struct sadb_sa
*sa0
;
6804 struct sadb_address
*src0
, *dst0
;
6805 ifnet_t ipsec_if
= NULL
;
6806 struct secasindex saidx
;
6807 struct secashead
*sah
;
6808 struct secasvar
*sav
;
6815 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6818 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6819 panic("key_update: NULL pointer is passed.\n");
6821 /* map satype to proto */
6822 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6823 ipseclog((LOG_DEBUG
, "key_update: invalid satype is passed.\n"));
6824 return key_senderror(so
, m
, EINVAL
);
6827 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
6828 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6829 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
6830 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
6831 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
6832 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
6833 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
6834 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
6835 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
6836 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
6837 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
6838 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
6839 return key_senderror(so
, m
, EINVAL
);
6841 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
6842 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6843 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
6844 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
6845 return key_senderror(so
, m
, EINVAL
);
6847 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
6848 mode
= ((struct sadb_x_sa2
*)
6849 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
6850 reqid
= ((struct sadb_x_sa2
*)
6851 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
6852 flags2
= ((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_flags
;
6854 mode
= IPSEC_MODE_ANY
;
6858 /* XXX boundary checking for other extensions */
6860 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
6861 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
6862 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
6863 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
6865 /* XXX boundary check against sa_len */
6866 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
6868 lck_mtx_lock(sadb_mutex
);
6870 /* get a SA header */
6871 if ((sah
= key_getsah(&saidx
)) == NULL
) {
6872 lck_mtx_unlock(sadb_mutex
);
6873 ipseclog((LOG_DEBUG
, "key_update: no SA index found.\n"));
6874 return key_senderror(so
, m
, ENOENT
);
6877 /* set spidx if there */
6879 error
= key_setident(sah
, m
, mhp
);
6881 lck_mtx_unlock(sadb_mutex
);
6882 return key_senderror(so
, m
, error
);
6885 /* find a SA with sequence number. */
6886 #if IPSEC_DOSEQCHECK
6887 if (mhp
->msg
->sadb_msg_seq
!= 0
6888 && (sav
= key_getsavbyseq(sah
, mhp
->msg
->sadb_msg_seq
)) == NULL
) {
6889 lck_mtx_unlock(sadb_mutex
);
6890 ipseclog((LOG_DEBUG
,
6891 "key_update: no larval SA with sequence %u exists.\n",
6892 mhp
->msg
->sadb_msg_seq
));
6893 return key_senderror(so
, m
, ENOENT
);
6896 if ((sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
)) == NULL
) {
6897 lck_mtx_unlock(sadb_mutex
);
6898 ipseclog((LOG_DEBUG
,
6899 "key_update: no such a SA found (spi:%u)\n",
6900 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
6901 return key_senderror(so
, m
, EINVAL
);
6905 /* validity check */
6906 if (sav
->sah
->saidx
.proto
!= proto
) {
6907 lck_mtx_unlock(sadb_mutex
);
6908 ipseclog((LOG_DEBUG
,
6909 "key_update: protocol mismatched (DB=%u param=%u)\n",
6910 sav
->sah
->saidx
.proto
, proto
));
6911 return key_senderror(so
, m
, EINVAL
);
6913 #if IPSEC_DOSEQCHECK
6914 if (sav
->spi
!= sa0
->sadb_sa_spi
) {
6915 lck_mtx_unlock(sadb_mutex
);
6916 ipseclog((LOG_DEBUG
,
6917 "key_update: SPI mismatched (DB:%u param:%u)\n",
6918 (u_int32_t
)ntohl(sav
->spi
),
6919 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
6920 return key_senderror(so
, m
, EINVAL
);
6923 if (sav
->pid
!= mhp
->msg
->sadb_msg_pid
) {
6924 lck_mtx_unlock(sadb_mutex
);
6925 ipseclog((LOG_DEBUG
,
6926 "key_update: pid mismatched (DB:%u param:%u)\n",
6927 sav
->pid
, mhp
->msg
->sadb_msg_pid
));
6928 return key_senderror(so
, m
, EINVAL
);
6931 /* copy sav values */
6932 error
= key_setsaval(sav
, m
, mhp
);
6934 key_freesav(sav
, KEY_SADB_LOCKED
);
6935 lck_mtx_unlock(sadb_mutex
);
6936 return key_senderror(so
, m
, error
);
6939 sav
->flags2
= flags2
;
6940 if (flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
) {
6945 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
6946 * this SA is for transport mode - otherwise clear it.
6948 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
6949 (sav
->sah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
6950 sav
->sah
->saidx
.src
.ss_family
!= AF_INET
))
6951 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
6953 /* check SA values to be mature. */
6954 if ((error
= key_mature(sav
)) != 0) {
6955 key_freesav(sav
, KEY_SADB_LOCKED
);
6956 lck_mtx_unlock(sadb_mutex
);
6957 return key_senderror(so
, m
, error
);
6960 lck_mtx_unlock(sadb_mutex
);
6965 /* set msg buf from mhp */
6966 n
= key_getmsgbuf_x1(m
, mhp
);
6968 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
6969 return key_senderror(so
, m
, ENOBUFS
);
6973 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
6978 key_migrate(struct socket
*so
,
6980 const struct sadb_msghdr
*mhp
)
6982 struct sadb_sa
*sa0
= NULL
;
6983 struct sadb_address
*src0
= NULL
;
6984 struct sadb_address
*dst0
= NULL
;
6985 struct sadb_address
*src1
= NULL
;
6986 struct sadb_address
*dst1
= NULL
;
6987 ifnet_t ipsec_if0
= NULL
;
6988 ifnet_t ipsec_if1
= NULL
;
6989 struct secasindex saidx0
;
6990 struct secasindex saidx1
;
6991 struct secashead
*sah
= NULL
;
6992 struct secashead
*newsah
= NULL
;
6993 struct secasvar
*sav
= NULL
;
6996 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6999 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7000 panic("key_migrate: NULL pointer is passed.\n");
7002 /* map satype to proto */
7003 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7004 ipseclog((LOG_DEBUG
, "key_migrate: invalid satype is passed.\n"));
7005 return key_senderror(so
, m
, EINVAL
);
7008 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7009 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7010 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
7011 mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_SRC
] == NULL
||
7012 mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_DST
] == NULL
) {
7013 ipseclog((LOG_DEBUG
, "key_migrate: invalid message is passed.\n"));
7014 return key_senderror(so
, m
, EINVAL
);
7017 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7018 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7019 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
7020 mhp
->extlen
[SADB_EXT_MIGRATE_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7021 mhp
->extlen
[SADB_EXT_MIGRATE_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7022 ipseclog((LOG_DEBUG
, "key_migrate: invalid message is passed.\n"));
7023 return key_senderror(so
, m
, EINVAL
);
7026 lck_mtx_lock(sadb_mutex
);
7028 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7029 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7030 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7031 src1
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_SRC
]);
7032 dst1
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_DST
]);
7033 ipsec_if0
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7034 ipsec_if1
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_MIGRATE_IPSECIF
);
7036 /* Find existing SAH and SAV */
7037 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if0
? ipsec_if0
->if_index
: 0, &saidx0
);
7039 LIST_FOREACH(sah
, &sahtree
, chain
) {
7040 if (sah
->state
!= SADB_SASTATE_MATURE
)
7042 if (key_cmpsaidx(&sah
->saidx
, &saidx0
, CMP_HEAD
) == 0)
7045 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7046 if (sav
&& sav
->state
== SADB_SASTATE_MATURE
)
7050 lck_mtx_unlock(sadb_mutex
);
7051 ipseclog((LOG_DEBUG
, "key_migrate: no mature SAH found.\n"));
7052 return key_senderror(so
, m
, ENOENT
);
7056 lck_mtx_unlock(sadb_mutex
);
7057 ipseclog((LOG_DEBUG
, "key_migrate: no SA found.\n"));
7058 return key_senderror(so
, m
, ENOENT
);
7061 /* Find or create new SAH */
7062 KEY_SETSECASIDX(proto
, sah
->saidx
.mode
, sah
->saidx
.reqid
, src1
+ 1, dst1
+ 1, ipsec_if1
? ipsec_if1
->if_index
: 0, &saidx1
);
7064 if ((newsah
= key_getsah(&saidx1
)) == NULL
) {
7065 if ((newsah
= key_newsah(&saidx1
, ipsec_if1
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_MIGRATE_IPSECIF
), sah
->dir
)) == NULL
) {
7066 lck_mtx_unlock(sadb_mutex
);
7067 ipseclog((LOG_DEBUG
, "key_migrate: No more memory.\n"));
7068 return key_senderror(so
, m
, ENOBUFS
);
7072 /* Migrate SAV in to new SAH */
7073 if (key_migratesav(sav
, newsah
) != 0) {
7074 lck_mtx_unlock(sadb_mutex
);
7075 ipseclog((LOG_DEBUG
, "key_migrate: Failed to migrate SA to new SAH.\n"));
7076 return key_senderror(so
, m
, EINVAL
);
7079 /* Reset NAT values */
7080 sav
->flags
= sa0
->sadb_sa_flags
;
7081 sav
->remote_ike_port
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
;
7082 sav
->natt_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_interval
;
7083 sav
->natt_offload_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_offload_interval
;
7084 sav
->natt_last_activity
= natt_now
;
7087 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7088 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
7089 * set (we're not behind nat) - otherwise clear it.
7091 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
7092 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
7093 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
7094 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
7096 lck_mtx_unlock(sadb_mutex
);
7099 struct sadb_msg
*newmsg
;
7100 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7101 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
, SADB_X_EXT_IPSECIF
,
7102 SADB_EXT_MIGRATE_ADDRESS_SRC
, SADB_EXT_MIGRATE_ADDRESS_DST
, SADB_X_EXT_MIGRATE_IPSECIF
};
7104 /* create new sadb_msg to reply. */
7105 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7107 return key_senderror(so
, m
, ENOBUFS
);
7109 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7110 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7112 return key_senderror(so
, m
, ENOBUFS
);
7114 newmsg
= mtod(n
, struct sadb_msg
*);
7115 newmsg
->sadb_msg_errno
= 0;
7116 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7119 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7124 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
7125 * only called by key_update().
7128 * others : found, pointer to a SA.
7130 #if IPSEC_DOSEQCHECK
7131 static struct secasvar
*
7133 struct secashead
*sah
,
7136 struct secasvar
*sav
;
7139 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7141 state
= SADB_SASTATE_LARVAL
;
7143 /* search SAD with sequence number ? */
7144 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
7146 KEY_CHKSASTATE(state
, sav
->state
, "key_getsabyseq");
7148 if (sav
->seq
== seq
) {
7150 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
7151 printf("DP key_getsavbyseq cause "
7152 "refcnt++:%d SA:0x%llx\n", sav
->refcnt
,
7153 (uint64_t)VM_KERNEL_ADDRPERM(sav
)));
7163 * SADB_ADD processing
7164 * add a entry to SA database, when received
7165 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7166 * key(AE), (identity(SD),) (sensitivity)>
7169 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7170 * (identity(SD),) (sensitivity)>
7173 * IGNORE identity and sensitivity messages.
7175 * m will always be freed.
7181 const struct sadb_msghdr
*mhp
)
7183 struct sadb_sa
*sa0
;
7184 struct sadb_address
*src0
, *dst0
;
7185 ifnet_t ipsec_if
= NULL
;
7186 struct secasindex saidx
;
7187 struct secashead
*newsah
;
7188 struct secasvar
*newsav
;
7194 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7197 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7198 panic("key_add: NULL pointer is passed.\n");
7200 /* map satype to proto */
7201 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7202 ipseclog((LOG_DEBUG
, "key_add: invalid satype is passed.\n"));
7204 return key_senderror(so
, m
, EINVAL
);
7207 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7208 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7209 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
7210 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
7211 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
7212 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
7213 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
7214 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
7215 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
7216 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
7217 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
7218 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
7220 return key_senderror(so
, m
, EINVAL
);
7222 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7223 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7224 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7226 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
7228 return key_senderror(so
, m
, EINVAL
);
7230 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
7231 mode
= ((struct sadb_x_sa2
*)
7232 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
7233 reqid
= ((struct sadb_x_sa2
*)
7234 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
7236 mode
= IPSEC_MODE_ANY
;
7240 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7241 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
7242 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
7243 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7245 /* XXX boundary check against sa_len */
7246 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7248 lck_mtx_lock(sadb_mutex
);
7250 /* get a SA header */
7251 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
7252 /* create a new SA header: key_addspi is always used for outbound spi */
7253 if ((newsah
= key_newsah(&saidx
, ipsec_if
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_IPSECIF
), IPSEC_DIR_OUTBOUND
)) == NULL
) {
7254 lck_mtx_unlock(sadb_mutex
);
7255 ipseclog((LOG_DEBUG
, "key_add: No more memory.\n"));
7257 return key_senderror(so
, m
, ENOBUFS
);
7261 /* set spidx if there */
7263 error
= key_setident(newsah
, m
, mhp
);
7265 lck_mtx_unlock(sadb_mutex
);
7267 return key_senderror(so
, m
, error
);
7270 /* create new SA entry. */
7271 /* We can create new SA only if SPI is different. */
7272 if (key_getsavbyspi(newsah
, sa0
->sadb_sa_spi
)) {
7273 lck_mtx_unlock(sadb_mutex
);
7274 ipseclog((LOG_DEBUG
, "key_add: SA already exists.\n"));
7276 return key_senderror(so
, m
, EEXIST
);
7278 newsav
= key_newsav(m
, mhp
, newsah
, &error
, so
);
7279 if (newsav
== NULL
) {
7280 lck_mtx_unlock(sadb_mutex
);
7282 return key_senderror(so
, m
, error
);
7286 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7287 * this SA is for transport mode - otherwise clear it.
7289 if ((newsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
7290 (newsah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
7291 newsah
->saidx
.dst
.ss_family
!= AF_INET
))
7292 newsav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
7294 /* check SA values to be mature. */
7295 if ((error
= key_mature(newsav
)) != 0) {
7296 key_freesav(newsav
, KEY_SADB_LOCKED
);
7297 lck_mtx_unlock(sadb_mutex
);
7299 return key_senderror(so
, m
, error
);
7302 lck_mtx_unlock(sadb_mutex
);
7305 * don't call key_freesav() here, as we would like to keep the SA
7306 * in the database on success.
7312 /* set msg buf from mhp */
7313 n
= key_getmsgbuf_x1(m
, mhp
);
7315 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
7317 return key_senderror(so
, m
, ENOBUFS
);
7320 // mh.ext points to the mbuf content.
7321 // Zero out Encryption and Integrity keys if present.
7324 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7331 struct secashead
*sah
,
7333 const struct sadb_msghdr
*mhp
)
7335 const struct sadb_ident
*idsrc
, *iddst
;
7336 int idsrclen
, iddstlen
;
7338 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7341 if (sah
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7342 panic("key_setident: NULL pointer is passed.\n");
7344 /* don't make buffer if not there */
7345 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
&&
7346 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
7352 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
||
7353 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
7354 ipseclog((LOG_DEBUG
, "key_setident: invalid identity.\n"));
7358 idsrc
= (const struct sadb_ident
*)
7359 (void *)mhp
->ext
[SADB_EXT_IDENTITY_SRC
];
7360 iddst
= (const struct sadb_ident
*)
7361 (void *)mhp
->ext
[SADB_EXT_IDENTITY_DST
];
7362 idsrclen
= mhp
->extlen
[SADB_EXT_IDENTITY_SRC
];
7363 iddstlen
= mhp
->extlen
[SADB_EXT_IDENTITY_DST
];
7365 /* validity check */
7366 if (idsrc
->sadb_ident_type
!= iddst
->sadb_ident_type
) {
7367 ipseclog((LOG_DEBUG
, "key_setident: ident type mismatch.\n"));
7371 switch (idsrc
->sadb_ident_type
) {
7372 case SADB_IDENTTYPE_PREFIX
:
7373 case SADB_IDENTTYPE_FQDN
:
7374 case SADB_IDENTTYPE_USERFQDN
:
7376 /* XXX do nothing */
7382 /* make structure */
7383 KMALLOC_NOWAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
7384 if (sah
->idents
== NULL
) {
7385 lck_mtx_unlock(sadb_mutex
);
7386 KMALLOC_WAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
7387 lck_mtx_lock(sadb_mutex
);
7388 if (sah
->idents
== NULL
) {
7389 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
7393 KMALLOC_NOWAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
7394 if (sah
->identd
== NULL
) {
7395 lck_mtx_unlock(sadb_mutex
);
7396 KMALLOC_WAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
7397 lck_mtx_lock(sadb_mutex
);
7398 if (sah
->identd
== NULL
) {
7401 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
7405 bcopy(idsrc
, sah
->idents
, idsrclen
);
7406 bcopy(iddst
, sah
->identd
, iddstlen
);
7412 * m will not be freed on return.
7413 * it is caller's responsibility to free the result.
7415 static struct mbuf
*
7418 const struct sadb_msghdr
*mhp
)
7421 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7422 SADB_X_EXT_SA2
, SADB_EXT_ADDRESS_SRC
,
7423 SADB_EXT_ADDRESS_DST
, SADB_EXT_LIFETIME_HARD
,
7424 SADB_EXT_LIFETIME_SOFT
, SADB_EXT_IDENTITY_SRC
,
7425 SADB_EXT_IDENTITY_DST
};
7428 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7429 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
7431 /* create new sadb_msg to reply. */
7432 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7436 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7437 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7441 mtod(n
, struct sadb_msg
*)->sadb_msg_errno
= 0;
7442 mtod(n
, struct sadb_msg
*)->sadb_msg_len
=
7443 PFKEY_UNIT64(n
->m_pkthdr
.len
);
7448 static int key_delete_all(struct socket
*, struct mbuf
*,
7449 const struct sadb_msghdr
*, u_int16_t
);
7452 * SADB_DELETE processing
7454 * <base, SA(*), address(SD)>
7455 * from the ikmpd, and set SADB_SASTATE_DEAD,
7457 * <base, SA(*), address(SD)>
7460 * m will always be freed.
7466 const struct sadb_msghdr
*mhp
)
7468 struct sadb_sa
*sa0
;
7469 struct sadb_address
*src0
, *dst0
;
7470 ifnet_t ipsec_if
= NULL
;
7471 struct secasindex saidx
;
7472 struct secashead
*sah
;
7473 struct secasvar
*sav
= NULL
;
7476 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7479 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7480 panic("key_delete: NULL pointer is passed.\n");
7482 /* map satype to proto */
7483 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7484 ipseclog((LOG_DEBUG
, "key_delete: invalid satype is passed.\n"));
7485 return key_senderror(so
, m
, EINVAL
);
7488 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7489 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
7490 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7491 return key_senderror(so
, m
, EINVAL
);
7494 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7495 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7496 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7497 return key_senderror(so
, m
, EINVAL
);
7500 lck_mtx_lock(sadb_mutex
);
7502 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
7504 * Caller wants us to delete all non-LARVAL SAs
7505 * that match the src/dst. This is used during
7506 * IKE INITIAL-CONTACT.
7508 ipseclog((LOG_DEBUG
, "key_delete: doing delete all.\n"));
7509 /* key_delete_all will unlock sadb_mutex */
7510 return key_delete_all(so
, m
, mhp
, proto
);
7511 } else if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
)) {
7512 lck_mtx_unlock(sadb_mutex
);
7513 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7514 return key_senderror(so
, m
, EINVAL
);
7517 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7518 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7519 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7520 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7522 /* XXX boundary check against sa_len */
7523 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7525 /* get a SA header */
7526 LIST_FOREACH(sah
, &sahtree
, chain
) {
7527 if (sah
->state
== SADB_SASTATE_DEAD
)
7529 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7532 /* get a SA with SPI. */
7533 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7538 lck_mtx_unlock(sadb_mutex
);
7539 ipseclog((LOG_DEBUG
, "key_delete: no SA found.\n"));
7540 return key_senderror(so
, m
, ENOENT
);
7543 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
7544 key_freesav(sav
, KEY_SADB_LOCKED
);
7546 lck_mtx_unlock(sadb_mutex
);
7551 struct sadb_msg
*newmsg
;
7552 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7553 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
7555 /* create new sadb_msg to reply. */
7556 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7558 return key_senderror(so
, m
, ENOBUFS
);
7560 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7561 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7563 return key_senderror(so
, m
, ENOBUFS
);
7565 newmsg
= mtod(n
, struct sadb_msg
*);
7566 newmsg
->sadb_msg_errno
= 0;
7567 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7570 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7575 * delete all SAs for src/dst. Called from key_delete().
7581 const struct sadb_msghdr
*mhp
,
7584 struct sadb_address
*src0
, *dst0
;
7585 ifnet_t ipsec_if
= NULL
;
7586 struct secasindex saidx
;
7587 struct secashead
*sah
;
7588 struct secasvar
*sav
, *nextsav
;
7589 u_int stateidx
, state
;
7591 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7593 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7594 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7595 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7597 /* XXX boundary check against sa_len */
7598 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7600 LIST_FOREACH(sah
, &sahtree
, chain
) {
7601 if (sah
->state
== SADB_SASTATE_DEAD
)
7603 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7606 /* Delete all non-LARVAL SAs. */
7608 stateidx
< _ARRAYLEN(saorder_state_alive
);
7610 state
= saorder_state_alive
[stateidx
];
7611 if (state
== SADB_SASTATE_LARVAL
)
7613 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
7614 sav
!= NULL
; sav
= nextsav
) {
7615 nextsav
= LIST_NEXT(sav
, chain
);
7617 if (sav
->state
!= state
) {
7618 ipseclog((LOG_DEBUG
, "key_delete_all: "
7619 "invalid sav->state "
7620 "(queue: %d SA: %d)\n",
7621 state
, sav
->state
));
7625 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
7626 key_freesav(sav
, KEY_SADB_LOCKED
);
7630 lck_mtx_unlock(sadb_mutex
);
7634 struct sadb_msg
*newmsg
;
7635 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_ADDRESS_SRC
,
7636 SADB_EXT_ADDRESS_DST
};
7638 /* create new sadb_msg to reply. */
7639 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7641 return key_senderror(so
, m
, ENOBUFS
);
7643 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7644 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7646 return key_senderror(so
, m
, ENOBUFS
);
7648 newmsg
= mtod(n
, struct sadb_msg
*);
7649 newmsg
->sadb_msg_errno
= 0;
7650 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7653 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7658 * SADB_GET processing
7660 * <base, SA(*), address(SD)>
7661 * from the ikmpd, and get a SP and a SA to respond,
7663 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
7664 * (identity(SD),) (sensitivity)>
7667 * m will always be freed.
7673 const struct sadb_msghdr
*mhp
)
7675 struct sadb_sa
*sa0
;
7676 struct sadb_address
*src0
, *dst0
;
7677 ifnet_t ipsec_if
= NULL
;
7678 struct secasindex saidx
;
7679 struct secashead
*sah
;
7680 struct secasvar
*sav
= NULL
;
7683 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7686 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7687 panic("key_get: NULL pointer is passed.\n");
7689 /* map satype to proto */
7690 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7691 ipseclog((LOG_DEBUG
, "key_get: invalid satype is passed.\n"));
7692 return key_senderror(so
, m
, EINVAL
);
7695 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7696 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7697 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
7698 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
7699 return key_senderror(so
, m
, EINVAL
);
7701 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7702 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7703 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7704 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
7705 return key_senderror(so
, m
, EINVAL
);
7708 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7709 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
7710 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
7711 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7713 /* XXX boundary check against sa_len */
7714 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7716 lck_mtx_lock(sadb_mutex
);
7718 /* get a SA header */
7719 LIST_FOREACH(sah
, &sahtree
, chain
) {
7720 if (sah
->state
== SADB_SASTATE_DEAD
)
7722 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7725 /* get a SA with SPI. */
7726 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7731 lck_mtx_unlock(sadb_mutex
);
7732 ipseclog((LOG_DEBUG
, "key_get: no SA found.\n"));
7733 return key_senderror(so
, m
, ENOENT
);
7740 /* map proto to satype */
7741 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
7742 lck_mtx_unlock(sadb_mutex
);
7743 ipseclog((LOG_DEBUG
, "key_get: there was invalid proto in SAD.\n"));
7744 return key_senderror(so
, m
, EINVAL
);
7746 lck_mtx_unlock(sadb_mutex
);
7748 /* create new sadb_msg to reply. */
7749 n
= key_setdumpsa(sav
, SADB_GET
, satype
, mhp
->msg
->sadb_msg_seq
,
7750 mhp
->msg
->sadb_msg_pid
);
7755 return key_senderror(so
, m
, ENOBUFS
);
7758 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
7763 * get SA stats by spi.
7764 * OUT: -1 : not found
7765 * 0 : found, arg pointer to a SA stats is updated.
7768 key_getsastatbyspi_one (u_int32_t spi
,
7769 struct sastat
*stat
)
7771 struct secashead
*sah
;
7772 struct secasvar
*sav
= NULL
;
7774 if ((void *)stat
== NULL
) {
7778 lck_mtx_lock(sadb_mutex
);
7780 /* get a SA header */
7781 LIST_FOREACH(sah
, &sahtree
, chain
) {
7782 if (sah
->state
== SADB_SASTATE_DEAD
)
7785 /* get a SA with SPI. */
7786 sav
= key_getsavbyspi(sah
, spi
);
7788 stat
->spi
= sav
->spi
;
7789 stat
->created
= sav
->created
;
7791 bcopy(sav
->lft_c
,&stat
->lft_c
, sizeof(stat
->lft_c
));
7793 bzero(&stat
->lft_c
, sizeof(stat
->lft_c
));
7795 lck_mtx_unlock(sadb_mutex
);
7800 lck_mtx_unlock(sadb_mutex
);
7806 * get SA stats collection by indices.
7807 * OUT: -1 : not found
7808 * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
7811 key_getsastatbyspi (struct sastat
*stat_arg
,
7812 u_int32_t max_stat_arg
,
7813 struct sastat
*stat_res
,
7814 u_int32_t
*max_stat_res
)
7818 if (stat_arg
== NULL
||
7820 max_stat_res
== NULL
) {
7824 for (cur
= 0; cur
< max_stat_arg
; cur
++) {
7825 if (key_getsastatbyspi_one(stat_arg
[cur
].spi
,
7826 &stat_res
[found
]) == 0) {
7830 *max_stat_res
= found
;
7838 /* XXX make it sysctl-configurable? */
7840 key_getcomb_setlifetime(
7841 struct sadb_comb
*comb
)
7844 comb
->sadb_comb_soft_allocations
= 1;
7845 comb
->sadb_comb_hard_allocations
= 1;
7846 comb
->sadb_comb_soft_bytes
= 0;
7847 comb
->sadb_comb_hard_bytes
= 0;
7848 comb
->sadb_comb_hard_addtime
= 86400; /* 1 day */
7849 comb
->sadb_comb_soft_addtime
= comb
->sadb_comb_soft_addtime
* 80 / 100;
7850 comb
->sadb_comb_soft_usetime
= 28800; /* 8 hours */
7851 comb
->sadb_comb_hard_usetime
= comb
->sadb_comb_hard_usetime
* 80 / 100;
7856 * XXX reorder combinations by preference
7857 * XXX no idea if the user wants ESP authentication or not
7859 static struct mbuf
*
7860 key_getcomb_esp(void)
7862 struct sadb_comb
*comb
;
7863 const struct esp_algorithm
*algo
;
7864 struct mbuf
*result
= NULL
, *m
, *n
;
7868 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
7871 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
7872 algo
= esp_algorithm_lookup(i
);
7876 if (algo
->keymax
< ipsec_esp_keymin
)
7878 if (algo
->keymin
< ipsec_esp_keymin
)
7879 encmin
= ipsec_esp_keymin
;
7881 encmin
= algo
->keymin
;
7884 m
= key_getcomb_ah();
7888 panic("assumption failed in key_getcomb_esp");
7890 MGET(m
, M_WAITOK
, MT_DATA
);
7895 bzero(mtod(m
, caddr_t
), m
->m_len
);
7902 for (n
= m
; n
; n
= n
->m_next
)
7906 panic("assumption failed in key_getcomb_esp");
7909 for (off
= 0; off
< totlen
; off
+= l
) {
7910 n
= m_pulldown(m
, off
, l
, &o
);
7912 /* m is already freed */
7915 comb
= (struct sadb_comb
*)
7916 (void *)(mtod(n
, caddr_t
) + o
);
7917 bzero(comb
, sizeof(*comb
));
7918 key_getcomb_setlifetime(comb
);
7919 comb
->sadb_comb_encrypt
= i
;
7920 comb
->sadb_comb_encrypt_minbits
= encmin
;
7921 comb
->sadb_comb_encrypt_maxbits
= algo
->keymax
;
7940 * XXX reorder combinations by preference
7942 static struct mbuf
*
7943 key_getcomb_ah(void)
7945 struct sadb_comb
*comb
;
7946 const struct ah_algorithm
*algo
;
7950 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
7953 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
7955 /* we prefer HMAC algorithms, not old algorithms */
7956 if (i
!= SADB_AALG_SHA1HMAC
&& i
!= SADB_AALG_MD5HMAC
)
7959 algo
= ah_algorithm_lookup(i
);
7963 if (algo
->keymax
< ipsec_ah_keymin
)
7965 if (algo
->keymin
< ipsec_ah_keymin
)
7966 keymin
= ipsec_ah_keymin
;
7968 keymin
= algo
->keymin
;
7973 panic("assumption failed in key_getcomb_ah");
7975 MGET(m
, M_WAITOK
, MT_DATA
);
7982 M_PREPEND(m
, l
, M_WAITOK
, 1);
7986 comb
= mtod(m
, struct sadb_comb
*);
7987 bzero(comb
, sizeof(*comb
));
7988 key_getcomb_setlifetime(comb
);
7989 comb
->sadb_comb_auth
= i
;
7990 comb
->sadb_comb_auth_minbits
= keymin
;
7991 comb
->sadb_comb_auth_maxbits
= algo
->keymax
;
7998 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
7999 * XXX reorder combinations by preference
8001 static struct mbuf
*
8002 key_getcomb_ipcomp(void)
8004 struct sadb_comb
*comb
;
8005 const struct ipcomp_algorithm
*algo
;
8008 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
8011 for (i
= 1; i
<= SADB_X_CALG_MAX
; i
++) {
8012 algo
= ipcomp_algorithm_lookup(i
);
8019 panic("assumption failed in key_getcomb_ipcomp");
8021 MGET(m
, M_WAITOK
, MT_DATA
);
8028 M_PREPEND(m
, l
, M_WAITOK
, 1);
8032 comb
= mtod(m
, struct sadb_comb
*);
8033 bzero(comb
, sizeof(*comb
));
8034 key_getcomb_setlifetime(comb
);
8035 comb
->sadb_comb_encrypt
= i
;
8036 /* what should we set into sadb_comb_*_{min,max}bits? */
8043 * XXX no way to pass mode (transport/tunnel) to userland
8044 * XXX replay checking?
8045 * XXX sysctl interface to ipsec_{ah,esp}_keymin
8047 static struct mbuf
*
8049 const struct secasindex
*saidx
)
8051 struct sadb_prop
*prop
;
8053 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_prop
));
8056 switch (saidx
->proto
) {
8059 m
= key_getcomb_esp();
8063 m
= key_getcomb_ah();
8065 case IPPROTO_IPCOMP
:
8066 m
= key_getcomb_ipcomp();
8074 M_PREPEND(m
, l
, M_WAITOK
, 1);
8079 for (n
= m
; n
; n
= n
->m_next
)
8082 prop
= mtod(m
, struct sadb_prop
*);
8083 bzero(prop
, sizeof(*prop
));
8084 prop
->sadb_prop_len
= PFKEY_UNIT64(totlen
);
8085 prop
->sadb_prop_exttype
= SADB_EXT_PROPOSAL
;
8086 prop
->sadb_prop_replay
= 32; /* XXX */
8092 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
8094 * <base, SA, address(SD), (address(P)), x_policy,
8095 * (identity(SD),) (sensitivity,) proposal>
8096 * to KMD, and expect to receive
8097 * <base> with SADB_ACQUIRE if error occurred,
8099 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
8100 * from KMD by PF_KEY.
8102 * XXX x_policy is outside of RFC2367 (KAME extension).
8103 * XXX sensitivity is not supported.
8104 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
8105 * see comment for key_getcomb_ipcomp().
8109 * others: error number
8113 struct secasindex
*saidx
,
8114 struct secpolicy
*sp
)
8116 struct mbuf
*result
= NULL
, *m
;
8117 #ifndef IPSEC_NONBLOCK_ACQUIRE
8118 struct secacq
*newacq
;
8124 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
8128 panic("key_acquire: NULL pointer is passed.\n");
8129 if ((satype
= key_proto2satype(saidx
->proto
)) == 0)
8130 panic("key_acquire: invalid proto is passed.\n");
8132 #ifndef IPSEC_NONBLOCK_ACQUIRE
8134 * We never do anything about acquirng SA. There is anather
8135 * solution that kernel blocks to send SADB_ACQUIRE message until
8136 * getting something message from IKEd. In later case, to be
8137 * managed with ACQUIRING list.
8139 /* get a entry to check whether sending message or not. */
8140 lck_mtx_lock(sadb_mutex
);
8141 if ((newacq
= key_getacq(saidx
)) != NULL
) {
8142 if (key_blockacq_count
< newacq
->count
) {
8143 /* reset counter and do send message. */
8146 /* increment counter and do nothing. */
8148 lck_mtx_unlock(sadb_mutex
);
8152 /* make new entry for blocking to send SADB_ACQUIRE. */
8153 if ((newacq
= key_newacq(saidx
)) == NULL
) {
8154 lck_mtx_unlock(sadb_mutex
);
8158 /* add to acqtree */
8159 LIST_INSERT_HEAD(&acqtree
, newacq
, chain
);
8160 key_start_timehandler();
8163 lck_mtx_unlock(sadb_mutex
);
8166 seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
8168 m
= key_setsadbmsg(SADB_ACQUIRE
, 0, satype
, seq
, 0, 0);
8175 /* set sadb_address for saidx's. */
8176 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
8177 (struct sockaddr
*)&saidx
->src
, FULLMASK
, IPSEC_ULPROTO_ANY
);
8184 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
8185 (struct sockaddr
*)&saidx
->dst
, FULLMASK
, IPSEC_ULPROTO_ANY
);
8192 /* XXX proxy address (optional) */
8194 /* set sadb_x_policy */
8196 m
= key_setsadbxpolicy(sp
->policy
, sp
->spidx
.dir
, sp
->id
);
8204 /* XXX identity (optional) */
8206 if (idexttype
&& fqdn
) {
8207 /* create identity extension (FQDN) */
8208 struct sadb_ident
*id
;
8211 fqdnlen
= strlen(fqdn
) + 1; /* +1 for terminating-NUL */
8212 id
= (struct sadb_ident
*)p
;
8213 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
8214 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
8215 id
->sadb_ident_exttype
= idexttype
;
8216 id
->sadb_ident_type
= SADB_IDENTTYPE_FQDN
;
8217 bcopy(fqdn
, id
+ 1, fqdnlen
);
8218 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(fqdnlen
);
8222 /* create identity extension (USERFQDN) */
8223 struct sadb_ident
*id
;
8227 /* +1 for terminating-NUL */
8228 userfqdnlen
= strlen(userfqdn
) + 1;
8231 id
= (struct sadb_ident
*)p
;
8232 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
8233 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
8234 id
->sadb_ident_exttype
= idexttype
;
8235 id
->sadb_ident_type
= SADB_IDENTTYPE_USERFQDN
;
8236 /* XXX is it correct? */
8237 if (curproc
&& curproc
->p_cred
)
8238 id
->sadb_ident_id
= curproc
->p_cred
->p_ruid
;
8239 if (userfqdn
&& userfqdnlen
)
8240 bcopy(userfqdn
, id
+ 1, userfqdnlen
);
8241 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(userfqdnlen
);
8245 /* XXX sensitivity (optional) */
8247 /* create proposal/combination extension */
8248 m
= key_getprop(saidx
);
8251 * spec conformant: always attach proposal/combination extension,
8252 * the problem is that we have no way to attach it for ipcomp,
8253 * due to the way sadb_comb is declared in RFC2367.
8262 * outside of spec; make proposal/combination extension optional.
8268 if ((result
->m_flags
& M_PKTHDR
) == 0) {
8273 if (result
->m_len
< sizeof(struct sadb_msg
)) {
8274 result
= m_pullup(result
, sizeof(struct sadb_msg
));
8275 if (result
== NULL
) {
8281 result
->m_pkthdr
.len
= 0;
8282 for (m
= result
; m
; m
= m
->m_next
)
8283 result
->m_pkthdr
.len
+= m
->m_len
;
8285 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
8286 PFKEY_UNIT64(result
->m_pkthdr
.len
);
8288 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
8296 #ifndef IPSEC_NONBLOCK_ACQUIRE
8297 static struct secacq
*
8299 struct secasindex
*saidx
)
8301 struct secacq
*newacq
;
8305 KMALLOC_NOWAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
8306 if (newacq
== NULL
) {
8307 lck_mtx_unlock(sadb_mutex
);
8308 KMALLOC_WAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
8309 lck_mtx_lock(sadb_mutex
);
8310 if (newacq
== NULL
) {
8311 ipseclog((LOG_DEBUG
, "key_newacq: No more memory.\n"));
8315 bzero(newacq
, sizeof(*newacq
));
8318 bcopy(saidx
, &newacq
->saidx
, sizeof(newacq
->saidx
));
8319 newacq
->seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
);
8321 newacq
->created
= tv
.tv_sec
;
8327 static struct secacq
*
8329 struct secasindex
*saidx
)
8333 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8335 LIST_FOREACH(acq
, &acqtree
, chain
) {
8336 if (key_cmpsaidx(saidx
, &acq
->saidx
, CMP_EXACTLY
))
8343 static struct secacq
*
8349 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8351 LIST_FOREACH(acq
, &acqtree
, chain
) {
8352 if (acq
->seq
== seq
)
8360 static struct secspacq
*
8362 struct secpolicyindex
*spidx
)
8364 struct secspacq
*acq
;
8368 KMALLOC_NOWAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
8370 lck_mtx_unlock(sadb_mutex
);
8371 KMALLOC_WAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
8372 lck_mtx_lock(sadb_mutex
);
8374 ipseclog((LOG_DEBUG
, "key_newspacq: No more memory.\n"));
8378 bzero(acq
, sizeof(*acq
));
8381 bcopy(spidx
, &acq
->spidx
, sizeof(acq
->spidx
));
8383 acq
->created
= tv
.tv_sec
;
8389 static struct secspacq
*
8391 struct secpolicyindex
*spidx
)
8393 struct secspacq
*acq
;
8395 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8397 LIST_FOREACH(acq
, &spacqtree
, chain
) {
8398 if (key_cmpspidx_exactly(spidx
, &acq
->spidx
))
8406 * SADB_ACQUIRE processing,
8407 * in first situation, is receiving
8409 * from the ikmpd, and clear sequence of its secasvar entry.
8411 * In second situation, is receiving
8412 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8413 * from a user land process, and return
8414 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8417 * m will always be freed.
8423 const struct sadb_msghdr
*mhp
)
8425 const struct sadb_address
*src0
, *dst0
;
8426 ifnet_t ipsec_if
= NULL
;
8427 struct secasindex saidx
;
8428 struct secashead
*sah
;
8434 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8435 panic("key_acquire2: NULL pointer is passed.\n");
8438 * Error message from KMd.
8439 * We assume that if error was occurred in IKEd, the length of PFKEY
8440 * message is equal to the size of sadb_msg structure.
8441 * We do not raise error even if error occurred in this function.
8443 lck_mtx_lock(sadb_mutex
);
8445 if (mhp
->msg
->sadb_msg_len
== PFKEY_UNIT64(sizeof(struct sadb_msg
))) {
8446 #ifndef IPSEC_NONBLOCK_ACQUIRE
8450 /* check sequence number */
8451 if (mhp
->msg
->sadb_msg_seq
== 0) {
8452 lck_mtx_unlock(sadb_mutex
);
8453 ipseclog((LOG_DEBUG
, "key_acquire2: must specify sequence number.\n"));
8458 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) == NULL
) {
8460 * the specified larval SA is already gone, or we got
8461 * a bogus sequence number. we can silently ignore it.
8463 lck_mtx_unlock(sadb_mutex
);
8468 /* reset acq counter in order to deletion by timehander. */
8470 acq
->created
= tv
.tv_sec
;
8473 lck_mtx_unlock(sadb_mutex
);
8479 * This message is from user land.
8482 /* map satype to proto */
8483 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
8484 lck_mtx_unlock(sadb_mutex
);
8485 ipseclog((LOG_DEBUG
, "key_acquire2: invalid satype is passed.\n"));
8486 return key_senderror(so
, m
, EINVAL
);
8489 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
8490 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
8491 mhp
->ext
[SADB_EXT_PROPOSAL
] == NULL
) {
8493 lck_mtx_unlock(sadb_mutex
);
8494 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
8495 return key_senderror(so
, m
, EINVAL
);
8497 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
8498 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
8499 mhp
->extlen
[SADB_EXT_PROPOSAL
] < sizeof(struct sadb_prop
)) {
8501 lck_mtx_unlock(sadb_mutex
);
8502 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
8503 return key_senderror(so
, m
, EINVAL
);
8506 src0
= (const struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
8507 dst0
= (const struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
8508 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
8510 /* XXX boundary check against sa_len */
8512 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
8514 /* get a SA index */
8515 LIST_FOREACH(sah
, &sahtree
, chain
) {
8516 if (sah
->state
== SADB_SASTATE_DEAD
)
8518 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
| CMP_REQID
))
8522 lck_mtx_unlock(sadb_mutex
);
8523 ipseclog((LOG_DEBUG
, "key_acquire2: a SA exists already.\n"));
8524 return key_senderror(so
, m
, EEXIST
);
8526 lck_mtx_unlock(sadb_mutex
);
8527 error
= key_acquire(&saidx
, NULL
);
8529 ipseclog((LOG_DEBUG
, "key_acquire2: error %d returned "
8530 "from key_acquire.\n", mhp
->msg
->sadb_msg_errno
));
8531 return key_senderror(so
, m
, error
);
8534 return key_sendup_mbuf(so
, m
, KEY_SENDUP_REGISTERED
);
8538 * SADB_REGISTER processing.
8539 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
8542 * from the ikmpd, and register a socket to send PF_KEY messages,
8546 * If socket is detached, must free from regnode.
8548 * m will always be freed.
8554 const struct sadb_msghdr
*mhp
)
8556 struct secreg
*reg
, *newreg
= 0;
8559 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8560 panic("key_register: NULL pointer is passed.\n");
8562 /* check for invalid register message */
8563 if (mhp
->msg
->sadb_msg_satype
>= sizeof(regtree
)/sizeof(regtree
[0]))
8564 return key_senderror(so
, m
, EINVAL
);
8566 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
8567 if (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_UNSPEC
)
8570 /* create regnode */
8571 KMALLOC_WAIT(newreg
, struct secreg
*, sizeof(*newreg
));
8572 if (newreg
== NULL
) {
8573 ipseclog((LOG_DEBUG
, "key_register: No more memory.\n"));
8574 return key_senderror(so
, m
, ENOBUFS
);
8576 bzero((caddr_t
)newreg
, sizeof(*newreg
));
8578 lck_mtx_lock(sadb_mutex
);
8579 /* check whether existing or not */
8580 LIST_FOREACH(reg
, ®tree
[mhp
->msg
->sadb_msg_satype
], chain
) {
8581 if (reg
->so
== so
) {
8582 lck_mtx_unlock(sadb_mutex
);
8583 ipseclog((LOG_DEBUG
, "key_register: socket exists already.\n"));
8585 return key_senderror(so
, m
, EEXIST
);
8591 ((struct keycb
*)sotorawcb(so
))->kp_registered
++;
8592 socket_unlock(so
, 1);
8594 /* add regnode to regtree. */
8595 LIST_INSERT_HEAD(®tree
[mhp
->msg
->sadb_msg_satype
], newreg
, chain
);
8596 lck_mtx_unlock(sadb_mutex
);
8600 struct sadb_msg
*newmsg
;
8601 struct sadb_supported
*sup
;
8602 u_int len
, alen
, elen
;
8605 struct sadb_alg
*alg
;
8607 /* create new sadb_msg to reply. */
8609 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
8610 if (ah_algorithm_lookup(i
))
8611 alen
+= sizeof(struct sadb_alg
);
8614 alen
+= sizeof(struct sadb_supported
);
8617 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
8618 if (esp_algorithm_lookup(i
))
8619 elen
+= sizeof(struct sadb_alg
);
8622 elen
+= sizeof(struct sadb_supported
);
8625 len
= sizeof(struct sadb_msg
) + alen
+ elen
;
8628 return key_senderror(so
, m
, ENOBUFS
);
8630 MGETHDR(n
, M_WAITOK
, MT_DATA
);
8631 if (n
&& len
> MHLEN
) {
8632 MCLGET(n
, M_WAITOK
);
8633 if ((n
->m_flags
& M_EXT
) == 0) {
8639 return key_senderror(so
, m
, ENOBUFS
);
8641 n
->m_pkthdr
.len
= n
->m_len
= len
;
8645 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
8646 newmsg
= mtod(n
, struct sadb_msg
*);
8647 newmsg
->sadb_msg_errno
= 0;
8648 newmsg
->sadb_msg_len
= PFKEY_UNIT64(len
);
8649 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
8651 /* for authentication algorithm */
8653 sup
= (struct sadb_supported
*)(void *)(mtod(n
, caddr_t
) + off
);
8654 sup
->sadb_supported_len
= PFKEY_UNIT64(alen
);
8655 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
8656 off
+= PFKEY_ALIGN8(sizeof(*sup
));
8658 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
8659 const struct ah_algorithm
*aalgo
;
8661 aalgo
= ah_algorithm_lookup(i
);
8664 alg
= (struct sadb_alg
*)
8665 (void *)(mtod(n
, caddr_t
) + off
);
8666 alg
->sadb_alg_id
= i
;
8667 alg
->sadb_alg_ivlen
= 0;
8668 alg
->sadb_alg_minbits
= aalgo
->keymin
;
8669 alg
->sadb_alg_maxbits
= aalgo
->keymax
;
8670 off
+= PFKEY_ALIGN8(sizeof(*alg
));
8675 /* for encryption algorithm */
8677 sup
= (struct sadb_supported
*)(void *)(mtod(n
, caddr_t
) + off
);
8678 sup
->sadb_supported_len
= PFKEY_UNIT64(elen
);
8679 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_ENCRYPT
;
8680 off
+= PFKEY_ALIGN8(sizeof(*sup
));
8682 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
8683 const struct esp_algorithm
*ealgo
;
8685 ealgo
= esp_algorithm_lookup(i
);
8688 alg
= (struct sadb_alg
*)
8689 (void *)(mtod(n
, caddr_t
) + off
);
8690 alg
->sadb_alg_id
= i
;
8691 if (ealgo
&& ealgo
->ivlen
) {
8693 * give NULL to get the value preferred by
8694 * algorithm XXX SADB_X_EXT_DERIV ?
8696 alg
->sadb_alg_ivlen
=
8697 (*ealgo
->ivlen
)(ealgo
, NULL
);
8699 alg
->sadb_alg_ivlen
= 0;
8700 alg
->sadb_alg_minbits
= ealgo
->keymin
;
8701 alg
->sadb_alg_maxbits
= ealgo
->keymax
;
8702 off
+= PFKEY_ALIGN8(sizeof(struct sadb_alg
));
8709 panic("length assumption failed in key_register");
8713 return key_sendup_mbuf(so
, n
, KEY_SENDUP_REGISTERED
);
8718 key_delete_all_for_socket (struct socket
*so
)
8720 struct secashead
*sah
, *nextsah
;
8721 struct secasvar
*sav
, *nextsav
;
8725 for (sah
= LIST_FIRST(&sahtree
);
8728 nextsah
= LIST_NEXT(sah
, chain
);
8729 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
); stateidx
++) {
8730 state
= saorder_state_any
[stateidx
];
8731 for (sav
= LIST_FIRST(&sah
->savtree
[state
]); sav
!= NULL
; sav
= nextsav
) {
8732 nextsav
= LIST_NEXT(sav
, chain
);
8733 if (sav
->flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
&&
8735 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
8736 key_freesav(sav
, KEY_SADB_LOCKED
);
8744 * free secreg entry registered.
8745 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
8756 panic("key_freereg: NULL pointer is passed.\n");
8759 * check whether existing or not.
8760 * check all type of SA, because there is a potential that
8761 * one socket is registered to multiple type of SA.
8763 lck_mtx_lock(sadb_mutex
);
8764 key_delete_all_for_socket(so
);
8765 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
8766 LIST_FOREACH(reg
, ®tree
[i
], chain
) {
8768 && __LIST_CHAINED(reg
)) {
8769 LIST_REMOVE(reg
, chain
);
8775 lck_mtx_unlock(sadb_mutex
);
8780 * SADB_EXPIRE processing
8782 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
8784 * NOTE: We send only soft lifetime extension.
8787 * others : error number
8791 struct secasvar
*sav
)
8794 struct mbuf
*result
= NULL
, *m
;
8797 struct sadb_lifetime
*lt
;
8799 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
8803 panic("key_expire: NULL pointer is passed.\n");
8804 if (sav
->sah
== NULL
)
8805 panic("key_expire: Why was SA index in SA NULL.\n");
8806 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
8807 panic("key_expire: invalid proto is passed.\n");
8809 /* set msg header */
8810 m
= key_setsadbmsg(SADB_EXPIRE
, 0, satype
, sav
->seq
, 0, sav
->refcnt
);
8817 /* create SA extension */
8818 m
= key_setsadbsa(sav
);
8825 /* create SA extension */
8826 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
8827 sav
->replay
? sav
->replay
->count
: 0,
8828 sav
->sah
->saidx
.reqid
,
8836 /* create lifetime extension (current and soft) */
8837 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
8838 m
= key_alloc_mbuf(len
);
8839 if (!m
|| m
->m_next
) { /*XXX*/
8845 bzero(mtod(m
, caddr_t
), len
);
8846 lt
= mtod(m
, struct sadb_lifetime
*);
8847 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
8848 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
8849 lt
->sadb_lifetime_allocations
= sav
->lft_c
->sadb_lifetime_allocations
;
8850 lt
->sadb_lifetime_bytes
= sav
->lft_c
->sadb_lifetime_bytes
;
8851 lt
->sadb_lifetime_addtime
= sav
->lft_c
->sadb_lifetime_addtime
;
8852 lt
->sadb_lifetime_usetime
= sav
->lft_c
->sadb_lifetime_usetime
;
8853 lt
= (struct sadb_lifetime
*)(void *)(mtod(m
, caddr_t
) + len
/ 2);
8854 bcopy(sav
->lft_s
, lt
, sizeof(*lt
));
8857 /* set sadb_address for source */
8858 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
8859 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
8860 FULLMASK
, IPSEC_ULPROTO_ANY
);
8867 /* set sadb_address for destination */
8868 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
8869 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
8870 FULLMASK
, IPSEC_ULPROTO_ANY
);
8877 if ((result
->m_flags
& M_PKTHDR
) == 0) {
8882 if (result
->m_len
< sizeof(struct sadb_msg
)) {
8883 result
= m_pullup(result
, sizeof(struct sadb_msg
));
8884 if (result
== NULL
) {
8890 result
->m_pkthdr
.len
= 0;
8891 for (m
= result
; m
; m
= m
->m_next
)
8892 result
->m_pkthdr
.len
+= m
->m_len
;
8894 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
8895 PFKEY_UNIT64(result
->m_pkthdr
.len
);
8897 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
8906 * SADB_FLUSH processing
8909 * from the ikmpd, and free all entries in secastree.
8913 * NOTE: to do is only marking SADB_SASTATE_DEAD.
8915 * m will always be freed.
8921 const struct sadb_msghdr
*mhp
)
8923 struct sadb_msg
*newmsg
;
8924 struct secashead
*sah
, *nextsah
;
8925 struct secasvar
*sav
, *nextsav
;
8931 if (so
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8932 panic("key_flush: NULL pointer is passed.\n");
8934 /* map satype to proto */
8935 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
8936 ipseclog((LOG_DEBUG
, "key_flush: invalid satype is passed.\n"));
8937 return key_senderror(so
, m
, EINVAL
);
8940 lck_mtx_lock(sadb_mutex
);
8942 /* no SATYPE specified, i.e. flushing all SA. */
8943 for (sah
= LIST_FIRST(&sahtree
);
8946 nextsah
= LIST_NEXT(sah
, chain
);
8948 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
8949 && proto
!= sah
->saidx
.proto
)
8953 stateidx
< _ARRAYLEN(saorder_state_alive
);
8955 state
= saorder_state_any
[stateidx
];
8956 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
8960 nextsav
= LIST_NEXT(sav
, chain
);
8962 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
8963 key_freesav(sav
, KEY_SADB_LOCKED
);
8967 sah
->state
= SADB_SASTATE_DEAD
;
8969 lck_mtx_unlock(sadb_mutex
);
8971 if (m
->m_len
< sizeof(struct sadb_msg
) ||
8972 sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
8973 ipseclog((LOG_DEBUG
, "key_flush: No more memory.\n"));
8974 return key_senderror(so
, m
, ENOBUFS
);
8980 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct sadb_msg
);
8981 newmsg
= mtod(m
, struct sadb_msg
*);
8982 newmsg
->sadb_msg_errno
= 0;
8983 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
8985 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
8989 * SADB_DUMP processing
8990 * dump all entries including status of DEAD in SAD.
8993 * from the ikmpd, and dump all secasvar leaves
8998 * m will always be freed.
9001 struct sav_dump_elem
{
9002 struct secasvar
*sav
;
9010 const struct sadb_msghdr
*mhp
)
9012 struct secashead
*sah
;
9013 struct secasvar
*sav
;
9014 struct sav_dump_elem
*savbuf
= NULL
, *elem_ptr
;
9019 int cnt
= 0, cnt2
, bufcount
;
9023 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9026 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
9027 panic("key_dump: NULL pointer is passed.\n");
9029 /* map satype to proto */
9030 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
9031 ipseclog((LOG_DEBUG
, "key_dump: invalid satype is passed.\n"));
9032 return key_senderror(so
, m
, EINVAL
);
9035 if ((bufcount
= ipsec_sav_count
) <= 0) {
9039 bufcount
+= 512; /* extra */
9040 KMALLOC_WAIT(savbuf
, struct sav_dump_elem
*, bufcount
* sizeof(struct sav_dump_elem
));
9041 if (savbuf
== NULL
) {
9042 ipseclog((LOG_DEBUG
, "key_dump: No more memory.\n"));
9047 /* count sav entries to be sent to the userland. */
9048 lck_mtx_lock(sadb_mutex
);
9050 LIST_FOREACH(sah
, &sahtree
, chain
) {
9051 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
9052 && proto
!= sah
->saidx
.proto
)
9055 /* map proto to satype */
9056 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
9057 lck_mtx_unlock(sadb_mutex
);
9058 ipseclog((LOG_DEBUG
, "key_dump: there was invalid proto in SAD.\n"));
9064 stateidx
< _ARRAYLEN(saorder_state_any
);
9066 state
= saorder_state_any
[stateidx
];
9067 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
9068 if (cnt
== bufcount
)
9069 break; /* out of buffer space */
9070 elem_ptr
->sav
= sav
;
9071 elem_ptr
->satype
= satype
;
9078 lck_mtx_unlock(sadb_mutex
);
9085 /* send this to the userland, one at a time. */
9089 n
= key_setdumpsa(elem_ptr
->sav
, SADB_DUMP
, elem_ptr
->satype
,
9090 --cnt2
, mhp
->msg
->sadb_msg_pid
);
9097 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
9105 lck_mtx_lock(sadb_mutex
);
9107 key_freesav((elem_ptr
++)->sav
, KEY_SADB_LOCKED
);
9108 lck_mtx_unlock(sadb_mutex
);
9114 return key_senderror(so
, m
, error
);
9121 * SADB_X_PROMISC processing
9123 * m will always be freed.
9129 const struct sadb_msghdr
*mhp
)
9134 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
9135 panic("key_promisc: NULL pointer is passed.\n");
9137 olen
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
9139 if (olen
< sizeof(struct sadb_msg
)) {
9141 return key_senderror(so
, m
, EINVAL
);
9146 } else if (olen
== sizeof(struct sadb_msg
)) {
9147 /* enable/disable promisc mode */
9151 if ((kp
= (struct keycb
*)sotorawcb(so
)) == NULL
)
9152 return key_senderror(so
, m
, EINVAL
);
9153 mhp
->msg
->sadb_msg_errno
= 0;
9154 switch (mhp
->msg
->sadb_msg_satype
) {
9157 kp
->kp_promisc
= mhp
->msg
->sadb_msg_satype
;
9160 socket_unlock(so
, 1);
9161 return key_senderror(so
, m
, EINVAL
);
9163 socket_unlock(so
, 1);
9165 /* send the original message back to everyone */
9166 mhp
->msg
->sadb_msg_errno
= 0;
9167 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
9169 /* send packet as is */
9171 m_adj(m
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)));
9173 /* TODO: if sadb_msg_seq is specified, send to specific pid */
9174 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
9178 static int (*key_typesw
[])(struct socket
*, struct mbuf
*,
9179 const struct sadb_msghdr
*) = {
9180 NULL
, /* SADB_RESERVED */
9181 key_getspi
, /* SADB_GETSPI */
9182 key_update
, /* SADB_UPDATE */
9183 key_add
, /* SADB_ADD */
9184 key_delete
, /* SADB_DELETE */
9185 key_get
, /* SADB_GET */
9186 key_acquire2
, /* SADB_ACQUIRE */
9187 key_register
, /* SADB_REGISTER */
9188 NULL
, /* SADB_EXPIRE */
9189 key_flush
, /* SADB_FLUSH */
9190 key_dump
, /* SADB_DUMP */
9191 key_promisc
, /* SADB_X_PROMISC */
9192 NULL
, /* SADB_X_PCHANGE */
9193 key_spdadd
, /* SADB_X_SPDUPDATE */
9194 key_spdadd
, /* SADB_X_SPDADD */
9195 key_spddelete
, /* SADB_X_SPDDELETE */
9196 key_spdget
, /* SADB_X_SPDGET */
9197 NULL
, /* SADB_X_SPDACQUIRE */
9198 key_spddump
, /* SADB_X_SPDDUMP */
9199 key_spdflush
, /* SADB_X_SPDFLUSH */
9200 key_spdadd
, /* SADB_X_SPDSETIDX */
9201 NULL
, /* SADB_X_SPDEXPIRE */
9202 key_spddelete2
, /* SADB_X_SPDDELETE2 */
9203 key_getsastat
, /* SADB_GETSASTAT */
9204 key_spdenable
, /* SADB_X_SPDENABLE */
9205 key_spddisable
, /* SADB_X_SPDDISABLE */
9206 key_migrate
, /* SADB_MIGRATE */
9210 bzero_mbuf(struct mbuf
*m
)
9212 struct mbuf
*mptr
= m
;
9213 struct sadb_msg
*msg
= NULL
;
9220 if (mptr
->m_len
>= sizeof(struct sadb_msg
)) {
9221 msg
= mtod(mptr
, struct sadb_msg
*);
9222 if (msg
->sadb_msg_type
!= SADB_ADD
&&
9223 msg
->sadb_msg_type
!= SADB_UPDATE
) {
9226 offset
= sizeof(struct sadb_msg
);
9228 bzero(mptr
->m_data
+offset
, mptr
->m_len
-offset
);
9229 mptr
= mptr
->m_next
;
9230 while (mptr
!= NULL
) {
9231 bzero(mptr
->m_data
, mptr
->m_len
);
9232 mptr
= mptr
->m_next
;
9237 bzero_keys(const struct sadb_msghdr
*mh
)
9245 offset
= sizeof(struct sadb_key
);
9247 if (mh
->ext
[SADB_EXT_KEY_ENCRYPT
]) {
9248 struct sadb_key
*key
= (struct sadb_key
*)mh
->ext
[SADB_EXT_KEY_ENCRYPT
];
9249 extlen
= key
->sadb_key_bits
>> 3;
9251 if (mh
->extlen
[SADB_EXT_KEY_ENCRYPT
] >= offset
+ extlen
) {
9252 bzero((uint8_t *)mh
->ext
[SADB_EXT_KEY_ENCRYPT
]+offset
, extlen
);
9254 bzero(mh
->ext
[SADB_EXT_KEY_ENCRYPT
], mh
->extlen
[SADB_EXT_KEY_ENCRYPT
]);
9257 if (mh
->ext
[SADB_EXT_KEY_AUTH
]) {
9258 struct sadb_key
*key
= (struct sadb_key
*)mh
->ext
[SADB_EXT_KEY_AUTH
];
9259 extlen
= key
->sadb_key_bits
>> 3;
9261 if (mh
->extlen
[SADB_EXT_KEY_AUTH
] >= offset
+ extlen
) {
9262 bzero((uint8_t *)mh
->ext
[SADB_EXT_KEY_AUTH
]+offset
, extlen
);
9264 bzero(mh
->ext
[SADB_EXT_KEY_AUTH
], mh
->extlen
[SADB_EXT_KEY_AUTH
]);
9270 * parse sadb_msg buffer to process PFKEYv2,
9271 * and create a data to response if needed.
9272 * I think to be dealed with mbuf directly.
9274 * msgp : pointer to pointer to a received buffer pulluped.
9275 * This is rewrited to response.
9276 * so : pointer to socket.
9278 * length for buffer to send to user process.
9285 struct sadb_msg
*msg
;
9286 struct sadb_msghdr mh
;
9290 Boolean keyAligned
= FALSE
;
9292 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9295 if (m
== NULL
|| so
== NULL
)
9296 panic("key_parse: NULL pointer is passed.\n");
9298 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
9299 KEYDEBUG(KEYDEBUG_KEY_DUMP
,
9300 ipseclog((LOG_DEBUG
, "key_parse: passed sadb_msg\n"));
9304 if (m
->m_len
< sizeof(struct sadb_msg
)) {
9305 m
= m_pullup(m
, sizeof(struct sadb_msg
));
9309 msg
= mtod(m
, struct sadb_msg
*);
9310 orglen
= PFKEY_UNUNIT64(msg
->sadb_msg_len
);
9311 target
= KEY_SENDUP_ONE
;
9313 if ((m
->m_flags
& M_PKTHDR
) == 0 ||
9314 m
->m_pkthdr
.len
!= m
->m_pkthdr
.len
) {
9315 ipseclog((LOG_DEBUG
, "key_parse: invalid message length.\n"));
9316 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9321 if (msg
->sadb_msg_version
!= PF_KEY_V2
) {
9322 ipseclog((LOG_DEBUG
,
9323 "key_parse: PF_KEY version %u is mismatched.\n",
9324 msg
->sadb_msg_version
));
9325 PFKEY_STAT_INCREMENT(pfkeystat
.out_invver
);
9330 if (msg
->sadb_msg_type
> SADB_MAX
) {
9331 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
9332 msg
->sadb_msg_type
));
9333 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
9338 /* for old-fashioned code - should be nuked */
9339 if (m
->m_pkthdr
.len
> MCLBYTES
) {
9346 MGETHDR(n
, M_WAITOK
, MT_DATA
);
9347 if (n
&& m
->m_pkthdr
.len
> MHLEN
) {
9348 MCLGET(n
, M_WAITOK
);
9349 if ((n
->m_flags
& M_EXT
) == 0) {
9359 m_copydata(m
, 0, m
->m_pkthdr
.len
, mtod(n
, caddr_t
));
9360 n
->m_pkthdr
.len
= n
->m_len
= m
->m_pkthdr
.len
;
9367 /* align the mbuf chain so that extensions are in contiguous region. */
9368 error
= key_align(m
, &mh
);
9372 if (m
->m_next
) { /*XXX*/
9382 switch (msg
->sadb_msg_satype
) {
9383 case SADB_SATYPE_UNSPEC
:
9384 switch (msg
->sadb_msg_type
) {
9392 ipseclog((LOG_DEBUG
, "key_parse: must specify satype "
9393 "when msg type=%u.\n", msg
->sadb_msg_type
));
9394 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9399 case SADB_SATYPE_AH
:
9400 case SADB_SATYPE_ESP
:
9401 case SADB_X_SATYPE_IPCOMP
:
9402 switch (msg
->sadb_msg_type
) {
9404 case SADB_X_SPDDELETE
:
9406 case SADB_X_SPDDUMP
:
9407 case SADB_X_SPDFLUSH
:
9408 case SADB_X_SPDSETIDX
:
9409 case SADB_X_SPDUPDATE
:
9410 case SADB_X_SPDDELETE2
:
9411 case SADB_X_SPDENABLE
:
9412 case SADB_X_SPDDISABLE
:
9413 ipseclog((LOG_DEBUG
, "key_parse: illegal satype=%u\n",
9414 msg
->sadb_msg_type
));
9415 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9420 case SADB_SATYPE_RSVP
:
9421 case SADB_SATYPE_OSPFV2
:
9422 case SADB_SATYPE_RIPV2
:
9423 case SADB_SATYPE_MIP
:
9424 ipseclog((LOG_DEBUG
, "key_parse: type %u isn't supported.\n",
9425 msg
->sadb_msg_satype
));
9426 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9429 case 1: /* XXX: What does it do? */
9430 if (msg
->sadb_msg_type
== SADB_X_PROMISC
)
9434 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
9435 msg
->sadb_msg_satype
));
9436 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9441 /* check field of upper layer protocol and address family */
9442 if (mh
.ext
[SADB_EXT_ADDRESS_SRC
] != NULL
9443 && mh
.ext
[SADB_EXT_ADDRESS_DST
] != NULL
) {
9444 struct sadb_address
*src0
, *dst0
;
9447 src0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_SRC
]);
9448 dst0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_DST
]);
9450 /* check upper layer protocol */
9451 if (src0
->sadb_address_proto
!= dst0
->sadb_address_proto
) {
9452 ipseclog((LOG_DEBUG
, "key_parse: upper layer protocol mismatched.\n"));
9453 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9459 if (PFKEY_ADDR_SADDR(src0
)->sa_family
!=
9460 PFKEY_ADDR_SADDR(dst0
)->sa_family
) {
9461 ipseclog((LOG_DEBUG
, "key_parse: address family mismatched.\n"));
9462 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9466 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9467 PFKEY_ADDR_SADDR(dst0
)->sa_len
) {
9468 ipseclog((LOG_DEBUG
,
9469 "key_parse: address struct size mismatched.\n"));
9470 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9475 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
9477 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9478 sizeof(struct sockaddr_in
)) {
9479 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9485 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9486 sizeof(struct sockaddr_in6
)) {
9487 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9493 ipseclog((LOG_DEBUG
,
9494 "key_parse: unsupported address family.\n"));
9495 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9496 error
= EAFNOSUPPORT
;
9500 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
9502 plen
= sizeof(struct in_addr
) << 3;
9505 plen
= sizeof(struct in6_addr
) << 3;
9508 plen
= 0; /*fool gcc*/
9512 /* check max prefix length */
9513 if (src0
->sadb_address_prefixlen
> plen
||
9514 dst0
->sadb_address_prefixlen
> plen
) {
9515 ipseclog((LOG_DEBUG
,
9516 "key_parse: illegal prefixlen.\n"));
9517 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9523 * prefixlen == 0 is valid because there can be a case when
9524 * all addresses are matched.
9528 if (msg
->sadb_msg_type
>= sizeof(key_typesw
)/sizeof(key_typesw
[0]) ||
9529 key_typesw
[msg
->sadb_msg_type
] == NULL
) {
9530 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
9535 error
= (*key_typesw
[msg
->sadb_msg_type
])(so
, m
, &mh
);
9545 msg
->sadb_msg_errno
= error
;
9546 return key_sendup_mbuf(so
, m
, target
);
9555 struct sadb_msg
*msg
;
9557 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9559 if (m
->m_len
< sizeof(struct sadb_msg
))
9560 panic("invalid mbuf passed to key_senderror");
9562 msg
= mtod(m
, struct sadb_msg
*);
9563 msg
->sadb_msg_errno
= code
;
9564 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
9568 * set the pointer to each header into message buffer.
9569 * m will be freed on error.
9570 * XXX larger-than-MCLBYTES extension?
9575 struct sadb_msghdr
*mhp
)
9578 struct sadb_ext
*ext
;
9584 if (m
== NULL
|| mhp
== NULL
)
9585 panic("key_align: NULL pointer is passed.\n");
9586 if (m
->m_len
< sizeof(struct sadb_msg
))
9587 panic("invalid mbuf passed to key_align");
9590 bzero(mhp
, sizeof(*mhp
));
9592 mhp
->msg
= mtod(m
, struct sadb_msg
*);
9593 mhp
->ext
[0] = (struct sadb_ext
*)mhp
->msg
; /*XXX backward compat */
9595 end
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
9596 extlen
= end
; /*just in case extlen is not updated*/
9597 for (off
= sizeof(struct sadb_msg
); off
< end
; off
+= extlen
) {
9598 n
= m_pulldown(m
, off
, sizeof(struct sadb_ext
), &toff
);
9600 /* m is already freed */
9603 ext
= (struct sadb_ext
*)(void *)(mtod(n
, caddr_t
) + toff
);
9606 switch (ext
->sadb_ext_type
) {
9608 case SADB_EXT_ADDRESS_SRC
:
9609 case SADB_EXT_ADDRESS_DST
:
9610 case SADB_EXT_ADDRESS_PROXY
:
9611 case SADB_EXT_LIFETIME_CURRENT
:
9612 case SADB_EXT_LIFETIME_HARD
:
9613 case SADB_EXT_LIFETIME_SOFT
:
9614 case SADB_EXT_KEY_AUTH
:
9615 case SADB_EXT_KEY_ENCRYPT
:
9616 case SADB_EXT_IDENTITY_SRC
:
9617 case SADB_EXT_IDENTITY_DST
:
9618 case SADB_EXT_SENSITIVITY
:
9619 case SADB_EXT_PROPOSAL
:
9620 case SADB_EXT_SUPPORTED_AUTH
:
9621 case SADB_EXT_SUPPORTED_ENCRYPT
:
9622 case SADB_EXT_SPIRANGE
:
9623 case SADB_X_EXT_POLICY
:
9624 case SADB_X_EXT_SA2
:
9625 case SADB_EXT_SESSION_ID
:
9626 case SADB_EXT_SASTAT
:
9627 case SADB_X_EXT_IPSECIF
:
9628 case SADB_X_EXT_ADDR_RANGE_SRC_START
:
9629 case SADB_X_EXT_ADDR_RANGE_SRC_END
:
9630 case SADB_X_EXT_ADDR_RANGE_DST_START
:
9631 case SADB_X_EXT_ADDR_RANGE_DST_END
:
9632 case SADB_EXT_MIGRATE_ADDRESS_SRC
:
9633 case SADB_EXT_MIGRATE_ADDRESS_DST
:
9634 case SADB_X_EXT_MIGRATE_IPSECIF
:
9635 /* duplicate check */
9637 * XXX Are there duplication payloads of either
9638 * KEY_AUTH or KEY_ENCRYPT ?
9640 if (mhp
->ext
[ext
->sadb_ext_type
] != NULL
) {
9641 ipseclog((LOG_DEBUG
,
9642 "key_align: duplicate ext_type %u "
9643 "is passed.\n", ext
->sadb_ext_type
));
9646 PFKEY_STAT_INCREMENT(pfkeystat
.out_dupext
);
9651 ipseclog((LOG_DEBUG
,
9652 "key_align: invalid ext_type %u is passed.\n",
9653 ext
->sadb_ext_type
));
9656 PFKEY_STAT_INCREMENT(pfkeystat
.out_invexttype
);
9660 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
9662 if (key_validate_ext(ext
, extlen
)) {
9665 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9669 n
= m_pulldown(m
, off
, extlen
, &toff
);
9671 /* m is already freed */
9674 ext
= (struct sadb_ext
*)(void *)(mtod(n
, caddr_t
) + toff
);
9676 mhp
->ext
[ext
->sadb_ext_type
] = ext
;
9677 mhp
->extoff
[ext
->sadb_ext_type
] = off
;
9678 mhp
->extlen
[ext
->sadb_ext_type
] = extlen
;
9684 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9693 const struct sadb_ext
*ext
,
9696 struct sockaddr
*sa
;
9697 enum { NONE
, ADDR
} checktype
= NONE
;
9699 const int sal
= offsetof(struct sockaddr
, sa_len
) + sizeof(sa
->sa_len
);
9701 if (len
!= PFKEY_UNUNIT64(ext
->sadb_ext_len
))
9704 /* if it does not match minimum/maximum length, bail */
9705 if (ext
->sadb_ext_type
>= sizeof(minsize
) / sizeof(minsize
[0]) ||
9706 ext
->sadb_ext_type
>= sizeof(maxsize
) / sizeof(maxsize
[0]))
9708 if (!minsize
[ext
->sadb_ext_type
] || len
< minsize
[ext
->sadb_ext_type
])
9710 if (maxsize
[ext
->sadb_ext_type
] && len
> maxsize
[ext
->sadb_ext_type
])
9713 /* more checks based on sadb_ext_type XXX need more */
9714 switch (ext
->sadb_ext_type
) {
9715 case SADB_EXT_ADDRESS_SRC
:
9716 case SADB_EXT_ADDRESS_DST
:
9717 case SADB_EXT_ADDRESS_PROXY
:
9718 case SADB_X_EXT_ADDR_RANGE_SRC_START
:
9719 case SADB_X_EXT_ADDR_RANGE_SRC_END
:
9720 case SADB_X_EXT_ADDR_RANGE_DST_START
:
9721 case SADB_X_EXT_ADDR_RANGE_DST_END
:
9722 case SADB_EXT_MIGRATE_ADDRESS_SRC
:
9723 case SADB_EXT_MIGRATE_ADDRESS_DST
:
9724 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_address
));
9727 case SADB_EXT_IDENTITY_SRC
:
9728 case SADB_EXT_IDENTITY_DST
:
9729 if (((struct sadb_ident
*)(uintptr_t)(size_t)ext
)->
9730 sadb_ident_type
== SADB_X_IDENTTYPE_ADDR
) {
9731 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_ident
));
9741 switch (checktype
) {
9745 sa
= (struct sockaddr
*)((caddr_t
)(uintptr_t)ext
+ baselen
);
9747 if (len
< baselen
+ sal
)
9749 if (baselen
+ PFKEY_ALIGN8(sa
->sa_len
) != len
)
9758 * XXX: maybe This function is called after INBOUND IPsec processing.
9760 * Special check for tunnel-mode packets.
9761 * We must make some checks for consistency between inner and outer IP header.
9763 * xxx more checks to be provided
9766 key_checktunnelsanity(
9767 struct secasvar
*sav
,
9768 __unused u_int family
,
9769 __unused caddr_t src
,
9770 __unused caddr_t dst
)
9774 if (sav
->sah
== NULL
)
9775 panic("sav->sah == NULL at key_checktunnelsanity");
9777 /* XXX: check inner IP header */
9782 /* record data transfer on SA, and update timestamps */
9785 struct secasvar
*sav
,
9791 panic("key_sa_recordxfer called with sav == NULL");
9793 panic("key_sa_recordxfer called with m == NULL");
9797 lck_mtx_lock(sadb_mutex
);
9799 * XXX Currently, there is a difference of bytes size
9800 * between inbound and outbound processing.
9802 sav
->lft_c
->sadb_lifetime_bytes
+= m
->m_pkthdr
.len
;
9803 /* to check bytes lifetime is done in key_timehandler(). */
9806 * We use the number of packets as the unit of
9807 * sadb_lifetime_allocations. We increment the variable
9808 * whenever {esp,ah}_{in,out}put is called.
9810 sav
->lft_c
->sadb_lifetime_allocations
++;
9811 /* XXX check for expires? */
9814 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
9815 * in seconds. HARD and SOFT lifetime are measured by the time
9816 * difference (again in seconds) from sadb_lifetime_usetime.
9820 * -----+-----+--------+---> t
9821 * <--------------> HARD
9827 sav
->lft_c
->sadb_lifetime_usetime
= tv
.tv_sec
;
9828 /* XXX check for expires? */
9830 lck_mtx_unlock(sadb_mutex
);
9838 struct sockaddr
*dst
)
9840 struct secashead
*sah
;
9843 lck_mtx_lock(sadb_mutex
);
9844 LIST_FOREACH(sah
, &sahtree
, chain
) {
9845 ro
= &sah
->sa_route
;
9846 if (ro
->ro_rt
&& dst
->sa_len
== ro
->ro_dst
.sa_len
9847 && bcmp(dst
, &ro
->ro_dst
, dst
->sa_len
) == 0) {
9851 lck_mtx_unlock(sadb_mutex
);
9858 struct secasvar
*sav
,
9863 panic("key_sa_chgstate called with sav == NULL");
9865 if (sav
->state
== state
)
9868 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
9870 if (__LIST_CHAINED(sav
))
9871 LIST_REMOVE(sav
, chain
);
9874 LIST_INSERT_HEAD(&sav
->sah
->savtree
[state
], sav
, chain
);
9880 struct secasvar
*sav
)
9882 lck_mtx_lock(sadb_mutex
);
9884 panic("key_sa_stir_iv called with sav == NULL");
9885 key_randomfill(sav
->iv
, sav
->ivlen
);
9886 lck_mtx_unlock(sadb_mutex
);
9890 static struct mbuf
*
9894 struct mbuf
*m
= NULL
, *n
;
9899 MGET(n
, M_DONTWAIT
, MT_DATA
);
9900 if (n
&& len
> MLEN
)
9901 MCLGET(n
, M_DONTWAIT
);
9909 n
->m_len
= M_TRAILINGSPACE(n
);
9910 /* use the bottom of mbuf, hoping we can prepend afterwards */
9911 if (n
->m_len
> len
) {
9912 t
= (n
->m_len
- len
) & ~(sizeof(long) - 1);
9928 static struct mbuf
*
9929 key_setdumpsastats (u_int32_t dir
,
9930 struct sastat
*stats
,
9931 u_int32_t max_stats
,
9932 u_int64_t session_ids
[],
9936 struct mbuf
*result
= NULL
, *m
= NULL
;
9938 m
= key_setsadbmsg(SADB_GETSASTAT
, 0, 0, seq
, pid
, 0);
9944 m
= key_setsadbsession_id(session_ids
);
9950 m
= key_setsadbsastat(dir
,
9958 if ((result
->m_flags
& M_PKTHDR
) == 0) {
9962 if (result
->m_len
< sizeof(struct sadb_msg
)) {
9963 result
= m_pullup(result
, sizeof(struct sadb_msg
));
9964 if (result
== NULL
) {
9969 result
->m_pkthdr
.len
= 0;
9970 for (m
= result
; m
; m
= m
->m_next
) {
9971 result
->m_pkthdr
.len
+= m
->m_len
;
9974 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
9975 PFKEY_UNIT64(result
->m_pkthdr
.len
);
9987 * SADB_GETSASTAT processing
9988 * dump all stats for matching entries in SAD.
9990 * m will always be freed.
9994 key_getsastat (struct socket
*so
,
9996 const struct sadb_msghdr
*mhp
)
9998 struct sadb_session_id
*session_id
;
9999 u_int32_t bufsize
, arg_count
, res_count
;
10000 struct sadb_sastat
*sa_stats_arg
;
10001 struct sastat
*sa_stats_sav
= NULL
;
10006 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
10007 panic("%s: NULL pointer is passed.\n", __FUNCTION__
);
10009 if (mhp
->ext
[SADB_EXT_SESSION_ID
] == NULL
) {
10010 printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__
);
10011 return key_senderror(so
, m
, EINVAL
);
10013 if (mhp
->extlen
[SADB_EXT_SESSION_ID
] < sizeof(struct sadb_session_id
)) {
10014 printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__
);
10015 return key_senderror(so
, m
, EINVAL
);
10017 if (mhp
->ext
[SADB_EXT_SASTAT
] == NULL
) {
10018 printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__
);
10019 return key_senderror(so
, m
, EINVAL
);
10021 if (mhp
->extlen
[SADB_EXT_SASTAT
] < sizeof(*sa_stats_arg
)) {
10022 printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__
);
10023 return key_senderror(so
, m
, EINVAL
);
10026 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
10028 // exit early if there are no active SAs
10029 if (ipsec_sav_count
<= 0) {
10030 printf("%s: No active SAs.\n", __FUNCTION__
);
10034 bufsize
= (ipsec_sav_count
+ 1) * sizeof(*sa_stats_sav
);
10036 KMALLOC_WAIT(sa_stats_sav
, __typeof__(sa_stats_sav
), bufsize
);
10037 if (sa_stats_sav
== NULL
) {
10038 printf("%s: No more memory.\n", __FUNCTION__
);
10042 bzero(sa_stats_sav
, bufsize
);
10044 sa_stats_arg
= (__typeof__(sa_stats_arg
))
10045 (void *)mhp
->ext
[SADB_EXT_SASTAT
];
10046 arg_count
= sa_stats_arg
->sadb_sastat_list_len
;
10047 // exit early if there are no requested SAs
10048 if (arg_count
== 0) {
10049 printf("%s: No SAs requested.\n", __FUNCTION__
);
10055 if (key_getsastatbyspi((struct sastat
*)(sa_stats_arg
+ 1),
10059 printf("%s: Error finding SAs.\n", __FUNCTION__
);
10064 printf("%s: No SAs found.\n", __FUNCTION__
);
10069 session_id
= (__typeof__(session_id
))
10070 (void *)mhp
->ext
[SADB_EXT_SESSION_ID
];
10072 /* send this to the userland. */
10073 n
= key_setdumpsastats(sa_stats_arg
->sadb_sastat_dir
,
10076 session_id
->sadb_session_id_v
,
10077 mhp
->msg
->sadb_msg_seq
,
10078 mhp
->msg
->sadb_msg_pid
);
10080 printf("%s: No bufs to dump stats.\n", __FUNCTION__
);
10085 key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
10087 if (sa_stats_sav
) {
10088 KFREE(sa_stats_sav
);
10092 return key_senderror(so
, m
, error
);
10099 key_update_natt_keepalive_timestamp (struct secasvar
*sav_sent
,
10100 struct secasvar
*sav_update
)
10102 struct secasindex saidx_swap_sent_addr
;
10104 // exit early if two SAs are identical, or if sav_update is current
10105 if (sav_sent
== sav_update
||
10106 sav_update
->natt_last_activity
== natt_now
) {
10110 // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
10112 bzero(&saidx_swap_sent_addr
, sizeof(saidx_swap_sent_addr
));
10113 memcpy(&saidx_swap_sent_addr
.src
, &sav_sent
->sah
->saidx
.dst
, sizeof(saidx_swap_sent_addr
.src
));
10114 memcpy(&saidx_swap_sent_addr
.dst
, &sav_sent
->sah
->saidx
.src
, sizeof(saidx_swap_sent_addr
.dst
));
10115 saidx_swap_sent_addr
.proto
= sav_sent
->sah
->saidx
.proto
;
10116 saidx_swap_sent_addr
.mode
= sav_sent
->sah
->saidx
.mode
;
10117 // we ignore reqid for split-tunnel setups
10119 if (key_cmpsaidx(&sav_sent
->sah
->saidx
, &sav_update
->sah
->saidx
, CMP_MODE
| CMP_PORT
) ||
10120 key_cmpsaidx(&saidx_swap_sent_addr
, &sav_update
->sah
->saidx
, CMP_MODE
| CMP_PORT
)) {
10121 sav_update
->natt_last_activity
= natt_now
;
10126 key_send_delsp (struct secpolicy
*sp
)
10128 struct mbuf
*result
= NULL
, *m
;
10133 /* set msg header */
10134 m
= key_setsadbmsg(SADB_X_SPDDELETE
, 0, 0, 0, 0, 0);
10140 /* set sadb_address(es) for source */
10141 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
10142 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
10143 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
10144 sp
->spidx
.ul_proto
);
10149 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
10150 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
10151 sp
->spidx
.ul_proto
);
10156 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
10157 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
10158 sp
->spidx
.ul_proto
);
10164 /* set sadb_address(es) for destination */
10165 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
10166 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
10167 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
10168 sp
->spidx
.ul_proto
);
10173 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
10174 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
10175 sp
->spidx
.ul_proto
);
10180 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
10181 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
10182 sp
->spidx
.ul_proto
);
10188 /* set secpolicy */
10189 m
= key_sp2msg(sp
);
10195 if ((result
->m_flags
& M_PKTHDR
) == 0) {
10199 if (result
->m_len
< sizeof(struct sadb_msg
)) {
10200 result
= m_pullup(result
, sizeof(struct sadb_msg
));
10201 if (result
== NULL
) {
10206 result
->m_pkthdr
.len
= 0;
10207 for (m
= result
; m
; m
= m
->m_next
)
10208 result
->m_pkthdr
.len
+= m
->m_len
;
10210 mtod(result
, struct sadb_msg
*)->sadb_msg_len
= PFKEY_UNIT64(result
->m_pkthdr
.len
);
10212 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
10221 key_delsp_for_ipsec_if (ifnet_t ipsec_if
)
10223 struct secashead
*sah
;
10224 struct secasvar
*sav
, *nextsav
;
10227 struct secpolicy
*sp
, *nextsp
;
10230 if (ipsec_if
== NULL
)
10233 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
10235 lck_mtx_lock(sadb_mutex
);
10237 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
10238 for (sp
= LIST_FIRST(&sptree
[dir
]);
10242 nextsp
= LIST_NEXT(sp
, chain
);
10244 if (sp
->ipsec_if
== ipsec_if
) {
10245 ifnet_release(sp
->ipsec_if
);
10246 sp
->ipsec_if
= NULL
;
10248 key_send_delsp(sp
);
10250 sp
->state
= IPSEC_SPSTATE_DEAD
;
10251 key_freesp(sp
, KEY_SADB_LOCKED
);
10256 LIST_FOREACH(sah
, &sahtree
, chain
) {
10257 if (sah
->ipsec_if
== ipsec_if
) {
10258 /* This SAH is linked to the IPSec interface. It now needs to close. */
10259 ifnet_release(sah
->ipsec_if
);
10260 sah
->ipsec_if
= NULL
;
10262 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
); stateidx
++) {
10263 state
= saorder_state_any
[stateidx
];
10264 for (sav
= LIST_FIRST(&sah
->savtree
[state
]); sav
!= NULL
; sav
= nextsav
) {
10265 nextsav
= LIST_NEXT(sav
, chain
);
10267 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
10268 key_freesav(sav
, KEY_SADB_LOCKED
);
10272 sah
->state
= SADB_SASTATE_DEAD
;
10276 lck_mtx_unlock(sadb_mutex
);
10279 __private_extern__ u_int32_t
10280 key_fill_offload_frames_for_savs (ifnet_t ifp
,
10281 struct ifnet_keepalive_offload_frame
*frames_array
,
10282 u_int32_t frames_array_count
,
10283 size_t frame_data_offset
)
10285 struct secashead
*sah
= NULL
;
10286 struct secasvar
*sav
= NULL
;
10287 struct ifnet_keepalive_offload_frame
*frame
= frames_array
;
10288 u_int32_t frame_index
= 0;
10290 if (frame
== NULL
|| frames_array_count
== 0) {
10291 return (frame_index
);
10294 lck_mtx_lock(sadb_mutex
);
10295 LIST_FOREACH(sah
, &sahtree
, chain
) {
10296 LIST_FOREACH(sav
, &sah
->savtree
[SADB_SASTATE_MATURE
], chain
) {
10297 if (ipsec_fill_offload_frame(ifp
, sav
, frame
, frame_data_offset
)) {
10299 if (frame_index
>= frames_array_count
) {
10300 lck_mtx_unlock(sadb_mutex
);
10301 return (frame_index
);
10303 frame
= &(frames_array
[frame_index
]);
10307 lck_mtx_unlock(sadb_mutex
);
10309 return (frame_index
);
projects / apple / xnu.git / blob