2 * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 /* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
30 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62 * This code is referd to RFC 2367
65 #include <machine/endian.h>
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/systm.h>
69 #include <sys/kernel.h>
71 #include <sys/domain.h>
72 #include <sys/protosw.h>
73 #include <sys/malloc.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/sysctl.h>
77 #include <sys/errno.h>
79 #include <sys/queue.h>
80 #include <sys/syslog.h>
81 #include <sys/mcache.h>
83 #include <kern/locks.h>
86 #include <net/route.h>
87 #include <net/raw_cb.h>
89 #include <netinet/in.h>
90 #include <netinet/in_systm.h>
91 #include <netinet/ip.h>
92 #include <netinet/in_var.h>
95 #include <netinet/ip6.h>
96 #include <netinet6/in6_var.h>
97 #include <netinet6/ip6_var.h>
100 #include <net/pfkeyv2.h>
101 #include <netkey/keydb.h>
102 #include <netkey/key.h>
103 #include <netkey/keysock.h>
104 #include <netkey/key_debug.h>
108 #include <netinet6/ipsec.h>
110 #include <netinet6/ipsec6.h>
112 #include <netinet6/ah.h>
114 #include <netinet6/ah6.h>
117 #include <netinet6/esp.h>
119 #include <netinet6/esp6.h>
122 #include <netinet6/ipcomp.h>
124 #include <netinet6/ipcomp6.h>
129 #include <sys/random.h>
131 #include <net/net_osdep.h>
133 #define FULLMASK 0xff
135 lck_grp_t
*sadb_mutex_grp
;
136 lck_grp_attr_t
*sadb_mutex_grp_attr
;
137 lck_attr_t
*sadb_mutex_attr
;
138 decl_lck_mtx_data(, sadb_mutex_data
);
139 lck_mtx_t
*sadb_mutex
= &sadb_mutex_data
;
141 lck_grp_t
*pfkey_stat_mutex_grp
;
142 lck_grp_attr_t
*pfkey_stat_mutex_grp_attr
;
143 lck_attr_t
*pfkey_stat_mutex_attr
;
144 decl_lck_mtx_data(, pfkey_stat_mutex_data
);
145 lck_mtx_t
*pfkey_stat_mutex
= &pfkey_stat_mutex_data
;
148 * Note on SA reference counting:
149 * - SAs that are not in DEAD state will have (total external reference + 1)
150 * following value in reference count field. they cannot be freed and are
151 * referenced from SA header.
152 * - SAs that are in DEAD state will have (total external reference)
153 * in reference count field. they are ready to be freed. reference from
154 * SA header will be removed in key_delsav(), when the reference count
155 * field hits 0 (= no external reference other than from SA header.
158 u_int32_t key_debug_level
= 0; //### our sysctl is not dynamic
159 static int key_timehandler_running
= 0;
160 static u_int key_spi_trycnt
= 1000;
161 static u_int32_t key_spi_minval
= 0x100;
162 static u_int32_t key_spi_maxval
= 0x0fffffff; /* XXX */
163 static u_int32_t policy_id
= 0;
164 static u_int key_int_random
= 60; /*interval to initialize randseed,1(m)*/
165 static u_int key_larval_lifetime
= 30; /* interval to expire acquiring, 30(s)*/
166 static int key_blockacq_count
= 10; /* counter for blocking SADB_ACQUIRE.*/
167 static int key_blockacq_lifetime
= 20; /* lifetime for blocking SADB_ACQUIRE.*/
168 static int key_preferred_oldsa
= 0; /* preferred old sa rather than new sa.*/
169 __private_extern__
int natt_keepalive_interval
= 20; /* interval between natt keepalives.*/
170 __private_extern__
int ipsec_policy_count
= 0;
171 static int ipsec_sav_count
= 0;
173 static u_int32_t acq_seq
= 0;
174 static int key_tick_init_random
= 0;
175 static u_int64_t up_time
= 0;
176 __private_extern__ u_int64_t natt_now
= 0;
178 static LIST_HEAD(_sptree
, secpolicy
) sptree
[IPSEC_DIR_MAX
]; /* SPD */
179 static LIST_HEAD(_sahtree
, secashead
) sahtree
; /* SAD */
180 static LIST_HEAD(_regtree
, secreg
) regtree
[SADB_SATYPE_MAX
+ 1];
183 #define SPIHASHSIZE 128
184 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
185 static LIST_HEAD(_spihash
, secasvar
) spihash
[SPIHASHSIZE
];
187 #ifndef IPSEC_NONBLOCK_ACQUIRE
188 static LIST_HEAD(_acqtree
, secacq
) acqtree
; /* acquiring list */
190 static LIST_HEAD(_spacqtree
, secspacq
) spacqtree
; /* SP acquiring list */
192 struct key_cb key_cb
;
194 /* search order for SAs */
195 static const u_int saorder_state_valid_prefer_old
[] = {
196 SADB_SASTATE_DYING
, SADB_SASTATE_MATURE
,
198 static const u_int saorder_state_valid_prefer_new
[] = {
199 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
201 static const u_int saorder_state_alive
[] = {
203 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
, SADB_SASTATE_LARVAL
205 static const u_int saorder_state_any
[] = {
206 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
207 SADB_SASTATE_LARVAL
, SADB_SASTATE_DEAD
210 static const int minsize
[] = {
211 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
212 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
213 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
214 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
215 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
216 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_SRC */
217 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_DST */
218 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_PROXY */
219 sizeof(struct sadb_key
), /* SADB_EXT_KEY_AUTH */
220 sizeof(struct sadb_key
), /* SADB_EXT_KEY_ENCRYPT */
221 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_SRC */
222 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_DST */
223 sizeof(struct sadb_sens
), /* SADB_EXT_SENSITIVITY */
224 sizeof(struct sadb_prop
), /* SADB_EXT_PROPOSAL */
225 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_AUTH */
226 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_ENCRYPT */
227 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
228 0, /* SADB_X_EXT_KMPRIVATE */
229 sizeof(struct sadb_x_policy
), /* SADB_X_EXT_POLICY */
230 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
231 sizeof(struct sadb_session_id
), /* SADB_EXT_SESSION_ID */
232 sizeof(struct sadb_sastat
), /* SADB_EXT_SASTAT */
233 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_IPSECIF */
234 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_SRC_START */
235 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_SRC_END */
236 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_DST_START */
237 sizeof(struct sadb_address
), /* SADB_X_EXT_ADDR_RANGE_DST_END */
238 sizeof(struct sadb_address
), /* SADB_EXT_MIGRATE_ADDRESS_SRC */
239 sizeof(struct sadb_address
), /* SADB_EXT_MIGRATE_ADDRESS_DST */
240 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_MIGRATE_IPSECIF */
242 static const int maxsize
[] = {
243 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
244 sizeof(struct sadb_sa_2
), /* SADB_EXT_SA */
245 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
246 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
247 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
248 0, /* SADB_EXT_ADDRESS_SRC */
249 0, /* SADB_EXT_ADDRESS_DST */
250 0, /* SADB_EXT_ADDRESS_PROXY */
251 0, /* SADB_EXT_KEY_AUTH */
252 0, /* SADB_EXT_KEY_ENCRYPT */
253 0, /* SADB_EXT_IDENTITY_SRC */
254 0, /* SADB_EXT_IDENTITY_DST */
255 0, /* SADB_EXT_SENSITIVITY */
256 0, /* SADB_EXT_PROPOSAL */
257 0, /* SADB_EXT_SUPPORTED_AUTH */
258 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
259 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
260 0, /* SADB_X_EXT_KMPRIVATE */
261 0, /* SADB_X_EXT_POLICY */
262 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
263 0, /* SADB_EXT_SESSION_ID */
264 0, /* SADB_EXT_SASTAT */
265 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_IPSECIF */
266 0, /* SADB_X_EXT_ADDR_RANGE_SRC_START */
267 0, /* SADB_X_EXT_ADDR_RANGE_SRC_END */
268 0, /* SADB_X_EXT_ADDR_RANGE_DST_START */
269 0, /* SADB_X_EXT_ADDR_RANGE_DST_END */
270 0, /* SADB_EXT_MIGRATE_ADDRESS_SRC */
271 0, /* SADB_EXT_MIGRATE_ADDRESS_DST */
272 sizeof(struct sadb_x_ipsecif
), /* SADB_X_EXT_MIGRATE_IPSECIF */
275 static int ipsec_esp_keymin
= 256;
276 static int ipsec_esp_auth
= 0;
277 static int ipsec_ah_keymin
= 128;
279 SYSCTL_DECL(_net_key
);
280 /* Thread safe: no accumulated state */
281 SYSCTL_INT(_net_key
, KEYCTL_DEBUG_LEVEL
, debug
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
282 &key_debug_level
, 0, "");
285 /* max count of trial for the decision of spi value */
286 SYSCTL_INT(_net_key
, KEYCTL_SPI_TRY
, spi_trycnt
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
287 &key_spi_trycnt
, 0, "");
289 /* minimum spi value to allocate automatically. */
290 SYSCTL_INT(_net_key
, KEYCTL_SPI_MIN_VALUE
, spi_minval
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
291 &key_spi_minval
, 0, "");
293 /* maximun spi value to allocate automatically. */
294 SYSCTL_INT(_net_key
, KEYCTL_SPI_MAX_VALUE
, spi_maxval
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
295 &key_spi_maxval
, 0, "");
297 /* interval to initialize randseed */
298 SYSCTL_INT(_net_key
, KEYCTL_RANDOM_INT
, int_random
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
299 &key_int_random
, 0, "");
301 /* lifetime for larval SA; thread safe due to > compare */
302 SYSCTL_INT(_net_key
, KEYCTL_LARVAL_LIFETIME
, larval_lifetime
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
303 &key_larval_lifetime
, 0, "");
305 /* counter for blocking to send SADB_ACQUIRE to IKEd */
306 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_COUNT
, blockacq_count
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
307 &key_blockacq_count
, 0, "");
309 /* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
310 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_LIFETIME
, blockacq_lifetime
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
311 &key_blockacq_lifetime
, 0, "");
314 SYSCTL_INT(_net_key
, KEYCTL_ESP_AUTH
, esp_auth
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
315 &ipsec_esp_auth
, 0, "");
317 /* minimum ESP key length */
318 SYSCTL_INT(_net_key
, KEYCTL_ESP_KEYMIN
, esp_keymin
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
319 &ipsec_esp_keymin
, 0, "");
321 /* minimum AH key length */
322 SYSCTL_INT(_net_key
, KEYCTL_AH_KEYMIN
, ah_keymin
, CTLFLAG_RW
| CTLFLAG_LOCKED
, \
323 &ipsec_ah_keymin
, 0, "");
325 /* perfered old SA rather than new SA */
326 SYSCTL_INT(_net_key
, KEYCTL_PREFERED_OLDSA
, prefered_oldsa
, CTLFLAG_RW
| CTLFLAG_LOCKED
,\
327 &key_preferred_oldsa
, 0, "");
329 /* time between NATT keepalives in seconds, 0 disabled */
330 SYSCTL_INT(_net_key
, KEYCTL_NATT_KEEPALIVE_INTERVAL
, natt_keepalive_interval
, CTLFLAG_RW
| CTLFLAG_LOCKED
,\
331 &natt_keepalive_interval
, 0, "");
333 /* PF_KEY statistics */
334 SYSCTL_STRUCT(_net_key
, KEYCTL_PFKEYSTAT
, pfkeystat
, CTLFLAG_RD
| CTLFLAG_LOCKED
,\
335 &pfkeystat
, pfkeystat
, "");
338 #define LIST_FOREACH(elm, head, field) \
339 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
341 #define __LIST_CHAINED(elm) \
342 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
343 #define LIST_INSERT_TAIL(head, elm, type, field) \
345 struct type *curelm = LIST_FIRST(head); \
346 if (curelm == NULL) {\
347 LIST_INSERT_HEAD(head, elm, field); \
349 while (LIST_NEXT(curelm, field)) \
350 curelm = LIST_NEXT(curelm, field);\
351 LIST_INSERT_AFTER(curelm, elm, field);\
355 #define KEY_CHKSASTATE(head, sav, name) \
357 if ((head) != (sav)) { \
358 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
359 (name), (head), (sav))); \
364 #define KEY_CHKSPDIR(head, sp, name) \
366 if ((head) != (sp)) { \
367 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
368 "anyway continue.\n", \
369 (name), (head), (sp))); \
374 #define KMALLOC_WAIT(p, t, n) \
375 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
376 #define KMALLOC_NOWAIT(p, t, n) \
377 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
379 _FREE((caddr_t)(p), M_SECA);
381 #define KMALLOC_WAIT(p, t, n) \
383 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
384 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
385 __FILE__, __LINE__, (p), #t, n); \
387 #define KMALLOC_NOWAIT(p, t, n) \
389 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
390 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
391 __FILE__, __LINE__, (p), #t, n); \
396 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
397 _FREE((caddr_t)(p), M_SECA); \
402 * set parameters into secpolicyindex buffer.
403 * Must allocate secpolicyindex buffer passed to this function.
405 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, ifp, s_s, s_e, d_s, d_e, idx) \
407 bzero((idx), sizeof(struct secpolicyindex)); \
408 (idx)->dir = (_dir); \
409 (idx)->prefs = (ps); \
410 (idx)->prefd = (pd); \
411 (idx)->ul_proto = (ulp); \
412 (idx)->internal_if = (ifp); \
413 if (s) bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
414 if (d) bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
415 if (s_s) bcopy((s_s), &(idx)->src_range.start, ((struct sockaddr *)(s_s))->sa_len); \
416 if (s_e) bcopy((s_e), &(idx)->src_range.end, ((struct sockaddr *)(s_e))->sa_len); \
417 if (d_s) bcopy((d_s), &(idx)->dst_range.start, ((struct sockaddr *)(d_s))->sa_len); \
418 if (d_e) bcopy((d_e), &(idx)->dst_range.end, ((struct sockaddr *)(d_e))->sa_len); \
422 * set parameters into secasindex buffer.
423 * Must allocate secasindex buffer before calling this function.
425 #define KEY_SETSECASIDX(p, m, r, s, d, ifi, idx) \
427 bzero((idx), sizeof(struct secasindex)); \
428 (idx)->proto = (p); \
430 (idx)->reqid = (r); \
431 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
432 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
433 (idx)->ipsec_ifindex = (ifi); \
438 u_int32_t getspi_count
; /* the avarage of count to try to get new SPI */
442 struct sadb_msg
*msg
;
443 struct sadb_ext
*ext
[SADB_EXT_MAX
+ 1];
444 int extoff
[SADB_EXT_MAX
+ 1];
445 int extlen
[SADB_EXT_MAX
+ 1];
448 static struct secpolicy
*__key_getspbyid(u_int32_t id
);
449 static struct secasvar
*key_do_allocsa_policy(struct secashead
*, u_int
, u_int16_t
);
450 static int key_do_get_translated_port(struct secashead
*, struct secasvar
*, u_int
);
451 static void key_delsp(struct secpolicy
*);
452 static struct secpolicy
*key_getsp(struct secpolicyindex
*);
453 static u_int32_t
key_newreqid(void);
454 static struct mbuf
*key_gather_mbuf(struct mbuf
*,
455 const struct sadb_msghdr
*, int, int, int *);
456 static int key_spdadd(struct socket
*, struct mbuf
*,
457 const struct sadb_msghdr
*);
458 static u_int32_t
key_getnewspid(void);
459 static int key_spddelete(struct socket
*, struct mbuf
*,
460 const struct sadb_msghdr
*);
461 static int key_spddelete2(struct socket
*, struct mbuf
*,
462 const struct sadb_msghdr
*);
463 static int key_spdenable(struct socket
*, struct mbuf
*,
464 const struct sadb_msghdr
*);
465 static int key_spddisable(struct socket
*, struct mbuf
*,
466 const struct sadb_msghdr
*);
467 static int key_spdget(struct socket
*, struct mbuf
*,
468 const struct sadb_msghdr
*);
469 static int key_spdflush(struct socket
*, struct mbuf
*,
470 const struct sadb_msghdr
*);
471 static int key_spddump(struct socket
*, struct mbuf
*,
472 const struct sadb_msghdr
*);
473 static struct mbuf
*key_setdumpsp(struct secpolicy
*,
474 u_int8_t
, u_int32_t
, u_int32_t
);
475 static u_int
key_getspreqmsglen(struct secpolicy
*);
476 static int key_spdexpire(struct secpolicy
*);
477 static struct secashead
*key_newsah(struct secasindex
*, ifnet_t
, u_int
, u_int8_t
);
478 static struct secasvar
*key_newsav(struct mbuf
*,
479 const struct sadb_msghdr
*, struct secashead
*, int *,
481 static struct secashead
*key_getsah(struct secasindex
*);
482 static struct secasvar
*key_checkspidup(struct secasindex
*, u_int32_t
);
483 static void key_setspi
__P((struct secasvar
*, u_int32_t
));
484 static struct secasvar
*key_getsavbyspi(struct secashead
*, u_int32_t
);
485 static int key_setsaval(struct secasvar
*, struct mbuf
*,
486 const struct sadb_msghdr
*);
487 static int key_mature(struct secasvar
*);
488 static struct mbuf
*key_setdumpsa(struct secasvar
*, u_int8_t
,
489 u_int8_t
, u_int32_t
, u_int32_t
);
490 static struct mbuf
*key_setsadbmsg(u_int8_t
, u_int16_t
, u_int8_t
,
491 u_int32_t
, pid_t
, u_int16_t
);
492 static struct mbuf
*key_setsadbsa(struct secasvar
*);
493 static struct mbuf
*key_setsadbaddr(u_int16_t
,
494 struct sockaddr
*, u_int8_t
, u_int16_t
);
495 static struct mbuf
*key_setsadbipsecif(ifnet_t
, ifnet_t
, ifnet_t
, int);
497 static struct mbuf
*key_setsadbident(u_int16_t
, u_int16_t
, caddr_t
,
500 static struct mbuf
*key_setsadbxsa2(u_int8_t
, u_int32_t
, u_int32_t
, u_int16_t
);
501 static struct mbuf
*key_setsadbxpolicy(u_int16_t
, u_int8_t
,
503 static void *key_newbuf(const void *, u_int
);
505 static int key_ismyaddr6(struct sockaddr_in6
*);
507 static void key_update_natt_keepalive_timestamp(struct secasvar
*, struct secasvar
*);
509 /* flags for key_cmpsaidx() */
510 #define CMP_HEAD 0x1 /* protocol, addresses. */
511 #define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
512 #define CMP_REQID 0x4 /* additionally HEAD, reqid. */
513 #define CMP_MODE 0x8 /* additionally mode. */
514 #define CMP_EXACTLY 0xF /* all elements. */
515 static int key_cmpsaidx(struct secasindex
*, struct secasindex
*, int);
517 static int key_cmpspidx_exactly(struct secpolicyindex
*,
518 struct secpolicyindex
*);
519 static int key_cmpspidx_withmask(struct secpolicyindex
*,
520 struct secpolicyindex
*);
521 static int key_sockaddrcmp(struct sockaddr
*, struct sockaddr
*, int);
522 static int key_is_addr_in_range(struct sockaddr_storage
*, struct secpolicyaddrrange
*);
523 static int key_bbcmp(caddr_t
, caddr_t
, u_int
);
524 static void key_srandom(void);
525 static u_int16_t
key_satype2proto(u_int8_t
);
526 static u_int8_t
key_proto2satype(u_int16_t
);
528 static int key_getspi(struct socket
*, struct mbuf
*,
529 const struct sadb_msghdr
*);
530 static u_int32_t
key_do_getnewspi(struct sadb_spirange
*, struct secasindex
*);
531 static int key_update(struct socket
*, struct mbuf
*,
532 const struct sadb_msghdr
*);
534 static struct secasvar
*key_getsavbyseq(struct secashead
*, u_int32_t
);
536 static int key_add(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
537 static int key_setident(struct secashead
*, struct mbuf
*,
538 const struct sadb_msghdr
*);
539 static struct mbuf
*key_getmsgbuf_x1(struct mbuf
*, const struct sadb_msghdr
*);
540 static int key_delete(struct socket
*, struct mbuf
*,
541 const struct sadb_msghdr
*);
542 static int key_get(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
544 static void key_getcomb_setlifetime(struct sadb_comb
*);
546 static struct mbuf
*key_getcomb_esp(void);
548 static struct mbuf
*key_getcomb_ah(void);
549 static struct mbuf
*key_getcomb_ipcomp(void);
550 static struct mbuf
*key_getprop(const struct secasindex
*);
552 static int key_acquire(struct secasindex
*, struct secpolicy
*);
553 #ifndef IPSEC_NONBLOCK_ACQUIRE
554 static struct secacq
*key_newacq(struct secasindex
*);
555 static struct secacq
*key_getacq(struct secasindex
*);
556 static struct secacq
*key_getacqbyseq(u_int32_t
);
558 static struct secspacq
*key_newspacq(struct secpolicyindex
*);
559 static struct secspacq
*key_getspacq(struct secpolicyindex
*);
560 static int key_acquire2(struct socket
*, struct mbuf
*,
561 const struct sadb_msghdr
*);
562 static int key_register(struct socket
*, struct mbuf
*,
563 const struct sadb_msghdr
*);
564 static int key_expire(struct secasvar
*);
565 static int key_flush(struct socket
*, struct mbuf
*,
566 const struct sadb_msghdr
*);
567 static int key_dump(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
568 static int key_promisc(struct socket
*, struct mbuf
*,
569 const struct sadb_msghdr
*);
570 static int key_senderror(struct socket
*, struct mbuf
*, int);
571 static int key_validate_ext(const struct sadb_ext
*, int);
572 static int key_align(struct mbuf
*, struct sadb_msghdr
*);
573 static struct mbuf
*key_alloc_mbuf(int);
574 static int key_getsastat (struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
575 static int key_migrate (struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
576 static int key_setsaval2(struct secasvar
*sav
,
582 struct sadb_key
*key_auth
,
583 u_int16_t key_auth_len
,
584 struct sadb_key
*key_enc
,
585 u_int16_t key_enc_len
,
590 struct sadb_lifetime
*lifetime_hard
,
591 struct sadb_lifetime
*lifetime_soft
);
592 static void bzero_keys(const struct sadb_msghdr
*);
594 extern int ipsec_bypass
;
595 extern int esp_udp_encap_port
;
596 int ipsec_send_natt_keepalive(struct secasvar
*sav
);
597 bool ipsec_fill_offload_frame(ifnet_t ifp
, struct secasvar
*sav
, struct ifnet_keepalive_offload_frame
*frame
, size_t frame_data_offset
);
599 void key_init(struct protosw
*, struct domain
*);
603 * setup locks, call raw_init(), and then init timer and associated data
607 key_init(struct protosw
*pp
, struct domain
*dp
)
609 static int key_initialized
= 0;
612 VERIFY((pp
->pr_flags
& (PR_INITIALIZED
|PR_ATTACHED
)) == PR_ATTACHED
);
614 _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg
)) <= _MHLEN
);
620 sadb_mutex_grp_attr
= lck_grp_attr_alloc_init();
621 sadb_mutex_grp
= lck_grp_alloc_init("sadb", sadb_mutex_grp_attr
);
622 sadb_mutex_attr
= lck_attr_alloc_init();
624 lck_mtx_init(sadb_mutex
, sadb_mutex_grp
, sadb_mutex_attr
);
626 pfkey_stat_mutex_grp_attr
= lck_grp_attr_alloc_init();
627 pfkey_stat_mutex_grp
= lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr
);
628 pfkey_stat_mutex_attr
= lck_attr_alloc_init();
630 lck_mtx_init(pfkey_stat_mutex
, pfkey_stat_mutex_grp
, pfkey_stat_mutex_attr
);
632 for (i
= 0; i
< SPIHASHSIZE
; i
++)
633 LIST_INIT(&spihash
[i
]);
637 bzero((caddr_t
)&key_cb
, sizeof(key_cb
));
639 for (i
= 0; i
< IPSEC_DIR_MAX
; i
++) {
640 LIST_INIT(&sptree
[i
]);
642 ipsec_policy_count
= 0;
646 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
647 LIST_INIT(®tree
[i
]);
651 #ifndef IPSEC_NONBLOCK_ACQUIRE
654 LIST_INIT(&spacqtree
);
658 ip4_def_policy
.policy
= IPSEC_POLICY_NONE
;
659 ip4_def_policy
.refcnt
++; /*never reclaim this*/
662 ip6_def_policy
.policy
= IPSEC_POLICY_NONE
;
663 ip6_def_policy
.refcnt
++; /*never reclaim this*/
666 key_timehandler_running
= 0;
668 /* initialize key statistics */
669 keystat
.getspi_count
= 1;
672 printf("IPsec: Initialized Security Association Processing.\n");
677 key_start_timehandler(void)
679 /* must be called while locked */
680 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
681 if (key_timehandler_running
== 0) {
682 key_timehandler_running
= 1;
683 (void)timeout((void *)key_timehandler
, (void *)0, hz
);
686 /* Turn off the ipsec bypass */
687 if (ipsec_bypass
!= 0)
691 /* %%% IPsec policy management */
693 * allocating a SP for OUTBOUND or INBOUND packet.
694 * Must call key_freesp() later.
695 * OUT: NULL: not found
696 * others: found and return the pointer.
700 struct secpolicyindex
*spidx
,
703 struct secpolicy
*sp
;
706 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
709 panic("key_allocsp: NULL pointer is passed.\n");
711 /* check direction */
713 case IPSEC_DIR_INBOUND
:
714 case IPSEC_DIR_OUTBOUND
:
717 panic("key_allocsp: Invalid direction is passed.\n");
721 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
722 printf("*** objects\n");
723 kdebug_secpolicyindex(spidx
));
725 lck_mtx_lock(sadb_mutex
);
726 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
727 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
728 printf("*** in SPD\n");
729 kdebug_secpolicyindex(&sp
->spidx
));
731 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
734 /* If the policy is disabled, skip */
735 if (sp
->disabled
> 0)
738 /* If the incoming spidx specifies bound if,
739 ignore unbound policies*/
740 if (spidx
->internal_if
!= NULL
741 && (sp
->spidx
.internal_if
== NULL
|| sp
->ipsec_if
== NULL
))
744 if (key_cmpspidx_withmask(&sp
->spidx
, spidx
))
747 lck_mtx_unlock(sadb_mutex
);
752 /* found a SPD entry */
754 sp
->lastused
= tv
.tv_sec
;
756 lck_mtx_unlock(sadb_mutex
);
759 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp");
760 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
761 printf("DP key_allocsp cause refcnt++:%d SP:0x%llx\n",
762 sp
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sp
)));
767 * return a policy that matches this particular inbound packet.
772 struct sockaddr
*osrc
,
773 struct sockaddr
*odst
,
774 struct sockaddr
*isrc
,
775 struct sockaddr
*idst
)
777 struct secpolicy
*sp
;
778 const int dir
= IPSEC_DIR_INBOUND
;
780 struct ipsecrequest
*r1
, *r2
, *p
;
781 struct sockaddr
*os
, *od
, *is
, *id
;
782 struct secpolicyindex spidx
;
784 if (isrc
->sa_family
!= idst
->sa_family
) {
785 ipseclog((LOG_ERR
, "protocol family mismatched %d != %d\n.",
786 isrc
->sa_family
, idst
->sa_family
));
790 lck_mtx_lock(sadb_mutex
);
791 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
792 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
796 for (p
= sp
->req
; p
; p
= p
->next
) {
797 if (p
->saidx
.mode
!= IPSEC_MODE_TUNNEL
)
804 /* here we look at address matches only */
806 if (isrc
->sa_len
> sizeof(spidx
.src
) ||
807 idst
->sa_len
> sizeof(spidx
.dst
))
809 bcopy(isrc
, &spidx
.src
, isrc
->sa_len
);
810 bcopy(idst
, &spidx
.dst
, idst
->sa_len
);
811 if (!key_cmpspidx_withmask(&sp
->spidx
, &spidx
))
814 is
= (struct sockaddr
*)&r1
->saidx
.src
;
815 id
= (struct sockaddr
*)&r1
->saidx
.dst
;
816 if (key_sockaddrcmp(is
, isrc
, 0) ||
817 key_sockaddrcmp(id
, idst
, 0))
821 os
= (struct sockaddr
*)&r2
->saidx
.src
;
822 od
= (struct sockaddr
*)&r2
->saidx
.dst
;
823 if (key_sockaddrcmp(os
, osrc
, 0) ||
824 key_sockaddrcmp(od
, odst
, 0))
830 lck_mtx_unlock(sadb_mutex
);
835 sp
->lastused
= tv
.tv_sec
;
837 lck_mtx_unlock(sadb_mutex
);
841 struct secasvar
*key_alloc_outbound_sav_for_interface(ifnet_t interface
, int family
)
843 struct secashead
*sah
;
844 struct secasvar
*sav
;
847 const u_int
*saorder_state_valid
;
849 struct sockaddr_in
*sin
;
852 if (interface
== NULL
)
855 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
857 lck_mtx_lock(sadb_mutex
);
859 LIST_FOREACH(sah
, &sahtree
, chain
) {
860 if (sah
->ipsec_if
== interface
&&
861 (family
== AF_INET6
|| family
== AF_INET
) &&
862 sah
->dir
== IPSEC_DIR_OUTBOUND
) {
863 /* This SAH is linked to the IPSec interface, and the right family. We found it! */
864 if (key_preferred_oldsa
) {
865 saorder_state_valid
= saorder_state_valid_prefer_old
;
866 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
868 saorder_state_valid
= saorder_state_valid_prefer_new
;
869 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
872 sin
= (struct sockaddr_in
*)&sah
->saidx
.dst
;
873 dstport
= sin
->sin_port
;
874 if (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
)
875 sin
->sin_port
= IPSEC_PORT_ANY
;
877 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
878 state
= saorder_state_valid
[stateidx
];
879 sav
= key_do_allocsa_policy(sah
, state
, dstport
);
881 lck_mtx_unlock(sadb_mutex
);
890 lck_mtx_unlock(sadb_mutex
);
895 * allocating an SA entry for an *OUTBOUND* packet.
896 * checking each request entries in SP, and acquire an SA if need.
897 * OUT: 0: there are valid requests.
898 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
902 struct ipsecrequest
*isr
,
903 struct secasindex
*saidx
,
904 struct secasvar
**sav
)
908 struct sockaddr_in
*sin
;
910 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
915 if (isr
== NULL
|| saidx
== NULL
)
916 panic("key_checkrequest: NULL pointer is passed.\n");
919 switch (saidx
->mode
) {
920 case IPSEC_MODE_TRANSPORT
:
921 case IPSEC_MODE_TUNNEL
:
925 panic("key_checkrequest: Invalid policy defined.\n");
928 /* get current level */
929 level
= ipsec_get_reqlevel(isr
);
933 * key_allocsa_policy should allocate the oldest SA available.
934 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
937 *sav
= key_allocsa_policy(saidx
);
939 /* When there is SA. */
945 * Remove dst port - used for special natt support - don't call
946 * key_acquire with it.
948 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
) {
949 sin
= (struct sockaddr_in
*)&saidx
->dst
;
950 sin
->sin_port
= IPSEC_PORT_ANY
;
952 if ((error
= key_acquire(saidx
, isr
->sp
)) != 0) {
953 /* XXX What should I do ? */
954 ipseclog((LOG_DEBUG
, "key_checkrequest: error %d returned "
955 "from key_acquire.\n", error
));
959 return level
== IPSEC_LEVEL_REQUIRE
? ENOENT
: 0;
963 * allocating a SA for policy entry from SAD.
964 * NOTE: searching SAD of aliving state.
965 * OUT: NULL: not found.
966 * others: found and return the pointer.
968 u_int32_t sah_search_calls
= 0;
969 u_int32_t sah_search_count
= 0;
972 struct secasindex
*saidx
)
974 struct secashead
*sah
;
975 struct secasvar
*sav
;
976 u_int stateidx
, state
;
977 const u_int
*saorder_state_valid
;
979 struct sockaddr_in
*sin
;
982 lck_mtx_lock(sadb_mutex
);
984 LIST_FOREACH(sah
, &sahtree
, chain
) {
986 if (sah
->state
== SADB_SASTATE_DEAD
)
988 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_MODE
| CMP_REQID
))
991 lck_mtx_unlock(sadb_mutex
);
997 * search a valid state list for outbound packet.
998 * This search order is important.
1000 if (key_preferred_oldsa
) {
1001 saorder_state_valid
= saorder_state_valid_prefer_old
;
1002 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1004 saorder_state_valid
= saorder_state_valid_prefer_new
;
1005 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1009 sin
= (struct sockaddr_in
*)&saidx
->dst
;
1010 dstport
= sin
->sin_port
;
1011 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
)
1012 sin
->sin_port
= IPSEC_PORT_ANY
;
1014 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
1016 state
= saorder_state_valid
[stateidx
];
1018 sav
= key_do_allocsa_policy(sah
, state
, dstport
);
1020 lck_mtx_unlock(sadb_mutex
);
1024 lck_mtx_unlock(sadb_mutex
);
1029 key_send_delete (struct secasvar
*sav
)
1031 struct mbuf
*m
, *result
;
1034 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
1036 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
1037 panic("key_do_allocsa_policy: invalid proto is passed.\n");
1039 m
= key_setsadbmsg(SADB_DELETE
, 0,
1040 satype
, 0, 0, sav
->refcnt
- 1);
1045 /* set sadb_address for saidx's. */
1046 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
1047 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
1048 sav
->sah
->saidx
.src
.ss_len
<< 3,
1054 /* set sadb_address for saidx's. */
1055 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
1056 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
1057 sav
->sah
->saidx
.src
.ss_len
<< 3,
1063 /* create SA extension */
1064 m
= key_setsadbsa(sav
);
1069 if (result
->m_len
< sizeof(struct sadb_msg
)) {
1070 result
= m_pullup(result
,
1071 sizeof(struct sadb_msg
));
1076 result
->m_pkthdr
.len
= 0;
1077 for (m
= result
; m
; m
= m
->m_next
)
1078 result
->m_pkthdr
.len
+= m
->m_len
;
1079 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
1080 PFKEY_UNIT64(result
->m_pkthdr
.len
);
1082 if (key_sendup_mbuf(NULL
, result
,
1083 KEY_SENDUP_REGISTERED
))
1086 key_freesav(sav
, KEY_SADB_LOCKED
);
1090 * searching SAD with direction, protocol, mode and state.
1091 * called by key_allocsa_policy().
1094 * others : found, pointer to a SA.
1096 static struct secasvar
*
1097 key_do_allocsa_policy(
1098 struct secashead
*sah
,
1102 struct secasvar
*sav
, *nextsav
, *candidate
, *natt_candidate
, *no_natt_candidate
, *d
;
1104 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1108 natt_candidate
= NULL
;
1109 no_natt_candidate
= NULL
;
1111 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
1115 nextsav
= LIST_NEXT(sav
, chain
);
1118 KEY_CHKSASTATE(sav
->state
, state
, "key_do_allocsa_policy");
1120 if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
&&
1121 ((sav
->flags
& SADB_X_EXT_NATT
) != 0) &&
1122 ntohs(dstport
) != sav
->remote_ike_port
)
1125 if (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
1126 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0) &&
1127 ntohs(dstport
) != sav
->remote_ike_port
)
1128 continue; /* skip this one - not a match - or not UDP */
1130 if ((sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&&
1131 ((sav
->flags
& SADB_X_EXT_NATT
) != 0)) ||
1132 (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
1133 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0))) {
1134 if (natt_candidate
== NULL
) {
1135 natt_candidate
= sav
;
1138 candidate
= natt_candidate
;
1140 if (no_natt_candidate
== NULL
) {
1141 no_natt_candidate
= sav
;
1144 candidate
= no_natt_candidate
;
1147 /* Which SA is the better ? */
1149 /* sanity check 2 */
1150 if (candidate
->lft_c
== NULL
|| sav
->lft_c
== NULL
)
1151 panic("key_do_allocsa_policy: "
1152 "lifetime_current is NULL.\n");
1154 /* What the best method is to compare ? */
1155 if (key_preferred_oldsa
) {
1156 if (candidate
->lft_c
->sadb_lifetime_addtime
>
1157 sav
->lft_c
->sadb_lifetime_addtime
) {
1158 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
1159 natt_candidate
= sav
;
1161 no_natt_candidate
= sav
;
1167 /* prefered new sa rather than old sa */
1168 if (candidate
->lft_c
->sadb_lifetime_addtime
<
1169 sav
->lft_c
->sadb_lifetime_addtime
) {
1171 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
1172 natt_candidate
= sav
;
1174 no_natt_candidate
= sav
;
1179 * prepared to delete the SA when there is more
1180 * suitable candidate and the lifetime of the SA is not
1183 if (d
->lft_c
->sadb_lifetime_addtime
!= 0) {
1188 /* choose latest if both types present */
1189 if (natt_candidate
== NULL
)
1190 candidate
= no_natt_candidate
;
1191 else if (no_natt_candidate
== NULL
)
1192 candidate
= natt_candidate
;
1193 else if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
)
1194 candidate
= natt_candidate
;
1195 else if (natt_candidate
->lft_c
->sadb_lifetime_addtime
>
1196 no_natt_candidate
->lft_c
->sadb_lifetime_addtime
)
1197 candidate
= natt_candidate
;
1199 candidate
= no_natt_candidate
;
1202 candidate
->refcnt
++;
1203 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1204 printf("DP allocsa_policy cause "
1205 "refcnt++:%d SA:0x%llx\n", candidate
->refcnt
,
1206 (uint64_t)VM_KERNEL_ADDRPERM(candidate
)));
1212 * allocating a SA entry for a *INBOUND* packet.
1213 * Must call key_freesav() later.
1214 * OUT: positive: pointer to a sav.
1215 * NULL: not found, or error occurred.
1217 * In the comparison, source address will be ignored for RFC2401 conformance.
1218 * To quote, from section 4.1:
1219 * A security association is uniquely identified by a triple consisting
1220 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1221 * security protocol (AH or ESP) identifier.
1222 * Note that, however, we do need to keep source address in IPsec SA.
1223 * IKE specification and PF_KEY specification do assume that we
1224 * keep source address in IPsec SA. We see a tricky situation here.
1234 struct secasvar
*sav
, *match
;
1235 u_int stateidx
, state
, tmpidx
, matchidx
;
1236 struct sockaddr_in sin
;
1237 struct sockaddr_in6 sin6
;
1238 const u_int
*saorder_state_valid
;
1241 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1244 if (src
== NULL
|| dst
== NULL
)
1245 panic("key_allocsa: NULL pointer is passed.\n");
1248 * when both systems employ similar strategy to use a SA.
1249 * the search order is important even in the inbound case.
1251 if (key_preferred_oldsa
) {
1252 saorder_state_valid
= saorder_state_valid_prefer_old
;
1253 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1255 saorder_state_valid
= saorder_state_valid_prefer_new
;
1256 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1261 * XXX: to be checked internal IP header somewhere. Also when
1262 * IPsec tunnel packet is received. But ESP tunnel mode is
1263 * encrypted so we can't check internal IP header.
1266 * search a valid state list for inbound packet.
1267 * the search order is not important.
1270 matchidx
= arraysize
;
1271 lck_mtx_lock(sadb_mutex
);
1272 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
1273 if (sav
->spi
!= spi
)
1275 if (proto
!= sav
->sah
->saidx
.proto
)
1277 if (family
!= sav
->sah
->saidx
.src
.ss_family
||
1278 family
!= sav
->sah
->saidx
.dst
.ss_family
)
1281 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
1282 state
= saorder_state_valid
[stateidx
];
1283 if (sav
->state
== state
) {
1288 if (tmpidx
>= matchidx
)
1291 #if 0 /* don't check src */
1292 /* check src address */
1295 bzero(&sin
, sizeof(sin
));
1296 sin
.sin_family
= AF_INET
;
1297 sin
.sin_len
= sizeof(sin
);
1298 bcopy(src
, &sin
.sin_addr
,
1299 sizeof(sin
.sin_addr
));
1300 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1301 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1305 bzero(&sin6
, sizeof(sin6
));
1306 sin6
.sin6_family
= AF_INET6
;
1307 sin6
.sin6_len
= sizeof(sin6
);
1308 bcopy(src
, &sin6
.sin6_addr
,
1309 sizeof(sin6
.sin6_addr
));
1310 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1311 /* kame fake scopeid */
1312 sin6
.sin6_scope_id
=
1313 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1314 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1316 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1317 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1321 ipseclog((LOG_DEBUG
, "key_allocsa: "
1322 "unknown address family=%d.\n",
1328 /* check dst address */
1331 bzero(&sin
, sizeof(sin
));
1332 sin
.sin_family
= AF_INET
;
1333 sin
.sin_len
= sizeof(sin
);
1334 bcopy(dst
, &sin
.sin_addr
,
1335 sizeof(sin
.sin_addr
));
1336 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1337 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1342 bzero(&sin6
, sizeof(sin6
));
1343 sin6
.sin6_family
= AF_INET6
;
1344 sin6
.sin6_len
= sizeof(sin6
);
1345 bcopy(dst
, &sin6
.sin6_addr
,
1346 sizeof(sin6
.sin6_addr
));
1347 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1348 /* kame fake scopeid */
1349 sin6
.sin6_scope_id
=
1350 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1351 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1353 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1354 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1358 ipseclog((LOG_DEBUG
, "key_allocsa: "
1359 "unknown address family=%d.\n", family
));
1370 lck_mtx_unlock(sadb_mutex
);
1375 lck_mtx_unlock(sadb_mutex
);
1376 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1377 printf("DP allocsa cause refcnt++:%d SA:0x%llx\n",
1378 match
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(match
)));
1383 key_natt_get_translated_port(
1384 struct secasvar
*outsav
)
1387 struct secasindex saidx
;
1388 struct secashead
*sah
;
1389 u_int stateidx
, state
;
1390 const u_int
*saorder_state_valid
;
1393 /* get sa for incoming */
1394 saidx
.mode
= outsav
->sah
->saidx
.mode
;
1396 saidx
.proto
= outsav
->sah
->saidx
.proto
;
1397 bcopy(&outsav
->sah
->saidx
.src
, &saidx
.dst
, sizeof(struct sockaddr_in
));
1398 bcopy(&outsav
->sah
->saidx
.dst
, &saidx
.src
, sizeof(struct sockaddr_in
));
1400 lck_mtx_lock(sadb_mutex
);
1401 LIST_FOREACH(sah
, &sahtree
, chain
) {
1402 if (sah
->state
== SADB_SASTATE_DEAD
)
1404 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
))
1407 lck_mtx_unlock(sadb_mutex
);
1412 * Found sah - now go thru list of SAs and find
1413 * matching remote ike port. If found - set
1414 * sav->natt_encapsulated_src_port and return the port.
1417 * search a valid state list for outbound packet.
1418 * This search order is important.
1420 if (key_preferred_oldsa
) {
1421 saorder_state_valid
= saorder_state_valid_prefer_old
;
1422 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1424 saorder_state_valid
= saorder_state_valid_prefer_new
;
1425 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1428 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
1429 state
= saorder_state_valid
[stateidx
];
1430 if (key_do_get_translated_port(sah
, outsav
, state
)) {
1431 lck_mtx_unlock(sadb_mutex
);
1432 return outsav
->natt_encapsulated_src_port
;
1435 lck_mtx_unlock(sadb_mutex
);
1440 key_do_get_translated_port(
1441 struct secashead
*sah
,
1442 struct secasvar
*outsav
,
1445 struct secasvar
*currsav
, *nextsav
, *candidate
;
1448 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1453 for (currsav
= LIST_FIRST(&sah
->savtree
[state
]);
1455 currsav
= nextsav
) {
1457 nextsav
= LIST_NEXT(currsav
, chain
);
1460 KEY_CHKSASTATE(currsav
->state
, state
, "key_do_get_translated_port");
1462 if ((currsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) == 0 ||
1463 currsav
->remote_ike_port
!= outsav
->remote_ike_port
)
1466 if (candidate
== NULL
) {
1467 candidate
= currsav
;
1471 /* Which SA is the better ? */
1473 /* sanity check 2 */
1474 if (candidate
->lft_c
== NULL
|| currsav
->lft_c
== NULL
)
1475 panic("key_do_get_translated_port: "
1476 "lifetime_current is NULL.\n");
1478 /* What the best method is to compare ? */
1479 if (key_preferred_oldsa
) {
1480 if (candidate
->lft_c
->sadb_lifetime_addtime
>
1481 currsav
->lft_c
->sadb_lifetime_addtime
) {
1482 candidate
= currsav
;
1488 /* prefered new sa rather than old sa */
1489 if (candidate
->lft_c
->sadb_lifetime_addtime
<
1490 currsav
->lft_c
->sadb_lifetime_addtime
)
1491 candidate
= currsav
;
1495 outsav
->natt_encapsulated_src_port
= candidate
->natt_encapsulated_src_port
;
1503 * Must be called after calling key_allocsp().
1507 struct secpolicy
*sp
,
1513 panic("key_freesp: NULL pointer is passed.\n");
1516 lck_mtx_lock(sadb_mutex
);
1518 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1520 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1521 printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
1522 sp
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sp
)));
1524 if (sp
->refcnt
== 0)
1527 lck_mtx_unlock(sadb_mutex
);
1532 * Must be called after calling key_allocsa().
1533 * This function is called by key_freesp() to free some SA allocated
1538 struct secasvar
*sav
,
1544 panic("key_freesav: NULL pointer is passed.\n");
1547 lck_mtx_lock(sadb_mutex
);
1549 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1551 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1552 printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
1553 sav
->refcnt
, (uint64_t)VM_KERNEL_ADDRPERM(sav
),
1554 (u_int32_t
)ntohl(sav
->spi
)));
1556 if (sav
->refcnt
== 0)
1559 lck_mtx_unlock(sadb_mutex
);
1563 /* %%% SPD management */
1565 * free security policy entry.
1569 struct secpolicy
*sp
)
1574 panic("key_delsp: NULL pointer is passed.\n");
1576 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1577 sp
->state
= IPSEC_SPSTATE_DEAD
;
1580 return; /* can't free */
1582 /* remove from SP index */
1583 if (__LIST_CHAINED(sp
)) {
1584 LIST_REMOVE(sp
, chain
);
1585 ipsec_policy_count
--;
1588 if (sp
->spidx
.internal_if
) {
1589 ifnet_release(sp
->spidx
.internal_if
);
1590 sp
->spidx
.internal_if
= NULL
;
1594 ifnet_release(sp
->ipsec_if
);
1595 sp
->ipsec_if
= NULL
;
1598 if (sp
->outgoing_if
) {
1599 ifnet_release(sp
->outgoing_if
);
1600 sp
->outgoing_if
= NULL
;
1604 struct ipsecrequest
*isr
= sp
->req
, *nextisr
;
1606 while (isr
!= NULL
) {
1607 nextisr
= isr
->next
;
1612 keydb_delsecpolicy(sp
);
1619 * OUT: NULL : not found
1620 * others : found, pointer to a SP.
1622 static struct secpolicy
*
1624 struct secpolicyindex
*spidx
)
1626 struct secpolicy
*sp
;
1628 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1632 panic("key_getsp: NULL pointer is passed.\n");
1634 LIST_FOREACH(sp
, &sptree
[spidx
->dir
], chain
) {
1635 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1637 if (key_cmpspidx_exactly(spidx
, &sp
->spidx
)) {
1648 * OUT: NULL : not found
1649 * others : found, pointer to a SP.
1655 struct secpolicy
*sp
;
1657 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1659 lck_mtx_lock(sadb_mutex
);
1660 sp
= __key_getspbyid(id
);
1661 lck_mtx_unlock(sadb_mutex
);
1666 static struct secpolicy
*
1667 __key_getspbyid(u_int32_t id
)
1669 struct secpolicy
*sp
;
1671 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1673 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_INBOUND
], chain
) {
1674 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1682 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_OUTBOUND
], chain
) {
1683 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1697 struct secpolicy
*newsp
= NULL
;
1699 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1700 newsp
= keydb_newsecpolicy();
1711 * create secpolicy structure from sadb_x_policy structure.
1712 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1713 * so must be set properly later.
1717 struct sadb_x_policy
*xpl0
,
1721 struct secpolicy
*newsp
;
1723 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1727 panic("key_msg2sp: NULL pointer was passed.\n");
1728 if (len
< sizeof(*xpl0
))
1729 panic("key_msg2sp: invalid length.\n");
1730 if (len
!= PFKEY_EXTLEN(xpl0
)) {
1731 ipseclog((LOG_DEBUG
, "key_msg2sp: Invalid msg length.\n"));
1736 if ((newsp
= key_newsp()) == NULL
) {
1741 newsp
->spidx
.dir
= xpl0
->sadb_x_policy_dir
;
1742 newsp
->policy
= xpl0
->sadb_x_policy_type
;
1745 switch (xpl0
->sadb_x_policy_type
) {
1746 case IPSEC_POLICY_DISCARD
:
1747 case IPSEC_POLICY_GENERATE
:
1748 case IPSEC_POLICY_NONE
:
1749 case IPSEC_POLICY_ENTRUST
:
1750 case IPSEC_POLICY_BYPASS
:
1754 case IPSEC_POLICY_IPSEC
:
1757 struct sadb_x_ipsecrequest
*xisr
;
1758 struct ipsecrequest
**p_isr
= &newsp
->req
;
1760 /* validity check */
1761 if (PFKEY_EXTLEN(xpl0
) < sizeof(*xpl0
)) {
1762 ipseclog((LOG_DEBUG
,
1763 "key_msg2sp: Invalid msg length.\n"));
1764 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1769 tlen
= PFKEY_EXTLEN(xpl0
) - sizeof(*xpl0
);
1770 xisr
= (struct sadb_x_ipsecrequest
*)(xpl0
+ 1);
1775 if (xisr
->sadb_x_ipsecrequest_len
< sizeof(*xisr
)) {
1776 ipseclog((LOG_DEBUG
, "key_msg2sp: "
1777 "invalid ipsecrequest length.\n"));
1778 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1783 /* allocate request buffer */
1784 KMALLOC_WAIT(*p_isr
, struct ipsecrequest
*, sizeof(**p_isr
));
1785 if ((*p_isr
) == NULL
) {
1786 ipseclog((LOG_DEBUG
,
1787 "key_msg2sp: No more memory.\n"));
1788 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1792 bzero(*p_isr
, sizeof(**p_isr
));
1795 (*p_isr
)->next
= NULL
;
1797 switch (xisr
->sadb_x_ipsecrequest_proto
) {
1800 case IPPROTO_IPCOMP
:
1803 ipseclog((LOG_DEBUG
,
1804 "key_msg2sp: invalid proto type=%u\n",
1805 xisr
->sadb_x_ipsecrequest_proto
));
1806 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1807 *error
= EPROTONOSUPPORT
;
1810 (*p_isr
)->saidx
.proto
= xisr
->sadb_x_ipsecrequest_proto
;
1812 switch (xisr
->sadb_x_ipsecrequest_mode
) {
1813 case IPSEC_MODE_TRANSPORT
:
1814 case IPSEC_MODE_TUNNEL
:
1816 case IPSEC_MODE_ANY
:
1818 ipseclog((LOG_DEBUG
,
1819 "key_msg2sp: invalid mode=%u\n",
1820 xisr
->sadb_x_ipsecrequest_mode
));
1821 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1825 (*p_isr
)->saidx
.mode
= xisr
->sadb_x_ipsecrequest_mode
;
1827 switch (xisr
->sadb_x_ipsecrequest_level
) {
1828 case IPSEC_LEVEL_DEFAULT
:
1829 case IPSEC_LEVEL_USE
:
1830 case IPSEC_LEVEL_REQUIRE
:
1832 case IPSEC_LEVEL_UNIQUE
:
1833 /* validity check */
1835 * If range violation of reqid, kernel will
1836 * update it, don't refuse it.
1838 if (xisr
->sadb_x_ipsecrequest_reqid
1839 > IPSEC_MANUAL_REQID_MAX
) {
1840 ipseclog((LOG_DEBUG
,
1841 "key_msg2sp: reqid=%d range "
1842 "violation, updated by kernel.\n",
1843 xisr
->sadb_x_ipsecrequest_reqid
));
1844 xisr
->sadb_x_ipsecrequest_reqid
= 0;
1847 /* allocate new reqid id if reqid is zero. */
1848 if (xisr
->sadb_x_ipsecrequest_reqid
== 0) {
1850 if ((reqid
= key_newreqid()) == 0) {
1851 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1855 (*p_isr
)->saidx
.reqid
= reqid
;
1856 xisr
->sadb_x_ipsecrequest_reqid
= reqid
;
1858 /* set it for manual keying. */
1859 (*p_isr
)->saidx
.reqid
=
1860 xisr
->sadb_x_ipsecrequest_reqid
;
1865 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid level=%u\n",
1866 xisr
->sadb_x_ipsecrequest_level
));
1867 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1871 (*p_isr
)->level
= xisr
->sadb_x_ipsecrequest_level
;
1873 /* set IP addresses if there */
1874 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
1875 struct sockaddr
*paddr
;
1877 paddr
= (struct sockaddr
*)(xisr
+ 1);
1879 /* validity check */
1881 > sizeof((*p_isr
)->saidx
.src
)) {
1882 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1883 "address length.\n"));
1884 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1888 bcopy(paddr
, &(*p_isr
)->saidx
.src
,
1891 paddr
= (struct sockaddr
*)((caddr_t
)paddr
1894 /* validity check */
1896 > sizeof((*p_isr
)->saidx
.dst
)) {
1897 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1898 "address length.\n"));
1899 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1903 bcopy(paddr
, &(*p_isr
)->saidx
.dst
,
1907 (*p_isr
)->sp
= newsp
;
1909 /* initialization for the next. */
1910 p_isr
= &(*p_isr
)->next
;
1911 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
1913 /* validity check */
1915 ipseclog((LOG_DEBUG
, "key_msg2sp: becoming tlen < 0.\n"));
1916 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1921 xisr
= (struct sadb_x_ipsecrequest
*)(void *)
1922 ((caddr_t
)xisr
+ xisr
->sadb_x_ipsecrequest_len
);
1927 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid policy type.\n"));
1928 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1940 lck_mtx_lock(sadb_mutex
);
1941 static u_int32_t auto_reqid
= IPSEC_MANUAL_REQID_MAX
+ 1;
1944 /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
1945 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
1946 work anymore. Changing the PF_KEY message format would introduce compatibility
1947 issues. This code now tests to see if the tentative reqid is in use */
1950 struct secpolicy
*sp
;
1951 struct ipsecrequest
*isr
;
1954 auto_reqid
= (auto_reqid
== 0xFFFF
1955 ? IPSEC_MANUAL_REQID_MAX
+ 1 : auto_reqid
+ 1);
1957 /* check for uniqueness */
1959 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
1960 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
1961 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
1962 if (isr
->saidx
.reqid
== auto_reqid
) {
1975 lck_mtx_unlock(sadb_mutex
);
1980 * copy secpolicy struct to sadb_x_policy structure indicated.
1984 struct secpolicy
*sp
)
1986 struct sadb_x_policy
*xpl
;
1993 panic("key_sp2msg: NULL pointer was passed.\n");
1995 tlen
= key_getspreqmsglen(sp
);
1997 m
= key_alloc_mbuf(tlen
);
1998 if (!m
|| m
->m_next
) { /*XXX*/
2006 xpl
= mtod(m
, struct sadb_x_policy
*);
2009 xpl
->sadb_x_policy_len
= PFKEY_UNIT64(tlen
);
2010 xpl
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
2011 xpl
->sadb_x_policy_type
= sp
->policy
;
2012 xpl
->sadb_x_policy_dir
= sp
->spidx
.dir
;
2013 xpl
->sadb_x_policy_id
= sp
->id
;
2014 p
= (caddr_t
)xpl
+ sizeof(*xpl
);
2016 /* if is the policy for ipsec ? */
2017 if (sp
->policy
== IPSEC_POLICY_IPSEC
) {
2018 struct sadb_x_ipsecrequest
*xisr
;
2019 struct ipsecrequest
*isr
;
2021 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
2023 xisr
= (struct sadb_x_ipsecrequest
*)(void *)p
;
2025 xisr
->sadb_x_ipsecrequest_proto
= isr
->saidx
.proto
;
2026 xisr
->sadb_x_ipsecrequest_mode
= isr
->saidx
.mode
;
2027 xisr
->sadb_x_ipsecrequest_level
= isr
->level
;
2028 xisr
->sadb_x_ipsecrequest_reqid
= isr
->saidx
.reqid
;
2031 bcopy(&isr
->saidx
.src
, p
, isr
->saidx
.src
.ss_len
);
2032 p
+= isr
->saidx
.src
.ss_len
;
2033 bcopy(&isr
->saidx
.dst
, p
, isr
->saidx
.dst
.ss_len
);
2034 p
+= isr
->saidx
.src
.ss_len
;
2036 xisr
->sadb_x_ipsecrequest_len
=
2037 PFKEY_ALIGN8(sizeof(*xisr
)
2038 + isr
->saidx
.src
.ss_len
2039 + isr
->saidx
.dst
.ss_len
);
2046 /* m will not be freed nor modified */
2047 static struct mbuf
*
2048 key_gather_mbuf(struct mbuf
*m
, const struct sadb_msghdr
*mhp
,
2049 int ndeep
, int nitem
, int *items
)
2053 struct mbuf
*result
= NULL
, *n
;
2056 if (m
== NULL
|| mhp
== NULL
)
2057 panic("null pointer passed to key_gather");
2059 for (i
= 0; i
< nitem
; i
++) {
2061 if (idx
< 0 || idx
> SADB_EXT_MAX
)
2063 /* don't attempt to pull empty extension */
2064 if (idx
== SADB_EXT_RESERVED
&& mhp
->msg
== NULL
)
2066 if (idx
!= SADB_EXT_RESERVED
&&
2067 (mhp
->ext
[idx
] == NULL
|| mhp
->extlen
[idx
] == 0))
2070 if (idx
== SADB_EXT_RESERVED
) {
2071 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2072 MGETHDR(n
, M_WAITOK
, MT_DATA
); // sadb_msg len < MHLEN - enforced by _CASSERT
2077 m_copydata(m
, 0, sizeof(struct sadb_msg
),
2079 } else if (i
< ndeep
) {
2080 len
= mhp
->extlen
[idx
];
2081 n
= key_alloc_mbuf(len
);
2082 if (!n
|| n
->m_next
) { /*XXX*/
2087 m_copydata(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
2090 n
= m_copym(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
2102 if ((result
->m_flags
& M_PKTHDR
) != 0) {
2103 result
->m_pkthdr
.len
= 0;
2104 for (n
= result
; n
; n
= n
->m_next
)
2105 result
->m_pkthdr
.len
+= n
->m_len
;
2116 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2117 * add a entry to SP database, when received
2118 * <base, address(SD), (lifetime(H),) policy>
2120 * Adding to SP database,
2122 * <base, address(SD), (lifetime(H),) policy>
2123 * to the socket which was send.
2125 * SPDADD set a unique policy entry.
2126 * SPDSETIDX like SPDADD without a part of policy requests.
2127 * SPDUPDATE replace a unique policy entry.
2129 * m will always be freed.
2135 const struct sadb_msghdr
*mhp
)
2137 struct sadb_address
*src0
, *dst0
, *src1
, *dst1
;
2138 struct sadb_x_policy
*xpl0
, *xpl
;
2139 struct sadb_lifetime
*lft
= NULL
;
2140 struct secpolicyindex spidx
;
2141 struct secpolicy
*newsp
;
2143 ifnet_t internal_if
= NULL
;
2144 char *outgoing_if
= NULL
;
2145 char *ipsec_if
= NULL
;
2146 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
2148 int use_src_range
= 0;
2149 int use_dst_range
= 0;
2150 int init_disabled
= 0;
2151 int address_family
, address_len
;
2153 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2156 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2157 panic("key_spdadd: NULL pointer is passed.\n");
2159 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
] != NULL
) {
2162 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
] != NULL
) {
2166 if ((!use_src_range
&& mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
) ||
2167 (!use_dst_range
&& mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) ||
2168 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
2169 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2170 return key_senderror(so
, m
, EINVAL
);
2172 if ((use_src_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_START
] < sizeof(struct sadb_address
)
2173 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_END
] < sizeof(struct sadb_address
))) ||
2174 (!use_src_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
)) ||
2175 (use_dst_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_START
] < sizeof(struct sadb_address
)
2176 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_END
] < sizeof(struct sadb_address
))) ||
2177 (!use_dst_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) ||
2178 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2179 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2180 return key_senderror(so
, m
, EINVAL
);
2182 if (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
) {
2183 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
]
2184 < sizeof(struct sadb_lifetime
)) {
2185 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2186 return key_senderror(so
, m
, EINVAL
);
2188 lft
= (struct sadb_lifetime
*)
2189 (void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
2191 if (mhp
->ext
[SADB_X_EXT_IPSECIF
] != NULL
) {
2192 if (mhp
->extlen
[SADB_X_EXT_IPSECIF
] < sizeof(struct sadb_x_ipsecif
)) {
2193 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2194 return key_senderror(so
, m
, EINVAL
);
2198 if (use_src_range
) {
2199 src0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
];
2200 src1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
];
2202 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2204 if (use_dst_range
) {
2205 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
];
2206 dst1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
];
2208 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2210 xpl0
= (struct sadb_x_policy
*)(void *)mhp
->ext
[SADB_X_EXT_POLICY
];
2211 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[SADB_X_EXT_IPSECIF
];
2213 /* check addresses */
2214 address_family
= ((struct sockaddr
*)(src0
+ 1))->sa_family
;
2215 address_len
= ((struct sockaddr
*)(src0
+ 1))->sa_len
;
2216 if (use_src_range
) {
2217 if (((struct sockaddr
*)(src1
+ 1))->sa_family
!= address_family
||
2218 ((struct sockaddr
*)(src1
+ 1))->sa_len
!= address_len
) {
2219 return key_senderror(so
, m
, EINVAL
);
2222 if (((struct sockaddr
*)(dst0
+ 1))->sa_family
!= address_family
||
2223 ((struct sockaddr
*)(dst0
+ 1))->sa_len
!= address_len
) {
2224 return key_senderror(so
, m
, EINVAL
);
2226 if (use_dst_range
) {
2227 if (((struct sockaddr
*)(dst1
+ 1))->sa_family
!= address_family
||
2228 ((struct sockaddr
*)(dst1
+ 1))->sa_len
!= address_len
) {
2229 return key_senderror(so
, m
, EINVAL
);
2233 /* checking the direction. */
2234 switch (xpl0
->sadb_x_policy_dir
) {
2235 case IPSEC_DIR_INBOUND
:
2236 case IPSEC_DIR_OUTBOUND
:
2239 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid SP direction.\n"));
2240 mhp
->msg
->sadb_msg_errno
= EINVAL
;
2245 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2246 if (xpl0
->sadb_x_policy_type
== IPSEC_POLICY_ENTRUST
2247 || xpl0
->sadb_x_policy_type
== IPSEC_POLICY_BYPASS
) {
2248 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid policy type.\n"));
2249 return key_senderror(so
, m
, EINVAL
);
2252 /* policy requests are mandatory when action is ipsec. */
2253 if (mhp
->msg
->sadb_msg_type
!= SADB_X_SPDSETIDX
2254 && xpl0
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
2255 && mhp
->extlen
[SADB_X_EXT_POLICY
] <= sizeof(*xpl0
)) {
2256 ipseclog((LOG_DEBUG
, "key_spdadd: some policy requests part required.\n"));
2257 return key_senderror(so
, m
, EINVAL
);
2260 /* Process interfaces */
2261 if (ipsecifopts
!= NULL
) {
2262 if (ipsecifopts
->sadb_x_ipsecif_internal_if
[0]) {
2263 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_internal_if
, &internal_if
);
2265 if (ipsecifopts
->sadb_x_ipsecif_outgoing_if
[0]) {
2266 outgoing_if
= ipsecifopts
->sadb_x_ipsecif_outgoing_if
;
2268 if (ipsecifopts
->sadb_x_ipsecif_ipsec_if
[0]) {
2269 ipsec_if
= ipsecifopts
->sadb_x_ipsecif_ipsec_if
;
2271 init_disabled
= ipsecifopts
->sadb_x_ipsecif_init_disabled
;
2275 /* XXX boundary check against sa_len */
2276 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2279 src0
->sadb_address_prefixlen
,
2280 dst0
->sadb_address_prefixlen
,
2281 src0
->sadb_address_proto
,
2283 use_src_range
? src0
+ 1 : NULL
,
2284 use_src_range
? src1
+ 1 : NULL
,
2285 use_dst_range
? dst0
+ 1 : NULL
,
2286 use_dst_range
? dst1
+ 1 : NULL
,
2290 * checking there is SP already or not.
2291 * SPDUPDATE doesn't depend on whether there is a SP or not.
2292 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2295 lck_mtx_lock(sadb_mutex
);
2296 newsp
= key_getsp(&spidx
);
2297 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2299 newsp
->state
= IPSEC_SPSTATE_DEAD
;
2300 key_freesp(newsp
, KEY_SADB_LOCKED
);
2303 if (newsp
!= NULL
) {
2304 key_freesp(newsp
, KEY_SADB_LOCKED
);
2305 ipseclog((LOG_DEBUG
, "key_spdadd: a SP entry exists already.\n"));
2306 lck_mtx_unlock(sadb_mutex
);
2308 ifnet_release(internal_if
);
2311 return key_senderror(so
, m
, EEXIST
);
2314 lck_mtx_unlock(sadb_mutex
);
2316 /* allocation new SP entry */
2317 if ((newsp
= key_msg2sp(xpl0
, PFKEY_EXTLEN(xpl0
), &error
)) == NULL
) {
2319 ifnet_release(internal_if
);
2322 return key_senderror(so
, m
, error
);
2325 if ((newsp
->id
= key_getnewspid()) == 0) {
2326 keydb_delsecpolicy(newsp
);
2328 ifnet_release(internal_if
);
2331 return key_senderror(so
, m
, ENOBUFS
);
2334 /* XXX boundary check against sa_len */
2335 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2338 src0
->sadb_address_prefixlen
,
2339 dst0
->sadb_address_prefixlen
,
2340 src0
->sadb_address_proto
,
2342 use_src_range
? src0
+ 1 : NULL
,
2343 use_src_range
? src1
+ 1 : NULL
,
2344 use_dst_range
? dst0
+ 1 : NULL
,
2345 use_dst_range
? dst1
+ 1 : NULL
,
2350 * allow IPv6 over IPv4 or IPv4 over IPv6 tunnels using ESP -
2351 * otherwise reject if inner and outer address families not equal
2353 if (newsp
->req
&& newsp
->req
->saidx
.src
.ss_family
) {
2354 struct sockaddr
*sa
;
2355 sa
= (struct sockaddr
*)(src0
+ 1);
2356 if (sa
->sa_family
!= newsp
->req
->saidx
.src
.ss_family
) {
2357 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
) {
2358 keydb_delsecpolicy(newsp
);
2360 ifnet_release(internal_if
);
2363 return key_senderror(so
, m
, EINVAL
);
2367 if (newsp
->req
&& newsp
->req
->saidx
.dst
.ss_family
) {
2368 struct sockaddr
*sa
;
2369 sa
= (struct sockaddr
*)(dst0
+ 1);
2370 if (sa
->sa_family
!= newsp
->req
->saidx
.dst
.ss_family
) {
2371 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
) {
2372 keydb_delsecpolicy(newsp
);
2374 ifnet_release(internal_if
);
2377 return key_senderror(so
, m
, EINVAL
);
2384 newsp
->created
= tv
.tv_sec
;
2385 newsp
->lastused
= tv
.tv_sec
;
2386 newsp
->lifetime
= lft
? lft
->sadb_lifetime_addtime
: 0;
2387 newsp
->validtime
= lft
? lft
->sadb_lifetime_usetime
: 0;
2389 if (outgoing_if
!= NULL
) {
2390 ifnet_find_by_name(outgoing_if
, &newsp
->outgoing_if
);
2392 if (ipsec_if
!= NULL
) {
2393 ifnet_find_by_name(ipsec_if
, &newsp
->ipsec_if
);
2395 if (init_disabled
> 0) {
2396 newsp
->disabled
= 1;
2399 newsp
->refcnt
= 1; /* do not reclaim until I say I do */
2400 newsp
->state
= IPSEC_SPSTATE_ALIVE
;
2401 lck_mtx_lock(sadb_mutex
);
2403 * policies of type generate should be at the end of the SPD
2404 * because they function as default discard policies
2405 * Don't start timehandler for generate policies
2407 if (newsp
->policy
== IPSEC_POLICY_GENERATE
)
2408 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2409 else { /* XXX until we have policy ordering in the kernel */
2410 struct secpolicy
*tmpsp
;
2412 LIST_FOREACH(tmpsp
, &sptree
[newsp
->spidx
.dir
], chain
)
2413 if (tmpsp
->policy
== IPSEC_POLICY_GENERATE
)
2416 LIST_INSERT_BEFORE(tmpsp
, newsp
, chain
);
2418 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2419 key_start_timehandler();
2422 ipsec_policy_count
++;
2423 /* Turn off the ipsec bypass */
2424 if (ipsec_bypass
!= 0)
2427 /* delete the entry in spacqtree */
2428 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2429 struct secspacq
*spacq
;
2430 if ((spacq
= key_getspacq(&spidx
)) != NULL
) {
2431 /* reset counter in order to deletion by timehandler. */
2433 spacq
->created
= tv
.tv_sec
;
2437 lck_mtx_unlock(sadb_mutex
);
2440 struct mbuf
*n
, *mpolicy
;
2441 struct sadb_msg
*newmsg
;
2444 /* create new sadb_msg to reply. */
2446 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2447 SADB_EXT_LIFETIME_HARD
, SADB_EXT_ADDRESS_SRC
,
2448 SADB_EXT_ADDRESS_DST
, SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2449 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2450 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2452 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2453 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
2454 SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2455 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2456 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2459 return key_senderror(so
, m
, ENOBUFS
);
2461 if (n
->m_len
< sizeof(*newmsg
)) {
2462 n
= m_pullup(n
, sizeof(*newmsg
));
2464 return key_senderror(so
, m
, ENOBUFS
);
2466 newmsg
= mtod(n
, struct sadb_msg
*);
2467 newmsg
->sadb_msg_errno
= 0;
2468 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2471 mpolicy
= m_pulldown(n
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)),
2472 sizeof(*xpl
), &off
);
2473 if (mpolicy
== NULL
) {
2474 /* n is already freed */
2475 return key_senderror(so
, m
, ENOBUFS
);
2477 xpl
= (struct sadb_x_policy
*)(void *)(mtod(mpolicy
, caddr_t
) + off
);
2478 if (xpl
->sadb_x_policy_exttype
!= SADB_X_EXT_POLICY
) {
2480 return key_senderror(so
, m
, EINVAL
);
2482 xpl
->sadb_x_policy_id
= newsp
->id
;
2485 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2490 * get new policy id.
2496 key_getnewspid(void)
2498 u_int32_t newid
= 0;
2499 int count
= key_spi_trycnt
; /* XXX */
2500 struct secpolicy
*sp
;
2502 /* when requesting to allocate spi ranged */
2503 lck_mtx_lock(sadb_mutex
);
2505 newid
= (policy_id
= (policy_id
== ~0 ? 1 : policy_id
+ 1));
2507 if ((sp
= __key_getspbyid(newid
)) == NULL
)
2510 key_freesp(sp
, KEY_SADB_LOCKED
);
2512 lck_mtx_unlock(sadb_mutex
);
2513 if (count
== 0 || newid
== 0) {
2514 ipseclog((LOG_DEBUG
, "key_getnewspid: to allocate policy id is failed.\n"));
2522 * SADB_SPDDELETE processing
2524 * <base, address(SD), policy(*)>
2525 * from the user(?), and set SADB_SASTATE_DEAD,
2527 * <base, address(SD), policy(*)>
2529 * policy(*) including direction of policy.
2531 * m will always be freed.
2537 const struct sadb_msghdr
*mhp
)
2539 struct sadb_address
*src0
, *dst0
, *src1
, *dst1
;
2540 struct sadb_x_policy
*xpl0
;
2541 struct secpolicyindex spidx
;
2542 struct secpolicy
*sp
;
2543 ifnet_t internal_if
= NULL
;
2544 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
2545 int use_src_range
= 0;
2546 int use_dst_range
= 0;
2548 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2551 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2552 panic("key_spddelete: NULL pointer is passed.\n");
2554 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
] != NULL
) {
2557 if (mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
] != NULL
&& mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
] != NULL
) {
2561 if ((!use_src_range
&& mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
) ||
2562 (!use_dst_range
&& mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) ||
2563 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
2564 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2565 return key_senderror(so
, m
, EINVAL
);
2567 if ((use_src_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_START
] < sizeof(struct sadb_address
)
2568 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_SRC_END
] < sizeof(struct sadb_address
))) ||
2569 (!use_src_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
)) ||
2570 (use_dst_range
&& (mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_START
] < sizeof(struct sadb_address
)
2571 || mhp
->extlen
[SADB_X_EXT_ADDR_RANGE_DST_END
] < sizeof(struct sadb_address
))) ||
2572 (!use_dst_range
&& mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) ||
2573 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2574 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2575 return key_senderror(so
, m
, EINVAL
);
2578 if (use_src_range
) {
2579 src0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_START
];
2580 src1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_SRC_END
];
2582 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2584 if (use_dst_range
) {
2585 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_START
];
2586 dst1
= (struct sadb_address
*)mhp
->ext
[SADB_X_EXT_ADDR_RANGE_DST_END
];
2588 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2590 xpl0
= (struct sadb_x_policy
*)(void *)mhp
->ext
[SADB_X_EXT_POLICY
];
2591 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[SADB_X_EXT_IPSECIF
];
2593 /* checking the direction. */
2594 switch (xpl0
->sadb_x_policy_dir
) {
2595 case IPSEC_DIR_INBOUND
:
2596 case IPSEC_DIR_OUTBOUND
:
2599 ipseclog((LOG_DEBUG
, "key_spddelete: Invalid SP direction.\n"));
2600 return key_senderror(so
, m
, EINVAL
);
2603 /* Process interfaces */
2604 if (ipsecifopts
!= NULL
) {
2605 if (ipsecifopts
->sadb_x_ipsecif_internal_if
[0]) {
2606 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_internal_if
, &internal_if
);
2611 /* XXX boundary check against sa_len */
2612 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2615 src0
->sadb_address_prefixlen
,
2616 dst0
->sadb_address_prefixlen
,
2617 src0
->sadb_address_proto
,
2619 use_src_range
? src0
+ 1 : NULL
,
2620 use_src_range
? src1
+ 1 : NULL
,
2621 use_dst_range
? dst0
+ 1 : NULL
,
2622 use_dst_range
? dst1
+ 1 : NULL
,
2625 /* Is there SP in SPD ? */
2626 lck_mtx_lock(sadb_mutex
);
2627 if ((sp
= key_getsp(&spidx
)) == NULL
) {
2628 ipseclog((LOG_DEBUG
, "key_spddelete: no SP found.\n"));
2629 lck_mtx_unlock(sadb_mutex
);
2631 ifnet_release(internal_if
);
2634 return key_senderror(so
, m
, EINVAL
);
2638 ifnet_release(internal_if
);
2642 /* save policy id to buffer to be returned. */
2643 xpl0
->sadb_x_policy_id
= sp
->id
;
2645 sp
->state
= IPSEC_SPSTATE_DEAD
;
2646 key_freesp(sp
, KEY_SADB_LOCKED
);
2647 lck_mtx_unlock(sadb_mutex
);
2652 struct sadb_msg
*newmsg
;
2653 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2654 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
,
2655 SADB_X_EXT_ADDR_RANGE_SRC_START
, SADB_X_EXT_ADDR_RANGE_SRC_END
,
2656 SADB_X_EXT_ADDR_RANGE_DST_START
, SADB_X_EXT_ADDR_RANGE_DST_END
};
2658 /* create new sadb_msg to reply. */
2659 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2661 return key_senderror(so
, m
, ENOBUFS
);
2663 newmsg
= mtod(n
, struct sadb_msg
*);
2664 newmsg
->sadb_msg_errno
= 0;
2665 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2668 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2673 * SADB_SPDDELETE2 processing
2676 * from the user(?), and set SADB_SASTATE_DEAD,
2680 * policy(*) including direction of policy.
2682 * m will always be freed.
2688 const struct sadb_msghdr
*mhp
)
2691 struct secpolicy
*sp
;
2693 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2696 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2697 panic("key_spddelete2: NULL pointer is passed.\n");
2699 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2700 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2701 ipseclog((LOG_DEBUG
, "key_spddelete2: invalid message is passed.\n"));
2702 key_senderror(so
, m
, EINVAL
);
2706 id
= ((struct sadb_x_policy
*)
2707 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2709 /* Is there SP in SPD ? */
2710 lck_mtx_lock(sadb_mutex
);
2711 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2712 lck_mtx_unlock(sadb_mutex
);
2713 ipseclog((LOG_DEBUG
, "key_spddelete2: no SP found id:%u.\n", id
));
2714 return key_senderror(so
, m
, EINVAL
);
2717 sp
->state
= IPSEC_SPSTATE_DEAD
;
2718 key_freesp(sp
, KEY_SADB_LOCKED
);
2719 lck_mtx_unlock(sadb_mutex
);
2722 struct mbuf
*n
, *nn
;
2723 struct sadb_msg
*newmsg
;
2726 /* create new sadb_msg to reply. */
2727 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2730 return key_senderror(so
, m
, ENOBUFS
);
2731 MGETHDR(n
, M_WAITOK
, MT_DATA
);
2732 if (n
&& len
> MHLEN
) {
2733 MCLGET(n
, M_WAITOK
);
2734 if ((n
->m_flags
& M_EXT
) == 0) {
2740 return key_senderror(so
, m
, ENOBUFS
);
2746 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
2747 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2751 panic("length inconsistency in key_spddelete2");
2754 n
->m_next
= m_copym(m
, mhp
->extoff
[SADB_X_EXT_POLICY
],
2755 mhp
->extlen
[SADB_X_EXT_POLICY
], M_WAITOK
);
2758 return key_senderror(so
, m
, ENOBUFS
);
2761 n
->m_pkthdr
.len
= 0;
2762 for (nn
= n
; nn
; nn
= nn
->m_next
)
2763 n
->m_pkthdr
.len
+= nn
->m_len
;
2765 newmsg
= mtod(n
, struct sadb_msg
*);
2766 newmsg
->sadb_msg_errno
= 0;
2767 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2770 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2778 const struct sadb_msghdr
*mhp
)
2781 struct secpolicy
*sp
;
2783 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2786 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2787 panic("key_spdenable: NULL pointer is passed.\n");
2789 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2790 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2791 ipseclog((LOG_DEBUG
, "key_spdenable: invalid message is passed.\n"));
2792 key_senderror(so
, m
, EINVAL
);
2796 id
= ((struct sadb_x_policy
*)
2797 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2799 /* Is there SP in SPD ? */
2800 lck_mtx_lock(sadb_mutex
);
2801 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2802 lck_mtx_unlock(sadb_mutex
);
2803 ipseclog((LOG_DEBUG
, "key_spdenable: no SP found id:%u.\n", id
));
2804 return key_senderror(so
, m
, EINVAL
);
2808 lck_mtx_unlock(sadb_mutex
);
2812 struct sadb_msg
*newmsg
;
2813 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
};
2815 /* create new sadb_msg to reply. */
2816 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2818 return key_senderror(so
, m
, ENOBUFS
);
2820 if (n
->m_len
< sizeof(struct sadb_msg
)) {
2821 n
= m_pullup(n
, sizeof(struct sadb_msg
));
2823 return key_senderror(so
, m
, ENOBUFS
);
2825 newmsg
= mtod(n
, struct sadb_msg
*);
2826 newmsg
->sadb_msg_errno
= 0;
2827 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2830 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2838 const struct sadb_msghdr
*mhp
)
2841 struct secpolicy
*sp
;
2843 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2846 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2847 panic("key_spddisable: NULL pointer is passed.\n");
2849 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2850 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2851 ipseclog((LOG_DEBUG
, "key_spddisable: invalid message is passed.\n"));
2852 key_senderror(so
, m
, EINVAL
);
2856 id
= ((struct sadb_x_policy
*)
2857 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2859 /* Is there SP in SPD ? */
2860 lck_mtx_lock(sadb_mutex
);
2861 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2862 lck_mtx_unlock(sadb_mutex
);
2863 ipseclog((LOG_DEBUG
, "key_spddisable: no SP found id:%u.\n", id
));
2864 return key_senderror(so
, m
, EINVAL
);
2868 lck_mtx_unlock(sadb_mutex
);
2872 struct sadb_msg
*newmsg
;
2873 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
};
2875 /* create new sadb_msg to reply. */
2876 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2878 return key_senderror(so
, m
, ENOBUFS
);
2880 if (n
->m_len
< sizeof(struct sadb_msg
)) {
2881 n
= m_pullup(n
, sizeof(struct sadb_msg
));
2883 return key_senderror(so
, m
, ENOBUFS
);
2885 newmsg
= mtod(n
, struct sadb_msg
*);
2886 newmsg
->sadb_msg_errno
= 0;
2887 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2890 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2895 * SADB_X_GET processing
2900 * <base, address(SD), policy>
2902 * policy(*) including direction of policy.
2904 * m will always be freed.
2910 const struct sadb_msghdr
*mhp
)
2913 struct secpolicy
*sp
;
2916 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2919 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2920 panic("key_spdget: NULL pointer is passed.\n");
2922 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2923 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2924 ipseclog((LOG_DEBUG
, "key_spdget: invalid message is passed.\n"));
2925 return key_senderror(so
, m
, EINVAL
);
2928 id
= ((struct sadb_x_policy
*)
2929 (void *)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2931 /* Is there SP in SPD ? */
2932 lck_mtx_lock(sadb_mutex
);
2933 if ((sp
= __key_getspbyid(id
)) == NULL
) {
2934 ipseclog((LOG_DEBUG
, "key_spdget: no SP found id:%u.\n", id
));
2935 lck_mtx_unlock(sadb_mutex
);
2936 return key_senderror(so
, m
, ENOENT
);
2938 lck_mtx_unlock(sadb_mutex
);
2939 n
= key_setdumpsp(sp
, SADB_X_SPDGET
, 0, mhp
->msg
->sadb_msg_pid
);
2942 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2944 return key_senderror(so
, m
, ENOBUFS
);
2948 * SADB_X_SPDACQUIRE processing.
2949 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2952 * to KMD, and expect to receive
2953 * <base> with SADB_X_SPDACQUIRE if error occurred,
2956 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2957 * policy(*) is without policy requests.
2960 * others: error number
2964 struct secpolicy
*sp
)
2966 struct mbuf
*result
= NULL
, *m
;
2967 struct secspacq
*newspacq
;
2970 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2974 panic("key_spdacquire: NULL pointer is passed.\n");
2975 if (sp
->req
!= NULL
)
2976 panic("key_spdacquire: called but there is request.\n");
2977 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2978 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2980 /* get a entry to check whether sent message or not. */
2981 lck_mtx_lock(sadb_mutex
);
2982 if ((newspacq
= key_getspacq(&sp
->spidx
)) != NULL
) {
2983 if (key_blockacq_count
< newspacq
->count
) {
2984 /* reset counter and do send message. */
2985 newspacq
->count
= 0;
2987 /* increment counter and do nothing. */
2989 lck_mtx_unlock(sadb_mutex
);
2993 /* make new entry for blocking to send SADB_ACQUIRE. */
2994 if ((newspacq
= key_newspacq(&sp
->spidx
)) == NULL
) {
2995 lck_mtx_unlock(sadb_mutex
);
2998 /* add to acqtree */
2999 LIST_INSERT_HEAD(&spacqtree
, newspacq
, chain
);
3000 key_start_timehandler();
3002 lck_mtx_unlock(sadb_mutex
);
3003 /* create new sadb_msg to reply. */
3004 m
= key_setsadbmsg(SADB_X_SPDACQUIRE
, 0, 0, 0, 0, 0);
3011 result
->m_pkthdr
.len
= 0;
3012 for (m
= result
; m
; m
= m
->m_next
)
3013 result
->m_pkthdr
.len
+= m
->m_len
;
3015 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3016 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3018 return key_sendup_mbuf(NULL
, m
, KEY_SENDUP_REGISTERED
);
3027 * SADB_SPDFLUSH processing
3030 * from the user, and free all entries in secpctree.
3034 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
3036 * m will always be freed.
3042 const struct sadb_msghdr
*mhp
)
3044 struct sadb_msg
*newmsg
;
3045 struct secpolicy
*sp
;
3049 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
3050 panic("key_spdflush: NULL pointer is passed.\n");
3052 if (m
->m_len
!= PFKEY_ALIGN8(sizeof(struct sadb_msg
)))
3053 return key_senderror(so
, m
, EINVAL
);
3055 lck_mtx_lock(sadb_mutex
);
3056 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3057 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
3058 sp
->state
= IPSEC_SPSTATE_DEAD
;
3061 lck_mtx_unlock(sadb_mutex
);
3063 if (sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
3064 ipseclog((LOG_DEBUG
, "key_spdflush: No more memory.\n"));
3065 return key_senderror(so
, m
, ENOBUFS
);
3071 m
->m_pkthdr
.len
= m
->m_len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
3072 newmsg
= mtod(m
, struct sadb_msg
*);
3073 newmsg
->sadb_msg_errno
= 0;
3074 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
3076 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
3080 * SADB_SPDDUMP processing
3083 * from the user, and dump all SP leaves
3088 * m will always be freed.
3095 const struct sadb_msghdr
*mhp
)
3097 struct secpolicy
*sp
, **spbuf
= NULL
, **sp_ptr
;
3098 int cnt
= 0, bufcount
;
3104 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
3105 panic("key_spddump: NULL pointer is passed.\n");
3107 if ((bufcount
= ipsec_policy_count
) == 0) {
3111 bufcount
+= 256; /* extra */
3112 KMALLOC_WAIT(spbuf
, struct secpolicy
**, bufcount
* sizeof(struct secpolicy
*));
3113 if (spbuf
== NULL
) {
3114 ipseclog((LOG_DEBUG
, "key_spddump: No more memory.\n"));
3118 lck_mtx_lock(sadb_mutex
);
3119 /* search SPD entry, make list. */
3121 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
3122 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
3123 if (cnt
== bufcount
)
3124 break; /* buffer full */
3130 lck_mtx_unlock(sadb_mutex
);
3140 n
= key_setdumpsp(*sp_ptr
++, SADB_X_SPDDUMP
, cnt
,
3141 mhp
->msg
->sadb_msg_pid
);
3144 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
3147 lck_mtx_lock(sadb_mutex
);
3148 while (sp_ptr
> spbuf
)
3149 key_freesp(*(--sp_ptr
), KEY_SADB_LOCKED
);
3150 lck_mtx_unlock(sadb_mutex
);
3156 return key_senderror(so
, m
, error
);
3163 static struct mbuf
*
3165 struct secpolicy
*sp
,
3170 struct mbuf
*result
= NULL
, *m
;
3172 m
= key_setsadbmsg(type
, 0, SADB_SATYPE_UNSPEC
, seq
, pid
, sp
->refcnt
);
3177 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
3178 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
3179 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
3180 sp
->spidx
.ul_proto
);
3185 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
3186 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
3187 sp
->spidx
.ul_proto
);
3192 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3193 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
3194 sp
->spidx
.ul_proto
);
3200 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
3201 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
3202 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
3203 sp
->spidx
.ul_proto
);
3208 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
3209 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
3210 sp
->spidx
.ul_proto
);
3215 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3216 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
3217 sp
->spidx
.ul_proto
);
3223 if (sp
->spidx
.internal_if
|| sp
->outgoing_if
|| sp
->ipsec_if
|| sp
->disabled
) {
3224 m
= key_setsadbipsecif(sp
->spidx
.internal_if
, sp
->outgoing_if
, sp
->ipsec_if
, sp
->disabled
);
3235 if ((result
->m_flags
& M_PKTHDR
) == 0)
3238 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3239 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3244 result
->m_pkthdr
.len
= 0;
3245 for (m
= result
; m
; m
= m
->m_next
)
3246 result
->m_pkthdr
.len
+= m
->m_len
;
3248 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3249 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3259 * get PFKEY message length for security policy and request.
3263 struct secpolicy
*sp
)
3267 tlen
= sizeof(struct sadb_x_policy
);
3269 /* if is the policy for ipsec ? */
3270 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
3273 /* get length of ipsec requests */
3275 struct ipsecrequest
*isr
;
3278 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
3279 len
= sizeof(struct sadb_x_ipsecrequest
)
3280 + isr
->saidx
.src
.ss_len
3281 + isr
->saidx
.dst
.ss_len
;
3283 tlen
+= PFKEY_ALIGN8(len
);
3291 * SADB_SPDEXPIRE processing
3293 * <base, address(SD), lifetime(CH), policy>
3297 * others : error number
3301 struct secpolicy
*sp
)
3303 struct mbuf
*result
= NULL
, *m
;
3306 struct sadb_lifetime
*lt
;
3308 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
3312 panic("key_spdexpire: NULL pointer is passed.\n");
3314 /* set msg header */
3315 m
= key_setsadbmsg(SADB_X_SPDEXPIRE
, 0, 0, 0, 0, 0);
3322 /* create lifetime extension (current and hard) */
3323 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
3324 m
= key_alloc_mbuf(len
);
3325 if (!m
|| m
->m_next
) { /*XXX*/
3331 bzero(mtod(m
, caddr_t
), len
);
3332 lt
= mtod(m
, struct sadb_lifetime
*);
3333 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3334 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
3335 lt
->sadb_lifetime_allocations
= 0;
3336 lt
->sadb_lifetime_bytes
= 0;
3337 lt
->sadb_lifetime_addtime
= sp
->created
;
3338 lt
->sadb_lifetime_usetime
= sp
->lastused
;
3339 lt
= (struct sadb_lifetime
*)(void *)(mtod(m
, caddr_t
) + len
/ 2);
3340 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3341 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_HARD
;
3342 lt
->sadb_lifetime_allocations
= 0;
3343 lt
->sadb_lifetime_bytes
= 0;
3344 lt
->sadb_lifetime_addtime
= sp
->lifetime
;
3345 lt
->sadb_lifetime_usetime
= sp
->validtime
;
3348 /* set sadb_address(es) for source */
3349 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
3350 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
3351 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
3352 sp
->spidx
.ul_proto
);
3359 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
3360 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
3361 sp
->spidx
.ul_proto
);
3368 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3369 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
3370 sp
->spidx
.ul_proto
);
3378 /* set sadb_address(es) for dest */
3379 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
3380 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
3381 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
3382 sp
->spidx
.ul_proto
);
3389 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
3390 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
3391 sp
->spidx
.ul_proto
);
3398 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3399 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
3400 sp
->spidx
.ul_proto
);
3416 if ((result
->m_flags
& M_PKTHDR
) == 0) {
3421 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3422 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3423 if (result
== NULL
) {
3429 result
->m_pkthdr
.len
= 0;
3430 for (m
= result
; m
; m
= m
->m_next
)
3431 result
->m_pkthdr
.len
+= m
->m_len
;
3433 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3434 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3436 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
3444 /* %%% SAD management */
3446 * allocating a memory for new SA head, and copy from the values of mhp.
3447 * OUT: NULL : failure due to the lack of memory.
3448 * others : pointer to new SA head.
3450 static struct secashead
*
3451 key_newsah(struct secasindex
*saidx
,
3456 struct secashead
*newsah
;
3460 panic("key_newsaidx: NULL pointer is passed.\n");
3462 newsah
= keydb_newsecashead();
3466 bcopy(saidx
, &newsah
->saidx
, sizeof(newsah
->saidx
));
3468 /* remove the ports */
3469 switch (saidx
->src
.ss_family
) {
3471 ((struct sockaddr_in
*)(&newsah
->saidx
.src
))->sin_port
= IPSEC_PORT_ANY
;
3474 ((struct sockaddr_in6
*)(&newsah
->saidx
.src
))->sin6_port
= IPSEC_PORT_ANY
;
3479 switch (saidx
->dst
.ss_family
) {
3481 ((struct sockaddr_in
*)(&newsah
->saidx
.dst
))->sin_port
= IPSEC_PORT_ANY
;
3484 ((struct sockaddr_in6
*)(&newsah
->saidx
.dst
))->sin6_port
= IPSEC_PORT_ANY
;
3490 newsah
->outgoing_if
= outgoing_if
;
3492 ifnet_reference(ipsec_if
);
3493 newsah
->ipsec_if
= ipsec_if
;
3496 /* add to saidxtree */
3497 newsah
->state
= SADB_SASTATE_MATURE
;
3498 LIST_INSERT_HEAD(&sahtree
, newsah
, chain
);
3499 key_start_timehandler();
3505 * delete SA index and all SA registerd.
3509 struct secashead
*sah
)
3511 struct secasvar
*sav
, *nextsav
;
3512 u_int stateidx
, state
;
3515 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3519 panic("key_delsah: NULL pointer is passed.\n");
3521 /* searching all SA registerd in the secindex. */
3523 stateidx
< _ARRAYLEN(saorder_state_any
);
3526 state
= saorder_state_any
[stateidx
];
3527 for (sav
= (struct secasvar
*)LIST_FIRST(&sah
->savtree
[state
]);
3531 nextsav
= LIST_NEXT(sav
, chain
);
3533 if (sav
->refcnt
> 0) {
3534 /* give up to delete this sa */
3540 KEY_CHKSASTATE(state
, sav
->state
, "key_delsah");
3542 key_freesav(sav
, KEY_SADB_LOCKED
);
3544 /* remove back pointer */
3550 /* don't delete sah only if there are savs. */
3554 ROUTE_RELEASE(&sah
->sa_route
);
3556 if (sah
->ipsec_if
) {
3557 ifnet_release(sah
->ipsec_if
);
3558 sah
->ipsec_if
= NULL
;
3569 /* remove from tree of SA index */
3570 if (__LIST_CHAINED(sah
))
3571 LIST_REMOVE(sah
, chain
);
3579 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3580 * and copy the values of mhp into new buffer.
3581 * When SAD message type is GETSPI:
3582 * to set sequence number from acq_seq++,
3583 * to set zero to SPI.
3584 * not to call key_setsava().
3586 * others : pointer to new secasvar.
3588 * does not modify mbuf. does not free mbuf on error.
3590 static struct secasvar
*
3593 const struct sadb_msghdr
*mhp
,
3594 struct secashead
*sah
,
3598 struct secasvar
*newsav
;
3599 const struct sadb_sa
*xsa
;
3601 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3604 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
|| sah
== NULL
)
3605 panic("key_newsa: NULL pointer is passed.\n");
3607 KMALLOC_NOWAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3608 if (newsav
== NULL
) {
3609 lck_mtx_unlock(sadb_mutex
);
3610 KMALLOC_WAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3611 lck_mtx_lock(sadb_mutex
);
3612 if (newsav
== NULL
) {
3613 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3618 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
3620 switch (mhp
->msg
->sadb_msg_type
) {
3622 key_setspi(newsav
, 0);
3624 #if IPSEC_DOSEQCHECK
3625 /* sync sequence number */
3626 if (mhp
->msg
->sadb_msg_seq
== 0)
3628 (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
3631 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3636 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
3638 ipseclog((LOG_DEBUG
, "key_newsa: invalid message is passed.\n"));
3642 xsa
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
3643 key_setspi(newsav
, xsa
->sadb_sa_spi
);
3644 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3652 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
3653 if (((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_alwaysexpire
)
3654 newsav
->always_expire
= 1;
3655 newsav
->flags2
= ((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_flags
;
3656 if (newsav
->flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
) {
3661 /* copy sav values */
3662 if (mhp
->msg
->sadb_msg_type
!= SADB_GETSPI
) {
3663 *errp
= key_setsaval(newsav
, m
, mhp
);
3669 /* For get SPI, if has a hard lifetime, apply */
3670 const struct sadb_lifetime
*lft0
;
3673 lft0
= (struct sadb_lifetime
*)(void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
3675 /* make lifetime for CURRENT */
3676 KMALLOC_NOWAIT(newsav
->lft_c
, struct sadb_lifetime
*,
3677 sizeof(struct sadb_lifetime
));
3678 if (newsav
->lft_c
== NULL
) {
3679 lck_mtx_unlock(sadb_mutex
);
3680 KMALLOC_WAIT(newsav
->lft_c
, struct sadb_lifetime
*,
3681 sizeof(struct sadb_lifetime
));
3682 lck_mtx_lock(sadb_mutex
);
3683 if (newsav
->lft_c
== NULL
) {
3684 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3693 newsav
->lft_c
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3694 newsav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
3695 newsav
->lft_c
->sadb_lifetime_allocations
= 0;
3696 newsav
->lft_c
->sadb_lifetime_bytes
= 0;
3697 newsav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
3698 newsav
->lft_c
->sadb_lifetime_usetime
= 0;
3700 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
3701 ipseclog((LOG_DEBUG
, "key_newsa: invalid hard lifetime ext len.\n"));
3706 newsav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
, sizeof(*lft0
));
3707 if (newsav
->lft_h
== NULL
) {
3708 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3720 newsav
->created
= tv
.tv_sec
;
3723 newsav
->pid
= mhp
->msg
->sadb_msg_pid
;
3728 newsav
->state
= SADB_SASTATE_LARVAL
;
3729 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
3737 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3738 * and copy the values passed into new buffer.
3739 * When SAD message type is GETSPI:
3740 * to set sequence number from acq_seq++,
3741 * to set zero to SPI.
3742 * not to call key_setsava().
3744 * others : pointer to new secasvar.
3747 key_newsav2(struct secashead
*sah
,
3753 struct sadb_key
*key_auth
,
3754 u_int16_t key_auth_len
,
3755 struct sadb_key
*key_enc
,
3756 u_int16_t key_enc_len
,
3757 u_int16_t natt_port
,
3761 struct sadb_lifetime
*lifetime_hard
,
3762 struct sadb_lifetime
*lifetime_soft
)
3764 struct secasvar
*newsav
;
3766 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3770 panic("key_newsa: NULL pointer is passed.\n");
3772 KMALLOC_NOWAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3773 if (newsav
== NULL
) {
3774 lck_mtx_unlock(sadb_mutex
);
3775 KMALLOC_WAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3776 lck_mtx_lock(sadb_mutex
);
3777 if (newsav
== NULL
) {
3778 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3782 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
3784 #if IPSEC_DOSEQCHECK
3785 /* sync sequence number */
3787 newsav
->seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
3791 key_setspi(newsav
, spi
);
3793 if (key_setsaval2(newsav
,
3817 newsav
->created
= tv
.tv_sec
;
3825 if (spi
&& key_auth
&& key_auth_len
&& key_enc
&& key_enc_len
) {
3826 newsav
->state
= SADB_SASTATE_MATURE
;
3827 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_MATURE
], newsav
,
3830 newsav
->state
= SADB_SASTATE_LARVAL
;
3831 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
3840 key_migratesav(struct secasvar
*sav
,
3841 struct secashead
*newsah
)
3843 if (sav
== NULL
|| newsah
== NULL
|| sav
->state
!= SADB_SASTATE_MATURE
) {
3847 /* remove from SA header */
3848 if (__LIST_CHAINED(sav
))
3849 LIST_REMOVE(sav
, chain
);
3852 LIST_INSERT_TAIL(&newsah
->savtree
[SADB_SASTATE_MATURE
], sav
, secasvar
, chain
);
3857 * free() SA variable entry.
3861 struct secasvar
*sav
)
3864 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3868 panic("key_delsav: NULL pointer is passed.\n");
3870 if (sav
->refcnt
> 0)
3871 return; /* can't free */
3873 /* remove from SA header */
3874 if (__LIST_CHAINED(sav
))
3875 LIST_REMOVE(sav
, chain
);
3878 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
3879 LIST_REMOVE(sav
, spihash
);
3881 if (sav
->key_auth
!= NULL
) {
3882 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
3883 KFREE(sav
->key_auth
);
3884 sav
->key_auth
= NULL
;
3886 if (sav
->key_enc
!= NULL
) {
3887 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
3888 KFREE(sav
->key_enc
);
3889 sav
->key_enc
= NULL
;
3892 bzero(sav
->sched
, sav
->schedlen
);
3896 if (sav
->replay
!= NULL
) {
3897 keydb_delsecreplay(sav
->replay
);
3900 if (sav
->lft_c
!= NULL
) {
3904 if (sav
->lft_h
!= NULL
) {
3908 if (sav
->lft_s
!= NULL
) {
3912 if (sav
->iv
!= NULL
) {
3926 * others : found, pointer to a SA.
3928 static struct secashead
*
3929 key_getsah(struct secasindex
*saidx
)
3931 struct secashead
*sah
;
3933 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3935 LIST_FOREACH(sah
, &sahtree
, chain
) {
3936 if (sah
->state
== SADB_SASTATE_DEAD
)
3938 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_REQID
))
3946 key_newsah2 (struct secasindex
*saidx
,
3949 struct secashead
*sah
;
3951 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3953 sah
= key_getsah(saidx
);
3955 return(key_newsah(saidx
, NULL
, 0, dir
));
3961 * check not to be duplicated SPI.
3962 * NOTE: this function is too slow due to searching all SAD.
3965 * others : found, pointer to a SA.
3967 static struct secasvar
*
3969 struct secasindex
*saidx
,
3972 struct secasvar
*sav
;
3973 u_int stateidx
, state
;
3975 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3977 /* check address family */
3978 if (saidx
->src
.ss_family
!= saidx
->dst
.ss_family
) {
3979 ipseclog((LOG_DEBUG
, "key_checkspidup: address family mismatched.\n"));
3984 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
3985 if (sav
->spi
!= spi
)
3988 stateidx
< _ARRAYLEN(saorder_state_alive
);
3990 state
= saorder_state_alive
[stateidx
];
3991 if (sav
->state
== state
&&
3992 key_ismyaddr((struct sockaddr
*)&sav
->sah
->saidx
.dst
))
4002 struct secasvar
*sav
,
4005 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4007 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
4008 LIST_REMOVE(sav
, spihash
);
4009 LIST_INSERT_HEAD(&spihash
[SPIHASH(spi
)], sav
, spihash
);
4014 * search SAD litmited alive SA, protocol, SPI.
4017 * others : found, pointer to a SA.
4019 static struct secasvar
*
4021 struct secashead
*sah
,
4024 struct secasvar
*sav
, *match
;
4025 u_int stateidx
, state
, matchidx
;
4027 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4029 matchidx
= _ARRAYLEN(saorder_state_alive
);
4030 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
4031 if (sav
->spi
!= spi
)
4033 if (sav
->sah
!= sah
)
4035 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
4036 state
= saorder_state_alive
[stateidx
];
4037 if (sav
->state
== state
) {
4039 matchidx
= stateidx
;
4049 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4050 * You must update these if need.
4054 * does not modify mbuf. does not free mbuf on error.
4058 struct secasvar
*sav
,
4060 const struct sadb_msghdr
*mhp
)
4063 const struct esp_algorithm
*algo
;
4068 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4071 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
4072 panic("key_setsaval: NULL pointer is passed.\n");
4074 /* initialization */
4076 sav
->key_auth
= NULL
;
4077 sav
->key_enc
= NULL
;
4084 sav
->remote_ike_port
= 0;
4085 sav
->natt_last_activity
= natt_now
;
4086 sav
->natt_encapsulated_src_port
= 0;
4089 if (mhp
->ext
[SADB_EXT_SA
] != NULL
) {
4090 const struct sadb_sa
*sa0
;
4092 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
4093 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(*sa0
)) {
4094 ipseclog((LOG_DEBUG
, "key_setsaval: invalid message size.\n"));
4099 sav
->alg_auth
= sa0
->sadb_sa_auth
;
4100 sav
->alg_enc
= sa0
->sadb_sa_encrypt
;
4101 sav
->flags
= sa0
->sadb_sa_flags
;
4104 * Verify that a nat-traversal port was specified if
4105 * the nat-traversal flag is set.
4107 if ((sav
->flags
& SADB_X_EXT_NATT
) != 0) {
4108 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa_2
) ||
4109 ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
== 0) {
4110 ipseclog((LOG_DEBUG
, "key_setsaval: natt port not set.\n"));
4114 sav
->remote_ike_port
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
;
4115 sav
->natt_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_interval
;
4116 sav
->natt_offload_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_offload_interval
;
4120 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4121 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4122 * set (we're not behind nat) - otherwise clear it.
4124 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
4125 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
4126 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
4127 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
4130 if ((sa0
->sadb_sa_flags
& SADB_X_EXT_OLD
) == 0) {
4131 sav
->replay
= keydb_newsecreplay(sa0
->sadb_sa_replay
);
4132 if (sav
->replay
== NULL
) {
4133 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4140 /* Authentication keys */
4141 if (mhp
->ext
[SADB_EXT_KEY_AUTH
] != NULL
) {
4142 const struct sadb_key
*key0
;
4145 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_AUTH
];
4146 len
= mhp
->extlen
[SADB_EXT_KEY_AUTH
];
4149 if (len
< sizeof(*key0
)) {
4150 ipseclog((LOG_DEBUG
, "key_setsaval: invalid auth key ext len. len = %d\n", len
));
4154 switch (mhp
->msg
->sadb_msg_satype
) {
4155 case SADB_SATYPE_AH
:
4156 case SADB_SATYPE_ESP
:
4157 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
4158 sav
->alg_auth
!= SADB_X_AALG_NULL
)
4161 case SADB_X_SATYPE_IPCOMP
:
4167 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_auth values.\n"));
4171 sav
->key_auth
= (struct sadb_key
*)key_newbuf(key0
, len
);
4172 if (sav
->key_auth
== NULL
) {
4173 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4179 /* Encryption key */
4180 if (mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] != NULL
) {
4181 const struct sadb_key
*key0
;
4184 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_ENCRYPT
];
4185 len
= mhp
->extlen
[SADB_EXT_KEY_ENCRYPT
];
4188 if (len
< sizeof(*key0
)) {
4189 ipseclog((LOG_DEBUG
, "key_setsaval: invalid encryption key ext len. len = %d\n", len
));
4193 switch (mhp
->msg
->sadb_msg_satype
) {
4194 case SADB_SATYPE_ESP
:
4195 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
4196 sav
->alg_enc
!= SADB_EALG_NULL
) {
4197 ipseclog((LOG_DEBUG
, "key_setsaval: invalid ESP algorithm.\n"));
4201 sav
->key_enc
= (struct sadb_key
*)key_newbuf(key0
, len
);
4202 if (sav
->key_enc
== NULL
) {
4203 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4208 case SADB_X_SATYPE_IPCOMP
:
4209 if (len
!= PFKEY_ALIGN8(sizeof(struct sadb_key
)))
4211 sav
->key_enc
= NULL
; /*just in case*/
4213 case SADB_SATYPE_AH
:
4219 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_enc value.\n"));
4227 switch (mhp
->msg
->sadb_msg_satype
) {
4228 case SADB_SATYPE_ESP
:
4230 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4231 if (algo
&& algo
->ivlen
)
4232 sav
->ivlen
= (*algo
->ivlen
)(algo
, sav
);
4233 if (sav
->ivlen
== 0)
4235 KMALLOC_NOWAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4237 lck_mtx_unlock(sadb_mutex
);
4238 KMALLOC_WAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4239 lck_mtx_lock(sadb_mutex
);
4241 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4248 key_randomfill(sav
->iv
, sav
->ivlen
);
4251 case SADB_SATYPE_AH
:
4252 case SADB_X_SATYPE_IPCOMP
:
4255 ipseclog((LOG_DEBUG
, "key_setsaval: invalid SA type.\n"));
4262 sav
->created
= tv
.tv_sec
;
4264 /* make lifetime for CURRENT */
4265 KMALLOC_NOWAIT(sav
->lft_c
, struct sadb_lifetime
*,
4266 sizeof(struct sadb_lifetime
));
4267 if (sav
->lft_c
== NULL
) {
4268 lck_mtx_unlock(sadb_mutex
);
4269 KMALLOC_WAIT(sav
->lft_c
, struct sadb_lifetime
*,
4270 sizeof(struct sadb_lifetime
));
4271 lck_mtx_lock(sadb_mutex
);
4272 if (sav
->lft_c
== NULL
) {
4273 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4281 sav
->lft_c
->sadb_lifetime_len
=
4282 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
4283 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
4284 sav
->lft_c
->sadb_lifetime_allocations
= 0;
4285 sav
->lft_c
->sadb_lifetime_bytes
= 0;
4286 sav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
4287 sav
->lft_c
->sadb_lifetime_usetime
= 0;
4289 /* lifetimes for HARD and SOFT */
4291 const struct sadb_lifetime
*lft0
;
4293 lft0
= (struct sadb_lifetime
*)
4294 (void *)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
4296 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
4297 ipseclog((LOG_DEBUG
, "key_setsaval: invalid hard lifetime ext len.\n"));
4301 sav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
,
4303 if (sav
->lft_h
== NULL
) {
4304 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4308 /* to be initialize ? */
4311 lft0
= (struct sadb_lifetime
*)
4312 (void *)mhp
->ext
[SADB_EXT_LIFETIME_SOFT
];
4314 if (mhp
->extlen
[SADB_EXT_LIFETIME_SOFT
] < sizeof(*lft0
)) {
4315 ipseclog((LOG_DEBUG
, "key_setsaval: invalid soft lifetime ext len.\n"));
4319 sav
->lft_s
= (struct sadb_lifetime
*)key_newbuf(lft0
,
4321 if (sav
->lft_s
== NULL
) {
4322 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4326 /* to be initialize ? */
4333 /* initialization */
4334 if (sav
->replay
!= NULL
) {
4335 keydb_delsecreplay(sav
->replay
);
4338 if (sav
->key_auth
!= NULL
) {
4339 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
4340 KFREE(sav
->key_auth
);
4341 sav
->key_auth
= NULL
;
4343 if (sav
->key_enc
!= NULL
) {
4344 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
4345 KFREE(sav
->key_enc
);
4346 sav
->key_enc
= NULL
;
4349 bzero(sav
->sched
, sav
->schedlen
);
4353 if (sav
->iv
!= NULL
) {
4357 if (sav
->lft_c
!= NULL
) {
4361 if (sav
->lft_h
!= NULL
) {
4365 if (sav
->lft_s
!= NULL
) {
4374 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4375 * You must update these if need.
4379 * does not modify mbuf. does not free mbuf on error.
4382 key_setsaval2(struct secasvar
*sav
,
4388 struct sadb_key
*key_auth
,
4389 u_int16_t key_auth_len
,
4390 struct sadb_key
*key_enc
,
4391 u_int16_t key_enc_len
,
4392 u_int16_t natt_port
,
4396 struct sadb_lifetime
*lifetime_hard
,
4397 struct sadb_lifetime
*lifetime_soft
)
4400 const struct esp_algorithm
*algo
;
4405 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4407 /* initialization */
4409 sav
->key_auth
= NULL
;
4410 sav
->key_enc
= NULL
;
4417 sav
->remote_ike_port
= 0;
4418 sav
->natt_last_activity
= natt_now
;
4419 sav
->natt_encapsulated_src_port
= 0;
4421 sav
->alg_auth
= alg_auth
;
4422 sav
->alg_enc
= alg_enc
;
4426 key_setspi(sav
, htonl(spi
));
4429 * Verify that a nat-traversal port was specified if
4430 * the nat-traversal flag is set.
4432 if ((sav
->flags
& SADB_X_EXT_NATT
) != 0) {
4433 if (natt_port
== 0) {
4434 ipseclog((LOG_DEBUG
, "key_setsaval2: natt port not set.\n"));
4438 sav
->remote_ike_port
= natt_port
;
4442 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4443 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4444 * set (we're not behind nat) - otherwise clear it.
4446 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
4447 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
4448 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
4449 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
4452 if ((flags
& SADB_X_EXT_OLD
) == 0) {
4453 sav
->replay
= keydb_newsecreplay(replay
);
4454 if (sav
->replay
== NULL
) {
4455 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4461 /* Authentication keys */
4462 sav
->key_auth
= (__typeof__(sav
->key_auth
))key_newbuf(key_auth
, key_auth_len
);
4463 if (sav
->key_auth
== NULL
) {
4464 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4469 /* Encryption key */
4470 sav
->key_enc
= (__typeof__(sav
->key_enc
))key_newbuf(key_enc
, key_enc_len
);
4471 if (sav
->key_enc
== NULL
) {
4472 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4480 if (satype
== SADB_SATYPE_ESP
) {
4482 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4483 if (algo
&& algo
->ivlen
)
4484 sav
->ivlen
= (*algo
->ivlen
)(algo
, sav
);
4485 if (sav
->ivlen
!= 0) {
4486 KMALLOC_NOWAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4488 lck_mtx_unlock(sadb_mutex
);
4489 KMALLOC_WAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
4490 lck_mtx_lock(sadb_mutex
);
4492 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4498 key_randomfill(sav
->iv
, sav
->ivlen
);
4505 sav
->created
= tv
.tv_sec
;
4507 /* make lifetime for CURRENT */
4508 KMALLOC_NOWAIT(sav
->lft_c
, struct sadb_lifetime
*,
4509 sizeof(struct sadb_lifetime
));
4510 if (sav
->lft_c
== NULL
) {
4511 lck_mtx_unlock(sadb_mutex
);
4512 KMALLOC_WAIT(sav
->lft_c
, struct sadb_lifetime
*,
4513 sizeof(struct sadb_lifetime
));
4514 lck_mtx_lock(sadb_mutex
);
4515 if (sav
->lft_c
== NULL
) {
4516 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4524 sav
->lft_c
->sadb_lifetime_len
=
4525 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
4526 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
4527 sav
->lft_c
->sadb_lifetime_allocations
= 0;
4528 sav
->lft_c
->sadb_lifetime_bytes
= 0;
4529 sav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
4530 sav
->lft_c
->sadb_lifetime_usetime
= 0;
4532 /* lifetimes for HARD and SOFT */
4533 sav
->lft_h
= (__typeof__(sav
->lft_h
))key_newbuf(lifetime_hard
,
4534 sizeof(*lifetime_hard
));
4535 if (sav
->lft_h
== NULL
) {
4536 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4540 sav
->lft_s
= (__typeof__(sav
->lft_s
))key_newbuf(lifetime_soft
,
4541 sizeof(*lifetime_soft
));
4542 if (sav
->lft_s
== NULL
) {
4543 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
4551 /* initialization */
4552 if (sav
->replay
!= NULL
) {
4553 keydb_delsecreplay(sav
->replay
);
4556 if (sav
->key_auth
!= NULL
) {
4557 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
4558 KFREE(sav
->key_auth
);
4559 sav
->key_auth
= NULL
;
4561 if (sav
->key_enc
!= NULL
) {
4562 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
4563 KFREE(sav
->key_enc
);
4564 sav
->key_enc
= NULL
;
4567 bzero(sav
->sched
, sav
->schedlen
);
4571 if (sav
->iv
!= NULL
) {
4575 if (sav
->lft_c
!= NULL
) {
4579 if (sav
->lft_h
!= NULL
) {
4583 if (sav
->lft_s
!= NULL
) {
4592 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
4598 struct secasvar
*sav
)
4601 int checkmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4602 int mustmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4606 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4608 /* check SPI value */
4609 switch (sav
->sah
->saidx
.proto
) {
4613 /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
4614 if (ntohl(sav
->spi
) <= 255) {
4615 ipseclog((LOG_DEBUG
,
4616 "key_mature: illegal range of SPI %u.\n",
4617 (u_int32_t
)ntohl(sav
->spi
)));
4624 switch (sav
->sah
->saidx
.proto
) {
4627 if ((sav
->flags
& SADB_X_EXT_OLD
)
4628 && (sav
->flags
& SADB_X_EXT_DERIV
)) {
4629 ipseclog((LOG_DEBUG
, "key_mature: "
4630 "invalid flag (derived) given to old-esp.\n"));
4633 if (sav
->alg_auth
== SADB_AALG_NONE
)
4641 if (sav
->flags
& SADB_X_EXT_DERIV
) {
4642 ipseclog((LOG_DEBUG
, "key_mature: "
4643 "invalid flag (derived) given to AH SA.\n"));
4646 if (sav
->alg_enc
!= SADB_EALG_NONE
) {
4647 ipseclog((LOG_DEBUG
, "key_mature: "
4648 "protocol and algorithm mismated.\n"));
4654 case IPPROTO_IPCOMP
:
4655 if (sav
->alg_auth
!= SADB_AALG_NONE
) {
4656 ipseclog((LOG_DEBUG
, "key_mature: "
4657 "protocol and algorithm mismated.\n"));
4660 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0
4661 && ntohl(sav
->spi
) >= 0x10000) {
4662 ipseclog((LOG_DEBUG
, "key_mature: invalid cpi for IPComp.\n"));
4669 ipseclog((LOG_DEBUG
, "key_mature: Invalid satype.\n"));
4670 return EPROTONOSUPPORT
;
4673 /* check authentication algorithm */
4674 if ((checkmask
& 2) != 0) {
4675 const struct ah_algorithm
*algo
;
4678 algo
= ah_algorithm_lookup(sav
->alg_auth
);
4680 ipseclog((LOG_DEBUG
,"key_mature: "
4681 "unknown authentication algorithm.\n"));
4685 /* algorithm-dependent check */
4687 keylen
= sav
->key_auth
->sadb_key_bits
;
4690 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
4691 ipseclog((LOG_DEBUG
,
4692 "key_mature: invalid AH key length %d "
4693 "(%d-%d allowed)\n",
4694 keylen
, algo
->keymin
, algo
->keymax
));
4699 if ((*algo
->mature
)(sav
)) {
4700 /* message generated in per-algorithm function*/
4703 mature
= SADB_SATYPE_AH
;
4706 if ((mustmask
& 2) != 0 && mature
!= SADB_SATYPE_AH
) {
4707 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for AH\n"));
4712 /* check encryption algorithm */
4713 if ((checkmask
& 1) != 0) {
4715 const struct esp_algorithm
*algo
;
4718 algo
= esp_algorithm_lookup(sav
->alg_enc
);
4720 ipseclog((LOG_DEBUG
, "key_mature: unknown encryption algorithm.\n"));
4724 /* algorithm-dependent check */
4726 keylen
= sav
->key_enc
->sadb_key_bits
;
4729 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
4730 ipseclog((LOG_DEBUG
,
4731 "key_mature: invalid ESP key length %d "
4732 "(%d-%d allowed)\n",
4733 keylen
, algo
->keymin
, algo
->keymax
));
4738 if ((*algo
->mature
)(sav
)) {
4739 /* message generated in per-algorithm function*/
4742 mature
= SADB_SATYPE_ESP
;
4745 if ((mustmask
& 1) != 0 && mature
!= SADB_SATYPE_ESP
) {
4746 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for ESP\n"));
4750 ipseclog((LOG_DEBUG
, "key_mature: ESP not supported in this configuration\n"));
4755 /* check compression algorithm */
4756 if ((checkmask
& 4) != 0) {
4757 const struct ipcomp_algorithm
*algo
;
4759 /* algorithm-dependent check */
4760 algo
= ipcomp_algorithm_lookup(sav
->alg_enc
);
4762 ipseclog((LOG_DEBUG
, "key_mature: unknown compression algorithm.\n"));
4767 key_sa_chgstate(sav
, SADB_SASTATE_MATURE
);
4773 * subroutine for SADB_GET and SADB_DUMP.
4775 static struct mbuf
*
4777 struct secasvar
*sav
,
4783 struct mbuf
*result
= NULL
, *tres
= NULL
, *m
;
4788 SADB_EXT_SA
, SADB_X_EXT_SA2
,
4789 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
4790 SADB_EXT_LIFETIME_CURRENT
, SADB_EXT_ADDRESS_SRC
,
4791 SADB_EXT_ADDRESS_DST
, SADB_EXT_ADDRESS_PROXY
, SADB_EXT_KEY_AUTH
,
4792 SADB_EXT_KEY_ENCRYPT
, SADB_EXT_IDENTITY_SRC
,
4793 SADB_EXT_IDENTITY_DST
, SADB_EXT_SENSITIVITY
,
4796 m
= key_setsadbmsg(type
, 0, satype
, seq
, pid
, sav
->refcnt
);
4801 for (i
= sizeof(dumporder
)/sizeof(dumporder
[0]) - 1; i
>= 0; i
--) {
4804 switch (dumporder
[i
]) {
4806 m
= key_setsadbsa(sav
);
4811 case SADB_X_EXT_SA2
:
4812 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
4813 sav
->replay
? sav
->replay
->count
: 0,
4814 sav
->sah
->saidx
.reqid
,
4820 case SADB_EXT_ADDRESS_SRC
:
4821 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
4822 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
4823 FULLMASK
, IPSEC_ULPROTO_ANY
);
4828 case SADB_EXT_ADDRESS_DST
:
4829 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
4830 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
4831 FULLMASK
, IPSEC_ULPROTO_ANY
);
4836 case SADB_EXT_KEY_AUTH
:
4839 l
= PFKEY_UNUNIT64(sav
->key_auth
->sadb_key_len
);
4843 case SADB_EXT_KEY_ENCRYPT
:
4846 l
= PFKEY_UNUNIT64(sav
->key_enc
->sadb_key_len
);
4850 case SADB_EXT_LIFETIME_CURRENT
:
4853 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_c
)->sadb_ext_len
);
4857 case SADB_EXT_LIFETIME_HARD
:
4860 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_h
)->sadb_ext_len
);
4864 case SADB_EXT_LIFETIME_SOFT
:
4867 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_s
)->sadb_ext_len
);
4871 case SADB_EXT_ADDRESS_PROXY
:
4872 case SADB_EXT_IDENTITY_SRC
:
4873 case SADB_EXT_IDENTITY_DST
:
4874 /* XXX: should we brought from SPD ? */
4875 case SADB_EXT_SENSITIVITY
:
4880 if ((!m
&& !p
) || (m
&& p
))
4883 M_PREPEND(tres
, l
, M_WAITOK
, 1);
4886 bcopy(p
, mtod(tres
, caddr_t
), l
);
4890 m
= key_alloc_mbuf(l
);
4893 m_copyback(m
, 0, l
, p
);
4901 m_cat(result
, tres
);
4903 if (sav
->sah
&& (sav
->sah
->outgoing_if
|| sav
->sah
->ipsec_if
)) {
4904 m
= key_setsadbipsecif(NULL
, ifindex2ifnet
[sav
->sah
->outgoing_if
], sav
->sah
->ipsec_if
, 0);
4910 if (result
->m_len
< sizeof(struct sadb_msg
)) {
4911 result
= m_pullup(result
, sizeof(struct sadb_msg
));
4916 result
->m_pkthdr
.len
= 0;
4917 for (m
= result
; m
; m
= m
->m_next
)
4918 result
->m_pkthdr
.len
+= m
->m_len
;
4920 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
4921 PFKEY_UNIT64(result
->m_pkthdr
.len
);
4932 * set data into sadb_msg.
4934 static struct mbuf
*
4947 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
4950 MGETHDR(m
, M_DONTWAIT
, MT_DATA
);
4951 if (m
&& len
> MHLEN
) {
4952 MCLGET(m
, M_DONTWAIT
);
4953 if ((m
->m_flags
& M_EXT
) == 0) {
4960 m
->m_pkthdr
.len
= m
->m_len
= len
;
4963 p
= mtod(m
, struct sadb_msg
*);
4966 p
->sadb_msg_version
= PF_KEY_V2
;
4967 p
->sadb_msg_type
= type
;
4968 p
->sadb_msg_errno
= 0;
4969 p
->sadb_msg_satype
= satype
;
4970 p
->sadb_msg_len
= PFKEY_UNIT64(tlen
);
4971 p
->sadb_msg_reserved
= reserved
;
4972 p
->sadb_msg_seq
= seq
;
4973 p
->sadb_msg_pid
= (u_int32_t
)pid
;
4979 * copy secasvar data into sadb_address.
4981 static struct mbuf
*
4983 struct secasvar
*sav
)
4989 len
= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4990 m
= key_alloc_mbuf(len
);
4991 if (!m
|| m
->m_next
) { /*XXX*/
4997 p
= mtod(m
, struct sadb_sa
*);
5000 p
->sadb_sa_len
= PFKEY_UNIT64(len
);
5001 p
->sadb_sa_exttype
= SADB_EXT_SA
;
5002 p
->sadb_sa_spi
= sav
->spi
;
5003 p
->sadb_sa_replay
= (sav
->replay
!= NULL
? sav
->replay
->wsize
: 0);
5004 p
->sadb_sa_state
= sav
->state
;
5005 p
->sadb_sa_auth
= sav
->alg_auth
;
5006 p
->sadb_sa_encrypt
= sav
->alg_enc
;
5007 p
->sadb_sa_flags
= sav
->flags
;
5013 * set data into sadb_address.
5015 static struct mbuf
*
5018 struct sockaddr
*saddr
,
5023 struct sadb_address
*p
;
5026 len
= PFKEY_ALIGN8(sizeof(struct sadb_address
)) +
5027 PFKEY_ALIGN8(saddr
->sa_len
);
5028 m
= key_alloc_mbuf(len
);
5029 if (!m
|| m
->m_next
) { /*XXX*/
5035 p
= mtod(m
, struct sadb_address
*);
5038 p
->sadb_address_len
= PFKEY_UNIT64(len
);
5039 p
->sadb_address_exttype
= exttype
;
5040 p
->sadb_address_proto
= ul_proto
;
5041 if (prefixlen
== FULLMASK
) {
5042 switch (saddr
->sa_family
) {
5044 prefixlen
= sizeof(struct in_addr
) << 3;
5047 prefixlen
= sizeof(struct in6_addr
) << 3;
5053 p
->sadb_address_prefixlen
= prefixlen
;
5054 p
->sadb_address_reserved
= 0;
5057 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_address
)),
5063 static struct mbuf
*
5064 key_setsadbipsecif(ifnet_t internal_if
,
5065 ifnet_t outgoing_if
,
5070 struct sadb_x_ipsecif
*p
;
5073 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_ipsecif
));
5074 m
= key_alloc_mbuf(len
);
5075 if (!m
|| m
->m_next
) { /*XXX*/
5081 p
= mtod(m
, struct sadb_x_ipsecif
*);
5084 p
->sadb_x_ipsecif_len
= PFKEY_UNIT64(len
);
5085 p
->sadb_x_ipsecif_exttype
= SADB_X_EXT_IPSECIF
;
5087 if (internal_if
&& internal_if
->if_xname
)
5088 strlcpy(p
->sadb_x_ipsecif_internal_if
, internal_if
->if_xname
, IFXNAMSIZ
);
5089 if (outgoing_if
&& outgoing_if
->if_xname
)
5090 strlcpy(p
->sadb_x_ipsecif_outgoing_if
, outgoing_if
->if_xname
, IFXNAMSIZ
);
5091 if (ipsec_if
&& ipsec_if
->if_xname
)
5092 strlcpy(p
->sadb_x_ipsecif_ipsec_if
, ipsec_if
->if_xname
, IFXNAMSIZ
);
5094 p
->sadb_x_ipsecif_init_disabled
= init_disabled
;
5100 * set data into sadb_session_id
5102 static struct mbuf
*
5103 key_setsadbsession_id (u_int64_t session_ids
[])
5106 struct sadb_session_id
*p
;
5109 len
= PFKEY_ALIGN8(sizeof(*p
));
5110 m
= key_alloc_mbuf(len
);
5111 if (!m
|| m
->m_next
) { /*XXX*/
5117 p
= mtod(m
, __typeof__(p
));
5120 p
->sadb_session_id_len
= PFKEY_UNIT64(len
);
5121 p
->sadb_session_id_exttype
= SADB_EXT_SESSION_ID
;
5122 p
->sadb_session_id_v
[0] = session_ids
[0];
5123 p
->sadb_session_id_v
[1] = session_ids
[1];
5129 * copy stats data into sadb_sastat type.
5131 static struct mbuf
*
5132 key_setsadbsastat (u_int32_t dir
,
5133 struct sastat
*stats
,
5134 u_int32_t max_stats
)
5137 struct sadb_sastat
*p
;
5144 list_len
= sizeof(*stats
) * max_stats
;
5145 len
= PFKEY_ALIGN8(sizeof(*p
)) + PFKEY_ALIGN8(list_len
);
5146 m
= key_alloc_mbuf(len
);
5147 if (!m
|| m
->m_next
) { /*XXX*/
5153 p
= mtod(m
, __typeof__(p
));
5156 p
->sadb_sastat_len
= PFKEY_UNIT64(len
);
5157 p
->sadb_sastat_exttype
= SADB_EXT_SASTAT
;
5158 p
->sadb_sastat_dir
= dir
;
5159 p
->sadb_sastat_list_len
= max_stats
;
5162 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(*p
)),
5171 * set data into sadb_ident.
5173 static struct mbuf
*
5182 struct sadb_ident
*p
;
5185 len
= PFKEY_ALIGN8(sizeof(struct sadb_ident
)) + PFKEY_ALIGN8(stringlen
);
5186 m
= key_alloc_mbuf(len
);
5187 if (!m
|| m
->m_next
) { /*XXX*/
5193 p
= mtod(m
, struct sadb_ident
*);
5196 p
->sadb_ident_len
= PFKEY_UNIT64(len
);
5197 p
->sadb_ident_exttype
= exttype
;
5198 p
->sadb_ident_type
= idtype
;
5199 p
->sadb_ident_reserved
= 0;
5200 p
->sadb_ident_id
= id
;
5203 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_ident
)),
5211 * set data into sadb_x_sa2.
5213 static struct mbuf
*
5221 struct sadb_x_sa2
*p
;
5224 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_sa2
));
5225 m
= key_alloc_mbuf(len
);
5226 if (!m
|| m
->m_next
) { /*XXX*/
5232 p
= mtod(m
, struct sadb_x_sa2
*);
5235 p
->sadb_x_sa2_len
= PFKEY_UNIT64(len
);
5236 p
->sadb_x_sa2_exttype
= SADB_X_EXT_SA2
;
5237 p
->sadb_x_sa2_mode
= mode
;
5238 p
->sadb_x_sa2_reserved1
= 0;
5239 p
->sadb_x_sa2_reserved2
= 0;
5240 p
->sadb_x_sa2_sequence
= seq
;
5241 p
->sadb_x_sa2_reqid
= reqid
;
5242 p
->sadb_x_sa2_flags
= flags
;
5248 * set data into sadb_x_policy
5250 static struct mbuf
*
5257 struct sadb_x_policy
*p
;
5260 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_policy
));
5261 m
= key_alloc_mbuf(len
);
5262 if (!m
|| m
->m_next
) { /*XXX*/
5268 p
= mtod(m
, struct sadb_x_policy
*);
5271 p
->sadb_x_policy_len
= PFKEY_UNIT64(len
);
5272 p
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
5273 p
->sadb_x_policy_type
= type
;
5274 p
->sadb_x_policy_dir
= dir
;
5275 p
->sadb_x_policy_id
= id
;
5282 * copy a buffer into the new buffer allocated.
5291 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
5292 KMALLOC_NOWAIT(new, caddr_t
, len
);
5294 lck_mtx_unlock(sadb_mutex
);
5295 KMALLOC_WAIT(new, caddr_t
, len
);
5296 lck_mtx_lock(sadb_mutex
);
5298 ipseclog((LOG_DEBUG
, "key_newbuf: No more memory.\n"));
5302 bcopy(src
, new, len
);
5307 /* compare my own address
5308 * OUT: 1: true, i.e. my address.
5313 struct sockaddr
*sa
)
5316 struct sockaddr_in
*sin
;
5317 struct in_ifaddr
*ia
;
5322 panic("key_ismyaddr: NULL pointer is passed.\n");
5324 switch (sa
->sa_family
) {
5327 lck_rw_lock_shared(in_ifaddr_rwlock
);
5328 sin
= (struct sockaddr_in
*)(void *)sa
;
5329 for (ia
= in_ifaddrhead
.tqh_first
; ia
;
5330 ia
= ia
->ia_link
.tqe_next
) {
5331 IFA_LOCK_SPIN(&ia
->ia_ifa
);
5332 if (sin
->sin_family
== ia
->ia_addr
.sin_family
&&
5333 sin
->sin_len
== ia
->ia_addr
.sin_len
&&
5334 sin
->sin_addr
.s_addr
== ia
->ia_addr
.sin_addr
.s_addr
)
5336 IFA_UNLOCK(&ia
->ia_ifa
);
5337 lck_rw_done(in_ifaddr_rwlock
);
5340 IFA_UNLOCK(&ia
->ia_ifa
);
5342 lck_rw_done(in_ifaddr_rwlock
);
5347 return key_ismyaddr6((struct sockaddr_in6
*)(void *)sa
);
5356 * compare my own address for IPv6.
5359 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
5361 #include <netinet6/in6_var.h>
5365 struct sockaddr_in6
*sin6
)
5367 struct in6_ifaddr
*ia
;
5368 struct in6_multi
*in6m
;
5370 lck_rw_lock_shared(&in6_ifaddr_rwlock
);
5371 for (ia
= in6_ifaddrs
; ia
; ia
= ia
->ia_next
) {
5372 IFA_LOCK(&ia
->ia_ifa
);
5373 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
5374 (struct sockaddr
*)&ia
->ia_addr
, 0) == 0) {
5375 IFA_UNLOCK(&ia
->ia_ifa
);
5376 lck_rw_done(&in6_ifaddr_rwlock
);
5379 IFA_UNLOCK(&ia
->ia_ifa
);
5383 * XXX why do we care about multlicast here while we don't care
5384 * about IPv4 multicast??
5388 in6_multihead_lock_shared();
5389 IN6_LOOKUP_MULTI(&sin6
->sin6_addr
, ia
->ia_ifp
, in6m
);
5390 in6_multihead_lock_done();
5392 lck_rw_done(&in6_ifaddr_rwlock
);
5397 lck_rw_done(&in6_ifaddr_rwlock
);
5399 /* loopback, just for safety */
5400 if (IN6_IS_ADDR_LOOPBACK(&sin6
->sin6_addr
))
5408 * compare two secasindex structure.
5409 * flag can specify to compare 2 saidxes.
5410 * compare two secasindex structure without both mode and reqid.
5411 * don't compare port.
5413 * saidx0: source, it can be in SAD.
5421 struct secasindex
*saidx0
,
5422 struct secasindex
*saidx1
,
5426 if (saidx0
== NULL
&& saidx1
== NULL
)
5429 if (saidx0
== NULL
|| saidx1
== NULL
)
5432 if (saidx0
->ipsec_ifindex
!= 0 && saidx0
->ipsec_ifindex
!= saidx1
->ipsec_ifindex
)
5435 if (saidx0
->proto
!= saidx1
->proto
)
5438 if (flag
== CMP_EXACTLY
) {
5439 if (saidx0
->mode
!= saidx1
->mode
)
5441 if (saidx0
->reqid
!= saidx1
->reqid
)
5443 if (bcmp(&saidx0
->src
, &saidx1
->src
, saidx0
->src
.ss_len
) != 0 ||
5444 bcmp(&saidx0
->dst
, &saidx1
->dst
, saidx0
->dst
.ss_len
) != 0)
5448 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
5449 if (flag
& CMP_REQID
) {
5451 * If reqid of SPD is non-zero, unique SA is required.
5452 * The result must be of same reqid in this case.
5454 if (saidx1
->reqid
!= 0 && saidx0
->reqid
!= saidx1
->reqid
)
5458 if (flag
& CMP_MODE
) {
5459 if (saidx0
->mode
!= IPSEC_MODE_ANY
5460 && saidx0
->mode
!= saidx1
->mode
)
5464 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->src
,
5465 (struct sockaddr
*)&saidx1
->src
, flag
& CMP_PORT
? 1 : 0) != 0) {
5468 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->dst
,
5469 (struct sockaddr
*)&saidx1
->dst
, flag
& CMP_PORT
? 1 : 0) != 0) {
5478 * compare two secindex structure exactly.
5480 * spidx0: source, it is often in SPD.
5481 * spidx1: object, it is often from PFKEY message.
5487 key_cmpspidx_exactly(
5488 struct secpolicyindex
*spidx0
,
5489 struct secpolicyindex
*spidx1
)
5492 if (spidx0
== NULL
&& spidx1
== NULL
)
5495 if (spidx0
== NULL
|| spidx1
== NULL
)
5498 if (spidx0
->prefs
!= spidx1
->prefs
5499 || spidx0
->prefd
!= spidx1
->prefd
5500 || spidx0
->ul_proto
!= spidx1
->ul_proto
5501 || spidx0
->internal_if
!= spidx1
->internal_if
)
5504 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src
,
5505 (struct sockaddr
*)&spidx1
->src
, 1) != 0) {
5508 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst
,
5509 (struct sockaddr
*)&spidx1
->dst
, 1) != 0) {
5513 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src_range
.start
,
5514 (struct sockaddr
*)&spidx1
->src_range
.start
, 1) != 0) {
5517 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src_range
.end
,
5518 (struct sockaddr
*)&spidx1
->src_range
.end
, 1) != 0) {
5521 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst_range
.start
,
5522 (struct sockaddr
*)&spidx1
->dst_range
.start
, 1) != 0) {
5525 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst_range
.end
,
5526 (struct sockaddr
*)&spidx1
->dst_range
.end
, 1) != 0) {
5534 * compare two secindex structure with mask.
5536 * spidx0: source, it is often in SPD.
5537 * spidx1: object, it is often from IP header.
5543 key_cmpspidx_withmask(
5544 struct secpolicyindex
*spidx0
,
5545 struct secpolicyindex
*spidx1
)
5547 int spidx0_src_is_range
= 0;
5548 int spidx0_dst_is_range
= 0;
5551 if (spidx0
== NULL
&& spidx1
== NULL
)
5554 if (spidx0
== NULL
|| spidx1
== NULL
)
5557 if (spidx0
->src_range
.start
.ss_len
> 0)
5558 spidx0_src_is_range
= 1;
5560 if (spidx0
->dst_range
.start
.ss_len
> 0)
5561 spidx0_dst_is_range
= 1;
5563 if ((spidx0_src_is_range
? spidx0
->src_range
.start
.ss_family
: spidx0
->src
.ss_family
) != spidx1
->src
.ss_family
||
5564 (spidx0_dst_is_range
? spidx0
->dst_range
.start
.ss_family
: spidx0
->dst
.ss_family
) != spidx1
->dst
.ss_family
||
5565 (spidx0_src_is_range
? spidx0
->src_range
.start
.ss_len
: spidx0
->src
.ss_len
) != spidx1
->src
.ss_len
||
5566 (spidx0_dst_is_range
? spidx0
->dst_range
.start
.ss_len
: spidx0
->dst
.ss_len
) != spidx1
->dst
.ss_len
)
5569 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
5570 if (spidx0
->ul_proto
!= (u_int16_t
)IPSEC_ULPROTO_ANY
5571 && spidx0
->ul_proto
!= spidx1
->ul_proto
)
5574 /* If spidx1 specifies interface, ignore src addr */
5575 if (spidx1
->internal_if
!= NULL
) {
5576 if (spidx0
->internal_if
== NULL
5577 || spidx0
->internal_if
!= spidx1
->internal_if
)
5580 /* Still check ports */
5581 switch (spidx0
->src
.ss_family
) {
5583 if (spidx0_src_is_range
&&
5584 (satosin(&spidx1
->src
)->sin_port
< satosin(&spidx0
->src_range
.start
)->sin_port
5585 || satosin(&spidx1
->src
)->sin_port
> satosin(&spidx0
->src_range
.end
)->sin_port
))
5587 else if (satosin(&spidx0
->src
)->sin_port
!= IPSEC_PORT_ANY
5588 && satosin(&spidx0
->src
)->sin_port
!=
5589 satosin(&spidx1
->src
)->sin_port
)
5593 if (spidx0_src_is_range
&&
5594 (satosin6(&spidx1
->src
)->sin6_port
< satosin6(&spidx0
->src_range
.start
)->sin6_port
5595 || satosin6(&spidx1
->src
)->sin6_port
> satosin6(&spidx0
->src_range
.end
)->sin6_port
))
5597 else if (satosin6(&spidx0
->src
)->sin6_port
!= IPSEC_PORT_ANY
5598 && satosin6(&spidx0
->src
)->sin6_port
!=
5599 satosin6(&spidx1
->src
)->sin6_port
)
5605 } else if (spidx0_src_is_range
) {
5606 if (!key_is_addr_in_range(&spidx1
->src
, &spidx0
->src_range
))
5609 switch (spidx0
->src
.ss_family
) {
5611 if (satosin(&spidx0
->src
)->sin_port
!= IPSEC_PORT_ANY
5612 && satosin(&spidx0
->src
)->sin_port
!=
5613 satosin(&spidx1
->src
)->sin_port
)
5615 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->src
)->sin_addr
,
5616 (caddr_t
)&satosin(&spidx1
->src
)->sin_addr
, spidx0
->prefs
))
5620 if (satosin6(&spidx0
->src
)->sin6_port
!= IPSEC_PORT_ANY
5621 && satosin6(&spidx0
->src
)->sin6_port
!=
5622 satosin6(&spidx1
->src
)->sin6_port
)
5625 * scope_id check. if sin6_scope_id is 0, we regard it
5626 * as a wildcard scope, which matches any scope zone ID.
5628 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
5629 satosin6(&spidx1
->src
)->sin6_scope_id
&&
5630 satosin6(&spidx0
->src
)->sin6_scope_id
!=
5631 satosin6(&spidx1
->src
)->sin6_scope_id
)
5633 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->src
)->sin6_addr
,
5634 (caddr_t
)&satosin6(&spidx1
->src
)->sin6_addr
, spidx0
->prefs
))
5639 if (bcmp(&spidx0
->src
, &spidx1
->src
, spidx0
->src
.ss_len
) != 0)
5645 if (spidx0_dst_is_range
) {
5646 if (!key_is_addr_in_range(&spidx1
->dst
, &spidx0
->dst_range
))
5649 switch (spidx0
->dst
.ss_family
) {
5651 if (satosin(&spidx0
->dst
)->sin_port
!= IPSEC_PORT_ANY
5652 && satosin(&spidx0
->dst
)->sin_port
!=
5653 satosin(&spidx1
->dst
)->sin_port
)
5655 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->dst
)->sin_addr
,
5656 (caddr_t
)&satosin(&spidx1
->dst
)->sin_addr
, spidx0
->prefd
))
5660 if (satosin6(&spidx0
->dst
)->sin6_port
!= IPSEC_PORT_ANY
5661 && satosin6(&spidx0
->dst
)->sin6_port
!=
5662 satosin6(&spidx1
->dst
)->sin6_port
)
5665 * scope_id check. if sin6_scope_id is 0, we regard it
5666 * as a wildcard scope, which matches any scope zone ID.
5668 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
5669 satosin6(&spidx1
->src
)->sin6_scope_id
&&
5670 satosin6(&spidx0
->dst
)->sin6_scope_id
!=
5671 satosin6(&spidx1
->dst
)->sin6_scope_id
)
5673 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->dst
)->sin6_addr
,
5674 (caddr_t
)&satosin6(&spidx1
->dst
)->sin6_addr
, spidx0
->prefd
))
5679 if (bcmp(&spidx0
->dst
, &spidx1
->dst
, spidx0
->dst
.ss_len
) != 0)
5685 /* XXX Do we check other field ? e.g. flowinfo */
5691 key_is_addr_in_range(struct sockaddr_storage
*addr
, struct secpolicyaddrrange
*addr_range
)
5695 if (addr
== NULL
|| addr_range
== NULL
)
5698 /* Must be greater than or equal to start */
5699 cmp
= key_sockaddrcmp((struct sockaddr
*)addr
, (struct sockaddr
*)&addr_range
->start
, 1);
5700 if (cmp
!= 0 && cmp
!= 1)
5703 /* Must be less than or equal to end */
5704 cmp
= key_sockaddrcmp((struct sockaddr
*)addr
, (struct sockaddr
*)&addr_range
->end
, 1);
5705 if (cmp
!= 0 && cmp
!= -1)
5716 2: Not comparable or error
5720 struct sockaddr
*sa1
,
5721 struct sockaddr
*sa2
,
5725 int port_result
= 0;
5727 if (sa1
->sa_family
!= sa2
->sa_family
|| sa1
->sa_len
!= sa2
->sa_len
)
5730 if (sa1
->sa_len
== 0)
5733 switch (sa1
->sa_family
) {
5735 if (sa1
->sa_len
!= sizeof(struct sockaddr_in
))
5738 result
= memcmp(&satosin(sa1
)->sin_addr
.s_addr
, &satosin(sa2
)->sin_addr
.s_addr
, sizeof(satosin(sa1
)->sin_addr
.s_addr
));
5741 if (satosin(sa1
)->sin_port
< satosin(sa2
)->sin_port
) {
5743 } else if (satosin(sa1
)->sin_port
> satosin(sa2
)->sin_port
) {
5748 result
= port_result
;
5749 else if ((result
> 0 && port_result
< 0) || (result
< 0 && port_result
> 0))
5755 if (sa1
->sa_len
!= sizeof(struct sockaddr_in6
))
5756 return 2; /*EINVAL*/
5758 if (satosin6(sa1
)->sin6_scope_id
!=
5759 satosin6(sa2
)->sin6_scope_id
) {
5763 result
= memcmp(&satosin6(sa1
)->sin6_addr
.s6_addr
[0], &satosin6(sa2
)->sin6_addr
.s6_addr
[0], sizeof(struct in6_addr
));
5766 if (satosin6(sa1
)->sin6_port
< satosin6(sa2
)->sin6_port
) {
5768 } else if (satosin6(sa1
)->sin6_port
> satosin6(sa2
)->sin6_port
) {
5773 result
= port_result
;
5774 else if ((result
> 0 && port_result
< 0) || (result
< 0 && port_result
> 0))
5780 result
= memcmp(sa1
, sa2
, sa1
->sa_len
);
5784 if (result
< 0) result
= -1;
5785 else if (result
> 0) result
= 1;
5791 * compare two buffers with mask.
5795 * bits: Number of bits to compare
5808 /* XXX: This could be considerably faster if we compare a word
5809 * at a time, but it is complicated on LSB Endian machines */
5811 /* Handle null pointers */
5812 if (p1
== NULL
|| p2
== NULL
)
5822 mask
= ~((1<<(8-bits
))-1);
5823 if ((*p1
& mask
) != (*p2
& mask
))
5826 return 1; /* Match! */
5831 * scanning SPD and SAD to check status for each entries,
5832 * and do to remove or to expire.
5833 * XXX: year 2038 problem may remain.
5835 int key_timehandler_debug
= 0;
5836 u_int32_t spd_count
= 0, sah_count
= 0, dead_sah_count
= 0, empty_sah_count
= 0, larval_sav_count
= 0, mature_sav_count
= 0, dying_sav_count
= 0, dead_sav_count
= 0;
5837 u_int64_t total_sav_count
= 0;
5839 key_timehandler(void)
5843 struct secpolicy
**spbuf
= NULL
, **spptr
= NULL
;
5844 struct secasvar
**savexbuf
= NULL
, **savexptr
= NULL
;
5845 struct secasvar
**savkabuf
= NULL
, **savkaptr
= NULL
;
5846 int spbufcount
= 0, savbufcount
= 0, spcount
= 0, savexcount
= 0, savkacount
= 0, cnt
;
5847 int stop_handler
= 1; /* stop the timehandler */
5851 /* pre-allocate buffers before taking the lock */
5852 /* if allocation failures occur - portions of the processing will be skipped */
5853 if ((spbufcount
= ipsec_policy_count
) != 0) {
5855 KMALLOC_WAIT(spbuf
, struct secpolicy
**, spbufcount
* sizeof(struct secpolicy
*));
5859 if ((savbufcount
= ipsec_sav_count
) != 0) {
5861 KMALLOC_WAIT(savexbuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
5863 savexptr
= savexbuf
;
5864 KMALLOC_WAIT(savkabuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
5866 savkaptr
= savkabuf
;
5868 lck_mtx_lock(sadb_mutex
);
5872 struct secpolicy
*sp
, *nextsp
;
5874 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
5875 for (sp
= LIST_FIRST(&sptree
[dir
]);
5879 /* don't prevent timehandler from stopping for generate policy */
5880 if (sp
->policy
!= IPSEC_POLICY_GENERATE
)
5883 nextsp
= LIST_NEXT(sp
, chain
);
5885 if (sp
->state
== IPSEC_SPSTATE_DEAD
) {
5886 key_freesp(sp
, KEY_SADB_LOCKED
);
5890 if (sp
->lifetime
== 0 && sp
->validtime
== 0)
5892 if (spbuf
&& spcount
< spbufcount
) {
5893 /* the deletion will occur next time */
5895 && tv
.tv_sec
- sp
->created
> sp
->lifetime
)
5897 && tv
.tv_sec
- sp
->lastused
> sp
->validtime
)) {
5898 //key_spdexpire(sp);
5899 sp
->state
= IPSEC_SPSTATE_DEAD
;
5911 struct secashead
*sah
, *nextsah
;
5912 struct secasvar
*sav
, *nextsav
;
5914 for (sah
= LIST_FIRST(&sahtree
);
5919 nextsah
= LIST_NEXT(sah
, chain
);
5921 /* if sah has been dead, then delete it and process next sah. */
5922 if (sah
->state
== SADB_SASTATE_DEAD
) {
5928 if (LIST_FIRST(&sah
->savtree
[SADB_SASTATE_LARVAL
]) == NULL
&&
5929 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]) == NULL
&&
5930 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DYING
]) == NULL
&&
5931 LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DEAD
]) == NULL
) {
5937 if (savbufcount
== 0) {
5943 /* if LARVAL entry doesn't become MATURE, delete it. */
5944 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_LARVAL
]);
5950 nextsav
= LIST_NEXT(sav
, chain
);
5952 if (sav
->lft_h
!= NULL
) {
5953 /* If a hard lifetime is defined for the LARVAL SA, use it */
5954 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
5955 && tv
.tv_sec
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
5956 if (sav
->always_expire
) {
5957 key_send_delete(sav
);
5960 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
5961 key_freesav(sav
, KEY_SADB_LOCKED
);
5966 if (tv
.tv_sec
- sav
->created
> key_larval_lifetime
) {
5967 key_freesav(sav
, KEY_SADB_LOCKED
);
5973 * If this is a NAT traversal SA with no activity,
5974 * we need to send a keep alive.
5976 * Performed outside of the loop before so we will
5977 * only ever send one keepalive. The first SA on
5978 * the list is the one that will be used for sending
5979 * traffic, so this is the one we use for determining
5980 * when to send the keepalive.
5982 if (savkabuf
&& savkacount
< savbufcount
) {
5983 sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]); //%%% should we check dying list if this is empty???
5984 if (sav
&& (natt_keepalive_interval
|| sav
->natt_interval
) &&
5985 (sav
->flags
& (SADB_X_EXT_NATT_KEEPALIVE
| SADB_X_EXT_ESP_KEEPALIVE
)) != 0) {
5993 * check MATURE entry to start to send expire message
5996 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]);
6002 nextsav
= LIST_NEXT(sav
, chain
);
6004 /* we don't need to check. */
6005 if (sav
->lft_s
== NULL
)
6009 if (sav
->lft_c
== NULL
) {
6010 ipseclog((LOG_DEBUG
,"key_timehandler: "
6011 "There is no CURRENT time, why?\n"));
6015 /* check SOFT lifetime */
6016 if (sav
->lft_s
->sadb_lifetime_addtime
!= 0
6017 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
6019 * If always_expire is set, expire. Otherwise,
6020 * if the SA has not been used, delete immediately.
6022 if (sav
->lft_c
->sadb_lifetime_usetime
== 0
6023 && sav
->always_expire
== 0) {
6024 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6025 key_freesav(sav
, KEY_SADB_LOCKED
);
6027 } else if (savexbuf
&& savexcount
< savbufcount
) {
6028 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
6035 /* check SOFT lifetime by bytes */
6037 * XXX I don't know the way to delete this SA
6038 * when new SA is installed. Caution when it's
6039 * installed too big lifetime by time.
6041 else if (savexbuf
&& savexcount
< savbufcount
6042 && sav
->lft_s
->sadb_lifetime_bytes
!= 0
6043 && sav
->lft_s
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
6046 * XXX If we keep to send expire
6047 * message in the status of
6048 * DYING. Do remove below code.
6051 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
6058 /* check DYING entry to change status to DEAD. */
6059 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DYING
]);
6065 nextsav
= LIST_NEXT(sav
, chain
);
6067 /* we don't need to check. */
6068 if (sav
->lft_h
== NULL
)
6072 if (sav
->lft_c
== NULL
) {
6073 ipseclog((LOG_DEBUG
, "key_timehandler: "
6074 "There is no CURRENT time, why?\n"));
6078 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
6079 && tv
.tv_sec
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
6080 if (sav
->always_expire
) {
6081 key_send_delete(sav
);
6084 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6085 key_freesav(sav
, KEY_SADB_LOCKED
);
6089 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
6090 else if (savbuf
&& savexcount
< savbufcount
6091 && sav
->lft_s
!= NULL
6092 && sav
->lft_s
->sadb_lifetime_addtime
!= 0
6093 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
6095 * XXX: should be checked to be
6096 * installed the valid SA.
6100 * If there is no SA then sending
6109 /* check HARD lifetime by bytes */
6110 else if (sav
->lft_h
->sadb_lifetime_bytes
!= 0
6111 && sav
->lft_h
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
6112 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6113 key_freesav(sav
, KEY_SADB_LOCKED
);
6118 /* delete entry in DEAD */
6119 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DEAD
]);
6125 nextsav
= LIST_NEXT(sav
, chain
);
6128 if (sav
->state
!= SADB_SASTATE_DEAD
) {
6129 ipseclog((LOG_DEBUG
, "key_timehandler: "
6130 "invalid sav->state "
6131 "(queue: %d SA: %d): "
6133 SADB_SASTATE_DEAD
, sav
->state
));
6137 * do not call key_freesav() here.
6138 * sav should already be freed, and sav->refcnt
6139 * shows other references to sav
6140 * (such as from SPD).
6146 if (++key_timehandler_debug
>= 300) {
6147 if (key_debug_level
) {
6148 printf("%s: total stats for %u calls\n", __FUNCTION__
, key_timehandler_debug
);
6149 printf("%s: walked %u SPDs\n", __FUNCTION__
, spd_count
);
6150 printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__
,
6151 total_sav_count
, larval_sav_count
, mature_sav_count
, dying_sav_count
, dead_sav_count
);
6152 printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__
,
6153 sah_count
, dead_sah_count
, empty_sah_count
);
6154 if (sah_search_calls
) {
6155 printf("%s: SAH search cost %d iters per call\n", __FUNCTION__
,
6156 (sah_search_count
/sah_search_calls
));
6162 empty_sah_count
= 0;
6163 larval_sav_count
= 0;
6164 mature_sav_count
= 0;
6165 dying_sav_count
= 0;
6167 total_sav_count
= 0;
6168 sah_search_count
= 0;
6169 sah_search_calls
= 0;
6170 key_timehandler_debug
= 0;
6172 #ifndef IPSEC_NONBLOCK_ACQUIRE
6175 struct secacq
*acq
, *nextacq
;
6177 for (acq
= LIST_FIRST(&acqtree
);
6182 nextacq
= LIST_NEXT(acq
, chain
);
6184 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
6185 && __LIST_CHAINED(acq
)) {
6186 LIST_REMOVE(acq
, chain
);
6195 struct secspacq
*acq
, *nextacq
;
6197 for (acq
= LIST_FIRST(&spacqtree
);
6202 nextacq
= LIST_NEXT(acq
, chain
);
6204 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
6205 && __LIST_CHAINED(acq
)) {
6206 LIST_REMOVE(acq
, chain
);
6212 /* initialize random seed */
6213 if (key_tick_init_random
++ > key_int_random
) {
6214 key_tick_init_random
= 0;
6218 uint64_t acc_sleep_time
= 0;
6219 absolutetime_to_nanoseconds(mach_absolutetime_asleep
, &acc_sleep_time
);
6220 natt_now
= ++up_time
+ (acc_sleep_time
/ NSEC_PER_SEC
);
6222 lck_mtx_unlock(sadb_mutex
);
6224 /* send messages outside of sadb_mutex */
6225 if (spbuf
&& spcount
> 0) {
6228 key_spdexpire(*(--spptr
));
6230 if (savkabuf
&& savkacount
> 0) {
6231 struct secasvar
**savkaptr_sav
= savkaptr
;
6232 int cnt_send
= savkacount
;
6234 while (cnt_send
--) {
6235 if (ipsec_send_natt_keepalive(*(--savkaptr
))) {
6236 // <rdar://6768487> iterate (all over again) and update timestamps
6237 struct secasvar
**savkaptr_update
= savkaptr_sav
;
6238 int cnt_update
= savkacount
;
6239 while (cnt_update
--) {
6240 key_update_natt_keepalive_timestamp(*savkaptr
,
6241 *(--savkaptr_update
));
6246 if (savexbuf
&& savexcount
> 0) {
6249 key_expire(*(--savexptr
));
6252 /* decrement ref counts and free buffers */
6253 lck_mtx_lock(sadb_mutex
);
6256 key_freesp(*spptr
++, KEY_SADB_LOCKED
);
6260 while (savkacount
--)
6261 key_freesav(*savkaptr
++, KEY_SADB_LOCKED
);
6265 while (savexcount
--)
6266 key_freesav(*savexptr
++, KEY_SADB_LOCKED
);
6271 key_timehandler_running
= 0;
6272 /* Turn on the ipsec bypass */
6275 /* do exchange to tick time !! */
6276 (void)timeout((void *)key_timehandler
, (void *)0, hz
);
6279 lck_mtx_unlock(sadb_mutex
);
6284 * to initialize a seed for random()
6290 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
6297 srandom(tv
.tv_usec
);
6308 key_randomfill(&value
, sizeof(value
));
6319 read_random(p
, (u_int
)l
);
6323 static int warn
= 1;
6326 n
= (size_t)read_random(p
, (u_int
)l
);
6330 bcopy(&v
, (u_int8_t
*)p
+ n
,
6331 l
- n
< sizeof(v
) ? l
- n
: sizeof(v
));
6335 printf("WARNING: pseudo-random number generator "
6336 "used for IPsec processing\n");
6344 * map SADB_SATYPE_* to IPPROTO_*.
6345 * if satype == SADB_SATYPE then satype is mapped to ~0.
6347 * 0: invalid satype.
6354 case SADB_SATYPE_UNSPEC
:
6355 return IPSEC_PROTO_ANY
;
6356 case SADB_SATYPE_AH
:
6358 case SADB_SATYPE_ESP
:
6360 case SADB_X_SATYPE_IPCOMP
:
6361 return IPPROTO_IPCOMP
;
6369 * map IPPROTO_* to SADB_SATYPE_*
6371 * 0: invalid protocol type.
6379 return SADB_SATYPE_AH
;
6381 return SADB_SATYPE_ESP
;
6382 case IPPROTO_IPCOMP
:
6383 return SADB_X_SATYPE_IPCOMP
;
6391 key_get_ipsec_if_from_message (const struct sadb_msghdr
*mhp
, int message_type
)
6393 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
6394 ifnet_t ipsec_if
= NULL
;
6396 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[message_type
];
6397 if (ipsecifopts
!= NULL
) {
6398 if (ipsecifopts
->sadb_x_ipsecif_ipsec_if
[0]) {
6399 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_ipsec_if
, &ipsec_if
);
6407 key_get_outgoing_ifindex_from_message (const struct sadb_msghdr
*mhp
, int message_type
)
6409 struct sadb_x_ipsecif
*ipsecifopts
= NULL
;
6410 ifnet_t outgoing_if
= NULL
;
6412 ipsecifopts
= (struct sadb_x_ipsecif
*)(void *)mhp
->ext
[message_type
];
6413 if (ipsecifopts
!= NULL
) {
6414 if (ipsecifopts
->sadb_x_ipsecif_outgoing_if
[0]) {
6415 ifnet_find_by_name(ipsecifopts
->sadb_x_ipsecif_outgoing_if
, &outgoing_if
);
6419 return outgoing_if
? outgoing_if
->if_index
: 0;
6424 * SADB_GETSPI processing is to receive
6425 * <base, (SA2), src address, dst address, (SPI range)>
6426 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
6427 * tree with the status of LARVAL, and send
6428 * <base, SA(*), address(SD)>
6431 * IN: mhp: pointer to the pointer to each header.
6432 * OUT: NULL if fail.
6433 * other if success, return pointer to the message to send.
6439 const struct sadb_msghdr
*mhp
)
6441 struct sadb_address
*src0
, *dst0
;
6442 struct secasindex saidx
;
6443 struct secashead
*newsah
;
6444 struct secasvar
*newsav
;
6445 ifnet_t ipsec_if
= NULL
;
6452 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6455 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6456 panic("key_getspi: NULL pointer is passed.\n");
6458 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6459 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
6460 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
6461 return key_senderror(so
, m
, EINVAL
);
6463 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6464 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
6465 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
6466 return key_senderror(so
, m
, EINVAL
);
6468 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
6469 mode
= ((struct sadb_x_sa2
*)
6470 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
6471 reqid
= ((struct sadb_x_sa2
*)
6472 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
6474 mode
= IPSEC_MODE_ANY
;
6478 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
6479 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
6481 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
6483 /* map satype to proto */
6484 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6485 ipseclog((LOG_DEBUG
, "key_getspi: invalid satype is passed.\n"));
6486 return key_senderror(so
, m
, EINVAL
);
6489 /* make sure if port number is zero. */
6490 switch (((struct sockaddr
*)(src0
+ 1))->sa_family
) {
6492 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
6493 sizeof(struct sockaddr_in
))
6494 return key_senderror(so
, m
, EINVAL
);
6495 ((struct sockaddr_in
*)(void *)(src0
+ 1))->sin_port
= 0;
6498 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
6499 sizeof(struct sockaddr_in6
))
6500 return key_senderror(so
, m
, EINVAL
);
6501 ((struct sockaddr_in6
*)(void *)(src0
+ 1))->sin6_port
= 0;
6506 switch (((struct sockaddr
*)(dst0
+ 1))->sa_family
) {
6508 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
6509 sizeof(struct sockaddr_in
))
6510 return key_senderror(so
, m
, EINVAL
);
6511 ((struct sockaddr_in
*)(void *)(dst0
+ 1))->sin_port
= 0;
6514 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
6515 sizeof(struct sockaddr_in6
))
6516 return key_senderror(so
, m
, EINVAL
);
6517 ((struct sockaddr_in6
*)(void *)(dst0
+ 1))->sin6_port
= 0;
6523 /* XXX boundary check against sa_len */
6524 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
6526 lck_mtx_lock(sadb_mutex
);
6528 /* SPI allocation */
6529 spi
= key_do_getnewspi((struct sadb_spirange
*)
6530 (void *)mhp
->ext
[SADB_EXT_SPIRANGE
], &saidx
);
6532 lck_mtx_unlock(sadb_mutex
);
6533 return key_senderror(so
, m
, EINVAL
);
6536 /* get a SA index */
6537 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
6538 /* create a new SA index: key_addspi is always used for inbound spi */
6539 if ((newsah
= key_newsah(&saidx
, ipsec_if
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_IPSECIF
), IPSEC_DIR_INBOUND
)) == NULL
) {
6540 lck_mtx_unlock(sadb_mutex
);
6541 ipseclog((LOG_DEBUG
, "key_getspi: No more memory.\n"));
6542 return key_senderror(so
, m
, ENOBUFS
);
6548 newsav
= key_newsav(m
, mhp
, newsah
, &error
, so
);
6549 if (newsav
== NULL
) {
6550 /* XXX don't free new SA index allocated in above. */
6551 lck_mtx_unlock(sadb_mutex
);
6552 return key_senderror(so
, m
, error
);
6556 key_setspi(newsav
, htonl(spi
));
6558 #ifndef IPSEC_NONBLOCK_ACQUIRE
6559 /* delete the entry in acqtree */
6560 if (mhp
->msg
->sadb_msg_seq
!= 0) {
6562 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) != NULL
) {
6563 /* reset counter in order to deletion by timehandler. */
6566 acq
->created
= tv
.tv_sec
;
6572 lck_mtx_unlock(sadb_mutex
);
6575 struct mbuf
*n
, *nn
;
6576 struct sadb_sa
*m_sa
;
6577 struct sadb_msg
*newmsg
;
6580 /* create new sadb_msg to reply. */
6581 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
)) +
6582 PFKEY_ALIGN8(sizeof(struct sadb_sa
));
6584 return key_senderror(so
, m
, ENOBUFS
);
6586 MGETHDR(n
, M_WAITOK
, MT_DATA
);
6587 if (n
&& len
> MHLEN
) {
6588 MCLGET(n
, M_WAITOK
);
6589 if ((n
->m_flags
& M_EXT
) == 0) {
6595 return key_senderror(so
, m
, ENOBUFS
);
6601 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
6602 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
6604 m_sa
= (struct sadb_sa
*)(void *)(mtod(n
, caddr_t
) + off
);
6605 m_sa
->sadb_sa_len
= PFKEY_UNIT64(sizeof(struct sadb_sa
));
6606 m_sa
->sadb_sa_exttype
= SADB_EXT_SA
;
6607 m_sa
->sadb_sa_spi
= htonl(spi
);
6608 off
+= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
6612 panic("length inconsistency in key_getspi");
6615 int mbufItems
[] = {SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
6616 n
->m_next
= key_gather_mbuf(m
, mhp
, 0, sizeof(mbufItems
)/sizeof(int), mbufItems
);
6619 return key_senderror(so
, m
, ENOBUFS
);
6623 if (n
->m_len
< sizeof(struct sadb_msg
)) {
6624 n
= m_pullup(n
, sizeof(struct sadb_msg
));
6626 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
6629 n
->m_pkthdr
.len
= 0;
6630 for (nn
= n
; nn
; nn
= nn
->m_next
)
6631 n
->m_pkthdr
.len
+= nn
->m_len
;
6633 newmsg
= mtod(n
, struct sadb_msg
*);
6634 newmsg
->sadb_msg_seq
= newsav
->seq
;
6635 newmsg
->sadb_msg_errno
= 0;
6636 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
6639 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
6644 key_getspi2(struct sockaddr
*src
,
6645 struct sockaddr
*dst
,
6649 struct sadb_spirange
*spirange
)
6652 struct secasindex saidx
;
6654 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6656 /* XXX boundary check against sa_len */
6657 KEY_SETSECASIDX(proto
, mode
, reqid
, src
, dst
, 0, &saidx
);
6659 /* make sure if port number is zero. */
6660 switch (((struct sockaddr
*)&saidx
.src
)->sa_family
) {
6662 if (((struct sockaddr
*)&saidx
.src
)->sa_len
!= sizeof(struct sockaddr_in
))
6664 ((struct sockaddr_in
*)&saidx
.src
)->sin_port
= 0;
6667 if (((struct sockaddr
*)&saidx
.src
)->sa_len
!= sizeof(struct sockaddr_in6
))
6669 ((struct sockaddr_in6
*)&saidx
.src
)->sin6_port
= 0;
6674 switch (((struct sockaddr
*)&saidx
.dst
)->sa_family
) {
6676 if (((struct sockaddr
*)&saidx
.dst
)->sa_len
!= sizeof(struct sockaddr_in
))
6678 ((struct sockaddr_in
*)&saidx
.dst
)->sin_port
= 0;
6681 if (((struct sockaddr
*)&saidx
.dst
)->sa_len
!= sizeof(struct sockaddr_in6
))
6683 ((struct sockaddr_in6
*)&saidx
.dst
)->sin6_port
= 0;
6689 lck_mtx_lock(sadb_mutex
);
6691 /* SPI allocation */
6692 spi
= key_do_getnewspi(spirange
, &saidx
);
6694 lck_mtx_unlock(sadb_mutex
);
6700 * allocating new SPI
6701 * called by key_getspi() and key_getspi2().
6708 struct sadb_spirange
*spirange
,
6709 struct secasindex
*saidx
)
6712 u_int32_t keymin
, keymax
;
6713 int count
= key_spi_trycnt
;
6715 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6717 /* set spi range to allocate */
6718 if (spirange
!= NULL
) {
6719 keymin
= spirange
->sadb_spirange_min
;
6720 keymax
= spirange
->sadb_spirange_max
;
6722 keymin
= key_spi_minval
;
6723 keymax
= key_spi_maxval
;
6725 /* IPCOMP needs 2-byte SPI */
6726 if (saidx
->proto
== IPPROTO_IPCOMP
) {
6728 if (keymin
>= 0x10000)
6730 if (keymax
>= 0x10000)
6732 if (keymin
> keymax
) {
6733 t
= keymin
; keymin
= keymax
; keymax
= t
;
6737 if (keymin
== keymax
) {
6738 if (key_checkspidup(saidx
, keymin
) != NULL
) {
6739 ipseclog((LOG_DEBUG
, "key_do_getnewspi: SPI %u exists already.\n", keymin
));
6743 count
--; /* taking one cost. */
6748 u_int32_t range
= keymax
- keymin
+ 1; /* overflow value of zero means full range */
6753 /* when requesting to allocate spi ranged */
6755 u_int32_t rand_val
= key_random();
6757 /* generate pseudo-random SPI value ranged. */
6758 newspi
= (range
== 0 ? rand_val
: keymin
+ (rand_val
% range
));
6760 if (key_checkspidup(saidx
, newspi
) == NULL
)
6764 if (count
== 0 || newspi
== 0) {
6765 ipseclog((LOG_DEBUG
, "key_do_getnewspi: to allocate spi is failed.\n"));
6771 keystat
.getspi_count
=
6772 (keystat
.getspi_count
+ key_spi_trycnt
- count
) / 2;
6778 * SADB_UPDATE processing
6780 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6781 * key(AE), (identity(SD),) (sensitivity)>
6782 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
6784 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6785 * (identity(SD),) (sensitivity)>
6788 * m will always be freed.
6794 const struct sadb_msghdr
*mhp
)
6796 struct sadb_sa
*sa0
;
6797 struct sadb_address
*src0
, *dst0
;
6798 ifnet_t ipsec_if
= NULL
;
6799 struct secasindex saidx
;
6800 struct secashead
*sah
;
6801 struct secasvar
*sav
;
6808 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6811 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6812 panic("key_update: NULL pointer is passed.\n");
6814 /* map satype to proto */
6815 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6816 ipseclog((LOG_DEBUG
, "key_update: invalid satype is passed.\n"));
6817 return key_senderror(so
, m
, EINVAL
);
6820 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
6821 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6822 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
6823 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
6824 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
6825 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
6826 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
6827 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
6828 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
6829 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
6830 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
6831 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
6832 return key_senderror(so
, m
, EINVAL
);
6834 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
6835 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6836 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
6837 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
6838 return key_senderror(so
, m
, EINVAL
);
6840 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
6841 mode
= ((struct sadb_x_sa2
*)
6842 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
6843 reqid
= ((struct sadb_x_sa2
*)
6844 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
6845 flags2
= ((struct sadb_x_sa2
*)(void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_flags
;
6847 mode
= IPSEC_MODE_ANY
;
6851 /* XXX boundary checking for other extensions */
6853 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
6854 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
6855 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
6856 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
6858 /* XXX boundary check against sa_len */
6859 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
6861 lck_mtx_lock(sadb_mutex
);
6863 /* get a SA header */
6864 if ((sah
= key_getsah(&saidx
)) == NULL
) {
6865 lck_mtx_unlock(sadb_mutex
);
6866 ipseclog((LOG_DEBUG
, "key_update: no SA index found.\n"));
6867 return key_senderror(so
, m
, ENOENT
);
6870 /* set spidx if there */
6872 error
= key_setident(sah
, m
, mhp
);
6874 lck_mtx_unlock(sadb_mutex
);
6875 return key_senderror(so
, m
, error
);
6878 /* find a SA with sequence number. */
6879 #if IPSEC_DOSEQCHECK
6880 if (mhp
->msg
->sadb_msg_seq
!= 0
6881 && (sav
= key_getsavbyseq(sah
, mhp
->msg
->sadb_msg_seq
)) == NULL
) {
6882 lck_mtx_unlock(sadb_mutex
);
6883 ipseclog((LOG_DEBUG
,
6884 "key_update: no larval SA with sequence %u exists.\n",
6885 mhp
->msg
->sadb_msg_seq
));
6886 return key_senderror(so
, m
, ENOENT
);
6889 if ((sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
)) == NULL
) {
6890 lck_mtx_unlock(sadb_mutex
);
6891 ipseclog((LOG_DEBUG
,
6892 "key_update: no such a SA found (spi:%u)\n",
6893 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
6894 return key_senderror(so
, m
, EINVAL
);
6898 /* validity check */
6899 if (sav
->sah
->saidx
.proto
!= proto
) {
6900 lck_mtx_unlock(sadb_mutex
);
6901 ipseclog((LOG_DEBUG
,
6902 "key_update: protocol mismatched (DB=%u param=%u)\n",
6903 sav
->sah
->saidx
.proto
, proto
));
6904 return key_senderror(so
, m
, EINVAL
);
6906 #if IPSEC_DOSEQCHECK
6907 if (sav
->spi
!= sa0
->sadb_sa_spi
) {
6908 lck_mtx_unlock(sadb_mutex
);
6909 ipseclog((LOG_DEBUG
,
6910 "key_update: SPI mismatched (DB:%u param:%u)\n",
6911 (u_int32_t
)ntohl(sav
->spi
),
6912 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
6913 return key_senderror(so
, m
, EINVAL
);
6916 if (sav
->pid
!= mhp
->msg
->sadb_msg_pid
) {
6917 lck_mtx_unlock(sadb_mutex
);
6918 ipseclog((LOG_DEBUG
,
6919 "key_update: pid mismatched (DB:%u param:%u)\n",
6920 sav
->pid
, mhp
->msg
->sadb_msg_pid
));
6921 return key_senderror(so
, m
, EINVAL
);
6924 /* copy sav values */
6925 error
= key_setsaval(sav
, m
, mhp
);
6927 key_freesav(sav
, KEY_SADB_LOCKED
);
6928 lck_mtx_unlock(sadb_mutex
);
6929 return key_senderror(so
, m
, error
);
6932 sav
->flags2
= flags2
;
6933 if (flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
) {
6938 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
6939 * this SA is for transport mode - otherwise clear it.
6941 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
6942 (sav
->sah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
6943 sav
->sah
->saidx
.src
.ss_family
!= AF_INET
))
6944 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
6946 /* check SA values to be mature. */
6947 if ((error
= key_mature(sav
)) != 0) {
6948 key_freesav(sav
, KEY_SADB_LOCKED
);
6949 lck_mtx_unlock(sadb_mutex
);
6950 return key_senderror(so
, m
, error
);
6953 lck_mtx_unlock(sadb_mutex
);
6958 /* set msg buf from mhp */
6959 n
= key_getmsgbuf_x1(m
, mhp
);
6961 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
6962 return key_senderror(so
, m
, ENOBUFS
);
6966 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
6971 key_migrate(struct socket
*so
,
6973 const struct sadb_msghdr
*mhp
)
6975 struct sadb_sa
*sa0
= NULL
;
6976 struct sadb_address
*src0
= NULL
;
6977 struct sadb_address
*dst0
= NULL
;
6978 struct sadb_address
*src1
= NULL
;
6979 struct sadb_address
*dst1
= NULL
;
6980 ifnet_t ipsec_if0
= NULL
;
6981 ifnet_t ipsec_if1
= NULL
;
6982 struct secasindex saidx0
;
6983 struct secasindex saidx1
;
6984 struct secashead
*sah
= NULL
;
6985 struct secashead
*newsah
= NULL
;
6986 struct secasvar
*sav
= NULL
;
6989 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6992 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6993 panic("key_migrate: NULL pointer is passed.\n");
6995 /* map satype to proto */
6996 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6997 ipseclog((LOG_DEBUG
, "key_migrate: invalid satype is passed.\n"));
6998 return key_senderror(so
, m
, EINVAL
);
7001 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7002 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7003 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
7004 mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_SRC
] == NULL
||
7005 mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_DST
] == NULL
) {
7006 ipseclog((LOG_DEBUG
, "key_migrate: invalid message is passed.\n"));
7007 return key_senderror(so
, m
, EINVAL
);
7010 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7011 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7012 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
7013 mhp
->extlen
[SADB_EXT_MIGRATE_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7014 mhp
->extlen
[SADB_EXT_MIGRATE_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7015 ipseclog((LOG_DEBUG
, "key_migrate: invalid message is passed.\n"));
7016 return key_senderror(so
, m
, EINVAL
);
7019 lck_mtx_lock(sadb_mutex
);
7021 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7022 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7023 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7024 src1
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_SRC
]);
7025 dst1
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_MIGRATE_ADDRESS_DST
]);
7026 ipsec_if0
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7027 ipsec_if1
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_MIGRATE_IPSECIF
);
7029 /* Find existing SAH and SAV */
7030 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if0
? ipsec_if0
->if_index
: 0, &saidx0
);
7032 LIST_FOREACH(sah
, &sahtree
, chain
) {
7033 if (sah
->state
!= SADB_SASTATE_MATURE
)
7035 if (key_cmpsaidx(&sah
->saidx
, &saidx0
, CMP_HEAD
) == 0)
7038 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7039 if (sav
&& sav
->state
== SADB_SASTATE_MATURE
)
7043 lck_mtx_unlock(sadb_mutex
);
7044 ipseclog((LOG_DEBUG
, "key_migrate: no mature SAH found.\n"));
7045 return key_senderror(so
, m
, ENOENT
);
7049 lck_mtx_unlock(sadb_mutex
);
7050 ipseclog((LOG_DEBUG
, "key_migrate: no SA found.\n"));
7051 return key_senderror(so
, m
, ENOENT
);
7054 /* Find or create new SAH */
7055 KEY_SETSECASIDX(proto
, sah
->saidx
.mode
, sah
->saidx
.reqid
, src1
+ 1, dst1
+ 1, ipsec_if1
? ipsec_if1
->if_index
: 0, &saidx1
);
7057 if ((newsah
= key_getsah(&saidx1
)) == NULL
) {
7058 if ((newsah
= key_newsah(&saidx1
, ipsec_if1
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_MIGRATE_IPSECIF
), sah
->dir
)) == NULL
) {
7059 lck_mtx_unlock(sadb_mutex
);
7060 ipseclog((LOG_DEBUG
, "key_migrate: No more memory.\n"));
7061 return key_senderror(so
, m
, ENOBUFS
);
7065 /* Migrate SAV in to new SAH */
7066 if (key_migratesav(sav
, newsah
) != 0) {
7067 lck_mtx_unlock(sadb_mutex
);
7068 ipseclog((LOG_DEBUG
, "key_migrate: Failed to migrate SA to new SAH.\n"));
7069 return key_senderror(so
, m
, EINVAL
);
7072 /* Reset NAT values */
7073 sav
->flags
= sa0
->sadb_sa_flags
;
7074 sav
->remote_ike_port
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
;
7075 sav
->natt_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_interval
;
7076 sav
->natt_offload_interval
= ((const struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_offload_interval
;
7077 sav
->natt_last_activity
= natt_now
;
7080 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7081 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
7082 * set (we're not behind nat) - otherwise clear it.
7084 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
7085 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
7086 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
7087 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
7089 lck_mtx_unlock(sadb_mutex
);
7092 struct sadb_msg
*newmsg
;
7093 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7094 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
, SADB_X_EXT_IPSECIF
,
7095 SADB_EXT_MIGRATE_ADDRESS_SRC
, SADB_EXT_MIGRATE_ADDRESS_DST
, SADB_X_EXT_MIGRATE_IPSECIF
};
7097 /* create new sadb_msg to reply. */
7098 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7100 return key_senderror(so
, m
, ENOBUFS
);
7102 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7103 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7105 return key_senderror(so
, m
, ENOBUFS
);
7107 newmsg
= mtod(n
, struct sadb_msg
*);
7108 newmsg
->sadb_msg_errno
= 0;
7109 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7112 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7117 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
7118 * only called by key_update().
7121 * others : found, pointer to a SA.
7123 #if IPSEC_DOSEQCHECK
7124 static struct secasvar
*
7126 struct secashead
*sah
,
7129 struct secasvar
*sav
;
7132 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7134 state
= SADB_SASTATE_LARVAL
;
7136 /* search SAD with sequence number ? */
7137 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
7139 KEY_CHKSASTATE(state
, sav
->state
, "key_getsabyseq");
7141 if (sav
->seq
== seq
) {
7143 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
7144 printf("DP key_getsavbyseq cause "
7145 "refcnt++:%d SA:0x%llx\n", sav
->refcnt
,
7146 (uint64_t)VM_KERNEL_ADDRPERM(sav
)));
7156 * SADB_ADD processing
7157 * add a entry to SA database, when received
7158 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7159 * key(AE), (identity(SD),) (sensitivity)>
7162 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7163 * (identity(SD),) (sensitivity)>
7166 * IGNORE identity and sensitivity messages.
7168 * m will always be freed.
7174 const struct sadb_msghdr
*mhp
)
7176 struct sadb_sa
*sa0
;
7177 struct sadb_address
*src0
, *dst0
;
7178 ifnet_t ipsec_if
= NULL
;
7179 struct secasindex saidx
;
7180 struct secashead
*newsah
;
7181 struct secasvar
*newsav
;
7187 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7190 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7191 panic("key_add: NULL pointer is passed.\n");
7193 /* map satype to proto */
7194 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7195 ipseclog((LOG_DEBUG
, "key_add: invalid satype is passed.\n"));
7197 return key_senderror(so
, m
, EINVAL
);
7200 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7201 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7202 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
7203 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
7204 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
7205 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
7206 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
7207 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
7208 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
7209 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
7210 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
7211 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
7213 return key_senderror(so
, m
, EINVAL
);
7215 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7216 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7217 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7219 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
7221 return key_senderror(so
, m
, EINVAL
);
7223 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
7224 mode
= ((struct sadb_x_sa2
*)
7225 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
7226 reqid
= ((struct sadb_x_sa2
*)
7227 (void *)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
7229 mode
= IPSEC_MODE_ANY
;
7233 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7234 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
7235 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
7236 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7238 /* XXX boundary check against sa_len */
7239 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7241 lck_mtx_lock(sadb_mutex
);
7243 /* get a SA header */
7244 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
7245 /* create a new SA header: key_addspi is always used for outbound spi */
7246 if ((newsah
= key_newsah(&saidx
, ipsec_if
, key_get_outgoing_ifindex_from_message(mhp
, SADB_X_EXT_IPSECIF
), IPSEC_DIR_OUTBOUND
)) == NULL
) {
7247 lck_mtx_unlock(sadb_mutex
);
7248 ipseclog((LOG_DEBUG
, "key_add: No more memory.\n"));
7250 return key_senderror(so
, m
, ENOBUFS
);
7254 /* set spidx if there */
7256 error
= key_setident(newsah
, m
, mhp
);
7258 lck_mtx_unlock(sadb_mutex
);
7260 return key_senderror(so
, m
, error
);
7263 /* create new SA entry. */
7264 /* We can create new SA only if SPI is different. */
7265 if (key_getsavbyspi(newsah
, sa0
->sadb_sa_spi
)) {
7266 lck_mtx_unlock(sadb_mutex
);
7267 ipseclog((LOG_DEBUG
, "key_add: SA already exists.\n"));
7269 return key_senderror(so
, m
, EEXIST
);
7271 newsav
= key_newsav(m
, mhp
, newsah
, &error
, so
);
7272 if (newsav
== NULL
) {
7273 lck_mtx_unlock(sadb_mutex
);
7275 return key_senderror(so
, m
, error
);
7279 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7280 * this SA is for transport mode - otherwise clear it.
7282 if ((newsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
7283 (newsah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
7284 newsah
->saidx
.dst
.ss_family
!= AF_INET
))
7285 newsav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
7287 /* check SA values to be mature. */
7288 if ((error
= key_mature(newsav
)) != 0) {
7289 key_freesav(newsav
, KEY_SADB_LOCKED
);
7290 lck_mtx_unlock(sadb_mutex
);
7292 return key_senderror(so
, m
, error
);
7295 lck_mtx_unlock(sadb_mutex
);
7298 * don't call key_freesav() here, as we would like to keep the SA
7299 * in the database on success.
7305 /* set msg buf from mhp */
7306 n
= key_getmsgbuf_x1(m
, mhp
);
7308 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
7310 return key_senderror(so
, m
, ENOBUFS
);
7313 // mh.ext points to the mbuf content.
7314 // Zero out Encryption and Integrity keys if present.
7317 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7324 struct secashead
*sah
,
7326 const struct sadb_msghdr
*mhp
)
7328 const struct sadb_ident
*idsrc
, *iddst
;
7329 int idsrclen
, iddstlen
;
7331 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7334 if (sah
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7335 panic("key_setident: NULL pointer is passed.\n");
7337 /* don't make buffer if not there */
7338 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
&&
7339 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
7345 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
||
7346 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
7347 ipseclog((LOG_DEBUG
, "key_setident: invalid identity.\n"));
7351 idsrc
= (const struct sadb_ident
*)
7352 (void *)mhp
->ext
[SADB_EXT_IDENTITY_SRC
];
7353 iddst
= (const struct sadb_ident
*)
7354 (void *)mhp
->ext
[SADB_EXT_IDENTITY_DST
];
7355 idsrclen
= mhp
->extlen
[SADB_EXT_IDENTITY_SRC
];
7356 iddstlen
= mhp
->extlen
[SADB_EXT_IDENTITY_DST
];
7358 /* validity check */
7359 if (idsrc
->sadb_ident_type
!= iddst
->sadb_ident_type
) {
7360 ipseclog((LOG_DEBUG
, "key_setident: ident type mismatch.\n"));
7364 switch (idsrc
->sadb_ident_type
) {
7365 case SADB_IDENTTYPE_PREFIX
:
7366 case SADB_IDENTTYPE_FQDN
:
7367 case SADB_IDENTTYPE_USERFQDN
:
7369 /* XXX do nothing */
7375 /* make structure */
7376 KMALLOC_NOWAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
7377 if (sah
->idents
== NULL
) {
7378 lck_mtx_unlock(sadb_mutex
);
7379 KMALLOC_WAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
7380 lck_mtx_lock(sadb_mutex
);
7381 if (sah
->idents
== NULL
) {
7382 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
7386 KMALLOC_NOWAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
7387 if (sah
->identd
== NULL
) {
7388 lck_mtx_unlock(sadb_mutex
);
7389 KMALLOC_WAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
7390 lck_mtx_lock(sadb_mutex
);
7391 if (sah
->identd
== NULL
) {
7394 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
7398 bcopy(idsrc
, sah
->idents
, idsrclen
);
7399 bcopy(iddst
, sah
->identd
, iddstlen
);
7405 * m will not be freed on return.
7406 * it is caller's responsibility to free the result.
7408 static struct mbuf
*
7411 const struct sadb_msghdr
*mhp
)
7414 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7415 SADB_X_EXT_SA2
, SADB_EXT_ADDRESS_SRC
,
7416 SADB_EXT_ADDRESS_DST
, SADB_EXT_LIFETIME_HARD
,
7417 SADB_EXT_LIFETIME_SOFT
, SADB_EXT_IDENTITY_SRC
,
7418 SADB_EXT_IDENTITY_DST
};
7421 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7422 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
7424 /* create new sadb_msg to reply. */
7425 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7429 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7430 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7434 mtod(n
, struct sadb_msg
*)->sadb_msg_errno
= 0;
7435 mtod(n
, struct sadb_msg
*)->sadb_msg_len
=
7436 PFKEY_UNIT64(n
->m_pkthdr
.len
);
7441 static int key_delete_all(struct socket
*, struct mbuf
*,
7442 const struct sadb_msghdr
*, u_int16_t
);
7445 * SADB_DELETE processing
7447 * <base, SA(*), address(SD)>
7448 * from the ikmpd, and set SADB_SASTATE_DEAD,
7450 * <base, SA(*), address(SD)>
7453 * m will always be freed.
7459 const struct sadb_msghdr
*mhp
)
7461 struct sadb_sa
*sa0
;
7462 struct sadb_address
*src0
, *dst0
;
7463 ifnet_t ipsec_if
= NULL
;
7464 struct secasindex saidx
;
7465 struct secashead
*sah
;
7466 struct secasvar
*sav
= NULL
;
7469 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7472 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7473 panic("key_delete: NULL pointer is passed.\n");
7475 /* map satype to proto */
7476 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7477 ipseclog((LOG_DEBUG
, "key_delete: invalid satype is passed.\n"));
7478 return key_senderror(so
, m
, EINVAL
);
7481 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7482 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
7483 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7484 return key_senderror(so
, m
, EINVAL
);
7487 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7488 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7489 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7490 return key_senderror(so
, m
, EINVAL
);
7493 lck_mtx_lock(sadb_mutex
);
7495 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
7497 * Caller wants us to delete all non-LARVAL SAs
7498 * that match the src/dst. This is used during
7499 * IKE INITIAL-CONTACT.
7501 ipseclog((LOG_DEBUG
, "key_delete: doing delete all.\n"));
7502 /* key_delete_all will unlock sadb_mutex */
7503 return key_delete_all(so
, m
, mhp
, proto
);
7504 } else if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
)) {
7505 lck_mtx_unlock(sadb_mutex
);
7506 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
7507 return key_senderror(so
, m
, EINVAL
);
7510 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7511 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7512 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7513 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7515 /* XXX boundary check against sa_len */
7516 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7518 /* get a SA header */
7519 LIST_FOREACH(sah
, &sahtree
, chain
) {
7520 if (sah
->state
== SADB_SASTATE_DEAD
)
7522 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7525 /* get a SA with SPI. */
7526 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7531 lck_mtx_unlock(sadb_mutex
);
7532 ipseclog((LOG_DEBUG
, "key_delete: no SA found.\n"));
7533 return key_senderror(so
, m
, ENOENT
);
7536 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
7537 key_freesav(sav
, KEY_SADB_LOCKED
);
7539 lck_mtx_unlock(sadb_mutex
);
7544 struct sadb_msg
*newmsg
;
7545 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
7546 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
7548 /* create new sadb_msg to reply. */
7549 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7551 return key_senderror(so
, m
, ENOBUFS
);
7553 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7554 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7556 return key_senderror(so
, m
, ENOBUFS
);
7558 newmsg
= mtod(n
, struct sadb_msg
*);
7559 newmsg
->sadb_msg_errno
= 0;
7560 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7563 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7568 * delete all SAs for src/dst. Called from key_delete().
7574 const struct sadb_msghdr
*mhp
,
7577 struct sadb_address
*src0
, *dst0
;
7578 ifnet_t ipsec_if
= NULL
;
7579 struct secasindex saidx
;
7580 struct secashead
*sah
;
7581 struct secasvar
*sav
, *nextsav
;
7582 u_int stateidx
, state
;
7584 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
7586 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
7587 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
7588 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7590 /* XXX boundary check against sa_len */
7591 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7593 LIST_FOREACH(sah
, &sahtree
, chain
) {
7594 if (sah
->state
== SADB_SASTATE_DEAD
)
7596 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7599 /* Delete all non-LARVAL SAs. */
7601 stateidx
< _ARRAYLEN(saorder_state_alive
);
7603 state
= saorder_state_alive
[stateidx
];
7604 if (state
== SADB_SASTATE_LARVAL
)
7606 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
7607 sav
!= NULL
; sav
= nextsav
) {
7608 nextsav
= LIST_NEXT(sav
, chain
);
7610 if (sav
->state
!= state
) {
7611 ipseclog((LOG_DEBUG
, "key_delete_all: "
7612 "invalid sav->state "
7613 "(queue: %d SA: %d)\n",
7614 state
, sav
->state
));
7618 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
7619 key_freesav(sav
, KEY_SADB_LOCKED
);
7623 lck_mtx_unlock(sadb_mutex
);
7627 struct sadb_msg
*newmsg
;
7628 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_ADDRESS_SRC
,
7629 SADB_EXT_ADDRESS_DST
};
7631 /* create new sadb_msg to reply. */
7632 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
7634 return key_senderror(so
, m
, ENOBUFS
);
7636 if (n
->m_len
< sizeof(struct sadb_msg
)) {
7637 n
= m_pullup(n
, sizeof(struct sadb_msg
));
7639 return key_senderror(so
, m
, ENOBUFS
);
7641 newmsg
= mtod(n
, struct sadb_msg
*);
7642 newmsg
->sadb_msg_errno
= 0;
7643 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
7646 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
7651 * SADB_GET processing
7653 * <base, SA(*), address(SD)>
7654 * from the ikmpd, and get a SP and a SA to respond,
7656 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
7657 * (identity(SD),) (sensitivity)>
7660 * m will always be freed.
7666 const struct sadb_msghdr
*mhp
)
7668 struct sadb_sa
*sa0
;
7669 struct sadb_address
*src0
, *dst0
;
7670 ifnet_t ipsec_if
= NULL
;
7671 struct secasindex saidx
;
7672 struct secashead
*sah
;
7673 struct secasvar
*sav
= NULL
;
7676 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7679 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7680 panic("key_get: NULL pointer is passed.\n");
7682 /* map satype to proto */
7683 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7684 ipseclog((LOG_DEBUG
, "key_get: invalid satype is passed.\n"));
7685 return key_senderror(so
, m
, EINVAL
);
7688 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
7689 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
7690 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
7691 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
7692 return key_senderror(so
, m
, EINVAL
);
7694 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
7695 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
7696 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
7697 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
7698 return key_senderror(so
, m
, EINVAL
);
7701 sa0
= (struct sadb_sa
*)(void *)mhp
->ext
[SADB_EXT_SA
];
7702 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
7703 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
7704 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
7706 /* XXX boundary check against sa_len */
7707 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
7709 lck_mtx_lock(sadb_mutex
);
7711 /* get a SA header */
7712 LIST_FOREACH(sah
, &sahtree
, chain
) {
7713 if (sah
->state
== SADB_SASTATE_DEAD
)
7715 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
7718 /* get a SA with SPI. */
7719 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
7724 lck_mtx_unlock(sadb_mutex
);
7725 ipseclog((LOG_DEBUG
, "key_get: no SA found.\n"));
7726 return key_senderror(so
, m
, ENOENT
);
7733 /* map proto to satype */
7734 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
7735 lck_mtx_unlock(sadb_mutex
);
7736 ipseclog((LOG_DEBUG
, "key_get: there was invalid proto in SAD.\n"));
7737 return key_senderror(so
, m
, EINVAL
);
7739 lck_mtx_unlock(sadb_mutex
);
7741 /* create new sadb_msg to reply. */
7742 n
= key_setdumpsa(sav
, SADB_GET
, satype
, mhp
->msg
->sadb_msg_seq
,
7743 mhp
->msg
->sadb_msg_pid
);
7748 return key_senderror(so
, m
, ENOBUFS
);
7751 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
7756 * get SA stats by spi.
7757 * OUT: -1 : not found
7758 * 0 : found, arg pointer to a SA stats is updated.
7761 key_getsastatbyspi_one (u_int32_t spi
,
7762 struct sastat
*stat
)
7764 struct secashead
*sah
;
7765 struct secasvar
*sav
= NULL
;
7767 if ((void *)stat
== NULL
) {
7771 lck_mtx_lock(sadb_mutex
);
7773 /* get a SA header */
7774 LIST_FOREACH(sah
, &sahtree
, chain
) {
7775 if (sah
->state
== SADB_SASTATE_DEAD
)
7778 /* get a SA with SPI. */
7779 sav
= key_getsavbyspi(sah
, spi
);
7781 stat
->spi
= sav
->spi
;
7782 stat
->created
= sav
->created
;
7784 bcopy(sav
->lft_c
,&stat
->lft_c
, sizeof(stat
->lft_c
));
7786 bzero(&stat
->lft_c
, sizeof(stat
->lft_c
));
7788 lck_mtx_unlock(sadb_mutex
);
7793 lck_mtx_unlock(sadb_mutex
);
7799 * get SA stats collection by indices.
7800 * OUT: -1 : not found
7801 * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
7804 key_getsastatbyspi (struct sastat
*stat_arg
,
7805 u_int32_t max_stat_arg
,
7806 struct sastat
*stat_res
,
7807 u_int32_t
*max_stat_res
)
7811 if (stat_arg
== NULL
||
7813 max_stat_res
== NULL
) {
7817 for (cur
= 0; cur
< max_stat_arg
; cur
++) {
7818 if (key_getsastatbyspi_one(stat_arg
[cur
].spi
,
7819 &stat_res
[found
]) == 0) {
7823 *max_stat_res
= found
;
7831 /* XXX make it sysctl-configurable? */
7833 key_getcomb_setlifetime(
7834 struct sadb_comb
*comb
)
7837 comb
->sadb_comb_soft_allocations
= 1;
7838 comb
->sadb_comb_hard_allocations
= 1;
7839 comb
->sadb_comb_soft_bytes
= 0;
7840 comb
->sadb_comb_hard_bytes
= 0;
7841 comb
->sadb_comb_hard_addtime
= 86400; /* 1 day */
7842 comb
->sadb_comb_soft_addtime
= comb
->sadb_comb_soft_addtime
* 80 / 100;
7843 comb
->sadb_comb_soft_usetime
= 28800; /* 8 hours */
7844 comb
->sadb_comb_hard_usetime
= comb
->sadb_comb_hard_usetime
* 80 / 100;
7849 * XXX reorder combinations by preference
7850 * XXX no idea if the user wants ESP authentication or not
7852 static struct mbuf
*
7853 key_getcomb_esp(void)
7855 struct sadb_comb
*comb
;
7856 const struct esp_algorithm
*algo
;
7857 struct mbuf
*result
= NULL
, *m
, *n
;
7861 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
7864 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
7865 algo
= esp_algorithm_lookup(i
);
7869 if (algo
->keymax
< ipsec_esp_keymin
)
7871 if (algo
->keymin
< ipsec_esp_keymin
)
7872 encmin
= ipsec_esp_keymin
;
7874 encmin
= algo
->keymin
;
7877 m
= key_getcomb_ah();
7881 panic("assumption failed in key_getcomb_esp");
7883 MGET(m
, M_WAITOK
, MT_DATA
);
7888 bzero(mtod(m
, caddr_t
), m
->m_len
);
7895 for (n
= m
; n
; n
= n
->m_next
)
7899 panic("assumption failed in key_getcomb_esp");
7902 for (off
= 0; off
< totlen
; off
+= l
) {
7903 n
= m_pulldown(m
, off
, l
, &o
);
7905 /* m is already freed */
7908 comb
= (struct sadb_comb
*)
7909 (void *)(mtod(n
, caddr_t
) + o
);
7910 bzero(comb
, sizeof(*comb
));
7911 key_getcomb_setlifetime(comb
);
7912 comb
->sadb_comb_encrypt
= i
;
7913 comb
->sadb_comb_encrypt_minbits
= encmin
;
7914 comb
->sadb_comb_encrypt_maxbits
= algo
->keymax
;
7933 * XXX reorder combinations by preference
7935 static struct mbuf
*
7936 key_getcomb_ah(void)
7938 struct sadb_comb
*comb
;
7939 const struct ah_algorithm
*algo
;
7943 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
7946 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
7948 /* we prefer HMAC algorithms, not old algorithms */
7949 if (i
!= SADB_AALG_SHA1HMAC
&& i
!= SADB_AALG_MD5HMAC
)
7952 algo
= ah_algorithm_lookup(i
);
7956 if (algo
->keymax
< ipsec_ah_keymin
)
7958 if (algo
->keymin
< ipsec_ah_keymin
)
7959 keymin
= ipsec_ah_keymin
;
7961 keymin
= algo
->keymin
;
7966 panic("assumption failed in key_getcomb_ah");
7968 MGET(m
, M_WAITOK
, MT_DATA
);
7975 M_PREPEND(m
, l
, M_WAITOK
, 1);
7979 comb
= mtod(m
, struct sadb_comb
*);
7980 bzero(comb
, sizeof(*comb
));
7981 key_getcomb_setlifetime(comb
);
7982 comb
->sadb_comb_auth
= i
;
7983 comb
->sadb_comb_auth_minbits
= keymin
;
7984 comb
->sadb_comb_auth_maxbits
= algo
->keymax
;
7991 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
7992 * XXX reorder combinations by preference
7994 static struct mbuf
*
7995 key_getcomb_ipcomp(void)
7997 struct sadb_comb
*comb
;
7998 const struct ipcomp_algorithm
*algo
;
8001 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
8004 for (i
= 1; i
<= SADB_X_CALG_MAX
; i
++) {
8005 algo
= ipcomp_algorithm_lookup(i
);
8012 panic("assumption failed in key_getcomb_ipcomp");
8014 MGET(m
, M_WAITOK
, MT_DATA
);
8021 M_PREPEND(m
, l
, M_WAITOK
, 1);
8025 comb
= mtod(m
, struct sadb_comb
*);
8026 bzero(comb
, sizeof(*comb
));
8027 key_getcomb_setlifetime(comb
);
8028 comb
->sadb_comb_encrypt
= i
;
8029 /* what should we set into sadb_comb_*_{min,max}bits? */
8036 * XXX no way to pass mode (transport/tunnel) to userland
8037 * XXX replay checking?
8038 * XXX sysctl interface to ipsec_{ah,esp}_keymin
8040 static struct mbuf
*
8042 const struct secasindex
*saidx
)
8044 struct sadb_prop
*prop
;
8046 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_prop
));
8049 switch (saidx
->proto
) {
8052 m
= key_getcomb_esp();
8056 m
= key_getcomb_ah();
8058 case IPPROTO_IPCOMP
:
8059 m
= key_getcomb_ipcomp();
8067 M_PREPEND(m
, l
, M_WAITOK
, 1);
8072 for (n
= m
; n
; n
= n
->m_next
)
8075 prop
= mtod(m
, struct sadb_prop
*);
8076 bzero(prop
, sizeof(*prop
));
8077 prop
->sadb_prop_len
= PFKEY_UNIT64(totlen
);
8078 prop
->sadb_prop_exttype
= SADB_EXT_PROPOSAL
;
8079 prop
->sadb_prop_replay
= 32; /* XXX */
8085 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
8087 * <base, SA, address(SD), (address(P)), x_policy,
8088 * (identity(SD),) (sensitivity,) proposal>
8089 * to KMD, and expect to receive
8090 * <base> with SADB_ACQUIRE if error occurred,
8092 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
8093 * from KMD by PF_KEY.
8095 * XXX x_policy is outside of RFC2367 (KAME extension).
8096 * XXX sensitivity is not supported.
8097 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
8098 * see comment for key_getcomb_ipcomp().
8102 * others: error number
8106 struct secasindex
*saidx
,
8107 struct secpolicy
*sp
)
8109 struct mbuf
*result
= NULL
, *m
;
8110 #ifndef IPSEC_NONBLOCK_ACQUIRE
8111 struct secacq
*newacq
;
8117 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
8121 panic("key_acquire: NULL pointer is passed.\n");
8122 if ((satype
= key_proto2satype(saidx
->proto
)) == 0)
8123 panic("key_acquire: invalid proto is passed.\n");
8125 #ifndef IPSEC_NONBLOCK_ACQUIRE
8127 * We never do anything about acquirng SA. There is anather
8128 * solution that kernel blocks to send SADB_ACQUIRE message until
8129 * getting something message from IKEd. In later case, to be
8130 * managed with ACQUIRING list.
8132 /* get a entry to check whether sending message or not. */
8133 lck_mtx_lock(sadb_mutex
);
8134 if ((newacq
= key_getacq(saidx
)) != NULL
) {
8135 if (key_blockacq_count
< newacq
->count
) {
8136 /* reset counter and do send message. */
8139 /* increment counter and do nothing. */
8141 lck_mtx_unlock(sadb_mutex
);
8145 /* make new entry for blocking to send SADB_ACQUIRE. */
8146 if ((newacq
= key_newacq(saidx
)) == NULL
) {
8147 lck_mtx_unlock(sadb_mutex
);
8151 /* add to acqtree */
8152 LIST_INSERT_HEAD(&acqtree
, newacq
, chain
);
8153 key_start_timehandler();
8156 lck_mtx_unlock(sadb_mutex
);
8159 seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
8161 m
= key_setsadbmsg(SADB_ACQUIRE
, 0, satype
, seq
, 0, 0);
8168 /* set sadb_address for saidx's. */
8169 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
8170 (struct sockaddr
*)&saidx
->src
, FULLMASK
, IPSEC_ULPROTO_ANY
);
8177 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
8178 (struct sockaddr
*)&saidx
->dst
, FULLMASK
, IPSEC_ULPROTO_ANY
);
8185 /* XXX proxy address (optional) */
8187 /* set sadb_x_policy */
8189 m
= key_setsadbxpolicy(sp
->policy
, sp
->spidx
.dir
, sp
->id
);
8197 /* XXX identity (optional) */
8199 if (idexttype
&& fqdn
) {
8200 /* create identity extension (FQDN) */
8201 struct sadb_ident
*id
;
8204 fqdnlen
= strlen(fqdn
) + 1; /* +1 for terminating-NUL */
8205 id
= (struct sadb_ident
*)p
;
8206 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
8207 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
8208 id
->sadb_ident_exttype
= idexttype
;
8209 id
->sadb_ident_type
= SADB_IDENTTYPE_FQDN
;
8210 bcopy(fqdn
, id
+ 1, fqdnlen
);
8211 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(fqdnlen
);
8215 /* create identity extension (USERFQDN) */
8216 struct sadb_ident
*id
;
8220 /* +1 for terminating-NUL */
8221 userfqdnlen
= strlen(userfqdn
) + 1;
8224 id
= (struct sadb_ident
*)p
;
8225 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
8226 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
8227 id
->sadb_ident_exttype
= idexttype
;
8228 id
->sadb_ident_type
= SADB_IDENTTYPE_USERFQDN
;
8229 /* XXX is it correct? */
8230 if (curproc
&& curproc
->p_cred
)
8231 id
->sadb_ident_id
= curproc
->p_cred
->p_ruid
;
8232 if (userfqdn
&& userfqdnlen
)
8233 bcopy(userfqdn
, id
+ 1, userfqdnlen
);
8234 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(userfqdnlen
);
8238 /* XXX sensitivity (optional) */
8240 /* create proposal/combination extension */
8241 m
= key_getprop(saidx
);
8244 * spec conformant: always attach proposal/combination extension,
8245 * the problem is that we have no way to attach it for ipcomp,
8246 * due to the way sadb_comb is declared in RFC2367.
8255 * outside of spec; make proposal/combination extension optional.
8261 if ((result
->m_flags
& M_PKTHDR
) == 0) {
8266 if (result
->m_len
< sizeof(struct sadb_msg
)) {
8267 result
= m_pullup(result
, sizeof(struct sadb_msg
));
8268 if (result
== NULL
) {
8274 result
->m_pkthdr
.len
= 0;
8275 for (m
= result
; m
; m
= m
->m_next
)
8276 result
->m_pkthdr
.len
+= m
->m_len
;
8278 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
8279 PFKEY_UNIT64(result
->m_pkthdr
.len
);
8281 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
8289 #ifndef IPSEC_NONBLOCK_ACQUIRE
8290 static struct secacq
*
8292 struct secasindex
*saidx
)
8294 struct secacq
*newacq
;
8298 KMALLOC_NOWAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
8299 if (newacq
== NULL
) {
8300 lck_mtx_unlock(sadb_mutex
);
8301 KMALLOC_WAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
8302 lck_mtx_lock(sadb_mutex
);
8303 if (newacq
== NULL
) {
8304 ipseclog((LOG_DEBUG
, "key_newacq: No more memory.\n"));
8308 bzero(newacq
, sizeof(*newacq
));
8311 bcopy(saidx
, &newacq
->saidx
, sizeof(newacq
->saidx
));
8312 newacq
->seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
);
8314 newacq
->created
= tv
.tv_sec
;
8320 static struct secacq
*
8322 struct secasindex
*saidx
)
8326 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8328 LIST_FOREACH(acq
, &acqtree
, chain
) {
8329 if (key_cmpsaidx(saidx
, &acq
->saidx
, CMP_EXACTLY
))
8336 static struct secacq
*
8342 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8344 LIST_FOREACH(acq
, &acqtree
, chain
) {
8345 if (acq
->seq
== seq
)
8353 static struct secspacq
*
8355 struct secpolicyindex
*spidx
)
8357 struct secspacq
*acq
;
8361 KMALLOC_NOWAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
8363 lck_mtx_unlock(sadb_mutex
);
8364 KMALLOC_WAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
8365 lck_mtx_lock(sadb_mutex
);
8367 ipseclog((LOG_DEBUG
, "key_newspacq: No more memory.\n"));
8371 bzero(acq
, sizeof(*acq
));
8374 bcopy(spidx
, &acq
->spidx
, sizeof(acq
->spidx
));
8376 acq
->created
= tv
.tv_sec
;
8382 static struct secspacq
*
8384 struct secpolicyindex
*spidx
)
8386 struct secspacq
*acq
;
8388 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8390 LIST_FOREACH(acq
, &spacqtree
, chain
) {
8391 if (key_cmpspidx_exactly(spidx
, &acq
->spidx
))
8399 * SADB_ACQUIRE processing,
8400 * in first situation, is receiving
8402 * from the ikmpd, and clear sequence of its secasvar entry.
8404 * In second situation, is receiving
8405 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8406 * from a user land process, and return
8407 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8410 * m will always be freed.
8416 const struct sadb_msghdr
*mhp
)
8418 const struct sadb_address
*src0
, *dst0
;
8419 ifnet_t ipsec_if
= NULL
;
8420 struct secasindex saidx
;
8421 struct secashead
*sah
;
8427 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8428 panic("key_acquire2: NULL pointer is passed.\n");
8431 * Error message from KMd.
8432 * We assume that if error was occurred in IKEd, the length of PFKEY
8433 * message is equal to the size of sadb_msg structure.
8434 * We do not raise error even if error occurred in this function.
8436 lck_mtx_lock(sadb_mutex
);
8438 if (mhp
->msg
->sadb_msg_len
== PFKEY_UNIT64(sizeof(struct sadb_msg
))) {
8439 #ifndef IPSEC_NONBLOCK_ACQUIRE
8443 /* check sequence number */
8444 if (mhp
->msg
->sadb_msg_seq
== 0) {
8445 lck_mtx_unlock(sadb_mutex
);
8446 ipseclog((LOG_DEBUG
, "key_acquire2: must specify sequence number.\n"));
8451 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) == NULL
) {
8453 * the specified larval SA is already gone, or we got
8454 * a bogus sequence number. we can silently ignore it.
8456 lck_mtx_unlock(sadb_mutex
);
8461 /* reset acq counter in order to deletion by timehander. */
8463 acq
->created
= tv
.tv_sec
;
8466 lck_mtx_unlock(sadb_mutex
);
8472 * This message is from user land.
8475 /* map satype to proto */
8476 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
8477 lck_mtx_unlock(sadb_mutex
);
8478 ipseclog((LOG_DEBUG
, "key_acquire2: invalid satype is passed.\n"));
8479 return key_senderror(so
, m
, EINVAL
);
8482 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
8483 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
8484 mhp
->ext
[SADB_EXT_PROPOSAL
] == NULL
) {
8486 lck_mtx_unlock(sadb_mutex
);
8487 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
8488 return key_senderror(so
, m
, EINVAL
);
8490 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
8491 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
8492 mhp
->extlen
[SADB_EXT_PROPOSAL
] < sizeof(struct sadb_prop
)) {
8494 lck_mtx_unlock(sadb_mutex
);
8495 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
8496 return key_senderror(so
, m
, EINVAL
);
8499 src0
= (const struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
8500 dst0
= (const struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
8501 ipsec_if
= key_get_ipsec_if_from_message(mhp
, SADB_X_EXT_IPSECIF
);
8503 /* XXX boundary check against sa_len */
8505 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, ipsec_if
? ipsec_if
->if_index
: 0, &saidx
);
8507 /* get a SA index */
8508 LIST_FOREACH(sah
, &sahtree
, chain
) {
8509 if (sah
->state
== SADB_SASTATE_DEAD
)
8511 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
| CMP_REQID
))
8515 lck_mtx_unlock(sadb_mutex
);
8516 ipseclog((LOG_DEBUG
, "key_acquire2: a SA exists already.\n"));
8517 return key_senderror(so
, m
, EEXIST
);
8519 lck_mtx_unlock(sadb_mutex
);
8520 error
= key_acquire(&saidx
, NULL
);
8522 ipseclog((LOG_DEBUG
, "key_acquire2: error %d returned "
8523 "from key_acquire.\n", mhp
->msg
->sadb_msg_errno
));
8524 return key_senderror(so
, m
, error
);
8527 return key_sendup_mbuf(so
, m
, KEY_SENDUP_REGISTERED
);
8531 * SADB_REGISTER processing.
8532 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
8535 * from the ikmpd, and register a socket to send PF_KEY messages,
8539 * If socket is detached, must free from regnode.
8541 * m will always be freed.
8547 const struct sadb_msghdr
*mhp
)
8549 struct secreg
*reg
, *newreg
= 0;
8552 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8553 panic("key_register: NULL pointer is passed.\n");
8555 /* check for invalid register message */
8556 if (mhp
->msg
->sadb_msg_satype
>= sizeof(regtree
)/sizeof(regtree
[0]))
8557 return key_senderror(so
, m
, EINVAL
);
8559 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
8560 if (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_UNSPEC
)
8563 /* create regnode */
8564 KMALLOC_WAIT(newreg
, struct secreg
*, sizeof(*newreg
));
8565 if (newreg
== NULL
) {
8566 ipseclog((LOG_DEBUG
, "key_register: No more memory.\n"));
8567 return key_senderror(so
, m
, ENOBUFS
);
8569 bzero((caddr_t
)newreg
, sizeof(*newreg
));
8571 lck_mtx_lock(sadb_mutex
);
8572 /* check whether existing or not */
8573 LIST_FOREACH(reg
, ®tree
[mhp
->msg
->sadb_msg_satype
], chain
) {
8574 if (reg
->so
== so
) {
8575 lck_mtx_unlock(sadb_mutex
);
8576 ipseclog((LOG_DEBUG
, "key_register: socket exists already.\n"));
8578 return key_senderror(so
, m
, EEXIST
);
8584 ((struct keycb
*)sotorawcb(so
))->kp_registered
++;
8585 socket_unlock(so
, 1);
8587 /* add regnode to regtree. */
8588 LIST_INSERT_HEAD(®tree
[mhp
->msg
->sadb_msg_satype
], newreg
, chain
);
8589 lck_mtx_unlock(sadb_mutex
);
8593 struct sadb_msg
*newmsg
;
8594 struct sadb_supported
*sup
;
8595 u_int len
, alen
, elen
;
8598 struct sadb_alg
*alg
;
8600 /* create new sadb_msg to reply. */
8602 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
8603 if (ah_algorithm_lookup(i
))
8604 alen
+= sizeof(struct sadb_alg
);
8607 alen
+= sizeof(struct sadb_supported
);
8610 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
8611 if (esp_algorithm_lookup(i
))
8612 elen
+= sizeof(struct sadb_alg
);
8615 elen
+= sizeof(struct sadb_supported
);
8618 len
= sizeof(struct sadb_msg
) + alen
+ elen
;
8621 return key_senderror(so
, m
, ENOBUFS
);
8623 MGETHDR(n
, M_WAITOK
, MT_DATA
);
8624 if (n
&& len
> MHLEN
) {
8625 MCLGET(n
, M_WAITOK
);
8626 if ((n
->m_flags
& M_EXT
) == 0) {
8632 return key_senderror(so
, m
, ENOBUFS
);
8634 n
->m_pkthdr
.len
= n
->m_len
= len
;
8638 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
8639 newmsg
= mtod(n
, struct sadb_msg
*);
8640 newmsg
->sadb_msg_errno
= 0;
8641 newmsg
->sadb_msg_len
= PFKEY_UNIT64(len
);
8642 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
8644 /* for authentication algorithm */
8646 sup
= (struct sadb_supported
*)(void *)(mtod(n
, caddr_t
) + off
);
8647 sup
->sadb_supported_len
= PFKEY_UNIT64(alen
);
8648 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
8649 off
+= PFKEY_ALIGN8(sizeof(*sup
));
8651 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
8652 const struct ah_algorithm
*aalgo
;
8654 aalgo
= ah_algorithm_lookup(i
);
8657 alg
= (struct sadb_alg
*)
8658 (void *)(mtod(n
, caddr_t
) + off
);
8659 alg
->sadb_alg_id
= i
;
8660 alg
->sadb_alg_ivlen
= 0;
8661 alg
->sadb_alg_minbits
= aalgo
->keymin
;
8662 alg
->sadb_alg_maxbits
= aalgo
->keymax
;
8663 off
+= PFKEY_ALIGN8(sizeof(*alg
));
8668 /* for encryption algorithm */
8670 sup
= (struct sadb_supported
*)(void *)(mtod(n
, caddr_t
) + off
);
8671 sup
->sadb_supported_len
= PFKEY_UNIT64(elen
);
8672 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_ENCRYPT
;
8673 off
+= PFKEY_ALIGN8(sizeof(*sup
));
8675 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
8676 const struct esp_algorithm
*ealgo
;
8678 ealgo
= esp_algorithm_lookup(i
);
8681 alg
= (struct sadb_alg
*)
8682 (void *)(mtod(n
, caddr_t
) + off
);
8683 alg
->sadb_alg_id
= i
;
8684 if (ealgo
&& ealgo
->ivlen
) {
8686 * give NULL to get the value preferred by
8687 * algorithm XXX SADB_X_EXT_DERIV ?
8689 alg
->sadb_alg_ivlen
=
8690 (*ealgo
->ivlen
)(ealgo
, NULL
);
8692 alg
->sadb_alg_ivlen
= 0;
8693 alg
->sadb_alg_minbits
= ealgo
->keymin
;
8694 alg
->sadb_alg_maxbits
= ealgo
->keymax
;
8695 off
+= PFKEY_ALIGN8(sizeof(struct sadb_alg
));
8702 panic("length assumption failed in key_register");
8706 return key_sendup_mbuf(so
, n
, KEY_SENDUP_REGISTERED
);
8711 key_delete_all_for_socket (struct socket
*so
)
8713 struct secashead
*sah
, *nextsah
;
8714 struct secasvar
*sav
, *nextsav
;
8718 for (sah
= LIST_FIRST(&sahtree
);
8721 nextsah
= LIST_NEXT(sah
, chain
);
8722 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
); stateidx
++) {
8723 state
= saorder_state_any
[stateidx
];
8724 for (sav
= LIST_FIRST(&sah
->savtree
[state
]); sav
!= NULL
; sav
= nextsav
) {
8725 nextsav
= LIST_NEXT(sav
, chain
);
8726 if (sav
->flags2
& SADB_X_EXT_SA2_DELETE_ON_DETACH
&&
8728 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
8729 key_freesav(sav
, KEY_SADB_LOCKED
);
8737 * free secreg entry registered.
8738 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
8749 panic("key_freereg: NULL pointer is passed.\n");
8752 * check whether existing or not.
8753 * check all type of SA, because there is a potential that
8754 * one socket is registered to multiple type of SA.
8756 lck_mtx_lock(sadb_mutex
);
8757 key_delete_all_for_socket(so
);
8758 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
8759 LIST_FOREACH(reg
, ®tree
[i
], chain
) {
8761 && __LIST_CHAINED(reg
)) {
8762 LIST_REMOVE(reg
, chain
);
8768 lck_mtx_unlock(sadb_mutex
);
8773 * SADB_EXPIRE processing
8775 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
8777 * NOTE: We send only soft lifetime extension.
8780 * others : error number
8784 struct secasvar
*sav
)
8787 struct mbuf
*result
= NULL
, *m
;
8790 struct sadb_lifetime
*lt
;
8792 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
8796 panic("key_expire: NULL pointer is passed.\n");
8797 if (sav
->sah
== NULL
)
8798 panic("key_expire: Why was SA index in SA NULL.\n");
8799 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
8800 panic("key_expire: invalid proto is passed.\n");
8802 /* set msg header */
8803 m
= key_setsadbmsg(SADB_EXPIRE
, 0, satype
, sav
->seq
, 0, sav
->refcnt
);
8810 /* create SA extension */
8811 m
= key_setsadbsa(sav
);
8818 /* create SA extension */
8819 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
8820 sav
->replay
? sav
->replay
->count
: 0,
8821 sav
->sah
->saidx
.reqid
,
8829 /* create lifetime extension (current and soft) */
8830 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
8831 m
= key_alloc_mbuf(len
);
8832 if (!m
|| m
->m_next
) { /*XXX*/
8838 bzero(mtod(m
, caddr_t
), len
);
8839 lt
= mtod(m
, struct sadb_lifetime
*);
8840 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
8841 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
8842 lt
->sadb_lifetime_allocations
= sav
->lft_c
->sadb_lifetime_allocations
;
8843 lt
->sadb_lifetime_bytes
= sav
->lft_c
->sadb_lifetime_bytes
;
8844 lt
->sadb_lifetime_addtime
= sav
->lft_c
->sadb_lifetime_addtime
;
8845 lt
->sadb_lifetime_usetime
= sav
->lft_c
->sadb_lifetime_usetime
;
8846 lt
= (struct sadb_lifetime
*)(void *)(mtod(m
, caddr_t
) + len
/ 2);
8847 bcopy(sav
->lft_s
, lt
, sizeof(*lt
));
8850 /* set sadb_address for source */
8851 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
8852 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
8853 FULLMASK
, IPSEC_ULPROTO_ANY
);
8860 /* set sadb_address for destination */
8861 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
8862 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
8863 FULLMASK
, IPSEC_ULPROTO_ANY
);
8870 if ((result
->m_flags
& M_PKTHDR
) == 0) {
8875 if (result
->m_len
< sizeof(struct sadb_msg
)) {
8876 result
= m_pullup(result
, sizeof(struct sadb_msg
));
8877 if (result
== NULL
) {
8883 result
->m_pkthdr
.len
= 0;
8884 for (m
= result
; m
; m
= m
->m_next
)
8885 result
->m_pkthdr
.len
+= m
->m_len
;
8887 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
8888 PFKEY_UNIT64(result
->m_pkthdr
.len
);
8890 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
8899 * SADB_FLUSH processing
8902 * from the ikmpd, and free all entries in secastree.
8906 * NOTE: to do is only marking SADB_SASTATE_DEAD.
8908 * m will always be freed.
8914 const struct sadb_msghdr
*mhp
)
8916 struct sadb_msg
*newmsg
;
8917 struct secashead
*sah
, *nextsah
;
8918 struct secasvar
*sav
, *nextsav
;
8924 if (so
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
8925 panic("key_flush: NULL pointer is passed.\n");
8927 /* map satype to proto */
8928 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
8929 ipseclog((LOG_DEBUG
, "key_flush: invalid satype is passed.\n"));
8930 return key_senderror(so
, m
, EINVAL
);
8933 lck_mtx_lock(sadb_mutex
);
8935 /* no SATYPE specified, i.e. flushing all SA. */
8936 for (sah
= LIST_FIRST(&sahtree
);
8939 nextsah
= LIST_NEXT(sah
, chain
);
8941 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
8942 && proto
!= sah
->saidx
.proto
)
8946 stateidx
< _ARRAYLEN(saorder_state_alive
);
8948 state
= saorder_state_any
[stateidx
];
8949 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
8953 nextsav
= LIST_NEXT(sav
, chain
);
8955 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
8956 key_freesav(sav
, KEY_SADB_LOCKED
);
8960 sah
->state
= SADB_SASTATE_DEAD
;
8962 lck_mtx_unlock(sadb_mutex
);
8964 if (m
->m_len
< sizeof(struct sadb_msg
) ||
8965 sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
8966 ipseclog((LOG_DEBUG
, "key_flush: No more memory.\n"));
8967 return key_senderror(so
, m
, ENOBUFS
);
8973 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct sadb_msg
);
8974 newmsg
= mtod(m
, struct sadb_msg
*);
8975 newmsg
->sadb_msg_errno
= 0;
8976 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
8978 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
8982 * SADB_DUMP processing
8983 * dump all entries including status of DEAD in SAD.
8986 * from the ikmpd, and dump all secasvar leaves
8991 * m will always be freed.
8994 struct sav_dump_elem
{
8995 struct secasvar
*sav
;
9003 const struct sadb_msghdr
*mhp
)
9005 struct secashead
*sah
;
9006 struct secasvar
*sav
;
9007 struct sav_dump_elem
*savbuf
= NULL
, *elem_ptr
;
9012 int cnt
= 0, cnt2
, bufcount
;
9016 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9019 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
9020 panic("key_dump: NULL pointer is passed.\n");
9022 /* map satype to proto */
9023 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
9024 ipseclog((LOG_DEBUG
, "key_dump: invalid satype is passed.\n"));
9025 return key_senderror(so
, m
, EINVAL
);
9028 if ((bufcount
= ipsec_sav_count
) <= 0) {
9032 bufcount
+= 512; /* extra */
9033 KMALLOC_WAIT(savbuf
, struct sav_dump_elem
*, bufcount
* sizeof(struct sav_dump_elem
));
9034 if (savbuf
== NULL
) {
9035 ipseclog((LOG_DEBUG
, "key_dump: No more memory.\n"));
9040 /* count sav entries to be sent to the userland. */
9041 lck_mtx_lock(sadb_mutex
);
9043 LIST_FOREACH(sah
, &sahtree
, chain
) {
9044 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
9045 && proto
!= sah
->saidx
.proto
)
9048 /* map proto to satype */
9049 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
9050 lck_mtx_unlock(sadb_mutex
);
9051 ipseclog((LOG_DEBUG
, "key_dump: there was invalid proto in SAD.\n"));
9057 stateidx
< _ARRAYLEN(saorder_state_any
);
9059 state
= saorder_state_any
[stateidx
];
9060 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
9061 if (cnt
== bufcount
)
9062 break; /* out of buffer space */
9063 elem_ptr
->sav
= sav
;
9064 elem_ptr
->satype
= satype
;
9071 lck_mtx_unlock(sadb_mutex
);
9078 /* send this to the userland, one at a time. */
9082 n
= key_setdumpsa(elem_ptr
->sav
, SADB_DUMP
, elem_ptr
->satype
,
9083 --cnt2
, mhp
->msg
->sadb_msg_pid
);
9090 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
9098 lck_mtx_lock(sadb_mutex
);
9100 key_freesav((elem_ptr
++)->sav
, KEY_SADB_LOCKED
);
9101 lck_mtx_unlock(sadb_mutex
);
9107 return key_senderror(so
, m
, error
);
9114 * SADB_X_PROMISC processing
9116 * m will always be freed.
9122 const struct sadb_msghdr
*mhp
)
9127 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
9128 panic("key_promisc: NULL pointer is passed.\n");
9130 olen
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
9132 if (olen
< sizeof(struct sadb_msg
)) {
9134 return key_senderror(so
, m
, EINVAL
);
9139 } else if (olen
== sizeof(struct sadb_msg
)) {
9140 /* enable/disable promisc mode */
9144 if ((kp
= (struct keycb
*)sotorawcb(so
)) == NULL
)
9145 return key_senderror(so
, m
, EINVAL
);
9146 mhp
->msg
->sadb_msg_errno
= 0;
9147 switch (mhp
->msg
->sadb_msg_satype
) {
9150 kp
->kp_promisc
= mhp
->msg
->sadb_msg_satype
;
9153 socket_unlock(so
, 1);
9154 return key_senderror(so
, m
, EINVAL
);
9156 socket_unlock(so
, 1);
9158 /* send the original message back to everyone */
9159 mhp
->msg
->sadb_msg_errno
= 0;
9160 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
9162 /* send packet as is */
9164 m_adj(m
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)));
9166 /* TODO: if sadb_msg_seq is specified, send to specific pid */
9167 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
9171 static int (*key_typesw
[])(struct socket
*, struct mbuf
*,
9172 const struct sadb_msghdr
*) = {
9173 NULL
, /* SADB_RESERVED */
9174 key_getspi
, /* SADB_GETSPI */
9175 key_update
, /* SADB_UPDATE */
9176 key_add
, /* SADB_ADD */
9177 key_delete
, /* SADB_DELETE */
9178 key_get
, /* SADB_GET */
9179 key_acquire2
, /* SADB_ACQUIRE */
9180 key_register
, /* SADB_REGISTER */
9181 NULL
, /* SADB_EXPIRE */
9182 key_flush
, /* SADB_FLUSH */
9183 key_dump
, /* SADB_DUMP */
9184 key_promisc
, /* SADB_X_PROMISC */
9185 NULL
, /* SADB_X_PCHANGE */
9186 key_spdadd
, /* SADB_X_SPDUPDATE */
9187 key_spdadd
, /* SADB_X_SPDADD */
9188 key_spddelete
, /* SADB_X_SPDDELETE */
9189 key_spdget
, /* SADB_X_SPDGET */
9190 NULL
, /* SADB_X_SPDACQUIRE */
9191 key_spddump
, /* SADB_X_SPDDUMP */
9192 key_spdflush
, /* SADB_X_SPDFLUSH */
9193 key_spdadd
, /* SADB_X_SPDSETIDX */
9194 NULL
, /* SADB_X_SPDEXPIRE */
9195 key_spddelete2
, /* SADB_X_SPDDELETE2 */
9196 key_getsastat
, /* SADB_GETSASTAT */
9197 key_spdenable
, /* SADB_X_SPDENABLE */
9198 key_spddisable
, /* SADB_X_SPDDISABLE */
9199 key_migrate
, /* SADB_MIGRATE */
9203 bzero_mbuf(struct mbuf
*m
)
9205 struct mbuf
*mptr
= m
;
9206 struct sadb_msg
*msg
= NULL
;
9213 if (mptr
->m_len
>= sizeof(struct sadb_msg
)) {
9214 msg
= mtod(mptr
, struct sadb_msg
*);
9215 if (msg
->sadb_msg_type
!= SADB_ADD
&&
9216 msg
->sadb_msg_type
!= SADB_UPDATE
) {
9219 offset
= sizeof(struct sadb_msg
);
9221 bzero(mptr
->m_data
+offset
, mptr
->m_len
-offset
);
9222 mptr
= mptr
->m_next
;
9223 while (mptr
!= NULL
) {
9224 bzero(mptr
->m_data
, mptr
->m_len
);
9225 mptr
= mptr
->m_next
;
9230 bzero_keys(const struct sadb_msghdr
*mh
)
9238 offset
= sizeof(struct sadb_key
);
9240 if (mh
->ext
[SADB_EXT_KEY_ENCRYPT
]) {
9241 struct sadb_key
*key
= (struct sadb_key
*)mh
->ext
[SADB_EXT_KEY_ENCRYPT
];
9242 extlen
= key
->sadb_key_bits
>> 3;
9244 if (mh
->extlen
[SADB_EXT_KEY_ENCRYPT
] >= offset
+ extlen
) {
9245 bzero((uint8_t *)mh
->ext
[SADB_EXT_KEY_ENCRYPT
]+offset
, extlen
);
9247 bzero(mh
->ext
[SADB_EXT_KEY_ENCRYPT
], mh
->extlen
[SADB_EXT_KEY_ENCRYPT
]);
9250 if (mh
->ext
[SADB_EXT_KEY_AUTH
]) {
9251 struct sadb_key
*key
= (struct sadb_key
*)mh
->ext
[SADB_EXT_KEY_AUTH
];
9252 extlen
= key
->sadb_key_bits
>> 3;
9254 if (mh
->extlen
[SADB_EXT_KEY_AUTH
] >= offset
+ extlen
) {
9255 bzero((uint8_t *)mh
->ext
[SADB_EXT_KEY_AUTH
]+offset
, extlen
);
9257 bzero(mh
->ext
[SADB_EXT_KEY_AUTH
], mh
->extlen
[SADB_EXT_KEY_AUTH
]);
9263 * parse sadb_msg buffer to process PFKEYv2,
9264 * and create a data to response if needed.
9265 * I think to be dealed with mbuf directly.
9267 * msgp : pointer to pointer to a received buffer pulluped.
9268 * This is rewrited to response.
9269 * so : pointer to socket.
9271 * length for buffer to send to user process.
9278 struct sadb_msg
*msg
;
9279 struct sadb_msghdr mh
;
9283 Boolean keyAligned
= FALSE
;
9285 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9288 if (m
== NULL
|| so
== NULL
)
9289 panic("key_parse: NULL pointer is passed.\n");
9291 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
9292 KEYDEBUG(KEYDEBUG_KEY_DUMP
,
9293 ipseclog((LOG_DEBUG
, "key_parse: passed sadb_msg\n"));
9297 if (m
->m_len
< sizeof(struct sadb_msg
)) {
9298 m
= m_pullup(m
, sizeof(struct sadb_msg
));
9302 msg
= mtod(m
, struct sadb_msg
*);
9303 orglen
= PFKEY_UNUNIT64(msg
->sadb_msg_len
);
9304 target
= KEY_SENDUP_ONE
;
9306 if ((m
->m_flags
& M_PKTHDR
) == 0 ||
9307 m
->m_pkthdr
.len
!= m
->m_pkthdr
.len
) {
9308 ipseclog((LOG_DEBUG
, "key_parse: invalid message length.\n"));
9309 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9314 if (msg
->sadb_msg_version
!= PF_KEY_V2
) {
9315 ipseclog((LOG_DEBUG
,
9316 "key_parse: PF_KEY version %u is mismatched.\n",
9317 msg
->sadb_msg_version
));
9318 PFKEY_STAT_INCREMENT(pfkeystat
.out_invver
);
9323 if (msg
->sadb_msg_type
> SADB_MAX
) {
9324 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
9325 msg
->sadb_msg_type
));
9326 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
9331 /* for old-fashioned code - should be nuked */
9332 if (m
->m_pkthdr
.len
> MCLBYTES
) {
9339 MGETHDR(n
, M_WAITOK
, MT_DATA
);
9340 if (n
&& m
->m_pkthdr
.len
> MHLEN
) {
9341 MCLGET(n
, M_WAITOK
);
9342 if ((n
->m_flags
& M_EXT
) == 0) {
9352 m_copydata(m
, 0, m
->m_pkthdr
.len
, mtod(n
, caddr_t
));
9353 n
->m_pkthdr
.len
= n
->m_len
= m
->m_pkthdr
.len
;
9360 /* align the mbuf chain so that extensions are in contiguous region. */
9361 error
= key_align(m
, &mh
);
9365 if (m
->m_next
) { /*XXX*/
9375 switch (msg
->sadb_msg_satype
) {
9376 case SADB_SATYPE_UNSPEC
:
9377 switch (msg
->sadb_msg_type
) {
9385 ipseclog((LOG_DEBUG
, "key_parse: must specify satype "
9386 "when msg type=%u.\n", msg
->sadb_msg_type
));
9387 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9392 case SADB_SATYPE_AH
:
9393 case SADB_SATYPE_ESP
:
9394 case SADB_X_SATYPE_IPCOMP
:
9395 switch (msg
->sadb_msg_type
) {
9397 case SADB_X_SPDDELETE
:
9399 case SADB_X_SPDDUMP
:
9400 case SADB_X_SPDFLUSH
:
9401 case SADB_X_SPDSETIDX
:
9402 case SADB_X_SPDUPDATE
:
9403 case SADB_X_SPDDELETE2
:
9404 case SADB_X_SPDENABLE
:
9405 case SADB_X_SPDDISABLE
:
9406 ipseclog((LOG_DEBUG
, "key_parse: illegal satype=%u\n",
9407 msg
->sadb_msg_type
));
9408 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9413 case SADB_SATYPE_RSVP
:
9414 case SADB_SATYPE_OSPFV2
:
9415 case SADB_SATYPE_RIPV2
:
9416 case SADB_SATYPE_MIP
:
9417 ipseclog((LOG_DEBUG
, "key_parse: type %u isn't supported.\n",
9418 msg
->sadb_msg_satype
));
9419 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9422 case 1: /* XXX: What does it do? */
9423 if (msg
->sadb_msg_type
== SADB_X_PROMISC
)
9427 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
9428 msg
->sadb_msg_satype
));
9429 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
9434 /* check field of upper layer protocol and address family */
9435 if (mh
.ext
[SADB_EXT_ADDRESS_SRC
] != NULL
9436 && mh
.ext
[SADB_EXT_ADDRESS_DST
] != NULL
) {
9437 struct sadb_address
*src0
, *dst0
;
9440 src0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_SRC
]);
9441 dst0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_DST
]);
9443 /* check upper layer protocol */
9444 if (src0
->sadb_address_proto
!= dst0
->sadb_address_proto
) {
9445 ipseclog((LOG_DEBUG
, "key_parse: upper layer protocol mismatched.\n"));
9446 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9452 if (PFKEY_ADDR_SADDR(src0
)->sa_family
!=
9453 PFKEY_ADDR_SADDR(dst0
)->sa_family
) {
9454 ipseclog((LOG_DEBUG
, "key_parse: address family mismatched.\n"));
9455 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9459 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9460 PFKEY_ADDR_SADDR(dst0
)->sa_len
) {
9461 ipseclog((LOG_DEBUG
,
9462 "key_parse: address struct size mismatched.\n"));
9463 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9468 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
9470 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9471 sizeof(struct sockaddr_in
)) {
9472 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9478 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
9479 sizeof(struct sockaddr_in6
)) {
9480 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9486 ipseclog((LOG_DEBUG
,
9487 "key_parse: unsupported address family.\n"));
9488 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9489 error
= EAFNOSUPPORT
;
9493 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
9495 plen
= sizeof(struct in_addr
) << 3;
9498 plen
= sizeof(struct in6_addr
) << 3;
9501 plen
= 0; /*fool gcc*/
9505 /* check max prefix length */
9506 if (src0
->sadb_address_prefixlen
> plen
||
9507 dst0
->sadb_address_prefixlen
> plen
) {
9508 ipseclog((LOG_DEBUG
,
9509 "key_parse: illegal prefixlen.\n"));
9510 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
9516 * prefixlen == 0 is valid because there can be a case when
9517 * all addresses are matched.
9521 if (msg
->sadb_msg_type
>= sizeof(key_typesw
)/sizeof(key_typesw
[0]) ||
9522 key_typesw
[msg
->sadb_msg_type
] == NULL
) {
9523 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
9528 error
= (*key_typesw
[msg
->sadb_msg_type
])(so
, m
, &mh
);
9538 msg
->sadb_msg_errno
= error
;
9539 return key_sendup_mbuf(so
, m
, target
);
9548 struct sadb_msg
*msg
;
9550 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
9552 if (m
->m_len
< sizeof(struct sadb_msg
))
9553 panic("invalid mbuf passed to key_senderror");
9555 msg
= mtod(m
, struct sadb_msg
*);
9556 msg
->sadb_msg_errno
= code
;
9557 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
9561 * set the pointer to each header into message buffer.
9562 * m will be freed on error.
9563 * XXX larger-than-MCLBYTES extension?
9568 struct sadb_msghdr
*mhp
)
9571 struct sadb_ext
*ext
;
9577 if (m
== NULL
|| mhp
== NULL
)
9578 panic("key_align: NULL pointer is passed.\n");
9579 if (m
->m_len
< sizeof(struct sadb_msg
))
9580 panic("invalid mbuf passed to key_align");
9583 bzero(mhp
, sizeof(*mhp
));
9585 mhp
->msg
= mtod(m
, struct sadb_msg
*);
9586 mhp
->ext
[0] = (struct sadb_ext
*)mhp
->msg
; /*XXX backward compat */
9588 end
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
9589 extlen
= end
; /*just in case extlen is not updated*/
9590 for (off
= sizeof(struct sadb_msg
); off
< end
; off
+= extlen
) {
9591 n
= m_pulldown(m
, off
, sizeof(struct sadb_ext
), &toff
);
9593 /* m is already freed */
9596 ext
= (struct sadb_ext
*)(void *)(mtod(n
, caddr_t
) + toff
);
9599 switch (ext
->sadb_ext_type
) {
9601 case SADB_EXT_ADDRESS_SRC
:
9602 case SADB_EXT_ADDRESS_DST
:
9603 case SADB_EXT_ADDRESS_PROXY
:
9604 case SADB_EXT_LIFETIME_CURRENT
:
9605 case SADB_EXT_LIFETIME_HARD
:
9606 case SADB_EXT_LIFETIME_SOFT
:
9607 case SADB_EXT_KEY_AUTH
:
9608 case SADB_EXT_KEY_ENCRYPT
:
9609 case SADB_EXT_IDENTITY_SRC
:
9610 case SADB_EXT_IDENTITY_DST
:
9611 case SADB_EXT_SENSITIVITY
:
9612 case SADB_EXT_PROPOSAL
:
9613 case SADB_EXT_SUPPORTED_AUTH
:
9614 case SADB_EXT_SUPPORTED_ENCRYPT
:
9615 case SADB_EXT_SPIRANGE
:
9616 case SADB_X_EXT_POLICY
:
9617 case SADB_X_EXT_SA2
:
9618 case SADB_EXT_SESSION_ID
:
9619 case SADB_EXT_SASTAT
:
9620 case SADB_X_EXT_IPSECIF
:
9621 case SADB_X_EXT_ADDR_RANGE_SRC_START
:
9622 case SADB_X_EXT_ADDR_RANGE_SRC_END
:
9623 case SADB_X_EXT_ADDR_RANGE_DST_START
:
9624 case SADB_X_EXT_ADDR_RANGE_DST_END
:
9625 case SADB_EXT_MIGRATE_ADDRESS_SRC
:
9626 case SADB_EXT_MIGRATE_ADDRESS_DST
:
9627 case SADB_X_EXT_MIGRATE_IPSECIF
:
9628 /* duplicate check */
9630 * XXX Are there duplication payloads of either
9631 * KEY_AUTH or KEY_ENCRYPT ?
9633 if (mhp
->ext
[ext
->sadb_ext_type
] != NULL
) {
9634 ipseclog((LOG_DEBUG
,
9635 "key_align: duplicate ext_type %u "
9636 "is passed.\n", ext
->sadb_ext_type
));
9639 PFKEY_STAT_INCREMENT(pfkeystat
.out_dupext
);
9644 ipseclog((LOG_DEBUG
,
9645 "key_align: invalid ext_type %u is passed.\n",
9646 ext
->sadb_ext_type
));
9649 PFKEY_STAT_INCREMENT(pfkeystat
.out_invexttype
);
9653 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
9655 if (key_validate_ext(ext
, extlen
)) {
9658 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9662 n
= m_pulldown(m
, off
, extlen
, &toff
);
9664 /* m is already freed */
9667 ext
= (struct sadb_ext
*)(void *)(mtod(n
, caddr_t
) + toff
);
9669 mhp
->ext
[ext
->sadb_ext_type
] = ext
;
9670 mhp
->extoff
[ext
->sadb_ext_type
] = off
;
9671 mhp
->extlen
[ext
->sadb_ext_type
] = extlen
;
9677 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
9686 const struct sadb_ext
*ext
,
9689 struct sockaddr
*sa
;
9690 enum { NONE
, ADDR
} checktype
= NONE
;
9692 const int sal
= offsetof(struct sockaddr
, sa_len
) + sizeof(sa
->sa_len
);
9694 if (len
!= PFKEY_UNUNIT64(ext
->sadb_ext_len
))
9697 /* if it does not match minimum/maximum length, bail */
9698 if (ext
->sadb_ext_type
>= sizeof(minsize
) / sizeof(minsize
[0]) ||
9699 ext
->sadb_ext_type
>= sizeof(maxsize
) / sizeof(maxsize
[0]))
9701 if (!minsize
[ext
->sadb_ext_type
] || len
< minsize
[ext
->sadb_ext_type
])
9703 if (maxsize
[ext
->sadb_ext_type
] && len
> maxsize
[ext
->sadb_ext_type
])
9706 /* more checks based on sadb_ext_type XXX need more */
9707 switch (ext
->sadb_ext_type
) {
9708 case SADB_EXT_ADDRESS_SRC
:
9709 case SADB_EXT_ADDRESS_DST
:
9710 case SADB_EXT_ADDRESS_PROXY
:
9711 case SADB_X_EXT_ADDR_RANGE_SRC_START
:
9712 case SADB_X_EXT_ADDR_RANGE_SRC_END
:
9713 case SADB_X_EXT_ADDR_RANGE_DST_START
:
9714 case SADB_X_EXT_ADDR_RANGE_DST_END
:
9715 case SADB_EXT_MIGRATE_ADDRESS_SRC
:
9716 case SADB_EXT_MIGRATE_ADDRESS_DST
:
9717 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_address
));
9720 case SADB_EXT_IDENTITY_SRC
:
9721 case SADB_EXT_IDENTITY_DST
:
9722 if (((struct sadb_ident
*)(uintptr_t)(size_t)ext
)->
9723 sadb_ident_type
== SADB_X_IDENTTYPE_ADDR
) {
9724 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_ident
));
9734 switch (checktype
) {
9738 sa
= (struct sockaddr
*)((caddr_t
)(uintptr_t)ext
+ baselen
);
9740 if (len
< baselen
+ sal
)
9742 if (baselen
+ PFKEY_ALIGN8(sa
->sa_len
) != len
)
9751 * XXX: maybe This function is called after INBOUND IPsec processing.
9753 * Special check for tunnel-mode packets.
9754 * We must make some checks for consistency between inner and outer IP header.
9756 * xxx more checks to be provided
9759 key_checktunnelsanity(
9760 struct secasvar
*sav
,
9761 __unused u_int family
,
9762 __unused caddr_t src
,
9763 __unused caddr_t dst
)
9767 if (sav
->sah
== NULL
)
9768 panic("sav->sah == NULL at key_checktunnelsanity");
9770 /* XXX: check inner IP header */
9775 /* record data transfer on SA, and update timestamps */
9778 struct secasvar
*sav
,
9784 panic("key_sa_recordxfer called with sav == NULL");
9786 panic("key_sa_recordxfer called with m == NULL");
9790 lck_mtx_lock(sadb_mutex
);
9792 * XXX Currently, there is a difference of bytes size
9793 * between inbound and outbound processing.
9795 sav
->lft_c
->sadb_lifetime_bytes
+= m
->m_pkthdr
.len
;
9796 /* to check bytes lifetime is done in key_timehandler(). */
9799 * We use the number of packets as the unit of
9800 * sadb_lifetime_allocations. We increment the variable
9801 * whenever {esp,ah}_{in,out}put is called.
9803 sav
->lft_c
->sadb_lifetime_allocations
++;
9804 /* XXX check for expires? */
9807 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
9808 * in seconds. HARD and SOFT lifetime are measured by the time
9809 * difference (again in seconds) from sadb_lifetime_usetime.
9813 * -----+-----+--------+---> t
9814 * <--------------> HARD
9820 sav
->lft_c
->sadb_lifetime_usetime
= tv
.tv_sec
;
9821 /* XXX check for expires? */
9823 lck_mtx_unlock(sadb_mutex
);
9831 struct sockaddr
*dst
)
9833 struct secashead
*sah
;
9836 lck_mtx_lock(sadb_mutex
);
9837 LIST_FOREACH(sah
, &sahtree
, chain
) {
9838 ro
= &sah
->sa_route
;
9839 if (ro
->ro_rt
&& dst
->sa_len
== ro
->ro_dst
.sa_len
9840 && bcmp(dst
, &ro
->ro_dst
, dst
->sa_len
) == 0) {
9844 lck_mtx_unlock(sadb_mutex
);
9851 struct secasvar
*sav
,
9856 panic("key_sa_chgstate called with sav == NULL");
9858 if (sav
->state
== state
)
9861 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
9863 if (__LIST_CHAINED(sav
))
9864 LIST_REMOVE(sav
, chain
);
9867 LIST_INSERT_HEAD(&sav
->sah
->savtree
[state
], sav
, chain
);
9873 struct secasvar
*sav
)
9875 lck_mtx_lock(sadb_mutex
);
9877 panic("key_sa_stir_iv called with sav == NULL");
9878 key_randomfill(sav
->iv
, sav
->ivlen
);
9879 lck_mtx_unlock(sadb_mutex
);
9883 static struct mbuf
*
9887 struct mbuf
*m
= NULL
, *n
;
9892 MGET(n
, M_DONTWAIT
, MT_DATA
);
9893 if (n
&& len
> MLEN
)
9894 MCLGET(n
, M_DONTWAIT
);
9902 n
->m_len
= M_TRAILINGSPACE(n
);
9903 /* use the bottom of mbuf, hoping we can prepend afterwards */
9904 if (n
->m_len
> len
) {
9905 t
= (n
->m_len
- len
) & ~(sizeof(long) - 1);
9921 static struct mbuf
*
9922 key_setdumpsastats (u_int32_t dir
,
9923 struct sastat
*stats
,
9924 u_int32_t max_stats
,
9925 u_int64_t session_ids
[],
9929 struct mbuf
*result
= NULL
, *m
= NULL
;
9931 m
= key_setsadbmsg(SADB_GETSASTAT
, 0, 0, seq
, pid
, 0);
9937 m
= key_setsadbsession_id(session_ids
);
9943 m
= key_setsadbsastat(dir
,
9951 if ((result
->m_flags
& M_PKTHDR
) == 0) {
9955 if (result
->m_len
< sizeof(struct sadb_msg
)) {
9956 result
= m_pullup(result
, sizeof(struct sadb_msg
));
9957 if (result
== NULL
) {
9962 result
->m_pkthdr
.len
= 0;
9963 for (m
= result
; m
; m
= m
->m_next
) {
9964 result
->m_pkthdr
.len
+= m
->m_len
;
9967 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
9968 PFKEY_UNIT64(result
->m_pkthdr
.len
);
9980 * SADB_GETSASTAT processing
9981 * dump all stats for matching entries in SAD.
9983 * m will always be freed.
9987 key_getsastat (struct socket
*so
,
9989 const struct sadb_msghdr
*mhp
)
9991 struct sadb_session_id
*session_id
;
9992 u_int32_t bufsize
, arg_count
, res_count
;
9993 struct sadb_sastat
*sa_stats_arg
;
9994 struct sastat
*sa_stats_sav
= NULL
;
9999 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
10000 panic("%s: NULL pointer is passed.\n", __FUNCTION__
);
10002 if (mhp
->ext
[SADB_EXT_SESSION_ID
] == NULL
) {
10003 printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__
);
10004 return key_senderror(so
, m
, EINVAL
);
10006 if (mhp
->extlen
[SADB_EXT_SESSION_ID
] < sizeof(struct sadb_session_id
)) {
10007 printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__
);
10008 return key_senderror(so
, m
, EINVAL
);
10010 if (mhp
->ext
[SADB_EXT_SASTAT
] == NULL
) {
10011 printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__
);
10012 return key_senderror(so
, m
, EINVAL
);
10014 if (mhp
->extlen
[SADB_EXT_SASTAT
] < sizeof(*sa_stats_arg
)) {
10015 printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__
);
10016 return key_senderror(so
, m
, EINVAL
);
10019 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
10021 // exit early if there are no active SAs
10022 if (ipsec_sav_count
<= 0) {
10023 printf("%s: No active SAs.\n", __FUNCTION__
);
10027 bufsize
= (ipsec_sav_count
+ 1) * sizeof(*sa_stats_sav
);
10029 KMALLOC_WAIT(sa_stats_sav
, __typeof__(sa_stats_sav
), bufsize
);
10030 if (sa_stats_sav
== NULL
) {
10031 printf("%s: No more memory.\n", __FUNCTION__
);
10035 bzero(sa_stats_sav
, bufsize
);
10037 sa_stats_arg
= (__typeof__(sa_stats_arg
))
10038 (void *)mhp
->ext
[SADB_EXT_SASTAT
];
10039 arg_count
= sa_stats_arg
->sadb_sastat_list_len
;
10040 // exit early if there are no requested SAs
10041 if (arg_count
== 0) {
10042 printf("%s: No SAs requested.\n", __FUNCTION__
);
10048 if (key_getsastatbyspi((struct sastat
*)(sa_stats_arg
+ 1),
10052 printf("%s: Error finding SAs.\n", __FUNCTION__
);
10057 printf("%s: No SAs found.\n", __FUNCTION__
);
10062 session_id
= (__typeof__(session_id
))
10063 (void *)mhp
->ext
[SADB_EXT_SESSION_ID
];
10065 /* send this to the userland. */
10066 n
= key_setdumpsastats(sa_stats_arg
->sadb_sastat_dir
,
10069 session_id
->sadb_session_id_v
,
10070 mhp
->msg
->sadb_msg_seq
,
10071 mhp
->msg
->sadb_msg_pid
);
10073 printf("%s: No bufs to dump stats.\n", __FUNCTION__
);
10078 key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
10080 if (sa_stats_sav
) {
10081 KFREE(sa_stats_sav
);
10085 return key_senderror(so
, m
, error
);
10092 key_update_natt_keepalive_timestamp (struct secasvar
*sav_sent
,
10093 struct secasvar
*sav_update
)
10095 struct secasindex saidx_swap_sent_addr
;
10097 // exit early if two SAs are identical, or if sav_update is current
10098 if (sav_sent
== sav_update
||
10099 sav_update
->natt_last_activity
== natt_now
) {
10103 // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
10105 bzero(&saidx_swap_sent_addr
, sizeof(saidx_swap_sent_addr
));
10106 memcpy(&saidx_swap_sent_addr
.src
, &sav_sent
->sah
->saidx
.dst
, sizeof(saidx_swap_sent_addr
.src
));
10107 memcpy(&saidx_swap_sent_addr
.dst
, &sav_sent
->sah
->saidx
.src
, sizeof(saidx_swap_sent_addr
.dst
));
10108 saidx_swap_sent_addr
.proto
= sav_sent
->sah
->saidx
.proto
;
10109 saidx_swap_sent_addr
.mode
= sav_sent
->sah
->saidx
.mode
;
10110 // we ignore reqid for split-tunnel setups
10112 if (key_cmpsaidx(&sav_sent
->sah
->saidx
, &sav_update
->sah
->saidx
, CMP_MODE
| CMP_PORT
) ||
10113 key_cmpsaidx(&saidx_swap_sent_addr
, &sav_update
->sah
->saidx
, CMP_MODE
| CMP_PORT
)) {
10114 sav_update
->natt_last_activity
= natt_now
;
10119 key_send_delsp (struct secpolicy
*sp
)
10121 struct mbuf
*result
= NULL
, *m
;
10126 /* set msg header */
10127 m
= key_setsadbmsg(SADB_X_SPDDELETE
, 0, 0, 0, 0, 0);
10133 /* set sadb_address(es) for source */
10134 if (sp
->spidx
.src_range
.start
.ss_len
> 0) {
10135 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START
,
10136 (struct sockaddr
*)&sp
->spidx
.src_range
.start
, sp
->spidx
.prefs
,
10137 sp
->spidx
.ul_proto
);
10142 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END
,
10143 (struct sockaddr
*)&sp
->spidx
.src_range
.end
, sp
->spidx
.prefs
,
10144 sp
->spidx
.ul_proto
);
10149 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
10150 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
10151 sp
->spidx
.ul_proto
);
10157 /* set sadb_address(es) for destination */
10158 if (sp
->spidx
.dst_range
.start
.ss_len
> 0) {
10159 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START
,
10160 (struct sockaddr
*)&sp
->spidx
.dst_range
.start
, sp
->spidx
.prefd
,
10161 sp
->spidx
.ul_proto
);
10166 m
= key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END
,
10167 (struct sockaddr
*)&sp
->spidx
.dst_range
.end
, sp
->spidx
.prefd
,
10168 sp
->spidx
.ul_proto
);
10173 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
10174 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
10175 sp
->spidx
.ul_proto
);
10181 /* set secpolicy */
10182 m
= key_sp2msg(sp
);
10188 if ((result
->m_flags
& M_PKTHDR
) == 0) {
10192 if (result
->m_len
< sizeof(struct sadb_msg
)) {
10193 result
= m_pullup(result
, sizeof(struct sadb_msg
));
10194 if (result
== NULL
) {
10199 result
->m_pkthdr
.len
= 0;
10200 for (m
= result
; m
; m
= m
->m_next
)
10201 result
->m_pkthdr
.len
+= m
->m_len
;
10203 mtod(result
, struct sadb_msg
*)->sadb_msg_len
= PFKEY_UNIT64(result
->m_pkthdr
.len
);
10205 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
10214 key_delsp_for_ipsec_if (ifnet_t ipsec_if
)
10216 struct secashead
*sah
;
10217 struct secasvar
*sav
, *nextsav
;
10220 struct secpolicy
*sp
, *nextsp
;
10223 if (ipsec_if
== NULL
)
10226 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
10228 lck_mtx_lock(sadb_mutex
);
10230 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
10231 for (sp
= LIST_FIRST(&sptree
[dir
]);
10235 nextsp
= LIST_NEXT(sp
, chain
);
10237 if (sp
->ipsec_if
== ipsec_if
) {
10238 ifnet_release(sp
->ipsec_if
);
10239 sp
->ipsec_if
= NULL
;
10241 key_send_delsp(sp
);
10243 sp
->state
= IPSEC_SPSTATE_DEAD
;
10244 key_freesp(sp
, KEY_SADB_LOCKED
);
10249 LIST_FOREACH(sah
, &sahtree
, chain
) {
10250 if (sah
->ipsec_if
== ipsec_if
) {
10251 /* This SAH is linked to the IPSec interface. It now needs to close. */
10252 ifnet_release(sah
->ipsec_if
);
10253 sah
->ipsec_if
= NULL
;
10255 for (stateidx
= 0; stateidx
< _ARRAYLEN(saorder_state_alive
); stateidx
++) {
10256 state
= saorder_state_any
[stateidx
];
10257 for (sav
= LIST_FIRST(&sah
->savtree
[state
]); sav
!= NULL
; sav
= nextsav
) {
10258 nextsav
= LIST_NEXT(sav
, chain
);
10260 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
10261 key_freesav(sav
, KEY_SADB_LOCKED
);
10265 sah
->state
= SADB_SASTATE_DEAD
;
10269 lck_mtx_unlock(sadb_mutex
);
10272 __private_extern__ u_int32_t
10273 key_fill_offload_frames_for_savs (ifnet_t ifp
,
10274 struct ifnet_keepalive_offload_frame
*frames_array
,
10275 u_int32_t frames_array_count
,
10276 size_t frame_data_offset
)
10278 struct secashead
*sah
= NULL
;
10279 struct secasvar
*sav
= NULL
;
10280 struct ifnet_keepalive_offload_frame
*frame
= frames_array
;
10281 u_int32_t frame_index
= 0;
10283 if (frame
== NULL
|| frames_array_count
== 0) {
10284 return (frame_index
);
10287 lck_mtx_lock(sadb_mutex
);
10288 LIST_FOREACH(sah
, &sahtree
, chain
) {
10289 LIST_FOREACH(sav
, &sah
->savtree
[SADB_SASTATE_MATURE
], chain
) {
10290 if (ipsec_fill_offload_frame(ifp
, sav
, frame
, frame_data_offset
)) {
10292 if (frame_index
>= frames_array_count
) {
10293 lck_mtx_unlock(sadb_mutex
);
10294 return (frame_index
);
10296 frame
= &(frames_array
[frame_index
]);
10300 lck_mtx_unlock(sadb_mutex
);
10302 return (frame_index
);