]> git.saurik.com Git - apple/xnu.git/blob - bsd/netkey/keysock.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-4570.31.3.tar.gz
[apple/xnu.git] / bsd / netkey / keysock.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
30
31 /*
32 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. Neither the name of the project nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
60 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
61
62 #include <sys/types.h>
63 #include <sys/param.h>
64 #include <sys/systm.h>
65 #include <sys/kernel.h>
66 #include <sys/sysctl.h>
67 #include <sys/mbuf.h>
68 #include <sys/mcache.h>
69 #include <sys/malloc.h>
70 #include <sys/socket.h>
71 #include <sys/socketvar.h>
72 #include <sys/domain.h>
73 #include <sys/protosw.h>
74 #include <sys/errno.h>
75
76 #include <kern/locks.h>
77
78 #include <net/raw_cb.h>
79 #include <net/route.h>
80
81 #include <net/pfkeyv2.h>
82 #include <netkey/keydb.h>
83 #include <netkey/key.h>
84 #include <netkey/keysock.h>
85 #include <netkey/key_debug.h>
86
87 extern lck_mtx_t *raw_mtx;
88 extern void key_init(struct protosw *, struct domain *);
89
90 struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
91 struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
92
93 static void key_dinit(struct domain *);
94 static int key_sendup0(struct rawcb *, struct mbuf *, int);
95
96 struct pfkeystat pfkeystat;
97
98 static struct domain *keydomain = NULL;
99
100 extern lck_mtx_t *pfkey_stat_mutex;
101
102 /*
103 * key_output()
104 */
105 int
106 #ifdef __APPLE__
107 /* No variable argument support? */
108 key_output(struct mbuf *m, struct socket *so)
109 #else
110 #if __STDC__
111 key_output(struct mbuf *m, ...)
112 #else
113 key_output(m, va_alist)
114 struct mbuf *m;
115 va_dcl
116 #endif
117 #endif
118 {
119 struct sadb_msg *msg;
120 int len, error = 0;
121 #ifndef __APPLE__
122 struct socket *so;
123 va_list ap;
124
125 va_start(ap, m);
126 so = va_arg(ap, struct socket *);
127 va_end(ap);
128 #endif
129
130 if (m == 0)
131 panic("key_output: NULL pointer was passed.\n");
132
133 socket_unlock(so, 0);
134 lck_mtx_lock(pfkey_stat_mutex);
135 pfkeystat.out_total++;
136 pfkeystat.out_bytes += m->m_pkthdr.len;
137 lck_mtx_unlock(pfkey_stat_mutex);
138
139 len = m->m_pkthdr.len;
140 if (len < sizeof(struct sadb_msg)) {
141 #if IPSEC_DEBUG
142 printf("key_output: Invalid message length.\n");
143 #endif
144 PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
145 error = EINVAL;
146 goto end;
147 }
148
149 if (m->m_len < sizeof(struct sadb_msg)) {
150 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
151 #if IPSEC_DEBUG
152 printf("key_output: can't pullup mbuf\n");
153 #endif
154 PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
155 error = ENOBUFS;
156 goto end;
157 }
158 }
159
160 if ((m->m_flags & M_PKTHDR) == 0)
161 panic("key_output: not M_PKTHDR ??");
162
163 #if IPSEC_DEBUG
164 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
165 #endif /* defined(IPSEC_DEBUG) */
166
167 msg = mtod(m, struct sadb_msg *);
168 PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
169 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
170 #if IPSEC_DEBUG
171 printf("key_output: Invalid message length.\n");
172 #endif
173 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
174 error = EINVAL;
175 goto end;
176 }
177
178 error = key_parse(m, so);
179 m = NULL;
180
181 end:
182 if (m)
183 m_freem(m);
184 socket_lock(so, 0);
185 return error;
186 }
187
188 /*
189 * send message to the socket.
190 */
191 static int
192 key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
193 {
194 int error;
195
196 if (promisc) {
197 struct sadb_msg *pmsg;
198
199 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
200 if (m && m->m_len < sizeof(struct sadb_msg))
201 m = m_pullup(m, sizeof(struct sadb_msg));
202 if (!m) {
203 #if IPSEC_DEBUG
204 printf("key_sendup0: cannot pullup\n");
205 #endif
206 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
207 m_freem(m);
208 return ENOBUFS;
209 }
210 m->m_pkthdr.len += sizeof(*pmsg);
211
212 pmsg = mtod(m, struct sadb_msg *);
213 bzero(pmsg, sizeof(*pmsg));
214 pmsg->sadb_msg_version = PF_KEY_V2;
215 pmsg->sadb_msg_type = SADB_X_PROMISC;
216 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
217 /* pid and seq? */
218
219 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
220 }
221
222 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
223 m, NULL, &error)) {
224 #if IPSEC_DEBUG
225 printf("key_sendup0: sbappendaddr failed\n");
226 #endif
227 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
228 }
229 else {
230 sorwakeup(rp->rcb_socket);
231 }
232 return error;
233 }
234
235
236 /* so can be NULL if target != KEY_SENDUP_ONE */
237 int
238 key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
239 {
240 struct mbuf *n;
241 struct keycb *kp;
242 int sendup;
243 struct rawcb *rp;
244 int error = 0;
245
246 if (m == NULL)
247 panic("key_sendup_mbuf: NULL pointer was passed.\n");
248 if (so == NULL && target == KEY_SENDUP_ONE)
249 panic("key_sendup_mbuf: NULL pointer was passed.\n");
250
251 lck_mtx_lock(pfkey_stat_mutex);
252 pfkeystat.in_total++;
253 pfkeystat.in_bytes += m->m_pkthdr.len;
254 lck_mtx_unlock(pfkey_stat_mutex);
255 if (m->m_len < sizeof(struct sadb_msg)) {
256 #if 1
257 m = m_pullup(m, sizeof(struct sadb_msg));
258 if (m == NULL) {
259 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
260 return ENOBUFS;
261 }
262 #else
263 /* don't bother pulling it up just for stats */
264 #endif
265 }
266 if (m->m_len >= sizeof(struct sadb_msg)) {
267 struct sadb_msg *msg;
268 msg = mtod(m, struct sadb_msg *);
269 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
270 }
271
272 lck_mtx_lock(raw_mtx);
273 LIST_FOREACH(rp, &rawcb_list, list)
274 {
275 if (rp->rcb_proto.sp_family != PF_KEY)
276 continue;
277 if (rp->rcb_proto.sp_protocol
278 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
279 continue;
280 }
281
282 kp = (struct keycb *)rp;
283
284 socket_lock(rp->rcb_socket, 1);
285 /*
286 * If you are in promiscuous mode, and when you get broadcasted
287 * reply, you'll get two PF_KEY messages.
288 * (based on pf_key@inner.net message on 14 Oct 1998)
289 */
290 if (((struct keycb *)rp)->kp_promisc) {
291 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
292 (void)key_sendup0(rp, n, 1);
293 n = NULL;
294 }
295 }
296
297 /* the exact target will be processed later */
298 if (so && sotorawcb(so) == rp) {
299 socket_unlock(rp->rcb_socket, 1);
300 continue;
301 }
302
303 sendup = 0;
304 switch (target) {
305 case KEY_SENDUP_ONE:
306 /* the statement has no effect */
307 break;
308 case KEY_SENDUP_ALL:
309 sendup++;
310 break;
311 case KEY_SENDUP_REGISTERED:
312 if (kp->kp_registered)
313 sendup++;
314 break;
315 }
316 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
317
318 if (!sendup) {
319 socket_unlock(rp->rcb_socket, 1);
320 continue;
321 }
322 else
323 sendup = 0; // clear for next iteration
324
325 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
326 #if IPSEC_DEBUG
327 printf("key_sendup: m_copy fail\n");
328 #endif
329 m_freem(m);
330 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
331 socket_unlock(rp->rcb_socket, 1);
332 lck_mtx_unlock(raw_mtx);
333 return ENOBUFS;
334 }
335
336 /*
337 * ignore error even if queue is full. PF_KEY does not
338 * guarantee the delivery of the message.
339 * this is important when target == KEY_SENDUP_ALL.
340 */
341 key_sendup0(rp, n, 0);
342 socket_unlock(rp->rcb_socket, 1);
343 n = NULL;
344 }
345
346 lck_mtx_unlock(raw_mtx);
347 if (so) {
348 socket_lock(so, 1);
349 error = key_sendup0(sotorawcb(so), m, 0);
350 socket_unlock(so, 1);
351 m = NULL;
352 } else {
353 error = 0;
354 m_freem(m);
355 }
356 return error;
357 }
358
359 /*
360 * key_abort()
361 * derived from net/rtsock.c:rts_abort()
362 */
363 static int
364 key_abort(struct socket *so)
365 {
366 int error;
367 error = raw_usrreqs.pru_abort(so);
368 return error;
369 }
370
371 /*
372 * key_attach()
373 * derived from net/rtsock.c:rts_attach()
374 */
375 static int
376 key_attach(struct socket *so, int proto, struct proc *p)
377 {
378 struct keycb *kp;
379 int error;
380
381 if (sotorawcb(so) != 0)
382 return EISCONN; /* XXX panic? */
383 kp = (struct keycb *)_MALLOC(sizeof (*kp), M_PCB,
384 M_WAITOK | M_ZERO); /* XXX */
385 if (kp == 0)
386 return ENOBUFS;
387
388 so->so_pcb = (caddr_t)kp;
389 kp->kp_promisc = kp->kp_registered = 0;
390 kp->kp_raw.rcb_laddr = &key_src;
391 kp->kp_raw.rcb_faddr = &key_dst;
392
393 error = raw_usrreqs.pru_attach(so, proto, p);
394 kp = (struct keycb *)sotorawcb(so);
395 if (error) {
396 _FREE(kp, M_PCB);
397 so->so_pcb = (caddr_t) 0;
398 so->so_flags |= SOF_PCBCLEARING;
399 printf("key_usrreq: key_usrreq results %d\n", error);
400 return error;
401 }
402
403 /* so is already locked when calling key_attach */
404 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
405 key_cb.key_count++;
406 key_cb.any_count++;
407 soisconnected(so);
408 so->so_options |= SO_USELOOPBACK;
409
410 return 0;
411 }
412
413 /*
414 * key_bind()
415 * derived from net/rtsock.c:rts_bind()
416 */
417 static int
418 key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
419 {
420 int error;
421 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
422 return error;
423 }
424
425 /*
426 * key_connect()
427 * derived from net/rtsock.c:rts_connect()
428 */
429 static int
430 key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
431 {
432 int error;
433 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
434 return error;
435 }
436
437 /*
438 * key_detach()
439 * derived from net/rtsock.c:rts_detach()
440 */
441 static int
442 key_detach(struct socket *so)
443 {
444 struct keycb *kp = (struct keycb *)sotorawcb(so);
445 int error;
446
447 if (kp != 0) {
448 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
449 key_cb.key_count--;
450 key_cb.any_count--;
451 socket_unlock(so, 0);
452 key_freereg(so);
453 socket_lock(so, 0);
454 }
455 error = raw_usrreqs.pru_detach(so);
456 return error;
457 }
458
459 /*
460 * key_disconnect()
461 * derived from net/rtsock.c:key_disconnect()
462 */
463 static int
464 key_disconnect(struct socket *so)
465 {
466 int error;
467 error = raw_usrreqs.pru_disconnect(so);
468 return error;
469 }
470
471 /*
472 * key_peeraddr()
473 * derived from net/rtsock.c:rts_peeraddr()
474 */
475 static int
476 key_peeraddr(struct socket *so, struct sockaddr **nam)
477 {
478 int error;
479 error = raw_usrreqs.pru_peeraddr(so, nam);
480 return error;
481 }
482
483 /*
484 * key_send()
485 * derived from net/rtsock.c:rts_send()
486 */
487 static int
488 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
489 struct mbuf *control, struct proc *p)
490 {
491 int error;
492 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
493 return error;
494 }
495
496 /*
497 * key_shutdown()
498 * derived from net/rtsock.c:rts_shutdown()
499 */
500 static int
501 key_shutdown(struct socket *so)
502 {
503 int error;
504 error = raw_usrreqs.pru_shutdown(so);
505 return error;
506 }
507
508 /*
509 * key_sockaddr()
510 * derived from net/rtsock.c:rts_sockaddr()
511 */
512 static int
513 key_sockaddr(struct socket *so, struct sockaddr **nam)
514 {
515 int error;
516 error = raw_usrreqs.pru_sockaddr(so, nam);
517 return error;
518 }
519
520 static struct pr_usrreqs key_usrreqs = {
521 .pru_abort = key_abort,
522 .pru_attach = key_attach,
523 .pru_bind = key_bind,
524 .pru_connect = key_connect,
525 .pru_detach = key_detach,
526 .pru_disconnect = key_disconnect,
527 .pru_peeraddr = key_peeraddr,
528 .pru_send = key_send,
529 .pru_shutdown = key_shutdown,
530 .pru_sockaddr = key_sockaddr,
531 .pru_sosend = sosend,
532 .pru_soreceive = soreceive,
533 };
534
535 /* sysctl */
536 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Key Family");
537
538 /*
539 * Definitions of protocols supported in the KEY domain.
540 */
541
542 extern struct domain keydomain_s;
543
544 static struct protosw keysw[] = {
545 {
546 .pr_type = SOCK_RAW,
547 .pr_protocol = PF_KEY_V2,
548 .pr_flags = PR_ATOMIC|PR_ADDR,
549 .pr_output = key_output,
550 .pr_ctlinput = raw_ctlinput,
551 .pr_init = key_init,
552 .pr_usrreqs = &key_usrreqs,
553 }
554 };
555
556 static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));
557
558 struct domain keydomain_s = {
559 .dom_family = PF_KEY,
560 .dom_name = "key",
561 .dom_init = key_dinit,
562 .dom_maxrtkey = sizeof (struct key_cb),
563 };
564
565 static void
566 key_dinit(struct domain *dp)
567 {
568 struct protosw *pr;
569 int i;
570
571 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
572 VERIFY(keydomain == NULL);
573
574 keydomain = dp;
575
576 for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++)
577 net_add_proto(pr, dp, 1);
578 }
mirror of XNU