1 /* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * This code is referd to RFC 2367
37 #include <machine/endian.h>
38 #include <sys/types.h>
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
43 #include <sys/domain.h>
44 #include <sys/protosw.h>
45 #include <sys/malloc.h>
46 #include <sys/socket.h>
47 #include <sys/socketvar.h>
48 #include <sys/sysctl.h>
49 #include <sys/errno.h>
51 #include <sys/queue.h>
52 #include <sys/syslog.h>
54 #include <kern/locks.h>
57 #include <net/route.h>
58 #include <net/raw_cb.h>
60 #include <netinet/in.h>
61 #include <netinet/in_systm.h>
62 #include <netinet/ip.h>
63 #include <netinet/in_var.h>
66 #include <netinet/ip6.h>
67 #include <netinet6/in6_var.h>
68 #include <netinet6/ip6_var.h>
72 #include <netinet/in_pcb.h>
75 #include <netinet6/in6_pcb.h>
78 #include <net/pfkeyv2.h>
79 #include <netkey/keydb.h>
80 #include <netkey/key.h>
81 #include <netkey/keysock.h>
82 #include <netkey/key_debug.h>
86 #include <netinet6/ipsec.h>
88 #include <netinet6/ipsec6.h>
90 #include <netinet6/ah.h>
92 #include <netinet6/ah6.h>
95 #include <netinet6/esp.h>
97 #include <netinet6/esp6.h>
100 #include <netinet6/ipcomp.h>
102 #include <netinet6/ipcomp6.h>
107 #include <sys/random.h>
109 #include <net/net_osdep.h>
112 #define satosin(s) ((struct sockaddr_in *)s)
115 #define FULLMASK 0xff
117 lck_grp_t
*sadb_mutex_grp
;
118 lck_grp_attr_t
*sadb_mutex_grp_attr
;
119 lck_attr_t
*sadb_mutex_attr
;
120 lck_mtx_t
*sadb_mutex
;
122 lck_grp_t
*pfkey_stat_mutex_grp
;
123 lck_grp_attr_t
*pfkey_stat_mutex_grp_attr
;
124 lck_attr_t
*pfkey_stat_mutex_attr
;
125 lck_mtx_t
*pfkey_stat_mutex
;
128 extern lck_mtx_t
*nd6_mutex
;
131 * Note on SA reference counting:
132 * - SAs that are not in DEAD state will have (total external reference + 1)
133 * following value in reference count field. they cannot be freed and are
134 * referenced from SA header.
135 * - SAs that are in DEAD state will have (total external reference)
136 * in reference count field. they are ready to be freed. reference from
137 * SA header will be removed in key_delsav(), when the reference count
138 * field hits 0 (= no external reference other than from SA header.
141 u_int32_t key_debug_level
= 0; //### our sysctl is not dynamic
142 static u_int key_spi_trycnt
= 1000;
143 static u_int32_t key_spi_minval
= 0x100;
144 static u_int32_t key_spi_maxval
= 0x0fffffff; /* XXX */
145 static u_int32_t policy_id
= 0;
146 static u_int key_int_random
= 60; /*interval to initialize randseed,1(m)*/
147 static u_int key_larval_lifetime
= 30; /* interval to expire acquiring, 30(s)*/
148 static int key_blockacq_count
= 10; /* counter for blocking SADB_ACQUIRE.*/
149 static int key_blockacq_lifetime
= 20; /* lifetime for blocking SADB_ACQUIRE.*/
150 static int key_preferred_oldsa
= 0; /* preferred old sa rather than new sa.*/
151 static int natt_keepalive_interval
= 20; /* interval between natt keepalives.*/
152 static int ipsec_policy_count
= 0;
153 static int ipsec_sav_count
= 0;
155 static u_int32_t acq_seq
= 0;
156 static int key_tick_init_random
= 0;
157 __private_extern__ u_int32_t natt_now
= 0;
159 static LIST_HEAD(_sptree
, secpolicy
) sptree
[IPSEC_DIR_MAX
]; /* SPD */
160 static LIST_HEAD(_sahtree
, secashead
) sahtree
; /* SAD */
161 static LIST_HEAD(_regtree
, secreg
) regtree
[SADB_SATYPE_MAX
+ 1];
164 #define SPIHASHSIZE 128
165 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
166 static LIST_HEAD(_spihash
, secasvar
) spihash
[SPIHASHSIZE
];
168 #ifndef IPSEC_NONBLOCK_ACQUIRE
169 static LIST_HEAD(_acqtree
, secacq
) acqtree
; /* acquiring list */
171 static LIST_HEAD(_spacqtree
, secspacq
) spacqtree
; /* SP acquiring list */
173 struct key_cb key_cb
;
175 /* search order for SAs */
176 static const u_int saorder_state_valid_prefer_old
[] = {
177 SADB_SASTATE_DYING
, SADB_SASTATE_MATURE
,
179 static const u_int saorder_state_valid_prefer_new
[] = {
180 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
182 static const u_int saorder_state_alive
[] = {
184 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
, SADB_SASTATE_LARVAL
186 static const u_int saorder_state_any
[] = {
187 SADB_SASTATE_MATURE
, SADB_SASTATE_DYING
,
188 SADB_SASTATE_LARVAL
, SADB_SASTATE_DEAD
191 static const int minsize
[] = {
192 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
193 sizeof(struct sadb_sa
), /* SADB_EXT_SA */
194 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
195 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
196 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
197 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_SRC */
198 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_DST */
199 sizeof(struct sadb_address
), /* SADB_EXT_ADDRESS_PROXY */
200 sizeof(struct sadb_key
), /* SADB_EXT_KEY_AUTH */
201 sizeof(struct sadb_key
), /* SADB_EXT_KEY_ENCRYPT */
202 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_SRC */
203 sizeof(struct sadb_ident
), /* SADB_EXT_IDENTITY_DST */
204 sizeof(struct sadb_sens
), /* SADB_EXT_SENSITIVITY */
205 sizeof(struct sadb_prop
), /* SADB_EXT_PROPOSAL */
206 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_AUTH */
207 sizeof(struct sadb_supported
), /* SADB_EXT_SUPPORTED_ENCRYPT */
208 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
209 0, /* SADB_X_EXT_KMPRIVATE */
210 sizeof(struct sadb_x_policy
), /* SADB_X_EXT_POLICY */
211 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
213 static const int maxsize
[] = {
214 sizeof(struct sadb_msg
), /* SADB_EXT_RESERVED */
215 sizeof(struct sadb_sa_2
), /* SADB_EXT_SA */
216 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_CURRENT */
217 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_HARD */
218 sizeof(struct sadb_lifetime
), /* SADB_EXT_LIFETIME_SOFT */
219 0, /* SADB_EXT_ADDRESS_SRC */
220 0, /* SADB_EXT_ADDRESS_DST */
221 0, /* SADB_EXT_ADDRESS_PROXY */
222 0, /* SADB_EXT_KEY_AUTH */
223 0, /* SADB_EXT_KEY_ENCRYPT */
224 0, /* SADB_EXT_IDENTITY_SRC */
225 0, /* SADB_EXT_IDENTITY_DST */
226 0, /* SADB_EXT_SENSITIVITY */
227 0, /* SADB_EXT_PROPOSAL */
228 0, /* SADB_EXT_SUPPORTED_AUTH */
229 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
230 sizeof(struct sadb_spirange
), /* SADB_EXT_SPIRANGE */
231 0, /* SADB_X_EXT_KMPRIVATE */
232 0, /* SADB_X_EXT_POLICY */
233 sizeof(struct sadb_x_sa2
), /* SADB_X_SA2 */
236 static int ipsec_esp_keymin
= 256;
237 static int ipsec_esp_auth
= 0;
238 static int ipsec_ah_keymin
= 128;
240 SYSCTL_DECL(_net_key
);
242 SYSCTL_INT(_net_key
, KEYCTL_DEBUG_LEVEL
, debug
, CTLFLAG_RW
, \
243 &key_debug_level
, 0, "");
246 /* max count of trial for the decision of spi value */
247 SYSCTL_INT(_net_key
, KEYCTL_SPI_TRY
, spi_trycnt
, CTLFLAG_RW
, \
248 &key_spi_trycnt
, 0, "");
250 /* minimum spi value to allocate automatically. */
251 SYSCTL_INT(_net_key
, KEYCTL_SPI_MIN_VALUE
, spi_minval
, CTLFLAG_RW
, \
252 &key_spi_minval
, 0, "");
254 /* maximun spi value to allocate automatically. */
255 SYSCTL_INT(_net_key
, KEYCTL_SPI_MAX_VALUE
, spi_maxval
, CTLFLAG_RW
, \
256 &key_spi_maxval
, 0, "");
258 /* interval to initialize randseed */
259 SYSCTL_INT(_net_key
, KEYCTL_RANDOM_INT
, int_random
, CTLFLAG_RW
, \
260 &key_int_random
, 0, "");
262 /* lifetime for larval SA */
263 SYSCTL_INT(_net_key
, KEYCTL_LARVAL_LIFETIME
, larval_lifetime
, CTLFLAG_RW
, \
264 &key_larval_lifetime
, 0, "");
266 /* counter for blocking to send SADB_ACQUIRE to IKEd */
267 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_COUNT
, blockacq_count
, CTLFLAG_RW
, \
268 &key_blockacq_count
, 0, "");
270 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
271 SYSCTL_INT(_net_key
, KEYCTL_BLOCKACQ_LIFETIME
, blockacq_lifetime
, CTLFLAG_RW
, \
272 &key_blockacq_lifetime
, 0, "");
275 SYSCTL_INT(_net_key
, KEYCTL_ESP_AUTH
, esp_auth
, CTLFLAG_RW
, \
276 &ipsec_esp_auth
, 0, "");
278 /* minimum ESP key length */
279 SYSCTL_INT(_net_key
, KEYCTL_ESP_KEYMIN
, esp_keymin
, CTLFLAG_RW
, \
280 &ipsec_esp_keymin
, 0, "");
282 /* minimum AH key length */
283 SYSCTL_INT(_net_key
, KEYCTL_AH_KEYMIN
, ah_keymin
, CTLFLAG_RW
, \
284 &ipsec_ah_keymin
, 0, "");
286 /* perfered old SA rather than new SA */
287 SYSCTL_INT(_net_key
, KEYCTL_PREFERED_OLDSA
, prefered_oldsa
, CTLFLAG_RW
,\
288 &key_preferred_oldsa
, 0, "");
290 /* time between NATT keepalives in seconds, 0 disabled */
291 SYSCTL_INT(_net_key
, KEYCTL_NATT_KEEPALIVE_INTERVAL
, natt_keepalive_interval
, CTLFLAG_RW
,\
292 &natt_keepalive_interval
, 0, "");
294 /* PF_KEY statistics */
295 SYSCTL_STRUCT(_net_key
, KEYCTL_PFKEYSTAT
, pfkeystat
, CTLFLAG_RD
,\
296 &pfkeystat
, pfkeystat
, "");
299 #define LIST_FOREACH(elm, head, field) \
300 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
302 #define __LIST_CHAINED(elm) \
303 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
304 #define LIST_INSERT_TAIL(head, elm, type, field) \
306 struct type *curelm = LIST_FIRST(head); \
307 if (curelm == NULL) {\
308 LIST_INSERT_HEAD(head, elm, field); \
310 while (LIST_NEXT(curelm, field)) \
311 curelm = LIST_NEXT(curelm, field);\
312 LIST_INSERT_AFTER(curelm, elm, field);\
316 #define KEY_CHKSASTATE(head, sav, name) \
318 if ((head) != (sav)) { \
319 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
320 (name), (head), (sav))); \
325 #define KEY_CHKSPDIR(head, sp, name) \
327 if ((head) != (sp)) { \
328 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
329 "anyway continue.\n", \
330 (name), (head), (sp))); \
335 #define KMALLOC_WAIT(p, t, n) \
336 ((p) = (t) _MALLOC((unsigned long)(n), M_SECA, M_WAITOK))
337 #define KMALLOC_NOWAIT(p, t, n) \
338 ((p) = (t) _MALLOC((unsigned long)(n), M_SECA, M_NOWAIT))
340 _FREE((caddr_t)(p), M_SECA);
342 #define KMALLOC_WAIT(p, t, n) \
344 ((p) = (t)_MALLOC((unsigned long)(n), M_SECA, M_WAITOK)); \
345 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
346 __FILE__, __LINE__, (p), #t, n); \
348 #define KMALLOC_NOWAIT(p, t, n) \
350 ((p) = (t)_MALLOC((unsigned long)(n), M_SECA, M_NOWAIT)); \
351 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
352 __FILE__, __LINE__, (p), #t, n); \
357 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
358 _FREE((caddr_t)(p), M_SECA); \
363 * set parameters into secpolicyindex buffer.
364 * Must allocate secpolicyindex buffer passed to this function.
366 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
368 bzero((idx), sizeof(struct secpolicyindex)); \
369 (idx)->dir = (_dir); \
370 (idx)->prefs = (ps); \
371 (idx)->prefd = (pd); \
372 (idx)->ul_proto = (ulp); \
373 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
374 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
378 * set parameters into secasindex buffer.
379 * Must allocate secasindex buffer before calling this function.
381 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
383 bzero((idx), sizeof(struct secasindex)); \
384 (idx)->proto = (p); \
386 (idx)->reqid = (r); \
387 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
388 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
393 u_long getspi_count
; /* the avarage of count to try to get new SPI */
397 struct sadb_msg
*msg
;
398 struct sadb_ext
*ext
[SADB_EXT_MAX
+ 1];
399 int extoff
[SADB_EXT_MAX
+ 1];
400 int extlen
[SADB_EXT_MAX
+ 1];
403 static struct secasvar
*key_do_allocsa_policy(struct secashead
*, u_int
, u_int16_t
);
404 static int key_do_get_translated_port(struct secashead
*, struct secasvar
*, u_int
);
405 static void key_delsp(struct secpolicy
*);
406 static struct secpolicy
*key_getsp(struct secpolicyindex
*);
407 static struct secpolicy
*key_getspbyid(u_int32_t
);
408 static u_int32_t
key_newreqid(void);
409 static struct mbuf
*key_gather_mbuf(struct mbuf
*,
410 const struct sadb_msghdr
*, int, int, int *);
411 static int key_spdadd(struct socket
*, struct mbuf
*,
412 const struct sadb_msghdr
*);
413 static u_int32_t
key_getnewspid(void);
414 static int key_spddelete(struct socket
*, struct mbuf
*,
415 const struct sadb_msghdr
*);
416 static int key_spddelete2(struct socket
*, struct mbuf
*,
417 const struct sadb_msghdr
*);
418 static int key_spdget(struct socket
*, struct mbuf
*,
419 const struct sadb_msghdr
*);
420 static int key_spdflush(struct socket
*, struct mbuf
*,
421 const struct sadb_msghdr
*);
422 static int key_spddump(struct socket
*, struct mbuf
*,
423 const struct sadb_msghdr
*);
424 static struct mbuf
*key_setdumpsp(struct secpolicy
*,
425 u_int8_t
, u_int32_t
, u_int32_t
);
426 static u_int
key_getspreqmsglen(struct secpolicy
*);
427 static int key_spdexpire(struct secpolicy
*);
428 static struct secashead
*key_newsah(struct secasindex
*);
429 static void key_delsah(struct secashead
*);
430 static struct secasvar
*key_newsav(struct mbuf
*,
431 const struct sadb_msghdr
*, struct secashead
*, int *);
432 static void key_delsav(struct secasvar
*);
433 static struct secashead
*key_getsah(struct secasindex
*);
434 static struct secasvar
*key_checkspidup(struct secasindex
*, u_int32_t
);
435 static void key_setspi
__P((struct secasvar
*, u_int32_t
));
436 static struct secasvar
*key_getsavbyspi(struct secashead
*, u_int32_t
);
437 static int key_setsaval(struct secasvar
*, struct mbuf
*,
438 const struct sadb_msghdr
*);
439 static int key_mature(struct secasvar
*);
440 static struct mbuf
*key_setdumpsa(struct secasvar
*, u_int8_t
,
441 u_int8_t
, u_int32_t
, u_int32_t
);
442 static struct mbuf
*key_setsadbmsg(u_int8_t
, u_int16_t
, u_int8_t
,
443 u_int32_t
, pid_t
, u_int16_t
);
444 static struct mbuf
*key_setsadbsa(struct secasvar
*);
445 static struct mbuf
*key_setsadbaddr(u_int16_t
,
446 struct sockaddr
*, u_int8_t
, u_int16_t
);
448 static struct mbuf
*key_setsadbident(u_int16_t
, u_int16_t
, caddr_t
,
451 static struct mbuf
*key_setsadbxsa2(u_int8_t
, u_int32_t
, u_int32_t
);
452 static struct mbuf
*key_setsadbxpolicy(u_int16_t
, u_int8_t
,
454 static void *key_newbuf(const void *, u_int
);
456 static int key_ismyaddr6(struct sockaddr_in6
*);
459 /* flags for key_cmpsaidx() */
460 #define CMP_HEAD 0x1 /* protocol, addresses. */
461 #define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
462 #define CMP_REQID 0x4 /* additionally HEAD, reqid. */
463 #define CMP_MODE 0x8 /* additionally mode. */
464 #define CMP_EXACTLY 0xF /* all elements. */
465 static int key_cmpsaidx(struct secasindex
*, struct secasindex
*, int);
467 static int key_cmpspidx_exactly(struct secpolicyindex
*,
468 struct secpolicyindex
*);
469 static int key_cmpspidx_withmask(struct secpolicyindex
*,
470 struct secpolicyindex
*);
471 static int key_sockaddrcmp(struct sockaddr
*, struct sockaddr
*, int);
472 static int key_bbcmp(caddr_t
, caddr_t
, u_int
);
473 static void key_srandom(void);
474 static u_int16_t
key_satype2proto(u_int8_t
);
475 static u_int8_t
key_proto2satype(u_int16_t
);
477 static int key_getspi(struct socket
*, struct mbuf
*,
478 const struct sadb_msghdr
*);
479 static u_int32_t
key_do_getnewspi(struct sadb_spirange
*, struct secasindex
*);
480 static int key_update(struct socket
*, struct mbuf
*,
481 const struct sadb_msghdr
*);
483 static struct secasvar
*key_getsavbyseq(struct secashead
*, u_int32_t
);
485 static int key_add(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
486 static int key_setident(struct secashead
*, struct mbuf
*,
487 const struct sadb_msghdr
*);
488 static struct mbuf
*key_getmsgbuf_x1(struct mbuf
*, const struct sadb_msghdr
*);
489 static int key_delete(struct socket
*, struct mbuf
*,
490 const struct sadb_msghdr
*);
491 static int key_get(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
493 static void key_getcomb_setlifetime(struct sadb_comb
*);
495 static struct mbuf
*key_getcomb_esp(void);
497 static struct mbuf
*key_getcomb_ah(void);
498 static struct mbuf
*key_getcomb_ipcomp(void);
499 static struct mbuf
*key_getprop(const struct secasindex
*);
501 static int key_acquire(struct secasindex
*, struct secpolicy
*);
502 #ifndef IPSEC_NONBLOCK_ACQUIRE
503 static struct secacq
*key_newacq(struct secasindex
*);
504 static struct secacq
*key_getacq(struct secasindex
*);
505 static struct secacq
*key_getacqbyseq(u_int32_t
);
507 static struct secspacq
*key_newspacq(struct secpolicyindex
*);
508 static struct secspacq
*key_getspacq(struct secpolicyindex
*);
509 static int key_acquire2(struct socket
*, struct mbuf
*,
510 const struct sadb_msghdr
*);
511 static int key_register(struct socket
*, struct mbuf
*,
512 const struct sadb_msghdr
*);
513 static int key_expire(struct secasvar
*);
514 static int key_flush(struct socket
*, struct mbuf
*,
515 const struct sadb_msghdr
*);
516 static int key_dump(struct socket
*, struct mbuf
*, const struct sadb_msghdr
*);
517 static int key_promisc(struct socket
*, struct mbuf
*,
518 const struct sadb_msghdr
*);
519 static int key_senderror(struct socket
*, struct mbuf
*, int);
520 static int key_validate_ext(const struct sadb_ext
*, int);
521 static int key_align(struct mbuf
*, struct sadb_msghdr
*);
522 static void key_sa_chgstate(struct secasvar
*, u_int8_t
);
523 static struct mbuf
*key_alloc_mbuf(int);
525 extern int ipsec_bypass
;
526 void ipsec_send_natt_keepalive(struct secasvar
*sav
);
533 * setup locks and call raw_init()
542 sadb_mutex_grp_attr
= lck_grp_attr_alloc_init();
543 sadb_mutex_grp
= lck_grp_alloc_init("sadb", sadb_mutex_grp_attr
);
544 sadb_mutex_attr
= lck_attr_alloc_init();
546 if ((sadb_mutex
= lck_mtx_alloc_init(sadb_mutex_grp
, sadb_mutex_attr
)) == NULL
) {
547 printf("key_init: can't alloc sadb_mutex\n");
551 pfkey_stat_mutex_grp_attr
= lck_grp_attr_alloc_init();
552 pfkey_stat_mutex_grp
= lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr
);
553 pfkey_stat_mutex_attr
= lck_attr_alloc_init();
555 if ((pfkey_stat_mutex
= lck_mtx_alloc_init(pfkey_stat_mutex_grp
, pfkey_stat_mutex_attr
)) == NULL
) {
556 printf("key_init: can't alloc pfkey_stat_mutex\n");
560 for (i
= 0; i
< SPIHASHSIZE
; i
++)
561 LIST_INIT(&spihash
[i
]);
567 /* %%% IPsec policy management */
569 * allocating a SP for OUTBOUND or INBOUND packet.
570 * Must call key_freesp() later.
571 * OUT: NULL: not found
572 * others: found and return the pointer.
575 key_allocsp(spidx
, dir
)
576 struct secpolicyindex
*spidx
;
579 struct secpolicy
*sp
;
582 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
585 panic("key_allocsp: NULL pointer is passed.\n");
587 /* check direction */
589 case IPSEC_DIR_INBOUND
:
590 case IPSEC_DIR_OUTBOUND
:
593 panic("key_allocsp: Invalid direction is passed.\n");
597 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
598 printf("*** objects\n");
599 kdebug_secpolicyindex(spidx
));
601 lck_mtx_lock(sadb_mutex
);
602 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
603 KEYDEBUG(KEYDEBUG_IPSEC_DATA
,
604 printf("*** in SPD\n");
605 kdebug_secpolicyindex(&sp
->spidx
));
607 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
609 if (key_cmpspidx_withmask(&sp
->spidx
, spidx
))
612 lck_mtx_unlock(sadb_mutex
);
617 /* found a SPD entry */
619 sp
->lastused
= tv
.tv_sec
;
621 lck_mtx_unlock(sadb_mutex
);
624 KEY_CHKSPDIR(sp
->spidx
.dir
, dir
, "key_allocsp");
625 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
626 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
632 * return a policy that matches this particular inbound packet.
636 key_gettunnel(osrc
, odst
, isrc
, idst
)
637 struct sockaddr
*osrc
, *odst
, *isrc
, *idst
;
639 struct secpolicy
*sp
;
640 const int dir
= IPSEC_DIR_INBOUND
;
642 struct ipsecrequest
*r1
, *r2
, *p
;
643 struct sockaddr
*os
, *od
, *is
, *id
;
644 struct secpolicyindex spidx
;
646 if (isrc
->sa_family
!= idst
->sa_family
) {
647 ipseclog((LOG_ERR
, "protocol family mismatched %d != %d\n.",
648 isrc
->sa_family
, idst
->sa_family
));
652 lck_mtx_lock(sadb_mutex
);
653 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
654 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
658 for (p
= sp
->req
; p
; p
= p
->next
) {
659 if (p
->saidx
.mode
!= IPSEC_MODE_TUNNEL
)
666 /* here we look at address matches only */
668 if (isrc
->sa_len
> sizeof(spidx
.src
) ||
669 idst
->sa_len
> sizeof(spidx
.dst
))
671 bcopy(isrc
, &spidx
.src
, isrc
->sa_len
);
672 bcopy(idst
, &spidx
.dst
, idst
->sa_len
);
673 if (!key_cmpspidx_withmask(&sp
->spidx
, &spidx
))
676 is
= (struct sockaddr
*)&r1
->saidx
.src
;
677 id
= (struct sockaddr
*)&r1
->saidx
.dst
;
678 if (key_sockaddrcmp(is
, isrc
, 0) ||
679 key_sockaddrcmp(id
, idst
, 0))
683 os
= (struct sockaddr
*)&r2
->saidx
.src
;
684 od
= (struct sockaddr
*)&r2
->saidx
.dst
;
685 if (key_sockaddrcmp(os
, osrc
, 0) ||
686 key_sockaddrcmp(od
, odst
, 0))
692 lck_mtx_unlock(sadb_mutex
);
697 sp
->lastused
= tv
.tv_sec
;
699 lck_mtx_unlock(sadb_mutex
);
704 * allocating an SA entry for an *OUTBOUND* packet.
705 * checking each request entries in SP, and acquire an SA if need.
706 * OUT: 0: there are valid requests.
707 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
710 key_checkrequest(isr
, saidx
, sav
)
711 struct ipsecrequest
*isr
;
712 struct secasindex
*saidx
;
713 struct secasvar
**sav
;
717 struct sockaddr_in
*sin
;
719 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
724 if (isr
== NULL
|| saidx
== NULL
)
725 panic("key_checkrequest: NULL pointer is passed.\n");
728 switch (saidx
->mode
) {
729 case IPSEC_MODE_TRANSPORT
:
730 case IPSEC_MODE_TUNNEL
:
734 panic("key_checkrequest: Invalid policy defined.\n");
737 /* get current level */
738 level
= ipsec_get_reqlevel(isr
);
742 * key_allocsa_policy should allocate the oldest SA available.
743 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
746 *sav
= key_allocsa_policy(saidx
);
748 /* When there is SA. */
754 * Remove dst port - used for special natt support - don't call
755 * key_acquire with it.
757 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
) {
758 sin
= (struct sockaddr_in
*)&saidx
->dst
;
759 sin
->sin_port
= IPSEC_PORT_ANY
;
761 if ((error
= key_acquire(saidx
, isr
->sp
)) != 0) {
762 /* XXX What should I do ? */
763 ipseclog((LOG_DEBUG
, "key_checkrequest: error %d returned "
764 "from key_acquire.\n", error
));
768 return level
== IPSEC_LEVEL_REQUIRE
? ENOENT
: 0;
772 * allocating a SA for policy entry from SAD.
773 * NOTE: searching SAD of aliving state.
774 * OUT: NULL: not found.
775 * others: found and return the pointer.
778 key_allocsa_policy(saidx
)
779 struct secasindex
*saidx
;
781 struct secashead
*sah
;
782 struct secasvar
*sav
;
783 u_int stateidx
, state
;
784 const u_int
*saorder_state_valid
;
786 struct sockaddr_in
*sin
;
789 lck_mtx_lock(sadb_mutex
);
790 LIST_FOREACH(sah
, &sahtree
, chain
) {
791 if (sah
->state
== SADB_SASTATE_DEAD
)
793 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_MODE
| CMP_REQID
))
796 lck_mtx_unlock(sadb_mutex
);
802 * search a valid state list for outbound packet.
803 * This search order is important.
805 if (key_preferred_oldsa
) {
806 saorder_state_valid
= saorder_state_valid_prefer_old
;
807 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
809 saorder_state_valid
= saorder_state_valid_prefer_new
;
810 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
814 sin
= (struct sockaddr_in
*)&saidx
->dst
;
815 dstport
= sin
->sin_port
;
816 if (saidx
->mode
== IPSEC_MODE_TRANSPORT
)
817 sin
->sin_port
= IPSEC_PORT_ANY
;
819 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
821 state
= saorder_state_valid
[stateidx
];
823 sav
= key_do_allocsa_policy(sah
, state
, dstport
);
825 lck_mtx_unlock(sadb_mutex
);
829 lck_mtx_unlock(sadb_mutex
);
834 * searching SAD with direction, protocol, mode and state.
835 * called by key_allocsa_policy().
838 * others : found, pointer to a SA.
840 static struct secasvar
*
841 key_do_allocsa_policy(sah
, state
, dstport
)
842 struct secashead
*sah
;
846 struct secasvar
*sav
, *nextsav
, *candidate
, *natt_candidate
, *no_natt_candidate
, *d
;
848 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
852 natt_candidate
= NULL
;
853 no_natt_candidate
= NULL
;
855 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
859 nextsav
= LIST_NEXT(sav
, chain
);
862 KEY_CHKSASTATE(sav
->state
, state
, "key_do_allocsa_policy");
864 if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
&&
865 ((sav
->flags
& SADB_X_EXT_NATT
) != 0) &&
866 ntohs(dstport
) != sav
->remote_ike_port
)
869 if (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
870 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0) &&
871 ntohs(dstport
) != sav
->remote_ike_port
)
872 continue; /* skip this one - not a match - or not UDP */
874 if ((sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&&
875 ((sav
->flags
& SADB_X_EXT_NATT
) != 0)) ||
876 (sah
->saidx
.mode
== IPSEC_MODE_TRANSPORT
&&
877 ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0))) {
878 if (natt_candidate
== NULL
) {
879 natt_candidate
= sav
;
882 candidate
= natt_candidate
;
884 if (no_natt_candidate
== NULL
) {
885 no_natt_candidate
= sav
;
888 candidate
= no_natt_candidate
;
891 /* Which SA is the better ? */
894 if (candidate
->lft_c
== NULL
|| sav
->lft_c
== NULL
)
895 panic("key_do_allocsa_policy: "
896 "lifetime_current is NULL.\n");
898 /* What the best method is to compare ? */
899 if (key_preferred_oldsa
) {
900 if (candidate
->lft_c
->sadb_lifetime_addtime
>
901 sav
->lft_c
->sadb_lifetime_addtime
) {
902 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
903 natt_candidate
= sav
;
905 no_natt_candidate
= sav
;
911 /* prefered new sa rather than old sa */
912 if (candidate
->lft_c
->sadb_lifetime_addtime
<
913 sav
->lft_c
->sadb_lifetime_addtime
) {
915 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
916 natt_candidate
= sav
;
918 no_natt_candidate
= sav
;
923 * prepared to delete the SA when there is more
924 * suitable candidate and the lifetime of the SA is not
927 if (d
->lft_c
->sadb_lifetime_addtime
!= 0) {
928 struct mbuf
*m
, *result
;
930 key_sa_chgstate(d
, SADB_SASTATE_DEAD
);
932 m
= key_setsadbmsg(SADB_DELETE
, 0,
933 d
->sah
->saidx
.proto
, 0, 0, d
->refcnt
- 1);
938 /* set sadb_address for saidx's. */
939 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
940 (struct sockaddr
*)&d
->sah
->saidx
.src
,
941 d
->sah
->saidx
.src
.ss_len
<< 3,
947 /* set sadb_address for saidx's. */
948 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
949 (struct sockaddr
*)&d
->sah
->saidx
.src
,
950 d
->sah
->saidx
.src
.ss_len
<< 3,
956 /* create SA extension */
957 m
= key_setsadbsa(d
);
962 if (result
->m_len
< sizeof(struct sadb_msg
)) {
963 result
= m_pullup(result
,
964 sizeof(struct sadb_msg
));
969 result
->m_pkthdr
.len
= 0;
970 for (m
= result
; m
; m
= m
->m_next
)
971 result
->m_pkthdr
.len
+= m
->m_len
;
972 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
973 PFKEY_UNIT64(result
->m_pkthdr
.len
);
975 if (key_sendup_mbuf(NULL
, result
,
976 KEY_SENDUP_REGISTERED
))
979 key_freesav(d
, KEY_SADB_LOCKED
);
983 /* choose latest if both types present */
984 if (natt_candidate
== NULL
)
985 candidate
= no_natt_candidate
;
986 else if (no_natt_candidate
== NULL
)
987 candidate
= natt_candidate
;
988 else if (sah
->saidx
.mode
== IPSEC_MODE_TUNNEL
&& dstport
)
989 candidate
= natt_candidate
;
990 else if (natt_candidate
->lft_c
->sadb_lifetime_addtime
>
991 no_natt_candidate
->lft_c
->sadb_lifetime_addtime
)
992 candidate
= natt_candidate
;
994 candidate
= no_natt_candidate
;
998 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
999 printf("DP allocsa_policy cause "
1000 "refcnt++:%d SA:%p\n",
1001 candidate
->refcnt
, candidate
));
1007 * allocating a SA entry for a *INBOUND* packet.
1008 * Must call key_freesav() later.
1009 * OUT: positive: pointer to a sav.
1010 * NULL: not found, or error occurred.
1012 * In the comparison, source address will be ignored for RFC2401 conformance.
1013 * To quote, from section 4.1:
1014 * A security association is uniquely identified by a triple consisting
1015 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1016 * security protocol (AH or ESP) identifier.
1017 * Note that, however, we do need to keep source address in IPsec SA.
1018 * IKE specification and PF_KEY specification do assume that we
1019 * keep source address in IPsec SA. We see a tricky situation here.
1022 key_allocsa(family
, src
, dst
, proto
, spi
)
1023 u_int family
, proto
;
1027 struct secasvar
*sav
, *match
;
1028 u_int stateidx
, state
, tmpidx
, matchidx
;
1029 struct sockaddr_in sin
;
1030 struct sockaddr_in6 sin6
;
1031 const u_int
*saorder_state_valid
;
1034 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1037 if (src
== NULL
|| dst
== NULL
)
1038 panic("key_allocsa: NULL pointer is passed.\n");
1041 * when both systems employ similar strategy to use a SA.
1042 * the search order is important even in the inbound case.
1044 if (key_preferred_oldsa
) {
1045 saorder_state_valid
= saorder_state_valid_prefer_old
;
1046 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1048 saorder_state_valid
= saorder_state_valid_prefer_new
;
1049 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1054 * XXX: to be checked internal IP header somewhere. Also when
1055 * IPsec tunnel packet is received. But ESP tunnel mode is
1056 * encrypted so we can't check internal IP header.
1059 * search a valid state list for inbound packet.
1060 * the search order is not important.
1063 matchidx
= arraysize
;
1064 lck_mtx_lock(sadb_mutex
);
1065 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
1066 if (sav
->spi
!= spi
)
1068 if (proto
!= sav
->sah
->saidx
.proto
)
1070 if (family
!= sav
->sah
->saidx
.src
.ss_family
||
1071 family
!= sav
->sah
->saidx
.dst
.ss_family
)
1074 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
1075 state
= saorder_state_valid
[stateidx
];
1076 if (sav
->state
== state
) {
1081 if (tmpidx
>= matchidx
)
1084 #if 0 /* don't check src */
1085 /* check src address */
1088 bzero(&sin
, sizeof(sin
));
1089 sin
.sin_family
= AF_INET
;
1090 sin
.sin_len
= sizeof(sin
);
1091 bcopy(src
, &sin
.sin_addr
,
1092 sizeof(sin
.sin_addr
));
1093 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1094 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1098 bzero(&sin6
, sizeof(sin6
));
1099 sin6
.sin6_family
= AF_INET6
;
1100 sin6
.sin6_len
= sizeof(sin6
);
1101 bcopy(src
, &sin6
.sin6_addr
,
1102 sizeof(sin6
.sin6_addr
));
1103 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1104 /* kame fake scopeid */
1105 sin6
.sin6_scope_id
=
1106 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1107 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1109 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1110 (struct sockaddr
*)&sav
->sah
->saidx
.src
, 0) != 0)
1114 ipseclog((LOG_DEBUG
, "key_allocsa: "
1115 "unknown address family=%d.\n",
1121 /* check dst address */
1124 bzero(&sin
, sizeof(sin
));
1125 sin
.sin_family
= AF_INET
;
1126 sin
.sin_len
= sizeof(sin
);
1127 bcopy(dst
, &sin
.sin_addr
,
1128 sizeof(sin
.sin_addr
));
1129 if (key_sockaddrcmp((struct sockaddr
*)&sin
,
1130 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1135 bzero(&sin6
, sizeof(sin6
));
1136 sin6
.sin6_family
= AF_INET6
;
1137 sin6
.sin6_len
= sizeof(sin6
);
1138 bcopy(dst
, &sin6
.sin6_addr
,
1139 sizeof(sin6
.sin6_addr
));
1140 if (IN6_IS_SCOPE_LINKLOCAL(&sin6
.sin6_addr
)) {
1141 /* kame fake scopeid */
1142 sin6
.sin6_scope_id
=
1143 ntohs(sin6
.sin6_addr
.s6_addr16
[1]);
1144 sin6
.sin6_addr
.s6_addr16
[1] = 0;
1146 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
1147 (struct sockaddr
*)&sav
->sah
->saidx
.dst
, 0) != 0)
1151 ipseclog((LOG_DEBUG
, "key_allocsa: "
1152 "unknown address family=%d.\n", family
));
1163 lck_mtx_unlock(sadb_mutex
);
1168 lck_mtx_unlock(sadb_mutex
);
1169 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1170 printf("DP allocsa cause refcnt++:%d SA:%p\n",
1171 match
->refcnt
, match
));
1176 key_natt_get_translated_port(outsav
)
1177 struct secasvar
*outsav
;
1180 struct secasindex saidx
;
1181 struct secashead
*sah
;
1182 u_int stateidx
, state
;
1183 const u_int
*saorder_state_valid
;
1186 /* get sa for incoming */
1187 saidx
.mode
= outsav
->sah
->saidx
.mode
;
1189 saidx
.proto
= outsav
->sah
->saidx
.proto
;
1190 bcopy(&outsav
->sah
->saidx
.src
, &saidx
.dst
, sizeof(struct sockaddr_in
));
1191 bcopy(&outsav
->sah
->saidx
.dst
, &saidx
.src
, sizeof(struct sockaddr_in
));
1193 lck_mtx_lock(sadb_mutex
);
1194 LIST_FOREACH(sah
, &sahtree
, chain
) {
1195 if (sah
->state
== SADB_SASTATE_DEAD
)
1197 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
))
1200 lck_mtx_unlock(sadb_mutex
);
1205 * Found sah - now go thru list of SAs and find
1206 * matching remote ike port. If found - set
1207 * sav->natt_encapsulated_src_port and return the port.
1210 * search a valid state list for outbound packet.
1211 * This search order is important.
1213 if (key_preferred_oldsa
) {
1214 saorder_state_valid
= saorder_state_valid_prefer_old
;
1215 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_old
);
1217 saorder_state_valid
= saorder_state_valid_prefer_new
;
1218 arraysize
= _ARRAYLEN(saorder_state_valid_prefer_new
);
1221 for (stateidx
= 0; stateidx
< arraysize
; stateidx
++) {
1222 state
= saorder_state_valid
[stateidx
];
1223 if (key_do_get_translated_port(sah
, outsav
, state
)) {
1224 lck_mtx_unlock(sadb_mutex
);
1225 return outsav
->natt_encapsulated_src_port
;
1228 lck_mtx_unlock(sadb_mutex
);
1233 key_do_get_translated_port(sah
, outsav
, state
)
1234 struct secashead
*sah
;
1235 struct secasvar
*outsav
;
1238 struct secasvar
*currsav
, *nextsav
, *candidate
;
1241 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1246 for (currsav
= LIST_FIRST(&sah
->savtree
[state
]);
1248 currsav
= nextsav
) {
1250 nextsav
= LIST_NEXT(currsav
, chain
);
1253 KEY_CHKSASTATE(currsav
->state
, state
, "key_do_get_translated_port");
1255 if ((currsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) == 0 ||
1256 currsav
->remote_ike_port
!= outsav
->remote_ike_port
)
1259 if (candidate
== NULL
) {
1260 candidate
= currsav
;
1264 /* Which SA is the better ? */
1266 /* sanity check 2 */
1267 if (candidate
->lft_c
== NULL
|| currsav
->lft_c
== NULL
)
1268 panic("key_do_get_translated_port: "
1269 "lifetime_current is NULL.\n");
1271 /* What the best method is to compare ? */
1272 if (key_preferred_oldsa
) {
1273 if (candidate
->lft_c
->sadb_lifetime_addtime
>
1274 currsav
->lft_c
->sadb_lifetime_addtime
) {
1275 candidate
= currsav
;
1281 /* prefered new sa rather than old sa */
1282 if (candidate
->lft_c
->sadb_lifetime_addtime
<
1283 currsav
->lft_c
->sadb_lifetime_addtime
)
1284 candidate
= currsav
;
1288 outsav
->natt_encapsulated_src_port
= candidate
->natt_encapsulated_src_port
;
1296 * Must be called after calling key_allocsp().
1297 * For both the packet without socket and key_freeso().
1300 key_freesp(sp
, locked
)
1301 struct secpolicy
*sp
;
1307 panic("key_freesp: NULL pointer is passed.\n");
1310 lck_mtx_lock(sadb_mutex
);
1312 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1314 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1315 printf("DP freesp cause refcnt--:%d SP:%p\n",
1318 if (sp
->refcnt
== 0)
1321 lck_mtx_unlock(sadb_mutex
);
1326 static void key_freesp_so(struct secpolicy
**);
1329 * Must be called after calling key_allocsp().
1330 * For the packet with socket.
1339 panic("key_freeso: NULL pointer is passed.\n");
1341 lck_mtx_lock(sadb_mutex
);
1342 switch (so
->so_proto
->pr_domain
->dom_family
) {
1346 struct inpcb
*pcb
= sotoinpcb(so
);
1348 /* Does it have a PCB ? */
1349 if (pcb
== NULL
|| pcb
->inp_sp
== NULL
)
1351 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1352 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1360 struct inpcb
*pcb
= sotoinpcb(so
);
1362 /* Does it have a PCB ? */
1363 if (pcb
== NULL
|| pcb
->inp_sp
== NULL
)
1365 key_freesp_so(&pcb
->inp_sp
->sp_in
);
1366 key_freesp_so(&pcb
->inp_sp
->sp_out
);
1368 struct in6pcb
*pcb
= sotoin6pcb(so
);
1370 /* Does it have a PCB ? */
1371 if (pcb
== NULL
|| pcb
->in6p_sp
== NULL
)
1373 key_freesp_so(&pcb
->in6p_sp
->sp_in
);
1374 key_freesp_so(&pcb
->in6p_sp
->sp_out
);
1380 ipseclog((LOG_DEBUG
, "key_freeso: unknown address family=%d.\n",
1381 so
->so_proto
->pr_domain
->dom_family
));
1385 lck_mtx_unlock(sadb_mutex
);
1392 struct secpolicy
**sp
;
1396 if (sp
== NULL
|| *sp
== NULL
)
1397 panic("key_freesp_so: sp == NULL\n");
1399 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1401 switch ((*sp
)->policy
) {
1402 case IPSEC_POLICY_IPSEC
:
1403 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1404 printf("DP freeso calls free SP:%p\n", *sp
));
1405 key_freesp(*sp
, KEY_SADB_LOCKED
);
1408 case IPSEC_POLICY_ENTRUST
:
1409 case IPSEC_POLICY_BYPASS
:
1412 panic("key_freesp_so: Invalid policy found %d", (*sp
)->policy
);
1421 * Must be called after calling key_allocsa().
1422 * This function is called by key_freesp() to free some SA allocated
1426 key_freesav(sav
, locked
)
1427 struct secasvar
*sav
;
1433 panic("key_freesav: NULL pointer is passed.\n");
1436 lck_mtx_lock(sadb_mutex
);
1438 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1440 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
1441 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
1442 sav
->refcnt
, sav
, (u_int32_t
)ntohl(sav
->spi
)));
1444 if (sav
->refcnt
== 0)
1447 lck_mtx_unlock(sadb_mutex
);
1451 /* %%% SPD management */
1453 * free security policy entry.
1457 struct secpolicy
*sp
;
1462 panic("key_delsp: NULL pointer is passed.\n");
1464 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1465 sp
->state
= IPSEC_SPSTATE_DEAD
;
1468 return; /* can't free */
1470 /* remove from SP index */
1471 if (__LIST_CHAINED(sp
)) {
1472 LIST_REMOVE(sp
, chain
);
1473 ipsec_policy_count
--;
1477 struct ipsecrequest
*isr
= sp
->req
, *nextisr
;
1479 while (isr
!= NULL
) {
1480 nextisr
= isr
->next
;
1485 keydb_delsecpolicy(sp
);
1492 * OUT: NULL : not found
1493 * others : found, pointer to a SP.
1495 static struct secpolicy
*
1497 struct secpolicyindex
*spidx
;
1499 struct secpolicy
*sp
;
1501 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1505 panic("key_getsp: NULL pointer is passed.\n");
1507 LIST_FOREACH(sp
, &sptree
[spidx
->dir
], chain
) {
1508 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1510 if (key_cmpspidx_exactly(spidx
, &sp
->spidx
)) {
1521 * OUT: NULL : not found
1522 * others : found, pointer to a SP.
1524 static struct secpolicy
*
1528 struct secpolicy
*sp
;
1530 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
1532 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_INBOUND
], chain
) {
1533 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1541 LIST_FOREACH(sp
, &sptree
[IPSEC_DIR_OUTBOUND
], chain
) {
1542 if (sp
->state
== IPSEC_SPSTATE_DEAD
)
1556 struct secpolicy
*newsp
= NULL
;
1558 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1559 newsp
= keydb_newsecpolicy();
1570 * create secpolicy structure from sadb_x_policy structure.
1571 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1572 * so must be set properly later.
1575 key_msg2sp(xpl0
, len
, error
)
1576 struct sadb_x_policy
*xpl0
;
1580 struct secpolicy
*newsp
;
1582 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1586 panic("key_msg2sp: NULL pointer was passed.\n");
1587 if (len
< sizeof(*xpl0
))
1588 panic("key_msg2sp: invalid length.\n");
1589 if (len
!= PFKEY_EXTLEN(xpl0
)) {
1590 ipseclog((LOG_DEBUG
, "key_msg2sp: Invalid msg length.\n"));
1595 if ((newsp
= key_newsp()) == NULL
) {
1600 newsp
->spidx
.dir
= xpl0
->sadb_x_policy_dir
;
1601 newsp
->policy
= xpl0
->sadb_x_policy_type
;
1604 switch (xpl0
->sadb_x_policy_type
) {
1605 case IPSEC_POLICY_DISCARD
:
1606 case IPSEC_POLICY_GENERATE
:
1607 case IPSEC_POLICY_NONE
:
1608 case IPSEC_POLICY_ENTRUST
:
1609 case IPSEC_POLICY_BYPASS
:
1613 case IPSEC_POLICY_IPSEC
:
1616 struct sadb_x_ipsecrequest
*xisr
;
1617 struct ipsecrequest
**p_isr
= &newsp
->req
;
1619 /* validity check */
1620 if (PFKEY_EXTLEN(xpl0
) < sizeof(*xpl0
)) {
1621 ipseclog((LOG_DEBUG
,
1622 "key_msg2sp: Invalid msg length.\n"));
1623 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1628 tlen
= PFKEY_EXTLEN(xpl0
) - sizeof(*xpl0
);
1629 xisr
= (struct sadb_x_ipsecrequest
*)(xpl0
+ 1);
1634 if (xisr
->sadb_x_ipsecrequest_len
< sizeof(*xisr
)) {
1635 ipseclog((LOG_DEBUG
, "key_msg2sp: "
1636 "invalid ipsecrequest length.\n"));
1637 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1642 /* allocate request buffer */
1643 KMALLOC_WAIT(*p_isr
, struct ipsecrequest
*, sizeof(**p_isr
));
1644 if ((*p_isr
) == NULL
) {
1645 ipseclog((LOG_DEBUG
,
1646 "key_msg2sp: No more memory.\n"));
1647 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1651 bzero(*p_isr
, sizeof(**p_isr
));
1654 (*p_isr
)->next
= NULL
;
1656 switch (xisr
->sadb_x_ipsecrequest_proto
) {
1659 case IPPROTO_IPCOMP
:
1662 ipseclog((LOG_DEBUG
,
1663 "key_msg2sp: invalid proto type=%u\n",
1664 xisr
->sadb_x_ipsecrequest_proto
));
1665 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1666 *error
= EPROTONOSUPPORT
;
1669 (*p_isr
)->saidx
.proto
= xisr
->sadb_x_ipsecrequest_proto
;
1671 switch (xisr
->sadb_x_ipsecrequest_mode
) {
1672 case IPSEC_MODE_TRANSPORT
:
1673 case IPSEC_MODE_TUNNEL
:
1675 case IPSEC_MODE_ANY
:
1677 ipseclog((LOG_DEBUG
,
1678 "key_msg2sp: invalid mode=%u\n",
1679 xisr
->sadb_x_ipsecrequest_mode
));
1680 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1684 (*p_isr
)->saidx
.mode
= xisr
->sadb_x_ipsecrequest_mode
;
1686 switch (xisr
->sadb_x_ipsecrequest_level
) {
1687 case IPSEC_LEVEL_DEFAULT
:
1688 case IPSEC_LEVEL_USE
:
1689 case IPSEC_LEVEL_REQUIRE
:
1691 case IPSEC_LEVEL_UNIQUE
:
1692 /* validity check */
1694 * If range violation of reqid, kernel will
1695 * update it, don't refuse it.
1697 if (xisr
->sadb_x_ipsecrequest_reqid
1698 > IPSEC_MANUAL_REQID_MAX
) {
1699 ipseclog((LOG_DEBUG
,
1700 "key_msg2sp: reqid=%d range "
1701 "violation, updated by kernel.\n",
1702 xisr
->sadb_x_ipsecrequest_reqid
));
1703 xisr
->sadb_x_ipsecrequest_reqid
= 0;
1706 /* allocate new reqid id if reqid is zero. */
1707 if (xisr
->sadb_x_ipsecrequest_reqid
== 0) {
1709 if ((reqid
= key_newreqid()) == 0) {
1710 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1714 (*p_isr
)->saidx
.reqid
= reqid
;
1715 xisr
->sadb_x_ipsecrequest_reqid
= reqid
;
1717 /* set it for manual keying. */
1718 (*p_isr
)->saidx
.reqid
=
1719 xisr
->sadb_x_ipsecrequest_reqid
;
1724 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid level=%u\n",
1725 xisr
->sadb_x_ipsecrequest_level
));
1726 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1730 (*p_isr
)->level
= xisr
->sadb_x_ipsecrequest_level
;
1732 /* set IP addresses if there */
1733 if (xisr
->sadb_x_ipsecrequest_len
> sizeof(*xisr
)) {
1734 struct sockaddr
*paddr
;
1736 paddr
= (struct sockaddr
*)(xisr
+ 1);
1738 /* validity check */
1740 > sizeof((*p_isr
)->saidx
.src
)) {
1741 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1742 "address length.\n"));
1743 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1747 bcopy(paddr
, &(*p_isr
)->saidx
.src
,
1750 paddr
= (struct sockaddr
*)((caddr_t
)paddr
1753 /* validity check */
1755 > sizeof((*p_isr
)->saidx
.dst
)) {
1756 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid request "
1757 "address length.\n"));
1758 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1762 bcopy(paddr
, &(*p_isr
)->saidx
.dst
,
1766 (*p_isr
)->sp
= newsp
;
1768 /* initialization for the next. */
1769 p_isr
= &(*p_isr
)->next
;
1770 tlen
-= xisr
->sadb_x_ipsecrequest_len
;
1772 /* validity check */
1774 ipseclog((LOG_DEBUG
, "key_msg2sp: becoming tlen < 0.\n"));
1775 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1780 xisr
= (struct sadb_x_ipsecrequest
*)((caddr_t
)xisr
1781 + xisr
->sadb_x_ipsecrequest_len
);
1786 ipseclog((LOG_DEBUG
, "key_msg2sp: invalid policy type.\n"));
1787 key_freesp(newsp
, KEY_SADB_UNLOCKED
);
1799 lck_mtx_lock(sadb_mutex
);
1800 static u_int32_t auto_reqid
= IPSEC_MANUAL_REQID_MAX
+ 1;
1802 auto_reqid
= (auto_reqid
== ~0
1803 ? IPSEC_MANUAL_REQID_MAX
+ 1 : auto_reqid
+ 1);
1804 lck_mtx_unlock(sadb_mutex
);
1806 /* XXX should be unique check */
1812 * copy secpolicy struct to sadb_x_policy structure indicated.
1816 struct secpolicy
*sp
;
1818 struct sadb_x_policy
*xpl
;
1825 panic("key_sp2msg: NULL pointer was passed.\n");
1827 tlen
= key_getspreqmsglen(sp
);
1829 m
= key_alloc_mbuf(tlen
);
1830 if (!m
|| m
->m_next
) { /*XXX*/
1838 xpl
= mtod(m
, struct sadb_x_policy
*);
1841 xpl
->sadb_x_policy_len
= PFKEY_UNIT64(tlen
);
1842 xpl
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
1843 xpl
->sadb_x_policy_type
= sp
->policy
;
1844 xpl
->sadb_x_policy_dir
= sp
->spidx
.dir
;
1845 xpl
->sadb_x_policy_id
= sp
->id
;
1846 p
= (caddr_t
)xpl
+ sizeof(*xpl
);
1848 /* if is the policy for ipsec ? */
1849 if (sp
->policy
== IPSEC_POLICY_IPSEC
) {
1850 struct sadb_x_ipsecrequest
*xisr
;
1851 struct ipsecrequest
*isr
;
1853 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
1855 xisr
= (struct sadb_x_ipsecrequest
*)p
;
1857 xisr
->sadb_x_ipsecrequest_proto
= isr
->saidx
.proto
;
1858 xisr
->sadb_x_ipsecrequest_mode
= isr
->saidx
.mode
;
1859 xisr
->sadb_x_ipsecrequest_level
= isr
->level
;
1860 xisr
->sadb_x_ipsecrequest_reqid
= isr
->saidx
.reqid
;
1863 bcopy(&isr
->saidx
.src
, p
, isr
->saidx
.src
.ss_len
);
1864 p
+= isr
->saidx
.src
.ss_len
;
1865 bcopy(&isr
->saidx
.dst
, p
, isr
->saidx
.dst
.ss_len
);
1866 p
+= isr
->saidx
.src
.ss_len
;
1868 xisr
->sadb_x_ipsecrequest_len
=
1869 PFKEY_ALIGN8(sizeof(*xisr
)
1870 + isr
->saidx
.src
.ss_len
1871 + isr
->saidx
.dst
.ss_len
);
1878 /* m will not be freed nor modified */
1879 static struct mbuf
*
1880 key_gather_mbuf(struct mbuf
*m
, const struct sadb_msghdr
*mhp
,
1881 int ndeep
, int nitem
, int *items
)
1885 struct mbuf
*result
= NULL
, *n
;
1888 if (m
== NULL
|| mhp
== NULL
)
1889 panic("null pointer passed to key_gather");
1891 for (i
= 0; i
< nitem
; i
++) {
1893 if (idx
< 0 || idx
> SADB_EXT_MAX
)
1895 /* don't attempt to pull empty extension */
1896 if (idx
== SADB_EXT_RESERVED
&& mhp
->msg
== NULL
)
1898 if (idx
!= SADB_EXT_RESERVED
&&
1899 (mhp
->ext
[idx
] == NULL
|| mhp
->extlen
[idx
] == 0))
1902 if (idx
== SADB_EXT_RESERVED
) {
1903 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
1906 panic("assumption failed");
1908 MGETHDR(n
, M_DONTWAIT
, MT_DATA
);
1913 m_copydata(m
, 0, sizeof(struct sadb_msg
),
1915 } else if (i
< ndeep
) {
1916 len
= mhp
->extlen
[idx
];
1917 n
= key_alloc_mbuf(len
);
1918 if (!n
|| n
->m_next
) { /*XXX*/
1923 m_copydata(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1926 n
= m_copym(m
, mhp
->extoff
[idx
], mhp
->extlen
[idx
],
1938 if ((result
->m_flags
& M_PKTHDR
) != 0) {
1939 result
->m_pkthdr
.len
= 0;
1940 for (n
= result
; n
; n
= n
->m_next
)
1941 result
->m_pkthdr
.len
+= n
->m_len
;
1952 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1953 * add a entry to SP database, when received
1954 * <base, address(SD), (lifetime(H),) policy>
1956 * Adding to SP database,
1958 * <base, address(SD), (lifetime(H),) policy>
1959 * to the socket which was send.
1961 * SPDADD set a unique policy entry.
1962 * SPDSETIDX like SPDADD without a part of policy requests.
1963 * SPDUPDATE replace a unique policy entry.
1965 * m will always be freed.
1968 key_spdadd(so
, m
, mhp
)
1971 const struct sadb_msghdr
*mhp
;
1973 struct sadb_address
*src0
, *dst0
;
1974 struct sadb_x_policy
*xpl0
, *xpl
;
1975 struct sadb_lifetime
*lft
= NULL
;
1976 struct secpolicyindex spidx
;
1977 struct secpolicy
*newsp
;
1981 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
1984 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
1985 panic("key_spdadd: NULL pointer is passed.\n");
1987 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
1988 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
1989 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
1990 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1991 return key_senderror(so
, m
, EINVAL
);
1993 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
1994 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
1995 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
1996 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
1997 return key_senderror(so
, m
, EINVAL
);
1999 if (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
) {
2000 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
]
2001 < sizeof(struct sadb_lifetime
)) {
2002 ipseclog((LOG_DEBUG
, "key_spdadd: invalid message is passed.\n"));
2003 return key_senderror(so
, m
, EINVAL
);
2005 lft
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
2008 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2009 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2010 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
2013 /* XXX boundary check against sa_len */
2014 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2017 src0
->sadb_address_prefixlen
,
2018 dst0
->sadb_address_prefixlen
,
2019 src0
->sadb_address_proto
,
2022 /* checking the direciton. */
2023 switch (xpl0
->sadb_x_policy_dir
) {
2024 case IPSEC_DIR_INBOUND
:
2025 case IPSEC_DIR_OUTBOUND
:
2028 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid SP direction.\n"));
2029 mhp
->msg
->sadb_msg_errno
= EINVAL
;
2034 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2035 if (xpl0
->sadb_x_policy_type
== IPSEC_POLICY_ENTRUST
2036 || xpl0
->sadb_x_policy_type
== IPSEC_POLICY_BYPASS
) {
2037 ipseclog((LOG_DEBUG
, "key_spdadd: Invalid policy type.\n"));
2038 return key_senderror(so
, m
, EINVAL
);
2041 /* policy requests are mandatory when action is ipsec. */
2042 if (mhp
->msg
->sadb_msg_type
!= SADB_X_SPDSETIDX
2043 && xpl0
->sadb_x_policy_type
== IPSEC_POLICY_IPSEC
2044 && mhp
->extlen
[SADB_X_EXT_POLICY
] <= sizeof(*xpl0
)) {
2045 ipseclog((LOG_DEBUG
, "key_spdadd: some policy requests part required.\n"));
2046 return key_senderror(so
, m
, EINVAL
);
2050 * checking there is SP already or not.
2051 * SPDUPDATE doesn't depend on whether there is a SP or not.
2052 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2055 lck_mtx_lock(sadb_mutex
);
2056 newsp
= key_getsp(&spidx
);
2057 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2059 newsp
->state
= IPSEC_SPSTATE_DEAD
;
2060 key_freesp(newsp
, KEY_SADB_LOCKED
);
2063 if (newsp
!= NULL
) {
2064 key_freesp(newsp
, KEY_SADB_LOCKED
);
2065 ipseclog((LOG_DEBUG
, "key_spdadd: a SP entry exists already.\n"));
2066 lck_mtx_unlock(sadb_mutex
);
2067 return key_senderror(so
, m
, EEXIST
);
2070 lck_mtx_unlock(sadb_mutex
);
2071 /* allocation new SP entry */
2072 if ((newsp
= key_msg2sp(xpl0
, PFKEY_EXTLEN(xpl0
), &error
)) == NULL
) {
2073 return key_senderror(so
, m
, error
);
2076 if ((newsp
->id
= key_getnewspid()) == 0) {
2077 keydb_delsecpolicy(newsp
);
2078 return key_senderror(so
, m
, ENOBUFS
);
2081 /* XXX boundary check against sa_len */
2082 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2085 src0
->sadb_address_prefixlen
,
2086 dst0
->sadb_address_prefixlen
,
2087 src0
->sadb_address_proto
,
2090 /* sanity check on addr pair */
2091 if (((struct sockaddr
*)(src0
+ 1))->sa_family
!=
2092 ((struct sockaddr
*)(dst0
+ 1))->sa_family
) {
2093 keydb_delsecpolicy(newsp
);
2094 return key_senderror(so
, m
, EINVAL
);
2096 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
2097 ((struct sockaddr
*)(dst0
+ 1))->sa_len
) {
2098 keydb_delsecpolicy(newsp
);
2099 return key_senderror(so
, m
, EINVAL
);
2103 * allow IPv6 over IPv4 tunnels using ESP -
2104 * otherwise reject if inner and outer address families not equal
2106 if (newsp
->req
&& newsp
->req
->saidx
.src
.ss_family
) {
2107 struct sockaddr
*sa
;
2108 sa
= (struct sockaddr
*)(src0
+ 1);
2109 if (sa
->sa_family
!= newsp
->req
->saidx
.src
.ss_family
) {
2110 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
2111 || sa
->sa_family
!= AF_INET6
|| newsp
->req
->saidx
.src
.ss_family
!= AF_INET
) {
2112 keydb_delsecpolicy(newsp
);
2113 return key_senderror(so
, m
, EINVAL
);
2117 if (newsp
->req
&& newsp
->req
->saidx
.dst
.ss_family
) {
2118 struct sockaddr
*sa
;
2119 sa
= (struct sockaddr
*)(dst0
+ 1);
2120 if (sa
->sa_family
!= newsp
->req
->saidx
.dst
.ss_family
) {
2121 if (newsp
->req
->saidx
.mode
!= IPSEC_MODE_TUNNEL
|| newsp
->req
->saidx
.proto
!= IPPROTO_ESP
2122 || sa
->sa_family
!= AF_INET6
|| newsp
->req
->saidx
.dst
.ss_family
!= AF_INET
) {
2123 keydb_delsecpolicy(newsp
);
2124 return key_senderror(so
, m
, EINVAL
);
2131 newsp
->created
= tv
.tv_sec
;
2132 newsp
->lastused
= tv
.tv_sec
;
2133 newsp
->lifetime
= lft
? lft
->sadb_lifetime_addtime
: 0;
2134 newsp
->validtime
= lft
? lft
->sadb_lifetime_usetime
: 0;
2136 newsp
->refcnt
= 1; /* do not reclaim until I say I do */
2137 newsp
->state
= IPSEC_SPSTATE_ALIVE
;
2138 lck_mtx_lock(sadb_mutex
);
2140 * policies of type generate should be at the end of the SPD
2141 * because they function as default discard policies
2143 if (newsp
->policy
== IPSEC_POLICY_GENERATE
)
2144 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2145 else { /* XXX until we have policy ordering in the kernel */
2146 struct secpolicy
*tmpsp
;
2148 LIST_FOREACH(tmpsp
, &sptree
[newsp
->spidx
.dir
], chain
)
2149 if (tmpsp
->policy
== IPSEC_POLICY_GENERATE
)
2152 LIST_INSERT_BEFORE(tmpsp
, newsp
, chain
);
2154 LIST_INSERT_TAIL(&sptree
[newsp
->spidx
.dir
], newsp
, secpolicy
, chain
);
2157 ipsec_policy_count
++;
2158 /* Turn off the ipsec bypass */
2159 if (ipsec_bypass
!= 0)
2162 /* delete the entry in spacqtree */
2163 if (mhp
->msg
->sadb_msg_type
== SADB_X_SPDUPDATE
) {
2164 struct secspacq
*spacq
;
2165 if ((spacq
= key_getspacq(&spidx
)) != NULL
) {
2166 /* reset counter in order to deletion by timehandler. */
2168 spacq
->created
= tv
.tv_sec
;
2172 lck_mtx_unlock(sadb_mutex
);
2175 struct mbuf
*n
, *mpolicy
;
2176 struct sadb_msg
*newmsg
;
2179 /* create new sadb_msg to reply. */
2181 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2182 SADB_EXT_LIFETIME_HARD
, SADB_EXT_ADDRESS_SRC
,
2183 SADB_EXT_ADDRESS_DST
};
2184 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2186 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2187 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
2188 n
= key_gather_mbuf(m
, mhp
, 2, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2191 return key_senderror(so
, m
, ENOBUFS
);
2193 if (n
->m_len
< sizeof(*newmsg
)) {
2194 n
= m_pullup(n
, sizeof(*newmsg
));
2196 return key_senderror(so
, m
, ENOBUFS
);
2198 newmsg
= mtod(n
, struct sadb_msg
*);
2199 newmsg
->sadb_msg_errno
= 0;
2200 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2203 mpolicy
= m_pulldown(n
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)),
2204 sizeof(*xpl
), &off
);
2205 if (mpolicy
== NULL
) {
2206 /* n is already freed */
2207 return key_senderror(so
, m
, ENOBUFS
);
2209 xpl
= (struct sadb_x_policy
*)(mtod(mpolicy
, caddr_t
) + off
);
2210 if (xpl
->sadb_x_policy_exttype
!= SADB_X_EXT_POLICY
) {
2212 return key_senderror(so
, m
, EINVAL
);
2214 xpl
->sadb_x_policy_id
= newsp
->id
;
2217 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2222 * get new policy id.
2230 u_int32_t newid
= 0;
2231 int count
= key_spi_trycnt
; /* XXX */
2232 struct secpolicy
*sp
;
2234 /* when requesting to allocate spi ranged */
2235 lck_mtx_lock(sadb_mutex
);
2237 newid
= (policy_id
= (policy_id
== ~0 ? 1 : policy_id
+ 1));
2239 if ((sp
= key_getspbyid(newid
)) == NULL
)
2242 key_freesp(sp
, KEY_SADB_LOCKED
);
2244 lck_mtx_unlock(sadb_mutex
);
2245 if (count
== 0 || newid
== 0) {
2246 ipseclog((LOG_DEBUG
, "key_getnewspid: to allocate policy id is failed.\n"));
2254 * SADB_SPDDELETE processing
2256 * <base, address(SD), policy(*)>
2257 * from the user(?), and set SADB_SASTATE_DEAD,
2259 * <base, address(SD), policy(*)>
2261 * policy(*) including direction of policy.
2263 * m will always be freed.
2266 key_spddelete(so
, m
, mhp
)
2269 const struct sadb_msghdr
*mhp
;
2271 struct sadb_address
*src0
, *dst0
;
2272 struct sadb_x_policy
*xpl0
;
2273 struct secpolicyindex spidx
;
2274 struct secpolicy
*sp
;
2276 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2279 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2280 panic("key_spddelete: NULL pointer is passed.\n");
2282 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
2283 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
2284 mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
) {
2285 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2286 return key_senderror(so
, m
, EINVAL
);
2288 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
2289 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
2290 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2291 ipseclog((LOG_DEBUG
, "key_spddelete: invalid message is passed.\n"));
2292 return key_senderror(so
, m
, EINVAL
);
2295 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
2296 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
2297 xpl0
= (struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
];
2300 /* XXX boundary check against sa_len */
2301 KEY_SETSECSPIDX(xpl0
->sadb_x_policy_dir
,
2304 src0
->sadb_address_prefixlen
,
2305 dst0
->sadb_address_prefixlen
,
2306 src0
->sadb_address_proto
,
2309 /* checking the direciton. */
2310 switch (xpl0
->sadb_x_policy_dir
) {
2311 case IPSEC_DIR_INBOUND
:
2312 case IPSEC_DIR_OUTBOUND
:
2315 ipseclog((LOG_DEBUG
, "key_spddelete: Invalid SP direction.\n"));
2316 return key_senderror(so
, m
, EINVAL
);
2319 /* Is there SP in SPD ? */
2320 lck_mtx_lock(sadb_mutex
);
2321 if ((sp
= key_getsp(&spidx
)) == NULL
) {
2322 ipseclog((LOG_DEBUG
, "key_spddelete: no SP found.\n"));
2323 lck_mtx_unlock(sadb_mutex
);
2324 return key_senderror(so
, m
, EINVAL
);
2327 /* save policy id to buffer to be returned. */
2328 xpl0
->sadb_x_policy_id
= sp
->id
;
2330 sp
->state
= IPSEC_SPSTATE_DEAD
;
2331 key_freesp(sp
, KEY_SADB_LOCKED
);
2332 lck_mtx_unlock(sadb_mutex
);
2337 struct sadb_msg
*newmsg
;
2338 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_X_EXT_POLICY
,
2339 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
2341 /* create new sadb_msg to reply. */
2342 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
2344 return key_senderror(so
, m
, ENOBUFS
);
2346 newmsg
= mtod(n
, struct sadb_msg
*);
2347 newmsg
->sadb_msg_errno
= 0;
2348 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2351 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2356 * SADB_SPDDELETE2 processing
2359 * from the user(?), and set SADB_SASTATE_DEAD,
2363 * policy(*) including direction of policy.
2365 * m will always be freed.
2368 key_spddelete2(so
, m
, mhp
)
2371 const struct sadb_msghdr
*mhp
;
2374 struct secpolicy
*sp
;
2376 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2379 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2380 panic("key_spddelete2: NULL pointer is passed.\n");
2382 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2383 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2384 ipseclog((LOG_DEBUG
, "key_spddelete2: invalid message is passed.\n"));
2385 key_senderror(so
, m
, EINVAL
);
2389 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2391 /* Is there SP in SPD ? */
2392 lck_mtx_lock(sadb_mutex
);
2393 if ((sp
= key_getspbyid(id
)) == NULL
) {
2394 lck_mtx_unlock(sadb_mutex
);
2395 ipseclog((LOG_DEBUG
, "key_spddelete2: no SP found id:%u.\n", id
));
2396 return key_senderror(so
, m
, EINVAL
);
2399 sp
->state
= IPSEC_SPSTATE_DEAD
;
2400 key_freesp(sp
, KEY_SADB_LOCKED
);
2401 lck_mtx_unlock(sadb_mutex
);
2404 struct mbuf
*n
, *nn
;
2405 struct sadb_msg
*newmsg
;
2408 /* create new sadb_msg to reply. */
2409 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2412 return key_senderror(so
, m
, ENOBUFS
);
2413 MGETHDR(n
, M_DONTWAIT
, MT_DATA
);
2414 if (n
&& len
> MHLEN
) {
2415 MCLGET(n
, M_DONTWAIT
);
2416 if ((n
->m_flags
& M_EXT
) == 0) {
2422 return key_senderror(so
, m
, ENOBUFS
);
2428 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
2429 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2433 panic("length inconsistency in key_spddelete2");
2436 n
->m_next
= m_copym(m
, mhp
->extoff
[SADB_X_EXT_POLICY
],
2437 mhp
->extlen
[SADB_X_EXT_POLICY
], M_DONTWAIT
);
2440 return key_senderror(so
, m
, ENOBUFS
);
2443 n
->m_pkthdr
.len
= 0;
2444 for (nn
= n
; nn
; nn
= nn
->m_next
)
2445 n
->m_pkthdr
.len
+= nn
->m_len
;
2447 newmsg
= mtod(n
, struct sadb_msg
*);
2448 newmsg
->sadb_msg_errno
= 0;
2449 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
2452 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
2457 * SADB_X_GET processing
2462 * <base, address(SD), policy>
2464 * policy(*) including direction of policy.
2466 * m will always be freed.
2469 key_spdget(so
, m
, mhp
)
2472 const struct sadb_msghdr
*mhp
;
2475 struct secpolicy
*sp
;
2478 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2481 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2482 panic("key_spdget: NULL pointer is passed.\n");
2484 if (mhp
->ext
[SADB_X_EXT_POLICY
] == NULL
||
2485 mhp
->extlen
[SADB_X_EXT_POLICY
] < sizeof(struct sadb_x_policy
)) {
2486 ipseclog((LOG_DEBUG
, "key_spdget: invalid message is passed.\n"));
2487 return key_senderror(so
, m
, EINVAL
);
2490 id
= ((struct sadb_x_policy
*)mhp
->ext
[SADB_X_EXT_POLICY
])->sadb_x_policy_id
;
2492 /* Is there SP in SPD ? */
2493 lck_mtx_lock(sadb_mutex
);
2494 if ((sp
= key_getspbyid(id
)) == NULL
) {
2495 ipseclog((LOG_DEBUG
, "key_spdget: no SP found id:%u.\n", id
));
2496 lck_mtx_unlock(sadb_mutex
);
2497 return key_senderror(so
, m
, ENOENT
);
2499 lck_mtx_unlock(sadb_mutex
);
2500 n
= key_setdumpsp(sp
, SADB_X_SPDGET
, 0, mhp
->msg
->sadb_msg_pid
);
2503 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2505 return key_senderror(so
, m
, ENOBUFS
);
2509 * SADB_X_SPDACQUIRE processing.
2510 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2513 * to KMD, and expect to receive
2514 * <base> with SADB_X_SPDACQUIRE if error occurred,
2517 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2518 * policy(*) is without policy requests.
2521 * others: error number
2525 struct secpolicy
*sp
;
2527 struct mbuf
*result
= NULL
, *m
;
2528 struct secspacq
*newspacq
;
2531 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2535 panic("key_spdacquire: NULL pointer is passed.\n");
2536 if (sp
->req
!= NULL
)
2537 panic("key_spdacquire: called but there is request.\n");
2538 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2539 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2541 /* get a entry to check whether sent message or not. */
2542 lck_mtx_lock(sadb_mutex
);
2543 if ((newspacq
= key_getspacq(&sp
->spidx
)) != NULL
) {
2544 if (key_blockacq_count
< newspacq
->count
) {
2545 /* reset counter and do send message. */
2546 newspacq
->count
= 0;
2548 /* increment counter and do nothing. */
2550 lck_mtx_unlock(sadb_mutex
);
2554 /* make new entry for blocking to send SADB_ACQUIRE. */
2555 if ((newspacq
= key_newspacq(&sp
->spidx
)) == NULL
) {
2556 lck_mtx_unlock(sadb_mutex
);
2559 /* add to acqtree */
2560 LIST_INSERT_HEAD(&spacqtree
, newspacq
, chain
);
2562 lck_mtx_unlock(sadb_mutex
);
2563 /* create new sadb_msg to reply. */
2564 m
= key_setsadbmsg(SADB_X_SPDACQUIRE
, 0, 0, 0, 0, 0);
2571 result
->m_pkthdr
.len
= 0;
2572 for (m
= result
; m
; m
= m
->m_next
)
2573 result
->m_pkthdr
.len
+= m
->m_len
;
2575 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2576 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2578 return key_sendup_mbuf(NULL
, m
, KEY_SENDUP_REGISTERED
);
2587 * SADB_SPDFLUSH processing
2590 * from the user, and free all entries in secpctree.
2594 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2596 * m will always be freed.
2599 key_spdflush(so
, m
, mhp
)
2602 const struct sadb_msghdr
*mhp
;
2604 struct sadb_msg
*newmsg
;
2605 struct secpolicy
*sp
;
2609 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2610 panic("key_spdflush: NULL pointer is passed.\n");
2612 if (m
->m_len
!= PFKEY_ALIGN8(sizeof(struct sadb_msg
)))
2613 return key_senderror(so
, m
, EINVAL
);
2615 lck_mtx_lock(sadb_mutex
);
2616 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2617 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2618 sp
->state
= IPSEC_SPSTATE_DEAD
;
2621 lck_mtx_unlock(sadb_mutex
);
2623 if (sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
2624 ipseclog((LOG_DEBUG
, "key_spdflush: No more memory.\n"));
2625 return key_senderror(so
, m
, ENOBUFS
);
2631 m
->m_pkthdr
.len
= m
->m_len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
2632 newmsg
= mtod(m
, struct sadb_msg
*);
2633 newmsg
->sadb_msg_errno
= 0;
2634 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
2636 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
2640 * SADB_SPDDUMP processing
2643 * from the user, and dump all SP leaves
2648 * m will always be freed.
2652 key_spddump(so
, m
, mhp
)
2655 const struct sadb_msghdr
*mhp
;
2657 struct secpolicy
*sp
, **spbuf
= NULL
, **sp_ptr
;
2658 int cnt
= 0, bufcount
;
2664 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
2665 panic("key_spddump: NULL pointer is passed.\n");
2667 if ((bufcount
= ipsec_policy_count
) == 0) {
2671 bufcount
+= 256; /* extra */
2672 KMALLOC_WAIT(spbuf
, struct secpolicy
**, bufcount
* sizeof(struct secpolicy
*));
2673 if (spbuf
== NULL
) {
2674 ipseclog((LOG_DEBUG
, "key_spddump: No more memory.\n"));
2678 lck_mtx_lock(sadb_mutex
);
2679 /* search SPD entry, make list. */
2681 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
2682 LIST_FOREACH(sp
, &sptree
[dir
], chain
) {
2683 if (cnt
== bufcount
)
2684 break; /* buffer full */
2690 lck_mtx_unlock(sadb_mutex
);
2700 n
= key_setdumpsp(*sp_ptr
++, SADB_X_SPDDUMP
, cnt
,
2701 mhp
->msg
->sadb_msg_pid
);
2704 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
2707 lck_mtx_lock(sadb_mutex
);
2708 while (sp_ptr
> spbuf
)
2709 key_freesp(*(--sp_ptr
), KEY_SADB_LOCKED
);
2710 lck_mtx_unlock(sadb_mutex
);
2716 return key_senderror(so
, m
, error
);
2723 static struct mbuf
*
2724 key_setdumpsp(sp
, type
, seq
, pid
)
2725 struct secpolicy
*sp
;
2729 struct mbuf
*result
= NULL
, *m
;
2731 m
= key_setsadbmsg(type
, 0, SADB_SATYPE_UNSPEC
, seq
, pid
, sp
->refcnt
);
2736 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2737 (struct sockaddr
*)&sp
->spidx
.src
, sp
->spidx
.prefs
,
2738 sp
->spidx
.ul_proto
);
2743 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2744 (struct sockaddr
*)&sp
->spidx
.dst
, sp
->spidx
.prefd
,
2745 sp
->spidx
.ul_proto
);
2755 if ((result
->m_flags
& M_PKTHDR
) == 0)
2758 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2759 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2764 result
->m_pkthdr
.len
= 0;
2765 for (m
= result
; m
; m
= m
->m_next
)
2766 result
->m_pkthdr
.len
+= m
->m_len
;
2768 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2769 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2779 * get PFKEY message length for security policy and request.
2782 key_getspreqmsglen(sp
)
2783 struct secpolicy
*sp
;
2787 tlen
= sizeof(struct sadb_x_policy
);
2789 /* if is the policy for ipsec ? */
2790 if (sp
->policy
!= IPSEC_POLICY_IPSEC
)
2793 /* get length of ipsec requests */
2795 struct ipsecrequest
*isr
;
2798 for (isr
= sp
->req
; isr
!= NULL
; isr
= isr
->next
) {
2799 len
= sizeof(struct sadb_x_ipsecrequest
)
2800 + isr
->saidx
.src
.ss_len
2801 + isr
->saidx
.dst
.ss_len
;
2803 tlen
+= PFKEY_ALIGN8(len
);
2811 * SADB_SPDEXPIRE processing
2813 * <base, address(SD), lifetime(CH), policy>
2817 * others : error number
2821 struct secpolicy
*sp
;
2823 struct mbuf
*result
= NULL
, *m
;
2826 struct sadb_lifetime
*lt
;
2828 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
2832 panic("key_spdexpire: NULL pointer is passed.\n");
2834 /* set msg header */
2835 m
= key_setsadbmsg(SADB_X_SPDEXPIRE
, 0, 0, 0, 0, 0);
2842 /* create lifetime extension (current and hard) */
2843 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
2844 m
= key_alloc_mbuf(len
);
2845 if (!m
|| m
->m_next
) { /*XXX*/
2851 bzero(mtod(m
, caddr_t
), len
);
2852 lt
= mtod(m
, struct sadb_lifetime
*);
2853 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2854 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
2855 lt
->sadb_lifetime_allocations
= 0;
2856 lt
->sadb_lifetime_bytes
= 0;
2857 lt
->sadb_lifetime_addtime
= sp
->created
;
2858 lt
->sadb_lifetime_usetime
= sp
->lastused
;
2859 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
2860 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
2861 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_HARD
;
2862 lt
->sadb_lifetime_allocations
= 0;
2863 lt
->sadb_lifetime_bytes
= 0;
2864 lt
->sadb_lifetime_addtime
= sp
->lifetime
;
2865 lt
->sadb_lifetime_usetime
= sp
->validtime
;
2868 /* set sadb_address for source */
2869 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
2870 (struct sockaddr
*)&sp
->spidx
.src
,
2871 sp
->spidx
.prefs
, sp
->spidx
.ul_proto
);
2878 /* set sadb_address for destination */
2879 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
2880 (struct sockaddr
*)&sp
->spidx
.dst
,
2881 sp
->spidx
.prefd
, sp
->spidx
.ul_proto
);
2896 if ((result
->m_flags
& M_PKTHDR
) == 0) {
2901 if (result
->m_len
< sizeof(struct sadb_msg
)) {
2902 result
= m_pullup(result
, sizeof(struct sadb_msg
));
2903 if (result
== NULL
) {
2909 result
->m_pkthdr
.len
= 0;
2910 for (m
= result
; m
; m
= m
->m_next
)
2911 result
->m_pkthdr
.len
+= m
->m_len
;
2913 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
2914 PFKEY_UNIT64(result
->m_pkthdr
.len
);
2916 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
2924 /* %%% SAD management */
2926 * allocating a memory for new SA head, and copy from the values of mhp.
2927 * OUT: NULL : failure due to the lack of memory.
2928 * others : pointer to new SA head.
2930 static struct secashead
*
2932 struct secasindex
*saidx
;
2934 struct secashead
*newsah
;
2938 panic("key_newsaidx: NULL pointer is passed.\n");
2940 newsah
= keydb_newsecashead();
2944 bcopy(saidx
, &newsah
->saidx
, sizeof(newsah
->saidx
));
2946 /* remove the ports */
2947 switch (saidx
->src
.ss_family
) {
2949 ((struct sockaddr_in
*)(&newsah
->saidx
.src
))->sin_port
= IPSEC_PORT_ANY
;
2952 ((struct sockaddr_in6
*)(&newsah
->saidx
.src
))->sin6_port
= IPSEC_PORT_ANY
;
2957 switch (saidx
->dst
.ss_family
) {
2959 ((struct sockaddr_in
*)(&newsah
->saidx
.dst
))->sin_port
= IPSEC_PORT_ANY
;
2962 ((struct sockaddr_in6
*)(&newsah
->saidx
.dst
))->sin6_port
= IPSEC_PORT_ANY
;
2968 /* add to saidxtree */
2969 newsah
->state
= SADB_SASTATE_MATURE
;
2970 LIST_INSERT_HEAD(&sahtree
, newsah
, chain
);
2976 * delete SA index and all SA registerd.
2980 struct secashead
*sah
;
2982 struct secasvar
*sav
, *nextsav
;
2983 u_int stateidx
, state
;
2986 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
2990 panic("key_delsah: NULL pointer is passed.\n");
2992 /* searching all SA registerd in the secindex. */
2994 stateidx
< _ARRAYLEN(saorder_state_any
);
2997 state
= saorder_state_any
[stateidx
];
2998 for (sav
= (struct secasvar
*)LIST_FIRST(&sah
->savtree
[state
]);
3002 nextsav
= LIST_NEXT(sav
, chain
);
3004 if (sav
->refcnt
> 0) {
3005 /* give up to delete this sa */
3011 KEY_CHKSASTATE(state
, sav
->state
, "key_delsah");
3013 key_freesav(sav
, KEY_SADB_LOCKED
);
3015 /* remove back pointer */
3021 /* don't delete sah only if there are savs. */
3025 if (sah
->sa_route
.ro_rt
) {
3026 rtfree(sah
->sa_route
.ro_rt
);
3027 sah
->sa_route
.ro_rt
= (struct rtentry
*)NULL
;
3030 /* remove from tree of SA index */
3031 if (__LIST_CHAINED(sah
))
3032 LIST_REMOVE(sah
, chain
);
3040 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3041 * and copy the values of mhp into new buffer.
3042 * When SAD message type is GETSPI:
3043 * to set sequence number from acq_seq++,
3044 * to set zero to SPI.
3045 * not to call key_setsava().
3047 * others : pointer to new secasvar.
3049 * does not modify mbuf. does not free mbuf on error.
3051 static struct secasvar
*
3052 key_newsav(m
, mhp
, sah
, errp
)
3054 const struct sadb_msghdr
*mhp
;
3055 struct secashead
*sah
;
3058 struct secasvar
*newsav
;
3059 const struct sadb_sa
*xsa
;
3061 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3064 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
|| sah
== NULL
)
3065 panic("key_newsa: NULL pointer is passed.\n");
3067 KMALLOC_NOWAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3068 if (newsav
== NULL
) {
3069 lck_mtx_unlock(sadb_mutex
);
3070 KMALLOC_WAIT(newsav
, struct secasvar
*, sizeof(struct secasvar
));
3071 lck_mtx_lock(sadb_mutex
);
3072 if (newsav
== NULL
) {
3073 ipseclog((LOG_DEBUG
, "key_newsa: No more memory.\n"));
3078 bzero((caddr_t
)newsav
, sizeof(struct secasvar
));
3080 switch (mhp
->msg
->sadb_msg_type
) {
3082 key_setspi(newsav
, 0);
3084 #if IPSEC_DOSEQCHECK
3085 /* sync sequence number */
3086 if (mhp
->msg
->sadb_msg_seq
== 0)
3088 (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
3091 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3096 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
3098 ipseclog((LOG_DEBUG
, "key_newsa: invalid message is passed.\n"));
3102 xsa
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
3103 key_setspi(newsav
, xsa
->sadb_sa_spi
);
3104 newsav
->seq
= mhp
->msg
->sadb_msg_seq
;
3112 /* copy sav values */
3113 if (mhp
->msg
->sadb_msg_type
!= SADB_GETSPI
) {
3114 *errp
= key_setsaval(newsav
, m
, mhp
);
3116 if (newsav
->spihash
.le_prev
|| newsav
->spihash
.le_next
)
3117 LIST_REMOVE(newsav
, spihash
);
3127 newsav
->created
= tv
.tv_sec
;
3130 newsav
->pid
= mhp
->msg
->sadb_msg_pid
;
3135 newsav
->state
= SADB_SASTATE_LARVAL
;
3136 LIST_INSERT_TAIL(&sah
->savtree
[SADB_SASTATE_LARVAL
], newsav
,
3144 * free() SA variable entry.
3148 struct secasvar
*sav
;
3151 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3155 panic("key_delsav: NULL pointer is passed.\n");
3157 if (sav
->refcnt
> 0)
3158 return; /* can't free */
3160 /* remove from SA header */
3161 if (__LIST_CHAINED(sav
))
3162 LIST_REMOVE(sav
, chain
);
3165 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
3166 LIST_REMOVE(sav
, spihash
);
3168 if (sav
->key_auth
!= NULL
) {
3169 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
3170 KFREE(sav
->key_auth
);
3171 sav
->key_auth
= NULL
;
3173 if (sav
->key_enc
!= NULL
) {
3174 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
3175 KFREE(sav
->key_enc
);
3176 sav
->key_enc
= NULL
;
3179 bzero(sav
->sched
, sav
->schedlen
);
3183 if (sav
->replay
!= NULL
) {
3184 keydb_delsecreplay(sav
->replay
);
3187 if (sav
->lft_c
!= NULL
) {
3191 if (sav
->lft_h
!= NULL
) {
3195 if (sav
->lft_s
!= NULL
) {
3199 if (sav
->iv
!= NULL
) {
3213 * others : found, pointer to a SA.
3215 static struct secashead
*
3217 struct secasindex
*saidx
;
3219 struct secashead
*sah
;
3221 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3223 LIST_FOREACH(sah
, &sahtree
, chain
) {
3224 if (sah
->state
== SADB_SASTATE_DEAD
)
3226 if (key_cmpsaidx(&sah
->saidx
, saidx
, CMP_REQID
))
3234 * check not to be duplicated SPI.
3235 * NOTE: this function is too slow due to searching all SAD.
3238 * others : found, pointer to a SA.
3240 static struct secasvar
*
3241 key_checkspidup(saidx
, spi
)
3242 struct secasindex
*saidx
;
3245 struct secasvar
*sav
;
3246 u_int stateidx
, state
;
3248 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3250 /* check address family */
3251 if (saidx
->src
.ss_family
!= saidx
->dst
.ss_family
) {
3252 ipseclog((LOG_DEBUG
, "key_checkspidup: address family mismatched.\n"));
3257 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
3258 if (sav
->spi
!= spi
)
3261 stateidx
< _ARRAYLEN(saorder_state_alive
);
3263 state
= saorder_state_alive
[stateidx
];
3264 if (sav
->state
== state
&&
3265 key_ismyaddr((struct sockaddr
*)&sav
->sah
->saidx
.dst
))
3274 key_setspi(sav
, spi
)
3275 struct secasvar
*sav
;
3278 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3280 if (sav
->spihash
.le_prev
|| sav
->spihash
.le_next
)
3281 LIST_REMOVE(sav
, spihash
);
3282 LIST_INSERT_HEAD(&spihash
[SPIHASH(spi
)], sav
, spihash
);
3287 * search SAD litmited alive SA, protocol, SPI.
3290 * others : found, pointer to a SA.
3292 static struct secasvar
*
3293 key_getsavbyspi(sah
, spi
)
3294 struct secashead
*sah
;
3297 struct secasvar
*sav
, *match
;
3298 u_int stateidx
, state
, matchidx
;
3300 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3302 matchidx
= _ARRAYLEN(saorder_state_alive
);
3303 LIST_FOREACH(sav
, &spihash
[SPIHASH(spi
)], spihash
) {
3304 if (sav
->spi
!= spi
)
3306 if (sav
->sah
!= sah
)
3308 for (stateidx
= 0; stateidx
< matchidx
; stateidx
++) {
3309 state
= saorder_state_alive
[stateidx
];
3310 if (sav
->state
== state
) {
3312 matchidx
= stateidx
;
3322 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3323 * You must update these if need.
3327 * does not modify mbuf. does not free mbuf on error.
3330 key_setsaval(sav
, m
, mhp
)
3331 struct secasvar
*sav
;
3333 const struct sadb_msghdr
*mhp
;
3336 const struct esp_algorithm
*algo
;
3341 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3344 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
3345 panic("key_setsaval: NULL pointer is passed.\n");
3347 /* initialization */
3349 sav
->key_auth
= NULL
;
3350 sav
->key_enc
= NULL
;
3357 sav
->remote_ike_port
= 0;
3358 sav
->natt_last_activity
= natt_now
;
3359 sav
->natt_encapsulated_src_port
= 0;
3362 if (mhp
->ext
[SADB_EXT_SA
] != NULL
) {
3363 const struct sadb_sa
*sa0
;
3365 sa0
= (const struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
3366 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(*sa0
)) {
3367 ipseclog((LOG_DEBUG
, "key_setsaval: invalid message size.\n"));
3372 sav
->alg_auth
= sa0
->sadb_sa_auth
;
3373 sav
->alg_enc
= sa0
->sadb_sa_encrypt
;
3374 sav
->flags
= sa0
->sadb_sa_flags
;
3377 * Verify that a nat-traversal port was specified if
3378 * the nat-traversal flag is set.
3380 if ((sav
->flags
& SADB_X_EXT_NATT
) != 0) {
3381 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa_2
) ||
3382 ((struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
== 0) {
3383 ipseclog((LOG_DEBUG
, "key_setsaval: natt port not set.\n"));
3387 sav
->remote_ike_port
= ((struct sadb_sa_2
*)(sa0
))->sadb_sa_natt_port
;
3391 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
3392 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
3393 * set (we're not behind nat) - otherwise clear it.
3395 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0)
3396 if ((sav
->flags
& SADB_X_EXT_NATT
) == 0 ||
3397 (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0)
3398 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
3401 if ((sa0
->sadb_sa_flags
& SADB_X_EXT_OLD
) == 0) {
3402 sav
->replay
= keydb_newsecreplay(sa0
->sadb_sa_replay
);
3403 if (sav
->replay
== NULL
) {
3404 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3411 /* Authentication keys */
3412 if (mhp
->ext
[SADB_EXT_KEY_AUTH
] != NULL
) {
3413 const struct sadb_key
*key0
;
3416 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_AUTH
];
3417 len
= mhp
->extlen
[SADB_EXT_KEY_AUTH
];
3420 if (len
< sizeof(*key0
)) {
3421 ipseclog((LOG_DEBUG
, "key_setsaval: invalid auth key ext len. len = %d\n", len
));
3425 switch (mhp
->msg
->sadb_msg_satype
) {
3426 case SADB_SATYPE_AH
:
3427 case SADB_SATYPE_ESP
:
3428 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
3429 sav
->alg_auth
!= SADB_X_AALG_NULL
)
3432 case SADB_X_SATYPE_IPCOMP
:
3438 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_auth values.\n"));
3442 sav
->key_auth
= (struct sadb_key
*)key_newbuf(key0
, len
);
3443 if (sav
->key_auth
== NULL
) {
3444 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3450 /* Encryption key */
3451 if (mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] != NULL
) {
3452 const struct sadb_key
*key0
;
3455 key0
= (const struct sadb_key
*)mhp
->ext
[SADB_EXT_KEY_ENCRYPT
];
3456 len
= mhp
->extlen
[SADB_EXT_KEY_ENCRYPT
];
3459 if (len
< sizeof(*key0
)) {
3460 ipseclog((LOG_DEBUG
, "key_setsaval: invalid encryption key ext len. len = %d\n", len
));
3464 switch (mhp
->msg
->sadb_msg_satype
) {
3465 case SADB_SATYPE_ESP
:
3466 if (len
== PFKEY_ALIGN8(sizeof(struct sadb_key
)) &&
3467 sav
->alg_enc
!= SADB_EALG_NULL
) {
3468 ipseclog((LOG_DEBUG
, "key_setsaval: invalid ESP algorithm.\n"));
3472 sav
->key_enc
= (struct sadb_key
*)key_newbuf(key0
, len
);
3473 if (sav
->key_enc
== NULL
) {
3474 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3479 case SADB_X_SATYPE_IPCOMP
:
3480 if (len
!= PFKEY_ALIGN8(sizeof(struct sadb_key
)))
3482 sav
->key_enc
= NULL
; /*just in case*/
3484 case SADB_SATYPE_AH
:
3490 ipseclog((LOG_DEBUG
, "key_setsaval: invalid key_enc value.\n"));
3498 switch (mhp
->msg
->sadb_msg_satype
) {
3499 case SADB_SATYPE_ESP
:
3501 algo
= esp_algorithm_lookup(sav
->alg_enc
);
3502 if (algo
&& algo
->ivlen
)
3503 sav
->ivlen
= (*algo
->ivlen
)(algo
, sav
);
3504 if (sav
->ivlen
== 0)
3506 KMALLOC_NOWAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
3508 lck_mtx_unlock(sadb_mutex
);
3509 KMALLOC_WAIT(sav
->iv
, caddr_t
, sav
->ivlen
);
3510 lck_mtx_lock(sadb_mutex
);
3512 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3519 key_randomfill(sav
->iv
, sav
->ivlen
);
3522 case SADB_SATYPE_AH
:
3523 case SADB_X_SATYPE_IPCOMP
:
3526 ipseclog((LOG_DEBUG
, "key_setsaval: invalid SA type.\n"));
3533 sav
->created
= tv
.tv_sec
;
3535 /* make lifetime for CURRENT */
3536 KMALLOC_NOWAIT(sav
->lft_c
, struct sadb_lifetime
*,
3537 sizeof(struct sadb_lifetime
));
3538 if (sav
->lft_c
== NULL
) {
3539 lck_mtx_unlock(sadb_mutex
);
3540 KMALLOC_WAIT(sav
->lft_c
, struct sadb_lifetime
*,
3541 sizeof(struct sadb_lifetime
));
3542 lck_mtx_lock(sadb_mutex
);
3543 if (sav
->lft_c
== NULL
) {
3544 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3552 sav
->lft_c
->sadb_lifetime_len
=
3553 PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
3554 sav
->lft_c
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
3555 sav
->lft_c
->sadb_lifetime_allocations
= 0;
3556 sav
->lft_c
->sadb_lifetime_bytes
= 0;
3557 sav
->lft_c
->sadb_lifetime_addtime
= tv
.tv_sec
;
3558 sav
->lft_c
->sadb_lifetime_usetime
= 0;
3560 /* lifetimes for HARD and SOFT */
3562 const struct sadb_lifetime
*lft0
;
3564 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_HARD
];
3566 if (mhp
->extlen
[SADB_EXT_LIFETIME_HARD
] < sizeof(*lft0
)) {
3567 ipseclog((LOG_DEBUG
, "key_setsaval: invalid hard lifetime ext len.\n"));
3571 sav
->lft_h
= (struct sadb_lifetime
*)key_newbuf(lft0
,
3573 if (sav
->lft_h
== NULL
) {
3574 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3578 /* to be initialize ? */
3581 lft0
= (struct sadb_lifetime
*)mhp
->ext
[SADB_EXT_LIFETIME_SOFT
];
3583 if (mhp
->extlen
[SADB_EXT_LIFETIME_SOFT
] < sizeof(*lft0
)) {
3584 ipseclog((LOG_DEBUG
, "key_setsaval: invalid soft lifetime ext len.\n"));
3588 sav
->lft_s
= (struct sadb_lifetime
*)key_newbuf(lft0
,
3590 if (sav
->lft_s
== NULL
) {
3591 ipseclog((LOG_DEBUG
, "key_setsaval: No more memory.\n"));
3595 /* to be initialize ? */
3602 /* initialization */
3603 if (sav
->replay
!= NULL
) {
3604 keydb_delsecreplay(sav
->replay
);
3607 if (sav
->key_auth
!= NULL
) {
3608 bzero(_KEYBUF(sav
->key_auth
), _KEYLEN(sav
->key_auth
));
3609 KFREE(sav
->key_auth
);
3610 sav
->key_auth
= NULL
;
3612 if (sav
->key_enc
!= NULL
) {
3613 bzero(_KEYBUF(sav
->key_enc
), _KEYLEN(sav
->key_enc
));
3614 KFREE(sav
->key_enc
);
3615 sav
->key_enc
= NULL
;
3618 bzero(sav
->sched
, sav
->schedlen
);
3622 if (sav
->iv
!= NULL
) {
3626 if (sav
->lft_c
!= NULL
) {
3630 if (sav
->lft_h
!= NULL
) {
3634 if (sav
->lft_s
!= NULL
) {
3643 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3649 struct secasvar
*sav
;
3652 int checkmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3653 int mustmask
= 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3657 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
3659 /* check SPI value */
3660 switch (sav
->sah
->saidx
.proto
) {
3663 if (ntohl(sav
->spi
) >= 0 && ntohl(sav
->spi
) <= 255) {
3664 ipseclog((LOG_DEBUG
,
3665 "key_mature: illegal range of SPI %u.\n",
3666 (u_int32_t
)ntohl(sav
->spi
)));
3673 switch (sav
->sah
->saidx
.proto
) {
3676 if ((sav
->flags
& SADB_X_EXT_OLD
)
3677 && (sav
->flags
& SADB_X_EXT_DERIV
)) {
3678 ipseclog((LOG_DEBUG
, "key_mature: "
3679 "invalid flag (derived) given to old-esp.\n"));
3682 if (sav
->alg_auth
== SADB_AALG_NONE
)
3690 if (sav
->flags
& SADB_X_EXT_DERIV
) {
3691 ipseclog((LOG_DEBUG
, "key_mature: "
3692 "invalid flag (derived) given to AH SA.\n"));
3695 if (sav
->alg_enc
!= SADB_EALG_NONE
) {
3696 ipseclog((LOG_DEBUG
, "key_mature: "
3697 "protocol and algorithm mismated.\n"));
3703 case IPPROTO_IPCOMP
:
3704 if (sav
->alg_auth
!= SADB_AALG_NONE
) {
3705 ipseclog((LOG_DEBUG
, "key_mature: "
3706 "protocol and algorithm mismated.\n"));
3709 if ((sav
->flags
& SADB_X_EXT_RAWCPI
) == 0
3710 && ntohl(sav
->spi
) >= 0x10000) {
3711 ipseclog((LOG_DEBUG
, "key_mature: invalid cpi for IPComp.\n"));
3718 ipseclog((LOG_DEBUG
, "key_mature: Invalid satype.\n"));
3719 return EPROTONOSUPPORT
;
3722 /* check authentication algorithm */
3723 if ((checkmask
& 2) != 0) {
3724 const struct ah_algorithm
*algo
;
3727 algo
= ah_algorithm_lookup(sav
->alg_auth
);
3729 ipseclog((LOG_DEBUG
,"key_mature: "
3730 "unknown authentication algorithm.\n"));
3734 /* algorithm-dependent check */
3736 keylen
= sav
->key_auth
->sadb_key_bits
;
3739 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
3740 ipseclog((LOG_DEBUG
,
3741 "key_mature: invalid AH key length %d "
3742 "(%d-%d allowed)\n",
3743 keylen
, algo
->keymin
, algo
->keymax
));
3748 if ((*algo
->mature
)(sav
)) {
3749 /* message generated in per-algorithm function*/
3752 mature
= SADB_SATYPE_AH
;
3755 if ((mustmask
& 2) != 0 && mature
!= SADB_SATYPE_AH
) {
3756 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for AH\n"));
3761 /* check encryption algorithm */
3762 if ((checkmask
& 1) != 0) {
3764 const struct esp_algorithm
*algo
;
3767 algo
= esp_algorithm_lookup(sav
->alg_enc
);
3769 ipseclog((LOG_DEBUG
, "key_mature: unknown encryption algorithm.\n"));
3773 /* algorithm-dependent check */
3775 keylen
= sav
->key_enc
->sadb_key_bits
;
3778 if (keylen
< algo
->keymin
|| algo
->keymax
< keylen
) {
3779 ipseclog((LOG_DEBUG
,
3780 "key_mature: invalid ESP key length %d "
3781 "(%d-%d allowed)\n",
3782 keylen
, algo
->keymin
, algo
->keymax
));
3787 if ((*algo
->mature
)(sav
)) {
3788 /* message generated in per-algorithm function*/
3791 mature
= SADB_SATYPE_ESP
;
3794 if ((mustmask
& 1) != 0 && mature
!= SADB_SATYPE_ESP
) {
3795 ipseclog((LOG_DEBUG
, "key_mature: no satisfy algorithm for ESP\n"));
3799 ipseclog((LOG_DEBUG
, "key_mature: ESP not supported in this configuration\n"));
3804 /* check compression algorithm */
3805 if ((checkmask
& 4) != 0) {
3806 const struct ipcomp_algorithm
*algo
;
3808 /* algorithm-dependent check */
3809 algo
= ipcomp_algorithm_lookup(sav
->alg_enc
);
3811 ipseclog((LOG_DEBUG
, "key_mature: unknown compression algorithm.\n"));
3816 key_sa_chgstate(sav
, SADB_SASTATE_MATURE
);
3822 * subroutine for SADB_GET and SADB_DUMP.
3824 static struct mbuf
*
3825 key_setdumpsa(sav
, type
, satype
, seq
, pid
)
3826 struct secasvar
*sav
;
3827 u_int8_t type
, satype
;
3830 struct mbuf
*result
= NULL
, *tres
= NULL
, *m
;
3835 SADB_EXT_SA
, SADB_X_EXT_SA2
,
3836 SADB_EXT_LIFETIME_HARD
, SADB_EXT_LIFETIME_SOFT
,
3837 SADB_EXT_LIFETIME_CURRENT
, SADB_EXT_ADDRESS_SRC
,
3838 SADB_EXT_ADDRESS_DST
, SADB_EXT_ADDRESS_PROXY
, SADB_EXT_KEY_AUTH
,
3839 SADB_EXT_KEY_ENCRYPT
, SADB_EXT_IDENTITY_SRC
,
3840 SADB_EXT_IDENTITY_DST
, SADB_EXT_SENSITIVITY
,
3843 m
= key_setsadbmsg(type
, 0, satype
, seq
, pid
, sav
->refcnt
);
3848 for (i
= sizeof(dumporder
)/sizeof(dumporder
[0]) - 1; i
>= 0; i
--) {
3851 switch (dumporder
[i
]) {
3853 m
= key_setsadbsa(sav
);
3858 case SADB_X_EXT_SA2
:
3859 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
3860 sav
->replay
? sav
->replay
->count
: 0,
3861 sav
->sah
->saidx
.reqid
);
3866 case SADB_EXT_ADDRESS_SRC
:
3867 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
3868 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
3869 FULLMASK
, IPSEC_ULPROTO_ANY
);
3874 case SADB_EXT_ADDRESS_DST
:
3875 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
3876 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
3877 FULLMASK
, IPSEC_ULPROTO_ANY
);
3882 case SADB_EXT_KEY_AUTH
:
3885 l
= PFKEY_UNUNIT64(sav
->key_auth
->sadb_key_len
);
3889 case SADB_EXT_KEY_ENCRYPT
:
3892 l
= PFKEY_UNUNIT64(sav
->key_enc
->sadb_key_len
);
3896 case SADB_EXT_LIFETIME_CURRENT
:
3899 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_c
)->sadb_ext_len
);
3903 case SADB_EXT_LIFETIME_HARD
:
3906 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_h
)->sadb_ext_len
);
3910 case SADB_EXT_LIFETIME_SOFT
:
3913 l
= PFKEY_UNUNIT64(((struct sadb_ext
*)sav
->lft_s
)->sadb_ext_len
);
3917 case SADB_EXT_ADDRESS_PROXY
:
3918 case SADB_EXT_IDENTITY_SRC
:
3919 case SADB_EXT_IDENTITY_DST
:
3920 /* XXX: should we brought from SPD ? */
3921 case SADB_EXT_SENSITIVITY
:
3926 if ((!m
&& !p
) || (m
&& p
))
3929 M_PREPEND(tres
, l
, M_DONTWAIT
);
3932 bcopy(p
, mtod(tres
, caddr_t
), l
);
3936 m
= key_alloc_mbuf(l
);
3939 m_copyback(m
, 0, l
, p
);
3947 m_cat(result
, tres
);
3949 if (result
->m_len
< sizeof(struct sadb_msg
)) {
3950 result
= m_pullup(result
, sizeof(struct sadb_msg
));
3955 result
->m_pkthdr
.len
= 0;
3956 for (m
= result
; m
; m
= m
->m_next
)
3957 result
->m_pkthdr
.len
+= m
->m_len
;
3959 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
3960 PFKEY_UNIT64(result
->m_pkthdr
.len
);
3971 * set data into sadb_msg.
3973 static struct mbuf
*
3974 key_setsadbmsg(type
, tlen
, satype
, seq
, pid
, reserved
)
3975 u_int8_t type
, satype
;
3985 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
3988 MGETHDR(m
, M_DONTWAIT
, MT_DATA
);
3989 if (m
&& len
> MHLEN
) {
3990 MCLGET(m
, M_DONTWAIT
);
3991 if ((m
->m_flags
& M_EXT
) == 0) {
3998 m
->m_pkthdr
.len
= m
->m_len
= len
;
4001 p
= mtod(m
, struct sadb_msg
*);
4004 p
->sadb_msg_version
= PF_KEY_V2
;
4005 p
->sadb_msg_type
= type
;
4006 p
->sadb_msg_errno
= 0;
4007 p
->sadb_msg_satype
= satype
;
4008 p
->sadb_msg_len
= PFKEY_UNIT64(tlen
);
4009 p
->sadb_msg_reserved
= reserved
;
4010 p
->sadb_msg_seq
= seq
;
4011 p
->sadb_msg_pid
= (u_int32_t
)pid
;
4017 * copy secasvar data into sadb_address.
4019 static struct mbuf
*
4021 struct secasvar
*sav
;
4027 len
= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
4028 m
= key_alloc_mbuf(len
);
4029 if (!m
|| m
->m_next
) { /*XXX*/
4035 p
= mtod(m
, struct sadb_sa
*);
4038 p
->sadb_sa_len
= PFKEY_UNIT64(len
);
4039 p
->sadb_sa_exttype
= SADB_EXT_SA
;
4040 p
->sadb_sa_spi
= sav
->spi
;
4041 p
->sadb_sa_replay
= (sav
->replay
!= NULL
? sav
->replay
->wsize
: 0);
4042 p
->sadb_sa_state
= sav
->state
;
4043 p
->sadb_sa_auth
= sav
->alg_auth
;
4044 p
->sadb_sa_encrypt
= sav
->alg_enc
;
4045 p
->sadb_sa_flags
= sav
->flags
;
4051 * set data into sadb_address.
4053 static struct mbuf
*
4054 key_setsadbaddr(exttype
, saddr
, prefixlen
, ul_proto
)
4056 struct sockaddr
*saddr
;
4061 struct sadb_address
*p
;
4064 len
= PFKEY_ALIGN8(sizeof(struct sadb_address
)) +
4065 PFKEY_ALIGN8(saddr
->sa_len
);
4066 m
= key_alloc_mbuf(len
);
4067 if (!m
|| m
->m_next
) { /*XXX*/
4073 p
= mtod(m
, struct sadb_address
*);
4076 p
->sadb_address_len
= PFKEY_UNIT64(len
);
4077 p
->sadb_address_exttype
= exttype
;
4078 p
->sadb_address_proto
= ul_proto
;
4079 if (prefixlen
== FULLMASK
) {
4080 switch (saddr
->sa_family
) {
4082 prefixlen
= sizeof(struct in_addr
) << 3;
4085 prefixlen
= sizeof(struct in6_addr
) << 3;
4091 p
->sadb_address_prefixlen
= prefixlen
;
4092 p
->sadb_address_reserved
= 0;
4095 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_address
)),
4103 * set data into sadb_ident.
4105 static struct mbuf
*
4106 key_setsadbident(exttype
, idtype
, string
, stringlen
, id
)
4107 u_int16_t exttype
, idtype
;
4113 struct sadb_ident
*p
;
4116 len
= PFKEY_ALIGN8(sizeof(struct sadb_ident
)) + PFKEY_ALIGN8(stringlen
);
4117 m
= key_alloc_mbuf(len
);
4118 if (!m
|| m
->m_next
) { /*XXX*/
4124 p
= mtod(m
, struct sadb_ident
*);
4127 p
->sadb_ident_len
= PFKEY_UNIT64(len
);
4128 p
->sadb_ident_exttype
= exttype
;
4129 p
->sadb_ident_type
= idtype
;
4130 p
->sadb_ident_reserved
= 0;
4131 p
->sadb_ident_id
= id
;
4134 mtod(m
, caddr_t
) + PFKEY_ALIGN8(sizeof(struct sadb_ident
)),
4142 * set data into sadb_x_sa2.
4144 static struct mbuf
*
4145 key_setsadbxsa2(mode
, seq
, reqid
)
4147 u_int32_t seq
, reqid
;
4150 struct sadb_x_sa2
*p
;
4153 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_sa2
));
4154 m
= key_alloc_mbuf(len
);
4155 if (!m
|| m
->m_next
) { /*XXX*/
4161 p
= mtod(m
, struct sadb_x_sa2
*);
4164 p
->sadb_x_sa2_len
= PFKEY_UNIT64(len
);
4165 p
->sadb_x_sa2_exttype
= SADB_X_EXT_SA2
;
4166 p
->sadb_x_sa2_mode
= mode
;
4167 p
->sadb_x_sa2_reserved1
= 0;
4168 p
->sadb_x_sa2_reserved2
= 0;
4169 p
->sadb_x_sa2_sequence
= seq
;
4170 p
->sadb_x_sa2_reqid
= reqid
;
4176 * set data into sadb_x_policy
4178 static struct mbuf
*
4179 key_setsadbxpolicy(type
, dir
, id
)
4185 struct sadb_x_policy
*p
;
4188 len
= PFKEY_ALIGN8(sizeof(struct sadb_x_policy
));
4189 m
= key_alloc_mbuf(len
);
4190 if (!m
|| m
->m_next
) { /*XXX*/
4196 p
= mtod(m
, struct sadb_x_policy
*);
4199 p
->sadb_x_policy_len
= PFKEY_UNIT64(len
);
4200 p
->sadb_x_policy_exttype
= SADB_X_EXT_POLICY
;
4201 p
->sadb_x_policy_type
= type
;
4202 p
->sadb_x_policy_dir
= dir
;
4203 p
->sadb_x_policy_id
= id
;
4210 * copy a buffer into the new buffer allocated.
4213 key_newbuf(src
, len
)
4219 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
4220 KMALLOC_NOWAIT(new, caddr_t
, len
);
4222 lck_mtx_unlock(sadb_mutex
);
4223 KMALLOC_WAIT(new, caddr_t
, len
);
4224 lck_mtx_lock(sadb_mutex
);
4226 ipseclog((LOG_DEBUG
, "key_newbuf: No more memory.\n"));
4230 bcopy(src
, new, len
);
4235 /* compare my own address
4236 * OUT: 1: true, i.e. my address.
4241 struct sockaddr
*sa
;
4244 struct sockaddr_in
*sin
;
4245 struct in_ifaddr
*ia
;
4250 panic("key_ismyaddr: NULL pointer is passed.\n");
4252 switch (sa
->sa_family
) {
4255 lck_mtx_lock(rt_mtx
);
4256 sin
= (struct sockaddr_in
*)sa
;
4257 for (ia
= in_ifaddrhead
.tqh_first
; ia
;
4258 ia
= ia
->ia_link
.tqe_next
)
4260 if (sin
->sin_family
== ia
->ia_addr
.sin_family
&&
4261 sin
->sin_len
== ia
->ia_addr
.sin_len
&&
4262 sin
->sin_addr
.s_addr
== ia
->ia_addr
.sin_addr
.s_addr
)
4264 lck_mtx_unlock(rt_mtx
);
4268 lck_mtx_unlock(rt_mtx
);
4273 return key_ismyaddr6((struct sockaddr_in6
*)sa
);
4282 * compare my own address for IPv6.
4285 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4287 #include <netinet6/in6_var.h>
4291 struct sockaddr_in6
*sin6
;
4293 struct in6_ifaddr
*ia
;
4294 struct in6_multi
*in6m
;
4296 lck_mtx_lock(nd6_mutex
);
4297 for (ia
= in6_ifaddrs
; ia
; ia
= ia
->ia_next
) {
4298 if (key_sockaddrcmp((struct sockaddr
*)&sin6
,
4299 (struct sockaddr
*)&ia
->ia_addr
, 0) == 0) {
4300 lck_mtx_unlock(nd6_mutex
);
4306 * XXX why do we care about multlicast here while we don't care
4307 * about IPv4 multicast??
4311 IN6_LOOKUP_MULTI(sin6
->sin6_addr
, ia
->ia_ifp
, in6m
);
4313 lck_mtx_unlock(nd6_mutex
);
4317 lck_mtx_unlock(nd6_mutex
);
4319 /* loopback, just for safety */
4320 if (IN6_IS_ADDR_LOOPBACK(&sin6
->sin6_addr
))
4328 * compare two secasindex structure.
4329 * flag can specify to compare 2 saidxes.
4330 * compare two secasindex structure without both mode and reqid.
4331 * don't compare port.
4333 * saidx0: source, it can be in SAD.
4340 key_cmpsaidx(saidx0
, saidx1
, flag
)
4341 struct secasindex
*saidx0
, *saidx1
;
4345 if (saidx0
== NULL
&& saidx1
== NULL
)
4348 if (saidx0
== NULL
|| saidx1
== NULL
)
4351 if (saidx0
->proto
!= saidx1
->proto
)
4354 if (flag
== CMP_EXACTLY
) {
4355 if (saidx0
->mode
!= saidx1
->mode
)
4357 if (saidx0
->reqid
!= saidx1
->reqid
)
4359 if (bcmp(&saidx0
->src
, &saidx1
->src
, saidx0
->src
.ss_len
) != 0 ||
4360 bcmp(&saidx0
->dst
, &saidx1
->dst
, saidx0
->dst
.ss_len
) != 0)
4364 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4365 if (flag
& CMP_REQID
) {
4367 * If reqid of SPD is non-zero, unique SA is required.
4368 * The result must be of same reqid in this case.
4370 if (saidx1
->reqid
!= 0 && saidx0
->reqid
!= saidx1
->reqid
)
4374 if (flag
& CMP_MODE
) {
4375 if (saidx0
->mode
!= IPSEC_MODE_ANY
4376 && saidx0
->mode
!= saidx1
->mode
)
4380 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->src
,
4381 (struct sockaddr
*)&saidx1
->src
, flag
& CMP_PORT
? 1 : 0) != 0) {
4384 if (key_sockaddrcmp((struct sockaddr
*)&saidx0
->dst
,
4385 (struct sockaddr
*)&saidx1
->dst
, flag
& CMP_PORT
? 1 : 0) != 0) {
4394 * compare two secindex structure exactly.
4396 * spidx0: source, it is often in SPD.
4397 * spidx1: object, it is often from PFKEY message.
4403 key_cmpspidx_exactly(spidx0
, spidx1
)
4404 struct secpolicyindex
*spidx0
, *spidx1
;
4407 if (spidx0
== NULL
&& spidx1
== NULL
)
4410 if (spidx0
== NULL
|| spidx1
== NULL
)
4413 if (spidx0
->prefs
!= spidx1
->prefs
4414 || spidx0
->prefd
!= spidx1
->prefd
4415 || spidx0
->ul_proto
!= spidx1
->ul_proto
)
4418 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->src
,
4419 (struct sockaddr
*)&spidx1
->src
, 1) != 0) {
4422 if (key_sockaddrcmp((struct sockaddr
*)&spidx0
->dst
,
4423 (struct sockaddr
*)&spidx1
->dst
, 1) != 0) {
4431 * compare two secindex structure with mask.
4433 * spidx0: source, it is often in SPD.
4434 * spidx1: object, it is often from IP header.
4440 key_cmpspidx_withmask(spidx0
, spidx1
)
4441 struct secpolicyindex
*spidx0
, *spidx1
;
4444 if (spidx0
== NULL
&& spidx1
== NULL
)
4447 if (spidx0
== NULL
|| spidx1
== NULL
)
4450 if (spidx0
->src
.ss_family
!= spidx1
->src
.ss_family
||
4451 spidx0
->dst
.ss_family
!= spidx1
->dst
.ss_family
||
4452 spidx0
->src
.ss_len
!= spidx1
->src
.ss_len
||
4453 spidx0
->dst
.ss_len
!= spidx1
->dst
.ss_len
)
4456 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4457 if (spidx0
->ul_proto
!= (u_int16_t
)IPSEC_ULPROTO_ANY
4458 && spidx0
->ul_proto
!= spidx1
->ul_proto
)
4461 switch (spidx0
->src
.ss_family
) {
4463 if (satosin(&spidx0
->src
)->sin_port
!= IPSEC_PORT_ANY
4464 && satosin(&spidx0
->src
)->sin_port
!=
4465 satosin(&spidx1
->src
)->sin_port
)
4467 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->src
)->sin_addr
,
4468 (caddr_t
)&satosin(&spidx1
->src
)->sin_addr
, spidx0
->prefs
))
4472 if (satosin6(&spidx0
->src
)->sin6_port
!= IPSEC_PORT_ANY
4473 && satosin6(&spidx0
->src
)->sin6_port
!=
4474 satosin6(&spidx1
->src
)->sin6_port
)
4477 * scope_id check. if sin6_scope_id is 0, we regard it
4478 * as a wildcard scope, which matches any scope zone ID.
4480 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
4481 satosin6(&spidx1
->src
)->sin6_scope_id
&&
4482 satosin6(&spidx0
->src
)->sin6_scope_id
!=
4483 satosin6(&spidx1
->src
)->sin6_scope_id
)
4485 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->src
)->sin6_addr
,
4486 (caddr_t
)&satosin6(&spidx1
->src
)->sin6_addr
, spidx0
->prefs
))
4491 if (bcmp(&spidx0
->src
, &spidx1
->src
, spidx0
->src
.ss_len
) != 0)
4496 switch (spidx0
->dst
.ss_family
) {
4498 if (satosin(&spidx0
->dst
)->sin_port
!= IPSEC_PORT_ANY
4499 && satosin(&spidx0
->dst
)->sin_port
!=
4500 satosin(&spidx1
->dst
)->sin_port
)
4502 if (!key_bbcmp((caddr_t
)&satosin(&spidx0
->dst
)->sin_addr
,
4503 (caddr_t
)&satosin(&spidx1
->dst
)->sin_addr
, spidx0
->prefd
))
4507 if (satosin6(&spidx0
->dst
)->sin6_port
!= IPSEC_PORT_ANY
4508 && satosin6(&spidx0
->dst
)->sin6_port
!=
4509 satosin6(&spidx1
->dst
)->sin6_port
)
4512 * scope_id check. if sin6_scope_id is 0, we regard it
4513 * as a wildcard scope, which matches any scope zone ID.
4515 if (satosin6(&spidx0
->src
)->sin6_scope_id
&&
4516 satosin6(&spidx1
->src
)->sin6_scope_id
&&
4517 satosin6(&spidx0
->dst
)->sin6_scope_id
!=
4518 satosin6(&spidx1
->dst
)->sin6_scope_id
)
4520 if (!key_bbcmp((caddr_t
)&satosin6(&spidx0
->dst
)->sin6_addr
,
4521 (caddr_t
)&satosin6(&spidx1
->dst
)->sin6_addr
, spidx0
->prefd
))
4526 if (bcmp(&spidx0
->dst
, &spidx1
->dst
, spidx0
->dst
.ss_len
) != 0)
4531 /* XXX Do we check other field ? e.g. flowinfo */
4536 /* returns 0 on match */
4538 key_sockaddrcmp(sa1
, sa2
, port
)
4539 struct sockaddr
*sa1
;
4540 struct sockaddr
*sa2
;
4543 if (sa1
->sa_family
!= sa2
->sa_family
|| sa1
->sa_len
!= sa2
->sa_len
)
4546 switch (sa1
->sa_family
) {
4548 if (sa1
->sa_len
!= sizeof(struct sockaddr_in
))
4550 if (satosin(sa1
)->sin_addr
.s_addr
!=
4551 satosin(sa2
)->sin_addr
.s_addr
) {
4554 if (port
&& satosin(sa1
)->sin_port
!= satosin(sa2
)->sin_port
)
4558 if (sa1
->sa_len
!= sizeof(struct sockaddr_in6
))
4559 return 1; /*EINVAL*/
4560 if (satosin6(sa1
)->sin6_scope_id
!=
4561 satosin6(sa2
)->sin6_scope_id
) {
4564 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1
)->sin6_addr
,
4565 &satosin6(sa2
)->sin6_addr
)) {
4569 satosin6(sa1
)->sin6_port
!= satosin6(sa2
)->sin6_port
) {
4574 if (bcmp(sa1
, sa2
, sa1
->sa_len
) != 0)
4583 * compare two buffers with mask.
4587 * bits: Number of bits to compare
4593 key_bbcmp(p1
, p2
, bits
)
4599 /* XXX: This could be considerably faster if we compare a word
4600 * at a time, but it is complicated on LSB Endian machines */
4602 /* Handle null pointers */
4603 if (p1
== NULL
|| p2
== NULL
)
4613 mask
= ~((1<<(8-bits
))-1);
4614 if ((*p1
& mask
) != (*p2
& mask
))
4617 return 1; /* Match! */
4622 * scanning SPD and SAD to check status for each entries,
4623 * and do to remove or to expire.
4624 * XXX: year 2038 problem may remain.
4628 key_timehandler(void)
4632 struct secpolicy
**spbuf
= NULL
, **spptr
= NULL
;
4633 struct secasvar
**savexbuf
= NULL
, **savexptr
= NULL
;
4634 struct secasvar
**savkabuf
= NULL
, **savkaptr
= NULL
;
4635 int spbufcount
= 0, savbufcount
= 0, spcount
= 0, savexcount
= 0, savkacount
= 0, cnt
;
4639 /* pre-allocate buffers before taking the lock */
4640 /* if allocation failures occur - portions of the processing will be skipped */
4641 if ((spbufcount
= ipsec_policy_count
) != 0) {
4643 KMALLOC_WAIT(spbuf
, struct secpolicy
**, spbufcount
* sizeof(struct secpolicy
*));
4647 if ((savbufcount
= ipsec_sav_count
) != 0) {
4649 KMALLOC_WAIT(savexbuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
4651 savexptr
= savexbuf
;
4652 KMALLOC_WAIT(savkabuf
, struct secasvar
**, savbufcount
* sizeof(struct secasvar
*));
4654 savkaptr
= savkabuf
;
4656 lck_mtx_lock(sadb_mutex
);
4660 struct secpolicy
*sp
, *nextsp
;
4662 for (dir
= 0; dir
< IPSEC_DIR_MAX
; dir
++) {
4663 for (sp
= LIST_FIRST(&sptree
[dir
]);
4667 nextsp
= LIST_NEXT(sp
, chain
);
4669 if (sp
->state
== IPSEC_SPSTATE_DEAD
) {
4670 key_freesp(sp
, KEY_SADB_LOCKED
);
4674 if (sp
->lifetime
== 0 && sp
->validtime
== 0)
4676 if (spbuf
&& spcount
< spbufcount
) {
4677 /* the deletion will occur next time */
4679 && tv
.tv_sec
- sp
->created
> sp
->lifetime
)
4681 && tv
.tv_sec
- sp
->lastused
> sp
->validtime
)) {
4682 //key_spdexpire(sp);
4683 sp
->state
= IPSEC_SPSTATE_DEAD
;
4694 if (savbufcount
!= 0) {
4695 struct secashead
*sah
, *nextsah
;
4696 struct secasvar
*sav
, *nextsav
;
4698 for (sah
= LIST_FIRST(&sahtree
);
4702 nextsah
= LIST_NEXT(sah
, chain
);
4704 /* if sah has been dead, then delete it and process next sah. */
4705 if (sah
->state
== SADB_SASTATE_DEAD
) {
4710 /* if LARVAL entry doesn't become MATURE, delete it. */
4711 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_LARVAL
]);
4715 nextsav
= LIST_NEXT(sav
, chain
);
4717 if (tv
.tv_sec
- sav
->created
> key_larval_lifetime
) {
4718 key_freesav(sav
, KEY_SADB_LOCKED
);
4723 * If this is a NAT traversal SA with no activity,
4724 * we need to send a keep alive.
4726 * Performed outside of the loop before so we will
4727 * only ever send one keepalive. The first SA on
4728 * the list is the one that will be used for sending
4729 * traffic, so this is the one we use for determining
4730 * when to send the keepalive.
4732 if (savkabuf
&& savkacount
< savbufcount
) {
4733 sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]); //%%% should we check dying list if this is empty???
4734 if (natt_keepalive_interval
&& sav
&& (sav
->flags
& SADB_X_EXT_NATT_KEEPALIVE
) != 0 &&
4735 (natt_now
- sav
->natt_last_activity
) >= natt_keepalive_interval
) {
4736 //ipsec_send_natt_keepalive(sav);
4744 * check MATURE entry to start to send expire message
4747 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_MATURE
]);
4751 nextsav
= LIST_NEXT(sav
, chain
);
4753 /* we don't need to check. */
4754 if (sav
->lft_s
== NULL
)
4758 if (sav
->lft_c
== NULL
) {
4759 ipseclog((LOG_DEBUG
,"key_timehandler: "
4760 "There is no CURRENT time, why?\n"));
4764 /* check SOFT lifetime */
4765 if (sav
->lft_s
->sadb_lifetime_addtime
!= 0
4766 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
4768 * check the SA if it has been used.
4769 * when it hasn't been used, delete it.
4770 * i don't think such SA will be used.
4772 if (sav
->lft_c
->sadb_lifetime_usetime
== 0) {
4773 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4774 key_freesav(sav
, KEY_SADB_LOCKED
);
4776 } else if (savexbuf
&& savexcount
< savbufcount
) {
4777 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
4784 /* check SOFT lifetime by bytes */
4786 * XXX I don't know the way to delete this SA
4787 * when new SA is installed. Caution when it's
4788 * installed too big lifetime by time.
4790 else if (savexbuf
&& savexcount
< savbufcount
4791 && sav
->lft_s
->sadb_lifetime_bytes
!= 0
4792 && sav
->lft_s
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
4795 * XXX If we keep to send expire
4796 * message in the status of
4797 * DYING. Do remove below code.
4800 key_sa_chgstate(sav
, SADB_SASTATE_DYING
);
4807 /* check DYING entry to change status to DEAD. */
4808 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DYING
]);
4812 nextsav
= LIST_NEXT(sav
, chain
);
4814 /* we don't need to check. */
4815 if (sav
->lft_h
== NULL
)
4819 if (sav
->lft_c
== NULL
) {
4820 ipseclog((LOG_DEBUG
, "key_timehandler: "
4821 "There is no CURRENT time, why?\n"));
4825 if (sav
->lft_h
->sadb_lifetime_addtime
!= 0
4826 && tv
.tv_sec
- sav
->created
> sav
->lft_h
->sadb_lifetime_addtime
) {
4827 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4828 key_freesav(sav
, KEY_SADB_LOCKED
);
4831 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4832 else if (savbuf
&& savexcount
< savbufcount
4833 && sav
->lft_s
!= NULL
4834 && sav
->lft_s
->sadb_lifetime_addtime
!= 0
4835 && tv
.tv_sec
- sav
->created
> sav
->lft_s
->sadb_lifetime_addtime
) {
4837 * XXX: should be checked to be
4838 * installed the valid SA.
4842 * If there is no SA then sending
4851 /* check HARD lifetime by bytes */
4852 else if (sav
->lft_h
->sadb_lifetime_bytes
!= 0
4853 && sav
->lft_h
->sadb_lifetime_bytes
< sav
->lft_c
->sadb_lifetime_bytes
) {
4854 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
4855 key_freesav(sav
, KEY_SADB_LOCKED
);
4860 /* delete entry in DEAD */
4861 for (sav
= LIST_FIRST(&sah
->savtree
[SADB_SASTATE_DEAD
]);
4865 nextsav
= LIST_NEXT(sav
, chain
);
4868 if (sav
->state
!= SADB_SASTATE_DEAD
) {
4869 ipseclog((LOG_DEBUG
, "key_timehandler: "
4870 "invalid sav->state "
4871 "(queue: %d SA: %d): "
4873 SADB_SASTATE_DEAD
, sav
->state
));
4877 * do not call key_freesav() here.
4878 * sav should already be freed, and sav->refcnt
4879 * shows other references to sav
4880 * (such as from SPD).
4886 #ifndef IPSEC_NONBLOCK_ACQUIRE
4889 struct secacq
*acq
, *nextacq
;
4891 for (acq
= LIST_FIRST(&acqtree
);
4895 nextacq
= LIST_NEXT(acq
, chain
);
4897 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
4898 && __LIST_CHAINED(acq
)) {
4899 LIST_REMOVE(acq
, chain
);
4908 struct secspacq
*acq
, *nextacq
;
4910 for (acq
= LIST_FIRST(&spacqtree
);
4914 nextacq
= LIST_NEXT(acq
, chain
);
4916 if (tv
.tv_sec
- acq
->created
> key_blockacq_lifetime
4917 && __LIST_CHAINED(acq
)) {
4918 LIST_REMOVE(acq
, chain
);
4924 /* initialize random seed */
4925 if (key_tick_init_random
++ > key_int_random
) {
4926 key_tick_init_random
= 0;
4932 lck_mtx_unlock(sadb_mutex
);
4934 /* send messages outside of sadb_mutex */
4935 if (spbuf
&& spcount
> 0) {
4938 key_spdexpire(*(--spptr
));
4940 if (savkabuf
&& savkacount
> 0) {
4943 ipsec_send_natt_keepalive(*(--savkaptr
));
4945 if (savexbuf
&& savexcount
> 0) {
4948 key_expire(*(--savexptr
));
4951 /* decrement ref counts and free buffers */
4952 lck_mtx_lock(sadb_mutex
);
4955 key_freesp(*spptr
++, KEY_SADB_LOCKED
);
4959 while (savkacount
--)
4960 key_freesav(*savkaptr
++, KEY_SADB_LOCKED
);
4964 while (savexcount
--)
4965 key_freesav(*savexptr
++, KEY_SADB_LOCKED
);
4968 lck_mtx_unlock(sadb_mutex
);
4971 #ifndef IPSEC_DEBUG2
4972 /* do exchange to tick time !! */
4973 (void)timeout((void *)key_timehandler
, (void *)0, hz
);
4974 #endif /* IPSEC_DEBUG2 */
4980 * to initialize a seed for random()
4986 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
4993 srandom(tv
.tv_usec
);
5004 key_randomfill(&value
, sizeof(value
));
5009 key_randomfill(p
, l
)
5015 read_random(p
, (u_int
)l
);
5019 static int warn
= 1;
5022 n
= (size_t)read_random(p
, (u_int
)l
);
5026 bcopy(&v
, (u_int8_t
*)p
+ n
,
5027 l
- n
< sizeof(v
) ? l
- n
: sizeof(v
));
5031 printf("WARNING: pseudo-random number generator "
5032 "used for IPsec processing\n");
5040 * map SADB_SATYPE_* to IPPROTO_*.
5041 * if satype == SADB_SATYPE then satype is mapped to ~0.
5043 * 0: invalid satype.
5046 key_satype2proto(satype
)
5050 case SADB_SATYPE_UNSPEC
:
5051 return IPSEC_PROTO_ANY
;
5052 case SADB_SATYPE_AH
:
5054 case SADB_SATYPE_ESP
:
5056 case SADB_X_SATYPE_IPCOMP
:
5057 return IPPROTO_IPCOMP
;
5066 * map IPPROTO_* to SADB_SATYPE_*
5068 * 0: invalid protocol type.
5071 key_proto2satype(proto
)
5076 return SADB_SATYPE_AH
;
5078 return SADB_SATYPE_ESP
;
5079 case IPPROTO_IPCOMP
:
5080 return SADB_X_SATYPE_IPCOMP
;
5090 * SADB_GETSPI processing is to receive
5091 * <base, (SA2), src address, dst address, (SPI range)>
5092 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5093 * tree with the status of LARVAL, and send
5094 * <base, SA(*), address(SD)>
5097 * IN: mhp: pointer to the pointer to each header.
5098 * OUT: NULL if fail.
5099 * other if success, return pointer to the message to send.
5102 key_getspi(so
, m
, mhp
)
5105 const struct sadb_msghdr
*mhp
;
5107 struct sadb_address
*src0
, *dst0
;
5108 struct secasindex saidx
;
5109 struct secashead
*newsah
;
5110 struct secasvar
*newsav
;
5117 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
5120 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5121 panic("key_getspi: NULL pointer is passed.\n");
5123 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5124 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
5125 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
5126 return key_senderror(so
, m
, EINVAL
);
5128 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5129 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5130 ipseclog((LOG_DEBUG
, "key_getspi: invalid message is passed.\n"));
5131 return key_senderror(so
, m
, EINVAL
);
5133 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
5134 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
5135 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
5137 mode
= IPSEC_MODE_ANY
;
5141 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
5142 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
5144 /* map satype to proto */
5145 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5146 ipseclog((LOG_DEBUG
, "key_getspi: invalid satype is passed.\n"));
5147 return key_senderror(so
, m
, EINVAL
);
5150 /* make sure if port number is zero. */
5151 switch (((struct sockaddr
*)(src0
+ 1))->sa_family
) {
5153 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
5154 sizeof(struct sockaddr_in
))
5155 return key_senderror(so
, m
, EINVAL
);
5156 ((struct sockaddr_in
*)(src0
+ 1))->sin_port
= 0;
5159 if (((struct sockaddr
*)(src0
+ 1))->sa_len
!=
5160 sizeof(struct sockaddr_in6
))
5161 return key_senderror(so
, m
, EINVAL
);
5162 ((struct sockaddr_in6
*)(src0
+ 1))->sin6_port
= 0;
5167 switch (((struct sockaddr
*)(dst0
+ 1))->sa_family
) {
5169 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
5170 sizeof(struct sockaddr_in
))
5171 return key_senderror(so
, m
, EINVAL
);
5172 ((struct sockaddr_in
*)(dst0
+ 1))->sin_port
= 0;
5175 if (((struct sockaddr
*)(dst0
+ 1))->sa_len
!=
5176 sizeof(struct sockaddr_in6
))
5177 return key_senderror(so
, m
, EINVAL
);
5178 ((struct sockaddr_in6
*)(dst0
+ 1))->sin6_port
= 0;
5184 /* XXX boundary check against sa_len */
5185 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
5187 lck_mtx_lock(sadb_mutex
);
5189 /* SPI allocation */
5190 spi
= key_do_getnewspi((struct sadb_spirange
*)mhp
->ext
[SADB_EXT_SPIRANGE
],
5193 lck_mtx_unlock(sadb_mutex
);
5194 return key_senderror(so
, m
, EINVAL
);
5197 /* get a SA index */
5198 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
5199 /* create a new SA index */
5200 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
5201 lck_mtx_unlock(sadb_mutex
);
5202 ipseclog((LOG_DEBUG
, "key_getspi: No more memory.\n"));
5203 return key_senderror(so
, m
, ENOBUFS
);
5209 newsav
= key_newsav(m
, mhp
, newsah
, &error
);
5210 if (newsav
== NULL
) {
5211 /* XXX don't free new SA index allocated in above. */
5212 lck_mtx_unlock(sadb_mutex
);
5213 return key_senderror(so
, m
, error
);
5217 key_setspi(newsav
, htonl(spi
));
5219 #ifndef IPSEC_NONBLOCK_ACQUIRE
5220 /* delete the entry in acqtree */
5221 if (mhp
->msg
->sadb_msg_seq
!= 0) {
5223 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) != NULL
) {
5224 /* reset counter in order to deletion by timehandler. */
5227 acq
->created
= tv
.tv_sec
;
5233 lck_mtx_unlock(sadb_mutex
);
5236 struct mbuf
*n
, *nn
;
5237 struct sadb_sa
*m_sa
;
5238 struct sadb_msg
*newmsg
;
5241 /* create new sadb_msg to reply. */
5242 len
= PFKEY_ALIGN8(sizeof(struct sadb_msg
)) +
5243 PFKEY_ALIGN8(sizeof(struct sadb_sa
));
5245 return key_senderror(so
, m
, ENOBUFS
);
5247 MGETHDR(n
, M_DONTWAIT
, MT_DATA
);
5249 MCLGET(n
, M_DONTWAIT
);
5250 if ((n
->m_flags
& M_EXT
) == 0) {
5256 return key_senderror(so
, m
, ENOBUFS
);
5262 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
5263 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
5265 m_sa
= (struct sadb_sa
*)(mtod(n
, caddr_t
) + off
);
5266 m_sa
->sadb_sa_len
= PFKEY_UNIT64(sizeof(struct sadb_sa
));
5267 m_sa
->sadb_sa_exttype
= SADB_EXT_SA
;
5268 m_sa
->sadb_sa_spi
= htonl(spi
);
5269 off
+= PFKEY_ALIGN8(sizeof(struct sadb_sa
));
5273 panic("length inconsistency in key_getspi");
5276 int mbufItems
[] = {SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
5277 n
->m_next
= key_gather_mbuf(m
, mhp
, 0, sizeof(mbufItems
)/sizeof(int), mbufItems
);
5280 return key_senderror(so
, m
, ENOBUFS
);
5284 if (n
->m_len
< sizeof(struct sadb_msg
)) {
5285 n
= m_pullup(n
, sizeof(struct sadb_msg
));
5287 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
5290 n
->m_pkthdr
.len
= 0;
5291 for (nn
= n
; nn
; nn
= nn
->m_next
)
5292 n
->m_pkthdr
.len
+= nn
->m_len
;
5294 newmsg
= mtod(n
, struct sadb_msg
*);
5295 newmsg
->sadb_msg_seq
= newsav
->seq
;
5296 newmsg
->sadb_msg_errno
= 0;
5297 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
5300 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
5305 * allocating new SPI
5306 * called by key_getspi().
5312 key_do_getnewspi(spirange
, saidx
)
5313 struct sadb_spirange
*spirange
;
5314 struct secasindex
*saidx
;
5317 u_int32_t keymin
, keymax
;
5318 int count
= key_spi_trycnt
;
5320 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
5322 /* set spi range to allocate */
5323 if (spirange
!= NULL
) {
5324 keymin
= spirange
->sadb_spirange_min
;
5325 keymax
= spirange
->sadb_spirange_max
;
5327 keymin
= key_spi_minval
;
5328 keymax
= key_spi_maxval
;
5330 /* IPCOMP needs 2-byte SPI */
5331 if (saidx
->proto
== IPPROTO_IPCOMP
) {
5333 if (keymin
>= 0x10000)
5335 if (keymax
>= 0x10000)
5337 if (keymin
> keymax
) {
5338 t
= keymin
; keymin
= keymax
; keymax
= t
;
5342 if (keymin
== keymax
) {
5343 if (key_checkspidup(saidx
, keymin
) != NULL
) {
5344 ipseclog((LOG_DEBUG
, "key_do_getnewspi: SPI %u exists already.\n", keymin
));
5348 count
--; /* taking one cost. */
5353 u_long range
= keymax
- keymin
+ 1; /* overflow value of zero means full range */
5358 /* when requesting to allocate spi ranged */
5360 u_long rand_val
= key_random();
5362 /* generate pseudo-random SPI value ranged. */
5363 newspi
= (range
== 0 ? rand_val
: keymin
+ (rand_val
% range
));
5365 if (key_checkspidup(saidx
, newspi
) == NULL
)
5369 if (count
== 0 || newspi
== 0) {
5370 ipseclog((LOG_DEBUG
, "key_do_getnewspi: to allocate spi is failed.\n"));
5376 keystat
.getspi_count
=
5377 (keystat
.getspi_count
+ key_spi_trycnt
- count
) / 2;
5383 * SADB_UPDATE processing
5385 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5386 * key(AE), (identity(SD),) (sensitivity)>
5387 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5389 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5390 * (identity(SD),) (sensitivity)>
5393 * m will always be freed.
5396 key_update(so
, m
, mhp
)
5399 const struct sadb_msghdr
*mhp
;
5401 struct sadb_sa
*sa0
;
5402 struct sadb_address
*src0
, *dst0
;
5403 struct secasindex saidx
;
5404 struct secashead
*sah
;
5405 struct secasvar
*sav
;
5411 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
5414 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5415 panic("key_update: NULL pointer is passed.\n");
5417 /* map satype to proto */
5418 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5419 ipseclog((LOG_DEBUG
, "key_update: invalid satype is passed.\n"));
5420 return key_senderror(so
, m
, EINVAL
);
5423 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
5424 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5425 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
5426 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
5427 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
5428 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
5429 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
5430 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
5431 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
5432 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
5433 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
5434 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
5435 return key_senderror(so
, m
, EINVAL
);
5437 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
5438 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5439 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5440 ipseclog((LOG_DEBUG
, "key_update: invalid message is passed.\n"));
5441 return key_senderror(so
, m
, EINVAL
);
5443 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
5444 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
5445 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
5447 mode
= IPSEC_MODE_ANY
;
5450 /* XXX boundary checking for other extensions */
5452 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
5453 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
5454 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
5456 /* XXX boundary check against sa_len */
5457 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
5459 lck_mtx_lock(sadb_mutex
);
5461 /* get a SA header */
5462 if ((sah
= key_getsah(&saidx
)) == NULL
) {
5463 lck_mtx_unlock(sadb_mutex
);
5464 ipseclog((LOG_DEBUG
, "key_update: no SA index found.\n"));
5465 return key_senderror(so
, m
, ENOENT
);
5468 /* set spidx if there */
5470 error
= key_setident(sah
, m
, mhp
);
5472 lck_mtx_unlock(sadb_mutex
);
5473 return key_senderror(so
, m
, error
);
5476 /* find a SA with sequence number. */
5477 #if IPSEC_DOSEQCHECK
5478 if (mhp
->msg
->sadb_msg_seq
!= 0
5479 && (sav
= key_getsavbyseq(sah
, mhp
->msg
->sadb_msg_seq
)) == NULL
) {
5480 lck_mtx_unlock(sadb_mutex
);
5481 ipseclog((LOG_DEBUG
,
5482 "key_update: no larval SA with sequence %u exists.\n",
5483 mhp
->msg
->sadb_msg_seq
));
5484 return key_senderror(so
, m
, ENOENT
);
5487 if ((sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
)) == NULL
) {
5488 lck_mtx_unlock(sadb_mutex
);
5489 ipseclog((LOG_DEBUG
,
5490 "key_update: no such a SA found (spi:%u)\n",
5491 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
5492 return key_senderror(so
, m
, EINVAL
);
5496 /* validity check */
5497 if (sav
->sah
->saidx
.proto
!= proto
) {
5498 lck_mtx_unlock(sadb_mutex
);
5499 ipseclog((LOG_DEBUG
,
5500 "key_update: protocol mismatched (DB=%u param=%u)\n",
5501 sav
->sah
->saidx
.proto
, proto
));
5502 return key_senderror(so
, m
, EINVAL
);
5504 #if IPSEC_DOSEQCHECK
5505 if (sav
->spi
!= sa0
->sadb_sa_spi
) {
5506 lck_mtx_unlock(sadb_mutex
);
5507 ipseclog((LOG_DEBUG
,
5508 "key_update: SPI mismatched (DB:%u param:%u)\n",
5509 (u_int32_t
)ntohl(sav
->spi
),
5510 (u_int32_t
)ntohl(sa0
->sadb_sa_spi
)));
5511 return key_senderror(so
, m
, EINVAL
);
5514 if (sav
->pid
!= mhp
->msg
->sadb_msg_pid
) {
5515 lck_mtx_unlock(sadb_mutex
);
5516 ipseclog((LOG_DEBUG
,
5517 "key_update: pid mismatched (DB:%u param:%u)\n",
5518 sav
->pid
, mhp
->msg
->sadb_msg_pid
));
5519 return key_senderror(so
, m
, EINVAL
);
5522 /* copy sav values */
5523 error
= key_setsaval(sav
, m
, mhp
);
5525 key_freesav(sav
, KEY_SADB_LOCKED
);
5526 lck_mtx_unlock(sadb_mutex
);
5527 return key_senderror(so
, m
, error
);
5531 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
5532 * this SA is for transport mode - otherwise clear it.
5534 if ((sav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
5535 (sav
->sah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
5536 sav
->sah
->saidx
.src
.ss_family
!= AF_INET
))
5537 sav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
5539 /* check SA values to be mature. */
5540 if ((error
= key_mature(sav
)) != 0) {
5541 key_freesav(sav
, KEY_SADB_LOCKED
);
5542 lck_mtx_unlock(sadb_mutex
);
5543 return key_senderror(so
, m
, error
);
5546 lck_mtx_unlock(sadb_mutex
);
5551 /* set msg buf from mhp */
5552 n
= key_getmsgbuf_x1(m
, mhp
);
5554 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
5555 return key_senderror(so
, m
, ENOBUFS
);
5559 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
5564 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5565 * only called by key_update().
5568 * others : found, pointer to a SA.
5570 #if IPSEC_DOSEQCHECK
5571 static struct secasvar
*
5572 key_getsavbyseq(sah
, seq
)
5573 struct secashead
*sah
;
5576 struct secasvar
*sav
;
5579 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
5581 state
= SADB_SASTATE_LARVAL
;
5583 /* search SAD with sequence number ? */
5584 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
5586 KEY_CHKSASTATE(state
, sav
->state
, "key_getsabyseq");
5588 if (sav
->seq
== seq
) {
5590 KEYDEBUG(KEYDEBUG_IPSEC_STAMP
,
5591 printf("DP key_getsavbyseq cause "
5592 "refcnt++:%d SA:%p\n",
5603 * SADB_ADD processing
5604 * add a entry to SA database, when received
5605 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5606 * key(AE), (identity(SD),) (sensitivity)>
5609 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5610 * (identity(SD),) (sensitivity)>
5613 * IGNORE identity and sensitivity messages.
5615 * m will always be freed.
5621 const struct sadb_msghdr
*mhp
;
5623 struct sadb_sa
*sa0
;
5624 struct sadb_address
*src0
, *dst0
;
5625 struct secasindex saidx
;
5626 struct secashead
*newsah
;
5627 struct secasvar
*newsav
;
5633 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
5636 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5637 panic("key_add: NULL pointer is passed.\n");
5639 /* map satype to proto */
5640 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5641 ipseclog((LOG_DEBUG
, "key_add: invalid satype is passed.\n"));
5642 return key_senderror(so
, m
, EINVAL
);
5645 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
5646 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5647 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
5648 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_ESP
&&
5649 mhp
->ext
[SADB_EXT_KEY_ENCRYPT
] == NULL
) ||
5650 (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_AH
&&
5651 mhp
->ext
[SADB_EXT_KEY_AUTH
] == NULL
) ||
5652 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] != NULL
&&
5653 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] == NULL
) ||
5654 (mhp
->ext
[SADB_EXT_LIFETIME_HARD
] == NULL
&&
5655 mhp
->ext
[SADB_EXT_LIFETIME_SOFT
] != NULL
)) {
5656 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
5657 return key_senderror(so
, m
, EINVAL
);
5659 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
5660 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5661 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5663 ipseclog((LOG_DEBUG
, "key_add: invalid message is passed.\n"));
5664 return key_senderror(so
, m
, EINVAL
);
5666 if (mhp
->ext
[SADB_X_EXT_SA2
] != NULL
) {
5667 mode
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_mode
;
5668 reqid
= ((struct sadb_x_sa2
*)mhp
->ext
[SADB_X_EXT_SA2
])->sadb_x_sa2_reqid
;
5670 mode
= IPSEC_MODE_ANY
;
5674 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
5675 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
5676 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
5678 /* XXX boundary check against sa_len */
5679 KEY_SETSECASIDX(proto
, mode
, reqid
, src0
+ 1, dst0
+ 1, &saidx
);
5681 lck_mtx_lock(sadb_mutex
);
5683 /* get a SA header */
5684 if ((newsah
= key_getsah(&saidx
)) == NULL
) {
5685 /* create a new SA header */
5686 if ((newsah
= key_newsah(&saidx
)) == NULL
) {
5687 lck_mtx_unlock(sadb_mutex
);
5688 ipseclog((LOG_DEBUG
, "key_add: No more memory.\n"));
5689 return key_senderror(so
, m
, ENOBUFS
);
5693 /* set spidx if there */
5695 error
= key_setident(newsah
, m
, mhp
);
5697 lck_mtx_unlock(sadb_mutex
);
5698 return key_senderror(so
, m
, error
);
5701 /* create new SA entry. */
5702 /* We can create new SA only if SPI is different. */
5703 if (key_getsavbyspi(newsah
, sa0
->sadb_sa_spi
)) {
5704 lck_mtx_unlock(sadb_mutex
);
5705 ipseclog((LOG_DEBUG
, "key_add: SA already exists.\n"));
5706 return key_senderror(so
, m
, EEXIST
);
5708 newsav
= key_newsav(m
, mhp
, newsah
, &error
);
5709 if (newsav
== NULL
) {
5710 lck_mtx_unlock(sadb_mutex
);
5711 return key_senderror(so
, m
, error
);
5715 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
5716 * this SA is for transport mode - otherwise clear it.
5718 if ((newsav
->flags
& SADB_X_EXT_NATT_MULTIPLEUSERS
) != 0 &&
5719 (newsah
->saidx
.mode
!= IPSEC_MODE_TRANSPORT
||
5720 newsah
->saidx
.dst
.ss_family
!= AF_INET
))
5721 newsav
->flags
&= ~SADB_X_EXT_NATT_MULTIPLEUSERS
;
5723 /* check SA values to be mature. */
5724 if ((error
= key_mature(newsav
)) != 0) {
5725 key_freesav(newsav
, KEY_SADB_LOCKED
);
5726 lck_mtx_unlock(sadb_mutex
);
5727 return key_senderror(so
, m
, error
);
5730 lck_mtx_unlock(sadb_mutex
);
5733 * don't call key_freesav() here, as we would like to keep the SA
5734 * in the database on success.
5740 /* set msg buf from mhp */
5741 n
= key_getmsgbuf_x1(m
, mhp
);
5743 ipseclog((LOG_DEBUG
, "key_update: No more memory.\n"));
5744 return key_senderror(so
, m
, ENOBUFS
);
5748 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
5754 key_setident(sah
, m
, mhp
)
5755 struct secashead
*sah
;
5757 const struct sadb_msghdr
*mhp
;
5759 const struct sadb_ident
*idsrc
, *iddst
;
5760 int idsrclen
, iddstlen
;
5762 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
5765 if (sah
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5766 panic("key_setident: NULL pointer is passed.\n");
5768 /* don't make buffer if not there */
5769 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
&&
5770 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
5776 if (mhp
->ext
[SADB_EXT_IDENTITY_SRC
] == NULL
||
5777 mhp
->ext
[SADB_EXT_IDENTITY_DST
] == NULL
) {
5778 ipseclog((LOG_DEBUG
, "key_setident: invalid identity.\n"));
5782 idsrc
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_SRC
];
5783 iddst
= (const struct sadb_ident
*)mhp
->ext
[SADB_EXT_IDENTITY_DST
];
5784 idsrclen
= mhp
->extlen
[SADB_EXT_IDENTITY_SRC
];
5785 iddstlen
= mhp
->extlen
[SADB_EXT_IDENTITY_DST
];
5787 /* validity check */
5788 if (idsrc
->sadb_ident_type
!= iddst
->sadb_ident_type
) {
5789 ipseclog((LOG_DEBUG
, "key_setident: ident type mismatch.\n"));
5793 switch (idsrc
->sadb_ident_type
) {
5794 case SADB_IDENTTYPE_PREFIX
:
5795 case SADB_IDENTTYPE_FQDN
:
5796 case SADB_IDENTTYPE_USERFQDN
:
5798 /* XXX do nothing */
5804 /* make structure */
5805 KMALLOC_NOWAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
5806 if (sah
->idents
== NULL
) {
5807 lck_mtx_unlock(sadb_mutex
);
5808 KMALLOC_WAIT(sah
->idents
, struct sadb_ident
*, idsrclen
);
5809 lck_mtx_lock(sadb_mutex
);
5810 if (sah
->idents
== NULL
) {
5811 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
5815 KMALLOC_NOWAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
5816 if (sah
->identd
== NULL
) {
5817 lck_mtx_unlock(sadb_mutex
);
5818 KMALLOC_WAIT(sah
->identd
, struct sadb_ident
*, iddstlen
);
5819 lck_mtx_lock(sadb_mutex
);
5820 if (sah
->identd
== NULL
) {
5823 ipseclog((LOG_DEBUG
, "key_setident: No more memory.\n"));
5827 bcopy(idsrc
, sah
->idents
, idsrclen
);
5828 bcopy(iddst
, sah
->identd
, iddstlen
);
5834 * m will not be freed on return.
5835 * it is caller's responsibility to free the result.
5837 static struct mbuf
*
5838 key_getmsgbuf_x1(m
, mhp
)
5840 const struct sadb_msghdr
*mhp
;
5843 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
5844 SADB_X_EXT_SA2
, SADB_EXT_ADDRESS_SRC
,
5845 SADB_EXT_ADDRESS_DST
, SADB_EXT_LIFETIME_HARD
,
5846 SADB_EXT_LIFETIME_SOFT
, SADB_EXT_IDENTITY_SRC
,
5847 SADB_EXT_IDENTITY_DST
};
5850 if (m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5851 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
5853 /* create new sadb_msg to reply. */
5854 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
5858 if (n
->m_len
< sizeof(struct sadb_msg
)) {
5859 n
= m_pullup(n
, sizeof(struct sadb_msg
));
5863 mtod(n
, struct sadb_msg
*)->sadb_msg_errno
= 0;
5864 mtod(n
, struct sadb_msg
*)->sadb_msg_len
=
5865 PFKEY_UNIT64(n
->m_pkthdr
.len
);
5870 static int key_delete_all(struct socket
*, struct mbuf
*,
5871 const struct sadb_msghdr
*, u_int16_t
);
5874 * SADB_DELETE processing
5876 * <base, SA(*), address(SD)>
5877 * from the ikmpd, and set SADB_SASTATE_DEAD,
5879 * <base, SA(*), address(SD)>
5882 * m will always be freed.
5885 key_delete(so
, m
, mhp
)
5888 const struct sadb_msghdr
*mhp
;
5890 struct sadb_sa
*sa0
;
5891 struct sadb_address
*src0
, *dst0
;
5892 struct secasindex saidx
;
5893 struct secashead
*sah
;
5894 struct secasvar
*sav
= NULL
;
5897 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
5900 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
5901 panic("key_delete: NULL pointer is passed.\n");
5903 /* map satype to proto */
5904 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
5905 ipseclog((LOG_DEBUG
, "key_delete: invalid satype is passed.\n"));
5906 return key_senderror(so
, m
, EINVAL
);
5909 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
5910 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
5911 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
5912 return key_senderror(so
, m
, EINVAL
);
5915 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
5916 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
5917 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
5918 return key_senderror(so
, m
, EINVAL
);
5921 lck_mtx_lock(sadb_mutex
);
5923 if (mhp
->ext
[SADB_EXT_SA
] == NULL
) {
5925 * Caller wants us to delete all non-LARVAL SAs
5926 * that match the src/dst. This is used during
5927 * IKE INITIAL-CONTACT.
5929 ipseclog((LOG_DEBUG
, "key_delete: doing delete all.\n"));
5930 /* key_delete_all will unlock sadb_mutex */
5931 return key_delete_all(so
, m
, mhp
, proto
);
5932 } else if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
)) {
5933 lck_mtx_unlock(sadb_mutex
);
5934 ipseclog((LOG_DEBUG
, "key_delete: invalid message is passed.\n"));
5935 return key_senderror(so
, m
, EINVAL
);
5938 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
5939 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
5940 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
5942 /* XXX boundary check against sa_len */
5943 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
5945 /* get a SA header */
5946 LIST_FOREACH(sah
, &sahtree
, chain
) {
5947 if (sah
->state
== SADB_SASTATE_DEAD
)
5949 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
5952 /* get a SA with SPI. */
5953 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
5958 lck_mtx_unlock(sadb_mutex
);
5959 ipseclog((LOG_DEBUG
, "key_delete: no SA found.\n"));
5960 return key_senderror(so
, m
, ENOENT
);
5963 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
5964 key_freesav(sav
, KEY_SADB_LOCKED
);
5966 lck_mtx_unlock(sadb_mutex
);
5971 struct sadb_msg
*newmsg
;
5972 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_SA
,
5973 SADB_EXT_ADDRESS_SRC
, SADB_EXT_ADDRESS_DST
};
5975 /* create new sadb_msg to reply. */
5976 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
5978 return key_senderror(so
, m
, ENOBUFS
);
5980 if (n
->m_len
< sizeof(struct sadb_msg
)) {
5981 n
= m_pullup(n
, sizeof(struct sadb_msg
));
5983 return key_senderror(so
, m
, ENOBUFS
);
5985 newmsg
= mtod(n
, struct sadb_msg
*);
5986 newmsg
->sadb_msg_errno
= 0;
5987 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
5990 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
5995 * delete all SAs for src/dst. Called from key_delete().
5998 key_delete_all(so
, m
, mhp
, proto
)
6001 const struct sadb_msghdr
*mhp
;
6004 struct sadb_address
*src0
, *dst0
;
6005 struct secasindex saidx
;
6006 struct secashead
*sah
;
6007 struct secasvar
*sav
, *nextsav
;
6008 u_int stateidx
, state
;
6010 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6012 src0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_SRC
]);
6013 dst0
= (struct sadb_address
*)(mhp
->ext
[SADB_EXT_ADDRESS_DST
]);
6015 /* XXX boundary check against sa_len */
6016 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
6018 LIST_FOREACH(sah
, &sahtree
, chain
) {
6019 if (sah
->state
== SADB_SASTATE_DEAD
)
6021 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
6024 /* Delete all non-LARVAL SAs. */
6026 stateidx
< _ARRAYLEN(saorder_state_alive
);
6028 state
= saorder_state_alive
[stateidx
];
6029 if (state
== SADB_SASTATE_LARVAL
)
6031 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
6032 sav
!= NULL
; sav
= nextsav
) {
6033 nextsav
= LIST_NEXT(sav
, chain
);
6035 if (sav
->state
!= state
) {
6036 ipseclog((LOG_DEBUG
, "key_delete_all: "
6037 "invalid sav->state "
6038 "(queue: %d SA: %d)\n",
6039 state
, sav
->state
));
6043 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
6044 key_freesav(sav
, KEY_SADB_LOCKED
);
6048 lck_mtx_unlock(sadb_mutex
);
6052 struct sadb_msg
*newmsg
;
6053 int mbufItems
[] = {SADB_EXT_RESERVED
, SADB_EXT_ADDRESS_SRC
,
6054 SADB_EXT_ADDRESS_DST
};
6056 /* create new sadb_msg to reply. */
6057 n
= key_gather_mbuf(m
, mhp
, 1, sizeof(mbufItems
)/sizeof(int), mbufItems
);
6059 return key_senderror(so
, m
, ENOBUFS
);
6061 if (n
->m_len
< sizeof(struct sadb_msg
)) {
6062 n
= m_pullup(n
, sizeof(struct sadb_msg
));
6064 return key_senderror(so
, m
, ENOBUFS
);
6066 newmsg
= mtod(n
, struct sadb_msg
*);
6067 newmsg
->sadb_msg_errno
= 0;
6068 newmsg
->sadb_msg_len
= PFKEY_UNIT64(n
->m_pkthdr
.len
);
6071 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ALL
);
6076 * SADB_GET processing
6078 * <base, SA(*), address(SD)>
6079 * from the ikmpd, and get a SP and a SA to respond,
6081 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6082 * (identity(SD),) (sensitivity)>
6085 * m will always be freed.
6091 const struct sadb_msghdr
*mhp
;
6093 struct sadb_sa
*sa0
;
6094 struct sadb_address
*src0
, *dst0
;
6095 struct secasindex saidx
;
6096 struct secashead
*sah
;
6097 struct secasvar
*sav
= NULL
;
6100 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6103 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6104 panic("key_get: NULL pointer is passed.\n");
6106 /* map satype to proto */
6107 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6108 ipseclog((LOG_DEBUG
, "key_get: invalid satype is passed.\n"));
6109 return key_senderror(so
, m
, EINVAL
);
6112 if (mhp
->ext
[SADB_EXT_SA
] == NULL
||
6113 mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6114 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
) {
6115 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
6116 return key_senderror(so
, m
, EINVAL
);
6118 if (mhp
->extlen
[SADB_EXT_SA
] < sizeof(struct sadb_sa
) ||
6119 mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6120 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
)) {
6121 ipseclog((LOG_DEBUG
, "key_get: invalid message is passed.\n"));
6122 return key_senderror(so
, m
, EINVAL
);
6125 sa0
= (struct sadb_sa
*)mhp
->ext
[SADB_EXT_SA
];
6126 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
6127 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
6129 /* XXX boundary check against sa_len */
6130 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
6132 lck_mtx_lock(sadb_mutex
);
6134 /* get a SA header */
6135 LIST_FOREACH(sah
, &sahtree
, chain
) {
6136 if (sah
->state
== SADB_SASTATE_DEAD
)
6138 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_HEAD
) == 0)
6141 /* get a SA with SPI. */
6142 sav
= key_getsavbyspi(sah
, sa0
->sadb_sa_spi
);
6147 lck_mtx_unlock(sadb_mutex
);
6148 ipseclog((LOG_DEBUG
, "key_get: no SA found.\n"));
6149 return key_senderror(so
, m
, ENOENT
);
6156 /* map proto to satype */
6157 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
6158 lck_mtx_unlock(sadb_mutex
);
6159 ipseclog((LOG_DEBUG
, "key_get: there was invalid proto in SAD.\n"));
6160 return key_senderror(so
, m
, EINVAL
);
6162 lck_mtx_unlock(sadb_mutex
);
6164 /* create new sadb_msg to reply. */
6165 n
= key_setdumpsa(sav
, SADB_GET
, satype
, mhp
->msg
->sadb_msg_seq
,
6166 mhp
->msg
->sadb_msg_pid
);
6171 return key_senderror(so
, m
, ENOBUFS
);
6174 return key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
6178 /* XXX make it sysctl-configurable? */
6180 key_getcomb_setlifetime(comb
)
6181 struct sadb_comb
*comb
;
6184 comb
->sadb_comb_soft_allocations
= 1;
6185 comb
->sadb_comb_hard_allocations
= 1;
6186 comb
->sadb_comb_soft_bytes
= 0;
6187 comb
->sadb_comb_hard_bytes
= 0;
6188 comb
->sadb_comb_hard_addtime
= 86400; /* 1 day */
6189 comb
->sadb_comb_soft_addtime
= comb
->sadb_comb_soft_addtime
* 80 / 100;
6190 comb
->sadb_comb_soft_usetime
= 28800; /* 8 hours */
6191 comb
->sadb_comb_hard_usetime
= comb
->sadb_comb_hard_usetime
* 80 / 100;
6196 * XXX reorder combinations by preference
6197 * XXX no idea if the user wants ESP authentication or not
6199 static struct mbuf
*
6202 struct sadb_comb
*comb
;
6203 const struct esp_algorithm
*algo
;
6204 struct mbuf
*result
= NULL
, *m
, *n
;
6208 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
6211 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
6212 algo
= esp_algorithm_lookup(i
);
6216 if (algo
->keymax
< ipsec_esp_keymin
)
6218 if (algo
->keymin
< ipsec_esp_keymin
)
6219 encmin
= ipsec_esp_keymin
;
6221 encmin
= algo
->keymin
;
6224 m
= key_getcomb_ah();
6228 panic("assumption failed in key_getcomb_esp");
6230 MGET(m
, M_DONTWAIT
, MT_DATA
);
6235 bzero(mtod(m
, caddr_t
), m
->m_len
);
6242 for (n
= m
; n
; n
= n
->m_next
)
6246 panic("assumption failed in key_getcomb_esp");
6249 for (off
= 0; off
< totlen
; off
+= l
) {
6250 n
= m_pulldown(m
, off
, l
, &o
);
6252 /* m is already freed */
6255 comb
= (struct sadb_comb
*)(mtod(n
, caddr_t
) + o
);
6256 bzero(comb
, sizeof(*comb
));
6257 key_getcomb_setlifetime(comb
);
6258 comb
->sadb_comb_encrypt
= i
;
6259 comb
->sadb_comb_encrypt_minbits
= encmin
;
6260 comb
->sadb_comb_encrypt_maxbits
= algo
->keymax
;
6279 * XXX reorder combinations by preference
6281 static struct mbuf
*
6284 struct sadb_comb
*comb
;
6285 const struct ah_algorithm
*algo
;
6289 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
6292 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
6294 /* we prefer HMAC algorithms, not old algorithms */
6295 if (i
!= SADB_AALG_SHA1HMAC
&& i
!= SADB_AALG_MD5HMAC
)
6298 algo
= ah_algorithm_lookup(i
);
6302 if (algo
->keymax
< ipsec_ah_keymin
)
6304 if (algo
->keymin
< ipsec_ah_keymin
)
6305 keymin
= ipsec_ah_keymin
;
6307 keymin
= algo
->keymin
;
6312 panic("assumption failed in key_getcomb_ah");
6314 MGET(m
, M_DONTWAIT
, MT_DATA
);
6321 M_PREPEND(m
, l
, M_DONTWAIT
);
6325 comb
= mtod(m
, struct sadb_comb
*);
6326 bzero(comb
, sizeof(*comb
));
6327 key_getcomb_setlifetime(comb
);
6328 comb
->sadb_comb_auth
= i
;
6329 comb
->sadb_comb_auth_minbits
= keymin
;
6330 comb
->sadb_comb_auth_maxbits
= algo
->keymax
;
6337 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6338 * XXX reorder combinations by preference
6340 static struct mbuf
*
6341 key_getcomb_ipcomp()
6343 struct sadb_comb
*comb
;
6344 const struct ipcomp_algorithm
*algo
;
6347 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_comb
));
6350 for (i
= 1; i
<= SADB_X_CALG_MAX
; i
++) {
6351 algo
= ipcomp_algorithm_lookup(i
);
6358 panic("assumption failed in key_getcomb_ipcomp");
6360 MGET(m
, M_DONTWAIT
, MT_DATA
);
6367 M_PREPEND(m
, l
, M_DONTWAIT
);
6371 comb
= mtod(m
, struct sadb_comb
*);
6372 bzero(comb
, sizeof(*comb
));
6373 key_getcomb_setlifetime(comb
);
6374 comb
->sadb_comb_encrypt
= i
;
6375 /* what should we set into sadb_comb_*_{min,max}bits? */
6382 * XXX no way to pass mode (transport/tunnel) to userland
6383 * XXX replay checking?
6384 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6386 static struct mbuf
*
6388 const struct secasindex
*saidx
;
6390 struct sadb_prop
*prop
;
6392 const int l
= PFKEY_ALIGN8(sizeof(struct sadb_prop
));
6395 switch (saidx
->proto
) {
6398 m
= key_getcomb_esp();
6402 m
= key_getcomb_ah();
6404 case IPPROTO_IPCOMP
:
6405 m
= key_getcomb_ipcomp();
6413 M_PREPEND(m
, l
, M_DONTWAIT
);
6418 for (n
= m
; n
; n
= n
->m_next
)
6421 prop
= mtod(m
, struct sadb_prop
*);
6422 bzero(prop
, sizeof(*prop
));
6423 prop
->sadb_prop_len
= PFKEY_UNIT64(totlen
);
6424 prop
->sadb_prop_exttype
= SADB_EXT_PROPOSAL
;
6425 prop
->sadb_prop_replay
= 32; /* XXX */
6431 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6433 * <base, SA, address(SD), (address(P)), x_policy,
6434 * (identity(SD),) (sensitivity,) proposal>
6435 * to KMD, and expect to receive
6436 * <base> with SADB_ACQUIRE if error occurred,
6438 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6439 * from KMD by PF_KEY.
6441 * XXX x_policy is outside of RFC2367 (KAME extension).
6442 * XXX sensitivity is not supported.
6443 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6444 * see comment for key_getcomb_ipcomp().
6448 * others: error number
6451 key_acquire(saidx
, sp
)
6452 struct secasindex
*saidx
;
6453 struct secpolicy
*sp
;
6455 struct mbuf
*result
= NULL
, *m
;
6456 #ifndef IPSEC_NONBLOCK_ACQUIRE
6457 struct secacq
*newacq
;
6463 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
6467 panic("key_acquire: NULL pointer is passed.\n");
6468 if ((satype
= key_proto2satype(saidx
->proto
)) == 0)
6469 panic("key_acquire: invalid proto is passed.\n");
6471 #ifndef IPSEC_NONBLOCK_ACQUIRE
6473 * We never do anything about acquirng SA. There is anather
6474 * solution that kernel blocks to send SADB_ACQUIRE message until
6475 * getting something message from IKEd. In later case, to be
6476 * managed with ACQUIRING list.
6478 /* get a entry to check whether sending message or not. */
6479 lck_mtx_lock(sadb_mutex
);
6480 if ((newacq
= key_getacq(saidx
)) != NULL
) {
6481 if (key_blockacq_count
< newacq
->count
) {
6482 /* reset counter and do send message. */
6485 /* increment counter and do nothing. */
6487 lck_mtx_unlock(sadb_mutex
);
6491 /* make new entry for blocking to send SADB_ACQUIRE. */
6492 if ((newacq
= key_newacq(saidx
)) == NULL
) {
6493 lck_mtx_unlock(sadb_mutex
);
6497 /* add to acqtree */
6498 LIST_INSERT_HEAD(&acqtree
, newacq
, chain
);
6501 lck_mtx_unlock(sadb_mutex
);
6504 seq
= (acq_seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
));
6506 m
= key_setsadbmsg(SADB_ACQUIRE
, 0, satype
, seq
, 0, 0);
6513 /* set sadb_address for saidx's. */
6514 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
6515 (struct sockaddr
*)&saidx
->src
, FULLMASK
, IPSEC_ULPROTO_ANY
);
6522 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
6523 (struct sockaddr
*)&saidx
->dst
, FULLMASK
, IPSEC_ULPROTO_ANY
);
6530 /* XXX proxy address (optional) */
6532 /* set sadb_x_policy */
6534 m
= key_setsadbxpolicy(sp
->policy
, sp
->spidx
.dir
, sp
->id
);
6542 /* XXX identity (optional) */
6544 if (idexttype
&& fqdn
) {
6545 /* create identity extension (FQDN) */
6546 struct sadb_ident
*id
;
6549 fqdnlen
= strlen(fqdn
) + 1; /* +1 for terminating-NUL */
6550 id
= (struct sadb_ident
*)p
;
6551 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
6552 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(fqdnlen
));
6553 id
->sadb_ident_exttype
= idexttype
;
6554 id
->sadb_ident_type
= SADB_IDENTTYPE_FQDN
;
6555 bcopy(fqdn
, id
+ 1, fqdnlen
);
6556 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(fqdnlen
);
6560 /* create identity extension (USERFQDN) */
6561 struct sadb_ident
*id
;
6565 /* +1 for terminating-NUL */
6566 userfqdnlen
= strlen(userfqdn
) + 1;
6569 id
= (struct sadb_ident
*)p
;
6570 bzero(id
, sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
6571 id
->sadb_ident_len
= PFKEY_UNIT64(sizeof(*id
) + PFKEY_ALIGN8(userfqdnlen
));
6572 id
->sadb_ident_exttype
= idexttype
;
6573 id
->sadb_ident_type
= SADB_IDENTTYPE_USERFQDN
;
6574 /* XXX is it correct? */
6575 if (curproc
&& curproc
->p_cred
)
6576 id
->sadb_ident_id
= curproc
->p_cred
->p_ruid
;
6577 if (userfqdn
&& userfqdnlen
)
6578 bcopy(userfqdn
, id
+ 1, userfqdnlen
);
6579 p
+= sizeof(struct sadb_ident
) + PFKEY_ALIGN8(userfqdnlen
);
6583 /* XXX sensitivity (optional) */
6585 /* create proposal/combination extension */
6586 m
= key_getprop(saidx
);
6589 * spec conformant: always attach proposal/combination extension,
6590 * the problem is that we have no way to attach it for ipcomp,
6591 * due to the way sadb_comb is declared in RFC2367.
6600 * outside of spec; make proposal/combination extension optional.
6606 if ((result
->m_flags
& M_PKTHDR
) == 0) {
6611 if (result
->m_len
< sizeof(struct sadb_msg
)) {
6612 result
= m_pullup(result
, sizeof(struct sadb_msg
));
6613 if (result
== NULL
) {
6619 result
->m_pkthdr
.len
= 0;
6620 for (m
= result
; m
; m
= m
->m_next
)
6621 result
->m_pkthdr
.len
+= m
->m_len
;
6623 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
6624 PFKEY_UNIT64(result
->m_pkthdr
.len
);
6626 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
6634 #ifndef IPSEC_NONBLOCK_ACQUIRE
6635 static struct secacq
*
6637 struct secasindex
*saidx
;
6639 struct secacq
*newacq
;
6643 KMALLOC_NOWAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
6644 if (newacq
== NULL
) {
6645 lck_mtx_unlock(sadb_mutex
);
6646 KMALLOC_WAIT(newacq
, struct secacq
*, sizeof(struct secacq
));
6647 lck_mtx_lock(sadb_mutex
);
6648 if (newacq
== NULL
) {
6649 ipseclog((LOG_DEBUG
, "key_newacq: No more memory.\n"));
6653 bzero(newacq
, sizeof(*newacq
));
6656 bcopy(saidx
, &newacq
->saidx
, sizeof(newacq
->saidx
));
6657 newacq
->seq
= (acq_seq
== ~0 ? 1 : ++acq_seq
);
6659 newacq
->created
= tv
.tv_sec
;
6665 static struct secacq
*
6667 struct secasindex
*saidx
;
6671 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6673 LIST_FOREACH(acq
, &acqtree
, chain
) {
6674 if (key_cmpsaidx(saidx
, &acq
->saidx
, CMP_EXACTLY
))
6681 static struct secacq
*
6682 key_getacqbyseq(seq
)
6687 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6689 LIST_FOREACH(acq
, &acqtree
, chain
) {
6690 if (acq
->seq
== seq
)
6698 static struct secspacq
*
6700 struct secpolicyindex
*spidx
;
6702 struct secspacq
*acq
;
6706 KMALLOC_NOWAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
6708 lck_mtx_unlock(sadb_mutex
);
6709 KMALLOC_WAIT(acq
, struct secspacq
*, sizeof(struct secspacq
));
6710 lck_mtx_lock(sadb_mutex
);
6712 ipseclog((LOG_DEBUG
, "key_newspacq: No more memory.\n"));
6716 bzero(acq
, sizeof(*acq
));
6719 bcopy(spidx
, &acq
->spidx
, sizeof(acq
->spidx
));
6721 acq
->created
= tv
.tv_sec
;
6727 static struct secspacq
*
6729 struct secpolicyindex
*spidx
;
6731 struct secspacq
*acq
;
6733 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
6735 LIST_FOREACH(acq
, &spacqtree
, chain
) {
6736 if (key_cmpspidx_exactly(spidx
, &acq
->spidx
))
6744 * SADB_ACQUIRE processing,
6745 * in first situation, is receiving
6747 * from the ikmpd, and clear sequence of its secasvar entry.
6749 * In second situation, is receiving
6750 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6751 * from a user land process, and return
6752 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6755 * m will always be freed.
6758 key_acquire2(so
, m
, mhp
)
6761 const struct sadb_msghdr
*mhp
;
6763 const struct sadb_address
*src0
, *dst0
;
6764 struct secasindex saidx
;
6765 struct secashead
*sah
;
6771 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6772 panic("key_acquire2: NULL pointer is passed.\n");
6775 * Error message from KMd.
6776 * We assume that if error was occurred in IKEd, the length of PFKEY
6777 * message is equal to the size of sadb_msg structure.
6778 * We do not raise error even if error occurred in this function.
6780 lck_mtx_lock(sadb_mutex
);
6782 if (mhp
->msg
->sadb_msg_len
== PFKEY_UNIT64(sizeof(struct sadb_msg
))) {
6783 #ifndef IPSEC_NONBLOCK_ACQUIRE
6787 /* check sequence number */
6788 if (mhp
->msg
->sadb_msg_seq
== 0) {
6789 lck_mtx_unlock(sadb_mutex
);
6790 ipseclog((LOG_DEBUG
, "key_acquire2: must specify sequence number.\n"));
6795 if ((acq
= key_getacqbyseq(mhp
->msg
->sadb_msg_seq
)) == NULL
) {
6797 * the specified larval SA is already gone, or we got
6798 * a bogus sequence number. we can silently ignore it.
6800 lck_mtx_unlock(sadb_mutex
);
6805 /* reset acq counter in order to deletion by timehander. */
6807 acq
->created
= tv
.tv_sec
;
6810 lck_mtx_unlock(sadb_mutex
);
6816 * This message is from user land.
6819 /* map satype to proto */
6820 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
6821 lck_mtx_unlock(sadb_mutex
);
6822 ipseclog((LOG_DEBUG
, "key_acquire2: invalid satype is passed.\n"));
6823 return key_senderror(so
, m
, EINVAL
);
6826 if (mhp
->ext
[SADB_EXT_ADDRESS_SRC
] == NULL
||
6827 mhp
->ext
[SADB_EXT_ADDRESS_DST
] == NULL
||
6828 mhp
->ext
[SADB_EXT_PROPOSAL
] == NULL
) {
6830 lck_mtx_unlock(sadb_mutex
);
6831 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
6832 return key_senderror(so
, m
, EINVAL
);
6834 if (mhp
->extlen
[SADB_EXT_ADDRESS_SRC
] < sizeof(struct sadb_address
) ||
6835 mhp
->extlen
[SADB_EXT_ADDRESS_DST
] < sizeof(struct sadb_address
) ||
6836 mhp
->extlen
[SADB_EXT_PROPOSAL
] < sizeof(struct sadb_prop
)) {
6838 lck_mtx_unlock(sadb_mutex
);
6839 ipseclog((LOG_DEBUG
, "key_acquire2: invalid message is passed.\n"));
6840 return key_senderror(so
, m
, EINVAL
);
6843 src0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_SRC
];
6844 dst0
= (struct sadb_address
*)mhp
->ext
[SADB_EXT_ADDRESS_DST
];
6846 /* XXX boundary check against sa_len */
6847 KEY_SETSECASIDX(proto
, IPSEC_MODE_ANY
, 0, src0
+ 1, dst0
+ 1, &saidx
);
6849 /* get a SA index */
6850 LIST_FOREACH(sah
, &sahtree
, chain
) {
6851 if (sah
->state
== SADB_SASTATE_DEAD
)
6853 if (key_cmpsaidx(&sah
->saidx
, &saidx
, CMP_MODE
| CMP_REQID
))
6857 lck_mtx_unlock(sadb_mutex
);
6858 ipseclog((LOG_DEBUG
, "key_acquire2: a SA exists already.\n"));
6859 return key_senderror(so
, m
, EEXIST
);
6861 lck_mtx_unlock(sadb_mutex
);
6862 error
= key_acquire(&saidx
, NULL
);
6864 ipseclog((LOG_DEBUG
, "key_acquire2: error %d returned "
6865 "from key_acquire.\n", mhp
->msg
->sadb_msg_errno
));
6866 return key_senderror(so
, m
, error
);
6869 return key_sendup_mbuf(so
, m
, KEY_SENDUP_REGISTERED
);
6873 * SADB_REGISTER processing.
6874 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
6877 * from the ikmpd, and register a socket to send PF_KEY messages,
6881 * If socket is detached, must free from regnode.
6883 * m will always be freed.
6886 key_register(so
, m
, mhp
)
6889 const struct sadb_msghdr
*mhp
;
6891 struct secreg
*reg
, *newreg
= 0;
6894 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
6895 panic("key_register: NULL pointer is passed.\n");
6897 /* check for invalid register message */
6898 if (mhp
->msg
->sadb_msg_satype
>= sizeof(regtree
)/sizeof(regtree
[0]))
6899 return key_senderror(so
, m
, EINVAL
);
6901 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
6902 if (mhp
->msg
->sadb_msg_satype
== SADB_SATYPE_UNSPEC
)
6905 /* create regnode */
6906 KMALLOC_WAIT(newreg
, struct secreg
*, sizeof(*newreg
));
6907 if (newreg
== NULL
) {
6908 ipseclog((LOG_DEBUG
, "key_register: No more memory.\n"));
6909 return key_senderror(so
, m
, ENOBUFS
);
6911 bzero((caddr_t
)newreg
, sizeof(*newreg
));
6913 lck_mtx_lock(sadb_mutex
);
6914 /* check whether existing or not */
6915 LIST_FOREACH(reg
, ®tree
[mhp
->msg
->sadb_msg_satype
], chain
) {
6916 if (reg
->so
== so
) {
6917 lck_mtx_unlock(sadb_mutex
);
6918 ipseclog((LOG_DEBUG
, "key_register: socket exists already.\n"));
6920 return key_senderror(so
, m
, EEXIST
);
6926 ((struct keycb
*)sotorawcb(so
))->kp_registered
++;
6927 socket_unlock(so
, 1);
6929 /* add regnode to regtree. */
6930 LIST_INSERT_HEAD(®tree
[mhp
->msg
->sadb_msg_satype
], newreg
, chain
);
6931 lck_mtx_unlock(sadb_mutex
);
6935 struct sadb_msg
*newmsg
;
6936 struct sadb_supported
*sup
;
6937 u_int len
, alen
, elen
;
6940 struct sadb_alg
*alg
;
6942 /* create new sadb_msg to reply. */
6944 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
6945 if (ah_algorithm_lookup(i
))
6946 alen
+= sizeof(struct sadb_alg
);
6949 alen
+= sizeof(struct sadb_supported
);
6952 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
6953 if (esp_algorithm_lookup(i
))
6954 elen
+= sizeof(struct sadb_alg
);
6957 elen
+= sizeof(struct sadb_supported
);
6960 len
= sizeof(struct sadb_msg
) + alen
+ elen
;
6963 return key_senderror(so
, m
, ENOBUFS
);
6965 MGETHDR(n
, M_DONTWAIT
, MT_DATA
);
6967 MCLGET(n
, M_DONTWAIT
);
6968 if ((n
->m_flags
& M_EXT
) == 0) {
6974 return key_senderror(so
, m
, ENOBUFS
);
6976 n
->m_pkthdr
.len
= n
->m_len
= len
;
6980 m_copydata(m
, 0, sizeof(struct sadb_msg
), mtod(n
, caddr_t
) + off
);
6981 newmsg
= mtod(n
, struct sadb_msg
*);
6982 newmsg
->sadb_msg_errno
= 0;
6983 newmsg
->sadb_msg_len
= PFKEY_UNIT64(len
);
6984 off
+= PFKEY_ALIGN8(sizeof(struct sadb_msg
));
6986 /* for authentication algorithm */
6988 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
6989 sup
->sadb_supported_len
= PFKEY_UNIT64(alen
);
6990 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_AUTH
;
6991 off
+= PFKEY_ALIGN8(sizeof(*sup
));
6993 for (i
= 1; i
<= SADB_AALG_MAX
; i
++) {
6994 const struct ah_algorithm
*aalgo
;
6996 aalgo
= ah_algorithm_lookup(i
);
6999 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
7000 alg
->sadb_alg_id
= i
;
7001 alg
->sadb_alg_ivlen
= 0;
7002 alg
->sadb_alg_minbits
= aalgo
->keymin
;
7003 alg
->sadb_alg_maxbits
= aalgo
->keymax
;
7004 off
+= PFKEY_ALIGN8(sizeof(*alg
));
7009 /* for encryption algorithm */
7011 sup
= (struct sadb_supported
*)(mtod(n
, caddr_t
) + off
);
7012 sup
->sadb_supported_len
= PFKEY_UNIT64(elen
);
7013 sup
->sadb_supported_exttype
= SADB_EXT_SUPPORTED_ENCRYPT
;
7014 off
+= PFKEY_ALIGN8(sizeof(*sup
));
7016 for (i
= 1; i
<= SADB_EALG_MAX
; i
++) {
7017 const struct esp_algorithm
*ealgo
;
7019 ealgo
= esp_algorithm_lookup(i
);
7022 alg
= (struct sadb_alg
*)(mtod(n
, caddr_t
) + off
);
7023 alg
->sadb_alg_id
= i
;
7024 if (ealgo
&& ealgo
->ivlen
) {
7026 * give NULL to get the value preferred by
7027 * algorithm XXX SADB_X_EXT_DERIV ?
7029 alg
->sadb_alg_ivlen
=
7030 (*ealgo
->ivlen
)(ealgo
, NULL
);
7032 alg
->sadb_alg_ivlen
= 0;
7033 alg
->sadb_alg_minbits
= ealgo
->keymin
;
7034 alg
->sadb_alg_maxbits
= ealgo
->keymax
;
7035 off
+= PFKEY_ALIGN8(sizeof(struct sadb_alg
));
7042 panic("length assumption failed in key_register");
7046 return key_sendup_mbuf(so
, n
, KEY_SENDUP_REGISTERED
);
7051 * free secreg entry registered.
7052 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7063 panic("key_freereg: NULL pointer is passed.\n");
7066 * check whether existing or not.
7067 * check all type of SA, because there is a potential that
7068 * one socket is registered to multiple type of SA.
7070 lck_mtx_lock(sadb_mutex
);
7071 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
7072 LIST_FOREACH(reg
, ®tree
[i
], chain
) {
7074 && __LIST_CHAINED(reg
)) {
7075 LIST_REMOVE(reg
, chain
);
7081 lck_mtx_unlock(sadb_mutex
);
7086 * SADB_EXPIRE processing
7088 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7090 * NOTE: We send only soft lifetime extension.
7093 * others : error number
7097 struct secasvar
*sav
;
7100 struct mbuf
*result
= NULL
, *m
;
7103 struct sadb_lifetime
*lt
;
7105 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7109 panic("key_expire: NULL pointer is passed.\n");
7110 if (sav
->sah
== NULL
)
7111 panic("key_expire: Why was SA index in SA NULL.\n");
7112 if ((satype
= key_proto2satype(sav
->sah
->saidx
.proto
)) == 0)
7113 panic("key_expire: invalid proto is passed.\n");
7115 /* set msg header */
7116 m
= key_setsadbmsg(SADB_EXPIRE
, 0, satype
, sav
->seq
, 0, sav
->refcnt
);
7123 /* create SA extension */
7124 m
= key_setsadbsa(sav
);
7131 /* create SA extension */
7132 m
= key_setsadbxsa2(sav
->sah
->saidx
.mode
,
7133 sav
->replay
? sav
->replay
->count
: 0,
7134 sav
->sah
->saidx
.reqid
);
7141 /* create lifetime extension (current and soft) */
7142 len
= PFKEY_ALIGN8(sizeof(*lt
)) * 2;
7143 m
= key_alloc_mbuf(len
);
7144 if (!m
|| m
->m_next
) { /*XXX*/
7150 bzero(mtod(m
, caddr_t
), len
);
7151 lt
= mtod(m
, struct sadb_lifetime
*);
7152 lt
->sadb_lifetime_len
= PFKEY_UNIT64(sizeof(struct sadb_lifetime
));
7153 lt
->sadb_lifetime_exttype
= SADB_EXT_LIFETIME_CURRENT
;
7154 lt
->sadb_lifetime_allocations
= sav
->lft_c
->sadb_lifetime_allocations
;
7155 lt
->sadb_lifetime_bytes
= sav
->lft_c
->sadb_lifetime_bytes
;
7156 lt
->sadb_lifetime_addtime
= sav
->lft_c
->sadb_lifetime_addtime
;
7157 lt
->sadb_lifetime_usetime
= sav
->lft_c
->sadb_lifetime_usetime
;
7158 lt
= (struct sadb_lifetime
*)(mtod(m
, caddr_t
) + len
/ 2);
7159 bcopy(sav
->lft_s
, lt
, sizeof(*lt
));
7162 /* set sadb_address for source */
7163 m
= key_setsadbaddr(SADB_EXT_ADDRESS_SRC
,
7164 (struct sockaddr
*)&sav
->sah
->saidx
.src
,
7165 FULLMASK
, IPSEC_ULPROTO_ANY
);
7172 /* set sadb_address for destination */
7173 m
= key_setsadbaddr(SADB_EXT_ADDRESS_DST
,
7174 (struct sockaddr
*)&sav
->sah
->saidx
.dst
,
7175 FULLMASK
, IPSEC_ULPROTO_ANY
);
7182 if ((result
->m_flags
& M_PKTHDR
) == 0) {
7187 if (result
->m_len
< sizeof(struct sadb_msg
)) {
7188 result
= m_pullup(result
, sizeof(struct sadb_msg
));
7189 if (result
== NULL
) {
7195 result
->m_pkthdr
.len
= 0;
7196 for (m
= result
; m
; m
= m
->m_next
)
7197 result
->m_pkthdr
.len
+= m
->m_len
;
7199 mtod(result
, struct sadb_msg
*)->sadb_msg_len
=
7200 PFKEY_UNIT64(result
->m_pkthdr
.len
);
7202 return key_sendup_mbuf(NULL
, result
, KEY_SENDUP_REGISTERED
);
7211 * SADB_FLUSH processing
7214 * from the ikmpd, and free all entries in secastree.
7218 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7220 * m will always be freed.
7223 key_flush(so
, m
, mhp
)
7226 const struct sadb_msghdr
*mhp
;
7228 struct sadb_msg
*newmsg
;
7229 struct secashead
*sah
, *nextsah
;
7230 struct secasvar
*sav
, *nextsav
;
7236 if (so
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7237 panic("key_flush: NULL pointer is passed.\n");
7239 /* map satype to proto */
7240 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7241 ipseclog((LOG_DEBUG
, "key_flush: invalid satype is passed.\n"));
7242 return key_senderror(so
, m
, EINVAL
);
7245 lck_mtx_lock(sadb_mutex
);
7247 /* no SATYPE specified, i.e. flushing all SA. */
7248 for (sah
= LIST_FIRST(&sahtree
);
7251 nextsah
= LIST_NEXT(sah
, chain
);
7253 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
7254 && proto
!= sah
->saidx
.proto
)
7258 stateidx
< _ARRAYLEN(saorder_state_alive
);
7260 state
= saorder_state_any
[stateidx
];
7261 for (sav
= LIST_FIRST(&sah
->savtree
[state
]);
7265 nextsav
= LIST_NEXT(sav
, chain
);
7267 key_sa_chgstate(sav
, SADB_SASTATE_DEAD
);
7268 key_freesav(sav
, KEY_SADB_LOCKED
);
7272 sah
->state
= SADB_SASTATE_DEAD
;
7274 lck_mtx_unlock(sadb_mutex
);
7276 if (m
->m_len
< sizeof(struct sadb_msg
) ||
7277 sizeof(struct sadb_msg
) > m
->m_len
+ M_TRAILINGSPACE(m
)) {
7278 ipseclog((LOG_DEBUG
, "key_flush: No more memory.\n"));
7279 return key_senderror(so
, m
, ENOBUFS
);
7285 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct sadb_msg
);
7286 newmsg
= mtod(m
, struct sadb_msg
*);
7287 newmsg
->sadb_msg_errno
= 0;
7288 newmsg
->sadb_msg_len
= PFKEY_UNIT64(m
->m_pkthdr
.len
);
7290 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
7294 * SADB_DUMP processing
7295 * dump all entries including status of DEAD in SAD.
7298 * from the ikmpd, and dump all secasvar leaves
7303 * m will always be freed.
7306 struct sav_dump_elem
{
7307 struct secasvar
*sav
;
7312 key_dump(so
, m
, mhp
)
7315 const struct sadb_msghdr
*mhp
;
7317 struct secashead
*sah
;
7318 struct secasvar
*sav
;
7319 struct sav_dump_elem
*savbuf
= NULL
, *elem_ptr
;
7324 int cnt
= 0, cnt2
, bufcount
;
7328 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7331 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7332 panic("key_dump: NULL pointer is passed.\n");
7334 /* map satype to proto */
7335 if ((proto
= key_satype2proto(mhp
->msg
->sadb_msg_satype
)) == 0) {
7336 ipseclog((LOG_DEBUG
, "key_dump: invalid satype is passed.\n"));
7337 return key_senderror(so
, m
, EINVAL
);
7340 if ((bufcount
= ipsec_sav_count
) <= 0) {
7344 bufcount
+= 512; /* extra */
7345 KMALLOC_WAIT(savbuf
, struct sav_dump_elem
*, bufcount
* sizeof(struct sav_dump_elem
));
7346 if (savbuf
== NULL
) {
7347 ipseclog((LOG_DEBUG
, "key_dump: No more memory.\n"));
7352 /* count sav entries to be sent to the userland. */
7353 lck_mtx_lock(sadb_mutex
);
7355 LIST_FOREACH(sah
, &sahtree
, chain
) {
7356 if (mhp
->msg
->sadb_msg_satype
!= SADB_SATYPE_UNSPEC
7357 && proto
!= sah
->saidx
.proto
)
7360 /* map proto to satype */
7361 if ((satype
= key_proto2satype(sah
->saidx
.proto
)) == 0) {
7362 lck_mtx_unlock(sadb_mutex
);
7363 ipseclog((LOG_DEBUG
, "key_dump: there was invalid proto in SAD.\n"));
7369 stateidx
< _ARRAYLEN(saorder_state_any
);
7371 state
= saorder_state_any
[stateidx
];
7372 LIST_FOREACH(sav
, &sah
->savtree
[state
], chain
) {
7373 if (cnt
== bufcount
)
7374 break; /* out of buffer space */
7375 elem_ptr
->sav
= sav
;
7376 elem_ptr
->satype
= satype
;
7383 lck_mtx_unlock(sadb_mutex
);
7390 /* send this to the userland, one at a time. */
7394 n
= key_setdumpsa(elem_ptr
->sav
, SADB_DUMP
, elem_ptr
->satype
,
7395 --cnt2
, mhp
->msg
->sadb_msg_pid
);
7402 key_sendup_mbuf(so
, n
, KEY_SENDUP_ONE
);
7410 lck_mtx_lock(sadb_mutex
);
7412 key_freesav((elem_ptr
++)->sav
, KEY_SADB_LOCKED
);
7413 lck_mtx_unlock(sadb_mutex
);
7419 return key_senderror(so
, m
, error
);
7426 * SADB_X_PROMISC processing
7428 * m will always be freed.
7431 key_promisc(so
, m
, mhp
)
7434 const struct sadb_msghdr
*mhp
;
7439 if (so
== NULL
|| m
== NULL
|| mhp
== NULL
|| mhp
->msg
== NULL
)
7440 panic("key_promisc: NULL pointer is passed.\n");
7442 olen
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
7444 if (olen
< sizeof(struct sadb_msg
)) {
7446 return key_senderror(so
, m
, EINVAL
);
7451 } else if (olen
== sizeof(struct sadb_msg
)) {
7452 /* enable/disable promisc mode */
7456 if ((kp
= (struct keycb
*)sotorawcb(so
)) == NULL
)
7457 return key_senderror(so
, m
, EINVAL
);
7458 mhp
->msg
->sadb_msg_errno
= 0;
7459 switch (mhp
->msg
->sadb_msg_satype
) {
7462 kp
->kp_promisc
= mhp
->msg
->sadb_msg_satype
;
7465 socket_unlock(so
, 1);
7466 return key_senderror(so
, m
, EINVAL
);
7468 socket_unlock(so
, 1);
7470 /* send the original message back to everyone */
7471 mhp
->msg
->sadb_msg_errno
= 0;
7472 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
7474 /* send packet as is */
7476 m_adj(m
, PFKEY_ALIGN8(sizeof(struct sadb_msg
)));
7478 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7479 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ALL
);
7483 static int (*key_typesw
[])(struct socket
*, struct mbuf
*,
7484 const struct sadb_msghdr
*) = {
7485 NULL
, /* SADB_RESERVED */
7486 key_getspi
, /* SADB_GETSPI */
7487 key_update
, /* SADB_UPDATE */
7488 key_add
, /* SADB_ADD */
7489 key_delete
, /* SADB_DELETE */
7490 key_get
, /* SADB_GET */
7491 key_acquire2
, /* SADB_ACQUIRE */
7492 key_register
, /* SADB_REGISTER */
7493 NULL
, /* SADB_EXPIRE */
7494 key_flush
, /* SADB_FLUSH */
7495 key_dump
, /* SADB_DUMP */
7496 key_promisc
, /* SADB_X_PROMISC */
7497 NULL
, /* SADB_X_PCHANGE */
7498 key_spdadd
, /* SADB_X_SPDUPDATE */
7499 key_spdadd
, /* SADB_X_SPDADD */
7500 key_spddelete
, /* SADB_X_SPDDELETE */
7501 key_spdget
, /* SADB_X_SPDGET */
7502 NULL
, /* SADB_X_SPDACQUIRE */
7503 key_spddump
, /* SADB_X_SPDDUMP */
7504 key_spdflush
, /* SADB_X_SPDFLUSH */
7505 key_spdadd
, /* SADB_X_SPDSETIDX */
7506 NULL
, /* SADB_X_SPDEXPIRE */
7507 key_spddelete2
, /* SADB_X_SPDDELETE2 */
7511 * parse sadb_msg buffer to process PFKEYv2,
7512 * and create a data to response if needed.
7513 * I think to be dealed with mbuf directly.
7515 * msgp : pointer to pointer to a received buffer pulluped.
7516 * This is rewrited to response.
7517 * so : pointer to socket.
7519 * length for buffer to send to user process.
7526 struct sadb_msg
*msg
;
7527 struct sadb_msghdr mh
;
7532 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7535 if (m
== NULL
|| so
== NULL
)
7536 panic("key_parse: NULL pointer is passed.\n");
7538 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
7539 KEYDEBUG(KEYDEBUG_KEY_DUMP
,
7540 ipseclog((LOG_DEBUG
, "key_parse: passed sadb_msg\n"));
7544 if (m
->m_len
< sizeof(struct sadb_msg
)) {
7545 m
= m_pullup(m
, sizeof(struct sadb_msg
));
7549 msg
= mtod(m
, struct sadb_msg
*);
7550 orglen
= PFKEY_UNUNIT64(msg
->sadb_msg_len
);
7551 target
= KEY_SENDUP_ONE
;
7553 if ((m
->m_flags
& M_PKTHDR
) == 0 ||
7554 m
->m_pkthdr
.len
!= m
->m_pkthdr
.len
) {
7555 ipseclog((LOG_DEBUG
, "key_parse: invalid message length.\n"));
7556 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
7561 if (msg
->sadb_msg_version
!= PF_KEY_V2
) {
7562 ipseclog((LOG_DEBUG
,
7563 "key_parse: PF_KEY version %u is mismatched.\n",
7564 msg
->sadb_msg_version
));
7565 PFKEY_STAT_INCREMENT(pfkeystat
.out_invver
);
7570 if (msg
->sadb_msg_type
> SADB_MAX
) {
7571 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
7572 msg
->sadb_msg_type
));
7573 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
7578 /* for old-fashioned code - should be nuked */
7579 if (m
->m_pkthdr
.len
> MCLBYTES
) {
7586 MGETHDR(n
, M_DONTWAIT
, MT_DATA
);
7587 if (n
&& m
->m_pkthdr
.len
> MHLEN
) {
7588 MCLGET(n
, M_DONTWAIT
);
7589 if ((n
->m_flags
& M_EXT
) == 0) {
7598 m_copydata(m
, 0, m
->m_pkthdr
.len
, mtod(n
, caddr_t
));
7599 n
->m_pkthdr
.len
= n
->m_len
= m
->m_pkthdr
.len
;
7605 /* align the mbuf chain so that extensions are in contiguous region. */
7606 error
= key_align(m
, &mh
);
7610 if (m
->m_next
) { /*XXX*/
7618 switch (msg
->sadb_msg_satype
) {
7619 case SADB_SATYPE_UNSPEC
:
7620 switch (msg
->sadb_msg_type
) {
7628 ipseclog((LOG_DEBUG
, "key_parse: must specify satype "
7629 "when msg type=%u.\n", msg
->sadb_msg_type
));
7630 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
7635 case SADB_SATYPE_AH
:
7636 case SADB_SATYPE_ESP
:
7637 case SADB_X_SATYPE_IPCOMP
:
7638 switch (msg
->sadb_msg_type
) {
7640 case SADB_X_SPDDELETE
:
7642 case SADB_X_SPDDUMP
:
7643 case SADB_X_SPDFLUSH
:
7644 case SADB_X_SPDSETIDX
:
7645 case SADB_X_SPDUPDATE
:
7646 case SADB_X_SPDDELETE2
:
7647 ipseclog((LOG_DEBUG
, "key_parse: illegal satype=%u\n",
7648 msg
->sadb_msg_type
));
7649 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
7654 case SADB_SATYPE_RSVP
:
7655 case SADB_SATYPE_OSPFV2
:
7656 case SADB_SATYPE_RIPV2
:
7657 case SADB_SATYPE_MIP
:
7658 ipseclog((LOG_DEBUG
, "key_parse: type %u isn't supported.\n",
7659 msg
->sadb_msg_satype
));
7660 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
7663 case 1: /* XXX: What does it do? */
7664 if (msg
->sadb_msg_type
== SADB_X_PROMISC
)
7668 ipseclog((LOG_DEBUG
, "key_parse: invalid type %u is passed.\n",
7669 msg
->sadb_msg_satype
));
7670 PFKEY_STAT_INCREMENT(pfkeystat
.out_invsatype
);
7675 /* check field of upper layer protocol and address family */
7676 if (mh
.ext
[SADB_EXT_ADDRESS_SRC
] != NULL
7677 && mh
.ext
[SADB_EXT_ADDRESS_DST
] != NULL
) {
7678 struct sadb_address
*src0
, *dst0
;
7681 src0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_SRC
]);
7682 dst0
= (struct sadb_address
*)(mh
.ext
[SADB_EXT_ADDRESS_DST
]);
7684 /* check upper layer protocol */
7685 if (src0
->sadb_address_proto
!= dst0
->sadb_address_proto
) {
7686 ipseclog((LOG_DEBUG
, "key_parse: upper layer protocol mismatched.\n"));
7687 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7693 if (PFKEY_ADDR_SADDR(src0
)->sa_family
!=
7694 PFKEY_ADDR_SADDR(dst0
)->sa_family
) {
7695 ipseclog((LOG_DEBUG
, "key_parse: address family mismatched.\n"));
7696 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7700 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
7701 PFKEY_ADDR_SADDR(dst0
)->sa_len
) {
7702 ipseclog((LOG_DEBUG
,
7703 "key_parse: address struct size mismatched.\n"));
7704 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7709 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
7711 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
7712 sizeof(struct sockaddr_in
)) {
7713 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7719 if (PFKEY_ADDR_SADDR(src0
)->sa_len
!=
7720 sizeof(struct sockaddr_in6
)) {
7721 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7727 ipseclog((LOG_DEBUG
,
7728 "key_parse: unsupported address family.\n"));
7729 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7730 error
= EAFNOSUPPORT
;
7734 switch (PFKEY_ADDR_SADDR(src0
)->sa_family
) {
7736 plen
= sizeof(struct in_addr
) << 3;
7739 plen
= sizeof(struct in6_addr
) << 3;
7742 plen
= 0; /*fool gcc*/
7746 /* check max prefix length */
7747 if (src0
->sadb_address_prefixlen
> plen
||
7748 dst0
->sadb_address_prefixlen
> plen
) {
7749 ipseclog((LOG_DEBUG
,
7750 "key_parse: illegal prefixlen.\n"));
7751 PFKEY_STAT_INCREMENT(pfkeystat
.out_invaddr
);
7757 * prefixlen == 0 is valid because there can be a case when
7758 * all addresses are matched.
7762 if (msg
->sadb_msg_type
>= sizeof(key_typesw
)/sizeof(key_typesw
[0]) ||
7763 key_typesw
[msg
->sadb_msg_type
] == NULL
) {
7764 PFKEY_STAT_INCREMENT(pfkeystat
.out_invmsgtype
);
7769 return (*key_typesw
[msg
->sadb_msg_type
])(so
, m
, &mh
);
7772 msg
->sadb_msg_errno
= error
;
7773 return key_sendup_mbuf(so
, m
, target
);
7777 key_senderror(so
, m
, code
)
7782 struct sadb_msg
*msg
;
7784 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_NOTOWNED
);
7786 if (m
->m_len
< sizeof(struct sadb_msg
))
7787 panic("invalid mbuf passed to key_senderror");
7789 msg
= mtod(m
, struct sadb_msg
*);
7790 msg
->sadb_msg_errno
= code
;
7791 return key_sendup_mbuf(so
, m
, KEY_SENDUP_ONE
);
7795 * set the pointer to each header into message buffer.
7796 * m will be freed on error.
7797 * XXX larger-than-MCLBYTES extension?
7802 struct sadb_msghdr
*mhp
;
7805 struct sadb_ext
*ext
;
7811 if (m
== NULL
|| mhp
== NULL
)
7812 panic("key_align: NULL pointer is passed.\n");
7813 if (m
->m_len
< sizeof(struct sadb_msg
))
7814 panic("invalid mbuf passed to key_align");
7817 bzero(mhp
, sizeof(*mhp
));
7819 mhp
->msg
= mtod(m
, struct sadb_msg
*);
7820 mhp
->ext
[0] = (struct sadb_ext
*)mhp
->msg
; /*XXX backward compat */
7822 end
= PFKEY_UNUNIT64(mhp
->msg
->sadb_msg_len
);
7823 extlen
= end
; /*just in case extlen is not updated*/
7824 for (off
= sizeof(struct sadb_msg
); off
< end
; off
+= extlen
) {
7825 n
= m_pulldown(m
, off
, sizeof(struct sadb_ext
), &toff
);
7827 /* m is already freed */
7830 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
7833 switch (ext
->sadb_ext_type
) {
7835 case SADB_EXT_ADDRESS_SRC
:
7836 case SADB_EXT_ADDRESS_DST
:
7837 case SADB_EXT_ADDRESS_PROXY
:
7838 case SADB_EXT_LIFETIME_CURRENT
:
7839 case SADB_EXT_LIFETIME_HARD
:
7840 case SADB_EXT_LIFETIME_SOFT
:
7841 case SADB_EXT_KEY_AUTH
:
7842 case SADB_EXT_KEY_ENCRYPT
:
7843 case SADB_EXT_IDENTITY_SRC
:
7844 case SADB_EXT_IDENTITY_DST
:
7845 case SADB_EXT_SENSITIVITY
:
7846 case SADB_EXT_PROPOSAL
:
7847 case SADB_EXT_SUPPORTED_AUTH
:
7848 case SADB_EXT_SUPPORTED_ENCRYPT
:
7849 case SADB_EXT_SPIRANGE
:
7850 case SADB_X_EXT_POLICY
:
7851 case SADB_X_EXT_SA2
:
7852 /* duplicate check */
7854 * XXX Are there duplication payloads of either
7855 * KEY_AUTH or KEY_ENCRYPT ?
7857 if (mhp
->ext
[ext
->sadb_ext_type
] != NULL
) {
7858 ipseclog((LOG_DEBUG
,
7859 "key_align: duplicate ext_type %u "
7860 "is passed.\n", ext
->sadb_ext_type
));
7862 PFKEY_STAT_INCREMENT(pfkeystat
.out_dupext
);
7867 ipseclog((LOG_DEBUG
,
7868 "key_align: invalid ext_type %u is passed.\n",
7869 ext
->sadb_ext_type
));
7871 PFKEY_STAT_INCREMENT(pfkeystat
.out_invexttype
);
7875 extlen
= PFKEY_UNUNIT64(ext
->sadb_ext_len
);
7877 if (key_validate_ext(ext
, extlen
)) {
7879 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
7883 n
= m_pulldown(m
, off
, extlen
, &toff
);
7885 /* m is already freed */
7888 ext
= (struct sadb_ext
*)(mtod(n
, caddr_t
) + toff
);
7890 mhp
->ext
[ext
->sadb_ext_type
] = ext
;
7891 mhp
->extoff
[ext
->sadb_ext_type
] = off
;
7892 mhp
->extlen
[ext
->sadb_ext_type
] = extlen
;
7897 PFKEY_STAT_INCREMENT(pfkeystat
.out_invlen
);
7905 key_validate_ext(ext
, len
)
7906 const struct sadb_ext
*ext
;
7909 struct sockaddr
*sa
;
7910 enum { NONE
, ADDR
} checktype
= NONE
;
7912 const int sal
= offsetof(struct sockaddr
, sa_len
) + sizeof(sa
->sa_len
);
7914 if (len
!= PFKEY_UNUNIT64(ext
->sadb_ext_len
))
7917 /* if it does not match minimum/maximum length, bail */
7918 if (ext
->sadb_ext_type
>= sizeof(minsize
) / sizeof(minsize
[0]) ||
7919 ext
->sadb_ext_type
>= sizeof(maxsize
) / sizeof(maxsize
[0]))
7921 if (!minsize
[ext
->sadb_ext_type
] || len
< minsize
[ext
->sadb_ext_type
])
7923 if (maxsize
[ext
->sadb_ext_type
] && len
> maxsize
[ext
->sadb_ext_type
])
7926 /* more checks based on sadb_ext_type XXX need more */
7927 switch (ext
->sadb_ext_type
) {
7928 case SADB_EXT_ADDRESS_SRC
:
7929 case SADB_EXT_ADDRESS_DST
:
7930 case SADB_EXT_ADDRESS_PROXY
:
7931 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_address
));
7934 case SADB_EXT_IDENTITY_SRC
:
7935 case SADB_EXT_IDENTITY_DST
:
7936 if (((struct sadb_ident
*)ext
)->sadb_ident_type
==
7937 SADB_X_IDENTTYPE_ADDR
) {
7938 baselen
= PFKEY_ALIGN8(sizeof(struct sadb_ident
));
7948 switch (checktype
) {
7952 sa
= (struct sockaddr
*)((caddr_t
)ext
+ baselen
);
7953 if (len
< baselen
+ sal
)
7955 if (baselen
+ PFKEY_ALIGN8(sa
->sa_len
) != len
)
7968 bzero((caddr_t
)&key_cb
, sizeof(key_cb
));
7970 for (i
= 0; i
< IPSEC_DIR_MAX
; i
++) {
7971 LIST_INIT(&sptree
[i
]);
7973 ipsec_policy_count
= 0;
7975 LIST_INIT(&sahtree
);
7977 for (i
= 0; i
<= SADB_SATYPE_MAX
; i
++) {
7978 LIST_INIT(®tree
[i
]);
7980 ipsec_sav_count
= 0;
7982 #ifndef IPSEC_NONBLOCK_ACQUIRE
7983 LIST_INIT(&acqtree
);
7985 LIST_INIT(&spacqtree
);
7987 /* system default */
7989 ip4_def_policy
.policy
= IPSEC_POLICY_NONE
;
7990 ip4_def_policy
.refcnt
++; /*never reclaim this*/
7993 ip6_def_policy
.policy
= IPSEC_POLICY_NONE
;
7994 ip6_def_policy
.refcnt
++; /*never reclaim this*/
7997 #ifndef IPSEC_DEBUG2
7998 timeout((void *)key_timehandler
, (void *)0, hz
);
7999 #endif /*IPSEC_DEBUG2*/
8001 /* initialize key statistics */
8002 keystat
.getspi_count
= 1;
8005 printf("IPsec: Initialized Security Association Processing.\n");
8012 * XXX: maybe This function is called after INBOUND IPsec processing.
8014 * Special check for tunnel-mode packets.
8015 * We must make some checks for consistency between inner and outer IP header.
8017 * xxx more checks to be provided
8020 key_checktunnelsanity(
8021 struct secasvar
*sav
,
8022 __unused u_int family
,
8023 __unused caddr_t src
,
8024 __unused caddr_t dst
)
8028 if (sav
->sah
== NULL
)
8029 panic("sav->sah == NULL at key_checktunnelsanity");
8031 /* XXX: check inner IP header */
8036 /* record data transfer on SA, and update timestamps */
8038 key_sa_recordxfer(sav
, m
)
8039 struct secasvar
*sav
;
8045 panic("key_sa_recordxfer called with sav == NULL");
8047 panic("key_sa_recordxfer called with m == NULL");
8051 lck_mtx_lock(sadb_mutex
);
8053 * XXX Currently, there is a difference of bytes size
8054 * between inbound and outbound processing.
8056 sav
->lft_c
->sadb_lifetime_bytes
+= m
->m_pkthdr
.len
;
8057 /* to check bytes lifetime is done in key_timehandler(). */
8060 * We use the number of packets as the unit of
8061 * sadb_lifetime_allocations. We increment the variable
8062 * whenever {esp,ah}_{in,out}put is called.
8064 sav
->lft_c
->sadb_lifetime_allocations
++;
8065 /* XXX check for expires? */
8068 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
8069 * in seconds. HARD and SOFT lifetime are measured by the time
8070 * difference (again in seconds) from sadb_lifetime_usetime.
8074 * -----+-----+--------+---> t
8075 * <--------------> HARD
8081 sav
->lft_c
->sadb_lifetime_usetime
= tv
.tv_sec
;
8082 /* XXX check for expires? */
8084 lck_mtx_unlock(sadb_mutex
);
8091 key_sa_routechange(dst
)
8092 struct sockaddr
*dst
;
8094 struct secashead
*sah
;
8097 lck_mtx_lock(sadb_mutex
);
8098 LIST_FOREACH(sah
, &sahtree
, chain
) {
8099 ro
= &sah
->sa_route
;
8100 if (ro
->ro_rt
&& dst
->sa_len
== ro
->ro_dst
.sa_len
8101 && bcmp(dst
, &ro
->ro_dst
, dst
->sa_len
) == 0) {
8103 ro
->ro_rt
= (struct rtentry
*)NULL
;
8106 lck_mtx_unlock(sadb_mutex
);
8112 key_sa_chgstate(sav
, state
)
8113 struct secasvar
*sav
;
8118 panic("key_sa_chgstate called with sav == NULL");
8120 if (sav
->state
== state
)
8123 lck_mtx_assert(sadb_mutex
, LCK_MTX_ASSERT_OWNED
);
8125 if (__LIST_CHAINED(sav
))
8126 LIST_REMOVE(sav
, chain
);
8129 LIST_INSERT_HEAD(&sav
->sah
->savtree
[state
], sav
, chain
);
8135 struct secasvar
*sav
;
8137 lck_mtx_lock(sadb_mutex
);
8139 panic("key_sa_stir_iv called with sav == NULL");
8140 key_randomfill(sav
->iv
, sav
->ivlen
);
8141 lck_mtx_unlock(sadb_mutex
);
8145 static struct mbuf
*
8149 struct mbuf
*m
= NULL
, *n
;
8154 MGET(n
, M_DONTWAIT
, MT_DATA
);
8155 if (n
&& len
> MLEN
)
8156 MCLGET(n
, M_DONTWAIT
);
8164 n
->m_len
= M_TRAILINGSPACE(n
);
8165 /* use the bottom of mbuf, hoping we can prepend afterwards */
8166 if (n
->m_len
> len
) {
8167 t
= (n
->m_len
- len
) & ~(sizeof(long) - 1);
projects / apple / xnu.git / blob