]> git.saurik.com Git - apple/xnu.git/blob - bsd/netkey/keysock.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.6.56.tar.gz
[apple/xnu.git] / bsd / netkey / keysock.c
1 /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
33
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/systm.h>
37 #include <sys/kernel.h>
38 #include <sys/sysctl.h>
39 #include <sys/mbuf.h>
40 #include <sys/malloc.h>
41 #include <sys/socket.h>
42 #include <sys/socketvar.h>
43 #include <sys/domain.h>
44 #include <sys/protosw.h>
45 #include <sys/errno.h>
46
47 #include <kern/locks.h>
48
49 #include <net/raw_cb.h>
50 #include <net/route.h>
51
52 #include <net/pfkeyv2.h>
53 #include <netkey/keydb.h>
54 #include <netkey/key.h>
55 #include <netkey/keysock.h>
56 #include <netkey/key_debug.h>
57
58 extern lck_mtx_t *raw_mtx;
59 extern lck_mtx_t *sadb_mutex;
60 extern void key_init(void);
61
62 struct sockaddr key_dst = { 2, PF_KEY, };
63 struct sockaddr key_src = { 2, PF_KEY, };
64
65 static int key_sendup0(struct rawcb *, struct mbuf *, int);
66
67 struct pfkeystat pfkeystat;
68
69 /*
70 * key_output()
71 */
72 int
73 #ifdef __APPLE__
74 /* No variable argument support? */
75 key_output(struct mbuf *m, struct socket *so)
76 #else
77 #if __STDC__
78 key_output(struct mbuf *m, ...)
79 #else
80 key_output(m, va_alist)
81 struct mbuf *m;
82 va_dcl
83 #endif
84 #endif
85 {
86 struct sadb_msg *msg;
87 int len, error = 0;
88 #ifndef __APPLE__
89 struct socket *so;
90 va_list ap;
91
92 va_start(ap, m);
93 so = va_arg(ap, struct socket *);
94 va_end(ap);
95 #endif
96
97 if (m == 0)
98 panic("key_output: NULL pointer was passed.\n");
99
100 socket_unlock(so, 0);
101 lck_mtx_lock(sadb_mutex);
102 pfkeystat.out_total++;
103 pfkeystat.out_bytes += m->m_pkthdr.len;
104
105 len = m->m_pkthdr.len;
106 if (len < sizeof(struct sadb_msg)) {
107 #if IPSEC_DEBUG
108 printf("key_output: Invalid message length.\n");
109 #endif
110 pfkeystat.out_tooshort++;
111 error = EINVAL;
112 goto end;
113 }
114
115 if (m->m_len < sizeof(struct sadb_msg)) {
116 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
117 #if IPSEC_DEBUG
118 printf("key_output: can't pullup mbuf\n");
119 #endif
120 pfkeystat.out_nomem++;
121 error = ENOBUFS;
122 goto end;
123 }
124 }
125
126 if ((m->m_flags & M_PKTHDR) == 0)
127 panic("key_output: not M_PKTHDR ??");
128
129 #if IPSEC_DEBUG
130 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
131 #endif /* defined(IPSEC_DEBUG) */
132
133 msg = mtod(m, struct sadb_msg *);
134 pfkeystat.out_msgtype[msg->sadb_msg_type]++;
135 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
136 #if IPSEC_DEBUG
137 printf("key_output: Invalid message length.\n");
138 #endif
139 pfkeystat.out_invlen++;
140 error = EINVAL;
141 goto end;
142 }
143
144 error = key_parse(m, so);
145 m = NULL;
146
147 end:
148 if (m)
149 m_freem(m);
150 lck_mtx_unlock(sadb_mutex);
151 socket_lock(so, 0);
152 return error;
153 }
154
155 /*
156 * send message to the socket.
157 */
158 static int
159 key_sendup0(rp, m, promisc)
160 struct rawcb *rp;
161 struct mbuf *m;
162 int promisc;
163 {
164 int error;
165
166 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
167 if (promisc) {
168 struct sadb_msg *pmsg;
169
170 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
171 if (m && m->m_len < sizeof(struct sadb_msg))
172 m = m_pullup(m, sizeof(struct sadb_msg));
173 if (!m) {
174 #if IPSEC_DEBUG
175 printf("key_sendup0: cannot pullup\n");
176 #endif
177 pfkeystat.in_nomem++;
178 m_freem(m);
179 return ENOBUFS;
180 }
181 m->m_pkthdr.len += sizeof(*pmsg);
182
183 pmsg = mtod(m, struct sadb_msg *);
184 bzero(pmsg, sizeof(*pmsg));
185 pmsg->sadb_msg_version = PF_KEY_V2;
186 pmsg->sadb_msg_type = SADB_X_PROMISC;
187 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
188 /* pid and seq? */
189
190 pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
191 }
192
193 if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
194 m, NULL, &error)) {
195 #if IPSEC_DEBUG
196 printf("key_sendup0: sbappendaddr failed\n");
197 #endif
198 pfkeystat.in_nomem++;
199 }
200 else {
201 sorwakeup(rp->rcb_socket);
202 }
203 return error;
204 }
205
206
207 /* so can be NULL if target != KEY_SENDUP_ONE */
208 int
209 key_sendup_mbuf(so, m, target)
210 struct socket *so;
211 struct mbuf *m;
212 int target;
213 {
214 struct mbuf *n;
215 struct keycb *kp;
216 int sendup;
217 struct rawcb *rp;
218 int error = 0;
219
220 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
221 if (m == NULL)
222 panic("key_sendup_mbuf: NULL pointer was passed.\n");
223 if (so == NULL && target == KEY_SENDUP_ONE)
224 panic("key_sendup_mbuf: NULL pointer was passed.\n");
225
226 pfkeystat.in_total++;
227 pfkeystat.in_bytes += m->m_pkthdr.len;
228 if (m->m_len < sizeof(struct sadb_msg)) {
229 #if 1
230 m = m_pullup(m, sizeof(struct sadb_msg));
231 if (m == NULL) {
232 pfkeystat.in_nomem++;
233 return ENOBUFS;
234 }
235 #else
236 /* don't bother pulling it up just for stats */
237 #endif
238 }
239 if (m->m_len >= sizeof(struct sadb_msg)) {
240 struct sadb_msg *msg;
241 msg = mtod(m, struct sadb_msg *);
242 pfkeystat.in_msgtype[msg->sadb_msg_type]++;
243 }
244
245 lck_mtx_lock(raw_mtx);
246 LIST_FOREACH(rp, &rawcb_list, list)
247 {
248 if (rp->rcb_proto.sp_family != PF_KEY)
249 continue;
250 if (rp->rcb_proto.sp_protocol
251 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
252 continue;
253 }
254
255 kp = (struct keycb *)rp;
256
257 socket_lock(rp->rcb_socket, 1);
258 /*
259 * If you are in promiscuous mode, and when you get broadcasted
260 * reply, you'll get two PF_KEY messages.
261 * (based on pf_key@inner.net message on 14 Oct 1998)
262 */
263 if (((struct keycb *)rp)->kp_promisc) {
264 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
265 (void)key_sendup0(rp, n, 1);
266 n = NULL;
267 }
268 }
269
270 /* the exact target will be processed later */
271 if (so && sotorawcb(so) == rp) {
272 socket_unlock(rp->rcb_socket, 1);
273 continue;
274 }
275
276 sendup = 0;
277 switch (target) {
278 case KEY_SENDUP_ONE:
279 /* the statement has no effect */
280 break;
281 case KEY_SENDUP_ALL:
282 sendup++;
283 break;
284 case KEY_SENDUP_REGISTERED:
285 if (kp->kp_registered)
286 sendup++;
287 break;
288 }
289 pfkeystat.in_msgtarget[target]++;
290
291 if (!sendup) {
292 socket_unlock(rp->rcb_socket, 1);
293 continue;
294 }
295 else
296 sendup = 0; // clear for next iteration
297
298 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
299 #if IPSEC_DEBUG
300 printf("key_sendup: m_copy fail\n");
301 #endif
302 m_freem(m);
303 pfkeystat.in_nomem++;
304 socket_unlock(rp->rcb_socket, 1);
305 lck_mtx_unlock(raw_mtx);
306 return ENOBUFS;
307 }
308
309 /*
310 * ignore error even if queue is full. PF_KEY does not
311 * guarantee the delivery of the message.
312 * this is important when target == KEY_SENDUP_ALL.
313 */
314 key_sendup0(rp, n, 0);
315 socket_unlock(rp->rcb_socket, 1);
316 n = NULL;
317 }
318
319 lck_mtx_unlock(raw_mtx);
320 if (so) {
321 socket_lock(so, 1);
322 error = key_sendup0(sotorawcb(so), m, 0);
323 socket_unlock(so, 1);
324 m = NULL;
325 } else {
326 error = 0;
327 m_freem(m);
328 }
329 return error;
330 }
331
332 /*
333 * key_abort()
334 * derived from net/rtsock.c:rts_abort()
335 */
336 static int
337 key_abort(struct socket *so)
338 {
339 int error;
340 error = raw_usrreqs.pru_abort(so);
341 return error;
342 }
343
344 /*
345 * key_attach()
346 * derived from net/rtsock.c:rts_attach()
347 */
348 static int
349 key_attach(struct socket *so, int proto, struct proc *p)
350 {
351 struct keycb *kp;
352 int error;
353
354 if (sotorawcb(so) != 0)
355 return EISCONN; /* XXX panic? */
356 kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */
357 if (kp == 0)
358 return ENOBUFS;
359 bzero(kp, sizeof *kp);
360
361 so->so_pcb = (caddr_t)kp;
362 kp->kp_promisc = kp->kp_registered = 0;
363 kp->kp_raw.rcb_laddr = &key_src;
364 kp->kp_raw.rcb_faddr = &key_dst;
365
366 error = raw_usrreqs.pru_attach(so, proto, p);
367 kp = (struct keycb *)sotorawcb(so);
368 if (error) {
369 _FREE(kp, M_PCB);
370 so->so_pcb = (caddr_t) 0;
371 so->so_flags |= SOF_PCBCLEARING;
372 printf("key_usrreq: key_usrreq results %d\n", error);
373 return error;
374 }
375
376 socket_lock(so, 1);
377 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
378 key_cb.key_count++;
379 key_cb.any_count++;
380 soisconnected(so);
381 so->so_options |= SO_USELOOPBACK;
382 socket_unlock(so, 1);
383
384 return 0;
385 }
386
387 /*
388 * key_bind()
389 * derived from net/rtsock.c:rts_bind()
390 */
391 static int
392 key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
393 {
394 int error;
395 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
396 return error;
397 }
398
399 /*
400 * key_connect()
401 * derived from net/rtsock.c:rts_connect()
402 */
403 static int
404 key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
405 {
406 int error;
407 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
408 return error;
409 }
410
411 /*
412 * key_detach()
413 * derived from net/rtsock.c:rts_detach()
414 */
415 static int
416 key_detach(struct socket *so)
417 {
418 struct keycb *kp = (struct keycb *)sotorawcb(so);
419 int error;
420
421 if (kp != 0) {
422 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
423 key_cb.key_count--;
424 key_cb.any_count--;
425 socket_unlock(so, 0);
426 lck_mtx_lock(sadb_mutex);
427 key_freereg(so);
428 lck_mtx_unlock(sadb_mutex);
429 socket_lock(so, 0);
430 }
431 error = raw_usrreqs.pru_detach(so);
432 return error;
433 }
434
435 /*
436 * key_disconnect()
437 * derived from net/rtsock.c:key_disconnect()
438 */
439 static int
440 key_disconnect(struct socket *so)
441 {
442 int error;
443 error = raw_usrreqs.pru_disconnect(so);
444 return error;
445 }
446
447 /*
448 * key_peeraddr()
449 * derived from net/rtsock.c:rts_peeraddr()
450 */
451 static int
452 key_peeraddr(struct socket *so, struct sockaddr **nam)
453 {
454 int error;
455 error = raw_usrreqs.pru_peeraddr(so, nam);
456 return error;
457 }
458
459 /*
460 * key_send()
461 * derived from net/rtsock.c:rts_send()
462 */
463 static int
464 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
465 struct mbuf *control, struct proc *p)
466 {
467 int error;
468 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
469 return error;
470 }
471
472 /*
473 * key_shutdown()
474 * derived from net/rtsock.c:rts_shutdown()
475 */
476 static int
477 key_shutdown(struct socket *so)
478 {
479 int error;
480 error = raw_usrreqs.pru_shutdown(so);
481 return error;
482 }
483
484 /*
485 * key_sockaddr()
486 * derived from net/rtsock.c:rts_sockaddr()
487 */
488 static int
489 key_sockaddr(struct socket *so, struct sockaddr **nam)
490 {
491 int error;
492 error = raw_usrreqs.pru_sockaddr(so, nam);
493 return error;
494 }
495
496 struct pr_usrreqs key_usrreqs = {
497 key_abort, pru_accept_notsupp, key_attach, key_bind,
498 key_connect,
499 pru_connect2_notsupp, pru_control_notsupp, key_detach,
500 key_disconnect, pru_listen_notsupp, key_peeraddr,
501 pru_rcvd_notsupp,
502 pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown,
503 key_sockaddr, sosend, soreceive, pru_sopoll_notsupp
504 };
505
506 /* sysctl */
507 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
508
509 /*
510 * Definitions of protocols supported in the KEY domain.
511 */
512
513 extern struct domain keydomain;
514
515 struct protosw keysw[] = {
516 { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR,
517 0, key_output, raw_ctlinput, 0,
518 0,
519 key_init, 0, 0, 0,
520 0,
521 &key_usrreqs,
522 0, 0, 0,
523 }
524 };
525
526 struct domain keydomain =
527 { PF_KEY, "key", key_domain_init, 0, 0,
528 keysw, 0,
529 0,0,
530 sizeof(struct key_cb), 0
531 };
532
533 DOMAIN_SET(key);
mirror of XNU