#include <sys/kernel.h>
#include <sys/syslog.h>
#include <sys/sysctl.h>
+#include <kern/locks.h>
+#include <sys/kauth.h>
#include <net/if.h>
#include <net/route.h>
#define DBG_FNC_GETPOL_ADDR NETDBG_CODE(DBG_NETIPSEC, (2 << 8))
#define DBG_FNC_IPSEC_OUT NETDBG_CODE(DBG_NETIPSEC, (3 << 8))
+extern lck_mtx_t *sadb_mutex;
+extern lck_mtx_t *ip6_mutex;
struct ipsecstat ipsecstat;
int ip4_ah_cleartos = 1;
esp_randpad, CTLFLAG_RW, &ip6_esp_randpad, 0, "");
#endif /* INET6 */
-static int ipsec_setspidx_mbuf
- __P((struct secpolicyindex *, u_int, u_int, struct mbuf *, int));
-static int ipsec4_setspidx_inpcb __P((struct mbuf *, struct inpcb *pcb));
+static int ipsec_setspidx_mbuf(struct secpolicyindex *, u_int, u_int,
+ struct mbuf *, int);
+static int ipsec4_setspidx_inpcb(struct mbuf *, struct inpcb *pcb);
#if INET6
-static int ipsec6_setspidx_in6pcb __P((struct mbuf *, struct in6pcb *pcb));
+static int ipsec6_setspidx_in6pcb(struct mbuf *, struct in6pcb *pcb);
#endif
-static int ipsec_setspidx __P((struct mbuf *, struct secpolicyindex *, int));
-static void ipsec4_get_ulp __P((struct mbuf *m, struct secpolicyindex *, int));
-static int ipsec4_setspidx_ipaddr __P((struct mbuf *, struct secpolicyindex *));
+static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int);
+static void ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
+static int ipsec4_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
#if INET6
-static void ipsec6_get_ulp __P((struct mbuf *m, struct secpolicyindex *, int));
-static int ipsec6_setspidx_ipaddr __P((struct mbuf *, struct secpolicyindex *));
+static void ipsec6_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
+static int ipsec6_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
#endif
-static struct inpcbpolicy *ipsec_newpcbpolicy __P((void));
-static void ipsec_delpcbpolicy __P((struct inpcbpolicy *));
-static struct secpolicy *ipsec_deepcopy_policy __P((struct secpolicy *src));
-static int ipsec_set_policy __P((struct secpolicy **pcb_sp,
- int optname, caddr_t request, size_t len, int priv));
-static int ipsec_get_policy __P((struct secpolicy *pcb_sp, struct mbuf **mp));
-static void vshiftl __P((unsigned char *, int, int));
-static int ipsec_in_reject __P((struct secpolicy *, struct mbuf *));
-static size_t ipsec_hdrsiz __P((struct secpolicy *));
+static struct inpcbpolicy *ipsec_newpcbpolicy(void);
+static void ipsec_delpcbpolicy(struct inpcbpolicy *);
+static struct secpolicy *ipsec_deepcopy_policy(struct secpolicy *src);
+static int ipsec_set_policy(struct secpolicy **pcb_sp,
+ int optname, caddr_t request, size_t len, int priv);
+static int ipsec_get_policy(struct secpolicy *pcb_sp, struct mbuf **mp);
+static void vshiftl(unsigned char *, int, int);
+static int ipsec_in_reject(struct secpolicy *, struct mbuf *);
+static size_t ipsec_hdrsiz(struct secpolicy *);
#if INET
-static struct mbuf *ipsec4_splithdr __P((struct mbuf *));
+static struct mbuf *ipsec4_splithdr(struct mbuf *);
#endif
#if INET6
-static struct mbuf *ipsec6_splithdr __P((struct mbuf *));
+static struct mbuf *ipsec6_splithdr(struct mbuf *);
#endif
#if INET
-static int ipsec4_encapsulate __P((struct mbuf *, struct secasvar *));
+static int ipsec4_encapsulate(struct mbuf *, struct secasvar *);
#endif
#if INET6
-static int ipsec6_encapsulate __P((struct mbuf *, struct secasvar *));
+static int ipsec6_encapsulate(struct mbuf *, struct secasvar *);
#endif
-static struct mbuf *ipsec_addaux __P((struct mbuf *));
-static struct mbuf *ipsec_findaux __P((struct mbuf *));
-static void ipsec_optaux __P((struct mbuf *, struct mbuf *));
+static struct mbuf *ipsec_addaux(struct mbuf *);
+static struct mbuf *ipsec_findaux(struct mbuf *);
+static void ipsec_optaux(struct mbuf *, struct mbuf *);
void ipsec_send_natt_keepalive(struct secasvar *sav);
static int
* 0 : bypass
* EACCES : discard packet.
* ENOENT : ipsec_acquire() in progress, maybe.
- * others : error occured.
+ * others : error occurred.
* others: a pointer to SP
*
* NOTE: IPv6 mapped adddress concern is implemented here.
struct secpolicy *currsp = NULL; /* policy on socket */
struct secpolicy *kernsp = NULL; /* policy on kernel */
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (m == NULL || so == NULL || error == NULL)
panic("ipsec4_getpolicybysock: NULL pointer was passed.\n");
+ if (so->so_pcb == NULL) {
+ printf("ipsec4_getpolicybysock: so->so_pcb == NULL\n");
+ return ipsec4_getpolicybyaddr(m, dir, 0, error);
+ }
+
switch (so->so_proto->pr_domain->dom_family) {
case AF_INET:
pcbsp = sotoinpcb(so)->inp_sp;
* 0 : bypass
* EACCES : discard packet.
* ENOENT : ipsec_acquire() in progress, maybe.
- * others : error occured.
+ * others : error occurred.
*/
struct secpolicy *
ipsec4_getpolicybyaddr(m, dir, flag, error)
if (ipsec_bypass != 0)
return 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL || error == NULL)
panic("ipsec4_getpolicybyaddr: NULL pointer was passed.\n");
* 0 : bypass
* EACCES : discard packet.
* ENOENT : ipsec_acquire() in progress, maybe.
- * others : error occured.
+ * others : error occurred.
* others: a pointer to SP
*/
struct secpolicy *
struct secpolicy *currsp = NULL; /* policy on socket */
struct secpolicy *kernsp = NULL; /* policy on kernel */
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL || so == NULL || error == NULL)
panic("ipsec6_getpolicybysock: NULL pointer was passed.\n");
* 0 : bypass
* EACCES : discard packet.
* ENOENT : ipsec_acquire() in progress, maybe.
- * others : error occured.
+ * others : error occurred.
*/
#ifndef IP_FORWARDING
#define IP_FORWARDING 1
{
struct secpolicy *sp = NULL;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL || error == NULL)
panic("ipsec6_getpolicybyaddr: NULL pointer was passed.\n");
uh.uh_dport;
return;
case IPPROTO_AH:
- if (m->m_pkthdr.len > off + sizeof(ip6e))
+ if (off + sizeof(ip6e) > m->m_pkthdr.len)
return;
m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
off += (ip6e.ip6e_len + 2) << 2;
{
struct inpcbpolicy *new;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (so == NULL || pcb_sp == NULL)
panic("ipsec_init_policy: NULL pointer was passed.\n");
#ifdef __APPLE__
if (so->so_uid == 0)
#else
- if (so->so_cred != 0 && so->so_cred->pc_ucred->cr_uid == 0)
+ if (so->so_cred != 0 && !suser(so->so_cred->pc_ucred, NULL))
#endif
new->priv = 1;
else
if (ipsec_bypass != 0)
return 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
sp = ipsec_deepcopy_policy(old->sp_in);
if (sp) {
key_freesp(new->sp_in);
struct secpolicy *newsp = NULL;
int error;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (pcb_sp == NULL || *pcb_sp == NULL || request == NULL)
return EINVAL;
struct mbuf **mp;
{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (pcb_sp == NULL || mp == NULL)
return EINVAL;
struct secpolicy **pcb_sp;
int error = 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (inp == NULL || request == NULL)
return EINVAL;
struct secpolicy *pcb_sp;
int error = 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (inp == NULL || request == NULL || mp == NULL)
return EINVAL;
ipsec4_delete_pcbpolicy(inp)
struct inpcb *inp;
{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (inp == NULL)
panic("ipsec4_delete_pcbpolicy: NULL pointer was passed.\n");
struct secpolicy **pcb_sp;
int error = 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (in6p == NULL || request == NULL)
return EINVAL;
struct secpolicy *pcb_sp;
int error = 0;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (in6p == NULL || request == NULL || mp == NULL)
return EINVAL;
ipsec6_delete_pcbpolicy(in6p)
struct in6pcb *in6p;
{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check. */
if (in6p == NULL)
panic("ipsec6_delete_pcbpolicy: NULL pointer was passed.\n");
u_int level = 0;
u_int esp_trans_deflev, esp_net_deflev, ah_trans_deflev, ah_net_deflev;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (isr == NULL || isr->sp == NULL)
panic("ipsec_get_reqlevel: NULL pointer is passed.\n");
level = ah_net_deflev;
else
level = ah_trans_deflev;
+ break;
case IPPROTO_IPCOMP:
/*
* we don't really care, as IPcomp document says that
printf("ipsec_in_reject: using SP\n");
kdebug_secpolicy(sp));
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* check policy */
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
int error;
int result;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL)
return 0; /* XXX should be panic ? */
struct mbuf *m;
struct inpcb *inp;
{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
if (inp == NULL)
return ipsec4_in_reject_so(m, NULL);
if (inp->inp_socket)
return ipsec4_in_reject_so(m, inp->inp_socket);
else
panic("ipsec4_in_reject: invalid inpcb/socket");
+
+ /* NOTREACHED */
+ return 0;
}
#if INET6
int error;
int result;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL)
return 0; /* XXX should be panic ? */
struct mbuf *m;
struct in6pcb *in6p;
{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
if (in6p == NULL)
return ipsec6_in_reject_so(m, NULL);
if (in6p->in6p_socket)
return ipsec6_in_reject_so(m, in6p->in6p_socket);
else
panic("ipsec6_in_reject: invalid in6p/socket");
+
+ /* NOTREACHED */
+ return 0;
}
#endif
printf("ipsec_hdrsiz: using SP\n");
kdebug_secpolicy(sp));
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* check policy */
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
int error;
size_t size;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL)
return 0; /* XXX should be panic ? */
int error;
size_t size;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (m == NULL)
return 0; /* XXX shoud be panic ? */
size_t hlen;
size_t plen;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* can't tunnel between different AFs */
if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
struct ip6_hdr *ip6;
size_t plen;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* can't tunnel between different AFs */
if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family
u_int32_t wsizeb; /* constant: bits of window size */
int frlast; /* constant: last frame */
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (sav == NULL)
panic("ipsec_chkreplay: NULL pointer was passed.\n");
u_int32_t wsizeb; /* constant: bits of window size */
int frlast; /* constant: last frame */
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (sav == NULL)
panic("ipsec_chkreplay: NULL pointer was passed.\n");
char *p;
struct secasindex *saidx = &sav->sah->saidx;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* validity check */
if (((struct sockaddr *)&sav->sah->saidx.src)->sa_family
!= ((struct sockaddr *)&sav->sah->saidx.dst)->sa_family)
struct ip *ip = NULL;
struct ipsecrequest *isr = NULL;
struct secasindex saidx;
- int s;
int error;
struct sockaddr_in *dst4;
struct sockaddr_in *sin;
if (!state->dst)
panic("state->dst == NULL in ipsec4_output");
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
KERNEL_DEBUG(DBG_FNC_IPSEC_OUT | DBG_FUNC_START, 0,0,0,0,0);
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
* There may be the case that SA status will be changed when
* we are refering to one. So calling splsoftnet().
*/
- s = splnet();
if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
/*
ipseclog((LOG_ERR, "ipsec4_output: "
"family mismatched between inner and outer spi=%u\n",
(u_int32_t)ntohl(isr->sav->spi)));
- splx(s);
error = EAFNOSUPPORT;
goto bad;
}
state->m = ipsec4_splithdr(state->m);
if (!state->m) {
- splx(s);
error = ENOMEM;
goto bad;
}
error = ipsec4_encapsulate(state->m, isr->sav);
- splx(s);
if (error) {
state->m = NULL;
goto bad;
state->dst = (struct sockaddr *)state->ro->ro_rt->rt_gateway;
dst4 = (struct sockaddr_in *)state->dst;
}
- } else
- splx(s);
+ }
state->m = ipsec4_splithdr(state->m);
if (!state->m) {
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("ipsec6_output_trans: applyed SP\n");
kdebug_secpolicy(sp));
-
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
*tun = 0;
for (isr = sp->req; isr; isr = isr->next) {
if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
* XXX: should we directly notify sockets via
* pfctlinputs?
*/
+ lck_mtx_unlock(sadb_mutex);
icmp6_error(state->m, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_ADMIN, 0);
+ lck_mtx_lock(sadb_mutex);
state->m = NULL; /* icmp6_error freed the mbuf */
goto bad;
}
int error = 0;
int plen;
struct sockaddr_in6* dst6;
- int s;
if (!state)
panic("state == NULL in ipsec6_output_tunnel");
if (!sp)
panic("sp == NULL in ipsec6_output_tunnel");
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("ipsec6_output_tunnel: applyed SP\n");
kdebug_secpolicy(sp));
* There may be the case that SA status will be changed when
* we are refering to one. So calling splsoftnet().
*/
- s = splnet();
if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
/*
ipseclog((LOG_ERR, "ipsec6_output_tunnel: "
"family mismatched between inner and outer, spi=%u\n",
(u_int32_t)ntohl(isr->sav->spi)));
- splx(s);
ipsec6stat.out_inval++;
error = EAFNOSUPPORT;
goto bad;
state->m = ipsec6_splithdr(state->m);
if (!state->m) {
- splx(s);
ipsec6stat.out_nomem++;
error = ENOMEM;
goto bad;
}
error = ipsec6_encapsulate(state->m, isr->sav);
- splx(s);
if (error) {
state->m = 0;
goto bad;
state->dst = (struct sockaddr *)state->ro->ro_rt->rt_gateway;
dst6 = (struct sockaddr_in6 *)state->dst;
}
- } else
- splx(s);
+ }
state->m = ipsec6_splithdr(state->m);
if (!state->m) {
struct secpolicy *sp;
struct ip *oip;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
#if DIAGNOSTIC
if (m->m_len < sizeof(struct ip))
panic("too short mbuf on ipsec4_tunnel_validate");
sp = key_gettunnel((struct sockaddr *)&osrc, (struct sockaddr *)&odst,
(struct sockaddr *)&isrc, (struct sockaddr *)&idst);
- if (!sp)
+ if (!sp) {
return 0;
+ }
key_freesp(sp);
return 1;
struct secpolicy *sp;
struct ip6_hdr *oip6;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
#if DIAGNOSTIC
if (m->m_len < sizeof(struct ip6_hdr))
panic("too short mbuf on ipsec6_tunnel_validate");
struct mbuf *m;
struct udphdr *uh;
struct ip *ip;
-
+ int error;
+
if ((esp_udp_encap_port & 0xFFFF) == 0 || sav->remote_ike_port == 0) return;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
m = m_gethdr(M_NOWAIT, MT_DATA);
if (m == NULL) return;
uh = (struct udphdr*)((char*)m_mtod(m) + sizeof(struct ip));
m->m_len = sizeof(struct udpiphdr) + 1;
bzero(m_mtod(m), m->m_len);
- ip->ip_len = ntohs(m->m_len);
+ m->m_pkthdr.len = m->m_len;
+
+ ip->ip_len = m->m_len;
ip->ip_ttl = ip_defttl;
ip->ip_p = IPPROTO_UDP;
ip->ip_src = ((struct sockaddr_in*)&sav->sah->saidx.src)->sin_addr;
ip->ip_dst = ((struct sockaddr_in*)&sav->sah->saidx.dst)->sin_addr;
- uh->uh_sport = ntohs((u_short)esp_udp_encap_port);
- uh->uh_dport = ntohs(sav->remote_ike_port);
+ uh->uh_sport = htons((u_short)esp_udp_encap_port);
+ uh->uh_dport = htons(sav->remote_ike_port);
uh->uh_ulen = htons(1 + sizeof(struct udphdr));
uh->uh_sum = 0;
*(u_int8_t*)((char*)m_mtod(m) + sizeof(struct ip) + sizeof(struct udphdr)) = 0xFF;
- if (ip_output(m, NULL, &sav->sah->sa_route, IP_NOIPSEC, NULL) == 0)
+ lck_mtx_unlock(sadb_mutex);
+ error = ip_output(m, NULL, &sav->sah->sa_route, IP_NOIPSEC, NULL);
+ lck_mtx_lock(sadb_mutex);
+ if (error == 0)
sav->natt_last_activity = natt_now;
+
}
projects / apple / xnu.git / blobdiff