+/*
+ * Copyright (c) 2008-2011 Apple Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */
+
/* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
* This code is referd to RFC 2367
*/
+#include <machine/endian.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/queue.h>
#include <sys/syslog.h>
+#include <sys/mcache.h>
#include <kern/locks.h>
#include <net/net_osdep.h>
-#ifndef satosin
-#define satosin(s) ((struct sockaddr_in *)s)
-#endif
-
#define FULLMASK 0xff
lck_grp_t *sadb_mutex_grp;
lck_grp_attr_t *sadb_mutex_grp_attr;
lck_attr_t *sadb_mutex_attr;
-lck_mtx_t *sadb_mutex;
-extern lck_mtx_t *nd6_mutex;
+decl_lck_mtx_data(, sadb_mutex_data);
+lck_mtx_t *sadb_mutex = &sadb_mutex_data;
+
+lck_grp_t *pfkey_stat_mutex_grp;
+lck_grp_attr_t *pfkey_stat_mutex_grp_attr;
+lck_attr_t *pfkey_stat_mutex_attr;
+decl_lck_mtx_data(, pfkey_stat_mutex_data);
+lck_mtx_t *pfkey_stat_mutex = &pfkey_stat_mutex_data;
/*
* Note on SA reference counting:
static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
static int key_preferred_oldsa = 0; /* preferred old sa rather than new sa.*/
-static int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
+__private_extern__ int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
+__private_extern__ int ipsec_policy_count = 0;
+static int ipsec_sav_count = 0;
static u_int32_t acq_seq = 0;
static int key_tick_init_random = 0;
0, /* SADB_X_EXT_KMPRIVATE */
sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
+ sizeof(struct sadb_session_id), /* SADB_EXT_SESSION_ID */
+ sizeof(struct sadb_sastat), /* SADB_EXT_SASTAT */
};
static const int maxsize[] = {
sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
0, /* SADB_X_EXT_KMPRIVATE */
0, /* SADB_X_EXT_POLICY */
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
+ 0, /* SADB_EXT_SESSION_ID */
+ 0, /* SADB_EXT_SASTAT */
};
static int ipsec_esp_keymin = 256;
static int ipsec_ah_keymin = 128;
SYSCTL_DECL(_net_key);
-
-SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
+/* Thread safe: no accumulated state */
+SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_debug_level, 0, "");
/* max count of trial for the decision of spi value */
-SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_spi_trycnt, 0, "");
/* minimum spi value to allocate automatically. */
-SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_spi_minval, 0, "");
/* maximun spi value to allocate automatically. */
-SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_spi_maxval, 0, "");
/* interval to initialize randseed */
-SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_int_random, 0, "");
-/* lifetime for larval SA */
-SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
+/* lifetime for larval SA; thread safe due to > compare */
+SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_larval_lifetime, 0, "");
/* counter for blocking to send SADB_ACQUIRE to IKEd */
-SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_blockacq_count, 0, "");
-/* lifetime for blocking to send SADB_ACQUIRE to IKEd */
-SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
+/* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
+SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
&key_blockacq_lifetime, 0, "");
/* ESP auth */
-SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW | CTLFLAG_LOCKED, \
&ipsec_esp_auth, 0, "");
/* minimum ESP key length */
-SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
&ipsec_esp_keymin, 0, "");
/* minimum AH key length */
-SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
+SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
&ipsec_ah_keymin, 0, "");
/* perfered old SA rather than new SA */
-SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
+SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW | CTLFLAG_LOCKED,\
&key_preferred_oldsa, 0, "");
/* time between NATT keepalives in seconds, 0 disabled */
-SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW,\
+SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW | CTLFLAG_LOCKED,\
&natt_keepalive_interval, 0, "");
/* PF_KEY statistics */
-SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD,\
+SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD | CTLFLAG_LOCKED,\
&pfkeystat, pfkeystat, "");
#ifndef LIST_FOREACH
} while (0)
#if 1
-#define KMALLOC(p, t, n) \
- ((p) = (t) _MALLOC((unsigned long)(n), M_SECA, M_NOWAIT))
+#define KMALLOC_WAIT(p, t, n) \
+ ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
+#define KMALLOC_NOWAIT(p, t, n) \
+ ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
#define KFREE(p) \
_FREE((caddr_t)(p), M_SECA);
#else
-#define KMALLOC(p, t, n) \
+#define KMALLOC_WAIT(p, t, n) \
do { \
- ((p) = (t)_MALLOC((unsigned long)(n), M_SECA, M_NOWAIT)); \
- printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
+ ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
+ printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
__FILE__, __LINE__, (p), #t, n); \
} while (0)
+#define KMALLOC_NOWAIT(p, t, n) \
+ do { \
+ ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
+ printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
+ __FILE__, __LINE__, (p), #t, n); \
+ } while (0)
#define KFREE(p) \
do { \
(idx)->proto = (p); \
(idx)->mode = (m); \
(idx)->reqid = (r); \
- bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
- bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
+ bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
+ bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
} while (0)
/* key statistics */
struct _keystat {
- u_long getspi_count; /* the avarage of count to try to get new SPI */
+ u_int32_t getspi_count; /* the avarage of count to try to get new SPI */
} keystat;
struct sadb_msghdr {
int extlen[SADB_EXT_MAX + 1];
};
-static struct secasvar *key_allocsa_policy(struct secasindex *);
-static void key_freesp_so(struct secpolicy **);
-static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
+static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int, u_int16_t);
+static int key_do_get_translated_port(struct secashead *, struct secasvar *, u_int);
static void key_delsp(struct secpolicy *);
static struct secpolicy *key_getsp(struct secpolicyindex *);
static struct secpolicy *key_getspbyid(u_int32_t);
u_int8_t, u_int32_t, u_int32_t);
static u_int key_getspreqmsglen(struct secpolicy *);
static int key_spdexpire(struct secpolicy *);
-static struct secashead *key_newsah(struct secasindex *);
-static void key_delsah(struct secashead *);
+static struct secashead *key_newsah(struct secasindex *, u_int8_t);
static struct secasvar *key_newsav(struct mbuf *,
const struct sadb_msghdr *, struct secashead *, int *);
-static void key_delsav(struct secasvar *);
static struct secashead *key_getsah(struct secasindex *);
static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
static void key_setspi __P((struct secasvar *, u_int32_t));
#if INET6
static int key_ismyaddr6(struct sockaddr_in6 *);
#endif
+static void key_update_natt_keepalive_timestamp(struct secasvar *, struct secasvar *);
/* flags for key_cmpsaidx() */
-#define CMP_HEAD 1 /* protocol, addresses. */
-#define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
-#define CMP_REQID 3 /* additionally HEAD, reaid. */
-#define CMP_EXACTLY 4 /* all elements. */
+#define CMP_HEAD 0x1 /* protocol, addresses. */
+#define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
+#define CMP_REQID 0x4 /* additionally HEAD, reqid. */
+#define CMP_MODE 0x8 /* additionally mode. */
+#define CMP_EXACTLY 0xF /* all elements. */
static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
static int key_cmpspidx_exactly(struct secpolicyindex *,
static int key_senderror(struct socket *, struct mbuf *, int);
static int key_validate_ext(const struct sadb_ext *, int);
static int key_align(struct mbuf *, struct sadb_msghdr *);
-#if 0
-static const char *key_getfqdn(void);
-static const char *key_getuserfqdn(void);
-#endif
-static void key_sa_chgstate(struct secasvar *, u_int8_t);
static struct mbuf *key_alloc_mbuf(int);
+static int key_getsastat (struct socket *, struct mbuf *, const struct sadb_msghdr *);
+static int key_setsaval2(struct secasvar *sav,
+ u_int8_t satype,
+ u_int8_t alg_auth,
+ u_int8_t alg_enc,
+ u_int32_t flags,
+ u_int8_t replay,
+ struct sadb_key *key_auth,
+ u_int16_t key_auth_len,
+ struct sadb_key *key_enc,
+ u_int16_t key_enc_len,
+ u_int16_t natt_port,
+ u_int32_t seq,
+ u_int32_t spi,
+ u_int32_t pid,
+ struct sadb_lifetime *lifetime_hard,
+ struct sadb_lifetime *lifetime_soft);
extern int ipsec_bypass;
-void ipsec_send_natt_keepalive(struct secasvar *sav);
+extern int esp_udp_encap_port;
+int ipsec_send_natt_keepalive(struct secasvar *sav);
+
+void key_init(void);
+
/*
* PF_KEY init
- * setup locks and call raw_init()
+ * setup locks, call raw_init(), and then init timer and associated data
*
*/
void
{
int i;
-
+
+ _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= _MHLEN);
+
sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
sadb_mutex_attr = lck_attr_alloc_init();
- lck_attr_setdefault(sadb_mutex_attr);
- if ((sadb_mutex = lck_mtx_alloc_init(sadb_mutex_grp, sadb_mutex_attr)) == NULL) {
- printf("key_init: can't alloc sadb_mutex\n");
- return;
- }
+ lck_mtx_init(sadb_mutex, sadb_mutex_grp, sadb_mutex_attr);
+
+ pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
+ pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
+ pfkey_stat_mutex_attr = lck_attr_alloc_init();
+
+ lck_mtx_init(pfkey_stat_mutex, pfkey_stat_mutex_grp, pfkey_stat_mutex_attr);
for (i = 0; i < SPIHASHSIZE; i++)
LIST_INIT(&spihash[i]);
raw_init();
+
+ bzero((caddr_t)&key_cb, sizeof(key_cb));
+
+ for (i = 0; i < IPSEC_DIR_MAX; i++) {
+ LIST_INIT(&sptree[i]);
+ }
+ ipsec_policy_count = 0;
+
+ LIST_INIT(&sahtree);
+
+ for (i = 0; i <= SADB_SATYPE_MAX; i++) {
+ LIST_INIT(®tree[i]);
+ }
+ ipsec_sav_count = 0;
+
+#ifndef IPSEC_NONBLOCK_ACQUIRE
+ LIST_INIT(&acqtree);
+#endif
+ LIST_INIT(&spacqtree);
+
+ /* system default */
+#if INET
+ ip4_def_policy.policy = IPSEC_POLICY_NONE;
+ ip4_def_policy.refcnt++; /*never reclaim this*/
+#endif
+#if INET6
+ ip6_def_policy.policy = IPSEC_POLICY_NONE;
+ ip6_def_policy.refcnt++; /*never reclaim this*/
+#endif
+
+#ifndef IPSEC_DEBUG2
+ timeout((void *)key_timehandler, (void *)0, hz);
+#endif /*IPSEC_DEBUG2*/
+
+ /* initialize key statistics */
+ keystat.getspi_count = 1;
+
+#ifndef __APPLE__
+ printf("IPsec: Initialized Security Association Processing.\n");
+#endif
}
* others: found and return the pointer.
*/
struct secpolicy *
-key_allocsp(spidx, dir)
- struct secpolicyindex *spidx;
- u_int dir;
+key_allocsp(
+ struct secpolicyindex *spidx,
+ u_int dir)
{
struct secpolicy *sp;
struct timeval tv;
- int s;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (spidx == NULL)
panic("key_allocsp: NULL pointer is passed.\n");
printf("*** objects\n");
kdebug_secpolicyindex(spidx));
+ lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sp, &sptree[dir], chain) {
KEYDEBUG(KEYDEBUG_IPSEC_DATA,
printf("*** in SPD\n");
if (key_cmpspidx_withmask(&sp->spidx, spidx))
goto found;
}
-
+ lck_mtx_unlock(sadb_mutex);
return NULL;
found:
- /* sanity check */
- KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
/* found a SPD entry */
microtime(&tv);
sp->lastused = tv.tv_sec;
sp->refcnt++;
+ lck_mtx_unlock(sadb_mutex);
+
+ /* sanity check */
+ KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
sp->refcnt, sp));
-
return sp;
}
* XXX slow
*/
struct secpolicy *
-key_gettunnel(osrc, odst, isrc, idst)
- struct sockaddr *osrc, *odst, *isrc, *idst;
+key_gettunnel(
+ struct sockaddr *osrc,
+ struct sockaddr *odst,
+ struct sockaddr *isrc,
+ struct sockaddr *idst)
{
struct secpolicy *sp;
const int dir = IPSEC_DIR_INBOUND;
struct timeval tv;
- int s;
struct ipsecrequest *r1, *r2, *p;
struct sockaddr *os, *od, *is, *id;
struct secpolicyindex spidx;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
if (isrc->sa_family != idst->sa_family) {
ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
isrc->sa_family, idst->sa_family));
return NULL;
}
+ lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sp, &sptree[dir], chain) {
if (sp->state == IPSEC_SPSTATE_DEAD)
continue;
bcopy(isrc, &spidx.src, isrc->sa_len);
bcopy(idst, &spidx.dst, idst->sa_len);
if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
- continue;
+ continue;
} else {
is = (struct sockaddr *)&r1->saidx.src;
id = (struct sockaddr *)&r1->saidx.dst;
goto found;
}
}
-
+ lck_mtx_unlock(sadb_mutex);
return NULL;
found:
microtime(&tv);
sp->lastused = tv.tv_sec;
sp->refcnt++;
+ lck_mtx_unlock(sadb_mutex);
return sp;
}
* ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
*/
int
-key_checkrequest(isr, saidx)
- struct ipsecrequest *isr;
- struct secasindex *saidx;
+key_checkrequest(
+ struct ipsecrequest *isr,
+ struct secasindex *saidx,
+ struct secasvar **sav)
{
u_int level;
int error;
+ struct sockaddr_in *sin;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ *sav = NULL;
+
/* sanity check */
if (isr == NULL || saidx == NULL)
panic("key_checkrequest: NULL pointer is passed.\n");
/* get current level */
level = ipsec_get_reqlevel(isr);
-#if 0
- /*
- * We do allocate new SA only if the state of SA in the holder is
- * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
- */
- if (isr->sav != NULL) {
- if (isr->sav->sah == NULL)
- panic("key_checkrequest: sah is null.\n");
- if (isr->sav == (struct secasvar *)LIST_FIRST(
- &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP checkrequest calls free SA:%p\n",
- isr->sav));
- key_freesav(isr->sav);
- isr->sav = NULL;
- }
- }
-#else
- /*
- * we free any SA stashed in the IPsec request because a different
- * SA may be involved each time this request is checked, either
- * because new SAs are being configured, or this request is
- * associated with an unconnected datagram socket, or this request
- * is associated with a system default policy.
- *
- * The operation may have negative impact to performance. We may
- * want to check cached SA carefully, rather than picking new SA
- * every time.
- */
- if (isr->sav != NULL) {
- key_freesav(isr->sav);
- isr->sav = NULL;
- }
-#endif
/*
- * new SA allocation if no SA found.
* key_allocsa_policy should allocate the oldest SA available.
* See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
*/
- if (isr->sav == NULL)
- isr->sav = key_allocsa_policy(saidx);
+ if (*sav == NULL)
+ *sav = key_allocsa_policy(saidx);
/* When there is SA. */
- if (isr->sav != NULL)
+ if (*sav != NULL)
return 0;
- /* there is no SA */
+ /* There is no SA.
+ *
+ * Remove dst port - used for special natt support - don't call
+ * key_acquire with it.
+ */
+ if (saidx->mode == IPSEC_MODE_TRANSPORT) {
+ sin = (struct sockaddr_in *)&saidx->dst;
+ sin->sin_port = IPSEC_PORT_ANY;
+ }
if ((error = key_acquire(saidx, isr->sp)) != 0) {
/* XXX What should I do ? */
ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
* OUT: NULL: not found.
* others: found and return the pointer.
*/
-static struct secasvar *
-key_allocsa_policy(saidx)
- struct secasindex *saidx;
+u_int32_t sah_search_calls = 0;
+u_int32_t sah_search_count = 0;
+struct secasvar *
+key_allocsa_policy(
+ struct secasindex *saidx)
{
struct secashead *sah;
struct secasvar *sav;
u_int stateidx, state;
const u_int *saorder_state_valid;
int arraysize;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ struct sockaddr_in *sin;
+ u_int16_t dstport;
+
+ lck_mtx_lock(sadb_mutex);
+ sah_search_calls++;
LIST_FOREACH(sah, &sahtree, chain) {
+ sah_search_count++;
if (sah->state == SADB_SASTATE_DEAD)
continue;
- if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
+ if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
goto found;
}
-
+ lck_mtx_unlock(sadb_mutex);
return NULL;
found:
arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
}
+
+ sin = (struct sockaddr_in *)&saidx->dst;
+ dstport = sin->sin_port;
+ if (saidx->mode == IPSEC_MODE_TRANSPORT)
+ sin->sin_port = IPSEC_PORT_ANY;
+
for (stateidx = 0; stateidx < arraysize; stateidx++) {
state = saorder_state_valid[stateidx];
- sav = key_do_allocsa_policy(sah, state);
- if (sav != NULL)
+ sav = key_do_allocsa_policy(sah, state, dstport);
+ if (sav != NULL) {
+ lck_mtx_unlock(sadb_mutex);
return sav;
+ }
}
-
+ lck_mtx_unlock(sadb_mutex);
return NULL;
}
* others : found, pointer to a SA.
*/
static struct secasvar *
-key_do_allocsa_policy(sah, state)
- struct secashead *sah;
- u_int state;
+key_do_allocsa_policy(
+ struct secashead *sah,
+ u_int state,
+ u_int16_t dstport)
{
- struct secasvar *sav, *nextsav, *candidate, *d;
+ struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
- /* initilize */
+ /* initialize */
candidate = NULL;
+ natt_candidate = NULL;
+ no_natt_candidate = NULL;
for (sav = LIST_FIRST(&sah->savtree[state]);
sav != NULL;
/* sanity check */
KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
- /* initialize */
- if (candidate == NULL) {
- candidate = sav;
+ if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
+ ((sav->flags & SADB_X_EXT_NATT) != 0) &&
+ ntohs(dstport) != sav->remote_ike_port)
continue;
- }
+
+ if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
+ ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) &&
+ ntohs(dstport) != sav->remote_ike_port)
+ continue; /* skip this one - not a match - or not UDP */
+
+ if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
+ ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
+ (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
+ ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
+ if (natt_candidate == NULL) {
+ natt_candidate = sav;
+ continue;
+ } else
+ candidate = natt_candidate;
+ } else {
+ if (no_natt_candidate == NULL) {
+ no_natt_candidate = sav;
+ continue;
+ } else
+ candidate = no_natt_candidate;
+ }
/* Which SA is the better ? */
if (key_preferred_oldsa) {
if (candidate->lft_c->sadb_lifetime_addtime >
sav->lft_c->sadb_lifetime_addtime) {
- candidate = sav;
- }
+ if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
+ natt_candidate = sav;
+ else
+ no_natt_candidate = sav;
+ }
continue;
/*NOTREACHED*/
}
if (candidate->lft_c->sadb_lifetime_addtime <
sav->lft_c->sadb_lifetime_addtime) {
d = candidate;
- candidate = sav;
+ if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
+ natt_candidate = sav;
+ else
+ no_natt_candidate = sav;
} else
d = sav;
KEY_SENDUP_REGISTERED))
goto msgfail;
msgfail:
- key_freesav(d);
+ key_freesav(d, KEY_SADB_LOCKED);
}
}
+ /* choose latest if both types present */
+ if (natt_candidate == NULL)
+ candidate = no_natt_candidate;
+ else if (no_natt_candidate == NULL)
+ candidate = natt_candidate;
+ else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
+ candidate = natt_candidate;
+ else if (natt_candidate->lft_c->sadb_lifetime_addtime >
+ no_natt_candidate->lft_c->sadb_lifetime_addtime)
+ candidate = natt_candidate;
+ else
+ candidate = no_natt_candidate;
+
if (candidate) {
candidate->refcnt++;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
* keep source address in IPsec SA. We see a tricky situation here.
*/
struct secasvar *
-key_allocsa(family, src, dst, proto, spi)
- u_int family, proto;
- caddr_t src, dst;
- u_int32_t spi;
+key_allocsa(
+ u_int family,
+ caddr_t src,
+ caddr_t dst,
+ u_int proto,
+ u_int32_t spi)
{
struct secasvar *sav, *match;
u_int stateidx, state, tmpidx, matchidx;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
- int s;
const u_int *saorder_state_valid;
int arraysize;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (src == NULL || dst == NULL)
*/
match = NULL;
matchidx = arraysize;
+ lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
if (sav->spi != spi)
continue;
goto found;
/* not found */
+ lck_mtx_unlock(sadb_mutex);
return NULL;
found:
- match->refcnt++;
+ match->refcnt++;
+ lck_mtx_unlock(sadb_mutex);
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP allocsa cause refcnt++:%d SA:%p\n",
match->refcnt, match));
return match;
}
+u_int16_t
+key_natt_get_translated_port(
+ struct secasvar *outsav)
+{
+
+ struct secasindex saidx;
+ struct secashead *sah;
+ u_int stateidx, state;
+ const u_int *saorder_state_valid;
+ int arraysize;
+
+ /* get sa for incoming */
+ saidx.mode = outsav->sah->saidx.mode;
+ saidx.reqid = 0;
+ saidx.proto = outsav->sah->saidx.proto;
+ bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
+ bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
+
+ lck_mtx_lock(sadb_mutex);
+ LIST_FOREACH(sah, &sahtree, chain) {
+ if (sah->state == SADB_SASTATE_DEAD)
+ continue;
+ if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
+ goto found;
+ }
+ lck_mtx_unlock(sadb_mutex);
+ return 0;
+
+found:
+ /*
+ * Found sah - now go thru list of SAs and find
+ * matching remote ike port. If found - set
+ * sav->natt_encapsulated_src_port and return the port.
+ */
+ /*
+ * search a valid state list for outbound packet.
+ * This search order is important.
+ */
+ if (key_preferred_oldsa) {
+ saorder_state_valid = saorder_state_valid_prefer_old;
+ arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
+ } else {
+ saorder_state_valid = saorder_state_valid_prefer_new;
+ arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
+ }
+
+ for (stateidx = 0; stateidx < arraysize; stateidx++) {
+ state = saorder_state_valid[stateidx];
+ if (key_do_get_translated_port(sah, outsav, state)) {
+ lck_mtx_unlock(sadb_mutex);
+ return outsav->natt_encapsulated_src_port;
+ }
+ }
+ lck_mtx_unlock(sadb_mutex);
+ return 0;
+}
+
+static int
+key_do_get_translated_port(
+ struct secashead *sah,
+ struct secasvar *outsav,
+ u_int state)
+{
+ struct secasvar *currsav, *nextsav, *candidate;
+
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
+ /* initilize */
+ candidate = NULL;
+
+ for (currsav = LIST_FIRST(&sah->savtree[state]);
+ currsav != NULL;
+ currsav = nextsav) {
+
+ nextsav = LIST_NEXT(currsav, chain);
+
+ /* sanity check */
+ KEY_CHKSASTATE(currsav->state, state, "key_do_get_translated_port");
+
+ if ((currsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) == 0 ||
+ currsav->remote_ike_port != outsav->remote_ike_port)
+ continue;
+
+ if (candidate == NULL) {
+ candidate = currsav;
+ continue;
+ }
+
+ /* Which SA is the better ? */
+
+ /* sanity check 2 */
+ if (candidate->lft_c == NULL || currsav->lft_c == NULL)
+ panic("key_do_get_translated_port: "
+ "lifetime_current is NULL.\n");
+
+ /* What the best method is to compare ? */
+ if (key_preferred_oldsa) {
+ if (candidate->lft_c->sadb_lifetime_addtime >
+ currsav->lft_c->sadb_lifetime_addtime) {
+ candidate = currsav;
+ }
+ continue;
+ /*NOTREACHED*/
+ }
+
+ /* prefered new sa rather than old sa */
+ if (candidate->lft_c->sadb_lifetime_addtime <
+ currsav->lft_c->sadb_lifetime_addtime)
+ candidate = currsav;
+ }
+
+ if (candidate) {
+ outsav->natt_encapsulated_src_port = candidate->natt_encapsulated_src_port;
+ return 1;
+ }
+
+ return 0;
+}
+
/*
* Must be called after calling key_allocsp().
* For both the packet without socket and key_freeso().
*/
void
-key_freesp(sp)
- struct secpolicy *sp;
+key_freesp(
+ struct secpolicy *sp,
+ int locked)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sp == NULL)
panic("key_freesp: NULL pointer is passed.\n");
-
+
+ if (!locked)
+ lck_mtx_lock(sadb_mutex);
+ else
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sp->refcnt--;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP freesp cause refcnt--:%d SP:%p\n",
if (sp->refcnt == 0)
key_delsp(sp);
-
+ if (!locked)
+ lck_mtx_unlock(sadb_mutex);
return;
}
#if 0
+static void key_freesp_so(struct secpolicy **);
+
/*
* Must be called after calling key_allocsp().
* For the packet with socket.
*/
void
-key_freeso(so)
- struct socket *so;
+key_freeso(
+ struct socket *so)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL)
panic("key_freeso: NULL pointer is passed.\n");
+ lck_mtx_lock(sadb_mutex);
switch (so->so_proto->pr_domain->dom_family) {
#if INET
case PF_INET:
/* Does it have a PCB ? */
if (pcb == NULL || pcb->inp_sp == NULL)
- return;
+ goto done;
key_freesp_so(&pcb->inp_sp->sp_in);
key_freesp_so(&pcb->inp_sp->sp_out);
}
/* Does it have a PCB ? */
if (pcb == NULL || pcb->inp_sp == NULL)
- return;
+ goto done;
key_freesp_so(&pcb->inp_sp->sp_in);
key_freesp_so(&pcb->inp_sp->sp_out);
#else
/* Does it have a PCB ? */
if (pcb == NULL || pcb->in6p_sp == NULL)
- return;
+ goto done;
key_freesp_so(&pcb->in6p_sp->sp_in);
key_freesp_so(&pcb->in6p_sp->sp_out);
#endif
default:
ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n",
so->so_proto->pr_domain->dom_family));
- return;
+ break;
}
-
+done:
+ lck_mtx_unlock(sadb_mutex);
+
return;
}
-#endif
static void
-key_freesp_so(sp)
- struct secpolicy **sp;
+key_freesp_so(
+ struct secpolicy **sp)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
/* sanity check */
if (sp == NULL || *sp == NULL)
panic("key_freesp_so: sp == NULL\n");
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
switch ((*sp)->policy) {
case IPSEC_POLICY_IPSEC:
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP freeso calls free SP:%p\n", *sp));
- key_freesp(*sp);
+ key_freesp(*sp, KEY_SADB_LOCKED);
*sp = NULL;
break;
case IPSEC_POLICY_ENTRUST:
return;
}
+#endif
+
/*
* Must be called after calling key_allocsa().
* This function is called by key_freesp() to free some SA allocated
* for a policy.
*/
void
-key_freesav(sav)
- struct secasvar *sav;
+key_freesav(
+ struct secasvar *sav,
+ int locked)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sav == NULL)
panic("key_freesav: NULL pointer is passed.\n");
+ if (!locked)
+ lck_mtx_lock(sadb_mutex);
+ else
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sav->refcnt--;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
if (sav->refcnt == 0)
key_delsav(sav);
-
+ if (!locked)
+ lck_mtx_unlock(sadb_mutex);
return;
}
* free security policy entry.
*/
static void
-key_delsp(sp)
- struct secpolicy *sp;
+key_delsp(
+ struct secpolicy *sp)
{
- int s;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sp == NULL)
panic("key_delsp: NULL pointer is passed.\n");
-
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sp->state = IPSEC_SPSTATE_DEAD;
if (sp->refcnt > 0)
return; /* can't free */
- s = splnet(); /*called from softclock()*/
/* remove from SP index */
- if (__LIST_CHAINED(sp))
+ if (__LIST_CHAINED(sp)) {
LIST_REMOVE(sp, chain);
+ ipsec_policy_count--;
+ }
{
- struct ipsecrequest *isr = sp->req, *nextisr;
+ struct ipsecrequest *isr = sp->req, *nextisr;
- while (isr != NULL) {
- if (isr->sav != NULL) {
- KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
- printf("DP delsp calls free SA:%p\n",
- isr->sav));
- key_freesav(isr->sav);
- isr->sav = NULL;
- }
-
- nextisr = isr->next;
- KFREE(isr);
- isr = nextisr;
+ while (isr != NULL) {
+ nextisr = isr->next;
+ KFREE(isr);
+ isr = nextisr;
+ }
}
- }
-
keydb_delsecpolicy(sp);
- splx(s);
-
return;
}
* others : found, pointer to a SP.
*/
static struct secpolicy *
-key_getsp(spidx)
- struct secpolicyindex *spidx;
+key_getsp(
+ struct secpolicyindex *spidx)
{
struct secpolicy *sp;
* others : found, pointer to a SP.
*/
static struct secpolicy *
-key_getspbyid(id)
- u_int32_t id;
+key_getspbyid(
+ u_int32_t id)
{
struct secpolicy *sp;
}
struct secpolicy *
-key_newsp()
+key_newsp(void)
{
struct secpolicy *newsp = NULL;
-
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
newsp = keydb_newsecpolicy();
if (!newsp)
return newsp;
* so must be set properly later.
*/
struct secpolicy *
-key_msg2sp(xpl0, len, error)
- struct sadb_x_policy *xpl0;
- size_t len;
- int *error;
+key_msg2sp(
+ struct sadb_x_policy *xpl0,
+ size_t len,
+ int *error)
{
struct secpolicy *newsp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (xpl0 == NULL)
panic("key_msg2sp: NULL pointer was passed.\n");
/* check policy */
switch (xpl0->sadb_x_policy_type) {
case IPSEC_POLICY_DISCARD:
+ case IPSEC_POLICY_GENERATE:
case IPSEC_POLICY_NONE:
case IPSEC_POLICY_ENTRUST:
case IPSEC_POLICY_BYPASS:
if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
ipseclog((LOG_DEBUG,
"key_msg2sp: Invalid msg length.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
ipseclog((LOG_DEBUG, "key_msg2sp: "
"invalid ipsecrequest length.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
/* allocate request buffer */
- KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
+ KMALLOC_WAIT(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
if ((*p_isr) == NULL) {
ipseclog((LOG_DEBUG,
"key_msg2sp: No more memory.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = ENOBUFS;
return NULL;
}
ipseclog((LOG_DEBUG,
"key_msg2sp: invalid proto type=%u\n",
xisr->sadb_x_ipsecrequest_proto));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EPROTONOSUPPORT;
return NULL;
}
ipseclog((LOG_DEBUG,
"key_msg2sp: invalid mode=%u\n",
xisr->sadb_x_ipsecrequest_mode));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
if (xisr->sadb_x_ipsecrequest_reqid == 0) {
u_int32_t reqid;
if ((reqid = key_newreqid()) == 0) {
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = ENOBUFS;
return NULL;
}
default:
ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
xisr->sadb_x_ipsecrequest_level));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
> sizeof((*p_isr)->saidx.src)) {
ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
"address length.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
> sizeof((*p_isr)->saidx.dst)) {
ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
"address length.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
paddr->sa_len);
}
- (*p_isr)->sav = NULL;
(*p_isr)->sp = newsp;
/* initialization for the next. */
/* validity check */
if (tlen < 0) {
ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
- xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
- + xisr->sadb_x_ipsecrequest_len);
+ xisr = (struct sadb_x_ipsecrequest *)(void *)
+ ((caddr_t)xisr + xisr->sadb_x_ipsecrequest_len);
}
}
break;
default:
ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
*error = EINVAL;
return NULL;
}
}
static u_int32_t
-key_newreqid()
+key_newreqid(void)
{
+ lck_mtx_lock(sadb_mutex);
static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
+ int done = 0;
+
+ /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
+ 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
+ work anymore. Changing the PF_KEY message format would introduce compatibility
+ issues. This code now tests to see if the tentative reqid is in use */
+
+ while (!done) {
+ struct secpolicy *sp;
+ struct ipsecrequest *isr;
+ int dir;
+
+ auto_reqid = (auto_reqid == 0xFFFF
+ ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
+
+ /* check for uniqueness */
+ done = 1;
+ for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
+ LIST_FOREACH(sp, &sptree[dir], chain) {
+ for (isr = sp->req; isr != NULL; isr = isr->next) {
+ if (isr->saidx.reqid == auto_reqid) {
+ done = 0;
+ break;
+ }
+ }
+ if (done == 0)
+ break;
+ }
+ if (done == 0)
+ break;
+ }
+ }
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
- auto_reqid = (auto_reqid == ~0
- ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
-
- /* XXX should be unique check */
-
+ lck_mtx_unlock(sadb_mutex);
return auto_reqid;
}
* copy secpolicy struct to sadb_x_policy structure indicated.
*/
struct mbuf *
-key_sp2msg(sp)
- struct secpolicy *sp;
+key_sp2msg(
+ struct secpolicy *sp)
{
struct sadb_x_policy *xpl;
int tlen;
caddr_t p;
struct mbuf *m;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
/* sanity check. */
if (sp == NULL)
panic("key_sp2msg: NULL pointer was passed.\n");
for (isr = sp->req; isr != NULL; isr = isr->next) {
- xisr = (struct sadb_x_ipsecrequest *)p;
+ xisr = (struct sadb_x_ipsecrequest *)(void *)p;
xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
if (len > MHLEN)
panic("assumption failed");
#endif
- MGETHDR(n, M_DONTWAIT, MT_DATA);
+ MGETHDR(n, M_WAITOK, MT_DATA);
if (!n)
goto fail;
n->m_len = len;
mtod(n, caddr_t));
} else {
n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
- M_DONTWAIT);
+ M_WAITOK);
}
if (n == NULL)
goto fail;
* m will always be freed.
*/
static int
-key_spdadd(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spdadd(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_address *src0, *dst0;
struct sadb_x_policy *xpl0, *xpl;
struct timeval tv;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spdadd: NULL pointer is passed.\n");
ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
}
- lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
+ lft = (struct sadb_lifetime *)
+ (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
}
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
- xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
+ xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
/* make secindex */
/* XXX boundary check against sa_len */
}
/* policy requests are mandatory when action is ipsec. */
- if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
+ if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
&& xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
&& mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
* If the type is either SPDADD or SPDSETIDX AND a SP is found,
* then error.
*/
+ lck_mtx_lock(sadb_mutex);
newsp = key_getsp(&spidx);
if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
if (newsp) {
newsp->state = IPSEC_SPSTATE_DEAD;
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_LOCKED);
}
} else {
if (newsp != NULL) {
- key_freesp(newsp);
+ key_freesp(newsp, KEY_SADB_LOCKED);
ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, EEXIST);
}
}
-
+ lck_mtx_unlock(sadb_mutex);
/* allocation new SP entry */
if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
return key_senderror(so, m, error);
return key_senderror(so, m, EINVAL);
}
#if 1
+ /*
+ * allow IPv6 over IPv4 tunnels using ESP -
+ * otherwise reject if inner and outer address families not equal
+ */
if (newsp->req && newsp->req->saidx.src.ss_family) {
struct sockaddr *sa;
sa = (struct sockaddr *)(src0 + 1);
if (sa->sa_family != newsp->req->saidx.src.ss_family) {
- keydb_delsecpolicy(newsp);
- return key_senderror(so, m, EINVAL);
+ if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
+ || sa->sa_family != AF_INET6 || newsp->req->saidx.src.ss_family != AF_INET) {
+ keydb_delsecpolicy(newsp);
+ return key_senderror(so, m, EINVAL);
+ }
}
}
if (newsp->req && newsp->req->saidx.dst.ss_family) {
struct sockaddr *sa;
sa = (struct sockaddr *)(dst0 + 1);
if (sa->sa_family != newsp->req->saidx.dst.ss_family) {
- keydb_delsecpolicy(newsp);
- return key_senderror(so, m, EINVAL);
+ if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
+ || sa->sa_family != AF_INET6 || newsp->req->saidx.dst.ss_family != AF_INET) {
+ keydb_delsecpolicy(newsp);
+ return key_senderror(so, m, EINVAL);
+ }
}
}
#endif
newsp->refcnt = 1; /* do not reclaim until I say I do */
newsp->state = IPSEC_SPSTATE_ALIVE;
- LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
+ lck_mtx_lock(sadb_mutex);
+ /*
+ * policies of type generate should be at the end of the SPD
+ * because they function as default discard policies
+ */
+ if (newsp->policy == IPSEC_POLICY_GENERATE)
+ LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
+ else { /* XXX until we have policy ordering in the kernel */
+ struct secpolicy *tmpsp;
+
+ LIST_FOREACH(tmpsp, &sptree[newsp->spidx.dir], chain)
+ if (tmpsp->policy == IPSEC_POLICY_GENERATE)
+ break;
+ if (tmpsp)
+ LIST_INSERT_BEFORE(tmpsp, newsp, chain);
+ else
+ LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
+ }
+ ipsec_policy_count++;
/* Turn off the ipsec bypass */
if (ipsec_bypass != 0)
ipsec_bypass = 0;
spacq->created = tv.tv_sec;
spacq->count = 0;
}
- }
+ }
+ lck_mtx_unlock(sadb_mutex);
{
struct mbuf *n, *mpolicy;
/* n is already freed */
return key_senderror(so, m, ENOBUFS);
}
- xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
+ xpl = (struct sadb_x_policy *)(void *)(mtod(mpolicy, caddr_t) + off);
if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
m_freem(n);
return key_senderror(so, m, EINVAL);
* others: success.
*/
static u_int32_t
-key_getnewspid()
+key_getnewspid(void)
{
u_int32_t newid = 0;
int count = key_spi_trycnt; /* XXX */
struct secpolicy *sp;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* when requesting to allocate spi ranged */
+ lck_mtx_lock(sadb_mutex);
while (count--) {
newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
if ((sp = key_getspbyid(newid)) == NULL)
break;
- key_freesp(sp);
+ key_freesp(sp, KEY_SADB_LOCKED);
}
-
+ lck_mtx_unlock(sadb_mutex);
if (count == 0 || newid == 0) {
ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
return 0;
* m will always be freed.
*/
static int
-key_spddelete(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spddelete(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_address *src0, *dst0;
struct sadb_x_policy *xpl0;
struct secpolicyindex spidx;
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spddelete: NULL pointer is passed.\n");
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
- xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
+ xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
/* make secindex */
/* XXX boundary check against sa_len */
}
/* Is there SP in SPD ? */
+ lck_mtx_lock(sadb_mutex);
if ((sp = key_getsp(&spidx)) == NULL) {
ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, EINVAL);
}
xpl0->sadb_x_policy_id = sp->id;
sp->state = IPSEC_SPSTATE_DEAD;
- key_freesp(sp);
+ key_freesp(sp, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
+
{
struct mbuf *n;
* m will always be freed.
*/
static int
-key_spddelete2(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spddelete2(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
u_int32_t id;
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spddelete2: NULL pointer is passed.\n");
return 0;
}
- id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
+ id = ((struct sadb_x_policy *)
+ (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
/* Is there SP in SPD ? */
+ lck_mtx_lock(sadb_mutex);
if ((sp = key_getspbyid(id)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
- key_senderror(so, m, EINVAL);
+ return key_senderror(so, m, EINVAL);
}
sp->state = IPSEC_SPSTATE_DEAD;
- key_freesp(sp);
+ key_freesp(sp, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
{
struct mbuf *n, *nn;
if (len > MCLBYTES)
return key_senderror(so, m, ENOBUFS);
- MGETHDR(n, M_DONTWAIT, MT_DATA);
+ MGETHDR(n, M_WAITOK, MT_DATA);
if (n && len > MHLEN) {
- MCLGET(n, M_DONTWAIT);
+ MCLGET(n, M_WAITOK);
if ((n->m_flags & M_EXT) == 0) {
m_freem(n);
n = NULL;
#endif
n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
- mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
+ mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK);
if (!n->m_next) {
m_freem(n);
return key_senderror(so, m, ENOBUFS);
* m will always be freed.
*/
static int
-key_spdget(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spdget(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
u_int32_t id;
struct secpolicy *sp;
struct mbuf *n;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spdget: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
- id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
+ id = ((struct sadb_x_policy *)
+ (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
/* Is there SP in SPD ? */
+ lck_mtx_lock(sadb_mutex);
if ((sp = key_getspbyid(id)) == NULL) {
ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, ENOENT);
}
-
+ lck_mtx_unlock(sadb_mutex);
n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
if (n != NULL) {
m_freem(m);
* others: error number
*/
int
-key_spdacquire(sp)
- struct secpolicy *sp;
+key_spdacquire(
+ struct secpolicy *sp)
{
struct mbuf *result = NULL, *m;
struct secspacq *newspacq;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (sp == NULL)
panic("key_spdacquire: NULL pointer is passed.\n");
panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
/* get a entry to check whether sent message or not. */
+ lck_mtx_lock(sadb_mutex);
if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
if (key_blockacq_count < newspacq->count) {
/* reset counter and do send message. */
} else {
/* increment counter and do nothing. */
newspacq->count++;
+ lck_mtx_unlock(sadb_mutex);
return 0;
}
} else {
/* make new entry for blocking to send SADB_ACQUIRE. */
- if ((newspacq = key_newspacq(&sp->spidx)) == NULL)
+ if ((newspacq = key_newspacq(&sp->spidx)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
return ENOBUFS;
-
+ }
/* add to acqtree */
LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
}
-
+ lck_mtx_unlock(sadb_mutex);
/* create new sadb_msg to reply. */
m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
if (!m) {
* m will always be freed.
*/
static int
-key_spdflush(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spdflush(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_msg *newmsg;
struct secpolicy *sp;
u_int dir;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spdflush: NULL pointer is passed.\n");
if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
return key_senderror(so, m, EINVAL);
+ lck_mtx_lock(sadb_mutex);
for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
LIST_FOREACH(sp, &sptree[dir], chain) {
sp->state = IPSEC_SPSTATE_DEAD;
}
}
-
+ lck_mtx_unlock(sadb_mutex);
+
if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
return key_senderror(so, m, ENOBUFS);
*
* m will always be freed.
*/
+
static int
-key_spddump(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_spddump(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
- struct secpolicy *sp;
- int cnt;
+ struct secpolicy *sp, **spbuf = NULL, **sp_ptr;
+ int cnt = 0, bufcount;
u_int dir;
struct mbuf *n;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ int error = 0;
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_spddump: NULL pointer is passed.\n");
- /* search SPD entry and get buffer size. */
- cnt = 0;
+ if ((bufcount = ipsec_policy_count) == 0) {
+ error = ENOENT;
+ goto end;
+ }
+ bufcount += 256; /* extra */
+ KMALLOC_WAIT(spbuf, struct secpolicy**, bufcount * sizeof(struct secpolicy*));
+ if (spbuf == NULL) {
+ ipseclog((LOG_DEBUG, "key_spddump: No more memory.\n"));
+ error = ENOMEM;
+ goto end;
+ }
+ lck_mtx_lock(sadb_mutex);
+ /* search SPD entry, make list. */
+ sp_ptr = spbuf;
for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
LIST_FOREACH(sp, &sptree[dir], chain) {
+ if (cnt == bufcount)
+ break; /* buffer full */
+ *sp_ptr++ = sp;
+ sp->refcnt++;
cnt++;
}
}
+ lck_mtx_unlock(sadb_mutex);
- if (cnt == 0)
- return key_senderror(so, m, ENOENT);
-
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
- LIST_FOREACH(sp, &sptree[dir], chain) {
- --cnt;
- n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
- mhp->msg->sadb_msg_pid);
+ if (cnt == 0) {
+ error = ENOENT;
+ goto end;
+ }
+
+ sp_ptr = spbuf;
+ while (cnt) {
+ --cnt;
+ n = key_setdumpsp(*sp_ptr++, SADB_X_SPDDUMP, cnt,
+ mhp->msg->sadb_msg_pid);
- if (n)
- key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
- }
+ if (n)
+ key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
}
+
+ lck_mtx_lock(sadb_mutex);
+ while (sp_ptr > spbuf)
+ key_freesp(*(--sp_ptr), KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
+
+end:
+ if (spbuf)
+ KFREE(spbuf);
+ if (error)
+ return key_senderror(so, m, error);
m_freem(m);
return 0;
+
}
static struct mbuf *
-key_setdumpsp(sp, type, seq, pid)
- struct secpolicy *sp;
- u_int8_t type;
- u_int32_t seq, pid;
+key_setdumpsp(
+ struct secpolicy *sp,
+ u_int8_t type,
+ u_int32_t seq,
+ u_int32_t pid)
{
struct mbuf *result = NULL, *m;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
if (!m)
goto fail;
* get PFKEY message length for security policy and request.
*/
static u_int
-key_getspreqmsglen(sp)
- struct secpolicy *sp;
+key_getspreqmsglen(
+ struct secpolicy *sp)
{
u_int tlen;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
tlen = sizeof(struct sadb_x_policy);
/* if is the policy for ipsec ? */
* others : error number
*/
static int
-key_spdexpire(sp)
- struct secpolicy *sp;
+key_spdexpire(
+ struct secpolicy *sp)
{
- int s;
struct mbuf *result = NULL, *m;
int len;
- int error = -1;
+ int error = EINVAL;
struct sadb_lifetime *lt;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (sp == NULL)
panic("key_spdexpire: NULL pointer is passed.\n");
lt->sadb_lifetime_bytes = 0;
lt->sadb_lifetime_addtime = sp->created;
lt->sadb_lifetime_usetime = sp->lastused;
- lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
+ lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
lt->sadb_lifetime_allocations = 0;
* others : pointer to new SA head.
*/
static struct secashead *
-key_newsah(saidx)
- struct secasindex *saidx;
+key_newsah(
+ struct secasindex *saidx,
+ u_int8_t dir)
{
struct secashead *newsah;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
/* sanity check */
if (saidx == NULL)
panic("key_newsaidx: NULL pointer is passed.\n");
return NULL;
bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
+
+ /* remove the ports */
+ switch (saidx->src.ss_family) {
+ case AF_INET:
+ ((struct sockaddr_in *)(&newsah->saidx.src))->sin_port = IPSEC_PORT_ANY;
+ break;
+ case AF_INET6:
+ ((struct sockaddr_in6 *)(&newsah->saidx.src))->sin6_port = IPSEC_PORT_ANY;
+ break;
+ default:
+ break;
+ }
+ switch (saidx->dst.ss_family) {
+ case AF_INET:
+ ((struct sockaddr_in *)(&newsah->saidx.dst))->sin_port = IPSEC_PORT_ANY;
+ break;
+ case AF_INET6:
+ ((struct sockaddr_in6 *)(&newsah->saidx.dst))->sin6_port = IPSEC_PORT_ANY;
+ break;
+ default:
+ break;
+ }
+ newsah->dir = dir;
/* add to saidxtree */
newsah->state = SADB_SASTATE_MATURE;
LIST_INSERT_HEAD(&sahtree, newsah, chain);
/*
* delete SA index and all SA registerd.
*/
-static void
-key_delsah(sah)
- struct secashead *sah;
+void
+key_delsah(
+ struct secashead *sah)
{
struct secasvar *sav, *nextsav;
u_int stateidx, state;
- int s;
int zombie = 0;
lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
if (sah == NULL)
panic("key_delsah: NULL pointer is passed.\n");
- s = splnet(); /*called from softclock()*/
-
/* searching all SA registerd in the secindex. */
for (stateidx = 0;
stateidx < _ARRAYLEN(saorder_state_any);
/* sanity check */
KEY_CHKSASTATE(state, sav->state, "key_delsah");
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
/* remove back pointer */
sav->sah = NULL;
}
/* don't delete sah only if there are savs. */
- if (zombie) {
- splx(s);
+ if (zombie)
return;
- }
if (sah->sa_route.ro_rt) {
rtfree(sah->sa_route.ro_rt);
KFREE(sah);
- splx(s);
return;
}
* does not modify mbuf. does not free mbuf on error.
*/
static struct secasvar *
-key_newsav(m, mhp, sah, errp)
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
- struct secashead *sah;
- int *errp;
+key_newsav(
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp,
+ struct secashead *sah,
+ int *errp)
{
struct secasvar *newsav;
const struct sadb_sa *xsa;
if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
panic("key_newsa: NULL pointer is passed.\n");
- KMALLOC(newsav, struct secasvar *, sizeof(struct secasvar));
+ KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
if (newsav == NULL) {
- ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
- *errp = ENOBUFS;
- return NULL;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
+ lck_mtx_lock(sadb_mutex);
+ if (newsav == NULL) {
+ ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
+ *errp = ENOBUFS;
+ return NULL;
+ }
}
bzero((caddr_t)newsav, sizeof(struct secasvar));
*errp = EINVAL;
return NULL;
}
- xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ xsa = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
key_setspi(newsav, xsa->sadb_sa_spi);
newsav->seq = mhp->msg->sadb_msg_seq;
break;
if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
*errp = key_setsaval(newsav, m, mhp);
if (*errp) {
+ if (newsav->spihash.le_prev || newsav->spihash.le_next)
+ LIST_REMOVE(newsav, spihash);
KFREE(newsav);
return NULL;
}
newsav->state = SADB_SASTATE_LARVAL;
LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
secasvar, chain);
+ ipsec_sav_count++;
return newsav;
}
/*
- * free() SA variable entry.
+ * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
+ * and copy the values passed into new buffer.
+ * When SAD message type is GETSPI:
+ * to set sequence number from acq_seq++,
+ * to set zero to SPI.
+ * not to call key_setsava().
+ * OUT: NULL : fail
+ * others : pointer to new secasvar.
*/
-static void
-key_delsav(sav)
- struct secasvar *sav;
+struct secasvar *
+key_newsav2(struct secashead *sah,
+ u_int8_t satype,
+ u_int8_t alg_auth,
+ u_int8_t alg_enc,
+ u_int32_t flags,
+ u_int8_t replay,
+ struct sadb_key *key_auth,
+ u_int16_t key_auth_len,
+ struct sadb_key *key_enc,
+ u_int16_t key_enc_len,
+ u_int16_t natt_port,
+ u_int32_t seq,
+ u_int32_t spi,
+ u_int32_t pid,
+ struct sadb_lifetime *lifetime_hard,
+ struct sadb_lifetime *lifetime_soft)
{
+ struct secasvar *newsav;
+
lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
+ /* sanity check */
+ if (sah == NULL)
+ panic("key_newsa: NULL pointer is passed.\n");
+
+ KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
+ if (newsav == NULL) {
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
+ lck_mtx_lock(sadb_mutex);
+ if (newsav == NULL) {
+ ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
+ return NULL;
+ }
+ }
+ bzero((caddr_t)newsav, sizeof(struct secasvar));
+
+#if IPSEC_DOSEQCHECK
+ /* sync sequence number */
+ if (seq == 0)
+ newsav->seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
+ else
+#endif
+ newsav->seq = seq;
+ key_setspi(newsav, spi);
+
+ if (key_setsaval2(newsav,
+ satype,
+ alg_auth,
+ alg_enc,
+ flags,
+ replay,
+ key_auth,
+ key_auth_len,
+ key_enc,
+ key_enc_len,
+ natt_port,
+ seq,
+ spi,
+ pid,
+ lifetime_hard,
+ lifetime_soft)) {
+ if (newsav->spihash.le_prev || newsav->spihash.le_next)
+ LIST_REMOVE(newsav, spihash);
+ KFREE(newsav);
+ return NULL;
+ }
+
+ /* reset created */
+ {
+ struct timeval tv;
+ microtime(&tv);
+ newsav->created = tv.tv_sec;
+ }
+
+ newsav->pid = pid;
+
+ /* add to satree */
+ newsav->sah = sah;
+ newsav->refcnt = 1;
+ if (spi && key_auth && key_auth_len && key_enc && key_enc_len) {
+ newsav->state = SADB_SASTATE_MATURE;
+ LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_MATURE], newsav,
+ secasvar, chain);
+ } else {
+ newsav->state = SADB_SASTATE_LARVAL;
+ LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
+ secasvar, chain);
+ }
+ ipsec_sav_count++;
+
+ return newsav;
+}
+
+/*
+ * free() SA variable entry.
+ */
+void
+key_delsav(
+ struct secasvar *sav)
+{
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
/* sanity check */
if (sav == NULL)
panic("key_delsav: NULL pointer is passed.\n");
if (sav->refcnt > 0)
return; /* can't free */
-
+
/* remove from SA header */
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
+ ipsec_sav_count--;
if (sav->spihash.le_prev || sav->spihash.le_next)
LIST_REMOVE(sav, spihash);
* others : found, pointer to a SA.
*/
static struct secashead *
-key_getsah(saidx)
- struct secasindex *saidx;
+key_getsah(
+ struct secasindex *saidx)
{
struct secashead *sah;
return NULL;
}
+struct secashead *
+key_newsah2 (struct secasindex *saidx,
+ u_int8_t dir)
+{
+ struct secashead *sah;
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
+ sah = key_getsah(saidx);
+ if (!sah) {
+ return(key_newsah(saidx, dir));
+ }
+ return sah;
+}
+
/*
* check not to be duplicated SPI.
* NOTE: this function is too slow due to searching all SAD.
* others : found, pointer to a SA.
*/
static struct secasvar *
-key_checkspidup(saidx, spi)
- struct secasindex *saidx;
- u_int32_t spi;
+key_checkspidup(
+ struct secasindex *saidx,
+ u_int32_t spi)
{
struct secasvar *sav;
u_int stateidx, state;
}
static void
-key_setspi(sav, spi)
- struct secasvar *sav;
- u_int32_t spi;
+key_setspi(
+ struct secasvar *sav,
+ u_int32_t spi)
{
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sav->spi = spi;
if (sav->spihash.le_prev || sav->spihash.le_next)
LIST_REMOVE(sav, spihash);
* others : found, pointer to a SA.
*/
static struct secasvar *
-key_getsavbyspi(sah, spi)
- struct secashead *sah;
- u_int32_t spi;
+key_getsavbyspi(
+ struct secashead *sah,
+ u_int32_t spi)
{
struct secasvar *sav, *match;
u_int stateidx, state, matchidx;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
match = NULL;
matchidx = _ARRAYLEN(saorder_state_alive);
LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
* does not modify mbuf. does not free mbuf on error.
*/
static int
-key_setsaval(sav, m, mhp)
- struct secasvar *sav;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_setsaval(
+ struct secasvar *sav,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
#if IPSEC_ESP
const struct esp_algorithm *algo;
sav->lft_s = NULL;
sav->remote_ike_port = 0;
sav->natt_last_activity = natt_now;
+ sav->natt_encapsulated_src_port = 0;
/* SA */
if (mhp->ext[SADB_EXT_SA] != NULL) {
const struct sadb_sa *sa0;
- sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid message size.\n"));
error = EINVAL;
goto fail;
}
*/
if ((sav->flags & SADB_X_EXT_NATT) != 0) {
if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa_2) ||
- ((struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
+ ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
+ ipseclog((LOG_DEBUG, "key_setsaval: natt port not set.\n"));
error = EINVAL;
goto fail;
}
- sav->remote_ike_port = ((struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
+ sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
}
+
+ /*
+ * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
+ * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
+ * set (we're not behind nat) - otherwise clear it.
+ */
+ if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
+ if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
+ (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
+ sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
/* replay window */
if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
error = 0;
if (len < sizeof(*key0)) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid auth key ext len. len = %d\n", len));
error = EINVAL;
goto fail;
}
error = 0;
if (len < sizeof(*key0)) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid encryption key ext len. len = %d\n", len));
error = EINVAL;
goto fail;
}
case SADB_SATYPE_ESP:
if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
sav->alg_enc != SADB_EALG_NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid ESP algorithm.\n"));
error = EINVAL;
break;
}
break;
}
if (error) {
- ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid key_enc value.\n"));
goto fail;
}
}
sav->ivlen = (*algo->ivlen)(algo, sav);
if (sav->ivlen == 0)
break;
- KMALLOC(sav->iv, caddr_t, sav->ivlen);
+ KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
if (sav->iv == 0) {
- ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
- error = ENOBUFS;
- goto fail;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
+ lck_mtx_lock(sadb_mutex);
+ if (sav->iv == 0) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
}
/* initialize */
sav->created = tv.tv_sec;
/* make lifetime for CURRENT */
- KMALLOC(sav->lft_c, struct sadb_lifetime *,
+ KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
sizeof(struct sadb_lifetime));
if (sav->lft_c == NULL) {
- ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
- error = ENOBUFS;
- goto fail;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
+ sizeof(struct sadb_lifetime));
+ lck_mtx_lock(sadb_mutex);
+ if (sav->lft_c == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
}
microtime(&tv);
{
const struct sadb_lifetime *lft0;
- lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
+ lft0 = (struct sadb_lifetime *)
+ (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
if (lft0 != NULL) {
if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid hard lifetime ext len.\n"));
error = EINVAL;
goto fail;
}
/* to be initialize ? */
}
- lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
+ lft0 = (struct sadb_lifetime *)
+ (void *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
if (lft0 != NULL) {
if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
+ ipseclog((LOG_DEBUG, "key_setsaval: invalid soft lifetime ext len.\n"));
error = EINVAL;
goto fail;
}
}
/*
- * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
- * OUT: 0: valid
- * other: errno
+ * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
+ * You must update these if need.
+ * OUT: 0: success.
+ * !0: failure.
+ *
+ * does not modify mbuf. does not free mbuf on error.
*/
-static int
-key_mature(sav)
- struct secasvar *sav;
+int
+key_setsaval2(struct secasvar *sav,
+ u_int8_t satype,
+ u_int8_t alg_auth,
+ u_int8_t alg_enc,
+ u_int32_t flags,
+ u_int8_t replay,
+ struct sadb_key *key_auth,
+ u_int16_t key_auth_len,
+ struct sadb_key *key_enc,
+ u_int16_t key_enc_len,
+ u_int16_t natt_port,
+ u_int32_t seq,
+ u_int32_t spi,
+ u_int32_t pid,
+ struct sadb_lifetime *lifetime_hard,
+ struct sadb_lifetime *lifetime_soft)
{
- int mature;
- int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
- int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
+#if IPSEC_ESP
+ const struct esp_algorithm *algo;
+#endif
+ int error = 0;
+ struct timeval tv;
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
+ /* initialization */
+ sav->replay = NULL;
+ sav->key_auth = NULL;
+ sav->key_enc = NULL;
+ sav->sched = NULL;
+ sav->schedlen = 0;
+ sav->iv = NULL;
+ sav->lft_c = NULL;
+ sav->lft_h = NULL;
+ sav->lft_s = NULL;
+ sav->remote_ike_port = 0;
+ sav->natt_last_activity = natt_now;
+ sav->natt_encapsulated_src_port = 0;
+
+ sav->alg_auth = alg_auth;
+ sav->alg_enc = alg_enc;
+ sav->flags = flags;
+ sav->pid = pid;
+ sav->seq = seq;
+ key_setspi(sav, htonl(spi));
+
+ /*
+ * Verify that a nat-traversal port was specified if
+ * the nat-traversal flag is set.
+ */
+ if ((sav->flags & SADB_X_EXT_NATT) != 0) {
+ if (natt_port == 0) {
+ ipseclog((LOG_DEBUG, "key_setsaval2: natt port not set.\n"));
+ error = EINVAL;
+ goto fail;
+ }
+ sav->remote_ike_port = natt_port;
+ }
+
+ /*
+ * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
+ * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
+ * set (we're not behind nat) - otherwise clear it.
+ */
+ if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
+ if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
+ (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
+ sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
+
+ /* replay window */
+ if ((flags & SADB_X_EXT_OLD) == 0) {
+ sav->replay = keydb_newsecreplay(replay);
+ if (sav->replay == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+ }
+
+ /* Authentication keys */
+ sav->key_auth = (__typeof__(sav->key_auth))key_newbuf(key_auth, key_auth_len);
+ if (sav->key_auth == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+
+ /* Encryption key */
+ sav->key_enc = (__typeof__(sav->key_enc))key_newbuf(key_enc, key_enc_len);
+ if (sav->key_enc == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+
+ /* set iv */
+ sav->ivlen = 0;
+
+ if (satype == SADB_SATYPE_ESP) {
+#if IPSEC_ESP
+ algo = esp_algorithm_lookup(sav->alg_enc);
+ if (algo && algo->ivlen)
+ sav->ivlen = (*algo->ivlen)(algo, sav);
+ if (sav->ivlen != 0) {
+ KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
+ if (sav->iv == 0) {
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
+ lck_mtx_lock(sadb_mutex);
+ if (sav->iv == 0) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+ }
+ /* initialize */
+ key_randomfill(sav->iv, sav->ivlen);
+ }
+#endif
+ }
+
+ /* reset created */
+ microtime(&tv);
+ sav->created = tv.tv_sec;
+
+ /* make lifetime for CURRENT */
+ KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
+ sizeof(struct sadb_lifetime));
+ if (sav->lft_c == NULL) {
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
+ sizeof(struct sadb_lifetime));
+ lck_mtx_lock(sadb_mutex);
+ if (sav->lft_c == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+ }
+
+ microtime(&tv);
+
+ sav->lft_c->sadb_lifetime_len =
+ PFKEY_UNIT64(sizeof(struct sadb_lifetime));
+ sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
+ sav->lft_c->sadb_lifetime_allocations = 0;
+ sav->lft_c->sadb_lifetime_bytes = 0;
+ sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
+ sav->lft_c->sadb_lifetime_usetime = 0;
+
+ /* lifetimes for HARD and SOFT */
+ sav->lft_h = (__typeof__(sav->lft_h))key_newbuf(lifetime_hard,
+ sizeof(*lifetime_hard));
+ if (sav->lft_h == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+ sav->lft_s = (__typeof__(sav->lft_s))key_newbuf(lifetime_soft,
+ sizeof(*lifetime_soft));
+ if (sav->lft_s == NULL) {
+ ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
+ error = ENOBUFS;
+ goto fail;
+ }
+
+ return 0;
+
+fail:
+ /* initialization */
+ if (sav->replay != NULL) {
+ keydb_delsecreplay(sav->replay);
+ sav->replay = NULL;
+ }
+ if (sav->key_auth != NULL) {
+ bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
+ KFREE(sav->key_auth);
+ sav->key_auth = NULL;
+ }
+ if (sav->key_enc != NULL) {
+ bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
+ KFREE(sav->key_enc);
+ sav->key_enc = NULL;
+ }
+ if (sav->sched) {
+ bzero(sav->sched, sav->schedlen);
+ KFREE(sav->sched);
+ sav->sched = NULL;
+ }
+ if (sav->iv != NULL) {
+ KFREE(sav->iv);
+ sav->iv = NULL;
+ }
+ if (sav->lft_c != NULL) {
+ KFREE(sav->lft_c);
+ sav->lft_c = NULL;
+ }
+ if (sav->lft_h != NULL) {
+ KFREE(sav->lft_h);
+ sav->lft_h = NULL;
+ }
+ if (sav->lft_s != NULL) {
+ KFREE(sav->lft_s);
+ sav->lft_s = NULL;
+ }
+
+ return error;
+}
+
+/*
+ * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
+ * OUT: 0: valid
+ * other: errno
+ */
+static int
+key_mature(
+ struct secasvar *sav)
+{
+ int mature;
+ int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
+ int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
mature = 0;
switch (sav->sah->saidx.proto) {
case IPPROTO_ESP:
case IPPROTO_AH:
- if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
+
+ /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
+ if (ntohl(sav->spi) <= 255) {
ipseclog((LOG_DEBUG,
"key_mature: illegal range of SPI %u.\n",
(u_int32_t)ntohl(sav->spi)));
* subroutine for SADB_GET and SADB_DUMP.
*/
static struct mbuf *
-key_setdumpsa(sav, type, satype, seq, pid)
- struct secasvar *sav;
- u_int8_t type, satype;
- u_int32_t seq, pid;
+key_setdumpsa(
+ struct secasvar *sav,
+ u_int8_t type,
+ u_int8_t satype,
+ u_int32_t seq,
+ u_int32_t pid)
{
struct mbuf *result = NULL, *tres = NULL, *m;
int l = 0;
SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
};
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
if (m == NULL)
goto fail;
if ((!m && !p) || (m && p))
goto fail;
if (p && tres) {
- M_PREPEND(tres, l, M_DONTWAIT);
+ M_PREPEND(tres, l, M_WAITOK);
if (!tres)
goto fail;
bcopy(p, mtod(tres, caddr_t), l);
* set data into sadb_msg.
*/
static struct mbuf *
-key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
- u_int8_t type, satype;
- u_int16_t tlen;
- u_int32_t seq;
- pid_t pid;
- u_int16_t reserved;
+key_setsadbmsg(
+ u_int8_t type,
+ u_int16_t tlen,
+ u_int8_t satype,
+ u_int32_t seq,
+ pid_t pid,
+ u_int16_t reserved)
{
struct mbuf *m;
struct sadb_msg *p;
* copy secasvar data into sadb_address.
*/
static struct mbuf *
-key_setsadbsa(sav)
- struct secasvar *sav;
+key_setsadbsa(
+ struct secasvar *sav)
{
struct mbuf *m;
struct sadb_sa *p;
* set data into sadb_address.
*/
static struct mbuf *
-key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
- u_int16_t exttype;
- struct sockaddr *saddr;
- u_int8_t prefixlen;
- u_int16_t ul_proto;
+key_setsadbaddr(
+ u_int16_t exttype,
+ struct sockaddr *saddr,
+ u_int8_t prefixlen,
+ u_int16_t ul_proto)
{
struct mbuf *m;
struct sadb_address *p;
return m;
}
+/*
+ * set data into sadb_session_id
+ */
+static struct mbuf *
+key_setsadbsession_id (u_int64_t session_ids[])
+{
+ struct mbuf *m;
+ struct sadb_session_id *p;
+ size_t len;
+
+ len = PFKEY_ALIGN8(sizeof(*p));
+ m = key_alloc_mbuf(len);
+ if (!m || m->m_next) { /*XXX*/
+ if (m)
+ m_freem(m);
+ return NULL;
+ }
+
+ p = mtod(m, __typeof__(p));
+
+ bzero(p, len);
+ p->sadb_session_id_len = PFKEY_UNIT64(len);
+ p->sadb_session_id_exttype = SADB_EXT_SESSION_ID;
+ p->sadb_session_id_v[0] = session_ids[0];
+ p->sadb_session_id_v[1] = session_ids[1];
+
+ return m;
+}
+
+/*
+ * copy stats data into sadb_sastat type.
+ */
+static struct mbuf *
+key_setsadbsastat (u_int32_t dir,
+ struct sastat *stats,
+ u_int32_t max_stats)
+{
+ struct mbuf *m;
+ struct sadb_sastat *p;
+ int list_len, len;
+
+ if (!stats) {
+ return NULL;
+ }
+
+ list_len = sizeof(*stats) * max_stats;
+ len = PFKEY_ALIGN8(sizeof(*p)) + PFKEY_ALIGN8(list_len);
+ m = key_alloc_mbuf(len);
+ if (!m || m->m_next) { /*XXX*/
+ if (m)
+ m_freem(m);
+ return NULL;
+ }
+
+ p = mtod(m, __typeof__(p));
+
+ bzero(p, len);
+ p->sadb_sastat_len = PFKEY_UNIT64(len);
+ p->sadb_sastat_exttype = SADB_EXT_SASTAT;
+ p->sadb_sastat_dir = dir;
+ p->sadb_sastat_list_len = max_stats;
+ if (list_len) {
+ bcopy(stats,
+ mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(*p)),
+ list_len);
+ }
+
+ return m;
+}
+
#if 0
/*
* set data into sadb_ident.
*/
static struct mbuf *
-key_setsadbident(exttype, idtype, string, stringlen, id)
- u_int16_t exttype, idtype;
- caddr_t string;
- int stringlen;
- u_int64_t id;
+key_setsadbident(
+ u_int16_t exttype,
+ u_int16_t idtype,
+ caddr_t string,
+ int stringlen,
+ u_int64_t id)
{
struct mbuf *m;
struct sadb_ident *p;
* set data into sadb_x_sa2.
*/
static struct mbuf *
-key_setsadbxsa2(mode, seq, reqid)
- u_int8_t mode;
- u_int32_t seq, reqid;
+key_setsadbxsa2(
+ u_int8_t mode,
+ u_int32_t seq,
+ u_int32_t reqid)
{
struct mbuf *m;
struct sadb_x_sa2 *p;
* set data into sadb_x_policy
*/
static struct mbuf *
-key_setsadbxpolicy(type, dir, id)
- u_int16_t type;
- u_int8_t dir;
- u_int32_t id;
+key_setsadbxpolicy(
+ u_int16_t type,
+ u_int8_t dir,
+ u_int32_t id)
{
struct mbuf *m;
struct sadb_x_policy *p;
* copy a buffer into the new buffer allocated.
*/
static void *
-key_newbuf(src, len)
- const void *src;
- u_int len;
+key_newbuf(
+ const void *src,
+ u_int len)
{
caddr_t new;
- KMALLOC(new, caddr_t, len);
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ KMALLOC_NOWAIT(new, caddr_t, len);
if (new == NULL) {
- ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
- return NULL;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(new, caddr_t, len);
+ lck_mtx_lock(sadb_mutex);
+ if (new == NULL) {
+ ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
+ return NULL;
+ }
}
bcopy(src, new, len);
* 0: false
*/
int
-key_ismyaddr(sa)
- struct sockaddr *sa;
+key_ismyaddr(
+ struct sockaddr *sa)
{
#if INET
struct sockaddr_in *sin;
switch (sa->sa_family) {
#if INET
case AF_INET:
- lck_mtx_lock(rt_mtx);
- sin = (struct sockaddr_in *)sa;
+ lck_rw_lock_shared(in_ifaddr_rwlock);
+ sin = (struct sockaddr_in *)(void *)sa;
for (ia = in_ifaddrhead.tqh_first; ia;
- ia = ia->ia_link.tqe_next)
- {
+ ia = ia->ia_link.tqe_next) {
+ IFA_LOCK_SPIN(&ia->ia_ifa);
if (sin->sin_family == ia->ia_addr.sin_family &&
sin->sin_len == ia->ia_addr.sin_len &&
sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
{
- lck_mtx_unlock(rt_mtx);
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(in_ifaddr_rwlock);
return 1;
}
+ IFA_UNLOCK(&ia->ia_ifa);
}
- lck_mtx_unlock(rt_mtx);
+ lck_rw_done(in_ifaddr_rwlock);
break;
#endif
#if INET6
case AF_INET6:
- return key_ismyaddr6((struct sockaddr_in6 *)sa);
+ return key_ismyaddr6((struct sockaddr_in6 *)(void *)sa);
#endif
}
#include <netinet6/in6_var.h>
static int
-key_ismyaddr6(sin6)
- struct sockaddr_in6 *sin6;
+key_ismyaddr6(
+ struct sockaddr_in6 *sin6)
{
struct in6_ifaddr *ia;
struct in6_multi *in6m;
- lck_mtx_lock(nd6_mutex);
+ lck_rw_lock_shared(&in6_ifaddr_rwlock);
for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
+ IFA_LOCK(&ia->ia_ifa);
if (key_sockaddrcmp((struct sockaddr *)&sin6,
(struct sockaddr *)&ia->ia_addr, 0) == 0) {
- lck_mtx_unlock(nd6_mutex);
+ IFA_UNLOCK(&ia->ia_ifa);
+ lck_rw_done(&in6_ifaddr_rwlock);
return 1;
}
+ IFA_UNLOCK(&ia->ia_ifa);
/*
* XXX Multicast
* XXX scope
*/
in6m = NULL;
- IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
- if (in6m) {
- lck_mtx_unlock(nd6_mutex);
+ in6_multihead_lock_shared();
+ IN6_LOOKUP_MULTI(&sin6->sin6_addr, ia->ia_ifp, in6m);
+ in6_multihead_lock_done();
+ if (in6m != NULL) {
+ lck_rw_done(&in6_ifaddr_rwlock);
+ IN6M_REMREF(in6m);
return 1;
}
}
- lck_mtx_unlock(nd6_mutex);
+ lck_rw_done(&in6_ifaddr_rwlock);
/* loopback, just for safety */
if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
* 0 : not equal
*/
static int
-key_cmpsaidx(saidx0, saidx1, flag)
- struct secasindex *saidx0, *saidx1;
- int flag;
+key_cmpsaidx(
+ struct secasindex *saidx0,
+ struct secasindex *saidx1,
+ int flag)
{
/* sanity */
if (saidx0 == NULL && saidx1 == NULL)
} else {
/* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
- if (flag == CMP_MODE_REQID
- ||flag == CMP_REQID) {
+ if (flag & CMP_REQID) {
/*
* If reqid of SPD is non-zero, unique SA is required.
* The result must be of same reqid in this case.
return 0;
}
- if (flag == CMP_MODE_REQID) {
+ if (flag & CMP_MODE) {
if (saidx0->mode != IPSEC_MODE_ANY
&& saidx0->mode != saidx1->mode)
return 0;
}
if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
- (struct sockaddr *)&saidx1->src, 0) != 0) {
+ (struct sockaddr *)&saidx1->src, flag & CMP_PORT ? 1 : 0) != 0) {
return 0;
}
if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
- (struct sockaddr *)&saidx1->dst, 0) != 0) {
+ (struct sockaddr *)&saidx1->dst, flag & CMP_PORT ? 1 : 0) != 0) {
return 0;
}
}
* 0 : not equal
*/
static int
-key_cmpspidx_exactly(spidx0, spidx1)
- struct secpolicyindex *spidx0, *spidx1;
+key_cmpspidx_exactly(
+ struct secpolicyindex *spidx0,
+ struct secpolicyindex *spidx1)
{
/* sanity */
if (spidx0 == NULL && spidx1 == NULL)
* 0 : not equal
*/
static int
-key_cmpspidx_withmask(spidx0, spidx1)
- struct secpolicyindex *spidx0, *spidx1;
+key_cmpspidx_withmask(
+ struct secpolicyindex *spidx0,
+ struct secpolicyindex *spidx1)
{
/* sanity */
if (spidx0 == NULL && spidx1 == NULL)
/* returns 0 on match */
static int
-key_sockaddrcmp(sa1, sa2, port)
- struct sockaddr *sa1;
- struct sockaddr *sa2;
- int port;
+key_sockaddrcmp(
+ struct sockaddr *sa1,
+ struct sockaddr *sa2,
+ int port)
{
if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
return 1;
satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
return 1;
}
+ break;
default:
if (bcmp(sa1, sa2, sa1->sa_len) != 0)
return 1;
* 0 : not equal
*/
static int
-key_bbcmp(p1, p2, bits)
- caddr_t p1, p2;
- u_int bits;
+key_bbcmp(
+ caddr_t p1,
+ caddr_t p2,
+ u_int bits)
{
u_int8_t mask;
* and do to remove or to expire.
* XXX: year 2038 problem may remain.
*/
-
+int key_timehandler_debug = 0;
+u_int32_t spd_count = 0, sah_count = 0, dead_sah_count = 0, empty_sah_count = 0, larval_sav_count = 0, mature_sav_count = 0, dying_sav_count = 0, dead_sav_count = 0;
+u_int64_t total_sav_count = 0;
void
key_timehandler(void)
{
u_int dir;
- int s;
struct timeval tv;
-
+ struct secpolicy **spbuf = NULL, **spptr = NULL;
+ struct secasvar **savexbuf = NULL, **savexptr = NULL;
+ struct secasvar **savkabuf = NULL, **savkaptr = NULL;
+ int spbufcount = 0, savbufcount = 0, spcount = 0, savexcount = 0, savkacount = 0, cnt;
+
microtime(&tv);
+ /* pre-allocate buffers before taking the lock */
+ /* if allocation failures occur - portions of the processing will be skipped */
+ if ((spbufcount = ipsec_policy_count) != 0) {
+ spbufcount += 256;
+ KMALLOC_WAIT(spbuf, struct secpolicy **, spbufcount * sizeof(struct secpolicy *));
+ if (spbuf)
+ spptr = spbuf;
+ }
+ if ((savbufcount = ipsec_sav_count) != 0) {
+ savbufcount += 512;
+ KMALLOC_WAIT(savexbuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
+ if (savexbuf)
+ savexptr = savexbuf;
+ KMALLOC_WAIT(savkabuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
+ if (savkabuf)
+ savkaptr = savkabuf;
+ }
lck_mtx_lock(sadb_mutex);
/* SPD */
- {
- struct secpolicy *sp, *nextsp;
+ if (spbuf) {
- for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
- for (sp = LIST_FIRST(&sptree[dir]);
- sp != NULL;
- sp = nextsp) {
+ struct secpolicy *sp, *nextsp;
- nextsp = LIST_NEXT(sp, chain);
+ for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
+ for (sp = LIST_FIRST(&sptree[dir]);
+ sp != NULL;
+ sp = nextsp) {
- if (sp->state == IPSEC_SPSTATE_DEAD) {
- key_freesp(sp);
- continue;
- }
+ spd_count++;
+ nextsp = LIST_NEXT(sp, chain);
- if (sp->lifetime == 0 && sp->validtime == 0)
- continue;
+ if (sp->state == IPSEC_SPSTATE_DEAD) {
+ key_freesp(sp, KEY_SADB_LOCKED);
+ continue;
+ }
- /* the deletion will occur next time */
- if ((sp->lifetime
- && tv.tv_sec - sp->created > sp->lifetime)
- || (sp->validtime
- && tv.tv_sec - sp->lastused > sp->validtime)) {
- sp->state = IPSEC_SPSTATE_DEAD;
- key_spdexpire(sp);
- continue;
+ if (sp->lifetime == 0 && sp->validtime == 0)
+ continue;
+ if (spbuf && spcount < spbufcount) {
+ /* the deletion will occur next time */
+ if ((sp->lifetime
+ && tv.tv_sec - sp->created > sp->lifetime)
+ || (sp->validtime
+ && tv.tv_sec - sp->lastused > sp->validtime)) {
+ //key_spdexpire(sp);
+ sp->state = IPSEC_SPSTATE_DEAD;
+ sp->refcnt++;
+ *spptr++ = sp;
+ spcount++;
+ }
+ }
}
}
}
- }
/* SAD */
- {
- struct secashead *sah, *nextsah;
- struct secasvar *sav, *nextsav;
-
- for (sah = LIST_FIRST(&sahtree);
- sah != NULL;
- sah = nextsah) {
-
- nextsah = LIST_NEXT(sah, chain);
-
- /* if sah has been dead, then delete it and process next sah. */
- if (sah->state == SADB_SASTATE_DEAD) {
- key_delsah(sah);
- continue;
- }
-
- /* if LARVAL entry doesn't become MATURE, delete it. */
- for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
- sav != NULL;
- sav = nextsav) {
-
- nextsav = LIST_NEXT(sav, chain);
-
- if (tv.tv_sec - sav->created > key_larval_lifetime) {
- key_freesav(sav);
- }
- }
-
- /*
- * If this is a NAT traversal SA with no activity,
- * we need to send a keep alive.
- *
- * Performed outside of the loop before so we will
- * only ever send one keepalive. The first SA on
- * the list is the one that will be used for sending
- * traffic, so this is the one we use for determining
- * when to send the keepalive.
- */
- sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
- if (natt_keepalive_interval && sav && (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0 &&
- (natt_now - sav->natt_last_activity) >= natt_keepalive_interval) {
- ipsec_send_natt_keepalive(sav);
- }
-
- /*
- * check MATURE entry to start to send expire message
- * whether or not.
- */
- for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
- sav != NULL;
- sav = nextsav) {
-
- nextsav = LIST_NEXT(sav, chain);
-
- /* we don't need to check. */
- if (sav->lft_s == NULL)
+ if (savbufcount != 0) {
+ struct secashead *sah, *nextsah;
+ struct secasvar *sav, *nextsav;
+
+ for (sah = LIST_FIRST(&sahtree);
+ sah != NULL;
+ sah = nextsah) {
+
+ sah_count++;
+ nextsah = LIST_NEXT(sah, chain);
+
+ /* if sah has been dead, then delete it and process next sah. */
+ if (sah->state == SADB_SASTATE_DEAD) {
+ key_delsah(sah);
+ dead_sah_count++;
continue;
+ }
- /* sanity check */
- if (sav->lft_c == NULL) {
- ipseclog((LOG_DEBUG,"key_timehandler: "
- "There is no CURRENT time, why?\n"));
+ if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL &&
+ LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL &&
+ LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL &&
+ LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) {
+ key_delsah(sah);
+ empty_sah_count++;
continue;
}
- /* check SOFT lifetime */
- if (sav->lft_s->sadb_lifetime_addtime != 0
- && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
+ /* if LARVAL entry doesn't become MATURE, delete it. */
+ for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
+ sav != NULL;
+ sav = nextsav) {
+
+ larval_sav_count++;
+ total_sav_count++;
+ nextsav = LIST_NEXT(sav, chain);
+
+ if (tv.tv_sec - sav->created > key_larval_lifetime) {
+ key_freesav(sav, KEY_SADB_LOCKED);
+ }
+ }
+
+ /*
+ * If this is a NAT traversal SA with no activity,
+ * we need to send a keep alive.
+ *
+ * Performed outside of the loop before so we will
+ * only ever send one keepalive. The first SA on
+ * the list is the one that will be used for sending
+ * traffic, so this is the one we use for determining
+ * when to send the keepalive.
+ */
+ if (savkabuf && savkacount < savbufcount) {
+ sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this is empty???
+ if (natt_keepalive_interval && sav &&
+ (sav->flags & (SADB_X_EXT_NATT_KEEPALIVE | SADB_X_EXT_ESP_KEEPALIVE)) != 0) {
+ sav->refcnt++;
+ *savkaptr++ = sav;
+ savkacount++;
+ }
+ }
+
+ /*
+ * check MATURE entry to start to send expire message
+ * whether or not.
+ */
+ for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
+ sav != NULL;
+ sav = nextsav) {
+
+ mature_sav_count++;
+ total_sav_count++;
+ nextsav = LIST_NEXT(sav, chain);
+
+ /* we don't need to check. */
+ if (sav->lft_s == NULL)
+ continue;
+
+ /* sanity check */
+ if (sav->lft_c == NULL) {
+ ipseclog((LOG_DEBUG,"key_timehandler: "
+ "There is no CURRENT time, why?\n"));
+ continue;
+ }
+
+ /* check SOFT lifetime */
+ if (sav->lft_s->sadb_lifetime_addtime != 0
+ && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
+ /*
+ * check the SA if it has been used.
+ * when it hasn't been used, delete it.
+ * i don't think such SA will be used.
+ */
+ if (sav->lft_c->sadb_lifetime_usetime == 0) {
+ key_sa_chgstate(sav, SADB_SASTATE_DEAD);
+ key_freesav(sav, KEY_SADB_LOCKED);
+ sav = NULL;
+ } else if (savexbuf && savexcount < savbufcount) {
+ key_sa_chgstate(sav, SADB_SASTATE_DYING);
+ sav->refcnt++;
+ *savexptr++ = sav;
+ savexcount++;
+ }
+ }
+
+ /* check SOFT lifetime by bytes */
/*
- * check the SA if it has been used.
- * when it hasn't been used, delete it.
- * i don't think such SA will be used.
+ * XXX I don't know the way to delete this SA
+ * when new SA is installed. Caution when it's
+ * installed too big lifetime by time.
*/
- if (sav->lft_c->sadb_lifetime_usetime == 0) {
+ else if (savexbuf && savexcount < savbufcount
+ && sav->lft_s->sadb_lifetime_bytes != 0
+ && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
+
+ /*
+ * XXX If we keep to send expire
+ * message in the status of
+ * DYING. Do remove below code.
+ */
+ //key_expire(sav);
+ key_sa_chgstate(sav, SADB_SASTATE_DYING);
+ sav->refcnt++;
+ *savexptr++ = sav;
+ savexcount++;
+ }
+ }
+
+ /* check DYING entry to change status to DEAD. */
+ for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
+ sav != NULL;
+ sav = nextsav) {
+
+ dying_sav_count++;
+ total_sav_count++;
+ nextsav = LIST_NEXT(sav, chain);
+
+ /* we don't need to check. */
+ if (sav->lft_h == NULL)
+ continue;
+
+ /* sanity check */
+ if (sav->lft_c == NULL) {
+ ipseclog((LOG_DEBUG, "key_timehandler: "
+ "There is no CURRENT time, why?\n"));
+ continue;
+ }
+
+ if (sav->lft_h->sadb_lifetime_addtime != 0
+ && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
sav = NULL;
- } else {
- key_sa_chgstate(sav, SADB_SASTATE_DYING);
+ }
+#if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
+ else if (savbuf && savexcount < savbufcount
+ && sav->lft_s != NULL
+ && sav->lft_s->sadb_lifetime_addtime != 0
+ && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
/*
- * XXX If we keep to send expire
- * message in the status of
- * DYING. Do remove below code.
+ * XXX: should be checked to be
+ * installed the valid SA.
+ */
+
+ /*
+ * If there is no SA then sending
+ * expire message.
*/
- key_expire(sav);
+ //key_expire(sav);
+ sav->refcnt++;
+ *savexptr++ = sav;
+ savexcount++;
+ }
+#endif
+ /* check HARD lifetime by bytes */
+ else if (sav->lft_h->sadb_lifetime_bytes != 0
+ && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
+ key_sa_chgstate(sav, SADB_SASTATE_DEAD);
+ key_freesav(sav, KEY_SADB_LOCKED);
+ sav = NULL;
}
}
-
- /* check SOFT lifetime by bytes */
- /*
- * XXX I don't know the way to delete this SA
- * when new SA is installed. Caution when it's
- * installed too big lifetime by time.
- */
- else if (sav->lft_s->sadb_lifetime_bytes != 0
- && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
-
- key_sa_chgstate(sav, SADB_SASTATE_DYING);
- /*
- * XXX If we keep to send expire
- * message in the status of
- * DYING. Do remove below code.
- */
- key_expire(sav);
- }
- }
-
- /* check DYING entry to change status to DEAD. */
- for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
- sav != NULL;
- sav = nextsav) {
-
- nextsav = LIST_NEXT(sav, chain);
-
- /* we don't need to check. */
- if (sav->lft_h == NULL)
- continue;
-
- /* sanity check */
- if (sav->lft_c == NULL) {
- ipseclog((LOG_DEBUG, "key_timehandler: "
- "There is no CURRENT time, why?\n"));
- continue;
- }
-
- if (sav->lft_h->sadb_lifetime_addtime != 0
- && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
- key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
- sav = NULL;
- }
-#if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
- else if (sav->lft_s != NULL
- && sav->lft_s->sadb_lifetime_addtime != 0
- && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
- /*
- * XXX: should be checked to be
- * installed the valid SA.
- */
-
+
+ /* delete entry in DEAD */
+ for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
+ sav != NULL;
+ sav = nextsav) {
+
+ dead_sav_count++;
+ total_sav_count++;
+ nextsav = LIST_NEXT(sav, chain);
+
+ /* sanity check */
+ if (sav->state != SADB_SASTATE_DEAD) {
+ ipseclog((LOG_DEBUG, "key_timehandler: "
+ "invalid sav->state "
+ "(queue: %d SA: %d): "
+ "kill it anyway\n",
+ SADB_SASTATE_DEAD, sav->state));
+ }
+
/*
- * If there is no SA then sending
- * expire message.
+ * do not call key_freesav() here.
+ * sav should already be freed, and sav->refcnt
+ * shows other references to sav
+ * (such as from SPD).
*/
- key_expire(sav);
- }
-#endif
- /* check HARD lifetime by bytes */
- else if (sav->lft_h->sadb_lifetime_bytes != 0
- && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
- key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
- sav = NULL;
- }
- }
-
- /* delete entry in DEAD */
- for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
- sav != NULL;
- sav = nextsav) {
-
- nextsav = LIST_NEXT(sav, chain);
-
- /* sanity check */
- if (sav->state != SADB_SASTATE_DEAD) {
- ipseclog((LOG_DEBUG, "key_timehandler: "
- "invalid sav->state "
- "(queue: %d SA: %d): "
- "kill it anyway\n",
- SADB_SASTATE_DEAD, sav->state));
}
-
- /*
- * do not call key_freesav() here.
- * sav should already be freed, and sav->refcnt
- * shows other references to sav
- * (such as from SPD).
- */
}
- }
- }
-
+ }
+
+ if (++key_timehandler_debug >= 300) {
+ if (key_debug_level) {
+ printf("%s: total stats for %u calls\n", __FUNCTION__, key_timehandler_debug);
+ printf("%s: walked %u SPDs\n", __FUNCTION__, spd_count);
+ printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__,
+ total_sav_count, larval_sav_count, mature_sav_count, dying_sav_count, dead_sav_count);
+ printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__,
+ sah_count, dead_sah_count, empty_sah_count);
+ if (sah_search_calls) {
+ printf("%s: SAH search cost %d iters per call\n", __FUNCTION__,
+ (sah_search_count/sah_search_calls));
+ }
+ }
+ spd_count = 0;
+ sah_count = 0;
+ dead_sah_count = 0;
+ empty_sah_count = 0;
+ larval_sav_count = 0;
+ mature_sav_count = 0;
+ dying_sav_count = 0;
+ dead_sav_count = 0;
+ total_sav_count = 0;
+ sah_search_count = 0;
+ sah_search_calls = 0;
+ key_timehandler_debug = 0;
+ }
#ifndef IPSEC_NONBLOCK_ACQUIRE
/* ACQ tree */
{
natt_now++;
lck_mtx_unlock(sadb_mutex);
+
+ /* send messages outside of sadb_mutex */
+ if (spbuf && spcount > 0) {
+ cnt = spcount;
+ while (cnt--)
+ key_spdexpire(*(--spptr));
+ }
+ if (savkabuf && savkacount > 0) {
+ struct secasvar **savkaptr_sav = savkaptr;
+ int cnt_send = savkacount;
+
+ while (cnt_send--) {
+ if (ipsec_send_natt_keepalive(*(--savkaptr))) {
+ // <rdar://6768487> iterate (all over again) and update timestamps
+ struct secasvar **savkaptr_update = savkaptr_sav;
+ int cnt_update = savkacount;
+ while (cnt_update--) {
+ key_update_natt_keepalive_timestamp(*savkaptr,
+ *(--savkaptr_update));
+ }
+ }
+ }
+ }
+ if (savexbuf && savexcount > 0) {
+ cnt = savexcount;
+ while (cnt--)
+ key_expire(*(--savexptr));
+ }
+
+ /* decrement ref counts and free buffers */
+ lck_mtx_lock(sadb_mutex);
+ if (spbuf) {
+ while (spcount--)
+ key_freesp(*spptr++, KEY_SADB_LOCKED);
+ KFREE(spbuf);
+ }
+ if (savkabuf) {
+ while (savkacount--)
+ key_freesav(*savkaptr++, KEY_SADB_LOCKED);
+ KFREE(savkabuf);
+ }
+ if (savexbuf) {
+ while (savexcount--)
+ key_freesav(*savexptr++, KEY_SADB_LOCKED);
+ KFREE(savexbuf);
+ }
+ lck_mtx_unlock(sadb_mutex);
+
+
#ifndef IPSEC_DEBUG2
/* do exchange to tick time !! */
(void)timeout((void *)key_timehandler, (void *)0, hz);
* to initialize a seed for random()
*/
static void
-key_srandom()
+key_srandom(void)
{
#ifdef __APPLE__
/* Our PRNG is based on Yarrow and doesn't need to be seeded */
return;
}
-u_long
-key_random()
+u_int32_t
+key_random(void)
{
- u_long value;
+ u_int32_t value;
key_randomfill(&value, sizeof(value));
return value;
}
void
-key_randomfill(p, l)
- void *p;
- size_t l;
+key_randomfill(
+ void *p,
+ size_t l)
{
- size_t n;
- u_long v;
- static int warn = 1;
#ifdef __APPLE__
read_random(p, (u_int)l);
#else
+ size_t n;
+ u_int32_t v;
+ static int warn = 1;
+
n = 0;
n = (size_t)read_random(p, (u_int)l);
/* last resort */
* 0: invalid satype.
*/
static u_int16_t
-key_satype2proto(satype)
- u_int8_t satype;
+key_satype2proto(
+ u_int8_t satype)
{
switch (satype) {
case SADB_SATYPE_UNSPEC:
* 0: invalid protocol type.
*/
static u_int8_t
-key_proto2satype(proto)
- u_int16_t proto;
+key_proto2satype(
+ u_int16_t proto)
{
switch (proto) {
case IPPROTO_AH:
* other if success, return pointer to the message to send.
*/
static int
-key_getspi(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_getspi(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_address *src0, *dst0;
struct secasindex saidx;
u_int32_t reqid;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_getspi: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
- mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
- reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
+ mode = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
+ reqid = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
} else {
mode = IPSEC_MODE_ANY;
reqid = 0;
if (((struct sockaddr *)(src0 + 1))->sa_len !=
sizeof(struct sockaddr_in))
return key_senderror(so, m, EINVAL);
- ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
+ ((struct sockaddr_in *)(void *)(src0 + 1))->sin_port = 0;
break;
case AF_INET6:
if (((struct sockaddr *)(src0 + 1))->sa_len !=
sizeof(struct sockaddr_in6))
return key_senderror(so, m, EINVAL);
- ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
+ ((struct sockaddr_in6 *)(void *)(src0 + 1))->sin6_port = 0;
break;
default:
; /*???*/
if (((struct sockaddr *)(dst0 + 1))->sa_len !=
sizeof(struct sockaddr_in))
return key_senderror(so, m, EINVAL);
- ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
+ ((struct sockaddr_in *)(void *)(dst0 + 1))->sin_port = 0;
break;
case AF_INET6:
if (((struct sockaddr *)(dst0 + 1))->sa_len !=
sizeof(struct sockaddr_in6))
return key_senderror(so, m, EINVAL);
- ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
+ ((struct sockaddr_in6 *)(void *)(dst0 + 1))->sin6_port = 0;
break;
default:
; /*???*/
/* XXX boundary check against sa_len */
KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
+ lck_mtx_lock(sadb_mutex);
+
/* SPI allocation */
- spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
- &saidx);
- if (spi == 0)
+ spi = key_do_getnewspi((struct sadb_spirange *)
+ (void *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
+ if (spi == 0) {
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, EINVAL);
+ }
/* get a SA index */
if ((newsah = key_getsah(&saidx)) == NULL) {
- /* create a new SA index */
- if ((newsah = key_newsah(&saidx)) == NULL) {
+ /* create a new SA index: key_addspi is always used for inbound spi */
+ if ((newsah = key_newsah(&saidx, IPSEC_DIR_INBOUND)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
return key_senderror(so, m, ENOBUFS);
}
newsav = key_newsav(m, mhp, newsah, &error);
if (newsav == NULL) {
/* XXX don't free new SA index allocated in above. */
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
}
#endif
+ lck_mtx_unlock(sadb_mutex);
+
{
struct mbuf *n, *nn;
struct sadb_sa *m_sa;
if (len > MCLBYTES)
return key_senderror(so, m, ENOBUFS);
- MGETHDR(n, M_DONTWAIT, MT_DATA);
- if (len > MHLEN) {
- MCLGET(n, M_DONTWAIT);
+ MGETHDR(n, M_WAITOK, MT_DATA);
+ if (n && len > MHLEN) {
+ MCLGET(n, M_WAITOK);
if ((n->m_flags & M_EXT) == 0) {
m_freem(n);
n = NULL;
m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
- m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
+ m_sa = (struct sadb_sa *)(void *)(mtod(n, caddr_t) + off);
m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
m_sa->sadb_sa_exttype = SADB_EXT_SA;
m_sa->sadb_sa_spi = htonl(spi);
}
}
+u_int32_t
+key_getspi2(struct sockaddr *src,
+ struct sockaddr *dst,
+ u_int8_t proto,
+ u_int8_t mode,
+ u_int32_t reqid,
+ struct sadb_spirange *spirange)
+{
+ u_int32_t spi;
+ struct secasindex saidx;
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ /* XXX boundary check against sa_len */
+ KEY_SETSECASIDX(proto, mode, reqid, src, dst, &saidx);
+
+ /* make sure if port number is zero. */
+ switch (((struct sockaddr *)&saidx.src)->sa_family) {
+ case AF_INET:
+ if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in))
+ return 0;
+ ((struct sockaddr_in *)&saidx.src)->sin_port = 0;
+ break;
+ case AF_INET6:
+ if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in6))
+ return 0;
+ ((struct sockaddr_in6 *)&saidx.src)->sin6_port = 0;
+ break;
+ default:
+ ; /*???*/
+ }
+ switch (((struct sockaddr *)&saidx.dst)->sa_family) {
+ case AF_INET:
+ if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in))
+ return 0;
+ ((struct sockaddr_in *)&saidx.dst)->sin_port = 0;
+ break;
+ case AF_INET6:
+ if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in6))
+ return 0;
+ ((struct sockaddr_in6 *)&saidx.dst)->sin6_port = 0;
+ break;
+ default:
+ ; /*???*/
+ }
+
+ lck_mtx_lock(sadb_mutex);
+
+ /* SPI allocation */
+ spi = key_do_getnewspi(spirange, &saidx);
+
+ lck_mtx_unlock(sadb_mutex);
+
+ return spi;
+}
+
/*
* allocating new SPI
- * called by key_getspi().
+ * called by key_getspi() and key_getspi2().
* OUT:
* 0: failure.
* others: success.
*/
static u_int32_t
-key_do_getnewspi(spirange, saidx)
- struct sadb_spirange *spirange;
- struct secasindex *saidx;
+key_do_getnewspi(
+ struct sadb_spirange *spirange,
+ struct secasindex *saidx)
{
u_int32_t newspi;
- u_int32_t min, max;
+ u_int32_t keymin, keymax;
int count = key_spi_trycnt;
lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* set spi range to allocate */
if (spirange != NULL) {
- min = spirange->sadb_spirange_min;
- max = spirange->sadb_spirange_max;
+ keymin = spirange->sadb_spirange_min;
+ keymax = spirange->sadb_spirange_max;
} else {
- min = key_spi_minval;
- max = key_spi_maxval;
+ keymin = key_spi_minval;
+ keymax = key_spi_maxval;
}
/* IPCOMP needs 2-byte SPI */
if (saidx->proto == IPPROTO_IPCOMP) {
u_int32_t t;
- if (min >= 0x10000)
- min = 0xffff;
- if (max >= 0x10000)
- max = 0xffff;
- if (min > max) {
- t = min; min = max; max = t;
+ if (keymin >= 0x10000)
+ keymin = 0xffff;
+ if (keymax >= 0x10000)
+ keymax = 0xffff;
+ if (keymin > keymax) {
+ t = keymin; keymin = keymax; keymax = t;
}
}
- if (min == max) {
- if (key_checkspidup(saidx, min) != NULL) {
- ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
+ if (keymin == keymax) {
+ if (key_checkspidup(saidx, keymin) != NULL) {
+ ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", keymin));
return 0;
}
count--; /* taking one cost. */
- newspi = min;
+ newspi = keymin;
} else {
+
+ u_int32_t range = keymax - keymin + 1; /* overflow value of zero means full range */
/* init SPI */
newspi = 0;
/* when requesting to allocate spi ranged */
while (count--) {
+ u_int32_t rand_val = key_random();
+
/* generate pseudo-random SPI value ranged. */
- newspi = min + (key_random() % (max - min + 1));
+ newspi = (range == 0 ? rand_val : keymin + (rand_val % range));
if (key_checkspidup(saidx, newspi) == NULL)
break;
* m will always be freed.
*/
static int
-key_update(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_update(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_sa *sa0;
struct sadb_address *src0, *dst0;
u_int32_t reqid;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_update: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
- mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
- reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
+ mode = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
+ reqid = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
} else {
mode = IPSEC_MODE_ANY;
reqid = 0;
}
/* XXX boundary checking for other extensions */
- sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
/* XXX boundary check against sa_len */
KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
+ lck_mtx_lock(sadb_mutex);
+
/* get a SA header */
if ((sah = key_getsah(&saidx)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
return key_senderror(so, m, ENOENT);
}
/* set spidx if there */
/* XXX rewrite */
error = key_setident(sah, m, mhp);
- if (error)
+ if (error) {
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
+ }
/* find a SA with sequence number. */
#if IPSEC_DOSEQCHECK
if (mhp->msg->sadb_msg_seq != 0
&& (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG,
"key_update: no larval SA with sequence %u exists.\n",
mhp->msg->sadb_msg_seq));
}
#else
if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG,
"key_update: no such a SA found (spi:%u)\n",
(u_int32_t)ntohl(sa0->sadb_sa_spi)));
/* validity check */
if (sav->sah->saidx.proto != proto) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG,
"key_update: protocol mismatched (DB=%u param=%u)\n",
sav->sah->saidx.proto, proto));
}
#if IPSEC_DOSEQCHECK
if (sav->spi != sa0->sadb_sa_spi) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG,
"key_update: SPI mismatched (DB:%u param:%u)\n",
(u_int32_t)ntohl(sav->spi),
}
#endif
if (sav->pid != mhp->msg->sadb_msg_pid) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG,
"key_update: pid mismatched (DB:%u param:%u)\n",
sav->pid, mhp->msg->sadb_msg_pid));
/* copy sav values */
error = key_setsaval(sav, m, mhp);
if (error) {
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
+
+ /*
+ * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
+ * this SA is for transport mode - otherwise clear it.
+ */
+ if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
+ (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
+ sav->sah->saidx.src.ss_family != AF_INET))
+ sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
/* check SA values to be mature. */
if ((error = key_mature(sav)) != 0) {
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
-
+
+ lck_mtx_unlock(sadb_mutex);
+
{
struct mbuf *n;
*/
#if IPSEC_DOSEQCHECK
static struct secasvar *
-key_getsavbyseq(sah, seq)
- struct secashead *sah;
- u_int32_t seq;
+key_getsavbyseq(
+ struct secashead *sah,
+ u_int32_t seq)
{
struct secasvar *sav;
u_int state;
* m will always be freed.
*/
static int
-key_add(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_add(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_sa *sa0;
struct sadb_address *src0, *dst0;
u_int32_t reqid;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_add: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
- mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
- reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
+ mode = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
+ reqid = ((struct sadb_x_sa2 *)
+ (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
} else {
mode = IPSEC_MODE_ANY;
reqid = 0;
}
- sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
/* XXX boundary check against sa_len */
KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
+ lck_mtx_lock(sadb_mutex);
+
/* get a SA header */
if ((newsah = key_getsah(&saidx)) == NULL) {
- /* create a new SA header */
- if ((newsah = key_newsah(&saidx)) == NULL) {
+ /* create a new SA header: key_addspi is always used for outbound spi */
+ if ((newsah = key_newsah(&saidx, IPSEC_DIR_OUTBOUND)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
return key_senderror(so, m, ENOBUFS);
}
/* XXX rewrite */
error = key_setident(newsah, m, mhp);
if (error) {
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
/* create new SA entry. */
- /* We can create new SA only if SPI is differenct. */
+ /* We can create new SA only if SPI is different. */
if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
return key_senderror(so, m, EEXIST);
}
newsav = key_newsav(m, mhp, newsah, &error);
if (newsav == NULL) {
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
+ /*
+ * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
+ * this SA is for transport mode - otherwise clear it.
+ */
+ if ((newsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
+ (newsah->saidx.mode != IPSEC_MODE_TRANSPORT ||
+ newsah->saidx.dst.ss_family != AF_INET))
+ newsav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
+
/* check SA values to be mature. */
if ((error = key_mature(newsav)) != 0) {
- key_freesav(newsav);
+ key_freesav(newsav, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
return key_senderror(so, m, error);
}
+ lck_mtx_unlock(sadb_mutex);
+
/*
* don't call key_freesav() here, as we would like to keep the SA
* in the database on success.
/* m is retained */
static int
-key_setident(sah, m, mhp)
- struct secashead *sah;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_setident(
+ struct secashead *sah,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
const struct sadb_ident *idsrc, *iddst;
int idsrclen, iddstlen;
return EINVAL;
}
- idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
- iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
+ idsrc = (const struct sadb_ident *)
+ (void *)mhp->ext[SADB_EXT_IDENTITY_SRC];
+ iddst = (const struct sadb_ident *)
+ (void *)mhp->ext[SADB_EXT_IDENTITY_DST];
idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
}
/* make structure */
- KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
+ KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
if (sah->idents == NULL) {
- ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
- return ENOBUFS;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
+ lck_mtx_lock(sadb_mutex);
+ if (sah->idents == NULL) {
+ ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
+ return ENOBUFS;
+ }
}
- KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
+ KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
if (sah->identd == NULL) {
- KFREE(sah->idents);
- sah->idents = NULL;
- ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
- return ENOBUFS;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
+ lck_mtx_lock(sadb_mutex);
+ if (sah->identd == NULL) {
+ KFREE(sah->idents);
+ sah->idents = NULL;
+ ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
+ return ENOBUFS;
+ }
}
bcopy(idsrc, sah->idents, idsrclen);
bcopy(iddst, sah->identd, iddstlen);
* it is caller's responsibility to free the result.
*/
static struct mbuf *
-key_getmsgbuf_x1(m, mhp)
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_getmsgbuf_x1(
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct mbuf *n;
int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
* m will always be freed.
*/
static int
-key_delete(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_delete(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_sa *sa0;
struct sadb_address *src0, *dst0;
struct secasvar *sav = NULL;
u_int16_t proto;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_delete: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
+ lck_mtx_lock(sadb_mutex);
+
if (mhp->ext[SADB_EXT_SA] == NULL) {
/*
* Caller wants us to delete all non-LARVAL SAs
* IKE INITIAL-CONTACT.
*/
ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
- return key_delete_all(so, m, mhp, proto);
+ /* key_delete_all will unlock sadb_mutex */
+ return key_delete_all(so, m, mhp, proto);
} else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
}
- sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
break;
}
if (sah == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
return key_senderror(so, m, ENOENT);
}
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
+
+ lck_mtx_unlock(sadb_mutex);
sav = NULL;
{
* delete all SAs for src/dst. Called from key_delete().
*/
static int
-key_delete_all(so, m, mhp, proto)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
- u_int16_t proto;
+key_delete_all(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp,
+ u_int16_t proto)
{
struct sadb_address *src0, *dst0;
struct secasindex saidx;
}
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
}
}
}
+ lck_mtx_unlock(sadb_mutex);
+
{
struct mbuf *n;
struct sadb_msg *newmsg;
* m will always be freed.
*/
static int
-key_get(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_get(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_sa *sa0;
struct sadb_address *src0, *dst0;
struct secasvar *sav = NULL;
u_int16_t proto;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_get: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
- sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
+ sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
/* XXX boundary check against sa_len */
KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
+ lck_mtx_lock(sadb_mutex);
+
/* get a SA header */
LIST_FOREACH(sah, &sahtree, chain) {
if (sah->state == SADB_SASTATE_DEAD)
break;
}
if (sah == NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
return key_senderror(so, m, ENOENT);
}
/* map proto to satype */
if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
return key_senderror(so, m, EINVAL);
}
+ lck_mtx_unlock(sadb_mutex);
/* create new sadb_msg to reply. */
n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
mhp->msg->sadb_msg_pid);
+
+
+
if (!n)
return key_senderror(so, m, ENOBUFS);
}
}
+/*
+ * get SA stats by spi.
+ * OUT: -1 : not found
+ * 0 : found, arg pointer to a SA stats is updated.
+ */
+static int
+key_getsastatbyspi_one (u_int32_t spi,
+ struct sastat *stat)
+{
+ struct secashead *sah;
+ struct secasvar *sav = NULL;
+
+ if ((void *)stat == NULL) {
+ return -1;
+ }
+
+ lck_mtx_lock(sadb_mutex);
+
+ /* get a SA header */
+ LIST_FOREACH(sah, &sahtree, chain) {
+ if (sah->state == SADB_SASTATE_DEAD)
+ continue;
+
+ /* get a SA with SPI. */
+ sav = key_getsavbyspi(sah, spi);
+ if (sav) {
+ stat->spi = sav->spi;
+ stat->created = sav->created;
+ if (sav->lft_c) {
+ bcopy(sav->lft_c,&stat->lft_c, sizeof(stat->lft_c));
+ } else {
+ bzero(&stat->lft_c, sizeof(stat->lft_c));
+ }
+ lck_mtx_unlock(sadb_mutex);
+ return 0;
+ }
+ }
+
+ lck_mtx_unlock(sadb_mutex);
+
+ return -1;
+}
+
+/*
+ * get SA stats collection by indices.
+ * OUT: -1 : not found
+ * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
+ */
+static int
+key_getsastatbyspi (struct sastat *stat_arg,
+ u_int32_t max_stat_arg,
+ struct sastat *stat_res,
+ u_int32_t *max_stat_res)
+{
+ int cur, found = 0;
+
+ if (stat_arg == NULL ||
+ stat_res == NULL ||
+ max_stat_res == NULL) {
+ return -1;
+ }
+
+ for (cur = 0; cur < max_stat_arg; cur++) {
+ if (key_getsastatbyspi_one(stat_arg[cur].spi,
+ &stat_res[found]) == 0) {
+ found++;
+ }
+ }
+ *max_stat_res = found;
+
+ if (found) {
+ return 0;
+ }
+ return -1;
+}
+
/* XXX make it sysctl-configurable? */
static void
-key_getcomb_setlifetime(comb)
- struct sadb_comb *comb;
+key_getcomb_setlifetime(
+ struct sadb_comb *comb)
{
comb->sadb_comb_soft_allocations = 1;
* XXX no idea if the user wants ESP authentication or not
*/
static struct mbuf *
-key_getcomb_esp()
+key_getcomb_esp(void)
{
struct sadb_comb *comb;
const struct esp_algorithm *algo;
if (l > MLEN)
panic("assumption failed in key_getcomb_esp");
#endif
- MGET(m, M_DONTWAIT, MT_DATA);
+ MGET(m, M_WAITOK, MT_DATA);
if (m) {
M_ALIGN(m, l);
m->m_len = l;
/* m is already freed */
goto fail;
}
- comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
+ comb = (struct sadb_comb *)
+ (void *)(mtod(n, caddr_t) + o);
bzero(comb, sizeof(*comb));
key_getcomb_setlifetime(comb);
comb->sadb_comb_encrypt = i;
* XXX reorder combinations by preference
*/
static struct mbuf *
-key_getcomb_ah()
+key_getcomb_ah(void)
{
struct sadb_comb *comb;
const struct ah_algorithm *algo;
struct mbuf *m;
- int min;
+ int keymin;
int i;
const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
if (algo->keymax < ipsec_ah_keymin)
continue;
if (algo->keymin < ipsec_ah_keymin)
- min = ipsec_ah_keymin;
+ keymin = ipsec_ah_keymin;
else
- min = algo->keymin;
+ keymin = algo->keymin;
if (!m) {
#if DIAGNOSTIC
if (l > MLEN)
panic("assumption failed in key_getcomb_ah");
#endif
- MGET(m, M_DONTWAIT, MT_DATA);
+ MGET(m, M_WAITOK, MT_DATA);
if (m) {
M_ALIGN(m, l);
m->m_len = l;
m->m_next = NULL;
}
} else
- M_PREPEND(m, l, M_DONTWAIT);
+ M_PREPEND(m, l, M_WAITOK);
if (!m)
return NULL;
bzero(comb, sizeof(*comb));
key_getcomb_setlifetime(comb);
comb->sadb_comb_auth = i;
- comb->sadb_comb_auth_minbits = min;
+ comb->sadb_comb_auth_minbits = keymin;
comb->sadb_comb_auth_maxbits = algo->keymax;
}
* XXX reorder combinations by preference
*/
static struct mbuf *
-key_getcomb_ipcomp()
+key_getcomb_ipcomp(void)
{
struct sadb_comb *comb;
const struct ipcomp_algorithm *algo;
if (l > MLEN)
panic("assumption failed in key_getcomb_ipcomp");
#endif
- MGET(m, M_DONTWAIT, MT_DATA);
+ MGET(m, M_WAITOK, MT_DATA);
if (m) {
M_ALIGN(m, l);
m->m_len = l;
m->m_next = NULL;
}
} else
- M_PREPEND(m, l, M_DONTWAIT);
+ M_PREPEND(m, l, M_WAITOK);
if (!m)
return NULL;
* XXX sysctl interface to ipsec_{ah,esp}_keymin
*/
static struct mbuf *
-key_getprop(saidx)
- const struct secasindex *saidx;
+key_getprop(
+ const struct secasindex *saidx)
{
struct sadb_prop *prop;
struct mbuf *m, *n;
if (!m)
return NULL;
- M_PREPEND(m, l, M_DONTWAIT);
+ M_PREPEND(m, l, M_WAITOK);
if (!m)
return NULL;
* others: error number
*/
static int
-key_acquire(saidx, sp)
- struct secasindex *saidx;
- struct secpolicy *sp;
+key_acquire(
+ struct secasindex *saidx,
+ struct secpolicy *sp)
{
struct mbuf *result = NULL, *m;
#ifndef IPSEC_NONBLOCK_ACQUIRE
int error = -1;
u_int32_t seq;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (saidx == NULL)
panic("key_acquire: NULL pointer is passed.\n");
* managed with ACQUIRING list.
*/
/* get a entry to check whether sending message or not. */
+ lck_mtx_lock(sadb_mutex);
if ((newacq = key_getacq(saidx)) != NULL) {
if (key_blockacq_count < newacq->count) {
/* reset counter and do send message. */
} else {
/* increment counter and do nothing. */
newacq->count++;
+ lck_mtx_unlock(sadb_mutex);
return 0;
}
} else {
/* make new entry for blocking to send SADB_ACQUIRE. */
- if ((newacq = key_newacq(saidx)) == NULL)
+ if ((newacq = key_newacq(saidx)) == NULL) {
+ lck_mtx_unlock(sadb_mutex);
return ENOBUFS;
+ }
/* add to acqtree */
LIST_INSERT_HEAD(&acqtree, newacq, chain);
}
-#endif
-
-
-#ifndef IPSEC_NONBLOCK_ACQUIRE
seq = newacq->seq;
+ lck_mtx_unlock(sadb_mutex);
+
#else
seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
#endif
}
m_cat(result, m);
}
-
+
/* XXX identity (optional) */
#if 0
if (idexttype && fqdn) {
#ifndef IPSEC_NONBLOCK_ACQUIRE
static struct secacq *
-key_newacq(saidx)
- struct secasindex *saidx;
+key_newacq(
+ struct secasindex *saidx)
{
struct secacq *newacq;
struct timeval tv;
/* get new entry */
- KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
+ KMALLOC_NOWAIT(newacq, struct secacq *, sizeof(struct secacq));
if (newacq == NULL) {
- ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
- return NULL;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(newacq, struct secacq *, sizeof(struct secacq));
+ lck_mtx_lock(sadb_mutex);
+ if (newacq == NULL) {
+ ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
+ return NULL;
+ }
}
bzero(newacq, sizeof(*newacq));
}
static struct secacq *
-key_getacq(saidx)
- struct secasindex *saidx;
+key_getacq(
+ struct secasindex *saidx)
{
struct secacq *acq;
}
static struct secacq *
-key_getacqbyseq(seq)
- u_int32_t seq;
+key_getacqbyseq(
+ u_int32_t seq)
{
struct secacq *acq;
#endif
static struct secspacq *
-key_newspacq(spidx)
- struct secpolicyindex *spidx;
+key_newspacq(
+ struct secpolicyindex *spidx)
{
struct secspacq *acq;
struct timeval tv;
/* get new entry */
- KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
+ KMALLOC_NOWAIT(acq, struct secspacq *, sizeof(struct secspacq));
if (acq == NULL) {
- ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
- return NULL;
+ lck_mtx_unlock(sadb_mutex);
+ KMALLOC_WAIT(acq, struct secspacq *, sizeof(struct secspacq));
+ lck_mtx_lock(sadb_mutex);
+ if (acq == NULL) {
+ ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
+ return NULL;
+ }
}
bzero(acq, sizeof(*acq));
}
static struct secspacq *
-key_getspacq(spidx)
- struct secpolicyindex *spidx;
+key_getspacq(
+ struct secpolicyindex *spidx)
{
struct secspacq *acq;
* m will always be freed.
*/
static int
-key_acquire2(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_acquire2(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
const struct sadb_address *src0, *dst0;
struct secasindex saidx;
u_int16_t proto;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
* message is equal to the size of sadb_msg structure.
* We do not raise error even if error occurred in this function.
*/
+ lck_mtx_lock(sadb_mutex);
+
if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
#ifndef IPSEC_NONBLOCK_ACQUIRE
struct secacq *acq;
/* check sequence number */
if (mhp->msg->sadb_msg_seq == 0) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
m_freem(m);
return 0;
* the specified larval SA is already gone, or we got
* a bogus sequence number. we can silently ignore it.
*/
+ lck_mtx_unlock(sadb_mutex);
m_freem(m);
return 0;
}
acq->created = tv.tv_sec;
acq->count = 0;
#endif
+ lck_mtx_unlock(sadb_mutex);
m_freem(m);
return 0;
}
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
return key_senderror(so, m, EINVAL);
}
mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
/* error */
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
}
mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
/* error */
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
return key_senderror(so, m, EINVAL);
}
- src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
- dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
+ src0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
+ dst0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
/* XXX boundary check against sa_len */
+ /* cast warnings */
KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
/* get a SA index */
LIST_FOREACH(sah, &sahtree, chain) {
if (sah->state == SADB_SASTATE_DEAD)
continue;
- if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
+ if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
break;
}
if (sah != NULL) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
return key_senderror(so, m, EEXIST);
}
-
+ lck_mtx_unlock(sadb_mutex);
error = key_acquire(&saidx, NULL);
if (error != 0) {
ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
/*
* SADB_REGISTER processing.
- * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
+ * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
* receive
* <base>
* from the ikmpd, and register a socket to send PF_KEY messages,
* m will always be freed.
*/
static int
-key_register(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_register(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct secreg *reg, *newreg = 0;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_register: NULL pointer is passed.\n");
if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
return key_senderror(so, m, EINVAL);
- /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
+ /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
goto setmsg;
+ /* create regnode */
+ KMALLOC_WAIT(newreg, struct secreg *, sizeof(*newreg));
+ if (newreg == NULL) {
+ ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
+ return key_senderror(so, m, ENOBUFS);
+ }
+ bzero((caddr_t)newreg, sizeof(*newreg));
+
+ lck_mtx_lock(sadb_mutex);
/* check whether existing or not */
LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
if (reg->so == so) {
+ lck_mtx_unlock(sadb_mutex);
ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
+ KFREE(newreg);
return key_senderror(so, m, EEXIST);
}
}
- /* create regnode */
- KMALLOC(newreg, struct secreg *, sizeof(*newreg));
- if (newreg == NULL) {
- ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
- return key_senderror(so, m, ENOBUFS);
- }
- bzero((caddr_t)newreg, sizeof(*newreg));
-
socket_lock(so, 1);
newreg->so = so;
((struct keycb *)sotorawcb(so))->kp_registered++;
/* add regnode to regtree. */
LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
-
+ lck_mtx_unlock(sadb_mutex);
setmsg:
{
struct mbuf *n;
if (len > MCLBYTES)
return key_senderror(so, m, ENOBUFS);
- MGETHDR(n, M_DONTWAIT, MT_DATA);
- if (len > MHLEN) {
- MCLGET(n, M_DONTWAIT);
+ MGETHDR(n, M_WAITOK, MT_DATA);
+ if (n && len > MHLEN) {
+ MCLGET(n, M_WAITOK);
if ((n->m_flags & M_EXT) == 0) {
m_freem(n);
n = NULL;
/* for authentication algorithm */
if (alen) {
- sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
+ sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
sup->sadb_supported_len = PFKEY_UNIT64(alen);
sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
off += PFKEY_ALIGN8(sizeof(*sup));
aalgo = ah_algorithm_lookup(i);
if (!aalgo)
continue;
- alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
+ alg = (struct sadb_alg *)
+ (void *)(mtod(n, caddr_t) + off);
alg->sadb_alg_id = i;
alg->sadb_alg_ivlen = 0;
alg->sadb_alg_minbits = aalgo->keymin;
#if IPSEC_ESP
/* for encryption algorithm */
if (elen) {
- sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
+ sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
sup->sadb_supported_len = PFKEY_UNIT64(elen);
sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
off += PFKEY_ALIGN8(sizeof(*sup));
ealgo = esp_algorithm_lookup(i);
if (!ealgo)
continue;
- alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
+ alg = (struct sadb_alg *)
+ (void *)(mtod(n, caddr_t) + off);
alg->sadb_alg_id = i;
if (ealgo && ealgo->ivlen) {
/*
* XXX: I want to do free a socket marked done SADB_RESIGER to socket.
*/
void
-key_freereg(so)
- struct socket *so;
+key_freereg(
+ struct socket *so)
{
struct secreg *reg;
int i;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL)
panic("key_freereg: NULL pointer is passed.\n");
* check all type of SA, because there is a potential that
* one socket is registered to multiple type of SA.
*/
+ lck_mtx_lock(sadb_mutex);
for (i = 0; i <= SADB_SATYPE_MAX; i++) {
LIST_FOREACH(reg, ®tree[i], chain) {
if (reg->so == so
}
}
}
-
+ lck_mtx_unlock(sadb_mutex);
return;
}
* others : error number
*/
static int
-key_expire(sav)
- struct secasvar *sav;
+key_expire(
+ struct secasvar *sav)
{
- int s;
int satype;
struct mbuf *result = NULL, *m;
int len;
int error = -1;
struct sadb_lifetime *lt;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (sav == NULL)
panic("key_expire: NULL pointer is passed.\n");
lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
- lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
+ lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
bcopy(sav->lft_s, lt, sizeof(*lt));
m_cat(result, m);
mtod(result, struct sadb_msg *)->sadb_msg_len =
PFKEY_UNIT64(result->m_pkthdr.len);
- splx(s);
return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
fail:
if (result)
m_freem(result);
- splx(s);
return error;
}
* m will always be freed.
*/
static int
-key_flush(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_flush(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct sadb_msg *newmsg;
struct secashead *sah, *nextsah;
u_int16_t proto;
u_int8_t state;
u_int stateidx;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_flush: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
+ lck_mtx_lock(sadb_mutex);
+
/* no SATYPE specified, i.e. flushing all SA. */
for (sah = LIST_FIRST(&sahtree);
sah != NULL;
nextsav = LIST_NEXT(sav, chain);
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- key_freesav(sav);
+ key_freesav(sav, KEY_SADB_LOCKED);
}
}
sah->state = SADB_SASTATE_DEAD;
}
-
+ lck_mtx_unlock(sadb_mutex);
+
if (m->m_len < sizeof(struct sadb_msg) ||
sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
*
* m will always be freed.
*/
+
+struct sav_dump_elem {
+ struct secasvar *sav;
+ u_int8_t satype;
+};
+
static int
-key_dump(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_dump(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
struct secashead *sah;
struct secasvar *sav;
+ struct sav_dump_elem *savbuf = NULL, *elem_ptr;
u_int16_t proto;
u_int stateidx;
u_int8_t satype;
u_int8_t state;
- int cnt;
- struct sadb_msg *newmsg;
+ int cnt = 0, cnt2, bufcount;
struct mbuf *n;
+ int error = 0;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_dump: NULL pointer is passed.\n");
return key_senderror(so, m, EINVAL);
}
+ if ((bufcount = ipsec_sav_count) <= 0) {
+ error = ENOENT;
+ goto end;
+ }
+ bufcount += 512; /* extra */
+ KMALLOC_WAIT(savbuf, struct sav_dump_elem*, bufcount * sizeof(struct sav_dump_elem));
+ if (savbuf == NULL) {
+ ipseclog((LOG_DEBUG, "key_dump: No more memory.\n"));
+ error = ENOMEM;
+ goto end;
+ }
+
/* count sav entries to be sent to the userland. */
- cnt = 0;
+ lck_mtx_lock(sadb_mutex);
+ elem_ptr = savbuf;
LIST_FOREACH(sah, &sahtree, chain) {
if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
&& proto != sah->saidx.proto)
continue;
+
+ /* map proto to satype */
+ if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
+ lck_mtx_unlock(sadb_mutex);
+ ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
+ error = EINVAL;
+ goto end;
+ }
for (stateidx = 0;
stateidx < _ARRAYLEN(saorder_state_any);
stateidx++) {
state = saorder_state_any[stateidx];
LIST_FOREACH(sav, &sah->savtree[state], chain) {
- cnt++;
+ if (cnt == bufcount)
+ break; /* out of buffer space */
+ elem_ptr->sav = sav;
+ elem_ptr->satype = satype;
+ sav->refcnt++;
+ elem_ptr++;
+ cnt++;
}
}
}
+ lck_mtx_unlock(sadb_mutex);
- if (cnt == 0)
- return key_senderror(so, m, ENOENT);
+ if (cnt == 0) {
+ error = ENOENT;
+ goto end;
+ }
/* send this to the userland, one at a time. */
- newmsg = NULL;
- LIST_FOREACH(sah, &sahtree, chain) {
- if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
- && proto != sah->saidx.proto)
- continue;
-
- /* map proto to satype */
- if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
- ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
- return key_senderror(so, m, EINVAL);
+ elem_ptr = savbuf;
+ cnt2 = cnt;
+ while (cnt2) {
+ n = key_setdumpsa(elem_ptr->sav, SADB_DUMP, elem_ptr->satype,
+ --cnt2, mhp->msg->sadb_msg_pid);
+
+ if (!n) {
+ error = ENOBUFS;
+ goto end;
}
- for (stateidx = 0;
- stateidx < _ARRAYLEN(saorder_state_any);
- stateidx++) {
- state = saorder_state_any[stateidx];
- LIST_FOREACH(sav, &sah->savtree[state], chain) {
- n = key_setdumpsa(sav, SADB_DUMP, satype,
- --cnt, mhp->msg->sadb_msg_pid);
- if (!n)
- return key_senderror(so, m, ENOBUFS);
+ key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
+ elem_ptr++;
+ }
- key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
- }
+end:
+ if (savbuf) {
+ if (cnt) {
+ elem_ptr = savbuf;
+ lck_mtx_lock(sadb_mutex);
+ while (cnt--)
+ key_freesav((elem_ptr++)->sav, KEY_SADB_LOCKED);
+ lck_mtx_unlock(sadb_mutex);
}
+ KFREE(savbuf);
}
+ if (error)
+ return key_senderror(so, m, error);
+
m_freem(m);
return 0;
}
* m will always be freed.
*/
static int
-key_promisc(so, m, mhp)
- struct socket *so;
- struct mbuf *m;
- const struct sadb_msghdr *mhp;
+key_promisc(
+ struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
{
int olen;
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
panic("key_promisc: NULL pointer is passed.\n");
key_spdadd, /* SADB_X_SPDSETIDX */
NULL, /* SADB_X_SPDEXPIRE */
key_spddelete2, /* SADB_X_SPDDELETE2 */
+ key_getsastat, /* SADB_GETSASTAT */
};
/*
* length for buffer to send to user process.
*/
int
-key_parse(m, so)
- struct mbuf *m;
- struct socket *so;
+key_parse(
+ struct mbuf *m,
+ struct socket *so)
{
struct sadb_msg *msg;
struct sadb_msghdr mh;
int error;
int target;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
/* sanity check */
if (m == NULL || so == NULL)
panic("key_parse: NULL pointer is passed.\n");
if ((m->m_flags & M_PKTHDR) == 0 ||
m->m_pkthdr.len != m->m_pkthdr.len) {
ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
- pfkeystat.out_invlen++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
error = EINVAL;
goto senderror;
}
ipseclog((LOG_DEBUG,
"key_parse: PF_KEY version %u is mismatched.\n",
msg->sadb_msg_version));
- pfkeystat.out_invver++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invver);
error = EINVAL;
goto senderror;
}
if (msg->sadb_msg_type > SADB_MAX) {
ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
msg->sadb_msg_type));
- pfkeystat.out_invmsgtype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
error = EINVAL;
goto senderror;
}
if (m->m_next) {
struct mbuf *n;
- MGETHDR(n, M_DONTWAIT, MT_DATA);
+ MGETHDR(n, M_WAITOK, MT_DATA);
if (n && m->m_pkthdr.len > MHLEN) {
- MCLGET(n, M_DONTWAIT);
+ MCLGET(n, M_WAITOK);
if ((n->m_flags & M_EXT) == 0) {
m_free(n);
n = NULL;
case SADB_EXPIRE:
ipseclog((LOG_DEBUG, "key_parse: must specify satype "
"when msg type=%u.\n", msg->sadb_msg_type));
- pfkeystat.out_invsatype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
error = EINVAL;
goto senderror;
}
case SADB_X_SPDDELETE2:
ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
msg->sadb_msg_type));
- pfkeystat.out_invsatype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
error = EINVAL;
goto senderror;
}
case SADB_SATYPE_MIP:
ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
msg->sadb_msg_satype));
- pfkeystat.out_invsatype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
error = EOPNOTSUPP;
goto senderror;
case 1: /* XXX: What does it do? */
default:
ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
msg->sadb_msg_satype));
- pfkeystat.out_invsatype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
error = EINVAL;
goto senderror;
}
/* check upper layer protocol */
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
if (PFKEY_ADDR_SADDR(src0)->sa_family !=
PFKEY_ADDR_SADDR(dst0)->sa_family) {
ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
PFKEY_ADDR_SADDR(dst0)->sa_len) {
ipseclog((LOG_DEBUG,
"key_parse: address struct size mismatched.\n"));
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
case AF_INET:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in)) {
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
case AF_INET6:
if (PFKEY_ADDR_SADDR(src0)->sa_len !=
sizeof(struct sockaddr_in6)) {
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
default:
ipseclog((LOG_DEBUG,
"key_parse: unsupported address family.\n"));
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EAFNOSUPPORT;
goto senderror;
}
dst0->sadb_address_prefixlen > plen) {
ipseclog((LOG_DEBUG,
"key_parse: illegal prefixlen.\n"));
- pfkeystat.out_invaddr++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
error = EINVAL;
goto senderror;
}
if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
key_typesw[msg->sadb_msg_type] == NULL) {
- pfkeystat.out_invmsgtype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
error = EINVAL;
goto senderror;
}
}
static int
-key_senderror(so, m, code)
- struct socket *so;
- struct mbuf *m;
- int code;
+key_senderror(
+ struct socket *so,
+ struct mbuf *m,
+ int code)
{
struct sadb_msg *msg;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
if (m->m_len < sizeof(struct sadb_msg))
panic("invalid mbuf passed to key_senderror");
* XXX larger-than-MCLBYTES extension?
*/
static int
-key_align(m, mhp)
- struct mbuf *m;
- struct sadb_msghdr *mhp;
+key_align(
+ struct mbuf *m,
+ struct sadb_msghdr *mhp)
{
struct mbuf *n;
struct sadb_ext *ext;
/* m is already freed */
return ENOBUFS;
}
- ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
+ ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
/* set pointer */
switch (ext->sadb_ext_type) {
case SADB_EXT_SPIRANGE:
case SADB_X_EXT_POLICY:
case SADB_X_EXT_SA2:
+ case SADB_EXT_SESSION_ID:
+ case SADB_EXT_SASTAT:
/* duplicate check */
/*
* XXX Are there duplication payloads of either
"key_align: duplicate ext_type %u "
"is passed.\n", ext->sadb_ext_type));
m_freem(m);
- pfkeystat.out_dupext++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_dupext);
return EINVAL;
}
break;
"key_align: invalid ext_type %u is passed.\n",
ext->sadb_ext_type));
m_freem(m);
- pfkeystat.out_invexttype++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invexttype);
return EINVAL;
}
if (key_validate_ext(ext, extlen)) {
m_freem(m);
- pfkeystat.out_invlen++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
return EINVAL;
}
/* m is already freed */
return ENOBUFS;
}
- ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
+ ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
mhp->ext[ext->sadb_ext_type] = ext;
mhp->extoff[ext->sadb_ext_type] = off;
if (off != end) {
m_freem(m);
- pfkeystat.out_invlen++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
return EINVAL;
}
}
static int
-key_validate_ext(ext, len)
- const struct sadb_ext *ext;
- int len;
+key_validate_ext(
+ const struct sadb_ext *ext,
+ int len)
{
struct sockaddr *sa;
enum { NONE, ADDR } checktype = NONE;
break;
case SADB_EXT_IDENTITY_SRC:
case SADB_EXT_IDENTITY_DST:
- if (((struct sadb_ident *)ext)->sadb_ident_type ==
- SADB_X_IDENTTYPE_ADDR) {
+ if (((struct sadb_ident *)(uintptr_t)(size_t)ext)->
+ sadb_ident_type == SADB_X_IDENTTYPE_ADDR) {
baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
checktype = ADDR;
} else
case NONE:
break;
case ADDR:
- sa = (struct sockaddr *)((caddr_t)ext + baselen);
+ sa = (struct sockaddr *)((caddr_t)(uintptr_t)ext + baselen);
+
if (len < baselen + sal)
return EINVAL;
if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
}
void
-key_domain_init()
+key_domain_init(void)
{
- int i;
-
- bzero((caddr_t)&key_cb, sizeof(key_cb));
-
- for (i = 0; i < IPSEC_DIR_MAX; i++) {
- LIST_INIT(&sptree[i]);
- }
-
- LIST_INIT(&sahtree);
-
- for (i = 0; i <= SADB_SATYPE_MAX; i++) {
- LIST_INIT(®tree[i]);
- }
-
-#ifndef IPSEC_NONBLOCK_ACQUIRE
- LIST_INIT(&acqtree);
-#endif
- LIST_INIT(&spacqtree);
-
- /* system default */
-#if INET
- ip4_def_policy.policy = IPSEC_POLICY_NONE;
- ip4_def_policy.refcnt++; /*never reclaim this*/
-#endif
-#if INET6
- ip6_def_policy.policy = IPSEC_POLICY_NONE;
- ip6_def_policy.refcnt++; /*never reclaim this*/
-#endif
-
-#ifndef IPSEC_DEBUG2
- timeout((void *)key_timehandler, (void *)0, hz);
-#endif /*IPSEC_DEBUG2*/
-
- /* initialize key statistics */
- keystat.getspi_count = 1;
-
-#ifndef __APPLE__
- printf("IPsec: Initialized Security Association Processing.\n");
-#endif
-
return;
}
* xxx more checks to be provided
*/
int
-key_checktunnelsanity(sav, family, src, dst)
- struct secasvar *sav;
- u_int family;
- caddr_t src;
- caddr_t dst;
+key_checktunnelsanity(
+ struct secasvar *sav,
+ __unused u_int family,
+ __unused caddr_t src,
+ __unused caddr_t dst)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sav->sah == NULL)
return 1;
}
-#if 0
-#define hostnamelen strlen(hostname)
-
-/*
- * Get FQDN for the host.
- * If the administrator configured hostname (by hostname(1)) without
- * domain name, returns nothing.
- */
-static const char *
-key_getfqdn()
-{
- int i;
- int hasdot;
- static char fqdn[MAXHOSTNAMELEN + 1];
-
- if (!hostnamelen)
- return NULL;
-
- /* check if it comes with domain name. */
- hasdot = 0;
- for (i = 0; i < hostnamelen; i++) {
- if (hostname[i] == '.')
- hasdot++;
- }
- if (!hasdot)
- return NULL;
-
- /* NOTE: hostname may not be NUL-terminated. */
- bzero(fqdn, sizeof(fqdn));
- bcopy(hostname, fqdn, hostnamelen);
- fqdn[hostnamelen] = '\0';
- return fqdn;
-}
-
-/*
- * get username@FQDN for the host/user.
- */
-static const char *
-key_getuserfqdn()
-{
- const char *host;
- static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
- struct proc *p = curproc;
- char *q;
-
- if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
- return NULL;
- if (!(host = key_getfqdn()))
- return NULL;
-
- /* NOTE: s_login may not be-NUL terminated. */
- bzero(userfqdn, sizeof(userfqdn));
- bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
- userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
- q = userfqdn + strlen(userfqdn);
- *q++ = '@';
- bcopy(host, q, strlen(host));
- q += strlen(host);
- *q++ = '\0';
-
- return userfqdn;
-}
-#endif
-
/* record data transfer on SA, and update timestamps */
void
-key_sa_recordxfer(sav, m)
- struct secasvar *sav;
- struct mbuf *m;
+key_sa_recordxfer(
+ struct secasvar *sav,
+ struct mbuf *m)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
if (!sav)
panic("key_sa_recordxfer called with sav == NULL");
if (!m)
if (!sav->lft_c)
return;
+ lck_mtx_lock(sadb_mutex);
/*
* XXX Currently, there is a difference of bytes size
* between inbound and outbound processing.
sav->lft_c->sadb_lifetime_usetime = tv.tv_sec;
/* XXX check for expires? */
}
-
+ lck_mtx_unlock(sadb_mutex);
+
return;
}
/* dumb version */
void
-key_sa_routechange(dst)
- struct sockaddr *dst;
+key_sa_routechange(
+ struct sockaddr *dst)
{
struct secashead *sah;
struct route *ro;
-
+
lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sah, &sahtree, chain) {
ro = &sah->sa_route;
return;
}
-static void
-key_sa_chgstate(sav, state)
- struct secasvar *sav;
- u_int8_t state;
+void
+key_sa_chgstate(
+ struct secasvar *sav,
+ u_int8_t state)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
if (sav == NULL)
panic("key_sa_chgstate called with sav == NULL");
if (sav->state == state)
return;
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
sav->state = state;
LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
+
}
void
-key_sa_stir_iv(sav)
- struct secasvar *sav;
+key_sa_stir_iv(
+ struct secasvar *sav)
{
-
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
-
+ lck_mtx_lock(sadb_mutex);
if (!sav->iv)
panic("key_sa_stir_iv called with sav == NULL");
key_randomfill(sav->iv, sav->ivlen);
+ lck_mtx_unlock(sadb_mutex);
}
/* XXX too much? */
static struct mbuf *
-key_alloc_mbuf(l)
- int l;
+key_alloc_mbuf(
+ int l)
{
struct mbuf *m = NULL, *n;
int len, t;
return m;
}
+
+static struct mbuf *
+key_setdumpsastats (u_int32_t dir,
+ struct sastat *stats,
+ u_int32_t max_stats,
+ u_int64_t session_ids[],
+ u_int32_t seq,
+ u_int32_t pid)
+{
+ struct mbuf *result = NULL, *m = NULL;
+
+ m = key_setsadbmsg(SADB_GETSASTAT, 0, 0, seq, pid, 0);
+ if (!m) {
+ goto fail;
+ }
+ result = m;
+
+ m = key_setsadbsession_id(session_ids);
+ if (!m) {
+ goto fail;
+ }
+ m_cat(result, m);
+
+ m = key_setsadbsastat(dir,
+ stats,
+ max_stats);
+ if (!m) {
+ goto fail;
+ }
+ m_cat(result, m);
+
+ if ((result->m_flags & M_PKTHDR) == 0) {
+ goto fail;
+ }
+
+ if (result->m_len < sizeof(struct sadb_msg)) {
+ result = m_pullup(result, sizeof(struct sadb_msg));
+ if (result == NULL) {
+ goto fail;
+ }
+ }
+
+ result->m_pkthdr.len = 0;
+ for (m = result; m; m = m->m_next) {
+ result->m_pkthdr.len += m->m_len;
+ }
+
+ mtod(result, struct sadb_msg *)->sadb_msg_len =
+ PFKEY_UNIT64(result->m_pkthdr.len);
+
+ return result;
+
+ fail:
+ if (result) {
+ m_freem(result);
+ }
+ return NULL;
+}
+
+/*
+ * SADB_GETSASTAT processing
+ * dump all stats for matching entries in SAD.
+ *
+ * m will always be freed.
+ */
+
+static int
+key_getsastat (struct socket *so,
+ struct mbuf *m,
+ const struct sadb_msghdr *mhp)
+{
+ struct sadb_session_id *session_id;
+ u_int32_t bufsize, arg_count, res_count;
+ struct sadb_sastat *sa_stats_arg;
+ struct sastat *sa_stats_sav = NULL;
+ struct mbuf *n;
+ int error = 0;
+
+ /* sanity check */
+ if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
+ panic("%s: NULL pointer is passed.\n", __FUNCTION__);
+
+ if (mhp->ext[SADB_EXT_SESSION_ID] == NULL) {
+ printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__);
+ return key_senderror(so, m, EINVAL);
+ }
+ if (mhp->extlen[SADB_EXT_SESSION_ID] < sizeof(struct sadb_session_id)) {
+ printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__);
+ return key_senderror(so, m, EINVAL);
+ }
+ if (mhp->ext[SADB_EXT_SASTAT] == NULL) {
+ printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__);
+ return key_senderror(so, m, EINVAL);
+ }
+ if (mhp->extlen[SADB_EXT_SASTAT] < sizeof(*sa_stats_arg)) {
+ printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__);
+ return key_senderror(so, m, EINVAL);
+ }
+
+ lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+
+ // exit early if there are no active SAs
+ if (ipsec_sav_count <= 0) {
+ printf("%s: No active SAs.\n", __FUNCTION__);
+ error = ENOENT;
+ goto end;
+ }
+ bufsize = (ipsec_sav_count + 1) * sizeof(*sa_stats_sav);
+
+ KMALLOC_WAIT(sa_stats_sav, __typeof__(sa_stats_sav), bufsize);
+ if (sa_stats_sav == NULL) {
+ printf("%s: No more memory.\n", __FUNCTION__);
+ error = ENOMEM;
+ goto end;
+ }
+ bzero(sa_stats_sav, bufsize);
+
+ sa_stats_arg = (__typeof__(sa_stats_arg))
+ (void *)mhp->ext[SADB_EXT_SASTAT];
+ arg_count = sa_stats_arg->sadb_sastat_list_len;
+ // exit early if there are no requested SAs
+ if (arg_count == 0) {
+ printf("%s: No SAs requested.\n", __FUNCTION__);
+ error = ENOENT;
+ goto end;
+ }
+ res_count = 0;
+
+ if (key_getsastatbyspi((struct sastat *)(sa_stats_arg + 1),
+ arg_count,
+ sa_stats_sav,
+ &res_count)) {
+ printf("%s: Error finding SAs.\n", __FUNCTION__);
+ error = ENOENT;
+ goto end;
+ }
+ if (!res_count) {
+ printf("%s: No SAs found.\n", __FUNCTION__);
+ error = ENOENT;
+ goto end;
+ }
+
+ session_id = (__typeof__(session_id))
+ (void *)mhp->ext[SADB_EXT_SESSION_ID];
+
+ /* send this to the userland. */
+ n = key_setdumpsastats(sa_stats_arg->sadb_sastat_dir,
+ sa_stats_sav,
+ res_count,
+ session_id->sadb_session_id_v,
+ mhp->msg->sadb_msg_seq,
+ mhp->msg->sadb_msg_pid);
+ if (!n) {
+ printf("%s: No bufs to dump stats.\n", __FUNCTION__);
+ error = ENOBUFS;
+ goto end;
+ }
+
+ key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
+end:
+ if (sa_stats_sav) {
+ KFREE(sa_stats_sav);
+ }
+
+ if (error)
+ return key_senderror(so, m, error);
+
+ m_freem(m);
+ return 0;
+}
+
+static void
+key_update_natt_keepalive_timestamp (struct secasvar *sav_sent,
+ struct secasvar *sav_update)
+{
+ struct secasindex saidx_swap_sent_addr;
+
+ // exit early if two SAs are identical, or if sav_update is current
+ if (sav_sent == sav_update ||
+ sav_update->natt_last_activity == natt_now) {
+ return;
+ }
+
+ // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
+
+ bzero(&saidx_swap_sent_addr, sizeof(saidx_swap_sent_addr));
+ memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src));
+ memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst));
+ saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto;
+ saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode;
+ // we ignore reqid for split-tunnel setups
+
+ if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) ||
+ key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) {
+ sav_update->natt_last_activity = natt_now;
+ }
+}
projects / apple / xnu.git / blobdiff