+/*
+ * Copyright (c) 2016 Apple Inc. All rights reserved.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
+ */
+
/* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
/*
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/mbuf.h>
+#include <sys/mcache.h>
#include <sys/malloc.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/protosw.h>
#include <sys/errno.h>
+#include <kern/locks.h>
#include <net/raw_cb.h>
#include <net/route.h>
#include <netkey/keysock.h>
#include <netkey/key_debug.h>
-struct sockaddr key_dst = { 2, PF_KEY, };
-struct sockaddr key_src = { 2, PF_KEY, };
+extern lck_mtx_t *raw_mtx;
+extern void key_init(struct protosw *, struct domain *);
-static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
+struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
+struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} };
+
+static void key_dinit(struct domain *);
+static int key_sendup0(struct rawcb *, struct mbuf *, int);
struct pfkeystat pfkeystat;
+static struct domain *keydomain = NULL;
+
+extern lck_mtx_t *pfkey_stat_mutex;
+
/*
* key_output()
*/
{
struct sadb_msg *msg;
int len, error = 0;
- int s;
#ifndef __APPLE__
struct socket *so;
va_list ap;
if (m == 0)
panic("key_output: NULL pointer was passed.\n");
+ socket_unlock(so, 0);
+ lck_mtx_lock(pfkey_stat_mutex);
pfkeystat.out_total++;
pfkeystat.out_bytes += m->m_pkthdr.len;
+ lck_mtx_unlock(pfkey_stat_mutex);
len = m->m_pkthdr.len;
if (len < sizeof(struct sadb_msg)) {
#if IPSEC_DEBUG
printf("key_output: Invalid message length.\n");
#endif
- pfkeystat.out_tooshort++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
error = EINVAL;
goto end;
}
#if IPSEC_DEBUG
printf("key_output: can't pullup mbuf\n");
#endif
- pfkeystat.out_nomem++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
error = ENOBUFS;
goto end;
}
#endif /* defined(IPSEC_DEBUG) */
msg = mtod(m, struct sadb_msg *);
- pfkeystat.out_msgtype[msg->sadb_msg_type]++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
#if IPSEC_DEBUG
printf("key_output: Invalid message length.\n");
#endif
- pfkeystat.out_invlen++;
+ PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
error = EINVAL;
goto end;
}
- /*XXX giant lock*/
- s = splnet();
error = key_parse(m, so);
m = NULL;
- splx(s);
+
end:
if (m)
m_freem(m);
+ socket_lock(so, 0);
return error;
}
* send message to the socket.
*/
static int
-key_sendup0(rp, m, promisc)
- struct rawcb *rp;
- struct mbuf *m;
- int promisc;
+key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
{
int error;
if (promisc) {
struct sadb_msg *pmsg;
- M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
+ M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
if (m && m->m_len < sizeof(struct sadb_msg))
m = m_pullup(m, sizeof(struct sadb_msg));
if (!m) {
#if IPSEC_DEBUG
printf("key_sendup0: cannot pullup\n");
#endif
- pfkeystat.in_nomem++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
m_freem(m);
return ENOBUFS;
}
pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
/* pid and seq? */
- pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
}
if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
- m, NULL)) {
+ m, NULL, &error)) {
#if IPSEC_DEBUG
printf("key_sendup0: sbappendaddr failed\n");
#endif
- pfkeystat.in_nomem++;
- m_freem(m);
- error = ENOBUFS;
- } else
- error = 0;
- sorwakeup(rp->rcb_socket);
+ PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
+ }
+ else {
+ sorwakeup(rp->rcb_socket);
+ }
return error;
}
-/* XXX this interface should be obsoleted. */
-int
-key_sendup(so, msg, len, target)
- struct socket *so;
- struct sadb_msg *msg;
- u_int len;
- int target; /*target of the resulting message*/
-{
- struct mbuf *m, *n, *mprev;
- int tlen;
-
- /* sanity check */
- if (so == 0 || msg == 0)
- panic("key_sendup: NULL pointer was passed.\n");
-
- KEYDEBUG(KEYDEBUG_KEY_DUMP,
- printf("key_sendup: \n");
- kdebug_sadb(msg));
-
- /*
- * we increment statistics here, just in case we have ENOBUFS
- * in this function.
- */
- pfkeystat.in_total++;
- pfkeystat.in_bytes += len;
- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
-
- /*
- * Get mbuf chain whenever possible (not clusters),
- * to save socket buffer. We'll be generating many SADB_ACQUIRE
- * messages to listening key sockets. If we simply allocate clusters,
- * sbappendaddr() will raise ENOBUFS due to too little sbspace().
- * sbspace() computes # of actual data bytes AND mbuf region.
- *
- * TODO: SADB_ACQUIRE filters should be implemented.
- */
- tlen = len;
- m = mprev = NULL;
- while (tlen > 0) {
- if (tlen == len) {
- MGETHDR(n, M_DONTWAIT, MT_DATA);
- n->m_len = MHLEN;
- } else {
- MGET(n, M_DONTWAIT, MT_DATA);
- n->m_len = MLEN;
- }
- if (!n) {
- pfkeystat.in_nomem++;
- return ENOBUFS;
- }
- if (tlen >= MCLBYTES) { /*XXX better threshold? */
- MCLGET(n, M_DONTWAIT);
- if ((n->m_flags & M_EXT) == 0) {
- m_free(n);
- m_freem(m);
- pfkeystat.in_nomem++;
- return ENOBUFS;
- }
- n->m_len = MCLBYTES;
- }
-
- if (tlen < n->m_len)
- n->m_len = tlen;
- n->m_next = NULL;
- if (m == NULL)
- m = mprev = n;
- else {
- mprev->m_next = n;
- mprev = n;
- }
- tlen -= n->m_len;
- n = NULL;
- }
- m->m_pkthdr.len = len;
- m->m_pkthdr.rcvif = NULL;
- m_copyback(m, 0, len, (caddr_t)msg);
-
- /* avoid duplicated statistics */
- pfkeystat.in_total--;
- pfkeystat.in_bytes -= len;
- pfkeystat.in_msgtype[msg->sadb_msg_type]--;
-
- return key_sendup_mbuf(so, m, target);
-}
/* so can be NULL if target != KEY_SENDUP_ONE */
int
-key_sendup_mbuf(so, m, target)
- struct socket *so;
- struct mbuf *m;
- int target;
+key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
{
struct mbuf *n;
struct keycb *kp;
if (so == NULL && target == KEY_SENDUP_ONE)
panic("key_sendup_mbuf: NULL pointer was passed.\n");
+ lck_mtx_lock(pfkey_stat_mutex);
pfkeystat.in_total++;
pfkeystat.in_bytes += m->m_pkthdr.len;
+ lck_mtx_unlock(pfkey_stat_mutex);
if (m->m_len < sizeof(struct sadb_msg)) {
#if 1
m = m_pullup(m, sizeof(struct sadb_msg));
if (m == NULL) {
- pfkeystat.in_nomem++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
return ENOBUFS;
}
#else
if (m->m_len >= sizeof(struct sadb_msg)) {
struct sadb_msg *msg;
msg = mtod(m, struct sadb_msg *);
- pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
}
-
+
+ lck_mtx_lock(raw_mtx);
LIST_FOREACH(rp, &rawcb_list, list)
{
if (rp->rcb_proto.sp_family != PF_KEY)
}
kp = (struct keycb *)rp;
-
+
+ socket_lock(rp->rcb_socket, 1);
/*
* If you are in promiscuous mode, and when you get broadcasted
* reply, you'll get two PF_KEY messages.
}
/* the exact target will be processed later */
- if (so && sotorawcb(so) == rp)
+ if (so && sotorawcb(so) == rp) {
+ socket_unlock(rp->rcb_socket, 1);
continue;
+ }
sendup = 0;
switch (target) {
case KEY_SENDUP_ONE:
/* the statement has no effect */
- if (so && sotorawcb(so) == rp)
- sendup++;
break;
case KEY_SENDUP_ALL:
sendup++;
sendup++;
break;
}
- pfkeystat.in_msgtarget[target]++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
- if (!sendup)
+ if (!sendup) {
+ socket_unlock(rp->rcb_socket, 1);
continue;
+ }
+ else
+ sendup = 0; // clear for next iteration
if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
#if IPSEC_DEBUG
printf("key_sendup: m_copy fail\n");
#endif
m_freem(m);
- pfkeystat.in_nomem++;
+ PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
+ socket_unlock(rp->rcb_socket, 1);
+ lck_mtx_unlock(raw_mtx);
return ENOBUFS;
}
- if ((error = key_sendup0(rp, n, 0)) != 0) {
- m_freem(m);
- return error;
- }
-
+ /*
+ * ignore error even if queue is full. PF_KEY does not
+ * guarantee the delivery of the message.
+ * this is important when target == KEY_SENDUP_ALL.
+ */
+ key_sendup0(rp, n, 0);
+ socket_unlock(rp->rcb_socket, 1);
n = NULL;
}
+ lck_mtx_unlock(raw_mtx);
if (so) {
+ socket_lock(so, 1);
error = key_sendup0(sotorawcb(so), m, 0);
+ socket_unlock(so, 1);
m = NULL;
} else {
error = 0;
static int
key_abort(struct socket *so)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_abort(so);
- splx(s);
return error;
}
key_attach(struct socket *so, int proto, struct proc *p)
{
struct keycb *kp;
- int s, error;
+ int error;
if (sotorawcb(so) != 0)
return EISCONN; /* XXX panic? */
- kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */
+ kp = (struct keycb *)_MALLOC(sizeof (*kp), M_PCB,
+ M_WAITOK | M_ZERO); /* XXX */
if (kp == 0)
return ENOBUFS;
- bzero(kp, sizeof *kp);
-
- /*
- * The splnet() is necessary to block protocols from sending
- * error notifications (like RTM_REDIRECT or RTM_LOSING) while
- * this PCB is extant but incompletely initialized.
- * Probably we should try to do more of this work beforehand and
- * eliminate the spl.
- */
- s = splnet();
+
so->so_pcb = (caddr_t)kp;
+ kp->kp_promisc = kp->kp_registered = 0;
+ kp->kp_raw.rcb_laddr = &key_src;
+ kp->kp_raw.rcb_faddr = &key_dst;
+
error = raw_usrreqs.pru_attach(so, proto, p);
kp = (struct keycb *)sotorawcb(so);
if (error) {
_FREE(kp, M_PCB);
so->so_pcb = (caddr_t) 0;
- splx(s);
+ so->so_flags |= SOF_PCBCLEARING;
printf("key_usrreq: key_usrreq results %d\n", error);
return error;
}
- kp->kp_promisc = kp->kp_registered = 0;
-
+ /* so is already locked when calling key_attach */
if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
key_cb.key_count++;
key_cb.any_count++;
- kp->kp_raw.rcb_laddr = &key_src;
- kp->kp_raw.rcb_faddr = &key_dst;
soisconnected(so);
so->so_options |= SO_USELOOPBACK;
- splx(s);
return 0;
}
static int
key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
- splx(s);
return error;
}
static int
key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
- splx(s);
return error;
}
key_detach(struct socket *so)
{
struct keycb *kp = (struct keycb *)sotorawcb(so);
- int s, error;
+ int error;
- s = splnet();
if (kp != 0) {
- if (kp->kp_raw.rcb_proto.sp_protocol
- == PF_KEY) /* XXX: AF_KEY */
+ if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
key_cb.key_count--;
key_cb.any_count--;
-
+ socket_unlock(so, 0);
key_freereg(so);
+ socket_lock(so, 0);
}
error = raw_usrreqs.pru_detach(so);
- splx(s);
return error;
}
static int
key_disconnect(struct socket *so)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_disconnect(so);
- splx(s);
return error;
}
static int
key_peeraddr(struct socket *so, struct sockaddr **nam)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_peeraddr(so, nam);
- splx(s);
return error;
}
key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
struct mbuf *control, struct proc *p)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
- splx(s);
return error;
}
static int
key_shutdown(struct socket *so)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_shutdown(so);
- splx(s);
return error;
}
static int
key_sockaddr(struct socket *so, struct sockaddr **nam)
{
- int s, error;
- s = splnet();
+ int error;
error = raw_usrreqs.pru_sockaddr(so, nam);
- splx(s);
return error;
}
-struct pr_usrreqs key_usrreqs = {
- key_abort, pru_accept_notsupp, key_attach, key_bind,
- key_connect,
- pru_connect2_notsupp, pru_control_notsupp, key_detach,
- key_disconnect, pru_listen_notsupp, key_peeraddr,
- pru_rcvd_notsupp,
- pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown,
- key_sockaddr, sosend, soreceive, sopoll
+static struct pr_usrreqs key_usrreqs = {
+ .pru_abort = key_abort,
+ .pru_attach = key_attach,
+ .pru_bind = key_bind,
+ .pru_connect = key_connect,
+ .pru_detach = key_detach,
+ .pru_disconnect = key_disconnect,
+ .pru_peeraddr = key_peeraddr,
+ .pru_send = key_send,
+ .pru_shutdown = key_shutdown,
+ .pru_sockaddr = key_sockaddr,
+ .pru_sosend = sosend,
+ .pru_soreceive = soreceive,
};
/* sysctl */
-SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
+SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Key Family");
/*
* Definitions of protocols supported in the KEY domain.
*/
-extern struct domain keydomain;
+extern struct domain keydomain_s;
-struct protosw keysw[] = {
-{ SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR,
- 0, key_output, raw_ctlinput, 0,
- 0,
- raw_init, 0, 0, 0,
- 0, &key_usrreqs
+static struct protosw keysw[] = {
+{
+ .pr_type = SOCK_RAW,
+ .pr_protocol = PF_KEY_V2,
+ .pr_flags = PR_ATOMIC|PR_ADDR,
+ .pr_output = key_output,
+ .pr_ctlinput = raw_ctlinput,
+ .pr_init = key_init,
+ .pr_usrreqs = &key_usrreqs,
}
};
-struct domain keydomain =
- { PF_KEY, "key", key_init, 0, 0,
- keysw, 0,
- 0,0,
- sizeof(struct key_cb), 0
- };
+static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));
-DOMAIN_SET(key);
+struct domain keydomain_s = {
+ .dom_family = PF_KEY,
+ .dom_name = "key",
+ .dom_init = key_dinit,
+ .dom_maxrtkey = sizeof (struct key_cb),
+};
+
+static void
+key_dinit(struct domain *dp)
+{
+ struct protosw *pr;
+ int i;
+
+ VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
+ VERIFY(keydomain == NULL);
+
+ keydomain = dp;
+
+ for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++)
+ net_add_proto(pr, dp, 1);
+}
projects / apple / xnu.git / blobdiff