X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/378393581903b274cb7a4d18e0d978071a6b592d..bca245acd4c03fd752d1a45f011ad495e60fe53d:/bsd/netkey/keysock.c diff --git a/bsd/netkey/keysock.c b/bsd/netkey/keysock.c index dcf0b5e68..83dd1d874 100644 --- a/bsd/netkey/keysock.c +++ b/bsd/netkey/keysock.c @@ -1,3 +1,31 @@ +/* + * Copyright (c) 2019 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ + /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */ /* @@ -37,6 +65,7 @@ #include #include #include +#include #include #include #include @@ -56,16 +85,20 @@ #include extern lck_mtx_t *raw_mtx; -extern lck_mtx_t *sadb_mutex; -extern void key_init(void); +extern void key_init(struct protosw *, struct domain *); -struct sockaddr key_dst = { 2, PF_KEY, }; -struct sockaddr key_src = { 2, PF_KEY, }; +struct sockaddr key_dst = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } }; +struct sockaddr key_src = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } }; +static void key_dinit(struct domain *); static int key_sendup0(struct rawcb *, struct mbuf *, int); struct pfkeystat pfkeystat; +static struct domain *keydomain = NULL; + +extern lck_mtx_t *pfkey_stat_mutex; + /* * key_output() */ @@ -78,8 +111,8 @@ key_output(struct mbuf *m, struct socket *so) key_output(struct mbuf *m, ...) #else key_output(m, va_alist) - struct mbuf *m; - va_dcl +struct mbuf *m; +va_dcl #endif #endif { @@ -94,20 +127,22 @@ key_output(m, va_alist) va_end(ap); #endif - if (m == 0) + if (m == 0) { panic("key_output: NULL pointer was passed.\n"); + } socket_unlock(so, 0); - lck_mtx_lock(sadb_mutex); + lck_mtx_lock(pfkey_stat_mutex); pfkeystat.out_total++; pfkeystat.out_bytes += m->m_pkthdr.len; + lck_mtx_unlock(pfkey_stat_mutex); len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { #if IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif - pfkeystat.out_tooshort++; + PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort); error = EINVAL; goto end; } @@ -117,26 +152,27 @@ key_output(m, va_alist) #if IPSEC_DEBUG printf("key_output: can't pullup mbuf\n"); #endif - pfkeystat.out_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.out_nomem); error = ENOBUFS; goto end; } } - if ((m->m_flags & M_PKTHDR) == 0) + if ((m->m_flags & M_PKTHDR) == 0) { panic("key_output: not M_PKTHDR ??"); + } #if IPSEC_DEBUG KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); #endif /* defined(IPSEC_DEBUG) */ msg = mtod(m, struct sadb_msg *); - pfkeystat.out_msgtype[msg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]); if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { #if IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif - pfkeystat.out_invlen++; + PFKEY_STAT_INCREMENT(pfkeystat.out_invlen); error = EINVAL; goto end; } @@ -145,9 +181,9 @@ key_output(m, va_alist) m = NULL; end: - if (m) + if (m) { m_freem(m); - lck_mtx_unlock(sadb_mutex); + } socket_lock(so, 0); return error; } @@ -156,25 +192,22 @@ end: * send message to the socket. */ static int -key_sendup0(rp, m, promisc) - struct rawcb *rp; - struct mbuf *m; - int promisc; +key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc) { int error; - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); if (promisc) { struct sadb_msg *pmsg; - M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT); - if (m && m->m_len < sizeof(struct sadb_msg)) + M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1); + if (m && m->m_len < sizeof(struct sadb_msg)) { m = m_pullup(m, sizeof(struct sadb_msg)); + } if (!m) { #if IPSEC_DEBUG printf("key_sendup0: cannot pullup\n"); #endif - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); m_freem(m); return ENOBUFS; } @@ -187,7 +220,7 @@ key_sendup0(rp, m, promisc) pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ - pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]); } if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, @@ -195,9 +228,8 @@ key_sendup0(rp, m, promisc) #if IPSEC_DEBUG printf("key_sendup0: sbappendaddr failed\n"); #endif - pfkeystat.in_nomem++; - } - else { + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); + } else { sorwakeup(rp->rcb_socket); } return error; @@ -206,10 +238,7 @@ key_sendup0(rp, m, promisc) /* so can be NULL if target != KEY_SENDUP_ONE */ int -key_sendup_mbuf(so, m, target) - struct socket *so; - struct mbuf *m; - int target; +key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) { struct mbuf *n; struct keycb *kp; @@ -217,19 +246,22 @@ key_sendup_mbuf(so, m, target) struct rawcb *rp; int error = 0; - lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); - if (m == NULL) + if (m == NULL) { panic("key_sendup_mbuf: NULL pointer was passed.\n"); - if (so == NULL && target == KEY_SENDUP_ONE) + } + if (so == NULL && target == KEY_SENDUP_ONE) { panic("key_sendup_mbuf: NULL pointer was passed.\n"); + } + lck_mtx_lock(pfkey_stat_mutex); pfkeystat.in_total++; pfkeystat.in_bytes += m->m_pkthdr.len; + lck_mtx_unlock(pfkey_stat_mutex); if (m->m_len < sizeof(struct sadb_msg)) { #if 1 m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); return ENOBUFS; } #else @@ -239,21 +271,22 @@ key_sendup_mbuf(so, m, target) if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); - pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]); } - + lck_mtx_lock(raw_mtx); LIST_FOREACH(rp, &rawcb_list, list) { - if (rp->rcb_proto.sp_family != PF_KEY) + if (rp->rcb_proto.sp_family != PF_KEY) { continue; + } if (rp->rcb_proto.sp_protocol - && rp->rcb_proto.sp_protocol != PF_KEY_V2) { + && rp->rcb_proto.sp_protocol != PF_KEY_V2) { continue; } kp = (struct keycb *)rp; - + socket_lock(rp->rcb_socket, 1); /* * If you are in promiscuous mode, and when you get broadcasted @@ -282,25 +315,25 @@ key_sendup_mbuf(so, m, target) sendup++; break; case KEY_SENDUP_REGISTERED: - if (kp->kp_registered) + if (kp->kp_registered) { sendup++; + } break; } - pfkeystat.in_msgtarget[target]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]); if (!sendup) { socket_unlock(rp->rcb_socket, 1); continue; - } - else + } else { sendup = 0; // clear for next iteration - + } if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { #if IPSEC_DEBUG printf("key_sendup: m_copy fail\n"); #endif m_freem(m); - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); socket_unlock(rp->rcb_socket, 1); lck_mtx_unlock(raw_mtx); return ENOBUFS; @@ -351,12 +384,14 @@ key_attach(struct socket *so, int proto, struct proc *p) struct keycb *kp; int error; - if (sotorawcb(so) != 0) - return EISCONN; /* XXX panic? */ - kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */ - if (kp == 0) + if (sotorawcb(so) != 0) { + return EISCONN; /* XXX panic? */ + } + kp = (struct keycb *)_MALLOC(sizeof(*kp), M_PCB, + M_WAITOK | M_ZERO); /* XXX */ + if (kp == 0) { return ENOBUFS; - bzero(kp, sizeof *kp); + } so->so_pcb = (caddr_t)kp; kp->kp_promisc = kp->kp_registered = 0; @@ -374,8 +409,9 @@ key_attach(struct socket *so, int proto, struct proc *p) } /* so is already locked when calling key_attach */ - if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ + if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */ key_cb.key_count++; + } key_cb.any_count++; soisconnected(so); so->so_options |= SO_USELOOPBACK; @@ -418,13 +454,12 @@ key_detach(struct socket *so) int error; if (kp != 0) { - if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ + if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */ key_cb.key_count--; + } key_cb.any_count--; socket_unlock(so, 0); - lck_mtx_lock(sadb_mutex); key_freereg(so); - lck_mtx_unlock(sadb_mutex); socket_lock(so, 0); } error = raw_usrreqs.pru_detach(so); @@ -461,7 +496,7 @@ key_peeraddr(struct socket *so, struct sockaddr **nam) */ static int key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, - struct mbuf *control, struct proc *p) + struct mbuf *control, struct proc *p) { int error; error = raw_usrreqs.pru_send(so, flags, m, nam, control, p); @@ -492,41 +527,63 @@ key_sockaddr(struct socket *so, struct sockaddr **nam) return error; } -struct pr_usrreqs key_usrreqs = { - key_abort, pru_accept_notsupp, key_attach, key_bind, - key_connect, - pru_connect2_notsupp, pru_control_notsupp, key_detach, - key_disconnect, pru_listen_notsupp, key_peeraddr, - pru_rcvd_notsupp, - pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown, - key_sockaddr, sosend, soreceive, pru_sopoll_notsupp +static struct pr_usrreqs key_usrreqs = { + .pru_abort = key_abort, + .pru_attach = key_attach, + .pru_bind = key_bind, + .pru_connect = key_connect, + .pru_detach = key_detach, + .pru_disconnect = key_disconnect, + .pru_peeraddr = key_peeraddr, + .pru_send = key_send, + .pru_shutdown = key_shutdown, + .pru_sockaddr = key_sockaddr, + .pru_sosend = sosend, + .pru_soreceive = soreceive, }; /* sysctl */ -SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); +SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Key Family"); /* * Definitions of protocols supported in the KEY domain. */ -extern struct domain keydomain; +extern struct domain keydomain_s; -struct protosw keysw[] = { -{ SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, - 0, key_output, raw_ctlinput, 0, - 0, - key_init, 0, 0, 0, - 0, - &key_usrreqs, - 0, 0, 0, -} +static struct protosw keysw[] = { + { + .pr_type = SOCK_RAW, + .pr_protocol = PF_KEY_V2, + .pr_flags = PR_ATOMIC | PR_ADDR, + .pr_output = key_output, + .pr_ctlinput = raw_ctlinput, + .pr_init = key_init, + .pr_usrreqs = &key_usrreqs, + } +}; + +static int key_proto_count = (sizeof(keysw) / sizeof(struct protosw)); + +struct domain keydomain_s = { + .dom_family = PF_KEY, + .dom_name = "key", + .dom_init = key_dinit, + .dom_maxrtkey = sizeof(struct key_cb), }; -struct domain keydomain = - { PF_KEY, "key", key_domain_init, 0, 0, - keysw, 0, - 0,0, - sizeof(struct key_cb), 0 - }; +static void +key_dinit(struct domain *dp) +{ + struct protosw *pr; + int i; + + VERIFY(!(dp->dom_flags & DOM_INITIALIZED)); + VERIFY(keydomain == NULL); + + keydomain = dp; -DOMAIN_SET(key); + for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) { + net_add_proto(pr, dp, 1); + } +}