X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/9bccf70c0258c7cac2dcb80011b2a964d884c552..5c9f46613a83ebfc29a5b1f099448259e96a98f0:/bsd/netkey/keysock.c diff --git a/bsd/netkey/keysock.c b/bsd/netkey/keysock.c index 364473ea0..5502485d3 100644 --- a/bsd/netkey/keysock.c +++ b/bsd/netkey/keysock.c @@ -1,3 +1,31 @@ +/* + * Copyright (c) 2016 Apple Inc. All rights reserved. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ + */ + /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */ /* @@ -37,6 +65,7 @@ #include #include #include +#include #include #include #include @@ -44,6 +73,7 @@ #include #include +#include #include #include @@ -54,13 +84,21 @@ #include #include -struct sockaddr key_dst = { 2, PF_KEY, }; -struct sockaddr key_src = { 2, PF_KEY, }; +extern lck_mtx_t *raw_mtx; +extern void key_init(struct protosw *, struct domain *); -static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); +struct sockaddr key_dst = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} }; +struct sockaddr key_src = { 2, PF_KEY, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,} }; + +static void key_dinit(struct domain *); +static int key_sendup0(struct rawcb *, struct mbuf *, int); struct pfkeystat pfkeystat; +static struct domain *keydomain = NULL; + +extern lck_mtx_t *pfkey_stat_mutex; + /* * key_output() */ @@ -80,7 +118,6 @@ key_output(m, va_alist) { struct sadb_msg *msg; int len, error = 0; - int s; #ifndef __APPLE__ struct socket *so; va_list ap; @@ -93,15 +130,18 @@ key_output(m, va_alist) if (m == 0) panic("key_output: NULL pointer was passed.\n"); + socket_unlock(so, 0); + lck_mtx_lock(pfkey_stat_mutex); pfkeystat.out_total++; pfkeystat.out_bytes += m->m_pkthdr.len; + lck_mtx_unlock(pfkey_stat_mutex); len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { #if IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif - pfkeystat.out_tooshort++; + PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort); error = EINVAL; goto end; } @@ -111,7 +151,7 @@ key_output(m, va_alist) #if IPSEC_DEBUG printf("key_output: can't pullup mbuf\n"); #endif - pfkeystat.out_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.out_nomem); error = ENOBUFS; goto end; } @@ -125,24 +165,23 @@ key_output(m, va_alist) #endif /* defined(IPSEC_DEBUG) */ msg = mtod(m, struct sadb_msg *); - pfkeystat.out_msgtype[msg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]); if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { #if IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif - pfkeystat.out_invlen++; + PFKEY_STAT_INCREMENT(pfkeystat.out_invlen); error = EINVAL; goto end; } - /*XXX giant lock*/ - s = splnet(); error = key_parse(m, so); m = NULL; - splx(s); + end: if (m) m_freem(m); + socket_lock(so, 0); return error; } @@ -150,24 +189,21 @@ end: * send message to the socket. */ static int -key_sendup0(rp, m, promisc) - struct rawcb *rp; - struct mbuf *m; - int promisc; +key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc) { int error; if (promisc) { struct sadb_msg *pmsg; - M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT); + M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1); if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { #if IPSEC_DEBUG printf("key_sendup0: cannot pullup\n"); #endif - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); m_freem(m); return ENOBUFS; } @@ -180,114 +216,26 @@ key_sendup0(rp, m, promisc) pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ - pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]); } if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, - m, NULL)) { + m, NULL, &error)) { #if IPSEC_DEBUG printf("key_sendup0: sbappendaddr failed\n"); #endif - pfkeystat.in_nomem++; - m_freem(m); - error = ENOBUFS; - } else - error = 0; - sorwakeup(rp->rcb_socket); + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); + } + else { + sorwakeup(rp->rcb_socket); + } return error; } -/* XXX this interface should be obsoleted. */ -int -key_sendup(so, msg, len, target) - struct socket *so; - struct sadb_msg *msg; - u_int len; - int target; /*target of the resulting message*/ -{ - struct mbuf *m, *n, *mprev; - int tlen; - - /* sanity check */ - if (so == 0 || msg == 0) - panic("key_sendup: NULL pointer was passed.\n"); - - KEYDEBUG(KEYDEBUG_KEY_DUMP, - printf("key_sendup: \n"); - kdebug_sadb(msg)); - - /* - * we increment statistics here, just in case we have ENOBUFS - * in this function. - */ - pfkeystat.in_total++; - pfkeystat.in_bytes += len; - pfkeystat.in_msgtype[msg->sadb_msg_type]++; - - /* - * Get mbuf chain whenever possible (not clusters), - * to save socket buffer. We'll be generating many SADB_ACQUIRE - * messages to listening key sockets. If we simply allocate clusters, - * sbappendaddr() will raise ENOBUFS due to too little sbspace(). - * sbspace() computes # of actual data bytes AND mbuf region. - * - * TODO: SADB_ACQUIRE filters should be implemented. - */ - tlen = len; - m = mprev = NULL; - while (tlen > 0) { - if (tlen == len) { - MGETHDR(n, M_DONTWAIT, MT_DATA); - n->m_len = MHLEN; - } else { - MGET(n, M_DONTWAIT, MT_DATA); - n->m_len = MLEN; - } - if (!n) { - pfkeystat.in_nomem++; - return ENOBUFS; - } - if (tlen >= MCLBYTES) { /*XXX better threshold? */ - MCLGET(n, M_DONTWAIT); - if ((n->m_flags & M_EXT) == 0) { - m_free(n); - m_freem(m); - pfkeystat.in_nomem++; - return ENOBUFS; - } - n->m_len = MCLBYTES; - } - - if (tlen < n->m_len) - n->m_len = tlen; - n->m_next = NULL; - if (m == NULL) - m = mprev = n; - else { - mprev->m_next = n; - mprev = n; - } - tlen -= n->m_len; - n = NULL; - } - m->m_pkthdr.len = len; - m->m_pkthdr.rcvif = NULL; - m_copyback(m, 0, len, (caddr_t)msg); - - /* avoid duplicated statistics */ - pfkeystat.in_total--; - pfkeystat.in_bytes -= len; - pfkeystat.in_msgtype[msg->sadb_msg_type]--; - - return key_sendup_mbuf(so, m, target); -} /* so can be NULL if target != KEY_SENDUP_ONE */ int -key_sendup_mbuf(so, m, target) - struct socket *so; - struct mbuf *m; - int target; +key_sendup_mbuf(struct socket *so, struct mbuf *m, int target) { struct mbuf *n; struct keycb *kp; @@ -300,13 +248,15 @@ key_sendup_mbuf(so, m, target) if (so == NULL && target == KEY_SENDUP_ONE) panic("key_sendup_mbuf: NULL pointer was passed.\n"); + lck_mtx_lock(pfkey_stat_mutex); pfkeystat.in_total++; pfkeystat.in_bytes += m->m_pkthdr.len; + lck_mtx_unlock(pfkey_stat_mutex); if (m->m_len < sizeof(struct sadb_msg)) { #if 1 m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); return ENOBUFS; } #else @@ -316,9 +266,10 @@ key_sendup_mbuf(so, m, target) if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); - pfkeystat.in_msgtype[msg->sadb_msg_type]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]); } - + + lck_mtx_lock(raw_mtx); LIST_FOREACH(rp, &rawcb_list, list) { if (rp->rcb_proto.sp_family != PF_KEY) @@ -329,7 +280,8 @@ key_sendup_mbuf(so, m, target) } kp = (struct keycb *)rp; - + + socket_lock(rp->rcb_socket, 1); /* * If you are in promiscuous mode, and when you get broadcasted * reply, you'll get two PF_KEY messages. @@ -343,15 +295,15 @@ key_sendup_mbuf(so, m, target) } /* the exact target will be processed later */ - if (so && sotorawcb(so) == rp) + if (so && sotorawcb(so) == rp) { + socket_unlock(rp->rcb_socket, 1); continue; + } sendup = 0; switch (target) { case KEY_SENDUP_ONE: /* the statement has no effect */ - if (so && sotorawcb(so) == rp) - sendup++; break; case KEY_SENDUP_ALL: sendup++; @@ -361,30 +313,41 @@ key_sendup_mbuf(so, m, target) sendup++; break; } - pfkeystat.in_msgtarget[target]++; + PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]); - if (!sendup) + if (!sendup) { + socket_unlock(rp->rcb_socket, 1); continue; + } + else + sendup = 0; // clear for next iteration if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { #if IPSEC_DEBUG printf("key_sendup: m_copy fail\n"); #endif m_freem(m); - pfkeystat.in_nomem++; + PFKEY_STAT_INCREMENT(pfkeystat.in_nomem); + socket_unlock(rp->rcb_socket, 1); + lck_mtx_unlock(raw_mtx); return ENOBUFS; } - if ((error = key_sendup0(rp, n, 0)) != 0) { - m_freem(m); - return error; - } - + /* + * ignore error even if queue is full. PF_KEY does not + * guarantee the delivery of the message. + * this is important when target == KEY_SENDUP_ALL. + */ + key_sendup0(rp, n, 0); + socket_unlock(rp->rcb_socket, 1); n = NULL; } + lck_mtx_unlock(raw_mtx); if (so) { + socket_lock(so, 1); error = key_sendup0(sotorawcb(so), m, 0); + socket_unlock(so, 1); m = NULL; } else { error = 0; @@ -400,10 +363,8 @@ key_sendup_mbuf(so, m, target) static int key_abort(struct socket *so) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_abort(so); - splx(s); return error; } @@ -415,45 +376,37 @@ static int key_attach(struct socket *so, int proto, struct proc *p) { struct keycb *kp; - int s, error; + int error; if (sotorawcb(so) != 0) return EISCONN; /* XXX panic? */ - kp = (struct keycb *)_MALLOC(sizeof *kp, M_PCB, M_WAITOK); /* XXX */ + kp = (struct keycb *)_MALLOC(sizeof (*kp), M_PCB, + M_WAITOK | M_ZERO); /* XXX */ if (kp == 0) return ENOBUFS; - bzero(kp, sizeof *kp); - - /* - * The splnet() is necessary to block protocols from sending - * error notifications (like RTM_REDIRECT or RTM_LOSING) while - * this PCB is extant but incompletely initialized. - * Probably we should try to do more of this work beforehand and - * eliminate the spl. - */ - s = splnet(); + so->so_pcb = (caddr_t)kp; + kp->kp_promisc = kp->kp_registered = 0; + kp->kp_raw.rcb_laddr = &key_src; + kp->kp_raw.rcb_faddr = &key_dst; + error = raw_usrreqs.pru_attach(so, proto, p); kp = (struct keycb *)sotorawcb(so); if (error) { _FREE(kp, M_PCB); so->so_pcb = (caddr_t) 0; - splx(s); + so->so_flags |= SOF_PCBCLEARING; printf("key_usrreq: key_usrreq results %d\n", error); return error; } - kp->kp_promisc = kp->kp_registered = 0; - + /* so is already locked when calling key_attach */ if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ key_cb.key_count++; key_cb.any_count++; - kp->kp_raw.rcb_laddr = &key_src; - kp->kp_raw.rcb_faddr = &key_dst; soisconnected(so); so->so_options |= SO_USELOOPBACK; - splx(s); return 0; } @@ -464,10 +417,8 @@ key_attach(struct socket *so, int proto, struct proc *p) static int key_bind(struct socket *so, struct sockaddr *nam, struct proc *p) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */ - splx(s); return error; } @@ -478,10 +429,8 @@ key_bind(struct socket *so, struct sockaddr *nam, struct proc *p) static int key_connect(struct socket *so, struct sockaddr *nam, struct proc *p) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */ - splx(s); return error; } @@ -493,19 +442,17 @@ static int key_detach(struct socket *so) { struct keycb *kp = (struct keycb *)sotorawcb(so); - int s, error; + int error; - s = splnet(); if (kp != 0) { - if (kp->kp_raw.rcb_proto.sp_protocol - == PF_KEY) /* XXX: AF_KEY */ + if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ key_cb.key_count--; key_cb.any_count--; - + socket_unlock(so, 0); key_freereg(so); + socket_lock(so, 0); } error = raw_usrreqs.pru_detach(so); - splx(s); return error; } @@ -516,10 +463,8 @@ key_detach(struct socket *so) static int key_disconnect(struct socket *so) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_disconnect(so); - splx(s); return error; } @@ -530,10 +475,8 @@ key_disconnect(struct socket *so) static int key_peeraddr(struct socket *so, struct sockaddr **nam) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_peeraddr(so, nam); - splx(s); return error; } @@ -545,10 +488,8 @@ static int key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, struct mbuf *control, struct proc *p) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_send(so, flags, m, nam, control, p); - splx(s); return error; } @@ -559,10 +500,8 @@ key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, static int key_shutdown(struct socket *so) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_shutdown(so); - splx(s); return error; } @@ -573,46 +512,67 @@ key_shutdown(struct socket *so) static int key_sockaddr(struct socket *so, struct sockaddr **nam) { - int s, error; - s = splnet(); + int error; error = raw_usrreqs.pru_sockaddr(so, nam); - splx(s); return error; } -struct pr_usrreqs key_usrreqs = { - key_abort, pru_accept_notsupp, key_attach, key_bind, - key_connect, - pru_connect2_notsupp, pru_control_notsupp, key_detach, - key_disconnect, pru_listen_notsupp, key_peeraddr, - pru_rcvd_notsupp, - pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown, - key_sockaddr, sosend, soreceive, sopoll +static struct pr_usrreqs key_usrreqs = { + .pru_abort = key_abort, + .pru_attach = key_attach, + .pru_bind = key_bind, + .pru_connect = key_connect, + .pru_detach = key_detach, + .pru_disconnect = key_disconnect, + .pru_peeraddr = key_peeraddr, + .pru_send = key_send, + .pru_shutdown = key_shutdown, + .pru_sockaddr = key_sockaddr, + .pru_sosend = sosend, + .pru_soreceive = soreceive, }; /* sysctl */ -SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family"); +SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "Key Family"); /* * Definitions of protocols supported in the KEY domain. */ -extern struct domain keydomain; +extern struct domain keydomain_s; -struct protosw keysw[] = { -{ SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, - 0, key_output, raw_ctlinput, 0, - 0, - raw_init, 0, 0, 0, - 0, &key_usrreqs +static struct protosw keysw[] = { +{ + .pr_type = SOCK_RAW, + .pr_protocol = PF_KEY_V2, + .pr_flags = PR_ATOMIC|PR_ADDR, + .pr_output = key_output, + .pr_ctlinput = raw_ctlinput, + .pr_init = key_init, + .pr_usrreqs = &key_usrreqs, } }; -struct domain keydomain = - { PF_KEY, "key", key_init, 0, 0, - keysw, 0, - 0,0, - sizeof(struct key_cb), 0 - }; +static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw)); -DOMAIN_SET(key); +struct domain keydomain_s = { + .dom_family = PF_KEY, + .dom_name = "key", + .dom_init = key_dinit, + .dom_maxrtkey = sizeof (struct key_cb), +}; + +static void +key_dinit(struct domain *dp) +{ + struct protosw *pr; + int i; + + VERIFY(!(dp->dom_flags & DOM_INITIALIZED)); + VERIFY(keydomain == NULL); + + keydomain = dp; + + for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) + net_add_proto(pr, dp, 1); +}