1 /* $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 * This code is referd to RFC 2367
40 #include "opt_inet6.h"
41 #include "opt_ipsec.h"
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/kernel.h>
48 #include <sys/domain.h>
49 #include <sys/protosw.h>
50 #include <sys/malloc.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/sysctl.h>
54 #include <sys/errno.h>
56 #include <sys/queue.h>
57 #include <sys/syslog.h>
60 #include <net/route.h>
61 #include <net/raw_cb.h>
63 #include <netinet/in.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/ip.h>
66 #include <netinet/in_var.h>
69 #include <netinet/ip6.h>
70 #include <netinet6/in6_var.h>
71 #include <netinet6/ip6_var.h>
75 #include <netinet/in_pcb.h>
78 #include <netinet6/in6_pcb.h>
81 #include <net/pfkeyv2.h>
82 #include <netkey/keydb.h>
83 #include <netkey/key.h>
84 #include <netkey/keysock.h>
85 #include <netkey/key_debug.h>
87 #include <netinet6/ipsec.h>
89 #include <netinet6/ipsec6.h>
91 #include <netinet6/ah.h>
93 #include <netinet6/ah6.h>
96 #include <netinet6/esp.h>
98 #include <netinet6/esp6.h>
101 #include <netinet6/ipcomp.h>
103 #include <netinet6/ipcomp6.h>
106 #include <machine/stdarg.h>
109 #include <sys/random.h>
111 #include <net/net_osdep.h>
114 #define satosin(s) ((struct sockaddr_in *)s)
117 #define FULLMASK 0xff
120 * Note on SA reference counting:
121 * - SAs that are not in DEAD state will have (total external reference + 1)
122 * following value in reference count field. they cannot be freed and are
123 * referenced from SA header.
124 * - SAs that are in DEAD state will have (total external reference)
125 * in reference count field. they are ready to be freed. reference from
126 * SA header will be removed in keydb_delsecasvar(), when the reference count
127 * field hits 0 (= no external reference other than from SA header.
130 u_int32_t key_debug_level = 0;
131 static u_int key_spi_trycnt = 1000;
132 static u_int32_t key_spi_minval = 0x100;
133 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
134 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
135 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
136 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
137 static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/
139 static u_int32_t acq_seq = 0;
141 struct _satailq satailq; /* list of all SAD entry */
142 struct _sptailq sptailq; /* SPD table + pcb */
143 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
144 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
145 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
148 #define SPIHASHSIZE 128
149 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
150 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
152 #ifndef IPSEC_NONBLOCK_ACQUIRE
153 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
155 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
157 struct key_cb key_cb;
159 /* search order for SAs */
160 static const u_int saorder_state_valid_prefer_old[] = {
161 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
163 static const u_int saorder_state_valid_prefer_new[] = {
164 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
166 static const u_int saorder_state_alive[] = {
168 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
170 static const u_int saorder_state_any[] = {
171 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
172 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
175 static const int minsize[] = {
176 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
177 sizeof(struct sadb_sa), /* SADB_EXT_SA */
178 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
179 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
180 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
181 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
182 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
183 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
184 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
185 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
186 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
187 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
188 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
189 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
190 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
191 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
192 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
193 0, /* SADB_X_EXT_KMPRIVATE */
194 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
195 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
197 static const int maxsize[] = {
198 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
199 sizeof(struct sadb_sa), /* SADB_EXT_SA */
200 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
201 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
202 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
203 0, /* SADB_EXT_ADDRESS_SRC */
204 0, /* SADB_EXT_ADDRESS_DST */
205 0, /* SADB_EXT_ADDRESS_PROXY */
206 0, /* SADB_EXT_KEY_AUTH */
207 0, /* SADB_EXT_KEY_ENCRYPT */
208 0, /* SADB_EXT_IDENTITY_SRC */
209 0, /* SADB_EXT_IDENTITY_DST */
210 0, /* SADB_EXT_SENSITIVITY */
211 0, /* SADB_EXT_PROPOSAL */
212 0, /* SADB_EXT_SUPPORTED_AUTH */
213 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
214 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
215 0, /* SADB_X_EXT_KMPRIVATE */
216 0, /* SADB_X_EXT_POLICY */
217 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
220 static int ipsec_esp_keymin = 256;
222 static int ipsec_esp_auth = 0;
224 static int ipsec_ah_keymin = 128;
226 SYSCTL_DECL(_net_key);
228 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
229 &key_debug_level, 0, "");
231 /* max count of trial for the decision of spi value */
232 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
233 &key_spi_trycnt, 0, "");
235 /* minimum spi value to allocate automatically. */
236 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
237 &key_spi_minval, 0, "");
239 /* maximun spi value to allocate automatically. */
240 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
241 &key_spi_maxval, 0, "");
243 /* lifetime for larval SA */
244 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
245 &key_larval_lifetime, 0, "");
247 /* counter for blocking to send SADB_ACQUIRE to IKEd */
248 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
249 &key_blockacq_count, 0, "");
251 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
252 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
253 &key_blockacq_lifetime, 0, "");
257 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
258 &ipsec_esp_auth, 0, "ESP auth");
261 /* minimum ESP key length */
262 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
263 &ipsec_esp_keymin, 0, "");
265 /* minimum AH key length */
266 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
267 &ipsec_ah_keymin, 0, "");
269 /* perfered old SA rather than new SA */
270 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\
271 &key_preferred_oldsa, 0, "");
273 #define __LIST_CHAINED(elm) \
274 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
275 #define LIST_INSERT_TAIL(head, elm, type, field) \
277 struct type *curelm = LIST_FIRST(head); \
278 if (curelm == NULL) {\
279 LIST_INSERT_HEAD(head, elm, field); \
281 while (LIST_NEXT(curelm, field)) \
282 curelm = LIST_NEXT(curelm, field);\
283 LIST_INSERT_AFTER(curelm, elm, field);\
285 } while (/*CONSTCOND*/ 0)
287 #define KEY_CHKSASTATE(head, sav, name) \
289 if ((head) != (sav)) { \
290 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
291 (name), (head), (sav))); \
294 } while (/*CONSTCOND*/ 0)
296 #define KEY_CHKSPDIR(head, sp, name) \
298 if ((head) != (sp)) { \
299 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
300 "anyway continue.\n", \
301 (name), (head), (sp))); \
303 } while (/*CONSTCOND*/ 0)
306 #define KMALLOC(p, t, n) \
307 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
309 free((caddr_t)(p), M_SECA)
311 #define KMALLOC(p, t, n) \
313 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
314 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
315 __FILE__, __LINE__, (p), #t, n); \
316 } while (/*CONSTCOND*/ 0)
320 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
321 free((caddr_t)(p), M_SECA); \
322 } while (/*CONSTCOND*/ 0)
326 * set parameters into secpolicyindex buffer.
327 * Must allocate secpolicyindex buffer passed to this function.
329 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
331 bzero((idx), sizeof(struct secpolicyindex)); \
332 (idx)->prefs = (ps); \
333 (idx)->prefd = (pd); \
334 (idx)->ul_proto = (ulp); \
335 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
336 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
337 } while (/*CONSTCOND*/ 0)
340 * set parameters into secasindex buffer.
341 * Must allocate secasindex buffer before calling this function.
343 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
345 bzero((idx), sizeof(struct secasindex)); \
346 (idx)->proto = (p); \
348 (idx)->reqid = (r); \
349 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
350 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
351 } while (/*CONSTCOND*/ 0)
355 u_long getspi_count; /* the avarage of count to try to get new SPI */
359 struct sadb_msg *msg;
360 struct sadb_ext *ext[SADB_EXT_MAX + 1];
361 int extoff[SADB_EXT_MAX + 1];
362 int extlen[SADB_EXT_MAX + 1];
365 static struct secasvar *key_allocsa_policy(struct secasindex *);
366 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
367 static void key_delsav(struct secasvar *);
368 static void key_delsp(struct secpolicy *);
369 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
370 static struct secpolicy *key_getspbyid(u_int32_t);
371 static u_int32_t key_newreqid(void);
372 static struct mbuf *key_gather_mbuf(struct mbuf *,
373 const struct sadb_msghdr *, int, int, ...);
374 static int key_spdadd(struct socket *, struct mbuf *,
375 const struct sadb_msghdr *);
376 static int key_spddelete(struct socket *, struct mbuf *,
377 const struct sadb_msghdr *);
378 static int key_spddelete2(struct socket *, struct mbuf *,
379 const struct sadb_msghdr *);
380 static int key_spdget(struct socket *, struct mbuf *,
381 const struct sadb_msghdr *);
382 static int key_spdflush(struct socket *, struct mbuf *,
383 const struct sadb_msghdr *);
384 static int key_spddump(struct socket *, struct mbuf *,
385 const struct sadb_msghdr *);
386 static struct mbuf *key_setdumpsp(struct secpolicy *,
387 u_int8_t, u_int32_t, u_int32_t);
388 static u_int key_getspreqmsglen(struct secpolicy *);
389 static int key_spdexpire(struct secpolicy *);
390 static struct secashead *key_newsah(struct secasindex *);
391 static void key_delsah(struct secashead *);
392 static struct secasvar *key_newsav(struct mbuf *,
393 const struct sadb_msghdr *, struct secashead *, int *);
394 static struct secashead *key_getsah(struct secasindex *);
395 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
396 static void key_setspi(struct secasvar *, u_int32_t);
397 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
398 static int key_setsaval(struct secasvar *, struct mbuf *,
399 const struct sadb_msghdr *);
400 static int key_mature(struct secasvar *);
401 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
402 u_int8_t, u_int32_t, u_int32_t);
403 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
404 u_int32_t, pid_t, u_int16_t);
405 static struct mbuf *key_setsadbsa(struct secasvar *);
406 static struct mbuf *key_setsadbaddr(u_int16_t,
407 struct sockaddr *, u_int8_t, u_int16_t);
409 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
412 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
413 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
414 u_int64_t, u_int64_t, u_int64_t);
415 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
417 static void *key_newbuf(const void *, u_int);
418 static int key_ismyaddr(struct sockaddr *);
420 static int key_ismyaddr6(struct sockaddr_in6 *);
423 /* flags for key_cmpsaidx() */
424 #define CMP_HEAD 1 /* protocol, addresses. */
425 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
426 #define CMP_REQID 3 /* additionally HEAD, reqid. not used */
427 #define CMP_EXACTLY 4 /* all elements. */
428 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
430 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
431 static int key_bbcmp(caddr_t, caddr_t, u_int);
432 static u_long key_random(void);
433 static u_int16_t key_satype2proto(u_int8_t);
434 static u_int8_t key_proto2satype(u_int16_t);
436 static int key_getspi(struct socket *, struct mbuf *,
437 const struct sadb_msghdr *);
438 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
439 struct secasindex *);
440 static int key_update(struct socket *, struct mbuf *,
441 const struct sadb_msghdr *);
442 #ifdef IPSEC_DOSEQCHECK
443 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
445 static int key_add(struct socket *, struct mbuf *,
446 const struct sadb_msghdr *);
447 static int key_setident(struct secashead *, struct mbuf *,
448 const struct sadb_msghdr *);
449 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
450 const struct sadb_msghdr *);
451 static int key_delete(struct socket *, struct mbuf *,
452 const struct sadb_msghdr *);
453 static int key_get(struct socket *, struct mbuf *,
454 const struct sadb_msghdr *);
456 static void key_getcomb_setlifetime(struct sadb_comb *);
458 static struct mbuf *key_getcomb_esp(void);
460 static struct mbuf *key_getcomb_ah(void);
461 static struct mbuf *key_getcomb_ipcomp(void);
462 static struct mbuf *key_getprop(const struct secasindex *);
464 static int key_acquire(struct secasindex *, struct secpolicy *);
465 #ifndef IPSEC_NONBLOCK_ACQUIRE
466 static struct secacq *key_newacq(struct secasindex *);
467 static struct secacq *key_getacq(struct secasindex *);
468 static struct secacq *key_getacqbyseq(u_int32_t);
470 static struct secspacq *key_newspacq(struct secpolicyindex *);
471 static struct secspacq *key_getspacq(struct secpolicyindex *);
472 static int key_acquire2(struct socket *, struct mbuf *,
473 const struct sadb_msghdr *);
474 static int key_register(struct socket *, struct mbuf *,
475 const struct sadb_msghdr *);
476 static int key_expire(struct secasvar *);
477 static int key_flush(struct socket *, struct mbuf *,
478 const struct sadb_msghdr *);
479 static int key_dump(struct socket *, struct mbuf *,
480 const struct sadb_msghdr *);
481 static int key_promisc(struct socket *, struct mbuf *,
482 const struct sadb_msghdr *);
483 static int key_senderror(struct socket *, struct mbuf *, int);
484 static int key_validate_ext(struct sadb_ext *, int);
485 static int key_align(struct mbuf *, struct sadb_msghdr *);
487 static const char *key_getfqdn(void);
488 static const char *key_getuserfqdn(void);
490 static void key_sa_chgstate(struct secasvar *, u_int8_t);
491 static void key_sp_dead(struct secpolicy *);
492 static void key_sp_unlink(struct secpolicy *);
493 static struct mbuf *key_alloc_mbuf(int);
494 static struct callout key_timehandler_ch;
496 /* %%% IPsec policy management */
498 * allocating a SP for OUTBOUND or INBOUND packet.
499 * Must call key_freesp() later.
500 * OUT: NULL: not found
501 * others: found and return the pointer.
504 key_allocsp(tag, spidx, dir)
506 struct secpolicyindex *spidx;
509 struct secpolicy *sp;
512 /* check direction */
514 case IPSEC_DIR_INBOUND:
515 case IPSEC_DIR_OUTBOUND:
518 panic("key_allocsp: Invalid direction is passed.");
522 s = splnet(); /*called from softclock()*/
524 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
525 printf("*** objects\n");
526 kdebug_secpolicyindex(spidx));
529 LIST_FOREACH(sp, &sptree[dir], chain) {
530 if (sp->state == IPSEC_SPSTATE_DEAD)
536 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
537 printf("*** in SPD\n");
538 kdebug_secpolicyindex(sp->spidx));
540 if (key_cmpspidx_withmask(sp->spidx, spidx))
550 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
552 /* found a SPD entry */
553 sp->lastused = time_second;
556 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
557 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
564 * return a policy that matches this particular inbound packet.
568 key_gettunnel(osrc, odst, isrc, idst)
569 struct sockaddr *osrc, *odst, *isrc, *idst;
571 struct secpolicy *sp;
572 const int dir = IPSEC_DIR_INBOUND;
574 struct ipsecrequest *r1, *r2, *p;
575 struct sockaddr *os, *od, *is, *id;
576 struct secpolicyindex spidx;
578 if (isrc->sa_family != idst->sa_family) {
579 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
580 isrc->sa_family, idst->sa_family));
584 s = splnet(); /*called from softclock()*/
585 LIST_FOREACH(sp, &sptree[dir], chain) {
586 if (sp->state == IPSEC_SPSTATE_DEAD)
590 for (p = sp->req; p; p = p->next) {
591 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
600 * here we look at address matches
604 if (isrc->sa_len > sizeof(spidx.src) ||
605 idst->sa_len > sizeof(spidx.dst))
607 bcopy(isrc, &spidx.src, isrc->sa_len);
608 bcopy(idst, &spidx.dst, idst->sa_len);
609 if (!key_cmpspidx_withmask(sp->spidx,
613 ; /* can't check for tagged policy */
615 is = (struct sockaddr *)&r1->saidx.src;
616 id = (struct sockaddr *)&r1->saidx.dst;
617 if (key_sockaddrcmp(is, isrc, 0) ||
618 key_sockaddrcmp(id, idst, 0))
622 os = (struct sockaddr *)&r2->saidx.src;
623 od = (struct sockaddr *)&r2->saidx.dst;
624 if (key_sockaddrcmp(os, osrc, 0) ||
625 key_sockaddrcmp(od, odst, 0))
635 sp->lastused = time_second;
642 * allocating an SA entry for an *OUTBOUND* packet.
643 * checking each request entries in SP, and acquire an SA if need.
644 * OUT: 0: there are valid requests.
645 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
648 key_checkrequest(isr, saidx)
649 struct ipsecrequest *isr;
650 struct secasindex *saidx;
656 if (isr == NULL || saidx == NULL)
657 panic("key_checkrequest: NULL pointer is passed.");
660 switch (saidx->mode) {
661 case IPSEC_MODE_TRANSPORT:
662 case IPSEC_MODE_TUNNEL:
666 panic("key_checkrequest: Invalid policy defined.");
669 /* get current level */
670 level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
674 * We do allocate new SA only if the state of SA in the holder is
675 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
677 if (isr->sav != NULL) {
678 if (isr->sav->sah == NULL)
679 panic("key_checkrequest: sah is null.");
681 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
682 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
683 printf("DP checkrequest calls free SA:%p\n",
685 key_freesav(isr->sav);
691 * we free any SA stashed in the IPsec request because a different
692 * SA may be involved each time this request is checked, either
693 * because new SAs are being configured, or this request is
694 * associated with an unconnected datagram socket, or this request
695 * is associated with a system default policy.
697 * The operation may have negative impact to performance. We may
698 * want to check cached SA carefully, rather than picking new SA
701 if (isr->sav != NULL) {
702 key_freesav(isr->sav);
708 * new SA allocation if no SA found.
709 * key_allocsa_policy should allocate the oldest SA available.
710 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
712 if (isr->sav == NULL)
713 isr->sav = key_allocsa_policy(saidx);
715 /* When there is SA. */
716 if (isr->sav != NULL)
720 if ((error = key_acquire(saidx, isr->sp)) != 0) {
721 /* XXX What should I do ? */
722 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
723 "from key_acquire.\n", error));
727 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
731 * allocating a SA for policy entry from SAD.
732 * NOTE: searching SAD of aliving state.
733 * OUT: NULL: not found.
734 * others: found and return the pointer.
736 static struct secasvar *
737 key_allocsa_policy(saidx)
738 struct secasindex *saidx;
740 struct secashead *sah;
741 struct secasvar *sav;
742 u_int stateidx, state;
743 const u_int *saorder_state_valid;
746 LIST_FOREACH(sah, &sahtree, chain) {
747 if (sah->state == SADB_SASTATE_DEAD)
749 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
758 * search a valid state list for outbound packet.
759 * This search order is important.
761 if (key_preferred_oldsa) {
762 saorder_state_valid = saorder_state_valid_prefer_old;
763 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
765 saorder_state_valid = saorder_state_valid_prefer_new;
766 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
769 for (stateidx = 0; stateidx < arraysize; stateidx++) {
771 state = saorder_state_valid[stateidx];
773 sav = key_do_allocsa_policy(sah, state);
782 * searching SAD with direction, protocol, mode and state.
783 * called by key_allocsa_policy().
786 * others : found, pointer to a SA.
788 static struct secasvar *
789 key_do_allocsa_policy(sah, state)
790 struct secashead *sah;
793 struct secasvar *sav, *nextsav, *candidate, *d;
798 for (sav = LIST_FIRST(&sah->savtree[state]);
802 nextsav = LIST_NEXT(sav, chain);
805 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
808 if (candidate == NULL) {
813 /* Which SA is the better ? */
816 if (candidate->lft_c == NULL || sav->lft_c == NULL)
817 panic("key_do_allocsa_policy: "
818 "lifetime_current is NULL.");
820 /* What the best method is to compare ? */
821 if (key_preferred_oldsa) {
822 if (candidate->lft_c->sadb_lifetime_addtime >
823 sav->lft_c->sadb_lifetime_addtime) {
830 /* preferred new sa rather than old sa */
831 if (candidate->lft_c->sadb_lifetime_addtime <
832 sav->lft_c->sadb_lifetime_addtime) {
839 * prepared to delete the SA when there is more
840 * suitable candidate and the lifetime of the SA is not
843 if (d->lft_c->sadb_lifetime_addtime != 0) {
844 struct mbuf *m, *result = NULL;
846 key_sa_chgstate(d, SADB_SASTATE_DEAD);
848 m = key_setsadbmsg(SADB_DELETE, 0,
849 key_proto2satype(d->sah->saidx.proto),
850 0, 0, d->refcnt - 1);
855 /* set sadb_address for saidx's. */
856 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
857 (struct sockaddr *)&d->sah->saidx.src,
858 FULLMASK, IPSEC_ULPROTO_ANY);
863 /* set sadb_address for saidx's. */
864 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
865 (struct sockaddr *)&d->sah->saidx.dst,
866 FULLMASK, IPSEC_ULPROTO_ANY);
871 /* create SA extension */
872 m = key_setsadbsa(d);
877 if (result->m_len < sizeof(struct sadb_msg)) {
878 result = m_pullup(result,
879 sizeof(struct sadb_msg));
884 result->m_pkthdr.len = 0;
885 for (m = result; m; m = m->m_next)
886 result->m_pkthdr.len += m->m_len;
887 mtod(result, struct sadb_msg *)->sadb_msg_len =
888 PFKEY_UNIT64(result->m_pkthdr.len);
890 if (key_sendup_mbuf(NULL, result,
891 KEY_SENDUP_REGISTERED))
905 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
906 printf("DP allocsa_policy cause "
907 "refcnt++:%d SA:%p\n",
908 candidate->refcnt, candidate));
914 * allocating a SA entry for a *INBOUND* packet.
915 * Must call key_freesav() later.
916 * OUT: positive: pointer to a sav.
917 * NULL: not found, or error occured.
919 * In the comparison, source address will be ignored for RFC2401 conformance.
920 * To quote, from section 4.1:
921 * A security association is uniquely identified by a triple consisting
922 * of a Security Parameter Index (SPI), an IP Destination Address, and a
923 * security protocol (AH or ESP) identifier.
924 * Note that, however, we do need to keep source address in IPsec SA.
925 * IKE specification and PF_KEY specification do assume that we
926 * keep source address in IPsec SA. We see a tricky situation here.
929 key_allocsa(family, src, dst, proto, spi)
934 struct secasvar *sav, *match;
935 u_int stateidx, state, tmpidx, matchidx;
936 struct sockaddr_in sin;
937 struct sockaddr_in6 sin6;
939 const u_int *saorder_state_valid;
943 if (src == NULL || dst == NULL)
944 panic("key_allocsa: NULL pointer is passed.");
947 * when both systems employ similar strategy to use a SA.
948 * the search order is important even in the inbound case.
950 if (key_preferred_oldsa) {
951 saorder_state_valid = saorder_state_valid_prefer_old;
952 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
954 saorder_state_valid = saorder_state_valid_prefer_new;
955 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
960 * XXX: to be checked internal IP header somewhere. Also when
961 * IPsec tunnel packet is received. But ESP tunnel mode is
962 * encrypted so we can't check internal IP header.
964 s = splnet(); /*called from softclock()*/
966 * search a valid state list for inbound packet.
967 * the search order is not important.
970 matchidx = arraysize;
971 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
974 if (proto != sav->sah->saidx.proto)
976 if (family != sav->sah->saidx.src.ss_family ||
977 family != sav->sah->saidx.dst.ss_family)
980 for (stateidx = 0; stateidx < matchidx; stateidx++) {
981 state = saorder_state_valid[stateidx];
982 if (sav->state == state) {
987 if (tmpidx >= matchidx)
990 #if 0 /* don't check src */
991 /* check src address */
994 bzero(&sin, sizeof(sin));
995 sin.sin_family = AF_INET;
996 sin.sin_len = sizeof(sin);
997 bcopy(src, &sin.sin_addr,
998 sizeof(sin.sin_addr));
999 if (key_sockaddrcmp((struct sockaddr*)&sin,
1000 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1005 bzero(&sin6, sizeof(sin6));
1006 sin6.sin6_family = AF_INET6;
1007 sin6.sin6_len = sizeof(sin6);
1008 bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1009 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1010 /* kame fake scopeid */
1011 sin6.sin6_scope_id =
1012 ntohs(sin6.sin6_addr.s6_addr16[1]);
1013 sin6.sin6_addr.s6_addr16[1] = 0;
1015 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1016 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1020 ipseclog((LOG_DEBUG, "key_allocsa: "
1021 "unknown address family=%d.\n",
1027 /* check dst address */
1030 bzero(&sin, sizeof(sin));
1031 sin.sin_family = AF_INET;
1032 sin.sin_len = sizeof(sin);
1033 bcopy(dst, &sin.sin_addr,
1034 sizeof(sin.sin_addr));
1035 if (key_sockaddrcmp((struct sockaddr*)&sin,
1036 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1041 bzero(&sin6, sizeof(sin6));
1042 sin6.sin6_family = AF_INET6;
1043 sin6.sin6_len = sizeof(sin6);
1044 bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1045 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1046 /* kame fake scopeid */
1047 sin6.sin6_scope_id =
1048 ntohs(sin6.sin6_addr.s6_addr16[1]);
1049 sin6.sin6_addr.s6_addr16[1] = 0;
1051 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1052 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1056 ipseclog((LOG_DEBUG, "key_allocsa: "
1057 "unknown address family=%d.\n", family));
1075 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1076 printf("DP allocsa cause refcnt++:%d SA:%p\n",
1077 match->refcnt, match));
1082 * Must be called after calling key_allocsp().
1083 * For both the packet without socket and key_freeso().
1087 struct secpolicy *sp;
1091 panic("key_freesp: NULL pointer is passed.");
1094 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1095 printf("DP freesp cause refcnt--:%d SP:%p\n",
1098 if (sp->refcnt == 0)
1105 * Must be called after calling key_allocsa().
1106 * This function is called by key_freesp() to free some SA allocated
1111 struct secasvar *sav;
1115 panic("key_freesav: NULL pointer is passed.");
1118 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1119 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
1120 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
1122 if (sav->refcnt > 0)
1130 struct secasvar *sav;
1136 panic("key_delsav: NULL pointer is passed.");
1138 if (sav->refcnt > 0)
1139 panic("key_delsav: called with positive refcnt");
1143 if (__LIST_CHAINED(sav))
1144 LIST_REMOVE(sav, chain);
1146 if (sav->spihash.le_prev || sav->spihash.le_next)
1147 LIST_REMOVE(sav, spihash);
1149 if (sav->key_auth != NULL) {
1150 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
1151 KFREE(sav->key_auth);
1152 sav->key_auth = NULL;
1154 if (sav->key_enc != NULL) {
1155 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
1156 KFREE(sav->key_enc);
1157 sav->key_enc = NULL;
1160 bzero(sav->sched, sav->schedlen);
1164 if (sav->replay != NULL) {
1165 keydb_delsecreplay(sav->replay);
1168 if (sav->lft_c != NULL) {
1172 if (sav->lft_h != NULL) {
1176 if (sav->lft_s != NULL) {
1180 if (sav->iv != NULL) {
1185 keydb_delsecasvar(sav);
1190 /* %%% SPD management */
1192 * free security policy entry.
1196 struct secpolicy *sp;
1202 panic("key_delsp: NULL pointer is passed.");
1205 panic("key_delsp: called with positive refcnt");
1207 s = splnet(); /*called from softclock()*/
1210 struct ipsecrequest *isr = sp->req, *nextisr;
1212 while (isr != NULL) {
1213 if (isr->sav != NULL) {
1214 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1215 printf("DP delsp calls free SA:%p\n",
1217 key_freesav(isr->sav);
1221 nextisr = isr->next;
1227 keydb_delsecpolicy(sp);
1236 * OUT: NULL : not found
1237 * others : found, pointer to a SP.
1239 static struct secpolicy *
1240 key_getsp(spidx, dir)
1241 struct secpolicyindex *spidx;
1244 struct secpolicy *sp;
1248 panic("key_getsp: NULL pointer is passed.");
1250 LIST_FOREACH(sp, &sptree[dir], chain) {
1251 if (sp->state == IPSEC_SPSTATE_DEAD)
1255 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
1266 * OUT: NULL : not found
1267 * others : found, pointer to a SP.
1269 static struct secpolicy *
1273 struct secpolicy *sp;
1275 TAILQ_FOREACH(sp, &sptailq, tailq) {
1289 struct secpolicy *newsp = NULL, *sp;
1292 if (id > IPSEC_MANUAL_POLICYID_MAX) {
1293 ipseclog((LOG_DEBUG,
1294 "key_newsp: policy_id=%u range "
1295 "violation, updated by kernel.\n", id));
1300 if ((newid = keydb_newspid()) == 0) {
1301 ipseclog((LOG_DEBUG,
1302 "key_newsp: new policy_id allocation failed."));
1306 sp = key_getspbyid(id);
1308 ipseclog((LOG_DEBUG,
1309 "key_newsp: policy_id(%u) has been used.\n", id));
1316 newsp = keydb_newsecpolicy();
1328 * create secpolicy structure from sadb_x_policy structure.
1329 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1330 * so must be set properly later.
1333 key_msg2sp(xpl0, len, error)
1334 struct sadb_x_policy *xpl0;
1338 struct secpolicy *newsp;
1342 panic("key_msg2sp: NULL pointer was passed.");
1343 if (len < sizeof(*xpl0))
1344 panic("key_msg2sp: invalid length.");
1345 if (len != PFKEY_EXTLEN(xpl0)) {
1346 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1351 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
1356 newsp->dir = xpl0->sadb_x_policy_dir;
1357 newsp->policy = xpl0->sadb_x_policy_type;
1360 switch (xpl0->sadb_x_policy_type) {
1361 case IPSEC_POLICY_DISCARD:
1362 case IPSEC_POLICY_NONE:
1363 case IPSEC_POLICY_ENTRUST:
1364 case IPSEC_POLICY_BYPASS:
1368 case IPSEC_POLICY_IPSEC:
1371 struct sadb_x_ipsecrequest *xisr;
1372 struct ipsecrequest **p_isr = &newsp->req;
1374 /* validity check */
1375 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1376 ipseclog((LOG_DEBUG,
1377 "key_msg2sp: Invalid msg length.\n"));
1383 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1384 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1389 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1390 ipseclog((LOG_DEBUG, "key_msg2sp: "
1391 "invalid ipsecrequest length.\n"));
1397 /* allocate request buffer */
1398 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1399 if ((*p_isr) == NULL) {
1400 ipseclog((LOG_DEBUG,
1401 "key_msg2sp: No more memory.\n"));
1406 bzero(*p_isr, sizeof(**p_isr));
1409 (*p_isr)->next = NULL;
1411 switch (xisr->sadb_x_ipsecrequest_proto) {
1414 case IPPROTO_IPCOMP:
1417 ipseclog((LOG_DEBUG,
1418 "key_msg2sp: invalid proto type=%u\n",
1419 xisr->sadb_x_ipsecrequest_proto));
1421 *error = EPROTONOSUPPORT;
1424 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1426 switch (xisr->sadb_x_ipsecrequest_mode) {
1427 case IPSEC_MODE_TRANSPORT:
1428 case IPSEC_MODE_TUNNEL:
1430 case IPSEC_MODE_ANY:
1432 ipseclog((LOG_DEBUG,
1433 "key_msg2sp: invalid mode=%u\n",
1434 xisr->sadb_x_ipsecrequest_mode));
1439 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1441 switch (xisr->sadb_x_ipsecrequest_level) {
1442 case IPSEC_LEVEL_DEFAULT:
1443 case IPSEC_LEVEL_USE:
1444 case IPSEC_LEVEL_REQUIRE:
1446 case IPSEC_LEVEL_UNIQUE:
1447 /* validity check */
1449 * If range violation of reqid, kernel will
1450 * update it, don't refuse it.
1452 if (xisr->sadb_x_ipsecrequest_reqid
1453 > IPSEC_MANUAL_REQID_MAX) {
1454 ipseclog((LOG_DEBUG,
1455 "key_msg2sp: reqid=%u range "
1456 "violation, updated by kernel.\n",
1457 xisr->sadb_x_ipsecrequest_reqid));
1458 xisr->sadb_x_ipsecrequest_reqid = 0;
1461 /* allocate new reqid id if reqid is zero. */
1462 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1464 if ((reqid = key_newreqid()) == 0) {
1469 (*p_isr)->saidx.reqid = reqid;
1470 xisr->sadb_x_ipsecrequest_reqid = reqid;
1472 /* set it for manual keying. */
1473 (*p_isr)->saidx.reqid =
1474 xisr->sadb_x_ipsecrequest_reqid;
1479 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1480 xisr->sadb_x_ipsecrequest_level));
1485 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1487 /* set IP addresses if there */
1488 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1489 struct sockaddr *paddr;
1491 paddr = (struct sockaddr *)(xisr + 1);
1493 /* validity check */
1495 > sizeof((*p_isr)->saidx.src)) {
1496 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1497 "address length.\n"));
1502 bcopy(paddr, &(*p_isr)->saidx.src,
1505 paddr = (struct sockaddr *)((caddr_t)paddr
1508 /* validity check */
1510 > sizeof((*p_isr)->saidx.dst)) {
1511 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1512 "address length.\n"));
1517 bcopy(paddr, &(*p_isr)->saidx.dst,
1521 (*p_isr)->sav = NULL;
1522 (*p_isr)->sp = newsp;
1524 /* initialization for the next. */
1525 p_isr = &(*p_isr)->next;
1526 tlen -= xisr->sadb_x_ipsecrequest_len;
1528 /* validity check */
1530 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1536 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1537 + xisr->sadb_x_ipsecrequest_len);
1542 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1555 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1557 auto_reqid = (auto_reqid == ~0
1558 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1560 /* XXX should be unique check */
1566 * copy secpolicy struct to sadb_x_policy structure indicated.
1570 struct secpolicy *sp;
1572 struct sadb_x_policy *xpl;
1579 panic("key_sp2msg: NULL pointer was passed.");
1581 tlen = key_getspreqmsglen(sp);
1583 m = key_alloc_mbuf(tlen);
1584 if (!m || m->m_next) { /*XXX*/
1592 xpl = mtod(m, struct sadb_x_policy *);
1595 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1596 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1597 xpl->sadb_x_policy_type = sp->policy;
1598 xpl->sadb_x_policy_dir = sp->dir;
1599 xpl->sadb_x_policy_id = sp->id;
1600 p = (caddr_t)xpl + sizeof(*xpl);
1602 /* if is the policy for ipsec ? */
1603 if (sp->policy == IPSEC_POLICY_IPSEC) {
1604 struct sadb_x_ipsecrequest *xisr;
1605 struct ipsecrequest *isr;
1607 for (isr = sp->req; isr != NULL; isr = isr->next) {
1609 xisr = (struct sadb_x_ipsecrequest *)p;
1611 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1612 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1613 xisr->sadb_x_ipsecrequest_level = isr->level;
1614 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1617 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
1618 p += isr->saidx.src.ss_len;
1619 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
1620 p += isr->saidx.src.ss_len;
1622 xisr->sadb_x_ipsecrequest_len =
1623 PFKEY_ALIGN8(sizeof(*xisr) +
1624 isr->saidx.src.ss_len + isr->saidx.dst.ss_len);
1631 /* m will not be freed nor modified */
1632 static struct mbuf *
1634 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1635 int ndeep, int nitem, ...)
1637 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
1639 const struct sadb_msghdr *mhp;
1648 struct mbuf *result = NULL, *n;
1651 if (m == NULL || mhp == NULL)
1652 panic("null pointer passed to key_gather");
1654 va_start(ap, nitem);
1655 for (i = 0; i < nitem; i++) {
1656 idx = va_arg(ap, int);
1657 if (idx < 0 || idx > SADB_EXT_MAX)
1659 /* don't attempt to pull empty extension */
1660 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1662 if (idx != SADB_EXT_RESERVED &&
1663 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1666 if (idx == SADB_EXT_RESERVED) {
1667 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1670 panic("assumption failed");
1672 MGETHDR(n, M_DONTWAIT, MT_DATA);
1677 m_copydata(m, 0, sizeof(struct sadb_msg),
1679 } else if (i < ndeep) {
1680 len = mhp->extlen[idx];
1681 n = key_alloc_mbuf(len);
1682 if (!n || n->m_next) { /*XXX*/
1687 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1690 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1703 if ((result->m_flags & M_PKTHDR) != 0) {
1704 result->m_pkthdr.len = 0;
1705 for (n = result; n; n = n->m_next)
1706 result->m_pkthdr.len += n->m_len;
1718 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1719 * add an entry to SP database, when received
1720 * <base, address(SD), (lifetime(H),) policy>
1722 * Adding to SP database,
1724 * <base, address(SD), (lifetime(H),) policy>
1725 * to the socket which was send.
1727 * SPDADD set a unique policy entry.
1728 * SPDSETIDX like SPDADD without a part of policy requests.
1729 * SPDUPDATE replace a unique policy entry.
1731 * m will always be freed.
1734 key_spdadd(so, m, mhp)
1737 const struct sadb_msghdr *mhp;
1739 struct sadb_address *src0 = NULL, *dst0 = NULL;
1740 struct sadb_x_policy *xpl0, *xpl;
1741 struct sadb_lifetime *lft = NULL;
1742 struct secpolicyindex spidx;
1743 struct secpolicy *newsp;
1744 struct ipsecrequest *isr;
1749 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1750 panic("key_spdadd: NULL pointer is passed.");
1752 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1753 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
1756 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1757 return key_senderror(so, m, EINVAL);
1759 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1760 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1761 return key_senderror(so, m, EINVAL);
1763 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
1764 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
1765 (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
1766 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
1767 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1768 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1769 return key_senderror(so, m, EINVAL);
1771 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1772 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1773 < sizeof(struct sadb_lifetime)) {
1774 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1775 return key_senderror(so, m, EINVAL);
1777 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1780 /* spidx mode, or tag mode */
1781 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
1784 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1785 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1787 /* XXX boundary check against sa_len */
1788 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
1789 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
1790 src0->sadb_address_proto, &spidx);
1792 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1794 /* checking the direciton. */
1795 switch (xpl0->sadb_x_policy_dir) {
1796 case IPSEC_DIR_INBOUND:
1797 case IPSEC_DIR_OUTBOUND:
1800 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1801 mhp->msg->sadb_msg_errno = EINVAL;
1806 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1807 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1808 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1809 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1810 return key_senderror(so, m, EINVAL);
1813 /* policy requests are mandatory when action is ipsec. */
1814 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1815 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1816 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1817 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1818 return key_senderror(so, m, EINVAL);
1822 * checking there is SP already or not.
1823 * SPDUPDATE doesn't depend on whether there is a SP or not.
1824 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1827 if (xpl0->sadb_x_policy_id != 0)
1828 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
1830 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
1834 if (newsp && (newsp->readonly || newsp->persist)) {
1835 ipseclog((LOG_DEBUG,
1836 "key_spdadd: tried to alter readonly/persistent SP.\n"));
1837 return key_senderror(so, m, EPERM);
1840 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1843 key_freesp(newsp); /* ref gained by key_getsp */
1844 key_sp_unlink(newsp);
1848 if (newsp != NULL) {
1850 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1851 return key_senderror(so, m, EEXIST);
1855 /* allocation new SP entry */
1856 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1857 return key_senderror(so, m, error);
1861 error = keydb_setsecpolicyindex(newsp, &spidx);
1863 keydb_delsecpolicy(newsp);
1864 return key_senderror(so, m, error);
1867 /* sanity check on addr pair */
1868 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1869 ((struct sockaddr *)(dst0 + 1))->sa_family) {
1870 keydb_delsecpolicy(newsp);
1871 return key_senderror(so, m, EINVAL);
1873 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1874 ((struct sockaddr *)(dst0 + 1))->sa_len) {
1875 keydb_delsecpolicy(newsp);
1876 return key_senderror(so, m, EINVAL);
1880 for (isr = newsp->req; isr; isr = isr->next) {
1881 struct sockaddr *sa;
1884 * port spec is not permitted for tunnel mode
1886 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
1887 sa = (struct sockaddr *)(src0 + 1);
1888 switch (sa->sa_family) {
1890 if (((struct sockaddr_in *)sa)->sin_port) {
1891 keydb_delsecpolicy(newsp);
1892 return key_senderror(so, m, EINVAL);
1896 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1897 keydb_delsecpolicy(newsp);
1898 return key_senderror(so, m, EINVAL);
1904 sa = (struct sockaddr *)(dst0 + 1);
1905 switch (sa->sa_family) {
1907 if (((struct sockaddr_in *)sa)->sin_port) {
1908 keydb_delsecpolicy(newsp);
1909 return key_senderror(so, m, EINVAL);
1913 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1914 keydb_delsecpolicy(newsp);
1915 return key_senderror(so, m, EINVAL);
1925 * bark if we have different address family on tunnel address
1926 * specification. applies only if we decapsulate in RFC2401
1927 * IPsec (implementation limitation).
1929 for (isr = newsp->req; isr; isr = isr->next) {
1930 struct sockaddr *sa;
1932 if (isr->saidx.src.ss_family && src0) {
1933 sa = (struct sockaddr *)(src0 + 1);
1934 if (sa->sa_family != isr->saidx.src.ss_family) {
1935 keydb_delsecpolicy(newsp);
1936 return key_senderror(so, m, EINVAL);
1939 if (isr->saidx.dst.ss_family && dst0) {
1940 sa = (struct sockaddr *)(dst0 + 1);
1941 if (sa->sa_family != isr->saidx.dst.ss_family) {
1942 keydb_delsecpolicy(newsp);
1943 return key_senderror(so, m, EINVAL);
1948 newsp->created = time_second;
1949 newsp->lastused = time_second;
1950 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1951 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1953 newsp->state = IPSEC_SPSTATE_ALIVE;
1954 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
1956 /* delete the entry in spacqtree */
1957 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
1958 mhp->ext[SADB_EXT_ADDRESS_SRC]) {
1959 struct secspacq *spacq;
1960 if ((spacq = key_getspacq(&spidx)) != NULL) {
1961 /* reset counter in order to deletion by timehandler. */
1962 spacq->created = time_second;
1967 /* invalidate all cached SPD pointers on pcb */
1968 ipsec_invalpcbcacheall();
1971 struct mbuf *n, *mpolicy;
1972 struct sadb_msg *newmsg;
1975 /* create new sadb_msg to reply. */
1977 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1978 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1979 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1981 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1983 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1986 return key_senderror(so, m, ENOBUFS);
1988 if (n->m_len < sizeof(*newmsg)) {
1989 n = m_pullup(n, sizeof(*newmsg));
1991 return key_senderror(so, m, ENOBUFS);
1993 newmsg = mtod(n, struct sadb_msg *);
1994 newmsg->sadb_msg_errno = 0;
1995 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
1998 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
1999 sizeof(*xpl), &off);
2000 if (mpolicy == NULL) {
2001 /* n is already freed */
2002 return key_senderror(so, m, ENOBUFS);
2004 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2005 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2007 return key_senderror(so, m, EINVAL);
2009 xpl->sadb_x_policy_id = newsp->id;
2012 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2017 * SADB_SPDDELETE processing
2019 * <base, address(SD), policy(*)>
2020 * from the user(?), and set SADB_SASTATE_DEAD,
2022 * <base, address(SD), policy(*)>
2024 * policy(*) including the direction of the policy.
2026 * m will always be freed.
2029 key_spddelete(so, m, mhp)
2032 const struct sadb_msghdr *mhp;
2034 struct sadb_address *src0, *dst0;
2035 struct sadb_x_policy *xpl0;
2036 struct secpolicyindex spidx;
2037 struct secpolicy *sp;
2040 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2041 panic("key_spddelete: NULL pointer is passed.");
2043 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2044 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2045 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2046 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2047 return key_senderror(so, m, EINVAL);
2049 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2050 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2051 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2052 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2053 return key_senderror(so, m, EINVAL);
2056 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2057 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2058 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2061 /* XXX boundary check against sa_len */
2062 KEY_SETSECSPIDX(src0 + 1,
2064 src0->sadb_address_prefixlen,
2065 dst0->sadb_address_prefixlen,
2066 src0->sadb_address_proto,
2069 /* checking the direciton. */
2070 switch (xpl0->sadb_x_policy_dir) {
2071 case IPSEC_DIR_INBOUND:
2072 case IPSEC_DIR_OUTBOUND:
2075 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2076 return key_senderror(so, m, EINVAL);
2079 /* Is there SP in SPD ? */
2080 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
2081 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2082 return key_senderror(so, m, EINVAL);
2086 ipseclog((LOG_DEBUG,
2087 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2089 key_freesp(sp); /* ref gained by key_getsp */
2090 return key_senderror(so, m, EPERM);
2093 /* save policy id to be returned. */
2094 xpl0->sadb_x_policy_id = sp->id;
2097 key_freesp(sp); /* ref gained by key_getsp */
2101 /* invalidate all cached SPD pointers on pcb */
2102 ipsec_invalpcbcacheall();
2106 struct sadb_msg *newmsg;
2108 /* create new sadb_msg to reply. */
2109 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2110 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2112 return key_senderror(so, m, ENOBUFS);
2114 newmsg = mtod(n, struct sadb_msg *);
2115 newmsg->sadb_msg_errno = 0;
2116 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2119 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2124 * SADB_SPDDELETE2 processing
2127 * from the user(?), and set SADB_SASTATE_DEAD,
2131 * policy(*) including the policy id.
2133 * m will always be freed.
2136 key_spddelete2(so, m, mhp)
2139 const struct sadb_msghdr *mhp;
2142 struct secpolicy *sp;
2145 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2146 panic("key_spddelete2: NULL pointer is passed.");
2148 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2149 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2150 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2151 return key_senderror(so, m, EINVAL);
2154 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2156 /* Is there SP in SPD ? */
2157 if ((sp = key_getspbyid(id)) == NULL) {
2158 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
2160 return key_senderror(so, m, EINVAL);
2164 ipseclog((LOG_DEBUG,
2165 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2167 key_freesp(sp); /* ref gained by key_getspbyid */
2168 return key_senderror(so, m, EPERM);
2172 key_freesp(sp); /* ref gained by key_getspbyid */
2176 /* invalidate all cached SPD pointers on pcb */
2177 ipsec_invalpcbcacheall();
2180 struct mbuf *n, *nn;
2181 struct sadb_msg *newmsg;
2184 /* create new sadb_msg to reply. */
2185 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2188 return key_senderror(so, m, ENOBUFS);
2189 MGETHDR(n, M_DONTWAIT, MT_DATA);
2190 if (n && len > MHLEN) {
2191 MCLGET(n, M_DONTWAIT);
2192 if ((n->m_flags & M_EXT) == 0) {
2198 return key_senderror(so, m, ENOBUFS);
2204 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2205 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2209 panic("length inconsistency in key_spddelete2");
2212 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2213 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2216 return key_senderror(so, m, ENOBUFS);
2219 n->m_pkthdr.len = 0;
2220 for (nn = n; nn; nn = nn->m_next)
2221 n->m_pkthdr.len += nn->m_len;
2223 newmsg = mtod(n, struct sadb_msg *);
2224 newmsg->sadb_msg_errno = 0;
2225 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2228 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2233 * SADB_X_SPDGET processing
2238 * <base, address(SD), policy>
2240 * policy(*) including direction of policy.
2242 * m will always be freed.
2245 key_spdget(so, m, mhp)
2248 const struct sadb_msghdr *mhp;
2251 struct secpolicy *sp;
2255 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2256 panic("key_spdget: NULL pointer is passed.");
2258 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2259 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2260 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2261 return key_senderror(so, m, EINVAL);
2264 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2266 /* Is there SP in SPD ? */
2267 if ((sp = key_getspbyid(id)) == NULL) {
2268 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2269 return key_senderror(so, m, ENOENT);
2272 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2273 key_freesp(sp); /* ref gained by key_getspbyid */
2276 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2278 return key_senderror(so, m, ENOBUFS);
2282 * SADB_X_SPDACQUIRE processing.
2283 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2286 * to KMD, and expect to receive
2287 * <base> with SADB_X_SPDACQUIRE if error occured,
2290 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2291 * policy(*) is without policy requests.
2294 * others: error number
2298 struct secpolicy *sp;
2300 struct mbuf *result = NULL, *m;
2301 #ifndef IPSEC_NONBLOCK_ACQUIRE
2302 struct secspacq *newspacq;
2308 panic("key_spdacquire: NULL pointer is passed.");
2309 if (sp->req != NULL)
2310 panic("key_spdacquire: called but there is request.");
2311 if (sp->policy != IPSEC_POLICY_IPSEC)
2312 panic("key_spdacquire: policy mismathed. IPsec is expected.");
2318 #ifndef IPSEC_NONBLOCK_ACQUIRE
2319 /* get an entry to check whether sent message or not. */
2320 if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
2321 if (key_blockacq_count < newspacq->count) {
2322 /* reset counter and do send message. */
2323 newspacq->count = 0;
2325 /* increment counter and do nothing. */
2330 /* make new entry for blocking to send SADB_ACQUIRE. */
2331 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
2334 /* add to acqtree */
2335 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2339 /* create new sadb_msg to reply. */
2340 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2347 /* set sadb_x_policy */
2349 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
2357 result->m_pkthdr.len = 0;
2358 for (m = result; m; m = m->m_next)
2359 result->m_pkthdr.len += m->m_len;
2361 mtod(result, struct sadb_msg *)->sadb_msg_len =
2362 PFKEY_UNIT64(result->m_pkthdr.len);
2364 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2373 * SADB_SPDFLUSH processing
2376 * from the user, and free all entries in secpctree.
2380 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2382 * m will always be freed.
2385 key_spdflush(so, m, mhp)
2388 const struct sadb_msghdr *mhp;
2390 struct sadb_msg *newmsg;
2391 struct secpolicy *sp, *nextsp;
2394 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2395 panic("key_spdflush: NULL pointer is passed.");
2397 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2398 return key_senderror(so, m, EINVAL);
2400 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
2401 nextsp = TAILQ_NEXT(sp, tailq);
2404 if (sp->state == IPSEC_SPSTATE_DEAD)
2411 /* invalidate all cached SPD pointers on pcb */
2412 ipsec_invalpcbcacheall();
2414 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2415 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2416 return key_senderror(so, m, ENOBUFS);
2422 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2423 newmsg = mtod(m, struct sadb_msg *);
2424 newmsg->sadb_msg_errno = 0;
2425 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2427 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2431 * SADB_SPDDUMP processing
2434 * from the user, and dump all SP leaves
2439 * m will always be freed.
2442 key_spddump(so, m, mhp)
2445 const struct sadb_msghdr *mhp;
2447 struct secpolicy *sp;
2453 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2454 panic("key_spddump: NULL pointer is passed.");
2456 /* search SPD entry and get buffer size. */
2458 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2459 LIST_FOREACH(sp, &sptree[dir], chain) {
2465 return key_senderror(so, m, ENOENT);
2467 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2468 LIST_FOREACH(sp, &sptree[dir], chain) {
2470 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2471 mhp->msg->sadb_msg_pid);
2474 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2482 static struct mbuf *
2483 key_setdumpsp(sp, type, seq, pid)
2484 struct secpolicy *sp;
2488 struct mbuf *result = NULL, *m;
2490 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2496 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2497 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
2498 sp->spidx->ul_proto);
2503 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2504 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
2505 sp->spidx->ul_proto);
2516 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
2517 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
2522 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
2523 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
2528 if ((result->m_flags & M_PKTHDR) == 0)
2531 if (result->m_len < sizeof(struct sadb_msg)) {
2532 result = m_pullup(result, sizeof(struct sadb_msg));
2537 result->m_pkthdr.len = 0;
2538 for (m = result; m; m = m->m_next)
2539 result->m_pkthdr.len += m->m_len;
2541 mtod(result, struct sadb_msg *)->sadb_msg_len =
2542 PFKEY_UNIT64(result->m_pkthdr.len);
2552 * get PFKEY message length for security policy and request.
2555 key_getspreqmsglen(sp)
2556 struct secpolicy *sp;
2560 tlen = sizeof(struct sadb_x_policy);
2562 /* if is the policy for ipsec ? */
2563 if (sp->policy != IPSEC_POLICY_IPSEC)
2566 /* get length of ipsec requests */
2568 struct ipsecrequest *isr;
2571 for (isr = sp->req; isr != NULL; isr = isr->next) {
2572 len = sizeof(struct sadb_x_ipsecrequest)
2573 + isr->saidx.src.ss_len
2574 + isr->saidx.dst.ss_len;
2576 tlen += PFKEY_ALIGN8(len);
2584 * SADB_X_SPDEXPIRE processing
2586 * <base, address(SD), lifetime(CH), policy>
2590 * others : error number
2594 struct secpolicy *sp;
2597 struct mbuf *result = NULL, *m;
2600 struct sadb_lifetime *lt;
2602 /* XXX: Why do we lock ? */
2603 s = splnet(); /*called from softclock()*/
2607 panic("key_spdexpire: NULL pointer is passed.");
2609 /* set msg header */
2610 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2617 /* create lifetime extension (current and hard) */
2618 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2619 m = key_alloc_mbuf(len);
2620 if (!m || m->m_next) { /*XXX*/
2626 bzero(mtod(m, caddr_t), len);
2627 lt = mtod(m, struct sadb_lifetime *);
2628 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2629 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2630 lt->sadb_lifetime_allocations = 0;
2631 lt->sadb_lifetime_bytes = 0;
2632 lt->sadb_lifetime_addtime = sp->created;
2633 lt->sadb_lifetime_usetime = sp->lastused;
2634 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2635 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2636 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2637 lt->sadb_lifetime_allocations = 0;
2638 lt->sadb_lifetime_bytes = 0;
2639 lt->sadb_lifetime_addtime = sp->lifetime;
2640 lt->sadb_lifetime_usetime = sp->validtime;
2643 /* set sadb_address for source */
2645 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2646 (struct sockaddr *)&sp->spidx->src,
2647 sp->spidx->prefs, sp->spidx->ul_proto);
2654 /* set sadb_address for destination */
2655 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2656 (struct sockaddr *)&sp->spidx->dst,
2657 sp->spidx->prefd, sp->spidx->ul_proto);
2673 if ((result->m_flags & M_PKTHDR) == 0) {
2678 if (result->m_len < sizeof(struct sadb_msg)) {
2679 result = m_pullup(result, sizeof(struct sadb_msg));
2680 if (result == NULL) {
2686 result->m_pkthdr.len = 0;
2687 for (m = result; m; m = m->m_next)
2688 result->m_pkthdr.len += m->m_len;
2690 mtod(result, struct sadb_msg *)->sadb_msg_len =
2691 PFKEY_UNIT64(result->m_pkthdr.len);
2694 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2703 /* %%% SAD management */
2705 * allocating a memory for new SA head, and copy from the values of mhp.
2706 * OUT: NULL : failure due to the lack of memory.
2707 * others : pointer to new SA head.
2709 static struct secashead *
2711 struct secasindex *saidx;
2713 struct secashead *newsah;
2717 panic("key_newsaidx: NULL pointer is passed.");
2719 newsah = keydb_newsecashead();
2723 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
2725 /* add to saidxtree */
2726 newsah->state = SADB_SASTATE_MATURE;
2727 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2733 * delete SA index and all SA registerd.
2737 struct secashead *sah;
2739 struct secasvar *sav, *nextsav;
2740 u_int stateidx, state;
2746 panic("key_delsah: NULL pointer is passed.");
2748 s = splnet(); /*called from softclock()*/
2750 /* searching all SA registerd in the secindex. */
2752 stateidx < _ARRAYLEN(saorder_state_any);
2755 state = saorder_state_any[stateidx];
2756 for (sav = LIST_FIRST(&sah->savtree[state]);
2760 nextsav = LIST_NEXT(sav, chain);
2762 if (sav->refcnt > 0) {
2763 /* give up to delete this sa */
2769 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2771 /* remove back pointer */
2780 /* delete sah only if there's no sav. */
2786 if (sah->sa_route.ro_rt) {
2787 RTFREE(sah->sa_route.ro_rt);
2788 sah->sa_route.ro_rt = (struct rtentry *)NULL;
2791 /* remove from tree of SA index */
2792 if (__LIST_CHAINED(sah))
2793 LIST_REMOVE(sah, chain);
2802 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2803 * and copy the values of mhp into new buffer.
2804 * When SAD message type is GETSPI:
2805 * to set sequence number from acq_seq++,
2806 * to set zero to SPI.
2807 * not to call key_setsava().
2809 * others : pointer to new secasvar.
2811 * does not modify mbuf. does not free mbuf on error.
2813 static struct secasvar *
2814 key_newsav(m, mhp, sah, errp)
2816 const struct sadb_msghdr *mhp;
2817 struct secashead *sah;
2820 struct secasvar *newsav;
2821 const struct sadb_sa *xsa;
2824 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2825 panic("key_newsa: NULL pointer is passed.");
2827 newsav = keydb_newsecasvar();
2828 if (newsav == NULL) {
2829 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2834 switch (mhp->msg->sadb_msg_type) {
2836 key_setspi(newsav, 0);
2838 #ifdef IPSEC_DOSEQCHECK
2839 /* sync sequence number */
2840 if (mhp->msg->sadb_msg_seq == 0)
2842 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2845 newsav->seq = mhp->msg->sadb_msg_seq;
2850 if (mhp->ext[SADB_EXT_SA] == NULL) {
2852 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2856 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2857 key_setspi(newsav, xsa->sadb_sa_spi);
2858 newsav->seq = mhp->msg->sadb_msg_seq;
2866 /* copy sav values */
2867 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2868 *errp = key_setsaval(newsav, m, mhp);
2876 newsav->created = time_second;
2878 newsav->pid = mhp->msg->sadb_msg_pid;
2883 newsav->state = SADB_SASTATE_LARVAL;
2884 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2894 * others : found, pointer to a SA.
2896 static struct secashead *
2898 struct secasindex *saidx;
2900 struct secashead *sah;
2902 LIST_FOREACH(sah, &sahtree, chain) {
2903 if (sah->state == SADB_SASTATE_DEAD)
2905 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
2913 * check not to be duplicated SPI.
2914 * NOTE: this function is too slow due to searching all SAD.
2917 * others : found, pointer to a SA.
2919 static struct secasvar *
2920 key_checkspidup(saidx, spi)
2921 struct secasindex *saidx;
2924 struct secasvar *sav;
2925 u_int stateidx, state;
2927 /* check address family */
2928 if (saidx->src.ss_family != saidx->dst.ss_family) {
2929 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2934 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2935 if (sav->spi != spi)
2938 stateidx < _ARRAYLEN(saorder_state_alive);
2940 state = saorder_state_alive[stateidx];
2941 if (sav->state == state &&
2942 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
2951 key_setspi(sav, spi)
2952 struct secasvar *sav;
2959 if (sav->spihash.le_prev || sav->spihash.le_next)
2960 LIST_REMOVE(sav, spihash);
2961 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
2966 * search SAD litmited alive SA, protocol, SPI.
2969 * others : found, pointer to a SA.
2971 static struct secasvar *
2972 key_getsavbyspi(sah, spi)
2973 struct secashead *sah;
2976 struct secasvar *sav, *match;
2977 u_int stateidx, state, matchidx;
2980 matchidx = _ARRAYLEN(saorder_state_alive);
2981 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2982 if (sav->spi != spi)
2984 if (sav->sah != sah)
2986 for (stateidx = 0; stateidx < matchidx; stateidx++) {
2987 state = saorder_state_alive[stateidx];
2988 if (sav->state == state) {
2990 matchidx = stateidx;
3000 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3001 * You must update these if need.
3005 * does not modify mbuf. does not free mbuf on error.
3008 key_setsaval(sav, m, mhp)
3009 struct secasvar *sav;
3011 const struct sadb_msghdr *mhp;
3014 const struct esp_algorithm *algo;
3019 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3020 panic("key_setsaval: NULL pointer is passed.");
3022 /* initialization */
3024 sav->key_auth = NULL;
3025 sav->key_enc = NULL;
3034 if (mhp->ext[SADB_EXT_SA] != NULL) {
3035 const struct sadb_sa *sa0;
3037 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3038 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3043 sav->alg_auth = sa0->sadb_sa_auth;
3044 sav->alg_enc = sa0->sadb_sa_encrypt;
3045 sav->flags = sa0->sadb_sa_flags;
3048 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3049 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3050 if (sav->replay == NULL) {
3051 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3058 /* Authentication keys */
3059 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3060 const struct sadb_key *key0;
3063 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3064 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3067 if (len < sizeof(*key0)) {
3071 switch (mhp->msg->sadb_msg_satype) {
3072 case SADB_SATYPE_AH:
3073 case SADB_SATYPE_ESP:
3074 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3075 sav->alg_auth != SADB_X_AALG_NULL)
3078 case SADB_X_SATYPE_IPCOMP:
3084 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3088 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3089 if (sav->key_auth == NULL) {
3090 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3096 /* Encryption key */
3097 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3098 const struct sadb_key *key0;
3101 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3102 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3105 if (len < sizeof(*key0)) {
3109 switch (mhp->msg->sadb_msg_satype) {
3110 case SADB_SATYPE_ESP:
3111 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3112 sav->alg_enc != SADB_EALG_NULL) {
3116 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3117 if (sav->key_enc == NULL) {
3118 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3123 case SADB_X_SATYPE_IPCOMP:
3124 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3126 sav->key_enc = NULL; /*just in case*/
3128 case SADB_SATYPE_AH:
3134 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3142 switch (mhp->msg->sadb_msg_satype) {
3143 case SADB_SATYPE_ESP:
3145 algo = esp_algorithm_lookup(sav->alg_enc);
3146 if (algo && algo->ivlen)
3147 sav->ivlen = (*algo->ivlen)(algo, sav);
3148 if (sav->ivlen == 0)
3150 KMALLOC(sav->iv, caddr_t, sav->ivlen);
3152 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3158 key_randomfill(sav->iv, sav->ivlen);
3161 case SADB_SATYPE_AH:
3162 case SADB_X_SATYPE_IPCOMP:
3165 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3171 sav->created = time_second;
3173 /* make lifetime for CURRENT */
3174 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3175 sizeof(struct sadb_lifetime));
3176 if (sav->lft_c == NULL) {
3177 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3182 sav->lft_c->sadb_lifetime_len =
3183 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3184 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3185 sav->lft_c->sadb_lifetime_allocations = 0;
3186 sav->lft_c->sadb_lifetime_bytes = 0;
3187 sav->lft_c->sadb_lifetime_addtime = time_second;
3188 sav->lft_c->sadb_lifetime_usetime = 0;
3190 /* lifetimes for HARD and SOFT */
3192 const struct sadb_lifetime *lft0;
3194 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3196 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3200 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3202 if (sav->lft_h == NULL) {
3203 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3207 /* we no longer support byte lifetime */
3208 if (sav->lft_h->sadb_lifetime_bytes) {
3215 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3217 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3221 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3223 if (sav->lft_s == NULL) {
3224 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3228 /* we no longer support byte lifetime */
3229 if (sav->lft_s->sadb_lifetime_bytes) {
3240 /* initialization */
3241 if (sav->replay != NULL) {
3242 keydb_delsecreplay(sav->replay);
3245 if (sav->key_auth != NULL) {
3246 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3247 KFREE(sav->key_auth);
3248 sav->key_auth = NULL;
3250 if (sav->key_enc != NULL) {
3251 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3252 KFREE(sav->key_enc);
3253 sav->key_enc = NULL;
3256 bzero(sav->sched, sav->schedlen);
3260 if (sav->iv != NULL) {
3264 if (sav->lft_c != NULL) {
3268 if (sav->lft_h != NULL) {
3272 if (sav->lft_s != NULL) {
3281 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3287 struct secasvar *sav;
3290 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3291 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3295 /* check SPI value */
3296 switch (sav->sah->saidx.proto) {
3299 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
3300 ipseclog((LOG_DEBUG,
3301 "key_mature: illegal range of SPI %u.\n",
3302 (u_int32_t)ntohl(sav->spi)));
3309 switch (sav->sah->saidx.proto) {
3312 if ((sav->flags & SADB_X_EXT_OLD) &&
3313 (sav->flags & SADB_X_EXT_DERIV)) {
3314 ipseclog((LOG_DEBUG, "key_mature: "
3315 "invalid flag (derived) given to old-esp.\n"));
3318 if (sav->alg_auth == SADB_AALG_NONE)
3326 if (sav->flags & SADB_X_EXT_DERIV) {
3327 ipseclog((LOG_DEBUG, "key_mature: "
3328 "invalid flag (derived) given to AH SA.\n"));
3331 if (sav->alg_enc != SADB_EALG_NONE) {
3332 ipseclog((LOG_DEBUG, "key_mature: "
3333 "protocol and algorithm mismated.\n"));
3339 case IPPROTO_IPCOMP:
3340 if (sav->alg_auth != SADB_AALG_NONE) {
3341 ipseclog((LOG_DEBUG, "key_mature: "
3342 "protocol and algorithm mismated.\n"));
3345 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3346 ntohl(sav->spi) >= 0x10000) {
3347 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3354 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3355 return EPROTONOSUPPORT;
3358 /* check authentication algorithm */
3359 if ((checkmask & 2) != 0) {
3360 const struct ah_algorithm *algo;
3363 algo = ah_algorithm_lookup(sav->alg_auth);
3365 ipseclog((LOG_DEBUG, "key_mature: "
3366 "unknown authentication algorithm.\n"));
3370 /* algorithm-dependent check */
3372 keylen = sav->key_auth->sadb_key_bits;
3375 if (keylen < algo->keymin || algo->keymax < keylen) {
3376 ipseclog((LOG_DEBUG,
3377 "key_mature: invalid AH key length %d "
3378 "(%d-%d allowed)\n",
3379 keylen, algo->keymin, algo->keymax));
3384 if ((*algo->mature)(sav)) {
3385 /* message generated in per-algorithm function*/
3388 mature = SADB_SATYPE_AH;
3391 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3392 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3397 /* check encryption algorithm */
3398 if ((checkmask & 1) != 0) {
3400 const struct esp_algorithm *algo;
3403 algo = esp_algorithm_lookup(sav->alg_enc);
3405 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3409 /* algorithm-dependent check */
3411 keylen = sav->key_enc->sadb_key_bits;
3414 if (keylen < algo->keymin || algo->keymax < keylen) {
3415 ipseclog((LOG_DEBUG,
3416 "key_mature: invalid ESP key length %d "
3417 "(%d-%d allowed)\n",
3418 keylen, algo->keymin, algo->keymax));
3423 if ((*algo->mature)(sav)) {
3424 /* message generated in per-algorithm function*/
3427 mature = SADB_SATYPE_ESP;
3430 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3431 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3435 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3440 /* check compression algorithm */
3441 if ((checkmask & 4) != 0) {
3442 const struct ipcomp_algorithm *algo;
3444 /* algorithm-dependent check */
3445 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3447 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3452 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3458 * subroutine for SADB_GET and SADB_DUMP.
3460 static struct mbuf *
3461 key_setdumpsa(sav, type, satype, seq, pid)
3462 struct secasvar *sav;
3463 u_int8_t type, satype;
3466 struct mbuf *result = NULL, *tres = NULL, *m;
3471 SADB_EXT_SA, SADB_X_EXT_SA2,
3472 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3473 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3474 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3475 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3476 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3479 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3484 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3487 switch (dumporder[i]) {
3489 m = key_setsadbsa(sav);
3494 case SADB_X_EXT_SA2:
3495 m = key_setsadbxsa2(sav->sah->saidx.mode,
3496 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
3497 sav->sah->saidx.reqid);
3502 case SADB_EXT_ADDRESS_SRC:
3503 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3504 (struct sockaddr *)&sav->sah->saidx.src,
3505 FULLMASK, IPSEC_ULPROTO_ANY);
3510 case SADB_EXT_ADDRESS_DST:
3511 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3512 (struct sockaddr *)&sav->sah->saidx.dst,
3513 FULLMASK, IPSEC_ULPROTO_ANY);
3518 case SADB_EXT_KEY_AUTH:
3521 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3525 case SADB_EXT_KEY_ENCRYPT:
3528 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3532 case SADB_EXT_LIFETIME_CURRENT:
3535 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3539 case SADB_EXT_LIFETIME_HARD:
3542 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3546 case SADB_EXT_LIFETIME_SOFT:
3549 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3553 case SADB_EXT_ADDRESS_PROXY:
3554 case SADB_EXT_IDENTITY_SRC:
3555 case SADB_EXT_IDENTITY_DST:
3556 /* XXX: should we brought from SPD ? */
3557 case SADB_EXT_SENSITIVITY:
3562 if ((!m && !p) || (m && p))
3565 M_PREPEND(tres, l, M_DONTWAIT);
3568 bcopy(p, mtod(tres, caddr_t), l);
3572 m = key_alloc_mbuf(l);
3575 m_copyback(m, 0, l, p);
3583 m_cat(result, tres);
3585 if (result->m_len < sizeof(struct sadb_msg)) {
3586 result = m_pullup(result, sizeof(struct sadb_msg));
3591 result->m_pkthdr.len = 0;
3592 for (m = result; m; m = m->m_next)
3593 result->m_pkthdr.len += m->m_len;
3595 mtod(result, struct sadb_msg *)->sadb_msg_len =
3596 PFKEY_UNIT64(result->m_pkthdr.len);
3607 * set data into sadb_msg.
3609 static struct mbuf *
3610 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3611 u_int8_t type, satype;
3621 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3624 MGETHDR(m, M_DONTWAIT, MT_DATA);
3625 if (m && len > MHLEN) {
3626 MCLGET(m, M_DONTWAIT);
3627 if ((m->m_flags & M_EXT) == 0) {
3634 m->m_pkthdr.len = m->m_len = len;
3637 p = mtod(m, struct sadb_msg *);
3640 p->sadb_msg_version = PF_KEY_V2;
3641 p->sadb_msg_type = type;
3642 p->sadb_msg_errno = 0;
3643 p->sadb_msg_satype = satype;
3644 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3645 p->sadb_msg_reserved = reserved;
3646 p->sadb_msg_seq = seq;
3647 p->sadb_msg_pid = (u_int32_t)pid;
3653 * copy secasvar data into sadb_address.
3655 static struct mbuf *
3657 struct secasvar *sav;
3663 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3664 m = key_alloc_mbuf(len);
3665 if (!m || m->m_next) { /*XXX*/
3671 p = mtod(m, struct sadb_sa *);
3674 p->sadb_sa_len = PFKEY_UNIT64(len);
3675 p->sadb_sa_exttype = SADB_EXT_SA;
3676 p->sadb_sa_spi = sav->spi;
3677 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3678 p->sadb_sa_state = sav->state;
3679 p->sadb_sa_auth = sav->alg_auth;
3680 p->sadb_sa_encrypt = sav->alg_enc;
3681 p->sadb_sa_flags = sav->flags;
3687 * set data into sadb_address.
3689 static struct mbuf *
3690 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
3692 struct sockaddr *saddr;
3697 struct sadb_address *p;
3700 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3701 PFKEY_ALIGN8(saddr->sa_len);
3702 m = key_alloc_mbuf(len);
3703 if (!m || m->m_next) { /*XXX*/
3709 p = mtod(m, struct sadb_address *);
3712 p->sadb_address_len = PFKEY_UNIT64(len);
3713 p->sadb_address_exttype = exttype;
3714 p->sadb_address_proto = ul_proto;
3715 if (prefixlen == FULLMASK) {
3716 switch (saddr->sa_family) {
3718 prefixlen = sizeof(struct in_addr) << 3;
3721 prefixlen = sizeof(struct in6_addr) << 3;
3727 p->sadb_address_prefixlen = prefixlen;
3728 p->sadb_address_reserved = 0;
3731 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3739 * set data into sadb_ident.
3741 static struct mbuf *
3742 key_setsadbident(exttype, idtype, string, stringlen, id)
3743 u_int16_t exttype, idtype;
3749 struct sadb_ident *p;
3752 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3753 m = key_alloc_mbuf(len);
3754 if (!m || m->m_next) { /*XXX*/
3760 p = mtod(m, struct sadb_ident *);
3763 p->sadb_ident_len = PFKEY_UNIT64(len);
3764 p->sadb_ident_exttype = exttype;
3765 p->sadb_ident_type = idtype;
3766 p->sadb_ident_reserved = 0;
3767 p->sadb_ident_id = id;
3770 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3778 * set data into sadb_x_sa2.
3780 static struct mbuf *
3781 key_setsadbxsa2(mode, seq, reqid)
3783 u_int32_t seq, reqid;
3786 struct sadb_x_sa2 *p;
3789 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3790 m = key_alloc_mbuf(len);
3791 if (!m || m->m_next) { /*XXX*/
3797 p = mtod(m, struct sadb_x_sa2 *);
3800 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3801 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3802 p->sadb_x_sa2_mode = mode;
3803 p->sadb_x_sa2_reserved1 = 0;
3804 p->sadb_x_sa2_reserved2 = 0;
3805 p->sadb_x_sa2_sequence = seq;
3806 p->sadb_x_sa2_reqid = reqid;
3812 * set data into sadb_lifetime
3814 static struct mbuf *
3815 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
3818 u_int64_t bytes, addtime, usetime;
3821 struct sadb_lifetime *p;
3824 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
3825 m = key_alloc_mbuf(len);
3826 if (!m || m->m_next) { /*XXX*/
3832 p = mtod(m, struct sadb_lifetime *);
3835 p->sadb_lifetime_len = PFKEY_UNIT64(len);
3836 p->sadb_lifetime_exttype = type;
3837 p->sadb_lifetime_allocations = alloc;
3838 p->sadb_lifetime_bytes = bytes;
3839 p->sadb_lifetime_addtime = addtime;
3840 p->sadb_lifetime_usetime = usetime;
3846 * set data into sadb_x_policy
3848 static struct mbuf *
3849 key_setsadbxpolicy(type, dir, id)
3855 struct sadb_x_policy *p;
3858 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
3859 m = key_alloc_mbuf(len);
3860 if (!m || m->m_next) { /*XXX*/
3866 p = mtod(m, struct sadb_x_policy *);
3869 p->sadb_x_policy_len = PFKEY_UNIT64(len);
3870 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3871 p->sadb_x_policy_type = type;
3872 p->sadb_x_policy_dir = dir;
3873 p->sadb_x_policy_id = id;
3880 * copy a buffer into the new buffer allocated.
3883 key_newbuf(src, len)
3889 KMALLOC(new, caddr_t, len);
3891 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
3894 bcopy(src, new, len);
3899 /* compare my own address
3900 * OUT: 1: true, i.e. my address.
3905 struct sockaddr *sa;
3908 struct sockaddr_in *sin;
3909 struct in_ifaddr *ia;
3914 panic("key_ismyaddr: NULL pointer is passed.");
3916 switch (sa->sa_family) {
3919 sin = (struct sockaddr_in *)sa;
3920 for (ia = in_ifaddrhead.tqh_first; ia;
3921 ia = ia->ia_link.tqe_next)
3923 if (sin->sin_family == ia->ia_addr.sin_family &&
3924 sin->sin_len == ia->ia_addr.sin_len &&
3925 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
3934 return key_ismyaddr6((struct sockaddr_in6 *)sa);
3943 * compare my own address for IPv6.
3946 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3948 #include <netinet6/in6_var.h>
3952 struct sockaddr_in6 *sin6;
3954 struct in6_ifaddr *ia;
3955 struct in6_multi *in6m;
3957 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
3958 if (key_sockaddrcmp((struct sockaddr *)&sin6,
3959 (struct sockaddr *)&ia->ia_addr, 0) == 0)
3964 * XXX why do we care about multlicast here while we don't care
3965 * about IPv4 multicast??
3968 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
3973 /* loopback, just for safety */
3974 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
3982 * compare two secasindex structure.
3983 * flag can specify to compare 2 saidxes.
3984 * compare two secasindex structure without both mode and reqid.
3985 * don't compare port.
3987 * saidx0: source, it can be in SAD.
3994 key_cmpsaidx(saidx0, saidx1, flag)
3995 struct secasindex *saidx0, *saidx1;
3999 if (saidx0 == NULL && saidx1 == NULL)
4002 if (saidx0 == NULL || saidx1 == NULL)
4005 if (saidx0->proto != saidx1->proto)
4008 if (flag == CMP_EXACTLY) {
4009 if (saidx0->mode != saidx1->mode)
4011 if (saidx0->reqid != saidx1->reqid)
4013 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4014 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4018 /* CMP_MODE_REQID, CMP_HEAD */
4019 if (flag == CMP_MODE_REQID) {
4021 * If reqid of SPD is non-zero, unique SA is required.
4022 * The result must be of same reqid in this case.
4024 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4028 if (flag == CMP_MODE_REQID) {
4029 if (saidx0->mode != IPSEC_MODE_ANY &&
4030 saidx0->mode != saidx1->mode)
4034 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4035 (struct sockaddr *)&saidx1->src, 0) != 0) {
4038 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4039 (struct sockaddr *)&saidx1->dst, 0) != 0) {
4048 * compare two secindex structure exactly.
4050 * spidx0: source, it is often in SPD.
4051 * spidx1: object, it is often from PFKEY message.
4057 key_cmpspidx_exactly(spidx0, spidx1)
4058 struct secpolicyindex *spidx0, *spidx1;
4061 if (spidx0 == NULL && spidx1 == NULL)
4064 if (spidx0 == NULL || spidx1 == NULL)
4067 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
4068 spidx0->ul_proto != spidx1->ul_proto)
4071 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4072 (struct sockaddr *)&spidx1->src, 1) != 0) {
4075 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4076 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4084 * compare two secindex structure with mask.
4086 * spidx0: source, it is often in SPD.
4087 * spidx1: object, it is often from IP header.
4093 key_cmpspidx_withmask(spidx0, spidx1)
4094 struct secpolicyindex *spidx0, *spidx1;
4097 if (spidx0 == NULL && spidx1 == NULL)
4100 if (spidx0 == NULL || spidx1 == NULL)
4103 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4104 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4105 spidx0->src.ss_len != spidx1->src.ss_len ||
4106 spidx0->dst.ss_len != spidx1->dst.ss_len)
4109 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4110 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4111 spidx0->ul_proto != spidx1->ul_proto)
4114 switch (spidx0->src.ss_family) {
4116 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
4117 satosin(&spidx0->src)->sin_port !=
4118 satosin(&spidx1->src)->sin_port)
4120 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
4121 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4125 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
4126 satosin6(&spidx0->src)->sin6_port !=
4127 satosin6(&spidx1->src)->sin6_port)
4130 * scope_id check. if sin6_scope_id is 0, we regard it
4131 * as a wildcard scope, which matches any scope zone ID.
4133 if (satosin6(&spidx0->src)->sin6_scope_id &&
4134 satosin6(&spidx1->src)->sin6_scope_id &&
4135 satosin6(&spidx0->src)->sin6_scope_id !=
4136 satosin6(&spidx1->src)->sin6_scope_id)
4138 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
4139 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4144 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4149 switch (spidx0->dst.ss_family) {
4151 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
4152 satosin(&spidx0->dst)->sin_port !=
4153 satosin(&spidx1->dst)->sin_port)
4155 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
4156 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4160 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
4161 satosin6(&spidx0->dst)->sin6_port !=
4162 satosin6(&spidx1->dst)->sin6_port)
4165 * scope_id check. if sin6_scope_id is 0, we regard it
4166 * as a wildcard scope, which matches any scope zone ID.
4168 if (satosin6(&spidx0->src)->sin6_scope_id &&
4169 satosin6(&spidx1->src)->sin6_scope_id &&
4170 satosin6(&spidx0->dst)->sin6_scope_id !=
4171 satosin6(&spidx1->dst)->sin6_scope_id)
4173 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
4174 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4179 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4184 /* XXX Do we check other field ? e.g. flowinfo */
4189 /* returns 0 on match */
4191 key_sockaddrcmp(sa1, sa2, port)
4192 struct sockaddr *sa1;
4193 struct sockaddr *sa2;
4196 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4199 switch (sa1->sa_family) {
4201 if (sa1->sa_len != sizeof(struct sockaddr_in))
4203 if (satosin(sa1)->sin_addr.s_addr !=
4204 satosin(sa2)->sin_addr.s_addr) {
4207 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4211 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4212 return 1; /*EINVAL*/
4213 if (satosin6(sa1)->sin6_scope_id !=
4214 satosin6(sa2)->sin6_scope_id) {
4217 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4218 &satosin6(sa2)->sin6_addr)) {
4222 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4226 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4235 * compare two buffers with mask.
4239 * bits: Number of bits to compare
4245 key_bbcmp(p1, p2, bits)
4251 /* XXX: This could be considerably faster if we compare a word
4252 * at a time, but it is complicated on LSB Endian machines */
4254 /* Handle null pointers */
4255 if (p1 == NULL || p2 == NULL)
4265 mask = ~((1<<(8-bits))-1);
4266 if ((*p1 & mask) != (*p2 & mask))
4269 return 1; /* Match! */
4274 * scanning SPD and SAD to check status for each entries,
4275 * and do to remove or to expire.
4276 * XXX: year 2038 problem may remain.
4279 key_timehandler(arg)
4288 s = splnet(); /*called from softclock()*/
4292 struct secpolicy *sp, *nextsp;
4294 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4295 for (sp = LIST_FIRST(&sptree[dir]);
4298 nextsp = LIST_NEXT(sp, chain);
4300 if (sp->state == IPSEC_SPSTATE_DEAD) {
4301 key_sp_unlink(sp); /*XXX*/
4306 if (sp->lifetime == 0 && sp->validtime == 0)
4309 /* the deletion will occur next time */
4310 if ((sp->lifetime &&
4311 tv.tv_sec - sp->created > sp->lifetime) ||
4313 tv.tv_sec - sp->lastused > sp->validtime)) {
4321 /* invalidate all cached SPD pointers on pcb */
4322 ipsec_invalpcbcacheall();
4327 struct secashead *sah, *nextsah;
4328 struct secasvar *sav, *nextsav;
4330 for (sah = LIST_FIRST(&sahtree);
4334 nextsah = LIST_NEXT(sah, chain);
4336 /* if sah has been dead, then delete it and process next sah. */
4337 if (sah->state == SADB_SASTATE_DEAD) {
4342 /* if LARVAL entry doesn't become MATURE, delete it. */
4343 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4347 nextsav = LIST_NEXT(sav, chain);
4349 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4355 * check MATURE entry to start to send expire message
4358 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4362 nextsav = LIST_NEXT(sav, chain);
4364 /* we don't need to check. */
4365 if (sav->lft_s == NULL)
4369 if (sav->lft_c == NULL) {
4370 ipseclog((LOG_DEBUG, "key_timehandler: "
4371 "There is no CURRENT time, why?\n"));
4375 /* check SOFT lifetime */
4376 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4377 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4379 * check the SA if it has been used.
4380 * when it hasn't been used, delete it.
4381 * i don't think such SA will be used.
4383 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4384 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4388 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4390 * XXX If we keep to send expire
4391 * message in the status of
4392 * DYING. Do remove below code.
4398 /* check SOFT lifetime by bytes */
4400 * XXX I don't know the way to delete this SA
4401 * when new SA is installed. Caution when it's
4402 * installed too big lifetime by time.
4404 else if (sav->lft_s->sadb_lifetime_bytes != 0
4405 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4407 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4409 * XXX If we keep to send expire
4410 * message in the status of
4411 * DYING. Do remove below code.
4417 /* check DYING entry to change status to DEAD. */
4418 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4422 nextsav = LIST_NEXT(sav, chain);
4424 /* we don't need to check. */
4425 if (sav->lft_h == NULL)
4429 if (sav->lft_c == NULL) {
4430 ipseclog((LOG_DEBUG, "key_timehandler: "
4431 "There is no CURRENT time, why?\n"));
4435 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4436 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4437 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4441 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4442 else if (sav->lft_s != NULL
4443 && sav->lft_s->sadb_lifetime_addtime != 0
4444 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4446 * XXX: should be checked to be
4447 * installed the valid SA.
4451 * If there is no SA then sending
4457 /* check HARD lifetime by bytes */
4458 else if (sav->lft_h->sadb_lifetime_bytes != 0
4459 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4460 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4466 /* delete entry in DEAD */
4467 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4471 nextsav = LIST_NEXT(sav, chain);
4474 if (sav->state != SADB_SASTATE_DEAD) {
4475 ipseclog((LOG_DEBUG, "key_timehandler: "
4476 "invalid sav->state "
4477 "(queue: %u SA: %u): "
4479 SADB_SASTATE_DEAD, sav->state));
4483 * do not call key_freesav() here.
4484 * sav should already be freed, and sav->refcnt
4485 * shows other references to sav
4486 * (such as from SPD).
4492 #ifndef IPSEC_NONBLOCK_ACQUIRE
4495 struct secacq *acq, *nextacq;
4497 for (acq = LIST_FIRST(&acqtree);
4501 nextacq = LIST_NEXT(acq, chain);
4503 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4504 __LIST_CHAINED(acq)) {
4505 LIST_REMOVE(acq, chain);
4514 struct secspacq *acq, *nextacq;
4516 for (acq = LIST_FIRST(&spacqtree);
4520 nextacq = LIST_NEXT(acq, chain);
4522 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4523 __LIST_CHAINED(acq)) {
4524 LIST_REMOVE(acq, chain);
4531 * should set timeout based on the most closest timer expiration.
4532 * we don't bother to do that yet.
4534 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
4545 key_randomfill(&value, sizeof(value));
4550 key_randomfill(p, l)
4556 static int warn = 1;
4559 n = (size_t)read_random(p, (u_int)l);
4563 bcopy(&v, (u_int8_t *)p + n,
4564 l - n < sizeof(v) ? l - n : sizeof(v));
4568 printf("WARNING: pseudo-random number generator "
4569 "used for IPsec processing\n");
4576 * map SADB_SATYPE_* to IPPROTO_*.
4577 * if satype == SADB_SATYPE then satype is mapped to ~0.
4579 * 0: invalid satype.
4582 key_satype2proto(satype)
4586 case SADB_SATYPE_UNSPEC:
4587 return IPSEC_PROTO_ANY;
4588 case SADB_SATYPE_AH:
4590 case SADB_SATYPE_ESP:
4592 case SADB_X_SATYPE_IPCOMP:
4593 return IPPROTO_IPCOMP;
4602 * map IPPROTO_* to SADB_SATYPE_*
4604 * 0: invalid protocol type.
4607 key_proto2satype(proto)
4612 return SADB_SATYPE_AH;
4614 return SADB_SATYPE_ESP;
4615 case IPPROTO_IPCOMP:
4616 return SADB_X_SATYPE_IPCOMP;
4626 * SADB_GETSPI processing is to receive
4627 * <base, (SA2), src address, dst address, (SPI range)>
4628 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4629 * tree with the status of LARVAL, and send
4630 * <base, SA(*), address(SD)>
4633 * IN: mhp: pointer to the pointer to each header.
4634 * OUT: NULL if fail.
4635 * other if success, return pointer to the message to send.
4638 key_getspi(so, m, mhp)
4641 const struct sadb_msghdr *mhp;
4643 struct sadb_address *src0, *dst0;
4644 struct secasindex saidx;
4645 struct secashead *newsah;
4646 struct secasvar *newsav;
4654 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4655 panic("key_getspi: NULL pointer is passed.");
4657 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4658 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4659 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4660 return key_senderror(so, m, EINVAL);
4662 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4663 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4664 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4665 return key_senderror(so, m, EINVAL);
4667 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4668 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4669 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4671 mode = IPSEC_MODE_ANY;
4675 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4676 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4678 /* map satype to proto */
4679 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4680 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4681 return key_senderror(so, m, EINVAL);
4684 /* make sure if port number is zero. */
4685 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
4687 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4688 sizeof(struct sockaddr_in))
4689 return key_senderror(so, m, EINVAL);
4690 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
4693 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4694 sizeof(struct sockaddr_in6))
4695 return key_senderror(so, m, EINVAL);
4696 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
4701 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
4703 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4704 sizeof(struct sockaddr_in))
4705 return key_senderror(so, m, EINVAL);
4706 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
4709 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4710 sizeof(struct sockaddr_in6))
4711 return key_senderror(so, m, EINVAL);
4712 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
4718 /* XXX boundary check against sa_len */
4719 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4721 /* SPI allocation */
4722 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4725 return key_senderror(so, m, EINVAL);
4727 /* get a SA index */
4728 if ((newsah = key_getsah(&saidx)) == NULL) {
4729 /* create a new SA index */
4730 if ((newsah = key_newsah(&saidx)) == NULL) {
4731 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4732 return key_senderror(so, m, ENOBUFS);
4738 newsav = key_newsav(m, mhp, newsah, &error);
4739 if (newsav == NULL) {
4740 /* XXX don't free new SA index allocated in above. */
4741 return key_senderror(so, m, error);
4745 key_setspi(newsav, htonl(spi));
4747 #ifndef IPSEC_NONBLOCK_ACQUIRE
4748 /* delete the entry in acqtree */
4749 if (mhp->msg->sadb_msg_seq != 0) {
4751 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
4752 /* reset counter in order to deletion by timehandler. */
4753 acq->created = time_second;
4760 struct mbuf *n, *nn;
4761 struct sadb_sa *m_sa;
4762 struct sadb_msg *newmsg;
4765 /* create new sadb_msg to reply. */
4766 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
4767 PFKEY_ALIGN8(sizeof(struct sadb_sa));
4769 return key_senderror(so, m, ENOBUFS);
4771 MGETHDR(n, M_DONTWAIT, MT_DATA);
4773 MCLGET(n, M_DONTWAIT);
4774 if ((n->m_flags & M_EXT) == 0) {
4780 return key_senderror(so, m, ENOBUFS);
4786 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
4787 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
4789 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
4790 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
4791 m_sa->sadb_sa_exttype = SADB_EXT_SA;
4792 m_sa->sadb_sa_spi = htonl(spi);
4793 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
4797 panic("length inconsistency in key_getspi");
4800 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
4801 SADB_EXT_ADDRESS_DST);
4804 return key_senderror(so, m, ENOBUFS);
4807 if (n->m_len < sizeof(struct sadb_msg)) {
4808 n = m_pullup(n, sizeof(struct sadb_msg));
4810 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
4813 n->m_pkthdr.len = 0;
4814 for (nn = n; nn; nn = nn->m_next)
4815 n->m_pkthdr.len += nn->m_len;
4817 newmsg = mtod(n, struct sadb_msg *);
4818 newmsg->sadb_msg_seq = newsav->seq;
4819 newmsg->sadb_msg_errno = 0;
4820 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
4823 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
4828 * allocating new SPI
4829 * called by key_getspi().
4835 key_do_getnewspi(spirange, saidx)
4836 struct sadb_spirange *spirange;
4837 struct secasindex *saidx;
4841 int count = key_spi_trycnt;
4843 /* set spi range to allocate */
4844 if (spirange != NULL) {
4845 min = spirange->sadb_spirange_min;
4846 max = spirange->sadb_spirange_max;
4848 min = key_spi_minval;
4849 max = key_spi_maxval;
4851 /* IPCOMP needs 2-byte SPI */
4852 if (saidx->proto == IPPROTO_IPCOMP) {
4859 t = min; min = max; max = t;
4864 if (key_checkspidup(saidx, min) != NULL) {
4865 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
4869 count--; /* taking one cost. */
4877 /* when requesting to allocate spi ranged */
4879 /* generate pseudo-random SPI value ranged. */
4880 newspi = min + (key_random() % (max - min + 1));
4882 if (key_checkspidup(saidx, newspi) == NULL)
4886 if (count == 0 || newspi == 0) {
4887 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
4893 keystat.getspi_count =
4894 (keystat.getspi_count + key_spi_trycnt - count) / 2;
4900 * SADB_UPDATE processing
4902 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4903 * key(AE), (identity(SD),) (sensitivity)>
4904 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4906 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4907 * (identity(SD),) (sensitivity)>
4910 * m will always be freed.
4913 key_update(so, m, mhp)
4916 const struct sadb_msghdr *mhp;
4918 struct sadb_sa *sa0;
4919 struct sadb_address *src0, *dst0;
4920 struct secasindex saidx;
4921 struct secashead *sah;
4922 struct secasvar *sav;
4929 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4930 panic("key_update: NULL pointer is passed.");
4932 /* map satype to proto */
4933 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4934 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
4935 return key_senderror(so, m, EINVAL);
4938 if (mhp->ext[SADB_EXT_SA] == NULL ||
4939 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4940 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
4941 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
4942 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
4943 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
4944 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
4945 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
4946 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
4947 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
4948 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
4949 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4950 return key_senderror(so, m, EINVAL);
4952 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
4953 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4954 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4955 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4956 return key_senderror(so, m, EINVAL);
4958 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4959 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4960 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4962 mode = IPSEC_MODE_ANY;
4965 /* XXX boundary checking for other extensions */
4967 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
4968 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4969 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4971 /* XXX boundary check against sa_len */
4972 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4974 /* get a SA header */
4975 if ((sah = key_getsah(&saidx)) == NULL) {
4976 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
4977 return key_senderror(so, m, ENOENT);
4980 /* set spidx if there */
4982 error = key_setident(sah, m, mhp);
4984 return key_senderror(so, m, error);
4986 /* find a SA with sequence number. */
4987 #ifdef IPSEC_DOSEQCHECK
4988 if (mhp->msg->sadb_msg_seq != 0 &&
4989 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
4990 ipseclog((LOG_DEBUG,
4991 "key_update: no larval SA with sequence %u exists.\n",
4992 mhp->msg->sadb_msg_seq));
4993 return key_senderror(so, m, ENOENT);
4996 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
4997 ipseclog((LOG_DEBUG,
4998 "key_update: no such a SA found (spi:%u)\n",
4999 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5000 return key_senderror(so, m, EINVAL);
5004 /* validity check */
5005 if (sav->sah->saidx.proto != proto) {
5006 ipseclog((LOG_DEBUG,
5007 "key_update: protocol mismatched (DB=%u param=%u)\n",
5008 sav->sah->saidx.proto, proto));
5009 return key_senderror(so, m, EINVAL);
5011 #ifdef IPSEC_DOSEQCHECK
5012 if (sav->spi != sa0->sadb_sa_spi) {
5013 ipseclog((LOG_DEBUG,
5014 "key_update: SPI mismatched (DB:%u param:%u)\n",
5015 (u_int32_t)ntohl(sav->spi),
5016 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5017 return key_senderror(so, m, EINVAL);
5020 if (sav->pid != mhp->msg->sadb_msg_pid) {
5021 ipseclog((LOG_DEBUG,
5022 "key_update: pid mismatched (DB:%u param:%u)\n",
5023 sav->pid, mhp->msg->sadb_msg_pid));
5024 return key_senderror(so, m, EINVAL);
5027 /* copy sav values */
5028 error = key_setsaval(sav, m, mhp);
5031 return key_senderror(so, m, error);
5034 /* check SA values to be mature. */
5035 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
5037 return key_senderror(so, m, 0);
5043 /* set msg buf from mhp */
5044 n = key_getmsgbuf_x1(m, mhp);
5046 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5047 return key_senderror(so, m, ENOBUFS);
5051 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5056 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5057 * only called by key_update().
5060 * others : found, pointer to a SA.
5062 #ifdef IPSEC_DOSEQCHECK
5063 static struct secasvar *
5064 key_getsavbyseq(sah, seq)
5065 struct secashead *sah;
5068 struct secasvar *sav;
5071 state = SADB_SASTATE_LARVAL;
5073 /* search SAD with sequence number ? */
5074 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5076 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5078 if (sav->seq == seq) {
5080 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
5081 printf("DP key_getsavbyseq cause "
5082 "refcnt++:%d SA:%p\n",
5093 * SADB_ADD processing
5094 * add an entry to SA database, when received
5095 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5096 * key(AE), (identity(SD),) (sensitivity)>
5099 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5100 * (identity(SD),) (sensitivity)>
5103 * IGNORE identity and sensitivity messages.
5105 * m will always be freed.
5111 const struct sadb_msghdr *mhp;
5113 struct sadb_sa *sa0;
5114 struct sadb_address *src0, *dst0;
5115 struct secasindex saidx;
5116 struct secashead *newsah;
5117 struct secasvar *newsav;
5124 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5125 panic("key_add: NULL pointer is passed.");
5127 /* map satype to proto */
5128 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5129 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5130 return key_senderror(so, m, EINVAL);
5133 if (mhp->ext[SADB_EXT_SA] == NULL ||
5134 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5135 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5136 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5137 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5138 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5139 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5140 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5141 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5142 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5143 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5144 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5145 return key_senderror(so, m, EINVAL);
5147 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5148 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5149 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5151 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5152 return key_senderror(so, m, EINVAL);
5154 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5155 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5156 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5158 mode = IPSEC_MODE_ANY;
5162 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5163 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5164 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5166 /* XXX boundary check against sa_len */
5167 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5169 /* get a SA header */
5170 if ((newsah = key_getsah(&saidx)) == NULL) {
5171 /* create a new SA header */
5172 if ((newsah = key_newsah(&saidx)) == NULL) {
5173 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5174 return key_senderror(so, m, ENOBUFS);
5178 /* set spidx if there */
5180 error = key_setident(newsah, m, mhp);
5182 return key_senderror(so, m, error);
5185 /* create new SA entry. */
5186 /* We can create new SA only if SPI is differenct. */
5187 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5188 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5189 return key_senderror(so, m, EEXIST);
5191 newsav = key_newsav(m, mhp, newsah, &error);
5192 if (newsav == NULL) {
5193 return key_senderror(so, m, error);
5196 /* check SA values to be mature. */
5197 if ((error = key_mature(newsav)) != 0) {
5198 key_freesav(newsav);
5199 return key_senderror(so, m, error);
5203 * don't call key_freesav() here, as we would like to keep the SA
5204 * in the database on success.
5210 /* set msg buf from mhp */
5211 n = key_getmsgbuf_x1(m, mhp);
5213 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5214 return key_senderror(so, m, ENOBUFS);
5218 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5224 key_setident(sah, m, mhp)
5225 struct secashead *sah;
5227 const struct sadb_msghdr *mhp;
5229 const struct sadb_ident *idsrc, *iddst;
5230 int idsrclen, iddstlen;
5233 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5234 panic("key_setident: NULL pointer is passed.");
5236 /* don't make buffer if not there */
5237 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5238 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5244 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5245 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5246 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5250 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5251 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5252 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5253 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5255 /* validity check */
5256 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5257 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5261 switch (idsrc->sadb_ident_type) {
5262 case SADB_IDENTTYPE_PREFIX:
5263 case SADB_IDENTTYPE_FQDN:
5264 case SADB_IDENTTYPE_USERFQDN:
5266 /* XXX do nothing */
5272 /* make structure */
5273 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5274 if (sah->idents == NULL) {
5275 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5278 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5279 if (sah->identd == NULL) {
5282 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5285 bcopy(idsrc, sah->idents, idsrclen);
5286 bcopy(iddst, sah->identd, iddstlen);
5292 * m will not be freed on return.
5293 * it is caller's responsibility to free the result.
5295 static struct mbuf *
5296 key_getmsgbuf_x1(m, mhp)
5298 const struct sadb_msghdr *mhp;
5303 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5304 panic("key_getmsgbuf_x1: NULL pointer is passed.");
5306 /* create new sadb_msg to reply. */
5307 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5308 SADB_EXT_SA, SADB_X_EXT_SA2,
5309 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5310 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5311 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5315 if (n->m_len < sizeof(struct sadb_msg)) {
5316 n = m_pullup(n, sizeof(struct sadb_msg));
5320 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5321 mtod(n, struct sadb_msg *)->sadb_msg_len =
5322 PFKEY_UNIT64(n->m_pkthdr.len);
5327 static int key_delete_all(struct socket *, struct mbuf *,
5328 const struct sadb_msghdr *, u_int16_t);
5331 * SADB_DELETE processing
5333 * <base, SA(*), address(SD)>
5334 * from the ikmpd, and set SADB_SASTATE_DEAD,
5336 * <base, SA(*), address(SD)>
5339 * m will always be freed.
5342 key_delete(so, m, mhp)
5345 const struct sadb_msghdr *mhp;
5347 struct sadb_sa *sa0;
5348 struct sadb_address *src0, *dst0;
5349 struct secasindex saidx;
5350 struct secashead *sah;
5351 struct secasvar *sav = NULL;
5355 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5356 panic("key_delete: NULL pointer is passed.");
5358 /* map satype to proto */
5359 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5360 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5361 return key_senderror(so, m, EINVAL);
5364 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5365 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5366 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5367 return key_senderror(so, m, EINVAL);
5370 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5371 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5372 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5373 return key_senderror(so, m, EINVAL);
5376 if (mhp->ext[SADB_EXT_SA] == NULL) {
5378 * Caller wants us to delete all non-LARVAL SAs
5379 * that match the src/dst. This is used during
5380 * IKE INITIAL-CONTACT.
5382 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5383 return key_delete_all(so, m, mhp, proto);
5384 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5385 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5386 return key_senderror(so, m, EINVAL);
5389 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5390 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5391 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5393 /* XXX boundary check against sa_len */
5394 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5396 /* get a SA header */
5397 LIST_FOREACH(sah, &sahtree, chain) {
5398 if (sah->state == SADB_SASTATE_DEAD)
5400 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5403 /* get a SA with SPI. */
5404 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5409 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5410 return key_senderror(so, m, ENOENT);
5413 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5419 struct sadb_msg *newmsg;
5421 /* create new sadb_msg to reply. */
5422 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5423 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5425 return key_senderror(so, m, ENOBUFS);
5427 if (n->m_len < sizeof(struct sadb_msg)) {
5428 n = m_pullup(n, sizeof(struct sadb_msg));
5430 return key_senderror(so, m, ENOBUFS);
5432 newmsg = mtod(n, struct sadb_msg *);
5433 newmsg->sadb_msg_errno = 0;
5434 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5437 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5442 * delete all SAs for src/dst. Called from key_delete().
5445 key_delete_all(so, m, mhp, proto)
5448 const struct sadb_msghdr *mhp;
5451 struct sadb_address *src0, *dst0;
5452 struct secasindex saidx;
5453 struct secashead *sah;
5454 struct secasvar *sav, *nextsav;
5455 u_int stateidx, state;
5457 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5458 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5460 /* XXX boundary check against sa_len */
5461 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5463 LIST_FOREACH(sah, &sahtree, chain) {
5464 if (sah->state == SADB_SASTATE_DEAD)
5466 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5469 /* Delete all non-LARVAL SAs. */
5471 stateidx < _ARRAYLEN(saorder_state_alive);
5473 state = saorder_state_alive[stateidx];
5474 if (state == SADB_SASTATE_LARVAL)
5476 for (sav = LIST_FIRST(&sah->savtree[state]);
5477 sav != NULL; sav = nextsav) {
5478 nextsav = LIST_NEXT(sav, chain);
5480 if (sav->state != state) {
5481 ipseclog((LOG_DEBUG, "key_delete_all: "
5482 "invalid sav->state "
5483 "(queue: %u SA: %u)\n",
5484 state, sav->state));
5488 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5495 struct sadb_msg *newmsg;
5497 /* create new sadb_msg to reply. */
5498 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5499 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5501 return key_senderror(so, m, ENOBUFS);
5503 if (n->m_len < sizeof(struct sadb_msg)) {
5504 n = m_pullup(n, sizeof(struct sadb_msg));
5506 return key_senderror(so, m, ENOBUFS);
5508 newmsg = mtod(n, struct sadb_msg *);
5509 newmsg->sadb_msg_errno = 0;
5510 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5513 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5518 * SADB_GET processing
5520 * <base, SA(*), address(SD)>
5521 * from the ikmpd, and get a SP and a SA to respond,
5523 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5524 * (identity(SD),) (sensitivity)>
5527 * m will always be freed.
5533 const struct sadb_msghdr *mhp;
5535 struct sadb_sa *sa0;
5536 struct sadb_address *src0, *dst0;
5537 struct secasindex saidx;
5538 struct secashead *sah;
5539 struct secasvar *sav = NULL;
5543 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5544 panic("key_get: NULL pointer is passed.");
5546 /* map satype to proto */
5547 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5548 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5549 return key_senderror(so, m, EINVAL);
5552 if (mhp->ext[SADB_EXT_SA] == NULL ||
5553 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5554 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5555 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5556 return key_senderror(so, m, EINVAL);
5558 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5559 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5560 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5561 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5562 return key_senderror(so, m, EINVAL);
5565 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5566 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5567 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5569 /* XXX boundary check against sa_len */
5570 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5572 /* get a SA header */
5573 LIST_FOREACH(sah, &sahtree, chain) {
5574 if (sah->state == SADB_SASTATE_DEAD)
5576 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5579 /* get a SA with SPI. */
5580 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5585 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5586 return key_senderror(so, m, ENOENT);
5593 /* map proto to satype */
5594 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
5595 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5596 return key_senderror(so, m, EINVAL);
5599 /* create new sadb_msg to reply. */
5600 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5601 mhp->msg->sadb_msg_pid);
5603 return key_senderror(so, m, ENOBUFS);
5606 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5610 /* XXX make it sysctl-configurable? */
5612 key_getcomb_setlifetime(comb)
5613 struct sadb_comb *comb;
5616 comb->sadb_comb_soft_allocations = 1;
5617 comb->sadb_comb_hard_allocations = 1;
5618 comb->sadb_comb_soft_bytes = 0;
5619 comb->sadb_comb_hard_bytes = 0;
5620 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
5621 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
5622 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
5623 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
5628 * XXX reorder combinations by preference
5629 * XXX no idea if the user wants ESP authentication or not
5631 static struct mbuf *
5634 struct sadb_comb *comb;
5635 const struct esp_algorithm *algo;
5636 struct mbuf *result = NULL, *m, *n;
5640 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5643 for (i = 1; i <= SADB_EALG_MAX; i++) {
5644 algo = esp_algorithm_lookup(i);
5648 if (algo->keymax < ipsec_esp_keymin)
5650 if (algo->keymin < ipsec_esp_keymin)
5651 encmin = ipsec_esp_keymin;
5653 encmin = algo->keymin;
5656 m = key_getcomb_ah();
5660 panic("assumption failed in key_getcomb_esp");
5662 MGET(m, M_DONTWAIT, MT_DATA);
5667 bzero(mtod(m, caddr_t), m->m_len);
5674 for (n = m; n; n = n->m_next)
5678 panic("assumption failed in key_getcomb_esp");
5681 for (off = 0; off < totlen; off += l) {
5682 n = m_pulldown(m, off, l, &o);
5684 /* m is already freed */
5687 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
5688 bzero(comb, sizeof(*comb));
5689 key_getcomb_setlifetime(comb);
5690 comb->sadb_comb_encrypt = i;
5691 comb->sadb_comb_encrypt_minbits = encmin;
5692 comb->sadb_comb_encrypt_maxbits = algo->keymax;
5711 * XXX reorder combinations by preference
5713 static struct mbuf *
5716 struct sadb_comb *comb;
5717 const struct ah_algorithm *algo;
5721 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5724 for (i = 1; i <= SADB_AALG_MAX; i++) {
5726 /* we prefer HMAC algorithms, not old algorithms */
5727 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
5730 algo = ah_algorithm_lookup(i);
5734 if (algo->keymax < ipsec_ah_keymin)
5736 if (algo->keymin < ipsec_ah_keymin)
5737 min = ipsec_ah_keymin;
5744 panic("assumption failed in key_getcomb_ah");
5746 MGET(m, M_DONTWAIT, MT_DATA);
5753 M_PREPEND(m, l, M_DONTWAIT);
5757 comb = mtod(m, struct sadb_comb *);
5758 bzero(comb, sizeof(*comb));
5759 key_getcomb_setlifetime(comb);
5760 comb->sadb_comb_auth = i;
5761 comb->sadb_comb_auth_minbits = min;
5762 comb->sadb_comb_auth_maxbits = algo->keymax;
5769 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5770 * XXX reorder combinations by preference
5772 static struct mbuf *
5773 key_getcomb_ipcomp()
5775 struct sadb_comb *comb;
5776 const struct ipcomp_algorithm *algo;
5779 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5782 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
5783 algo = ipcomp_algorithm_lookup(i);
5790 panic("assumption failed in key_getcomb_ipcomp");
5792 MGET(m, M_DONTWAIT, MT_DATA);
5799 M_PREPEND(m, l, M_DONTWAIT);
5803 comb = mtod(m, struct sadb_comb *);
5804 bzero(comb, sizeof(*comb));
5805 key_getcomb_setlifetime(comb);
5806 comb->sadb_comb_encrypt = i;
5807 /* what should we set into sadb_comb_*_{min,max}bits? */
5814 * XXX no way to pass mode (transport/tunnel) to userland
5815 * XXX replay checking?
5816 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5818 static struct mbuf *
5820 const struct secasindex *saidx;
5822 struct sadb_prop *prop;
5824 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
5827 switch (saidx->proto) {
5830 m = key_getcomb_esp();
5834 m = key_getcomb_ah();
5836 case IPPROTO_IPCOMP:
5837 m = key_getcomb_ipcomp();
5845 M_PREPEND(m, l, M_DONTWAIT);
5850 for (n = m; n; n = n->m_next)
5853 prop = mtod(m, struct sadb_prop *);
5854 bzero(prop, sizeof(*prop));
5855 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
5856 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
5857 prop->sadb_prop_replay = 32; /* XXX */
5863 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5865 * <base, SA, address(SD), (address(P)), x_policy,
5866 * (identity(SD),) (sensitivity,) proposal>
5867 * to KMD, and expect to receive
5868 * <base> with SADB_ACQUIRE if error occured,
5870 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5871 * from KMD by PF_KEY.
5873 * XXX x_policy is outside of RFC2367 (KAME extension).
5874 * XXX sensitivity is not supported.
5875 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5876 * see comment for key_getcomb_ipcomp().
5880 * others: error number
5883 key_acquire(saidx, sp)
5884 struct secasindex *saidx;
5885 struct secpolicy *sp;
5887 struct mbuf *result = NULL, *m;
5888 #ifndef IPSEC_NONBLOCK_ACQUIRE
5889 struct secacq *newacq;
5897 panic("key_acquire: NULL pointer is passed.");
5898 if ((satype = key_proto2satype(saidx->proto)) == 0)
5899 panic("key_acquire: invalid proto is passed.");
5901 #ifndef IPSEC_NONBLOCK_ACQUIRE
5903 * We never do anything about acquirng SA. There is anather
5904 * solution that kernel blocks to send SADB_ACQUIRE message until
5905 * getting something message from IKEd. In later case, to be
5906 * managed with ACQUIRING list.
5908 /* get an entry to check whether sending message or not. */
5909 if ((newacq = key_getacq(saidx)) != NULL) {
5910 if (key_blockacq_count < newacq->count) {
5911 /* reset counter and do send message. */
5914 /* increment counter and do nothing. */
5919 /* make new entry for blocking to send SADB_ACQUIRE. */
5920 if ((newacq = key_newacq(saidx)) == NULL)
5923 /* add to acqtree */
5924 LIST_INSERT_HEAD(&acqtree, newacq, chain);
5929 #ifndef IPSEC_NONBLOCK_ACQUIRE
5932 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
5934 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
5941 /* set sadb_address for saidx's. */
5942 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
5943 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
5950 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
5951 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
5958 /* XXX proxy address (optional) */
5960 /* set sadb_x_policy */
5962 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
5970 /* XXX identity (optional) */
5972 if (idexttype && fqdn) {
5973 /* create identity extension (FQDN) */
5974 struct sadb_ident *id;
5977 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
5978 id = (struct sadb_ident *)p;
5979 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
5980 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
5981 id->sadb_ident_exttype = idexttype;
5982 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
5983 bcopy(fqdn, id + 1, fqdnlen);
5984 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
5988 /* create identity extension (USERFQDN) */
5989 struct sadb_ident *id;
5993 /* +1 for terminating-NUL */
5994 userfqdnlen = strlen(userfqdn) + 1;
5997 id = (struct sadb_ident *)p;
5998 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
5999 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6000 id->sadb_ident_exttype = idexttype;
6001 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6002 /* XXX is it correct? */
6003 if (curproc && curproc->p_cred)
6004 id->sadb_ident_id = curproc->p_cred->p_ruid;
6005 if (userfqdn && userfqdnlen)
6006 bcopy(userfqdn, id + 1, userfqdnlen);
6007 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6011 /* XXX sensitivity (optional) */
6013 /* create proposal/combination extension */
6014 m = key_getprop(saidx);
6017 * spec conformant: always attach proposal/combination extension,
6018 * the problem is that we have no way to attach it for ipcomp,
6019 * due to the way sadb_comb is declared in RFC2367.
6028 * outside of spec; make proposal/combination extension optional.
6034 if ((result->m_flags & M_PKTHDR) == 0) {
6039 if (result->m_len < sizeof(struct sadb_msg)) {
6040 result = m_pullup(result, sizeof(struct sadb_msg));
6041 if (result == NULL) {
6047 result->m_pkthdr.len = 0;
6048 for (m = result; m; m = m->m_next)
6049 result->m_pkthdr.len += m->m_len;
6051 mtod(result, struct sadb_msg *)->sadb_msg_len =
6052 PFKEY_UNIT64(result->m_pkthdr.len);
6054 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6062 #ifndef IPSEC_NONBLOCK_ACQUIRE
6063 static struct secacq *
6065 struct secasindex *saidx;
6067 struct secacq *newacq;
6070 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
6071 if (newacq == NULL) {
6072 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6075 bzero(newacq, sizeof(*newacq));
6078 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
6079 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6080 newacq->created = time_second;
6086 static struct secacq *
6088 struct secasindex *saidx;
6092 LIST_FOREACH(acq, &acqtree, chain) {
6093 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6100 static struct secacq *
6101 key_getacqbyseq(seq)
6106 LIST_FOREACH(acq, &acqtree, chain) {
6107 if (acq->seq == seq)
6115 static struct secspacq *
6117 struct secpolicyindex *spidx;
6119 struct secspacq *acq;
6125 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
6127 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6130 bzero(acq, sizeof(*acq));
6133 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
6134 acq->created = time_second;
6140 static struct secspacq *
6142 struct secpolicyindex *spidx;
6144 struct secspacq *acq;
6149 LIST_FOREACH(acq, &spacqtree, chain) {
6150 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6158 * SADB_ACQUIRE processing,
6159 * in first situation, is receiving
6161 * from the ikmpd, and clear sequence of its secasvar entry.
6163 * In second situation, is receiving
6164 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6165 * from a user land process, and return
6166 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6169 * m will always be freed.
6172 key_acquire2(so, m, mhp)
6175 const struct sadb_msghdr *mhp;
6177 struct sadb_address *src0, *dst0;
6178 struct secasindex saidx;
6179 struct secashead *sah;
6184 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6185 panic("key_acquire2: NULL pointer is passed.");
6188 * Error message from KMd.
6189 * We assume that if error was occured in IKEd, the length of PFKEY
6190 * message is equal to the size of sadb_msg structure.
6191 * We do not raise error even if error occured in this function.
6193 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6194 #ifndef IPSEC_NONBLOCK_ACQUIRE
6197 /* check sequence number */
6198 if (mhp->msg->sadb_msg_seq == 0) {
6199 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6204 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6206 * the specified larval SA is already gone, or we got
6207 * a bogus sequence number. we can silently ignore it.
6213 /* reset acq counter in order to deletion by timehander. */
6214 acq->created = time_second;
6222 * This message is from user land.
6225 /* map satype to proto */
6226 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6227 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6228 return key_senderror(so, m, EINVAL);
6231 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6232 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6233 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6235 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6236 return key_senderror(so, m, EINVAL);
6238 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6239 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6240 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6242 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6243 return key_senderror(so, m, EINVAL);
6246 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6247 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6249 /* XXX boundary check against sa_len */
6250 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6252 /* get a SA index */
6253 LIST_FOREACH(sah, &sahtree, chain) {
6254 if (sah->state == SADB_SASTATE_DEAD)
6256 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6260 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6261 return key_senderror(so, m, EEXIST);
6264 error = key_acquire(&saidx, NULL);
6266 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6267 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6268 return key_senderror(so, m, error);
6271 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6275 * SADB_REGISTER processing.
6276 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6279 * from the ikmpd, and register a socket to send PF_KEY messages,
6283 * If socket is detached, must free from regnode.
6285 * m will always be freed.
6288 key_register(so, m, mhp)
6291 const struct sadb_msghdr *mhp;
6293 struct secreg *reg, *newreg = 0;
6296 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6297 panic("key_register: NULL pointer is passed.");
6299 /* check for invalid register message */
6300 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6301 return key_senderror(so, m, EINVAL);
6303 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6304 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6307 /* check whether existing or not */
6308 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6309 if (reg->so == so) {
6310 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6311 return key_senderror(so, m, EEXIST);
6315 /* create regnode */
6316 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6317 if (newreg == NULL) {
6318 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6319 return key_senderror(so, m, ENOBUFS);
6321 bzero((caddr_t)newreg, sizeof(*newreg));
6324 ((struct keycb *)sotorawcb(so))->kp_registered++;
6326 /* add regnode to regtree. */
6327 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6332 struct sadb_msg *newmsg;
6333 struct sadb_supported *sup;
6334 u_int len, alen, elen;
6337 struct sadb_alg *alg;
6339 /* create new sadb_msg to reply. */
6341 for (i = 1; i <= SADB_AALG_MAX; i++) {
6342 if (ah_algorithm_lookup(i))
6343 alen += sizeof(struct sadb_alg);
6346 alen += sizeof(struct sadb_supported);
6349 for (i = 1; i <= SADB_EALG_MAX; i++) {
6350 if (esp_algorithm_lookup(i))
6351 elen += sizeof(struct sadb_alg);
6354 elen += sizeof(struct sadb_supported);
6357 len = sizeof(struct sadb_msg) + alen + elen;
6360 return key_senderror(so, m, ENOBUFS);
6362 MGETHDR(n, M_DONTWAIT, MT_DATA);
6364 MCLGET(n, M_DONTWAIT);
6365 if ((n->m_flags & M_EXT) == 0) {
6371 return key_senderror(so, m, ENOBUFS);
6373 n->m_pkthdr.len = n->m_len = len;
6377 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6378 newmsg = mtod(n, struct sadb_msg *);
6379 newmsg->sadb_msg_errno = 0;
6380 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6381 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6383 /* for authentication algorithm */
6385 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6386 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6387 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6388 off += PFKEY_ALIGN8(sizeof(*sup));
6390 for (i = 1; i <= SADB_AALG_MAX; i++) {
6391 const struct ah_algorithm *aalgo;
6393 aalgo = ah_algorithm_lookup(i);
6396 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6397 alg->sadb_alg_id = i;
6398 alg->sadb_alg_ivlen = 0;
6399 alg->sadb_alg_minbits = aalgo->keymin;
6400 alg->sadb_alg_maxbits = aalgo->keymax;
6401 off += PFKEY_ALIGN8(sizeof(*alg));
6406 /* for encryption algorithm */
6408 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6409 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6410 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6411 off += PFKEY_ALIGN8(sizeof(*sup));
6413 for (i = 1; i <= SADB_EALG_MAX; i++) {
6414 const struct esp_algorithm *ealgo;
6416 ealgo = esp_algorithm_lookup(i);
6419 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6420 alg->sadb_alg_id = i;
6421 if (ealgo && ealgo->ivlen) {
6423 * give NULL to get the value preferred by
6424 * algorithm XXX SADB_X_EXT_DERIV ?
6426 alg->sadb_alg_ivlen =
6427 (*ealgo->ivlen)(ealgo, NULL);
6429 alg->sadb_alg_ivlen = 0;
6430 alg->sadb_alg_minbits = ealgo->keymin;
6431 alg->sadb_alg_maxbits = ealgo->keymax;
6432 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6439 panic("length assumption failed in key_register");
6443 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6448 * free secreg entry registered.
6449 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6460 panic("key_freereg: NULL pointer is passed.");
6463 * check whether existing or not.
6464 * check all type of SA, because there is a potential that
6465 * one socket is registered to multiple type of SA.
6467 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6468 LIST_FOREACH(reg, ®tree[i], chain) {
6469 if (reg->so == so && __LIST_CHAINED(reg)) {
6470 LIST_REMOVE(reg, chain);
6481 * SADB_EXPIRE processing
6483 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6485 * NOTE: We send only soft lifetime extension.
6488 * others : error number
6492 struct secasvar *sav;
6496 struct mbuf *result = NULL, *m;
6499 struct sadb_lifetime *lt;
6501 /* XXX: Why do we lock ? */
6502 s = splnet(); /*called from softclock()*/
6506 panic("key_expire: NULL pointer is passed.");
6507 if (sav->sah == NULL)
6508 panic("key_expire: Why was SA index in SA NULL.");
6509 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
6510 panic("key_expire: invalid proto is passed.");
6512 /* set msg header */
6513 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6520 /* create SA extension */
6521 m = key_setsadbsa(sav);
6528 /* create SA extension */
6529 m = key_setsadbxsa2(sav->sah->saidx.mode,
6530 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
6531 sav->sah->saidx.reqid);
6538 /* create lifetime extension (current and soft) */
6539 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6540 m = key_alloc_mbuf(len);
6541 if (!m || m->m_next) { /*XXX*/
6547 bzero(mtod(m, caddr_t), len);
6548 lt = mtod(m, struct sadb_lifetime *);
6549 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6550 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6551 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6552 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6553 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
6554 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
6555 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
6556 bcopy(sav->lft_s, lt, sizeof(*lt));
6559 /* set sadb_address for source */
6560 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6561 (struct sockaddr *)&sav->sah->saidx.src,
6562 FULLMASK, IPSEC_ULPROTO_ANY);
6569 /* set sadb_address for destination */
6570 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6571 (struct sockaddr *)&sav->sah->saidx.dst,
6572 FULLMASK, IPSEC_ULPROTO_ANY);
6579 if ((result->m_flags & M_PKTHDR) == 0) {
6584 if (result->m_len < sizeof(struct sadb_msg)) {
6585 result = m_pullup(result, sizeof(struct sadb_msg));
6586 if (result == NULL) {
6592 result->m_pkthdr.len = 0;
6593 for (m = result; m; m = m->m_next)
6594 result->m_pkthdr.len += m->m_len;
6596 mtod(result, struct sadb_msg *)->sadb_msg_len =
6597 PFKEY_UNIT64(result->m_pkthdr.len);
6600 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6610 * SADB_FLUSH processing
6613 * from the ikmpd, and free all entries in secastree.
6617 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6619 * m will always be freed.
6622 key_flush(so, m, mhp)
6625 const struct sadb_msghdr *mhp;
6627 struct sadb_msg *newmsg;
6628 struct secashead *sah, *nextsah;
6629 struct secasvar *sav, *nextsav;
6635 if (so == NULL || mhp == NULL || mhp->msg == NULL)
6636 panic("key_flush: NULL pointer is passed.");
6638 /* map satype to proto */
6639 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6640 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
6641 return key_senderror(so, m, EINVAL);
6644 /* no SATYPE specified, i.e. flushing all SA. */
6645 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
6646 nextsah = LIST_NEXT(sah, chain);
6648 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6649 proto != sah->saidx.proto)
6653 stateidx < _ARRAYLEN(saorder_state_alive);
6655 state = saorder_state_any[stateidx];
6656 for (sav = LIST_FIRST(&sah->savtree[state]);
6660 nextsav = LIST_NEXT(sav, chain);
6662 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6667 sah->state = SADB_SASTATE_DEAD;
6670 if (m->m_len < sizeof(struct sadb_msg) ||
6671 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
6672 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
6673 return key_senderror(so, m, ENOBUFS);
6679 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
6680 newmsg = mtod(m, struct sadb_msg *);
6681 newmsg->sadb_msg_errno = 0;
6682 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
6684 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6688 * SADB_DUMP processing
6689 * dump all entries including status of DEAD in SAD.
6692 * from the ikmpd, and dump all secasvar leaves
6697 * m will always be freed.
6700 key_dump(so, m, mhp)
6703 const struct sadb_msghdr *mhp;
6705 struct secashead *sah;
6706 struct secasvar *sav;
6715 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6716 panic("key_dump: NULL pointer is passed.");
6718 /* map satype to proto */
6719 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6720 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
6721 return key_senderror(so, m, EINVAL);
6724 /* count sav entries to be sent to the userland. */
6726 LIST_FOREACH(sah, &sahtree, chain) {
6727 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6728 proto != sah->saidx.proto)
6732 stateidx < _ARRAYLEN(saorder_state_any);
6734 state = saorder_state_any[stateidx];
6735 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6742 return key_senderror(so, m, ENOENT);
6744 /* send this to the userland, one at a time. */
6745 LIST_FOREACH(sah, &sahtree, chain) {
6746 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6747 proto != sah->saidx.proto)
6750 /* map proto to satype */
6751 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6752 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
6753 return key_senderror(so, m, EINVAL);
6757 stateidx < _ARRAYLEN(saorder_state_any);
6759 state = saorder_state_any[stateidx];
6760 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6761 n = key_setdumpsa(sav, SADB_DUMP, satype,
6762 --cnt, mhp->msg->sadb_msg_pid);
6764 return key_senderror(so, m, ENOBUFS);
6766 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6776 * SADB_X_PROMISC processing
6778 * m will always be freed.
6781 key_promisc(so, m, mhp)
6784 const struct sadb_msghdr *mhp;
6789 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6790 panic("key_promisc: NULL pointer is passed.");
6792 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
6794 if (olen < sizeof(struct sadb_msg)) {
6796 return key_senderror(so, m, EINVAL);
6801 } else if (olen == sizeof(struct sadb_msg)) {
6802 /* enable/disable promisc mode */
6805 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
6806 return key_senderror(so, m, EINVAL);
6807 mhp->msg->sadb_msg_errno = 0;
6808 switch (mhp->msg->sadb_msg_satype) {
6811 kp->kp_promisc = mhp->msg->sadb_msg_satype;
6814 return key_senderror(so, m, EINVAL);
6817 /* send the original message back to everyone */
6818 mhp->msg->sadb_msg_errno = 0;
6819 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6821 /* send packet as is */
6823 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
6825 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6826 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6830 static int (*key_typesw[])(struct socket *, struct mbuf *,
6831 const struct sadb_msghdr *) = {
6832 NULL, /* SADB_RESERVED */
6833 key_getspi, /* SADB_GETSPI */
6834 key_update, /* SADB_UPDATE */
6835 key_add, /* SADB_ADD */
6836 key_delete, /* SADB_DELETE */
6837 key_get, /* SADB_GET */
6838 key_acquire2, /* SADB_ACQUIRE */
6839 key_register, /* SADB_REGISTER */
6840 NULL, /* SADB_EXPIRE */
6841 key_flush, /* SADB_FLUSH */
6842 key_dump, /* SADB_DUMP */
6843 key_promisc, /* SADB_X_PROMISC */
6844 NULL, /* SADB_X_PCHANGE */
6845 key_spdadd, /* SADB_X_SPDUPDATE */
6846 key_spdadd, /* SADB_X_SPDADD */
6847 key_spddelete, /* SADB_X_SPDDELETE */
6848 key_spdget, /* SADB_X_SPDGET */
6849 NULL, /* SADB_X_SPDACQUIRE */
6850 key_spddump, /* SADB_X_SPDDUMP */
6851 key_spdflush, /* SADB_X_SPDFLUSH */
6852 key_spdadd, /* SADB_X_SPDSETIDX */
6853 NULL, /* SADB_X_SPDEXPIRE */
6854 key_spddelete2, /* SADB_X_SPDDELETE2 */
6858 * parse sadb_msg buffer to process PFKEYv2,
6859 * and create a data to response if needed.
6860 * I think to be dealed with mbuf directly.
6862 * msgp : pointer to pointer to a received buffer pulluped.
6863 * This is rewrited to response.
6864 * so : pointer to socket.
6866 * length for buffer to send to user process.
6873 struct sadb_msg *msg;
6874 struct sadb_msghdr mh;
6880 if (m == NULL || so == NULL)
6881 panic("key_parse: NULL pointer is passed.");
6883 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6884 KEYDEBUG(KEYDEBUG_KEY_DUMP,
6885 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
6889 if (m->m_len < sizeof(struct sadb_msg)) {
6890 m = m_pullup(m, sizeof(struct sadb_msg));
6894 msg = mtod(m, struct sadb_msg *);
6895 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
6896 target = KEY_SENDUP_ONE;
6898 if ((m->m_flags & M_PKTHDR) == 0 ||
6899 m->m_pkthdr.len != m->m_pkthdr.len) {
6900 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
6901 pfkeystat.out_invlen++;
6906 if (msg->sadb_msg_version != PF_KEY_V2) {
6907 ipseclog((LOG_DEBUG,
6908 "key_parse: PF_KEY version %u is mismatched.\n",
6909 msg->sadb_msg_version));
6910 pfkeystat.out_invver++;
6915 if (msg->sadb_msg_type > SADB_MAX) {
6916 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
6917 msg->sadb_msg_type));
6918 pfkeystat.out_invmsgtype++;
6923 /* for old-fashioned code - should be nuked */
6924 if (m->m_pkthdr.len > MCLBYTES) {
6931 MGETHDR(n, M_DONTWAIT, MT_DATA);
6932 if (n && m->m_pkthdr.len > MHLEN) {
6933 MCLGET(n, M_DONTWAIT);
6934 if ((n->m_flags & M_EXT) == 0) {
6943 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
6944 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
6950 /* align the mbuf chain so that extensions are in contiguous region. */
6951 error = key_align(m, &mh);
6955 if (m->m_next) { /*XXX*/
6963 switch (msg->sadb_msg_satype) {
6964 case SADB_SATYPE_UNSPEC:
6965 switch (msg->sadb_msg_type) {
6973 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
6974 "when msg type=%u.\n", msg->sadb_msg_type));
6975 pfkeystat.out_invsatype++;
6980 case SADB_SATYPE_AH:
6981 case SADB_SATYPE_ESP:
6982 case SADB_X_SATYPE_IPCOMP:
6983 switch (msg->sadb_msg_type) {
6985 case SADB_X_SPDDELETE:
6987 case SADB_X_SPDDUMP:
6988 case SADB_X_SPDFLUSH:
6989 case SADB_X_SPDSETIDX:
6990 case SADB_X_SPDUPDATE:
6991 case SADB_X_SPDDELETE2:
6992 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
6993 msg->sadb_msg_type));
6994 pfkeystat.out_invsatype++;
6999 case SADB_SATYPE_RSVP:
7000 case SADB_SATYPE_OSPFV2:
7001 case SADB_SATYPE_RIPV2:
7002 case SADB_SATYPE_MIP:
7003 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7004 msg->sadb_msg_satype));
7005 pfkeystat.out_invsatype++;
7008 case 1: /* XXX: What does it do? */
7009 if (msg->sadb_msg_type == SADB_X_PROMISC)
7013 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7014 msg->sadb_msg_satype));
7015 pfkeystat.out_invsatype++;
7020 /* check field of upper layer protocol and address family */
7021 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7022 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7023 struct sadb_address *src0, *dst0;
7026 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7027 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7029 /* check upper layer protocol */
7030 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7031 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7032 pfkeystat.out_invaddr++;
7038 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7039 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7040 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7041 pfkeystat.out_invaddr++;
7045 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7046 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7047 ipseclog((LOG_DEBUG,
7048 "key_parse: address struct size mismatched.\n"));
7049 pfkeystat.out_invaddr++;
7054 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7056 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7057 sizeof(struct sockaddr_in)) {
7058 pfkeystat.out_invaddr++;
7064 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7065 sizeof(struct sockaddr_in6)) {
7066 pfkeystat.out_invaddr++;
7072 ipseclog((LOG_DEBUG,
7073 "key_parse: unsupported address family.\n"));
7074 pfkeystat.out_invaddr++;
7075 error = EAFNOSUPPORT;
7079 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7081 plen = sizeof(struct in_addr) << 3;
7084 plen = sizeof(struct in6_addr) << 3;
7087 plen = 0; /*fool gcc*/
7091 /* check max prefix length */
7092 if (src0->sadb_address_prefixlen > plen ||
7093 dst0->sadb_address_prefixlen > plen) {
7094 ipseclog((LOG_DEBUG,
7095 "key_parse: illegal prefixlen.\n"));
7096 pfkeystat.out_invaddr++;
7102 * prefixlen == 0 is valid because there can be a case when
7103 * all addresses are matched.
7107 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7108 key_typesw[msg->sadb_msg_type] == NULL) {
7109 pfkeystat.out_invmsgtype++;
7114 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7117 msg->sadb_msg_errno = error;
7118 return key_sendup_mbuf(so, m, target);
7122 key_senderror(so, m, code)
7127 struct sadb_msg *msg;
7129 if (m->m_len < sizeof(struct sadb_msg))
7130 panic("invalid mbuf passed to key_senderror");
7132 msg = mtod(m, struct sadb_msg *);
7133 msg->sadb_msg_errno = code;
7134 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7138 * set the pointer to each header into message buffer.
7139 * m will be freed on error.
7140 * XXX larger-than-MCLBYTES extension?
7145 struct sadb_msghdr *mhp;
7148 struct sadb_ext *ext;
7154 if (m == NULL || mhp == NULL)
7155 panic("key_align: NULL pointer is passed.");
7156 if (m->m_len < sizeof(struct sadb_msg))
7157 panic("invalid mbuf passed to key_align");
7160 bzero(mhp, sizeof(*mhp));
7162 mhp->msg = mtod(m, struct sadb_msg *);
7163 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7165 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7166 extlen = end; /*just in case extlen is not updated*/
7167 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7168 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7170 /* m is already freed */
7173 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7176 switch (ext->sadb_ext_type) {
7178 case SADB_EXT_ADDRESS_SRC:
7179 case SADB_EXT_ADDRESS_DST:
7180 case SADB_EXT_ADDRESS_PROXY:
7181 case SADB_EXT_LIFETIME_CURRENT:
7182 case SADB_EXT_LIFETIME_HARD:
7183 case SADB_EXT_LIFETIME_SOFT:
7184 case SADB_EXT_KEY_AUTH:
7185 case SADB_EXT_KEY_ENCRYPT:
7186 case SADB_EXT_IDENTITY_SRC:
7187 case SADB_EXT_IDENTITY_DST:
7188 case SADB_EXT_SENSITIVITY:
7189 case SADB_EXT_PROPOSAL:
7190 case SADB_EXT_SUPPORTED_AUTH:
7191 case SADB_EXT_SUPPORTED_ENCRYPT:
7192 case SADB_EXT_SPIRANGE:
7193 case SADB_X_EXT_POLICY:
7194 case SADB_X_EXT_SA2:
7195 /* duplicate check */
7197 * XXX Are there duplication payloads of either
7198 * KEY_AUTH or KEY_ENCRYPT ?
7200 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7201 ipseclog((LOG_DEBUG,
7202 "key_align: duplicate ext_type %u "
7203 "is passed.\n", ext->sadb_ext_type));
7205 pfkeystat.out_dupext++;
7210 ipseclog((LOG_DEBUG,
7211 "key_align: invalid ext_type %u is passed.\n",
7212 ext->sadb_ext_type));
7214 pfkeystat.out_invexttype++;
7218 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7220 if (key_validate_ext(ext, extlen)) {
7222 pfkeystat.out_invlen++;
7226 n = m_pulldown(m, off, extlen, &toff);
7228 /* m is already freed */
7231 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7233 mhp->ext[ext->sadb_ext_type] = ext;
7234 mhp->extoff[ext->sadb_ext_type] = off;
7235 mhp->extlen[ext->sadb_ext_type] = extlen;
7240 pfkeystat.out_invlen++;
7248 key_validate_ext(ext, len)
7249 struct sadb_ext *ext;
7252 struct sockaddr *sa;
7253 enum { NONE, ADDR } checktype = NONE;
7255 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7257 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7260 /* if it does not match minimum/maximum length, bail */
7261 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7262 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7264 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7266 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7269 /* more checks based on sadb_ext_type XXX need more */
7270 switch (ext->sadb_ext_type) {
7271 case SADB_EXT_ADDRESS_SRC:
7272 case SADB_EXT_ADDRESS_DST:
7273 case SADB_EXT_ADDRESS_PROXY:
7274 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7277 case SADB_EXT_IDENTITY_SRC:
7278 case SADB_EXT_IDENTITY_DST:
7279 if (((struct sadb_ident *)ext)->sadb_ident_type ==
7280 SADB_X_IDENTTYPE_ADDR) {
7281 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7291 switch (checktype) {
7295 sa = (struct sockaddr *)((caddr_t)ext + baselen);
7296 if (len < baselen + sal)
7298 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7311 bzero((caddr_t)&key_cb, sizeof(key_cb));
7313 callout_init(&key_timehandler_ch, 0);
7315 for (i = 0; i < IPSEC_DIR_MAX; i++)
7316 LIST_INIT(&sptree[i]);
7318 LIST_INIT(&sahtree);
7320 for (i = 0; i <= SADB_SATYPE_MAX; i++)
7321 LIST_INIT(®tree[i]);
7323 for (i = 0; i < SPIHASHSIZE; i++)
7324 LIST_INIT(&spihash[i]);
7326 #ifndef IPSEC_NONBLOCK_ACQUIRE
7327 LIST_INIT(&acqtree);
7329 LIST_INIT(&spacqtree);
7331 TAILQ_INIT(&satailq);
7332 TAILQ_INIT(&sptailq);
7334 /* system default */
7336 ip4_def_policy = key_newsp(0);
7337 if (!ip4_def_policy)
7338 panic("could not initialize IPv4 default security policy");
7339 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
7340 ip4_def_policy->policy = IPSEC_POLICY_NONE;
7341 ip4_def_policy->dir = IPSEC_DIR_ANY;
7342 ip4_def_policy->readonly = 1;
7343 ip4_def_policy->persist = 1;
7346 ip6_def_policy = key_newsp(0);
7347 if (!ip6_def_policy)
7348 panic("could not initialize IPv6 default security policy");
7349 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
7350 ip6_def_policy->policy = IPSEC_POLICY_NONE;
7351 ip6_def_policy->dir = IPSEC_DIR_ANY;
7352 ip6_def_policy->readonly = 1;
7353 ip6_def_policy->persist = 1;
7356 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
7358 /* initialize key statistics */
7359 keystat.getspi_count = 1;
7361 printf("IPsec: Initialized Security Association Processing.\n");
7367 * XXX: maybe This function is called after INBOUND IPsec processing.
7369 * Special check for tunnel-mode packets.
7370 * We must make some checks for consistency between inner and outer IP header.
7372 * xxx more checks to be provided
7375 key_checktunnelsanity(sav, family, src, dst)
7376 struct secasvar *sav;
7382 if (sav->sah == NULL)
7383 panic("sav->sah == NULL at key_checktunnelsanity");
7385 /* XXX: check inner IP header */
7392 * Get FQDN for the host.
7393 * If the administrator configured hostname (by hostname(1)) without
7394 * domain name, returns nothing.
7401 static char fqdn[MAXHOSTNAMELEN + 1];
7402 int hostnamelen = strlen(hostname);
7407 /* check if it comes with domain name. */
7409 for (i = 0; i < hostnamelen; i++) {
7410 if (hostname[i] == '.')
7416 /* NOTE: hostname may not be NUL-terminated. */
7417 bzero(fqdn, sizeof(fqdn));
7418 bcopy(hostname, fqdn, hostnamelen);
7419 fqdn[hostnamelen] = '\0';
7424 * get username@FQDN for the host/user.
7430 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7431 struct proc *p = curproc;
7435 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
7439 if (!(host = key_getfqdn())) {
7444 /* NOTE: s_login may not be-NUL terminated. */
7445 bzero(userfqdn, sizeof(userfqdn));
7446 SESS_LOCK(p->p_session);
7447 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
7448 SESS_UNLOCK(p->p_session);
7450 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7451 q = userfqdn + strlen(userfqdn);
7453 bcopy(host, q, strlen(host));
7461 /* record data transfer on SA, and update timestamps */
7463 key_sa_recordxfer(sav, m)
7464 struct secasvar *sav;
7468 panic("key_sa_recordxfer called with sav == NULL");
7470 panic("key_sa_recordxfer called with m == NULL");
7475 * XXX Currently, there is a difference of bytes size
7476 * between inbound and outbound processing.
7478 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7479 /* to check bytes lifetime is done in key_timehandler(). */
7482 * We use the number of packets as the unit of
7483 * sadb_lifetime_allocations. We increment the variable
7484 * whenever {esp,ah}_{in,out}put is called.
7486 sav->lft_c->sadb_lifetime_allocations++;
7487 /* XXX check for expires? */
7490 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7491 * in seconds. HARD and SOFT lifetime are measured by the time
7492 * difference (again in seconds) from sadb_lifetime_usetime.
7496 * -----+-----+--------+---> t
7497 * <--------------> HARD
7501 sav->lft_c->sadb_lifetime_usetime = time_second;
7502 /* XXX check for expires? */
7510 key_sa_routechange(dst)
7511 struct sockaddr *dst;
7513 struct secashead *sah;
7516 LIST_FOREACH(sah, &sahtree, chain) {
7517 ro = &sah->sa_route;
7518 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
7519 bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
7521 ro->ro_rt = (struct rtentry *)NULL;
7529 key_sa_chgstate(sav, state)
7530 struct secasvar *sav;
7534 panic("key_sa_chgstate called with sav == NULL");
7536 if (sav->state == state)
7539 if (__LIST_CHAINED(sav))
7540 LIST_REMOVE(sav, chain);
7543 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7548 struct secasvar *sav;
7552 panic("key_sa_stir_iv called with sav == NULL");
7553 key_randomfill(sav->iv, sav->ivlen);
7558 struct secpolicy *sp;
7561 /* mark the SP dead */
7562 sp->state = IPSEC_SPSTATE_DEAD;
7567 struct secpolicy *sp;
7570 /* remove from SP index */
7571 if (__LIST_CHAINED(sp)) {
7572 LIST_REMOVE(sp, chain);
7578 static struct mbuf *
7582 struct mbuf *m = NULL, *n;
7587 MGET(n, M_DONTWAIT, MT_DATA);
7588 if (n && len > MLEN)
7589 MCLGET(n, M_DONTWAIT);
7597 n->m_len = M_TRAILINGSPACE(n);
7598 /* use the bottom of mbuf, hoping we can prepend afterwards */
7599 if (n->m_len > len) {
7600 t = (n->m_len - len) & ~(sizeof(long) - 1);