1 /* $KAME: keydb.c,v 1.82 2003/09/07 07:47:33 itojun Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/kernel.h>
43 #include <sys/malloc.h>
44 #include <sys/errno.h>
45 #include <sys/queue.h>
48 #include <net/route.h>
50 #include <netinet/in.h>
52 #include <net/pfkeyv2.h>
53 #include <netkey/keydb.h>
54 #include <netkey/key.h>
55 #include <netinet6/ipsec.h>
57 MALLOC_DEFINE(M_SECA, "key_mgmt", "security associations, key management");
60 * secpolicy management
67 p = (struct secpolicy *)malloc(sizeof(*p), M_SECA, M_NOWAIT);
71 TAILQ_INSERT_TAIL(&sptailq, p, tailq);
80 static u_int32_t lastalloc = IPSEC_MANUAL_POLICYID_MAX;
83 newid = lastalloc + 1;
84 /* XXX possible infinite loop */
86 TAILQ_FOREACH(sp, &sptailq, tailq) {
91 if (newid + 1 < newid) /* wraparound */
92 newid = IPSEC_MANUAL_POLICYID_MAX + 1;
103 keydb_delsecpolicy(p)
107 TAILQ_REMOVE(&sptailq, p, tailq);
109 free(p->spidx, M_SECA);
114 keydb_setsecpolicyindex(p, idx)
116 struct secpolicyindex *idx;
120 p->spidx = (struct secpolicyindex *)malloc(sizeof(*p->spidx),
124 memcpy(p->spidx, idx, sizeof(*p->spidx));
129 * secashead management
137 p = (struct secashead *)malloc(sizeof(*p), M_SECA, M_NOWAIT);
140 bzero(p, sizeof(*p));
141 for (i = 0; i < sizeof(p->savtree)/sizeof(p->savtree[0]); i++)
142 LIST_INIT(&p->savtree[i]);
147 keydb_delsecashead(p)
155 * secasvar management (reference counted)
160 struct secasvar *p, *q;
161 static u_int32_t said = 0;
163 p = (struct secasvar *)malloc(sizeof(*p), M_SECA, M_NOWAIT);
171 TAILQ_FOREACH(q, &satailq, tailq) {
174 if (TAILQ_NEXT(q, tailq)) {
175 if (q->id < said && said < TAILQ_NEXT(q, tailq)->id)
177 if (q->id + 1 < TAILQ_NEXT(q, tailq)->id) {
184 bzero(p, sizeof(*p));
187 TAILQ_INSERT_AFTER(&satailq, q, p, tailq);
189 TAILQ_INSERT_TAIL(&satailq, p, tailq);
198 TAILQ_REMOVE(&satailq, p, tailq);
204 * secreplay management
207 keydb_newsecreplay(wsize)
212 p = (struct secreplay *)malloc(sizeof(*p), M_SECA, M_NOWAIT);
216 bzero(p, sizeof(*p));
218 p->bitmap = malloc(wsize, M_SECA, M_NOWAIT);
223 bzero(p->bitmap, wsize);
230 keydb_delsecreplay(p)
235 free(p->bitmap, M_SECA);
247 p = (struct secreg *)malloc(sizeof(*p), M_SECA, M_NOWAIT);
249 bzero(p, sizeof(*p));