Commit Graph

187 Commits

Author SHA1 Message Date
itojun 45e487aa97 secpolicy refcnt mistake (missing key_freesp). part of
http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff
2004-01-13 23:02:40 +00:00
itojun b37e7ce6ef do not touch sav->xx after key_freesav(). from hajimu umemoto 2003-12-10 23:46:42 +00:00
atatat 13f8d2ce5f Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al.  Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded.  Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment.  I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 19:38:21 +00:00
itojun bf72fd111d missing splx. Hajimu UMEMOTO via kame 2003-11-27 18:26:46 +00:00
drochner ca3116d2f1 in_ifaddr -> in_ifaddrhead
use TAILQ_FOREACH macro
2003-11-11 21:41:11 +00:00
itojun f5c2aa04b0 splsoftnet() on spd/sad-dump-via-sysctl to ensure no 2 threads to go into
the function, or entries being removed during the dump operation.
suenaga@iij
2003-11-10 10:52:13 +00:00
itojun 57b5c736df suppress -Wuninitialized 2003-11-04 05:50:54 +00:00
christos e4e2331f07 fixed uninitialized variable 2003-10-25 08:27:12 +00:00
itojun e6d129819b update m_pkthdr.len 2003-10-13 08:55:59 +00:00
itojun ec5e739b46 extra blank line 2003-09-23 00:03:05 +00:00
itojun cd71ebe2f7 mark security policy that should persist in the system "persistent".
this should prevent recently-reported kernel panic when "spdflush" is issued.
2003-09-22 04:47:43 +00:00
itojun 17dc15d92a unifdef -UFAST_IPSEC 2003-09-20 05:12:45 +00:00
itojun 782cbb14c5 2^n hash table is better in the kernel. advise by perry@netbsd 2003-09-14 07:30:32 +00:00
itojun d669285a77 use prime number to hash SPI 2003-09-14 03:11:31 +00:00
itojun 72bcf50f26 no need for netipsec/key*, they are almost identical to netkey/key* 2003-09-12 11:09:32 +00:00
itojun 6371ddf557 make it possible to SADB_DUMP via sysctl. request by mrg 2003-09-12 07:38:10 +00:00
itojun 49fa1efdc6 remove #define for bsdi 2003-09-12 00:27:59 +00:00
itojun 14756c7d6d kill unneeded variable 2003-09-12 00:10:25 +00:00
itojun c1ae398301 correct hashed SPI lookup. reported by Greg Troxel 2003-09-09 21:58:26 +00:00
itojun 8ca90bd4e4 add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
it allows easier access to ipsecsa/sp.  it works around problem where
setkey -D does not work with large number of ipsec SAs due to socket buffer
size.
2003-09-08 06:51:53 +00:00
itojun bc1d89af4f splsoftnet in key_setspi 2003-09-08 01:55:09 +00:00
itojun fdbe07d467 revisit spihash logic 2003-09-07 20:41:27 +00:00
itojun 800fe5d178 - prepare for RFC2401bis 64bit sequence number (no behavior change yet)
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c.  key.c is responsible for refcounting secasvar,
  keydb.c is responsible for alloc/free.
2003-09-07 15:59:36 +00:00
itojun 52f8075c5a allow userland to specify SPD ID. more readable debugging messages. 2003-08-22 06:22:21 +00:00
itojun 80e0659dae KNF 2003-08-22 06:21:09 +00:00
itojun 616adf38ee backout; committed by mistake 2003-08-22 05:48:27 +00:00
itojun 190b098134 do not quit from key_sendup() even if writes to non-target socket fails.
from SEIL team
2003-08-22 05:46:37 +00:00
itojun 8453a28003 fixed that the kernel crashed when key_spdacquire() was called
because key_spdacquire() had been implemented imcopletely.
sync w/kame
2003-07-25 09:04:48 +00:00
itojun da7d7203a8 fix comments, style 2003-07-22 11:12:15 +00:00
itojun 8f4ef7c537 clear enc/auth key before freeing 2003-07-22 11:01:09 +00:00
itojun 0d84200c22 clear scheduled key before freeing, for safety 2003-07-22 08:54:27 +00:00
fvdl d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
2003-06-29 22:28:00 +00:00
simonb d1c5820781 malloc() returns "void *", we don't need to cast the return value. 2003-06-28 14:33:39 +00:00
darrenr 960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
2003-06-28 14:20:43 +00:00
itojun 7a78321a15 tighten sanity check on ipsec policy. sync w/kame 2003-06-16 08:11:03 +00:00
thorpej b193480908 Add extensible malloc types, adapted from FreeBSD. This turns
malloc types into a structure, a pointer to which is passed around,
instead of an int constant.  Allow the limit to be adjusted when the
malloc type is defined, or with a function call, as suggested by
Jonathan Stone.
2003-02-01 06:23:35 +00:00
itojun 177ed24b8b allocate route_in6 in struct secashead, to avoid mistakenly overrun
the end of secashead.  Fixes PR18751.
2003-01-08 05:46:49 +00:00
itojun a02a0a383e don't permit port spec on tunnel mode policy. sync w/kame. 2002-12-09 03:20:45 +00:00
lukem 0635de35a3 Remove KDIR=, since SYS_INCLUDE=symlinks and KDIR are not supported any more. 2002-11-26 23:30:07 +00:00
perry 4f27ab21b8 /*CONTCOND*/ while (0)'ed macros 2002-11-02 07:30:55 +00:00
dan 73aa8b3b5b warn about the arc4 generator if no NRND, but still use it 2002-10-07 00:40:15 +00:00
tls 0f95ec4fd5 ESP output was drawing down the entropy pool at a ferocious rate, a
particular problem on hosts with only wireless interfaces that are
definitely not safe to use as entropy sources.

Add arc4randbytes() which hands out bytes from the same source used
by arc4random().  This is intended to be a _temporary_ interface
until we can design and implement a better general PRNG interface
that is decoupled from the entropy-pool implementation.

Modify key_randomfill() (used only for initialization vectors on
SA creation and via key_sa_stir_iv(), which does not "stir",
despite its name) to use arc4randbytes() instead of pulling bits
directly from the entropy pool.  It is my hope that this change
will pose minimal integration problems for the KAME folks as the
random-pool interface is *already* different between each BSD
variant; this just simplifies the NetBSD case and solves a
fairly serious problem.

Note that it is generally considered acceptable cryptographic
practice to use a fast stream cipher to generate IVs for encryption
with stronger block ciphers.  For example, the use of "non-Approved"
PRNGs to generate IVs for "Approved" block ciphers is explicitly
sanctioned by FIPS 140-2.
2002-10-06 08:51:44 +00:00
itojun 61da54e3c0 port spec is not permitted to tunnel mode policy, as we don't reassemble
fragments.  perform more strict check against af match for tunnels.  sync w/kame
2002-10-04 05:45:22 +00:00
provos 0f09ed48a5 remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
itojun 01965cd2e0 fix signed/unsigned pointer mixup 2002-09-23 13:43:42 +00:00
itojun 9401012487 KNF - return is not a function. sync w/kame. 2002-09-11 02:46:42 +00:00
itojun 6dedde045a correct signedness mixup in pointer passing. sync w/kame 2002-09-11 02:41:19 +00:00
itojun 88122ef746 should return error code from key_senderror(). sync w/kame 2002-08-20 08:17:02 +00:00
itojun ccc183b4d1 fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime.
sync w/kame
2002-08-20 06:20:26 +00:00
itojun 2169d69bcf correct %d/%u mismatch. sync w/kame 2002-06-27 14:39:45 +00:00
itojun c1808f02bf cache pcb policy as much as possible. in fact, if policy is not
IPSEC_POLICY_IPSEC we don't need to compare spidx.  sync w/kame
2002-06-14 14:47:24 +00:00
itojun dc96111483 deep-copy pcb policy if it is an ipsec policy. assign ID field to all
SPD entries.  make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes).  sync w/kame
2002-06-12 17:56:45 +00:00
itojun cc8fe8c179 make function static 2002-06-12 03:46:16 +00:00
itojun bad1f500a7 remove unused functions 2002-06-12 03:37:14 +00:00
itojun 3489976392 do not copy policy-on-socket at all. avoid copying packet header value to
struct spindex.  should reduce memory usage per socket/pcb, and should speedup
ipsec processing.  sync w/kame
2002-06-12 01:47:34 +00:00
itojun fa53d749ff share policy-on-pcb for listening socket. sync w/kame
todo: share even more, avoid frequent updates of spidx
2002-06-11 19:39:59 +00:00
itojun 52d0ba15c8 reduce unneeded #ifdef 2002-05-30 05:51:21 +00:00
itojun d208a22daa use arc4random() where possible.
XXX is it necessary to do microtime() on tcp syn cache?
2002-05-28 10:11:49 +00:00
itojun 12bdf036e2 pull in SPD lifetime management code. fix refcnt for SPD entries.
sync w/kame
XXX dead SPD entry lifetime - undergoing sakane's review
2002-05-19 08:22:12 +00:00
itojun 9244bd8154 document net.key.* sysctl. provide sysctl MIB for controlling
proposal payload on ACQUIRE message.  sync w/kame
2002-05-19 08:12:55 +00:00
itojun 691d519c66 remove unneeded decl for __ss_{len,family} 2002-05-19 07:54:05 +00:00
itojun 0c85427e40 remove unneeded #if 2002-03-21 04:41:03 +00:00
itojun 53a52c0ad8 pfkey statistics was presented in wrong direction. 2002-03-21 04:23:36 +00:00
itojun 418fefdef0 remove a function no longer in use 2002-03-21 04:10:21 +00:00
itojun 900347e4d0 comment wording 2002-03-21 02:27:50 +00:00
itojun 8e4fadc28a missing splx 2002-03-01 04:19:42 +00:00
itojun 3edb75b9d5 unifdef -D__NetBSD__ 2002-03-01 04:16:38 +00:00
itojun 88123ecf38 change key_timehandler to take void * as argument. sync with kame.
PR 14351
2002-01-31 07:05:43 +00:00
itojun 867ce59a46 use ipseclog() instead of #ifdef IPSEC_DEBUG, to make it possible to
turn on/off debugging messages at runtime.  sync with kame
2002-01-31 06:35:25 +00:00
itojun 8297f55292 change SPDUPDATE's behavior to meet with the latest KAME kit.
(there's no need to have policy before SPDUPDATE)
2002-01-31 06:17:03 +00:00
lukem 2565646230 don't need <sys/types.h> when including <sys/param.h> 2001-11-15 09:47:59 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
simonb 5f717f7c33 Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.
2001-10-29 07:02:30 +00:00
itojun 07b78861d0 sync with kame:
fixed the value of the prefixlen in the sadb_address structure.
when pfkey message relative to SA is sent, the prefixlen was incorrect.
2001-10-19 01:57:20 +00:00
wiz 4c99916337 va_{start,end} audit:
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
wiz 456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
itojun fd048b8ff1 avoid symbol conflict with "sin()". 2001-08-16 14:28:54 +00:00
itojun 99c5195929 remove "#ifdef IPSEC_DEBUG" conditional from from key_debug.h
(headers must have no #if).  sync with kame
2001-08-12 11:52:43 +00:00
itojun 984d46bbc4 there is no KEY_DEBBUG. use IPSEC_DEBUG 2001-08-12 11:48:27 +00:00
itojun 57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed,
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
2001-08-06 10:25:00 +00:00
itojun ce781443e0 pass replay sequence number on sadb_x_sa2 (it's outside of PF_KEY standard
anyways).
2001-08-02 12:10:14 +00:00
itojun b26591525e remove "register" variable specifier. sync with kame 2001-08-02 11:32:14 +00:00
itojun 182b1e5191 do not #ifdef KEY_DEBUG in header. sync with kame 2001-07-27 04:48:13 +00:00
mrg 8a49f07b1b avoid assigning to policy_id twice. fixes more gcc 3.0 prerelease errors. 2001-06-04 21:38:28 +00:00
mrg c13e3a6693 use _KERNEL_OPT 2001-05-30 11:40:35 +00:00
wiz 14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
jdolecek 522f569810 make some more constant arrays 'const' 2001-02-21 21:39:52 +00:00
thorpej 786149d624 When processing an SADB_DELETE message, allow SADB_EXT_SA to be
blank.  In this case, we delete all non-LARVAL SAs that match the
src/dst/protocol.  This is particularly useful in IKE INITIAL-CONTACT
processing.  Idea from Bill Sommerfeld <sommerfeld@east.sun.com>, who
implemented it in post-Solaris8.
2001-02-16 23:53:59 +00:00
itojun a688af5edf if 2nd parameter of key_acquire() is NULL it panics.
key_acquire () does not really require 2nd argument.
1.179 -> 1.180 on kame.
2001-01-10 18:52:51 +00:00
itojun 8b5ceae516 don't waste entropy by use of key_random(). use key_randomfill() for
IV initialization.
2000-10-07 12:08:33 +00:00
itojun a6f9652adf always use rnd(4) for IPsec random number source. avoid random(9).
if there's no rnd(4), random(9) will be used with one-time warning printf(9).

XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation
2000-10-05 04:49:17 +00:00
itojun dcfe05e7c1 fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.
2000-10-02 03:55:41 +00:00
itojun 8a9f93dc37 update ip compression algorithm lookup.
attach sadb_comb for IP compression (not in RFC2367;
discussed on pf_key@inner.net).  sync with kame
2000-09-26 08:40:23 +00:00
itojun 89f53512af use real wallclock (got by microtime) to compute IPsec database lifetimes.
previous code used interval timers, and had problem with suspend/resume.
sync with KAME.
2000-09-22 16:55:04 +00:00
itojun fd5d3908d3 wake up socket even with socket recieve buffer is full. otherwise,
we will have lots of pending mbufs on heavy SADB_ACQUIRE traffic.
KAME 1.22 -> 1.23
2000-09-22 08:28:56 +00:00
itojun 5f3d7ea2b5 suppress debugging message in key_acquire2(). this is purely for debugging,
not useful/no interest from normal use.  KAME 1.155 -> 1.156
2000-09-21 20:35:09 +00:00
itojun 6aadfa317f on SADB_UPDATE, check SPI range only for AH/ESP, not IPComp.
endian/signedness fix for debug messages.
KAME 1.154 -> 1.155
2000-09-20 19:55:05 +00:00
itojun 1e79c22464 repair SADB_ADD/UPDATE for ipcomp. no encryption key will be attached to
ipcomp.  (KAME 1.53 -> 1.54)
2000-09-20 00:42:47 +00:00
itojun 6a4cd1c5f9 make proposal/combination PF_KEY message on SADB_ACQUIRE optional, to
support ipcomp ACQUIRE messages (again).
it violates RFC2367 slightly.  RFC2367 does not suport ipcomp at all
so we have no choice.
(KAME 1.151 -> 1.152)

do not leave dangling pointer after KFREE().  caused kernel panic with
certain PF_KEY message (error case) - only root can open PF_KEY socket
so it is not security issue.
(KAME 1.152 -> 1.153)
2000-09-20 00:08:42 +00:00
itojun bb8d535cc5 use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy.  i ran some test pattern,
and new blowfish-cbc code looks more correct.  there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch
2000-08-29 09:08:42 +00:00