/* $NetBSD: keysock.c,v 1.13 2001/11/13 01:39:23 lukem Exp $ */ /* $KAME: keysock.c,v 1.23 2000/09/22 08:26:33 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.13 2001/11/13 01:39:23 lukem Exp $"); #include "opt_inet.h" /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include struct sockaddr key_dst = { 2, PF_KEY, }; struct sockaddr key_src = { 2, PF_KEY, }; static int key_sendup0 __P((struct rawcb *, struct mbuf *, int)); struct pfkeystat pfkeystat; /* * key_usrreq() * derived from net/rtsock.c:route_usrreq() */ #ifndef __NetBSD__ int key_usrreq(so, req, m, nam, control) struct socket *so; int req; struct mbuf *m, *nam, *control; #else int key_usrreq(so, req, m, nam, control, p) struct socket *so; int req; struct mbuf *m, *nam, *control; struct proc *p; #endif /*__NetBSD__*/ { int error = 0; struct keycb *kp = (struct keycb *)sotorawcb(so); int s; #ifdef __NetBSD__ s = splsoftnet(); #else s = splnet(); #endif if (req == PRU_ATTACH) { kp = (struct keycb *)malloc(sizeof(*kp), M_PCB, M_WAITOK); so->so_pcb = (caddr_t)kp; if (so->so_pcb) bzero(so->so_pcb, sizeof(*kp)); } if (req == PRU_DETACH && kp) { int af = kp->kp_raw.rcb_proto.sp_protocol; if (af == PF_KEY) /* XXX: AF_KEY */ key_cb.key_count--; key_cb.any_count--; key_freereg(so); } error = raw_usrreq(so, req, m, nam, control, p); m = control = NULL; /* reclaimed in raw_usrreq */ kp = (struct keycb *)sotorawcb(so); if (req == PRU_ATTACH && kp) { int af = kp->kp_raw.rcb_proto.sp_protocol; if (error) { #ifdef IPSEC_DEBUG printf("key_usrreq: key_usrreq results %d\n", error); #endif pfkeystat.sockerr++; free((caddr_t)kp, M_PCB); so->so_pcb = (caddr_t) 0; splx(s); return(error); } kp->kp_promisc = kp->kp_registered = 0; if (af == PF_KEY) /* XXX: AF_KEY */ key_cb.key_count++; key_cb.any_count++; kp->kp_raw.rcb_laddr = &key_src; kp->kp_raw.rcb_faddr = &key_dst; soisconnected(so); so->so_options |= SO_USELOOPBACK; } splx(s); return(error); } /* * key_output() */ int #if __STDC__ key_output(struct mbuf *m, ...) #else key_output(m, va_alist) struct mbuf *m; va_dcl #endif { struct sadb_msg *msg; int len, error = 0; int s; struct socket *so; va_list ap; va_start(ap, m); so = va_arg(ap, struct socket *); va_end(ap); if (m == 0) panic("key_output: NULL pointer was passed.\n"); pfkeystat.out_total++; pfkeystat.out_bytes += m->m_pkthdr.len; len = m->m_pkthdr.len; if (len < sizeof(struct sadb_msg)) { #ifdef IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif pfkeystat.out_tooshort++; error = EINVAL; goto end; } if (m->m_len < sizeof(struct sadb_msg)) { if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { #ifdef IPSEC_DEBUG printf("key_output: can't pullup mbuf\n"); #endif pfkeystat.out_nomem++; error = ENOBUFS; goto end; } } if ((m->m_flags & M_PKTHDR) == 0) panic("key_output: not M_PKTHDR ??"); #ifdef IPSEC_DEBUG KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m)); #endif msg = mtod(m, struct sadb_msg *); pfkeystat.out_msgtype[msg->sadb_msg_type]++; if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { #ifdef IPSEC_DEBUG printf("key_output: Invalid message length.\n"); #endif pfkeystat.out_invlen++; error = EINVAL; goto end; } /*XXX giant lock*/ #ifdef __NetBSD__ s = splsoftnet(); #else s = splnet(); #endif error = key_parse(m, so); m = NULL; splx(s); end: if (m) m_freem(m); return error; } /* * send message to the socket. */ static int key_sendup0(rp, m, promisc) struct rawcb *rp; struct mbuf *m; int promisc; { int error; if (promisc) { struct sadb_msg *pmsg; M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT); if (m && m->m_len < sizeof(struct sadb_msg)) m = m_pullup(m, sizeof(struct sadb_msg)); if (!m) { #ifdef IPSEC_DEBUG printf("key_sendup0: cannot pullup\n"); #endif pfkeystat.in_nomem++; m_freem(m); return ENOBUFS; } m->m_pkthdr.len += sizeof(*pmsg); pmsg = mtod(m, struct sadb_msg *); bzero(pmsg, sizeof(*pmsg)); pmsg->sadb_msg_version = PF_KEY_V2; pmsg->sadb_msg_type = SADB_X_PROMISC; pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); /* pid and seq? */ pfkeystat.in_msgtype[pmsg->sadb_msg_type]++; } if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src, m, NULL)) { #ifdef IPSEC_DEBUG printf("key_sendup0: sbappendaddr failed\n"); #endif pfkeystat.in_nomem++; m_freem(m); error = ENOBUFS; } else error = 0; sorwakeup(rp->rcb_socket); return error; } /* XXX this interface should be obsoleted. */ int key_sendup(so, msg, len, target) struct socket *so; struct sadb_msg *msg; u_int len; int target; /*target of the resulting message*/ { struct mbuf *m, *n, *mprev; int tlen; /* sanity check */ if (so == 0 || msg == 0) panic("key_sendup: NULL pointer was passed.\n"); KEYDEBUG(KEYDEBUG_KEY_DUMP, printf("key_sendup: \n"); kdebug_sadb(msg)); /* * we increment statistics here, just in case we have ENOBUFS * in this function. */ pfkeystat.in_total++; pfkeystat.in_bytes += len; pfkeystat.in_msgtype[msg->sadb_msg_type]++; /* * Get mbuf chain whenever possible (not clusters), * to save socket buffer. We'll be generating many SADB_ACQUIRE * messages to listening key sockets. If we simply allocate clusters, * sbappendaddr() will raise ENOBUFS due to too little sbspace(). * sbspace() computes # of actual data bytes AND mbuf region. * * TODO: SADB_ACQUIRE filters should be implemented. */ tlen = len; m = mprev = NULL; while (tlen > 0) { if (tlen == len) { MGETHDR(n, M_DONTWAIT, MT_DATA); n->m_len = MHLEN; } else { MGET(n, M_DONTWAIT, MT_DATA); n->m_len = MLEN; } if (!n) { pfkeystat.in_nomem++; return ENOBUFS; } if (tlen >= MCLBYTES) { /*XXX better threshold? */ MCLGET(n, M_DONTWAIT); if ((n->m_flags & M_EXT) == 0) { m_free(n); m_freem(m); pfkeystat.in_nomem++; return ENOBUFS; } n->m_len = MCLBYTES; } if (tlen < n->m_len) n->m_len = tlen; n->m_next = NULL; if (m == NULL) m = mprev = n; else { mprev->m_next = n; mprev = n; } tlen -= n->m_len; n = NULL; } m->m_pkthdr.len = len; m->m_pkthdr.rcvif = NULL; m_copyback(m, 0, len, (caddr_t)msg); /* avoid duplicated statistics */ pfkeystat.in_total--; pfkeystat.in_bytes -= len; pfkeystat.in_msgtype[msg->sadb_msg_type]--; return key_sendup_mbuf(so, m, target); } /* so can be NULL if target != KEY_SENDUP_ONE */ int key_sendup_mbuf(so, m, target) struct socket *so; struct mbuf *m; int target; { struct mbuf *n; struct keycb *kp; int sendup; struct rawcb *rp; int error = 0; if (m == NULL) panic("key_sendup_mbuf: NULL pointer was passed.\n"); if (so == NULL && target == KEY_SENDUP_ONE) panic("key_sendup_mbuf: NULL pointer was passed.\n"); pfkeystat.in_total++; pfkeystat.in_bytes += m->m_pkthdr.len; if (m->m_len < sizeof(struct sadb_msg)) { #if 1 m = m_pullup(m, sizeof(struct sadb_msg)); if (m == NULL) { pfkeystat.in_nomem++; return ENOBUFS; } #else /* don't bother pulling it up just for stats */ #endif } if (m->m_len >= sizeof(struct sadb_msg)) { struct sadb_msg *msg; msg = mtod(m, struct sadb_msg *); pfkeystat.in_msgtype[msg->sadb_msg_type]++; } for (rp = rawcb.lh_first; rp; rp = rp->rcb_list.le_next) { if (rp->rcb_proto.sp_family != PF_KEY) continue; if (rp->rcb_proto.sp_protocol && rp->rcb_proto.sp_protocol != PF_KEY_V2) { continue; } kp = (struct keycb *)rp; /* * If you are in promiscuous mode, and when you get broadcasted * reply, you'll get two PF_KEY messages. * (based on pf_key@inner.net message on 14 Oct 1998) */ if (((struct keycb *)rp)->kp_promisc) { if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { (void)key_sendup0(rp, n, 1); n = NULL; } } /* the exact target will be processed later */ if (so && sotorawcb(so) == rp) continue; sendup = 0; switch (target) { case KEY_SENDUP_ONE: /* the statement has no effect */ if (so && sotorawcb(so) == rp) sendup++; break; case KEY_SENDUP_ALL: sendup++; break; case KEY_SENDUP_REGISTERED: if (kp->kp_registered) sendup++; break; } pfkeystat.in_msgtarget[target]++; if (!sendup) continue; if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { #ifdef IPSEC_DEBUG printf("key_sendup: m_copy fail\n"); #endif m_freem(m); pfkeystat.in_nomem++; return ENOBUFS; } if ((error = key_sendup0(rp, n, 0)) != 0) { m_freem(m); return error; } n = NULL; } if (so) { error = key_sendup0(sotorawcb(so), m, 0); m = NULL; } else { error = 0; m_freem(m); } return error; } /* * Definitions of protocols supported in the KEY domain. */ extern struct domain keydomain; struct protosw keysw[] = { { SOCK_RAW, &keydomain, PF_KEY_V2, PR_ATOMIC|PR_ADDR, 0, key_output, raw_ctlinput, 0, key_usrreq, raw_init, 0, 0, 0, key_sysctl, } }; struct domain keydomain = { PF_KEY, "key", key_init, 0, 0, keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] };