1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <sys/param.h>
27 #include <sys/types.h>
28 #include <sys/stream.h>
29 #include <sys/strsubr.h>
30 #include <sys/strsun.h>
31 #include <sys/stropts.h>
32 #include <sys/vnode.h>
33 #include <sys/zone.h>
34 #include <sys/strlog.h>
35 #include <sys/sysmacros.h>
36 #define _SUN_TPI_VERSION 2
37 #include <sys/tihdr.h>
38 #include <sys/timod.h>
39 #include <sys/tiuser.h>
40 #include <sys/ddi.h>
41 #include <sys/sunddi.h>
42 #include <sys/sunldi.h>
43 #include <sys/file.h>
44 #include <sys/modctl.h>
45 #include <sys/debug.h>
46 #include <sys/kmem.h>
47 #include <sys/cmn_err.h>
48 #include <sys/proc.h>
49 #include <sys/suntpi.h>
50 #include <sys/atomic.h>
51 #include <sys/mkdev.h>
52 #include <sys/policy.h>
53 #include <sys/disp.h>
54
55 #include <sys/socket.h>
56 #include <netinet/in.h>
57 #include <net/pfkeyv2.h>
58
59 #include <inet/common.h>
60 #include <netinet/ip6.h>
61 #include <inet/ip.h>
62 #include <inet/proto_set.h>
63 #include <inet/nd.h>
64 #include <inet/optcom.h>
65 #include <inet/ipsec_info.h>
66 #include <inet/ipsec_impl.h>
67 #include <inet/keysock.h>
68
69 #include <sys/isa_defs.h>
70
71 /*
72 * This is a transport provider for the PF_KEY key mangement socket.
73 * (See RFC 2367 for details.)
74 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN
75 * messages (see ipsec_info.h), and passed to the appropriate consumer.
76 * Upstream messages are generated for all open PF_KEY sockets, when
77 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled)
78 * in reply to downstream messages.
79 *
80 * Upstream messages must be created asynchronously for the following
81 * situations:
82 *
83 * 1.) A keysock consumer requires an SA, and there is currently none.
84 * 2.) An SA expires, either hard or soft lifetime.
85 * 3.) Other events a consumer deems fit.
86 *
87 * The MT model of this is PERMOD, with shared put procedures. Two types of
88 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send
89 * down the *multiple* messages they create.
90 */
91
92 static vmem_t *keysock_vmem; /* for minor numbers. */
93
94 #define KEYSOCK_MAX_CONSUMERS 256
95
96 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */
97 static struct T_info_ack keysock_g_t_info_ack = {
98 T_INFO_ACK,
99 T_INFINITE, /* TSDU_size. Maximum size messages. */
100 T_INVALID, /* ETSDU_size. No expedited data. */
101 T_INVALID, /* CDATA_size. No connect data. */
102 T_INVALID, /* DDATA_size. No disconnect data. */
103 0, /* ADDR_size. */
104 0, /* OPT_size. No user-settable options */
105 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */
106 T_COTS, /* SERV_type. keysock supports connection oriented. */
107 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */
108 (XPG4_1) /* Provider flags */
109 };
110
111 /* Named Dispatch Parameter Management Structure */
112 typedef struct keysockparam_s {
113 uint_t keysock_param_min;
114 uint_t keysock_param_max;
115 uint_t keysock_param_value;
116 char *keysock_param_name;
117 } keysockparam_t;
118
119 /*
120 * Table of NDD variables supported by keysock. These are loaded into
121 * keysock_g_nd in keysock_init_nd.
122 * All of these are alterable, within the min/max values given, at run time.
123 */
124 static keysockparam_t lcl_param_arr[] = {
125 /* min max value name */
126 { 4096, 65536, 8192, "keysock_xmit_hiwat"},
127 { 0, 65536, 1024, "keysock_xmit_lowat"},
128 { 4096, 65536, 8192, "keysock_recv_hiwat"},
129 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"},
130 { 0, 3, 0, "keysock_debug"},
131 };
132 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value
133 #define keystack_xmit_lowat keystack_params[1].keysock_param_value
134 #define keystack_recv_hiwat keystack_params[2].keysock_param_value
135 #define keystack_max_buf keystack_params[3].keysock_param_value
136 #define keystack_debug keystack_params[4].keysock_param_value
137
138 #define ks0dbg(a) printf a
139 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
140 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a
141 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a
142 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a
143
144 static int keysock_close(queue_t *);
145 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *);
146 static void keysock_wput(queue_t *, mblk_t *);
147 static void keysock_rput(queue_t *, mblk_t *);
148 static void keysock_rsrv(queue_t *);
149 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t,
150 keysock_consumer_t *, boolean_t, keysock_stack_t *);
151 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns);
152 static void keysock_stack_fini(netstackid_t stackid, void *arg);
153
154 static struct module_info info = {
155 5138, "keysock", 1, INFPSZ, 512, 128
156 };
157
158 static struct qinit rinit = {
159 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close,
160 NULL, &info
161 };
162
163 static struct qinit winit = {
164 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info
165 };
166
167 struct streamtab keysockinfo = {
168 &rinit, &winit
169 };
170
171 extern struct modlinkage *keysock_modlp;
172
173 /*
174 * Plumb IPsec.
175 *
176 * NOTE: New "default" modules will need to be loaded here if needed before
177 * boot time.
178 */
179
180 /* Keep these in global space to keep the lint from complaining. */
181 static char *IPSECESP = "ipsecesp";
182 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp";
183 static char *IPSECAH = "ipsecah";
184 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah";
185 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6";
186 static char *KEYSOCK = "keysock";
187 static char *STRMOD = "strmod";
188
189 /*
190 * Load the other ipsec modules and plumb them together.
191 */
192 int
193 keysock_plumb_ipsec(netstack_t *ns)
194 {
195 ldi_handle_t lh, ip6_lh = NULL;
196 ldi_ident_t li = NULL;
197 int err = 0;
198 int muxid, rval;
199 boolean_t esp_present = B_TRUE;
200 cred_t *cr;
201 keysock_stack_t *keystack = ns->netstack_keysock;
202
203 #ifdef NS_DEBUG
204 (void) printf("keysock_plumb_ipsec(%d)\n",
205 ns->netstack_stackid);
206 #endif
207
208 keystack->keystack_plumbed = 0; /* we're trying again.. */
209
210 cr = zone_get_kcred(netstackid_to_zoneid(
211 keystack->keystack_netstack->netstack_stackid));
212 ASSERT(cr != NULL);
213 /*
214 * Load up the drivers (AH/ESP).
215 *
216 * I do this separately from the actual plumbing in case this function
217 * ever gets called from a diskless boot before the root filesystem is
218 * up. I don't have to worry about "keysock" because, well, if I'm
219 * here, keysock must've loaded successfully.
220 */
221 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) {
222 ks0dbg(("IPsec: AH failed to attach.\n"));
223 goto bail;
224 }
225 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) {
226 ks0dbg(("IPsec: ESP failed to attach.\n"));
227 esp_present = B_FALSE;
228 }
229
230 /*
231 * Set up the IP streams for AH and ESP, as well as tacking keysock
232 * on top of them. Assume keysock has set the autopushes up already.
233 */
234
235 /* Open IP. */
236 err = ldi_ident_from_mod(keysock_modlp, &li);
237 if (err) {
238 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n",
239 err));
240 goto bail;
241 }
242
243 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li);
244 if (err) {
245 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err));
246 goto bail;
247 }
248
249 /* PLINK KEYSOCK/AH */
250 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li);
251 if (err) {
252 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err));
253 goto bail;
254 }
255 err = ldi_ioctl(lh,
256 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
257 if (err) {
258 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n",
259 err));
260 (void) ldi_close(lh, FREAD|FWRITE, cr);
261 goto bail;
262 }
263 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
264 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
265 if (err) {
266 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err));
267 (void) ldi_close(lh, FREAD|FWRITE, cr);
268 goto bail;
269 }
270 (void) ldi_close(lh, FREAD|FWRITE, cr);
271
272 /* PLINK KEYSOCK/ESP */
273 if (esp_present) {
274 err = ldi_open_by_name(IPSECESPDEV,
275 FREAD|FWRITE, cr, &lh, li);
276 if (err) {
277 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err));
278 goto bail;
279 }
280 err = ldi_ioctl(lh,
281 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
282 if (err) {
283 ks0dbg(("IPsec: "
284 "Push of KEYSOCK onto ESP failed (err %d).\n",
285 err));
286 (void) ldi_close(lh, FREAD|FWRITE, cr);
287 goto bail;
288 }
289 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
290 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
291 if (err) {
292 ks0dbg(("IPsec: "
293 "PLINK of KEYSOCK/ESP failed (err %d).\n", err));
294 (void) ldi_close(lh, FREAD|FWRITE, cr);
295 goto bail;
296 }
297 (void) ldi_close(lh, FREAD|FWRITE, cr);
298 }
299
300 bail:
301 keystack->keystack_plumbed = (err == 0) ? 1 : -1;
302 if (ip6_lh != NULL) {
303 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr);
304 }
305 if (li != NULL)
306 ldi_ident_release(li);
307 #ifdef NS_DEBUG
308 (void) printf("keysock_plumb_ipsec -> %d\n",
309 keystack->keystack_plumbed);
310 #endif
311 crfree(cr);
312 return (err);
313 }
314
315 /* ARGSUSED */
316 static int
317 keysock_param_get(q, mp, cp, cr)
318 queue_t *q;
319 mblk_t *mp;
320 caddr_t cp;
321 cred_t *cr;
322 {
323 keysockparam_t *keysockpa = (keysockparam_t *)cp;
324 uint_t value;
325 keysock_t *ks = (keysock_t *)q->q_ptr;
326 keysock_stack_t *keystack = ks->keysock_keystack;
327
328 mutex_enter(&keystack->keystack_param_lock);
329 value = keysockpa->keysock_param_value;
330 mutex_exit(&keystack->keystack_param_lock);
331
332 (void) mi_mpprintf(mp, "%u", value);
333 return (0);
334 }
335
336 /* This routine sets an NDD variable in a keysockparam_t structure. */
337 /* ARGSUSED */
338 static int
339 keysock_param_set(q, mp, value, cp, cr)
340 queue_t *q;
341 mblk_t *mp;
342 char *value;
343 caddr_t cp;
344 cred_t *cr;
345 {
346 ulong_t new_value;
347 keysockparam_t *keysockpa = (keysockparam_t *)cp;
348 keysock_t *ks = (keysock_t *)q->q_ptr;
349 keysock_stack_t *keystack = ks->keysock_keystack;
350
351 /* Convert the value from a string into a long integer. */
352 if (ddi_strtoul(value, NULL, 10, &new_value) != 0)
353 return (EINVAL);
354
355 mutex_enter(&keystack->keystack_param_lock);
356 /*
357 * Fail the request if the new value does not lie within the
358 * required bounds.
359 */
360 if (new_value < keysockpa->keysock_param_min ||
361 new_value > keysockpa->keysock_param_max) {
362 mutex_exit(&keystack->keystack_param_lock);
363 return (EINVAL);
364 }
365
366 /* Set the new value */
367 keysockpa->keysock_param_value = new_value;
368 mutex_exit(&keystack->keystack_param_lock);
369
370 return (0);
371 }
372
373 /*
374 * Initialize keysock at module load time
375 */
376 boolean_t
377 keysock_ddi_init(void)
378 {
379 keysock_max_optsize = optcom_max_optsize(
380 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt);
381
382 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1,
383 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER);
384
385 /*
386 * We want to be informed each time a stack is created or
387 * destroyed in the kernel, so we can maintain the
388 * set of keysock_stack_t's.
389 */
390 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL,
391 keysock_stack_fini);
392
393 return (B_TRUE);
394 }
395
396 /*
397 * Walk through the param array specified registering each element with the
398 * named dispatch handler.
399 */
400 static boolean_t
401 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt)
402 {
403 for (; cnt-- > 0; ksp++) {
404 if (ksp->keysock_param_name != NULL &&
405 ksp->keysock_param_name[0]) {
406 if (!nd_load(ndp,
407 ksp->keysock_param_name,
408 keysock_param_get, keysock_param_set,
409 (caddr_t)ksp)) {
410 nd_free(ndp);
411 return (B_FALSE);
412 }
413 }
414 }
415 return (B_TRUE);
416 }
417
418 /*
419 * Initialize keysock for one stack instance
420 */
421 /* ARGSUSED */
422 static void *
423 keysock_stack_init(netstackid_t stackid, netstack_t *ns)
424 {
425 keysock_stack_t *keystack;
426 keysockparam_t *ksp;
427
428 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP);
429 keystack->keystack_netstack = ns;
430
431 keystack->keystack_acquire_seq = 0xffffffff;
432
433 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
434 keystack->keystack_params = ksp;
435 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr));
436
437 (void) keysock_param_register(&keystack->keystack_g_nd, ksp,
438 A_CNT(lcl_param_arr));
439
440 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL);
441 mutex_init(&keystack->keystack_consumers_lock,
442 NULL, MUTEX_DEFAULT, NULL);
443 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL);
444 return (keystack);
445 }
446
447 /*
448 * Free NDD variable space, and other destructors, for keysock.
449 */
450 void
451 keysock_ddi_destroy(void)
452 {
453 netstack_unregister(NS_KEYSOCK);
454 vmem_destroy(keysock_vmem);
455 }
456
457 /*
458 * Remove one stack instance from keysock
459 */
460 /* ARGSUSED */
461 static void
462 keysock_stack_fini(netstackid_t stackid, void *arg)
463 {
464 keysock_stack_t *keystack = (keysock_stack_t *)arg;
465
466 nd_free(&keystack->keystack_g_nd);
467 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr));
468 keystack->keystack_params = NULL;
469
470 mutex_destroy(&keystack->keystack_list_lock);
471 mutex_destroy(&keystack->keystack_consumers_lock);
472 mutex_destroy(&keystack->keystack_param_lock);
473
474 kmem_free(keystack, sizeof (*keystack));
475 }
476
477 /*
478 * Close routine for keysock.
479 */
480 static int
481 keysock_close(queue_t *q)
482 {
483 keysock_t *ks;
484 keysock_consumer_t *kc;
485 void *ptr = q->q_ptr;
486 int size;
487 keysock_stack_t *keystack;
488
489
490 qprocsoff(q);
491
492 /* Safe assumption. */
493 ASSERT(ptr != NULL);
494
495 if (WR(q)->q_next) {
496 kc = (keysock_consumer_t *)ptr;
497 keystack = kc->kc_keystack;
498
499 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n",
500 kc->kc_sa_type));
501 /*
502 * Because of PERMOD open/close exclusive perimeter, I
503 * can inspect KC_FLUSHING w/o locking down kc->kc_lock.
504 */
505 if (kc->kc_flags & KC_FLUSHING) {
506 /*
507 * If this decrement was the last one, send
508 * down the next pending one, if any.
509 *
510 * With a PERMOD perimeter, the mutexes ops aren't
511 * really necessary, but if we ever loosen up, we will
512 * have this bit covered already.
513 */
514 keystack->keystack_flushdump--;
515 if (keystack->keystack_flushdump == 0) {
516 /*
517 * The flush/dump terminated by having a
518 * consumer go away. I need to send up to the
519 * appropriate keysock all of the relevant
520 * information. Unfortunately, I don't
521 * have that handy.
522 */
523 ks0dbg(("Consumer went away while flushing or"
524 " dumping.\n"));
525 }
526 }
527 size = sizeof (keysock_consumer_t);
528 mutex_enter(&keystack->keystack_consumers_lock);
529 keystack->keystack_consumers[kc->kc_sa_type] = NULL;
530 mutex_exit(&keystack->keystack_consumers_lock);
531 mutex_destroy(&kc->kc_lock);
532 netstack_rele(kc->kc_keystack->keystack_netstack);
533 } else {
534 ks = (keysock_t *)ptr;
535 keystack = ks->keysock_keystack;
536
537 ks3dbg(keystack,
538 ("Driver close, PF_KEY socket is going away.\n"));
539 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0)
540 atomic_dec_32(&keystack->keystack_num_extended);
541 size = sizeof (keysock_t);
542 mutex_enter(&keystack->keystack_list_lock);
543 *(ks->keysock_ptpn) = ks->keysock_next;
544 if (ks->keysock_next != NULL)
545 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn;
546 mutex_exit(&keystack->keystack_list_lock);
547 mutex_destroy(&ks->keysock_lock);
548 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial,
549 1);
550 netstack_rele(ks->keysock_keystack->keystack_netstack);
551 }
552
553 /* Now I'm free. */
554 kmem_free(ptr, size);
555 return (0);
556 }
557 /*
558 * Open routine for keysock.
559 */
560 /* ARGSUSED */
561 static int
562 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
563 {
564 keysock_t *ks;
565 keysock_consumer_t *kc;
566 mblk_t *mp;
567 ipsec_info_t *ii;
568 netstack_t *ns;
569 keysock_stack_t *keystack;
570
571 #ifdef KEBE
572 /*
573 * Some test ASSERT()s that only work with the new dtrace-style assert.
574 */
575 ASSERT(q == NULL); /* Will likely fail. (575) */
576 ASSERT3P(q, ==, NULL); /* Same here. (576) */
577 #endif
578
579 if (secpolicy_ip_config(credp, B_FALSE) != 0) {
580 /* Privilege debugging will log the error */
581 return (EPERM);
582 }
583
584 if (q->q_ptr != NULL)
585 return (0); /* Re-open of an already open instance. */
586
587 ns = netstack_find_by_cred(credp);
588 ASSERT(ns != NULL);
589 keystack = ns->netstack_keysock;
590 ASSERT(keystack != NULL);
591
592 ks3dbg(keystack, ("Entering keysock open.\n"));
593
594 if (keystack->keystack_plumbed < 1) {
595 netstack_t *ns = keystack->keystack_netstack;
596
597 keystack->keystack_plumbed = 0;
598 #ifdef NS_DEBUG
599 printf("keysock_open(%d) - plumb\n",
600 keystack->keystack_netstack->netstack_stackid);
601 #endif
602 /*
603 * Don't worry about ipsec_failure being true here.
604 * (See ip.c). An open of keysock should try and force
605 * the issue. Maybe it was a transient failure.
606 */
607 ipsec_loader_loadnow(ns->netstack_ipsec);
608 }
609
610 if (sflag & MODOPEN) {
611 /* Initialize keysock_consumer state here. */
612 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP);
613 if (kc == NULL) {
614 netstack_rele(keystack->keystack_netstack);
615 return (ENOMEM);
616 }
617 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0);
618 kc->kc_rq = q;
619 kc->kc_wq = WR(q);
620
621 q->q_ptr = kc;
622 WR(q)->q_ptr = kc;
623
624 kc->kc_keystack = keystack;
625 qprocson(q);
626
627 /*
628 * Send down initial message to whatever I was pushed on top
629 * of asking for its consumer type. The reply will set it.
630 */
631
632 /* Allocate it. */
633 mp = allocb(sizeof (ipsec_info_t), BPRI_HI);
634 if (mp == NULL) {
635 ks1dbg(keystack, (
636 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n"));
637 /* Do I need to set these to null? */
638 q->q_ptr = NULL;
639 WR(q)->q_ptr = NULL;
640 mutex_destroy(&kc->kc_lock);
641 kmem_free(kc, sizeof (*kc));
642 netstack_rele(keystack->keystack_netstack);
643 return (ENOMEM);
644 }
645
646 /* If I allocated okay, putnext to what I was pushed atop. */
647 mp->b_wptr += sizeof (ipsec_info_t);
648 mp->b_datap->db_type = M_CTL;
649 ii = (ipsec_info_t *)mp->b_rptr;
650 ii->ipsec_info_type = KEYSOCK_HELLO;
651 /* Length only of type/len. */
652 ii->ipsec_info_len = sizeof (ii->ipsec_allu);
653 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n"));
654 putnext(kc->kc_wq, mp);
655 } else {
656 minor_t ksminor;
657
658 /* Initialize keysock state. */
659
660 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n"));
661
662 ksminor = (minor_t)(uintptr_t)
663 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP);
664 if (ksminor == 0) {
665 netstack_rele(keystack->keystack_netstack);
666 return (ENOMEM);
667 }
668 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP);
669 if (ks == NULL) {
670 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1);
671 netstack_rele(keystack->keystack_netstack);
672 return (ENOMEM);
673 }
674
675 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0);
676 ks->keysock_rq = q;
677 ks->keysock_wq = WR(q);
678 ks->keysock_state = TS_UNBND;
679 ks->keysock_serial = ksminor;
680
681 q->q_ptr = ks;
682 WR(q)->q_ptr = ks;
683 ks->keysock_keystack = keystack;
684
685 /*
686 * The receive hiwat is only looked at on the stream head
687 * queue. Store in q_hiwat in order to return on SO_RCVBUF
688 * getsockopts.
689 */
690
691 q->q_hiwat = keystack->keystack_recv_hiwat;
692
693 /*
694 * The transmit hiwat/lowat is only looked at on IP's queue.
695 * Store in q_hiwat/q_lowat in order to return on
696 * SO_SNDBUF/SO_SNDLOWAT getsockopts.
697 */
698
699 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat;
700 WR(q)->q_lowat = keystack->keystack_xmit_lowat;
701
702 *devp = makedevice(getmajor(*devp), ksminor);
703
704 /*
705 * Thread keysock into the global keysock list.
706 */
707 mutex_enter(&keystack->keystack_list_lock);
708 ks->keysock_next = keystack->keystack_list;
709 ks->keysock_ptpn = &keystack->keystack_list;
710 if (keystack->keystack_list != NULL) {
711 keystack->keystack_list->keysock_ptpn =
712 &ks->keysock_next;
713 }
714 keystack->keystack_list = ks;
715 mutex_exit(&keystack->keystack_list_lock);
716
717 qprocson(q);
718 (void) proto_set_rx_hiwat(q, NULL,
719 keystack->keystack_recv_hiwat);
720 /*
721 * Wait outside the keysock module perimeter for IPsec
722 * plumbing to be completed. If it fails, keysock_close()
723 * undoes everything we just did.
724 */
725 if (!ipsec_loader_wait(q,
726 keystack->keystack_netstack->netstack_ipsec)) {
727 (void) keysock_close(q);
728 return (EPFNOSUPPORT);
729 }
730 }
731
732 return (0);
733 }
734
735 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */
736
737 /*
738 * Copy relevant state bits.
739 */
740 static void
741 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks)
742 {
743 *tap = keysock_g_t_info_ack;
744 tap->CURRENT_state = ks->keysock_state;
745 tap->OPT_size = keysock_max_optsize;
746 }
747
748 /*
749 * This routine responds to T_CAPABILITY_REQ messages. It is called by
750 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from
751 * keysock_g_t_info_ack. The current state of the stream is copied from
752 * keysock_state.
753 */
754 static void
755 keysock_capability_req(queue_t *q, mblk_t *mp)
756 {
757 keysock_t *ks = (keysock_t *)q->q_ptr;
758 t_uscalar_t cap_bits1;
759 struct T_capability_ack *tcap;
760
761 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
762
763 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
764 mp->b_datap->db_type, T_CAPABILITY_ACK);
765 if (mp == NULL)
766 return;
767
768 tcap = (struct T_capability_ack *)mp->b_rptr;
769 tcap->CAP_bits1 = 0;
770
771 if (cap_bits1 & TC1_INFO) {
772 keysock_copy_info(&tcap->INFO_ack, ks);
773 tcap->CAP_bits1 |= TC1_INFO;
774 }
775
776 qreply(q, mp);
777 }
778
779 /*
780 * This routine responds to T_INFO_REQ messages. It is called by
781 * keysock_wput_other.
782 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack.
783 * The current state of the stream is copied from keysock_state.
784 */
785 static void
786 keysock_info_req(q, mp)
787 queue_t *q;
788 mblk_t *mp;
789 {
790 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO,
791 T_INFO_ACK);
792 if (mp == NULL)
793 return;
794 keysock_copy_info((struct T_info_ack *)mp->b_rptr,
795 (keysock_t *)q->q_ptr);
796 qreply(q, mp);
797 }
798
799 /*
800 * keysock_err_ack. This routine creates a
801 * T_ERROR_ACK message and passes it
802 * upstream.
803 */
804 static void
805 keysock_err_ack(q, mp, t_error, sys_error)
806 queue_t *q;
807 mblk_t *mp;
808 int t_error;
809 int sys_error;
810 {
811 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL)
812 qreply(q, mp);
813 }
814
815 /*
816 * This routine retrieves the current status of socket options.
817 * It returns the size of the option retrieved.
818 */
819 /* ARGSUSED */
820 int
821 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr)
822 {
823 int *i1 = (int *)ptr;
824 keysock_t *ks = (keysock_t *)q->q_ptr;
825
826 switch (level) {
827 case SOL_SOCKET:
828 mutex_enter(&ks->keysock_lock);
829 switch (name) {
830 case SO_TYPE:
831 *i1 = SOCK_RAW;
832 break;
833 case SO_USELOOPBACK:
834 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) ==
835 KEYSOCK_NOLOOP));
836 break;
837 /*
838 * The following two items can be manipulated,
839 * but changing them should do nothing.
840 */
841 case SO_SNDBUF:
842 *i1 = (int)q->q_hiwat;
843 break;
844 case SO_RCVBUF:
845 *i1 = (int)(RD(q)->q_hiwat);
846 break;
847 }
848 mutex_exit(&ks->keysock_lock);
849 break;
850 default:
851 return (0);
852 }
853 return (sizeof (int));
854 }
855
856 /*
857 * This routine sets socket options.
858 */
859 /* ARGSUSED */
860 int
861 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level,
862 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp,
863 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr)
864 {
865 int *i1 = (int *)invalp, errno = 0;
866 keysock_t *ks = (keysock_t *)q->q_ptr;
867 keysock_stack_t *keystack = ks->keysock_keystack;
868
869 switch (level) {
870 case SOL_SOCKET:
871 mutex_enter(&ks->keysock_lock);
872 switch (name) {
873 case SO_USELOOPBACK:
874 if (!(*i1))
875 ks->keysock_flags |= KEYSOCK_NOLOOP;
876 else ks->keysock_flags &= ~KEYSOCK_NOLOOP;
877 break;
878 case SO_SNDBUF:
879 if (*i1 > keystack->keystack_max_buf)
880 errno = ENOBUFS;
881 else q->q_hiwat = *i1;
882 break;
883 case SO_RCVBUF:
884 if (*i1 > keystack->keystack_max_buf) {
885 errno = ENOBUFS;
886 } else {
887 RD(q)->q_hiwat = *i1;
888 (void) proto_set_rx_hiwat(RD(q), NULL, *i1);
889 }
890 break;
891 default:
892 errno = EINVAL;
893 }
894 mutex_exit(&ks->keysock_lock);
895 break;
896 default:
897 errno = EINVAL;
898 }
899 return (errno);
900 }
901
902 /*
903 * Handle STREAMS messages.
904 */
905 static void
906 keysock_wput_other(queue_t *q, mblk_t *mp)
907 {
908 struct iocblk *iocp;
909 int error;
910 keysock_t *ks = (keysock_t *)q->q_ptr;
911 keysock_stack_t *keystack = ks->keysock_keystack;
912 cred_t *cr;
913
914 switch (mp->b_datap->db_type) {
915 case M_PROTO:
916 case M_PCPROTO:
917 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) {
918 ks3dbg(keystack, (
919 "keysock_wput_other: Not big enough M_PROTO\n"));
920 freemsg(mp);
921 return;
922 }
923 switch (((union T_primitives *)mp->b_rptr)->type) {
924 case T_CAPABILITY_REQ:
925 keysock_capability_req(q, mp);
926 break;
927 case T_INFO_REQ:
928 keysock_info_req(q, mp);
929 break;
930 case T_SVR4_OPTMGMT_REQ:
931 case T_OPTMGMT_REQ:
932 /*
933 * All Solaris components should pass a db_credp
934 * for this TPI message, hence we ASSERT.
935 * But in case there is some other M_PROTO that looks
936 * like a TPI message sent by some other kernel
937 * component, we check and return an error.
938 */
939 cr = msg_getcred(mp, NULL);
940 ASSERT(cr != NULL);
941 if (cr == NULL) {
942 keysock_err_ack(q, mp, TSYSERR, EINVAL);
943 return;
944 }
945 if (((union T_primitives *)mp->b_rptr)->type ==
946 T_SVR4_OPTMGMT_REQ) {
947 svr4_optcom_req(q, mp, cr, &keysock_opt_obj);
948 } else {
949 tpi_optcom_req(q, mp, cr, &keysock_opt_obj);
950 }
951 break;
952 case T_DATA_REQ:
953 case T_EXDATA_REQ:
954 case T_ORDREL_REQ:
955 /* Illegal for keysock. */
956 freemsg(mp);
957 (void) putnextctl1(RD(q), M_ERROR, EPROTO);
958 break;
959 default:
960 /* Not supported by keysock. */
961 keysock_err_ack(q, mp, TNOTSUPPORT, 0);
962 break;
963 }
964 return;
965 case M_IOCTL:
966 iocp = (struct iocblk *)mp->b_rptr;
967 error = EINVAL;
968
969 switch (iocp->ioc_cmd) {
970 case ND_SET:
971 case ND_GET:
972 if (nd_getset(q, keystack->keystack_g_nd, mp)) {
973 qreply(q, mp);
974 return;
975 } else
976 error = ENOENT;
977 /* FALLTHRU */
978 default:
979 miocnak(q, mp, 0, error);
980 return;
981 }
982 case M_FLUSH:
983 if (*mp->b_rptr & FLUSHW) {
984 flushq(q, FLUSHALL);
985 *mp->b_rptr &= ~FLUSHW;
986 }
987 if (*mp->b_rptr & FLUSHR) {
988 qreply(q, mp);
989 return;
990 }
991 /* Else FALLTHRU */
992 }
993
994 /* If fell through, just black-hole the message. */
995 freemsg(mp);
996 }
997
998 /*
999 * Transmit a PF_KEY error message to the instance either pointed to
1000 * by ks, the instance with serial number serial, or more, depending.
1001 *
1002 * The faulty message (or a reasonable facsimile thereof) is in mp.
1003 * This function will free mp or recycle it for delivery, thereby causing
1004 * the stream head to free it.
1005 */
1006 static void
1007 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic)
1008 {
1009 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1010 keysock_stack_t *keystack = ks->keysock_keystack;
1011
1012 ASSERT(mp->b_datap->db_type == M_DATA);
1013
1014 if (samsg->sadb_msg_type < SADB_GETSPI ||
1015 samsg->sadb_msg_type > SADB_MAX)
1016 samsg->sadb_msg_type = SADB_RESERVED;
1017
1018 /*
1019 * Strip out extension headers.
1020 */
1021 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim);
1022 mp->b_wptr = mp->b_rptr + sizeof (*samsg);
1023 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t));
1024 samsg->sadb_msg_errno = (uint8_t)error;
1025 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic;
1026
1027 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack);
1028 }
1029
1030 /*
1031 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy
1032 * in the extv if passed in.
1033 */
1034 static void
1035 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
1036 boolean_t flushmsg)
1037 {
1038 keysock_consumer_t *kc;
1039 mblk_t *wrapper;
1040 keysock_in_t *ksi;
1041 int i;
1042 keysock_stack_t *keystack = ks->keysock_keystack;
1043
1044 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI);
1045 if (wrapper == NULL) {
1046 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n"));
1047 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL)
1048 bzero(extv[SADB_EXT_KEY_ENCRYPT],
1049 SADB_64TO8(
1050 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len));
1051 if (extv[SADB_EXT_KEY_AUTH] != NULL)
1052 bzero(extv[SADB_EXT_KEY_AUTH],
1053 SADB_64TO8(
1054 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len));
1055 if (flushmsg) {
1056 ks0dbg((
1057 "keysock: Downwards flush/dump message failed!\n"));
1058 /* If this is true, I hold the perimeter. */
1059 keystack->keystack_flushdump--;
1060 }
1061 freemsg(mp);
1062 return;
1063 }
1064
1065 wrapper->b_datap->db_type = M_CTL;
1066 ksi = (keysock_in_t *)wrapper->b_rptr;
1067 ksi->ks_in_type = KEYSOCK_IN;
1068 ksi->ks_in_len = sizeof (keysock_in_t);
1069 if (extv[SADB_EXT_ADDRESS_SRC] != NULL)
1070 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN;
1071 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE;
1072 if (extv[SADB_EXT_ADDRESS_DST] != NULL)
1073 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
1074 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
1075 for (i = 0; i <= SADB_EXT_MAX; i++)
1076 ksi->ks_in_extv[i] = extv[i];
1077 ksi->ks_in_serial = ks->keysock_serial;
1078 wrapper->b_wptr += sizeof (ipsec_info_t);
1079 wrapper->b_cont = mp;
1080
1081 /*
1082 * Find the appropriate consumer where the message is passed down.
1083 */
1084 kc = keystack->keystack_consumers[satype];
1085 if (kc == NULL) {
1086 freeb(wrapper);
1087 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1088 if (flushmsg) {
1089 ks0dbg((
1090 "keysock: Downwards flush/dump message failed!\n"));
1091 /* If this is true, I hold the perimeter. */
1092 keystack->keystack_flushdump--;
1093 }
1094 return;
1095 }
1096
1097 /*
1098 * NOTE: There used to be code in here to spin while a flush or
1099 * dump finished. Keysock now assumes that consumers have enough
1100 * MT-savviness to deal with that.
1101 */
1102
1103 /*
1104 * Current consumers (AH and ESP) are guaranteed to return a
1105 * FLUSH or DUMP message back, so when we reach here, we don't
1106 * have to worry about keysock_flushdumps.
1107 */
1108
1109 putnext(kc->kc_wq, wrapper);
1110 }
1111
1112 /*
1113 * High-level reality checking of extensions.
1114 */
1115 static boolean_t
1116 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack)
1117 {
1118 int i;
1119 uint64_t *lp;
1120 sadb_ident_t *id;
1121 char *idstr;
1122
1123 switch (ext->sadb_ext_type) {
1124 case SADB_EXT_ADDRESS_SRC:
1125 case SADB_EXT_ADDRESS_DST:
1126 case SADB_X_EXT_ADDRESS_INNER_SRC:
1127 case SADB_X_EXT_ADDRESS_INNER_DST:
1128 /* Check for at least enough addtl length for a sockaddr. */
1129 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
1130 return (B_FALSE);
1131 break;
1132 case SADB_EXT_LIFETIME_HARD:
1133 case SADB_EXT_LIFETIME_SOFT:
1134 case SADB_EXT_LIFETIME_CURRENT:
1135 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t)))
1136 return (B_FALSE);
1137 break;
1138 case SADB_EXT_SPIRANGE:
1139 /* See if the SPI range is legit. */
1140 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) >
1141 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max))
1142 return (B_FALSE);
1143 break;
1144 case SADB_EXT_KEY_AUTH:
1145 case SADB_EXT_KEY_ENCRYPT:
1146 /* Key length check. */
1147 if (((sadb_key_t *)ext)->sadb_key_bits == 0)
1148 return (B_FALSE);
1149 /*
1150 * Check to see if the key length (in bits) is less than the
1151 * extension length (in 8-bits words).
1152 */
1153 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) +
1154 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) {
1155 ks1dbg(keystack, (
1156 "ext_check: Key bits/length inconsistent.\n"));
1157 ks1dbg(keystack, ("%d bits, len is %d bytes.\n",
1158 ((sadb_key_t *)ext)->sadb_key_bits,
1159 SADB_64TO8(ext->sadb_ext_len)));
1160 return (B_FALSE);
1161 }
1162
1163 /* All-zeroes key check. */
1164 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t));
1165 for (i = 0;
1166 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t)));
1167 i++)
1168 if (lp[i] != 0)
1169 break; /* Out of for loop. */
1170 /* If finished the loop naturally, it's an all zero key. */
1171 if (lp[i] == 0)
1172 return (B_FALSE);
1173 break;
1174 case SADB_EXT_IDENTITY_SRC:
1175 case SADB_EXT_IDENTITY_DST:
1176 /*
1177 * Make sure the strings in these identities are
1178 * null-terminated. RFC 2367 underspecified how to handle
1179 * such a case. I "proactively" null-terminate the string
1180 * at the last byte if it's not terminated sooner.
1181 */
1182 id = (sadb_ident_t *)ext;
1183 i = SADB_64TO8(id->sadb_ident_len);
1184 i -= sizeof (sadb_ident_t);
1185 idstr = (char *)(id + 1);
1186 while (*idstr != '\0' && i > 0) {
1187 i--;
1188 idstr++;
1189 }
1190 if (i == 0) {
1191 /*
1192 * I.e., if the bozo user didn't NULL-terminate the
1193 * string...
1194 */
1195 idstr--;
1196 *idstr = '\0';
1197 }
1198 break;
1199 }
1200 return (B_TRUE); /* For now... */
1201 }
1202
1203 /* Return values for keysock_get_ext(). */
1204 #define KGE_OK 0
1205 #define KGE_DUP 1
1206 #define KGE_UNK 2
1207 #define KGE_LEN 3
1208 #define KGE_CHK 4
1209
1210 /*
1211 * Parse basic extension headers and return in the passed-in pointer vector.
1212 * Return values include:
1213 *
1214 * KGE_OK Everything's nice and parsed out.
1215 * If there are no extensions, place NULL in extv[0].
1216 * KGE_DUP There is a duplicate extension.
1217 * First instance in appropriate bin. First duplicate in
1218 * extv[0].
1219 * KGE_UNK Unknown extension type encountered. extv[0] contains
1220 * unknown header.
1221 * KGE_LEN Extension length error.
1222 * KGE_CHK High-level reality check failed on specific extension.
1223 *
1224 * My apologies for some of the pointer arithmetic in here. I'm thinking
1225 * like an assembly programmer, yet trying to make the compiler happy.
1226 */
1227 static int
1228 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize,
1229 keysock_stack_t *keystack)
1230 {
1231 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1));
1232
1233 /* Use extv[0] as the "current working pointer". */
1234
1235 extv[0] = (sadb_ext_t *)(basehdr + 1);
1236
1237 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) {
1238 /* Check for unknown headers. */
1239 if (extv[0]->sadb_ext_type == 0 ||
1240 extv[0]->sadb_ext_type > SADB_EXT_MAX)
1241 return (KGE_UNK);
1242
1243 /*
1244 * Check length. Use uint64_t because extlen is in units
1245 * of 64-bit words. If length goes beyond the msgsize,
1246 * return an error. (Zero length also qualifies here.)
1247 */
1248 if (extv[0]->sadb_ext_len == 0 ||
1249 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) >
1250 (void *)((uint8_t *)basehdr + msgsize))
1251 return (KGE_LEN);
1252
1253 /* Check for redundant headers. */
1254 if (extv[extv[0]->sadb_ext_type] != NULL)
1255 return (KGE_DUP);
1256
1257 /*
1258 * Reality check the extension if possible at the keysock
1259 * level.
1260 */
1261 if (!ext_check(extv[0], keystack))
1262 return (KGE_CHK);
1263
1264 /* If I make it here, assign the appropriate bin. */
1265 extv[extv[0]->sadb_ext_type] = extv[0];
1266
1267 /* Advance pointer (See above for uint64_t ptr reasoning.) */
1268 extv[0] = (sadb_ext_t *)
1269 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len);
1270 }
1271
1272 /* Everything's cool. */
1273
1274 /*
1275 * If extv[0] == NULL, then there are no extension headers in this
1276 * message. Ensure that this is the case.
1277 */
1278 if (extv[0] == (sadb_ext_t *)(basehdr + 1))
1279 extv[0] = NULL;
1280
1281 return (KGE_OK);
1282 }
1283
1284 /*
1285 * qwriter() callback to handle flushes and dumps. This routine will hold
1286 * the inner perimeter.
1287 */
1288 void
1289 keysock_do_flushdump(queue_t *q, mblk_t *mp)
1290 {
1291 int i, start, finish;
1292 mblk_t *mp1 = NULL;
1293 keysock_t *ks = (keysock_t *)q->q_ptr;
1294 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1295 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1296 keysock_stack_t *keystack = ks->keysock_keystack;
1297
1298 /*
1299 * I am guaranteed this will work. I did the work in keysock_parse()
1300 * already.
1301 */
1302 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len),
1303 keystack);
1304
1305 /*
1306 * I hold the perimeter, therefore I don't need to use atomic ops.
1307 */
1308 if (keystack->keystack_flushdump != 0) {
1309 /* XXX Should I instead use EBUSY? */
1310 /* XXX Or is there a way to queue these up? */
1311 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE);
1312 return;
1313 }
1314
1315 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1316 start = 0;
1317 finish = KEYSOCK_MAX_CONSUMERS - 1;
1318 } else {
1319 start = samsg->sadb_msg_satype;
1320 finish = samsg->sadb_msg_satype;
1321 }
1322
1323 /*
1324 * Fill up keysock_flushdump with the number of outstanding dumps
1325 * and/or flushes.
1326 */
1327
1328 keystack->keystack_flushdump_errno = 0;
1329
1330 /*
1331 * Okay, I hold the perimeter. Eventually keysock_flushdump will
1332 * contain the number of consumers with outstanding flush operations.
1333 *
1334 * SO, here's the plan:
1335 * * For each relevant consumer (Might be one, might be all)
1336 * * Twiddle on the FLUSHING flag.
1337 * * Pass down the FLUSH/DUMP message.
1338 *
1339 * When I see upbound FLUSH/DUMP messages, I will decrement the
1340 * keysock_flushdump. When I decrement it to 0, I will pass the
1341 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will
1342 * pass down the right SA type to the consumer (either its own, or
1343 * that of UNSPEC), the right one will be reflected from each consumer,
1344 * and accordingly back to the socket.
1345 */
1346
1347 mutex_enter(&keystack->keystack_consumers_lock);
1348 for (i = start; i <= finish; i++) {
1349 if (keystack->keystack_consumers[i] != NULL) {
1350 mp1 = copymsg(mp);
1351 if (mp1 == NULL) {
1352 ks0dbg(("SADB_FLUSH copymsg() failed.\n"));
1353 /*
1354 * Error? And what about outstanding
1355 * flushes? Oh, yeah, they get sucked up and
1356 * the counter is decremented. Consumers
1357 * (see keysock_passdown()) are guaranteed
1358 * to deliver back a flush request, even if
1359 * it's an error.
1360 */
1361 keysock_error(ks, mp, ENOMEM,
1362 SADB_X_DIAGNOSTIC_NONE);
1363 return;
1364 }
1365 /*
1366 * Because my entry conditions are met above, the
1367 * following assertion should hold true.
1368 */
1369 mutex_enter(&keystack->keystack_consumers[i]->kc_lock);
1370 ASSERT((keystack->keystack_consumers[i]->kc_flags &
1371 KC_FLUSHING) == 0);
1372 keystack->keystack_consumers[i]->kc_flags |=
1373 KC_FLUSHING;
1374 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock));
1375 /* Always increment the number of flushes... */
1376 keystack->keystack_flushdump++;
1377 /* Guaranteed to return a message. */
1378 keysock_passdown(ks, mp1, i, extv, B_TRUE);
1379 } else if (start == finish) {
1380 /*
1381 * In case where start == finish, and there's no
1382 * consumer, should we force an error? Yes.
1383 */
1384 mutex_exit(&keystack->keystack_consumers_lock);
1385 keysock_error(ks, mp, EINVAL,
1386 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1387 return;
1388 }
1389 }
1390 mutex_exit(&keystack->keystack_consumers_lock);
1391
1392 if (keystack->keystack_flushdump == 0) {
1393 /*
1394 * There were no consumers at all for this message.
1395 * XXX For now return ESRCH.
1396 */
1397 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS);
1398 } else {
1399 /* Otherwise, free the original message. */
1400 freemsg(mp);
1401 }
1402 }
1403
1404 /*
1405 * Get the right diagnostic for a duplicate. Should probably use a static
1406 * table lookup.
1407 */
1408 int
1409 keysock_duplicate(int ext_type)
1410 {
1411 int rc = 0;
1412
1413 switch (ext_type) {
1414 case SADB_EXT_ADDRESS_SRC:
1415 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC;
1416 break;
1417 case SADB_EXT_ADDRESS_DST:
1418 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
1419 break;
1420 case SADB_X_EXT_ADDRESS_INNER_SRC:
1421 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
1422 break;
1423 case SADB_X_EXT_ADDRESS_INNER_DST:
1424 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
1425 break;
1426 case SADB_EXT_SA:
1427 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
1428 break;
1429 case SADB_EXT_SPIRANGE:
1430 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE;
1431 break;
1432 case SADB_EXT_KEY_AUTH:
1433 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY;
1434 break;
1435 case SADB_EXT_KEY_ENCRYPT:
1436 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY;
1437 break;
1438 }
1439 return (rc);
1440 }
1441
1442 /*
1443 * Get the right diagnostic for a reality check failure. Should probably use
1444 * a static table lookup.
1445 */
1446 int
1447 keysock_malformed(int ext_type)
1448 {
1449 int rc = 0;
1450
1451 switch (ext_type) {
1452 case SADB_EXT_ADDRESS_SRC:
1453 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC;
1454 break;
1455 case SADB_EXT_ADDRESS_DST:
1456 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
1457 break;
1458 case SADB_X_EXT_ADDRESS_INNER_SRC:
1459 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
1460 break;
1461 case SADB_X_EXT_ADDRESS_INNER_DST:
1462 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
1463 break;
1464 case SADB_EXT_SA:
1465 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
1466 break;
1467 case SADB_EXT_SPIRANGE:
1468 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE;
1469 break;
1470 case SADB_EXT_KEY_AUTH:
1471 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY;
1472 break;
1473 case SADB_EXT_KEY_ENCRYPT:
1474 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY;
1475 break;
1476 }
1477 return (rc);
1478 }
1479
1480 /*
1481 * Keysock massaging of an inverse ACQUIRE. Consult policy,
1482 * and construct an appropriate response.
1483 */
1484 static void
1485 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
1486 keysock_t *ks)
1487 {
1488 mblk_t *reply_mp;
1489 keysock_stack_t *keystack = ks->keysock_keystack;
1490
1491 /*
1492 * Reality check things...
1493 */
1494 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) {
1495 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC);
1496 return;
1497 }
1498 if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
1499 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
1500 return;
1501 }
1502
1503 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
1504 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
1505 keysock_error(ks, mp, EINVAL,
1506 SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
1507 return;
1508 }
1509
1510 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
1511 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
1512 keysock_error(ks, mp, EINVAL,
1513 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
1514 return;
1515 }
1516
1517 reply_mp = ipsec_construct_inverse_acquire(samsg, extv,
1518 keystack->keystack_netstack);
1519
1520 if (reply_mp != NULL) {
1521 freemsg(mp);
1522 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr,
1523 ks->keysock_serial, NULL, B_FALSE, keystack);
1524 } else {
1525 keysock_error(ks, mp, samsg->sadb_msg_errno,
1526 samsg->sadb_x_msg_diagnostic);
1527 }
1528 }
1529
1530 /*
1531 * Spew an extended REGISTER down to the relevant consumers.
1532 */
1533 static void
1534 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1535 {
1536 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG];
1537 uint8_t *satypes, *fencepost;
1538 mblk_t *downmp;
1539 sadb_ext_t *downextv[SADB_EXT_MAX + 1];
1540 keysock_stack_t *keystack = ks->keysock_keystack;
1541
1542 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 ||
1543 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) {
1544 keysock_error(ks, mp, EBUSY, 0);
1545 }
1546
1547 ks->keysock_flags |= KEYSOCK_EXTENDED;
1548 if (ereg == NULL) {
1549 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1550 } else {
1551 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr);
1552 fencepost = (uint8_t *)mp->b_wptr;
1553 satypes = ereg->sadb_x_ereg_satypes;
1554 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) {
1555 downmp = copymsg(mp);
1556 if (downmp == NULL) {
1557 keysock_error(ks, mp, ENOMEM, 0);
1558 return;
1559 }
1560 /*
1561 * Since we've made it here, keysock_get_ext will work!
1562 */
1563 (void) keysock_get_ext(downextv,
1564 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp),
1565 keystack);
1566 keysock_passdown(ks, downmp, *satypes, downextv,
1567 B_FALSE);
1568 ++satypes;
1569 }
1570 freemsg(mp);
1571 }
1572
1573 /*
1574 * Set global to indicate we prefer an extended ACQUIRE.
1575 */
1576 atomic_inc_32(&keystack->keystack_num_extended);
1577 }
1578
1579 static void
1580 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1581 {
1582 int i, start, finish;
1583 mblk_t *mp1 = NULL;
1584 keysock_stack_t *keystack = ks->keysock_keystack;
1585
1586 start = 0;
1587 finish = KEYSOCK_MAX_CONSUMERS - 1;
1588
1589 for (i = start; i <= finish; i++) {
1590 if (keystack->keystack_consumers[i] != NULL) {
1591 mp1 = copymsg(mp);
1592 if (mp1 == NULL) {
1593 keysock_error(ks, mp, ENOMEM,
1594 SADB_X_DIAGNOSTIC_NONE);
1595 return;
1596 }
1597 keysock_passdown(ks, mp1, i, extv, B_FALSE);
1598 }
1599 }
1600 }
1601
1602 /*
1603 * Handle PF_KEY messages.
1604 */
1605 static void
1606 keysock_parse(queue_t *q, mblk_t *mp)
1607 {
1608 sadb_msg_t *samsg;
1609 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1610 keysock_t *ks = (keysock_t *)q->q_ptr;
1611 uint_t msgsize;
1612 uint8_t satype;
1613 keysock_stack_t *keystack = ks->keysock_keystack;
1614
1615 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */
1616 ASSERT(WR(q)->q_next == NULL);
1617
1618 samsg = (sadb_msg_t *)mp->b_rptr;
1619 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n",
1620 samsg->sadb_msg_type));
1621
1622 msgsize = SADB_64TO8(samsg->sadb_msg_len);
1623
1624 if (msgdsize(mp) != msgsize) {
1625 /*
1626 * Message len incorrect w.r.t. actual size. Send an error
1627 * (EMSGSIZE). It may be necessary to massage things a
1628 * bit. For example, if the sadb_msg_type is hosed,
1629 * I need to set it to SADB_RESERVED to get delivery to
1630 * do the right thing. Then again, maybe just letting
1631 * the error delivery do the right thing.
1632 */
1633 ks2dbg(keystack,
1634 ("mblk (%lu) and base (%d) message sizes don't jibe.\n",
1635 msgdsize(mp), msgsize));
1636 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE);
1637 return;
1638 }
1639
1640 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) {
1641 /* Get all message into one mblk. */
1642 if (pullupmsg(mp, -1) == 0) {
1643 /*
1644 * Something screwy happened.
1645 */
1646 ks3dbg(keystack,
1647 ("keysock_parse: pullupmsg() failed.\n"));
1648 return;
1649 } else {
1650 samsg = (sadb_msg_t *)mp->b_rptr;
1651 }
1652 }
1653
1654 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) {
1655 case KGE_DUP:
1656 /* Handle duplicate extension. */
1657 ks1dbg(keystack, ("Got duplicate extension of type %d.\n",
1658 extv[0]->sadb_ext_type));
1659 keysock_error(ks, mp, EINVAL,
1660 keysock_duplicate(extv[0]->sadb_ext_type));
1661 return;
1662 case KGE_UNK:
1663 /* Handle unknown extension. */
1664 ks1dbg(keystack, ("Got unknown extension of type %d.\n",
1665 extv[0]->sadb_ext_type));
1666 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT);
1667 return;
1668 case KGE_LEN:
1669 /* Length error. */
1670 ks1dbg(keystack,
1671 ("Length %d on extension type %d overrun or 0.\n",
1672 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type));
1673 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN);
1674 return;
1675 case KGE_CHK:
1676 /* Reality check failed. */
1677 ks1dbg(keystack,
1678 ("Reality check failed on extension type %d.\n",
1679 extv[0]->sadb_ext_type));
1680 keysock_error(ks, mp, EINVAL,
1681 keysock_malformed(extv[0]->sadb_ext_type));
1682 return;
1683 default:
1684 /* Default case is no errors. */
1685 break;
1686 }
1687
1688 switch (samsg->sadb_msg_type) {
1689 case SADB_REGISTER:
1690 /*
1691 * There's a semantic weirdness in that a message OTHER than
1692 * the return REGISTER message may be passed up if I set the
1693 * registered bit BEFORE I pass it down.
1694 *
1695 * SOOOO, I'll not twiddle any registered bits until I see
1696 * the upbound REGISTER (with a serial number in it).
1697 */
1698 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1699 /* Handle extended register here. */
1700 keysock_extended_register(ks, mp, extv);
1701 return;
1702 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) {
1703 keysock_error(ks, mp, EBUSY, 0);
1704 return;
1705 }
1706 /* FALLTHRU */
1707 case SADB_GETSPI:
1708 case SADB_ADD:
1709 case SADB_UPDATE:
1710 case SADB_X_UPDATEPAIR:
1711 case SADB_DELETE:
1712 case SADB_X_DELPAIR:
1713 case SADB_GET:
1714 /*
1715 * Pass down to appropriate consumer.
1716 */
1717 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1718 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1719 B_FALSE);
1720 else keysock_error(ks, mp, EINVAL,
1721 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1722 return;
1723 case SADB_X_DELPAIR_STATE:
1724 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1725 keysock_delpair_all(ks, mp, extv);
1726 } else {
1727 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1728 B_FALSE);
1729 }
1730 return;
1731 case SADB_ACQUIRE:
1732 /*
1733 * If I _receive_ an acquire, this means I should spread it
1734 * out to registered sockets. Unless there's an errno...
1735 *
1736 * Need ADDRESS, may have ID, SENS, and PROP, unless errno,
1737 * in which case there should be NO extensions.
1738 *
1739 * Return to registered.
1740 */
1741 if (samsg->sadb_msg_errno != 0) {
1742 satype = samsg->sadb_msg_satype;
1743 if (satype == SADB_SATYPE_UNSPEC) {
1744 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) {
1745 keysock_error(ks, mp, EINVAL,
1746 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1747 return;
1748 }
1749 /*
1750 * Reassign satype based on the first
1751 * flags that KEYSOCK_SETREG says.
1752 */
1753 while (satype <= SADB_SATYPE_MAX) {
1754 if (KEYSOCK_ISREG(ks, satype))
1755 break;
1756 satype++;
1757 }
1758 if (satype > SADB_SATYPE_MAX) {
1759 keysock_error(ks, mp, EBUSY, 0);
1760 return;
1761 }
1762 }
1763 keysock_passdown(ks, mp, satype, extv, B_FALSE);
1764 } else {
1765 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1766 keysock_error(ks, mp, EINVAL,
1767 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1768 } else {
1769 keysock_passup(mp, samsg, 0, NULL, B_FALSE,
1770 keystack);
1771 }
1772 }
1773 return;
1774 case SADB_EXPIRE:
1775 /*
1776 * If someone sends this in, then send out to all senders.
1777 * (Save maybe ESP or AH, I have to be careful here.)
1778 *
1779 * Need ADDRESS, may have ID and SENS.
1780 *
1781 * XXX for now this is unsupported.
1782 */
1783 break;
1784 case SADB_FLUSH:
1785 /*
1786 * Nuke all SAs.
1787 *
1788 * No extensions at all. Return to all listeners.
1789 *
1790 * Question: Should I hold a lock here to prevent
1791 * additions/deletions while flushing?
1792 * Answer: No. (See keysock_passdown() for details.)
1793 */
1794 if (extv[0] != NULL) {
1795 /*
1796 * FLUSH messages shouldn't have extensions.
1797 * Return EINVAL.
1798 */
1799 ks2dbg(keystack, ("FLUSH message with extension.\n"));
1800 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT);
1801 return;
1802 }
1803
1804 /* Passing down of DUMP/FLUSH messages are special. */
1805 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1806 return;
1807 case SADB_DUMP: /* not used by normal applications */
1808 if ((extv[0] != NULL) &&
1809 ((msgsize >
1810 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) ||
1811 (extv[SADB_X_EXT_EDUMP] == NULL))) {
1812 keysock_error(ks, mp, EINVAL,
1813 SADB_X_DIAGNOSTIC_NO_EXT);
1814 return;
1815 }
1816 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1817 return;
1818 case SADB_X_PROMISC:
1819 /*
1820 * Promiscuous processing message.
1821 */
1822 if (samsg->sadb_msg_satype == 0)
1823 ks->keysock_flags &= ~KEYSOCK_PROMISC;
1824 else
1825 ks->keysock_flags |= KEYSOCK_PROMISC;
1826 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE,
1827 keystack);
1828 return;
1829 case SADB_X_INVERSE_ACQUIRE:
1830 keysock_inverse_acquire(mp, samsg, extv, ks);
1831 return;
1832 default:
1833 ks2dbg(keystack, ("Got unknown message type %d.\n",
1834 samsg->sadb_msg_type));
1835 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG);
1836 return;
1837 }
1838
1839 /* As a placeholder... */
1840 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n"));
1841 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE);
1842 }
1843
1844 /*
1845 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket,
1846 * I don't convert to ioctl()'s for IP. I am the end-all driver as far
1847 * as PF_KEY sockets are concerned. I do some conversion, but not as much
1848 * as IP/rts does.
1849 */
1850 static void
1851 keysock_wput(queue_t *q, mblk_t *mp)
1852 {
1853 uchar_t *rptr = mp->b_rptr;
1854 mblk_t *mp1;
1855 keysock_t *ks;
1856 keysock_stack_t *keystack;
1857
1858 if (WR(q)->q_next) {
1859 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
1860 keystack = kc->kc_keystack;
1861
1862 ks3dbg(keystack, ("In keysock_wput\n"));
1863
1864 /*
1865 * We shouldn't get writes on a consumer instance.
1866 * But for now, just passthru.
1867 */
1868 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n",
1869 kc->kc_sa_type));
1870 putnext(q, mp);
1871 return;
1872 }
1873 ks = (keysock_t *)q->q_ptr;
1874 keystack = ks->keysock_keystack;
1875
1876 ks3dbg(keystack, ("In keysock_wput\n"));
1877
1878 switch (mp->b_datap->db_type) {
1879 case M_DATA:
1880 /*
1881 * Silently discard.
1882 */
1883 ks2dbg(keystack, ("raw M_DATA in keysock.\n"));
1884 freemsg(mp);
1885 return;
1886 case M_PROTO:
1887 case M_PCPROTO:
1888 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) {
1889 if (((union T_primitives *)rptr)->type == T_DATA_REQ) {
1890 if ((mp1 = mp->b_cont) == NULL) {
1891 /* No data after T_DATA_REQ. */
1892 ks2dbg(keystack,
1893 ("No data after DATA_REQ.\n"));
1894 freemsg(mp);
1895 return;
1896 }
1897 freeb(mp);
1898 mp = mp1;
1899 ks2dbg(keystack, ("T_DATA_REQ\n"));
1900 break; /* Out of switch. */
1901 }
1902 }
1903 /* FALLTHRU */
1904 default:
1905 ks3dbg(keystack, ("In default wput case (%d %d).\n",
1906 mp->b_datap->db_type, ((union T_primitives *)rptr)->type));
1907 keysock_wput_other(q, mp);
1908 return;
1909 }
1910
1911 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */
1912 keysock_parse(q, mp);
1913 }
1914
1915 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */
1916
1917 /*
1918 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate
1919 * state vectors.
1920 */
1921 static void
1922 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc)
1923 {
1924 keysock_t *ks;
1925 keysock_stack_t *keystack = kc->kc_keystack;
1926
1927 mutex_enter(&keystack->keystack_consumers_lock);
1928 mutex_enter(&kc->kc_lock);
1929 if (keystack->keystack_consumers[satype] != NULL) {
1930 ks0dbg((
1931 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n",
1932 satype));
1933 /*
1934 * Perhaps updating the new below-me consumer with what I have
1935 * so far would work too?
1936 */
1937 mutex_exit(&kc->kc_lock);
1938 mutex_exit(&keystack->keystack_consumers_lock);
1939 } else {
1940 /* Add new below-me consumer. */
1941 keystack->keystack_consumers[satype] = kc;
1942
1943 kc->kc_flags = 0;
1944 kc->kc_sa_type = satype;
1945 mutex_exit(&kc->kc_lock);
1946 mutex_exit(&keystack->keystack_consumers_lock);
1947
1948 /* Scan the keysock list. */
1949 mutex_enter(&keystack->keystack_list_lock);
1950 for (ks = keystack->keystack_list; ks != NULL;
1951 ks = ks->keysock_next) {
1952 if (KEYSOCK_ISREG(ks, satype)) {
1953 /*
1954 * XXX Perhaps send an SADB_REGISTER down on
1955 * the socket's behalf.
1956 */
1957 ks1dbg(keystack,
1958 ("Socket %u registered already for "
1959 "new consumer.\n", ks->keysock_serial));
1960 }
1961 }
1962 mutex_exit(&keystack->keystack_list_lock);
1963 }
1964 }
1965
1966 /*
1967 * Generate a KEYSOCK_OUT_ERR message for my consumer.
1968 */
1969 static void
1970 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp)
1971 {
1972 keysock_out_err_t *kse;
1973 mblk_t *imp;
1974 keysock_stack_t *keystack = kc->kc_keystack;
1975
1976 imp = allocb(sizeof (ipsec_info_t), BPRI_HI);
1977 if (imp == NULL) {
1978 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n"));
1979 return;
1980 }
1981
1982 imp->b_datap->db_type = M_CTL;
1983 imp->b_wptr += sizeof (ipsec_info_t);
1984
1985 kse = (keysock_out_err_t *)imp->b_rptr;
1986 imp->b_cont = mp;
1987 kse->ks_err_type = KEYSOCK_OUT_ERR;
1988 kse->ks_err_len = sizeof (*kse);
1989 /* Is serial necessary? */
1990 kse->ks_err_serial = 0;
1991 kse->ks_err_errno = ks_errno;
1992
1993 /*
1994 * XXX What else do I need to do here w.r.t. information
1995 * to tell the consumer what caused this error?
1996 *
1997 * I believe the answer is the PF_KEY ACQUIRE (or other) message
1998 * attached in mp, which is appended at the end. I believe the
1999 * db_ref won't matter here, because the PF_KEY message is only read
2000 * for KEYSOCK_OUT_ERR.
2001 */
2002
2003 putnext(kc->kc_wq, imp);
2004 }
2005
2006 /* XXX this is a hack errno. */
2007 #define EIPSECNOSA 255
2008
2009 /*
2010 * Route message (pointed by mp, header in samsg) toward appropriate
2011 * sockets. Assume the message's creator did its job correctly.
2012 *
2013 * This should be a function that is followed by a return in its caller.
2014 * The compiler _should_ be able to use tail-call optimizations to make the
2015 * large ## of parameters not a huge deal.
2016 */
2017 static void
2018 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial,
2019 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack)
2020 {
2021 keysock_t *ks;
2022 uint8_t satype = samsg->sadb_msg_satype;
2023 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE,
2024 setalg = B_FALSE;
2025 mblk_t *mp1;
2026 int err = EIPSECNOSA;
2027
2028 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */
2029 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI);
2030 if (mp1 == NULL) {
2031 err = ENOMEM;
2032 goto error;
2033 }
2034 mp1->b_wptr += sizeof (struct T_data_req);
2035 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND;
2036 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0;
2037 mp1->b_datap->db_type = M_PROTO;
2038 mp1->b_cont = mp;
2039 mp = mp1;
2040
2041 switch (samsg->sadb_msg_type) {
2042 case SADB_FLUSH:
2043 case SADB_GETSPI:
2044 case SADB_UPDATE:
2045 case SADB_X_UPDATEPAIR:
2046 case SADB_ADD:
2047 case SADB_DELETE:
2048 case SADB_X_DELPAIR:
2049 case SADB_EXPIRE:
2050 /*
2051 * These are most likely replies. Don't worry about
2052 * KEYSOCK_OUT_ERR handling. Deliver to all sockets.
2053 */
2054 ks3dbg(keystack,
2055 ("Delivering normal message (%d) to all sockets.\n",
2056 samsg->sadb_msg_type));
2057 toall = B_TRUE;
2058 break;
2059 case SADB_REGISTER:
2060 /*
2061 * REGISTERs come up for one of three reasons:
2062 *
2063 * 1.) In response to a normal SADB_REGISTER
2064 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2065 * serial != 0)
2066 * Deliver to normal SADB_REGISTERed sockets.
2067 * 2.) In response to an extended REGISTER
2068 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
2069 * Deliver to extended REGISTERed socket.
2070 * 3.) Spontaneous algorithm changes
2071 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2072 * serial == 0)
2073 * Deliver to REGISTERed sockets of all sorts.
2074 */
2075 if (kc == NULL) {
2076 /* Here because of keysock_error() call. */
2077 ASSERT(samsg->sadb_msg_errno != 0);
2078 break; /* Out of switch. */
2079 }
2080 ks3dbg(keystack, ("Delivering REGISTER.\n"));
2081 if (satype == SADB_SATYPE_UNSPEC) {
2082 /* REGISTER Reason #2 */
2083 allereg = B_TRUE;
2084 /*
2085 * Rewhack SA type so PF_KEY socket holder knows what
2086 * consumer generated this algorithm list.
2087 */
2088 satype = kc->kc_sa_type;
2089 samsg->sadb_msg_satype = satype;
2090 setalg = B_TRUE;
2091 } else if (serial == 0) {
2092 /* REGISTER Reason #3 */
2093 allreg = B_TRUE;
2094 allereg = B_TRUE;
2095 } else {
2096 /* REGISTER Reason #1 */
2097 allreg = B_TRUE;
2098 setalg = B_TRUE;
2099 }
2100 break;
2101 case SADB_ACQUIRE:
2102 /*
2103 * ACQUIREs are either extended (sadb_msg_satype == 0) or
2104 * regular (sadb_msg_satype != 0). And we're guaranteed
2105 * that serial == 0 for an ACQUIRE.
2106 */
2107 ks3dbg(keystack, ("Delivering ACQUIRE.\n"));
2108 allereg = (satype == SADB_SATYPE_UNSPEC);
2109 allreg = !allereg;
2110 /*
2111 * Corner case - if we send a regular ACQUIRE and there's
2112 * extended ones registered, don't send an error down to
2113 * consumers if nobody's listening and prematurely destroy
2114 * their ACQUIRE record. This might be too hackish of a
2115 * solution.
2116 */
2117 if (allreg && keystack->keystack_num_extended > 0)
2118 err = 0;
2119 break;
2120 case SADB_X_PROMISC:
2121 case SADB_X_INVERSE_ACQUIRE:
2122 case SADB_DUMP:
2123 case SADB_GET:
2124 default:
2125 /*
2126 * Deliver to the sender and promiscuous only.
2127 */
2128 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n",
2129 samsg->sadb_msg_type));
2130 break;
2131 }
2132
2133 mutex_enter(&keystack->keystack_list_lock);
2134 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) {
2135 /* Delivery loop. */
2136
2137 /*
2138 * Check special keysock-setting cases (REGISTER replies)
2139 * here.
2140 */
2141 if (setalg && serial == ks->keysock_serial) {
2142 ASSERT(kc != NULL);
2143 ASSERT(kc->kc_sa_type == satype);
2144 KEYSOCK_SETREG(ks, satype);
2145 }
2146
2147 /*
2148 * NOLOOP takes precedence over PROMISC. So if you've set
2149 * !SO_USELOOPBACK, don't expect to see any data...
2150 */
2151 if (ks->keysock_flags & KEYSOCK_NOLOOP)
2152 continue;
2153
2154 /*
2155 * Messages to all, or promiscuous sockets just GET the
2156 * message. Perform rules-type checking iff it's not for all
2157 * listeners or the socket is in promiscuous mode.
2158 *
2159 * NOTE:Because of the (kc != NULL && ISREG()), make sure
2160 * extended ACQUIREs arrive off a consumer that is
2161 * part of the extended REGISTER set of consumers.
2162 */
2163 if (serial != ks->keysock_serial &&
2164 !toall &&
2165 !(ks->keysock_flags & KEYSOCK_PROMISC) &&
2166 !((ks->keysock_flags & KEYSOCK_EXTENDED) ?
2167 allereg : allreg && kc != NULL &&
2168 KEYSOCK_ISREG(ks, kc->kc_sa_type)))
2169 continue;
2170
2171 mp1 = dupmsg(mp);
2172 if (mp1 == NULL) {
2173 ks2dbg(keystack, (
2174 "keysock_passup(): dupmsg() failed.\n"));
2175 mp1 = mp;
2176 mp = NULL;
2177 err = ENOMEM;
2178 }
2179
2180 /*
2181 * At this point, we can deliver or attempt to deliver
2182 * this message. We're free of obligation to report
2183 * no listening PF_KEY sockets. So set err to 0.
2184 */
2185 err = 0;
2186
2187 /*
2188 * See if we canputnext(), as well as see if the message
2189 * needs to be queued if we can't.
2190 */
2191 if (!canputnext(ks->keysock_rq)) {
2192 if (persistent) {
2193 if (putq(ks->keysock_rq, mp1) == 0) {
2194 ks1dbg(keystack, (
2195 "keysock_passup: putq failed.\n"));
2196 } else {
2197 continue;
2198 }
2199 }
2200 freemsg(mp1);
2201 continue;
2202 }
2203
2204 ks3dbg(keystack,
2205 ("Putting to serial %d.\n", ks->keysock_serial));
2206 /*
2207 * Unlike the specific keysock instance case, this
2208 * will only hit for listeners, so we will only
2209 * putnext() if we can.
2210 */
2211 putnext(ks->keysock_rq, mp1);
2212 if (mp == NULL)
2213 break; /* out of for loop. */
2214 }
2215 mutex_exit(&keystack->keystack_list_lock);
2216
2217 error:
2218 if ((err != 0) && (kc != NULL)) {
2219 /*
2220 * Generate KEYSOCK_OUT_ERR for consumer.
2221 * Basically, I send this back if I have not been able to
2222 * transmit (for whatever reason)
2223 */
2224 ks1dbg(keystack,
2225 ("keysock_passup(): No registered of type %d.\n",
2226 satype));
2227 if (mp != NULL) {
2228 if (mp->b_datap->db_type == M_PROTO) {
2229 mp1 = mp;
2230 mp = mp->b_cont;
2231 freeb(mp1);
2232 }
2233 /*
2234 * Do a copymsg() because people who get
2235 * KEYSOCK_OUT_ERR may alter the message contents.
2236 */
2237 mp1 = copymsg(mp);
2238 if (mp1 == NULL) {
2239 ks2dbg(keystack,
2240 ("keysock_passup: copymsg() failed.\n"));
2241 mp1 = mp;
2242 mp = NULL;
2243 }
2244 keysock_out_err(kc, err, mp1);
2245 }
2246 }
2247
2248 /*
2249 * XXX Blank the message somehow. This is difficult because we don't
2250 * know at this point if the message has db_ref > 1, etc.
2251 *
2252 * Optimally, keysock messages containing actual keying material would
2253 * be allocated with esballoc(), with a zeroing free function.
2254 */
2255 if (mp != NULL)
2256 freemsg(mp);
2257 }
2258
2259 /*
2260 * Keysock's read service procedure is there only for PF_KEY reply
2261 * messages that really need to reach the top.
2262 */
2263 static void
2264 keysock_rsrv(queue_t *q)
2265 {
2266 mblk_t *mp;
2267
2268 while ((mp = getq(q)) != NULL) {
2269 if (canputnext(q)) {
2270 putnext(q, mp);
2271 } else {
2272 (void) putbq(q, mp);
2273 return;
2274 }
2275 }
2276 }
2277
2278 /*
2279 * The read procedure should only be invoked by a keysock consumer, like
2280 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK
2281 * messages on my read queues.
2282 */
2283 static void
2284 keysock_rput(queue_t *q, mblk_t *mp)
2285 {
2286 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
2287 ipsec_info_t *ii;
2288 keysock_hello_ack_t *ksa;
2289 minor_t serial;
2290 mblk_t *mp1;
2291 sadb_msg_t *samsg;
2292 keysock_stack_t *keystack = kc->kc_keystack;
2293
2294 /* Make sure I'm a consumer instance. (i.e. something's below me) */
2295 ASSERT(WR(q)->q_next != NULL);
2296
2297 if (mp->b_datap->db_type != M_CTL) {
2298 /*
2299 * Keysock should only see keysock consumer interface
2300 * messages (see ipsec_info.h) on its read procedure.
2301 * To be robust, however, putnext() up so the STREAM head can
2302 * deal with it appropriately.
2303 */
2304 ks1dbg(keystack,
2305 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n",
2306 mp->b_datap->db_type, mp->b_datap->db_type));
2307 putnext(q, mp);
2308 return;
2309 }
2310
2311 ii = (ipsec_info_t *)mp->b_rptr;
2312
2313 switch (ii->ipsec_info_type) {
2314 case KEYSOCK_OUT:
2315 /*
2316 * A consumer needs to pass a response message or an ACQUIRE
2317 * UP. I assume that the consumer has done the right
2318 * thing w.r.t. message creation, etc.
2319 */
2320 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial;
2321 mp1 = mp->b_cont; /* Get M_DATA portion. */
2322 freeb(mp);
2323 samsg = (sadb_msg_t *)mp1->b_rptr;
2324 if (samsg->sadb_msg_type == SADB_FLUSH ||
2325 (samsg->sadb_msg_type == SADB_DUMP &&
2326 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) {
2327 /*
2328 * If I'm an end-of-FLUSH or an end-of-DUMP marker...
2329 */
2330 ASSERT(keystack->keystack_flushdump != 0);
2331 /* Am I flushing? */
2332
2333 mutex_enter(&kc->kc_lock);
2334 kc->kc_flags &= ~KC_FLUSHING;
2335 mutex_exit(&kc->kc_lock);
2336
2337 if (samsg->sadb_msg_errno != 0)
2338 keystack->keystack_flushdump_errno =
2339 samsg->sadb_msg_errno;
2340
2341 /*
2342 * Lower the atomic "flushing" count. If it's
2343 * the last one, send up the end-of-{FLUSH,DUMP} to
2344 * the appropriate PF_KEY socket.
2345 */
2346 if (atomic_dec_32_nv(&keystack->keystack_flushdump) !=
2347 0) {
2348 ks1dbg(keystack,
2349 ("One flush/dump message back from %d,"
2350 " more to go.\n", samsg->sadb_msg_satype));
2351 freemsg(mp1);
2352 return;
2353 }
2354
2355 samsg->sadb_msg_errno =
2356 (uint8_t)keystack->keystack_flushdump_errno;
2357 if (samsg->sadb_msg_type == SADB_DUMP) {
2358 samsg->sadb_msg_seq = 0;
2359 }
2360 }
2361 keysock_passup(mp1, samsg, serial, kc,
2362 (samsg->sadb_msg_type == SADB_DUMP), keystack);
2363 return;
2364 case KEYSOCK_HELLO_ACK:
2365 /* Aha, now we can link in the consumer! */
2366 ksa = (keysock_hello_ack_t *)ii;
2367 keysock_link_consumer(ksa->ks_hello_satype, kc);
2368 freemsg(mp);
2369 return;
2370 default:
2371 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n",
2372 ii->ipsec_info_type));
2373 putnext(q, mp);
2374 }
2375 }
2376
2377 /*
2378 * So we can avoid external linking problems....
2379 */
2380 boolean_t
2381 keysock_extended_reg(netstack_t *ns)
2382 {
2383 keysock_stack_t *keystack = ns->netstack_keysock;
2384
2385 return (keystack->keystack_num_extended != 0);
2386 }
2387
2388 uint32_t
2389 keysock_next_seq(netstack_t *ns)
2390 {
2391 keysock_stack_t *keystack = ns->netstack_keysock;
2392
2393 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq));
2394 }