1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /*
26 * Copyright 2017 Joyent, Inc.
27 */
28
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/stream.h>
32 #include <sys/strsubr.h>
33 #include <sys/strsun.h>
34 #include <sys/stropts.h>
35 #include <sys/vnode.h>
36 #include <sys/zone.h>
37 #include <sys/strlog.h>
38 #include <sys/sysmacros.h>
39 #define _SUN_TPI_VERSION 2
40 #include <sys/tihdr.h>
41 #include <sys/timod.h>
42 #include <sys/tiuser.h>
43 #include <sys/ddi.h>
44 #include <sys/sunddi.h>
45 #include <sys/sunldi.h>
46 #include <sys/file.h>
47 #include <sys/modctl.h>
48 #include <sys/debug.h>
49 #include <sys/kmem.h>
50 #include <sys/cmn_err.h>
51 #include <sys/proc.h>
52 #include <sys/suntpi.h>
53 #include <sys/atomic.h>
54 #include <sys/mkdev.h>
55 #include <sys/policy.h>
56 #include <sys/disp.h>
57
58 #include <sys/socket.h>
59 #include <netinet/in.h>
60 #include <net/pfkeyv2.h>
61
62 #include <inet/common.h>
63 #include <netinet/ip6.h>
64 #include <inet/ip.h>
65 #include <inet/proto_set.h>
66 #include <inet/nd.h>
67 #include <inet/optcom.h>
68 #include <inet/ipsec_info.h>
69 #include <inet/ipsec_impl.h>
70 #include <inet/keysock.h>
71
72 #include <sys/isa_defs.h>
73
74 /*
75 * This is a transport provider for the PF_KEY key mangement socket.
76 * (See RFC 2367 for details.)
77 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN
78 * messages (see ipsec_info.h), and passed to the appropriate consumer.
79 * Upstream messages are generated for all open PF_KEY sockets, when
80 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled)
81 * in reply to downstream messages.
82 *
83 * Upstream messages must be created asynchronously for the following
84 * situations:
85 *
86 * 1.) A keysock consumer requires an SA, and there is currently none.
87 * 2.) An SA expires, either hard or soft lifetime.
88 * 3.) Other events a consumer deems fit.
89 *
90 * The MT model of this is PERMOD, with shared put procedures. Two types of
91 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send
92 * down the *multiple* messages they create.
93 */
94
95 static vmem_t *keysock_vmem; /* for minor numbers. */
96
97 #define KEYSOCK_MAX_CONSUMERS 256
98
99 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */
100 static struct T_info_ack keysock_g_t_info_ack = {
101 T_INFO_ACK,
102 T_INFINITE, /* TSDU_size. Maximum size messages. */
103 T_INVALID, /* ETSDU_size. No expedited data. */
104 T_INVALID, /* CDATA_size. No connect data. */
105 T_INVALID, /* DDATA_size. No disconnect data. */
106 0, /* ADDR_size. */
107 0, /* OPT_size. No user-settable options */
108 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */
109 T_COTS, /* SERV_type. keysock supports connection oriented. */
110 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */
111 (XPG4_1) /* Provider flags */
112 };
113
114 /* Named Dispatch Parameter Management Structure */
115 typedef struct keysockparam_s {
116 uint_t keysock_param_min;
117 uint_t keysock_param_max;
118 uint_t keysock_param_value;
119 char *keysock_param_name;
120 } keysockparam_t;
121
122 /*
123 * Table of NDD variables supported by keysock. These are loaded into
124 * keysock_g_nd in keysock_init_nd.
125 * All of these are alterable, within the min/max values given, at run time.
126 */
127 static keysockparam_t lcl_param_arr[] = {
128 /* min max value name */
129 { 4096, 65536, 8192, "keysock_xmit_hiwat"},
130 { 0, 65536, 1024, "keysock_xmit_lowat"},
131 { 4096, 65536, 8192, "keysock_recv_hiwat"},
132 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"},
133 { 0, 3, 0, "keysock_debug"},
134 };
135 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value
136 #define keystack_xmit_lowat keystack_params[1].keysock_param_value
137 #define keystack_recv_hiwat keystack_params[2].keysock_param_value
138 #define keystack_max_buf keystack_params[3].keysock_param_value
139 #define keystack_debug keystack_params[4].keysock_param_value
140
141 #define ks0dbg(a) printf a
142 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
143 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a
144 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a
145 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a
146
147 static int keysock_close(queue_t *);
148 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *);
149 static void keysock_wput(queue_t *, mblk_t *);
150 static void keysock_rput(queue_t *, mblk_t *);
151 static void keysock_rsrv(queue_t *);
152 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t,
153 keysock_consumer_t *, boolean_t, keysock_stack_t *);
154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns);
155 static void keysock_stack_fini(netstackid_t stackid, void *arg);
156
157 static struct module_info info = {
158 5138, "keysock", 1, INFPSZ, 512, 128
159 };
160
161 static struct qinit rinit = {
162 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close,
163 NULL, &info
164 };
165
166 static struct qinit winit = {
167 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info
168 };
169
170 struct streamtab keysockinfo = {
171 &rinit, &winit
172 };
173
174 extern struct modlinkage *keysock_modlp;
175
176 /*
177 * Plumb IPsec.
178 *
179 * NOTE: New "default" modules will need to be loaded here if needed before
180 * boot time.
181 */
182
183 /* Keep these in global space to keep the lint from complaining. */
184 static char *IPSECESP = "ipsecesp";
185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp";
186 static char *IPSECAH = "ipsecah";
187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah";
188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6";
189 static char *KEYSOCK = "keysock";
190 static char *STRMOD = "strmod";
191
192 /*
193 * Load the other ipsec modules and plumb them together.
194 */
195 int
196 keysock_plumb_ipsec(netstack_t *ns)
197 {
198 ldi_handle_t lh, ip6_lh = NULL;
199 ldi_ident_t li = NULL;
200 int err = 0;
201 int muxid, rval;
202 boolean_t esp_present = B_TRUE;
203 cred_t *cr;
204 keysock_stack_t *keystack = ns->netstack_keysock;
205
206 #ifdef NS_DEBUG
207 (void) printf("keysock_plumb_ipsec(%d)\n",
208 ns->netstack_stackid);
209 #endif
210
211 keystack->keystack_plumbed = 0; /* we're trying again.. */
212
213 cr = zone_get_kcred(netstackid_to_zoneid(
214 keystack->keystack_netstack->netstack_stackid));
215 ASSERT(cr != NULL);
216 /*
217 * Load up the drivers (AH/ESP).
218 *
219 * I do this separately from the actual plumbing in case this function
220 * ever gets called from a diskless boot before the root filesystem is
221 * up. I don't have to worry about "keysock" because, well, if I'm
222 * here, keysock must've loaded successfully.
223 */
224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) {
225 ks0dbg(("IPsec: AH failed to attach.\n"));
226 goto bail;
227 }
228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) {
229 ks0dbg(("IPsec: ESP failed to attach.\n"));
230 esp_present = B_FALSE;
231 }
232
233 /*
234 * Set up the IP streams for AH and ESP, as well as tacking keysock
235 * on top of them. Assume keysock has set the autopushes up already.
236 */
237
238 /* Open IP. */
239 err = ldi_ident_from_mod(keysock_modlp, &li);
240 if (err) {
241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n",
242 err));
243 goto bail;
244 }
245
246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li);
247 if (err) {
248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err));
249 goto bail;
250 }
251
252 /* PLINK KEYSOCK/AH */
253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li);
254 if (err) {
255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err));
256 goto bail;
257 }
258 err = ldi_ioctl(lh,
259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
260 if (err) {
261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n",
262 err));
263 (void) ldi_close(lh, FREAD|FWRITE, cr);
264 goto bail;
265 }
266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
268 if (err) {
269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err));
270 (void) ldi_close(lh, FREAD|FWRITE, cr);
271 goto bail;
272 }
273 (void) ldi_close(lh, FREAD|FWRITE, cr);
274
275 /* PLINK KEYSOCK/ESP */
276 if (esp_present) {
277 err = ldi_open_by_name(IPSECESPDEV,
278 FREAD|FWRITE, cr, &lh, li);
279 if (err) {
280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err));
281 goto bail;
282 }
283 err = ldi_ioctl(lh,
284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
285 if (err) {
286 ks0dbg(("IPsec: "
287 "Push of KEYSOCK onto ESP failed (err %d).\n",
288 err));
289 (void) ldi_close(lh, FREAD|FWRITE, cr);
290 goto bail;
291 }
292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
294 if (err) {
295 ks0dbg(("IPsec: "
296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err));
297 (void) ldi_close(lh, FREAD|FWRITE, cr);
298 goto bail;
299 }
300 (void) ldi_close(lh, FREAD|FWRITE, cr);
301 }
302
303 bail:
304 keystack->keystack_plumbed = (err == 0) ? 1 : -1;
305 if (ip6_lh != NULL) {
306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr);
307 }
308 if (li != NULL)
309 ldi_ident_release(li);
310 #ifdef NS_DEBUG
311 (void) printf("keysock_plumb_ipsec -> %d\n",
312 keystack->keystack_plumbed);
313 #endif
314 crfree(cr);
315 return (err);
316 }
317
318 /* ARGSUSED */
319 static int
320 keysock_param_get(q, mp, cp, cr)
321 queue_t *q;
322 mblk_t *mp;
323 caddr_t cp;
324 cred_t *cr;
325 {
326 keysockparam_t *keysockpa = (keysockparam_t *)cp;
327 uint_t value;
328 keysock_t *ks = (keysock_t *)q->q_ptr;
329 keysock_stack_t *keystack = ks->keysock_keystack;
330
331 mutex_enter(&keystack->keystack_param_lock);
332 value = keysockpa->keysock_param_value;
333 mutex_exit(&keystack->keystack_param_lock);
334
335 (void) mi_mpprintf(mp, "%u", value);
336 return (0);
337 }
338
339 /* This routine sets an NDD variable in a keysockparam_t structure. */
340 /* ARGSUSED */
341 static int
342 keysock_param_set(q, mp, value, cp, cr)
343 queue_t *q;
344 mblk_t *mp;
345 char *value;
346 caddr_t cp;
347 cred_t *cr;
348 {
349 ulong_t new_value;
350 keysockparam_t *keysockpa = (keysockparam_t *)cp;
351 keysock_t *ks = (keysock_t *)q->q_ptr;
352 keysock_stack_t *keystack = ks->keysock_keystack;
353
354 /* Convert the value from a string into a long integer. */
355 if (ddi_strtoul(value, NULL, 10, &new_value) != 0)
356 return (EINVAL);
357
358 mutex_enter(&keystack->keystack_param_lock);
359 /*
360 * Fail the request if the new value does not lie within the
361 * required bounds.
362 */
363 if (new_value < keysockpa->keysock_param_min ||
364 new_value > keysockpa->keysock_param_max) {
365 mutex_exit(&keystack->keystack_param_lock);
366 return (EINVAL);
367 }
368
369 /* Set the new value */
370 keysockpa->keysock_param_value = new_value;
371 mutex_exit(&keystack->keystack_param_lock);
372
373 return (0);
374 }
375
376 /*
377 * Initialize keysock at module load time
378 */
379 boolean_t
380 keysock_ddi_init(void)
381 {
382 keysock_max_optsize = optcom_max_optsize(
383 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt);
384
385 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1,
386 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER);
387
388 /*
389 * We want to be informed each time a stack is created or
390 * destroyed in the kernel, so we can maintain the
391 * set of keysock_stack_t's.
392 */
393 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL,
394 keysock_stack_fini);
395
396 return (B_TRUE);
397 }
398
399 /*
400 * Walk through the param array specified registering each element with the
401 * named dispatch handler.
402 */
403 static boolean_t
404 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt)
405 {
406 for (; cnt-- > 0; ksp++) {
407 if (ksp->keysock_param_name != NULL &&
408 ksp->keysock_param_name[0]) {
409 if (!nd_load(ndp,
410 ksp->keysock_param_name,
411 keysock_param_get, keysock_param_set,
412 (caddr_t)ksp)) {
413 nd_free(ndp);
414 return (B_FALSE);
415 }
416 }
417 }
418 return (B_TRUE);
419 }
420
421 /*
422 * Initialize keysock for one stack instance
423 */
424 /* ARGSUSED */
425 static void *
426 keysock_stack_init(netstackid_t stackid, netstack_t *ns)
427 {
428 keysock_stack_t *keystack;
429 keysockparam_t *ksp;
430
431 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP);
432 keystack->keystack_netstack = ns;
433
434 keystack->keystack_acquire_seq = 0xffffffff;
435
436 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
437 keystack->keystack_params = ksp;
438 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr));
439
440 (void) keysock_param_register(&keystack->keystack_g_nd, ksp,
441 A_CNT(lcl_param_arr));
442
443 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL);
444 mutex_init(&keystack->keystack_consumers_lock,
445 NULL, MUTEX_DEFAULT, NULL);
446 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL);
447 return (keystack);
448 }
449
450 /*
451 * Free NDD variable space, and other destructors, for keysock.
452 */
453 void
454 keysock_ddi_destroy(void)
455 {
456 netstack_unregister(NS_KEYSOCK);
457 vmem_destroy(keysock_vmem);
458 }
459
460 /*
461 * Remove one stack instance from keysock
462 */
463 /* ARGSUSED */
464 static void
465 keysock_stack_fini(netstackid_t stackid, void *arg)
466 {
467 keysock_stack_t *keystack = (keysock_stack_t *)arg;
468
469 nd_free(&keystack->keystack_g_nd);
470 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr));
471 keystack->keystack_params = NULL;
472
473 mutex_destroy(&keystack->keystack_list_lock);
474 mutex_destroy(&keystack->keystack_consumers_lock);
475 mutex_destroy(&keystack->keystack_param_lock);
476
477 kmem_free(keystack, sizeof (*keystack));
478 }
479
480 /*
481 * Close routine for keysock.
482 */
483 static int
484 keysock_close(queue_t *q)
485 {
486 keysock_t *ks;
487 keysock_consumer_t *kc;
488 void *ptr = q->q_ptr;
489 int size;
490 keysock_stack_t *keystack;
491
492
493 qprocsoff(q);
494
495 /* Safe assumption. */
496 ASSERT(ptr != NULL);
497
498 if (WR(q)->q_next) {
499 kc = (keysock_consumer_t *)ptr;
500 keystack = kc->kc_keystack;
501
502 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n",
503 kc->kc_sa_type));
504 /*
505 * Because of PERMOD open/close exclusive perimeter, I
506 * can inspect KC_FLUSHING w/o locking down kc->kc_lock.
507 */
508 if (kc->kc_flags & KC_FLUSHING) {
509 /*
510 * If this decrement was the last one, send
511 * down the next pending one, if any.
512 *
513 * With a PERMOD perimeter, the mutexes ops aren't
514 * really necessary, but if we ever loosen up, we will
515 * have this bit covered already.
516 */
517 keystack->keystack_flushdump--;
518 if (keystack->keystack_flushdump == 0) {
519 /*
520 * The flush/dump terminated by having a
521 * consumer go away. I need to send up to the
522 * appropriate keysock all of the relevant
523 * information. Unfortunately, I don't
524 * have that handy.
525 */
526 ks0dbg(("Consumer went away while flushing or"
527 " dumping.\n"));
528 }
529 }
530 size = sizeof (keysock_consumer_t);
531 mutex_enter(&keystack->keystack_consumers_lock);
532 keystack->keystack_consumers[kc->kc_sa_type] = NULL;
533 mutex_exit(&keystack->keystack_consumers_lock);
534 mutex_destroy(&kc->kc_lock);
535 netstack_rele(kc->kc_keystack->keystack_netstack);
536 } else {
537 ks = (keysock_t *)ptr;
538 keystack = ks->keysock_keystack;
539
540 ks3dbg(keystack,
541 ("Driver close, PF_KEY socket is going away.\n"));
542 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0)
543 atomic_dec_32(&keystack->keystack_num_extended);
544 size = sizeof (keysock_t);
545 mutex_enter(&keystack->keystack_list_lock);
546 *(ks->keysock_ptpn) = ks->keysock_next;
547 if (ks->keysock_next != NULL)
548 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn;
549 mutex_exit(&keystack->keystack_list_lock);
550 mutex_destroy(&ks->keysock_lock);
551 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial,
552 1);
553 netstack_rele(ks->keysock_keystack->keystack_netstack);
554 }
555
556 /* Now I'm free. */
557 kmem_free(ptr, size);
558 return (0);
559 }
560 /*
561 * Open routine for keysock.
562 */
563 /* ARGSUSED */
564 static int
565 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
566 {
567 keysock_t *ks;
568 keysock_consumer_t *kc;
569 mblk_t *mp;
570 ipsec_info_t *ii;
571 netstack_t *ns;
572 keysock_stack_t *keystack;
573
574 if (secpolicy_ip_config(credp, B_FALSE) != 0) {
575 /* Privilege debugging will log the error */
576 return (EPERM);
577 }
578
579 if (q->q_ptr != NULL)
580 return (0); /* Re-open of an already open instance. */
581
582 ns = netstack_find_by_cred(credp);
583 ASSERT(ns != NULL);
584 keystack = ns->netstack_keysock;
585 ASSERT(keystack != NULL);
586
587 ks3dbg(keystack, ("Entering keysock open.\n"));
588
589 if (keystack->keystack_plumbed < 1) {
590 netstack_t *ns = keystack->keystack_netstack;
591
592 keystack->keystack_plumbed = 0;
593 #ifdef NS_DEBUG
594 printf("keysock_open(%d) - plumb\n",
595 keystack->keystack_netstack->netstack_stackid);
596 #endif
597 /*
598 * Don't worry about ipsec_failure being true here.
599 * (See ip.c). An open of keysock should try and force
600 * the issue. Maybe it was a transient failure.
601 */
602 ipsec_loader_loadnow(ns->netstack_ipsec);
603 }
604
605 if (sflag & MODOPEN) {
606 /* Initialize keysock_consumer state here. */
607 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP);
608 if (kc == NULL) {
609 netstack_rele(keystack->keystack_netstack);
610 return (ENOMEM);
611 }
612 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0);
613 kc->kc_rq = q;
614 kc->kc_wq = WR(q);
615
616 q->q_ptr = kc;
617 WR(q)->q_ptr = kc;
618
619 kc->kc_keystack = keystack;
620 qprocson(q);
621
622 /*
623 * Send down initial message to whatever I was pushed on top
624 * of asking for its consumer type. The reply will set it.
625 */
626
627 /* Allocate it. */
628 mp = allocb(sizeof (ipsec_info_t), BPRI_HI);
629 if (mp == NULL) {
630 ks1dbg(keystack, (
631 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n"));
632 /* Do I need to set these to null? */
633 q->q_ptr = NULL;
634 WR(q)->q_ptr = NULL;
635 mutex_destroy(&kc->kc_lock);
636 kmem_free(kc, sizeof (*kc));
637 netstack_rele(keystack->keystack_netstack);
638 return (ENOMEM);
639 }
640
641 /* If I allocated okay, putnext to what I was pushed atop. */
642 mp->b_wptr += sizeof (ipsec_info_t);
643 mp->b_datap->db_type = M_CTL;
644 ii = (ipsec_info_t *)mp->b_rptr;
645 ii->ipsec_info_type = KEYSOCK_HELLO;
646 /* Length only of type/len. */
647 ii->ipsec_info_len = sizeof (ii->ipsec_allu);
648 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n"));
649 putnext(kc->kc_wq, mp);
650 } else {
651 minor_t ksminor;
652
653 /* Initialize keysock state. */
654
655 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n"));
656
657 ksminor = (minor_t)(uintptr_t)
658 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP);
659 if (ksminor == 0) {
660 netstack_rele(keystack->keystack_netstack);
661 return (ENOMEM);
662 }
663 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP);
664 if (ks == NULL) {
665 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1);
666 netstack_rele(keystack->keystack_netstack);
667 return (ENOMEM);
668 }
669
670 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0);
671 ks->keysock_rq = q;
672 ks->keysock_wq = WR(q);
673 ks->keysock_state = TS_UNBND;
674 ks->keysock_serial = ksminor;
675
676 q->q_ptr = ks;
677 WR(q)->q_ptr = ks;
678 ks->keysock_keystack = keystack;
679
680 /*
681 * The receive hiwat is only looked at on the stream head
682 * queue. Store in q_hiwat in order to return on SO_RCVBUF
683 * getsockopts.
684 */
685
686 q->q_hiwat = keystack->keystack_recv_hiwat;
687
688 /*
689 * The transmit hiwat/lowat is only looked at on IP's queue.
690 * Store in q_hiwat/q_lowat in order to return on
691 * SO_SNDBUF/SO_SNDLOWAT getsockopts.
692 */
693
694 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat;
695 WR(q)->q_lowat = keystack->keystack_xmit_lowat;
696
697 *devp = makedevice(getmajor(*devp), ksminor);
698
699 /*
700 * Thread keysock into the global keysock list.
701 */
702 mutex_enter(&keystack->keystack_list_lock);
703 ks->keysock_next = keystack->keystack_list;
704 ks->keysock_ptpn = &keystack->keystack_list;
705 if (keystack->keystack_list != NULL) {
706 keystack->keystack_list->keysock_ptpn =
707 &ks->keysock_next;
708 }
709 keystack->keystack_list = ks;
710 mutex_exit(&keystack->keystack_list_lock);
711
712 qprocson(q);
713 (void) proto_set_rx_hiwat(q, NULL,
714 keystack->keystack_recv_hiwat);
715 /*
716 * Wait outside the keysock module perimeter for IPsec
717 * plumbing to be completed. If it fails, keysock_close()
718 * undoes everything we just did.
719 */
720 if (!ipsec_loader_wait(q,
721 keystack->keystack_netstack->netstack_ipsec)) {
722 (void) keysock_close(q);
723 return (EPFNOSUPPORT);
724 }
725 }
726
727 return (0);
728 }
729
730 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */
731
732 /*
733 * Copy relevant state bits.
734 */
735 static void
736 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks)
737 {
738 *tap = keysock_g_t_info_ack;
739 tap->CURRENT_state = ks->keysock_state;
740 tap->OPT_size = keysock_max_optsize;
741 }
742
743 /*
744 * This routine responds to T_CAPABILITY_REQ messages. It is called by
745 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from
746 * keysock_g_t_info_ack. The current state of the stream is copied from
747 * keysock_state.
748 */
749 static void
750 keysock_capability_req(queue_t *q, mblk_t *mp)
751 {
752 keysock_t *ks = (keysock_t *)q->q_ptr;
753 t_uscalar_t cap_bits1;
754 struct T_capability_ack *tcap;
755
756 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
757
758 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
759 mp->b_datap->db_type, T_CAPABILITY_ACK);
760 if (mp == NULL)
761 return;
762
763 tcap = (struct T_capability_ack *)mp->b_rptr;
764 tcap->CAP_bits1 = 0;
765
766 if (cap_bits1 & TC1_INFO) {
767 keysock_copy_info(&tcap->INFO_ack, ks);
768 tcap->CAP_bits1 |= TC1_INFO;
769 }
770
771 qreply(q, mp);
772 }
773
774 /*
775 * This routine responds to T_INFO_REQ messages. It is called by
776 * keysock_wput_other.
777 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack.
778 * The current state of the stream is copied from keysock_state.
779 */
780 static void
781 keysock_info_req(q, mp)
782 queue_t *q;
783 mblk_t *mp;
784 {
785 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO,
786 T_INFO_ACK);
787 if (mp == NULL)
788 return;
789 keysock_copy_info((struct T_info_ack *)mp->b_rptr,
790 (keysock_t *)q->q_ptr);
791 qreply(q, mp);
792 }
793
794 /*
795 * keysock_err_ack. This routine creates a
796 * T_ERROR_ACK message and passes it
797 * upstream.
798 */
799 static void
800 keysock_err_ack(q, mp, t_error, sys_error)
801 queue_t *q;
802 mblk_t *mp;
803 int t_error;
804 int sys_error;
805 {
806 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL)
807 qreply(q, mp);
808 }
809
810 /*
811 * This routine retrieves the current status of socket options.
812 * It returns the size of the option retrieved.
813 */
814 /* ARGSUSED */
815 int
816 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr)
817 {
818 int *i1 = (int *)ptr;
819 keysock_t *ks = (keysock_t *)q->q_ptr;
820
821 switch (level) {
822 case SOL_SOCKET:
823 mutex_enter(&ks->keysock_lock);
824 switch (name) {
825 case SO_TYPE:
826 *i1 = SOCK_RAW;
827 break;
828 case SO_USELOOPBACK:
829 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) ==
830 KEYSOCK_NOLOOP));
831 break;
832 /*
833 * The following two items can be manipulated,
834 * but changing them should do nothing.
835 */
836 case SO_SNDBUF:
837 *i1 = (int)q->q_hiwat;
838 break;
839 case SO_RCVBUF:
840 *i1 = (int)(RD(q)->q_hiwat);
841 break;
842 }
843 mutex_exit(&ks->keysock_lock);
844 break;
845 default:
846 return (0);
847 }
848 return (sizeof (int));
849 }
850
851 /*
852 * This routine sets socket options.
853 */
854 /* ARGSUSED */
855 int
856 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level,
857 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp,
858 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr)
859 {
860 int *i1 = (int *)invalp, errno = 0;
861 keysock_t *ks = (keysock_t *)q->q_ptr;
862 keysock_stack_t *keystack = ks->keysock_keystack;
863
864 switch (level) {
865 case SOL_SOCKET:
866 mutex_enter(&ks->keysock_lock);
867 switch (name) {
868 case SO_USELOOPBACK:
869 if (!(*i1))
870 ks->keysock_flags |= KEYSOCK_NOLOOP;
871 else ks->keysock_flags &= ~KEYSOCK_NOLOOP;
872 break;
873 case SO_SNDBUF:
874 if (*i1 > keystack->keystack_max_buf)
875 errno = ENOBUFS;
876 else q->q_hiwat = *i1;
877 break;
878 case SO_RCVBUF:
879 if (*i1 > keystack->keystack_max_buf) {
880 errno = ENOBUFS;
881 } else {
882 RD(q)->q_hiwat = *i1;
883 (void) proto_set_rx_hiwat(RD(q), NULL, *i1);
884 }
885 break;
886 default:
887 errno = EINVAL;
888 }
889 mutex_exit(&ks->keysock_lock);
890 break;
891 default:
892 errno = EINVAL;
893 }
894 return (errno);
895 }
896
897 /*
898 * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and
899 * PF_POLICY.
900 */
901 void
902 keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family)
903 {
904 mblk_t *mp1;
905 STRUCT_HANDLE(strbuf, sb);
906 /* What size of sockaddr do we need? */
907 const uint_t addrlen = sizeof (struct sockaddr);
908
909 /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */
910 switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) {
911 case TI_GETMYNAME:
912 case TI_GETPEERNAME:
913 break;
914 default:
915 freemsg(mp);
916 return;
917 }
918
919 switch (mi_copy_state(q, mp, &mp1)) {
920 case -1:
921 return;
922 case MI_COPY_CASE(MI_COPY_IN, 1):
923 break;
924 case MI_COPY_CASE(MI_COPY_OUT, 1):
925 /*
926 * The address has been copied out, so now
927 * copyout the strbuf.
928 */
929 mi_copyout(q, mp);
930 return;
931 case MI_COPY_CASE(MI_COPY_OUT, 2):
932 /*
933 * The address and strbuf have been copied out.
934 * We're done, so just acknowledge the original
935 * M_IOCTL.
936 */
937 mi_copy_done(q, mp, 0);
938 return;
939 default:
940 /*
941 * Something strange has happened, so acknowledge
942 * the original M_IOCTL with an EPROTO error.
943 */
944 mi_copy_done(q, mp, EPROTO);
945 return;
946 }
947
948 /*
949 * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we
950 * copyout the requested address and then we'll copyout the strbuf.
951 * Regardless of sockname or peername, we just return a sockaddr with
952 * sa_family set.
953 */
954 STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag,
955 (void *)mp1->b_rptr);
956
957 if (STRUCT_FGET(sb, maxlen) < addrlen) {
958 mi_copy_done(q, mp, EINVAL);
959 return;
960 }
961
962 mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE);
963 if (mp1 == NULL)
964 return;
965
966 STRUCT_FSET(sb, len, addrlen);
967 ((struct sockaddr *)mp1->b_wptr)->sa_family = family;
968 mp1->b_wptr += addrlen;
969 mi_copyout(q, mp);
970 }
971
972 /*
973 * Handle STREAMS messages.
974 */
975 static void
976 keysock_wput_other(queue_t *q, mblk_t *mp)
977 {
978 struct iocblk *iocp;
979 int error;
980 keysock_t *ks = (keysock_t *)q->q_ptr;
981 keysock_stack_t *keystack = ks->keysock_keystack;
982 cred_t *cr;
983
984 switch (mp->b_datap->db_type) {
985 case M_PROTO:
986 case M_PCPROTO:
987 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) {
988 ks3dbg(keystack, (
989 "keysock_wput_other: Not big enough M_PROTO\n"));
990 freemsg(mp);
991 return;
992 }
993 switch (((union T_primitives *)mp->b_rptr)->type) {
994 case T_CAPABILITY_REQ:
995 keysock_capability_req(q, mp);
996 break;
997 case T_INFO_REQ:
998 keysock_info_req(q, mp);
999 break;
1000 case T_SVR4_OPTMGMT_REQ:
1001 case T_OPTMGMT_REQ:
1002 /*
1003 * All Solaris components should pass a db_credp
1004 * for this TPI message, hence we ASSERT.
1005 * But in case there is some other M_PROTO that looks
1006 * like a TPI message sent by some other kernel
1007 * component, we check and return an error.
1008 */
1009 cr = msg_getcred(mp, NULL);
1010 ASSERT(cr != NULL);
1011 if (cr == NULL) {
1012 keysock_err_ack(q, mp, TSYSERR, EINVAL);
1013 return;
1014 }
1015 if (((union T_primitives *)mp->b_rptr)->type ==
1016 T_SVR4_OPTMGMT_REQ) {
1017 svr4_optcom_req(q, mp, cr, &keysock_opt_obj);
1018 } else {
1019 tpi_optcom_req(q, mp, cr, &keysock_opt_obj);
1020 }
1021 break;
1022 case T_DATA_REQ:
1023 case T_EXDATA_REQ:
1024 case T_ORDREL_REQ:
1025 /* Illegal for keysock. */
1026 freemsg(mp);
1027 (void) putnextctl1(RD(q), M_ERROR, EPROTO);
1028 break;
1029 default:
1030 /* Not supported by keysock. */
1031 keysock_err_ack(q, mp, TNOTSUPPORT, 0);
1032 break;
1033 }
1034 return;
1035 case M_IOCDATA:
1036 keysock_spdsock_wput_iocdata(q, mp, PF_KEY);
1037 return;
1038 case M_IOCTL:
1039 iocp = (struct iocblk *)mp->b_rptr;
1040 error = EINVAL;
1041
1042 switch (iocp->ioc_cmd) {
1043 case TI_GETMYNAME:
1044 case TI_GETPEERNAME:
1045 /*
1046 * For pfiles(1) observability with getsockname().
1047 * See keysock_spdsock_wput_iocdata() for the rest of
1048 * this.
1049 */
1050 mi_copyin(q, mp, NULL,
1051 SIZEOF_STRUCT(strbuf, iocp->ioc_flag));
1052 return;
1053 case ND_SET:
1054 case ND_GET:
1055 if (nd_getset(q, keystack->keystack_g_nd, mp)) {
1056 qreply(q, mp);
1057 return;
1058 } else
1059 error = ENOENT;
1060 /* FALLTHRU */
1061 default:
1062 miocnak(q, mp, 0, error);
1063 return;
1064 }
1065 case M_FLUSH:
1066 if (*mp->b_rptr & FLUSHW) {
1067 flushq(q, FLUSHALL);
1068 *mp->b_rptr &= ~FLUSHW;
1069 }
1070 if (*mp->b_rptr & FLUSHR) {
1071 qreply(q, mp);
1072 return;
1073 }
1074 /* Else FALLTHRU */
1075 }
1076
1077 /* If fell through, just black-hole the message. */
1078 freemsg(mp);
1079 }
1080
1081 /*
1082 * Transmit a PF_KEY error message to the instance either pointed to
1083 * by ks, the instance with serial number serial, or more, depending.
1084 *
1085 * The faulty message (or a reasonable facsimile thereof) is in mp.
1086 * This function will free mp or recycle it for delivery, thereby causing
1087 * the stream head to free it.
1088 */
1089 static void
1090 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic)
1091 {
1092 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1093 keysock_stack_t *keystack = ks->keysock_keystack;
1094
1095 ASSERT(mp->b_datap->db_type == M_DATA);
1096
1097 if (samsg->sadb_msg_type < SADB_GETSPI ||
1098 samsg->sadb_msg_type > SADB_MAX)
1099 samsg->sadb_msg_type = SADB_RESERVED;
1100
1101 /*
1102 * Strip out extension headers.
1103 */
1104 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim);
1105 mp->b_wptr = mp->b_rptr + sizeof (*samsg);
1106 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t));
1107 samsg->sadb_msg_errno = (uint8_t)error;
1108 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic;
1109
1110 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack);
1111 }
1112
1113 /*
1114 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy
1115 * in the extv if passed in.
1116 */
1117 static void
1118 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
1119 boolean_t flushmsg)
1120 {
1121 keysock_consumer_t *kc;
1122 mblk_t *wrapper;
1123 keysock_in_t *ksi;
1124 int i;
1125 keysock_stack_t *keystack = ks->keysock_keystack;
1126
1127 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI);
1128 if (wrapper == NULL) {
1129 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n"));
1130 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL)
1131 bzero(extv[SADB_EXT_KEY_ENCRYPT],
1132 SADB_64TO8(
1133 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len));
1134 if (extv[SADB_EXT_KEY_AUTH] != NULL)
1135 bzero(extv[SADB_EXT_KEY_AUTH],
1136 SADB_64TO8(
1137 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len));
1138 if (flushmsg) {
1139 ks0dbg((
1140 "keysock: Downwards flush/dump message failed!\n"));
1141 /* If this is true, I hold the perimeter. */
1142 keystack->keystack_flushdump--;
1143 }
1144 freemsg(mp);
1145 return;
1146 }
1147
1148 wrapper->b_datap->db_type = M_CTL;
1149 ksi = (keysock_in_t *)wrapper->b_rptr;
1150 ksi->ks_in_type = KEYSOCK_IN;
1151 ksi->ks_in_len = sizeof (keysock_in_t);
1152 if (extv[SADB_EXT_ADDRESS_SRC] != NULL)
1153 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN;
1154 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE;
1155 if (extv[SADB_EXT_ADDRESS_DST] != NULL)
1156 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
1157 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
1158 for (i = 0; i <= SADB_EXT_MAX; i++)
1159 ksi->ks_in_extv[i] = extv[i];
1160 ksi->ks_in_serial = ks->keysock_serial;
1161 wrapper->b_wptr += sizeof (ipsec_info_t);
1162 wrapper->b_cont = mp;
1163
1164 /*
1165 * Find the appropriate consumer where the message is passed down.
1166 */
1167 kc = keystack->keystack_consumers[satype];
1168 if (kc == NULL) {
1169 freeb(wrapper);
1170 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1171 if (flushmsg) {
1172 ks0dbg((
1173 "keysock: Downwards flush/dump message failed!\n"));
1174 /* If this is true, I hold the perimeter. */
1175 keystack->keystack_flushdump--;
1176 }
1177 return;
1178 }
1179
1180 /*
1181 * NOTE: There used to be code in here to spin while a flush or
1182 * dump finished. Keysock now assumes that consumers have enough
1183 * MT-savviness to deal with that.
1184 */
1185
1186 /*
1187 * Current consumers (AH and ESP) are guaranteed to return a
1188 * FLUSH or DUMP message back, so when we reach here, we don't
1189 * have to worry about keysock_flushdumps.
1190 */
1191
1192 putnext(kc->kc_wq, wrapper);
1193 }
1194
1195 /*
1196 * High-level reality checking of extensions.
1197 */
1198 static boolean_t
1199 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack)
1200 {
1201 int i;
1202 uint64_t *lp;
1203 sadb_ident_t *id;
1204 char *idstr;
1205
1206 switch (ext->sadb_ext_type) {
1207 case SADB_EXT_ADDRESS_SRC:
1208 case SADB_EXT_ADDRESS_DST:
1209 case SADB_X_EXT_ADDRESS_INNER_SRC:
1210 case SADB_X_EXT_ADDRESS_INNER_DST:
1211 /* Check for at least enough addtl length for a sockaddr. */
1212 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
1213 return (B_FALSE);
1214 break;
1215 case SADB_EXT_LIFETIME_HARD:
1216 case SADB_EXT_LIFETIME_SOFT:
1217 case SADB_EXT_LIFETIME_CURRENT:
1218 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t)))
1219 return (B_FALSE);
1220 break;
1221 case SADB_EXT_SPIRANGE:
1222 /* See if the SPI range is legit. */
1223 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) >
1224 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max))
1225 return (B_FALSE);
1226 break;
1227 case SADB_EXT_KEY_AUTH:
1228 case SADB_EXT_KEY_ENCRYPT:
1229 /* Key length check. */
1230 if (((sadb_key_t *)ext)->sadb_key_bits == 0)
1231 return (B_FALSE);
1232 /*
1233 * Check to see if the key length (in bits) is less than the
1234 * extension length (in 8-bits words).
1235 */
1236 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) +
1237 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) {
1238 ks1dbg(keystack, (
1239 "ext_check: Key bits/length inconsistent.\n"));
1240 ks1dbg(keystack, ("%d bits, len is %d bytes.\n",
1241 ((sadb_key_t *)ext)->sadb_key_bits,
1242 SADB_64TO8(ext->sadb_ext_len)));
1243 return (B_FALSE);
1244 }
1245
1246 /* All-zeroes key check. */
1247 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t));
1248 for (i = 0;
1249 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t)));
1250 i++)
1251 if (lp[i] != 0)
1252 break; /* Out of for loop. */
1253 /* If finished the loop naturally, it's an all zero key. */
1254 if (lp[i] == 0)
1255 return (B_FALSE);
1256 break;
1257 case SADB_EXT_IDENTITY_SRC:
1258 case SADB_EXT_IDENTITY_DST:
1259 /*
1260 * Make sure the strings in these identities are
1261 * null-terminated. RFC 2367 underspecified how to handle
1262 * such a case. I "proactively" null-terminate the string
1263 * at the last byte if it's not terminated sooner.
1264 */
1265 id = (sadb_ident_t *)ext;
1266 i = SADB_64TO8(id->sadb_ident_len);
1267 i -= sizeof (sadb_ident_t);
1268 idstr = (char *)(id + 1);
1269 while (*idstr != '\0' && i > 0) {
1270 i--;
1271 idstr++;
1272 }
1273 if (i == 0) {
1274 /*
1275 * I.e., if the bozo user didn't NULL-terminate the
1276 * string...
1277 */
1278 idstr--;
1279 *idstr = '\0';
1280 }
1281 break;
1282 }
1283 return (B_TRUE); /* For now... */
1284 }
1285
1286 /* Return values for keysock_get_ext(). */
1287 #define KGE_OK 0
1288 #define KGE_DUP 1
1289 #define KGE_UNK 2
1290 #define KGE_LEN 3
1291 #define KGE_CHK 4
1292
1293 /*
1294 * Parse basic extension headers and return in the passed-in pointer vector.
1295 * Return values include:
1296 *
1297 * KGE_OK Everything's nice and parsed out.
1298 * If there are no extensions, place NULL in extv[0].
1299 * KGE_DUP There is a duplicate extension.
1300 * First instance in appropriate bin. First duplicate in
1301 * extv[0].
1302 * KGE_UNK Unknown extension type encountered. extv[0] contains
1303 * unknown header.
1304 * KGE_LEN Extension length error.
1305 * KGE_CHK High-level reality check failed on specific extension.
1306 *
1307 * My apologies for some of the pointer arithmetic in here. I'm thinking
1308 * like an assembly programmer, yet trying to make the compiler happy.
1309 */
1310 static int
1311 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize,
1312 keysock_stack_t *keystack)
1313 {
1314 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1));
1315
1316 /* Use extv[0] as the "current working pointer". */
1317
1318 extv[0] = (sadb_ext_t *)(basehdr + 1);
1319
1320 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) {
1321 /* Check for unknown headers. */
1322 if (extv[0]->sadb_ext_type == 0 ||
1323 extv[0]->sadb_ext_type > SADB_EXT_MAX)
1324 return (KGE_UNK);
1325
1326 /*
1327 * Check length. Use uint64_t because extlen is in units
1328 * of 64-bit words. If length goes beyond the msgsize,
1329 * return an error. (Zero length also qualifies here.)
1330 */
1331 if (extv[0]->sadb_ext_len == 0 ||
1332 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) >
1333 (void *)((uint8_t *)basehdr + msgsize))
1334 return (KGE_LEN);
1335
1336 /* Check for redundant headers. */
1337 if (extv[extv[0]->sadb_ext_type] != NULL)
1338 return (KGE_DUP);
1339
1340 /*
1341 * Reality check the extension if possible at the keysock
1342 * level.
1343 */
1344 if (!ext_check(extv[0], keystack))
1345 return (KGE_CHK);
1346
1347 /* If I make it here, assign the appropriate bin. */
1348 extv[extv[0]->sadb_ext_type] = extv[0];
1349
1350 /* Advance pointer (See above for uint64_t ptr reasoning.) */
1351 extv[0] = (sadb_ext_t *)
1352 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len);
1353 }
1354
1355 /* Everything's cool. */
1356
1357 /*
1358 * If extv[0] == NULL, then there are no extension headers in this
1359 * message. Ensure that this is the case.
1360 */
1361 if (extv[0] == (sadb_ext_t *)(basehdr + 1))
1362 extv[0] = NULL;
1363
1364 return (KGE_OK);
1365 }
1366
1367 /*
1368 * qwriter() callback to handle flushes and dumps. This routine will hold
1369 * the inner perimeter.
1370 */
1371 void
1372 keysock_do_flushdump(queue_t *q, mblk_t *mp)
1373 {
1374 int i, start, finish;
1375 mblk_t *mp1 = NULL;
1376 keysock_t *ks = (keysock_t *)q->q_ptr;
1377 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1378 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1379 keysock_stack_t *keystack = ks->keysock_keystack;
1380
1381 /*
1382 * I am guaranteed this will work. I did the work in keysock_parse()
1383 * already.
1384 */
1385 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len),
1386 keystack);
1387
1388 /*
1389 * I hold the perimeter, therefore I don't need to use atomic ops.
1390 */
1391 if (keystack->keystack_flushdump != 0) {
1392 /* XXX Should I instead use EBUSY? */
1393 /* XXX Or is there a way to queue these up? */
1394 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE);
1395 return;
1396 }
1397
1398 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1399 start = 0;
1400 finish = KEYSOCK_MAX_CONSUMERS - 1;
1401 } else {
1402 start = samsg->sadb_msg_satype;
1403 finish = samsg->sadb_msg_satype;
1404 }
1405
1406 /*
1407 * Fill up keysock_flushdump with the number of outstanding dumps
1408 * and/or flushes.
1409 */
1410
1411 keystack->keystack_flushdump_errno = 0;
1412
1413 /*
1414 * Okay, I hold the perimeter. Eventually keysock_flushdump will
1415 * contain the number of consumers with outstanding flush operations.
1416 *
1417 * SO, here's the plan:
1418 * * For each relevant consumer (Might be one, might be all)
1419 * * Twiddle on the FLUSHING flag.
1420 * * Pass down the FLUSH/DUMP message.
1421 *
1422 * When I see upbound FLUSH/DUMP messages, I will decrement the
1423 * keysock_flushdump. When I decrement it to 0, I will pass the
1424 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will
1425 * pass down the right SA type to the consumer (either its own, or
1426 * that of UNSPEC), the right one will be reflected from each consumer,
1427 * and accordingly back to the socket.
1428 */
1429
1430 mutex_enter(&keystack->keystack_consumers_lock);
1431 for (i = start; i <= finish; i++) {
1432 if (keystack->keystack_consumers[i] != NULL) {
1433 mp1 = copymsg(mp);
1434 if (mp1 == NULL) {
1435 ks0dbg(("SADB_FLUSH copymsg() failed.\n"));
1436 /*
1437 * Error? And what about outstanding
1438 * flushes? Oh, yeah, they get sucked up and
1439 * the counter is decremented. Consumers
1440 * (see keysock_passdown()) are guaranteed
1441 * to deliver back a flush request, even if
1442 * it's an error.
1443 */
1444 keysock_error(ks, mp, ENOMEM,
1445 SADB_X_DIAGNOSTIC_NONE);
1446 return;
1447 }
1448 /*
1449 * Because my entry conditions are met above, the
1450 * following assertion should hold true.
1451 */
1452 mutex_enter(&keystack->keystack_consumers[i]->kc_lock);
1453 ASSERT((keystack->keystack_consumers[i]->kc_flags &
1454 KC_FLUSHING) == 0);
1455 keystack->keystack_consumers[i]->kc_flags |=
1456 KC_FLUSHING;
1457 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock));
1458 /* Always increment the number of flushes... */
1459 keystack->keystack_flushdump++;
1460 /* Guaranteed to return a message. */
1461 keysock_passdown(ks, mp1, i, extv, B_TRUE);
1462 } else if (start == finish) {
1463 /*
1464 * In case where start == finish, and there's no
1465 * consumer, should we force an error? Yes.
1466 */
1467 mutex_exit(&keystack->keystack_consumers_lock);
1468 keysock_error(ks, mp, EINVAL,
1469 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1470 return;
1471 }
1472 }
1473 mutex_exit(&keystack->keystack_consumers_lock);
1474
1475 if (keystack->keystack_flushdump == 0) {
1476 /*
1477 * There were no consumers at all for this message.
1478 * XXX For now return ESRCH.
1479 */
1480 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS);
1481 } else {
1482 /* Otherwise, free the original message. */
1483 freemsg(mp);
1484 }
1485 }
1486
1487 /*
1488 * Get the right diagnostic for a duplicate. Should probably use a static
1489 * table lookup.
1490 */
1491 int
1492 keysock_duplicate(int ext_type)
1493 {
1494 int rc = 0;
1495
1496 switch (ext_type) {
1497 case SADB_EXT_ADDRESS_SRC:
1498 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC;
1499 break;
1500 case SADB_EXT_ADDRESS_DST:
1501 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
1502 break;
1503 case SADB_X_EXT_ADDRESS_INNER_SRC:
1504 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
1505 break;
1506 case SADB_X_EXT_ADDRESS_INNER_DST:
1507 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
1508 break;
1509 case SADB_EXT_SA:
1510 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
1511 break;
1512 case SADB_EXT_SPIRANGE:
1513 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE;
1514 break;
1515 case SADB_EXT_KEY_AUTH:
1516 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY;
1517 break;
1518 case SADB_EXT_KEY_ENCRYPT:
1519 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY;
1520 break;
1521 }
1522 return (rc);
1523 }
1524
1525 /*
1526 * Get the right diagnostic for a reality check failure. Should probably use
1527 * a static table lookup.
1528 */
1529 int
1530 keysock_malformed(int ext_type)
1531 {
1532 int rc = 0;
1533
1534 switch (ext_type) {
1535 case SADB_EXT_ADDRESS_SRC:
1536 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC;
1537 break;
1538 case SADB_EXT_ADDRESS_DST:
1539 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
1540 break;
1541 case SADB_X_EXT_ADDRESS_INNER_SRC:
1542 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
1543 break;
1544 case SADB_X_EXT_ADDRESS_INNER_DST:
1545 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
1546 break;
1547 case SADB_EXT_SA:
1548 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
1549 break;
1550 case SADB_EXT_SPIRANGE:
1551 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE;
1552 break;
1553 case SADB_EXT_KEY_AUTH:
1554 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY;
1555 break;
1556 case SADB_EXT_KEY_ENCRYPT:
1557 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY;
1558 break;
1559 }
1560 return (rc);
1561 }
1562
1563 /*
1564 * Keysock massaging of an inverse ACQUIRE. Consult policy,
1565 * and construct an appropriate response.
1566 */
1567 static void
1568 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
1569 keysock_t *ks)
1570 {
1571 mblk_t *reply_mp;
1572 keysock_stack_t *keystack = ks->keysock_keystack;
1573
1574 /*
1575 * Reality check things...
1576 */
1577 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) {
1578 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC);
1579 return;
1580 }
1581 if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
1582 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
1583 return;
1584 }
1585
1586 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
1587 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
1588 keysock_error(ks, mp, EINVAL,
1589 SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
1590 return;
1591 }
1592
1593 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
1594 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
1595 keysock_error(ks, mp, EINVAL,
1596 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
1597 return;
1598 }
1599
1600 reply_mp = ipsec_construct_inverse_acquire(samsg, extv,
1601 keystack->keystack_netstack);
1602
1603 if (reply_mp != NULL) {
1604 freemsg(mp);
1605 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr,
1606 ks->keysock_serial, NULL, B_FALSE, keystack);
1607 } else {
1608 keysock_error(ks, mp, samsg->sadb_msg_errno,
1609 samsg->sadb_x_msg_diagnostic);
1610 }
1611 }
1612
1613 /*
1614 * Spew an extended REGISTER down to the relevant consumers.
1615 */
1616 static void
1617 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1618 {
1619 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG];
1620 uint8_t *satypes, *fencepost;
1621 mblk_t *downmp;
1622 sadb_ext_t *downextv[SADB_EXT_MAX + 1];
1623 keysock_stack_t *keystack = ks->keysock_keystack;
1624
1625 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 ||
1626 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) {
1627 keysock_error(ks, mp, EBUSY, 0);
1628 }
1629
1630 ks->keysock_flags |= KEYSOCK_EXTENDED;
1631 if (ereg == NULL) {
1632 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1633 } else {
1634 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr);
1635 fencepost = (uint8_t *)mp->b_wptr;
1636 satypes = ereg->sadb_x_ereg_satypes;
1637 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) {
1638 downmp = copymsg(mp);
1639 if (downmp == NULL) {
1640 keysock_error(ks, mp, ENOMEM, 0);
1641 return;
1642 }
1643 /*
1644 * Since we've made it here, keysock_get_ext will work!
1645 */
1646 (void) keysock_get_ext(downextv,
1647 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp),
1648 keystack);
1649 keysock_passdown(ks, downmp, *satypes, downextv,
1650 B_FALSE);
1651 ++satypes;
1652 }
1653 freemsg(mp);
1654 }
1655
1656 /*
1657 * Set global to indicate we prefer an extended ACQUIRE.
1658 */
1659 atomic_inc_32(&keystack->keystack_num_extended);
1660 }
1661
1662 static void
1663 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1664 {
1665 int i, start, finish;
1666 mblk_t *mp1 = NULL;
1667 keysock_stack_t *keystack = ks->keysock_keystack;
1668
1669 start = 0;
1670 finish = KEYSOCK_MAX_CONSUMERS - 1;
1671
1672 for (i = start; i <= finish; i++) {
1673 if (keystack->keystack_consumers[i] != NULL) {
1674 mp1 = copymsg(mp);
1675 if (mp1 == NULL) {
1676 keysock_error(ks, mp, ENOMEM,
1677 SADB_X_DIAGNOSTIC_NONE);
1678 return;
1679 }
1680 keysock_passdown(ks, mp1, i, extv, B_FALSE);
1681 }
1682 }
1683 }
1684
1685 /*
1686 * Handle PF_KEY messages.
1687 */
1688 static void
1689 keysock_parse(queue_t *q, mblk_t *mp)
1690 {
1691 sadb_msg_t *samsg;
1692 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1693 keysock_t *ks = (keysock_t *)q->q_ptr;
1694 uint_t msgsize;
1695 uint8_t satype;
1696 keysock_stack_t *keystack = ks->keysock_keystack;
1697
1698 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */
1699 ASSERT(WR(q)->q_next == NULL);
1700
1701 samsg = (sadb_msg_t *)mp->b_rptr;
1702 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n",
1703 samsg->sadb_msg_type));
1704
1705 msgsize = SADB_64TO8(samsg->sadb_msg_len);
1706
1707 if (msgdsize(mp) != msgsize) {
1708 /*
1709 * Message len incorrect w.r.t. actual size. Send an error
1710 * (EMSGSIZE). It may be necessary to massage things a
1711 * bit. For example, if the sadb_msg_type is hosed,
1712 * I need to set it to SADB_RESERVED to get delivery to
1713 * do the right thing. Then again, maybe just letting
1714 * the error delivery do the right thing.
1715 */
1716 ks2dbg(keystack,
1717 ("mblk (%lu) and base (%d) message sizes don't jibe.\n",
1718 msgdsize(mp), msgsize));
1719 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE);
1720 return;
1721 }
1722
1723 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) {
1724 /* Get all message into one mblk. */
1725 if (pullupmsg(mp, -1) == 0) {
1726 /*
1727 * Something screwy happened.
1728 */
1729 ks3dbg(keystack,
1730 ("keysock_parse: pullupmsg() failed.\n"));
1731 return;
1732 } else {
1733 samsg = (sadb_msg_t *)mp->b_rptr;
1734 }
1735 }
1736
1737 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) {
1738 case KGE_DUP:
1739 /* Handle duplicate extension. */
1740 ks1dbg(keystack, ("Got duplicate extension of type %d.\n",
1741 extv[0]->sadb_ext_type));
1742 keysock_error(ks, mp, EINVAL,
1743 keysock_duplicate(extv[0]->sadb_ext_type));
1744 return;
1745 case KGE_UNK:
1746 /* Handle unknown extension. */
1747 ks1dbg(keystack, ("Got unknown extension of type %d.\n",
1748 extv[0]->sadb_ext_type));
1749 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT);
1750 return;
1751 case KGE_LEN:
1752 /* Length error. */
1753 ks1dbg(keystack,
1754 ("Length %d on extension type %d overrun or 0.\n",
1755 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type));
1756 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN);
1757 return;
1758 case KGE_CHK:
1759 /* Reality check failed. */
1760 ks1dbg(keystack,
1761 ("Reality check failed on extension type %d.\n",
1762 extv[0]->sadb_ext_type));
1763 keysock_error(ks, mp, EINVAL,
1764 keysock_malformed(extv[0]->sadb_ext_type));
1765 return;
1766 default:
1767 /* Default case is no errors. */
1768 break;
1769 }
1770
1771 switch (samsg->sadb_msg_type) {
1772 case SADB_REGISTER:
1773 /*
1774 * There's a semantic weirdness in that a message OTHER than
1775 * the return REGISTER message may be passed up if I set the
1776 * registered bit BEFORE I pass it down.
1777 *
1778 * SOOOO, I'll not twiddle any registered bits until I see
1779 * the upbound REGISTER (with a serial number in it).
1780 */
1781 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1782 /* Handle extended register here. */
1783 keysock_extended_register(ks, mp, extv);
1784 return;
1785 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) {
1786 keysock_error(ks, mp, EBUSY, 0);
1787 return;
1788 }
1789 /* FALLTHRU */
1790 case SADB_GETSPI:
1791 case SADB_ADD:
1792 case SADB_UPDATE:
1793 case SADB_X_UPDATEPAIR:
1794 case SADB_DELETE:
1795 case SADB_X_DELPAIR:
1796 case SADB_GET:
1797 /*
1798 * Pass down to appropriate consumer.
1799 */
1800 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1801 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1802 B_FALSE);
1803 else keysock_error(ks, mp, EINVAL,
1804 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1805 return;
1806 case SADB_X_DELPAIR_STATE:
1807 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1808 keysock_delpair_all(ks, mp, extv);
1809 } else {
1810 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1811 B_FALSE);
1812 }
1813 return;
1814 case SADB_ACQUIRE:
1815 /*
1816 * If I _receive_ an acquire, this means I should spread it
1817 * out to registered sockets. Unless there's an errno...
1818 *
1819 * Need ADDRESS, may have ID, SENS, and PROP, unless errno,
1820 * in which case there should be NO extensions.
1821 *
1822 * Return to registered.
1823 */
1824 if (samsg->sadb_msg_errno != 0) {
1825 satype = samsg->sadb_msg_satype;
1826 if (satype == SADB_SATYPE_UNSPEC) {
1827 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) {
1828 keysock_error(ks, mp, EINVAL,
1829 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1830 return;
1831 }
1832 /*
1833 * Reassign satype based on the first
1834 * flags that KEYSOCK_SETREG says.
1835 */
1836 while (satype <= SADB_SATYPE_MAX) {
1837 if (KEYSOCK_ISREG(ks, satype))
1838 break;
1839 satype++;
1840 }
1841 if (satype > SADB_SATYPE_MAX) {
1842 keysock_error(ks, mp, EBUSY, 0);
1843 return;
1844 }
1845 }
1846 keysock_passdown(ks, mp, satype, extv, B_FALSE);
1847 } else {
1848 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1849 keysock_error(ks, mp, EINVAL,
1850 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1851 } else {
1852 keysock_passup(mp, samsg, 0, NULL, B_FALSE,
1853 keystack);
1854 }
1855 }
1856 return;
1857 case SADB_EXPIRE:
1858 /*
1859 * If someone sends this in, then send out to all senders.
1860 * (Save maybe ESP or AH, I have to be careful here.)
1861 *
1862 * Need ADDRESS, may have ID and SENS.
1863 *
1864 * XXX for now this is unsupported.
1865 */
1866 break;
1867 case SADB_FLUSH:
1868 /*
1869 * Nuke all SAs.
1870 *
1871 * No extensions at all. Return to all listeners.
1872 *
1873 * Question: Should I hold a lock here to prevent
1874 * additions/deletions while flushing?
1875 * Answer: No. (See keysock_passdown() for details.)
1876 */
1877 if (extv[0] != NULL) {
1878 /*
1879 * FLUSH messages shouldn't have extensions.
1880 * Return EINVAL.
1881 */
1882 ks2dbg(keystack, ("FLUSH message with extension.\n"));
1883 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT);
1884 return;
1885 }
1886
1887 /* Passing down of DUMP/FLUSH messages are special. */
1888 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1889 return;
1890 case SADB_DUMP: /* not used by normal applications */
1891 if ((extv[0] != NULL) &&
1892 ((msgsize >
1893 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) ||
1894 (extv[SADB_X_EXT_EDUMP] == NULL))) {
1895 keysock_error(ks, mp, EINVAL,
1896 SADB_X_DIAGNOSTIC_NO_EXT);
1897 return;
1898 }
1899 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1900 return;
1901 case SADB_X_PROMISC:
1902 /*
1903 * Promiscuous processing message.
1904 */
1905 if (samsg->sadb_msg_satype == 0)
1906 ks->keysock_flags &= ~KEYSOCK_PROMISC;
1907 else
1908 ks->keysock_flags |= KEYSOCK_PROMISC;
1909 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE,
1910 keystack);
1911 return;
1912 case SADB_X_INVERSE_ACQUIRE:
1913 keysock_inverse_acquire(mp, samsg, extv, ks);
1914 return;
1915 default:
1916 ks2dbg(keystack, ("Got unknown message type %d.\n",
1917 samsg->sadb_msg_type));
1918 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG);
1919 return;
1920 }
1921
1922 /* As a placeholder... */
1923 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n"));
1924 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE);
1925 }
1926
1927 /*
1928 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket,
1929 * I don't convert to ioctl()'s for IP. I am the end-all driver as far
1930 * as PF_KEY sockets are concerned. I do some conversion, but not as much
1931 * as IP/rts does.
1932 */
1933 static void
1934 keysock_wput(queue_t *q, mblk_t *mp)
1935 {
1936 uchar_t *rptr = mp->b_rptr;
1937 mblk_t *mp1;
1938 keysock_t *ks;
1939 keysock_stack_t *keystack;
1940
1941 if (WR(q)->q_next) {
1942 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
1943 keystack = kc->kc_keystack;
1944
1945 ks3dbg(keystack, ("In keysock_wput\n"));
1946
1947 /*
1948 * We shouldn't get writes on a consumer instance.
1949 * But for now, just passthru.
1950 */
1951 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n",
1952 kc->kc_sa_type));
1953 putnext(q, mp);
1954 return;
1955 }
1956 ks = (keysock_t *)q->q_ptr;
1957 keystack = ks->keysock_keystack;
1958
1959 ks3dbg(keystack, ("In keysock_wput\n"));
1960
1961 switch (mp->b_datap->db_type) {
1962 case M_DATA:
1963 /*
1964 * Silently discard.
1965 */
1966 ks2dbg(keystack, ("raw M_DATA in keysock.\n"));
1967 freemsg(mp);
1968 return;
1969 case M_PROTO:
1970 case M_PCPROTO:
1971 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) {
1972 if (((union T_primitives *)rptr)->type == T_DATA_REQ) {
1973 if ((mp1 = mp->b_cont) == NULL) {
1974 /* No data after T_DATA_REQ. */
1975 ks2dbg(keystack,
1976 ("No data after DATA_REQ.\n"));
1977 freemsg(mp);
1978 return;
1979 }
1980 freeb(mp);
1981 mp = mp1;
1982 ks2dbg(keystack, ("T_DATA_REQ\n"));
1983 break; /* Out of switch. */
1984 }
1985 }
1986 /* FALLTHRU */
1987 default:
1988 ks3dbg(keystack, ("In default wput case (%d %d).\n",
1989 mp->b_datap->db_type, ((union T_primitives *)rptr)->type));
1990 keysock_wput_other(q, mp);
1991 return;
1992 }
1993
1994 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */
1995 keysock_parse(q, mp);
1996 }
1997
1998 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */
1999
2000 /*
2001 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate
2002 * state vectors.
2003 */
2004 static void
2005 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc)
2006 {
2007 keysock_t *ks;
2008 keysock_stack_t *keystack = kc->kc_keystack;
2009
2010 mutex_enter(&keystack->keystack_consumers_lock);
2011 mutex_enter(&kc->kc_lock);
2012 if (keystack->keystack_consumers[satype] != NULL) {
2013 ks0dbg((
2014 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n",
2015 satype));
2016 /*
2017 * Perhaps updating the new below-me consumer with what I have
2018 * so far would work too?
2019 */
2020 mutex_exit(&kc->kc_lock);
2021 mutex_exit(&keystack->keystack_consumers_lock);
2022 } else {
2023 /* Add new below-me consumer. */
2024 keystack->keystack_consumers[satype] = kc;
2025
2026 kc->kc_flags = 0;
2027 kc->kc_sa_type = satype;
2028 mutex_exit(&kc->kc_lock);
2029 mutex_exit(&keystack->keystack_consumers_lock);
2030
2031 /* Scan the keysock list. */
2032 mutex_enter(&keystack->keystack_list_lock);
2033 for (ks = keystack->keystack_list; ks != NULL;
2034 ks = ks->keysock_next) {
2035 if (KEYSOCK_ISREG(ks, satype)) {
2036 /*
2037 * XXX Perhaps send an SADB_REGISTER down on
2038 * the socket's behalf.
2039 */
2040 ks1dbg(keystack,
2041 ("Socket %u registered already for "
2042 "new consumer.\n", ks->keysock_serial));
2043 }
2044 }
2045 mutex_exit(&keystack->keystack_list_lock);
2046 }
2047 }
2048
2049 /*
2050 * Generate a KEYSOCK_OUT_ERR message for my consumer.
2051 */
2052 static void
2053 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp)
2054 {
2055 keysock_out_err_t *kse;
2056 mblk_t *imp;
2057 keysock_stack_t *keystack = kc->kc_keystack;
2058
2059 imp = allocb(sizeof (ipsec_info_t), BPRI_HI);
2060 if (imp == NULL) {
2061 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n"));
2062 return;
2063 }
2064
2065 imp->b_datap->db_type = M_CTL;
2066 imp->b_wptr += sizeof (ipsec_info_t);
2067
2068 kse = (keysock_out_err_t *)imp->b_rptr;
2069 imp->b_cont = mp;
2070 kse->ks_err_type = KEYSOCK_OUT_ERR;
2071 kse->ks_err_len = sizeof (*kse);
2072 /* Is serial necessary? */
2073 kse->ks_err_serial = 0;
2074 kse->ks_err_errno = ks_errno;
2075
2076 /*
2077 * XXX What else do I need to do here w.r.t. information
2078 * to tell the consumer what caused this error?
2079 *
2080 * I believe the answer is the PF_KEY ACQUIRE (or other) message
2081 * attached in mp, which is appended at the end. I believe the
2082 * db_ref won't matter here, because the PF_KEY message is only read
2083 * for KEYSOCK_OUT_ERR.
2084 */
2085
2086 putnext(kc->kc_wq, imp);
2087 }
2088
2089 /* XXX this is a hack errno. */
2090 #define EIPSECNOSA 255
2091
2092 /*
2093 * Route message (pointed by mp, header in samsg) toward appropriate
2094 * sockets. Assume the message's creator did its job correctly.
2095 *
2096 * This should be a function that is followed by a return in its caller.
2097 * The compiler _should_ be able to use tail-call optimizations to make the
2098 * large ## of parameters not a huge deal.
2099 */
2100 static void
2101 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial,
2102 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack)
2103 {
2104 keysock_t *ks;
2105 uint8_t satype = samsg->sadb_msg_satype;
2106 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE,
2107 setalg = B_FALSE;
2108 mblk_t *mp1;
2109 int err = EIPSECNOSA;
2110
2111 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */
2112 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI);
2113 if (mp1 == NULL) {
2114 err = ENOMEM;
2115 goto error;
2116 }
2117 mp1->b_wptr += sizeof (struct T_data_req);
2118 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND;
2119 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0;
2120 mp1->b_datap->db_type = M_PROTO;
2121 mp1->b_cont = mp;
2122 mp = mp1;
2123
2124 switch (samsg->sadb_msg_type) {
2125 case SADB_FLUSH:
2126 case SADB_GETSPI:
2127 case SADB_UPDATE:
2128 case SADB_X_UPDATEPAIR:
2129 case SADB_ADD:
2130 case SADB_DELETE:
2131 case SADB_X_DELPAIR:
2132 case SADB_EXPIRE:
2133 /*
2134 * These are most likely replies. Don't worry about
2135 * KEYSOCK_OUT_ERR handling. Deliver to all sockets.
2136 */
2137 ks3dbg(keystack,
2138 ("Delivering normal message (%d) to all sockets.\n",
2139 samsg->sadb_msg_type));
2140 toall = B_TRUE;
2141 break;
2142 case SADB_REGISTER:
2143 /*
2144 * REGISTERs come up for one of three reasons:
2145 *
2146 * 1.) In response to a normal SADB_REGISTER
2147 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2148 * serial != 0)
2149 * Deliver to normal SADB_REGISTERed sockets.
2150 * 2.) In response to an extended REGISTER
2151 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
2152 * Deliver to extended REGISTERed socket.
2153 * 3.) Spontaneous algorithm changes
2154 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2155 * serial == 0)
2156 * Deliver to REGISTERed sockets of all sorts.
2157 */
2158 if (kc == NULL) {
2159 /* Here because of keysock_error() call. */
2160 ASSERT(samsg->sadb_msg_errno != 0);
2161 break; /* Out of switch. */
2162 }
2163 ks3dbg(keystack, ("Delivering REGISTER.\n"));
2164 if (satype == SADB_SATYPE_UNSPEC) {
2165 /* REGISTER Reason #2 */
2166 allereg = B_TRUE;
2167 /*
2168 * Rewhack SA type so PF_KEY socket holder knows what
2169 * consumer generated this algorithm list.
2170 */
2171 satype = kc->kc_sa_type;
2172 samsg->sadb_msg_satype = satype;
2173 setalg = B_TRUE;
2174 } else if (serial == 0) {
2175 /* REGISTER Reason #3 */
2176 allreg = B_TRUE;
2177 allereg = B_TRUE;
2178 } else {
2179 /* REGISTER Reason #1 */
2180 allreg = B_TRUE;
2181 setalg = B_TRUE;
2182 }
2183 break;
2184 case SADB_ACQUIRE:
2185 /*
2186 * ACQUIREs are either extended (sadb_msg_satype == 0) or
2187 * regular (sadb_msg_satype != 0). And we're guaranteed
2188 * that serial == 0 for an ACQUIRE.
2189 */
2190 ks3dbg(keystack, ("Delivering ACQUIRE.\n"));
2191 allereg = (satype == SADB_SATYPE_UNSPEC);
2192 allreg = !allereg;
2193 /*
2194 * Corner case - if we send a regular ACQUIRE and there's
2195 * extended ones registered, don't send an error down to
2196 * consumers if nobody's listening and prematurely destroy
2197 * their ACQUIRE record. This might be too hackish of a
2198 * solution.
2199 */
2200 if (allreg && keystack->keystack_num_extended > 0)
2201 err = 0;
2202 break;
2203 case SADB_X_PROMISC:
2204 case SADB_X_INVERSE_ACQUIRE:
2205 case SADB_DUMP:
2206 case SADB_GET:
2207 default:
2208 /*
2209 * Deliver to the sender and promiscuous only.
2210 */
2211 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n",
2212 samsg->sadb_msg_type));
2213 break;
2214 }
2215
2216 mutex_enter(&keystack->keystack_list_lock);
2217 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) {
2218 /* Delivery loop. */
2219
2220 /*
2221 * Check special keysock-setting cases (REGISTER replies)
2222 * here.
2223 */
2224 if (setalg && serial == ks->keysock_serial) {
2225 ASSERT(kc != NULL);
2226 ASSERT(kc->kc_sa_type == satype);
2227 KEYSOCK_SETREG(ks, satype);
2228 }
2229
2230 /*
2231 * NOLOOP takes precedence over PROMISC. So if you've set
2232 * !SO_USELOOPBACK, don't expect to see any data...
2233 */
2234 if (ks->keysock_flags & KEYSOCK_NOLOOP)
2235 continue;
2236
2237 /*
2238 * Messages to all, or promiscuous sockets just GET the
2239 * message. Perform rules-type checking iff it's not for all
2240 * listeners or the socket is in promiscuous mode.
2241 *
2242 * NOTE:Because of the (kc != NULL && ISREG()), make sure
2243 * extended ACQUIREs arrive off a consumer that is
2244 * part of the extended REGISTER set of consumers.
2245 */
2246 if (serial != ks->keysock_serial &&
2247 !toall &&
2248 !(ks->keysock_flags & KEYSOCK_PROMISC) &&
2249 !((ks->keysock_flags & KEYSOCK_EXTENDED) ?
2250 allereg : allreg && kc != NULL &&
2251 KEYSOCK_ISREG(ks, kc->kc_sa_type)))
2252 continue;
2253
2254 mp1 = dupmsg(mp);
2255 if (mp1 == NULL) {
2256 ks2dbg(keystack, (
2257 "keysock_passup(): dupmsg() failed.\n"));
2258 mp1 = mp;
2259 mp = NULL;
2260 err = ENOMEM;
2261 }
2262
2263 /*
2264 * At this point, we can deliver or attempt to deliver
2265 * this message. We're free of obligation to report
2266 * no listening PF_KEY sockets. So set err to 0.
2267 */
2268 err = 0;
2269
2270 /*
2271 * See if we canputnext(), as well as see if the message
2272 * needs to be queued if we can't.
2273 */
2274 if (!canputnext(ks->keysock_rq)) {
2275 if (persistent) {
2276 if (putq(ks->keysock_rq, mp1) == 0) {
2277 ks1dbg(keystack, (
2278 "keysock_passup: putq failed.\n"));
2279 } else {
2280 continue;
2281 }
2282 }
2283 freemsg(mp1);
2284 continue;
2285 }
2286
2287 ks3dbg(keystack,
2288 ("Putting to serial %d.\n", ks->keysock_serial));
2289 /*
2290 * Unlike the specific keysock instance case, this
2291 * will only hit for listeners, so we will only
2292 * putnext() if we can.
2293 */
2294 putnext(ks->keysock_rq, mp1);
2295 if (mp == NULL)
2296 break; /* out of for loop. */
2297 }
2298 mutex_exit(&keystack->keystack_list_lock);
2299
2300 error:
2301 if ((err != 0) && (kc != NULL)) {
2302 /*
2303 * Generate KEYSOCK_OUT_ERR for consumer.
2304 * Basically, I send this back if I have not been able to
2305 * transmit (for whatever reason)
2306 */
2307 ks1dbg(keystack,
2308 ("keysock_passup(): No registered of type %d.\n",
2309 satype));
2310 if (mp != NULL) {
2311 if (mp->b_datap->db_type == M_PROTO) {
2312 mp1 = mp;
2313 mp = mp->b_cont;
2314 freeb(mp1);
2315 }
2316 /*
2317 * Do a copymsg() because people who get
2318 * KEYSOCK_OUT_ERR may alter the message contents.
2319 */
2320 mp1 = copymsg(mp);
2321 if (mp1 == NULL) {
2322 ks2dbg(keystack,
2323 ("keysock_passup: copymsg() failed.\n"));
2324 mp1 = mp;
2325 mp = NULL;
2326 }
2327 keysock_out_err(kc, err, mp1);
2328 }
2329 }
2330
2331 /*
2332 * XXX Blank the message somehow. This is difficult because we don't
2333 * know at this point if the message has db_ref > 1, etc.
2334 *
2335 * Optimally, keysock messages containing actual keying material would
2336 * be allocated with esballoc(), with a zeroing free function.
2337 */
2338 if (mp != NULL)
2339 freemsg(mp);
2340 }
2341
2342 /*
2343 * Keysock's read service procedure is there only for PF_KEY reply
2344 * messages that really need to reach the top.
2345 */
2346 static void
2347 keysock_rsrv(queue_t *q)
2348 {
2349 mblk_t *mp;
2350
2351 while ((mp = getq(q)) != NULL) {
2352 if (canputnext(q)) {
2353 putnext(q, mp);
2354 } else {
2355 (void) putbq(q, mp);
2356 return;
2357 }
2358 }
2359 }
2360
2361 /*
2362 * The read procedure should only be invoked by a keysock consumer, like
2363 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK
2364 * messages on my read queues.
2365 */
2366 static void
2367 keysock_rput(queue_t *q, mblk_t *mp)
2368 {
2369 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
2370 ipsec_info_t *ii;
2371 keysock_hello_ack_t *ksa;
2372 minor_t serial;
2373 mblk_t *mp1;
2374 sadb_msg_t *samsg;
2375 keysock_stack_t *keystack = kc->kc_keystack;
2376
2377 /* Make sure I'm a consumer instance. (i.e. something's below me) */
2378 ASSERT(WR(q)->q_next != NULL);
2379
2380 if (mp->b_datap->db_type != M_CTL) {
2381 /*
2382 * Keysock should only see keysock consumer interface
2383 * messages (see ipsec_info.h) on its read procedure.
2384 * To be robust, however, putnext() up so the STREAM head can
2385 * deal with it appropriately.
2386 */
2387 ks1dbg(keystack,
2388 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n",
2389 mp->b_datap->db_type, mp->b_datap->db_type));
2390 putnext(q, mp);
2391 return;
2392 }
2393
2394 ii = (ipsec_info_t *)mp->b_rptr;
2395
2396 switch (ii->ipsec_info_type) {
2397 case KEYSOCK_OUT:
2398 /*
2399 * A consumer needs to pass a response message or an ACQUIRE
2400 * UP. I assume that the consumer has done the right
2401 * thing w.r.t. message creation, etc.
2402 */
2403 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial;
2404 mp1 = mp->b_cont; /* Get M_DATA portion. */
2405 freeb(mp);
2406 samsg = (sadb_msg_t *)mp1->b_rptr;
2407 if (samsg->sadb_msg_type == SADB_FLUSH ||
2408 (samsg->sadb_msg_type == SADB_DUMP &&
2409 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) {
2410 /*
2411 * If I'm an end-of-FLUSH or an end-of-DUMP marker...
2412 */
2413 ASSERT(keystack->keystack_flushdump != 0);
2414 /* Am I flushing? */
2415
2416 mutex_enter(&kc->kc_lock);
2417 kc->kc_flags &= ~KC_FLUSHING;
2418 mutex_exit(&kc->kc_lock);
2419
2420 if (samsg->sadb_msg_errno != 0)
2421 keystack->keystack_flushdump_errno =
2422 samsg->sadb_msg_errno;
2423
2424 /*
2425 * Lower the atomic "flushing" count. If it's
2426 * the last one, send up the end-of-{FLUSH,DUMP} to
2427 * the appropriate PF_KEY socket.
2428 */
2429 if (atomic_dec_32_nv(&keystack->keystack_flushdump) !=
2430 0) {
2431 ks1dbg(keystack,
2432 ("One flush/dump message back from %d,"
2433 " more to go.\n", samsg->sadb_msg_satype));
2434 freemsg(mp1);
2435 return;
2436 }
2437
2438 samsg->sadb_msg_errno =
2439 (uint8_t)keystack->keystack_flushdump_errno;
2440 if (samsg->sadb_msg_type == SADB_DUMP) {
2441 samsg->sadb_msg_seq = 0;
2442 }
2443 }
2444 keysock_passup(mp1, samsg, serial, kc,
2445 (samsg->sadb_msg_type == SADB_DUMP), keystack);
2446 return;
2447 case KEYSOCK_HELLO_ACK:
2448 /* Aha, now we can link in the consumer! */
2449 ksa = (keysock_hello_ack_t *)ii;
2450 keysock_link_consumer(ksa->ks_hello_satype, kc);
2451 freemsg(mp);
2452 return;
2453 default:
2454 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n",
2455 ii->ipsec_info_type));
2456 putnext(q, mp);
2457 }
2458 }
2459
2460 /*
2461 * So we can avoid external linking problems....
2462 */
2463 boolean_t
2464 keysock_extended_reg(netstack_t *ns)
2465 {
2466 keysock_stack_t *keystack = ns->netstack_keysock;
2467
2468 return (keystack->keystack_num_extended != 0);
2469 }
2470
2471 uint32_t
2472 keysock_next_seq(netstack_t *ns)
2473 {
2474 keysock_stack_t *keystack = ns->netstack_keysock;
2475
2476 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq));
2477 }