Print this page
8541 pfiles does not properly identify PF_KEY or PF_POLICY
Reviewed by: Mike Zeller <mike.zeller@joyent.com>
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/ip/keysock.c
+++ new/usr/src/uts/common/inet/ip/keysock.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 +/*
26 + * Copyright 2017 Joyent, Inc.
27 + */
25 28
26 29 #include <sys/param.h>
27 30 #include <sys/types.h>
28 31 #include <sys/stream.h>
29 32 #include <sys/strsubr.h>
30 33 #include <sys/strsun.h>
31 34 #include <sys/stropts.h>
32 35 #include <sys/vnode.h>
33 36 #include <sys/zone.h>
34 37 #include <sys/strlog.h>
35 38 #include <sys/sysmacros.h>
36 39 #define _SUN_TPI_VERSION 2
37 40 #include <sys/tihdr.h>
38 41 #include <sys/timod.h>
39 42 #include <sys/tiuser.h>
40 43 #include <sys/ddi.h>
41 44 #include <sys/sunddi.h>
42 45 #include <sys/sunldi.h>
43 46 #include <sys/file.h>
44 47 #include <sys/modctl.h>
45 48 #include <sys/debug.h>
46 49 #include <sys/kmem.h>
47 50 #include <sys/cmn_err.h>
48 51 #include <sys/proc.h>
49 52 #include <sys/suntpi.h>
50 53 #include <sys/atomic.h>
51 54 #include <sys/mkdev.h>
52 55 #include <sys/policy.h>
53 56 #include <sys/disp.h>
54 57
55 58 #include <sys/socket.h>
56 59 #include <netinet/in.h>
57 60 #include <net/pfkeyv2.h>
58 61
59 62 #include <inet/common.h>
60 63 #include <netinet/ip6.h>
61 64 #include <inet/ip.h>
62 65 #include <inet/proto_set.h>
63 66 #include <inet/nd.h>
64 67 #include <inet/optcom.h>
65 68 #include <inet/ipsec_info.h>
66 69 #include <inet/ipsec_impl.h>
67 70 #include <inet/keysock.h>
68 71
69 72 #include <sys/isa_defs.h>
70 73
71 74 /*
72 75 * This is a transport provider for the PF_KEY key mangement socket.
73 76 * (See RFC 2367 for details.)
74 77 * Downstream messages are wrapped in a keysock consumer interface KEYSOCK_IN
75 78 * messages (see ipsec_info.h), and passed to the appropriate consumer.
76 79 * Upstream messages are generated for all open PF_KEY sockets, when
77 80 * appropriate, as well as the sender (as long as SO_USELOOPBACK is enabled)
78 81 * in reply to downstream messages.
79 82 *
80 83 * Upstream messages must be created asynchronously for the following
81 84 * situations:
82 85 *
83 86 * 1.) A keysock consumer requires an SA, and there is currently none.
84 87 * 2.) An SA expires, either hard or soft lifetime.
85 88 * 3.) Other events a consumer deems fit.
86 89 *
87 90 * The MT model of this is PERMOD, with shared put procedures. Two types of
88 91 * messages, SADB_FLUSH and SADB_DUMP, need to lock down the perimeter to send
89 92 * down the *multiple* messages they create.
90 93 */
91 94
92 95 static vmem_t *keysock_vmem; /* for minor numbers. */
93 96
94 97 #define KEYSOCK_MAX_CONSUMERS 256
95 98
96 99 /* Default structure copied into T_INFO_ACK messages (from rts.c...) */
97 100 static struct T_info_ack keysock_g_t_info_ack = {
98 101 T_INFO_ACK,
99 102 T_INFINITE, /* TSDU_size. Maximum size messages. */
100 103 T_INVALID, /* ETSDU_size. No expedited data. */
101 104 T_INVALID, /* CDATA_size. No connect data. */
102 105 T_INVALID, /* DDATA_size. No disconnect data. */
103 106 0, /* ADDR_size. */
104 107 0, /* OPT_size. No user-settable options */
105 108 64 * 1024, /* TIDU_size. keysock allows maximum size messages. */
106 109 T_COTS, /* SERV_type. keysock supports connection oriented. */
107 110 TS_UNBND, /* CURRENT_state. This is set from keysock_state. */
108 111 (XPG4_1) /* Provider flags */
109 112 };
110 113
111 114 /* Named Dispatch Parameter Management Structure */
112 115 typedef struct keysockparam_s {
113 116 uint_t keysock_param_min;
114 117 uint_t keysock_param_max;
115 118 uint_t keysock_param_value;
116 119 char *keysock_param_name;
117 120 } keysockparam_t;
118 121
119 122 /*
120 123 * Table of NDD variables supported by keysock. These are loaded into
121 124 * keysock_g_nd in keysock_init_nd.
122 125 * All of these are alterable, within the min/max values given, at run time.
123 126 */
124 127 static keysockparam_t lcl_param_arr[] = {
125 128 /* min max value name */
126 129 { 4096, 65536, 8192, "keysock_xmit_hiwat"},
127 130 { 0, 65536, 1024, "keysock_xmit_lowat"},
128 131 { 4096, 65536, 8192, "keysock_recv_hiwat"},
129 132 { 65536, 1024*1024*1024, 256*1024, "keysock_max_buf"},
130 133 { 0, 3, 0, "keysock_debug"},
131 134 };
132 135 #define keystack_xmit_hiwat keystack_params[0].keysock_param_value
133 136 #define keystack_xmit_lowat keystack_params[1].keysock_param_value
134 137 #define keystack_recv_hiwat keystack_params[2].keysock_param_value
135 138 #define keystack_max_buf keystack_params[3].keysock_param_value
136 139 #define keystack_debug keystack_params[4].keysock_param_value
137 140
138 141 #define ks0dbg(a) printf a
139 142 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
140 143 #define ks1dbg(keystack, a) if (keystack->keystack_debug != 0) printf a
141 144 #define ks2dbg(keystack, a) if (keystack->keystack_debug > 1) printf a
142 145 #define ks3dbg(keystack, a) if (keystack->keystack_debug > 2) printf a
143 146
144 147 static int keysock_close(queue_t *);
145 148 static int keysock_open(queue_t *, dev_t *, int, int, cred_t *);
146 149 static void keysock_wput(queue_t *, mblk_t *);
147 150 static void keysock_rput(queue_t *, mblk_t *);
148 151 static void keysock_rsrv(queue_t *);
149 152 static void keysock_passup(mblk_t *, sadb_msg_t *, minor_t,
150 153 keysock_consumer_t *, boolean_t, keysock_stack_t *);
151 154 static void *keysock_stack_init(netstackid_t stackid, netstack_t *ns);
152 155 static void keysock_stack_fini(netstackid_t stackid, void *arg);
153 156
154 157 static struct module_info info = {
155 158 5138, "keysock", 1, INFPSZ, 512, 128
156 159 };
157 160
158 161 static struct qinit rinit = {
159 162 (pfi_t)keysock_rput, (pfi_t)keysock_rsrv, keysock_open, keysock_close,
160 163 NULL, &info
161 164 };
162 165
163 166 static struct qinit winit = {
164 167 (pfi_t)keysock_wput, NULL, NULL, NULL, NULL, &info
165 168 };
166 169
167 170 struct streamtab keysockinfo = {
168 171 &rinit, &winit
169 172 };
170 173
171 174 extern struct modlinkage *keysock_modlp;
172 175
173 176 /*
174 177 * Plumb IPsec.
175 178 *
176 179 * NOTE: New "default" modules will need to be loaded here if needed before
177 180 * boot time.
178 181 */
179 182
180 183 /* Keep these in global space to keep the lint from complaining. */
181 184 static char *IPSECESP = "ipsecesp";
182 185 static char *IPSECESPDEV = "/devices/pseudo/ipsecesp@0:ipsecesp";
183 186 static char *IPSECAH = "ipsecah";
184 187 static char *IPSECAHDEV = "/devices/pseudo/ipsecah@0:ipsecah";
185 188 static char *IP6DEV = "/devices/pseudo/ip6@0:ip6";
186 189 static char *KEYSOCK = "keysock";
187 190 static char *STRMOD = "strmod";
188 191
189 192 /*
190 193 * Load the other ipsec modules and plumb them together.
191 194 */
192 195 int
193 196 keysock_plumb_ipsec(netstack_t *ns)
194 197 {
195 198 ldi_handle_t lh, ip6_lh = NULL;
196 199 ldi_ident_t li = NULL;
197 200 int err = 0;
198 201 int muxid, rval;
199 202 boolean_t esp_present = B_TRUE;
200 203 cred_t *cr;
201 204 keysock_stack_t *keystack = ns->netstack_keysock;
202 205
203 206 #ifdef NS_DEBUG
204 207 (void) printf("keysock_plumb_ipsec(%d)\n",
205 208 ns->netstack_stackid);
206 209 #endif
207 210
208 211 keystack->keystack_plumbed = 0; /* we're trying again.. */
209 212
210 213 cr = zone_get_kcred(netstackid_to_zoneid(
211 214 keystack->keystack_netstack->netstack_stackid));
212 215 ASSERT(cr != NULL);
213 216 /*
214 217 * Load up the drivers (AH/ESP).
215 218 *
216 219 * I do this separately from the actual plumbing in case this function
217 220 * ever gets called from a diskless boot before the root filesystem is
218 221 * up. I don't have to worry about "keysock" because, well, if I'm
219 222 * here, keysock must've loaded successfully.
220 223 */
221 224 if (i_ddi_attach_pseudo_node(IPSECAH) == NULL) {
222 225 ks0dbg(("IPsec: AH failed to attach.\n"));
223 226 goto bail;
224 227 }
225 228 if (i_ddi_attach_pseudo_node(IPSECESP) == NULL) {
226 229 ks0dbg(("IPsec: ESP failed to attach.\n"));
227 230 esp_present = B_FALSE;
228 231 }
229 232
230 233 /*
231 234 * Set up the IP streams for AH and ESP, as well as tacking keysock
232 235 * on top of them. Assume keysock has set the autopushes up already.
233 236 */
234 237
235 238 /* Open IP. */
236 239 err = ldi_ident_from_mod(keysock_modlp, &li);
237 240 if (err) {
238 241 ks0dbg(("IPsec: lid_ident_from_mod failed (err %d).\n",
239 242 err));
240 243 goto bail;
241 244 }
242 245
243 246 err = ldi_open_by_name(IP6DEV, FREAD|FWRITE, cr, &ip6_lh, li);
244 247 if (err) {
245 248 ks0dbg(("IPsec: Open of IP6 failed (err %d).\n", err));
246 249 goto bail;
247 250 }
248 251
249 252 /* PLINK KEYSOCK/AH */
250 253 err = ldi_open_by_name(IPSECAHDEV, FREAD|FWRITE, cr, &lh, li);
251 254 if (err) {
252 255 ks0dbg(("IPsec: Open of AH failed (err %d).\n", err));
253 256 goto bail;
254 257 }
255 258 err = ldi_ioctl(lh,
256 259 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
257 260 if (err) {
258 261 ks0dbg(("IPsec: Push of KEYSOCK onto AH failed (err %d).\n",
259 262 err));
260 263 (void) ldi_close(lh, FREAD|FWRITE, cr);
261 264 goto bail;
262 265 }
263 266 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
264 267 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
265 268 if (err) {
266 269 ks0dbg(("IPsec: PLINK of KEYSOCK/AH failed (err %d).\n", err));
267 270 (void) ldi_close(lh, FREAD|FWRITE, cr);
268 271 goto bail;
269 272 }
270 273 (void) ldi_close(lh, FREAD|FWRITE, cr);
271 274
272 275 /* PLINK KEYSOCK/ESP */
273 276 if (esp_present) {
274 277 err = ldi_open_by_name(IPSECESPDEV,
275 278 FREAD|FWRITE, cr, &lh, li);
276 279 if (err) {
277 280 ks0dbg(("IPsec: Open of ESP failed (err %d).\n", err));
278 281 goto bail;
279 282 }
280 283 err = ldi_ioctl(lh,
281 284 I_PUSH, (intptr_t)KEYSOCK, FKIOCTL, cr, &rval);
282 285 if (err) {
283 286 ks0dbg(("IPsec: "
284 287 "Push of KEYSOCK onto ESP failed (err %d).\n",
285 288 err));
286 289 (void) ldi_close(lh, FREAD|FWRITE, cr);
287 290 goto bail;
288 291 }
289 292 err = ldi_ioctl(ip6_lh, I_PLINK, (intptr_t)lh,
290 293 FREAD+FWRITE+FNOCTTY+FKIOCTL, cr, &muxid);
291 294 if (err) {
292 295 ks0dbg(("IPsec: "
293 296 "PLINK of KEYSOCK/ESP failed (err %d).\n", err));
294 297 (void) ldi_close(lh, FREAD|FWRITE, cr);
295 298 goto bail;
296 299 }
297 300 (void) ldi_close(lh, FREAD|FWRITE, cr);
298 301 }
299 302
300 303 bail:
301 304 keystack->keystack_plumbed = (err == 0) ? 1 : -1;
302 305 if (ip6_lh != NULL) {
303 306 (void) ldi_close(ip6_lh, FREAD|FWRITE, cr);
304 307 }
305 308 if (li != NULL)
306 309 ldi_ident_release(li);
307 310 #ifdef NS_DEBUG
308 311 (void) printf("keysock_plumb_ipsec -> %d\n",
309 312 keystack->keystack_plumbed);
310 313 #endif
311 314 crfree(cr);
312 315 return (err);
313 316 }
314 317
315 318 /* ARGSUSED */
316 319 static int
317 320 keysock_param_get(q, mp, cp, cr)
318 321 queue_t *q;
319 322 mblk_t *mp;
320 323 caddr_t cp;
321 324 cred_t *cr;
322 325 {
323 326 keysockparam_t *keysockpa = (keysockparam_t *)cp;
324 327 uint_t value;
325 328 keysock_t *ks = (keysock_t *)q->q_ptr;
326 329 keysock_stack_t *keystack = ks->keysock_keystack;
327 330
328 331 mutex_enter(&keystack->keystack_param_lock);
329 332 value = keysockpa->keysock_param_value;
330 333 mutex_exit(&keystack->keystack_param_lock);
331 334
332 335 (void) mi_mpprintf(mp, "%u", value);
333 336 return (0);
334 337 }
335 338
336 339 /* This routine sets an NDD variable in a keysockparam_t structure. */
337 340 /* ARGSUSED */
338 341 static int
339 342 keysock_param_set(q, mp, value, cp, cr)
340 343 queue_t *q;
341 344 mblk_t *mp;
342 345 char *value;
343 346 caddr_t cp;
344 347 cred_t *cr;
345 348 {
346 349 ulong_t new_value;
347 350 keysockparam_t *keysockpa = (keysockparam_t *)cp;
348 351 keysock_t *ks = (keysock_t *)q->q_ptr;
349 352 keysock_stack_t *keystack = ks->keysock_keystack;
350 353
351 354 /* Convert the value from a string into a long integer. */
352 355 if (ddi_strtoul(value, NULL, 10, &new_value) != 0)
353 356 return (EINVAL);
354 357
355 358 mutex_enter(&keystack->keystack_param_lock);
356 359 /*
357 360 * Fail the request if the new value does not lie within the
358 361 * required bounds.
359 362 */
360 363 if (new_value < keysockpa->keysock_param_min ||
361 364 new_value > keysockpa->keysock_param_max) {
362 365 mutex_exit(&keystack->keystack_param_lock);
363 366 return (EINVAL);
364 367 }
365 368
366 369 /* Set the new value */
367 370 keysockpa->keysock_param_value = new_value;
368 371 mutex_exit(&keystack->keystack_param_lock);
369 372
370 373 return (0);
371 374 }
372 375
373 376 /*
374 377 * Initialize keysock at module load time
375 378 */
376 379 boolean_t
377 380 keysock_ddi_init(void)
378 381 {
379 382 keysock_max_optsize = optcom_max_optsize(
380 383 keysock_opt_obj.odb_opt_des_arr, keysock_opt_obj.odb_opt_arr_cnt);
381 384
382 385 keysock_vmem = vmem_create("keysock", (void *)1, MAXMIN, 1,
383 386 NULL, NULL, NULL, 1, VM_SLEEP | VMC_IDENTIFIER);
384 387
385 388 /*
386 389 * We want to be informed each time a stack is created or
387 390 * destroyed in the kernel, so we can maintain the
388 391 * set of keysock_stack_t's.
389 392 */
390 393 netstack_register(NS_KEYSOCK, keysock_stack_init, NULL,
391 394 keysock_stack_fini);
392 395
393 396 return (B_TRUE);
394 397 }
395 398
396 399 /*
397 400 * Walk through the param array specified registering each element with the
398 401 * named dispatch handler.
399 402 */
400 403 static boolean_t
401 404 keysock_param_register(IDP *ndp, keysockparam_t *ksp, int cnt)
402 405 {
403 406 for (; cnt-- > 0; ksp++) {
404 407 if (ksp->keysock_param_name != NULL &&
405 408 ksp->keysock_param_name[0]) {
406 409 if (!nd_load(ndp,
407 410 ksp->keysock_param_name,
408 411 keysock_param_get, keysock_param_set,
409 412 (caddr_t)ksp)) {
410 413 nd_free(ndp);
411 414 return (B_FALSE);
412 415 }
413 416 }
414 417 }
415 418 return (B_TRUE);
416 419 }
417 420
418 421 /*
419 422 * Initialize keysock for one stack instance
420 423 */
421 424 /* ARGSUSED */
422 425 static void *
423 426 keysock_stack_init(netstackid_t stackid, netstack_t *ns)
424 427 {
425 428 keysock_stack_t *keystack;
426 429 keysockparam_t *ksp;
427 430
428 431 keystack = (keysock_stack_t *)kmem_zalloc(sizeof (*keystack), KM_SLEEP);
429 432 keystack->keystack_netstack = ns;
430 433
431 434 keystack->keystack_acquire_seq = 0xffffffff;
432 435
433 436 ksp = (keysockparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
434 437 keystack->keystack_params = ksp;
435 438 bcopy(lcl_param_arr, ksp, sizeof (lcl_param_arr));
436 439
437 440 (void) keysock_param_register(&keystack->keystack_g_nd, ksp,
438 441 A_CNT(lcl_param_arr));
439 442
440 443 mutex_init(&keystack->keystack_list_lock, NULL, MUTEX_DEFAULT, NULL);
441 444 mutex_init(&keystack->keystack_consumers_lock,
442 445 NULL, MUTEX_DEFAULT, NULL);
443 446 mutex_init(&keystack->keystack_param_lock, NULL, MUTEX_DEFAULT, NULL);
444 447 return (keystack);
445 448 }
446 449
447 450 /*
448 451 * Free NDD variable space, and other destructors, for keysock.
449 452 */
450 453 void
451 454 keysock_ddi_destroy(void)
452 455 {
453 456 netstack_unregister(NS_KEYSOCK);
454 457 vmem_destroy(keysock_vmem);
455 458 }
456 459
457 460 /*
458 461 * Remove one stack instance from keysock
459 462 */
460 463 /* ARGSUSED */
461 464 static void
462 465 keysock_stack_fini(netstackid_t stackid, void *arg)
463 466 {
464 467 keysock_stack_t *keystack = (keysock_stack_t *)arg;
465 468
466 469 nd_free(&keystack->keystack_g_nd);
467 470 kmem_free(keystack->keystack_params, sizeof (lcl_param_arr));
468 471 keystack->keystack_params = NULL;
469 472
470 473 mutex_destroy(&keystack->keystack_list_lock);
471 474 mutex_destroy(&keystack->keystack_consumers_lock);
472 475 mutex_destroy(&keystack->keystack_param_lock);
473 476
474 477 kmem_free(keystack, sizeof (*keystack));
475 478 }
476 479
477 480 /*
478 481 * Close routine for keysock.
479 482 */
480 483 static int
481 484 keysock_close(queue_t *q)
482 485 {
483 486 keysock_t *ks;
484 487 keysock_consumer_t *kc;
485 488 void *ptr = q->q_ptr;
486 489 int size;
487 490 keysock_stack_t *keystack;
488 491
489 492
490 493 qprocsoff(q);
491 494
492 495 /* Safe assumption. */
493 496 ASSERT(ptr != NULL);
494 497
495 498 if (WR(q)->q_next) {
496 499 kc = (keysock_consumer_t *)ptr;
497 500 keystack = kc->kc_keystack;
498 501
499 502 ks1dbg(keystack, ("Module close, removing a consumer (%d).\n",
500 503 kc->kc_sa_type));
501 504 /*
502 505 * Because of PERMOD open/close exclusive perimeter, I
503 506 * can inspect KC_FLUSHING w/o locking down kc->kc_lock.
504 507 */
505 508 if (kc->kc_flags & KC_FLUSHING) {
506 509 /*
507 510 * If this decrement was the last one, send
508 511 * down the next pending one, if any.
509 512 *
510 513 * With a PERMOD perimeter, the mutexes ops aren't
511 514 * really necessary, but if we ever loosen up, we will
512 515 * have this bit covered already.
513 516 */
514 517 keystack->keystack_flushdump--;
515 518 if (keystack->keystack_flushdump == 0) {
516 519 /*
517 520 * The flush/dump terminated by having a
518 521 * consumer go away. I need to send up to the
519 522 * appropriate keysock all of the relevant
520 523 * information. Unfortunately, I don't
521 524 * have that handy.
522 525 */
523 526 ks0dbg(("Consumer went away while flushing or"
524 527 " dumping.\n"));
525 528 }
526 529 }
527 530 size = sizeof (keysock_consumer_t);
528 531 mutex_enter(&keystack->keystack_consumers_lock);
529 532 keystack->keystack_consumers[kc->kc_sa_type] = NULL;
530 533 mutex_exit(&keystack->keystack_consumers_lock);
531 534 mutex_destroy(&kc->kc_lock);
532 535 netstack_rele(kc->kc_keystack->keystack_netstack);
533 536 } else {
534 537 ks = (keysock_t *)ptr;
535 538 keystack = ks->keysock_keystack;
536 539
537 540 ks3dbg(keystack,
538 541 ("Driver close, PF_KEY socket is going away.\n"));
539 542 if ((ks->keysock_flags & KEYSOCK_EXTENDED) != 0)
540 543 atomic_dec_32(&keystack->keystack_num_extended);
541 544 size = sizeof (keysock_t);
542 545 mutex_enter(&keystack->keystack_list_lock);
543 546 *(ks->keysock_ptpn) = ks->keysock_next;
544 547 if (ks->keysock_next != NULL)
545 548 ks->keysock_next->keysock_ptpn = ks->keysock_ptpn;
546 549 mutex_exit(&keystack->keystack_list_lock);
547 550 mutex_destroy(&ks->keysock_lock);
548 551 vmem_free(keysock_vmem, (void *)(uintptr_t)ks->keysock_serial,
549 552 1);
550 553 netstack_rele(ks->keysock_keystack->keystack_netstack);
551 554 }
552 555
553 556 /* Now I'm free. */
554 557 kmem_free(ptr, size);
555 558 return (0);
556 559 }
557 560 /*
558 561 * Open routine for keysock.
559 562 */
560 563 /* ARGSUSED */
561 564 static int
562 565 keysock_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
563 566 {
564 567 keysock_t *ks;
565 568 keysock_consumer_t *kc;
566 569 mblk_t *mp;
567 570 ipsec_info_t *ii;
568 571 netstack_t *ns;
569 572 keysock_stack_t *keystack;
570 573
571 574 if (secpolicy_ip_config(credp, B_FALSE) != 0) {
572 575 /* Privilege debugging will log the error */
573 576 return (EPERM);
574 577 }
575 578
576 579 if (q->q_ptr != NULL)
577 580 return (0); /* Re-open of an already open instance. */
578 581
579 582 ns = netstack_find_by_cred(credp);
580 583 ASSERT(ns != NULL);
581 584 keystack = ns->netstack_keysock;
582 585 ASSERT(keystack != NULL);
583 586
584 587 ks3dbg(keystack, ("Entering keysock open.\n"));
585 588
586 589 if (keystack->keystack_plumbed < 1) {
587 590 netstack_t *ns = keystack->keystack_netstack;
588 591
589 592 keystack->keystack_plumbed = 0;
590 593 #ifdef NS_DEBUG
591 594 printf("keysock_open(%d) - plumb\n",
592 595 keystack->keystack_netstack->netstack_stackid);
593 596 #endif
594 597 /*
595 598 * Don't worry about ipsec_failure being true here.
596 599 * (See ip.c). An open of keysock should try and force
597 600 * the issue. Maybe it was a transient failure.
598 601 */
599 602 ipsec_loader_loadnow(ns->netstack_ipsec);
600 603 }
601 604
602 605 if (sflag & MODOPEN) {
603 606 /* Initialize keysock_consumer state here. */
604 607 kc = kmem_zalloc(sizeof (keysock_consumer_t), KM_NOSLEEP);
605 608 if (kc == NULL) {
606 609 netstack_rele(keystack->keystack_netstack);
607 610 return (ENOMEM);
608 611 }
609 612 mutex_init(&kc->kc_lock, NULL, MUTEX_DEFAULT, 0);
610 613 kc->kc_rq = q;
611 614 kc->kc_wq = WR(q);
612 615
613 616 q->q_ptr = kc;
614 617 WR(q)->q_ptr = kc;
615 618
616 619 kc->kc_keystack = keystack;
617 620 qprocson(q);
618 621
619 622 /*
620 623 * Send down initial message to whatever I was pushed on top
621 624 * of asking for its consumer type. The reply will set it.
622 625 */
623 626
624 627 /* Allocate it. */
625 628 mp = allocb(sizeof (ipsec_info_t), BPRI_HI);
626 629 if (mp == NULL) {
627 630 ks1dbg(keystack, (
628 631 "keysock_open: Cannot allocate KEYSOCK_HELLO.\n"));
629 632 /* Do I need to set these to null? */
630 633 q->q_ptr = NULL;
631 634 WR(q)->q_ptr = NULL;
632 635 mutex_destroy(&kc->kc_lock);
633 636 kmem_free(kc, sizeof (*kc));
634 637 netstack_rele(keystack->keystack_netstack);
635 638 return (ENOMEM);
636 639 }
637 640
638 641 /* If I allocated okay, putnext to what I was pushed atop. */
639 642 mp->b_wptr += sizeof (ipsec_info_t);
640 643 mp->b_datap->db_type = M_CTL;
641 644 ii = (ipsec_info_t *)mp->b_rptr;
642 645 ii->ipsec_info_type = KEYSOCK_HELLO;
643 646 /* Length only of type/len. */
644 647 ii->ipsec_info_len = sizeof (ii->ipsec_allu);
645 648 ks2dbg(keystack, ("Ready to putnext KEYSOCK_HELLO.\n"));
646 649 putnext(kc->kc_wq, mp);
647 650 } else {
648 651 minor_t ksminor;
649 652
650 653 /* Initialize keysock state. */
651 654
652 655 ks2dbg(keystack, ("Made it into PF_KEY socket open.\n"));
653 656
654 657 ksminor = (minor_t)(uintptr_t)
655 658 vmem_alloc(keysock_vmem, 1, VM_NOSLEEP);
656 659 if (ksminor == 0) {
657 660 netstack_rele(keystack->keystack_netstack);
658 661 return (ENOMEM);
659 662 }
660 663 ks = kmem_zalloc(sizeof (keysock_t), KM_NOSLEEP);
661 664 if (ks == NULL) {
662 665 vmem_free(keysock_vmem, (void *)(uintptr_t)ksminor, 1);
663 666 netstack_rele(keystack->keystack_netstack);
664 667 return (ENOMEM);
665 668 }
666 669
667 670 mutex_init(&ks->keysock_lock, NULL, MUTEX_DEFAULT, 0);
668 671 ks->keysock_rq = q;
669 672 ks->keysock_wq = WR(q);
670 673 ks->keysock_state = TS_UNBND;
671 674 ks->keysock_serial = ksminor;
672 675
673 676 q->q_ptr = ks;
674 677 WR(q)->q_ptr = ks;
675 678 ks->keysock_keystack = keystack;
676 679
677 680 /*
678 681 * The receive hiwat is only looked at on the stream head
679 682 * queue. Store in q_hiwat in order to return on SO_RCVBUF
680 683 * getsockopts.
681 684 */
682 685
683 686 q->q_hiwat = keystack->keystack_recv_hiwat;
684 687
685 688 /*
686 689 * The transmit hiwat/lowat is only looked at on IP's queue.
687 690 * Store in q_hiwat/q_lowat in order to return on
688 691 * SO_SNDBUF/SO_SNDLOWAT getsockopts.
689 692 */
690 693
691 694 WR(q)->q_hiwat = keystack->keystack_xmit_hiwat;
692 695 WR(q)->q_lowat = keystack->keystack_xmit_lowat;
693 696
694 697 *devp = makedevice(getmajor(*devp), ksminor);
695 698
696 699 /*
697 700 * Thread keysock into the global keysock list.
698 701 */
699 702 mutex_enter(&keystack->keystack_list_lock);
700 703 ks->keysock_next = keystack->keystack_list;
701 704 ks->keysock_ptpn = &keystack->keystack_list;
702 705 if (keystack->keystack_list != NULL) {
703 706 keystack->keystack_list->keysock_ptpn =
704 707 &ks->keysock_next;
705 708 }
706 709 keystack->keystack_list = ks;
707 710 mutex_exit(&keystack->keystack_list_lock);
708 711
709 712 qprocson(q);
710 713 (void) proto_set_rx_hiwat(q, NULL,
711 714 keystack->keystack_recv_hiwat);
712 715 /*
713 716 * Wait outside the keysock module perimeter for IPsec
714 717 * plumbing to be completed. If it fails, keysock_close()
715 718 * undoes everything we just did.
716 719 */
717 720 if (!ipsec_loader_wait(q,
718 721 keystack->keystack_netstack->netstack_ipsec)) {
719 722 (void) keysock_close(q);
720 723 return (EPFNOSUPPORT);
721 724 }
722 725 }
723 726
724 727 return (0);
725 728 }
726 729
727 730 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_wput(). */
728 731
729 732 /*
730 733 * Copy relevant state bits.
731 734 */
732 735 static void
733 736 keysock_copy_info(struct T_info_ack *tap, keysock_t *ks)
734 737 {
735 738 *tap = keysock_g_t_info_ack;
736 739 tap->CURRENT_state = ks->keysock_state;
737 740 tap->OPT_size = keysock_max_optsize;
738 741 }
739 742
740 743 /*
741 744 * This routine responds to T_CAPABILITY_REQ messages. It is called by
742 745 * keysock_wput. Much of the T_CAPABILITY_ACK information is copied from
743 746 * keysock_g_t_info_ack. The current state of the stream is copied from
744 747 * keysock_state.
745 748 */
746 749 static void
747 750 keysock_capability_req(queue_t *q, mblk_t *mp)
748 751 {
749 752 keysock_t *ks = (keysock_t *)q->q_ptr;
750 753 t_uscalar_t cap_bits1;
751 754 struct T_capability_ack *tcap;
752 755
753 756 cap_bits1 = ((struct T_capability_req *)mp->b_rptr)->CAP_bits1;
754 757
755 758 mp = tpi_ack_alloc(mp, sizeof (struct T_capability_ack),
756 759 mp->b_datap->db_type, T_CAPABILITY_ACK);
757 760 if (mp == NULL)
758 761 return;
759 762
760 763 tcap = (struct T_capability_ack *)mp->b_rptr;
761 764 tcap->CAP_bits1 = 0;
762 765
763 766 if (cap_bits1 & TC1_INFO) {
764 767 keysock_copy_info(&tcap->INFO_ack, ks);
765 768 tcap->CAP_bits1 |= TC1_INFO;
766 769 }
767 770
768 771 qreply(q, mp);
769 772 }
770 773
771 774 /*
772 775 * This routine responds to T_INFO_REQ messages. It is called by
773 776 * keysock_wput_other.
774 777 * Most of the T_INFO_ACK information is copied from keysock_g_t_info_ack.
775 778 * The current state of the stream is copied from keysock_state.
776 779 */
777 780 static void
778 781 keysock_info_req(q, mp)
779 782 queue_t *q;
780 783 mblk_t *mp;
781 784 {
782 785 mp = tpi_ack_alloc(mp, sizeof (struct T_info_ack), M_PCPROTO,
783 786 T_INFO_ACK);
784 787 if (mp == NULL)
785 788 return;
786 789 keysock_copy_info((struct T_info_ack *)mp->b_rptr,
787 790 (keysock_t *)q->q_ptr);
788 791 qreply(q, mp);
789 792 }
790 793
791 794 /*
792 795 * keysock_err_ack. This routine creates a
793 796 * T_ERROR_ACK message and passes it
794 797 * upstream.
795 798 */
796 799 static void
797 800 keysock_err_ack(q, mp, t_error, sys_error)
798 801 queue_t *q;
799 802 mblk_t *mp;
800 803 int t_error;
801 804 int sys_error;
802 805 {
803 806 if ((mp = mi_tpi_err_ack_alloc(mp, t_error, sys_error)) != NULL)
804 807 qreply(q, mp);
805 808 }
806 809
807 810 /*
808 811 * This routine retrieves the current status of socket options.
809 812 * It returns the size of the option retrieved.
810 813 */
811 814 /* ARGSUSED */
812 815 int
813 816 keysock_opt_get(queue_t *q, int level, int name, uchar_t *ptr)
814 817 {
815 818 int *i1 = (int *)ptr;
816 819 keysock_t *ks = (keysock_t *)q->q_ptr;
817 820
818 821 switch (level) {
819 822 case SOL_SOCKET:
820 823 mutex_enter(&ks->keysock_lock);
821 824 switch (name) {
822 825 case SO_TYPE:
823 826 *i1 = SOCK_RAW;
824 827 break;
825 828 case SO_USELOOPBACK:
826 829 *i1 = (int)(!((ks->keysock_flags & KEYSOCK_NOLOOP) ==
827 830 KEYSOCK_NOLOOP));
828 831 break;
829 832 /*
830 833 * The following two items can be manipulated,
831 834 * but changing them should do nothing.
832 835 */
833 836 case SO_SNDBUF:
834 837 *i1 = (int)q->q_hiwat;
835 838 break;
836 839 case SO_RCVBUF:
837 840 *i1 = (int)(RD(q)->q_hiwat);
838 841 break;
839 842 }
840 843 mutex_exit(&ks->keysock_lock);
841 844 break;
842 845 default:
843 846 return (0);
844 847 }
845 848 return (sizeof (int));
846 849 }
847 850
848 851 /*
849 852 * This routine sets socket options.
850 853 */
851 854 /* ARGSUSED */
852 855 int
853 856 keysock_opt_set(queue_t *q, uint_t mgmt_flags, int level,
854 857 int name, uint_t inlen, uchar_t *invalp, uint_t *outlenp,
855 858 uchar_t *outvalp, void *thisdg_attrs, cred_t *cr)
856 859 {
857 860 int *i1 = (int *)invalp, errno = 0;
858 861 keysock_t *ks = (keysock_t *)q->q_ptr;
859 862 keysock_stack_t *keystack = ks->keysock_keystack;
860 863
861 864 switch (level) {
862 865 case SOL_SOCKET:
863 866 mutex_enter(&ks->keysock_lock);
864 867 switch (name) {
865 868 case SO_USELOOPBACK:
866 869 if (!(*i1))
867 870 ks->keysock_flags |= KEYSOCK_NOLOOP;
868 871 else ks->keysock_flags &= ~KEYSOCK_NOLOOP;
869 872 break;
870 873 case SO_SNDBUF:
871 874 if (*i1 > keystack->keystack_max_buf)
872 875 errno = ENOBUFS;
873 876 else q->q_hiwat = *i1;
874 877 break;
875 878 case SO_RCVBUF:
876 879 if (*i1 > keystack->keystack_max_buf) {
877 880 errno = ENOBUFS;
878 881 } else {
879 882 RD(q)->q_hiwat = *i1;
880 883 (void) proto_set_rx_hiwat(RD(q), NULL, *i1);
881 884 }
882 885 break;
883 886 default:
884 887 errno = EINVAL;
|
↓ open down ↓ |
850 lines elided |
↑ open up ↑ |
885 888 }
886 889 mutex_exit(&ks->keysock_lock);
887 890 break;
888 891 default:
889 892 errno = EINVAL;
890 893 }
891 894 return (errno);
892 895 }
893 896
894 897 /*
898 + * Handle STREAMS ioctl copyin for getsockname() for both PF_KEY and
899 + * PF_POLICY.
900 + */
901 +void
902 +keysock_spdsock_wput_iocdata(queue_t *q, mblk_t *mp, sa_family_t family)
903 +{
904 + mblk_t *mp1;
905 + STRUCT_HANDLE(strbuf, sb);
906 + /* What size of sockaddr do we need? */
907 + const uint_t addrlen = sizeof (struct sockaddr);
908 +
909 + /* We only handle TI_GET{MY,PEER}NAME (get{sock,peer}name()). */
910 + switch (((struct iocblk *)mp->b_rptr)->ioc_cmd) {
911 + case TI_GETMYNAME:
912 + case TI_GETPEERNAME:
913 + break;
914 + default:
915 + freemsg(mp);
916 + return;
917 + }
918 +
919 + switch (mi_copy_state(q, mp, &mp1)) {
920 + case -1:
921 + return;
922 + case MI_COPY_CASE(MI_COPY_IN, 1):
923 + break;
924 + case MI_COPY_CASE(MI_COPY_OUT, 1):
925 + /*
926 + * The address has been copied out, so now
927 + * copyout the strbuf.
928 + */
929 + mi_copyout(q, mp);
930 + return;
931 + case MI_COPY_CASE(MI_COPY_OUT, 2):
932 + /*
933 + * The address and strbuf have been copied out.
934 + * We're done, so just acknowledge the original
935 + * M_IOCTL.
936 + */
937 + mi_copy_done(q, mp, 0);
938 + return;
939 + default:
940 + /*
941 + * Something strange has happened, so acknowledge
942 + * the original M_IOCTL with an EPROTO error.
943 + */
944 + mi_copy_done(q, mp, EPROTO);
945 + return;
946 + }
947 +
948 + /*
949 + * Now we have the strbuf structure for TI_GET{MY,PEER}NAME. Next we
950 + * copyout the requested address and then we'll copyout the strbuf.
951 + * Regardless of sockname or peername, we just return a sockaddr with
952 + * sa_family set.
953 + */
954 + STRUCT_SET_HANDLE(sb, ((struct iocblk *)mp->b_rptr)->ioc_flag,
955 + (void *)mp1->b_rptr);
956 +
957 + if (STRUCT_FGET(sb, maxlen) < addrlen) {
958 + mi_copy_done(q, mp, EINVAL);
959 + return;
960 + }
961 +
962 + mp1 = mi_copyout_alloc(q, mp, STRUCT_FGETP(sb, buf), addrlen, B_TRUE);
963 + if (mp1 == NULL)
964 + return;
965 +
966 + STRUCT_FSET(sb, len, addrlen);
967 + ((struct sockaddr *)mp1->b_wptr)->sa_family = family;
968 + mp1->b_wptr += addrlen;
969 + mi_copyout(q, mp);
970 +}
971 +
972 +/*
895 973 * Handle STREAMS messages.
896 974 */
897 975 static void
898 976 keysock_wput_other(queue_t *q, mblk_t *mp)
899 977 {
900 978 struct iocblk *iocp;
901 979 int error;
902 980 keysock_t *ks = (keysock_t *)q->q_ptr;
903 981 keysock_stack_t *keystack = ks->keysock_keystack;
904 982 cred_t *cr;
905 983
906 984 switch (mp->b_datap->db_type) {
907 985 case M_PROTO:
908 986 case M_PCPROTO:
909 987 if ((mp->b_wptr - mp->b_rptr) < sizeof (long)) {
910 988 ks3dbg(keystack, (
911 989 "keysock_wput_other: Not big enough M_PROTO\n"));
912 990 freemsg(mp);
913 991 return;
914 992 }
915 993 switch (((union T_primitives *)mp->b_rptr)->type) {
916 994 case T_CAPABILITY_REQ:
917 995 keysock_capability_req(q, mp);
918 996 break;
919 997 case T_INFO_REQ:
920 998 keysock_info_req(q, mp);
921 999 break;
922 1000 case T_SVR4_OPTMGMT_REQ:
923 1001 case T_OPTMGMT_REQ:
924 1002 /*
925 1003 * All Solaris components should pass a db_credp
926 1004 * for this TPI message, hence we ASSERT.
927 1005 * But in case there is some other M_PROTO that looks
928 1006 * like a TPI message sent by some other kernel
929 1007 * component, we check and return an error.
930 1008 */
931 1009 cr = msg_getcred(mp, NULL);
932 1010 ASSERT(cr != NULL);
933 1011 if (cr == NULL) {
934 1012 keysock_err_ack(q, mp, TSYSERR, EINVAL);
935 1013 return;
936 1014 }
937 1015 if (((union T_primitives *)mp->b_rptr)->type ==
938 1016 T_SVR4_OPTMGMT_REQ) {
939 1017 svr4_optcom_req(q, mp, cr, &keysock_opt_obj);
940 1018 } else {
941 1019 tpi_optcom_req(q, mp, cr, &keysock_opt_obj);
942 1020 }
943 1021 break;
944 1022 case T_DATA_REQ:
945 1023 case T_EXDATA_REQ:
946 1024 case T_ORDREL_REQ:
|
↓ open down ↓ |
42 lines elided |
↑ open up ↑ |
947 1025 /* Illegal for keysock. */
948 1026 freemsg(mp);
949 1027 (void) putnextctl1(RD(q), M_ERROR, EPROTO);
950 1028 break;
951 1029 default:
952 1030 /* Not supported by keysock. */
953 1031 keysock_err_ack(q, mp, TNOTSUPPORT, 0);
954 1032 break;
955 1033 }
956 1034 return;
1035 + case M_IOCDATA:
1036 + keysock_spdsock_wput_iocdata(q, mp, PF_KEY);
1037 + return;
957 1038 case M_IOCTL:
958 1039 iocp = (struct iocblk *)mp->b_rptr;
959 1040 error = EINVAL;
960 1041
961 1042 switch (iocp->ioc_cmd) {
1043 + case TI_GETMYNAME:
1044 + case TI_GETPEERNAME:
1045 + /*
1046 + * For pfiles(1) observability with getsockname().
1047 + * See keysock_spdsock_wput_iocdata() for the rest of
1048 + * this.
1049 + */
1050 + mi_copyin(q, mp, NULL,
1051 + SIZEOF_STRUCT(strbuf, iocp->ioc_flag));
1052 + return;
962 1053 case ND_SET:
963 1054 case ND_GET:
964 1055 if (nd_getset(q, keystack->keystack_g_nd, mp)) {
965 1056 qreply(q, mp);
966 1057 return;
967 1058 } else
968 1059 error = ENOENT;
969 1060 /* FALLTHRU */
970 1061 default:
971 1062 miocnak(q, mp, 0, error);
972 1063 return;
973 1064 }
974 1065 case M_FLUSH:
975 1066 if (*mp->b_rptr & FLUSHW) {
976 1067 flushq(q, FLUSHALL);
977 1068 *mp->b_rptr &= ~FLUSHW;
978 1069 }
979 1070 if (*mp->b_rptr & FLUSHR) {
980 1071 qreply(q, mp);
981 1072 return;
982 1073 }
983 1074 /* Else FALLTHRU */
984 1075 }
985 1076
986 1077 /* If fell through, just black-hole the message. */
987 1078 freemsg(mp);
988 1079 }
989 1080
990 1081 /*
991 1082 * Transmit a PF_KEY error message to the instance either pointed to
992 1083 * by ks, the instance with serial number serial, or more, depending.
993 1084 *
994 1085 * The faulty message (or a reasonable facsimile thereof) is in mp.
995 1086 * This function will free mp or recycle it for delivery, thereby causing
996 1087 * the stream head to free it.
997 1088 */
998 1089 static void
999 1090 keysock_error(keysock_t *ks, mblk_t *mp, int error, int diagnostic)
1000 1091 {
1001 1092 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1002 1093 keysock_stack_t *keystack = ks->keysock_keystack;
1003 1094
1004 1095 ASSERT(mp->b_datap->db_type == M_DATA);
1005 1096
1006 1097 if (samsg->sadb_msg_type < SADB_GETSPI ||
1007 1098 samsg->sadb_msg_type > SADB_MAX)
1008 1099 samsg->sadb_msg_type = SADB_RESERVED;
1009 1100
1010 1101 /*
1011 1102 * Strip out extension headers.
1012 1103 */
1013 1104 ASSERT(mp->b_rptr + sizeof (*samsg) <= mp->b_datap->db_lim);
1014 1105 mp->b_wptr = mp->b_rptr + sizeof (*samsg);
1015 1106 samsg->sadb_msg_len = SADB_8TO64(sizeof (sadb_msg_t));
1016 1107 samsg->sadb_msg_errno = (uint8_t)error;
1017 1108 samsg->sadb_x_msg_diagnostic = (uint16_t)diagnostic;
1018 1109
1019 1110 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE, keystack);
1020 1111 }
1021 1112
1022 1113 /*
1023 1114 * Pass down a message to a consumer. Wrap it in KEYSOCK_IN, and copy
1024 1115 * in the extv if passed in.
1025 1116 */
1026 1117 static void
1027 1118 keysock_passdown(keysock_t *ks, mblk_t *mp, uint8_t satype, sadb_ext_t *extv[],
1028 1119 boolean_t flushmsg)
1029 1120 {
1030 1121 keysock_consumer_t *kc;
1031 1122 mblk_t *wrapper;
1032 1123 keysock_in_t *ksi;
1033 1124 int i;
1034 1125 keysock_stack_t *keystack = ks->keysock_keystack;
1035 1126
1036 1127 wrapper = allocb(sizeof (ipsec_info_t), BPRI_HI);
1037 1128 if (wrapper == NULL) {
1038 1129 ks3dbg(keystack, ("keysock_passdown: allocb failed.\n"));
1039 1130 if (extv[SADB_EXT_KEY_ENCRYPT] != NULL)
1040 1131 bzero(extv[SADB_EXT_KEY_ENCRYPT],
1041 1132 SADB_64TO8(
1042 1133 extv[SADB_EXT_KEY_ENCRYPT]->sadb_ext_len));
1043 1134 if (extv[SADB_EXT_KEY_AUTH] != NULL)
1044 1135 bzero(extv[SADB_EXT_KEY_AUTH],
1045 1136 SADB_64TO8(
1046 1137 extv[SADB_EXT_KEY_AUTH]->sadb_ext_len));
1047 1138 if (flushmsg) {
1048 1139 ks0dbg((
1049 1140 "keysock: Downwards flush/dump message failed!\n"));
1050 1141 /* If this is true, I hold the perimeter. */
1051 1142 keystack->keystack_flushdump--;
1052 1143 }
1053 1144 freemsg(mp);
1054 1145 return;
1055 1146 }
1056 1147
1057 1148 wrapper->b_datap->db_type = M_CTL;
1058 1149 ksi = (keysock_in_t *)wrapper->b_rptr;
1059 1150 ksi->ks_in_type = KEYSOCK_IN;
1060 1151 ksi->ks_in_len = sizeof (keysock_in_t);
1061 1152 if (extv[SADB_EXT_ADDRESS_SRC] != NULL)
1062 1153 ksi->ks_in_srctype = KS_IN_ADDR_UNKNOWN;
1063 1154 else ksi->ks_in_srctype = KS_IN_ADDR_NOTTHERE;
1064 1155 if (extv[SADB_EXT_ADDRESS_DST] != NULL)
1065 1156 ksi->ks_in_dsttype = KS_IN_ADDR_UNKNOWN;
1066 1157 else ksi->ks_in_dsttype = KS_IN_ADDR_NOTTHERE;
1067 1158 for (i = 0; i <= SADB_EXT_MAX; i++)
1068 1159 ksi->ks_in_extv[i] = extv[i];
1069 1160 ksi->ks_in_serial = ks->keysock_serial;
1070 1161 wrapper->b_wptr += sizeof (ipsec_info_t);
1071 1162 wrapper->b_cont = mp;
1072 1163
1073 1164 /*
1074 1165 * Find the appropriate consumer where the message is passed down.
1075 1166 */
1076 1167 kc = keystack->keystack_consumers[satype];
1077 1168 if (kc == NULL) {
1078 1169 freeb(wrapper);
1079 1170 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1080 1171 if (flushmsg) {
1081 1172 ks0dbg((
1082 1173 "keysock: Downwards flush/dump message failed!\n"));
1083 1174 /* If this is true, I hold the perimeter. */
1084 1175 keystack->keystack_flushdump--;
1085 1176 }
1086 1177 return;
1087 1178 }
1088 1179
1089 1180 /*
1090 1181 * NOTE: There used to be code in here to spin while a flush or
1091 1182 * dump finished. Keysock now assumes that consumers have enough
1092 1183 * MT-savviness to deal with that.
1093 1184 */
1094 1185
1095 1186 /*
1096 1187 * Current consumers (AH and ESP) are guaranteed to return a
1097 1188 * FLUSH or DUMP message back, so when we reach here, we don't
1098 1189 * have to worry about keysock_flushdumps.
1099 1190 */
1100 1191
1101 1192 putnext(kc->kc_wq, wrapper);
1102 1193 }
1103 1194
1104 1195 /*
1105 1196 * High-level reality checking of extensions.
1106 1197 */
1107 1198 static boolean_t
1108 1199 ext_check(sadb_ext_t *ext, keysock_stack_t *keystack)
1109 1200 {
1110 1201 int i;
1111 1202 uint64_t *lp;
1112 1203 sadb_ident_t *id;
1113 1204 char *idstr;
1114 1205
1115 1206 switch (ext->sadb_ext_type) {
1116 1207 case SADB_EXT_ADDRESS_SRC:
1117 1208 case SADB_EXT_ADDRESS_DST:
1118 1209 case SADB_X_EXT_ADDRESS_INNER_SRC:
1119 1210 case SADB_X_EXT_ADDRESS_INNER_DST:
1120 1211 /* Check for at least enough addtl length for a sockaddr. */
1121 1212 if (ext->sadb_ext_len <= SADB_8TO64(sizeof (sadb_address_t)))
1122 1213 return (B_FALSE);
1123 1214 break;
1124 1215 case SADB_EXT_LIFETIME_HARD:
1125 1216 case SADB_EXT_LIFETIME_SOFT:
1126 1217 case SADB_EXT_LIFETIME_CURRENT:
1127 1218 if (ext->sadb_ext_len != SADB_8TO64(sizeof (sadb_lifetime_t)))
1128 1219 return (B_FALSE);
1129 1220 break;
1130 1221 case SADB_EXT_SPIRANGE:
1131 1222 /* See if the SPI range is legit. */
1132 1223 if (htonl(((sadb_spirange_t *)ext)->sadb_spirange_min) >
1133 1224 htonl(((sadb_spirange_t *)ext)->sadb_spirange_max))
1134 1225 return (B_FALSE);
1135 1226 break;
1136 1227 case SADB_EXT_KEY_AUTH:
1137 1228 case SADB_EXT_KEY_ENCRYPT:
1138 1229 /* Key length check. */
1139 1230 if (((sadb_key_t *)ext)->sadb_key_bits == 0)
1140 1231 return (B_FALSE);
1141 1232 /*
1142 1233 * Check to see if the key length (in bits) is less than the
1143 1234 * extension length (in 8-bits words).
1144 1235 */
1145 1236 if ((roundup(SADB_1TO8(((sadb_key_t *)ext)->sadb_key_bits), 8) +
1146 1237 sizeof (sadb_key_t)) != SADB_64TO8(ext->sadb_ext_len)) {
1147 1238 ks1dbg(keystack, (
1148 1239 "ext_check: Key bits/length inconsistent.\n"));
1149 1240 ks1dbg(keystack, ("%d bits, len is %d bytes.\n",
1150 1241 ((sadb_key_t *)ext)->sadb_key_bits,
1151 1242 SADB_64TO8(ext->sadb_ext_len)));
1152 1243 return (B_FALSE);
1153 1244 }
1154 1245
1155 1246 /* All-zeroes key check. */
1156 1247 lp = (uint64_t *)(((char *)ext) + sizeof (sadb_key_t));
1157 1248 for (i = 0;
1158 1249 i < (ext->sadb_ext_len - SADB_8TO64(sizeof (sadb_key_t)));
1159 1250 i++)
1160 1251 if (lp[i] != 0)
1161 1252 break; /* Out of for loop. */
1162 1253 /* If finished the loop naturally, it's an all zero key. */
1163 1254 if (lp[i] == 0)
1164 1255 return (B_FALSE);
1165 1256 break;
1166 1257 case SADB_EXT_IDENTITY_SRC:
1167 1258 case SADB_EXT_IDENTITY_DST:
1168 1259 /*
1169 1260 * Make sure the strings in these identities are
1170 1261 * null-terminated. RFC 2367 underspecified how to handle
1171 1262 * such a case. I "proactively" null-terminate the string
1172 1263 * at the last byte if it's not terminated sooner.
1173 1264 */
1174 1265 id = (sadb_ident_t *)ext;
1175 1266 i = SADB_64TO8(id->sadb_ident_len);
1176 1267 i -= sizeof (sadb_ident_t);
1177 1268 idstr = (char *)(id + 1);
1178 1269 while (*idstr != '\0' && i > 0) {
1179 1270 i--;
1180 1271 idstr++;
1181 1272 }
1182 1273 if (i == 0) {
1183 1274 /*
1184 1275 * I.e., if the bozo user didn't NULL-terminate the
1185 1276 * string...
1186 1277 */
1187 1278 idstr--;
1188 1279 *idstr = '\0';
1189 1280 }
1190 1281 break;
1191 1282 }
1192 1283 return (B_TRUE); /* For now... */
1193 1284 }
1194 1285
1195 1286 /* Return values for keysock_get_ext(). */
1196 1287 #define KGE_OK 0
1197 1288 #define KGE_DUP 1
1198 1289 #define KGE_UNK 2
1199 1290 #define KGE_LEN 3
1200 1291 #define KGE_CHK 4
1201 1292
1202 1293 /*
1203 1294 * Parse basic extension headers and return in the passed-in pointer vector.
1204 1295 * Return values include:
1205 1296 *
1206 1297 * KGE_OK Everything's nice and parsed out.
1207 1298 * If there are no extensions, place NULL in extv[0].
1208 1299 * KGE_DUP There is a duplicate extension.
1209 1300 * First instance in appropriate bin. First duplicate in
1210 1301 * extv[0].
1211 1302 * KGE_UNK Unknown extension type encountered. extv[0] contains
1212 1303 * unknown header.
1213 1304 * KGE_LEN Extension length error.
1214 1305 * KGE_CHK High-level reality check failed on specific extension.
1215 1306 *
1216 1307 * My apologies for some of the pointer arithmetic in here. I'm thinking
1217 1308 * like an assembly programmer, yet trying to make the compiler happy.
1218 1309 */
1219 1310 static int
1220 1311 keysock_get_ext(sadb_ext_t *extv[], sadb_msg_t *basehdr, uint_t msgsize,
1221 1312 keysock_stack_t *keystack)
1222 1313 {
1223 1314 bzero(extv, sizeof (sadb_ext_t *) * (SADB_EXT_MAX + 1));
1224 1315
1225 1316 /* Use extv[0] as the "current working pointer". */
1226 1317
1227 1318 extv[0] = (sadb_ext_t *)(basehdr + 1);
1228 1319
1229 1320 while (extv[0] < (sadb_ext_t *)(((uint8_t *)basehdr) + msgsize)) {
1230 1321 /* Check for unknown headers. */
1231 1322 if (extv[0]->sadb_ext_type == 0 ||
1232 1323 extv[0]->sadb_ext_type > SADB_EXT_MAX)
1233 1324 return (KGE_UNK);
1234 1325
1235 1326 /*
1236 1327 * Check length. Use uint64_t because extlen is in units
1237 1328 * of 64-bit words. If length goes beyond the msgsize,
1238 1329 * return an error. (Zero length also qualifies here.)
1239 1330 */
1240 1331 if (extv[0]->sadb_ext_len == 0 ||
1241 1332 (void *)((uint64_t *)extv[0] + extv[0]->sadb_ext_len) >
1242 1333 (void *)((uint8_t *)basehdr + msgsize))
1243 1334 return (KGE_LEN);
1244 1335
1245 1336 /* Check for redundant headers. */
1246 1337 if (extv[extv[0]->sadb_ext_type] != NULL)
1247 1338 return (KGE_DUP);
1248 1339
1249 1340 /*
1250 1341 * Reality check the extension if possible at the keysock
1251 1342 * level.
1252 1343 */
1253 1344 if (!ext_check(extv[0], keystack))
1254 1345 return (KGE_CHK);
1255 1346
1256 1347 /* If I make it here, assign the appropriate bin. */
1257 1348 extv[extv[0]->sadb_ext_type] = extv[0];
1258 1349
1259 1350 /* Advance pointer (See above for uint64_t ptr reasoning.) */
1260 1351 extv[0] = (sadb_ext_t *)
1261 1352 ((uint64_t *)extv[0] + extv[0]->sadb_ext_len);
1262 1353 }
1263 1354
1264 1355 /* Everything's cool. */
1265 1356
1266 1357 /*
1267 1358 * If extv[0] == NULL, then there are no extension headers in this
1268 1359 * message. Ensure that this is the case.
1269 1360 */
1270 1361 if (extv[0] == (sadb_ext_t *)(basehdr + 1))
1271 1362 extv[0] = NULL;
1272 1363
1273 1364 return (KGE_OK);
1274 1365 }
1275 1366
1276 1367 /*
1277 1368 * qwriter() callback to handle flushes and dumps. This routine will hold
1278 1369 * the inner perimeter.
1279 1370 */
1280 1371 void
1281 1372 keysock_do_flushdump(queue_t *q, mblk_t *mp)
1282 1373 {
1283 1374 int i, start, finish;
1284 1375 mblk_t *mp1 = NULL;
1285 1376 keysock_t *ks = (keysock_t *)q->q_ptr;
1286 1377 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1287 1378 sadb_msg_t *samsg = (sadb_msg_t *)mp->b_rptr;
1288 1379 keysock_stack_t *keystack = ks->keysock_keystack;
1289 1380
1290 1381 /*
1291 1382 * I am guaranteed this will work. I did the work in keysock_parse()
1292 1383 * already.
1293 1384 */
1294 1385 (void) keysock_get_ext(extv, samsg, SADB_64TO8(samsg->sadb_msg_len),
1295 1386 keystack);
1296 1387
1297 1388 /*
1298 1389 * I hold the perimeter, therefore I don't need to use atomic ops.
1299 1390 */
1300 1391 if (keystack->keystack_flushdump != 0) {
1301 1392 /* XXX Should I instead use EBUSY? */
1302 1393 /* XXX Or is there a way to queue these up? */
1303 1394 keysock_error(ks, mp, ENOMEM, SADB_X_DIAGNOSTIC_NONE);
1304 1395 return;
1305 1396 }
1306 1397
1307 1398 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1308 1399 start = 0;
1309 1400 finish = KEYSOCK_MAX_CONSUMERS - 1;
1310 1401 } else {
1311 1402 start = samsg->sadb_msg_satype;
1312 1403 finish = samsg->sadb_msg_satype;
1313 1404 }
1314 1405
1315 1406 /*
1316 1407 * Fill up keysock_flushdump with the number of outstanding dumps
1317 1408 * and/or flushes.
1318 1409 */
1319 1410
1320 1411 keystack->keystack_flushdump_errno = 0;
1321 1412
1322 1413 /*
1323 1414 * Okay, I hold the perimeter. Eventually keysock_flushdump will
1324 1415 * contain the number of consumers with outstanding flush operations.
1325 1416 *
1326 1417 * SO, here's the plan:
1327 1418 * * For each relevant consumer (Might be one, might be all)
1328 1419 * * Twiddle on the FLUSHING flag.
1329 1420 * * Pass down the FLUSH/DUMP message.
1330 1421 *
1331 1422 * When I see upbound FLUSH/DUMP messages, I will decrement the
1332 1423 * keysock_flushdump. When I decrement it to 0, I will pass the
1333 1424 * FLUSH/DUMP message back up to the PF_KEY sockets. Because I will
1334 1425 * pass down the right SA type to the consumer (either its own, or
1335 1426 * that of UNSPEC), the right one will be reflected from each consumer,
1336 1427 * and accordingly back to the socket.
1337 1428 */
1338 1429
1339 1430 mutex_enter(&keystack->keystack_consumers_lock);
1340 1431 for (i = start; i <= finish; i++) {
1341 1432 if (keystack->keystack_consumers[i] != NULL) {
1342 1433 mp1 = copymsg(mp);
1343 1434 if (mp1 == NULL) {
1344 1435 ks0dbg(("SADB_FLUSH copymsg() failed.\n"));
1345 1436 /*
1346 1437 * Error? And what about outstanding
1347 1438 * flushes? Oh, yeah, they get sucked up and
1348 1439 * the counter is decremented. Consumers
1349 1440 * (see keysock_passdown()) are guaranteed
1350 1441 * to deliver back a flush request, even if
1351 1442 * it's an error.
1352 1443 */
1353 1444 keysock_error(ks, mp, ENOMEM,
1354 1445 SADB_X_DIAGNOSTIC_NONE);
1355 1446 return;
1356 1447 }
1357 1448 /*
1358 1449 * Because my entry conditions are met above, the
1359 1450 * following assertion should hold true.
1360 1451 */
1361 1452 mutex_enter(&keystack->keystack_consumers[i]->kc_lock);
1362 1453 ASSERT((keystack->keystack_consumers[i]->kc_flags &
1363 1454 KC_FLUSHING) == 0);
1364 1455 keystack->keystack_consumers[i]->kc_flags |=
1365 1456 KC_FLUSHING;
1366 1457 mutex_exit(&(keystack->keystack_consumers[i]->kc_lock));
1367 1458 /* Always increment the number of flushes... */
1368 1459 keystack->keystack_flushdump++;
1369 1460 /* Guaranteed to return a message. */
1370 1461 keysock_passdown(ks, mp1, i, extv, B_TRUE);
1371 1462 } else if (start == finish) {
1372 1463 /*
1373 1464 * In case where start == finish, and there's no
1374 1465 * consumer, should we force an error? Yes.
1375 1466 */
1376 1467 mutex_exit(&keystack->keystack_consumers_lock);
1377 1468 keysock_error(ks, mp, EINVAL,
1378 1469 SADB_X_DIAGNOSTIC_UNKNOWN_SATYPE);
1379 1470 return;
1380 1471 }
1381 1472 }
1382 1473 mutex_exit(&keystack->keystack_consumers_lock);
1383 1474
1384 1475 if (keystack->keystack_flushdump == 0) {
1385 1476 /*
1386 1477 * There were no consumers at all for this message.
1387 1478 * XXX For now return ESRCH.
1388 1479 */
1389 1480 keysock_error(ks, mp, ESRCH, SADB_X_DIAGNOSTIC_NO_SADBS);
1390 1481 } else {
1391 1482 /* Otherwise, free the original message. */
1392 1483 freemsg(mp);
1393 1484 }
1394 1485 }
1395 1486
1396 1487 /*
1397 1488 * Get the right diagnostic for a duplicate. Should probably use a static
1398 1489 * table lookup.
1399 1490 */
1400 1491 int
1401 1492 keysock_duplicate(int ext_type)
1402 1493 {
1403 1494 int rc = 0;
1404 1495
1405 1496 switch (ext_type) {
1406 1497 case SADB_EXT_ADDRESS_SRC:
1407 1498 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SRC;
1408 1499 break;
1409 1500 case SADB_EXT_ADDRESS_DST:
1410 1501 rc = SADB_X_DIAGNOSTIC_DUPLICATE_DST;
1411 1502 break;
1412 1503 case SADB_X_EXT_ADDRESS_INNER_SRC:
1413 1504 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_SRC;
1414 1505 break;
1415 1506 case SADB_X_EXT_ADDRESS_INNER_DST:
1416 1507 rc = SADB_X_DIAGNOSTIC_DUPLICATE_INNER_DST;
1417 1508 break;
1418 1509 case SADB_EXT_SA:
1419 1510 rc = SADB_X_DIAGNOSTIC_DUPLICATE_SA;
1420 1511 break;
1421 1512 case SADB_EXT_SPIRANGE:
1422 1513 rc = SADB_X_DIAGNOSTIC_DUPLICATE_RANGE;
1423 1514 break;
1424 1515 case SADB_EXT_KEY_AUTH:
1425 1516 rc = SADB_X_DIAGNOSTIC_DUPLICATE_AKEY;
1426 1517 break;
1427 1518 case SADB_EXT_KEY_ENCRYPT:
1428 1519 rc = SADB_X_DIAGNOSTIC_DUPLICATE_EKEY;
1429 1520 break;
1430 1521 }
1431 1522 return (rc);
1432 1523 }
1433 1524
1434 1525 /*
1435 1526 * Get the right diagnostic for a reality check failure. Should probably use
1436 1527 * a static table lookup.
1437 1528 */
1438 1529 int
1439 1530 keysock_malformed(int ext_type)
1440 1531 {
1441 1532 int rc = 0;
1442 1533
1443 1534 switch (ext_type) {
1444 1535 case SADB_EXT_ADDRESS_SRC:
1445 1536 rc = SADB_X_DIAGNOSTIC_MALFORMED_SRC;
1446 1537 break;
1447 1538 case SADB_EXT_ADDRESS_DST:
1448 1539 rc = SADB_X_DIAGNOSTIC_MALFORMED_DST;
1449 1540 break;
1450 1541 case SADB_X_EXT_ADDRESS_INNER_SRC:
1451 1542 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_SRC;
1452 1543 break;
1453 1544 case SADB_X_EXT_ADDRESS_INNER_DST:
1454 1545 rc = SADB_X_DIAGNOSTIC_MALFORMED_INNER_DST;
1455 1546 break;
1456 1547 case SADB_EXT_SA:
1457 1548 rc = SADB_X_DIAGNOSTIC_MALFORMED_SA;
1458 1549 break;
1459 1550 case SADB_EXT_SPIRANGE:
1460 1551 rc = SADB_X_DIAGNOSTIC_MALFORMED_RANGE;
1461 1552 break;
1462 1553 case SADB_EXT_KEY_AUTH:
1463 1554 rc = SADB_X_DIAGNOSTIC_MALFORMED_AKEY;
1464 1555 break;
1465 1556 case SADB_EXT_KEY_ENCRYPT:
1466 1557 rc = SADB_X_DIAGNOSTIC_MALFORMED_EKEY;
1467 1558 break;
1468 1559 }
1469 1560 return (rc);
1470 1561 }
1471 1562
1472 1563 /*
1473 1564 * Keysock massaging of an inverse ACQUIRE. Consult policy,
1474 1565 * and construct an appropriate response.
1475 1566 */
1476 1567 static void
1477 1568 keysock_inverse_acquire(mblk_t *mp, sadb_msg_t *samsg, sadb_ext_t *extv[],
1478 1569 keysock_t *ks)
1479 1570 {
1480 1571 mblk_t *reply_mp;
1481 1572 keysock_stack_t *keystack = ks->keysock_keystack;
1482 1573
1483 1574 /*
1484 1575 * Reality check things...
1485 1576 */
1486 1577 if (extv[SADB_EXT_ADDRESS_SRC] == NULL) {
1487 1578 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_SRC);
1488 1579 return;
1489 1580 }
1490 1581 if (extv[SADB_EXT_ADDRESS_DST] == NULL) {
1491 1582 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_MISSING_DST);
1492 1583 return;
1493 1584 }
1494 1585
1495 1586 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] != NULL &&
1496 1587 extv[SADB_X_EXT_ADDRESS_INNER_DST] == NULL) {
1497 1588 keysock_error(ks, mp, EINVAL,
1498 1589 SADB_X_DIAGNOSTIC_MISSING_INNER_DST);
1499 1590 return;
1500 1591 }
1501 1592
1502 1593 if (extv[SADB_X_EXT_ADDRESS_INNER_SRC] == NULL &&
1503 1594 extv[SADB_X_EXT_ADDRESS_INNER_DST] != NULL) {
1504 1595 keysock_error(ks, mp, EINVAL,
1505 1596 SADB_X_DIAGNOSTIC_MISSING_INNER_SRC);
1506 1597 return;
1507 1598 }
1508 1599
1509 1600 reply_mp = ipsec_construct_inverse_acquire(samsg, extv,
1510 1601 keystack->keystack_netstack);
1511 1602
1512 1603 if (reply_mp != NULL) {
1513 1604 freemsg(mp);
1514 1605 keysock_passup(reply_mp, (sadb_msg_t *)reply_mp->b_rptr,
1515 1606 ks->keysock_serial, NULL, B_FALSE, keystack);
1516 1607 } else {
1517 1608 keysock_error(ks, mp, samsg->sadb_msg_errno,
1518 1609 samsg->sadb_x_msg_diagnostic);
1519 1610 }
1520 1611 }
1521 1612
1522 1613 /*
1523 1614 * Spew an extended REGISTER down to the relevant consumers.
1524 1615 */
1525 1616 static void
1526 1617 keysock_extended_register(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1527 1618 {
1528 1619 sadb_x_ereg_t *ereg = (sadb_x_ereg_t *)extv[SADB_X_EXT_EREG];
1529 1620 uint8_t *satypes, *fencepost;
1530 1621 mblk_t *downmp;
1531 1622 sadb_ext_t *downextv[SADB_EXT_MAX + 1];
1532 1623 keysock_stack_t *keystack = ks->keysock_keystack;
1533 1624
1534 1625 if (ks->keysock_registered[0] != 0 || ks->keysock_registered[1] != 0 ||
1535 1626 ks->keysock_registered[2] != 0 || ks->keysock_registered[3] != 0) {
1536 1627 keysock_error(ks, mp, EBUSY, 0);
1537 1628 }
1538 1629
1539 1630 ks->keysock_flags |= KEYSOCK_EXTENDED;
1540 1631 if (ereg == NULL) {
1541 1632 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1542 1633 } else {
1543 1634 ASSERT(mp->b_rptr + msgdsize(mp) == mp->b_wptr);
1544 1635 fencepost = (uint8_t *)mp->b_wptr;
1545 1636 satypes = ereg->sadb_x_ereg_satypes;
1546 1637 while (*satypes != SADB_SATYPE_UNSPEC && satypes != fencepost) {
1547 1638 downmp = copymsg(mp);
1548 1639 if (downmp == NULL) {
1549 1640 keysock_error(ks, mp, ENOMEM, 0);
1550 1641 return;
1551 1642 }
1552 1643 /*
1553 1644 * Since we've made it here, keysock_get_ext will work!
1554 1645 */
1555 1646 (void) keysock_get_ext(downextv,
1556 1647 (sadb_msg_t *)downmp->b_rptr, msgdsize(downmp),
1557 1648 keystack);
1558 1649 keysock_passdown(ks, downmp, *satypes, downextv,
1559 1650 B_FALSE);
1560 1651 ++satypes;
1561 1652 }
1562 1653 freemsg(mp);
1563 1654 }
1564 1655
1565 1656 /*
1566 1657 * Set global to indicate we prefer an extended ACQUIRE.
1567 1658 */
1568 1659 atomic_inc_32(&keystack->keystack_num_extended);
1569 1660 }
1570 1661
1571 1662 static void
1572 1663 keysock_delpair_all(keysock_t *ks, mblk_t *mp, sadb_ext_t *extv[])
1573 1664 {
1574 1665 int i, start, finish;
1575 1666 mblk_t *mp1 = NULL;
1576 1667 keysock_stack_t *keystack = ks->keysock_keystack;
1577 1668
1578 1669 start = 0;
1579 1670 finish = KEYSOCK_MAX_CONSUMERS - 1;
1580 1671
1581 1672 for (i = start; i <= finish; i++) {
1582 1673 if (keystack->keystack_consumers[i] != NULL) {
1583 1674 mp1 = copymsg(mp);
1584 1675 if (mp1 == NULL) {
1585 1676 keysock_error(ks, mp, ENOMEM,
1586 1677 SADB_X_DIAGNOSTIC_NONE);
1587 1678 return;
1588 1679 }
1589 1680 keysock_passdown(ks, mp1, i, extv, B_FALSE);
1590 1681 }
1591 1682 }
1592 1683 }
1593 1684
1594 1685 /*
1595 1686 * Handle PF_KEY messages.
1596 1687 */
1597 1688 static void
1598 1689 keysock_parse(queue_t *q, mblk_t *mp)
1599 1690 {
1600 1691 sadb_msg_t *samsg;
1601 1692 sadb_ext_t *extv[SADB_EXT_MAX + 1];
1602 1693 keysock_t *ks = (keysock_t *)q->q_ptr;
1603 1694 uint_t msgsize;
1604 1695 uint8_t satype;
1605 1696 keysock_stack_t *keystack = ks->keysock_keystack;
1606 1697
1607 1698 /* Make sure I'm a PF_KEY socket. (i.e. nothing's below me) */
1608 1699 ASSERT(WR(q)->q_next == NULL);
1609 1700
1610 1701 samsg = (sadb_msg_t *)mp->b_rptr;
1611 1702 ks2dbg(keystack, ("Received possible PF_KEY message, type %d.\n",
1612 1703 samsg->sadb_msg_type));
1613 1704
1614 1705 msgsize = SADB_64TO8(samsg->sadb_msg_len);
1615 1706
1616 1707 if (msgdsize(mp) != msgsize) {
1617 1708 /*
1618 1709 * Message len incorrect w.r.t. actual size. Send an error
1619 1710 * (EMSGSIZE). It may be necessary to massage things a
1620 1711 * bit. For example, if the sadb_msg_type is hosed,
1621 1712 * I need to set it to SADB_RESERVED to get delivery to
1622 1713 * do the right thing. Then again, maybe just letting
1623 1714 * the error delivery do the right thing.
1624 1715 */
1625 1716 ks2dbg(keystack,
1626 1717 ("mblk (%lu) and base (%d) message sizes don't jibe.\n",
1627 1718 msgdsize(mp), msgsize));
1628 1719 keysock_error(ks, mp, EMSGSIZE, SADB_X_DIAGNOSTIC_NONE);
1629 1720 return;
1630 1721 }
1631 1722
1632 1723 if (msgsize > (uint_t)(mp->b_wptr - mp->b_rptr)) {
1633 1724 /* Get all message into one mblk. */
1634 1725 if (pullupmsg(mp, -1) == 0) {
1635 1726 /*
1636 1727 * Something screwy happened.
1637 1728 */
1638 1729 ks3dbg(keystack,
1639 1730 ("keysock_parse: pullupmsg() failed.\n"));
1640 1731 return;
1641 1732 } else {
1642 1733 samsg = (sadb_msg_t *)mp->b_rptr;
1643 1734 }
1644 1735 }
1645 1736
1646 1737 switch (keysock_get_ext(extv, samsg, msgsize, keystack)) {
1647 1738 case KGE_DUP:
1648 1739 /* Handle duplicate extension. */
1649 1740 ks1dbg(keystack, ("Got duplicate extension of type %d.\n",
1650 1741 extv[0]->sadb_ext_type));
1651 1742 keysock_error(ks, mp, EINVAL,
1652 1743 keysock_duplicate(extv[0]->sadb_ext_type));
1653 1744 return;
1654 1745 case KGE_UNK:
1655 1746 /* Handle unknown extension. */
1656 1747 ks1dbg(keystack, ("Got unknown extension of type %d.\n",
1657 1748 extv[0]->sadb_ext_type));
1658 1749 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_EXT);
1659 1750 return;
1660 1751 case KGE_LEN:
1661 1752 /* Length error. */
1662 1753 ks1dbg(keystack,
1663 1754 ("Length %d on extension type %d overrun or 0.\n",
1664 1755 extv[0]->sadb_ext_len, extv[0]->sadb_ext_type));
1665 1756 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_BAD_EXTLEN);
1666 1757 return;
1667 1758 case KGE_CHK:
1668 1759 /* Reality check failed. */
1669 1760 ks1dbg(keystack,
1670 1761 ("Reality check failed on extension type %d.\n",
1671 1762 extv[0]->sadb_ext_type));
1672 1763 keysock_error(ks, mp, EINVAL,
1673 1764 keysock_malformed(extv[0]->sadb_ext_type));
1674 1765 return;
1675 1766 default:
1676 1767 /* Default case is no errors. */
1677 1768 break;
1678 1769 }
1679 1770
1680 1771 switch (samsg->sadb_msg_type) {
1681 1772 case SADB_REGISTER:
1682 1773 /*
1683 1774 * There's a semantic weirdness in that a message OTHER than
1684 1775 * the return REGISTER message may be passed up if I set the
1685 1776 * registered bit BEFORE I pass it down.
1686 1777 *
1687 1778 * SOOOO, I'll not twiddle any registered bits until I see
1688 1779 * the upbound REGISTER (with a serial number in it).
1689 1780 */
1690 1781 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1691 1782 /* Handle extended register here. */
1692 1783 keysock_extended_register(ks, mp, extv);
1693 1784 return;
1694 1785 } else if (ks->keysock_flags & KEYSOCK_EXTENDED) {
1695 1786 keysock_error(ks, mp, EBUSY, 0);
1696 1787 return;
1697 1788 }
1698 1789 /* FALLTHRU */
1699 1790 case SADB_GETSPI:
1700 1791 case SADB_ADD:
1701 1792 case SADB_UPDATE:
1702 1793 case SADB_X_UPDATEPAIR:
1703 1794 case SADB_DELETE:
1704 1795 case SADB_X_DELPAIR:
1705 1796 case SADB_GET:
1706 1797 /*
1707 1798 * Pass down to appropriate consumer.
1708 1799 */
1709 1800 if (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1710 1801 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1711 1802 B_FALSE);
1712 1803 else keysock_error(ks, mp, EINVAL,
1713 1804 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1714 1805 return;
1715 1806 case SADB_X_DELPAIR_STATE:
1716 1807 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1717 1808 keysock_delpair_all(ks, mp, extv);
1718 1809 } else {
1719 1810 keysock_passdown(ks, mp, samsg->sadb_msg_satype, extv,
1720 1811 B_FALSE);
1721 1812 }
1722 1813 return;
1723 1814 case SADB_ACQUIRE:
1724 1815 /*
1725 1816 * If I _receive_ an acquire, this means I should spread it
1726 1817 * out to registered sockets. Unless there's an errno...
1727 1818 *
1728 1819 * Need ADDRESS, may have ID, SENS, and PROP, unless errno,
1729 1820 * in which case there should be NO extensions.
1730 1821 *
1731 1822 * Return to registered.
1732 1823 */
1733 1824 if (samsg->sadb_msg_errno != 0) {
1734 1825 satype = samsg->sadb_msg_satype;
1735 1826 if (satype == SADB_SATYPE_UNSPEC) {
1736 1827 if (!(ks->keysock_flags & KEYSOCK_EXTENDED)) {
1737 1828 keysock_error(ks, mp, EINVAL,
1738 1829 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1739 1830 return;
1740 1831 }
1741 1832 /*
1742 1833 * Reassign satype based on the first
1743 1834 * flags that KEYSOCK_SETREG says.
1744 1835 */
1745 1836 while (satype <= SADB_SATYPE_MAX) {
1746 1837 if (KEYSOCK_ISREG(ks, satype))
1747 1838 break;
1748 1839 satype++;
1749 1840 }
1750 1841 if (satype > SADB_SATYPE_MAX) {
1751 1842 keysock_error(ks, mp, EBUSY, 0);
1752 1843 return;
1753 1844 }
1754 1845 }
1755 1846 keysock_passdown(ks, mp, satype, extv, B_FALSE);
1756 1847 } else {
1757 1848 if (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC) {
1758 1849 keysock_error(ks, mp, EINVAL,
1759 1850 SADB_X_DIAGNOSTIC_SATYPE_NEEDED);
1760 1851 } else {
1761 1852 keysock_passup(mp, samsg, 0, NULL, B_FALSE,
1762 1853 keystack);
1763 1854 }
1764 1855 }
1765 1856 return;
1766 1857 case SADB_EXPIRE:
1767 1858 /*
1768 1859 * If someone sends this in, then send out to all senders.
1769 1860 * (Save maybe ESP or AH, I have to be careful here.)
1770 1861 *
1771 1862 * Need ADDRESS, may have ID and SENS.
1772 1863 *
1773 1864 * XXX for now this is unsupported.
1774 1865 */
1775 1866 break;
1776 1867 case SADB_FLUSH:
1777 1868 /*
1778 1869 * Nuke all SAs.
1779 1870 *
1780 1871 * No extensions at all. Return to all listeners.
1781 1872 *
1782 1873 * Question: Should I hold a lock here to prevent
1783 1874 * additions/deletions while flushing?
1784 1875 * Answer: No. (See keysock_passdown() for details.)
1785 1876 */
1786 1877 if (extv[0] != NULL) {
1787 1878 /*
1788 1879 * FLUSH messages shouldn't have extensions.
1789 1880 * Return EINVAL.
1790 1881 */
1791 1882 ks2dbg(keystack, ("FLUSH message with extension.\n"));
1792 1883 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_NO_EXT);
1793 1884 return;
1794 1885 }
1795 1886
1796 1887 /* Passing down of DUMP/FLUSH messages are special. */
1797 1888 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1798 1889 return;
1799 1890 case SADB_DUMP: /* not used by normal applications */
1800 1891 if ((extv[0] != NULL) &&
1801 1892 ((msgsize >
1802 1893 (sizeof (sadb_msg_t) + sizeof (sadb_x_edump_t))) ||
1803 1894 (extv[SADB_X_EXT_EDUMP] == NULL))) {
1804 1895 keysock_error(ks, mp, EINVAL,
1805 1896 SADB_X_DIAGNOSTIC_NO_EXT);
1806 1897 return;
1807 1898 }
1808 1899 qwriter(q, mp, keysock_do_flushdump, PERIM_INNER);
1809 1900 return;
1810 1901 case SADB_X_PROMISC:
1811 1902 /*
1812 1903 * Promiscuous processing message.
1813 1904 */
1814 1905 if (samsg->sadb_msg_satype == 0)
1815 1906 ks->keysock_flags &= ~KEYSOCK_PROMISC;
1816 1907 else
1817 1908 ks->keysock_flags |= KEYSOCK_PROMISC;
1818 1909 keysock_passup(mp, samsg, ks->keysock_serial, NULL, B_FALSE,
1819 1910 keystack);
1820 1911 return;
1821 1912 case SADB_X_INVERSE_ACQUIRE:
1822 1913 keysock_inverse_acquire(mp, samsg, extv, ks);
1823 1914 return;
1824 1915 default:
1825 1916 ks2dbg(keystack, ("Got unknown message type %d.\n",
1826 1917 samsg->sadb_msg_type));
1827 1918 keysock_error(ks, mp, EINVAL, SADB_X_DIAGNOSTIC_UNKNOWN_MSG);
1828 1919 return;
1829 1920 }
1830 1921
1831 1922 /* As a placeholder... */
1832 1923 ks0dbg(("keysock_parse(): Hit EOPNOTSUPP\n"));
1833 1924 keysock_error(ks, mp, EOPNOTSUPP, SADB_X_DIAGNOSTIC_NONE);
1834 1925 }
1835 1926
1836 1927 /*
1837 1928 * wput routing for PF_KEY/keysock/whatever. Unlike the routing socket,
1838 1929 * I don't convert to ioctl()'s for IP. I am the end-all driver as far
1839 1930 * as PF_KEY sockets are concerned. I do some conversion, but not as much
1840 1931 * as IP/rts does.
1841 1932 */
1842 1933 static void
1843 1934 keysock_wput(queue_t *q, mblk_t *mp)
1844 1935 {
1845 1936 uchar_t *rptr = mp->b_rptr;
1846 1937 mblk_t *mp1;
1847 1938 keysock_t *ks;
1848 1939 keysock_stack_t *keystack;
1849 1940
1850 1941 if (WR(q)->q_next) {
1851 1942 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
1852 1943 keystack = kc->kc_keystack;
1853 1944
1854 1945 ks3dbg(keystack, ("In keysock_wput\n"));
1855 1946
1856 1947 /*
1857 1948 * We shouldn't get writes on a consumer instance.
1858 1949 * But for now, just passthru.
1859 1950 */
1860 1951 ks1dbg(keystack, ("Huh? wput for an consumer instance (%d)?\n",
1861 1952 kc->kc_sa_type));
1862 1953 putnext(q, mp);
1863 1954 return;
1864 1955 }
1865 1956 ks = (keysock_t *)q->q_ptr;
1866 1957 keystack = ks->keysock_keystack;
1867 1958
1868 1959 ks3dbg(keystack, ("In keysock_wput\n"));
1869 1960
1870 1961 switch (mp->b_datap->db_type) {
1871 1962 case M_DATA:
1872 1963 /*
1873 1964 * Silently discard.
1874 1965 */
1875 1966 ks2dbg(keystack, ("raw M_DATA in keysock.\n"));
1876 1967 freemsg(mp);
1877 1968 return;
1878 1969 case M_PROTO:
1879 1970 case M_PCPROTO:
1880 1971 if ((mp->b_wptr - rptr) >= sizeof (struct T_data_req)) {
1881 1972 if (((union T_primitives *)rptr)->type == T_DATA_REQ) {
1882 1973 if ((mp1 = mp->b_cont) == NULL) {
1883 1974 /* No data after T_DATA_REQ. */
1884 1975 ks2dbg(keystack,
1885 1976 ("No data after DATA_REQ.\n"));
1886 1977 freemsg(mp);
1887 1978 return;
1888 1979 }
1889 1980 freeb(mp);
1890 1981 mp = mp1;
1891 1982 ks2dbg(keystack, ("T_DATA_REQ\n"));
1892 1983 break; /* Out of switch. */
1893 1984 }
1894 1985 }
1895 1986 /* FALLTHRU */
1896 1987 default:
1897 1988 ks3dbg(keystack, ("In default wput case (%d %d).\n",
1898 1989 mp->b_datap->db_type, ((union T_primitives *)rptr)->type));
1899 1990 keysock_wput_other(q, mp);
1900 1991 return;
1901 1992 }
1902 1993
1903 1994 /* I now have a PF_KEY message in an M_DATA block, pointed to by mp. */
1904 1995 keysock_parse(q, mp);
1905 1996 }
1906 1997
1907 1998 /* BELOW THIS LINE ARE ROUTINES INCLUDING AND RELATED TO keysock_rput(). */
1908 1999
1909 2000 /*
1910 2001 * Called upon receipt of a KEYSOCK_HELLO_ACK to set up the appropriate
1911 2002 * state vectors.
1912 2003 */
1913 2004 static void
1914 2005 keysock_link_consumer(uint8_t satype, keysock_consumer_t *kc)
1915 2006 {
1916 2007 keysock_t *ks;
1917 2008 keysock_stack_t *keystack = kc->kc_keystack;
1918 2009
1919 2010 mutex_enter(&keystack->keystack_consumers_lock);
1920 2011 mutex_enter(&kc->kc_lock);
1921 2012 if (keystack->keystack_consumers[satype] != NULL) {
1922 2013 ks0dbg((
1923 2014 "Hmmmm, someone closed %d before the HELLO_ACK happened.\n",
1924 2015 satype));
1925 2016 /*
1926 2017 * Perhaps updating the new below-me consumer with what I have
1927 2018 * so far would work too?
1928 2019 */
1929 2020 mutex_exit(&kc->kc_lock);
1930 2021 mutex_exit(&keystack->keystack_consumers_lock);
1931 2022 } else {
1932 2023 /* Add new below-me consumer. */
1933 2024 keystack->keystack_consumers[satype] = kc;
1934 2025
1935 2026 kc->kc_flags = 0;
1936 2027 kc->kc_sa_type = satype;
1937 2028 mutex_exit(&kc->kc_lock);
1938 2029 mutex_exit(&keystack->keystack_consumers_lock);
1939 2030
1940 2031 /* Scan the keysock list. */
1941 2032 mutex_enter(&keystack->keystack_list_lock);
1942 2033 for (ks = keystack->keystack_list; ks != NULL;
1943 2034 ks = ks->keysock_next) {
1944 2035 if (KEYSOCK_ISREG(ks, satype)) {
1945 2036 /*
1946 2037 * XXX Perhaps send an SADB_REGISTER down on
1947 2038 * the socket's behalf.
1948 2039 */
1949 2040 ks1dbg(keystack,
1950 2041 ("Socket %u registered already for "
1951 2042 "new consumer.\n", ks->keysock_serial));
1952 2043 }
1953 2044 }
1954 2045 mutex_exit(&keystack->keystack_list_lock);
1955 2046 }
1956 2047 }
1957 2048
1958 2049 /*
1959 2050 * Generate a KEYSOCK_OUT_ERR message for my consumer.
1960 2051 */
1961 2052 static void
1962 2053 keysock_out_err(keysock_consumer_t *kc, int ks_errno, mblk_t *mp)
1963 2054 {
1964 2055 keysock_out_err_t *kse;
1965 2056 mblk_t *imp;
1966 2057 keysock_stack_t *keystack = kc->kc_keystack;
1967 2058
1968 2059 imp = allocb(sizeof (ipsec_info_t), BPRI_HI);
1969 2060 if (imp == NULL) {
1970 2061 ks1dbg(keystack, ("keysock_out_err: Can't alloc message.\n"));
1971 2062 return;
1972 2063 }
1973 2064
1974 2065 imp->b_datap->db_type = M_CTL;
1975 2066 imp->b_wptr += sizeof (ipsec_info_t);
1976 2067
1977 2068 kse = (keysock_out_err_t *)imp->b_rptr;
1978 2069 imp->b_cont = mp;
1979 2070 kse->ks_err_type = KEYSOCK_OUT_ERR;
1980 2071 kse->ks_err_len = sizeof (*kse);
1981 2072 /* Is serial necessary? */
1982 2073 kse->ks_err_serial = 0;
1983 2074 kse->ks_err_errno = ks_errno;
1984 2075
1985 2076 /*
1986 2077 * XXX What else do I need to do here w.r.t. information
1987 2078 * to tell the consumer what caused this error?
1988 2079 *
1989 2080 * I believe the answer is the PF_KEY ACQUIRE (or other) message
1990 2081 * attached in mp, which is appended at the end. I believe the
1991 2082 * db_ref won't matter here, because the PF_KEY message is only read
1992 2083 * for KEYSOCK_OUT_ERR.
1993 2084 */
1994 2085
1995 2086 putnext(kc->kc_wq, imp);
1996 2087 }
1997 2088
1998 2089 /* XXX this is a hack errno. */
1999 2090 #define EIPSECNOSA 255
2000 2091
2001 2092 /*
2002 2093 * Route message (pointed by mp, header in samsg) toward appropriate
2003 2094 * sockets. Assume the message's creator did its job correctly.
2004 2095 *
2005 2096 * This should be a function that is followed by a return in its caller.
2006 2097 * The compiler _should_ be able to use tail-call optimizations to make the
2007 2098 * large ## of parameters not a huge deal.
2008 2099 */
2009 2100 static void
2010 2101 keysock_passup(mblk_t *mp, sadb_msg_t *samsg, minor_t serial,
2011 2102 keysock_consumer_t *kc, boolean_t persistent, keysock_stack_t *keystack)
2012 2103 {
2013 2104 keysock_t *ks;
2014 2105 uint8_t satype = samsg->sadb_msg_satype;
2015 2106 boolean_t toall = B_FALSE, allreg = B_FALSE, allereg = B_FALSE,
2016 2107 setalg = B_FALSE;
2017 2108 mblk_t *mp1;
2018 2109 int err = EIPSECNOSA;
2019 2110
2020 2111 /* Convert mp, which is M_DATA, into an M_PROTO of type T_DATA_IND */
2021 2112 mp1 = allocb(sizeof (struct T_data_req), BPRI_HI);
2022 2113 if (mp1 == NULL) {
2023 2114 err = ENOMEM;
2024 2115 goto error;
2025 2116 }
2026 2117 mp1->b_wptr += sizeof (struct T_data_req);
2027 2118 ((struct T_data_ind *)mp1->b_rptr)->PRIM_type = T_DATA_IND;
2028 2119 ((struct T_data_ind *)mp1->b_rptr)->MORE_flag = 0;
2029 2120 mp1->b_datap->db_type = M_PROTO;
2030 2121 mp1->b_cont = mp;
2031 2122 mp = mp1;
2032 2123
2033 2124 switch (samsg->sadb_msg_type) {
2034 2125 case SADB_FLUSH:
2035 2126 case SADB_GETSPI:
2036 2127 case SADB_UPDATE:
2037 2128 case SADB_X_UPDATEPAIR:
2038 2129 case SADB_ADD:
2039 2130 case SADB_DELETE:
2040 2131 case SADB_X_DELPAIR:
2041 2132 case SADB_EXPIRE:
2042 2133 /*
2043 2134 * These are most likely replies. Don't worry about
2044 2135 * KEYSOCK_OUT_ERR handling. Deliver to all sockets.
2045 2136 */
2046 2137 ks3dbg(keystack,
2047 2138 ("Delivering normal message (%d) to all sockets.\n",
2048 2139 samsg->sadb_msg_type));
2049 2140 toall = B_TRUE;
2050 2141 break;
2051 2142 case SADB_REGISTER:
2052 2143 /*
2053 2144 * REGISTERs come up for one of three reasons:
2054 2145 *
2055 2146 * 1.) In response to a normal SADB_REGISTER
2056 2147 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2057 2148 * serial != 0)
2058 2149 * Deliver to normal SADB_REGISTERed sockets.
2059 2150 * 2.) In response to an extended REGISTER
2060 2151 * (samsg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
2061 2152 * Deliver to extended REGISTERed socket.
2062 2153 * 3.) Spontaneous algorithm changes
2063 2154 * (samsg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
2064 2155 * serial == 0)
2065 2156 * Deliver to REGISTERed sockets of all sorts.
2066 2157 */
2067 2158 if (kc == NULL) {
2068 2159 /* Here because of keysock_error() call. */
2069 2160 ASSERT(samsg->sadb_msg_errno != 0);
2070 2161 break; /* Out of switch. */
2071 2162 }
2072 2163 ks3dbg(keystack, ("Delivering REGISTER.\n"));
2073 2164 if (satype == SADB_SATYPE_UNSPEC) {
2074 2165 /* REGISTER Reason #2 */
2075 2166 allereg = B_TRUE;
2076 2167 /*
2077 2168 * Rewhack SA type so PF_KEY socket holder knows what
2078 2169 * consumer generated this algorithm list.
2079 2170 */
2080 2171 satype = kc->kc_sa_type;
2081 2172 samsg->sadb_msg_satype = satype;
2082 2173 setalg = B_TRUE;
2083 2174 } else if (serial == 0) {
2084 2175 /* REGISTER Reason #3 */
2085 2176 allreg = B_TRUE;
2086 2177 allereg = B_TRUE;
2087 2178 } else {
2088 2179 /* REGISTER Reason #1 */
2089 2180 allreg = B_TRUE;
2090 2181 setalg = B_TRUE;
2091 2182 }
2092 2183 break;
2093 2184 case SADB_ACQUIRE:
2094 2185 /*
2095 2186 * ACQUIREs are either extended (sadb_msg_satype == 0) or
2096 2187 * regular (sadb_msg_satype != 0). And we're guaranteed
2097 2188 * that serial == 0 for an ACQUIRE.
2098 2189 */
2099 2190 ks3dbg(keystack, ("Delivering ACQUIRE.\n"));
2100 2191 allereg = (satype == SADB_SATYPE_UNSPEC);
2101 2192 allreg = !allereg;
2102 2193 /*
2103 2194 * Corner case - if we send a regular ACQUIRE and there's
2104 2195 * extended ones registered, don't send an error down to
2105 2196 * consumers if nobody's listening and prematurely destroy
2106 2197 * their ACQUIRE record. This might be too hackish of a
2107 2198 * solution.
2108 2199 */
2109 2200 if (allreg && keystack->keystack_num_extended > 0)
2110 2201 err = 0;
2111 2202 break;
2112 2203 case SADB_X_PROMISC:
2113 2204 case SADB_X_INVERSE_ACQUIRE:
2114 2205 case SADB_DUMP:
2115 2206 case SADB_GET:
2116 2207 default:
2117 2208 /*
2118 2209 * Deliver to the sender and promiscuous only.
2119 2210 */
2120 2211 ks3dbg(keystack, ("Delivering sender/promisc only (%d).\n",
2121 2212 samsg->sadb_msg_type));
2122 2213 break;
2123 2214 }
2124 2215
2125 2216 mutex_enter(&keystack->keystack_list_lock);
2126 2217 for (ks = keystack->keystack_list; ks != NULL; ks = ks->keysock_next) {
2127 2218 /* Delivery loop. */
2128 2219
2129 2220 /*
2130 2221 * Check special keysock-setting cases (REGISTER replies)
2131 2222 * here.
2132 2223 */
2133 2224 if (setalg && serial == ks->keysock_serial) {
2134 2225 ASSERT(kc != NULL);
2135 2226 ASSERT(kc->kc_sa_type == satype);
2136 2227 KEYSOCK_SETREG(ks, satype);
2137 2228 }
2138 2229
2139 2230 /*
2140 2231 * NOLOOP takes precedence over PROMISC. So if you've set
2141 2232 * !SO_USELOOPBACK, don't expect to see any data...
2142 2233 */
2143 2234 if (ks->keysock_flags & KEYSOCK_NOLOOP)
2144 2235 continue;
2145 2236
2146 2237 /*
2147 2238 * Messages to all, or promiscuous sockets just GET the
2148 2239 * message. Perform rules-type checking iff it's not for all
2149 2240 * listeners or the socket is in promiscuous mode.
2150 2241 *
2151 2242 * NOTE:Because of the (kc != NULL && ISREG()), make sure
2152 2243 * extended ACQUIREs arrive off a consumer that is
2153 2244 * part of the extended REGISTER set of consumers.
2154 2245 */
2155 2246 if (serial != ks->keysock_serial &&
2156 2247 !toall &&
2157 2248 !(ks->keysock_flags & KEYSOCK_PROMISC) &&
2158 2249 !((ks->keysock_flags & KEYSOCK_EXTENDED) ?
2159 2250 allereg : allreg && kc != NULL &&
2160 2251 KEYSOCK_ISREG(ks, kc->kc_sa_type)))
2161 2252 continue;
2162 2253
2163 2254 mp1 = dupmsg(mp);
2164 2255 if (mp1 == NULL) {
2165 2256 ks2dbg(keystack, (
2166 2257 "keysock_passup(): dupmsg() failed.\n"));
2167 2258 mp1 = mp;
2168 2259 mp = NULL;
2169 2260 err = ENOMEM;
2170 2261 }
2171 2262
2172 2263 /*
2173 2264 * At this point, we can deliver or attempt to deliver
2174 2265 * this message. We're free of obligation to report
2175 2266 * no listening PF_KEY sockets. So set err to 0.
2176 2267 */
2177 2268 err = 0;
2178 2269
2179 2270 /*
2180 2271 * See if we canputnext(), as well as see if the message
2181 2272 * needs to be queued if we can't.
2182 2273 */
2183 2274 if (!canputnext(ks->keysock_rq)) {
2184 2275 if (persistent) {
2185 2276 if (putq(ks->keysock_rq, mp1) == 0) {
2186 2277 ks1dbg(keystack, (
2187 2278 "keysock_passup: putq failed.\n"));
2188 2279 } else {
2189 2280 continue;
2190 2281 }
2191 2282 }
2192 2283 freemsg(mp1);
2193 2284 continue;
2194 2285 }
2195 2286
2196 2287 ks3dbg(keystack,
2197 2288 ("Putting to serial %d.\n", ks->keysock_serial));
2198 2289 /*
2199 2290 * Unlike the specific keysock instance case, this
2200 2291 * will only hit for listeners, so we will only
2201 2292 * putnext() if we can.
2202 2293 */
2203 2294 putnext(ks->keysock_rq, mp1);
2204 2295 if (mp == NULL)
2205 2296 break; /* out of for loop. */
2206 2297 }
2207 2298 mutex_exit(&keystack->keystack_list_lock);
2208 2299
2209 2300 error:
2210 2301 if ((err != 0) && (kc != NULL)) {
2211 2302 /*
2212 2303 * Generate KEYSOCK_OUT_ERR for consumer.
2213 2304 * Basically, I send this back if I have not been able to
2214 2305 * transmit (for whatever reason)
2215 2306 */
2216 2307 ks1dbg(keystack,
2217 2308 ("keysock_passup(): No registered of type %d.\n",
2218 2309 satype));
2219 2310 if (mp != NULL) {
2220 2311 if (mp->b_datap->db_type == M_PROTO) {
2221 2312 mp1 = mp;
2222 2313 mp = mp->b_cont;
2223 2314 freeb(mp1);
2224 2315 }
2225 2316 /*
2226 2317 * Do a copymsg() because people who get
2227 2318 * KEYSOCK_OUT_ERR may alter the message contents.
2228 2319 */
2229 2320 mp1 = copymsg(mp);
2230 2321 if (mp1 == NULL) {
2231 2322 ks2dbg(keystack,
2232 2323 ("keysock_passup: copymsg() failed.\n"));
2233 2324 mp1 = mp;
2234 2325 mp = NULL;
2235 2326 }
2236 2327 keysock_out_err(kc, err, mp1);
2237 2328 }
2238 2329 }
2239 2330
2240 2331 /*
2241 2332 * XXX Blank the message somehow. This is difficult because we don't
2242 2333 * know at this point if the message has db_ref > 1, etc.
2243 2334 *
2244 2335 * Optimally, keysock messages containing actual keying material would
2245 2336 * be allocated with esballoc(), with a zeroing free function.
2246 2337 */
2247 2338 if (mp != NULL)
2248 2339 freemsg(mp);
2249 2340 }
2250 2341
2251 2342 /*
2252 2343 * Keysock's read service procedure is there only for PF_KEY reply
2253 2344 * messages that really need to reach the top.
2254 2345 */
2255 2346 static void
2256 2347 keysock_rsrv(queue_t *q)
2257 2348 {
2258 2349 mblk_t *mp;
2259 2350
2260 2351 while ((mp = getq(q)) != NULL) {
2261 2352 if (canputnext(q)) {
2262 2353 putnext(q, mp);
2263 2354 } else {
2264 2355 (void) putbq(q, mp);
2265 2356 return;
2266 2357 }
2267 2358 }
2268 2359 }
2269 2360
2270 2361 /*
2271 2362 * The read procedure should only be invoked by a keysock consumer, like
2272 2363 * ESP, AH, etc. I should only see KEYSOCK_OUT and KEYSOCK_HELLO_ACK
2273 2364 * messages on my read queues.
2274 2365 */
2275 2366 static void
2276 2367 keysock_rput(queue_t *q, mblk_t *mp)
2277 2368 {
2278 2369 keysock_consumer_t *kc = (keysock_consumer_t *)q->q_ptr;
2279 2370 ipsec_info_t *ii;
2280 2371 keysock_hello_ack_t *ksa;
2281 2372 minor_t serial;
2282 2373 mblk_t *mp1;
2283 2374 sadb_msg_t *samsg;
2284 2375 keysock_stack_t *keystack = kc->kc_keystack;
2285 2376
2286 2377 /* Make sure I'm a consumer instance. (i.e. something's below me) */
2287 2378 ASSERT(WR(q)->q_next != NULL);
2288 2379
2289 2380 if (mp->b_datap->db_type != M_CTL) {
2290 2381 /*
2291 2382 * Keysock should only see keysock consumer interface
2292 2383 * messages (see ipsec_info.h) on its read procedure.
2293 2384 * To be robust, however, putnext() up so the STREAM head can
2294 2385 * deal with it appropriately.
2295 2386 */
2296 2387 ks1dbg(keystack,
2297 2388 ("Hmmm, a non M_CTL (%d, 0x%x) on keysock_rput.\n",
2298 2389 mp->b_datap->db_type, mp->b_datap->db_type));
2299 2390 putnext(q, mp);
2300 2391 return;
2301 2392 }
2302 2393
2303 2394 ii = (ipsec_info_t *)mp->b_rptr;
2304 2395
2305 2396 switch (ii->ipsec_info_type) {
2306 2397 case KEYSOCK_OUT:
2307 2398 /*
2308 2399 * A consumer needs to pass a response message or an ACQUIRE
2309 2400 * UP. I assume that the consumer has done the right
2310 2401 * thing w.r.t. message creation, etc.
2311 2402 */
2312 2403 serial = ((keysock_out_t *)mp->b_rptr)->ks_out_serial;
2313 2404 mp1 = mp->b_cont; /* Get M_DATA portion. */
2314 2405 freeb(mp);
2315 2406 samsg = (sadb_msg_t *)mp1->b_rptr;
2316 2407 if (samsg->sadb_msg_type == SADB_FLUSH ||
2317 2408 (samsg->sadb_msg_type == SADB_DUMP &&
2318 2409 samsg->sadb_msg_len == SADB_8TO64(sizeof (*samsg)))) {
2319 2410 /*
2320 2411 * If I'm an end-of-FLUSH or an end-of-DUMP marker...
2321 2412 */
2322 2413 ASSERT(keystack->keystack_flushdump != 0);
2323 2414 /* Am I flushing? */
2324 2415
2325 2416 mutex_enter(&kc->kc_lock);
2326 2417 kc->kc_flags &= ~KC_FLUSHING;
2327 2418 mutex_exit(&kc->kc_lock);
2328 2419
2329 2420 if (samsg->sadb_msg_errno != 0)
2330 2421 keystack->keystack_flushdump_errno =
2331 2422 samsg->sadb_msg_errno;
2332 2423
2333 2424 /*
2334 2425 * Lower the atomic "flushing" count. If it's
2335 2426 * the last one, send up the end-of-{FLUSH,DUMP} to
2336 2427 * the appropriate PF_KEY socket.
2337 2428 */
2338 2429 if (atomic_dec_32_nv(&keystack->keystack_flushdump) !=
2339 2430 0) {
2340 2431 ks1dbg(keystack,
2341 2432 ("One flush/dump message back from %d,"
2342 2433 " more to go.\n", samsg->sadb_msg_satype));
2343 2434 freemsg(mp1);
2344 2435 return;
2345 2436 }
2346 2437
2347 2438 samsg->sadb_msg_errno =
2348 2439 (uint8_t)keystack->keystack_flushdump_errno;
2349 2440 if (samsg->sadb_msg_type == SADB_DUMP) {
2350 2441 samsg->sadb_msg_seq = 0;
2351 2442 }
2352 2443 }
2353 2444 keysock_passup(mp1, samsg, serial, kc,
2354 2445 (samsg->sadb_msg_type == SADB_DUMP), keystack);
2355 2446 return;
2356 2447 case KEYSOCK_HELLO_ACK:
2357 2448 /* Aha, now we can link in the consumer! */
2358 2449 ksa = (keysock_hello_ack_t *)ii;
2359 2450 keysock_link_consumer(ksa->ks_hello_satype, kc);
2360 2451 freemsg(mp);
2361 2452 return;
2362 2453 default:
2363 2454 ks1dbg(keystack, ("Hmmm, an IPsec info I'm not used to, 0x%x\n",
2364 2455 ii->ipsec_info_type));
2365 2456 putnext(q, mp);
2366 2457 }
2367 2458 }
2368 2459
2369 2460 /*
2370 2461 * So we can avoid external linking problems....
2371 2462 */
2372 2463 boolean_t
2373 2464 keysock_extended_reg(netstack_t *ns)
2374 2465 {
2375 2466 keysock_stack_t *keystack = ns->netstack_keysock;
2376 2467
2377 2468 return (keystack->keystack_num_extended != 0);
2378 2469 }
2379 2470
2380 2471 uint32_t
2381 2472 keysock_next_seq(netstack_t *ns)
2382 2473 {
2383 2474 keysock_stack_t *keystack = ns->netstack_keysock;
2384 2475
2385 2476 return (atomic_dec_32_nv(&keystack->keystack_acquire_seq));
2386 2477 }
|
↓ open down ↓ |
1415 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX