Changeset View
Changeset View
Standalone View
Standalone View
sys/netipsec/key.c
Show First 20 Lines • Show All 657 Lines • ▼ Show 20 Lines | |||||
static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); | static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); | ||||
static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); | static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); | ||||
static int key_updateaddresses(struct socket *, struct mbuf *, | static int key_updateaddresses(struct socket *, struct mbuf *, | ||||
const struct sadb_msghdr *, struct secasvar *, struct secasindex *); | const struct sadb_msghdr *, struct secasvar *, struct secasindex *); | ||||
static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, | static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, | ||||
u_int8_t, u_int32_t, u_int32_t); | u_int8_t, u_int32_t, u_int32_t); | ||||
static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, | static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, | ||||
u_int32_t, pid_t, u_int16_t); | u_int32_t, pid_t); | ||||
static struct mbuf *key_setsadbsa(struct secasvar *); | static struct mbuf *key_setsadbsa(struct secasvar *); | ||||
static struct mbuf *key_setsadbaddr(u_int16_t, | static struct mbuf *key_setsadbaddr(u_int16_t, | ||||
const struct sockaddr *, u_int8_t, u_int16_t); | const struct sockaddr *, u_int8_t, u_int16_t); | ||||
static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); | static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); | ||||
static struct mbuf *key_setsadbxtype(u_int16_t); | static struct mbuf *key_setsadbxtype(u_int16_t); | ||||
static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); | static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); | ||||
static struct mbuf *key_setsadbxsareplay(u_int32_t); | static struct mbuf *key_setsadbxsareplay(u_int32_t); | ||||
static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, | static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, | ||||
▲ Show 20 Lines • Show All 1,801 Lines • ▼ Show 20 Lines | key_spdacquire(struct secpolicy *sp) | ||||
} else { | } else { | ||||
/* make new entry for blocking to send SADB_ACQUIRE. */ | /* make new entry for blocking to send SADB_ACQUIRE. */ | ||||
newspacq = key_newspacq(&sp->spidx); | newspacq = key_newspacq(&sp->spidx); | ||||
if (newspacq == NULL) | if (newspacq == NULL) | ||||
return ENOBUFS; | return ENOBUFS; | ||||
} | } | ||||
/* create new sadb_msg to reply. */ | /* create new sadb_msg to reply. */ | ||||
m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); | m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0); | ||||
if (!m) | if (!m) | ||||
return ENOBUFS; | return ENOBUFS; | ||||
result = m; | result = m; | ||||
result->m_pkthdr.len = 0; | result->m_pkthdr.len = 0; | ||||
for (m = result; m; m = m->m_next) | for (m = result; m; m = m->m_next) | ||||
result->m_pkthdr.len += m->m_len; | result->m_pkthdr.len += m->m_len; | ||||
▲ Show 20 Lines • Show All 158 Lines • ▼ Show 20 Lines | |||||
static struct mbuf * | static struct mbuf * | ||||
key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, | key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, | ||||
u_int32_t pid) | u_int32_t pid) | ||||
{ | { | ||||
struct mbuf *result = NULL, *m; | struct mbuf *result = NULL, *m; | ||||
struct seclifetime lt; | struct seclifetime lt; | ||||
m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); | m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid); | ||||
if (!m) | if (!m) | ||||
goto fail; | goto fail; | ||||
result = m; | result = m; | ||||
m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, | m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, | ||||
&sp->spidx.src.sa, sp->spidx.prefs, | &sp->spidx.src.sa, sp->spidx.prefs, | ||||
sp->spidx.ul_proto); | sp->spidx.ul_proto); | ||||
if (!m) | if (!m) | ||||
▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | key_spdexpire(struct secpolicy *sp) | ||||
IPSEC_ASSERT(sp != NULL, ("null secpolicy")); | IPSEC_ASSERT(sp != NULL, ("null secpolicy")); | ||||
KEYDBG(KEY_STAMP, | KEYDBG(KEY_STAMP, | ||||
printf("%s: SP(%p)\n", __func__, sp)); | printf("%s: SP(%p)\n", __func__, sp)); | ||||
KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); | KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); | ||||
/* set msg header */ | /* set msg header */ | ||||
m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); | m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0); | ||||
if (!m) { | if (!m) { | ||||
error = ENOBUFS; | error = ENOBUFS; | ||||
goto fail; | goto fail; | ||||
} | } | ||||
result = m; | result = m; | ||||
/* create lifetime extension (current and hard) */ | /* create lifetime extension (current and hard) */ | ||||
len = PFKEY_ALIGN8(sizeof(*lt)) * 2; | len = PFKEY_ALIGN8(sizeof(*lt)) * 2; | ||||
▲ Show 20 Lines • Show All 802 Lines • ▼ Show 20 Lines | int i, dumporder[] = { | ||||
SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, | SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, | ||||
SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, | SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, | ||||
SADB_X_EXT_NAT_T_FRAG, | SADB_X_EXT_NAT_T_FRAG, | ||||
}; | }; | ||||
uint32_t replay_count; | uint32_t replay_count; | ||||
SECASVAR_RLOCK_TRACKER; | SECASVAR_RLOCK_TRACKER; | ||||
m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); | m = key_setsadbmsg(type, 0, satype, seq, pid); | ||||
if (m == NULL) | if (m == NULL) | ||||
goto fail; | goto fail; | ||||
result = m; | result = m; | ||||
for (i = nitems(dumporder) - 1; i >= 0; i--) { | for (i = nitems(dumporder) - 1; i >= 0; i--) { | ||||
m = NULL; | m = NULL; | ||||
switch (dumporder[i]) { | switch (dumporder[i]) { | ||||
case SADB_EXT_SA: | case SADB_EXT_SA: | ||||
▲ Show 20 Lines • Show All 171 Lines • ▼ Show 20 Lines | fail: | ||||
return NULL; | return NULL; | ||||
} | } | ||||
/* | /* | ||||
* set data into sadb_msg. | * set data into sadb_msg. | ||||
*/ | */ | ||||
static struct mbuf * | static struct mbuf * | ||||
key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, | key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, | ||||
pid_t pid, u_int16_t reserved) | pid_t pid) | ||||
{ | { | ||||
struct mbuf *m; | struct mbuf *m; | ||||
struct sadb_msg *p; | struct sadb_msg *p; | ||||
int len; | int len; | ||||
len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); | len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); | ||||
if (len > MCLBYTES) | if (len > MCLBYTES) | ||||
return NULL; | return NULL; | ||||
Show All 12 Lines | key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, | ||||
p = mtod(m, struct sadb_msg *); | p = mtod(m, struct sadb_msg *); | ||||
bzero(p, len); | bzero(p, len); | ||||
p->sadb_msg_version = PF_KEY_V2; | p->sadb_msg_version = PF_KEY_V2; | ||||
p->sadb_msg_type = type; | p->sadb_msg_type = type; | ||||
p->sadb_msg_errno = 0; | p->sadb_msg_errno = 0; | ||||
p->sadb_msg_satype = satype; | p->sadb_msg_satype = satype; | ||||
p->sadb_msg_len = PFKEY_UNIT64(tlen); | p->sadb_msg_len = PFKEY_UNIT64(tlen); | ||||
p->sadb_msg_reserved = reserved; | |||||
p->sadb_msg_seq = seq; | p->sadb_msg_seq = seq; | ||||
p->sadb_msg_pid = (u_int32_t)pid; | p->sadb_msg_pid = (u_int32_t)pid; | ||||
return m; | return m; | ||||
} | } | ||||
/* | /* | ||||
* copy secasvar data into sadb_address. | * copy secasvar data into sadb_address. | ||||
▲ Show 20 Lines • Show All 2,791 Lines • ▼ Show 20 Lines | key_acquire(const struct secasindex *saidx, struct secpolicy *sp) | ||||
result = NULL; | result = NULL; | ||||
ul_proto = IPSEC_ULPROTO_ANY; | ul_proto = IPSEC_ULPROTO_ANY; | ||||
/* Get seq number to check whether sending message or not. */ | /* Get seq number to check whether sending message or not. */ | ||||
seq = key_getacq(saidx, &error); | seq = key_getacq(saidx, &error); | ||||
if (seq == 0) | if (seq == 0) | ||||
return (error); | return (error); | ||||
m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); | m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0); | ||||
if (!m) { | if (!m) { | ||||
error = ENOBUFS; | error = ENOBUFS; | ||||
goto fail; | goto fail; | ||||
} | } | ||||
result = m; | result = m; | ||||
/* | /* | ||||
* set sadb_address for saidx's. | * set sadb_address for saidx's. | ||||
▲ Show 20 Lines • Show All 699 Lines • ▼ Show 20 Lines | key_expire(struct secasvar *sav, int hard) | ||||
KEYDBG(KEY_STAMP, | KEYDBG(KEY_STAMP, | ||||
printf("%s: SA(%p) expired %s lifetime\n", __func__, | printf("%s: SA(%p) expired %s lifetime\n", __func__, | ||||
sav, hard ? "hard": "soft")); | sav, hard ? "hard": "soft")); | ||||
KEYDBG(KEY_DATA, kdebug_secasv(sav)); | KEYDBG(KEY_DATA, kdebug_secasv(sav)); | ||||
/* set msg header */ | /* set msg header */ | ||||
satype = key_proto2satype(sav->sah->saidx.proto); | satype = key_proto2satype(sav->sah->saidx.proto); | ||||
IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); | IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); | ||||
m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); | m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0); | ||||
if (!m) { | if (!m) { | ||||
error = ENOBUFS; | error = ENOBUFS; | ||||
goto fail; | goto fail; | ||||
} | } | ||||
result = m; | result = m; | ||||
/* create SA extension */ | /* create SA extension */ | ||||
m = key_setsadbsa(sav); | m = key_setsadbsa(sav); | ||||
▲ Show 20 Lines • Show All 1,307 Lines • Show Last 20 Lines |