keysock.c source code [xnu/bsd/netkey/keysock.c]

1	/*
2	* Copyright (c) 2016 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	/ $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ /
30
31	/*
32	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33	* All rights reserved.
34	*
35	* Redistribution and use in source and binary forms, with or without
36	* modification, are permitted provided that the following conditions
37	* are met:
38	* 1. Redistributions of source code must retain the above copyright
39	* notice, this list of conditions and the following disclaimer.
40	* 2. Redistributions in binary form must reproduce the above copyright
41	* notice, this list of conditions and the following disclaimer in the
42	* documentation and/or other materials provided with the distribution.
43	* 3. Neither the name of the project nor the names of its contributors
44	* may be used to endorse or promote products derived from this software
45	* without specific prior written permission.
46	*
47	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57	* SUCH DAMAGE.
58	*/
59
60	/ This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 /
61
62	#include <sys/types.h>
63	#include <sys/param.h>
64	#include <sys/systm.h>
65	#include <sys/kernel.h>
66	#include <sys/sysctl.h>
67	#include <sys/mbuf.h>
68	#include <sys/mcache.h>
69	#include <sys/malloc.h>
70	#include <sys/socket.h>
71	#include <sys/socketvar.h>
72	#include <sys/domain.h>
73	#include <sys/protosw.h>
74	#include <sys/errno.h>
75
76	#include <kern/locks.h>
77
78	#include <net/raw_cb.h>
79	#include <net/route.h>
80
81	#include <net/pfkeyv2.h>
82	#include <netkey/keydb.h>
83	#include <netkey/key.h>
84	#include <netkey/keysock.h>
85	#include <netkey/key_debug.h>
86
87	extern lck_mtx_t *raw_mtx;
88	extern void key_init(struct protosw , struct* domain *);
89
90	struct sockaddr key_dst = { `2`, PF_KEY, {`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,} };
91	struct sockaddr key_src = { `2`, PF_KEY, {`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,`0`,} };
92
93	static void key_dinit(struct domain *);
94	static int key_sendup0(struct rawcb , struct* mbuf , int*);
95
96	struct pfkeystat pfkeystat;
97
98	static struct domain *keydomain = NULL;
99
100	extern lck_mtx_t *pfkey_stat_mutex;
101
102	/*
103	* key_output()
104	*/
105	int
106	#ifdef __APPLE__
107	/ No variable argument support? /
108	key_output(struct mbuf m, struct* socket *so)
109	#else
110	#if __STDC__
111	key_output(struct mbuf *m, ...)
112	#else
113	key_output(m, va_alist)
114	struct mbuf *m;
115	va_dcl
116	#endif
117	#endif
118	{
119	struct sadb_msg *msg;
120	int len, error = `0`;
121	#ifndef __APPLE__
122	struct socket *so;
123	va_list ap;
124
125	va_start(ap, m);
126	so = va_arg(ap, struct socket *);
127	va_end(ap);
128	#endif
129
130	if (m == `0`)
131	panic("key_output: NULL pointer was passed.\n");
132
133	socket_unlock(so, `0`);
134	lck_mtx_lock(pfkey_stat_mutex);
135	pfkeystat.out_total++;
136	pfkeystat.out_bytes += m->m_pkthdr.len;
137	lck_mtx_unlock(pfkey_stat_mutex);
138
139	len = m->m_pkthdr.len;
140	if (len < sizeof(struct sadb_msg)) {
141	#if IPSEC_DEBUG
142	printf("key_output: Invalid message length.\n");
143	#endif
144	PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
145	error = EINVAL;
146	goto end;
147	}
148
149	if (m->m_len < sizeof(struct sadb_msg)) {
150	if ((m = m_pullup(m, sizeof(struct sadb_msg))) == `0`) {
151	#if IPSEC_DEBUG
152	printf("key_output: can't pullup mbuf\n");
153	#endif
154	PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
155	error = ENOBUFS;
156	goto end;
157	}
158	}
159
160	if ((m->m_flags & M_PKTHDR) == `0`)
161	panic("key_output: not M_PKTHDR ??");
162
163	#if IPSEC_DEBUG
164	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
165	#endif /* defined(IPSEC_DEBUG) */
166
167	msg = mtod(m, struct sadb_msg *);
168	PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
169	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
170	#if IPSEC_DEBUG
171	printf("key_output: Invalid message length.\n");
172	#endif
173	PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
174	error = EINVAL;
175	goto end;
176	}
177
178	error = key_parse(m, so);
179	m = NULL;
180
181	end:
182	if (m)
183	m_freem(m);
184	socket_lock(so, `0`);
185	return error;
186	}
187
188	/*
189	* send message to the socket.
190	*/
191	static int
192	key_sendup0(struct rawcb rp, struct* mbuf m, int* promisc)
193	{
194	int error;
195
196	if (promisc) {
197	struct sadb_msg *pmsg;
198
199	M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, `1`);
200	if (m && m->m_len < sizeof(struct sadb_msg))
201	m = m_pullup(m, sizeof(struct sadb_msg));
202	if (!m) {
203	#if IPSEC_DEBUG
204	printf("key_sendup0: cannot pullup\n");
205	#endif
206	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
207	m_freem(m);
208	return ENOBUFS;
209	}
210	m->m_pkthdr.len += sizeof(*pmsg);
211
212	pmsg = mtod(m, struct sadb_msg *);
213	bzero(pmsg, sizeof(*pmsg));
214	pmsg->sadb_msg_version = PF_KEY_V2;
215	pmsg->sadb_msg_type = SADB_X_PROMISC;
216	pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
217	/ pid and seq? /
218
219	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
220	}
221
222	if (!sbappendaddr(&rp->rcb_socket->so_rcv, (struct sockaddr *)&key_src,
223	m, NULL, &error)) {
224	#if IPSEC_DEBUG
225	printf("key_sendup0: sbappendaddr failed\n");
226	#endif
227	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
228	}
229	else {
230	sorwakeup(rp->rcb_socket);
231	}
232	return error;
233	}
234
235
236	/ so can be NULL if target != KEY_SENDUP_ONE /
237	int
238	key_sendup_mbuf(struct socket so, struct* mbuf m, int* target)
239	{
240	struct mbuf *n;
241	struct keycb *kp;
242	int sendup;
243	struct rawcb *rp;
244	int error = `0`;
245
246	if (m == NULL)
247	panic("key_sendup_mbuf: NULL pointer was passed.\n");
248	if (so == NULL && target == KEY_SENDUP_ONE)
249	panic("key_sendup_mbuf: NULL pointer was passed.\n");
250
251	lck_mtx_lock(pfkey_stat_mutex);
252	pfkeystat.in_total++;
253	pfkeystat.in_bytes += m->m_pkthdr.len;
254	lck_mtx_unlock(pfkey_stat_mutex);
255	if (m->m_len < sizeof(struct sadb_msg)) {
256	#if 1
257	m = m_pullup(m, sizeof(struct sadb_msg));
258	if (m == NULL) {
259	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
260	return ENOBUFS;
261	}
262	#else
263	/ don't bother pulling it up just for stats /
264	#endif
265	}
266	if (m->m_len >= sizeof(struct sadb_msg)) {
267	struct sadb_msg *msg;
268	msg = mtod(m, struct sadb_msg *);
269	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
270	}
271
272	lck_mtx_lock(raw_mtx);
273	LIST_FOREACH(rp, &rawcb_list, list)
274	{
275	if (rp->rcb_proto.sp_family != PF_KEY)
276	continue;
277	if (rp->rcb_proto.sp_protocol
278	&& rp->rcb_proto.sp_protocol != PF_KEY_V2) {
279	continue;
280	}
281
282	kp = (struct keycb *)rp;
283
284	socket_lock(rp->rcb_socket, `1`);
285	/*
286	* If you are in promiscuous mode, and when you get broadcasted
287	* reply, you'll get two PF_KEY messages.
288	* (based on pf_key@inner.net message on 14 Oct 1998)
289	*/
290	if (((struct keycb *)rp)->kp_promisc) {
291	if ((n = m_copy(m, `0`, (int)M_COPYALL)) != NULL) {
292	(void)key_sendup0(rp, n, `1`);
293	n = NULL;
294	}
295	}
296
297	/ the exact target will be processed later /
298	if (so && sotorawcb(so) == rp) {
299	socket_unlock(rp->rcb_socket, `1`);
300	continue;
301	}
302
303	sendup = `0`;
304	switch (target) {
305	case KEY_SENDUP_ONE:
306	/ the statement has no effect /
307	break;
308	case KEY_SENDUP_ALL:
309	sendup++;
310	break;
311	case KEY_SENDUP_REGISTERED:
312	if (kp->kp_registered)
313	sendup++;
314	break;
315	}
316	PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
317
318	if (!sendup) {
319	socket_unlock(rp->rcb_socket, `1`);
320	continue;
321	}
322	else
323	sendup = `0`; // clear for next iteration
324
325	if ((n = m_copy(m, `0`, (int)M_COPYALL)) == NULL) {
326	#if IPSEC_DEBUG
327	printf("key_sendup: m_copy fail\n");
328	#endif
329	m_freem(m);
330	PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
331	socket_unlock(rp->rcb_socket, `1`);
332	lck_mtx_unlock(raw_mtx);
333	return ENOBUFS;
334	}
335
336	/*
337	* ignore error even if queue is full. PF_KEY does not
338	* guarantee the delivery of the message.
339	* this is important when target == KEY_SENDUP_ALL.
340	*/
341	key_sendup0(rp, n, `0`);
342	socket_unlock(rp->rcb_socket, `1`);
343	n = NULL;
344	}
345
346	lck_mtx_unlock(raw_mtx);
347	if (so) {
348	socket_lock(so, `1`);
349	error = key_sendup0(sotorawcb(so), m, `0`);
350	socket_unlock(so, `1`);
351	m = NULL;
352	} else {
353	error = `0`;
354	m_freem(m);
355	}
356	return error;
357	}
358
359	/*
360	* key_abort()
361	* derived from net/rtsock.c:rts_abort()
362	*/
363	static int
364	key_abort(struct socket *so)
365	{
366	int error;
367	error = raw_usrreqs.pru_abort(so);
368	return error;
369	}
370
371	/*
372	* key_attach()
373	* derived from net/rtsock.c:rts_attach()
374	*/
375	static int
376	key_attach(struct socket so, int* proto, struct proc *p)
377	{
378	struct keycb *kp;
379	int error;
380
381	if (sotorawcb(so) != `0`)
382	return EISCONN; / XXX panic? /
383	kp = (struct keycb )_MALLOC(sizeof* (*kp), M_PCB,
384	M_WAITOK \| M_ZERO); / XXX /
385	if (kp == `0`)
386	return ENOBUFS;
387
388	so->so_pcb = (caddr_t)kp;
389	kp->kp_promisc = kp->kp_registered = `0`;
390	kp->kp_raw.rcb_laddr = &key_src;
391	kp->kp_raw.rcb_faddr = &key_dst;
392
393	error = raw_usrreqs.pru_attach(so, proto, p);
394	kp = (struct keycb *)sotorawcb(so);
395	if (error) {
396	_FREE(kp, M_PCB);
397	so->so_pcb = (caddr_t) `0`;
398	so->so_flags \|= SOF_PCBCLEARING;
399	printf("key_usrreq: key_usrreq results %d\n", error);
400	return error;
401	}
402
403	/ so is already locked when calling key_attach /
404	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) / XXX: AF_KEY /
405	key_cb.key_count++;
406	key_cb.any_count++;
407	soisconnected(so);
408	so->so_options \|= SO_USELOOPBACK;
409
410	return `0`;
411	}
412
413	/*
414	* key_bind()
415	* derived from net/rtsock.c:rts_bind()
416	*/
417	static int
418	key_bind(struct socket so, struct* sockaddr nam, struct* proc *p)
419	{
420	int error;
421	error = raw_usrreqs.pru_bind(so, nam, p); / xxx just EINVAL /
422	return error;
423	}
424
425	/*
426	* key_connect()
427	* derived from net/rtsock.c:rts_connect()
428	*/
429	static int
430	key_connect(struct socket so, struct* sockaddr nam, struct* proc *p)
431	{
432	int error;
433	error = raw_usrreqs.pru_connect(so, nam, p); / XXX just EINVAL /
434	return error;
435	}
436
437	/*
438	* key_detach()
439	* derived from net/rtsock.c:rts_detach()
440	*/
441	static int
442	key_detach(struct socket *so)
443	{
444	struct keycb kp = (struct* keycb *)sotorawcb(so);
445	int error;
446
447	if (kp != `0`) {
448	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) / XXX: AF_KEY /
449	key_cb.key_count--;
450	key_cb.any_count--;
451	socket_unlock(so, `0`);
452	key_freereg(so);
453	socket_lock(so, `0`);
454	}
455	error = raw_usrreqs.pru_detach(so);
456	return error;
457	}
458
459	/*
460	* key_disconnect()
461	* derived from net/rtsock.c:key_disconnect()
462	*/
463	static int
464	key_disconnect(struct socket *so)
465	{
466	int error;
467	error = raw_usrreqs.pru_disconnect(so);
468	return error;
469	}
470
471	/*
472	* key_peeraddr()
473	* derived from net/rtsock.c:rts_peeraddr()
474	*/
475	static int
476	key_peeraddr(struct socket so, struct* sockaddr **nam)
477	{
478	int error;
479	error = raw_usrreqs.pru_peeraddr(so, nam);
480	return error;
481	}
482
483	/*
484	* key_send()
485	* derived from net/rtsock.c:rts_send()
486	*/
487	static int
488	key_send(struct socket so, int* flags, struct mbuf m, struct* sockaddr *nam,
489	struct mbuf control, struct* proc *p)
490	{
491	int error;
492	error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
493	return error;
494	}
495
496	/*
497	* key_shutdown()
498	* derived from net/rtsock.c:rts_shutdown()
499	*/
500	static int
501	key_shutdown(struct socket *so)
502	{
503	int error;
504	error = raw_usrreqs.pru_shutdown(so);
505	return error;
506	}
507
508	/*
509	* key_sockaddr()
510	* derived from net/rtsock.c:rts_sockaddr()
511	*/
512	static int
513	key_sockaddr(struct socket so, struct* sockaddr **nam)
514	{
515	int error;
516	error = raw_usrreqs.pru_sockaddr(so, nam);
517	return error;
518	}
519
520	static struct pr_usrreqs key_usrreqs = {
521	.pru_abort = key_abort,
522	.pru_attach = key_attach,
523	.pru_bind = key_bind,
524	.pru_connect = key_connect,
525	.pru_detach = key_detach,
526	.pru_disconnect = key_disconnect,
527	.pru_peeraddr = key_peeraddr,
528	.pru_send = key_send,
529	.pru_shutdown = key_shutdown,
530	.pru_sockaddr = key_sockaddr,
531	.pru_sosend = sosend,
532	.pru_soreceive = soreceive,
533	};
534
535	/ sysctl /
536	SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW\|CTLFLAG_LOCKED, `0`, "Key Family");
537
538	/*
539	* Definitions of protocols supported in the KEY domain.
540	*/
541
542	extern struct domain keydomain_s;
543
544	static struct protosw keysw[] = {
545	{
546	.pr_type = SOCK_RAW,
547	.pr_protocol = PF_KEY_V2,
548	.pr_flags = PR_ATOMIC\|PR_ADDR,
549	.pr_output = key_output,
550	.pr_ctlinput = raw_ctlinput,
551	.pr_init = key_init,
552	.pr_usrreqs = &key_usrreqs,
553	}
554	};
555
556	static int key_proto_count = (sizeof (keysw) / sizeof (struct protosw));
557
558	struct domain keydomain_s = {
559	.dom_family = PF_KEY,
560	.dom_name = "key",
561	.dom_init = key_dinit,
562	.dom_maxrtkey = sizeof (struct key_cb),
563	};
564
565	static void
566	key_dinit(struct domain *dp)
567	{
568	struct protosw *pr;
569	int i;
570
571	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
572	VERIFY(keydomain == NULL);
573
574	keydomain = dp;
575
576	for (i = `0`, pr = &keysw[`0`]; i < key_proto_count; i++, pr++)
577	net_add_proto(pr, dp, `1`);
578	}
579

Browse the source code of xnu/bsd/netkey/keysock.c