sync with kame tree as of july00. tons of bug fixes/improvements.

API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
author: itojun <itojun@FreeBSD.org> 2000-07-04 16:35:15 +0000
committer: itojun <itojun@FreeBSD.org> 2000-07-04 16:35:15 +0000
commit: 5f4e854de19331a53788d6100bbcd42845056bc1 (patch)
tree: 3ff8c876a5868b103fb8713055d83e29a3fa38d5 /sys/netkey/keysock.c
parent: bdc16885232d771a99d7dfc247cd27a44cd061f9 (diff)
download: FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.zip
FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.tar.gz
1 files changed, 328 insertions, 261 deletions
diff --git a/sys/netkey/keysock.c b/sys/netkey/keysock.c
index f26e8a5..92e7023 100644
--- a/sys/netkey/keysock.c
+++ b/sys/netkey/keysock.c
@@ -1,3 +1,6 @@
+/*	$FreeBSD$	*/
+/*	$KAME: keysock.c,v 1.22 2000/05/23 13:19:21 itojun Exp $	*/
+
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
@@ -25,16 +28,12 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $FreeBSD$
  */
 
-/* KAME @(#)$Id: keysock.c,v 1.2 1999/08/16 19:30:36 shin Exp $ */
+#include "opt_ipsec.h"
 
 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
 
-#include <opt_ipsec.h>
-
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -65,19 +64,334 @@
 
 #include <machine/stdarg.h>
 
-static MALLOC_DEFINE(M_SECA, "key mgmt",
-		     "security associations, key management");
-
 struct sockaddr key_dst = { 2, PF_KEY, };
 struct sockaddr key_src = { 2, PF_KEY, };
-struct sockproto key_proto = { PF_KEY, PF_KEY_V2 };
 
 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
 
-#define	KMALLOC(p, t, n) \
-	((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
-#define	KFREE(p) \
-	free((caddr_t)(p), M_SECA);
+struct pfkeystat pfkeystat;
+
+/*
+ * key_output()
+ */
+int
+#if __STDC__
+key_output(struct mbuf *m, ...)
+#else
+key_output(m, va_alist)
+	struct mbuf *m;
+	va_dcl
+#endif
+{
+	struct sadb_msg *msg;
+	int len, error = 0;
+	int s;
+	struct socket *so;
+	va_list ap;
+
+	va_start(ap, m);
+	so = va_arg(ap, struct socket *);
+	va_end(ap);
+
+	if (m == 0)
+		panic("key_output: NULL pointer was passed.\n");
+
+	pfkeystat.out_total++;
+	pfkeystat.out_bytes += m->m_pkthdr.len;
+
+	len = m->m_pkthdr.len;
+	if (len < sizeof(struct sadb_msg)) {
+#ifdef IPSEC_DEBUG
+		printf("key_output: Invalid message length.\n");
+#endif
+		pfkeystat.out_tooshort++;
+		error = EINVAL;
+		goto end;
+	}
+
+	if (m->m_len < sizeof(struct sadb_msg)) {
+		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
+#ifdef IPSEC_DEBUG
+			printf("key_output: can't pullup mbuf\n");
+#endif
+			pfkeystat.out_nomem++;
+			error = ENOBUFS;
+			goto end;
+		}
+	}
+
+	if ((m->m_flags & M_PKTHDR) == 0)
+		panic("key_output: not M_PKTHDR ??");
+
+#ifdef IPSEC_DEBUG
+	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
+#endif
+
+	msg = mtod(m, struct sadb_msg *);
+	pfkeystat.out_msgtype[msg->sadb_msg_type]++;
+	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
+#ifdef IPSEC_DEBUG
+		printf("key_output: Invalid message length.\n");
+#endif
+		pfkeystat.out_invlen++;
+		error = EINVAL;
+		goto end;
+	}
+
+	/*XXX giant lock*/
+	s = splnet();
+	error = key_parse(m, so);
+	m = NULL;
+	splx(s);
+end:
+	if (m)
+		m_freem(m);
+	return error;
+}
+
+/*
+ * send message to the socket.
+ */
+static int
+key_sendup0(rp, m, promisc)
+	struct rawcb *rp;
+	struct mbuf *m;
+	int promisc;
+{
+	if (promisc) {
+		struct sadb_msg *pmsg;
+
+		M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
+		if (m && m->m_len < sizeof(struct sadb_msg))
+			m = m_pullup(m, sizeof(struct sadb_msg));
+		if (!m) {
+#ifdef IPSEC_DEBUG
+			printf("key_sendup0: cannot pullup\n");
+#endif
+			pfkeystat.in_nomem++;
+			m_freem(m);
+			return ENOBUFS;
+		}
+		m->m_pkthdr.len += sizeof(*pmsg);
+
+		pmsg = mtod(m, struct sadb_msg *);
+		bzero(pmsg, sizeof(*pmsg));
+		pmsg->sadb_msg_version = PF_KEY_V2;
+		pmsg->sadb_msg_type = SADB_X_PROMISC;
+		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
+		/* pid and seq? */
+
+		pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
+	}
+
+	if (!sbappendaddr(&rp->rcb_socket->so_rcv,
+			(struct sockaddr *)&key_src, m, NULL)) {
+#ifdef IPSEC_DEBUG
+		printf("key_sendup0: sbappendaddr failed\n");
+#endif
+		pfkeystat.in_nomem++;
+		m_freem(m);
+		return ENOBUFS;
+	}
+	sorwakeup(rp->rcb_socket);
+	return 0;
+}
+
+/* XXX this interface should be obsoleted. */
+int
+key_sendup(so, msg, len, target)
+	struct socket *so;
+	struct sadb_msg *msg;
+	u_int len;
+	int target;	/*target of the resulting message*/
+{
+	struct mbuf *m, *n, *mprev;
+	int tlen;
+
+	/* sanity check */
+	if (so == 0 || msg == 0)
+		panic("key_sendup: NULL pointer was passed.\n");
+
+	KEYDEBUG(KEYDEBUG_KEY_DUMP,
+		printf("key_sendup: \n");
+		kdebug_sadb(msg));
+
+	/*
+	 * we increment statistics here, just in case we have ENOBUFS
+	 * in this function.
+	 */
+	pfkeystat.in_total++;
+	pfkeystat.in_bytes += len;
+	pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+
+	/*
+	 * Get mbuf chain whenever possible (not clusters),
+	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
+	 * messages to listening key sockets.  If we simply allocate clusters,
+	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
+	 * sbspace() computes # of actual data bytes AND mbuf region.
+	 *
+	 * TODO: SADB_ACQUIRE filters should be implemented.
+	 */
+	tlen = len;
+	m = mprev = NULL;
+	while (tlen > 0) {
+		if (tlen == len) {
+			MGETHDR(n, M_DONTWAIT, MT_DATA);
+			n->m_len = MHLEN;
+		} else {
+			MGET(n, M_DONTWAIT, MT_DATA);
+			n->m_len = MLEN;
+		}
+		if (!n) {
+			pfkeystat.in_nomem++;
+			return ENOBUFS;
+		}
+		if (tlen >= MCLBYTES) {	/*XXX better threshold? */
+			MCLGET(n, M_DONTWAIT);
+			if ((n->m_flags & M_EXT) == 0) {
+				m_free(n);
+				m_freem(m);
+				pfkeystat.in_nomem++;
+				return ENOBUFS;
+			}
+			n->m_len = MCLBYTES;
+		}
+
+		if (tlen < n->m_len)
+			n->m_len = tlen;
+		n->m_next = NULL;
+		if (m == NULL)
+			m = mprev = n;
+		else {
+			mprev->m_next = n;
+			mprev = n;
+		}
+		tlen -= n->m_len;
+		n = NULL;
+	}
+	m->m_pkthdr.len = len;
+	m->m_pkthdr.rcvif = NULL;
+	m_copyback(m, 0, len, (caddr_t)msg);
+
+	/* avoid duplicated statistics */
+	pfkeystat.in_total--;
+	pfkeystat.in_bytes -= len;
+	pfkeystat.in_msgtype[msg->sadb_msg_type]--;
+
+	return key_sendup_mbuf(so, m, target);
+}
+
+/* so can be NULL if target != KEY_SENDUP_ONE */
+int
+key_sendup_mbuf(so, m, target)
+	struct socket *so;
+	struct mbuf *m;
+	int target;
+{
+	struct mbuf *n;
+	struct keycb *kp;
+	int sendup;
+	struct rawcb *rp;
+	int error = 0;
+
+	if (m == NULL)
+		panic("key_sendup_mbuf: NULL pointer was passed.\n");
+	if (so == NULL && target == KEY_SENDUP_ONE)
+		panic("key_sendup_mbuf: NULL pointer was passed.\n");
+
+	pfkeystat.in_total++;
+	pfkeystat.in_bytes += m->m_pkthdr.len;
+	if (m->m_len < sizeof(struct sadb_msg)) {
+#if 1
+		m = m_pullup(m, sizeof(struct sadb_msg));
+		if (m == NULL) {
+			pfkeystat.in_nomem++;
+			return ENOBUFS;
+		}
+#else
+		/* don't bother pulling it up just for stats */
+#endif
+	}
+	if (m->m_len >= sizeof(struct sadb_msg)) {
+		struct sadb_msg *msg;
+		msg = mtod(m, struct sadb_msg *);
+		pfkeystat.in_msgtype[msg->sadb_msg_type]++;
+	}
+
+	LIST_FOREACH(rp, &rawcb_list, list)
+	{
+		if (rp->rcb_proto.sp_family != PF_KEY)
+			continue;
+		if (rp->rcb_proto.sp_protocol
+		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
+			continue;
+		}
+
+		kp = (struct keycb *)rp;
+
+		/*
+		 * If you are in promiscuous mode, and when you get broadcasted
+		 * reply, you'll get two PF_KEY messages.
+		 * (based on pf_key@inner.net message on 14 Oct 1998)
+		 */
+		if (((struct keycb *)rp)->kp_promisc) {
+			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
+				(void)key_sendup0(rp, n, 1);
+				n = NULL;
+			}
+		}
+
+		/* the exact target will be processed later */
+		if (so && sotorawcb(so) == rp)
+			continue;
+
+		sendup = 0;
+		switch (target) {
+		case KEY_SENDUP_ONE:
+			/* the statement has no effect */
+			if (so && sotorawcb(so) == rp)
+				sendup++;
+			break;
+		case KEY_SENDUP_ALL:
+			sendup++;
+			break;
+		case KEY_SENDUP_REGISTERED:
+			if (kp->kp_registered)
+				sendup++;
+			break;
+		}
+		pfkeystat.in_msgtarget[target]++;
+
+		if (!sendup)
+			continue;
+
+		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
+#ifdef IPSEC_DEBUG
+			printf("key_sendup: m_copy fail\n");
+#endif
+			m_freem(m);
+			pfkeystat.in_nomem++;
+			return ENOBUFS;
+		}
+
+		if ((error = key_sendup0(rp, n, 0)) != 0) {
+			m_freem(m);
+			return error;
+		}
+
+		n = NULL;
+	}
+
+	if (so) {
+		error = key_sendup0(sotorawcb(so), m, 0);
+		m = NULL;
+	} else {
+		error = 0;
+		m_freem(m);
+	}
+	return error;
+}
 
 /*
  * key_abort()
@@ -105,7 +419,7 @@ key_attach(struct socket *so, int proto, struct proc *p)
 
 	if (sotorawcb(so) != 0)
 		return EISCONN;	/* XXX panic? */
-	MALLOC(kp, struct keycb *, sizeof *kp, M_PCB, M_WAITOK); /* XXX */
+	kp = (struct keycb *)malloc(sizeof *kp, M_PCB, M_WAITOK); /* XXX */
 	if (kp == 0)
 		return ENOBUFS;
 	bzero(kp, sizeof *kp);
@@ -276,253 +590,6 @@ struct pr_usrreqs key_usrreqs = {
 	key_sockaddr, sosend, soreceive, sopoll
 };
 
-/*
- * key_output()
- */
-int
-key_output(struct mbuf *m, struct socket *so)
-{
-	struct sadb_msg *msg = NULL;
-	int len, error = 0;
-	int s;
-	int target;
-
-	if (m == 0)
-		panic("key_output: NULL pointer was passed.\n");
-
-	if (m->m_len < sizeof(long)
-	 && (m = m_pullup(m, 8)) == 0) {
-		printf("key_output: can't pullup mbuf\n");
-		error = ENOBUFS;
-		goto end;
-	}
-
-	if ((m->m_flags & M_PKTHDR) == 0)
-		panic("key_output: not M_PKTHDR ??");
-
-#if defined(IPSEC_DEBUG)
-	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
-#endif /* defined(IPSEC_DEBUG) */
-
-	len = m->m_pkthdr.len;
-	if (len < sizeof(struct sadb_msg)
-	 || len != PFKEY_UNUNIT64(mtod(m, struct sadb_msg *)->sadb_msg_len)) {
-		printf("key_output: Invalid message length.\n");
-		error = EINVAL;
-		goto end;
-	}
-
-	/*
-	 * allocate memory for sadb_msg, and copy to sadb_msg from mbuf
-	 * XXX: To be processed directly without a copy.
-	 */
-	KMALLOC(msg, struct sadb_msg *, len);
-	if (msg == 0) {
-		printf("key_output: No more memory.\n");
-		error = ENOBUFS;
-		goto end;
-		/* or do panic ? */
-	}
-	m_copydata(m, 0, len, (caddr_t)msg);
-
-	/*XXX giant lock*/
-	s = splnet();
-	if ((len = key_parse(&msg, so, &target)) == 0) {
-		/* discard. i.e. no need to reply. */
-		error = 0;
-		splx(s);
-		goto end;
-	}
-
-	/* send up message to the socket */
-	error = key_sendup(so, msg, len, target);
-	splx(s);
-	KFREE(msg);
-end:
-	m_freem(m);
-	return (error);
-}
-
-/*
- * send message to the socket.
- */
-static int
-key_sendup0(rp, m, promisc)
-	struct rawcb *rp;
-	struct mbuf *m;
-	int promisc;
-{
-	if (promisc) {
-		struct sadb_msg *pmsg;
-
-		M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT);
-		if (m && m->m_len < sizeof(struct sadb_msg))
-			m = m_pullup(m, sizeof(struct sadb_msg));
-		if (!m) {
-			printf("key_sendup0: cannot pullup\n");
-			m_freem(m);
-			return ENOBUFS;
-		}
-		m->m_pkthdr.len += sizeof(*pmsg);
-
-		pmsg = mtod(m, struct sadb_msg *);
-		bzero(pmsg, sizeof(*pmsg));
-		pmsg->sadb_msg_version = PF_KEY_V2;
-		pmsg->sadb_msg_type = SADB_X_PROMISC;
-		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
-		/* pid and seq? */
-	}
-
-	if (!sbappendaddr(&rp->rcb_socket->so_rcv,
-			(struct sockaddr *)&key_src, m, NULL)) {
-		printf("key_sendup0: sbappendaddr failed\n");
-		m_freem(m);
-		return ENOBUFS;
-	}
-	sorwakeup(rp->rcb_socket);
-	return 0;
-}
-
-int
-key_sendup(so, msg, len, target)
-	struct socket *so;
-	struct sadb_msg *msg;
-	u_int len;
-	int target;	/*target of the resulting message*/
-{
-	struct mbuf *m, *n, *mprev;
-	struct keycb *kp;
-	int sendup;
-	struct rawcb *rp;
-	int error;
-	int tlen;
-
-	/* sanity check */
-	if (so == 0 || msg == 0)
-		panic("key_sendup: NULL pointer was passed.\n");
-
-	KEYDEBUG(KEYDEBUG_KEY_DUMP,
-		printf("key_sendup: \n");
-		kdebug_sadb(msg));
-
-	/*
-	 * Get mbuf chain whenever possible (not clusters),
-	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
-	 * messages to listening key sockets.  If we simmply allocate clusters,
-	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
-	 * sbspace() computes # of actual data bytes AND mbuf region.
-	 *
-	 * TODO: SADB_ACQUIRE filters should be implemented.
-	 */
-	tlen = len;
-	m = mprev = NULL;
-	while (tlen > 0) {
-		if (tlen == len) {
-			MGETHDR(n, M_DONTWAIT, MT_DATA);
-			if (n == NULL) {
-				m_freem(m);
-				return ENOBUFS;
-			}
-			n->m_len = MHLEN;
-		} else {
-			MGET(n, M_DONTWAIT, MT_DATA);
-			if (n == NULL) {
-				m_freem(m);
-				return ENOBUFS;
-			}
-			n->m_len = MLEN;
-		}
-		if (tlen > MCLBYTES) {	/*XXX better threshold? */
-			MCLGET(n, M_DONTWAIT);
-			if ((n->m_flags & M_EXT) == 0) {
-				m_free(n);
-				m_freem(m);
-				return ENOBUFS;
-			}
-			n->m_len = MCLBYTES;
-		}
-
-		if (tlen < n->m_len)
-			n->m_len = tlen;
-		n->m_next = NULL;
-		if (m == NULL)
-			m = mprev = n;
-		else {
-			mprev->m_next = n;
-			mprev = n;
-		}
-		tlen -= n->m_len;
-		n = NULL;
-	}
-	m->m_pkthdr.len = len;
-	m->m_pkthdr.rcvif = NULL;
-	m_copyback(m, 0, len, (caddr_t)msg);
-
-	LIST_FOREACH(rp, &rawcb_list, list)
-	{
-		if (rp->rcb_proto.sp_family != PF_KEY)
-			continue;
-		if (rp->rcb_proto.sp_protocol
-		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
-			continue;
-		}
-
-		kp = (struct keycb *)rp;
-
-		/*
-		 * If you are in promiscuous mode, and when you get broadcasted
-		 * reply, you'll get two PF_KEY messages.
-		 * (based on pf_key@inner.net message on 14 Oct 1998)
-		 */
-		if (((struct keycb *)rp)->kp_promisc) {
-			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
-				(void)key_sendup0(rp, n, 1);
-				n = NULL;
-			}
-		}
-
-		/* the exact target will be processed later */
-		if (sotorawcb(so) == rp)
-			continue;
-
-		sendup = 0;
-		switch (target) {
-		case KEY_SENDUP_ONE:
-			/* the statement has no effect */
-			if (sotorawcb(so) == rp)
-				sendup++;
-			break;
-		case KEY_SENDUP_ALL:
-			sendup++;
-			break;
-		case KEY_SENDUP_REGISTERED:
-			if (kp->kp_registered)
-				sendup++;
-			break;
-		}
-
-		if (!sendup)
-			continue;
-
-		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
-			printf("key_sendup: m_copy fail\n");
-			m_freem(m);
-			return ENOBUFS;
-		}
-
-		if ((error = key_sendup0(rp, n, 0)) != 0) {
-			m_freem(m);
-			return error;
-		}
-
-		n = NULL;
-	}
-
-	error = key_sendup0(sotorawcb(so), m, 0);
-	m = NULL;
-	return error;
-}
-
 /* sysctl */
 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
author	itojun <itojun@FreeBSD.org>	2000-07-04 16:35:15 +0000
committer	itojun <itojun@FreeBSD.org>	2000-07-04 16:35:15 +0000
commit	5f4e854de19331a53788d6100bbcd42845056bc1 (patch)
tree	3ff8c876a5868b103fb8713055d83e29a3fa38d5 /sys/netkey/keysock.c
parent	bdc16885232d771a99d7dfc247cd27a44cd061f9 (diff)
download	FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.zip FreeBSD-src-5f4e854de19331a53788d6100bbcd42845056bc1.tar.gz