| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: key.c,v 1.245 2017/11/30 02:45:12 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.246 2017/12/01 06:34:14 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.245 2017/11/30 02:45:12 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.246 2017/12/01 06:34:14 ozaki-r Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * This code is referred to RFC 2367 | | 38 | * This code is referred to RFC 2367 |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
45 | #include "opt_net_mpsafe.h" | | 45 | #include "opt_net_mpsafe.h" |
46 | #endif | | 46 | #endif |
47 | | | 47 | |
48 | #include <sys/types.h> | | 48 | #include <sys/types.h> |
| @@ -2102,26 +2102,27 @@ key_gather_mbuf(struct mbuf *m, const st | | | @@ -2102,26 +2102,27 @@ key_gather_mbuf(struct mbuf *m, const st |
2102 | * m will always be freed. | | 2102 | * m will always be freed. |
2103 | */ | | 2103 | */ |
2104 | static int | | 2104 | static int |
2105 | key_api_spdadd(struct socket *so, struct mbuf *m, | | 2105 | key_api_spdadd(struct socket *so, struct mbuf *m, |
2106 | const struct sadb_msghdr *mhp) | | 2106 | const struct sadb_msghdr *mhp) |
2107 | { | | 2107 | { |
2108 | const struct sockaddr *src, *dst; | | 2108 | const struct sockaddr *src, *dst; |
2109 | const struct sadb_x_policy *xpl0; | | 2109 | const struct sadb_x_policy *xpl0; |
2110 | struct sadb_x_policy *xpl; | | 2110 | struct sadb_x_policy *xpl; |
2111 | const struct sadb_lifetime *lft = NULL; | | 2111 | const struct sadb_lifetime *lft = NULL; |
2112 | struct secpolicyindex spidx; | | 2112 | struct secpolicyindex spidx; |
2113 | struct secpolicy *newsp; | | 2113 | struct secpolicy *newsp; |
2114 | int error; | | 2114 | int error; |
| | | 2115 | uint32_t sadb_x_policy_id; |
2115 | | | 2116 | |
2116 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || | | 2117 | if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || |
2117 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || | | 2118 | mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || |
2118 | mhp->ext[SADB_X_EXT_POLICY] == NULL) { | | 2119 | mhp->ext[SADB_X_EXT_POLICY] == NULL) { |
2119 | IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); | | 2120 | IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); |
2120 | return key_senderror(so, m, EINVAL); | | 2121 | return key_senderror(so, m, EINVAL); |
2121 | } | | 2122 | } |
2122 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || | | 2123 | if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || |
2123 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || | | 2124 | mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || |
2124 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { | | 2125 | mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { |
2125 | IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); | | 2126 | IPSECLOG(LOG_DEBUG, "invalid message is passed.\n"); |
2126 | return key_senderror(so, m, EINVAL); | | 2127 | return key_senderror(so, m, EINVAL); |
2127 | } | | 2128 | } |
| @@ -2206,29 +2207,36 @@ key_api_spdadd(struct socket *so, struct | | | @@ -2206,29 +2207,36 @@ key_api_spdadd(struct socket *so, struct |
2206 | if (newsp->id == 0) { | | 2207 | if (newsp->id == 0) { |
2207 | kmem_free(newsp, sizeof(*newsp)); | | 2208 | kmem_free(newsp, sizeof(*newsp)); |
2208 | return key_senderror(so, m, ENOBUFS); | | 2209 | return key_senderror(so, m, ENOBUFS); |
2209 | } | | 2210 | } |
2210 | | | 2211 | |
2211 | newsp->spidx = spidx; | | 2212 | newsp->spidx = spidx; |
2212 | newsp->created = time_uptime; | | 2213 | newsp->created = time_uptime; |
2213 | newsp->lastused = newsp->created; | | 2214 | newsp->lastused = newsp->created; |
2214 | newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; | | 2215 | newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; |
2215 | newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; | | 2216 | newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; |
2216 | | | 2217 | |
2217 | key_init_sp(newsp); | | 2218 | key_init_sp(newsp); |
2218 | | | 2219 | |
| | | 2220 | sadb_x_policy_id = newsp->id; |
| | | 2221 | |
2219 | mutex_enter(&key_spd.lock); | | 2222 | mutex_enter(&key_spd.lock); |
2220 | SPLIST_WRITER_INSERT_TAIL(newsp->spidx.dir, newsp); | | 2223 | SPLIST_WRITER_INSERT_TAIL(newsp->spidx.dir, newsp); |
2221 | mutex_exit(&key_spd.lock); | | 2224 | mutex_exit(&key_spd.lock); |
| | | 2225 | /* |
| | | 2226 | * We don't have a reference to newsp, so we must not touch newsp from |
| | | 2227 | * now on. If you want to do, you must take a reference beforehand. |
| | | 2228 | */ |
| | | 2229 | newsp = NULL; |
2222 | | | 2230 | |
2223 | #ifdef notyet | | 2231 | #ifdef notyet |
2224 | /* delete the entry in key_misc.spacqlist */ | | 2232 | /* delete the entry in key_misc.spacqlist */ |
2225 | if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { | | 2233 | if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { |
2226 | struct secspacq *spacq = key_getspacq(&spidx); | | 2234 | struct secspacq *spacq = key_getspacq(&spidx); |
2227 | if (spacq != NULL) { | | 2235 | if (spacq != NULL) { |
2228 | /* reset counter in order to deletion by timehandler. */ | | 2236 | /* reset counter in order to deletion by timehandler. */ |
2229 | spacq->created = time_uptime; | | 2237 | spacq->created = time_uptime; |
2230 | spacq->count = 0; | | 2238 | spacq->count = 0; |
2231 | } | | 2239 | } |
2232 | } | | 2240 | } |
2233 | #endif | | 2241 | #endif |
2234 | | | 2242 | |
| @@ -2264,27 +2272,27 @@ key_api_spdadd(struct socket *so, struct | | | @@ -2264,27 +2272,27 @@ key_api_spdadd(struct socket *so, struct |
2264 | key_fill_replymsg(n, 0); | | 2272 | key_fill_replymsg(n, 0); |
2265 | off = 0; | | 2273 | off = 0; |
2266 | mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), | | 2274 | mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), |
2267 | sizeof(*xpl), &off); | | 2275 | sizeof(*xpl), &off); |
2268 | if (mpolicy == NULL) { | | 2276 | if (mpolicy == NULL) { |
2269 | /* n is already freed */ | | 2277 | /* n is already freed */ |
2270 | return key_senderror(so, m, ENOBUFS); | | 2278 | return key_senderror(so, m, ENOBUFS); |
2271 | } | | 2279 | } |
2272 | xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); | | 2280 | xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off); |
2273 | if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { | | 2281 | if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { |
2274 | m_freem(n); | | 2282 | m_freem(n); |
2275 | return key_senderror(so, m, EINVAL); | | 2283 | return key_senderror(so, m, EINVAL); |
2276 | } | | 2284 | } |
2277 | xpl->sadb_x_policy_id = newsp->id; | | 2285 | xpl->sadb_x_policy_id = sadb_x_policy_id; |
2278 | | | 2286 | |
2279 | m_freem(m); | | 2287 | m_freem(m); |
2280 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); | | 2288 | return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); |
2281 | } | | 2289 | } |
2282 | } | | 2290 | } |
2283 | | | 2291 | |
2284 | /* | | 2292 | /* |
2285 | * get new policy id. | | 2293 | * get new policy id. |
2286 | * OUT: | | 2294 | * OUT: |
2287 | * 0: failure. | | 2295 | * 0: failure. |
2288 | * others: success. | | 2296 | * others: success. |
2289 | */ | | 2297 | */ |
2290 | static u_int32_t | | 2298 | static u_int32_t |