summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/conf/files9
-rw-r--r--sys/net/pfkey.c241
-rw-r--r--sys/net/pfkeyv2.c146
-rw-r--r--sys/net/pfkeyv2.h6
4 files changed, 146 insertions, 256 deletions
diff --git a/sys/conf/files b/sys/conf/files
index af7b8ba7912..15798f5a26d 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -1,4 +1,4 @@
-# $OpenBSD: files,v 1.645 2017/05/15 11:23:25 mikeb Exp $
+# $OpenBSD: files,v 1.646 2017/05/29 10:55:34 claudio Exp $
# $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@@ -979,10 +979,9 @@ file netinet6/raw_ip6.c inet6
file netinet6/udp6_output.c inet6
# ... PF_KEY
-file net/pfkey.c key | ipsec | tcp_signature
-file net/pfkeyv2.c key | ipsec | tcp_signature
-file net/pfkeyv2_parsemessage.c key | ipsec | tcp_signature
-file net/pfkeyv2_convert.c key | ipsec | tcp_signature
+file net/pfkeyv2.c ipsec | tcp_signature
+file net/pfkeyv2_parsemessage.c ipsec | tcp_signature
+file net/pfkeyv2_convert.c ipsec | tcp_signature
# libx86emu
file dev/x86emu/x86emu.c x86emu
diff --git a/sys/net/pfkey.c b/sys/net/pfkey.c
deleted file mode 100644
index 1e45e822c93..00000000000
--- a/sys/net/pfkey.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/* $OpenBSD: pfkey.c,v 1.42 2017/05/26 19:11:20 claudio Exp $ */
-
-/*
- * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
- *
- * NRL grants permission for redistribution and use in source and binary
- * forms, with or without modification, of the software and documentation
- * created at NRL provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgements:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * This product includes software developed at the Information
- * Technology Division, US Naval Research Laboratory.
- * 4. Neither the name of the NRL nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
- * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NRL OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * The views and conclusions contained in the software and documentation
- * are those of the authors and should not be interpreted as representing
- * official policies, either expressed or implied, of the US Naval
- * Research Laboratory (NRL).
- */
-
-/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Craig Metz. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the author nor the names of any contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/socket.h>
-#include <sys/mbuf.h>
-#include <sys/socketvar.h>
-#include <net/radix.h>
-#include <netinet/ip_ipsp.h>
-#include <net/pfkeyv2.h>
-
-#include <sys/protosw.h>
-#include <sys/domain.h>
-#include <net/raw_cb.h>
-
-#define PFKEYV2_PROTOCOL 2
-
-#define PFKEY_MSG_MAXSZ 4096
-
-struct domain pfkeydomain;
-struct sockaddr pfkey_addr = { 2, PF_KEY, };
-
-int pfkey_usrreq(struct socket *, int , struct mbuf *, struct mbuf *,
- struct mbuf *, struct proc *);
-int pfkey_output(struct mbuf *, struct socket *, struct sockaddr *,
- struct mbuf *);
-
-void pfkey_init(void);
-
-int
-pfkey_sendup(struct socket *socket, struct mbuf *packet, int more)
-{
- struct mbuf *packet2;
-
- NET_ASSERT_LOCKED();
-
- if (more) {
- if (!(packet2 = m_dup_pkt(packet, 0, M_DONTWAIT)))
- return (ENOMEM);
- } else
- packet2 = packet;
-
- if (!sbappendaddr(&socket->so_rcv, &pfkey_addr, packet2, NULL)) {
- m_freem(packet2);
- return (ENOBUFS);
- }
-
- sorwakeup(socket);
- return (0);
-}
-
-int
-pfkey_output(struct mbuf *mbuf, struct socket *socket, struct sockaddr *dstaddr,
- struct mbuf *control)
-{
- void *message;
- int error = 0;
-
-#ifdef DIAGNOSTIC
- if (!mbuf || !(mbuf->m_flags & M_PKTHDR)) {
- error = EINVAL;
- goto ret;
- }
-#endif /* DIAGNOSTIC */
-
- if (mbuf->m_pkthdr.len > PFKEY_MSG_MAXSZ) {
- error = EMSGSIZE;
- goto ret;
- }
-
- if (!(message = malloc((unsigned long) mbuf->m_pkthdr.len,
- M_PFKEY, M_DONTWAIT))) {
- error = ENOMEM;
- goto ret;
- }
-
- m_copydata(mbuf, 0, mbuf->m_pkthdr.len, message);
-
- error = pfkeyv2_send(socket, message, mbuf->m_pkthdr.len);
-
-ret:
- m_freem(mbuf);
- return (error);
-}
-
-int
-pfkey_attach(struct socket *so, int proto)
-{
- int rval;
-
- if ((so->so_state & SS_PRIV) == 0)
- return EACCES;
-
- if (!(so->so_pcb = malloc(sizeof(struct rawcb),
- M_PCB, M_DONTWAIT | M_ZERO)))
- return (ENOMEM);
-
- rval = raw_attach(so, so->so_proto->pr_protocol);
- if (rval)
- goto ret;
-
- ((struct rawcb *)so->so_pcb)->rcb_faddr = &pfkey_addr;
- soisconnected(so);
-
- so->so_options |= SO_USELOOPBACK;
- if ((rval = pfkeyv2_create(so)) != 0)
- goto ret;
-
- return (0);
-
-ret:
- free(so->so_pcb, M_PCB, sizeof(struct rawcb));
- return (rval);
-}
-
-static int
-pfkey_detach(struct socket *socket, struct proc *p)
-{
- int rval, i;
-
- rval = pfkeyv2_release(socket);
- i = raw_usrreq(socket, PRU_DETACH, NULL, NULL, NULL, p);
-
- if (!rval)
- rval = i;
-
- return (rval);
-}
-
-int
-pfkey_usrreq(struct socket *socket, int req, struct mbuf *mbuf,
- struct mbuf *nam, struct mbuf *control, struct proc *p)
-{
- int rval;
-
- switch (req) {
- case PRU_DETACH:
- return (pfkey_detach(socket, p));
-
- default:
- rval = raw_usrreq(socket, req, mbuf, nam, control, p);
- }
-
- return (rval);
-}
-
-static struct protosw pfkeysw[] = {
-{
- .pr_type = SOCK_RAW,
- .pr_domain = &pfkeydomain,
- .pr_protocol = PFKEYV2_PROTOCOL,
- .pr_flags = PR_ATOMIC | PR_ADDR,
- .pr_output = pfkey_output,
- .pr_usrreq = pfkey_usrreq,
- .pr_attach = pfkey_attach,
- .pr_sysctl = pfkeyv2_sysctl,
-}
-};
-
-struct domain pfkeydomain = {
- .dom_family = PF_KEY,
- .dom_name = "PF_KEY",
- .dom_init = pfkey_init,
- .dom_protosw = pfkeysw,
- .dom_protoswNPROTOSW = &pfkeysw[nitems(pfkeysw)],
-};
-
-void
-pfkey_init(void)
-{
- rn_init(sizeof(struct sockaddr_encap));
-}
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index d61fc480862..3f51e93a975 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.157 2017/05/27 18:50:53 claudio Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.158 2017/05/29 10:55:34 claudio Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -73,6 +73,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
+#include <sys/socketvar.h>
+#include <sys/protosw.h>
+#include <sys/domain.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/kernel.h>
@@ -82,6 +85,7 @@
#include <netinet/ip_ipsp.h>
#include <net/pfkeyv2.h>
#include <net/radix.h>
+#include <net/raw_cb.h>
#include <netinet/ip_ah.h>
#include <netinet/ip_esp.h>
#include <netinet/ip_ipcomp.h>
@@ -128,6 +132,20 @@ extern struct pool ipsec_policy_pool;
extern struct radix_node_head **spd_tables;
+#define PFKEY_MSG_MAXSZ 4096
+struct sockaddr pfkey_addr = { 2, PF_KEY, };
+struct domain pfkeydomain;
+
+void pfkey_init(void);
+
+int pfkeyv2_attach(struct socket *, int);
+int pfkeyv2_detach(struct socket *, struct proc *);
+int pfkeyv2_usrreq(struct socket *, int, struct mbuf *, struct mbuf *,
+ struct mbuf *, struct proc *);
+int pfkeyv2_output(struct mbuf *, struct socket *, struct sockaddr *,
+ struct mbuf *);
+int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
+
/*
* Wrapper around m_devget(); copy data from contiguous buffer to mbuf
* chain.
@@ -144,20 +162,62 @@ pfdatatopacket(void *data, int len, struct mbuf **packet)
return (0);
}
+static struct protosw pfkeysw[] = {
+{
+ .pr_type = SOCK_RAW,
+ .pr_domain = &pfkeydomain,
+ .pr_protocol = PF_KEY_V2,
+ .pr_flags = PR_ATOMIC | PR_ADDR,
+ .pr_output = pfkeyv2_output,
+ .pr_usrreq = pfkeyv2_usrreq,
+ .pr_attach = pfkeyv2_attach,
+ .pr_sysctl = pfkeyv2_sysctl,
+}
+};
+
+struct domain pfkeydomain = {
+ .dom_family = PF_KEY,
+ .dom_name = "PF_KEY",
+ .dom_init = pfkey_init,
+ .dom_protosw = pfkeysw,
+ .dom_protoswNPROTOSW = &pfkeysw[nitems(pfkeysw)],
+};
+
+void
+pfkey_init(void)
+{
+ rn_init(sizeof(struct sockaddr_encap));
+}
+
+
/*
- * Create a new PF_KEYv2 socket.
+ * Attach a new PF_KEYv2 socket.
*/
int
-pfkeyv2_create(struct socket *socket)
+pfkeyv2_attach(struct socket *so, int proto)
{
struct pfkeyv2_socket *pfkeyv2_socket;
+ int error;
+
+ if ((so->so_state & SS_PRIV) == 0)
+ return EACCES;
+
+ if (!(so->so_pcb = malloc(sizeof(struct rawcb),
+ M_PCB, M_DONTWAIT | M_ZERO)))
+ return (ENOMEM);
+
+ error = raw_attach(so, so->so_proto->pr_protocol);
+ if (error)
+ goto ret;
+
+ ((struct rawcb *)so->so_pcb)->rcb_faddr = &pfkey_addr;
if (!(pfkeyv2_socket = malloc(sizeof(struct pfkeyv2_socket),
M_PFKEY, M_NOWAIT | M_ZERO)))
return (ENOMEM);
pfkeyv2_socket->next = pfkeyv2_sockets;
- pfkeyv2_socket->socket = socket;
+ pfkeyv2_socket->socket = so;
pfkeyv2_socket->pid = curproc->p_p->ps_pid;
/*
@@ -168,16 +228,23 @@ pfkeyv2_create(struct socket *socket)
pfkeyv2_sockets = pfkeyv2_socket;
+ so->so_options |= SO_USELOOPBACK;
+ soisconnected(so);
+
return (0);
+ret:
+ free(so->so_pcb, M_PCB, sizeof(struct rawcb));
+ return (error);
}
/*
* Close a PF_KEYv2 socket.
*/
int
-pfkeyv2_release(struct socket *socket)
+pfkeyv2_detach(struct socket *socket, struct proc *p)
{
struct pfkeyv2_socket **pp;
+ int error;
for (pp = &pfkeyv2_sockets; *pp && ((*pp)->socket != socket);
pp = &((*pp)->next))
@@ -198,6 +265,75 @@ pfkeyv2_release(struct socket *socket)
free(pfkeyv2_socket, M_PFKEY, 0);
}
+ error = raw_usrreq(socket, PRU_DETACH, NULL, NULL, NULL, p);
+ return (error);
+}
+
+int
+pfkeyv2_usrreq(struct socket *so, int req, struct mbuf *mbuf,
+ struct mbuf *nam, struct mbuf *control, struct proc *p)
+{
+ switch (req) {
+ case PRU_DETACH:
+ return (pfkeyv2_detach(so, p));
+ default:
+ return (raw_usrreq(so, req, mbuf, nam, control, p));
+ }
+}
+
+int
+pfkeyv2_output(struct mbuf *mbuf, struct socket *socket,
+ struct sockaddr *dstaddr, struct mbuf *control)
+{
+ void *message;
+ int error = 0;
+
+#ifdef DIAGNOSTIC
+ if (!mbuf || !(mbuf->m_flags & M_PKTHDR)) {
+ error = EINVAL;
+ goto ret;
+ }
+#endif /* DIAGNOSTIC */
+
+ if (mbuf->m_pkthdr.len > PFKEY_MSG_MAXSZ) {
+ error = EMSGSIZE;
+ goto ret;
+ }
+
+ if (!(message = malloc((unsigned long) mbuf->m_pkthdr.len,
+ M_PFKEY, M_DONTWAIT))) {
+ error = ENOMEM;
+ goto ret;
+ }
+
+ m_copydata(mbuf, 0, mbuf->m_pkthdr.len, message);
+
+ error = pfkeyv2_send(socket, message, mbuf->m_pkthdr.len);
+
+ret:
+ m_freem(mbuf);
+ return (error);
+}
+
+int
+pfkey_sendup(struct socket *socket, struct mbuf *packet, int more)
+{
+ struct mbuf *packet2;
+
+ NET_ASSERT_LOCKED();
+
+ if (more) {
+ if (!(packet2 = m_dup_pkt(packet, 0, M_DONTWAIT)))
+ return (ENOMEM);
+ } else
+ packet2 = packet;
+
+ if (!sbappendaddr(&socket->so_rcv, &pfkey_addr, packet2, NULL)) {
+ m_freem(packet2);
+ return (ENOBUFS);
+ }
+
+ sorwakeup(socket);
return (0);
}
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 0e2ffdaf967..ba920779bc0 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.75 2017/05/26 19:11:20 claudio Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.76 2017/05/29 10:55:34 claudio Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) January 1998
*
@@ -394,12 +394,8 @@ int pfkeyv2_expire(struct tdb *, u_int16_t);
int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *,
union sockaddr_union *, u_int32_t *, struct sockaddr_encap *);
-int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
-
-int pfkeyv2_create(struct socket *);
int pfkeyv2_get(struct tdb *, void **, void **, int *);
int pfkeyv2_policy(struct ipsec_acquire *, void **, void **);
-int pfkeyv2_release(struct socket *);
int pfkeyv2_send(struct socket *, void *, int);
int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int, u_int);
int pfkeyv2_dump_policy(struct ipsec_policy *, void **, void **, int *);