1*bbb1b6f9SApple OSS Distributions /*
2*bbb1b6f9SApple OSS Distributions * Copyright (c) 2008-2023 Apple Inc. All rights reserved.
3*bbb1b6f9SApple OSS Distributions *
4*bbb1b6f9SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5*bbb1b6f9SApple OSS Distributions *
6*bbb1b6f9SApple OSS Distributions * This file contains Original Code and/or Modifications of Original Code
7*bbb1b6f9SApple OSS Distributions * as defined in and that are subject to the Apple Public Source License
8*bbb1b6f9SApple OSS Distributions * Version 2.0 (the 'License'). You may not use this file except in
9*bbb1b6f9SApple OSS Distributions * compliance with the License. The rights granted to you under the License
10*bbb1b6f9SApple OSS Distributions * may not be used to create, or enable the creation or redistribution of,
11*bbb1b6f9SApple OSS Distributions * unlawful or unlicensed copies of an Apple operating system, or to
12*bbb1b6f9SApple OSS Distributions * circumvent, violate, or enable the circumvention or violation of, any
13*bbb1b6f9SApple OSS Distributions * terms of an Apple operating system software license agreement.
14*bbb1b6f9SApple OSS Distributions *
15*bbb1b6f9SApple OSS Distributions * Please obtain a copy of the License at
16*bbb1b6f9SApple OSS Distributions * http://www.opensource.apple.com/apsl/ and read it before using this file.
17*bbb1b6f9SApple OSS Distributions *
18*bbb1b6f9SApple OSS Distributions * The Original Code and all software distributed under the License are
19*bbb1b6f9SApple OSS Distributions * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20*bbb1b6f9SApple OSS Distributions * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21*bbb1b6f9SApple OSS Distributions * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22*bbb1b6f9SApple OSS Distributions * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23*bbb1b6f9SApple OSS Distributions * Please see the License for the specific language governing rights and
24*bbb1b6f9SApple OSS Distributions * limitations under the License.
25*bbb1b6f9SApple OSS Distributions *
26*bbb1b6f9SApple OSS Distributions * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27*bbb1b6f9SApple OSS Distributions */
28*bbb1b6f9SApple OSS Distributions
29*bbb1b6f9SApple OSS Distributions /* $FreeBSD: src/sys/netinet6/ah_input.c,v 1.1.2.6 2002/04/28 05:40:26 suz Exp $ */
30*bbb1b6f9SApple OSS Distributions /* $KAME: ah_input.c,v 1.67 2002/01/07 11:39:56 kjc Exp $ */
31*bbb1b6f9SApple OSS Distributions
32*bbb1b6f9SApple OSS Distributions /*
33*bbb1b6f9SApple OSS Distributions * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34*bbb1b6f9SApple OSS Distributions * All rights reserved.
35*bbb1b6f9SApple OSS Distributions *
36*bbb1b6f9SApple OSS Distributions * Redistribution and use in source and binary forms, with or without
37*bbb1b6f9SApple OSS Distributions * modification, are permitted provided that the following conditions
38*bbb1b6f9SApple OSS Distributions * are met:
39*bbb1b6f9SApple OSS Distributions * 1. Redistributions of source code must retain the above copyright
40*bbb1b6f9SApple OSS Distributions * notice, this list of conditions and the following disclaimer.
41*bbb1b6f9SApple OSS Distributions * 2. Redistributions in binary form must reproduce the above copyright
42*bbb1b6f9SApple OSS Distributions * notice, this list of conditions and the following disclaimer in the
43*bbb1b6f9SApple OSS Distributions * documentation and/or other materials provided with the distribution.
44*bbb1b6f9SApple OSS Distributions * 3. Neither the name of the project nor the names of its contributors
45*bbb1b6f9SApple OSS Distributions * may be used to endorse or promote products derived from this software
46*bbb1b6f9SApple OSS Distributions * without specific prior written permission.
47*bbb1b6f9SApple OSS Distributions *
48*bbb1b6f9SApple OSS Distributions * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49*bbb1b6f9SApple OSS Distributions * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50*bbb1b6f9SApple OSS Distributions * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51*bbb1b6f9SApple OSS Distributions * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52*bbb1b6f9SApple OSS Distributions * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53*bbb1b6f9SApple OSS Distributions * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54*bbb1b6f9SApple OSS Distributions * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55*bbb1b6f9SApple OSS Distributions * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56*bbb1b6f9SApple OSS Distributions * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57*bbb1b6f9SApple OSS Distributions * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58*bbb1b6f9SApple OSS Distributions * SUCH DAMAGE.
59*bbb1b6f9SApple OSS Distributions */
60*bbb1b6f9SApple OSS Distributions
61*bbb1b6f9SApple OSS Distributions /*
62*bbb1b6f9SApple OSS Distributions * RFC1826/2402 authentication header.
63*bbb1b6f9SApple OSS Distributions */
64*bbb1b6f9SApple OSS Distributions
65*bbb1b6f9SApple OSS Distributions #include <sys/param.h>
66*bbb1b6f9SApple OSS Distributions #include <sys/systm.h>
67*bbb1b6f9SApple OSS Distributions #include <sys/malloc.h>
68*bbb1b6f9SApple OSS Distributions #include <sys/mbuf.h>
69*bbb1b6f9SApple OSS Distributions #include <sys/mcache.h>
70*bbb1b6f9SApple OSS Distributions #include <sys/domain.h>
71*bbb1b6f9SApple OSS Distributions #include <sys/protosw.h>
72*bbb1b6f9SApple OSS Distributions #include <sys/socket.h>
73*bbb1b6f9SApple OSS Distributions #include <sys/errno.h>
74*bbb1b6f9SApple OSS Distributions #include <sys/time.h>
75*bbb1b6f9SApple OSS Distributions #include <sys/kernel.h>
76*bbb1b6f9SApple OSS Distributions #include <sys/syslog.h>
77*bbb1b6f9SApple OSS Distributions
78*bbb1b6f9SApple OSS Distributions #include <net/if.h>
79*bbb1b6f9SApple OSS Distributions #include <net/if_ipsec.h>
80*bbb1b6f9SApple OSS Distributions #include <net/route.h>
81*bbb1b6f9SApple OSS Distributions #include <kern/cpu_number.h>
82*bbb1b6f9SApple OSS Distributions #include <kern/locks.h>
83*bbb1b6f9SApple OSS Distributions
84*bbb1b6f9SApple OSS Distributions #include <netinet/in.h>
85*bbb1b6f9SApple OSS Distributions #include <netinet/in_systm.h>
86*bbb1b6f9SApple OSS Distributions #include <netinet/in_var.h>
87*bbb1b6f9SApple OSS Distributions #include <netinet/ip.h>
88*bbb1b6f9SApple OSS Distributions #include <netinet/ip_var.h>
89*bbb1b6f9SApple OSS Distributions #include <netinet/ip_ecn.h>
90*bbb1b6f9SApple OSS Distributions #include <netinet/in_pcb.h>
91*bbb1b6f9SApple OSS Distributions #include <netinet6/ip6_ecn.h>
92*bbb1b6f9SApple OSS Distributions
93*bbb1b6f9SApple OSS Distributions #include <netinet/ip6.h>
94*bbb1b6f9SApple OSS Distributions #include <netinet6/ip6_var.h>
95*bbb1b6f9SApple OSS Distributions #include <netinet6/in6_pcb.h>
96*bbb1b6f9SApple OSS Distributions #include <netinet/icmp6.h>
97*bbb1b6f9SApple OSS Distributions #include <netinet6/ip6protosw.h>
98*bbb1b6f9SApple OSS Distributions
99*bbb1b6f9SApple OSS Distributions #include <netinet6/ipsec.h>
100*bbb1b6f9SApple OSS Distributions #include <netinet6/ipsec6.h>
101*bbb1b6f9SApple OSS Distributions #include <netinet6/ah.h>
102*bbb1b6f9SApple OSS Distributions #include <netinet6/ah6.h>
103*bbb1b6f9SApple OSS Distributions #include <netkey/key.h>
104*bbb1b6f9SApple OSS Distributions #include <netkey/keydb.h>
105*bbb1b6f9SApple OSS Distributions #if IPSEC_DEBUG
106*bbb1b6f9SApple OSS Distributions #include <netkey/key_debug.h>
107*bbb1b6f9SApple OSS Distributions #else
108*bbb1b6f9SApple OSS Distributions #define KEYDEBUG(lev, arg)
109*bbb1b6f9SApple OSS Distributions #endif
110*bbb1b6f9SApple OSS Distributions
111*bbb1b6f9SApple OSS Distributions #include <net/kpi_protocol.h>
112*bbb1b6f9SApple OSS Distributions #include <netinet/kpi_ipfilter_var.h>
113*bbb1b6f9SApple OSS Distributions #include <mach/sdt.h>
114*bbb1b6f9SApple OSS Distributions
115*bbb1b6f9SApple OSS Distributions #include <net/net_osdep.h>
116*bbb1b6f9SApple OSS Distributions
117*bbb1b6f9SApple OSS Distributions #define IPLEN_FLIPPED
118*bbb1b6f9SApple OSS Distributions
119*bbb1b6f9SApple OSS Distributions #if INET
120*bbb1b6f9SApple OSS Distributions void
ah4_input(struct mbuf * m,int off)121*bbb1b6f9SApple OSS Distributions ah4_input(struct mbuf *m, int off)
122*bbb1b6f9SApple OSS Distributions {
123*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 src = {};
124*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 dst = {};
125*bbb1b6f9SApple OSS Distributions struct ip *ip;
126*bbb1b6f9SApple OSS Distributions struct ah *ah;
127*bbb1b6f9SApple OSS Distributions u_int32_t spi;
128*bbb1b6f9SApple OSS Distributions const struct ah_algorithm *algo;
129*bbb1b6f9SApple OSS Distributions size_t siz;
130*bbb1b6f9SApple OSS Distributions size_t siz1;
131*bbb1b6f9SApple OSS Distributions u_char *__bidi_indexable cksum = NULL;
132*bbb1b6f9SApple OSS Distributions struct secasvar *sav = NULL;
133*bbb1b6f9SApple OSS Distributions u_int16_t nxt;
134*bbb1b6f9SApple OSS Distributions u_int8_t hlen;
135*bbb1b6f9SApple OSS Distributions size_t stripsiz = 0;
136*bbb1b6f9SApple OSS Distributions sa_family_t ifamily;
137*bbb1b6f9SApple OSS Distributions
138*bbb1b6f9SApple OSS Distributions if (m->m_len < off + sizeof(struct newah)) {
139*bbb1b6f9SApple OSS Distributions m = m_pullup(m, off + sizeof(struct newah));
140*bbb1b6f9SApple OSS Distributions if (!m) {
141*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
142*bbb1b6f9SApple OSS Distributions "dropping the packet for simplicity\n"));
143*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
144*bbb1b6f9SApple OSS Distributions goto fail;
145*bbb1b6f9SApple OSS Distributions }
146*bbb1b6f9SApple OSS Distributions }
147*bbb1b6f9SApple OSS Distributions
148*bbb1b6f9SApple OSS Distributions /* Expect 32-bit aligned data pointer on strict-align platforms */
149*bbb1b6f9SApple OSS Distributions MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
150*bbb1b6f9SApple OSS Distributions
151*bbb1b6f9SApple OSS Distributions ip = mtod(m, struct ip *);
152*bbb1b6f9SApple OSS Distributions ah = (struct ah *)(void *)(((caddr_t)ip) + off);
153*bbb1b6f9SApple OSS Distributions nxt = ah->ah_nxt;
154*bbb1b6f9SApple OSS Distributions #ifdef _IP_VHL
155*bbb1b6f9SApple OSS Distributions hlen = (u_int8_t)(IP_VHL_HL(ip->ip_vhl) << 2);
156*bbb1b6f9SApple OSS Distributions #else
157*bbb1b6f9SApple OSS Distributions hlen = (u_int8_t)(ip->ip_hl << 2);
158*bbb1b6f9SApple OSS Distributions #endif
159*bbb1b6f9SApple OSS Distributions
160*bbb1b6f9SApple OSS Distributions /* find the sassoc. */
161*bbb1b6f9SApple OSS Distributions spi = ah->ah_spi;
162*bbb1b6f9SApple OSS Distributions
163*bbb1b6f9SApple OSS Distributions ipsec_fill_ip_sockaddr_4_6(&src, ip->ip_src, 0);
164*bbb1b6f9SApple OSS Distributions ipsec_fill_ip_sockaddr_4_6(&dst, ip->ip_dst, 0);
165*bbb1b6f9SApple OSS Distributions
166*bbb1b6f9SApple OSS Distributions if ((sav = key_allocsa(&src, &dst, IPPROTO_AH, spi, NULL)) == 0) {
167*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
168*bbb1b6f9SApple OSS Distributions "IPv4 AH input: no key association found for spi %u\n",
169*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
170*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_nosa);
171*bbb1b6f9SApple OSS Distributions goto fail;
172*bbb1b6f9SApple OSS Distributions }
173*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
174*bbb1b6f9SApple OSS Distributions printf("DP ah4_input called to allocate SA:0x%llx\n",
175*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
176*bbb1b6f9SApple OSS Distributions if (sav->state != SADB_SASTATE_MATURE
177*bbb1b6f9SApple OSS Distributions && sav->state != SADB_SASTATE_DYING) {
178*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG,
179*bbb1b6f9SApple OSS Distributions "IPv4 AH input: non-mature/dying SA found for spi %u\n",
180*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
181*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
182*bbb1b6f9SApple OSS Distributions goto fail;
183*bbb1b6f9SApple OSS Distributions }
184*bbb1b6f9SApple OSS Distributions
185*bbb1b6f9SApple OSS Distributions algo = ah_algorithm_lookup(sav->alg_auth);
186*bbb1b6f9SApple OSS Distributions if (!algo) {
187*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv4 AH input: "
188*bbb1b6f9SApple OSS Distributions "unsupported authentication algorithm for spi %u\n",
189*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
190*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
191*bbb1b6f9SApple OSS Distributions goto fail;
192*bbb1b6f9SApple OSS Distributions }
193*bbb1b6f9SApple OSS Distributions
194*bbb1b6f9SApple OSS Distributions siz = (*algo->sumsiz)(sav);
195*bbb1b6f9SApple OSS Distributions siz1 = ((siz + 3) & ~(4 - 1));
196*bbb1b6f9SApple OSS Distributions
197*bbb1b6f9SApple OSS Distributions /*
198*bbb1b6f9SApple OSS Distributions * sanity checks for header, 1.
199*bbb1b6f9SApple OSS Distributions */
200*bbb1b6f9SApple OSS Distributions {
201*bbb1b6f9SApple OSS Distributions int sizoff;
202*bbb1b6f9SApple OSS Distributions
203*bbb1b6f9SApple OSS Distributions sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
204*bbb1b6f9SApple OSS Distributions
205*bbb1b6f9SApple OSS Distributions /*
206*bbb1b6f9SApple OSS Distributions * Here, we do not do "siz1 == siz". This is because the way
207*bbb1b6f9SApple OSS Distributions * RFC240[34] section 2 is written. They do not require truncation
208*bbb1b6f9SApple OSS Distributions * to 96 bits.
209*bbb1b6f9SApple OSS Distributions * For example, Microsoft IPsec stack attaches 160 bits of
210*bbb1b6f9SApple OSS Distributions * authentication data for both hmac-md5 and hmac-sha1. For hmac-sha1,
211*bbb1b6f9SApple OSS Distributions * 32 bits of padding is attached.
212*bbb1b6f9SApple OSS Distributions *
213*bbb1b6f9SApple OSS Distributions * There are two downsides to this specification.
214*bbb1b6f9SApple OSS Distributions * They have no real harm, however, they leave us fuzzy feeling.
215*bbb1b6f9SApple OSS Distributions * - if we attach more than 96 bits of authentication data onto AH,
216*bbb1b6f9SApple OSS Distributions * we will never notice about possible modification by rogue
217*bbb1b6f9SApple OSS Distributions * intermediate nodes.
218*bbb1b6f9SApple OSS Distributions * Since extra bits in AH checksum is never used, this constitutes
219*bbb1b6f9SApple OSS Distributions * no real issue, however, it is wacky.
220*bbb1b6f9SApple OSS Distributions * - even if the peer attaches big authentication data, we will never
221*bbb1b6f9SApple OSS Distributions * notice the difference, since longer authentication data will just
222*bbb1b6f9SApple OSS Distributions * work.
223*bbb1b6f9SApple OSS Distributions *
224*bbb1b6f9SApple OSS Distributions * We may need some clarification in the spec.
225*bbb1b6f9SApple OSS Distributions */
226*bbb1b6f9SApple OSS Distributions if (siz1 < siz) {
227*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "sum length too short in IPv4 AH input "
228*bbb1b6f9SApple OSS Distributions "(%u, should be at least %u): %s\n",
229*bbb1b6f9SApple OSS Distributions (u_int32_t)siz1, (u_int32_t)siz,
230*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi)));
231*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
232*bbb1b6f9SApple OSS Distributions goto fail;
233*bbb1b6f9SApple OSS Distributions }
234*bbb1b6f9SApple OSS Distributions if ((ah->ah_len << 2) - sizoff != siz1) {
235*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "sum length mismatch in IPv4 AH input "
236*bbb1b6f9SApple OSS Distributions "(%d should be %u): %s\n",
237*bbb1b6f9SApple OSS Distributions (ah->ah_len << 2) - sizoff, (u_int32_t)siz1,
238*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi)));
239*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
240*bbb1b6f9SApple OSS Distributions goto fail;
241*bbb1b6f9SApple OSS Distributions }
242*bbb1b6f9SApple OSS Distributions
243*bbb1b6f9SApple OSS Distributions if (m->m_len < off + sizeof(struct ah) + sizoff + siz1) {
244*bbb1b6f9SApple OSS Distributions VERIFY((off + sizeof(struct ah) + sizoff + siz1) <= INT_MAX);
245*bbb1b6f9SApple OSS Distributions m = m_pullup(m, (int)(off + sizeof(struct ah) + sizoff + siz1));
246*bbb1b6f9SApple OSS Distributions if (!m) {
247*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
248*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
249*bbb1b6f9SApple OSS Distributions goto fail;
250*bbb1b6f9SApple OSS Distributions }
251*bbb1b6f9SApple OSS Distributions /* Expect 32-bit aligned data ptr on strict-align platforms */
252*bbb1b6f9SApple OSS Distributions MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
253*bbb1b6f9SApple OSS Distributions
254*bbb1b6f9SApple OSS Distributions ip = mtod(m, struct ip *);
255*bbb1b6f9SApple OSS Distributions ah = (struct ah *)(void *)(((caddr_t)ip) + off);
256*bbb1b6f9SApple OSS Distributions }
257*bbb1b6f9SApple OSS Distributions }
258*bbb1b6f9SApple OSS Distributions
259*bbb1b6f9SApple OSS Distributions /*
260*bbb1b6f9SApple OSS Distributions * check for sequence number.
261*bbb1b6f9SApple OSS Distributions */
262*bbb1b6f9SApple OSS Distributions if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
263*bbb1b6f9SApple OSS Distributions if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
264*bbb1b6f9SApple OSS Distributions ; /*okey*/
265*bbb1b6f9SApple OSS Distributions } else {
266*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahreplay);
267*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
268*bbb1b6f9SApple OSS Distributions "replay packet in IPv4 AH input: %s %s\n",
269*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
270*bbb1b6f9SApple OSS Distributions goto fail;
271*bbb1b6f9SApple OSS Distributions }
272*bbb1b6f9SApple OSS Distributions }
273*bbb1b6f9SApple OSS Distributions
274*bbb1b6f9SApple OSS Distributions /*
275*bbb1b6f9SApple OSS Distributions * alright, it seems sane. now we are going to check the
276*bbb1b6f9SApple OSS Distributions * cryptographic checksum.
277*bbb1b6f9SApple OSS Distributions */
278*bbb1b6f9SApple OSS Distributions cksum = (u_char *)kalloc_data(siz1, Z_NOWAIT);
279*bbb1b6f9SApple OSS Distributions if (!cksum) {
280*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv4 AH input: "
281*bbb1b6f9SApple OSS Distributions "couldn't alloc temporary region for cksum\n"));
282*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
283*bbb1b6f9SApple OSS Distributions goto fail;
284*bbb1b6f9SApple OSS Distributions }
285*bbb1b6f9SApple OSS Distributions
286*bbb1b6f9SApple OSS Distributions /*
287*bbb1b6f9SApple OSS Distributions * some of IP header fields are flipped to the host endian.
288*bbb1b6f9SApple OSS Distributions * convert them back to network endian. VERY stupid.
289*bbb1b6f9SApple OSS Distributions */
290*bbb1b6f9SApple OSS Distributions if ((ip->ip_len + hlen) > UINT16_MAX) {
291*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv4 AH input: "
292*bbb1b6f9SApple OSS Distributions "bad length ip header len %u, total len %u\n",
293*bbb1b6f9SApple OSS Distributions ip->ip_len, hlen));
294*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
295*bbb1b6f9SApple OSS Distributions goto fail;
296*bbb1b6f9SApple OSS Distributions }
297*bbb1b6f9SApple OSS Distributions
298*bbb1b6f9SApple OSS Distributions ip->ip_len = htons((u_int16_t)(ip->ip_len + hlen));
299*bbb1b6f9SApple OSS Distributions ip->ip_off = htons(ip->ip_off);
300*bbb1b6f9SApple OSS Distributions if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
301*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
302*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
303*bbb1b6f9SApple OSS Distributions goto fail;
304*bbb1b6f9SApple OSS Distributions }
305*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahhist[sav->alg_auth]);
306*bbb1b6f9SApple OSS Distributions /*
307*bbb1b6f9SApple OSS Distributions * flip them back.
308*bbb1b6f9SApple OSS Distributions */
309*bbb1b6f9SApple OSS Distributions ip->ip_len = ntohs(ip->ip_len) - hlen;
310*bbb1b6f9SApple OSS Distributions ip->ip_off = ntohs(ip->ip_off);
311*bbb1b6f9SApple OSS Distributions
312*bbb1b6f9SApple OSS Distributions {
313*bbb1b6f9SApple OSS Distributions caddr_t sumpos = NULL;
314*bbb1b6f9SApple OSS Distributions
315*bbb1b6f9SApple OSS Distributions if (sav->flags & SADB_X_EXT_OLD) {
316*bbb1b6f9SApple OSS Distributions /* RFC 1826 */
317*bbb1b6f9SApple OSS Distributions sumpos = (caddr_t)(ah + 1);
318*bbb1b6f9SApple OSS Distributions } else {
319*bbb1b6f9SApple OSS Distributions /* RFC 2402 */
320*bbb1b6f9SApple OSS Distributions sumpos = (caddr_t)(((struct newah *)ah) + 1);
321*bbb1b6f9SApple OSS Distributions }
322*bbb1b6f9SApple OSS Distributions
323*bbb1b6f9SApple OSS Distributions if (bcmp(sumpos, cksum, siz) != 0) {
324*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
325*bbb1b6f9SApple OSS Distributions "checksum mismatch in IPv4 AH input: %s %s\n",
326*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
327*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
328*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthfail);
329*bbb1b6f9SApple OSS Distributions goto fail;
330*bbb1b6f9SApple OSS Distributions }
331*bbb1b6f9SApple OSS Distributions }
332*bbb1b6f9SApple OSS Distributions
333*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
334*bbb1b6f9SApple OSS Distributions
335*bbb1b6f9SApple OSS Distributions m->m_flags |= M_AUTHIPHDR;
336*bbb1b6f9SApple OSS Distributions m->m_flags |= M_AUTHIPDGM;
337*bbb1b6f9SApple OSS Distributions
338*bbb1b6f9SApple OSS Distributions if (m->m_flags & M_AUTHIPHDR && m->m_flags & M_AUTHIPDGM) {
339*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthsucc);
340*bbb1b6f9SApple OSS Distributions } else {
341*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
342*bbb1b6f9SApple OSS Distributions "authentication failed in IPv4 AH input: %s %s\n",
343*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
344*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthfail);
345*bbb1b6f9SApple OSS Distributions goto fail;
346*bbb1b6f9SApple OSS Distributions }
347*bbb1b6f9SApple OSS Distributions
348*bbb1b6f9SApple OSS Distributions /*
349*bbb1b6f9SApple OSS Distributions * update sequence number.
350*bbb1b6f9SApple OSS Distributions */
351*bbb1b6f9SApple OSS Distributions if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
352*bbb1b6f9SApple OSS Distributions if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
353*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_ahreplay);
354*bbb1b6f9SApple OSS Distributions goto fail;
355*bbb1b6f9SApple OSS Distributions }
356*bbb1b6f9SApple OSS Distributions }
357*bbb1b6f9SApple OSS Distributions
358*bbb1b6f9SApple OSS Distributions /* was it transmitted over the IPsec tunnel SA? */
359*bbb1b6f9SApple OSS Distributions if (sav->flags & SADB_X_EXT_OLD) {
360*bbb1b6f9SApple OSS Distributions /* RFC 1826 */
361*bbb1b6f9SApple OSS Distributions stripsiz = sizeof(struct ah) + siz1;
362*bbb1b6f9SApple OSS Distributions } else {
363*bbb1b6f9SApple OSS Distributions /* RFC 2402 */
364*bbb1b6f9SApple OSS Distributions stripsiz = sizeof(struct newah) + siz1;
365*bbb1b6f9SApple OSS Distributions }
366*bbb1b6f9SApple OSS Distributions if (ipsec4_tunnel_validate(m, (int)(off + stripsiz), nxt, sav, &ifamily)) {
367*bbb1b6f9SApple OSS Distributions ifaddr_t ifa;
368*bbb1b6f9SApple OSS Distributions struct sockaddr_storage addr;
369*bbb1b6f9SApple OSS Distributions struct sockaddr_in *ipaddr;
370*bbb1b6f9SApple OSS Distributions
371*bbb1b6f9SApple OSS Distributions /*
372*bbb1b6f9SApple OSS Distributions * strip off all the headers that precedes AH.
373*bbb1b6f9SApple OSS Distributions * IP xx AH IP' payload -> IP' payload
374*bbb1b6f9SApple OSS Distributions *
375*bbb1b6f9SApple OSS Distributions * XXX more sanity checks
376*bbb1b6f9SApple OSS Distributions * XXX relationship with gif?
377*bbb1b6f9SApple OSS Distributions */
378*bbb1b6f9SApple OSS Distributions u_int8_t tos, otos;
379*bbb1b6f9SApple OSS Distributions int sum;
380*bbb1b6f9SApple OSS Distributions
381*bbb1b6f9SApple OSS Distributions if (ifamily == AF_INET6) {
382*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "ipsec tunnel protocol mismatch "
383*bbb1b6f9SApple OSS Distributions "in IPv4 AH input: %s\n", ipsec_logsastr(sav)));
384*bbb1b6f9SApple OSS Distributions goto fail;
385*bbb1b6f9SApple OSS Distributions }
386*bbb1b6f9SApple OSS Distributions tos = ip->ip_tos;
387*bbb1b6f9SApple OSS Distributions m_adj(m, (int)(off + stripsiz));
388*bbb1b6f9SApple OSS Distributions if (m->m_len < sizeof(*ip)) {
389*bbb1b6f9SApple OSS Distributions m = m_pullup(m, sizeof(*ip));
390*bbb1b6f9SApple OSS Distributions if (!m) {
391*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
392*bbb1b6f9SApple OSS Distributions goto fail;
393*bbb1b6f9SApple OSS Distributions }
394*bbb1b6f9SApple OSS Distributions }
395*bbb1b6f9SApple OSS Distributions ip = mtod(m, struct ip *);
396*bbb1b6f9SApple OSS Distributions otos = ip->ip_tos;
397*bbb1b6f9SApple OSS Distributions /* ECN consideration. */
398*bbb1b6f9SApple OSS Distributions if (ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos) == 0) {
399*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
400*bbb1b6f9SApple OSS Distributions goto fail;
401*bbb1b6f9SApple OSS Distributions }
402*bbb1b6f9SApple OSS Distributions
403*bbb1b6f9SApple OSS Distributions if (otos != ip->ip_tos) {
404*bbb1b6f9SApple OSS Distributions sum = ~ntohs(ip->ip_sum) & 0xffff;
405*bbb1b6f9SApple OSS Distributions sum += (~otos & 0xffff) + ip->ip_tos;
406*bbb1b6f9SApple OSS Distributions sum = (sum >> 16) + (sum & 0xffff);
407*bbb1b6f9SApple OSS Distributions sum += (sum >> 16); /* add carry */
408*bbb1b6f9SApple OSS Distributions ip->ip_sum = htons(~sum & 0xffff);
409*bbb1b6f9SApple OSS Distributions }
410*bbb1b6f9SApple OSS Distributions
411*bbb1b6f9SApple OSS Distributions if (!key_checktunnelsanity(sav, AF_INET,
412*bbb1b6f9SApple OSS Distributions (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
413*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
414*bbb1b6f9SApple OSS Distributions "in IPv4 AH input: %s %s\n",
415*bbb1b6f9SApple OSS Distributions ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
416*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
417*bbb1b6f9SApple OSS Distributions goto fail;
418*bbb1b6f9SApple OSS Distributions }
419*bbb1b6f9SApple OSS Distributions
420*bbb1b6f9SApple OSS Distributions #if 1
421*bbb1b6f9SApple OSS Distributions /*
422*bbb1b6f9SApple OSS Distributions * Should the inner packet be considered authentic?
423*bbb1b6f9SApple OSS Distributions * My current answer is: NO.
424*bbb1b6f9SApple OSS Distributions *
425*bbb1b6f9SApple OSS Distributions * host1 -- gw1 === gw2 -- host2
426*bbb1b6f9SApple OSS Distributions * In this case, gw2 can trust the authenticity of the
427*bbb1b6f9SApple OSS Distributions * outer packet, but NOT inner. Packet may be altered
428*bbb1b6f9SApple OSS Distributions * between host1 and gw1.
429*bbb1b6f9SApple OSS Distributions *
430*bbb1b6f9SApple OSS Distributions * host1 -- gw1 === host2
431*bbb1b6f9SApple OSS Distributions * This case falls into the same scenario as above.
432*bbb1b6f9SApple OSS Distributions *
433*bbb1b6f9SApple OSS Distributions * host1 === host2
434*bbb1b6f9SApple OSS Distributions * This case is the only case when we may be able to leave
435*bbb1b6f9SApple OSS Distributions * M_AUTHIPHDR and M_AUTHIPDGM set.
436*bbb1b6f9SApple OSS Distributions * However, if host1 is wrongly configured, and allows
437*bbb1b6f9SApple OSS Distributions * attacker to inject some packet with src=host1 and
438*bbb1b6f9SApple OSS Distributions * dst=host2, you are in risk.
439*bbb1b6f9SApple OSS Distributions */
440*bbb1b6f9SApple OSS Distributions m->m_flags &= ~M_AUTHIPHDR;
441*bbb1b6f9SApple OSS Distributions m->m_flags &= ~M_AUTHIPDGM;
442*bbb1b6f9SApple OSS Distributions #endif
443*bbb1b6f9SApple OSS Distributions
444*bbb1b6f9SApple OSS Distributions key_sa_recordxfer(sav, m->m_pkthdr.len);
445*bbb1b6f9SApple OSS Distributions if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0 ||
446*bbb1b6f9SApple OSS Distributions ipsec_incr_history_count(m, IPPROTO_IPV4, 0) != 0) {
447*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_nomem);
448*bbb1b6f9SApple OSS Distributions goto fail;
449*bbb1b6f9SApple OSS Distributions }
450*bbb1b6f9SApple OSS Distributions
451*bbb1b6f9SApple OSS Distributions bzero(&addr, sizeof(addr));
452*bbb1b6f9SApple OSS Distributions ipaddr = (__typeof__(ipaddr)) & addr;
453*bbb1b6f9SApple OSS Distributions ipaddr->sin_family = AF_INET;
454*bbb1b6f9SApple OSS Distributions ipaddr->sin_len = sizeof(*ipaddr);
455*bbb1b6f9SApple OSS Distributions ipaddr->sin_addr = ip->ip_dst;
456*bbb1b6f9SApple OSS Distributions
457*bbb1b6f9SApple OSS Distributions // update the receiving interface address based on the inner address
458*bbb1b6f9SApple OSS Distributions ifa = ifa_ifwithaddr((struct sockaddr *)&addr);
459*bbb1b6f9SApple OSS Distributions if (ifa) {
460*bbb1b6f9SApple OSS Distributions m->m_pkthdr.rcvif = ifa->ifa_ifp;
461*bbb1b6f9SApple OSS Distributions ifa_remref(ifa);
462*bbb1b6f9SApple OSS Distributions }
463*bbb1b6f9SApple OSS Distributions
464*bbb1b6f9SApple OSS Distributions // Input via IPsec interface
465*bbb1b6f9SApple OSS Distributions lck_mtx_lock(sadb_mutex);
466*bbb1b6f9SApple OSS Distributions ifnet_t ipsec_if = sav->sah->ipsec_if;
467*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
468*bbb1b6f9SApple OSS Distributions // If an interface is found, add a reference count before dropping the lock
469*bbb1b6f9SApple OSS Distributions ifnet_reference(ipsec_if);
470*bbb1b6f9SApple OSS Distributions }
471*bbb1b6f9SApple OSS Distributions lck_mtx_unlock(sadb_mutex);
472*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
473*bbb1b6f9SApple OSS Distributions errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
474*bbb1b6f9SApple OSS Distributions ifnet_release(ipsec_if);
475*bbb1b6f9SApple OSS Distributions if (inject_error == 0) {
476*bbb1b6f9SApple OSS Distributions m = NULL;
477*bbb1b6f9SApple OSS Distributions goto done;
478*bbb1b6f9SApple OSS Distributions } else {
479*bbb1b6f9SApple OSS Distributions goto fail;
480*bbb1b6f9SApple OSS Distributions }
481*bbb1b6f9SApple OSS Distributions }
482*bbb1b6f9SApple OSS Distributions
483*bbb1b6f9SApple OSS Distributions if (proto_input(PF_INET, m) != 0) {
484*bbb1b6f9SApple OSS Distributions goto fail;
485*bbb1b6f9SApple OSS Distributions }
486*bbb1b6f9SApple OSS Distributions nxt = IPPROTO_DONE;
487*bbb1b6f9SApple OSS Distributions } else {
488*bbb1b6f9SApple OSS Distributions /*
489*bbb1b6f9SApple OSS Distributions * strip off AH.
490*bbb1b6f9SApple OSS Distributions */
491*bbb1b6f9SApple OSS Distributions
492*bbb1b6f9SApple OSS Distributions ip = mtod(m, struct ip *);
493*bbb1b6f9SApple OSS Distributions /*
494*bbb1b6f9SApple OSS Distributions * We do deep-copy since KAME requires that
495*bbb1b6f9SApple OSS Distributions * the packet is placed in a single external mbuf.
496*bbb1b6f9SApple OSS Distributions */
497*bbb1b6f9SApple OSS Distributions ovbcopy((caddr_t)ip, (caddr_t)(((u_char *)ip) + stripsiz), off);
498*bbb1b6f9SApple OSS Distributions m->m_data += stripsiz;
499*bbb1b6f9SApple OSS Distributions m->m_len -= stripsiz;
500*bbb1b6f9SApple OSS Distributions m->m_pkthdr.len -= stripsiz;
501*bbb1b6f9SApple OSS Distributions
502*bbb1b6f9SApple OSS Distributions if (m->m_len < sizeof(*ip)) {
503*bbb1b6f9SApple OSS Distributions m = m_pullup(m, sizeof(*ip));
504*bbb1b6f9SApple OSS Distributions if (m == NULL) {
505*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
506*bbb1b6f9SApple OSS Distributions goto fail;
507*bbb1b6f9SApple OSS Distributions }
508*bbb1b6f9SApple OSS Distributions }
509*bbb1b6f9SApple OSS Distributions ip = mtod(m, struct ip *);
510*bbb1b6f9SApple OSS Distributions #ifdef IPLEN_FLIPPED
511*bbb1b6f9SApple OSS Distributions ip->ip_len = (u_short)(ip->ip_len - stripsiz);
512*bbb1b6f9SApple OSS Distributions #else
513*bbb1b6f9SApple OSS Distributions ip->ip_len = htons(ntohs(ip->ip_len) - stripsiz);
514*bbb1b6f9SApple OSS Distributions #endif
515*bbb1b6f9SApple OSS Distributions ip->ip_p = (u_char)nxt;
516*bbb1b6f9SApple OSS Distributions /* forget about IP hdr checksum, the check has already been passed */
517*bbb1b6f9SApple OSS Distributions
518*bbb1b6f9SApple OSS Distributions key_sa_recordxfer(sav, m->m_pkthdr.len);
519*bbb1b6f9SApple OSS Distributions if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0) {
520*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_nomem);
521*bbb1b6f9SApple OSS Distributions goto fail;
522*bbb1b6f9SApple OSS Distributions }
523*bbb1b6f9SApple OSS Distributions
524*bbb1b6f9SApple OSS Distributions DTRACE_IP6(receive, struct mbuf *, m, struct inpcb *, NULL,
525*bbb1b6f9SApple OSS Distributions struct ip *, ip, struct ifnet *, m->m_pkthdr.rcvif,
526*bbb1b6f9SApple OSS Distributions struct ip *, ip, struct ip6_hdr *, NULL);
527*bbb1b6f9SApple OSS Distributions
528*bbb1b6f9SApple OSS Distributions if (nxt != IPPROTO_DONE) {
529*bbb1b6f9SApple OSS Distributions // Input via IPsec interface
530*bbb1b6f9SApple OSS Distributions lck_mtx_lock(sadb_mutex);
531*bbb1b6f9SApple OSS Distributions ifnet_t ipsec_if = sav->sah->ipsec_if;
532*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
533*bbb1b6f9SApple OSS Distributions // If an interface is found, add a reference count before dropping the lock
534*bbb1b6f9SApple OSS Distributions ifnet_reference(ipsec_if);
535*bbb1b6f9SApple OSS Distributions }
536*bbb1b6f9SApple OSS Distributions lck_mtx_unlock(sadb_mutex);
537*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
538*bbb1b6f9SApple OSS Distributions ip->ip_len = htons(ip->ip_len + hlen);
539*bbb1b6f9SApple OSS Distributions ip->ip_off = htons(ip->ip_off);
540*bbb1b6f9SApple OSS Distributions ip->ip_sum = 0;
541*bbb1b6f9SApple OSS Distributions ip->ip_sum = ip_cksum_hdr_in(m, hlen);
542*bbb1b6f9SApple OSS Distributions errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
543*bbb1b6f9SApple OSS Distributions ifnet_release(ipsec_if);
544*bbb1b6f9SApple OSS Distributions if (inject_error == 0) {
545*bbb1b6f9SApple OSS Distributions m = NULL;
546*bbb1b6f9SApple OSS Distributions goto done;
547*bbb1b6f9SApple OSS Distributions } else {
548*bbb1b6f9SApple OSS Distributions goto fail;
549*bbb1b6f9SApple OSS Distributions }
550*bbb1b6f9SApple OSS Distributions }
551*bbb1b6f9SApple OSS Distributions
552*bbb1b6f9SApple OSS Distributions if ((ip_protox[nxt]->pr_flags & PR_LASTHDR) != 0 &&
553*bbb1b6f9SApple OSS Distributions ipsec4_in_reject(m, NULL)) {
554*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_polvio);
555*bbb1b6f9SApple OSS Distributions goto fail;
556*bbb1b6f9SApple OSS Distributions }
557*bbb1b6f9SApple OSS Distributions ip_proto_dispatch_in(m, off, (u_int8_t)nxt, 0);
558*bbb1b6f9SApple OSS Distributions } else {
559*bbb1b6f9SApple OSS Distributions m_freem(m);
560*bbb1b6f9SApple OSS Distributions }
561*bbb1b6f9SApple OSS Distributions m = NULL;
562*bbb1b6f9SApple OSS Distributions }
563*bbb1b6f9SApple OSS Distributions done:
564*bbb1b6f9SApple OSS Distributions if (sav) {
565*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
566*bbb1b6f9SApple OSS Distributions printf("DP ah4_input call free SA:0x%llx\n",
567*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
568*bbb1b6f9SApple OSS Distributions key_freesav(sav, KEY_SADB_UNLOCKED);
569*bbb1b6f9SApple OSS Distributions }
570*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsecstat.in_success);
571*bbb1b6f9SApple OSS Distributions return;
572*bbb1b6f9SApple OSS Distributions
573*bbb1b6f9SApple OSS Distributions fail:
574*bbb1b6f9SApple OSS Distributions if (sav) {
575*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
576*bbb1b6f9SApple OSS Distributions printf("DP ah4_input call free SA:0x%llx\n",
577*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
578*bbb1b6f9SApple OSS Distributions key_freesav(sav, KEY_SADB_UNLOCKED);
579*bbb1b6f9SApple OSS Distributions }
580*bbb1b6f9SApple OSS Distributions if (m) {
581*bbb1b6f9SApple OSS Distributions m_freem(m);
582*bbb1b6f9SApple OSS Distributions }
583*bbb1b6f9SApple OSS Distributions return;
584*bbb1b6f9SApple OSS Distributions }
585*bbb1b6f9SApple OSS Distributions #endif /* INET */
586*bbb1b6f9SApple OSS Distributions
587*bbb1b6f9SApple OSS Distributions int
ah6_input(struct mbuf ** mp,int * offp,int proto)588*bbb1b6f9SApple OSS Distributions ah6_input(struct mbuf **mp, int *offp, int proto)
589*bbb1b6f9SApple OSS Distributions {
590*bbb1b6f9SApple OSS Distributions #pragma unused(proto)
591*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 src = {};
592*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 dst = {};
593*bbb1b6f9SApple OSS Distributions struct mbuf *m = *mp;
594*bbb1b6f9SApple OSS Distributions int off = *offp;
595*bbb1b6f9SApple OSS Distributions struct ip6_hdr *ip6 = NULL;
596*bbb1b6f9SApple OSS Distributions struct ah *ah = NULL;
597*bbb1b6f9SApple OSS Distributions u_int32_t spi = 0;
598*bbb1b6f9SApple OSS Distributions const struct ah_algorithm *algo = NULL;
599*bbb1b6f9SApple OSS Distributions size_t siz = 0;
600*bbb1b6f9SApple OSS Distributions size_t siz1 = 0;
601*bbb1b6f9SApple OSS Distributions u_char *__bidi_indexable cksum = NULL;
602*bbb1b6f9SApple OSS Distributions struct secasvar *sav = NULL;
603*bbb1b6f9SApple OSS Distributions u_int16_t nxt = IPPROTO_DONE;
604*bbb1b6f9SApple OSS Distributions size_t stripsiz = 0;
605*bbb1b6f9SApple OSS Distributions sa_family_t ifamily = AF_UNSPEC;
606*bbb1b6f9SApple OSS Distributions
607*bbb1b6f9SApple OSS Distributions IP6_EXTHDR_CHECK(m, off, sizeof(struct ah), {return IPPROTO_DONE;});
608*bbb1b6f9SApple OSS Distributions ah = (struct ah *)(void *)(mtod(m, caddr_t) + off);
609*bbb1b6f9SApple OSS Distributions /* Expect 32-bit aligned data pointer on strict-align platforms */
610*bbb1b6f9SApple OSS Distributions MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
611*bbb1b6f9SApple OSS Distributions
612*bbb1b6f9SApple OSS Distributions ip6 = mtod(m, struct ip6_hdr *);
613*bbb1b6f9SApple OSS Distributions nxt = ah->ah_nxt;
614*bbb1b6f9SApple OSS Distributions
615*bbb1b6f9SApple OSS Distributions /* find the sassoc. */
616*bbb1b6f9SApple OSS Distributions spi = ah->ah_spi;
617*bbb1b6f9SApple OSS Distributions
618*bbb1b6f9SApple OSS Distributions if (ntohs(ip6->ip6_plen) == 0) {
619*bbb1b6f9SApple OSS Distributions ipseclog((LOG_ERR, "IPv6 AH input: "
620*bbb1b6f9SApple OSS Distributions "AH with IPv6 jumbogram is not supported.\n"));
621*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
622*bbb1b6f9SApple OSS Distributions goto fail;
623*bbb1b6f9SApple OSS Distributions }
624*bbb1b6f9SApple OSS Distributions
625*bbb1b6f9SApple OSS Distributions ipsec_fill_ip6_sockaddr_4_6(&src, &ip6->ip6_src, 0);
626*bbb1b6f9SApple OSS Distributions ipsec_fill_ip6_sockaddr_4_6_with_ifscope(&dst, &ip6->ip6_dst, 0,
627*bbb1b6f9SApple OSS Distributions ip6_input_getsrcifscope(m));
628*bbb1b6f9SApple OSS Distributions
629*bbb1b6f9SApple OSS Distributions if ((sav = key_allocsa(&src, &dst, IPPROTO_AH, spi, NULL)) == 0) {
630*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
631*bbb1b6f9SApple OSS Distributions "IPv6 AH input: no key association found for spi %u\n",
632*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
633*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_nosa);
634*bbb1b6f9SApple OSS Distributions goto fail;
635*bbb1b6f9SApple OSS Distributions }
636*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
637*bbb1b6f9SApple OSS Distributions printf("DP ah6_input called to allocate SA:0x%llx\n",
638*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
639*bbb1b6f9SApple OSS Distributions if (sav->state != SADB_SASTATE_MATURE
640*bbb1b6f9SApple OSS Distributions && sav->state != SADB_SASTATE_DYING) {
641*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG,
642*bbb1b6f9SApple OSS Distributions "IPv6 AH input: non-mature/dying SA found for spi %u; ",
643*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
644*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_badspi);
645*bbb1b6f9SApple OSS Distributions goto fail;
646*bbb1b6f9SApple OSS Distributions }
647*bbb1b6f9SApple OSS Distributions
648*bbb1b6f9SApple OSS Distributions algo = ah_algorithm_lookup(sav->alg_auth);
649*bbb1b6f9SApple OSS Distributions if (!algo) {
650*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv6 AH input: "
651*bbb1b6f9SApple OSS Distributions "unsupported authentication algorithm for spi %u\n",
652*bbb1b6f9SApple OSS Distributions (u_int32_t)ntohl(spi)));
653*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_badspi);
654*bbb1b6f9SApple OSS Distributions goto fail;
655*bbb1b6f9SApple OSS Distributions }
656*bbb1b6f9SApple OSS Distributions
657*bbb1b6f9SApple OSS Distributions siz = (*algo->sumsiz)(sav);
658*bbb1b6f9SApple OSS Distributions siz1 = ((siz + 3) & ~(4 - 1));
659*bbb1b6f9SApple OSS Distributions
660*bbb1b6f9SApple OSS Distributions /*
661*bbb1b6f9SApple OSS Distributions * sanity checks for header, 1.
662*bbb1b6f9SApple OSS Distributions */
663*bbb1b6f9SApple OSS Distributions {
664*bbb1b6f9SApple OSS Distributions int sizoff;
665*bbb1b6f9SApple OSS Distributions
666*bbb1b6f9SApple OSS Distributions sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
667*bbb1b6f9SApple OSS Distributions
668*bbb1b6f9SApple OSS Distributions /*
669*bbb1b6f9SApple OSS Distributions * Here, we do not do "siz1 == siz". See ah4_input() for complete
670*bbb1b6f9SApple OSS Distributions * description.
671*bbb1b6f9SApple OSS Distributions */
672*bbb1b6f9SApple OSS Distributions if (siz1 < siz) {
673*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "sum length too short in IPv6 AH input "
674*bbb1b6f9SApple OSS Distributions "(%u, should be at least %u): %s\n",
675*bbb1b6f9SApple OSS Distributions (u_int32_t)siz1, (u_int32_t)siz,
676*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi)));
677*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
678*bbb1b6f9SApple OSS Distributions goto fail;
679*bbb1b6f9SApple OSS Distributions }
680*bbb1b6f9SApple OSS Distributions if ((ah->ah_len << 2) - sizoff != siz1) {
681*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "sum length mismatch in IPv6 AH input "
682*bbb1b6f9SApple OSS Distributions "(%d should be %u): %s\n",
683*bbb1b6f9SApple OSS Distributions (ah->ah_len << 2) - sizoff, (u_int32_t)siz1,
684*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi)));
685*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
686*bbb1b6f9SApple OSS Distributions goto fail;
687*bbb1b6f9SApple OSS Distributions }
688*bbb1b6f9SApple OSS Distributions VERIFY((sizeof(struct ah) + sizoff + siz1) <= INT_MAX);
689*bbb1b6f9SApple OSS Distributions IP6_EXTHDR_CHECK(m, off, (int)(sizeof(struct ah) + sizoff + siz1),
690*bbb1b6f9SApple OSS Distributions {goto fail;});
691*bbb1b6f9SApple OSS Distributions ip6 = mtod(m, struct ip6_hdr *);
692*bbb1b6f9SApple OSS Distributions ah = (struct ah *)(void *)(mtod(m, caddr_t) + off);
693*bbb1b6f9SApple OSS Distributions }
694*bbb1b6f9SApple OSS Distributions
695*bbb1b6f9SApple OSS Distributions /*
696*bbb1b6f9SApple OSS Distributions * check for sequence number.
697*bbb1b6f9SApple OSS Distributions */
698*bbb1b6f9SApple OSS Distributions if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
699*bbb1b6f9SApple OSS Distributions if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
700*bbb1b6f9SApple OSS Distributions ; /*okey*/
701*bbb1b6f9SApple OSS Distributions } else {
702*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahreplay);
703*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
704*bbb1b6f9SApple OSS Distributions "replay packet in IPv6 AH input: %s %s\n",
705*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi),
706*bbb1b6f9SApple OSS Distributions ipsec_logsastr(sav)));
707*bbb1b6f9SApple OSS Distributions goto fail;
708*bbb1b6f9SApple OSS Distributions }
709*bbb1b6f9SApple OSS Distributions }
710*bbb1b6f9SApple OSS Distributions
711*bbb1b6f9SApple OSS Distributions /*
712*bbb1b6f9SApple OSS Distributions * alright, it seems sane. now we are going to check the
713*bbb1b6f9SApple OSS Distributions * cryptographic checksum.
714*bbb1b6f9SApple OSS Distributions */
715*bbb1b6f9SApple OSS Distributions cksum = (u_char *)kalloc_data(siz1, Z_NOWAIT);
716*bbb1b6f9SApple OSS Distributions if (!cksum) {
717*bbb1b6f9SApple OSS Distributions ipseclog((LOG_DEBUG, "IPv6 AH input: "
718*bbb1b6f9SApple OSS Distributions "couldn't alloc temporary region for cksum\n"));
719*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
720*bbb1b6f9SApple OSS Distributions goto fail;
721*bbb1b6f9SApple OSS Distributions }
722*bbb1b6f9SApple OSS Distributions
723*bbb1b6f9SApple OSS Distributions if (ah6_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
724*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
725*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
726*bbb1b6f9SApple OSS Distributions goto fail;
727*bbb1b6f9SApple OSS Distributions }
728*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahhist[sav->alg_auth]);
729*bbb1b6f9SApple OSS Distributions
730*bbb1b6f9SApple OSS Distributions {
731*bbb1b6f9SApple OSS Distributions caddr_t sumpos = NULL;
732*bbb1b6f9SApple OSS Distributions
733*bbb1b6f9SApple OSS Distributions if (sav->flags & SADB_X_EXT_OLD) {
734*bbb1b6f9SApple OSS Distributions /* RFC 1826 */
735*bbb1b6f9SApple OSS Distributions sumpos = (caddr_t)(ah + 1);
736*bbb1b6f9SApple OSS Distributions } else {
737*bbb1b6f9SApple OSS Distributions /* RFC 2402 */
738*bbb1b6f9SApple OSS Distributions sumpos = (caddr_t)(((struct newah *)ah) + 1);
739*bbb1b6f9SApple OSS Distributions }
740*bbb1b6f9SApple OSS Distributions
741*bbb1b6f9SApple OSS Distributions if (bcmp(sumpos, cksum, siz) != 0) {
742*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
743*bbb1b6f9SApple OSS Distributions "checksum mismatch in IPv6 AH input: %s %s\n",
744*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
745*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
746*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthfail);
747*bbb1b6f9SApple OSS Distributions goto fail;
748*bbb1b6f9SApple OSS Distributions }
749*bbb1b6f9SApple OSS Distributions }
750*bbb1b6f9SApple OSS Distributions
751*bbb1b6f9SApple OSS Distributions kfree_data(cksum, siz1);
752*bbb1b6f9SApple OSS Distributions
753*bbb1b6f9SApple OSS Distributions m->m_flags |= M_AUTHIPHDR;
754*bbb1b6f9SApple OSS Distributions m->m_flags |= M_AUTHIPDGM;
755*bbb1b6f9SApple OSS Distributions
756*bbb1b6f9SApple OSS Distributions if (m->m_flags & M_AUTHIPHDR && m->m_flags & M_AUTHIPDGM) {
757*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthsucc);
758*bbb1b6f9SApple OSS Distributions } else {
759*bbb1b6f9SApple OSS Distributions ipseclog((LOG_WARNING,
760*bbb1b6f9SApple OSS Distributions "authentication failed in IPv6 AH input: %s %s\n",
761*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
762*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthfail);
763*bbb1b6f9SApple OSS Distributions goto fail;
764*bbb1b6f9SApple OSS Distributions }
765*bbb1b6f9SApple OSS Distributions
766*bbb1b6f9SApple OSS Distributions /*
767*bbb1b6f9SApple OSS Distributions * update sequence number.
768*bbb1b6f9SApple OSS Distributions */
769*bbb1b6f9SApple OSS Distributions if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
770*bbb1b6f9SApple OSS Distributions if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
771*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_ahreplay);
772*bbb1b6f9SApple OSS Distributions goto fail;
773*bbb1b6f9SApple OSS Distributions }
774*bbb1b6f9SApple OSS Distributions }
775*bbb1b6f9SApple OSS Distributions
776*bbb1b6f9SApple OSS Distributions /* was it transmitted over the IPsec tunnel SA? */
777*bbb1b6f9SApple OSS Distributions if (sav->flags & SADB_X_EXT_OLD) {
778*bbb1b6f9SApple OSS Distributions /* RFC 1826 */
779*bbb1b6f9SApple OSS Distributions stripsiz = sizeof(struct ah) + siz1;
780*bbb1b6f9SApple OSS Distributions } else {
781*bbb1b6f9SApple OSS Distributions /* RFC 2402 */
782*bbb1b6f9SApple OSS Distributions stripsiz = sizeof(struct newah) + siz1;
783*bbb1b6f9SApple OSS Distributions }
784*bbb1b6f9SApple OSS Distributions if (ipsec6_tunnel_validate(m, (int)(off + stripsiz), nxt, sav, &ifamily)) {
785*bbb1b6f9SApple OSS Distributions ifaddr_t ifa;
786*bbb1b6f9SApple OSS Distributions struct sockaddr_storage addr;
787*bbb1b6f9SApple OSS Distributions struct sockaddr_in6 *ip6addr;
788*bbb1b6f9SApple OSS Distributions /*
789*bbb1b6f9SApple OSS Distributions * strip off all the headers that precedes AH.
790*bbb1b6f9SApple OSS Distributions * IP6 xx AH IP6' payload -> IP6' payload
791*bbb1b6f9SApple OSS Distributions *
792*bbb1b6f9SApple OSS Distributions * XXX more sanity checks
793*bbb1b6f9SApple OSS Distributions * XXX relationship with gif?
794*bbb1b6f9SApple OSS Distributions */
795*bbb1b6f9SApple OSS Distributions u_int32_t flowinfo; /*net endian*/
796*bbb1b6f9SApple OSS Distributions
797*bbb1b6f9SApple OSS Distributions if (ifamily == AF_INET) {
798*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "ipsec tunnel protocol mismatch "
799*bbb1b6f9SApple OSS Distributions "in IPv6 AH input: %s\n", ipsec_logsastr(sav)));
800*bbb1b6f9SApple OSS Distributions goto fail;
801*bbb1b6f9SApple OSS Distributions }
802*bbb1b6f9SApple OSS Distributions
803*bbb1b6f9SApple OSS Distributions flowinfo = ip6->ip6_flow;
804*bbb1b6f9SApple OSS Distributions m_adj(m, (int)(off + stripsiz));
805*bbb1b6f9SApple OSS Distributions if (m->m_len < sizeof(*ip6)) {
806*bbb1b6f9SApple OSS Distributions /*
807*bbb1b6f9SApple OSS Distributions * m_pullup is prohibited in KAME IPv6 input processing
808*bbb1b6f9SApple OSS Distributions * but there's no other way!
809*bbb1b6f9SApple OSS Distributions */
810*bbb1b6f9SApple OSS Distributions m = m_pullup(m, sizeof(*ip6));
811*bbb1b6f9SApple OSS Distributions if (!m) {
812*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
813*bbb1b6f9SApple OSS Distributions goto fail;
814*bbb1b6f9SApple OSS Distributions }
815*bbb1b6f9SApple OSS Distributions }
816*bbb1b6f9SApple OSS Distributions ip6 = mtod(m, struct ip6_hdr *);
817*bbb1b6f9SApple OSS Distributions /* ECN consideration. */
818*bbb1b6f9SApple OSS Distributions if (ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow) == 0) {
819*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
820*bbb1b6f9SApple OSS Distributions goto fail;
821*bbb1b6f9SApple OSS Distributions }
822*bbb1b6f9SApple OSS Distributions if (!key_checktunnelsanity(sav, AF_INET6,
823*bbb1b6f9SApple OSS Distributions (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
824*bbb1b6f9SApple OSS Distributions ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
825*bbb1b6f9SApple OSS Distributions "in IPv6 AH input: %s %s\n",
826*bbb1b6f9SApple OSS Distributions ipsec6_logpacketstr(ip6, spi),
827*bbb1b6f9SApple OSS Distributions ipsec_logsastr(sav)));
828*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
829*bbb1b6f9SApple OSS Distributions goto fail;
830*bbb1b6f9SApple OSS Distributions }
831*bbb1b6f9SApple OSS Distributions
832*bbb1b6f9SApple OSS Distributions /*
833*bbb1b6f9SApple OSS Distributions * should the inner packet be considered authentic?
834*bbb1b6f9SApple OSS Distributions * see comment in ah4_input().
835*bbb1b6f9SApple OSS Distributions */
836*bbb1b6f9SApple OSS Distributions m->m_flags &= ~M_AUTHIPHDR;
837*bbb1b6f9SApple OSS Distributions m->m_flags &= ~M_AUTHIPDGM;
838*bbb1b6f9SApple OSS Distributions
839*bbb1b6f9SApple OSS Distributions key_sa_recordxfer(sav, m->m_pkthdr.len);
840*bbb1b6f9SApple OSS Distributions if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0 ||
841*bbb1b6f9SApple OSS Distributions ipsec_incr_history_count(m, IPPROTO_IPV6, 0) != 0) {
842*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_nomem);
843*bbb1b6f9SApple OSS Distributions goto fail;
844*bbb1b6f9SApple OSS Distributions }
845*bbb1b6f9SApple OSS Distributions
846*bbb1b6f9SApple OSS Distributions bzero(&addr, sizeof(addr));
847*bbb1b6f9SApple OSS Distributions ip6addr = (__typeof__(ip6addr)) & addr;
848*bbb1b6f9SApple OSS Distributions ip6addr->sin6_family = AF_INET6;
849*bbb1b6f9SApple OSS Distributions ip6addr->sin6_len = sizeof(*ip6addr);
850*bbb1b6f9SApple OSS Distributions ip6addr->sin6_addr = ip6->ip6_dst;
851*bbb1b6f9SApple OSS Distributions
852*bbb1b6f9SApple OSS Distributions // update the receiving interface address based on the inner address
853*bbb1b6f9SApple OSS Distributions ifa = ifa_ifwithaddr((struct sockaddr *)&addr);
854*bbb1b6f9SApple OSS Distributions if (ifa) {
855*bbb1b6f9SApple OSS Distributions m->m_pkthdr.rcvif = ifa->ifa_ifp;
856*bbb1b6f9SApple OSS Distributions ifa_remref(ifa);
857*bbb1b6f9SApple OSS Distributions }
858*bbb1b6f9SApple OSS Distributions
859*bbb1b6f9SApple OSS Distributions // Input via IPsec interface
860*bbb1b6f9SApple OSS Distributions lck_mtx_lock(sadb_mutex);
861*bbb1b6f9SApple OSS Distributions ifnet_t ipsec_if = sav->sah->ipsec_if;
862*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
863*bbb1b6f9SApple OSS Distributions // If an interface is found, add a reference count before dropping the lock
864*bbb1b6f9SApple OSS Distributions ifnet_reference(ipsec_if);
865*bbb1b6f9SApple OSS Distributions }
866*bbb1b6f9SApple OSS Distributions lck_mtx_unlock(sadb_mutex);
867*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
868*bbb1b6f9SApple OSS Distributions errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
869*bbb1b6f9SApple OSS Distributions ifnet_release(ipsec_if);
870*bbb1b6f9SApple OSS Distributions if (inject_error == 0) {
871*bbb1b6f9SApple OSS Distributions m = NULL;
872*bbb1b6f9SApple OSS Distributions nxt = IPPROTO_DONE;
873*bbb1b6f9SApple OSS Distributions goto done;
874*bbb1b6f9SApple OSS Distributions } else {
875*bbb1b6f9SApple OSS Distributions goto fail;
876*bbb1b6f9SApple OSS Distributions }
877*bbb1b6f9SApple OSS Distributions }
878*bbb1b6f9SApple OSS Distributions
879*bbb1b6f9SApple OSS Distributions if (proto_input(PF_INET6, m) != 0) {
880*bbb1b6f9SApple OSS Distributions goto fail;
881*bbb1b6f9SApple OSS Distributions }
882*bbb1b6f9SApple OSS Distributions nxt = IPPROTO_DONE;
883*bbb1b6f9SApple OSS Distributions } else {
884*bbb1b6f9SApple OSS Distributions /*
885*bbb1b6f9SApple OSS Distributions * strip off AH.
886*bbb1b6f9SApple OSS Distributions */
887*bbb1b6f9SApple OSS Distributions char *prvnxtp;
888*bbb1b6f9SApple OSS Distributions
889*bbb1b6f9SApple OSS Distributions /*
890*bbb1b6f9SApple OSS Distributions * Copy the value of the next header field of AH to the
891*bbb1b6f9SApple OSS Distributions * next header field of the previous header.
892*bbb1b6f9SApple OSS Distributions * This is necessary because AH will be stripped off below.
893*bbb1b6f9SApple OSS Distributions */
894*bbb1b6f9SApple OSS Distributions prvnxtp = ip6_get_prevhdr(m, off); /* XXX */
895*bbb1b6f9SApple OSS Distributions *prvnxtp = (u_int8_t)nxt;
896*bbb1b6f9SApple OSS Distributions
897*bbb1b6f9SApple OSS Distributions ip6 = mtod(m, struct ip6_hdr *);
898*bbb1b6f9SApple OSS Distributions /*
899*bbb1b6f9SApple OSS Distributions * We do deep-copy since KAME requires that
900*bbb1b6f9SApple OSS Distributions * the packet is placed in a single mbuf.
901*bbb1b6f9SApple OSS Distributions */
902*bbb1b6f9SApple OSS Distributions ovbcopy((caddr_t)ip6, ((caddr_t)ip6) + stripsiz, off);
903*bbb1b6f9SApple OSS Distributions m->m_data += stripsiz;
904*bbb1b6f9SApple OSS Distributions m->m_len -= stripsiz;
905*bbb1b6f9SApple OSS Distributions m->m_pkthdr.len -= stripsiz;
906*bbb1b6f9SApple OSS Distributions ip6 = mtod(m, struct ip6_hdr *);
907*bbb1b6f9SApple OSS Distributions /* XXX jumbogram */
908*bbb1b6f9SApple OSS Distributions ip6->ip6_plen = htons((u_int16_t)(ntohs(ip6->ip6_plen) - stripsiz));
909*bbb1b6f9SApple OSS Distributions
910*bbb1b6f9SApple OSS Distributions key_sa_recordxfer(sav, m->m_pkthdr.len);
911*bbb1b6f9SApple OSS Distributions if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0) {
912*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_nomem);
913*bbb1b6f9SApple OSS Distributions goto fail;
914*bbb1b6f9SApple OSS Distributions }
915*bbb1b6f9SApple OSS Distributions
916*bbb1b6f9SApple OSS Distributions // Input via IPsec interface
917*bbb1b6f9SApple OSS Distributions lck_mtx_lock(sadb_mutex);
918*bbb1b6f9SApple OSS Distributions ifnet_t ipsec_if = sav->sah->ipsec_if;
919*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
920*bbb1b6f9SApple OSS Distributions // If an interface is found, add a reference count before dropping the lock
921*bbb1b6f9SApple OSS Distributions ifnet_reference(ipsec_if);
922*bbb1b6f9SApple OSS Distributions }
923*bbb1b6f9SApple OSS Distributions lck_mtx_unlock(sadb_mutex);
924*bbb1b6f9SApple OSS Distributions if (ipsec_if != NULL) {
925*bbb1b6f9SApple OSS Distributions errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
926*bbb1b6f9SApple OSS Distributions ifnet_release(ipsec_if);
927*bbb1b6f9SApple OSS Distributions if (inject_error == 0) {
928*bbb1b6f9SApple OSS Distributions m = NULL;
929*bbb1b6f9SApple OSS Distributions nxt = IPPROTO_DONE;
930*bbb1b6f9SApple OSS Distributions goto done;
931*bbb1b6f9SApple OSS Distributions } else {
932*bbb1b6f9SApple OSS Distributions goto fail;
933*bbb1b6f9SApple OSS Distributions }
934*bbb1b6f9SApple OSS Distributions }
935*bbb1b6f9SApple OSS Distributions }
936*bbb1b6f9SApple OSS Distributions
937*bbb1b6f9SApple OSS Distributions done:
938*bbb1b6f9SApple OSS Distributions *offp = off;
939*bbb1b6f9SApple OSS Distributions *mp = m;
940*bbb1b6f9SApple OSS Distributions if (sav) {
941*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
942*bbb1b6f9SApple OSS Distributions printf("DP ah6_input call free SA:0x%llx\n",
943*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
944*bbb1b6f9SApple OSS Distributions key_freesav(sav, KEY_SADB_UNLOCKED);
945*bbb1b6f9SApple OSS Distributions }
946*bbb1b6f9SApple OSS Distributions IPSEC_STAT_INCREMENT(ipsec6stat.in_success);
947*bbb1b6f9SApple OSS Distributions return nxt;
948*bbb1b6f9SApple OSS Distributions
949*bbb1b6f9SApple OSS Distributions fail:
950*bbb1b6f9SApple OSS Distributions if (sav) {
951*bbb1b6f9SApple OSS Distributions KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
952*bbb1b6f9SApple OSS Distributions printf("DP ah6_input call free SA:0x%llx\n",
953*bbb1b6f9SApple OSS Distributions (uint64_t)VM_KERNEL_ADDRPERM(sav)));
954*bbb1b6f9SApple OSS Distributions key_freesav(sav, KEY_SADB_UNLOCKED);
955*bbb1b6f9SApple OSS Distributions }
956*bbb1b6f9SApple OSS Distributions if (m) {
957*bbb1b6f9SApple OSS Distributions m_freem(m);
958*bbb1b6f9SApple OSS Distributions *mp = NULL;
959*bbb1b6f9SApple OSS Distributions }
960*bbb1b6f9SApple OSS Distributions return IPPROTO_DONE;
961*bbb1b6f9SApple OSS Distributions }
962*bbb1b6f9SApple OSS Distributions
963*bbb1b6f9SApple OSS Distributions void
ah6_ctlinput(int cmd,struct sockaddr * sa,void * d)964*bbb1b6f9SApple OSS Distributions ah6_ctlinput(int cmd, struct sockaddr *sa, void *d)
965*bbb1b6f9SApple OSS Distributions {
966*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 src = {};
967*bbb1b6f9SApple OSS Distributions union sockaddr_in_4_6 dst = {};
968*bbb1b6f9SApple OSS Distributions const struct newah *ahp;
969*bbb1b6f9SApple OSS Distributions struct newah ah;
970*bbb1b6f9SApple OSS Distributions struct secasvar *sav;
971*bbb1b6f9SApple OSS Distributions struct ip6_hdr *ip6;
972*bbb1b6f9SApple OSS Distributions struct mbuf *m;
973*bbb1b6f9SApple OSS Distributions struct ip6ctlparam *ip6cp = NULL;
974*bbb1b6f9SApple OSS Distributions struct sockaddr_in6 *sa6_src, *sa6_dst;
975*bbb1b6f9SApple OSS Distributions int off = 0;
976*bbb1b6f9SApple OSS Distributions
977*bbb1b6f9SApple OSS Distributions if (sa->sa_family != AF_INET6 ||
978*bbb1b6f9SApple OSS Distributions sa->sa_len != sizeof(struct sockaddr_in6)) {
979*bbb1b6f9SApple OSS Distributions return;
980*bbb1b6f9SApple OSS Distributions }
981*bbb1b6f9SApple OSS Distributions if ((unsigned)cmd >= PRC_NCMDS) {
982*bbb1b6f9SApple OSS Distributions return;
983*bbb1b6f9SApple OSS Distributions }
984*bbb1b6f9SApple OSS Distributions
985*bbb1b6f9SApple OSS Distributions /* if the parameter is from icmp6, decode it. */
986*bbb1b6f9SApple OSS Distributions if (d != NULL) {
987*bbb1b6f9SApple OSS Distributions ip6cp = (struct ip6ctlparam *)d;
988*bbb1b6f9SApple OSS Distributions m = ip6cp->ip6c_m;
989*bbb1b6f9SApple OSS Distributions ip6 = ip6cp->ip6c_ip6;
990*bbb1b6f9SApple OSS Distributions off = ip6cp->ip6c_off;
991*bbb1b6f9SApple OSS Distributions } else {
992*bbb1b6f9SApple OSS Distributions m = NULL;
993*bbb1b6f9SApple OSS Distributions ip6 = NULL;
994*bbb1b6f9SApple OSS Distributions }
995*bbb1b6f9SApple OSS Distributions
996*bbb1b6f9SApple OSS Distributions if (ip6) {
997*bbb1b6f9SApple OSS Distributions /*
998*bbb1b6f9SApple OSS Distributions * XXX: We assume that when ip6 is non NULL,
999*bbb1b6f9SApple OSS Distributions * M and OFF are valid.
1000*bbb1b6f9SApple OSS Distributions */
1001*bbb1b6f9SApple OSS Distributions
1002*bbb1b6f9SApple OSS Distributions /* check if we can safely examine src and dst ports */
1003*bbb1b6f9SApple OSS Distributions if (m->m_pkthdr.len < off + sizeof(ah)) {
1004*bbb1b6f9SApple OSS Distributions return;
1005*bbb1b6f9SApple OSS Distributions }
1006*bbb1b6f9SApple OSS Distributions
1007*bbb1b6f9SApple OSS Distributions if (m->m_len < off + sizeof(ah)) {
1008*bbb1b6f9SApple OSS Distributions /*
1009*bbb1b6f9SApple OSS Distributions * this should be rare case,
1010*bbb1b6f9SApple OSS Distributions * so we compromise on this copy...
1011*bbb1b6f9SApple OSS Distributions */
1012*bbb1b6f9SApple OSS Distributions m_copydata(m, off, sizeof(ah), (caddr_t)&ah);
1013*bbb1b6f9SApple OSS Distributions ahp = &ah;
1014*bbb1b6f9SApple OSS Distributions } else {
1015*bbb1b6f9SApple OSS Distributions ahp = (struct newah *)(void *)(mtod(m, caddr_t) + off);
1016*bbb1b6f9SApple OSS Distributions }
1017*bbb1b6f9SApple OSS Distributions
1018*bbb1b6f9SApple OSS Distributions if (cmd == PRC_MSGSIZE) {
1019*bbb1b6f9SApple OSS Distributions int valid = 0;
1020*bbb1b6f9SApple OSS Distributions
1021*bbb1b6f9SApple OSS Distributions /*
1022*bbb1b6f9SApple OSS Distributions * Check to see if we have a valid SA corresponding to
1023*bbb1b6f9SApple OSS Distributions * the address in the ICMP message payload.
1024*bbb1b6f9SApple OSS Distributions */
1025*bbb1b6f9SApple OSS Distributions sa6_src = ip6cp->ip6c_src;
1026*bbb1b6f9SApple OSS Distributions sa6_dst = SIN6(sa);
1027*bbb1b6f9SApple OSS Distributions ipsec_fill_ip6_sockaddr_4_6(&src, &sa6_src->sin6_addr, 0);
1028*bbb1b6f9SApple OSS Distributions ipsec_fill_ip6_sockaddr_4_6_with_ifscope(&dst,
1029*bbb1b6f9SApple OSS Distributions &sa6_dst->sin6_addr, 0, sa6_dst->sin6_scope_id);
1030*bbb1b6f9SApple OSS Distributions
1031*bbb1b6f9SApple OSS Distributions sav = key_allocsa(&src, &dst, IPPROTO_AH, ahp->ah_spi, NULL);
1032*bbb1b6f9SApple OSS Distributions if (sav) {
1033*bbb1b6f9SApple OSS Distributions if (sav->state == SADB_SASTATE_MATURE ||
1034*bbb1b6f9SApple OSS Distributions sav->state == SADB_SASTATE_DYING) {
1035*bbb1b6f9SApple OSS Distributions valid++;
1036*bbb1b6f9SApple OSS Distributions }
1037*bbb1b6f9SApple OSS Distributions key_freesav(sav, KEY_SADB_UNLOCKED);
1038*bbb1b6f9SApple OSS Distributions }
1039*bbb1b6f9SApple OSS Distributions
1040*bbb1b6f9SApple OSS Distributions /* XXX Further validation? */
1041*bbb1b6f9SApple OSS Distributions
1042*bbb1b6f9SApple OSS Distributions /*
1043*bbb1b6f9SApple OSS Distributions * Depending on the value of "valid" and routing table
1044*bbb1b6f9SApple OSS Distributions * size (mtudisc_{hi,lo}wat), we will:
1045*bbb1b6f9SApple OSS Distributions * - recalcurate the new MTU and create the
1046*bbb1b6f9SApple OSS Distributions * corresponding routing entry, or
1047*bbb1b6f9SApple OSS Distributions * - ignore the MTU change notification.
1048*bbb1b6f9SApple OSS Distributions */
1049*bbb1b6f9SApple OSS Distributions icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
1050*bbb1b6f9SApple OSS Distributions }
1051*bbb1b6f9SApple OSS Distributions
1052*bbb1b6f9SApple OSS Distributions /* we normally notify single pcb here */
1053*bbb1b6f9SApple OSS Distributions } else {
1054*bbb1b6f9SApple OSS Distributions /* we normally notify any pcb here */
1055*bbb1b6f9SApple OSS Distributions }
1056*bbb1b6f9SApple OSS Distributions }
1057