1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #ifndef _INET_KEYSOCK_H
  27 #define _INET_KEYSOCK_H
  28 
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32 
  33 extern int keysock_opt_get(queue_t *, int, int, uchar_t *);
  34 extern int keysock_opt_set(queue_t *, uint_t, int, int, uint_t,
  35     uchar_t *, uint_t *, uchar_t *, void *, cred_t *cr);
  36 
  37 /*
  38  * Object to represent database of options to search passed to
  39  * {sock,tpi}optcom_req() interface routine to take care of option
  40  * management and associated methods.
  41  */
  42 
  43 extern optdb_obj_t      keysock_opt_obj;
  44 extern uint_t           keysock_max_optsize;
  45 
  46 /*
  47  * KEYSOCK stack instances
  48  */
  49 struct keysock_stack {
  50         netstack_t              *keystack_netstack;     /* Common netstack */
  51         /*
  52          * keysock_plumbed: zero if plumb not attempted, positive if it
  53          * succeeded,  negative if it failed.
  54          */
  55         int                     keystack_plumbed;
  56         caddr_t                 keystack_g_nd;
  57         struct keysockparam_s   *keystack_params;
  58 
  59         kmutex_t                keystack_param_lock;
  60                                 /* Protects the NDD variables. */
  61 
  62         /* List of open PF_KEY sockets, protected by keysock_list_lock. */
  63         kmutex_t                keystack_list_lock;
  64         struct keysock_s        *keystack_list;
  65 
  66         /*
  67          * Consumers table. If an entry is NULL, keysock maintains
  68          * the table.
  69          */
  70         kmutex_t                keystack_consumers_lock;
  71 
  72 #define KEYSOCK_MAX_CONSUMERS 256
  73         struct keysock_consumer_s *keystack_consumers[KEYSOCK_MAX_CONSUMERS];
  74 
  75         /*
  76          * State for flush/dump.  This would normally be a boolean_t, but
  77          * cas32() works best for a known 32-bit quantity.
  78          */
  79         uint32_t                keystack_flushdump;
  80         int                     keystack_flushdump_errno;
  81 
  82         /*
  83          * This integer counts the number of extended REGISTERed sockets.  This
  84          * determines if we should send extended REGISTERs.
  85          */
  86         uint32_t                keystack_num_extended;
  87 
  88         /*
  89          * Global sequence space for SADB_ACQUIRE messages of any sort.
  90          */
  91         uint32_t                keystack_acquire_seq;
  92 };
  93 typedef struct keysock_stack keysock_stack_t;
  94 
  95 /*
  96  * keysock session state (one per open PF_KEY socket (i.e. as a driver))
  97  *
  98  * I keep these in a linked list, and assign a monotonically increasing
  99  * serial ## (which is also the minor number).
 100  */
 101 
 102 typedef struct keysock_s {
 103         /* Protected by keysock_list_lock. */
 104         struct keysock_s *keysock_next; /* Next in list */
 105         struct keysock_s **keysock_ptpn; /* Pointer to previous next */
 106 
 107         kmutex_t keysock_lock; /* Protects the following. */
 108         queue_t *keysock_rq;   /* Read queue - putnext() to userland */
 109         queue_t *keysock_wq;   /* Write queue */
 110 
 111         uint_t keysock_state;
 112         uint_t keysock_flags;
 113         /* If SADB_SATYPE_MAX (in net/pfkeyv2.h) > 255, rewhack this. */
 114         uint64_t keysock_registered[4]; /* Registered types for this socket. */
 115 
 116         /* Also protected by keysock_list_lock. */
 117         minor_t keysock_serial; /* Serial number of this socket. */
 118         keysock_stack_t         *keysock_keystack;
 119 } keysock_t;
 120 
 121 #define KEYSOCK_NOLOOP  0x1     /* Don't loopback messages (no replies). */
 122 #define KEYSOCK_PROMISC 0x2     /* Give me all outbound messages. */
 123                                 /* DANGER:      Setting this requires EXTRA */
 124                                 /*              privilege on an MLS box. */
 125 #define KEYSOCK_EXTENDED 0x4    /* Extended REGISTER received. */
 126 
 127 /* My apologies for the ugliness of this macro.  And using constants. */
 128 #define KEYSOCK_ISREG(ks, satype) (((ks)->keysock_registered[(satype) >> 3]) & \
 129         (1 << ((satype) & 63)))
 130 #define KEYSOCK_SETREG(ks, satype) (ks)->keysock_registered[(satype) >> 3] |= \
 131         (1 << ((satype) & 63))
 132 
 133 /*
 134  * Keysock consumers (i.e. AH, ESP), in array based on sadb_msg_satype.
 135  * For module instances.
 136  */
 137 
 138 typedef struct keysock_consumer_s {
 139         kmutex_t kc_lock;       /* Protects instance. */
 140 
 141         queue_t *kc_rq;         /* Read queue, requests from AH, ESP. */
 142         queue_t *kc_wq;         /* Write queue, putnext down */
 143 
 144         /* Other goodies as a need them. */
 145         uint8_t                 kc_sa_type;     /* What sort of SA am I? */
 146         uint_t                  kc_flags;
 147         keysock_stack_t         *kc_keystack;
 148 } keysock_consumer_t;
 149 
 150 /* Can only set flags when keysock_consumer_lock is held. */
 151 #define KC_INTERNAL 0x1         /* Consumer maintained by keysock itself. */
 152 #define KC_FLUSHING 0x2         /* SADB_FLUSH pending on this consumer. */
 153 
 154 extern int keysock_plumb_ipsec(netstack_t *);
 155 
 156 #ifdef  __cplusplus
 157 }
 158 #endif
 159 
 160 #endif /* _INET_KEYSOCK_H */