static int key

static int key_spdadd()

in bsd/netkey/key.c [445:638]
160 lines of code
5 McCabe index (conditional complexity)

static int key_spdadd(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static u_int32_t key_getnewspid(void);
static int key_spddelete(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spddelete2(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spdenable(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spddisable(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spdget(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spdflush(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_spddump(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static struct mbuf *key_setdumpsp(struct secpolicy *,
    u_int8_t, u_int32_t, u_int32_t);
static u_int key_getspreqmsglen(struct secpolicy *);
static int key_spdexpire(struct secpolicy *);
static struct secashead *key_newsah(struct secasindex *, ifnet_t, u_int, u_int8_t, u_int16_t);
static struct secasvar *key_newsav(struct mbuf *,
    const struct sadb_msghdr *, struct secashead *, int *,
    struct socket *);
static struct secashead *key_getsah(struct secasindex *, u_int16_t);
static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
static void key_setspi __P((struct secasvar *, u_int32_t));
static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
static int key_setsaval(struct secasvar *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_mature(struct secasvar *);
static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
    u_int8_t, u_int32_t, u_int32_t);
static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
    u_int32_t, pid_t, u_int16_t);
static struct mbuf *key_setsadbsa(struct secasvar *);
static struct mbuf *key_setsadbaddr(u_int16_t,
    struct sockaddr *, size_t, u_int8_t);
static struct mbuf *key_setsadbipsecif(ifnet_t, ifnet_t, ifnet_t, u_int8_t);
static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t, u_int16_t);
static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
    u_int32_t);
static void *key_newbuf(const void *, u_int);
static int key_ismyaddr6(struct sockaddr_in6 *);
static void key_update_natt_keepalive_timestamp(struct secasvar *, struct secasvar *);

/* flags for key_cmpsaidx() */
#define CMP_HEAD        0x1     /* protocol, addresses. */
#define CMP_PORT        0x2     /* additionally HEAD, reqid, mode. */
#define CMP_REQID       0x4     /* additionally HEAD, reqid. */
#define CMP_MODE        0x8       /* additionally mode. */
#define CMP_EXACTLY     0xF     /* all elements. */
static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);

static int key_cmpspidx_exactly(struct secpolicyindex *,
    struct secpolicyindex *);
static int key_cmpspidx_withmask(struct secpolicyindex *,
    struct secpolicyindex *);
static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
static int key_is_addr_in_range(struct sockaddr_storage *, struct secpolicyaddrrange *);
static int key_bbcmp(caddr_t, caddr_t, u_int);
static void key_srandom(void);
static u_int8_t key_satype2proto(u_int8_t);
static u_int8_t key_proto2satype(u_int16_t);

static int key_getspi(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
static int key_update(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_add(struct socket *, struct mbuf *, const struct sadb_msghdr *);
static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *);
static int key_delete(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_get(struct socket *, struct mbuf *, const struct sadb_msghdr *);

static void key_getcomb_setlifetime(struct sadb_comb *);
#if IPSEC_ESP
static struct mbuf *key_getcomb_esp(void);
#endif
static struct mbuf *key_getcomb_ah(void);
static struct mbuf *key_getprop(const struct secasindex *);

static int key_acquire(struct secasindex *, struct secpolicy *);
#ifndef IPSEC_NONBLOCK_ACQUIRE
static struct secacq *key_newacq(struct secasindex *);
static struct secacq *key_getacq(struct secasindex *);
static struct secacq *key_getacqbyseq(u_int32_t);
#endif
static struct secspacq *key_newspacq(struct secpolicyindex *);
static struct secspacq *key_getspacq(struct secpolicyindex *);
static int key_acquire2(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_register(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_expire(struct secasvar *);
static int key_flush(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_dump(struct socket *, struct mbuf *, const struct sadb_msghdr *);
static int key_promisc(struct socket *, struct mbuf *,
    const struct sadb_msghdr *);
static int key_senderror(struct socket *, struct mbuf *, int);
static int key_validate_ext(const struct sadb_ext *, int);
static int key_align(struct mbuf *, struct sadb_msghdr *);
static struct mbuf *key_alloc_mbuf(int);
static int key_getsastat(struct socket *, struct mbuf *, const struct sadb_msghdr *);
static int key_migrate(struct socket *, struct mbuf *, const struct sadb_msghdr *);
static void bzero_keys(const struct sadb_msghdr *);

extern int ipsec_bypass;
extern int esp_udp_encap_port;
int ipsec_send_natt_keepalive(struct secasvar *sav);
bool ipsec_fill_offload_frame(ifnet_t ifp, struct secasvar *sav, struct ifnet_keepalive_offload_frame *frame, size_t frame_data_offset);

void key_init(struct protosw *, struct domain *);

/*
 * PF_KEY init
 * setup locks, call raw_init(), and then init timer and associated data
 *
 */
void
key_init(struct protosw *pp, struct domain *dp)
{
	static int key_initialized = 0;
	int i;

	VERIFY((pp->pr_flags & (PR_INITIALIZED | PR_ATTACHED)) == PR_ATTACHED);

	_CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= _MHLEN);
	_CASSERT(MAX_REPLAY_WINDOWS == MBUF_TC_MAX);

	if (key_initialized) {
		return;
	}
	key_initialized = 1;

	sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
	sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
	sadb_mutex_attr = lck_attr_alloc_init();

	lck_mtx_init(sadb_mutex, sadb_mutex_grp, sadb_mutex_attr);

	pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
	pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
	pfkey_stat_mutex_attr = lck_attr_alloc_init();

	lck_mtx_init(pfkey_stat_mutex, pfkey_stat_mutex_grp, pfkey_stat_mutex_attr);

	for (i = 0; i < SPIHASHSIZE; i++) {
		LIST_INIT(&spihash[i]);
	}

	raw_init(pp, dp);

	bzero((caddr_t)&key_cb, sizeof(key_cb));

	for (i = 0; i < IPSEC_DIR_MAX; i++) {
		LIST_INIT(&sptree[i]);
	}
	ipsec_policy_count = 0;

	LIST_INIT(&sahtree);
	LIST_INIT(&custom_sahtree);

	for (i = 0; i <= SADB_SATYPE_MAX; i++) {
		LIST_INIT(&regtree[i]);
	}
	ipsec_sav_count = 0;

#ifndef IPSEC_NONBLOCK_ACQUIRE
	LIST_INIT(&acqtree);
#endif
	LIST_INIT(&spacqtree);

	/* system default */
#if INET
	ip4_def_policy.policy = IPSEC_POLICY_NONE;
	ip4_def_policy.refcnt++;        /*never reclaim this*/
#endif
	ip6_def_policy.policy = IPSEC_POLICY_NONE;
	ip6_def_policy.refcnt++;        /*never reclaim this*/

	key_timehandler_running = 0;

	/* initialize key statistics */
	keystat.getspi_count = 1;

	esp_init();
#ifndef __APPLE__
	printf("IPsec: Initialized Security Association Processing.\n");
#endif
}