Separate out the length checks from IP dispatch and also do them along
[dragonfly.git] / sys / netinet6 / ah_input.c
1 /*      $FreeBSD: src/sys/netinet6/ah_input.c,v 1.1.2.6 2002/04/28 05:40:26 suz Exp $   */
2 /*      $DragonFly: src/sys/netinet6/ah_input.c,v 1.9 2004/10/20 05:00:36 hsu Exp $     */
3 /*      $KAME: ah_input.c,v 1.67 2002/01/07 11:39:56 kjc Exp $  */
4
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33
34 /*
35  * RFC1826/2402 authentication header.
36  */
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/malloc.h>
44 #include <sys/mbuf.h>
45 #include <sys/domain.h>
46 #include <sys/protosw.h>
47 #include <sys/socket.h>
48 #include <sys/errno.h>
49 #include <sys/time.h>
50 #include <sys/syslog.h>
51
52 #include <net/if.h>
53 #include <net/route.h>
54 #include <net/netisr.h>
55 #include <machine/cpu.h>
56 #include <machine/stdarg.h>
57
58 #include <netinet/in.h>
59 #include <netinet/in_systm.h>
60 #include <netinet/in_var.h>
61 #include <netinet/ip.h>
62 #include <netinet/ip_var.h>
63 #include <netinet/ip_ecn.h>
64 #ifdef INET6
65 #include <netinet6/ip6_ecn.h>
66 #endif
67
68 #ifdef INET6
69 #include <netinet/ip6.h>
70 #include <netinet6/ip6_var.h>
71 #include <netinet6/in6_pcb.h>
72 #include <netinet/icmp6.h>
73 #include <netinet6/ip6protosw.h>
74 #endif
75
76 #include <netinet6/ipsec.h>
77 #ifdef INET6
78 #include <netinet6/ipsec6.h>
79 #endif
80 #include <netinet6/ah.h>
81 #ifdef INET6
82 #include <netinet6/ah6.h>
83 #endif
84 #include <netproto/key/key.h>
85 #include <netproto/key/keydb.h>
86 #ifdef IPSEC_DEBUG
87 #include <netproto/key/key_debug.h>
88 #else
89 #define KEYDEBUG(lev,arg)
90 #endif
91
92 #include <machine/stdarg.h>
93
94 #include <net/net_osdep.h>
95
96 #define IPLEN_FLIPPED
97
98 #ifdef INET
99 #include <netinet/ipprotosw.h>
100 extern struct ipprotosw inetsw[];
101
102 void
103 ah4_input(struct mbuf *m, ...)
104 {
105         int off, proto;
106         struct ip *ip;
107         struct ah *ah;
108         u_int32_t spi;
109         const struct ah_algorithm *algo;
110         size_t siz;
111         size_t siz1;
112         u_char *cksum;
113         struct secasvar *sav = NULL;
114         u_int16_t nxt;
115         size_t hlen;
116         size_t stripsiz = 0;
117         __va_list ap;
118
119         __va_start(ap, m);
120         off = __va_arg(ap, int);
121         proto = __va_arg(ap, int);
122         __va_end(ap);
123
124 #ifndef PULLDOWN_TEST
125         if (m->m_len < off + sizeof(struct newah)) {
126                 m = m_pullup(m, off + sizeof(struct newah));
127                 if (!m) {
128                         ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
129                                 "dropping the packet for simplicity\n"));
130                         ipsecstat.in_inval++;
131                         goto fail;
132                 }
133         }
134
135         ip = mtod(m, struct ip *);
136         ah = (struct ah *)(((caddr_t)ip) + off);
137 #else
138         ip = mtod(m, struct ip *);
139         IP6_EXTHDR_GET(ah, struct ah *, m, off, sizeof(struct newah));
140         if (ah == NULL) {
141                 ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
142                         "dropping the packet for simplicity\n"));
143                 ipsecstat.in_inval++;
144                 goto fail;
145         }
146 #endif
147         nxt = ah->ah_nxt;
148 #ifdef _IP_VHL
149         hlen = IP_VHL_HL(ip->ip_vhl) << 2;
150 #else
151         hlen = ip->ip_hl << 2;
152 #endif
153
154         /* find the sassoc. */
155         spi = ah->ah_spi;
156
157         if ((sav = key_allocsa(AF_INET,
158                               (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
159                               IPPROTO_AH, spi)) == 0) {
160                 ipseclog((LOG_WARNING,
161                     "IPv4 AH input: no key association found for spi %u\n",
162                     (u_int32_t)ntohl(spi)));
163                 ipsecstat.in_nosa++;
164                 goto fail;
165         }
166         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
167                 printf("DP ah4_input called to allocate SA:%p\n", sav));
168         if (sav->state != SADB_SASTATE_MATURE
169          && sav->state != SADB_SASTATE_DYING) {
170                 ipseclog((LOG_DEBUG,
171                     "IPv4 AH input: non-mature/dying SA found for spi %u\n",
172                     (u_int32_t)ntohl(spi)));
173                 ipsecstat.in_badspi++;
174                 goto fail;
175         }
176
177         algo = ah_algorithm_lookup(sav->alg_auth);
178         if (!algo) {
179                 ipseclog((LOG_DEBUG, "IPv4 AH input: "
180                     "unsupported authentication algorithm for spi %u\n",
181                     (u_int32_t)ntohl(spi)));
182                 ipsecstat.in_badspi++;
183                 goto fail;
184         }
185
186         siz = (*algo->sumsiz)(sav);
187         siz1 = ((siz + 3) & ~(4 - 1));
188
189         /*
190          * sanity checks for header, 1.
191          */
192     {
193         int sizoff;
194
195         sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
196
197         /*
198          * Here, we do not do "siz1 == siz".  This is because the way
199          * RFC240[34] section 2 is written.  They do not require truncation
200          * to 96 bits.
201          * For example, Microsoft IPsec stack attaches 160 bits of
202          * authentication data for both hmac-md5 and hmac-sha1.  For hmac-sha1,
203          * 32 bits of padding is attached.
204          *
205          * There are two downsides to this specification.
206          * They have no real harm, however, they leave us fuzzy feeling.
207          * - if we attach more than 96 bits of authentication data onto AH,
208          *   we will never notice about possible modification by rogue
209          *   intermediate nodes.
210          *   Since extra bits in AH checksum is never used, this constitutes
211          *   no real issue, however, it is wacky.
212          * - even if the peer attaches big authentication data, we will never
213          *   notice the difference, since longer authentication data will just
214          *   work.
215          *
216          * We may need some clarification in the spec.
217          */
218         if (siz1 < siz) {
219                 ipseclog((LOG_NOTICE, "sum length too short in IPv4 AH input "
220                     "(%lu, should be at least %lu): %s\n",
221                     (u_long)siz1, (u_long)siz,
222                     ipsec4_logpacketstr(ip, spi)));
223                 ipsecstat.in_inval++;
224                 goto fail;
225         }
226         if ((ah->ah_len << 2) - sizoff != siz1) {
227                 ipseclog((LOG_NOTICE, "sum length mismatch in IPv4 AH input "
228                     "(%d should be %lu): %s\n",
229                     (ah->ah_len << 2) - sizoff, (u_long)siz1,
230                     ipsec4_logpacketstr(ip, spi)));
231                 ipsecstat.in_inval++;
232                 goto fail;
233         }
234
235 #ifndef PULLDOWN_TEST
236         if (m->m_len < off + sizeof(struct ah) + sizoff + siz1) {
237                 m = m_pullup(m, off + sizeof(struct ah) + sizoff + siz1);
238                 if (!m) {
239                         ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
240                         ipsecstat.in_inval++;
241                         goto fail;
242                 }
243
244                 ip = mtod(m, struct ip *);
245                 ah = (struct ah *)(((caddr_t)ip) + off);
246         }
247 #else
248         IP6_EXTHDR_GET(ah, struct ah *, m, off,
249                 sizeof(struct ah) + sizoff + siz1);
250         if (ah == NULL) {
251                 ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
252                 ipsecstat.in_inval++;
253                 goto fail;
254         }
255 #endif
256     }
257
258         /*
259          * check for sequence number.
260          */
261         if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
262                 if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
263                         ; /* okey */
264                 else {
265                         ipsecstat.in_ahreplay++;
266                         ipseclog((LOG_WARNING,
267                             "replay packet in IPv4 AH input: %s %s\n",
268                             ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
269                         goto fail;
270                 }
271         }
272
273         /*
274          * alright, it seems sane.  now we are going to check the
275          * cryptographic checksum.
276          */
277         cksum = malloc(siz1, M_TEMP, M_NOWAIT);
278         if (!cksum) {
279                 ipseclog((LOG_DEBUG, "IPv4 AH input: "
280                     "couldn't alloc temporary region for cksum\n"));
281                 ipsecstat.in_inval++;
282                 goto fail;
283         }
284         
285         /*
286          * some of IP header fields are flipped to the host endian.
287          * convert them back to network endian.  VERY stupid.
288          */
289         ip->ip_len = htons(ip->ip_len + hlen);
290         ip->ip_off = htons(ip->ip_off);
291         if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
292                 free(cksum, M_TEMP);
293                 ipsecstat.in_inval++;
294                 goto fail;
295         }
296         ipsecstat.in_ahhist[sav->alg_auth]++;
297         /*
298          * flip them back.
299          */
300         ip->ip_len = ntohs(ip->ip_len) - hlen;
301         ip->ip_off = ntohs(ip->ip_off);
302
303     {
304         caddr_t sumpos = NULL;
305
306         if (sav->flags & SADB_X_EXT_OLD) {
307                 /* RFC 1826 */
308                 sumpos = (caddr_t)(ah + 1);
309         } else {
310                 /* RFC 2402 */
311                 sumpos = (caddr_t)(((struct newah *)ah) + 1);
312         }
313
314         if (bcmp(sumpos, cksum, siz) != 0) {
315                 ipseclog((LOG_WARNING,
316                     "checksum mismatch in IPv4 AH input: %s %s\n",
317                     ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
318                 free(cksum, M_TEMP);
319                 ipsecstat.in_ahauthfail++;
320                 goto fail;
321         }
322     }
323
324         free(cksum, M_TEMP);
325
326         m->m_flags |= M_AUTHIPHDR;
327         m->m_flags |= M_AUTHIPDGM;
328
329 #if 0
330         /*
331          * looks okey, but we need more sanity check.
332          * XXX should elaborate.
333          */
334         if (ah->ah_nxt == IPPROTO_IPIP || ah->ah_nxt == IPPROTO_IP) {
335                 struct ip *nip;
336                 size_t sizoff;
337
338                 sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
339
340                 if (m->m_len < off + sizeof(struct ah) + sizoff + siz1 + hlen) {
341                         m = m_pullup(m, off + sizeof(struct ah)
342                                         + sizoff + siz1 + hlen);
343                         if (!m) {
344                                 ipseclog((LOG_DEBUG,
345                                     "IPv4 AH input: can't pullup\n"));
346                                 ipsecstat.in_inval++;
347                                 goto fail;
348                         }
349                 }
350
351                 nip = (struct ip *)((u_char *)(ah + 1) + sizoff + siz1);
352                 if (nip->ip_src.s_addr != ip->ip_src.s_addr
353                  || nip->ip_dst.s_addr != ip->ip_dst.s_addr) {
354                         m->m_flags &= ~M_AUTHIPHDR;
355                         m->m_flags &= ~M_AUTHIPDGM;
356                 }
357         }
358 #ifdef INET6
359         else if (ah->ah_nxt == IPPROTO_IPV6) {
360                 m->m_flags &= ~M_AUTHIPHDR;
361                 m->m_flags &= ~M_AUTHIPDGM;
362         }
363 #endif /* INET6 */
364 #endif /* 0 */
365
366         if (m->m_flags & M_AUTHIPHDR
367          && m->m_flags & M_AUTHIPDGM) {
368 #if 0
369                 ipseclog((LOG_DEBUG,
370                     "IPv4 AH input: authentication succeess\n"));
371 #endif
372                 ipsecstat.in_ahauthsucc++;
373         } else {
374                 ipseclog((LOG_WARNING,
375                     "authentication failed in IPv4 AH input: %s %s\n",
376                     ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
377                 ipsecstat.in_ahauthfail++;
378                 goto fail;
379         }
380
381         /*
382          * update sequence number.
383          */
384         if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
385                 if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav)) {
386                         ipsecstat.in_ahreplay++;
387                         goto fail;
388                 }
389         }
390
391         /* was it transmitted over the IPsec tunnel SA? */
392         if (sav->flags & SADB_X_EXT_OLD) {
393                 /* RFC 1826 */
394                 stripsiz = sizeof(struct ah) + siz1;
395         } else {
396                 /* RFC 2402 */
397                 stripsiz = sizeof(struct newah) + siz1;
398         }
399         if (ipsec4_tunnel_validate(m, off + stripsiz, nxt, sav)) {
400                 /*
401                  * strip off all the headers that precedes AH.
402                  *      IP xx AH IP' payload -> IP' payload
403                  *
404                  * XXX more sanity checks
405                  * XXX relationship with gif?
406                  */
407                 u_int8_t tos;
408
409                 tos = ip->ip_tos;
410                 m_adj(m, off + stripsiz);
411                 if (m->m_len < sizeof(*ip)) {
412                         m = m_pullup(m, sizeof(*ip));
413                         if (!m) {
414                                 ipsecstat.in_inval++;
415                                 goto fail;
416                         }
417                 }
418                 ip = mtod(m, struct ip *);
419                 /* ECN consideration. */
420                 ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos);
421                 if (!key_checktunnelsanity(sav, AF_INET,
422                             (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
423                         ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
424                             "in IPv4 AH input: %s %s\n",
425                             ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
426                         ipsecstat.in_inval++;
427                         goto fail;
428                 }
429
430 #if 1
431                 /*
432                  * Should the inner packet be considered authentic?
433                  * My current answer is: NO.
434                  *
435                  * host1 -- gw1 === gw2 -- host2
436                  *      In this case, gw2 can trust the authenticity of the
437                  *      outer packet, but NOT inner.  Packet may be altered
438                  *      between host1 and gw1.
439                  *
440                  * host1 -- gw1 === host2
441                  *      This case falls into the same scenario as above.
442                  *
443                  * host1 === host2
444                  *      This case is the only case when we may be able to leave
445                  *      M_AUTHIPHDR and M_AUTHIPDGM set.
446                  *      However, if host1 is wrongly configured, and allows
447                  *      attacker to inject some packet with src=host1 and
448                  *      dst=host2, you are in risk.
449                  */
450                 m->m_flags &= ~M_AUTHIPHDR;
451                 m->m_flags &= ~M_AUTHIPDGM;
452 #endif
453
454                 key_sa_recordxfer(sav, m);
455                 if (ipsec_addhist(m, IPPROTO_AH, spi) != 0 ||
456                     ipsec_addhist(m, IPPROTO_IPV4, 0) != 0) {
457                         ipsecstat.in_nomem++;
458                         goto fail;
459                 }
460
461                 if (netisr_queue(NETISR_IP, m)) {
462                         ipsecstat.in_inval++;
463                         m = NULL;
464                         goto fail;
465                 }
466
467                 nxt = IPPROTO_DONE;
468         } else {
469                 /*
470                  * strip off AH.
471                  */
472
473                 ip = mtod(m, struct ip *);
474 #ifndef PULLDOWN_TEST
475                 /*
476                  * We do deep-copy since KAME requires that
477                  * the packet is placed in a single external mbuf.
478                  */
479                 ovbcopy((caddr_t)ip, (caddr_t)(((u_char *)ip) + stripsiz), off);
480                 m->m_data += stripsiz;
481                 m->m_len -= stripsiz;
482                 m->m_pkthdr.len -= stripsiz;
483 #else
484                 /*
485                  * even in m_pulldown case, we need to strip off AH so that
486                  * we can compute checksum for multiple AH correctly.
487                  */
488                 if (m->m_len >= stripsiz + off) {
489                         ovbcopy((caddr_t)ip, ((caddr_t)ip) + stripsiz, off);
490                         m->m_data += stripsiz;
491                         m->m_len -= stripsiz;
492                         m->m_pkthdr.len -= stripsiz;
493                 } else {
494                         /*
495                          * this comes with no copy if the boundary is on
496                          * cluster
497                          */
498                         struct mbuf *n;
499
500                         n = m_split(m, off, MB_DONTWAIT);
501                         if (n == NULL) {
502                                 /* m is retained by m_split */
503                                 goto fail;
504                         }
505                         m_adj(n, stripsiz);
506                         m_cat(m, n);
507                         /* m_cat does not update m_pkthdr.len */
508                         m->m_pkthdr.len += n->m_pkthdr.len;
509                 }
510 #endif
511
512                 if (m->m_len < sizeof(*ip)) {
513                         m = m_pullup(m, sizeof(*ip));
514                         if (m == NULL) {
515                                 ipsecstat.in_inval++;
516                                 goto fail;
517                         }
518                 }
519                 ip = mtod(m, struct ip *);
520 #ifdef IPLEN_FLIPPED
521                 ip->ip_len = ip->ip_len - stripsiz;
522 #else
523                 ip->ip_len = htons(ntohs(ip->ip_len) - stripsiz);
524 #endif
525                 ip->ip_p = nxt;
526                 /* forget about IP hdr checksum, the check has already been passed */
527
528                 key_sa_recordxfer(sav, m);
529                 if (ipsec_addhist(m, IPPROTO_AH, spi) != 0) {
530                         ipsecstat.in_nomem++;
531                         goto fail;
532                 }
533
534                 if (nxt != IPPROTO_DONE) {
535                         if ((inetsw[ip_protox[nxt]].pr_flags & PR_LASTHDR) &&
536                             ipsec4_in_reject(m, NULL)) {
537                                 ipsecstat.in_polvio++;
538                                 goto fail;
539                         }
540                         if (!ip_lengthcheck(&m)) {
541                                 m = NULL;       /* freed in ip_lengthcheck() */
542                                 goto fail;
543                         }
544                         (*inetsw[ip_protox[nxt]].pr_input)(m, off, nxt);
545                 } else
546                         m_freem(m);
547                 m = NULL;
548         }
549
550         if (sav) {
551                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
552                         printf("DP ah4_input call free SA:%p\n", sav));
553                 key_freesav(sav);
554         }
555         ipsecstat.in_success++;
556         return;
557
558 fail:
559         if (sav) {
560                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
561                         printf("DP ah4_input call free SA:%p\n", sav));
562                 key_freesav(sav);
563         }
564         if (m)
565                 m_freem(m);
566         return;
567 }
568 #endif /* INET */
569
570 #ifdef INET6
571 int
572 ah6_input(struct mbuf **mp, int *offp, int proto)
573 {
574         struct mbuf *m = *mp;
575         int off = *offp;
576         struct ip6_hdr *ip6;
577         struct ah *ah;
578         u_int32_t spi;
579         const struct ah_algorithm *algo;
580         size_t siz;
581         size_t siz1;
582         u_char *cksum;
583         struct secasvar *sav = NULL;
584         u_int16_t nxt;
585         size_t stripsiz = 0;
586
587 #ifndef PULLDOWN_TEST
588         IP6_EXTHDR_CHECK(m, off, sizeof(struct ah), IPPROTO_DONE);
589         ah = (struct ah *)(mtod(m, caddr_t) + off);
590 #else
591         IP6_EXTHDR_GET(ah, struct ah *, m, off, sizeof(struct newah));
592         if (ah == NULL) {
593                 ipseclog((LOG_DEBUG, "IPv6 AH input: can't pullup\n"));
594                 ipsec6stat.in_inval++;
595                 return IPPROTO_DONE;
596         }
597 #endif
598         ip6 = mtod(m, struct ip6_hdr *);
599         nxt = ah->ah_nxt;
600
601         /* find the sassoc. */
602         spi = ah->ah_spi;
603
604         if (ntohs(ip6->ip6_plen) == 0) {
605                 ipseclog((LOG_ERR, "IPv6 AH input: "
606                     "AH with IPv6 jumbogram is not supported.\n"));
607                 ipsec6stat.in_inval++;
608                 goto fail;
609         }
610
611         if ((sav = key_allocsa(AF_INET6,
612                               (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst,
613                               IPPROTO_AH, spi)) == 0) {
614                 ipseclog((LOG_WARNING,
615                     "IPv6 AH input: no key association found for spi %u\n",
616                     (u_int32_t)ntohl(spi)));
617                 ipsec6stat.in_nosa++;
618                 goto fail;
619         }
620         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
621                 printf("DP ah6_input called to allocate SA:%p\n", sav));
622         if (sav->state != SADB_SASTATE_MATURE
623          && sav->state != SADB_SASTATE_DYING) {
624                 ipseclog((LOG_DEBUG,
625                     "IPv6 AH input: non-mature/dying SA found for spi %u; ",
626                     (u_int32_t)ntohl(spi)));
627                 ipsec6stat.in_badspi++;
628                 goto fail;
629         }
630
631         algo = ah_algorithm_lookup(sav->alg_auth);
632         if (!algo) {
633                 ipseclog((LOG_DEBUG, "IPv6 AH input: "
634                     "unsupported authentication algorithm for spi %u\n",
635                     (u_int32_t)ntohl(spi)));
636                 ipsec6stat.in_badspi++;
637                 goto fail;
638         }
639
640         siz = (*algo->sumsiz)(sav);
641         siz1 = ((siz + 3) & ~(4 - 1));
642
643         /*
644          * sanity checks for header, 1.
645          */
646     {
647         int sizoff;
648
649         sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
650
651         /*
652          * Here, we do not do "siz1 == siz".  See ah4_input() for complete
653          * description.
654          */
655         if (siz1 < siz) {
656                 ipseclog((LOG_NOTICE, "sum length too short in IPv6 AH input "
657                     "(%lu, should be at least %lu): %s\n",
658                     (u_long)siz1, (u_long)siz,
659                     ipsec6_logpacketstr(ip6, spi)));
660                 ipsec6stat.in_inval++;
661                 goto fail;
662         }
663         if ((ah->ah_len << 2) - sizoff != siz1) {
664                 ipseclog((LOG_NOTICE, "sum length mismatch in IPv6 AH input "
665                     "(%d should be %lu): %s\n",
666                     (ah->ah_len << 2) - sizoff, (u_long)siz1,
667                     ipsec6_logpacketstr(ip6, spi)));
668                 ipsec6stat.in_inval++;
669                 goto fail;
670         }
671 #ifndef PULLDOWN_TEST
672         IP6_EXTHDR_CHECK(m, off, sizeof(struct ah) + sizoff + siz1, IPPROTO_DONE);
673 #else
674         IP6_EXTHDR_GET(ah, struct ah *, m, off,
675                 sizeof(struct ah) + sizoff + siz1);
676         if (ah == NULL) {
677                 ipseclog((LOG_NOTICE, "couldn't pullup gather IPv6 AH checksum part"));
678                 ipsec6stat.in_inval++;
679                 m = NULL;
680                 goto fail;
681         }
682 #endif
683     }
684
685         /*
686          * check for sequence number.
687          */
688         if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
689                 if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav))
690                         ; /* okey */
691                 else {
692                         ipsec6stat.in_ahreplay++;
693                         ipseclog((LOG_WARNING,
694                             "replay packet in IPv6 AH input: %s %s\n",
695                             ipsec6_logpacketstr(ip6, spi),
696                             ipsec_logsastr(sav)));
697                         goto fail;
698                 }
699         }
700
701         /*
702          * alright, it seems sane.  now we are going to check the
703          * cryptographic checksum.
704          */
705         cksum = malloc(siz1, M_TEMP, M_NOWAIT);
706         if (!cksum) {
707                 ipseclog((LOG_DEBUG, "IPv6 AH input: "
708                     "couldn't alloc temporary region for cksum\n"));
709                 ipsec6stat.in_inval++;
710                 goto fail;
711         }
712         
713         if (ah6_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
714                 free(cksum, M_TEMP);
715                 ipsec6stat.in_inval++;
716                 goto fail;
717         }
718         ipsec6stat.in_ahhist[sav->alg_auth]++;
719
720     {
721         caddr_t sumpos = NULL;
722
723         if (sav->flags & SADB_X_EXT_OLD) {
724                 /* RFC 1826 */
725                 sumpos = (caddr_t)(ah + 1);
726         } else {
727                 /* RFC 2402 */
728                 sumpos = (caddr_t)(((struct newah *)ah) + 1);
729         }
730
731         if (bcmp(sumpos, cksum, siz) != 0) {
732                 ipseclog((LOG_WARNING,
733                     "checksum mismatch in IPv6 AH input: %s %s\n",
734                     ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
735                 free(cksum, M_TEMP);
736                 ipsec6stat.in_ahauthfail++;
737                 goto fail;
738         }
739     }
740
741         free(cksum, M_TEMP);
742
743         m->m_flags |= M_AUTHIPHDR;
744         m->m_flags |= M_AUTHIPDGM;
745
746 #if 0
747         /*
748          * looks okey, but we need more sanity check.
749          * XXX should elaborate.
750          */
751         if (ah->ah_nxt == IPPROTO_IPV6) {
752                 struct ip6_hdr *nip6;
753                 size_t sizoff;
754
755                 sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
756
757                 IP6_EXTHDR_CHECK(m, off, sizeof(struct ah) + sizoff + siz1
758                                 + sizeof(struct ip6_hdr), IPPROTO_DONE);
759
760                 nip6 = (struct ip6_hdr *)((u_char *)(ah + 1) + sizoff + siz1);
761                 if (!IN6_ARE_ADDR_EQUAL(&nip6->ip6_src, &ip6->ip6_src)
762                  || !IN6_ARE_ADDR_EQUAL(&nip6->ip6_dst, &ip6->ip6_dst)) {
763                         m->m_flags &= ~M_AUTHIPHDR;
764                         m->m_flags &= ~M_AUTHIPDGM;
765                 }
766         } else if (ah->ah_nxt == IPPROTO_IPIP) {
767                 m->m_flags &= ~M_AUTHIPHDR;
768                 m->m_flags &= ~M_AUTHIPDGM;
769         } else if (ah->ah_nxt == IPPROTO_IP) {
770                 m->m_flags &= ~M_AUTHIPHDR;
771                 m->m_flags &= ~M_AUTHIPDGM;
772         }
773 #endif
774
775         if (m->m_flags & M_AUTHIPHDR
776          && m->m_flags & M_AUTHIPDGM) {
777 #if 0
778                 ipseclog((LOG_DEBUG,
779                     "IPv6 AH input: authentication succeess\n"));
780 #endif
781                 ipsec6stat.in_ahauthsucc++;
782         } else {
783                 ipseclog((LOG_WARNING,
784                     "authentication failed in IPv6 AH input: %s %s\n",
785                     ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
786                 ipsec6stat.in_ahauthfail++;
787                 goto fail;
788         }
789
790         /*
791          * update sequence number.
792          */
793         if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay) {
794                 if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav)) {
795                         ipsec6stat.in_ahreplay++;
796                         goto fail;
797                 }
798         }
799
800         /* was it transmitted over the IPsec tunnel SA? */
801         if (sav->flags & SADB_X_EXT_OLD) {
802                 /* RFC 1826 */
803                 stripsiz = sizeof(struct ah) + siz1;
804         } else {
805                 /* RFC 2402 */
806                 stripsiz = sizeof(struct newah) + siz1;
807         }
808         if (ipsec6_tunnel_validate(m, off + stripsiz, nxt, sav)) {
809                 /*
810                  * strip off all the headers that precedes AH.
811                  *      IP6 xx AH IP6' payload -> IP6' payload
812                  *
813                  * XXX more sanity checks
814                  * XXX relationship with gif?
815                  */
816                 u_int32_t flowinfo;     /* net endian */
817
818                 flowinfo = ip6->ip6_flow;
819                 m_adj(m, off + stripsiz);
820                 if (m->m_len < sizeof(*ip6)) {
821                         /*
822                          * m_pullup is prohibited in KAME IPv6 input processing
823                          * but there's no other way!
824                          */
825                         m = m_pullup(m, sizeof(*ip6));
826                         if (!m) {
827                                 ipsec6stat.in_inval++;
828                                 goto fail;
829                         }
830                 }
831                 ip6 = mtod(m, struct ip6_hdr *);
832                 /* ECN consideration. */
833                 ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow);
834                 if (!key_checktunnelsanity(sav, AF_INET6,
835                             (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
836                         ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
837                             "in IPv6 AH input: %s %s\n",
838                             ipsec6_logpacketstr(ip6, spi),
839                             ipsec_logsastr(sav)));
840                         ipsec6stat.in_inval++;
841                         goto fail;
842                 }
843
844 #if 1
845                 /*
846                  * should the inner packet be considered authentic?
847                  * see comment in ah4_input().
848                  */
849                 m->m_flags &= ~M_AUTHIPHDR;
850                 m->m_flags &= ~M_AUTHIPDGM;
851 #endif
852
853                 key_sa_recordxfer(sav, m);
854                 if (ipsec_addhist(m, IPPROTO_AH, spi) != 0 ||
855                     ipsec_addhist(m, IPPROTO_IPV6, 0) != 0) {
856                         ipsec6stat.in_nomem++;
857                         goto fail;
858                 }
859
860                 if (netisr_queue(NETISR_IPV6, m)) {
861                         ipsecstat.in_inval++;
862                         m = NULL;
863                         goto fail;
864                 }
865
866                 nxt = IPPROTO_DONE;
867         } else {
868                 /*
869                  * strip off AH.
870                  */
871                 char *prvnxtp;
872
873                 /*
874                  * Copy the value of the next header field of AH to the
875                  * next header field of the previous header.
876                  * This is necessary because AH will be stripped off below.
877                  */
878                 prvnxtp = ip6_get_prevhdr(m, off); /* XXX */
879                 *prvnxtp = nxt;
880
881                 ip6 = mtod(m, struct ip6_hdr *);
882 #ifndef PULLDOWN_TEST
883                 /*
884                  * We do deep-copy since KAME requires that
885                  * the packet is placed in a single mbuf.
886                  */
887                 ovbcopy((caddr_t)ip6, ((caddr_t)ip6) + stripsiz, off);
888                 m->m_data += stripsiz;
889                 m->m_len -= stripsiz;
890                 m->m_pkthdr.len -= stripsiz;
891 #else
892                 /*
893                  * even in m_pulldown case, we need to strip off AH so that
894                  * we can compute checksum for multiple AH correctly.
895                  */
896                 if (m->m_len >= stripsiz + off) {
897                         ovbcopy((caddr_t)ip6, ((caddr_t)ip6) + stripsiz, off);
898                         m->m_data += stripsiz;
899                         m->m_len -= stripsiz;
900                         m->m_pkthdr.len -= stripsiz;
901                 } else {
902                         /*
903                          * this comes with no copy if the boundary is on
904                          * cluster
905                          */
906                         struct mbuf *n;
907
908                         n = m_split(m, off, MB_DONTWAIT);
909                         if (n == NULL) {
910                                 /* m is retained by m_split */
911                                 goto fail;
912                         }
913                         m_adj(n, stripsiz);
914                         m_cat(m, n);
915                         /* m_cat does not update m_pkthdr.len */
916                         m->m_pkthdr.len += n->m_pkthdr.len;
917                 }
918 #endif
919                 ip6 = mtod(m, struct ip6_hdr *);
920                 /* XXX jumbogram */
921                 ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) - stripsiz);
922
923                 key_sa_recordxfer(sav, m);
924                 if (ipsec_addhist(m, IPPROTO_AH, spi) != 0) {
925                         ipsec6stat.in_nomem++;
926                         goto fail;
927                 }
928         }
929
930         *offp = off;
931         *mp = m;
932
933         if (sav) {
934                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
935                         printf("DP ah6_input call free SA:%p\n", sav));
936                 key_freesav(sav);
937         }
938         ipsec6stat.in_success++;
939         return nxt;
940
941 fail:
942         if (sav) {
943                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
944                         printf("DP ah6_input call free SA:%p\n", sav));
945                 key_freesav(sav);
946         }
947         if (m)
948                 m_freem(m);
949         return IPPROTO_DONE;
950 }
951
952 void
953 ah6_ctlinput(int cmd, struct sockaddr *sa, void *d)
954 {
955         const struct newah *ahp;
956         struct newah ah;
957         struct secasvar *sav;
958         struct ip6_hdr *ip6;
959         struct mbuf *m;
960         struct ip6ctlparam *ip6cp = NULL;
961         int off;
962         struct sockaddr_in6 *sa6_src, *sa6_dst;
963
964         if (sa->sa_family != AF_INET6 ||
965             sa->sa_len != sizeof(struct sockaddr_in6))
966                 return;
967         if ((unsigned)cmd >= PRC_NCMDS)
968                 return;
969
970         /* if the parameter is from icmp6, decode it. */
971         if (d != NULL) {
972                 ip6cp = (struct ip6ctlparam *)d;
973                 m = ip6cp->ip6c_m;
974                 ip6 = ip6cp->ip6c_ip6;
975                 off = ip6cp->ip6c_off;
976         } else {
977                 m = NULL;
978                 ip6 = NULL;
979                 off = 0; /* fix warning */
980         }
981
982         if (ip6) {
983                 /*
984                  * XXX: We assume that when ip6 is non NULL,
985                  * M and OFF are valid.
986                  */
987
988                 /* check if we can safely examine src and dst ports */
989                 if (m->m_pkthdr.len < off + sizeof(ah))
990                         return;
991
992                 if (m->m_len < off + sizeof(ah)) {
993                         /*
994                          * this should be rare case,
995                          * so we compromise on this copy...
996                          */
997                         m_copydata(m, off, sizeof(ah), (caddr_t)&ah);
998                         ahp = &ah;
999                 } else
1000                         ahp = (struct newah *)(mtod(m, caddr_t) + off);
1001
1002                 if (cmd == PRC_MSGSIZE) {
1003                         int valid = 0;
1004
1005                         /*
1006                          * Check to see if we have a valid SA corresponding to
1007                          * the address in the ICMP message payload.
1008                          */
1009                         sa6_src = ip6cp->ip6c_src;
1010                         sa6_dst = (struct sockaddr_in6 *)sa;
1011                         sav = key_allocsa(AF_INET6,
1012                                           (caddr_t)&sa6_src->sin6_addr,
1013                                           (caddr_t)&sa6_dst->sin6_addr,
1014                                           IPPROTO_AH, ahp->ah_spi);
1015                         if (sav) {
1016                                 if (sav->state == SADB_SASTATE_MATURE ||
1017                                     sav->state == SADB_SASTATE_DYING)
1018                                         valid++;
1019                                 key_freesav(sav);
1020                         }
1021
1022                         /* XXX Further validation? */
1023
1024                         /*
1025                          * Depending on the value of "valid" and routing table
1026                          * size (mtudisc_{hi,lo}wat), we will:
1027                          * - recalcurate the new MTU and create the
1028                          *   corresponding routing entry, or
1029                          * - ignore the MTU change notification.
1030                          */
1031                         icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
1032                 }
1033
1034                 /* we normally notify single pcb here */
1035         } else {
1036                 /* we normally notify any pcb here */
1037         }
1038 }
1039 #endif /* INET6 */