xref: /netbsd-src/sys/netipsec/keysock.c (revision 796c32c94f6e154afc9de0f63da35c91bb739b45) 
1 /*	$NetBSD: keysock.c,v 1.62 2017/09/28 17:21:42 christos Exp $	*/
2 /*	$FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
3 /*	$KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.62 2017/09/28 17:21:42 christos Exp $");
36 
37 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
38 
39 #include <sys/types.h>
40 #include <sys/param.h>
41 #include <sys/domain.h>
42 #include <sys/errno.h>
43 #include <sys/kernel.h>
44 #include <sys/kmem.h>
45 #include <sys/mbuf.h>
46 #include <sys/protosw.h>
47 #include <sys/signalvar.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/systm.h>
52 #include <sys/cpu.h>
53 #include <sys/syslog.h>
54 
55 #include <net/raw_cb.h>
56 #include <net/route.h>
57 
58 #include <net/pfkeyv2.h>
59 #include <netipsec/key.h>
60 #include <netipsec/keysock.h>
61 #include <netipsec/key_debug.h>
62 
63 #include <netipsec/ipsec_private.h>
64 
65 struct key_cb {
66 	int key_count;
67 	int any_count;
68 };
69 static struct key_cb key_cb;
70 
71 static struct sockaddr key_dst = {
72     .sa_len = 2,
73     .sa_family = PF_KEY,
74 };
75 static struct sockaddr key_src = {
76     .sa_len = 2,
77     .sa_family = PF_KEY,
78 };
79 
80 static const struct protosw keysw[];
81 
82 static int key_sendup0(struct rawcb *, struct mbuf *, int, int);
83 
84 int key_registered_sb_max = (2048 * MHLEN); /* XXX arbitrary */
85 
86 static kmutex_t *key_so_mtx;
87 static struct rawcbhead key_rawcb;
88 
89 void
90 key_init_so(void)
91 {
92 
93 	key_so_mtx = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
94 }
95 
96 static void
97 key_pr_init(void)
98 {
99 
100 	LIST_INIT(&key_rawcb);
101 }
102 
103 /*
104  * key_output()
105  */
106 static int
107 key_output(struct mbuf *m, struct socket *so)
108 {
109 	struct sadb_msg *msg;
110 	int len, error = 0;
111 	int s;
112 
113 	KASSERT(m != NULL);
114 
115 	{
116 		uint64_t *ps = PFKEY_STAT_GETREF();
117 		ps[PFKEY_STAT_OUT_TOTAL]++;
118 		ps[PFKEY_STAT_OUT_BYTES] += m->m_pkthdr.len;
119 		PFKEY_STAT_PUTREF();
120 	}
121 
122 	len = m->m_pkthdr.len;
123 	if (len < sizeof(struct sadb_msg)) {
124 		PFKEY_STATINC(PFKEY_STAT_OUT_TOOSHORT);
125 		error = EINVAL;
126 		goto end;
127 	}
128 
129 	if (m->m_len < sizeof(struct sadb_msg)) {
130 		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
131 			PFKEY_STATINC(PFKEY_STAT_OUT_NOMEM);
132 			error = ENOBUFS;
133 			goto end;
134 		}
135 	}
136 
137 	KASSERT((m->m_flags & M_PKTHDR) != 0);
138 
139 	if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP))
140 		kdebug_mbuf(__func__, m);
141 
142 	msg = mtod(m, struct sadb_msg *);
143 	PFKEY_STATINC(PFKEY_STAT_OUT_MSGTYPE + msg->sadb_msg_type);
144 	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
145 		PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
146 		error = EINVAL;
147 		goto end;
148 	}
149 
150 	/*XXX giant lock*/
151 	s = splsoftnet();
152 	error = key_parse(m, so);
153 	m = NULL;
154 	splx(s);
155 end:
156 	if (m)
157 		m_freem(m);
158 	return error;
159 }
160 
161 /*
162  * send message to the socket.
163  */
164 static int
165 key_sendup0(
166     struct rawcb *rp,
167     struct mbuf *m,
168     int promisc,
169     int sbprio
170 )
171 {
172 	int error;
173 	int ok;
174 
175 	if (promisc) {
176 		struct sadb_msg *pmsg;
177 
178 		M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT);
179 		if (m && m->m_len < sizeof(struct sadb_msg))
180 			m = m_pullup(m, sizeof(struct sadb_msg));
181 		if (!m) {
182 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
183 			return ENOBUFS;
184 		}
185 		m->m_pkthdr.len += sizeof(*pmsg);
186 
187 		pmsg = mtod(m, struct sadb_msg *);
188 		memset(pmsg, 0, sizeof(*pmsg));
189 		pmsg->sadb_msg_version = PF_KEY_V2;
190 		pmsg->sadb_msg_type = SADB_X_PROMISC;
191 		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
192 		/* pid and seq? */
193 
194 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + pmsg->sadb_msg_type);
195 	}
196 
197 	if (sbprio == 0)
198 		ok = sbappendaddr(&rp->rcb_socket->so_rcv,
199 			       (struct sockaddr *)&key_src, m, NULL);
200 	else
201 		ok = sbappendaddrchain(&rp->rcb_socket->so_rcv,
202 			       (struct sockaddr *)&key_src, m, sbprio);
203 
204 	if (!ok) {
205 		log(LOG_WARNING,
206 		    "%s: couldn't send PF_KEY message to the socket\n",
207 		    __func__);
208 		PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
209 		m_freem(m);
210 		error = ENOBUFS;
211 		rp->rcb_socket->so_rcv.sb_overflowed++;
212 	} else
213 		error = 0;
214 	sorwakeup(rp->rcb_socket);
215 	return error;
216 }
217 
218 /* XXX this interface should be obsoleted. */
219 int
220 key_sendup(struct socket *so, struct sadb_msg *msg, u_int len,
221 	   int target)	/*target of the resulting message*/
222 {
223 	struct mbuf *m, *n, *mprev;
224 	int tlen;
225 
226 	KASSERT(so != NULL);
227 	KASSERT(msg != NULL);
228 
229 	if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
230 		printf("key_sendup: \n");
231 		kdebug_sadb(msg);
232 	}
233 
234 	/*
235 	 * we increment statistics here, just in case we have ENOBUFS
236 	 * in this function.
237 	 */
238 	{
239 		uint64_t *ps = PFKEY_STAT_GETREF();
240 		ps[PFKEY_STAT_IN_TOTAL]++;
241 		ps[PFKEY_STAT_IN_BYTES] += len;
242 		ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]++;
243 		PFKEY_STAT_PUTREF();
244 	}
245 
246 	/*
247 	 * Get mbuf chain whenever possible (not clusters),
248 	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
249 	 * messages to listening key sockets.  If we simply allocate clusters,
250 	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
251 	 * sbspace() computes # of actual data bytes AND mbuf region.
252 	 *
253 	 * TODO: SADB_ACQUIRE filters should be implemented.
254 	 */
255 	tlen = len;
256 	m = mprev = NULL;
257 	while (tlen > 0) {
258 		int mlen;
259 		if (tlen == len) {
260 			MGETHDR(n, M_DONTWAIT, MT_DATA);
261 			mlen = MHLEN;
262 		} else {
263 			MGET(n, M_DONTWAIT, MT_DATA);
264 			mlen = MLEN;
265 		}
266 		if (!n) {
267 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
268 			return ENOBUFS;
269 		}
270 		n->m_len = mlen;
271 		if (tlen >= MCLBYTES) {	/*XXX better threshold? */
272 			MCLGET(n, M_DONTWAIT);
273 			if ((n->m_flags & M_EXT) == 0) {
274 				m_free(n);
275 				m_freem(m);
276 				PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
277 				return ENOBUFS;
278 			}
279 			n->m_len = MCLBYTES;
280 		}
281 
282 		if (tlen < n->m_len)
283 			n->m_len = tlen;
284 		n->m_next = NULL;
285 		if (m == NULL)
286 			m = mprev = n;
287 		else {
288 			mprev->m_next = n;
289 			mprev = n;
290 		}
291 		tlen -= n->m_len;
292 		n = NULL;
293 	}
294 	m->m_pkthdr.len = len;
295 	m_reset_rcvif(m);
296 	m_copyback(m, 0, len, msg);
297 
298 	/* avoid duplicated statistics */
299 	{
300 		uint64_t *ps = PFKEY_STAT_GETREF();
301 		ps[PFKEY_STAT_IN_TOTAL]--;
302 		ps[PFKEY_STAT_IN_BYTES] -= len;
303 		ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]--;
304 		PFKEY_STAT_PUTREF();
305 	}
306 
307 	return key_sendup_mbuf(so, m, target);
308 }
309 
310 /* so can be NULL if target != KEY_SENDUP_ONE */
311 static int
312 _key_sendup_mbuf(struct socket *so, struct mbuf *m,
313 		int target/*, sbprio */)
314 {
315 	struct mbuf *n;
316 	struct keycb *kp;
317 	int sendup;
318 	struct rawcb *rp;
319 	int error = 0;
320 	int sbprio = 0; /* XXX should be a parameter */
321 
322 	KASSERT(m != NULL);
323 	KASSERT(so != NULL || target != KEY_SENDUP_ONE);
324 
325 	/*
326 	 * RFC 2367 says ACQUIRE and other kernel-generated messages
327 	 * are special. We treat all KEY_SENDUP_REGISTERED messages
328 	 * as special, delivering them to all registered sockets
329 	 * even if the socket is at or above its so->so_rcv.sb_max limits.
330 	 * The only constraint is that the  so_rcv data fall below
331 	 * key_registered_sb_max.
332 	 * Doing that check here avoids reworking every key_sendup_mbuf()
333 	 * in the short term. . The rework will be done after a technical
334 	 * conensus that this approach is appropriate.
335  	 */
336 	if (target == KEY_SENDUP_REGISTERED) {
337 		sbprio = SB_PRIO_BESTEFFORT;
338 	}
339 
340 	{
341 		uint64_t *ps = PFKEY_STAT_GETREF();
342 		ps[PFKEY_STAT_IN_TOTAL]++;
343 		ps[PFKEY_STAT_IN_BYTES] += m->m_pkthdr.len;
344 		PFKEY_STAT_PUTREF();
345 	}
346 	if (m->m_len < sizeof(struct sadb_msg)) {
347 #if 1
348 		m = m_pullup(m, sizeof(struct sadb_msg));
349 		if (m == NULL) {
350 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
351 			return ENOBUFS;
352 		}
353 #else
354 		/* don't bother pulling it up just for stats */
355 #endif
356 	}
357 	if (m->m_len >= sizeof(struct sadb_msg)) {
358 		struct sadb_msg *msg;
359 		msg = mtod(m, struct sadb_msg *);
360 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type);
361 	}
362 
363 	LIST_FOREACH(rp, &key_rawcb, rcb_list)
364 	{
365 		struct socket * kso = rp->rcb_socket;
366 		if (rp->rcb_proto.sp_family != PF_KEY)
367 			continue;
368 		if (rp->rcb_proto.sp_protocol
369 		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
370 			continue;
371 		}
372 
373 		kp = (struct keycb *)rp;
374 
375 		/*
376 		 * If you are in promiscuous mode, and when you get broadcasted
377 		 * reply, you'll get two PF_KEY messages.
378 		 * (based on pf_key@inner.net message on 14 Oct 1998)
379 		 */
380 		if (((struct keycb *)rp)->kp_promisc) {
381 			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
382 				(void)key_sendup0(rp, n, 1, 0);
383 				n = NULL;
384 			}
385 		}
386 
387 		/* the exact target will be processed later */
388 		if (so && sotorawcb(so) == rp)
389 			continue;
390 
391 		sendup = 0;
392 		switch (target) {
393 		case KEY_SENDUP_ONE:
394 			/* the statement has no effect */
395 			if (so && sotorawcb(so) == rp)
396 				sendup++;
397 			break;
398 		case KEY_SENDUP_ALL:
399 			sendup++;
400 			break;
401 		case KEY_SENDUP_REGISTERED:
402 			if (kp->kp_registered) {
403 				if (kso->so_rcv.sb_cc <= key_registered_sb_max)
404 					sendup++;
405 			  	else
406 			  		printf("keysock: "
407 					       "registered sendup dropped, "
408 					       "sb_cc %ld max %d\n",
409 					       kso->so_rcv.sb_cc,
410 					       key_registered_sb_max);
411 			}
412 			break;
413 		}
414 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTARGET + target);
415 
416 		if (!sendup)
417 			continue;
418 
419 		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
420 			m_freem(m);
421 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
422 			return ENOBUFS;
423 		}
424 
425 		if ((error = key_sendup0(rp, n, 0, 0)) != 0) {
426 			m_freem(m);
427 			return error;
428 		}
429 
430 		n = NULL;
431 	}
432 
433 	/* The 'later' time for processing the exact target has arrived */
434 	if (so) {
435 		error = key_sendup0(sotorawcb(so), m, 0, sbprio);
436 		m = NULL;
437 	} else {
438 		error = 0;
439 		m_freem(m);
440 	}
441 	return error;
442 }
443 
444 int
445 key_sendup_mbuf(struct socket *so, struct mbuf *m,
446 		int target/*, sbprio */)
447 {
448 	int error;
449 
450 	if (so == NULL)
451 		mutex_enter(key_so_mtx);
452 	else
453 		KASSERT(solocked(so));
454 
455 	error = _key_sendup_mbuf(so, m, target);
456 
457 	if (so == NULL)
458 		mutex_exit(key_so_mtx);
459 	return error;
460 }
461 
462 static int
463 key_attach(struct socket *so, int proto)
464 {
465 	struct keycb *kp;
466 	int s, error;
467 
468 	KASSERT(sotorawcb(so) == NULL);
469 	kp = kmem_zalloc(sizeof(*kp), KM_SLEEP);
470 	kp->kp_raw.rcb_len = sizeof(*kp);
471 	so->so_pcb = kp;
472 
473 	s = splsoftnet();
474 
475 	KASSERT(so->so_lock == NULL);
476 	mutex_obj_hold(key_so_mtx);
477 	so->so_lock = key_so_mtx;
478 	solock(so);
479 
480 	error = raw_attach(so, proto, &key_rawcb);
481 	if (error) {
482 		PFKEY_STATINC(PFKEY_STAT_SOCKERR);
483 		kmem_free(kp, sizeof(*kp));
484 		so->so_pcb = NULL;
485 		goto out;
486 	}
487 
488 	kp->kp_promisc = kp->kp_registered = 0;
489 
490 	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
491 		key_cb.key_count++;
492 	key_cb.any_count++;
493 	kp->kp_raw.rcb_laddr = &key_src;
494 	kp->kp_raw.rcb_faddr = &key_dst;
495 	soisconnected(so);
496 	so->so_options |= SO_USELOOPBACK;
497 out:
498 	KASSERT(solocked(so));
499 	splx(s);
500 	return error;
501 }
502 
503 static void
504 key_detach(struct socket *so)
505 {
506 	struct keycb *kp = (struct keycb *)sotorawcb(so);
507 	int s;
508 
509 	KASSERT(!cpu_softintr_p());
510 	KASSERT(solocked(so));
511 	KASSERT(kp != NULL);
512 
513 	s = splsoftnet();
514 	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
515 		key_cb.key_count--;
516 	key_cb.any_count--;
517 	key_freereg(so);
518 	raw_detach(so);
519 	splx(s);
520 }
521 
522 static int
523 key_accept(struct socket *so, struct sockaddr *nam)
524 {
525 	KASSERT(solocked(so));
526 
527 	panic("key_accept");
528 
529 	return EOPNOTSUPP;
530 }
531 
532 static int
533 key_bind(struct socket *so, struct sockaddr *nam, struct lwp *l)
534 {
535 	KASSERT(solocked(so));
536 
537 	return EOPNOTSUPP;
538 }
539 
540 static int
541 key_listen(struct socket *so, struct lwp *l)
542 {
543 	KASSERT(solocked(so));
544 
545 	return EOPNOTSUPP;
546 }
547 
548 static int
549 key_connect(struct socket *so, struct sockaddr *nam, struct lwp *l)
550 {
551 	KASSERT(solocked(so));
552 
553 	return EOPNOTSUPP;
554 }
555 
556 static int
557 key_connect2(struct socket *so, struct socket *so2)
558 {
559 	KASSERT(solocked(so));
560 
561 	return EOPNOTSUPP;
562 }
563 
564 static int
565 key_disconnect(struct socket *so)
566 {
567 	struct rawcb *rp = sotorawcb(so);
568 	int s;
569 
570 	KASSERT(solocked(so));
571 	KASSERT(rp != NULL);
572 
573 	s = splsoftnet();
574 	soisdisconnected(so);
575 	raw_disconnect(rp);
576 	splx(s);
577 
578 	return 0;
579 }
580 
581 static int
582 key_shutdown(struct socket *so)
583 {
584 	int s;
585 
586 	KASSERT(solocked(so));
587 
588 	/*
589 	 * Mark the connection as being incapable of further input.
590 	 */
591 	s = splsoftnet();
592 	socantsendmore(so);
593 	splx(s);
594 
595 	return 0;
596 }
597 
598 static int
599 key_abort(struct socket *so)
600 {
601 	KASSERT(solocked(so));
602 
603 	panic("key_abort");
604 
605 	return EOPNOTSUPP;
606 }
607 
608 static int
609 key_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp)
610 {
611 	return EOPNOTSUPP;
612 }
613 
614 static int
615 key_stat(struct socket *so, struct stat *ub)
616 {
617 	KASSERT(solocked(so));
618 
619 	return 0;
620 }
621 
622 static int
623 key_peeraddr(struct socket *so, struct sockaddr *nam)
624 {
625 	struct rawcb *rp = sotorawcb(so);
626 
627 	KASSERT(solocked(so));
628 	KASSERT(rp != NULL);
629 	KASSERT(nam != NULL);
630 
631 	if (rp->rcb_faddr == NULL)
632 		return ENOTCONN;
633 
634 	raw_setpeeraddr(rp, nam);
635 	return 0;
636 }
637 
638 static int
639 key_sockaddr(struct socket *so, struct sockaddr *nam)
640 {
641 	struct rawcb *rp = sotorawcb(so);
642 
643 	KASSERT(solocked(so));
644 	KASSERT(rp != NULL);
645 	KASSERT(nam != NULL);
646 
647 	if (rp->rcb_faddr == NULL)
648 		return ENOTCONN;
649 
650 	raw_setsockaddr(rp, nam);
651 	return 0;
652 }
653 
654 static int
655 key_rcvd(struct socket *so, int flags, struct lwp *l)
656 {
657 	KASSERT(solocked(so));
658 
659 	return EOPNOTSUPP;
660 }
661 
662 static int
663 key_recvoob(struct socket *so, struct mbuf *m, int flags)
664 {
665 	KASSERT(solocked(so));
666 
667 	return EOPNOTSUPP;
668 }
669 
670 static int
671 key_send(struct socket *so, struct mbuf *m, struct sockaddr *nam,
672     struct mbuf *control, struct lwp *l)
673 {
674 	int error = 0;
675 	int s;
676 
677 	KASSERT(solocked(so));
678 	KASSERT(so->so_proto == &keysw[0]);
679 
680 	s = splsoftnet();
681 	error = raw_send(so, m, nam, control, l, &key_output);
682 	splx(s);
683 
684 	return error;
685 }
686 
687 static int
688 key_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control)
689 {
690 	KASSERT(solocked(so));
691 
692 	m_freem(m);
693 	m_freem(control);
694 
695 	return EOPNOTSUPP;
696 }
697 
698 static int
699 key_purgeif(struct socket *so, struct ifnet *ifa)
700 {
701 
702 	panic("key_purgeif");
703 
704 	return EOPNOTSUPP;
705 }
706 
707 /*
708  * Definitions of protocols supported in the KEY domain.
709  */
710 
711 DOMAIN_DEFINE(keydomain);
712 
713 PR_WRAP_USRREQS(key)
714 #define	key_attach	key_attach_wrapper
715 #define	key_detach	key_detach_wrapper
716 #define	key_accept	key_accept_wrapper
717 #define	key_bind	key_bind_wrapper
718 #define	key_listen	key_listen_wrapper
719 #define	key_connect	key_connect_wrapper
720 #define	key_connect2	key_connect2_wrapper
721 #define	key_disconnect	key_disconnect_wrapper
722 #define	key_shutdown	key_shutdown_wrapper
723 #define	key_abort	key_abort_wrapper
724 #define	key_ioctl	key_ioctl_wrapper
725 #define	key_stat	key_stat_wrapper
726 #define	key_peeraddr	key_peeraddr_wrapper
727 #define	key_sockaddr	key_sockaddr_wrapper
728 #define	key_rcvd	key_rcvd_wrapper
729 #define	key_recvoob	key_recvoob_wrapper
730 #define	key_send	key_send_wrapper
731 #define	key_sendoob	key_sendoob_wrapper
732 #define	key_purgeif	key_purgeif_wrapper
733 
734 static const struct pr_usrreqs key_usrreqs = {
735 	.pr_attach	= key_attach,
736 	.pr_detach	= key_detach,
737 	.pr_accept	= key_accept,
738 	.pr_bind	= key_bind,
739 	.pr_listen	= key_listen,
740 	.pr_connect	= key_connect,
741 	.pr_connect2	= key_connect2,
742 	.pr_disconnect	= key_disconnect,
743 	.pr_shutdown	= key_shutdown,
744 	.pr_abort	= key_abort,
745 	.pr_ioctl	= key_ioctl,
746 	.pr_stat	= key_stat,
747 	.pr_peeraddr	= key_peeraddr,
748 	.pr_sockaddr	= key_sockaddr,
749 	.pr_rcvd	= key_rcvd,
750 	.pr_recvoob	= key_recvoob,
751 	.pr_send	= key_send,
752 	.pr_sendoob	= key_sendoob,
753 	.pr_purgeif	= key_purgeif,
754 };
755 
756 static const struct protosw keysw[] = {
757     {
758 	.pr_type = SOCK_RAW,
759 	.pr_domain = &keydomain,
760 	.pr_protocol = PF_KEY_V2,
761 	.pr_flags = PR_ATOMIC|PR_ADDR,
762 	.pr_ctlinput = raw_ctlinput,
763 	.pr_usrreqs = &key_usrreqs,
764 	.pr_init = key_pr_init,
765     }
766 };
767 
768 struct domain keydomain = {
769     .dom_family = PF_KEY,
770     .dom_name = "key",
771     .dom_init = key_init,
772     .dom_protosw = keysw,
773     .dom_protoswNPROTOSW = &keysw[__arraycount(keysw)],
774 };
775