xref: /netbsd-src/sys/netipsec/keysock.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*	$NetBSD: keysock.c,v 1.65 2018/04/26 19:50:09 maxv Exp $	*/
2 /*	$FreeBSD: keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
3 /*	$KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.65 2018/04/26 19:50:09 maxv Exp $");
36 
37 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
38 
39 #include <sys/types.h>
40 #include <sys/param.h>
41 #include <sys/domain.h>
42 #include <sys/errno.h>
43 #include <sys/kernel.h>
44 #include <sys/kmem.h>
45 #include <sys/mbuf.h>
46 #include <sys/protosw.h>
47 #include <sys/signalvar.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/systm.h>
52 #include <sys/cpu.h>
53 #include <sys/syslog.h>
54 
55 #include <net/raw_cb.h>
56 #include <net/route.h>
57 
58 #include <net/pfkeyv2.h>
59 #include <netipsec/key.h>
60 #include <netipsec/keysock.h>
61 #include <netipsec/key_debug.h>
62 
63 #include <netipsec/ipsec_private.h>
64 
65 struct key_cb {
66 	int key_count;
67 	int any_count;
68 };
69 static struct key_cb key_cb;
70 
71 static struct sockaddr key_dst = {
72     .sa_len = 2,
73     .sa_family = PF_KEY,
74 };
75 static struct sockaddr key_src = {
76     .sa_len = 2,
77     .sa_family = PF_KEY,
78 };
79 
80 static const struct protosw keysw[];
81 
82 static int key_sendup0(struct rawcb *, struct mbuf *, int, int);
83 
84 int key_registered_sb_max = (2048 * MHLEN); /* XXX arbitrary */
85 
86 static kmutex_t *key_so_mtx;
87 static struct rawcbhead key_rawcb;
88 
89 void
90 key_init_so(void)
91 {
92 
93 	key_so_mtx = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
94 }
95 
96 static void
97 key_pr_init(void)
98 {
99 
100 	LIST_INIT(&key_rawcb);
101 }
102 
103 /*
104  * key_output()
105  */
106 static int
107 key_output(struct mbuf *m, struct socket *so)
108 {
109 	struct sadb_msg *msg;
110 	int len, error = 0;
111 	int s;
112 
113 	KASSERT(m != NULL);
114 
115 	{
116 		uint64_t *ps = PFKEY_STAT_GETREF();
117 		ps[PFKEY_STAT_OUT_TOTAL]++;
118 		ps[PFKEY_STAT_OUT_BYTES] += m->m_pkthdr.len;
119 		PFKEY_STAT_PUTREF();
120 	}
121 
122 	len = m->m_pkthdr.len;
123 	if (len < sizeof(struct sadb_msg)) {
124 		PFKEY_STATINC(PFKEY_STAT_OUT_TOOSHORT);
125 		error = EINVAL;
126 		goto end;
127 	}
128 
129 	if (m->m_len < sizeof(struct sadb_msg)) {
130 		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
131 			PFKEY_STATINC(PFKEY_STAT_OUT_NOMEM);
132 			error = ENOBUFS;
133 			goto end;
134 		}
135 	}
136 
137 	KASSERT((m->m_flags & M_PKTHDR) != 0);
138 
139 	if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP))
140 		kdebug_mbuf(__func__, m);
141 
142 	msg = mtod(m, struct sadb_msg *);
143 	PFKEY_STATINC(PFKEY_STAT_OUT_MSGTYPE + msg->sadb_msg_type);
144 	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
145 		PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
146 		error = EINVAL;
147 		goto end;
148 	}
149 
150 	/*XXX giant lock*/
151 	s = splsoftnet();
152 	error = key_parse(m, so);
153 	m = NULL;
154 	splx(s);
155 end:
156 	if (m)
157 		m_freem(m);
158 	return error;
159 }
160 
161 /*
162  * send message to the socket.
163  */
164 static int
165 key_sendup0(
166     struct rawcb *rp,
167     struct mbuf *m,
168     int promisc,
169     int sbprio
170 )
171 {
172 	int error;
173 	int ok;
174 
175 	if (promisc) {
176 		struct sadb_msg *pmsg;
177 
178 		M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT);
179 		if (m && m->m_len < sizeof(struct sadb_msg))
180 			m = m_pullup(m, sizeof(struct sadb_msg));
181 		if (!m) {
182 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
183 			return ENOBUFS;
184 		}
185 		m->m_pkthdr.len += sizeof(*pmsg);
186 
187 		pmsg = mtod(m, struct sadb_msg *);
188 		memset(pmsg, 0, sizeof(*pmsg));
189 		pmsg->sadb_msg_version = PF_KEY_V2;
190 		pmsg->sadb_msg_type = SADB_X_PROMISC;
191 		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
192 		/* pid and seq? */
193 
194 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + pmsg->sadb_msg_type);
195 	}
196 
197 	if (sbprio == 0)
198 		ok = sbappendaddr(&rp->rcb_socket->so_rcv,
199 			       (struct sockaddr *)&key_src, m, NULL);
200 	else
201 		ok = sbappendaddrchain(&rp->rcb_socket->so_rcv,
202 			       (struct sockaddr *)&key_src, m, sbprio);
203 
204 	if (!ok) {
205 		log(LOG_WARNING,
206 		    "%s: couldn't send PF_KEY message to the socket\n",
207 		    __func__);
208 		PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
209 		m_freem(m);
210 		soroverflow(rp->rcb_socket);
211 		error = ENOBUFS;
212 	} else {
213 		sorwakeup(rp->rcb_socket);
214 		error = 0;
215 	}
216 	return error;
217 }
218 
219 /* XXX this interface should be obsoleted. */
220 int
221 key_sendup(struct socket *so, struct sadb_msg *msg, u_int len,
222 	   int target)	/*target of the resulting message*/
223 {
224 	struct mbuf *m, *n, *mprev;
225 	int tlen;
226 
227 	KASSERT(so != NULL);
228 	KASSERT(msg != NULL);
229 
230 	if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
231 		printf("key_sendup: \n");
232 		kdebug_sadb(msg);
233 	}
234 
235 	/*
236 	 * we increment statistics here, just in case we have ENOBUFS
237 	 * in this function.
238 	 */
239 	{
240 		uint64_t *ps = PFKEY_STAT_GETREF();
241 		ps[PFKEY_STAT_IN_TOTAL]++;
242 		ps[PFKEY_STAT_IN_BYTES] += len;
243 		ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]++;
244 		PFKEY_STAT_PUTREF();
245 	}
246 
247 	/*
248 	 * Get mbuf chain whenever possible (not clusters),
249 	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
250 	 * messages to listening key sockets.  If we simply allocate clusters,
251 	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
252 	 * sbspace() computes # of actual data bytes AND mbuf region.
253 	 *
254 	 * TODO: SADB_ACQUIRE filters should be implemented.
255 	 */
256 	tlen = len;
257 	m = mprev = NULL;
258 	while (tlen > 0) {
259 		int mlen;
260 		if (tlen == len) {
261 			MGETHDR(n, M_DONTWAIT, MT_DATA);
262 			mlen = MHLEN;
263 		} else {
264 			MGET(n, M_DONTWAIT, MT_DATA);
265 			mlen = MLEN;
266 		}
267 		if (!n) {
268 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
269 			return ENOBUFS;
270 		}
271 		n->m_len = mlen;
272 		if (tlen >= MCLBYTES) {	/*XXX better threshold? */
273 			MCLGET(n, M_DONTWAIT);
274 			if ((n->m_flags & M_EXT) == 0) {
275 				m_free(n);
276 				m_freem(m);
277 				PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
278 				return ENOBUFS;
279 			}
280 			n->m_len = MCLBYTES;
281 		}
282 
283 		if (tlen < n->m_len)
284 			n->m_len = tlen;
285 		n->m_next = NULL;
286 		if (m == NULL)
287 			m = mprev = n;
288 		else {
289 			mprev->m_next = n;
290 			mprev = n;
291 		}
292 		tlen -= n->m_len;
293 		n = NULL;
294 	}
295 	m->m_pkthdr.len = len;
296 	m_reset_rcvif(m);
297 	m_copyback(m, 0, len, msg);
298 
299 	/* avoid duplicated statistics */
300 	{
301 		uint64_t *ps = PFKEY_STAT_GETREF();
302 		ps[PFKEY_STAT_IN_TOTAL]--;
303 		ps[PFKEY_STAT_IN_BYTES] -= len;
304 		ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]--;
305 		PFKEY_STAT_PUTREF();
306 	}
307 
308 	return key_sendup_mbuf(so, m, target);
309 }
310 
311 /* so can be NULL if target != KEY_SENDUP_ONE */
312 static int
313 _key_sendup_mbuf(struct socket *so, struct mbuf *m,
314 		int target/*, sbprio */)
315 {
316 	struct mbuf *n;
317 	struct keycb *kp;
318 	int sendup;
319 	struct rawcb *rp;
320 	int error = 0;
321 	int sbprio = 0; /* XXX should be a parameter */
322 
323 	KASSERT(m != NULL);
324 	KASSERT(so != NULL || target != KEY_SENDUP_ONE);
325 
326 	/*
327 	 * RFC 2367 says ACQUIRE and other kernel-generated messages
328 	 * are special. We treat all KEY_SENDUP_REGISTERED messages
329 	 * as special, delivering them to all registered sockets
330 	 * even if the socket is at or above its so->so_rcv.sb_max limits.
331 	 * The only constraint is that the  so_rcv data fall below
332 	 * key_registered_sb_max.
333 	 * Doing that check here avoids reworking every key_sendup_mbuf()
334 	 * in the short term. . The rework will be done after a technical
335 	 * conensus that this approach is appropriate.
336  	 */
337 	if (target == KEY_SENDUP_REGISTERED) {
338 		sbprio = SB_PRIO_BESTEFFORT;
339 	}
340 
341 	{
342 		uint64_t *ps = PFKEY_STAT_GETREF();
343 		ps[PFKEY_STAT_IN_TOTAL]++;
344 		ps[PFKEY_STAT_IN_BYTES] += m->m_pkthdr.len;
345 		PFKEY_STAT_PUTREF();
346 	}
347 	if (m->m_len < sizeof(struct sadb_msg)) {
348 #if 1
349 		m = m_pullup(m, sizeof(struct sadb_msg));
350 		if (m == NULL) {
351 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
352 			return ENOBUFS;
353 		}
354 #else
355 		/* don't bother pulling it up just for stats */
356 #endif
357 	}
358 	if (m->m_len >= sizeof(struct sadb_msg)) {
359 		struct sadb_msg *msg;
360 		msg = mtod(m, struct sadb_msg *);
361 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type);
362 	}
363 
364 	LIST_FOREACH(rp, &key_rawcb, rcb_list)
365 	{
366 		struct socket * kso = rp->rcb_socket;
367 		if (rp->rcb_proto.sp_family != PF_KEY)
368 			continue;
369 		if (rp->rcb_proto.sp_protocol
370 		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
371 			continue;
372 		}
373 
374 		kp = (struct keycb *)rp;
375 
376 		/*
377 		 * If you are in promiscuous mode, and when you get broadcasted
378 		 * reply, you'll get two PF_KEY messages.
379 		 * (based on pf_key@inner.net message on 14 Oct 1998)
380 		 */
381 		if (((struct keycb *)rp)->kp_promisc) {
382 			if ((n = m_copym(m, 0, (int)M_COPYALL, M_DONTWAIT)) != NULL) {
383 				(void)key_sendup0(rp, n, 1, 0);
384 				n = NULL;
385 			}
386 		}
387 
388 		/* the exact target will be processed later */
389 		if (so && sotorawcb(so) == rp)
390 			continue;
391 
392 		sendup = 0;
393 		switch (target) {
394 		case KEY_SENDUP_ONE:
395 			/* the statement has no effect */
396 			if (so && sotorawcb(so) == rp)
397 				sendup++;
398 			break;
399 		case KEY_SENDUP_ALL:
400 			sendup++;
401 			break;
402 		case KEY_SENDUP_REGISTERED:
403 			if (kp->kp_registered) {
404 				if (kso->so_rcv.sb_cc <= key_registered_sb_max)
405 					sendup++;
406 			  	else
407 			  		printf("keysock: "
408 					       "registered sendup dropped, "
409 					       "sb_cc %ld max %d\n",
410 					       kso->so_rcv.sb_cc,
411 					       key_registered_sb_max);
412 			}
413 			break;
414 		}
415 		PFKEY_STATINC(PFKEY_STAT_IN_MSGTARGET + target);
416 
417 		if (!sendup)
418 			continue;
419 
420 		if ((n = m_copym(m, 0, (int)M_COPYALL, M_DONTWAIT)) == NULL) {
421 			m_freem(m);
422 			PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
423 			return ENOBUFS;
424 		}
425 
426 		if ((error = key_sendup0(rp, n, 0, 0)) != 0) {
427 			m_freem(m);
428 			return error;
429 		}
430 
431 		n = NULL;
432 	}
433 
434 	/* The 'later' time for processing the exact target has arrived */
435 	if (so) {
436 		error = key_sendup0(sotorawcb(so), m, 0, sbprio);
437 		m = NULL;
438 	} else {
439 		error = 0;
440 		m_freem(m);
441 	}
442 	return error;
443 }
444 
445 int
446 key_sendup_mbuf(struct socket *so, struct mbuf *m,
447 		int target/*, sbprio */)
448 {
449 	int error;
450 
451 	if (so == NULL)
452 		mutex_enter(key_so_mtx);
453 	else
454 		KASSERT(solocked(so));
455 
456 	error = _key_sendup_mbuf(so, m, target);
457 
458 	if (so == NULL)
459 		mutex_exit(key_so_mtx);
460 	return error;
461 }
462 
463 static int
464 key_attach(struct socket *so, int proto)
465 {
466 	struct keycb *kp;
467 	int s, error;
468 
469 	KASSERT(sotorawcb(so) == NULL);
470 	kp = kmem_zalloc(sizeof(*kp), KM_SLEEP);
471 	kp->kp_raw.rcb_len = sizeof(*kp);
472 	so->so_pcb = kp;
473 
474 	s = splsoftnet();
475 
476 	KASSERT(so->so_lock == NULL);
477 	mutex_obj_hold(key_so_mtx);
478 	so->so_lock = key_so_mtx;
479 	solock(so);
480 
481 	error = raw_attach(so, proto, &key_rawcb);
482 	if (error) {
483 		PFKEY_STATINC(PFKEY_STAT_SOCKERR);
484 		kmem_free(kp, sizeof(*kp));
485 		so->so_pcb = NULL;
486 		goto out;
487 	}
488 
489 	kp->kp_promisc = kp->kp_registered = 0;
490 
491 	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
492 		key_cb.key_count++;
493 	key_cb.any_count++;
494 	kp->kp_raw.rcb_laddr = &key_src;
495 	kp->kp_raw.rcb_faddr = &key_dst;
496 	soisconnected(so);
497 	so->so_options |= SO_USELOOPBACK;
498 out:
499 	KASSERT(solocked(so));
500 	splx(s);
501 	return error;
502 }
503 
504 static void
505 key_detach(struct socket *so)
506 {
507 	struct keycb *kp = (struct keycb *)sotorawcb(so);
508 	int s;
509 
510 	KASSERT(!cpu_softintr_p());
511 	KASSERT(solocked(so));
512 	KASSERT(kp != NULL);
513 
514 	s = splsoftnet();
515 	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
516 		key_cb.key_count--;
517 	key_cb.any_count--;
518 	key_freereg(so);
519 	raw_detach(so);
520 	splx(s);
521 }
522 
523 static int
524 key_accept(struct socket *so, struct sockaddr *nam)
525 {
526 	KASSERT(solocked(so));
527 
528 	panic("key_accept");
529 
530 	return EOPNOTSUPP;
531 }
532 
533 static int
534 key_bind(struct socket *so, struct sockaddr *nam, struct lwp *l)
535 {
536 	KASSERT(solocked(so));
537 
538 	return EOPNOTSUPP;
539 }
540 
541 static int
542 key_listen(struct socket *so, struct lwp *l)
543 {
544 	KASSERT(solocked(so));
545 
546 	return EOPNOTSUPP;
547 }
548 
549 static int
550 key_connect(struct socket *so, struct sockaddr *nam, struct lwp *l)
551 {
552 	KASSERT(solocked(so));
553 
554 	return EOPNOTSUPP;
555 }
556 
557 static int
558 key_connect2(struct socket *so, struct socket *so2)
559 {
560 	KASSERT(solocked(so));
561 
562 	return EOPNOTSUPP;
563 }
564 
565 static int
566 key_disconnect(struct socket *so)
567 {
568 	struct rawcb *rp = sotorawcb(so);
569 	int s;
570 
571 	KASSERT(solocked(so));
572 	KASSERT(rp != NULL);
573 
574 	s = splsoftnet();
575 	soisdisconnected(so);
576 	raw_disconnect(rp);
577 	splx(s);
578 
579 	return 0;
580 }
581 
582 static int
583 key_shutdown(struct socket *so)
584 {
585 	int s;
586 
587 	KASSERT(solocked(so));
588 
589 	/*
590 	 * Mark the connection as being incapable of further input.
591 	 */
592 	s = splsoftnet();
593 	socantsendmore(so);
594 	splx(s);
595 
596 	return 0;
597 }
598 
599 static int
600 key_abort(struct socket *so)
601 {
602 	KASSERT(solocked(so));
603 
604 	panic("key_abort");
605 
606 	return EOPNOTSUPP;
607 }
608 
609 static int
610 key_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp)
611 {
612 	return EOPNOTSUPP;
613 }
614 
615 static int
616 key_stat(struct socket *so, struct stat *ub)
617 {
618 	KASSERT(solocked(so));
619 
620 	return 0;
621 }
622 
623 static int
624 key_peeraddr(struct socket *so, struct sockaddr *nam)
625 {
626 	struct rawcb *rp = sotorawcb(so);
627 
628 	KASSERT(solocked(so));
629 	KASSERT(rp != NULL);
630 	KASSERT(nam != NULL);
631 
632 	if (rp->rcb_faddr == NULL)
633 		return ENOTCONN;
634 
635 	raw_setpeeraddr(rp, nam);
636 	return 0;
637 }
638 
639 static int
640 key_sockaddr(struct socket *so, struct sockaddr *nam)
641 {
642 	struct rawcb *rp = sotorawcb(so);
643 
644 	KASSERT(solocked(so));
645 	KASSERT(rp != NULL);
646 	KASSERT(nam != NULL);
647 
648 	if (rp->rcb_faddr == NULL)
649 		return ENOTCONN;
650 
651 	raw_setsockaddr(rp, nam);
652 	return 0;
653 }
654 
655 static int
656 key_rcvd(struct socket *so, int flags, struct lwp *l)
657 {
658 	KASSERT(solocked(so));
659 
660 	return EOPNOTSUPP;
661 }
662 
663 static int
664 key_recvoob(struct socket *so, struct mbuf *m, int flags)
665 {
666 	KASSERT(solocked(so));
667 
668 	return EOPNOTSUPP;
669 }
670 
671 static int
672 key_send(struct socket *so, struct mbuf *m, struct sockaddr *nam,
673     struct mbuf *control, struct lwp *l)
674 {
675 	int error = 0;
676 	int s;
677 
678 	KASSERT(solocked(so));
679 	KASSERT(so->so_proto == &keysw[0]);
680 
681 	s = splsoftnet();
682 	error = raw_send(so, m, nam, control, l, &key_output);
683 	splx(s);
684 
685 	return error;
686 }
687 
688 static int
689 key_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control)
690 {
691 	KASSERT(solocked(so));
692 
693 	m_freem(m);
694 	m_freem(control);
695 
696 	return EOPNOTSUPP;
697 }
698 
699 static int
700 key_purgeif(struct socket *so, struct ifnet *ifa)
701 {
702 
703 	panic("key_purgeif");
704 
705 	return EOPNOTSUPP;
706 }
707 
708 /*
709  * Definitions of protocols supported in the KEY domain.
710  */
711 
712 DOMAIN_DEFINE(keydomain);
713 
714 PR_WRAP_USRREQS(key)
715 #define	key_attach	key_attach_wrapper
716 #define	key_detach	key_detach_wrapper
717 #define	key_accept	key_accept_wrapper
718 #define	key_bind	key_bind_wrapper
719 #define	key_listen	key_listen_wrapper
720 #define	key_connect	key_connect_wrapper
721 #define	key_connect2	key_connect2_wrapper
722 #define	key_disconnect	key_disconnect_wrapper
723 #define	key_shutdown	key_shutdown_wrapper
724 #define	key_abort	key_abort_wrapper
725 #define	key_ioctl	key_ioctl_wrapper
726 #define	key_stat	key_stat_wrapper
727 #define	key_peeraddr	key_peeraddr_wrapper
728 #define	key_sockaddr	key_sockaddr_wrapper
729 #define	key_rcvd	key_rcvd_wrapper
730 #define	key_recvoob	key_recvoob_wrapper
731 #define	key_send	key_send_wrapper
732 #define	key_sendoob	key_sendoob_wrapper
733 #define	key_purgeif	key_purgeif_wrapper
734 
735 static const struct pr_usrreqs key_usrreqs = {
736 	.pr_attach	= key_attach,
737 	.pr_detach	= key_detach,
738 	.pr_accept	= key_accept,
739 	.pr_bind	= key_bind,
740 	.pr_listen	= key_listen,
741 	.pr_connect	= key_connect,
742 	.pr_connect2	= key_connect2,
743 	.pr_disconnect	= key_disconnect,
744 	.pr_shutdown	= key_shutdown,
745 	.pr_abort	= key_abort,
746 	.pr_ioctl	= key_ioctl,
747 	.pr_stat	= key_stat,
748 	.pr_peeraddr	= key_peeraddr,
749 	.pr_sockaddr	= key_sockaddr,
750 	.pr_rcvd	= key_rcvd,
751 	.pr_recvoob	= key_recvoob,
752 	.pr_send	= key_send,
753 	.pr_sendoob	= key_sendoob,
754 	.pr_purgeif	= key_purgeif,
755 };
756 
757 static const struct protosw keysw[] = {
758     {
759 	.pr_type = SOCK_RAW,
760 	.pr_domain = &keydomain,
761 	.pr_protocol = PF_KEY_V2,
762 	.pr_flags = PR_ATOMIC|PR_ADDR,
763 	.pr_ctlinput = raw_ctlinput,
764 	.pr_usrreqs = &key_usrreqs,
765 	.pr_init = key_pr_init,
766     }
767 };
768 
769 struct domain keydomain = {
770     .dom_family = PF_KEY,
771     .dom_name = "key",
772     .dom_init = key_init,
773     .dom_protosw = keysw,
774     .dom_protoswNPROTOSW = &keysw[__arraycount(keysw)],
775 };
776