xref: /netbsd-src/sys/netipsec/keysock.c (revision ce2c90c7c172d95d2402a5b3d96d8f8e6d138a21) 
1 /*	$NetBSD: keysock.c,v 1.11 2006/10/13 20:53:59 christos Exp $	*/
2 /*	$FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
3 /*	$KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.11 2006/10/13 20:53:59 christos Exp $");
36 
37 #include "opt_ipsec.h"
38 
39 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
40 
41 #include <sys/types.h>
42 #include <sys/param.h>
43 #include <sys/domain.h>
44 #include <sys/errno.h>
45 #include <sys/kernel.h>
46 #include <sys/malloc.h>
47 #include <sys/mbuf.h>
48 #include <sys/protosw.h>
49 #include <sys/signalvar.h>
50 #include <sys/socket.h>
51 #include <sys/socketvar.h>
52 #include <sys/sysctl.h>
53 #include <sys/systm.h>
54 
55 #include <net/raw_cb.h>
56 #include <net/route.h>
57 
58 #include <net/pfkeyv2.h>
59 #include <netipsec/key.h>
60 #include <netipsec/keysock.h>
61 #include <netipsec/key_debug.h>
62 
63 #include <netipsec/ipsec_osdep.h>
64 
65 #include <machine/stdarg.h>
66 
67 typedef int	pr_output_t (struct mbuf *, struct socket *);
68 
69 struct key_cb {
70 	int key_count;
71 	int any_count;
72 };
73 static struct key_cb key_cb;
74 
75 static struct sockaddr key_dst = {
76     .sa_len = 2,
77     .sa_family = PF_KEY,
78 };
79 static struct sockaddr key_src = {
80     .sa_len = 2,
81     .sa_family = PF_KEY,
82 };
83 
84 
85 static int key_sendup0 __P((struct rawcb *, struct mbuf *, int, int));
86 
87 struct pfkeystat pfkeystat;
88 
89 int key_registered_sb_max = (NMBCLUSTERS * MHLEN); /* XXX arbitrary */
90 
91 /* XXX sysctl */
92 #ifdef __FreeBSD__
93 SYSCTL_INT(_net_key, OID_AUTO, registered_sbmax, CTLFLAG_RD,
94     &key_registered_sb_max , 0, "Maximum kernel-to-user PFKEY datagram size");
95 #endif
96 
97 /*
98  * key_output()
99  */
100 int
101 key_output(struct mbuf *m, ...)
102 {
103 	struct sadb_msg *msg;
104 	int len, error = 0;
105 	int s;
106 	struct socket *so;
107 	va_list ap;
108 
109 	va_start(ap, m);
110 	so = va_arg(ap, struct socket *);
111 	va_end(ap);
112 
113 	if (m == 0)
114 		panic("key_output: NULL pointer was passed");
115 
116 	pfkeystat.out_total++;
117 	pfkeystat.out_bytes += m->m_pkthdr.len;
118 
119 	len = m->m_pkthdr.len;
120 	if (len < sizeof(struct sadb_msg)) {
121 		pfkeystat.out_tooshort++;
122 		error = EINVAL;
123 		goto end;
124 	}
125 
126 	if (m->m_len < sizeof(struct sadb_msg)) {
127 		if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
128 			pfkeystat.out_nomem++;
129 			error = ENOBUFS;
130 			goto end;
131 		}
132 	}
133 
134 	if ((m->m_flags & M_PKTHDR) == 0)
135 		panic("key_output: not M_PKTHDR ??");
136 
137 	KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
138 
139 	msg = mtod(m, struct sadb_msg *);
140 	pfkeystat.out_msgtype[msg->sadb_msg_type]++;
141 	if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
142 		pfkeystat.out_invlen++;
143 		error = EINVAL;
144 		goto end;
145 	}
146 
147 	/*XXX giant lock*/
148 	s = splsoftnet();
149 	error = key_parse(m, so);
150 	m = NULL;
151 	splx(s);
152 end:
153 	if (m)
154 		m_freem(m);
155 	return error;
156 }
157 
158 /*
159  * send message to the socket.
160  */
161 static int
162 key_sendup0(
163     struct rawcb *rp,
164     struct mbuf *m,
165     int promisc,
166     int sbprio
167 )
168 {
169 	int error;
170 	int ok;
171 
172 	if (promisc) {
173 		struct sadb_msg *pmsg;
174 
175 		M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT);
176 		if (m && m->m_len < sizeof(struct sadb_msg))
177 			m = m_pullup(m, sizeof(struct sadb_msg));
178 		if (!m) {
179 			pfkeystat.in_nomem++;
180 			m_freem(m);
181 			return ENOBUFS;
182 		}
183 		m->m_pkthdr.len += sizeof(*pmsg);
184 
185 		pmsg = mtod(m, struct sadb_msg *);
186 		bzero(pmsg, sizeof(*pmsg));
187 		pmsg->sadb_msg_version = PF_KEY_V2;
188 		pmsg->sadb_msg_type = SADB_X_PROMISC;
189 		pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
190 		/* pid and seq? */
191 
192 		pfkeystat.in_msgtype[pmsg->sadb_msg_type]++;
193 	}
194 
195 	if (sbprio == 0)
196 		ok = sbappendaddr(&rp->rcb_socket->so_rcv,
197 			       (struct sockaddr *)&key_src, m, NULL);
198 	else
199 		ok = sbappendaddrchain(&rp->rcb_socket->so_rcv,
200 			       (struct sockaddr *)&key_src, m, sbprio);
201 
202 	  if (!ok) {
203 		pfkeystat.in_nomem++;
204 		m_freem(m);
205 		error = ENOBUFS;
206 	} else
207 		error = 0;
208 	sorwakeup(rp->rcb_socket);
209 	return error;
210 }
211 
212 /* XXX this interface should be obsoleted. */
213 int
214 key_sendup(so, msg, len, target)
215 	struct socket *so;
216 	struct sadb_msg *msg;
217 	u_int len;
218 	int target;	/*target of the resulting message*/
219 {
220 	struct mbuf *m, *n, *mprev;
221 	int tlen;
222 
223 	/* sanity check */
224 	if (so == 0 || msg == 0)
225 		panic("key_sendup: NULL pointer was passed");
226 
227 	KEYDEBUG(KEYDEBUG_KEY_DUMP,
228 		printf("key_sendup: \n");
229 		kdebug_sadb(msg));
230 
231 	/*
232 	 * we increment statistics here, just in case we have ENOBUFS
233 	 * in this function.
234 	 */
235 	pfkeystat.in_total++;
236 	pfkeystat.in_bytes += len;
237 	pfkeystat.in_msgtype[msg->sadb_msg_type]++;
238 
239 	/*
240 	 * Get mbuf chain whenever possible (not clusters),
241 	 * to save socket buffer.  We'll be generating many SADB_ACQUIRE
242 	 * messages to listening key sockets.  If we simply allocate clusters,
243 	 * sbappendaddr() will raise ENOBUFS due to too little sbspace().
244 	 * sbspace() computes # of actual data bytes AND mbuf region.
245 	 *
246 	 * TODO: SADB_ACQUIRE filters should be implemented.
247 	 */
248 	tlen = len;
249 	m = mprev = NULL;
250 	while (tlen > 0) {
251 		if (tlen == len) {
252 			MGETHDR(n, M_DONTWAIT, MT_DATA);
253 			n->m_len = MHLEN;
254 		} else {
255 			MGET(n, M_DONTWAIT, MT_DATA);
256 			n->m_len = MLEN;
257 		}
258 		if (!n) {
259 			pfkeystat.in_nomem++;
260 			return ENOBUFS;
261 		}
262 		if (tlen >= MCLBYTES) {	/*XXX better threshold? */
263 			MCLGET(n, M_DONTWAIT);
264 			if ((n->m_flags & M_EXT) == 0) {
265 				m_free(n);
266 				m_freem(m);
267 				pfkeystat.in_nomem++;
268 				return ENOBUFS;
269 			}
270 			n->m_len = MCLBYTES;
271 		}
272 
273 		if (tlen < n->m_len)
274 			n->m_len = tlen;
275 		n->m_next = NULL;
276 		if (m == NULL)
277 			m = mprev = n;
278 		else {
279 			mprev->m_next = n;
280 			mprev = n;
281 		}
282 		tlen -= n->m_len;
283 		n = NULL;
284 	}
285 	m->m_pkthdr.len = len;
286 	m->m_pkthdr.rcvif = NULL;
287 	m_copyback(m, 0, len, (caddr_t)msg);
288 
289 	/* avoid duplicated statistics */
290 	pfkeystat.in_total--;
291 	pfkeystat.in_bytes -= len;
292 	pfkeystat.in_msgtype[msg->sadb_msg_type]--;
293 
294 	return key_sendup_mbuf(so, m, target);
295 }
296 
297 /* so can be NULL if target != KEY_SENDUP_ONE */
298 int
299 key_sendup_mbuf(so, m, target /*, sbprio */)
300 	struct socket *so;
301 	struct mbuf *m;
302 	int target;
303 {
304 	struct mbuf *n;
305 	struct keycb *kp;
306 	int sendup;
307 	struct rawcb *rp;
308 	int error = 0;
309 	int sbprio = 0; /* XXX should be a parameter */
310 
311 	if (m == NULL)
312 		panic("key_sendup_mbuf: NULL pointer was passed");
313 	if (so == NULL && target == KEY_SENDUP_ONE)
314 		panic("key_sendup_mbuf: NULL pointer was passed");
315 
316 	/*
317 	 * RFC 2367 says ACQUIRE and other kernel-generated messages
318 	 * are special. We treat all KEY_SENDUP_REGISTERED messages
319 	 * as special, delivering them to all registered sockets
320 	 * even if the socket is at or above its so->so_rcv.sb_max limits.
321 	 * The only constraint is that the  so_rcv data fall below
322 	 * key_registered_sb_max.
323 	 * Doing that check here avoids reworking every key_sendup_mbuf()
324 	 * in the short term. . The rework will be done after a technical
325 	 * conensus that this approach is appropriate.
326  	 */
327 	if (target == KEY_SENDUP_REGISTERED) {
328 		sbprio = SB_PRIO_BESTEFFORT;
329 	}
330 
331 	pfkeystat.in_total++;
332 	pfkeystat.in_bytes += m->m_pkthdr.len;
333 	if (m->m_len < sizeof(struct sadb_msg)) {
334 #if 1
335 		m = m_pullup(m, sizeof(struct sadb_msg));
336 		if (m == NULL) {
337 			pfkeystat.in_nomem++;
338 			return ENOBUFS;
339 		}
340 #else
341 		/* don't bother pulling it up just for stats */
342 #endif
343 	}
344 	if (m->m_len >= sizeof(struct sadb_msg)) {
345 		struct sadb_msg *msg;
346 		msg = mtod(m, struct sadb_msg *);
347 		pfkeystat.in_msgtype[msg->sadb_msg_type]++;
348 	}
349 
350 	LIST_FOREACH(rp, &rawcb_list, rcb_list)
351 	{
352 		struct socket * kso = rp->rcb_socket;
353 		if (rp->rcb_proto.sp_family != PF_KEY)
354 			continue;
355 		if (rp->rcb_proto.sp_protocol
356 		 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
357 			continue;
358 		}
359 
360 		kp = (struct keycb *)rp;
361 
362 		/*
363 		 * If you are in promiscuous mode, and when you get broadcasted
364 		 * reply, you'll get two PF_KEY messages.
365 		 * (based on pf_key@inner.net message on 14 Oct 1998)
366 		 */
367 		if (((struct keycb *)rp)->kp_promisc) {
368 			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
369 				(void)key_sendup0(rp, n, 1, 0);
370 				n = NULL;
371 			}
372 		}
373 
374 		/* the exact target will be processed later */
375 		if (so && sotorawcb(so) == rp)
376 			continue;
377 
378 		sendup = 0;
379 		switch (target) {
380 		case KEY_SENDUP_ONE:
381 			/* the statement has no effect */
382 			if (so && sotorawcb(so) == rp)
383 				sendup++;
384 			break;
385 		case KEY_SENDUP_ALL:
386 			sendup++;
387 			break;
388 		case KEY_SENDUP_REGISTERED:
389 			if (kp->kp_registered) {
390 				if (kso->so_rcv.sb_cc <= key_registered_sb_max)
391 					sendup++;
392 			  	else
393 			  		printf("keysock: "
394 					       "registered sendup dropped, "
395 					       "sb_cc %ld max %d\n",
396 					       kso->so_rcv.sb_cc,
397 					       key_registered_sb_max);
398 			}
399 			break;
400 		}
401 		pfkeystat.in_msgtarget[target]++;
402 
403 		if (!sendup)
404 			continue;
405 
406 		if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
407 			m_freem(m);
408 			pfkeystat.in_nomem++;
409 			return ENOBUFS;
410 		}
411 
412 		if ((error = key_sendup0(rp, n, 0, 0)) != 0) {
413 			m_freem(m);
414 			return error;
415 		}
416 
417 		n = NULL;
418 	}
419 
420 	/* The 'later' time for processing the exact target has arrived */
421 	if (so) {
422 		error = key_sendup0(sotorawcb(so), m, 0, sbprio);
423 		m = NULL;
424 	} else {
425 		error = 0;
426 		m_freem(m);
427 	}
428 	return error;
429 }
430 
431 #ifdef __FreeBSD__
432 
433 /*
434  * key_abort()
435  * derived from net/rtsock.c:rts_abort()
436  */
437 static int
438 key_abort(struct socket *so)
439 {
440 	int s, error;
441 	s = splnet(); 	/* FreeBSD */
442 	error = raw_usrreqs.pru_abort(so);
443 	splx(s);
444 	return error;
445 }
446 
447 /*
448  * key_attach()
449  * derived from net/rtsock.c:rts_attach()
450  */
451 static int
452 key_attach(struct socket *so, int proto, struct proc *td)
453 {
454 	struct keycb *kp;
455 	int s, error;
456 
457 	if (sotorawcb(so) != 0)
458 		return EISCONN;	/* XXX panic? */
459 	kp = (struct keycb *)malloc(sizeof *kp, M_PCB, M_WAITOK|M_ZERO); /* XXX */
460 	if (kp == 0)
461 		return ENOBUFS;
462 
463 	/*
464 	 * The spl[soft]net() is necessary to block protocols from sending
465 	 * error notifications (like RTM_REDIRECT or RTM_LOSING) while
466 	 * this PCB is extant but incompletely initialized.
467 	 * Probably we should try to do more of this work beforehand and
468 	 * eliminate the spl.
469 	 */
470 	s = splnet();	/* FreeBSD */
471 	so->so_pcb = (caddr_t)kp;
472 	error = raw_usrreqs.pru_attach(so, proto, td);
473 	kp = (struct keycb *)sotorawcb(so);
474 	if (error) {
475 		free(kp, M_PCB);
476 		so->so_pcb = (caddr_t) 0;
477 		splx(s);
478 		return error;
479 	}
480 
481 	kp->kp_promisc = kp->kp_registered = 0;
482 
483 	if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */
484 		key_cb.key_count++;
485 	key_cb.any_count++;
486 	kp->kp_raw.rcb_laddr = &key_src;
487 	kp->kp_raw.rcb_faddr = &key_dst;
488 	soisconnected(so);
489 	so->so_options |= SO_USELOOPBACK;
490 
491 	splx(s);
492 	return 0;
493 }
494 
495 /*
496  * key_bind()
497  * derived from net/rtsock.c:rts_bind()
498  */
499 static int
500 key_bind(struct socket *so, struct sockaddr *nam, struct proc *td)
501 {
502 	int s, error;
503 	s = splnet();	/* FreeBSD */
504 	error = raw_usrreqs.pru_bind(so, nam, td); /* xxx just EINVAL */
505 	splx(s);
506 	return error;
507 }
508 
509 /*
510  * key_connect()
511  * derived from net/rtsock.c:rts_connect()
512  */
513 static int
514 key_connect(struct socket *so, struct sockaddr *nam, struct proc *td)
515 {
516 	int s, error;
517 	s = splnet();	/* FreeBSD */
518 	error = raw_usrreqs.pru_connect(so, nam, td); /* XXX just EINVAL */
519 	splx(s);
520 	return error;
521 }
522 
523 /*
524  * key_detach()
525  * derived from net/rtsock.c:rts_detach()
526  */
527 static int
528 key_detach(struct socket *so)
529 {
530 	struct keycb *kp = (struct keycb *)sotorawcb(so);
531 	int s, error;
532 
533 	s = splnet();	/* FreeBSD */
534 	if (kp != 0) {
535 		if (kp->kp_raw.rcb_proto.sp_protocol
536 		    == PF_KEY) /* XXX: AF_KEY */
537 			key_cb.key_count--;
538 		key_cb.any_count--;
539 
540 		key_freereg(so);
541 	}
542 	error = raw_usrreqs.pru_detach(so);
543 	splx(s);
544 	return error;
545 }
546 
547 /*
548  * key_disconnect()
549  * derived from net/rtsock.c:key_disconnect()
550  */
551 static int
552 key_disconnect(struct socket *so)
553 {
554 	int s, error;
555 	s = splnet();	/* FreeBSD */
556 	error = raw_usrreqs.pru_disconnect(so);
557 	splx(s);
558 	return error;
559 }
560 
561 /*
562  * key_peeraddr()
563  * derived from net/rtsock.c:rts_peeraddr()
564  */
565 static int
566 key_peeraddr(struct socket *so, struct sockaddr **nam)
567 {
568 	int s, error;
569 	s = splnet();	/* FreeBSD */
570 	error = raw_usrreqs.pru_peeraddr(so, nam);
571 	splx(s);
572 	return error;
573 }
574 
575 /*
576  * key_send()
577  * derived from net/rtsock.c:rts_send()
578  */
579 static int
580 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
581 	 struct mbuf *control, struct proc *td)
582 {
583 	int s, error;
584 	s = splnet();	/* FreeBSD */
585 	error = raw_usrreqs.pru_send(so, flags, m, nam, control, td);
586 	splx(s);
587 	return error;
588 }
589 
590 /*
591  * key_shutdown()
592  * derived from net/rtsock.c:rts_shutdown()
593  */
594 static int
595 key_shutdown(struct socket *so)
596 {
597 	int s, error;
598 	s = splnet();	/* FreeBSD */
599 	error = raw_usrreqs.pru_shutdown(so);
600 	splx(s);
601 	return error;
602 }
603 
604 /*
605  * key_sockaddr()
606  * derived from net/rtsock.c:rts_sockaddr()
607  */
608 static int
609 key_sockaddr(struct socket *so, struct sockaddr **nam)
610 {
611 	int s, error;
612 	s = splnet();	/* FreeBSD */
613 	error = raw_usrreqs.pru_sockaddr(so, nam);
614 	splx(s);
615 	return error;
616 }
617 #else /*!__FreeBSD__ -- traditional proto_usrreq() switch */
618 
619 /*
620  * key_usrreq()
621  * derived from net/rtsock.c:route_usrreq()
622  */
623 int
624 key_usrreq(so, req, m, nam, control, l)
625 	struct socket *so;
626 	int req;
627 	struct mbuf *m, *nam, *control;
628 	struct lwp *l;
629 {
630 	int error = 0;
631 	struct keycb *kp = (struct keycb *)sotorawcb(so);
632 	int s;
633 
634 	s = splsoftnet();
635 	if (req == PRU_ATTACH) {
636 		kp = (struct keycb *)malloc(sizeof(*kp), M_PCB, M_WAITOK);
637 		so->so_pcb = (caddr_t)kp;
638 		if (so->so_pcb)
639 			bzero(so->so_pcb, sizeof(*kp));
640 	}
641 	if (req == PRU_DETACH && kp) {
642 		int af = kp->kp_raw.rcb_proto.sp_protocol;
643 		if (af == PF_KEY) /* XXX: AF_KEY */
644 			key_cb.key_count--;
645 		key_cb.any_count--;
646 
647 		key_freereg(so);
648 	}
649 
650 	error = raw_usrreq(so, req, m, nam, control, l);
651 	m = control = NULL;	/* reclaimed in raw_usrreq */
652 	kp = (struct keycb *)sotorawcb(so);
653 	if (req == PRU_ATTACH && kp) {
654 		int af = kp->kp_raw.rcb_proto.sp_protocol;
655 		if (error) {
656 			pfkeystat.sockerr++;
657 			free((caddr_t)kp, M_PCB);
658 			so->so_pcb = (caddr_t) 0;
659 			splx(s);
660 			return (error);
661 		}
662 
663 		kp->kp_promisc = kp->kp_registered = 0;
664 
665 		if (af == PF_KEY) /* XXX: AF_KEY */
666 			key_cb.key_count++;
667 		key_cb.any_count++;
668 		kp->kp_raw.rcb_laddr = &key_src;
669 		kp->kp_raw.rcb_faddr = &key_dst;
670 		soisconnected(so);
671 		so->so_options |= SO_USELOOPBACK;
672 	}
673 	splx(s);
674 	return (error);
675 }
676 #endif /*!__FreeBSD__*/
677 
678 /* sysctl */
679 #ifdef SYSCTL_NODE
680 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW, 0, "Key Family");
681 #endif /* SYSCTL_NODE */
682 
683 /*
684  * Definitions of protocols supported in the KEY domain.
685  */
686 
687 #ifdef __FreeBSD__
688 extern struct domain keydomain;
689 
690 struct pr_usrreqs key_usrreqs = {
691 	key_abort, pru_accept_notsupp, key_attach, key_bind,
692 	key_connect,
693 	pru_connect2_notsupp, pru_control_notsupp, key_detach,
694 	key_disconnect, pru_listen_notsupp, key_peeraddr,
695 	pru_rcvd_notsupp,
696 	pru_rcvoob_notsupp, key_send, pru_sense_null, key_shutdown,
697 	key_sockaddr, sosend, soreceive, sopoll
698 };
699 
700 struct protosw keysw[] = {
701 { SOCK_RAW,	&keydomain,	PF_KEY_V2,	PR_ATOMIC|PR_ADDR,
702   0,		(pr_output_t *)key_output,	raw_ctlinput, 0,
703   0,
704   raw_init,	0,		0,		0,
705   &key_usrreqs
706 }
707 };
708 
709 static void
710 key_init0(void)
711 {
712 	bzero((caddr_t)&key_cb, sizeof(key_cb));
713 	key_init();
714 }
715 
716 struct domain keydomain =
717     { PF_KEY, "key", key_init0, 0, 0,
718       keysw, &keysw[sizeof(keysw)/sizeof(keysw[0])] };
719 
720 DOMAIN_SET(key);
721 
722 #else /* !__FreeBSD__ */
723 
724 DOMAIN_DEFINE(keydomain);
725 
726 const struct protosw keysw[] = {
727     {
728 	.pr_type = SOCK_RAW,
729 	.pr_domain = &keydomain,
730 	.pr_protocol = PF_KEY_V2,
731 	.pr_flags = PR_ATOMIC|PR_ADDR,
732 	.pr_output = key_output,
733 	.pr_ctlinput = raw_ctlinput,
734 	.pr_usrreq = key_usrreq,
735 	.pr_init = raw_init,
736     }
737 };
738 
739 struct domain keydomain = {
740     .dom_family = PF_KEY,
741     .dom_name = "key",
742     .dom_init = key_init,
743     .dom_protosw = keysw,
744     .dom_protoswNPROTOSW = &keysw[__arraycount(keysw)],
745 };
746 
747 #endif
748