search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / sys / netipsec / xform_ah.c
blob2024527556f577daa1bfe085b20e4061f21d8fb3
1 /* $NetBSD: xform_ah.c,v 1.25 2009/03/18 17:06:52 cegger Exp $ */
2 /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
3 /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
4 /*
5 * The authors of this code are John Ioannidis (ji@tla.org),
6 * Angelos D. Keromytis (kermit@csd.uch.gr) and
7 * Niels Provos (provos@physnet.uni-hamburg.de).
8 *
9 * The original version of this code was written by John Ioannidis
10 * for BSD/OS in Athens, Greece, in November 1995.
11 *
12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
13 * by Angelos D. Keromytis.
14 *
15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
16 * and Niels Provos.
17 *
18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist.
19 *
20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
21 * Angelos D. Keromytis and Niels Provos.
22 * Copyright (c) 1999 Niklas Hallqvist.
23 * Copyright (c) 2001 Angelos D. Keromytis.
24 *
25 * Permission to use, copy, and modify this software with or without fee
26 * is hereby granted, provided that this entire notice is included in
27 * all copies of any software which is or includes a copy or
28 * modification of this software.
29 * You may use this code under the GNU public license if you so wish. Please
30 * contribute changes back to the authors under this freer than GPL license
31 * so that we may further the use of strong encryption without limitations to
32 * all.
33 *
34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
38 * PURPOSE.
39 */
40
41 #include <sys/cdefs.h>
42 __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.25 2009/03/18 17:06:52 cegger Exp $");
43
44 #include "opt_inet.h"
45 #ifdef __FreeBSD__
46 #include "opt_inet6.h"
47 #endif
48
49 #include <sys/param.h>
50 #include <sys/systm.h>
51 #include <sys/mbuf.h>
52 #include <sys/socket.h>
53 #include <sys/syslog.h>
54 #include <sys/kernel.h>
55 #include <sys/sysctl.h>
56
57 #include <net/if.h>
58
59 #include <netinet/in.h>
60 #include <netinet/in_systm.h>
61 #include <netinet/ip.h>
62 #include <netinet/ip_ecn.h>
63 #include <netinet/ip6.h>
64
65 #include <net/route.h>
66 #include <netipsec/ipsec.h>
67 #include <netipsec/ipsec_private.h>
68 #include <netipsec/ah.h>
69 #include <netipsec/ah_var.h>
70 #include <netipsec/xform.h>
71
72 #ifdef INET6
73 #include <netinet6/ip6_var.h>
74 #include <netipsec/ipsec6.h>
75 # ifdef __FreeBSD__
76 # include <netinet6/ip6_ecn.h>
77 # endif
78 #endif
79
80 #include <netipsec/key.h>
81 #include <netipsec/key_debug.h>
82 #include <netipsec/ipsec_osdep.h>
83
84 #include <opencrypto/cryptodev.h>
85
86 /*
87 * Return header size in bytes. The old protocol did not support
88 * the replay counter; the new protocol always includes the counter.
89 */
90 #define HDRSIZE(sav) \
91 (((sav)->flags & SADB_X_EXT_OLD) ? \
92 sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t))
93 /*
94 * Return authenticator size in bytes. The old protocol is known
95 * to use a fixed 16-byte authenticator. The new algorithm gets
96 * this size from the xform but is (currently) always 12.
97 */
98 #define AUTHSIZE(sav) \
99 ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize)
100
101 percpu_t *ahstat_percpu;
102
103 int ah_enable = 1; /* control flow of packets with AH */
104 int ip4_ah_cleartos = 1; /* clear ip_tos when doing AH calc */
105
106 #ifdef __FreeBSD__
107 SYSCTL_DECL(_net_inet_ah);
108 SYSCTL_INT(_net_inet_ah, OID_AUTO,
109 ah_enable, CTLFLAG_RW, &ah_enable, 0, "");
110 SYSCTL_INT(_net_inet_ah, OID_AUTO,
111 ah_cleartos, CTLFLAG_RW, &ip4_ah_cleartos, 0, "");
112 SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS,
113 stats, CTLFLAG_RD, &ahstat, ahstat, "");
114
115 #endif /* __FreeBSD__ */
116
117 static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
118
119 static int ah_input_cb(struct cryptop*);
120 static int ah_output_cb(struct cryptop*);
121
122 /*
123 * NB: this is public for use by the PF_KEY support.
124 */
125 struct auth_hash *
126 ah_algorithm_lookup(int alg)
127 {
128 if (alg >= AH_ALG_MAX)
129 return NULL;
130 switch (alg) {
131 case SADB_X_AALG_NULL:
132 return &auth_hash_null;
133 case SADB_AALG_MD5HMAC:
134 return &auth_hash_hmac_md5_96;
135 case SADB_AALG_SHA1HMAC:
136 return &auth_hash_hmac_sha1_96;
137 case SADB_X_AALG_RIPEMD160HMAC:
138 return &auth_hash_hmac_ripemd_160_96;
139 case SADB_X_AALG_MD5:
140 return &auth_hash_key_md5;
141 case SADB_X_AALG_SHA:
142 return &auth_hash_key_sha1;
143 case SADB_X_AALG_SHA2_256:
144 return &auth_hash_hmac_sha2_256;
145 case SADB_X_AALG_SHA2_384:
146 return &auth_hash_hmac_sha2_384;
147 case SADB_X_AALG_SHA2_512:
148 return &auth_hash_hmac_sha2_512;
149 }
150 return NULL;
151 }
152
153 size_t
154 ah_hdrsiz(struct secasvar *sav)
155 {
156 size_t size;
157
158 if (sav != NULL) {
159 int authsize;
160 IPSEC_ASSERT(sav->tdb_authalgxform != NULL,
161 ("ah_hdrsiz: null xform"));
162 /*XXX not right for null algorithm--does it matter??*/
163 authsize = AUTHSIZE(sav);
164 size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav);
165 } else {
166 /* default guess */
167 size = sizeof (struct ah) + sizeof (u_int32_t) + 16;
168 }
169 return size;
170 }
171
172 /*
173 * NB: public for use by esp_init.
174 */
175 int
176 ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria)
177 {
178 struct auth_hash *thash;
179 int keylen;
180
181 thash = ah_algorithm_lookup(sav->alg_auth);
182 if (thash == NULL) {
183 DPRINTF(("ah_init: unsupported authentication algorithm %u\n",
184 sav->alg_auth));
185 return EINVAL;
186 }
187 /*
188 * Verify the replay state block allocation is consistent with
189 * the protocol type. We check here so we can make assumptions
190 * later during protocol processing.
191 */
192 /* NB: replay state is setup elsewhere (sigh) */
193 if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) {
194 DPRINTF(("ah_init: replay state block inconsistency, "
195 "%s algorithm %s replay state\n",
196 (sav->flags & SADB_X_EXT_OLD) ? "old" : "new",
197 sav->replay == NULL ? "without" : "with"));
198 return EINVAL;
199 }
200 if (sav->key_auth == NULL) {
201 DPRINTF(("ah_init: no authentication key for %s "
202 "algorithm\n", thash->name));
203 return EINVAL;
204 }
205 keylen = _KEYLEN(sav->key_auth);
206 if (keylen != thash->keysize && thash->keysize != 0) {
207 DPRINTF(("ah_init: invalid keylength %d, algorithm "
208 "%s requires keysize %d\n",
209 keylen, thash->name, thash->keysize));
210 return EINVAL;
211 }
212
213 sav->tdb_xform = xsp;
214 sav->tdb_authalgxform = thash;
215
216 /* Initialize crypto session. */
217 memset(cria, 0, sizeof (*cria));
218 cria->cri_alg = sav->tdb_authalgxform->type;
219 cria->cri_klen = _KEYBITS(sav->key_auth);
220 cria->cri_key = _KEYBUF(sav->key_auth);
221
222 return 0;
223 }
224
225 /*
226 * ah_init() is called when an SPI is being set up.
227 */
228 static int
229 ah_init(struct secasvar *sav, struct xformsw *xsp)
230 {
231 struct cryptoini cria;
232 int error;
233
234 error = ah_init0(sav, xsp, &cria);
235 if (!error) {
236 mutex_spin_enter(&crypto_mtx);
237 error = crypto_newsession(&sav->tdb_cryptoid,
238 &cria, crypto_support);
239 mutex_spin_exit(&crypto_mtx);
240 }
241 return error;
242 }
243
244 /*
245 * Paranoia.
246 *
247 * NB: public for use by esp_zeroize (XXX).
248 */
249 int
250 ah_zeroize(struct secasvar *sav)
251 {
252 int err;
253
254 if (sav->key_auth)
255 memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth));
256
257 mutex_spin_enter(&crypto_mtx);
258 err = crypto_freesession(sav->tdb_cryptoid);
259 mutex_spin_exit(&crypto_mtx);
260 sav->tdb_cryptoid = 0;
261 sav->tdb_authalgxform = NULL;
262 sav->tdb_xform = NULL;
263 return err;
264 }
265
266 /*
267 * Massage IPv4/IPv6 headers for AH processing.
268 */
269 static int
270 ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
271 {
272 struct mbuf *m = *m0;
273 unsigned char *ptr;
274 int off, count;
275
276 #ifdef INET
277 struct ip *ip;
278 #endif /* INET */
279
280 #ifdef INET6
281 struct ip6_ext *ip6e;
282 struct ip6_hdr ip6;
283 int alloc, len, ad;
284 #endif /* INET6 */
285
286 switch (proto) {
287 #ifdef INET
288 case AF_INET:
289 /*
290 * This is the least painful way of dealing with IPv4 header
291 * and option processing -- just make sure they're in
292 * contiguous memory.
293 */
294 *m0 = m = m_pullup(m, skip);
295 if (m == NULL) {
296 DPRINTF(("ah_massage_headers: m_pullup failed\n"));
297 return ENOBUFS;
298 }
299
300 /* Fix the IP header */
301 ip = mtod(m, struct ip *);
302 if (ip4_ah_cleartos)
303 ip->ip_tos = 0;
304 ip->ip_ttl = 0;
305 ip->ip_sum = 0;
306 ip->ip_off = htons(ntohs(ip->ip_off) & ip4_ah_offsetmask);
307
308 /*
309 * On FreeBSD, ip_off and ip_len assumed in host endian;
310 * they are converted (if necessary) by ip_input().
311 * On NetBSD, ip_off and ip_len are in network byte order.
312 * They must be massaged back to network byte order
313 * before verifying the HMAC. Moreover, on FreeBSD,
314 * we should add `skip' back into the massaged ip_len
315 * (presumably ip_input() deducted it before we got here?)
316 * whereas on NetBSD, we should not.
317 */
318 #ifdef __FreeBSD__
319 #define TOHOST(x) (x)
320 #else
321 #define TOHOST(x) (ntohs(x))
322 #endif
323 if (!out) {
324 u_int16_t inlen = TOHOST(ip->ip_len);
325
326 #ifdef __FreeBSD__
327 ip->ip_len = htons(inlen + skip);
328 #else /*!__FreeBSD__ */
329 ip->ip_len = htons(inlen);
330 #endif /*!__FreeBSD__ */
331 DPRINTF(("ip len: skip %d, "
332 "in %d host %d: new: raw %d host %d\n",
333 skip,
334 inlen, TOHOST(inlen),
335 ip->ip_len, ntohs(ip->ip_len)));
336
337
338 if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
339 ip->ip_off &= IP_OFF_CONVERT(IP_DF);
340 else
341 ip->ip_off = 0;
342 } else {
343 if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
344 ip->ip_off &= IP_OFF_CONVERT(IP_DF);
345 else
346 ip->ip_off = 0;
347 }
348
349 ptr = mtod(m, unsigned char *) + sizeof(struct ip);
350
351 /* IPv4 option processing */
352 for (off = sizeof(struct ip); off < skip;) {
353 if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP ||
354 off + 1 < skip)
355 ;
356 else {
357 DPRINTF(("ah_massage_headers: illegal IPv4 "
358 "option length for option %d\n",
359 ptr[off]));
360
361 m_freem(m);
362 return EINVAL;
363 }
364
365 switch (ptr[off]) {
366 case IPOPT_EOL:
367 off = skip; /* End the loop. */
368 break;
369
370 case IPOPT_NOP:
371 off++;
372 break;
373
374 case IPOPT_SECURITY: /* 0x82 */
375 case 0x85: /* Extended security. */
376 case 0x86: /* Commercial security. */
377 case 0x94: /* Router alert */
378 case 0x95: /* RFC1770 */
379 /* Sanity check for option length. */
380 if (ptr[off + 1] < 2) {
381 DPRINTF(("ah_massage_headers: "
382 "illegal IPv4 option length for "
383 "option %d\n", ptr[off]));
384
385 m_freem(m);
386 return EINVAL;
387 }
388
389 off += ptr[off + 1];
390 break;
391
392 case IPOPT_LSRR:
393 case IPOPT_SSRR:
394 /* Sanity check for option length. */
395 if (ptr[off + 1] < 2) {
396 DPRINTF(("ah_massage_headers: "
397 "illegal IPv4 option length for "
398 "option %d\n", ptr[off]));
399
400 m_freem(m);
401 return EINVAL;
402 }
403
404 /*
405 * On output, if we have either of the
406 * source routing options, we should
407 * swap the destination address of the
408 * IP header with the last address
409 * specified in the option, as that is
410 * what the destination's IP header
411 * will look like.
412 */
413 if (out)
414 bcopy(ptr + off + ptr[off + 1] -
415 sizeof(struct in_addr),
416 &(ip->ip_dst), sizeof(struct in_addr));
417
418 /* Fall through */
419 default:
420 /* Sanity check for option length. */
421 if (ptr[off + 1] < 2) {
422 DPRINTF(("ah_massage_headers: "
423 "illegal IPv4 option length for "
424 "option %d\n", ptr[off]));
425 m_freem(m);
426 return EINVAL;
427 }
428
429 /* Zeroize all other options. */
430 count = ptr[off + 1];
431 memcpy(ptr, ipseczeroes, count);
432 off += count;
433 break;
434 }
435
436 /* Sanity check. */
437 if (off > skip) {
438 DPRINTF(("ah_massage_headers(): malformed "
439 "IPv4 options header\n"));
440
441 m_freem(m);
442 return EINVAL;
443 }
444 }
445
446 break;
447 #endif /* INET */
448
449 #ifdef INET6
450 case AF_INET6: /* Ugly... */
451 /* Copy and "cook" the IPv6 header. */
452 m_copydata(m, 0, sizeof(ip6), &ip6);
453
454 /* We don't do IPv6 Jumbograms. */
455 if (ip6.ip6_plen == 0) {
456 DPRINTF(("ah_massage_headers: unsupported IPv6 jumbogram\n"));
457 m_freem(m);
458 return EMSGSIZE;
459 }
460
461 ip6.ip6_flow = 0;
462 ip6.ip6_hlim = 0;
463 ip6.ip6_vfc &= ~IPV6_VERSION_MASK;
464 ip6.ip6_vfc |= IPV6_VERSION;
465
466 /* Scoped address handling. */
467 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src))
468 ip6.ip6_src.s6_addr16[1] = 0;
469 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst))
470 ip6.ip6_dst.s6_addr16[1] = 0;
471
472 /* Done with IPv6 header. */
473 m_copyback(m, 0, sizeof(struct ip6_hdr), &ip6);
474
475 /* Let's deal with the remaining headers (if any). */
476 if (skip - sizeof(struct ip6_hdr) > 0) {
477 if (m->m_len <= skip) {
478 ptr = (unsigned char *) malloc(
479 skip - sizeof(struct ip6_hdr),
480 M_XDATA, M_NOWAIT);
481 if (ptr == NULL) {
482 DPRINTF(("ah_massage_headers: failed "
483 "to allocate memory for IPv6 "
484 "headers\n"));
485 m_freem(m);
486 return ENOBUFS;
487 }
488
489 /*
490 * Copy all the protocol headers after
491 * the IPv6 header.
492 */
493 m_copydata(m, sizeof(struct ip6_hdr),
494 skip - sizeof(struct ip6_hdr), ptr);
495 alloc = 1;
496 } else {
497 /* No need to allocate memory. */
498 ptr = mtod(m, unsigned char *) +
499 sizeof(struct ip6_hdr);
500 alloc = 0;
501 }
502 } else
503 break;
504
505 off = ip6.ip6_nxt & 0xff; /* Next header type. */
506
507 for (len = 0; len < skip - sizeof(struct ip6_hdr);)
508 switch (off) {
509 case IPPROTO_HOPOPTS:
510 case IPPROTO_DSTOPTS:
511 ip6e = (struct ip6_ext *) (ptr + len);
512
513 /*
514 * Process the mutable/immutable
515 * options -- borrows heavily from the
516 * KAME code.
517 */
518 for (count = len + sizeof(struct ip6_ext);
519 count < len + ((ip6e->ip6e_len + 1) << 3);) {
520 if (ptr[count] == IP6OPT_PAD1) {
521 count++;
522 continue; /* Skip padding. */
523 }
524
525 /* Sanity check. */
526 if (count > len +
527 ((ip6e->ip6e_len + 1) << 3)) {
528 m_freem(m);
529
530 /* Free, if we allocated. */
531 if (alloc)
532 free(ptr, M_XDATA);
533 return EINVAL;
534 }
535
536 ad = ptr[count + 1];
537
538 /* If mutable option, zeroize. */
539 if (ptr[count] & IP6OPT_MUTABLE)
540 memcpy(ptr + count, ipseczeroes,
541 ptr[count + 1]);
542
543 count += ad;
544
545 /* Sanity check. */
546 if (count >
547 skip - sizeof(struct ip6_hdr)) {
548 m_freem(m);
549
550 /* Free, if we allocated. */
551 if (alloc)
552 free(ptr, M_XDATA);
553 return EINVAL;
554 }
555 }
556
557 /* Advance. */
558 len += ((ip6e->ip6e_len + 1) << 3);
559 off = ip6e->ip6e_nxt;
560 break;
561
562 case IPPROTO_ROUTING:
563 /*
564 * Always include routing headers in
565 * computation.
566 */
567 ip6e = (struct ip6_ext *) (ptr + len);
568 len += ((ip6e->ip6e_len + 1) << 3);
569 off = ip6e->ip6e_nxt;
570 break;
571
572 default:
573 DPRINTF(("ah_massage_headers: unexpected "
574 "IPv6 header type %d", off));
575 if (alloc)
576 free(ptr, M_XDATA);
577 m_freem(m);
578 return EINVAL;
579 }
580
581 /* Copyback and free, if we allocated. */
582 if (alloc) {
583 m_copyback(m, sizeof(struct ip6_hdr),
584 skip - sizeof(struct ip6_hdr), ptr);
585 free(ptr, M_XDATA);
586 }
587
588 break;
589 #endif /* INET6 */
590 }
591
592 return 0;
593 }
594
595 /*
596 * ah_input() gets called to verify that an input packet
597 * passes authentication.
598 */
599 static int
600 ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
601 {
602 struct auth_hash *ahx;
603 struct tdb_ident *tdbi;
604 struct tdb_crypto *tc;
605 struct m_tag *mtag;
606 struct newah *ah;
607 int hl, rplen, authsize;
608
609 struct cryptodesc *crda;
610 struct cryptop *crp;
611
612 IPSEC_SPLASSERT_SOFTNET("ah_input");
613
614 IPSEC_ASSERT(sav != NULL, ("ah_input: null SA"));
615 IPSEC_ASSERT(sav->key_auth != NULL,
616 ("ah_input: null authentication key"));
617 IPSEC_ASSERT(sav->tdb_authalgxform != NULL,
618 ("ah_input: null authentication xform"));
619
620 /* Figure out header size. */
621 rplen = HDRSIZE(sav);
622
623 /* XXX don't pullup, just copy header */
624 IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen);
625 if (ah == NULL) {
626 DPRINTF(("ah_input: cannot pullup header\n"));
627 AH_STATINC(AH_STAT_HDROPS); /*XXX*/
628 m_freem(m);
629 return ENOBUFS;
630 }
631
632 /* Check replay window, if applicable. */
633 if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
634 AH_STATINC(AH_STAT_REPLAY);
635 DPRINTF(("ah_input: packet replay failure: %s\n",
636 ipsec_logsastr(sav)));
637 m_freem(m);
638 return ENOBUFS;
639 }
640
641 /* Verify AH header length. */
642 hl = ah->ah_len * sizeof (u_int32_t);
643 ahx = sav->tdb_authalgxform;
644 authsize = AUTHSIZE(sav);
645 if (hl != authsize + rplen - sizeof (struct ah)) {
646 DPRINTF(("ah_input: bad authenticator length %u (expecting %lu)"
647 " for packet in SA %s/%08lx\n",
648 hl, (u_long) (authsize + rplen - sizeof (struct ah)),
649 ipsec_address(&sav->sah->saidx.dst),
650 (u_long) ntohl(sav->spi)));
651 AH_STATINC(AH_STAT_BADAUTHL);
652 m_freem(m);
653 return EACCES;
654 }
655 AH_STATADD(AH_STAT_IBYTES, m->m_pkthdr.len - skip - hl);
656 DPRINTF(("ah_input skip %d poff %d\n"
657 "len: hl %d authsize %d rpl %d expect %ld\n",
658 skip, protoff,
659 hl, authsize, rplen,
660 (long)(authsize + rplen - sizeof(struct ah))));
661
662 /* Get crypto descriptors. */
663 crp = crypto_getreq(1);
664 if (crp == NULL) {
665 DPRINTF(("ah_input: failed to acquire crypto descriptor\n"));
666 AH_STATINC(AH_STAT_CRYPTO);
667 m_freem(m);
668 return ENOBUFS;
669 }
670
671 crda = crp->crp_desc;
672 IPSEC_ASSERT(crda != NULL, ("ah_input: null crypto descriptor"));
673
674 crda->crd_skip = 0;
675 crda->crd_len = m->m_pkthdr.len;
676 crda->crd_inject = skip + rplen;
677
678 /* Authentication operation. */
679 crda->crd_alg = ahx->type;
680 crda->crd_key = _KEYBUF(sav->key_auth);
681 crda->crd_klen = _KEYBITS(sav->key_auth);
682
683 /* Find out if we've already done crypto. */
684 for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, NULL);
685 mtag != NULL;
686 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, mtag)) {
687 tdbi = (struct tdb_ident *) (mtag + 1);
688 if (tdbi->proto == sav->sah->saidx.proto &&
689 tdbi->spi == sav->spi &&
690 !memcmp(&tdbi->dst, &sav->sah->saidx.dst,
691 sizeof (union sockaddr_union)))
692 break;
693 }
694
695 /* Allocate IPsec-specific opaque crypto info. */
696 if (mtag == NULL) {
697 tc = (struct tdb_crypto *) malloc(sizeof (struct tdb_crypto) +
698 skip + rplen + authsize, M_XDATA, M_NOWAIT|M_ZERO);
699 } else {
700 /* Hash verification has already been done successfully. */
701 tc = (struct tdb_crypto *) malloc(sizeof (struct tdb_crypto),
702 M_XDATA, M_NOWAIT|M_ZERO);
703 }
704 if (tc == NULL) {
705 DPRINTF(("ah_input: failed to allocate tdb_crypto\n"));
706 AH_STATINC(AH_STAT_CRYPTO);
707 crypto_freereq(crp);
708 m_freem(m);
709 return ENOBUFS;
710 }
711
712 /* Only save information if crypto processing is needed. */
713 if (mtag == NULL) {
714 int error;
715
716 /*
717 * Save the authenticator, the skipped portion of the packet,
718 * and the AH header.
719 */
720 m_copydata(m, 0, skip + rplen + authsize, (char *)(tc+1));
721
722 {
723 u_int8_t *pppp = ((char *)(tc+1))+skip+rplen;
724 DPRINTF(("ah_input: zeroing %d bytes of authent " \
725 "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
726 authsize,
727 pppp[0], pppp[1], pppp[2], pppp[3],
728 pppp[4], pppp[5], pppp[6], pppp[7],
729 pppp[8], pppp[9], pppp[10], pppp[11]));
730 }
731
732 /* Zeroize the authenticator on the packet. */
733 m_copyback(m, skip + rplen, authsize, ipseczeroes);
734
735 /* "Massage" the packet headers for crypto processing. */
736 error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
737 skip, ahx->type, 0);
738 if (error != 0) {
739 /* NB: mbuf is free'd by ah_massage_headers */
740 AH_STATINC(AH_STAT_HDROPS);
741 free(tc, M_XDATA);
742 crypto_freereq(crp);
743 return error;
744 }
745 }
746
747 /* Crypto operation descriptor. */
748 crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
749 crp->crp_flags = CRYPTO_F_IMBUF;
750 crp->crp_buf = m;
751 crp->crp_callback = ah_input_cb;
752 crp->crp_sid = sav->tdb_cryptoid;
753 crp->crp_opaque = tc;
754
755 /* These are passed as-is to the callback. */
756 tc->tc_spi = sav->spi;
757 tc->tc_dst = sav->sah->saidx.dst;
758 tc->tc_proto = sav->sah->saidx.proto;
759 tc->tc_nxt = ah->ah_nxt;
760 tc->tc_protoff = protoff;
761 tc->tc_skip = skip;
762 tc->tc_ptr = mtag; /* Save the mtag we've identified. */
763
764 DPRINTF(("ah: hash over %d bytes, skip %d: "
765 "crda len %d skip %d inject %d\n",
766 crp->crp_ilen, tc->tc_skip,
767 crda->crd_len, crda->crd_skip, crda->crd_inject));
768
769 if (mtag == NULL)
770 return crypto_dispatch(crp);
771 else
772 return ah_input_cb(crp);
773 }
774
775 #ifdef INET6
776 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag) do { \
777 if (saidx->dst.sa.sa_family == AF_INET6) { \
778 error = ipsec6_common_input_cb(m, sav, skip, protoff, mtag); \
779 } else { \
780 error = ipsec4_common_input_cb(m, sav, skip, protoff, mtag); \
781 } \
782 } while (0)
783 #else
784 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag) \
785 (error = ipsec4_common_input_cb(m, sav, skip, protoff, mtag))
786 #endif
787
788 /*
789 * AH input callback from the crypto driver.
790 */
791 static int
792 ah_input_cb(struct cryptop *crp)
793 {
794 int rplen, error, skip, protoff;
795 unsigned char calc[AH_ALEN_MAX];
796 struct mbuf *m;
797 struct cryptodesc *crd;
798 struct auth_hash *ahx;
799 struct tdb_crypto *tc;
800 struct m_tag *mtag;
801 struct secasvar *sav;
802 struct secasindex *saidx;
803 u_int8_t nxt;
804 char *ptr;
805 int s, authsize;
806 u_int16_t dport = 0;
807 u_int16_t sport = 0;
808 #ifdef IPSEC_NAT_T
809 struct m_tag * tag = NULL;
810 #endif
811
812 crd = crp->crp_desc;
813
814 tc = (struct tdb_crypto *) crp->crp_opaque;
815 IPSEC_ASSERT(tc != NULL, ("ah_input_cb: null opaque crypto data area!"));
816 skip = tc->tc_skip;
817 nxt = tc->tc_nxt;
818 protoff = tc->tc_protoff;
819 mtag = (struct m_tag *) tc->tc_ptr;
820 m = (struct mbuf *) crp->crp_buf;
821
822
823 #ifdef IPSEC_NAT_T
824 /* find the source port for NAT-T */
825 if ((tag = m_tag_find(m, PACKET_TAG_IPSEC_NAT_T_PORTS, NULL))) {
826 sport = ((u_int16_t *)(tag + 1))[0];
827 dport = ((u_int16_t *)(tag + 1))[1];
828 }
829 #endif
830
831 s = splsoftnet();
832
833 sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport);
834 if (sav == NULL) {
835 AH_STATINC(AH_STAT_NOTDB);
836 DPRINTF(("ah_input_cb: SA expired while in crypto\n"));
837 error = ENOBUFS; /*XXX*/
838 goto bad;
839 }
840
841 saidx = &sav->sah->saidx;
842 IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET ||
843 saidx->dst.sa.sa_family == AF_INET6,
844 ("ah_input_cb: unexpected protocol family %u",
845 saidx->dst.sa.sa_family));
846
847 ahx = (struct auth_hash *) sav->tdb_authalgxform;
848
849 /* Check for crypto errors. */
850 if (crp->crp_etype) {
851 if (sav->tdb_cryptoid != 0)
852 sav->tdb_cryptoid = crp->crp_sid;
853
854 if (crp->crp_etype == EAGAIN)
855 return crypto_dispatch(crp);
856
857 AH_STATINC(AH_STAT_NOXFORM);
858 DPRINTF(("ah_input_cb: crypto error %d\n", crp->crp_etype));
859 error = crp->crp_etype;
860 goto bad;
861 } else {
862 AH_STATINC(AH_STAT_HIST + sav->alg_auth);
863 crypto_freereq(crp); /* No longer needed. */
864 crp = NULL;
865 }
866
867 /* Shouldn't happen... */
868 if (m == NULL) {
869 AH_STATINC(AH_STAT_CRYPTO);
870 DPRINTF(("ah_input_cb: bogus returned buffer from crypto\n"));
871 error = EINVAL;
872 goto bad;
873 }
874
875 /* Figure out header size. */
876 rplen = HDRSIZE(sav);
877 authsize = AUTHSIZE(sav);
878
879 if (ipsec_debug)
880 memset(calc, 0, sizeof(calc));
881
882 /* Copy authenticator off the packet. */
883 m_copydata(m, skip + rplen, authsize, calc);
884
885 /*
886 * If we have an mtag, we don't need to verify the authenticator --
887 * it has been verified by an IPsec-aware NIC.
888 */
889 if (mtag == NULL) {
890 ptr = (char *) (tc + 1);
891
892 /* Verify authenticator. */
893 if (memcmp(ptr + skip + rplen, calc, authsize)) {
894 u_int8_t *pppp = ptr + skip+rplen;
895 DPRINTF(("ah_input: authentication hash mismatch " \
896 "over %d bytes " \
897 "for packet in SA %s/%08lx:\n" \
898 "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \
899 "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
900 authsize,
901 ipsec_address(&saidx->dst),
902 (u_long) ntohl(sav->spi),
903 calc[0], calc[1], calc[2], calc[3],
904 calc[4], calc[5], calc[6], calc[7],
905 calc[8], calc[9], calc[10], calc[11],
906 pppp[0], pppp[1], pppp[2], pppp[3],
907 pppp[4], pppp[5], pppp[6], pppp[7],
908 pppp[8], pppp[9], pppp[10], pppp[11]
909 ));
910 AH_STATINC(AH_STAT_BADAUTH);
911 error = EACCES;
912 goto bad;
913 }
914
915 /* Fix the Next Protocol field. */
916 ((u_int8_t *) ptr)[protoff] = nxt;
917
918 /* Copyback the saved (uncooked) network headers. */
919 m_copyback(m, 0, skip, ptr);
920 } else {
921 /* Fix the Next Protocol field. */
922 m_copyback(m, protoff, sizeof(u_int8_t), &nxt);
923 }
924
925 free(tc, M_XDATA), tc = NULL; /* No longer needed */
926
927 /*
928 * Header is now authenticated.
929 */
930 m->m_flags |= M_AUTHIPHDR|M_AUTHIPDGM;
931
932 /*
933 * Update replay sequence number, if appropriate.
934 */
935 if (sav->replay) {
936 u_int32_t seq;
937
938 m_copydata(m, skip + offsetof(struct newah, ah_seq),
939 sizeof (seq), &seq);
940 if (ipsec_updatereplay(ntohl(seq), sav)) {
941 AH_STATINC(AH_STAT_REPLAY);
942 error = ENOBUFS; /*XXX as above*/
943 goto bad;
944 }
945 }
946
947 /*
948 * Remove the AH header and authenticator from the mbuf.
949 */
950 error = m_striphdr(m, skip, rplen + authsize);
951 if (error) {
952 DPRINTF(("ah_input_cb: mangled mbuf chain for SA %s/%08lx\n",
953 ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
954
955 AH_STATINC(AH_STAT_HDROPS);
956 goto bad;
957 }
958
959 IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag);
960
961 KEY_FREESAV(&sav);
962 splx(s);
963 return error;
964 bad:
965 if (sav)
966 KEY_FREESAV(&sav);
967 splx(s);
968 if (m != NULL)
969 m_freem(m);
970 if (tc != NULL)
971 free(tc, M_XDATA);
972 if (crp != NULL)
973 crypto_freereq(crp);
974 return error;
975 }
976
977 /*
978 * AH output routine, called by ipsec[46]_process_packet().
979 */
980 static int
981 ah_output(
982 struct mbuf *m,
983 struct ipsecrequest *isr,
984 struct mbuf **mp,
985 int skip,
986 int protoff
987 )
988 {
989 struct secasvar *sav;
990 struct auth_hash *ahx;
991 struct cryptodesc *crda;
992 struct tdb_crypto *tc;
993 struct mbuf *mi;
994 struct cryptop *crp;
995 u_int16_t iplen;
996 int error, rplen, authsize, maxpacketsize, roff;
997 u_int8_t prot;
998 struct newah *ah;
999
1000 IPSEC_SPLASSERT_SOFTNET("ah_output");
1001
1002 sav = isr->sav;
1003 IPSEC_ASSERT(sav != NULL, ("ah_output: null SA"));
1004 ahx = sav->tdb_authalgxform;
1005 IPSEC_ASSERT(ahx != NULL, ("ah_output: null authentication xform"));
1006
1007 AH_STATINC(AH_STAT_OUTPUT);
1008
1009 /* Figure out header size. */
1010 rplen = HDRSIZE(sav);
1011
1012 /* Check for maximum packet size violations. */
1013 switch (sav->sah->saidx.dst.sa.sa_family) {
1014 #ifdef INET
1015 case AF_INET:
1016 maxpacketsize = IP_MAXPACKET;
1017 break;
1018 #endif /* INET */
1019 #ifdef INET6
1020 case AF_INET6:
1021 maxpacketsize = IPV6_MAXPACKET;
1022 break;
1023 #endif /* INET6 */
1024 default:
1025 DPRINTF(("ah_output: unknown/unsupported protocol "
1026 "family %u, SA %s/%08lx\n",
1027 sav->sah->saidx.dst.sa.sa_family,
1028 ipsec_address(&sav->sah->saidx.dst),
1029 (u_long) ntohl(sav->spi)));
1030 AH_STATINC(AH_STAT_NOPF);
1031 error = EPFNOSUPPORT;
1032 goto bad;
1033 }
1034 authsize = AUTHSIZE(sav);
1035 if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) {
1036 DPRINTF(("ah_output: packet in SA %s/%08lx got too big "
1037 "(len %u, max len %u)\n",
1038 ipsec_address(&sav->sah->saidx.dst),
1039 (u_long) ntohl(sav->spi),
1040 rplen + authsize + m->m_pkthdr.len, maxpacketsize));
1041 AH_STATINC(AH_STAT_TOOBIG);
1042 error = EMSGSIZE;
1043 goto bad;
1044 }
1045
1046 /* Update the counters. */
1047 AH_STATADD(AH_STAT_OBYTES, m->m_pkthdr.len - skip);
1048
1049 m = m_clone(m);
1050 if (m == NULL) {
1051 DPRINTF(("ah_output: cannot clone mbuf chain, SA %s/%08lx\n",
1052 ipsec_address(&sav->sah->saidx.dst),
1053 (u_long) ntohl(sav->spi)));
1054 AH_STATINC(AH_STAT_HDROPS);
1055 error = ENOBUFS;
1056 goto bad;
1057 }
1058
1059 /* Inject AH header. */
1060 mi = m_makespace(m, skip, rplen + authsize, &roff);
1061 if (mi == NULL) {
1062 DPRINTF(("ah_output: failed to inject %u byte AH header for SA "
1063 "%s/%08lx\n",
1064 rplen + authsize,
1065 ipsec_address(&sav->sah->saidx.dst),
1066 (u_long) ntohl(sav->spi)));
1067 AH_STATINC(AH_STAT_HDROPS); /*XXX differs from openbsd */
1068 error = ENOBUFS;
1069 goto bad;
1070 }
1071
1072 /*
1073 * The AH header is guaranteed by m_makespace() to be in
1074 * contiguous memory, at roff bytes offset into the returned mbuf.
1075 */
1076 ah = (struct newah *)(mtod(mi, char *) + roff);
1077
1078 /* Initialize the AH header. */
1079 m_copydata(m, protoff, sizeof(u_int8_t), (char *) &ah->ah_nxt);
1080 ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(u_int32_t);
1081 ah->ah_reserve = 0;
1082 ah->ah_spi = sav->spi;
1083
1084 /* Zeroize authenticator. */
1085 m_copyback(m, skip + rplen, authsize, ipseczeroes);
1086
1087 /* Insert packet replay counter, as requested. */
1088 if (sav->replay) {
1089 if (sav->replay->count == ~0 &&
1090 (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
1091 DPRINTF(("ah_output: replay counter wrapped for SA "
1092 "%s/%08lx\n",
1093 ipsec_address(&sav->sah->saidx.dst),
1094 (u_long) ntohl(sav->spi)));
1095 AH_STATINC(AH_STAT_WRAP);
1096 error = EINVAL;
1097 goto bad;
1098 }
1099 #ifdef IPSEC_DEBUG
1100 /* Emulate replay attack when ipsec_replay is TRUE. */
1101 if (!ipsec_replay)
1102 #endif
1103 sav->replay->count++;
1104 ah->ah_seq = htonl(sav->replay->count);
1105 }
1106
1107 /* Get crypto descriptors. */
1108 crp = crypto_getreq(1);
1109 if (crp == NULL) {
1110 DPRINTF(("ah_output: failed to acquire crypto descriptors\n"));
1111 AH_STATINC(AH_STAT_CRYPTO);
1112 error = ENOBUFS;
1113 goto bad;
1114 }
1115
1116 crda = crp->crp_desc;
1117
1118 crda->crd_skip = 0;
1119 crda->crd_inject = skip + rplen;
1120 crda->crd_len = m->m_pkthdr.len;
1121
1122 /* Authentication operation. */
1123 crda->crd_alg = ahx->type;
1124 crda->crd_key = _KEYBUF(sav->key_auth);
1125 crda->crd_klen = _KEYBITS(sav->key_auth);
1126
1127 /* Allocate IPsec-specific opaque crypto info. */
1128 tc = (struct tdb_crypto *) malloc(
1129 sizeof(struct tdb_crypto) + skip, M_XDATA, M_NOWAIT|M_ZERO);
1130 if (tc == NULL) {
1131 crypto_freereq(crp);
1132 DPRINTF(("ah_output: failed to allocate tdb_crypto\n"));
1133 AH_STATINC(AH_STAT_CRYPTO);
1134 error = ENOBUFS;
1135 goto bad;
1136 }
1137
1138 /* Save the skipped portion of the packet. */
1139 m_copydata(m, 0, skip, (tc + 1));
1140
1141 /*
1142 * Fix IP header length on the header used for
1143 * authentication. We don't need to fix the original
1144 * header length as it will be fixed by our caller.
1145 */
1146 switch (sav->sah->saidx.dst.sa.sa_family) {
1147 #ifdef INET
1148 case AF_INET:
1149 bcopy(((char *)(tc + 1)) +
1150 offsetof(struct ip, ip_len),
1151 &iplen, sizeof(u_int16_t));
1152 iplen = htons(ntohs(iplen) + rplen + authsize);
1153 m_copyback(m, offsetof(struct ip, ip_len),
1154 sizeof(u_int16_t), &iplen);
1155 break;
1156 #endif /* INET */
1157
1158 #ifdef INET6
1159 case AF_INET6:
1160 bcopy(((char *)(tc + 1)) +
1161 offsetof(struct ip6_hdr, ip6_plen),
1162 &iplen, sizeof(u_int16_t));
1163 iplen = htons(ntohs(iplen) + rplen + authsize);
1164 m_copyback(m, offsetof(struct ip6_hdr, ip6_plen),
1165 sizeof(u_int16_t), &iplen);
1166 break;
1167 #endif /* INET6 */
1168 }
1169
1170 /* Fix the Next Header field in saved header. */
1171 ((u_int8_t *) (tc + 1))[protoff] = IPPROTO_AH;
1172
1173 /* Update the Next Protocol field in the IP header. */
1174 prot = IPPROTO_AH;
1175 m_copyback(m, protoff, sizeof(u_int8_t), &prot);
1176
1177 /* "Massage" the packet headers for crypto processing. */
1178 error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
1179 skip, ahx->type, 1);
1180 if (error != 0) {
1181 m = NULL; /* mbuf was free'd by ah_massage_headers. */
1182 free(tc, M_XDATA);
1183 crypto_freereq(crp);
1184 goto bad;
1185 }
1186
1187 /* Crypto operation descriptor. */
1188 crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
1189 crp->crp_flags = CRYPTO_F_IMBUF;
1190 crp->crp_buf = m;
1191 crp->crp_callback = ah_output_cb;
1192 crp->crp_sid = sav->tdb_cryptoid;
1193 crp->crp_opaque = tc;
1194
1195 /* These are passed as-is to the callback. */
1196 tc->tc_isr = isr;
1197 tc->tc_spi = sav->spi;
1198 tc->tc_dst = sav->sah->saidx.dst;
1199 tc->tc_proto = sav->sah->saidx.proto;
1200 tc->tc_skip = skip;
1201 tc->tc_protoff = protoff;
1202
1203 return crypto_dispatch(crp);
1204 bad:
1205 if (m)
1206 m_freem(m);
1207 return (error);
1208 }
1209
1210 /*
1211 * AH output callback from the crypto driver.
1212 */
1213 static int
1214 ah_output_cb(struct cryptop *crp)
1215 {
1216 int skip, protoff, error;
1217 struct tdb_crypto *tc;
1218 struct ipsecrequest *isr;
1219 struct secasvar *sav;
1220 struct mbuf *m;
1221 void *ptr;
1222 int s, err;
1223
1224 tc = (struct tdb_crypto *) crp->crp_opaque;
1225 IPSEC_ASSERT(tc != NULL, ("ah_output_cb: null opaque data area!"));
1226 skip = tc->tc_skip;
1227 protoff = tc->tc_protoff;
1228 ptr = (tc + 1);
1229 m = (struct mbuf *) crp->crp_buf;
1230
1231 s = splsoftnet();
1232
1233 isr = tc->tc_isr;
1234 sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
1235 if (sav == NULL) {
1236 AH_STATINC(AH_STAT_NOTDB);
1237 DPRINTF(("ah_output_cb: SA expired while in crypto\n"));
1238 error = ENOBUFS; /*XXX*/
1239 goto bad;
1240 }
1241 IPSEC_ASSERT(isr->sav == sav, ("ah_output_cb: SA changed\n"));
1242
1243 /* Check for crypto errors. */
1244 if (crp->crp_etype) {
1245 if (sav->tdb_cryptoid != 0)
1246 sav->tdb_cryptoid = crp->crp_sid;
1247
1248 if (crp->crp_etype == EAGAIN) {
1249 KEY_FREESAV(&sav);
1250 splx(s);
1251 return crypto_dispatch(crp);
1252 }
1253
1254 AH_STATINC(AH_STAT_NOXFORM);
1255 DPRINTF(("ah_output_cb: crypto error %d\n", crp->crp_etype));
1256 error = crp->crp_etype;
1257 goto bad;
1258 }
1259
1260 /* Shouldn't happen... */
1261 if (m == NULL) {
1262 AH_STATINC(AH_STAT_CRYPTO);
1263 DPRINTF(("ah_output_cb: bogus returned buffer from crypto\n"));
1264 error = EINVAL;
1265 goto bad;
1266 }
1267 AH_STATINC(AH_STAT_HIST + sav->alg_auth);
1268
1269 /*
1270 * Copy original headers (with the new protocol number) back
1271 * in place.
1272 */
1273 m_copyback(m, 0, skip, ptr);
1274
1275 /* No longer needed. */
1276 free(tc, M_XDATA);
1277 crypto_freereq(crp);
1278
1279 #ifdef IPSEC_DEBUG
1280 /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
1281 if (ipsec_integrity) {
1282 int alen;
1283
1284 /*
1285 * Corrupt HMAC if we want to test integrity verification of
1286 * the other side.
1287 */
1288 alen = AUTHSIZE(sav);
1289 m_copyback(m, m->m_pkthdr.len - alen, alen, ipseczeroes);
1290 }
1291 #endif
1292
1293 /* NB: m is reclaimed by ipsec_process_done. */
1294 err = ipsec_process_done(m, isr);
1295 KEY_FREESAV(&sav);
1296 splx(s);
1297 return err;
1298 bad:
1299 if (sav)
1300 KEY_FREESAV(&sav);
1301 splx(s);
1302 if (m)
1303 m_freem(m);
1304 free(tc, M_XDATA);
1305 crypto_freereq(crp);
1306 return error;
1307 }
1308
1309 static struct xformsw ah_xformsw = {
1310 XF_AH, XFT_AUTH, "IPsec AH",
1311 ah_init, ah_zeroize, ah_input, ah_output,
1312 NULL,
1313 };
1314
1315 INITFN void
1316 ah_attach(void)
1317 {
1318 ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS);
1319 xform_register(&ah_xformsw);
1320 }
1321
1322 #ifdef __FreeBSD__
1323 SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ah_attach, NULL);
1324 #endif
NetBSD on the FriendlyARM MINI2440