keysock.c revision 1.60
1/* $NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $ */ 2/* $FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $ */ 3/* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */ 4 5/* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include <sys/cdefs.h> 35__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $"); 36 37/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */ 38 39#include <sys/types.h> 40#include <sys/param.h> 41#include <sys/domain.h> 42#include <sys/errno.h> 43#include <sys/kernel.h> 44#include <sys/kmem.h> 45#include <sys/mbuf.h> 46#include <sys/protosw.h> 47#include <sys/signalvar.h> 48#include <sys/socket.h> 49#include <sys/socketvar.h> 50#include <sys/sysctl.h> 51#include <sys/systm.h> 52#include <sys/cpu.h> 53#include <sys/syslog.h> 54 55#include <net/raw_cb.h> 56#include <net/route.h> 57 58#include <net/pfkeyv2.h> 59#include <netipsec/key.h> 60#include <netipsec/keysock.h> 61#include <netipsec/key_debug.h> 62 63#include <netipsec/ipsec_private.h> 64 65struct key_cb { 66 int key_count; 67 int any_count; 68}; 69static struct key_cb key_cb; 70 71static struct sockaddr key_dst = { 72 .sa_len = 2, 73 .sa_family = PF_KEY, 74}; 75static struct sockaddr key_src = { 76 .sa_len = 2, 77 .sa_family = PF_KEY, 78}; 79 80static const struct protosw keysw[]; 81 82static int key_sendup0(struct rawcb *, struct mbuf *, int, int); 83 84int key_registered_sb_max = (2048 * MHLEN); /* XXX arbitrary */ 85 86static kmutex_t *key_so_mtx; 87 88void 89key_init_so(void) 90{ 91 92 key_so_mtx = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE); 93} 94 95/* 96 * key_output() 97 */ 98static int 99key_output(struct mbuf *m, struct socket *so) 100{ 101 struct sadb_msg *msg; 102 int len, error = 0; 103 int s; 104 105 KASSERT(m != NULL); 106 107 { 108 uint64_t *ps = PFKEY_STAT_GETREF(); 109 ps[PFKEY_STAT_OUT_TOTAL]++; 110 ps[PFKEY_STAT_OUT_BYTES] += m->m_pkthdr.len; 111 PFKEY_STAT_PUTREF(); 112 } 113 114 len = m->m_pkthdr.len; 115 if (len < sizeof(struct sadb_msg)) { 116 PFKEY_STATINC(PFKEY_STAT_OUT_TOOSHORT); 117 error = EINVAL; 118 goto end; 119 } 120 121 if (m->m_len < sizeof(struct sadb_msg)) { 122 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) { 123 PFKEY_STATINC(PFKEY_STAT_OUT_NOMEM); 124 error = ENOBUFS; 125 goto end; 126 } 127 } 128 129 KASSERT((m->m_flags & M_PKTHDR) != 0); 130 131 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) 132 kdebug_mbuf(m); 133 134 msg = mtod(m, struct sadb_msg *); 135 PFKEY_STATINC(PFKEY_STAT_OUT_MSGTYPE + msg->sadb_msg_type); 136 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) { 137 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN); 138 error = EINVAL; 139 goto end; 140 } 141 142 /*XXX giant lock*/ 143 s = splsoftnet(); 144 error = key_parse(m, so); 145 m = NULL; 146 splx(s); 147end: 148 if (m) 149 m_freem(m); 150 return error; 151} 152 153/* 154 * send message to the socket. 155 */ 156static int 157key_sendup0( 158 struct rawcb *rp, 159 struct mbuf *m, 160 int promisc, 161 int sbprio 162) 163{ 164 int error; 165 int ok; 166 167 if (promisc) { 168 struct sadb_msg *pmsg; 169 170 M_PREPEND(m, sizeof(struct sadb_msg), M_DONTWAIT); 171 if (m && m->m_len < sizeof(struct sadb_msg)) 172 m = m_pullup(m, sizeof(struct sadb_msg)); 173 if (!m) { 174 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 175 return ENOBUFS; 176 } 177 m->m_pkthdr.len += sizeof(*pmsg); 178 179 pmsg = mtod(m, struct sadb_msg *); 180 memset(pmsg, 0, sizeof(*pmsg)); 181 pmsg->sadb_msg_version = PF_KEY_V2; 182 pmsg->sadb_msg_type = SADB_X_PROMISC; 183 pmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 184 /* pid and seq? */ 185 186 PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + pmsg->sadb_msg_type); 187 } 188 189 if (sbprio == 0) 190 ok = sbappendaddr(&rp->rcb_socket->so_rcv, 191 (struct sockaddr *)&key_src, m, NULL); 192 else 193 ok = sbappendaddrchain(&rp->rcb_socket->so_rcv, 194 (struct sockaddr *)&key_src, m, sbprio); 195 196 if (!ok) { 197 log(LOG_WARNING, 198 "%s: couldn't send PF_KEY message to the socket\n", 199 __func__); 200 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 201 m_freem(m); 202 error = ENOBUFS; 203 rp->rcb_socket->so_rcv.sb_overflowed++; 204 } else 205 error = 0; 206 sorwakeup(rp->rcb_socket); 207 return error; 208} 209 210/* XXX this interface should be obsoleted. */ 211int 212key_sendup(struct socket *so, struct sadb_msg *msg, u_int len, 213 int target) /*target of the resulting message*/ 214{ 215 struct mbuf *m, *n, *mprev; 216 int tlen; 217 218 KASSERT(so != NULL); 219 KASSERT(msg != NULL); 220 221 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) { 222 printf("key_sendup: \n"); 223 kdebug_sadb(msg); 224 } 225 226 /* 227 * we increment statistics here, just in case we have ENOBUFS 228 * in this function. 229 */ 230 { 231 uint64_t *ps = PFKEY_STAT_GETREF(); 232 ps[PFKEY_STAT_IN_TOTAL]++; 233 ps[PFKEY_STAT_IN_BYTES] += len; 234 ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]++; 235 PFKEY_STAT_PUTREF(); 236 } 237 238 /* 239 * Get mbuf chain whenever possible (not clusters), 240 * to save socket buffer. We'll be generating many SADB_ACQUIRE 241 * messages to listening key sockets. If we simply allocate clusters, 242 * sbappendaddr() will raise ENOBUFS due to too little sbspace(). 243 * sbspace() computes # of actual data bytes AND mbuf region. 244 * 245 * TODO: SADB_ACQUIRE filters should be implemented. 246 */ 247 tlen = len; 248 m = mprev = NULL; 249 while (tlen > 0) { 250 int mlen; 251 if (tlen == len) { 252 MGETHDR(n, M_DONTWAIT, MT_DATA); 253 mlen = MHLEN; 254 } else { 255 MGET(n, M_DONTWAIT, MT_DATA); 256 mlen = MLEN; 257 } 258 if (!n) { 259 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 260 return ENOBUFS; 261 } 262 n->m_len = mlen; 263 if (tlen >= MCLBYTES) { /*XXX better threshold? */ 264 MCLGET(n, M_DONTWAIT); 265 if ((n->m_flags & M_EXT) == 0) { 266 m_free(n); 267 m_freem(m); 268 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 269 return ENOBUFS; 270 } 271 n->m_len = MCLBYTES; 272 } 273 274 if (tlen < n->m_len) 275 n->m_len = tlen; 276 n->m_next = NULL; 277 if (m == NULL) 278 m = mprev = n; 279 else { 280 mprev->m_next = n; 281 mprev = n; 282 } 283 tlen -= n->m_len; 284 n = NULL; 285 } 286 m->m_pkthdr.len = len; 287 m_reset_rcvif(m); 288 m_copyback(m, 0, len, msg); 289 290 /* avoid duplicated statistics */ 291 { 292 uint64_t *ps = PFKEY_STAT_GETREF(); 293 ps[PFKEY_STAT_IN_TOTAL]--; 294 ps[PFKEY_STAT_IN_BYTES] -= len; 295 ps[PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type]--; 296 PFKEY_STAT_PUTREF(); 297 } 298 299 return key_sendup_mbuf(so, m, target); 300} 301 302/* so can be NULL if target != KEY_SENDUP_ONE */ 303static int 304_key_sendup_mbuf(struct socket *so, struct mbuf *m, 305 int target/*, sbprio */) 306{ 307 struct mbuf *n; 308 struct keycb *kp; 309 int sendup; 310 struct rawcb *rp; 311 int error = 0; 312 int sbprio = 0; /* XXX should be a parameter */ 313 314 KASSERT(m != NULL); 315 KASSERT(so != NULL || target != KEY_SENDUP_ONE); 316 317 /* 318 * RFC 2367 says ACQUIRE and other kernel-generated messages 319 * are special. We treat all KEY_SENDUP_REGISTERED messages 320 * as special, delivering them to all registered sockets 321 * even if the socket is at or above its so->so_rcv.sb_max limits. 322 * The only constraint is that the so_rcv data fall below 323 * key_registered_sb_max. 324 * Doing that check here avoids reworking every key_sendup_mbuf() 325 * in the short term. . The rework will be done after a technical 326 * conensus that this approach is appropriate. 327 */ 328 if (target == KEY_SENDUP_REGISTERED) { 329 sbprio = SB_PRIO_BESTEFFORT; 330 } 331 332 { 333 uint64_t *ps = PFKEY_STAT_GETREF(); 334 ps[PFKEY_STAT_IN_TOTAL]++; 335 ps[PFKEY_STAT_IN_BYTES] += m->m_pkthdr.len; 336 PFKEY_STAT_PUTREF(); 337 } 338 if (m->m_len < sizeof(struct sadb_msg)) { 339#if 1 340 m = m_pullup(m, sizeof(struct sadb_msg)); 341 if (m == NULL) { 342 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 343 return ENOBUFS; 344 } 345#else 346 /* don't bother pulling it up just for stats */ 347#endif 348 } 349 if (m->m_len >= sizeof(struct sadb_msg)) { 350 struct sadb_msg *msg; 351 msg = mtod(m, struct sadb_msg *); 352 PFKEY_STATINC(PFKEY_STAT_IN_MSGTYPE + msg->sadb_msg_type); 353 } 354 355 LIST_FOREACH(rp, &rawcb, rcb_list) 356 { 357 struct socket * kso = rp->rcb_socket; 358 if (rp->rcb_proto.sp_family != PF_KEY) 359 continue; 360 if (rp->rcb_proto.sp_protocol 361 && rp->rcb_proto.sp_protocol != PF_KEY_V2) { 362 continue; 363 } 364 365 kp = (struct keycb *)rp; 366 367 /* 368 * If you are in promiscuous mode, and when you get broadcasted 369 * reply, you'll get two PF_KEY messages. 370 * (based on pf_key@inner.net message on 14 Oct 1998) 371 */ 372 if (((struct keycb *)rp)->kp_promisc) { 373 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 374 (void)key_sendup0(rp, n, 1, 0); 375 n = NULL; 376 } 377 } 378 379 /* the exact target will be processed later */ 380 if (so && sotorawcb(so) == rp) 381 continue; 382 383 sendup = 0; 384 switch (target) { 385 case KEY_SENDUP_ONE: 386 /* the statement has no effect */ 387 if (so && sotorawcb(so) == rp) 388 sendup++; 389 break; 390 case KEY_SENDUP_ALL: 391 sendup++; 392 break; 393 case KEY_SENDUP_REGISTERED: 394 if (kp->kp_registered) { 395 if (kso->so_rcv.sb_cc <= key_registered_sb_max) 396 sendup++; 397 else 398 printf("keysock: " 399 "registered sendup dropped, " 400 "sb_cc %ld max %d\n", 401 kso->so_rcv.sb_cc, 402 key_registered_sb_max); 403 } 404 break; 405 } 406 PFKEY_STATINC(PFKEY_STAT_IN_MSGTARGET + target); 407 408 if (!sendup) 409 continue; 410 411 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { 412 m_freem(m); 413 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM); 414 return ENOBUFS; 415 } 416 417 if ((error = key_sendup0(rp, n, 0, 0)) != 0) { 418 m_freem(m); 419 return error; 420 } 421 422 n = NULL; 423 } 424 425 /* The 'later' time for processing the exact target has arrived */ 426 if (so) { 427 error = key_sendup0(sotorawcb(so), m, 0, sbprio); 428 m = NULL; 429 } else { 430 error = 0; 431 m_freem(m); 432 } 433 return error; 434} 435 436int 437key_sendup_mbuf(struct socket *so, struct mbuf *m, 438 int target/*, sbprio */) 439{ 440 int error; 441 442 if (so == NULL) 443 mutex_enter(key_so_mtx); 444 else 445 KASSERT(solocked(so)); 446 447 error = _key_sendup_mbuf(so, m, target); 448 449 if (so == NULL) 450 mutex_exit(key_so_mtx); 451 return error; 452} 453 454static int 455key_attach(struct socket *so, int proto) 456{ 457 struct keycb *kp; 458 int s, error; 459 460 KASSERT(sotorawcb(so) == NULL); 461 kp = kmem_zalloc(sizeof(*kp), KM_SLEEP); 462 kp->kp_raw.rcb_len = sizeof(*kp); 463 so->so_pcb = kp; 464 465 s = splsoftnet(); 466 467 KASSERT(so->so_lock == NULL); 468 mutex_obj_hold(key_so_mtx); 469 so->so_lock = key_so_mtx; 470 solock(so); 471 472 error = raw_attach(so, proto); 473 if (error) { 474 PFKEY_STATINC(PFKEY_STAT_SOCKERR); 475 kmem_free(kp, sizeof(*kp)); 476 so->so_pcb = NULL; 477 goto out; 478 } 479 480 kp->kp_promisc = kp->kp_registered = 0; 481 482 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ 483 key_cb.key_count++; 484 key_cb.any_count++; 485 kp->kp_raw.rcb_laddr = &key_src; 486 kp->kp_raw.rcb_faddr = &key_dst; 487 soisconnected(so); 488 so->so_options |= SO_USELOOPBACK; 489out: 490 KASSERT(solocked(so)); 491 splx(s); 492 return error; 493} 494 495static void 496key_detach(struct socket *so) 497{ 498 struct keycb *kp = (struct keycb *)sotorawcb(so); 499 int s; 500 501 KASSERT(!cpu_softintr_p()); 502 KASSERT(solocked(so)); 503 KASSERT(kp != NULL); 504 505 s = splsoftnet(); 506 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) /* XXX: AF_KEY */ 507 key_cb.key_count--; 508 key_cb.any_count--; 509 key_freereg(so); 510 raw_detach(so); 511 splx(s); 512} 513 514static int 515key_accept(struct socket *so, struct sockaddr *nam) 516{ 517 KASSERT(solocked(so)); 518 519 panic("key_accept"); 520 521 return EOPNOTSUPP; 522} 523 524static int 525key_bind(struct socket *so, struct sockaddr *nam, struct lwp *l) 526{ 527 KASSERT(solocked(so)); 528 529 return EOPNOTSUPP; 530} 531 532static int 533key_listen(struct socket *so, struct lwp *l) 534{ 535 KASSERT(solocked(so)); 536 537 return EOPNOTSUPP; 538} 539 540static int 541key_connect(struct socket *so, struct sockaddr *nam, struct lwp *l) 542{ 543 KASSERT(solocked(so)); 544 545 return EOPNOTSUPP; 546} 547 548static int 549key_connect2(struct socket *so, struct socket *so2) 550{ 551 KASSERT(solocked(so)); 552 553 return EOPNOTSUPP; 554} 555 556static int 557key_disconnect(struct socket *so) 558{ 559 struct rawcb *rp = sotorawcb(so); 560 int s; 561 562 KASSERT(solocked(so)); 563 KASSERT(rp != NULL); 564 565 s = splsoftnet(); 566 soisdisconnected(so); 567 raw_disconnect(rp); 568 splx(s); 569 570 return 0; 571} 572 573static int 574key_shutdown(struct socket *so) 575{ 576 int s; 577 578 KASSERT(solocked(so)); 579 580 /* 581 * Mark the connection as being incapable of further input. 582 */ 583 s = splsoftnet(); 584 socantsendmore(so); 585 splx(s); 586 587 return 0; 588} 589 590static int 591key_abort(struct socket *so) 592{ 593 KASSERT(solocked(so)); 594 595 panic("key_abort"); 596 597 return EOPNOTSUPP; 598} 599 600static int 601key_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp) 602{ 603 return EOPNOTSUPP; 604} 605 606static int 607key_stat(struct socket *so, struct stat *ub) 608{ 609 KASSERT(solocked(so)); 610 611 return 0; 612} 613 614static int 615key_peeraddr(struct socket *so, struct sockaddr *nam) 616{ 617 struct rawcb *rp = sotorawcb(so); 618 619 KASSERT(solocked(so)); 620 KASSERT(rp != NULL); 621 KASSERT(nam != NULL); 622 623 if (rp->rcb_faddr == NULL) 624 return ENOTCONN; 625 626 raw_setpeeraddr(rp, nam); 627 return 0; 628} 629 630static int 631key_sockaddr(struct socket *so, struct sockaddr *nam) 632{ 633 struct rawcb *rp = sotorawcb(so); 634 635 KASSERT(solocked(so)); 636 KASSERT(rp != NULL); 637 KASSERT(nam != NULL); 638 639 if (rp->rcb_faddr == NULL) 640 return ENOTCONN; 641 642 raw_setsockaddr(rp, nam); 643 return 0; 644} 645 646static int 647key_rcvd(struct socket *so, int flags, struct lwp *l) 648{ 649 KASSERT(solocked(so)); 650 651 return EOPNOTSUPP; 652} 653 654static int 655key_recvoob(struct socket *so, struct mbuf *m, int flags) 656{ 657 KASSERT(solocked(so)); 658 659 return EOPNOTSUPP; 660} 661 662static int 663key_send(struct socket *so, struct mbuf *m, struct sockaddr *nam, 664 struct mbuf *control, struct lwp *l) 665{ 666 int error = 0; 667 int s; 668 669 KASSERT(solocked(so)); 670 KASSERT(so->so_proto == &keysw[0]); 671 672 s = splsoftnet(); 673 error = raw_send(so, m, nam, control, l, &key_output); 674 splx(s); 675 676 return error; 677} 678 679static int 680key_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control) 681{ 682 KASSERT(solocked(so)); 683 684 m_freem(m); 685 m_freem(control); 686 687 return EOPNOTSUPP; 688} 689 690static int 691key_purgeif(struct socket *so, struct ifnet *ifa) 692{ 693 694 panic("key_purgeif"); 695 696 return EOPNOTSUPP; 697} 698 699/* 700 * Definitions of protocols supported in the KEY domain. 701 */ 702 703DOMAIN_DEFINE(keydomain); 704 705PR_WRAP_USRREQS(key) 706#define key_attach key_attach_wrapper 707#define key_detach key_detach_wrapper 708#define key_accept key_accept_wrapper 709#define key_bind key_bind_wrapper 710#define key_listen key_listen_wrapper 711#define key_connect key_connect_wrapper 712#define key_connect2 key_connect2_wrapper 713#define key_disconnect key_disconnect_wrapper 714#define key_shutdown key_shutdown_wrapper 715#define key_abort key_abort_wrapper 716#define key_ioctl key_ioctl_wrapper 717#define key_stat key_stat_wrapper 718#define key_peeraddr key_peeraddr_wrapper 719#define key_sockaddr key_sockaddr_wrapper 720#define key_rcvd key_rcvd_wrapper 721#define key_recvoob key_recvoob_wrapper 722#define key_send key_send_wrapper 723#define key_sendoob key_sendoob_wrapper 724#define key_purgeif key_purgeif_wrapper 725 726static const struct pr_usrreqs key_usrreqs = { 727 .pr_attach = key_attach, 728 .pr_detach = key_detach, 729 .pr_accept = key_accept, 730 .pr_bind = key_bind, 731 .pr_listen = key_listen, 732 .pr_connect = key_connect, 733 .pr_connect2 = key_connect2, 734 .pr_disconnect = key_disconnect, 735 .pr_shutdown = key_shutdown, 736 .pr_abort = key_abort, 737 .pr_ioctl = key_ioctl, 738 .pr_stat = key_stat, 739 .pr_peeraddr = key_peeraddr, 740 .pr_sockaddr = key_sockaddr, 741 .pr_rcvd = key_rcvd, 742 .pr_recvoob = key_recvoob, 743 .pr_send = key_send, 744 .pr_sendoob = key_sendoob, 745 .pr_purgeif = key_purgeif, 746}; 747 748static const struct protosw keysw[] = { 749 { 750 .pr_type = SOCK_RAW, 751 .pr_domain = &keydomain, 752 .pr_protocol = PF_KEY_V2, 753 .pr_flags = PR_ATOMIC|PR_ADDR, 754 .pr_ctlinput = raw_ctlinput, 755 .pr_usrreqs = &key_usrreqs, 756 .pr_init = raw_init, 757 } 758}; 759 760struct domain keydomain = { 761 .dom_family = PF_KEY, 762 .dom_name = "key", 763 .dom_init = key_init, 764 .dom_protosw = keysw, 765 .dom_protoswNPROTOSW = &keysw[__arraycount(keysw)], 766}; 767