41 #include <netlink-private/netlink.h> 42 #include <netlink/netlink.h> 43 #include <netlink/cache.h> 44 #include <netlink/object.h> 45 #include <netlink/xfrm/selector.h> 46 #include <netlink/xfrm/lifetime.h> 50 #define XFRM_SA_ATTR_SEL 0x01 51 #define XFRM_SA_ATTR_DADDR 0x02 52 #define XFRM_SA_ATTR_SPI 0x04 53 #define XFRM_SA_ATTR_PROTO 0x08 54 #define XFRM_SA_ATTR_SADDR 0x10 55 #define XFRM_SA_ATTR_LTIME_CFG 0x20 56 #define XFRM_SA_ATTR_LTIME_CUR 0x40 57 #define XFRM_SA_ATTR_STATS 0x80 58 #define XFRM_SA_ATTR_SEQ 0x100 59 #define XFRM_SA_ATTR_REQID 0x200 60 #define XFRM_SA_ATTR_FAMILY 0x400 61 #define XFRM_SA_ATTR_MODE 0x800 62 #define XFRM_SA_ATTR_REPLAY_WIN 0x1000 63 #define XFRM_SA_ATTR_FLAGS 0x2000 64 #define XFRM_SA_ATTR_ALG_AEAD 0x4000 65 #define XFRM_SA_ATTR_ALG_AUTH 0x8000 66 #define XFRM_SA_ATTR_ALG_CRYPT 0x10000 67 #define XFRM_SA_ATTR_ALG_COMP 0x20000 68 #define XFRM_SA_ATTR_ENCAP 0x40000 69 #define XFRM_SA_ATTR_TFCPAD 0x80000 70 #define XFRM_SA_ATTR_COADDR 0x100000 71 #define XFRM_SA_ATTR_MARK 0x200000 72 #define XFRM_SA_ATTR_SECCTX 0x400000 73 #define XFRM_SA_ATTR_REPLAY_MAXAGE 0x800000 74 #define XFRM_SA_ATTR_REPLAY_MAXDIFF 0x1000000 75 #define XFRM_SA_ATTR_REPLAY_STATE 0x2000000 76 #define XFRM_SA_ATTR_EXPIRE 0x4000000 78 static struct nl_cache_ops xfrmnl_sa_ops;
79 static struct nl_object_ops xfrm_sa_obj_ops;
82 static void xfrm_sa_alloc_data(
struct nl_object *c)
84 struct xfrmnl_sa* sa = nl_object_priv (c);
93 static void xfrm_sa_free_data(
struct nl_object *c)
95 struct xfrmnl_sa* sa = nl_object_priv (c);
100 xfrmnl_sel_put (sa->sel);
101 xfrmnl_ltime_cfg_put (sa->lft);
114 if (sa->encap->encap_oa)
122 if (sa->replay_state_esn)
123 free (sa->replay_state_esn);
126 static int xfrm_sa_clone(
struct nl_object *_dst,
struct nl_object *_src)
128 struct xfrmnl_sa* dst = nl_object_priv(_dst);
129 struct xfrmnl_sa* src = nl_object_priv(_src);
150 len =
sizeof (
struct xfrmnl_algo_aead) + ((src->aead->alg_key_len + 7) / 8);
151 if ((dst->aead = calloc (1, len)) == NULL)
153 memcpy ((
void *)dst->aead, (
void *)src->aead, len);
158 len =
sizeof (
struct xfrmnl_algo_auth) + ((src->auth->alg_key_len + 7) / 8);
159 if ((dst->auth = calloc (1, len)) == NULL)
161 memcpy ((
void *)dst->auth, (
void *)src->auth, len);
166 len =
sizeof (
struct xfrmnl_algo) + ((src->crypt->alg_key_len + 7) / 8);
167 if ((dst->crypt = calloc (1, len)) == NULL)
169 memcpy ((
void *)dst->crypt, (
void *)src->crypt, len);
174 len =
sizeof (
struct xfrmnl_algo) + ((src->comp->alg_key_len + 7) / 8);
175 if ((dst->comp = calloc (1, len)) == NULL)
177 memcpy ((
void *)dst->comp, (
void *)src->comp, len);
182 len =
sizeof (
struct xfrmnl_encap_tmpl);
183 if ((dst->encap = calloc (1, len)) == NULL)
185 memcpy ((
void *)dst->encap, (
void *)src->encap, len);
194 len =
sizeof (*src->sec_ctx) + src->sec_ctx->ctx_len;
195 if ((dst->sec_ctx = calloc (1, len)) == NULL)
197 memcpy ((
void *)dst->sec_ctx, (
void *)src->sec_ctx, len);
200 if (src->replay_state_esn)
202 len =
sizeof (
struct xfrmnl_replay_state_esn) + (src->replay_state_esn->bmp_len *
sizeof (uint32_t));
203 if ((dst->replay_state_esn = calloc (1, len)) == NULL)
205 memcpy ((
void *)dst->replay_state_esn, (
void *)src->replay_state_esn, len);
211 static uint64_t xfrm_sa_compare(
struct nl_object *_a,
struct nl_object *_b,
212 uint64_t attrs,
int flags)
214 struct xfrmnl_sa* a = (
struct xfrmnl_sa *) _a;
215 struct xfrmnl_sa* b = (
struct xfrmnl_sa *) _b;
219 #define XFRM_SA_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_SA_ATTR_##ATTR, a, b, EXPR) 221 diff |= XFRM_SA_DIFF(DADDR,
nl_addr_cmp(a->id.daddr, b->id.daddr));
222 diff |= XFRM_SA_DIFF(SPI, a->id.spi != b->id.spi);
223 diff |= XFRM_SA_DIFF(PROTO, a->id.proto != b->id.proto);
224 diff |= XFRM_SA_DIFF(SADDR,
nl_addr_cmp(a->saddr, b->saddr));
226 diff |= XFRM_SA_DIFF(REQID, a->reqid != b->reqid);
227 diff |= XFRM_SA_DIFF(FAMILY,a->family != b->family);
228 diff |= XFRM_SA_DIFF(MODE,a->mode != b->mode);
229 diff |= XFRM_SA_DIFF(REPLAY_WIN,a->replay_window != b->replay_window);
230 diff |= XFRM_SA_DIFF(FLAGS,a->flags != b->flags);
231 diff |= XFRM_SA_DIFF(ALG_AEAD,(strcmp(a->aead->alg_name, b->aead->alg_name) ||
232 (a->aead->alg_key_len != b->aead->alg_key_len) ||
233 (a->aead->alg_icv_len != b->aead->alg_icv_len) ||
234 memcmp(a->aead->alg_key, b->aead->alg_key,
235 ((a->aead->alg_key_len + 7)/8))));
236 diff |= XFRM_SA_DIFF(ALG_AUTH,(strcmp(a->auth->alg_name, b->auth->alg_name) ||
237 (a->auth->alg_key_len != b->auth->alg_key_len) ||
238 (a->auth->alg_trunc_len != b->auth->alg_trunc_len) ||
239 memcmp(a->auth->alg_key, b->auth->alg_key,
240 ((a->auth->alg_key_len + 7)/8))));
241 diff |= XFRM_SA_DIFF(ALG_CRYPT,(strcmp(a->crypt->alg_name, b->crypt->alg_name) ||
242 (a->crypt->alg_key_len != b->crypt->alg_key_len) ||
243 memcmp(a->crypt->alg_key, b->crypt->alg_key,
244 ((a->crypt->alg_key_len + 7)/8))));
245 diff |= XFRM_SA_DIFF(ALG_COMP,(strcmp(a->comp->alg_name, b->comp->alg_name) ||
246 (a->comp->alg_key_len != b->comp->alg_key_len) ||
247 memcmp(a->comp->alg_key, b->comp->alg_key,
248 ((a->comp->alg_key_len + 7)/8))));
249 diff |= XFRM_SA_DIFF(ENCAP,((a->encap->encap_type != b->encap->encap_type) ||
250 (a->encap->encap_sport != b->encap->encap_sport) ||
251 (a->encap->encap_dport != b->encap->encap_dport) ||
252 nl_addr_cmp(a->encap->encap_oa, b->encap->encap_oa)));
253 diff |= XFRM_SA_DIFF(TFCPAD,a->tfcpad != b->tfcpad);
254 diff |= XFRM_SA_DIFF(COADDR,
nl_addr_cmp(a->coaddr, b->coaddr));
255 diff |= XFRM_SA_DIFF(MARK,(a->mark.m != b->mark.m) ||
256 (a->mark.v != b->mark.v));
257 diff |= XFRM_SA_DIFF(SECCTX,((a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
258 (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
259 (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
260 strcmp(a->sec_ctx->ctx, b->sec_ctx->ctx)));
261 diff |= XFRM_SA_DIFF(REPLAY_MAXAGE,a->replay_maxage != b->replay_maxage);
262 diff |= XFRM_SA_DIFF(REPLAY_MAXDIFF,a->replay_maxdiff != b->replay_maxdiff);
263 diff |= XFRM_SA_DIFF(EXPIRE,a->hard != b->hard);
266 found = AVAILABLE_MISMATCH (a, b, XFRM_SA_ATTR_REPLAY_STATE);
269 if (((a->replay_state_esn != NULL) && (b->replay_state_esn == NULL)) ||
270 ((a->replay_state_esn == NULL) && (b->replay_state_esn != NULL)))
275 if (a->replay_state_esn)
277 if (a->replay_state_esn->bmp_len != b->replay_state_esn->bmp_len)
281 uint32_t len =
sizeof (
struct xfrmnl_replay_state_esn) +
282 (a->replay_state_esn->bmp_len *
sizeof (uint32_t));
283 diff |= memcmp (a->replay_state_esn, b->replay_state_esn, len);
288 if ((a->replay_state.oseq != b->replay_state.oseq) ||
289 (a->replay_state.seq != b->replay_state.seq) ||
290 (a->replay_state.bitmap != b->replay_state.bitmap))
304 static const struct trans_tbl sa_attrs[] = {
305 __ADD(XFRM_SA_ATTR_SEL, selector),
306 __ADD(XFRM_SA_ATTR_DADDR, daddr),
307 __ADD(XFRM_SA_ATTR_SPI, spi),
308 __ADD(XFRM_SA_ATTR_PROTO, proto),
309 __ADD(XFRM_SA_ATTR_SADDR, saddr),
310 __ADD(XFRM_SA_ATTR_LTIME_CFG, lifetime_cfg),
311 __ADD(XFRM_SA_ATTR_LTIME_CUR, lifetime_cur),
312 __ADD(XFRM_SA_ATTR_STATS, stats),
313 __ADD(XFRM_SA_ATTR_SEQ, seqnum),
314 __ADD(XFRM_SA_ATTR_REQID, reqid),
315 __ADD(XFRM_SA_ATTR_FAMILY, family),
316 __ADD(XFRM_SA_ATTR_MODE, mode),
317 __ADD(XFRM_SA_ATTR_REPLAY_WIN, replay_window),
318 __ADD(XFRM_SA_ATTR_FLAGS, flags),
319 __ADD(XFRM_SA_ATTR_ALG_AEAD, alg_aead),
320 __ADD(XFRM_SA_ATTR_ALG_AUTH, alg_auth),
321 __ADD(XFRM_SA_ATTR_ALG_CRYPT, alg_crypto),
322 __ADD(XFRM_SA_ATTR_ALG_COMP, alg_comp),
323 __ADD(XFRM_SA_ATTR_ENCAP, encap),
324 __ADD(XFRM_SA_ATTR_TFCPAD, tfcpad),
325 __ADD(XFRM_SA_ATTR_COADDR, coaddr),
326 __ADD(XFRM_SA_ATTR_MARK, mark),
327 __ADD(XFRM_SA_ATTR_SECCTX, sec_ctx),
328 __ADD(XFRM_SA_ATTR_REPLAY_MAXAGE, replay_maxage),
329 __ADD(XFRM_SA_ATTR_REPLAY_MAXDIFF, replay_maxdiff),
330 __ADD(XFRM_SA_ATTR_REPLAY_STATE, replay_state),
331 __ADD(XFRM_SA_ATTR_EXPIRE, expire),
334 static char* xfrm_sa_attrs2str(
int attrs,
char *buf,
size_t len)
336 return __flags2str (attrs, buf, len, sa_attrs, ARRAY_SIZE(sa_attrs));
344 static const struct trans_tbl sa_flags[] = {
345 __ADD(XFRM_STATE_NOECN, no ecn),
346 __ADD(XFRM_STATE_DECAP_DSCP, decap dscp),
347 __ADD(XFRM_STATE_NOPMTUDISC, no pmtu discovery),
348 __ADD(XFRM_STATE_WILDRECV, wild receive),
349 __ADD(XFRM_STATE_ICMP, icmp),
350 __ADD(XFRM_STATE_AF_UNSPEC, unspecified),
351 __ADD(XFRM_STATE_ALIGN4, align4),
352 __ADD(XFRM_STATE_ESN, esn),
355 char* xfrmnl_sa_flags2str(
int flags,
char *buf,
size_t len)
357 return __flags2str (flags, buf, len, sa_flags, ARRAY_SIZE(sa_flags));
360 int xfrmnl_sa_str2flag(
const char *name)
362 return __str2flags (name, sa_flags, ARRAY_SIZE(sa_flags));
370 static const struct trans_tbl sa_modes[] = {
371 __ADD(XFRM_MODE_TRANSPORT, transport),
372 __ADD(XFRM_MODE_TUNNEL, tunnel),
373 __ADD(XFRM_MODE_ROUTEOPTIMIZATION, route optimization),
374 __ADD(XFRM_MODE_IN_TRIGGER, in trigger),
375 __ADD(XFRM_MODE_BEET, beet),
378 char* xfrmnl_sa_mode2str(
int mode,
char *buf,
size_t len)
380 return __type2str (mode, buf, len, sa_modes, ARRAY_SIZE(sa_modes));
383 int xfrmnl_sa_str2mode(
const char *name)
385 return __str2type (name, sa_modes, ARRAY_SIZE(sa_modes));
390 static void xfrm_sa_dump_line(
struct nl_object *a,
struct nl_dump_params *p)
392 char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
393 struct xfrmnl_sa* sa = (
struct xfrmnl_sa *) a;
394 char flags[128], mode[128];
395 time_t add_time, use_time;
396 struct tm *add_time_tm, *use_time_tm;
398 nl_dump_line(p,
"src %s dst %s family: %s\n",
nl_addr2str(sa->saddr, src,
sizeof(src)),
400 nl_af2str (sa->family, flags, sizeof (flags)));
402 nl_dump_line(p,
"\tproto %s spi 0x%x reqid %u\n",
403 nl_ip_proto2str (sa->id.proto, flags,
sizeof(flags)),
404 sa->id.spi, sa->reqid);
406 xfrmnl_sa_flags2str(sa->flags, flags, sizeof (flags));
407 xfrmnl_sa_mode2str(sa->mode, mode, sizeof (mode));
408 nl_dump_line(p,
"\tmode: %s flags: %s (0x%x) seq: %u replay window: %u\n",
409 mode, flags, sa->flags, sa->seq, sa->replay_window);
411 nl_dump_line(p,
"\tlifetime configuration: \n");
412 if (sa->lft->soft_byte_limit == XFRM_INF)
413 sprintf (flags,
"INF");
415 sprintf (flags,
"%" PRIu64, sa->lft->soft_byte_limit);
416 if (sa->lft->soft_packet_limit == XFRM_INF)
417 sprintf (mode,
"INF");
419 sprintf (mode,
"%" PRIu64, sa->lft->soft_packet_limit);
420 nl_dump_line(p,
"\t\tsoft limit: %s (bytes), %s (packets)\n", flags, mode);
421 if (sa->lft->hard_byte_limit == XFRM_INF)
422 sprintf (flags,
"INF");
424 sprintf (flags,
"%" PRIu64, sa->lft->hard_byte_limit);
425 if (sa->lft->hard_packet_limit == XFRM_INF)
426 sprintf (mode,
"INF");
428 sprintf (mode,
"%" PRIu64, sa->lft->hard_packet_limit);
429 nl_dump_line(p,
"\t\thard limit: %s (bytes), %s (packets)\n", flags, mode);
430 nl_dump_line(p,
"\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
431 sa->lft->soft_add_expires_seconds, sa->lft->soft_use_expires_seconds);
432 nl_dump_line(p,
"\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
433 sa->lft->hard_add_expires_seconds, sa->lft->hard_use_expires_seconds);
435 nl_dump_line(p,
"\tlifetime current: \n");
436 nl_dump_line(p,
"\t\t%llu bytes, %llu packets\n", sa->curlft.bytes, sa->curlft.packets);
437 if (sa->curlft.add_time != 0)
439 add_time = sa->curlft.add_time;
440 add_time_tm = gmtime (&add_time);
441 strftime (flags, 128,
"%Y-%m-%d %H-%M-%S", add_time_tm);
445 sprintf (flags,
"%s",
"-");
448 if (sa->curlft.use_time != 0)
450 use_time = sa->curlft.use_time;
451 use_time_tm = gmtime (&use_time);
452 strftime (mode, 128,
"%Y-%m-%d %H-%M-%S", use_time_tm);
456 sprintf (mode,
"%s",
"-");
458 nl_dump_line(p,
"\t\tadd_time: %s, use_time: %s\n", flags, mode);
462 nl_dump_line(p,
"\tAEAD Algo: \n");
463 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u ICV Len(bits): %u\n",
464 sa->aead->alg_name, sa->aead->alg_key_len, sa->aead->alg_icv_len);
469 nl_dump_line(p,
"\tAuth Algo: \n");
470 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u Trunc len(bits): %u\n",
471 sa->auth->alg_name, sa->auth->alg_key_len, sa->auth->alg_trunc_len);
476 nl_dump_line(p,
"\tEncryption Algo: \n");
477 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u\n",
478 sa->crypt->alg_name, sa->crypt->alg_key_len);
483 nl_dump_line(p,
"\tCompression Algo: \n");
484 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u\n",
485 sa->comp->alg_name, sa->comp->alg_key_len);
490 nl_dump_line(p,
"\tEncapsulation template: \n");
491 nl_dump_line(p,
"\t\tType: %d Src port: %d Dst port: %d Encap addr: %s\n",
492 sa->encap->encap_type, sa->encap->encap_sport, sa->encap->encap_dport,
493 nl_addr2str (sa->encap->encap_oa, dst, sizeof (dst)));
496 if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
497 nl_dump_line(p,
"\tTFC Pad: %u\n", sa->tfcpad);
499 if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
500 nl_dump_line(p,
"\tCO Address: %s\n",
nl_addr2str (sa->coaddr, dst, sizeof (dst)));
502 if (sa->ce_mask & XFRM_SA_ATTR_MARK)
503 nl_dump_line(p,
"\tMark mask: 0x%x Mark value: 0x%x\n", sa->mark.m, sa->mark.v);
505 if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
506 nl_dump_line(p,
"\tDOI: %d Algo: %d Len: %u ctx: %s\n", sa->sec_ctx->ctx_doi,
507 sa->sec_ctx->ctx_alg, sa->sec_ctx->ctx_len, sa->sec_ctx->ctx);
509 nl_dump_line(p,
"\treplay info: \n");
510 nl_dump_line(p,
"\t\tmax age %u max diff %u \n", sa->replay_maxage, sa->replay_maxdiff);
512 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
514 nl_dump_line(p,
"\treplay state info: \n");
515 if (sa->replay_state_esn)
517 nl_dump_line(p,
"\t\toseq %u seq %u oseq_hi %u seq_hi %u replay window: %u \n",
518 sa->replay_state_esn->oseq, sa->replay_state_esn->seq,
519 sa->replay_state_esn->oseq_hi, sa->replay_state_esn->seq_hi,
520 sa->replay_state_esn->replay_window);
524 nl_dump_line(p,
"\t\toseq %u seq %u bitmap: %u \n", sa->replay_state.oseq,
525 sa->replay_state.seq, sa->replay_state.bitmap);
529 nl_dump_line(p,
"\tselector info: \n");
530 xfrmnl_sel_dump (sa->sel, p);
532 nl_dump_line(p,
"\tHard: %d\n", sa->hard);
537 static void xfrm_sa_dump_stats(
struct nl_object *a,
struct nl_dump_params *p)
539 struct xfrmnl_sa* sa = (
struct xfrmnl_sa*)a;
541 nl_dump_line(p,
"\tstats: \n");
542 nl_dump_line(p,
"\t\treplay window: %u replay: %u integrity failed: %u \n",
543 sa->stats.replay_window, sa->stats.replay, sa->stats.integrity_failed);
548 static void xfrm_sa_dump_details(
struct nl_object *a,
struct nl_dump_params *p)
550 xfrm_sa_dump_line(a, p);
551 xfrm_sa_dump_stats (a, p);
559 struct xfrmnl_sa* xfrmnl_sa_alloc(
void)
564 void xfrmnl_sa_put(
struct xfrmnl_sa* sa)
586 int xfrmnl_sa_alloc_cache(
struct nl_sock *sock,
struct nl_cache **result)
599 struct xfrmnl_sa* xfrmnl_sa_get(
struct nl_cache* cache,
struct nl_addr* daddr,
600 unsigned int spi,
unsigned int proto)
602 struct xfrmnl_sa *sa;
609 if (sa->id.proto == proto &&
626 static struct nla_policy xfrm_sa_policy[XFRMA_MAX+1] = {
627 [XFRMA_SA] = { .
minlen =
sizeof(
struct xfrm_usersa_info)},
628 [XFRMA_ALG_AUTH_TRUNC] = { .minlen =
sizeof(
struct xfrm_algo_auth)},
629 [XFRMA_ALG_AEAD] = { .minlen =
sizeof(
struct xfrm_algo_aead) },
630 [XFRMA_ALG_AUTH] = { .minlen =
sizeof(
struct xfrm_algo) },
631 [XFRMA_ALG_CRYPT] = { .minlen =
sizeof(
struct xfrm_algo) },
632 [XFRMA_ALG_COMP] = { .minlen =
sizeof(
struct xfrm_algo) },
633 [XFRMA_ENCAP] = { .minlen =
sizeof(
struct xfrm_encap_tmpl) },
634 [XFRMA_TMPL] = { .minlen =
sizeof(
struct xfrm_user_tmpl) },
635 [XFRMA_SEC_CTX] = { .minlen =
sizeof(
struct xfrm_sec_ctx) },
636 [XFRMA_LTIME_VAL] = { .minlen =
sizeof(
struct xfrm_lifetime_cur) },
637 [XFRMA_REPLAY_VAL] = { .minlen =
sizeof(
struct xfrm_replay_state) },
638 [XFRMA_REPLAY_THRESH] = { .type =
NLA_U32 },
639 [XFRMA_ETIMER_THRESH] = { .type =
NLA_U32 },
640 [XFRMA_SRCADDR] = { .minlen =
sizeof(xfrm_address_t) },
641 [XFRMA_COADDR] = { .minlen =
sizeof(xfrm_address_t) },
642 [XFRMA_MARK] = { .minlen =
sizeof(
struct xfrm_mark) },
643 [XFRMA_TFCPAD] = { .type =
NLA_U32 },
644 [XFRMA_REPLAY_ESN_VAL] = { .minlen =
sizeof(
struct xfrm_replay_state_esn) },
647 static int xfrm_sa_request_update(
struct nl_cache *c,
struct nl_sock *h)
649 struct xfrm_id sa_id;
651 memset (&sa_id, 0,
sizeof (sa_id));
653 &sa_id,
sizeof (sa_id));
656 int xfrmnl_sa_parse(
struct nlmsghdr *n,
struct xfrmnl_sa **result)
658 struct xfrmnl_sa* sa;
659 struct nlattr *tb[XFRMA_MAX + 1];
660 struct xfrm_usersa_info* sa_info;
661 struct xfrm_user_expire* ue;
663 struct nl_addr* addr;
665 sa = xfrmnl_sa_alloc();
671 sa->ce_msgtype = n->nlmsg_type;
672 if (n->nlmsg_type == XFRM_MSG_EXPIRE)
675 sa_info = &ue->state;
677 sa->ce_mask |= XFRM_SA_ATTR_EXPIRE;
679 else if (n->nlmsg_type == XFRM_MSG_DELSA)
681 sa_info = (
struct xfrm_usersa_info*)(
nlmsg_data(n) +
sizeof (
struct xfrm_usersa_id) + NLA_HDRLEN);
688 err =
nlmsg_parse(n,
sizeof(
struct xfrm_usersa_info), tb, XFRMA_MAX, xfrm_sa_policy);
692 if (sa_info->sel.family == AF_INET)
693 addr =
nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4));
695 addr =
nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6));
697 xfrmnl_sel_set_daddr (sa->sel, addr);
698 xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d);
700 if (sa_info->sel.family == AF_INET)
701 addr =
nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4));
703 addr =
nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6));
705 xfrmnl_sel_set_saddr (sa->sel, addr);
706 xfrmnl_sel_set_prefixlen_s (sa->sel, sa_info->sel.prefixlen_s);
708 xfrmnl_sel_set_dport (sa->sel, ntohs(sa_info->sel.dport));
709 xfrmnl_sel_set_dportmask (sa->sel, ntohs(sa_info->sel.dport_mask));
710 xfrmnl_sel_set_sport (sa->sel, ntohs(sa_info->sel.sport));
711 xfrmnl_sel_set_sportmask (sa->sel, ntohs(sa_info->sel.sport_mask));
712 xfrmnl_sel_set_family (sa->sel, sa_info->sel.family);
713 xfrmnl_sel_set_proto (sa->sel, sa_info->sel.proto);
714 xfrmnl_sel_set_ifindex (sa->sel, sa_info->sel.ifindex);
715 xfrmnl_sel_set_userid (sa->sel, sa_info->sel.user);
716 sa->ce_mask |= XFRM_SA_ATTR_SEL;
718 if (sa_info->family == AF_INET)
719 sa->id.daddr =
nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4));
721 sa->id.daddr =
nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6));
722 sa->id.spi = ntohl(sa_info->id.spi);
723 sa->id.proto = sa_info->id.proto;
724 sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO);
726 if (sa_info->family == AF_INET)
727 sa->saddr =
nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4));
729 sa->saddr =
nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6));
730 sa->ce_mask |= XFRM_SA_ATTR_SADDR;
732 sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit;
733 sa->lft->hard_byte_limit = sa_info->lft.hard_byte_limit;
734 sa->lft->soft_packet_limit = sa_info->lft.soft_packet_limit;
735 sa->lft->hard_packet_limit = sa_info->lft.hard_packet_limit;
736 sa->lft->soft_add_expires_seconds = sa_info->lft.soft_add_expires_seconds;
737 sa->lft->hard_add_expires_seconds = sa_info->lft.hard_add_expires_seconds;
738 sa->lft->soft_use_expires_seconds = sa_info->lft.soft_use_expires_seconds;
739 sa->lft->hard_use_expires_seconds = sa_info->lft.hard_use_expires_seconds;
740 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
742 sa->curlft.bytes = sa_info->curlft.bytes;
743 sa->curlft.packets = sa_info->curlft.packets;
744 sa->curlft.add_time = sa_info->curlft.add_time;
745 sa->curlft.use_time = sa_info->curlft.use_time;
746 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CUR;
748 sa->stats.replay_window = sa_info->stats.replay_window;
749 sa->stats.replay = sa_info->stats.replay;
750 sa->stats.integrity_failed = sa_info->stats.integrity_failed;
751 sa->ce_mask |= XFRM_SA_ATTR_STATS;
753 sa->seq = sa_info->seq;
754 sa->reqid = sa_info->reqid;
755 sa->family = sa_info->family;
756 sa->mode = sa_info->mode;
757 sa->replay_window = sa_info->replay_window;
758 sa->flags = sa_info->flags;
759 sa->ce_mask |= (XFRM_SA_ATTR_SEQ | XFRM_SA_ATTR_REQID |
760 XFRM_SA_ATTR_FAMILY | XFRM_SA_ATTR_MODE |
761 XFRM_SA_ATTR_REPLAY_WIN | XFRM_SA_ATTR_FLAGS);
763 if (tb[XFRMA_ALG_AEAD]) {
764 struct xfrm_algo_aead* aead =
nla_data(tb[XFRMA_ALG_AEAD]);
765 len =
sizeof (
struct xfrmnl_algo_aead) + ((aead->alg_key_len + 7) / 8);
766 if ((sa->aead = calloc (1, len)) == NULL)
771 memcpy ((
void *)sa->aead, (
void *)aead, len);
772 sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
775 if (tb[XFRMA_ALG_AUTH_TRUNC]) {
776 struct xfrm_algo_auth* auth =
nla_data(tb[XFRMA_ALG_AUTH_TRUNC]);
777 len =
sizeof (
struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
778 if ((sa->auth = calloc (1, len)) == NULL)
783 memcpy ((
void *)sa->auth, (
void *)auth, len);
784 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
787 if (tb[XFRMA_ALG_AUTH] && !sa->auth) {
788 struct xfrm_algo* auth =
nla_data(tb[XFRMA_ALG_AUTH]);
789 len =
sizeof (
struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
790 if ((sa->auth = calloc (1, len)) == NULL)
795 strcpy(sa->auth->alg_name, auth->alg_name);
796 memcpy(sa->auth->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
797 sa->auth->alg_key_len = auth->alg_key_len;
798 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
801 if (tb[XFRMA_ALG_CRYPT]) {
802 struct xfrm_algo* crypt =
nla_data(tb[XFRMA_ALG_CRYPT]);
803 len =
sizeof (
struct xfrmnl_algo) + ((crypt->alg_key_len + 7) / 8);
804 if ((sa->crypt = calloc (1, len)) == NULL)
809 memcpy ((
void *)sa->crypt, (
void *)crypt, len);
810 sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
813 if (tb[XFRMA_ALG_COMP]) {
814 struct xfrm_algo* comp =
nla_data(tb[XFRMA_ALG_COMP]);
815 len =
sizeof (
struct xfrmnl_algo) + ((comp->alg_key_len + 7) / 8);
816 if ((sa->comp = calloc (1, len)) == NULL)
821 memcpy ((
void *)sa->comp, (
void *)comp, len);
822 sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
825 if (tb[XFRMA_ENCAP]) {
826 struct xfrm_encap_tmpl* encap =
nla_data(tb[XFRMA_ENCAP]);
827 len =
sizeof (
struct xfrmnl_encap_tmpl);
828 if ((sa->encap = calloc (1, len)) == NULL)
833 sa->encap->encap_type = encap->encap_type;
834 sa->encap->encap_sport = ntohs(encap->encap_sport);
835 sa->encap->encap_dport = ntohs(encap->encap_dport);
836 if (sa_info->family == AF_INET)
837 sa->encap->encap_oa =
nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4));
839 sa->encap->encap_oa =
nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6));
840 sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
843 if (tb[XFRMA_TFCPAD]) {
844 sa->tfcpad = *(uint32_t*)
nla_data(tb[XFRMA_TFCPAD]);
845 sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
848 if (tb[XFRMA_COADDR]) {
849 if (sa_info->family == AF_INET)
857 sizeof (uint32_t) * 4);
859 sa->ce_mask |= XFRM_SA_ATTR_COADDR;
862 if (tb[XFRMA_MARK]) {
863 struct xfrm_mark* m =
nla_data(tb[XFRMA_MARK]);
866 sa->ce_mask |= XFRM_SA_ATTR_MARK;
869 if (tb[XFRMA_SEC_CTX]) {
870 struct xfrm_user_sec_ctx* sec_ctx =
nla_data(tb[XFRMA_SEC_CTX]);
871 len =
sizeof (
struct xfrmnl_user_sec_ctx) + sec_ctx->ctx_len;
872 if ((sa->sec_ctx = calloc (1, len)) == NULL)
877 memcpy (sa->sec_ctx, sec_ctx, len);
878 sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
881 if (tb[XFRMA_ETIMER_THRESH]) {
882 sa->replay_maxage = *(uint32_t*)
nla_data(tb[XFRMA_ETIMER_THRESH]);
883 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
886 if (tb[XFRMA_REPLAY_THRESH]) {
887 sa->replay_maxdiff = *(uint32_t*)
nla_data(tb[XFRMA_REPLAY_THRESH]);
888 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
891 if (tb[XFRMA_REPLAY_ESN_VAL]) {
892 struct xfrm_replay_state_esn* esn =
nla_data (tb[XFRMA_REPLAY_ESN_VAL]);
893 len =
sizeof (
struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * esn->bmp_len);
894 if ((sa->replay_state_esn = calloc (1, len)) == NULL)
899 memcpy ((
void *)sa->replay_state_esn, (
void *)esn, len);
900 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
902 else if (tb[XFRMA_REPLAY_VAL])
904 struct xfrm_replay_state* replay_state =
nla_data (tb[XFRMA_REPLAY_VAL]);
905 sa->replay_state.oseq = replay_state->oseq;
906 sa->replay_state.seq = replay_state->seq;
907 sa->replay_state.bitmap = replay_state->bitmap;
908 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
909 sa->replay_state_esn = NULL;
920 static int xfrm_sa_update_cache (
struct nl_cache *cache,
struct nl_object *obj,
921 change_func_t change_cb, change_func_v2_t change_cb_v2,
924 struct nl_object* old_sa;
925 struct xfrmnl_sa* sa = (
struct xfrmnl_sa*)obj;
956 change_cb_v2(cache, NULL, obj, 0, NL_ACT_NEW, data);
958 change_cb(cache, obj, NL_ACT_NEW, data);
963 if (change_cb || change_cb_v2)
970 change_cb_v2(cache, old_sa, obj, diff, NL_ACT_CHANGE, data);
971 }
else if (change_cb)
972 change_cb(cache, obj, NL_ACT_CHANGE, data);
982 change_cb_v2(cache, obj, NULL, 0, NL_ACT_DEL, data);
984 change_cb (cache, obj, NL_ACT_DEL, data);
996 return nl_cache_include_v2(cache, obj, change_cb_v2, data);
998 return nl_cache_include (cache, obj, change_cb, data);
1002 static int xfrm_sa_msg_parser(
struct nl_cache_ops *ops,
struct sockaddr_nl *who,
1003 struct nlmsghdr *n,
struct nl_parser_param *pp)
1005 struct xfrmnl_sa* sa;
1008 if ((err = xfrmnl_sa_parse(n, &sa)) < 0)
1011 err = pp->pp_cb((
struct nl_object *) sa, pp);
1022 int xfrmnl_sa_build_get_request(
struct nl_addr* daddr,
unsigned int spi,
unsigned int protocol,
unsigned int mark_v,
unsigned int mark_m,
struct nl_msg **result)
1025 struct xfrm_usersa_id sa_id;
1026 struct xfrm_mark mark;
1030 fprintf(stderr,
"APPLICATION BUG: %s:%d:%s: A valid destination address, spi must be specified\n",
1031 __FILE__, __LINE__, __PRETTY_FUNCTION__);
1033 return -NLE_MISSING_ATTR;
1036 memset(&sa_id, 0,
sizeof(sa_id));
1039 sa_id.spi = htonl(spi);
1040 sa_id.proto = protocol;
1045 if (
nlmsg_append(msg, &sa_id,
sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1046 goto nla_put_failure;
1048 if ((mark_m & mark_v) != 0)
1050 memset(&mark, 0,
sizeof(
struct xfrm_mark));
1054 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &mark);
1062 return -NLE_MSGSIZE;
1065 int xfrmnl_sa_get_kernel(
struct nl_sock* sock,
struct nl_addr* daddr,
unsigned int spi,
unsigned int protocol,
unsigned int mark_v,
unsigned int mark_m,
struct xfrmnl_sa** result)
1067 struct nl_msg *msg = NULL;
1068 struct nl_object *obj;
1071 if ((err = xfrmnl_sa_build_get_request(daddr, spi, protocol, mark_m, mark_v, &msg)) < 0)
1079 if ((err =
nl_pickup(sock, &xfrm_sa_msg_parser, &obj)) < 0)
1083 *result = (
struct xfrmnl_sa *) obj;
1086 if (err == 0 && obj)
1094 static int build_xfrm_sa_message(
struct xfrmnl_sa *tmpl,
int cmd,
int flags,
struct nl_msg **result)
1097 struct xfrm_usersa_info sa_info;
1099 struct nl_addr* addr;
1101 if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1102 !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1103 !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1104 return -NLE_MISSING_ATTR;
1106 memset ((
void*)&sa_info, 0,
sizeof (sa_info));
1107 if (tmpl->ce_mask & XFRM_SA_ATTR_SEL)
1109 addr = xfrmnl_sel_get_daddr (tmpl->sel);
1111 addr = xfrmnl_sel_get_saddr (tmpl->sel);
1113 sa_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
1114 sa_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
1115 sa_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
1116 sa_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
1117 sa_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
1118 sa_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
1119 sa_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
1120 sa_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
1121 sa_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
1122 sa_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
1126 sa_info.id.spi = htonl(tmpl->id.spi);
1127 sa_info.id.proto = tmpl->id.proto;
1129 if (tmpl->ce_mask & XFRM_SA_ATTR_SADDR)
1132 if (tmpl->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1134 sa_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
1135 sa_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
1136 sa_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
1137 sa_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
1138 sa_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
1139 sa_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
1140 sa_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
1141 sa_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
1148 if (tmpl->ce_mask & XFRM_SA_ATTR_REQID)
1149 sa_info.reqid = tmpl->reqid;
1151 if (tmpl->ce_mask & XFRM_SA_ATTR_FAMILY)
1152 sa_info.family = tmpl->family;
1154 if (tmpl->ce_mask & XFRM_SA_ATTR_MODE)
1155 sa_info.mode = tmpl->mode;
1157 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1158 sa_info.replay_window = tmpl->replay_window;
1160 if (tmpl->ce_mask & XFRM_SA_ATTR_FLAGS)
1161 sa_info.flags = tmpl->flags;
1167 if (
nlmsg_append(msg, &sa_info,
sizeof(sa_info), NLMSG_ALIGNTO) < 0)
1168 goto nla_put_failure;
1170 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AEAD) {
1171 len =
sizeof (
struct xfrm_algo_aead) + ((tmpl->aead->alg_key_len + 7) / 8);
1172 NLA_PUT (msg, XFRMA_ALG_AEAD, len, tmpl->aead);
1175 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AUTH) {
1178 if (tmpl->auth->alg_trunc_len) {
1179 len =
sizeof (
struct xfrm_algo_auth) + ((tmpl->auth->alg_key_len + 7) / 8);
1180 NLA_PUT (msg, XFRMA_ALG_AUTH_TRUNC, len, tmpl->auth);
1182 struct xfrm_algo *auth;
1184 len =
sizeof (
struct xfrm_algo) + ((tmpl->auth->alg_key_len + 7) / 8);
1191 strncpy(auth->alg_name, tmpl->auth->alg_name,
sizeof(auth->alg_name));
1192 auth->alg_key_len = tmpl->auth->alg_key_len;
1193 memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8);
1194 if (
nla_put(msg, XFRMA_ALG_AUTH, len, auth) < 0) {
1196 goto nla_put_failure;
1202 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_CRYPT) {
1203 len =
sizeof (
struct xfrm_algo) + ((tmpl->crypt->alg_key_len + 7) / 8);
1204 NLA_PUT (msg, XFRMA_ALG_CRYPT, len, tmpl->crypt);
1207 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_COMP) {
1208 len =
sizeof (
struct xfrm_algo) + ((tmpl->comp->alg_key_len + 7) / 8);
1209 NLA_PUT (msg, XFRMA_ALG_COMP, len, tmpl->comp);
1212 if (tmpl->ce_mask & XFRM_SA_ATTR_ENCAP) {
1213 struct xfrm_encap_tmpl* encap_tmpl;
1214 struct nlattr* encap_attr;
1216 len =
sizeof (
struct xfrm_encap_tmpl);
1219 goto nla_put_failure;
1220 encap_tmpl =
nla_data (encap_attr);
1221 encap_tmpl->encap_type = tmpl->encap->encap_type;
1222 encap_tmpl->encap_sport = htons (tmpl->encap->encap_sport);
1223 encap_tmpl->encap_dport = htons (tmpl->encap->encap_dport);
1227 if (tmpl->ce_mask & XFRM_SA_ATTR_TFCPAD) {
1231 if (tmpl->ce_mask & XFRM_SA_ATTR_COADDR) {
1232 NLA_PUT (msg, XFRMA_COADDR,
sizeof (xfrm_address_t), tmpl->coaddr);
1235 if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1236 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &tmpl->mark);
1239 if (tmpl->ce_mask & XFRM_SA_ATTR_SECCTX) {
1240 len =
sizeof (
struct xfrm_sec_ctx) + tmpl->sec_ctx->ctx_len;
1241 NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
1244 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE) {
1245 NLA_PUT_U32 (msg, XFRMA_ETIMER_THRESH, tmpl->replay_maxage);
1248 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF) {
1249 NLA_PUT_U32 (msg, XFRMA_REPLAY_THRESH, tmpl->replay_maxdiff);
1252 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_STATE) {
1253 if (tmpl->replay_state_esn) {
1254 len =
sizeof (
struct xfrm_replay_state_esn) + (sizeof (uint32_t) * tmpl->replay_state_esn->bmp_len);
1255 NLA_PUT (msg, XFRMA_REPLAY_ESN_VAL, len, tmpl->replay_state_esn);
1258 NLA_PUT (msg, XFRMA_REPLAY_VAL,
sizeof (
struct xfrm_replay_state), &tmpl->replay_state);
1267 return -NLE_MSGSIZE;
1275 int xfrmnl_sa_build_add_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1277 return build_xfrm_sa_message (tmpl, XFRM_MSG_NEWSA, flags, result);
1280 int xfrmnl_sa_add(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1285 if ((err = xfrmnl_sa_build_add_request(tmpl, flags, &msg)) < 0)
1301 int xfrmnl_sa_build_update_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1303 return build_xfrm_sa_message (tmpl, XFRM_MSG_UPDSA, flags, result);
1306 int xfrmnl_sa_update(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1311 if ((err = xfrmnl_sa_build_update_request(tmpl, flags, &msg)) < 0)
1324 static int build_xfrm_sa_delete_message(
struct xfrmnl_sa *tmpl,
int cmd,
int flags,
struct nl_msg **result)
1327 struct xfrm_usersa_id sa_id;
1329 if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1330 !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1331 !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1332 return -NLE_MISSING_ATTR;
1337 sa_id.spi = htonl(tmpl->id.spi);
1338 sa_id.proto = tmpl->id.proto;
1344 if (
nlmsg_append(msg, &sa_id,
sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1345 goto nla_put_failure;
1347 if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1348 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &tmpl->mark);
1356 return -NLE_MSGSIZE;
1364 int xfrmnl_sa_build_delete_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1366 return build_xfrm_sa_delete_message (tmpl, XFRM_MSG_DELSA, flags, result);
1369 int xfrmnl_sa_delete(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1374 if ((err = xfrmnl_sa_build_delete_request(tmpl, flags, &msg)) < 0)
1393 struct xfrmnl_sel* xfrmnl_sa_get_sel (
struct xfrmnl_sa* sa)
1395 if (sa->ce_mask & XFRM_SA_ATTR_SEL)
1401 int xfrmnl_sa_set_sel (
struct xfrmnl_sa* sa,
struct xfrmnl_sel* sel)
1405 xfrmnl_sel_put (sa->sel);
1408 xfrmnl_sel_get (sel);
1410 sa->ce_mask |= XFRM_SA_ATTR_SEL;
1415 static inline int __assign_addr(
struct xfrmnl_sa* sa,
struct nl_addr **pos,
1416 struct nl_addr *
new,
int flag,
int nocheck)
1420 if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1423 return -NLE_AF_MISMATCH;
1433 sa->ce_mask |= flag;
1439 struct nl_addr* xfrmnl_sa_get_daddr (
struct xfrmnl_sa* sa)
1441 if (sa->ce_mask & XFRM_SA_ATTR_DADDR)
1442 return sa->id.daddr;
1447 int xfrmnl_sa_set_daddr (
struct xfrmnl_sa* sa,
struct nl_addr* addr)
1449 return __assign_addr(sa, &sa->id.daddr, addr, XFRM_SA_ATTR_DADDR, 0);
1452 int xfrmnl_sa_get_spi (
struct xfrmnl_sa* sa)
1454 if (sa->ce_mask & XFRM_SA_ATTR_SPI)
1460 int xfrmnl_sa_set_spi (
struct xfrmnl_sa* sa,
unsigned int spi)
1463 sa->ce_mask |= XFRM_SA_ATTR_SPI;
1468 int xfrmnl_sa_get_proto (
struct xfrmnl_sa* sa)
1470 if (sa->ce_mask & XFRM_SA_ATTR_PROTO)
1471 return sa->id.proto;
1476 int xfrmnl_sa_set_proto (
struct xfrmnl_sa* sa,
unsigned int protocol)
1478 sa->id.proto = protocol;
1479 sa->ce_mask |= XFRM_SA_ATTR_PROTO;
1484 struct nl_addr* xfrmnl_sa_get_saddr (
struct xfrmnl_sa* sa)
1486 if (sa->ce_mask & XFRM_SA_ATTR_SADDR)
1492 int xfrmnl_sa_set_saddr (
struct xfrmnl_sa* sa,
struct nl_addr* addr)
1494 return __assign_addr(sa, &sa->saddr, addr, XFRM_SA_ATTR_SADDR, 1);
1497 struct xfrmnl_ltime_cfg* xfrmnl_sa_get_lifetime_cfg (
struct xfrmnl_sa* sa)
1499 if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1505 int xfrmnl_sa_set_lifetime_cfg (
struct xfrmnl_sa* sa,
struct xfrmnl_ltime_cfg* ltime)
1509 xfrmnl_ltime_cfg_put (sa->lft);
1512 xfrmnl_ltime_cfg_get (ltime);
1514 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
1519 int xfrmnl_sa_get_curlifetime (
struct xfrmnl_sa* sa,
unsigned long long int* curr_bytes,
1520 unsigned long long int* curr_packets,
unsigned long long int* curr_add_time,
unsigned long long int* curr_use_time)
1522 if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1525 if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CUR)
1527 *curr_bytes = sa->curlft.bytes;
1528 *curr_packets = sa->curlft.packets;
1529 *curr_add_time = sa->curlft.add_time;
1530 *curr_use_time = sa->curlft.use_time;
1538 int xfrmnl_sa_get_stats (
struct xfrmnl_sa* sa,
unsigned long long int* replay_window,
1539 unsigned long long int* replay,
unsigned long long int* integrity_failed)
1541 if (sa == NULL || replay_window == NULL || replay == NULL || integrity_failed == NULL)
1544 if (sa->ce_mask & XFRM_SA_ATTR_STATS)
1546 *replay_window = sa->stats.replay_window;
1547 *replay = sa->stats.replay;
1548 *integrity_failed = sa->stats.integrity_failed;
1556 int xfrmnl_sa_get_seq (
struct xfrmnl_sa* sa)
1558 if (sa->ce_mask & XFRM_SA_ATTR_SEQ)
1564 int xfrmnl_sa_get_reqid (
struct xfrmnl_sa* sa)
1566 if (sa->ce_mask & XFRM_SA_ATTR_REQID)
1572 int xfrmnl_sa_set_reqid (
struct xfrmnl_sa* sa,
unsigned int reqid)
1575 sa->ce_mask |= XFRM_SA_ATTR_REQID;
1580 int xfrmnl_sa_get_family (
struct xfrmnl_sa* sa)
1582 if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1588 int xfrmnl_sa_set_family (
struct xfrmnl_sa* sa,
unsigned int family)
1590 sa->family = family;
1591 sa->ce_mask |= XFRM_SA_ATTR_FAMILY;
1596 int xfrmnl_sa_get_mode (
struct xfrmnl_sa* sa)
1598 if (sa->ce_mask & XFRM_SA_ATTR_MODE)
1604 int xfrmnl_sa_set_mode (
struct xfrmnl_sa* sa,
unsigned int mode)
1607 sa->ce_mask |= XFRM_SA_ATTR_MODE;
1612 int xfrmnl_sa_get_replay_window (
struct xfrmnl_sa* sa)
1614 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1615 return sa->replay_window;
1620 int xfrmnl_sa_set_replay_window (
struct xfrmnl_sa* sa,
unsigned int replay_window)
1622 sa->replay_window = replay_window;
1623 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_WIN;
1628 int xfrmnl_sa_get_flags (
struct xfrmnl_sa* sa)
1630 if (sa->ce_mask & XFRM_SA_ATTR_FLAGS)
1636 int xfrmnl_sa_set_flags (
struct xfrmnl_sa* sa,
unsigned int flags)
1639 sa->ce_mask |= XFRM_SA_ATTR_FLAGS;
1660 int xfrmnl_sa_get_aead_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
unsigned int* icv_len,
char* key)
1662 if (sa->ce_mask & XFRM_SA_ATTR_ALG_AEAD)
1665 strcpy (alg_name, sa->aead->alg_name);
1667 *key_len = sa->aead->alg_key_len;
1669 *icv_len = sa->aead->alg_icv_len;
1671 memcpy (key, sa->aead->alg_key, ((sa->aead->alg_key_len + 7)/8));
1679 int xfrmnl_sa_set_aead_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
unsigned int icv_len,
const char* key)
1681 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1682 uint32_t newlen =
sizeof (
struct xfrmnl_algo_aead) + keysize;
1687 if (strlen (alg_name) >=
sizeof (sa->aead->alg_name) || (sa->aead = calloc (1, newlen)) == NULL)
1691 strcpy (sa->aead->alg_name, alg_name);
1692 sa->aead->alg_key_len = key_len;
1693 sa->aead->alg_icv_len = icv_len;
1694 memcpy (sa->aead->alg_key, key, keysize);
1696 sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
1717 int xfrmnl_sa_get_auth_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
unsigned int* trunc_len,
char* key)
1719 if (sa->ce_mask & XFRM_SA_ATTR_ALG_AUTH)
1722 strcpy (alg_name, sa->auth->alg_name);
1724 *key_len = sa->auth->alg_key_len;
1726 *trunc_len = sa->auth->alg_trunc_len;
1728 memcpy (key, sa->auth->alg_key, (sa->auth->alg_key_len + 7)/8);
1736 int xfrmnl_sa_set_auth_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
unsigned int trunc_len,
const char* key)
1738 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1739 uint32_t newlen =
sizeof (
struct xfrmnl_algo_auth) + keysize;
1744 if (strlen (alg_name) >=
sizeof (sa->auth->alg_name) || (sa->auth = calloc (1, newlen)) == NULL)
1748 strcpy (sa->auth->alg_name, alg_name);
1749 sa->auth->alg_key_len = key_len;
1750 sa->auth->alg_trunc_len = trunc_len;
1751 memcpy (sa->auth->alg_key, key, keysize);
1753 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
1773 int xfrmnl_sa_get_crypto_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
char* key)
1775 if (sa->ce_mask & XFRM_SA_ATTR_ALG_CRYPT)
1778 strcpy (alg_name, sa->crypt->alg_name);
1780 *key_len = sa->crypt->alg_key_len;
1782 memcpy (key, sa->crypt->alg_key, ((sa->crypt->alg_key_len + 7)/8));
1790 int xfrmnl_sa_set_crypto_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
const char* key)
1792 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1793 uint32_t newlen =
sizeof (
struct xfrmnl_algo) + keysize;
1798 if (strlen (alg_name) >=
sizeof (sa->crypt->alg_name) || (sa->crypt = calloc (1, newlen)) == NULL)
1802 strcpy (sa->crypt->alg_name, alg_name);
1803 sa->crypt->alg_key_len = key_len;
1804 memcpy (sa->crypt->alg_key, key, keysize);
1806 sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
1826 int xfrmnl_sa_get_comp_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
char* key)
1828 if (sa->ce_mask & XFRM_SA_ATTR_ALG_COMP)
1831 strcpy (alg_name, sa->comp->alg_name);
1833 *key_len = sa->comp->alg_key_len;
1835 memcpy (key, sa->comp->alg_key, ((sa->comp->alg_key_len + 7)/8));
1843 int xfrmnl_sa_set_comp_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
const char* key)
1845 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1846 uint32_t newlen =
sizeof (
struct xfrmnl_algo) + keysize;
1851 if (strlen (alg_name) >=
sizeof (sa->comp->alg_name) || (sa->comp = calloc (1, newlen)) == NULL)
1855 strcpy (sa->comp->alg_name, alg_name);
1856 sa->comp->alg_key_len = key_len;
1857 memcpy (sa->comp->alg_key, key, keysize);
1859 sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
1864 int xfrmnl_sa_get_encap_tmpl (
struct xfrmnl_sa* sa,
unsigned int* encap_type,
unsigned int* encap_sport,
unsigned int* encap_dport,
struct nl_addr** encap_oa)
1866 if (sa->ce_mask & XFRM_SA_ATTR_ENCAP)
1868 *encap_type = sa->encap->encap_type;
1869 *encap_sport = sa->encap->encap_sport;
1870 *encap_dport = sa->encap->encap_dport;
1879 int xfrmnl_sa_set_encap_tmpl (
struct xfrmnl_sa* sa,
unsigned int encap_type,
unsigned int encap_sport,
unsigned int encap_dport,
struct nl_addr* encap_oa)
1883 if (sa->encap->encap_oa)
1885 memset(sa->encap, 0, sizeof (*sa->encap));
1886 }
else if ((sa->encap = calloc(1,
sizeof(*sa->encap))) == NULL)
1890 sa->encap->encap_type = encap_type;
1891 sa->encap->encap_sport = encap_sport;
1892 sa->encap->encap_dport = encap_dport;
1894 sa->encap->encap_oa = encap_oa;
1896 sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
1901 int xfrmnl_sa_get_tfcpad (
struct xfrmnl_sa* sa)
1903 if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
1909 int xfrmnl_sa_set_tfcpad (
struct xfrmnl_sa* sa,
unsigned int tfcpad)
1911 sa->tfcpad = tfcpad;
1912 sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
1917 struct nl_addr* xfrmnl_sa_get_coaddr (
struct xfrmnl_sa* sa)
1919 if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
1925 int xfrmnl_sa_set_coaddr (
struct xfrmnl_sa* sa,
struct nl_addr* coaddr)
1933 sa->coaddr = coaddr;
1935 sa->ce_mask |= XFRM_SA_ATTR_COADDR;
1940 int xfrmnl_sa_get_mark (
struct xfrmnl_sa* sa,
unsigned int* mark_mask,
unsigned int* mark_value)
1942 if (mark_mask == NULL || mark_value == NULL)
1945 if (sa->ce_mask & XFRM_SA_ATTR_MARK)
1947 *mark_mask = sa->mark.m;
1948 *mark_value = sa->mark.v;
1956 int xfrmnl_sa_set_mark (
struct xfrmnl_sa* sa,
unsigned int value,
unsigned int mask)
1960 sa->ce_mask |= XFRM_SA_ATTR_MARK;
1984 int xfrmnl_sa_get_sec_ctx (
struct xfrmnl_sa* sa,
unsigned int* doi,
unsigned int* alg,
1985 unsigned int* len,
unsigned int* sid,
char* ctx_str)
1987 if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
1990 *doi = sa->sec_ctx->ctx_doi;
1992 *alg = sa->sec_ctx->ctx_alg;
1994 *len = sa->sec_ctx->ctx_len;
1996 memcpy (ctx_str, sa->sec_ctx->ctx, sa->sec_ctx->ctx_len);
2017 int xfrmnl_sa_set_sec_ctx (
struct xfrmnl_sa* sa,
unsigned int doi,
unsigned int alg,
unsigned int len,
2018 unsigned int sid,
const char* ctx_str)
2023 if ((sa->sec_ctx = calloc(1,
sizeof (
struct xfrmnl_user_sec_ctx) + len)) == NULL)
2027 sa->sec_ctx->len =
sizeof(
struct xfrmnl_user_sec_ctx) + len;
2028 sa->sec_ctx->exttype = XFRMA_SEC_CTX;
2029 sa->sec_ctx->ctx_alg = alg;
2030 sa->sec_ctx->ctx_doi = doi;
2031 sa->sec_ctx->ctx_len = len;
2032 memcpy (sa->sec_ctx->ctx, ctx_str, len);
2034 sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
2040 int xfrmnl_sa_get_replay_maxage (
struct xfrmnl_sa* sa)
2042 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE)
2043 return sa->replay_maxage;
2048 int xfrmnl_sa_set_replay_maxage (
struct xfrmnl_sa* sa,
unsigned int replay_maxage)
2050 sa->replay_maxage = replay_maxage;
2051 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
2056 int xfrmnl_sa_get_replay_maxdiff (
struct xfrmnl_sa* sa)
2058 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF)
2059 return sa->replay_maxdiff;
2064 int xfrmnl_sa_set_replay_maxdiff (
struct xfrmnl_sa* sa,
unsigned int replay_maxdiff)
2066 sa->replay_maxdiff = replay_maxdiff;
2067 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
2072 int xfrmnl_sa_get_replay_state (
struct xfrmnl_sa* sa,
unsigned int* oseq,
unsigned int* seq,
unsigned int* bmp)
2074 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
2076 if (sa->replay_state_esn == NULL)
2078 *oseq = sa->replay_state.oseq;
2079 *seq = sa->replay_state.seq;
2080 *bmp = sa->replay_state.bitmap;
2093 int xfrmnl_sa_set_replay_state (
struct xfrmnl_sa* sa,
unsigned int oseq,
unsigned int seq,
unsigned int bitmap)
2095 sa->replay_state.oseq = oseq;
2096 sa->replay_state.seq = seq;
2097 sa->replay_state.bitmap = bitmap;
2098 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
2103 int xfrmnl_sa_get_replay_state_esn (
struct xfrmnl_sa* sa,
unsigned int* oseq,
unsigned int* seq,
unsigned int* oseq_hi,
2104 unsigned int* seq_hi,
unsigned int* replay_window,
unsigned int* bmp_len,
unsigned int* bmp)
2106 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
2108 if (sa->replay_state_esn)
2110 *oseq = sa->replay_state_esn->oseq;
2111 *seq = sa->replay_state_esn->seq;
2112 *oseq_hi= sa->replay_state_esn->oseq_hi;
2113 *seq_hi = sa->replay_state_esn->seq_hi;
2114 *replay_window = sa->replay_state_esn->replay_window;
2115 *bmp_len = sa->replay_state_esn->bmp_len;
2116 memcpy (bmp, sa->replay_state_esn->bmp, sa->replay_state_esn->bmp_len * sizeof (uint32_t));
2129 int xfrmnl_sa_set_replay_state_esn (
struct xfrmnl_sa* sa,
unsigned int oseq,
unsigned int seq,
2130 unsigned int oseq_hi,
unsigned int seq_hi,
unsigned int replay_window,
2131 unsigned int bmp_len,
unsigned int* bmp)
2134 if (sa->replay_state_esn)
2135 free (sa->replay_state_esn);
2137 if ((sa->replay_state_esn = calloc (1,
sizeof (
struct xfrmnl_replay_state_esn) + (
sizeof (uint32_t) * bmp_len))) == NULL)
2139 sa->replay_state_esn->oseq = oseq;
2140 sa->replay_state_esn->seq = seq;
2141 sa->replay_state_esn->oseq_hi = oseq_hi;
2142 sa->replay_state_esn->seq_hi = seq_hi;
2143 sa->replay_state_esn->replay_window = replay_window;
2144 sa->replay_state_esn->bmp_len = bmp_len;
2145 memcpy (sa->replay_state_esn->bmp, bmp, bmp_len * sizeof (uint32_t));
2146 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
2152 int xfrmnl_sa_is_hardexpiry_reached (
struct xfrmnl_sa* sa)
2154 if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2155 return (sa->hard > 0 ? 1: 0);
2160 int xfrmnl_sa_is_expiry_reached (
struct xfrmnl_sa* sa)
2162 if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2170 static struct nl_object_ops xfrm_sa_obj_ops = {
2171 .oo_name =
"xfrm/sa",
2172 .oo_size =
sizeof(
struct xfrmnl_sa),
2173 .oo_constructor = xfrm_sa_alloc_data,
2174 .oo_free_data = xfrm_sa_free_data,
2175 .oo_clone = xfrm_sa_clone,
2181 .oo_compare = xfrm_sa_compare,
2182 .oo_attrs2str = xfrm_sa_attrs2str,
2183 .oo_id_attrs = (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO),
2186 static struct nl_af_group xfrm_sa_groups[] = {
2187 { AF_UNSPEC, XFRMNLGRP_SA },
2188 { AF_UNSPEC, XFRMNLGRP_EXPIRE },
2189 { END_OF_GROUP_LIST },
2192 static struct nl_cache_ops xfrmnl_sa_ops = {
2193 .co_name =
"xfrm/sa",
2194 .co_hdrsize =
sizeof(
struct xfrm_usersa_info),
2196 { XFRM_MSG_NEWSA, NL_ACT_NEW,
"new" },
2197 { XFRM_MSG_DELSA, NL_ACT_DEL,
"del" },
2198 { XFRM_MSG_GETSA, NL_ACT_GET,
"get" },
2199 { XFRM_MSG_EXPIRE, NL_ACT_UNSPEC,
"expire"},
2200 { XFRM_MSG_UPDSA, NL_ACT_NEW,
"update"},
2201 END_OF_MSGTYPES_LIST,
2203 .co_protocol = NETLINK_XFRM,
2204 .co_groups = xfrm_sa_groups,
2205 .co_request_update = xfrm_sa_request_update,
2206 .co_msg_parser = xfrm_sa_msg_parser,
2207 .co_obj_ops = &xfrm_sa_obj_ops,
2208 .co_include_event = &xfrm_sa_update_cache
2216 static void __attribute__ ((constructor)) xfrm_sa_init(
void)
2221 static void __attribute__ ((destructor)) xfrm_sa_exit(
void)
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
struct nl_addr * nl_addr_clone(const struct nl_addr *addr)
Clone existing abstract address object.
Dump object briefly on one line.
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
Compare abstract addresses.
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Attribute validation policy.
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
struct nl_addr * nl_addr_build(int family, const void *buf, size_t size)
Allocate abstract address based on a binary address.
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, struct nla_policy *policy)
parse attributes of a netlink message
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
struct nlattr * nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
Reserve space for a attribute.
struct nl_addr * nl_addr_get(struct nl_addr *addr)
Increase the reference counter of an abstract address.
Dump all attributes but no statistics.
uint64_t nl_object_diff64(struct nl_object *a, struct nl_object *b)
Compute bitmask representing difference in attribute values.
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
struct nl_object * nl_cache_search(struct nl_cache *cache, struct nl_object *needle)
Search object in cache.
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
int nl_object_get_msgtype(const struct nl_object *obj)
Return the netlink message type the object was derived from.
void nl_cache_remove(struct nl_object *obj)
Remove object from cache.
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
uint16_t minlen
Minimal length of payload required.
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
int nl_cache_move(struct nl_cache *cache, struct nl_object *obj)
Move object from one cache to another.
void nl_addr_put(struct nl_addr *addr)
Decrease the reference counter of an abstract address.
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
int nla_put(struct nl_msg *msg, int attrtype, int datalen, const void *data)
Add a unspecific attribute to netlink message.
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
Dump all attributes including statistics.
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
int nl_addr_get_family(const struct nl_addr *addr)
Return address family.