libnl  3.3.0
sp.c
1 /*
2  * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
3  *
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  *
12  * Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the
15  * distribution.
16  *
17  * Neither the name of Texas Instruments Incorporated nor the names of
18  * its contributors may be used to endorse or promote products derived
19  * from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  */
34 
35 /**
36  * @ingroup xfrmnl
37  * @defgroup sp Security Policy
38  * @brief
39  */
40 
41 #include <netlink-private/netlink.h>
42 #include <netlink/netlink.h>
43 #include <netlink/cache.h>
44 #include <netlink/object.h>
45 #include <netlink/xfrm/selector.h>
46 #include <netlink/xfrm/lifetime.h>
47 #include <netlink/xfrm/template.h>
48 #include <netlink/xfrm/sp.h>
49 
50 /** @cond SKIP */
51 #define XFRM_SP_ATTR_SEL 0x01
52 #define XFRM_SP_ATTR_LTIME_CFG 0x02
53 #define XFRM_SP_ATTR_LTIME_CUR 0x04
54 #define XFRM_SP_ATTR_PRIO 0x08
55 #define XFRM_SP_ATTR_INDEX 0x10
56 #define XFRM_SP_ATTR_DIR 0x20
57 #define XFRM_SP_ATTR_ACTION 0x40
58 #define XFRM_SP_ATTR_FLAGS 0x80
59 #define XFRM_SP_ATTR_SHARE 0x100
60 #define XFRM_SP_ATTR_POLTYPE 0x200
61 #define XFRM_SP_ATTR_SECCTX 0x400
62 #define XFRM_SP_ATTR_TMPL 0x800
63 #define XFRM_SP_ATTR_MARK 0x1000
64 
65 static struct nl_cache_ops xfrmnl_sp_ops;
66 static struct nl_object_ops xfrm_sp_obj_ops;
67 /** @endcond */
68 
69 static void xfrm_sp_alloc_data(struct nl_object *c)
70 {
71  struct xfrmnl_sp* sp = nl_object_priv (c);
72 
73  if ((sp->sel = xfrmnl_sel_alloc ()) == NULL)
74  return;
75 
76  if ((sp->lft = xfrmnl_ltime_cfg_alloc ()) == NULL)
77  return;
78 
79  nl_init_list_head(&sp->usertmpl_list);
80 
81  return;
82 }
83 
84 static void xfrm_sp_free_data(struct nl_object *c)
85 {
86  struct xfrmnl_sp* sp = nl_object_priv (c);
87  struct xfrmnl_user_tmpl *utmpl, *tmp;
88 
89  if (sp == NULL)
90  return;
91 
92  xfrmnl_sel_put (sp->sel);
93  xfrmnl_ltime_cfg_put (sp->lft);
94 
95  if(sp->sec_ctx)
96  {
97  free (sp->sec_ctx);
98  }
99 
100  nl_list_for_each_entry_safe(utmpl, tmp, &sp->usertmpl_list, utmpl_list) {
101  xfrmnl_sp_remove_usertemplate (sp, utmpl);
102  xfrmnl_user_tmpl_free (utmpl);
103  }
104 }
105 
106 static int xfrm_sp_clone(struct nl_object *_dst, struct nl_object *_src)
107 {
108  struct xfrmnl_sp* dst = nl_object_priv(_dst);
109  struct xfrmnl_sp* src = nl_object_priv(_src);
110  uint32_t len = 0;
111  struct xfrmnl_user_tmpl *utmpl, *new;
112 
113  if (src->sel)
114  if ((dst->sel = xfrmnl_sel_clone (src->sel)) == NULL)
115  return -NLE_NOMEM;
116 
117  if (src->lft)
118  if ((dst->lft = xfrmnl_ltime_cfg_clone (src->lft)) == NULL)
119  return -NLE_NOMEM;
120 
121  if(src->sec_ctx)
122  {
123  len = sizeof (struct xfrmnl_user_sec_ctx) + src->sec_ctx->ctx_len;
124  if ((dst->sec_ctx = calloc (1, len)) == NULL)
125  return -NLE_NOMEM;
126  memcpy ((void *)dst->sec_ctx, (void *)src->sec_ctx, len);
127  }
128 
129  nl_init_list_head(&dst->usertmpl_list);
130  nl_list_for_each_entry(utmpl, &src->usertmpl_list, utmpl_list) {
131  new = xfrmnl_user_tmpl_clone (utmpl);
132  if (!new)
133  return -NLE_NOMEM;
134 
135  xfrmnl_sp_add_usertemplate(dst, new);
136  }
137 
138  return 0;
139 }
140 
141 static uint64_t xfrm_sp_compare(struct nl_object *_a, struct nl_object *_b,
142  uint64_t attrs, int flags)
143 {
144  struct xfrmnl_sp* a = (struct xfrmnl_sp *) _a;
145  struct xfrmnl_sp* b = (struct xfrmnl_sp *) _b;
146  struct xfrmnl_user_tmpl *tmpl_a, *tmpl_b;
147  uint64_t diff = 0;
148 
149 #define XFRM_SP_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_SP_ATTR_##ATTR, a, b, EXPR)
150  diff |= XFRM_SP_DIFF(SEL, xfrmnl_sel_cmp(a->sel, b->sel));
151  diff |= XFRM_SP_DIFF(LTIME_CFG, xfrmnl_ltime_cfg_cmp(a->lft, b->lft));
152  diff |= XFRM_SP_DIFF(PRIO, a->priority != b->priority);
153  diff |= XFRM_SP_DIFF(INDEX, a->index != b->index);
154  diff |= XFRM_SP_DIFF(DIR, a->dir != b->dir);
155  diff |= XFRM_SP_DIFF(ACTION, a->action != b->action);
156  diff |= XFRM_SP_DIFF(FLAGS, a->flags != b->flags);
157  diff |= XFRM_SP_DIFF(SHARE, a->share != b->share);
158  diff |= XFRM_SP_DIFF(SECCTX,((a->sec_ctx->len != b->sec_ctx->len) ||
159  (a->sec_ctx->exttype != b->sec_ctx->exttype) ||
160  (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
161  (a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
162  (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
163  strcmp(a->sec_ctx->ctx, b->sec_ctx->ctx)));
164  diff |= XFRM_SP_DIFF(POLTYPE,(a->uptype.type != b->uptype.type));
165  diff |= XFRM_SP_DIFF(TMPL,(a->nr_user_tmpl != b->nr_user_tmpl));
166  diff |= XFRM_SP_DIFF(MARK,(a->mark.m != b->mark.m) ||
167  (a->mark.v != b->mark.v));
168 
169  /* Compare the templates */
170  nl_list_for_each_entry(tmpl_b, &b->usertmpl_list, utmpl_list)
171  nl_list_for_each_entry(tmpl_a, &a->usertmpl_list, utmpl_list)
172  diff |= xfrmnl_user_tmpl_cmp (tmpl_a, tmpl_b);
173 #undef XFRM_SP_DIFF
174 
175  return diff;
176 }
177 
178 /**
179  * @name XFRM SP Attribute Translations
180  * @{
181  */
182 static const struct trans_tbl sp_attrs[] = {
183  __ADD(XFRM_SP_ATTR_SEL, selector),
184  __ADD(XFRM_SP_ATTR_LTIME_CFG, lifetime_cfg),
185  __ADD(XFRM_SP_ATTR_LTIME_CUR, lifetime_cur),
186  __ADD(XFRM_SP_ATTR_PRIO, priority),
187  __ADD(XFRM_SP_ATTR_INDEX, index),
188  __ADD(XFRM_SP_ATTR_DIR, direction),
189  __ADD(XFRM_SP_ATTR_ACTION, action),
190  __ADD(XFRM_SP_ATTR_FLAGS, flags),
191  __ADD(XFRM_SP_ATTR_SHARE, share),
192  __ADD(XFRM_SP_ATTR_POLTYPE, policy_type),
193  __ADD(XFRM_SP_ATTR_SECCTX, security_context),
194  __ADD(XFRM_SP_ATTR_TMPL, user_template),
195  __ADD(XFRM_SP_ATTR_MARK, mark),
196 };
197 
198 static char* xfrm_sp_attrs2str(int attrs, char *buf, size_t len)
199 {
200  return __flags2str (attrs, buf, len, sp_attrs, ARRAY_SIZE(sp_attrs));
201 }
202 /** @} */
203 
204 /**
205  * @name XFRM SP Action Translations
206  * @{
207  */
208 static const struct trans_tbl sa_actions[] = {
209  __ADD(XFRM_POLICY_ALLOW, allow),
210  __ADD(XFRM_POLICY_BLOCK, block),
211 };
212 
213 char* xfrmnl_sp_action2str(int action, char *buf, size_t len)
214 {
215  return __type2str (action, buf, len, sa_actions, ARRAY_SIZE(sa_actions));
216 }
217 
218 int xfrmnl_sp_str2action(const char *name)
219 {
220  return __str2type (name, sa_actions, ARRAY_SIZE(sa_actions));
221 }
222 /** @} */
223 
224 /**
225  * @name XFRM SP Flags Translations
226  * @{
227  */
228 static const struct trans_tbl sp_flags[] = {
229  __ADD(XFRM_POLICY_LOCALOK, allow policy override by user),
230  __ADD(XFRM_POLICY_ICMP, auto include ICMP in policy),
231 };
232 
233 char* xfrmnl_sp_flags2str(int flags, char *buf, size_t len)
234 {
235  return __flags2str (flags, buf, len, sp_flags, ARRAY_SIZE(sp_flags));
236 }
237 
238 int xfrmnl_sp_str2flag(const char *name)
239 {
240  return __str2flags(name, sp_flags, ARRAY_SIZE(sp_flags));
241 }
242 /** @} */
243 
244 /**
245  * @name XFRM SP Type Translations
246  * @{
247  */
248 static const struct trans_tbl sp_types[] = {
249  __ADD(XFRM_POLICY_TYPE_MAIN, main),
250  __ADD(XFRM_POLICY_TYPE_SUB, sub),
251  __ADD(XFRM_POLICY_TYPE_MAX, max),
252  __ADD(XFRM_POLICY_TYPE_ANY, any),
253 };
254 
255 char* xfrmnl_sp_type2str(int type, char *buf, size_t len)
256 {
257  return __type2str(type, buf, len, sp_types, ARRAY_SIZE(sp_types));
258 }
259 
260 int xfrmnl_sp_str2type(const char *name)
261 {
262  return __str2type(name, sp_types, ARRAY_SIZE(sp_types));
263 }
264 /** @} */
265 
266 /**
267  * @name XFRM SP Direction Translations
268  * @{
269  */
270 static const struct trans_tbl sp_dir[] = {
271  __ADD(XFRM_POLICY_IN, in),
272  __ADD(XFRM_POLICY_OUT, out),
273  __ADD(XFRM_POLICY_FWD, fwd),
274  __ADD(XFRM_POLICY_MASK, mask),
275 };
276 
277 char* xfrmnl_sp_dir2str(int dir, char *buf, size_t len)
278 {
279  return __type2str (dir, buf, len, sp_dir, ARRAY_SIZE(sp_dir));
280 }
281 
282 int xfrmnl_sp_str2dir(const char *name)
283 {
284  return __str2type (name, sp_dir, ARRAY_SIZE(sp_dir));
285 }
286 
287 int xfrmnl_sp_index2dir (unsigned int index)
288 {
289  return index & 0x7;
290 }
291 /** @} */
292 
293 /**
294  * @name XFRM SP Share Translations
295  * @{
296  */
297 static const struct trans_tbl sp_share[] = {
298  __ADD(XFRM_SHARE_ANY, any),
299  __ADD(XFRM_SHARE_SESSION, session),
300  __ADD(XFRM_SHARE_USER, user),
301  __ADD(XFRM_SHARE_UNIQUE, unique),
302 };
303 
304 char* xfrmnl_sp_share2str(int share, char *buf, size_t len)
305 {
306  return __type2str (share, buf, len, sp_share, ARRAY_SIZE(sp_share));
307 }
308 
309 int xfrmnl_sp_str2share(const char *name)
310 {
311  return __str2type (name, sp_share, ARRAY_SIZE(sp_share));
312 }
313 /** @} */
314 
315 static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p)
316 {
317  struct xfrmnl_sp* sp = (struct xfrmnl_sp *) a;
318  char dir[32], action[32], share[32], flags[32];
319  char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
320  time_t add_time, use_time;
321  struct tm *add_time_tm, *use_time_tm;
322 
323  nl_addr2str(xfrmnl_sel_get_saddr (sp->sel), src, sizeof(src));
324  nl_addr2str (xfrmnl_sel_get_daddr (sp->sel), dst, sizeof (dst));
325  nl_af2str (xfrmnl_sel_get_family (sp->sel), dir, 32);
326  nl_dump_line(p, "src %s dst %s family: %s\n", src, dst, dir);
327  nl_dump_line (p, "src port/mask: %d/%d dst port/mask: %d/%d\n",
328  xfrmnl_sel_get_dport (sp->sel), xfrmnl_sel_get_dportmask (sp->sel),
329  xfrmnl_sel_get_sport (sp->sel), xfrmnl_sel_get_sportmask (sp->sel));
330  nl_dump_line (p, "protocol: %s ifindex: %u uid: %u\n",
331  nl_ip_proto2str (xfrmnl_sel_get_proto (sp->sel), dir, sizeof(dir)),
332  xfrmnl_sel_get_ifindex (sp->sel),
333  xfrmnl_sel_get_userid (sp->sel));
334 
335  xfrmnl_sp_dir2str (sp->dir, dir, 32);
336  xfrmnl_sp_action2str (sp->action, action, 32);
337  xfrmnl_sp_share2str (sp->share, share, 32);
338  xfrmnl_sp_flags2str (sp->flags, flags, 32);
339  nl_dump_line(p, "\tdir: %s action: %s index: %u priority: %u share: %s flags: %s(0x%x) \n",
340  dir, action, sp->index, sp->priority, share, flags, sp->flags);
341 
342  nl_dump_line(p, "\tlifetime configuration: \n");
343  if (sp->lft->soft_byte_limit == XFRM_INF)
344  sprintf (dir, "INF");
345  else
346  sprintf (dir, "%" PRIu64, sp->lft->soft_byte_limit);
347  if (sp->lft->soft_packet_limit == XFRM_INF)
348  sprintf (action, "INF");
349  else
350  sprintf (action, "%" PRIu64, sp->lft->soft_packet_limit);
351  if (sp->lft->hard_byte_limit == XFRM_INF)
352  sprintf (flags, "INF");
353  else
354  sprintf (flags, "%" PRIu64, sp->lft->hard_byte_limit);
355  if (sp->lft->hard_packet_limit == XFRM_INF)
356  sprintf (share, "INF");
357  else
358  sprintf (share, "%" PRIu64, sp->lft->hard_packet_limit);
359  nl_dump_line(p, "\t\tsoft limit: %s (bytes), %s (packets) \n", dir, action);
360  nl_dump_line(p, "\t\thard limit: %s (bytes), %s (packets) \n", flags, share);
361  nl_dump_line(p, "\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
362  sp->lft->soft_add_expires_seconds, sp->lft->soft_use_expires_seconds);
363  nl_dump_line(p, "\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
364  sp->lft->hard_add_expires_seconds, sp->lft->hard_use_expires_seconds);
365 
366  nl_dump_line(p, "\tlifetime current: \n");
367  nl_dump_line(p, "\t\t%llu bytes, %llu packets\n", sp->curlft.bytes, sp->curlft.packets);
368 
369  if (sp->curlft.add_time != 0)
370  {
371  add_time = sp->curlft.add_time;
372  add_time_tm = gmtime (&add_time);
373  strftime (dst, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", add_time_tm);
374  }
375  else
376  {
377  sprintf (dst, "%s", "-");
378  }
379 
380  if (sp->curlft.use_time != 0)
381  {
382  use_time = sp->curlft.use_time;
383  use_time_tm = gmtime (&use_time);
384  strftime (src, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", use_time_tm);
385  }
386  else
387  {
388  sprintf (src, "%s", "-");
389  }
390  nl_dump_line(p, "\t\tadd_time: %s, use_time: %s\n", dst, src);
391 
392  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
393  {
394  nl_dump_line(p, "\tUser security context: \n");
395  nl_dump_line(p, "\t\tlen: %d exttype: %d Algo: %d DOI: %d ctxlen: %d\n",
396  sp->sec_ctx->len, sp->sec_ctx->exttype,
397  sp->sec_ctx->ctx_alg, sp->sec_ctx->ctx_doi, sp->sec_ctx->ctx_len);
398  nl_dump_line (p, "\t\tctx: %s \n", sp->sec_ctx->ctx);
399  }
400 
401  xfrmnl_sp_type2str (sp->uptype.type, flags, 32);
402  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
403  nl_dump_line(p, "\tUser policy type: %s\n", flags);
404 
405  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
406  {
407  struct xfrmnl_user_tmpl* utmpl;
408 
409  nl_dump_line(p, "\tUser template: \n");
410 
411  nl_list_for_each_entry(utmpl, &sp->usertmpl_list, utmpl_list)
412  xfrmnl_user_tmpl_dump (utmpl, p);
413  }
414 
415  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
416  nl_dump_line(p, "\tMark mask: 0x%x Mark value: 0x%x\n", sp->mark.m, sp->mark.v);
417 
418  nl_dump(p, "\n");
419 }
420 
421 static void xfrm_sp_dump_details(struct nl_object *a, struct nl_dump_params *p)
422 {
423  xfrm_sp_dump_line(a, p);
424 }
425 
426 static void xfrm_sp_dump_stats(struct nl_object *a, struct nl_dump_params *p)
427 {
428  xfrm_sp_dump_details(a, p);
429 
430  return;
431 }
432 
433 /**
434  * @name XFRM SP Object Allocation/Freeage
435  * @{
436  */
437 
438 struct xfrmnl_sp* xfrmnl_sp_alloc(void)
439 {
440  return (struct xfrmnl_sp*) nl_object_alloc(&xfrm_sp_obj_ops);
441 }
442 
443 void xfrmnl_sp_put(struct xfrmnl_sp* sp)
444 {
445  nl_object_put((struct nl_object *) sp);
446 }
447 
448 /** @} */
449 
450 /**
451  * @name SP Cache Managament
452  * @{
453  */
454 
455 /**
456  * Build a SP cache including all SPs currently configured in the kernel.
457  * @arg sock Netlink socket.
458  * @arg result Pointer to store resulting cache.
459  *
460  * Allocates a new SP cache, initializes it properly and updates it
461  * to include all SPs currently configured in the kernel.
462  *
463  * @return 0 on success or a negative error code.
464  */
465 int xfrmnl_sp_alloc_cache(struct nl_sock *sock, struct nl_cache **result)
466 {
467  return nl_cache_alloc_and_fill(&xfrmnl_sp_ops, sock, result);
468 }
469 
470 /**
471  * Look up a SP by policy id and direction
472  * @arg cache SP cache
473  * @arg index Policy Id
474  * @arg dir direction
475  * @return sp handle or NULL if no match was found.
476  */
477 struct xfrmnl_sp* xfrmnl_sp_get(struct nl_cache* cache, unsigned int index, unsigned int dir)
478 {
479  struct xfrmnl_sp *sp;
480 
481  //nl_list_for_each_entry(sp, &cache->c_items, ce_list) {
482  for (sp = (struct xfrmnl_sp*)nl_cache_get_first (cache);
483  sp != NULL;
484  sp = (struct xfrmnl_sp*)nl_cache_get_next ((struct nl_object*)sp))
485  {
486  if (sp->index == index && sp->dir == dir)
487  {
488  nl_object_get((struct nl_object *) sp);
489  return sp;
490  }
491  }
492 
493  return NULL;
494 }
495 
496 
497 /** @} */
498 
499 
500 static struct nla_policy xfrm_sp_policy[XFRMA_MAX+1] = {
501  [XFRMA_POLICY] = { .minlen = sizeof(struct xfrm_userpolicy_info)},
502  [XFRMA_SEC_CTX] = { .minlen = sizeof(struct xfrm_sec_ctx) },
503  [XFRMA_TMPL] = { .minlen = sizeof(struct xfrm_user_tmpl) },
504  [XFRMA_POLICY_TYPE] = { .minlen = sizeof(struct xfrm_userpolicy_type)},
505  [XFRMA_MARK] = { .minlen = sizeof(struct xfrm_mark) },
506 };
507 
508 static int xfrm_sp_request_update(struct nl_cache *c, struct nl_sock *h)
509 {
510  struct xfrm_userpolicy_id sp_id;
511 
512  memset (&sp_id, 0, sizeof (sp_id));
513  return nl_send_simple (h, XFRM_MSG_GETPOLICY, NLM_F_DUMP,
514  &sp_id, sizeof (sp_id));
515 }
516 
517 int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
518 {
519  struct xfrmnl_sp *sp;
520  struct nlattr *tb[XFRMA_MAX + 1];
521  struct xfrm_userpolicy_info *sp_info;
522  int len, err;
523  struct nl_addr* addr;
524 
525  sp = xfrmnl_sp_alloc();
526  if (!sp) {
527  err = -NLE_NOMEM;
528  goto errout;
529  }
530 
531  sp->ce_msgtype = n->nlmsg_type;
532  if (n->nlmsg_type == XFRM_MSG_DELPOLICY)
533  {
534  sp_info = (struct xfrm_userpolicy_info*)(nlmsg_data(n) + sizeof (struct xfrm_userpolicy_id) + NLA_HDRLEN);
535  }
536  else
537  {
538  sp_info = nlmsg_data(n);
539  }
540 
541  err = nlmsg_parse(n, sizeof(struct xfrm_userpolicy_info), tb, XFRMA_MAX, xfrm_sp_policy);
542  if (err < 0)
543  {
544  printf ("parse error: %d \n", err);
545  goto errout;
546  }
547 
548  if (sp_info->sel.family == AF_INET)
549  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4));
550  else
551  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
552  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
553  xfrmnl_sel_set_daddr (sp->sel, addr);
554  xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
555 
556  if (sp_info->sel.family == AF_INET)
557  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4));
558  else
559  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
560  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
561  xfrmnl_sel_set_saddr (sp->sel, addr);
562  xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s);
563 
564  xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport));
565  xfrmnl_sel_set_dportmask (sp->sel, ntohs (sp_info->sel.dport_mask));
566  xfrmnl_sel_set_sport (sp->sel, ntohs (sp_info->sel.sport));
567  xfrmnl_sel_set_sportmask (sp->sel, ntohs (sp_info->sel.sport_mask));
568  xfrmnl_sel_set_family (sp->sel, sp_info->sel.family);
569  xfrmnl_sel_set_proto (sp->sel, sp_info->sel.proto);
570  xfrmnl_sel_set_ifindex (sp->sel, sp_info->sel.ifindex);
571  xfrmnl_sel_set_userid (sp->sel, sp_info->sel.user);
572  sp->ce_mask |= XFRM_SP_ATTR_SEL;
573 
574  sp->lft->soft_byte_limit = sp_info->lft.soft_byte_limit;
575  sp->lft->hard_byte_limit = sp_info->lft.hard_byte_limit;
576  sp->lft->soft_packet_limit = sp_info->lft.soft_packet_limit;
577  sp->lft->hard_packet_limit = sp_info->lft.hard_packet_limit;
578  sp->lft->soft_add_expires_seconds = sp_info->lft.soft_add_expires_seconds;
579  sp->lft->hard_add_expires_seconds = sp_info->lft.hard_add_expires_seconds;
580  sp->lft->soft_use_expires_seconds = sp_info->lft.soft_use_expires_seconds;
581  sp->lft->hard_use_expires_seconds = sp_info->lft.hard_use_expires_seconds;
582  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
583 
584  sp->curlft.bytes = sp_info->curlft.bytes;
585  sp->curlft.packets = sp_info->curlft.packets;
586  sp->curlft.add_time = sp_info->curlft.add_time;
587  sp->curlft.use_time = sp_info->curlft.use_time;
588  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CUR;
589 
590  sp->priority = sp_info->priority;
591  sp->index = sp_info->index;
592  sp->dir = sp_info->dir;
593  sp->action = sp_info->action;
594  sp->flags = sp_info->flags;
595  sp->share = sp_info->share;
596  sp->ce_mask |= (XFRM_SP_ATTR_PRIO | XFRM_SP_ATTR_INDEX |
597  XFRM_SP_ATTR_DIR | XFRM_SP_ATTR_ACTION |
598  XFRM_SP_ATTR_FLAGS | XFRM_SP_ATTR_SHARE);
599 
600  if (tb[XFRMA_SEC_CTX]) {
601  struct xfrm_user_sec_ctx* ctx = nla_data(tb[XFRMA_SEC_CTX]);
602  len = sizeof (struct xfrmnl_user_sec_ctx) + ctx->ctx_len;
603  if ((sp->sec_ctx = calloc (1, len)) == NULL)
604  {
605  err = -NLE_NOMEM;
606  goto errout;
607  }
608  memcpy ((void *)sp->sec_ctx, (void *)ctx, len);
609  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
610  }
611 
612  if (tb[XFRMA_POLICY_TYPE]) {
613  struct xfrm_userpolicy_type* up = nla_data(tb[XFRMA_POLICY_TYPE]);
614  memcpy ((void *)&sp->uptype, (void *)up, sizeof (struct xfrm_userpolicy_type));
615  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
616  }
617 
618  if (tb[XFRMA_TMPL]) {
619  struct xfrm_user_tmpl* tmpl = nla_data(tb[XFRMA_TMPL]);
620  struct xfrmnl_user_tmpl* sputmpl;
621  uint32_t i;
622  uint32_t num_tmpls = nla_len(tb[XFRMA_TMPL]) / sizeof (*tmpl);
623  struct nl_addr* addr;
624 
625  for (i = 0; (i < num_tmpls) && (tmpl); i ++, tmpl++)
626  {
627  if ((sputmpl = xfrmnl_user_tmpl_alloc ()) == NULL)
628  {
629  err = -NLE_NOMEM;
630  goto errout;
631  }
632 
633  if (tmpl->family == AF_INET)
634  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4));
635  else
636  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
637  xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
638  xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi));
639  xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto);
640  xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
641 
642  if (tmpl->family == AF_INET)
643  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4));
644  else
645  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
646  xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
647 
648  xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid);
649  xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode);
650  xfrmnl_user_tmpl_set_share (sputmpl, tmpl->share);
651  xfrmnl_user_tmpl_set_optional (sputmpl, tmpl->optional);
652  xfrmnl_user_tmpl_set_aalgos (sputmpl, tmpl->aalgos);
653  xfrmnl_user_tmpl_set_ealgos (sputmpl, tmpl->ealgos);
654  xfrmnl_user_tmpl_set_calgos (sputmpl, tmpl->calgos);
655  xfrmnl_sp_add_usertemplate (sp, sputmpl);
656 
657  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
658  }
659  }
660 
661  if (tb[XFRMA_MARK]) {
662  struct xfrm_mark* m = nla_data(tb[XFRMA_MARK]);
663  sp->mark.m = m->m;
664  sp->mark.v = m->v;
665  sp->ce_mask |= XFRM_SP_ATTR_MARK;
666  }
667 
668  *result = sp;
669  return 0;
670 
671 errout:
672  xfrmnl_sp_put(sp);
673  return err;
674 }
675 
676 static int xfrm_sp_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
677  struct nlmsghdr *n, struct nl_parser_param *pp)
678 {
679  struct xfrmnl_sp* sp;
680  int err;
681 
682  if ((err = xfrmnl_sp_parse(n, &sp)) < 0)
683  {
684  printf ("received error: %d \n", err);
685  return err;
686  }
687 
688  err = pp->pp_cb((struct nl_object *) sp, pp);
689 
690  xfrmnl_sp_put(sp);
691  return err;
692 }
693 
694 /**
695  * @name XFRM SP Get
696  * @{
697  */
698 
699 int xfrmnl_sp_build_get_request(unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct nl_msg **result)
700 {
701  struct nl_msg *msg;
702  struct xfrm_userpolicy_id spid;
703  struct xfrm_mark mark;
704 
705  memset(&spid, 0, sizeof(spid));
706  spid.index = index;
707  spid.dir = dir;
708 
709  if (!(msg = nlmsg_alloc_simple(XFRM_MSG_GETPOLICY, 0)))
710  return -NLE_NOMEM;
711 
712  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
713  goto nla_put_failure;
714 
715  if ((mark_m & mark_v) != 0)
716  {
717  memset(&mark, 0, sizeof(struct xfrm_mark));
718  mark.m = mark_m;
719  mark.v = mark_v;
720 
721  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &mark);
722  }
723 
724  *result = msg;
725  return 0;
726 
727 nla_put_failure:
728  nlmsg_free(msg);
729  return -NLE_MSGSIZE;
730 }
731 
732 int xfrmnl_sp_get_kernel(struct nl_sock* sock, unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct xfrmnl_sp** result)
733 {
734  struct nl_msg *msg = NULL;
735  struct nl_object *obj;
736  int err;
737 
738  if ((err = xfrmnl_sp_build_get_request(index, dir, mark_m, mark_v, &msg)) < 0)
739  return err;
740 
741  err = nl_send_auto(sock, msg);
742  nlmsg_free(msg);
743  if (err < 0)
744  return err;
745 
746  if ((err = nl_pickup(sock, &xfrm_sp_msg_parser, &obj)) < 0)
747  return err;
748 
749  /* We have used xfrm_sp_msg_parser(), object is definitely a xfrm ae */
750  *result = (struct xfrmnl_sp *) obj;
751 
752  /* If an object has been returned, we also need to wait for the ACK */
753  if (err == 0 && obj)
754  nl_wait_for_ack(sock);
755 
756  return 0;
757 }
758 
759 /** @} */
760 
761 static int build_xfrm_sp_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
762 {
763  struct nl_msg* msg;
764  struct xfrm_userpolicy_info sp_info;
765  uint32_t len;
766  struct nl_addr* addr;
767 
768  if (!(tmpl->ce_mask & XFRM_SP_ATTR_DIR) ||
769  (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) &&
770  !(tmpl->ce_mask & XFRM_SP_ATTR_SEL)))
771  return -NLE_MISSING_ATTR;
772 
773  memset ((void*)&sp_info, 0, sizeof (sp_info));
774  if (tmpl->ce_mask & XFRM_SP_ATTR_SEL)
775  {
776  addr = xfrmnl_sel_get_daddr (tmpl->sel);
777  memcpy ((void*)&sp_info.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
778  addr = xfrmnl_sel_get_saddr (tmpl->sel);
779  memcpy ((void*)&sp_info.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
780  sp_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
781  sp_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
782  sp_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
783  sp_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
784  sp_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
785  sp_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
786  sp_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
787  sp_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
788  sp_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
789  sp_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
790  }
791 
792  if (tmpl->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
793  {
794  sp_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
795  sp_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
796  sp_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
797  sp_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
798  sp_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
799  sp_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
800  sp_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
801  sp_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
802  }
803 
804  //Skip current lifetime: cur lifetime can be updated only via AE
805 
806  if (tmpl->ce_mask & XFRM_SP_ATTR_PRIO)
807  sp_info.priority = tmpl->priority;
808 
809  if (tmpl->ce_mask & XFRM_SP_ATTR_INDEX)
810  sp_info.index = tmpl->index;
811 
812  if (tmpl->ce_mask & XFRM_SP_ATTR_DIR)
813  sp_info.dir = tmpl->dir;
814 
815  if (tmpl->ce_mask & XFRM_SP_ATTR_ACTION)
816  sp_info.action = tmpl->action;
817 
818  if (tmpl->ce_mask & XFRM_SP_ATTR_FLAGS)
819  sp_info.flags = tmpl->flags;
820 
821  if (tmpl->ce_mask & XFRM_SP_ATTR_SHARE)
822  sp_info.share = tmpl->share;
823 
824  msg = nlmsg_alloc_simple(cmd, flags);
825  if (!msg)
826  return -NLE_NOMEM;
827 
828  if (nlmsg_append(msg, &sp_info, sizeof(sp_info), NLMSG_ALIGNTO) < 0)
829  goto nla_put_failure;
830 
831  if (tmpl->ce_mask & XFRM_SP_ATTR_SECCTX) {
832  len = (sizeof (struct xfrm_user_sec_ctx)) + tmpl->sec_ctx->ctx_len;
833  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
834  }
835 
836  if (tmpl->ce_mask & XFRM_SP_ATTR_POLTYPE) {
837  len = sizeof (struct xfrm_userpolicy_type);
838  NLA_PUT (msg, XFRMA_POLICY_TYPE, len, &tmpl->uptype);
839  }
840 
841  if (tmpl->ce_mask & XFRM_SP_ATTR_TMPL) {
842  struct nlattr* tmpls;
843  struct xfrmnl_user_tmpl* utmpl;
844  struct nl_addr* addr;
845 
846  if (!(tmpls = nla_nest_start(msg, XFRMA_TMPL)))
847  goto nla_put_failure;
848 
849  nl_list_for_each_entry(utmpl, &tmpl->usertmpl_list, utmpl_list) {
850  struct xfrm_user_tmpl* tmpl;
851 
852  tmpl = nlmsg_reserve(msg, sizeof(*tmpl), NLMSG_ALIGNTO);
853  if (!tmpl)
854  goto nla_put_failure;
855  addr = xfrmnl_user_tmpl_get_daddr (utmpl);
856  memcpy ((void *)&tmpl->id.daddr, nl_addr_get_binary_addr (addr),
857  nl_addr_get_len (addr));
858  tmpl->id.spi = htonl(xfrmnl_user_tmpl_get_spi (utmpl));
859  tmpl->id.proto = xfrmnl_user_tmpl_get_proto (utmpl);
860  tmpl->family = xfrmnl_user_tmpl_get_family (utmpl);
861  addr = xfrmnl_user_tmpl_get_saddr (utmpl);
862  memcpy ((void *)&tmpl->saddr, nl_addr_get_binary_addr (addr),
863  nl_addr_get_len (addr));
864  tmpl->reqid = xfrmnl_user_tmpl_get_reqid (utmpl);
865  tmpl->mode = xfrmnl_user_tmpl_get_mode (utmpl);
866  tmpl->share = xfrmnl_user_tmpl_get_share (utmpl);
867  tmpl->optional = xfrmnl_user_tmpl_get_optional (utmpl);
868  tmpl->aalgos = xfrmnl_user_tmpl_get_aalgos (utmpl);
869  tmpl->ealgos = xfrmnl_user_tmpl_get_ealgos (utmpl);
870  tmpl->calgos = xfrmnl_user_tmpl_get_calgos (utmpl);
871  }
872  nla_nest_end(msg, tmpls);
873  }
874 
875  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
876  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
877  }
878 
879  *result = msg;
880  return 0;
881 
882 nla_put_failure:
883  nlmsg_free(msg);
884  return -NLE_MSGSIZE;
885 }
886 
887 /**
888  * @name XFRM SP Add
889  * @{
890  */
891 
892 int xfrmnl_sp_build_add_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
893 {
894  return build_xfrm_sp_message (tmpl, XFRM_MSG_NEWPOLICY, flags, result);
895 }
896 
897 int xfrmnl_sp_add(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
898 {
899  int err;
900  struct nl_msg *msg;
901 
902  if ((err = xfrmnl_sp_build_add_request(tmpl, flags, &msg)) < 0)
903  return err;
904 
905  err = nl_send_auto_complete(sk, msg);
906  nlmsg_free(msg);
907  if (err < 0)
908  return err;
909 
910  return nl_wait_for_ack(sk);
911 }
912 
913 /**
914  * @name XFRM SP Update
915  * @{
916  */
917 
918 int xfrmnl_sp_build_update_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
919 {
920  return build_xfrm_sp_message (tmpl, XFRM_MSG_UPDPOLICY, flags, result);
921 }
922 
923 int xfrmnl_sp_update(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
924 {
925  int err;
926  struct nl_msg *msg;
927 
928  if ((err = xfrmnl_sp_build_update_request(tmpl, flags, &msg)) < 0)
929  return err;
930 
931  err = nl_send_auto_complete(sk, msg);
932  nlmsg_free(msg);
933  if (err < 0)
934  return err;
935 
936  return nl_wait_for_ack(sk);
937 }
938 
939 /** @} */
940 
941 /**
942  * \brief Builds a xfrm_sp_delete_message. Uses either index and direction
943  * or security-context (not set is a valid value), selector and
944  * direction for identification.
945  * Returns error if necessary values aren't set.
946  *
947  * \param tmpl The policy template.
948  * \param cmd The command. Should be XFRM_MSG_DELPOLICY.
949  * \param flags Additional flags
950  * \param result Resulting message.
951  *
952  * \return 0 if successful, else error value < 0
953  */
954 static int build_xfrm_sp_delete_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
955 {
956  struct nl_msg* msg;
957  struct xfrm_userpolicy_id spid;
958  struct nl_addr* addr;
959  uint32_t len;
960 
961  if (!(tmpl->ce_mask & XFRM_SP_ATTR_DIR) ||
962  (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) &&
963  !(tmpl->ce_mask & XFRM_SP_ATTR_SEL)))
964  return -NLE_MISSING_ATTR;
965 
966  memset(&spid, 0, sizeof(spid));
967  spid.dir = tmpl->dir;
968  if(tmpl->ce_mask & XFRM_SP_ATTR_INDEX)
969  spid.index = tmpl->index;
970 
971  if (tmpl->ce_mask & XFRM_SP_ATTR_SEL)
972  {
973  addr = xfrmnl_sel_get_daddr (tmpl->sel);
974  memcpy ((void*)&spid.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
975  addr = xfrmnl_sel_get_saddr (tmpl->sel);
976  memcpy ((void*)&spid.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
977  spid.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
978  spid.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
979  spid.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
980  spid.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
981  spid.sel.family = xfrmnl_sel_get_family (tmpl->sel);
982  spid.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
983  spid.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
984  spid.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
985  spid.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
986  spid.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
987  }
988 
989  msg = nlmsg_alloc_simple(cmd, flags);
990  if (!msg)
991  return -NLE_NOMEM;
992 
993  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
994  goto nla_put_failure;
995 
996  if (tmpl->ce_mask & XFRM_SP_ATTR_SECCTX) {
997  len = (sizeof (struct xfrm_user_sec_ctx)) + tmpl->sec_ctx->ctx_len;
998  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
999  }
1000 
1001  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
1002  len = sizeof (struct xfrm_mark);
1003  NLA_PUT (msg, XFRMA_MARK, len, &tmpl->mark);
1004  }
1005 
1006  *result = msg;
1007  return 0;
1008 
1009 nla_put_failure:
1010  nlmsg_free(msg);
1011  return -NLE_MSGSIZE;
1012 }
1013 
1014 /**
1015  * @name XFRM SA Delete
1016  * @{
1017  */
1018 
1019 int xfrmnl_sp_build_delete_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
1020 {
1021  return build_xfrm_sp_delete_message (tmpl, XFRM_MSG_DELPOLICY, flags, result);
1022 }
1023 
1024 int xfrmnl_sp_delete(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
1025 {
1026  int err;
1027  struct nl_msg *msg;
1028 
1029  if ((err = xfrmnl_sp_build_delete_request(tmpl, flags, &msg)) < 0)
1030  return err;
1031 
1032  err = nl_send_auto_complete(sk, msg);
1033  nlmsg_free(msg);
1034  if (err < 0)
1035  return err;
1036 
1037  return nl_wait_for_ack(sk);
1038 }
1039 
1040 /** @} */
1041 
1042 
1043 /**
1044  * @name Attributes
1045  * @{
1046  */
1047 
1048 struct xfrmnl_sel* xfrmnl_sp_get_sel (struct xfrmnl_sp* sp)
1049 {
1050  if (sp->ce_mask & XFRM_SP_ATTR_SEL)
1051  return sp->sel;
1052  else
1053  return NULL;
1054 }
1055 
1056 int xfrmnl_sp_set_sel (struct xfrmnl_sp* sp, struct xfrmnl_sel* sel)
1057 {
1058  /* Release any previously held selector object from the SP */
1059  if (sp->sel)
1060  xfrmnl_sel_put (sp->sel);
1061 
1062  /* Increment ref count on new selector and save it in the SP */
1063  xfrmnl_sel_get (sel);
1064  sp->sel = sel;
1065  sp->ce_mask |= XFRM_SP_ATTR_SEL;
1066 
1067  return 0;
1068 }
1069 
1070 struct xfrmnl_ltime_cfg* xfrmnl_sp_get_lifetime_cfg (struct xfrmnl_sp* sp)
1071 {
1072  if (sp->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
1073  return sp->lft;
1074  else
1075  return NULL;
1076 }
1077 
1078 int xfrmnl_sp_set_lifetime_cfg (struct xfrmnl_sp* sp, struct xfrmnl_ltime_cfg* ltime)
1079 {
1080  /* Release any previously held lifetime cfg object from the SP */
1081  if (sp->lft)
1082  xfrmnl_ltime_cfg_put (sp->lft);
1083 
1084  /* Increment ref count on new lifetime object and save it in the SP */
1085  xfrmnl_ltime_cfg_get (ltime);
1086  sp->lft = ltime;
1087  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
1088 
1089  return 0;
1090 }
1091 
1092 int xfrmnl_sp_get_curlifetime (struct xfrmnl_sp* sa, unsigned long long int* curr_bytes,
1093  unsigned long long int* curr_packets, unsigned long long int* curr_add_time, unsigned long long int* curr_use_time)
1094 {
1095  if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1096  return -1;
1097 
1098  *curr_bytes = sa->curlft.bytes;
1099  *curr_packets = sa->curlft.packets;
1100  *curr_add_time = sa->curlft.add_time;
1101  *curr_use_time = sa->curlft.use_time;
1102 
1103  return 0;
1104 }
1105 
1106 int xfrmnl_sp_get_priority (struct xfrmnl_sp* sp)
1107 {
1108  if (sp->ce_mask & XFRM_SP_ATTR_PRIO)
1109  return sp->priority;
1110  else
1111  return -1;
1112 }
1113 
1114 int xfrmnl_sp_set_priority (struct xfrmnl_sp* sp, unsigned int prio)
1115 {
1116  sp->priority = prio;
1117  sp->ce_mask |= XFRM_SP_ATTR_PRIO;
1118 
1119  return 0;
1120 }
1121 
1122 int xfrmnl_sp_get_index (struct xfrmnl_sp* sp)
1123 {
1124  if (sp->ce_mask & XFRM_SP_ATTR_INDEX)
1125  return sp->index;
1126  else
1127  return -1;
1128 }
1129 
1130 int xfrmnl_sp_set_index (struct xfrmnl_sp* sp, unsigned int index)
1131 {
1132  sp->index = index;
1133  sp->ce_mask |= XFRM_SP_ATTR_INDEX;
1134 
1135  return 0;
1136 }
1137 
1138 int xfrmnl_sp_get_dir (struct xfrmnl_sp* sp)
1139 {
1140  if (sp->ce_mask & XFRM_SP_ATTR_DIR)
1141  return sp->dir;
1142  else
1143  return -1;
1144 }
1145 
1146 int xfrmnl_sp_set_dir (struct xfrmnl_sp* sp, unsigned int dir)
1147 {
1148  sp->dir = dir;
1149  sp->ce_mask |= XFRM_SP_ATTR_DIR;
1150 
1151  return 0;
1152 }
1153 
1154 int xfrmnl_sp_get_action (struct xfrmnl_sp* sp)
1155 {
1156  if (sp->ce_mask & XFRM_SP_ATTR_ACTION)
1157  return sp->action;
1158  else
1159  return -1;
1160 }
1161 
1162 int xfrmnl_sp_set_action (struct xfrmnl_sp* sp, unsigned int action)
1163 {
1164  sp->action = action;
1165  sp->ce_mask |= XFRM_SP_ATTR_ACTION;
1166 
1167  return 0;
1168 }
1169 
1170 int xfrmnl_sp_get_flags (struct xfrmnl_sp* sp)
1171 {
1172  if (sp->ce_mask & XFRM_SP_ATTR_FLAGS)
1173  return sp->flags;
1174  else
1175  return -1;
1176 }
1177 
1178 int xfrmnl_sp_set_flags (struct xfrmnl_sp* sp, unsigned int flags)
1179 {
1180  sp->flags = flags;
1181  sp->ce_mask |= XFRM_SP_ATTR_FLAGS;
1182 
1183  return 0;
1184 }
1185 
1186 int xfrmnl_sp_get_share (struct xfrmnl_sp* sp)
1187 {
1188  if (sp->ce_mask & XFRM_SP_ATTR_SHARE)
1189  return sp->share;
1190  else
1191  return -1;
1192 }
1193 
1194 int xfrmnl_sp_set_share (struct xfrmnl_sp* sp, unsigned int share)
1195 {
1196  sp->share = share;
1197  sp->ce_mask |= XFRM_SP_ATTR_SHARE;
1198 
1199  return 0;
1200 }
1201 
1202 /**
1203  * Get the security context.
1204  *
1205  * @arg sp The xfrmnl_sp object.
1206  * @arg len An optional output value for the ctx_str length including the xfrmnl_sp header.
1207  * @arg exttype An optional output value.
1208  * @arg alg An optional output value for the security context algorithm.
1209  * @arg doi An optional output value for the security context domain of interpretation.
1210  * @arg ctx_len An optional output value for the security context length, including the
1211  * terminating null byte ('\0').
1212  * @arg ctx_str An optional buffer large enough for the security context string. It must
1213  * contain at least @ctx_len bytes. You are advised to create the ctx_str
1214  * buffer one element larger and ensure NUL termination yourself.
1215  *
1216  * Warning: you must ensure that @ctx_str is large enough. If you don't know the length before-hand,
1217  * call xfrmnl_sp_get_sec_ctx() without @ctx_str argument to query only the required buffer size.
1218  * This modified API is available in all versions of libnl3 that support the capability
1219  * @def NL_CAPABILITY_XFRM_SP_SEC_CTX_LEN (@see nl_has_capability for further information).
1220  *
1221  * @return 0 on success or a negative error code.
1222  */
1223 int xfrmnl_sp_get_sec_ctx (struct xfrmnl_sp* sp, unsigned int* len, unsigned int* exttype, unsigned int* alg, unsigned int* doi, unsigned int* ctx_len, char* ctx_str)
1224 {
1225  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
1226  {
1227  if (len)
1228  *len = sizeof (struct xfrmnl_user_sec_ctx) + sp->sec_ctx->ctx_len;
1229  if (exttype)
1230  *exttype = sp->sec_ctx->exttype;
1231  if (alg)
1232  *alg = sp->sec_ctx->ctx_alg;
1233  if (doi)
1234  *doi = sp->sec_ctx->ctx_doi;
1235  if (ctx_len)
1236  *ctx_len = sp->sec_ctx->ctx_len;
1237  if (ctx_str)
1238  memcpy ((void *)ctx_str, (void *)sp->sec_ctx->ctx, sp->sec_ctx->ctx_len);
1239  }
1240  else
1241  return -1;
1242 
1243  return 0;
1244 }
1245 /**
1246  * @brief Set security context (ctx_str) for XFRM Polixy.
1247  *
1248  * @param sp XFRM Policy
1249  * @param len !!! depricated unused parameter !!!
1250  * @param exttype netlink message attribute - probably XFRMA_SEC_CTX
1251  * @param alg security context algorithm
1252  * @param doi security context domain interpretation
1253  * @param ctx_len Length of the context string.
1254  * @param ctx_str The context string.
1255  *
1256  * @return 0 if sucessfull, else -1
1257  */
1258 int xfrmnl_sp_set_sec_ctx (struct xfrmnl_sp* sp, unsigned int len __attribute__((unused)), unsigned int exttype, unsigned int alg, unsigned int doi, unsigned int ctx_len, char* ctx_str)
1259 {
1260  /* Free up the old context string and allocate new one */
1261  if (sp->sec_ctx)
1262  free (sp->sec_ctx);
1263  if ((sp->sec_ctx = calloc (1, sizeof (struct xfrmnl_user_sec_ctx) + 1 + ctx_len)) == NULL)
1264  return -1;
1265 
1266  /* Save the new info */
1267  sp->sec_ctx->len = sizeof (struct xfrmnl_user_sec_ctx) + ctx_len;
1268  sp->sec_ctx->exttype = exttype;
1269  sp->sec_ctx->ctx_alg = alg;
1270  sp->sec_ctx->ctx_doi = doi;
1271  sp->sec_ctx->ctx_len = ctx_len;
1272  memcpy ((void *)sp->sec_ctx->ctx, (void *)ctx_str, ctx_len);
1273  sp->sec_ctx->ctx[ctx_len] = '\0';
1274 
1275  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
1276 
1277  return 0;
1278 }
1279 
1280 int xfrmnl_sp_get_userpolicy_type (struct xfrmnl_sp* sp)
1281 {
1282  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
1283  return sp->uptype.type;
1284  else
1285  return -1;
1286 }
1287 
1288 int xfrmnl_sp_set_userpolicy_type (struct xfrmnl_sp* sp, unsigned int type)
1289 {
1290  sp->uptype.type = type;
1291  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
1292 
1293  return 0;
1294 }
1295 
1296 void xfrmnl_sp_add_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1297 {
1298  nl_list_add_tail(&utmpl->utmpl_list, &sp->usertmpl_list);
1299  sp->nr_user_tmpl++;
1300  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
1301 }
1302 
1303 void xfrmnl_sp_remove_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1304 {
1305  if (sp->ce_mask & XFRM_SP_ATTR_TMPL) {
1306  sp->nr_user_tmpl--;
1307  nl_list_del(&utmpl->utmpl_list);
1308  }
1309 }
1310 
1311 struct nl_list_head *xfrmnl_sp_get_usertemplates(struct xfrmnl_sp *sp)
1312 {
1313  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1314  return &sp->usertmpl_list;
1315 
1316  return NULL;
1317 }
1318 
1319 int xfrmnl_sp_get_nusertemplates(struct xfrmnl_sp *sp)
1320 {
1321  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1322  return sp->nr_user_tmpl;
1323 
1324  return 0;
1325 }
1326 
1327 void xfrmnl_sp_foreach_usertemplate(struct xfrmnl_sp *r,
1328  void (*cb)(struct xfrmnl_user_tmpl *, void *),
1329  void *arg)
1330 {
1331  struct xfrmnl_user_tmpl *utmpl;
1332 
1333  if (r->ce_mask & XFRM_SP_ATTR_TMPL) {
1334  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1335  cb(utmpl, arg);
1336  }
1337  }
1338 }
1339 
1340 struct xfrmnl_user_tmpl *xfrmnl_sp_usertemplate_n(struct xfrmnl_sp *r, int n)
1341 {
1342  struct xfrmnl_user_tmpl *utmpl;
1343  uint32_t i;
1344 
1345  if (r->ce_mask & XFRM_SP_ATTR_TMPL && r->nr_user_tmpl > n) {
1346  i = 0;
1347  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1348  if (i == n) return utmpl;
1349  i++;
1350  }
1351  }
1352  return NULL;
1353 }
1354 
1355 int xfrmnl_sp_get_mark (struct xfrmnl_sp* sp, unsigned int* mark_mask, unsigned int* mark_value)
1356 {
1357  if (mark_mask == NULL || mark_value == NULL)
1358  return -1;
1359 
1360  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
1361  {
1362  *mark_mask = sp->mark.m;
1363  *mark_value = sp->mark.v;
1364 
1365  return 0;
1366  }
1367  else
1368  return -1;
1369 }
1370 
1371 int xfrmnl_sp_set_mark (struct xfrmnl_sp* sp, unsigned int value, unsigned int mask)
1372 {
1373  sp->mark.v = value;
1374  sp->mark.m = mask;
1375  sp->ce_mask |= XFRM_SP_ATTR_MARK;
1376 
1377  return 0;
1378 }
1379 
1380 /** @} */
1381 
1382 static struct nl_object_ops xfrm_sp_obj_ops = {
1383  .oo_name = "xfrm/sp",
1384  .oo_size = sizeof(struct xfrmnl_sp),
1385  .oo_constructor = xfrm_sp_alloc_data,
1386  .oo_free_data = xfrm_sp_free_data,
1387  .oo_clone = xfrm_sp_clone,
1388  .oo_dump = {
1389  [NL_DUMP_LINE] = xfrm_sp_dump_line,
1390  [NL_DUMP_DETAILS] = xfrm_sp_dump_details,
1391  [NL_DUMP_STATS] = xfrm_sp_dump_stats,
1392  },
1393  .oo_compare = xfrm_sp_compare,
1394  .oo_attrs2str = xfrm_sp_attrs2str,
1395  .oo_id_attrs = (XFRM_SP_ATTR_SEL | XFRM_SP_ATTR_INDEX | XFRM_SP_ATTR_DIR),
1396 };
1397 
1398 static struct nl_af_group xfrm_sp_groups[] = {
1399  { AF_UNSPEC, XFRMNLGRP_POLICY },
1400  { END_OF_GROUP_LIST },
1401 };
1402 
1403 static struct nl_cache_ops xfrmnl_sp_ops = {
1404  .co_name = "xfrm/sp",
1405  .co_hdrsize = sizeof(struct xfrm_userpolicy_info),
1406  .co_msgtypes = {
1407  { XFRM_MSG_NEWPOLICY, NL_ACT_NEW, "new" },
1408  { XFRM_MSG_DELPOLICY, NL_ACT_DEL, "del" },
1409  { XFRM_MSG_GETPOLICY, NL_ACT_GET, "get" },
1410  { XFRM_MSG_UPDPOLICY, NL_ACT_NEW, "update" },
1411  END_OF_MSGTYPES_LIST,
1412  },
1413  .co_protocol = NETLINK_XFRM,
1414  .co_groups = xfrm_sp_groups,
1415  .co_request_update = xfrm_sp_request_update,
1416  .co_msg_parser = xfrm_sp_msg_parser,
1417  .co_obj_ops = &xfrm_sp_obj_ops,
1418 };
1419 
1420 /**
1421  * @name XFRM SA Cache Managament
1422  * @{
1423  */
1424 
1425 static void __attribute__ ((constructor)) xfrm_sp_init(void)
1426 {
1427  nl_cache_mngt_register(&xfrmnl_sp_ops);
1428 }
1429 
1430 static void __attribute__ ((destructor)) xfrm_sp_exit(void)
1431 {
1432  nl_cache_mngt_unregister(&xfrmnl_sp_ops);
1433 }
1434 
1435 /** @} */
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
Definition: nl.c:1247
Dump object briefly on one line.
Definition: types.h:22
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
Definition: addr.c:929
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
Definition: msg.c:562
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
Definition: msg.c:106
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:54
void * nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
Reserve room for additional data in a netlink message.
Definition: msg.c:408
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Definition: cache_mngt.c:287
Attribute validation policy.
Definition: attr.h:69
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
Definition: object.c:204
struct nl_addr * nl_addr_build(int family, const void *buf, size_t size)
Allocate abstract address based on a binary address.
Definition: addr.c:216
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
Definition: nl.c:1178
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, struct nla_policy *policy)
parse attributes of a netlink message
Definition: msg.c:214
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
Definition: lifetime.c:94
Dump all attributes but no statistics.
Definition: types.h:23
int nla_nest_end(struct nl_msg *msg, struct nlattr *start)
Finalize nesting of attributes.
Definition: attr.c:924
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
Definition: cache_mngt.c:252
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
Definition: attr.h:164
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
Definition: attr.c:120
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
Definition: selector.c:161
int nla_len(const struct nlattr *nla)
Return length of the payload .
Definition: attr.c:131
uint16_t minlen
Minimal length of payload required.
Definition: attr.h:74
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
Definition: nl.c:580
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
Definition: cache.c:145
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
Definition: msg.c:446
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
Definition: nl.c:1112
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:215
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
Definition: msg.c:347
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
Definition: selector.c:77
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
Definition: selector.c:96
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
Definition: lifetime.c:75
Dumping parameters.
Definition: types.h:33
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl *utmpl)
Clone existing user template object.
Definition: template.c:90
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_alloc()
Allocate new user template object.
Definition: template.c:71
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
Definition: lifetime.c:155
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:961
int xfrmnl_user_tmpl_cmp(struct xfrmnl_user_tmpl *a, struct xfrmnl_user_tmpl *b)
Compares two user template objects.
Definition: template.c:143
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
Definition: nl.c:516
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
Definition: addr.c:917
Dump all attributes including statistics.
Definition: types.h:24
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
Definition: cache.c:119
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
Definition: addr.c:905
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
Definition: cache.c:233
struct nlattr * nla_nest_start(struct nl_msg *msg, int attrtype)
Start a new level of nested attributes.
Definition: attr.c:902
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:963