42#include "nl-default.h"
46#include <netlink/netlink.h>
47#include <netlink/cache.h>
48#include <netlink/object.h>
49#include <netlink/xfrm/sa.h>
50#include <netlink/xfrm/selector.h>
51#include <netlink/xfrm/lifetime.h>
54#include "nl-priv-dynamic-core/object-api.h"
55#include "nl-priv-dynamic-core/nl-core.h"
56#include "nl-priv-dynamic-core/cache-api.h"
57#include "nl-aux-core/nl-core.h"
58#include "nl-aux-xfrm/nl-xfrm.h"
63 uint32_t replay_window;
65 uint32_t integrity_failed;
68struct xfrmnl_algo_aead {
75struct xfrmnl_algo_auth {
78 uint32_t alg_trunc_len;
88struct xfrmnl_encap_tmpl {
92 struct nl_addr* encap_oa;
95struct xfrmnl_user_offload {
105 struct nl_addr* saddr;
108 struct xfrmnl_stats stats;
113 uint8_t replay_window;
115 struct xfrmnl_algo_aead* aead;
116 struct xfrmnl_algo_auth* auth;
117 struct xfrmnl_algo* crypt;
118 struct xfrmnl_algo* comp;
119 struct xfrmnl_encap_tmpl* encap;
121 struct nl_addr* coaddr;
124 uint32_t replay_maxage;
125 uint32_t replay_maxdiff;
129 struct xfrmnl_user_offload* user_offload;
132#define XFRM_SA_ATTR_SEL 0x01
133#define XFRM_SA_ATTR_DADDR 0x02
134#define XFRM_SA_ATTR_SPI 0x04
135#define XFRM_SA_ATTR_PROTO 0x08
136#define XFRM_SA_ATTR_SADDR 0x10
137#define XFRM_SA_ATTR_LTIME_CFG 0x20
138#define XFRM_SA_ATTR_LTIME_CUR 0x40
139#define XFRM_SA_ATTR_STATS 0x80
140#define XFRM_SA_ATTR_SEQ 0x100
141#define XFRM_SA_ATTR_REQID 0x200
142#define XFRM_SA_ATTR_FAMILY 0x400
143#define XFRM_SA_ATTR_MODE 0x800
144#define XFRM_SA_ATTR_REPLAY_WIN 0x1000
145#define XFRM_SA_ATTR_FLAGS 0x2000
146#define XFRM_SA_ATTR_ALG_AEAD 0x4000
147#define XFRM_SA_ATTR_ALG_AUTH 0x8000
148#define XFRM_SA_ATTR_ALG_CRYPT 0x10000
149#define XFRM_SA_ATTR_ALG_COMP 0x20000
150#define XFRM_SA_ATTR_ENCAP 0x40000
151#define XFRM_SA_ATTR_TFCPAD 0x80000
152#define XFRM_SA_ATTR_COADDR 0x100000
153#define XFRM_SA_ATTR_MARK 0x200000
154#define XFRM_SA_ATTR_SECCTX 0x400000
155#define XFRM_SA_ATTR_REPLAY_MAXAGE 0x800000
156#define XFRM_SA_ATTR_REPLAY_MAXDIFF 0x1000000
157#define XFRM_SA_ATTR_REPLAY_STATE 0x2000000
158#define XFRM_SA_ATTR_EXPIRE 0x4000000
159#define XFRM_SA_ATTR_OFFLOAD_DEV 0x8000000
161static struct nl_cache_ops xfrmnl_sa_ops;
162static struct nl_object_ops xfrm_sa_obj_ops;
165static void xfrm_sa_alloc_data(
struct nl_object *c)
167 struct xfrmnl_sa* sa = nl_object_priv (c);
176static void xfrm_sa_free_data(
struct nl_object *c)
178 struct xfrmnl_sa* sa = nl_object_priv (c);
183 xfrmnl_sel_put (sa->sel);
184 xfrmnl_ltime_cfg_put (sa->lft);
197 if (sa->encap->encap_oa)
205 if (sa->replay_state_esn)
206 free (sa->replay_state_esn);
207 if (sa->user_offload)
208 free(sa->user_offload);
211static int xfrm_sa_clone(
struct nl_object *_dst,
struct nl_object *_src)
213 struct xfrmnl_sa* dst = nl_object_priv(_dst);
214 struct xfrmnl_sa* src = nl_object_priv(_src);
218 dst->id.daddr = NULL;
228 dst->replay_state_esn = NULL;
229 dst->user_offload = NULL;
248 len =
sizeof (
struct xfrmnl_algo_aead) + ((src->aead->alg_key_len + 7) / 8);
249 if ((dst->aead = calloc (1, len)) == NULL)
251 memcpy ((
void *)dst->aead, (
void *)src->aead, len);
255 len =
sizeof (
struct xfrmnl_algo_auth) + ((src->auth->alg_key_len + 7) / 8);
256 if ((dst->auth = calloc (1, len)) == NULL)
258 memcpy ((
void *)dst->auth, (
void *)src->auth, len);
262 len =
sizeof (
struct xfrmnl_algo) + ((src->crypt->alg_key_len + 7) / 8);
263 if ((dst->crypt = calloc (1, len)) == NULL)
265 memcpy ((
void *)dst->crypt, (
void *)src->crypt, len);
269 len =
sizeof (
struct xfrmnl_algo) + ((src->comp->alg_key_len + 7) / 8);
270 if ((dst->comp = calloc (1, len)) == NULL)
272 memcpy ((
void *)dst->comp, (
void *)src->comp, len);
276 len =
sizeof (
struct xfrmnl_encap_tmpl);
277 if ((dst->encap = calloc (1, len)) == NULL)
279 memcpy ((
void *)dst->encap, (
void *)src->encap, len);
287 len =
sizeof (*src->sec_ctx) + src->sec_ctx->ctx_len;
288 if ((dst->sec_ctx = calloc (1, len)) == NULL)
290 memcpy ((
void *)dst->sec_ctx, (
void *)src->sec_ctx, len);
293 if (src->replay_state_esn) {
295 if ((dst->replay_state_esn = calloc (1, len)) == NULL)
297 memcpy ((
void *)dst->replay_state_esn, (
void *)src->replay_state_esn, len);
300 if (src->user_offload) {
301 dst->user_offload = _nl_memdup_ptr(src->user_offload);
302 if (!dst->user_offload)
309static uint64_t xfrm_sa_compare(
struct nl_object *_a,
struct nl_object *_b,
310 uint64_t attrs,
int flags)
312 struct xfrmnl_sa* a = (
struct xfrmnl_sa *) _a;
313 struct xfrmnl_sa* b = (
struct xfrmnl_sa *) _b;
317#define _DIFF(ATTR, EXPR) ATTR_DIFF(attrs, ATTR, a, b, EXPR)
319 diff |= _DIFF(XFRM_SA_ATTR_DADDR,
321 diff |= _DIFF(XFRM_SA_ATTR_SPI, a->id.spi != b->id.spi);
322 diff |= _DIFF(XFRM_SA_ATTR_PROTO, a->id.proto != b->id.proto);
323 diff |= _DIFF(XFRM_SA_ATTR_SADDR,
nl_addr_cmp(a->saddr, b->saddr));
324 diff |= _DIFF(XFRM_SA_ATTR_LTIME_CFG,
326 diff |= _DIFF(XFRM_SA_ATTR_REQID, a->reqid != b->reqid);
327 diff |= _DIFF(XFRM_SA_ATTR_FAMILY, a->family != b->family);
328 diff |= _DIFF(XFRM_SA_ATTR_MODE, a->mode != b->mode);
329 diff |= _DIFF(XFRM_SA_ATTR_REPLAY_WIN,
330 a->replay_window != b->replay_window);
331 diff |= _DIFF(XFRM_SA_ATTR_FLAGS, a->flags != b->flags);
332 diff |= _DIFF(XFRM_SA_ATTR_ALG_AEAD,
333 (strcmp(a->aead->alg_name, b->aead->alg_name) ||
334 (a->aead->alg_key_len != b->aead->alg_key_len) ||
335 (a->aead->alg_icv_len != b->aead->alg_icv_len) ||
336 memcmp(a->aead->alg_key, b->aead->alg_key,
337 ((a->aead->alg_key_len + 7) / 8))));
338 diff |= _DIFF(XFRM_SA_ATTR_ALG_AUTH,
339 (strcmp(a->auth->alg_name, b->auth->alg_name) ||
340 (a->auth->alg_key_len != b->auth->alg_key_len) ||
341 (a->auth->alg_trunc_len != b->auth->alg_trunc_len) ||
342 memcmp(a->auth->alg_key, b->auth->alg_key,
343 ((a->auth->alg_key_len + 7) / 8))));
344 diff |= _DIFF(XFRM_SA_ATTR_ALG_CRYPT,
345 (strcmp(a->crypt->alg_name, b->crypt->alg_name) ||
346 (a->crypt->alg_key_len != b->crypt->alg_key_len) ||
347 memcmp(a->crypt->alg_key, b->crypt->alg_key,
348 ((a->crypt->alg_key_len + 7) / 8))));
349 diff |= _DIFF(XFRM_SA_ATTR_ALG_COMP,
350 (strcmp(a->comp->alg_name, b->comp->alg_name) ||
351 (a->comp->alg_key_len != b->comp->alg_key_len) ||
352 memcmp(a->comp->alg_key, b->comp->alg_key,
353 ((a->comp->alg_key_len + 7) / 8))));
354 diff |= _DIFF(XFRM_SA_ATTR_ENCAP,
355 ((a->encap->encap_type != b->encap->encap_type) ||
356 (a->encap->encap_sport != b->encap->encap_sport) ||
357 (a->encap->encap_dport != b->encap->encap_dport) ||
358 nl_addr_cmp(a->encap->encap_oa, b->encap->encap_oa)));
359 diff |= _DIFF(XFRM_SA_ATTR_TFCPAD, a->tfcpad != b->tfcpad);
360 diff |= _DIFF(XFRM_SA_ATTR_COADDR,
nl_addr_cmp(a->coaddr, b->coaddr));
361 diff |= _DIFF(XFRM_SA_ATTR_MARK,
362 (a->mark.m != b->mark.m) || (a->mark.v != b->mark.v));
363 diff |= _DIFF(XFRM_SA_ATTR_SECCTX,
364 ((a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
365 (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
366 (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
367 strcmp(a->sec_ctx->ctx, b->sec_ctx->ctx)));
368 diff |= _DIFF(XFRM_SA_ATTR_REPLAY_MAXAGE,
369 a->replay_maxage != b->replay_maxage);
370 diff |= _DIFF(XFRM_SA_ATTR_REPLAY_MAXDIFF,
371 a->replay_maxdiff != b->replay_maxdiff);
372 diff |= _DIFF(XFRM_SA_ATTR_EXPIRE, a->hard != b->hard);
375 found = AVAILABLE_MISMATCH (a, b, XFRM_SA_ATTR_REPLAY_STATE);
378 if (((a->replay_state_esn != NULL) && (b->replay_state_esn == NULL)) ||
379 ((a->replay_state_esn == NULL) && (b->replay_state_esn != NULL)))
384 if (a->replay_state_esn)
386 if (a->replay_state_esn->bmp_len != b->replay_state_esn->bmp_len)
391 (a->replay_state_esn->bmp_len *
sizeof (uint32_t));
392 diff |= memcmp (a->replay_state_esn, b->replay_state_esn, len);
397 if ((a->replay_state.oseq != b->replay_state.oseq) ||
398 (a->replay_state.seq != b->replay_state.seq) ||
399 (a->replay_state.bitmap != b->replay_state.bitmap))
413static const struct trans_tbl sa_attrs[] = {
414 __ADD(XFRM_SA_ATTR_SEL, selector),
415 __ADD(XFRM_SA_ATTR_DADDR, daddr),
416 __ADD(XFRM_SA_ATTR_SPI, spi),
417 __ADD(XFRM_SA_ATTR_PROTO, proto),
418 __ADD(XFRM_SA_ATTR_SADDR, saddr),
419 __ADD(XFRM_SA_ATTR_LTIME_CFG, lifetime_cfg),
420 __ADD(XFRM_SA_ATTR_LTIME_CUR, lifetime_cur),
421 __ADD(XFRM_SA_ATTR_STATS, stats),
422 __ADD(XFRM_SA_ATTR_SEQ, seqnum),
423 __ADD(XFRM_SA_ATTR_REQID, reqid),
424 __ADD(XFRM_SA_ATTR_FAMILY, family),
425 __ADD(XFRM_SA_ATTR_MODE, mode),
426 __ADD(XFRM_SA_ATTR_REPLAY_WIN, replay_window),
427 __ADD(XFRM_SA_ATTR_FLAGS, flags),
428 __ADD(XFRM_SA_ATTR_ALG_AEAD, alg_aead),
429 __ADD(XFRM_SA_ATTR_ALG_AUTH, alg_auth),
430 __ADD(XFRM_SA_ATTR_ALG_CRYPT, alg_crypto),
431 __ADD(XFRM_SA_ATTR_ALG_COMP, alg_comp),
432 __ADD(XFRM_SA_ATTR_ENCAP, encap),
433 __ADD(XFRM_SA_ATTR_TFCPAD, tfcpad),
434 __ADD(XFRM_SA_ATTR_COADDR, coaddr),
435 __ADD(XFRM_SA_ATTR_MARK, mark),
436 __ADD(XFRM_SA_ATTR_SECCTX, sec_ctx),
437 __ADD(XFRM_SA_ATTR_REPLAY_MAXAGE, replay_maxage),
438 __ADD(XFRM_SA_ATTR_REPLAY_MAXDIFF, replay_maxdiff),
439 __ADD(XFRM_SA_ATTR_REPLAY_STATE, replay_state),
440 __ADD(XFRM_SA_ATTR_EXPIRE, expire),
441 __ADD(XFRM_SA_ATTR_OFFLOAD_DEV, user_offload),
444static char* xfrm_sa_attrs2str(
int attrs,
char *buf,
size_t len)
446 return __flags2str (attrs, buf, len, sa_attrs, ARRAY_SIZE(sa_attrs));
454static const struct trans_tbl sa_flags[] = {
455 __ADD(XFRM_STATE_NOECN, no ecn),
456 __ADD(XFRM_STATE_DECAP_DSCP, decap dscp),
457 __ADD(XFRM_STATE_NOPMTUDISC, no pmtu discovery),
458 __ADD(XFRM_STATE_WILDRECV, wild receive),
459 __ADD(XFRM_STATE_ICMP, icmp),
460 __ADD(XFRM_STATE_AF_UNSPEC, unspecified),
461 __ADD(XFRM_STATE_ALIGN4, align4),
462 __ADD(XFRM_STATE_ESN, esn),
465char* xfrmnl_sa_flags2str(
int flags,
char *buf,
size_t len)
467 return __flags2str (flags, buf, len, sa_flags, ARRAY_SIZE(sa_flags));
470int xfrmnl_sa_str2flag(
const char *name)
472 return __str2flags (name, sa_flags, ARRAY_SIZE(sa_flags));
480static const struct trans_tbl sa_modes[] = {
481 __ADD(XFRM_MODE_TRANSPORT, transport),
482 __ADD(XFRM_MODE_TUNNEL, tunnel),
483 __ADD(XFRM_MODE_ROUTEOPTIMIZATION, route optimization),
484 __ADD(XFRM_MODE_IN_TRIGGER, in trigger),
485 __ADD(XFRM_MODE_BEET, beet),
488char* xfrmnl_sa_mode2str(
int mode,
char *buf,
size_t len)
490 return __type2str (mode, buf, len, sa_modes, ARRAY_SIZE(sa_modes));
493int xfrmnl_sa_str2mode(
const char *name)
495 return __str2type (name, sa_modes, ARRAY_SIZE(sa_modes));
500static void xfrm_sa_dump_line(
struct nl_object *a,
struct nl_dump_params *p)
502 char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
503 struct xfrmnl_sa* sa = (
struct xfrmnl_sa *) a;
504 char flags[128], mode[128];
505 time_t add_time, use_time;
506 struct tm *add_time_tm, *use_time_tm;
509 nl_dump_line(p,
"src %s dst %s family: %s\n",
nl_addr2str(sa->saddr, src,
sizeof(src)),
511 nl_af2str (sa->family, flags, sizeof (flags)));
513 nl_dump_line(p,
"\tproto %s spi 0x%x reqid %u\n",
514 nl_ip_proto2str (sa->id.proto, flags,
sizeof(flags)),
515 sa->id.spi, sa->reqid);
517 xfrmnl_sa_flags2str(sa->flags, flags, sizeof (flags));
518 xfrmnl_sa_mode2str(sa->mode, mode, sizeof (mode));
519 nl_dump_line(p,
"\tmode: %s flags: %s (0x%x) seq: %u replay window: %u\n",
520 mode, flags, sa->flags, sa->seq, sa->replay_window);
522 nl_dump_line(p,
"\tlifetime configuration: \n");
523 if (sa->lft->soft_byte_limit == XFRM_INF)
524 sprintf (flags,
"INF");
526 sprintf (flags,
"%" PRIu64, sa->lft->soft_byte_limit);
527 if (sa->lft->soft_packet_limit == XFRM_INF)
528 sprintf (mode,
"INF");
530 sprintf (mode,
"%" PRIu64, sa->lft->soft_packet_limit);
531 nl_dump_line(p,
"\t\tsoft limit: %s (bytes), %s (packets)\n", flags, mode);
532 if (sa->lft->hard_byte_limit == XFRM_INF)
533 sprintf (flags,
"INF");
535 sprintf (flags,
"%" PRIu64, sa->lft->hard_byte_limit);
536 if (sa->lft->hard_packet_limit == XFRM_INF)
537 sprintf (mode,
"INF");
539 sprintf (mode,
"%" PRIu64, sa->lft->hard_packet_limit);
540 nl_dump_line(p,
"\t\thard limit: %s (bytes), %s (packets)\n", flags,
544 "\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
545 (
long long unsigned)sa->lft->soft_add_expires_seconds,
546 (
long long unsigned)sa->lft->soft_use_expires_seconds);
549 "\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
550 (
long long unsigned)sa->lft->hard_add_expires_seconds,
551 (
long long unsigned)sa->lft->hard_use_expires_seconds);
553 nl_dump_line(p,
"\tlifetime current: \n");
554 nl_dump_line(p,
"\t\t%llu bytes, %llu packets\n",
555 (
long long unsigned)sa->curlft.bytes,
556 (
long long unsigned)sa->curlft.packets);
557 if (sa->curlft.add_time != 0)
559 add_time = sa->curlft.add_time;
560 add_time_tm = gmtime_r (&add_time, &tm_buf);
561 strftime (flags, 128,
"%Y-%m-%d %H-%M-%S", add_time_tm);
565 sprintf (flags,
"%s",
"-");
568 if (sa->curlft.use_time != 0)
570 use_time = sa->curlft.use_time;
571 use_time_tm = gmtime_r (&use_time, &tm_buf);
572 strftime (mode, 128,
"%Y-%m-%d %H-%M-%S", use_time_tm);
576 sprintf (mode,
"%s",
"-");
578 nl_dump_line(p,
"\t\tadd_time: %s, use_time: %s\n", flags, mode);
582 nl_dump_line(p,
"\tAEAD Algo: \n");
583 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u ICV Len(bits): %u\n",
584 sa->aead->alg_name, sa->aead->alg_key_len, sa->aead->alg_icv_len);
589 nl_dump_line(p,
"\tAuth Algo: \n");
590 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u Trunc len(bits): %u\n",
591 sa->auth->alg_name, sa->auth->alg_key_len, sa->auth->alg_trunc_len);
596 nl_dump_line(p,
"\tEncryption Algo: \n");
597 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u\n",
598 sa->crypt->alg_name, sa->crypt->alg_key_len);
603 nl_dump_line(p,
"\tCompression Algo: \n");
604 nl_dump_line(p,
"\t\tName: %s Key len(bits): %u\n",
605 sa->comp->alg_name, sa->comp->alg_key_len);
610 nl_dump_line(p,
"\tEncapsulation template: \n");
611 nl_dump_line(p,
"\t\tType: %d Src port: %d Dst port: %d Encap addr: %s\n",
612 sa->encap->encap_type, sa->encap->encap_sport, sa->encap->encap_dport,
613 nl_addr2str (sa->encap->encap_oa, dst, sizeof (dst)));
616 if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
617 nl_dump_line(p,
"\tTFC Pad: %u\n", sa->tfcpad);
619 if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
620 nl_dump_line(p,
"\tCO Address: %s\n",
nl_addr2str (sa->coaddr, dst, sizeof (dst)));
622 if (sa->ce_mask & XFRM_SA_ATTR_MARK)
623 nl_dump_line(p,
"\tMark mask: 0x%x Mark value: 0x%x\n", sa->mark.m, sa->mark.v);
625 if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
626 nl_dump_line(p,
"\tDOI: %d Algo: %d Len: %u ctx: %s\n", sa->sec_ctx->ctx_doi,
627 sa->sec_ctx->ctx_alg, sa->sec_ctx->ctx_len, sa->sec_ctx->ctx);
629 nl_dump_line(p,
"\treplay info: \n");
630 nl_dump_line(p,
"\t\tmax age %u max diff %u \n", sa->replay_maxage, sa->replay_maxdiff);
632 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
634 nl_dump_line(p,
"\treplay state info: \n");
635 if (sa->replay_state_esn)
637 nl_dump_line(p,
"\t\toseq %u seq %u oseq_hi %u seq_hi %u replay window: %u \n",
638 sa->replay_state_esn->oseq, sa->replay_state_esn->seq,
639 sa->replay_state_esn->oseq_hi, sa->replay_state_esn->seq_hi,
640 sa->replay_state_esn->replay_window);
644 nl_dump_line(p,
"\t\toseq %u seq %u bitmap: %u \n", sa->replay_state.oseq,
645 sa->replay_state.seq, sa->replay_state.bitmap);
649 nl_dump_line(p,
"\tselector info: \n");
650 xfrmnl_sel_dump (sa->sel, p);
652 nl_dump_line(p,
"\tHard: %d\n", sa->hard);
657static void xfrm_sa_dump_stats(
struct nl_object *a,
struct nl_dump_params *p)
659 struct xfrmnl_sa* sa = (
struct xfrmnl_sa*)a;
661 nl_dump_line(p,
"\tstats: \n");
662 nl_dump_line(p,
"\t\treplay window: %u replay: %u integrity failed: %u \n",
663 sa->stats.replay_window, sa->stats.replay, sa->stats.integrity_failed);
668static void xfrm_sa_dump_details(
struct nl_object *a,
struct nl_dump_params *p)
670 xfrm_sa_dump_line(a, p);
671 xfrm_sa_dump_stats (a, p);
679struct xfrmnl_sa* xfrmnl_sa_alloc(
void)
684void xfrmnl_sa_put(
struct xfrmnl_sa* sa)
706int xfrmnl_sa_alloc_cache(
struct nl_sock *sock,
struct nl_cache **result)
719struct xfrmnl_sa* xfrmnl_sa_get(
struct nl_cache* cache,
struct nl_addr* daddr,
720 unsigned int spi,
unsigned int proto)
722 struct xfrmnl_sa *sa;
729 if (sa->id.proto == proto &&
748 [XFRMA_ALG_AUTH_TRUNC] = { .minlen =
sizeof(
struct xfrm_algo_auth)},
749 [XFRMA_ALG_AEAD] = { .minlen =
sizeof(
struct xfrm_algo_aead) },
750 [XFRMA_ALG_AUTH] = { .minlen =
sizeof(
struct xfrm_algo) },
751 [XFRMA_ALG_CRYPT] = { .minlen =
sizeof(
struct xfrm_algo) },
752 [XFRMA_ALG_COMP] = { .minlen =
sizeof(
struct xfrm_algo) },
753 [XFRMA_ENCAP] = { .minlen =
sizeof(
struct xfrm_encap_tmpl) },
754 [XFRMA_TMPL] = { .minlen =
sizeof(
struct xfrm_user_tmpl) },
755 [XFRMA_SEC_CTX] = { .minlen =
sizeof(
struct xfrm_sec_ctx) },
756 [XFRMA_LTIME_VAL] = { .minlen =
sizeof(
struct xfrm_lifetime_cur) },
757 [XFRMA_REPLAY_VAL] = { .minlen =
sizeof(
struct xfrm_replay_state) },
758 [XFRMA_OFFLOAD_DEV] = { .minlen =
sizeof(
struct xfrm_user_offload) },
759 [XFRMA_REPLAY_THRESH] = { .type =
NLA_U32 },
760 [XFRMA_ETIMER_THRESH] = { .type =
NLA_U32 },
761 [XFRMA_SRCADDR] = { .minlen =
sizeof(xfrm_address_t) },
762 [XFRMA_COADDR] = { .minlen =
sizeof(xfrm_address_t) },
763 [XFRMA_MARK] = { .minlen =
sizeof(
struct xfrm_mark) },
764 [XFRMA_TFCPAD] = { .type =
NLA_U32 },
765 [XFRMA_REPLAY_ESN_VAL] = { .minlen =
sizeof(
struct xfrm_replay_state_esn) },
768static int xfrm_sa_request_update(
struct nl_cache *c,
struct nl_sock *h)
773int xfrmnl_sa_parse(
struct nlmsghdr *n,
struct xfrmnl_sa **result)
775 _nl_auto_nl_addr
struct nl_addr *addr1 = NULL;
776 _nl_auto_nl_addr
struct nl_addr *addr2 = NULL;
777 _nl_auto_xfrmnl_sa
struct xfrmnl_sa *sa = NULL;
778 struct nlattr *tb[XFRMA_MAX + 1];
779 struct xfrm_usersa_info* sa_info;
780 struct xfrm_user_expire* ue;
783 sa = xfrmnl_sa_alloc();
787 sa->ce_msgtype = n->nlmsg_type;
788 if (n->nlmsg_type == XFRM_MSG_EXPIRE)
791 sa_info = &ue->state;
793 sa->ce_mask |= XFRM_SA_ATTR_EXPIRE;
795 else if (n->nlmsg_type == XFRM_MSG_DELSA)
797 sa_info = (
struct xfrm_usersa_info*)((
char *)
nlmsg_data(n) +
sizeof (
struct xfrm_usersa_id) + NLA_HDRLEN);
804 err =
nlmsg_parse(n,
sizeof(
struct xfrm_usersa_info), tb, XFRMA_MAX, xfrm_sa_policy);
808 if (!(addr1 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.daddr)))
811 xfrmnl_sel_set_daddr (sa->sel, addr1);
812 xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d);
814 if (!(addr2 = _nl_addr_build(sa_info->sel.family, &sa_info->sel.saddr)))
817 xfrmnl_sel_set_saddr (sa->sel, addr2);
818 xfrmnl_sel_set_prefixlen_s (sa->sel, sa_info->sel.prefixlen_s);
820 xfrmnl_sel_set_dport (sa->sel, ntohs(sa_info->sel.dport));
821 xfrmnl_sel_set_dportmask (sa->sel, ntohs(sa_info->sel.dport_mask));
822 xfrmnl_sel_set_sport (sa->sel, ntohs(sa_info->sel.sport));
823 xfrmnl_sel_set_sportmask (sa->sel, ntohs(sa_info->sel.sport_mask));
824 xfrmnl_sel_set_family (sa->sel, sa_info->sel.family);
825 xfrmnl_sel_set_proto (sa->sel, sa_info->sel.proto);
826 xfrmnl_sel_set_ifindex (sa->sel, sa_info->sel.ifindex);
827 xfrmnl_sel_set_userid (sa->sel, sa_info->sel.user);
828 sa->ce_mask |= XFRM_SA_ATTR_SEL;
830 if (!(sa->id.daddr = _nl_addr_build(sa_info->family, &sa_info->id.daddr)))
832 sa->id.spi = ntohl(sa_info->id.spi);
833 sa->id.proto = sa_info->id.proto;
834 sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO);
836 if (!(sa->saddr = _nl_addr_build(sa_info->family, &sa_info->saddr)))
838 sa->ce_mask |= XFRM_SA_ATTR_SADDR;
840 sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit;
841 sa->lft->hard_byte_limit = sa_info->lft.hard_byte_limit;
842 sa->lft->soft_packet_limit = sa_info->lft.soft_packet_limit;
843 sa->lft->hard_packet_limit = sa_info->lft.hard_packet_limit;
844 sa->lft->soft_add_expires_seconds = sa_info->lft.soft_add_expires_seconds;
845 sa->lft->hard_add_expires_seconds = sa_info->lft.hard_add_expires_seconds;
846 sa->lft->soft_use_expires_seconds = sa_info->lft.soft_use_expires_seconds;
847 sa->lft->hard_use_expires_seconds = sa_info->lft.hard_use_expires_seconds;
848 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
850 sa->curlft.bytes = sa_info->curlft.bytes;
851 sa->curlft.packets = sa_info->curlft.packets;
852 sa->curlft.add_time = sa_info->curlft.add_time;
853 sa->curlft.use_time = sa_info->curlft.use_time;
854 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CUR;
856 sa->stats.replay_window = sa_info->stats.replay_window;
857 sa->stats.replay = sa_info->stats.replay;
858 sa->stats.integrity_failed = sa_info->stats.integrity_failed;
859 sa->ce_mask |= XFRM_SA_ATTR_STATS;
861 sa->seq = sa_info->seq;
862 sa->reqid = sa_info->reqid;
863 sa->family = sa_info->family;
864 sa->mode = sa_info->mode;
865 sa->replay_window = sa_info->replay_window;
866 sa->flags = sa_info->flags;
867 sa->ce_mask |= (XFRM_SA_ATTR_SEQ | XFRM_SA_ATTR_REQID |
868 XFRM_SA_ATTR_FAMILY | XFRM_SA_ATTR_MODE |
869 XFRM_SA_ATTR_REPLAY_WIN | XFRM_SA_ATTR_FLAGS);
871 if (tb[XFRMA_ALG_AEAD]) {
872 struct xfrm_algo_aead* aead =
nla_data(tb[XFRMA_ALG_AEAD]);
874 len =
sizeof (
struct xfrmnl_algo_aead) + ((aead->alg_key_len + 7) / 8);
875 if ((sa->aead = calloc (1, len)) == NULL)
877 memcpy ((
void *)sa->aead, (
void *)aead, len);
878 sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
881 if (tb[XFRMA_ALG_AUTH_TRUNC]) {
882 struct xfrm_algo_auth* auth =
nla_data(tb[XFRMA_ALG_AUTH_TRUNC]);
884 len =
sizeof (
struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
885 if ((sa->auth = calloc (1, len)) == NULL)
887 memcpy ((
void *)sa->auth, (
void *)auth, len);
888 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
891 if (tb[XFRMA_ALG_AUTH] && !sa->auth) {
892 struct xfrm_algo* auth =
nla_data(tb[XFRMA_ALG_AUTH]);
894 len =
sizeof (
struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
895 if ((sa->auth = calloc (1, len)) == NULL)
897 strcpy(sa->auth->alg_name, auth->alg_name);
898 memcpy(sa->auth->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
899 sa->auth->alg_key_len = auth->alg_key_len;
900 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
903 if (tb[XFRMA_ALG_CRYPT]) {
904 struct xfrm_algo* crypt =
nla_data(tb[XFRMA_ALG_CRYPT]);
906 len =
sizeof (
struct xfrmnl_algo) + ((crypt->alg_key_len + 7) / 8);
907 if ((sa->crypt = calloc (1, len)) == NULL)
909 memcpy ((
void *)sa->crypt, (
void *)crypt, len);
910 sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
913 if (tb[XFRMA_ALG_COMP]) {
914 struct xfrm_algo* comp =
nla_data(tb[XFRMA_ALG_COMP]);
916 len =
sizeof (
struct xfrmnl_algo) + ((comp->alg_key_len + 7) / 8);
917 if ((sa->comp = calloc (1, len)) == NULL)
919 memcpy ((
void *)sa->comp, (
void *)comp, len);
920 sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
923 if (tb[XFRMA_ENCAP]) {
924 struct xfrm_encap_tmpl* encap =
nla_data(tb[XFRMA_ENCAP]);
926 len =
sizeof (
struct xfrmnl_encap_tmpl);
927 if ((sa->encap = calloc (1, len)) == NULL)
929 sa->encap->encap_type = encap->encap_type;
930 sa->encap->encap_sport = ntohs(encap->encap_sport);
931 sa->encap->encap_dport = ntohs(encap->encap_dport);
932 if (!(sa->encap->encap_oa = _nl_addr_build(sa_info->family,
935 sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
938 if (tb[XFRMA_TFCPAD]) {
939 sa->tfcpad = *(uint32_t*)
nla_data(tb[XFRMA_TFCPAD]);
940 sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
943 if (tb[XFRMA_COADDR]) {
944 if (!(sa->coaddr = _nl_addr_build(
945 sa_info->family,
nla_data(tb[XFRMA_COADDR]))))
947 sa->ce_mask |= XFRM_SA_ATTR_COADDR;
950 if (tb[XFRMA_MARK]) {
951 struct xfrm_mark* m =
nla_data(tb[XFRMA_MARK]);
955 sa->ce_mask |= XFRM_SA_ATTR_MARK;
958 if (tb[XFRMA_SEC_CTX]) {
959 struct xfrm_user_sec_ctx* sec_ctx =
nla_data(tb[XFRMA_SEC_CTX]);
962 if ((sa->sec_ctx = calloc (1, len)) == NULL)
964 memcpy (sa->sec_ctx, sec_ctx, len);
965 sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
968 if (tb[XFRMA_ETIMER_THRESH]) {
969 sa->replay_maxage = *(uint32_t*)
nla_data(tb[XFRMA_ETIMER_THRESH]);
970 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
973 if (tb[XFRMA_REPLAY_THRESH]) {
974 sa->replay_maxdiff = *(uint32_t*)
nla_data(tb[XFRMA_REPLAY_THRESH]);
975 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
978 if (tb[XFRMA_REPLAY_ESN_VAL]) {
979 struct xfrm_replay_state_esn* esn =
nla_data (tb[XFRMA_REPLAY_ESN_VAL]);
982 if ((sa->replay_state_esn = calloc (1, len)) == NULL)
984 memcpy ((
void *)sa->replay_state_esn, (
void *)esn, len);
985 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
987 else if (tb[XFRMA_REPLAY_VAL])
989 struct xfrm_replay_state* replay_state =
nla_data (tb[XFRMA_REPLAY_VAL]);
990 sa->replay_state.oseq = replay_state->oseq;
991 sa->replay_state.seq = replay_state->seq;
992 sa->replay_state.bitmap = replay_state->bitmap;
993 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
994 sa->replay_state_esn = NULL;
997 if (tb[XFRMA_OFFLOAD_DEV]) {
998 struct xfrm_user_offload *offload;
1000 len =
sizeof(
struct xfrmnl_user_offload);
1001 if ((sa->user_offload = calloc(1, len)) == NULL)
1003 offload =
nla_data(tb[XFRMA_OFFLOAD_DEV]);
1004 sa->user_offload->ifindex = offload->ifindex;
1005 sa->user_offload->flags = offload->flags;
1006 sa->ce_mask |= XFRM_SA_ATTR_OFFLOAD_DEV;
1009 *result = _nl_steal_pointer(&sa);
1013static int xfrm_sa_update_cache (
struct nl_cache *cache,
struct nl_object *obj,
1014 change_func_t change_cb, change_func_v2_t change_cb_v2,
1017 _nl_auto_nl_object
struct nl_object* old_sa = NULL;
1018 struct xfrmnl_sa* sa = (
struct xfrmnl_sa*)obj;
1049 change_cb_v2(cache, NULL, obj, 0, NL_ACT_NEW, data);
1051 change_cb(cache, obj, NL_ACT_NEW, data);
1056 if (change_cb || change_cb_v2)
1063 change_cb_v2(cache, old_sa, obj, diff, NL_ACT_CHANGE, data);
1064 }
else if (change_cb)
1065 change_cb(cache, obj, NL_ACT_CHANGE, data);
1074 change_cb_v2(cache, obj, NULL, 0, NL_ACT_DEL, data);
1076 change_cb (cache, obj, NL_ACT_DEL, data);
1087 return nl_cache_include_v2(cache, obj, change_cb_v2, data);
1089 return nl_cache_include (cache, obj, change_cb, data);
1093static int xfrm_sa_msg_parser(
struct nl_cache_ops *ops,
struct sockaddr_nl *who,
1094 struct nlmsghdr *n,
struct nl_parser_param *pp)
1096 struct xfrmnl_sa* sa;
1099 if ((err = xfrmnl_sa_parse(n, &sa)) < 0)
1102 err = pp->pp_cb((
struct nl_object *) sa, pp);
1113int xfrmnl_sa_build_get_request(
struct nl_addr* daddr,
unsigned int spi,
unsigned int protocol,
unsigned int mark_v,
unsigned int mark_m,
struct nl_msg **result)
1116 struct xfrm_usersa_id sa_id;
1117 struct xfrm_mark mark;
1121 fprintf(stderr,
"APPLICATION BUG: %s:%d:%s: A valid destination address, spi must be specified\n",
1122 __FILE__, __LINE__, __func__);
1124 return -NLE_MISSING_ATTR;
1127 memset(&sa_id, 0,
sizeof(sa_id));
1130 sa_id.spi = htonl(spi);
1131 sa_id.proto = protocol;
1136 if (
nlmsg_append(msg, &sa_id,
sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1137 goto nla_put_failure;
1139 if ((mark_m & mark_v) != 0)
1141 memset(&mark, 0,
sizeof(
struct xfrm_mark));
1145 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &mark);
1153 return -NLE_MSGSIZE;
1156int xfrmnl_sa_get_kernel(
struct nl_sock* sock,
struct nl_addr* daddr,
unsigned int spi,
unsigned int protocol,
unsigned int mark_v,
unsigned int mark_m,
struct xfrmnl_sa** result)
1158 struct nl_msg *msg = NULL;
1159 struct nl_object *obj;
1162 if ((err = xfrmnl_sa_build_get_request(daddr, spi, protocol, mark_m, mark_v, &msg)) < 0)
1170 if ((err =
nl_pickup(sock, &xfrm_sa_msg_parser, &obj)) < 0)
1174 *result = (
struct xfrmnl_sa *) obj;
1177 if (err == 0 && obj)
1185static int build_xfrm_sa_message(
struct xfrmnl_sa *tmpl,
int cmd,
int flags,
struct nl_msg **result)
1188 struct xfrm_usersa_info sa_info;
1190 struct nl_addr* addr;
1192 if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1193 !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1194 !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1195 return -NLE_MISSING_ATTR;
1197 memset ((
void*)&sa_info, 0,
sizeof (sa_info));
1198 if (tmpl->ce_mask & XFRM_SA_ATTR_SEL)
1200 addr = xfrmnl_sel_get_daddr (tmpl->sel);
1202 addr = xfrmnl_sel_get_saddr (tmpl->sel);
1204 sa_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
1205 sa_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
1206 sa_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
1207 sa_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
1208 sa_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
1209 sa_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
1210 sa_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
1211 sa_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
1212 sa_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
1213 sa_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
1217 sa_info.id.spi = htonl(tmpl->id.spi);
1218 sa_info.id.proto = tmpl->id.proto;
1220 if (tmpl->ce_mask & XFRM_SA_ATTR_SADDR)
1223 if (tmpl->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1225 sa_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
1226 sa_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
1227 sa_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
1228 sa_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
1229 sa_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
1230 sa_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
1231 sa_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
1232 sa_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
1239 if (tmpl->ce_mask & XFRM_SA_ATTR_REQID)
1240 sa_info.reqid = tmpl->reqid;
1242 if (tmpl->ce_mask & XFRM_SA_ATTR_FAMILY)
1243 sa_info.family = tmpl->family;
1245 if (tmpl->ce_mask & XFRM_SA_ATTR_MODE)
1246 sa_info.mode = tmpl->mode;
1248 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1249 sa_info.replay_window = tmpl->replay_window;
1251 if (tmpl->ce_mask & XFRM_SA_ATTR_FLAGS)
1252 sa_info.flags = tmpl->flags;
1258 if (
nlmsg_append(msg, &sa_info,
sizeof(sa_info), NLMSG_ALIGNTO) < 0)
1259 goto nla_put_failure;
1261 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AEAD) {
1262 len =
sizeof (
struct xfrm_algo_aead) + ((tmpl->aead->alg_key_len + 7) / 8);
1263 NLA_PUT (msg, XFRMA_ALG_AEAD, len, tmpl->aead);
1266 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AUTH) {
1269 if (tmpl->auth->alg_trunc_len) {
1270 len =
sizeof (
struct xfrm_algo_auth) + ((tmpl->auth->alg_key_len + 7) / 8);
1271 NLA_PUT (msg, XFRMA_ALG_AUTH_TRUNC, len, tmpl->auth);
1273 struct xfrm_algo *auth;
1275 len =
sizeof (
struct xfrm_algo) + ((tmpl->auth->alg_key_len + 7) / 8);
1282 _nl_strncpy_assert(auth->alg_name, tmpl->auth->alg_name,
sizeof(auth->alg_name));
1283 auth->alg_key_len = tmpl->auth->alg_key_len;
1284 memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8);
1285 if (
nla_put(msg, XFRMA_ALG_AUTH, len, auth) < 0) {
1287 goto nla_put_failure;
1293 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_CRYPT) {
1294 len =
sizeof (
struct xfrm_algo) + ((tmpl->crypt->alg_key_len + 7) / 8);
1295 NLA_PUT (msg, XFRMA_ALG_CRYPT, len, tmpl->crypt);
1298 if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_COMP) {
1299 len =
sizeof (
struct xfrm_algo) + ((tmpl->comp->alg_key_len + 7) / 8);
1300 NLA_PUT (msg, XFRMA_ALG_COMP, len, tmpl->comp);
1303 if (tmpl->ce_mask & XFRM_SA_ATTR_ENCAP) {
1304 struct xfrm_encap_tmpl* encap_tmpl;
1305 struct nlattr* encap_attr;
1307 len =
sizeof (
struct xfrm_encap_tmpl);
1310 goto nla_put_failure;
1311 encap_tmpl =
nla_data (encap_attr);
1312 encap_tmpl->encap_type = tmpl->encap->encap_type;
1313 encap_tmpl->encap_sport = htons (tmpl->encap->encap_sport);
1314 encap_tmpl->encap_dport = htons (tmpl->encap->encap_dport);
1318 if (tmpl->ce_mask & XFRM_SA_ATTR_TFCPAD) {
1322 if (tmpl->ce_mask & XFRM_SA_ATTR_COADDR) {
1323 NLA_PUT (msg, XFRMA_COADDR,
sizeof (xfrm_address_t), tmpl->coaddr);
1326 if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1327 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &tmpl->mark);
1330 if (tmpl->ce_mask & XFRM_SA_ATTR_SECCTX) {
1331 len =
sizeof (
struct xfrm_sec_ctx) + tmpl->sec_ctx->ctx_len;
1332 NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
1335 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE) {
1336 NLA_PUT_U32 (msg, XFRMA_ETIMER_THRESH, tmpl->replay_maxage);
1339 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF) {
1340 NLA_PUT_U32 (msg, XFRMA_REPLAY_THRESH, tmpl->replay_maxdiff);
1343 if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_STATE) {
1344 if (tmpl->replay_state_esn) {
1345 len =
sizeof (
struct xfrm_replay_state_esn) + (sizeof (uint32_t) * tmpl->replay_state_esn->bmp_len);
1346 NLA_PUT (msg, XFRMA_REPLAY_ESN_VAL, len, tmpl->replay_state_esn);
1349 NLA_PUT (msg, XFRMA_REPLAY_VAL,
sizeof (
struct xfrm_replay_state), &tmpl->replay_state);
1353 if (tmpl->ce_mask & XFRM_SA_ATTR_OFFLOAD_DEV) {
1354 struct xfrm_user_offload *offload;
1355 struct nlattr *attr;
1357 len =
sizeof(
struct xfrm_user_offload);
1361 goto nla_put_failure;
1364 offload->ifindex = tmpl->user_offload->ifindex;
1365 offload->flags = tmpl->user_offload->flags;
1373 return -NLE_MSGSIZE;
1381int xfrmnl_sa_build_add_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1383 return build_xfrm_sa_message (tmpl, XFRM_MSG_NEWSA, flags, result);
1386int xfrmnl_sa_add(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1391 if ((err = xfrmnl_sa_build_add_request(tmpl, flags, &msg)) < 0)
1407int xfrmnl_sa_build_update_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1409 return build_xfrm_sa_message (tmpl, XFRM_MSG_UPDSA, flags, result);
1412int xfrmnl_sa_update(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1417 if ((err = xfrmnl_sa_build_update_request(tmpl, flags, &msg)) < 0)
1430static int build_xfrm_sa_delete_message(
struct xfrmnl_sa *tmpl,
int cmd,
int flags,
struct nl_msg **result)
1433 struct xfrm_usersa_id sa_id;
1435 if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1436 !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1437 !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1438 return -NLE_MISSING_ATTR;
1440 memset(&sa_id, 0,
sizeof(
struct xfrm_usersa_id));
1444 sa_id.spi = htonl(tmpl->id.spi);
1445 sa_id.proto = tmpl->id.proto;
1451 if (
nlmsg_append(msg, &sa_id,
sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1452 goto nla_put_failure;
1454 if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1455 NLA_PUT (msg, XFRMA_MARK,
sizeof (
struct xfrm_mark), &tmpl->mark);
1463 return -NLE_MSGSIZE;
1471int xfrmnl_sa_build_delete_request(
struct xfrmnl_sa* tmpl,
int flags,
struct nl_msg **result)
1473 return build_xfrm_sa_delete_message (tmpl, XFRM_MSG_DELSA, flags, result);
1476int xfrmnl_sa_delete(
struct nl_sock* sk,
struct xfrmnl_sa* tmpl,
int flags)
1481 if ((err = xfrmnl_sa_build_delete_request(tmpl, flags, &msg)) < 0)
1500struct xfrmnl_sel* xfrmnl_sa_get_sel (
struct xfrmnl_sa* sa)
1502 if (sa->ce_mask & XFRM_SA_ATTR_SEL)
1508int xfrmnl_sa_set_sel (
struct xfrmnl_sa* sa,
struct xfrmnl_sel* sel)
1512 xfrmnl_sel_put (sa->sel);
1515 xfrmnl_sel_get (sel);
1517 sa->ce_mask |= XFRM_SA_ATTR_SEL;
1522static inline int __assign_addr(
struct xfrmnl_sa* sa,
struct nl_addr **pos,
1523 struct nl_addr *
new,
int flag,
int nocheck)
1527 if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1530 return -NLE_AF_MISMATCH;
1540 sa->ce_mask |= flag;
1546struct nl_addr* xfrmnl_sa_get_daddr (
struct xfrmnl_sa* sa)
1548 if (sa->ce_mask & XFRM_SA_ATTR_DADDR)
1549 return sa->id.daddr;
1554int xfrmnl_sa_set_daddr (
struct xfrmnl_sa* sa,
struct nl_addr* addr)
1556 return __assign_addr(sa, &sa->id.daddr, addr, XFRM_SA_ATTR_DADDR, 0);
1559int xfrmnl_sa_get_spi (
struct xfrmnl_sa* sa)
1561 if (sa->ce_mask & XFRM_SA_ATTR_SPI)
1567int xfrmnl_sa_set_spi (
struct xfrmnl_sa* sa,
unsigned int spi)
1570 sa->ce_mask |= XFRM_SA_ATTR_SPI;
1575int xfrmnl_sa_get_proto (
struct xfrmnl_sa* sa)
1577 if (sa->ce_mask & XFRM_SA_ATTR_PROTO)
1578 return sa->id.proto;
1583int xfrmnl_sa_set_proto (
struct xfrmnl_sa* sa,
unsigned int protocol)
1585 sa->id.proto = protocol;
1586 sa->ce_mask |= XFRM_SA_ATTR_PROTO;
1591struct nl_addr* xfrmnl_sa_get_saddr (
struct xfrmnl_sa* sa)
1593 if (sa->ce_mask & XFRM_SA_ATTR_SADDR)
1599int xfrmnl_sa_set_saddr (
struct xfrmnl_sa* sa,
struct nl_addr* addr)
1601 return __assign_addr(sa, &sa->saddr, addr, XFRM_SA_ATTR_SADDR, 1);
1606 if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1612int xfrmnl_sa_set_lifetime_cfg (
struct xfrmnl_sa* sa,
struct xfrmnl_ltime_cfg* ltime)
1616 xfrmnl_ltime_cfg_put (sa->lft);
1619 xfrmnl_ltime_cfg_get (ltime);
1621 sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
1626int xfrmnl_sa_get_curlifetime (
struct xfrmnl_sa* sa,
unsigned long long int* curr_bytes,
1627 unsigned long long int* curr_packets,
unsigned long long int* curr_add_time,
unsigned long long int* curr_use_time)
1629 if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1632 if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CUR)
1634 *curr_bytes = sa->curlft.bytes;
1635 *curr_packets = sa->curlft.packets;
1636 *curr_add_time = sa->curlft.add_time;
1637 *curr_use_time = sa->curlft.use_time;
1645int xfrmnl_sa_get_stats (
struct xfrmnl_sa* sa,
unsigned long long int* replay_window,
1646 unsigned long long int* replay,
unsigned long long int* integrity_failed)
1648 if (sa == NULL || replay_window == NULL || replay == NULL || integrity_failed == NULL)
1651 if (sa->ce_mask & XFRM_SA_ATTR_STATS)
1653 *replay_window = sa->stats.replay_window;
1654 *replay = sa->stats.replay;
1655 *integrity_failed = sa->stats.integrity_failed;
1663int xfrmnl_sa_get_seq (
struct xfrmnl_sa* sa)
1665 if (sa->ce_mask & XFRM_SA_ATTR_SEQ)
1671int xfrmnl_sa_get_reqid (
struct xfrmnl_sa* sa)
1673 if (sa->ce_mask & XFRM_SA_ATTR_REQID)
1679int xfrmnl_sa_set_reqid (
struct xfrmnl_sa* sa,
unsigned int reqid)
1682 sa->ce_mask |= XFRM_SA_ATTR_REQID;
1687int xfrmnl_sa_get_family (
struct xfrmnl_sa* sa)
1689 if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1695int xfrmnl_sa_set_family (
struct xfrmnl_sa* sa,
unsigned int family)
1697 sa->family = family;
1698 sa->ce_mask |= XFRM_SA_ATTR_FAMILY;
1703int xfrmnl_sa_get_mode (
struct xfrmnl_sa* sa)
1705 if (sa->ce_mask & XFRM_SA_ATTR_MODE)
1711int xfrmnl_sa_set_mode (
struct xfrmnl_sa* sa,
unsigned int mode)
1714 sa->ce_mask |= XFRM_SA_ATTR_MODE;
1719int xfrmnl_sa_get_replay_window (
struct xfrmnl_sa* sa)
1721 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1722 return sa->replay_window;
1727int xfrmnl_sa_set_replay_window (
struct xfrmnl_sa* sa,
unsigned int replay_window)
1729 sa->replay_window = replay_window;
1730 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_WIN;
1735int xfrmnl_sa_get_flags (
struct xfrmnl_sa* sa)
1737 if (sa->ce_mask & XFRM_SA_ATTR_FLAGS)
1743int xfrmnl_sa_set_flags (
struct xfrmnl_sa* sa,
unsigned int flags)
1746 sa->ce_mask |= XFRM_SA_ATTR_FLAGS;
1767int xfrmnl_sa_get_aead_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
unsigned int* icv_len,
char* key)
1769 if (sa->ce_mask & XFRM_SA_ATTR_ALG_AEAD)
1772 strcpy (alg_name, sa->aead->alg_name);
1774 *key_len = sa->aead->alg_key_len;
1776 *icv_len = sa->aead->alg_icv_len;
1778 memcpy (key, sa->aead->alg_key, ((sa->aead->alg_key_len + 7)/8));
1786int xfrmnl_sa_set_aead_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
unsigned int icv_len,
const char* key)
1788 _nl_auto_free
struct xfrmnl_algo_aead *b = NULL;
1789 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1790 uint32_t newlen =
sizeof (
struct xfrmnl_algo_aead) + keysize;
1793 if (strlen (alg_name) >=
sizeof (sa->aead->alg_name))
1795 if (!(b = calloc (1, newlen)))
1798 strcpy (b->alg_name, alg_name);
1799 b->alg_key_len = key_len;
1800 b->alg_icv_len = icv_len;
1801 memcpy (b->alg_key, key, keysize);
1804 sa->aead = _nl_steal_pointer (&b);
1805 sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
1825int xfrmnl_sa_get_auth_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
unsigned int* trunc_len,
char* key)
1827 if (!(sa->ce_mask & XFRM_SA_ATTR_ALG_AUTH))
1828 return -NLE_MISSING_ATTR;
1831 strcpy(alg_name, sa->auth->alg_name);
1833 *key_len = sa->auth->alg_key_len;
1835 *trunc_len = sa->auth->alg_trunc_len;
1837 memcpy(key, sa->auth->alg_key, (sa->auth->alg_key_len + 7) / 8);
1841int xfrmnl_sa_set_auth_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
unsigned int trunc_len,
const char* key)
1843 _nl_auto_free
struct xfrmnl_algo_auth *b = NULL;
1844 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1845 uint32_t newlen =
sizeof (
struct xfrmnl_algo_auth) + keysize;
1847 if (strlen (alg_name) >=
sizeof (sa->auth->alg_name))
1849 if (!(b = calloc (1, newlen)))
1852 strcpy (b->alg_name, alg_name);
1853 b->alg_key_len = key_len;
1854 b->alg_trunc_len = trunc_len;
1855 memcpy (b->alg_key, key, keysize);
1858 sa->auth = _nl_steal_pointer (&b);
1859 sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
1878int xfrmnl_sa_get_crypto_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
char* key)
1880 if (sa->ce_mask & XFRM_SA_ATTR_ALG_CRYPT)
1883 strcpy (alg_name, sa->crypt->alg_name);
1885 *key_len = sa->crypt->alg_key_len;
1887 memcpy (key, sa->crypt->alg_key, ((sa->crypt->alg_key_len + 7)/8));
1895int xfrmnl_sa_set_crypto_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
const char* key)
1897 _nl_auto_free
struct xfrmnl_algo *b = NULL;
1898 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1899 uint32_t newlen =
sizeof (
struct xfrmnl_algo) + keysize;
1901 if (strlen (alg_name) >=
sizeof (sa->crypt->alg_name))
1903 if (!(b = calloc (1, newlen)))
1906 strcpy (b->alg_name, alg_name);
1907 b->alg_key_len = key_len;
1908 memcpy (b->alg_key, key, keysize);
1911 sa->crypt = _nl_steal_pointer(&b);
1912 sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
1931int xfrmnl_sa_get_comp_params (
struct xfrmnl_sa* sa,
char* alg_name,
unsigned int* key_len,
char* key)
1933 if (sa->ce_mask & XFRM_SA_ATTR_ALG_COMP)
1936 strcpy (alg_name, sa->comp->alg_name);
1938 *key_len = sa->comp->alg_key_len;
1940 memcpy (key, sa->comp->alg_key, ((sa->comp->alg_key_len + 7)/8));
1948int xfrmnl_sa_set_comp_params (
struct xfrmnl_sa* sa,
const char* alg_name,
unsigned int key_len,
const char* key)
1950 _nl_auto_free
struct xfrmnl_algo *b = NULL;
1951 size_t keysize =
sizeof (uint8_t) * ((key_len + 7)/8);
1952 uint32_t newlen =
sizeof (
struct xfrmnl_algo) + keysize;
1954 if (strlen (alg_name) >=
sizeof (sa->comp->alg_name))
1956 if (!(b = calloc (1, newlen)))
1959 strcpy (b->alg_name, alg_name);
1960 b->alg_key_len = key_len;
1961 memcpy (b->alg_key, key, keysize);
1964 sa->comp = _nl_steal_pointer(&b);
1965 sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
1969int xfrmnl_sa_get_encap_tmpl (
struct xfrmnl_sa* sa,
unsigned int* encap_type,
unsigned int* encap_sport,
unsigned int* encap_dport,
struct nl_addr** encap_oa)
1971 if (sa->ce_mask & XFRM_SA_ATTR_ENCAP)
1973 *encap_type = sa->encap->encap_type;
1974 *encap_sport = sa->encap->encap_sport;
1975 *encap_dport = sa->encap->encap_dport;
1984int xfrmnl_sa_set_encap_tmpl (
struct xfrmnl_sa* sa,
unsigned int encap_type,
unsigned int encap_sport,
unsigned int encap_dport,
struct nl_addr* encap_oa)
1988 if (sa->encap->encap_oa)
1990 memset(sa->encap, 0, sizeof (*sa->encap));
1991 }
else if ((sa->encap = calloc(1,
sizeof(*sa->encap))) == NULL)
1995 sa->encap->encap_type = encap_type;
1996 sa->encap->encap_sport = encap_sport;
1997 sa->encap->encap_dport = encap_dport;
1999 sa->encap->encap_oa = encap_oa;
2001 sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
2006int xfrmnl_sa_get_tfcpad (
struct xfrmnl_sa* sa)
2008 if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
2014int xfrmnl_sa_set_tfcpad (
struct xfrmnl_sa* sa,
unsigned int tfcpad)
2016 sa->tfcpad = tfcpad;
2017 sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
2022struct nl_addr* xfrmnl_sa_get_coaddr (
struct xfrmnl_sa* sa)
2024 if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
2030int xfrmnl_sa_set_coaddr (
struct xfrmnl_sa* sa,
struct nl_addr* coaddr)
2038 sa->coaddr = coaddr;
2040 sa->ce_mask |= XFRM_SA_ATTR_COADDR;
2045int xfrmnl_sa_get_mark (
struct xfrmnl_sa* sa,
unsigned int* mark_mask,
unsigned int* mark_value)
2047 if (mark_mask == NULL || mark_value == NULL)
2050 if (sa->ce_mask & XFRM_SA_ATTR_MARK)
2052 *mark_mask = sa->mark.m;
2053 *mark_value = sa->mark.v;
2061int xfrmnl_sa_set_mark (
struct xfrmnl_sa* sa,
unsigned int value,
unsigned int mask)
2065 sa->ce_mask |= XFRM_SA_ATTR_MARK;
2089int xfrmnl_sa_get_sec_ctx (
struct xfrmnl_sa* sa,
unsigned int* doi,
unsigned int* alg,
2090 unsigned int* len,
unsigned int* sid,
char* ctx_str)
2092 if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
2095 *doi = sa->sec_ctx->ctx_doi;
2097 *alg = sa->sec_ctx->ctx_alg;
2099 *len = sa->sec_ctx->ctx_len;
2101 memcpy (ctx_str, sa->sec_ctx->ctx, sa->sec_ctx->ctx_len);
2122int xfrmnl_sa_set_sec_ctx (
struct xfrmnl_sa* sa,
unsigned int doi,
unsigned int alg,
unsigned int len,
2123 unsigned int sid,
const char* ctx_str)
2131 b->exttype = XFRMA_SEC_CTX;
2135 memcpy (b->ctx, ctx_str, len);
2139 sa->sec_ctx = _nl_steal_pointer(&b);
2140 sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
2145int xfrmnl_sa_get_replay_maxage (
struct xfrmnl_sa* sa)
2147 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE)
2148 return sa->replay_maxage;
2153int xfrmnl_sa_set_replay_maxage (
struct xfrmnl_sa* sa,
unsigned int replay_maxage)
2155 sa->replay_maxage = replay_maxage;
2156 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
2161int xfrmnl_sa_get_replay_maxdiff (
struct xfrmnl_sa* sa)
2163 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF)
2164 return sa->replay_maxdiff;
2169int xfrmnl_sa_set_replay_maxdiff (
struct xfrmnl_sa* sa,
unsigned int replay_maxdiff)
2171 sa->replay_maxdiff = replay_maxdiff;
2172 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
2177int xfrmnl_sa_get_replay_state (
struct xfrmnl_sa* sa,
unsigned int* oseq,
unsigned int* seq,
unsigned int* bmp)
2179 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
2181 if (sa->replay_state_esn == NULL)
2183 *oseq = sa->replay_state.oseq;
2184 *seq = sa->replay_state.seq;
2185 *bmp = sa->replay_state.bitmap;
2198int xfrmnl_sa_set_replay_state (
struct xfrmnl_sa* sa,
unsigned int oseq,
unsigned int seq,
unsigned int bitmap)
2200 sa->replay_state.oseq = oseq;
2201 sa->replay_state.seq = seq;
2202 sa->replay_state.bitmap = bitmap;
2203 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
2208int xfrmnl_sa_get_replay_state_esn (
struct xfrmnl_sa* sa,
unsigned int* oseq,
unsigned int* seq,
unsigned int* oseq_hi,
2209 unsigned int* seq_hi,
unsigned int* replay_window,
unsigned int* bmp_len,
unsigned int* bmp)
2211 if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
2213 if (sa->replay_state_esn)
2215 *oseq = sa->replay_state_esn->oseq;
2216 *seq = sa->replay_state_esn->seq;
2217 *oseq_hi= sa->replay_state_esn->oseq_hi;
2218 *seq_hi = sa->replay_state_esn->seq_hi;
2219 *replay_window = sa->replay_state_esn->replay_window;
2220 *bmp_len = sa->replay_state_esn->bmp_len;
2221 memcpy (bmp, sa->replay_state_esn->bmp, sa->replay_state_esn->bmp_len * sizeof (uint32_t));
2234int xfrmnl_sa_set_replay_state_esn (
struct xfrmnl_sa* sa,
unsigned int oseq,
unsigned int seq,
2235 unsigned int oseq_hi,
unsigned int seq_hi,
unsigned int replay_window,
2236 unsigned int bmp_len,
unsigned int* bmp)
2245 b->oseq_hi = oseq_hi;
2247 b->replay_window = replay_window;
2248 b->bmp_len = bmp_len;
2249 memcpy (b->bmp, bmp, bmp_len * sizeof (uint32_t));
2251 free(sa->replay_state_esn);
2252 sa->replay_state_esn = _nl_steal_pointer(&b);
2253 sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
2267int xfrmnl_sa_get_user_offload(
struct xfrmnl_sa *sa,
int *ifindex, uint8_t *flags)
2271 if (sa->ce_mask & XFRM_SA_ATTR_OFFLOAD_DEV && sa->user_offload) {
2273 *ifindex = sa->user_offload->ifindex;
2275 *flags = sa->user_offload->flags;
2292int xfrmnl_sa_set_user_offload(
struct xfrmnl_sa *sa,
int ifindex, uint8_t flags)
2294 _nl_auto_free
struct xfrmnl_user_offload *b = NULL;
2296 if (!(b = calloc(1,
sizeof(*b))))
2299 b->ifindex = ifindex;
2302 free(sa->user_offload);
2303 sa->user_offload = _nl_steal_pointer(&b);
2304 sa->ce_mask |= XFRM_SA_ATTR_OFFLOAD_DEV;
2309int xfrmnl_sa_is_hardexpiry_reached (
struct xfrmnl_sa* sa)
2311 if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2312 return (sa->hard > 0 ? 1: 0);
2317int xfrmnl_sa_is_expiry_reached (
struct xfrmnl_sa* sa)
2319 if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2327static struct nl_object_ops xfrm_sa_obj_ops = {
2328 .oo_name =
"xfrm/sa",
2329 .oo_size =
sizeof(
struct xfrmnl_sa),
2330 .oo_constructor = xfrm_sa_alloc_data,
2331 .oo_free_data = xfrm_sa_free_data,
2332 .oo_clone = xfrm_sa_clone,
2338 .oo_compare = xfrm_sa_compare,
2339 .oo_attrs2str = xfrm_sa_attrs2str,
2340 .oo_id_attrs = (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO),
2343static struct nl_af_group xfrm_sa_groups[] = {
2344 { AF_UNSPEC, XFRMNLGRP_SA },
2345 { AF_UNSPEC, XFRMNLGRP_EXPIRE },
2346 { END_OF_GROUP_LIST },
2349static struct nl_cache_ops xfrmnl_sa_ops = {
2350 .co_name =
"xfrm/sa",
2351 .co_hdrsize =
sizeof(
struct xfrm_usersa_info),
2353 { XFRM_MSG_NEWSA, NL_ACT_NEW,
"new" },
2354 { XFRM_MSG_DELSA, NL_ACT_DEL,
"del" },
2355 { XFRM_MSG_GETSA, NL_ACT_GET,
"get" },
2356 { XFRM_MSG_EXPIRE, NL_ACT_UNSPEC,
"expire"},
2357 { XFRM_MSG_UPDSA, NL_ACT_NEW,
"update"},
2358 END_OF_MSGTYPES_LIST,
2360 .co_protocol = NETLINK_XFRM,
2361 .co_groups = xfrm_sa_groups,
2362 .co_request_update = xfrm_sa_request_update,
2363 .co_msg_parser = xfrm_sa_msg_parser,
2364 .co_obj_ops = &xfrm_sa_obj_ops,
2365 .co_include_event = &xfrm_sa_update_cache
2373static void _nl_init xfrm_sa_init(
void)
2378static void _nl_exit xfrm_sa_exit(
void)
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
struct nl_addr * nl_addr_get(struct nl_addr *addr)
Increase the reference counter of an abstract address.
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
Compare abstract addresses.
struct nl_addr * nl_addr_clone(const struct nl_addr *addr)
Clone existing abstract address object.
int nl_addr_get_family(const struct nl_addr *addr)
Return address family.
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
void nl_addr_put(struct nl_addr *addr)
Decrease the reference counter of an abstract address.
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
int nla_put(struct nl_msg *msg, int attrtype, int datalen, const void *data)
Add a unspecific attribute to netlink message.
struct nlattr * nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
Reserve space for a attribute.
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
struct nl_object * nl_cache_search(struct nl_cache *cache, struct nl_object *needle)
Search object in cache.
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
void nl_cache_remove(struct nl_object *obj)
Remove object from cache.
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
int nl_cache_move(struct nl_cache *cache, struct nl_object *obj)
Move object from one cache to another.
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, const struct nla_policy *policy)
parse attributes of a netlink message
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
int nl_object_get_msgtype(const struct nl_object *obj)
Return the netlink message type the object was derived from.
uint64_t nl_object_diff64(struct nl_object *a, struct nl_object *b)
Compute bitmask representing difference in attribute values.
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
@ NL_DUMP_STATS
Dump all attributes including statistics.
@ NL_DUMP_LINE
Dump object briefly on one line.
@ NL_DUMP_DETAILS
Dump all attributes but no statistics.
Attribute validation policy.
uint16_t minlen
Minimal length of payload required.
uint16_t type
Type of attribute or NLA_UNSPEC.