libnl  3.2.27
sp.c
1 /*
2  * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
3  *
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  *
12  * Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the
15  * distribution.
16  *
17  * Neither the name of Texas Instruments Incorporated nor the names of
18  * its contributors may be used to endorse or promote products derived
19  * from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  */
34 
35 /**
36  * @ingroup xfrmnl
37  * @defgroup sp Security Policy
38  * @brief
39  */
40 
41 #include <netlink-private/netlink.h>
42 #include <netlink/netlink.h>
43 #include <netlink/cache.h>
44 #include <netlink/object.h>
45 #include <netlink/xfrm/selector.h>
46 #include <netlink/xfrm/lifetime.h>
47 #include <netlink/xfrm/template.h>
48 #include <netlink/xfrm/sp.h>
49 
50 /** @cond SKIP */
51 #define XFRM_SP_ATTR_SEL 0x01
52 #define XFRM_SP_ATTR_LTIME_CFG 0x02
53 #define XFRM_SP_ATTR_LTIME_CUR 0x04
54 #define XFRM_SP_ATTR_PRIO 0x08
55 #define XFRM_SP_ATTR_INDEX 0x10
56 #define XFRM_SP_ATTR_DIR 0x20
57 #define XFRM_SP_ATTR_ACTION 0x40
58 #define XFRM_SP_ATTR_FLAGS 0x80
59 #define XFRM_SP_ATTR_SHARE 0x100
60 #define XFRM_SP_ATTR_POLTYPE 0x200
61 #define XFRM_SP_ATTR_SECCTX 0x400
62 #define XFRM_SP_ATTR_TMPL 0x800
63 #define XFRM_SP_ATTR_MARK 0x1000
64 
65 static struct nl_cache_ops xfrmnl_sp_ops;
66 static struct nl_object_ops xfrm_sp_obj_ops;
67 /** @endcond */
68 
69 static void xfrm_sp_alloc_data(struct nl_object *c)
70 {
71  struct xfrmnl_sp* sp = nl_object_priv (c);
72 
73  if ((sp->sel = xfrmnl_sel_alloc ()) == NULL)
74  return;
75 
76  if ((sp->lft = xfrmnl_ltime_cfg_alloc ()) == NULL)
77  return;
78 
79  nl_init_list_head(&sp->usertmpl_list);
80 
81  return;
82 }
83 
84 static void xfrm_sp_free_data(struct nl_object *c)
85 {
86  struct xfrmnl_sp* sp = nl_object_priv (c);
87  struct xfrmnl_user_tmpl *utmpl, *tmp;
88 
89  if (sp == NULL)
90  return;
91 
92  xfrmnl_sel_put (sp->sel);
93  xfrmnl_ltime_cfg_put (sp->lft);
94 
95  if(sp->sec_ctx)
96  {
97  free (sp->sec_ctx);
98  }
99 
100  nl_list_for_each_entry_safe(utmpl, tmp, &sp->usertmpl_list, utmpl_list) {
101  xfrmnl_sp_remove_usertemplate (sp, utmpl);
102  xfrmnl_user_tmpl_free (utmpl);
103  }
104 }
105 
106 static int xfrm_sp_clone(struct nl_object *_dst, struct nl_object *_src)
107 {
108  struct xfrmnl_sp* dst = nl_object_priv(_dst);
109  struct xfrmnl_sp* src = nl_object_priv(_src);
110  uint32_t len = 0;
111  struct xfrmnl_user_tmpl *utmpl, *new;
112 
113  if (src->sel)
114  if ((dst->sel = xfrmnl_sel_clone (src->sel)) == NULL)
115  return -NLE_NOMEM;
116 
117  if (src->lft)
118  if ((dst->lft = xfrmnl_ltime_cfg_clone (src->lft)) == NULL)
119  return -NLE_NOMEM;
120 
121  if(src->sec_ctx)
122  {
123  len = sizeof (struct xfrmnl_user_sec_ctx) + src->sec_ctx->ctx_len;
124  if ((dst->sec_ctx = calloc (1, len)) == NULL)
125  return -NLE_NOMEM;
126  memcpy ((void *)dst->sec_ctx, (void *)src->sec_ctx, len);
127  }
128 
129  nl_init_list_head(&dst->usertmpl_list);
130  nl_list_for_each_entry(utmpl, &src->usertmpl_list, utmpl_list) {
131  new = xfrmnl_user_tmpl_clone (utmpl);
132  if (!new)
133  return -NLE_NOMEM;
134 
135  xfrmnl_sp_add_usertemplate(dst, new);
136  }
137 
138  return 0;
139 }
140 
141 static int xfrm_sp_compare(struct nl_object *_a, struct nl_object *_b, uint32_t attrs, int flags)
142 {
143  struct xfrmnl_sp* a = (struct xfrmnl_sp *) _a;
144  struct xfrmnl_sp* b = (struct xfrmnl_sp *) _b;
145  struct xfrmnl_user_tmpl *tmpl_a, *tmpl_b;
146  int diff = 0;
147 
148 #define XFRM_SP_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_SP_ATTR_##ATTR, a, b, EXPR)
149  diff |= XFRM_SP_DIFF(SEL, xfrmnl_sel_cmp(a->sel, b->sel));
150  diff |= XFRM_SP_DIFF(LTIME_CFG, xfrmnl_ltime_cfg_cmp(a->lft, b->lft));
151  diff |= XFRM_SP_DIFF(PRIO, a->priority != b->priority);
152  diff |= XFRM_SP_DIFF(INDEX, a->index != b->index);
153  diff |= XFRM_SP_DIFF(DIR, a->dir != b->dir);
154  diff |= XFRM_SP_DIFF(ACTION, a->action != b->action);
155  diff |= XFRM_SP_DIFF(FLAGS, a->flags != b->flags);
156  diff |= XFRM_SP_DIFF(SHARE, a->share != b->share);
157  diff |= XFRM_SP_DIFF(SECCTX,((a->sec_ctx->len != b->sec_ctx->len) ||
158  (a->sec_ctx->exttype != b->sec_ctx->exttype) ||
159  (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
160  (a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
161  (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
162  strcmp(a->sec_ctx->ctx, b->sec_ctx->ctx)));
163  diff |= XFRM_SP_DIFF(POLTYPE,(a->uptype.type != b->uptype.type));
164  diff |= XFRM_SP_DIFF(TMPL,(a->nr_user_tmpl != b->nr_user_tmpl));
165  diff |= XFRM_SP_DIFF(MARK,(a->mark.m != b->mark.m) ||
166  (a->mark.v != b->mark.v));
167 
168  /* Compare the templates */
169  nl_list_for_each_entry(tmpl_b, &b->usertmpl_list, utmpl_list)
170  nl_list_for_each_entry(tmpl_a, &a->usertmpl_list, utmpl_list)
171  diff |= xfrmnl_user_tmpl_cmp (tmpl_a, tmpl_b);
172 #undef XFRM_SP_DIFF
173 
174  return diff;
175 }
176 
177 /**
178  * @name XFRM SP Attribute Translations
179  * @{
180  */
181 static const struct trans_tbl sp_attrs[] = {
182  __ADD(XFRM_SP_ATTR_SEL, selector),
183  __ADD(XFRM_SP_ATTR_LTIME_CFG, lifetime_cfg),
184  __ADD(XFRM_SP_ATTR_LTIME_CUR, lifetime_cur),
185  __ADD(XFRM_SP_ATTR_PRIO, priority),
186  __ADD(XFRM_SP_ATTR_INDEX, index),
187  __ADD(XFRM_SP_ATTR_DIR, direction),
188  __ADD(XFRM_SP_ATTR_ACTION, action),
189  __ADD(XFRM_SP_ATTR_FLAGS, flags),
190  __ADD(XFRM_SP_ATTR_SHARE, share),
191  __ADD(XFRM_SP_ATTR_POLTYPE, policy_type),
192  __ADD(XFRM_SP_ATTR_SECCTX, security_context),
193  __ADD(XFRM_SP_ATTR_TMPL, user_template),
194  __ADD(XFRM_SP_ATTR_MARK, mark),
195 };
196 
197 static char* xfrm_sp_attrs2str(int attrs, char *buf, size_t len)
198 {
199  return __flags2str (attrs, buf, len, sp_attrs, ARRAY_SIZE(sp_attrs));
200 }
201 /** @} */
202 
203 /**
204  * @name XFRM SP Action Translations
205  * @{
206  */
207 static const struct trans_tbl sa_actions[] = {
208  __ADD(XFRM_POLICY_ALLOW, allow),
209  __ADD(XFRM_POLICY_BLOCK, block),
210 };
211 
212 char* xfrmnl_sp_action2str(int action, char *buf, size_t len)
213 {
214  return __type2str (action, buf, len, sa_actions, ARRAY_SIZE(sa_actions));
215 }
216 
217 int xfrmnl_sp_str2action(const char *name)
218 {
219  return __str2type (name, sa_actions, ARRAY_SIZE(sa_actions));
220 }
221 /** @} */
222 
223 /**
224  * @name XFRM SP Flags Translations
225  * @{
226  */
227 static const struct trans_tbl sp_flags[] = {
228  __ADD(XFRM_POLICY_LOCALOK, allow policy override by user),
229  __ADD(XFRM_POLICY_ICMP, auto include ICMP in policy),
230 };
231 
232 char* xfrmnl_sp_flags2str(int flags, char *buf, size_t len)
233 {
234  return __flags2str (flags, buf, len, sp_flags, ARRAY_SIZE(sp_flags));
235 }
236 
237 int xfrmnl_sp_str2flag(const char *name)
238 {
239  return __str2flags(name, sp_flags, ARRAY_SIZE(sp_flags));
240 }
241 /** @} */
242 
243 /**
244  * @name XFRM SP Type Translations
245  * @{
246  */
247 static const struct trans_tbl sp_types[] = {
248  __ADD(XFRM_POLICY_TYPE_MAIN, main),
249  __ADD(XFRM_POLICY_TYPE_SUB, sub),
250  __ADD(XFRM_POLICY_TYPE_MAX, max),
251  __ADD(XFRM_POLICY_TYPE_ANY, any),
252 };
253 
254 char* xfrmnl_sp_type2str(int type, char *buf, size_t len)
255 {
256  return __type2str(type, buf, len, sp_types, ARRAY_SIZE(sp_types));
257 }
258 
259 int xfrmnl_sp_str2type(const char *name)
260 {
261  return __str2type(name, sp_types, ARRAY_SIZE(sp_types));
262 }
263 /** @} */
264 
265 /**
266  * @name XFRM SP Direction Translations
267  * @{
268  */
269 static const struct trans_tbl sp_dir[] = {
270  __ADD(XFRM_POLICY_IN, in),
271  __ADD(XFRM_POLICY_OUT, out),
272  __ADD(XFRM_POLICY_FWD, fwd),
273  __ADD(XFRM_POLICY_MASK, mask),
274 };
275 
276 char* xfrmnl_sp_dir2str(int dir, char *buf, size_t len)
277 {
278  return __type2str (dir, buf, len, sp_dir, ARRAY_SIZE(sp_dir));
279 }
280 
281 int xfrmnl_sp_str2dir(const char *name)
282 {
283  return __str2type (name, sp_dir, ARRAY_SIZE(sp_dir));
284 }
285 
286 int xfrmnl_sp_index2dir (unsigned int index)
287 {
288  return index & 0x7;
289 }
290 /** @} */
291 
292 /**
293  * @name XFRM SP Share Translations
294  * @{
295  */
296 static const struct trans_tbl sp_share[] = {
297  __ADD(XFRM_SHARE_ANY, any),
298  __ADD(XFRM_SHARE_SESSION, session),
299  __ADD(XFRM_SHARE_USER, user),
300  __ADD(XFRM_SHARE_UNIQUE, unique),
301 };
302 
303 char* xfrmnl_sp_share2str(int share, char *buf, size_t len)
304 {
305  return __type2str (share, buf, len, sp_share, ARRAY_SIZE(sp_share));
306 }
307 
308 int xfrmnl_sp_str2share(const char *name)
309 {
310  return __str2type (name, sp_share, ARRAY_SIZE(sp_share));
311 }
312 /** @} */
313 
314 static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p)
315 {
316  struct xfrmnl_sp* sp = (struct xfrmnl_sp *) a;
317  char dir[32], action[32], share[32], flags[32];
318  char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
319  time_t add_time, use_time;
320  struct tm *add_time_tm, *use_time_tm;
321 
322  nl_addr2str(xfrmnl_sel_get_saddr (sp->sel), src, sizeof(src));
323  nl_addr2str (xfrmnl_sel_get_daddr (sp->sel), dst, sizeof (dst));
324  nl_af2str (xfrmnl_sel_get_family (sp->sel), dir, 32);
325  nl_dump_line(p, "src %s dst %s family: %s\n", src, dst, dir);
326  nl_dump_line (p, "src port/mask: %d/%d dst port/mask: %d/%d\n",
327  xfrmnl_sel_get_dport (sp->sel), xfrmnl_sel_get_dportmask (sp->sel),
328  xfrmnl_sel_get_sport (sp->sel), xfrmnl_sel_get_sportmask (sp->sel));
329  nl_dump_line (p, "protocol: %s ifindex: %u uid: %u\n",
330  nl_ip_proto2str (xfrmnl_sel_get_proto (sp->sel), dir, sizeof(dir)),
331  xfrmnl_sel_get_ifindex (sp->sel),
332  xfrmnl_sel_get_userid (sp->sel));
333 
334  xfrmnl_sp_dir2str (sp->dir, dir, 32);
335  xfrmnl_sp_action2str (sp->action, action, 32);
336  xfrmnl_sp_share2str (sp->share, share, 32);
337  xfrmnl_sp_flags2str (sp->flags, flags, 32);
338  nl_dump_line(p, "\tdir: %s action: %s index: %u priority: %u share: %s flags: %s(0x%x) \n",
339  dir, action, sp->index, sp->priority, share, flags, sp->flags);
340 
341  nl_dump_line(p, "\tlifetime configuration: \n");
342  if (sp->lft->soft_byte_limit == XFRM_INF)
343  sprintf (dir, "INF");
344  else
345  sprintf (dir, "%" PRIu64, sp->lft->soft_byte_limit);
346  if (sp->lft->soft_packet_limit == XFRM_INF)
347  sprintf (action, "INF");
348  else
349  sprintf (action, "%" PRIu64, sp->lft->soft_packet_limit);
350  if (sp->lft->hard_byte_limit == XFRM_INF)
351  sprintf (flags, "INF");
352  else
353  sprintf (flags, "%" PRIu64, sp->lft->hard_byte_limit);
354  if (sp->lft->hard_packet_limit == XFRM_INF)
355  sprintf (share, "INF");
356  else
357  sprintf (share, "%" PRIu64, sp->lft->hard_packet_limit);
358  nl_dump_line(p, "\t\tsoft limit: %s (bytes), %s (packets) \n", dir, action);
359  nl_dump_line(p, "\t\thard limit: %s (bytes), %s (packets) \n", flags, share);
360  nl_dump_line(p, "\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
361  sp->lft->soft_add_expires_seconds, sp->lft->soft_use_expires_seconds);
362  nl_dump_line(p, "\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
363  sp->lft->hard_add_expires_seconds, sp->lft->hard_use_expires_seconds);
364 
365  nl_dump_line(p, "\tlifetime current: \n");
366  nl_dump_line(p, "\t\t%llu bytes, %llu packets\n", sp->curlft.bytes, sp->curlft.packets);
367 
368  if (sp->curlft.add_time != 0)
369  {
370  add_time = sp->curlft.add_time;
371  add_time_tm = gmtime (&add_time);
372  strftime (dst, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", add_time_tm);
373  }
374  else
375  {
376  sprintf (dst, "%s", "-");
377  }
378 
379  if (sp->curlft.use_time != 0)
380  {
381  use_time = sp->curlft.use_time;
382  use_time_tm = gmtime (&use_time);
383  strftime (src, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", use_time_tm);
384  }
385  else
386  {
387  sprintf (src, "%s", "-");
388  }
389  nl_dump_line(p, "\t\tadd_time: %s, use_time: %s\n", dst, src);
390 
391  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
392  {
393  nl_dump_line(p, "\tUser security context: \n");
394  nl_dump_line(p, "\t\tlen: %d exttype: %d Algo: %d DOI: %d ctxlen: %d\n",
395  sp->sec_ctx->len, sp->sec_ctx->exttype,
396  sp->sec_ctx->ctx_alg, sp->sec_ctx->ctx_doi, sp->sec_ctx->ctx_len);
397  nl_dump_line (p, "\t\tctx: %s \n", sp->sec_ctx->ctx);
398  }
399 
400  xfrmnl_sp_type2str (sp->uptype.type, flags, 32);
401  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
402  nl_dump_line(p, "\tUser policy type: %s\n", flags);
403 
404  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
405  {
406  struct xfrmnl_user_tmpl* utmpl;
407 
408  nl_dump_line(p, "\tUser template: \n");
409 
410  nl_list_for_each_entry(utmpl, &sp->usertmpl_list, utmpl_list)
411  xfrmnl_user_tmpl_dump (utmpl, p);
412  }
413 
414  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
415  nl_dump_line(p, "\tMark mask: 0x%x Mark value: 0x%x\n", sp->mark.m, sp->mark.v);
416 
417  nl_dump(p, "\n");
418 }
419 
420 static void xfrm_sp_dump_details(struct nl_object *a, struct nl_dump_params *p)
421 {
422  xfrm_sp_dump_line(a, p);
423 }
424 
425 static void xfrm_sp_dump_stats(struct nl_object *a, struct nl_dump_params *p)
426 {
427  xfrm_sp_dump_details(a, p);
428 
429  return;
430 }
431 
432 /**
433  * @name XFRM SP Object Allocation/Freeage
434  * @{
435  */
436 
437 struct xfrmnl_sp* xfrmnl_sp_alloc(void)
438 {
439  return (struct xfrmnl_sp*) nl_object_alloc(&xfrm_sp_obj_ops);
440 }
441 
442 void xfrmnl_sp_put(struct xfrmnl_sp* sp)
443 {
444  nl_object_put((struct nl_object *) sp);
445 }
446 
447 /** @} */
448 
449 /**
450  * @name SP Cache Managament
451  * @{
452  */
453 
454 /**
455  * Build a SP cache including all SPs currently configured in the kernel.
456  * @arg sock Netlink socket.
457  * @arg result Pointer to store resulting cache.
458  *
459  * Allocates a new SP cache, initializes it properly and updates it
460  * to include all SPs currently configured in the kernel.
461  *
462  * @return 0 on success or a negative error code.
463  */
464 int xfrmnl_sp_alloc_cache(struct nl_sock *sock, struct nl_cache **result)
465 {
466  return nl_cache_alloc_and_fill(&xfrmnl_sp_ops, sock, result);
467 }
468 
469 /**
470  * Look up a SP by policy id and direction
471  * @arg cache SP cache
472  * @arg index Policy Id
473  * @arg dir direction
474  * @return sp handle or NULL if no match was found.
475  */
476 struct xfrmnl_sp* xfrmnl_sp_get(struct nl_cache* cache, unsigned int index, unsigned int dir)
477 {
478  struct xfrmnl_sp *sp;
479 
480  //nl_list_for_each_entry(sp, &cache->c_items, ce_list) {
481  for (sp = (struct xfrmnl_sp*)nl_cache_get_first (cache);
482  sp != NULL;
483  sp = (struct xfrmnl_sp*)nl_cache_get_next ((struct nl_object*)sp))
484  {
485  if (sp->index == index && sp->dir == dir)
486  {
487  nl_object_get((struct nl_object *) sp);
488  return sp;
489  }
490  }
491 
492  return NULL;
493 }
494 
495 
496 /** @} */
497 
498 
499 static struct nla_policy xfrm_sp_policy[XFRMA_MAX+1] = {
500  [XFRMA_POLICY] = { .minlen = sizeof(struct xfrm_userpolicy_info)},
501  [XFRMA_SEC_CTX] = { .minlen = sizeof(struct xfrm_sec_ctx) },
502  [XFRMA_TMPL] = { .minlen = sizeof(struct xfrm_user_tmpl) },
503  [XFRMA_POLICY_TYPE] = { .minlen = sizeof(struct xfrm_userpolicy_type)},
504  [XFRMA_MARK] = { .minlen = sizeof(struct xfrm_mark) },
505 };
506 
507 static int xfrm_sp_request_update(struct nl_cache *c, struct nl_sock *h)
508 {
509  struct xfrm_userpolicy_id sp_id;
510 
511  memset (&sp_id, 0, sizeof (sp_id));
512  return nl_send_simple (h, XFRM_MSG_GETPOLICY, NLM_F_DUMP,
513  &sp_id, sizeof (sp_id));
514 }
515 
516 int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
517 {
518  struct xfrmnl_sp *sp;
519  struct nlattr *tb[XFRMA_MAX + 1];
520  struct xfrm_userpolicy_info *sp_info;
521  int len, err;
522  struct nl_addr* addr;
523 
524  sp = xfrmnl_sp_alloc();
525  if (!sp) {
526  err = -NLE_NOMEM;
527  goto errout;
528  }
529 
530  sp->ce_msgtype = n->nlmsg_type;
531  if (n->nlmsg_type == XFRM_MSG_DELPOLICY)
532  {
533  sp_info = (struct xfrm_userpolicy_info*)(nlmsg_data(n) + sizeof (struct xfrm_userpolicy_id) + NLA_HDRLEN);
534  }
535  else
536  {
537  sp_info = nlmsg_data(n);
538  }
539 
540  err = nlmsg_parse(n, sizeof(struct xfrm_userpolicy_info), tb, XFRMA_MAX, xfrm_sp_policy);
541  if (err < 0)
542  {
543  printf ("parse error: %d \n", err);
544  goto errout;
545  }
546 
547  if (sp_info->sel.family == AF_INET)
548  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4));
549  else
550  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
551  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
552  xfrmnl_sel_set_daddr (sp->sel, addr);
553  xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
554 
555  if (sp_info->sel.family == AF_INET)
556  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4));
557  else
558  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
559  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
560  xfrmnl_sel_set_saddr (sp->sel, addr);
561  xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s);
562 
563  xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport));
564  xfrmnl_sel_set_dportmask (sp->sel, ntohs (sp_info->sel.dport_mask));
565  xfrmnl_sel_set_sport (sp->sel, ntohs (sp_info->sel.sport));
566  xfrmnl_sel_set_sportmask (sp->sel, ntohs (sp_info->sel.sport_mask));
567  xfrmnl_sel_set_family (sp->sel, sp_info->sel.family);
568  xfrmnl_sel_set_proto (sp->sel, sp_info->sel.proto);
569  xfrmnl_sel_set_ifindex (sp->sel, sp_info->sel.ifindex);
570  xfrmnl_sel_set_userid (sp->sel, sp_info->sel.user);
571  sp->ce_mask |= XFRM_SP_ATTR_SEL;
572 
573  sp->lft->soft_byte_limit = sp_info->lft.soft_byte_limit;
574  sp->lft->hard_byte_limit = sp_info->lft.hard_byte_limit;
575  sp->lft->soft_packet_limit = sp_info->lft.soft_packet_limit;
576  sp->lft->hard_packet_limit = sp_info->lft.hard_packet_limit;
577  sp->lft->soft_add_expires_seconds = sp_info->lft.soft_add_expires_seconds;
578  sp->lft->hard_add_expires_seconds = sp_info->lft.hard_add_expires_seconds;
579  sp->lft->soft_use_expires_seconds = sp_info->lft.soft_use_expires_seconds;
580  sp->lft->hard_use_expires_seconds = sp_info->lft.hard_use_expires_seconds;
581  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
582 
583  sp->curlft.bytes = sp_info->curlft.bytes;
584  sp->curlft.packets = sp_info->curlft.packets;
585  sp->curlft.add_time = sp_info->curlft.add_time;
586  sp->curlft.use_time = sp_info->curlft.use_time;
587  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CUR;
588 
589  sp->priority = sp_info->priority;
590  sp->index = sp_info->index;
591  sp->dir = sp_info->dir;
592  sp->action = sp_info->action;
593  sp->flags = sp_info->flags;
594  sp->share = sp_info->share;
595  sp->ce_mask |= (XFRM_SP_ATTR_PRIO | XFRM_SP_ATTR_INDEX |
596  XFRM_SP_ATTR_DIR | XFRM_SP_ATTR_ACTION |
597  XFRM_SP_ATTR_FLAGS | XFRM_SP_ATTR_SHARE);
598 
599  if (tb[XFRMA_SEC_CTX]) {
600  struct xfrm_user_sec_ctx* ctx = nla_data(tb[XFRMA_SEC_CTX]);
601  len = sizeof (struct xfrmnl_user_sec_ctx) + ctx->ctx_len;
602  if ((sp->sec_ctx = calloc (1, len)) == NULL)
603  {
604  err = -NLE_NOMEM;
605  goto errout;
606  }
607  memcpy ((void *)sp->sec_ctx, (void *)ctx, len);
608  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
609  }
610 
611  if (tb[XFRMA_POLICY_TYPE]) {
612  struct xfrm_userpolicy_type* up = nla_data(tb[XFRMA_POLICY_TYPE]);
613  memcpy ((void *)&sp->uptype, (void *)up, sizeof (struct xfrm_userpolicy_type));
614  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
615  }
616 
617  if (tb[XFRMA_TMPL]) {
618  struct xfrm_user_tmpl* tmpl = nla_data(tb[XFRMA_TMPL]);
619  struct xfrmnl_user_tmpl* sputmpl;
620  uint32_t i;
621  uint32_t num_tmpls = nla_len(tb[XFRMA_TMPL]) / sizeof (*tmpl);
622  struct nl_addr* addr;
623 
624  for (i = 0; (i < num_tmpls) && (tmpl); i ++, tmpl++)
625  {
626  if ((sputmpl = xfrmnl_user_tmpl_alloc ()) == NULL)
627  {
628  err = -NLE_NOMEM;
629  goto errout;
630  }
631 
632  if (tmpl->family == AF_INET)
633  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4));
634  else
635  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
636  xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
637  xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi));
638  xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto);
639  xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
640 
641  if (tmpl->family == AF_INET)
642  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4));
643  else
644  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
645  xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
646 
647  xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid);
648  xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode);
649  xfrmnl_user_tmpl_set_share (sputmpl, tmpl->share);
650  xfrmnl_user_tmpl_set_optional (sputmpl, tmpl->optional);
651  xfrmnl_user_tmpl_set_aalgos (sputmpl, tmpl->aalgos);
652  xfrmnl_user_tmpl_set_ealgos (sputmpl, tmpl->ealgos);
653  xfrmnl_user_tmpl_set_calgos (sputmpl, tmpl->calgos);
654  xfrmnl_sp_add_usertemplate (sp, sputmpl);
655 
656  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
657  }
658  }
659 
660  if (tb[XFRMA_MARK]) {
661  struct xfrm_mark* m = nla_data(tb[XFRMA_MARK]);
662  sp->mark.m = m->m;
663  sp->mark.v = m->v;
664  sp->ce_mask |= XFRM_SP_ATTR_MARK;
665  }
666 
667  *result = sp;
668  return 0;
669 
670 errout:
671  xfrmnl_sp_put(sp);
672  return err;
673 }
674 
675 static int xfrm_sp_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
676  struct nlmsghdr *n, struct nl_parser_param *pp)
677 {
678  struct xfrmnl_sp* sp;
679  int err;
680 
681  if ((err = xfrmnl_sp_parse(n, &sp)) < 0)
682  {
683  printf ("received error: %d \n", err);
684  return err;
685  }
686 
687  err = pp->pp_cb((struct nl_object *) sp, pp);
688 
689  xfrmnl_sp_put(sp);
690  return err;
691 }
692 
693 /**
694  * @name XFRM SP Get
695  * @{
696  */
697 
698 int xfrmnl_sp_build_get_request(unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct nl_msg **result)
699 {
700  struct nl_msg *msg;
701  struct xfrm_userpolicy_id spid;
702  struct xfrm_mark mark;
703 
704  memset(&spid, 0, sizeof(spid));
705  spid.index = index;
706  spid.dir = dir;
707 
708  if (!(msg = nlmsg_alloc_simple(XFRM_MSG_GETPOLICY, 0)))
709  return -NLE_NOMEM;
710 
711  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
712  goto nla_put_failure;
713 
714  if ((mark_m & mark_v) != 0)
715  {
716  memset(&mark, 0, sizeof(struct xfrm_mark));
717  mark.m = mark_m;
718  mark.v = mark_v;
719 
720  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &mark);
721  }
722 
723  *result = msg;
724  return 0;
725 
726 nla_put_failure:
727  nlmsg_free(msg);
728  return -NLE_MSGSIZE;
729 }
730 
731 int xfrmnl_sp_get_kernel(struct nl_sock* sock, unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct xfrmnl_sp** result)
732 {
733  struct nl_msg *msg = NULL;
734  struct nl_object *obj;
735  int err;
736 
737  if ((err = xfrmnl_sp_build_get_request(index, dir, mark_m, mark_v, &msg)) < 0)
738  return err;
739 
740  err = nl_send_auto(sock, msg);
741  nlmsg_free(msg);
742  if (err < 0)
743  return err;
744 
745  if ((err = nl_pickup(sock, &xfrm_sp_msg_parser, &obj)) < 0)
746  return err;
747 
748  /* We have used xfrm_sp_msg_parser(), object is definitely a xfrm ae */
749  *result = (struct xfrmnl_sp *) obj;
750 
751  /* If an object has been returned, we also need to wait for the ACK */
752  if (err == 0 && obj)
753  nl_wait_for_ack(sock);
754 
755  return 0;
756 }
757 
758 /** @} */
759 
760 static int build_xfrm_sp_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
761 {
762  struct nl_msg* msg;
763  struct xfrm_userpolicy_info sp_info;
764  uint32_t len;
765  struct nl_addr* addr;
766 
767  if (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) ||
768  !(tmpl->ce_mask & XFRM_SP_ATTR_DIR))
769  return -NLE_MISSING_ATTR;
770 
771  memset ((void*)&sp_info, 0, sizeof (sp_info));
772  if (tmpl->ce_mask & XFRM_SP_ATTR_SEL)
773  {
774  addr = xfrmnl_sel_get_daddr (tmpl->sel);
775  memcpy ((void*)&sp_info.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
776  addr = xfrmnl_sel_get_saddr (tmpl->sel);
777  memcpy ((void*)&sp_info.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
778  sp_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
779  sp_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
780  sp_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
781  sp_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
782  sp_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
783  sp_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
784  sp_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
785  sp_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
786  sp_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
787  sp_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
788  }
789 
790  if (tmpl->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
791  {
792  sp_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
793  sp_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
794  sp_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
795  sp_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
796  sp_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
797  sp_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
798  sp_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
799  sp_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
800  }
801 
802  //Skip current lifetime: cur lifetime can be updated only via AE
803 
804  if (tmpl->ce_mask & XFRM_SP_ATTR_PRIO)
805  sp_info.priority = tmpl->priority;
806 
807  if (tmpl->ce_mask & XFRM_SP_ATTR_INDEX)
808  sp_info.index = tmpl->index;
809 
810  if (tmpl->ce_mask & XFRM_SP_ATTR_DIR)
811  sp_info.dir = tmpl->dir;
812 
813  if (tmpl->ce_mask & XFRM_SP_ATTR_ACTION)
814  sp_info.action = tmpl->action;
815 
816  if (tmpl->ce_mask & XFRM_SP_ATTR_FLAGS)
817  sp_info.flags = tmpl->flags;
818 
819  if (tmpl->ce_mask & XFRM_SP_ATTR_SHARE)
820  sp_info.share = tmpl->share;
821 
822  msg = nlmsg_alloc_simple(cmd, flags);
823  if (!msg)
824  return -NLE_NOMEM;
825 
826  if (nlmsg_append(msg, &sp_info, sizeof(sp_info), NLMSG_ALIGNTO) < 0)
827  goto nla_put_failure;
828 
829  if (tmpl->ce_mask & XFRM_SP_ATTR_SECCTX) {
830  len = (sizeof (struct xfrm_user_sec_ctx)) + tmpl->sec_ctx->ctx_len;
831  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
832  }
833 
834  if (tmpl->ce_mask & XFRM_SP_ATTR_POLTYPE) {
835  len = sizeof (struct xfrm_userpolicy_type);
836  NLA_PUT (msg, XFRMA_POLICY_TYPE, len, &tmpl->uptype);
837  }
838 
839  if (tmpl->ce_mask & XFRM_SP_ATTR_TMPL) {
840  struct nlattr* tmpls;
841  struct xfrmnl_user_tmpl* utmpl;
842  struct nl_addr* addr;
843 
844  if (!(tmpls = nla_nest_start(msg, XFRMA_TMPL)))
845  goto nla_put_failure;
846 
847  nl_list_for_each_entry(utmpl, &tmpl->usertmpl_list, utmpl_list) {
848  struct xfrm_user_tmpl* tmpl;
849 
850  tmpl = nlmsg_reserve(msg, sizeof(*tmpl), NLMSG_ALIGNTO);
851  if (!tmpl)
852  goto nla_put_failure;
853  addr = xfrmnl_user_tmpl_get_daddr (utmpl);
854  memcpy ((void *)&tmpl->id.daddr, nl_addr_get_binary_addr (addr),
855  nl_addr_get_len (addr));
856  tmpl->id.spi = htonl(xfrmnl_user_tmpl_get_spi (utmpl));
857  tmpl->id.proto = xfrmnl_user_tmpl_get_proto (utmpl);
858  tmpl->family = xfrmnl_user_tmpl_get_family (utmpl);
859  addr = xfrmnl_user_tmpl_get_saddr (utmpl);
860  memcpy ((void *)&tmpl->saddr, nl_addr_get_binary_addr (addr),
861  nl_addr_get_len (addr));
862  tmpl->reqid = xfrmnl_user_tmpl_get_reqid (utmpl);
863  tmpl->mode = xfrmnl_user_tmpl_get_mode (utmpl);
864  tmpl->share = xfrmnl_user_tmpl_get_share (utmpl);
865  tmpl->optional = xfrmnl_user_tmpl_get_optional (utmpl);
866  tmpl->aalgos = xfrmnl_user_tmpl_get_aalgos (utmpl);
867  tmpl->ealgos = xfrmnl_user_tmpl_get_ealgos (utmpl);
868  tmpl->calgos = xfrmnl_user_tmpl_get_calgos (utmpl);
869  }
870  nla_nest_end(msg, tmpls);
871  }
872 
873  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
874  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
875  }
876 
877  *result = msg;
878  return 0;
879 
880 nla_put_failure:
881  nlmsg_free(msg);
882  return -NLE_MSGSIZE;
883 }
884 
885 /**
886  * @name XFRM SP Add
887  * @{
888  */
889 
890 int xfrmnl_sp_build_add_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
891 {
892  return build_xfrm_sp_message (tmpl, XFRM_MSG_NEWPOLICY, flags, result);
893 }
894 
895 int xfrmnl_sp_add(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
896 {
897  int err;
898  struct nl_msg *msg;
899 
900  if ((err = xfrmnl_sp_build_add_request(tmpl, flags, &msg)) < 0)
901  return err;
902 
903  err = nl_send_auto_complete(sk, msg);
904  nlmsg_free(msg);
905  if (err < 0)
906  return err;
907 
908  return nl_wait_for_ack(sk);
909 }
910 
911 /**
912  * @name XFRM SP Update
913  * @{
914  */
915 
916 int xfrmnl_sp_build_update_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
917 {
918  return build_xfrm_sp_message (tmpl, XFRM_MSG_UPDPOLICY, flags, result);
919 }
920 
921 int xfrmnl_sp_update(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
922 {
923  int err;
924  struct nl_msg *msg;
925 
926  if ((err = xfrmnl_sp_build_update_request(tmpl, flags, &msg)) < 0)
927  return err;
928 
929  err = nl_send_auto_complete(sk, msg);
930  nlmsg_free(msg);
931  if (err < 0)
932  return err;
933 
934  return nl_wait_for_ack(sk);
935 }
936 
937 /** @} */
938 
939 static int build_xfrm_sp_delete_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
940 {
941  struct nl_msg* msg;
942  struct xfrm_userpolicy_id spid;
943 
944  if (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) ||
945  !(tmpl->ce_mask & XFRM_SP_ATTR_DIR))
946  return -NLE_MISSING_ATTR;
947 
948  memset(&spid, 0, sizeof(spid));
949  spid.index = tmpl->index;
950  spid.dir = tmpl->dir;
951 
952  msg = nlmsg_alloc_simple(cmd, flags);
953  if (!msg)
954  return -NLE_NOMEM;
955 
956  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
957  goto nla_put_failure;
958 
959  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
960  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
961  }
962 
963  *result = msg;
964  return 0;
965 
966 nla_put_failure:
967  nlmsg_free(msg);
968  return -NLE_MSGSIZE;
969 }
970 
971 /**
972  * @name XFRM SA Delete
973  * @{
974  */
975 
976 int xfrmnl_sp_build_delete_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
977 {
978  return build_xfrm_sp_delete_message (tmpl, XFRM_MSG_DELPOLICY, flags, result);
979 }
980 
981 int xfrmnl_sp_delete(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
982 {
983  int err;
984  struct nl_msg *msg;
985 
986  if ((err = xfrmnl_sp_build_delete_request(tmpl, flags, &msg)) < 0)
987  return err;
988 
989  err = nl_send_auto_complete(sk, msg);
990  nlmsg_free(msg);
991  if (err < 0)
992  return err;
993 
994  return nl_wait_for_ack(sk);
995 }
996 
997 /** @} */
998 
999 
1000 /**
1001  * @name Attributes
1002  * @{
1003  */
1004 
1005 struct xfrmnl_sel* xfrmnl_sp_get_sel (struct xfrmnl_sp* sp)
1006 {
1007  if (sp->ce_mask & XFRM_SP_ATTR_SEL)
1008  return sp->sel;
1009  else
1010  return NULL;
1011 }
1012 
1013 int xfrmnl_sp_set_sel (struct xfrmnl_sp* sp, struct xfrmnl_sel* sel)
1014 {
1015  /* Release any previously held selector object from the SP */
1016  if (sp->sel)
1017  xfrmnl_sel_put (sp->sel);
1018 
1019  /* Increment ref count on new selector and save it in the SP */
1020  xfrmnl_sel_get (sel);
1021  sp->sel = sel;
1022  sp->ce_mask |= XFRM_SP_ATTR_SEL;
1023 
1024  return 0;
1025 }
1026 
1027 struct xfrmnl_ltime_cfg* xfrmnl_sp_get_lifetime_cfg (struct xfrmnl_sp* sp)
1028 {
1029  if (sp->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
1030  return sp->lft;
1031  else
1032  return NULL;
1033 }
1034 
1035 int xfrmnl_sp_set_lifetime_cfg (struct xfrmnl_sp* sp, struct xfrmnl_ltime_cfg* ltime)
1036 {
1037  /* Release any previously held lifetime cfg object from the SP */
1038  if (sp->lft)
1039  xfrmnl_ltime_cfg_put (sp->lft);
1040 
1041  /* Increment ref count on new lifetime object and save it in the SP */
1042  xfrmnl_ltime_cfg_get (ltime);
1043  sp->lft = ltime;
1044  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
1045 
1046  return 0;
1047 }
1048 
1049 int xfrmnl_sp_get_curlifetime (struct xfrmnl_sp* sa, unsigned long long int* curr_bytes,
1050  unsigned long long int* curr_packets, unsigned long long int* curr_add_time, unsigned long long int* curr_use_time)
1051 {
1052  if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1053  return -1;
1054 
1055  *curr_bytes = sa->curlft.bytes;
1056  *curr_packets = sa->curlft.packets;
1057  *curr_add_time = sa->curlft.add_time;
1058  *curr_use_time = sa->curlft.use_time;
1059 
1060  return 0;
1061 }
1062 
1063 int xfrmnl_sp_get_priority (struct xfrmnl_sp* sp)
1064 {
1065  if (sp->ce_mask & XFRM_SP_ATTR_PRIO)
1066  return sp->priority;
1067  else
1068  return -1;
1069 }
1070 
1071 int xfrmnl_sp_set_priority (struct xfrmnl_sp* sp, unsigned int prio)
1072 {
1073  sp->priority = prio;
1074  sp->ce_mask |= XFRM_SP_ATTR_PRIO;
1075 
1076  return 0;
1077 }
1078 
1079 int xfrmnl_sp_get_index (struct xfrmnl_sp* sp)
1080 {
1081  if (sp->ce_mask & XFRM_SP_ATTR_INDEX)
1082  return sp->index;
1083  else
1084  return -1;
1085 }
1086 
1087 int xfrmnl_sp_set_index (struct xfrmnl_sp* sp, unsigned int index)
1088 {
1089  sp->index = index;
1090  sp->ce_mask |= XFRM_SP_ATTR_INDEX;
1091 
1092  return 0;
1093 }
1094 
1095 int xfrmnl_sp_get_dir (struct xfrmnl_sp* sp)
1096 {
1097  if (sp->ce_mask & XFRM_SP_ATTR_DIR)
1098  return sp->dir;
1099  else
1100  return -1;
1101 }
1102 
1103 int xfrmnl_sp_set_dir (struct xfrmnl_sp* sp, unsigned int dir)
1104 {
1105  sp->dir = dir;
1106  sp->ce_mask |= XFRM_SP_ATTR_DIR;
1107 
1108  return 0;
1109 }
1110 
1111 int xfrmnl_sp_get_action (struct xfrmnl_sp* sp)
1112 {
1113  if (sp->ce_mask & XFRM_SP_ATTR_ACTION)
1114  return sp->action;
1115  else
1116  return -1;
1117 }
1118 
1119 int xfrmnl_sp_set_action (struct xfrmnl_sp* sp, unsigned int action)
1120 {
1121  sp->action = action;
1122  sp->ce_mask |= XFRM_SP_ATTR_ACTION;
1123 
1124  return 0;
1125 }
1126 
1127 int xfrmnl_sp_get_flags (struct xfrmnl_sp* sp)
1128 {
1129  if (sp->ce_mask & XFRM_SP_ATTR_FLAGS)
1130  return sp->flags;
1131  else
1132  return -1;
1133 }
1134 
1135 int xfrmnl_sp_set_flags (struct xfrmnl_sp* sp, unsigned int flags)
1136 {
1137  sp->flags = flags;
1138  sp->ce_mask |= XFRM_SP_ATTR_FLAGS;
1139 
1140  return 0;
1141 }
1142 
1143 int xfrmnl_sp_get_share (struct xfrmnl_sp* sp)
1144 {
1145  if (sp->ce_mask & XFRM_SP_ATTR_SHARE)
1146  return sp->share;
1147  else
1148  return -1;
1149 }
1150 
1151 int xfrmnl_sp_set_share (struct xfrmnl_sp* sp, unsigned int share)
1152 {
1153  sp->share = share;
1154  sp->ce_mask |= XFRM_SP_ATTR_SHARE;
1155 
1156  return 0;
1157 }
1158 
1159 int xfrmnl_sp_get_sec_ctx (struct xfrmnl_sp* sp, unsigned int* len, unsigned int* exttype, unsigned int* alg, unsigned int* doi, unsigned int* ctx_len, char* ctx_str)
1160 {
1161  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
1162  {
1163  *len = sp->sec_ctx->len;
1164  *exttype= sp->sec_ctx->exttype;
1165  *alg = sp->sec_ctx->ctx_alg;
1166  *doi = sp->sec_ctx->ctx_doi;
1167  *ctx_len= sp->sec_ctx->ctx_len;
1168  memcpy ((void *)ctx_str, (void *)sp->sec_ctx->ctx, sizeof (uint8_t) * sp->sec_ctx->ctx_len);
1169  }
1170  else
1171  return -1;
1172 
1173  return 0;
1174 }
1175 
1176 int xfrmnl_sp_set_sec_ctx (struct xfrmnl_sp* sp, unsigned int len, unsigned int exttype, unsigned int alg, unsigned int doi, unsigned int ctx_len, char* ctx_str)
1177 {
1178  /* Free up the old context string and allocate new one */
1179  if (sp->sec_ctx)
1180  free (sp->sec_ctx);
1181  if ((sp->sec_ctx = calloc (1, sizeof (struct xfrmnl_user_sec_ctx) + (sizeof (uint8_t) * ctx_len))) == NULL)
1182  return -1;
1183 
1184  /* Save the new info */
1185  sp->sec_ctx->len = len;
1186  sp->sec_ctx->exttype = exttype;
1187  sp->sec_ctx->ctx_alg = alg;
1188  sp->sec_ctx->ctx_doi = doi;
1189  sp->sec_ctx->ctx_len = len;
1190  memcpy ((void *)sp->sec_ctx->ctx, (void *)ctx_str, sizeof (uint8_t) * ctx_len);
1191 
1192  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
1193 
1194  return 0;
1195 }
1196 
1197 int xfrmnl_sp_get_userpolicy_type (struct xfrmnl_sp* sp)
1198 {
1199  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
1200  return sp->uptype.type;
1201  else
1202  return -1;
1203 }
1204 
1205 int xfrmnl_sp_set_userpolicy_type (struct xfrmnl_sp* sp, unsigned int type)
1206 {
1207  sp->uptype.type = type;
1208  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
1209 
1210  return 0;
1211 }
1212 
1213 void xfrmnl_sp_add_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1214 {
1215  nl_list_add_tail(&utmpl->utmpl_list, &sp->usertmpl_list);
1216  sp->nr_user_tmpl++;
1217  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
1218 }
1219 
1220 void xfrmnl_sp_remove_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1221 {
1222  if (sp->ce_mask & XFRM_SP_ATTR_TMPL) {
1223  sp->nr_user_tmpl--;
1224  nl_list_del(&utmpl->utmpl_list);
1225  }
1226 }
1227 
1228 struct nl_list_head *xfrmnl_sp_get_usertemplates(struct xfrmnl_sp *sp)
1229 {
1230  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1231  return &sp->usertmpl_list;
1232 
1233  return NULL;
1234 }
1235 
1236 int xfrmnl_sp_get_nusertemplates(struct xfrmnl_sp *sp)
1237 {
1238  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1239  return sp->nr_user_tmpl;
1240 
1241  return 0;
1242 }
1243 
1244 void xfrmnl_sp_foreach_usertemplate(struct xfrmnl_sp *r,
1245  void (*cb)(struct xfrmnl_user_tmpl *, void *),
1246  void *arg)
1247 {
1248  struct xfrmnl_user_tmpl *utmpl;
1249 
1250  if (r->ce_mask & XFRM_SP_ATTR_TMPL) {
1251  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1252  cb(utmpl, arg);
1253  }
1254  }
1255 }
1256 
1257 struct xfrmnl_user_tmpl *xfrmnl_sp_usertemplate_n(struct xfrmnl_sp *r, int n)
1258 {
1259  struct xfrmnl_user_tmpl *utmpl;
1260  uint32_t i;
1261 
1262  if (r->ce_mask & XFRM_SP_ATTR_TMPL && r->nr_user_tmpl > n) {
1263  i = 0;
1264  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1265  if (i == n) return utmpl;
1266  i++;
1267  }
1268  }
1269  return NULL;
1270 }
1271 
1272 int xfrmnl_sp_get_mark (struct xfrmnl_sp* sp, unsigned int* mark_mask, unsigned int* mark_value)
1273 {
1274  if (mark_mask == NULL || mark_value == NULL)
1275  return -1;
1276 
1277  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
1278  {
1279  *mark_mask = sp->mark.m;
1280  *mark_value = sp->mark.v;
1281 
1282  return 0;
1283  }
1284  else
1285  return -1;
1286 }
1287 
1288 int xfrmnl_sp_set_mark (struct xfrmnl_sp* sp, unsigned int value, unsigned int mask)
1289 {
1290  sp->mark.v = value;
1291  sp->mark.m = mask;
1292  sp->ce_mask |= XFRM_SP_ATTR_MARK;
1293 
1294  return 0;
1295 }
1296 
1297 /** @} */
1298 
1299 static struct nl_object_ops xfrm_sp_obj_ops = {
1300  .oo_name = "xfrm/sp",
1301  .oo_size = sizeof(struct xfrmnl_sp),
1302  .oo_constructor = xfrm_sp_alloc_data,
1303  .oo_free_data = xfrm_sp_free_data,
1304  .oo_clone = xfrm_sp_clone,
1305  .oo_dump = {
1306  [NL_DUMP_LINE] = xfrm_sp_dump_line,
1307  [NL_DUMP_DETAILS] = xfrm_sp_dump_details,
1308  [NL_DUMP_STATS] = xfrm_sp_dump_stats,
1309  },
1310  .oo_compare = xfrm_sp_compare,
1311  .oo_attrs2str = xfrm_sp_attrs2str,
1312  .oo_id_attrs = (XFRM_SP_ATTR_SEL | XFRM_SP_ATTR_INDEX | XFRM_SP_ATTR_DIR),
1313 };
1314 
1315 static struct nl_af_group xfrm_sp_groups[] = {
1316  { AF_UNSPEC, XFRMNLGRP_POLICY },
1317  { END_OF_GROUP_LIST },
1318 };
1319 
1320 static struct nl_cache_ops xfrmnl_sp_ops = {
1321  .co_name = "xfrm/sp",
1322  .co_hdrsize = sizeof(struct xfrm_userpolicy_info),
1323  .co_msgtypes = {
1324  { XFRM_MSG_NEWPOLICY, NL_ACT_NEW, "new" },
1325  { XFRM_MSG_DELPOLICY, NL_ACT_DEL, "del" },
1326  { XFRM_MSG_GETPOLICY, NL_ACT_GET, "get" },
1327  { XFRM_MSG_UPDPOLICY, NL_ACT_NEW, "update" },
1328  END_OF_MSGTYPES_LIST,
1329  },
1330  .co_protocol = NETLINK_XFRM,
1331  .co_groups = xfrm_sp_groups,
1332  .co_request_update = xfrm_sp_request_update,
1333  .co_msg_parser = xfrm_sp_msg_parser,
1334  .co_obj_ops = &xfrm_sp_obj_ops,
1335 };
1336 
1337 /**
1338  * @name XFRM SA Cache Managament
1339  * @{
1340  */
1341 
1342 static void __attribute__ ((constructor)) xfrm_sp_init(void)
1343 {
1344  nl_cache_mngt_register(&xfrmnl_sp_ops);
1345 }
1346 
1347 static void __attribute__ ((destructor)) xfrm_sp_exit(void)
1348 {
1349  nl_cache_mngt_unregister(&xfrmnl_sp_ops);
1350 }
1351 
1352 /** @} */
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
Definition: nl.c:1252
Dump object briefly on one line.
Definition: types.h:22
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
Definition: addr.c:917
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
Definition: msg.c:558
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
Definition: msg.c:105
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:54
void * nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
Reserve room for additional data in a netlink message.
Definition: msg.c:407
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Definition: cache_mngt.c:287
Attribute validation policy.
Definition: attr.h:67
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
Definition: object.c:204
struct nl_addr * nl_addr_build(int family, const void *buf, size_t size)
Allocate abstract address based on a binary address.
Definition: addr.c:216
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
Definition: nl.c:1183
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, struct nla_policy *policy)
parse attributes of a netlink message
Definition: msg.c:213
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
Definition: lifetime.c:93
Dump all attributes but no statistics.
Definition: types.h:23
int nla_nest_end(struct nl_msg *msg, struct nlattr *start)
Finalize nesting of attributes.
Definition: attr.c:917
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
Definition: cache_mngt.c:252
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
Definition: attr.h:162
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
Definition: attr.c:120
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
Definition: selector.c:160
int nla_len(const struct nlattr *nla)
Return length of the payload .
Definition: attr.c:131
uint16_t minlen
Minimal length of payload required.
Definition: attr.h:72
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
Definition: nl.c:584
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
Definition: cache.c:145
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
Definition: msg.c:442
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
Definition: nl.c:1117
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:215
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
Definition: msg.c:346
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
Definition: selector.c:76
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
Definition: selector.c:95
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
Definition: lifetime.c:74
Dumping parameters.
Definition: types.h:33
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl *utmpl)
Clone existing user template object.
Definition: template.c:89
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_alloc()
Allocate new user template object.
Definition: template.c:70
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
Definition: lifetime.c:154
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:914
int xfrmnl_user_tmpl_cmp(struct xfrmnl_user_tmpl *a, struct xfrmnl_user_tmpl *b)
Compares two user template objects.
Definition: template.c:142
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
Definition: nl.c:520
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
Definition: addr.c:905
Dump all attributes including statistics.
Definition: types.h:24
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
Definition: cache.c:119
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
Definition: addr.c:893
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
Definition: cache.c:233
struct nlattr * nla_nest_start(struct nl_msg *msg, int attrtype)
Start a new level of nested attributes.
Definition: attr.c:895
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:951