libnl  3.2.27
sa.c
1 /*
2  * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
3  *
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  *
12  * Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the
15  * distribution.
16  *
17  * Neither the name of Texas Instruments Incorporated nor the names of
18  * its contributors may be used to endorse or promote products derived
19  * from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  */
34 
35 /**
36  * @ingroup xfrmnl
37  * @defgroup sa Security Association
38  * @brief
39  */
40 
41 #include <netlink-private/netlink.h>
42 #include <netlink/netlink.h>
43 #include <netlink/cache.h>
44 #include <netlink/object.h>
45 #include <netlink/xfrm/selector.h>
46 #include <netlink/xfrm/lifetime.h>
47 #include <time.h>
48 
49 /** @cond SKIP */
50 #define XFRM_SA_ATTR_SEL 0x01
51 #define XFRM_SA_ATTR_DADDR 0x02
52 #define XFRM_SA_ATTR_SPI 0x04
53 #define XFRM_SA_ATTR_PROTO 0x08
54 #define XFRM_SA_ATTR_SADDR 0x10
55 #define XFRM_SA_ATTR_LTIME_CFG 0x20
56 #define XFRM_SA_ATTR_LTIME_CUR 0x40
57 #define XFRM_SA_ATTR_STATS 0x80
58 #define XFRM_SA_ATTR_SEQ 0x100
59 #define XFRM_SA_ATTR_REQID 0x200
60 #define XFRM_SA_ATTR_FAMILY 0x400
61 #define XFRM_SA_ATTR_MODE 0x800
62 #define XFRM_SA_ATTR_REPLAY_WIN 0x1000
63 #define XFRM_SA_ATTR_FLAGS 0x2000
64 #define XFRM_SA_ATTR_ALG_AEAD 0x4000
65 #define XFRM_SA_ATTR_ALG_AUTH 0x8000
66 #define XFRM_SA_ATTR_ALG_CRYPT 0x10000
67 #define XFRM_SA_ATTR_ALG_COMP 0x20000
68 #define XFRM_SA_ATTR_ENCAP 0x40000
69 #define XFRM_SA_ATTR_TFCPAD 0x80000
70 #define XFRM_SA_ATTR_COADDR 0x100000
71 #define XFRM_SA_ATTR_MARK 0x200000
72 #define XFRM_SA_ATTR_SECCTX 0x400000
73 #define XFRM_SA_ATTR_REPLAY_MAXAGE 0x800000
74 #define XFRM_SA_ATTR_REPLAY_MAXDIFF 0x1000000
75 #define XFRM_SA_ATTR_REPLAY_STATE 0x2000000
76 #define XFRM_SA_ATTR_EXPIRE 0x4000000
77 
78 static struct nl_cache_ops xfrmnl_sa_ops;
79 static struct nl_object_ops xfrm_sa_obj_ops;
80 /** @endcond */
81 
82 static void xfrm_sa_alloc_data(struct nl_object *c)
83 {
84  struct xfrmnl_sa* sa = nl_object_priv (c);
85 
86  if ((sa->sel = xfrmnl_sel_alloc ()) == NULL)
87  return;
88 
89  if ((sa->lft = xfrmnl_ltime_cfg_alloc ()) == NULL)
90  return;
91 }
92 
93 static void xfrm_sa_free_data(struct nl_object *c)
94 {
95  struct xfrmnl_sa* sa = nl_object_priv (c);
96 
97  if (sa == NULL)
98  return;
99 
100  xfrmnl_sel_put (sa->sel);
101  xfrmnl_ltime_cfg_put (sa->lft);
102  nl_addr_put (sa->id.daddr);
103  nl_addr_put (sa->saddr);
104 
105  if (sa->aead)
106  free (sa->aead);
107  if (sa->auth)
108  free (sa->auth);
109  if (sa->crypt)
110  free (sa->crypt);
111  if (sa->comp)
112  free (sa->comp);
113  if (sa->encap)
114  free (sa->encap);
115  if (sa->coaddr)
116  nl_addr_put (sa->coaddr);
117  if (sa->sec_ctx)
118  free (sa->sec_ctx);
119  if (sa->replay_state_esn)
120  free (sa->replay_state_esn);
121 }
122 
123 static int xfrm_sa_clone(struct nl_object *_dst, struct nl_object *_src)
124 {
125  struct xfrmnl_sa* dst = nl_object_priv(_dst);
126  struct xfrmnl_sa* src = nl_object_priv(_src);
127  uint32_t len = 0;
128 
129  if (src->sel)
130  if ((dst->sel = xfrmnl_sel_clone (src->sel)) == NULL)
131  return -NLE_NOMEM;
132 
133  if (src->lft)
134  if ((dst->lft = xfrmnl_ltime_cfg_clone (src->lft)) == NULL)
135  return -NLE_NOMEM;
136 
137  if (src->id.daddr)
138  if ((dst->id.daddr = nl_addr_clone (src->id.daddr)) == NULL)
139  return -NLE_NOMEM;
140 
141  if (src->saddr)
142  if ((dst->saddr = nl_addr_clone (src->saddr)) == NULL)
143  return -NLE_NOMEM;
144 
145  if (src->aead)
146  {
147  len = sizeof (struct xfrmnl_algo_aead) + ((src->aead->alg_key_len + 7) / 8);
148  if ((dst->aead = calloc (1, len)) == NULL)
149  return -NLE_NOMEM;
150  memcpy ((void *)dst->aead, (void *)src->aead, len);
151  }
152 
153  if (src->auth)
154  {
155  len = sizeof (struct xfrmnl_algo_auth) + ((src->auth->alg_key_len + 7) / 8);
156  if ((dst->auth = calloc (1, len)) == NULL)
157  return -NLE_NOMEM;
158  memcpy ((void *)dst->auth, (void *)src->auth, len);
159  }
160 
161  if (src->crypt)
162  {
163  len = sizeof (struct xfrmnl_algo) + ((src->crypt->alg_key_len + 7) / 8);
164  if ((dst->crypt = calloc (1, len)) == NULL)
165  return -NLE_NOMEM;
166  memcpy ((void *)dst->crypt, (void *)src->crypt, len);
167  }
168 
169  if (src->comp)
170  {
171  len = sizeof (struct xfrmnl_algo) + ((src->comp->alg_key_len + 7) / 8);
172  if ((dst->comp = calloc (1, len)) == NULL)
173  return -NLE_NOMEM;
174  memcpy ((void *)dst->comp, (void *)src->comp, len);
175  }
176 
177  if (src->encap)
178  {
179  len = sizeof (struct xfrmnl_encap_tmpl);
180  if ((dst->encap = calloc (1, len)) == NULL)
181  return -NLE_NOMEM;
182  memcpy ((void *)dst->encap, (void *)src->encap, len);
183  }
184 
185  if (src->coaddr)
186  if ((dst->coaddr = nl_addr_clone (src->coaddr)) == NULL)
187  return -NLE_NOMEM;
188 
189  if (src->sec_ctx)
190  {
191  len = sizeof (struct xfrmnl_sec_ctx) + src->sec_ctx->ctx_len;
192  if ((dst->sec_ctx = calloc (1, len)) == NULL)
193  return -NLE_NOMEM;
194  memcpy ((void *)dst->sec_ctx, (void *)src->sec_ctx, len);
195  }
196 
197  if (src->replay_state_esn)
198  {
199  len = sizeof (struct xfrmnl_replay_state_esn) + (src->replay_state_esn->bmp_len * sizeof (uint32_t));
200  if ((dst->replay_state_esn = calloc (1, len)) == NULL)
201  return -NLE_NOMEM;
202  memcpy ((void *)dst->replay_state_esn, (void *)src->replay_state_esn, len);
203  }
204 
205  return 0;
206 }
207 
208 static int xfrm_sa_compare(struct nl_object *_a, struct nl_object *_b, uint32_t attrs, int flags)
209 {
210  struct xfrmnl_sa* a = (struct xfrmnl_sa *) _a;
211  struct xfrmnl_sa* b = (struct xfrmnl_sa *) _b;
212  int diff = 0;
213  int found = 0;
214 
215 #define XFRM_SA_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_SA_ATTR_##ATTR, a, b, EXPR)
216  diff |= XFRM_SA_DIFF(SEL, xfrmnl_sel_cmp(a->sel, b->sel));
217  diff |= XFRM_SA_DIFF(DADDR, nl_addr_cmp(a->id.daddr, b->id.daddr));
218  diff |= XFRM_SA_DIFF(SPI, a->id.spi != b->id.spi);
219  diff |= XFRM_SA_DIFF(PROTO, a->id.proto != b->id.proto);
220  diff |= XFRM_SA_DIFF(SADDR, nl_addr_cmp(a->saddr, b->saddr));
221  diff |= XFRM_SA_DIFF(LTIME_CFG, xfrmnl_ltime_cfg_cmp(a->lft, b->lft));
222  diff |= XFRM_SA_DIFF(REQID, a->reqid != b->reqid);
223  diff |= XFRM_SA_DIFF(FAMILY,a->family != b->family);
224  diff |= XFRM_SA_DIFF(MODE,a->mode != b->mode);
225  diff |= XFRM_SA_DIFF(REPLAY_WIN,a->replay_window != b->replay_window);
226  diff |= XFRM_SA_DIFF(FLAGS,a->flags != b->flags);
227  diff |= XFRM_SA_DIFF(ALG_AEAD,(strcmp(a->aead->alg_name, b->aead->alg_name) ||
228  (a->aead->alg_key_len != b->aead->alg_key_len) ||
229  (a->aead->alg_icv_len != b->aead->alg_icv_len) ||
230  memcmp(a->aead->alg_key, b->aead->alg_key,
231  ((a->aead->alg_key_len + 7)/8))));
232  diff |= XFRM_SA_DIFF(ALG_AUTH,(strcmp(a->auth->alg_name, b->auth->alg_name) ||
233  (a->auth->alg_key_len != b->auth->alg_key_len) ||
234  (a->auth->alg_trunc_len != b->auth->alg_trunc_len) ||
235  memcmp(a->auth->alg_key, b->auth->alg_key,
236  ((a->auth->alg_key_len + 7)/8))));
237  diff |= XFRM_SA_DIFF(ALG_CRYPT,(strcmp(a->crypt->alg_name, b->crypt->alg_name) ||
238  (a->crypt->alg_key_len != b->crypt->alg_key_len) ||
239  memcmp(a->crypt->alg_key, b->crypt->alg_key,
240  ((a->crypt->alg_key_len + 7)/8))));
241  diff |= XFRM_SA_DIFF(ALG_COMP,(strcmp(a->comp->alg_name, b->comp->alg_name) ||
242  (a->comp->alg_key_len != b->comp->alg_key_len) ||
243  memcmp(a->comp->alg_key, b->comp->alg_key,
244  ((a->comp->alg_key_len + 7)/8))));
245  diff |= XFRM_SA_DIFF(ENCAP,((a->encap->encap_type != b->encap->encap_type) ||
246  (a->encap->encap_sport != b->encap->encap_sport) ||
247  (a->encap->encap_dport != b->encap->encap_dport) ||
248  nl_addr_cmp(a->encap->encap_oa, b->encap->encap_oa)));
249  diff |= XFRM_SA_DIFF(TFCPAD,a->tfcpad != b->tfcpad);
250  diff |= XFRM_SA_DIFF(COADDR,nl_addr_cmp(a->coaddr, b->coaddr));
251  diff |= XFRM_SA_DIFF(MARK,(a->mark.m != b->mark.m) ||
252  (a->mark.v != b->mark.v));
253  diff |= XFRM_SA_DIFF(SECCTX,((a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
254  (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
255  (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
256  (a->sec_ctx->ctx_sid != b->sec_ctx->ctx_sid) ||
257  strcmp(a->sec_ctx->ctx_str, b->sec_ctx->ctx_str)));
258  diff |= XFRM_SA_DIFF(REPLAY_MAXAGE,a->replay_maxage != b->replay_maxage);
259  diff |= XFRM_SA_DIFF(REPLAY_MAXDIFF,a->replay_maxdiff != b->replay_maxdiff);
260  diff |= XFRM_SA_DIFF(EXPIRE,a->hard != b->hard);
261 
262  /* Compare replay states */
263  found = AVAILABLE_MISMATCH (a, b, XFRM_SA_ATTR_REPLAY_STATE);
264  if (found == 0) // attribute exists in both objects
265  {
266  if (((a->replay_state_esn != NULL) && (b->replay_state_esn == NULL)) ||
267  ((a->replay_state_esn == NULL) && (b->replay_state_esn != NULL)))
268  found |= 1;
269 
270  if (found == 0) // same replay type. compare actual values
271  {
272  if (a->replay_state_esn)
273  {
274  if (a->replay_state_esn->bmp_len != b->replay_state_esn->bmp_len)
275  diff |= 1;
276  else
277  {
278  uint32_t len = sizeof (struct xfrmnl_replay_state_esn) +
279  (a->replay_state_esn->bmp_len * sizeof (uint32_t));
280  diff |= memcmp (a->replay_state_esn, b->replay_state_esn, len);
281  }
282  }
283  else
284  {
285  if ((a->replay_state.oseq != b->replay_state.oseq) ||
286  (a->replay_state.seq != b->replay_state.seq) ||
287  (a->replay_state.bitmap != b->replay_state.bitmap))
288  diff |= 1;
289  }
290  }
291  }
292 #undef XFRM_SA_DIFF
293 
294  return diff;
295 }
296 
297 /**
298  * @name XFRM SA Attribute Translations
299  * @{
300  */
301 static const struct trans_tbl sa_attrs[] = {
302  __ADD(XFRM_SA_ATTR_SEL, selector),
303  __ADD(XFRM_SA_ATTR_DADDR, daddr),
304  __ADD(XFRM_SA_ATTR_SPI, spi),
305  __ADD(XFRM_SA_ATTR_PROTO, proto),
306  __ADD(XFRM_SA_ATTR_SADDR, saddr),
307  __ADD(XFRM_SA_ATTR_LTIME_CFG, lifetime_cfg),
308  __ADD(XFRM_SA_ATTR_LTIME_CUR, lifetime_cur),
309  __ADD(XFRM_SA_ATTR_STATS, stats),
310  __ADD(XFRM_SA_ATTR_SEQ, seqnum),
311  __ADD(XFRM_SA_ATTR_REQID, reqid),
312  __ADD(XFRM_SA_ATTR_FAMILY, family),
313  __ADD(XFRM_SA_ATTR_MODE, mode),
314  __ADD(XFRM_SA_ATTR_REPLAY_WIN, replay_window),
315  __ADD(XFRM_SA_ATTR_FLAGS, flags),
316  __ADD(XFRM_SA_ATTR_ALG_AEAD, alg_aead),
317  __ADD(XFRM_SA_ATTR_ALG_AUTH, alg_auth),
318  __ADD(XFRM_SA_ATTR_ALG_CRYPT, alg_crypto),
319  __ADD(XFRM_SA_ATTR_ALG_COMP, alg_comp),
320  __ADD(XFRM_SA_ATTR_ENCAP, encap),
321  __ADD(XFRM_SA_ATTR_TFCPAD, tfcpad),
322  __ADD(XFRM_SA_ATTR_COADDR, coaddr),
323  __ADD(XFRM_SA_ATTR_MARK, mark),
324  __ADD(XFRM_SA_ATTR_SECCTX, sec_ctx),
325  __ADD(XFRM_SA_ATTR_REPLAY_MAXAGE, replay_maxage),
326  __ADD(XFRM_SA_ATTR_REPLAY_MAXDIFF, replay_maxdiff),
327  __ADD(XFRM_SA_ATTR_REPLAY_STATE, replay_state),
328  __ADD(XFRM_SA_ATTR_EXPIRE, expire),
329 };
330 
331 static char* xfrm_sa_attrs2str(int attrs, char *buf, size_t len)
332 {
333  return __flags2str (attrs, buf, len, sa_attrs, ARRAY_SIZE(sa_attrs));
334 }
335 /** @} */
336 
337 /**
338  * @name XFRM SA Flags Translations
339  * @{
340  */
341 static const struct trans_tbl sa_flags[] = {
342  __ADD(XFRM_STATE_NOECN, no ecn),
343  __ADD(XFRM_STATE_DECAP_DSCP, decap dscp),
344  __ADD(XFRM_STATE_NOPMTUDISC, no pmtu discovery),
345  __ADD(XFRM_STATE_WILDRECV, wild receive),
346  __ADD(XFRM_STATE_ICMP, icmp),
347  __ADD(XFRM_STATE_AF_UNSPEC, unspecified),
348  __ADD(XFRM_STATE_ALIGN4, align4),
349  __ADD(XFRM_STATE_ESN, esn),
350 };
351 
352 char* xfrmnl_sa_flags2str(int flags, char *buf, size_t len)
353 {
354  return __flags2str (flags, buf, len, sa_flags, ARRAY_SIZE(sa_flags));
355 }
356 
357 int xfrmnl_sa_str2flag(const char *name)
358 {
359  return __str2flags (name, sa_flags, ARRAY_SIZE(sa_flags));
360 }
361 /** @} */
362 
363 /**
364  * @name XFRM SA Mode Translations
365  * @{
366  */
367 static const struct trans_tbl sa_modes[] = {
368  __ADD(XFRM_MODE_TRANSPORT, transport),
369  __ADD(XFRM_MODE_TUNNEL, tunnel),
370  __ADD(XFRM_MODE_ROUTEOPTIMIZATION, route optimization),
371  __ADD(XFRM_MODE_IN_TRIGGER, in trigger),
372  __ADD(XFRM_MODE_BEET, beet),
373 };
374 
375 char* xfrmnl_sa_mode2str(int mode, char *buf, size_t len)
376 {
377  return __type2str (mode, buf, len, sa_modes, ARRAY_SIZE(sa_modes));
378 }
379 
380 int xfrmnl_sa_str2mode(const char *name)
381 {
382  return __str2type (name, sa_modes, ARRAY_SIZE(sa_modes));
383 }
384 /** @} */
385 
386 
387 static void xfrm_sa_dump_line(struct nl_object *a, struct nl_dump_params *p)
388 {
389  char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
390  struct xfrmnl_sa* sa = (struct xfrmnl_sa *) a;
391  char flags[128], mode[128];
392  time_t add_time, use_time;
393  struct tm *add_time_tm, *use_time_tm;
394 
395  nl_dump_line(p, "src %s dst %s family: %s\n", nl_addr2str(sa->saddr, src, sizeof(src)),
396  nl_addr2str(sa->id.daddr, dst, sizeof(dst)),
397  nl_af2str (sa->family, flags, sizeof (flags)));
398 
399  nl_dump_line(p, "\tproto %s spi 0x%x reqid %u\n",
400  nl_ip_proto2str (sa->id.proto, flags, sizeof(flags)),
401  sa->id.spi, sa->reqid);
402 
403  xfrmnl_sa_flags2str(sa->flags, flags, sizeof (flags));
404  xfrmnl_sa_mode2str(sa->mode, mode, sizeof (mode));
405  nl_dump_line(p, "\tmode: %s flags: %s (0x%x) seq: %u replay window: %u\n",
406  mode, flags, sa->flags, sa->seq, sa->replay_window);
407 
408  nl_dump_line(p, "\tlifetime configuration: \n");
409  if (sa->lft->soft_byte_limit == XFRM_INF)
410  sprintf (flags, "INF");
411  else
412  sprintf (flags, "%" PRIu64, sa->lft->soft_byte_limit);
413  if (sa->lft->soft_packet_limit == XFRM_INF)
414  sprintf (mode, "INF");
415  else
416  sprintf (mode, "%" PRIu64, sa->lft->soft_packet_limit);
417  nl_dump_line(p, "\t\tsoft limit: %s (bytes), %s (packets)\n", flags, mode);
418  if (sa->lft->hard_byte_limit == XFRM_INF)
419  sprintf (flags, "INF");
420  else
421  sprintf (flags, "%" PRIu64, sa->lft->hard_byte_limit);
422  if (sa->lft->hard_packet_limit == XFRM_INF)
423  sprintf (mode, "INF");
424  else
425  sprintf (mode, "%" PRIu64, sa->lft->hard_packet_limit);
426  nl_dump_line(p, "\t\thard limit: %s (bytes), %s (packets)\n", flags, mode);
427  nl_dump_line(p, "\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
428  sa->lft->soft_add_expires_seconds, sa->lft->soft_use_expires_seconds);
429  nl_dump_line(p, "\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
430  sa->lft->hard_add_expires_seconds, sa->lft->hard_use_expires_seconds);
431 
432  nl_dump_line(p, "\tlifetime current: \n");
433  nl_dump_line(p, "\t\t%llu bytes, %llu packets\n", sa->curlft.bytes, sa->curlft.packets);
434  if (sa->curlft.add_time != 0)
435  {
436  add_time = sa->curlft.add_time;
437  add_time_tm = gmtime (&add_time);
438  strftime (flags, 128, "%Y-%m-%d %H-%M-%S", add_time_tm);
439  }
440  else
441  {
442  sprintf (flags, "%s", "-");
443  }
444 
445  if (sa->curlft.use_time != 0)
446  {
447  use_time = sa->curlft.use_time;
448  use_time_tm = gmtime (&use_time);
449  strftime (mode, 128, "%Y-%m-%d %H-%M-%S", use_time_tm);
450  }
451  else
452  {
453  sprintf (mode, "%s", "-");
454  }
455  nl_dump_line(p, "\t\tadd_time: %s, use_time: %s\n", flags, mode);
456 
457  if (sa->aead)
458  {
459  nl_dump_line(p, "\tAEAD Algo: \n");
460  nl_dump_line(p, "\t\tName: %s Key len(bits): %u ICV Len(bits): %u\n",
461  sa->aead->alg_name, sa->aead->alg_key_len, sa->aead->alg_icv_len);
462  }
463 
464  if (sa->auth)
465  {
466  nl_dump_line(p, "\tAuth Algo: \n");
467  nl_dump_line(p, "\t\tName: %s Key len(bits): %u Trunc len(bits): %u\n",
468  sa->auth->alg_name, sa->auth->alg_key_len, sa->auth->alg_trunc_len);
469  }
470 
471  if (sa->crypt)
472  {
473  nl_dump_line(p, "\tEncryption Algo: \n");
474  nl_dump_line(p, "\t\tName: %s Key len(bits): %u\n",
475  sa->crypt->alg_name, sa->crypt->alg_key_len);
476  }
477 
478  if (sa->comp)
479  {
480  nl_dump_line(p, "\tCompression Algo: \n");
481  nl_dump_line(p, "\t\tName: %s Key len(bits): %u\n",
482  sa->comp->alg_name, sa->comp->alg_key_len);
483  }
484 
485  if (sa->encap)
486  {
487  nl_dump_line(p, "\tEncapsulation template: \n");
488  nl_dump_line(p, "\t\tType: %d Src port: %d Dst port: %d Encap addr: %s\n",
489  sa->encap->encap_type, sa->encap->encap_sport, sa->encap->encap_dport,
490  nl_addr2str (sa->encap->encap_oa, dst, sizeof (dst)));
491  }
492 
493  if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
494  nl_dump_line(p, "\tTFC Pad: %u\n", sa->tfcpad);
495 
496  if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
497  nl_dump_line(p, "\tCO Address: %s\n", nl_addr2str (sa->coaddr, dst, sizeof (dst)));
498 
499  if (sa->ce_mask & XFRM_SA_ATTR_MARK)
500  nl_dump_line(p, "\tMark mask: 0x%x Mark value: 0x%x\n", sa->mark.m, sa->mark.v);
501 
502  if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
503  nl_dump_line(p, "\tDOI: %d Algo: %d Len: %u SID: %u ctx: %s\n", sa->sec_ctx->ctx_doi,
504  sa->sec_ctx->ctx_alg, sa->sec_ctx->ctx_len, sa->sec_ctx->ctx_sid, sa->sec_ctx->ctx_str);
505 
506  nl_dump_line(p, "\treplay info: \n");
507  nl_dump_line(p, "\t\tmax age %u max diff %u \n", sa->replay_maxage, sa->replay_maxdiff);
508 
509  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
510  {
511  nl_dump_line(p, "\treplay state info: \n");
512  if (sa->replay_state_esn)
513  {
514  nl_dump_line(p, "\t\toseq %u seq %u oseq_hi %u seq_hi %u replay window: %u \n",
515  sa->replay_state_esn->oseq, sa->replay_state_esn->seq,
516  sa->replay_state_esn->oseq_hi, sa->replay_state_esn->seq_hi,
517  sa->replay_state_esn->replay_window);
518  }
519  else
520  {
521  nl_dump_line(p, "\t\toseq %u seq %u bitmap: %u \n", sa->replay_state.oseq,
522  sa->replay_state.seq, sa->replay_state.bitmap);
523  }
524  }
525 
526  nl_dump_line(p, "\tselector info: \n");
527  xfrmnl_sel_dump (sa->sel, p);
528 
529  nl_dump_line(p, "\tHard: %d\n", sa->hard);
530 
531  nl_dump(p, "\n");
532 }
533 
534 static void xfrm_sa_dump_stats(struct nl_object *a, struct nl_dump_params *p)
535 {
536  struct xfrmnl_sa* sa = (struct xfrmnl_sa*)a;
537 
538  nl_dump_line(p, "\tstats: \n");
539  nl_dump_line(p, "\t\treplay window: %u replay: %u integrity failed: %u \n",
540  sa->stats.replay_window, sa->stats.replay, sa->stats.integrity_failed);
541 
542  return;
543 }
544 
545 static void xfrm_sa_dump_details(struct nl_object *a, struct nl_dump_params *p)
546 {
547  xfrm_sa_dump_line(a, p);
548  xfrm_sa_dump_stats (a, p);
549 }
550 
551 /**
552  * @name XFRM SA Object Allocation/Freeage
553  * @{
554  */
555 
556 struct xfrmnl_sa* xfrmnl_sa_alloc(void)
557 {
558  return (struct xfrmnl_sa*) nl_object_alloc(&xfrm_sa_obj_ops);
559 }
560 
561 void xfrmnl_sa_put(struct xfrmnl_sa* sa)
562 {
563  nl_object_put((struct nl_object *) sa);
564 }
565 
566 /** @} */
567 
568 /**
569  * @name SA Cache Managament
570  * @{
571  */
572 
573 /**
574  * Build a SA cache including all SAs currently configured in the kernel.
575  * @arg sock Netlink socket.
576  * @arg result Pointer to store resulting cache.
577  *
578  * Allocates a new SA cache, initializes it properly and updates it
579  * to include all SAs currently configured in the kernel.
580  *
581  * @return 0 on success or a negative error code.
582  */
583 int xfrmnl_sa_alloc_cache(struct nl_sock *sock, struct nl_cache **result)
584 {
585  return nl_cache_alloc_and_fill(&xfrmnl_sa_ops, sock, result);
586 }
587 
588 /**
589  * Look up a SA by destination address, SPI, protocol
590  * @arg cache SA cache
591  * @arg daddr destination address of the SA
592  * @arg spi SPI
593  * @arg proto protocol
594  * @return sa handle or NULL if no match was found.
595  */
596 struct xfrmnl_sa* xfrmnl_sa_get(struct nl_cache* cache, struct nl_addr* daddr,
597  unsigned int spi, unsigned int proto)
598 {
599  struct xfrmnl_sa *sa;
600 
601  //nl_list_for_each_entry(sa, &cache->c_items, ce_list) {
602  for (sa = (struct xfrmnl_sa*)nl_cache_get_first (cache);
603  sa != NULL;
604  sa = (struct xfrmnl_sa*)nl_cache_get_next ((struct nl_object*)sa))
605  {
606  if (sa->id.proto == proto &&
607  sa->id.spi == spi &&
608  !nl_addr_cmp(sa->id.daddr, daddr))
609  {
610  nl_object_get((struct nl_object *) sa);
611  return sa;
612  }
613 
614  }
615 
616  return NULL;
617 }
618 
619 
620 /** @} */
621 
622 
623 static struct nla_policy xfrm_sa_policy[XFRMA_MAX+1] = {
624  [XFRMA_SA] = { .minlen = sizeof(struct xfrm_usersa_info)},
625  [XFRMA_ALG_AUTH_TRUNC] = { .minlen = sizeof(struct xfrm_algo_auth)},
626  [XFRMA_ALG_AEAD] = { .minlen = sizeof(struct xfrm_algo_aead) },
627  [XFRMA_ALG_AUTH] = { .minlen = sizeof(struct xfrm_algo) },
628  [XFRMA_ALG_CRYPT] = { .minlen = sizeof(struct xfrm_algo) },
629  [XFRMA_ALG_COMP] = { .minlen = sizeof(struct xfrm_algo) },
630  [XFRMA_ENCAP] = { .minlen = sizeof(struct xfrm_encap_tmpl) },
631  [XFRMA_TMPL] = { .minlen = sizeof(struct xfrm_user_tmpl) },
632  [XFRMA_SEC_CTX] = { .minlen = sizeof(struct xfrm_sec_ctx) },
633  [XFRMA_LTIME_VAL] = { .minlen = sizeof(struct xfrm_lifetime_cur) },
634  [XFRMA_REPLAY_VAL] = { .minlen = sizeof(struct xfrm_replay_state) },
635  [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
636  [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
637  [XFRMA_SRCADDR] = { .minlen = sizeof(xfrm_address_t) },
638  [XFRMA_COADDR] = { .minlen = sizeof(xfrm_address_t) },
639  [XFRMA_MARK] = { .minlen = sizeof(struct xfrm_mark) },
640  [XFRMA_TFCPAD] = { .type = NLA_U32 },
641  [XFRMA_REPLAY_ESN_VAL] = { .minlen = sizeof(struct xfrm_replay_state_esn) },
642 };
643 
644 static int xfrm_sa_request_update(struct nl_cache *c, struct nl_sock *h)
645 {
646  struct xfrm_id sa_id;
647 
648  memset (&sa_id, 0, sizeof (sa_id));
649  return nl_send_simple (h, XFRM_MSG_GETSA, NLM_F_DUMP,
650  &sa_id, sizeof (sa_id));
651 }
652 
653 int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
654 {
655  struct xfrmnl_sa* sa;
656  struct nlattr *tb[XFRMA_MAX + 1];
657  struct xfrm_usersa_info* sa_info;
658  struct xfrm_user_expire* ue;
659  int len, err;
660  struct nl_addr* addr;
661 
662  sa = xfrmnl_sa_alloc();
663  if (!sa) {
664  err = -NLE_NOMEM;
665  goto errout;
666  }
667 
668  sa->ce_msgtype = n->nlmsg_type;
669  if (n->nlmsg_type == XFRM_MSG_EXPIRE)
670  {
671  ue = nlmsg_data(n);
672  sa_info = &ue->state;
673  sa->hard = ue->hard;
674  sa->ce_mask |= XFRM_SA_ATTR_EXPIRE;
675  }
676  else if (n->nlmsg_type == XFRM_MSG_DELSA)
677  {
678  sa_info = (struct xfrm_usersa_info*)(nlmsg_data(n) + sizeof (struct xfrm_usersa_id) + NLA_HDRLEN);
679  }
680  else
681  {
682  sa_info = nlmsg_data(n);
683  }
684 
685  err = nlmsg_parse(n, sizeof(struct xfrm_usersa_info), tb, XFRMA_MAX, xfrm_sa_policy);
686  if (err < 0)
687  goto errout;
688 
689  if (sa_info->sel.family == AF_INET)
690  addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4));
691  else
692  addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6));
693  nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_d);
694  xfrmnl_sel_set_daddr (sa->sel, addr);
695  xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d);
696 
697  if (sa_info->sel.family == AF_INET)
698  addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4));
699  else
700  addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6));
701  nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_s);
702  xfrmnl_sel_set_saddr (sa->sel, addr);
703  xfrmnl_sel_set_prefixlen_s (sa->sel, sa_info->sel.prefixlen_s);
704 
705  xfrmnl_sel_set_dport (sa->sel, ntohs(sa_info->sel.dport));
706  xfrmnl_sel_set_dportmask (sa->sel, ntohs(sa_info->sel.dport_mask));
707  xfrmnl_sel_set_sport (sa->sel, ntohs(sa_info->sel.sport));
708  xfrmnl_sel_set_sportmask (sa->sel, ntohs(sa_info->sel.sport_mask));
709  xfrmnl_sel_set_family (sa->sel, sa_info->sel.family);
710  xfrmnl_sel_set_proto (sa->sel, sa_info->sel.proto);
711  xfrmnl_sel_set_ifindex (sa->sel, sa_info->sel.ifindex);
712  xfrmnl_sel_set_userid (sa->sel, sa_info->sel.user);
713  sa->ce_mask |= XFRM_SA_ATTR_SEL;
714 
715  if (sa_info->family == AF_INET)
716  sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4));
717  else
718  sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6));
719  sa->id.spi = ntohl(sa_info->id.spi);
720  sa->id.proto = sa_info->id.proto;
721  sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO);
722 
723  if (sa_info->family == AF_INET)
724  sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4));
725  else
726  sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6));
727  sa->ce_mask |= XFRM_SA_ATTR_SADDR;
728 
729  sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit;
730  sa->lft->hard_byte_limit = sa_info->lft.hard_byte_limit;
731  sa->lft->soft_packet_limit = sa_info->lft.soft_packet_limit;
732  sa->lft->hard_packet_limit = sa_info->lft.hard_packet_limit;
733  sa->lft->soft_add_expires_seconds = sa_info->lft.soft_add_expires_seconds;
734  sa->lft->hard_add_expires_seconds = sa_info->lft.hard_add_expires_seconds;
735  sa->lft->soft_use_expires_seconds = sa_info->lft.soft_use_expires_seconds;
736  sa->lft->hard_use_expires_seconds = sa_info->lft.hard_use_expires_seconds;
737  sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
738 
739  sa->curlft.bytes = sa_info->curlft.bytes;
740  sa->curlft.packets = sa_info->curlft.packets;
741  sa->curlft.add_time = sa_info->curlft.add_time;
742  sa->curlft.use_time = sa_info->curlft.use_time;
743  sa->ce_mask |= XFRM_SA_ATTR_LTIME_CUR;
744 
745  sa->stats.replay_window = sa_info->stats.replay_window;
746  sa->stats.replay = sa_info->stats.replay;
747  sa->stats.integrity_failed = sa_info->stats.integrity_failed;
748  sa->ce_mask |= XFRM_SA_ATTR_STATS;
749 
750  sa->seq = sa_info->seq;
751  sa->reqid = sa_info->reqid;
752  sa->family = sa_info->family;
753  sa->mode = sa_info->mode;
754  sa->replay_window = sa_info->replay_window;
755  sa->flags = sa_info->flags;
756  sa->ce_mask |= (XFRM_SA_ATTR_SEQ | XFRM_SA_ATTR_REQID |
757  XFRM_SA_ATTR_FAMILY | XFRM_SA_ATTR_MODE |
758  XFRM_SA_ATTR_REPLAY_WIN | XFRM_SA_ATTR_FLAGS);
759 
760  if (tb[XFRMA_ALG_AEAD]) {
761  struct xfrm_algo_aead* aead = nla_data(tb[XFRMA_ALG_AEAD]);
762  len = sizeof (struct xfrmnl_algo_aead) + ((aead->alg_key_len + 7) / 8);
763  if ((sa->aead = calloc (1, len)) == NULL)
764  {
765  err = -NLE_NOMEM;
766  goto errout;
767  }
768  memcpy ((void *)sa->aead, (void *)aead, len);
769  sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
770  }
771 
772  if (tb[XFRMA_ALG_AUTH_TRUNC]) {
773  struct xfrm_algo_auth* auth = nla_data(tb[XFRMA_ALG_AUTH_TRUNC]);
774  len = sizeof (struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
775  if ((sa->auth = calloc (1, len)) == NULL)
776  {
777  err = -NLE_NOMEM;
778  goto errout;
779  }
780  memcpy ((void *)sa->auth, (void *)auth, len);
781  sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
782  }
783 
784  if (tb[XFRMA_ALG_AUTH] && !sa->auth) {
785  struct xfrm_algo* auth = nla_data(tb[XFRMA_ALG_AUTH]);
786  len = sizeof (struct xfrmnl_algo_auth) + ((auth->alg_key_len + 7) / 8);
787  if ((sa->auth = calloc (1, len)) == NULL)
788  {
789  err = -NLE_NOMEM;
790  goto errout;
791  }
792  strcpy(sa->auth->alg_name, auth->alg_name);
793  memcpy(sa->auth->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
794  sa->auth->alg_key_len = auth->alg_key_len;
795  sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
796  }
797 
798  if (tb[XFRMA_ALG_CRYPT]) {
799  struct xfrm_algo* crypt = nla_data(tb[XFRMA_ALG_CRYPT]);
800  len = sizeof (struct xfrmnl_algo) + ((crypt->alg_key_len + 7) / 8);
801  if ((sa->crypt = calloc (1, len)) == NULL)
802  {
803  err = -NLE_NOMEM;
804  goto errout;
805  }
806  memcpy ((void *)sa->crypt, (void *)crypt, len);
807  sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
808  }
809 
810  if (tb[XFRMA_ALG_COMP]) {
811  struct xfrm_algo* comp = nla_data(tb[XFRMA_ALG_COMP]);
812  len = sizeof (struct xfrmnl_algo) + ((comp->alg_key_len + 7) / 8);
813  if ((sa->comp = calloc (1, len)) == NULL)
814  {
815  err = -NLE_NOMEM;
816  goto errout;
817  }
818  memcpy ((void *)sa->comp, (void *)comp, len);
819  sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
820  }
821 
822  if (tb[XFRMA_ENCAP]) {
823  struct xfrm_encap_tmpl* encap = nla_data(tb[XFRMA_ENCAP]);
824  len = sizeof (struct xfrmnl_encap_tmpl);
825  if ((sa->encap = calloc (1, len)) == NULL)
826  {
827  err = -NLE_NOMEM;
828  goto errout;
829  }
830  sa->encap->encap_type = encap->encap_type;
831  sa->encap->encap_sport = ntohs(encap->encap_sport);
832  sa->encap->encap_dport = ntohs(encap->encap_dport);
833  if (sa_info->family == AF_INET)
834  sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4));
835  else
836  sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6));
837  sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
838  }
839 
840  if (tb[XFRMA_TFCPAD]) {
841  sa->tfcpad = *(uint32_t*)nla_data(tb[XFRMA_TFCPAD]);
842  sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
843  }
844 
845  if (tb[XFRMA_COADDR]) {
846  if (sa_info->family == AF_INET)
847  {
848  sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
849  sizeof (uint32_t));
850  }
851  else
852  {
853  sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
854  sizeof (uint32_t) * 4);
855  }
856  sa->ce_mask |= XFRM_SA_ATTR_COADDR;
857  }
858 
859  if (tb[XFRMA_MARK]) {
860  struct xfrm_mark* m = nla_data(tb[XFRMA_MARK]);
861  sa->mark.m = m->m;
862  sa->mark.v = m->v;
863  sa->ce_mask |= XFRM_SA_ATTR_MARK;
864  }
865 
866  if (tb[XFRMA_SEC_CTX]) {
867  struct xfrm_sec_ctx* sec_ctx = nla_data(tb[XFRMA_SEC_CTX]);
868  len = sizeof (struct xfrmnl_sec_ctx) + sec_ctx->ctx_len;
869  if ((sa->sec_ctx = calloc (1, len)) == NULL)
870  {
871  err = -NLE_NOMEM;
872  goto errout;
873  }
874  memcpy ((void *)sa->sec_ctx, (void *)sec_ctx, len);
875  sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
876  }
877 
878  if (tb[XFRMA_ETIMER_THRESH]) {
879  sa->replay_maxage = *(uint32_t*)nla_data(tb[XFRMA_ETIMER_THRESH]);
880  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
881  }
882 
883  if (tb[XFRMA_REPLAY_THRESH]) {
884  sa->replay_maxdiff = *(uint32_t*)nla_data(tb[XFRMA_REPLAY_THRESH]);
885  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
886  }
887 
888  if (tb[XFRMA_REPLAY_ESN_VAL]) {
889  struct xfrm_replay_state_esn* esn = nla_data (tb[XFRMA_REPLAY_ESN_VAL]);
890  len = sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * esn->bmp_len);
891  if ((sa->replay_state_esn = calloc (1, len)) == NULL)
892  {
893  err = -NLE_NOMEM;
894  goto errout;
895  }
896  memcpy ((void *)sa->replay_state_esn, (void *)esn, len);
897  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
898  }
899  else if (tb[XFRMA_REPLAY_VAL])
900  {
901  struct xfrm_replay_state* replay_state = nla_data (tb[XFRMA_REPLAY_VAL]);
902  sa->replay_state.oseq = replay_state->oseq;
903  sa->replay_state.seq = replay_state->seq;
904  sa->replay_state.bitmap = replay_state->bitmap;
905  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
906  sa->replay_state_esn = NULL;
907  }
908 
909  *result = sa;
910  return 0;
911 
912 errout:
913  xfrmnl_sa_put(sa);
914  return err;
915 }
916 
917 static int xfrm_sa_update_cache (struct nl_cache *cache, struct nl_object *obj,
918  change_func_t change_cb, void *data)
919 {
920  struct nl_object* old_sa;
921  struct xfrmnl_sa* sa = (struct xfrmnl_sa*)obj;
922 
923  if (nl_object_get_msgtype (obj) == XFRM_MSG_EXPIRE)
924  {
925  /* On hard expiry, the SA gets deleted too from the kernel state without any
926  * further delete event. On Expire message, we are only updating the cache with
927  * the SA object's new state. In absence of the explicit delete event, the cache will
928  * be out of sync with the kernel state. To get around this, expiry messages cache
929  * operations are handled here (installed with NL_ACT_UNSPEC action) instead of
930  * in Libnl Cache module. */
931 
932  /* Do we already have this object in the cache? */
933  old_sa = nl_cache_search(cache, obj);
934  if (old_sa)
935  {
936  /* Found corresponding SA object in cache. Delete it */
937  nl_cache_remove (old_sa);
938  }
939 
940  /* Handle the expiry event now */
941  if (sa->hard == 0)
942  {
943  /* Soft expiry event: Save the new object to the
944  * cache and notify application of the expiry event. */
945  nl_cache_move (cache, obj);
946 
947  if (old_sa == NULL && change_cb)
948  {
949  /* Application CB present, no previous instance of SA object present.
950  * Notify application CB as a NEW event */
951  change_cb (cache, obj, NL_ACT_NEW, data);
952  }
953  else if (old_sa)
954  {
955  /* Application CB present, a previous instance of SA object present.
956  * Notify application CB as a CHANGE1 event */
957  if (nl_object_diff (old_sa, obj) && change_cb)
958  change_cb (cache, obj, NL_ACT_CHANGE, data);
959  nl_object_put (old_sa);
960  }
961  }
962  else
963  {
964  /* Hard expiry event: Delete the object from the
965  * cache and notify application of the expiry event. */
966  if (change_cb)
967  change_cb (cache, obj, NL_ACT_DEL, data);
968  nl_object_put (old_sa);
969  }
970 
971  /* Done handling expire message */
972  return 0;
973  }
974  else
975  {
976  /* All other messages other than Expire, let the standard Libnl cache
977  * module handle it. */
978  return nl_cache_include (cache, obj, change_cb, data);
979  }
980 }
981 
982 static int xfrm_sa_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
983  struct nlmsghdr *n, struct nl_parser_param *pp)
984 {
985  struct xfrmnl_sa* sa;
986  int err;
987 
988  if ((err = xfrmnl_sa_parse(n, &sa)) < 0)
989  return err;
990 
991  err = pp->pp_cb((struct nl_object *) sa, pp);
992 
993  xfrmnl_sa_put(sa);
994  return err;
995 }
996 
997 /**
998  * @name XFRM SA Get
999  * @{
1000  */
1001 
1002 int xfrmnl_sa_build_get_request(struct nl_addr* daddr, unsigned int spi, unsigned int protocol, unsigned int mark_v, unsigned int mark_m, struct nl_msg **result)
1003 {
1004  struct nl_msg *msg;
1005  struct xfrm_usersa_id sa_id;
1006  struct xfrm_mark mark;
1007 
1008  if (!daddr || !spi)
1009  {
1010  fprintf(stderr, "APPLICATION BUG: %s:%d:%s: A valid destination address, spi must be specified\n",
1011  __FILE__, __LINE__, __PRETTY_FUNCTION__);
1012  assert(0);
1013  return -NLE_MISSING_ATTR;
1014  }
1015 
1016  memset(&sa_id, 0, sizeof(sa_id));
1017  memcpy (&sa_id.daddr, nl_addr_get_binary_addr (daddr), sizeof (uint8_t) * nl_addr_get_len (daddr));
1018  sa_id.family = nl_addr_get_family (daddr);
1019  sa_id.spi = htonl(spi);
1020  sa_id.proto = protocol;
1021 
1022  if (!(msg = nlmsg_alloc_simple(XFRM_MSG_GETSA, 0)))
1023  return -NLE_NOMEM;
1024 
1025  if (nlmsg_append(msg, &sa_id, sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1026  goto nla_put_failure;
1027 
1028  if ((mark_m & mark_v) != 0)
1029  {
1030  memset(&mark, 0, sizeof(struct xfrm_mark));
1031  mark.m = mark_m;
1032  mark.v = mark_v;
1033 
1034  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &mark);
1035  }
1036 
1037  *result = msg;
1038  return 0;
1039 
1040 nla_put_failure:
1041  nlmsg_free(msg);
1042  return -NLE_MSGSIZE;
1043 }
1044 
1045 int xfrmnl_sa_get_kernel(struct nl_sock* sock, struct nl_addr* daddr, unsigned int spi, unsigned int protocol, unsigned int mark_v, unsigned int mark_m, struct xfrmnl_sa** result)
1046 {
1047  struct nl_msg *msg = NULL;
1048  struct nl_object *obj;
1049  int err;
1050 
1051  if ((err = xfrmnl_sa_build_get_request(daddr, spi, protocol, mark_m, mark_v, &msg)) < 0)
1052  return err;
1053 
1054  err = nl_send_auto(sock, msg);
1055  nlmsg_free(msg);
1056  if (err < 0)
1057  return err;
1058 
1059  if ((err = nl_pickup(sock, &xfrm_sa_msg_parser, &obj)) < 0)
1060  return err;
1061 
1062  /* We have used xfrm_sa_msg_parser(), object is definitely a xfrm sa */
1063  *result = (struct xfrmnl_sa *) obj;
1064 
1065  /* If an object has been returned, we also need to wait for the ACK */
1066  if (err == 0 && obj)
1067  nl_wait_for_ack(sock);
1068 
1069  return 0;
1070 }
1071 
1072 /** @} */
1073 
1074 static int build_xfrm_sa_message(struct xfrmnl_sa *tmpl, int cmd, int flags, struct nl_msg **result)
1075 {
1076  struct nl_msg* msg;
1077  struct xfrm_usersa_info sa_info;
1078  uint32_t len;
1079  struct nl_addr* addr;
1080 
1081  if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1082  !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1083  !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1084  return -NLE_MISSING_ATTR;
1085 
1086  memset ((void*)&sa_info, 0, sizeof (sa_info));
1087  if (tmpl->ce_mask & XFRM_SA_ATTR_SEL)
1088  {
1089  addr = xfrmnl_sel_get_daddr (tmpl->sel);
1090  memcpy ((void*)&sa_info.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
1091  addr = xfrmnl_sel_get_saddr (tmpl->sel);
1092  memcpy ((void*)&sa_info.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
1093  sa_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
1094  sa_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
1095  sa_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
1096  sa_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
1097  sa_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
1098  sa_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
1099  sa_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
1100  sa_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
1101  sa_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
1102  sa_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
1103  }
1104 
1105  memcpy (&sa_info.id.daddr, nl_addr_get_binary_addr (tmpl->id.daddr), sizeof (uint8_t) * nl_addr_get_len (tmpl->id.daddr));
1106  sa_info.id.spi = htonl(tmpl->id.spi);
1107  sa_info.id.proto = tmpl->id.proto;
1108 
1109  if (tmpl->ce_mask & XFRM_SA_ATTR_SADDR)
1110  memcpy (&sa_info.saddr, nl_addr_get_binary_addr (tmpl->saddr), sizeof (uint8_t) * nl_addr_get_len (tmpl->saddr));
1111 
1112  if (tmpl->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1113  {
1114  sa_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
1115  sa_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
1116  sa_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
1117  sa_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
1118  sa_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
1119  sa_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
1120  sa_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
1121  sa_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
1122  }
1123 
1124  //Skip current lifetime: cur lifetime can be updated only via AE
1125  //Skip stats: stats cant be updated
1126  //Skip seq: seq cant be updated
1127 
1128  if (tmpl->ce_mask & XFRM_SA_ATTR_REQID)
1129  sa_info.reqid = tmpl->reqid;
1130 
1131  if (tmpl->ce_mask & XFRM_SA_ATTR_FAMILY)
1132  sa_info.family = tmpl->family;
1133 
1134  if (tmpl->ce_mask & XFRM_SA_ATTR_MODE)
1135  sa_info.mode = tmpl->mode;
1136 
1137  if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1138  sa_info.replay_window = tmpl->replay_window;
1139 
1140  if (tmpl->ce_mask & XFRM_SA_ATTR_FLAGS)
1141  sa_info.flags = tmpl->flags;
1142 
1143  msg = nlmsg_alloc_simple(cmd, flags);
1144  if (!msg)
1145  return -NLE_NOMEM;
1146 
1147  if (nlmsg_append(msg, &sa_info, sizeof(sa_info), NLMSG_ALIGNTO) < 0)
1148  goto nla_put_failure;
1149 
1150  if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AEAD) {
1151  len = sizeof (struct xfrm_algo_aead) + ((tmpl->aead->alg_key_len + 7) / 8);
1152  NLA_PUT (msg, XFRMA_ALG_AEAD, len, tmpl->aead);
1153  }
1154 
1155  if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_AUTH) {
1156  struct xfrm_algo* auth;
1157  struct nlattr * auth_attr;
1158 
1159  len = sizeof (struct xfrm_algo) + ((tmpl->auth->alg_key_len + 7) / 8);
1160  auth_attr = nla_reserve(msg, XFRMA_ALG_AUTH, len);
1161  if (!auth_attr)
1162  goto nla_put_failure;
1163  auth = nla_data (auth_attr);
1164  strcpy(auth->alg_name, tmpl->auth->alg_name);
1165  memcpy(auth->alg_key, tmpl->auth->alg_key, (tmpl->auth->alg_key_len + 7) / 8);
1166  auth->alg_key_len = tmpl->auth->alg_key_len;
1167 
1168  len = sizeof (struct xfrm_algo_auth) + ((tmpl->auth->alg_key_len + 7) / 8);
1169  NLA_PUT (msg, XFRMA_ALG_AUTH_TRUNC, len, tmpl->auth);
1170  }
1171 
1172  if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_CRYPT) {
1173  len = sizeof (struct xfrm_algo) + ((tmpl->crypt->alg_key_len + 7) / 8);
1174  NLA_PUT (msg, XFRMA_ALG_CRYPT, len, tmpl->crypt);
1175  }
1176 
1177  if (tmpl->ce_mask & XFRM_SA_ATTR_ALG_COMP) {
1178  len = sizeof (struct xfrm_algo) + ((tmpl->comp->alg_key_len + 7) / 8);
1179  NLA_PUT (msg, XFRMA_ALG_COMP, len, tmpl->comp);
1180  }
1181 
1182  if (tmpl->ce_mask & XFRM_SA_ATTR_ENCAP) {
1183  struct xfrm_encap_tmpl* encap_tmpl;
1184  struct nlattr* encap_attr;
1185 
1186  len = sizeof (struct xfrm_encap_tmpl);
1187  encap_attr = nla_reserve(msg, XFRMA_ENCAP, len);
1188  if (!encap_attr)
1189  goto nla_put_failure;
1190  encap_tmpl = nla_data (encap_attr);
1191  encap_tmpl->encap_type = tmpl->encap->encap_type;
1192  encap_tmpl->encap_sport = htons (tmpl->encap->encap_sport);
1193  encap_tmpl->encap_dport = htons (tmpl->encap->encap_dport);
1194  memcpy (&encap_tmpl->encap_oa, nl_addr_get_binary_addr (tmpl->encap->encap_oa), sizeof (uint8_t) * nl_addr_get_len (tmpl->encap->encap_oa));
1195  }
1196 
1197  if (tmpl->ce_mask & XFRM_SA_ATTR_TFCPAD) {
1198  NLA_PUT_U32 (msg, XFRMA_TFCPAD, tmpl->tfcpad);
1199  }
1200 
1201  if (tmpl->ce_mask & XFRM_SA_ATTR_COADDR) {
1202  NLA_PUT (msg, XFRMA_COADDR, sizeof (xfrm_address_t), tmpl->coaddr);
1203  }
1204 
1205  if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1206  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
1207  }
1208 
1209  if (tmpl->ce_mask & XFRM_SA_ATTR_SECCTX) {
1210  len = sizeof (struct xfrm_sec_ctx) + tmpl->sec_ctx->ctx_len;
1211  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
1212  }
1213 
1214  if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE) {
1215  NLA_PUT_U32 (msg, XFRMA_ETIMER_THRESH, tmpl->replay_maxage);
1216  }
1217 
1218  if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF) {
1219  NLA_PUT_U32 (msg, XFRMA_REPLAY_THRESH, tmpl->replay_maxdiff);
1220  }
1221 
1222  if (tmpl->ce_mask & XFRM_SA_ATTR_REPLAY_STATE) {
1223  if (tmpl->replay_state_esn) {
1224  len = sizeof (struct xfrm_replay_state_esn) + (sizeof (uint32_t) * tmpl->replay_state_esn->bmp_len);
1225  NLA_PUT (msg, XFRMA_REPLAY_ESN_VAL, len, tmpl->replay_state_esn);
1226  }
1227  else {
1228  NLA_PUT (msg, XFRMA_REPLAY_VAL, sizeof (struct xfrm_replay_state), &tmpl->replay_state);
1229  }
1230  }
1231 
1232  *result = msg;
1233  return 0;
1234 
1235 nla_put_failure:
1236  nlmsg_free(msg);
1237  return -NLE_MSGSIZE;
1238 }
1239 
1240 /**
1241  * @name XFRM SA Add
1242  * @{
1243  */
1244 
1245 int xfrmnl_sa_build_add_request(struct xfrmnl_sa* tmpl, int flags, struct nl_msg **result)
1246 {
1247  return build_xfrm_sa_message (tmpl, XFRM_MSG_NEWSA, flags, result);
1248 }
1249 
1250 int xfrmnl_sa_add(struct nl_sock* sk, struct xfrmnl_sa* tmpl, int flags)
1251 {
1252  int err;
1253  struct nl_msg *msg;
1254 
1255  if ((err = xfrmnl_sa_build_add_request(tmpl, flags, &msg)) < 0)
1256  return err;
1257 
1258  err = nl_send_auto_complete(sk, msg);
1259  nlmsg_free(msg);
1260  if (err < 0)
1261  return err;
1262 
1263  return nl_wait_for_ack(sk);
1264 }
1265 
1266 /**
1267  * @name XFRM SA Update
1268  * @{
1269  */
1270 
1271 int xfrmnl_sa_build_update_request(struct xfrmnl_sa* tmpl, int flags, struct nl_msg **result)
1272 {
1273  return build_xfrm_sa_message (tmpl, XFRM_MSG_UPDSA, flags, result);
1274 }
1275 
1276 int xfrmnl_sa_update(struct nl_sock* sk, struct xfrmnl_sa* tmpl, int flags)
1277 {
1278  int err;
1279  struct nl_msg *msg;
1280 
1281  if ((err = xfrmnl_sa_build_update_request(tmpl, flags, &msg)) < 0)
1282  return err;
1283 
1284  err = nl_send_auto_complete(sk, msg);
1285  nlmsg_free(msg);
1286  if (err < 0)
1287  return err;
1288 
1289  return nl_wait_for_ack(sk);
1290 }
1291 
1292 /** @} */
1293 
1294 static int build_xfrm_sa_delete_message(struct xfrmnl_sa *tmpl, int cmd, int flags, struct nl_msg **result)
1295 {
1296  struct nl_msg* msg;
1297  struct xfrm_usersa_id sa_id;
1298 
1299  if (!(tmpl->ce_mask & XFRM_SA_ATTR_DADDR) ||
1300  !(tmpl->ce_mask & XFRM_SA_ATTR_SPI) ||
1301  !(tmpl->ce_mask & XFRM_SA_ATTR_PROTO))
1302  return -NLE_MISSING_ATTR;
1303 
1304  memcpy (&sa_id.daddr, nl_addr_get_binary_addr (tmpl->id.daddr),
1305  sizeof (uint8_t) * nl_addr_get_len (tmpl->id.daddr));
1306  sa_id.family = nl_addr_get_family (tmpl->id.daddr);
1307  sa_id.spi = htonl(tmpl->id.spi);
1308  sa_id.proto = tmpl->id.proto;
1309 
1310  msg = nlmsg_alloc_simple(cmd, flags);
1311  if (!msg)
1312  return -NLE_NOMEM;
1313 
1314  if (nlmsg_append(msg, &sa_id, sizeof(sa_id), NLMSG_ALIGNTO) < 0)
1315  goto nla_put_failure;
1316 
1317  if (tmpl->ce_mask & XFRM_SA_ATTR_MARK) {
1318  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
1319  }
1320 
1321  *result = msg;
1322  return 0;
1323 
1324 nla_put_failure:
1325  nlmsg_free(msg);
1326  return -NLE_MSGSIZE;
1327 }
1328 
1329 /**
1330  * @name XFRM SA Delete
1331  * @{
1332  */
1333 
1334 int xfrmnl_sa_build_delete_request(struct xfrmnl_sa* tmpl, int flags, struct nl_msg **result)
1335 {
1336  return build_xfrm_sa_delete_message (tmpl, XFRM_MSG_DELSA, flags, result);
1337 }
1338 
1339 int xfrmnl_sa_delete(struct nl_sock* sk, struct xfrmnl_sa* tmpl, int flags)
1340 {
1341  int err;
1342  struct nl_msg *msg;
1343 
1344  if ((err = xfrmnl_sa_build_delete_request(tmpl, flags, &msg)) < 0)
1345  return err;
1346 
1347  err = nl_send_auto_complete(sk, msg);
1348  nlmsg_free(msg);
1349  if (err < 0)
1350  return err;
1351 
1352  return nl_wait_for_ack(sk);
1353 }
1354 
1355 /** @} */
1356 
1357 
1358 /**
1359  * @name Attributes
1360  * @{
1361  */
1362 
1363 struct xfrmnl_sel* xfrmnl_sa_get_sel (struct xfrmnl_sa* sa)
1364 {
1365  if (sa->ce_mask & XFRM_SA_ATTR_SEL)
1366  return sa->sel;
1367  else
1368  return NULL;
1369 }
1370 
1371 int xfrmnl_sa_set_sel (struct xfrmnl_sa* sa, struct xfrmnl_sel* sel)
1372 {
1373  /* Release any previously held selector object from the SA */
1374  if (sa->sel)
1375  xfrmnl_sel_put (sa->sel);
1376 
1377  /* Increment ref count on new selector and save it in the SA */
1378  xfrmnl_sel_get (sel);
1379  sa->sel = sel;
1380  sa->ce_mask |= XFRM_SA_ATTR_SEL;
1381 
1382  return 0;
1383 }
1384 
1385 static inline int __assign_addr(struct xfrmnl_sa* sa, struct nl_addr **pos,
1386  struct nl_addr *new, int flag, int nocheck)
1387 {
1388  if (!nocheck)
1389  {
1390  if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1391  {
1392  if (nl_addr_get_family (new) != sa->family)
1393  return -NLE_AF_MISMATCH;
1394  }
1395  }
1396 
1397  if (*pos)
1398  nl_addr_put(*pos);
1399 
1400  nl_addr_get(new);
1401  *pos = new;
1402 
1403  sa->ce_mask |= flag;
1404 
1405  return 0;
1406 }
1407 
1408 
1409 struct nl_addr* xfrmnl_sa_get_daddr (struct xfrmnl_sa* sa)
1410 {
1411  if (sa->ce_mask & XFRM_SA_ATTR_DADDR)
1412  return sa->id.daddr;
1413  else
1414  return NULL;
1415 }
1416 
1417 int xfrmnl_sa_set_daddr (struct xfrmnl_sa* sa, struct nl_addr* addr)
1418 {
1419  return __assign_addr(sa, &sa->id.daddr, addr, XFRM_SA_ATTR_DADDR, 0);
1420 }
1421 
1422 int xfrmnl_sa_get_spi (struct xfrmnl_sa* sa)
1423 {
1424  if (sa->ce_mask & XFRM_SA_ATTR_SPI)
1425  return sa->id.spi;
1426  else
1427  return -1;
1428 }
1429 
1430 int xfrmnl_sa_set_spi (struct xfrmnl_sa* sa, unsigned int spi)
1431 {
1432  sa->id.spi = spi;
1433  sa->ce_mask |= XFRM_SA_ATTR_SPI;
1434 
1435  return 0;
1436 }
1437 
1438 int xfrmnl_sa_get_proto (struct xfrmnl_sa* sa)
1439 {
1440  if (sa->ce_mask & XFRM_SA_ATTR_PROTO)
1441  return sa->id.proto;
1442  else
1443  return -1;
1444 }
1445 
1446 int xfrmnl_sa_set_proto (struct xfrmnl_sa* sa, unsigned int protocol)
1447 {
1448  sa->id.proto = protocol;
1449  sa->ce_mask |= XFRM_SA_ATTR_PROTO;
1450 
1451  return 0;
1452 }
1453 
1454 struct nl_addr* xfrmnl_sa_get_saddr (struct xfrmnl_sa* sa)
1455 {
1456  if (sa->ce_mask & XFRM_SA_ATTR_SADDR)
1457  return sa->saddr;
1458  else
1459  return NULL;
1460 }
1461 
1462 int xfrmnl_sa_set_saddr (struct xfrmnl_sa* sa, struct nl_addr* addr)
1463 {
1464  return __assign_addr(sa, &sa->saddr, addr, XFRM_SA_ATTR_SADDR, 1);
1465 }
1466 
1467 struct xfrmnl_ltime_cfg* xfrmnl_sa_get_lifetime_cfg (struct xfrmnl_sa* sa)
1468 {
1469  if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CFG)
1470  return sa->lft;
1471  else
1472  return NULL;
1473 }
1474 
1475 int xfrmnl_sa_set_lifetime_cfg (struct xfrmnl_sa* sa, struct xfrmnl_ltime_cfg* ltime)
1476 {
1477  /* Release any previously held lifetime cfg object from the SA */
1478  if (sa->lft)
1479  xfrmnl_ltime_cfg_put (sa->lft);
1480 
1481  /* Increment ref count on new lifetime object and save it in the SA */
1482  xfrmnl_ltime_cfg_get (ltime);
1483  sa->lft = ltime;
1484  sa->ce_mask |= XFRM_SA_ATTR_LTIME_CFG;
1485 
1486  return 0;
1487 }
1488 
1489 int xfrmnl_sa_get_curlifetime (struct xfrmnl_sa* sa, unsigned long long int* curr_bytes,
1490  unsigned long long int* curr_packets, unsigned long long int* curr_add_time, unsigned long long int* curr_use_time)
1491 {
1492  if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1493  return -1;
1494 
1495  if (sa->ce_mask & XFRM_SA_ATTR_LTIME_CUR)
1496  {
1497  *curr_bytes = sa->curlft.bytes;
1498  *curr_packets = sa->curlft.packets;
1499  *curr_add_time = sa->curlft.add_time;
1500  *curr_use_time = sa->curlft.use_time;
1501  }
1502  else
1503  return -1;
1504 
1505  return 0;
1506 }
1507 
1508 int xfrmnl_sa_get_stats (struct xfrmnl_sa* sa, unsigned long long int* replay_window,
1509  unsigned long long int* replay, unsigned long long int* integrity_failed)
1510 {
1511  if (sa == NULL || replay_window == NULL || replay == NULL || integrity_failed == NULL)
1512  return -1;
1513 
1514  if (sa->ce_mask & XFRM_SA_ATTR_STATS)
1515  {
1516  *replay_window = sa->stats.replay_window;
1517  *replay = sa->stats.replay;
1518  *integrity_failed = sa->stats.integrity_failed;
1519  }
1520  else
1521  return -1;
1522 
1523  return 0;
1524 }
1525 
1526 int xfrmnl_sa_get_seq (struct xfrmnl_sa* sa)
1527 {
1528  if (sa->ce_mask & XFRM_SA_ATTR_SEQ)
1529  return sa->seq;
1530  else
1531  return -1;
1532 }
1533 
1534 int xfrmnl_sa_get_reqid (struct xfrmnl_sa* sa)
1535 {
1536  if (sa->ce_mask & XFRM_SA_ATTR_REQID)
1537  return sa->reqid;
1538  else
1539  return -1;
1540 }
1541 
1542 int xfrmnl_sa_set_reqid (struct xfrmnl_sa* sa, unsigned int reqid)
1543 {
1544  sa->reqid = reqid;
1545  sa->ce_mask |= XFRM_SA_ATTR_REQID;
1546 
1547  return 0;
1548 }
1549 
1550 int xfrmnl_sa_get_family (struct xfrmnl_sa* sa)
1551 {
1552  if (sa->ce_mask & XFRM_SA_ATTR_FAMILY)
1553  return sa->family;
1554  else
1555  return -1;
1556 }
1557 
1558 int xfrmnl_sa_set_family (struct xfrmnl_sa* sa, unsigned int family)
1559 {
1560  sa->family = family;
1561  sa->ce_mask |= XFRM_SA_ATTR_FAMILY;
1562 
1563  return 0;
1564 }
1565 
1566 int xfrmnl_sa_get_mode (struct xfrmnl_sa* sa)
1567 {
1568  if (sa->ce_mask & XFRM_SA_ATTR_MODE)
1569  return sa->mode;
1570  else
1571  return -1;
1572 }
1573 
1574 int xfrmnl_sa_set_mode (struct xfrmnl_sa* sa, unsigned int mode)
1575 {
1576  sa->mode = mode;
1577  sa->ce_mask |= XFRM_SA_ATTR_MODE;
1578 
1579  return 0;
1580 }
1581 
1582 int xfrmnl_sa_get_replay_window (struct xfrmnl_sa* sa)
1583 {
1584  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_WIN)
1585  return sa->replay_window;
1586  else
1587  return -1;
1588 }
1589 
1590 int xfrmnl_sa_set_replay_window (struct xfrmnl_sa* sa, unsigned int replay_window)
1591 {
1592  sa->replay_window = replay_window;
1593  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_WIN;
1594 
1595  return 0;
1596 }
1597 
1598 int xfrmnl_sa_get_flags (struct xfrmnl_sa* sa)
1599 {
1600  if (sa->ce_mask & XFRM_SA_ATTR_FLAGS)
1601  return sa->flags;
1602  else
1603  return -1;
1604 }
1605 
1606 int xfrmnl_sa_set_flags (struct xfrmnl_sa* sa, unsigned int flags)
1607 {
1608  sa->flags = flags;
1609  sa->ce_mask |= XFRM_SA_ATTR_FLAGS;
1610 
1611  return 0;
1612 }
1613 
1614 int xfrmnl_sa_get_aead_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int* key_len, unsigned int* icv_len, char* key)
1615 {
1616  if (sa->ce_mask & XFRM_SA_ATTR_ALG_AEAD)
1617  {
1618  strcpy (alg_name, sa->aead->alg_name);
1619  *key_len = sa->aead->alg_key_len;
1620  *icv_len = sa->aead->alg_icv_len;
1621  memcpy ((void *)key, (void *)sa->aead->alg_key, ((sa->aead->alg_key_len + 7)/8));
1622  }
1623  else
1624  return -1;
1625 
1626  return 0;
1627 }
1628 
1629 int xfrmnl_sa_set_aead_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int key_len, unsigned int icv_len, char* key)
1630 {
1631  uint32_t newlen = sizeof (struct xfrmnl_algo_aead) + (sizeof (uint8_t) * ((key_len + 7)/8));
1632 
1633  /* Free up the old key and allocate memory to hold new key */
1634  if (sa->aead)
1635  free (sa->aead);
1636  if ((sa->aead = calloc (1, newlen)) == NULL)
1637  return -1;
1638 
1639  /* Save the new info */
1640  strcpy (sa->aead->alg_name, alg_name);
1641  sa->aead->alg_key_len = key_len;
1642  sa->aead->alg_icv_len = icv_len;
1643  memcpy ((void *)sa->aead->alg_key, (void *)key, newlen);
1644 
1645  sa->ce_mask |= XFRM_SA_ATTR_ALG_AEAD;
1646 
1647  return 0;
1648 }
1649 
1650 int xfrmnl_sa_get_auth_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int* key_len, unsigned int* trunc_len, char* key)
1651 {
1652  if (sa->ce_mask & XFRM_SA_ATTR_ALG_AUTH)
1653  {
1654  strcpy (alg_name, sa->auth->alg_name);
1655  *key_len = sa->auth->alg_key_len;
1656  *trunc_len = sa->auth->alg_trunc_len;
1657  memcpy ((void *)key, (void *)sa->auth->alg_key, ((sa->auth->alg_key_len + 7)/8));
1658  }
1659  else
1660  return -1;
1661 
1662  return 0;
1663 }
1664 
1665 int xfrmnl_sa_set_auth_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int key_len, unsigned int trunc_len, char* key)
1666 {
1667  uint32_t newlen = sizeof (struct xfrmnl_algo_auth) + (sizeof (uint8_t) * ((key_len + 7)/8));
1668 
1669  /* Free up the old auth data and allocate new one */
1670  if (sa->auth)
1671  free (sa->auth);
1672  if ((sa->auth = calloc (1, newlen)) == NULL)
1673  return -1;
1674 
1675  /* Save the new info */
1676  strcpy (sa->auth->alg_name, alg_name);
1677  sa->auth->alg_key_len = key_len;
1678  sa->auth->alg_trunc_len = trunc_len;
1679  memcpy ((void *)sa->auth->alg_key, (void *)key, newlen);
1680 
1681  sa->ce_mask |= XFRM_SA_ATTR_ALG_AUTH;
1682 
1683  return 0;
1684 }
1685 
1686 int xfrmnl_sa_get_crypto_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int* key_len, char* key)
1687 {
1688  if (sa->ce_mask & XFRM_SA_ATTR_ALG_CRYPT)
1689  {
1690  strcpy (alg_name, sa->crypt->alg_name);
1691  *key_len = sa->crypt->alg_key_len;
1692  memcpy ((void *)key, (void *)sa->crypt->alg_key, ((sa->crypt->alg_key_len + 7)/8));
1693  }
1694  else
1695  return -1;
1696 
1697  return 0;
1698 }
1699 
1700 int xfrmnl_sa_set_crypto_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int key_len, char* key)
1701 {
1702  uint32_t newlen = sizeof (struct xfrmnl_algo) + (sizeof (uint8_t) * ((key_len + 7)/8));
1703 
1704  /* Free up the old crypto and allocate new one */
1705  if (sa->crypt)
1706  free (sa->crypt);
1707  if ((sa->crypt = calloc (1, newlen)) == NULL)
1708  return -1;
1709 
1710  /* Save the new info */
1711  strcpy (sa->crypt->alg_name, alg_name);
1712  sa->crypt->alg_key_len = key_len;
1713  memcpy ((void *)sa->crypt->alg_key, (void *)key, newlen);
1714 
1715  sa->ce_mask |= XFRM_SA_ATTR_ALG_CRYPT;
1716 
1717  return 0;
1718 }
1719 
1720 int xfrmnl_sa_get_comp_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int* key_len, char* key)
1721 {
1722  if (sa->ce_mask & XFRM_SA_ATTR_ALG_COMP)
1723  {
1724  strcpy (alg_name, sa->comp->alg_name);
1725  *key_len = sa->comp->alg_key_len;
1726  memcpy ((void *)key, (void *)sa->comp->alg_key, ((sa->comp->alg_key_len + 7)/8));
1727  }
1728  else
1729  return -1;
1730 
1731  return 0;
1732 }
1733 
1734 int xfrmnl_sa_set_comp_params (struct xfrmnl_sa* sa, char* alg_name, unsigned int key_len, char* key)
1735 {
1736  uint32_t newlen = sizeof (struct xfrmnl_algo) + (sizeof (uint8_t) * ((key_len + 7)/8));
1737 
1738  /* Free up the old compression algo params and allocate new one */
1739  if (sa->comp)
1740  free (sa->comp);
1741  if ((sa->comp = calloc (1, newlen)) == NULL)
1742  return -1;
1743 
1744  /* Save the new info */
1745  strcpy (sa->comp->alg_name, alg_name);
1746  sa->comp->alg_key_len = key_len;
1747  memcpy ((void *)sa->comp->alg_key, (void *)key, newlen);
1748 
1749  sa->ce_mask |= XFRM_SA_ATTR_ALG_COMP;
1750 
1751  return 0;
1752 }
1753 
1754 int xfrmnl_sa_get_encap_tmpl (struct xfrmnl_sa* sa, unsigned int* encap_type, unsigned int* encap_sport, unsigned int* encap_dport, struct nl_addr** encap_oa)
1755 {
1756  if (sa->ce_mask & XFRM_SA_ATTR_ENCAP)
1757  {
1758  *encap_type = sa->encap->encap_type;
1759  *encap_sport = sa->encap->encap_sport;
1760  *encap_dport = sa->encap->encap_dport;
1761  *encap_oa = nl_addr_clone (sa->encap->encap_oa);
1762  }
1763  else
1764  return -1;
1765 
1766  return 0;
1767 }
1768 
1769 int xfrmnl_sa_set_encap_tmpl (struct xfrmnl_sa* sa, unsigned int encap_type, unsigned int encap_sport, unsigned int encap_dport, struct nl_addr* encap_oa)
1770 {
1771  /* Free up the old encap OA */
1772  if (sa->encap->encap_oa)
1773  nl_addr_put (sa->encap->encap_oa);
1774 
1775  /* Save the new info */
1776  sa->encap->encap_type = encap_type;
1777  sa->encap->encap_sport = encap_sport;
1778  sa->encap->encap_dport = encap_dport;
1779  nl_addr_get (encap_oa);
1780  sa->encap->encap_oa = encap_oa;
1781 
1782  sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
1783 
1784  return 0;
1785 }
1786 
1787 int xfrmnl_sa_get_tfcpad (struct xfrmnl_sa* sa)
1788 {
1789  if (sa->ce_mask & XFRM_SA_ATTR_TFCPAD)
1790  return sa->tfcpad;
1791  else
1792  return -1;
1793 }
1794 
1795 int xfrmnl_sa_set_tfcpad (struct xfrmnl_sa* sa, unsigned int tfcpad)
1796 {
1797  sa->tfcpad = tfcpad;
1798  sa->ce_mask |= XFRM_SA_ATTR_TFCPAD;
1799 
1800  return 0;
1801 }
1802 
1803 struct nl_addr* xfrmnl_sa_get_coaddr (struct xfrmnl_sa* sa)
1804 {
1805  if (sa->ce_mask & XFRM_SA_ATTR_COADDR)
1806  return sa->coaddr;
1807  else
1808  return NULL;
1809 }
1810 
1811 int xfrmnl_sa_set_coaddr (struct xfrmnl_sa* sa, struct nl_addr* coaddr)
1812 {
1813  /* Free up the old coaddr */
1814  if (sa->coaddr)
1815  nl_addr_put (sa->coaddr);
1816 
1817  /* Save the new info */
1818  nl_addr_get (coaddr);
1819  sa->coaddr = coaddr;
1820 
1821  sa->ce_mask |= XFRM_SA_ATTR_COADDR;
1822 
1823  return 0;
1824 }
1825 
1826 int xfrmnl_sa_get_mark (struct xfrmnl_sa* sa, unsigned int* mark_mask, unsigned int* mark_value)
1827 {
1828  if (mark_mask == NULL || mark_value == NULL)
1829  return -1;
1830 
1831  if (sa->ce_mask & XFRM_SA_ATTR_MARK)
1832  {
1833  *mark_mask = sa->mark.m;
1834  *mark_value = sa->mark.v;
1835 
1836  return 0;
1837  }
1838  else
1839  return -1;
1840 }
1841 
1842 int xfrmnl_sa_set_mark (struct xfrmnl_sa* sa, unsigned int value, unsigned int mask)
1843 {
1844  sa->mark.v = value;
1845  sa->mark.m = mask;
1846  sa->ce_mask |= XFRM_SA_ATTR_MARK;
1847 
1848  return 0;
1849 }
1850 
1851 int xfrmnl_sa_get_sec_ctx (struct xfrmnl_sa* sa, unsigned int* doi, unsigned int* alg, unsigned int* len, unsigned int* sid, char* ctx_str)
1852 {
1853  if (sa->ce_mask & XFRM_SA_ATTR_SECCTX)
1854  {
1855  *doi = sa->sec_ctx->ctx_doi;
1856  *alg = sa->sec_ctx->ctx_alg;
1857  *len = sa->sec_ctx->ctx_len;
1858  *sid = sa->sec_ctx->ctx_sid;
1859  memcpy ((void *)ctx_str, (void *)sa->sec_ctx->ctx_str, sizeof (uint8_t) * sa->sec_ctx->ctx_len);
1860  }
1861  else
1862  return -1;
1863 
1864  return 0;
1865 }
1866 
1867 int xfrmnl_sa_set_sec_ctx (struct xfrmnl_sa* sa, unsigned int doi, unsigned int alg, unsigned int len, unsigned int sid, char* ctx_str)
1868 {
1869  /* Free up the old context string and allocate new one */
1870  if (sa->sec_ctx)
1871  free (sa->sec_ctx);
1872  if ((sa->sec_ctx = calloc (1, sizeof (struct xfrmnl_sec_ctx) + (sizeof (uint8_t) * len))) == NULL)
1873  return -1;
1874 
1875  /* Save the new info */
1876  sa->sec_ctx->ctx_doi = doi;
1877  sa->sec_ctx->ctx_alg = alg;
1878  sa->sec_ctx->ctx_len = len;
1879  sa->sec_ctx->ctx_sid = sid;
1880  memcpy ((void *)sa->sec_ctx->ctx_str, (void *)ctx_str, sizeof (uint8_t) * len);
1881 
1882  sa->ce_mask |= XFRM_SA_ATTR_SECCTX;
1883 
1884  return 0;
1885 }
1886 
1887 
1888 int xfrmnl_sa_get_replay_maxage (struct xfrmnl_sa* sa)
1889 {
1890  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXAGE)
1891  return sa->replay_maxage;
1892  else
1893  return -1;
1894 }
1895 
1896 int xfrmnl_sa_set_replay_maxage (struct xfrmnl_sa* sa, unsigned int replay_maxage)
1897 {
1898  sa->replay_maxage = replay_maxage;
1899  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXAGE;
1900 
1901  return 0;
1902 }
1903 
1904 int xfrmnl_sa_get_replay_maxdiff (struct xfrmnl_sa* sa)
1905 {
1906  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_MAXDIFF)
1907  return sa->replay_maxdiff;
1908  else
1909  return -1;
1910 }
1911 
1912 int xfrmnl_sa_set_replay_maxdiff (struct xfrmnl_sa* sa, unsigned int replay_maxdiff)
1913 {
1914  sa->replay_maxdiff = replay_maxdiff;
1915  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_MAXDIFF;
1916 
1917  return 0;
1918 }
1919 
1920 int xfrmnl_sa_get_replay_state (struct xfrmnl_sa* sa, unsigned int* oseq, unsigned int* seq, unsigned int* bmp)
1921 {
1922  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
1923  {
1924  if (sa->replay_state_esn == NULL)
1925  {
1926  *oseq = sa->replay_state.oseq;
1927  *seq = sa->replay_state.seq;
1928  *bmp = sa->replay_state.bitmap;
1929 
1930  return 0;
1931  }
1932  else
1933  {
1934  return -1;
1935  }
1936  }
1937  else
1938  return -1;
1939 }
1940 
1941 int xfrmnl_sa_set_replay_state (struct xfrmnl_sa* sa, unsigned int oseq, unsigned int seq, unsigned int bitmap)
1942 {
1943  sa->replay_state.oseq = oseq;
1944  sa->replay_state.seq = seq;
1945  sa->replay_state.bitmap = bitmap;
1946  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
1947 
1948  return 0;
1949 }
1950 
1951 int xfrmnl_sa_get_replay_state_esn (struct xfrmnl_sa* sa, unsigned int* oseq, unsigned int* seq, unsigned int* oseq_hi,
1952  unsigned int* seq_hi, unsigned int* replay_window, unsigned int* bmp_len, unsigned int* bmp)
1953 {
1954  if (sa->ce_mask & XFRM_SA_ATTR_REPLAY_STATE)
1955  {
1956  if (sa->replay_state_esn)
1957  {
1958  *oseq = sa->replay_state_esn->oseq;
1959  *seq = sa->replay_state_esn->seq;
1960  *oseq_hi= sa->replay_state_esn->oseq_hi;
1961  *seq_hi = sa->replay_state_esn->seq_hi;
1962  *replay_window = sa->replay_state_esn->replay_window;
1963  *bmp_len = sa->replay_state_esn->bmp_len; // In number of 32 bit words
1964  memcpy (bmp, sa->replay_state_esn->bmp, sa->replay_state_esn->bmp_len * sizeof (uint32_t));
1965 
1966  return 0;
1967  }
1968  else
1969  {
1970  return -1;
1971  }
1972  }
1973  else
1974  return -1;
1975 }
1976 
1977 int xfrmnl_sa_set_replay_state_esn (struct xfrmnl_sa* sa, unsigned int oseq, unsigned int seq,
1978  unsigned int oseq_hi, unsigned int seq_hi, unsigned int replay_window,
1979  unsigned int bmp_len, unsigned int* bmp)
1980 {
1981  /* Free the old replay state and allocate space to hold new one */
1982  if (sa->replay_state_esn)
1983  free (sa->replay_state_esn);
1984 
1985  if ((sa->replay_state_esn = calloc (1, sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * bmp_len))) == NULL)
1986  return -1;
1987  sa->replay_state_esn->oseq = oseq;
1988  sa->replay_state_esn->seq = seq;
1989  sa->replay_state_esn->oseq_hi = oseq_hi;
1990  sa->replay_state_esn->seq_hi = seq_hi;
1991  sa->replay_state_esn->replay_window = replay_window;
1992  sa->replay_state_esn->bmp_len = bmp_len; // In number of 32 bit words
1993  memcpy (sa->replay_state_esn->bmp, bmp, bmp_len * sizeof (uint32_t));
1994  sa->ce_mask |= XFRM_SA_ATTR_REPLAY_STATE;
1995 
1996  return 0;
1997 }
1998 
1999 
2000 int xfrmnl_sa_is_hardexpiry_reached (struct xfrmnl_sa* sa)
2001 {
2002  if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2003  return (sa->hard > 0 ? 1: 0);
2004  else
2005  return 0;
2006 }
2007 
2008 int xfrmnl_sa_is_expiry_reached (struct xfrmnl_sa* sa)
2009 {
2010  if (sa->ce_mask & XFRM_SA_ATTR_EXPIRE)
2011  return 1;
2012  else
2013  return 0;
2014 }
2015 
2016 /** @} */
2017 
2018 static struct nl_object_ops xfrm_sa_obj_ops = {
2019  .oo_name = "xfrm/sa",
2020  .oo_size = sizeof(struct xfrmnl_sa),
2021  .oo_constructor = xfrm_sa_alloc_data,
2022  .oo_free_data = xfrm_sa_free_data,
2023  .oo_clone = xfrm_sa_clone,
2024  .oo_dump = {
2025  [NL_DUMP_LINE] = xfrm_sa_dump_line,
2026  [NL_DUMP_DETAILS] = xfrm_sa_dump_details,
2027  [NL_DUMP_STATS] = xfrm_sa_dump_stats,
2028  },
2029  .oo_compare = xfrm_sa_compare,
2030  .oo_attrs2str = xfrm_sa_attrs2str,
2031  .oo_id_attrs = (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO),
2032 };
2033 
2034 static struct nl_af_group xfrm_sa_groups[] = {
2035  { AF_UNSPEC, XFRMNLGRP_SA },
2036  { AF_UNSPEC, XFRMNLGRP_EXPIRE },
2037  { END_OF_GROUP_LIST },
2038 };
2039 
2040 static struct nl_cache_ops xfrmnl_sa_ops = {
2041  .co_name = "xfrm/sa",
2042  .co_hdrsize = sizeof(struct xfrm_usersa_info),
2043  .co_msgtypes = {
2044  { XFRM_MSG_NEWSA, NL_ACT_NEW, "new" },
2045  { XFRM_MSG_DELSA, NL_ACT_DEL, "del" },
2046  { XFRM_MSG_GETSA, NL_ACT_GET, "get" },
2047  { XFRM_MSG_EXPIRE, NL_ACT_UNSPEC, "expire"},
2048  { XFRM_MSG_UPDSA, NL_ACT_NEW, "update"},
2049  END_OF_MSGTYPES_LIST,
2050  },
2051  .co_protocol = NETLINK_XFRM,
2052  .co_groups = xfrm_sa_groups,
2053  .co_request_update = xfrm_sa_request_update,
2054  .co_msg_parser = xfrm_sa_msg_parser,
2055  .co_obj_ops = &xfrm_sa_obj_ops,
2056  .co_include_event = &xfrm_sa_update_cache
2057 };
2058 
2059 /**
2060  * @name XFRM SA Cache Managament
2061  * @{
2062  */
2063 
2064 static void __attribute__ ((constructor)) xfrm_sa_init(void)
2065 {
2066  nl_cache_mngt_register(&xfrmnl_sa_ops);
2067 }
2068 
2069 static void __attribute__ ((destructor)) xfrm_sa_exit(void)
2070 {
2071  nl_cache_mngt_unregister(&xfrmnl_sa_ops);
2072 }
2073 
2074 /** @} */
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
Definition: nl.c:1252
struct nl_addr * nl_addr_clone(const struct nl_addr *addr)
Clone existing abstract address object.
Definition: addr.c:471
Dump object briefly on one line.
Definition: types.h:22
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
Definition: addr.c:917
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
Definition: msg.c:558
int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
Compare abstract addresses.
Definition: addr.c:563
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
Definition: msg.c:105
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:54
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Definition: cache_mngt.c:287
Attribute validation policy.
Definition: attr.h:67
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
Definition: object.c:204
struct nl_addr * nl_addr_build(int family, const void *buf, size_t size)
Allocate abstract address based on a binary address.
Definition: addr.c:216
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
Definition: nl.c:1183
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, struct nla_policy *policy)
parse attributes of a netlink message
Definition: msg.c:213
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
Definition: lifetime.c:93
struct nlattr * nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
Reserve space for a attribute.
Definition: attr.c:456
struct nl_addr * nl_addr_get(struct nl_addr *addr)
Increase the reference counter of an abstract address.
Definition: addr.c:501
Dump all attributes but no statistics.
Definition: types.h:23
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
Definition: cache_mngt.c:252
struct nl_object * nl_cache_search(struct nl_cache *cache, struct nl_object *needle)
Search object in cache.
Definition: cache.c:1063
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
Definition: attr.h:162
int nl_object_get_msgtype(const struct nl_object *obj)
Return the netlink message type the object was derived from.
Definition: object.c:504
void nl_cache_remove(struct nl_object *obj)
Remove object from cache.
Definition: cache.c:551
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
Definition: attr.c:120
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
Definition: selector.c:160
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
Definition: attr.h:233
uint16_t minlen
Minimal length of payload required.
Definition: attr.h:72
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
Definition: nl.c:584
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
Definition: cache.c:145
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
Definition: msg.c:442
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
Definition: nl.c:1117
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:215
int nl_cache_move(struct nl_cache *cache, struct nl_object *obj)
Move object from one cache to another.
Definition: cache.c:523
void nl_addr_put(struct nl_addr *addr)
Decrease the reference counter of an abstract address.
Definition: addr.c:517
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
Definition: msg.c:346
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
Definition: selector.c:76
32 bit integer
Definition: attr.h:41
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
Definition: selector.c:95
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
Definition: lifetime.c:74
Dumping parameters.
Definition: types.h:33
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
Definition: lifetime.c:154
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:914
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
Definition: nl.c:520
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
Definition: addr.c:905
Dump all attributes including statistics.
Definition: types.h:24
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
Definition: cache.c:119
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
Definition: addr.c:893
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
Definition: cache.c:233
uint32_t nl_object_diff(struct nl_object *a, struct nl_object *b)
Compute bitmask representing difference in attribute values.
Definition: object.c:361
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:951
int nl_addr_get_family(const struct nl_addr *addr)
Return address family.
Definition: addr.c:845