stv0g
/
libnl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

xfrm: add xfrm support 

Signed-off-by: Sruthi Yellamraju <ysruthi@gmail.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>
This commit is contained in:
Sruthi Yellamraju 2014-07-20 15:57:33 +02:00 committed by Thomas Haller
parent dcc5375977
commit 9171544708
20 changed files with 6863 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile.am
View File

@ -7,7 +7,8 @@ SUBDIRS = include lib man python tests
pkgconfig_DATA = libnl-3.0.pc \
libnl-route-3.0.pc \
libnl-genl-3.0.pc \
libnl-nf-3.0.pc
libnl-nf-3.0.pc \
libnl-xfrm-3.0.pc
if ENABLE_CLI
SUBDIRS += src

1
configure.ac
View File

@ -127,6 +127,7 @@ libnl-route-3.0.pc
libnl-genl-3.0.pc
libnl-nf-3.0.pc
libnl-cli-3.0.pc
libnl-xfrm-3.0.pc
lib/Makefile
include/Makefile
src/Makefile

9
include/Makefile.am
View File

@ -93,7 +93,13 @@ nobase_libnlinclude_HEADERS = \
netlink/idiag/meminfo.h \
netlink/idiag/msg.h \
netlink/idiag/req.h \
netlink/idiag/vegasinfo.h
netlink/idiag/vegasinfo.h \
netlink/xfrm/ae.h \
netlink/xfrm/lifetime.h \
netlink/xfrm/sa.h \
netlink/xfrm/selector.h \
netlink/xfrm/sp.h \
netlink/xfrm/template.h
if ENABLE_CLI
nobase_libnlinclude_HEADERS += \
@ -141,6 +147,7 @@ noinst_HEADERS = \
linux/pkt_sched.h \
linux/rtnetlink.h \
linux/snmp.h \
linux/xfrm.h \
linux/tc_ematch/tc_em_meta.h \
netlink-private/genl.h \
netlink-private/netlink.h \

502
include/linux/xfrm.h Normal file
View File

@ -0,0 +1,502 @@
#ifndef _LINUX_XFRM_H
#define _LINUX_XFRM_H
#include <linux/types.h>
/* All of the structures in this file may not change size as they are
* passed into the kernel from userspace via netlink sockets.
*/
/* Structure to encapsulate addresses. I do not want to use
* "standard" structure. My apologies.
*/
typedef union {
__be32 a4;
__be32 a6[4];
} xfrm_address_t;
/* Ident of a specific xfrm_state. It is used on input to lookup
* the state by (spi,daddr,ah/esp) or to store information about
* spi, protocol and tunnel address on output.
*/
struct xfrm_id {
xfrm_address_t daddr;
__be32 spi;
__u8 proto;
};
struct xfrm_sec_ctx {
__u8 ctx_doi;
__u8 ctx_alg;
__u16 ctx_len;
__u32 ctx_sid;
char ctx_str[0];
};
/* Security Context Domains of Interpretation */
#define XFRM_SC_DOI_RESERVED 0
#define XFRM_SC_DOI_LSM 1
/* Security Context Algorithms */
#define XFRM_SC_ALG_RESERVED 0
#define XFRM_SC_ALG_SELINUX 1
/* Selector, used as selector both on policy rules (SPD) and SAs. */
struct xfrm_selector {
xfrm_address_t daddr;
xfrm_address_t saddr;
__be16 dport;
__be16 dport_mask;
__be16 sport;
__be16 sport_mask;
__u16 family;
__u8 prefixlen_d;
__u8 prefixlen_s;
__u8 proto;
int ifindex;
__kernel_uid32_t user;
};
#define XFRM_INF (~(__u64)0)
struct xfrm_lifetime_cfg {
__u64 soft_byte_limit;
__u64 hard_byte_limit;
__u64 soft_packet_limit;
__u64 hard_packet_limit;
__u64 soft_add_expires_seconds;
__u64 hard_add_expires_seconds;
__u64 soft_use_expires_seconds;
__u64 hard_use_expires_seconds;
};
struct xfrm_lifetime_cur {
__u64 bytes;
__u64 packets;
__u64 add_time;
__u64 use_time;
};
struct xfrm_replay_state {
__u32 oseq;
__u32 seq;
__u32 bitmap;
};
struct xfrm_replay_state_esn {
unsigned int bmp_len;
__u32 oseq;
__u32 seq;
__u32 oseq_hi;
__u32 seq_hi;
__u32 replay_window;
__u32 bmp[0];
};
struct xfrm_algo {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
char alg_key[0];
};
struct xfrm_algo_auth {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
unsigned int alg_trunc_len; /* in bits */
char alg_key[0];
};
struct xfrm_algo_aead {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
unsigned int alg_icv_len; /* in bits */
char alg_key[0];
};
struct xfrm_stats {
__u32 replay_window;
__u32 replay;
__u32 integrity_failed;
};
enum {
XFRM_POLICY_TYPE_MAIN = 0,
XFRM_POLICY_TYPE_SUB = 1,
XFRM_POLICY_TYPE_MAX = 2,
XFRM_POLICY_TYPE_ANY = 255
};
enum {
XFRM_POLICY_IN = 0,
XFRM_POLICY_OUT = 1,
XFRM_POLICY_FWD = 2,
XFRM_POLICY_MASK = 3,
XFRM_POLICY_MAX = 3
};
enum {
XFRM_SHARE_ANY, /* No limitations */
XFRM_SHARE_SESSION, /* For this session only */
XFRM_SHARE_USER, /* For this user only */
XFRM_SHARE_UNIQUE /* Use once */
};
#define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
#define XFRM_MODE_BEET 4
#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
XFRM_MSG_BASE = 0x10,
XFRM_MSG_NEWSA = 0x10,
#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
XFRM_MSG_DELSA,
#define XFRM_MSG_DELSA XFRM_MSG_DELSA
XFRM_MSG_GETSA,
#define XFRM_MSG_GETSA XFRM_MSG_GETSA
XFRM_MSG_NEWPOLICY,
#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
XFRM_MSG_DELPOLICY,
#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
XFRM_MSG_GETPOLICY,
#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
XFRM_MSG_ALLOCSPI,
#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
XFRM_MSG_ACQUIRE,
#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
XFRM_MSG_EXPIRE,
#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
XFRM_MSG_UPDPOLICY,
#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
XFRM_MSG_UPDSA,
#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
XFRM_MSG_POLEXPIRE,
#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
XFRM_MSG_FLUSHSA,
#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
XFRM_MSG_FLUSHPOLICY,
#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
XFRM_MSG_NEWAE,
#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
XFRM_MSG_GETAE,
#define XFRM_MSG_GETAE XFRM_MSG_GETAE
XFRM_MSG_REPORT,
#define XFRM_MSG_REPORT XFRM_MSG_REPORT
XFRM_MSG_MIGRATE,
#define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE
XFRM_MSG_NEWSADINFO,
#define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO
XFRM_MSG_GETSADINFO,
#define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO
XFRM_MSG_NEWSPDINFO,
#define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO
XFRM_MSG_GETSPDINFO,
#define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO
XFRM_MSG_MAPPING,
#define XFRM_MSG_MAPPING XFRM_MSG_MAPPING
__XFRM_MSG_MAX
};
#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
/*
* Generic LSM security context for comunicating to user space
* NOTE: Same format as sadb_x_sec_ctx
*/
struct xfrm_user_sec_ctx {
__u16 len;
__u16 exttype;
__u8 ctx_alg; /* LSMs: e.g., selinux == 1 */
__u8 ctx_doi;
__u16 ctx_len;
};
struct xfrm_user_tmpl {
struct xfrm_id id;
__u16 family;
xfrm_address_t saddr;
__u32 reqid;
__u8 mode;
__u8 share;
__u8 optional;
__u32 aalgos;
__u32 ealgos;
__u32 calgos;
};
struct xfrm_encap_tmpl {
__u16 encap_type;
__be16 encap_sport;
__be16 encap_dport;
xfrm_address_t encap_oa;
};
/* AEVENT flags */
enum xfrm_ae_ftype_t {
XFRM_AE_UNSPEC,
XFRM_AE_RTHR=1, /* replay threshold*/
XFRM_AE_RVAL=2, /* replay value */
XFRM_AE_LVAL=4, /* lifetime value */
XFRM_AE_ETHR=8, /* expiry timer threshold */
XFRM_AE_CR=16, /* Event cause is replay update */
XFRM_AE_CE=32, /* Event cause is timer expiry */
XFRM_AE_CU=64, /* Event cause is policy update */
__XFRM_AE_MAX
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
};
struct xfrm_userpolicy_type {
__u8 type;
__u16 reserved1;
__u8 reserved2;
};
/* Netlink message attributes. */
enum xfrm_attr_type_t {
XFRMA_UNSPEC,
XFRMA_ALG_AUTH, /* struct xfrm_algo */
XFRMA_ALG_CRYPT, /* struct xfrm_algo */
XFRMA_ALG_COMP, /* struct xfrm_algo */
XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
XFRMA_SA, /* struct xfrm_usersa_info */
XFRMA_POLICY, /*struct xfrm_userpolicy_info */
XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */
XFRMA_LTIME_VAL,
XFRMA_REPLAY_VAL,
XFRMA_REPLAY_THRESH,
XFRMA_ETIMER_THRESH,
XFRMA_SRCADDR, /* xfrm_address_t */
XFRMA_COADDR, /* xfrm_address_t */
XFRMA_LASTUSED, /* unsigned long */
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
XFRMA_MIGRATE,
XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */
XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
XFRMA_MARK, /* struct xfrm_mark */
XFRMA_TFCPAD, /* __u32 */
XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */
__XFRMA_MAX
#define XFRMA_MAX (__XFRMA_MAX - 1)
};
struct xfrm_mark {
__u32 v; /* value */
__u32 m; /* mask */
};
enum xfrm_sadattr_type_t {
XFRMA_SAD_UNSPEC,
XFRMA_SAD_CNT,
XFRMA_SAD_HINFO,
__XFRMA_SAD_MAX
#define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1)
};
struct xfrmu_sadhinfo {
__u32 sadhcnt; /* current hash bkts */
__u32 sadhmcnt; /* max allowed hash bkts */
};
enum xfrm_spdattr_type_t {
XFRMA_SPD_UNSPEC,
XFRMA_SPD_INFO,
XFRMA_SPD_HINFO,
__XFRMA_SPD_MAX
#define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
};
struct xfrmu_spdinfo {
__u32 incnt;
__u32 outcnt;
__u32 fwdcnt;
__u32 inscnt;
__u32 outscnt;
__u32 fwdscnt;
};
struct xfrmu_spdhinfo {
__u32 spdhcnt;
__u32 spdhmcnt;
};
struct xfrm_usersa_info {
struct xfrm_selector sel;
struct xfrm_id id;
xfrm_address_t saddr;
struct xfrm_lifetime_cfg lft;
struct xfrm_lifetime_cur curlft;
struct xfrm_stats stats;
__u32 seq;
__u32 reqid;
__u16 family;
__u8 mode; /* XFRM_MODE_xxx */
__u8 replay_window;
__u8 flags;
#define XFRM_STATE_NOECN 1
#define XFRM_STATE_DECAP_DSCP 2
#define XFRM_STATE_NOPMTUDISC 4
#define XFRM_STATE_WILDRECV 8
#define XFRM_STATE_ICMP 16
#define XFRM_STATE_AF_UNSPEC 32
#define XFRM_STATE_ALIGN4 64
#define XFRM_STATE_ESN 128
};
struct xfrm_usersa_id {
xfrm_address_t daddr;
__be32 spi;
__u16 family;
__u8 proto;
};
struct xfrm_aevent_id {
struct xfrm_usersa_id sa_id;
xfrm_address_t saddr;
__u32 flags;
__u32 reqid;
};
struct xfrm_userspi_info {
struct xfrm_usersa_info info;
__u32 min;
__u32 max;
};
struct xfrm_userpolicy_info {
struct xfrm_selector sel;
struct xfrm_lifetime_cfg lft;
struct xfrm_lifetime_cur curlft;
__u32 priority;
__u32 index;
__u8 dir;
__u8 action;
#define XFRM_POLICY_ALLOW 0
#define XFRM_POLICY_BLOCK 1
__u8 flags;
#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
/* Automatically expand selector to include matching ICMP payloads. */
#define XFRM_POLICY_ICMP 2
__u8 share;
};
struct xfrm_userpolicy_id {
struct xfrm_selector sel;
__u32 index;
__u8 dir;
};
struct xfrm_user_acquire {
struct xfrm_id id;
xfrm_address_t saddr;
struct xfrm_selector sel;
struct xfrm_userpolicy_info policy;
__u32 aalgos;
__u32 ealgos;
__u32 calgos;
__u32 seq;
};
struct xfrm_user_expire {
struct xfrm_usersa_info state;
__u8 hard;
};
struct xfrm_user_polexpire {
struct xfrm_userpolicy_info pol;
__u8 hard;
};
struct xfrm_usersa_flush {
__u8 proto;
};
struct xfrm_user_report {
__u8 proto;
struct xfrm_selector sel;
};
/* Used by MIGRATE to pass addresses IKE should use to perform
* SA negotiation with the peer */
struct xfrm_user_kmaddress {
xfrm_address_t local;
xfrm_address_t remote;
__u32 reserved;
__u16 family;
};
struct xfrm_user_migrate {
xfrm_address_t old_daddr;
xfrm_address_t old_saddr;
xfrm_address_t new_daddr;
xfrm_address_t new_saddr;
__u8 proto;
__u8 mode;
__u16 reserved;
__u32 reqid;
__u16 old_family;
__u16 new_family;
};
struct xfrm_user_mapping {
struct xfrm_usersa_id id;
__u32 reqid;
xfrm_address_t old_saddr;
xfrm_address_t new_saddr;
__be16 old_sport;
__be16 new_sport;
};
/* backwards compatibility for userspace */
#define XFRMGRP_ACQUIRE 1
#define XFRMGRP_EXPIRE 2
#define XFRMGRP_SA 4
#define XFRMGRP_POLICY 8
#define XFRMGRP_REPORT 0x20
enum xfrm_nlgroups {
XFRMNLGRP_NONE,
#define XFRMNLGRP_NONE XFRMNLGRP_NONE
XFRMNLGRP_ACQUIRE,
#define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE
XFRMNLGRP_EXPIRE,
#define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE
XFRMNLGRP_SA,
#define XFRMNLGRP_SA XFRMNLGRP_SA
XFRMNLGRP_POLICY,
#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
XFRMNLGRP_AEVENTS,
#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
XFRMNLGRP_REPORT,
#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
XFRMNLGRP_MIGRATE,
#define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE
XFRMNLGRP_MAPPING,
#define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING
__XFRMNLGRP_MAX
};
#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
#endif /* _LINUX_XFRM_H */

1
include/netlink-private/netlink.h
View File

@ -54,6 +54,7 @@
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/snmp.h>
#include <linux/xfrm.h>
#ifndef DISABLE_PTHREADS
#include <pthread.h>

227
include/netlink-private/types.h
View File

@ -1000,4 +1000,231 @@ struct idiagnl_req {
uint32_t idiag_states;
uint32_t idiag_dbs;
};
// XFRM related definitions
/* Selector, used as selector both on policy rules (SPD) and SAs. */
struct xfrmnl_sel {
uint32_t refcnt;
struct nl_addr* daddr;
struct nl_addr* saddr;
uint16_t dport;
uint16_t dport_mask;
uint16_t sport;
uint16_t sport_mask;
uint16_t family;
uint8_t prefixlen_d;
uint8_t prefixlen_s;
uint8_t proto;
int32_t ifindex;
uint32_t user;
};
/* Lifetime configuration, used for both policy rules (SPD) and SAs. */
struct xfrmnl_ltime_cfg {
uint32_t refcnt;
uint64_t soft_byte_limit;
uint64_t hard_byte_limit;
uint64_t soft_packet_limit;
uint64_t hard_packet_limit;
uint64_t soft_add_expires_seconds;
uint64_t hard_add_expires_seconds;
uint64_t soft_use_expires_seconds;
uint64_t hard_use_expires_seconds;
};
/* Current lifetime, used for both policy rules (SPD) and SAs. */
struct xfrmnl_lifetime_cur {
uint64_t bytes;
uint64_t packets;
uint64_t add_time;
uint64_t use_time;
};
struct xfrmnl_replay_state {
uint32_t oseq;
uint32_t seq;
uint32_t bitmap;
};
struct xfrmnl_replay_state_esn {
uint32_t bmp_len;
uint32_t oseq;
uint32_t seq;
uint32_t oseq_hi;
uint32_t seq_hi;
uint32_t replay_window;
uint32_t bmp[0];
};
struct xfrmnl_mark {
uint32_t v; /* value */
uint32_t m; /* mask */
};
/* XFRM AE related definitions */
struct xfrmnl_sa_id {
struct nl_addr* daddr;
uint32_t spi;
uint16_t family;
uint8_t proto;
};
struct xfrmnl_ae {
NLHDR_COMMON
struct xfrmnl_sa_id sa_id;
struct nl_addr* saddr;
uint32_t flags;
uint32_t reqid;
struct xfrmnl_mark mark;
struct xfrmnl_lifetime_cur lifetime_cur;
uint32_t replay_maxage;
uint32_t replay_maxdiff;
struct xfrmnl_replay_state replay_state;
struct xfrmnl_replay_state_esn* replay_state_esn;
};
/* XFRM SA related definitions */
struct xfrmnl_id {
struct nl_addr* daddr;
uint32_t spi;
uint8_t proto;
};
struct xfrmnl_stats {
uint32_t replay_window;
uint32_t replay;
uint32_t integrity_failed;
};
struct xfrmnl_algo_aead {
char alg_name[64];
uint32_t alg_key_len; /* in bits */
uint32_t alg_icv_len; /* in bits */
char alg_key[0];
};
struct xfrmnl_algo_auth {
char alg_name[64];
uint32_t alg_key_len; /* in bits */
uint32_t alg_trunc_len; /* in bits */
char alg_key[0];
};
struct xfrmnl_algo {
char alg_name[64];
uint32_t alg_key_len; /* in bits */
char alg_key[0];
};
struct xfrmnl_encap_tmpl {
uint16_t encap_type;
uint16_t encap_sport;
uint16_t encap_dport;
struct nl_addr* encap_oa;
};
struct xfrmnl_sec_ctx {
uint8_t ctx_doi;
uint8_t ctx_alg;
uint16_t ctx_len;
uint32_t ctx_sid;
char ctx_str[0];
};
struct xfrmnl_sa {
NLHDR_COMMON
struct xfrmnl_sel* sel;
struct xfrmnl_id id;
struct nl_addr* saddr;
struct xfrmnl_ltime_cfg* lft;
struct xfrmnl_lifetime_cur curlft;
struct xfrmnl_stats stats;
uint32_t seq;
uint32_t reqid;
uint16_t family;
uint8_t mode; /* XFRM_MODE_xxx */
uint8_t replay_window;
uint8_t flags;
struct xfrmnl_algo_aead* aead;
struct xfrmnl_algo_auth* auth;
struct xfrmnl_algo* crypt;
struct xfrmnl_algo* comp;
struct xfrmnl_encap_tmpl* encap;
uint32_t tfcpad;
struct nl_addr* coaddr;
struct xfrmnl_mark mark;
struct xfrmnl_sec_ctx* sec_ctx;
uint32_t replay_maxage;
uint32_t replay_maxdiff;
struct xfrmnl_replay_state replay_state;
struct xfrmnl_replay_state_esn* replay_state_esn;
uint8_t hard;
};
struct xfrmnl_usersa_flush {
uint8_t proto;
};
/* XFRM SP related definitions */
struct xfrmnl_userpolicy_id {
struct xfrmnl_sel sel;
uint32_t index;
uint8_t dir;
};
struct xfrmnl_user_sec_ctx {
uint16_t len;
uint16_t exttype;
uint8_t ctx_alg;
uint8_t ctx_doi;
uint16_t ctx_len;
char ctx[0];
};
struct xfrmnl_userpolicy_type {
uint8_t type;
uint16_t reserved1;
uint16_t reserved2;
};
struct xfrmnl_user_tmpl {
struct xfrmnl_id id;
uint16_t family;
struct nl_addr* saddr;
uint32_t reqid;
uint8_t mode;
uint8_t share;
uint8_t optional;
uint32_t aalgos;
uint32_t ealgos;
uint32_t calgos;
struct nl_list_head utmpl_list;
};
struct xfrmnl_sp {
NLHDR_COMMON
struct xfrmnl_sel* sel;
struct xfrmnl_ltime_cfg* lft;
struct xfrmnl_lifetime_cur curlft;
uint32_t priority;
uint32_t index;
uint8_t dir;
uint8_t action;
uint8_t flags;
uint8_t share;
struct xfrmnl_user_sec_ctx* sec_ctx;
struct xfrmnl_userpolicy_type uptype;
uint32_t nr_user_tmpl;
struct nl_list_head usertmpl_list;
struct xfrmnl_mark mark;
};
#endif

111
include/netlink/xfrm/ae.h Normal file
View File

@ -0,0 +1,111 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_AE_H_
#define NETLINK_XFRM_AE_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_ae;
extern struct xfrmnl_ae* xfrmnl_ae_alloc(void);
extern void xfrmnl_ae_put(struct xfrmnl_ae *);
extern int xfrmnl_ae_get_kernel(struct nl_sock*, struct nl_addr*, unsigned int, unsigned int,
unsigned int, unsigned int, struct xfrmnl_ae**);
extern int xfrmnl_ae_set(struct nl_sock*, struct xfrmnl_ae*, int);
extern int xfrmnl_ae_parse(struct nlmsghdr*, struct xfrmnl_ae **);
extern int xfrmnl_ae_build_get_request(struct nl_addr*, unsigned int, unsigned int,
unsigned int, unsigned int, struct nl_msg **);
extern struct nl_addr* xfrmnl_ae_get_daddr (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_daddr (struct xfrmnl_ae*, struct nl_addr*);
extern int xfrmnl_ae_get_spi (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_spi (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_family (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_family (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_proto (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_proto (struct xfrmnl_ae*, unsigned int);
extern struct nl_addr* xfrmnl_ae_get_saddr (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_saddr (struct xfrmnl_ae*, struct nl_addr*);
extern int xfrmnl_ae_get_flags (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_flags (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_reqid (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_reqid (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_mark (struct xfrmnl_ae*, unsigned int*, unsigned int*);
extern int xfrmnl_ae_set_mark (struct xfrmnl_ae*, unsigned int, unsigned int);
extern int xfrmnl_ae_get_curlifetime (struct xfrmnl_ae*, unsigned long long int*,
unsigned long long int*, unsigned long long int*,
unsigned long long int*);
extern int xfrmnl_ae_set_curlifetime (struct xfrmnl_ae*, unsigned long long int,
unsigned long long int, unsigned long long int,
unsigned long long int);
extern int xfrmnl_ae_get_replay_maxage (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_replay_maxage (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_replay_maxdiff (struct xfrmnl_ae*);
extern int xfrmnl_ae_set_replay_maxdiff (struct xfrmnl_ae*, unsigned int);
extern int xfrmnl_ae_get_replay_state (struct xfrmnl_ae*, unsigned int*, unsigned int*, unsigned int*);
extern int xfrmnl_ae_set_replay_state (struct xfrmnl_ae*, unsigned int, unsigned int, unsigned int);
extern int xfrmnl_ae_get_replay_state_esn (struct xfrmnl_ae*, unsigned int*, unsigned int*, unsigned int*,
unsigned int*, unsigned int*, unsigned int*, unsigned int*);
extern int xfrmnl_ae_set_replay_state_esn (struct xfrmnl_ae*, unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int, unsigned int, unsigned int*);
extern char* xfrmnl_ae_flags2str(int, char *, size_t);
extern int xfrmnl_ae_str2flag(const char *);
#ifdef __cplusplus
}
#endif
#endif

87
include/netlink/xfrm/lifetime.h Normal file
View File

@ -0,0 +1,87 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_LTIME_H_
#define NETLINK_XFRM_LTIME_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_ltime_cfg;
/* Creation */
extern struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_alloc(void);
extern struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg*);
/* Usage Management */
extern struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_get(struct xfrmnl_ltime_cfg*);
extern void xfrmnl_ltime_cfg_put(struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_shared(struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg*, struct xfrmnl_ltime_cfg*);
/* Access Functions */
extern unsigned long long xfrmnl_ltime_cfg_get_soft_bytelimit (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_soft_bytelimit (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_hard_bytelimit (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_hard_bytelimit (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_soft_packetlimit (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_soft_packetlimit (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_hard_packetlimit (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_hard_packetlimit (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_soft_addexpires (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_soft_addexpires (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_hard_addexpires (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_hard_addexpires (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_soft_useexpires (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_soft_useexpires (struct xfrmnl_ltime_cfg*, unsigned long long);
extern unsigned long long xfrmnl_ltime_cfg_get_hard_useexpires (struct xfrmnl_ltime_cfg*);
extern int xfrmnl_ltime_cfg_set_hard_useexpires (struct xfrmnl_ltime_cfg*, unsigned long long);
#ifdef __cplusplus
}
#endif
#endif

178
include/netlink/xfrm/sa.h Normal file
View File

@ -0,0 +1,178 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_SA_H_
#define NETLINK_XFRM_SA_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_sa;
extern struct xfrmnl_sa* xfrmnl_sa_alloc(void);
extern void xfrmnl_sa_put(struct xfrmnl_sa *);
extern int xfrmnl_sa_alloc_cache(struct nl_sock *, struct nl_cache **);
extern struct xfrmnl_sa* xfrmnl_sa_get(struct nl_cache*, struct nl_addr*, unsigned int, unsigned int);
extern int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result);
extern int xfrmnl_sa_build_get_request(struct nl_addr*, unsigned int, unsigned int,
unsigned int, unsigned int, struct nl_msg **);
extern int xfrmnl_sa_get_kernel(struct nl_sock*, struct nl_addr*, unsigned int,
unsigned int, unsigned int, unsigned int, struct xfrmnl_sa**);
extern int xfrmnl_sa_build_add_request(struct xfrmnl_sa*, int, struct nl_msg **);
extern int xfrmnl_sa_add(struct nl_sock*, struct xfrmnl_sa*, int);
extern int xfrmnl_sa_build_update_request(struct xfrmnl_sa*, int, struct nl_msg **);
extern int xfrmnl_sa_update(struct nl_sock*, struct xfrmnl_sa*, int);
extern int xfrmnl_sa_build_delete_request(struct xfrmnl_sa*, int, struct nl_msg **);
extern int xfrmnl_sa_delete(struct nl_sock*, struct xfrmnl_sa*, int);
extern struct xfrmnl_sel* xfrmnl_sa_get_sel (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_sel (struct xfrmnl_sa*, struct xfrmnl_sel*);
extern struct nl_addr* xfrmnl_sa_get_daddr (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_daddr (struct xfrmnl_sa*, struct nl_addr*);
extern int xfrmnl_sa_get_spi (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_spi (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_proto (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_proto (struct xfrmnl_sa*, unsigned int);
extern struct nl_addr* xfrmnl_sa_get_saddr (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_saddr (struct xfrmnl_sa*, struct nl_addr*);
extern struct xfrmnl_ltime_cfg* xfrmnl_sa_get_lifetime_cfg (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_lifetime_cfg (struct xfrmnl_sa*, struct xfrmnl_ltime_cfg*);
extern int xfrmnl_sa_get_curlifetime (struct xfrmnl_sa*, unsigned long long int*,
unsigned long long int*, unsigned long long int*,
unsigned long long int*);
extern int xfrmnl_sa_get_stats (struct xfrmnl_sa*, unsigned long long int*,
unsigned long long int*, unsigned long long int*);
extern int xfrmnl_sa_get_seq (struct xfrmnl_sa*);
extern int xfrmnl_sa_get_reqid (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_reqid (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_family (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_family (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_mode (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_mode (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_replay_window (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_replay_window (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_flags (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_flags (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_aead_params (struct xfrmnl_sa*, char*, unsigned int*,
unsigned int*, char*);
extern int xfrmnl_sa_set_aead_params (struct xfrmnl_sa*, char*, unsigned int,
unsigned int, char*);
extern int xfrmnl_sa_get_auth_params (struct xfrmnl_sa*, char*, unsigned int*,
unsigned int*, char*);
extern int xfrmnl_sa_set_auth_params (struct xfrmnl_sa*, char*, unsigned int,
unsigned int, char*);
extern int xfrmnl_sa_get_crypto_params (struct xfrmnl_sa*, char*, unsigned int*, char*);
extern int xfrmnl_sa_set_crypto_params (struct xfrmnl_sa*, char*, unsigned int, char*);
extern int xfrmnl_sa_get_comp_params (struct xfrmnl_sa*, char*, unsigned int*, char*);
extern int xfrmnl_sa_set_comp_params (struct xfrmnl_sa*, char*, unsigned int, char*);
extern int xfrmnl_sa_get_encap_tmpl (struct xfrmnl_sa*, unsigned int*, unsigned int*,
unsigned int*, struct nl_addr**);
extern int xfrmnl_sa_set_encap_tmpl (struct xfrmnl_sa*, unsigned int, unsigned int,
unsigned int, struct nl_addr*);
extern int xfrmnl_sa_get_tfcpad (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_tfcpad (struct xfrmnl_sa*, unsigned int);
extern struct nl_addr* xfrmnl_sa_get_coaddr (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_coaddr (struct xfrmnl_sa*, struct nl_addr*);
extern int xfrmnl_sa_get_mark (struct xfrmnl_sa*, unsigned int*, unsigned int*);
extern int xfrmnl_sa_set_mark (struct xfrmnl_sa*, unsigned int, unsigned int);
extern int xfrmnl_sa_get_sec_ctx (struct xfrmnl_sa*, unsigned int, unsigned int,
unsigned int, unsigned int, char*);
extern int xfrmnl_sa_set_sec_ctx (struct xfrmnl_sa*, unsigned int, unsigned int,
unsigned int, unsigned int, char*);
extern int xfrmnl_sa_get_replay_maxage (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_replay_maxage (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_replay_maxdiff (struct xfrmnl_sa*);
extern int xfrmnl_sa_set_replay_maxdiff (struct xfrmnl_sa*, unsigned int);
extern int xfrmnl_sa_get_replay_state (struct xfrmnl_sa*, unsigned int*,
unsigned int*, unsigned int*);
extern int xfrmnl_sa_set_replay_state (struct xfrmnl_sa*, unsigned int,
unsigned int, unsigned int);
extern int xfrmnl_sa_get_replay_state_esn (struct xfrmnl_sa*, unsigned int*, unsigned int*,
unsigned int*, unsigned int*, unsigned int*,
unsigned int*, unsigned int*);
extern int xfrmnl_sa_set_replay_state_esn (struct xfrmnl_sa*, unsigned int, unsigned int,
unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int*);
extern int xfrmnl_sa_is_expiry_reached (struct xfrmnl_sa*);
extern int xfrmnl_sa_is_hardexpiry_reached (struct xfrmnl_sa*);
extern char* xfrmnl_sa_flags2str(int, char *, size_t);
extern int xfrmnl_sa_str2flag(const char *);
extern char* xfrmnl_sa_mode2str(int, char *, size_t);
extern int xfrmnl_sa_str2mode(const char *);
#ifdef __cplusplus
}
#endif
#endif

100
include/netlink/xfrm/selector.h Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_SEL_H_
#define NETLINK_XFRM_SEL_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_sel;
/* Creation */
extern struct xfrmnl_sel* xfrmnl_sel_alloc(void);
extern struct xfrmnl_sel* xfrmnl_sel_clone(struct xfrmnl_sel*);
/* Usage Management */
extern struct xfrmnl_sel* xfrmnl_sel_get(struct xfrmnl_sel*);
extern void xfrmnl_sel_put(struct xfrmnl_sel*);
extern int xfrmnl_sel_shared(struct xfrmnl_sel*);
extern int xfrmnl_sel_cmp(struct xfrmnl_sel*, struct xfrmnl_sel*);
extern void xfrmnl_sel_dump(struct xfrmnl_sel*, struct nl_dump_params *);
/* Access Functions */
extern struct nl_addr* xfrmnl_sel_get_daddr (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_daddr (struct xfrmnl_sel*, struct nl_addr*);
extern struct nl_addr* xfrmnl_sel_get_saddr (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_saddr (struct xfrmnl_sel*, struct nl_addr*);
extern int xfrmnl_sel_get_dport (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_dport (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_dportmask (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_dportmask (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_sport (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_sport (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_sportmask (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_sportmask (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_family (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_family (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_prefixlen_d (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_prefixlen_d (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_prefixlen_s (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_prefixlen_s (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_proto (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_proto (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_ifindex (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_ifindex (struct xfrmnl_sel*, unsigned int);
extern int xfrmnl_sel_get_userid (struct xfrmnl_sel*);
extern int xfrmnl_sel_set_userid (struct xfrmnl_sel*, unsigned int);
#ifdef __cplusplus
}
#endif
#endif

142
include/netlink/xfrm/sp.h Normal file
View File

@ -0,0 +1,142 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_SP_H_
#define NETLINK_XFRM_SP_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <netlink/xfrm/template.h>
#include <netlink/xfrm/lifetime.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_sp;
extern struct xfrmnl_sp* xfrmnl_sp_alloc(void);
extern void xfrmnl_sp_put(struct xfrmnl_sp *);
extern int xfrmnl_sp_alloc_cache(struct nl_sock *, struct nl_cache **);
extern struct xfrmnl_sp* xfrmnl_sp_get(struct nl_cache*, unsigned int, unsigned int);
extern int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result);
extern int xfrmnl_sp_build_get_request(unsigned int, unsigned int, unsigned int,
unsigned int, struct nl_msg **);
extern int xfrmnl_sp_get_kernel(struct nl_sock*, unsigned int, unsigned int,
unsigned int, unsigned int, struct xfrmnl_sp**);
extern int xfrmnl_sp_add(struct nl_sock*, struct xfrmnl_sp*, int);
extern int xfrmnl_sp_build_add_request(struct xfrmnl_sp*, int, struct nl_msg **);
extern int xfrmnl_sp_update(struct nl_sock*, struct xfrmnl_sp*, int);
extern int xfrmnl_sp_build_update_request(struct xfrmnl_sp*, int, struct nl_msg **);
extern int xfrmnl_sp_delete(struct nl_sock*, struct xfrmnl_sp*, int);
extern int xfrmnl_sp_build_delete_request(struct xfrmnl_sp*, int, struct nl_msg **);
extern struct xfrmnl_sel* xfrmnl_sp_get_sel (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_sel (struct xfrmnl_sp*, struct xfrmnl_sel*);
extern struct xfrmnl_ltime_cfg* xfrmnl_sp_get_lifetime_cfg (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_lifetime_cfg (struct xfrmnl_sp*, struct xfrmnl_ltime_cfg*);
extern int xfrmnl_sp_get_curlifetime (struct xfrmnl_sp*, unsigned long long int*,
unsigned long long int*, unsigned long long int*,
unsigned long long int*);
extern int xfrmnl_sp_get_priority (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_priority (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_index (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_index (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_dir (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_dir (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_action (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_action (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_flags (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_flags (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_share (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_share (struct xfrmnl_sp*, unsigned int);
extern int xfrmnl_sp_get_sec_ctx (struct xfrmnl_sp*, unsigned int*, unsigned int*,
unsigned int*, unsigned int*, unsigned int*, char*);
extern int xfrmnl_sp_set_sec_ctx (struct xfrmnl_sp*, unsigned int, unsigned int,
unsigned int, unsigned int, unsigned int, char*);
extern int xfrmnl_sp_get_userpolicy_type (struct xfrmnl_sp*);
extern int xfrmnl_sp_set_userpolicy_type (struct xfrmnl_sp*, unsigned int);
extern void xfrmnl_sp_add_usertemplate(struct xfrmnl_sp*, struct xfrmnl_user_tmpl*);
extern void xfrmnl_sp_remove_usertemplate(struct xfrmnl_sp*, struct xfrmnl_user_tmpl*);
extern struct nl_list_head* xfrmnl_sp_get_usertemplates(struct xfrmnl_sp*);
extern int xfrmnl_sp_get_nusertemplates(struct xfrmnl_sp*);
extern void xfrmnl_sp_foreach_usertemplate(struct xfrmnl_sp*,
void (*cb)(struct xfrmnl_user_tmpl*, void *),
void *arg);
extern struct xfrmnl_user_tmpl* xfrmnl_sp_usertemplate_n(struct xfrmnl_sp*, int);
extern int xfrmnl_sp_get_mark (struct xfrmnl_sp*, unsigned int*, unsigned int*);
extern int xfrmnl_sp_set_mark (struct xfrmnl_sp*, unsigned int, unsigned int);
extern char* xfrmnl_sp_action2str(int, char *, size_t);
extern int xfrmnl_sp_str2action(const char *);
extern char* xfrmnl_sp_flags2str(int, char *, size_t);
extern int xfrmnl_sp_str2flag(const char *);
extern char* xfrmnl_sp_type2str(int, char *, size_t);
extern int xfrmnl_sp_str2type(const char *);
extern char* xfrmnl_sp_dir2str(int, char *, size_t);
extern int xfrmnl_sp_str2dir(const char *);
extern char* xfrmnl_sp_share2str(int, char *, size_t);
extern int xfrmnl_sp_str2share(const char *);
extern int xfrmnl_sp_index2dir (unsigned int);
#ifdef __cplusplus
}
#endif
#endif

101
include/netlink/xfrm/template.h Normal file
View File

@ -0,0 +1,101 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef NETLINK_XFRM_TEMPL_H_
#define NETLINK_XFRM_TEMPL_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/addr.h>
#include <linux/xfrm.h>
#ifdef __cplusplus
extern "C" {
#endif
struct xfrmnl_user_tmpl;
/* Creation */
extern struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_alloc(void);
extern struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl*);
extern void xfrmnl_user_tmpl_free(struct xfrmnl_user_tmpl* utmpl);
/* Utility functions */
extern int xfrmnl_user_tmpl_cmp(struct xfrmnl_user_tmpl*, struct xfrmnl_user_tmpl*);
extern void xfrmnl_user_tmpl_dump(struct xfrmnl_user_tmpl*, struct nl_dump_params*);
/* Access Functions */
extern struct nl_addr* xfrmnl_user_tmpl_get_daddr (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_daddr (struct xfrmnl_user_tmpl*, struct nl_addr*);
extern int xfrmnl_user_tmpl_get_spi (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_spi (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_proto (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_proto (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_family (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_family (struct xfrmnl_user_tmpl*, unsigned int);
extern struct nl_addr* xfrmnl_user_tmpl_get_saddr (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_saddr (struct xfrmnl_user_tmpl*, struct nl_addr*);
extern int xfrmnl_user_tmpl_get_reqid (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_reqid (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_mode (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_mode (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_share (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_share (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_optional (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_optional (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_aalgos (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_aalgos (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_ealgos (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_ealgos (struct xfrmnl_user_tmpl*, unsigned int);
extern int xfrmnl_user_tmpl_get_calgos (struct xfrmnl_user_tmpl*);
extern int xfrmnl_user_tmpl_set_calgos (struct xfrmnl_user_tmpl*, unsigned int);
extern char* xfrmnl_user_tmpl_mode2str(int, char *, size_t);
extern int xfrmnl_user_tmpl_str2mode(const char *);
#ifdef __cplusplus
}
#endif
#endif

11
lib/Makefile.am
View File

@ -14,7 +14,7 @@ AM_LDFLAGS = \
-Wl,--version-script=$(top_builddir)/libnl.sym
lib_LTLIBRARIES = \
libnl-3.la libnl-genl-3.la libnl-route-3.la libnl-nf-3.la libnl-idiag-3.la
libnl-3.la libnl-genl-3.la libnl-route-3.la libnl-nf-3.la libnl-idiag-3.la libnl-xfrm-3.la
libnl_3_la_SOURCES = \
addr.c attr.c cache.c cache_mngr.c cache_mngt.c data.c \
@ -110,6 +110,15 @@ EXTRA_DIST = \
route/cls/ematch_grammar.l \
route/cls/ematch_syntax.y
libnl_xfrm_3_la_LIBADD = libnl-3.la
libnl_xfrm_3_la_SOURCES = \
xfrm/ae.c \
xfrm/lifetime.c \
xfrm/sa.c \
xfrm/selector.c \
xfrm/sp.c \
xfrm/template.c
if ENABLE_CLI
nobase_pkglib_LTLIBRARIES = \
cli/qdisc/htb.la \

977
lib/xfrm/ae.c Normal file
View File

@ -0,0 +1,977 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* @ingroup xfrmnl
* @defgroup ae Attribute Element
* @brief
*
* The AE interface allows a user to retrieve and update various
* Security Association (SA) attributes such as lifetime, replay state etc.
*
* @par AE Flags
* @code
* XFRM_AE_UNSPEC
* XFRM_AE_RTHR=1
* XFRM_AE_RVAL=2
* XFRM_AE_LVAL=4
* XFRM_AE_ETHR=8
* XFRM_AE_CR=16
* XFRM_AE_CE=32
* XFRM_AE_CU=64
* @endcode
*
* @par AE Identification
* An AE is uniquely identified by the attributes listed below, whenever
* you refer to an existing AE all of the attributes must be set. There is
* no cache support for AE since you can retrieve the AE for any given combination
* of attributes mentioned below, but not all at once since they just characterize
* an SA.
* - destination address (xfrmnl_ae_set_daddr())
* - SPI (xfrmnl_ae_set_spi)
* - protocol (xfrmnl_ae_set_proto)
* - mark (xfrmnl_ae_set_mark)
*
* @par Changeable Attributes
* \anchor ae_changeable
* - current lifetime (xfrmnl_ae_set_curlifetime())
* - replay properties (xfrmnl_ae_set_replay_maxage(), xfrmnl_ae_set_replay_maxdiff())
* - replay state (xfrmnl_ae_set_replay_state(), xfrmnl_ae_set_replay_state_esn))
*
* @par Required Caches for Dumping
* None
*
* @par TODO
* None
*
* @par 1) Retrieving AE information for a given SA tuple
* @code
* // Create a netlink socket and connect it to XFRM subsystem in
* the kernel to be able to send/receive info from userspace.
* struct nl_sock* sk = nl_socket_alloc ();
* nl_connect (sk, NETLINK_XFRM);
*
* // AEs can then be looked up by the SA tuple, destination address,
* SPI, protocol, mark:
* struct xfrmnl_ae *ae;
* xfrmnl_ae_get_kernel(sk, dst_addr, spi, proto,mark_mask, mark_value, &ae);
*
* // After successful usage, the object must be freed
* xfrmnl_ae_put(ae);
* @endcode
*
* @par 2) Updating AE
* @code
* // Allocate an empty AE handle to be filled out with the attributes
* // of the new AE.
* struct xfrmnl_ae *ae = xfrmnl_ae_alloc();
*
* // Fill out the attributes of the new AE
* xfrmnl_ae_set_daddr(ae, dst_addr);
* xfrmnl_ae_set_spi(ae, 0xDEADBEEF);
* xfrmnl_ae_set_proto(ae, 50);
* xfrmnl_ae_set_mark(ae, 0x0);
* xfrmnl_ae_set_saddr(ae, src_addr);
* xfrmnl_ae_set_curlifetime(ae, 540, 10, 0xAABB1122, 0x0);
*
* // Build the netlink message and send it to the kernel, the operation will
* // block until the operation has been completed. Alternatively, a netlink message
* // can be built using xfrmnl_ae_build_get_request () API and be sent using
* // nl_send_auto(). Further the result from the kernel can be parsed using
* // xfrmnl_ae_parse() API.
* xfrmnl_ae_set(sk, ae, NLM_F_REPLACE);
*
* // Free the memory
* xfrmnl_ae_put(ae);
* @endcode
*
* @endcode
* @}
*/
#include <netlink-private/netlink.h>
#include <netlink/netlink.h>
#include <netlink/cache.h>
#include <netlink/object.h>
#include <linux/xfrm.h>
/** @cond SKIP */
#define XFRM_AE_ATTR_DADDR 0x01
#define XFRM_AE_ATTR_SPI 0x02
#define XFRM_AE_ATTR_PROTO 0x04
#define XFRM_AE_ATTR_SADDR 0x08
#define XFRM_AE_ATTR_FLAGS 0x10
#define XFRM_AE_ATTR_REQID 0x20
#define XFRM_AE_ATTR_MARK 0x40
#define XFRM_AE_ATTR_LIFETIME 0x80
#define XFRM_AE_ATTR_REPLAY_MAXAGE 0x100
#define XFRM_AE_ATTR_REPLAY_MAXDIFF 0x200
#define XFRM_AE_ATTR_REPLAY_STATE 0x400
#define XFRM_AE_ATTR_FAMILY 0x800
static struct nl_object_ops xfrm_ae_obj_ops;
/** @endcond */
static void xfrm_ae_free_data(struct nl_object *c)
{
struct xfrmnl_ae* ae = nl_object_priv (c);
if (ae == NULL)
return;
nl_addr_put (ae->sa_id.daddr);
nl_addr_put (ae->saddr);
if (ae->replay_state_esn)
free (ae->replay_state_esn);
}
static int xfrm_ae_clone(struct nl_object *_dst, struct nl_object *_src)
{
struct xfrmnl_ae* dst = nl_object_priv(_dst);
struct xfrmnl_ae* src = nl_object_priv(_src);
if (src->sa_id.daddr)
if ((dst->sa_id.daddr = nl_addr_clone (src->sa_id.daddr)) == NULL)
return -NLE_NOMEM;
if (src->saddr)
if ((dst->saddr = nl_addr_clone (src->saddr)) == NULL)
return -NLE_NOMEM;
if (src->replay_state_esn)
{
uint32_t len = sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * src->replay_state_esn->bmp_len);
if ((dst->replay_state_esn = (struct xfrmnl_replay_state_esn*)calloc (1, len)) == NULL)
return -NLE_NOMEM;
memcpy (dst->replay_state_esn, dst->replay_state_esn, len);
}
return 0;
}
static int xfrm_ae_compare(struct nl_object *_a, struct nl_object *_b, uint32_t attrs, int flags)
{
struct xfrmnl_ae* a = (struct xfrmnl_ae *) _a;
struct xfrmnl_ae* b = (struct xfrmnl_ae *) _b;
int diff = 0, found = 0;
#define XFRM_AE_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_AE_ATTR_##ATTR, a, b, EXPR)
diff |= XFRM_AE_DIFF(DADDR, nl_addr_cmp(a->sa_id.daddr, b->sa_id.daddr));
diff |= XFRM_AE_DIFF(SPI, a->sa_id.spi != b->sa_id.spi);
diff |= XFRM_AE_DIFF(PROTO, a->sa_id.proto != b->sa_id.proto);
diff |= XFRM_AE_DIFF(SADDR, nl_addr_cmp(a->saddr, b->saddr));
diff |= XFRM_AE_DIFF(FLAGS, a->flags != b->flags);
diff |= XFRM_AE_DIFF(REQID, a->reqid != b->reqid);
diff |= XFRM_AE_DIFF(MARK, (a->mark.v & a->mark.m) != (b->mark.v & b->mark.m));
diff |= XFRM_AE_DIFF(REPLAY_MAXAGE, a->replay_maxage != b->replay_maxage);
diff |= XFRM_AE_DIFF(REPLAY_MAXDIFF, a->replay_maxdiff != b->replay_maxdiff);
/* Compare replay states */
found = AVAILABLE_MISMATCH (a, b, XFRM_AE_ATTR_REPLAY_STATE);
if (found == 0) // attribute exists in both objects
{
if (((a->replay_state_esn != NULL) && (b->replay_state_esn == NULL)) ||
((a->replay_state_esn == NULL) && (b->replay_state_esn != NULL)))
found |= 1;
if (found == 0) // same replay type. compare actual values
{
if (a->replay_state_esn)
{
if (a->replay_state_esn->bmp_len != b->replay_state_esn->bmp_len)
diff |= 1;
else
{
uint32_t len = sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * a->replay_state_esn->bmp_len);
diff |= memcmp (a->replay_state_esn, b->replay_state_esn, len);
}
}
else
{
if ((a->replay_state.oseq != b->replay_state.oseq) ||
(a->replay_state.seq != b->replay_state.seq) ||
(a->replay_state.bitmap != b->replay_state.bitmap))
diff |= 1;
}
}
}
#undef XFRM_AE_DIFF
return diff;
}
/**
* @name XFRM AE Attribute Translations
* @{
*/
static const struct trans_tbl ae_attrs[] =
{
__ADD(XFRM_AE_ATTR_DADDR, daddr)
__ADD(XFRM_AE_ATTR_SPI, spi)
__ADD(XFRM_AE_ATTR_PROTO, protocol)
__ADD(XFRM_AE_ATTR_SADDR, saddr)
__ADD(XFRM_AE_ATTR_FLAGS, flags)
__ADD(XFRM_AE_ATTR_REQID, reqid)
__ADD(XFRM_AE_ATTR_MARK, mark)
__ADD(XFRM_AE_ATTR_LIFETIME, cur_lifetime)
__ADD(XFRM_AE_ATTR_REPLAY_MAXAGE, replay_maxage)
__ADD(XFRM_AE_ATTR_REPLAY_MAXDIFF, replay_maxdiff)
__ADD(XFRM_AE_ATTR_REPLAY_STATE, replay_state)
};
static char* xfrm_ae_attrs2str (int attrs, char *buf, size_t len)
{
return __flags2str(attrs, buf, len, ae_attrs, ARRAY_SIZE(ae_attrs));
}
/** @} */
/**
* @name XFRM AE Flags Translations
* @{
*/
static const struct trans_tbl ae_flags[] = {
__ADD(XFRM_AE_UNSPEC, unspecified)
__ADD(XFRM_AE_RTHR, replay threshold)
__ADD(XFRM_AE_RVAL, replay value)
__ADD(XFRM_AE_LVAL, lifetime value)
__ADD(XFRM_AE_ETHR, expiry time threshold)
__ADD(XFRM_AE_CR, replay update event)
__ADD(XFRM_AE_CE, timer expiry event)
__ADD(XFRM_AE_CU, policy update event)
};
char* xfrmnl_ae_flags2str(int flags, char *buf, size_t len)
{
return __flags2str (flags, buf, len, ae_flags, ARRAY_SIZE(ae_flags));
}
int xfrmnl_ae_str2flag(const char *name)
{
return __str2flags(name, ae_flags, ARRAY_SIZE(ae_flags));
}
/** @} */
static void xfrm_ae_dump_line(struct nl_object *a, struct nl_dump_params *p)
{
char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
struct xfrmnl_ae* ae = (struct xfrmnl_ae *) a;
char flags[128], buf[128];
time_t add_time, use_time;
struct tm *add_time_tm, *use_time_tm;
nl_dump_line(p, "src %s dst %s \n", nl_addr2str(ae->saddr, src, sizeof(src)),
nl_addr2str(ae->sa_id.daddr, dst, sizeof(dst)));
nl_dump_line(p, "\tproto %s spi 0x%x reqid %u ",
nl_ip_proto2str (ae->sa_id.proto, buf, sizeof (buf)),
ae->sa_id.spi, ae->reqid);
xfrmnl_ae_flags2str(ae->flags, flags, sizeof (flags));
nl_dump_line(p, "flags %s(0x%x) mark mask/value 0x%x/0x%x \n", flags,
ae->flags, ae->mark.m, ae->mark.v);
nl_dump_line(p, "\tlifetime current: \n");
nl_dump_line(p, "\t\tbytes %llu packets %llu \n", ae->lifetime_cur.bytes,
ae->lifetime_cur.packets);
if (ae->lifetime_cur.add_time != 0)
{
add_time = ae->lifetime_cur.add_time;
add_time_tm = gmtime (&add_time);
strftime (flags, 128, "%Y-%m-%d %H-%M-%S", add_time_tm);
}
else
{
sprintf (flags, "%s", "-");
}
if (ae->lifetime_cur.use_time != 0)
{
use_time = ae->lifetime_cur.use_time;
use_time_tm = gmtime (&use_time);
strftime (buf, 128, "%Y-%m-%d %H-%M-%S", use_time_tm);
}
else
{
sprintf (buf, "%s", "-");
}
nl_dump_line(p, "\t\tadd_time: %s, use_time: %s\n", flags, buf);
nl_dump_line(p, "\treplay info: \n");
nl_dump_line(p, "\t\tmax age %u max diff %u \n", ae->replay_maxage, ae->replay_maxdiff);
nl_dump_line(p, "\treplay state info: \n");
if (ae->replay_state_esn)
{
nl_dump_line(p, "\t\toseq %u seq %u oseq_hi %u seq_hi %u replay window: %u \n",
ae->replay_state_esn->oseq, ae->replay_state_esn->seq,
ae->replay_state_esn->oseq_hi, ae->replay_state_esn->seq_hi,
ae->replay_state_esn->replay_window);
}
else
{
nl_dump_line(p, "\t\toseq %u seq %u bitmap: %u \n", ae->replay_state.oseq,
ae->replay_state.seq, ae->replay_state.bitmap);
}
nl_dump(p, "\n");
}
static void xfrm_ae_dump_details(struct nl_object *a, struct nl_dump_params *p)
{
xfrm_ae_dump_line(a, p);
}
static void xfrm_ae_dump_stats(struct nl_object *a, struct nl_dump_params *p)
{
xfrm_ae_dump_details(a, p);
}
static int build_xfrm_ae_message(struct xfrmnl_ae *tmpl, int cmd, int flags,
struct nl_msg **result)
{
struct nl_msg* msg;
struct xfrm_aevent_id ae_id;
if (!(tmpl->ce_mask & XFRM_AE_ATTR_DADDR) ||
!(tmpl->ce_mask & XFRM_AE_ATTR_SPI) ||
!(tmpl->ce_mask & XFRM_AE_ATTR_PROTO))
return -NLE_MISSING_ATTR;
memcpy (&ae_id.sa_id.daddr, nl_addr_get_binary_addr (tmpl->sa_id.daddr), sizeof (uint8_t) * nl_addr_get_len (tmpl->sa_id.daddr));
ae_id.sa_id.spi = htonl(tmpl->sa_id.spi);
ae_id.sa_id.family = tmpl->sa_id.family;
ae_id.sa_id.proto = tmpl->sa_id.proto;
if (tmpl->ce_mask & XFRM_AE_ATTR_SADDR)
memcpy (&ae_id.saddr, nl_addr_get_binary_addr (tmpl->saddr), sizeof (uint8_t) * nl_addr_get_len (tmpl->saddr));
if (tmpl->ce_mask & XFRM_AE_ATTR_FLAGS)
ae_id.flags = tmpl->flags;
if (tmpl->ce_mask & XFRM_AE_ATTR_REQID)
ae_id.reqid = tmpl->reqid;
msg = nlmsg_alloc_simple(cmd, flags);
if (!msg)
return -NLE_NOMEM;
if (nlmsg_append(msg, &ae_id, sizeof(ae_id), NLMSG_ALIGNTO) < 0)
goto nla_put_failure;
if (tmpl->ce_mask & XFRM_AE_ATTR_MARK)
NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrmnl_mark), &tmpl->mark);
if (tmpl->ce_mask & XFRM_AE_ATTR_LIFETIME)
NLA_PUT (msg, XFRMA_LTIME_VAL, sizeof (struct xfrmnl_lifetime_cur), &tmpl->lifetime_cur);
if (tmpl->ce_mask & XFRM_AE_ATTR_REPLAY_MAXAGE)
NLA_PUT_U32 (msg, XFRMA_ETIMER_THRESH, tmpl->replay_maxage);
if (tmpl->ce_mask & XFRM_AE_ATTR_REPLAY_MAXDIFF)
NLA_PUT_U32 (msg, XFRMA_REPLAY_THRESH, tmpl->replay_maxdiff);
if (tmpl->ce_mask & XFRM_AE_ATTR_REPLAY_STATE) {
if (tmpl->replay_state_esn) {
uint32_t len = sizeof (struct xfrm_replay_state_esn) + (sizeof (uint32_t) * tmpl->replay_state_esn->bmp_len);
NLA_PUT (msg, XFRMA_REPLAY_ESN_VAL, len, tmpl->replay_state_esn);
}
else {
NLA_PUT (msg, XFRMA_REPLAY_VAL, sizeof (struct xfrmnl_replay_state), &tmpl->replay_state);
}
}
*result = msg;
return 0;
nla_put_failure:
nlmsg_free(msg);
return -NLE_MSGSIZE;
}
/**
* @name XFRM AE Update
* @{
*/
int xfrmnl_ae_set(struct nl_sock* sk, struct xfrmnl_ae* ae, int flags)
{
int err;
struct nl_msg *msg;
if ((err = build_xfrm_ae_message(ae, XFRM_MSG_NEWAE, flags|NLM_F_REPLACE, &msg)) < 0)
return err;
err = nl_send_auto_complete(sk, msg);
nlmsg_free(msg);
if (err < 0)
return err;
return nl_wait_for_ack(sk);
}
/** @} */
/**
* @name XFRM AE Object Allocation/Freeage
* @{
*/
struct xfrmnl_ae* xfrmnl_ae_alloc(void)
{
return (struct xfrmnl_ae*) nl_object_alloc(&xfrm_ae_obj_ops);
}
void xfrmnl_ae_put(struct xfrmnl_ae* ae)
{
nl_object_put((struct nl_object *) ae);
}
/** @} */
static struct nla_policy xfrm_ae_policy[XFRMA_MAX+1] = {
[XFRMA_LTIME_VAL] = { .minlen = sizeof(struct xfrm_lifetime_cur) },
[XFRMA_REPLAY_VAL] = { .minlen = sizeof(struct xfrm_replay_state) },
[XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
[XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
[XFRMA_SRCADDR] = { .minlen = sizeof(xfrm_address_t) },
[XFRMA_MARK] = { .minlen = sizeof(struct xfrm_mark) },
[XFRMA_REPLAY_ESN_VAL] = { .minlen = sizeof(struct xfrm_replay_state_esn) },
};
int xfrmnl_ae_parse(struct nlmsghdr *n, struct xfrmnl_ae **result)
{
struct xfrmnl_ae* ae;
struct nlattr *tb[XFRMA_MAX + 1];
struct xfrm_aevent_id* ae_id;
int err;
ae = xfrmnl_ae_alloc();
if (!ae) {
err = -NLE_NOMEM;
goto errout;
}
ae->ce_msgtype = n->nlmsg_type;
ae_id = nlmsg_data(n);
err = nlmsg_parse(n, sizeof(struct xfrm_aevent_id), tb, XFRMA_MAX, xfrm_ae_policy);
if (err < 0)
goto errout;
ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr, sizeof (ae_id->sa_id.daddr));
ae->sa_id.family= ae_id->sa_id.family;
ae->sa_id.spi = ntohl(ae_id->sa_id.spi);
ae->sa_id.proto = ae_id->sa_id.proto;
ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr));
ae->reqid = ae_id->reqid;
ae->flags = ae_id->flags;
ae->ce_mask |= (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_FAMILY | XFRM_AE_ATTR_SPI |
XFRM_AE_ATTR_PROTO | XFRM_AE_ATTR_SADDR | XFRM_AE_ATTR_REQID |
XFRM_AE_ATTR_FLAGS);
if (tb[XFRMA_MARK]) {
struct xfrm_mark* m = nla_data(tb[XFRMA_MARK]);
ae->mark.m = m->m;
ae->mark.v = m->v;
ae->ce_mask |= XFRM_AE_ATTR_MARK;
}
if (tb[XFRMA_LTIME_VAL]) {
struct xfrm_lifetime_cur* cur = nla_data(tb[XFRMA_LTIME_VAL]);
ae->lifetime_cur.bytes = cur->bytes;
ae->lifetime_cur.packets = cur->packets;
ae->lifetime_cur.add_time = cur->add_time;
ae->lifetime_cur.use_time = cur->use_time;
ae->ce_mask |= XFRM_AE_ATTR_LIFETIME;
}
if (tb[XFRM_AE_ETHR]) {
ae->replay_maxage = *(uint32_t*)nla_data(tb[XFRM_AE_ETHR]);
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_MAXAGE;
}
if (tb[XFRM_AE_RTHR]) {
ae->replay_maxdiff = *(uint32_t*)nla_data(tb[XFRM_AE_RTHR]);
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_MAXDIFF;
}
if (tb[XFRMA_REPLAY_ESN_VAL]) {
struct xfrm_replay_state_esn* esn = nla_data (tb[XFRMA_REPLAY_ESN_VAL]);
uint32_t len = sizeof (struct xfrmnl_replay_state_esn) + (sizeof (uint32_t) * esn->bmp_len);
if ((ae->replay_state_esn = calloc (1, len)) == NULL)
goto errout;
ae->replay_state_esn->oseq = esn->oseq;
ae->replay_state_esn->seq = esn->seq;
ae->replay_state_esn->oseq_hi = esn->oseq_hi;
ae->replay_state_esn->seq_hi = esn->seq_hi;
ae->replay_state_esn->replay_window = esn->replay_window;
ae->replay_state_esn->bmp_len = esn->bmp_len;
memcpy (ae->replay_state_esn->bmp, esn->bmp, sizeof (uint32_t) * esn->bmp_len);
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_STATE;
}
else
{
struct xfrm_replay_state* replay_state = nla_data (tb[XFRMA_REPLAY_VAL]);
ae->replay_state.oseq = replay_state->oseq;
ae->replay_state.seq = replay_state->seq;
ae->replay_state.bitmap = replay_state->bitmap;
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_STATE;
ae->replay_state_esn = NULL;
}
*result = ae;
return 0;
errout:
xfrmnl_ae_put(ae);
return err;
}
static int xfrm_ae_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
struct nlmsghdr *n, struct nl_parser_param *pp)
{
struct xfrmnl_ae* ae;
int err;
if ((err = xfrmnl_ae_parse(n, &ae)) < 0)
return err;
err = pp->pp_cb((struct nl_object *) ae, pp);
xfrmnl_ae_put(ae);
return err;
}
/**
* @name XFRM AE Get
* @{
*/
int xfrmnl_ae_build_get_request(struct nl_addr* daddr, unsigned int spi, unsigned int protocol,
unsigned int mark_mask, unsigned int mark_value, struct nl_msg **result)
{
struct nl_msg *msg;
struct xfrm_aevent_id ae_id;
struct xfrmnl_mark mark;
if (!daddr || !spi)
{
fprintf(stderr, "APPLICATION BUG: %s:%d:%s: A valid destination address, spi must be specified\n",
__FILE__, __LINE__, __PRETTY_FUNCTION__);
assert(0);
return -NLE_MISSING_ATTR;
}
memset(&ae_id, 0, sizeof(ae_id));
memcpy (&ae_id.sa_id.daddr, nl_addr_get_binary_addr (daddr), sizeof (uint8_t) * nl_addr_get_len (daddr));
ae_id.sa_id.spi = htonl(spi);
ae_id.sa_id.family = nl_addr_get_family (daddr);
ae_id.sa_id.proto = protocol;
if (!(msg = nlmsg_alloc_simple(XFRM_MSG_GETAE, 0)))
return -NLE_NOMEM;
if (nlmsg_append(msg, &ae_id, sizeof(ae_id), NLMSG_ALIGNTO) < 0)
goto nla_put_failure;
mark.m = mark_mask;
mark.v = mark_value;
NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrmnl_mark), &mark);
*result = msg;
return 0;
nla_put_failure:
nlmsg_free(msg);
return -NLE_MSGSIZE;
}
int xfrmnl_ae_get_kernel(struct nl_sock* sock, struct nl_addr* daddr, unsigned int spi, unsigned int protocol,
unsigned int mark_mask, unsigned int mark_value, struct xfrmnl_ae** result)
{
struct nl_msg *msg = NULL;
struct nl_object *obj;
int err;
if ((err = xfrmnl_ae_build_get_request(daddr, spi, protocol, mark_mask, mark_value, &msg)) < 0)
return err;
err = nl_send_auto(sock, msg);
nlmsg_free(msg);
if (err < 0)
return err;
if ((err = nl_pickup(sock, &xfrm_ae_msg_parser, &obj)) < 0)
return err;
/* We have used xfrm_ae_msg_parser(), object is definitely a xfrm ae */
*result = (struct xfrmnl_ae *) obj;
/* If an object has been returned, we also need to wait for the ACK */
if (err == 0 && obj)
nl_wait_for_ack(sock);
return 0;
}
/** @} */
/**
* @name Attributes
* @{
*/
static inline int __assign_addr(struct xfrmnl_ae* ae, struct nl_addr **pos,
struct nl_addr *new, int flag, int nocheck)
{
if (!nocheck) {
if (ae->ce_mask & XFRM_AE_ATTR_FAMILY) {
if (nl_addr_get_family (new) != ae->sa_id.family)
return -NLE_AF_MISMATCH;
} else {
ae->sa_id.family = nl_addr_get_family (new);
ae->ce_mask |= XFRM_AE_ATTR_FAMILY;
}
}
if (*pos)
nl_addr_put(*pos);
nl_addr_get(new);
*pos = new;
ae->ce_mask |= flag;
return 0;
}
struct nl_addr* xfrmnl_ae_get_daddr (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_DADDR)
return ae->sa_id.daddr;
else
return NULL;
}
int xfrmnl_ae_set_daddr (struct xfrmnl_ae* ae, struct nl_addr* addr)
{
return __assign_addr(ae, &ae->sa_id.daddr, addr, XFRM_AE_ATTR_DADDR, 0);
}
int xfrmnl_ae_get_spi (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_SPI)
return ae->sa_id.spi;
else
return -1;
}
int xfrmnl_ae_set_spi (struct xfrmnl_ae* ae, unsigned int spi)
{
ae->sa_id.spi = spi;
ae->ce_mask |= XFRM_AE_ATTR_SPI;
return 0;
}
int xfrmnl_ae_get_family (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_FAMILY)
return ae->sa_id.family;
else
return -1;
}
int xfrmnl_ae_set_family (struct xfrmnl_ae* ae, unsigned int family)
{
ae->sa_id.family = family;
ae->ce_mask |= XFRM_AE_ATTR_FAMILY;
return 0;
}
int xfrmnl_ae_get_proto (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_PROTO)
return ae->sa_id.proto;
else
return -1;
}
int xfrmnl_ae_set_proto (struct xfrmnl_ae* ae, unsigned int protocol)
{
ae->sa_id.proto = protocol;
ae->ce_mask |= XFRM_AE_ATTR_PROTO;
return 0;
}
struct nl_addr* xfrmnl_ae_get_saddr (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_SADDR)
return ae->saddr;
else
return NULL;
}
int xfrmnl_ae_set_saddr (struct xfrmnl_ae* ae, struct nl_addr* addr)
{
return __assign_addr(ae, &ae->saddr, addr, XFRM_AE_ATTR_SADDR, 1);
}
int xfrmnl_ae_get_flags (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_FLAGS)
return ae->flags;
else
return -1;
}
int xfrmnl_ae_set_flags (struct xfrmnl_ae* ae, unsigned int flags)
{
ae->flags = flags;
ae->ce_mask |= XFRM_AE_ATTR_FLAGS;
return 0;
}
int xfrmnl_ae_get_reqid (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_REQID)
return ae->reqid;
else
return -1;
}
int xfrmnl_ae_set_reqid (struct xfrmnl_ae* ae, unsigned int reqid)
{
ae->reqid = reqid;
ae->ce_mask |= XFRM_AE_ATTR_REQID;
return 0;
}
int xfrmnl_ae_get_mark (struct xfrmnl_ae* ae, unsigned int* mark_mask, unsigned int* mark_value)
{
if (mark_mask == NULL || mark_value == NULL)
return -1;
if (ae->ce_mask & XFRM_AE_ATTR_MARK)
{
*mark_mask = ae->mark.m;
*mark_value = ae->mark.v;
return 0;
}
else
return -1;
}
int xfrmnl_ae_set_mark (struct xfrmnl_ae* ae, unsigned int value, unsigned int mask)
{
ae->mark.v = value;
ae->mark.m = mask;
ae->ce_mask |= XFRM_AE_ATTR_MARK;
return 0;
}
int xfrmnl_ae_get_curlifetime (struct xfrmnl_ae* ae, unsigned long long int* curr_bytes,
unsigned long long int* curr_packets, unsigned long long int* curr_add_time,
unsigned long long int* curr_use_time)
{
if (curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
return -1;
if (ae->ce_mask & XFRM_AE_ATTR_LIFETIME)
{
*curr_bytes = ae->lifetime_cur.bytes;
*curr_packets = ae->lifetime_cur.packets;
*curr_add_time = ae->lifetime_cur.add_time;
*curr_use_time = ae->lifetime_cur.use_time;
return 0;
}
else
return -1;
}
int xfrmnl_ae_set_curlifetime (struct xfrmnl_ae* ae, unsigned long long int curr_bytes,
unsigned long long int curr_packets, unsigned long long int curr_add_time,
unsigned long long int curr_use_time)
{
ae->lifetime_cur.bytes = curr_bytes;
ae->lifetime_cur.packets = curr_packets;
ae->lifetime_cur.add_time = curr_add_time;
ae->lifetime_cur.use_time = curr_use_time;
ae->ce_mask |= XFRM_AE_ATTR_LIFETIME;
return 0;
}
int xfrmnl_ae_get_replay_maxage (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_REPLAY_MAXAGE)
return ae->replay_maxage;
else
return -1;
}
int xfrmnl_ae_set_replay_maxage (struct xfrmnl_ae* ae, unsigned int replay_maxage)
{
ae->replay_maxage = replay_maxage;
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_MAXAGE;
return 0;
}
int xfrmnl_ae_get_replay_maxdiff (struct xfrmnl_ae* ae)
{
if (ae->ce_mask & XFRM_AE_ATTR_REPLAY_MAXDIFF)
return ae->replay_maxdiff;
else
return -1;
}
int xfrmnl_ae_set_replay_maxdiff (struct xfrmnl_ae* ae, unsigned int replay_maxdiff)
{
ae->replay_maxdiff = replay_maxdiff;
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_MAXDIFF;
return 0;
}
int xfrmnl_ae_get_replay_state (struct xfrmnl_ae* ae, unsigned int* oseq, unsigned int* seq, unsigned int* bmp)
{
if (ae->ce_mask & XFRM_AE_ATTR_REPLAY_STATE)
{
if (ae->replay_state_esn == NULL)
{
*oseq = ae->replay_state.oseq;
*seq = ae->replay_state.seq;
*bmp = ae->replay_state.bitmap;
return 0;
}
else
{
return -1;
}
}
else
return -1;
}
int xfrmnl_ae_set_replay_state (struct xfrmnl_ae* ae, unsigned int oseq, unsigned int seq, unsigned int bitmap)
{
ae->replay_state.oseq = oseq;
ae->replay_state.seq = seq;
ae->replay_state.bitmap = bitmap;
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_STATE;
return 0;
}
int xfrmnl_ae_get_replay_state_esn(struct xfrmnl_ae* ae, unsigned int* oseq, unsigned int* seq, unsigned int* oseq_hi,
unsigned int* seq_hi, unsigned int* replay_window, unsigned int* bmp_len, unsigned int* bmp)
{
if (ae->ce_mask & XFRM_AE_ATTR_REPLAY_STATE)
{
if (ae->replay_state_esn)
{
*oseq = ae->replay_state_esn->oseq;
*seq = ae->replay_state_esn->seq;
*oseq_hi= ae->replay_state_esn->oseq_hi;
*seq_hi = ae->replay_state_esn->seq_hi;
*replay_window = ae->replay_state_esn->replay_window;
*bmp_len = ae->replay_state_esn->bmp_len; // In number of 32 bit words
memcpy (bmp, ae->replay_state_esn->bmp, ae->replay_state_esn->bmp_len * sizeof (uint32_t));
return 0;
}
else
{
return -1;
}
}
else
return -1;
}
int xfrmnl_ae_set_replay_state_esn(struct xfrmnl_ae* ae, unsigned int oseq, unsigned int seq,
unsigned int oseq_hi, unsigned int seq_hi, unsigned int replay_window,
unsigned int bmp_len, unsigned int* bmp)
{
/* Free the old replay ESN state and allocate new one */
if (ae->replay_state_esn)
free (ae->replay_state_esn);
if ((ae->replay_state_esn = calloc (1, sizeof (struct xfrmnl_replay_state_esn) + sizeof (uint32_t) * bmp_len)) == NULL)
return -1;
ae->replay_state_esn->oseq = oseq;
ae->replay_state_esn->seq = seq;
ae->replay_state_esn->oseq_hi = oseq_hi;
ae->replay_state_esn->seq_hi = seq_hi;
ae->replay_state_esn->replay_window = replay_window;
ae->replay_state_esn->bmp_len = bmp_len; // In number of 32 bit words
memcpy (ae->replay_state_esn->bmp, bmp, bmp_len * sizeof (uint32_t));
ae->ce_mask |= XFRM_AE_ATTR_REPLAY_STATE;
return 0;
}
/** @} */
static struct nl_object_ops xfrm_ae_obj_ops = {
.oo_name = "xfrm/ae",
.oo_size = sizeof(struct xfrmnl_ae),
.oo_free_data = xfrm_ae_free_data,
.oo_clone = xfrm_ae_clone,
.oo_dump = {
[NL_DUMP_LINE] = xfrm_ae_dump_line,
[NL_DUMP_DETAILS] = xfrm_ae_dump_details,
[NL_DUMP_STATS] = xfrm_ae_dump_stats,
},
.oo_compare = xfrm_ae_compare,
.oo_attrs2str = xfrm_ae_attrs2str,
.oo_id_attrs = (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_SPI | XFRM_AE_ATTR_PROTO),
};

273
lib/xfrm/lifetime.c Normal file
View File

@ -0,0 +1,273 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* @ingroup xfrmnl
* @defgroup XFRM Lifetime Configuration Object
*
* Abstract data type representing XFRM SA lifetime properties
*
* @{
*
* Header
* ------
* ~~~~{.c}
* #include <netlink/xfrm/lifetime.h>
* ~~~~
*/
#include <netlink-private/netlink.h>
static void ltime_cfg_destroy(struct xfrmnl_ltime_cfg* ltime)
{
if (!ltime)
return;
if (ltime->refcnt != 1)
{
fprintf(stderr, "BUG: %s:%d\n", __FILE__, __LINE__);
assert(0);
}
free(ltime);
}
/**
* @name Creating Selector
* @{
*/
/**
* Allocate new lifetime config object.
* @return Newly allocated lifetime config object or NULL
*/
struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_alloc()
{
struct xfrmnl_ltime_cfg* ltime;
ltime = calloc(1, sizeof(struct xfrmnl_ltime_cfg));
if (!ltime)
return NULL;
ltime->refcnt = 1;
return ltime;
}
/**
* Clone existing lifetime config object.
* @arg ltime Selector object.
* @return Newly allocated lifetime config object being a duplicate of the
* specified lifetime config object or NULL if a failure occured.
*/
struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg* ltime)
{
struct xfrmnl_ltime_cfg* new;
new = xfrmnl_ltime_cfg_alloc();
if (new)
memcpy ((void*)new, (void*)ltime, sizeof (struct xfrmnl_ltime_cfg));
return new;
}
/** @} */
/**
* @name Managing Usage References
* @{
*/
struct xfrmnl_ltime_cfg* xfrmnl_ltime_cfg_get(struct xfrmnl_ltime_cfg* ltime)
{
ltime->refcnt++;
return ltime;
}
void xfrmnl_ltime_cfg_put(struct xfrmnl_ltime_cfg* ltime)
{
if (!ltime)
return;
if (ltime->refcnt == 1)
ltime_cfg_destroy(ltime);
else
ltime->refcnt--;
}
/**
* Check whether an lifetime config object is shared.
* @arg addr Selector object.
* @return Non-zero if the lifetime config object is shared, otherwise 0.
*/
int xfrmnl_ltime_cfg_shared(struct xfrmnl_ltime_cfg* ltime)
{
return ltime->refcnt > 1;
}
/** @} */
/**
* @name Miscellaneous
* @{
*/
/**
* Compares two lifetime config objects.
* @arg a A lifetime config object.
* @arg b Another lifetime config object.
*
* @return Non zero if difference is found, 0 otherwise if both
* the objects are identical.
*/
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg* a, struct xfrmnl_ltime_cfg* b)
{
/* Check for any differences */
if ((a->soft_byte_limit != b->soft_byte_limit) ||
(a->soft_packet_limit != b->soft_packet_limit) ||
(a->hard_byte_limit != b->hard_byte_limit) ||
(a->hard_packet_limit != b->hard_packet_limit) ||
(a->soft_add_expires_seconds != b->soft_add_expires_seconds) ||
(a->hard_add_expires_seconds != b->hard_add_expires_seconds) ||
(a->soft_use_expires_seconds != b->soft_use_expires_seconds) ||
(a->hard_use_expires_seconds != b->hard_use_expires_seconds))
return 1;
/* The objects are identical */
return 0;
}
/** @} */
/**
* @name Attributes
* @{
*/
unsigned long long xfrmnl_ltime_cfg_get_soft_bytelimit (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->soft_byte_limit;
}
int xfrmnl_ltime_cfg_set_soft_bytelimit (struct xfrmnl_ltime_cfg* ltime, unsigned long long soft_byte_limit)
{
ltime->soft_byte_limit = soft_byte_limit;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_hard_bytelimit (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->hard_byte_limit;
}
int xfrmnl_ltime_cfg_set_hard_bytelimit (struct xfrmnl_ltime_cfg* ltime, unsigned long long hard_byte_limit)
{
ltime->hard_byte_limit = hard_byte_limit;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_soft_packetlimit (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->soft_packet_limit;
}
int xfrmnl_ltime_cfg_set_soft_packetlimit (struct xfrmnl_ltime_cfg* ltime, unsigned long long soft_packet_limit)
{
ltime->soft_packet_limit = soft_packet_limit;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_hard_packetlimit (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->hard_packet_limit;
}
int xfrmnl_ltime_cfg_set_hard_packetlimit (struct xfrmnl_ltime_cfg* ltime, unsigned long long hard_packet_limit)
{
ltime->hard_packet_limit = hard_packet_limit;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_soft_addexpires (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->soft_add_expires_seconds;
}
int xfrmnl_ltime_cfg_set_soft_addexpires (struct xfrmnl_ltime_cfg* ltime, unsigned long long soft_add_expires_seconds)
{
ltime->soft_add_expires_seconds = soft_add_expires_seconds;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_hard_addexpires (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->hard_add_expires_seconds;
}
int xfrmnl_ltime_cfg_set_hard_addexpires (struct xfrmnl_ltime_cfg* ltime, unsigned long long hard_add_expires_seconds)
{
ltime->hard_add_expires_seconds = hard_add_expires_seconds;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_soft_useexpires (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->soft_use_expires_seconds;
}
int xfrmnl_ltime_cfg_set_soft_useexpires (struct xfrmnl_ltime_cfg* ltime, unsigned long long soft_use_expires_seconds)
{
ltime->soft_use_expires_seconds = soft_use_expires_seconds;
return 0;
}
unsigned long long xfrmnl_ltime_cfg_get_hard_useexpires (struct xfrmnl_ltime_cfg* ltime)
{
return ltime->hard_use_expires_seconds;
}
int xfrmnl_ltime_cfg_set_hard_useexpires (struct xfrmnl_ltime_cfg* ltime, unsigned long long hard_use_expires_seconds)
{
ltime->hard_use_expires_seconds = hard_use_expires_seconds;
return 0;
}
/** @} */

2075
lib/xfrm/sa.c Normal file
View File

File diff suppressed because it is too large Load Diff

350
lib/xfrm/selector.c Normal file
View File

@ -0,0 +1,350 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* @ingroup xfrmnl
* @defgroup XFRM Address Selector
*
* Abstract data type representing XFRM SA/SP selector properties
*
* @{
*
* Header
* ------
* ~~~~{.c}
* #include <netlink/xfrm/selector.h>
* ~~~~
*/
#include <netlink-private/netlink.h>
static void sel_destroy(struct xfrmnl_sel* sel)
{
if (!sel)
return;
if (sel->refcnt != 1)
{
fprintf(stderr, "BUG: %s:%d\n", __FILE__, __LINE__);
assert(0);
}
nl_addr_put (sel->daddr);
nl_addr_put (sel->saddr);
free(sel);
}
/**
* @name Creating Selector
* @{
*/
/**
* Allocate new selector object.
* @return Newly allocated selector object or NULL
*/
struct xfrmnl_sel* xfrmnl_sel_alloc()
{
struct xfrmnl_sel* sel;
sel = calloc(1, sizeof(struct xfrmnl_sel));
if (!sel)
return NULL;
sel->refcnt = 1;
return sel;
}
/**
* Clone existing selector object.
* @arg sel Selector object.
* @return Newly allocated selector object being a duplicate of the
* specified selector object or NULL if a failure occured.
*/
struct xfrmnl_sel* xfrmnl_sel_clone(struct xfrmnl_sel* sel)
{
struct xfrmnl_sel* new;
new = xfrmnl_sel_alloc();
if (new)
memcpy ((void*)new, (void*)sel, sizeof (struct xfrmnl_sel));
new->daddr = nl_addr_clone(sel->daddr);
new->saddr = nl_addr_clone(sel->saddr);
return new;
}
/** @} */
/**
* @name Managing Usage References
* @{
*/
struct xfrmnl_sel* xfrmnl_sel_get(struct xfrmnl_sel* sel)
{
sel->refcnt++;
return sel;
}
void xfrmnl_sel_put(struct xfrmnl_sel* sel)
{
if (!sel)
return;
if (sel->refcnt == 1)
sel_destroy(sel);
else
sel->refcnt--;
}
/**
* Check whether an selector object is shared.
* @arg addr Selector object.
* @return Non-zero if the selector object is shared, otherwise 0.
*/
int xfrmnl_sel_shared(struct xfrmnl_sel* sel)
{
return sel->refcnt > 1;
}
/** @} */
/**
* @name Miscellaneous
* @{
*/
/**
* Compares two selector objects.
* @arg a A selector object.
* @arg b Another selector object.
*
* @return Non zero if difference is found, 0 otherwise if both
* the objects are identical.
*/
int xfrmnl_sel_cmp(struct xfrmnl_sel* a, struct xfrmnl_sel* b)
{
/* Check for any differences */
if ((nl_addr_cmp_prefix (a->daddr, b->daddr) != 0) ||
(nl_addr_cmp_prefix (a->saddr, b->saddr) != 0) ||
((a->sport & a->sport_mask) != (b->sport & b->sport_mask)) ||
((a->dport & a->dport_mask) != (b->dport & b->dport_mask)) ||
(a->family != b->family) ||
(a->proto && (a->proto != b->proto)) ||
(a->ifindex && a->ifindex != b->ifindex) ||
(a->user != b->user))
return 1;
/* The objects are identical */
return 0;
}
void xfrmnl_sel_dump(struct xfrmnl_sel* sel, struct nl_dump_params *p)
{
char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
char buf [128];
nl_dump_line(p, "\t\tsrc %s dst %s family: %s\n", nl_addr2str(sel->saddr, src, sizeof(src)),
nl_addr2str (sel->daddr, dst, sizeof (dst)), nl_af2str (sel->family, buf, 128));
nl_dump_line (p, "\t\tsrc port/mask: %d/%d dst port/mask: %d/%d\n",
sel->dport, sel->dport_mask, sel->sport, sel->sport_mask);
nl_dump_line (p, "\t\tprotocol: %s ifindex: %u user: %u\n",
nl_ip_proto2str (sel->proto, buf, sizeof(buf)), sel->ifindex, sel->user);
return;
}
/** @} */
/**
* @name Attributes
* @{
*/
struct nl_addr* xfrmnl_sel_get_daddr (struct xfrmnl_sel* sel)
{
return sel->daddr;
}
int xfrmnl_sel_set_daddr (struct xfrmnl_sel* sel, struct nl_addr* addr)
{
/* Increment reference counter on this to keep this address
* object around while selector in use */
nl_addr_get(addr);
sel->daddr = addr;
return 0;
}
struct nl_addr* xfrmnl_sel_get_saddr (struct xfrmnl_sel* sel)
{
return sel->saddr;
}
int xfrmnl_sel_set_saddr (struct xfrmnl_sel* sel, struct nl_addr* addr)
{
/* Increment reference counter on this to keep this address
* object around while selector in use */
nl_addr_get(addr);
sel->saddr = addr;
return 0;
}
int xfrmnl_sel_get_dport (struct xfrmnl_sel* sel)
{
return sel->dport;
}
int xfrmnl_sel_set_dport (struct xfrmnl_sel* sel, unsigned int dport)
{
sel->dport = dport;
return 0;
}
int xfrmnl_sel_get_dportmask (struct xfrmnl_sel* sel)
{
return sel->dport_mask;
}
int xfrmnl_sel_set_dportmask (struct xfrmnl_sel* sel, unsigned int dport_mask)
{
sel->dport_mask = dport_mask;
return 0;
}
int xfrmnl_sel_get_sport (struct xfrmnl_sel* sel)
{
return sel->sport;
}
int xfrmnl_sel_set_sport (struct xfrmnl_sel* sel, unsigned int sport)
{
sel->sport = sport;
return 0;
}
int xfrmnl_sel_get_sportmask (struct xfrmnl_sel* sel)
{
return sel->sport_mask;
}
int xfrmnl_sel_set_sportmask (struct xfrmnl_sel* sel, unsigned int sport_mask)
{
sel->sport_mask = sport_mask;
return 0;
}
int xfrmnl_sel_get_family(struct xfrmnl_sel *sel)
{
return sel->family;
}
int xfrmnl_sel_set_family(struct xfrmnl_sel *sel, int family)
{
sel->family = family;
return 0;
}
int xfrmnl_sel_get_prefixlen_d (struct xfrmnl_sel* sel)
{
return sel->prefixlen_d;
}
int xfrmnl_sel_set_prefixlen_d (struct xfrmnl_sel* sel, unsigned int prefixlen)
{
sel->prefixlen_d = prefixlen;
return 0;
}
int xfrmnl_sel_get_prefixlen_s (struct xfrmnl_sel* sel)
{
return sel->prefixlen_s;
}
int xfrmnl_sel_set_prefixlen_s (struct xfrmnl_sel* sel, unsigned int prefixlen)
{
sel->prefixlen_s = prefixlen;
return 0;
}
int xfrmnl_sel_get_proto (struct xfrmnl_sel* sel)
{
return sel->proto;
}
int xfrmnl_sel_set_proto (struct xfrmnl_sel* sel, unsigned int protocol)
{
sel->proto = protocol;
return 0;
}
int xfrmnl_sel_get_ifindex (struct xfrmnl_sel* sel)
{
return sel->ifindex;
}
int xfrmnl_sel_set_ifindex (struct xfrmnl_sel* sel, unsigned int ifindex)
{
sel->ifindex = ifindex;
return 0;
}
int xfrmnl_sel_get_userid (struct xfrmnl_sel* sel)
{
return sel->user;
}
int xfrmnl_sel_set_userid (struct xfrmnl_sel* sel, unsigned int userid)
{
sel->user = userid;
return 0;
}
/** @} */

1369
lib/xfrm/sp.c Normal file
View File

File diff suppressed because it is too large Load Diff

338
lib/xfrm/template.c Normal file
View File

@ -0,0 +1,338 @@
/*
* Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the
* distribution.
*
* Neither the name of Texas Instruments Incorporated nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* @ingroup xfrmnl
* @defgroup XFRM User Template Object
*
* Abstract data type representing XFRM SA properties
*
* @{
*
* Header
* ------
* ~~~~{.c}
* #include <netlink/xfrm/template.h>
* ~~~~
*/
#include <netlink-private/netlink.h>
void xfrmnl_user_tmpl_free(struct xfrmnl_user_tmpl* utmpl)
{
if (!utmpl)
return;
nl_addr_put (utmpl->id.daddr);
nl_addr_put (utmpl->saddr);
free(utmpl);
}
/**
* @name Creating User Template Object
* @{
*/
/**
* Allocate new user template object.
* @return Newly allocated user template object or NULL
*/
struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_alloc()
{
struct xfrmnl_user_tmpl* utmpl;
utmpl = calloc(1, sizeof(struct xfrmnl_user_tmpl));
if (!utmpl)
return NULL;
nl_init_list_head(&utmpl->utmpl_list);
return utmpl;
}
/**
* Clone existing user template object.
* @arg utmpl Selector object.
* @return Newly allocated user template object being a duplicate of the
* specified user template object or NULL if a failure occured.
*/
struct xfrmnl_user_tmpl* xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl* utmpl)
{
struct xfrmnl_user_tmpl* new;
new = xfrmnl_user_tmpl_alloc();
if (new)
memcpy ((void*)new, (void*)utmpl, sizeof (struct xfrmnl_user_tmpl));
new->id.daddr = nl_addr_clone (utmpl->id.daddr);
new->saddr = nl_addr_clone (utmpl->saddr);
return new;
}
/** @} */
/**
* @name XFRM Template Mode Translations
* @{
*/
static const struct trans_tbl tmpl_modes[] = {
__ADD(XFRM_MODE_TRANSPORT, transport)
__ADD(XFRM_MODE_TUNNEL, tunnel)
__ADD(XFRM_MODE_ROUTEOPTIMIZATION, route optimization)
__ADD(XFRM_MODE_IN_TRIGGER, in trigger)
__ADD(XFRM_MODE_BEET, beet)
};
char* xfrmnl_user_tmpl_mode2str(int mode, char *buf, size_t len)
{
return __type2str (mode, buf, len, tmpl_modes, ARRAY_SIZE(tmpl_modes));
}
int xfrmnl_user_tmpl_str2mode(const char *name)
{
return __str2type (name, tmpl_modes, ARRAY_SIZE(tmpl_modes));
}
/** @} */
/**
* @name Miscellaneous
* @{
*/
/**
* Compares two user template objects.
* @arg a A user template object.
* @arg b Another user template object.
*
* @return Non zero if difference is found, 0 otherwise if both
* the objects are identical.
*/
int xfrmnl_user_tmpl_cmp(struct xfrmnl_user_tmpl* a, struct xfrmnl_user_tmpl* b)
{
/* Check for any differences */
if ((nl_addr_cmp_prefix (a->id.daddr, b->id.daddr) != 0) ||
(a->id.spi != b->id.spi) ||
(a->id.proto && (a->id.proto != b->id.proto)) ||
(nl_addr_cmp_prefix (a->saddr, b->saddr) != 0) ||
(a->family != b->family) ||
(a->reqid != b->reqid) ||
(a->mode != b->mode) ||
(a->share != b->share) ||
(a->aalgos != b->aalgos) ||
(a->ealgos != b->ealgos) ||
(a->calgos != b->calgos))
return 1;
/* The objects are identical */
return 0;
}
void xfrmnl_user_tmpl_dump(struct xfrmnl_user_tmpl* tmpl, struct nl_dump_params *p)
{
char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
char buf [128];
nl_dump_line(p, "\t\tsrc %s dst %s family: %s \n",
nl_addr2str(tmpl->saddr, src, sizeof(src)),
nl_addr2str (tmpl->id.daddr, dst, sizeof (dst)),
nl_af2str (tmpl->family, buf, 128));
nl_dump_line (p, "\t\tprotocol: %s spi: 0x%x reqid: %u mode: %s\n",
nl_ip_proto2str (tmpl->id.proto, buf, sizeof(buf)),
tmpl->id.spi, tmpl->reqid,
xfrmnl_user_tmpl_mode2str (tmpl->mode, buf, 128));
nl_dump_line (p, "\t\tAuth Algo: 0x%x Crypto Algo: 0x%x Compr Algo: 0x%x\n",
tmpl->aalgos, tmpl->ealgos, tmpl->calgos);
return;
}
/** @} */
/**
* @name Attributes
* @{
*/
struct nl_addr* xfrmnl_user_tmpl_get_daddr (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->id.daddr;
}
int xfrmnl_user_tmpl_set_daddr (struct xfrmnl_user_tmpl* utmpl, struct nl_addr* addr)
{
/* Increment reference counter on this to keep this address
* object around while user template in use */
nl_addr_get(addr);
utmpl->id.daddr = addr;
return 0;
}
int xfrmnl_user_tmpl_get_spi (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->id.spi;
}
int xfrmnl_user_tmpl_set_spi (struct xfrmnl_user_tmpl* utmpl, unsigned int spi)
{
utmpl->id.spi = spi;
return 0;
}
int xfrmnl_user_tmpl_get_proto (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->id.proto;
}
int xfrmnl_user_tmpl_set_proto (struct xfrmnl_user_tmpl* utmpl, unsigned int protocol)
{
utmpl->id.proto = protocol;
return 0;
}
int xfrmnl_user_tmpl_get_family(struct xfrmnl_user_tmpl *utmpl)
{
return utmpl->family;
}
int xfrmnl_user_tmpl_set_family(struct xfrmnl_user_tmpl *utmpl, int family)
{
utmpl->family = family;
return 0;
}
struct nl_addr* xfrmnl_user_tmpl_get_saddr (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->saddr;
}
int xfrmnl_user_tmpl_set_saddr (struct xfrmnl_user_tmpl* utmpl, struct nl_addr* addr)
{
/* Increment reference counter on this to keep this address
* object around while user template in use */
nl_addr_get(addr);
utmpl->saddr = addr;
return 0;
}
int xfrmnl_user_tmpl_get_reqid (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->reqid;
}
int xfrmnl_user_tmpl_set_reqid (struct xfrmnl_user_tmpl* utmpl, unsigned int reqid)
{
utmpl->reqid = reqid;
return 0;
}
int xfrmnl_user_tmpl_get_mode (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->mode;
}
int xfrmnl_user_tmpl_set_mode (struct xfrmnl_user_tmpl* utmpl, unsigned int mode)
{
utmpl->mode = mode;
return 0;
}
int xfrmnl_user_tmpl_get_share (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->share;
}
int xfrmnl_user_tmpl_set_share (struct xfrmnl_user_tmpl* utmpl, unsigned int share)
{
utmpl->share = share;
return 0;
}
int xfrmnl_user_tmpl_get_optional (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->optional;
}
int xfrmnl_user_tmpl_set_optional (struct xfrmnl_user_tmpl* utmpl, unsigned int optional)
{
utmpl->optional = optional;
return 0;
}
int xfrmnl_user_tmpl_get_aalgos (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->aalgos;
}
int xfrmnl_user_tmpl_set_aalgos (struct xfrmnl_user_tmpl* utmpl, unsigned int aalgos)
{
utmpl->aalgos = aalgos;
return 0;
}
int xfrmnl_user_tmpl_get_ealgos (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->ealgos;
}
int xfrmnl_user_tmpl_set_ealgos (struct xfrmnl_user_tmpl* utmpl, unsigned int ealgos)
{
utmpl->ealgos = ealgos;
return 0;
}
int xfrmnl_user_tmpl_get_calgos (struct xfrmnl_user_tmpl* utmpl)
{
return utmpl->calgos;
}
int xfrmnl_user_tmpl_set_calgos (struct xfrmnl_user_tmpl* utmpl, unsigned int calgos)
{
utmpl->calgos = calgos;
return 0;
}
/** @} */

11
libnl-xfrm-3.0.pc.in Normal file
View File

@ -0,0 +1,11 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: libnl-xfrm
Description: Netlink Routing Family Library
Version: @PACKAGE_VERSION@
Requires: libnl-3.0
Libs: -L${libdir} -lnl-xfrm-@MAJ_VERSION@
Cflags: -I${includedir}/libnl@MAJ_VERSION@