libnl  3.5.0
sp.c
1 /* SPDX-License-Identifier: LGPL-2.1-only */
2 /*
3  * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
4  *
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the
16  * distribution.
17  *
18  * Neither the name of Texas Instruments Incorporated nor the names of
19  * its contributors may be used to endorse or promote products derived
20  * from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  *
34  */
35 
36 /**
37  * @ingroup xfrmnl
38  * @defgroup sp Security Policy
39  * @brief
40  */
41 
42 #include <netlink-private/netlink.h>
43 #include <netlink/netlink.h>
44 #include <netlink/cache.h>
45 #include <netlink/object.h>
46 #include <netlink/xfrm/selector.h>
47 #include <netlink/xfrm/lifetime.h>
48 #include <netlink/xfrm/template.h>
49 #include <netlink/xfrm/sp.h>
50 
51 /** @cond SKIP */
52 #define XFRM_SP_ATTR_SEL 0x01
53 #define XFRM_SP_ATTR_LTIME_CFG 0x02
54 #define XFRM_SP_ATTR_LTIME_CUR 0x04
55 #define XFRM_SP_ATTR_PRIO 0x08
56 #define XFRM_SP_ATTR_INDEX 0x10
57 #define XFRM_SP_ATTR_DIR 0x20
58 #define XFRM_SP_ATTR_ACTION 0x40
59 #define XFRM_SP_ATTR_FLAGS 0x80
60 #define XFRM_SP_ATTR_SHARE 0x100
61 #define XFRM_SP_ATTR_POLTYPE 0x200
62 #define XFRM_SP_ATTR_SECCTX 0x400
63 #define XFRM_SP_ATTR_TMPL 0x800
64 #define XFRM_SP_ATTR_MARK 0x1000
65 
66 static struct nl_cache_ops xfrmnl_sp_ops;
67 static struct nl_object_ops xfrm_sp_obj_ops;
68 /** @endcond */
69 
70 static void xfrm_sp_alloc_data(struct nl_object *c)
71 {
72  struct xfrmnl_sp* sp = nl_object_priv (c);
73 
74  if ((sp->sel = xfrmnl_sel_alloc ()) == NULL)
75  return;
76 
77  if ((sp->lft = xfrmnl_ltime_cfg_alloc ()) == NULL)
78  return;
79 
80  nl_init_list_head(&sp->usertmpl_list);
81 
82  return;
83 }
84 
85 static void xfrm_sp_free_data(struct nl_object *c)
86 {
87  struct xfrmnl_sp* sp = nl_object_priv (c);
88  struct xfrmnl_user_tmpl *utmpl, *tmp;
89 
90  if (sp == NULL)
91  return;
92 
93  xfrmnl_sel_put (sp->sel);
94  xfrmnl_ltime_cfg_put (sp->lft);
95 
96  if(sp->sec_ctx)
97  {
98  free (sp->sec_ctx);
99  }
100 
101  nl_list_for_each_entry_safe(utmpl, tmp, &sp->usertmpl_list, utmpl_list) {
102  xfrmnl_sp_remove_usertemplate (sp, utmpl);
103  xfrmnl_user_tmpl_free (utmpl);
104  }
105 }
106 
107 static int xfrm_sp_clone(struct nl_object *_dst, struct nl_object *_src)
108 {
109  struct xfrmnl_sp* dst = nl_object_priv(_dst);
110  struct xfrmnl_sp* src = nl_object_priv(_src);
111  uint32_t len = 0;
112  struct xfrmnl_user_tmpl *utmpl, *new;
113 
114  if (src->sel)
115  if ((dst->sel = xfrmnl_sel_clone (src->sel)) == NULL)
116  return -NLE_NOMEM;
117 
118  if (src->lft)
119  if ((dst->lft = xfrmnl_ltime_cfg_clone (src->lft)) == NULL)
120  return -NLE_NOMEM;
121 
122  if(src->sec_ctx)
123  {
124  len = sizeof (struct xfrmnl_user_sec_ctx) + src->sec_ctx->ctx_len;
125  if ((dst->sec_ctx = calloc (1, len)) == NULL)
126  return -NLE_NOMEM;
127  memcpy ((void *)dst->sec_ctx, (void *)src->sec_ctx, len);
128  }
129 
130  nl_init_list_head(&dst->usertmpl_list);
131  nl_list_for_each_entry(utmpl, &src->usertmpl_list, utmpl_list) {
132  new = xfrmnl_user_tmpl_clone (utmpl);
133  if (!new)
134  return -NLE_NOMEM;
135 
136  xfrmnl_sp_add_usertemplate(dst, new);
137  }
138 
139  return 0;
140 }
141 
142 static uint64_t xfrm_sp_compare(struct nl_object *_a, struct nl_object *_b,
143  uint64_t attrs, int flags)
144 {
145  struct xfrmnl_sp* a = (struct xfrmnl_sp *) _a;
146  struct xfrmnl_sp* b = (struct xfrmnl_sp *) _b;
147  struct xfrmnl_user_tmpl *tmpl_a, *tmpl_b;
148  uint64_t diff = 0;
149 
150 #define XFRM_SP_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, XFRM_SP_ATTR_##ATTR, a, b, EXPR)
151  diff |= XFRM_SP_DIFF(SEL, xfrmnl_sel_cmp(a->sel, b->sel));
152  diff |= XFRM_SP_DIFF(LTIME_CFG, xfrmnl_ltime_cfg_cmp(a->lft, b->lft));
153  diff |= XFRM_SP_DIFF(PRIO, a->priority != b->priority);
154  diff |= XFRM_SP_DIFF(INDEX, a->index != b->index);
155  diff |= XFRM_SP_DIFF(DIR, a->dir != b->dir);
156  diff |= XFRM_SP_DIFF(ACTION, a->action != b->action);
157  diff |= XFRM_SP_DIFF(FLAGS, a->flags != b->flags);
158  diff |= XFRM_SP_DIFF(SHARE, a->share != b->share);
159  diff |= XFRM_SP_DIFF(SECCTX,((a->sec_ctx->len != b->sec_ctx->len) ||
160  (a->sec_ctx->exttype != b->sec_ctx->exttype) ||
161  (a->sec_ctx->ctx_alg != b->sec_ctx->ctx_alg) ||
162  (a->sec_ctx->ctx_doi != b->sec_ctx->ctx_doi) ||
163  (a->sec_ctx->ctx_len != b->sec_ctx->ctx_len) ||
164  strcmp(a->sec_ctx->ctx, b->sec_ctx->ctx)));
165  diff |= XFRM_SP_DIFF(POLTYPE,(a->uptype.type != b->uptype.type));
166  diff |= XFRM_SP_DIFF(TMPL,(a->nr_user_tmpl != b->nr_user_tmpl));
167  diff |= XFRM_SP_DIFF(MARK,(a->mark.m != b->mark.m) ||
168  (a->mark.v != b->mark.v));
169 
170  /* Compare the templates */
171  nl_list_for_each_entry(tmpl_b, &b->usertmpl_list, utmpl_list)
172  nl_list_for_each_entry(tmpl_a, &a->usertmpl_list, utmpl_list)
173  diff |= xfrmnl_user_tmpl_cmp (tmpl_a, tmpl_b);
174 #undef XFRM_SP_DIFF
175 
176  return diff;
177 }
178 
179 /**
180  * @name XFRM SP Attribute Translations
181  * @{
182  */
183 static const struct trans_tbl sp_attrs[] = {
184  __ADD(XFRM_SP_ATTR_SEL, selector),
185  __ADD(XFRM_SP_ATTR_LTIME_CFG, lifetime_cfg),
186  __ADD(XFRM_SP_ATTR_LTIME_CUR, lifetime_cur),
187  __ADD(XFRM_SP_ATTR_PRIO, priority),
188  __ADD(XFRM_SP_ATTR_INDEX, index),
189  __ADD(XFRM_SP_ATTR_DIR, direction),
190  __ADD(XFRM_SP_ATTR_ACTION, action),
191  __ADD(XFRM_SP_ATTR_FLAGS, flags),
192  __ADD(XFRM_SP_ATTR_SHARE, share),
193  __ADD(XFRM_SP_ATTR_POLTYPE, policy_type),
194  __ADD(XFRM_SP_ATTR_SECCTX, security_context),
195  __ADD(XFRM_SP_ATTR_TMPL, user_template),
196  __ADD(XFRM_SP_ATTR_MARK, mark),
197 };
198 
199 static char* xfrm_sp_attrs2str(int attrs, char *buf, size_t len)
200 {
201  return __flags2str (attrs, buf, len, sp_attrs, ARRAY_SIZE(sp_attrs));
202 }
203 /** @} */
204 
205 /**
206  * @name XFRM SP Action Translations
207  * @{
208  */
209 static const struct trans_tbl sa_actions[] = {
210  __ADD(XFRM_POLICY_ALLOW, allow),
211  __ADD(XFRM_POLICY_BLOCK, block),
212 };
213 
214 char* xfrmnl_sp_action2str(int action, char *buf, size_t len)
215 {
216  return __type2str (action, buf, len, sa_actions, ARRAY_SIZE(sa_actions));
217 }
218 
219 int xfrmnl_sp_str2action(const char *name)
220 {
221  return __str2type (name, sa_actions, ARRAY_SIZE(sa_actions));
222 }
223 /** @} */
224 
225 /**
226  * @name XFRM SP Flags Translations
227  * @{
228  */
229 static const struct trans_tbl sp_flags[] = {
230  __ADD(XFRM_POLICY_LOCALOK, allow policy override by user),
231  __ADD(XFRM_POLICY_ICMP, auto include ICMP in policy),
232 };
233 
234 char* xfrmnl_sp_flags2str(int flags, char *buf, size_t len)
235 {
236  return __flags2str (flags, buf, len, sp_flags, ARRAY_SIZE(sp_flags));
237 }
238 
239 int xfrmnl_sp_str2flag(const char *name)
240 {
241  return __str2flags(name, sp_flags, ARRAY_SIZE(sp_flags));
242 }
243 /** @} */
244 
245 /**
246  * @name XFRM SP Type Translations
247  * @{
248  */
249 static const struct trans_tbl sp_types[] = {
250  __ADD(XFRM_POLICY_TYPE_MAIN, main),
251  __ADD(XFRM_POLICY_TYPE_SUB, sub),
252  __ADD(XFRM_POLICY_TYPE_MAX, max),
253  __ADD(XFRM_POLICY_TYPE_ANY, any),
254 };
255 
256 char* xfrmnl_sp_type2str(int type, char *buf, size_t len)
257 {
258  return __type2str(type, buf, len, sp_types, ARRAY_SIZE(sp_types));
259 }
260 
261 int xfrmnl_sp_str2type(const char *name)
262 {
263  return __str2type(name, sp_types, ARRAY_SIZE(sp_types));
264 }
265 /** @} */
266 
267 /**
268  * @name XFRM SP Direction Translations
269  * @{
270  */
271 static const struct trans_tbl sp_dir[] = {
272  __ADD(XFRM_POLICY_IN, in),
273  __ADD(XFRM_POLICY_OUT, out),
274  __ADD(XFRM_POLICY_FWD, fwd),
275  __ADD(XFRM_POLICY_MASK, mask),
276 };
277 
278 char* xfrmnl_sp_dir2str(int dir, char *buf, size_t len)
279 {
280  return __type2str (dir, buf, len, sp_dir, ARRAY_SIZE(sp_dir));
281 }
282 
283 int xfrmnl_sp_str2dir(const char *name)
284 {
285  return __str2type (name, sp_dir, ARRAY_SIZE(sp_dir));
286 }
287 
288 int xfrmnl_sp_index2dir (unsigned int index)
289 {
290  return index & 0x7;
291 }
292 /** @} */
293 
294 /**
295  * @name XFRM SP Share Translations
296  * @{
297  */
298 static const struct trans_tbl sp_share[] = {
299  __ADD(XFRM_SHARE_ANY, any),
300  __ADD(XFRM_SHARE_SESSION, session),
301  __ADD(XFRM_SHARE_USER, user),
302  __ADD(XFRM_SHARE_UNIQUE, unique),
303 };
304 
305 char* xfrmnl_sp_share2str(int share, char *buf, size_t len)
306 {
307  return __type2str (share, buf, len, sp_share, ARRAY_SIZE(sp_share));
308 }
309 
310 int xfrmnl_sp_str2share(const char *name)
311 {
312  return __str2type (name, sp_share, ARRAY_SIZE(sp_share));
313 }
314 /** @} */
315 
316 static void xfrm_sp_dump_line(struct nl_object *a, struct nl_dump_params *p)
317 {
318  struct xfrmnl_sp* sp = (struct xfrmnl_sp *) a;
319  char dir[32], action[32], share[32], flags[32];
320  char dst[INET6_ADDRSTRLEN+5], src[INET6_ADDRSTRLEN+5];
321  time_t add_time, use_time;
322  struct tm *add_time_tm, *use_time_tm;
323 
324  nl_addr2str(xfrmnl_sel_get_saddr (sp->sel), src, sizeof(src));
325  nl_addr2str (xfrmnl_sel_get_daddr (sp->sel), dst, sizeof (dst));
326  nl_af2str (xfrmnl_sel_get_family (sp->sel), dir, 32);
327  nl_dump_line(p, "src %s dst %s family: %s\n", src, dst, dir);
328  nl_dump_line (p, "src port/mask: %d/%d dst port/mask: %d/%d\n",
329  xfrmnl_sel_get_dport (sp->sel), xfrmnl_sel_get_dportmask (sp->sel),
330  xfrmnl_sel_get_sport (sp->sel), xfrmnl_sel_get_sportmask (sp->sel));
331  nl_dump_line (p, "protocol: %s ifindex: %u uid: %u\n",
332  nl_ip_proto2str (xfrmnl_sel_get_proto (sp->sel), dir, sizeof(dir)),
333  xfrmnl_sel_get_ifindex (sp->sel),
334  xfrmnl_sel_get_userid (sp->sel));
335 
336  xfrmnl_sp_dir2str (sp->dir, dir, 32);
337  xfrmnl_sp_action2str (sp->action, action, 32);
338  xfrmnl_sp_share2str (sp->share, share, 32);
339  xfrmnl_sp_flags2str (sp->flags, flags, 32);
340  nl_dump_line(p, "\tdir: %s action: %s index: %u priority: %u share: %s flags: %s(0x%x) \n",
341  dir, action, sp->index, sp->priority, share, flags, sp->flags);
342 
343  nl_dump_line(p, "\tlifetime configuration: \n");
344  if (sp->lft->soft_byte_limit == XFRM_INF)
345  sprintf (dir, "INF");
346  else
347  sprintf (dir, "%" PRIu64, sp->lft->soft_byte_limit);
348  if (sp->lft->soft_packet_limit == XFRM_INF)
349  sprintf (action, "INF");
350  else
351  sprintf (action, "%" PRIu64, sp->lft->soft_packet_limit);
352  if (sp->lft->hard_byte_limit == XFRM_INF)
353  sprintf (flags, "INF");
354  else
355  sprintf (flags, "%" PRIu64, sp->lft->hard_byte_limit);
356  if (sp->lft->hard_packet_limit == XFRM_INF)
357  sprintf (share, "INF");
358  else
359  sprintf (share, "%" PRIu64, sp->lft->hard_packet_limit);
360  nl_dump_line(p, "\t\tsoft limit: %s (bytes), %s (packets) \n", dir, action);
361  nl_dump_line(p, "\t\thard limit: %s (bytes), %s (packets) \n", flags, share);
362  nl_dump_line(p, "\t\tsoft add_time: %llu (seconds), soft use_time: %llu (seconds) \n",
363  sp->lft->soft_add_expires_seconds, sp->lft->soft_use_expires_seconds);
364  nl_dump_line(p, "\t\thard add_time: %llu (seconds), hard use_time: %llu (seconds) \n",
365  sp->lft->hard_add_expires_seconds, sp->lft->hard_use_expires_seconds);
366 
367  nl_dump_line(p, "\tlifetime current: \n");
368  nl_dump_line(p, "\t\t%llu bytes, %llu packets\n", sp->curlft.bytes, sp->curlft.packets);
369 
370  if (sp->curlft.add_time != 0)
371  {
372  add_time = sp->curlft.add_time;
373  add_time_tm = gmtime (&add_time);
374  strftime (dst, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", add_time_tm);
375  }
376  else
377  {
378  sprintf (dst, "%s", "-");
379  }
380 
381  if (sp->curlft.use_time != 0)
382  {
383  use_time = sp->curlft.use_time;
384  use_time_tm = gmtime (&use_time);
385  strftime (src, INET6_ADDRSTRLEN+5, "%Y-%m-%d %H-%M-%S", use_time_tm);
386  }
387  else
388  {
389  sprintf (src, "%s", "-");
390  }
391  nl_dump_line(p, "\t\tadd_time: %s, use_time: %s\n", dst, src);
392 
393  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
394  {
395  nl_dump_line(p, "\tUser security context: \n");
396  nl_dump_line(p, "\t\tlen: %d exttype: %d Algo: %d DOI: %d ctxlen: %d\n",
397  sp->sec_ctx->len, sp->sec_ctx->exttype,
398  sp->sec_ctx->ctx_alg, sp->sec_ctx->ctx_doi, sp->sec_ctx->ctx_len);
399  nl_dump_line (p, "\t\tctx: %s \n", sp->sec_ctx->ctx);
400  }
401 
402  xfrmnl_sp_type2str (sp->uptype.type, flags, 32);
403  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
404  nl_dump_line(p, "\tUser policy type: %s\n", flags);
405 
406  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
407  {
408  struct xfrmnl_user_tmpl* utmpl;
409 
410  nl_dump_line(p, "\tUser template: \n");
411 
412  nl_list_for_each_entry(utmpl, &sp->usertmpl_list, utmpl_list)
413  xfrmnl_user_tmpl_dump (utmpl, p);
414  }
415 
416  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
417  nl_dump_line(p, "\tMark mask: 0x%x Mark value: 0x%x\n", sp->mark.m, sp->mark.v);
418 
419  nl_dump(p, "\n");
420 }
421 
422 static void xfrm_sp_dump_details(struct nl_object *a, struct nl_dump_params *p)
423 {
424  xfrm_sp_dump_line(a, p);
425 }
426 
427 static void xfrm_sp_dump_stats(struct nl_object *a, struct nl_dump_params *p)
428 {
429  xfrm_sp_dump_details(a, p);
430 
431  return;
432 }
433 
434 /**
435  * @name XFRM SP Object Allocation/Freeage
436  * @{
437  */
438 
439 struct xfrmnl_sp* xfrmnl_sp_alloc(void)
440 {
441  return (struct xfrmnl_sp*) nl_object_alloc(&xfrm_sp_obj_ops);
442 }
443 
444 void xfrmnl_sp_put(struct xfrmnl_sp* sp)
445 {
446  nl_object_put((struct nl_object *) sp);
447 }
448 
449 /** @} */
450 
451 /**
452  * @name SP Cache Managament
453  * @{
454  */
455 
456 /**
457  * Build a SP cache including all SPs currently configured in the kernel.
458  * @arg sock Netlink socket.
459  * @arg result Pointer to store resulting cache.
460  *
461  * Allocates a new SP cache, initializes it properly and updates it
462  * to include all SPs currently configured in the kernel.
463  *
464  * @return 0 on success or a negative error code.
465  */
466 int xfrmnl_sp_alloc_cache(struct nl_sock *sock, struct nl_cache **result)
467 {
468  return nl_cache_alloc_and_fill(&xfrmnl_sp_ops, sock, result);
469 }
470 
471 /**
472  * Look up a SP by policy id and direction
473  * @arg cache SP cache
474  * @arg index Policy Id
475  * @arg dir direction
476  * @return sp handle or NULL if no match was found.
477  */
478 struct xfrmnl_sp* xfrmnl_sp_get(struct nl_cache* cache, unsigned int index, unsigned int dir)
479 {
480  struct xfrmnl_sp *sp;
481 
482  //nl_list_for_each_entry(sp, &cache->c_items, ce_list) {
483  for (sp = (struct xfrmnl_sp*)nl_cache_get_first (cache);
484  sp != NULL;
485  sp = (struct xfrmnl_sp*)nl_cache_get_next ((struct nl_object*)sp))
486  {
487  if (sp->index == index && sp->dir == dir)
488  {
489  nl_object_get((struct nl_object *) sp);
490  return sp;
491  }
492  }
493 
494  return NULL;
495 }
496 
497 
498 /** @} */
499 
500 
501 static struct nla_policy xfrm_sp_policy[XFRMA_MAX+1] = {
502  [XFRMA_POLICY] = { .minlen = sizeof(struct xfrm_userpolicy_info)},
503  [XFRMA_SEC_CTX] = { .minlen = sizeof(struct xfrm_sec_ctx) },
504  [XFRMA_TMPL] = { .minlen = sizeof(struct xfrm_user_tmpl) },
505  [XFRMA_POLICY_TYPE] = { .minlen = sizeof(struct xfrm_userpolicy_type)},
506  [XFRMA_MARK] = { .minlen = sizeof(struct xfrm_mark) },
507 };
508 
509 static int xfrm_sp_request_update(struct nl_cache *c, struct nl_sock *h)
510 {
511  struct xfrm_userpolicy_id sp_id;
512 
513  memset (&sp_id, 0, sizeof (sp_id));
514  return nl_send_simple (h, XFRM_MSG_GETPOLICY, NLM_F_DUMP,
515  &sp_id, sizeof (sp_id));
516 }
517 
518 int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
519 {
520  struct xfrmnl_sp *sp;
521  struct nlattr *tb[XFRMA_MAX + 1];
522  struct xfrm_userpolicy_info *sp_info;
523  int len, err;
524  struct nl_addr* addr;
525 
526  sp = xfrmnl_sp_alloc();
527  if (!sp) {
528  err = -NLE_NOMEM;
529  goto errout;
530  }
531 
532  sp->ce_msgtype = n->nlmsg_type;
533  if (n->nlmsg_type == XFRM_MSG_DELPOLICY)
534  {
535  sp_info = (struct xfrm_userpolicy_info*)((char *)nlmsg_data(n) + sizeof (struct xfrm_userpolicy_id) + NLA_HDRLEN);
536  }
537  else
538  {
539  sp_info = nlmsg_data(n);
540  }
541 
542  err = nlmsg_parse(n, sizeof(struct xfrm_userpolicy_info), tb, XFRMA_MAX, xfrm_sp_policy);
543  if (err < 0)
544  {
545  printf ("parse error: %d \n", err);
546  goto errout;
547  }
548 
549  if (sp_info->sel.family == AF_INET)
550  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4));
551  else
552  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
553  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
554  xfrmnl_sel_set_daddr (sp->sel, addr);
555  xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
556 
557  if (sp_info->sel.family == AF_INET)
558  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4));
559  else
560  addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
561  nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
562  xfrmnl_sel_set_saddr (sp->sel, addr);
563  xfrmnl_sel_set_prefixlen_s (sp->sel, sp_info->sel.prefixlen_s);
564 
565  xfrmnl_sel_set_dport (sp->sel, ntohs (sp_info->sel.dport));
566  xfrmnl_sel_set_dportmask (sp->sel, ntohs (sp_info->sel.dport_mask));
567  xfrmnl_sel_set_sport (sp->sel, ntohs (sp_info->sel.sport));
568  xfrmnl_sel_set_sportmask (sp->sel, ntohs (sp_info->sel.sport_mask));
569  xfrmnl_sel_set_family (sp->sel, sp_info->sel.family);
570  xfrmnl_sel_set_proto (sp->sel, sp_info->sel.proto);
571  xfrmnl_sel_set_ifindex (sp->sel, sp_info->sel.ifindex);
572  xfrmnl_sel_set_userid (sp->sel, sp_info->sel.user);
573  sp->ce_mask |= XFRM_SP_ATTR_SEL;
574 
575  sp->lft->soft_byte_limit = sp_info->lft.soft_byte_limit;
576  sp->lft->hard_byte_limit = sp_info->lft.hard_byte_limit;
577  sp->lft->soft_packet_limit = sp_info->lft.soft_packet_limit;
578  sp->lft->hard_packet_limit = sp_info->lft.hard_packet_limit;
579  sp->lft->soft_add_expires_seconds = sp_info->lft.soft_add_expires_seconds;
580  sp->lft->hard_add_expires_seconds = sp_info->lft.hard_add_expires_seconds;
581  sp->lft->soft_use_expires_seconds = sp_info->lft.soft_use_expires_seconds;
582  sp->lft->hard_use_expires_seconds = sp_info->lft.hard_use_expires_seconds;
583  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
584 
585  sp->curlft.bytes = sp_info->curlft.bytes;
586  sp->curlft.packets = sp_info->curlft.packets;
587  sp->curlft.add_time = sp_info->curlft.add_time;
588  sp->curlft.use_time = sp_info->curlft.use_time;
589  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CUR;
590 
591  sp->priority = sp_info->priority;
592  sp->index = sp_info->index;
593  sp->dir = sp_info->dir;
594  sp->action = sp_info->action;
595  sp->flags = sp_info->flags;
596  sp->share = sp_info->share;
597  sp->ce_mask |= (XFRM_SP_ATTR_PRIO | XFRM_SP_ATTR_INDEX |
598  XFRM_SP_ATTR_DIR | XFRM_SP_ATTR_ACTION |
599  XFRM_SP_ATTR_FLAGS | XFRM_SP_ATTR_SHARE);
600 
601  if (tb[XFRMA_SEC_CTX]) {
602  struct xfrm_user_sec_ctx* ctx = nla_data(tb[XFRMA_SEC_CTX]);
603  len = sizeof (struct xfrmnl_user_sec_ctx) + ctx->ctx_len;
604  if ((sp->sec_ctx = calloc (1, len)) == NULL)
605  {
606  err = -NLE_NOMEM;
607  goto errout;
608  }
609  memcpy ((void *)sp->sec_ctx, (void *)ctx, len);
610  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
611  }
612 
613  if (tb[XFRMA_POLICY_TYPE]) {
614  struct xfrm_userpolicy_type* up = nla_data(tb[XFRMA_POLICY_TYPE]);
615  memcpy ((void *)&sp->uptype, (void *)up, sizeof (struct xfrm_userpolicy_type));
616  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
617  }
618 
619  if (tb[XFRMA_TMPL]) {
620  struct xfrm_user_tmpl* tmpl = nla_data(tb[XFRMA_TMPL]);
621  struct xfrmnl_user_tmpl* sputmpl;
622  uint32_t i;
623  uint32_t num_tmpls = nla_len(tb[XFRMA_TMPL]) / sizeof (*tmpl);
624  struct nl_addr* addr;
625 
626  for (i = 0; (i < num_tmpls) && (tmpl); i ++, tmpl++)
627  {
628  if ((sputmpl = xfrmnl_user_tmpl_alloc ()) == NULL)
629  {
630  err = -NLE_NOMEM;
631  goto errout;
632  }
633 
634  if (tmpl->family == AF_INET)
635  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4));
636  else
637  addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
638  xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
639  xfrmnl_user_tmpl_set_spi (sputmpl, ntohl(tmpl->id.spi));
640  xfrmnl_user_tmpl_set_proto (sputmpl, tmpl->id.proto);
641  xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
642 
643  if (tmpl->family == AF_INET)
644  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4));
645  else
646  addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
647  xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
648 
649  xfrmnl_user_tmpl_set_reqid (sputmpl, tmpl->reqid);
650  xfrmnl_user_tmpl_set_mode (sputmpl, tmpl->mode);
651  xfrmnl_user_tmpl_set_share (sputmpl, tmpl->share);
652  xfrmnl_user_tmpl_set_optional (sputmpl, tmpl->optional);
653  xfrmnl_user_tmpl_set_aalgos (sputmpl, tmpl->aalgos);
654  xfrmnl_user_tmpl_set_ealgos (sputmpl, tmpl->ealgos);
655  xfrmnl_user_tmpl_set_calgos (sputmpl, tmpl->calgos);
656  xfrmnl_sp_add_usertemplate (sp, sputmpl);
657 
658  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
659  }
660  }
661 
662  if (tb[XFRMA_MARK]) {
663  struct xfrm_mark* m = nla_data(tb[XFRMA_MARK]);
664  sp->mark.m = m->m;
665  sp->mark.v = m->v;
666  sp->ce_mask |= XFRM_SP_ATTR_MARK;
667  }
668 
669  *result = sp;
670  return 0;
671 
672 errout:
673  xfrmnl_sp_put(sp);
674  return err;
675 }
676 
677 static int xfrm_sp_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
678  struct nlmsghdr *n, struct nl_parser_param *pp)
679 {
680  struct xfrmnl_sp* sp;
681  int err;
682 
683  if ((err = xfrmnl_sp_parse(n, &sp)) < 0)
684  {
685  printf ("received error: %d \n", err);
686  return err;
687  }
688 
689  err = pp->pp_cb((struct nl_object *) sp, pp);
690 
691  xfrmnl_sp_put(sp);
692  return err;
693 }
694 
695 /**
696  * @name XFRM SP Get
697  * @{
698  */
699 
700 int xfrmnl_sp_build_get_request(unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct nl_msg **result)
701 {
702  struct nl_msg *msg;
703  struct xfrm_userpolicy_id spid;
704  struct xfrm_mark mark;
705 
706  memset(&spid, 0, sizeof(spid));
707  spid.index = index;
708  spid.dir = dir;
709 
710  if (!(msg = nlmsg_alloc_simple(XFRM_MSG_GETPOLICY, 0)))
711  return -NLE_NOMEM;
712 
713  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
714  goto nla_put_failure;
715 
716  if ((mark_m & mark_v) != 0)
717  {
718  memset(&mark, 0, sizeof(struct xfrm_mark));
719  mark.m = mark_m;
720  mark.v = mark_v;
721 
722  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &mark);
723  }
724 
725  *result = msg;
726  return 0;
727 
728 nla_put_failure:
729  nlmsg_free(msg);
730  return -NLE_MSGSIZE;
731 }
732 
733 int xfrmnl_sp_get_kernel(struct nl_sock* sock, unsigned int index, unsigned int dir, unsigned int mark_v, unsigned int mark_m, struct xfrmnl_sp** result)
734 {
735  struct nl_msg *msg = NULL;
736  struct nl_object *obj;
737  int err;
738 
739  if ((err = xfrmnl_sp_build_get_request(index, dir, mark_m, mark_v, &msg)) < 0)
740  return err;
741 
742  err = nl_send_auto(sock, msg);
743  nlmsg_free(msg);
744  if (err < 0)
745  return err;
746 
747  if ((err = nl_pickup(sock, &xfrm_sp_msg_parser, &obj)) < 0)
748  return err;
749 
750  /* We have used xfrm_sp_msg_parser(), object is definitely a xfrm ae */
751  *result = (struct xfrmnl_sp *) obj;
752 
753  /* If an object has been returned, we also need to wait for the ACK */
754  if (err == 0 && obj)
755  nl_wait_for_ack(sock);
756 
757  return 0;
758 }
759 
760 /** @} */
761 
762 static int build_xfrm_sp_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
763 {
764  struct nl_msg* msg;
765  struct xfrm_userpolicy_info sp_info;
766  uint32_t len;
767  struct nl_addr* addr;
768 
769  if (!(tmpl->ce_mask & XFRM_SP_ATTR_DIR) ||
770  (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) &&
771  !(tmpl->ce_mask & XFRM_SP_ATTR_SEL)))
772  return -NLE_MISSING_ATTR;
773 
774  memset ((void*)&sp_info, 0, sizeof (sp_info));
775  if (tmpl->ce_mask & XFRM_SP_ATTR_SEL)
776  {
777  addr = xfrmnl_sel_get_daddr (tmpl->sel);
778  memcpy ((void*)&sp_info.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
779  addr = xfrmnl_sel_get_saddr (tmpl->sel);
780  memcpy ((void*)&sp_info.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
781  sp_info.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
782  sp_info.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
783  sp_info.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
784  sp_info.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
785  sp_info.sel.family = xfrmnl_sel_get_family (tmpl->sel);
786  sp_info.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
787  sp_info.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
788  sp_info.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
789  sp_info.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
790  sp_info.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
791  }
792 
793  if (tmpl->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
794  {
795  sp_info.lft.soft_byte_limit = xfrmnl_ltime_cfg_get_soft_bytelimit (tmpl->lft);
796  sp_info.lft.hard_byte_limit = xfrmnl_ltime_cfg_get_hard_bytelimit (tmpl->lft);
797  sp_info.lft.soft_packet_limit = xfrmnl_ltime_cfg_get_soft_packetlimit (tmpl->lft);
798  sp_info.lft.hard_packet_limit = xfrmnl_ltime_cfg_get_hard_packetlimit (tmpl->lft);
799  sp_info.lft.soft_add_expires_seconds = xfrmnl_ltime_cfg_get_soft_addexpires (tmpl->lft);
800  sp_info.lft.hard_add_expires_seconds = xfrmnl_ltime_cfg_get_hard_addexpires (tmpl->lft);
801  sp_info.lft.soft_use_expires_seconds = xfrmnl_ltime_cfg_get_soft_useexpires (tmpl->lft);
802  sp_info.lft.hard_use_expires_seconds = xfrmnl_ltime_cfg_get_hard_useexpires (tmpl->lft);
803  }
804 
805  //Skip current lifetime: cur lifetime can be updated only via AE
806 
807  if (tmpl->ce_mask & XFRM_SP_ATTR_PRIO)
808  sp_info.priority = tmpl->priority;
809 
810  if (tmpl->ce_mask & XFRM_SP_ATTR_INDEX)
811  sp_info.index = tmpl->index;
812 
813  if (tmpl->ce_mask & XFRM_SP_ATTR_DIR)
814  sp_info.dir = tmpl->dir;
815 
816  if (tmpl->ce_mask & XFRM_SP_ATTR_ACTION)
817  sp_info.action = tmpl->action;
818 
819  if (tmpl->ce_mask & XFRM_SP_ATTR_FLAGS)
820  sp_info.flags = tmpl->flags;
821 
822  if (tmpl->ce_mask & XFRM_SP_ATTR_SHARE)
823  sp_info.share = tmpl->share;
824 
825  msg = nlmsg_alloc_simple(cmd, flags);
826  if (!msg)
827  return -NLE_NOMEM;
828 
829  if (nlmsg_append(msg, &sp_info, sizeof(sp_info), NLMSG_ALIGNTO) < 0)
830  goto nla_put_failure;
831 
832  if (tmpl->ce_mask & XFRM_SP_ATTR_SECCTX) {
833  len = (sizeof (struct xfrm_user_sec_ctx)) + tmpl->sec_ctx->ctx_len;
834  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
835  }
836 
837  if (tmpl->ce_mask & XFRM_SP_ATTR_POLTYPE) {
838  len = sizeof (struct xfrm_userpolicy_type);
839  NLA_PUT (msg, XFRMA_POLICY_TYPE, len, &tmpl->uptype);
840  }
841 
842  if (tmpl->ce_mask & XFRM_SP_ATTR_TMPL) {
843  struct nlattr* tmpls;
844  struct xfrmnl_user_tmpl* utmpl;
845  struct nl_addr* addr;
846 
847  if (!(tmpls = nla_nest_start(msg, XFRMA_TMPL)))
848  goto nla_put_failure;
849 
850  nl_list_for_each_entry(utmpl, &tmpl->usertmpl_list, utmpl_list) {
851  struct xfrm_user_tmpl* tmpl;
852 
853  tmpl = nlmsg_reserve(msg, sizeof(*tmpl), NLMSG_ALIGNTO);
854  if (!tmpl)
855  goto nla_put_failure;
856  addr = xfrmnl_user_tmpl_get_daddr (utmpl);
857  memcpy ((void *)&tmpl->id.daddr, nl_addr_get_binary_addr (addr),
858  nl_addr_get_len (addr));
859  tmpl->id.spi = htonl(xfrmnl_user_tmpl_get_spi (utmpl));
860  tmpl->id.proto = xfrmnl_user_tmpl_get_proto (utmpl);
861  tmpl->family = xfrmnl_user_tmpl_get_family (utmpl);
862  addr = xfrmnl_user_tmpl_get_saddr (utmpl);
863  memcpy ((void *)&tmpl->saddr, nl_addr_get_binary_addr (addr),
864  nl_addr_get_len (addr));
865  tmpl->reqid = xfrmnl_user_tmpl_get_reqid (utmpl);
866  tmpl->mode = xfrmnl_user_tmpl_get_mode (utmpl);
867  tmpl->share = xfrmnl_user_tmpl_get_share (utmpl);
868  tmpl->optional = xfrmnl_user_tmpl_get_optional (utmpl);
869  tmpl->aalgos = xfrmnl_user_tmpl_get_aalgos (utmpl);
870  tmpl->ealgos = xfrmnl_user_tmpl_get_ealgos (utmpl);
871  tmpl->calgos = xfrmnl_user_tmpl_get_calgos (utmpl);
872  }
873  nla_nest_end(msg, tmpls);
874  }
875 
876  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
877  NLA_PUT (msg, XFRMA_MARK, sizeof (struct xfrm_mark), &tmpl->mark);
878  }
879 
880  *result = msg;
881  return 0;
882 
883 nla_put_failure:
884  nlmsg_free(msg);
885  return -NLE_MSGSIZE;
886 }
887 
888 /**
889  * @name XFRM SP Add
890  * @{
891  */
892 
893 int xfrmnl_sp_build_add_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
894 {
895  return build_xfrm_sp_message (tmpl, XFRM_MSG_NEWPOLICY, flags, result);
896 }
897 
898 int xfrmnl_sp_add(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
899 {
900  int err;
901  struct nl_msg *msg;
902 
903  if ((err = xfrmnl_sp_build_add_request(tmpl, flags, &msg)) < 0)
904  return err;
905 
906  err = nl_send_auto_complete(sk, msg);
907  nlmsg_free(msg);
908  if (err < 0)
909  return err;
910 
911  return nl_wait_for_ack(sk);
912 }
913 
914 /**
915  * @name XFRM SP Update
916  * @{
917  */
918 
919 int xfrmnl_sp_build_update_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
920 {
921  return build_xfrm_sp_message (tmpl, XFRM_MSG_UPDPOLICY, flags, result);
922 }
923 
924 int xfrmnl_sp_update(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
925 {
926  int err;
927  struct nl_msg *msg;
928 
929  if ((err = xfrmnl_sp_build_update_request(tmpl, flags, &msg)) < 0)
930  return err;
931 
932  err = nl_send_auto_complete(sk, msg);
933  nlmsg_free(msg);
934  if (err < 0)
935  return err;
936 
937  return nl_wait_for_ack(sk);
938 }
939 
940 /** @} */
941 
942 /**
943  * \brief Builds a xfrm_sp_delete_message. Uses either index and direction
944  * or security-context (not set is a valid value), selector and
945  * direction for identification.
946  * Returns error if necessary values aren't set.
947  *
948  * \param tmpl The policy template.
949  * \param cmd The command. Should be XFRM_MSG_DELPOLICY.
950  * \param flags Additional flags
951  * \param result Resulting message.
952  *
953  * \return 0 if successful, else error value < 0
954  */
955 static int build_xfrm_sp_delete_message(struct xfrmnl_sp *tmpl, int cmd, int flags, struct nl_msg **result)
956 {
957  struct nl_msg* msg;
958  struct xfrm_userpolicy_id spid;
959  struct nl_addr* addr;
960  uint32_t len;
961 
962  if (!(tmpl->ce_mask & XFRM_SP_ATTR_DIR) ||
963  (!(tmpl->ce_mask & XFRM_SP_ATTR_INDEX) &&
964  !(tmpl->ce_mask & XFRM_SP_ATTR_SEL)))
965  return -NLE_MISSING_ATTR;
966 
967  memset(&spid, 0, sizeof(spid));
968  spid.dir = tmpl->dir;
969  if(tmpl->ce_mask & XFRM_SP_ATTR_INDEX)
970  spid.index = tmpl->index;
971 
972  if (tmpl->ce_mask & XFRM_SP_ATTR_SEL)
973  {
974  addr = xfrmnl_sel_get_daddr (tmpl->sel);
975  memcpy ((void*)&spid.sel.daddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
976  addr = xfrmnl_sel_get_saddr (tmpl->sel);
977  memcpy ((void*)&spid.sel.saddr, (void*)nl_addr_get_binary_addr (addr), sizeof (uint8_t) * nl_addr_get_len (addr));
978  spid.sel.dport = htons (xfrmnl_sel_get_dport (tmpl->sel));
979  spid.sel.dport_mask = htons (xfrmnl_sel_get_dportmask (tmpl->sel));
980  spid.sel.sport = htons (xfrmnl_sel_get_sport (tmpl->sel));
981  spid.sel.sport_mask = htons (xfrmnl_sel_get_sportmask (tmpl->sel));
982  spid.sel.family = xfrmnl_sel_get_family (tmpl->sel);
983  spid.sel.prefixlen_d = xfrmnl_sel_get_prefixlen_d (tmpl->sel);
984  spid.sel.prefixlen_s = xfrmnl_sel_get_prefixlen_s (tmpl->sel);
985  spid.sel.proto = xfrmnl_sel_get_proto (tmpl->sel);
986  spid.sel.ifindex = xfrmnl_sel_get_ifindex (tmpl->sel);
987  spid.sel.user = xfrmnl_sel_get_userid (tmpl->sel);
988  }
989 
990  msg = nlmsg_alloc_simple(cmd, flags);
991  if (!msg)
992  return -NLE_NOMEM;
993 
994  if (nlmsg_append(msg, &spid, sizeof(spid), NLMSG_ALIGNTO) < 0)
995  goto nla_put_failure;
996 
997  if (tmpl->ce_mask & XFRM_SP_ATTR_SECCTX) {
998  len = (sizeof (struct xfrm_user_sec_ctx)) + tmpl->sec_ctx->ctx_len;
999  NLA_PUT (msg, XFRMA_SEC_CTX, len, tmpl->sec_ctx);
1000  }
1001 
1002  if (tmpl->ce_mask & XFRM_SP_ATTR_MARK) {
1003  len = sizeof (struct xfrm_mark);
1004  NLA_PUT (msg, XFRMA_MARK, len, &tmpl->mark);
1005  }
1006 
1007  *result = msg;
1008  return 0;
1009 
1010 nla_put_failure:
1011  nlmsg_free(msg);
1012  return -NLE_MSGSIZE;
1013 }
1014 
1015 /**
1016  * @name XFRM SA Delete
1017  * @{
1018  */
1019 
1020 int xfrmnl_sp_build_delete_request(struct xfrmnl_sp* tmpl, int flags, struct nl_msg **result)
1021 {
1022  return build_xfrm_sp_delete_message (tmpl, XFRM_MSG_DELPOLICY, flags, result);
1023 }
1024 
1025 int xfrmnl_sp_delete(struct nl_sock* sk, struct xfrmnl_sp* tmpl, int flags)
1026 {
1027  int err;
1028  struct nl_msg *msg;
1029 
1030  if ((err = xfrmnl_sp_build_delete_request(tmpl, flags, &msg)) < 0)
1031  return err;
1032 
1033  err = nl_send_auto_complete(sk, msg);
1034  nlmsg_free(msg);
1035  if (err < 0)
1036  return err;
1037 
1038  return nl_wait_for_ack(sk);
1039 }
1040 
1041 /** @} */
1042 
1043 
1044 /**
1045  * @name Attributes
1046  * @{
1047  */
1048 
1049 struct xfrmnl_sel* xfrmnl_sp_get_sel (struct xfrmnl_sp* sp)
1050 {
1051  if (sp->ce_mask & XFRM_SP_ATTR_SEL)
1052  return sp->sel;
1053  else
1054  return NULL;
1055 }
1056 
1057 int xfrmnl_sp_set_sel (struct xfrmnl_sp* sp, struct xfrmnl_sel* sel)
1058 {
1059  /* Release any previously held selector object from the SP */
1060  if (sp->sel)
1061  xfrmnl_sel_put (sp->sel);
1062 
1063  /* Increment ref count on new selector and save it in the SP */
1064  xfrmnl_sel_get (sel);
1065  sp->sel = sel;
1066  sp->ce_mask |= XFRM_SP_ATTR_SEL;
1067 
1068  return 0;
1069 }
1070 
1071 struct xfrmnl_ltime_cfg* xfrmnl_sp_get_lifetime_cfg (struct xfrmnl_sp* sp)
1072 {
1073  if (sp->ce_mask & XFRM_SP_ATTR_LTIME_CFG)
1074  return sp->lft;
1075  else
1076  return NULL;
1077 }
1078 
1079 int xfrmnl_sp_set_lifetime_cfg (struct xfrmnl_sp* sp, struct xfrmnl_ltime_cfg* ltime)
1080 {
1081  /* Release any previously held lifetime cfg object from the SP */
1082  if (sp->lft)
1083  xfrmnl_ltime_cfg_put (sp->lft);
1084 
1085  /* Increment ref count on new lifetime object and save it in the SP */
1086  xfrmnl_ltime_cfg_get (ltime);
1087  sp->lft = ltime;
1088  sp->ce_mask |= XFRM_SP_ATTR_LTIME_CFG;
1089 
1090  return 0;
1091 }
1092 
1093 int xfrmnl_sp_get_curlifetime (struct xfrmnl_sp* sa, unsigned long long int* curr_bytes,
1094  unsigned long long int* curr_packets, unsigned long long int* curr_add_time, unsigned long long int* curr_use_time)
1095 {
1096  if (sa == NULL || curr_bytes == NULL || curr_packets == NULL || curr_add_time == NULL || curr_use_time == NULL)
1097  return -1;
1098 
1099  *curr_bytes = sa->curlft.bytes;
1100  *curr_packets = sa->curlft.packets;
1101  *curr_add_time = sa->curlft.add_time;
1102  *curr_use_time = sa->curlft.use_time;
1103 
1104  return 0;
1105 }
1106 
1107 int xfrmnl_sp_get_priority (struct xfrmnl_sp* sp)
1108 {
1109  if (sp->ce_mask & XFRM_SP_ATTR_PRIO)
1110  return sp->priority;
1111  else
1112  return -1;
1113 }
1114 
1115 int xfrmnl_sp_set_priority (struct xfrmnl_sp* sp, unsigned int prio)
1116 {
1117  sp->priority = prio;
1118  sp->ce_mask |= XFRM_SP_ATTR_PRIO;
1119 
1120  return 0;
1121 }
1122 
1123 int xfrmnl_sp_get_index (struct xfrmnl_sp* sp)
1124 {
1125  if (sp->ce_mask & XFRM_SP_ATTR_INDEX)
1126  return sp->index;
1127  else
1128  return -1;
1129 }
1130 
1131 int xfrmnl_sp_set_index (struct xfrmnl_sp* sp, unsigned int index)
1132 {
1133  sp->index = index;
1134  sp->ce_mask |= XFRM_SP_ATTR_INDEX;
1135 
1136  return 0;
1137 }
1138 
1139 int xfrmnl_sp_get_dir (struct xfrmnl_sp* sp)
1140 {
1141  if (sp->ce_mask & XFRM_SP_ATTR_DIR)
1142  return sp->dir;
1143  else
1144  return -1;
1145 }
1146 
1147 int xfrmnl_sp_set_dir (struct xfrmnl_sp* sp, unsigned int dir)
1148 {
1149  sp->dir = dir;
1150  sp->ce_mask |= XFRM_SP_ATTR_DIR;
1151 
1152  return 0;
1153 }
1154 
1155 int xfrmnl_sp_get_action (struct xfrmnl_sp* sp)
1156 {
1157  if (sp->ce_mask & XFRM_SP_ATTR_ACTION)
1158  return sp->action;
1159  else
1160  return -1;
1161 }
1162 
1163 int xfrmnl_sp_set_action (struct xfrmnl_sp* sp, unsigned int action)
1164 {
1165  sp->action = action;
1166  sp->ce_mask |= XFRM_SP_ATTR_ACTION;
1167 
1168  return 0;
1169 }
1170 
1171 int xfrmnl_sp_get_flags (struct xfrmnl_sp* sp)
1172 {
1173  if (sp->ce_mask & XFRM_SP_ATTR_FLAGS)
1174  return sp->flags;
1175  else
1176  return -1;
1177 }
1178 
1179 int xfrmnl_sp_set_flags (struct xfrmnl_sp* sp, unsigned int flags)
1180 {
1181  sp->flags = flags;
1182  sp->ce_mask |= XFRM_SP_ATTR_FLAGS;
1183 
1184  return 0;
1185 }
1186 
1187 int xfrmnl_sp_get_share (struct xfrmnl_sp* sp)
1188 {
1189  if (sp->ce_mask & XFRM_SP_ATTR_SHARE)
1190  return sp->share;
1191  else
1192  return -1;
1193 }
1194 
1195 int xfrmnl_sp_set_share (struct xfrmnl_sp* sp, unsigned int share)
1196 {
1197  sp->share = share;
1198  sp->ce_mask |= XFRM_SP_ATTR_SHARE;
1199 
1200  return 0;
1201 }
1202 
1203 /**
1204  * Get the security context.
1205  *
1206  * @arg sp The xfrmnl_sp object.
1207  * @arg len An optional output value for the ctx_str length including the xfrmnl_sp header.
1208  * @arg exttype An optional output value.
1209  * @arg alg An optional output value for the security context algorithm.
1210  * @arg doi An optional output value for the security context domain of interpretation.
1211  * @arg ctx_len An optional output value for the security context length, including the
1212  * terminating null byte ('\0').
1213  * @arg ctx_str An optional buffer large enough for the security context string. It must
1214  * contain at least @ctx_len bytes. You are advised to create the ctx_str
1215  * buffer one element larger and ensure NUL termination yourself.
1216  *
1217  * Warning: you must ensure that @ctx_str is large enough. If you don't know the length before-hand,
1218  * call xfrmnl_sp_get_sec_ctx() without @ctx_str argument to query only the required buffer size.
1219  * This modified API is available in all versions of libnl3 that support the capability
1220  * @def NL_CAPABILITY_XFRM_SP_SEC_CTX_LEN (@see nl_has_capability for further information).
1221  *
1222  * @return 0 on success or a negative error code.
1223  */
1224 int xfrmnl_sp_get_sec_ctx (struct xfrmnl_sp* sp, unsigned int* len, unsigned int* exttype, unsigned int* alg, unsigned int* doi, unsigned int* ctx_len, char* ctx_str)
1225 {
1226  if (sp->ce_mask & XFRM_SP_ATTR_SECCTX)
1227  {
1228  if (len)
1229  *len = sizeof (struct xfrmnl_user_sec_ctx) + sp->sec_ctx->ctx_len;
1230  if (exttype)
1231  *exttype = sp->sec_ctx->exttype;
1232  if (alg)
1233  *alg = sp->sec_ctx->ctx_alg;
1234  if (doi)
1235  *doi = sp->sec_ctx->ctx_doi;
1236  if (ctx_len)
1237  *ctx_len = sp->sec_ctx->ctx_len;
1238  if (ctx_str)
1239  memcpy ((void *)ctx_str, (void *)sp->sec_ctx->ctx, sp->sec_ctx->ctx_len);
1240  }
1241  else
1242  return -1;
1243 
1244  return 0;
1245 }
1246 /**
1247  * @brief Set security context (ctx_str) for XFRM Polixy.
1248  *
1249  * @param sp XFRM Policy
1250  * @param len !!! depricated unused parameter !!!
1251  * @param exttype netlink message attribute - probably XFRMA_SEC_CTX
1252  * @param alg security context algorithm
1253  * @param doi security context domain interpretation
1254  * @param ctx_len Length of the context string.
1255  * @param ctx_str The context string.
1256  *
1257  * @return 0 if sucessfull, else -1
1258  */
1259 int xfrmnl_sp_set_sec_ctx (struct xfrmnl_sp* sp, unsigned int len __attribute__((unused)), unsigned int exttype, unsigned int alg, unsigned int doi, unsigned int ctx_len, char* ctx_str)
1260 {
1261  /* Free up the old context string and allocate new one */
1262  if (sp->sec_ctx)
1263  free (sp->sec_ctx);
1264  if ((sp->sec_ctx = calloc (1, sizeof (struct xfrmnl_user_sec_ctx) + 1 + ctx_len)) == NULL)
1265  return -1;
1266 
1267  /* Save the new info */
1268  sp->sec_ctx->len = sizeof (struct xfrmnl_user_sec_ctx) + ctx_len;
1269  sp->sec_ctx->exttype = exttype;
1270  sp->sec_ctx->ctx_alg = alg;
1271  sp->sec_ctx->ctx_doi = doi;
1272  sp->sec_ctx->ctx_len = ctx_len;
1273  memcpy ((void *)sp->sec_ctx->ctx, (void *)ctx_str, ctx_len);
1274  sp->sec_ctx->ctx[ctx_len] = '\0';
1275 
1276  sp->ce_mask |= XFRM_SP_ATTR_SECCTX;
1277 
1278  return 0;
1279 }
1280 
1281 int xfrmnl_sp_get_userpolicy_type (struct xfrmnl_sp* sp)
1282 {
1283  if (sp->ce_mask & XFRM_SP_ATTR_POLTYPE)
1284  return sp->uptype.type;
1285  else
1286  return -1;
1287 }
1288 
1289 int xfrmnl_sp_set_userpolicy_type (struct xfrmnl_sp* sp, unsigned int type)
1290 {
1291  sp->uptype.type = type;
1292  sp->ce_mask |= XFRM_SP_ATTR_POLTYPE;
1293 
1294  return 0;
1295 }
1296 
1297 void xfrmnl_sp_add_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1298 {
1299  nl_list_add_tail(&utmpl->utmpl_list, &sp->usertmpl_list);
1300  sp->nr_user_tmpl++;
1301  sp->ce_mask |= XFRM_SP_ATTR_TMPL;
1302 }
1303 
1304 void xfrmnl_sp_remove_usertemplate(struct xfrmnl_sp *sp, struct xfrmnl_user_tmpl *utmpl)
1305 {
1306  if (sp->ce_mask & XFRM_SP_ATTR_TMPL) {
1307  sp->nr_user_tmpl--;
1308  nl_list_del(&utmpl->utmpl_list);
1309  }
1310 }
1311 
1312 struct nl_list_head *xfrmnl_sp_get_usertemplates(struct xfrmnl_sp *sp)
1313 {
1314  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1315  return &sp->usertmpl_list;
1316 
1317  return NULL;
1318 }
1319 
1320 int xfrmnl_sp_get_nusertemplates(struct xfrmnl_sp *sp)
1321 {
1322  if (sp->ce_mask & XFRM_SP_ATTR_TMPL)
1323  return sp->nr_user_tmpl;
1324 
1325  return 0;
1326 }
1327 
1328 void xfrmnl_sp_foreach_usertemplate(struct xfrmnl_sp *r,
1329  void (*cb)(struct xfrmnl_user_tmpl *, void *),
1330  void *arg)
1331 {
1332  struct xfrmnl_user_tmpl *utmpl;
1333 
1334  if (r->ce_mask & XFRM_SP_ATTR_TMPL) {
1335  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1336  cb(utmpl, arg);
1337  }
1338  }
1339 }
1340 
1341 struct xfrmnl_user_tmpl *xfrmnl_sp_usertemplate_n(struct xfrmnl_sp *r, int n)
1342 {
1343  struct xfrmnl_user_tmpl *utmpl;
1344  uint32_t i;
1345 
1346  if (r->ce_mask & XFRM_SP_ATTR_TMPL && r->nr_user_tmpl > n) {
1347  i = 0;
1348  nl_list_for_each_entry(utmpl, &r->usertmpl_list, utmpl_list) {
1349  if (i == n) return utmpl;
1350  i++;
1351  }
1352  }
1353  return NULL;
1354 }
1355 
1356 int xfrmnl_sp_get_mark (struct xfrmnl_sp* sp, unsigned int* mark_mask, unsigned int* mark_value)
1357 {
1358  if (mark_mask == NULL || mark_value == NULL)
1359  return -1;
1360 
1361  if (sp->ce_mask & XFRM_SP_ATTR_MARK)
1362  {
1363  *mark_mask = sp->mark.m;
1364  *mark_value = sp->mark.v;
1365 
1366  return 0;
1367  }
1368  else
1369  return -1;
1370 }
1371 
1372 int xfrmnl_sp_set_mark (struct xfrmnl_sp* sp, unsigned int value, unsigned int mask)
1373 {
1374  sp->mark.v = value;
1375  sp->mark.m = mask;
1376  sp->ce_mask |= XFRM_SP_ATTR_MARK;
1377 
1378  return 0;
1379 }
1380 
1381 /** @} */
1382 
1383 static struct nl_object_ops xfrm_sp_obj_ops = {
1384  .oo_name = "xfrm/sp",
1385  .oo_size = sizeof(struct xfrmnl_sp),
1386  .oo_constructor = xfrm_sp_alloc_data,
1387  .oo_free_data = xfrm_sp_free_data,
1388  .oo_clone = xfrm_sp_clone,
1389  .oo_dump = {
1390  [NL_DUMP_LINE] = xfrm_sp_dump_line,
1391  [NL_DUMP_DETAILS] = xfrm_sp_dump_details,
1392  [NL_DUMP_STATS] = xfrm_sp_dump_stats,
1393  },
1394  .oo_compare = xfrm_sp_compare,
1395  .oo_attrs2str = xfrm_sp_attrs2str,
1396  .oo_id_attrs = (XFRM_SP_ATTR_SEL | XFRM_SP_ATTR_INDEX | XFRM_SP_ATTR_DIR),
1397 };
1398 
1399 static struct nl_af_group xfrm_sp_groups[] = {
1400  { AF_UNSPEC, XFRMNLGRP_POLICY },
1401  { END_OF_GROUP_LIST },
1402 };
1403 
1404 static struct nl_cache_ops xfrmnl_sp_ops = {
1405  .co_name = "xfrm/sp",
1406  .co_hdrsize = sizeof(struct xfrm_userpolicy_info),
1407  .co_msgtypes = {
1408  { XFRM_MSG_NEWPOLICY, NL_ACT_NEW, "new" },
1409  { XFRM_MSG_DELPOLICY, NL_ACT_DEL, "del" },
1410  { XFRM_MSG_GETPOLICY, NL_ACT_GET, "get" },
1411  { XFRM_MSG_UPDPOLICY, NL_ACT_NEW, "update" },
1412  END_OF_MSGTYPES_LIST,
1413  },
1414  .co_protocol = NETLINK_XFRM,
1415  .co_groups = xfrm_sp_groups,
1416  .co_request_update = xfrm_sp_request_update,
1417  .co_msg_parser = xfrm_sp_msg_parser,
1418  .co_obj_ops = &xfrm_sp_obj_ops,
1419 };
1420 
1421 /**
1422  * @name XFRM SA Cache Managament
1423  * @{
1424  */
1425 
1426 static void __attribute__ ((constructor)) xfrm_sp_init(void)
1427 {
1428  nl_cache_mngt_register(&xfrmnl_sp_ops);
1429 }
1430 
1431 static void __attribute__ ((destructor)) xfrm_sp_exit(void)
1432 {
1433  nl_cache_mngt_unregister(&xfrmnl_sp_ops);
1434 }
1435 
1436 /** @} */
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
Definition: nl.c:1248
Dump object briefly on one line.
Definition: types.h:22
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
Definition: addr.c:966
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
Definition: msg.c:565
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, const struct nla_policy *policy)
parse attributes of a netlink message
Definition: msg.c:215
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
Definition: msg.c:107
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:55
void * nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
Reserve room for additional data in a netlink message.
Definition: msg.c:411
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Definition: cache_mngt.c:288
Attribute validation policy.
Definition: attr.h:69
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
Definition: object.c:205
struct nl_addr * nl_addr_build(int family, const void *buf, size_t size)
Allocate abstract address based on a binary address.
Definition: addr.c:218
int nl_pickup(struct nl_sock *sk, int(*parser)(struct nl_cache_ops *, struct sockaddr_nl *, struct nlmsghdr *, struct nl_parser_param *), struct nl_object **result)
Pickup netlink answer, parse is and return object.
Definition: nl.c:1179
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_clone(struct xfrmnl_ltime_cfg *ltime)
Clone existing lifetime config object.
Definition: lifetime.c:95
Dump all attributes but no statistics.
Definition: types.h:23
int nla_nest_end(struct nl_msg *msg, struct nlattr *start)
Finalize nesting of attributes.
Definition: attr.c:966
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
Definition: cache_mngt.c:253
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
Definition: attr.h:165
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
Definition: attr.c:121
int xfrmnl_sel_cmp(struct xfrmnl_sel *a, struct xfrmnl_sel *b)
Compares two selector objects.
Definition: selector.c:162
int nla_len(const struct nlattr *nla)
Return length of the payload .
Definition: attr.c:132
uint16_t minlen
Minimal length of payload required.
Definition: attr.h:74
int nl_send_simple(struct nl_sock *sk, int type, int flags, void *buf, size_t size)
Construct and transmit a Netlink message.
Definition: nl.c:581
struct nl_object * nl_cache_get_next(struct nl_object *obj)
Return the next element in the cache.
Definition: cache.c:146
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
Definition: msg.c:449
int nl_wait_for_ack(struct nl_sock *sk)
Wait for ACK.
Definition: nl.c:1113
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:216
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
Definition: msg.c:348
struct xfrmnl_sel * xfrmnl_sel_alloc()
Allocate new selector object.
Definition: selector.c:78
struct xfrmnl_sel * xfrmnl_sel_clone(struct xfrmnl_sel *sel)
Clone existing selector object.
Definition: selector.c:97
struct xfrmnl_ltime_cfg * xfrmnl_ltime_cfg_alloc()
Allocate new lifetime config object.
Definition: lifetime.c:76
Dumping parameters.
Definition: types.h:33
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_clone(struct xfrmnl_user_tmpl *utmpl)
Clone existing user template object.
Definition: template.c:91
struct xfrmnl_user_tmpl * xfrmnl_user_tmpl_alloc()
Allocate new user template object.
Definition: template.c:72
int xfrmnl_ltime_cfg_cmp(struct xfrmnl_ltime_cfg *a, struct xfrmnl_ltime_cfg *b)
Compares two lifetime config objects.
Definition: lifetime.c:156
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:962
int xfrmnl_user_tmpl_cmp(struct xfrmnl_user_tmpl *a, struct xfrmnl_user_tmpl *b)
Compares two user template objects.
Definition: template.c:144
int nl_send_auto(struct nl_sock *sk, struct nl_msg *msg)
Finalize and transmit Netlink message.
Definition: nl.c:517
unsigned int nl_addr_get_len(const struct nl_addr *addr)
Get length of binary address of abstract address object.
Definition: addr.c:954
Dump all attributes including statistics.
Definition: types.h:24
struct nl_object * nl_cache_get_first(struct nl_cache *cache)
Return the first element in the cache.
Definition: cache.c:120
void * nl_addr_get_binary_addr(const struct nl_addr *addr)
Get binary address of abstract address object.
Definition: addr.c:942
int nl_cache_alloc_and_fill(struct nl_cache_ops *ops, struct nl_sock *sock, struct nl_cache **result)
Allocate new cache and fill it.
Definition: cache.c:234
struct nlattr * nla_nest_start(struct nl_msg *msg, int attrtype)
Start a new level of nested attributes.
Definition: attr.c:903
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:1000