libnl 3.7.0
Functions
Attribute Element

The AE interface allows a user to retrieve and update various Security Association (SA) attributes such as lifetime, replay state etc. More...

Functions

int xfrmnl_ae_parse (struct nlmsghdr *n, struct xfrmnl_ae **result)
 

XFRM AE Flags Translations

char * xfrmnl_ae_flags2str (int flags, char *buf, size_t len)
 
int xfrmnl_ae_str2flag (const char *name)
 

XFRM AE Update

int xfrmnl_ae_set (struct nl_sock *sk, struct xfrmnl_ae *ae, int flags)
 

XFRM AE Object Allocation/Freeage

struct xfrmnl_ae * xfrmnl_ae_alloc (void)
 
void xfrmnl_ae_put (struct xfrmnl_ae *ae)
 

XFRM AE Get

int xfrmnl_ae_build_get_request (struct nl_addr *daddr, unsigned int spi, unsigned int protocol, unsigned int mark_mask, unsigned int mark_value, struct nl_msg **result)
 
int xfrmnl_ae_get_kernel (struct nl_sock *sock, struct nl_addr *daddr, unsigned int spi, unsigned int protocol, unsigned int mark_mask, unsigned int mark_value, struct xfrmnl_ae **result)
 

Attributes

struct nl_addr * xfrmnl_ae_get_daddr (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_daddr (struct xfrmnl_ae *ae, struct nl_addr *addr)
 
int xfrmnl_ae_get_spi (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_spi (struct xfrmnl_ae *ae, unsigned int spi)
 
int xfrmnl_ae_get_family (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_family (struct xfrmnl_ae *ae, unsigned int family)
 
int xfrmnl_ae_get_proto (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_proto (struct xfrmnl_ae *ae, unsigned int protocol)
 
struct nl_addr * xfrmnl_ae_get_saddr (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_saddr (struct xfrmnl_ae *ae, struct nl_addr *addr)
 
int xfrmnl_ae_get_flags (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_flags (struct xfrmnl_ae *ae, unsigned int flags)
 
int xfrmnl_ae_get_reqid (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_reqid (struct xfrmnl_ae *ae, unsigned int reqid)
 
int xfrmnl_ae_get_mark (struct xfrmnl_ae *ae, unsigned int *mark_mask, unsigned int *mark_value)
 
int xfrmnl_ae_set_mark (struct xfrmnl_ae *ae, unsigned int value, unsigned int mask)
 
int xfrmnl_ae_get_curlifetime (struct xfrmnl_ae *ae, unsigned long long int *curr_bytes, unsigned long long int *curr_packets, unsigned long long int *curr_add_time, unsigned long long int *curr_use_time)
 
int xfrmnl_ae_set_curlifetime (struct xfrmnl_ae *ae, unsigned long long int curr_bytes, unsigned long long int curr_packets, unsigned long long int curr_add_time, unsigned long long int curr_use_time)
 
int xfrmnl_ae_get_replay_maxage (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_replay_maxage (struct xfrmnl_ae *ae, unsigned int replay_maxage)
 
int xfrmnl_ae_get_replay_maxdiff (struct xfrmnl_ae *ae)
 
int xfrmnl_ae_set_replay_maxdiff (struct xfrmnl_ae *ae, unsigned int replay_maxdiff)
 
int xfrmnl_ae_get_replay_state (struct xfrmnl_ae *ae, unsigned int *oseq, unsigned int *seq, unsigned int *bmp)
 
int xfrmnl_ae_set_replay_state (struct xfrmnl_ae *ae, unsigned int oseq, unsigned int seq, unsigned int bitmap)
 
int xfrmnl_ae_get_replay_state_esn (struct xfrmnl_ae *ae, unsigned int *oseq, unsigned int *seq, unsigned int *oseq_hi, unsigned int *seq_hi, unsigned int *replay_window, unsigned int *bmp_len, unsigned int *bmp)
 
int xfrmnl_ae_set_replay_state_esn (struct xfrmnl_ae *ae, unsigned int oseq, unsigned int seq, unsigned int oseq_hi, unsigned int seq_hi, unsigned int replay_window, unsigned int bmp_len, unsigned int *bmp)
 

Detailed Description

The AE interface allows a user to retrieve and update various Security Association (SA) attributes such as lifetime, replay state etc.

AE Flags
XFRM_AE_UNSPEC
XFRM_AE_RTHR=1
XFRM_AE_RVAL=2
XFRM_AE_LVAL=4
XFRM_AE_ETHR=8
XFRM_AE_CR=16
XFRM_AE_CE=32
XFRM_AE_CU=64
AE Identification
An AE is uniquely identified by the attributes listed below, whenever you refer to an existing AE all of the attributes must be set. There is no cache support for AE since you can retrieve the AE for any given combination of attributes mentioned below, but not all at once since they just characterize an SA.
  • destination address (xfrmnl_ae_set_daddr())
  • SPI (xfrmnl_ae_set_spi)
  • protocol (xfrmnl_ae_set_proto)
  • mark (xfrmnl_ae_set_mark)
Changeable Attributes
  • current lifetime (xfrmnl_ae_set_curlifetime())
  • replay properties (xfrmnl_ae_set_replay_maxage(), xfrmnl_ae_set_replay_maxdiff())
  • replay state (xfrmnl_ae_set_replay_state(), xfrmnl_ae_set_replay_state_esn))
Required Caches for Dumping
None
TODO
None
1) Retrieving AE information for a given SA tuple
// Create a netlink socket and connect it to XFRM subsystem in
the kernel to be able to send/receive info from userspace.
struct nl_sock* sk = nl_socket_alloc ();
nl_connect (sk, NETLINK_XFRM);
// AEs can then be looked up by the SA tuple, destination address,
SPI, protocol, mark:
struct xfrmnl_ae *ae;
xfrmnl_ae_get_kernel(sk, dst_addr, spi, proto,mark_mask, mark_value, &ae);
// After successful usage, the object must be freed
xfrmnl_ae_put(ae);
nl_connect
int nl_connect(struct nl_sock *sk, int protocol)
Create file descriptor and bind socket.
Definition: nl.c:97
nl_socket_alloc
struct nl_sock * nl_socket_alloc(void)
Allocate new netlink socket.
Definition: socket.c:200
2) Updating AE
// Allocate an empty AE handle to be filled out with the attributes
// of the new AE.
struct xfrmnl_ae *ae = xfrmnl_ae_alloc();
// Fill out the attributes of the new AE
xfrmnl_ae_set_daddr(ae, dst_addr);
xfrmnl_ae_set_spi(ae, 0xDEADBEEF);
xfrmnl_ae_set_proto(ae, 50);
xfrmnl_ae_set_mark(ae, 0x0);
xfrmnl_ae_set_saddr(ae, src_addr);
xfrmnl_ae_set_curlifetime(ae, 540, 10, 0xAABB1122, 0x0);
// Build the netlink message and send it to the kernel, the operation will
// block until the operation has been completed. Alternatively, a netlink message
// can be built using xfrmnl_ae_build_get_request () API and be sent using
// nl_send_auto(). Further the result from the kernel can be parsed using
// xfrmnl_ae_parse() API.
xfrmnl_ae_set(sk, ae, NLM_F_REPLACE);
// Free the memory
xfrmnl_ae_put(ae);

Function Documentation

◆ xfrmnl_ae_flags2str()

char * xfrmnl_ae_flags2str ( int  flags,
char *  buf,
size_t  len 
)

Definition at line 286 of file ae.c.

◆ xfrmnl_ae_str2flag()

int xfrmnl_ae_str2flag ( const char *  name)

Definition at line 291 of file ae.c.

◆ xfrmnl_ae_set()

int xfrmnl_ae_set ( struct nl_sock *  sk,
struct xfrmnl_ae *  ae,
int  flags 
)

Definition at line 443 of file ae.c.

◆ xfrmnl_ae_alloc()

struct xfrmnl_ae * xfrmnl_ae_alloc ( void  )

Definition at line 466 of file ae.c.

◆ xfrmnl_ae_put()

void xfrmnl_ae_put ( struct xfrmnl_ae *  ae)

Definition at line 471 of file ae.c.

◆ xfrmnl_ae_parse()

int xfrmnl_ae_parse ( struct nlmsghdr *  n,
struct xfrmnl_ae **  result 
)

Definition at line 488 of file ae.c.

◆ xfrmnl_ae_build_get_request()

int xfrmnl_ae_build_get_request ( struct nl_addr *  daddr,
unsigned int  spi,
unsigned int  protocol,
unsigned int  mark_mask,
unsigned int  mark_value,
struct nl_msg **  result 
)

Definition at line 601 of file ae.c.

◆ xfrmnl_ae_get_kernel()

int xfrmnl_ae_get_kernel ( struct nl_sock *  sock,
struct nl_addr *  daddr,
unsigned int  spi,
unsigned int  protocol,
unsigned int  mark_mask,
unsigned int  mark_value,
struct xfrmnl_ae **  result 
)

Definition at line 640 of file ae.c.

◆ xfrmnl_ae_get_daddr()

struct nl_addr * xfrmnl_ae_get_daddr ( struct xfrmnl_ae *  ae)

Definition at line 700 of file ae.c.

◆ xfrmnl_ae_set_daddr()

int xfrmnl_ae_set_daddr ( struct xfrmnl_ae *  ae,
struct nl_addr *  addr 
)

Definition at line 708 of file ae.c.

◆ xfrmnl_ae_get_spi()

int xfrmnl_ae_get_spi ( struct xfrmnl_ae *  ae)

Definition at line 713 of file ae.c.

◆ xfrmnl_ae_set_spi()

int xfrmnl_ae_set_spi ( struct xfrmnl_ae *  ae,
unsigned int  spi 
)

Definition at line 721 of file ae.c.

◆ xfrmnl_ae_get_family()

int xfrmnl_ae_get_family ( struct xfrmnl_ae *  ae)

Definition at line 729 of file ae.c.

◆ xfrmnl_ae_set_family()

int xfrmnl_ae_set_family ( struct xfrmnl_ae *  ae,
unsigned int  family 
)

Definition at line 737 of file ae.c.

◆ xfrmnl_ae_get_proto()

int xfrmnl_ae_get_proto ( struct xfrmnl_ae *  ae)

Definition at line 745 of file ae.c.

◆ xfrmnl_ae_set_proto()

int xfrmnl_ae_set_proto ( struct xfrmnl_ae *  ae,
unsigned int  protocol 
)

Definition at line 753 of file ae.c.

◆ xfrmnl_ae_get_saddr()

struct nl_addr * xfrmnl_ae_get_saddr ( struct xfrmnl_ae *  ae)

Definition at line 761 of file ae.c.

◆ xfrmnl_ae_set_saddr()

int xfrmnl_ae_set_saddr ( struct xfrmnl_ae *  ae,
struct nl_addr *  addr 
)

Definition at line 769 of file ae.c.

◆ xfrmnl_ae_get_flags()

int xfrmnl_ae_get_flags ( struct xfrmnl_ae *  ae)

Definition at line 774 of file ae.c.

◆ xfrmnl_ae_set_flags()

int xfrmnl_ae_set_flags ( struct xfrmnl_ae *  ae,
unsigned int  flags 
)

Definition at line 782 of file ae.c.

◆ xfrmnl_ae_get_reqid()

int xfrmnl_ae_get_reqid ( struct xfrmnl_ae *  ae)

Definition at line 790 of file ae.c.

◆ xfrmnl_ae_set_reqid()

int xfrmnl_ae_set_reqid ( struct xfrmnl_ae *  ae,
unsigned int  reqid 
)

Definition at line 798 of file ae.c.

◆ xfrmnl_ae_get_mark()

int xfrmnl_ae_get_mark ( struct xfrmnl_ae *  ae,
unsigned int *  mark_mask,
unsigned int *  mark_value 
)

Definition at line 806 of file ae.c.

◆ xfrmnl_ae_set_mark()

int xfrmnl_ae_set_mark ( struct xfrmnl_ae *  ae,
unsigned int  value,
unsigned int  mask 
)

Definition at line 822 of file ae.c.

◆ xfrmnl_ae_get_curlifetime()

int xfrmnl_ae_get_curlifetime ( struct xfrmnl_ae *  ae,
unsigned long long int *  curr_bytes,
unsigned long long int *  curr_packets,
unsigned long long int *  curr_add_time,
unsigned long long int *  curr_use_time 
)

Definition at line 831 of file ae.c.

◆ xfrmnl_ae_set_curlifetime()

int xfrmnl_ae_set_curlifetime ( struct xfrmnl_ae *  ae,
unsigned long long int  curr_bytes,
unsigned long long int  curr_packets,
unsigned long long int  curr_add_time,
unsigned long long int  curr_use_time 
)

Definition at line 851 of file ae.c.

◆ xfrmnl_ae_get_replay_maxage()

int xfrmnl_ae_get_replay_maxage ( struct xfrmnl_ae *  ae)

Definition at line 864 of file ae.c.

◆ xfrmnl_ae_set_replay_maxage()

int xfrmnl_ae_set_replay_maxage ( struct xfrmnl_ae *  ae,
unsigned int  replay_maxage 
)

Definition at line 872 of file ae.c.

◆ xfrmnl_ae_get_replay_maxdiff()

int xfrmnl_ae_get_replay_maxdiff ( struct xfrmnl_ae *  ae)

Definition at line 880 of file ae.c.

◆ xfrmnl_ae_set_replay_maxdiff()

int xfrmnl_ae_set_replay_maxdiff ( struct xfrmnl_ae *  ae,
unsigned int  replay_maxdiff 
)

Definition at line 888 of file ae.c.

◆ xfrmnl_ae_get_replay_state()

int xfrmnl_ae_get_replay_state ( struct xfrmnl_ae *  ae,
unsigned int *  oseq,
unsigned int *  seq,
unsigned int *  bmp 
)

Definition at line 896 of file ae.c.

◆ xfrmnl_ae_set_replay_state()

int xfrmnl_ae_set_replay_state ( struct xfrmnl_ae *  ae,
unsigned int  oseq,
unsigned int  seq,
unsigned int  bitmap 
)

Definition at line 917 of file ae.c.

◆ xfrmnl_ae_get_replay_state_esn()

int xfrmnl_ae_get_replay_state_esn ( struct xfrmnl_ae *  ae,
unsigned int *  oseq,
unsigned int *  seq,
unsigned int *  oseq_hi,
unsigned int *  seq_hi,
unsigned int *  replay_window,
unsigned int *  bmp_len,
unsigned int *  bmp 
)

Definition at line 927 of file ae.c.

◆ xfrmnl_ae_set_replay_state_esn()

int xfrmnl_ae_set_replay_state_esn ( struct xfrmnl_ae *  ae,
unsigned int  oseq,
unsigned int  seq,
unsigned int  oseq_hi,
unsigned int  seq_hi,
unsigned int  replay_window,
unsigned int  bmp_len,
unsigned int *  bmp 
)

Definition at line 953 of file ae.c.