mirror of
https://github.com/vishvananda/netlink
synced 2024-12-18 04:34:42 +00:00
353 lines
8.3 KiB
Go
353 lines
8.3 KiB
Go
package netlink
|
|
|
|
import (
|
|
"fmt"
|
|
"syscall"
|
|
"unsafe"
|
|
)
|
|
|
|
const (
|
|
SizeofXfrmUsersaId = 0x18
|
|
SizeofXfrmStats = 0x0c
|
|
SizeofXfrmUsersaInfo = 0xe0
|
|
SizeofXfrmAlgo = 0x44
|
|
SizeofXfrmAlgoAuth = 0x48
|
|
)
|
|
|
|
// struct xfrm_usersa_id {
|
|
// xfrm_address_t daddr;
|
|
// __be32 spi;
|
|
// __u16 family;
|
|
// __u8 proto;
|
|
// };
|
|
|
|
type XfrmUsersaId struct {
|
|
Daddr XfrmAddress
|
|
Spi uint32 // big endian
|
|
Family uint16
|
|
Proto uint8
|
|
Pad byte
|
|
}
|
|
|
|
func (msg *XfrmUsersaId) Len() int {
|
|
return SizeofXfrmUsersaId
|
|
}
|
|
|
|
func DeserializeXfrmUsersaId(b []byte) *XfrmUsersaId {
|
|
return (*XfrmUsersaId)(unsafe.Pointer(&b[0:SizeofXfrmUsersaId][0]))
|
|
}
|
|
|
|
func (msg *XfrmUsersaId) Serialize() []byte {
|
|
return (*(*[SizeofXfrmUsersaId]byte)(unsafe.Pointer(msg)))[:]
|
|
}
|
|
|
|
// struct xfrm_stats {
|
|
// __u32 replay_window;
|
|
// __u32 replay;
|
|
// __u32 integrity_failed;
|
|
// };
|
|
|
|
type XfrmStats struct {
|
|
ReplayWindow uint32
|
|
Replay uint32
|
|
IntegrityFailed uint32
|
|
}
|
|
|
|
func (msg *XfrmStats) Len() int {
|
|
return SizeofXfrmStats
|
|
}
|
|
|
|
func DeserializeXfrmStats(b []byte) *XfrmStats {
|
|
return (*XfrmStats)(unsafe.Pointer(&b[0:SizeofXfrmStats][0]))
|
|
}
|
|
|
|
func (msg *XfrmStats) Serialize() []byte {
|
|
return (*(*[SizeofXfrmStats]byte)(unsafe.Pointer(msg)))[:]
|
|
}
|
|
|
|
// struct xfrm_usersa_info {
|
|
// struct xfrm_selector sel;
|
|
// struct xfrm_id id;
|
|
// xfrm_address_t saddr;
|
|
// struct xfrm_lifetime_cfg lft;
|
|
// struct xfrm_lifetime_cur curlft;
|
|
// struct xfrm_stats stats;
|
|
// __u32 seq;
|
|
// __u32 reqid;
|
|
// __u16 family;
|
|
// __u8 mode; /* XFRM_MODE_xxx */
|
|
// __u8 replay_window;
|
|
// __u8 flags;
|
|
// #define XFRM_STATE_NOECN 1
|
|
// #define XFRM_STATE_DECAP_DSCP 2
|
|
// #define XFRM_STATE_NOPMTUDISC 4
|
|
// #define XFRM_STATE_WILDRECV 8
|
|
// #define XFRM_STATE_ICMP 16
|
|
// #define XFRM_STATE_AF_UNSPEC 32
|
|
// #define XFRM_STATE_ALIGN4 64
|
|
// #define XFRM_STATE_ESN 128
|
|
// };
|
|
//
|
|
// #define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
|
|
//
|
|
|
|
type XfrmUsersaInfo struct {
|
|
Sel XfrmSelector
|
|
Id XfrmId
|
|
Saddr XfrmAddress
|
|
Lft XfrmLifetimeCfg
|
|
Curlft XfrmLifetimeCur
|
|
Stats XfrmStats
|
|
Seq uint32
|
|
Reqid uint32
|
|
Family uint16
|
|
Mode uint8
|
|
ReplayWindow uint8
|
|
Flags uint8 // TODO: investigate enum
|
|
Pad [7]byte
|
|
}
|
|
|
|
func (msg *XfrmUsersaInfo) Len() int {
|
|
return SizeofXfrmUsersaInfo
|
|
}
|
|
|
|
func DeserializeXfrmUsersaInfo(b []byte) *XfrmUsersaInfo {
|
|
return (*XfrmUsersaInfo)(unsafe.Pointer(&b[0:SizeofXfrmUsersaInfo][0]))
|
|
}
|
|
|
|
func (msg *XfrmUsersaInfo) Serialize() []byte {
|
|
return (*(*[SizeofXfrmUsersaInfo]byte)(unsafe.Pointer(msg)))[:]
|
|
}
|
|
|
|
// struct xfrm_algo {
|
|
// char alg_name[64];
|
|
// unsigned int alg_key_len; /* in bits */
|
|
// char alg_key[0];
|
|
// };
|
|
|
|
type XfrmAlgo struct {
|
|
AlgName [64]byte
|
|
AlgKeyLen uint32
|
|
AlgKey []byte
|
|
}
|
|
|
|
func (msg *XfrmAlgo) Len() int {
|
|
return SizeofXfrmAlgo + int(msg.AlgKeyLen/8)
|
|
}
|
|
|
|
func DeserializeXfrmAlgo(b []byte) *XfrmAlgo {
|
|
ret := XfrmAlgo{}
|
|
copy(ret.AlgName[:], b[0:64])
|
|
ret.AlgKeyLen = *(*uint32)(unsafe.Pointer(&b[64]))
|
|
ret.AlgKey = b[68:ret.Len()]
|
|
return &ret
|
|
}
|
|
|
|
func (msg *XfrmAlgo) Serialize() []byte {
|
|
b := make([]byte, msg.Len())
|
|
copy(b[0:64], msg.AlgName[:])
|
|
copy(b[64:68], (*(*[4]byte)(unsafe.Pointer(&msg.AlgKeyLen)))[:])
|
|
copy(b[68:msg.Len()], msg.AlgKey[:])
|
|
return b
|
|
}
|
|
|
|
// struct xfrm_algo_auth {
|
|
// char alg_name[64];
|
|
// unsigned int alg_key_len; /* in bits */
|
|
// unsigned int alg_trunc_len; /* in bits */
|
|
// char alg_key[0];
|
|
// };
|
|
|
|
type XfrmAlgoAuth struct {
|
|
AlgName [64]byte
|
|
AlgKeyLen uint32
|
|
AlgTruncLen uint32
|
|
AlgKey []byte
|
|
}
|
|
|
|
func (msg *XfrmAlgoAuth) Len() int {
|
|
return SizeofXfrmAlgoAuth + int(msg.AlgKeyLen/8)
|
|
}
|
|
|
|
func DeserializeXfrmAlgoAuth(b []byte) *XfrmAlgoAuth {
|
|
ret := XfrmAlgoAuth{}
|
|
copy(ret.AlgName[:], b[0:64])
|
|
ret.AlgKeyLen = *(*uint32)(unsafe.Pointer(&b[64]))
|
|
ret.AlgTruncLen = *(*uint32)(unsafe.Pointer(&b[68]))
|
|
ret.AlgKey = b[72:ret.Len()]
|
|
return &ret
|
|
}
|
|
|
|
func (msg *XfrmAlgoAuth) Serialize() []byte {
|
|
b := make([]byte, msg.Len())
|
|
copy(b[0:64], msg.AlgName[:])
|
|
copy(b[64:68], (*(*[4]byte)(unsafe.Pointer(&msg.AlgKeyLen)))[:])
|
|
copy(b[68:72], (*(*[4]byte)(unsafe.Pointer(&msg.AlgTruncLen)))[:])
|
|
copy(b[72:msg.Len()], msg.AlgKey[:])
|
|
return b
|
|
}
|
|
|
|
// struct xfrm_algo_aead {
|
|
// char alg_name[64];
|
|
// unsigned int alg_key_len; /* in bits */
|
|
// unsigned int alg_icv_len; /* in bits */
|
|
// char alg_key[0];
|
|
// }
|
|
|
|
// struct xfrm_encap_tmpl {
|
|
// __u16 encap_type;
|
|
// __be16 encap_sport;
|
|
// __be16 encap_dport;
|
|
// xfrm_address_t encap_oa;
|
|
// };
|
|
|
|
func writeStateAlgo(a *XfrmStateAlgo) []byte {
|
|
algo := XfrmAlgo{
|
|
AlgKeyLen: uint32(len(a.Key) * 8),
|
|
AlgKey: a.Key,
|
|
}
|
|
end := len(a.Name)
|
|
if end > 64 {
|
|
end = 64
|
|
}
|
|
copy(algo.AlgName[:end], a.Name)
|
|
return algo.Serialize()
|
|
}
|
|
|
|
func writeStateAlgoAuth(a *XfrmStateAlgo) []byte {
|
|
algo := XfrmAlgoAuth{
|
|
AlgKeyLen: uint32(len(a.Key) * 8),
|
|
AlgTruncLen: uint32(a.TruncateLen),
|
|
AlgKey: a.Key,
|
|
}
|
|
end := len(a.Name)
|
|
if end > 64 {
|
|
end = 64
|
|
}
|
|
copy(algo.AlgName[:end], a.Name)
|
|
return algo.Serialize()
|
|
}
|
|
|
|
// XfrmStateAdd will add an xfrm state to the system.
|
|
// Equivalent to: `ip xfrm state add $state`
|
|
func XfrmStateAdd(state *XfrmState) error {
|
|
// A state with spi 0 can't be deleted so don't allow it to be set
|
|
if state.Spi == 0 {
|
|
return fmt.Errorf("Spi must be set when adding xfrm state.")
|
|
}
|
|
req := newNetlinkRequest(XFRM_MSG_NEWSA, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
|
|
|
|
msg := &XfrmUsersaInfo{}
|
|
msg.Family = uint16(GetIPFamily(state.Dst))
|
|
msg.Id.Daddr.FromIP(state.Dst)
|
|
msg.Saddr.FromIP(state.Src)
|
|
msg.Id.Proto = uint8(state.Proto)
|
|
msg.Mode = uint8(state.Mode)
|
|
msg.Id.Spi = swap32(uint32(state.Spi))
|
|
msg.Reqid = uint32(state.Reqid)
|
|
req.AddData(msg)
|
|
|
|
if state.Auth != nil {
|
|
out := newRtAttr(XFRMA_ALG_AUTH_TRUNC, writeStateAlgoAuth(state.Auth))
|
|
req.AddData(out)
|
|
}
|
|
if state.Crypt != nil {
|
|
out := newRtAttr(XFRMA_ALG_CRYPT, writeStateAlgo(state.Crypt))
|
|
req.AddData(out)
|
|
}
|
|
|
|
_, err := req.Execute(syscall.NETLINK_XFRM, 0)
|
|
return err
|
|
}
|
|
|
|
// XfrmStateDel will delete an xfrm state from the system. Note that
|
|
// the Algos are ignored when matching the state to delete.
|
|
// Equivalent to: `ip xfrm state del $state`
|
|
func XfrmStateDel(state *XfrmState) error {
|
|
req := newNetlinkRequest(XFRM_MSG_DELSA, syscall.NLM_F_ACK)
|
|
|
|
msg := &XfrmUsersaId{}
|
|
msg.Daddr.FromIP(state.Dst)
|
|
msg.Family = uint16(GetIPFamily(state.Dst))
|
|
msg.Proto = uint8(state.Proto)
|
|
msg.Spi = swap32(uint32(state.Spi))
|
|
req.AddData(msg)
|
|
|
|
saddr := XfrmAddress{}
|
|
saddr.FromIP(state.Src)
|
|
srcdata := newRtAttr(XFRMA_SRCADDR, saddr.Serialize())
|
|
|
|
req.AddData(srcdata)
|
|
|
|
_, err := req.Execute(syscall.NETLINK_XFRM, 0)
|
|
return err
|
|
}
|
|
|
|
// XfrmStateList gets a list of xfrm states in the system.
|
|
// Equivalent to: `ip xfrm state show`.
|
|
// The list can be filtered by ip family.
|
|
func XfrmStateList(family int) ([]XfrmState, error) {
|
|
req := newNetlinkRequest(XFRM_MSG_GETSA, syscall.NLM_F_DUMP)
|
|
|
|
msg := newIfInfomsg(family)
|
|
req.AddData(msg)
|
|
|
|
msgs, err := req.Execute(syscall.NETLINK_XFRM, XFRM_MSG_NEWSA)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
res := make([]XfrmState, 0)
|
|
for _, m := range msgs {
|
|
msg := DeserializeXfrmUsersaInfo(m)
|
|
|
|
if family != FAMILY_ALL && family != int(msg.Family) {
|
|
continue
|
|
}
|
|
|
|
var state XfrmState
|
|
|
|
state.Dst = msg.Id.Daddr.ToIP()
|
|
state.Src = msg.Saddr.ToIP()
|
|
state.Proto = Proto(msg.Id.Proto)
|
|
state.Mode = Mode(msg.Mode)
|
|
state.Spi = int(swap32(msg.Id.Spi))
|
|
state.Reqid = int(msg.Reqid)
|
|
|
|
attrs, err := parseRouteAttr(m[msg.Len():])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
for _, attr := range attrs {
|
|
switch attr.Attr.Type {
|
|
case XFRMA_ALG_AUTH, XFRMA_ALG_CRYPT:
|
|
var resAlgo *XfrmStateAlgo
|
|
if attr.Attr.Type == XFRMA_ALG_AUTH {
|
|
if state.Auth == nil {
|
|
state.Auth = new(XfrmStateAlgo)
|
|
}
|
|
resAlgo = state.Auth
|
|
} else {
|
|
state.Crypt = new(XfrmStateAlgo)
|
|
resAlgo = state.Crypt
|
|
}
|
|
algo := DeserializeXfrmAlgo(attr.Value[:])
|
|
(*resAlgo).Name = bytesToString(algo.AlgName[:])
|
|
(*resAlgo).Key = algo.AlgKey
|
|
case XFRMA_ALG_AUTH_TRUNC:
|
|
if state.Auth == nil {
|
|
state.Auth = new(XfrmStateAlgo)
|
|
}
|
|
algo := DeserializeXfrmAlgoAuth(attr.Value[:])
|
|
state.Auth.Name = bytesToString(algo.AlgName[:])
|
|
state.Auth.Key = algo.AlgKey
|
|
state.Auth.TruncateLen = int(algo.AlgTruncLen)
|
|
}
|
|
|
|
}
|
|
res = append(res, state)
|
|
}
|
|
return res, nil
|
|
}
|