github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/nl/xfrm_linux.go (about) 1 package nl 2 3 import ( 4 "bytes" 5 "net" 6 "unsafe" 7 ) 8 9 // Infinity for packet and byte counts 10 const ( 11 XFRM_INF = ^uint64(0) 12 ) 13 14 type XfrmMsgType uint8 15 16 type XfrmMsg interface { 17 Type() XfrmMsgType 18 } 19 20 // Message Types 21 const ( 22 XFRM_MSG_BASE XfrmMsgType = 0x10 23 XFRM_MSG_NEWSA = 0x10 24 XFRM_MSG_DELSA = 0x11 25 XFRM_MSG_GETSA = 0x12 26 XFRM_MSG_NEWPOLICY = 0x13 27 XFRM_MSG_DELPOLICY = 0x14 28 XFRM_MSG_GETPOLICY = 0x15 29 XFRM_MSG_ALLOCSPI = 0x16 30 XFRM_MSG_ACQUIRE = 0x17 31 XFRM_MSG_EXPIRE = 0x18 32 XFRM_MSG_UPDPOLICY = 0x19 33 XFRM_MSG_UPDSA = 0x1a 34 XFRM_MSG_POLEXPIRE = 0x1b 35 XFRM_MSG_FLUSHSA = 0x1c 36 XFRM_MSG_FLUSHPOLICY = 0x1d 37 XFRM_MSG_NEWAE = 0x1e 38 XFRM_MSG_GETAE = 0x1f 39 XFRM_MSG_REPORT = 0x20 40 XFRM_MSG_MIGRATE = 0x21 41 XFRM_MSG_NEWSADINFO = 0x22 42 XFRM_MSG_GETSADINFO = 0x23 43 XFRM_MSG_NEWSPDINFO = 0x24 44 XFRM_MSG_GETSPDINFO = 0x25 45 XFRM_MSG_MAPPING = 0x26 46 XFRM_MSG_MAX = 0x26 47 XFRM_NR_MSGTYPES = 0x17 48 ) 49 50 // Attribute types 51 const ( 52 /* Netlink message attributes. */ 53 XFRMA_UNSPEC = iota 54 XFRMA_ALG_AUTH /* struct xfrm_algo */ 55 XFRMA_ALG_CRYPT /* struct xfrm_algo */ 56 XFRMA_ALG_COMP /* struct xfrm_algo */ 57 XFRMA_ENCAP /* struct xfrm_algo + struct xfrm_encap_tmpl */ 58 XFRMA_TMPL /* 1 or more struct xfrm_user_tmpl */ 59 XFRMA_SA /* struct xfrm_usersa_info */ 60 XFRMA_POLICY /* struct xfrm_userpolicy_info */ 61 XFRMA_SEC_CTX /* struct xfrm_sec_ctx */ 62 XFRMA_LTIME_VAL 63 XFRMA_REPLAY_VAL 64 XFRMA_REPLAY_THRESH 65 XFRMA_ETIMER_THRESH 66 XFRMA_SRCADDR /* xfrm_address_t */ 67 XFRMA_COADDR /* xfrm_address_t */ 68 XFRMA_LASTUSED /* unsigned long */ 69 XFRMA_POLICY_TYPE /* struct xfrm_userpolicy_type */ 70 XFRMA_MIGRATE 71 XFRMA_ALG_AEAD /* struct xfrm_algo_aead */ 72 XFRMA_KMADDRESS /* struct xfrm_user_kmaddress */ 73 XFRMA_ALG_AUTH_TRUNC /* struct xfrm_algo_auth */ 74 XFRMA_MARK /* struct xfrm_mark */ 75 XFRMA_TFCPAD /* __u32 */ 76 XFRMA_REPLAY_ESN_VAL /* struct xfrm_replay_esn */ 77 XFRMA_SA_EXTRA_FLAGS /* __u32 */ 78 XFRMA_PROTO /* __u8 */ 79 XFRMA_ADDRESS_FILTER /* struct xfrm_address_filter */ 80 XFRMA_PAD 81 XFRMA_OFFLOAD_DEV /* struct xfrm_state_offload */ 82 XFRMA_SET_MARK /* __u32 */ 83 XFRMA_SET_MARK_MASK /* __u32 */ 84 XFRMA_IF_ID /* __u32 */ 85 86 XFRMA_MAX = iota - 1 87 ) 88 89 const XFRMA_OUTPUT_MARK = XFRMA_SET_MARK 90 91 const ( 92 SizeofXfrmAddress = 0x10 93 SizeofXfrmSelector = 0x38 94 SizeofXfrmLifetimeCfg = 0x40 95 SizeofXfrmLifetimeCur = 0x20 96 SizeofXfrmId = 0x18 97 SizeofXfrmMark = 0x08 98 ) 99 100 // Netlink groups 101 const ( 102 XFRMNLGRP_NONE = 0x0 103 XFRMNLGRP_ACQUIRE = 0x1 104 XFRMNLGRP_EXPIRE = 0x2 105 XFRMNLGRP_SA = 0x3 106 XFRMNLGRP_POLICY = 0x4 107 XFRMNLGRP_AEVENTS = 0x5 108 XFRMNLGRP_REPORT = 0x6 109 XFRMNLGRP_MIGRATE = 0x7 110 XFRMNLGRP_MAPPING = 0x8 111 __XFRMNLGRP_MAX = 0x9 112 ) 113 114 // typedef union { 115 // __be32 a4; 116 // __be32 a6[4]; 117 // } xfrm_address_t; 118 119 type XfrmAddress [SizeofXfrmAddress]byte 120 121 func (x *XfrmAddress) ToIP() net.IP { 122 var empty = [12]byte{} 123 ip := make(net.IP, net.IPv6len) 124 if bytes.Equal(x[4:16], empty[:]) { 125 ip[10] = 0xff 126 ip[11] = 0xff 127 copy(ip[12:16], x[0:4]) 128 } else { 129 copy(ip[:], x[:]) 130 } 131 return ip 132 } 133 134 func (x *XfrmAddress) ToIPNet(prefixlen uint8) *net.IPNet { 135 ip := x.ToIP() 136 if GetIPFamily(ip) == FAMILY_V4 { 137 return &net.IPNet{IP: ip, Mask: net.CIDRMask(int(prefixlen), 32)} 138 } 139 return &net.IPNet{IP: ip, Mask: net.CIDRMask(int(prefixlen), 128)} 140 } 141 142 func (x *XfrmAddress) FromIP(ip net.IP) { 143 var empty = [16]byte{} 144 if len(ip) < net.IPv4len { 145 copy(x[4:16], empty[:]) 146 } else if GetIPFamily(ip) == FAMILY_V4 { 147 copy(x[0:4], ip.To4()[0:4]) 148 copy(x[4:16], empty[:12]) 149 } else { 150 copy(x[0:16], ip.To16()[0:16]) 151 } 152 } 153 154 func DeserializeXfrmAddress(b []byte) *XfrmAddress { 155 return (*XfrmAddress)(unsafe.Pointer(&b[0:SizeofXfrmAddress][0])) 156 } 157 158 func (x *XfrmAddress) Serialize() []byte { 159 return (*(*[SizeofXfrmAddress]byte)(unsafe.Pointer(x)))[:] 160 } 161 162 // struct xfrm_selector { 163 // xfrm_address_t daddr; 164 // xfrm_address_t saddr; 165 // __be16 dport; 166 // __be16 dport_mask; 167 // __be16 sport; 168 // __be16 sport_mask; 169 // __u16 family; 170 // __u8 prefixlen_d; 171 // __u8 prefixlen_s; 172 // __u8 proto; 173 // int ifindex; 174 // __kernel_uid32_t user; 175 // }; 176 177 type XfrmSelector struct { 178 Daddr XfrmAddress 179 Saddr XfrmAddress 180 Dport uint16 // big endian 181 DportMask uint16 // big endian 182 Sport uint16 // big endian 183 SportMask uint16 // big endian 184 Family uint16 185 PrefixlenD uint8 186 PrefixlenS uint8 187 Proto uint8 188 Pad [3]byte 189 Ifindex int32 190 User uint32 191 } 192 193 func (msg *XfrmSelector) Len() int { 194 return SizeofXfrmSelector 195 } 196 197 func DeserializeXfrmSelector(b []byte) *XfrmSelector { 198 return (*XfrmSelector)(unsafe.Pointer(&b[0:SizeofXfrmSelector][0])) 199 } 200 201 func (msg *XfrmSelector) Serialize() []byte { 202 return (*(*[SizeofXfrmSelector]byte)(unsafe.Pointer(msg)))[:] 203 } 204 205 // struct xfrm_lifetime_cfg { 206 // __u64 soft_byte_limit; 207 // __u64 hard_byte_limit; 208 // __u64 soft_packet_limit; 209 // __u64 hard_packet_limit; 210 // __u64 soft_add_expires_seconds; 211 // __u64 hard_add_expires_seconds; 212 // __u64 soft_use_expires_seconds; 213 // __u64 hard_use_expires_seconds; 214 // }; 215 // 216 217 type XfrmLifetimeCfg struct { 218 SoftByteLimit uint64 219 HardByteLimit uint64 220 SoftPacketLimit uint64 221 HardPacketLimit uint64 222 SoftAddExpiresSeconds uint64 223 HardAddExpiresSeconds uint64 224 SoftUseExpiresSeconds uint64 225 HardUseExpiresSeconds uint64 226 } 227 228 func (msg *XfrmLifetimeCfg) Len() int { 229 return SizeofXfrmLifetimeCfg 230 } 231 232 func DeserializeXfrmLifetimeCfg(b []byte) *XfrmLifetimeCfg { 233 return (*XfrmLifetimeCfg)(unsafe.Pointer(&b[0:SizeofXfrmLifetimeCfg][0])) 234 } 235 236 func (msg *XfrmLifetimeCfg) Serialize() []byte { 237 return (*(*[SizeofXfrmLifetimeCfg]byte)(unsafe.Pointer(msg)))[:] 238 } 239 240 // struct xfrm_lifetime_cur { 241 // __u64 bytes; 242 // __u64 packets; 243 // __u64 add_time; 244 // __u64 use_time; 245 // }; 246 247 type XfrmLifetimeCur struct { 248 Bytes uint64 249 Packets uint64 250 AddTime uint64 251 UseTime uint64 252 } 253 254 func (msg *XfrmLifetimeCur) Len() int { 255 return SizeofXfrmLifetimeCur 256 } 257 258 func DeserializeXfrmLifetimeCur(b []byte) *XfrmLifetimeCur { 259 return (*XfrmLifetimeCur)(unsafe.Pointer(&b[0:SizeofXfrmLifetimeCur][0])) 260 } 261 262 func (msg *XfrmLifetimeCur) Serialize() []byte { 263 return (*(*[SizeofXfrmLifetimeCur]byte)(unsafe.Pointer(msg)))[:] 264 } 265 266 // struct xfrm_id { 267 // xfrm_address_t daddr; 268 // __be32 spi; 269 // __u8 proto; 270 // }; 271 272 type XfrmId struct { 273 Daddr XfrmAddress 274 Spi uint32 // big endian 275 Proto uint8 276 Pad [3]byte 277 } 278 279 func (msg *XfrmId) Len() int { 280 return SizeofXfrmId 281 } 282 283 func DeserializeXfrmId(b []byte) *XfrmId { 284 return (*XfrmId)(unsafe.Pointer(&b[0:SizeofXfrmId][0])) 285 } 286 287 func (msg *XfrmId) Serialize() []byte { 288 return (*(*[SizeofXfrmId]byte)(unsafe.Pointer(msg)))[:] 289 } 290 291 type XfrmMark struct { 292 Value uint32 293 Mask uint32 294 } 295 296 func (msg *XfrmMark) Len() int { 297 return SizeofXfrmMark 298 } 299 300 func DeserializeXfrmMark(b []byte) *XfrmMark { 301 return (*XfrmMark)(unsafe.Pointer(&b[0:SizeofXfrmMark][0])) 302 } 303 304 func (msg *XfrmMark) Serialize() []byte { 305 return (*(*[SizeofXfrmMark]byte)(unsafe.Pointer(msg)))[:] 306 }