void ipoe_nl_delete(int ifindex) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; struct { struct nlmsghdr n; char buf[1024]; } req; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_ppp_error("ipoe: cannot open generic netlink socket\n"); return; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = ipoe_genl_id; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_DELETE; addattr32(nlh, 128, IPOE_ATTR_IFINDEX, ifindex); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) log_ppp_error("ipoe: nl_delete: error talking to kernel\n"); rtnl_close(&rth); }
int do_ipl2tp(int argc, char **argv) { if (genl_family < 0) { if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) { fprintf(stderr, "Cannot open generic netlink socket\n"); exit(1); } genl_family = genl_resolve_family(&genl_rth, L2TP_GENL_NAME); if (genl_family < 0) exit(1); } if (argc < 1) usage(); if (matches(*argv, "add") == 0) return do_add(argc-1, argv+1); if (matches(*argv, "delete") == 0) return do_del(argc-1, argv+1); if (matches(*argv, "show") == 0 || matches(*argv, "lst") == 0 || matches(*argv, "list") == 0) return do_show(argc-1, argv+1); if (matches(*argv, "help") == 0) usage(); fprintf(stderr, "Command \"%s\" is unknown, try \"ip l2tp help\".\n", *argv); exit(-1); }
static void init(void) { int mcg_id = genl_resolve_mcg(IPOE_GENL_NAME, IPOE_GENL_MCG_PKT, &ipoe_genl_id); if (mcg_id == -1) { log_warn("ipoe: unclassified packet handling is disabled\n"); rth.fd = -1; return; } if (rtnl_open_byproto(&rth, 1 << (mcg_id - 1), NETLINK_GENERIC)) { log_error("ipoe: cannot open generic netlink socket\n"); rth.fd = -1; return; } fcntl(rth.fd, F_SETFL, O_NONBLOCK); fcntl(rth.fd, F_SETFD, fcntl(rth.fd, F_GETFD) | FD_CLOEXEC); triton_context_register(&mc_ctx, NULL); mc_hnd.fd = rth.fd; triton_md_register_handler(&mc_ctx, &mc_hnd); triton_md_enable_handler(&mc_hnd, MD_MODE_READ); triton_context_wakeup(&mc_ctx); ipoe_nl_del_exclude(0); }
static int xfrm_spd_getinfo(int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; __u32 flags; char ans[128]; } req; memset(&req, 0, sizeof(req)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32)); req.n.nlmsg_flags = NLM_F_REQUEST; req.n.nlmsg_type = XFRM_MSG_GETSPDINFO; req.flags = 0XFFFFFFFF; if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (rtnl_talk(&rth, &req.n, 0, 0, &req.n, NULL, NULL) < 0) exit(2); print_spdinfo(&req.n, (void*)stdout); rtnl_close(&rth); return 0; }
int rtnl_do(int proto, struct nlmsghdr *sn, struct nlmsghdr *rn) { struct rtnl_handle rth; int err; if (rtnl_open_byproto(&rth, 0, proto) < 0) { dbg("ERROR \n"); return -1; } err = rtnl_talk(&rth, sn, 0, 0, rn, NULL, NULL); rtnl_close(&rth); return err; }
int cthd_nl_wrapper::genl_acpi_family_open(cthd_engine *engine) { if (genl_get_family_status(ACPI_EVENT_FAMILY_NAME, 1) < 0) return -1; if (rtnl_open_byproto (&rt_handle, nl_mgrp(acpi_event_mcast_group_id), NETLINK_GENERIC) < 0) { fprintf(stderr, "Canot open generic netlink socket\n"); return -1; } thd_engine = engine; return 0; }
static int xfrm_policy_flush(int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; char buf[RTA_BUF_SIZE]; } req; char *ptypep = NULL; struct xfrm_userpolicy_type upt; memset(&req, 0, sizeof(req)); memset(&upt, 0, sizeof(upt)); req.n.nlmsg_len = NLMSG_LENGTH(0); /* nlmsg data is nothing */ req.n.nlmsg_flags = NLM_F_REQUEST; req.n.nlmsg_type = XFRM_MSG_FLUSHPOLICY; while (argc > 0) { if (strcmp(*argv, "ptype") == 0) { if (ptypep) duparg("ptype", *argv); ptypep = *argv; NEXT_ARG(); xfrm_policy_ptype_parse(&upt.type, &argc, &argv); filter.dir_mask = XFRM_FILTER_MASK_FULL; } else invarg("unknown", *argv); argc--; argv++; } if (ptypep) { addattr_l(&req.n, sizeof(req), XFRMA_POLICY_TYPE, (void *)&upt, sizeof(upt)); } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (show_stats > 1) fprintf(stderr, "Flush policy\n"); if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0) exit(2); rtnl_close(&rth); return 0; }
static int ctrl_listen(int argc, char **argv) { struct rtnl_handle rth; if (rtnl_open_byproto(&rth, nl_mgrp(GENL_ID_CTRL), NETLINK_GENERIC) < 0) { fprintf(stderr, "Canot open generic netlink socket\n"); return -1; } if (rtnl_listen(&rth, print_ctrl, (void *) stdout) < 0) return -1; return 0; }
int cthd_nl_wrapper::genl_get_family_status(char *family_name, int type) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; int ret = -1; struct { struct nlmsghdr n; char buf[4096]; } req; memset(&req, 0, sizeof(req)); nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = GENL_ID_CTRL; ghdr = (struct genlmsghdr *)NLMSG_DATA(&req.n); ghdr->cmd = CTRL_CMD_GETFAMILY; /* send CTRL_CMD_GET_FAMILY message to controller */ if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) { fprintf(stderr, "Cannot open generic netlink socket\n"); exit(1); } addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, family_name, strlen(family_name) + 1); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL) < 0) { fprintf(stderr, "Error talking to the kernel\n"); goto ctrl_done; } if (type) { if (genl_get_mcast_group_id(nlh)) fprintf(stderr, "Failed to get acpi_event multicast group\n"); } else if (genl_print_ctrl_message(NULL, nlh, (void *)stdout) < 0) fprintf(stderr, "Failed to print acpi_event family status\n"); ret = 0; ctrl_done: rtnl_close(&rth); return ret; }
int ipoe_nl_modify(int ifindex, uint32_t peer_addr, uint32_t addr, const char *ifname, uint8_t *hwaddr) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; int ret = 0; struct { struct nlmsghdr n; char buf[1024]; } req; union { uint8_t hwaddr[6]; uint64_t u64; } u; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_ppp_error("ipoe: cannot open generic netlink socket\n"); return -1; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = ipoe_genl_id; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_MODIFY; addattr32(nlh, 1024, IPOE_ATTR_IFINDEX, ifindex); addattr32(nlh, 1024, IPOE_ATTR_PEER_ADDR, peer_addr); addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); if (hwaddr) { memcpy(u.hwaddr, hwaddr, 6); addattr_l(nlh, 1024, IPOE_ATTR_HWADDR, &u.u64, 8); } if (ifname) addattr_l(nlh, 1024, IPOE_ATTR_IFNAME, ifname, strlen(ifname) + 1); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) { log_ppp_error("ipoe: nl_create: error talking to kernel\n"); ret = -1; } rtnl_close(&rth); return ret; }
int genl_init_handle(struct rtnl_handle *grth, const char *family, int *genl_family) { if (*genl_family >= 0) return 0; if (rtnl_open_byproto(grth, 0, NETLINK_GENERIC) < 0) { fprintf(stderr, "Cannot open generic netlink socket\n"); return -1; } *genl_family = genl_resolve_family(grth, family); if (*genl_family < 0) return -1; return 0; }
/** * Initialize the middlebox firewall application. * This sets up the firewall's policies. * * @param policy_file the configuration file (in libconfig format) that specifies * the firewall's policy. If NULL, a default policy is used. * * @return 0 on success, negative on error */ int signaling_hipfw_feedback_init(const char *key_file, const char *cert_file) { int err = 0; /* Load the host identity */ if (HIP_DEFAULT_HIPFW_ALGO == HIP_HI_ECDSA) { load_ecdsa_private_key(key_file, &ecdsa_key); hip_any_key_to_hit(ecdsa_key, &our_hit, 0, HIP_HI_ECDSA); } else if (HIP_DEFAULT_HIPFW_ALGO == HIP_HI_RSA) { load_rsa_private_key(key_file, &rsa_key); hip_any_key_to_hit(rsa_key, &our_hit, 0, HIP_HI_RSA); } HIP_DEBUG("Successfully Loaded the MiddleBox key.\n"); HIP_INFO_HIT("Our hit: ", &our_hit); mb_cert = load_x509_certificate(cert_file); /* Sockets */ hipfw_nat_sock_output_udp = init_raw_sock_v4(IPPROTO_UDP); if (hipfw_nat_sock_output_udp > 0) { HIP_DEBUG("Successfully initialized nat output socket. \n"); } else { HIP_DEBUG("Failed to bind output socket. \n"); } if (rtnl_open_byproto(&hipfw_nl_route, RTMGRP_LINK | RTMGRP_IPV6_IFADDR | IPPROTO_IPV6 | RTMGRP_IPV4_IFADDR | IPPROTO_IP, NETLINK_ROUTE) < 0) { err = 1; HIP_ERROR("Routing socket error: %s\n", strerror(errno)); goto out_err; } else { HIP_DEBUG("Successfully opened netlink socket \n"); } /* flush ip table rules to not catch our own notify... */ system_print("iptables -D HIPFW-OUTPUT 1"); system_print("iptables -D HIPFW-OUTPUT 1"); out_err: return err; }
int rtnl_iterate(int proto, int type, rtnl_filter_t func, void *extarg) { struct rtnl_handle rth; if (rtnl_open_byproto(&rth, 0, proto) < 0) return -1; if (rtnl_wilddump_request(&rth, AF_INET6, type) < 0) { rtnl_close(&rth); return -1; } if (rtnl_dump_filter(&rth, func, extarg, NULL, NULL) < 0) { rtnl_close(&rth); return -1; } rtnl_close(&rth); return 0; }
int mpls_list(int cmd,int argc, char **argv) { struct genlmsghdr *ghdr; struct rtnl_handle rth; struct { struct nlmsghdr n; char buf[4096]; } req; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) { fprintf (stderr, "Error opening nl socket\n"); //exit(-1); return -1; } memset(&req, 0, sizeof(req)); req.n.nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); req.n.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST; req.n.nlmsg_type = PF_MPLS; req.n.nlmsg_seq = rth.dump = ++rth.seq; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = cmd; if (rtnl_send(&rth, (const char *)&req.n, req.n.nlmsg_len) < 0) { perror("Cannot send dump request"); //exit(1); return 1; } if (rtnl_dump_filter(&rth, print_mpls, stdout, NULL, NULL) < 0) { fprintf(stderr, "Dump terminated\n"); //exit(1); return 1; } rtnl_close(&rth); return 0; }
int ipoe_nl_add_vlan_mon_vid(int ifindex, int vid) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; struct { struct nlmsghdr n; char buf[1024]; } req; int r = 0; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_error("ipoe: cannot open generic netlink socket\n"); return -1; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = ipoe_genl_id; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_ADD_VLAN_MON_VID; addattr32(nlh, 1024, IPOE_ATTR_IFINDEX, ifindex); addattr32(nlh, 1024, IPOE_ATTR_ADDR, vid); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) { log_error("ipoe: nl_add_vlan_mon_vid: error talking to kernel\n"); r = -1; } rtnl_close(&rth); return r; }
int ipoe_nl_add_exclude(uint32_t addr, int mask) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; struct { struct nlmsghdr n; char buf[1024]; } req; int ret = 0; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_ppp_error("ipoe: cannot open generic netlink socket\n"); return -1; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = ipoe_genl_id; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_ADD_EXCLUDE; addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) { log_ppp_error("ipoe: nl_add_net: error talking to kernel\n"); ret = -1; } rtnl_close(&rth); return ret; }
static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall) { char *selp = NULL; struct rtnl_handle rth; if (argc > 0) filter.use = 1; filter.xpinfo.sel.family = preferred_family; while (argc > 0) { if (strcmp(*argv, "dir") == 0) { NEXT_ARG(); xfrm_policy_dir_parse(&filter.xpinfo.dir, &argc, &argv); filter.dir_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "index") == 0) { NEXT_ARG(); if (get_u32(&filter.xpinfo.index, *argv, 0)) invarg("INDEX value is invalid", *argv); filter.index_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "ptype") == 0) { NEXT_ARG(); xfrm_policy_ptype_parse(&filter.ptype, &argc, &argv); filter.ptype_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "action") == 0) { NEXT_ARG(); if (strcmp(*argv, "allow") == 0) filter.xpinfo.action = XFRM_POLICY_ALLOW; else if (strcmp(*argv, "block") == 0) filter.xpinfo.action = XFRM_POLICY_BLOCK; else invarg("ACTION value is invalid\n", *argv); filter.action_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "priority") == 0) { NEXT_ARG(); if (get_u32(&filter.xpinfo.priority, *argv, 0)) invarg("PRIORITY value is invalid", *argv); filter.priority_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "flag") == 0) { NEXT_ARG(); xfrm_policy_flag_parse(&filter.xpinfo.flags, &argc, &argv); filter.policy_flags_mask = XFRM_FILTER_MASK_FULL; } else { if (selp) invarg("unknown", *argv); selp = *argv; xfrm_selector_parse(&filter.xpinfo.sel, &argc, &argv); if (preferred_family == AF_UNSPEC) preferred_family = filter.xpinfo.sel.family; } argc--; argv++; } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (deleteall) { struct xfrm_buffer xb; char buf[NLMSG_DELETEALL_BUF_SIZE]; int i; xb.buf = buf; xb.size = sizeof(buf); xb.rth = &rth; for (i = 0; ; i++) { struct { struct nlmsghdr n; char buf[NLMSG_BUF_SIZE]; } req = { .n.nlmsg_len = NLMSG_HDRLEN, .n.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST, .n.nlmsg_type = XFRM_MSG_GETPOLICY, .n.nlmsg_seq = rth.dump = ++rth.seq, }; xb.offset = 0; xb.nlmsg_count = 0; if (show_stats > 1) fprintf(stderr, "Delete-all round = %d\n", i); if (rtnl_send(&rth, (void *)&req, req.n.nlmsg_len) < 0) { perror("Cannot send dump request"); exit(1); } if (rtnl_dump_filter(&rth, xfrm_policy_keep, &xb) < 0) { fprintf(stderr, "Delete-all terminated\n"); exit(1); } if (xb.nlmsg_count == 0) { if (show_stats > 1) fprintf(stderr, "Delete-all completed\n"); break; } if (rtnl_send_check(&rth, xb.buf, xb.offset) < 0) { perror("Failed to send delete-all request"); exit(1); } if (show_stats > 1) fprintf(stderr, "Delete-all nlmsg count = %d\n", xb.nlmsg_count); xb.offset = 0; xb.nlmsg_count = 0; } } else { struct { struct nlmsghdr n; char buf[NLMSG_BUF_SIZE]; } req = { .n.nlmsg_len = NLMSG_HDRLEN, .n.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST, .n.nlmsg_type = XFRM_MSG_GETPOLICY, .n.nlmsg_seq = rth.dump = ++rth.seq, }; if (rtnl_send(&rth, (void *)&req, req.n.nlmsg_len) < 0) { perror("Cannot send dump request"); exit(1); } if (rtnl_dump_filter(&rth, xfrm_policy_print, stdout) < 0) { fprintf(stderr, "Dump terminated\n"); exit(1); } } rtnl_close(&rth); exit(0); } static int print_spdinfo( struct nlmsghdr *n, void *arg) { FILE *fp = (FILE*)arg; __u32 *f = NLMSG_DATA(n); struct rtattr * tb[XFRMA_SPD_MAX+1]; struct rtattr * rta; int len = n->nlmsg_len; len -= NLMSG_LENGTH(sizeof(__u32)); if (len < 0) { fprintf(stderr, "SPDinfo: Wrong len %d\n", len); return -1; } rta = XFRMSAPD_RTA(f); parse_rtattr(tb, XFRMA_SPD_MAX, rta, len); fprintf(fp,"\t SPD"); if (tb[XFRMA_SPD_INFO]) { struct xfrmu_spdinfo *si; if (RTA_PAYLOAD(tb[XFRMA_SPD_INFO]) < sizeof(*si)) { fprintf(stderr, "SPDinfo: Wrong len %d\n", len); return -1; } si = RTA_DATA(tb[XFRMA_SPD_INFO]); fprintf(fp," IN %d", si->incnt); fprintf(fp," OUT %d", si->outcnt); fprintf(fp," FWD %d", si->fwdcnt); if (show_stats) { fprintf(fp," (Sock:"); fprintf(fp," IN %d", si->inscnt); fprintf(fp," OUT %d", si->outscnt); fprintf(fp," FWD %d", si->fwdscnt); fprintf(fp,")"); } fprintf(fp, "%s", _SL_); } if (show_stats > 1) { struct xfrmu_spdhinfo *sh; if (tb[XFRMA_SPD_HINFO]) { if (RTA_PAYLOAD(tb[XFRMA_SPD_HINFO]) < sizeof(*sh)) { fprintf(stderr, "SPDinfo: Wrong len %d\n", len); return -1; } sh = RTA_DATA(tb[XFRMA_SPD_HINFO]); fprintf(fp,"\t SPD buckets:"); fprintf(fp," count %d", sh->spdhcnt); fprintf(fp," Max %d", sh->spdhmcnt); fprintf(fp, "%s", _SL_); } if (tb[XFRMA_SPD_IPV4_HTHRESH]) { struct xfrmu_spdhthresh *th; if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV4_HTHRESH]) < sizeof(*th)) { fprintf(stderr, "SPDinfo: Wrong len %d\n", len); return -1; } th = RTA_DATA(tb[XFRMA_SPD_IPV4_HTHRESH]); fprintf(fp,"\t SPD IPv4 thresholds:"); fprintf(fp," local %d", th->lbits); fprintf(fp," remote %d", th->rbits); fprintf(fp, "%s", _SL_); } if (tb[XFRMA_SPD_IPV6_HTHRESH]) { struct xfrmu_spdhthresh *th; if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV6_HTHRESH]) < sizeof(*th)) { fprintf(stderr, "SPDinfo: Wrong len %d\n", len); return -1; } th = RTA_DATA(tb[XFRMA_SPD_IPV6_HTHRESH]); fprintf(fp,"\t SPD IPv6 thresholds:"); fprintf(fp," local %d", th->lbits); fprintf(fp," remote %d", th->rbits); fprintf(fp, "%s", _SL_); } } if (oneline) fprintf(fp, "\n"); return 0; }
static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall) { char *selp = NULL; struct rtnl_handle rth; if (argc > 0) filter.use = 1; filter.xpinfo.sel.family = preferred_family; while (argc > 0) { if (strcmp(*argv, "dir") == 0) { NEXT_ARG(); xfrm_policy_dir_parse(&filter.xpinfo.dir, &argc, &argv); filter.dir_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "index") == 0) { NEXT_ARG(); if (get_u32(&filter.xpinfo.index, *argv, 0)) invarg("\"INDEX\" is invalid", *argv); filter.index_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "ptype") == 0) { NEXT_ARG(); xfrm_policy_ptype_parse(&filter.ptype, &argc, &argv); filter.ptype_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "action") == 0) { NEXT_ARG(); if (strcmp(*argv, "allow") == 0) filter.xpinfo.action = XFRM_POLICY_ALLOW; else if (strcmp(*argv, "block") == 0) filter.xpinfo.action = XFRM_POLICY_BLOCK; else invarg("\"ACTION\" is invalid\n", *argv); filter.action_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "priority") == 0) { NEXT_ARG(); if (get_u32(&filter.xpinfo.priority, *argv, 0)) invarg("\"PRIORITY\" is invalid", *argv); filter.priority_mask = XFRM_FILTER_MASK_FULL; } else if (strcmp(*argv, "flag") == 0) { NEXT_ARG(); xfrm_policy_flag_parse(&filter.xpinfo.flags, &argc, &argv); filter.policy_flags_mask = XFRM_FILTER_MASK_FULL; } else { if (selp) invarg("unknown", *argv); selp = *argv; xfrm_selector_parse(&filter.xpinfo.sel, &argc, &argv); if (preferred_family == AF_UNSPEC) preferred_family = filter.xpinfo.sel.family; } argc--; argv++; } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (deleteall) { struct xfrm_buffer xb; char buf[NLMSG_DELETEALL_BUF_SIZE]; int i; xb.buf = buf; xb.size = sizeof(buf); xb.rth = &rth; for (i = 0; ; i++) { xb.offset = 0; xb.nlmsg_count = 0; if (show_stats > 1) fprintf(stderr, "Delete-all round = %d\n", i); if (rtnl_wilddump_request(&rth, preferred_family, XFRM_MSG_GETPOLICY) < 0) { perror("Cannot send dump request"); exit(1); } if (rtnl_dump_filter(&rth, xfrm_policy_keep, &xb, NULL, NULL) < 0) { fprintf(stderr, "Delete-all terminated\n"); exit(1); } if (xb.nlmsg_count == 0) { if (show_stats > 1) fprintf(stderr, "Delete-all completed\n"); break; } if (rtnl_send(&rth, xb.buf, xb.offset) < 0) { perror("Failed to send delete-all request\n"); exit(1); } if (show_stats > 1) fprintf(stderr, "Delete-all nlmsg count = %d\n", xb.nlmsg_count); xb.offset = 0; xb.nlmsg_count = 0; } } else { if (rtnl_wilddump_request(&rth, preferred_family, XFRM_MSG_GETPOLICY) < 0) { perror("Cannot send dump request"); exit(1); } if (rtnl_dump_filter(&rth, xfrm_policy_print, stdout, NULL, NULL) < 0) { fprintf(stderr, "Dump terminated\n"); exit(1); } } rtnl_close(&rth); exit(0); }
static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; struct xfrm_userpolicy_info xpinfo; char buf[RTA_BUF_SIZE]; } req; char *dirp = NULL; char *selp = NULL; char *ptypep = NULL; struct xfrm_userpolicy_type upt; char tmpls_buf[XFRM_TMPLS_BUF_SIZE]; int tmpls_len = 0; memset(&req, 0, sizeof(req)); memset(&upt, 0, sizeof(upt)); memset(&tmpls_buf, 0, sizeof(tmpls_buf)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpinfo)); req.n.nlmsg_flags = NLM_F_REQUEST|flags; req.n.nlmsg_type = cmd; req.xpinfo.sel.family = preferred_family; req.xpinfo.lft.soft_byte_limit = XFRM_INF; req.xpinfo.lft.hard_byte_limit = XFRM_INF; req.xpinfo.lft.soft_packet_limit = XFRM_INF; req.xpinfo.lft.hard_packet_limit = XFRM_INF; while (argc > 0) { if (strcmp(*argv, "dir") == 0) { if (dirp) duparg("dir", *argv); dirp = *argv; NEXT_ARG(); xfrm_policy_dir_parse(&req.xpinfo.dir, &argc, &argv); } else if (strcmp(*argv, "index") == 0) { NEXT_ARG(); if (get_u32(&req.xpinfo.index, *argv, 0)) invarg("\"INDEX\" is invalid", *argv); } else if (strcmp(*argv, "ptype") == 0) { if (ptypep) duparg("ptype", *argv); ptypep = *argv; NEXT_ARG(); xfrm_policy_ptype_parse(&upt.type, &argc, &argv); } else if (strcmp(*argv, "action") == 0) { NEXT_ARG(); if (strcmp(*argv, "allow") == 0) req.xpinfo.action = XFRM_POLICY_ALLOW; else if (strcmp(*argv, "block") == 0) req.xpinfo.action = XFRM_POLICY_BLOCK; else invarg("\"action\" value is invalid\n", *argv); } else if (strcmp(*argv, "priority") == 0) { NEXT_ARG(); if (get_u32(&req.xpinfo.priority, *argv, 0)) invarg("\"PRIORITY\" is invalid", *argv); } else if (strcmp(*argv, "flag") == 0) { NEXT_ARG(); xfrm_policy_flag_parse(&req.xpinfo.flags, &argc, &argv); } else if (strcmp(*argv, "limit") == 0) { NEXT_ARG(); xfrm_lifetime_cfg_parse(&req.xpinfo.lft, &argc, &argv); } else if (strcmp(*argv, "tmpl") == 0) { struct xfrm_user_tmpl *tmpl; if (tmpls_len + sizeof(*tmpl) > sizeof(tmpls_buf)) { fprintf(stderr, "Too many tmpls: buffer overflow\n"); exit(1); } tmpl = (struct xfrm_user_tmpl *)((char *)tmpls_buf + tmpls_len); tmpl->family = preferred_family; tmpl->aalgos = (~(__u32)0); tmpl->ealgos = (~(__u32)0); tmpl->calgos = (~(__u32)0); NEXT_ARG(); xfrm_tmpl_parse(tmpl, &argc, &argv); tmpls_len += sizeof(*tmpl); } else { if (selp) duparg("unknown", *argv); selp = *argv; xfrm_selector_parse(&req.xpinfo.sel, &argc, &argv); if (preferred_family == AF_UNSPEC) preferred_family = req.xpinfo.sel.family; } argc--; argv++; } if (!dirp) { fprintf(stderr, "Not enough information: \"DIR\" is required.\n"); exit(1); } if (ptypep) { addattr_l(&req.n, sizeof(req), XFRMA_POLICY_TYPE, (void *)&upt, sizeof(upt)); } if (tmpls_len > 0) { addattr_l(&req.n, sizeof(req), XFRMA_TMPL, (void *)tmpls_buf, tmpls_len); } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (req.xpinfo.sel.family == AF_UNSPEC) req.xpinfo.sel.family = AF_INET; if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0) exit(2); rtnl_close(&rth); return 0; }
static int xfrm_state_allocspi(int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; struct xfrm_userspi_info xspi; char buf[RTA_BUF_SIZE]; } req; char *idp = NULL; char *minp = NULL; char *maxp = NULL; struct xfrm_mark mark = {0, 0}; char res_buf[NLMSG_BUF_SIZE]; struct nlmsghdr *res_n = (struct nlmsghdr *)res_buf; memset(res_buf, 0, sizeof(res_buf)); memset(&req, 0, sizeof(req)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xspi)); req.n.nlmsg_flags = NLM_F_REQUEST; req.n.nlmsg_type = XFRM_MSG_ALLOCSPI; req.xspi.info.family = preferred_family; #if 0 req.xsinfo.lft.soft_byte_limit = XFRM_INF; req.xsinfo.lft.hard_byte_limit = XFRM_INF; req.xsinfo.lft.soft_packet_limit = XFRM_INF; req.xsinfo.lft.hard_packet_limit = XFRM_INF; #endif while (argc > 0) { if (strcmp(*argv, "mode") == 0) { NEXT_ARG(); xfrm_mode_parse(&req.xspi.info.mode, &argc, &argv); } else if (strcmp(*argv, "mark") == 0) { xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "reqid") == 0) { NEXT_ARG(); xfrm_reqid_parse(&req.xspi.info.reqid, &argc, &argv); } else if (strcmp(*argv, "seq") == 0) { NEXT_ARG(); xfrm_seq_parse(&req.xspi.info.seq, &argc, &argv); } else if (strcmp(*argv, "min") == 0) { if (minp) duparg("min", *argv); minp = *argv; NEXT_ARG(); if (get_u32(&req.xspi.min, *argv, 0)) invarg("\"min\" value is invalid", *argv); } else if (strcmp(*argv, "max") == 0) { if (maxp) duparg("max", *argv); maxp = *argv; NEXT_ARG(); if (get_u32(&req.xspi.max, *argv, 0)) invarg("\"max\" value is invalid", *argv); } else { /* try to assume ID */ if (idp) invarg("unknown", *argv); idp = *argv; /* ID */ xfrm_id_parse(&req.xspi.info.saddr, &req.xspi.info.id, &req.xspi.info.family, 0, &argc, &argv); if (req.xspi.info.id.spi) { fprintf(stderr, "\"SPI\" must be zero\n"); exit(1); } if (preferred_family == AF_UNSPEC) preferred_family = req.xspi.info.family; } argc--; argv++; } if (!idp) { fprintf(stderr, "Not enough information: \"ID\" is required\n"); exit(1); } if (minp) { if (!maxp) { fprintf(stderr, "\"max\" is missing\n"); exit(1); } if (req.xspi.min > req.xspi.max) { fprintf(stderr, "\"min\" value is larger than \"max\" value\n"); exit(1); } } else { if (maxp) { fprintf(stderr, "\"min\" is missing\n"); exit(1); } /* XXX: Default value defined in PF_KEY; * See kernel's net/key/af_key.c(pfkey_getspi). */ req.xspi.min = 0x100; req.xspi.max = 0x0fffffff; /* XXX: IPCOMP spi is 16-bits; * See kernel's net/xfrm/xfrm_user(verify_userspi_info). */ if (req.xspi.info.id.proto == IPPROTO_COMP) req.xspi.max = 0xffff; } if (mark.m & mark.v) { int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, (void *)&mark, sizeof(mark)); if (r < 0) { fprintf(stderr, "XFRMA_MARK failed\n"); exit(1); } } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (req.xspi.info.family == AF_UNSPEC) req.xspi.info.family = AF_INET; if (rtnl_talk(&rth, &req.n, 0, 0, res_n) < 0) exit(2); if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) { fprintf(stderr, "An error :-)\n"); exit(1); } rtnl_close(&rth); return 0; }
static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; struct xfrm_usersa_info xsinfo; char buf[RTA_BUF_SIZE]; } req; struct xfrm_replay_state replay; char *idp = NULL; char *aeadop = NULL; char *ealgop = NULL; char *aalgop = NULL; char *calgop = NULL; char *coap = NULL; char *sctxp = NULL; struct xfrm_mark mark = {0, 0}; struct { struct xfrm_user_sec_ctx sctx; char str[CTX_BUF_SIZE]; } ctx; memset(&req, 0, sizeof(req)); memset(&replay, 0, sizeof(replay)); memset(&ctx, 0, sizeof(ctx)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo)); req.n.nlmsg_flags = NLM_F_REQUEST|flags; req.n.nlmsg_type = cmd; req.xsinfo.family = preferred_family; req.xsinfo.lft.soft_byte_limit = XFRM_INF; req.xsinfo.lft.hard_byte_limit = XFRM_INF; req.xsinfo.lft.soft_packet_limit = XFRM_INF; req.xsinfo.lft.hard_packet_limit = XFRM_INF; while (argc > 0) { if (strcmp(*argv, "mode") == 0) { NEXT_ARG(); xfrm_mode_parse(&req.xsinfo.mode, &argc, &argv); } else if (strcmp(*argv, "mark") == 0) { xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "reqid") == 0) { NEXT_ARG(); xfrm_reqid_parse(&req.xsinfo.reqid, &argc, &argv); } else if (strcmp(*argv, "seq") == 0) { NEXT_ARG(); xfrm_seq_parse(&req.xsinfo.seq, &argc, &argv); } else if (strcmp(*argv, "replay-window") == 0) { NEXT_ARG(); if (get_u8(&req.xsinfo.replay_window, *argv, 0)) invarg("\"replay-window\" value is invalid", *argv); } else if (strcmp(*argv, "replay-seq") == 0) { NEXT_ARG(); if (get_u32(&replay.seq, *argv, 0)) invarg("\"replay-seq\" value is invalid", *argv); } else if (strcmp(*argv, "replay-oseq") == 0) { NEXT_ARG(); if (get_u32(&replay.oseq, *argv, 0)) invarg("\"replay-oseq\" value is invalid", *argv); } else if (strcmp(*argv, "flag") == 0) { NEXT_ARG(); xfrm_state_flag_parse(&req.xsinfo.flags, &argc, &argv); } else if (strcmp(*argv, "sel") == 0) { NEXT_ARG(); xfrm_selector_parse(&req.xsinfo.sel, &argc, &argv); } else if (strcmp(*argv, "limit") == 0) { NEXT_ARG(); xfrm_lifetime_cfg_parse(&req.xsinfo.lft, &argc, &argv); } else if (strcmp(*argv, "encap") == 0) { struct xfrm_encap_tmpl encap; inet_prefix oa; NEXT_ARG(); xfrm_encap_type_parse(&encap.encap_type, &argc, &argv); NEXT_ARG(); if (get_u16(&encap.encap_sport, *argv, 0)) invarg("\"encap\" sport value is invalid", *argv); encap.encap_sport = htons(encap.encap_sport); NEXT_ARG(); if (get_u16(&encap.encap_dport, *argv, 0)) invarg("\"encap\" dport value is invalid", *argv); encap.encap_dport = htons(encap.encap_dport); NEXT_ARG(); get_addr(&oa, *argv, AF_UNSPEC); memcpy(&encap.encap_oa, &oa.data, sizeof(encap.encap_oa)); addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP, (void *)&encap, sizeof(encap)); } else if (strcmp(*argv, "coa") == 0) { inet_prefix coa; xfrm_address_t xcoa; if (coap) duparg("coa", *argv); coap = *argv; NEXT_ARG(); get_prefix(&coa, *argv, preferred_family); if (coa.family == AF_UNSPEC) invarg("\"coa\" address family is AF_UNSPEC", *argv); if (coa.bytelen > sizeof(xcoa)) invarg("\"coa\" address length is too large", *argv); memset(&xcoa, 0, sizeof(xcoa)); memcpy(&xcoa, &coa.data, coa.bytelen); addattr_l(&req.n, sizeof(req.buf), XFRMA_COADDR, (void *)&xcoa, sizeof(xcoa)); } else if (strcmp(*argv, "ctx") == 0) { char *context; if (sctxp) duparg("ctx", *argv); sctxp = *argv; NEXT_ARG(); context = *argv; xfrm_sctx_parse((char *)&ctx.str, context, &ctx.sctx); addattr_l(&req.n, sizeof(req.buf), XFRMA_SEC_CTX, (void *)&ctx, ctx.sctx.len); } else { /* try to assume ALGO */ int type = xfrm_algotype_getbyname(*argv); switch (type) { case XFRMA_ALG_AEAD: case XFRMA_ALG_CRYPT: case XFRMA_ALG_AUTH: case XFRMA_ALG_AUTH_TRUNC: case XFRMA_ALG_COMP: { /* ALGO */ struct { union { struct xfrm_algo alg; struct xfrm_algo_aead aead; struct xfrm_algo_auth auth; } u; char buf[XFRM_ALGO_KEY_BUF_SIZE]; } alg = {}; int len; __u32 icvlen, trunclen; char *name; char *key; char *buf; switch (type) { case XFRMA_ALG_AEAD: if (aeadop) duparg("ALGO-TYPE", *argv); aeadop = *argv; break; case XFRMA_ALG_CRYPT: if (ealgop) duparg("ALGO-TYPE", *argv); ealgop = *argv; break; case XFRMA_ALG_AUTH: case XFRMA_ALG_AUTH_TRUNC: if (aalgop) duparg("ALGO-TYPE", *argv); aalgop = *argv; break; case XFRMA_ALG_COMP: if (calgop) duparg("ALGO-TYPE", *argv); calgop = *argv; break; default: /* not reached */ invarg("\"ALGO-TYPE\" is invalid\n", *argv); } if (!NEXT_ARG_OK()) missarg("ALGO-NAME"); NEXT_ARG(); name = *argv; if (!NEXT_ARG_OK()) missarg("ALGO-KEY"); NEXT_ARG(); key = *argv; buf = alg.u.alg.alg_key; len = sizeof(alg.u.alg); switch (type) { case XFRMA_ALG_AEAD: if (!NEXT_ARG_OK()) missarg("ALGO-ICV-LEN"); NEXT_ARG(); if (get_u32(&icvlen, *argv, 0)) invarg("\"aead\" ICV length is invalid", *argv); alg.u.aead.alg_icv_len = icvlen; buf = alg.u.aead.alg_key; len = sizeof(alg.u.aead); break; case XFRMA_ALG_AUTH_TRUNC: if (!NEXT_ARG_OK()) missarg("ALGO-TRUNC-LEN"); NEXT_ARG(); if (get_u32(&trunclen, *argv, 0)) invarg("\"auth\" trunc length is invalid", *argv); alg.u.auth.alg_trunc_len = trunclen; buf = alg.u.auth.alg_key; len = sizeof(alg.u.auth); break; } xfrm_algo_parse((void *)&alg, type, name, key, buf, sizeof(alg.buf)); len += alg.u.alg.alg_key_len; addattr_l(&req.n, sizeof(req.buf), type, (void *)&alg, len); break; } default: /* try to assume ID */ if (idp) invarg("unknown", *argv); idp = *argv; /* ID */ xfrm_id_parse(&req.xsinfo.saddr, &req.xsinfo.id, &req.xsinfo.family, 0, &argc, &argv); if (preferred_family == AF_UNSPEC) preferred_family = req.xsinfo.family; } } argc--; argv++; } if (replay.seq || replay.oseq) addattr_l(&req.n, sizeof(req.buf), XFRMA_REPLAY_VAL, (void *)&replay, sizeof(replay)); if (!idp) { fprintf(stderr, "Not enough information: \"ID\" is required\n"); exit(1); } if (mark.m & mark.v) { int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, (void *)&mark, sizeof(mark)); if (r < 0) { fprintf(stderr, "XFRMA_MARK failed\n"); exit(1); } } switch (req.xsinfo.mode) { case XFRM_MODE_TRANSPORT: case XFRM_MODE_TUNNEL: if (!xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) { fprintf(stderr, "\"mode\" is invalid with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } break; case XFRM_MODE_ROUTEOPTIMIZATION: case XFRM_MODE_IN_TRIGGER: if (!xfrm_xfrmproto_is_ro(req.xsinfo.id.proto)) { fprintf(stderr, "\"mode\" is invalid with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } if (req.xsinfo.id.spi != 0) { fprintf(stderr, "\"spi\" must be 0 with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } break; default: break; } if (aeadop || ealgop || aalgop || calgop) { if (!xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) { fprintf(stderr, "\"ALGO\" is invalid with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } } else { if (xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) { fprintf(stderr, "\"ALGO\" is required with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit (1); } } if (coap) { if (!xfrm_xfrmproto_is_ro(req.xsinfo.id.proto)) { fprintf(stderr, "\"coa\" is invalid with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } } else { if (xfrm_xfrmproto_is_ro(req.xsinfo.id.proto)) { fprintf(stderr, "\"coa\" is required with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit (1); } } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (req.xsinfo.family == AF_UNSPEC) req.xsinfo.family = AF_INET; if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) exit(2); rtnl_close(&rth); return 0; }
int do_xfrm_monitor(int argc, char **argv) { char *file = NULL; unsigned int groups = ~((unsigned)0); /* XXX */ int lacquire = 0; int lexpire = 0; int laevent = 0; int lpolicy = 0; int lsa = 0; int lreport = 0; rtnl_close(&rth); while (argc > 0) { if (matches(*argv, "file") == 0) { NEXT_ARG(); file = *argv; } else if (matches(*argv, "all-nsid") == 0) { listen_all_nsid = 1; } else if (matches(*argv, "acquire") == 0) { lacquire = 1; groups = 0; } else if (matches(*argv, "expire") == 0) { lexpire = 1; groups = 0; } else if (matches(*argv, "SA") == 0) { lsa = 1; groups = 0; } else if (matches(*argv, "aevent") == 0) { laevent = 1; groups = 0; } else if (matches(*argv, "policy") == 0) { lpolicy = 1; groups = 0; } else if (matches(*argv, "report") == 0) { lreport = 1; groups = 0; } else if (matches(*argv, "help") == 0) { usage(); } else if (strcmp(*argv, "all")) { fprintf(stderr, "Argument \"%s\" is unknown, try \"ip xfrm monitor help\".\n", *argv); exit(-1); } argc--; argv++; } if (lacquire) groups |= nl_mgrp(XFRMNLGRP_ACQUIRE); if (lexpire) groups |= nl_mgrp(XFRMNLGRP_EXPIRE); if (lsa) groups |= nl_mgrp(XFRMNLGRP_SA); if (lpolicy) groups |= nl_mgrp(XFRMNLGRP_POLICY); if (laevent) groups |= nl_mgrp(XFRMNLGRP_AEVENTS); if (lreport) groups |= nl_mgrp(XFRMNLGRP_REPORT); if (file) { FILE *fp; int err; fp = fopen(file, "r"); if (fp == NULL) { perror("Cannot fopen"); exit(-1); } err = rtnl_from_file(fp, xfrm_accept_msg, stdout); fclose(fp); return err; } if (rtnl_open_byproto(&rth, groups, NETLINK_XFRM) < 0) exit(1); if (listen_all_nsid && rtnl_listen_all_nsid(&rth) < 0) exit(1); if (rtnl_listen(&rth, xfrm_accept_msg, (void *)stdout) < 0) exit(2); return 0; }
static int xfrm_spd_setinfo(int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; __u32 flags; char buf[RTA_BUF_SIZE]; } req; char *thr4 = NULL; char *thr6 = NULL; memset(&req, 0, sizeof(req)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32)); req.n.nlmsg_flags = NLM_F_REQUEST; req.n.nlmsg_type = XFRM_MSG_NEWSPDINFO; req.flags = 0XFFFFFFFF; while (argc > 0) { if (strcmp(*argv, "hthresh4") == 0) { struct xfrmu_spdhthresh thr; if (thr4) duparg("hthresh4", *argv); thr4 = *argv; NEXT_ARG(); if (get_u8(&thr.lbits, *argv, 0) || thr.lbits > 32) invarg("hthresh4 LBITS value is invalid", *argv); NEXT_ARG(); if (get_u8(&thr.rbits, *argv, 0) || thr.rbits > 32) invarg("hthresh4 RBITS value is invalid", *argv); addattr_l(&req.n, sizeof(req), XFRMA_SPD_IPV4_HTHRESH, (void *)&thr, sizeof(thr)); } else if (strcmp(*argv, "hthresh6") == 0) { struct xfrmu_spdhthresh thr; if (thr6) duparg("hthresh6", *argv); thr6 = *argv; NEXT_ARG(); if (get_u8(&thr.lbits, *argv, 0) || thr.lbits > 128) invarg("hthresh6 LBITS value is invalid", *argv); NEXT_ARG(); if (get_u8(&thr.rbits, *argv, 0) || thr.rbits > 128) invarg("hthresh6 RBITS value is invalid", *argv); addattr_l(&req.n, sizeof(req), XFRMA_SPD_IPV6_HTHRESH, (void *)&thr, sizeof(thr)); } else { invarg("unknown", *argv); } argc--; argv++; } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) exit(2); rtnl_close(&rth); return 0; }
int __export genl_resolve_mcg(const char *family, const char *name, int *fam_id) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; struct rtattr *tb[CTRL_ATTR_MAX + 1]; struct rtattr *tb2[GENL_MAX_FAM_GRPS + 1]; struct rtattr *tb3[CTRL_ATTR_MCAST_GRP_MAX + 1]; struct rtattr *attrs; int i, len, ret = -1; struct { struct nlmsghdr n; char buf[4096]; } req; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_error("genl: cannot open rtnetlink\n"); return -1; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = GENL_ID_CTRL; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = CTRL_CMD_GETFAMILY; addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, family, strlen(family) + 1); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) { log_error("genl: error talking to kernel\n"); goto out; } if (nlh->nlmsg_type != GENL_ID_CTRL) { log_error("genl: not a controller message %d\n", nlh->nlmsg_type); goto out; } ghdr = NLMSG_DATA(nlh); if (ghdr->cmd != CTRL_CMD_NEWFAMILY) { log_error("genl: unknown controller command %d\n", ghdr->cmd); goto out; } len = nlh->nlmsg_len - NLMSG_LENGTH(GENL_HDRLEN); if (len < 0) { log_error("genl: wrong controller message len %d\n", len); goto out; } attrs = (struct rtattr *)((char *)ghdr + GENL_HDRLEN); parse_rtattr(tb, CTRL_ATTR_MAX, attrs, len); if (!tb[CTRL_ATTR_FAMILY_ID]) { log_error("genl: missing CTRL_FAMILY_ID attribute\n"); goto out; } if (!tb[CTRL_ATTR_MCAST_GROUPS]) goto out; if (fam_id) *fam_id = *(uint32_t *)(RTA_DATA(tb[CTRL_ATTR_FAMILY_ID])); parse_rtattr_nested(tb2, GENL_MAX_FAM_GRPS, tb[CTRL_ATTR_MCAST_GROUPS]); for (i = 1; i < GENL_MAX_FAM_GRPS; i++) { if (tb2[i]) { parse_rtattr_nested(tb3, CTRL_ATTR_MCAST_GRP_MAX, tb2[i]); if (!tb3[CTRL_ATTR_MCAST_GRP_ID] || !tb3[CTRL_ATTR_MCAST_GRP_NAME]) continue; if (strcmp(RTA_DATA(tb3[CTRL_ATTR_MCAST_GRP_NAME]), name)) continue; ret = *(uint32_t *)(RTA_DATA(tb3[CTRL_ATTR_MCAST_GRP_ID])); break; } } out: rtnl_close(&rth); return ret; }
static int ctrl_list(int cmd, int argc, char **argv) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; int ret = -1; char d[GENL_NAMSIZ]; struct { struct nlmsghdr n; char buf[4096]; } req; memset(&req, 0, sizeof(req)); nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = GENL_ID_CTRL; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = CTRL_CMD_GETFAMILY; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) { fprintf(stderr, "Cannot open generic netlink socket\n"); exit(1); } if (cmd == CTRL_CMD_GETFAMILY) { if (argc != 2) { fprintf(stderr, "Wrong number of params\n"); return -1; } if (matches(*argv, "name") == 0) { NEXT_ARG(); strncpy(d, *argv, sizeof (d) - 1); addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, d, strlen(d) + 1); } else if (matches(*argv, "id") == 0) { __u16 id; NEXT_ARG(); if (get_u16(&id, *argv, 0)) { fprintf(stderr, "Illegal \"id\"\n"); goto ctrl_done; } addattr_l(nlh, 128, CTRL_ATTR_FAMILY_ID, &id, 2); } else { fprintf(stderr, "Wrong params\n"); goto ctrl_done; } if (rtnl_talk(&rth, nlh, nlh, sizeof(req)) < 0) { fprintf(stderr, "Error talking to the kernel\n"); goto ctrl_done; } if (print_ctrl2(NULL, nlh, (void *) stdout) < 0) { fprintf(stderr, "Dump terminated\n"); goto ctrl_done; } } if (cmd == CTRL_CMD_UNSPEC) { nlh->nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST; nlh->nlmsg_seq = rth.dump = ++rth.seq; if (rtnl_send(&rth, nlh, nlh->nlmsg_len) < 0) { perror("Failed to send dump request\n"); goto ctrl_done; } rtnl_dump_filter(&rth, print_ctrl2, stdout); } ret = 0; ctrl_done: rtnl_close(&rth); return ret; }
int genl_ctrl_resolve_family(const char *family) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; int ret = 0; struct { struct nlmsghdr n; char buf[4096]; } req; memset(&req, 0, sizeof(req)); nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = GENL_ID_CTRL; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = CTRL_CMD_GETFAMILY; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) { fprintf(stderr, "Cannot open generic netlink socket\n"); exit(1); } addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, family, strlen(family) + 1); if (rtnl_talk(&rth, nlh, nlh, sizeof(req)) < 0) { fprintf(stderr, "Error talking to the kernel\n"); goto errout; } { struct rtattr *tb[CTRL_ATTR_MAX + 1]; struct genlmsghdr *ghdr = NLMSG_DATA(nlh); int len = nlh->nlmsg_len; struct rtattr *attrs; if (nlh->nlmsg_type != GENL_ID_CTRL) { fprintf(stderr, "Not a controller message, nlmsg_len=%d " "nlmsg_type=0x%x\n", nlh->nlmsg_len, nlh->nlmsg_type); goto errout; } if (ghdr->cmd != CTRL_CMD_NEWFAMILY) { fprintf(stderr, "Unknown controller command %d\n", ghdr->cmd); goto errout; } len -= NLMSG_LENGTH(GENL_HDRLEN); if (len < 0) { fprintf(stderr, "wrong controller message len %d\n", len); return -1; } attrs = (struct rtattr *) ((char *) ghdr + GENL_HDRLEN); parse_rtattr(tb, CTRL_ATTR_MAX, attrs, len); if (tb[CTRL_ATTR_FAMILY_ID] == NULL) { fprintf(stderr, "Missing family id TLV\n"); goto errout; } ret = rta_getattr_u16(tb[CTRL_ATTR_FAMILY_ID]); } errout: rtnl_close(&rth); return ret; }
int ipoe_nl_create(uint32_t peer_addr, uint32_t addr, const char *ifname, uint8_t *hwaddr) { struct rtnl_handle rth; struct nlmsghdr *nlh; struct genlmsghdr *ghdr; struct rtattr *tb[IPOE_ATTR_MAX + 1]; struct rtattr *attrs; int len; int ret = -1; struct { struct nlmsghdr n; char buf[1024]; } req; union { uint8_t hwaddr[6]; uint64_t u64; } u; if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) { log_ppp_error("ipoe: cannot open generic netlink socket\n"); return -1; } nlh = &req.n; nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = ipoe_genl_id; ghdr = NLMSG_DATA(&req.n); ghdr->cmd = IPOE_CMD_CREATE; if (peer_addr) addattr32(nlh, 1024, IPOE_ATTR_PEER_ADDR, peer_addr); if (addr) addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr); if (hwaddr) { memcpy(u.hwaddr, hwaddr, 6); addattr_l(nlh, 1024, IPOE_ATTR_HWADDR, &u.u64, 8); } if (ifname) addattr_l(nlh, 1024, IPOE_ATTR_IFNAME, ifname, strlen(ifname) + 1); if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) log_ppp_error("ipoe: nl_create: error talking to kernel\n"); if (nlh->nlmsg_type != ipoe_genl_id) { log_ppp_error("ipoe: not a IPoE message %d\n", nlh->nlmsg_type); goto out; } ghdr = NLMSG_DATA(nlh); if (ghdr->cmd != IPOE_CMD_CREATE) { log_ppp_error("ipoe: unknown IPoE command %d\n", ghdr->cmd); goto out; } len = nlh->nlmsg_len - NLMSG_LENGTH(GENL_HDRLEN); if (len < 0) { log_ppp_error("ipoe: wrong IPoE message len %d\n", len); goto out; } attrs = (struct rtattr *)((char *)ghdr + GENL_HDRLEN); parse_rtattr(tb, IPOE_ATTR_MAX, attrs, len); if (!tb[IPOE_ATTR_IFINDEX]) { log_ppp_error("ipoe: missing IPOE_ATTR_IFINDEX attribute\n"); goto out; } ret = *(uint32_t *)(RTA_DATA(tb[IPOE_ATTR_IFINDEX])); out: rtnl_close(&rth); return ret; }
static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) { struct rtnl_handle rth; struct { struct nlmsghdr n; struct xfrm_usersa_info xsinfo; char buf[RTA_BUF_SIZE]; } req; char *idp = NULL; char *ealgop = NULL; char *aalgop = NULL; char *calgop = NULL; memset(&req, 0, sizeof(req)); req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo)); req.n.nlmsg_flags = NLM_F_REQUEST|flags; req.n.nlmsg_type = cmd; req.xsinfo.family = preferred_family; req.xsinfo.lft.soft_byte_limit = XFRM_INF; req.xsinfo.lft.hard_byte_limit = XFRM_INF; req.xsinfo.lft.soft_packet_limit = XFRM_INF; req.xsinfo.lft.hard_packet_limit = XFRM_INF; while (argc > 0) { if (strcmp(*argv, "mode") == 0) { NEXT_ARG(); xfrm_mode_parse(&req.xsinfo.mode, &argc, &argv); } else if (strcmp(*argv, "reqid") == 0) { NEXT_ARG(); xfrm_reqid_parse(&req.xsinfo.reqid, &argc, &argv); } else if (strcmp(*argv, "seq") == 0) { NEXT_ARG(); xfrm_seq_parse(&req.xsinfo.seq, &argc, &argv); } else if (strcmp(*argv, "replay-window") == 0) { NEXT_ARG(); if (get_u8(&req.xsinfo.replay_window, *argv, 0)) invarg("\"replay-window\" value is invalid", *argv); } else if (strcmp(*argv, "flag") == 0) { NEXT_ARG(); xfrm_state_flag_parse(&req.xsinfo.flags, &argc, &argv); } else if (strcmp(*argv, "sel") == 0) { NEXT_ARG(); xfrm_selector_parse(&req.xsinfo.sel, &argc, &argv); } else if (strcmp(*argv, "limit") == 0) { NEXT_ARG(); xfrm_lifetime_cfg_parse(&req.xsinfo.lft, &argc, &argv); } else if (strcmp(*argv, "encap") == 0) { struct xfrm_encap_tmpl encap; inet_prefix oa; NEXT_ARG(); xfrm_encap_type_parse(&encap.encap_type, &argc, &argv); NEXT_ARG(); if (get_u16(&encap.encap_sport, *argv, 0)) invarg("\"encap\" sport value is invalid", *argv); encap.encap_sport = htons(encap.encap_sport); NEXT_ARG(); if (get_u16(&encap.encap_dport, *argv, 0)) invarg("\"encap\" dport value is invalid", *argv); encap.encap_dport = htons(encap.encap_dport); NEXT_ARG(); get_addr(&oa, *argv, AF_UNSPEC); memcpy(&encap.encap_oa, &oa.data, sizeof(encap.encap_oa)); addattr_l(&req.n, sizeof(req.buf), XFRMA_ENCAP, (void *)&encap, sizeof(encap)); } else { /* try to assume ALGO */ int type = xfrm_algotype_getbyname(*argv); switch (type) { case XFRMA_ALG_CRYPT: case XFRMA_ALG_AUTH: case XFRMA_ALG_COMP: { /* ALGO */ struct { struct xfrm_algo alg; char buf[XFRM_ALGO_KEY_BUF_SIZE]; } alg; int len; char *name; char *key; switch (type) { case XFRMA_ALG_CRYPT: if (ealgop) duparg("ALGOTYPE", *argv); ealgop = *argv; break; case XFRMA_ALG_AUTH: if (aalgop) duparg("ALGOTYPE", *argv); aalgop = *argv; break; case XFRMA_ALG_COMP: if (calgop) duparg("ALGOTYPE", *argv); calgop = *argv; break; default: /* not reached */ invarg("\"ALGOTYPE\" is invalid\n", *argv); } if (!NEXT_ARG_OK()) missarg("ALGONAME"); NEXT_ARG(); name = *argv; if (!NEXT_ARG_OK()) missarg("ALGOKEY"); NEXT_ARG(); key = *argv; memset(&alg, 0, sizeof(alg)); xfrm_algo_parse((void *)&alg, type, name, key, sizeof(alg.buf)); len = sizeof(struct xfrm_algo) + alg.alg.alg_key_len; addattr_l(&req.n, sizeof(req.buf), type, (void *)&alg, len); break; } default: /* try to assume ID */ if (idp) invarg("unknown", *argv); idp = *argv; /* ID */ xfrm_id_parse(&req.xsinfo.saddr, &req.xsinfo.id, &req.xsinfo.family, 0, &argc, &argv); if (preferred_family == AF_UNSPEC) preferred_family = req.xsinfo.family; } } argc--; argv++; } if (!idp) { // fprintf(stderr, "Not enough information: \"ID\" is required\n"); exit(1); } if (ealgop || aalgop || calgop) { if (req.xsinfo.id.proto != IPPROTO_ESP && req.xsinfo.id.proto != IPPROTO_AH && req.xsinfo.id.proto != IPPROTO_COMP) { // fprintf(stderr, "\"ALGO\" is invalid with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit(1); } } else { if (req.xsinfo.id.proto == IPPROTO_ESP || req.xsinfo.id.proto == IPPROTO_AH || req.xsinfo.id.proto == IPPROTO_COMP) { // fprintf(stderr, "\"ALGO\" is required with proto=%s\n", strxf_xfrmproto(req.xsinfo.id.proto)); exit (1); } } if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); if (req.xsinfo.family == AF_UNSPEC) req.xsinfo.family = AF_INET; if (rtnl_talk(&rth, &req.n, 0, 0, NULL, NULL, NULL) < 0) exit(2); rtnl_close(&rth); return 0; }
int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions) { return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE); }
static int genl_get_ids(char *family_name) { /* handle to the netlink connection */ struct rtnl_handle rth; /* holds the request we are going to send and the reply */ struct { struct nlmsghdr n; char buf[4096]; /* ??? Is this big enough for all cases? */ } req; /* pointer to the nlmsghdr in req */ struct nlmsghdr *nlh; /* place for the generic netlink header before copied into req */ struct genlmsghdr ghdr; /* return value */ int ret = -1; /* clear out the request */ memset(&req, 0, sizeof(req)); /* set up nlh to point to the netlink header in req */ nlh = &req.n; /* set up the netlink header */ nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN); nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; nlh->nlmsg_type = GENL_ID_CTRL; /* clear out the generic netlink message header */ memset(&ghdr, 0, sizeof(struct genlmsghdr)); /* set the command we want to run: "GETFAMILY" */ ghdr.cmd = CTRL_CMD_GETFAMILY; /* copy it into req */ memcpy(NLMSG_DATA(&req.n), &ghdr, GENL_HDRLEN); /* the message payload is the family name */ addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME, family_name, strlen(family_name) + 1); /* open a generic netlink connection */ if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) { printf("Netlink: Cannot open generic netlink socket\n"); return -1; } /* * Send CTRL_CMD_GETFAMILY message (in nlh) to the generic * netlink controller. Reply will be in nlh upon return. */ if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL) < 0) { printf("Netlink: Error talking to the kernel\n"); goto ctrl_done; } /* process the response */ if (genl_get_mcast_group_id(nlh) < 0) { printf("Netlink: Failed to get acpi_event multicast group\n"); goto ctrl_done; } ret = 0; ctrl_done: rtnl_close(&rth); return ret; }