sys/linux: netlink xfrm support

1 files changed, 23 insertions, 17 deletions

diff --git a/sys/linux/socket_key.txt b/sys/linux/socket_key.txt
index 32971f453..cdd7a5c7d 100644
--- a/sys/linux/socket_key.txt
+++ b/sys/linux/socket_key.txt
@@ -38,9 +38,8 @@ sadb_msg {
 	sadb_msg_satype		flags[sadb_satype, int8]
 	sadb_msg_len		bytesize8[parent, int16]
 	sadb_msg_reserved	const[0, int16]
-	sadb_msg_seq		int32
-# TODO: what is this port id? do we need to pass something meaningful?
-	sadb_msg_pid		int32
+	sadb_msg_seq		proc[7388453, 8, int32]
+	sadb_msg_pid		proc[635427835, 4, int32]
 	ext_headers		array[sadb_ext_hdr]
 } [packed]
 
@@ -63,15 +62,16 @@ sadb_ext_hdr [
 sadb_sa {
 	sadb_len	bytesize8[parent, int16]
 	sadb_exttype	const[SADB_EXT_SA, int16]
-# TODO: what is this?
-	sadb_sa_spi	int32be
+	sadb_sa_spi	proc[1234, 4, int32be]
 	sadb_sa_replay	int8
 	sadb_sa_state	int8
 	sadb_sa_auth	int8[SADB_AALG_NONE:SADB_AALG_MAX]
 	sadb_sa_encrypt	int8[SADB_X_CALG_NONE:SADB_X_CALG_MAX]
-	sadb_sa_flags	int32
+	sadb_sa_flags	flags[sadb_sa_flags, int32]
 } [packed, align_8]
 
+sadb_sa_flags = SADB_SAFLAGS_PFS, SADB_SAFLAGS_NOPMTUDISC, SADB_SAFLAGS_DECAP_DSCP, SADB_SAFLAGS_NOECN
+
 sadb_lifetime {
 	sadb_len			bytesize8[parent, int16]
 	sadb_exttype			flags[sadb_lifetime_type, int16]
@@ -84,8 +84,8 @@ sadb_lifetime {
 sadb_address {
 	sadb_len		bytesize8[parent, int16]
 	sadb_exttype		flags[sadb_address_type, int16]
-	sadb_address_proto	int8
-	sadb_address_prefixlen	int8
+	sadb_address_proto	flags[xfrm_proto, int8]
+	sadb_address_prefixlen	flags[xfrm_prefixlens, int8]
 	sadb_address_reserved	const[0, int16]
 	addr			sadb_address_addr
 } [packed, align_8]
@@ -98,8 +98,10 @@ sadb_address_addr [
 sadb_key {
 	sadb_len		bytesize8[parent, int16]
 	sadb_exttype		flags[sadb_key_type, int16]
-	sadb_key_bits		int16
+# TODO: length in bits	
+	sadb_key_bits		len[key, int16]
 	sadb_key_reserved	const[0, int16]
+	key			array[int8]
 } [packed, align_8]
 
 sadb_ident {
@@ -113,8 +115,9 @@ sadb_ident {
 sadb_spirange {
 	sadb_len		bytesize8[parent, int16]
 	sadb_exttype		const[SADB_EXT_SPIRANGE, int16]
-	sadb_spirange_min	int32
-	sadb_spirange_max	int32
+# TODO: should this be int32be or not?
+	sadb_spirange_min	proc[1234, 4, int32]
+	sadb_spirange_max	proc[1234, 4, int32]
 	sadb_spirange_reserved	const[0, int32]
 } [packed, align_8]
 
@@ -122,21 +125,23 @@ sadb_x_policy {
 	sadb_len		bytesize8[parent, int16]
 	sadb_exttype		const[SADB_X_EXT_POLICY, int16]
 	sadb_x_policy_type	int16[IPSEC_POLICY_DISCARD:IPSEC_POLICY_BYPASS]
-	sadb_x_policy_dir	int8
+	sadb_x_policy_dir	flags[ipsec_policy_dir, int8]
 	sadb_x_policy_reserved	const[0, int8]
-	sadb_x_policy_id	int32
+	sadb_x_policy_id	proc[7236528, 16, int32]
 	sadb_x_policy_priority	int32
 	policy			sadb_x_ipsecrequest
 } [packed, align_8]
 
 sadb_x_ipsecrequest {
-	sadb_x_ipsecrequest_len		int16
-	sadb_x_ipsecrequest_proto	int16
+	sadb_x_ipsecrequest_len		bytesize8[parent, int16]
+	sadb_x_ipsecrequest_proto	flags[xfrm_proto, int16]
 	sadb_x_ipsecrequest_mode	int8
 	sadb_x_ipsecrequest_level	int8
 	sadb_x_ipsecrequest_reserved1	const[0, int16]
 	sadb_x_ipsecrequest_reqid	int32
 	sadb_x_ipsecrequest_reserved2	const[0, int32]
+	saddr				sadb_filter_addr
+	daddr				sadb_filter_addr
 } [packed, align_8]
 
 sadb_x_sa2 {
@@ -145,8 +150,8 @@ sadb_x_sa2 {
 	sadb_x_sa2_mode		int8
 	sadb_x_sa2_reserved1	const[0, int8]
 	sadb_x_sa2_reserved2	const[0, int16]
-	sadb_x_sa2_sequence	int32
-	sadb_x_sa2_reqid	int32
+	sadb_x_sa2_sequence	proc[7388453, 8, int32]
+	sadb_x_sa2_reqid	proc[13567, 8, int32]
 } [packed, align_8]
 
 sadb_x_nat_t_type {
@@ -201,4 +206,5 @@ sadb_address_type = SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS
 sadb_key_type = SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT
 sadb_ident_type = SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST
 sadb_nat_port_type = SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT
+ipsec_policy_dir = IPSEC_DIR_ANY, IPSEC_DIR_INBOUND, IPSEC_DIR_OUTBOUND, IPSEC_DIR_FWD, IPSEC_DIR_MAX
 sadb_filter_addr_len = 4, 16