sys: add some ip socket options

6 files changed, 207 insertions, 102 deletions

diff --git a/sys/socket_inet.txt b/sys/socket_inet.txt
index 7ebc92cb3..b5a612003 100644
--- a/sys/socket_inet.txt
+++ b/sys/socket_inet.txt
@@ -6,6 +6,7 @@ include <linux/ipv6.h>
 include <linux/route.h>
 include <uapi/linux/if_arp.h>
 include <uapi/linux/netfilter_ipv6/ip6_tables.h>
+include <uapi/linux/xfrm.h>
 
 # IP sockets
 
@@ -23,6 +24,11 @@ sockaddr_in {
 	pad     array[const[0, int8], 8]
 }
 
+sockaddr_storage_in {
+	addr	sockaddr_in
+	pad	array[const[0, int64], 15]
+}
+
 socket$inet(domain const[AF_INET], type flags[socket_type], proto int8) sock_in
 socketpair$inet(domain const[AF_INET], type flags[socket_type], proto int8, fds ptr[out, sock_in_pair])
 accept$inet(fd sock_in, peer ptr[out, sockaddr_in, opt], peerlen ptr[inout, len[peer, int32]]) sock_in
@@ -47,132 +53,180 @@ setsockopt$inet_buf(fd sock_in, level const[IPPROTO_IP], optname flags[inet_opti
 
 # Specific IP options
 
+sockopt_opt_ip_opts = IP_OPTIONS, IP_PKTOPTIONS
+
+getsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[in], optlen len[optval])
+
+getsockopt$inet_IP_IPSEC_POLICY(fd sock_in, level const[IPPROTO_IP], optname const[IP_IPSEC_POLICY], optval ptr[out, xfrm_filter], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_IP_IPSEC_POLICY(fd sock_in, level const[IPPROTO_IP], optname const[IP_IPSEC_POLICY], optval ptr[in, xfrm_filter], optlen len[optval])
+getsockopt$inet_IP_XFRM_POLICY(fd sock_in, level const[IPPROTO_IP], optname const[IP_XFRM_POLICY], optval ptr[out, xfrm_filter], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_IP_XFRM_POLICY(fd sock_in, level const[IPPROTO_IP], optname const[IP_XFRM_POLICY], optval ptr[in, xfrm_filter], optlen len[optval])
+
+sockopt_opt_ip_mreq = IP_ADD_MEMBERSHIP, IP_DROP_MEMBERSHIP, IP_MULTICAST_IF
+
 getsockopt$inet_mreq(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[out, ip_mreq], optlen ptr[inout, len[optval, int32]])
 setsockopt$inet_mreq(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[in, ip_mreq], optlen len[optval])
 getsockopt$inet_mreqn(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[out, ip_mreqn], optlen ptr[inout, len[optval, int32]])
 setsockopt$inet_mreqn(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[in, ip_mreqn], optlen len[optval])
+
+sockopt_opt_ip_mreqsrc = IP_ADD_SOURCE_MEMBERSHIP, IP_BLOCK_SOURCE, IP_DROP_SOURCE_MEMBERSHIP, IP_UNBLOCK_SOURCE
+
 getsockopt$inet_mreqsrc(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreqsrc], optval ptr[out, ip_mreq_source], optlen ptr[inout, len[optval, int32]])
 setsockopt$inet_mreqsrc(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreqsrc], optval ptr[in, ip_mreq_source], optlen len[optval])
+
 setsockopt$inet_msfilter(fd sock_in, level const[IPPROTO_IP], optname const[IP_MSFILTER], optval ptr[in, ip_msfilter], optlen len[optval])
-getsockopt$inet_mtu(fd sock_in, level const[IPPROTO_IP], optname const[IP_MTU_DISCOVER], optval ptr[out, flags[ip_mtu_discover, int32]], optlen ptr[inout, len[optval, int32]])
-setsockopt$inet_mtu(fd sock_in, level const[IPPROTO_IP], optname const[IP_MTU_DISCOVER], optval ptr[in, flags[ip_mtu_discover, int32]], optlen len[optval])
-getsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[out], optlen ptr[inout, len[optval, int32]])
-setsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[in], optlen len[optval])
+
+setsockopt$inet_MCAST_JOIN_GROUP(fd sock_in, level const[IPPROTO_IP], optname const[MCAST_JOIN_GROUP], optval ptr[in, group_req_in], optlen len[optval])
+setsockopt$inet_MCAST_LEAVE_GROUP(fd sock_in, level const[IPPROTO_IP], optname const[MCAST_LEAVE_GROUP], optval ptr[in, group_req_in], optlen len[optval])
+
+sockopt_opt_ip_group_source_req = MCAST_JOIN_SOURCE_GROUP, MCAST_LEAVE_SOURCE_GROUP, MCAST_BLOCK_SOURCE, MCAST_UNBLOCK_SOURCE
+
+setsockopt$inet_group_source_req(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_group_source_req], optval ptr[in, group_source_req_in], optlen len[optval])
+
+setsockopt$inet_MCAST_MSFILTER(fd sock_in, level const[IPPROTO_IP], optname const[MCAST_MSFILTER], optval ptr[in, group_filter_in], optlen len[optval])
+
 getsockopt$inet_pktinfo(fd sock_in, level const[IPPROTO_IP], optname const[IP_PKTINFO], optval ptr[out, in_pktinfo], optlen ptr[inout, len[optval, int32]])
 setsockopt$inet_pktinfo(fd sock_in, level const[IPPROTO_IP], optname const[IP_PKTINFO], optval ptr[in, in_pktinfo], optlen len[optval])
-getsockopt$inet_ipsec(fd sock_in, level const[IPPROTO_IP], optname const[IP_IPSEC_POLICY], optval ptr[out, xfrm_filer], optlen ptr[inout, len[optval, int32]])
-setsockopt$inet_ipsec(fd sock_in, level const[IPPROTO_IP], optname const[IP_IPSEC_POLICY], optval ptr[in, xfrm_filer], optlen len[optval])
 
-sockopt_opt_ip_mreq = IP_ADD_MEMBERSHIP, IP_DROP_MEMBERSHIP, IP_MULTICAST_IF
-sockopt_opt_ip_mreqsrc = IP_ADD_SOURCE_MEMBERSHIP, IP_BLOCK_SOURCE, IP_DROP_SOURCE_MEMBERSHIP, IP_UNBLOCK_SOURCE
-sockopt_opt_ip_opts = IP_OPTIONS, IP_PKTOPTIONS
-ip_msfilter_mode = MCAST_INCLUDE, MCAST_EXCLUDE
-ip_mtu_discover = IP_PMTUDISC_DONT, IP_PMTUDISC_WANT, IP_PMTUDISC_DO, IP_PMTUDISC_PROBE, IP_PMTUDISC_INTERFACE, IP_PMTUDISC_OMIT
+getsockopt$inet_mtu(fd sock_in, level const[IPPROTO_IP], optname const[IP_MTU_DISCOVER], optval ptr[out, flags[ip_mtu_discover, int32]], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_mtu(fd sock_in, level const[IPPROTO_IP], optname const[IP_MTU_DISCOVER], optval ptr[in, flags[ip_mtu_discover, int32]], optlen len[optval])
 
-ip_mreq {
-	multi	ipv4_addr
-	addr	ipv4_addr
+xfrm_filter {
+	info		xfrm_userpolicy_info
+	tmpl		xfrm_user_tmpl
 }
 
-ip_mreqn {
-	multi	ipv4_addr
-	addr	ipv4_addr
-	ifindex	int32
+xfrm_userpolicy_info {
+	sel		xfrm_selector
+	lft		xfrm_lifetime_cfg
+	curlft		xfrm_lifetime_cur
+	priority	int32
+	index		int32
+	dir		int8
+	action		flags[xfrm_policy_actions, int8]
+	flags		flags[xfrm_policy_flags, int8]
+	share		flags[xfrm_policy_shares, int8]
 }
 
-ip_mreq_source {
-	multi	ipv4_addr
-	iface	ipv4_addr
-	source	ipv4_addr
+xfrm_policy_actions = XFRM_POLICY_ALLOW, XFRM_POLICY_BLOCK
+xfrm_policy_flags = XFRM_STATE_NOECN, XFRM_STATE_DECAP_DSCP, XFRM_STATE_NOPMTUDISC, XFRM_STATE_WILDRECV, XFRM_STATE_ICMP, XFRM_STATE_AF_UNSPEC, XFRM_STATE_ALIGN4, XFRM_STATE_ESN
+xfrm_policy_shares = XFRM_SHARE_ANY, XFRM_SHARE_SESSION, XFRM_SHARE_USER, XFRM_SHARE_UNIQUE
+
+xfrm_selector {
+	daddr		xfrm_address
+	saddr		xfrm_address
+	dport		proc[int16be, 20000, 4]
+	dport_mask	int16
+	sport		proc[int16be, 20000, 4]
+	sport_mask	int16
+	family		flags[socket_domain, int16]
+	prefixlen_d	flags[xfrm_prefixlens, int8]
+	prefixlen_s	flags[xfrm_prefixlens, int8]
+	proto		int8
+	ifindex		int32
+	user		uid
 }
 
-ip_msfilter {
-	multi	ipv4_addr
-	iface	ipv4_addr
-	fmode	flags[ip_msfilter_mode, int32]
-	numsrc	len[slist, int32]
-	slist	array[ipv4_addr]
+xfrm_prefixlens = 32, 128
+
+xfrm_address [
+	in		ipv4_addr
+	in6		ipv6_addr
+]
+
+xfrm_lifetime_cfg {
+	soft_byte_limit			int64
+	hard_byte_limit			int64
+	soft_packet_limit		int64
+	hard_packet_limit		int64
+	soft_add_expires_seconds	int64
+	hard_add_expires_seconds	int64
+	soft_use_expires_seconds	int64
+	hard_use_expires_seconds	int64
 }
 
-in_pktinfo {
-	ifindex	int32
-	dst	ipv4_addr
-	addr	ipv4_addr
+xfrm_lifetime_cur {
+	bytes		int64
+	packets		int64
+	add_time	int64
+	use_time	int64
 }
 
-xfrm_filer {
-	info	xfrm_userpolicy_info
-	tmpl	xfrm_user_tmpl
+xfrm_user_tmpl {
+	id		xfrm_id
+	family		flags[socket_domain, int16]
+	saddr		xfrm_address
+	reqid		int32
+	mode		flags[xfrm_modes, int8]
+	share		flags[xfrm_policy_shares, int8]
+	optional	int8
+	aalgos		int32
+	ealgos		int32
+	calgos		int32
 }
 
-xfrm_userpolicy_info {
-	sel	xfrm_selector
-	lft	xfrm_lifetime_cfg
-	cur	xfrm_lifetime_cur
-	prio	int32
-	index	int32
-	dir	int8
-	action	int8
-	flags	int8
-	share	int8
+xfrm_modes = XFRM_MODE_TRANSPORT, XFRM_MODE_TUNNEL, XFRM_MODE_ROUTEOPTIMIZATION, XFRM_MODE_IN_TRIGGER, XFRM_MODE_BEET
+
+xfrm_id {
+	daddr		xfrm_address
+	spi		int32
+	proto		int8
 }
 
-xfrm_user_tmpl {
-	id	xfrm_id
-	fam	int16
-	saddr	xfrm_in_addr
-	reqid	int32
-	mode	int8
-	share	int8
-	opt	int8
-	aalgod	int32
-	ealgos	int32
-	calgos	int32
+ip_mreq {
+	imr_multiaddr	ipv4_addr
+	imr_interface	ipv4_addr
 }
 
-xfrm_selector {
-	daddr	xfrm_in_addr
-	saddr	xfrm_in_addr
-	dport	proc[int16be, 20000, 4]
-	dmask	int16
-	sport	proc[int16be, 20000, 4]
-	smask	int16
-	fam	int16
-	len_d	int8
-	len_s	int8
-	proto	int8
-	ifindex	int32
-	user	int32
+ip_mreqn {
+	imr_multiaddr	ipv4_addr
+	imr_address	ipv4_addr
+	imr_ifindex	int32
 }
 
-xfrm_lifetime_cfg {
-	x0	int64
-	x1	int64
-	x2	int64
-	x3	int64
-	x4	int64
-	x5	int64
-	x6	int64
-	x7	int64
+ip_mreq_source {
+	imr_multiaddr	ipv4_addr
+	imr_interface	ipv4_addr
+	imr_sourceaddr	ipv4_addr
 }
 
-xfrm_lifetime_cur {
-	bytes	int64
-	packets	int64
-	atime	int64
-	utime	int64
+ip_msfilter {
+	imsf_multiaddr	ipv4_addr
+	imsf_interface	ipv4_addr
+	imsf_fmode	flags[ip_msfilter_mode, int32]
+	imsf_numsrc	len[imsf_slist, int32]
+	imsf_slist	array[ipv4_addr]
 }
 
-xfrm_id {
-	daddr	xfrm_in_addr
-	spi	int32
-	proto	int8
+ip_msfilter_mode = MCAST_INCLUDE, MCAST_EXCLUDE
+
+in_pktinfo {
+	ipi_ifindex	int32
+	ipi_spec_dst	ipv4_addr
+	ipi_addr	ipv4_addr
 }
 
-xfrm_in_addr [
-	in	ipv4_addr
-	in6	ipv6_addr
-]
+group_req_in {
+	gr_interface	int32
+	gr_group	sockaddr_storage_in
+}
+
+group_source_req_in {
+	gsr_interface	int32
+	gsr_group	sockaddr_storage_in
+	gsr_source	sockaddr_storage_in
+}
+
+group_filter_in {
+	gf_interface	int32
+	gf_group	sockaddr_storage_in
+	gf_fmode	flags[ip_msfilter_mode, int32]
+	gf_numsrc	len[gf_slist, int32]
+	gf_slist	array[sockaddr_storage_in]
+}
+
+ip_mtu_discover = IP_PMTUDISC_DONT, IP_PMTUDISC_WANT, IP_PMTUDISC_DO, IP_PMTUDISC_PROBE, IP_PMTUDISC_INTERFACE, IP_PMTUDISC_OMIT
 
 # IP ioctls
 
diff --git a/sys/socket_inet6.txt b/sys/socket_inet6.txt
index a7bbc5c65..8aa6755fc 100644
--- a/sys/socket_inet6.txt
+++ b/sys/socket_inet6.txt
@@ -18,7 +18,6 @@ sock_in6_pair {
 	f1	sock_in6
 }
 
-
 sockaddr_in6 {
 	family	const[AF_INET6, int16]
 	port	proc[int16be, 20000, 4]
@@ -27,6 +26,11 @@ sockaddr_in6 {
 	scope	int32
 }
 
+sockaddr_storage_in6 {
+	addr	sockaddr_in6
+	pad	array[const[0, int64], 12]
+}
+
 socket$inet6(domain const[AF_INET6], type flags[socket_type], proto int8) sock_in6
 socketpair$inet6(domain const[AF_INET6], type flags[socket_type], proto int8, fds ptr[out, sock_in6_pair])
 accept$inet6(fd sock_in6, peer ptr[out, sockaddr_in6, opt], peerlen ptr[inout, len[peer, int32]]) sock_in6
diff --git a/sys/socket_inet_amd64.const b/sys/socket_inet_amd64.const
index 7ad4f46a6..f91f26aec 100644
--- a/sys/socket_inet_amd64.const
+++ b/sys/socket_inet_amd64.const
@@ -88,6 +88,25 @@ SIOCSIFDSTADDR = 35096
 SIOCSIFFLAGS = 35092
 SIOCSIFNETMASK = 35100
 SIOCSIFPFLAGS = 35124
+XFRM_MODE_BEET = 4
+XFRM_MODE_IN_TRIGGER = 3
+XFRM_MODE_ROUTEOPTIMIZATION = 2
+XFRM_MODE_TRANSPORT = 0
+XFRM_MODE_TUNNEL = 1
+XFRM_POLICY_ALLOW = 0
+XFRM_POLICY_BLOCK = 1
+XFRM_SHARE_ANY = 0
+XFRM_SHARE_SESSION = 1
+XFRM_SHARE_UNIQUE = 3
+XFRM_SHARE_USER = 2
+XFRM_STATE_AF_UNSPEC = 32
+XFRM_STATE_ALIGN4 = 64
+XFRM_STATE_DECAP_DSCP = 2
+XFRM_STATE_ESN = 128
+XFRM_STATE_ICMP = 16
+XFRM_STATE_NOECN = 1
+XFRM_STATE_NOPMTUDISC = 4
+XFRM_STATE_WILDRECV = 8
 __NR_accept = 43
 __NR_accept4 = 288
 __NR_bind = 49
diff --git a/sys/socket_inet_arm64.const b/sys/socket_inet_arm64.const
index c3589f412..c8d17037f 100644
--- a/sys/socket_inet_arm64.const
+++ b/sys/socket_inet_arm64.const
@@ -88,6 +88,25 @@ SIOCSIFDSTADDR = 35096
 SIOCSIFFLAGS = 35092
 SIOCSIFNETMASK = 35100
 SIOCSIFPFLAGS = 35124
+XFRM_MODE_BEET = 4
+XFRM_MODE_IN_TRIGGER = 3
+XFRM_MODE_ROUTEOPTIMIZATION = 2
+XFRM_MODE_TRANSPORT = 0
+XFRM_MODE_TUNNEL = 1
+XFRM_POLICY_ALLOW = 0
+XFRM_POLICY_BLOCK = 1
+XFRM_SHARE_ANY = 0
+XFRM_SHARE_SESSION = 1
+XFRM_SHARE_UNIQUE = 3
+XFRM_SHARE_USER = 2
+XFRM_STATE_AF_UNSPEC = 32
+XFRM_STATE_ALIGN4 = 64
+XFRM_STATE_DECAP_DSCP = 2
+XFRM_STATE_ESN = 128
+XFRM_STATE_ICMP = 16
+XFRM_STATE_NOECN = 1
+XFRM_STATE_NOPMTUDISC = 4
+XFRM_STATE_WILDRECV = 8
 __NR_accept = 202
 __NR_accept4 = 242
 __NR_bind = 200
diff --git a/sys/socket_inet_ppc64le.const b/sys/socket_inet_ppc64le.const
index e81c0d3d3..dfbd05964 100644
--- a/sys/socket_inet_ppc64le.const
+++ b/sys/socket_inet_ppc64le.const
@@ -88,6 +88,25 @@ SIOCSIFDSTADDR = 35096
 SIOCSIFFLAGS = 35092
 SIOCSIFNETMASK = 35100
 SIOCSIFPFLAGS = 35124
+XFRM_MODE_BEET = 4
+XFRM_MODE_IN_TRIGGER = 3
+XFRM_MODE_ROUTEOPTIMIZATION = 2
+XFRM_MODE_TRANSPORT = 0
+XFRM_MODE_TUNNEL = 1
+XFRM_POLICY_ALLOW = 0
+XFRM_POLICY_BLOCK = 1
+XFRM_SHARE_ANY = 0
+XFRM_SHARE_SESSION = 1
+XFRM_SHARE_UNIQUE = 3
+XFRM_SHARE_USER = 2
+XFRM_STATE_AF_UNSPEC = 32
+XFRM_STATE_ALIGN4 = 64
+XFRM_STATE_DECAP_DSCP = 2
+XFRM_STATE_ESN = 128
+XFRM_STATE_ICMP = 16
+XFRM_STATE_NOECN = 1
+XFRM_STATE_NOPMTUDISC = 4
+XFRM_STATE_WILDRECV = 8
 __NR_accept = 330
 __NR_accept4 = 344
 __NR_bind = 327
diff --git a/sys/socket_inet_sctp.txt b/sys/socket_inet_sctp.txt
index 58f8571d3..67ef363a0 100755
--- a/sys/socket_inet_sctp.txt
+++ b/sys/socket_inet_sctp.txt
@@ -110,16 +110,6 @@ sockaddr_sctp [
 	in6	sockaddr_in6
 ] [varlen]
 
-sockaddr_storage_in {
-	addr	sockaddr_in
-	pad	array[const[0, int64], 15]
-}
-
-sockaddr_storage_in6 {
-	addr	sockaddr_in6
-	pad	array[const[0, int64], 12]
-}
-
 sockaddr_storage_sctp [
 	in	sockaddr_storage_in
 	in6	sockaddr_storage_in6