From 6bfd4f1979d582602a91ee57865e588ffed41ab5 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Sat, 30 Dec 2017 13:27:48 +0100 Subject: sys/linux: netlink xfrm support --- sys/linux/socket_key.txt | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) (limited to 'sys/linux/socket_key.txt') diff --git a/sys/linux/socket_key.txt b/sys/linux/socket_key.txt index 32971f453..cdd7a5c7d 100644 --- a/sys/linux/socket_key.txt +++ b/sys/linux/socket_key.txt @@ -38,9 +38,8 @@ sadb_msg { sadb_msg_satype flags[sadb_satype, int8] sadb_msg_len bytesize8[parent, int16] sadb_msg_reserved const[0, int16] - sadb_msg_seq int32 -# TODO: what is this port id? do we need to pass something meaningful? - sadb_msg_pid int32 + sadb_msg_seq proc[7388453, 8, int32] + sadb_msg_pid proc[635427835, 4, int32] ext_headers array[sadb_ext_hdr] } [packed] @@ -63,15 +62,16 @@ sadb_ext_hdr [ sadb_sa { sadb_len bytesize8[parent, int16] sadb_exttype const[SADB_EXT_SA, int16] -# TODO: what is this? - sadb_sa_spi int32be + sadb_sa_spi proc[1234, 4, int32be] sadb_sa_replay int8 sadb_sa_state int8 sadb_sa_auth int8[SADB_AALG_NONE:SADB_AALG_MAX] sadb_sa_encrypt int8[SADB_X_CALG_NONE:SADB_X_CALG_MAX] - sadb_sa_flags int32 + sadb_sa_flags flags[sadb_sa_flags, int32] } [packed, align_8] +sadb_sa_flags = SADB_SAFLAGS_PFS, SADB_SAFLAGS_NOPMTUDISC, SADB_SAFLAGS_DECAP_DSCP, SADB_SAFLAGS_NOECN + sadb_lifetime { sadb_len bytesize8[parent, int16] sadb_exttype flags[sadb_lifetime_type, int16] @@ -84,8 +84,8 @@ sadb_lifetime { sadb_address { sadb_len bytesize8[parent, int16] sadb_exttype flags[sadb_address_type, int16] - sadb_address_proto int8 - sadb_address_prefixlen int8 + sadb_address_proto flags[xfrm_proto, int8] + sadb_address_prefixlen flags[xfrm_prefixlens, int8] sadb_address_reserved const[0, int16] addr sadb_address_addr } [packed, align_8] @@ -98,8 +98,10 @@ sadb_address_addr [ sadb_key { sadb_len bytesize8[parent, int16] sadb_exttype flags[sadb_key_type, int16] - sadb_key_bits int16 +# TODO: length in bits + sadb_key_bits len[key, int16] sadb_key_reserved const[0, int16] + key array[int8] } [packed, align_8] sadb_ident { @@ -113,8 +115,9 @@ sadb_ident { sadb_spirange { sadb_len bytesize8[parent, int16] sadb_exttype const[SADB_EXT_SPIRANGE, int16] - sadb_spirange_min int32 - sadb_spirange_max int32 +# TODO: should this be int32be or not? + sadb_spirange_min proc[1234, 4, int32] + sadb_spirange_max proc[1234, 4, int32] sadb_spirange_reserved const[0, int32] } [packed, align_8] @@ -122,21 +125,23 @@ sadb_x_policy { sadb_len bytesize8[parent, int16] sadb_exttype const[SADB_X_EXT_POLICY, int16] sadb_x_policy_type int16[IPSEC_POLICY_DISCARD:IPSEC_POLICY_BYPASS] - sadb_x_policy_dir int8 + sadb_x_policy_dir flags[ipsec_policy_dir, int8] sadb_x_policy_reserved const[0, int8] - sadb_x_policy_id int32 + sadb_x_policy_id proc[7236528, 16, int32] sadb_x_policy_priority int32 policy sadb_x_ipsecrequest } [packed, align_8] sadb_x_ipsecrequest { - sadb_x_ipsecrequest_len int16 - sadb_x_ipsecrequest_proto int16 + sadb_x_ipsecrequest_len bytesize8[parent, int16] + sadb_x_ipsecrequest_proto flags[xfrm_proto, int16] sadb_x_ipsecrequest_mode int8 sadb_x_ipsecrequest_level int8 sadb_x_ipsecrequest_reserved1 const[0, int16] sadb_x_ipsecrequest_reqid int32 sadb_x_ipsecrequest_reserved2 const[0, int32] + saddr sadb_filter_addr + daddr sadb_filter_addr } [packed, align_8] sadb_x_sa2 { @@ -145,8 +150,8 @@ sadb_x_sa2 { sadb_x_sa2_mode int8 sadb_x_sa2_reserved1 const[0, int8] sadb_x_sa2_reserved2 const[0, int16] - sadb_x_sa2_sequence int32 - sadb_x_sa2_reqid int32 + sadb_x_sa2_sequence proc[7388453, 8, int32] + sadb_x_sa2_reqid proc[13567, 8, int32] } [packed, align_8] sadb_x_nat_t_type { @@ -201,4 +206,5 @@ sadb_address_type = SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS sadb_key_type = SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT sadb_ident_type = SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST sadb_nat_port_type = SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT +ipsec_policy_dir = IPSEC_DIR_ANY, IPSEC_DIR_INBOUND, IPSEC_DIR_OUTBOUND, IPSEC_DIR_FWD, IPSEC_DIR_MAX sadb_filter_addr_len = 4, 16 -- cgit mrf-deployment