# Copyright 2017 syzkaller project authors. All rights reserved. # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. # AF_NETLINK/NETLINK_XFRM support. include include include include include resource sock_nl_xfrm[sock_netlink] type xfrm_req_id int32[13567:13575, opt] type xfrm_policy_index int32[7236528:7236544, opt] type xfrm_spi int32be[1234:1238] # Note: executor sets up xfrm0 device with XFRM_IF_ID=1. type xfrm_if_id int32[1:4] socket$nl_xfrm(domain const[AF_NETLINK], type const[SOCK_RAW], proto const[NETLINK_XFRM]) sock_nl_xfrm sendmsg$nl_xfrm(fd sock_nl_xfrm, msg ptr[in, msghdr_nl_xfrm], f flags[send_flags]) type msghdr_nl_xfrm msghdr_netlink[netlink_msg_xfrm] netlink_msg_xfrm [ newsa netlink_msg[XFRM_MSG_NEWSA, xfrm_usersa_info, xfrma_policy] updsa netlink_msg[XFRM_MSG_UPDSA, xfrm_usersa_info, xfrma_policy] delsa netlink_msg[XFRM_MSG_DELSA, xfrm_usersa_id, xfrma_policy] getsa netlink_msg[XFRM_MSG_GETSA, xfrm_usersa_id, xfrma_policy] newpolicy netlink_msg[XFRM_MSG_NEWPOLICY, xfrm_userpolicy_info, xfrma_policy] updpolicy netlink_msg[XFRM_MSG_UPDPOLICY, xfrm_userpolicy_info, xfrma_policy] delpolicy netlink_msg[XFRM_MSG_DELPOLICY, xfrm_userpolicy_id, xfrma_policy] getpolicy netlink_msg[XFRM_MSG_GETPOLICY, xfrm_userpolicy_id, xfrma_policy] migrate netlink_msg[XFRM_MSG_MIGRATE, xfrm_userpolicy_id, xfrma_policy] allocspi netlink_msg[XFRM_MSG_ALLOCSPI, xfrm_userspi_info, xfrma_policy] acquire netlink_msg[XFRM_MSG_ACQUIRE, xfrm_user_acquire, xfrma_policy] expire netlink_msg[XFRM_MSG_EXPIRE, xfrm_user_expire, xfrma_policy] polexpire netlink_msg[XFRM_MSG_POLEXPIRE, xfrm_user_polexpire, xfrma_policy] flushsa netlink_msg[XFRM_MSG_FLUSHSA, xfrm_usersa_flush, xfrma_policy] report netlink_msg[XFRM_MSG_REPORT, xfrm_user_report, xfrma_policy] flushpolicy netlink_msg[XFRM_MSG_FLUSHPOLICY, void, xfrma_policy] newae netlink_msg[XFRM_MSG_NEWAE, xfrm_aevent_id, xfrma_policy] getae netlink_msg[XFRM_MSG_GETAE, xfrm_aevent_id, xfrma_policy] getsadinfo netlink_msg[XFRM_MSG_GETSADINFO, const[0, int32], xfrma_policy] newspdinfo netlink_msg[XFRM_MSG_NEWSPDINFO, int32, xfrma_spd_policy] getspdinfo netlink_msg[XFRM_MSG_GETSPDINFO, int32, void] ] [varlen] xfrm_usersa_info { sel xfrm_selector id xfrm_id saddr xfrm_address_t lft xfrm_lifetime_cfg curlft xfrm_lifetime_cur stats xfrm_stats seq netlink_seq reqid xfrm_req_id family flags[xfrm_family, int16] mode flags[xfrm_mode, int8] replay_window int8 flags flags[xfrm_state, int8] } xfrm_usersa_id { daddr xfrm_address_t spi xfrm_spi family flags[xfrm_family, int16] proto flags[xfrm_proto, int8] } xfrm_userpolicy_id { sel xfrm_selector index xfrm_policy_index dir flags[xfrm_policy_dir, int8] } xfrm_userspi_info { info xfrm_usersa_info min int32 max int32 } xfrm_user_acquire { id xfrm_id saddr xfrm_address_t sel xfrm_selector policy xfrm_userpolicy_info aalgos int32 ealgos int32 calgo int32 seq netlink_seq } xfrm_user_expire { state xfrm_usersa_info hard int8 } xfrm_user_polexpire { pol xfrm_userpolicy_info hard int8 } xfrm_usersa_flush { proto flags[xfrm_proto, int8] } xfrm_user_report { proto flags[xfrm_proto, int8] sel xfrm_selector } xfrm_aevent_id { sa_id xfrm_usersa_id saddr xfrm_address_t flags int32 reqid xfrm_req_id } xfrma_policy [ sa nlattr[XFRMA_SA, xfrm_usersa_info] policy nlattr[XFRMA_POLICY, xfrm_userpolicy_info] lastused nlattr[XFRMA_LASTUSED, int64] algo_auth_trunc nlattr[XFRMA_ALG_AUTH_TRUNC, xfrm_algo_auth] algo_aead nlattr[XFRMA_ALG_AEAD, xfrm_algo_aead] algo_auth nlattr[XFRMA_ALG_AUTH, xfrm_algo_hash] algo_crypt nlattr[XFRMA_ALG_CRYPT, xfrm_algo_skcipher] algo_comp nlattr[XFRMA_ALG_COMP, xfrm_algo_compress] srcaddr nlattr[XFRMA_SRCADDR, xfrm_address_t] coaddr nlattr[XFRMA_COADDR, xfrm_address_t] extra_flags nlattr[XFRMA_SA_EXTRA_FLAGS, int32] tfcpad nlattr[XFRMA_TFCPAD, int32] replay_thresh nlattr[XFRMA_REPLAY_THRESH, int32] etimer_thresh nlattr[XFRMA_ETIMER_THRESH, int32] encap nlattr[XFRMA_ENCAP, xfrm_encap_tmpl] offload nlattr[XFRMA_OFFLOAD_DEV, xfrm_user_offload] sec_ctx nlattr[XFRMA_SEC_CTX, xfrm_user_sec_ctx] lifetime_val nlattr[XFRMA_LTIME_VAL, xfrm_lifetime_cur] tmpl nlattr[XFRMA_TMPL, array[xfrm_user_tmpl, 1:XFRM_MAX_DEPTH]] replay_val nlattr[XFRMA_REPLAY_VAL, xfrm_replay_state] replay_esn_val nlattr[XFRMA_REPLAY_ESN_VAL, xfrm_replay_state_esn] policy_type nlattr[XFRMA_POLICY_TYPE, xfrm_userpolicy_type] migrate nlattr[XFRMA_MIGRATE, array[xfrm_user_migrate, 1:XFRM_MAX_DEPTH]] user_kmaddress nlattr[XFRMA_KMADDRESS, xfrm_user_kmaddress] mark nlattr[XFRMA_MARK, xfrm_mark] proto nlattr[XFRMA_PROTO, flags[xfrm_proto, int8]] address_filter nlattr[XFRMA_ADDRESS_FILTER, xfrm_address_filter] XFRMA_SET_MARK nlattr[XFRMA_SET_MARK, int32] XFRMA_SET_MARK_MASK nlattr[XFRMA_SET_MARK_MASK, int32] XFRMA_IF_ID nlattr[XFRMA_IF_ID, xfrm_if_id] ] [varlen] define XFRM_MAX_DEPTH 6 xfrma_spd_policy [ XFRMA_SPD_IPV4_HTHRESH nlattr[XFRMA_SPD_IPV4_HTHRESH, xfrmu_spdhthresh[32]] XFRMA_SPD_IPV6_HTHRESH nlattr[XFRMA_SPD_IPV6_HTHRESH, xfrmu_spdhthresh[128]] ] [varlen] xfrm_encap_tmpl { encap_type flags[xfrm_encap_type, int16] encap_sport sock_port encap_dport sock_port encap_oa xfrm_address_t } xfrm_user_offload { ifindex ifindex[opt] flags flags[xfrm_offload_flags, int8] } xfrm_offload_flags = XFRM_OFFLOAD_IPV6, XFRM_OFFLOAD_INBOUND xfrm_user_sec_ctx { len len[parent, int16] exttype const[XFRMA_SEC_CTX, int16] ctx_alg flags[xfrm_sec_ctx_alg, int8] ctx_doi int8 ctx_len len[payload, int16] # TODO: what's this? looks intersting. payload array[int8] } xfrm_sec_ctx_alg = XFRM_SC_ALG_SELINUX xfrm_replay_state { oseq netlink_seq seq netlink_seq bitmap int32 } xfrm_replay_state_esn { bmp_len len[bmp, int32] oseq netlink_seq seq netlink_seq oseq_hi netlink_seq seq_hi netlink_seq replay_window int32 bmp array[int32] } xfrm_userpolicy_type { type flags[xfrm_policy_types, int8] reserved1 const[0, int16] reserved2 const[0, int8] } xfrm_user_migrate { old_daddr xfrm_address_t old_saddr xfrm_address_t new_daddr xfrm_address_t new_saddr xfrm_address_t proto flags[xfrm_proto, int8] mode flags[xfrm_mode, int8] reserved const[0, int16] reqid xfrm_req_id old_family flags[xfrm_family, int16] new_family flags[xfrm_family, int16] } xfrm_user_kmaddress { local xfrm_address_t remote xfrm_address_t reserved const[0, int32] family flags[xfrm_family, int16] } xfrm_mark { v int32[3475289:3475293] m int32 } xfrm_address_filter { saddr xfrm_address_t daddr xfrm_address_t family flags[xfrm_family, int16] splen int8 dplen int8 } type xfrmu_spdhthresh[BOUND] { lbits int8[0:BOUND] rbits int8[0:BOUND] } xfrm_selector { daddr xfrm_address_t saddr xfrm_address_t dport sock_port dport_mask int16be[opt] sport sock_port sport_mask int16be[opt] family flags[xfrm_family, int16] prefixlen_d flags[xfrm_prefixlens, int8] prefixlen_s flags[xfrm_prefixlens, int8] proto flags[ipv6_types, int8] ifindex ifindex[opt] user uid } xfrm_lifetime_cfg { soft_byte_limit int64 hard_byte_limit int64 soft_packet_limit int64 hard_packet_limit int64 soft_add_expires_seconds int64 hard_add_expires_seconds int64 soft_use_expires_seconds int64 hard_use_expires_seconds int64 } xfrm_lifetime_cur { bytes int64 packets int64 add_time int64 use_time int64 } xfrm_stats { replay_window int32 replay int32 integrity_failed int32 } xfrm_algo_hash { alg_name alg_hash_name alg_key_len bitsize[alg_key, int32] alg_key array[int8] } xfrm_algo_skcipher { alg_name alg_skcipher_name alg_key_len bitsize[alg_key, int32] alg_key array[int8] } xfrm_algo_compress { alg_name alg_compress_name alg_key_len bitsize[alg_key, int32] alg_key array[int8] } xfrm_algo_auth { alg_name alg_hash_name alg_key_len bitsize[alg_key, int32] alg_icv_len flags[xfrm_algo_truncbits, int32] alg_key array[int8] } xfrm_algo_aead { alg_name alg_aead_name alg_key_len bitsize[alg_key, int32] alg_icv_len flags[xfrm_algo_truncbits, int32] alg_key array[int8] } xfrm_algo_truncbits = 0, 64, 96, 128, 160, 192, 256, 384, 512 xfrm_id { daddr xfrm_address_t spi xfrm_spi proto flags[xfrm_proto, int8] } xfrm_address_t [ in ipv4_addr in6 ipv6_addr ] xfrm_filter { info xfrm_userpolicy_info tmpl xfrm_user_tmpl } xfrm_userpolicy_info { sel xfrm_selector lft xfrm_lifetime_cfg curlft xfrm_lifetime_cur priority int32 index xfrm_policy_index dir flags[xfrm_policy_dir, int8] action flags[xfrm_policy_actions, int8] flags flags[xfrm_policy_flags, int8] share flags[xfrm_policy_shares, int8] } xfrm_user_tmpl { id xfrm_id family flags[xfrm_family, int16] saddr xfrm_address_t reqid xfrm_req_id mode flags[xfrm_mode, int8] share flags[xfrm_policy_shares, int8] optional int8 aalgos int32 ealgos int32 calgos int32 } xfrm_mode = XFRM_MODE_TRANSPORT, XFRM_MODE_TUNNEL, XFRM_MODE_ROUTEOPTIMIZATION, XFRM_MODE_IN_TRIGGER, XFRM_MODE_BEET xfrm_state = XFRM_STATE_NOECN, XFRM_STATE_DECAP_DSCP, XFRM_STATE_NOPMTUDISC, XFRM_STATE_WILDRECV, XFRM_STATE_ICMP, XFRM_STATE_AF_UNSPEC, XFRM_STATE_ALIGN4, XFRM_STATE_ESN xfrm_family = AF_INET, AF_INET6 xfrm_proto = IPPROTO_AH, IPPROTO_ESP, IPPROTO_COMP, IPPROTO_DSTOPTS, IPPROTO_ROUTING, IPSEC_PROTO_ANY xfrm_policy_types = XFRM_POLICY_TYPE_MAIN, XFRM_POLICY_TYPE_SUB xfrm_policy_actions = XFRM_POLICY_ALLOW, XFRM_POLICY_BLOCK xfrm_policy_flags = XFRM_POLICY_LOCALOK, XFRM_POLICY_ICMP xfrm_policy_shares = XFRM_SHARE_ANY, XFRM_SHARE_SESSION, XFRM_SHARE_USER, XFRM_SHARE_UNIQUE xfrm_policy_dir = XFRM_POLICY_IN, XFRM_POLICY_OUT, XFRM_POLICY_FWD xfrm_prefixlens = 32, 128 xfrm_encap_type = -3, -2, -1, 0, 1, 2, 3