1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
# Copyright 2017 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# AF_KEY support.
include <linux/socket.h>
include <linux/net.h>
include <linux/pfkeyv2.h>
include <linux/ipsec.h>
resource sock_key[sock]
socket$key(domain const[AF_KEY], type const[SOCK_RAW], proto const[PF_KEY_V2]) sock_key
openat$pfkey(fd const[AT_FDCWD], file ptr[in, string["/proc/self/net/pfkey"]], flags flags[open_flags], mode const[0]) fd
sendmsg$key(fd sock_key, msg ptr[in, send_msghdr_key], f flags[send_flags])
send_msghdr_key {
msg_name const[0, intptr]
msg_namelen const[0, int32]
msg_iov ptr[in, iovec_sadb_msg]
msg_iovlen const[1, intptr]
msg_control const[0, intptr]
msg_controllen const[0, intptr]
msg_flags const[0, int32]
}
iovec_sadb_msg {
addr ptr[in, sadb_msg]
len bytesize[addr, intptr]
}
sadb_msg {
sadb_msg_version const[PF_KEY_V2, int8]
sadb_msg_type int8[SADB_RESERVED:SADB_MAX]
sadb_msg_errno int8
sadb_msg_satype flags[sadb_satype, int8]
sadb_msg_len bytesize8[parent, int16]
sadb_msg_reserved const[0, int16]
sadb_msg_seq netlink_seq
sadb_msg_pid netlink_port_id
ext_headers array[sadb_ext_hdr]
} [packed]
sadb_ext_hdr [
sadb_sa sadb_sa
sadb_lifetime sadb_lifetime
sadb_address sadb_address
sadb_key sadb_key
sadb_ident sadb_ident
sadb_spirange sadb_spirange
sadb_x_policy sadb_x_policy
sadb_x_sa2 sadb_x_sa2
sadb_x_nat_t_type sadb_x_nat_t_type
sadb_x_nat_t_port sadb_x_nat_t_port
sadb_x_sec_ctx sadb_x_sec_ctx
sadb_x_kmaddress sadb_x_kmaddress
sadb_x_filter sadb_x_filter
] [varlen]
sadb_sa {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_EXT_SA, int16]
sadb_sa_spi xfrm_spi
sadb_sa_replay int8
sadb_sa_state int8
sadb_sa_auth int8[SADB_AALG_NONE:SADB_AALG_MAX]
sadb_sa_encrypt int8[SADB_X_CALG_NONE:SADB_X_CALG_MAX]
sadb_sa_flags flags[sadb_sa_flags, int32]
} [packed, align[8]]
sadb_sa_flags = SADB_SAFLAGS_PFS, SADB_SAFLAGS_NOPMTUDISC, SADB_SAFLAGS_DECAP_DSCP, SADB_SAFLAGS_NOECN
sadb_lifetime {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_lifetime_type, int16]
sadb_lifetime_allocations int32
sadb_lifetime_bytes int64
sadb_lifetime_addtime int64
sadb_lifetime_usetime int64
} [packed, align[8]]
sadb_address {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_address_type, int16]
sadb_address_proto flags[xfrm_proto, int8]
sadb_address_prefixlen flags[xfrm_prefixlens, int8]
sadb_address_reserved const[0, int16]
addr sadb_address_addr
} [packed, align[8]]
sadb_address_addr [
in sockaddr_in
in6 sockaddr_in6
] [varlen]
sadb_key {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_key_type, int16]
sadb_key_bits bitsize[key, int16]
sadb_key_reserved const[0, int16]
key array[int8]
} [packed, align[8]]
sadb_ident {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_ident_type, int16]
sadb_ident_type int16
sadb_ident_reserved const[0, int16]
sadb_ident_id int64
} [packed, align[8]]
sadb_spirange {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_EXT_SPIRANGE, int16]
sadb_spirange_min xfrm_spi
sadb_spirange_max xfrm_spi
sadb_spirange_reserved const[0, int32]
} [packed, align[8]]
sadb_x_policy {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_POLICY, int16]
sadb_x_policy_type int16[IPSEC_POLICY_DISCARD:IPSEC_POLICY_BYPASS]
sadb_x_policy_dir flags[ipsec_policy_dir, int8]
sadb_x_policy_reserved const[0, int8]
sadb_x_policy_id xfrm_policy_index
sadb_x_policy_priority int32
policy sadb_x_ipsecrequest
} [packed, align[8]]
sadb_x_ipsecrequest {
sadb_x_ipsecrequest_len bytesize8[parent, int16]
sadb_x_ipsecrequest_proto flags[xfrm_proto, int16]
sadb_x_ipsecrequest_mode int8
sadb_x_ipsecrequest_level int8
sadb_x_ipsecrequest_reserved1 const[0, int16]
sadb_x_ipsecrequest_reqid int32
sadb_x_ipsecrequest_reserved2 const[0, int32]
saddr sadb_filter_addr
daddr sadb_filter_addr
} [packed, align[8]]
sadb_x_sa2 {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_SA2, int16]
sadb_x_sa2_mode int8
sadb_x_sa2_reserved1 const[0, int8]
sadb_x_sa2_reserved2 const[0, int16]
sadb_x_sa2_sequence netlink_seq
sadb_x_sa2_reqid xfrm_req_id
} [packed, align[8]]
sadb_x_nat_t_type {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_NAT_T_TYPE, int16]
sadb_x_nat_t_type_type int8
sadb_x_nat_t_type_reserved array[const[0, int8], 3]
} [packed, align[8]]
sadb_x_nat_t_port {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_nat_port_type, int16]
sadb_x_nat_t_port_port sock_port
sadb_x_nat_t_port_reserved const[0, int16]
} [packed, align[8]]
sadb_x_sec_ctx {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_SEC_CTX, int16]
sadb_x_ctx_alg int8
sadb_x_ctx_doi int8
sadb_x_ctx_len bytesize[ctx, int16]
ctx array[int8]
} [packed, align[8]]
sadb_x_kmaddress {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_KMADDRESS, int16]
sadb_x_kmaddress_reserved const[0, int32]
src sadb_address_addr
dst sadb_address_addr
} [packed, align[8]]
sadb_x_filter {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_FILTER, int16]
sadb_x_filter_saddr sadb_filter_addr
sadb_x_filter_daddr sadb_filter_addr
sadb_x_filter_family flags[socket_domain, int16]
sadb_x_filter_splen flags[sadb_filter_addr_len, int8]
sadb_x_filter_dplen flags[sadb_filter_addr_len, int8]
} [packed, align[8]]
sadb_filter_addr [
in ipv4_addr
in6 ipv6_addr
]
sadb_satype = SADB_SATYPE_UNSPEC, SADB_SATYPE_AH, SADB_SATYPE_ESP, SADB_SATYPE_RSVP, SADB_SATYPE_OSPFV2, SADB_SATYPE_RIPV2, SADB_SATYPE_MIP, SADB_X_SATYPE_IPCOMP, SADB_SATYPE_MAX
sadb_lifetime_type = SADB_EXT_LIFETIME_CURRENT, SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT
sadb_address_type = SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_X_EXT_NAT_T_OA
sadb_key_type = SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT
sadb_ident_type = SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST
sadb_nat_port_type = SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT
ipsec_policy_dir = IPSEC_DIR_ANY, IPSEC_DIR_INBOUND, IPSEC_DIR_OUTBOUND, IPSEC_DIR_FWD, IPSEC_DIR_MAX
sadb_filter_addr_len = 4, 16
|
