24 #include <netlink-private/netlink.h> 25 #include <netlink/netlink.h> 26 #include <netlink/attr.h> 27 #include <netlink/utils.h> 28 #include <netlink/object.h> 29 #include <netlink/route/rtnl.h> 30 #include <netlink/route/link/macsec.h> 31 #include <netlink-private/route/link/api.h> 32 #include <netlink-private/utils.h> 34 #include <linux/if_macsec.h> 37 #define MACSEC_ATTR_SCI (1 << 0) 38 #define MACSEC_ATTR_ICV_LEN (1 << 1) 39 #define MACSEC_ATTR_CIPHER_SUITE (1 << 2) 40 #define MACSEC_ATTR_WINDOW (1 << 3) 41 #define MACSEC_ATTR_ENCODING_SA (1 << 4) 42 #define MACSEC_ATTR_ENCRYPT (1 << 5) 43 #define MACSEC_ATTR_PROTECT (1 << 6) 44 #define MACSEC_ATTR_INC_SCI (1 << 7) 45 #define MACSEC_ATTR_ES (1 << 8) 46 #define MACSEC_ATTR_SCB (1 << 9) 47 #define MACSEC_ATTR_REPLAY_PROTECT (1 << 10) 48 #define MACSEC_ATTR_VALIDATION (1 << 11) 49 #define MACSEC_ATTR_PORT (1 << 12) 55 uint64_t cipher_suite;
58 enum macsec_validation_type validate;
61 uint8_t send_sci, end_station, scb, replay_protect, protect, encrypt;
66 #define DEFAULT_ICV_LEN 16 70 static struct nla_policy macsec_policy[IFLA_MACSEC_MAX+1] = {
72 [IFLA_MACSEC_ICV_LEN] = { .type =
NLA_U8 },
73 [IFLA_MACSEC_CIPHER_SUITE] = { .type =
NLA_U64 },
74 [IFLA_MACSEC_WINDOW] = { .type =
NLA_U32 },
75 [IFLA_MACSEC_ENCODING_SA] = { .type =
NLA_U8 },
76 [IFLA_MACSEC_ENCRYPT] = { .type =
NLA_U8 },
77 [IFLA_MACSEC_PROTECT] = { .type =
NLA_U8 },
78 [IFLA_MACSEC_INC_SCI] = { .type =
NLA_U8 },
79 [IFLA_MACSEC_ES] = { .type =
NLA_U8 },
80 [IFLA_MACSEC_SCB] = { .type =
NLA_U8 },
81 [IFLA_MACSEC_REPLAY_PROTECT] = { .type =
NLA_U8 },
82 [IFLA_MACSEC_VALIDATION] = { .type =
NLA_U8 },
95 static int macsec_alloc(
struct rtnl_link *link)
97 struct macsec_info *info;
100 link->l_info = malloc(
sizeof(
struct macsec_info));
105 memset(link->l_info, 0,
sizeof(
struct macsec_info));
108 info->cipher_suite = MACSEC_DEFAULT_CIPHER_ID;
109 info->icv_len = DEFAULT_ICV_LEN;
110 info->ce_mask = MACSEC_ATTR_CIPHER_SUITE | MACSEC_ATTR_ICV_LEN;
115 static int macsec_parse(
struct rtnl_link *link,
struct nlattr *data,
116 struct nlattr *xstats)
118 struct nlattr *tb[IFLA_MACSEC_MAX+1];
119 struct macsec_info *info;
122 NL_DBG(3,
"Parsing MACsec link info\n");
127 if ((err = macsec_alloc(link)) < 0)
132 if (tb[IFLA_MACSEC_SCI]) {
134 info->ce_mask |= MACSEC_ATTR_SCI;
137 if (tb[IFLA_MACSEC_PROTECT]) {
138 info->protect =
nla_get_u8(tb[IFLA_MACSEC_PROTECT]);
139 info->ce_mask |= MACSEC_ATTR_PROTECT;
142 if (tb[IFLA_MACSEC_CIPHER_SUITE]) {
143 info->cipher_suite =
nla_get_u64(tb[IFLA_MACSEC_CIPHER_SUITE]);
144 info->ce_mask |= MACSEC_ATTR_CIPHER_SUITE;
147 if (tb[IFLA_MACSEC_ICV_LEN]) {
148 info->icv_len =
nla_get_u8(tb[IFLA_MACSEC_ICV_LEN]);
149 info->ce_mask |= MACSEC_ATTR_ICV_LEN;
152 if (tb[IFLA_MACSEC_ENCODING_SA]) {
153 info->encoding_sa =
nla_get_u8(tb[IFLA_MACSEC_ENCODING_SA]);
154 info->ce_mask |= MACSEC_ATTR_ENCODING_SA;
157 if (tb[IFLA_MACSEC_VALIDATION]) {
158 info->validate =
nla_get_u8(tb[IFLA_MACSEC_VALIDATION]);
159 info->ce_mask |= MACSEC_ATTR_VALIDATION;
162 if (tb[IFLA_MACSEC_ENCRYPT]) {
163 info->encrypt =
nla_get_u8(tb[IFLA_MACSEC_ENCRYPT]);
164 info->ce_mask |= MACSEC_ATTR_ENCRYPT;
167 if (tb[IFLA_MACSEC_INC_SCI]) {
168 info->send_sci =
nla_get_u8(tb[IFLA_MACSEC_INC_SCI]);
169 info->ce_mask |= MACSEC_ATTR_INC_SCI;
172 if (tb[IFLA_MACSEC_ES]) {
173 info->end_station =
nla_get_u8(tb[IFLA_MACSEC_ES]);
174 info->ce_mask |= MACSEC_ATTR_ES;
177 if (tb[IFLA_MACSEC_SCB]) {
179 info->ce_mask |= MACSEC_ATTR_SCB;
182 if (tb[IFLA_MACSEC_REPLAY_PROTECT]) {
183 info->replay_protect =
nla_get_u8(tb[IFLA_MACSEC_REPLAY_PROTECT]);
184 info->ce_mask |= MACSEC_ATTR_REPLAY_PROTECT;
187 if (tb[IFLA_MACSEC_WINDOW]) {
188 info->window =
nla_get_u32(tb[IFLA_MACSEC_WINDOW]);
189 info->ce_mask |= MACSEC_ATTR_WINDOW;
197 static void macsec_free(
struct rtnl_link *link)
203 static const char *values_on_off[] = {
"off",
"on" };
205 static const char *VALIDATE_STR[] = {
206 [MACSEC_VALIDATE_DISABLED] =
"disabled",
207 [MACSEC_VALIDATE_CHECK] =
"check",
208 [MACSEC_VALIDATE_STRICT] =
"strict",
211 static char *replay_protect_str(
char *buf, uint8_t replay_protect, uint8_t window)
213 if (replay_protect == 1) {
214 sprintf(buf,
"replay_protect on window %d", window);
215 }
else if (replay_protect == 0) {
216 sprintf(buf,
"replay_protect off");
225 #define PRINT_FLAG(buf, i, field, c) ({ if (i->field == 1) *buf++ = c; }) 227 static char *flags_str(
char *buf,
unsigned char len,
struct macsec_info *info)
232 PRINT_FLAG(tmp, info, protect,
'P');
233 PRINT_FLAG(tmp, info, encrypt,
'E');
234 PRINT_FLAG(tmp, info, send_sci,
'S');
235 PRINT_FLAG(tmp, info, end_station,
'e');
236 PRINT_FLAG(tmp, info, scb,
's');
237 PRINT_FLAG(tmp, info, replay_protect,
'R');
241 switch (info->validate) {
242 case MACSEC_VALIDATE_DISABLED:
245 case MACSEC_VALIDATE_CHECK:
248 case MACSEC_VALIDATE_STRICT:
255 sprintf(tmp,
" %d", info->encoding_sa);
262 struct macsec_info *info = link->l_info;
265 nl_dump(p,
"sci %016llx <%s>", ntohll(info->sci), flags_str(tmp,
sizeof(tmp), info));
270 struct macsec_info *info = link->l_info;
273 nl_dump(p,
" sci %016llx protect %s encoding_sa %d encrypt %s send_sci %s validate %s %s\n",
274 ntohll(info->sci), values_on_off[info->protect], info->encoding_sa, values_on_off[info->encrypt], values_on_off[info->send_sci],
275 VALIDATE_STR[info->validate],
276 replay_protect_str(tmp, info->replay_protect, info->window));
277 nl_dump(p,
" cipher suite: %016llx, icv_len %d\n",
278 info->cipher_suite, info->icv_len);
283 struct macsec_info *copy, *info = src->l_info;
294 memcpy(copy, info,
sizeof(
struct macsec_info));
299 static int macsec_put_attrs(
struct nl_msg *msg,
struct rtnl_link *link)
301 struct macsec_info *info = link->l_info;
307 if (info->ce_mask & MACSEC_ATTR_SCI)
309 else if (info->ce_mask & MACSEC_ATTR_PORT)
310 NLA_PUT_U16(msg, IFLA_MACSEC_PORT, htons(info->port));
312 if ((info->ce_mask & MACSEC_ATTR_ENCRYPT))
313 NLA_PUT_U8(msg, IFLA_MACSEC_ENCRYPT, info->encrypt);
315 if (info->cipher_suite != MACSEC_DEFAULT_CIPHER_ID || info->icv_len != DEFAULT_ICV_LEN) {
316 NLA_PUT_U64(msg, IFLA_MACSEC_CIPHER_SUITE, info->cipher_suite);
317 NLA_PUT_U8(msg, IFLA_MACSEC_ICV_LEN, info->icv_len);
320 if ((info->ce_mask & MACSEC_ATTR_INC_SCI))
321 NLA_PUT_U8(msg, IFLA_MACSEC_INC_SCI, info->send_sci);
323 if ((info->ce_mask & MACSEC_ATTR_ES))
324 NLA_PUT_U8(msg, IFLA_MACSEC_ES, info->end_station);
326 if ((info->ce_mask & MACSEC_ATTR_SCB))
329 if ((info->ce_mask & MACSEC_ATTR_PROTECT))
330 NLA_PUT_U8(msg, IFLA_MACSEC_PROTECT, info->protect);
332 if ((info->ce_mask & MACSEC_ATTR_REPLAY_PROTECT)) {
333 if (info->replay_protect && !(info->ce_mask & MACSEC_ATTR_WINDOW))
336 NLA_PUT_U8(msg, IFLA_MACSEC_REPLAY_PROTECT, info->replay_protect);
337 NLA_PUT_U32(msg, IFLA_MACSEC_WINDOW, info->window);
340 if ((info->ce_mask & MACSEC_ATTR_VALIDATION))
341 NLA_PUT_U8(msg, IFLA_MACSEC_VALIDATION, info->validate);
343 if ((info->ce_mask & MACSEC_ATTR_ENCODING_SA))
344 NLA_PUT_U8(msg, IFLA_MACSEC_ENCODING_SA, info->encoding_sa);
357 struct macsec_info *a = link_a->l_info;
358 struct macsec_info *b = link_b->l_info;
360 uint32_t attrs = flags & LOOSE_COMPARISON ? b->ce_mask : ~0;
362 #define MACSEC_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, MACSEC_ATTR_##ATTR, a, b, EXPR) 364 if (a->ce_mask & MACSEC_ATTR_SCI && b->ce_mask & MACSEC_ATTR_SCI)
365 diff |= MACSEC_DIFF(SCI, a->sci != b->sci);
366 else if (a->ce_mask & MACSEC_ATTR_PORT && b->ce_mask & MACSEC_ATTR_PORT)
367 diff |= MACSEC_DIFF(PORT, a->port != b->port);
369 if (a->ce_mask & MACSEC_ATTR_CIPHER_SUITE && b->ce_mask & MACSEC_ATTR_CIPHER_SUITE) {
370 diff |= MACSEC_DIFF(ICV_LEN, a->icv_len != b->icv_len);
371 diff |= MACSEC_DIFF(CIPHER_SUITE, a->cipher_suite != b->cipher_suite);
374 if (a->ce_mask & MACSEC_ATTR_REPLAY_PROTECT && b->ce_mask & MACSEC_ATTR_REPLAY_PROTECT) {
375 int d = MACSEC_DIFF(REPLAY_PROTECT, a->replay_protect != b->replay_protect);
376 if (a->replay_protect && b->replay_protect)
377 d |= MACSEC_DIFF(WINDOW, a->window != b->window);
381 diff |= MACSEC_DIFF(ENCODING_SA, a->encoding_sa != b->encoding_sa);
382 diff |= MACSEC_DIFF(ENCRYPT, a->encrypt != b->encrypt);
383 diff |= MACSEC_DIFF(PROTECT, a->protect != b->protect);
384 diff |= MACSEC_DIFF(INC_SCI, a->send_sci != b->send_sci);
385 diff |= MACSEC_DIFF(ES, a->end_station != b->end_station);
386 diff |= MACSEC_DIFF(SCB, a->scb != b->scb);
387 diff |= MACSEC_DIFF(VALIDATION, a->validate != b->validate);
394 static struct rtnl_link_info_ops macsec_info_ops = {
396 .io_alloc = macsec_alloc,
397 .io_parse = macsec_parse,
402 .io_clone = macsec_clone,
403 .io_put_attrs = macsec_put_attrs,
404 .io_free = macsec_free,
405 .io_compare = macsec_compare,
408 static void __init macsec_init(
void)
413 static void __exit macsec_exit(
void)
419 #define IS_MACSEC_LINK_ASSERT(link) \ 420 if ((link)->l_info_ops != &macsec_info_ops) { \ 421 APPBUG("Link is not a MACsec link. set type \"macsec\" first."); \ 422 return -NLE_OPNOTSUPP; \ 426 struct rtnl_link *rtnl_link_macsec_alloc(
void)
450 struct macsec_info *info = link->l_info;
452 IS_MACSEC_LINK_ASSERT(link);
455 info->ce_mask |= MACSEC_ATTR_SCI;
470 struct macsec_info *info = link->l_info;
472 IS_MACSEC_LINK_ASSERT(link);
474 if (!(info->ce_mask & MACSEC_ATTR_SCI))
492 struct macsec_info *info = link->l_info;
494 IS_MACSEC_LINK_ASSERT(link);
497 info->ce_mask |= MACSEC_ATTR_PORT;
511 struct macsec_info *info = link->l_info;
513 IS_MACSEC_LINK_ASSERT(link);
515 if (!(info->ce_mask & MACSEC_ATTR_PORT))
524 int rtnl_link_macsec_set_cipher_suite(
struct rtnl_link *link, uint64_t cipher_suite)
526 struct macsec_info *info = link->l_info;
528 IS_MACSEC_LINK_ASSERT(link);
530 info->cipher_suite = cipher_suite;
531 info->ce_mask |= MACSEC_ATTR_CIPHER_SUITE;
536 int rtnl_link_macsec_get_cipher_suite(
struct rtnl_link *link, uint64_t *cs)
538 struct macsec_info *info = link->l_info;
540 IS_MACSEC_LINK_ASSERT(link);
542 if (!(info->ce_mask & MACSEC_ATTR_CIPHER_SUITE))
546 *cs = info->cipher_suite;
551 int rtnl_link_macsec_set_icv_len(
struct rtnl_link *link, uint16_t icv_len)
553 struct macsec_info *info = link->l_info;
555 IS_MACSEC_LINK_ASSERT(link);
557 if (icv_len > MACSEC_STD_ICV_LEN)
560 info->icv_len = icv_len;
561 info->ce_mask |= MACSEC_ATTR_ICV_LEN;
566 int rtnl_link_macsec_get_icv_len(
struct rtnl_link *link, uint16_t *icv_len)
568 struct macsec_info *info = link->l_info;
570 IS_MACSEC_LINK_ASSERT(link);
572 if (!(info->ce_mask & MACSEC_ATTR_ICV_LEN))
576 *icv_len = info->icv_len;
581 int rtnl_link_macsec_set_protect(
struct rtnl_link *link, uint8_t protect)
583 struct macsec_info *info = link->l_info;
585 IS_MACSEC_LINK_ASSERT(link);
590 info->protect = protect;
591 info->ce_mask |= MACSEC_ATTR_PROTECT;
596 int rtnl_link_macsec_get_protect(
struct rtnl_link *link, uint8_t *protect)
598 struct macsec_info *info = link->l_info;
600 IS_MACSEC_LINK_ASSERT(link);
602 if (!(info->ce_mask & MACSEC_ATTR_PROTECT))
606 *protect = info->protect;
611 int rtnl_link_macsec_set_encrypt(
struct rtnl_link *link, uint8_t encrypt)
613 struct macsec_info *info = link->l_info;
615 IS_MACSEC_LINK_ASSERT(link);
620 info->encrypt = encrypt;
621 info->ce_mask |= MACSEC_ATTR_ENCRYPT;
626 int rtnl_link_macsec_get_encrypt(
struct rtnl_link *link, uint8_t *encrypt)
628 struct macsec_info *info = link->l_info;
630 IS_MACSEC_LINK_ASSERT(link);
632 if (!(info->ce_mask & MACSEC_ATTR_ENCRYPT))
636 *encrypt = info->encrypt;
641 int rtnl_link_macsec_set_encoding_sa(
struct rtnl_link *link, uint8_t encoding_sa)
643 struct macsec_info *info = link->l_info;
645 IS_MACSEC_LINK_ASSERT(link);
650 info->encoding_sa = encoding_sa;
651 info->ce_mask |= MACSEC_ATTR_ENCODING_SA;
656 int rtnl_link_macsec_get_encoding_sa(
struct rtnl_link *link, uint8_t *encoding_sa)
658 struct macsec_info *info = link->l_info;
660 IS_MACSEC_LINK_ASSERT(link);
662 if (!(info->ce_mask & MACSEC_ATTR_ENCODING_SA))
666 *encoding_sa = info->encoding_sa;
671 int rtnl_link_macsec_set_validation_type(
struct rtnl_link *link,
enum macsec_validation_type validate)
673 struct macsec_info *info = link->l_info;
675 IS_MACSEC_LINK_ASSERT(link);
680 info->validate = validate;
681 info->ce_mask |= MACSEC_ATTR_VALIDATION;
686 int rtnl_link_macsec_get_validation_type(
struct rtnl_link *link,
enum macsec_validation_type *validate)
688 struct macsec_info *info = link->l_info;
690 IS_MACSEC_LINK_ASSERT(link);
692 if (!(info->ce_mask & MACSEC_ATTR_VALIDATION))
696 *validate = info->validate;
701 int rtnl_link_macsec_set_replay_protect(
struct rtnl_link *link, uint8_t replay_protect)
703 struct macsec_info *info = link->l_info;
705 IS_MACSEC_LINK_ASSERT(link);
707 if (replay_protect > 1)
710 info->replay_protect = replay_protect;
711 info->ce_mask |= MACSEC_ATTR_REPLAY_PROTECT;
716 int rtnl_link_macsec_get_replay_protect(
struct rtnl_link *link, uint8_t *replay_protect)
718 struct macsec_info *info = link->l_info;
720 IS_MACSEC_LINK_ASSERT(link);
722 if (!(info->ce_mask & MACSEC_ATTR_REPLAY_PROTECT))
726 *replay_protect = info->replay_protect;
731 int rtnl_link_macsec_set_window(
struct rtnl_link *link, uint32_t window)
733 struct macsec_info *info = link->l_info;
735 IS_MACSEC_LINK_ASSERT(link);
737 info->window = window;
738 info->ce_mask |= MACSEC_ATTR_WINDOW;
743 int rtnl_link_macsec_get_window(
struct rtnl_link *link, uint32_t *window)
745 struct macsec_info *info = link->l_info;
747 IS_MACSEC_LINK_ASSERT(link);
749 if (!(info->ce_mask & MACSEC_ATTR_WINDOW))
753 *window = info->window;
758 int rtnl_link_macsec_set_send_sci(
struct rtnl_link *link, uint8_t send_sci)
760 struct macsec_info *info = link->l_info;
762 IS_MACSEC_LINK_ASSERT(link);
767 info->send_sci = send_sci;
768 info->ce_mask |= MACSEC_ATTR_INC_SCI;
773 int rtnl_link_macsec_get_send_sci(
struct rtnl_link *link, uint8_t *send_sci)
775 struct macsec_info *info = link->l_info;
777 IS_MACSEC_LINK_ASSERT(link);
779 if (!(info->ce_mask & MACSEC_ATTR_INC_SCI))
783 *send_sci = info->send_sci;
788 int rtnl_link_macsec_set_end_station(
struct rtnl_link *link, uint8_t end_station)
790 struct macsec_info *info = link->l_info;
792 IS_MACSEC_LINK_ASSERT(link);
797 info->end_station = end_station;
798 info->ce_mask |= MACSEC_ATTR_ES;
803 int rtnl_link_macsec_get_end_station(
struct rtnl_link *link, uint8_t *es)
805 struct macsec_info *info = link->l_info;
807 IS_MACSEC_LINK_ASSERT(link);
809 if (!(info->ce_mask & MACSEC_ATTR_ES))
813 *es = info->end_station;
818 int rtnl_link_macsec_set_scb(
struct rtnl_link *link, uint8_t scb)
820 struct macsec_info *info = link->l_info;
822 IS_MACSEC_LINK_ASSERT(link);
828 info->ce_mask |= MACSEC_ATTR_SCB;
833 int rtnl_link_macsec_get_scb(
struct rtnl_link *link, uint8_t *scb)
835 struct macsec_info *info = link->l_info;
837 IS_MACSEC_LINK_ASSERT(link);
839 if (!(info->ce_mask & MACSEC_ATTR_SCB))
Dump object briefly on one line.
int rtnl_link_register_info(struct rtnl_link_info_ops *ops)
Register operations for a link info type.
Attribute validation policy.
uint8_t nla_get_u8(const struct nlattr *nla)
Return value of 8 bit integer attribute.
struct rtnl_link * rtnl_link_alloc(void)
Allocate link object.
#define NLA_PUT_U64(msg, attrtype, value)
Add 64 bit integer attribute to netlink message.
uint32_t nla_get_u32(const struct nlattr *nla)
Return payload of 32 bit integer attribute.
#define NLA_PUT_U8(msg, attrtype, value)
Add 8 bit integer attribute to netlink message.
int rtnl_link_macsec_get_sci(struct rtnl_link *link, uint64_t *sci)
Get SCI.
Dump all attributes but no statistics.
int nla_nest_end(struct nl_msg *msg, struct nlattr *start)
Finalize nesting of attributes.
int nla_parse_nested(struct nlattr *tb[], int maxtype, struct nlattr *nla, struct nla_policy *policy)
Create attribute index based on nested attribute.
int rtnl_link_macsec_set_sci(struct rtnl_link *link, uint64_t sci)
Set SCI.
int rtnl_link_macsec_set_port(struct rtnl_link *link, uint16_t port)
Set port identifier.
int rtnl_link_set_type(struct rtnl_link *link, const char *type)
Set type of link object.
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
int rtnl_link_macsec_get_port(struct rtnl_link *link, uint16_t *port)
Get port identifier.
int rtnl_link_unregister_info(struct rtnl_link_info_ops *ops)
Unregister operations for a link info type.
uint16_t type
Type of attribute or NLA_UNSPEC.
#define NLA_PUT_U16(msg, attrtype, value)
Add 16 bit integer attribute to netlink message.
uint64_t nla_get_u64(const struct nlattr *nla)
Return payload of u64 attribute.
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
void rtnl_link_put(struct rtnl_link *link)
Return a link object reference.
struct nlattr * nla_nest_start(struct nl_msg *msg, int attrtype)
Start a new level of nested attributes.