libnl 3.9.0
macsec.c
1/* SPDX-License-Identifier: LGPL-2.1-only */
2/*
3 * Copyright (c) 2016 Sabrina Dubroca <sd@queasysnail.net>
4 */
5
6/**
7 * @ingroup link
8 * @defgroup macsec MACsec
9 * MACsec link module
10 *
11 * @details
12 * \b Link Type Name: "macsec"
13 *
14 * @route_doc{link_macsec, MACsec Documentation}
15 *
16 * @{
17 */
18
19#include "nl-default.h"
20
21#include <linux/if_macsec.h>
22
23#include <netlink/netlink.h>
24#include <netlink/attr.h>
25#include <netlink/utils.h>
26#include <netlink/object.h>
27#include <netlink/route/rtnl.h>
28#include <netlink/route/link/macsec.h>
29
30#include "nl-route.h"
31#include "link-api.h"
32#include "nl-priv-dynamic-core/nl-core.h"
33
34/** @cond SKIP */
35#define MACSEC_ATTR_SCI (1 << 0)
36#define MACSEC_ATTR_ICV_LEN (1 << 1)
37#define MACSEC_ATTR_CIPHER_SUITE (1 << 2)
38#define MACSEC_ATTR_WINDOW (1 << 3)
39#define MACSEC_ATTR_ENCODING_SA (1 << 4)
40#define MACSEC_ATTR_ENCRYPT (1 << 5)
41#define MACSEC_ATTR_PROTECT (1 << 6)
42#define MACSEC_ATTR_INC_SCI (1 << 7)
43#define MACSEC_ATTR_ES (1 << 8)
44#define MACSEC_ATTR_SCB (1 << 9)
45#define MACSEC_ATTR_REPLAY_PROTECT (1 << 10)
46#define MACSEC_ATTR_VALIDATION (1 << 11)
47#define MACSEC_ATTR_PORT (1 << 12)
48#define MACSEC_ATTR_OFFLOAD (1 << 13)
49
50struct macsec_info {
51 int ifindex;
52 uint64_t sci;
53 uint16_t port;
54 uint64_t cipher_suite;
55 uint16_t icv_len;
56 uint32_t window;
57 enum macsec_validation_type validate;
58 uint8_t encoding_sa;
59
60 uint8_t send_sci, end_station, scb, replay_protect, protect, encrypt, offload;
61
62 uint32_t ce_mask;
63};
64
65#define DEFAULT_ICV_LEN 16
66
67/** @endcond */
68
69static struct nla_policy macsec_policy[IFLA_MACSEC_MAX+1] = {
70 [IFLA_MACSEC_SCI] = { .type = NLA_U64 },
71 [IFLA_MACSEC_ICV_LEN] = { .type = NLA_U8 },
72 [IFLA_MACSEC_CIPHER_SUITE] = { .type = NLA_U64 },
73 [IFLA_MACSEC_WINDOW] = { .type = NLA_U32 },
74 [IFLA_MACSEC_ENCODING_SA] = { .type = NLA_U8 },
75 [IFLA_MACSEC_ENCRYPT] = { .type = NLA_U8 },
76 [IFLA_MACSEC_PROTECT] = { .type = NLA_U8 },
77 [IFLA_MACSEC_INC_SCI] = { .type = NLA_U8 },
78 [IFLA_MACSEC_ES] = { .type = NLA_U8 },
79 [IFLA_MACSEC_SCB] = { .type = NLA_U8 },
80 [IFLA_MACSEC_REPLAY_PROTECT] = { .type = NLA_U8 },
81 [IFLA_MACSEC_VALIDATION] = { .type = NLA_U8 },
82 [IFLA_MACSEC_OFFLOAD] = { .type = NLA_U8 },
83};
84
85/**
86 * @name MACsec Object
87 * @{
88 */
89
90/**
91 * Allocate link object of type MACsec
92 *
93 * @return Allocated link object or NULL.
94 */
95static int macsec_alloc(struct rtnl_link *link)
96{
97 struct macsec_info *info;
98
99 if (!link->l_info) {
100 link->l_info = malloc(sizeof(struct macsec_info));
101 if (!link->l_info)
102 return -NLE_NOMEM;
103 }
104
105 memset(link->l_info, 0, sizeof(struct macsec_info));
106 info = link->l_info;
107
108 info->cipher_suite = MACSEC_DEFAULT_CIPHER_ID;
109 info->icv_len = DEFAULT_ICV_LEN;
110 info->ce_mask = MACSEC_ATTR_CIPHER_SUITE | MACSEC_ATTR_ICV_LEN;
111
112 return 0;
113}
114
115static int macsec_parse(struct rtnl_link *link, struct nlattr *data,
116 struct nlattr *xstats)
117{
118 struct nlattr *tb[IFLA_MACSEC_MAX+1];
119 struct macsec_info *info;
120 int err;
121
122 NL_DBG(3, "Parsing MACsec link info\n");
123
124 if ((err = nla_parse_nested(tb, IFLA_MACSEC_MAX, data, macsec_policy)) < 0)
125 goto errout;
126
127 if ((err = macsec_alloc(link)) < 0)
128 goto errout;
129
130 info = link->l_info;
131
132 if (tb[IFLA_MACSEC_SCI]) {
133 info->sci = nla_get_u64(tb[IFLA_MACSEC_SCI]);
134 info->ce_mask |= MACSEC_ATTR_SCI;
135 }
136
137 if (tb[IFLA_MACSEC_PROTECT]) {
138 info->protect = nla_get_u8(tb[IFLA_MACSEC_PROTECT]);
139 info->ce_mask |= MACSEC_ATTR_PROTECT;
140 }
141
142 if (tb[IFLA_MACSEC_CIPHER_SUITE]) {
143 info->cipher_suite = nla_get_u64(tb[IFLA_MACSEC_CIPHER_SUITE]);
144 info->ce_mask |= MACSEC_ATTR_CIPHER_SUITE;
145 }
146
147 if (tb[IFLA_MACSEC_ICV_LEN]) {
148 info->icv_len = nla_get_u8(tb[IFLA_MACSEC_ICV_LEN]);
149 info->ce_mask |= MACSEC_ATTR_ICV_LEN;
150 }
151
152 if (tb[IFLA_MACSEC_ENCODING_SA]) {
153 info->encoding_sa = nla_get_u8(tb[IFLA_MACSEC_ENCODING_SA]);
154 info->ce_mask |= MACSEC_ATTR_ENCODING_SA;
155 }
156
157 if (tb[IFLA_MACSEC_VALIDATION]) {
158 info->validate = nla_get_u8(tb[IFLA_MACSEC_VALIDATION]);
159 info->ce_mask |= MACSEC_ATTR_VALIDATION;
160 }
161
162 if (tb[IFLA_MACSEC_ENCRYPT]) {
163 info->encrypt = nla_get_u8(tb[IFLA_MACSEC_ENCRYPT]);
164 info->ce_mask |= MACSEC_ATTR_ENCRYPT;
165 }
166
167 if (tb[IFLA_MACSEC_OFFLOAD]) {
168 info->offload = nla_get_u8(tb[IFLA_MACSEC_OFFLOAD]);
169 info->ce_mask |= MACSEC_ATTR_OFFLOAD;
170 }
171
172 if (tb[IFLA_MACSEC_INC_SCI]) {
173 info->send_sci = nla_get_u8(tb[IFLA_MACSEC_INC_SCI]);
174 info->ce_mask |= MACSEC_ATTR_INC_SCI;
175 }
176
177 if (tb[IFLA_MACSEC_ES]) {
178 info->end_station = nla_get_u8(tb[IFLA_MACSEC_ES]);
179 info->ce_mask |= MACSEC_ATTR_ES;
180 }
181
182 if (tb[IFLA_MACSEC_SCB]) {
183 info->scb = nla_get_u8(tb[IFLA_MACSEC_SCB]);
184 info->ce_mask |= MACSEC_ATTR_SCB;
185 }
186
187 if (tb[IFLA_MACSEC_REPLAY_PROTECT]) {
188 info->replay_protect = nla_get_u8(tb[IFLA_MACSEC_REPLAY_PROTECT]);
189 info->ce_mask |= MACSEC_ATTR_REPLAY_PROTECT;
190 }
191
192 if (tb[IFLA_MACSEC_WINDOW]) {
193 info->window = nla_get_u32(tb[IFLA_MACSEC_WINDOW]);
194 info->ce_mask |= MACSEC_ATTR_WINDOW;
195 }
196
197 err = 0;
198errout:
199 return err;
200}
201
202static void macsec_free(struct rtnl_link *link)
203{
204 free(link->l_info);
205 link->l_info = NULL;
206}
207
208static const char *values_on_off[] = { "off", "on" };
209
210static const char *VALIDATE_STR[] = {
211 [MACSEC_VALIDATE_DISABLED] = "disabled",
212 [MACSEC_VALIDATE_CHECK] = "check",
213 [MACSEC_VALIDATE_STRICT] = "strict",
214};
215
216static char *replay_protect_str(char *buf, uint8_t replay_protect, uint8_t window)
217{
218 if (replay_protect == 1) {
219 sprintf(buf, "replay_protect on window %d", window);
220 } else if (replay_protect == 0) {
221 sprintf(buf, "replay_protect off");
222 } else {
223 buf[0] = '\0';
224 }
225
226 return buf;
227}
228
229/** @cond SKIP */
230#define PRINT_FLAG(buf, i, field, c) ({ if (i->field == 1) *buf++ = c; })
231/** @endcond */
232static char *flags_str(char *buf, unsigned char len, struct macsec_info *info)
233{
234 char *tmp = buf;
235 memset(tmp, 0, len);
236
237 PRINT_FLAG(tmp, info, protect, 'P');
238 PRINT_FLAG(tmp, info, encrypt, 'E');
239 PRINT_FLAG(tmp, info, send_sci, 'S');
240 PRINT_FLAG(tmp, info, end_station, 'e');
241 PRINT_FLAG(tmp, info, scb, 's');
242 PRINT_FLAG(tmp, info, replay_protect, 'R');
243
244 *tmp++ = ' ';
245 *tmp++ = 'v';
246 switch (info->validate) {
247 case MACSEC_VALIDATE_DISABLED:
248 *tmp++ = 'd';
249 break;
250 case MACSEC_VALIDATE_CHECK:
251 *tmp++ = 'c';
252 break;
253 case MACSEC_VALIDATE_STRICT:
254 *tmp++ = 's';
255 break;
256 default:
257 break;
258 }
259
260 sprintf(tmp, " %d", info->encoding_sa);
261
262 return buf;
263}
264
265static void macsec_dump_line(struct rtnl_link *link, struct nl_dump_params *p)
266{
267 struct macsec_info *info = link->l_info;
268 char tmp[128];
269
270 nl_dump(p, "sci %016llx <%s>", (long long unsigned)ntohll(info->sci),
271 flags_str(tmp, sizeof(tmp), info));
272}
273
274static void macsec_dump_details(struct rtnl_link *link, struct nl_dump_params *p)
275{
276 struct macsec_info *info = link->l_info;
277 char tmp[128];
278
279 nl_dump(p,
280 " sci %016llx protect %s encoding_sa %d encrypt %s send_sci %s validate %s %s\n",
281 (long long unsigned)ntohll(info->sci),
282 values_on_off[info->protect], info->encoding_sa,
283 values_on_off[info->encrypt], values_on_off[info->send_sci],
284 VALIDATE_STR[info->validate],
285 replay_protect_str(tmp, info->replay_protect, info->window));
286 nl_dump(p, " cipher suite: %016llx, icv_len %d\n",
287 (long long unsigned)info->cipher_suite, info->icv_len);
288}
289
290static int macsec_clone(struct rtnl_link *dst, struct rtnl_link *src)
291{
292 struct macsec_info *copy, *info = src->l_info;
293 int err;
294
295 dst->l_info = NULL;
296 if ((err = rtnl_link_set_type(dst, "macsec")) < 0)
297 return err;
298 copy = dst->l_info;
299
300 if (!info || !copy)
301 return -NLE_NOMEM;
302
303 memcpy(copy, info, sizeof(struct macsec_info));
304
305 return 0;
306}
307
308static int macsec_put_attrs(struct nl_msg *msg, struct rtnl_link *link)
309{
310 struct macsec_info *info = link->l_info;
311 struct nlattr *data;
312
313 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA)))
314 return -NLE_MSGSIZE;
315
316 if (info->ce_mask & MACSEC_ATTR_SCI)
317 NLA_PUT_U64(msg, IFLA_MACSEC_SCI, info->sci);
318 else if (info->ce_mask & MACSEC_ATTR_PORT)
319 NLA_PUT_U16(msg, IFLA_MACSEC_PORT, htons(info->port));
320
321 if ((info->ce_mask & MACSEC_ATTR_ENCRYPT))
322 NLA_PUT_U8(msg, IFLA_MACSEC_ENCRYPT, info->encrypt);
323
324 if ((info->ce_mask & MACSEC_ATTR_OFFLOAD))
325 NLA_PUT_U8(msg, IFLA_MACSEC_OFFLOAD, info->offload);
326
327 if (info->cipher_suite != MACSEC_DEFAULT_CIPHER_ID || info->icv_len != DEFAULT_ICV_LEN) {
328 NLA_PUT_U64(msg, IFLA_MACSEC_CIPHER_SUITE, info->cipher_suite);
329 NLA_PUT_U8(msg, IFLA_MACSEC_ICV_LEN, info->icv_len);
330 }
331
332 if ((info->ce_mask & MACSEC_ATTR_INC_SCI))
333 NLA_PUT_U8(msg, IFLA_MACSEC_INC_SCI, info->send_sci);
334
335 if ((info->ce_mask & MACSEC_ATTR_ES))
336 NLA_PUT_U8(msg, IFLA_MACSEC_ES, info->end_station);
337
338 if ((info->ce_mask & MACSEC_ATTR_SCB))
339 NLA_PUT_U8(msg, IFLA_MACSEC_SCB, info->scb);
340
341 if ((info->ce_mask & MACSEC_ATTR_PROTECT))
342 NLA_PUT_U8(msg, IFLA_MACSEC_PROTECT, info->protect);
343
344 if ((info->ce_mask & MACSEC_ATTR_REPLAY_PROTECT)) {
345 if (info->replay_protect && !(info->ce_mask & MACSEC_ATTR_WINDOW))
346 return -NLE_INVAL;
347
348 NLA_PUT_U8(msg, IFLA_MACSEC_REPLAY_PROTECT, info->replay_protect);
349 NLA_PUT_U32(msg, IFLA_MACSEC_WINDOW, info->window);
350 }
351
352 if ((info->ce_mask & MACSEC_ATTR_VALIDATION))
353 NLA_PUT_U8(msg, IFLA_MACSEC_VALIDATION, info->validate);
354
355 if ((info->ce_mask & MACSEC_ATTR_ENCODING_SA))
356 NLA_PUT_U8(msg, IFLA_MACSEC_ENCODING_SA, info->encoding_sa);
357
358 nla_nest_end(msg, data);
359
360 return 0;
361
362nla_put_failure:
363 return -NLE_MSGSIZE;
364}
365
366static int macsec_compare(struct rtnl_link *link_a, struct rtnl_link *link_b,
367 int flags)
368{
369 struct macsec_info *a = link_a->l_info;
370 struct macsec_info *b = link_b->l_info;
371 int diff = 0;
372 uint32_t attrs = flags & LOOSE_COMPARISON ? b->ce_mask : ~0;
373
374#define _DIFF(ATTR, EXPR) ATTR_DIFF(attrs, ATTR, a, b, EXPR)
375 if (a->ce_mask & MACSEC_ATTR_SCI && b->ce_mask & MACSEC_ATTR_SCI)
376 diff |= _DIFF(MACSEC_ATTR_SCI, a->sci != b->sci);
377 else if (a->ce_mask & MACSEC_ATTR_PORT && b->ce_mask & MACSEC_ATTR_PORT)
378 diff |= _DIFF(MACSEC_ATTR_PORT, a->port != b->port);
379
380 if (a->ce_mask & MACSEC_ATTR_CIPHER_SUITE &&
381 b->ce_mask & MACSEC_ATTR_CIPHER_SUITE) {
382 diff |= _DIFF(MACSEC_ATTR_ICV_LEN, a->icv_len != b->icv_len);
383 diff |= _DIFF(MACSEC_ATTR_CIPHER_SUITE,
384 a->cipher_suite != b->cipher_suite);
385 }
386
387 if (a->ce_mask & MACSEC_ATTR_REPLAY_PROTECT &&
388 b->ce_mask & MACSEC_ATTR_REPLAY_PROTECT) {
389 int d = _DIFF(MACSEC_ATTR_REPLAY_PROTECT,
390 a->replay_protect != b->replay_protect);
391 if (a->replay_protect && b->replay_protect) {
392 d |= _DIFF(MACSEC_ATTR_WINDOW, a->window != b->window);
393 }
394 diff |= d;
395 }
396
397 diff |= _DIFF(MACSEC_ATTR_ENCODING_SA,
398 a->encoding_sa != b->encoding_sa);
399 diff |= _DIFF(MACSEC_ATTR_ENCRYPT, a->encrypt != b->encrypt);
400 diff |= _DIFF(MACSEC_ATTR_PROTECT, a->protect != b->protect);
401 diff |= _DIFF(MACSEC_ATTR_INC_SCI, a->send_sci != b->send_sci);
402 diff |= _DIFF(MACSEC_ATTR_ES, a->end_station != b->end_station);
403 diff |= _DIFF(MACSEC_ATTR_SCB, a->scb != b->scb);
404 diff |= _DIFF(MACSEC_ATTR_VALIDATION, a->validate != b->validate);
405#undef _DIFF
406
407 return diff;
408}
409
410
411static struct rtnl_link_info_ops macsec_info_ops = {
412 .io_name = "macsec",
413 .io_alloc = macsec_alloc,
414 .io_parse = macsec_parse,
415 .io_dump = {
416 [NL_DUMP_LINE] = macsec_dump_line,
417 [NL_DUMP_DETAILS] = macsec_dump_details,
418 },
419 .io_clone = macsec_clone,
420 .io_put_attrs = macsec_put_attrs,
421 .io_free = macsec_free,
422 .io_compare = macsec_compare,
423};
424
425static void _nl_init macsec_init(void)
426{
427 rtnl_link_register_info(&macsec_info_ops);
428}
429
430static void _nl_exit macsec_exit(void)
431{
432 rtnl_link_unregister_info(&macsec_info_ops);
433}
434
435/** @cond SKIP */
436#define IS_MACSEC_LINK_ASSERT(link) \
437 if ((link)->l_info_ops != &macsec_info_ops) { \
438 APPBUG("Link is not a MACsec link. set type \"macsec\" first."); \
439 return -NLE_OPNOTSUPP; \
440 }
441/** @endcond */
442
443struct rtnl_link *rtnl_link_macsec_alloc(void)
444{
445 struct rtnl_link *link = rtnl_link_alloc();
446
447 if (!link)
448 return NULL;
449
450 if (rtnl_link_set_type(link, "macsec") < 0) {
451 rtnl_link_put(link);
452 return NULL;
453 }
454
455 return link;
456}
457
458/**
459 * Set SCI
460 * @arg link Link object
461 * @arg sci Secure Channel Identifier in network byte order
462 *
463 * @return 0 on success or a negative error code.
464 */
465int rtnl_link_macsec_set_sci(struct rtnl_link *link, uint64_t sci)
466{
467 struct macsec_info *info = link->l_info;
468
469 IS_MACSEC_LINK_ASSERT(link);
470
471 info->sci = sci;
472 info->ce_mask |= MACSEC_ATTR_SCI;
473
474 return 0;
475}
476
477/**
478 * Get SCI
479 * @arg link Link object
480 * @arg sci On return points to the Secure Channel Identifier
481 * in network byte order
482 *
483 * @return 0 on success or a negative error code.
484 */
485int rtnl_link_macsec_get_sci(struct rtnl_link *link, uint64_t *sci)
486{
487 struct macsec_info *info = link->l_info;
488
489 IS_MACSEC_LINK_ASSERT(link);
490
491 if (!(info->ce_mask & MACSEC_ATTR_SCI))
492 return -NLE_NOATTR;
493
494 if (sci)
495 *sci = info->sci;
496
497 return 0;
498}
499
500/**
501 * Set port identifier
502 * @arg link Link object
503 * @arg port Port identifier in host byte order
504 *
505 * @return 0 on success or a negative error code.
506 */
507int rtnl_link_macsec_set_port(struct rtnl_link *link, uint16_t port)
508{
509 struct macsec_info *info = link->l_info;
510
511 IS_MACSEC_LINK_ASSERT(link);
512
513 info->port = port;
514 info->ce_mask |= MACSEC_ATTR_PORT;
515
516 return 0;
517}
518
519/**
520 * Get port identifier
521 * @arg link Link object
522 * @arg port On return points to the port identifier in host byte order
523 *
524 * @return 0 on success or a negative error code.
525 */
526int rtnl_link_macsec_get_port(struct rtnl_link *link, uint16_t *port)
527{
528 struct macsec_info *info = link->l_info;
529
530 IS_MACSEC_LINK_ASSERT(link);
531
532 if (!(info->ce_mask & MACSEC_ATTR_PORT))
533 return -NLE_NOATTR;
534
535 if (port)
536 *port = info->port;
537
538 return 0;
539}
540
541int rtnl_link_macsec_set_cipher_suite(struct rtnl_link *link, uint64_t cipher_suite)
542{
543 struct macsec_info *info = link->l_info;
544
545 IS_MACSEC_LINK_ASSERT(link);
546
547 info->cipher_suite = cipher_suite;
548 info->ce_mask |= MACSEC_ATTR_CIPHER_SUITE;
549
550 return 0;
551}
552
553int rtnl_link_macsec_get_cipher_suite(struct rtnl_link *link, uint64_t *cs)
554{
555 struct macsec_info *info = link->l_info;
556
557 IS_MACSEC_LINK_ASSERT(link);
558
559 if (!(info->ce_mask & MACSEC_ATTR_CIPHER_SUITE))
560 return -NLE_NOATTR;
561
562 if (cs)
563 *cs = info->cipher_suite;
564
565 return 0;
566}
567
568int rtnl_link_macsec_set_icv_len(struct rtnl_link *link, uint16_t icv_len)
569{
570 struct macsec_info *info = link->l_info;
571
572 IS_MACSEC_LINK_ASSERT(link);
573
574 if (icv_len > MACSEC_STD_ICV_LEN)
575 return -NLE_INVAL;
576
577 info->icv_len = icv_len;
578 info->ce_mask |= MACSEC_ATTR_ICV_LEN;
579
580 return 0;
581}
582
583int rtnl_link_macsec_get_icv_len(struct rtnl_link *link, uint16_t *icv_len)
584{
585 struct macsec_info *info = link->l_info;
586
587 IS_MACSEC_LINK_ASSERT(link);
588
589 if (!(info->ce_mask & MACSEC_ATTR_ICV_LEN))
590 return -NLE_NOATTR;
591
592 if (icv_len)
593 *icv_len = info->icv_len;
594
595 return 0;
596}
597
598int rtnl_link_macsec_set_protect(struct rtnl_link *link, uint8_t protect)
599{
600 struct macsec_info *info = link->l_info;
601
602 IS_MACSEC_LINK_ASSERT(link);
603
604 if (protect > 1)
605 return -NLE_INVAL;
606
607 info->protect = protect;
608 info->ce_mask |= MACSEC_ATTR_PROTECT;
609
610 return 0;
611}
612
613int rtnl_link_macsec_get_protect(struct rtnl_link *link, uint8_t *protect)
614{
615 struct macsec_info *info = link->l_info;
616
617 IS_MACSEC_LINK_ASSERT(link);
618
619 if (!(info->ce_mask & MACSEC_ATTR_PROTECT))
620 return -NLE_NOATTR;
621
622 if (protect)
623 *protect = info->protect;
624
625 return 0;
626}
627
628int rtnl_link_macsec_set_encrypt(struct rtnl_link *link, uint8_t encrypt)
629{
630 struct macsec_info *info = link->l_info;
631
632 IS_MACSEC_LINK_ASSERT(link);
633
634 if (encrypt > 1)
635 return -NLE_INVAL;
636
637 info->encrypt = encrypt;
638 info->ce_mask |= MACSEC_ATTR_ENCRYPT;
639
640 return 0;
641}
642
643int rtnl_link_macsec_get_encrypt(struct rtnl_link *link, uint8_t *encrypt)
644{
645 struct macsec_info *info = link->l_info;
646
647 IS_MACSEC_LINK_ASSERT(link);
648
649 if (!(info->ce_mask & MACSEC_ATTR_ENCRYPT))
650 return -NLE_NOATTR;
651
652 if (encrypt)
653 *encrypt = info->encrypt;
654
655 return 0;
656}
657
658int rtnl_link_macsec_set_offload(struct rtnl_link *link, uint8_t offload)
659{
660 struct macsec_info *info = link->l_info;
661
662 IS_MACSEC_LINK_ASSERT(link);
663
664 info->offload = offload;
665 info->ce_mask |= MACSEC_ATTR_OFFLOAD;
666
667 return 0;
668}
669
670int rtnl_link_macsec_get_offload(struct rtnl_link *link, uint8_t *offload)
671{
672 struct macsec_info *info = link->l_info;
673
674 IS_MACSEC_LINK_ASSERT(link);
675
676 if (!(info->ce_mask & MACSEC_ATTR_OFFLOAD))
677 return -NLE_NOATTR;
678
679 if (offload)
680 *offload = info->offload;
681
682 return 0;
683}
684
685int rtnl_link_macsec_set_encoding_sa(struct rtnl_link *link, uint8_t encoding_sa)
686{
687 struct macsec_info *info = link->l_info;
688
689 IS_MACSEC_LINK_ASSERT(link);
690
691 if (encoding_sa > 3)
692 return -NLE_INVAL;
693
694 info->encoding_sa = encoding_sa;
695 info->ce_mask |= MACSEC_ATTR_ENCODING_SA;
696
697 return 0;
698}
699
700int rtnl_link_macsec_get_encoding_sa(struct rtnl_link *link, uint8_t *encoding_sa)
701{
702 struct macsec_info *info = link->l_info;
703
704 IS_MACSEC_LINK_ASSERT(link);
705
706 if (!(info->ce_mask & MACSEC_ATTR_ENCODING_SA))
707 return -NLE_NOATTR;
708
709 if (encoding_sa)
710 *encoding_sa = info->encoding_sa;
711
712 return 0;
713}
714
715int rtnl_link_macsec_set_validation_type(struct rtnl_link *link, enum macsec_validation_type validate)
716{
717 struct macsec_info *info = link->l_info;
718
719 IS_MACSEC_LINK_ASSERT(link);
720
721 if (validate > MACSEC_VALIDATE_MAX)
722 return -NLE_INVAL;
723
724 info->validate = validate;
725 info->ce_mask |= MACSEC_ATTR_VALIDATION;
726
727 return 0;
728}
729
730int rtnl_link_macsec_get_validation_type(struct rtnl_link *link, enum macsec_validation_type *validate)
731{
732 struct macsec_info *info = link->l_info;
733
734 IS_MACSEC_LINK_ASSERT(link);
735
736 if (!(info->ce_mask & MACSEC_ATTR_VALIDATION))
737 return -NLE_NOATTR;
738
739 if (validate)
740 *validate = info->validate;
741
742 return 0;
743}
744
745int rtnl_link_macsec_set_replay_protect(struct rtnl_link *link, uint8_t replay_protect)
746{
747 struct macsec_info *info = link->l_info;
748
749 IS_MACSEC_LINK_ASSERT(link);
750
751 if (replay_protect > 1)
752 return -NLE_INVAL;
753
754 info->replay_protect = replay_protect;
755 info->ce_mask |= MACSEC_ATTR_REPLAY_PROTECT;
756
757 return 0;
758}
759
760int rtnl_link_macsec_get_replay_protect(struct rtnl_link *link, uint8_t *replay_protect)
761{
762 struct macsec_info *info = link->l_info;
763
764 IS_MACSEC_LINK_ASSERT(link);
765
766 if (!(info->ce_mask & MACSEC_ATTR_REPLAY_PROTECT))
767 return -NLE_NOATTR;
768
769 if (replay_protect)
770 *replay_protect = info->replay_protect;
771
772 return 0;
773}
774
775int rtnl_link_macsec_set_window(struct rtnl_link *link, uint32_t window)
776{
777 struct macsec_info *info = link->l_info;
778
779 IS_MACSEC_LINK_ASSERT(link);
780
781 info->window = window;
782 info->ce_mask |= MACSEC_ATTR_WINDOW;
783
784 return 0;
785}
786
787int rtnl_link_macsec_get_window(struct rtnl_link *link, uint32_t *window)
788{
789 struct macsec_info *info = link->l_info;
790
791 IS_MACSEC_LINK_ASSERT(link);
792
793 if (!(info->ce_mask & MACSEC_ATTR_WINDOW))
794 return -NLE_NOATTR;
795
796 if (window)
797 *window = info->window;
798
799 return 0;
800}
801
802int rtnl_link_macsec_set_send_sci(struct rtnl_link *link, uint8_t send_sci)
803{
804 struct macsec_info *info = link->l_info;
805
806 IS_MACSEC_LINK_ASSERT(link);
807
808 if (send_sci > 1)
809 return -NLE_INVAL;
810
811 info->send_sci = send_sci;
812 info->ce_mask |= MACSEC_ATTR_INC_SCI;
813
814 return 0;
815}
816
817int rtnl_link_macsec_get_send_sci(struct rtnl_link *link, uint8_t *send_sci)
818{
819 struct macsec_info *info = link->l_info;
820
821 IS_MACSEC_LINK_ASSERT(link);
822
823 if (!(info->ce_mask & MACSEC_ATTR_INC_SCI))
824 return -NLE_NOATTR;
825
826 if (send_sci)
827 *send_sci = info->send_sci;
828
829 return 0;
830}
831
832int rtnl_link_macsec_set_end_station(struct rtnl_link *link, uint8_t end_station)
833{
834 struct macsec_info *info = link->l_info;
835
836 IS_MACSEC_LINK_ASSERT(link);
837
838 if (end_station > 1)
839 return -NLE_INVAL;
840
841 info->end_station = end_station;
842 info->ce_mask |= MACSEC_ATTR_ES;
843
844 return 0;
845}
846
847int rtnl_link_macsec_get_end_station(struct rtnl_link *link, uint8_t *es)
848{
849 struct macsec_info *info = link->l_info;
850
851 IS_MACSEC_LINK_ASSERT(link);
852
853 if (!(info->ce_mask & MACSEC_ATTR_ES))
854 return -NLE_NOATTR;
855
856 if (es)
857 *es = info->end_station;
858
859 return 0;
860}
861
862int rtnl_link_macsec_set_scb(struct rtnl_link *link, uint8_t scb)
863{
864 struct macsec_info *info = link->l_info;
865
866 IS_MACSEC_LINK_ASSERT(link);
867
868 if (scb > 1)
869 return -NLE_INVAL;
870
871 info->scb = scb;
872 info->ce_mask |= MACSEC_ATTR_SCB;
873
874 return 0;
875}
876
877int rtnl_link_macsec_get_scb(struct rtnl_link *link, uint8_t *scb)
878{
879 struct macsec_info *info = link->l_info;
880
881 IS_MACSEC_LINK_ASSERT(link);
882
883 if (!(info->ce_mask & MACSEC_ATTR_SCB))
884 return -NLE_NOATTR;
885
886 if (scb)
887 *scb = info->scb;
888
889 return 0;
890}
891
892/** @} */
893
894/** @} */
uint32_t nla_get_u32(const struct nlattr *nla)
Return payload of 32 bit integer attribute.
Definition attr.c:710
#define NLA_PUT_U16(msg, attrtype, value)
Add 16 bit integer attribute to netlink message.
Definition attr.h:212
#define NLA_PUT_U8(msg, attrtype, value)
Add 8 bit integer attribute to netlink message.
Definition attr.h:194
uint64_t nla_get_u64(const struct nlattr *nla)
Return payload of u64 attribute.
Definition attr.c:765
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
Definition attr.h:230
uint8_t nla_get_u8(const struct nlattr *nla)
Return value of 8 bit integer attribute.
Definition attr.c:610
struct nlattr * nla_nest_start(struct nl_msg *msg, int attrtype)
Start a new level of nested attributes.
Definition attr.c:906
int nla_parse_nested(struct nlattr *tb[], int maxtype, struct nlattr *nla, const struct nla_policy *policy)
Create attribute index based on nested attribute.
Definition attr.c:1033
#define NLA_PUT_U64(msg, attrtype, value)
Add 64 bit integer attribute to netlink message.
Definition attr.h:248
int nla_nest_end(struct nl_msg *msg, struct nlattr *start)
Finalize nesting of attributes.
Definition attr.c:969
@ NLA_U64
64 bit integer
Definition attr.h:38
@ NLA_U8
8 bit integer
Definition attr.h:35
@ NLA_U32
32 bit integer
Definition attr.h:37
int rtnl_link_macsec_set_sci(struct rtnl_link *link, uint64_t sci)
Set SCI.
Definition macsec.c:465
int rtnl_link_macsec_get_sci(struct rtnl_link *link, uint64_t *sci)
Get SCI.
Definition macsec.c:485
int rtnl_link_macsec_set_port(struct rtnl_link *link, uint16_t port)
Set port identifier.
Definition macsec.c:507
int rtnl_link_macsec_get_port(struct rtnl_link *link, uint16_t *port)
Get port identifier.
Definition macsec.c:526
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition utils.c:1017
@ NL_DUMP_LINE
Dump object briefly on one line.
Definition types.h:20
@ NL_DUMP_DETAILS
Dump all attributes but no statistics.
Definition types.h:21
Dumping parameters.
Definition types.h:32
Attribute validation policy.
Definition attr.h:63
uint16_t type
Type of attribute or NLA_UNSPEC.
Definition attr.h:65