LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-22-2014, 06:07 AM   #1
samiran.linux
LQ Newbie
 
Registered: Jul 2013
Posts: 28

Rep: Reputation: Disabled
how to add xfrm state add using c program


Hi,
how to make a security association entry using xfrm c code?? http://www.croz.net/eng/xfrm-programming/ from this I get idea to add policy and same I am using for state.. The sample code is given below but it outputs "RTNETLINK answers: Invalid argument" .. Any Help??


int xfrm_state_add (struct in_addr *saddr, struct in_addr *daddr , int spi) {
int preferred_family = AF_INET;

struct rtnl_handle rth;
struct {
struct nlmsghdr n;
struct xfrm_usersa_info xsinfo;
char buf[ RTA_BUF_SIZE ];
} req;

char tmpls_buf[XFRM_TMPLS_BUF_SIZE];
int tmpls_len = 0;
int idx;

char auth_algo_buf[XFRM_TMPLS_BUF_SIZE];
char enc_algo_buf[XFRM_TMPLS_BUF_SIZE];
int auth_algobuf_len = 0;
int enc_algobuf_len = 0;

memset(&req, 0, sizeof(req));
memset(&auth_algo_buf, 0, sizeof(auth_algo_buf));
memset(&enc_algo_buf, 0, sizeof(enc_algo_buf));

req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo));
req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL;
req.n.nlmsg_type = XFRM_MSG_NEWSA;
req.xsinfo.family = preferred_family;

req.xsinfo.lft.soft_byte_limit = XFRM_INF;
req.xsinfo.lft.hard_byte_limit = XFRM_INF;
req.xsinfo.lft.soft_packet_limit = XFRM_INF;
req.xsinfo.lft.hard_packet_limit = XFRM_INF;

req.xsinfo.saddr.a4 = saddr->s_addr;

req.xsinfo.id.daddr.a4 = daddr->s_addr;
req.xsinfo.id.spi = (__u32) spi;
req.xsinfo.id.proto = IPPROTO_ESP;

req.xsinfo.mode = 1;

struct xfrm_algo *AuthAlgo = NULL, *EncAlgo = NULL;

if( auth_algobuf_len + sizeof(struct xfrm_algo) > sizeof( auth_algo_buf ) )
{ fprintf( stderr, "buffer overflow\n" ); exit(1); }
AuthAlgo = (struct xfrm_algo *)((char *)auth_algo_buf + auth_algobuf_len);

strcpy(AuthAlgo->alg_name,"hmac(sha256)");
AuthAlgo->alg_key_len = 256;
strncpy(AuthAlgo->alg_key,"12345678901234567890123456789012",32);

auth_algobuf_len += sizeof( *AuthAlgo );

if (auth_algobuf_len > 0)
{ addattr_l(&req.n, sizeof(req), XFRMA_ALG_AUTH, (void *)auth_algo_buf, auth_algobuf_len); }

if( enc_algobuf_len + sizeof(struct xfrm_algo) > sizeof( enc_algo_buf ) )
{ fprintf( stderr, " ** ERROR Too many tmpls: buffer overflow\n" ); exit(1); }

EncAlgo = (struct xfrm_algo *)((char *)enc_algo_buf + enc_algobuf_len);

strcpy(EncAlgo->alg_name,"cbc(aes)");
EncAlgo->alg_key_len = 128;
strncpy(EncAlgo->alg_key,"1234567890123456",16);

enc_algobuf_len += sizeof( *EncAlgo );

if (enc_algobuf_len > 0)
{ addattr_l(&req.n, sizeof(req), XFRMA_ALG_CRYPT, (void *)enc_algo_buf, enc_algobuf_len); }

if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
{ printf( " ** ERROR xfrm_state_add::rtnl_open_byproto()\n" ); exit(1); }

if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
{ printf( " ** ERROR State add rtnl_talk()\n" ); exit(2); }

rtnl_close(&rth);

return 0;
}

Last edited by samiran.linux; 04-22-2014 at 07:52 AM.
 
Old 04-22-2014, 10:09 AM   #2
samiran.linux
LQ Newbie
 
Registered: Jul 2013
Posts: 28

Original Poster
Rep: Reputation: Disabled
I have solved the problem ... Actually what I have done is that instead of allocating buffer for struct xfrm_algo using a character buffer, I have declared a structure like below
struct {
struct xfrm_algo algo
char Buff[512];
} EncAlgo = {};

This will alocate buffer for xfrm_key[0]...
 
  


Reply

Tags
ipsec


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What is the best way to add flash to Slackware14? (Morphed into how to add a repo to sbopkg?) DrCR Slackware 10 12-29-2012 10:36 PM
[SOLVED] 'ip xfrm state add' for cipher_null support yhclqo Linux - Kernel 3 10-26-2010 04:20 AM
Slackware add-ons: state your reasons Alien_Hominid Slackware 17 02-03-2008 07:41 PM
What's package daemon that add to /etc/fstab when you add USB sticks frenchn00b Linux - General 3 01-20-2008 09:30 PM
How do I add Program rbanonuevo Linux - Newbie 5 01-03-2002 11:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration