# Copyright 2017 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# AF_KEY support.
include <linux/socket.h>
include <linux/net.h>
include <linux/pfkeyv2.h>
include <linux/ipsec.h>
resource sock_key[sock]
socket$key(domain const[AF_KEY], type const[SOCK_RAW], proto const[PF_KEY_V2]) sock_key
openat$pfkey(fd const[AT_FDCWD], file ptr[in, string["/proc/self/net/pfkey"]], flags flags[open_flags], mode const[0]) fd
sendmsg$key(fd sock_key, msg ptr[in, send_msghdr_key], f flags[send_flags])
send_msghdr_key {
msg_name const[0, intptr]
msg_namelen const[0, int32]
msg_iov ptr[in, iovec_sadb_msg]
msg_iovlen const[1, intptr]
msg_control const[0, intptr]
msg_controllen const[0, intptr]
msg_flags const[0, int32]
}
iovec_sadb_msg {
addr ptr[in, sadb_msg]
len bytesize[addr, intptr]
}
sadb_msg {
sadb_msg_version const[PF_KEY_V2, int8]
sadb_msg_type int8[SADB_RESERVED:SADB_MAX]
sadb_msg_errno int8
sadb_msg_satype flags[sadb_satype, int8]
sadb_msg_len bytesize8[parent, int16]
sadb_msg_reserved const[0, int16]
sadb_msg_seq netlink_seq
sadb_msg_pid netlink_port_id
ext_headers array[sadb_ext_hdr]
} [packed]
sadb_ext_hdr [
sadb_sa sadb_sa
sadb_lifetime sadb_lifetime
sadb_address sadb_address
sadb_key sadb_key
sadb_ident sadb_ident
sadb_spirange sadb_spirange
sadb_x_policy sadb_x_policy
sadb_x_sa2 sadb_x_sa2
sadb_x_nat_t_type sadb_x_nat_t_type
sadb_x_nat_t_port sadb_x_nat_t_port
sadb_x_sec_ctx sadb_x_sec_ctx
sadb_x_kmaddress sadb_x_kmaddress
sadb_x_filter sadb_x_filter
] [varlen]
sadb_sa {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_EXT_SA, int16]
sadb_sa_spi xfrm_spi
sadb_sa_replay int8
sadb_sa_state int8
sadb_sa_auth int8[SADB_AALG_NONE:SADB_AALG_MAX]
sadb_sa_encrypt int8[SADB_X_CALG_NONE:SADB_X_CALG_MAX]
sadb_sa_flags flags[sadb_sa_flags, int32]
} [packed, align_8]
sadb_sa_flags = SADB_SAFLAGS_PFS, SADB_SAFLAGS_NOPMTUDISC, SADB_SAFLAGS_DECAP_DSCP, SADB_SAFLAGS_NOECN
sadb_lifetime {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_lifetime_type, int16]
sadb_lifetime_allocations int32
sadb_lifetime_bytes int64
sadb_lifetime_addtime int64
sadb_lifetime_usetime int64
} [packed, align_8]
sadb_address {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_address_type, int16]
sadb_address_proto flags[xfrm_proto, int8]
sadb_address_prefixlen flags[xfrm_prefixlens, int8]
sadb_address_reserved const[0, int16]
addr sadb_address_addr
} [packed, align_8]
sadb_address_addr [
in sockaddr_in
in6 sockaddr_in6
] [varlen]
sadb_key {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_key_type, int16]
sadb_key_bits bitsize[key, int16]
sadb_key_reserved const[0, int16]
key array[int8]
} [packed, align_8]
sadb_ident {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_ident_type, int16]
sadb_ident_type int16
sadb_ident_reserved const[0, int16]
sadb_ident_id int64
} [packed, align_8]
sadb_spirange {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_EXT_SPIRANGE, int16]
sadb_spirange_min xfrm_spi
sadb_spirange_max xfrm_spi
sadb_spirange_reserved const[0, int32]
} [packed, align_8]
sadb_x_policy {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_POLICY, int16]
sadb_x_policy_type int16[IPSEC_POLICY_DISCARD:IPSEC_POLICY_BYPASS]
sadb_x_policy_dir flags[ipsec_policy_dir, int8]
sadb_x_policy_reserved const[0, int8]
sadb_x_policy_id xfrm_policy_index
sadb_x_policy_priority int32
policy sadb_x_ipsecrequest
} [packed, align_8]
sadb_x_ipsecrequest {
sadb_x_ipsecrequest_len bytesize8[parent, int16]
sadb_x_ipsecrequest_proto flags[xfrm_proto, int16]
sadb_x_ipsecrequest_mode int8
sadb_x_ipsecrequest_level int8
sadb_x_ipsecrequest_reserved1 const[0, int16]
sadb_x_ipsecrequest_reqid int32
sadb_x_ipsecrequest_reserved2 const[0, int32]
saddr sadb_filter_addr
daddr sadb_filter_addr
} [packed, align_8]
sadb_x_sa2 {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_SA2, int16]
sadb_x_sa2_mode int8
sadb_x_sa2_reserved1 const[0, int8]
sadb_x_sa2_reserved2 const[0, int16]
sadb_x_sa2_sequence netlink_seq
sadb_x_sa2_reqid xfrm_req_id
} [packed, align_8]
sadb_x_nat_t_type {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_NAT_T_TYPE, int16]
sadb_x_nat_t_type_type int8
sadb_x_nat_t_type_reserved array[const[0, int8], 3]
} [packed, align_8]
sadb_x_nat_t_port {
sadb_len bytesize8[parent, int16]
sadb_exttype flags[sadb_nat_port_type, int16]
sadb_x_nat_t_port_port sock_port
sadb_x_nat_t_port_reserved const[0, int16]
} [packed, align_8]
sadb_x_sec_ctx {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_SEC_CTX, int16]
sadb_x_ctx_alg int8
sadb_x_ctx_doi int8
sadb_x_ctx_len bytesize[ctx, int16]
ctx array[int8]
} [packed, align_8]
sadb_x_kmaddress {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_KMADDRESS, int16]
sadb_x_kmaddress_reserved const[0, int32]
src sadb_address_addr
dst sadb_address_addr
} [packed, align_8]
sadb_x_filter {
sadb_len bytesize8[parent, int16]
sadb_exttype const[SADB_X_EXT_FILTER, int16]
sadb_x_filter_saddr sadb_filter_addr
sadb_x_filter_daddr sadb_filter_addr
sadb_x_filter_family flags[socket_domain, int16]
sadb_x_filter_splen flags[sadb_filter_addr_len, int8]
sadb_x_filter_dplen flags[sadb_filter_addr_len, int8]
} [packed, align_8]
sadb_filter_addr [
in ipv4_addr
in6 ipv6_addr
]
sadb_satype = SADB_SATYPE_UNSPEC, SADB_SATYPE_AH, SADB_SATYPE_ESP, SADB_SATYPE_RSVP, SADB_SATYPE_OSPFV2, SADB_SATYPE_RIPV2, SADB_SATYPE_MIP, SADB_X_SATYPE_IPCOMP, SADB_SATYPE_MAX
sadb_lifetime_type = SADB_EXT_LIFETIME_CURRENT, SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT
sadb_address_type = SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_X_EXT_NAT_T_OA
sadb_key_type = SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT
sadb_ident_type = SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST
sadb_nat_port_type = SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT
ipsec_policy_dir = IPSEC_DIR_ANY, IPSEC_DIR_INBOUND, IPSEC_DIR_OUTBOUND, IPSEC_DIR_FWD, IPSEC_DIR_MAX
sadb_filter_addr_len = 4, 16