71 using android::netdutils::DumpWriter;
72 using android::netdutils::Fd;
73 using android::netdutils::ScopedIndent;
74 using android::netdutils::Slice;
75 using android::netdutils::Status;
76 using android::netdutils::StatusOr;
77 using android::netdutils::Syscalls;
216 inline Syscalls& getSyscallInstance() { return netdutils::sSyscalls.get(); }  in getSyscallInstance()
236     netdutils::Status open() override {  in open()
240             return netdutils::statusFromErrno(-mSock, "Could not open netlink socket");  in open()
243         return netdutils::status::ok;  in open()
246     static netdutils::Status validateResponse(NetlinkResponse response, size_t len) {  in validateResponse()
249             return netdutils::statusFromErrno(EBADMSG, "Invalid message");  in validateResponse()
255                 return netdutils::status::ok;  in validateResponse()
258                 return netdutils::statusFromErrno(EBADMSG, "Kernel buffer overrun");  in validateResponse()
262                     return netdutils::statusFromErrno(EBADMSG, "Malformed error response");  in validateResponse()
264                 return netdutils::statusFromErrno(  in validateResponse()
274             return netdutils::statusFromErrno(EBADMSG, "Invalid message ID");  in validateResponse()
278         return netdutils::status::ok;  in validateResponse()
281     netdutils::Status sendMessage(uint16_t nlMsgType, uint16_t nlMsgFlags, uint16_t nlMsgSeqNum,  in sendMessage()
306             return netdutils::statusFromErrno(EBADMSG, "Invalid message length");  in sendMessage()
312             getSyscallInstance().read(Fd(mSock), netdutils::makeSlice(response));  in sendMessage()
341         return netdutils::statusFromErrno(EAFNOSUPPORT, "Invalid address family");  in convertToXfrmAddr()
402 netdutils::Status XfrmController::Init() {  in Init()
412 netdutils::Status XfrmController::flushInterfaces() {  in flushInterfaces()
418         netdutils::Status status;  in flushInterfaces()
424     return netdutils::status::ok;  in flushInterfaces()
427 netdutils::Status XfrmController::flushSaDb(const XfrmSocket& s) {  in flushSaDb()
437 netdutils::Status XfrmController::flushPolicyDb(const XfrmSocket& s) {  in flushPolicyDb()
454 netdutils::Status XfrmController::ipSecSetEncapSocketOwner(int socketFd, int newUid,  in ipSecSetEncapSocketOwner()
461         return netdutils::statusFromErrno(errno, "Failed to stat socket file descriptor");  in ipSecSetEncapSocketOwner()
464         return netdutils::statusFromErrno(EPERM, "fchown disabled for non-owner calls");  in ipSecSetEncapSocketOwner()
467         return netdutils::statusFromErrno(EINVAL, "File descriptor was not a socket");  in ipSecSetEncapSocketOwner()
472     netdutils::Status status =  in ipSecSetEncapSocketOwner()
474     if (status != netdutils::status::ok) {  in ipSecSetEncapSocketOwner()
478         return netdutils::statusFromErrno(EINVAL, "Socket did not have UDP-encap sockopt set");  in ipSecSetEncapSocketOwner()
481         return netdutils::statusFromErrno(errno, "Failed to fchown socket file descriptor");  in ipSecSetEncapSocketOwner()
484     return netdutils::status::ok;  in ipSecSetEncapSocketOwner()
487 netdutils::Status XfrmController::ipSecAllocateSpi(int32_t transformId,  in ipSecAllocateSpi()
498     netdutils::Status ret = fillXfrmCommonInfo(sourceAddress, destinationAddress, INVALID_SPI, 0, 0,  in ipSecAllocateSpi()
505     netdutils::Status socketStatus = sock.open();  in ipSecAllocateSpi()
526 netdutils::Status XfrmController::ipSecAddSecurityAssociation(  in ipSecAddSecurityAssociation()
555     netdutils::Status ret = fillXfrmCommonInfo(sourceAddress, destinationAddress, spi, markValue,  in ipSecAddSecurityAssociation()
576             return netdutils::statusFromErrno(EINVAL, "Invalid xfrm mode");  in ipSecAddSecurityAssociation()
580     netdutils::Status socketStatus = sock.open();  in ipSecAddSecurityAssociation()
590                 return netdutils::statusFromErrno(EAFNOSUPPORT, "IPv6 encap not supported");  in ipSecAddSecurityAssociation()
601             return netdutils::statusFromErrno(EINVAL, "Invalid encap type");  in ipSecAddSecurityAssociation()
614 netdutils::Status XfrmController::ipSecDeleteSecurityAssociation(  in ipSecDeleteSecurityAssociation()
628     netdutils::Status ret = fillXfrmCommonInfo(sourceAddress, destinationAddress, spi, markValue,  in ipSecDeleteSecurityAssociation()
635     netdutils::Status socketStatus = sock.open();  in ipSecDeleteSecurityAssociation()
649 netdutils::Status XfrmController::fillXfrmCommonInfo(const std::string& sourceAddress,  in fillXfrmCommonInfo()
661         return netdutils::statusFromErrno(EINVAL, "Invalid address " + sourceAddress + "/" +  in fillXfrmCommonInfo()
669         return netdutils::statusFromErrno(EINVAL, "Invalid or mismatched address families");  in fillXfrmCommonInfo()
680 netdutils::Status XfrmController::fillXfrmCommonInfo(int32_t spi, int32_t markValue,  in fillXfrmCommonInfo()
694     return netdutils::status::ok;  in fillXfrmCommonInfo()
697 netdutils::Status XfrmController::ipSecApplyTransportModeTransform(  in ipSecApplyTransportModeTransform()
716     netdutils::Status status = fillXfrmCommonInfo(sourceAddress, destinationAddress, spi, 0, 0,  in ipSecApplyTransportModeTransform()
732         return netdutils::statusFromErrno(EINVAL, "Mismatched address family");  in ipSecApplyTransportModeTransform()
756             return netdutils::statusFromErrno(EAFNOSUPPORT, "Invalid address family");  in ipSecApplyTransportModeTransform()
767 netdutils::Status XfrmController::ipSecRemoveTransportModeTransform(int socketFd) {  in ipSecRemoveTransportModeTransform()
788             return netdutils::statusFromErrno(EAFNOSUPPORT, "Invalid address family");  in ipSecRemoveTransportModeTransform()
793     netdutils::Status status =  in ipSecRemoveTransportModeTransform()
802 netdutils::Status XfrmController::ipSecAddSecurityPolicy(  in ipSecAddSecurityPolicy()
811 netdutils::Status XfrmController::ipSecUpdateSecurityPolicy(  in ipSecUpdateSecurityPolicy()
820 netdutils::Status XfrmController::ipSecDeleteSecurityPolicy(int32_t transformId,  in ipSecDeleteSecurityPolicy()
829 netdutils::Status XfrmController::processSecurityPolicy(  in processSecurityPolicy()
877 netdutils::Status XfrmController::updateSecurityAssociation(const XfrmSaInfo& record,  in updateSecurityAssociation()
929         return netdutils::statusFromErrno(EINVAL, "Invalid xfrm algo selection; AEAD is mutually "  in updateSecurityAssociation()
936         return netdutils::statusFromErrno(EINVAL, "Key length invalid; exceeds MAX_KEY_LENGTH");  in updateSecurityAssociation()
941         return netdutils::statusFromErrno(EINVAL,  in updateSecurityAssociation()
945         return netdutils::statusFromErrno(EINVAL, "xfrm_if_id set for VTI Security Association");  in updateSecurityAssociation()
1082 netdutils::Status XfrmController::deleteSecurityAssociation(const XfrmCommonInfo& record,  in deleteSecurityAssociation()
1113 netdutils::Status XfrmController::allocateSpi(const XfrmSaInfo& record, uint32_t minSpi,  in allocateSpi()
1136     netdutils::Status ret;  in allocateSpi()
1143         if (netdutils::equalToErrno(ret, ENOENT))  in allocateSpi()
1161 netdutils::Status XfrmController::updateTunnelModeSecurityPolicy(const XfrmSpInfo& record,  in updateTunnelModeSecurityPolicy()
1210 netdutils::Status XfrmController::deleteTunnelModeSecurityPolicy(const XfrmSpInfo& record,  in deleteTunnelModeSecurityPolicy()
1351 netdutils::Status XfrmController::ipSecAddTunnelInterface(const std::string& deviceName,  in ipSecAddTunnelInterface()
1375 netdutils::Status XfrmController::ipSecAddXfrmInterface(const std::string& deviceName,  in ipSecAddXfrmInterface()
1380         return netdutils::statusFromErrno(EINVAL, "XFRM Interface deviceName empty");  in ipSecAddXfrmInterface()
1461     return netdutils::statusFromErrno(ret, "Add/update xfrm interface");  in ipSecAddXfrmInterface()
1464 netdutils::Status XfrmController::ipSecAddVirtualTunnelInterface(const std::string& deviceName,  in ipSecAddVirtualTunnelInterface()
1472         return netdutils::statusFromErrno(EINVAL, "Required VTI creation parameter not provided");  in ipSecAddVirtualTunnelInterface()
1488         return netdutils::statusFromErrno(EINVAL, "Local and remote address families do not match");  in ipSecAddVirtualTunnelInterface()
1517                             netdutils::makeSlice(binaryLocalAddress));  in ipSecAddVirtualTunnelInterface()
1524                             netdutils::makeSlice(binaryRemoteAddress));  in ipSecAddVirtualTunnelInterface()
1586     return netdutils::statusFromErrno(ret, "Failed to add/update virtual tunnel interface");  in ipSecAddVirtualTunnelInterface()
1589 netdutils::Status XfrmController::ipSecRemoveTunnelInterface(const std::string& deviceName) {  in ipSecRemoveTunnelInterface()
1594         return netdutils::statusFromErrno(EINVAL, "Required parameter not provided");  in ipSecRemoveTunnelInterface()
1620     return netdutils::statusFromErrno(ret, "Error in deleting IpSec interface " + deviceName);  in ipSecRemoveTunnelInterface()