/****************************************************************
 * acm_simple_type_enforcement_hooks.c
 * 
 * Copyright (C) 2005 IBM Corporation
 *
 * Author:
 * Reiner Sailer <sailer@watson.ibm.com>
 *
 * Contributors:
 * Stefan Berger <stefanb@watson.ibm.com>
 *         support for network order binary policies
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 *
 * sHype Simple Type Enforcement for Xen
 *     STE allows to control which domains can setup sharing
 *     (eventchannels right now) with which other domains. Hooks
 *     are defined and called throughout Xen when domains bind to
 *     shared resources (setup eventchannels) and a domain is allowed
 *     to setup sharing with another domain if and only if both domains
 *     share at least on common type.
 *
 */

#include <xen/lib.h>
#include <asm/types.h>
#include <asm/current.h>
#include <acm/acm_hooks.h>
#include <asm/atomic.h>
#include <acm/acm_endian.h>

/* local cache structures for STE policy */
struct ste_binary_policy ste_bin_pol;

static inline int have_common_type (ssidref_t ref1, ssidref_t ref2) {
    int i;
    for(i=0; i< ste_bin_pol.max_types; i++)
        if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] && 
             ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i]) {
            printkd("%s: common type #%02x.\n", __func__, i);
            return 1;
        }
    return 0;
}

/* Helper function: return = (subj and obj share a common type) */
static int share_common_type(struct domain *subj, struct domain *obj)
{
    ssidref_t ref_s, ref_o;
    int ret;

    if ((subj == NULL) || (obj == NULL) || (subj->ssid == NULL) || (obj->ssid == NULL))
        return 0;
    read_lock(&acm_bin_pol_rwlock);
    /* lookup the policy-local ssids */
    ref_s = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                           (struct acm_ssid_domain *)subj->ssid)))->ste_ssidref;
    ref_o = ((struct ste_ssid *)(GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                           (struct acm_ssid_domain *)obj->ssid)))->ste_ssidref;
    /* check whether subj and obj share a common ste type */
    ret = have_common_type(ref_s, ref_o);
    read_unlock(&acm_bin_pol_rwlock);
    return ret;
}

/*
 * Initializing STE policy (will be filled by policy partition
 * using setpolicy command)
 */
int acm_init_ste_policy(void)
{
    /* minimal startup policy; policy write-locked already */
    ste_bin_pol.max_types = 1;
    ste_bin_pol.max_ssidrefs = 2;
    ste_bin_pol.ssidrefs = (domaintype_t *)xmalloc_array(domaintype_t, 2);
    memset(ste_bin_pol.ssidrefs, 0, 2);

    if (ste_bin_pol.ssidrefs == NULL)
        return ACM_INIT_SSID_ERROR;

 /* initialize state so that dom0 can start up and communicate with itself */
    ste_bin_pol.ssidrefs[1] = 1;

    /* init stats */
    atomic_set(&(ste_bin_pol.ec_eval_count), 0);
    atomic_set(&(ste_bin_pol.ec_denied_count), 0);
    atomic_set(&(ste_bin_pol.ec_cachehit_count), 0);
    atomic_set(&(ste_bin_pol.gt_eval_count), 0);
    atomic_set(&(ste_bin_pol.gt_denied_count), 0);
    atomic_set(&(ste_bin_pol.gt_cachehit_count), 0);
    return ACM_OK;
}


/* ste initialization function hooks */
static int
ste_init_domain_ssid(void **ste_ssid, ssidref_t ssidref)
{
    int i;
    struct ste_ssid *ste_ssidp = xmalloc(struct ste_ssid);
    traceprintk("%s.\n", __func__);

    if (ste_ssidp == NULL)
        return ACM_INIT_SSID_ERROR;

    /* get policy-local ssid reference */
    ste_ssidp->ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
    if ((ste_ssidp->ste_ssidref >= ste_bin_pol.max_ssidrefs) ||
        (ste_ssidp->ste_ssidref == ACM_DEFAULT_LOCAL_SSID)) {
        printkd("%s: ERROR ste_ssidref (%x) undefined or unset (0).\n",
                __func__, ste_ssidp->ste_ssidref);
        xfree(ste_ssidp);
        return ACM_INIT_SSID_ERROR;
    }
    /* clean ste cache */
    for (i=0; i<ACM_TE_CACHE_SIZE; i++)
        ste_ssidp->ste_cache[i].valid = ACM_STE_free;

    (*ste_ssid) = ste_ssidp;
    printkd("%s: determined ste_ssidref to %x.\n", 
            __func__, ste_ssidp->ste_ssidref);
    return ACM_OK;
}


static void
ste_free_domain_ssid(void *ste_ssid)
{
    traceprintk("%s.\n", __func__);
    xfree(ste_ssid);
    return;
}

/* dump type enforcement cache; policy read-locked already */
static int 
ste_dump_policy(u8 *buf, u32 buf_size) {
    struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf;
    int ret = 0;

    if (buf_size < sizeof(struct acm_ste_policy_buffer))
        return -EINVAL;

    ste_buf->ste_max_types = htonl(ste_bin_pol.max_types);
    ste_buf->ste_max_ssidrefs = htonl(ste_bin_pol.max_ssidrefs);
    ste_buf->policy_code = htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
    ste_buf->ste_ssid_offset = htonl(sizeof(struct acm_ste_policy_buffer));
    ret = ntohl(ste_buf->ste_ssid_offset) +
        sizeof(domaintype_t)*ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types;

    ret = (ret + 7) & ~7;

    if (buf_size < ret)
        return -EINVAL;

    /* now copy buffer over */
    arrcpy(buf + ntohl(ste_buf->ste_ssid_offset),
           ste_bin_pol.ssidrefs,
           sizeof(domaintype_t),
           ste_bin_pol.max_ssidrefs*ste_bin_pol.max_types);

    return ret;
}

/* ste_init_state is called when a policy is changed to detect violations (return != 0).
 * from a security point of view, we simulate that all running domains are re-started and
 * all sharing decisions are replayed to detect violations or current sharing behavior
 * (right now: event_channels, future: also grant_tables)
 */ 
static int
ste_init_state(struct acm_ste_policy_buffer *ste_buf, domaintype_t *ssidrefs)
{
    int violation = 1;
    struct ste_ssid *ste_ssid, *ste_rssid;
    ssidref_t ste_ssidref, ste_rssidref;
    struct domain **pd, *rdom;
    domid_t rdomid;
    grant_entry_t sha_copy;
    int port, i;

    read_lock(&domlist_lock); /* go by domain? or directly by global? event/grant list */
    /* go through all domains and adjust policy as if this domain was started now */
    pd = &domain_list;
    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
        ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                             (struct acm_ssid_domain *)(*pd)->ssid);
        ste_ssidref = ste_ssid->ste_ssidref;
        traceprintk("%s: validating policy for eventch domain %x (ste-Ref=%x).\n",
                    __func__, (*pd)->domain_id, ste_ssidref);
        /* a) check for event channel conflicts */
        for (port=0; port < NR_EVTCHN_BUCKETS; port++) {
            spin_lock(&(*pd)->evtchn_lock);
            if ((*pd)->evtchn[port] == NULL) {
                spin_unlock(&(*pd)->evtchn_lock);
                continue;
            }
            if ((*pd)->evtchn[port]->state == ECS_INTERDOMAIN) {
                rdom = (*pd)->evtchn[port]->u.interdomain.remote_dom;
                rdomid = rdom->domain_id;
                /* rdom now has remote domain */
                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                      (struct acm_ssid_domain *)(rdom->ssid));
                ste_rssidref = ste_rssid->ste_ssidref;
            } else if ((*pd)->evtchn[port]->state == ECS_UNBOUND) {
                rdomid = (*pd)->evtchn[port]->u.unbound.remote_domid;
                if ((rdom = find_domain_by_id(rdomid)) == NULL) {
                    printk("%s: Error finding domain to id %x!\n", __func__, rdomid);
                    goto out;
                }
                /* rdom now has remote domain */
                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                      (struct acm_ssid_domain *)(rdom->ssid));
                ste_rssidref = ste_rssid->ste_ssidref;
                put_domain(rdom);
            } else {
                spin_unlock(&(*pd)->evtchn_lock);
                continue; /* port unused */
            }
            spin_unlock(&(*pd)->evtchn_lock);

            /* rdom now has remote domain */
            ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                  (struct acm_ssid_domain *)(rdom->ssid));
            ste_rssidref = ste_rssid->ste_ssidref;
            traceprintk("%s: eventch: domain %x (ssidref %x) --> domain %x (rssidref %x) used (port %x).\n", 
                        __func__, (*pd)->domain_id, ste_ssidref, rdom->domain_id, ste_rssidref, port);  
            /* check whether on subj->ssid, obj->ssid share a common type*/
            if (!have_common_type(ste_ssidref, ste_rssidref)) {
                printkd("%s: Policy violation in event channel domain %x -> domain %x.\n",
                        __func__, (*pd)->domain_id, rdomid);
                goto out;
            }
        } 
        /* b) check for grant table conflicts on shared pages */
        if ((*pd)->grant_table->shared == NULL) {
            printkd("%s: Grant ... sharing for domain %x not setup!\n", __func__, (*pd)->domain_id);
            continue;
        }
        for ( i = 0; i < NR_GRANT_ENTRIES; i++ ) {
            sha_copy =  (*pd)->grant_table->shared[i];
            if ( sha_copy.flags ) {
                printkd("%s: grant dom (%hu) SHARED (%d) flags:(%hx) dom:(%hu) frame:(%lx)\n",
                        __func__, (*pd)->domain_id, i, sha_copy.flags, sha_copy.domid, 
                        (unsigned long)sha_copy.frame);
                rdomid = sha_copy.domid;
                if ((rdom = find_domain_by_id(rdomid)) == NULL) {
                    printkd("%s: domain not found ERROR!\n", __func__);
                    goto out;
                };
                /* rdom now has remote domain */
                ste_rssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                                      (struct acm_ssid_domain *)(rdom->ssid));
                ste_rssidref = ste_rssid->ste_ssidref;
                put_domain(rdom);
                if (!have_common_type(ste_ssidref, ste_rssidref)) {
                    printkd("%s: Policy violation in grant table sharing domain %x -> domain %x.\n",
                            __func__, (*pd)->domain_id, rdomid);
                    goto out;
                }
            }
        }
    }
    violation = 0;
 out:
    read_unlock(&domlist_lock);
    return violation;
    /* returning "violation != 0" means that existing sharing between domains would not 
     * have been allowed if the new policy had been enforced before the sharing; for ste, 
     * this means that there are at least 2 domains that have established sharing through 
     * event-channels or grant-tables but these two domains don't have no longer a common 
     * type in their typesets referenced by their ssidrefs */
}

/* set new policy; policy write-locked already */
static int
ste_set_policy(u8 *buf, u32 buf_size)
{
    struct acm_ste_policy_buffer *ste_buf = (struct acm_ste_policy_buffer *)buf;
    void *ssidrefsbuf;
    struct ste_ssid *ste_ssid;
    struct domain **pd;
    int i;

    if (buf_size < sizeof(struct acm_ste_policy_buffer))
        return -EINVAL;

    /* Convert endianess of policy */
    ste_buf->policy_code = ntohl(ste_buf->policy_code);
    ste_buf->policy_version = ntohl(ste_buf->policy_version);
    ste_buf->ste_max_types = ntohl(ste_buf->ste_max_types);
    ste_buf->ste_max_ssidrefs = ntohl(ste_buf->ste_max_ssidrefs);
    ste_buf->ste_ssid_offset = ntohl(ste_buf->ste_ssid_offset);

    /* policy type and version checks */
    if ((ste_buf->policy_code != ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) ||
        (ste_buf->policy_version != ACM_STE_VERSION))
        return -EINVAL;

    /* 1. create and copy-in new ssidrefs buffer */
    ssidrefsbuf = xmalloc_array(u8, sizeof(domaintype_t)*ste_buf->ste_max_types*ste_buf->ste_max_ssidrefs);
    if (ssidrefsbuf == NULL) {
        return -ENOMEM;
    }
    if (ste_buf->ste_ssid_offset + sizeof(domaintype_t) * ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types > buf_size)
        goto error_free;

    arrcpy(ssidrefsbuf, 
           buf + ste_buf->ste_ssid_offset,
           sizeof(domaintype_t),
           ste_buf->ste_max_ssidrefs*ste_buf->ste_max_types);

    /* 2. now re-calculate sharing decisions based on running domains;
     *    this can fail if new policy is conflicting with sharing of running domains 
     *    now: reject violating new policy; future: adjust sharing through revoking sharing */
    if (ste_init_state(ste_buf, (domaintype_t *)ssidrefsbuf)) {
        printk("%s: New policy conflicts with running domains. Policy load aborted.\n", __func__);
        goto error_free; /* new policy conflicts with sharing of running domains */
    }
    /* 3. replace old policy (activate new policy) */
    ste_bin_pol.max_types = ste_buf->ste_max_types;
    ste_bin_pol.max_ssidrefs = ste_buf->ste_max_ssidrefs;
    xfree(ste_bin_pol.ssidrefs);
    ste_bin_pol.ssidrefs = (domaintype_t *)ssidrefsbuf;

    /* clear all ste caches */
    read_lock(&domlist_lock);
    pd = &domain_list;
    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
        ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                             (struct acm_ssid_domain *)(*pd)->ssid);
        for (i=0; i<ACM_TE_CACHE_SIZE; i++)
            ste_ssid->ste_cache[i].valid = ACM_STE_free;
    }
    read_unlock(&domlist_lock);
    return ACM_OK;

 error_free:
    printk("%s: ERROR setting policy.\n", __func__);
    xfree(ssidrefsbuf);
    return -EFAULT;
}

static int 
ste_dump_stats(u8 *buf, u16 buf_len)
{
    struct acm_ste_stats_buffer stats;

    /* now send the hook counts to user space */
    stats.ec_eval_count = htonl(atomic_read(&ste_bin_pol.ec_eval_count));
    stats.gt_eval_count = htonl(atomic_read(&ste_bin_pol.gt_eval_count));
    stats.ec_denied_count = htonl(atomic_read(&ste_bin_pol.ec_denied_count));
    stats.gt_denied_count = htonl(atomic_read(&ste_bin_pol.gt_denied_count));
    stats.ec_cachehit_count = htonl(atomic_read(&ste_bin_pol.ec_cachehit_count));
    stats.gt_cachehit_count = htonl(atomic_read(&ste_bin_pol.gt_cachehit_count));

    if (buf_len < sizeof(struct acm_ste_stats_buffer))
        return -ENOMEM;

    memcpy(buf, &stats, sizeof(struct acm_ste_stats_buffer));
    return sizeof(struct acm_ste_stats_buffer);
}

static int
ste_dump_ssid_types(ssidref_t ssidref, u8 *buf, u16 len)
{
    int i;

    /* fill in buffer */
    if (ste_bin_pol.max_types > len)
        return -EFAULT;

    if (ssidref >= ste_bin_pol.max_ssidrefs)
        return -EFAULT;

    /* read types for chwall ssidref */
    for(i=0; i< ste_bin_pol.max_types; i++) {
        if (ste_bin_pol.ssidrefs[ssidref * ste_bin_pol.max_types + i])
            buf[i] = 1;
        else
            buf[i] = 0;
    }
    return ste_bin_pol.max_types;
}

/* we need to go through this before calling the hooks,
 * returns 1 == cache hit */
static int inline
check_cache(struct domain *dom, domid_t rdom) {
    struct ste_ssid *ste_ssid;
    int i;

    printkd("checking cache: %x --> %x.\n", dom->domain_id, rdom);

    if (dom->ssid == NULL)
        return 0;
    ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                         (struct acm_ssid_domain *)(dom->ssid));

    for(i=0; i< ACM_TE_CACHE_SIZE; i++) {
        if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
            (ste_ssid->ste_cache[i].id == rdom)) {
            printkd("cache hit (entry %x, id= %x!\n", i, ste_ssid->ste_cache[i].id);
            return 1;
        }
    }
    return 0;
}


/* we only get here if there is NO entry yet; no duplication check! */
static void inline
cache_result(struct domain *subj, struct domain *obj) {
    struct ste_ssid *ste_ssid;
    int i;
    printkd("caching from doms: %x --> %x.\n", subj->domain_id, obj->domain_id);
    if (subj->ssid == NULL)
        return;
    ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, 
                         (struct acm_ssid_domain *)(subj)->ssid);
    for(i=0; i< ACM_TE_CACHE_SIZE; i++)
        if (ste_ssid->ste_cache[i].valid == ACM_STE_free)
            break;
    if (i< ACM_TE_CACHE_SIZE) {
        ste_ssid->ste_cache[i].valid = ACM_STE_valid;
        ste_ssid->ste_cache[i].id = obj->domain_id;
    } else
        printk ("Cache of dom %x is full!\n", subj->domain_id);
}

/* deletes entries for domain 'id' from all caches (re-use) */
static void inline
clean_id_from_cache(domid_t id) 
{
    struct ste_ssid *ste_ssid;
    int i;
    struct domain **pd;
    struct acm_ssid_domain *ssid;

    printkd("deleting cache for dom %x.\n", id);
    read_lock(&domlist_lock); /* look through caches of all domains */
    pd = &domain_list;
    for ( pd = &domain_list; *pd != NULL; pd = &(*pd)->next_in_list ) {
        ssid = (struct acm_ssid_domain *)((*pd)->ssid);

        if (ssid == NULL)
            continue; /* hanging domain structure, no ssid any more ... */
        ste_ssid = GET_SSIDP(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssid);
        if (!ste_ssid) {
            printk("%s: deleting ID from cache ERROR (no ste_ssid)!\n",
                   __func__);
            goto out;
        }
        for (i=0; i<ACM_TE_CACHE_SIZE; i++)
            if ((ste_ssid->ste_cache[i].valid == ACM_STE_valid) &&
                (ste_ssid->ste_cache[i].id == id))
                ste_ssid->ste_cache[i].valid = ACM_STE_free;
    }
 out:
    read_unlock(&domlist_lock);
}

/***************************
 * Authorization functions
 **************************/
static int 
ste_pre_domain_create(void *subject_ssid, ssidref_t ssidref)
{      
    /* check for ssidref in range for policy */
    ssidref_t ste_ssidref;
    traceprintk("%s.\n", __func__);

    read_lock(&acm_bin_pol_rwlock);
    ste_ssidref = GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref);
    if (ste_ssidref == ACM_DEFAULT_LOCAL_SSID) {
        printk("%s: ERROR STE SSID is NOT SET but policy enforced.\n", __func__);
        read_unlock(&acm_bin_pol_rwlock);
        return ACM_ACCESS_DENIED; /* catching and indicating config error */
    }
    if (ste_ssidref >= ste_bin_pol.max_ssidrefs) {
        printk("%s: ERROR ste_ssidref > max(%x).\n", 
               __func__, ste_bin_pol.max_ssidrefs-1);
        read_unlock(&acm_bin_pol_rwlock);
        return ACM_ACCESS_DENIED;
    }
    read_unlock(&acm_bin_pol_rwlock);
    return ACM_ACCESS_PERMITTED;
}

static void 
ste_post_domain_destroy(void *subject_ssid, domid_t id)
{
    /* clean all cache entries for destroyed domain (might be re-used) */
    clean_id_from_cache(id);
}

/* -------- EVENTCHANNEL OPERATIONS -----------*/
static int
ste_pre_eventchannel_unbound(domid_t id1, domid_t id2) {
    struct domain *subj, *obj;
    int ret;
    traceprintk("%s: dom%x-->dom%x.\n", __func__,
                (id1 == DOMID_SELF) ? current->domain->domain_id : id1,
                (id2 == DOMID_SELF) ? current->domain->domain_id : id2);

    if (id1 == DOMID_SELF) id1 = current->domain->domain_id;
    if (id2 == DOMID_SELF) id2 = current->domain->domain_id;

    subj = find_domain_by_id(id1);
    obj  = find_domain_by_id(id2);
    if ((subj == NULL) || (obj == NULL)) {
        ret = ACM_ACCESS_DENIED;
        goto out;
    }
    /* cache check late */
    if (check_cache(subj, obj->domain_id)) {
        atomic_inc(&ste_bin_pol.ec_cachehit_count);
        ret = ACM_ACCESS_PERMITTED;
        goto out;
    }
    atomic_inc(&ste_bin_pol.ec_eval_count);

    if (share_common_type(subj, obj)) {
        cache_result(subj, obj);
        ret = ACM_ACCESS_PERMITTED;
    } else {
        atomic_inc(&ste_bin_pol.ec_denied_count);
        ret = ACM_ACCESS_DENIED;
    }
  out:
    if (obj != NULL)
        put_domain(obj);
    if (subj != NULL)
        put_domain(subj);
    return ret;
}

static int
ste_pre_eventchannel_interdomain(domid_t id)
{
    struct domain *subj=NULL, *obj=NULL;
    int ret;

    traceprintk("%s: dom%x-->dom%x.\n", __func__,
                current->domain->domain_id,
                (id == DOMID_SELF) ? current->domain->domain_id : id);

    /* following is a bit longer but ensures that we
     * "put" only domains that we where "find"-ing 
     */
    if (id == DOMID_SELF) id = current->domain->domain_id;

    subj = current->domain;
    obj  = find_domain_by_id(id);
    if (obj == NULL) {
        ret = ACM_ACCESS_DENIED;
        goto out;
    }

    /* cache check late, but evtchn is not on performance critical path */
    if (check_cache(subj, obj->domain_id)) {
        atomic_inc(&ste_bin_pol.ec_cachehit_count);
        ret = ACM_ACCESS_PERMITTED;
        goto out;
    }

    atomic_inc(&ste_bin_pol.ec_eval_count);

    if (share_common_type(subj, obj)) {
        cache_result(subj, obj);
        ret = ACM_ACCESS_PERMITTED;
    } else {
        atomic_inc(&ste_bin_pol.ec_denied_count);
        ret = ACM_ACCESS_DENIED;
    }
 out:
    if (obj != NULL)
        put_domain(obj);
    return ret;
}

/* -------- SHARED MEMORY OPERATIONS -----------*/

static int
ste_pre_grant_map_ref (domid_t id) {
    struct domain *obj, *subj;
    int ret;
    traceprintk("%s: dom%x-->dom%x.\n", __func__,
                current->domain->domain_id, id);

    if (check_cache(current->domain, id)) {
        atomic_inc(&ste_bin_pol.gt_cachehit_count);
        return ACM_ACCESS_PERMITTED;
    }
    atomic_inc(&ste_bin_pol.gt_eval_count);
    subj = current->domain;
    obj = find_domain_by_id(id);

    if (share_common_type(subj, obj)) {
        cache_result(subj, obj);
        ret = ACM_ACCESS_PERMITTED;
    } else {
        atomic_inc(&ste_bin_pol.gt_denied_count);
        printkd("%s: ACCESS DENIED!\n", __func__);
        ret = ACM_ACCESS_DENIED;
    }
    if (obj != NULL)
        put_domain(obj);
    return ret;
}


/* since setting up grant tables involves some implicit information
   flow from the creating domain to the domain that is setup, we 
   check types in addition to the general authorization */
static int
ste_pre_grant_setup (domid_t id) {
    struct domain *obj, *subj;
    int ret;
    traceprintk("%s: dom%x-->dom%x.\n", __func__,
                current->domain->domain_id, id);

    if (check_cache(current->domain, id)) {
        atomic_inc(&ste_bin_pol.gt_cachehit_count);
        return ACM_ACCESS_PERMITTED;
    }
    atomic_inc(&ste_bin_pol.gt_eval_count);
    /* a) check authorization (eventually use specific capabilities) */
    if (!IS_PRIV(current->domain)) {
        printk("%s: Grant table management authorization denied ERROR!\n", __func__);
        return ACM_ACCESS_DENIED;
    }
    /* b) check types */
    subj = current->domain;
    obj = find_domain_by_id(id);

    if (share_common_type(subj, obj)) {
        cache_result(subj, obj);
        ret = ACM_ACCESS_PERMITTED;
    } else {
        atomic_inc(&ste_bin_pol.gt_denied_count);
        ret = ACM_ACCESS_DENIED;
    }
    if (obj != NULL)
        put_domain(obj);
    return ret;
}

/* -------- DOMAIN-Requested Decision hooks -----------*/

static int
ste_sharing(ssidref_t ssidref1, ssidref_t ssidref2) {
    if (have_common_type (
        GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref1),
        GET_SSIDREF(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY, ssidref2)
        ))
        return ACM_ACCESS_PERMITTED;
    else
        return ACM_ACCESS_DENIED;
}


/* now define the hook structure similarly to LSM */
struct acm_operations acm_simple_type_enforcement_ops = {

    /* policy management services */
    .init_domain_ssid  = ste_init_domain_ssid,
    .free_domain_ssid  = ste_free_domain_ssid,
    .dump_binary_policy     = ste_dump_policy,
    .set_binary_policy      = ste_set_policy,
    .dump_statistics  = ste_dump_stats,
    .dump_ssid_types        = ste_dump_ssid_types,

    /* domain management control hooks */
    .pre_domain_create       = ste_pre_domain_create,
    .post_domain_create     = NULL,
    .fail_domain_create     = NULL,
    .post_domain_destroy    = ste_post_domain_destroy,

    /* event channel control hooks */
    .pre_eventchannel_unbound   = ste_pre_eventchannel_unbound,
    .fail_eventchannel_unbound = NULL,
    .pre_eventchannel_interdomain = ste_pre_eventchannel_interdomain,
    .fail_eventchannel_interdomain  = NULL,

    /* grant table control hooks */
    .pre_grant_map_ref      = ste_pre_grant_map_ref,
    .fail_grant_map_ref     = NULL,
    .pre_grant_setup        = ste_pre_grant_setup,
    .fail_grant_setup       = NULL,
    .sharing                = ste_sharing,
};

/*
 * Local variables:
 * mode: C
 * c-set-style: "BSD"
 * c-basic-offset: 4
 * tab-width: 4
 * indent-tabs-mode: nil
 * End:
 */
a>
<a id='n609' href='#n609'>609</a>
<a id='n610' href='#n610'>610</a>
<a id='n611' href='#n611'>611</a>
<a id='n612' href='#n612'>612</a>
<a id='n613' href='#n613'>613</a>
<a id='n614' href='#n614'>614</a>
<a id='n615' href='#n615'>615</a>
<a id='n616' href='#n616'>616</a>
<a id='n617' href='#n617'>617</a>
<a id='n618' href='#n618'>618</a>
<a id='n619' href='#n619'>619</a>
<a id='n620' href='#n620'>620</a>
<a id='n621' href='#n621'>621</a>
<a id='n622' href='#n622'>622</a>
<a id='n623' href='#n623'>623</a>
<a id='n624' href='#n624'>624</a>
<a id='n625' href='#n625'>625</a>
<a id='n626' href='#n626'>626</a>
<a id='n627' href='#n627'>627</a>
<a id='n628' href='#n628'>628</a>
<a id='n629' href='#n629'>629</a>
<a id='n630' href='#n630'>630</a>
<a id='n631' href='#n631'>631</a>
<a id='n632' href='#n632'>632</a>
<a id='n633' href='#n633'>633</a>
<a id='n634' href='#n634'>634</a>
<a id='n635' href='#n635'>635</a>
<a id='n636' href='#n636'>636</a>
<a id='n637' href='#n637'>637</a>
<a id='n638' href='#n638'>638</a>
<a id='n639' href='#n639'>639</a>
<a id='n640' href='#n640'>640</a>
<a id='n641' href='#n641'>641</a>
<a id='n642' href='#n642'>642</a>
<a id='n643' href='#n643'>643</a>
<a id='n644' href='#n644'>644</a>
<a id='n645' href='#n645'>645</a>
<a id='n646' href='#n646'>646</a>
<a id='n647' href='#n647'>647</a>
<a id='n648' href='#n648'>648</a>
<a id='n649' href='#n649'>649</a>
<a id='n650' href='#n650'>650</a>
<a id='n651' href='#n651'>651</a>
<a id='n652' href='#n652'>652</a>
<a id='n653' href='#n653'>653</a>
<a id='n654' href='#n654'>654</a>
<a id='n655' href='#n655'>655</a>
<a id='n656' href='#n656'>656</a>
<a id='n657' href='#n657'>657</a>
<a id='n658' href='#n658'>658</a>
<a id='n659' href='#n659'>659</a>
<a id='n660' href='#n660'>660</a>
<a id='n661' href='#n661'>661</a>
<a id='n662' href='#n662'>662</a>
<a id='n663' href='#n663'>663</a>
<a id='n664' href='#n664'>664</a>
<a id='n665' href='#n665'>665</a>
<a id='n666' href='#n666'>666</a>
<a id='n667' href='#n667'>667</a>
<a id='n668' href='#n668'>668</a>
<a id='n669' href='#n669'>669</a>
<a id='n670' href='#n670'>670</a>
<a id='n671' href='#n671'>671</a>
<a id='n672' href='#n672'>672</a>
<a id='n673' href='#n673'>673</a>
<a id='n674' href='#n674'>674</a>
<a id='n675' href='#n675'>675</a>
<a id='n676' href='#n676'>676</a>
<a id='n677' href='#n677'>677</a>
<a id='n678' href='#n678'>678</a>
<a id='n679' href='#n679'>679</a>
<a id='n680' href='#n680'>680</a>
<a id='n681' href='#n681'>681</a>
<a id='n682' href='#n682'>682</a>
<a id='n683' href='#n683'>683</a>
<a id='n684' href='#n684'>684</a>
<a id='n685' href='#n685'>685</a>
<a id='n686' href='#n686'>686</a>
<a id='n687' href='#n687'>687</a>
<a id='n688' href='#n688'>688</a>
<a id='n689' href='#n689'>689</a>
<a id='n690' href='#n690'>690</a>
<a id='n691' href='#n691'>691</a>
<a id='n692' href='#n692'>692</a>
<a id='n693' href='#n693'>693</a>
<a id='n694' href='#n694'>694</a>
<a id='n695' href='#n695'>695</a>
<a id='n696' href='#n696'>696</a>
<a id='n697' href='#n697'>697</a>
<a id='n698' href='#n698'>698</a>
<a id='n699' href='#n699'>699</a>
<a id='n700' href='#n700'>700</a>
<a id='n701' href='#n701'>701</a>
<a id='n702' href='#n702'>702</a>
<a id='n703' href='#n703'>703</a>
<a id='n704' href='#n704'>704</a>
<a id='n705' href='#n705'>705</a>
<a id='n706' href='#n706'>706</a>
<a id='n707' href='#n707'>707</a>
<a id='n708' href='#n708'>708</a>
<a id='n709' href='#n709'>709</a>
<a id='n710' href='#n710'>710</a>
<a id='n711' href='#n711'>711</a>
<a id='n712' href='#n712'>712</a>
<a id='n713' href='#n713'>713</a>
<a id='n714' href='#n714'>714</a>
<a id='n715' href='#n715'>715</a>
<a id='n716' href='#n716'>716</a>
<a id='n717' href='#n717'>717</a>
<a id='n718' href='#n718'>718</a>
<a id='n719' href='#n719'>719</a>
<a id='n720' href='#n720'>720</a>
<a id='n721' href='#n721'>721</a>
<a id='n722' href='#n722'>722</a>
<a id='n723' href='#n723'>723</a>
<a id='n724' href='#n724'>724</a>
<a id='n725' href='#n725'>725</a>
<a id='n726' href='#n726'>726</a>
</pre></td>
<td class='lines'><pre><code><style>pre { line-height: 125%; margin: 0; }
td.linenos pre { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }
span.linenos { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }
td.linenos pre.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight { background: #ffffff; }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */
.highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */
.highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */
.highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */
.highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */
.highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */
.highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */
.highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */
.highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */
.highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */
.highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */
.highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */
.highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */
.highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */
.highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */
.highlight .vc { color: #336699 } /* Name.Variable.Class */
.highlight .vg { color: #dd7700 } /* Name.Variable.Global */
.highlight .vi { color: #3333bb } /* Name.Variable.Instance */
.highlight .vm { color: #336699 } /* Name.Variable.Magic */
.highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */</style><div class="highlight"><pre><span></span><span class="cm">/*</span>
<span class="cm"> * netlink/attr.h		Netlink Attributes</span>
<span class="cm"> *</span>
<span class="cm"> *	This library is free software; you can redistribute it and/or</span>
<span class="cm"> *	modify it under the terms of the GNU Lesser General Public</span>
<span class="cm"> *	License as published by the Free Software Foundation version 2.1</span>
<span class="cm"> *	of the License.</span>
<span class="cm"> *</span>
<span class="cm"> * Copyright (c) 2003-2008 Thomas Graf &lt;tgraf@suug.ch&gt;</span>
<span class="cm"> */</span>

<span class="cp">#ifndef NETLINK_ATTR_H_</span>
<span class="cp">#define NETLINK_ATTR_H_</span>

<span class="cp">#include</span> <span class="cpf">&lt;netlink/netlink.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;netlink/object.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;netlink/addr.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;netlink/data.h&gt;</span><span class="cp"></span>
<span class="cp">#include</span> <span class="cpf">&lt;netlink/msg.h&gt;</span><span class="cp"></span>

<span class="cp">#ifdef __cplusplus</span>
<span class="k">extern</span> <span class="s">&quot;C&quot;</span> <span class="p">{</span>
<span class="cp">#endif</span>

<span class="k">struct</span> <span class="nc">nl_msg</span><span class="p">;</span>

<span class="cm">/**</span>
<span class="cm"> * @name Basic Attribute Data Types</span>
<span class="cm"> * @{</span>
<span class="cm"> */</span>

 <span class="cm">/**</span>
<span class="cm">  * @ingroup attr</span>
<span class="cm">  * Basic attribute data types</span>
<span class="cm">  *</span>
<span class="cm">  * See \ref attr_datatypes for more details.</span>
<span class="cm">  */</span>
<span class="k">enum</span> <span class="p">{</span>
	<span class="n">NLA_UNSPEC</span><span class="p">,</span>	<span class="cm">/**&lt; Unspecified type, binary data chunk */</span>
	<span class="n">NLA_U8</span><span class="p">,</span>		<span class="cm">/**&lt; 8 bit integer */</span>
	<span class="n">NLA_U16</span><span class="p">,</span>	<span class="cm">/**&lt; 16 bit integer */</span>
	<span class="n">NLA_U32</span><span class="p">,</span>	<span class="cm">/**&lt; 32 bit integer */</span>
	<span class="n">NLA_U64</span><span class="p">,</span>	<span class="cm">/**&lt; 64 bit integer */</span>
	<span class="n">NLA_STRING</span><span class="p">,</span>	<span class="cm">/**&lt; NUL terminated character string */</span>
	<span class="n">NLA_FLAG</span><span class="p">,</span>	<span class="cm">/**&lt; Flag */</span>
	<span class="n">NLA_MSECS</span><span class="p">,</span>	<span class="cm">/**&lt; Micro seconds (64bit) */</span>
	<span class="n">NLA_NESTED</span><span class="p">,</span>	<span class="cm">/**&lt; Nested attributes */</span>
	<span class="n">__NLA_TYPE_MAX</span><span class="p">,</span>
<span class="p">};</span>

<span class="cp">#define NLA_TYPE_MAX (__NLA_TYPE_MAX - 1)</span>

<span class="cm">/** @} */</span>

<span class="cm">/**</span>
<span class="cm"> * @ingroup attr</span>
<span class="cm"> * Attribute validation policy.</span>
<span class="cm"> *</span>
<span class="cm"> * See \ref attr_datatypes for more details.</span>
<span class="cm"> */</span>
<span class="k">struct</span> <span class="nc">nla_policy</span> <span class="p">{</span>
	<span class="cm">/** Type of attribute or NLA_UNSPEC */</span>
	<span class="kt">uint16_t</span>	<span class="n">type</span><span class="p">;</span>

	<span class="cm">/** Minimal length of payload required */</span>
	<span class="kt">uint16_t</span>	<span class="n">minlen</span><span class="p">;</span>

	<span class="cm">/** Maximal length of payload allowed */</span>
	<span class="kt">uint16_t</span>	<span class="n">maxlen</span><span class="p">;</span>
<span class="p">};</span>

<span class="cm">/* Attribute parsing */</span>
<span class="k">extern</span> <span class="kt">int</span>		<span class="n">nla_ok</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span><span class="p">);</span>
<span class="k">extern</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span>	<span class="n">nla_next</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span> <span class="o">*</span><span class="p">);</span>
<span class="k">extern</span> <span class="kt">int</span>		<span class="n">nla_parse</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">**</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">,</span>
				  <span class="kt">int</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nla_policy</span> <span class="o">*</span><span class="p">);</span>
<span class="k">extern</span> <span class="kt">int</span>		<span class="n">nla_validate</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span>
				     <span class="k">struct</span> <span class="nc">nla_policy</span> <span class="o">*</span><span class="p">);</span>
<span class="k">extern</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span>	<span class="n">nla_find</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="p">);</span>

<span class="cm">/* Unspecific attribute */</span>
<span class="k">extern</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span>	<span class="n">nla_reserve</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="p">);</span>
<span class="k">extern</span> <span class="kt">int</span>		<span class="n">nla_put</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="p">,</span> <span class="k">const</span> <span class="kt">void</span> <span class="o">*</span><span class="p">);</span>

<span class="cm">/**</span>
<span class="cm"> * nlmsg_find_attr - find a specific attribute in a netlink message</span>
<span class="cm"> * @arg nlh		netlink message header</span>
<span class="cm"> * @arg hdrlen		length of familiy specific header</span>
<span class="cm"> * @arg attrtype	type of attribute to look for</span>
<span class="cm"> *</span>
<span class="cm"> * Returns the first attribute which matches the specified type.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nlmsg_find_attr</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlmsghdr</span> <span class="o">*</span><span class="n">nlh</span><span class="p">,</span> <span class="kt">int</span> <span class="n">hdrlen</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_find</span><span class="p">(</span><span class="n">nlmsg_attrdata</span><span class="p">(</span><span class="n">nlh</span><span class="p">,</span> <span class="n">hdrlen</span><span class="p">),</span>
			<span class="n">nlmsg_attrlen</span><span class="p">(</span><span class="n">nlh</span><span class="p">,</span> <span class="n">hdrlen</span><span class="p">),</span> <span class="n">attrtype</span><span class="p">);</span>
<span class="p">}</span>


<span class="cm">/**</span>
<span class="cm"> * Return size of attribute whithout padding.</span>
<span class="cm"> * @arg payload		Payload length of attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @code</span>
<span class="cm"> *    &lt;-------- nla_attr_size(payload) ---------&gt;</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> *   | Attribute Header | Pad |     Payload      | Pad |</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> * @endcode</span>
<span class="cm"> *</span>
<span class="cm"> * @return Size of attribute in bytes without padding.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_attr_size</span><span class="p">(</span><span class="kt">int</span> <span class="n">payload</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="n">NLA_HDRLEN</span> <span class="o">+</span> <span class="n">payload</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return size of attribute including padding.</span>
<span class="cm"> * @arg payload		Payload length of attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @code</span>
<span class="cm"> *    &lt;----------- nla_total_size(payload) -----------&gt;</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> *   | Attribute Header | Pad |     Payload      | Pad |</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> * @endcode</span>
<span class="cm"> *</span>
<span class="cm"> * @return Size of attribute in bytes.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_total_size</span><span class="p">(</span><span class="kt">int</span> <span class="n">payload</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">NLA_ALIGN</span><span class="p">(</span><span class="n">nla_attr_size</span><span class="p">(</span><span class="n">payload</span><span class="p">));</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return length of padding at the tail of the attribute.</span>
<span class="cm"> * @arg payload		Payload length of attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @code</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> *   | Attribute Header | Pad |     Payload      | Pad |</span>
<span class="cm"> *   +------------------+- - -+- - - - - - - - - +- - -+</span>
<span class="cm"> *                                                &lt;---&gt;  </span>
<span class="cm"> * @endcode</span>
<span class="cm"> *</span>
<span class="cm"> * @return Length of padding in bytes.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_padlen</span><span class="p">(</span><span class="kt">int</span> <span class="n">payload</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_total_size</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="o">-</span> <span class="n">nla_attr_size</span><span class="p">(</span><span class="n">payload</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return type of the attribute.</span>
<span class="cm"> * @arg nla		Attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Type of attribute.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_type</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="n">nla</span><span class="o">-&gt;</span><span class="n">nla_type</span> <span class="o">&amp;</span> <span class="n">NLA_TYPE_MASK</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return pointer to the payload section.</span>
<span class="cm"> * @arg nla		Attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Pointer to start of payload section.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">void</span> <span class="o">*</span><span class="n">nla_data</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="p">(</span><span class="kt">char</span> <span class="o">*</span><span class="p">)</span> <span class="n">nla</span> <span class="o">+</span> <span class="n">NLA_HDRLEN</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return length of the payload .</span>
<span class="cm"> * @arg nla		Attribute</span>
<span class="cm"> *</span>
<span class="cm"> * @return Length of payload in bytes.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_len</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="n">nla</span><span class="o">-&gt;</span><span class="n">nla_len</span> <span class="o">-</span> <span class="n">NLA_HDRLEN</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Copy attribute payload to another memory area.</span>
<span class="cm"> * @arg dest		Pointer to destination memory area.</span>
<span class="cm"> * @arg src		Attribute</span>
<span class="cm"> * @arg count		Number of bytes to copy at most.</span>
<span class="cm"> *</span>
<span class="cm"> * Note: The number of bytes copied is limited by the length of</span>
<span class="cm"> *       the attribute payload.</span>
<span class="cm"> *</span>
<span class="cm"> * @return The number of bytes copied to dest.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_memcpy</span><span class="p">(</span><span class="kt">void</span> <span class="o">*</span><span class="n">dest</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">src</span><span class="p">,</span> <span class="kt">int</span> <span class="n">count</span><span class="p">)</span>
<span class="p">{</span>
	<span class="kt">int</span> <span class="n">minlen</span><span class="p">;</span>

	<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="n">src</span><span class="p">)</span>
		<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
	
	<span class="n">minlen</span> <span class="o">=</span> <span class="n">min_t</span><span class="p">(</span><span class="kt">int</span><span class="p">,</span> <span class="n">count</span><span class="p">,</span> <span class="n">nla_len</span><span class="p">(</span><span class="n">src</span><span class="p">));</span>
	<span class="n">memcpy</span><span class="p">(</span><span class="n">dest</span><span class="p">,</span> <span class="n">nla_data</span><span class="p">(</span><span class="n">src</span><span class="p">),</span> <span class="n">minlen</span><span class="p">);</span>

	<span class="k">return</span> <span class="n">minlen</span><span class="p">;</span>
<span class="p">}</span>


<span class="cm">/**</span>
<span class="cm"> * Add abstract data as unspecific attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg data		Abstract data object.</span>
<span class="cm"> *</span>
<span class="cm"> * Equivalent to nla_put() except that the length of the payload is</span>
<span class="cm"> * derived from the abstract data object.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_data</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nl_data</span> <span class="o">*</span><span class="n">data</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="n">nl_data_get_size</span><span class="p">(</span><span class="n">data</span><span class="p">),</span>
		       <span class="n">nl_data_get</span><span class="p">(</span><span class="n">data</span><span class="p">));</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add abstract address as unspecific attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg addr		Abstract address object.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_addr</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nl_addr</span> <span class="o">*</span><span class="n">addr</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="n">nl_addr_get_len</span><span class="p">(</span><span class="n">addr</span><span class="p">),</span>
		       <span class="n">nl_addr_get_binary_addr</span><span class="p">(</span><span class="n">addr</span><span class="p">));</span>
<span class="p">}</span>

<span class="cm">/** @} */</span>

<span class="cm">/**</span>
<span class="cm"> * @name Integer Attributes</span>
<span class="cm"> */</span>

<span class="cm">/**</span>
<span class="cm"> * Add 8 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value to store as payload.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_u8</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="kt">uint8_t</span> <span class="n">value</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="kt">uint8_t</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">value</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return value of 8 bit integer attribute.</span>
<span class="cm"> * @arg nla		8 bit integer attribute</span>
<span class="cm"> *</span>
<span class="cm"> * @return Payload as 8 bit integer.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">uint8_t</span> <span class="n">nla_get_u8</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="o">*</span><span class="p">(</span><span class="kt">uint8_t</span> <span class="o">*</span><span class="p">)</span> <span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add 16 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value to store as payload.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_u16</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="kt">uint16_t</span> <span class="n">value</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="kt">uint16_t</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">value</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return payload of 16 bit integer attribute.</span>
<span class="cm"> * @arg nla		16 bit integer attribute</span>
<span class="cm"> *</span>
<span class="cm"> * @return Payload as 16 bit integer.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">uint16_t</span> <span class="n">nla_get_u16</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="o">*</span><span class="p">(</span><span class="kt">uint16_t</span> <span class="o">*</span><span class="p">)</span> <span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add 32 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value to store as payload.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_u32</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="kt">uint32_t</span> <span class="n">value</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="kt">uint32_t</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">value</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return payload of 32 bit integer attribute.</span>
<span class="cm"> * @arg nla		32 bit integer attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Payload as 32 bit integer.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">uint32_t</span> <span class="n">nla_get_u32</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="o">*</span><span class="p">(</span><span class="kt">uint32_t</span> <span class="o">*</span><span class="p">)</span> <span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add 64 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value to store as payload.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_u64</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="kt">uint64_t</span> <span class="n">value</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="kt">uint64_t</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">value</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return payload of u64 attribute</span>
<span class="cm"> * @arg nla		u64 netlink attribute</span>
<span class="cm"> *</span>
<span class="cm"> * @return Payload as 64 bit integer.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">uint64_t</span> <span class="n">nla_get_u64</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="kt">uint64_t</span> <span class="n">tmp</span><span class="p">;</span>

	<span class="n">nla_memcpy</span><span class="p">(</span><span class="o">&amp;</span><span class="n">tmp</span><span class="p">,</span> <span class="n">nla</span><span class="p">,</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">tmp</span><span class="p">));</span>

	<span class="k">return</span> <span class="n">tmp</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add string attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg str		NUL terminated string.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_string</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">str</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="n">strlen</span><span class="p">(</span><span class="n">str</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">str</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return payload of string attribute.</span>
<span class="cm"> * @arg nla		String attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Pointer to attribute payload.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">char</span> <span class="o">*</span><span class="n">nla_get_string</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="p">(</span><span class="kt">char</span> <span class="o">*</span><span class="p">)</span> <span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
<span class="p">}</span>

<span class="k">static</span> <span class="kr">inline</span> <span class="kt">char</span> <span class="o">*</span><span class="n">nla_strdup</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">strdup</span><span class="p">(</span><span class="n">nla_get_string</span><span class="p">(</span><span class="n">nla</span><span class="p">));</span>
<span class="p">}</span>

<span class="cm">/** @} */</span>

<span class="cm">/**</span>
<span class="cm"> * @name Flag Attribute</span>
<span class="cm"> */</span>

<span class="cm">/**</span>
<span class="cm"> * Add flag netlink attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_flag</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return true if flag attribute is set.</span>
<span class="cm"> * @arg nla		Flag netlink attribute.</span>
<span class="cm"> *</span>
<span class="cm"> * @return True if flag is set, otherwise false.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_get_flag</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="o">!!</span><span class="n">nla</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/** @} */</span>

<span class="cm">/**</span>
<span class="cm"> * @name Microseconds Attribute</span>
<span class="cm"> */</span>

<span class="cm">/**</span>
<span class="cm"> * Add a msecs netlink attribute to a netlink message</span>
<span class="cm"> * @arg n		netlink message</span>
<span class="cm"> * @arg attrtype	attribute type</span>
<span class="cm"> * @arg msecs 		number of msecs</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_msecs</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">n</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="kt">unsigned</span> <span class="kt">long</span> <span class="n">msecs</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put_u64</span><span class="p">(</span><span class="n">n</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="n">msecs</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Return payload of msecs attribute</span>
<span class="cm"> * @arg nla		msecs netlink attribute</span>
<span class="cm"> *</span>
<span class="cm"> * @return the number of milliseconds.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">unsigned</span> <span class="kt">long</span> <span class="n">nla_get_msecs</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_get_u64</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Add nested attributes to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg nested		Message containing attributes to be nested.</span>
<span class="cm"> *</span>
<span class="cm"> * Takes the attributes found in the \a nested message and appends them</span>
<span class="cm"> * to the message \a msg nested in a container of the type \a attrtype.</span>
<span class="cm"> * The \a nested message may not have a family specific header.</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_put</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_put_nested</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">nested</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="n">nlmsg_len</span><span class="p">(</span><span class="n">nested</span><span class="o">-&gt;</span><span class="n">nm_nlh</span><span class="p">),</span>
		       <span class="n">nlmsg_data</span><span class="p">(</span><span class="n">nested</span><span class="o">-&gt;</span><span class="n">nm_nlh</span><span class="p">));</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Start a new level of nested attributes.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type of container.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Pointer to container attribute.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla_nest_start</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="kt">int</span> <span class="n">attrtype</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">start</span> <span class="o">=</span> <span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">)</span> <span class="n">nlmsg_tail</span><span class="p">(</span><span class="n">msg</span><span class="o">-&gt;</span><span class="n">nm_nlh</span><span class="p">);</span>

	<span class="k">if</span> <span class="p">(</span><span class="n">nla_put</span><span class="p">(</span><span class="n">msg</span><span class="p">,</span> <span class="n">attrtype</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nb">NULL</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">0</span><span class="p">)</span>
		<span class="k">return</span> <span class="nb">NULL</span><span class="p">;</span>

	<span class="k">return</span> <span class="n">start</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Finalize nesting of attributes.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg start		Container attribute as returned from nla_nest_start().</span>
<span class="cm"> *</span>
<span class="cm"> * Corrects the container attribute header to include the appeneded attributes.</span>
<span class="cm"> *</span>
<span class="cm"> * @return 0</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_nest_end</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nl_msg</span> <span class="o">*</span><span class="n">msg</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">start</span><span class="p">)</span>
<span class="p">{</span>
	<span class="n">start</span><span class="o">-&gt;</span><span class="n">nla_len</span> <span class="o">=</span> <span class="p">(</span><span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="p">)</span> <span class="n">nlmsg_tail</span><span class="p">(</span><span class="n">msg</span><span class="o">-&gt;</span><span class="n">nm_nlh</span><span class="p">)</span> <span class="o">-</span>
				<span class="p">(</span><span class="kt">unsigned</span> <span class="kt">char</span> <span class="o">*</span><span class="p">)</span> <span class="n">start</span><span class="p">;</span>
	<span class="k">return</span> <span class="mi">0</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Create attribute index based on nested attribute</span>
<span class="cm"> * @arg tb		Index array to be filled (maxtype+1 elements).</span>
<span class="cm"> * @arg maxtype		Maximum attribute type expected and accepted.</span>
<span class="cm"> * @arg nla		Nested Attribute.</span>
<span class="cm"> * @arg policy		Attribute validation policy.</span>
<span class="cm"> *</span>
<span class="cm"> * Feeds the stream of attributes nested into the specified attribute</span>
<span class="cm"> * to nla_parse().</span>
<span class="cm"> *</span>
<span class="cm"> * @see nla_parse</span>
<span class="cm"> * @return 0 on success or a negative error code.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_parse_nested</span><span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">tb</span><span class="p">[],</span> <span class="kt">int</span> <span class="n">maxtype</span><span class="p">,</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">,</span>
		     <span class="k">struct</span> <span class="nc">nla_policy</span> <span class="o">*</span><span class="n">policy</span><span class="p">)</span>
<span class="p">{</span>
	<span class="k">return</span> <span class="nf">nla_parse</span><span class="p">(</span><span class="n">tb</span><span class="p">,</span> <span class="n">maxtype</span><span class="p">,</span> <span class="p">(</span><span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="p">)</span><span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">),</span> <span class="n">nla_len</span><span class="p">(</span><span class="n">nla</span><span class="p">),</span> <span class="n">policy</span><span class="p">);</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Compare attribute payload with memory area.</span>
<span class="cm"> * @arg nla		Attribute.</span>
<span class="cm"> * @arg data		Memory area to compare to.</span>
<span class="cm"> * @arg size		Number of bytes to compare.</span>
<span class="cm"> *</span>
<span class="cm"> * @see memcmp(3)</span>
<span class="cm"> * @return An integer less than, equal to, or greater than zero.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_memcmp</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">,</span> <span class="k">const</span> <span class="kt">void</span> <span class="o">*</span><span class="n">data</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">size</span><span class="p">)</span>
<span class="p">{</span>
	<span class="kt">int</span> <span class="n">d</span> <span class="o">=</span> <span class="n">nla_len</span><span class="p">(</span><span class="n">nla</span><span class="p">)</span> <span class="o">-</span> <span class="n">size</span><span class="p">;</span>

	<span class="k">if</span> <span class="p">(</span><span class="n">d</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span>
		<span class="n">d</span> <span class="o">=</span> <span class="n">memcmp</span><span class="p">(</span><span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">),</span> <span class="n">data</span><span class="p">,</span> <span class="n">size</span><span class="p">);</span>

	<span class="k">return</span> <span class="n">d</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Compare string attribute payload with string</span>
<span class="cm"> * @arg nla		Attribute of type NLA_STRING.</span>
<span class="cm"> * @arg str		NUL terminated string.</span>
<span class="cm"> *</span>
<span class="cm"> * @see strcmp(3)</span>
<span class="cm"> * @return An integer less than, equal to, or greater than zero.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">int</span> <span class="n">nla_strcmp</span><span class="p">(</span><span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">,</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">str</span><span class="p">)</span>
<span class="p">{</span>
	<span class="kt">int</span> <span class="n">len</span> <span class="o">=</span> <span class="n">strlen</span><span class="p">(</span><span class="n">str</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span>
	<span class="kt">int</span> <span class="n">d</span> <span class="o">=</span> <span class="n">nla_len</span><span class="p">(</span><span class="n">nla</span><span class="p">)</span> <span class="o">-</span> <span class="n">len</span><span class="p">;</span>

	<span class="k">if</span> <span class="p">(</span><span class="n">d</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span>
		<span class="n">d</span> <span class="o">=</span> <span class="n">memcmp</span><span class="p">(</span><span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">),</span> <span class="n">str</span><span class="p">,</span> <span class="n">len</span><span class="p">);</span>

	<span class="k">return</span> <span class="n">d</span><span class="p">;</span>
<span class="p">}</span>

<span class="cm">/**</span>
<span class="cm"> * Copy string attribute payload to a buffer.</span>
<span class="cm"> * @arg dst		Pointer to destination buffer.</span>
<span class="cm"> * @arg nla		Attribute of type NLA_STRING.</span>
<span class="cm"> * @arg dstsize		Size of destination buffer in bytes.</span>
<span class="cm"> *</span>
<span class="cm"> * Copies at most dstsize - 1 bytes to the destination buffer.</span>
<span class="cm"> * The result is always a valid NUL terminated string. Unlike</span>
<span class="cm"> * strlcpy the destination buffer is always padded out.</span>
<span class="cm"> *</span>
<span class="cm"> * @return The length of string attribute without the terminating NUL.</span>
<span class="cm"> */</span>
<span class="k">static</span> <span class="kr">inline</span> <span class="kt">size_t</span> <span class="n">nla_strlcpy</span><span class="p">(</span><span class="kt">char</span> <span class="o">*</span><span class="n">dst</span><span class="p">,</span> <span class="k">const</span> <span class="k">struct</span> <span class="nc">nlattr</span> <span class="o">*</span><span class="n">nla</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">dstsize</span><span class="p">)</span>
<span class="p">{</span>
	<span class="kt">size_t</span> <span class="n">srclen</span> <span class="o">=</span> <span class="p">(</span><span class="kt">size_t</span><span class="p">)</span><span class="n">nla_len</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>
	<span class="kt">char</span> <span class="o">*</span><span class="n">src</span> <span class="o">=</span> <span class="p">(</span><span class="kt">char</span><span class="o">*</span><span class="p">)</span><span class="n">nla_data</span><span class="p">(</span><span class="n">nla</span><span class="p">);</span>

	<span class="k">if</span> <span class="p">(</span><span class="n">srclen</span> <span class="o">&gt;</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="n">src</span><span class="p">[</span><span class="n">srclen</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="o">==</span> <span class="sc">&#39;\0&#39;</span><span class="p">)</span>
		<span class="n">srclen</span><span class="o">--</span><span class="p">;</span>

	<span class="k">if</span> <span class="p">(</span><span class="n">dstsize</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
		<span class="kt">size_t</span> <span class="n">len</span> <span class="o">=</span> <span class="p">(</span><span class="n">srclen</span> <span class="o">&gt;=</span> <span class="n">dstsize</span><span class="p">)</span> <span class="o">?</span> <span class="n">dstsize</span> <span class="o">-</span> <span class="mi">1</span> <span class="o">:</span> <span class="n">srclen</span><span class="p">;</span>

		<span class="n">memset</span><span class="p">(</span><span class="n">dst</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="n">dstsize</span><span class="p">);</span>
		<span class="n">memcpy</span><span class="p">(</span><span class="n">dst</span><span class="p">,</span> <span class="n">src</span><span class="p">,</span> <span class="n">len</span><span class="p">);</span>
	<span class="p">}</span>

	<span class="k">return</span> <span class="n">srclen</span><span class="p">;</span>
<span class="p">}</span>


<span class="cm">/**</span>
<span class="cm"> * @name Attribute Construction (Exception Based)</span>
<span class="cm"> * @{</span>
<span class="cm"> */</span>

<span class="cm">/**</span>
<span class="cm"> * @ingroup attr</span>
<span class="cm"> * Add unspecific attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg attrlen		Length of attribute payload.</span>
<span class="cm"> * @arg data		Head of attribute payload.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT(msg, attrtype, attrlen, data) \</span>
<span class="cp">	do { \</span>
<span class="cp">		if (nla_put(msg, attrtype, attrlen, data) &lt; 0) \</span>
<span class="cp">			goto nla_put_failure; \</span>
<span class="cp">	} while(0)</span>

<span class="cm">/**</span>
<span class="cm"> * @ingroup attr</span>
<span class="cm"> * Add atomic type attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg type		Atomic type.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Head of attribute payload.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_TYPE(msg, type, attrtype, value) \</span>
<span class="cp">	do { \</span>
<span class="cp">		type __tmp = value; \</span>
<span class="cp">		NLA_PUT(msg, attrtype, sizeof(type), &amp;__tmp); \</span>
<span class="cp">	} while(0)</span>

<span class="cm">/**</span>
<span class="cm"> * Add 8 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_U8(msg, attrtype, value) \</span>
<span class="cp">	NLA_PUT_TYPE(msg, uint8_t, attrtype, value)</span>

<span class="cm">/**</span>
<span class="cm"> * Add 16 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_U16(msg, attrtype, value) \</span>
<span class="cp">	NLA_PUT_TYPE(msg, uint16_t, attrtype, value)</span>

<span class="cm">/**</span>
<span class="cm"> * Add 32 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_U32(msg, attrtype, value) \</span>
<span class="cp">	NLA_PUT_TYPE(msg, uint32_t, attrtype, value)</span>

<span class="cm">/**</span>
<span class="cm"> * Add 64 bit integer attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		Numeric value.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_U64(msg, attrtype, value) \</span>
<span class="cp">	NLA_PUT_TYPE(msg, uint64_t, attrtype, value)</span>

<span class="cm">/**</span>
<span class="cm"> * Add string attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg value		NUL terminated character string.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_STRING(msg, attrtype, value) \</span>
<span class="cp">	NLA_PUT(msg, attrtype, strlen(value) + 1, value)</span>

<span class="cm">/**</span>
<span class="cm"> * Add flag attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_FLAG(msg, attrtype) \</span>
<span class="cp">	NLA_PUT(msg, attrtype, 0, NULL)</span>

<span class="cm">/**</span>
<span class="cm"> * Add msecs attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg msecs		Numeric value in micro seconds.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_MSECS(msg, attrtype, msecs) \</span>
<span class="cp">	NLA_PUT_U64(msg, attrtype, msecs)</span>

<span class="cm">/**</span>
<span class="cm"> * Add address attribute to netlink message.</span>
<span class="cm"> * @arg msg		Netlink message.</span>
<span class="cm"> * @arg attrtype	Attribute type.</span>
<span class="cm"> * @arg addr		Abstract address object.</span>
<span class="cm"> */</span>
<span class="cp">#define NLA_PUT_ADDR(msg, attrtype, addr) \</span>
<span class="cp">	NLA_PUT(msg, attrtype, nl_addr_get_len(addr), \</span>
<span class="cp">		nl_addr_get_binary_addr(addr))</span>

<span class="cm">/** @} */</span>

<span class="cm">/**</span>
<span class="cm"> * @name Iterators</span>
<span class="cm"> * @{</span>
<span class="cm"> */</span>

<span class="cm">/**</span>
<span class="cm"> * @ingroup attr</span>
<span class="cm"> * Iterate over a stream of attributes</span>
<span class="cm"> * @arg pos	loop counter, set to current attribute</span>
<span class="cm"> * @arg head	head of attribute stream</span>
<span class="cm"> * @arg len	length of attribute stream</span>
<span class="cm"> * @arg rem	initialized to len, holds bytes currently remaining in stream</span>
<span class="cm"> */</span>
<span class="cp">#define nla_for_each_attr(pos, head, len, rem) \</span>
<span class="cp">	for (pos = head, rem = len; \</span>
<span class="cp">	     nla_ok(pos, rem); \</span>
<span class="cp">	     pos = nla_next(pos, &amp;(rem)))</span>

<span class="cm">/**</span>
<span class="cm"> * @ingroup attr</span>
<span class="cm"> * Iterate over a stream of nested attributes</span>
<span class="cm"> * @arg pos	loop counter, set to current attribute</span>
<span class="cm"> * @arg nla	attribute containing the nested attributes</span>
<span class="cm"> * @arg rem	initialized to len, holds bytes currently remaining in stream</span>
<span class="cm"> */</span>
<span class="cp">#define nla_for_each_nested(pos, nla, rem) \</span>
<span class="cp">	for (pos = (struct nlattr *)nla_data(nla), rem = nla_len(nla); \</span>
<span class="cp">	     nla_ok(pos, rem); \</span>
<span class="cp">	     pos = nla_next(pos, &amp;(rem)))</span>

<span class="cm">/** @} */</span>

<span class="cp">#ifdef __cplusplus</span>
<span class="p">}</span>
<span class="cp">#endif</span>

<span class="cp">#endif</span>
</pre></div>
</code></pre></td></tr></table>
</div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.2.3</a> (<a href='https://git-scm.com/'>git 2.25.1</a>) at 2026-02-21 16:12:23 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>