xfrmnetlink/state/
delete.rs

1// SPDX-License-Identifier: MIT
2
3use futures::stream::StreamExt;
4use std::net::IpAddr;
5
6use crate::{try_nl, Error, Handle};
7use netlink_packet_core::{NetlinkMessage, NLM_F_ACK, NLM_F_REQUEST};
8use netlink_packet_xfrm::{state::DelGetMessage, Address, Mark, XfrmAttrs, XfrmMessage};
9
10/// A request to delete xfrm state. This is equivalent to the `ip xfrm state delete` command.
11#[non_exhaustive]
12pub struct StateDeleteRequest {
13    handle: Handle,
14    message: DelGetMessage,
15}
16
17impl StateDeleteRequest {
18    pub(crate) fn new(handle: Handle, src_addr: IpAddr, dst_addr: IpAddr) -> Self {
19        let mut message = DelGetMessage::default();
20
21        message
22            .nlas
23            .push(XfrmAttrs::SrcAddr(Address::from_ip(&src_addr)));
24
25        message.user_sa_id.destination(&dst_addr);
26
27        StateDeleteRequest { handle, message }
28    }
29
30    pub fn protocol(mut self, protocol: u8) -> Self {
31        self.message.user_sa_id.proto = protocol;
32        self
33    }
34    pub fn spi(mut self, spi: u32) -> Self {
35        self.message.user_sa_id.spi = spi;
36        self
37    }
38
39    // Delete and Get won't work to find/retrieve the state in the kernel
40    // if mask is set incorrectly during the state Add. i.e. if the mask
41    // is set in such a way that it doesn't cover the mark, a full flush
42    // may be needed to delete it.
43    pub fn mark(mut self, mark: u32, mask: u32) -> Self {
44        self.message
45            .nlas
46            .push(XfrmAttrs::Mark(Mark { value: mark, mask }));
47        self
48    }
49
50    /// Execute the request.
51    pub async fn execute(self) -> Result<(), Error> {
52        let StateDeleteRequest {
53            mut handle,
54            message,
55        } = self;
56
57        let mut req = NetlinkMessage::from(XfrmMessage::DeleteSa(message));
58        req.header.flags = NLM_F_REQUEST | NLM_F_ACK;
59
60        let mut response = handle.request(req)?;
61
62        while let Some(message) = response.next().await {
63            try_nl!(message);
64        }
65        Ok(())
66    }
67
68    /// Execute the request without waiting for an ACK response.
69    pub fn execute_noack(self) -> Result<(), Error> {
70        let StateDeleteRequest {
71            mut handle,
72            message,
73        } = self;
74
75        let mut req = NetlinkMessage::from(XfrmMessage::DeleteSa(message));
76        req.header.flags = NLM_F_REQUEST;
77
78        let mut _response = handle.request(req)?;
79
80        Ok(())
81    }
82
83    /// Return a mutable reference to the request message.
84    pub fn message_mut(&mut self) -> &mut DelGetMessage {
85        &mut self.message
86    }
87}