C代码示例：使用XFRM_MSG_NEWSA新增SA

下面是一个使用XFRM_MSG_NEWSA新增SA的C代码示例：

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include <linux/xfrm.h>

#define SA_SIZE sizeof(struct sockaddr_in)

int main() {
    int sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
    if (sock_fd < 0) {
        perror("Failed to create socket");
        exit(EXIT_FAILURE);
    }

    struct xfrm_usersa_info sa_info;
    memset(&sa_info, 0, sizeof(sa_info));
    sa_info.family = AF_INET;
    sa_info.saddr_src.sa_family = AF_INET;
    sa_info.saddr_dst.sa_family = AF_INET;
    sa_info.id.proto = IPPROTO_ESP;
    sa_info.id.spi = 1234;
    sa_info.algo = 'cbc(aes)';
    sa_info.mode = XFRM_MODE_TUNNEL;
    sa_info.reqid = 100;

    struct sockaddr_in src, dst;
    memset(&src, 0, SA_SIZE);
    src.sin_family = AF_INET;
    src.sin_addr.s_addr = inet_addr('192.168.1.1');
    src.sin_port = 0;
    sa_info.saddr_src = *(struct sockaddr*)&src;

    memset(&dst, 0, SA_SIZE);
    dst.sin_family = AF_INET;
    dst.sin_addr.s_addr = inet_addr('192.168.2.1');
    dst.sin_port = 0;
    sa_info.saddr_dst = *(struct sockaddr*)&dst;

    struct msghdr msg;
    memset(&msg, 0, sizeof(msg));
    msg.msg_name = &sa_info;
    msg.msg_namelen = sizeof(sa_info);

    struct iovec iov[1];
    char buf[1];
    iov[0].iov_base = buf;
    iov[0].iov_len = sizeof(buf);
    msg.msg_iov = iov;
    msg.msg_iovlen = 1;

    int ret = sendmsg(sock_fd, &msg, 0);
    if (ret < 0) {
        perror("Failed to sendmsg");
        exit(EXIT_FAILURE);
    }

    close(sock_fd);
    return 0;
}

该代码创建了一个UDP套接字，并使用XFRM_MSG_NEWSA消息创建了一个ESP SA，其中包括源地址、目的地址、SPI、加密算法、模式和请求ID等信息。注意，要在编译时链接-lxfrm库。