proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-08-13 20:32:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies

Browse Source 
The XFRMA_IF_ID attribute is set in policies/states for them to be
associated with an XFRM interface (4.19+).

Add support for setting / displaying this attribute.

Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
was provided in command line.

Tested-by: Antony Antony <antony@phenome.org>
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This commit is contained in:
Eyal Birger 2019-04-04 19:07:38 +03:00 committed by Stephen Hemminger
parent 8391023680
commit aed63ae1ac
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ip/ipxfrm.c
View File

@ -891,6 +891,14 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
fprintf(fp, "%s", _SL_);
}
if (tb[XFRMA_IF_ID]) {
__u32 if_id = rta_getattr_u32(tb[XFRMA_IF_ID]);
if (prefix)
fputs(prefix, fp);
fprintf(fp, "if_id %#x", if_id);
fprintf(fp, "%s", _SL_);
}
}
static int xfrm_selector_iszero(struct xfrm_selector *s)

12
ip/xfrm_policy.c
View File

@ -55,7 +55,7 @@ static void usage(void)
fprintf(stderr, "Usage: ip xfrm policy { add | update } SELECTOR dir DIR [ ctx CTX ]\n");
fprintf(stderr, " [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n");
fprintf(stderr, " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n");
fprintf(stderr, " [ LIMIT-LIST ] [ TMPL-LIST ]\n");
fprintf(stderr, " [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n");
fprintf(stderr, " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n");
fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ nosock ] [ SELECTOR ] [ dir DIR ]\n");
@ -270,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
struct xfrm_user_sec_ctx sctx;
char str[CTX_BUF_SIZE];
} ctx = {};
bool is_if_id_set = false;
__u32 if_id = 0;
while (argc > 0) {
if (strcmp(*argv, "dir") == 0) {
@ -338,6 +340,11 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
xfrm_tmpl_parse(tmpl, &argc, &argv);
tmpls_len += sizeof(*tmpl);
} else if (strcmp(*argv, "if_id") == 0) {
NEXT_ARG();
if (get_u32(&if_id, *argv, 0))
invarg("IF_ID value is invalid", *argv);
is_if_id_set = true;
} else {
if (selp)
duparg("unknown", *argv);
@ -380,6 +387,9 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
(void *)&ctx, ctx.sctx.len);
}
if (is_if_id_set)
addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
exit(1);

11
ip/xfrm_state.c
View File

@ -62,6 +62,7 @@ static void usage(void)
fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n");
fprintf(stderr, " [ output-mark OUTPUT-MARK ]\n");
+ fprintf(stderr, " [ if_id IF_ID ]\n");
fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n");
fprintf(stderr, " [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n");
fprintf(stderr, "Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n");
@ -326,6 +327,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
char str[CTX_BUF_SIZE];
} ctx = {};
__u32 output_mark = 0;
bool is_if_id_set = false;
__u32 if_id = 0;
while (argc > 0) {
if (strcmp(*argv, "mode") == 0) {
@ -445,6 +448,11 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
NEXT_ARG();
if (get_u32(&output_mark, *argv, 0))
invarg("value after \"output-mark\" is invalid", *argv);
} else if (strcmp(*argv, "if_id") == 0) {
NEXT_ARG();
if (get_u32(&if_id, *argv, 0))
invarg("value after \"if_id\" is invalid", *argv);
is_if_id_set = true;
} else {
/* try to assume ALGO */
int type = xfrm_algotype_getbyname(*argv);
@ -627,6 +635,9 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
}
}
if (is_if_id_set)
addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
if (xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) {
switch (req.xsinfo.mode) {
case XFRM_MODE_TRANSPORT: