diff --git a/include/linux/ipsec.h b/include/linux/ipsec.h new file mode 100644 index 00000000..d17a6302 --- /dev/null +++ b/include/linux/ipsec.h @@ -0,0 +1,47 @@ +#ifndef _LINUX_IPSEC_H +#define _LINUX_IPSEC_H + +/* The definitions, required to talk to KAME racoon IKE. */ + +#include + +#define IPSEC_PORT_ANY 0 +#define IPSEC_ULPROTO_ANY 255 +#define IPSEC_PROTO_ANY 255 + +enum { + IPSEC_MODE_ANY = 0, /* We do not support this for SA */ + IPSEC_MODE_TRANSPORT = 1, + IPSEC_MODE_TUNNEL = 2, + IPSEC_MODE_BEET = 3 +}; + +enum { + IPSEC_DIR_ANY = 0, + IPSEC_DIR_INBOUND = 1, + IPSEC_DIR_OUTBOUND = 2, + IPSEC_DIR_FWD = 3, /* It is our own */ + IPSEC_DIR_MAX = 4, + IPSEC_DIR_INVALID = 5 +}; + +enum { + IPSEC_POLICY_DISCARD = 0, + IPSEC_POLICY_NONE = 1, + IPSEC_POLICY_IPSEC = 2, + IPSEC_POLICY_ENTRUST = 3, + IPSEC_POLICY_BYPASS = 4 +}; + +enum { + IPSEC_LEVEL_DEFAULT = 0, + IPSEC_LEVEL_USE = 1, + IPSEC_LEVEL_REQUIRE = 2, + IPSEC_LEVEL_UNIQUE = 3 +}; + +#define IPSEC_MANUAL_REQID_MAX 0x3fff + +#define IPSEC_REPLAYWSIZE 32 + +#endif /* _LINUX_IPSEC_H */ diff --git a/include/utils.h b/include/utils.h index bfbc9e6d..915c82e9 100644 --- a/include/utils.h +++ b/include/utils.h @@ -27,19 +27,6 @@ extern int max_flush_loops; extern int batch_mode; extern bool do_all; -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif -#ifndef IPPROTO_COMP -#define IPPROTO_COMP 108 -#endif -#ifndef IPSEC_PROTO_ANY -#define IPSEC_PROTO_ANY 255 -#endif - #ifndef CONFDIR #define CONFDIR "/etc/iproute2" #endif diff --git a/ip/ipmroute.c b/ip/ipmroute.c index 84950037..b51c23cc 100644 --- a/ip/ipmroute.c +++ b/ip/ipmroute.c @@ -178,6 +178,11 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) fprintf(fp, ", Age %4i.%.2i", (int)tv.tv_sec, (int)tv.tv_usec/10000); } + + if (table && (table != RT_TABLE_MAIN || show_details > 0) && !filter.tb) + fprintf(fp, " Table: %s", + rtnl_rttable_n2a(table, b1, sizeof(b1))); + fprintf(fp, "\n"); fflush(fp); return 0; diff --git a/ip/iproute.c b/ip/iproute.c index 1b9c9035..4e022d77 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -1243,16 +1243,14 @@ static int iproute_modify(int cmd, unsigned int flags, int argc, char **argv) if (!dst_ok) usage(); - if (d || nhs_ok) { + if (d) { int idx; - if (d) { - if ((idx = ll_name_to_index(d)) == 0) { - fprintf(stderr, "Cannot find device \"%s\"\n", d); - return -1; - } - addattr32(&req.n, sizeof(req), RTA_OIF, idx); + if ((idx = ll_name_to_index(d)) == 0) { + fprintf(stderr, "Cannot find device \"%s\"\n", d); + return -1; } + addattr32(&req.n, sizeof(req), RTA_OIF, idx); } if (mxrta->rta_len > RTA_LENGTH(0)) { diff --git a/ip/link_gre6.c b/ip/link_gre6.c index 205bada7..4d3d4b54 100644 --- a/ip/link_gre6.c +++ b/ip/link_gre6.c @@ -355,6 +355,18 @@ get_failed: invarg("invalid fwmark\n", *argv); flags &= ~IP6_TNL_F_USE_ORIG_FWMARK; } + } else if (strcmp(*argv, "encaplimit") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "none") == 0) { + flags |= IP6_TNL_F_IGN_ENCAP_LIMIT; + } else { + __u8 uval; + + if (get_u8(&uval, *argv, 0) < -1) + invarg("invalid ELIM", *argv); + encap_limit = uval; + flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; + } } else usage(); argc--; argv++; diff --git a/ip/xfrm.h b/ip/xfrm.h index 773c92e9..54d80ce5 100644 --- a/ip/xfrm.h +++ b/ip/xfrm.h @@ -26,17 +26,9 @@ #include #include +#include #include - -#ifndef IPPROTO_SCTP -# define IPPROTO_SCTP 132 -#endif -#ifndef IPPROTO_DCCP -# define IPPROTO_DCCP 33 -#endif -#ifndef IPPROTO_MH -# define IPPROTO_MH 135 -#endif +#include #define XFRMS_RTA(x) ((struct rtattr*)(((char*)(x)) + NLMSG_ALIGN(sizeof(struct xfrm_usersa_info)))) #define XFRMS_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct xfrm_usersa_info))