Both rtnl_talk and rtnl_dump had a callback for handling portions
of netlink message that do not match the correct pid or seq.
But this callback was never used by any part of iproute2 so remove
it.
The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output
are updated to include missing options, fix errors, and improve grammar.
There are no functional changes made.
The documentation for the ip command has many different meanings for the
same formatting symbols (which really needs to be fixed). This patch makes
consistent use of brackets [ ] to indicate optional parameters, pipes | to
mean "OR", braces { } to group things together, and dashes - instead of
underscores _ inside of parameter names. The parameters are listed in the
order in which they are parsed in the source code.
There are several parameters and options that are still not mentioned or
need to be described more thoroughly in the "COMMAND SYNTAX" section of
the ip(8) man page. I would appreciate help from the developers with this.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Allow tmpl IP addresses to have a different family than
selector addresses. This is useful in conjunction with
XFRM_STATE_AF_UNSPEC.
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Some usages of rtnl_send could cause errors (ie flush requests)
others do a listen afterwards.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
o Support policy flag with string format.
Note that kernel defines only one name "localok" for the flag
and it has not had any effect currently.
o Support state flag value XFRM_STATE_NOPMTUDISC.
o Fix to show detailed flags value when "-s" option is used.
o Fix minor typo.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Remove unused or redundant usage for xfrm_filter.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Need to use correct XFRMA_ constants.
Get rid of bogus casts. Fix case where no attribute returned.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
and heres the SPD version ...
cheers,
jamal
[XFRM] see SPD info
i.e instead of something like ip xfrm policy ls | grep -i src | wc -l
do:
ip xfrm policy count
And you get the count; you can also pass -s or -s -s to see more
details
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
To support Mobile IPv6 RO, the following extension is included:
o Use XFRM_MODE_XXX macro instead of magic number
o New attribute option for all state: source address for
deleting or getting message
o New attribute options for RO: care-of address, last-used timestamp
and wild-receive flag
Note:
Flush command like `ip xfrm state flush` is to remove all XFRM state.
It has been effected for IPsec SAD but with this patch it flushes both
IPsec SAD and Mobile IPv6 RO states.
To make only IPsec SA flush, it is recommanded to specify each XFRM
protocol like below:
`ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp`
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Patch which allows for setting SA and SP also for
new IPSec mode BEET, beside tunnel and transport, according to the latest
changes in the kernel you can find at the following link:
Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu <miika@iki.fi>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[IPROUTE]: Fix struct alignment with cris architecture
gcc for the cris arch does not pad structures to the next multiple of 4
bytes, as the i386 gcc does.
This causes errors like this when displaying xfrm policies:
# ip x p
!!!Deficit 3, rta_len=300
src 192.168.251.32/29 dst 192.168.251.32/29
dir in priority 0
!!!Deficit 3, rta_len=180
src 0.0.0.0/0 dst 192.168.251.32/29
dir in priority 2208
....
Similar errors are seen from ip x s.
This patch fixes the errors when printing. I'm not sure whether we
should worry about other uses of the affected structs, I've not seen any
other bad effects from this though, so hopefully this is enough.
(Thanks to Herbert Xu for pointing out that NLMSG_SPACE is the correct
macro to use here.)
Tested against 2.6.17.6 kernel on i386, and 2.6.16.1 kernel on cris.
Signed-off-by: Andy Gay <andy@andynet.net>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
It fixes flush feature for IPsec(ip xfrm).
Jamal gave me comment about it. I've tested it on 2.6.11.7.
Please find the log below, check code and pull it:
bk://bk.skbuff.net:38000/iproute2-xfrm-flush
ChangeSet@1.182, 2005-04-13 21:19:44+09:00, nakam@linux-ipv6.org
[ip] add "deleteall" command for xfrm;
"flush" uses kernel's flush interface and
"deleteall" uses legacy iproute2's flush feature like
getting-and-deleting-for-each.
