* [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
@ 2019-04-04 16:07 Eyal Birger
2019-04-04 17:13 ` Stephen Hemminger
2019-04-05 22:07 ` Stephen Hemminger
0 siblings, 2 replies; 6+ messages in thread
From: Eyal Birger @ 2019-04-04 16:07 UTC (permalink / raw)
To: netdev; +Cc: antony, Eyal Birger
The XFRMA_IF_ID attribute is set in policies/states for them to be
associated with an XFRM interface (4.19+).
Add support for setting / displaying this attribute.
Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
was provided in command line.
Tested-by: Antony Antony <antony@phenome.org>
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
---
ip/ipxfrm.c | 8 ++++++++
ip/xfrm_policy.c | 12 +++++++++++-
ip/xfrm_state.c | 11 +++++++++++
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index b153b863..32f56093 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -891,6 +891,14 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
(xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
fprintf(fp, "%s", _SL_);
}
+ if (tb[XFRMA_IF_ID]) {
+ __u32 if_id = rta_getattr_u32(tb[XFRMA_IF_ID]);
+
+ if (prefix)
+ fputs(prefix, fp);
+ fprintf(fp, "if_id %#x", if_id);
+ fprintf(fp, "%s", _SL_);
+ }
}
static int xfrm_selector_iszero(struct xfrm_selector *s)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index feccaada..4a63e9ab 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -55,7 +55,7 @@ static void usage(void)
fprintf(stderr, "Usage: ip xfrm policy { add | update } SELECTOR dir DIR [ ctx CTX ]\n");
fprintf(stderr, " [ mark MARK [ mask MASK ] ] [ index INDEX ] [ ptype PTYPE ]\n");
fprintf(stderr, " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n");
- fprintf(stderr, " [ LIMIT-LIST ] [ TMPL-LIST ]\n");
+ fprintf(stderr, " [ if_id IF_ID ] [ LIMIT-LIST ] [ TMPL-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n");
fprintf(stderr, " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n");
fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ nosock ] [ SELECTOR ] [ dir DIR ]\n");
@@ -270,6 +270,8 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
struct xfrm_user_sec_ctx sctx;
char str[CTX_BUF_SIZE];
} ctx = {};
+ bool is_if_id_set = false;
+ __u32 if_id = 0;
while (argc > 0) {
if (strcmp(*argv, "dir") == 0) {
@@ -338,6 +340,11 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
xfrm_tmpl_parse(tmpl, &argc, &argv);
tmpls_len += sizeof(*tmpl);
+ } else if (strcmp(*argv, "if_id") == 0) {
+ NEXT_ARG();
+ if (get_u32(&if_id, *argv, 0))
+ invarg("IF_ID value is invalid", *argv);
+ is_if_id_set = true;
} else {
if (selp)
duparg("unknown", *argv);
@@ -380,6 +387,9 @@ static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv
(void *)&ctx, ctx.sctx.len);
}
+ if (is_if_id_set)
+ addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
+
if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
exit(1);
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 09292da9..93601437 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -62,6 +62,7 @@ static void usage(void)
fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n");
fprintf(stderr, " [ output-mark OUTPUT-MARK ]\n");
++ fprintf(stderr, " [ if_id IF_ID ]\n");
fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n");
fprintf(stderr, " [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n");
fprintf(stderr, "Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n");
@@ -326,6 +327,8 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
char str[CTX_BUF_SIZE];
} ctx = {};
__u32 output_mark = 0;
+ bool is_if_id_set = false;
+ __u32 if_id = 0;
while (argc > 0) {
if (strcmp(*argv, "mode") == 0) {
@@ -445,6 +448,11 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
NEXT_ARG();
if (get_u32(&output_mark, *argv, 0))
invarg("value after \"output-mark\" is invalid", *argv);
+ } else if (strcmp(*argv, "if_id") == 0) {
+ NEXT_ARG();
+ if (get_u32(&if_id, *argv, 0))
+ invarg("value after \"if_id\" is invalid", *argv);
+ is_if_id_set = true;
} else {
/* try to assume ALGO */
int type = xfrm_algotype_getbyname(*argv);
@@ -627,6 +635,9 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
}
}
+ if (is_if_id_set)
+ addattr32(&req.n, sizeof(req.buf), XFRMA_IF_ID, if_id);
+
if (xfrm_xfrmproto_is_ipsec(req.xsinfo.id.proto)) {
switch (req.xsinfo.mode) {
case XFRM_MODE_TRANSPORT:
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
2019-04-04 16:07 [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies Eyal Birger
@ 2019-04-04 17:13 ` Stephen Hemminger
2019-04-05 6:59 ` Eyal Birger
2019-04-05 22:07 ` Stephen Hemminger
1 sibling, 1 reply; 6+ messages in thread
From: Stephen Hemminger @ 2019-04-04 17:13 UTC (permalink / raw)
To: Eyal Birger; +Cc: netdev, antony
On Thu, 4 Apr 2019 19:07:38 +0300
Eyal Birger <eyal.birger@gmail.com> wrote:
> The XFRMA_IF_ID attribute is set in policies/states for them to be
> associated with an XFRM interface (4.19+).
>
> Add support for setting / displaying this attribute.
>
> Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
> was provided in command line.
>
> Tested-by: Antony Antony <antony@phenome.org>
> Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
> ---
Since this works with existing kernel int should not need to wait for next.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
2019-04-04 17:13 ` Stephen Hemminger
@ 2019-04-05 6:59 ` Eyal Birger
0 siblings, 0 replies; 6+ messages in thread
From: Eyal Birger @ 2019-04-05 6:59 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev, antony
Hi Stephen,
On Thu, 4 Apr 2019 10:13:36 -0700
Stephen Hemminger <stephen@networkplumber.org> wrote:
> On Thu, 4 Apr 2019 19:07:38 +0300
> Eyal Birger <eyal.birger@gmail.com> wrote:
>
> > The XFRMA_IF_ID attribute is set in policies/states for them to be
> > associated with an XFRM interface (4.19+).
> >
> > Add support for setting / displaying this attribute.
> >
> > Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
> > was provided in command line.
> >
> > Tested-by: Antony Antony <antony@phenome.org>
> > Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
> > ---
>
> Since this works with existing kernel int should not need to wait for
> next.
Oh, sorry about that.
The patch applies cleanly and works on the iproute2 tree. Should I
resubmit?
Thanks!
Eyal.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
2019-04-04 16:07 [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies Eyal Birger
2019-04-04 17:13 ` Stephen Hemminger
@ 2019-04-05 22:07 ` Stephen Hemminger
2019-04-06 3:57 ` Antony Antony
1 sibling, 1 reply; 6+ messages in thread
From: Stephen Hemminger @ 2019-04-05 22:07 UTC (permalink / raw)
To: Eyal Birger; +Cc: netdev, antony
On Thu, 4 Apr 2019 19:07:38 +0300
Eyal Birger <eyal.birger@gmail.com> wrote:
> The XFRMA_IF_ID attribute is set in policies/states for them to be
> associated with an XFRM interface (4.19+).
>
> Add support for setting / displaying this attribute.
>
> Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
> was provided in command line.
>
> Tested-by: Antony Antony <antony@phenome.org>
> Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
This is already handled by an earlier patch, that I just applied
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
2019-04-05 22:07 ` Stephen Hemminger
@ 2019-04-06 3:57 ` Antony Antony
2019-04-10 18:50 ` David Ahern
0 siblings, 1 reply; 6+ messages in thread
From: Antony Antony @ 2019-04-06 3:57 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: Eyal Birger, netdev, antony
On Fri, Apr 05, 2019 at 03:07:58PM -0700, Stephen Hemminger wrote:
> On Thu, 4 Apr 2019 19:07:38 +0300
> Eyal Birger <eyal.birger@gmail.com> wrote:
>
> > The XFRMA_IF_ID attribute is set in policies/states for them to be
> > associated with an XFRM interface (4.19+).
> >
> > Add support for setting / displaying this attribute.
> >
> > Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
> > was provided in command line.
> >
> > Tested-by: Antony Antony <antony@phenome.org>
> > Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
>
> This is already handled by an earlier patch, that I just applied
Do you mean commit 286446c1
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=286446c1e8c7f5f6eca4959015aa9e482b7adb11
Matt's patch is to support link.
e.g ip link add ipsec0 type xfrm dev enp0s5 if_id 0xAB
Eyal's patch for xfrm state and policy.
e.g
ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in tmpl src
172.16.1.200 dst 172.16.1.100 proto esp reqid 2 mode tunnel if_id 10
Thanks for applying Matt's patch. We need for both patches.
-antony
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies
2019-04-06 3:57 ` Antony Antony
@ 2019-04-10 18:50 ` David Ahern
0 siblings, 0 replies; 6+ messages in thread
From: David Ahern @ 2019-04-10 18:50 UTC (permalink / raw)
To: Antony Antony, Stephen Hemminger; +Cc: Eyal Birger, netdev
On 4/5/19 8:57 PM, Antony Antony wrote:
> On Fri, Apr 05, 2019 at 03:07:58PM -0700, Stephen Hemminger wrote:
>> On Thu, 4 Apr 2019 19:07:38 +0300
>> Eyal Birger <eyal.birger@gmail.com> wrote:
>>
>>> The XFRMA_IF_ID attribute is set in policies/states for them to be
>>> associated with an XFRM interface (4.19+).
>>>
>>> Add support for setting / displaying this attribute.
>>>
>>> Note that 0 is a valid value therefore set XFRMA_IF_ID if any value
>>> was provided in command line.
>>>
>>> Tested-by: Antony Antony <antony@phenome.org>
>>> Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
>>
>> This is already handled by an earlier patch, that I just applied
>
> Do you mean commit 286446c1
> https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=286446c1e8c7f5f6eca4959015aa9e482b7adb11
>
> Matt's patch is to support link.
> e.g ip link add ipsec0 type xfrm dev enp0s5 if_id 0xAB
>
> Eyal's patch for xfrm state and policy.
> e.g
> ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in tmpl src
> 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 mode tunnel if_id 10
>
> Thanks for applying Matt's patch. We need for both patches.
>
> -antony
>
Stephen: since you took Matt's, I am assuming you will take the xfrm
patch too.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-04-10 18:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-04 16:07 [PATCH iproute2-next] ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies Eyal Birger
2019-04-04 17:13 ` Stephen Hemminger
2019-04-05 6:59 ` Eyal Birger
2019-04-05 22:07 ` Stephen Hemminger
2019-04-06 3:57 ` Antony Antony
2019-04-10 18:50 ` David Ahern
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.