[PATCH iproute2-next] ip: xfrm: add espintcp encapsulation

[PATCH iproute2-next] ip: xfrm: add espintcp encapsulation

[Sabrina Dubroca]

This adds support for creating xfrm states with TCP encapsulation,
similar to the existing UDP encapsulation support.

Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
The kernel side patches are in ipsec-next/master.

 ip/ipxfrm.c        | 5 +++++
 ip/xfrm_state.c    | 2 +-
 man/man8/ip-xfrm.8 | 4 ++--
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 32f560933a47..e310860b9f1f 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 		case 2:
 			fprintf(fp, "espinudp ");
 			break;
+		case 7:
+			fprintf(fp, "espintcp ");
+			break;
 		default:
 			fprintf(fp, "%u ", e->encap_type);
 			break;
@@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
 		*type = 1;
 	else if (strcmp(*argv, "espinudp") == 0)
 		*type = 2;
+	else if (strcmp(*argv, "espintcp") == 0)
+		*type = 7;
 	else
 		invarg("ENCAP-TYPE value is invalid", *argv);
 
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index b03ccc5807e9..df2d50c3843b 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -130,7 +130,7 @@ static void usage(void)
 		"LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n"
 		"LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n"
 		"         { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n"
-		"ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n"
+		"ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n"
 		"DIR := in | out\n");
 
 	exit(-1);
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index cfce1e40b7f7..f99f30bb448a 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -207,7 +207,7 @@ ip-xfrm \- transform configuration
 
 .ti -8
 .IR ENCAP " :="
-.RB "{ " espinudp " | " espinudp-nonike " }"
+.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }"
 .IR SPORT " " DPORT " " OADDR
 
 .ti -8
@@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets.
 .TP
 .I ENCAP
 encapsulates packets with protocol
-.BR espinudp " or " espinudp-nonike ","
+.BR espinudp ", " espinudp-nonike ", or " espintcp ","
 .RI "using source port " SPORT ", destination port "  DPORT
 .RI ", and original address " OADDR "."
 
-- 
2.24.1

Re: [PATCH iproute2-next] ip: xfrm: add espintcp encapsulation

[David Ahern]

On 1/16/20 3:39 AM, Sabrina Dubroca wrote:
> diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
> index 32f560933a47..e310860b9f1f 100644
> --- a/ip/ipxfrm.c
> +++ b/ip/ipxfrm.c
> @@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
>  		case 2:
>  			fprintf(fp, "espinudp ");
>  			break;
> +		case 7:
> +			fprintf(fp, "espintcp ");
> +			break;
>  		default:
>  			fprintf(fp, "%u ", e->encap_type);
>  			break;
> @@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
>  		*type = 1;
>  	else if (strcmp(*argv, "espinudp") == 0)
>  		*type = 2;
> +	else if (strcmp(*argv, "espintcp") == 0)
> +		*type = 7;
>  	else
>  		invarg("ENCAP-TYPE value is invalid", *argv);
>  

are there enums / macros for the magic numbers?

Re: [PATCH iproute2-next] ip: xfrm: add espintcp encapsulation

[Sabrina Dubroca]

2020-01-18, 14:24:45 -0700, David Ahern wrote:
> On 1/16/20 3:39 AM, Sabrina Dubroca wrote:
> > diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
> > index 32f560933a47..e310860b9f1f 100644
> > --- a/ip/ipxfrm.c
> > +++ b/ip/ipxfrm.c
> > @@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
> >  		case 2:
> >  			fprintf(fp, "espinudp ");
> >  			break;
> > +		case 7:
> > +			fprintf(fp, "espintcp ");
> > +			break;
> >  		default:
> >  			fprintf(fp, "%u ", e->encap_type);
> >  			break;
> > @@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
> >  		*type = 1;
> >  	else if (strcmp(*argv, "espinudp") == 0)
> >  		*type = 2;
> > +	else if (strcmp(*argv, "espintcp") == 0)
> > +		*type = 7;
> >  	else
> >  		invarg("ENCAP-TYPE value is invalid", *argv);
> >  
> 
> are there enums / macros for the magic numbers?

Yes, in include/uapi/linux/udp.h:

/* UDP encapsulation types */
#define UDP_ENCAP_ESPINUDP_NON_IKE	1 /* draft-ietf-ipsec-nat-t-ike-00/01 */
#define UDP_ENCAP_ESPINUDP	2 /* draft-ietf-ipsec-udp-encaps-06 */
#define UDP_ENCAP_L2TPINUDP	3 /* rfc2661 */
#define UDP_ENCAP_GTP0		4 /* GSM TS 09.60 */
#define UDP_ENCAP_GTP1U		5 /* 3GPP TS 29.060 */
#define UDP_ENCAP_RXRPC		6
#define TCP_ENCAP_ESPINTCP	7 /* Yikes, this is really xfrm encap types. */


Since the existing code wasn't using them (no idea why), I did the
same. I can change that if you prefer (and add udp.h to iproute's
include/uapi, since it's currently missing).

-- 
Sabrina

Re: [PATCH iproute2-next] ip: xfrm: add espintcp encapsulation

[David Ahern]

On 1/18/20 3:34 PM, Sabrina Dubroca wrote:
> Since the existing code wasn't using them (no idea why), I did the

I figured.

> same. I can change that if you prefer (and add udp.h to iproute's
> include/uapi, since it's currently missing).

I think that makes for readable code, so yes, resubmit with names. Thanks