[PATCH iproute2] ip: support for xfrm interfaces

[PATCH iproute2] ip: support for xfrm interfaces

[Matt Ellison]

Support for new (4.19+) xfrm virtual interfaces.

Interfaces take a 'if_id' which is an interface id which can be set on
an xfrm policy as its interface lookup key (XFRMA_IF_ID).

Signed-off-by: Matt Ellison <matt@arroyo.io>
---
 ip/Makefile    |  2 +-
 ip/iplink.c    |  3 +-
 ip/link_xfrm.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 93 insertions(+), 2 deletions(-)
 create mode 100644 ip/link_xfrm.c

diff --git a/ip/Makefile b/ip/Makefile
index a88f9366..7ce6e91a 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
     ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \
     iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \
     iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \
-    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \
+    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \
     iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \
     link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
     iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
diff --git a/ip/iplink.c b/ip/iplink.c
index b5519201..f61e570a 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -121,7 +121,8 @@ void iplink_usage(void)
 			"          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n"
 			"          gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n"
 			"          vti | nlmon | team_slave | bond_slave | bridge_slave |\n"
-			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n");
+			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n"
+			"          xfrm }\n");
 	}
 	exit(-1);
 }
diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c
new file mode 100644
index 00000000..5453a9c1
--- /dev/null
+++ b/ip/link_xfrm.c
@@ -0,0 +1,90 @@
+/*
+ * link_xfrm.c	Virtual XFRM Interface driver module
+ *
+ *		This program is free software; you can redistribute it and/or
+ *		modify it under the terms of the GNU General Public License
+ *		as published by the Free Software Foundation; either version
+ *		2 of the License, or (at your option) any later version.
+ *
+ * Authors:	Matt Ellison <matt@arroyo.io>
+ */
+
+#include <string.h>
+#include <linux/if_link.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "ip_common.h"
+#include "tunnel.h"
+
+static void xfrm_print_help(struct link_util *lu, int argc, char **argv, FILE *f)
+{
+    fprintf(f,
+            "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n",
+            lu->id
+    );
+    fprintf(f,
+            "\n"
+    );
+    fprintf(f,
+            "Where: IF-ID := { 0x0..0xffffffff }\n"
+            ""
+    );
+}
+
+static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv,
+                         struct nlmsghdr *n)
+{
+    unsigned int link = 0;
+    __u32 if_id = 0;
+
+    while (argc > 0) {
+        if (!matches(*argv, "dev")) {
+            NEXT_ARG();
+            link = ll_name_to_index(*argv);
+            if (!link)
+                exit(nodev(*argv));
+        } else if (!matches(*argv, "if_id")) {
+            NEXT_ARG();
+            if (get_u32(&if_id, *argv, 0))
+                invarg("if_id", *argv);
+        } else {
+            xfrm_print_help(lu, argc, argv, stderr);
+            return -1;
+        }
+        argc--; argv++;
+    }
+
+    addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id);
+
+    if (link) {
+        addattr32(n, 1024, IFLA_XFRM_LINK, link);
+    } else {
+        fprintf(stderr, "must specify physical device\n");
+        return -1;
+    }
+
+    return 0;
+}
+
+static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+{
+
+    if (!tb)
+        return;
+
+    if (tb[IFLA_XFRM_IF_ID]) {
+        __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]);
+        print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id);
+
+    }
+
+}
+
+struct link_util xfrm_link_util = {
+        .id = "xfrm",
+        .maxattr = IFLA_XFRM_MAX,
+        .parse_opt = xfrm_parse_opt,
+        .print_opt = xfrm_print_opt,
+        .print_help = xfrm_print_help,
+};
-- 
2.20.1


-- 



Please be advised that this email may contain confidential information. 
If you are not the intended recipient, please notify us by email by 
replying to the sender and delete this message. The sender disclaims that 
the content of this email constitutes an offer to enter into, or the 
acceptance of, any agreement; provided that the foregoing does not 
invalidate the binding effect of any digital or other electronic 
reproduction of a manual signature that is included in any attachment.


 
<https://twitter.com/arroyo_networks>   
<https://www.linkedin.com/company/arroyo-networks>   
<https://www.github.com/ArroyoNetworks>

Re: [PATCH iproute2] ip: support for xfrm interfaces

[Stephen Hemminger]

On Fri, 28 Dec 2018 10:32:11 -0500
Matt Ellison <matt@arroyo.io> wrote:

> Support for new (4.19+) xfrm virtual interfaces.
> 
> Interfaces take a 'if_id' which is an interface id which can be set on
> an xfrm policy as its interface lookup key (XFRMA_IF_ID).
> 
> Signed-off-by: Matt Ellison <matt@arroyo.io>

Wanted to apply this, but it has lots of style issues.
The biggest one is indenting with spaces instead of tabs.
You can use the kernel checkpatch utility to ensure that it is correct.

Other changes needed:
1. For new code just use SPDX style license id, no need to quote GPL
/* SPDX-License-Identifier: GPL-2.0 */

2. Please make help function simpler:

static void xfrm_print_help(struct link_util *lu,
			    int argc, char **argv, FILE *f)
{
	fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id);
	fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n");
}

The code part looks ok, but you should also update the man page
and add test cases if possible.

Please fix and resubmit.

[PATCH iproute2] ip: support for xfrm interfaces

[Matt Ellison]

Support for new (4.19+) xfrm virtual interfaces.

Interfaces take a 'if_id' which is an interface id which can be set on
an xfrm policy as its interface lookup key (XFRMA_IF_ID).

Signed-off-by: Matt Ellison <matt@arroyo.io>
---
 ip/Makefile                             |  2 +-
 ip/iplink.c                             |  3 +-
 ip/link_xfrm.c                          | 79 +++++++++++++++++++++++++
 man/man8/ip-link.8.in                   | 27 ++++++++-
 testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++
 5 files changed, 140 insertions(+), 3 deletions(-)
 create mode 100644 ip/link_xfrm.c
 create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t

diff --git a/ip/Makefile b/ip/Makefile
index a88f9366..7ce6e91a 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
     ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \
     iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \
     iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \
-    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \
+    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \
     iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \
     link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
     iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
diff --git a/ip/iplink.c b/ip/iplink.c
index b5519201..f61e570a 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -121,7 +121,8 @@ void iplink_usage(void)
 			"          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n"
 			"          gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n"
 			"          vti | nlmon | team_slave | bond_slave | bridge_slave |\n"
-			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n");
+			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n"
+			"          xfrm }\n");
 	}
 	exit(-1);
 }
diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c
new file mode 100644
index 00000000..1115fde5
--- /dev/null
+++ b/ip/link_xfrm.c
@@ -0,0 +1,79 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * link_xfrm.c	Virtual XFRM Interface driver module
+ *
+ * Authors:	Matt Ellison <matt@arroyo.io>
+ */
+
+#include <string.h>
+#include <linux/if_link.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "ip_common.h"
+#include "tunnel.h"
+
+static void xfrm_print_help(struct link_util *lu, int argc, char **argv,
+			    FILE *f)
+{
+	fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id);
+	fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n");
+}
+
+static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv,
+			  struct nlmsghdr *n)
+{
+	unsigned int link = 0;
+	__u32 if_id = 0;
+
+	while (argc > 0) {
+		if (!matches(*argv, "dev")) {
+			NEXT_ARG();
+			link = ll_name_to_index(*argv);
+			if (!link)
+				exit(nodev(*argv));
+		} else if (!matches(*argv, "if_id")) {
+			NEXT_ARG();
+			if (get_u32(&if_id, *argv, 0))
+				invarg("if_id", *argv);
+		} else {
+			xfrm_print_help(lu, argc, argv, stderr);
+			return -1;
+		}
+		argc--; argv++;
+	}
+
+	addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id);
+
+	if (link) {
+		addattr32(n, 1024, IFLA_XFRM_LINK, link);
+	} else {
+		fprintf(stderr, "must specify physical device\n");
+		return -1;
+	}
+
+	return 0;
+}
+
+static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+{
+
+	if (!tb)
+		return;
+
+	if (tb[IFLA_XFRM_IF_ID]) {
+		__u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]);
+
+		print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id);
+
+	}
+
+}
+
+struct link_util xfrm_link_util = {
+	.id = "xfrm",
+	.maxattr = IFLA_XFRM_MAX,
+	.parse_opt = xfrm_parse_opt,
+	.print_opt = xfrm_print_opt,
+	.print_help = xfrm_print_help,
+};
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 5132f514..a361101a 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -221,7 +221,8 @@ ip-link \- network device configuration
 .BR vrf " |"
 .BR macsec " |"
 .BR netdevsim " |"
-.BR rmnet " ]"
+.BR rmnet " |"
+.BR xfrm " ]"
 
 .ti -8
 .IR ETYPE " := [ " TYPE " |"
@@ -350,6 +351,9 @@ Link types:
 .sp
 .BR rmnet
 - Qualcomm rmnet device
+.sp
+.BR xfrm
+- Virtual xfrm interface
 .in -8
 
 .TP
@@ -1676,6 +1680,27 @@ the following additional arguments are supported:
 
 .in -8
 
+.TP
+XFRM Type Support
+For a link of type
+.I XFRM
+the following additional arguments are supported:
+
+.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]"
+
+.in +8
+.sp
+.BI dev " PHYS_DEV "
+- specifies the underlying physical interface from which transform traffic is sent and received.
+
+.sp
+.BI if_id " IF-ID "
+- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm
+policies. Policies must be configured with the same key. If not set, the key defaults to
+0 and will match any policies which similarly do not have a lookup key configuration.
+
+.in -8
+
 .SS ip link delete - delete virtual link
 
 .TP
diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t
new file mode 100755
index 00000000..78ce28e0
--- /dev/null
+++ b/testsuite/tests/ip/link/add_type_xfrm.t
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+ts_log "[Testing Add XFRM Interface, With IF-ID]"
+
+PHYS_DEV="lo"
+NEW_DEV="$(rand_dev)"
+IF_ID="0xf"
+
+ts_ip "$0" "Add $NEW_DEV xfrm interface"    link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID
+
+ts_ip "$0" "Show $NEW_DEV xfrm interface"   -d link show dev $NEW_DEV
+test_on "$NEW_DEV"
+test_on "if_id $IF_ID"
+
+ts_ip "$0" "Del $NEW_DEV xfrm interface"   link del dev $NEW_DEV
+
+
+ts_log "[Testing Add XFRM Interface, No IF-ID]"
+
+PHYS_DEV="lo"
+NEW_DEV="$(rand_dev)"
+IF_ID="0xf"
+
+ts_ip "$0" "Add $NEW_DEV xfrm interface"    link add dev $NEW_DEV type xfrm dev $PHYS_DEV
+
+ts_ip "$0" "Show $NEW_DEV xfrm interface"   -d link show dev $NEW_DEV
+test_on "$NEW_DEV"
+test_on_not "if_id $IF_ID"
+
+ts_ip "$0" "Del $NEW_DEV xfrm interface"   link del dev $NEW_DEV
-- 
2.20.1


-- 



Please be advised that this email may contain confidential information. 
If you are not the intended recipient, please notify us by email by 
replying to the sender and delete this message. The sender disclaims that 
the content of this email constitutes an offer to enter into, or the 
acceptance of, any agreement; provided that the foregoing does not 
invalidate the binding effect of any digital or other electronic 
reproduction of a manual signature that is included in any attachment.


 
<https://twitter.com/arroyo_networks>   
<https://www.linkedin.com/company/arroyo-networks>   
<https://www.github.com/ArroyoNetworks>

Re: [iproute2] ip: support for xfrm interfaces

[Antony Antony]

Tested-by: Antony Antony <antony@phenome.org>

Question: is it easy to add "if_id" to "ip link show" output?
currently:
ip link show ipsec0
4: ipsec0@eth1: <NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none da:25:61:2e:0c:98 brd ff:ff:ff:ff:ff:ff

proposed:
4: ipsec0@eth1: <NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue xfrm_if_id 0x1 
state UNKNOWN mode DEFAULT group default qlen 1000
    link/none da:25:61:2e:0c:98 brd ff:ff:ff:ff:ff:ff

thanks,
-antony

On Tue, Jan 01, 2019 at 12:40:01PM -0500, Matt Ellison wrote:
> Support for new (4.19+) xfrm virtual interfaces.
> 
> Interfaces take a 'if_id' which is an interface id which can be set on
> an xfrm policy as its interface lookup key (XFRMA_IF_ID).
> 
> Signed-off-by: Matt Ellison <matt@arroyo.io>
> ---
>  ip/Makefile                             |  2 +-
>  ip/iplink.c                             |  3 +-
>  ip/link_xfrm.c                          | 79 +++++++++++++++++++++++++
>  man/man8/ip-link.8.in                   | 27 ++++++++-
>  testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++
>  5 files changed, 140 insertions(+), 3 deletions(-)
>  create mode 100644 ip/link_xfrm.c
>  create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t
> 
> diff --git a/ip/Makefile b/ip/Makefile
> index a88f9366..7ce6e91a 100644
> --- a/ip/Makefile
> +++ b/ip/Makefile
> @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
>      ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \
>      iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \
>      iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \
> -    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \
> +    iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \
>      iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \
>      link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
>      iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
> diff --git a/ip/iplink.c b/ip/iplink.c
> index b5519201..f61e570a 100644
> --- a/ip/iplink.c
> +++ b/ip/iplink.c
> @@ -121,7 +121,8 @@ void iplink_usage(void)
>  			"          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n"
>  			"          gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n"
>  			"          vti | nlmon | team_slave | bond_slave | bridge_slave |\n"
> -			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n");
> +			"          ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n"
> +			"          xfrm }\n");
>  	}
>  	exit(-1);
>  }
> diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c
> new file mode 100644
> index 00000000..1115fde5
> --- /dev/null
> +++ b/ip/link_xfrm.c
> @@ -0,0 +1,79 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * link_xfrm.c	Virtual XFRM Interface driver module
> + *
> + * Authors:	Matt Ellison <matt@arroyo.io>
> + */
> +
> +#include <string.h>
> +#include <linux/if_link.h>
> +
> +#include "rt_names.h"
> +#include "utils.h"
> +#include "ip_common.h"
> +#include "tunnel.h"
> +
> +static void xfrm_print_help(struct link_util *lu, int argc, char **argv,
> +			    FILE *f)
> +{
> +	fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id);
> +	fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n");
> +}
> +
> +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv,
> +			  struct nlmsghdr *n)
> +{
> +	unsigned int link = 0;
> +	__u32 if_id = 0;
> +
> +	while (argc > 0) {
> +		if (!matches(*argv, "dev")) {
> +			NEXT_ARG();
> +			link = ll_name_to_index(*argv);
> +			if (!link)
> +				exit(nodev(*argv));
> +		} else if (!matches(*argv, "if_id")) {
> +			NEXT_ARG();
> +			if (get_u32(&if_id, *argv, 0))
> +				invarg("if_id", *argv);
> +		} else {
> +			xfrm_print_help(lu, argc, argv, stderr);
> +			return -1;
> +		}
> +		argc--; argv++;
> +	}
> +
> +	addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id);
> +
> +	if (link) {
> +		addattr32(n, 1024, IFLA_XFRM_LINK, link);
> +	} else {
> +		fprintf(stderr, "must specify physical device\n");
> +		return -1;
> +	}
> +
> +	return 0;
> +}
> +
> +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
> +{
> +
> +	if (!tb)
> +		return;
> +
> +	if (tb[IFLA_XFRM_IF_ID]) {
> +		__u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]);
> +
> +		print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id);
> +
> +	}
> +
> +}
> +
> +struct link_util xfrm_link_util = {
> +	.id = "xfrm",
> +	.maxattr = IFLA_XFRM_MAX,
> +	.parse_opt = xfrm_parse_opt,
> +	.print_opt = xfrm_print_opt,
> +	.print_help = xfrm_print_help,
> +};
> diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
> index 5132f514..a361101a 100644
> --- a/man/man8/ip-link.8.in
> +++ b/man/man8/ip-link.8.in
> @@ -221,7 +221,8 @@ ip-link \- network device configuration
>  .BR vrf " |"
>  .BR macsec " |"
>  .BR netdevsim " |"
> -.BR rmnet " ]"
> +.BR rmnet " |"
> +.BR xfrm " ]"
>  
>  .ti -8
>  .IR ETYPE " := [ " TYPE " |"
> @@ -350,6 +351,9 @@ Link types:
>  .sp
>  .BR rmnet
>  - Qualcomm rmnet device
> +.sp
> +.BR xfrm
> +- Virtual xfrm interface
>  .in -8
>  
>  .TP
> @@ -1676,6 +1680,27 @@ the following additional arguments are supported:
>  
>  .in -8
>  
> +.TP
> +XFRM Type Support
> +For a link of type
> +.I XFRM
> +the following additional arguments are supported:
> +
> +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]"
> +
> +.in +8
> +.sp
> +.BI dev " PHYS_DEV "
> +- specifies the underlying physical interface from which transform traffic is sent and received.
> +
> +.sp
> +.BI if_id " IF-ID "
> +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm
> +policies. Policies must be configured with the same key. If not set, the key defaults to
> +0 and will match any policies which similarly do not have a lookup key configuration.
> +
> +.in -8
> +
>  .SS ip link delete - delete virtual link
>  
>  .TP
> diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t
> new file mode 100755
> index 00000000..78ce28e0
> --- /dev/null
> +++ b/testsuite/tests/ip/link/add_type_xfrm.t
> @@ -0,0 +1,32 @@
> +#!/bin/sh
> +
> +. lib/generic.sh
> +
> +ts_log "[Testing Add XFRM Interface, With IF-ID]"
> +
> +PHYS_DEV="lo"
> +NEW_DEV="$(rand_dev)"
> +IF_ID="0xf"
> +
> +ts_ip "$0" "Add $NEW_DEV xfrm interface"    link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID
> +
> +ts_ip "$0" "Show $NEW_DEV xfrm interface"   -d link show dev $NEW_DEV
> +test_on "$NEW_DEV"
> +test_on "if_id $IF_ID"
> +
> +ts_ip "$0" "Del $NEW_DEV xfrm interface"   link del dev $NEW_DEV
> +
> +
> +ts_log "[Testing Add XFRM Interface, No IF-ID]"
> +
> +PHYS_DEV="lo"
> +NEW_DEV="$(rand_dev)"
> +IF_ID="0xf"
> +
> +ts_ip "$0" "Add $NEW_DEV xfrm interface"    link add dev $NEW_DEV type xfrm dev $PHYS_DEV
> +
> +ts_ip "$0" "Show $NEW_DEV xfrm interface"   -d link show dev $NEW_DEV
> +test_on "$NEW_DEV"
> +test_on_not "if_id $IF_ID"
> +
> +ts_ip "$0" "Del $NEW_DEV xfrm interface"   link del dev $NEW_DEV

Re: [iproute2] ip: support for xfrm interfaces

[Matt Ellison]

I recently submitted v3 of the patch, please take a look there.

> Question: is it easy to add "if_id" to "ip link show" output?

Yes, it should show up under the detailed output for the interface (-d).


- Matt

-- 



Please be advised that this email may contain confidential information. 
If you are not the intended recipient, please notify us by email by 
replying to the sender and delete this message. The sender disclaims that 
the content of this email constitutes an offer to enter into, or the 
acceptance of, any agreement; provided that the foregoing does not 
invalidate the binding effect of any digital or other electronic 
reproduction of a manual signature that is included in any attachment.


 
<https://twitter.com/arroyo_networks>   
<https://www.linkedin.com/company/arroyo-networks>   
<https://www.github.com/ArroyoNetworks>

Re: [iproute2] ip: support for xfrm interfaces

[Antony Antony]

Tested-by: Antony Antony <antony@phenome.org>

On Fri, Apr 05, 2019 at 03:46:02PM -0400, Matt Ellison wrote:
> I recently submitted v3 of the patch, please take a look there.

great. I am testing v3 now.

One comment. It seems to accept -ve value for if_id and quietly set to 0
may be throw an error for -ve values? or take it as u32?
in my opinion setting to 0 is confusing

sudo ./ip/ip link add ipsec0 type xfrm dev enp0s5 if_id -10
build@d28:~/git/iproute2 (master)$ ./ip/ip -d link show ipsec0
33: ipsec0@enp0s5: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/none 00:1c:42:55:d6:ab brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
    xfrm if_id 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 
65536 gso_max_segs 65535

> > Question: is it easy to add "if_id" to "ip link show" output?
> 
> Yes, it should show up under the detailed output for the interface (-d).

great thanks.

sudo ./ip/ip link add ipsec0 type xfrm dev enp0s5 if_id 0xAB

./ip/ip -d link show ipsec0
29: ipsec0@enp0s5: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/none 00:1c:42:55:d6:ab brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
    xfrm if_id 0xab addrgenmode eui64 numtxqueues 1 numrxqueues 1 
gso_max_size 65536 gso_max_segs 65535

thanks,
-antony

Re: [iproute2] ip: support for xfrm interfaces

[Matt Ellison]

> One comment. It seems to accept -ve value for if_id and quietly set
> to 0 may be throw an error for -ve values? or take it as u32?
> in my opinion setting to 0 is confusing

Ah good catch. I'll add the check in my version.

-- 



Please be advised that this email may contain confidential information. 
If you are not the intended recipient, please notify us by email by 
replying to the sender and delete this message. The sender disclaims that 
the content of this email constitutes an offer to enter into, or the 
acceptance of, any agreement; provided that the foregoing does not 
invalidate the binding effect of any digital or other electronic 
reproduction of a manual signature that is included in any attachment.


 
<https://twitter.com/arroyo_networks>   
<https://www.linkedin.com/company/arroyo-networks>   
<https://www.github.com/ArroyoNetworks>