Message ID | 110d0a77532fcd895597f7087d1f408aadbfeb5d.1579429631.git.sd@queasysnail.net |
---|---|
State | Accepted |
Delegated to: | David Ahern |
Headers | show |
Series | [iproute2-next,v2] ip: xfrm: add espintcp encapsulation | expand |
On 1/19/20 3:32 AM, Sabrina Dubroca wrote: > diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h > new file mode 100644 > index 000000000000..2d1f561b89d2 > --- /dev/null > +++ b/include/uapi/linux/udp.h > @@ -0,0 +1,47 @@ > +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ > +/* > + * INET An implementation of the TCP/IP protocol suite for the LINUX > + * operating system. INET is implemented using the BSD Socket > + * interface as the means of communication with the user level. > + * > + * Definitions for the UDP protocol. > + * > + * Version: @(#)udp.h 1.0.2 04/28/93 > + * > + * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of the GNU General Public License > + * as published by the Free Software Foundation; either version > + * 2 of the License, or (at your option) any later version. > + */ > +#ifndef _UDP_H > +#define _UDP_H > + > +#include <linux/types.h> > + > +struct udphdr { > + __be16 source; > + __be16 dest; > + __be16 len; > + __sum16 check; > +}; > + > +/* UDP socket options */ > +#define UDP_CORK 1 /* Never send partially complete segments */ > +#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ > +#define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ > +#define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ > +#define UDP_SEGMENT 103 /* Set GSO segmentation size */ > +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ > + > +/* UDP encapsulation types */ > +#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ > +#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ > +#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ > +#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ > +#define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ > +#define UDP_ENCAP_RXRPC 6 > +#define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ > + > +#endif /* _UDP_H */ Hi Sabrina: I am confused about this header file. It is not from the kernel's uapi directory, so the kernel does not care about the values and where did you get the file?
2020-01-19, 08:31:32 -0700, David Ahern wrote: > On 1/19/20 3:32 AM, Sabrina Dubroca wrote: > > diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h > > new file mode 100644 > > index 000000000000..2d1f561b89d2 > > --- /dev/null > > +++ b/include/uapi/linux/udp.h > > @@ -0,0 +1,47 @@ > > +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ > > +/* > > + * INET An implementation of the TCP/IP protocol suite for the LINUX > > + * operating system. INET is implemented using the BSD Socket > > + * interface as the means of communication with the user level. > > + * > > + * Definitions for the UDP protocol. > > + * > > + * Version: @(#)udp.h 1.0.2 04/28/93 > > + * > > + * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> > > + * > > + * This program is free software; you can redistribute it and/or > > + * modify it under the terms of the GNU General Public License > > + * as published by the Free Software Foundation; either version > > + * 2 of the License, or (at your option) any later version. > > + */ > > +#ifndef _UDP_H > > +#define _UDP_H > > + > > +#include <linux/types.h> > > + > > +struct udphdr { > > + __be16 source; > > + __be16 dest; > > + __be16 len; > > + __sum16 check; > > +}; > > + > > +/* UDP socket options */ > > +#define UDP_CORK 1 /* Never send partially complete segments */ > > +#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ > > +#define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ > > +#define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ > > +#define UDP_SEGMENT 103 /* Set GSO segmentation size */ > > +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ > > + > > +/* UDP encapsulation types */ > > +#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ > > +#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ > > +#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ > > +#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ > > +#define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ > > +#define UDP_ENCAP_RXRPC 6 > > +#define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ > > + > > +#endif /* _UDP_H */ > > Hi Sabrina: > > I am confused about this header file. It is not from the kernel's uapi > directory, so the kernel does not care about the values and where did > you get the file? Uh? It's right there: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/tree/include/uapi/linux/udp.h
On 1/19/20 8:44 AM, Sabrina Dubroca wrote: > 2020-01-19, 08:31:32 -0700, David Ahern wrote: >> On 1/19/20 3:32 AM, Sabrina Dubroca wrote: >>> diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h >>> new file mode 100644 >>> index 000000000000..2d1f561b89d2 >>> --- /dev/null >>> +++ b/include/uapi/linux/udp.h >>> @@ -0,0 +1,47 @@ >>> +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ >>> +/* >>> + * INET An implementation of the TCP/IP protocol suite for the LINUX >>> + * operating system. INET is implemented using the BSD Socket >>> + * interface as the means of communication with the user level. >>> + * >>> + * Definitions for the UDP protocol. >>> + * >>> + * Version: @(#)udp.h 1.0.2 04/28/93 >>> + * >>> + * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> >>> + * >>> + * This program is free software; you can redistribute it and/or >>> + * modify it under the terms of the GNU General Public License >>> + * as published by the Free Software Foundation; either version >>> + * 2 of the License, or (at your option) any later version. >>> + */ >>> +#ifndef _UDP_H >>> +#define _UDP_H >>> + >>> +#include <linux/types.h> >>> + >>> +struct udphdr { >>> + __be16 source; >>> + __be16 dest; >>> + __be16 len; >>> + __sum16 check; >>> +}; >>> + >>> +/* UDP socket options */ >>> +#define UDP_CORK 1 /* Never send partially complete segments */ >>> +#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ >>> +#define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ >>> +#define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ >>> +#define UDP_SEGMENT 103 /* Set GSO segmentation size */ >>> +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ >>> + >>> +/* UDP encapsulation types */ >>> +#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ >>> +#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ >>> +#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ >>> +#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ >>> +#define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ >>> +#define UDP_ENCAP_RXRPC 6 >>> +#define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ >>> + >>> +#endif /* _UDP_H */ >> >> Hi Sabrina: >> >> I am confused about this header file. It is not from the kernel's uapi >> directory, so the kernel does not care about the values and where did >> you get the file? > > Uh? It's right there: > > https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/tree/include/uapi/linux/udp.h > ah, but not in Dave's net-next which is what I use to sync iproute2 uapi headers. I will hold onto this patch until ipsec-next merges into net-next.
2020-01-19, 09:05:45 -0700, David Ahern wrote: > On 1/19/20 8:44 AM, Sabrina Dubroca wrote: > > 2020-01-19, 08:31:32 -0700, David Ahern wrote: > >> On 1/19/20 3:32 AM, Sabrina Dubroca wrote: > >>> diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h > >>> new file mode 100644 > >>> index 000000000000..2d1f561b89d2 > >>> --- /dev/null > >>> +++ b/include/uapi/linux/udp.h > >>> @@ -0,0 +1,47 @@ > >>> +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ > >>> +/* > >>> + * INET An implementation of the TCP/IP protocol suite for the LINUX > >>> + * operating system. INET is implemented using the BSD Socket > >>> + * interface as the means of communication with the user level. > >>> + * > >>> + * Definitions for the UDP protocol. > >>> + * > >>> + * Version: @(#)udp.h 1.0.2 04/28/93 > >>> + * > >>> + * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> > >>> + * > >>> + * This program is free software; you can redistribute it and/or > >>> + * modify it under the terms of the GNU General Public License > >>> + * as published by the Free Software Foundation; either version > >>> + * 2 of the License, or (at your option) any later version. > >>> + */ > >>> +#ifndef _UDP_H > >>> +#define _UDP_H > >>> + > >>> +#include <linux/types.h> > >>> + > >>> +struct udphdr { > >>> + __be16 source; > >>> + __be16 dest; > >>> + __be16 len; > >>> + __sum16 check; > >>> +}; > >>> + > >>> +/* UDP socket options */ > >>> +#define UDP_CORK 1 /* Never send partially complete segments */ > >>> +#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ > >>> +#define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ > >>> +#define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ > >>> +#define UDP_SEGMENT 103 /* Set GSO segmentation size */ > >>> +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ > >>> + > >>> +/* UDP encapsulation types */ > >>> +#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ > >>> +#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ > >>> +#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ > >>> +#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ > >>> +#define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ > >>> +#define UDP_ENCAP_RXRPC 6 > >>> +#define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ > >>> + > >>> +#endif /* _UDP_H */ > >> > >> Hi Sabrina: > >> > >> I am confused about this header file. It is not from the kernel's uapi > >> directory, so the kernel does not care about the values and where did > >> you get the file? > > > > Uh? It's right there: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/tree/include/uapi/linux/udp.h > > > > ah, but not in Dave's net-next which is what I use to sync iproute2 uapi > headers. Ah, yes, because I need TCP_ENCAP_ESPINTCP, as I wrote in the commit message: > add the > UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP > definition). > I will hold onto this patch until ipsec-next merges into net-next. Makes sense, thanks.
On 1/19/20 3:32 AM, Sabrina Dubroca wrote: > While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use > the UAPI macros for encap_type as suggested by David Ahern, and add the > UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP > definition). > > Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> > Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> > --- > v2: add udp.h header and use the macros > > include/uapi/linux/udp.h | 47 ++++++++++++++++++++++++++++++++++++++++ > ip/ipxfrm.c | 14 ++++++++---- > ip/xfrm_state.c | 2 +- > man/man8/ip-xfrm.8 | 4 ++-- > 4 files changed, 60 insertions(+), 7 deletions(-) > create mode 100644 include/uapi/linux/udp.h > applied to iproute2-next. Thanks
diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h new file mode 100644 index 000000000000..2d1f561b89d2 --- /dev/null +++ b/include/uapi/linux/udp.h @@ -0,0 +1,47 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * INET An implementation of the TCP/IP protocol suite for the LINUX + * operating system. INET is implemented using the BSD Socket + * interface as the means of communication with the user level. + * + * Definitions for the UDP protocol. + * + * Version: @(#)udp.h 1.0.2 04/28/93 + * + * Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ +#ifndef _UDP_H +#define _UDP_H + +#include <linux/types.h> + +struct udphdr { + __be16 source; + __be16 dest; + __be16 len; + __sum16 check; +}; + +/* UDP socket options */ +#define UDP_CORK 1 /* Never send partially complete segments */ +#define UDP_ENCAP 100 /* Set the socket to accept encapsulated packets */ +#define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ +#define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ +#define UDP_SEGMENT 103 /* Set GSO segmentation size */ +#define UDP_GRO 104 /* This socket can receive UDP GRO packets */ + +/* UDP encapsulation types */ +#define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ +#define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ +#define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ +#define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ +#define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ +#define UDP_ENCAP_RXRPC 6 +#define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ + +#endif /* _UDP_H */ diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 32f560933a47..fec206abc1f0 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -34,6 +34,7 @@ #include <netdb.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> +#include <linux/udp.h> #include "utils.h" #include "xfrm.h" @@ -753,12 +754,15 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, fprintf(fp, "type "); switch (e->encap_type) { - case 1: + case UDP_ENCAP_ESPINUDP_NON_IKE: fprintf(fp, "espinudp-nonike "); break; - case 2: + case UDP_ENCAP_ESPINUDP: fprintf(fp, "espinudp "); break; + case TCP_ENCAP_ESPINTCP: + fprintf(fp, "espintcp "); + break; default: fprintf(fp, "%u ", e->encap_type); break; @@ -1208,9 +1212,11 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp) char **argv = *argvp; if (strcmp(*argv, "espinudp-nonike") == 0) - *type = 1; + *type = UDP_ENCAP_ESPINUDP_NON_IKE; else if (strcmp(*argv, "espinudp") == 0) - *type = 2; + *type = UDP_ENCAP_ESPINUDP; + else if (strcmp(*argv, "espintcp") == 0) + *type = TCP_ENCAP_ESPINTCP; else invarg("ENCAP-TYPE value is invalid", *argv); diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index b03ccc5807e9..df2d50c3843b 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -130,7 +130,7 @@ static void usage(void) "LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n" "LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n" " { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n" - "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n" + "ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n" "DIR := in | out\n"); exit(-1); diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index cfce1e40b7f7..f99f30bb448a 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -207,7 +207,7 @@ ip-xfrm \- transform configuration .ti -8 .IR ENCAP " :=" -.RB "{ " espinudp " | " espinudp-nonike " }" +.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }" .IR SPORT " " DPORT " " OADDR .ti -8 @@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets. .TP .I ENCAP encapsulates packets with protocol -.BR espinudp " or " espinudp-nonike "," +.BR espinudp ", " espinudp-nonike ", or " espintcp "," .RI "using source port " SPORT ", destination port " DPORT .RI ", and original address " OADDR "."
While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use the UAPI macros for encap_type as suggested by David Ahern, and add the UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP definition). Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- v2: add udp.h header and use the macros include/uapi/linux/udp.h | 47 ++++++++++++++++++++++++++++++++++++++++ ip/ipxfrm.c | 14 ++++++++---- ip/xfrm_state.c | 2 +- man/man8/ip-xfrm.8 | 4 ++-- 4 files changed, 60 insertions(+), 7 deletions(-) create mode 100644 include/uapi/linux/udp.h