Message ID | 0b5baa21f8d0048b5e97f927e801ac2f843bb5e1.1579104430.git.sd@queasysnail.net |
---|---|
State | Changes Requested |
Delegated to: | David Ahern |
Headers | show |
Series | [iproute2-next] ip: xfrm: add espintcp encapsulation | expand |
On 1/16/20 3:39 AM, Sabrina Dubroca wrote: > diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c > index 32f560933a47..e310860b9f1f 100644 > --- a/ip/ipxfrm.c > +++ b/ip/ipxfrm.c > @@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, > case 2: > fprintf(fp, "espinudp "); > break; > + case 7: > + fprintf(fp, "espintcp "); > + break; > default: > fprintf(fp, "%u ", e->encap_type); > break; > @@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp) > *type = 1; > else if (strcmp(*argv, "espinudp") == 0) > *type = 2; > + else if (strcmp(*argv, "espintcp") == 0) > + *type = 7; > else > invarg("ENCAP-TYPE value is invalid", *argv); > are there enums / macros for the magic numbers?
2020-01-18, 14:24:45 -0700, David Ahern wrote: > On 1/16/20 3:39 AM, Sabrina Dubroca wrote: > > diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c > > index 32f560933a47..e310860b9f1f 100644 > > --- a/ip/ipxfrm.c > > +++ b/ip/ipxfrm.c > > @@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, > > case 2: > > fprintf(fp, "espinudp "); > > break; > > + case 7: > > + fprintf(fp, "espintcp "); > > + break; > > default: > > fprintf(fp, "%u ", e->encap_type); > > break; > > @@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp) > > *type = 1; > > else if (strcmp(*argv, "espinudp") == 0) > > *type = 2; > > + else if (strcmp(*argv, "espintcp") == 0) > > + *type = 7; > > else > > invarg("ENCAP-TYPE value is invalid", *argv); > > > > are there enums / macros for the magic numbers? Yes, in include/uapi/linux/udp.h: /* UDP encapsulation types */ #define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ #define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ #define UDP_ENCAP_L2TPINUDP 3 /* rfc2661 */ #define UDP_ENCAP_GTP0 4 /* GSM TS 09.60 */ #define UDP_ENCAP_GTP1U 5 /* 3GPP TS 29.060 */ #define UDP_ENCAP_RXRPC 6 #define TCP_ENCAP_ESPINTCP 7 /* Yikes, this is really xfrm encap types. */ Since the existing code wasn't using them (no idea why), I did the same. I can change that if you prefer (and add udp.h to iproute's include/uapi, since it's currently missing).
On 1/18/20 3:34 PM, Sabrina Dubroca wrote: > Since the existing code wasn't using them (no idea why), I did the I figured. > same. I can change that if you prefer (and add udp.h to iproute's > include/uapi, since it's currently missing). I think that makes for readable code, so yes, resubmit with names. Thanks
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 32f560933a47..e310860b9f1f 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -759,6 +759,9 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, case 2: fprintf(fp, "espinudp "); break; + case 7: + fprintf(fp, "espintcp "); + break; default: fprintf(fp, "%u ", e->encap_type); break; @@ -1211,6 +1214,8 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp) *type = 1; else if (strcmp(*argv, "espinudp") == 0) *type = 2; + else if (strcmp(*argv, "espintcp") == 0) + *type = 7; else invarg("ENCAP-TYPE value is invalid", *argv); diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index b03ccc5807e9..df2d50c3843b 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -130,7 +130,7 @@ static void usage(void) "LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n" "LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n" " { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n" - "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n" + "ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n" "DIR := in | out\n"); exit(-1); diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index cfce1e40b7f7..f99f30bb448a 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -207,7 +207,7 @@ ip-xfrm \- transform configuration .ti -8 .IR ENCAP " :=" -.RB "{ " espinudp " | " espinudp-nonike " }" +.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }" .IR SPORT " " DPORT " " OADDR .ti -8 @@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets. .TP .I ENCAP encapsulates packets with protocol -.BR espinudp " or " espinudp-nonike "," +.BR espinudp ", " espinudp-nonike ", or " espintcp "," .RI "using source port " SPORT ", destination port " DPORT .RI ", and original address " OADDR "."
This adds support for creating xfrm states with TCP encapsulation, similar to the existing UDP encapsulation support. Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> --- The kernel side patches are in ipsec-next/master. ip/ipxfrm.c | 5 +++++ ip/xfrm_state.c | 2 +- man/man8/ip-xfrm.8 | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-)