| Message ID | 20190101124001.28e58469@aquamarine |
|---|---|
| State | Accepted |
| Delegated to: | stephen hemminger |
| Headers | show |
| Series | [iproute2] ip: support for xfrm interfaces | expand |
Tested-by: Antony Antony <antony@phenome.org> Question: is it easy to add "if_id" to "ip link show" output? currently: ip link show ipsec0 4: ipsec0@eth1: <NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none da:25:61:2e:0c:98 brd ff:ff:ff:ff:ff:ff proposed: 4: ipsec0@eth1: <NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue xfrm_if_id 0x1 state UNKNOWN mode DEFAULT group default qlen 1000 link/none da:25:61:2e:0c:98 brd ff:ff:ff:ff:ff:ff thanks, -antony On Tue, Jan 01, 2019 at 12:40:01PM -0500, Matt Ellison wrote: > Support for new (4.19+) xfrm virtual interfaces. > > Interfaces take a 'if_id' which is an interface id which can be set on > an xfrm policy as its interface lookup key (XFRMA_IF_ID). > > Signed-off-by: Matt Ellison <matt@arroyo.io> > --- > ip/Makefile | 2 +- > ip/iplink.c | 3 +- > ip/link_xfrm.c | 79 +++++++++++++++++++++++++ > man/man8/ip-link.8.in | 27 ++++++++- > testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++ > 5 files changed, 140 insertions(+), 3 deletions(-) > create mode 100644 ip/link_xfrm.c > create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t > > diff --git a/ip/Makefile b/ip/Makefile > index a88f9366..7ce6e91a 100644 > --- a/ip/Makefile > +++ b/ip/Makefile > @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ > ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \ > iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \ > iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \ > - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ > + iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \ > iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ > link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \ > iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \ > diff --git a/ip/iplink.c b/ip/iplink.c > index b5519201..f61e570a 100644 > --- a/ip/iplink.c > +++ b/ip/iplink.c > @@ -121,7 +121,8 @@ void iplink_usage(void) > " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n" > " gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n" > " vti | nlmon | team_slave | bond_slave | bridge_slave |\n" > - " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n"); > + " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n" > + " xfrm }\n"); > } > exit(-1); > } > diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c > new file mode 100644 > index 00000000..1115fde5 > --- /dev/null > +++ b/ip/link_xfrm.c > @@ -0,0 +1,79 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * link_xfrm.c Virtual XFRM Interface driver module > + * > + * Authors: Matt Ellison <matt@arroyo.io> > + */ > + > +#include <string.h> > +#include <linux/if_link.h> > + > +#include "rt_names.h" > +#include "utils.h" > +#include "ip_common.h" > +#include "tunnel.h" > + > +static void xfrm_print_help(struct link_util *lu, int argc, char **argv, > + FILE *f) > +{ > + fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id); > + fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n"); > +} > + > +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv, > + struct nlmsghdr *n) > +{ > + unsigned int link = 0; > + __u32 if_id = 0; > + > + while (argc > 0) { > + if (!matches(*argv, "dev")) { > + NEXT_ARG(); > + link = ll_name_to_index(*argv); > + if (!link) > + exit(nodev(*argv)); > + } else if (!matches(*argv, "if_id")) { > + NEXT_ARG(); > + if (get_u32(&if_id, *argv, 0)) > + invarg("if_id", *argv); > + } else { > + xfrm_print_help(lu, argc, argv, stderr); > + return -1; > + } > + argc--; argv++; > + } > + > + addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id); > + > + if (link) { > + addattr32(n, 1024, IFLA_XFRM_LINK, link); > + } else { > + fprintf(stderr, "must specify physical device\n"); > + return -1; > + } > + > + return 0; > +} > + > +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) > +{ > + > + if (!tb) > + return; > + > + if (tb[IFLA_XFRM_IF_ID]) { > + __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]); > + > + print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id); > + > + } > + > +} > + > +struct link_util xfrm_link_util = { > + .id = "xfrm", > + .maxattr = IFLA_XFRM_MAX, > + .parse_opt = xfrm_parse_opt, > + .print_opt = xfrm_print_opt, > + .print_help = xfrm_print_help, > +}; > diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in > index 5132f514..a361101a 100644 > --- a/man/man8/ip-link.8.in > +++ b/man/man8/ip-link.8.in > @@ -221,7 +221,8 @@ ip-link \- network device configuration > .BR vrf " |" > .BR macsec " |" > .BR netdevsim " |" > -.BR rmnet " ]" > +.BR rmnet " |" > +.BR xfrm " ]" > > .ti -8 > .IR ETYPE " := [ " TYPE " |" > @@ -350,6 +351,9 @@ Link types: > .sp > .BR rmnet > - Qualcomm rmnet device > +.sp > +.BR xfrm > +- Virtual xfrm interface > .in -8 > > .TP > @@ -1676,6 +1680,27 @@ the following additional arguments are supported: > > .in -8 > > +.TP > +XFRM Type Support > +For a link of type > +.I XFRM > +the following additional arguments are supported: > + > +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]" > + > +.in +8 > +.sp > +.BI dev " PHYS_DEV " > +- specifies the underlying physical interface from which transform traffic is sent and received. > + > +.sp > +.BI if_id " IF-ID " > +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm > +policies. Policies must be configured with the same key. If not set, the key defaults to > +0 and will match any policies which similarly do not have a lookup key configuration. > + > +.in -8 > + > .SS ip link delete - delete virtual link > > .TP > diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t > new file mode 100755 > index 00000000..78ce28e0 > --- /dev/null > +++ b/testsuite/tests/ip/link/add_type_xfrm.t > @@ -0,0 +1,32 @@ > +#!/bin/sh > + > +. lib/generic.sh > + > +ts_log "[Testing Add XFRM Interface, With IF-ID]" > + > +PHYS_DEV="lo" > +NEW_DEV="$(rand_dev)" > +IF_ID="0xf" > + > +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID > + > +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV > +test_on "$NEW_DEV" > +test_on "if_id $IF_ID" > + > +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV > + > + > +ts_log "[Testing Add XFRM Interface, No IF-ID]" > + > +PHYS_DEV="lo" > +NEW_DEV="$(rand_dev)" > +IF_ID="0xf" > + > +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV > + > +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV > +test_on "$NEW_DEV" > +test_on_not "if_id $IF_ID" > + > +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV
I recently submitted v3 of the patch, please take a look there.
> Question: is it easy to add "if_id" to "ip link show" output?
Yes, it should show up under the detailed output for the interface (-d).
- Matt
Tested-by: Antony Antony <antony@phenome.org> On Fri, Apr 05, 2019 at 03:46:02PM -0400, Matt Ellison wrote: > I recently submitted v3 of the patch, please take a look there. great. I am testing v3 now. One comment. It seems to accept -ve value for if_id and quietly set to 0 may be throw an error for -ve values? or take it as u32? in my opinion setting to 0 is confusing sudo ./ip/ip link add ipsec0 type xfrm dev enp0s5 if_id -10 build@d28:~/git/iproute2 (master)$ ./ip/ip -d link show ipsec0 33: ipsec0@enp0s5: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/none 00:1c:42:55:d6:ab brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500 xfrm if_id 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 > > Question: is it easy to add "if_id" to "ip link show" output? > > Yes, it should show up under the detailed output for the interface (-d). great thanks. sudo ./ip/ip link add ipsec0 type xfrm dev enp0s5 if_id 0xAB ./ip/ip -d link show ipsec0 29: ipsec0@enp0s5: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/none 00:1c:42:55:d6:ab brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500 xfrm if_id 0xab addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 thanks, -antony
> One comment. It seems to accept -ve value for if_id and quietly set > to 0 may be throw an error for -ve values? or take it as u32? > in my opinion setting to 0 is confusing Ah good catch. I'll add the check in my version.
diff --git a/ip/Makefile b/ip/Makefile index a88f9366..7ce6e91a 100644 --- a/ip/Makefile +++ b/ip/Makefile @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \ iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \ iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ + iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \ iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \ iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \ diff --git a/ip/iplink.c b/ip/iplink.c index b5519201..f61e570a 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -121,7 +121,8 @@ void iplink_usage(void) " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n" " gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n" " vti | nlmon | team_slave | bond_slave | bridge_slave |\n" - " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n"); + " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n" + " xfrm }\n"); } exit(-1); } diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c new file mode 100644 index 00000000..1115fde5 --- /dev/null +++ b/ip/link_xfrm.c @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * link_xfrm.c Virtual XFRM Interface driver module + * + * Authors: Matt Ellison <matt@arroyo.io> + */ + +#include <string.h> +#include <linux/if_link.h> + +#include "rt_names.h" +#include "utils.h" +#include "ip_common.h" +#include "tunnel.h" + +static void xfrm_print_help(struct link_util *lu, int argc, char **argv, + FILE *f) +{ + fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id); + fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n"); +} + +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) +{ + unsigned int link = 0; + __u32 if_id = 0; + + while (argc > 0) { + if (!matches(*argv, "dev")) { + NEXT_ARG(); + link = ll_name_to_index(*argv); + if (!link) + exit(nodev(*argv)); + } else if (!matches(*argv, "if_id")) { + NEXT_ARG(); + if (get_u32(&if_id, *argv, 0)) + invarg("if_id", *argv); + } else { + xfrm_print_help(lu, argc, argv, stderr); + return -1; + } + argc--; argv++; + } + + addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id); + + if (link) { + addattr32(n, 1024, IFLA_XFRM_LINK, link); + } else { + fprintf(stderr, "must specify physical device\n"); + return -1; + } + + return 0; +} + +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) +{ + + if (!tb) + return; + + if (tb[IFLA_XFRM_IF_ID]) { + __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]); + + print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id); + + } + +} + +struct link_util xfrm_link_util = { + .id = "xfrm", + .maxattr = IFLA_XFRM_MAX, + .parse_opt = xfrm_parse_opt, + .print_opt = xfrm_print_opt, + .print_help = xfrm_print_help, +}; diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 5132f514..a361101a 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -221,7 +221,8 @@ ip-link \- network device configuration .BR vrf " |" .BR macsec " |" .BR netdevsim " |" -.BR rmnet " ]" +.BR rmnet " |" +.BR xfrm " ]" .ti -8 .IR ETYPE " := [ " TYPE " |" @@ -350,6 +351,9 @@ Link types: .sp .BR rmnet - Qualcomm rmnet device +.sp +.BR xfrm +- Virtual xfrm interface .in -8 .TP @@ -1676,6 +1680,27 @@ the following additional arguments are supported: .in -8 +.TP +XFRM Type Support +For a link of type +.I XFRM +the following additional arguments are supported: + +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]" + +.in +8 +.sp +.BI dev " PHYS_DEV " +- specifies the underlying physical interface from which transform traffic is sent and received. + +.sp +.BI if_id " IF-ID " +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm +policies. Policies must be configured with the same key. If not set, the key defaults to +0 and will match any policies which similarly do not have a lookup key configuration. + +.in -8 + .SS ip link delete - delete virtual link .TP diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t new file mode 100755 index 00000000..78ce28e0 --- /dev/null +++ b/testsuite/tests/ip/link/add_type_xfrm.t @@ -0,0 +1,32 @@ +#!/bin/sh + +. lib/generic.sh + +ts_log "[Testing Add XFRM Interface, With IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV + + +ts_log "[Testing Add XFRM Interface, No IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on_not "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV
Support for new (4.19+) xfrm virtual interfaces. Interfaces take a 'if_id' which is an interface id which can be set on an xfrm policy as its interface lookup key (XFRMA_IF_ID). Signed-off-by: Matt Ellison <matt@arroyo.io> --- ip/Makefile | 2 +- ip/iplink.c | 3 +- ip/link_xfrm.c | 79 +++++++++++++++++++++++++ man/man8/ip-link.8.in | 27 ++++++++- testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++ 5 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 ip/link_xfrm.c create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t