[PATCH iproute2-next v2] ip-xfrm: Add support for OUTPUT_MARK

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
To: lorenzo@google.com, netdev@vger.kernel.org,
	stephen@networkplumber.org, dsahern@gmail.com,
	steffen.klassert@secunet.com
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Subject: [PATCH iproute2-next v2] ip-xfrm: Add support for OUTPUT_MARK
Date: Tue, 12 Jun 2018 12:48:13 -0600	[thread overview]
Message-ID: <1528829293-23222-1-git-send-email-subashab@codeaurora.org> (raw)

This patch adds support for OUTPUT_MARK in xfrm state to exercise the
functionality added by kernel commit 077fbac405bf
("net: xfrm: support setting an output mark.").

Sample output with output-mark -

src 192.168.1.1 dst 192.168.1.2
        proto esp spi 0x00004321 reqid 0 mode tunnel
        replay-window 0 flag af-unspec
        mark 0x10000/0x3ffff
        output-mark 0x20000
        auth-trunc xcbc(aes) 0x3ed0af408cf5dcbf5d5d9a5fa806b211 96
        enc cbc(aes) 0x3ed0af408cf5dcbf5d5d9a5fa806b233
        anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000

v1->v2: Moved the XFRMA_OUTPUT_MARK print after XFRMA_MARK in
xfrm_xfrma_print() as mentioned by Lorenzo

Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
 ip/ipxfrm.c        | 6 ++++++
 ip/xfrm_state.c    | 9 +++++++++
 man/man8/ip-xfrm.8 | 2 ++
 3 files changed, 17 insertions(+)

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 12c2f72..8b88c8f 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -681,6 +681,12 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family,
 		fprintf(fp, "%s", _SL_);
 	}
 
+	if (tb[XFRMA_OUTPUT_MARK]) {
+		__u32 output_mark = rta_getattr_u32(tb[XFRMA_OUTPUT_MARK]);
+
+		fprintf(fp, "\toutput-mark 0x%x %s", output_mark, _SL_);
+	}
+
 	if (tb[XFRMA_ALG_AUTH] && !tb[XFRMA_ALG_AUTH_TRUNC]) {
 		struct rtattr *rta = tb[XFRMA_ALG_AUTH];
 
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 85d959c..d005802 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -61,6 +61,7 @@ static void usage(void)
 	fprintf(stderr, "        [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n");
 	fprintf(stderr, "        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
 	fprintf(stderr, "        [ offload [dev DEV] dir DIR ]\n");
+	fprintf(stderr, "        [ output-mark OUTPUT-MARK]\n");
 	fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n");
 	fprintf(stderr, "        [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n");
 	fprintf(stderr, "Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n");
@@ -322,6 +323,7 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 		struct xfrm_user_sec_ctx sctx;
 		char    str[CTX_BUF_SIZE];
 	} ctx = {};
+	__u32 output_mark = 0;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "mode") == 0) {
@@ -437,6 +439,10 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 				invarg("value after \"offload dir\" is invalid", *argv);
 				is_offload = false;
 			}
+		} else if (strcmp(*argv, "output-mark") == 0) {
+			NEXT_ARG();
+			if (get_u32(&output_mark, *argv, 0))
+				invarg("value after \"output-mark\" is invalid", *argv);
 		} else {
 			/* try to assume ALGO */
 			int type = xfrm_algotype_getbyname(*argv);
@@ -720,6 +726,9 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
 		}
 	}
 
+	if (output_mark != 0)
+		addattr32(&req.n, sizeof(req.buf), XFRMA_OUTPUT_MARK, output_mark);
+
 	if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
 		exit(1);
 
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index 988cc6a..e001596 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -59,6 +59,8 @@ ip-xfrm \- transform configuration
 .IR CTX " ]"
 .RB "[ " extra-flag
 .IR EXTRA-FLAG-LIST " ]"
+.RB "[ " output-mark
+.IR OUTPUT-MARK " ]"
 
 .ti -8
 .B "ip xfrm state allocspi"
-- 
1.9.1

next             reply	other threads:[~2018-06-12 18:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-12 18:48 Subash Abhinov Kasiviswanathan [this message]
2018-06-13  3:14 ` [PATCH iproute2-next v2] ip-xfrm: Add support for OUTPUT_MARK Lorenzo Colitti
2018-06-13  4:24   ` Stephen Hemminger
2018-06-14  3:39   ` David Ahern
2018-06-14  5:09     ` Subash Abhinov Kasiviswanathan
2018-06-14 16:29       ` David Ahern

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:12c2f72 dfblob:8b88c8f dfblob:85d959c dfblob:d005802
dfblob:988cc6a dfblob:e001596 )
 OR (
bs:"[PATCH iproute2-next v2] ip-xfrm: Add support for OUTPUT_MARK" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1528829293-23222-1-git-send-email-subashab@codeaurora.org \
    --to=subashab@codeaurora.org \
    --cc=dsahern@gmail.com \
    --cc=lorenzo@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.