From: "Petr Vaněk" <pv@excello.cz>
To: netdev@vger.kernel.org
Cc: "Petr Vaněk" <pv@excello.cz>, "David Ahern" <dsahern@kernel.org>
Subject: [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag
Date: Fri, 31 Jul 2020 09:12:59 +0200 [thread overview]
Message-ID: <20200731071259.GA3192@atlantis> (raw)
In-Reply-To: <20200530123912.GA7476@arkam>
This flag allows to create SA where sequence number can cycle in
outbound packets if set.
Signed-off-by: Petr Vaněk <pv@excello.cz>
---
include/uapi/linux/xfrm.h | 1 +
ip/ipxfrm.c | 3 +++
ip/xfrm_state.c | 4 +++-
man/man8/ip-xfrm.8 | 2 +-
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/xfrm.h b/include/uapi/linux/xfrm.h
index 50450f3f..6dfb3c85 100644
--- a/include/uapi/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -387,6 +387,7 @@ struct xfrm_usersa_info {
};
#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
+#define XFRM_SA_XFLAG_OSEQ_MAY_WRAP 2
struct xfrm_usersa_id {
xfrm_address_t daddr;
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index fec206ab..cac8ba25 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -953,6 +953,9 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo,
XFRM_FLAG_PRINT(fp, extra_flags,
XFRM_SA_XFLAG_DONT_ENCAP_DSCP,
"dont-encap-dscp");
+ XFRM_FLAG_PRINT(fp, extra_flags,
+ XFRM_SA_XFLAG_OSEQ_MAY_WRAP,
+ "oseq-may-wrap");
if (extra_flags)
fprintf(fp, "%x", extra_flags);
}
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index f4bf3356..ddf784ca 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -104,7 +104,7 @@ static void usage(void)
"FLAG-LIST := [ FLAG-LIST ] FLAG\n"
"FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn\n"
"EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n"
- "EXTRA-FLAG := dont-encap-dscp\n"
+ "EXTRA-FLAG := dont-encap-dscp | oseq-may-wrap\n"
"SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n"
"UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ dport PORT ] |\n"
" { icmp | ipv6-icmp | mobility-header } [ type NUMBER ] [ code NUMBER ] |\n"
@@ -253,6 +253,8 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a
while (1) {
if (strcmp(*argv, "dont-encap-dscp") == 0)
*extra_flags |= XFRM_SA_XFLAG_DONT_ENCAP_DSCP;
+ else if (strcmp(*argv, "oseq-may-wrap") == 0)
+ *extra_flags |= XFRM_SA_XFLAG_OSEQ_MAY_WRAP;
else {
PREV_ARG(); /* back track */
break;
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index aa28db49..4fa31651 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -217,7 +217,7 @@ ip-xfrm \- transform configuration
.ti -8
.IR EXTRA-FLAG " := "
-.B dont-encap-dscp
+.BR dont-encap-dscp " | " oseq-may-wrap
.ti -8
.BR "ip xfrm policy" " { " add " | " update " }"
--
2.26.2
next prev parent reply other threads:[~2020-07-31 7:19 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-25 15:46 [PATCH net-next] xfrm: no-anti-replay protection flag Petr Vaněk
2020-05-27 17:11 ` Christophe Gouault
2020-05-30 12:41 ` Petr Vaněk
2020-05-30 12:39 ` [PATCH net-next v2] xfrm: introduce oseq-may-wrap flag Petr Vaněk
2020-06-02 9:55 ` Christophe Gouault
2020-06-26 5:24 ` Steffen Klassert
2020-07-31 7:12 ` Petr Vaněk [this message]
2020-08-03 14:58 ` [PATCH iproute2-next] ip-xfrm: add support for oseq-may-wrap extra flag David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200731071259.GA3192@atlantis \
--to=pv@excello.cz \
--cc=dsahern@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.