From: jamal <hadi@cyberus.ca>
To: timo.teras@iki.fi, kaber@trash.net, herbert@gondor.apana.org.au,
davem@davemloft.net
Cc: netdev@vger.kernel.org, Jamal Hadi Salim <hadi@cyberus.ca>
Subject: [net-next-2.6 PATCH 0/7] xfrm by MARK
Date: Sun, 14 Feb 2010 10:18:45 -0500 [thread overview]
Message-ID: <1266160732-946-1-git-send-email-hadi@cyberus.ca> (raw)
In-Reply-To: <xfrm-mark-net-next>
From: Jamal Hadi Salim <hadi@cyberus.ca>
This patchset implements manipulation of ipsec tables with the
"mark" tag. You can config the SAD and SPD from user space
with a specified mark.
Example:
---
#ip xfrm state add src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x00000301 mode tunnel mark 7 auth md5 0x96358c90783bbfa3d7b196ceabe0536b enc des3_ede 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
#ip xfrm state get mark 7 src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x00000301
src 192.168.2.100 dst 192.168.1.10
proto esp spi 0x00000301 reqid 0 mode tunnel
replay-window 0
mark 7/0xffffffff
auth hmac(md5) 0x96358c90783bbfa3d7b196ceabe0536b
enc cbc(des3_ede) 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
sel src 0.0.0.0/0 dst 0.0.0.0/0
#
#
#ip xfrm policy add src 172.16.2.0/24 dst 172.16.1.0/24 \
dir fwd ptype main \
tmpl src 192.168.2.100 dst 192.168.1.100 \
proto esp mode tunnel mark 7 mask 0xffffffff
#
#ip xfrm policy ls
src 172.16.2.0/24 dst 172.16.1.0/24
dir fwd priority 0 ptype main
mark 7/0xffffffff
tmpl src 192.168.2.100 dst 192.168.1.100
proto esp reqid 0 mode tunnel
-----
A mark-configured SAD/SPD entry will use the mark as part of the
lookup key (both in data and control path).
Example:
---
# ip xfrm pol get src 172.16.2.0/24 dst 172.16.1.0/24 dir fwd
RTNETLINK answers: No such file or directory
# ip xfrm pol get src 172.16.2.0/24 dst 172.16.1.0/24 dir fwd mark 7
src 172.16.2.0/24 dst 172.16.1.0/24
dir fwd priority 0 ptype main
mark 7/0xffffffff
tmpl src 192.168.2.100 dst 192.168.1.100
proto esp reqid 0 mode tunnel
---
I could probably have broken down the last two patches into more
than one, but it was easier to do it this way. If there is strong
feeling to do that let me know.
Oh, and this is an attempt to use git-send-mail - so i would appreciate
any feedback on what i can do better next time..
Jamal Hadi Salim (7):
xfrm: introduce basic mark infrastructure
xfrm: SA lookups signature with mark
xfrm: SA lookups with mark
xfrm: SP lookups signature with mark
xfrm: SP lookups with mark
xfrm: Allow user space config of SAD mark
xfrm: Allow user space manipulation of SPD mark
include/linux/xfrm.h | 12 ++++-
include/net/xfrm.h | 56 +++++++++++++++++++++++----
net/core/pktgen.c | 3 +-
net/ipv4/ah4.c | 2 +-
net/ipv4/esp4.c | 2 +-
net/ipv4/ipcomp.c | 6 ++-
net/ipv6/ah6.c | 2 +-
net/ipv6/esp6.c | 2 +-
net/ipv6/ipcomp6.c | 6 ++-
net/ipv6/xfrm6_input.c | 2 +-
net/key/af_key.c | 16 ++++---
net/xfrm/xfrm_input.c | 2 +-
net/xfrm/xfrm_policy.c | 20 +++++++--
net/xfrm/xfrm_state.c | 70 +++++++++++++++++++++++------------
net/xfrm/xfrm_user.c | 96 ++++++++++++++++++++++++++++++++++++++++--------
15 files changed, 222 insertions(+), 75 deletions(-)
next parent reply other threads:[~2010-02-14 15:19 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <xfrm-mark-net-next>
2010-02-14 15:18 ` jamal [this message]
2010-02-14 15:18 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 2/7] xfrm: SA lookups signature with mark jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 3/7] xfrm: SA lookups " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 4/7] xfrm: SP lookups signature " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 5/7] xfrm: SP lookups " jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 6/7] xfrm: Allow user space config of SAD mark jamal
2010-02-14 15:18 ` [net-next-2.6 PATCH 7/7] xfrm: Allow user space manipulation of SPD mark jamal
2010-02-15 15:42 ` [net-next-2.6 PATCH 1/7] xfrm: introduce basic mark infrastructure Patrick McHardy
2010-02-15 17:00 ` jamal
2010-02-15 17:06 ` Patrick McHardy
2010-02-15 17:14 ` jamal
2010-02-15 17:21 ` Patrick McHardy
2010-02-15 18:59 ` jamal
2010-02-16 10:43 ` Benny Amorsen
2010-02-16 11:57 ` jamal
2010-02-16 12:59 ` Benny Amorsen
2010-02-16 13:16 ` jamal
2010-02-16 21:56 ` Benny Amorsen
2010-02-17 11:58 ` jamal
[not found] <xfrm-mark-take2>
2010-02-20 20:55 ` [net-next-2.6 PATCH 0/7] xfrm by MARK jamal
[not found] <xfrm-mark-v3>
2010-02-22 21:32 ` jamal
2010-02-23 0:21 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1266160732-946-1-git-send-email-hadi@cyberus.ca \
--to=hadi@cyberus.ca \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=timo.teras@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).