* [iproute2 PATCH 1/3] xfrm: Introduce xfrm by mark [not found] <xfrm-iproute-mark> @ 2010-02-23 13:15 ` jamal 2010-02-23 13:15 ` [iproute2 PATCH 2/3] xfrm: policy " jamal 0 siblings, 1 reply; 4+ messages in thread From: jamal @ 2010-02-23 13:15 UTC (permalink / raw) To: shemminger; +Cc: netdev, Jamal Hadi Salim From: Jamal Hadi Salim <hadi@cyberus.ca> This patch carries basic infrastructure. You need to make sure that the proper include/linux/xfrm.h is included for it to compile. Example: --- output: src 192.168.2.100 dst 192.168.1.10 proto esp spi 0x00000301 reqid 0 mode tunnel replay-window 0 mark 7/0xffffffff auth hmac(md5) 0x96358c90783bbfa3d7b196ceabe0536b enc cbc(des3_ede) 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df sel src 0.0.0.0/0 dst 0.0.0.0/0 dir fwd ptype main \ tmpl src 192.168.2.100 dst 192.168.1.100 \ proto esp mode tunnel mark 7 mask 0xffffffff output: src 172.16.2.0/24 dst 172.16.1.0/24 dir fwd priority 0 ptype main mark 7/0xffffffff tmpl src 192.168.2.100 dst 192.168.1.100 proto esp reqid 0 mode tunnel ----- A mark-configured SAD/SPD entry will use the mark as part of the lookup key (both in data and control path). Example: --- output: RTNETLINK answers: No such file or directory output: src 172.16.2.0/24 dst 172.16.1.0/24 dir fwd priority 0 ptype main mark 7/0xffffffff tmpl src 192.168.2.100 dst 192.168.1.100 proto esp reqid 0 mode tunnel --- Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> --- ip/ipxfrm.c | 40 ++++++++++++++++++++++++++++++++++++++++ ip/xfrm.h | 1 + 2 files changed, 41 insertions(+), 0 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 7dc36f3..78e1926 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -629,9 +629,48 @@ static void xfrm_tmpl_print(struct xfrm_user_tmpl *tmpls, int len, } } +int xfrm_parse_mark(struct xfrm_mark *mark, int *argcp, char ***argvp) +{ + int argc = *argcp; + char **argv = *argvp; + + NEXT_ARG(); + if (get_u32(&mark->v, *argv, 0)) { + invarg("Illegal \"mark\" value\n", *argv); + } + if (argc > 1) + NEXT_ARG(); + else { /* last entry on parse line */ + mark->m = 0xffffffff; + goto done; + } + + if (strcmp(*argv, "mask") == 0) { + NEXT_ARG(); + if (get_u32(&mark->m, *argv, 0)) { + invarg("Illegal \"mark\" mask\n", *argv); + } + } else { + mark->m = 0xffffffff; + PREV_ARG(); + } + +done: + *argcp = argc; + *argvp = argv; + + return 0; +} + void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, FILE *fp, const char *prefix) { + if (tb[XFRMA_MARK]) { + struct rtattr *rta = tb[XFRMA_MARK]; + struct xfrm_mark *m = (struct xfrm_mark *) RTA_DATA(rta); + fprintf(fp, "\tmark %d/0x%x\n", m->v, m->m); + } + if (tb[XFRMA_ALG_AUTH]) { struct rtattr *rta = tb[XFRMA_ALG_AUTH]; xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta), @@ -740,6 +779,7 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, fprintf(fp, "%s", strxf_time(lastused)); fprintf(fp, "%s", _SL_); } + } static int xfrm_selector_iszero(struct xfrm_selector *s) diff --git a/ip/xfrm.h b/ip/xfrm.h index 104fb20..d3ca5c5 100644 --- a/ip/xfrm.h +++ b/ip/xfrm.h @@ -121,6 +121,7 @@ int xfrm_xfrmproto_is_ipsec(__u8 proto); int xfrm_xfrmproto_is_ro(__u8 proto); int xfrm_xfrmproto_getbyname(char *name); int xfrm_algotype_getbyname(char *name); +int xfrm_parse_mark(struct xfrm_mark *mark, int *argcp, char ***argvp); const char *strxf_xfrmproto(__u8 proto); const char *strxf_algotype(int type); const char *strxf_mask8(__u8 mask); -- 1.6.0.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [iproute2 PATCH 2/3] xfrm: policy by mark 2010-02-23 13:15 ` [iproute2 PATCH 1/3] xfrm: Introduce xfrm by mark jamal @ 2010-02-23 13:15 ` jamal 2010-02-23 13:15 ` [iproute2 PATCH 3/3] xfrm: add support for SA " jamal 0 siblings, 1 reply; 4+ messages in thread From: jamal @ 2010-02-23 13:15 UTC (permalink / raw) To: shemminger; +Cc: netdev, Jamal Hadi Salim From: Jamal Hadi Salim <hadi@cyberus.ca> Add support for SP manipulation by mark Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> --- ip/xfrm_policy.c | 29 +++++++++++++++++++++++++++-- 1 files changed, 27 insertions(+), 2 deletions(-) diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index 2788477..121afa1 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -54,8 +54,8 @@ static void usage(void) __attribute__((noreturn)); static void usage(void) { fprintf(stderr, "Usage: ip xfrm policy { add | update } dir DIR SELECTOR [ index INDEX ] [ ptype PTYPE ]\n"); - fprintf(stderr, " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ] [ LIMIT-LIST ] [ TMPL-LIST ]\n"); - fprintf(stderr, "Usage: ip xfrm policy { delete | get } dir DIR [ SELECTOR | index INDEX ] [ ptype PTYPE ]\n"); + fprintf(stderr, " [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ] [ LIMIT-LIST ] [ TMPL-LIST ] [mark MARK [mask MASK]]\n"); + fprintf(stderr, "Usage: ip xfrm policy { delete | get } dir DIR [ SELECTOR | index INDEX ] [ ptype PTYPE ] [mark MARK [mask MASK]]\n"); fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ dir DIR ] [ SELECTOR ]\n"); fprintf(stderr, " [ index INDEX ] [ action ACTION ] [ priority PRIORITY ] [ flag FLAG-LIST ]\n"); fprintf(stderr, "Usage: ip xfrm policy flush [ ptype PTYPE ]\n"); @@ -235,6 +235,7 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv) struct xfrm_userpolicy_type upt; char tmpls_buf[XFRM_TMPLS_BUF_SIZE]; int tmpls_len = 0; + struct xfrm_mark mark = {0, 0}; memset(&req, 0, sizeof(req)); memset(&upt, 0, sizeof(upt)); @@ -258,6 +259,8 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv) NEXT_ARG(); xfrm_policy_dir_parse(&req.xpinfo.dir, &argc, &argv); + } else if (strcmp(*argv, "mark") == 0) { + xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "index") == 0) { NEXT_ARG(); if (get_u32(&req.xpinfo.index, *argv, 0)) @@ -334,6 +337,16 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv) (void *)tmpls_buf, tmpls_len); } + if (mark.m & mark.v) { + int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, + (void *)&mark, sizeof(mark)); + if (r < 0) { + fprintf(stderr, "%s: XFRMA_MARK failed\n",__func__); + exit(1); + } + } + + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); @@ -515,6 +528,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, char *indexp = NULL; char *ptypep = NULL; struct xfrm_userpolicy_type upt; + struct xfrm_mark mark = {0, 0}; memset(&req, 0, sizeof(req)); memset(&upt, 0, sizeof(upt)); @@ -532,6 +546,8 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, NEXT_ARG(); xfrm_policy_dir_parse(&req.xpid.dir, &argc, &argv); + } else if (strcmp(*argv, "mark") == 0) { + xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "index") == 0) { if (indexp) duparg("index", *argv); @@ -584,6 +600,15 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete, if (req.xpid.sel.family == AF_UNSPEC) req.xpid.sel.family = AF_INET; + if (mark.m & mark.v) { + int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, + (void *)&mark, sizeof(mark)); + if (r < 0) { + fprintf(stderr, "%s: XFRMA_MARK failed\n",__func__); + exit(1); + } + } + if (rtnl_talk(&rth, &req.n, 0, 0, res_nlbuf, NULL, NULL) < 0) exit(2); -- 1.6.0.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [iproute2 PATCH 3/3] xfrm: add support for SA by mark 2010-02-23 13:15 ` [iproute2 PATCH 2/3] xfrm: policy " jamal @ 2010-02-23 13:15 ` jamal 2010-03-04 0:38 ` Stephen Hemminger 0 siblings, 1 reply; 4+ messages in thread From: jamal @ 2010-02-23 13:15 UTC (permalink / raw) To: shemminger; +Cc: netdev, Jamal Hadi Salim From: Jamal Hadi Salim <hadi@cyberus.ca> Add support for SA manipulation by mark Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> --- ip/xfrm_state.c | 66 +++++++++++++++++++++++++++++++++++++++++++----------- 1 files changed, 52 insertions(+), 14 deletions(-) diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 32238ab..38d4039 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -67,7 +67,7 @@ static void usage(void) fprintf(stderr, "Usage: ip xfrm state flush [ proto XFRM_PROTO ]\n"); fprintf(stderr, "Usage: ip xfrm state count \n"); - fprintf(stderr, "ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM_PROTO ] [ spi SPI ]\n"); + fprintf(stderr, "ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM_PROTO ] [ spi SPI ] [mark MARK [mask MASK]]\n"); //fprintf(stderr, "XFRM_PROTO := [ esp | ah | comp ]\n"); fprintf(stderr, "XFRM_PROTO := [ "); fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ESP)); @@ -246,6 +246,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) char *aalgop = NULL; char *calgop = NULL; char *coap = NULL; + struct xfrm_mark mark = {0, 0}; memset(&req, 0, sizeof(req)); memset(&replay, 0, sizeof(replay)); @@ -264,6 +265,8 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv) if (strcmp(*argv, "mode") == 0) { NEXT_ARG(); xfrm_mode_parse(&req.xsinfo.mode, &argc, &argv); + } else if (strcmp(*argv, "mark") == 0) { + xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "reqid") == 0) { NEXT_ARG(); xfrm_reqid_parse(&req.xsinfo.reqid, &argc, &argv); @@ -440,6 +443,15 @@ parse_algo: exit(1); } + if (mark.m & mark.v) { + int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, + (void *)&mark, sizeof(mark)); + if (r < 0) { + fprintf(stderr, "XFRMA_MARK failed\n"); + exit(1); + } + } + switch (req.xsinfo.mode) { case XFRM_MODE_TRANSPORT: case XFRM_MODE_TUNNEL: @@ -519,6 +531,7 @@ static int xfrm_state_allocspi(int argc, char **argv) char *idp = NULL; char *minp = NULL; char *maxp = NULL; + struct xfrm_mark mark = {0, 0}; char res_buf[NLMSG_BUF_SIZE]; struct nlmsghdr *res_n = (struct nlmsghdr *)res_buf; @@ -542,6 +555,8 @@ static int xfrm_state_allocspi(int argc, char **argv) if (strcmp(*argv, "mode") == 0) { NEXT_ARG(); xfrm_mode_parse(&req.xspi.info.mode, &argc, &argv); + } else if (strcmp(*argv, "mark") == 0) { + xfrm_parse_mark(&mark, &argc, &argv); } else if (strcmp(*argv, "reqid") == 0) { NEXT_ARG(); xfrm_reqid_parse(&req.xspi.info.reqid, &argc, &argv); @@ -618,6 +633,15 @@ static int xfrm_state_allocspi(int argc, char **argv) req.xspi.max = 0xffff; } + if (mark.m & mark.v) { + int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, + (void *)&mark, sizeof(mark)); + if (r < 0) { + fprintf(stderr, "XFRMA_MARK failed\n"); + exit(1); + } + } + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); @@ -763,6 +787,7 @@ static int xfrm_state_get_or_delete(int argc, char **argv, int delete) } req; struct xfrm_id id; char *idp = NULL; + struct xfrm_mark mark = {0, 0}; memset(&req, 0, sizeof(req)); @@ -774,26 +799,39 @@ static int xfrm_state_get_or_delete(int argc, char **argv, int delete) while (argc > 0) { xfrm_address_t saddr; - if (idp) - invarg("unknown", *argv); - idp = *argv; + if (strcmp(*argv, "mark") == 0) { + xfrm_parse_mark(&mark, &argc, &argv); + } else { + if (idp) + invarg("unknown", *argv); + idp = *argv; - /* ID */ - memset(&id, 0, sizeof(id)); - memset(&saddr, 0, sizeof(saddr)); - xfrm_id_parse(&saddr, &id, &req.xsid.family, 0, - &argc, &argv); + /* ID */ + memset(&id, 0, sizeof(id)); + memset(&saddr, 0, sizeof(saddr)); + xfrm_id_parse(&saddr, &id, &req.xsid.family, 0, + &argc, &argv); - memcpy(&req.xsid.daddr, &id.daddr, sizeof(req.xsid.daddr)); - req.xsid.spi = id.spi; - req.xsid.proto = id.proto; + memcpy(&req.xsid.daddr, &id.daddr, sizeof(req.xsid.daddr)); + req.xsid.spi = id.spi; + req.xsid.proto = id.proto; - addattr_l(&req.n, sizeof(req.buf), XFRMA_SRCADDR, - (void *)&saddr, sizeof(saddr)); + addattr_l(&req.n, sizeof(req.buf), XFRMA_SRCADDR, + (void *)&saddr, sizeof(saddr)); + } argc--; argv++; } + if (mark.m & mark.v) { + int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK, + (void *)&mark, sizeof(mark)); + if (r < 0) { + fprintf(stderr, "XFRMA_MARK failed\n"); + exit(1); + } + } + if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0) exit(1); -- 1.6.0.4 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [iproute2 PATCH 3/3] xfrm: add support for SA by mark 2010-02-23 13:15 ` [iproute2 PATCH 3/3] xfrm: add support for SA " jamal @ 2010-03-04 0:38 ` Stephen Hemminger 0 siblings, 0 replies; 4+ messages in thread From: Stephen Hemminger @ 2010-03-04 0:38 UTC (permalink / raw) To: jamal; +Cc: netdev On Tue, 23 Feb 2010 08:15:12 -0500 jamal <hadi@cyberus.ca> wrote: > From: Jamal Hadi Salim <hadi@cyberus.ca> > > Add support for SA manipulation by mark > > Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> All applied -- ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-03-04 0:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <xfrm-iproute-mark>
2010-02-23 13:15 ` [iproute2 PATCH 1/3] xfrm: Introduce xfrm by mark jamal
2010-02-23 13:15 ` [iproute2 PATCH 2/3] xfrm: policy " jamal
2010-02-23 13:15 ` [iproute2 PATCH 3/3] xfrm: add support for SA " jamal
2010-03-04 0:38 ` Stephen Hemminger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).