* [PATCH iproute2 6/7] ip/xfrm: Improve usage text and documentation
2013-03-25 14:23 [PATCH iproute2 1/7] ip/xfrm: Extend SPI validity checking David Ward
` (3 preceding siblings ...)
2013-03-25 14:23 ` [PATCH iproute2 5/7] ip/xfrm: Command syntax should not expect a key for compression David Ward
@ 2013-03-25 14:23 ` David Ward
2013-03-25 14:23 ` [PATCH iproute2 7/7] ip/xfrm: Improve error strings David Ward
2013-03-25 15:03 ` [PATCH iproute2 1/7] ip/xfrm: Extend SPI validity checking Stephen Hemminger
6 siblings, 0 replies; 9+ messages in thread
From: David Ward @ 2013-03-25 14:23 UTC (permalink / raw)
To: netdev; +Cc: David Ward
Change ALGO-KEY to ALGO-KEYMAT to make it more obvious that the
keying material might need to contain more than just the key (such
as a salt or nonce value).
List the algorithm names that currently exist in the kernel.
Indicate that for IPComp, the Compression Parameter Index (CPI) is
used as the SPI.
Group the list of mode values by transform protocol.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
---
ip/xfrm_policy.c | 2 +-
ip/xfrm_state.c | 18 ++++----
man/man8/ip-xfrm.8 | 112 +++++++++++++++++++++++++++++++++++-----------------
3 files changed, 85 insertions(+), 47 deletions(-)
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index bf263e0..27c9a65 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -96,7 +96,7 @@ static void usage(void)
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_COMP));
fprintf(stderr, "%s | ", strxf_xfrmproto(IPPROTO_ROUTING));
fprintf(stderr, "%s\n", strxf_xfrmproto(IPPROTO_DSTOPTS));
- fprintf(stderr, "MODE := transport | tunnel | ro | in_trigger | beet\n");
+ fprintf(stderr, "MODE := transport | tunnel | beet | ro | in_trigger\n");
fprintf(stderr, "LEVEL := required | use\n");
exit(-1);
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 9b374ee..ee06f7d 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -79,14 +79,14 @@ static void usage(void)
fprintf(stderr, "ALGO := { ");
fprintf(stderr, "%s | ", strxf_algotype(XFRMA_ALG_CRYPT));
fprintf(stderr, "%s", strxf_algotype(XFRMA_ALG_AUTH));
- fprintf(stderr, " } ALGO-NAME ALGO-KEY |\n");
+ fprintf(stderr, " } ALGO-NAME ALGO-KEYMAT |\n");
fprintf(stderr, " %s", strxf_algotype(XFRMA_ALG_AUTH_TRUNC));
- fprintf(stderr, " ALGO-NAME ALGO-KEY ALGO-TRUNC-LEN |\n");
+ fprintf(stderr, " ALGO-NAME ALGO-KEYMAT ALGO-TRUNC-LEN |\n");
fprintf(stderr, " %s", strxf_algotype(XFRMA_ALG_AEAD));
- fprintf(stderr, " ALGO-NAME ALGO-KEY ALGO-ICV-LEN |\n");
+ fprintf(stderr, " ALGO-NAME ALGO-KEYMAT ALGO-ICV-LEN |\n");
fprintf(stderr, " %s", strxf_algotype(XFRMA_ALG_COMP));
fprintf(stderr, " ALGO-NAME\n");
- fprintf(stderr, "MODE := transport | tunnel | ro | in_trigger | beet\n");
+ fprintf(stderr, "MODE := transport | tunnel | beet | ro | in_trigger\n");
fprintf(stderr, "FLAG-LIST := [ FLAG-LIST ] FLAG\n");
fprintf(stderr, "FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4\n");
fprintf(stderr, "SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n");
@@ -119,7 +119,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
#if 0
/* XXX: verifying both name and key is required! */
- fprintf(stderr, "warning: ALGO-NAME/ALGO-KEY will send to kernel promiscuously! (verifying them isn't implemented yet)\n");
+ fprintf(stderr, "warning: ALGO-NAME/ALGO-KEYMAT values will be sent to the kernel promiscuously! (verifying them isn't implemented yet)\n");
#endif
strncpy(alg->alg_name, name, sizeof(alg->alg_name));
@@ -139,7 +139,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
/* calculate length of the converted values(real key) */
len = (plen + 1) / 2;
if (len > max)
- invarg("\"ALGO-KEY\" makes buffer overflow\n", key);
+ invarg("ALGO-KEYMAT value makes buffer overflow\n", key);
for (i = - (plen % 2), j = 0; j < len; i += 2, j++) {
char vbuf[3];
@@ -150,7 +150,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
vbuf[2] = '\0';
if (get_u8(&val, vbuf, 16))
- invarg("\"ALGO-KEY\" is invalid", key);
+ invarg("ALGO-KEYMAT value is invalid", key);
buf[j] = val;
}
@@ -158,7 +158,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
len = slen;
if (len > 0) {
if (len > max)
- invarg("\"ALGO-KEY\" makes buffer overflow\n", key);
+ invarg("ALGO-KEYMAT value makes buffer overflow\n", key);
strncpy(buf, key, len);
}
@@ -416,7 +416,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
case XFRMA_ALG_AUTH:
case XFRMA_ALG_AUTH_TRUNC:
if (!NEXT_ARG_OK())
- missarg("ALGO-KEY");
+ missarg("ALGO-KEYMAT");
NEXT_ARG();
key = *argv;
break;
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index 6017bc2..1d33eed 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -118,20 +118,20 @@ ip-xfrm \- transform configuration
.ti -8
.IR ALGO " :="
.RB "{ " enc " | " auth " } "
-.IR ALGO-NAME " " ALGO-KEY " |"
+.IR ALGO-NAME " " ALGO-KEYMAT " |"
.br
.B auth-trunc
-.IR ALGO-NAME " " ALGO-KEY " " ALGO-TRUNC-LEN " |"
+.IR ALGO-NAME " " ALGO-KEYMAT " " ALGO-TRUNC-LEN " |"
.br
.B aead
-.IR ALGO-NAME " " ALGO-KEY " " ALGO-ICV-LEN " |"
+.IR ALGO-NAME " " ALGO-KEYMAT " " ALGO-ICV-LEN " |"
.br
.B comp
.IR ALGO-NAME
.ti -8
.IR MODE " := "
-.BR transport " | " tunnel " | " ro " | " in_trigger " | " beet
+.BR transport " | " tunnel " | " beet " | " ro " | " in_trigger
.ti -8
.IR FLAG-LIST " := [ " FLAG-LIST " ] " FLAG
@@ -345,7 +345,7 @@ ip-xfrm \- transform configuration
.ti -8
.IR MODE " := "
-.BR transport " | " tunnel " | " ro " | " in_trigger " | " beet
+.BR transport " | " tunnel " | " beet " | " ro " | " in_trigger
.ti -8
.IR LEVEL " :="
@@ -393,6 +393,8 @@ is specified by a source address, destination address,
.RI "transform protocol " XFRM-PROTO ","
and/or Security Parameter Index
.IR SPI "."
+(For IP Payload Compression, the Compression Parameter Index or CPI is used for
+.IR SPI ".)"
.TP
.I XFRM-PROTO
@@ -405,37 +407,68 @@ specifies a transform protocol:
.TP
.I ALGO-LIST
-specifies one or more algorithms
-.IR ALGO
-to use. Algorithm types include
+contains one or more algorithms to use. Each algorithm
+.I ALGO
+is specified by:
+.RS
+.IP \[bu]
+the algorithm type:
.RB "encryption (" enc "),"
-.RB "authentication (" auth "),"
-.RB "authentication with a specified truncation length (" auth-trunc "),"
-.RB "authenticated encryption with associated data (" aead "), and"
-.RB "compression (" comp ")."
-For each algorithm used, the algorithm type, the algorithm name
-.IR ALGO-NAME ","
-and the key
-.I ALGO-KEY
-must be specified. For
-.BR aead ","
+.RB "authentication (" auth " or " auth-trunc "),"
+.RB "authenticated encryption with associated data (" aead "), or"
+.RB "compression (" comp ")"
+.IP \[bu]
+the algorithm name
+.IR ALGO-NAME
+(see below)
+.IP \[bu]
+.RB "(for all except " comp ")"
+the keying material
+.IR ALGO-KEYMAT ","
+which may include both a key and a salt or nonce value; refer to the
+corresponding RFC
+.IP \[bu]
+.RB "(for " auth-trunc " only)"
+the truncation length
+.I ALGO-TRUNC-LEN
+in bits
+.IP \[bu]
+.RB "(for " aead " only)"
the Integrity Check Value length
.I ALGO-ICV-LEN
-must additionally be specified.
-For
-.BR auth-trunc ","
-the signature truncation length
-.I ALGO-TRUNC-LEN
-must additionally be specified.
+in bits
+.RE
+
+.nh
+.RS
+Encryption algorithms include
+.BR ecb(cipher_null) ", " cbc(des) ", " cbc(des3_ede) ", " cbc(cast5) ","
+.BR cbc(blowfish) ", " cbc(aes) ", " cbc(serpent) ", " cbc(camellia) ","
+.BR cbc(twofish) ", and " rfc3686(ctr(aes)) "."
+
+Authentication algorithms include
+.BR digest_null ", " hmac(md5) ", " hmac(sha1) ", " hmac(sha256) ","
+.BR hmac(sha384) ", " hmac(sha512) ", " hmac(rmd610) ", and " xcbc(aes) "."
+
+Authenticated encryption with associated data (AEAD) algorithms include
+.BR rfc4106(gcm(aes)) ", " rfc4309(ccm(aes)) ", and " rfc4543(gcm(aes)) "."
+
+Compression algorithms include
+.BR deflate ", " lzs ", and " lzjh "."
+.RE
+.hy
.TP
.I MODE
-specifies a mode of operation:
-.RB "IPsec transport mode (" transport "), "
-.RB "IPsec tunnel mode (" tunnel "), "
-.RB "Mobile IPv6 route optimization mode (" ro "), "
-.RB "Mobile IPv6 inbound trigger mode (" in_trigger "), or "
-.RB "IPsec ESP Bound End-to-End Tunnel Mode (" beet ")."
+specifies a mode of operation for the transform protocol. IPsec and IP Payload
+Compression modes are
+.BR transport ", " tunnel ","
+and (for IPsec ESP only) Bound End-to-End Tunnel
+.RB "(" beet ")."
+Mobile IPv6 modes are route optimization
+.RB "(" ro ")"
+and inbound trigger
+.RB "(" in_trigger ")."
.TP
.I FLAG-LIST
@@ -553,6 +586,8 @@ is specified by a source address, destination address,
.RI "transform protocol " XFRM-PROTO ","
and/or Security Parameter Index
.IR SPI "."
+(For IP Payload Compression, the Compression Parameter Index or CPI is used for
+.IR SPI ".)"
.TP
.I XFRM-PROTO
@@ -565,12 +600,15 @@ specifies a transform protocol:
.TP
.I MODE
-specifies a mode of operation:
-.RB "IPsec transport mode (" transport "), "
-.RB "IPsec tunnel mode (" tunnel "), "
-.RB "Mobile IPv6 route optimization mode (" ro "), "
-.RB "Mobile IPv6 inbound trigger mode (" in_trigger "), or "
-.RB "IPsec ESP Bound End-to-End Tunnel Mode (" beet ")."
+specifies a mode of operation for the transform protocol. IPsec and IP Payload
+Compression modes are
+.BR transport ", " tunnel ","
+and (for IPsec ESP only) Bound End-to-End Tunnel
+.RB "(" beet ")."
+Mobile IPv6 modes are route optimization
+.RB "(" ro ")"
+and inbound trigger
+.RB "(" in_trigger ")."
.TP
.I LEVEL
@@ -581,4 +619,4 @@ can be
The xfrm objects to monitor can be optionally specified.
.SH AUTHOR
-Manpage by David Ward
+Manpage revised by David Ward <david.ward@ll.mit.edu>
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread* [PATCH iproute2 7/7] ip/xfrm: Improve error strings
2013-03-25 14:23 [PATCH iproute2 1/7] ip/xfrm: Extend SPI validity checking David Ward
` (4 preceding siblings ...)
2013-03-25 14:23 ` [PATCH iproute2 6/7] ip/xfrm: Improve usage text and documentation David Ward
@ 2013-03-25 14:23 ` David Ward
2013-03-28 21:47 ` Stephen Hemminger
2013-03-25 15:03 ` [PATCH iproute2 1/7] ip/xfrm: Extend SPI validity checking Stephen Hemminger
6 siblings, 1 reply; 9+ messages in thread
From: David Ward @ 2013-03-25 14:23 UTC (permalink / raw)
To: netdev; +Cc: David Ward
Quotation marks are now used only to indicate literal text on the
command line.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
---
ip/ipxfrm.c | 64 +++++++++++++++++++++++++++---------------------------
ip/xfrm_policy.c | 28 +++++++++++-----------
ip/xfrm_state.c | 40 ++++++++++++++++----------------
3 files changed, 66 insertions(+), 66 deletions(-)
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index 3113573..0495ff4 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -660,7 +660,7 @@ int xfrm_parse_mark(struct xfrm_mark *mark, int *argcp, char ***argvp)
NEXT_ARG();
if (get_u32(&mark->v, *argv, 0)) {
- invarg("Illegal \"mark\" value\n", *argv);
+ invarg("MARK value is invalid\n", *argv);
}
if (argc > 1)
NEXT_ARG();
@@ -672,7 +672,7 @@ int xfrm_parse_mark(struct xfrm_mark *mark, int *argcp, char ***argvp)
if (strcmp(*argv, "mask") == 0) {
NEXT_ARG();
if (get_u32(&mark->m, *argv, 0)) {
- invarg("Illegal \"mark\" mask\n", *argv);
+ invarg("MASK value is invalid\n", *argv);
}
} else {
mark->m = 0xffffffff;
@@ -1010,7 +1010,7 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
get_prefix(&src, *argv, preferred_family);
if (src.family == AF_UNSPEC)
- invarg("\"src\" address family is AF_UNSPEC", *argv);
+ invarg("value after \"src\" has an unrecognized address family", *argv);
if (family)
*family = src.family;
@@ -1023,7 +1023,7 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
get_prefix(&dst, *argv, preferred_family);
if (dst.family == AF_UNSPEC)
- invarg("\"dst\" address family is AF_UNSPEC", *argv);
+ invarg("value after \"dst\" has an unrecognized address family", *argv);
if (family)
*family = dst.family;
@@ -1038,7 +1038,7 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
ret = xfrm_xfrmproto_getbyname(*argv);
if (ret < 0)
- invarg("\"XFRM-PROTO\" is invalid", *argv);
+ invarg("XFRM-PROTO value is invalid", *argv);
id->proto = (__u8)ret;
@@ -1049,7 +1049,7 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
NEXT_ARG();
if (get_u32(&spi, *argv, 0))
- invarg("\"SPI\" is invalid", *argv);
+ invarg("SPI value is invalid", *argv);
spi = htonl(spi);
id->spi = spi;
@@ -1067,7 +1067,7 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
}
if (src.family && dst.family && (src.family != dst.family))
- invarg("the same address family is required between \"src\" and \"dst\"", *argv);
+ invarg("the same address family is required between values after \"src\" and \"dst\"", *argv);
if (id->spi && id->proto) {
if (xfrm_xfrmproto_is_ro(id->proto)) {
@@ -1108,7 +1108,7 @@ int xfrm_mode_parse(__u8 *mode, int *argcp, char ***argvp)
else if (matches(*argv, "beet") == 0)
*mode = XFRM_MODE_BEET;
else
- invarg("\"MODE\" is invalid", *argv);
+ invarg("MODE value is invalid", *argv);
*argcp = argc;
*argvp = argv;
@@ -1126,7 +1126,7 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp)
else if (strcmp(*argv, "espinudp") == 0)
*type = 2;
else
- invarg("\"ENCAP-TYPE\" is invalid", *argv);
+ invarg("ENCAP-TYPE value is invalid", *argv);
*argcp = argc;
*argvp = argv;
@@ -1141,7 +1141,7 @@ int xfrm_reqid_parse(__u32 *reqid, int *argcp, char ***argvp)
char **argv = *argvp;
if (get_u32(reqid, *argv, 0))
- invarg("\"REQID\" is invalid", *argv);
+ invarg("REQID value is invalid", *argv);
*argcp = argc;
*argvp = argv;
@@ -1175,7 +1175,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
upspec = pp->p_proto;
else {
if (get_u8(&upspec, *argv, 0))
- invarg("\"PROTO\" is invalid", *argv);
+ invarg("PROTO value is invalid", *argv);
}
}
sel->proto = upspec;
@@ -1188,7 +1188,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
NEXT_ARG();
if (get_u16(&sel->sport, *argv, 0))
- invarg("\"PORT\" is invalid", *argv);
+ invarg("value after \"sport\" is invalid", *argv);
sel->sport = htons(sel->sport);
if (sel->sport)
sel->sport_mask = ~((__u16)0);
@@ -1201,7 +1201,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
NEXT_ARG();
if (get_u16(&sel->dport, *argv, 0))
- invarg("\"PORT\" is invalid", *argv);
+ invarg("value after \"dport\" is invalid", *argv);
sel->dport = htons(sel->dport);
if (sel->dport)
sel->dport_mask = ~((__u16)0);
@@ -1215,7 +1215,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
if (get_u16(&sel->sport, *argv, 0) ||
(sel->sport & ~((__u16)0xff)))
- invarg("\"type\" value is invalid", *argv);
+ invarg("value after \"type\" is invalid", *argv);
sel->sport = htons(sel->sport);
sel->sport_mask = ~((__u16)0);
@@ -1229,7 +1229,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
if (get_u16(&sel->dport, *argv, 0) ||
(sel->dport & ~((__u16)0xff)))
- invarg("\"code\" value is invalid", *argv);
+ invarg("value after \"code\" is invalid", *argv);
sel->dport = htons(sel->dport);
sel->dport_mask = ~((__u16)0);
@@ -1246,7 +1246,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
uval = htonl(get_addr32(*argv));
else {
if (get_unsigned(&uval, *argv, 0)<0) {
- fprintf(stderr, "invalid value for \"key\"; it should be an unsigned integer\n");
+ fprintf(stderr, "value after \"key\" is invalid\n");
exit(-1);
}
}
@@ -1277,7 +1277,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
case IPPROTO_DCCP:
break;
default:
- fprintf(stderr, "\"sport\" and \"dport\" are invalid with proto=%s\n", strxf_proto(sel->proto));
+ fprintf(stderr, "\"sport\" and \"dport\" are invalid with PROTO value \"%s\"\n", strxf_proto(sel->proto));
exit(1);
}
}
@@ -1288,7 +1288,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
case IPPROTO_MH:
break;
default:
- fprintf(stderr, "\"type\" and \"code\" are invalid with proto=%s\n", strxf_proto(sel->proto));
+ fprintf(stderr, "\"type\" and \"code\" are invalid with PROTO value \"%s\"\n", strxf_proto(sel->proto));
exit(1);
}
}
@@ -1297,7 +1297,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
case IPPROTO_GRE:
break;
default:
- fprintf(stderr, "\"key\" is invalid with proto=%s\n", strxf_proto(sel->proto));
+ fprintf(stderr, "\"key\" is invalid with PROTO value \"%s\"\n", strxf_proto(sel->proto));
exit(1);
}
}
@@ -1325,7 +1325,7 @@ int xfrm_selector_parse(struct xfrm_selector *sel, int *argcp, char ***argvp)
get_prefix(&src, *argv, preferred_family);
if (src.family == AF_UNSPEC)
- invarg("\"src\" address family is AF_UNSPEC", *argv);
+ invarg("value after \"src\" has an unrecognized address family", *argv);
sel->family = src.family;
memcpy(&sel->saddr, &src.data, sizeof(sel->saddr));
@@ -1338,7 +1338,7 @@ int xfrm_selector_parse(struct xfrm_selector *sel, int *argcp, char ***argvp)
get_prefix(&dst, *argv, preferred_family);
if (dst.family == AF_UNSPEC)
- invarg("\"dst\" address family is AF_UNSPEC", *argv);
+ invarg("value after \"dst\" has an unrecognized address family", *argv);
sel->family = dst.family;
memcpy(&sel->daddr, &dst.data, sizeof(sel->daddr));
@@ -1356,7 +1356,7 @@ int xfrm_selector_parse(struct xfrm_selector *sel, int *argcp, char ***argvp)
else {
ifindex = ll_name_to_index(*argv);
if (ifindex <= 0)
- invarg("\"DEV\" is invalid", *argv);
+ invarg("DEV value is invalid", *argv);
}
sel->ifindex = ifindex;
@@ -1379,7 +1379,7 @@ int xfrm_selector_parse(struct xfrm_selector *sel, int *argcp, char ***argvp)
}
if (src.family && dst.family && (src.family != dst.family))
- invarg("the same address family is required between \"src\" and \"dst\"", *argv);
+ invarg("the same address family is required between values after \"src\" and \"dst\"", *argv);
if (argc == *argcp)
missarg("SELECTOR");
@@ -1401,44 +1401,44 @@ int xfrm_lifetime_cfg_parse(struct xfrm_lifetime_cfg *lft,
NEXT_ARG();
ret = get_u64(&lft->soft_add_expires_seconds, *argv, 0);
if (ret)
- invarg("\"time-soft\" value is invalid", *argv);
+ invarg("value after \"time-soft\" is invalid", *argv);
} else if (strcmp(*argv, "time-hard") == 0) {
NEXT_ARG();
ret = get_u64(&lft->hard_add_expires_seconds, *argv, 0);
if (ret)
- invarg("\"time-hard\" value is invalid", *argv);
+ invarg("value after \"time-hard\" is invalid", *argv);
} else if (strcmp(*argv, "time-use-soft") == 0) {
NEXT_ARG();
ret = get_u64(&lft->soft_use_expires_seconds, *argv, 0);
if (ret)
- invarg("\"time-use-soft\" value is invalid", *argv);
+ invarg("value after \"time-use-soft\" is invalid", *argv);
} else if (strcmp(*argv, "time-use-hard") == 0) {
NEXT_ARG();
ret = get_u64(&lft->hard_use_expires_seconds, *argv, 0);
if (ret)
- invarg("\"time-use-hard\" value is invalid", *argv);
+ invarg("value after \"time-use-hard\" is invalid", *argv);
} else if (strcmp(*argv, "byte-soft") == 0) {
NEXT_ARG();
ret = get_u64(&lft->soft_byte_limit, *argv, 0);
if (ret)
- invarg("\"byte-soft\" value is invalid", *argv);
+ invarg("value after \"byte-soft\" is invalid", *argv);
} else if (strcmp(*argv, "byte-hard") == 0) {
NEXT_ARG();
ret = get_u64(&lft->hard_byte_limit, *argv, 0);
if (ret)
- invarg("\"byte-hard\" value is invalid", *argv);
+ invarg("value after \"byte-hard\" is invalid", *argv);
} else if (strcmp(*argv, "packet-soft") == 0) {
NEXT_ARG();
ret = get_u64(&lft->soft_packet_limit, *argv, 0);
if (ret)
- invarg("\"packet-soft\" value is invalid", *argv);
+ invarg("value after \"packet-soft\" is invalid", *argv);
} else if (strcmp(*argv, "packet-hard") == 0) {
NEXT_ARG();
ret = get_u64(&lft->hard_packet_limit, *argv, 0);
if (ret)
- invarg("\"packet-hard\" value is invalid", *argv);
+ invarg("value after \"packet-hard\" is invalid", *argv);
} else
- invarg("\"LIMIT\" is invalid", *argv);
+ invarg("LIMIT value is invalid", *argv);
*argcp = argc;
*argvp = argv;
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index 27c9a65..9bc584e 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -114,7 +114,7 @@ static int xfrm_policy_dir_parse(__u8 *dir, int *argcp, char ***argvp)
else if (strcmp(*argv, "fwd") == 0)
*dir = XFRM_POLICY_FWD;
else
- invarg("\"DIR\" is invalid", *argv);
+ invarg("DIR value is invalid", *argv);
*argcp = argc;
*argvp = argv;
@@ -132,7 +132,7 @@ static int xfrm_policy_ptype_parse(__u8 *ptype, int *argcp, char ***argvp)
else if (strcmp(*argv, "sub") == 0)
*ptype = XFRM_POLICY_TYPE_SUB;
else
- invarg("\"PTYPE\" is invalid", *argv);
+ invarg("PTYPE value is invalid", *argv);
*argcp = argc;
*argvp = argv;
@@ -150,7 +150,7 @@ static int xfrm_policy_flag_parse(__u8 *flags, int *argcp, char ***argvp)
__u8 val = 0;
if (get_u8(&val, *argv, 16))
- invarg("\"FLAG\" is invalid", *argv);
+ invarg("FLAG value is invalid", *argv);
*flags = val;
} else {
while (1) {
@@ -197,7 +197,7 @@ static int xfrm_tmpl_parse(struct xfrm_user_tmpl *tmpl,
else if (strcmp(*argv, "use") == 0)
tmpl->optional = 1;
else
- invarg("\"LEVEL\" is invalid\n", *argv);
+ invarg("LEVEL value is invalid\n", *argv);
} else {
if (idp) {
@@ -300,7 +300,7 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
} else if (strcmp(*argv, "index") == 0) {
NEXT_ARG();
if (get_u32(&req.xpinfo.index, *argv, 0))
- invarg("\"INDEX\" is invalid", *argv);
+ invarg("INDEX value is invalid", *argv);
} else if (strcmp(*argv, "ptype") == 0) {
if (ptypep)
duparg("ptype", *argv);
@@ -315,11 +315,11 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
else if (strcmp(*argv, "block") == 0)
req.xpinfo.action = XFRM_POLICY_BLOCK;
else
- invarg("\"action\" value is invalid\n", *argv);
+ invarg("ACTION value is invalid\n", *argv);
} else if (strcmp(*argv, "priority") == 0) {
NEXT_ARG();
if (get_u32(&req.xpinfo.priority, *argv, 0))
- invarg("\"PRIORITY\" is invalid", *argv);
+ invarg("PRIORITY value is invalid", *argv);
} else if (strcmp(*argv, "flag") == 0) {
NEXT_ARG();
xfrm_policy_flag_parse(&req.xpinfo.flags, &argc,
@@ -359,7 +359,7 @@ static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
}
if (!dirp) {
- fprintf(stderr, "Not enough information: \"DIR\" is required.\n");
+ fprintf(stderr, "Not enough information: DIR is required.\n");
exit(1);
}
@@ -611,7 +611,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete,
NEXT_ARG();
if (get_u32(&req.xpid.index, *argv, 0))
- invarg("\"INDEX\" is invalid", *argv);
+ invarg("INDEX value is invalid", *argv);
} else if (strcmp(*argv, "ptype") == 0) {
if (ptypep)
@@ -636,7 +636,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete,
}
if (!dirp) {
- fprintf(stderr, "Not enough information: \"DIR\" is required.\n");
+ fprintf(stderr, "Not enough information: DIR is required.\n");
exit(1);
}
if (ptypep) {
@@ -644,7 +644,7 @@ static int xfrm_policy_get_or_delete(int argc, char **argv, int delete,
(void *)&upt, sizeof(upt));
}
if (!selp && !indexp) {
- fprintf(stderr, "Not enough information: either \"SELECTOR\" or \"INDEX\" is required.\n");
+ fprintf(stderr, "Not enough information: either SELECTOR or INDEX is required.\n");
exit(1);
}
if (selp && indexp)
@@ -786,7 +786,7 @@ static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall)
} else if (strcmp(*argv, "index") == 0) {
NEXT_ARG();
if (get_u32(&filter.xpinfo.index, *argv, 0))
- invarg("\"INDEX\" is invalid", *argv);
+ invarg("INDEX value is invalid", *argv);
filter.index_mask = XFRM_FILTER_MASK_FULL;
@@ -803,14 +803,14 @@ static int xfrm_policy_list_or_deleteall(int argc, char **argv, int deleteall)
else if (strcmp(*argv, "block") == 0)
filter.xpinfo.action = XFRM_POLICY_BLOCK;
else
- invarg("\"ACTION\" is invalid\n", *argv);
+ invarg("ACTION value is invalid\n", *argv);
filter.action_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "priority") == 0) {
NEXT_ARG();
if (get_u32(&filter.xpinfo.priority, *argv, 0))
- invarg("\"PRIORITY\" is invalid", *argv);
+ invarg("PRIORITY value is invalid", *argv);
filter.priority_mask = XFRM_FILTER_MASK_FULL;
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index ee06f7d..88a1a56 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -175,7 +175,7 @@ static int xfrm_seq_parse(__u32 *seq, int *argcp, char ***argvp)
char **argv = *argvp;
if (get_u32(seq, *argv, 0))
- invarg("\"SEQ\" is invalid", *argv);
+ invarg("SEQ value is invalid", *argv);
*seq = htonl(*seq);
@@ -195,7 +195,7 @@ static int xfrm_state_flag_parse(__u8 *flags, int *argcp, char ***argvp)
__u8 val = 0;
if (get_u8(&val, *argv, 16))
- invarg("\"FLAG\" is invalid", *argv);
+ invarg("FLAG value is invalid", *argv);
*flags = val;
} else {
while (1) {
@@ -281,15 +281,15 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
} else if (strcmp(*argv, "replay-window") == 0) {
NEXT_ARG();
if (get_u8(&req.xsinfo.replay_window, *argv, 0))
- invarg("\"replay-window\" value is invalid", *argv);
+ invarg("value after \"replay-window\" is invalid", *argv);
} else if (strcmp(*argv, "replay-seq") == 0) {
NEXT_ARG();
if (get_u32(&replay.seq, *argv, 0))
- invarg("\"replay-seq\" value is invalid", *argv);
+ invarg("value after \"replay-seq\" is invalid", *argv);
} else if (strcmp(*argv, "replay-oseq") == 0) {
NEXT_ARG();
if (get_u32(&replay.oseq, *argv, 0))
- invarg("\"replay-oseq\" value is invalid", *argv);
+ invarg("value after \"replay-oseq\" is invalid", *argv);
} else if (strcmp(*argv, "flag") == 0) {
NEXT_ARG();
xfrm_state_flag_parse(&req.xsinfo.flags, &argc, &argv);
@@ -308,11 +308,11 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
xfrm_encap_type_parse(&encap.encap_type, &argc, &argv);
NEXT_ARG();
if (get_u16(&encap.encap_sport, *argv, 0))
- invarg("\"encap\" sport value is invalid", *argv);
+ invarg("SPORT value after \"encap\" is invalid", *argv);
encap.encap_sport = htons(encap.encap_sport);
NEXT_ARG();
if (get_u16(&encap.encap_dport, *argv, 0))
- invarg("\"encap\" dport value is invalid", *argv);
+ invarg("DPORT value after \"encap\" is invalid", *argv);
encap.encap_dport = htons(encap.encap_dport);
NEXT_ARG();
get_addr(&oa, *argv, AF_UNSPEC);
@@ -331,9 +331,9 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
get_prefix(&coa, *argv, preferred_family);
if (coa.family == AF_UNSPEC)
- invarg("\"coa\" address family is AF_UNSPEC", *argv);
+ invarg("value after \"coa\" has an unrecognized address family", *argv);
if (coa.bytelen > sizeof(xcoa))
- invarg("\"coa\" address length is too large", *argv);
+ invarg("value after \"coa\" is too large", *argv);
memset(&xcoa, 0, sizeof(xcoa));
memcpy(&xcoa, &coa.data, coa.bytelen);
@@ -402,7 +402,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
break;
default:
/* not reached */
- invarg("\"ALGO-TYPE\" is invalid\n", *argv);
+ invarg("ALGO-TYPE value is invalid\n", *argv);
}
if (!NEXT_ARG_OK())
@@ -431,7 +431,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
missarg("ALGO-ICV-LEN");
NEXT_ARG();
if (get_u32(&icvlen, *argv, 0))
- invarg("\"aead\" ICV length is invalid",
+ invarg("ALGO-ICV-LEN value is invalid",
*argv);
alg.u.aead.alg_icv_len = icvlen;
@@ -443,7 +443,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
missarg("ALGO-TRUNC-LEN");
NEXT_ARG();
if (get_u32(&trunclen, *argv, 0))
- invarg("\"auth\" trunc length is invalid",
+ invarg("ALGO-TRUNC-LEN value is invalid",
*argv);
alg.u.auth.alg_trunc_len = trunclen;
@@ -481,7 +481,7 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
(void *)&replay, sizeof(replay));
if (!idp) {
- fprintf(stderr, "Not enough information: \"ID\" is required\n");
+ fprintf(stderr, "Not enough information: ID is required\n");
exit(1);
}
@@ -660,7 +660,7 @@ static int xfrm_state_allocspi(int argc, char **argv)
NEXT_ARG();
if (get_u32(&req.xspi.min, *argv, 0))
- invarg("\"min\" value is invalid", *argv);
+ invarg("value after \"min\" is invalid", *argv);
} else if (strcmp(*argv, "max") == 0) {
if (maxp)
duparg("max", *argv);
@@ -669,7 +669,7 @@ static int xfrm_state_allocspi(int argc, char **argv)
NEXT_ARG();
if (get_u32(&req.xspi.max, *argv, 0))
- invarg("\"max\" value is invalid", *argv);
+ invarg("value after \"max\" is invalid", *argv);
} else {
/* try to assume ID */
if (idp)
@@ -680,7 +680,7 @@ static int xfrm_state_allocspi(int argc, char **argv)
xfrm_id_parse(&req.xspi.info.saddr, &req.xspi.info.id,
&req.xspi.info.family, 0, &argc, &argv);
if (req.xspi.info.id.spi) {
- fprintf(stderr, "\"SPI\" must be zero\n");
+ fprintf(stderr, "\"spi\" is invalid\n");
exit(1);
}
if (preferred_family == AF_UNSPEC)
@@ -690,7 +690,7 @@ static int xfrm_state_allocspi(int argc, char **argv)
}
if (!idp) {
- fprintf(stderr, "Not enough information: \"ID\" is required\n");
+ fprintf(stderr, "Not enough information: ID is required\n");
exit(1);
}
@@ -700,7 +700,7 @@ static int xfrm_state_allocspi(int argc, char **argv)
exit(1);
}
if (req.xspi.min > req.xspi.max) {
- fprintf(stderr, "\"min\" value is larger than \"max\" value\n");
+ fprintf(stderr, "value after \"min\" is larger than value after \"max\"\n");
exit(1);
}
} else {
@@ -1215,7 +1215,7 @@ static int xfrm_state_flush(int argc, char **argv)
ret = xfrm_xfrmproto_getbyname(*argv);
if (ret < 0)
- invarg("\"XFRM-PROTO\" is invalid", *argv);
+ invarg("XFRM-PROTO value is invalid", *argv);
req.xsf.proto = (__u8)ret;
} else
@@ -1228,7 +1228,7 @@ static int xfrm_state_flush(int argc, char **argv)
exit(1);
if (show_stats > 1)
- fprintf(stderr, "Flush state proto=%s\n",
+ fprintf(stderr, "Flush state with XFRM-PROTO value \"%s\"\n",
strxf_xfrmproto(req.xsf.proto));
if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0)
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread