From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72F2DC43387 for ; Thu, 17 Jan 2019 14:40:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 20FB420652 for ; Thu, 17 Jan 2019 14:40:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=arroyo.io header.i=@arroyo.io header.b="DuI5scvJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727339AbfAQOkn (ORCPT ); Thu, 17 Jan 2019 09:40:43 -0500 Received: from mail-io1-f67.google.com ([209.85.166.67]:39093 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727010AbfAQOkm (ORCPT ); Thu, 17 Jan 2019 09:40:42 -0500 Received: by mail-io1-f67.google.com with SMTP id k7so7989918iob.6 for ; Thu, 17 Jan 2019 06:40:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arroyo.io; s=google; h=date:from:to:cc:subject:message-id:mime-version; bh=ZvZ5A6Z2Gu9twERKPmUoo6toJ0l258SAHCO+kHRd8zY=; b=DuI5scvJiEsuGE8YKqrBoR7Bcpym2j8VrZtjGd/Vmj9uiX0zqyG77GE34M5rHBxux9 zTNibWAkjlyGPvZKF4xFzlchlXuxo9eHtj3T4FG3KQk78mhD9PK9Ez8yc7Q3mcTZNwOY i/IYnPQYz/ks3haBxuwT69At/3P8tqPrf99PBLIiIU2g6RxEuQoZuTSRzu48+7Bxt+Mp o1ZEXEMGGLD7kF3Zpd5mdpNVXbcjqfWVUvi5C8J5L1F30+ytCo4hz8cHT7rjOScLMmMq oYorSVwp/zCn65CxxN2xWP5UxnO8z1P/mT336cULQOqJBbxDdF8FaNeLNZxlY+RnozmA 2RUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version; bh=ZvZ5A6Z2Gu9twERKPmUoo6toJ0l258SAHCO+kHRd8zY=; b=Lf/sZ69wWz2Qf1nuqKpxbsPL0hGCpis1tMGDOjLkrZ18nj2s6cxIBWcU/iGFyrjAxf wqQYn6QzARHVBez+pSZkoOFigKHhsDjgdsCdmDcruZuP/zp4MlbzYPhfzIPNyQymBwq8 thrnMv/pTL5JLfQuXEccdq/AwY75mDnkX9Fr4/h1nTPjP3j4O7g3qdE0q3tozy3c26zD w7w91DIHPokJtez/JzcksMLur1SmhcWijQexnP0E0tyfHI7GBn3Exxm8Nc0fPK/6H6My 2S0oMbKgy473DgrIAYPeBZ6uv94jpiYmd8wgh29LIRpxNm+xbQfblGySOUbKGNvrT/T3 2ntg== X-Gm-Message-State: AJcUukfM9QtaoaNPKP7wvds1kdmcrGoulg6TqZnEGzonQgnpf0l5ABEE CSf+Dw3Q5snIpKR3b346XwmGmDKWxLwL9gxSjPKvnOXtRE+bnbPtqgaVYfEeNVJ21DGU2tmHdGk qU8TZLLeFjByHcEmN6g== X-Google-Smtp-Source: ALg8bN50LlR+BvdVsHutLd21Im3X5zyLOjvnSxt1bmdFm895l8qjBRyXqzO53jf1w79rD1T+RylZPw== X-Received: by 2002:a6b:6a0a:: with SMTP id x10mr7609150iog.87.1547736040952; Thu, 17 Jan 2019 06:40:40 -0800 (PST) Received: from aquamarine (047-006-040-073.res.spectrum.com. [47.6.40.73]) by smtp.gmail.com with ESMTPSA id b192sm719779itb.12.2019.01.17.06.40.40 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 17 Jan 2019 06:40:40 -0800 (PST) Date: Thu, 17 Jan 2019 09:40:37 -0500 From: Matt Ellison To: netdev@vger.kernel.org Cc: stephen@networkplumber.org Subject: [PATCH v2 iproute2] ip: support for xfrm interfaces Message-ID: <20190117094037.36ea8631@aquamarine> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Interfaces take a 'if_id' which is an interface id which can be set on an xfrm policy as its interface lookup key (XFRMA_IF_ID). Signed-off-by: Matt Ellison --- ip/Makefile | 2 +- ip/iplink.c | 3 +- ip/link_xfrm.c | 79 +++++++++++++++++++++++++ man/man8/ip-link.8.in | 27 ++++++++- testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++ 5 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 ip/link_xfrm.c create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t diff --git a/ip/Makefile b/ip/Makefile index a88f9366..7ce6e91a 100644 --- a/ip/Makefile +++ b/ip/Makefile @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \ iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \ iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ + iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \ iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \ iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \ diff --git a/ip/iplink.c b/ip/iplink.c index b5519201..f61e570a 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -121,7 +121,8 @@ void iplink_usage(void) " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n" " gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n" " vti | nlmon | team_slave | bond_slave | bridge_slave |\n" - " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n"); + " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n" + " xfrm }\n"); } exit(-1); } diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c new file mode 100644 index 00000000..1115fde5 --- /dev/null +++ b/ip/link_xfrm.c @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * link_xfrm.c Virtual XFRM Interface driver module + * + * Authors: Matt Ellison + */ + +#include +#include + +#include "rt_names.h" +#include "utils.h" +#include "ip_common.h" +#include "tunnel.h" + +static void xfrm_print_help(struct link_util *lu, int argc, char **argv, + FILE *f) +{ + fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id); + fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n"); +} + +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) +{ + unsigned int link = 0; + __u32 if_id = 0; + + while (argc > 0) { + if (!matches(*argv, "dev")) { + NEXT_ARG(); + link = ll_name_to_index(*argv); + if (!link) + exit(nodev(*argv)); + } else if (!matches(*argv, "if_id")) { + NEXT_ARG(); + if (get_u32(&if_id, *argv, 0)) + invarg("if_id", *argv); + } else { + xfrm_print_help(lu, argc, argv, stderr); + return -1; + } + argc--; argv++; + } + + addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id); + + if (link) { + addattr32(n, 1024, IFLA_XFRM_LINK, link); + } else { + fprintf(stderr, "must specify physical device\n"); + return -1; + } + + return 0; +} + +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) +{ + + if (!tb) + return; + + if (tb[IFLA_XFRM_IF_ID]) { + __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]); + + print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id); + + } + +} + +struct link_util xfrm_link_util = { + .id = "xfrm", + .maxattr = IFLA_XFRM_MAX, + .parse_opt = xfrm_parse_opt, + .print_opt = xfrm_print_opt, + .print_help = xfrm_print_help, +}; diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 73d37c19..53504657 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -221,7 +221,8 @@ ip-link \- network device configuration .BR vrf " |" .BR macsec " |" .BR netdevsim " |" -.BR rmnet " ]" +.BR rmnet " |" +.BR xfrm " ]" .ti -8 .IR ETYPE " := [ " TYPE " |" @@ -350,6 +351,9 @@ Link types: .sp .BR rmnet - Qualcomm rmnet device +.sp +.BR xfrm +- Virtual xfrm interface .in -8 .TP @@ -1704,6 +1708,27 @@ the following additional arguments are supported: .in -8 +.TP +XFRM Type Support +For a link of type +.I XFRM +the following additional arguments are supported: + +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]" + +.in +8 +.sp +.BI dev " PHYS_DEV " +- specifies the underlying physical interface from which transform traffic is sent and received. + +.sp +.BI if_id " IF-ID " +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm +policies. Policies must be configured with the same key. If not set, the key defaults to +0 and will match any policies which similarly do not have a lookup key configuration. + +.in -8 + .SS ip link delete - delete virtual link .TP diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t new file mode 100755 index 00000000..78ce28e0 --- /dev/null +++ b/testsuite/tests/ip/link/add_type_xfrm.t @@ -0,0 +1,32 @@ +#!/bin/sh + +. lib/generic.sh + +ts_log "[Testing Add XFRM Interface, With IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV + + +ts_log "[Testing Add XFRM Interface, No IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on_not "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV -- 2.20.1 -- Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.