From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0E8DC4360F for ; Thu, 4 Apr 2019 14:08:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 86C732147C for ; Thu, 4 Apr 2019 14:08:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=arroyo.io header.i=@arroyo.io header.b="jAUyrxF4" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728557AbfDDOIw (ORCPT ); Thu, 4 Apr 2019 10:08:52 -0400 Received: from mail-it1-f194.google.com ([209.85.166.194]:38210 "EHLO mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726618AbfDDOIv (ORCPT ); Thu, 4 Apr 2019 10:08:51 -0400 Received: by mail-it1-f194.google.com with SMTP id f22so3872278ita.3 for ; Thu, 04 Apr 2019 07:08:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arroyo.io; s=google; h=date:from:to:cc:subject:message-id:mime-version; bh=bYJUaQv8CWKLJz3v7RKN0mxX/JI0ctmdpS6x1aXOY9w=; b=jAUyrxF4x4nT6tZwx9Le8Vub0vtATv+UnKdn8KeNqH8TGq21TVBuJd2EoZONdTa+pC 5v5mIwWs9arhFpO/l5JSNiuH1D9BCjPpdYZqDYwBiBhF/6AFG8GeC0iG4AqvF6Beidyi mlT5wjC2+/8ICWtSMcRJV/UMS+EZsmZinAoTJj9rPFelLBrjA+fcGQx8lf/HL2I+A3lj zr3lK/tnm+Diz/FWcmNMldSLAvzGgFF5bUq1KtnfJk+wHQ9/BachypemV7L5nN53hCk7 wpuwndSsT3jSXS+hh7iZR+V4l3I2+VjmX/4ZvcLsBzSFBb+mD3rqS5uvRno0aABA3b0R X1gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version; bh=bYJUaQv8CWKLJz3v7RKN0mxX/JI0ctmdpS6x1aXOY9w=; b=nGqlLd6hYZNoeCok8+gybAWY1zVP+aGrgAaZ68+I6PykEutBEE0SlSVGHglcA9Zqgv 1pxsF2hFkpZbbihd+5iie87MPnNiRibrzetyuGB4qisB9qtNaWfFdJILTM8s+WKZMloE EX+NZ56VgHxx6EMuu116dktULMqslrj8RLKHrVSlhkk5p/3cIvSNa3wfgVHD/pqYQH4e pzgewLBHQG033UvsRLJTCrSkEsvqZYbbKTrITz29zWx5NGuR9pkP5vt4038/ffmOKJs8 +VfZ+LrxOK4Zyct36DsuED9PGIvZYTqJ8ozNbMPGjDhJowLLmKAoGJi8kh9/k0BznTNS Hrfg== X-Gm-Message-State: APjAAAW51TpR4jm+Kck0hKgSCjzHD+yuyq3feuPttFURc6cYIh7CRkaJ 2UjYsqgpZFTJNfB5bRCPrMTjYa4GfrcNbltZOQB2kcyVYGSuoY+2ScRcUq5VwfXl+YOLK1rgC0T o2OUHlItQtMfmSyzXng== X-Google-Smtp-Source: APXvYqxc+d5Fq9RLfXPht55u4a2FSuqHdD9522IDWPDadWrv7RnkZLghXeqTMOtRcDvH1+WbK467OA== X-Received: by 2002:a24:59c1:: with SMTP id p184mr4665344itb.158.1554386930079; Thu, 04 Apr 2019 07:08:50 -0700 (PDT) Received: from aquamarine (047-006-040-041.res.spectrum.com. [47.6.40.41]) by smtp.gmail.com with ESMTPSA id q2sm7792070ioh.4.2019.04.04.07.08.49 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 04 Apr 2019 07:08:49 -0700 (PDT) Date: Thu, 4 Apr 2019 10:08:45 -0400 From: Matt Ellison To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, dsahern@gmail.com, jmg@6wind.com, m.augustine@arroyo.io Subject: [PATCH v3 iproute2] ip: support for xfrm interfaces Message-ID: <20190404100845.59418fa0@aquamarine> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Interfaces take a 'if_id' which is an interface id which can be set on an xfrm policy as its interface lookup key (XFRMA_IF_ID). Signed-off-by: Matt Ellison --- My apologies for taking so long to get v3 out: v3 Changes: * Only set IF_ID if set on command line. ip/Makefile | 2 +- ip/iplink.c | 3 +- ip/link_xfrm.c | 77 +++++++++++++++++++++++++ man/man8/ip-link.8.in | 27 ++++++++- testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++ 5 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 ip/link_xfrm.c create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t diff --git a/ip/Makefile b/ip/Makefile index a88f9366..7ce6e91a 100644 --- a/ip/Makefile +++ b/ip/Makefile @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \ iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \ iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ + iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \ iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \ iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \ diff --git a/ip/iplink.c b/ip/iplink.c index 5a3c9613..7952cb2b 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -121,7 +121,8 @@ void iplink_usage(void) " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n" " gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n" " vti | nlmon | team_slave | bond_slave | bridge_slave |\n" - " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n"); + " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n" + " xfrm }\n"); } exit(-1); } diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c new file mode 100644 index 00000000..79a902fd --- /dev/null +++ b/ip/link_xfrm.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * link_xfrm.c Virtual XFRM Interface driver module + * + * Authors: Matt Ellison + */ + +#include +#include + +#include "rt_names.h" +#include "utils.h" +#include "ip_common.h" +#include "tunnel.h" + +static void xfrm_print_help(struct link_util *lu, int argc, char **argv, + FILE *f) +{ + fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id); + fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n"); +} + +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) +{ + unsigned int link = 0; + __u32 if_id = 0; + + while (argc > 0) { + if (!matches(*argv, "dev")) { + NEXT_ARG(); + link = ll_name_to_index(*argv); + if (!link) + exit(nodev(*argv)); + } else if (!matches(*argv, "if_id")) { + NEXT_ARG(); + if (!get_u32(&if_id, *argv, 0)) + addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id); + } else { + xfrm_print_help(lu, argc, argv, stderr); + return -1; + } + argc--; argv++; + } + + if (link) { + addattr32(n, 1024, IFLA_XFRM_LINK, link); + } else { + fprintf(stderr, "must specify physical device\n"); + return -1; + } + + return 0; +} + +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) +{ + + if (!tb) + return; + + if (tb[IFLA_XFRM_IF_ID]) { + __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]); + + print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id); + + } + +} + +struct link_util xfrm_link_util = { + .id = "xfrm", + .maxattr = IFLA_XFRM_MAX, + .parse_opt = xfrm_parse_opt, + .print_opt = xfrm_print_opt, + .print_help = xfrm_print_help, +}; diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 988314e1..2411d43e 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -221,7 +221,8 @@ ip-link \- network device configuration .BR vrf " |" .BR macsec " |" .BR netdevsim " |" -.BR rmnet " ]" +.BR rmnet " |" +.BR xfrm " ]" .ti -8 .IR ETYPE " := [ " TYPE " |" @@ -350,6 +351,9 @@ Link types: .sp .BR rmnet - Qualcomm rmnet device +.sp +.BR xfrm +- Virtual xfrm interface .in -8 .TP @@ -1741,6 +1745,27 @@ the following additional arguments are supported: .in -8 +.TP +XFRM Type Support +For a link of type +.I XFRM +the following additional arguments are supported: + +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]" + +.in +8 +.sp +.BI dev " PHYS_DEV " +- specifies the underlying physical interface from which transform traffic is sent and received. + +.sp +.BI if_id " IF-ID " +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm +policies. Policies must be configured with the same key. If not set, the key defaults to +0 and will match any policies which similarly do not have a lookup key configuration. + +.in -8 + .SS ip link delete - delete virtual link .TP diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t new file mode 100755 index 00000000..78ce28e0 --- /dev/null +++ b/testsuite/tests/ip/link/add_type_xfrm.t @@ -0,0 +1,32 @@ +#!/bin/sh + +. lib/generic.sh + +ts_log "[Testing Add XFRM Interface, With IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV + + +ts_log "[Testing Add XFRM Interface, No IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on_not "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV -- 2.21.0 -- Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.