diff options
| author | Sabrina Dubroca <sd@queasysnail.net> | 2020-01-19 11:32:09 +0100 |
|---|---|---|
| committer | David Ahern <dsahern@gmail.com> | 2020-01-22 03:42:01 +0000 |
| commit | 22aec42679d57b8e0aef864c4d45feadb727c3ce (patch) | |
| tree | 415b57a09f321f35d3c516d8455d41fd4118b3b1 | |
| parent | 4df5ad933ca8cebf23a4868061b28ab869e9b77a (diff) | |
| download | iproute2-22aec42679d57b8e0aef864c4d45feadb727c3ce.tar.gz | |
ip: xfrm: add espintcp encapsulation
While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use
the UAPI macros for encap_type as suggested by David Ahern, and add the
UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP
definition).
Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David Ahern <dsahern@gmail.com>
| -rw-r--r-- | ip/ipxfrm.c | 14 | ||||
| -rw-r--r-- | ip/xfrm_state.c | 2 | ||||
| -rw-r--r-- | man/man8/ip-xfrm.8 | 4 |
3 files changed, 13 insertions, 7 deletions
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index 32f560933..fec206abc 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -34,6 +34,7 @@ #include <netdb.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> +#include <linux/udp.h> #include "utils.h" #include "xfrm.h" @@ -753,12 +754,15 @@ void xfrm_xfrma_print(struct rtattr *tb[], __u16 family, fprintf(fp, "type "); switch (e->encap_type) { - case 1: + case UDP_ENCAP_ESPINUDP_NON_IKE: fprintf(fp, "espinudp-nonike "); break; - case 2: + case UDP_ENCAP_ESPINUDP: fprintf(fp, "espinudp "); break; + case TCP_ENCAP_ESPINTCP: + fprintf(fp, "espintcp "); + break; default: fprintf(fp, "%u ", e->encap_type); break; @@ -1208,9 +1212,11 @@ int xfrm_encap_type_parse(__u16 *type, int *argcp, char ***argvp) char **argv = *argvp; if (strcmp(*argv, "espinudp-nonike") == 0) - *type = 1; + *type = UDP_ENCAP_ESPINUDP_NON_IKE; else if (strcmp(*argv, "espinudp") == 0) - *type = 2; + *type = UDP_ENCAP_ESPINUDP; + else if (strcmp(*argv, "espintcp") == 0) + *type = TCP_ENCAP_ESPINTCP; else invarg("ENCAP-TYPE value is invalid", *argv); diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index b03ccc580..df2d50c38 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -130,7 +130,7 @@ static void usage(void) "LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n" "LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n" " { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n" - "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n" + "ENCAP := { espinudp | espinudp-nonike | espintcp } SPORT DPORT OADDR\n" "DIR := in | out\n"); exit(-1); diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index cfce1e40b..f99f30bb4 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -207,7 +207,7 @@ ip-xfrm \- transform configuration .ti -8 .IR ENCAP " :=" -.RB "{ " espinudp " | " espinudp-nonike " }" +.RB "{ " espinudp " | " espinudp-nonike " | " espintcp " }" .IR SPORT " " DPORT " " OADDR .ti -8 @@ -548,7 +548,7 @@ sets limits in seconds, bytes, or numbers of packets. .TP .I ENCAP encapsulates packets with protocol -.BR espinudp " or " espinudp-nonike "," +.BR espinudp ", " espinudp-nonike ", or " espintcp "," .RI "using source port " SPORT ", destination port " DPORT .RI ", and original address " OADDR "." |