aboutsummaryrefslogtreecommitdiffstats
path: root/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch')
-rw-r--r--main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch169
1 files changed, 169 insertions, 0 deletions
diff --git a/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch b/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch
new file mode 100644
index 0000000000..fb9de80d86
--- /dev/null
+++ b/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch
@@ -0,0 +1,169 @@
+From patchwork Wed Nov 24 08:18:58 2010
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: [2/2] iproute2: support xfrm upper protocol gre key
+Date: Tue, 23 Nov 2010 22:18:58 -0000
+From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?=
+X-Patchwork-Id: 72812
+Message-Id: <1290586738-27056-2-git-send-email-timo.teras@iki.fi>
+To: shemminger@linux-foundation.org, netdev@vger.kernel.org
+Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+
+Similar to tunnel side: accept dotted-quad and number formats.
+Use regular number for printing the key.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+
+---
+I decided to keep using get_addr32() and get_unsigned() since uclibc
+inet_aton() does not accept all formats.
+
+ ip/ipxfrm.c | 39 +++++++++++++++++++++++++++++++++++++++
+ ip/xfrm_policy.c | 3 ++-
+ man/man8/ip.8 | 25 ++++++++++++++++---------
+ 3 files changed, 57 insertions(+), 10 deletions(-)
+
+diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
+index 99a6756..9753822 100644
+--- a/ip/ipxfrm.c
++++ b/ip/ipxfrm.c
+@@ -483,6 +483,12 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
+ if (sel->dport_mask)
+ fprintf(fp, "code %u ", ntohs(sel->dport));
+ break;
++ case IPPROTO_GRE:
++ if (sel->sport_mask || sel->dport_mask)
++ fprintf(fp, "key %u ",
++ (((__u32)ntohs(sel->sport)) << 16) +
++ ntohs(sel->dport));
++ break;
+ case IPPROTO_MH:
+ if (sel->sport_mask)
+ fprintf(fp, "type %u ", ntohs(sel->sport));
+@@ -1086,6 +1092,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
+ char *dportp = NULL;
+ char *typep = NULL;
+ char *codep = NULL;
++ char *grekey = NULL;
+
+ while (1) {
+ if (strcmp(*argv, "proto") == 0) {
+@@ -1162,6 +1169,29 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
+
+ filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
+
++ } else if (strcmp(*argv, "key") == 0) {
++ unsigned uval;
++
++ grekey = *argv;
++
++ NEXT_ARG();
++
++ if (strchr(*argv, '.'))
++ uval = htonl(get_addr32(*argv));
++ else {
++ if (get_unsigned(&uval, *argv, 0)<0) {
++ fprintf(stderr, "invalid value of \"key\"\n");
++ exit(-1);
++ }
++ }
++
++ sel->sport = htons(uval >> 16);
++ sel->dport = htons(uval & 0xffff);
++ sel->sport_mask = ~((__u16)0);
++ sel->dport_mask = ~((__u16)0);
++
++ filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
++
+ } else {
+ PREV_ARG(); /* back track */
+ break;
+@@ -1196,6 +1226,15 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel,
+ exit(1);
+ }
+ }
++ if (grekey) {
++ switch (sel->proto) {
++ case IPPROTO_GRE:
++ break;
++ default:
++ fprintf(stderr, "\"key\" is invalid with proto=%s\n", strxf_proto(sel->proto));
++ exit(1);
++ }
++ }
+
+ *argcp = argc;
+ *argvp = argv;
+diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
+index 121afa1..dcb3da4 100644
+--- a/ip/xfrm_policy.c
++++ b/ip/xfrm_policy.c
+@@ -66,7 +66,8 @@ static void usage(void)
+ fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n");
+
+ fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n");
+- fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n");
++ fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] |\n");
++ fprintf(stderr, " [ key { DOTTED_QUAD | NUMBER } ] ]\n");
+
+ //fprintf(stderr, "DEV - device name(default=none)\n");
+
+diff --git a/man/man8/ip.8 b/man/man8/ip.8
+index 1a73efa..c1e03f3 100644
+--- a/man/man8/ip.8
++++ b/man/man8/ip.8
+@@ -547,7 +547,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
+ .RB " [ " type
+ .IR NUMBER " ] "
+ .RB " [ " code
+-.IR NUMBER " ]] "
++.IR NUMBER " ] | "
++.br
++.RB " [ " key
++.IR KEY " ]] "
+
+ .ti -8
+ .IR LIMIT-LIST " := [ " LIMIT-LIST " ] |"
+@@ -642,7 +645,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
+ .RB " [ " type
+ .IR NUMBER " ] "
+ .RB " [ " code
+-.IR NUMBER " ] ] "
++.IR NUMBER " ] | "
++.br
++.RB " [ " key
++.IR KEY " ] ] "
+
+ .ti -8
+ .IR ACTION " := "
+@@ -2487,9 +2493,11 @@ is defined by source port
+ .BR sport ", "
+ destination port
+ .BR dport ", " type
+-as number and
++as number,
+ .B code
+-also number.
++also number and
++.BR key
++as dotted-quad or number.
+
+ .TP
+ .BI dev " DEV "
+@@ -2556,11 +2564,10 @@ and the other choice is
+ .TP
+ .IR UPSPEC
+ is specified by
+-.BR sport ", "
+-.BR dport ", " type
+-and
+-.B code
+-(NUMBER).
++.BR sport " and " dport " (for UDP/TCP), "
++.BR type " and " code " (for ICMP; as number) or "
++.BR key " (for GRE; as dotted-quad or number)."
++.
+
+ .SS ip xfrm monitor - is used for listing all objects or defined group of them.
+ The