From e37f8c8932104ea7fabe74dba521af61f3f86d16 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Tue, 30 Nov 2010 08:08:18 +0000 Subject: main/iproute2: support xfrm upper protocol gre key --- .../1-2-iproute2-treat-gre-key-as-number-1.patch | 55 +++++++ ...te2-support-xfrm-upper-protocol-gre-key-1.patch | 169 +++++++++++++++++++++ main/iproute2/APKBUILD | 8 +- 3 files changed, 230 insertions(+), 2 deletions(-) create mode 100644 main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch create mode 100644 main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch diff --git a/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch b/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch new file mode 100644 index 0000000000..1c4f4d0423 --- /dev/null +++ b/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch @@ -0,0 +1,55 @@ +From patchwork Wed Nov 24 08:18:57 2010 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: [1/2] iproute2: treat gre key as number +Date: Tue, 23 Nov 2010 22:18:57 -0000 +From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= +X-Patchwork-Id: 72811 +Message-Id: <1290586738-27056-1-git-send-email-timo.teras@iki.fi> +To: shemminger@linux-foundation.org, netdev@vger.kernel.org +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= + +Print GRE key as a regular number. It is not really an IPv4 address +and this is also how Cisco and Juniper treats GRE keys. Do keep the +parsing of dotted-quad format for backwards compatibility. + +Signed-off-by: Timo Teräs + +--- +ip/iptunnel.c | 10 +++------- + 1 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/ip/iptunnel.c b/ip/iptunnel.c +index 3525fbb..48faf69 100644 +--- a/ip/iptunnel.c ++++ b/ip/iptunnel.c +@@ -306,12 +306,8 @@ static void print_tunnel(struct ip_tunnel_parm *p) + struct ip_tunnel_6rd ip6rd; + char s1[1024]; + char s2[1024]; +- char s3[64]; +- char s4[64]; + + memset(&ip6rd, 0, sizeof(ip6rd)); +- inet_ntop(AF_INET, &p->i_key, s3, sizeof(s3)); +- inet_ntop(AF_INET, &p->o_key, s4, sizeof(s4)); + + /* Do not use format_host() for local addr, + * symbolic name will not be useful. +@@ -377,12 +373,12 @@ static void print_tunnel(struct ip_tunnel_parm *p) + } + + if ((p->i_flags&GRE_KEY) && (p->o_flags&GRE_KEY) && p->o_key == p->i_key) +- printf(" key %s", s3); ++ printf(" key %u", ntohl(p->i_key)); + else if ((p->i_flags|p->o_flags)&GRE_KEY) { + if (p->i_flags&GRE_KEY) +- printf(" ikey %s ", s3); ++ printf(" ikey %u ", ntohl(p->i_key)); + if (p->o_flags&GRE_KEY) +- printf(" okey %s ", s4); ++ printf(" okey %u ", ntohl(p->o_key)); + } + + if (p->i_flags&GRE_SEQ) diff --git a/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch b/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch new file mode 100644 index 0000000000..fb9de80d86 --- /dev/null +++ b/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch @@ -0,0 +1,169 @@ +From patchwork Wed Nov 24 08:18:58 2010 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: [2/2] iproute2: support xfrm upper protocol gre key +Date: Tue, 23 Nov 2010 22:18:58 -0000 +From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= +X-Patchwork-Id: 72812 +Message-Id: <1290586738-27056-2-git-send-email-timo.teras@iki.fi> +To: shemminger@linux-foundation.org, netdev@vger.kernel.org +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= + +Similar to tunnel side: accept dotted-quad and number formats. +Use regular number for printing the key. + +Signed-off-by: Timo Teräs + +--- +I decided to keep using get_addr32() and get_unsigned() since uclibc +inet_aton() does not accept all formats. + + ip/ipxfrm.c | 39 +++++++++++++++++++++++++++++++++++++++ + ip/xfrm_policy.c | 3 ++- + man/man8/ip.8 | 25 ++++++++++++++++--------- + 3 files changed, 57 insertions(+), 10 deletions(-) + +diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c +index 99a6756..9753822 100644 +--- a/ip/ipxfrm.c ++++ b/ip/ipxfrm.c +@@ -483,6 +483,12 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, + if (sel->dport_mask) + fprintf(fp, "code %u ", ntohs(sel->dport)); + break; ++ case IPPROTO_GRE: ++ if (sel->sport_mask || sel->dport_mask) ++ fprintf(fp, "key %u ", ++ (((__u32)ntohs(sel->sport)) << 16) + ++ ntohs(sel->dport)); ++ break; + case IPPROTO_MH: + if (sel->sport_mask) + fprintf(fp, "type %u ", ntohs(sel->sport)); +@@ -1086,6 +1092,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, + char *dportp = NULL; + char *typep = NULL; + char *codep = NULL; ++ char *grekey = NULL; + + while (1) { + if (strcmp(*argv, "proto") == 0) { +@@ -1162,6 +1169,29 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, + + filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL; + ++ } else if (strcmp(*argv, "key") == 0) { ++ unsigned uval; ++ ++ grekey = *argv; ++ ++ NEXT_ARG(); ++ ++ if (strchr(*argv, '.')) ++ uval = htonl(get_addr32(*argv)); ++ else { ++ if (get_unsigned(&uval, *argv, 0)<0) { ++ fprintf(stderr, "invalid value of \"key\"\n"); ++ exit(-1); ++ } ++ } ++ ++ sel->sport = htons(uval >> 16); ++ sel->dport = htons(uval & 0xffff); ++ sel->sport_mask = ~((__u16)0); ++ sel->dport_mask = ~((__u16)0); ++ ++ filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL; ++ + } else { + PREV_ARG(); /* back track */ + break; +@@ -1196,6 +1226,15 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, + exit(1); + } + } ++ if (grekey) { ++ switch (sel->proto) { ++ case IPPROTO_GRE: ++ break; ++ default: ++ fprintf(stderr, "\"key\" is invalid with proto=%s\n", strxf_proto(sel->proto)); ++ exit(1); ++ } ++ } + + *argcp = argc; + *argvp = argv; +diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c +index 121afa1..dcb3da4 100644 +--- a/ip/xfrm_policy.c ++++ b/ip/xfrm_policy.c +@@ -66,7 +66,8 @@ static void usage(void) + fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n"); + + fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n"); +- fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n"); ++ fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] |\n"); ++ fprintf(stderr, " [ key { DOTTED_QUAD | NUMBER } ] ]\n"); + + //fprintf(stderr, "DEV - device name(default=none)\n"); + +diff --git a/man/man8/ip.8 b/man/man8/ip.8 +index 1a73efa..c1e03f3 100644 +--- a/man/man8/ip.8 ++++ b/man/man8/ip.8 +@@ -547,7 +547,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" + .RB " [ " type + .IR NUMBER " ] " + .RB " [ " code +-.IR NUMBER " ]] " ++.IR NUMBER " ] | " ++.br ++.RB " [ " key ++.IR KEY " ]] " + + .ti -8 + .IR LIMIT-LIST " := [ " LIMIT-LIST " ] |" +@@ -642,7 +645,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" + .RB " [ " type + .IR NUMBER " ] " + .RB " [ " code +-.IR NUMBER " ] ] " ++.IR NUMBER " ] | " ++.br ++.RB " [ " key ++.IR KEY " ] ] " + + .ti -8 + .IR ACTION " := " +@@ -2487,9 +2493,11 @@ is defined by source port + .BR sport ", " + destination port + .BR dport ", " type +-as number and ++as number, + .B code +-also number. ++also number and ++.BR key ++as dotted-quad or number. + + .TP + .BI dev " DEV " +@@ -2556,11 +2564,10 @@ and the other choice is + .TP + .IR UPSPEC + is specified by +-.BR sport ", " +-.BR dport ", " type +-and +-.B code +-(NUMBER). ++.BR sport " and " dport " (for UDP/TCP), " ++.BR type " and " code " (for ICMP; as number) or " ++.BR key " (for GRE; as dotted-quad or number)." ++. + + .SS ip xfrm monitor - is used for listing all objects or defined group of them. + The diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD index 5d1b992134..32f2acd7d9 100644 --- a/main/iproute2/APKBUILD +++ b/main/iproute2/APKBUILD @@ -2,7 +2,7 @@ pkgname=iproute2 pkgver=2.6.35 _realver=$pkgver -pkgrel=2 +pkgrel=3 pkgdesc="IP Routing Utilities" url="http://www.linux-foundation.org/en/Net:Iproute2" license="GPL2" @@ -14,6 +14,8 @@ source="http://devresources.linux-foundation.org/dev/iproute2/download/$pkgname- 0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch 0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch 0003-Snapshot-for-2.6.35.1.patch + 1-2-iproute2-treat-gre-key-as-number-1.patch + 2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch " prepare() { @@ -43,4 +45,6 @@ package() { md5sums="b0f281b3124bf04669e18f5fe16d4934 iproute2-2.6.35.tar.bz2 50992f46dd2a75ececdc5e54309e6b25 0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch dbe155ebdb22fb2b30635c0bd2431c5b 0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch -084c0ee27a955d448705bbe51b70dc11 0003-Snapshot-for-2.6.35.1.patch" +084c0ee27a955d448705bbe51b70dc11 0003-Snapshot-for-2.6.35.1.patch +a9ea5a0c50d8dbeafaff802318fcfac9 1-2-iproute2-treat-gre-key-as-number-1.patch +ae6a91f9633a810f37854b8a2f5e19df 2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch" -- cgit v1.2.3