From patchwork Tue Jan 1 17:40:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Ellison X-Patchwork-Id: 1019783 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=arroyo.io Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=arroyo.io header.i=@arroyo.io header.b="DBviHvXB"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43ThK55707z9rxp for ; Wed, 2 Jan 2019 04:40:09 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726094AbfAARkG (ORCPT ); Tue, 1 Jan 2019 12:40:06 -0500 Received: from mail-io1-f67.google.com ([209.85.166.67]:41648 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725931AbfAARkG (ORCPT ); Tue, 1 Jan 2019 12:40:06 -0500 Received: by mail-io1-f67.google.com with SMTP id s22so23042178ioc.8 for ; Tue, 01 Jan 2019 09:40:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arroyo.io; s=google; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version; bh=LdjMtoFBiEn2rdEjdNhmr22eztTXWhq0z5JFKC9STkc=; b=DBviHvXBS05xpp+64wY0Bzwsxg5P0lih0OUsj5T6jsACF2cVjFynuoy+K3HVdtl3jw I0WXj948vN4s9UJRIQc9qFw8QPjkaa3aVX0O43Iu0stuSTXitIuxbmL8q7P3Mc6Z+3QP lNn6qz8hOWebnlbLIJuMOrKsN4tNohtOtKDq6sdENinJyFzYrpwVOas8Q7N0kL+CL0Ed XsjPy1Aw5nuliuigyFilz4q+O87dDCwp4vqHznl7Z4N5sEEnGfgXvzj/JCgjvQl2e8u7 Y2wmSrALLcCPW7zdPTOMm8iiQaXeAQQ0fO4O9b4JWXt0HgRrhwGnkZEMluAtY9njJH96 ormg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version; bh=LdjMtoFBiEn2rdEjdNhmr22eztTXWhq0z5JFKC9STkc=; b=DUP8Jv0uA+ykCopprdnpMKCxZxS7FZTYV4xpuXYwdKPjfOjXNiYGK4/wVSETDW0deB /Ab0VjdVQCbzwO8yI137fSjbrNsBOXeV+/JOjQ2huDhZto+4s+SEHFrOHg3KaAD0VJxk NAvuQujrESqPmH93FRUgP4UYe79dhz9j1OMM2Mz1jZgvZ8vuk5HfpiN4rUZkGwSL1bl/ bIbzceycfhZcbITsY7pOgqo6CWiVFoPa8CKwVLUbNaPjlOcG6K20exADFQkogbMh0VMH 5gvbNib4/CIpO/tYhKiULPh0IfL0e/iWnlGijgNeDmEDabExWC9DkLK90ffhMmaPaIlJ 64EA== X-Gm-Message-State: AJcUukfHFEOusbf4ThOjzQy3+1DrL5ksSVAg5gdDUp4SSbzxAcqJKi6c nstzuiLoplPHgBmABMRNzh9Ma68EW6d3rns530xMz4vqGls5FbiK0IQX7r9r4E7BDga6rhtF88u A0pqfsYwQZ40fzb1mVg== X-Google-Smtp-Source: ALg8bN5q+fJKFNv3kH8J0tvA/no6u/1Kyx8hXAll+CqSjj+GaCtjvTkiPseBrPcMBvoNdNOR7bIWtA== X-Received: by 2002:a6b:8d11:: with SMTP id p17mr29138479iod.74.1546364404829; Tue, 01 Jan 2019 09:40:04 -0800 (PST) Received: from aquamarine (97-95-81-125.dhcp.mrqt.mi.charter.com. [97.95.81.125]) by smtp.gmail.com with ESMTPSA id x6sm5384268iol.19.2019.01.01.09.40.04 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 01 Jan 2019 09:40:04 -0800 (PST) Date: Tue, 1 Jan 2019 12:40:01 -0500 From: Matt Ellison To: Stephen Hemminger Cc: netdev@vger.kernel.org Subject: [PATCH iproute2] ip: support for xfrm interfaces Message-ID: <20190101124001.28e58469@aquamarine> In-Reply-To: <20181231221122.1829f0f1@shemminger-XPS-13-9360> References: <20181228103211.2023498c@aquamarine> <20181231221122.1829f0f1@shemminger-XPS-13-9360> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Support for new (4.19+) xfrm virtual interfaces. Interfaces take a 'if_id' which is an interface id which can be set on an xfrm policy as its interface lookup key (XFRMA_IF_ID). Signed-off-by: Matt Ellison Tested-by: Antony Antony Tested-by: Antony Antony --- ip/Makefile | 2 +- ip/iplink.c | 3 +- ip/link_xfrm.c | 79 +++++++++++++++++++++++++ man/man8/ip-link.8.in | 27 ++++++++- testsuite/tests/ip/link/add_type_xfrm.t | 32 ++++++++++ 5 files changed, 140 insertions(+), 3 deletions(-) create mode 100644 ip/link_xfrm.c create mode 100755 testsuite/tests/ip/link/add_type_xfrm.t diff --git a/ip/Makefile b/ip/Makefile index a88f9366..7ce6e91a 100644 --- a/ip/Makefile +++ b/ip/Makefile @@ -5,7 +5,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \ iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \ iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \ - iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \ + iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o link_xfrm.o \ iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \ link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \ iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \ diff --git a/ip/iplink.c b/ip/iplink.c index b5519201..f61e570a 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -121,7 +121,8 @@ void iplink_usage(void) " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n" " gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |\n" " vti | nlmon | team_slave | bond_slave | bridge_slave |\n" - " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet }\n"); + " ipvlan | ipvtap | geneve | vrf | macsec | netdevsim | rmnet |\n" + " xfrm }\n"); } exit(-1); } diff --git a/ip/link_xfrm.c b/ip/link_xfrm.c new file mode 100644 index 00000000..1115fde5 --- /dev/null +++ b/ip/link_xfrm.c @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * link_xfrm.c Virtual XFRM Interface driver module + * + * Authors: Matt Ellison + */ + +#include +#include + +#include "rt_names.h" +#include "utils.h" +#include "ip_common.h" +#include "tunnel.h" + +static void xfrm_print_help(struct link_util *lu, int argc, char **argv, + FILE *f) +{ + fprintf(f, "Usage: ... %-4s dev PHYS_DEV [ if_id IF-ID ]\n", lu->id); + fprintf(f, "\nWhere: IF-ID := { 0x0..0xffffffff }\n"); +} + +static int xfrm_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) +{ + unsigned int link = 0; + __u32 if_id = 0; + + while (argc > 0) { + if (!matches(*argv, "dev")) { + NEXT_ARG(); + link = ll_name_to_index(*argv); + if (!link) + exit(nodev(*argv)); + } else if (!matches(*argv, "if_id")) { + NEXT_ARG(); + if (get_u32(&if_id, *argv, 0)) + invarg("if_id", *argv); + } else { + xfrm_print_help(lu, argc, argv, stderr); + return -1; + } + argc--; argv++; + } + + addattr32(n, 1024, IFLA_XFRM_IF_ID, if_id); + + if (link) { + addattr32(n, 1024, IFLA_XFRM_LINK, link); + } else { + fprintf(stderr, "must specify physical device\n"); + return -1; + } + + return 0; +} + +static void xfrm_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) +{ + + if (!tb) + return; + + if (tb[IFLA_XFRM_IF_ID]) { + __u32 id = rta_getattr_u32(tb[IFLA_XFRM_IF_ID]); + + print_0xhex(PRINT_ANY, "if_id", "if_id %#llx ", id); + + } + +} + +struct link_util xfrm_link_util = { + .id = "xfrm", + .maxattr = IFLA_XFRM_MAX, + .parse_opt = xfrm_parse_opt, + .print_opt = xfrm_print_opt, + .print_help = xfrm_print_help, +}; diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 5132f514..a361101a 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -221,7 +221,8 @@ ip-link \- network device configuration .BR vrf " |" .BR macsec " |" .BR netdevsim " |" -.BR rmnet " ]" +.BR rmnet " |" +.BR xfrm " ]" .ti -8 .IR ETYPE " := [ " TYPE " |" @@ -350,6 +351,9 @@ Link types: .sp .BR rmnet - Qualcomm rmnet device +.sp +.BR xfrm +- Virtual xfrm interface .in -8 .TP @@ -1676,6 +1680,27 @@ the following additional arguments are supported: .in -8 +.TP +XFRM Type Support +For a link of type +.I XFRM +the following additional arguments are supported: + +.BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]" + +.in +8 +.sp +.BI dev " PHYS_DEV " +- specifies the underlying physical interface from which transform traffic is sent and received. + +.sp +.BI if_id " IF-ID " +- specifies the hexadecimal lookup key used to send traffic to and from specific xfrm +policies. Policies must be configured with the same key. If not set, the key defaults to +0 and will match any policies which similarly do not have a lookup key configuration. + +.in -8 + .SS ip link delete - delete virtual link .TP diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t new file mode 100755 index 00000000..78ce28e0 --- /dev/null +++ b/testsuite/tests/ip/link/add_type_xfrm.t @@ -0,0 +1,32 @@ +#!/bin/sh + +. lib/generic.sh + +ts_log "[Testing Add XFRM Interface, With IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV + + +ts_log "[Testing Add XFRM Interface, No IF-ID]" + +PHYS_DEV="lo" +NEW_DEV="$(rand_dev)" +IF_ID="0xf" + +ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV + +ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +test_on "$NEW_DEV" +test_on_not "if_id $IF_ID" + +ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV