| 2c319e1ab7ebd371c0230f549890ae6c8ba49c8e |
|
03-Feb-2011 |
Joy Latten <jml@austin.ibm.com> |
xfrm security context support
In the Linux kernel, ipsec policy and SAs can include a
security context to support MAC networking. This feature
is often referred to as "labeled ipsec".
This patchset adds security context support into ip xfrm
such that a security context can be included when
add/delete/display SAs and policies with the ip command.
The user provides the security context when adding
SAs and policies. If a policy or SA contains a security
context, the changes allow the security context to be displayed.
For example,
ip xfrm state
src 10.1.1.6 dst 10.1.1.2
proto esp spi 0x00000301 reqid 0 mode transport
replay-window 0
auth hmac(digest_null) 0x3078
enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
security context root:system_r:unconfined_t:s0
Please let me know if all is ok with the patchset.
Thanks!!
regards,
Joy
Signed-off-by: Joy Latten <latten@austin.ibm.com>
/external/iproute2/ip/xfrm.h
|
| f6fd52e626d7897e9df03331dbeb149beacb53ba |
|
23-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Introduce xfrm by mark
This patch carries basic infrastructure.
You need to make sure that the proper include/linux/xfrm.h is included
for it to compile.
Example:
/external/iproute2/ip/xfrm.h
|
| c1cdf2d2148ddeff9c622bdcc0671ffe002b7cd8 |
|
06-Aug-2009 |
Stephen Hemminger <stephen.hemminger@vyatta.com> |
Fix typo in IPPROTO_DCCP
/external/iproute2/ip/xfrm.h
|
| efe69c1b7220e6c89bc5ccbeceeadf7c9e09768b |
|
24-Aug-2007 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
ip: xfrm: Fix flush message.
Fix xfrm state or policy flush message.
And minor updates are included:
o Use static buffer to show unknown value as string.
o Show policy type (ptype) only when kernel specified it.
o Clean-up xfrm_monitor.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm.h
|
| c1fa2253241f3cddac3519700549f98d7840b864 |
|
24-Aug-2007 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
ip: xfrm: Fix policy and state flags.
o Support policy flag with string format.
Note that kernel defines only one name "localok" for the flag
and it has not had any effect currently.
o Support state flag value XFRM_STATE_NOPMTUDISC.
o Fix to show detailed flags value when "-s" option is used.
o Fix minor typo.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm.h
|
| 0bb4a4c20c9deeac26f7239d83c8747c4dfb4d89 |
|
04-May-2007 |
jamal <hadi@cyberus.ca> |
see SAD info
Stephen,
Use this patch instead of the one i sent yesterday.
As before, you will need to pull include/linux/xfrm.h from
net-2.6 once Dave applies the kernel patch.
cheers,
jamal
[XFRM] see SAD info
i.e instead of something like ip xfrm state ls | grep -i src | wc -l
do:
ip xfrm state count
And you get the count; you can also pass -s to the command line and
get the hash info.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm.h
|
| ae665a522bd46bea44c5ea84c89c8b1731954170 |
|
05-Dec-2006 |
Stephen Hemminger <shemminger@osdl.org> |
Remove trailing whitespace
Go through source files and remove all trailing whitespace
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm.h
|
| 0bf0fbc47e33cc968c1c1d20d938de31e497c753 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: Mobility header support.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm.h
|
| c54f31eeb3a1fe35359ffa40cf7bb31c18bc75a1 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: support report message by monitor.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm.h
|
| 7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: Mobile IPv6 route optimization support.
To support Mobile IPv6 RO, the following extension is included:
o Use XFRM_MODE_XXX macro instead of magic number
o New attribute option for all state: source address for
deleting or getting message
o New attribute options for RO: care-of address, last-used timestamp
and wild-receive flag
Note:
Flush command like `ip xfrm state flush` is to remove all XFRM state.
It has been effected for IPsec SAD but with this patch it flushes both
IPsec SAD and Mobile IPv6 RO states.
To make only IPsec SA flush, it is recommanded to specify each XFRM
protocol like below:
`ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp`
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm.h
|
| 972938e9e685156b97413d17ad8993de61fdd1b9 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: sub policy support.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm.h
|
| 27356a5e000effe0060940c767547dd95235795c |
|
12-Jan-2006 |
shemminger <shemminger> |
ndle DCCP in ipxfrm.c to allow using port numbers in the selector.
/external/iproute2/ip/xfrm.h
|
| 669ae748d6ae3a476090f7dc48dd0fa6d246f77e |
|
07-Nov-2005 |
shemminger <shemminger> |
Minor fixes from Masahide for XFRM dynamic keying
/external/iproute2/ip/xfrm.h
|
| 48f1ef9f1558735b27c8e4b910b6a0ab9b6019ad |
|
22-Mar-2005 |
linux-ipv6.org!nakam <linux-ipv6.org!nakam> |
split printing state/policy info function for xfrm common use.
(Logical change 1.175)
/external/iproute2/ip/xfrm.h
|
| 5cf576d928c515ce8dea2500154a291477ce38ba |
|
10-Mar-2005 |
osdl.net!shemminger <osdl.net!shemminger> |
Add Esp-in-udp encapsulation
(Logical change 1.152)
/external/iproute2/ip/xfrm.h
|
| 43d9d2de044dbba5ebc2903dc66e89ee8ee0a20b |
|
18-Jan-2005 |
7!tgraf <7!tgraf> |
Remove obsolete XFRM_MAX_DEPTH and fix xfrm_xfrma_print prototype
(Logical change 1.129)
/external/iproute2/ip/xfrm.h
|
| eaa34ee35d6b801cabb96aafce2ca410e3f5b31d |
|
18-Jan-2005 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute2.117
(Logical change 1.119)
/external/iproute2/ip/xfrm.h
|
| 63d91b4fda9cfb3f2f0a9dd0f1ce409850452ddc |
|
21-Oct-2004 |
osdl.net!shemminger <osdl.net!shemminger> |
Fix for older /usr/include headers.
(Logical change 1.105)
/external/iproute2/ip/xfrm.h
|
| 29aa4dd76c0c1877d50b2d643eb081d5477ceadf |
|
28-Sep-2004 |
org[shemminger]!nakam <org[shemminger]!nakam> |
[iproute2] XFRM: fixing protocol
(Logical change 1.84)
/external/iproute2/ip/xfrm.h
|
| 7809c61688c4a30799a07c727616887e5c885ab8 |
|
12-Aug-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch xrfm-msg.patch
(Logical change 1.64)
/external/iproute2/ip/xfrm.h
|
| 30ff5089c4189e7ce0b462b16045dca04aba1765 |
|
30-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute-xfrm.3
(Logical change 1.58)
/external/iproute2/ip/xfrm.h
|
| c7699875bee00fbcd057fc62c30d6560b044e007 |
|
07-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch ipxfrm-20040707_2.diff
(Logical change 1.53)
/external/iproute2/ip/xfrm.h
|
| 7798b5237ef2b710c87f7f052d134d2180ffbd5c |
|
07-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Initial revision
/external/iproute2/ip/xfrm.h
|