Cross Reference: /external/iproute2/ip/xfrm

History log of /external/iproute2/ip/xfrm_state.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
b082b9f9ad94f08d3f3d2e617f71dbaf3751ccad	08-Sep-2010	Dmitry Shmidt <dimitrysh@google.com>	iproute2: Add ip utility Change-Id: If7072c8d1b2d23c4383a452a4b0afddad779f3c1 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> /external/iproute2/ip/xfrm_state.c
cd70f3f522e04b4d2fa80ae10292379bf223a53b	28-Dec-2011	Stephen Hemminger <shemminger@vyatta.com>	libnetlink: remove unused junk callback Both rtnl_talk and rtnl_dump had a callback for handling portions of netlink message that do not match the correct pid or seq. But this callback was never used by any part of iproute2 so remove it. /external/iproute2/ip/xfrm_state.c
cbec0219132afd1749e1b8852b8b3729988af841	11-Jun-2011	David Ward <david.ward@ll.mit.edu>	xfrm: Update documentation The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output are updated to include missing options, fix errors, and improve grammar. There are no functional changes made. The documentation for the ip command has many different meanings for the same formatting symbols (which really needs to be fixed). This patch makes consistent use of brackets [ ] to indicate optional parameters, pipes \| to mean "OR", braces { } to group things together, and dashes - instead of underscores _ inside of parameter names. The parameters are listed in the order in which they are parsed in the source code. There are several parameters and options that are still not mentioned or need to be described more thoroughly in the "COMMAND SYNTAX" section of the ip(8) man page. I would appreciate help from the developers with this. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/xfrm_state.c
98f5519cd9db9d1ca58c49af27698101c8fff373	01-Feb-2011	Nicolas Dichtel <nicolas.dichtel@6wind.com>	iproute2: add support of flag XFRM_STATE_ALIGN4 Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/xfrm_state.c
f323f2a32c3b9c29fb91c812472b7fd663f9ae73	11-Jan-2011	Nicolas Dichtel <nicolas.dichtel@6wind.com>	iproute2: allow to specify truncation bits on auth algo Hi, here is a patch against iproute2 to allow user to set a state with a specific auth length. Example: $ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel $ ip xfrm state src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 reqid 0 mode tunnel replay-window 0 auth-trunc hmac(sha256) 0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96 sel src 0.0.0.0/0 dst 0.0.0.0/0 Regards, Nicolas >From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel@6wind.com> Date: Thu, 23 Dec 2010 06:48:12 -0500 Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify truncation bits, so we add a new algo type: auth-trunc. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/xfrm_state.c
0c7a594541df84d3497681a8ecc09b05c1449dd0	03-Feb-2011	Joy Latten <jml@austin.ibm.com>	xfrm security context support Adds security context support to ip xfrm state. Signed-off-by: Joy Latten <latten@austin.ibm.com> /external/iproute2/ip/xfrm_state.c
c90cda94006ed9d4a53750bd036adbfe1ae7069d	23-Feb-2010	Jamal Hadi Salim <hadi@cyberus.ca>	xfrm: add support for SA by mark Add support for SA manipulation by mark Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> /external/iproute2/ip/xfrm_state.c
15bb82c6fb9ae401f48eb7f03179ee6669496bf0	11-Jan-2010	Alex Badea <abadea@ixiacom.com>	ip xfrm state: parse and print "icmp" and "af-unspec" flags Convert to/from XFRM_STATE_ICMP and XFRM_STATE_AF_UNSPEC state flags. Signed-off-by: Alex Badea <abadea@ixiacom.com> /external/iproute2/ip/xfrm_state.c
1758a81f49d1360c930393d2042221f567dc52b5	18-Sep-2008	Herbert Xu <herbert@gondor.apana.org.au>	ip: xfrm: Add AEAD support This patch allows the user to create/manage AEAD algorithms with the ip xfrm command. AEAD algorithms are also known as combined- mode algorithms. They provide the functionality of encryption algorithms as well as authentication algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> /external/iproute2/ip/xfrm_state.c
de95ae7ca7d6a290eaab2c137b74f19c78a9a1fe	23-Apr-2008	Herbert Xu <herbert@gondor.apana.org.au>	xfrm: Allow replay setting Hi Stephen: [IP] xfrm: Allow replay setting For certain applications there is a requirement to start the sequence number from a point other than the default. As it is the kernel provides an interface to do that but it isn't available through the ip(8) command. Since we're encouraging people to migrate over to ip(8) for manual keying, it is useful to have this ability there. This patch adds support for setting replay sequence numbers through ip(8). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- /external/iproute2/ip/xfrm_state.c
9414cd6d380c3a9317b6912c14e571fb5b5a4f62	08-Mar-2008	Stephen Hemminger <stephen.hemminger@vyatta.com>	revert earlier mistake ALGO_NAME is okay Revert "I found out when I was writing manual page, that options ALGO_NAME and" This reverts commit 8a1485bb21bf84a7932ca849e29300853e647afc. /external/iproute2/ip/xfrm_state.c
8a1485bb21bf84a7932ca849e29300853e647afc	22-Feb-2008	Marcela Maslanova <mmaslano@redhat.com>	I found out when I was writing manual page, that options ALGO_NAME and ALGO_KEY aren't used. If it's a bug or should it be remove it, as I did? /external/iproute2/ip/xfrm_state.c
f31a37f79d1f33d4d0d6a18f3768bfee27e8b6cc	01-Feb-2008	Stephen Hemminger <stephen.hemminger@vyatta.com>	fix problem caused by rtnl_send checks Some usages of rtnl_send could cause errors (ie flush requests) others do a listen afterwards. Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> /external/iproute2/ip/xfrm_state.c
efe69c1b7220e6c89bc5ccbeceeadf7c9e09768b	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Fix flush message. Fix xfrm state or policy flush message. And minor updates are included: o Use static buffer to show unknown value as string. o Show policy type (ptype) only when kernel specified it. o Clean-up xfrm_monitor. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_state.c
c1fa2253241f3cddac3519700549f98d7840b864	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Fix policy and state flags. o Support policy flag with string format. Note that kernel defines only one name "localok" for the flag and it has not had any effect currently. o Support state flag value XFRM_STATE_NOPMTUDISC. o Fix to show detailed flags value when "-s" option is used. o Fix minor typo. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_state.c
ed01e3906854516188a5d57a31eab2e5e9ba673f	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Clean-up for internal mask to filter. Remove unused or redundant usage for xfrm_filter. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_state.c
bdf9e86d727156ca68fefd243afa29ad4f29f4bf	20-Jun-2007	Stephen Hemminger <shemminger@linux-foundation.org>	fix last change Need to use correct XFRMA_ constants. Get rid of bogus casts. Fix case where no attribute returned. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_state.c
0bb4a4c20c9deeac26f7239d83c8747c4dfb4d89	04-May-2007	jamal <hadi@cyberus.ca>	see SAD info Stephen, Use this patch instead of the one i sent yesterday. As before, you will need to pull include/linux/xfrm.h from net-2.6 once Dave applies the kernel patch. cheers, jamal [XFRM] see SAD info i.e instead of something like ip xfrm state ls \| grep -i src \| wc -l do: ip xfrm state count And you get the count; you can also pass -s to the command line and get the hash info. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_state.c
ae665a522bd46bea44c5ea84c89c8b1731954170	05-Dec-2006	Stephen Hemminger <shemminger@osdl.org>	Remove trailing whitespace Go through source files and remove all trailing whitespace Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_state.c
7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: Mobile IPv6 route optimization support. To support Mobile IPv6 RO, the following extension is included: o Use XFRM_MODE_XXX macro instead of magic number o New attribute option for all state: source address for deleting or getting message o New attribute options for RO: care-of address, last-used timestamp and wild-receive flag Note: Flush command like `ip xfrm state flush` is to remove all XFRM state. It has been effected for IPsec SAD but with this patch it flushes both IPsec SAD and Mobile IPv6 RO states. To make only IPsec SA flush, it is recommanded to specify each XFRM protocol like below: `ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp` Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_state.c
34e099e24fd3c9070b68c1286a201834c0f4ae03	19-Oct-2006	Stephen Hemminger <shemminger@osdl.org>	SA and SP in IPSec BEET mode. Patch which allows for setting SA and SP also for new IPSec mode BEET, beside tunnel and transport, according to the latest changes in the kernel you can find at the following link: Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_state.c
af1b6a41d4c7ed8aab98cfdcdafd55ec6c638b07	11-Aug-2006	Andy Gay <andy@andynet.net>	Fix struct alignment with cris architecture [IPROUTE]: Fix struct alignment with cris architecture gcc for the cris arch does not pad structures to the next multiple of 4 bytes, as the i386 gcc does. This causes errors like this when displaying xfrm policies: # ip x p !!!Deficit 3, rta_len=300 src 192.168.251.32/29 dst 192.168.251.32/29 dir in priority 0 !!!Deficit 3, rta_len=180 src 0.0.0.0/0 dst 192.168.251.32/29 dir in priority 2208 .... Similar errors are seen from ip x s. This patch fixes the errors when printing. I'm not sure whether we should worry about other uses of the affected structs, I've not seen any other bad effects from this though, so hopefully this is enough. (Thanks to Herbert Xu for pointing out that NLMSG_SPACE is the correct macro to use here.) Tested against 2.6.17.6 kernel on i386, and 2.6.16.1 kernel on cris. Signed-off-by: Andy Gay <andy@andynet.net> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_state.c
669ae748d6ae3a476090f7dc48dd0fa6d246f77e	07-Nov-2005	shemminger <shemminger>	Minor fixes from Masahide for XFRM dynamic keying /external/iproute2/ip/xfrm_state.c
c595c790a08366db90654c01aba02a1bd97d73e2	02-Nov-2005	shemminger <shemminger>	Fix XFRM bugs introduced by batching code. Re-introduces the SA and policy add/del events /external/iproute2/ip/xfrm_state.c
737f15f6da0ed7512220f6fa5244a39777de4e0d	09-Jul-2005	shemminger <shemminger>	Thomas's ematch fixes for lex. Fix more GCC signedness warnings. /external/iproute2/ip/xfrm_state.c
9bec1a436335457f3067a17de6ddb913bd95a184	07-Jun-2005	shemminger <shemminger>	Masahide NAKAMURA <nakam@linux-ipv6.org> It fixes flush feature for IPsec(ip xfrm). Jamal gave me comment about it. I've tested it on 2.6.11.7. Please find the log below, check code and pull it: bk://bk.skbuff.net:38000/iproute2-xfrm-flush ChangeSet@1.182, 2005-04-13 21:19:44+09:00, nakam@linux-ipv6.org [ip] add "deleteall" command for xfrm; "flush" uses kernel's flush interface and "deleteall" uses legacy iproute2's flush feature like getting-and-deleting-for-each. /external/iproute2/ip/xfrm_state.c
90f93024a0818dc691138d8401721e797004b042	07-Jun-2005	shemminger <shemminger>	Monitor time patch from Masahide NAKAMURA /external/iproute2/ip/xfrm_state.c
fb7399b2baf9018c896985c3d669422a33ce5b38	22-Mar-2005	linux-ipv6.org!nakam <linux-ipv6.org!nakam>	allocspi feature support. support to specify sequence number. split printing state info function for xfrm common use. (Logical change 1.175) /external/iproute2/ip/xfrm_state.c
5cf576d928c515ce8dea2500154a291477ce38ba	10-Mar-2005	osdl.net!shemminger <osdl.net!shemminger>	Add Esp-in-udp encapsulation (Logical change 1.152) /external/iproute2/ip/xfrm_state.c
2534613eeba36f2a59a7876dbe1b291c76fcb4da	18-Jan-2005	12!tgraf <12!tgraf>	Switch to parse_rtattr and use XFRMA_MAX directly instead of a easly forgetable magic define (Logical change 1.129) /external/iproute2/ip/xfrm_state.c
eaa34ee35d6b801cabb96aafce2ca410e3f5b31d	18-Jan-2005	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute2.117 (Logical change 1.119) /external/iproute2/ip/xfrm_state.c
50772dc51ac02239958e1ebcdb21277fcdf133a7	07-Dec-2004	osdl.net!shemminger <osdl.net!shemminger>	Add ip rule flush capabilty and fix all the prototype changes because of that code rewrites the nlmsghdr. (Logical change 1.106) /external/iproute2/ip/xfrm_state.c
c70b36d231afba1700d6bb4ca1181fd9bb76c77b	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: support ICMP/ICMPv6's type and code (Logical change 1.85) /external/iproute2/ip/xfrm_state.c
29aa4dd76c0c1877d50b2d643eb081d5477ceadf	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: fixing protocol (Logical change 1.84) /external/iproute2/ip/xfrm_state.c
bd641cd661527469a9d15c0fa09f19d017c2299f	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: using flush message type (Logical change 1.83) /external/iproute2/ip/xfrm_state.c
54f7328aecfb8421b0e9ca180324aed135e780de	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: fixing IPsec algorithm key (Logical change 1.82) /external/iproute2/ip/xfrm_state.c
6dc9f016347441fbf94cf851c054b0f45ba32c1c	31-Aug-2004	osdl.net!shemminger <osdl.net!shemminger>	make all filtering handles take const args. (Logical change 1.77) /external/iproute2/ip/xfrm_state.c
7809c61688c4a30799a07c727616887e5c885ab8	12-Aug-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch xrfm-msg.patch (Logical change 1.64) /external/iproute2/ip/xfrm_state.c
9e566a46f24fd89e104dea064d5233ab614f490b	30-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute-xfrm.3 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute-xfrm.2 (Logical change 1.58) /external/iproute2/ip/xfrm_state.c
c7699875bee00fbcd057fc62c30d6560b044e007	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch ipxfrm-20040707_2.diff (Logical change 1.53) /external/iproute2/ip/xfrm_state.c
7798b5237ef2b710c87f7f052d134d2180ffbd5c	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Initial revision /external/iproute2/ip/xfrm_state.c