Cross Reference: /external/iproute2/ip/xfrm

History log of /external/iproute2/ip/xfrm_policy.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
0dc2e22978c9f754e171574e727d8dfa226d3781	25-Jul-2015	Zhang Shengju <zhangshengju@cmss.chinamobile.com>	xfrm: remove duplicated include Remove dupldated include for <linux/xfrm.h>, since it's already included by 'xfrm.h'. Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> /external/iproute2/ip/xfrm_policy.c
c079e121a73af5eb49e003b13607e8a690331df6	27-May-2015	Stephen Hemminger <shemming@brocade.com>	libnetlink: add size argument to rtnl_talk There have been several instances where response from kernel has overrun the stack buffer from the caller. Avoid future problems by passing a size argument. Also drop the unused peer and group arguments to rtnl_talk. /external/iproute2/ip/xfrm_policy.c
782cf01dc01a7af01928bb12f60683f2bfe25a96	15-Apr-2015	Nicolas Dichtel <nicolas.dichtel@6wind.com>	ipxfrm: wrong nl msg sent on deleteall cmd XFRM netlink family is independent from the route netlink family. It's wrong to call rtnl_wilddump_request(), because it will add a 'struct ifinfomsg' into the header and the kernel will complain (at least for xfrm state): netlink: 24 bytes leftover after parsing attributes in process `ip'. Reported-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/xfrm_policy.c
025fa9dc7a4fee971c7040aeb84b4dac2ae08b3b	09-Apr-2015	Christophe Gouault <christophe.gouault@6wind.com>	xfrm: add command for configuring SPD hash table add a new command to configure the SPD hash table: ip xfrm policy set [ hthresh4 LBITS RBITS ] [ hthresh6 LBITS RBITS ] and code to display the SPD hash configuration: ip -s -s xfrm policy count hthresh4: defines minimum local and remote IPv4 prefix lengths of selectors to hash a policy. If prefix lengths are greater or equal to the thresholds, then the policy is hashed, otherwise it falls back in the policy_inexact chained list. hthresh6: defines minimum local and remote IPv6 prefix lengths of selectors to hash a policy, otherwise it falls back in the policy_inexact chained list. Example: % ip -s -s xfrm policy count SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0) SPD buckets: count 7 Max 1048576 SPD IPv4 thresholds: local 32 remote 32 SPD IPv6 thresholds: local 128 remote 128 % ip xfrm pol set hthresh4 24 16 hthresh6 64 56 % ip -s -s xfrm policy count SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0) SPD buckets: count 7 Max 1048576 SPD IPv4 thresholds: local 24 remote 16 SPD IPv6 thresholds: local 64 remote 56 Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com> /external/iproute2/ip/xfrm_policy.c
4806867a6cc2950293229e66efe88061323ca0cf	17-Feb-2014	Stephen Hemminger <stephen@networkplumber.org>	kill spaces before tabs /external/iproute2/ip/xfrm_policy.c
4d98ab00de90bac916f526c83c68012d7159f712	07-Dec-2013	Stephen Hemminger <stephen@networkplumber.org>	Fix FSF address in file headers /external/iproute2/ip/xfrm_policy.c
b557416532f3db745cb9cceaaf343b4bc5b57003	08-Oct-2013	Christophe Gouault <christophe.gouault@6wind.com>	xfrm: enable to set non-wildcard mark 0 on SAs and SPs ip xfrm considers that the user-defined mark is "any" as soon as (mark.v & mark.m == 0), which prevents from specifying non-wildcard marks that include the value 0 (typically 0/0xffffffff). Yet, matching exactly mark 0 is useful for instance to separate vti policies from global policies. Always configure the user mark if mark.m != 0. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com> /external/iproute2/ip/xfrm_policy.c
e8740e42ece716b1dcce89a573fba413846af468	25-Mar-2013	David Ward <david.ward@ll.mit.edu>	ip/xfrm: Improve error strings Quotation marks are now used only to indicate literal text on the command line. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/xfrm_policy.c
29665f92c79aea7cb408c7704d6f9227bbc8de8d	25-Mar-2013	David Ward <david.ward@ll.mit.edu>	ip/xfrm: Improve usage text and documentation Change ALGO-KEY to ALGO-KEYMAT to make it more obvious that the keying material might need to contain more than just the key (such as a salt or nonce value). List the algorithm names that currently exist in the kernel. Indicate that for IPComp, the Compression Parameter Index (CPI) is used as the SPI. Group the list of mode values by transform protocol. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/xfrm_policy.c
d1f28cf181a6f77f230d90267eef0ecfbcb25f30	12-Feb-2013	Stephen Hemminger <stephen@networkplumber.org>	ip: make local functions static /external/iproute2/ip/xfrm_policy.c
cd70f3f522e04b4d2fa80ae10292379bf223a53b	28-Dec-2011	Stephen Hemminger <shemminger@vyatta.com>	libnetlink: remove unused junk callback Both rtnl_talk and rtnl_dump had a callback for handling portions of netlink message that do not match the correct pid or seq. But this callback was never used by any part of iproute2 so remove it. /external/iproute2/ip/xfrm_policy.c
cbec0219132afd1749e1b8852b8b3729988af841	11-Jun-2011	David Ward <david.ward@ll.mit.edu>	xfrm: Update documentation The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output are updated to include missing options, fix errors, and improve grammar. There are no functional changes made. The documentation for the ip command has many different meanings for the same formatting symbols (which really needs to be fixed). This patch makes consistent use of brackets [ ] to indicate optional parameters, pipes \| to mean "OR", braces { } to group things together, and dashes - instead of underscores _ inside of parameter names. The parameters are listed in the order in which they are parsed in the source code. There are several parameters and options that are still not mentioned or need to be described more thoroughly in the "COMMAND SYNTAX" section of the ip(8) man page. I would appreciate help from the developers with this. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/xfrm_policy.c
c0635644cd0a4471c09f665f7098713f3157c170	07-Apr-2011	Ulrich Weber <uweber@astaro.com>	iproute2: parse flag XFRM_POLICY_ICMP parse flag XFRM_POLICY_ICMP Signed-off-by: Ulrich Weber <uweber@astaro.com> /external/iproute2/ip/xfrm_policy.c
e4f054f017d0daa7ff9bba6027c5df264999ff1a	03-Feb-2011	Joy Latten <jml@austin.ibm.com>	xfrm security context support Adds security context support to ip xfrm policy. Signed-off-by: Joy Latten <latten@austin.ibm.com> /external/iproute2/ip/xfrm_policy.c
4a9608e6aefe40cf8545097ed23931f9bacba06d	23-Nov-2010	Timo Teräs <timo.teras@iki.fi>	iproute2: support xfrm upper protocol gre key Similar to tunnel side: accept dotted-quad and number formats. Use regular number for printing the key. Signed-off-by: Timo Teräs <timo.teras@iki.fi> /external/iproute2/ip/xfrm_policy.c
ee675e87149eeaed8f7ae43bdc8648b83a934eb8	23-Feb-2010	Jamal Hadi Salim <hadi@cyberus.ca>	xfrm: policy by mark Add support for SP manipulation by mark Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> /external/iproute2/ip/xfrm_policy.c
e6e0b60f2a3d2720d4d9d6d0a50e3b48deea45e4	11-Jan-2010	Alex Badea <abadea@ixiacom.com>	ip xfrm policy: allow different tmpl family Allow tmpl IP addresses to have a different family than selector addresses. This is useful in conjunction with XFRM_STATE_AF_UNSPEC. Signed-off-by: Alex Badea <abadea@ixiacom.com> /external/iproute2/ip/xfrm_policy.c
f31a37f79d1f33d4d0d6a18f3768bfee27e8b6cc	01-Feb-2008	Stephen Hemminger <stephen.hemminger@vyatta.com>	fix problem caused by rtnl_send checks Some usages of rtnl_send could cause errors (ie flush requests) others do a listen afterwards. Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> /external/iproute2/ip/xfrm_policy.c
1fb0a998e1a8cb26a1f7fe1f79e2e3654aafdc93	26-Jan-2008	Stephen Hemminger <stephen.hemminger@vyatta.com>	remove extra newline from perror() calls perror error adds a newline, so don't split error message across two lines. /external/iproute2/ip/xfrm_policy.c
c1fa2253241f3cddac3519700549f98d7840b864	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Fix policy and state flags. o Support policy flag with string format. Note that kernel defines only one name "localok" for the flag and it has not had any effect currently. o Support state flag value XFRM_STATE_NOPMTUDISC. o Fix to show detailed flags value when "-s" option is used. o Fix minor typo. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_policy.c
ed01e3906854516188a5d57a31eab2e5e9ba673f	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Clean-up for internal mask to filter. Remove unused or redundant usage for xfrm_filter. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_policy.c
bdf9e86d727156ca68fefd243afa29ad4f29f4bf	20-Jun-2007	Stephen Hemminger <shemminger@linux-foundation.org>	fix last change Need to use correct XFRMA_ constants. Get rid of bogus casts. Fix case where no attribute returned. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_policy.c
f90c4f4e122e06eb1498bbcd1741bb5cd4150338	04-May-2007	jamal <hadi@cyberus.ca>	see SPD info and heres the SPD version ... cheers, jamal [XFRM] see SPD info i.e instead of something like ip xfrm policy ls \| grep -i src \| wc -l do: ip xfrm policy count And you get the count; you can also pass -s or -s -s to see more details Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/xfrm_policy.c
ae665a522bd46bea44c5ea84c89c8b1731954170	05-Dec-2006	Stephen Hemminger <shemminger@osdl.org>	Remove trailing whitespace Go through source files and remove all trailing whitespace Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_policy.c
7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: Mobile IPv6 route optimization support. To support Mobile IPv6 RO, the following extension is included: o Use XFRM_MODE_XXX macro instead of magic number o New attribute option for all state: source address for deleting or getting message o New attribute options for RO: care-of address, last-used timestamp and wild-receive flag Note: Flush command like `ip xfrm state flush` is to remove all XFRM state. It has been effected for IPsec SAD but with this patch it flushes both IPsec SAD and Mobile IPv6 RO states. To make only IPsec SA flush, it is recommanded to specify each XFRM protocol like below: `ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp` Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_policy.c
972938e9e685156b97413d17ad8993de61fdd1b9	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: sub policy support. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_policy.c
34e099e24fd3c9070b68c1286a201834c0f4ae03	19-Oct-2006	Stephen Hemminger <shemminger@osdl.org>	SA and SP in IPSec BEET mode. Patch which allows for setting SA and SP also for new IPSec mode BEET, beside tunnel and transport, according to the latest changes in the kernel you can find at the following link: Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_policy.c
af1b6a41d4c7ed8aab98cfdcdafd55ec6c638b07	11-Aug-2006	Andy Gay <andy@andynet.net>	Fix struct alignment with cris architecture [IPROUTE]: Fix struct alignment with cris architecture gcc for the cris arch does not pad structures to the next multiple of 4 bytes, as the i386 gcc does. This causes errors like this when displaying xfrm policies: # ip x p !!!Deficit 3, rta_len=300 src 192.168.251.32/29 dst 192.168.251.32/29 dir in priority 0 !!!Deficit 3, rta_len=180 src 0.0.0.0/0 dst 192.168.251.32/29 dir in priority 2208 .... Similar errors are seen from ip x s. This patch fixes the errors when printing. I'm not sure whether we should worry about other uses of the affected structs, I've not seen any other bad effects from this though, so hopefully this is enough. (Thanks to Herbert Xu for pointing out that NLMSG_SPACE is the correct macro to use here.) Tested against 2.6.17.6 kernel on i386, and 2.6.16.1 kernel on cris. Signed-off-by: Andy Gay <andy@andynet.net> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/xfrm_policy.c
669ae748d6ae3a476090f7dc48dd0fa6d246f77e	07-Nov-2005	shemminger <shemminger>	Minor fixes from Masahide for XFRM dynamic keying /external/iproute2/ip/xfrm_policy.c
c595c790a08366db90654c01aba02a1bd97d73e2	02-Nov-2005	shemminger <shemminger>	Fix XFRM bugs introduced by batching code. Re-introduces the SA and policy add/del events /external/iproute2/ip/xfrm_policy.c
9bec1a436335457f3067a17de6ddb913bd95a184	07-Jun-2005	shemminger <shemminger>	Masahide NAKAMURA <nakam@linux-ipv6.org> It fixes flush feature for IPsec(ip xfrm). Jamal gave me comment about it. I've tested it on 2.6.11.7. Please find the log below, check code and pull it: bk://bk.skbuff.net:38000/iproute2-xfrm-flush ChangeSet@1.182, 2005-04-13 21:19:44+09:00, nakam@linux-ipv6.org [ip] add "deleteall" command for xfrm; "flush" uses kernel's flush interface and "deleteall" uses legacy iproute2's flush feature like getting-and-deleting-for-each. /external/iproute2/ip/xfrm_policy.c
90f93024a0818dc691138d8401721e797004b042	07-Jun-2005	shemminger <shemminger>	Monitor time patch from Masahide NAKAMURA /external/iproute2/ip/xfrm_policy.c
56e8ad38cb6052ab59de480ad24e39064d07db76	22-Mar-2005	linux-ipv6.org!nakam <linux-ipv6.org!nakam>	split printing policy info function for xfrm common use. (Logical change 1.175) /external/iproute2/ip/xfrm_policy.c
2534613eeba36f2a59a7876dbe1b291c76fcb4da	18-Jan-2005	12!tgraf <12!tgraf>	Switch to parse_rtattr and use XFRMA_MAX directly instead of a easly forgetable magic define (Logical change 1.129) /external/iproute2/ip/xfrm_policy.c
eaa34ee35d6b801cabb96aafce2ca410e3f5b31d	18-Jan-2005	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute2.117 (Logical change 1.119) /external/iproute2/ip/xfrm_policy.c
50772dc51ac02239958e1ebcdb21277fcdf133a7	07-Dec-2004	osdl.net!shemminger <osdl.net!shemminger>	Add ip rule flush capabilty and fix all the prototype changes because of that code rewrites the nlmsghdr. (Logical change 1.106) /external/iproute2/ip/xfrm_policy.c
c70b36d231afba1700d6bb4ca1181fd9bb76c77b	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: support ICMP/ICMPv6's type and code (Logical change 1.85) /external/iproute2/ip/xfrm_policy.c
29aa4dd76c0c1877d50b2d643eb081d5477ceadf	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: fixing protocol (Logical change 1.84) /external/iproute2/ip/xfrm_policy.c
bd641cd661527469a9d15c0fa09f19d017c2299f	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: using flush message type (Logical change 1.83) /external/iproute2/ip/xfrm_policy.c
6dc9f016347441fbf94cf851c054b0f45ba32c1c	31-Aug-2004	osdl.net!shemminger <osdl.net!shemminger>	make all filtering handles take const args. (Logical change 1.77) /external/iproute2/ip/xfrm_policy.c
7809c61688c4a30799a07c727616887e5c885ab8	12-Aug-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch xrfm-msg.patch (Logical change 1.64) /external/iproute2/ip/xfrm_policy.c
ad273962a13acc9a6723e2a86398cb0216c95679	30-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute-xfrm.3 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute-xfrm.2 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute2-xfrm.1 (Logical change 1.58) /external/iproute2/ip/xfrm_policy.c
c7699875bee00fbcd057fc62c30d6560b044e007	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch ipxfrm-20040707_2.diff (Logical change 1.53) /external/iproute2/ip/xfrm_policy.c
7798b5237ef2b710c87f7f052d134d2180ffbd5c	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Initial revision /external/iproute2/ip/xfrm_policy.c