History log of /external/iproute2/ip/xfrm_policy.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
0dc2e22978c9f754e171574e727d8dfa226d3781 25-Jul-2015 Zhang Shengju <zhangshengju@cmss.chinamobile.com> xfrm: remove duplicated include

Remove dupldated include for <linux/xfrm.h>, since it's already
included by 'xfrm.h'.

Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
/external/iproute2/ip/xfrm_policy.c
c079e121a73af5eb49e003b13607e8a690331df6 27-May-2015 Stephen Hemminger <shemming@brocade.com> libnetlink: add size argument to rtnl_talk

There have been several instances where response from kernel
has overrun the stack buffer from the caller. Avoid future problems
by passing a size argument.

Also drop the unused peer and group arguments to rtnl_talk.
/external/iproute2/ip/xfrm_policy.c
782cf01dc01a7af01928bb12f60683f2bfe25a96 15-Apr-2015 Nicolas Dichtel <nicolas.dichtel@6wind.com> ipxfrm: wrong nl msg sent on deleteall cmd

XFRM netlink family is independent from the route netlink family. It's wrong
to call rtnl_wilddump_request(), because it will add a 'struct ifinfomsg' into
the header and the kernel will complain (at least for xfrm state):

netlink: 24 bytes leftover after parsing attributes in process `ip'.

Reported-by: Gregory Hoggarth <Gregory.Hoggarth@alliedtelesis.co.nz>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
/external/iproute2/ip/xfrm_policy.c
025fa9dc7a4fee971c7040aeb84b4dac2ae08b3b 09-Apr-2015 Christophe Gouault <christophe.gouault@6wind.com> xfrm: add command for configuring SPD hash table

add a new command to configure the SPD hash table:
ip xfrm policy set [ hthresh4 LBITS RBITS ] [ hthresh6 LBITS RBITS ]

and code to display the SPD hash configuration:
ip -s -s xfrm policy count

hthresh4: defines minimum local and remote IPv4 prefix lengths of
selectors to hash a policy. If prefix lengths are greater or equal
to the thresholds, then the policy is hashed, otherwise it falls back
in the policy_inexact chained list.

hthresh6: defines minimum local and remote IPv6 prefix lengths of
selectors to hash a policy, otherwise it falls back
in the policy_inexact chained list.

Example:

% ip -s -s xfrm policy count
SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0)
SPD buckets: count 7 Max 1048576
SPD IPv4 thresholds: local 32 remote 32
SPD IPv6 thresholds: local 128 remote 128

% ip xfrm pol set hthresh4 24 16 hthresh6 64 56

% ip -s -s xfrm policy count
SPD IN 0 OUT 0 FWD 0 (Sock: IN 0 OUT 0 FWD 0)
SPD buckets: count 7 Max 1048576
SPD IPv4 thresholds: local 24 remote 16
SPD IPv6 thresholds: local 64 remote 56

Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
/external/iproute2/ip/xfrm_policy.c
4806867a6cc2950293229e66efe88061323ca0cf 17-Feb-2014 Stephen Hemminger <stephen@networkplumber.org> kill spaces before tabs
/external/iproute2/ip/xfrm_policy.c
4d98ab00de90bac916f526c83c68012d7159f712 07-Dec-2013 Stephen Hemminger <stephen@networkplumber.org> Fix FSF address in file headers
/external/iproute2/ip/xfrm_policy.c
b557416532f3db745cb9cceaaf343b4bc5b57003 08-Oct-2013 Christophe Gouault <christophe.gouault@6wind.com> xfrm: enable to set non-wildcard mark 0 on SAs and SPs

ip xfrm considers that the user-defined mark is "any" as soon as
(mark.v & mark.m == 0), which prevents from specifying non-wildcard
marks that include the value 0 (typically 0/0xffffffff).

Yet, matching exactly mark 0 is useful for instance to separate
vti policies from global policies.

Always configure the user mark if mark.m != 0.

Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
/external/iproute2/ip/xfrm_policy.c
e8740e42ece716b1dcce89a573fba413846af468 25-Mar-2013 David Ward <david.ward@ll.mit.edu> ip/xfrm: Improve error strings

Quotation marks are now used only to indicate literal text on the
command line.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/xfrm_policy.c
29665f92c79aea7cb408c7704d6f9227bbc8de8d 25-Mar-2013 David Ward <david.ward@ll.mit.edu> ip/xfrm: Improve usage text and documentation

Change ALGO-KEY to ALGO-KEYMAT to make it more obvious that the
keying material might need to contain more than just the key (such
as a salt or nonce value).

List the algorithm names that currently exist in the kernel.

Indicate that for IPComp, the Compression Parameter Index (CPI) is
used as the SPI.

Group the list of mode values by transform protocol.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/xfrm_policy.c
d1f28cf181a6f77f230d90267eef0ecfbcb25f30 12-Feb-2013 Stephen Hemminger <stephen@networkplumber.org> ip: make local functions static
/external/iproute2/ip/xfrm_policy.c
cd70f3f522e04b4d2fa80ae10292379bf223a53b 28-Dec-2011 Stephen Hemminger <shemminger@vyatta.com> libnetlink: remove unused junk callback

Both rtnl_talk and rtnl_dump had a callback for handling portions
of netlink message that do not match the correct pid or seq.
But this callback was never used by any part of iproute2 so remove
it.
/external/iproute2/ip/xfrm_policy.c
cbec0219132afd1749e1b8852b8b3729988af841 11-Jun-2011 David Ward <david.ward@ll.mit.edu> xfrm: Update documentation

The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output
are updated to include missing options, fix errors, and improve grammar.
There are no functional changes made.

The documentation for the ip command has many different meanings for the
same formatting symbols (which really needs to be fixed). This patch makes
consistent use of brackets [ ] to indicate optional parameters, pipes | to
mean "OR", braces { } to group things together, and dashes - instead of
underscores _ inside of parameter names. The parameters are listed in the
order in which they are parsed in the source code.

There are several parameters and options that are still not mentioned or
need to be described more thoroughly in the "COMMAND SYNTAX" section of
the ip(8) man page. I would appreciate help from the developers with this.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/xfrm_policy.c
c0635644cd0a4471c09f665f7098713f3157c170 07-Apr-2011 Ulrich Weber <uweber@astaro.com> iproute2: parse flag XFRM_POLICY_ICMP

parse flag XFRM_POLICY_ICMP

Signed-off-by: Ulrich Weber <uweber@astaro.com>
/external/iproute2/ip/xfrm_policy.c
e4f054f017d0daa7ff9bba6027c5df264999ff1a 03-Feb-2011 Joy Latten <jml@austin.ibm.com> xfrm security context support

Adds security context support to ip xfrm policy.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
/external/iproute2/ip/xfrm_policy.c
4a9608e6aefe40cf8545097ed23931f9bacba06d 23-Nov-2010 Timo Teräs <timo.teras@iki.fi> iproute2: support xfrm upper protocol gre key

Similar to tunnel side: accept dotted-quad and number formats.
Use regular number for printing the key.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
/external/iproute2/ip/xfrm_policy.c
ee675e87149eeaed8f7ae43bdc8648b83a934eb8 23-Feb-2010 Jamal Hadi Salim <hadi@cyberus.ca> xfrm: policy by mark

Add support for SP manipulation by mark

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
/external/iproute2/ip/xfrm_policy.c
e6e0b60f2a3d2720d4d9d6d0a50e3b48deea45e4 11-Jan-2010 Alex Badea <abadea@ixiacom.com> ip xfrm policy: allow different tmpl family

Allow tmpl IP addresses to have a different family than
selector addresses. This is useful in conjunction with
XFRM_STATE_AF_UNSPEC.

Signed-off-by: Alex Badea <abadea@ixiacom.com>
/external/iproute2/ip/xfrm_policy.c
f31a37f79d1f33d4d0d6a18f3768bfee27e8b6cc 01-Feb-2008 Stephen Hemminger <stephen.hemminger@vyatta.com> fix problem caused by rtnl_send checks

Some usages of rtnl_send could cause errors (ie flush requests)
others do a listen afterwards.

Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
/external/iproute2/ip/xfrm_policy.c
1fb0a998e1a8cb26a1f7fe1f79e2e3654aafdc93 26-Jan-2008 Stephen Hemminger <stephen.hemminger@vyatta.com> remove extra newline from perror() calls

perror error adds a newline, so don't split error message
across two lines.
/external/iproute2/ip/xfrm_policy.c
c1fa2253241f3cddac3519700549f98d7840b864 24-Aug-2007 Masahide NAKAMURA <nakam@linux-ipv6.org> ip: xfrm: Fix policy and state flags.

o Support policy flag with string format.
Note that kernel defines only one name "localok" for the flag
and it has not had any effect currently.
o Support state flag value XFRM_STATE_NOPMTUDISC.
o Fix to show detailed flags value when "-s" option is used.
o Fix minor typo.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm_policy.c
ed01e3906854516188a5d57a31eab2e5e9ba673f 24-Aug-2007 Masahide NAKAMURA <nakam@linux-ipv6.org> ip: xfrm: Clean-up for internal mask to filter.

Remove unused or redundant usage for xfrm_filter.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm_policy.c
bdf9e86d727156ca68fefd243afa29ad4f29f4bf 20-Jun-2007 Stephen Hemminger <shemminger@linux-foundation.org> fix last change

Need to use correct XFRMA_ constants.
Get rid of bogus casts. Fix case where no attribute returned.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm_policy.c
f90c4f4e122e06eb1498bbcd1741bb5cd4150338 04-May-2007 jamal <hadi@cyberus.ca> see SPD info

and heres the SPD version ...

cheers,
jamal

[XFRM] see SPD info

i.e instead of something like ip xfrm policy ls | grep -i src | wc -l
do:

ip xfrm policy count
And you get the count; you can also pass -s or -s -s to see more
details

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/xfrm_policy.c
ae665a522bd46bea44c5ea84c89c8b1731954170 05-Dec-2006 Stephen Hemminger <shemminger@osdl.org> Remove trailing whitespace

Go through source files and remove all trailing whitespace

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm_policy.c
7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431 05-Dec-2006 Masahide NAKAMURA <nakam@linux-ipv6.org> XFRM: Mobile IPv6 route optimization support.

To support Mobile IPv6 RO, the following extension is included:
o Use XFRM_MODE_XXX macro instead of magic number
o New attribute option for all state: source address for
deleting or getting message
o New attribute options for RO: care-of address, last-used timestamp
and wild-receive flag

Note:
Flush command like `ip xfrm state flush` is to remove all XFRM state.
It has been effected for IPsec SAD but with this patch it flushes both
IPsec SAD and Mobile IPv6 RO states.
To make only IPsec SA flush, it is recommanded to specify each XFRM
protocol like below:
`ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp`

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm_policy.c
972938e9e685156b97413d17ad8993de61fdd1b9 05-Dec-2006 Masahide NAKAMURA <nakam@linux-ipv6.org> XFRM: sub policy support.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm_policy.c
34e099e24fd3c9070b68c1286a201834c0f4ae03 19-Oct-2006 Stephen Hemminger <shemminger@osdl.org> SA and SP in IPSec BEET mode.

Patch which allows for setting SA and SP also for
new IPSec mode BEET, beside tunnel and transport, according to the latest
changes in the kernel you can find at the following link:

Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu <miika@iki.fi>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm_policy.c
af1b6a41d4c7ed8aab98cfdcdafd55ec6c638b07 11-Aug-2006 Andy Gay <andy@andynet.net> Fix struct alignment with cris architecture

[IPROUTE]: Fix struct alignment with cris architecture

gcc for the cris arch does not pad structures to the next multiple of 4
bytes, as the i386 gcc does.

This causes errors like this when displaying xfrm policies:

# ip x p
!!!Deficit 3, rta_len=300
src 192.168.251.32/29 dst 192.168.251.32/29
dir in priority 0
!!!Deficit 3, rta_len=180
src 0.0.0.0/0 dst 192.168.251.32/29
dir in priority 2208
....

Similar errors are seen from ip x s.

This patch fixes the errors when printing. I'm not sure whether we
should worry about other uses of the affected structs, I've not seen any
other bad effects from this though, so hopefully this is enough.

(Thanks to Herbert Xu for pointing out that NLMSG_SPACE is the correct
macro to use here.)

Tested against 2.6.17.6 kernel on i386, and 2.6.16.1 kernel on cris.

Signed-off-by: Andy Gay <andy@andynet.net>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/xfrm_policy.c
669ae748d6ae3a476090f7dc48dd0fa6d246f77e 07-Nov-2005 shemminger <shemminger> Minor fixes from Masahide for XFRM dynamic keying
/external/iproute2/ip/xfrm_policy.c
c595c790a08366db90654c01aba02a1bd97d73e2 02-Nov-2005 shemminger <shemminger> Fix XFRM bugs introduced by batching code.
Re-introduces the SA and policy add/del events
/external/iproute2/ip/xfrm_policy.c
9bec1a436335457f3067a17de6ddb913bd95a184 07-Jun-2005 shemminger <shemminger> Masahide NAKAMURA <nakam@linux-ipv6.org>

It fixes flush feature for IPsec(ip xfrm).
Jamal gave me comment about it. I've tested it on 2.6.11.7.
Please find the log below, check code and pull it:

bk://bk.skbuff.net:38000/iproute2-xfrm-flush


ChangeSet@1.182, 2005-04-13 21:19:44+09:00, nakam@linux-ipv6.org
[ip] add "deleteall" command for xfrm;
"flush" uses kernel's flush interface and
"deleteall" uses legacy iproute2's flush feature like
getting-and-deleting-for-each.
/external/iproute2/ip/xfrm_policy.c
90f93024a0818dc691138d8401721e797004b042 07-Jun-2005 shemminger <shemminger> Monitor time patch from Masahide NAKAMURA
/external/iproute2/ip/xfrm_policy.c
56e8ad38cb6052ab59de480ad24e39064d07db76 22-Mar-2005 linux-ipv6.org!nakam <linux-ipv6.org!nakam> split printing policy info function for xfrm common use.

(Logical change 1.175)
/external/iproute2/ip/xfrm_policy.c
2534613eeba36f2a59a7876dbe1b291c76fcb4da 18-Jan-2005 12!tgraf <12!tgraf> Switch to parse_rtattr and use XFRMA_MAX directly instead of a easly
forgetable magic define

(Logical change 1.129)
/external/iproute2/ip/xfrm_policy.c
eaa34ee35d6b801cabb96aafce2ca410e3f5b31d 18-Jan-2005 net[shemminger]!shemminger <net[shemminger]!shemminger> Import patch iproute2.117

(Logical change 1.119)
/external/iproute2/ip/xfrm_policy.c
50772dc51ac02239958e1ebcdb21277fcdf133a7 07-Dec-2004 osdl.net!shemminger <osdl.net!shemminger> Add ip rule flush capabilty and fix all the prototype changes
because of that code rewrites the nlmsghdr.

(Logical change 1.106)
/external/iproute2/ip/xfrm_policy.c
c70b36d231afba1700d6bb4ca1181fd9bb76c77b 28-Sep-2004 org[shemminger]!nakam <org[shemminger]!nakam> [iproute2] XFRM: support ICMP/ICMPv6's type and code

(Logical change 1.85)
/external/iproute2/ip/xfrm_policy.c
29aa4dd76c0c1877d50b2d643eb081d5477ceadf 28-Sep-2004 org[shemminger]!nakam <org[shemminger]!nakam> [iproute2] XFRM: fixing protocol

(Logical change 1.84)
/external/iproute2/ip/xfrm_policy.c
bd641cd661527469a9d15c0fa09f19d017c2299f 28-Sep-2004 org[shemminger]!nakam <org[shemminger]!nakam> [iproute2] XFRM: using flush message type

(Logical change 1.83)
/external/iproute2/ip/xfrm_policy.c
6dc9f016347441fbf94cf851c054b0f45ba32c1c 31-Aug-2004 osdl.net!shemminger <osdl.net!shemminger> make all filtering handles take const args.

(Logical change 1.77)
/external/iproute2/ip/xfrm_policy.c
7809c61688c4a30799a07c727616887e5c885ab8 12-Aug-2004 net[shemminger]!shemminger <net[shemminger]!shemminger> Import patch xrfm-msg.patch

(Logical change 1.64)
/external/iproute2/ip/xfrm_policy.c
ad273962a13acc9a6723e2a86398cb0216c95679 30-Jul-2004 net[shemminger]!shemminger <net[shemminger]!shemminger> Import patch iproute-xfrm.3

2004/07/14 00:35:49-07:00 net[shemminger]!shemminger
Import patch iproute-xfrm.2

2004/07/14 00:35:49-07:00 net[shemminger]!shemminger
Import patch iproute2-xfrm.1

(Logical change 1.58)
/external/iproute2/ip/xfrm_policy.c
c7699875bee00fbcd057fc62c30d6560b044e007 07-Jul-2004 net[shemminger]!shemminger <net[shemminger]!shemminger> Import patch ipxfrm-20040707_2.diff

(Logical change 1.53)
/external/iproute2/ip/xfrm_policy.c
7798b5237ef2b710c87f7f052d134d2180ffbd5c 07-Jul-2004 net[shemminger]!shemminger <net[shemminger]!shemminger> Initial revision
/external/iproute2/ip/xfrm_policy.c