0dc2e22978c9f754e171574e727d8dfa226d3781 |
|
25-Jul-2015 |
Zhang Shengju <zhangshengju@cmss.chinamobile.com> |
xfrm: remove duplicated include Remove dupldated include for <linux/xfrm.h>, since it's already included by 'xfrm.h'. Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
/external/iproute2/ip/ipxfrm.c
|
11a3e5c4b31530840d6ea4339ce4078d5922b5d6 |
|
13-Apr-2015 |
Pavel Šimerda <psimerda@redhat.com> |
ip-xfrm: support 'proto any' with 'sport' and 'dport' When creating an IPsec SA that sets 'proto any' (IPPROTO_IP) and specifies 'sport' and 'dport' at the same time in selector, the following error is issued: "sport" and "dport" are invalid with proto=ip However using IPPROTO_IP with ports is completely legal and necessary when one wants to share the SA on both TCP and UDP. One of the applications requiring sharing SAs is 3GPP IMS AKA authentication. See also: * https://bugzilla.redhat.com/show_bug.cgi?id=497355 Reported-by: Jiří Klimeš <jklimes@redhat.com> Signed-off-by: Pavel Šimerda <psimerda@redhat.com>
/external/iproute2/ip/ipxfrm.c
|
26dcdf3a91123c6bf748e06d1205d110d95f34db |
|
15-Mar-2015 |
Eric W. Biederman <ebiederm@xmission.com> |
add a source addres length parameter to rt_addr_n2a For some address families (like AF_PACKET) it is helpful to have the length when prenting the address. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
/external/iproute2/ip/ipxfrm.c
|
6f4cad912082998bc2a44316af5550eaf260605a |
|
19-Mar-2015 |
philipp@redfish-solutions.com <philipp@redfish-solutions.com> |
xfrm: Fix -o (oneline) being broken in xfrm and correct mark radix Don't insert newline in -o (oneline) mode; print mark as hex. Oneline mode is supposed to force all output to be on oneline and machine-parsable, but this isn't the case for "ip xfrm" as shown: % ip -o xfrm monitor ... src 0.0.0.0/0 dst 0.0.0.0/0 \ dir out priority 2051 ptype main \ mark -1879048191/0xffffffff tmpl src 203.0.130.10 dst 198.51.130.30\ proto esp reqid 16384 mode tunnel\ ... as that's 2 lines, not one. Also, the "mark" is shown in signed decimal, but the mask is in hex. This is confusing: let's use hex for both. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
/external/iproute2/ip/ipxfrm.c
|
0151b56d102961c1418aea3ee53428d4ca2669c9 |
|
20-Oct-2014 |
dingzhi <zhi.ding@6wind.com> |
xfrm: add support of ESN and anti-replay window This patch allows to configure ESN and anti-replay window. Signed-off-by: dingzhi <zhi.ding@6wind.com> Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
/external/iproute2/ip/ipxfrm.c
|
656111b2f9c5932350e697a1aaa70ba2d9b40bc7 |
|
04-Aug-2014 |
Stephen Hemminger <stephen@networkplumber.org> |
cleanup warnings ll_index can return -1 but was declared unsigned. rt_addr_n2a had unused length parameter
/external/iproute2/ip/ipxfrm.c
|
0612519e011812276ade512d4a7f8113497f64ed |
|
17-Feb-2014 |
Stephen Hemminger <stephen@networkplumber.org> |
Remove trailing whitespace
/external/iproute2/ip/ipxfrm.c
|
4d98ab00de90bac916f526c83c68012d7159f712 |
|
07-Dec-2013 |
Stephen Hemminger <stephen@networkplumber.org> |
Fix FSF address in file headers
/external/iproute2/ip/ipxfrm.c
|
1ed509bb522225050edfa1ed7ddc7255e9a18bd5 |
|
29-Aug-2013 |
Thomas Egerer <thomas.egerer@secunet.com> |
ip/xfrm: Fix potential SIGSEGV when printing extra flags The git-commit dc8867d0, that added support for displaying the extra-flags of a state, introduced a potential segfault. Trying to show a state without the extra-flag attribute and show_stats enabled, would cause the NULL pointer in tb[XFRMA_SA_EXTRA_FLAGS] to be dereferenced. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
/external/iproute2/ip/ipxfrm.c
|
dc8867d0ff6202559c05a8fb8f7c16829360af28 |
|
17-May-2013 |
Nicolas Dichtel <nicolas.dichtel@6wind.com> |
ip/xfrm: all to set flag XFRM_SA_XFLAG_DONT_ENCAP_DSCP For the display part, we print extra-flags only if show_stats is set, like for standard flags. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
/external/iproute2/ip/ipxfrm.c
|
e8740e42ece716b1dcce89a573fba413846af468 |
|
25-Mar-2013 |
David Ward <david.ward@ll.mit.edu> |
ip/xfrm: Improve error strings Quotation marks are now used only to indicate literal text on the command line. Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/ipxfrm.c
|
8dbe67d2fe40fc4dc873610f8f20a5fa042cc4bc |
|
25-Mar-2013 |
David Ward <david.ward@ll.mit.edu> |
ip/xfrm: Do not print a zero-length algorithm key Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/ipxfrm.c
|
1d26e1fefd379deffd76469deea8f1bb8c0fc2dd |
|
25-Mar-2013 |
David Ward <david.ward@ll.mit.edu> |
ip/xfrm: Extend SPI validity checking A Security Policy Index (SPI) is not used with Mobile IPv6. IPComp uses a smaller 16-bit Compression Parameter Index (CPI) which is passed as the SPI value. Perform checks whenever specifying an ID. Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/ipxfrm.c
|
d1f28cf181a6f77f230d90267eef0ecfbcb25f30 |
|
12-Feb-2013 |
Stephen Hemminger <stephen@networkplumber.org> |
ip: make local functions static
/external/iproute2/ip/ipxfrm.c
|
14645ec2310ee7cf6d2f3d5035ac37ec09674e2c |
|
08-Feb-2013 |
Kees van Reeuwijk <reeuwijk@few.vu.nl> |
iproute2: improved error messages This patch improves many error messages as follows: - For incorrect parameters, show the value of the offending parameter, rather than just say that it is incorrect - Rephrased messages for clarity - Rephrased to more `mainstream' english Signed-off-by: Kees van Reeuwijk <reeuwijk@few.vu.nl>
/external/iproute2/ip/ipxfrm.c
|
048bff6e0206bca33ee70516521f3048e7714752 |
|
17-Jan-2013 |
Mike Frysinger <vapier@gentoo.org> |
ipxfrm: use alloca to allocate stack space Clang doesn't support the gcc extension for embeddeding flexible arrays inside of structures. Use the slightly more portable alloca(). Signed-off-by: Mike Frysinger <vapier@gentoo.org>
/external/iproute2/ip/ipxfrm.c
|
ff24746cca1ef0c92d46614158e6672acd6b63d3 |
|
10-Apr-2012 |
Stephen Hemminger <shemminger@vyatta.com> |
Convert to use rta_getattr_ functions User new functions (inspired by libmnl) to do type safe access of routeing attributes
/external/iproute2/ip/ipxfrm.c
|
cbec0219132afd1749e1b8852b8b3729988af841 |
|
11-Jun-2011 |
David Ward <david.ward@ll.mit.edu> |
xfrm: Update documentation The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output are updated to include missing options, fix errors, and improve grammar. There are no functional changes made. The documentation for the ip command has many different meanings for the same formatting symbols (which really needs to be fixed). This patch makes consistent use of brackets [ ] to indicate optional parameters, pipes | to mean "OR", braces { } to group things together, and dashes - instead of underscores _ inside of parameter names. The parameters are listed in the order in which they are parsed in the source code. There are several parameters and options that are still not mentioned or need to be described more thoroughly in the "COMMAND SYNTAX" section of the ip(8) man page. I would appreciate help from the developers with this. Signed-off-by: David Ward <david.ward@ll.mit.edu>
/external/iproute2/ip/ipxfrm.c
|
c0635644cd0a4471c09f665f7098713f3157c170 |
|
07-Apr-2011 |
Ulrich Weber <uweber@astaro.com> |
iproute2: parse flag XFRM_POLICY_ICMP parse flag XFRM_POLICY_ICMP Signed-off-by: Ulrich Weber <uweber@astaro.com>
/external/iproute2/ip/ipxfrm.c
|
98f5519cd9db9d1ca58c49af27698101c8fff373 |
|
01-Feb-2011 |
Nicolas Dichtel <nicolas.dichtel@6wind.com> |
iproute2: add support of flag XFRM_STATE_ALIGN4 Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
/external/iproute2/ip/ipxfrm.c
|
f323f2a32c3b9c29fb91c812472b7fd663f9ae73 |
|
11-Jan-2011 |
Nicolas Dichtel <nicolas.dichtel@6wind.com> |
iproute2: allow to specify truncation bits on auth algo Hi, here is a patch against iproute2 to allow user to set a state with a specific auth length. Example: $ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel $ ip xfrm state src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 reqid 0 mode tunnel replay-window 0 auth-trunc hmac(sha256) 0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96 sel src 0.0.0.0/0 dst 0.0.0.0/0 Regards, Nicolas >From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel@6wind.com> Date: Thu, 23 Dec 2010 06:48:12 -0500 Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify truncation bits, so we add a new algo type: auth-trunc. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
/external/iproute2/ip/ipxfrm.c
|
b2bb289a57fe7be63ebe0d1fe6ff94555bf6c936 |
|
03-Feb-2011 |
Joy Latten <jml@austin.ibm.com> |
xfrm security context support In the Linux kernel, ipsec policy and SAs can include a security context to support MAC networking. This feature is often referred to as "labeled ipsec". This patchset adds security context support into ip xfrm such that a security context can be included when add/delete/display SAs and policies with the ip command. The user provides the security context when adding SAs and policies. If a policy or SA contains a security context, the changes allow the security context to be displayed. For example, ip xfrm state src 10.1.1.6 dst 10.1.1.2 proto esp spi 0x00000301 reqid 0 mode transport replay-window 0 auth hmac(digest_null) 0x3078 enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031 security context root:system_r:unconfined_t:s0 Please let me know if all is ok with the patchset. Thanks!! regards, Joy Signed-off-by: Joy Latten <latten@austin.ibm.com>
/external/iproute2/ip/ipxfrm.c
|
4a9608e6aefe40cf8545097ed23931f9bacba06d |
|
23-Nov-2010 |
Timo Teräs <timo.teras@iki.fi> |
iproute2: support xfrm upper protocol gre key Similar to tunnel side: accept dotted-quad and number formats. Use regular number for printing the key. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
/external/iproute2/ip/ipxfrm.c
|
66abc090724a14baa0b931ecab4ea22ce91c4fb0 |
|
13-Sep-2010 |
Ulrich Weber <uweber@astaro.com> |
iproute2: display xfrm socket policy direction display socket policy direction Signed-off-by: Ulrich Weber <uweber@astaro.com>
/external/iproute2/ip/ipxfrm.c
|
f6fd52e626d7897e9df03331dbeb149beacb53ba |
|
23-Feb-2010 |
Jamal Hadi Salim <hadi@cyberus.ca> |
xfrm: Introduce xfrm by mark This patch carries basic infrastructure. You need to make sure that the proper include/linux/xfrm.h is included for it to compile. Example:
/external/iproute2/ip/ipxfrm.c
|
15bb82c6fb9ae401f48eb7f03179ee6669496bf0 |
|
11-Jan-2010 |
Alex Badea <abadea@ixiacom.com> |
ip xfrm state: parse and print "icmp" and "af-unspec" flags Convert to/from XFRM_STATE_ICMP and XFRM_STATE_AF_UNSPEC state flags. Signed-off-by: Alex Badea <abadea@ixiacom.com>
/external/iproute2/ip/ipxfrm.c
|
8a1c7fcb2756be05b55008edbd9e813f590cdf01 |
|
10-Nov-2009 |
Stephen Hemminger <stephen.hemminger@vyatta.com> |
Consolidate fprintf statements Doing one item per call is like old MODULA2 code.
/external/iproute2/ip/ipxfrm.c
|
b9ab720e33748cd022f095620e75ca7eba24a965 |
|
15-Apr-2009 |
Thomas Egerer <hakke_007@gmx.de> |
Fix display of xfrm When using iproute2 to display information on policies installed in kernel (ip x p s) output is incorrect: IPv6 addresses printed as IPv4 addresses. In case I am dealing with inter protocol policies where the template's address family differs from those of the policy itself. The patch attached solves this problem.
/external/iproute2/ip/ipxfrm.c
|
9a73e17deb231949f11e8ebf1303907c840b29cd |
|
08-Jan-2009 |
Stephen Hemminger <stephen.hemminger@vyatta.com> |
Fix compile warnings Gcc now warns about possible errors from passing a string buffer as format arguement to printf().
/external/iproute2/ip/ipxfrm.c
|
1758a81f49d1360c930393d2042221f567dc52b5 |
|
18-Sep-2008 |
Herbert Xu <herbert@gondor.apana.org.au> |
ip: xfrm: Add AEAD support This patch allows the user to create/manage AEAD algorithms with the ip xfrm command. AEAD algorithms are also known as combined- mode algorithms. They provide the functionality of encryption algorithms as well as authentication algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
/external/iproute2/ip/ipxfrm.c
|
efe69c1b7220e6c89bc5ccbeceeadf7c9e09768b |
|
24-Aug-2007 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
ip: xfrm: Fix flush message. Fix xfrm state or policy flush message. And minor updates are included: o Use static buffer to show unknown value as string. o Show policy type (ptype) only when kernel specified it. o Clean-up xfrm_monitor. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/ipxfrm.c
|
c1fa2253241f3cddac3519700549f98d7840b864 |
|
24-Aug-2007 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
ip: xfrm: Fix policy and state flags. o Support policy flag with string format. Note that kernel defines only one name "localok" for the flag and it has not had any effect currently. o Support state flag value XFRM_STATE_NOPMTUDISC. o Fix to show detailed flags value when "-s" option is used. o Fix minor typo. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/ipxfrm.c
|
dcb283c300299d79a37fd386ea854b156fd503c5 |
|
20-Jun-2007 |
Thomas Graf <tgraf@suug.ch> |
iproute2: Support IFF_LOWER_UP and IFF_DORMANT In order to support these new flags add current linux/if.h into the directory with the local copies. This caused troubles with outdated redefinitions from net/if.h so I've removed the dependency on it. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
/external/iproute2/ip/ipxfrm.c
|
ae665a522bd46bea44c5ea84c89c8b1731954170 |
|
05-Dec-2006 |
Stephen Hemminger <shemminger@osdl.org> |
Remove trailing whitespace Go through source files and remove all trailing whitespace Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/ipxfrm.c
|
0bf0fbc47e33cc968c1c1d20d938de31e497c753 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: Mobility header support. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/ipxfrm.c
|
7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: Mobile IPv6 route optimization support. To support Mobile IPv6 RO, the following extension is included: o Use XFRM_MODE_XXX macro instead of magic number o New attribute option for all state: source address for deleting or getting message o New attribute options for RO: care-of address, last-used timestamp and wild-receive flag Note: Flush command like `ip xfrm state flush` is to remove all XFRM state. It has been effected for IPsec SAD but with this patch it flushes both IPsec SAD and Mobile IPv6 RO states. To make only IPsec SA flush, it is recommanded to specify each XFRM protocol like below: `ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp` Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/ipxfrm.c
|
972938e9e685156b97413d17ad8993de61fdd1b9 |
|
05-Dec-2006 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
XFRM: sub policy support. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/ipxfrm.c
|
34e099e24fd3c9070b68c1286a201834c0f4ae03 |
|
19-Oct-2006 |
Stephen Hemminger <shemminger@osdl.org> |
SA and SP in IPSec BEET mode. Patch which allows for setting SA and SP also for new IPSec mode BEET, beside tunnel and transport, according to the latest changes in the kernel you can find at the following link: Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
/external/iproute2/ip/ipxfrm.c
|
27356a5e000effe0060940c767547dd95235795c |
|
12-Jan-2006 |
shemminger <shemminger> |
ndle DCCP in ipxfrm.c to allow using port numbers in the selector.
/external/iproute2/ip/ipxfrm.c
|
15ac4cdc2f0b83dffa0102494d110c13d717673d |
|
22-Mar-2005 |
linux-ipv6.org!nakam <linux-ipv6.org!nakam> |
split printing state/policy info function for xfrm common use. add xfrm monitor. (Logical change 1.175)
/external/iproute2/ip/ipxfrm.c
|
5cf576d928c515ce8dea2500154a291477ce38ba |
|
10-Mar-2005 |
osdl.net!shemminger <osdl.net!shemminger> |
Add Esp-in-udp encapsulation (Logical change 1.152)
/external/iproute2/ip/ipxfrm.c
|
bcf32819617dec5807c296e39504b45b6e3812e0 |
|
18-Jan-2005 |
12!tgraf <12!tgraf> |
Use tb[type] access to TLVs (Logical change 1.129)
/external/iproute2/ip/ipxfrm.c
|
eaa34ee35d6b801cabb96aafce2ca410e3f5b31d |
|
18-Jan-2005 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute2.117 (Logical change 1.119)
/external/iproute2/ip/ipxfrm.c
|
b906243b62c832f24473de3ead7d7feef0e75e4b |
|
18-Jan-2005 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute2.116 (Logical change 1.118)
/external/iproute2/ip/ipxfrm.c
|
44d3eb258cc9fbad0112f8457e7e9306272feaf3 |
|
07-Oct-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute2-compile-fixes-1.diff (Logical change 1.93)
/external/iproute2/ip/ipxfrm.c
|
c70b36d231afba1700d6bb4ca1181fd9bb76c77b |
|
28-Sep-2004 |
org[shemminger]!nakam <org[shemminger]!nakam> |
[iproute2] XFRM: support ICMP/ICMPv6's type and code (Logical change 1.85)
/external/iproute2/ip/ipxfrm.c
|
29aa4dd76c0c1877d50b2d643eb081d5477ceadf |
|
28-Sep-2004 |
org[shemminger]!nakam <org[shemminger]!nakam> |
[iproute2] XFRM: fixing protocol (Logical change 1.84)
/external/iproute2/ip/ipxfrm.c
|
7809c61688c4a30799a07c727616887e5c885ab8 |
|
12-Aug-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch xrfm-msg.patch (Logical change 1.64)
/external/iproute2/ip/ipxfrm.c
|
beab3a8352093d934670ed926c499adf272c9320 |
|
30-Jul-2004 |
osdl.net!shemminger <osdl.net!shemminger> |
unused variable. (Logical change 1.59)
/external/iproute2/ip/ipxfrm.c
|
ad273962a13acc9a6723e2a86398cb0216c95679 |
|
30-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch iproute-xfrm.3 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute-xfrm.2 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute2-xfrm.1 (Logical change 1.58)
/external/iproute2/ip/ipxfrm.c
|
c7699875bee00fbcd057fc62c30d6560b044e007 |
|
07-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Import patch ipxfrm-20040707_2.diff (Logical change 1.53)
/external/iproute2/ip/ipxfrm.c
|
7798b5237ef2b710c87f7f052d134d2180ffbd5c |
|
07-Jul-2004 |
net[shemminger]!shemminger <net[shemminger]!shemminger> |
Initial revision
/external/iproute2/ip/ipxfrm.c
|