Cross Reference: /external/iproute2/ip/ipxfrm.c

History log of /external/iproute2/ip/ipxfrm.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
0dc2e22978c9f754e171574e727d8dfa226d3781	25-Jul-2015	Zhang Shengju <zhangshengju@cmss.chinamobile.com>	xfrm: remove duplicated include Remove dupldated include for <linux/xfrm.h>, since it's already included by 'xfrm.h'. Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com> /external/iproute2/ip/ipxfrm.c
11a3e5c4b31530840d6ea4339ce4078d5922b5d6	13-Apr-2015	Pavel Šimerda <psimerda@redhat.com>	ip-xfrm: support 'proto any' with 'sport' and 'dport' When creating an IPsec SA that sets 'proto any' (IPPROTO_IP) and specifies 'sport' and 'dport' at the same time in selector, the following error is issued: "sport" and "dport" are invalid with proto=ip However using IPPROTO_IP with ports is completely legal and necessary when one wants to share the SA on both TCP and UDP. One of the applications requiring sharing SAs is 3GPP IMS AKA authentication. See also: * https://bugzilla.redhat.com/show_bug.cgi?id=497355 Reported-by: Jiří Klimeš <jklimes@redhat.com> Signed-off-by: Pavel Šimerda <psimerda@redhat.com> /external/iproute2/ip/ipxfrm.c
26dcdf3a91123c6bf748e06d1205d110d95f34db	15-Mar-2015	Eric W. Biederman <ebiederm@xmission.com>	add a source addres length parameter to rt_addr_n2a For some address families (like AF_PACKET) it is helpful to have the length when prenting the address. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> /external/iproute2/ip/ipxfrm.c
6f4cad912082998bc2a44316af5550eaf260605a	19-Mar-2015	philipp@redfish-solutions.com <philipp@redfish-solutions.com>	xfrm: Fix -o (oneline) being broken in xfrm and correct mark radix Don't insert newline in -o (oneline) mode; print mark as hex. Oneline mode is supposed to force all output to be on oneline and machine-parsable, but this isn't the case for "ip xfrm" as shown: % ip -o xfrm monitor ... src 0.0.0.0/0 dst 0.0.0.0/0 \ dir out priority 2051 ptype main \ mark -1879048191/0xffffffff tmpl src 203.0.130.10 dst 198.51.130.30\ proto esp reqid 16384 mode tunnel\ ... as that's 2 lines, not one. Also, the "mark" is shown in signed decimal, but the mask is in hex. This is confusing: let's use hex for both. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> /external/iproute2/ip/ipxfrm.c
0151b56d102961c1418aea3ee53428d4ca2669c9	20-Oct-2014	dingzhi <zhi.ding@6wind.com>	xfrm: add support of ESN and anti-replay window This patch allows to configure ESN and anti-replay window. Signed-off-by: dingzhi <zhi.ding@6wind.com> Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/ipxfrm.c
656111b2f9c5932350e697a1aaa70ba2d9b40bc7	04-Aug-2014	Stephen Hemminger <stephen@networkplumber.org>	cleanup warnings ll_index can return -1 but was declared unsigned. rt_addr_n2a had unused length parameter /external/iproute2/ip/ipxfrm.c
0612519e011812276ade512d4a7f8113497f64ed	17-Feb-2014	Stephen Hemminger <stephen@networkplumber.org>	Remove trailing whitespace /external/iproute2/ip/ipxfrm.c
4d98ab00de90bac916f526c83c68012d7159f712	07-Dec-2013	Stephen Hemminger <stephen@networkplumber.org>	Fix FSF address in file headers /external/iproute2/ip/ipxfrm.c
1ed509bb522225050edfa1ed7ddc7255e9a18bd5	29-Aug-2013	Thomas Egerer <thomas.egerer@secunet.com>	ip/xfrm: Fix potential SIGSEGV when printing extra flags The git-commit dc8867d0, that added support for displaying the extra-flags of a state, introduced a potential segfault. Trying to show a state without the extra-flag attribute and show_stats enabled, would cause the NULL pointer in tb[XFRMA_SA_EXTRA_FLAGS] to be dereferenced. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> /external/iproute2/ip/ipxfrm.c
dc8867d0ff6202559c05a8fb8f7c16829360af28	17-May-2013	Nicolas Dichtel <nicolas.dichtel@6wind.com>	ip/xfrm: all to set flag XFRM_SA_XFLAG_DONT_ENCAP_DSCP For the display part, we print extra-flags only if show_stats is set, like for standard flags. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> /external/iproute2/ip/ipxfrm.c
e8740e42ece716b1dcce89a573fba413846af468	25-Mar-2013	David Ward <david.ward@ll.mit.edu>	ip/xfrm: Improve error strings Quotation marks are now used only to indicate literal text on the command line. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/ipxfrm.c
8dbe67d2fe40fc4dc873610f8f20a5fa042cc4bc	25-Mar-2013	David Ward <david.ward@ll.mit.edu>	ip/xfrm: Do not print a zero-length algorithm key Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/ipxfrm.c
1d26e1fefd379deffd76469deea8f1bb8c0fc2dd	25-Mar-2013	David Ward <david.ward@ll.mit.edu>	ip/xfrm: Extend SPI validity checking A Security Policy Index (SPI) is not used with Mobile IPv6. IPComp uses a smaller 16-bit Compression Parameter Index (CPI) which is passed as the SPI value. Perform checks whenever specifying an ID. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/ipxfrm.c
d1f28cf181a6f77f230d90267eef0ecfbcb25f30	12-Feb-2013	Stephen Hemminger <stephen@networkplumber.org>	ip: make local functions static /external/iproute2/ip/ipxfrm.c
14645ec2310ee7cf6d2f3d5035ac37ec09674e2c	08-Feb-2013	Kees van Reeuwijk <reeuwijk@few.vu.nl>	iproute2: improved error messages This patch improves many error messages as follows: - For incorrect parameters, show the value of the offending parameter, rather than just say that it is incorrect - Rephrased messages for clarity - Rephrased to more `mainstream' english Signed-off-by: Kees van Reeuwijk <reeuwijk@few.vu.nl> /external/iproute2/ip/ipxfrm.c
048bff6e0206bca33ee70516521f3048e7714752	17-Jan-2013	Mike Frysinger <vapier@gentoo.org>	ipxfrm: use alloca to allocate stack space Clang doesn't support the gcc extension for embeddeding flexible arrays inside of structures. Use the slightly more portable alloca(). Signed-off-by: Mike Frysinger <vapier@gentoo.org> /external/iproute2/ip/ipxfrm.c
ff24746cca1ef0c92d46614158e6672acd6b63d3	10-Apr-2012	Stephen Hemminger <shemminger@vyatta.com>	Convert to use rta_getattr_ functions User new functions (inspired by libmnl) to do type safe access of routeing attributes /external/iproute2/ip/ipxfrm.c
cbec0219132afd1749e1b8852b8b3729988af841	11-Jun-2011	David Ward <david.ward@ll.mit.edu>	xfrm: Update documentation The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output are updated to include missing options, fix errors, and improve grammar. There are no functional changes made. The documentation for the ip command has many different meanings for the same formatting symbols (which really needs to be fixed). This patch makes consistent use of brackets [ ] to indicate optional parameters, pipes \| to mean "OR", braces { } to group things together, and dashes - instead of underscores _ inside of parameter names. The parameters are listed in the order in which they are parsed in the source code. There are several parameters and options that are still not mentioned or need to be described more thoroughly in the "COMMAND SYNTAX" section of the ip(8) man page. I would appreciate help from the developers with this. Signed-off-by: David Ward <david.ward@ll.mit.edu> /external/iproute2/ip/ipxfrm.c
c0635644cd0a4471c09f665f7098713f3157c170	07-Apr-2011	Ulrich Weber <uweber@astaro.com>	iproute2: parse flag XFRM_POLICY_ICMP parse flag XFRM_POLICY_ICMP Signed-off-by: Ulrich Weber <uweber@astaro.com> /external/iproute2/ip/ipxfrm.c
98f5519cd9db9d1ca58c49af27698101c8fff373	01-Feb-2011	Nicolas Dichtel <nicolas.dichtel@6wind.com>	iproute2: add support of flag XFRM_STATE_ALIGN4 Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/ipxfrm.c
f323f2a32c3b9c29fb91c812472b7fd663f9ae73	11-Jan-2011	Nicolas Dichtel <nicolas.dichtel@6wind.com>	iproute2: allow to specify truncation bits on auth algo Hi, here is a patch against iproute2 to allow user to set a state with a specific auth length. Example: $ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel $ ip xfrm state src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000 reqid 0 mode tunnel replay-window 0 auth-trunc hmac(sha256) 0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96 sel src 0.0.0.0/0 dst 0.0.0.0/0 Regards, Nicolas >From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel@6wind.com> Date: Thu, 23 Dec 2010 06:48:12 -0500 Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify truncation bits, so we add a new algo type: auth-trunc. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> /external/iproute2/ip/ipxfrm.c
b2bb289a57fe7be63ebe0d1fe6ff94555bf6c936	03-Feb-2011	Joy Latten <jml@austin.ibm.com>	xfrm security context support In the Linux kernel, ipsec policy and SAs can include a security context to support MAC networking. This feature is often referred to as "labeled ipsec". This patchset adds security context support into ip xfrm such that a security context can be included when add/delete/display SAs and policies with the ip command. The user provides the security context when adding SAs and policies. If a policy or SA contains a security context, the changes allow the security context to be displayed. For example, ip xfrm state src 10.1.1.6 dst 10.1.1.2 proto esp spi 0x00000301 reqid 0 mode transport replay-window 0 auth hmac(digest_null) 0x3078 enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031 security context root:system_r:unconfined_t:s0 Please let me know if all is ok with the patchset. Thanks!! regards, Joy Signed-off-by: Joy Latten <latten@austin.ibm.com> /external/iproute2/ip/ipxfrm.c
4a9608e6aefe40cf8545097ed23931f9bacba06d	23-Nov-2010	Timo Teräs <timo.teras@iki.fi>	iproute2: support xfrm upper protocol gre key Similar to tunnel side: accept dotted-quad and number formats. Use regular number for printing the key. Signed-off-by: Timo Teräs <timo.teras@iki.fi> /external/iproute2/ip/ipxfrm.c
66abc090724a14baa0b931ecab4ea22ce91c4fb0	13-Sep-2010	Ulrich Weber <uweber@astaro.com>	iproute2: display xfrm socket policy direction display socket policy direction Signed-off-by: Ulrich Weber <uweber@astaro.com> /external/iproute2/ip/ipxfrm.c
f6fd52e626d7897e9df03331dbeb149beacb53ba	23-Feb-2010	Jamal Hadi Salim <hadi@cyberus.ca>	xfrm: Introduce xfrm by mark This patch carries basic infrastructure. You need to make sure that the proper include/linux/xfrm.h is included for it to compile. Example: /external/iproute2/ip/ipxfrm.c
15bb82c6fb9ae401f48eb7f03179ee6669496bf0	11-Jan-2010	Alex Badea <abadea@ixiacom.com>	ip xfrm state: parse and print "icmp" and "af-unspec" flags Convert to/from XFRM_STATE_ICMP and XFRM_STATE_AF_UNSPEC state flags. Signed-off-by: Alex Badea <abadea@ixiacom.com> /external/iproute2/ip/ipxfrm.c
8a1c7fcb2756be05b55008edbd9e813f590cdf01	10-Nov-2009	Stephen Hemminger <stephen.hemminger@vyatta.com>	Consolidate fprintf statements Doing one item per call is like old MODULA2 code. /external/iproute2/ip/ipxfrm.c
b9ab720e33748cd022f095620e75ca7eba24a965	15-Apr-2009	Thomas Egerer <hakke_007@gmx.de>	Fix display of xfrm When using iproute2 to display information on policies installed in kernel (ip x p s) output is incorrect: IPv6 addresses printed as IPv4 addresses. In case I am dealing with inter protocol policies where the template's address family differs from those of the policy itself. The patch attached solves this problem. /external/iproute2/ip/ipxfrm.c
9a73e17deb231949f11e8ebf1303907c840b29cd	08-Jan-2009	Stephen Hemminger <stephen.hemminger@vyatta.com>	Fix compile warnings Gcc now warns about possible errors from passing a string buffer as format arguement to printf(). /external/iproute2/ip/ipxfrm.c
1758a81f49d1360c930393d2042221f567dc52b5	18-Sep-2008	Herbert Xu <herbert@gondor.apana.org.au>	ip: xfrm: Add AEAD support This patch allows the user to create/manage AEAD algorithms with the ip xfrm command. AEAD algorithms are also known as combined- mode algorithms. They provide the functionality of encryption algorithms as well as authentication algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> /external/iproute2/ip/ipxfrm.c
efe69c1b7220e6c89bc5ccbeceeadf7c9e09768b	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Fix flush message. Fix xfrm state or policy flush message. And minor updates are included: o Use static buffer to show unknown value as string. o Show policy type (ptype) only when kernel specified it. o Clean-up xfrm_monitor. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/ipxfrm.c
c1fa2253241f3cddac3519700549f98d7840b864	24-Aug-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	ip: xfrm: Fix policy and state flags. o Support policy flag with string format. Note that kernel defines only one name "localok" for the flag and it has not had any effect currently. o Support state flag value XFRM_STATE_NOPMTUDISC. o Fix to show detailed flags value when "-s" option is used. o Fix minor typo. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/ipxfrm.c
dcb283c300299d79a37fd386ea854b156fd503c5	20-Jun-2007	Thomas Graf <tgraf@suug.ch>	iproute2: Support IFF_LOWER_UP and IFF_DORMANT In order to support these new flags add current linux/if.h into the directory with the local copies. This caused troubles with outdated redefinitions from net/if.h so I've removed the dependency on it. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> /external/iproute2/ip/ipxfrm.c
ae665a522bd46bea44c5ea84c89c8b1731954170	05-Dec-2006	Stephen Hemminger <shemminger@osdl.org>	Remove trailing whitespace Go through source files and remove all trailing whitespace Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/ipxfrm.c
0bf0fbc47e33cc968c1c1d20d938de31e497c753	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: Mobility header support. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/ipxfrm.c
7ea4f5d33d27b23a3127b0b6ec46d0b4821d9431	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: Mobile IPv6 route optimization support. To support Mobile IPv6 RO, the following extension is included: o Use XFRM_MODE_XXX macro instead of magic number o New attribute option for all state: source address for deleting or getting message o New attribute options for RO: care-of address, last-used timestamp and wild-receive flag Note: Flush command like `ip xfrm state flush` is to remove all XFRM state. It has been effected for IPsec SAD but with this patch it flushes both IPsec SAD and Mobile IPv6 RO states. To make only IPsec SA flush, it is recommanded to specify each XFRM protocol like below: `ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp` Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/ipxfrm.c
972938e9e685156b97413d17ad8993de61fdd1b9	05-Dec-2006	Masahide NAKAMURA <nakam@linux-ipv6.org>	XFRM: sub policy support. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/ipxfrm.c
34e099e24fd3c9070b68c1286a201834c0f4ae03	19-Oct-2006	Stephen Hemminger <shemminger@osdl.org>	SA and SP in IPSec BEET mode. Patch which allows for setting SA and SP also for new IPSec mode BEET, beside tunnel and transport, according to the latest changes in the kernel you can find at the following link: Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com> Signed-off-by: Miika Komu <miika@iki.fi> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> /external/iproute2/ip/ipxfrm.c
27356a5e000effe0060940c767547dd95235795c	12-Jan-2006	shemminger <shemminger>	ndle DCCP in ipxfrm.c to allow using port numbers in the selector. /external/iproute2/ip/ipxfrm.c
15ac4cdc2f0b83dffa0102494d110c13d717673d	22-Mar-2005	linux-ipv6.org!nakam <linux-ipv6.org!nakam>	split printing state/policy info function for xfrm common use. add xfrm monitor. (Logical change 1.175) /external/iproute2/ip/ipxfrm.c
5cf576d928c515ce8dea2500154a291477ce38ba	10-Mar-2005	osdl.net!shemminger <osdl.net!shemminger>	Add Esp-in-udp encapsulation (Logical change 1.152) /external/iproute2/ip/ipxfrm.c
bcf32819617dec5807c296e39504b45b6e3812e0	18-Jan-2005	12!tgraf <12!tgraf>	Use tb[type] access to TLVs (Logical change 1.129) /external/iproute2/ip/ipxfrm.c
eaa34ee35d6b801cabb96aafce2ca410e3f5b31d	18-Jan-2005	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute2.117 (Logical change 1.119) /external/iproute2/ip/ipxfrm.c
b906243b62c832f24473de3ead7d7feef0e75e4b	18-Jan-2005	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute2.116 (Logical change 1.118) /external/iproute2/ip/ipxfrm.c
44d3eb258cc9fbad0112f8457e7e9306272feaf3	07-Oct-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute2-compile-fixes-1.diff (Logical change 1.93) /external/iproute2/ip/ipxfrm.c
c70b36d231afba1700d6bb4ca1181fd9bb76c77b	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: support ICMP/ICMPv6's type and code (Logical change 1.85) /external/iproute2/ip/ipxfrm.c
29aa4dd76c0c1877d50b2d643eb081d5477ceadf	28-Sep-2004	org[shemminger]!nakam <org[shemminger]!nakam>	[iproute2] XFRM: fixing protocol (Logical change 1.84) /external/iproute2/ip/ipxfrm.c
7809c61688c4a30799a07c727616887e5c885ab8	12-Aug-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch xrfm-msg.patch (Logical change 1.64) /external/iproute2/ip/ipxfrm.c
beab3a8352093d934670ed926c499adf272c9320	30-Jul-2004	osdl.net!shemminger <osdl.net!shemminger>	unused variable. (Logical change 1.59) /external/iproute2/ip/ipxfrm.c
ad273962a13acc9a6723e2a86398cb0216c95679	30-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch iproute-xfrm.3 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute-xfrm.2 2004/07/14 00:35:49-07:00 net[shemminger]!shemminger Import patch iproute2-xfrm.1 (Logical change 1.58) /external/iproute2/ip/ipxfrm.c
c7699875bee00fbcd057fc62c30d6560b044e007	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Import patch ipxfrm-20040707_2.diff (Logical change 1.53) /external/iproute2/ip/ipxfrm.c
7798b5237ef2b710c87f7f052d134d2180ffbd5c	07-Jul-2004	net[shemminger]!shemminger <net[shemminger]!shemminger>	Initial revision /external/iproute2/ip/ipxfrm.c