From a7f1974f6e319ff733d7c9c6d1d1ad7a289e9d58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Van=C4=9Bk?= Date: Fri, 31 Jul 2020 09:12:59 +0200 Subject: [PATCH] ip-xfrm: add support for oseq-may-wrap extra flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This flag allows to create SA where sequence number can cycle in outbound packets if set. Signed-off-by: Petr Vaněk Signed-off-by: David Ahern --- ip/ipxfrm.c | 3 +++ ip/xfrm_state.c | 4 +++- man/man8/ip-xfrm.8 | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index fec206ab..cac8ba25 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -953,6 +953,9 @@ void xfrm_state_info_print(struct xfrm_usersa_info *xsinfo, XFRM_FLAG_PRINT(fp, extra_flags, XFRM_SA_XFLAG_DONT_ENCAP_DSCP, "dont-encap-dscp"); + XFRM_FLAG_PRINT(fp, extra_flags, + XFRM_SA_XFLAG_OSEQ_MAY_WRAP, + "oseq-may-wrap"); if (extra_flags) fprintf(fp, "%x", extra_flags); } diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index f4bf3356..ddf784ca 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -104,7 +104,7 @@ static void usage(void) "FLAG-LIST := [ FLAG-LIST ] FLAG\n" "FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn\n" "EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG\n" - "EXTRA-FLAG := dont-encap-dscp\n" + "EXTRA-FLAG := dont-encap-dscp | oseq-may-wrap\n" "SELECTOR := [ src ADDR[/PLEN] ] [ dst ADDR[/PLEN] ] [ dev DEV ] [ UPSPEC ]\n" "UPSPEC := proto { { tcp | udp | sctp | dccp } [ sport PORT ] [ dport PORT ] |\n" " { icmp | ipv6-icmp | mobility-header } [ type NUMBER ] [ code NUMBER ] |\n" @@ -253,6 +253,8 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a while (1) { if (strcmp(*argv, "dont-encap-dscp") == 0) *extra_flags |= XFRM_SA_XFLAG_DONT_ENCAP_DSCP; + else if (strcmp(*argv, "oseq-may-wrap") == 0) + *extra_flags |= XFRM_SA_XFLAG_OSEQ_MAY_WRAP; else { PREV_ARG(); /* back track */ break; diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8 index aa28db49..4fa31651 100644 --- a/man/man8/ip-xfrm.8 +++ b/man/man8/ip-xfrm.8 @@ -217,7 +217,7 @@ ip-xfrm \- transform configuration .ti -8 .IR EXTRA-FLAG " := " -.B dont-encap-dscp +.BR dont-encap-dscp " | " oseq-may-wrap .ti -8 .BR "ip xfrm policy" " { " add " | " update " }"